cobaltstrike | 5021b2f5e9640e43a608887a1cfd28d61a36116b8a87417a44d8ed995b113822

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-12-2024 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c6ea4c0dab2b608f58c766e13a5e9d7f
SHA1

d5c15804627eeaaa559fb94bcc5a02373c282045
SHA256

5021b2f5e9640e43a608887a1cfd28d61a36116b8a87417a44d8ed995b113822
SHA512

b51b36c8f8eb9af4347941bfdffecc79b9f4c593c56b16c3c727c293f05e6b52faa80d10af36d593b0f86f385770c8747d89e8af8b1cb33035a17fe940df2813
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012277-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc5-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce7-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1d-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017491-43.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926a-110.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016644-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019379-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a9-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019279-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019227-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878c-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018781-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018742-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018731-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-67.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-59.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-51.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-47.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747d-39.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001743a-35.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d36-32.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d2e-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral1/memory/1724-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012277-3.dat	xmrig
behavioral1/files/0x0008000000016c73-8.dat	xmrig
behavioral1/files/0x0007000000016cc5-16.dat	xmrig
behavioral1/files/0x0007000000016ce7-20.dat	xmrig
behavioral1/files/0x0007000000016d1d-24.dat	xmrig
behavioral1/files/0x0006000000017491-43.dat	xmrig
behavioral1/files/0x000500000001868b-63.dat	xmrig
behavioral1/files/0x000500000001926a-110.dat	xmrig
behavioral1/files/0x0009000000016644-131.dat	xmrig
behavioral1/files/0x0005000000019379-127.dat	xmrig
behavioral1/files/0x00050000000192a9-123.dat	xmrig
behavioral1/files/0x0005000000019279-115.dat	xmrig
behavioral1/files/0x0005000000019261-114.dat	xmrig
behavioral1/files/0x0005000000019284-119.dat	xmrig
behavioral1/files/0x000500000001922c-99.dat	xmrig
behavioral1/files/0x000500000001925e-103.dat	xmrig
behavioral1/files/0x0005000000019227-95.dat	xmrig
behavioral1/files/0x0006000000018bf3-91.dat	xmrig
behavioral1/files/0x000500000001878c-87.dat	xmrig
behavioral1/files/0x0005000000018781-83.dat	xmrig
behavioral1/files/0x0005000000018742-79.dat	xmrig
behavioral1/files/0x0005000000018731-75.dat	xmrig
behavioral1/files/0x00050000000186f8-71.dat	xmrig
behavioral1/files/0x00050000000186f2-67.dat	xmrig
behavioral1/files/0x0011000000018682-59.dat	xmrig
behavioral1/files/0x001400000001866f-55.dat	xmrig
behavioral1/files/0x0006000000018669-51.dat	xmrig
behavioral1/files/0x00060000000175e7-47.dat	xmrig
behavioral1/files/0x000600000001747d-39.dat	xmrig
behavioral1/files/0x000700000001743a-35.dat	xmrig
behavioral1/files/0x0009000000016d36-32.dat	xmrig
behavioral1/files/0x0009000000016d2e-27.dat	xmrig
behavioral1/memory/2460-4481-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2904-4506-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1812-4546-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2884-4570-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2704-4596-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/588-4638-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2496-4641-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1724-4643-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/584-4644-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2176-4645-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2176-4646-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/1724-4647-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/588-4648-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2496-4649-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/584-4650-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2176	LOMJfwf.exe
1812	elFPHeN.exe
588	rOsKkHJ.exe
2460	WLnhAkW.exe
2496	PSQZCYp.exe
2804	KLACtMC.exe
584	pOXaorz.exe
1096	qbcpgws.exe
2820	kVdpGtJ.exe
2884	IsMGjZb.exe
2776	EuXBwhE.exe
2904	xTjNpcI.exe
2780	MvGcviw.exe
2704	vDDrKwA.exe
2656	fXNsgrI.exe
2672	YJiSErr.exe
2792	xzmghhm.exe
2636	GEVoBqI.exe
2788	zhEjJrM.exe
2324	VaPdkxu.exe
2344	OlurmoL.exe
2924	onFySVd.exe
2976	gwYnRPq.exe
2684	Bvnwggv.exe
2932	oQCxYDg.exe
1656	krnsyuf.exe
2988	ZwbINYg.exe
348	eDUGEif.exe
1768	neHyVNO.exe
1800	clJVZve.exe
2164	RtreCmt.exe
1792	fDYvmPa.exe
2092	iTcAFGM.exe
2268	xVZBrBj.exe
2100	tLJLddG.exe
1472	nfMTJMi.exe
1236	pagYPAk.exe
1012	IQBSoJx.exe
1068	iarAXPf.exe
464	BjsaqSL.exe
1084	PkoTAYi.exe
1616	wVkGDHK.exe
956	hCHkGTF.exe
1872	pXZtTCn.exe
2584	bijNcfe.exe
1544	McpuWIW.exe
1536	ZruCyLa.exe
2016	KVySRio.exe
1996	LHwJdZT.exe
908	lZGDEPj.exe
2004	AFLQqNO.exe
1356	lasnbjJ.exe
1776	fglpwdi.exe
1100	BnLTDvf.exe
2480	kGvYWPG.exe
1260	aGFicxv.exe
2316	YbxqHYw.exe
1040	mngXKCe.exe
576	lZtlUkb.exe
1780	MCStvik.exe
1664	UvYKHhk.exe
988	gkdBQOg.exe
2284	yQihKry.exe
1696	KHqWbMq.exe

Loads dropped DLL 64 IoCs

pid	Process
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 47 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1724-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x000c000000012277-3.dat	upx
behavioral1/files/0x0008000000016c73-8.dat	upx
behavioral1/files/0x0007000000016cc5-16.dat	upx
behavioral1/files/0x0007000000016ce7-20.dat	upx
behavioral1/files/0x0007000000016d1d-24.dat	upx
behavioral1/files/0x0006000000017491-43.dat	upx
behavioral1/files/0x000500000001868b-63.dat	upx
behavioral1/files/0x000500000001926a-110.dat	upx
behavioral1/files/0x0009000000016644-131.dat	upx
behavioral1/files/0x0005000000019379-127.dat	upx
behavioral1/files/0x00050000000192a9-123.dat	upx
behavioral1/files/0x0005000000019279-115.dat	upx
behavioral1/files/0x0005000000019261-114.dat	upx
behavioral1/files/0x0005000000019284-119.dat	upx
behavioral1/files/0x000500000001922c-99.dat	upx
behavioral1/files/0x000500000001925e-103.dat	upx
behavioral1/files/0x0005000000019227-95.dat	upx
behavioral1/files/0x0006000000018bf3-91.dat	upx
behavioral1/files/0x000500000001878c-87.dat	upx
behavioral1/files/0x0005000000018781-83.dat	upx
behavioral1/files/0x0005000000018742-79.dat	upx
behavioral1/files/0x0005000000018731-75.dat	upx
behavioral1/files/0x00050000000186f8-71.dat	upx
behavioral1/files/0x00050000000186f2-67.dat	upx
behavioral1/files/0x0011000000018682-59.dat	upx
behavioral1/files/0x001400000001866f-55.dat	upx
behavioral1/files/0x0006000000018669-51.dat	upx
behavioral1/files/0x00060000000175e7-47.dat	upx
behavioral1/files/0x000600000001747d-39.dat	upx
behavioral1/files/0x000700000001743a-35.dat	upx
behavioral1/files/0x0009000000016d36-32.dat	upx
behavioral1/files/0x0009000000016d2e-27.dat	upx
behavioral1/memory/2460-4481-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2904-4506-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/1812-4546-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2884-4570-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2704-4596-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/588-4638-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2496-4641-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/584-4644-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2176-4645-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2176-4646-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/1724-4647-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/588-4648-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2496-4649-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/584-4650-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wVkGDHK.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cfsaxsa.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmtHVHD.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDKsRjB.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmMnCzN.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgFYPFq.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vznhply.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPWWitg.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEVoBqI.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypEztnZ.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTLLPhQ.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQzyYqN.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRzQBwD.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fElnaDL.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ktngnsc.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjsMngN.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBSpFOC.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HasXtoe.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abbcCoN.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miobZLz.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSKPySE.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzdgLFH.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIFonmI.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlvWABv.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzyIZDN.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Luwzqqa.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqWKUVi.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKiHqSP.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLlamiI.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwgKVfa.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfqBpDW.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJqIOmA.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liLrekP.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbxqHYw.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJBcQYe.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFNBDVx.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJMJxnb.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPekOGP.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waJeOEa.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLJLddG.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWuUciX.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRAZJLR.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWIkyZi.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDipHjC.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLACtMC.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbmlAua.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuaJFqx.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhoTWAt.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxUXTUF.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPRkAso.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpzEuwq.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uentmpV.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhNPzey.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRjBgrC.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBtjHWc.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHwJdZT.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuIVlOS.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDfiNLS.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWjAshF.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AesSTJN.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgjUqov.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pagYPAk.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQBSoJx.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYdfJxB.exe	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2176	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1724 wrote to memory of 2176	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1724 wrote to memory of 2176	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1724 wrote to memory of 1812	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1724 wrote to memory of 1812	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1724 wrote to memory of 1812	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1724 wrote to memory of 588	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1724 wrote to memory of 588	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1724 wrote to memory of 588	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1724 wrote to memory of 2460	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1724 wrote to memory of 2460	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1724 wrote to memory of 2460	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1724 wrote to memory of 2496	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1724 wrote to memory of 2496	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1724 wrote to memory of 2496	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1724 wrote to memory of 2804	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1724 wrote to memory of 2804	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1724 wrote to memory of 2804	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1724 wrote to memory of 584	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1724 wrote to memory of 584	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1724 wrote to memory of 584	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1724 wrote to memory of 1096	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1724 wrote to memory of 1096	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1724 wrote to memory of 1096	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1724 wrote to memory of 2820	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1724 wrote to memory of 2820	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1724 wrote to memory of 2820	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1724 wrote to memory of 2884	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1724 wrote to memory of 2884	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1724 wrote to memory of 2884	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1724 wrote to memory of 2776	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1724 wrote to memory of 2776	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1724 wrote to memory of 2776	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1724 wrote to memory of 2904	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1724 wrote to memory of 2904	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1724 wrote to memory of 2904	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1724 wrote to memory of 2780	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1724 wrote to memory of 2780	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1724 wrote to memory of 2780	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1724 wrote to memory of 2704	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1724 wrote to memory of 2704	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1724 wrote to memory of 2704	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1724 wrote to memory of 2656	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1724 wrote to memory of 2656	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1724 wrote to memory of 2656	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1724 wrote to memory of 2672	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1724 wrote to memory of 2672	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1724 wrote to memory of 2672	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1724 wrote to memory of 2792	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1724 wrote to memory of 2792	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1724 wrote to memory of 2792	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1724 wrote to memory of 2636	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1724 wrote to memory of 2636	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1724 wrote to memory of 2636	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1724 wrote to memory of 2788	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1724 wrote to memory of 2788	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1724 wrote to memory of 2788	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1724 wrote to memory of 2324	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1724 wrote to memory of 2324	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1724 wrote to memory of 2324	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1724 wrote to memory of 2344	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1724 wrote to memory of 2344	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1724 wrote to memory of 2344	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1724 wrote to memory of 2924	1724	2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-14_c6ea4c0dab2b608f58c766e13a5e9d7f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\System\LOMJfwf.exe
  C:\Windows\System\LOMJfwf.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\elFPHeN.exe
  C:\Windows\System\elFPHeN.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\rOsKkHJ.exe
  C:\Windows\System\rOsKkHJ.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\WLnhAkW.exe
  C:\Windows\System\WLnhAkW.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\PSQZCYp.exe
  C:\Windows\System\PSQZCYp.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\KLACtMC.exe
  C:\Windows\System\KLACtMC.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\pOXaorz.exe
  C:\Windows\System\pOXaorz.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\qbcpgws.exe
  C:\Windows\System\qbcpgws.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\kVdpGtJ.exe
  C:\Windows\System\kVdpGtJ.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\IsMGjZb.exe
  C:\Windows\System\IsMGjZb.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\EuXBwhE.exe
  C:\Windows\System\EuXBwhE.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\xTjNpcI.exe
  C:\Windows\System\xTjNpcI.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\MvGcviw.exe
  C:\Windows\System\MvGcviw.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\vDDrKwA.exe
  C:\Windows\System\vDDrKwA.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\fXNsgrI.exe
  C:\Windows\System\fXNsgrI.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\YJiSErr.exe
  C:\Windows\System\YJiSErr.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\xzmghhm.exe
  C:\Windows\System\xzmghhm.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\GEVoBqI.exe
  C:\Windows\System\GEVoBqI.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\zhEjJrM.exe
  C:\Windows\System\zhEjJrM.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\VaPdkxu.exe
  C:\Windows\System\VaPdkxu.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\OlurmoL.exe
  C:\Windows\System\OlurmoL.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\onFySVd.exe
  C:\Windows\System\onFySVd.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\gwYnRPq.exe
  C:\Windows\System\gwYnRPq.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\Bvnwggv.exe
  C:\Windows\System\Bvnwggv.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\oQCxYDg.exe
  C:\Windows\System\oQCxYDg.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ZwbINYg.exe
  C:\Windows\System\ZwbINYg.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\krnsyuf.exe
  C:\Windows\System\krnsyuf.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\eDUGEif.exe
  C:\Windows\System\eDUGEif.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\neHyVNO.exe
  C:\Windows\System\neHyVNO.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\clJVZve.exe
  C:\Windows\System\clJVZve.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\RtreCmt.exe
  C:\Windows\System\RtreCmt.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\fDYvmPa.exe
  C:\Windows\System\fDYvmPa.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\iTcAFGM.exe
  C:\Windows\System\iTcAFGM.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\xVZBrBj.exe
  C:\Windows\System\xVZBrBj.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\tLJLddG.exe
  C:\Windows\System\tLJLddG.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\nfMTJMi.exe
  C:\Windows\System\nfMTJMi.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\pagYPAk.exe
  C:\Windows\System\pagYPAk.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\IQBSoJx.exe
  C:\Windows\System\IQBSoJx.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\iarAXPf.exe
  C:\Windows\System\iarAXPf.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\BjsaqSL.exe
  C:\Windows\System\BjsaqSL.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\PkoTAYi.exe
  C:\Windows\System\PkoTAYi.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\wVkGDHK.exe
  C:\Windows\System\wVkGDHK.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\hCHkGTF.exe
  C:\Windows\System\hCHkGTF.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\pXZtTCn.exe
  C:\Windows\System\pXZtTCn.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\bijNcfe.exe
  C:\Windows\System\bijNcfe.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\McpuWIW.exe
  C:\Windows\System\McpuWIW.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\ZruCyLa.exe
  C:\Windows\System\ZruCyLa.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\KVySRio.exe
  C:\Windows\System\KVySRio.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\LHwJdZT.exe
  C:\Windows\System\LHwJdZT.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\AFLQqNO.exe
  C:\Windows\System\AFLQqNO.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\lZGDEPj.exe
  C:\Windows\System\lZGDEPj.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\lasnbjJ.exe
  C:\Windows\System\lasnbjJ.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\fglpwdi.exe
  C:\Windows\System\fglpwdi.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\BnLTDvf.exe
  C:\Windows\System\BnLTDvf.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\kGvYWPG.exe
  C:\Windows\System\kGvYWPG.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\aGFicxv.exe
  C:\Windows\System\aGFicxv.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\YbxqHYw.exe
  C:\Windows\System\YbxqHYw.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\mngXKCe.exe
  C:\Windows\System\mngXKCe.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\lZtlUkb.exe
  C:\Windows\System\lZtlUkb.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\MCStvik.exe
  C:\Windows\System\MCStvik.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\UvYKHhk.exe
  C:\Windows\System\UvYKHhk.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\gkdBQOg.exe
  C:\Windows\System\gkdBQOg.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\yQihKry.exe
  C:\Windows\System\yQihKry.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\KHqWbMq.exe
  C:\Windows\System\KHqWbMq.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\cTyJEwA.exe
  C:\Windows\System\cTyJEwA.exe
  2⤵
  PID:1748
- C:\Windows\System\SeIUGde.exe
  C:\Windows\System\SeIUGde.exe
  2⤵
  PID:488
- C:\Windows\System\BQuxCcC.exe
  C:\Windows\System\BQuxCcC.exe
  2⤵
  PID:2376
- C:\Windows\System\SaXSjjt.exe
  C:\Windows\System\SaXSjjt.exe
  2⤵
  PID:2168
- C:\Windows\System\gYOTLkL.exe
  C:\Windows\System\gYOTLkL.exe
  2⤵
  PID:1436
- C:\Windows\System\FRaGBGi.exe
  C:\Windows\System\FRaGBGi.exe
  2⤵
  PID:1600
- C:\Windows\System\YcwMDui.exe
  C:\Windows\System\YcwMDui.exe
  2⤵
  PID:1688
- C:\Windows\System\vuRCGyj.exe
  C:\Windows\System\vuRCGyj.exe
  2⤵
  PID:1320
- C:\Windows\System\hHgXNMc.exe
  C:\Windows\System\hHgXNMc.exe
  2⤵
  PID:868
- C:\Windows\System\jfIttuw.exe
  C:\Windows\System\jfIttuw.exe
  2⤵
  PID:2504
- C:\Windows\System\xZCPrtk.exe
  C:\Windows\System\xZCPrtk.exe
  2⤵
  PID:2708
- C:\Windows\System\bKjWSoZ.exe
  C:\Windows\System\bKjWSoZ.exe
  2⤵
  PID:2832
- C:\Windows\System\XBEcVwJ.exe
  C:\Windows\System\XBEcVwJ.exe
  2⤵
  PID:2772
- C:\Windows\System\YxQrYwN.exe
  C:\Windows\System\YxQrYwN.exe
  2⤵
  PID:2736
- C:\Windows\System\oMBSnYH.exe
  C:\Windows\System\oMBSnYH.exe
  2⤵
  PID:2848
- C:\Windows\System\BDeEqrb.exe
  C:\Windows\System\BDeEqrb.exe
  2⤵
  PID:2872
- C:\Windows\System\SdSCIec.exe
  C:\Windows\System\SdSCIec.exe
  2⤵
  PID:2816
- C:\Windows\System\tVQfBTc.exe
  C:\Windows\System\tVQfBTc.exe
  2⤵
  PID:992
- C:\Windows\System\Cfsaxsa.exe
  C:\Windows\System\Cfsaxsa.exe
  2⤵
  PID:2972
- C:\Windows\System\GonnuTL.exe
  C:\Windows\System\GonnuTL.exe
  2⤵
  PID:844
- C:\Windows\System\JckpfAn.exe
  C:\Windows\System\JckpfAn.exe
  2⤵
  PID:2860
- C:\Windows\System\TJBcQYe.exe
  C:\Windows\System\TJBcQYe.exe
  2⤵
  PID:3024
- C:\Windows\System\MYIsKwe.exe
  C:\Windows\System\MYIsKwe.exe
  2⤵
  PID:2348
- C:\Windows\System\EssnbEx.exe
  C:\Windows\System\EssnbEx.exe
  2⤵
  PID:2300
- C:\Windows\System\uwYqbVx.exe
  C:\Windows\System\uwYqbVx.exe
  2⤵
  PID:2188
- C:\Windows\System\flhTVvM.exe
  C:\Windows\System\flhTVvM.exe
  2⤵
  PID:1092
- C:\Windows\System\BsrRnob.exe
  C:\Windows\System\BsrRnob.exe
  2⤵
  PID:2136
- C:\Windows\System\VvTukgh.exe
  C:\Windows\System\VvTukgh.exe
  2⤵
  PID:1964
- C:\Windows\System\MWaULEG.exe
  C:\Windows\System\MWaULEG.exe
  2⤵
  PID:2520
- C:\Windows\System\qxVRKtc.exe
  C:\Windows\System\qxVRKtc.exe
  2⤵
  PID:1608
- C:\Windows\System\lzJVTss.exe
  C:\Windows\System\lzJVTss.exe
  2⤵
  PID:2072
- C:\Windows\System\hKjeHAg.exe
  C:\Windows\System\hKjeHAg.exe
  2⤵
  PID:1844
- C:\Windows\System\KDleYKE.exe
  C:\Windows\System\KDleYKE.exe
  2⤵
  PID:1316
- C:\Windows\System\gePhGKE.exe
  C:\Windows\System\gePhGKE.exe
  2⤵
  PID:620
- C:\Windows\System\LWOsmov.exe
  C:\Windows\System\LWOsmov.exe
  2⤵
  PID:768
- C:\Windows\System\vSSLavj.exe
  C:\Windows\System\vSSLavj.exe
  2⤵
  PID:592
- C:\Windows\System\LqLuurw.exe
  C:\Windows\System\LqLuurw.exe
  2⤵
  PID:2356
- C:\Windows\System\MhNELqk.exe
  C:\Windows\System\MhNELqk.exe
  2⤵
  PID:2544
- C:\Windows\System\YJVRikH.exe
  C:\Windows\System\YJVRikH.exe
  2⤵
  PID:2556
- C:\Windows\System\MjvpImG.exe
  C:\Windows\System\MjvpImG.exe
  2⤵
  PID:2392
- C:\Windows\System\QTzRxhX.exe
  C:\Windows\System\QTzRxhX.exe
  2⤵
  PID:1652
- C:\Windows\System\AjyCfnU.exe
  C:\Windows\System\AjyCfnU.exe
  2⤵
  PID:1588
- C:\Windows\System\yALybrz.exe
  C:\Windows\System\yALybrz.exe
  2⤵
  PID:2220
- C:\Windows\System\rbNOpIx.exe
  C:\Windows\System\rbNOpIx.exe
  2⤵
  PID:532
- C:\Windows\System\gpcgxli.exe
  C:\Windows\System\gpcgxli.exe
  2⤵
  PID:1476
- C:\Windows\System\UvOqFyo.exe
  C:\Windows\System\UvOqFyo.exe
  2⤵
  PID:568
- C:\Windows\System\zLotgvA.exe
  C:\Windows\System\zLotgvA.exe
  2⤵
  PID:3052
- C:\Windows\System\zmXVoGJ.exe
  C:\Windows\System\zmXVoGJ.exe
  2⤵
  PID:2668
- C:\Windows\System\uAnRaCT.exe
  C:\Windows\System\uAnRaCT.exe
  2⤵
  PID:2328
- C:\Windows\System\pTeqyMm.exe
  C:\Windows\System\pTeqyMm.exe
  2⤵
  PID:2332
- C:\Windows\System\rvdsopR.exe
  C:\Windows\System\rvdsopR.exe
  2⤵
  PID:836
- C:\Windows\System\oAuaYpi.exe
  C:\Windows\System\oAuaYpi.exe
  2⤵
  PID:1272
- C:\Windows\System\Ktngnsc.exe
  C:\Windows\System\Ktngnsc.exe
  2⤵
  PID:2144
- C:\Windows\System\tdhHAKy.exe
  C:\Windows\System\tdhHAKy.exe
  2⤵
  PID:444
- C:\Windows\System\XbUtNyv.exe
  C:\Windows\System\XbUtNyv.exe
  2⤵
  PID:2020
- C:\Windows\System\UzBoXnx.exe
  C:\Windows\System\UzBoXnx.exe
  2⤵
  PID:2184
- C:\Windows\System\ygfabgq.exe
  C:\Windows\System\ygfabgq.exe
  2⤵
  PID:2032
- C:\Windows\System\VjgjrdY.exe
  C:\Windows\System\VjgjrdY.exe
  2⤵
  PID:2800
- C:\Windows\System\eBmjzGh.exe
  C:\Windows\System\eBmjzGh.exe
  2⤵
  PID:548
- C:\Windows\System\fwplfbn.exe
  C:\Windows\System\fwplfbn.exe
  2⤵
  PID:1336
- C:\Windows\System\oXmiNtT.exe
  C:\Windows\System\oXmiNtT.exe
  2⤵
  PID:1752
- C:\Windows\System\qleoNiX.exe
  C:\Windows\System\qleoNiX.exe
  2⤵
  PID:1640
- C:\Windows\System\PRGeeVV.exe
  C:\Windows\System\PRGeeVV.exe
  2⤵
  PID:2728
- C:\Windows\System\JwOTGEi.exe
  C:\Windows\System\JwOTGEi.exe
  2⤵
  PID:3084
- C:\Windows\System\BeYYysb.exe
  C:\Windows\System\BeYYysb.exe
  2⤵
  PID:3100
- C:\Windows\System\jPxjdvY.exe
  C:\Windows\System\jPxjdvY.exe
  2⤵
  PID:3116
- C:\Windows\System\BjRcfIz.exe
  C:\Windows\System\BjRcfIz.exe
  2⤵
  PID:3132
- C:\Windows\System\YlnQOrK.exe
  C:\Windows\System\YlnQOrK.exe
  2⤵
  PID:3148
- C:\Windows\System\nbmlAua.exe
  C:\Windows\System\nbmlAua.exe
  2⤵
  PID:3164
- C:\Windows\System\TNQOqrc.exe
  C:\Windows\System\TNQOqrc.exe
  2⤵
  PID:3180
- C:\Windows\System\aBKeaWD.exe
  C:\Windows\System\aBKeaWD.exe
  2⤵
  PID:3196
- C:\Windows\System\offYsQO.exe
  C:\Windows\System\offYsQO.exe
  2⤵
  PID:3212
- C:\Windows\System\asIouAO.exe
  C:\Windows\System\asIouAO.exe
  2⤵
  PID:3228
- C:\Windows\System\TsvCdOY.exe
  C:\Windows\System\TsvCdOY.exe
  2⤵
  PID:3244
- C:\Windows\System\IpTSCws.exe
  C:\Windows\System\IpTSCws.exe
  2⤵
  PID:3260
- C:\Windows\System\QTPqMAX.exe
  C:\Windows\System\QTPqMAX.exe
  2⤵
  PID:3276
- C:\Windows\System\rUshGQJ.exe
  C:\Windows\System\rUshGQJ.exe
  2⤵
  PID:3292
- C:\Windows\System\oqOjfkc.exe
  C:\Windows\System\oqOjfkc.exe
  2⤵
  PID:3308
- C:\Windows\System\jIWQAZf.exe
  C:\Windows\System\jIWQAZf.exe
  2⤵
  PID:3324
- C:\Windows\System\HmQYXOT.exe
  C:\Windows\System\HmQYXOT.exe
  2⤵
  PID:3340
- C:\Windows\System\LZeLkkQ.exe
  C:\Windows\System\LZeLkkQ.exe
  2⤵
  PID:3356
- C:\Windows\System\QHBloPI.exe
  C:\Windows\System\QHBloPI.exe
  2⤵
  PID:3372
- C:\Windows\System\SZuGhkc.exe
  C:\Windows\System\SZuGhkc.exe
  2⤵
  PID:3388
- C:\Windows\System\OqTciNa.exe
  C:\Windows\System\OqTciNa.exe
  2⤵
  PID:3404
- C:\Windows\System\BnLeTno.exe
  C:\Windows\System\BnLeTno.exe
  2⤵
  PID:3420
- C:\Windows\System\gShVzTU.exe
  C:\Windows\System\gShVzTU.exe
  2⤵
  PID:3436
- C:\Windows\System\CfpcNSF.exe
  C:\Windows\System\CfpcNSF.exe
  2⤵
  PID:3452
- C:\Windows\System\QObLiHz.exe
  C:\Windows\System\QObLiHz.exe
  2⤵
  PID:3468
- C:\Windows\System\AamOrew.exe
  C:\Windows\System\AamOrew.exe
  2⤵
  PID:3484
- C:\Windows\System\TcBrLeJ.exe
  C:\Windows\System\TcBrLeJ.exe
  2⤵
  PID:3500
- C:\Windows\System\GWuUciX.exe
  C:\Windows\System\GWuUciX.exe
  2⤵
  PID:3516
- C:\Windows\System\MuaJFqx.exe
  C:\Windows\System\MuaJFqx.exe
  2⤵
  PID:3532
- C:\Windows\System\ziDAdpp.exe
  C:\Windows\System\ziDAdpp.exe
  2⤵
  PID:3548
- C:\Windows\System\LzyIZDN.exe
  C:\Windows\System\LzyIZDN.exe
  2⤵
  PID:3564
- C:\Windows\System\QIkYGuZ.exe
  C:\Windows\System\QIkYGuZ.exe
  2⤵
  PID:3580
- C:\Windows\System\tBcDgDJ.exe
  C:\Windows\System\tBcDgDJ.exe
  2⤵
  PID:3596
- C:\Windows\System\YVVLRPW.exe
  C:\Windows\System\YVVLRPW.exe
  2⤵
  PID:3612
- C:\Windows\System\YzvnQNp.exe
  C:\Windows\System\YzvnQNp.exe
  2⤵
  PID:3628
- C:\Windows\System\lREuvFp.exe
  C:\Windows\System\lREuvFp.exe
  2⤵
  PID:3644
- C:\Windows\System\TgQaQnf.exe
  C:\Windows\System\TgQaQnf.exe
  2⤵
  PID:3660
- C:\Windows\System\rbAxUcR.exe
  C:\Windows\System\rbAxUcR.exe
  2⤵
  PID:3676
- C:\Windows\System\gFNBDVx.exe
  C:\Windows\System\gFNBDVx.exe
  2⤵
  PID:3692
- C:\Windows\System\OInHPTl.exe
  C:\Windows\System\OInHPTl.exe
  2⤵
  PID:3708
- C:\Windows\System\wwlCdVl.exe
  C:\Windows\System\wwlCdVl.exe
  2⤵
  PID:3724
- C:\Windows\System\IdSiSjN.exe
  C:\Windows\System\IdSiSjN.exe
  2⤵
  PID:3740
- C:\Windows\System\lGCQpqj.exe
  C:\Windows\System\lGCQpqj.exe
  2⤵
  PID:3756
- C:\Windows\System\humafJV.exe
  C:\Windows\System\humafJV.exe
  2⤵
  PID:3772
- C:\Windows\System\gdBrPbY.exe
  C:\Windows\System\gdBrPbY.exe
  2⤵
  PID:3788
- C:\Windows\System\esoYmzy.exe
  C:\Windows\System\esoYmzy.exe
  2⤵
  PID:3804
- C:\Windows\System\sVEaoQs.exe
  C:\Windows\System\sVEaoQs.exe
  2⤵
  PID:3820
- C:\Windows\System\onmJXdo.exe
  C:\Windows\System\onmJXdo.exe
  2⤵
  PID:3836
- C:\Windows\System\KEGtLzj.exe
  C:\Windows\System\KEGtLzj.exe
  2⤵
  PID:3852
- C:\Windows\System\tHZcBUu.exe
  C:\Windows\System\tHZcBUu.exe
  2⤵
  PID:3868
- C:\Windows\System\LJaTgZD.exe
  C:\Windows\System\LJaTgZD.exe
  2⤵
  PID:3884
- C:\Windows\System\RJCLvRD.exe
  C:\Windows\System\RJCLvRD.exe
  2⤵
  PID:3900
- C:\Windows\System\yhURLYw.exe
  C:\Windows\System\yhURLYw.exe
  2⤵
  PID:3916
- C:\Windows\System\SifJwij.exe
  C:\Windows\System\SifJwij.exe
  2⤵
  PID:3932
- C:\Windows\System\YGjOOBc.exe
  C:\Windows\System\YGjOOBc.exe
  2⤵
  PID:3948
- C:\Windows\System\FvIpsHz.exe
  C:\Windows\System\FvIpsHz.exe
  2⤵
  PID:3964
- C:\Windows\System\qxjXkMP.exe
  C:\Windows\System\qxjXkMP.exe
  2⤵
  PID:3980
- C:\Windows\System\zfFCUAG.exe
  C:\Windows\System\zfFCUAG.exe
  2⤵
  PID:3996
- C:\Windows\System\lcFsqOT.exe
  C:\Windows\System\lcFsqOT.exe
  2⤵
  PID:4012
- C:\Windows\System\wxKnJXT.exe
  C:\Windows\System\wxKnJXT.exe
  2⤵
  PID:4028
- C:\Windows\System\QoFUhvc.exe
  C:\Windows\System\QoFUhvc.exe
  2⤵
  PID:4044
- C:\Windows\System\pPSZbEv.exe
  C:\Windows\System\pPSZbEv.exe
  2⤵
  PID:4060
- C:\Windows\System\KsLXszx.exe
  C:\Windows\System\KsLXszx.exe
  2⤵
  PID:4076
- C:\Windows\System\cdTTPMN.exe
  C:\Windows\System\cdTTPMN.exe
  2⤵
  PID:4092
- C:\Windows\System\xtpgESi.exe
  C:\Windows\System\xtpgESi.exe
  2⤵
  PID:2632
- C:\Windows\System\SQnzlBZ.exe
  C:\Windows\System\SQnzlBZ.exe
  2⤵
  PID:1148
- C:\Windows\System\CggQPEp.exe
  C:\Windows\System\CggQPEp.exe
  2⤵
  PID:1268
- C:\Windows\System\izPibDs.exe
  C:\Windows\System\izPibDs.exe
  2⤵
  PID:1716
- C:\Windows\System\xaXJuPV.exe
  C:\Windows\System\xaXJuPV.exe
  2⤵
  PID:1788
- C:\Windows\System\rfAODed.exe
  C:\Windows\System\rfAODed.exe
  2⤵
  PID:1740
- C:\Windows\System\PoWhYWN.exe
  C:\Windows\System\PoWhYWN.exe
  2⤵
  PID:2696
- C:\Windows\System\Hdknfai.exe
  C:\Windows\System\Hdknfai.exe
  2⤵
  PID:2500
- C:\Windows\System\rckzUUN.exe
  C:\Windows\System\rckzUUN.exe
  2⤵
  PID:3092
- C:\Windows\System\WvTpkYN.exe
  C:\Windows\System\WvTpkYN.exe
  2⤵
  PID:3124
- C:\Windows\System\ldEhpEB.exe
  C:\Windows\System\ldEhpEB.exe
  2⤵
  PID:3156
- C:\Windows\System\faCTgCg.exe
  C:\Windows\System\faCTgCg.exe
  2⤵
  PID:3188
- C:\Windows\System\RDMzGJo.exe
  C:\Windows\System\RDMzGJo.exe
  2⤵
  PID:3220
- C:\Windows\System\kTPUiKK.exe
  C:\Windows\System\kTPUiKK.exe
  2⤵
  PID:3252
- C:\Windows\System\QlArcZJ.exe
  C:\Windows\System\QlArcZJ.exe
  2⤵
  PID:3284
- C:\Windows\System\GfiZVvq.exe
  C:\Windows\System\GfiZVvq.exe
  2⤵
  PID:3316
- C:\Windows\System\rCYBjDD.exe
  C:\Windows\System\rCYBjDD.exe
  2⤵
  PID:3348
- C:\Windows\System\nPzUWqm.exe
  C:\Windows\System\nPzUWqm.exe
  2⤵
  PID:3380
- C:\Windows\System\haBMrtV.exe
  C:\Windows\System\haBMrtV.exe
  2⤵
  PID:3412
- C:\Windows\System\knrcAqH.exe
  C:\Windows\System\knrcAqH.exe
  2⤵
  PID:3448
- C:\Windows\System\qBsRjlw.exe
  C:\Windows\System\qBsRjlw.exe
  2⤵
  PID:3492
- C:\Windows\System\uuxPawJ.exe
  C:\Windows\System\uuxPawJ.exe
  2⤵
  PID:3524
- C:\Windows\System\papiUWZ.exe
  C:\Windows\System\papiUWZ.exe
  2⤵
  PID:3556
- C:\Windows\System\kcGIJFh.exe
  C:\Windows\System\kcGIJFh.exe
  2⤵
  PID:3588
- C:\Windows\System\NwkpXJR.exe
  C:\Windows\System\NwkpXJR.exe
  2⤵
  PID:3620
- C:\Windows\System\wzgaZBF.exe
  C:\Windows\System\wzgaZBF.exe
  2⤵
  PID:3652
- C:\Windows\System\kXcRNLl.exe
  C:\Windows\System\kXcRNLl.exe
  2⤵
  PID:3672
- C:\Windows\System\xJeEvuv.exe
  C:\Windows\System\xJeEvuv.exe
  2⤵
  PID:3704
- C:\Windows\System\FzmUvVj.exe
  C:\Windows\System\FzmUvVj.exe
  2⤵
  PID:3748
- C:\Windows\System\WuqZmuN.exe
  C:\Windows\System\WuqZmuN.exe
  2⤵
  PID:3768
- C:\Windows\System\nkTfYiH.exe
  C:\Windows\System\nkTfYiH.exe
  2⤵
  PID:3800
- C:\Windows\System\HryHGBF.exe
  C:\Windows\System\HryHGBF.exe
  2⤵
  PID:3832
- C:\Windows\System\BFgSsRv.exe
  C:\Windows\System\BFgSsRv.exe
  2⤵
  PID:3876
- C:\Windows\System\yvGAHIP.exe
  C:\Windows\System\yvGAHIP.exe
  2⤵
  PID:3908
- C:\Windows\System\dFhmxXH.exe
  C:\Windows\System\dFhmxXH.exe
  2⤵
  PID:3940
- C:\Windows\System\ddJTulq.exe
  C:\Windows\System\ddJTulq.exe
  2⤵
  PID:3972
- C:\Windows\System\uQaVjjG.exe
  C:\Windows\System\uQaVjjG.exe
  2⤵
  PID:4004
- C:\Windows\System\TRHbhMW.exe
  C:\Windows\System\TRHbhMW.exe
  2⤵
  PID:4036
- C:\Windows\System\iDhKUfo.exe
  C:\Windows\System\iDhKUfo.exe
  2⤵
  PID:4056
- C:\Windows\System\WpccAFN.exe
  C:\Windows\System\WpccAFN.exe
  2⤵
  PID:2876
- C:\Windows\System\ShpopeY.exe
  C:\Windows\System\ShpopeY.exe
  2⤵
  PID:2864
- C:\Windows\System\PNhCJGS.exe
  C:\Windows\System\PNhCJGS.exe
  2⤵
  PID:1764
- C:\Windows\System\DhoTWAt.exe
  C:\Windows\System\DhoTWAt.exe
  2⤵
  PID:1784
- C:\Windows\System\NRKEDSX.exe
  C:\Windows\System\NRKEDSX.exe
  2⤵
  PID:1816
- C:\Windows\System\IeuPSya.exe
  C:\Windows\System\IeuPSya.exe
  2⤵
  PID:3140
- C:\Windows\System\GLmlNjL.exe
  C:\Windows\System\GLmlNjL.exe
  2⤵
  PID:3176
- C:\Windows\System\TZOShPe.exe
  C:\Windows\System\TZOShPe.exe
  2⤵
  PID:3268
- C:\Windows\System\sdhjrTO.exe
  C:\Windows\System\sdhjrTO.exe
  2⤵
  PID:3304
- C:\Windows\System\WunzsoR.exe
  C:\Windows\System\WunzsoR.exe
  2⤵
  PID:3396
- C:\Windows\System\mRAHxSI.exe
  C:\Windows\System\mRAHxSI.exe
  2⤵
  PID:3444
- C:\Windows\System\LghZuEb.exe
  C:\Windows\System\LghZuEb.exe
  2⤵
  PID:3528
- C:\Windows\System\hYREqtu.exe
  C:\Windows\System\hYREqtu.exe
  2⤵
  PID:3592
- C:\Windows\System\HcSceEd.exe
  C:\Windows\System\HcSceEd.exe
  2⤵
  PID:3636
- C:\Windows\System\IsKoJfm.exe
  C:\Windows\System\IsKoJfm.exe
  2⤵
  PID:3700
- C:\Windows\System\GVSVlVo.exe
  C:\Windows\System\GVSVlVo.exe
  2⤵
  PID:3784
- C:\Windows\System\vmlZdEE.exe
  C:\Windows\System\vmlZdEE.exe
  2⤵
  PID:3828
- C:\Windows\System\KzYUxLx.exe
  C:\Windows\System\KzYUxLx.exe
  2⤵
  PID:3892
- C:\Windows\System\vtPNmNc.exe
  C:\Windows\System\vtPNmNc.exe
  2⤵
  PID:3956
- C:\Windows\System\ftBTarV.exe
  C:\Windows\System\ftBTarV.exe
  2⤵
  PID:4020
- C:\Windows\System\MWsYant.exe
  C:\Windows\System\MWsYant.exe
  2⤵
  PID:4084
- C:\Windows\System\xnUHkxr.exe
  C:\Windows\System\xnUHkxr.exe
  2⤵
  PID:544
- C:\Windows\System\PfUVrKL.exe
  C:\Windows\System\PfUVrKL.exe
  2⤵
  PID:2600
- C:\Windows\System\iSAiZMR.exe
  C:\Windows\System\iSAiZMR.exe
  2⤵
  PID:4104
- C:\Windows\System\goDUSbM.exe
  C:\Windows\System\goDUSbM.exe
  2⤵
  PID:4120
- C:\Windows\System\CYeUyvO.exe
  C:\Windows\System\CYeUyvO.exe
  2⤵
  PID:4136
- C:\Windows\System\tVdGabd.exe
  C:\Windows\System\tVdGabd.exe
  2⤵
  PID:4152
- C:\Windows\System\OKhCbLe.exe
  C:\Windows\System\OKhCbLe.exe
  2⤵
  PID:4168
- C:\Windows\System\APPxagq.exe
  C:\Windows\System\APPxagq.exe
  2⤵
  PID:4184
- C:\Windows\System\yKLtgge.exe
  C:\Windows\System\yKLtgge.exe
  2⤵
  PID:4200
- C:\Windows\System\DPMUZtA.exe
  C:\Windows\System\DPMUZtA.exe
  2⤵
  PID:4216
- C:\Windows\System\rmFbsFT.exe
  C:\Windows\System\rmFbsFT.exe
  2⤵
  PID:4232
- C:\Windows\System\LLpshHX.exe
  C:\Windows\System\LLpshHX.exe
  2⤵
  PID:4248
- C:\Windows\System\jhvNADE.exe
  C:\Windows\System\jhvNADE.exe
  2⤵
  PID:4264
- C:\Windows\System\VRWBcdv.exe
  C:\Windows\System\VRWBcdv.exe
  2⤵
  PID:4280
- C:\Windows\System\AGflYBd.exe
  C:\Windows\System\AGflYBd.exe
  2⤵
  PID:4296
- C:\Windows\System\QfIesqM.exe
  C:\Windows\System\QfIesqM.exe
  2⤵
  PID:4312
- C:\Windows\System\ddoTmTu.exe
  C:\Windows\System\ddoTmTu.exe
  2⤵
  PID:4328
- C:\Windows\System\qncwBsW.exe
  C:\Windows\System\qncwBsW.exe
  2⤵
  PID:4344
- C:\Windows\System\qjOXpOQ.exe
  C:\Windows\System\qjOXpOQ.exe
  2⤵
  PID:4360
- C:\Windows\System\HQLhItE.exe
  C:\Windows\System\HQLhItE.exe
  2⤵
  PID:4376
- C:\Windows\System\PCyPOLX.exe
  C:\Windows\System\PCyPOLX.exe
  2⤵
  PID:4392
- C:\Windows\System\itzRslW.exe
  C:\Windows\System\itzRslW.exe
  2⤵
  PID:4416
- C:\Windows\System\bdSVgOx.exe
  C:\Windows\System\bdSVgOx.exe
  2⤵
  PID:4432
- C:\Windows\System\mvlLCax.exe
  C:\Windows\System\mvlLCax.exe
  2⤵
  PID:4448
- C:\Windows\System\YkguQdc.exe
  C:\Windows\System\YkguQdc.exe
  2⤵
  PID:4464
- C:\Windows\System\YHgHEIe.exe
  C:\Windows\System\YHgHEIe.exe
  2⤵
  PID:4480
- C:\Windows\System\IFVeivY.exe
  C:\Windows\System\IFVeivY.exe
  2⤵
  PID:4500
- C:\Windows\System\lQHASMo.exe
  C:\Windows\System\lQHASMo.exe
  2⤵
  PID:4516
- C:\Windows\System\sbTdrhz.exe
  C:\Windows\System\sbTdrhz.exe
  2⤵
  PID:4532
- C:\Windows\System\wKKZDcx.exe
  C:\Windows\System\wKKZDcx.exe
  2⤵
  PID:4548
- C:\Windows\System\SuIVlOS.exe
  C:\Windows\System\SuIVlOS.exe
  2⤵
  PID:4564
- C:\Windows\System\xsxeKtD.exe
  C:\Windows\System\xsxeKtD.exe
  2⤵
  PID:4580
- C:\Windows\System\dLVnmdD.exe
  C:\Windows\System\dLVnmdD.exe
  2⤵
  PID:4600
- C:\Windows\System\yHfsWBE.exe
  C:\Windows\System\yHfsWBE.exe
  2⤵
  PID:4620
- C:\Windows\System\nXslZGo.exe
  C:\Windows\System\nXslZGo.exe
  2⤵
  PID:4640
- C:\Windows\System\QNRSjlT.exe
  C:\Windows\System\QNRSjlT.exe
  2⤵
  PID:4656
- C:\Windows\System\jSGunhR.exe
  C:\Windows\System\jSGunhR.exe
  2⤵
  PID:4672
- C:\Windows\System\HPClSmW.exe
  C:\Windows\System\HPClSmW.exe
  2⤵
  PID:4688
- C:\Windows\System\UrpDNks.exe
  C:\Windows\System\UrpDNks.exe
  2⤵
  PID:4712
- C:\Windows\System\dJMJxnb.exe
  C:\Windows\System\dJMJxnb.exe
  2⤵
  PID:4728
- C:\Windows\System\Ujpvjoa.exe
  C:\Windows\System\Ujpvjoa.exe
  2⤵
  PID:4744
- C:\Windows\System\coYxhzv.exe
  C:\Windows\System\coYxhzv.exe
  2⤵
  PID:4760
- C:\Windows\System\jNFuSvF.exe
  C:\Windows\System\jNFuSvF.exe
  2⤵
  PID:4776
- C:\Windows\System\GUKtaNT.exe
  C:\Windows\System\GUKtaNT.exe
  2⤵
  PID:4792
- C:\Windows\System\QraIses.exe
  C:\Windows\System\QraIses.exe
  2⤵
  PID:4808
- C:\Windows\System\WYdfJxB.exe
  C:\Windows\System\WYdfJxB.exe
  2⤵
  PID:4824
- C:\Windows\System\KcQhSYI.exe
  C:\Windows\System\KcQhSYI.exe
  2⤵
  PID:4840
- C:\Windows\System\SEwMpNy.exe
  C:\Windows\System\SEwMpNy.exe
  2⤵
  PID:4860
- C:\Windows\System\zijefGq.exe
  C:\Windows\System\zijefGq.exe
  2⤵
  PID:4876
- C:\Windows\System\rntpsZQ.exe
  C:\Windows\System\rntpsZQ.exe
  2⤵
  PID:4892
- C:\Windows\System\tVsVHrn.exe
  C:\Windows\System\tVsVHrn.exe
  2⤵
  PID:4908
- C:\Windows\System\klUCESq.exe
  C:\Windows\System\klUCESq.exe
  2⤵
  PID:4924
- C:\Windows\System\DsyKdXX.exe
  C:\Windows\System\DsyKdXX.exe
  2⤵
  PID:4940
- C:\Windows\System\jiKROBH.exe
  C:\Windows\System\jiKROBH.exe
  2⤵
  PID:4956
- C:\Windows\System\voJovPw.exe
  C:\Windows\System\voJovPw.exe
  2⤵
  PID:4972
- C:\Windows\System\KEymznU.exe
  C:\Windows\System\KEymznU.exe
  2⤵
  PID:4988
- C:\Windows\System\WtdSiYI.exe
  C:\Windows\System\WtdSiYI.exe
  2⤵
  PID:5004
- C:\Windows\System\uSrsxGN.exe
  C:\Windows\System\uSrsxGN.exe
  2⤵
  PID:5020
- C:\Windows\System\Luwzqqa.exe
  C:\Windows\System\Luwzqqa.exe
  2⤵
  PID:5036
- C:\Windows\System\LbeBetk.exe
  C:\Windows\System\LbeBetk.exe
  2⤵
  PID:5052
- C:\Windows\System\jqmvtFn.exe
  C:\Windows\System\jqmvtFn.exe
  2⤵
  PID:5068
- C:\Windows\System\PGOtFWI.exe
  C:\Windows\System\PGOtFWI.exe
  2⤵
  PID:5084
- C:\Windows\System\BLWvkKc.exe
  C:\Windows\System\BLWvkKc.exe
  2⤵
  PID:5100
- C:\Windows\System\gjMHuVI.exe
  C:\Windows\System\gjMHuVI.exe
  2⤵
  PID:5116
- C:\Windows\System\lIYBHHI.exe
  C:\Windows\System\lIYBHHI.exe
  2⤵
  PID:3172
- C:\Windows\System\KNgrKim.exe
  C:\Windows\System\KNgrKim.exe
  2⤵
  PID:3300
- C:\Windows\System\xzVMiiu.exe
  C:\Windows\System\xzVMiiu.exe
  2⤵
  PID:3428
- C:\Windows\System\LhsUZXB.exe
  C:\Windows\System\LhsUZXB.exe
  2⤵
  PID:3560
- C:\Windows\System\QTlFDrG.exe
  C:\Windows\System\QTlFDrG.exe
  2⤵
  PID:3732
- C:\Windows\System\zsIcvVC.exe
  C:\Windows\System\zsIcvVC.exe
  2⤵
  PID:3860
- C:\Windows\System\fJgmvRc.exe
  C:\Windows\System\fJgmvRc.exe
  2⤵
  PID:3988
- C:\Windows\System\MEBeYvf.exe
  C:\Windows\System\MEBeYvf.exe
  2⤵
  PID:2692
- C:\Windows\System\KwjuLlV.exe
  C:\Windows\System\KwjuLlV.exe
  2⤵
  PID:3080
- C:\Windows\System\RoHLPLP.exe
  C:\Windows\System\RoHLPLP.exe
  2⤵
  PID:4128
- C:\Windows\System\KPviolb.exe
  C:\Windows\System\KPviolb.exe
  2⤵
  PID:4160
- C:\Windows\System\uMvpsVa.exe
  C:\Windows\System\uMvpsVa.exe
  2⤵
  PID:4180
- C:\Windows\System\kfcgPUM.exe
  C:\Windows\System\kfcgPUM.exe
  2⤵
  PID:4224
- C:\Windows\System\PdWGwSr.exe
  C:\Windows\System\PdWGwSr.exe
  2⤵
  PID:4244
- C:\Windows\System\fMJziNW.exe
  C:\Windows\System\fMJziNW.exe
  2⤵
  PID:4276
- C:\Windows\System\pQvGgJk.exe
  C:\Windows\System\pQvGgJk.exe
  2⤵
  PID:4320
- C:\Windows\System\UyJeXFL.exe
  C:\Windows\System\UyJeXFL.exe
  2⤵
  PID:4340
- C:\Windows\System\hUOmjUX.exe
  C:\Windows\System\hUOmjUX.exe
  2⤵
  PID:4384
- C:\Windows\System\UzwanAS.exe
  C:\Windows\System\UzwanAS.exe
  2⤵
  PID:4424
- C:\Windows\System\gkfVMEv.exe
  C:\Windows\System\gkfVMEv.exe
  2⤵
  PID:4456
- C:\Windows\System\wMPgpNn.exe
  C:\Windows\System\wMPgpNn.exe
  2⤵
  PID:4488
- C:\Windows\System\ARARAAF.exe
  C:\Windows\System\ARARAAF.exe
  2⤵
  PID:4524
- C:\Windows\System\DFODJSq.exe
  C:\Windows\System\DFODJSq.exe
  2⤵
  PID:4556
- C:\Windows\System\BvFtrik.exe
  C:\Windows\System\BvFtrik.exe
  2⤵
  PID:4588
- C:\Windows\System\SZwazpi.exe
  C:\Windows\System\SZwazpi.exe
  2⤵
  PID:4628
- C:\Windows\System\bPekOGP.exe
  C:\Windows\System\bPekOGP.exe
  2⤵
  PID:4664
- C:\Windows\System\fSOjdDt.exe
  C:\Windows\System\fSOjdDt.exe
  2⤵
  PID:4696
- C:\Windows\System\hqwoEIU.exe
  C:\Windows\System\hqwoEIU.exe
  2⤵
  PID:4736
- C:\Windows\System\fWsmzAi.exe
  C:\Windows\System\fWsmzAi.exe
  2⤵
  PID:4768
- C:\Windows\System\bkFQLYa.exe
  C:\Windows\System\bkFQLYa.exe
  2⤵
  PID:4800
- C:\Windows\System\tTjiVFz.exe
  C:\Windows\System\tTjiVFz.exe
  2⤵
  PID:4832
- C:\Windows\System\xwWaviT.exe
  C:\Windows\System\xwWaviT.exe
  2⤵
  PID:4868
- C:\Windows\System\dJJmvCO.exe
  C:\Windows\System\dJJmvCO.exe
  2⤵
  PID:4904
- C:\Windows\System\wpXBpGM.exe
  C:\Windows\System\wpXBpGM.exe
  2⤵
  PID:4948
- C:\Windows\System\hxVfHOb.exe
  C:\Windows\System\hxVfHOb.exe
  2⤵
  PID:4980
- C:\Windows\System\ZdgQtxC.exe
  C:\Windows\System\ZdgQtxC.exe
  2⤵
  PID:5012
- C:\Windows\System\dDqYBZA.exe
  C:\Windows\System\dDqYBZA.exe
  2⤵
  PID:5032
- C:\Windows\System\zNvJycj.exe
  C:\Windows\System\zNvJycj.exe
  2⤵
  PID:5064
- C:\Windows\System\DDfiNLS.exe
  C:\Windows\System\DDfiNLS.exe
  2⤵
  PID:5108
- C:\Windows\System\riFIjUx.exe
  C:\Windows\System\riFIjUx.exe
  2⤵
  PID:3272
- C:\Windows\System\ydThwmI.exe
  C:\Windows\System\ydThwmI.exe
  2⤵
  PID:3540
- C:\Windows\System\bPIuEoY.exe
  C:\Windows\System\bPIuEoY.exe
  2⤵
  PID:3796
- C:\Windows\System\skCqFrh.exe
  C:\Windows\System\skCqFrh.exe
  2⤵
  PID:3944
- C:\Windows\System\huYhGRg.exe
  C:\Windows\System\huYhGRg.exe
  2⤵
  PID:1924
- C:\Windows\System\gKyiLlH.exe
  C:\Windows\System\gKyiLlH.exe
  2⤵
  PID:4176
- C:\Windows\System\TacmhRu.exe
  C:\Windows\System\TacmhRu.exe
  2⤵
  PID:4240
- C:\Windows\System\LZWLyDz.exe
  C:\Windows\System\LZWLyDz.exe
  2⤵
  PID:4304
- C:\Windows\System\IYVdfbo.exe
  C:\Windows\System\IYVdfbo.exe
  2⤵
  PID:4352
- C:\Windows\System\ykzOQXM.exe
  C:\Windows\System\ykzOQXM.exe
  2⤵
  PID:4428
- C:\Windows\System\FgPSGLY.exe
  C:\Windows\System\FgPSGLY.exe
  2⤵
  PID:4508
- C:\Windows\System\fWqoarR.exe
  C:\Windows\System\fWqoarR.exe
  2⤵
  PID:4560
- C:\Windows\System\uFekTFZ.exe
  C:\Windows\System\uFekTFZ.exe
  2⤵
  PID:4616
- C:\Windows\System\VUUcdxa.exe
  C:\Windows\System\VUUcdxa.exe
  2⤵
  PID:4700
- C:\Windows\System\zRhvVBo.exe
  C:\Windows\System\zRhvVBo.exe
  2⤵
  PID:4784
- C:\Windows\System\ZEkxkAg.exe
  C:\Windows\System\ZEkxkAg.exe
  2⤵
  PID:4848
- C:\Windows\System\IIaGUDb.exe
  C:\Windows\System\IIaGUDb.exe
  2⤵
  PID:4888
- C:\Windows\System\OWjAshF.exe
  C:\Windows\System\OWjAshF.exe
  2⤵
  PID:4984
- C:\Windows\System\yyqCwgo.exe
  C:\Windows\System\yyqCwgo.exe
  2⤵
  PID:5048
- C:\Windows\System\IXKZXLO.exe
  C:\Windows\System\IXKZXLO.exe
  2⤵
  PID:5080
- C:\Windows\System\DXrIBAS.exe
  C:\Windows\System\DXrIBAS.exe
  2⤵
  PID:3476
- C:\Windows\System\BKmXghe.exe
  C:\Windows\System\BKmXghe.exe
  2⤵
  PID:3924
- C:\Windows\System\JRkntwa.exe
  C:\Windows\System\JRkntwa.exe
  2⤵
  PID:4192
- C:\Windows\System\lNKtxHz.exe
  C:\Windows\System\lNKtxHz.exe
  2⤵
  PID:4256
- C:\Windows\System\pWmzZZq.exe
  C:\Windows\System\pWmzZZq.exe
  2⤵
  PID:4372
- C:\Windows\System\dgYwUSA.exe
  C:\Windows\System\dgYwUSA.exe
  2⤵
  PID:4576
- C:\Windows\System\CPHeFRW.exe
  C:\Windows\System\CPHeFRW.exe
  2⤵
  PID:4652
- C:\Windows\System\rqWKUVi.exe
  C:\Windows\System\rqWKUVi.exe
  2⤵
  PID:4852
- C:\Windows\System\BpZoiMM.exe
  C:\Windows\System\BpZoiMM.exe
  2⤵
  PID:4932
- C:\Windows\System\rKGzeei.exe
  C:\Windows\System\rKGzeei.exe
  2⤵
  PID:5060
- C:\Windows\System\hWXeiUu.exe
  C:\Windows\System\hWXeiUu.exe
  2⤵
  PID:3668
- C:\Windows\System\ZIizmOG.exe
  C:\Windows\System\ZIizmOG.exe
  2⤵
  PID:4208
- C:\Windows\System\YFpomtR.exe
  C:\Windows\System\YFpomtR.exe
  2⤵
  PID:5128
- C:\Windows\System\RxEBWnb.exe
  C:\Windows\System\RxEBWnb.exe
  2⤵
  PID:5144
- C:\Windows\System\kVrFDgC.exe
  C:\Windows\System\kVrFDgC.exe
  2⤵
  PID:5160
- C:\Windows\System\pqKImJG.exe
  C:\Windows\System\pqKImJG.exe
  2⤵
  PID:5176
- C:\Windows\System\ZbJhoAI.exe
  C:\Windows\System\ZbJhoAI.exe
  2⤵
  PID:5192
- C:\Windows\System\DqugAAz.exe
  C:\Windows\System\DqugAAz.exe
  2⤵
  PID:5208
- C:\Windows\System\EMRZdNd.exe
  C:\Windows\System\EMRZdNd.exe
  2⤵
  PID:5224
- C:\Windows\System\QPICTPb.exe
  C:\Windows\System\QPICTPb.exe
  2⤵
  PID:5240
- C:\Windows\System\ATBwzeJ.exe
  C:\Windows\System\ATBwzeJ.exe
  2⤵
  PID:5256
- C:\Windows\System\ahmtice.exe
  C:\Windows\System\ahmtice.exe
  2⤵
  PID:5272
- C:\Windows\System\ixLeAKA.exe
  C:\Windows\System\ixLeAKA.exe
  2⤵
  PID:5288
- C:\Windows\System\VabInTl.exe
  C:\Windows\System\VabInTl.exe
  2⤵
  PID:5304
- C:\Windows\System\MvMVNsc.exe
  C:\Windows\System\MvMVNsc.exe
  2⤵
  PID:5320
- C:\Windows\System\zVBWaGb.exe
  C:\Windows\System\zVBWaGb.exe
  2⤵
  PID:5336
- C:\Windows\System\uXBZVwB.exe
  C:\Windows\System\uXBZVwB.exe
  2⤵
  PID:5352
- C:\Windows\System\bugPAwX.exe
  C:\Windows\System\bugPAwX.exe
  2⤵
  PID:5368
- C:\Windows\System\KoAnHUS.exe
  C:\Windows\System\KoAnHUS.exe
  2⤵
  PID:5384
- C:\Windows\System\CUxuvWC.exe
  C:\Windows\System\CUxuvWC.exe
  2⤵
  PID:5400
- C:\Windows\System\npGLyvE.exe
  C:\Windows\System\npGLyvE.exe
  2⤵
  PID:5416
- C:\Windows\System\JFCSBtY.exe
  C:\Windows\System\JFCSBtY.exe
  2⤵
  PID:5432
- C:\Windows\System\godPAgH.exe
  C:\Windows\System\godPAgH.exe
  2⤵
  PID:5448
- C:\Windows\System\rOQBhKQ.exe
  C:\Windows\System\rOQBhKQ.exe
  2⤵
  PID:5464
- C:\Windows\System\FxUXTUF.exe
  C:\Windows\System\FxUXTUF.exe
  2⤵
  PID:5480
- C:\Windows\System\ZPcRApQ.exe
  C:\Windows\System\ZPcRApQ.exe
  2⤵
  PID:5496
- C:\Windows\System\LApbIaY.exe
  C:\Windows\System\LApbIaY.exe
  2⤵
  PID:5512
- C:\Windows\System\YjVYsnu.exe
  C:\Windows\System\YjVYsnu.exe
  2⤵
  PID:5528
- C:\Windows\System\LfsnvzI.exe
  C:\Windows\System\LfsnvzI.exe
  2⤵
  PID:5544
- C:\Windows\System\zyvAqfA.exe
  C:\Windows\System\zyvAqfA.exe
  2⤵
  PID:5560
- C:\Windows\System\ldfGguw.exe
  C:\Windows\System\ldfGguw.exe
  2⤵
  PID:5576
- C:\Windows\System\FFEHWOG.exe
  C:\Windows\System\FFEHWOG.exe
  2⤵
  PID:5592
- C:\Windows\System\yLwhPQi.exe
  C:\Windows\System\yLwhPQi.exe
  2⤵
  PID:5608
- C:\Windows\System\cSHqnps.exe
  C:\Windows\System\cSHqnps.exe
  2⤵
  PID:5624
- C:\Windows\System\ygUpEQD.exe
  C:\Windows\System\ygUpEQD.exe
  2⤵
  PID:5640
- C:\Windows\System\uhybKUF.exe
  C:\Windows\System\uhybKUF.exe
  2⤵
  PID:5656
- C:\Windows\System\qKBoqPR.exe
  C:\Windows\System\qKBoqPR.exe
  2⤵
  PID:5672
- C:\Windows\System\EGaqNTu.exe
  C:\Windows\System\EGaqNTu.exe
  2⤵
  PID:5688
- C:\Windows\System\XXTtOaa.exe
  C:\Windows\System\XXTtOaa.exe
  2⤵
  PID:5704
- C:\Windows\System\xhUtkmj.exe
  C:\Windows\System\xhUtkmj.exe
  2⤵
  PID:5720
- C:\Windows\System\AesSTJN.exe
  C:\Windows\System\AesSTJN.exe
  2⤵
  PID:5736
- C:\Windows\System\cmuTRRe.exe
  C:\Windows\System\cmuTRRe.exe
  2⤵
  PID:5752
- C:\Windows\System\QFTXrYS.exe
  C:\Windows\System\QFTXrYS.exe
  2⤵
  PID:5768
- C:\Windows\System\XFcczIM.exe
  C:\Windows\System\XFcczIM.exe
  2⤵
  PID:5784
- C:\Windows\System\EmfMLWp.exe
  C:\Windows\System\EmfMLWp.exe
  2⤵
  PID:5800
- C:\Windows\System\LLpSaom.exe
  C:\Windows\System\LLpSaom.exe
  2⤵
  PID:5816
- C:\Windows\System\jGxOepR.exe
  C:\Windows\System\jGxOepR.exe
  2⤵
  PID:5832
- C:\Windows\System\cwXucBE.exe
  C:\Windows\System\cwXucBE.exe
  2⤵
  PID:5848
- C:\Windows\System\aLMJAtw.exe
  C:\Windows\System\aLMJAtw.exe
  2⤵
  PID:5864
- C:\Windows\System\cpBAzrJ.exe
  C:\Windows\System\cpBAzrJ.exe
  2⤵
  PID:5880
- C:\Windows\System\fdwMYXi.exe
  C:\Windows\System\fdwMYXi.exe
  2⤵
  PID:5896
- C:\Windows\System\gVSiSSA.exe
  C:\Windows\System\gVSiSSA.exe
  2⤵
  PID:5912
- C:\Windows\System\LRnmWsj.exe
  C:\Windows\System\LRnmWsj.exe
  2⤵
  PID:5932
- C:\Windows\System\naFLmhk.exe
  C:\Windows\System\naFLmhk.exe
  2⤵
  PID:5948
- C:\Windows\System\dtwrdCG.exe
  C:\Windows\System\dtwrdCG.exe
  2⤵
  PID:5964
- C:\Windows\System\UeVxmIN.exe
  C:\Windows\System\UeVxmIN.exe
  2⤵
  PID:5980
- C:\Windows\System\GHvqmnT.exe
  C:\Windows\System\GHvqmnT.exe
  2⤵
  PID:5996
- C:\Windows\System\WxYhebG.exe
  C:\Windows\System\WxYhebG.exe
  2⤵
  PID:6012
- C:\Windows\System\cAaJIFw.exe
  C:\Windows\System\cAaJIFw.exe
  2⤵
  PID:6028
- C:\Windows\System\jKApqll.exe
  C:\Windows\System\jKApqll.exe
  2⤵
  PID:6044
- C:\Windows\System\XKLrKXW.exe
  C:\Windows\System\XKLrKXW.exe
  2⤵
  PID:6060
- C:\Windows\System\cIPjIMt.exe
  C:\Windows\System\cIPjIMt.exe
  2⤵
  PID:6076
- C:\Windows\System\LgKQMdt.exe
  C:\Windows\System\LgKQMdt.exe
  2⤵
  PID:6092
- C:\Windows\System\gmtHVHD.exe
  C:\Windows\System\gmtHVHD.exe
  2⤵
  PID:6108
- C:\Windows\System\CfSUJPc.exe
  C:\Windows\System\CfSUJPc.exe
  2⤵
  PID:6124
- C:\Windows\System\EAVaMlv.exe
  C:\Windows\System\EAVaMlv.exe
  2⤵
  PID:6140
- C:\Windows\System\hrbkGWT.exe
  C:\Windows\System\hrbkGWT.exe
  2⤵
  PID:4512
- C:\Windows\System\uJlNDem.exe
  C:\Windows\System\uJlNDem.exe
  2⤵
  PID:4740
- C:\Windows\System\kjuwTPd.exe
  C:\Windows\System\kjuwTPd.exe
  2⤵
  PID:5016
- C:\Windows\System\efAdZuK.exe
  C:\Windows\System\efAdZuK.exe
  2⤵
  PID:4116
- C:\Windows\System\uRQJprb.exe
  C:\Windows\System\uRQJprb.exe
  2⤵
  PID:5140
- C:\Windows\System\yusWZvb.exe
  C:\Windows\System\yusWZvb.exe
  2⤵
  PID:5172
- C:\Windows\System\IFxVcTN.exe
  C:\Windows\System\IFxVcTN.exe
  2⤵
  PID:5204
- C:\Windows\System\WiBPHAg.exe
  C:\Windows\System\WiBPHAg.exe
  2⤵
  PID:5236
- C:\Windows\System\wqYjWaV.exe
  C:\Windows\System\wqYjWaV.exe
  2⤵
  PID:5268
- C:\Windows\System\XILIljb.exe
  C:\Windows\System\XILIljb.exe
  2⤵
  PID:5300
- C:\Windows\System\rDKsRjB.exe
  C:\Windows\System\rDKsRjB.exe
  2⤵
  PID:5344
- C:\Windows\System\tUZGMyf.exe
  C:\Windows\System\tUZGMyf.exe
  2⤵
  PID:5364
- C:\Windows\System\PIdpHMQ.exe
  C:\Windows\System\PIdpHMQ.exe
  2⤵
  PID:5408
- C:\Windows\System\jripbyA.exe
  C:\Windows\System\jripbyA.exe
  2⤵
  PID:5428
- C:\Windows\System\aIGsXBQ.exe
  C:\Windows\System\aIGsXBQ.exe
  2⤵
  PID:5460
- C:\Windows\System\ojMonBf.exe
  C:\Windows\System\ojMonBf.exe
  2⤵
  PID:5492
- C:\Windows\System\wZVYGUd.exe
  C:\Windows\System\wZVYGUd.exe
  2⤵
  PID:5524
- C:\Windows\System\CnWxBcU.exe
  C:\Windows\System\CnWxBcU.exe
  2⤵
  PID:5568
- C:\Windows\System\ZLcnuXF.exe
  C:\Windows\System\ZLcnuXF.exe
  2⤵
  PID:5600
- C:\Windows\System\aYHyWHl.exe
  C:\Windows\System\aYHyWHl.exe
  2⤵
  PID:5632
- C:\Windows\System\GnuNcCc.exe
  C:\Windows\System\GnuNcCc.exe
  2⤵
  PID:5664
- C:\Windows\System\FDembOb.exe
  C:\Windows\System\FDembOb.exe
  2⤵
  PID:5680
- C:\Windows\System\WkultNj.exe
  C:\Windows\System\WkultNj.exe
  2⤵
  PID:5716
- C:\Windows\System\HtXlmdl.exe
  C:\Windows\System\HtXlmdl.exe
  2⤵
  PID:5760
- C:\Windows\System\TGHOMRk.exe
  C:\Windows\System\TGHOMRk.exe
  2⤵
  PID:5792
- C:\Windows\System\muFtnMx.exe
  C:\Windows\System\muFtnMx.exe
  2⤵
  PID:5812
- C:\Windows\System\jmUWwFI.exe
  C:\Windows\System\jmUWwFI.exe
  2⤵
  PID:5856
- C:\Windows\System\rJUBCQn.exe
  C:\Windows\System\rJUBCQn.exe
  2⤵
  PID:5876
- C:\Windows\System\LSmThMc.exe
  C:\Windows\System\LSmThMc.exe
  2⤵
  PID:5920
- C:\Windows\System\eLUQLfM.exe
  C:\Windows\System\eLUQLfM.exe
  2⤵
  PID:5956
- C:\Windows\System\oWhsJPn.exe
  C:\Windows\System\oWhsJPn.exe
  2⤵
  PID:5988
- C:\Windows\System\mnGYBuZ.exe
  C:\Windows\System\mnGYBuZ.exe
  2⤵
  PID:6020
- C:\Windows\System\iTtwkah.exe
  C:\Windows\System\iTtwkah.exe
  2⤵
  PID:6052
- C:\Windows\System\qkRwyTT.exe
  C:\Windows\System\qkRwyTT.exe
  2⤵
  PID:6072
- C:\Windows\System\XvZkDSm.exe
  C:\Windows\System\XvZkDSm.exe
  2⤵
  PID:6116
- C:\Windows\System\PPTlmhS.exe
  C:\Windows\System\PPTlmhS.exe
  2⤵
  PID:6136
- C:\Windows\System\gqVVErb.exe
  C:\Windows\System\gqVVErb.exe
  2⤵
  PID:4952
- C:\Windows\System\DZcSheX.exe
  C:\Windows\System\DZcSheX.exe
  2⤵
  PID:4336
- C:\Windows\System\spwhLXW.exe
  C:\Windows\System\spwhLXW.exe
  2⤵
  PID:5168
- C:\Windows\System\LgFpOxB.exe
  C:\Windows\System\LgFpOxB.exe
  2⤵
  PID:5232
- C:\Windows\System\gyELLrZ.exe
  C:\Windows\System\gyELLrZ.exe
  2⤵
  PID:5328
- C:\Windows\System\AtpLnqa.exe
  C:\Windows\System\AtpLnqa.exe
  2⤵
  PID:5360
- C:\Windows\System\IkNEvVC.exe
  C:\Windows\System\IkNEvVC.exe
  2⤵
  PID:5456
- C:\Windows\System\muTwIml.exe
  C:\Windows\System\muTwIml.exe
  2⤵
  PID:5488
- C:\Windows\System\YrsvjmM.exe
  C:\Windows\System\YrsvjmM.exe
  2⤵
  PID:5540
- C:\Windows\System\gIRTGUC.exe
  C:\Windows\System\gIRTGUC.exe
  2⤵
  PID:5604
- C:\Windows\System\cfLahWR.exe
  C:\Windows\System\cfLahWR.exe
  2⤵
  PID:5700
- C:\Windows\System\ADYIVle.exe
  C:\Windows\System\ADYIVle.exe
  2⤵
  PID:5764
- C:\Windows\System\YPjjvoZ.exe
  C:\Windows\System\YPjjvoZ.exe
  2⤵
  PID:5828
- C:\Windows\System\dSxrGUp.exe
  C:\Windows\System\dSxrGUp.exe
  2⤵
  PID:5860
- C:\Windows\System\duaXjHC.exe
  C:\Windows\System\duaXjHC.exe
  2⤵
  PID:5928
- C:\Windows\System\KPQQRfg.exe
  C:\Windows\System\KPQQRfg.exe
  2⤵
  PID:6024
- C:\Windows\System\bieaSCg.exe
  C:\Windows\System\bieaSCg.exe
  2⤵
  PID:6056
- C:\Windows\System\UragUlH.exe
  C:\Windows\System\UragUlH.exe
  2⤵
  PID:2304
- C:\Windows\System\vQmAomq.exe
  C:\Windows\System\vQmAomq.exe
  2⤵
  PID:3336
- C:\Windows\System\YocGdSF.exe
  C:\Windows\System\YocGdSF.exe
  2⤵
  PID:5280
- C:\Windows\System\IccZpzv.exe
  C:\Windows\System\IccZpzv.exe
  2⤵
  PID:5296
- C:\Windows\System\sPEXatZ.exe
  C:\Windows\System\sPEXatZ.exe
  2⤵
  PID:5440
- C:\Windows\System\hpSBHXS.exe
  C:\Windows\System\hpSBHXS.exe
  2⤵
  PID:5552
- C:\Windows\System\oFFEcIx.exe
  C:\Windows\System\oFFEcIx.exe
  2⤵
  PID:5668
- C:\Windows\System\TNbnnbg.exe
  C:\Windows\System\TNbnnbg.exe
  2⤵
  PID:5808
- C:\Windows\System\NbmNXen.exe
  C:\Windows\System\NbmNXen.exe
  2⤵
  PID:5940
- C:\Windows\System\xCRRCnY.exe
  C:\Windows\System\xCRRCnY.exe
  2⤵
  PID:6068
- C:\Windows\System\YJffBbB.exe
  C:\Windows\System\YJffBbB.exe
  2⤵
  PID:3816
- C:\Windows\System\cWrOWaV.exe
  C:\Windows\System\cWrOWaV.exe
  2⤵
  PID:5392
- C:\Windows\System\YXxAWxU.exe
  C:\Windows\System\YXxAWxU.exe
  2⤵
  PID:6164
- C:\Windows\System\GCywqlA.exe
  C:\Windows\System\GCywqlA.exe
  2⤵
  PID:6180
- C:\Windows\System\unPWNXN.exe
  C:\Windows\System\unPWNXN.exe
  2⤵
  PID:6196
- C:\Windows\System\bqakTGt.exe
  C:\Windows\System\bqakTGt.exe
  2⤵
  PID:6212
- C:\Windows\System\OqLCZYq.exe
  C:\Windows\System\OqLCZYq.exe
  2⤵
  PID:6228
- C:\Windows\System\MCFvLDH.exe
  C:\Windows\System\MCFvLDH.exe
  2⤵
  PID:6244
- C:\Windows\System\pONSefd.exe
  C:\Windows\System\pONSefd.exe
  2⤵
  PID:6260
- C:\Windows\System\NBeYvUC.exe
  C:\Windows\System\NBeYvUC.exe
  2⤵
  PID:6276
- C:\Windows\System\fYouVXf.exe
  C:\Windows\System\fYouVXf.exe
  2⤵
  PID:6292
- C:\Windows\System\atYLAzW.exe
  C:\Windows\System\atYLAzW.exe
  2⤵
  PID:6308
- C:\Windows\System\wIAMqaT.exe
  C:\Windows\System\wIAMqaT.exe
  2⤵
  PID:6324
- C:\Windows\System\WYWsGNJ.exe
  C:\Windows\System\WYWsGNJ.exe
  2⤵
  PID:6340
- C:\Windows\System\gGBrOgU.exe
  C:\Windows\System\gGBrOgU.exe
  2⤵
  PID:6356
- C:\Windows\System\akPfaOU.exe
  C:\Windows\System\akPfaOU.exe
  2⤵
  PID:6372
- C:\Windows\System\vomzVBc.exe
  C:\Windows\System\vomzVBc.exe
  2⤵
  PID:6388
- C:\Windows\System\DvwyJbM.exe
  C:\Windows\System\DvwyJbM.exe
  2⤵
  PID:6404
- C:\Windows\System\pIbsTLY.exe
  C:\Windows\System\pIbsTLY.exe
  2⤵
  PID:6420
- C:\Windows\System\MWsRoNb.exe
  C:\Windows\System\MWsRoNb.exe
  2⤵
  PID:6436
- C:\Windows\System\OEIRYiY.exe
  C:\Windows\System\OEIRYiY.exe
  2⤵
  PID:6452
- C:\Windows\System\waXcWjk.exe
  C:\Windows\System\waXcWjk.exe
  2⤵
  PID:6468
- C:\Windows\System\kIhIUVi.exe
  C:\Windows\System\kIhIUVi.exe
  2⤵
  PID:6484
- C:\Windows\System\eutbAfD.exe
  C:\Windows\System\eutbAfD.exe
  2⤵
  PID:6500
- C:\Windows\System\RTovjLS.exe
  C:\Windows\System\RTovjLS.exe
  2⤵
  PID:6516
- C:\Windows\System\LbyGrmZ.exe
  C:\Windows\System\LbyGrmZ.exe
  2⤵
  PID:6532
- C:\Windows\System\fdpufCC.exe
  C:\Windows\System\fdpufCC.exe
  2⤵
  PID:6548
- C:\Windows\System\UmdooDk.exe
  C:\Windows\System\UmdooDk.exe
  2⤵
  PID:6564
- C:\Windows\System\LDKGjmR.exe
  C:\Windows\System\LDKGjmR.exe
  2⤵
  PID:6580
- C:\Windows\System\BftseyO.exe
  C:\Windows\System\BftseyO.exe
  2⤵
  PID:6596
- C:\Windows\System\EKiHqSP.exe
  C:\Windows\System\EKiHqSP.exe
  2⤵
  PID:6612
- C:\Windows\System\NFqrQAO.exe
  C:\Windows\System\NFqrQAO.exe
  2⤵
  PID:6628
- C:\Windows\System\YMrYaVP.exe
  C:\Windows\System\YMrYaVP.exe
  2⤵
  PID:6644
- C:\Windows\System\PSolPbX.exe
  C:\Windows\System\PSolPbX.exe
  2⤵
  PID:6660
- C:\Windows\System\ISHVizs.exe
  C:\Windows\System\ISHVizs.exe
  2⤵
  PID:6676
- C:\Windows\System\hAStkTw.exe
  C:\Windows\System\hAStkTw.exe
  2⤵
  PID:6692
- C:\Windows\System\JfAwpmI.exe
  C:\Windows\System\JfAwpmI.exe
  2⤵
  PID:6708
- C:\Windows\System\kkLYnhh.exe
  C:\Windows\System\kkLYnhh.exe
  2⤵
  PID:6724
- C:\Windows\System\CdTRMNW.exe
  C:\Windows\System\CdTRMNW.exe
  2⤵
  PID:6740
- C:\Windows\System\PjsMngN.exe
  C:\Windows\System\PjsMngN.exe
  2⤵
  PID:6756
- C:\Windows\System\fGmVbHJ.exe
  C:\Windows\System\fGmVbHJ.exe
  2⤵
  PID:6772
- C:\Windows\System\acLxuhU.exe
  C:\Windows\System\acLxuhU.exe
  2⤵
  PID:6788
- C:\Windows\System\kHGNgMS.exe
  C:\Windows\System\kHGNgMS.exe
  2⤵
  PID:6804
- C:\Windows\System\RLlamiI.exe
  C:\Windows\System\RLlamiI.exe
  2⤵
  PID:6820
- C:\Windows\System\hDeGOkV.exe
  C:\Windows\System\hDeGOkV.exe
  2⤵
  PID:6836
- C:\Windows\System\EKwoQXA.exe
  C:\Windows\System\EKwoQXA.exe
  2⤵
  PID:6852
- C:\Windows\System\diJRret.exe
  C:\Windows\System\diJRret.exe
  2⤵
  PID:6868
- C:\Windows\System\hGCzKsd.exe
  C:\Windows\System\hGCzKsd.exe
  2⤵
  PID:6884
- C:\Windows\System\VZZmjyH.exe
  C:\Windows\System\VZZmjyH.exe
  2⤵
  PID:6900
- C:\Windows\System\lBdIxtA.exe
  C:\Windows\System\lBdIxtA.exe
  2⤵
  PID:6916
- C:\Windows\System\xGvoLHw.exe
  C:\Windows\System\xGvoLHw.exe
  2⤵
  PID:6932
- C:\Windows\System\sTDBzJO.exe
  C:\Windows\System\sTDBzJO.exe
  2⤵
  PID:6948
- C:\Windows\System\EHLhGWe.exe
  C:\Windows\System\EHLhGWe.exe
  2⤵
  PID:6964
- C:\Windows\System\suzokmc.exe
  C:\Windows\System\suzokmc.exe
  2⤵
  PID:6980
- C:\Windows\System\tlFRYWi.exe
  C:\Windows\System\tlFRYWi.exe
  2⤵
  PID:6996
- C:\Windows\System\fvZpEqe.exe
  C:\Windows\System\fvZpEqe.exe
  2⤵
  PID:7012
- C:\Windows\System\TlSlYfx.exe
  C:\Windows\System\TlSlYfx.exe
  2⤵
  PID:7028
- C:\Windows\System\QEwCuvO.exe
  C:\Windows\System\QEwCuvO.exe
  2⤵
  PID:7044
- C:\Windows\System\lvAAStT.exe
  C:\Windows\System\lvAAStT.exe
  2⤵
  PID:7060
- C:\Windows\System\xJGGHRK.exe
  C:\Windows\System\xJGGHRK.exe
  2⤵
  PID:7076
- C:\Windows\System\cgjUqov.exe
  C:\Windows\System\cgjUqov.exe
  2⤵
  PID:7092
- C:\Windows\System\XNYmbpF.exe
  C:\Windows\System\XNYmbpF.exe
  2⤵
  PID:7108
- C:\Windows\System\YoRZktg.exe
  C:\Windows\System\YoRZktg.exe
  2⤵
  PID:7124
- C:\Windows\System\QIQCMMr.exe
  C:\Windows\System\QIQCMMr.exe
  2⤵
  PID:7140
- C:\Windows\System\eCSSevA.exe
  C:\Windows\System\eCSSevA.exe
  2⤵
  PID:7156
- C:\Windows\System\sSVRUMn.exe
  C:\Windows\System\sSVRUMn.exe
  2⤵
  PID:5520
- C:\Windows\System\cgiXxZk.exe
  C:\Windows\System\cgiXxZk.exe
  2⤵
  PID:5648
- C:\Windows\System\QthaYlU.exe
  C:\Windows\System\QthaYlU.exe
  2⤵
  PID:5840
- C:\Windows\System\aySfWWy.exe
  C:\Windows\System\aySfWWy.exe
  2⤵
  PID:5264
- C:\Windows\System\uZNzzix.exe
  C:\Windows\System\uZNzzix.exe
  2⤵
  PID:6160
- C:\Windows\System\ozsblQm.exe
  C:\Windows\System\ozsblQm.exe
  2⤵
  PID:6208
- C:\Windows\System\ilFakfT.exe
  C:\Windows\System\ilFakfT.exe
  2⤵
  PID:6224
- C:\Windows\System\CTnOBhL.exe
  C:\Windows\System\CTnOBhL.exe
  2⤵
  PID:6256
- C:\Windows\System\DxWTjWn.exe
  C:\Windows\System\DxWTjWn.exe
  2⤵
  PID:6288
- C:\Windows\System\uEJozwk.exe
  C:\Windows\System\uEJozwk.exe
  2⤵
  PID:6320
- C:\Windows\System\aETTvyr.exe
  C:\Windows\System\aETTvyr.exe
  2⤵
  PID:6364
- C:\Windows\System\KzeCtHx.exe
  C:\Windows\System\KzeCtHx.exe
  2⤵
  PID:6384
- C:\Windows\System\rmMnCzN.exe
  C:\Windows\System\rmMnCzN.exe
  2⤵
  PID:6428
- C:\Windows\System\CGlSdlh.exe
  C:\Windows\System\CGlSdlh.exe
  2⤵
  PID:6460
- C:\Windows\System\ouQWqIL.exe
  C:\Windows\System\ouQWqIL.exe
  2⤵
  PID:6496
- C:\Windows\System\brCoqPq.exe
  C:\Windows\System\brCoqPq.exe
  2⤵
  PID:6528
- C:\Windows\System\DdpRCJf.exe
  C:\Windows\System\DdpRCJf.exe
  2⤵
  PID:6560
- C:\Windows\System\fjzfvqq.exe
  C:\Windows\System\fjzfvqq.exe
  2⤵
  PID:6592
- C:\Windows\System\zxDwKuY.exe
  C:\Windows\System\zxDwKuY.exe
  2⤵
  PID:6624
- C:\Windows\System\SgFYPFq.exe
  C:\Windows\System\SgFYPFq.exe
  2⤵
  PID:6640
- C:\Windows\System\UHBSsiR.exe
  C:\Windows\System\UHBSsiR.exe
  2⤵
  PID:6688
- C:\Windows\System\MKDMYHV.exe
  C:\Windows\System\MKDMYHV.exe
  2⤵
  PID:6720
- C:\Windows\System\hmkYgxA.exe
  C:\Windows\System\hmkYgxA.exe
  2⤵
  PID:6752
- C:\Windows\System\hibvbws.exe
  C:\Windows\System\hibvbws.exe
  2⤵
  PID:6768
- C:\Windows\System\AOPUBiy.exe
  C:\Windows\System\AOPUBiy.exe
  2⤵
  PID:6800
- C:\Windows\System\biJTbhd.exe
  C:\Windows\System\biJTbhd.exe
  2⤵
  PID:6844
- C:\Windows\System\uapfQXg.exe
  C:\Windows\System\uapfQXg.exe
  2⤵
  PID:6864
- C:\Windows\System\OIHDBFQ.exe
  C:\Windows\System\OIHDBFQ.exe
  2⤵
  PID:6908
- C:\Windows\System\zyEBxYX.exe
  C:\Windows\System\zyEBxYX.exe
  2⤵
  PID:6940
- C:\Windows\System\oeTnZzK.exe
  C:\Windows\System\oeTnZzK.exe
  2⤵
  PID:6960
- C:\Windows\System\WWzGdRn.exe
  C:\Windows\System\WWzGdRn.exe
  2⤵
  PID:6992
- C:\Windows\System\AZVVmbC.exe
  C:\Windows\System\AZVVmbC.exe
  2⤵
  PID:7036
- C:\Windows\System\ZVibuCJ.exe
  C:\Windows\System\ZVibuCJ.exe
  2⤵
  PID:7056
- C:\Windows\System\OqmOofP.exe
  C:\Windows\System\OqmOofP.exe
  2⤵
  PID:7088
- C:\Windows\System\MxuIPnp.exe
  C:\Windows\System\MxuIPnp.exe
  2⤵
  PID:7136
- C:\Windows\System\eRZzNRs.exe
  C:\Windows\System\eRZzNRs.exe
  2⤵
  PID:7152
- C:\Windows\System\blGnHTG.exe
  C:\Windows\System\blGnHTG.exe
  2⤵
  PID:5696
- C:\Windows\System\SyXpzyi.exe
  C:\Windows\System\SyXpzyi.exe
  2⤵
  PID:6172
- C:\Windows\System\lLgOknC.exe
  C:\Windows\System\lLgOknC.exe
  2⤵
  PID:6204
- C:\Windows\System\HFEurZA.exe
  C:\Windows\System\HFEurZA.exe
  2⤵
  PID:6268
- C:\Windows\System\caohACX.exe
  C:\Windows\System\caohACX.exe
  2⤵
  PID:6332
- C:\Windows\System\nTjvOfA.exe
  C:\Windows\System\nTjvOfA.exe
  2⤵
  PID:6396
- C:\Windows\System\TaIuQaV.exe
  C:\Windows\System\TaIuQaV.exe
  2⤵
  PID:6476
- C:\Windows\System\rgJjaPE.exe
  C:\Windows\System\rgJjaPE.exe
  2⤵
  PID:6524
- C:\Windows\System\jwzsTNP.exe
  C:\Windows\System\jwzsTNP.exe
  2⤵
  PID:6588
- C:\Windows\System\wrHhYKE.exe
  C:\Windows\System\wrHhYKE.exe
  2⤵
  PID:6656
- C:\Windows\System\ZUygNWL.exe
  C:\Windows\System\ZUygNWL.exe
  2⤵
  PID:6704
- C:\Windows\System\zTZSACo.exe
  C:\Windows\System\zTZSACo.exe
  2⤵
  PID:780
- C:\Windows\System\oYpOusj.exe
  C:\Windows\System\oYpOusj.exe
  2⤵
  PID:6832
- C:\Windows\System\dBSpFOC.exe
  C:\Windows\System\dBSpFOC.exe
  2⤵
  PID:6896
- C:\Windows\System\cheGytx.exe
  C:\Windows\System\cheGytx.exe
  2⤵
  PID:6972
- C:\Windows\System\QymRUub.exe
  C:\Windows\System\QymRUub.exe
  2⤵
  PID:7020
- C:\Windows\System\wchFbjG.exe
  C:\Windows\System\wchFbjG.exe
  2⤵
  PID:7100
- C:\Windows\System\ArhoAcR.exe
  C:\Windows\System\ArhoAcR.exe
  2⤵
  PID:5904
- C:\Windows\System\ypEztnZ.exe
  C:\Windows\System\ypEztnZ.exe
  2⤵
  PID:4680
- C:\Windows\System\bazCuPc.exe
  C:\Windows\System\bazCuPc.exe
  2⤵
  PID:6252
- C:\Windows\System\qkfZOiZ.exe
  C:\Windows\System\qkfZOiZ.exe
  2⤵
  PID:6412
- C:\Windows\System\BuQZPqT.exe
  C:\Windows\System\BuQZPqT.exe
  2⤵
  PID:6544
- C:\Windows\System\eFlQaLH.exe
  C:\Windows\System\eFlQaLH.exe
  2⤵
  PID:6652
- C:\Windows\System\OaktJhI.exe
  C:\Windows\System\OaktJhI.exe
  2⤵
  PID:6764
- C:\Windows\System\pPRkAso.exe
  C:\Windows\System\pPRkAso.exe
  2⤵
  PID:6876
- C:\Windows\System\kqHOYxh.exe
  C:\Windows\System\kqHOYxh.exe
  2⤵
  PID:6988
- C:\Windows\System\mEQjHyD.exe
  C:\Windows\System\mEQjHyD.exe
  2⤵
  PID:7084
- C:\Windows\System\MwgKVfa.exe
  C:\Windows\System\MwgKVfa.exe
  2⤵
  PID:5616
- C:\Windows\System\EVqiudl.exe
  C:\Windows\System\EVqiudl.exe
  2⤵
  PID:6188
- C:\Windows\System\vznhply.exe
  C:\Windows\System\vznhply.exe
  2⤵
  PID:6512
- C:\Windows\System\oxGqpAr.exe
  C:\Windows\System\oxGqpAr.exe
  2⤵
  PID:6796
- C:\Windows\System\QQlIAEd.exe
  C:\Windows\System\QQlIAEd.exe
  2⤵
  PID:7176
- C:\Windows\System\tLbSTbW.exe
  C:\Windows\System\tLbSTbW.exe
  2⤵
  PID:7192
- C:\Windows\System\XQQzvWO.exe
  C:\Windows\System\XQQzvWO.exe
  2⤵
  PID:7208
- C:\Windows\System\cGhcCUe.exe
  C:\Windows\System\cGhcCUe.exe
  2⤵
  PID:7224
- C:\Windows\System\nknUzSc.exe
  C:\Windows\System\nknUzSc.exe
  2⤵
  PID:7240
- C:\Windows\System\aiEPTmw.exe
  C:\Windows\System\aiEPTmw.exe
  2⤵
  PID:7256
- C:\Windows\System\leqmKRb.exe
  C:\Windows\System\leqmKRb.exe
  2⤵
  PID:7272
- C:\Windows\System\rgIpFrB.exe
  C:\Windows\System\rgIpFrB.exe
  2⤵
  PID:7288
- C:\Windows\System\fxBvxUZ.exe
  C:\Windows\System\fxBvxUZ.exe
  2⤵
  PID:7304
- C:\Windows\System\gjlZwNH.exe
  C:\Windows\System\gjlZwNH.exe
  2⤵
  PID:7320
- C:\Windows\System\VSQSTBi.exe
  C:\Windows\System\VSQSTBi.exe
  2⤵
  PID:7336
- C:\Windows\System\yoCNXGg.exe
  C:\Windows\System\yoCNXGg.exe
  2⤵
  PID:7352
- C:\Windows\System\fqNHnbL.exe
  C:\Windows\System\fqNHnbL.exe
  2⤵
  PID:7368
- C:\Windows\System\MQEfvCC.exe
  C:\Windows\System\MQEfvCC.exe
  2⤵
  PID:7384
- C:\Windows\System\glNFLJv.exe
  C:\Windows\System\glNFLJv.exe
  2⤵
  PID:7400
- C:\Windows\System\sNzKnGi.exe
  C:\Windows\System\sNzKnGi.exe
  2⤵
  PID:7416
- C:\Windows\System\ceKKUxB.exe
  C:\Windows\System\ceKKUxB.exe
  2⤵
  PID:7432
- C:\Windows\System\wCvDAxQ.exe
  C:\Windows\System\wCvDAxQ.exe
  2⤵
  PID:7448
- C:\Windows\System\JgjBTLc.exe
  C:\Windows\System\JgjBTLc.exe
  2⤵
  PID:7468
- C:\Windows\System\MOXVBYM.exe
  C:\Windows\System\MOXVBYM.exe
  2⤵
  PID:7484
- C:\Windows\System\hlJYrDx.exe
  C:\Windows\System\hlJYrDx.exe
  2⤵
  PID:7500
- C:\Windows\System\jJPIXdH.exe
  C:\Windows\System\jJPIXdH.exe
  2⤵
  PID:7516
- C:\Windows\System\yiJkFRy.exe
  C:\Windows\System\yiJkFRy.exe
  2⤵
  PID:7532
- C:\Windows\System\pLzkyyN.exe
  C:\Windows\System\pLzkyyN.exe
  2⤵
  PID:7548
- C:\Windows\System\YfZPsMu.exe
  C:\Windows\System\YfZPsMu.exe
  2⤵
  PID:7564
- C:\Windows\System\roshQoJ.exe
  C:\Windows\System\roshQoJ.exe
  2⤵
  PID:7580
- C:\Windows\System\keFpLvB.exe
  C:\Windows\System\keFpLvB.exe
  2⤵
  PID:7596
- C:\Windows\System\ZSRQWiD.exe
  C:\Windows\System\ZSRQWiD.exe
  2⤵
  PID:7612
- C:\Windows\System\VTiAVjo.exe
  C:\Windows\System\VTiAVjo.exe
  2⤵
  PID:7628
- C:\Windows\System\FmSaHYL.exe
  C:\Windows\System\FmSaHYL.exe
  2⤵
  PID:7644
- C:\Windows\System\HhhiPYU.exe
  C:\Windows\System\HhhiPYU.exe
  2⤵
  PID:7660
- C:\Windows\System\IHYlulX.exe
  C:\Windows\System\IHYlulX.exe
  2⤵
  PID:7676
- C:\Windows\System\amyFNUC.exe
  C:\Windows\System\amyFNUC.exe
  2⤵
  PID:7692
- C:\Windows\System\FUhZMLt.exe
  C:\Windows\System\FUhZMLt.exe
  2⤵
  PID:7708
- C:\Windows\System\LAWLpib.exe
  C:\Windows\System\LAWLpib.exe
  2⤵
  PID:7724
- C:\Windows\System\KuIsTiS.exe
  C:\Windows\System\KuIsTiS.exe
  2⤵
  PID:7740
- C:\Windows\System\BkZBbBz.exe
  C:\Windows\System\BkZBbBz.exe
  2⤵
  PID:7756
- C:\Windows\System\otLKxRi.exe
  C:\Windows\System\otLKxRi.exe
  2⤵
  PID:7772
- C:\Windows\System\FrVEurZ.exe
  C:\Windows\System\FrVEurZ.exe
  2⤵
  PID:7788
- C:\Windows\System\HasXtoe.exe
  C:\Windows\System\HasXtoe.exe
  2⤵
  PID:7804
- C:\Windows\System\MingOSy.exe
  C:\Windows\System\MingOSy.exe
  2⤵
  PID:7820
- C:\Windows\System\BIeIrkc.exe
  C:\Windows\System\BIeIrkc.exe
  2⤵
  PID:7836
- C:\Windows\System\ouLevNr.exe
  C:\Windows\System\ouLevNr.exe
  2⤵
  PID:7852
- C:\Windows\System\oxNMdVT.exe
  C:\Windows\System\oxNMdVT.exe
  2⤵
  PID:7868
- C:\Windows\System\bvazHMV.exe
  C:\Windows\System\bvazHMV.exe
  2⤵
  PID:7884
- C:\Windows\System\jzvOmaW.exe
  C:\Windows\System\jzvOmaW.exe
  2⤵
  PID:7900
- C:\Windows\System\orWlkqF.exe
  C:\Windows\System\orWlkqF.exe
  2⤵
  PID:7928
- C:\Windows\System\aTgIpkR.exe
  C:\Windows\System\aTgIpkR.exe
  2⤵
  PID:7944
- C:\Windows\System\QElyvGV.exe
  C:\Windows\System\QElyvGV.exe
  2⤵
  PID:7960
- C:\Windows\System\fxbrwYr.exe
  C:\Windows\System\fxbrwYr.exe
  2⤵
  PID:7976
- C:\Windows\System\XCxcmiM.exe
  C:\Windows\System\XCxcmiM.exe
  2⤵
  PID:7992
- C:\Windows\System\gpzEuwq.exe
  C:\Windows\System\gpzEuwq.exe
  2⤵
  PID:8008
- C:\Windows\System\wUxIzik.exe
  C:\Windows\System\wUxIzik.exe
  2⤵
  PID:8028
- C:\Windows\System\VSwatcs.exe
  C:\Windows\System\VSwatcs.exe
  2⤵
  PID:8044
- C:\Windows\System\DHQpOkV.exe
  C:\Windows\System\DHQpOkV.exe
  2⤵
  PID:8060
- C:\Windows\System\bWGHQHH.exe
  C:\Windows\System\bWGHQHH.exe
  2⤵
  PID:8076
- C:\Windows\System\gfqBpDW.exe
  C:\Windows\System\gfqBpDW.exe
  2⤵
  PID:8092
- C:\Windows\System\zYvzqMK.exe
  C:\Windows\System\zYvzqMK.exe
  2⤵
  PID:8108
- C:\Windows\System\ZpedgFZ.exe
  C:\Windows\System\ZpedgFZ.exe
  2⤵
  PID:8124
- C:\Windows\System\jHTvXQu.exe
  C:\Windows\System\jHTvXQu.exe
  2⤵
  PID:8140
- C:\Windows\System\ILIDIgA.exe
  C:\Windows\System\ILIDIgA.exe
  2⤵
  PID:8156
- C:\Windows\System\miRwrgb.exe
  C:\Windows\System\miRwrgb.exe
  2⤵
  PID:8172
- C:\Windows\System\GZNLPCG.exe
  C:\Windows\System\GZNLPCG.exe
  2⤵
  PID:8188
- C:\Windows\System\klhruJD.exe
  C:\Windows\System\klhruJD.exe
  2⤵
  PID:7052
- C:\Windows\System\uQAQIUa.exe
  C:\Windows\System\uQAQIUa.exe
  2⤵
  PID:6152
- C:\Windows\System\voOwpJC.exe
  C:\Windows\System\voOwpJC.exe
  2⤵
  PID:2516
- C:\Windows\System\nyFnYbz.exe
  C:\Windows\System\nyFnYbz.exe
  2⤵
  PID:7172
- C:\Windows\System\NClGBhm.exe
  C:\Windows\System\NClGBhm.exe
  2⤵
  PID:7204
- C:\Windows\System\aCFYbha.exe
  C:\Windows\System\aCFYbha.exe
  2⤵
  PID:7252
- C:\Windows\System\ewERqIB.exe
  C:\Windows\System\ewERqIB.exe
  2⤵
  PID:7284
- C:\Windows\System\ibYLqjl.exe
  C:\Windows\System\ibYLqjl.exe
  2⤵
  PID:7312
- C:\Windows\System\BgwNWuG.exe
  C:\Windows\System\BgwNWuG.exe
  2⤵
  PID:7332
- C:\Windows\System\klgUuGb.exe
  C:\Windows\System\klgUuGb.exe
  2⤵
  PID:7524
- C:\Windows\System\vDvnKcj.exe
  C:\Windows\System\vDvnKcj.exe
  2⤵
  PID:7560
- C:\Windows\System\hPxQQvL.exe
  C:\Windows\System\hPxQQvL.exe
  2⤵
  PID:7604
- C:\Windows\System\bDnLaVT.exe
  C:\Windows\System\bDnLaVT.exe
  2⤵
  PID:7732
- C:\Windows\System\VKtXKjM.exe
  C:\Windows\System\VKtXKjM.exe
  2⤵
  PID:2084
- C:\Windows\System\GMhiPRC.exe
  C:\Windows\System\GMhiPRC.exe
  2⤵
  PID:8004
- C:\Windows\System\AWCzFix.exe
  C:\Windows\System\AWCzFix.exe
  2⤵
  PID:8104
- C:\Windows\System\yaKAToD.exe
  C:\Windows\System\yaKAToD.exe
  2⤵
  PID:1532
- C:\Windows\System\ifbUieH.exe
  C:\Windows\System\ifbUieH.exe
  2⤵
  PID:7068
- C:\Windows\System\bMowRge.exe
  C:\Windows\System\bMowRge.exe
  2⤵
  PID:2488
- C:\Windows\System\zjlMJGf.exe
  C:\Windows\System\zjlMJGf.exe
  2⤵
  PID:1648
- C:\Windows\System\xfTConK.exe
  C:\Windows\System\xfTConK.exe
  2⤵
  PID:7248
- C:\Windows\System\jFQXRRv.exe
  C:\Windows\System\jFQXRRv.exe
  2⤵
  PID:1332
- C:\Windows\System\KMlevuE.exe
  C:\Windows\System\KMlevuE.exe
  2⤵
  PID:7280
- C:\Windows\System\dIioRJh.exe
  C:\Windows\System\dIioRJh.exe
  2⤵
  PID:7316
- C:\Windows\System\hkTigPV.exe
  C:\Windows\System\hkTigPV.exe
  2⤵
  PID:7376
- C:\Windows\System\BhrqFEF.exe
  C:\Windows\System\BhrqFEF.exe
  2⤵
  PID:7392
- C:\Windows\System\KcPlpom.exe
  C:\Windows\System\KcPlpom.exe
  2⤵
  PID:7424
- C:\Windows\System\WrCJDiL.exe
  C:\Windows\System\WrCJDiL.exe
  2⤵
  PID:7456
- C:\Windows\System\IUauRdM.exe
  C:\Windows\System\IUauRdM.exe
  2⤵
  PID:7508
- C:\Windows\System\kexsjCu.exe
  C:\Windows\System\kexsjCu.exe
  2⤵
  PID:7544
- C:\Windows\System\hHXosBl.exe
  C:\Windows\System\hHXosBl.exe
  2⤵
  PID:7576
- C:\Windows\System\vitiTlf.exe
  C:\Windows\System\vitiTlf.exe
  2⤵
  PID:2440
- C:\Windows\System\piIrgmZ.exe
  C:\Windows\System\piIrgmZ.exe
  2⤵
  PID:7668
- C:\Windows\System\tNHbHUS.exe
  C:\Windows\System\tNHbHUS.exe
  2⤵
  PID:7684
- C:\Windows\System\DKjnSeu.exe
  C:\Windows\System\DKjnSeu.exe
  2⤵
  PID:7704
- C:\Windows\System\hqmDiYz.exe
  C:\Windows\System\hqmDiYz.exe
  2⤵
  PID:7736
- C:\Windows\System\HXIuGVP.exe
  C:\Windows\System\HXIuGVP.exe
  2⤵
  PID:7768
- C:\Windows\System\oQkBVzv.exe
  C:\Windows\System\oQkBVzv.exe
  2⤵
  PID:7784
- C:\Windows\System\lRAZJLR.exe
  C:\Windows\System\lRAZJLR.exe
  2⤵
  PID:7816
- C:\Windows\System\qlehyjs.exe
  C:\Windows\System\qlehyjs.exe
  2⤵
  PID:3028
- C:\Windows\System\UvjRudA.exe
  C:\Windows\System\UvjRudA.exe
  2⤵
  PID:7880
- C:\Windows\System\cgadsaJ.exe
  C:\Windows\System\cgadsaJ.exe
  2⤵
  PID:2252
- C:\Windows\System\urScofP.exe
  C:\Windows\System\urScofP.exe
  2⤵
  PID:7912
- C:\Windows\System\IBFpaGi.exe
  C:\Windows\System\IBFpaGi.exe
  2⤵
  PID:3008
- C:\Windows\System\vQdwKcR.exe
  C:\Windows\System\vQdwKcR.exe
  2⤵
  PID:2688
- C:\Windows\System\zLeOqtf.exe
  C:\Windows\System\zLeOqtf.exe
  2⤵
  PID:2620
- C:\Windows\System\YzoQlyS.exe
  C:\Windows\System\YzoQlyS.exe
  2⤵
  PID:704
- C:\Windows\System\hHBgZDv.exe
  C:\Windows\System\hHBgZDv.exe
  2⤵
  PID:2280
- C:\Windows\System\sCsTLSB.exe
  C:\Windows\System\sCsTLSB.exe
  2⤵
  PID:1404
- C:\Windows\System\wEcRfvq.exe
  C:\Windows\System\wEcRfvq.exe
  2⤵
  PID:7988
- C:\Windows\System\CFswdKp.exe
  C:\Windows\System\CFswdKp.exe
  2⤵
  PID:8056
- C:\Windows\System\cdyWcaY.exe
  C:\Windows\System\cdyWcaY.exe
  2⤵
  PID:2680
- C:\Windows\System\JUqIxuh.exe
  C:\Windows\System\JUqIxuh.exe
  2⤵
  PID:8040
- C:\Windows\System\WaWUPbD.exe
  C:\Windows\System\WaWUPbD.exe
  2⤵
  PID:2124
- C:\Windows\System\aYmUfBH.exe
  C:\Windows\System\aYmUfBH.exe
  2⤵
  PID:7460
- C:\Windows\System\RWFVmbB.exe
  C:\Windows\System\RWFVmbB.exe
  2⤵
  PID:7624
- C:\Windows\System\ecaoWqE.exe
  C:\Windows\System\ecaoWqE.exe
  2⤵
  PID:2652
- C:\Windows\System\pSgwqVn.exe
  C:\Windows\System\pSgwqVn.exe
  2⤵
  PID:2340
- C:\Windows\System\QgEISUN.exe
  C:\Windows\System\QgEISUN.exe
  2⤵
  PID:2292
- C:\Windows\System\jgsNWDD.exe
  C:\Windows\System\jgsNWDD.exe
  2⤵
  PID:2892
- C:\Windows\System\gFnScWm.exe
  C:\Windows\System\gFnScWm.exe
  2⤵
  PID:7968
- C:\Windows\System\pWSqNFq.exe
  C:\Windows\System\pWSqNFq.exe
  2⤵
  PID:7232
- C:\Windows\System\GDVQAmW.exe
  C:\Windows\System\GDVQAmW.exe
  2⤵
  PID:7828
- C:\Windows\System\nCWJNoY.exe
  C:\Windows\System\nCWJNoY.exe
  2⤵
  PID:7908
- C:\Windows\System\OmejdGf.exe
  C:\Windows\System\OmejdGf.exe
  2⤵
  PID:2812
- C:\Windows\System\DfrXogZ.exe
  C:\Windows\System\DfrXogZ.exe
  2⤵
  PID:8180
- C:\Windows\System\oHduETd.exe
  C:\Windows\System\oHduETd.exe
  2⤵
  PID:7640
- C:\Windows\System\MYpmBDL.exe
  C:\Windows\System\MYpmBDL.exe
  2⤵
  PID:7480
- C:\Windows\System\lVtkVDZ.exe
  C:\Windows\System\lVtkVDZ.exe
  2⤵
  PID:7348
- C:\Windows\System\hIZhzvA.exe
  C:\Windows\System\hIZhzvA.exe
  2⤵
  PID:572
- C:\Windows\System\MSXhbdK.exe
  C:\Windows\System\MSXhbdK.exe
  2⤵
  PID:8136
- C:\Windows\System\rGZEPGh.exe
  C:\Windows\System\rGZEPGh.exe
  2⤵
  PID:2716
- C:\Windows\System\ExeriRY.exe
  C:\Windows\System\ExeriRY.exe
  2⤵
  PID:8100
- C:\Windows\System\zUvcQkz.exe
  C:\Windows\System\zUvcQkz.exe
  2⤵
  PID:8072
- C:\Windows\System\eNIMibd.exe
  C:\Windows\System\eNIMibd.exe
  2⤵
  PID:2104
- C:\Windows\System\mMRsFow.exe
  C:\Windows\System\mMRsFow.exe
  2⤵
  PID:7216
- C:\Windows\System\vNBQlVI.exe
  C:\Windows\System\vNBQlVI.exe
  2⤵
  PID:7876
- C:\Windows\System\ciEsJxa.exe
  C:\Windows\System\ciEsJxa.exe
  2⤵
  PID:7512
- C:\Windows\System\ZkguOGd.exe
  C:\Windows\System\ZkguOGd.exe
  2⤵
  PID:1864
- C:\Windows\System\ghfxkqG.exe
  C:\Windows\System\ghfxkqG.exe
  2⤵
  PID:8208
- C:\Windows\System\FTahbVN.exe
  C:\Windows\System\FTahbVN.exe
  2⤵
  PID:8224
- C:\Windows\System\WmEeYHT.exe
  C:\Windows\System\WmEeYHT.exe
  2⤵
  PID:8240
- C:\Windows\System\hxWBPVB.exe
  C:\Windows\System\hxWBPVB.exe
  2⤵
  PID:8256
- C:\Windows\System\iPmlDba.exe
  C:\Windows\System\iPmlDba.exe
  2⤵
  PID:8272
- C:\Windows\System\OMCqbfP.exe
  C:\Windows\System\OMCqbfP.exe
  2⤵
  PID:8288
- C:\Windows\System\yiSQTON.exe
  C:\Windows\System\yiSQTON.exe
  2⤵
  PID:8304
- C:\Windows\System\zsZdbpV.exe
  C:\Windows\System\zsZdbpV.exe
  2⤵
  PID:8320
- C:\Windows\System\WNCgVOm.exe
  C:\Windows\System\WNCgVOm.exe
  2⤵
  PID:8336
- C:\Windows\System\nuBmVDq.exe
  C:\Windows\System\nuBmVDq.exe
  2⤵
  PID:8352
- C:\Windows\System\COBOHRD.exe
  C:\Windows\System\COBOHRD.exe
  2⤵
  PID:8368
- C:\Windows\System\hfTcfAk.exe
  C:\Windows\System\hfTcfAk.exe
  2⤵
  PID:8384
- C:\Windows\System\sRZWvUf.exe
  C:\Windows\System\sRZWvUf.exe
  2⤵
  PID:8400
- C:\Windows\System\qlUMhAI.exe
  C:\Windows\System\qlUMhAI.exe
  2⤵
  PID:8416
- C:\Windows\System\LaqCsox.exe
  C:\Windows\System\LaqCsox.exe
  2⤵
  PID:8432
- C:\Windows\System\vgXHPwY.exe
  C:\Windows\System\vgXHPwY.exe
  2⤵
  PID:8448
- C:\Windows\System\WSoJsLJ.exe
  C:\Windows\System\WSoJsLJ.exe
  2⤵
  PID:8464
- C:\Windows\System\EiCfJZS.exe
  C:\Windows\System\EiCfJZS.exe
  2⤵
  PID:8480
- C:\Windows\System\gbpJyss.exe
  C:\Windows\System\gbpJyss.exe
  2⤵
  PID:8496
- C:\Windows\System\QDmhdvd.exe
  C:\Windows\System\QDmhdvd.exe
  2⤵
  PID:8512
- C:\Windows\System\dZdcKhP.exe
  C:\Windows\System\dZdcKhP.exe
  2⤵
  PID:8528
- C:\Windows\System\GHNTzaz.exe
  C:\Windows\System\GHNTzaz.exe
  2⤵
  PID:8544
- C:\Windows\System\JpOLGBr.exe
  C:\Windows\System\JpOLGBr.exe
  2⤵
  PID:8560
- C:\Windows\System\zdcxsTw.exe
  C:\Windows\System\zdcxsTw.exe
  2⤵
  PID:8576
- C:\Windows\System\SmkGwcE.exe
  C:\Windows\System\SmkGwcE.exe
  2⤵
  PID:8592
- C:\Windows\System\hEomVZp.exe
  C:\Windows\System\hEomVZp.exe
  2⤵
  PID:8608
- C:\Windows\System\fERZnzO.exe
  C:\Windows\System\fERZnzO.exe
  2⤵
  PID:8624
- C:\Windows\System\qFecrCZ.exe
  C:\Windows\System\qFecrCZ.exe
  2⤵
  PID:8768
- C:\Windows\System\uRZJQnN.exe
  C:\Windows\System\uRZJQnN.exe
  2⤵
  PID:8784
- C:\Windows\System\MZAzwAJ.exe
  C:\Windows\System\MZAzwAJ.exe
  2⤵
  PID:8800
- C:\Windows\System\ZPjuUoQ.exe
  C:\Windows\System\ZPjuUoQ.exe
  2⤵
  PID:8816
- C:\Windows\System\qcinYNx.exe
  C:\Windows\System\qcinYNx.exe
  2⤵
  PID:8832
- C:\Windows\System\qisImEz.exe
  C:\Windows\System\qisImEz.exe
  2⤵
  PID:8852
- C:\Windows\System\syhBnCZ.exe
  C:\Windows\System\syhBnCZ.exe
  2⤵
  PID:8872
- C:\Windows\System\GiPttxp.exe
  C:\Windows\System\GiPttxp.exe
  2⤵
  PID:8888
- C:\Windows\System\jHOcIRG.exe
  C:\Windows\System\jHOcIRG.exe
  2⤵
  PID:8904
- C:\Windows\System\KlRZdlv.exe
  C:\Windows\System\KlRZdlv.exe
  2⤵
  PID:8920
- C:\Windows\System\FCmcpoT.exe
  C:\Windows\System\FCmcpoT.exe
  2⤵
  PID:8936
- C:\Windows\System\WxcheHL.exe
  C:\Windows\System\WxcheHL.exe
  2⤵
  PID:8952
- C:\Windows\System\PqbkIUm.exe
  C:\Windows\System\PqbkIUm.exe
  2⤵
  PID:8968
- C:\Windows\System\GJqIOmA.exe
  C:\Windows\System\GJqIOmA.exe
  2⤵
  PID:8984
- C:\Windows\System\eDjbung.exe
  C:\Windows\System\eDjbung.exe
  2⤵
  PID:9000
- C:\Windows\System\RISzkAi.exe
  C:\Windows\System\RISzkAi.exe
  2⤵
  PID:9016
- C:\Windows\System\waeyONX.exe
  C:\Windows\System\waeyONX.exe
  2⤵
  PID:9032
- C:\Windows\System\qEELQIk.exe
  C:\Windows\System\qEELQIk.exe
  2⤵
  PID:9048
- C:\Windows\System\rBaajJl.exe
  C:\Windows\System\rBaajJl.exe
  2⤵
  PID:9064
- C:\Windows\System\nGuLeMJ.exe
  C:\Windows\System\nGuLeMJ.exe
  2⤵
  PID:9080
- C:\Windows\System\WJsaTvw.exe
  C:\Windows\System\WJsaTvw.exe
  2⤵
  PID:9096
- C:\Windows\System\wKHudDZ.exe
  C:\Windows\System\wKHudDZ.exe
  2⤵
  PID:9112
- C:\Windows\System\NwdvogX.exe
  C:\Windows\System\NwdvogX.exe
  2⤵
  PID:9128
- C:\Windows\System\rknLidL.exe
  C:\Windows\System\rknLidL.exe
  2⤵
  PID:9144
- C:\Windows\System\dxEMMOF.exe
  C:\Windows\System\dxEMMOF.exe
  2⤵
  PID:9160
- C:\Windows\System\SgPRZab.exe
  C:\Windows\System\SgPRZab.exe
  2⤵
  PID:9176
- C:\Windows\System\sOGNrFK.exe
  C:\Windows\System\sOGNrFK.exe
  2⤵
  PID:9192
- C:\Windows\System\abbcCoN.exe
  C:\Windows\System\abbcCoN.exe
  2⤵
  PID:9208
- C:\Windows\System\CcPWYpT.exe
  C:\Windows\System\CcPWYpT.exe
  2⤵
  PID:8088
- C:\Windows\System\rMDUVNX.exe
  C:\Windows\System\rMDUVNX.exe
  2⤵
  PID:8016
- C:\Windows\System\wbJCJKZ.exe
  C:\Windows\System\wbJCJKZ.exe
  2⤵
  PID:8236
- C:\Windows\System\iZygcjK.exe
  C:\Windows\System\iZygcjK.exe
  2⤵
  PID:8296
- C:\Windows\System\MuOqTkF.exe
  C:\Windows\System\MuOqTkF.exe
  2⤵
  PID:8360
- C:\Windows\System\hWqJQvV.exe
  C:\Windows\System\hWqJQvV.exe
  2⤵
  PID:8424
- C:\Windows\System\OuzauqY.exe
  C:\Windows\System\OuzauqY.exe
  2⤵
  PID:8488
- C:\Windows\System\BTsQONv.exe
  C:\Windows\System\BTsQONv.exe
  2⤵
  PID:8552
- C:\Windows\System\qGSMAjd.exe
  C:\Windows\System\qGSMAjd.exe
  2⤵
  PID:2880
- C:\Windows\System\OPMKYgZ.exe
  C:\Windows\System\OPMKYgZ.exe
  2⤵
  PID:7360
- C:\Windows\System\xZJnNxv.exe
  C:\Windows\System\xZJnNxv.exe
  2⤵
  PID:7936
- C:\Windows\System\OQOzEtR.exe
  C:\Windows\System\OQOzEtR.exe
  2⤵
  PID:7700
- C:\Windows\System\utYOWuj.exe
  C:\Windows\System\utYOWuj.exe
  2⤵
  PID:6348
- C:\Windows\System\awovDTu.exe
  C:\Windows\System\awovDTu.exe
  2⤵
  PID:7200
- C:\Windows\System\aDeKIUp.exe
  C:\Windows\System\aDeKIUp.exe
  2⤵
  PID:1628
- C:\Windows\System\OfamQNG.exe
  C:\Windows\System\OfamQNG.exe
  2⤵
  PID:8248
- C:\Windows\System\ptzpCoz.exe
  C:\Windows\System\ptzpCoz.exe
  2⤵
  PID:8312
- C:\Windows\System\nhvvKXB.exe
  C:\Windows\System\nhvvKXB.exe
  2⤵
  PID:8376
- C:\Windows\System\BFWXlNH.exe
  C:\Windows\System\BFWXlNH.exe
  2⤵
  PID:8440
- C:\Windows\System\RNXRpmn.exe
  C:\Windows\System\RNXRpmn.exe
  2⤵
  PID:8504
- C:\Windows\System\asrImWN.exe
  C:\Windows\System\asrImWN.exe
  2⤵
  PID:8568
- C:\Windows\System\UHWMTwe.exe
  C:\Windows\System\UHWMTwe.exe
  2⤵
  PID:8584
- C:\Windows\System\bYCNWfe.exe
  C:\Windows\System\bYCNWfe.exe
  2⤵
  PID:8640
- C:\Windows\System\EayuIkb.exe
  C:\Windows\System\EayuIkb.exe
  2⤵
  PID:8668
- C:\Windows\System\mWdTKOD.exe
  C:\Windows\System\mWdTKOD.exe
  2⤵
  PID:8688
- C:\Windows\System\cRLMnek.exe
  C:\Windows\System\cRLMnek.exe
  2⤵
  PID:8704
- C:\Windows\System\TyDElDA.exe
  C:\Windows\System\TyDElDA.exe
  2⤵
  PID:8724
- C:\Windows\System\xkSGjxx.exe
  C:\Windows\System\xkSGjxx.exe
  2⤵
  PID:8736
- C:\Windows\System\LORKyoz.exe
  C:\Windows\System\LORKyoz.exe
  2⤵
  PID:8752
- C:\Windows\System\qYSDdVs.exe
  C:\Windows\System\qYSDdVs.exe
  2⤵
  PID:8808
- C:\Windows\System\NCxsZeV.exe
  C:\Windows\System\NCxsZeV.exe
  2⤵
  PID:8848
- C:\Windows\System\SbVzXBf.exe
  C:\Windows\System\SbVzXBf.exe
  2⤵
  PID:8916
- C:\Windows\System\uGJPjqk.exe
  C:\Windows\System\uGJPjqk.exe
  2⤵
  PID:8980
- C:\Windows\System\hBmeONr.exe
  C:\Windows\System\hBmeONr.exe
  2⤵
  PID:8860
- C:\Windows\System\MqiLQjP.exe
  C:\Windows\System\MqiLQjP.exe
  2⤵
  PID:8900
- C:\Windows\System\lrJdzcK.exe
  C:\Windows\System\lrJdzcK.exe
  2⤵
  PID:8792
- C:\Windows\System\SdRravk.exe
  C:\Windows\System\SdRravk.exe
  2⤵
  PID:8932
- C:\Windows\System\BhwQRNs.exe
  C:\Windows\System\BhwQRNs.exe
  2⤵
  PID:9040
- C:\Windows\System\tFMHTZE.exe
  C:\Windows\System\tFMHTZE.exe
  2⤵
  PID:9056
- C:\Windows\System\wlPAiGm.exe
  C:\Windows\System\wlPAiGm.exe
  2⤵
  PID:9088
- C:\Windows\System\hBTYybV.exe
  C:\Windows\System\hBTYybV.exe
  2⤵
  PID:9136
- C:\Windows\System\KLsHxqp.exe
  C:\Windows\System\KLsHxqp.exe
  2⤵
  PID:9200
- C:\Windows\System\xilLvNR.exe
  C:\Windows\System\xilLvNR.exe
  2⤵
  PID:9152
- C:\Windows\System\LgzwrjS.exe
  C:\Windows\System\LgzwrjS.exe
  2⤵
  PID:1076
- C:\Windows\System\YYwVHwd.exe
  C:\Windows\System\YYwVHwd.exe
  2⤵
  PID:2868
- C:\Windows\System\VqDPhyS.exe
  C:\Windows\System\VqDPhyS.exe
  2⤵
  PID:8396
- C:\Windows\System\dyRMvDC.exe
  C:\Windows\System\dyRMvDC.exe
  2⤵
  PID:1968
- C:\Windows\System\DkFEIuX.exe
  C:\Windows\System\DkFEIuX.exe
  2⤵
  PID:7812
- C:\Windows\System\VteVohS.exe
  C:\Windows\System\VteVohS.exe
  2⤵
  PID:8152
- C:\Windows\System\PtKQMFc.exe
  C:\Windows\System\PtKQMFc.exe
  2⤵
  PID:8344
- C:\Windows\System\HGSzWvR.exe
  C:\Windows\System\HGSzWvR.exe
  2⤵
  PID:6924
- C:\Windows\System\EgNybnn.exe
  C:\Windows\System\EgNybnn.exe
  2⤵
  PID:8600
- C:\Windows\System\nbwjYHX.exe
  C:\Windows\System\nbwjYHX.exe
  2⤵
  PID:8660
- C:\Windows\System\mRWGEvp.exe
  C:\Windows\System\mRWGEvp.exe
  2⤵
  PID:8732
- C:\Windows\System\igulmZO.exe
  C:\Windows\System\igulmZO.exe
  2⤵
  PID:8728
- C:\Windows\System\OSFGmpI.exe
  C:\Windows\System\OSFGmpI.exe
  2⤵
  PID:8284
- C:\Windows\System\XcBZROD.exe
  C:\Windows\System\XcBZROD.exe
  2⤵
  PID:8884
- C:\Windows\System\EvlPuir.exe
  C:\Windows\System\EvlPuir.exe
  2⤵
  PID:8744
- C:\Windows\System\xujNJSj.exe
  C:\Windows\System\xujNJSj.exe
  2⤵
  PID:8616
- C:\Windows\System\yoqqRCq.exe
  C:\Windows\System\yoqqRCq.exe
  2⤵
  PID:8976
- C:\Windows\System\odLxdhD.exe
  C:\Windows\System\odLxdhD.exe
  2⤵
  PID:8748
- C:\Windows\System\BrzvQSQ.exe
  C:\Windows\System\BrzvQSQ.exe
  2⤵
  PID:8896
- C:\Windows\System\WiLllFh.exe
  C:\Windows\System\WiLllFh.exe
  2⤵
  PID:9076
- C:\Windows\System\EfHsozP.exe
  C:\Windows\System\EfHsozP.exe
  2⤵
  PID:9012
- C:\Windows\System\mAWlYTp.exe
  C:\Windows\System\mAWlYTp.exe
  2⤵
  PID:8332
- C:\Windows\System\OYVoItj.exe
  C:\Windows\System\OYVoItj.exe
  2⤵
  PID:8216
- C:\Windows\System\WpLeXND.exe
  C:\Windows\System\WpLeXND.exe
  2⤵
  PID:8664
- C:\Windows\System\IhxUwHi.exe
  C:\Windows\System\IhxUwHi.exe
  2⤵
  PID:8680
- C:\Windows\System\xBUrJMY.exe
  C:\Windows\System\xBUrJMY.exe
  2⤵
  PID:8868
- C:\Windows\System\sxOAKZy.exe
  C:\Windows\System\sxOAKZy.exe
  2⤵
  PID:8472
- C:\Windows\System\paBKYLp.exe
  C:\Windows\System\paBKYLp.exe
  2⤵
  PID:8392
- C:\Windows\System\KAPpPdB.exe
  C:\Windows\System\KAPpPdB.exe
  2⤵
  PID:8996
- C:\Windows\System\XLtwRuN.exe
  C:\Windows\System\XLtwRuN.exe
  2⤵
  PID:9024
- C:\Windows\System\sACTlWC.exe
  C:\Windows\System\sACTlWC.exe
  2⤵
  PID:9232
- C:\Windows\System\PQeLWbN.exe
  C:\Windows\System\PQeLWbN.exe
  2⤵
  PID:9248
- C:\Windows\System\lNHQxnt.exe
  C:\Windows\System\lNHQxnt.exe
  2⤵
  PID:9264
- C:\Windows\System\KvOernn.exe
  C:\Windows\System\KvOernn.exe
  2⤵
  PID:9280
- C:\Windows\System\MxFfDyp.exe
  C:\Windows\System\MxFfDyp.exe
  2⤵
  PID:9296
- C:\Windows\System\FQVWChp.exe
  C:\Windows\System\FQVWChp.exe
  2⤵
  PID:9312
- C:\Windows\System\DhvCELk.exe
  C:\Windows\System\DhvCELk.exe
  2⤵
  PID:9328
- C:\Windows\System\wTLLPhQ.exe
  C:\Windows\System\wTLLPhQ.exe
  2⤵
  PID:9344
- C:\Windows\System\aHkOhdj.exe
  C:\Windows\System\aHkOhdj.exe
  2⤵
  PID:9360
- C:\Windows\System\xIYykfw.exe
  C:\Windows\System\xIYykfw.exe
  2⤵
  PID:9376
- C:\Windows\System\oWmPVct.exe
  C:\Windows\System\oWmPVct.exe
  2⤵
  PID:9392
- C:\Windows\System\zRriKMo.exe
  C:\Windows\System\zRriKMo.exe
  2⤵
  PID:9408
- C:\Windows\System\hKthFjh.exe
  C:\Windows\System\hKthFjh.exe
  2⤵
  PID:9424
- C:\Windows\System\TXQOwzK.exe
  C:\Windows\System\TXQOwzK.exe
  2⤵
  PID:9440
- C:\Windows\System\NqzXMri.exe
  C:\Windows\System\NqzXMri.exe
  2⤵
  PID:9456
- C:\Windows\System\qdBBYrd.exe
  C:\Windows\System\qdBBYrd.exe
  2⤵
  PID:9472
- C:\Windows\System\yizDWBG.exe
  C:\Windows\System\yizDWBG.exe
  2⤵
  PID:9488
- C:\Windows\System\kaFzQMX.exe
  C:\Windows\System\kaFzQMX.exe
  2⤵
  PID:9504
- C:\Windows\System\mLkGwDf.exe
  C:\Windows\System\mLkGwDf.exe
  2⤵
  PID:9520
- C:\Windows\System\awdLEWG.exe
  C:\Windows\System\awdLEWG.exe
  2⤵
  PID:9536
- C:\Windows\System\rxxXwnk.exe
  C:\Windows\System\rxxXwnk.exe
  2⤵
  PID:9556
- C:\Windows\System\HXmMkUR.exe
  C:\Windows\System\HXmMkUR.exe
  2⤵
  PID:9572
- C:\Windows\System\llOQuvD.exe
  C:\Windows\System\llOQuvD.exe
  2⤵
  PID:9588
- C:\Windows\System\qMprFoz.exe
  C:\Windows\System\qMprFoz.exe
  2⤵
  PID:9604
- C:\Windows\System\IDIKWsg.exe
  C:\Windows\System\IDIKWsg.exe
  2⤵
  PID:9620
- C:\Windows\System\cULLiUJ.exe
  C:\Windows\System\cULLiUJ.exe
  2⤵
  PID:9636
- C:\Windows\System\isAgcyT.exe
  C:\Windows\System\isAgcyT.exe
  2⤵
  PID:9652
- C:\Windows\System\gMthbwZ.exe
  C:\Windows\System\gMthbwZ.exe
  2⤵
  PID:9668
- C:\Windows\System\miobZLz.exe
  C:\Windows\System\miobZLz.exe
  2⤵
  PID:9684
- C:\Windows\System\BwwlAWg.exe
  C:\Windows\System\BwwlAWg.exe
  2⤵
  PID:9700
- C:\Windows\System\YeZIeWQ.exe
  C:\Windows\System\YeZIeWQ.exe
  2⤵
  PID:9716
- C:\Windows\System\NThTWfs.exe
  C:\Windows\System\NThTWfs.exe
  2⤵
  PID:9732
- C:\Windows\System\OrTpwxt.exe
  C:\Windows\System\OrTpwxt.exe
  2⤵
  PID:9748
- C:\Windows\System\vDHACit.exe
  C:\Windows\System\vDHACit.exe
  2⤵
  PID:9764
- C:\Windows\System\QIOuTih.exe
  C:\Windows\System\QIOuTih.exe
  2⤵
  PID:9780
- C:\Windows\System\fLDhIAG.exe
  C:\Windows\System\fLDhIAG.exe
  2⤵
  PID:9796
- C:\Windows\System\NvOhwSe.exe
  C:\Windows\System\NvOhwSe.exe
  2⤵
  PID:9812
- C:\Windows\System\rlJYdbM.exe
  C:\Windows\System\rlJYdbM.exe
  2⤵
  PID:9828
- C:\Windows\System\gVAJerL.exe
  C:\Windows\System\gVAJerL.exe
  2⤵
  PID:9844
- C:\Windows\System\lxHwLyp.exe
  C:\Windows\System\lxHwLyp.exe
  2⤵
  PID:9860
- C:\Windows\System\ylXOvuH.exe
  C:\Windows\System\ylXOvuH.exe
  2⤵
  PID:9876
- C:\Windows\System\qNMdgVm.exe
  C:\Windows\System\qNMdgVm.exe
  2⤵
  PID:9892
- C:\Windows\System\Sjfokbi.exe
  C:\Windows\System\Sjfokbi.exe
  2⤵
  PID:9908
- C:\Windows\System\CGeHKFR.exe
  C:\Windows\System\CGeHKFR.exe
  2⤵
  PID:9924
- C:\Windows\System\UWmYIxu.exe
  C:\Windows\System\UWmYIxu.exe
  2⤵
  PID:9940
- C:\Windows\System\ndCLHGJ.exe
  C:\Windows\System\ndCLHGJ.exe
  2⤵
  PID:9956
- C:\Windows\System\WjNqZdf.exe
  C:\Windows\System\WjNqZdf.exe
  2⤵
  PID:9972
- C:\Windows\System\ajhSTkO.exe
  C:\Windows\System\ajhSTkO.exe
  2⤵
  PID:9988
- C:\Windows\System\HUSMExY.exe
  C:\Windows\System\HUSMExY.exe
  2⤵
  PID:10004
- C:\Windows\System\iBadOer.exe
  C:\Windows\System\iBadOer.exe
  2⤵
  PID:10020
- C:\Windows\System\VDSkYco.exe
  C:\Windows\System\VDSkYco.exe
  2⤵
  PID:10036
- C:\Windows\System\OpuerJU.exe
  C:\Windows\System\OpuerJU.exe
  2⤵
  PID:10052
- C:\Windows\System\lkpiWWZ.exe
  C:\Windows\System\lkpiWWZ.exe
  2⤵
  PID:10068
- C:\Windows\System\DVHmdom.exe
  C:\Windows\System\DVHmdom.exe
  2⤵
  PID:10084
- C:\Windows\System\PjOKhJx.exe
  C:\Windows\System\PjOKhJx.exe
  2⤵
  PID:10100
- C:\Windows\System\bsuFMsy.exe
  C:\Windows\System\bsuFMsy.exe
  2⤵
  PID:10116
- C:\Windows\System\gIbEIRB.exe
  C:\Windows\System\gIbEIRB.exe
  2⤵
  PID:10132
- C:\Windows\System\QgPpBbJ.exe
  C:\Windows\System\QgPpBbJ.exe
  2⤵
  PID:10148
- C:\Windows\System\dEdvmfp.exe
  C:\Windows\System\dEdvmfp.exe
  2⤵
  PID:10164
- C:\Windows\System\pACjoSQ.exe
  C:\Windows\System\pACjoSQ.exe
  2⤵
  PID:10180
- C:\Windows\System\BwnBwOw.exe
  C:\Windows\System\BwnBwOw.exe
  2⤵
  PID:10196
- C:\Windows\System\WwHXDoJ.exe
  C:\Windows\System\WwHXDoJ.exe
  2⤵
  PID:10212
- C:\Windows\System\AHQDnfj.exe
  C:\Windows\System\AHQDnfj.exe
  2⤵
  PID:10232
- C:\Windows\System\iFPNBjs.exe
  C:\Windows\System\iFPNBjs.exe
  2⤵
  PID:9104
- C:\Windows\System\cHIfXFV.exe
  C:\Windows\System\cHIfXFV.exe
  2⤵
  PID:8264
- C:\Windows\System\JLxgzcs.exe
  C:\Windows\System\JLxgzcs.exe
  2⤵
  PID:8712
- C:\Windows\System\vUtYDmb.exe
  C:\Windows\System\vUtYDmb.exe
  2⤵
  PID:9228
- C:\Windows\System\NYFlYRB.exe
  C:\Windows\System\NYFlYRB.exe
  2⤵
  PID:9292
- C:\Windows\System\zWXlZPt.exe
  C:\Windows\System\zWXlZPt.exe
  2⤵
  PID:8828
- C:\Windows\System\vlRVMTQ.exe
  C:\Windows\System\vlRVMTQ.exe
  2⤵
  PID:9324
- C:\Windows\System\ujfQPjn.exe
  C:\Windows\System\ujfQPjn.exe
  2⤵
  PID:9352
- C:\Windows\System\wlBDkce.exe
  C:\Windows\System\wlBDkce.exe
  2⤵
  PID:9420
- C:\Windows\System\tohRMMX.exe
  C:\Windows\System\tohRMMX.exe
  2⤵
  PID:9240
- C:\Windows\System\OQpPeql.exe
  C:\Windows\System\OQpPeql.exe
  2⤵
  PID:9340
- C:\Windows\System\GfAdWSB.exe
  C:\Windows\System\GfAdWSB.exe
  2⤵
  PID:8220
- C:\Windows\System\LDnhoKt.exe
  C:\Windows\System\LDnhoKt.exe
  2⤵
  PID:9028
- C:\Windows\System\rRiTeEp.exe
  C:\Windows\System\rRiTeEp.exe
  2⤵
  PID:9512
- C:\Windows\System\erGyDUQ.exe
  C:\Windows\System\erGyDUQ.exe
  2⤵
  PID:9272
- C:\Windows\System\gcTuTll.exe
  C:\Windows\System\gcTuTll.exe
  2⤵
  PID:9400
- C:\Windows\System\DxsBlaA.exe
  C:\Windows\System\DxsBlaA.exe
  2⤵
  PID:9532
- C:\Windows\System\uentmpV.exe
  C:\Windows\System\uentmpV.exe
  2⤵
  PID:9580
- C:\Windows\System\dwiQHkN.exe
  C:\Windows\System\dwiQHkN.exe
  2⤵
  PID:9584
- C:\Windows\System\OFlrmRk.exe
  C:\Windows\System\OFlrmRk.exe
  2⤵
  PID:9644
- C:\Windows\System\AcsQukc.exe
  C:\Windows\System\AcsQukc.exe
  2⤵
  PID:9680
- C:\Windows\System\aNSlxcN.exe
  C:\Windows\System\aNSlxcN.exe
  2⤵
  PID:9712
- C:\Windows\System\TbjdQuX.exe
  C:\Windows\System\TbjdQuX.exe
  2⤵
  PID:9808
- C:\Windows\System\QnSHtsb.exe
  C:\Windows\System\QnSHtsb.exe
  2⤵
  PID:9872
- C:\Windows\System\sOiwdgb.exe
  C:\Windows\System\sOiwdgb.exe
  2⤵
  PID:9932
- C:\Windows\System\CXaaXuE.exe
  C:\Windows\System\CXaaXuE.exe
  2⤵
  PID:9728
- C:\Windows\System\lErgHLn.exe
  C:\Windows\System\lErgHLn.exe
  2⤵
  PID:9884
- C:\Windows\System\TMMTTlj.exe
  C:\Windows\System\TMMTTlj.exe
  2⤵
  PID:9916
- C:\Windows\System\OVRUIqN.exe
  C:\Windows\System\OVRUIqN.exe
  2⤵
  PID:9788
- C:\Windows\System\LIXJIbv.exe
  C:\Windows\System\LIXJIbv.exe
  2⤵
  PID:9852
- C:\Windows\System\YuUEVgb.exe
  C:\Windows\System\YuUEVgb.exe
  2⤵
  PID:9952
- C:\Windows\System\ZJRidWO.exe
  C:\Windows\System\ZJRidWO.exe
  2⤵
  PID:10032
- C:\Windows\System\TSKPySE.exe
  C:\Windows\System\TSKPySE.exe
  2⤵
  PID:10016
- C:\Windows\System\gxvwBQL.exe
  C:\Windows\System\gxvwBQL.exe
  2⤵
  PID:10092
- C:\Windows\System\mQzyYqN.exe
  C:\Windows\System\mQzyYqN.exe
  2⤵
  PID:10124
- C:\Windows\System\XuGtDRG.exe
  C:\Windows\System\XuGtDRG.exe
  2⤵
  PID:10156
- C:\Windows\System\ihdYOIZ.exe
  C:\Windows\System\ihdYOIZ.exe
  2⤵
  PID:10224
- C:\Windows\System\ehsCSJK.exe
  C:\Windows\System\ehsCSJK.exe
  2⤵
  PID:9124
- C:\Windows\System\FztjELD.exe
  C:\Windows\System\FztjELD.exe
  2⤵
  PID:10112
- C:\Windows\System\DBxvCDf.exe
  C:\Windows\System\DBxvCDf.exe
  2⤵
  PID:9260
- C:\Windows\System\eKHFaBV.exe
  C:\Windows\System\eKHFaBV.exe
  2⤵
  PID:2824
- C:\Windows\System\IHsNQvH.exe
  C:\Windows\System\IHsNQvH.exe
  2⤵
  PID:8776
- C:\Windows\System\BOjpmiL.exe
  C:\Windows\System\BOjpmiL.exe
  2⤵
  PID:9072
- C:\Windows\System\fZNStMf.exe
  C:\Windows\System\fZNStMf.exe
  2⤵
  PID:1972
- C:\Windows\System\XcsvOkd.exe
  C:\Windows\System\XcsvOkd.exe
  2⤵
  PID:9172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Bvnwggv.exe

Filesize
6.0MB

MD5
3874e85509cc21983e4af753ce1d9d6b

SHA1
b82dfe7834bd39b3dd6b764c1371938067fdd5aa

SHA256
e1c851874c3e20d02a751fc9e06826125bcee80a23d16913adb2f28d0d07f108

SHA512
9d2f985560202dc8d05ea1b520f8af080835f276523e049d78527b5a2f31d64acd57787771fb0dbac896bebb302ce84ff14ec09978a3c1503834b23812fac04b

Download Submit
C:\Windows\system\EuXBwhE.exe

Filesize
6.0MB

MD5
239df6cab7f3ca1891610db842835041

SHA1
89f215da0b980f21c5d22d8a6e6cd038d608578b

SHA256
7fc7cdf77db2beb14880bc1c12333d8125429410809fb0fcd717c65a7d53b43e

SHA512
cda0e11b599a60b801018df306297e8086df63c6c63884e72ebe342eeaa302157ca3b5826f792d07b1ee357e3894c1e72bf5d98fb3de83132b6a365ed7687642

Download Submit
C:\Windows\system\GEVoBqI.exe

Filesize
6.0MB

MD5
7550b198bd7597c64b52a3d5b9ba7155

SHA1
2375676396dee4c00192b2e719755d288caec966

SHA256
c5e13773258c6011e02a1d83a1c0b6a95e5f847624b51d72724bb3b3f4fb87b1

SHA512
7dd548339cc3aec99f85c339c9699a52849d64bfca9a66a043be10b1f8fb001cbf07b15185324d1a30b35be329603d20fba6dec3386c984fb7a2eb0a9c69644b

Download Submit
C:\Windows\system\IsMGjZb.exe

Filesize
6.0MB

MD5
3c02168d54cae7f39be09be14103f3ed

SHA1
f077b47692eca71aeba0dae9a582744a980233fd

SHA256
83eee930f0bbc2c478d2ef1460ae0fffb748166407d6840c80a2639887b8e956

SHA512
5d098f0e1baf23573b05eb1db3907f42afe32a887b8c93d8de918aba289c3a226164d806cb704e419b12edddd3df81132e0845d9bd3943bca852ba0937257745

Download Submit
C:\Windows\system\KLACtMC.exe

Filesize
6.0MB

MD5
d92e496f8f9aab4deb82c5cf6d25b8f3

SHA1
e9b2c11eac30ed54d3525e1b322a4037d833b48b

SHA256
f6b40d9d90a3d40d35ca46fe26ffe8b26e593d6a0bcc79e85b0c9b88141499b3

SHA512
0e95f2ae3ab94d1c130e0efaa6a8d20130d37669a1e07775957e522918b90ee96872f282819ffe3b9231b4feeb315e6e9a59cfca1cba4f0c0dbdd7159b96820d

Download Submit
C:\Windows\system\MvGcviw.exe

Filesize
6.0MB

MD5
df8bd42a6804dfae7f487ba9612d0655

SHA1
c8dcdcabddb3284af39f96f489878d3025b5e610

SHA256
62a47d4ed4974e4d685032c02df439dae13148589a637fa6af01c69d613223eb

SHA512
afc87c42d54e9e0fb9653990d74f6e3197d7bc062629cc53662f492cd2d79acb79c85aa57266592c9ad20d7255c94cae2fcfa811527468153b3777858c96a8af

Download Submit
C:\Windows\system\OlurmoL.exe

Filesize
6.0MB

MD5
319fa5e56d50f824215753ee51e2c774

SHA1
f23ee2c0222428b568c5fbdc72f3db3b631fb8b6

SHA256
040857171b634ce35f1894689f3b6e0a9397ac0d3eb1856126a0b0cab0762166

SHA512
d5a02e4461b37a86a67cf9bddf505eb7c8fc5c986a242087eaa253e710ac5a3d1f501aab123378f72bf5bc7d17f5e2b42077e675de9f1f0b5f8297e8a9112682

Download Submit
C:\Windows\system\PSQZCYp.exe

Filesize
6.0MB

MD5
d5182cc39a5ba61daaba8098b4a226b2

SHA1
762f184ead07ef08eb928ef08d72d40f44a37873

SHA256
69667199f6f823aea4b5677b63e1dfa1ea8dd2cdd6151727b73c8a13e5a927eb

SHA512
d5fe4ffcb4ed87f0d1f1b4aae8a79e052b6a8d88033a65830cc41e8f8cdaae289157211934b15f3ac016fb92531728c7cb81037228d0e40913a617d28f46796e

Download Submit
C:\Windows\system\RtreCmt.exe

Filesize
6.0MB

MD5
750077e9a5a89d59ad52d6ca64bbae44

SHA1
269e356b0e904798123c76e1234af18416885f4f

SHA256
86a2dafba5130b0938affc417d534c4faa9f89e91c413774beade328b42e1523

SHA512
c39a7ddbdc13d9c58a71bd4106ff6dea82a4ea6185d916656012f0fd152ca11440cb253750a8595fd33dea2e892b955ff2ef36a467a88ac65970aef4f70832de

Download Submit
C:\Windows\system\VaPdkxu.exe

Filesize
6.0MB

MD5
60b7d2c302a5b8fb1675e9fe4104d4f1

SHA1
9cb0d80d7fc9ad9840dec08d0c07d743188ddfa7

SHA256
465b5533b38648cfdbfd682a1a892fa71791cf27738cadcc15eb3733506bead0

SHA512
e1c2d41f61675d0080c681319a2e062446a6d37bac864fe53913d0977514116d560ec1f8c9622214692570492c824a6a8e9d6ccbe58df1f6f48aa9481aaad7fa

Download Submit
C:\Windows\system\WLnhAkW.exe

Filesize
6.0MB

MD5
4ea933742ef54ab107318a19f226bc88

SHA1
51e5f1abb5b2519ad241f831ae346561ae557c7f

SHA256
f004c8aa47e2d2d7e9e85f10eb8c33378d50319e7418045233beef23cfa36801

SHA512
1e2526539afe776741d83bf667ce615d4dbffb0c4fc80380e8aa03e392186e43203ca3fc176b26d32ed6e2b9fb5353ccfbd1c0ce0a8db204b89854a981d1070a

Download Submit
C:\Windows\system\YJiSErr.exe

Filesize
6.0MB

MD5
68b33fb3cc23f2e027f0545f3be740d8

SHA1
3938eaaf860b3375c7c1c6f37d3df14d655c8a03

SHA256
17e40e6df5c5c7d60c5193146191c98b6f85413bb2f91be61aa48d910987e065

SHA512
2af6dfed8f18ae85c1e26a3f11c09d09c4d179511ae40fa54981f1fe270409c302ebf47221aabb66ea67034e6ee446dbafdcf014ccd14fd9b90edd692959e8b5

Download Submit
C:\Windows\system\ZwbINYg.exe

Filesize
6.0MB

MD5
68c8676b3369b7b87f5c22b7b7225a84

SHA1
ce93a8e4a42877a8793904c2cbaf2fd38bb8e9d2

SHA256
6dbcf588547e37d51e595fb1903a314975fb920755d7b5884fef894d5be3e2c2

SHA512
6460c5f57b13e0668c0263f0df21b7fe6fd5708d160c8d8abf7f315865a8f75f3da263108ec6f7c3f98000e6168eaca2f8d76b758ca7dbf2953f1ffa1dab0b28

Download Submit
C:\Windows\system\clJVZve.exe

Filesize
6.0MB

MD5
4b6c62358070fd3f7f175bb718fe1c24

SHA1
bf70d543259184866b95d0bc9a0054509c4a648e

SHA256
2e1b4fa7936513b911bc87c7c6a31893177e11d512fa61017b942639c16f66bf

SHA512
bedeafc7abd93859be555ce70b39c5a6eed7a6fda814af80c5ccad5c9cf071155a381c249decd5fdd61153d36f554a5ef4b1a742795bc2a78ceb6b3f254233bf

Download Submit
C:\Windows\system\eDUGEif.exe

Filesize
6.0MB

MD5
58db74b51fd9fdc31dac9d637c5a2446

SHA1
2ad1512d228cc272744ee987a9ba1a6ddf7f1cdd

SHA256
3ad938075f2add056c1e6fabf3fb3b4a9443067fa35448d972d822fef5a99657

SHA512
95cd5cfe2510ef76b670462ab621ff36053f28d3ee87c1bdb68305955ac9968e91366d5fce00cb0b1397e7a4df67cf8f8d7961dd466e7eeabe8b53e6654a0ec3

Download Submit
C:\Windows\system\fDYvmPa.exe

Filesize
6.0MB

MD5
883864b62cfd66f86756ec156b80fa1f

SHA1
1bb3018bd0fc4c4dba145d52a2466ab9d493b17a

SHA256
0e482c2806a0f178a4cbbcfc01e008c87df240de5653a427f63b8f7c95d9c50f

SHA512
830135563e6910f4c2dd9f6e6430db9117fd9e81c9976374bf835d221fa1207f2460952b06f13477bb2374cd2dc36057c92a81478dc428c20d7d842135874073

Download Submit
C:\Windows\system\fXNsgrI.exe

Filesize
6.0MB

MD5
82abbc771183afe0629471dab7e0bbf3

SHA1
3b711030c163b958a716eed3078f3399e1afcd13

SHA256
10264a9b7297993e5e3acfa9c90dc8562ba3570e0b2494ecec6e4aeb90c04b4c

SHA512
b87163372d223d7039f7512358aaff78b329db5bbfd33baa726fa48e8f6ba134f27ad5e0312785bd8aa790a7e288ca86a5caccbf3efed6ba8d5d0c8949706681

Download Submit
C:\Windows\system\gwYnRPq.exe

Filesize
6.0MB

MD5
f089f80a8b6e6fcb42967e40cda73260

SHA1
0080b3f6d2b23c5ce37c5e624b48a6755bd5b9b1

SHA256
e12f73944fb8297d57fd5084dae10583f5a9332ff0d3cd4df910418873de2c04

SHA512
45b49a437d1bbbaf63408e1ca8e39b42876140d41f96624a2724726039cfaea4ec2289da46723a8f6dd6a3d9bf625974d28015a64009687ad20f2e8eb622f800

Download Submit
C:\Windows\system\kVdpGtJ.exe

Filesize
6.0MB

MD5
40bae6504afa2cd39d0b5f0365e096ba

SHA1
ec9f312e59b686f310a7523517ff268298f8d115

SHA256
416d44dd291d6b1abac92440c274ccfb159948cd9af1af655aef7801960a32e1

SHA512
af29f0632b024e3f6911fbff72eefc4f88bfbeb6692a65d1ecb89257ec3580c261e429318d25f46402801acf765a180b6efe8a8aab7016aaf52f8316e0d91a3d

Download Submit
C:\Windows\system\krnsyuf.exe

Filesize
6.0MB

MD5
a5cbd8225d9a45aa49012bc6e62cc9d1

SHA1
1579d3262a18eb30429dca9abead6a41e19649f2

SHA256
0dad6784491082038147da6672ee5457c13bebb5933d419e648e75f03b8f4c49

SHA512
1bc428395dd47bc9058a45892b04b9917c610a1ee441870041c6fdfe4cb8121ddfe6336694ef1875d6c30601d171a6e80c73c584bc1f97910f86b956b3c30fe0

Download Submit
C:\Windows\system\neHyVNO.exe

Filesize
6.0MB

MD5
1805370a293c65b205326ecee5d22b2c

SHA1
e939ee3349c240a69662f1f9818724b7ebd4dd01

SHA256
2f0f301318751e708bb79e9e40e9f90245e5baddec2793f4c042db62899d8e83

SHA512
8908a62ea8a0c0eb947a4745587c1e3cd289d2a540036d92fc2cd6875a92d881d0fe5398c7795d57fbf3295b8f895cc4c52f18b7bd4f544f97bb6b8e66e578f5

Download Submit
C:\Windows\system\oQCxYDg.exe

Filesize
6.0MB

MD5
e82b3b546d78ecf377f395d96f065986

SHA1
8e4a11595ad92bfe2a8c8dda959ab2799cbce33d

SHA256
4d939ba12342bd4bc0c019b94a99bbb83f24488c69a38057269204422854a8ec

SHA512
3244e7eb106ce1605f4d5905a94a641a8c536a22dc0a490623298453bc503c2e9585d37b7096203a61a4efeffab5aa0134ce642c2551a3cebf9c91743c0de3c1

Download Submit
C:\Windows\system\onFySVd.exe

Filesize
6.0MB

MD5
9c15afc981aa635cc803eec8a0eeda10

SHA1
8d5a675ad88c8600454f1067a074760f5ec40ff8

SHA256
0468afa92395901a1ef5d2f37740c1496b8c14f2f7a02aef17e94cda2a575a0f

SHA512
8cfc58b7334c3708d1992356d8a39290cde6386f2f768a8ac47e37f49aefee1f6b67eda078fa09fc9d77a1e21a1f3def66174d77fd9dbc57224882a4cd17aada

Download Submit
C:\Windows\system\pOXaorz.exe

Filesize
6.0MB

MD5
2552d2774ccfbc440b4f34901318832d

SHA1
ba9caa7c95af32899b197ef4da41e7dc543bec4e

SHA256
05de68c9a2b2b9f412fefbbb9f29f65fb557b4bfea38dd8b6b39fe479fb8733d

SHA512
188fae46d4d872dcbe61bafd9227a3eed3e3187fc454e54381629080a189f4480c8d1c5c585b9d9d15b2bcc11f93d07fe8903d2363a04f81b8c66e35f0e4a840

Download Submit
C:\Windows\system\qbcpgws.exe

Filesize
6.0MB

MD5
ad97ff2cc46591f07c775646fa3e26b9

SHA1
3726cc2df9a94954a28d8378415f888851dfeec6

SHA256
a5c6a3741aa279d9c968e60e2dd8968f37335660070f285d7dd0af3fa33800d9

SHA512
d58deb3ead5bd1284dba7b7bedf790200792b7bbcb50f9427e391c1628051bb9539d785c9bbf4966939c8e8aceda7e1a11ec1d7184471062fdfadaf671106b4d

Download Submit
C:\Windows\system\rOsKkHJ.exe

Filesize
6.0MB

MD5
0d4df0d25a036e57821d2e95a0f241f5

SHA1
805b601cf25913141f3ae1bb996d673647001270

SHA256
8e224a4c7612f686313bbb2424f1c2ce0edb6eab73b10e955fb76aa4b8b39b7f

SHA512
3f53eee85aa8c27e996012acfba2b544aa6877f83b094665a9ce693a0027dfdc8d7f96d0be422aee4b8f7d1e2e8853649d98ff103e0efe5f1dc68a942d6e89b6

Download Submit
C:\Windows\system\vDDrKwA.exe

Filesize
6.0MB

MD5
58bd525e9b14843e6b470f0551bd1561

SHA1
5666c015d9c809588633196f34b832f1d3a55df9

SHA256
c8f647640a690467d6d645d3f93d818f531a091b941b0114263800ce6940c473

SHA512
5a7a235646495dd57608ae6869195c6c5c17c2b9394460c92c4797623be49c0731e6713695e5bd2c42e67a8ed4fc6986f856af7c529b7ac4ab0cad8b9bc28e60

Download Submit
C:\Windows\system\xTjNpcI.exe

Filesize
6.0MB

MD5
7589a433b9ab23275b3462ccf82b8bc7

SHA1
08152bb55a9512b5c348ceb44403f7e3243a45c1

SHA256
add797c6ed71e54929f9a35a19bb1106cf4eca6823d2b4e24a6e797a7e5fa1c9

SHA512
dddf93694dbcf0a2d1686ad650949ad62038727b4890102a72a6349958d010ce1c590cc78a894d85f4a49d2bfed10e3a19599987730e42cfe4f6c44b26452330

Download Submit
C:\Windows\system\xzmghhm.exe

Filesize
6.0MB

MD5
ea5d0653309c3de42de5dc2296e6bda6

SHA1
db14bd446499d165dfa68d7c4f4d27ee83fa4608

SHA256
5b357afd4b11a8889944915184f5676b6d4b8441f9eab71c1d746de060256ebd

SHA512
99d3bcba9655087ed2a6164c08cf802327fc1648355fbcbe6251f42c3d4eb66373c0874e8b80b5ff34ac61c622f7120031bdea461b93d6d7072bf0ad93a1d64f

Download Submit
C:\Windows\system\zhEjJrM.exe

Filesize
6.0MB

MD5
d34e443ded36cd3736178e9bcfe6bdfc

SHA1
ddd06338acc0076b277f57e7401a6730065de45f

SHA256
b9cc842dd5bfca9285cc96d31b9dcec7bcf3f5ee39314001c1ba0d075a1b2680

SHA512
caa24cb7e6e9aabe44af0f4c350bf753aa1de98f8d16254d9fcf6c676fd77776acc52e59938b043e7923386a8dd8361f25305779878e5509ac0ca229702654b6

Download Submit
\Windows\system\LOMJfwf.exe

Filesize
6.0MB

MD5
758ba5322badeda703822e30e5ae2d79

SHA1
42b2c12132c2378b3248cedf1e5033f5b367155f

SHA256
9a5afa14c5c7cc33c58c86a217c1dc11dd561748f0b0c9f156c5011c7aae73be

SHA512
672e23e57c3a9772b622cc0515c762a28a0cca84b3171cb3cb2ec01a9cb5704b1f984ca2950a9a87856a75a156542316620a393afbafca7842742824d0066ba7

Download Submit
\Windows\system\elFPHeN.exe

Filesize
6.0MB

MD5
fec4a662aa2736e9ca87d58972341127

SHA1
2e2d888665ac0c1e48fd58fdd848a811e2e80540

SHA256
b949c41e636db7d75e496afa21b83f23c786e65c920dfde64b2d676b1b0e0bdc

SHA512
bbc433b3b83927365d69fedeebf97a491dc72849edd10ada553fd5747373c4c5a2a93873d5116df2a0a2ff32bbf17d933011febc27c11650a39c3fd33e8e3408

Download Submit
memory/584-4650-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/584-4644-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/588-4638-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/588-4648-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1724-4643-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-10-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-4636-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-4637-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-4647-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-4639-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-4640-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-4642-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-4546-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2176-4645-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2176-4646-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2460-4481-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-4641-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-4649-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-4596-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4570-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2904-4506-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download