cobaltstrike | 8a84f10f3876273252e7fad77aa8ee1311cc64a009abb96ee5af3c9f2f0ae128

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
14/12/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2f265fed55e66116dd61c3cc898a0838
SHA1

37c9098145296911c0dd2648185b2b51c427e616
SHA256

8a84f10f3876273252e7fad77aa8ee1311cc64a009abb96ee5af3c9f2f0ae128
SHA512

b59b5cd720ecbbc28c112ed93e1f827a82add6010a56112b5e068c4388e0e2826bb07c5a32c633128e580a06ea8ca31dd1cd3da05834adea06372230286029f6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019394-17.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019326-14.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a0-25.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193b8-38.dat	cobalt_reflective_dll
behavioral1/files/0x0026000000018b89-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019470-56.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019489-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-203.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-84.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019480-67.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1656-0-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-3.dat	xmrig
behavioral1/memory/2920-10-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019394-17.dat	xmrig
behavioral1/memory/2756-16-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0008000000019326-14.dat	xmrig
behavioral1/memory/2912-22-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/1656-24-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x00060000000193a0-25.dat	xmrig
behavioral1/memory/2920-31-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2880-33-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x00060000000193b8-38.dat	xmrig
behavioral1/files/0x0026000000018b89-34.dat	xmrig
behavioral1/memory/3044-45-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2912-47-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2960-48-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0006000000019470-56.dat	xmrig
behavioral1/memory/2684-61-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/1656-50-0x0000000002450000-0x00000000027A4000-memory.dmp	xmrig
behavioral1/files/0x00060000000193c7-53.dat	xmrig
behavioral1/memory/2712-54-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019489-75.dat	xmrig
behavioral1/memory/1580-76-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2712-92-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2448-93-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2492-107-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/924-101-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x000500000001a309-116.dat	xmrig
behavioral1/files/0x000500000001a3f8-130.dat	xmrig
behavioral1/files/0x000500000001a404-145.dat	xmrig
behavioral1/files/0x000500000001a438-150.dat	xmrig
behavioral1/files/0x000500000001a46f-197.dat	xmrig
behavioral1/memory/2448-303-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2872-480-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2756-641-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2912-642-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2448-915-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2872-935-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/924-925-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2920-957-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/580-905-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1580-889-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2492-879-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2960-867-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2684-865-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2712-861-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/3044-845-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2880-807-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/924-387-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/580-223-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a471-203.dat	xmrig
behavioral1/files/0x000500000001a46d-193.dat	xmrig
behavioral1/files/0x000500000001a46b-187.dat	xmrig
behavioral1/files/0x000500000001a469-183.dat	xmrig
behavioral1/memory/1656-179-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a463-176.dat	xmrig
behavioral1/files/0x000500000001a459-171.dat	xmrig
behavioral1/files/0x000500000001a457-166.dat	xmrig
behavioral1/files/0x000500000001a44f-161.dat	xmrig
behavioral1/files/0x000500000001a44d-157.dat	xmrig
behavioral1/memory/1580-147-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x000500000001a400-140.dat	xmrig
behavioral1/files/0x000500000001a3fd-135.dat	xmrig
behavioral1/files/0x000500000001a3f6-125.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2920	MlnoCCp.exe
2756	NVPjpSb.exe
2912	dRUXmfO.exe
2880	qRbhYKo.exe
3044	pyoSwdl.exe
2960	vxsBEsM.exe
2712	PkeJlqt.exe
2684	ohEZZVr.exe
2492	zRTYGkh.exe
1580	aMqdpYY.exe
580	MdUxRXQ.exe
2448	OyHOaoB.exe
924	rxrViiP.exe
2872	MYiYWpA.exe
2652	IuNFuVJ.exe
3008	BuXzYCx.exe
2072	BxRGKQp.exe
3012	ZWjiqld.exe
1664	yAHhuHo.exe
2368	BFrvtQg.exe
2276	KBCMwYE.exe
1372	crQFhGh.exe
1528	ZVipyZH.exe
2112	DrxKgrU.exe
2384	evwOqgz.exe
2224	WLNywxU.exe
1876	gvGFAAS.exe
2504	MaGejnw.exe
1952	zTaXNXC.exe
1056	unowDvA.exe
2096	SZFxzqt.exe
928	IbObPcr.exe
2564	VKaChtH.exe
2624	BlewFXp.exe
3064	dhPhfIm.exe
2432	gVSBYvw.exe
1800	tHSyxUm.exe
552	JBCBRsO.exe
2916	TRtPnRm.exe
1740	JGDVprv.exe
612	qRmgvTO.exe
2000	vlVNbnl.exe
2516	vGHLxBq.exe
2320	cIJeFFh.exe
320	UMQdnpg.exe
2556	gGyCeVS.exe
2260	YdKXWsZ.exe
2480	KJeoNih.exe
1588	iRFXLgo.exe
2340	qqsWZnl.exe
2284	gCkjkcv.exe
1608	eyQcDHm.exe
1604	WbDHayF.exe
2852	XqPAwFT.exe
2936	yqRbYKB.exe
2540	dqtqHTz.exe
2256	dldlsfK.exe
2228	hfGHFMD.exe
2120	YivmBqi.exe
1576	RSmtbIO.exe
2664	NUqhVYF.exe
2828	ChUfPcz.exe
584	BnbYhRT.exe
3000	faFnhiC.exe

Loads dropped DLL 64 IoCs

pid	Process
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1656-0-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-3.dat	upx
behavioral1/memory/2920-10-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0007000000019394-17.dat	upx
behavioral1/memory/2756-16-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0008000000019326-14.dat	upx
behavioral1/memory/2912-22-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/1656-24-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x00060000000193a0-25.dat	upx
behavioral1/memory/2920-31-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2880-33-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x00060000000193b8-38.dat	upx
behavioral1/files/0x0026000000018b89-34.dat	upx
behavioral1/memory/3044-45-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2912-47-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2960-48-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0006000000019470-56.dat	upx
behavioral1/memory/2684-61-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x00060000000193c7-53.dat	upx
behavioral1/memory/2712-54-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x0007000000019489-75.dat	upx
behavioral1/memory/1580-76-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2712-92-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2448-93-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2492-107-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/924-101-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x000500000001a309-116.dat	upx
behavioral1/files/0x000500000001a3f8-130.dat	upx
behavioral1/files/0x000500000001a404-145.dat	upx
behavioral1/files/0x000500000001a438-150.dat	upx
behavioral1/files/0x000500000001a46f-197.dat	upx
behavioral1/memory/2448-303-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2872-480-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2756-641-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2912-642-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2448-915-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2872-935-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/924-925-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2920-957-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/580-905-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1580-889-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2492-879-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2960-867-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2684-865-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2712-861-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/3044-845-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2880-807-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/924-387-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/580-223-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x000500000001a471-203.dat	upx
behavioral1/files/0x000500000001a46d-193.dat	upx
behavioral1/files/0x000500000001a46b-187.dat	upx
behavioral1/files/0x000500000001a469-183.dat	upx
behavioral1/files/0x000500000001a463-176.dat	upx
behavioral1/files/0x000500000001a459-171.dat	upx
behavioral1/files/0x000500000001a457-166.dat	upx
behavioral1/files/0x000500000001a44f-161.dat	upx
behavioral1/files/0x000500000001a44d-157.dat	upx
behavioral1/memory/1580-147-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x000500000001a400-140.dat	upx
behavioral1/files/0x000500000001a3fd-135.dat	upx
behavioral1/files/0x000500000001a3f6-125.dat	upx
behavioral1/files/0x000500000001a3ab-120.dat	upx
behavioral1/memory/2684-100-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HGOVyrb.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqsWZnl.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJBVvcY.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYBNEOB.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQFpLaU.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPvpAJo.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgQgomz.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdRuAWq.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgdbqfw.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsvQRXx.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqFrIpK.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDeKVtH.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRfRHyF.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdvkwaU.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMaoeQm.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNHSsdX.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPSlUiG.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwLGWDa.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkyXGYj.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZJSWte.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANIdeCj.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbXQxOz.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbkljJO.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NagYADi.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQexVZb.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTFxVzF.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygkHmAe.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjlVSww.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xaJlNmy.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRYvZsz.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqizSpD.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnrmzlr.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjilmqE.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqSeBBO.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwgPZJs.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpZQMhp.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INDmMix.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKceMJa.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJmKsPf.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvcNVwA.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfGHFMD.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtOYEMi.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geoXBPg.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dflZDbG.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kodaSQg.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlewFXp.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGbYAmw.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmVqqYy.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChRzMDx.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYxbITf.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAVnBAa.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOhFJUc.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmHNEMF.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgUXMmW.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTaKcHx.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrcsmMm.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYAHxAe.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piQSdUk.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCNQTkD.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfZVIWU.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obViQBa.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRZDRNW.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIzflwn.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqnHgAp.exe	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2920	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1656 wrote to memory of 2920	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1656 wrote to memory of 2920	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1656 wrote to memory of 2756	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1656 wrote to memory of 2756	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1656 wrote to memory of 2756	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1656 wrote to memory of 2912	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1656 wrote to memory of 2912	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1656 wrote to memory of 2912	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1656 wrote to memory of 2880	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1656 wrote to memory of 2880	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1656 wrote to memory of 2880	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1656 wrote to memory of 2960	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1656 wrote to memory of 2960	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1656 wrote to memory of 2960	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1656 wrote to memory of 3044	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1656 wrote to memory of 3044	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1656 wrote to memory of 3044	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1656 wrote to memory of 2712	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1656 wrote to memory of 2712	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1656 wrote to memory of 2712	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1656 wrote to memory of 2684	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1656 wrote to memory of 2684	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1656 wrote to memory of 2684	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1656 wrote to memory of 2492	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1656 wrote to memory of 2492	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1656 wrote to memory of 2492	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1656 wrote to memory of 1580	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1656 wrote to memory of 1580	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1656 wrote to memory of 1580	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1656 wrote to memory of 580	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1656 wrote to memory of 580	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1656 wrote to memory of 580	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1656 wrote to memory of 2448	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1656 wrote to memory of 2448	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1656 wrote to memory of 2448	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1656 wrote to memory of 924	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1656 wrote to memory of 924	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1656 wrote to memory of 924	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1656 wrote to memory of 2872	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1656 wrote to memory of 2872	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1656 wrote to memory of 2872	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1656 wrote to memory of 2652	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1656 wrote to memory of 2652	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1656 wrote to memory of 2652	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1656 wrote to memory of 3008	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1656 wrote to memory of 3008	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1656 wrote to memory of 3008	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1656 wrote to memory of 2072	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1656 wrote to memory of 2072	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1656 wrote to memory of 2072	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1656 wrote to memory of 3012	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1656 wrote to memory of 3012	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1656 wrote to memory of 3012	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1656 wrote to memory of 1664	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1656 wrote to memory of 1664	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1656 wrote to memory of 1664	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1656 wrote to memory of 2368	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1656 wrote to memory of 2368	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1656 wrote to memory of 2368	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1656 wrote to memory of 2276	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1656 wrote to memory of 2276	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1656 wrote to memory of 2276	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1656 wrote to memory of 1372	1656	2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-14_2f265fed55e66116dd61c3cc898a0838_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\System\MlnoCCp.exe
  C:\Windows\System\MlnoCCp.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\NVPjpSb.exe
  C:\Windows\System\NVPjpSb.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\dRUXmfO.exe
  C:\Windows\System\dRUXmfO.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\qRbhYKo.exe
  C:\Windows\System\qRbhYKo.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\vxsBEsM.exe
  C:\Windows\System\vxsBEsM.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\pyoSwdl.exe
  C:\Windows\System\pyoSwdl.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\PkeJlqt.exe
  C:\Windows\System\PkeJlqt.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ohEZZVr.exe
  C:\Windows\System\ohEZZVr.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\zRTYGkh.exe
  C:\Windows\System\zRTYGkh.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\aMqdpYY.exe
  C:\Windows\System\aMqdpYY.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\MdUxRXQ.exe
  C:\Windows\System\MdUxRXQ.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\OyHOaoB.exe
  C:\Windows\System\OyHOaoB.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\rxrViiP.exe
  C:\Windows\System\rxrViiP.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\MYiYWpA.exe
  C:\Windows\System\MYiYWpA.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\IuNFuVJ.exe
  C:\Windows\System\IuNFuVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\BuXzYCx.exe
  C:\Windows\System\BuXzYCx.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\BxRGKQp.exe
  C:\Windows\System\BxRGKQp.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\ZWjiqld.exe
  C:\Windows\System\ZWjiqld.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\yAHhuHo.exe
  C:\Windows\System\yAHhuHo.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\BFrvtQg.exe
  C:\Windows\System\BFrvtQg.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\KBCMwYE.exe
  C:\Windows\System\KBCMwYE.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\crQFhGh.exe
  C:\Windows\System\crQFhGh.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\ZVipyZH.exe
  C:\Windows\System\ZVipyZH.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\DrxKgrU.exe
  C:\Windows\System\DrxKgrU.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\evwOqgz.exe
  C:\Windows\System\evwOqgz.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\WLNywxU.exe
  C:\Windows\System\WLNywxU.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\gvGFAAS.exe
  C:\Windows\System\gvGFAAS.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\MaGejnw.exe
  C:\Windows\System\MaGejnw.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\zTaXNXC.exe
  C:\Windows\System\zTaXNXC.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\unowDvA.exe
  C:\Windows\System\unowDvA.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\SZFxzqt.exe
  C:\Windows\System\SZFxzqt.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\IbObPcr.exe
  C:\Windows\System\IbObPcr.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\VKaChtH.exe
  C:\Windows\System\VKaChtH.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\BlewFXp.exe
  C:\Windows\System\BlewFXp.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\dhPhfIm.exe
  C:\Windows\System\dhPhfIm.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\gVSBYvw.exe
  C:\Windows\System\gVSBYvw.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\tHSyxUm.exe
  C:\Windows\System\tHSyxUm.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\JBCBRsO.exe
  C:\Windows\System\JBCBRsO.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\TRtPnRm.exe
  C:\Windows\System\TRtPnRm.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\JGDVprv.exe
  C:\Windows\System\JGDVprv.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\qRmgvTO.exe
  C:\Windows\System\qRmgvTO.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\vlVNbnl.exe
  C:\Windows\System\vlVNbnl.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\vGHLxBq.exe
  C:\Windows\System\vGHLxBq.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\cIJeFFh.exe
  C:\Windows\System\cIJeFFh.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\UMQdnpg.exe
  C:\Windows\System\UMQdnpg.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\gGyCeVS.exe
  C:\Windows\System\gGyCeVS.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\YdKXWsZ.exe
  C:\Windows\System\YdKXWsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\KJeoNih.exe
  C:\Windows\System\KJeoNih.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\iRFXLgo.exe
  C:\Windows\System\iRFXLgo.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\qqsWZnl.exe
  C:\Windows\System\qqsWZnl.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\gCkjkcv.exe
  C:\Windows\System\gCkjkcv.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\eyQcDHm.exe
  C:\Windows\System\eyQcDHm.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\WbDHayF.exe
  C:\Windows\System\WbDHayF.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\XqPAwFT.exe
  C:\Windows\System\XqPAwFT.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\yqRbYKB.exe
  C:\Windows\System\yqRbYKB.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\dqtqHTz.exe
  C:\Windows\System\dqtqHTz.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\dldlsfK.exe
  C:\Windows\System\dldlsfK.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\hfGHFMD.exe
  C:\Windows\System\hfGHFMD.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\YivmBqi.exe
  C:\Windows\System\YivmBqi.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\RSmtbIO.exe
  C:\Windows\System\RSmtbIO.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\NUqhVYF.exe
  C:\Windows\System\NUqhVYF.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ChUfPcz.exe
  C:\Windows\System\ChUfPcz.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\BnbYhRT.exe
  C:\Windows\System\BnbYhRT.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\faFnhiC.exe
  C:\Windows\System\faFnhiC.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\aHUvUqk.exe
  C:\Windows\System\aHUvUqk.exe
  2⤵
  PID:1992
- C:\Windows\System\IutQAxo.exe
  C:\Windows\System\IutQAxo.exe
  2⤵
  PID:2472
- C:\Windows\System\IgmbgCv.exe
  C:\Windows\System\IgmbgCv.exe
  2⤵
  PID:3004
- C:\Windows\System\NFgeofg.exe
  C:\Windows\System\NFgeofg.exe
  2⤵
  PID:1964
- C:\Windows\System\pyWpEgX.exe
  C:\Windows\System\pyWpEgX.exe
  2⤵
  PID:2232
- C:\Windows\System\nxcdWBS.exe
  C:\Windows\System\nxcdWBS.exe
  2⤵
  PID:1988
- C:\Windows\System\cOnTfRL.exe
  C:\Windows\System\cOnTfRL.exe
  2⤵
  PID:2128
- C:\Windows\System\scwqGYD.exe
  C:\Windows\System\scwqGYD.exe
  2⤵
  PID:2212
- C:\Windows\System\ChRzMDx.exe
  C:\Windows\System\ChRzMDx.exe
  2⤵
  PID:2372
- C:\Windows\System\cxatdoD.exe
  C:\Windows\System\cxatdoD.exe
  2⤵
  PID:2216
- C:\Windows\System\PPpEZHo.exe
  C:\Windows\System\PPpEZHo.exe
  2⤵
  PID:2780
- C:\Windows\System\XArymXh.exe
  C:\Windows\System\XArymXh.exe
  2⤵
  PID:1672
- C:\Windows\System\UTurIth.exe
  C:\Windows\System\UTurIth.exe
  2⤵
  PID:2040
- C:\Windows\System\LULZqIG.exe
  C:\Windows\System\LULZqIG.exe
  2⤵
  PID:2172
- C:\Windows\System\cpRhcPn.exe
  C:\Windows\System\cpRhcPn.exe
  2⤵
  PID:1020
- C:\Windows\System\nvjNKMq.exe
  C:\Windows\System\nvjNKMq.exe
  2⤵
  PID:1688
- C:\Windows\System\rceWZUy.exe
  C:\Windows\System\rceWZUy.exe
  2⤵
  PID:2004
- C:\Windows\System\hDvuVZs.exe
  C:\Windows\System\hDvuVZs.exe
  2⤵
  PID:1300
- C:\Windows\System\zVszDzw.exe
  C:\Windows\System\zVszDzw.exe
  2⤵
  PID:2316
- C:\Windows\System\JUfjPaz.exe
  C:\Windows\System\JUfjPaz.exe
  2⤵
  PID:1736
- C:\Windows\System\OwcuQBQ.exe
  C:\Windows\System\OwcuQBQ.exe
  2⤵
  PID:1152
- C:\Windows\System\fPhlEpP.exe
  C:\Windows\System\fPhlEpP.exe
  2⤵
  PID:2304
- C:\Windows\System\ftdpRSd.exe
  C:\Windows\System\ftdpRSd.exe
  2⤵
  PID:880
- C:\Windows\System\TyiwCgm.exe
  C:\Windows\System\TyiwCgm.exe
  2⤵
  PID:2848
- C:\Windows\System\SqEbQkm.exe
  C:\Windows\System\SqEbQkm.exe
  2⤵
  PID:2396
- C:\Windows\System\FMTPCvG.exe
  C:\Windows\System\FMTPCvG.exe
  2⤵
  PID:2148
- C:\Windows\System\lJNqWKc.exe
  C:\Windows\System\lJNqWKc.exe
  2⤵
  PID:2868
- C:\Windows\System\GSQdcjS.exe
  C:\Windows\System\GSQdcjS.exe
  2⤵
  PID:2132
- C:\Windows\System\AhrsLkq.exe
  C:\Windows\System\AhrsLkq.exe
  2⤵
  PID:2692
- C:\Windows\System\VSrwBnM.exe
  C:\Windows\System\VSrwBnM.exe
  2⤵
  PID:2680
- C:\Windows\System\pgSPCjh.exe
  C:\Windows\System\pgSPCjh.exe
  2⤵
  PID:2612
- C:\Windows\System\lOrEBnJ.exe
  C:\Windows\System\lOrEBnJ.exe
  2⤵
  PID:2628
- C:\Windows\System\ZMqFXxf.exe
  C:\Windows\System\ZMqFXxf.exe
  2⤵
  PID:2988
- C:\Windows\System\eLZmjYY.exe
  C:\Windows\System\eLZmjYY.exe
  2⤵
  PID:2468
- C:\Windows\System\OVxXIRE.exe
  C:\Windows\System\OVxXIRE.exe
  2⤵
  PID:1080
- C:\Windows\System\YhfKiRJ.exe
  C:\Windows\System\YhfKiRJ.exe
  2⤵
  PID:2100
- C:\Windows\System\vSuVbIt.exe
  C:\Windows\System\vSuVbIt.exe
  2⤵
  PID:2560
- C:\Windows\System\ZoOgSND.exe
  C:\Windows\System\ZoOgSND.exe
  2⤵
  PID:700
- C:\Windows\System\DZgLZcc.exe
  C:\Windows\System\DZgLZcc.exe
  2⤵
  PID:1368
- C:\Windows\System\bqfgBEh.exe
  C:\Windows\System\bqfgBEh.exe
  2⤵
  PID:1008
- C:\Windows\System\NjhOdmS.exe
  C:\Windows\System\NjhOdmS.exe
  2⤵
  PID:2524
- C:\Windows\System\CxcJYvU.exe
  C:\Windows\System\CxcJYvU.exe
  2⤵
  PID:2016
- C:\Windows\System\iDaSDEx.exe
  C:\Windows\System\iDaSDEx.exe
  2⤵
  PID:2008
- C:\Windows\System\zYntdrX.exe
  C:\Windows\System\zYntdrX.exe
  2⤵
  PID:2500
- C:\Windows\System\jYNUUCD.exe
  C:\Windows\System\jYNUUCD.exe
  2⤵
  PID:2436
- C:\Windows\System\hssejfu.exe
  C:\Windows\System\hssejfu.exe
  2⤵
  PID:796
- C:\Windows\System\VHKYnGk.exe
  C:\Windows\System\VHKYnGk.exe
  2⤵
  PID:2812
- C:\Windows\System\VMFWAYO.exe
  C:\Windows\System\VMFWAYO.exe
  2⤵
  PID:2728
- C:\Windows\System\ZUenQEe.exe
  C:\Windows\System\ZUenQEe.exe
  2⤵
  PID:1624
- C:\Windows\System\MgAccGW.exe
  C:\Windows\System\MgAccGW.exe
  2⤵
  PID:2156
- C:\Windows\System\nMafndZ.exe
  C:\Windows\System\nMafndZ.exe
  2⤵
  PID:1708
- C:\Windows\System\wdEgcKr.exe
  C:\Windows\System\wdEgcKr.exe
  2⤵
  PID:2220
- C:\Windows\System\PlIlPrB.exe
  C:\Windows\System\PlIlPrB.exe
  2⤵
  PID:676
- C:\Windows\System\HKsIFiq.exe
  C:\Windows\System\HKsIFiq.exe
  2⤵
  PID:2520
- C:\Windows\System\PMGtzRt.exe
  C:\Windows\System\PMGtzRt.exe
  2⤵
  PID:3080
- C:\Windows\System\IWDQkSH.exe
  C:\Windows\System\IWDQkSH.exe
  2⤵
  PID:3100
- C:\Windows\System\MZCYjak.exe
  C:\Windows\System\MZCYjak.exe
  2⤵
  PID:3120
- C:\Windows\System\MXzscfA.exe
  C:\Windows\System\MXzscfA.exe
  2⤵
  PID:3140
- C:\Windows\System\xwNBoJQ.exe
  C:\Windows\System\xwNBoJQ.exe
  2⤵
  PID:3164
- C:\Windows\System\aYWuhzf.exe
  C:\Windows\System\aYWuhzf.exe
  2⤵
  PID:3184
- C:\Windows\System\FKvIXDC.exe
  C:\Windows\System\FKvIXDC.exe
  2⤵
  PID:3204
- C:\Windows\System\JpINBzV.exe
  C:\Windows\System\JpINBzV.exe
  2⤵
  PID:3224
- C:\Windows\System\NqAeKfn.exe
  C:\Windows\System\NqAeKfn.exe
  2⤵
  PID:3244
- C:\Windows\System\lQpcQwE.exe
  C:\Windows\System\lQpcQwE.exe
  2⤵
  PID:3264
- C:\Windows\System\fRwPIcl.exe
  C:\Windows\System\fRwPIcl.exe
  2⤵
  PID:3284
- C:\Windows\System\QaxAaAt.exe
  C:\Windows\System\QaxAaAt.exe
  2⤵
  PID:3304
- C:\Windows\System\gRhOoOH.exe
  C:\Windows\System\gRhOoOH.exe
  2⤵
  PID:3324
- C:\Windows\System\eOpPshi.exe
  C:\Windows\System\eOpPshi.exe
  2⤵
  PID:3340
- C:\Windows\System\rUKDTsG.exe
  C:\Windows\System\rUKDTsG.exe
  2⤵
  PID:3372
- C:\Windows\System\dEAgdDQ.exe
  C:\Windows\System\dEAgdDQ.exe
  2⤵
  PID:3392
- C:\Windows\System\zYvihPE.exe
  C:\Windows\System\zYvihPE.exe
  2⤵
  PID:3412
- C:\Windows\System\YptOyvu.exe
  C:\Windows\System\YptOyvu.exe
  2⤵
  PID:3432
- C:\Windows\System\jCGnqgc.exe
  C:\Windows\System\jCGnqgc.exe
  2⤵
  PID:3452
- C:\Windows\System\LszhMjW.exe
  C:\Windows\System\LszhMjW.exe
  2⤵
  PID:3476
- C:\Windows\System\zUfWIKf.exe
  C:\Windows\System\zUfWIKf.exe
  2⤵
  PID:3496
- C:\Windows\System\WCuYnJe.exe
  C:\Windows\System\WCuYnJe.exe
  2⤵
  PID:3516
- C:\Windows\System\tnYcMEG.exe
  C:\Windows\System\tnYcMEG.exe
  2⤵
  PID:3536
- C:\Windows\System\MZDwPRU.exe
  C:\Windows\System\MZDwPRU.exe
  2⤵
  PID:3556
- C:\Windows\System\WbxqHCT.exe
  C:\Windows\System\WbxqHCT.exe
  2⤵
  PID:3576
- C:\Windows\System\SlNXzpD.exe
  C:\Windows\System\SlNXzpD.exe
  2⤵
  PID:3596
- C:\Windows\System\MjQnNVo.exe
  C:\Windows\System\MjQnNVo.exe
  2⤵
  PID:3616
- C:\Windows\System\RpAqbmn.exe
  C:\Windows\System\RpAqbmn.exe
  2⤵
  PID:3636
- C:\Windows\System\FYqsVGc.exe
  C:\Windows\System\FYqsVGc.exe
  2⤵
  PID:3656
- C:\Windows\System\kMnENal.exe
  C:\Windows\System\kMnENal.exe
  2⤵
  PID:3672
- C:\Windows\System\wxAzDGU.exe
  C:\Windows\System\wxAzDGU.exe
  2⤵
  PID:3700
- C:\Windows\System\wreKDHP.exe
  C:\Windows\System\wreKDHP.exe
  2⤵
  PID:3720
- C:\Windows\System\jhEGYIQ.exe
  C:\Windows\System\jhEGYIQ.exe
  2⤵
  PID:3740
- C:\Windows\System\YDQsTVQ.exe
  C:\Windows\System\YDQsTVQ.exe
  2⤵
  PID:3764
- C:\Windows\System\kwYlwGy.exe
  C:\Windows\System\kwYlwGy.exe
  2⤵
  PID:3784
- C:\Windows\System\ZXOfOyf.exe
  C:\Windows\System\ZXOfOyf.exe
  2⤵
  PID:3804
- C:\Windows\System\uOKJPNu.exe
  C:\Windows\System\uOKJPNu.exe
  2⤵
  PID:3824
- C:\Windows\System\heJhCtJ.exe
  C:\Windows\System\heJhCtJ.exe
  2⤵
  PID:3844
- C:\Windows\System\iRSdgdd.exe
  C:\Windows\System\iRSdgdd.exe
  2⤵
  PID:3864
- C:\Windows\System\mQtGrsB.exe
  C:\Windows\System\mQtGrsB.exe
  2⤵
  PID:3884
- C:\Windows\System\ffrxFKm.exe
  C:\Windows\System\ffrxFKm.exe
  2⤵
  PID:3904
- C:\Windows\System\DzutZZL.exe
  C:\Windows\System\DzutZZL.exe
  2⤵
  PID:3924
- C:\Windows\System\XCeBtoY.exe
  C:\Windows\System\XCeBtoY.exe
  2⤵
  PID:3944
- C:\Windows\System\tTZcghj.exe
  C:\Windows\System\tTZcghj.exe
  2⤵
  PID:3964
- C:\Windows\System\EjBkQfy.exe
  C:\Windows\System\EjBkQfy.exe
  2⤵
  PID:3988
- C:\Windows\System\CaHddMg.exe
  C:\Windows\System\CaHddMg.exe
  2⤵
  PID:4008
- C:\Windows\System\pjIbjIw.exe
  C:\Windows\System\pjIbjIw.exe
  2⤵
  PID:4028
- C:\Windows\System\EDyAHIS.exe
  C:\Windows\System\EDyAHIS.exe
  2⤵
  PID:4048
- C:\Windows\System\CFuUrdj.exe
  C:\Windows\System\CFuUrdj.exe
  2⤵
  PID:4068
- C:\Windows\System\iNVetKa.exe
  C:\Windows\System\iNVetKa.exe
  2⤵
  PID:4088
- C:\Windows\System\FxtEXuL.exe
  C:\Windows\System\FxtEXuL.exe
  2⤵
  PID:1064
- C:\Windows\System\hOMwUiu.exe
  C:\Windows\System\hOMwUiu.exe
  2⤵
  PID:1868
- C:\Windows\System\TinMbcg.exe
  C:\Windows\System\TinMbcg.exe
  2⤵
  PID:1072
- C:\Windows\System\eMwZqwX.exe
  C:\Windows\System\eMwZqwX.exe
  2⤵
  PID:1660
- C:\Windows\System\HlnewDe.exe
  C:\Windows\System\HlnewDe.exe
  2⤵
  PID:2932
- C:\Windows\System\euqQQjE.exe
  C:\Windows\System\euqQQjE.exe
  2⤵
  PID:2924
- C:\Windows\System\MRpWIfZ.exe
  C:\Windows\System\MRpWIfZ.exe
  2⤵
  PID:1764
- C:\Windows\System\AmmvipK.exe
  C:\Windows\System\AmmvipK.exe
  2⤵
  PID:3276
- C:\Windows\System\PkjZGKZ.exe
  C:\Windows\System\PkjZGKZ.exe
  2⤵
  PID:3320
- C:\Windows\System\DLmRJxP.exe
  C:\Windows\System\DLmRJxP.exe
  2⤵
  PID:3364
- C:\Windows\System\voFKpje.exe
  C:\Windows\System\voFKpje.exe
  2⤵
  PID:3400
- C:\Windows\System\AIHuAnx.exe
  C:\Windows\System\AIHuAnx.exe
  2⤵
  PID:3384
- C:\Windows\System\MBytvER.exe
  C:\Windows\System\MBytvER.exe
  2⤵
  PID:3444
- C:\Windows\System\dzJeCdm.exe
  C:\Windows\System\dzJeCdm.exe
  2⤵
  PID:3524
- C:\Windows\System\HGOVyrb.exe
  C:\Windows\System\HGOVyrb.exe
  2⤵
  PID:3512
- C:\Windows\System\zgeWMii.exe
  C:\Windows\System\zgeWMii.exe
  2⤵
  PID:3548
- C:\Windows\System\tycZnXE.exe
  C:\Windows\System\tycZnXE.exe
  2⤵
  PID:3584
- C:\Windows\System\xphwSVq.exe
  C:\Windows\System\xphwSVq.exe
  2⤵
  PID:3644
- C:\Windows\System\bjEsige.exe
  C:\Windows\System\bjEsige.exe
  2⤵
  PID:3628
- C:\Windows\System\RSJFDgB.exe
  C:\Windows\System\RSJFDgB.exe
  2⤵
  PID:3664
- C:\Windows\System\gnbiYej.exe
  C:\Windows\System\gnbiYej.exe
  2⤵
  PID:3736
- C:\Windows\System\OiUVfDR.exe
  C:\Windows\System\OiUVfDR.exe
  2⤵
  PID:3812
- C:\Windows\System\kdBZzfC.exe
  C:\Windows\System\kdBZzfC.exe
  2⤵
  PID:3800
- C:\Windows\System\AIygyjp.exe
  C:\Windows\System\AIygyjp.exe
  2⤵
  PID:3840
- C:\Windows\System\SLgvIAI.exe
  C:\Windows\System\SLgvIAI.exe
  2⤵
  PID:3872
- C:\Windows\System\dbavubC.exe
  C:\Windows\System\dbavubC.exe
  2⤵
  PID:3876
- C:\Windows\System\gsBFPJq.exe
  C:\Windows\System\gsBFPJq.exe
  2⤵
  PID:3972
- C:\Windows\System\aaxSxSm.exe
  C:\Windows\System\aaxSxSm.exe
  2⤵
  PID:3912
- C:\Windows\System\qoCJxQt.exe
  C:\Windows\System\qoCJxQt.exe
  2⤵
  PID:3956
- C:\Windows\System\RngZNcc.exe
  C:\Windows\System\RngZNcc.exe
  2⤵
  PID:4024
- C:\Windows\System\NaoqEIe.exe
  C:\Windows\System\NaoqEIe.exe
  2⤵
  PID:4040
- C:\Windows\System\ipreZbV.exe
  C:\Windows\System\ipreZbV.exe
  2⤵
  PID:4084
- C:\Windows\System\bOIEBgU.exe
  C:\Windows\System\bOIEBgU.exe
  2⤵
  PID:332
- C:\Windows\System\nRmwJPI.exe
  C:\Windows\System\nRmwJPI.exe
  2⤵
  PID:916
- C:\Windows\System\UmuotOy.exe
  C:\Windows\System\UmuotOy.exe
  2⤵
  PID:2748
- C:\Windows\System\sAdaUwA.exe
  C:\Windows\System\sAdaUwA.exe
  2⤵
  PID:3036
- C:\Windows\System\ryjnrgr.exe
  C:\Windows\System\ryjnrgr.exe
  2⤵
  PID:2984
- C:\Windows\System\LpXkBUd.exe
  C:\Windows\System\LpXkBUd.exe
  2⤵
  PID:2116
- C:\Windows\System\vdEEbch.exe
  C:\Windows\System\vdEEbch.exe
  2⤵
  PID:316
- C:\Windows\System\CypPSTP.exe
  C:\Windows\System\CypPSTP.exe
  2⤵
  PID:2648
- C:\Windows\System\XmslpRo.exe
  C:\Windows\System\XmslpRo.exe
  2⤵
  PID:2720
- C:\Windows\System\OaTJUzW.exe
  C:\Windows\System\OaTJUzW.exe
  2⤵
  PID:1340
- C:\Windows\System\HcyAvaj.exe
  C:\Windows\System\HcyAvaj.exe
  2⤵
  PID:1196
- C:\Windows\System\pziKdcw.exe
  C:\Windows\System\pziKdcw.exe
  2⤵
  PID:3016
- C:\Windows\System\hsSgwDA.exe
  C:\Windows\System\hsSgwDA.exe
  2⤵
  PID:2952
- C:\Windows\System\DQOYXXY.exe
  C:\Windows\System\DQOYXXY.exe
  2⤵
  PID:3192
- C:\Windows\System\ixeBAJw.exe
  C:\Windows\System\ixeBAJw.exe
  2⤵
  PID:2672
- C:\Windows\System\hDEzCfx.exe
  C:\Windows\System\hDEzCfx.exe
  2⤵
  PID:3252
- C:\Windows\System\dLTJoyZ.exe
  C:\Windows\System\dLTJoyZ.exe
  2⤵
  PID:2736
- C:\Windows\System\GNInxBc.exe
  C:\Windows\System\GNInxBc.exe
  2⤵
  PID:3300
- C:\Windows\System\cNkLKIM.exe
  C:\Windows\System\cNkLKIM.exe
  2⤵
  PID:3428
- C:\Windows\System\gfueABS.exe
  C:\Windows\System\gfueABS.exe
  2⤵
  PID:3388
- C:\Windows\System\gTWUoiA.exe
  C:\Windows\System\gTWUoiA.exe
  2⤵
  PID:3488
- C:\Windows\System\HPrkiUE.exe
  C:\Windows\System\HPrkiUE.exe
  2⤵
  PID:3464
- C:\Windows\System\kPnFdbt.exe
  C:\Windows\System\kPnFdbt.exe
  2⤵
  PID:3552
- C:\Windows\System\KiWAwQg.exe
  C:\Windows\System\KiWAwQg.exe
  2⤵
  PID:3648
- C:\Windows\System\MsqiDpf.exe
  C:\Windows\System\MsqiDpf.exe
  2⤵
  PID:3708
- C:\Windows\System\sZspPap.exe
  C:\Windows\System\sZspPap.exe
  2⤵
  PID:3772
- C:\Windows\System\jsGoChL.exe
  C:\Windows\System\jsGoChL.exe
  2⤵
  PID:3752
- C:\Windows\System\XGbYAmw.exe
  C:\Windows\System\XGbYAmw.exe
  2⤵
  PID:3816
- C:\Windows\System\MrcsmMm.exe
  C:\Windows\System\MrcsmMm.exe
  2⤵
  PID:3880
- C:\Windows\System\dvNdtOb.exe
  C:\Windows\System\dvNdtOb.exe
  2⤵
  PID:3976
- C:\Windows\System\fxYrjwg.exe
  C:\Windows\System\fxYrjwg.exe
  2⤵
  PID:4004
- C:\Windows\System\yCgPbnD.exe
  C:\Windows\System\yCgPbnD.exe
  2⤵
  PID:4056
- C:\Windows\System\twvszdK.exe
  C:\Windows\System\twvszdK.exe
  2⤵
  PID:4060
- C:\Windows\System\RCFLbWw.exe
  C:\Windows\System\RCFLbWw.exe
  2⤵
  PID:2144
- C:\Windows\System\svVuWYr.exe
  C:\Windows\System\svVuWYr.exe
  2⤵
  PID:2620
- C:\Windows\System\fEZPMqV.exe
  C:\Windows\System\fEZPMqV.exe
  2⤵
  PID:2104
- C:\Windows\System\rFTkmll.exe
  C:\Windows\System\rFTkmll.exe
  2⤵
  PID:1144
- C:\Windows\System\VtsaGFX.exe
  C:\Windows\System\VtsaGFX.exe
  2⤵
  PID:2716
- C:\Windows\System\aLdFKyz.exe
  C:\Windows\System\aLdFKyz.exe
  2⤵
  PID:2760
- C:\Windows\System\kdwrzvO.exe
  C:\Windows\System\kdwrzvO.exe
  2⤵
  PID:2292
- C:\Windows\System\vDwvxzd.exe
  C:\Windows\System\vDwvxzd.exe
  2⤵
  PID:3028
- C:\Windows\System\ihqGdkf.exe
  C:\Windows\System\ihqGdkf.exe
  2⤵
  PID:2688
- C:\Windows\System\ESywqAn.exe
  C:\Windows\System\ESywqAn.exe
  2⤵
  PID:3468
- C:\Windows\System\XwyUeeF.exe
  C:\Windows\System\XwyUeeF.exe
  2⤵
  PID:2444
- C:\Windows\System\uLmFqpF.exe
  C:\Windows\System\uLmFqpF.exe
  2⤵
  PID:3404
- C:\Windows\System\avyIJqh.exe
  C:\Windows\System\avyIJqh.exe
  2⤵
  PID:3360
- C:\Windows\System\FxmOiqb.exe
  C:\Windows\System\FxmOiqb.exe
  2⤵
  PID:3528
- C:\Windows\System\bETfrJJ.exe
  C:\Windows\System\bETfrJJ.exe
  2⤵
  PID:3692
- C:\Windows\System\duZrfOd.exe
  C:\Windows\System\duZrfOd.exe
  2⤵
  PID:3696
- C:\Windows\System\aGljqgT.exe
  C:\Windows\System\aGljqgT.exe
  2⤵
  PID:3716
- C:\Windows\System\BNpaXvs.exe
  C:\Windows\System\BNpaXvs.exe
  2⤵
  PID:3932
- C:\Windows\System\mgjABbF.exe
  C:\Windows\System\mgjABbF.exe
  2⤵
  PID:1732
- C:\Windows\System\NnUnbhH.exe
  C:\Windows\System\NnUnbhH.exe
  2⤵
  PID:1864
- C:\Windows\System\FTgiamy.exe
  C:\Windows\System\FTgiamy.exe
  2⤵
  PID:2768
- C:\Windows\System\mJZpyBW.exe
  C:\Windows\System\mJZpyBW.exe
  2⤵
  PID:2464
- C:\Windows\System\vChrqaG.exe
  C:\Windows\System\vChrqaG.exe
  2⤵
  PID:2704
- C:\Windows\System\oiUpNWU.exe
  C:\Windows\System\oiUpNWU.exe
  2⤵
  PID:2732
- C:\Windows\System\uGBJheW.exe
  C:\Windows\System\uGBJheW.exe
  2⤵
  PID:2996
- C:\Windows\System\VOYKptF.exe
  C:\Windows\System\VOYKptF.exe
  2⤵
  PID:2428
- C:\Windows\System\kfFGnhT.exe
  C:\Windows\System\kfFGnhT.exe
  2⤵
  PID:3092
- C:\Windows\System\JrJeZMf.exe
  C:\Windows\System\JrJeZMf.exe
  2⤵
  PID:1488
- C:\Windows\System\QXTaJjC.exe
  C:\Windows\System\QXTaJjC.exe
  2⤵
  PID:3504
- C:\Windows\System\SIzTDum.exe
  C:\Windows\System\SIzTDum.exe
  2⤵
  PID:1472
- C:\Windows\System\fTMdCCo.exe
  C:\Windows\System\fTMdCCo.exe
  2⤵
  PID:1328
- C:\Windows\System\KTsShZt.exe
  C:\Windows\System\KTsShZt.exe
  2⤵
  PID:2840
- C:\Windows\System\rEyJtXS.exe
  C:\Windows\System\rEyJtXS.exe
  2⤵
  PID:976
- C:\Windows\System\OmcdVGM.exe
  C:\Windows\System\OmcdVGM.exe
  2⤵
  PID:2660
- C:\Windows\System\IvPeOiI.exe
  C:\Windows\System\IvPeOiI.exe
  2⤵
  PID:4000
- C:\Windows\System\mqzihXf.exe
  C:\Windows\System\mqzihXf.exe
  2⤵
  PID:3940
- C:\Windows\System\KqypDNX.exe
  C:\Windows\System\KqypDNX.exe
  2⤵
  PID:1712
- C:\Windows\System\iMPbvcw.exe
  C:\Windows\System\iMPbvcw.exe
  2⤵
  PID:2512
- C:\Windows\System\WxmrYFf.exe
  C:\Windows\System\WxmrYFf.exe
  2⤵
  PID:2388
- C:\Windows\System\daVYCil.exe
  C:\Windows\System\daVYCil.exe
  2⤵
  PID:2644
- C:\Windows\System\rBsPkwY.exe
  C:\Windows\System\rBsPkwY.exe
  2⤵
  PID:952
- C:\Windows\System\PzAwXai.exe
  C:\Windows\System\PzAwXai.exe
  2⤵
  PID:1668
- C:\Windows\System\ZHlxspZ.exe
  C:\Windows\System\ZHlxspZ.exe
  2⤵
  PID:2548
- C:\Windows\System\ktpnwcP.exe
  C:\Windows\System\ktpnwcP.exe
  2⤵
  PID:3380
- C:\Windows\System\GUPXPGD.exe
  C:\Windows\System\GUPXPGD.exe
  2⤵
  PID:1060
- C:\Windows\System\jhfkhQO.exe
  C:\Windows\System\jhfkhQO.exe
  2⤵
  PID:3604
- C:\Windows\System\nEOOoNG.exe
  C:\Windows\System\nEOOoNG.exe
  2⤵
  PID:3608
- C:\Windows\System\QxNNZEV.exe
  C:\Windows\System\QxNNZEV.exe
  2⤵
  PID:3776
- C:\Windows\System\TQvyaId.exe
  C:\Windows\System\TQvyaId.exe
  2⤵
  PID:2376
- C:\Windows\System\GSHtgbB.exe
  C:\Windows\System\GSHtgbB.exe
  2⤵
  PID:1048
- C:\Windows\System\dLecDgB.exe
  C:\Windows\System\dLecDgB.exe
  2⤵
  PID:1756
- C:\Windows\System\zbwHjoO.exe
  C:\Windows\System\zbwHjoO.exe
  2⤵
  PID:1976
- C:\Windows\System\WxYTFBY.exe
  C:\Windows\System\WxYTFBY.exe
  2⤵
  PID:3212
- C:\Windows\System\ueTZlmK.exe
  C:\Windows\System\ueTZlmK.exe
  2⤵
  PID:848
- C:\Windows\System\RPnXePd.exe
  C:\Windows\System\RPnXePd.exe
  2⤵
  PID:2784
- C:\Windows\System\LrlBCpw.exe
  C:\Windows\System\LrlBCpw.exe
  2⤵
  PID:2884
- C:\Windows\System\UKjAVDY.exe
  C:\Windows\System\UKjAVDY.exe
  2⤵
  PID:2424
- C:\Windows\System\WWJPvCY.exe
  C:\Windows\System\WWJPvCY.exe
  2⤵
  PID:820
- C:\Windows\System\PfjIkeL.exe
  C:\Windows\System\PfjIkeL.exe
  2⤵
  PID:3020
- C:\Windows\System\IJBVvcY.exe
  C:\Windows\System\IJBVvcY.exe
  2⤵
  PID:3712
- C:\Windows\System\piRcgKF.exe
  C:\Windows\System\piRcgKF.exe
  2⤵
  PID:3780
- C:\Windows\System\byyGGNL.exe
  C:\Windows\System\byyGGNL.exe
  2⤵
  PID:2980
- C:\Windows\System\qwlDHlY.exe
  C:\Windows\System\qwlDHlY.exe
  2⤵
  PID:3792
- C:\Windows\System\XaqZzae.exe
  C:\Windows\System\XaqZzae.exe
  2⤵
  PID:3860
- C:\Windows\System\VYlEQKO.exe
  C:\Windows\System\VYlEQKO.exe
  2⤵
  PID:1928
- C:\Windows\System\xXhCkoJ.exe
  C:\Windows\System\xXhCkoJ.exe
  2⤵
  PID:2636
- C:\Windows\System\PUdhSvQ.exe
  C:\Windows\System\PUdhSvQ.exe
  2⤵
  PID:2296
- C:\Windows\System\ULEIHWP.exe
  C:\Windows\System\ULEIHWP.exe
  2⤵
  PID:4108
- C:\Windows\System\qEpGgNs.exe
  C:\Windows\System\qEpGgNs.exe
  2⤵
  PID:4124
- C:\Windows\System\bmPdJav.exe
  C:\Windows\System\bmPdJav.exe
  2⤵
  PID:4140
- C:\Windows\System\sngPOJq.exe
  C:\Windows\System\sngPOJq.exe
  2⤵
  PID:4156
- C:\Windows\System\ymcbAyI.exe
  C:\Windows\System\ymcbAyI.exe
  2⤵
  PID:4176
- C:\Windows\System\eJfJQff.exe
  C:\Windows\System\eJfJQff.exe
  2⤵
  PID:4208
- C:\Windows\System\WWRpSCQ.exe
  C:\Windows\System\WWRpSCQ.exe
  2⤵
  PID:4224
- C:\Windows\System\QXVogEj.exe
  C:\Windows\System\QXVogEj.exe
  2⤵
  PID:4240
- C:\Windows\System\pLIFbCT.exe
  C:\Windows\System\pLIFbCT.exe
  2⤵
  PID:4256
- C:\Windows\System\uzlIXZw.exe
  C:\Windows\System\uzlIXZw.exe
  2⤵
  PID:4272
- C:\Windows\System\djivTAM.exe
  C:\Windows\System\djivTAM.exe
  2⤵
  PID:4292
- C:\Windows\System\HKVvgRH.exe
  C:\Windows\System\HKVvgRH.exe
  2⤵
  PID:4328
- C:\Windows\System\AjVqMPE.exe
  C:\Windows\System\AjVqMPE.exe
  2⤵
  PID:4344
- C:\Windows\System\DYPONns.exe
  C:\Windows\System\DYPONns.exe
  2⤵
  PID:4360
- C:\Windows\System\QNDHWax.exe
  C:\Windows\System\QNDHWax.exe
  2⤵
  PID:4392
- C:\Windows\System\PryBFYu.exe
  C:\Windows\System\PryBFYu.exe
  2⤵
  PID:4408
- C:\Windows\System\WAPUMtn.exe
  C:\Windows\System\WAPUMtn.exe
  2⤵
  PID:4432
- C:\Windows\System\EPboqGe.exe
  C:\Windows\System\EPboqGe.exe
  2⤵
  PID:4448
- C:\Windows\System\SQhGgGT.exe
  C:\Windows\System\SQhGgGT.exe
  2⤵
  PID:4472
- C:\Windows\System\eiVRhMX.exe
  C:\Windows\System\eiVRhMX.exe
  2⤵
  PID:4488
- C:\Windows\System\ZMDoKWR.exe
  C:\Windows\System\ZMDoKWR.exe
  2⤵
  PID:4504
- C:\Windows\System\IUKmCpy.exe
  C:\Windows\System\IUKmCpy.exe
  2⤵
  PID:4524
- C:\Windows\System\jdUDRBE.exe
  C:\Windows\System\jdUDRBE.exe
  2⤵
  PID:4548
- C:\Windows\System\RnwrdRK.exe
  C:\Windows\System\RnwrdRK.exe
  2⤵
  PID:4568
- C:\Windows\System\RYVxMcl.exe
  C:\Windows\System\RYVxMcl.exe
  2⤵
  PID:4584
- C:\Windows\System\ZGWtavF.exe
  C:\Windows\System\ZGWtavF.exe
  2⤵
  PID:4600
- C:\Windows\System\muztLub.exe
  C:\Windows\System\muztLub.exe
  2⤵
  PID:4616
- C:\Windows\System\endHKOH.exe
  C:\Windows\System\endHKOH.exe
  2⤵
  PID:4636
- C:\Windows\System\nnldVJo.exe
  C:\Windows\System\nnldVJo.exe
  2⤵
  PID:4664
- C:\Windows\System\kxdGEzY.exe
  C:\Windows\System\kxdGEzY.exe
  2⤵
  PID:4692
- C:\Windows\System\UNWRszm.exe
  C:\Windows\System\UNWRszm.exe
  2⤵
  PID:4720
- C:\Windows\System\fRyPtuy.exe
  C:\Windows\System\fRyPtuy.exe
  2⤵
  PID:4736
- C:\Windows\System\tBpsJeQ.exe
  C:\Windows\System\tBpsJeQ.exe
  2⤵
  PID:4756
- C:\Windows\System\mLNEOwe.exe
  C:\Windows\System\mLNEOwe.exe
  2⤵
  PID:4776
- C:\Windows\System\wCGcIal.exe
  C:\Windows\System\wCGcIal.exe
  2⤵
  PID:4800
- C:\Windows\System\LGRahXT.exe
  C:\Windows\System\LGRahXT.exe
  2⤵
  PID:4816
- C:\Windows\System\xBFhDSw.exe
  C:\Windows\System\xBFhDSw.exe
  2⤵
  PID:4840
- C:\Windows\System\FyCkide.exe
  C:\Windows\System\FyCkide.exe
  2⤵
  PID:4856
- C:\Windows\System\SEzWyyF.exe
  C:\Windows\System\SEzWyyF.exe
  2⤵
  PID:4876
- C:\Windows\System\DmDxVHf.exe
  C:\Windows\System\DmDxVHf.exe
  2⤵
  PID:4896
- C:\Windows\System\bZJSWte.exe
  C:\Windows\System\bZJSWte.exe
  2⤵
  PID:4912
- C:\Windows\System\nlybIKQ.exe
  C:\Windows\System\nlybIKQ.exe
  2⤵
  PID:4936
- C:\Windows\System\bWtAGse.exe
  C:\Windows\System\bWtAGse.exe
  2⤵
  PID:4952
- C:\Windows\System\uvpDQWm.exe
  C:\Windows\System\uvpDQWm.exe
  2⤵
  PID:4972
- C:\Windows\System\igUjOUO.exe
  C:\Windows\System\igUjOUO.exe
  2⤵
  PID:4988
- C:\Windows\System\hiLzyvC.exe
  C:\Windows\System\hiLzyvC.exe
  2⤵
  PID:5008
- C:\Windows\System\mdRuAWq.exe
  C:\Windows\System\mdRuAWq.exe
  2⤵
  PID:5036
- C:\Windows\System\BjKPzIl.exe
  C:\Windows\System\BjKPzIl.exe
  2⤵
  PID:5056
- C:\Windows\System\SdsRUBI.exe
  C:\Windows\System\SdsRUBI.exe
  2⤵
  PID:5080
- C:\Windows\System\rMVYtdW.exe
  C:\Windows\System\rMVYtdW.exe
  2⤵
  PID:5096
- C:\Windows\System\cienaoU.exe
  C:\Windows\System\cienaoU.exe
  2⤵
  PID:2972
- C:\Windows\System\NfSJmqZ.exe
  C:\Windows\System\NfSJmqZ.exe
  2⤵
  PID:4036
- C:\Windows\System\pBMouWT.exe
  C:\Windows\System\pBMouWT.exe
  2⤵
  PID:3592
- C:\Windows\System\AVFruIt.exe
  C:\Windows\System\AVFruIt.exe
  2⤵
  PID:3176
- C:\Windows\System\mPKWvgV.exe
  C:\Windows\System\mPKWvgV.exe
  2⤵
  PID:4100
- C:\Windows\System\xwmKpcm.exe
  C:\Windows\System\xwmKpcm.exe
  2⤵
  PID:4136
- C:\Windows\System\cpwczoe.exe
  C:\Windows\System\cpwczoe.exe
  2⤵
  PID:4132
- C:\Windows\System\wqHTTUJ.exe
  C:\Windows\System\wqHTTUJ.exe
  2⤵
  PID:4264
- C:\Windows\System\OibDnVX.exe
  C:\Windows\System\OibDnVX.exe
  2⤵
  PID:4316
- C:\Windows\System\jxoHDbA.exe
  C:\Windows\System\jxoHDbA.exe
  2⤵
  PID:4248
- C:\Windows\System\LBcXnMo.exe
  C:\Windows\System\LBcXnMo.exe
  2⤵
  PID:4336
- C:\Windows\System\LIqJcqY.exe
  C:\Windows\System\LIqJcqY.exe
  2⤵
  PID:4300
- C:\Windows\System\cIrJEtT.exe
  C:\Windows\System\cIrJEtT.exe
  2⤵
  PID:4376
- C:\Windows\System\dJtpJKk.exe
  C:\Windows\System\dJtpJKk.exe
  2⤵
  PID:4416
- C:\Windows\System\SavMfwZ.exe
  C:\Windows\System\SavMfwZ.exe
  2⤵
  PID:4456
- C:\Windows\System\inCTHny.exe
  C:\Windows\System\inCTHny.exe
  2⤵
  PID:4484
- C:\Windows\System\aJWSYlF.exe
  C:\Windows\System\aJWSYlF.exe
  2⤵
  PID:4512
- C:\Windows\System\yfKVEjO.exe
  C:\Windows\System\yfKVEjO.exe
  2⤵
  PID:4544
- C:\Windows\System\EGQYcrb.exe
  C:\Windows\System\EGQYcrb.exe
  2⤵
  PID:4612
- C:\Windows\System\eQGQdnP.exe
  C:\Windows\System\eQGQdnP.exe
  2⤵
  PID:4592
- C:\Windows\System\YYZZUcx.exe
  C:\Windows\System\YYZZUcx.exe
  2⤵
  PID:4676
- C:\Windows\System\APTpzrW.exe
  C:\Windows\System\APTpzrW.exe
  2⤵
  PID:4700
- C:\Windows\System\BqwzOXm.exe
  C:\Windows\System\BqwzOXm.exe
  2⤵
  PID:4732
- C:\Windows\System\AwtEHLi.exe
  C:\Windows\System\AwtEHLi.exe
  2⤵
  PID:4768
- C:\Windows\System\tVhmtAK.exe
  C:\Windows\System\tVhmtAK.exe
  2⤵
  PID:4808
- C:\Windows\System\obViQBa.exe
  C:\Windows\System\obViQBa.exe
  2⤵
  PID:4812
- C:\Windows\System\tgdbqfw.exe
  C:\Windows\System\tgdbqfw.exe
  2⤵
  PID:4852
- C:\Windows\System\GFrvbSA.exe
  C:\Windows\System\GFrvbSA.exe
  2⤵
  PID:4904
- C:\Windows\System\DgHkwZh.exe
  C:\Windows\System\DgHkwZh.exe
  2⤵
  PID:4984
- C:\Windows\System\qNYjVQl.exe
  C:\Windows\System\qNYjVQl.exe
  2⤵
  PID:4924
- C:\Windows\System\gDXjRlP.exe
  C:\Windows\System\gDXjRlP.exe
  2⤵
  PID:4968
- C:\Windows\System\gUyHiFK.exe
  C:\Windows\System\gUyHiFK.exe
  2⤵
  PID:5020
- C:\Windows\System\hEUlosy.exe
  C:\Windows\System\hEUlosy.exe
  2⤵
  PID:5088
- C:\Windows\System\ftDiGTY.exe
  C:\Windows\System\ftDiGTY.exe
  2⤵
  PID:5076
- C:\Windows\System\wTKcwMR.exe
  C:\Windows\System\wTKcwMR.exe
  2⤵
  PID:2700
- C:\Windows\System\nMYLOlR.exe
  C:\Windows\System\nMYLOlR.exe
  2⤵
  PID:1204
- C:\Windows\System\ZDJLUZu.exe
  C:\Windows\System\ZDJLUZu.exe
  2⤵
  PID:4204
- C:\Windows\System\sgTBcwL.exe
  C:\Windows\System\sgTBcwL.exe
  2⤵
  PID:4192
- C:\Windows\System\JDToRAn.exe
  C:\Windows\System\JDToRAn.exe
  2⤵
  PID:4304
- C:\Windows\System\hKodwOK.exe
  C:\Windows\System\hKodwOK.exe
  2⤵
  PID:4284
- C:\Windows\System\oNGYcxq.exe
  C:\Windows\System\oNGYcxq.exe
  2⤵
  PID:4428
- C:\Windows\System\lRJIFSp.exe
  C:\Windows\System\lRJIFSp.exe
  2⤵
  PID:4444
- C:\Windows\System\vIxGujF.exe
  C:\Windows\System\vIxGujF.exe
  2⤵
  PID:4384
- C:\Windows\System\lUczdLV.exe
  C:\Windows\System\lUczdLV.exe
  2⤵
  PID:4320
- C:\Windows\System\SOHYqbU.exe
  C:\Windows\System\SOHYqbU.exe
  2⤵
  PID:4656
- C:\Windows\System\dsnhcUe.exe
  C:\Windows\System\dsnhcUe.exe
  2⤵
  PID:4608
- C:\Windows\System\pGJKwCT.exe
  C:\Windows\System\pGJKwCT.exe
  2⤵
  PID:4628
- C:\Windows\System\eMErlGb.exe
  C:\Windows\System\eMErlGb.exe
  2⤵
  PID:4712
- C:\Windows\System\NpwytWv.exe
  C:\Windows\System\NpwytWv.exe
  2⤵
  PID:4388
- C:\Windows\System\whFAoNG.exe
  C:\Windows\System\whFAoNG.exe
  2⤵
  PID:4864
- C:\Windows\System\gpJKOYF.exe
  C:\Windows\System\gpJKOYF.exe
  2⤵
  PID:4920
- C:\Windows\System\AqpJbjT.exe
  C:\Windows\System\AqpJbjT.exe
  2⤵
  PID:4960
- C:\Windows\System\DgQgomz.exe
  C:\Windows\System\DgQgomz.exe
  2⤵
  PID:4932
- C:\Windows\System\JqdzaQP.exe
  C:\Windows\System\JqdzaQP.exe
  2⤵
  PID:5048
- C:\Windows\System\jOjELXo.exe
  C:\Windows\System\jOjELXo.exe
  2⤵
  PID:5108
- C:\Windows\System\WlukisW.exe
  C:\Windows\System\WlukisW.exe
  2⤵
  PID:4200
- C:\Windows\System\mCOOsLM.exe
  C:\Windows\System\mCOOsLM.exe
  2⤵
  PID:4168
- C:\Windows\System\hleAIEC.exe
  C:\Windows\System\hleAIEC.exe
  2⤵
  PID:2044
- C:\Windows\System\eLhGUfJ.exe
  C:\Windows\System\eLhGUfJ.exe
  2⤵
  PID:4172
- C:\Windows\System\AetkZOG.exe
  C:\Windows\System\AetkZOG.exe
  2⤵
  PID:4312
- C:\Windows\System\pKfxbif.exe
  C:\Windows\System\pKfxbif.exe
  2⤵
  PID:4440
- C:\Windows\System\zcaszrj.exe
  C:\Windows\System\zcaszrj.exe
  2⤵
  PID:4564
- C:\Windows\System\WqhmTDd.exe
  C:\Windows\System\WqhmTDd.exe
  2⤵
  PID:4540
- C:\Windows\System\DvNNlXm.exe
  C:\Windows\System\DvNNlXm.exe
  2⤵
  PID:4648
- C:\Windows\System\QaKmEfI.exe
  C:\Windows\System\QaKmEfI.exe
  2⤵
  PID:4688
- C:\Windows\System\GMfxhpK.exe
  C:\Windows\System\GMfxhpK.exe
  2⤵
  PID:4792
- C:\Windows\System\OYThaZf.exe
  C:\Windows\System\OYThaZf.exe
  2⤵
  PID:4788
- C:\Windows\System\NhwtGmj.exe
  C:\Windows\System\NhwtGmj.exe
  2⤵
  PID:4908
- C:\Windows\System\jCojdfh.exe
  C:\Windows\System\jCojdfh.exe
  2⤵
  PID:5000
- C:\Windows\System\WtNRKwU.exe
  C:\Windows\System\WtNRKwU.exe
  2⤵
  PID:5052
- C:\Windows\System\Nutzypz.exe
  C:\Windows\System\Nutzypz.exe
  2⤵
  PID:4164
- C:\Windows\System\RieMfcr.exe
  C:\Windows\System\RieMfcr.exe
  2⤵
  PID:4236
- C:\Windows\System\fXgBcCB.exe
  C:\Windows\System\fXgBcCB.exe
  2⤵
  PID:4404
- C:\Windows\System\cckFBYY.exe
  C:\Windows\System\cckFBYY.exe
  2⤵
  PID:4532
- C:\Windows\System\uEKKgFU.exe
  C:\Windows\System\uEKKgFU.exe
  2⤵
  PID:4556
- C:\Windows\System\sHYAauN.exe
  C:\Windows\System\sHYAauN.exe
  2⤵
  PID:4832
- C:\Windows\System\rYqAalk.exe
  C:\Windows\System\rYqAalk.exe
  2⤵
  PID:5068
- C:\Windows\System\WSJFtDb.exe
  C:\Windows\System\WSJFtDb.exe
  2⤵
  PID:4356
- C:\Windows\System\EogSJtu.exe
  C:\Windows\System\EogSJtu.exe
  2⤵
  PID:4220
- C:\Windows\System\JqHhDwC.exe
  C:\Windows\System\JqHhDwC.exe
  2⤵
  PID:4892
- C:\Windows\System\wvIgMqM.exe
  C:\Windows\System\wvIgMqM.exe
  2⤵
  PID:4516
- C:\Windows\System\HVJHghl.exe
  C:\Windows\System\HVJHghl.exe
  2⤵
  PID:4884
- C:\Windows\System\INDmMix.exe
  C:\Windows\System\INDmMix.exe
  2⤵
  PID:5004
- C:\Windows\System\DEfeZim.exe
  C:\Windows\System\DEfeZim.exe
  2⤵
  PID:5128
- C:\Windows\System\vUTYZuZ.exe
  C:\Windows\System\vUTYZuZ.exe
  2⤵
  PID:5144
- C:\Windows\System\aLZLGFb.exe
  C:\Windows\System\aLZLGFb.exe
  2⤵
  PID:5160
- C:\Windows\System\JWRsNpI.exe
  C:\Windows\System\JWRsNpI.exe
  2⤵
  PID:5176
- C:\Windows\System\FhwGTyx.exe
  C:\Windows\System\FhwGTyx.exe
  2⤵
  PID:5192
- C:\Windows\System\vokrHOa.exe
  C:\Windows\System\vokrHOa.exe
  2⤵
  PID:5208
- C:\Windows\System\WxjhzJn.exe
  C:\Windows\System\WxjhzJn.exe
  2⤵
  PID:5224
- C:\Windows\System\phdwpYi.exe
  C:\Windows\System\phdwpYi.exe
  2⤵
  PID:5240
- C:\Windows\System\ZcMTvlc.exe
  C:\Windows\System\ZcMTvlc.exe
  2⤵
  PID:5256
- C:\Windows\System\jslvMUi.exe
  C:\Windows\System\jslvMUi.exe
  2⤵
  PID:5272
- C:\Windows\System\nApCWFy.exe
  C:\Windows\System\nApCWFy.exe
  2⤵
  PID:5288
- C:\Windows\System\CRtezQH.exe
  C:\Windows\System\CRtezQH.exe
  2⤵
  PID:5304
- C:\Windows\System\ApAPHmp.exe
  C:\Windows\System\ApAPHmp.exe
  2⤵
  PID:5320
- C:\Windows\System\ewbEoVb.exe
  C:\Windows\System\ewbEoVb.exe
  2⤵
  PID:5336
- C:\Windows\System\kBzzinI.exe
  C:\Windows\System\kBzzinI.exe
  2⤵
  PID:5352
- C:\Windows\System\iZUibtC.exe
  C:\Windows\System\iZUibtC.exe
  2⤵
  PID:5368
- C:\Windows\System\KaMvZQR.exe
  C:\Windows\System\KaMvZQR.exe
  2⤵
  PID:5384
- C:\Windows\System\EDYCltY.exe
  C:\Windows\System\EDYCltY.exe
  2⤵
  PID:5404
- C:\Windows\System\TVmRnGx.exe
  C:\Windows\System\TVmRnGx.exe
  2⤵
  PID:5420
- C:\Windows\System\CkqnpFA.exe
  C:\Windows\System\CkqnpFA.exe
  2⤵
  PID:5436
- C:\Windows\System\gVzKOzA.exe
  C:\Windows\System\gVzKOzA.exe
  2⤵
  PID:5456
- C:\Windows\System\ErRZZBP.exe
  C:\Windows\System\ErRZZBP.exe
  2⤵
  PID:5480
- C:\Windows\System\VRScCCH.exe
  C:\Windows\System\VRScCCH.exe
  2⤵
  PID:5500
- C:\Windows\System\RlQcfvL.exe
  C:\Windows\System\RlQcfvL.exe
  2⤵
  PID:5516
- C:\Windows\System\rBqCZnC.exe
  C:\Windows\System\rBqCZnC.exe
  2⤵
  PID:5536
- C:\Windows\System\pMNGKvJ.exe
  C:\Windows\System\pMNGKvJ.exe
  2⤵
  PID:5556
- C:\Windows\System\tCRxkkT.exe
  C:\Windows\System\tCRxkkT.exe
  2⤵
  PID:5572
- C:\Windows\System\ORGWKSf.exe
  C:\Windows\System\ORGWKSf.exe
  2⤵
  PID:5588
- C:\Windows\System\AResxVq.exe
  C:\Windows\System\AResxVq.exe
  2⤵
  PID:5604
- C:\Windows\System\EgOonMI.exe
  C:\Windows\System\EgOonMI.exe
  2⤵
  PID:5620
- C:\Windows\System\CafqqjJ.exe
  C:\Windows\System\CafqqjJ.exe
  2⤵
  PID:5636
- C:\Windows\System\BsMJggz.exe
  C:\Windows\System\BsMJggz.exe
  2⤵
  PID:5652
- C:\Windows\System\nvnQKAM.exe
  C:\Windows\System\nvnQKAM.exe
  2⤵
  PID:5672
- C:\Windows\System\EhXxgWx.exe
  C:\Windows\System\EhXxgWx.exe
  2⤵
  PID:5720
- C:\Windows\System\kWXhfKt.exe
  C:\Windows\System\kWXhfKt.exe
  2⤵
  PID:5736
- C:\Windows\System\bCXVPwy.exe
  C:\Windows\System\bCXVPwy.exe
  2⤵
  PID:5752
- C:\Windows\System\tqFrIpK.exe
  C:\Windows\System\tqFrIpK.exe
  2⤵
  PID:5784
- C:\Windows\System\vzKpOZX.exe
  C:\Windows\System\vzKpOZX.exe
  2⤵
  PID:5800
- C:\Windows\System\BYRoyGW.exe
  C:\Windows\System\BYRoyGW.exe
  2⤵
  PID:5816
- C:\Windows\System\eKDyrHG.exe
  C:\Windows\System\eKDyrHG.exe
  2⤵
  PID:5832
- C:\Windows\System\jINYvVu.exe
  C:\Windows\System\jINYvVu.exe
  2⤵
  PID:5848
- C:\Windows\System\ilAYRJn.exe
  C:\Windows\System\ilAYRJn.exe
  2⤵
  PID:5864
- C:\Windows\System\EdRZoHv.exe
  C:\Windows\System\EdRZoHv.exe
  2⤵
  PID:5880
- C:\Windows\System\XcUOhJn.exe
  C:\Windows\System\XcUOhJn.exe
  2⤵
  PID:5896
- C:\Windows\System\uiKkuTP.exe
  C:\Windows\System\uiKkuTP.exe
  2⤵
  PID:5912
- C:\Windows\System\LuMiCxC.exe
  C:\Windows\System\LuMiCxC.exe
  2⤵
  PID:5936
- C:\Windows\System\fouSqIC.exe
  C:\Windows\System\fouSqIC.exe
  2⤵
  PID:5956
- C:\Windows\System\xDhzXbR.exe
  C:\Windows\System\xDhzXbR.exe
  2⤵
  PID:5976
- C:\Windows\System\aYxbITf.exe
  C:\Windows\System\aYxbITf.exe
  2⤵
  PID:5996
- C:\Windows\System\QWEsWJV.exe
  C:\Windows\System\QWEsWJV.exe
  2⤵
  PID:6012
- C:\Windows\System\eGXpsiT.exe
  C:\Windows\System\eGXpsiT.exe
  2⤵
  PID:6028
- C:\Windows\System\CXvgTxw.exe
  C:\Windows\System\CXvgTxw.exe
  2⤵
  PID:6044
- C:\Windows\System\RdXJPWG.exe
  C:\Windows\System\RdXJPWG.exe
  2⤵
  PID:6060
- C:\Windows\System\TnEktqh.exe
  C:\Windows\System\TnEktqh.exe
  2⤵
  PID:6080
- C:\Windows\System\buavhuE.exe
  C:\Windows\System\buavhuE.exe
  2⤵
  PID:6096
- C:\Windows\System\YjTKaYd.exe
  C:\Windows\System\YjTKaYd.exe
  2⤵
  PID:6112
- C:\Windows\System\TDRHjal.exe
  C:\Windows\System\TDRHjal.exe
  2⤵
  PID:6128
- C:\Windows\System\imrmgSl.exe
  C:\Windows\System\imrmgSl.exe
  2⤵
  PID:4796
- C:\Windows\System\mCojBCn.exe
  C:\Windows\System\mCojBCn.exe
  2⤵
  PID:5136
- C:\Windows\System\KJGQiPQ.exe
  C:\Windows\System\KJGQiPQ.exe
  2⤵
  PID:5168
- C:\Windows\System\TdXEbOY.exe
  C:\Windows\System\TdXEbOY.exe
  2⤵
  PID:5184
- C:\Windows\System\UCubket.exe
  C:\Windows\System\UCubket.exe
  2⤵
  PID:5204
- C:\Windows\System\aCmgwjU.exe
  C:\Windows\System\aCmgwjU.exe
  2⤵
  PID:5252
- C:\Windows\System\DVKhOHs.exe
  C:\Windows\System\DVKhOHs.exe
  2⤵
  PID:5300
- C:\Windows\System\ZeBjwqp.exe
  C:\Windows\System\ZeBjwqp.exe
  2⤵
  PID:5316
- C:\Windows\System\emyKApR.exe
  C:\Windows\System\emyKApR.exe
  2⤵
  PID:5364
- C:\Windows\System\rPWSasR.exe
  C:\Windows\System\rPWSasR.exe
  2⤵
  PID:5400
- C:\Windows\System\FdzteaO.exe
  C:\Windows\System\FdzteaO.exe
  2⤵
  PID:5416
- C:\Windows\System\lGHdDIp.exe
  C:\Windows\System\lGHdDIp.exe
  2⤵
  PID:5452
- C:\Windows\System\rvysGSc.exe
  C:\Windows\System\rvysGSc.exe
  2⤵
  PID:5472
- C:\Windows\System\EuHqwVZ.exe
  C:\Windows\System\EuHqwVZ.exe
  2⤵
  PID:5488
- C:\Windows\System\EKMjbAK.exe
  C:\Windows\System\EKMjbAK.exe
  2⤵
  PID:5528
- C:\Windows\System\IpabFJv.exe
  C:\Windows\System\IpabFJv.exe
  2⤵
  PID:5548
- C:\Windows\System\kiciLoe.exe
  C:\Windows\System\kiciLoe.exe
  2⤵
  PID:5564
- C:\Windows\System\YbSKnNB.exe
  C:\Windows\System\YbSKnNB.exe
  2⤵
  PID:5628
- C:\Windows\System\xAVnBAa.exe
  C:\Windows\System\xAVnBAa.exe
  2⤵
  PID:4716
- C:\Windows\System\SuKdwKp.exe
  C:\Windows\System\SuKdwKp.exe
  2⤵
  PID:5668
- C:\Windows\System\jUqxgrp.exe
  C:\Windows\System\jUqxgrp.exe
  2⤵
  PID:5692
- C:\Windows\System\tskaBKr.exe
  C:\Windows\System\tskaBKr.exe
  2⤵
  PID:5708
- C:\Windows\System\LAGYyMc.exe
  C:\Windows\System\LAGYyMc.exe
  2⤵
  PID:5748
- C:\Windows\System\CmilaQf.exe
  C:\Windows\System\CmilaQf.exe
  2⤵
  PID:5764
- C:\Windows\System\TpBshhi.exe
  C:\Windows\System\TpBshhi.exe
  2⤵
  PID:5808
- C:\Windows\System\DydxPJR.exe
  C:\Windows\System\DydxPJR.exe
  2⤵
  PID:5860
- C:\Windows\System\oHIskeo.exe
  C:\Windows\System\oHIskeo.exe
  2⤵
  PID:5872
- C:\Windows\System\JpAlEyc.exe
  C:\Windows\System\JpAlEyc.exe
  2⤵
  PID:5928
- C:\Windows\System\gOzyfkh.exe
  C:\Windows\System\gOzyfkh.exe
  2⤵
  PID:5968
- C:\Windows\System\ljtbqCE.exe
  C:\Windows\System\ljtbqCE.exe
  2⤵
  PID:5984
- C:\Windows\System\SqXCtdD.exe
  C:\Windows\System\SqXCtdD.exe
  2⤵
  PID:5948
- C:\Windows\System\yxFYPkG.exe
  C:\Windows\System\yxFYPkG.exe
  2⤵
  PID:5396
- C:\Windows\System\tNtPQQu.exe
  C:\Windows\System\tNtPQQu.exe
  2⤵
  PID:6056
- C:\Windows\System\sJiJIyO.exe
  C:\Windows\System\sJiJIyO.exe
  2⤵
  PID:6088
- C:\Windows\System\fCpxSat.exe
  C:\Windows\System\fCpxSat.exe
  2⤵
  PID:5152
- C:\Windows\System\lSMRePb.exe
  C:\Windows\System\lSMRePb.exe
  2⤵
  PID:6140
- C:\Windows\System\GLvgOUl.exe
  C:\Windows\System\GLvgOUl.exe
  2⤵
  PID:5220
- C:\Windows\System\dVXOuWI.exe
  C:\Windows\System\dVXOuWI.exe
  2⤵
  PID:5332
- C:\Windows\System\aMPcYuL.exe
  C:\Windows\System\aMPcYuL.exe
  2⤵
  PID:5344
- C:\Windows\System\HiOaoiR.exe
  C:\Windows\System\HiOaoiR.exe
  2⤵
  PID:5464
- C:\Windows\System\qsDNqqT.exe
  C:\Windows\System\qsDNqqT.exe
  2⤵
  PID:5432
- C:\Windows\System\LWAFSbE.exe
  C:\Windows\System\LWAFSbE.exe
  2⤵
  PID:5544
- C:\Windows\System\cDdJRms.exe
  C:\Windows\System\cDdJRms.exe
  2⤵
  PID:5664
- C:\Windows\System\RDzqzMb.exe
  C:\Windows\System\RDzqzMb.exe
  2⤵
  PID:5684
- C:\Windows\System\fnfoZwz.exe
  C:\Windows\System\fnfoZwz.exe
  2⤵
  PID:5744
- C:\Windows\System\WaBTyAt.exe
  C:\Windows\System\WaBTyAt.exe
  2⤵
  PID:5768
- C:\Windows\System\jFYXmeF.exe
  C:\Windows\System\jFYXmeF.exe
  2⤵
  PID:5780
- C:\Windows\System\XYzDDEZ.exe
  C:\Windows\System\XYzDDEZ.exe
  2⤵
  PID:5920
- C:\Windows\System\vDeKVtH.exe
  C:\Windows\System\vDeKVtH.exe
  2⤵
  PID:5876
- C:\Windows\System\DWEESGc.exe
  C:\Windows\System\DWEESGc.exe
  2⤵
  PID:6008
- C:\Windows\System\ANIdeCj.exe
  C:\Windows\System\ANIdeCj.exe
  2⤵
  PID:6052
- C:\Windows\System\smiAsdu.exe
  C:\Windows\System\smiAsdu.exe
  2⤵
  PID:6104
- C:\Windows\System\hWDAVVV.exe
  C:\Windows\System\hWDAVVV.exe
  2⤵
  PID:6120
- C:\Windows\System\RWuFOkd.exe
  C:\Windows\System\RWuFOkd.exe
  2⤵
  PID:5236
- C:\Windows\System\XSzSdzs.exe
  C:\Windows\System\XSzSdzs.exe
  2⤵
  PID:5172
- C:\Windows\System\IJrHgps.exe
  C:\Windows\System\IJrHgps.exe
  2⤵
  PID:5492
- C:\Windows\System\udOLljs.exe
  C:\Windows\System\udOLljs.exe
  2⤵
  PID:5600
- C:\Windows\System\AHiayez.exe
  C:\Windows\System\AHiayez.exe
  2⤵
  PID:5632
- C:\Windows\System\kRfRHyF.exe
  C:\Windows\System\kRfRHyF.exe
  2⤵
  PID:5824
- C:\Windows\System\zJJAxij.exe
  C:\Windows\System\zJJAxij.exe
  2⤵
  PID:5772
- C:\Windows\System\CwNEQsq.exe
  C:\Windows\System\CwNEQsq.exe
  2⤵
  PID:6024
- C:\Windows\System\hxmcExL.exe
  C:\Windows\System\hxmcExL.exe
  2⤵
  PID:1168
- C:\Windows\System\VewopSs.exe
  C:\Windows\System\VewopSs.exe
  2⤵
  PID:2324
- C:\Windows\System\mGGBbfJ.exe
  C:\Windows\System\mGGBbfJ.exe
  2⤵
  PID:5280
- C:\Windows\System\yWmrcim.exe
  C:\Windows\System\yWmrcim.exe
  2⤵
  PID:5380
- C:\Windows\System\ovbWBME.exe
  C:\Windows\System\ovbWBME.exe
  2⤵
  PID:5644
- C:\Windows\System\OrqNalM.exe
  C:\Windows\System\OrqNalM.exe
  2⤵
  PID:5892
- C:\Windows\System\rcTsYnX.exe
  C:\Windows\System\rcTsYnX.exe
  2⤵
  PID:2604
- C:\Windows\System\LljkdXM.exe
  C:\Windows\System\LljkdXM.exe
  2⤵
  PID:6020
- C:\Windows\System\xIRQFmy.exe
  C:\Windows\System\xIRQFmy.exe
  2⤵
  PID:5444
- C:\Windows\System\RRZlvCd.exe
  C:\Windows\System\RRZlvCd.exe
  2⤵
  PID:5964
- C:\Windows\System\DrRztRD.exe
  C:\Windows\System\DrRztRD.exe
  2⤵
  PID:5856
- C:\Windows\System\eDLEKLQ.exe
  C:\Windows\System\eDLEKLQ.exe
  2⤵
  PID:6072
- C:\Windows\System\fzfjKax.exe
  C:\Windows\System\fzfjKax.exe
  2⤵
  PID:5584
- C:\Windows\System\viIEJMc.exe
  C:\Windows\System\viIEJMc.exe
  2⤵
  PID:568
- C:\Windows\System\vLOBhcn.exe
  C:\Windows\System\vLOBhcn.exe
  2⤵
  PID:5776
- C:\Windows\System\ntYGRJw.exe
  C:\Windows\System\ntYGRJw.exe
  2⤵
  PID:6168
- C:\Windows\System\bFjrIZy.exe
  C:\Windows\System\bFjrIZy.exe
  2⤵
  PID:6184
- C:\Windows\System\xnrmzlr.exe
  C:\Windows\System\xnrmzlr.exe
  2⤵
  PID:6200
- C:\Windows\System\QInurgi.exe
  C:\Windows\System\QInurgi.exe
  2⤵
  PID:6220
- C:\Windows\System\aLtXBEx.exe
  C:\Windows\System\aLtXBEx.exe
  2⤵
  PID:6236
- C:\Windows\System\HWLvpTA.exe
  C:\Windows\System\HWLvpTA.exe
  2⤵
  PID:6256
- C:\Windows\System\QaaINgc.exe
  C:\Windows\System\QaaINgc.exe
  2⤵
  PID:6288
- C:\Windows\System\nwoDqPP.exe
  C:\Windows\System\nwoDqPP.exe
  2⤵
  PID:6304
- C:\Windows\System\lskvdoF.exe
  C:\Windows\System\lskvdoF.exe
  2⤵
  PID:6324
- C:\Windows\System\rdLxSVP.exe
  C:\Windows\System\rdLxSVP.exe
  2⤵
  PID:6344
- C:\Windows\System\WDoUGQA.exe
  C:\Windows\System\WDoUGQA.exe
  2⤵
  PID:6360
- C:\Windows\System\KkpnSfS.exe
  C:\Windows\System\KkpnSfS.exe
  2⤵
  PID:6376
- C:\Windows\System\YRHpYCD.exe
  C:\Windows\System\YRHpYCD.exe
  2⤵
  PID:6412
- C:\Windows\System\jTLbsKa.exe
  C:\Windows\System\jTLbsKa.exe
  2⤵
  PID:6428
- C:\Windows\System\XQuYheJ.exe
  C:\Windows\System\XQuYheJ.exe
  2⤵
  PID:6452
- C:\Windows\System\dtOYEMi.exe
  C:\Windows\System\dtOYEMi.exe
  2⤵
  PID:6468
- C:\Windows\System\hNlBStN.exe
  C:\Windows\System\hNlBStN.exe
  2⤵
  PID:6488
- C:\Windows\System\GXptYyh.exe
  C:\Windows\System\GXptYyh.exe
  2⤵
  PID:6504
- C:\Windows\System\mXeuAOx.exe
  C:\Windows\System\mXeuAOx.exe
  2⤵
  PID:6520
- C:\Windows\System\JqpaIcS.exe
  C:\Windows\System\JqpaIcS.exe
  2⤵
  PID:6536
- C:\Windows\System\CUeEapC.exe
  C:\Windows\System\CUeEapC.exe
  2⤵
  PID:6568
- C:\Windows\System\FUHLNne.exe
  C:\Windows\System\FUHLNne.exe
  2⤵
  PID:6584
- C:\Windows\System\QaiMReE.exe
  C:\Windows\System\QaiMReE.exe
  2⤵
  PID:6604
- C:\Windows\System\kjKszPl.exe
  C:\Windows\System\kjKszPl.exe
  2⤵
  PID:6628
- C:\Windows\System\aiNNxux.exe
  C:\Windows\System\aiNNxux.exe
  2⤵
  PID:6648
- C:\Windows\System\JiEVFIq.exe
  C:\Windows\System\JiEVFIq.exe
  2⤵
  PID:6672
- C:\Windows\System\VktBUWZ.exe
  C:\Windows\System\VktBUWZ.exe
  2⤵
  PID:6688
- C:\Windows\System\gEiAkYB.exe
  C:\Windows\System\gEiAkYB.exe
  2⤵
  PID:6712
- C:\Windows\System\oGBokzs.exe
  C:\Windows\System\oGBokzs.exe
  2⤵
  PID:6732
- C:\Windows\System\UWdywel.exe
  C:\Windows\System\UWdywel.exe
  2⤵
  PID:6752
- C:\Windows\System\VbMUGcF.exe
  C:\Windows\System\VbMUGcF.exe
  2⤵
  PID:6772
- C:\Windows\System\xgafTQS.exe
  C:\Windows\System\xgafTQS.exe
  2⤵
  PID:6788
- C:\Windows\System\GQTJhFO.exe
  C:\Windows\System\GQTJhFO.exe
  2⤵
  PID:6816
- C:\Windows\System\PajBZik.exe
  C:\Windows\System\PajBZik.exe
  2⤵
  PID:6832
- C:\Windows\System\sMhheLt.exe
  C:\Windows\System\sMhheLt.exe
  2⤵
  PID:6856
- C:\Windows\System\DCOiZUs.exe
  C:\Windows\System\DCOiZUs.exe
  2⤵
  PID:6872
- C:\Windows\System\cmiAgIi.exe
  C:\Windows\System\cmiAgIi.exe
  2⤵
  PID:6896
- C:\Windows\System\BPbgsbT.exe
  C:\Windows\System\BPbgsbT.exe
  2⤵
  PID:6916
- C:\Windows\System\yEacqBE.exe
  C:\Windows\System\yEacqBE.exe
  2⤵
  PID:6936
- C:\Windows\System\UtptaSH.exe
  C:\Windows\System\UtptaSH.exe
  2⤵
  PID:6952
- C:\Windows\System\dyVCZPq.exe
  C:\Windows\System\dyVCZPq.exe
  2⤵
  PID:6972
- C:\Windows\System\geoXBPg.exe
  C:\Windows\System\geoXBPg.exe
  2⤵
  PID:6992
- C:\Windows\System\HxdyHFh.exe
  C:\Windows\System\HxdyHFh.exe
  2⤵
  PID:7008
- C:\Windows\System\XFDmPbI.exe
  C:\Windows\System\XFDmPbI.exe
  2⤵
  PID:7024
- C:\Windows\System\sqJKrGT.exe
  C:\Windows\System\sqJKrGT.exe
  2⤵
  PID:7052
- C:\Windows\System\gQbwdJO.exe
  C:\Windows\System\gQbwdJO.exe
  2⤵
  PID:7068
- C:\Windows\System\fJhVWvZ.exe
  C:\Windows\System\fJhVWvZ.exe
  2⤵
  PID:7096
- C:\Windows\System\AiWUmEV.exe
  C:\Windows\System\AiWUmEV.exe
  2⤵
  PID:7112
- C:\Windows\System\PJoRukw.exe
  C:\Windows\System\PJoRukw.exe
  2⤵
  PID:7132
- C:\Windows\System\ZWHEenC.exe
  C:\Windows\System\ZWHEenC.exe
  2⤵
  PID:7152
- C:\Windows\System\YKNuIxI.exe
  C:\Windows\System\YKNuIxI.exe
  2⤵
  PID:6148
- C:\Windows\System\pSKatrl.exe
  C:\Windows\System\pSKatrl.exe
  2⤵
  PID:6156
- C:\Windows\System\HkyHCPi.exe
  C:\Windows\System\HkyHCPi.exe
  2⤵
  PID:6196
- C:\Windows\System\hgJGHPf.exe
  C:\Windows\System\hgJGHPf.exe
  2⤵
  PID:6208
- C:\Windows\System\yvTxoLV.exe
  C:\Windows\System\yvTxoLV.exe
  2⤵
  PID:6180
- C:\Windows\System\NjilmqE.exe
  C:\Windows\System\NjilmqE.exe
  2⤵
  PID:6276
- C:\Windows\System\thYRfic.exe
  C:\Windows\System\thYRfic.exe
  2⤵
  PID:6296
- C:\Windows\System\RwdvGUg.exe
  C:\Windows\System\RwdvGUg.exe
  2⤵
  PID:6336
- C:\Windows\System\VForynX.exe
  C:\Windows\System\VForynX.exe
  2⤵
  PID:6404
- C:\Windows\System\GqSeBBO.exe
  C:\Windows\System\GqSeBBO.exe
  2⤵
  PID:6444
- C:\Windows\System\XiiIXSL.exe
  C:\Windows\System\XiiIXSL.exe
  2⤵
  PID:6484
- C:\Windows\System\uTYIYeb.exe
  C:\Windows\System\uTYIYeb.exe
  2⤵
  PID:6556
- C:\Windows\System\IkBDsyJ.exe
  C:\Windows\System\IkBDsyJ.exe
  2⤵
  PID:6576
- C:\Windows\System\MAcvyGj.exe
  C:\Windows\System\MAcvyGj.exe
  2⤵
  PID:6596
- C:\Windows\System\AYuydJl.exe
  C:\Windows\System\AYuydJl.exe
  2⤵
  PID:6640
- C:\Windows\System\Siuamtj.exe
  C:\Windows\System\Siuamtj.exe
  2⤵
  PID:6620
- C:\Windows\System\gYyXHle.exe
  C:\Windows\System\gYyXHle.exe
  2⤵
  PID:6684
- C:\Windows\System\hdYLfQN.exe
  C:\Windows\System\hdYLfQN.exe
  2⤵
  PID:6696
- C:\Windows\System\rFYwZnw.exe
  C:\Windows\System\rFYwZnw.exe
  2⤵
  PID:6780
- C:\Windows\System\AtrWnry.exe
  C:\Windows\System\AtrWnry.exe
  2⤵
  PID:6748
- C:\Windows\System\BmFAMAX.exe
  C:\Windows\System\BmFAMAX.exe
  2⤵
  PID:6812
- C:\Windows\System\CtZvhOe.exe
  C:\Windows\System\CtZvhOe.exe
  2⤵
  PID:6844
- C:\Windows\System\DgqdvvX.exe
  C:\Windows\System\DgqdvvX.exe
  2⤵
  PID:6880
- C:\Windows\System\aMIbCFt.exe
  C:\Windows\System\aMIbCFt.exe
  2⤵
  PID:6908
- C:\Windows\System\gWVgXne.exe
  C:\Windows\System\gWVgXne.exe
  2⤵
  PID:6944
- C:\Windows\System\Dcqsczw.exe
  C:\Windows\System\Dcqsczw.exe
  2⤵
  PID:6964
- C:\Windows\System\wbXyZeU.exe
  C:\Windows\System\wbXyZeU.exe
  2⤵
  PID:7032
- C:\Windows\System\RhspFiB.exe
  C:\Windows\System\RhspFiB.exe
  2⤵
  PID:7076
- C:\Windows\System\KsvQRXx.exe
  C:\Windows\System\KsvQRXx.exe
  2⤵
  PID:7064
- C:\Windows\System\TeHRIHt.exe
  C:\Windows\System\TeHRIHt.exe
  2⤵
  PID:7104
- C:\Windows\System\ykfJxcb.exe
  C:\Windows\System\ykfJxcb.exe
  2⤵
  PID:7160
- C:\Windows\System\Qezjlaq.exe
  C:\Windows\System\Qezjlaq.exe
  2⤵
  PID:6244
- C:\Windows\System\NtxznUE.exe
  C:\Windows\System\NtxznUE.exe
  2⤵
  PID:6356
- C:\Windows\System\FKceMJa.exe
  C:\Windows\System\FKceMJa.exe
  2⤵
  PID:7148
- C:\Windows\System\PRZDRNW.exe
  C:\Windows\System\PRZDRNW.exe
  2⤵
  PID:6176
- C:\Windows\System\dvbBfts.exe
  C:\Windows\System\dvbBfts.exe
  2⤵
  PID:6272
- C:\Windows\System\TfoaHOu.exe
  C:\Windows\System\TfoaHOu.exe
  2⤵
  PID:6372
- C:\Windows\System\CxXMhRh.exe
  C:\Windows\System\CxXMhRh.exe
  2⤵
  PID:6460
- C:\Windows\System\ZFBwpzG.exe
  C:\Windows\System\ZFBwpzG.exe
  2⤵
  PID:6464
- C:\Windows\System\JaXQbfM.exe
  C:\Windows\System\JaXQbfM.exe
  2⤵
  PID:2900
- C:\Windows\System\GwgPZJs.exe
  C:\Windows\System\GwgPZJs.exe
  2⤵
  PID:6636
- C:\Windows\System\FYBNEOB.exe
  C:\Windows\System\FYBNEOB.exe
  2⤵
  PID:6616
- C:\Windows\System\vusGMfZ.exe
  C:\Windows\System\vusGMfZ.exe
  2⤵
  PID:6764
- C:\Windows\System\UzBEwfn.exe
  C:\Windows\System\UzBEwfn.exe
  2⤵
  PID:6700
- C:\Windows\System\sdBeqOK.exe
  C:\Windows\System\sdBeqOK.exe
  2⤵
  PID:6840
- C:\Windows\System\rRcFPDH.exe
  C:\Windows\System\rRcFPDH.exe
  2⤵
  PID:6912
- C:\Windows\System\jNOzpFm.exe
  C:\Windows\System\jNOzpFm.exe
  2⤵
  PID:6892
- C:\Windows\System\xQCuTNi.exe
  C:\Windows\System\xQCuTNi.exe
  2⤵
  PID:6968
- C:\Windows\System\vsBYXOC.exe
  C:\Windows\System\vsBYXOC.exe
  2⤵
  PID:6980
- C:\Windows\System\ZuOfnjb.exe
  C:\Windows\System\ZuOfnjb.exe
  2⤵
  PID:7092
- C:\Windows\System\vIzUqkR.exe
  C:\Windows\System\vIzUqkR.exe
  2⤵
  PID:6352
- C:\Windows\System\akhpLSz.exe
  C:\Windows\System\akhpLSz.exe
  2⤵
  PID:6312
- C:\Windows\System\llmJYns.exe
  C:\Windows\System\llmJYns.exe
  2⤵
  PID:6264
- C:\Windows\System\uwYHKUR.exe
  C:\Windows\System\uwYHKUR.exe
  2⤵
  PID:6368
- C:\Windows\System\EmfdpPA.exe
  C:\Windows\System\EmfdpPA.exe
  2⤵
  PID:6528
- C:\Windows\System\zYPkGPr.exe
  C:\Windows\System\zYPkGPr.exe
  2⤵
  PID:6476
- C:\Windows\System\PUuniJo.exe
  C:\Windows\System\PUuniJo.exe
  2⤵
  PID:6664
- C:\Windows\System\XGJZFdU.exe
  C:\Windows\System\XGJZFdU.exe
  2⤵
  PID:6784
- C:\Windows\System\HKqssUy.exe
  C:\Windows\System\HKqssUy.exe
  2⤵
  PID:6928
- C:\Windows\System\UxJzZVd.exe
  C:\Windows\System\UxJzZVd.exe
  2⤵
  PID:7036
- C:\Windows\System\yoIknAd.exe
  C:\Windows\System\yoIknAd.exe
  2⤵
  PID:6564
- C:\Windows\System\gifRJZp.exe
  C:\Windows\System\gifRJZp.exe
  2⤵
  PID:6280
- C:\Windows\System\fGUbSWN.exe
  C:\Windows\System\fGUbSWN.exe
  2⤵
  PID:6232
- C:\Windows\System\tSSDuJc.exe
  C:\Windows\System\tSSDuJc.exe
  2⤵
  PID:6544
- C:\Windows\System\Bxxefzq.exe
  C:\Windows\System\Bxxefzq.exe
  2⤵
  PID:6600
- C:\Windows\System\xVHymcR.exe
  C:\Windows\System\xVHymcR.exe
  2⤵
  PID:6612
- C:\Windows\System\NYMCzga.exe
  C:\Windows\System\NYMCzga.exe
  2⤵
  PID:6804
- C:\Windows\System\MhTjJlQ.exe
  C:\Windows\System\MhTjJlQ.exe
  2⤵
  PID:6708
- C:\Windows\System\veyFlZh.exe
  C:\Windows\System\veyFlZh.exe
  2⤵
  PID:6192
- C:\Windows\System\XPVwMrH.exe
  C:\Windows\System\XPVwMrH.exe
  2⤵
  PID:7144
- C:\Windows\System\CAJkpgK.exe
  C:\Windows\System\CAJkpgK.exe
  2⤵
  PID:6904
- C:\Windows\System\RfbBNHq.exe
  C:\Windows\System\RfbBNHq.exe
  2⤵
  PID:7128
- C:\Windows\System\otmZxnH.exe
  C:\Windows\System\otmZxnH.exe
  2⤵
  PID:6660
- C:\Windows\System\OqVIwNr.exe
  C:\Windows\System\OqVIwNr.exe
  2⤵
  PID:7124
- C:\Windows\System\EquoqMC.exe
  C:\Windows\System\EquoqMC.exe
  2⤵
  PID:6800
- C:\Windows\System\DYAHxAe.exe
  C:\Windows\System\DYAHxAe.exe
  2⤵
  PID:7080
- C:\Windows\System\DBRlVIl.exe
  C:\Windows\System\DBRlVIl.exe
  2⤵
  PID:6400
- C:\Windows\System\PhlVheN.exe
  C:\Windows\System\PhlVheN.exe
  2⤵
  PID:6852
- C:\Windows\System\dzLWuMk.exe
  C:\Windows\System\dzLWuMk.exe
  2⤵
  PID:6624
- C:\Windows\System\zBWBHBT.exe
  C:\Windows\System\zBWBHBT.exe
  2⤵
  PID:7176
- C:\Windows\System\HqohIbS.exe
  C:\Windows\System\HqohIbS.exe
  2⤵
  PID:7192
- C:\Windows\System\aMQsxng.exe
  C:\Windows\System\aMQsxng.exe
  2⤵
  PID:7208
- C:\Windows\System\OycMAfv.exe
  C:\Windows\System\OycMAfv.exe
  2⤵
  PID:7240
- C:\Windows\System\EgvByxF.exe
  C:\Windows\System\EgvByxF.exe
  2⤵
  PID:7256
- C:\Windows\System\qgNvdIo.exe
  C:\Windows\System\qgNvdIo.exe
  2⤵
  PID:7280
- C:\Windows\System\AnmzcoP.exe
  C:\Windows\System\AnmzcoP.exe
  2⤵
  PID:7296
- C:\Windows\System\LkPlOoG.exe
  C:\Windows\System\LkPlOoG.exe
  2⤵
  PID:7320
- C:\Windows\System\SFqgBhA.exe
  C:\Windows\System\SFqgBhA.exe
  2⤵
  PID:7336
- C:\Windows\System\cNKGkUC.exe
  C:\Windows\System\cNKGkUC.exe
  2⤵
  PID:7356
- C:\Windows\System\VqQkqjp.exe
  C:\Windows\System\VqQkqjp.exe
  2⤵
  PID:7372
- C:\Windows\System\WTFxVzF.exe
  C:\Windows\System\WTFxVzF.exe
  2⤵
  PID:7392
- C:\Windows\System\KSRVjPG.exe
  C:\Windows\System\KSRVjPG.exe
  2⤵
  PID:7420
- C:\Windows\System\BRpfHYE.exe
  C:\Windows\System\BRpfHYE.exe
  2⤵
  PID:7440
- C:\Windows\System\kCzGBZm.exe
  C:\Windows\System\kCzGBZm.exe
  2⤵
  PID:7456
- C:\Windows\System\lDMVdVa.exe
  C:\Windows\System\lDMVdVa.exe
  2⤵
  PID:7472
- C:\Windows\System\KTHTNTC.exe
  C:\Windows\System\KTHTNTC.exe
  2⤵
  PID:7496
- C:\Windows\System\OurWbVl.exe
  C:\Windows\System\OurWbVl.exe
  2⤵
  PID:7516
- C:\Windows\System\KccuSdh.exe
  C:\Windows\System\KccuSdh.exe
  2⤵
  PID:7532
- C:\Windows\System\pFeOsOO.exe
  C:\Windows\System\pFeOsOO.exe
  2⤵
  PID:7556
- C:\Windows\System\YerRFeQ.exe
  C:\Windows\System\YerRFeQ.exe
  2⤵
  PID:7580
- C:\Windows\System\KPEuXiY.exe
  C:\Windows\System\KPEuXiY.exe
  2⤵
  PID:7600
- C:\Windows\System\vGspfBC.exe
  C:\Windows\System\vGspfBC.exe
  2⤵
  PID:7620
- C:\Windows\System\TdCPCVM.exe
  C:\Windows\System\TdCPCVM.exe
  2⤵
  PID:7644
- C:\Windows\System\JfwGPFV.exe
  C:\Windows\System\JfwGPFV.exe
  2⤵
  PID:7660
- C:\Windows\System\KkpCqxx.exe
  C:\Windows\System\KkpCqxx.exe
  2⤵
  PID:7680
- C:\Windows\System\nOhFJUc.exe
  C:\Windows\System\nOhFJUc.exe
  2⤵
  PID:7696
- C:\Windows\System\mXOXmkd.exe
  C:\Windows\System\mXOXmkd.exe
  2⤵
  PID:7720
- C:\Windows\System\ibJfYKX.exe
  C:\Windows\System\ibJfYKX.exe
  2⤵
  PID:7736
- C:\Windows\System\ORnoMAn.exe
  C:\Windows\System\ORnoMAn.exe
  2⤵
  PID:7756
- C:\Windows\System\EHtXscR.exe
  C:\Windows\System\EHtXscR.exe
  2⤵
  PID:7776
- C:\Windows\System\POxDiaH.exe
  C:\Windows\System\POxDiaH.exe
  2⤵
  PID:7796
- C:\Windows\System\ngLnzDk.exe
  C:\Windows\System\ngLnzDk.exe
  2⤵
  PID:7820
- C:\Windows\System\kDRJcnK.exe
  C:\Windows\System\kDRJcnK.exe
  2⤵
  PID:7840
- C:\Windows\System\yIFsLbV.exe
  C:\Windows\System\yIFsLbV.exe
  2⤵
  PID:7860
- C:\Windows\System\ioGHacY.exe
  C:\Windows\System\ioGHacY.exe
  2⤵
  PID:7884
- C:\Windows\System\qprPSLN.exe
  C:\Windows\System\qprPSLN.exe
  2⤵
  PID:7900
- C:\Windows\System\AQHWhFY.exe
  C:\Windows\System\AQHWhFY.exe
  2⤵
  PID:7916
- C:\Windows\System\cYbHhVE.exe
  C:\Windows\System\cYbHhVE.exe
  2⤵
  PID:7932
- C:\Windows\System\lKoyqRM.exe
  C:\Windows\System\lKoyqRM.exe
  2⤵
  PID:7964
- C:\Windows\System\jsUFKyh.exe
  C:\Windows\System\jsUFKyh.exe
  2⤵
  PID:7980
- C:\Windows\System\AzKFRHY.exe
  C:\Windows\System\AzKFRHY.exe
  2⤵
  PID:8000
- C:\Windows\System\nZQOSbH.exe
  C:\Windows\System\nZQOSbH.exe
  2⤵
  PID:8016
- C:\Windows\System\TzlhjPM.exe
  C:\Windows\System\TzlhjPM.exe
  2⤵
  PID:8032
- C:\Windows\System\OPKAhQb.exe
  C:\Windows\System\OPKAhQb.exe
  2⤵
  PID:8064
- C:\Windows\System\WUpLDZE.exe
  C:\Windows\System\WUpLDZE.exe
  2⤵
  PID:8084
- C:\Windows\System\DGnzQfP.exe
  C:\Windows\System\DGnzQfP.exe
  2⤵
  PID:8100
- C:\Windows\System\JDnnGCz.exe
  C:\Windows\System\JDnnGCz.exe
  2⤵
  PID:8124
- C:\Windows\System\VMOVtwS.exe
  C:\Windows\System\VMOVtwS.exe
  2⤵
  PID:8148
- C:\Windows\System\SVJjQaS.exe
  C:\Windows\System\SVJjQaS.exe
  2⤵
  PID:8164
- C:\Windows\System\uqyKGlw.exe
  C:\Windows\System\uqyKGlw.exe
  2⤵
  PID:8184
- C:\Windows\System\LzzAjhK.exe
  C:\Windows\System\LzzAjhK.exe
  2⤵
  PID:7216
- C:\Windows\System\GbxeXsL.exe
  C:\Windows\System\GbxeXsL.exe
  2⤵
  PID:7172
- C:\Windows\System\wSvPYYc.exe
  C:\Windows\System\wSvPYYc.exe
  2⤵
  PID:7272
- C:\Windows\System\fKkjbKj.exe
  C:\Windows\System\fKkjbKj.exe
  2⤵
  PID:7304
- C:\Windows\System\RzdwYQF.exe
  C:\Windows\System\RzdwYQF.exe
  2⤵
  PID:7312
- C:\Windows\System\mkCuiWH.exe
  C:\Windows\System\mkCuiWH.exe
  2⤵
  PID:7348
- C:\Windows\System\ZmHNEMF.exe
  C:\Windows\System\ZmHNEMF.exe
  2⤵
  PID:7404
- C:\Windows\System\yxSeFNB.exe
  C:\Windows\System\yxSeFNB.exe
  2⤵
  PID:7428
- C:\Windows\System\uZYPErw.exe
  C:\Windows\System\uZYPErw.exe
  2⤵
  PID:7464
- C:\Windows\System\aQgWIgL.exe
  C:\Windows\System\aQgWIgL.exe
  2⤵
  PID:7540
- C:\Windows\System\iYSWMiu.exe
  C:\Windows\System\iYSWMiu.exe
  2⤵
  PID:7480
- C:\Windows\System\ZGfkwcc.exe
  C:\Windows\System\ZGfkwcc.exe
  2⤵
  PID:7572
- C:\Windows\System\gjkgnNY.exe
  C:\Windows\System\gjkgnNY.exe
  2⤵
  PID:7568
- C:\Windows\System\vqoDTyP.exe
  C:\Windows\System\vqoDTyP.exe
  2⤵
  PID:7632
- C:\Windows\System\YPaIafg.exe
  C:\Windows\System\YPaIafg.exe
  2⤵
  PID:7636
- C:\Windows\System\gOpBPHC.exe
  C:\Windows\System\gOpBPHC.exe
  2⤵
  PID:7708
- C:\Windows\System\NZOndPu.exe
  C:\Windows\System\NZOndPu.exe
  2⤵
  PID:7744
- C:\Windows\System\LDjaOpm.exe
  C:\Windows\System\LDjaOpm.exe
  2⤵
  PID:7752
- C:\Windows\System\XEjFOpq.exe
  C:\Windows\System\XEjFOpq.exe
  2⤵
  PID:7804
- C:\Windows\System\RQzBMXV.exe
  C:\Windows\System\RQzBMXV.exe
  2⤵
  PID:7828
- C:\Windows\System\SRYvZsz.exe
  C:\Windows\System\SRYvZsz.exe
  2⤵
  PID:7856
- C:\Windows\System\mEmsWci.exe
  C:\Windows\System\mEmsWci.exe
  2⤵
  PID:7892
- C:\Windows\System\PRrFGbH.exe
  C:\Windows\System\PRrFGbH.exe
  2⤵
  PID:7952
- C:\Windows\System\PfJvRTm.exe
  C:\Windows\System\PfJvRTm.exe
  2⤵
  PID:7956
- C:\Windows\System\cZUwccN.exe
  C:\Windows\System\cZUwccN.exe
  2⤵
  PID:8008
- C:\Windows\System\JMCiKHo.exe
  C:\Windows\System\JMCiKHo.exe
  2⤵
  PID:8044
- C:\Windows\System\SFIABZY.exe
  C:\Windows\System\SFIABZY.exe
  2⤵
  PID:8052
- C:\Windows\System\sqEZOkp.exe
  C:\Windows\System\sqEZOkp.exe
  2⤵
  PID:8092
- C:\Windows\System\bKxENcX.exe
  C:\Windows\System\bKxENcX.exe
  2⤵
  PID:8144
- C:\Windows\System\dlknbjO.exe
  C:\Windows\System\dlknbjO.exe
  2⤵
  PID:8160
- C:\Windows\System\hAxxsbI.exe
  C:\Windows\System\hAxxsbI.exe
  2⤵
  PID:7232
- C:\Windows\System\DQFpLaU.exe
  C:\Windows\System\DQFpLaU.exe
  2⤵
  PID:7220
- C:\Windows\System\LqgwtrB.exe
  C:\Windows\System\LqgwtrB.exe
  2⤵
  PID:7316
- C:\Windows\System\iSeSQdN.exe
  C:\Windows\System\iSeSQdN.exe
  2⤵
  PID:7384
- C:\Windows\System\hQeaRql.exe
  C:\Windows\System\hQeaRql.exe
  2⤵
  PID:7468
- C:\Windows\System\KoMHCnd.exe
  C:\Windows\System\KoMHCnd.exe
  2⤵
  PID:7504
- C:\Windows\System\noCbjCR.exe
  C:\Windows\System\noCbjCR.exe
  2⤵
  PID:7512
- C:\Windows\System\OTKfywK.exe
  C:\Windows\System\OTKfywK.exe
  2⤵
  PID:7564
- C:\Windows\System\xdrSccY.exe
  C:\Windows\System\xdrSccY.exe
  2⤵
  PID:7652
- C:\Windows\System\KmGYamQ.exe
  C:\Windows\System\KmGYamQ.exe
  2⤵
  PID:7672
- C:\Windows\System\vLIAwVJ.exe
  C:\Windows\System\vLIAwVJ.exe
  2⤵
  PID:7764
- C:\Windows\System\PgJTdHV.exe
  C:\Windows\System\PgJTdHV.exe
  2⤵
  PID:7784
- C:\Windows\System\mbvARyr.exe
  C:\Windows\System\mbvARyr.exe
  2⤵
  PID:7836
- C:\Windows\System\boGTtMd.exe
  C:\Windows\System\boGTtMd.exe
  2⤵
  PID:7852
- C:\Windows\System\tgAzICy.exe
  C:\Windows\System\tgAzICy.exe
  2⤵
  PID:7908
- C:\Windows\System\azWeyWK.exe
  C:\Windows\System\azWeyWK.exe
  2⤵
  PID:7972
- C:\Windows\System\drZKWer.exe
  C:\Windows\System\drZKWer.exe
  2⤵
  PID:7976
- C:\Windows\System\JxljVbv.exe
  C:\Windows\System\JxljVbv.exe
  2⤵
  PID:8060
- C:\Windows\System\xmjWVUm.exe
  C:\Windows\System\xmjWVUm.exe
  2⤵
  PID:8112
- C:\Windows\System\oaAiqqV.exe
  C:\Windows\System\oaAiqqV.exe
  2⤵
  PID:7388
- C:\Windows\System\zVKxcXP.exe
  C:\Windows\System\zVKxcXP.exe
  2⤵
  PID:7436
- C:\Windows\System\UEpnlbe.exe
  C:\Windows\System\UEpnlbe.exe
  2⤵
  PID:7288
- C:\Windows\System\VbFonte.exe
  C:\Windows\System\VbFonte.exe
  2⤵
  PID:7576
- C:\Windows\System\rqPZxyX.exe
  C:\Windows\System\rqPZxyX.exe
  2⤵
  PID:7416
- C:\Windows\System\ZyrZNHm.exe
  C:\Windows\System\ZyrZNHm.exe
  2⤵
  PID:7716
- C:\Windows\System\XvdnZJy.exe
  C:\Windows\System\XvdnZJy.exe
  2⤵
  PID:7704
- C:\Windows\System\silFNaK.exe
  C:\Windows\System\silFNaK.exe
  2⤵
  PID:7772
- C:\Windows\System\HYWVidG.exe
  C:\Windows\System\HYWVidG.exe
  2⤵
  PID:7948
- C:\Windows\System\rbXQxOz.exe
  C:\Windows\System\rbXQxOz.exe
  2⤵
  PID:8132
- C:\Windows\System\MTIzPQS.exe
  C:\Windows\System\MTIzPQS.exe
  2⤵
  PID:7996
- C:\Windows\System\KcVTnUC.exe
  C:\Windows\System\KcVTnUC.exe
  2⤵
  PID:7848
- C:\Windows\System\GXoSLqs.exe
  C:\Windows\System\GXoSLqs.exe
  2⤵
  PID:7544
- C:\Windows\System\dcJARwr.exe
  C:\Windows\System\dcJARwr.exe
  2⤵
  PID:7268
- C:\Windows\System\AdOQsOT.exe
  C:\Windows\System\AdOQsOT.exe
  2⤵
  PID:7368
- C:\Windows\System\pfYJyKd.exe
  C:\Windows\System\pfYJyKd.exe
  2⤵
  PID:7596
- C:\Windows\System\PMqVPCT.exe
  C:\Windows\System\PMqVPCT.exe
  2⤵
  PID:7528
- C:\Windows\System\mFFomaE.exe
  C:\Windows\System\mFFomaE.exe
  2⤵
  PID:8120
- C:\Windows\System\BSyAKDR.exe
  C:\Windows\System\BSyAKDR.exe
  2⤵
  PID:8024
- C:\Windows\System\OXxtIVC.exe
  C:\Windows\System\OXxtIVC.exe
  2⤵
  PID:7228
- C:\Windows\System\rmzreUA.exe
  C:\Windows\System\rmzreUA.exe
  2⤵
  PID:7668
- C:\Windows\System\piQSdUk.exe
  C:\Windows\System\piQSdUk.exe
  2⤵
  PID:7788
- C:\Windows\System\LOQexRG.exe
  C:\Windows\System\LOQexRG.exe
  2⤵
  PID:7880
- C:\Windows\System\YmTNJim.exe
  C:\Windows\System\YmTNJim.exe
  2⤵
  PID:8096
- C:\Windows\System\lRwvDnt.exe
  C:\Windows\System\lRwvDnt.exe
  2⤵
  PID:7612
- C:\Windows\System\CmVqqYy.exe
  C:\Windows\System\CmVqqYy.exe
  2⤵
  PID:8212
- C:\Windows\System\yUgpwQN.exe
  C:\Windows\System\yUgpwQN.exe
  2⤵
  PID:8228
- C:\Windows\System\yWJDNra.exe
  C:\Windows\System\yWJDNra.exe
  2⤵
  PID:8248
- C:\Windows\System\RpUghzG.exe
  C:\Windows\System\RpUghzG.exe
  2⤵
  PID:8268
- C:\Windows\System\LdvkwaU.exe
  C:\Windows\System\LdvkwaU.exe
  2⤵
  PID:8300
- C:\Windows\System\LxMEiXX.exe
  C:\Windows\System\LxMEiXX.exe
  2⤵
  PID:8316
- C:\Windows\System\tCdVNDo.exe
  C:\Windows\System\tCdVNDo.exe
  2⤵
  PID:8336
- C:\Windows\System\AqePebt.exe
  C:\Windows\System\AqePebt.exe
  2⤵
  PID:8356
- C:\Windows\System\RmLmAFn.exe
  C:\Windows\System\RmLmAFn.exe
  2⤵
  PID:8376
- C:\Windows\System\YKzkllO.exe
  C:\Windows\System\YKzkllO.exe
  2⤵
  PID:8396
- C:\Windows\System\jFRFIVB.exe
  C:\Windows\System\jFRFIVB.exe
  2⤵
  PID:8420
- C:\Windows\System\nGPviwI.exe
  C:\Windows\System\nGPviwI.exe
  2⤵
  PID:8436
- C:\Windows\System\NAbBMdl.exe
  C:\Windows\System\NAbBMdl.exe
  2⤵
  PID:8452
- C:\Windows\System\KtqqsDf.exe
  C:\Windows\System\KtqqsDf.exe
  2⤵
  PID:8476
- C:\Windows\System\maJWVtR.exe
  C:\Windows\System\maJWVtR.exe
  2⤵
  PID:8492
- C:\Windows\System\jdPAlxs.exe
  C:\Windows\System\jdPAlxs.exe
  2⤵
  PID:8512
- C:\Windows\System\PWFJgSL.exe
  C:\Windows\System\PWFJgSL.exe
  2⤵
  PID:8528
- C:\Windows\System\ezPRYCF.exe
  C:\Windows\System\ezPRYCF.exe
  2⤵
  PID:8552
- C:\Windows\System\vKZvmGF.exe
  C:\Windows\System\vKZvmGF.exe
  2⤵
  PID:8568
- C:\Windows\System\FGHGkkd.exe
  C:\Windows\System\FGHGkkd.exe
  2⤵
  PID:8596
- C:\Windows\System\cKKJdow.exe
  C:\Windows\System\cKKJdow.exe
  2⤵
  PID:8616
- C:\Windows\System\BeQDqvj.exe
  C:\Windows\System\BeQDqvj.exe
  2⤵
  PID:8640
- C:\Windows\System\WeYhlMo.exe
  C:\Windows\System\WeYhlMo.exe
  2⤵
  PID:8656
- C:\Windows\System\GtegvdU.exe
  C:\Windows\System\GtegvdU.exe
  2⤵
  PID:8676
- C:\Windows\System\iYNBzzX.exe
  C:\Windows\System\iYNBzzX.exe
  2⤵
  PID:8692
- C:\Windows\System\YaQCCDG.exe
  C:\Windows\System\YaQCCDG.exe
  2⤵
  PID:8724
- C:\Windows\System\qcZhhVC.exe
  C:\Windows\System\qcZhhVC.exe
  2⤵
  PID:8740
- C:\Windows\System\sJWHXXn.exe
  C:\Windows\System\sJWHXXn.exe
  2⤵
  PID:8756
- C:\Windows\System\GhoviRg.exe
  C:\Windows\System\GhoviRg.exe
  2⤵
  PID:8776
- C:\Windows\System\VEhOZMm.exe
  C:\Windows\System\VEhOZMm.exe
  2⤵
  PID:8804
- C:\Windows\System\PVVTXiB.exe
  C:\Windows\System\PVVTXiB.exe
  2⤵
  PID:8820
- C:\Windows\System\TEMNyXo.exe
  C:\Windows\System\TEMNyXo.exe
  2⤵
  PID:8836
- C:\Windows\System\eIEIUoy.exe
  C:\Windows\System\eIEIUoy.exe
  2⤵
  PID:8852
- C:\Windows\System\pinZrNj.exe
  C:\Windows\System\pinZrNj.exe
  2⤵
  PID:8868
- C:\Windows\System\OluUiwz.exe
  C:\Windows\System\OluUiwz.exe
  2⤵
  PID:8904
- C:\Windows\System\anqBAYH.exe
  C:\Windows\System\anqBAYH.exe
  2⤵
  PID:8924
- C:\Windows\System\EywRUfN.exe
  C:\Windows\System\EywRUfN.exe
  2⤵
  PID:8944
- C:\Windows\System\UreiGrQ.exe
  C:\Windows\System\UreiGrQ.exe
  2⤵
  PID:8964
- C:\Windows\System\RGRoeFY.exe
  C:\Windows\System\RGRoeFY.exe
  2⤵
  PID:8984
- C:\Windows\System\QARGfgC.exe
  C:\Windows\System\QARGfgC.exe
  2⤵
  PID:9004
- C:\Windows\System\wsXMKSC.exe
  C:\Windows\System\wsXMKSC.exe
  2⤵
  PID:9028
- C:\Windows\System\WvHFKoh.exe
  C:\Windows\System\WvHFKoh.exe
  2⤵
  PID:9044
- C:\Windows\System\colyZfZ.exe
  C:\Windows\System\colyZfZ.exe
  2⤵
  PID:9060
- C:\Windows\System\QHjDuOZ.exe
  C:\Windows\System\QHjDuOZ.exe
  2⤵
  PID:9080
- C:\Windows\System\IaXyGhN.exe
  C:\Windows\System\IaXyGhN.exe
  2⤵
  PID:9104
- C:\Windows\System\JSMvrfJ.exe
  C:\Windows\System\JSMvrfJ.exe
  2⤵
  PID:9120
- C:\Windows\System\tYuRJdQ.exe
  C:\Windows\System\tYuRJdQ.exe
  2⤵
  PID:9136
- C:\Windows\System\OGzUnAv.exe
  C:\Windows\System\OGzUnAv.exe
  2⤵
  PID:9156
- C:\Windows\System\MYTIyHG.exe
  C:\Windows\System\MYTIyHG.exe
  2⤵
  PID:9184
- C:\Windows\System\Tvjbvzz.exe
  C:\Windows\System\Tvjbvzz.exe
  2⤵
  PID:9204
- C:\Windows\System\mKgNcVc.exe
  C:\Windows\System\mKgNcVc.exe
  2⤵
  PID:7188
- C:\Windows\System\sdUTbNF.exe
  C:\Windows\System\sdUTbNF.exe
  2⤵
  PID:8220
- C:\Windows\System\ygkHmAe.exe
  C:\Windows\System\ygkHmAe.exe
  2⤵
  PID:8256
- C:\Windows\System\aaYeRXx.exe
  C:\Windows\System\aaYeRXx.exe
  2⤵
  PID:8280
- C:\Windows\System\pSHyrnw.exe
  C:\Windows\System\pSHyrnw.exe
  2⤵
  PID:8292
- C:\Windows\System\CRnSmiE.exe
  C:\Windows\System\CRnSmiE.exe
  2⤵
  PID:8332
- C:\Windows\System\waxRXFG.exe
  C:\Windows\System\waxRXFG.exe
  2⤵
  PID:8372
- C:\Windows\System\zaAuiXc.exe
  C:\Windows\System\zaAuiXc.exe
  2⤵
  PID:8404
- C:\Windows\System\vnMPARp.exe
  C:\Windows\System\vnMPARp.exe
  2⤵
  PID:8432
- C:\Windows\System\BzaCZbw.exe
  C:\Windows\System\BzaCZbw.exe
  2⤵
  PID:8448
- C:\Windows\System\cXpIiGB.exe
  C:\Windows\System\cXpIiGB.exe
  2⤵
  PID:8520
- C:\Windows\System\YSkSjaK.exe
  C:\Windows\System\YSkSjaK.exe
  2⤵
  PID:8508
- C:\Windows\System\ndQiAlf.exe
  C:\Windows\System\ndQiAlf.exe
  2⤵
  PID:8580
- C:\Windows\System\pWLNvnF.exe
  C:\Windows\System\pWLNvnF.exe
  2⤵
  PID:8548
- C:\Windows\System\ChlFfOl.exe
  C:\Windows\System\ChlFfOl.exe
  2⤵
  PID:8688
- C:\Windows\System\FKMXEWH.exe
  C:\Windows\System\FKMXEWH.exe
  2⤵
  PID:8668
- C:\Windows\System\adlvjsG.exe
  C:\Windows\System\adlvjsG.exe
  2⤵
  PID:8736
- C:\Windows\System\TzBwmLC.exe
  C:\Windows\System\TzBwmLC.exe
  2⤵
  PID:8748
- C:\Windows\System\KbQxqKl.exe
  C:\Windows\System\KbQxqKl.exe
  2⤵
  PID:8788
- C:\Windows\System\iPsCRnd.exe
  C:\Windows\System\iPsCRnd.exe
  2⤵
  PID:8816
- C:\Windows\System\ehWaYMd.exe
  C:\Windows\System\ehWaYMd.exe
  2⤵
  PID:8892
- C:\Windows\System\UOhezwt.exe
  C:\Windows\System\UOhezwt.exe
  2⤵
  PID:8864
- C:\Windows\System\sDJvmqY.exe
  C:\Windows\System\sDJvmqY.exe
  2⤵
  PID:8920
- C:\Windows\System\qEbgKJz.exe
  C:\Windows\System\qEbgKJz.exe
  2⤵
  PID:8972
- C:\Windows\System\DKtIBkp.exe
  C:\Windows\System\DKtIBkp.exe
  2⤵
  PID:8996
- C:\Windows\System\IhSFEsx.exe
  C:\Windows\System\IhSFEsx.exe
  2⤵
  PID:9016
- C:\Windows\System\NEfqvoC.exe
  C:\Windows\System\NEfqvoC.exe
  2⤵
  PID:9088
- C:\Windows\System\CqqDNEg.exe
  C:\Windows\System\CqqDNEg.exe
  2⤵
  PID:9128
- C:\Windows\System\KhgvtCM.exe
  C:\Windows\System\KhgvtCM.exe
  2⤵
  PID:9116
- C:\Windows\System\vnLYpNe.exe
  C:\Windows\System\vnLYpNe.exe
  2⤵
  PID:9152
- C:\Windows\System\IaIhbEN.exe
  C:\Windows\System\IaIhbEN.exe
  2⤵
  PID:9180
- C:\Windows\System\vAnemmu.exe
  C:\Windows\System\vAnemmu.exe
  2⤵
  PID:9200
- C:\Windows\System\SxBroxl.exe
  C:\Windows\System\SxBroxl.exe
  2⤵
  PID:8208
- C:\Windows\System\tdswYFY.exe
  C:\Windows\System\tdswYFY.exe
  2⤵
  PID:8076
- C:\Windows\System\UnbnPLW.exe
  C:\Windows\System\UnbnPLW.exe
  2⤵
  PID:8276
- C:\Windows\System\LmtsUsh.exe
  C:\Windows\System\LmtsUsh.exe
  2⤵
  PID:8412
- C:\Windows\System\yPtlnyj.exe
  C:\Windows\System\yPtlnyj.exe
  2⤵
  PID:8500
- C:\Windows\System\YhMjwQo.exe
  C:\Windows\System\YhMjwQo.exe
  2⤵
  PID:8612
- C:\Windows\System\qKOUDnz.exe
  C:\Windows\System\qKOUDnz.exe
  2⤵
  PID:8464
- C:\Windows\System\RYgTOGA.exe
  C:\Windows\System\RYgTOGA.exe
  2⤵
  PID:8648
- C:\Windows\System\AjtjgGO.exe
  C:\Windows\System\AjtjgGO.exe
  2⤵
  PID:8716
- C:\Windows\System\nNLiwmP.exe
  C:\Windows\System\nNLiwmP.exe
  2⤵
  PID:8708
- C:\Windows\System\SShiawJ.exe
  C:\Windows\System\SShiawJ.exe
  2⤵
  PID:8772
- C:\Windows\System\VIaTzel.exe
  C:\Windows\System\VIaTzel.exe
  2⤵
  PID:8880
- C:\Windows\System\tuWCKLA.exe
  C:\Windows\System\tuWCKLA.exe
  2⤵
  PID:8860
- C:\Windows\System\dRHngIF.exe
  C:\Windows\System\dRHngIF.exe
  2⤵
  PID:8936
- C:\Windows\System\neUrOSu.exe
  C:\Windows\System\neUrOSu.exe
  2⤵
  PID:8992
- C:\Windows\System\WPUjeky.exe
  C:\Windows\System\WPUjeky.exe
  2⤵
  PID:9056
- C:\Windows\System\OfgbhoK.exe
  C:\Windows\System\OfgbhoK.exe
  2⤵
  PID:9068
- C:\Windows\System\PJEXovk.exe
  C:\Windows\System\PJEXovk.exe
  2⤵
  PID:9176
- C:\Windows\System\hGjJvfR.exe
  C:\Windows\System\hGjJvfR.exe
  2⤵
  PID:8244
- C:\Windows\System\fclsmbB.exe
  C:\Windows\System\fclsmbB.exe
  2⤵
  PID:8264
- C:\Windows\System\SAVMWpB.exe
  C:\Windows\System\SAVMWpB.exe
  2⤵
  PID:8416
- C:\Windows\System\claLkrR.exe
  C:\Windows\System\claLkrR.exe
  2⤵
  PID:8484
- C:\Windows\System\tCFyHQd.exe
  C:\Windows\System\tCFyHQd.exe
  2⤵
  PID:8392
- C:\Windows\System\XThTYrd.exe
  C:\Windows\System\XThTYrd.exe
  2⤵
  PID:8636
- C:\Windows\System\dkauEYu.exe
  C:\Windows\System\dkauEYu.exe
  2⤵
  PID:8768
- C:\Windows\System\KVlNaCm.exe
  C:\Windows\System\KVlNaCm.exe
  2⤵
  PID:8704
- C:\Windows\System\VSGzTaz.exe
  C:\Windows\System\VSGzTaz.exe
  2⤵
  PID:8912
- C:\Windows\System\SIEqLiz.exe
  C:\Windows\System\SIEqLiz.exe
  2⤵
  PID:8848
- C:\Windows\System\ugOvMoF.exe
  C:\Windows\System\ugOvMoF.exe
  2⤵
  PID:9052
- C:\Windows\System\YMnEqBR.exe
  C:\Windows\System\YMnEqBR.exe
  2⤵
  PID:8200
- C:\Windows\System\eDVcKkI.exe
  C:\Windows\System\eDVcKkI.exe
  2⤵
  PID:9196
- C:\Windows\System\xAPtIEa.exe
  C:\Windows\System\xAPtIEa.exe
  2⤵
  PID:8324
- C:\Windows\System\oXlAejD.exe
  C:\Windows\System\oXlAejD.exe
  2⤵
  PID:8652
- C:\Windows\System\ThdqGgG.exe
  C:\Windows\System\ThdqGgG.exe
  2⤵
  PID:8684
- C:\Windows\System\KQLYEyX.exe
  C:\Windows\System\KQLYEyX.exe
  2⤵
  PID:8952
- C:\Windows\System\hOIuEgL.exe
  C:\Windows\System\hOIuEgL.exe
  2⤵
  PID:9000
- C:\Windows\System\hjnFrEG.exe
  C:\Windows\System\hjnFrEG.exe
  2⤵
  PID:8608
- C:\Windows\System\AjorLcM.exe
  C:\Windows\System\AjorLcM.exe
  2⤵
  PID:9172
- C:\Windows\System\kprlKXV.exe
  C:\Windows\System\kprlKXV.exe
  2⤵
  PID:8524
- C:\Windows\System\WCFFDUx.exe
  C:\Windows\System\WCFFDUx.exe
  2⤵
  PID:8328
- C:\Windows\System\WKXyNLF.exe
  C:\Windows\System\WKXyNLF.exe
  2⤵
  PID:8472
- C:\Windows\System\USSVTTw.exe
  C:\Windows\System\USSVTTw.exe
  2⤵
  PID:8884
- C:\Windows\System\tvanreM.exe
  C:\Windows\System\tvanreM.exe
  2⤵
  PID:9148
- C:\Windows\System\mPSlUiG.exe
  C:\Windows\System\mPSlUiG.exe
  2⤵
  PID:8344
- C:\Windows\System\bbramAw.exe
  C:\Windows\System\bbramAw.exe
  2⤵
  PID:9236
- C:\Windows\System\tzmInOP.exe
  C:\Windows\System\tzmInOP.exe
  2⤵
  PID:9252
- C:\Windows\System\DvTQixE.exe
  C:\Windows\System\DvTQixE.exe
  2⤵
  PID:9280
- C:\Windows\System\nDxdJHn.exe
  C:\Windows\System\nDxdJHn.exe
  2⤵
  PID:9296
- C:\Windows\System\dhdYjjn.exe
  C:\Windows\System\dhdYjjn.exe
  2⤵
  PID:9320
- C:\Windows\System\NrTAaMA.exe
  C:\Windows\System\NrTAaMA.exe
  2⤵
  PID:9336
- C:\Windows\System\uhxImFM.exe
  C:\Windows\System\uhxImFM.exe
  2⤵
  PID:9356
- C:\Windows\System\CDygKrG.exe
  C:\Windows\System\CDygKrG.exe
  2⤵
  PID:9376
- C:\Windows\System\HuhfdMn.exe
  C:\Windows\System\HuhfdMn.exe
  2⤵
  PID:9404
- C:\Windows\System\XewqlqS.exe
  C:\Windows\System\XewqlqS.exe
  2⤵
  PID:9420
- C:\Windows\System\XhQeVyE.exe
  C:\Windows\System\XhQeVyE.exe
  2⤵
  PID:9440
- C:\Windows\System\qSmNkzP.exe
  C:\Windows\System\qSmNkzP.exe
  2⤵
  PID:9456
- C:\Windows\System\VrplKiH.exe
  C:\Windows\System\VrplKiH.exe
  2⤵
  PID:9484
- C:\Windows\System\SXLbmcW.exe
  C:\Windows\System\SXLbmcW.exe
  2⤵
  PID:9500
- C:\Windows\System\gvuwfOs.exe
  C:\Windows\System\gvuwfOs.exe
  2⤵
  PID:9524
- C:\Windows\System\ytfghQA.exe
  C:\Windows\System\ytfghQA.exe
  2⤵
  PID:9540
- C:\Windows\System\uVEjPHr.exe
  C:\Windows\System\uVEjPHr.exe
  2⤵
  PID:9564
- C:\Windows\System\vFCIxjN.exe
  C:\Windows\System\vFCIxjN.exe
  2⤵
  PID:9580
- C:\Windows\System\KYRkYBj.exe
  C:\Windows\System\KYRkYBj.exe
  2⤵
  PID:9596
- C:\Windows\System\nUCMhwO.exe
  C:\Windows\System\nUCMhwO.exe
  2⤵
  PID:9616
- C:\Windows\System\MBtcKHf.exe
  C:\Windows\System\MBtcKHf.exe
  2⤵
  PID:9644
- C:\Windows\System\qSuJeyH.exe
  C:\Windows\System\qSuJeyH.exe
  2⤵
  PID:9664
- C:\Windows\System\IFQGakp.exe
  C:\Windows\System\IFQGakp.exe
  2⤵
  PID:9680
- C:\Windows\System\qRAkZSL.exe
  C:\Windows\System\qRAkZSL.exe
  2⤵
  PID:9700
- C:\Windows\System\abEcsDZ.exe
  C:\Windows\System\abEcsDZ.exe
  2⤵
  PID:9724
- C:\Windows\System\aQzPwOL.exe
  C:\Windows\System\aQzPwOL.exe
  2⤵
  PID:9740
- C:\Windows\System\AqkFxEM.exe
  C:\Windows\System\AqkFxEM.exe
  2⤵
  PID:9756
- C:\Windows\System\YSbYbuc.exe
  C:\Windows\System\YSbYbuc.exe
  2⤵
  PID:9780
- C:\Windows\System\IXQnDRb.exe
  C:\Windows\System\IXQnDRb.exe
  2⤵
  PID:9796
- C:\Windows\System\qbKUSdX.exe
  C:\Windows\System\qbKUSdX.exe
  2⤵
  PID:9816
- C:\Windows\System\BjVZNdJ.exe
  C:\Windows\System\BjVZNdJ.exe
  2⤵
  PID:9836
- C:\Windows\System\RGksPZT.exe
  C:\Windows\System\RGksPZT.exe
  2⤵
  PID:9856
- C:\Windows\System\LgGMbor.exe
  C:\Windows\System\LgGMbor.exe
  2⤵
  PID:9872
- C:\Windows\System\uCKfLsA.exe
  C:\Windows\System\uCKfLsA.exe
  2⤵
  PID:9892
- C:\Windows\System\MbZlDJl.exe
  C:\Windows\System\MbZlDJl.exe
  2⤵
  PID:9920
- C:\Windows\System\BJAuNSf.exe
  C:\Windows\System\BJAuNSf.exe
  2⤵
  PID:9940
- C:\Windows\System\UQiuoOm.exe
  C:\Windows\System\UQiuoOm.exe
  2⤵
  PID:9968
- C:\Windows\System\fazYvmJ.exe
  C:\Windows\System\fazYvmJ.exe
  2⤵
  PID:9984
- C:\Windows\System\ZGyCXEf.exe
  C:\Windows\System\ZGyCXEf.exe
  2⤵
  PID:10008
- C:\Windows\System\HveVsrK.exe
  C:\Windows\System\HveVsrK.exe
  2⤵
  PID:10024
- C:\Windows\System\bwHsJxe.exe
  C:\Windows\System\bwHsJxe.exe
  2⤵
  PID:10044
- C:\Windows\System\qjWmmpR.exe
  C:\Windows\System\qjWmmpR.exe
  2⤵
  PID:10068
- C:\Windows\System\rRJXOPP.exe
  C:\Windows\System\rRJXOPP.exe
  2⤵
  PID:10088
- C:\Windows\System\PjyvGAE.exe
  C:\Windows\System\PjyvGAE.exe
  2⤵
  PID:10104
- C:\Windows\System\tZxHbDN.exe
  C:\Windows\System\tZxHbDN.exe
  2⤵
  PID:10128
- C:\Windows\System\wGsGoHL.exe
  C:\Windows\System\wGsGoHL.exe
  2⤵
  PID:10148
- C:\Windows\System\SRZKJIJ.exe
  C:\Windows\System\SRZKJIJ.exe
  2⤵
  PID:10164
- C:\Windows\System\ZwqMGId.exe
  C:\Windows\System\ZwqMGId.exe
  2⤵
  PID:10184
- C:\Windows\System\oyPdmfC.exe
  C:\Windows\System\oyPdmfC.exe
  2⤵
  PID:10204
- C:\Windows\System\oWehgYt.exe
  C:\Windows\System\oWehgYt.exe
  2⤵
  PID:10220
- C:\Windows\System\lgUXMmW.exe
  C:\Windows\System\lgUXMmW.exe
  2⤵
  PID:8388
- C:\Windows\System\Cpmzafm.exe
  C:\Windows\System\Cpmzafm.exe
  2⤵
  PID:9260
- C:\Windows\System\xBrwJoL.exe
  C:\Windows\System\xBrwJoL.exe
  2⤵
  PID:9244
- C:\Windows\System\yEolkHn.exe
  C:\Windows\System\yEolkHn.exe
  2⤵
  PID:9304
- C:\Windows\System\RcFhLOZ.exe
  C:\Windows\System\RcFhLOZ.exe
  2⤵
  PID:9348
- C:\Windows\System\YvNmjhp.exe
  C:\Windows\System\YvNmjhp.exe
  2⤵
  PID:9328
- C:\Windows\System\pBZYpmQ.exe
  C:\Windows\System\pBZYpmQ.exe
  2⤵
  PID:9368
- C:\Windows\System\FBomMgB.exe
  C:\Windows\System\FBomMgB.exe
  2⤵
  PID:9432
- C:\Windows\System\jauMUKv.exe
  C:\Windows\System\jauMUKv.exe
  2⤵
  PID:9476
- C:\Windows\System\ZinVgcc.exe
  C:\Windows\System\ZinVgcc.exe
  2⤵
  PID:9468
- C:\Windows\System\ryCXKEX.exe
  C:\Windows\System\ryCXKEX.exe
  2⤵
  PID:9532
- C:\Windows\System\MwYznKI.exe
  C:\Windows\System\MwYznKI.exe
  2⤵
  PID:9560
- C:\Windows\System\FMmDhUA.exe
  C:\Windows\System\FMmDhUA.exe
  2⤵
  PID:9628
- C:\Windows\System\dGhXAfy.exe
  C:\Windows\System\dGhXAfy.exe
  2⤵
  PID:9572
- C:\Windows\System\EKPuOfl.exe
  C:\Windows\System\EKPuOfl.exe
  2⤵
  PID:9652
- C:\Windows\System\rYcAQCn.exe
  C:\Windows\System\rYcAQCn.exe
  2⤵
  PID:9688
- C:\Windows\System\JevpErP.exe
  C:\Windows\System\JevpErP.exe
  2⤵
  PID:9752
- C:\Windows\System\rlsVLed.exe
  C:\Windows\System\rlsVLed.exe
  2⤵
  PID:9824
- C:\Windows\System\DdoaChO.exe
  C:\Windows\System\DdoaChO.exe
  2⤵
  PID:9868
- C:\Windows\System\ZIAWgBH.exe
  C:\Windows\System\ZIAWgBH.exe
  2⤵
  PID:9852
- C:\Windows\System\mzBritF.exe
  C:\Windows\System\mzBritF.exe
  2⤵
  PID:9764
- C:\Windows\System\XRKsKcq.exe
  C:\Windows\System\XRKsKcq.exe
  2⤵
  PID:9888
- C:\Windows\System\kWBWRtA.exe
  C:\Windows\System\kWBWRtA.exe
  2⤵
  PID:9948
- C:\Windows\System\AFKrfrS.exe
  C:\Windows\System\AFKrfrS.exe
  2⤵
  PID:9936
- C:\Windows\System\zicVozM.exe
  C:\Windows\System\zicVozM.exe
  2⤵
  PID:10000
- C:\Windows\System\WQNkybI.exe
  C:\Windows\System\WQNkybI.exe
  2⤵
  PID:10016
- C:\Windows\System\XwFiLOW.exe
  C:\Windows\System\XwFiLOW.exe
  2⤵
  PID:10060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BFrvtQg.exe

Filesize
6.0MB

MD5
f9cacae8db39ad01fe5455c9b367cdfe

SHA1
4fcd974ca2ca56e8868111fc9d363dfa7cbb0dd1

SHA256
541512db2c907d608ed1a605a02aab3037d803b8485f2a96b554cb750355ef27

SHA512
efdef279edb0f4a141b89499e05c62910b94daf5c3490e83732ad42e789f35f78feefc490d2babe1f88f26908802d49c82be654b31730832934e7afdcd64bbb0

Download Submit
C:\Windows\system\BuXzYCx.exe

Filesize
6.0MB

MD5
88363c4eb25e430d6e95fce98ecc69b2

SHA1
8f885650c6062acc158622624a3e40078f333677

SHA256
f835cd475fb0ec40c0f217d97fb1284e0578f396ba7989c784ef35cc8684d800

SHA512
5e4e9c11dcb8cfbb638bf26a4ee3cd3b6e7fc67441e7e4c74d02d8dfbd8a864b63fedd5e12e77c8b2929bc8b85d6b44b51fb0273ed5e02b04618b98facc8a1ca

Download Submit
C:\Windows\system\BxRGKQp.exe

Filesize
6.0MB

MD5
f7ded7ceb25dc34e5b8e2c1fb986c8a7

SHA1
9e1bdb4f3d70da9f549df6ba7855a81b27284451

SHA256
c5d3167ba601870efad039fb7e980437491329347cd19fc8f6e50c7a1a34cc46

SHA512
18e290050eaef759046ad72a64b1b083cc58ea9a23581c5dfc9aed5ac0122030bf03931629a1886db57636978eab8487dbf545d26983e164f4aa3af7769bd60a

Download Submit
C:\Windows\system\DrxKgrU.exe

Filesize
6.0MB

MD5
cacf01eaeb996d5312e42c8d958492cc

SHA1
5eef8cab2604fb2193ca5a6d8badeb343028369b

SHA256
45e1b1169f84ec305361b6308df2c1ec86bd5c217e4c2ca650763ebab1ffe21a

SHA512
ed4fb8af7f5c11896097376f86b198a542b3f3789b7ba4d4159cde8c24f4b9dd5f2814c3f9612cd1c776c18dd4df6a6d623b15e7338f706e668ea1680502cf0c

Download Submit
C:\Windows\system\IbObPcr.exe

Filesize
6.0MB

MD5
5d7c54327f857b5234f7314ab491f833

SHA1
7d89683d96d336f8b2ae72372430bb4d1fb1ecf4

SHA256
28074df305888731bc4f1c611e497215d5de713248d4d5dc20a3416f43c884af

SHA512
6f2b77af4dd1bad3952276aa22af307583efcc4c3b5c79e969ea64119b7eae116c593b9b1d5e31a150a5d2598acd14c13bd52405a63b58c944e7028f386fbec0

Download Submit
C:\Windows\system\IuNFuVJ.exe

Filesize
6.0MB

MD5
3b04698380b7ede6e272276a5babf8cc

SHA1
98024031d1ba0df7cd9cbc7ad584507952200790

SHA256
9bab76100b8f237b6f8f092db1c4036fbc8427096a9ea1bc556370cd0376fd9d

SHA512
1414955d016e6239b326cdb50062842330e4b2b84b8c54ee56c8d9bd9879dd3be7ec595a28df85c2d66af543ce3dd2bd5931f88c7af51f46fd5f0c3f02cf85dc

Download Submit
C:\Windows\system\KBCMwYE.exe

Filesize
6.0MB

MD5
3cd204b737a4af412df55b2247fe026c

SHA1
d92535232a8601359de22eac9bdafb45e6ca7cdb

SHA256
b4000e2995e1bfda7dc09f596d3e5738bb85be6e4d946b09cb277c262a60f8e3

SHA512
3f63aef332392b536082423cc69b0788ad035c7282ffa06030f89d80a0aecd4083a13f57551a64266d1bedbb3d06abfb3ebc55c8cec890808015e02c7d7fc7cd

Download Submit
C:\Windows\system\MYiYWpA.exe

Filesize
6.0MB

MD5
1c642eec68eaa85182cef014ef4532ea

SHA1
d84d1678be8560ed5df3d48098fc51fc38771a37

SHA256
11a519e70b497af25dd70a7b467653a7a999b8a6409a6e03bb4f9c2ff75de92d

SHA512
69dd3152d247bc087b0d6ab39ccec748fbd2221c96df91bb52fe8f0d5f0c4a18a15c0c971fafbdededdd3b4fcd2900b0a31052f6e7a9134b6c7211c6f04bf269

Download Submit
C:\Windows\system\MaGejnw.exe

Filesize
6.0MB

MD5
7da2f3ccabb07782791318d6a63ba191

SHA1
1bed0363ccd70f66e93cfcc0a27e65c297f61cbe

SHA256
37b3cd8368e1d3409366d2d7493475bcf5388fb1b0634e8c4edc542240c42f0a

SHA512
7aef18ed6fa6a6ec84b8e0a14f9e9f208ddcf0a0f97ac86f5e1eaeae347024889fa0e2b6e2dfc465805c9b059c21b24986d6e6a65048ffe4377a39a0438fe378

Download Submit
C:\Windows\system\MdUxRXQ.exe

Filesize
6.0MB

MD5
f0a3447bf25aeac4d1fcdeac784c74f9

SHA1
be67cbad6bb166b6c6befde339db31eda2f4936f

SHA256
99054492924f2eafbe5b76099a612eb7d4c5202f54de9a930e3c3063e1e2e994

SHA512
508191c432d5b2f06d6869424692fdb85bea9406e9ec1e0a40405560b108666d40b0e6fd1817b6ab77dbd166fdf1905258e1815975593bd7ad73271c2090186f

Download Submit
C:\Windows\system\NVPjpSb.exe

Filesize
6.0MB

MD5
592f345a02e1a1b9d97f08185389ce64

SHA1
088db24da74df9f06a20aeaa7b03789ba03241bd

SHA256
e1f2314a4ddae22606e177ebae6a5fd66f63d690f83db764a47b34f282bba439

SHA512
8ccb820ddc1bda605146143aadf7a88fcc6070e0f249ec5bfc393fe7c9380dc345e32e1a5013eb3082dff80b2906f7c470c2d9441dfa72ce917e3c3a754d53c0

Download Submit
C:\Windows\system\OyHOaoB.exe

Filesize
6.0MB

MD5
c531b3ec30b748cb4a49adee3b3b9335

SHA1
e2c3817cc500a2d89129e56eed03270591bcc1c4

SHA256
a1191c5db9b1b83435f07620de8655e2c34ff309358c6b4eeadd24173ad7513b

SHA512
d83755fb65524331b3dd5704464f488c23b740e23cae0e0bf50ef89d725fc713ee2941d62813ee051f0eac4ff7ed87892a628d814d0a3c317be80093f7914a60

Download Submit
C:\Windows\system\PkeJlqt.exe

Filesize
6.0MB

MD5
b9fd75d1c5d71f8c1a0bf8ed79df2f7a

SHA1
c328f7c3ce16899fa8c804f370dee357fcce1572

SHA256
54d851a371e19a8c5228b299b193f70b933223049c296c4eb06c33b774d5c738

SHA512
137102e24423af2e945fa86d7b3e8cfb4e3f1561db70842856db0131e5724fe14f756a5d934840253ce28193e949ab7578654df59e120f422f134476c0b05a77

Download Submit
C:\Windows\system\SZFxzqt.exe

Filesize
6.0MB

MD5
a379db4cc2e9ad20bb42eee3e3d30132

SHA1
8ee7dbbae60fc3357e93e56f4651b7e2f794cebe

SHA256
3dbba1b5f0936d3363c04fb711b281670e1575b05571944a82cb0850f3d03d3f

SHA512
ab1d7a039fe99706b108f397714e2ba93a693ce4e00a0bf44d97cdb90da66a79182745c8aa588d7bf14a6caae6d9562f786be249fbcc1718483163ad82e09e51

Download Submit
C:\Windows\system\WLNywxU.exe

Filesize
6.0MB

MD5
e21bfe6b6feff3c5e70a8b52f628b870

SHA1
77b22db66f1f9821fd66131b8b607906a2f63faa

SHA256
90c6ba125b17e87a4524dba77abaede37166653e1f4bdcf8f5b2af90ce837b35

SHA512
c1dad2e4228cb70610a2af072e3de8cc6b2a9c69914199ae58874191569e20ee7fcbde31cbe023767c5d1367ad99e44474eff5fe1e1d1b99a7835308c45db7da

Download Submit
C:\Windows\system\ZVipyZH.exe

Filesize
6.0MB

MD5
17dae60e1b29442149c04ca811cfbbf1

SHA1
0902a83b560d070ee0367f1a94ccc1fc8368ffeb

SHA256
e91ab6509786187d8611de1d1fafaf5cccf23cd8dec4998e4ef178d150203504

SHA512
6ff2eebb2685aa94d3fab5cb485f7c6be86adef3b807dedd013dc0dbb5f83a325701279a973e3335a8028c28c077cf9017a5a5159ad592335bad0ba8ffa34344

Download Submit
C:\Windows\system\ZWjiqld.exe

Filesize
6.0MB

MD5
49e74b84df4592a15f09158db240111c

SHA1
2d798ef8b61cd4a5ffa67cf5c542afac7ae87535

SHA256
4256585b09996b8cc9e29c01c361c520631fb6c46e4997f7e23c64b2e692e161

SHA512
88a059c248dea4a06dc657c597b5166065c9377d5edf7f405a04f7698cb4aea55347d5ef56a70a7cc8406dfa7f55d558686d17b7a58e69efc897d33fc89e3594

Download Submit
C:\Windows\system\aMqdpYY.exe

Filesize
6.0MB

MD5
d12ac88c4b08957ddd5df9f5e773f4eb

SHA1
f288f4be24718b437a62b1bdc1d563d205f88f9d

SHA256
5ce18cb44a4be9e73d18b24c8b463191d8e82ddbbe9703fcec975efa3a8e17a1

SHA512
96ef85e80aaad360595fbb9e96ece4126614487d330c893cb6fca049b243af80bca7bf4718b93c207dac0c859f28567aa445ab4eb5abad04e16a1118cff7d0ab

Download Submit
C:\Windows\system\crQFhGh.exe

Filesize
6.0MB

MD5
d874bfbe156f0f90619899ac9d3d7285

SHA1
04ab459f05707a662a5f28e0827f45cbe64b0e20

SHA256
21bd2f5bf26892f8a0f7ed0a63020b22a442045c8eec9b8ea95198d29c2601d6

SHA512
b233b6b9b931a9f1dc6615f8d037aa13625398680ef095aa41200769f4d8a5e914adad9f797262dcb27f5fbf2a3a94b1b521d93c0205368837150daca1220440

Download Submit
C:\Windows\system\evwOqgz.exe

Filesize
6.0MB

MD5
7f3a0689261532444e75b0bc01f7b83c

SHA1
f1323ce66690e2569cf2c45667fd4970863fd34a

SHA256
440887e9a75ef64d463f8bf8a5477e854ef839add1ace0d3b3cbd4eebcae5aa7

SHA512
6cd0eb9f5fffffe7be42a6744707b6dda1e5fe6e22a512eb8cf79156d688b75285ced6e2939a8095b42c458797019671c58c5c31f59d39a4c3e0e16ef81657b0

Download Submit
C:\Windows\system\gvGFAAS.exe

Filesize
6.0MB

MD5
5ad6ac34cc120e4a6335314cb7dc4309

SHA1
aca597954328bfcf17d4044cc07f6e5ad36ee176

SHA256
c4580fb779868991d9e6d5581c2876c92cf89b3e32c9b0196645651571662191

SHA512
bd96628d698a90e728119cd2d11a3d10d30c5925263805b3cb8fb15128070987d336edbd1d1387456e536f13e623ac8c5acf22547d81178db9059cedb16f1669

Download Submit
C:\Windows\system\rxrViiP.exe

Filesize
6.0MB

MD5
bb643ae8c347a3f50a427d0aedd0bbdd

SHA1
9cc99b9f18081cc0fe7b3e3b770fa95906b6c9ba

SHA256
23dbda4b2fc6dc4102416624728b9580f9bb40a837a9241e7e34171eb6e13b4d

SHA512
8d38bec9a95222ebd4a7c5b7bbed28f50e650df3e8efd067d9612485255f0f3142d414f18f3d46e32e1d7df63eaddb9392bf444968fef38189991214f9f1cb3f

Download Submit
C:\Windows\system\unowDvA.exe

Filesize
6.0MB

MD5
046d8566d5047ea8809ebcffc76021a8

SHA1
d6d839b50d67945fa4d661ac65d8b7adc19abefb

SHA256
3a4a5289c532fd13425295fc7a5cb208a674ea244fbf7c6edf02bc1167d0049e

SHA512
684a6e60e9c42773c27cb2e262351b9368850912339d3c577ddb50b50487fa78dbc57c64ede6202d3bcb287e06348dd94382921b949cce227a9822f39d6b7f36

Download Submit
C:\Windows\system\yAHhuHo.exe

Filesize
6.0MB

MD5
b30eb7a1cb3b6d7b48cb8106d29fd01a

SHA1
4c2bfe56542cd38eecfddb04895418f2aeb07d54

SHA256
2e86c5b2439a27cb55f8495da3ac6639f613cf3bdb97a76fd14b6ce6cfc5b0c7

SHA512
c873bbc652ea63e51f78d5f6d9946b213cb90e6a68c83fd0eb861ee078ad184cf96288c6c179f6c5e1c351e59a2af3913c84e109d58428c451031a3d1d9b02ce

Download Submit
C:\Windows\system\zRTYGkh.exe

Filesize
6.0MB

MD5
fa2cfdc38d1776ee1682433a18bdcffa

SHA1
7d917f3c1c44c01dda8e1f51e5656eb2c132bb0f

SHA256
aaa67c6e7d2d049dc7199d905cc6b3b0ba7754fa158213fb3f055ae60118798a

SHA512
ff1fb6cb6fdccc3fc2cc53e12bbab4af8d75d910287b559433d4f616bae536a9261818e4066562acb3c5fc51551cb1611bf0dbf31546f6bba9ce13706d45dd18

Download Submit
C:\Windows\system\zTaXNXC.exe

Filesize
6.0MB

MD5
8068568c446d65983730acf49012c611

SHA1
681728c7febde88975d79078d86e0dd418d895ed

SHA256
c4c08c774f4a1b4797aa244ba555fbe87486e67fcc98163a27e8ab5228d24ab6

SHA512
8fc15dbde3d9fdd230a08358b081de23bf07153e67eb9fb560f4a8cc60a90b541868b0fa389fc7c40058f0305dd868a63fa28b641e586b8b03bf8e3f9f6abce5

Download Submit
\Windows\system\MlnoCCp.exe

Filesize
6.0MB

MD5
084095c74430e42cbbf3143ff4af8a73

SHA1
af4e6d67e471828acc133efde0a8e95f317726b2

SHA256
b16dfa08506eb6dfe5428d85f94daaffd06a1abdf180bcbdb6850955c753b8e1

SHA512
1dd9fac6024d30fb3a48a6cbac6814d19961ab9b57046ec165143b98f5f265626e929df293c7403e08fd3b1a862d9b207800324f524a5b1969f854868efa5014

Download Submit
\Windows\system\dRUXmfO.exe

Filesize
6.0MB

MD5
85e5a10158859422494ea3d2b427a9c8

SHA1
20a96eb62d2cb5161f22ce577f6162e9b8d6dd41

SHA256
f8fab8b87e1b471384ec0a81e87e78c5e12bb2478fda04a27fd14148e4fae0e9

SHA512
d75a6263231c00a63ffc33e0b40485b756eda719df1efff110b0339ac36b1f4c77c41d39422e564e96bac2e8beddbc65d3caa97e3af25da00d5742d0511664e9

Download Submit
\Windows\system\ohEZZVr.exe

Filesize
6.0MB

MD5
10dd5994e344cddc891ba00027626b5c

SHA1
e88851a044328781665291c226db49ca67421927

SHA256
5e9addda481445775eb2f400d76f3a54abbe55dea3688c23f6ec465e77f406e6

SHA512
169a200381781aa4317c0584bdc4dad831649e5d42f10dae7d71b80dc4f78297cd9c53c36858cddbe322336cd9777d15a60b0a8b8311e7b701ddb5b1ed184bb0

Download Submit
\Windows\system\pyoSwdl.exe

Filesize
6.0MB

MD5
82beee11ef673ac6eb694a32d0d33c92

SHA1
fb34073494ecde3108f2c082a52f5c074a299f8e

SHA256
d1af6968a9865ad5899330141c79a055afd48cfb1f1a2f33570f71a1a89775ae

SHA512
803e5334c50b9cd478cffff58028e58ca593e1c94d28363c99ba1cff5f3e81237810b23853fa805e7e9a249d173ac4e8e0ddab4223029b57232782af3d98b689

Download Submit
\Windows\system\qRbhYKo.exe

Filesize
6.0MB

MD5
89cc6abc80921fc7b2b521d3af4c221e

SHA1
e99746a9a64caf2d1018259b26aa9a7ec3b56e29

SHA256
b3de385194eb69cd0ae776c9b9702bdb5a2747afec24d3ee5429aa099c6a4999

SHA512
f0c7cea78dbf3b744283d5435289ab1e61e2487021dae90ef7411a1595cc63d23c40ae47592ac9864af10429b9f9048aa05ba70de764c61bac2050323bc7e93e

Download Submit
\Windows\system\vxsBEsM.exe

Filesize
6.0MB

MD5
8d0b05997f3f0799b5a9beba3ff00dd4

SHA1
177221d80a2da1ed173ed969324d21e21adc18ef

SHA256
afba0f62e676e120d20b9ca0f4dbfd56d367e04c9486fa3eb5eea4bb0f50b49a

SHA512
7724c2f6ea023a0cc14efb438d77ea727334c67c0677b996e2e68bd417377b6259eae7ab6eaf92f0e72a3172eccd89133b501e424d7199031e8fbe287ebb47d2

Download Submit
memory/580-86-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/580-223-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/580-905-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/924-101-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/924-387-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/924-925-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1580-76-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1580-147-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1580-889-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1656-72-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-43-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1656-97-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-50-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-6-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-0-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1656-261-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1656-113-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1656-82-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1656-89-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1656-57-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-114-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-39-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1656-73-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1656-525-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-32-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1656-11-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1656-343-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-68-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1656-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-179-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1656-24-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1656-21-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-93-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2448-915-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2448-303-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2492-69-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2492-107-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2492-879-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2684-61-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-865-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-100-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-92-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-54-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-861-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-37-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2756-16-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2756-641-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2872-108-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2872-480-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2872-935-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2880-33-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2880-807-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2912-22-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-642-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-47-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-957-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-10-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-31-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-48-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2960-867-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2960-85-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/3044-845-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-45-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-81-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download