cobaltstrike | a4876532de95bf0106b96408fb2a01cf4e4fd531f1884ac422ea4ac8536d087c

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

be7c3483c0ae91eff9ac205611255f92
SHA1

1df3d53ad4c870e9f04ed95b6eeb2fd775b14803
SHA256

a4876532de95bf0106b96408fb2a01cf4e4fd531f1884ac422ea4ac8536d087c
SHA512

fd9a152f4acff3fa8b30c66db3f99c11ca069b81809f96c095aba1c5e9e4ae60a2362d69ae56134a8f695e0ae35f40006b68215a48a7107a83a468250f67662e
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUu:eOl56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d5-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d5a-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e1d-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f45-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017342-39.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce8-48.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017355-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-106.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000a0000000120d5-6.dat	xmrig
behavioral1/files/0x0008000000016d5a-13.dat	xmrig
behavioral1/memory/2228-12-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/336-14-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d71-10.dat	xmrig
behavioral1/memory/2988-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2280-21-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2272-28-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x0007000000016e1d-26.dat	xmrig
behavioral1/memory/852-33-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000016f45-32.dat	xmrig
behavioral1/memory/2988-31-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000017342-39.dat	xmrig
behavioral1/files/0x0009000000016ce8-48.dat	xmrig
behavioral1/memory/2592-50-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2968-47-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2988-44-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2988-40-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0009000000017355-51.dat	xmrig
behavioral1/memory/2280-57-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019080-59.dat	xmrig
behavioral1/memory/2692-58-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2988-53-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/336-52-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2644-66-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2272-65-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c2-67.dat	xmrig
behavioral1/files/0x00050000000195c6-77.dat	xmrig
behavioral1/files/0x00050000000195d0-103.dat	xmrig
behavioral1/memory/2988-108-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ce-119.dat	xmrig
behavioral1/files/0x0005000000019931-144.dat	xmrig
behavioral1/files/0x0005000000019bf0-154.dat	xmrig
behavioral1/files/0x0005000000019cd5-168.dat	xmrig
behavioral1/memory/2644-597-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2692-362-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2988-293-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f57-188.dat	xmrig
behavioral1/files/0x0005000000019d69-183.dat	xmrig
behavioral1/files/0x0005000000019d5c-178.dat	xmrig
behavioral1/files/0x0005000000019cfc-173.dat	xmrig
behavioral1/files/0x0005000000019c0b-163.dat	xmrig
behavioral1/files/0x0005000000019bf2-157.dat	xmrig
behavioral1/files/0x0005000000019bec-147.dat	xmrig
behavioral1/files/0x0005000000019665-134.dat	xmrig
behavioral1/files/0x00050000000196a0-137.dat	xmrig
behavioral1/files/0x0005000000019624-128.dat	xmrig
behavioral1/files/0x00050000000195e0-123.dat	xmrig
behavioral1/memory/2492-102-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c8-94.dat	xmrig
behavioral1/files/0x00050000000195ca-91.dat	xmrig
behavioral1/memory/2988-84-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-82.dat	xmrig
behavioral1/files/0x00050000000195c4-74.dat	xmrig
behavioral1/memory/2800-110-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195cc-106.dat	xmrig
behavioral1/memory/2496-78-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/852-73-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2228-3059-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/336-3069-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2272-3079-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2280-3111-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/852-3121-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2968-3127-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2228	fQUtAQW.exe
336	ereIjbg.exe
2280	imeInnl.exe
2272	SQHrYoG.exe
852	DAWyInJ.exe
2968	jRisZbV.exe
2592	ZYMTjUd.exe
2692	gVyrsQb.exe
2644	VGDCPhX.exe
2496	JWMvQIS.exe
2800	JVOenAD.exe
2492	jDmhCnK.exe
2564	oLpXkTJ.exe
2956	qlbLSDT.exe
2524	pVzKJFG.exe
2532	VRbHmBm.exe
2408	piXkTuj.exe
2996	rHEyTKq.exe
2220	OUCitGA.exe
296	KsLOkSq.exe
1272	gUBxvUb.exe
2316	rlYCJBF.exe
1800	HcPNXaA.exe
1996	rguKGNK.exe
1928	tiEQXZo.exe
1916	rHpZOZe.exe
1624	PyzaiXs.exe
2728	RnFVOMG.exe
2812	fjCtVMb.exe
2360	TgsXQbO.exe
2076	kFizsEZ.exe
2920	eBInIOZ.exe
1504	GveJZat.exe
1720	hcHqoho.exe
1200	mHrwvVJ.exe
1144	kLJOFoz.exe
992	ljNkXrm.exe
532	fwHKvjT.exe
956	DqaDUjQ.exe
1856	fMFVEpj.exe
1900	rRUxlyg.exe
1640	FrCkuto.exe
1764	ijsOFtv.exe
1648	aOhANBt.exe
880	frxYJAG.exe
1404	dzijYkt.exe
1616	cTTZeip.exe
2124	ltxhhLm.exe
1644	QOuomrQ.exe
1652	mICsHRi.exe
1956	fstTKth.exe
2368	mfeBDpm.exe
3028	HfZreGn.exe
2312	wvWGQPW.exe
876	zYqigqF.exe
2356	jiOotWU.exe
756	jJAtoJJ.exe
1680	xOgyuga.exe
1236	sWwwNsn.exe
292	CdvuUEF.exe
2204	RqRcsnD.exe
1700	LSNBfBj.exe
3016	kRSuTfB.exe
2708	cOyBxQh.exe

Loads dropped DLL 64 IoCs

pid	Process
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a0000000120d5-6.dat	upx
behavioral1/files/0x0008000000016d5a-13.dat	upx
behavioral1/memory/2228-12-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/336-14-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0007000000016d71-10.dat	upx
behavioral1/memory/2988-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2280-21-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2272-28-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0007000000016e1d-26.dat	upx
behavioral1/memory/852-33-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0007000000016f45-32.dat	upx
behavioral1/files/0x0007000000017342-39.dat	upx
behavioral1/files/0x0009000000016ce8-48.dat	upx
behavioral1/memory/2592-50-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2968-47-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2988-40-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0009000000017355-51.dat	upx
behavioral1/memory/2280-57-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0007000000019080-59.dat	upx
behavioral1/memory/2692-58-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/336-52-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2644-66-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2272-65-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00050000000195c2-67.dat	upx
behavioral1/files/0x00050000000195c6-77.dat	upx
behavioral1/files/0x00050000000195d0-103.dat	upx
behavioral1/files/0x00050000000195ce-119.dat	upx
behavioral1/files/0x0005000000019931-144.dat	upx
behavioral1/files/0x0005000000019bf0-154.dat	upx
behavioral1/files/0x0005000000019cd5-168.dat	upx
behavioral1/memory/2644-597-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2692-362-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0005000000019f57-188.dat	upx
behavioral1/files/0x0005000000019d69-183.dat	upx
behavioral1/files/0x0005000000019d5c-178.dat	upx
behavioral1/files/0x0005000000019cfc-173.dat	upx
behavioral1/files/0x0005000000019c0b-163.dat	upx
behavioral1/files/0x0005000000019bf2-157.dat	upx
behavioral1/files/0x0005000000019bec-147.dat	upx
behavioral1/files/0x0005000000019665-134.dat	upx
behavioral1/files/0x00050000000196a0-137.dat	upx
behavioral1/files/0x0005000000019624-128.dat	upx
behavioral1/files/0x00050000000195e0-123.dat	upx
behavioral1/memory/2492-102-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x00050000000195c8-94.dat	upx
behavioral1/files/0x00050000000195ca-91.dat	upx
behavioral1/files/0x00050000000195c7-82.dat	upx
behavioral1/files/0x00050000000195c4-74.dat	upx
behavioral1/memory/2800-110-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x00050000000195cc-106.dat	upx
behavioral1/memory/2496-78-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/852-73-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2228-3059-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/336-3069-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2272-3079-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2280-3111-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/852-3121-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2968-3127-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2592-3134-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2692-3183-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2644-3343-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2496-3346-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2800-3356-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2492-3363-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YaCxzvy.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWNOVAY.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLEzaAy.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLgLcNG.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlJKkiE.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrHOSYB.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAqaygL.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdewVBt.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkryRFj.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCJyzdp.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDLcSzy.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpSuhUX.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfaaJHT.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlsoUDf.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFIaCHN.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhQUwuU.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvHrWXg.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYSYxSx.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnGeiPc.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edjFyYR.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmTCpLK.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbsNxBr.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktxKKhS.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjUQUIl.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUljvvP.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPimyBA.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkJeRgw.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMPhNdi.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIEUWxD.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrOTUin.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aocnBzA.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qERXKFN.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbZmXPZ.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khkYLgQ.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbapxrp.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRmfoWo.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYeuVle.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYuBaiP.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUhjBxF.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvFRwoR.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGtIdcN.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNSOdGj.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PslUIOP.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdNDIRS.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvxyelJ.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faYkSea.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygtGbiK.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMGQuXJ.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJklcst.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQLPbfg.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvjQOtd.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHIMWNq.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSNrAkA.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNtEWcl.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSksFuA.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFQUXMz.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSRfeCs.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UURcxJi.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkIpagF.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVhRMMg.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfHdtxs.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GobBCRO.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjntEUt.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYoZcJi.exe	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2228	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2988 wrote to memory of 2228	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2988 wrote to memory of 2228	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2988 wrote to memory of 336	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2988 wrote to memory of 336	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2988 wrote to memory of 336	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2988 wrote to memory of 2280	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2988 wrote to memory of 2280	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2988 wrote to memory of 2280	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2988 wrote to memory of 2272	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2988 wrote to memory of 2272	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2988 wrote to memory of 2272	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2988 wrote to memory of 852	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2988 wrote to memory of 852	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2988 wrote to memory of 852	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2988 wrote to memory of 2968	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2988 wrote to memory of 2968	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2988 wrote to memory of 2968	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2988 wrote to memory of 2592	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2988 wrote to memory of 2592	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2988 wrote to memory of 2592	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2988 wrote to memory of 2692	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2988 wrote to memory of 2692	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2988 wrote to memory of 2692	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2988 wrote to memory of 2644	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2988 wrote to memory of 2644	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2988 wrote to memory of 2644	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2988 wrote to memory of 2496	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2988 wrote to memory of 2496	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2988 wrote to memory of 2496	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2988 wrote to memory of 2524	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2988 wrote to memory of 2524	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2988 wrote to memory of 2524	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2988 wrote to memory of 2800	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2988 wrote to memory of 2800	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2988 wrote to memory of 2800	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2988 wrote to memory of 2532	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2988 wrote to memory of 2532	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2988 wrote to memory of 2532	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2988 wrote to memory of 2492	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2988 wrote to memory of 2492	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2988 wrote to memory of 2492	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2988 wrote to memory of 2408	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2988 wrote to memory of 2408	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2988 wrote to memory of 2408	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2988 wrote to memory of 2564	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2988 wrote to memory of 2564	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2988 wrote to memory of 2564	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2988 wrote to memory of 2996	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2988 wrote to memory of 2996	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2988 wrote to memory of 2996	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2988 wrote to memory of 2956	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2988 wrote to memory of 2956	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2988 wrote to memory of 2956	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2988 wrote to memory of 2220	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2988 wrote to memory of 2220	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2988 wrote to memory of 2220	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2988 wrote to memory of 296	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2988 wrote to memory of 296	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2988 wrote to memory of 296	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2988 wrote to memory of 1272	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2988 wrote to memory of 1272	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2988 wrote to memory of 1272	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2988 wrote to memory of 2316	2988	2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_be7c3483c0ae91eff9ac205611255f92_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\System\fQUtAQW.exe
  C:\Windows\System\fQUtAQW.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ereIjbg.exe
  C:\Windows\System\ereIjbg.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\imeInnl.exe
  C:\Windows\System\imeInnl.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\SQHrYoG.exe
  C:\Windows\System\SQHrYoG.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\DAWyInJ.exe
  C:\Windows\System\DAWyInJ.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\jRisZbV.exe
  C:\Windows\System\jRisZbV.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ZYMTjUd.exe
  C:\Windows\System\ZYMTjUd.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\gVyrsQb.exe
  C:\Windows\System\gVyrsQb.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\VGDCPhX.exe
  C:\Windows\System\VGDCPhX.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\JWMvQIS.exe
  C:\Windows\System\JWMvQIS.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\pVzKJFG.exe
  C:\Windows\System\pVzKJFG.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\JVOenAD.exe
  C:\Windows\System\JVOenAD.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\VRbHmBm.exe
  C:\Windows\System\VRbHmBm.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\jDmhCnK.exe
  C:\Windows\System\jDmhCnK.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\piXkTuj.exe
  C:\Windows\System\piXkTuj.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\oLpXkTJ.exe
  C:\Windows\System\oLpXkTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\rHEyTKq.exe
  C:\Windows\System\rHEyTKq.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\qlbLSDT.exe
  C:\Windows\System\qlbLSDT.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\OUCitGA.exe
  C:\Windows\System\OUCitGA.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\KsLOkSq.exe
  C:\Windows\System\KsLOkSq.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\gUBxvUb.exe
  C:\Windows\System\gUBxvUb.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\rlYCJBF.exe
  C:\Windows\System\rlYCJBF.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\HcPNXaA.exe
  C:\Windows\System\HcPNXaA.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\rguKGNK.exe
  C:\Windows\System\rguKGNK.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\tiEQXZo.exe
  C:\Windows\System\tiEQXZo.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\rHpZOZe.exe
  C:\Windows\System\rHpZOZe.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\PyzaiXs.exe
  C:\Windows\System\PyzaiXs.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\RnFVOMG.exe
  C:\Windows\System\RnFVOMG.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\fjCtVMb.exe
  C:\Windows\System\fjCtVMb.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\TgsXQbO.exe
  C:\Windows\System\TgsXQbO.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\kFizsEZ.exe
  C:\Windows\System\kFizsEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\eBInIOZ.exe
  C:\Windows\System\eBInIOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\GveJZat.exe
  C:\Windows\System\GveJZat.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\hcHqoho.exe
  C:\Windows\System\hcHqoho.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\mHrwvVJ.exe
  C:\Windows\System\mHrwvVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\kLJOFoz.exe
  C:\Windows\System\kLJOFoz.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\ljNkXrm.exe
  C:\Windows\System\ljNkXrm.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\fwHKvjT.exe
  C:\Windows\System\fwHKvjT.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\DqaDUjQ.exe
  C:\Windows\System\DqaDUjQ.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\fMFVEpj.exe
  C:\Windows\System\fMFVEpj.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\rRUxlyg.exe
  C:\Windows\System\rRUxlyg.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\FrCkuto.exe
  C:\Windows\System\FrCkuto.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ijsOFtv.exe
  C:\Windows\System\ijsOFtv.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\aOhANBt.exe
  C:\Windows\System\aOhANBt.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\frxYJAG.exe
  C:\Windows\System\frxYJAG.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\dzijYkt.exe
  C:\Windows\System\dzijYkt.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\cTTZeip.exe
  C:\Windows\System\cTTZeip.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\ltxhhLm.exe
  C:\Windows\System\ltxhhLm.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\QOuomrQ.exe
  C:\Windows\System\QOuomrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\mICsHRi.exe
  C:\Windows\System\mICsHRi.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\fstTKth.exe
  C:\Windows\System\fstTKth.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\mfeBDpm.exe
  C:\Windows\System\mfeBDpm.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\HfZreGn.exe
  C:\Windows\System\HfZreGn.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\wvWGQPW.exe
  C:\Windows\System\wvWGQPW.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\zYqigqF.exe
  C:\Windows\System\zYqigqF.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\jiOotWU.exe
  C:\Windows\System\jiOotWU.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\jJAtoJJ.exe
  C:\Windows\System\jJAtoJJ.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\xOgyuga.exe
  C:\Windows\System\xOgyuga.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\sWwwNsn.exe
  C:\Windows\System\sWwwNsn.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\CdvuUEF.exe
  C:\Windows\System\CdvuUEF.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\RqRcsnD.exe
  C:\Windows\System\RqRcsnD.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\LSNBfBj.exe
  C:\Windows\System\LSNBfBj.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\kRSuTfB.exe
  C:\Windows\System\kRSuTfB.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\cOyBxQh.exe
  C:\Windows\System\cOyBxQh.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\JiOmJyG.exe
  C:\Windows\System\JiOmJyG.exe
  2⤵
  PID:1724
- C:\Windows\System\eGcTXrT.exe
  C:\Windows\System\eGcTXrT.exe
  2⤵
  PID:2772
- C:\Windows\System\khkYLgQ.exe
  C:\Windows\System\khkYLgQ.exe
  2⤵
  PID:2624
- C:\Windows\System\NisDtNd.exe
  C:\Windows\System\NisDtNd.exe
  2⤵
  PID:2656
- C:\Windows\System\JIvfHAN.exe
  C:\Windows\System\JIvfHAN.exe
  2⤵
  PID:1968
- C:\Windows\System\HmWlTRG.exe
  C:\Windows\System\HmWlTRG.exe
  2⤵
  PID:2544
- C:\Windows\System\ADxFiye.exe
  C:\Windows\System\ADxFiye.exe
  2⤵
  PID:1664
- C:\Windows\System\yPyYzWL.exe
  C:\Windows\System\yPyYzWL.exe
  2⤵
  PID:2216
- C:\Windows\System\xKgiqSX.exe
  C:\Windows\System\xKgiqSX.exe
  2⤵
  PID:2320
- C:\Windows\System\MlyxVKD.exe
  C:\Windows\System\MlyxVKD.exe
  2⤵
  PID:1656
- C:\Windows\System\ktxKKhS.exe
  C:\Windows\System\ktxKKhS.exe
  2⤵
  PID:1036
- C:\Windows\System\OWhOhKu.exe
  C:\Windows\System\OWhOhKu.exe
  2⤵
  PID:1912
- C:\Windows\System\zyTfpNG.exe
  C:\Windows\System\zyTfpNG.exe
  2⤵
  PID:2804
- C:\Windows\System\YVkHZUW.exe
  C:\Windows\System\YVkHZUW.exe
  2⤵
  PID:2040
- C:\Windows\System\NqSGNKS.exe
  C:\Windows\System\NqSGNKS.exe
  2⤵
  PID:340
- C:\Windows\System\hVLzhij.exe
  C:\Windows\System\hVLzhij.exe
  2⤵
  PID:2128
- C:\Windows\System\aDVqQGI.exe
  C:\Windows\System\aDVqQGI.exe
  2⤵
  PID:1596
- C:\Windows\System\GSfSUuy.exe
  C:\Windows\System\GSfSUuy.exe
  2⤵
  PID:444
- C:\Windows\System\hvDkOrG.exe
  C:\Windows\System\hvDkOrG.exe
  2⤵
  PID:2400
- C:\Windows\System\VKpwbnx.exe
  C:\Windows\System\VKpwbnx.exe
  2⤵
  PID:1980
- C:\Windows\System\NpWUXnn.exe
  C:\Windows\System\NpWUXnn.exe
  2⤵
  PID:2724
- C:\Windows\System\wnnibtc.exe
  C:\Windows\System\wnnibtc.exe
  2⤵
  PID:1520
- C:\Windows\System\EyVTpMH.exe
  C:\Windows\System\EyVTpMH.exe
  2⤵
  PID:2252
- C:\Windows\System\dpzzaJd.exe
  C:\Windows\System\dpzzaJd.exe
  2⤵
  PID:888
- C:\Windows\System\DANnqOj.exe
  C:\Windows\System\DANnqOj.exe
  2⤵
  PID:596
- C:\Windows\System\hpqQejk.exe
  C:\Windows\System\hpqQejk.exe
  2⤵
  PID:3064
- C:\Windows\System\flDmyfl.exe
  C:\Windows\System\flDmyfl.exe
  2⤵
  PID:2152
- C:\Windows\System\oMgKpCZ.exe
  C:\Windows\System\oMgKpCZ.exe
  2⤵
  PID:2664
- C:\Windows\System\sVHYNWw.exe
  C:\Windows\System\sVHYNWw.exe
  2⤵
  PID:884
- C:\Windows\System\msXQHUN.exe
  C:\Windows\System\msXQHUN.exe
  2⤵
  PID:1716
- C:\Windows\System\UqkExDR.exe
  C:\Windows\System\UqkExDR.exe
  2⤵
  PID:1576
- C:\Windows\System\eYTxWfS.exe
  C:\Windows\System\eYTxWfS.exe
  2⤵
  PID:2848
- C:\Windows\System\DyACMib.exe
  C:\Windows\System\DyACMib.exe
  2⤵
  PID:1768
- C:\Windows\System\CqSPaAl.exe
  C:\Windows\System\CqSPaAl.exe
  2⤵
  PID:2444
- C:\Windows\System\htCpFkK.exe
  C:\Windows\System\htCpFkK.exe
  2⤵
  PID:2852
- C:\Windows\System\LzlrzsU.exe
  C:\Windows\System\LzlrzsU.exe
  2⤵
  PID:2764
- C:\Windows\System\CscDaqf.exe
  C:\Windows\System\CscDaqf.exe
  2⤵
  PID:636
- C:\Windows\System\LSXqGQG.exe
  C:\Windows\System\LSXqGQG.exe
  2⤵
  PID:2388
- C:\Windows\System\wlWnFmX.exe
  C:\Windows\System\wlWnFmX.exe
  2⤵
  PID:1300
- C:\Windows\System\eZCwwKk.exe
  C:\Windows\System\eZCwwKk.exe
  2⤵
  PID:2476
- C:\Windows\System\AQUqicU.exe
  C:\Windows\System\AQUqicU.exe
  2⤵
  PID:1960
- C:\Windows\System\muUZPNJ.exe
  C:\Windows\System\muUZPNJ.exe
  2⤵
  PID:2784
- C:\Windows\System\Mwycuav.exe
  C:\Windows\System\Mwycuav.exe
  2⤵
  PID:2584
- C:\Windows\System\VCOKCgs.exe
  C:\Windows\System\VCOKCgs.exe
  2⤵
  PID:2836
- C:\Windows\System\WGtIdcN.exe
  C:\Windows\System\WGtIdcN.exe
  2⤵
  PID:2208
- C:\Windows\System\AkiuNFF.exe
  C:\Windows\System\AkiuNFF.exe
  2⤵
  PID:1172
- C:\Windows\System\XPpLoRp.exe
  C:\Windows\System\XPpLoRp.exe
  2⤵
  PID:1748
- C:\Windows\System\svyIWTg.exe
  C:\Windows\System\svyIWTg.exe
  2⤵
  PID:1160
- C:\Windows\System\tvnszAj.exe
  C:\Windows\System\tvnszAj.exe
  2⤵
  PID:2300
- C:\Windows\System\LfSATPY.exe
  C:\Windows\System\LfSATPY.exe
  2⤵
  PID:2012
- C:\Windows\System\zGUdQVQ.exe
  C:\Windows\System\zGUdQVQ.exe
  2⤵
  PID:640
- C:\Windows\System\cvraCor.exe
  C:\Windows\System\cvraCor.exe
  2⤵
  PID:2908
- C:\Windows\System\mZpEKCj.exe
  C:\Windows\System\mZpEKCj.exe
  2⤵
  PID:2440
- C:\Windows\System\hzNlmuV.exe
  C:\Windows\System\hzNlmuV.exe
  2⤵
  PID:1572
- C:\Windows\System\WCOWOUz.exe
  C:\Windows\System\WCOWOUz.exe
  2⤵
  PID:2684
- C:\Windows\System\tZJNDNZ.exe
  C:\Windows\System\tZJNDNZ.exe
  2⤵
  PID:2616
- C:\Windows\System\hnTuSGQ.exe
  C:\Windows\System\hnTuSGQ.exe
  2⤵
  PID:2448
- C:\Windows\System\aocnBzA.exe
  C:\Windows\System\aocnBzA.exe
  2⤵
  PID:2488
- C:\Windows\System\yXYfQRI.exe
  C:\Windows\System\yXYfQRI.exe
  2⤵
  PID:2200
- C:\Windows\System\fAoAdWa.exe
  C:\Windows\System\fAoAdWa.exe
  2⤵
  PID:1776
- C:\Windows\System\vHIMWNq.exe
  C:\Windows\System\vHIMWNq.exe
  2⤵
  PID:676
- C:\Windows\System\QNuRBie.exe
  C:\Windows\System\QNuRBie.exe
  2⤵
  PID:1080
- C:\Windows\System\IEQPJwm.exe
  C:\Windows\System\IEQPJwm.exe
  2⤵
  PID:2096
- C:\Windows\System\WavmqWe.exe
  C:\Windows\System\WavmqWe.exe
  2⤵
  PID:2700
- C:\Windows\System\trgrgUs.exe
  C:\Windows\System\trgrgUs.exe
  2⤵
  PID:2080
- C:\Windows\System\gekFbqG.exe
  C:\Windows\System\gekFbqG.exe
  2⤵
  PID:2716
- C:\Windows\System\URlpHPn.exe
  C:\Windows\System\URlpHPn.exe
  2⤵
  PID:1480
- C:\Windows\System\YLsIYTs.exe
  C:\Windows\System\YLsIYTs.exe
  2⤵
  PID:1568
- C:\Windows\System\MomJFYO.exe
  C:\Windows\System\MomJFYO.exe
  2⤵
  PID:2580
- C:\Windows\System\bKbZzYm.exe
  C:\Windows\System\bKbZzYm.exe
  2⤵
  PID:2860
- C:\Windows\System\XObiROk.exe
  C:\Windows\System\XObiROk.exe
  2⤵
  PID:2720
- C:\Windows\System\tmEoNuK.exe
  C:\Windows\System\tmEoNuK.exe
  2⤵
  PID:1784
- C:\Windows\System\YkCYqYO.exe
  C:\Windows\System\YkCYqYO.exe
  2⤵
  PID:736
- C:\Windows\System\PBPFSzs.exe
  C:\Windows\System\PBPFSzs.exe
  2⤵
  PID:3092
- C:\Windows\System\lLGwasb.exe
  C:\Windows\System\lLGwasb.exe
  2⤵
  PID:3112
- C:\Windows\System\OGsaktN.exe
  C:\Windows\System\OGsaktN.exe
  2⤵
  PID:3132
- C:\Windows\System\nTJwugL.exe
  C:\Windows\System\nTJwugL.exe
  2⤵
  PID:3152
- C:\Windows\System\YhbApRt.exe
  C:\Windows\System\YhbApRt.exe
  2⤵
  PID:3168
- C:\Windows\System\MfloUsX.exe
  C:\Windows\System\MfloUsX.exe
  2⤵
  PID:3188
- C:\Windows\System\zrrUVve.exe
  C:\Windows\System\zrrUVve.exe
  2⤵
  PID:3208
- C:\Windows\System\HhqKDSg.exe
  C:\Windows\System\HhqKDSg.exe
  2⤵
  PID:3232
- C:\Windows\System\IYUbhAq.exe
  C:\Windows\System\IYUbhAq.exe
  2⤵
  PID:3252
- C:\Windows\System\OsLbJzT.exe
  C:\Windows\System\OsLbJzT.exe
  2⤵
  PID:3272
- C:\Windows\System\uqShOpL.exe
  C:\Windows\System\uqShOpL.exe
  2⤵
  PID:3292
- C:\Windows\System\CXxQaYv.exe
  C:\Windows\System\CXxQaYv.exe
  2⤵
  PID:3312
- C:\Windows\System\UVLdiKd.exe
  C:\Windows\System\UVLdiKd.exe
  2⤵
  PID:3332
- C:\Windows\System\FfeUhzg.exe
  C:\Windows\System\FfeUhzg.exe
  2⤵
  PID:3356
- C:\Windows\System\ASryGbQ.exe
  C:\Windows\System\ASryGbQ.exe
  2⤵
  PID:3376
- C:\Windows\System\ntzCTrg.exe
  C:\Windows\System\ntzCTrg.exe
  2⤵
  PID:3396
- C:\Windows\System\pcNoJvC.exe
  C:\Windows\System\pcNoJvC.exe
  2⤵
  PID:3416
- C:\Windows\System\AKWIRlT.exe
  C:\Windows\System\AKWIRlT.exe
  2⤵
  PID:3436
- C:\Windows\System\HmnaMsO.exe
  C:\Windows\System\HmnaMsO.exe
  2⤵
  PID:3452
- C:\Windows\System\PEntFAx.exe
  C:\Windows\System\PEntFAx.exe
  2⤵
  PID:3472
- C:\Windows\System\oPyGXUW.exe
  C:\Windows\System\oPyGXUW.exe
  2⤵
  PID:3496
- C:\Windows\System\IeKlzXk.exe
  C:\Windows\System\IeKlzXk.exe
  2⤵
  PID:3516
- C:\Windows\System\HQfhiGg.exe
  C:\Windows\System\HQfhiGg.exe
  2⤵
  PID:3532
- C:\Windows\System\LsyOXqG.exe
  C:\Windows\System\LsyOXqG.exe
  2⤵
  PID:3556
- C:\Windows\System\JcfVguu.exe
  C:\Windows\System\JcfVguu.exe
  2⤵
  PID:3576
- C:\Windows\System\VnwHqDz.exe
  C:\Windows\System\VnwHqDz.exe
  2⤵
  PID:3596
- C:\Windows\System\dtlHSgH.exe
  C:\Windows\System\dtlHSgH.exe
  2⤵
  PID:3612
- C:\Windows\System\wpuMEHM.exe
  C:\Windows\System\wpuMEHM.exe
  2⤵
  PID:3636
- C:\Windows\System\GvQNSxm.exe
  C:\Windows\System\GvQNSxm.exe
  2⤵
  PID:3656
- C:\Windows\System\Yudvris.exe
  C:\Windows\System\Yudvris.exe
  2⤵
  PID:3676
- C:\Windows\System\WPJQURp.exe
  C:\Windows\System\WPJQURp.exe
  2⤵
  PID:3692
- C:\Windows\System\gmzqtqO.exe
  C:\Windows\System\gmzqtqO.exe
  2⤵
  PID:3716
- C:\Windows\System\nKfgqnW.exe
  C:\Windows\System\nKfgqnW.exe
  2⤵
  PID:3740
- C:\Windows\System\fmpBhyY.exe
  C:\Windows\System\fmpBhyY.exe
  2⤵
  PID:3760
- C:\Windows\System\POjEITl.exe
  C:\Windows\System\POjEITl.exe
  2⤵
  PID:3780
- C:\Windows\System\WlUqsVs.exe
  C:\Windows\System\WlUqsVs.exe
  2⤵
  PID:3800
- C:\Windows\System\KHDpobb.exe
  C:\Windows\System\KHDpobb.exe
  2⤵
  PID:3820
- C:\Windows\System\mmctwtj.exe
  C:\Windows\System\mmctwtj.exe
  2⤵
  PID:3840
- C:\Windows\System\lCBMZOf.exe
  C:\Windows\System\lCBMZOf.exe
  2⤵
  PID:3860
- C:\Windows\System\eHUjqjv.exe
  C:\Windows\System\eHUjqjv.exe
  2⤵
  PID:3884
- C:\Windows\System\FQRaWoh.exe
  C:\Windows\System\FQRaWoh.exe
  2⤵
  PID:3900
- C:\Windows\System\RwhxRIX.exe
  C:\Windows\System\RwhxRIX.exe
  2⤵
  PID:3924
- C:\Windows\System\atlvbph.exe
  C:\Windows\System\atlvbph.exe
  2⤵
  PID:3944
- C:\Windows\System\uHHkwdT.exe
  C:\Windows\System\uHHkwdT.exe
  2⤵
  PID:3964
- C:\Windows\System\oVpsqpz.exe
  C:\Windows\System\oVpsqpz.exe
  2⤵
  PID:3980
- C:\Windows\System\YCGhIfO.exe
  C:\Windows\System\YCGhIfO.exe
  2⤵
  PID:4000
- C:\Windows\System\RgJZxTr.exe
  C:\Windows\System\RgJZxTr.exe
  2⤵
  PID:4020
- C:\Windows\System\HofnZwE.exe
  C:\Windows\System\HofnZwE.exe
  2⤵
  PID:4040
- C:\Windows\System\cLyCkZi.exe
  C:\Windows\System\cLyCkZi.exe
  2⤵
  PID:4060
- C:\Windows\System\FgWMDIG.exe
  C:\Windows\System\FgWMDIG.exe
  2⤵
  PID:4084
- C:\Windows\System\butufUa.exe
  C:\Windows\System\butufUa.exe
  2⤵
  PID:1088
- C:\Windows\System\WVExaGt.exe
  C:\Windows\System\WVExaGt.exe
  2⤵
  PID:1312
- C:\Windows\System\boDXMXe.exe
  C:\Windows\System\boDXMXe.exe
  2⤵
  PID:1704
- C:\Windows\System\DFWEACq.exe
  C:\Windows\System\DFWEACq.exe
  2⤵
  PID:2364
- C:\Windows\System\xCPpifw.exe
  C:\Windows\System\xCPpifw.exe
  2⤵
  PID:2948
- C:\Windows\System\NaifkWV.exe
  C:\Windows\System\NaifkWV.exe
  2⤵
  PID:2508
- C:\Windows\System\TmqMlgq.exe
  C:\Windows\System\TmqMlgq.exe
  2⤵
  PID:1908
- C:\Windows\System\RiTkSka.exe
  C:\Windows\System\RiTkSka.exe
  2⤵
  PID:3080
- C:\Windows\System\WbdELag.exe
  C:\Windows\System\WbdELag.exe
  2⤵
  PID:3140
- C:\Windows\System\xBHkiTH.exe
  C:\Windows\System\xBHkiTH.exe
  2⤵
  PID:3184
- C:\Windows\System\xEzwITv.exe
  C:\Windows\System\xEzwITv.exe
  2⤵
  PID:3216
- C:\Windows\System\tTVMymo.exe
  C:\Windows\System\tTVMymo.exe
  2⤵
  PID:3204
- C:\Windows\System\eWxpCcS.exe
  C:\Windows\System\eWxpCcS.exe
  2⤵
  PID:3268
- C:\Windows\System\hlXDHCr.exe
  C:\Windows\System\hlXDHCr.exe
  2⤵
  PID:3280
- C:\Windows\System\fhqSZSZ.exe
  C:\Windows\System\fhqSZSZ.exe
  2⤵
  PID:3284
- C:\Windows\System\udAHltz.exe
  C:\Windows\System\udAHltz.exe
  2⤵
  PID:3324
- C:\Windows\System\uJXaFFV.exe
  C:\Windows\System\uJXaFFV.exe
  2⤵
  PID:3368
- C:\Windows\System\LMlrGtF.exe
  C:\Windows\System\LMlrGtF.exe
  2⤵
  PID:3432
- C:\Windows\System\MQCdSMi.exe
  C:\Windows\System\MQCdSMi.exe
  2⤵
  PID:3464
- C:\Windows\System\mwQJYVh.exe
  C:\Windows\System\mwQJYVh.exe
  2⤵
  PID:3492
- C:\Windows\System\bSNrAkA.exe
  C:\Windows\System\bSNrAkA.exe
  2⤵
  PID:3548
- C:\Windows\System\bSHxGDm.exe
  C:\Windows\System\bSHxGDm.exe
  2⤵
  PID:3584
- C:\Windows\System\CvwlOwd.exe
  C:\Windows\System\CvwlOwd.exe
  2⤵
  PID:3592
- C:\Windows\System\oQlXQhE.exe
  C:\Windows\System\oQlXQhE.exe
  2⤵
  PID:3604
- C:\Windows\System\jGASTUa.exe
  C:\Windows\System\jGASTUa.exe
  2⤵
  PID:3664
- C:\Windows\System\tdTqMtP.exe
  C:\Windows\System\tdTqMtP.exe
  2⤵
  PID:2236
- C:\Windows\System\jJHDOEg.exe
  C:\Windows\System\jJHDOEg.exe
  2⤵
  PID:3684
- C:\Windows\System\cnUhCKm.exe
  C:\Windows\System\cnUhCKm.exe
  2⤵
  PID:3748
- C:\Windows\System\ggNmERo.exe
  C:\Windows\System\ggNmERo.exe
  2⤵
  PID:3796
- C:\Windows\System\rNUgdcE.exe
  C:\Windows\System\rNUgdcE.exe
  2⤵
  PID:3808
- C:\Windows\System\lruuvuo.exe
  C:\Windows\System\lruuvuo.exe
  2⤵
  PID:3812
- C:\Windows\System\NTDbHSk.exe
  C:\Windows\System\NTDbHSk.exe
  2⤵
  PID:3852
- C:\Windows\System\MYSpxTo.exe
  C:\Windows\System\MYSpxTo.exe
  2⤵
  PID:3920
- C:\Windows\System\SkUzXHG.exe
  C:\Windows\System\SkUzXHG.exe
  2⤵
  PID:3896
- C:\Windows\System\aQxOhut.exe
  C:\Windows\System\aQxOhut.exe
  2⤵
  PID:3992
- C:\Windows\System\PEshTDU.exe
  C:\Windows\System\PEshTDU.exe
  2⤵
  PID:4032
- C:\Windows\System\AQCqWAG.exe
  C:\Windows\System\AQCqWAG.exe
  2⤵
  PID:4068
- C:\Windows\System\CZAqbrQ.exe
  C:\Windows\System\CZAqbrQ.exe
  2⤵
  PID:4048
- C:\Windows\System\AeiBYjI.exe
  C:\Windows\System\AeiBYjI.exe
  2⤵
  PID:2056
- C:\Windows\System\OiTTvgE.exe
  C:\Windows\System\OiTTvgE.exe
  2⤵
  PID:1328
- C:\Windows\System\rqCjbpR.exe
  C:\Windows\System\rqCjbpR.exe
  2⤵
  PID:2196
- C:\Windows\System\reaKQTh.exe
  C:\Windows\System\reaKQTh.exe
  2⤵
  PID:1820
- C:\Windows\System\UelBnXY.exe
  C:\Windows\System\UelBnXY.exe
  2⤵
  PID:2260
- C:\Windows\System\MaFCnSH.exe
  C:\Windows\System\MaFCnSH.exe
  2⤵
  PID:3228
- C:\Windows\System\vJLSOrP.exe
  C:\Windows\System\vJLSOrP.exe
  2⤵
  PID:2432
- C:\Windows\System\wGmmVxa.exe
  C:\Windows\System\wGmmVxa.exe
  2⤵
  PID:3348
- C:\Windows\System\qXlAxEP.exe
  C:\Windows\System\qXlAxEP.exe
  2⤵
  PID:2928
- C:\Windows\System\bQzDgdx.exe
  C:\Windows\System\bQzDgdx.exe
  2⤵
  PID:3304
- C:\Windows\System\MoxdHfk.exe
  C:\Windows\System\MoxdHfk.exe
  2⤵
  PID:3484
- C:\Windows\System\KBRSmaQ.exe
  C:\Windows\System\KBRSmaQ.exe
  2⤵
  PID:3544
- C:\Windows\System\HWMoPCv.exe
  C:\Windows\System\HWMoPCv.exe
  2⤵
  PID:3468
- C:\Windows\System\XkryRFj.exe
  C:\Windows\System\XkryRFj.exe
  2⤵
  PID:3624
- C:\Windows\System\Hdnlkga.exe
  C:\Windows\System\Hdnlkga.exe
  2⤵
  PID:3568
- C:\Windows\System\ypNCCqy.exe
  C:\Windows\System\ypNCCqy.exe
  2⤵
  PID:2672
- C:\Windows\System\rpOVInq.exe
  C:\Windows\System\rpOVInq.exe
  2⤵
  PID:3772
- C:\Windows\System\rQIuSOu.exe
  C:\Windows\System\rQIuSOu.exe
  2⤵
  PID:3712
- C:\Windows\System\iNXgYKa.exe
  C:\Windows\System\iNXgYKa.exe
  2⤵
  PID:3952
- C:\Windows\System\nFIRSLv.exe
  C:\Windows\System\nFIRSLv.exe
  2⤵
  PID:3832
- C:\Windows\System\fvYSKhb.exe
  C:\Windows\System\fvYSKhb.exe
  2⤵
  PID:4028
- C:\Windows\System\FhCMgTE.exe
  C:\Windows\System\FhCMgTE.exe
  2⤵
  PID:4076
- C:\Windows\System\tYoOxUc.exe
  C:\Windows\System\tYoOxUc.exe
  2⤵
  PID:912
- C:\Windows\System\JTaXVmX.exe
  C:\Windows\System\JTaXVmX.exe
  2⤵
  PID:3988
- C:\Windows\System\bHmPptw.exe
  C:\Windows\System\bHmPptw.exe
  2⤵
  PID:4012
- C:\Windows\System\lVuCYvr.exe
  C:\Windows\System\lVuCYvr.exe
  2⤵
  PID:2640
- C:\Windows\System\ajermYc.exe
  C:\Windows\System\ajermYc.exe
  2⤵
  PID:2340
- C:\Windows\System\CXnUWlw.exe
  C:\Windows\System\CXnUWlw.exe
  2⤵
  PID:1696
- C:\Windows\System\KoAyrJU.exe
  C:\Windows\System\KoAyrJU.exe
  2⤵
  PID:808
- C:\Windows\System\yUIIkgL.exe
  C:\Windows\System\yUIIkgL.exe
  2⤵
  PID:2872
- C:\Windows\System\FqpBGKe.exe
  C:\Windows\System\FqpBGKe.exe
  2⤵
  PID:2864
- C:\Windows\System\sccfpyf.exe
  C:\Windows\System\sccfpyf.exe
  2⤵
  PID:836
- C:\Windows\System\YfjIPsR.exe
  C:\Windows\System\YfjIPsR.exe
  2⤵
  PID:3024
- C:\Windows\System\iHoVsxS.exe
  C:\Windows\System\iHoVsxS.exe
  2⤵
  PID:3120
- C:\Windows\System\zdNDIRS.exe
  C:\Windows\System\zdNDIRS.exe
  2⤵
  PID:3200
- C:\Windows\System\KXaCbMw.exe
  C:\Windows\System\KXaCbMw.exe
  2⤵
  PID:3392
- C:\Windows\System\vBYbRrm.exe
  C:\Windows\System\vBYbRrm.exe
  2⤵
  PID:3404
- C:\Windows\System\qmnooDu.exe
  C:\Windows\System\qmnooDu.exe
  2⤵
  PID:1904
- C:\Windows\System\cmHriGh.exe
  C:\Windows\System\cmHriGh.exe
  2⤵
  PID:1356
- C:\Windows\System\mxxlWhS.exe
  C:\Windows\System\mxxlWhS.exe
  2⤵
  PID:3508
- C:\Windows\System\puOxYAm.exe
  C:\Windows\System\puOxYAm.exe
  2⤵
  PID:3776
- C:\Windows\System\BvpQjJI.exe
  C:\Windows\System\BvpQjJI.exe
  2⤵
  PID:3708
- C:\Windows\System\ROvtHVv.exe
  C:\Windows\System\ROvtHVv.exe
  2⤵
  PID:3876
- C:\Windows\System\cyXXaZi.exe
  C:\Windows\System\cyXXaZi.exe
  2⤵
  PID:4072
- C:\Windows\System\XlZxUWZ.exe
  C:\Windows\System\XlZxUWZ.exe
  2⤵
  PID:3104
- C:\Windows\System\TTPXhgu.exe
  C:\Windows\System\TTPXhgu.exe
  2⤵
  PID:760
- C:\Windows\System\TKGXaSn.exe
  C:\Windows\System\TKGXaSn.exe
  2⤵
  PID:3144
- C:\Windows\System\rOQfisK.exe
  C:\Windows\System\rOQfisK.exe
  2⤵
  PID:2776
- C:\Windows\System\hWalpuU.exe
  C:\Windows\System\hWalpuU.exe
  2⤵
  PID:2424
- C:\Windows\System\HSNeWua.exe
  C:\Windows\System\HSNeWua.exe
  2⤵
  PID:3248
- C:\Windows\System\DMtuaDU.exe
  C:\Windows\System\DMtuaDU.exe
  2⤵
  PID:2604
- C:\Windows\System\JgeuNzP.exe
  C:\Windows\System\JgeuNzP.exe
  2⤵
  PID:2412
- C:\Windows\System\FLeBLyp.exe
  C:\Windows\System\FLeBLyp.exe
  2⤵
  PID:3528
- C:\Windows\System\fNSOdGj.exe
  C:\Windows\System\fNSOdGj.exe
  2⤵
  PID:3412
- C:\Windows\System\FqwUShc.exe
  C:\Windows\System\FqwUShc.exe
  2⤵
  PID:3632
- C:\Windows\System\VQKibrV.exe
  C:\Windows\System\VQKibrV.exe
  2⤵
  PID:1048
- C:\Windows\System\PziNoca.exe
  C:\Windows\System\PziNoca.exe
  2⤵
  PID:1952
- C:\Windows\System\UFqlPSq.exe
  C:\Windows\System\UFqlPSq.exe
  2⤵
  PID:3892
- C:\Windows\System\wcKwDqF.exe
  C:\Windows\System\wcKwDqF.exe
  2⤵
  PID:3352
- C:\Windows\System\fgwmoeH.exe
  C:\Windows\System\fgwmoeH.exe
  2⤵
  PID:3768
- C:\Windows\System\ackzDwL.exe
  C:\Windows\System\ackzDwL.exe
  2⤵
  PID:2892
- C:\Windows\System\Vhmpvry.exe
  C:\Windows\System\Vhmpvry.exe
  2⤵
  PID:308
- C:\Windows\System\bZrBlhE.exe
  C:\Windows\System\bZrBlhE.exe
  2⤵
  PID:3628
- C:\Windows\System\touqlJH.exe
  C:\Windows\System\touqlJH.exe
  2⤵
  PID:3176
- C:\Windows\System\xaIazeZ.exe
  C:\Windows\System\xaIazeZ.exe
  2⤵
  PID:4016
- C:\Windows\System\JypZmLi.exe
  C:\Windows\System\JypZmLi.exe
  2⤵
  PID:3728
- C:\Windows\System\EmHWYKo.exe
  C:\Windows\System\EmHWYKo.exe
  2⤵
  PID:3732
- C:\Windows\System\zMoPIGS.exe
  C:\Windows\System\zMoPIGS.exe
  2⤵
  PID:2176
- C:\Windows\System\tRmsGFN.exe
  C:\Windows\System\tRmsGFN.exe
  2⤵
  PID:2828
- C:\Windows\System\CJlEnHt.exe
  C:\Windows\System\CJlEnHt.exe
  2⤵
  PID:4056
- C:\Windows\System\tniFUkd.exe
  C:\Windows\System\tniFUkd.exe
  2⤵
  PID:1668
- C:\Windows\System\eBOuikw.exe
  C:\Windows\System\eBOuikw.exe
  2⤵
  PID:2104
- C:\Windows\System\TclunLB.exe
  C:\Windows\System\TclunLB.exe
  2⤵
  PID:2344
- C:\Windows\System\gfuGOOB.exe
  C:\Windows\System\gfuGOOB.exe
  2⤵
  PID:1708
- C:\Windows\System\oUuGDEq.exe
  C:\Windows\System\oUuGDEq.exe
  2⤵
  PID:3488
- C:\Windows\System\oxwrTVT.exe
  C:\Windows\System\oxwrTVT.exe
  2⤵
  PID:4112
- C:\Windows\System\juFuoRl.exe
  C:\Windows\System\juFuoRl.exe
  2⤵
  PID:4128
- C:\Windows\System\QVnXzWt.exe
  C:\Windows\System\QVnXzWt.exe
  2⤵
  PID:4144
- C:\Windows\System\uhmVCsV.exe
  C:\Windows\System\uhmVCsV.exe
  2⤵
  PID:4164
- C:\Windows\System\FKnxTqE.exe
  C:\Windows\System\FKnxTqE.exe
  2⤵
  PID:4204
- C:\Windows\System\LyhKxlk.exe
  C:\Windows\System\LyhKxlk.exe
  2⤵
  PID:4220
- C:\Windows\System\HLZJVei.exe
  C:\Windows\System\HLZJVei.exe
  2⤵
  PID:4240
- C:\Windows\System\xZoUzbR.exe
  C:\Windows\System\xZoUzbR.exe
  2⤵
  PID:4256
- C:\Windows\System\GpmrnTn.exe
  C:\Windows\System\GpmrnTn.exe
  2⤵
  PID:4272
- C:\Windows\System\pKgcEGN.exe
  C:\Windows\System\pKgcEGN.exe
  2⤵
  PID:4292
- C:\Windows\System\inyfdTI.exe
  C:\Windows\System\inyfdTI.exe
  2⤵
  PID:4324
- C:\Windows\System\edlxgzy.exe
  C:\Windows\System\edlxgzy.exe
  2⤵
  PID:4340
- C:\Windows\System\dsurbQD.exe
  C:\Windows\System\dsurbQD.exe
  2⤵
  PID:4360
- C:\Windows\System\knJdqke.exe
  C:\Windows\System\knJdqke.exe
  2⤵
  PID:4376
- C:\Windows\System\bLwaFLd.exe
  C:\Windows\System\bLwaFLd.exe
  2⤵
  PID:4392
- C:\Windows\System\cqoUDLg.exe
  C:\Windows\System\cqoUDLg.exe
  2⤵
  PID:4408
- C:\Windows\System\sRnJxqT.exe
  C:\Windows\System\sRnJxqT.exe
  2⤵
  PID:4428
- C:\Windows\System\wIlgZTN.exe
  C:\Windows\System\wIlgZTN.exe
  2⤵
  PID:4444
- C:\Windows\System\LeCIxrK.exe
  C:\Windows\System\LeCIxrK.exe
  2⤵
  PID:4460
- C:\Windows\System\Dvdeswc.exe
  C:\Windows\System\Dvdeswc.exe
  2⤵
  PID:4476
- C:\Windows\System\mNamzec.exe
  C:\Windows\System\mNamzec.exe
  2⤵
  PID:4492
- C:\Windows\System\tlJKkiE.exe
  C:\Windows\System\tlJKkiE.exe
  2⤵
  PID:4512
- C:\Windows\System\pZOIdMR.exe
  C:\Windows\System\pZOIdMR.exe
  2⤵
  PID:4544
- C:\Windows\System\IaumOIX.exe
  C:\Windows\System\IaumOIX.exe
  2⤵
  PID:4560
- C:\Windows\System\dGLpGEV.exe
  C:\Windows\System\dGLpGEV.exe
  2⤵
  PID:4576
- C:\Windows\System\HdZeQks.exe
  C:\Windows\System\HdZeQks.exe
  2⤵
  PID:4620
- C:\Windows\System\GshhnsT.exe
  C:\Windows\System\GshhnsT.exe
  2⤵
  PID:4640
- C:\Windows\System\rHYDBCh.exe
  C:\Windows\System\rHYDBCh.exe
  2⤵
  PID:4656
- C:\Windows\System\XbaWZFf.exe
  C:\Windows\System\XbaWZFf.exe
  2⤵
  PID:4684
- C:\Windows\System\rENelZz.exe
  C:\Windows\System\rENelZz.exe
  2⤵
  PID:4700
- C:\Windows\System\EHXCwgB.exe
  C:\Windows\System\EHXCwgB.exe
  2⤵
  PID:4716
- C:\Windows\System\HmmopiU.exe
  C:\Windows\System\HmmopiU.exe
  2⤵
  PID:4740
- C:\Windows\System\HtPxZPj.exe
  C:\Windows\System\HtPxZPj.exe
  2⤵
  PID:4756
- C:\Windows\System\cpQRDWO.exe
  C:\Windows\System\cpQRDWO.exe
  2⤵
  PID:4776
- C:\Windows\System\nJSnknF.exe
  C:\Windows\System\nJSnknF.exe
  2⤵
  PID:4792
- C:\Windows\System\pysBXMG.exe
  C:\Windows\System\pysBXMG.exe
  2⤵
  PID:4808
- C:\Windows\System\SxtGwrU.exe
  C:\Windows\System\SxtGwrU.exe
  2⤵
  PID:4840
- C:\Windows\System\mOCLIIw.exe
  C:\Windows\System\mOCLIIw.exe
  2⤵
  PID:4856
- C:\Windows\System\fEsdHaj.exe
  C:\Windows\System\fEsdHaj.exe
  2⤵
  PID:4876
- C:\Windows\System\mgfGBjg.exe
  C:\Windows\System\mgfGBjg.exe
  2⤵
  PID:4896
- C:\Windows\System\SIEUWxD.exe
  C:\Windows\System\SIEUWxD.exe
  2⤵
  PID:4916
- C:\Windows\System\voSXxpA.exe
  C:\Windows\System\voSXxpA.exe
  2⤵
  PID:4936
- C:\Windows\System\BOEWIKi.exe
  C:\Windows\System\BOEWIKi.exe
  2⤵
  PID:4952
- C:\Windows\System\nBeInDf.exe
  C:\Windows\System\nBeInDf.exe
  2⤵
  PID:4968
- C:\Windows\System\DgTUHip.exe
  C:\Windows\System\DgTUHip.exe
  2⤵
  PID:5004
- C:\Windows\System\mADmcpI.exe
  C:\Windows\System\mADmcpI.exe
  2⤵
  PID:5020
- C:\Windows\System\oTQPsEM.exe
  C:\Windows\System\oTQPsEM.exe
  2⤵
  PID:5036
- C:\Windows\System\wCxXeTc.exe
  C:\Windows\System\wCxXeTc.exe
  2⤵
  PID:5052
- C:\Windows\System\RptspPF.exe
  C:\Windows\System\RptspPF.exe
  2⤵
  PID:5068
- C:\Windows\System\mDLDvqz.exe
  C:\Windows\System\mDLDvqz.exe
  2⤵
  PID:5084
- C:\Windows\System\OIQhphb.exe
  C:\Windows\System\OIQhphb.exe
  2⤵
  PID:5100
- C:\Windows\System\fKqlnEu.exe
  C:\Windows\System\fKqlnEu.exe
  2⤵
  PID:5116
- C:\Windows\System\qXBpEXF.exe
  C:\Windows\System\qXBpEXF.exe
  2⤵
  PID:3704
- C:\Windows\System\Dqndisj.exe
  C:\Windows\System\Dqndisj.exe
  2⤵
  PID:3880
- C:\Windows\System\MSksFuA.exe
  C:\Windows\System\MSksFuA.exe
  2⤵
  PID:4124
- C:\Windows\System\vQbxCYW.exe
  C:\Windows\System\vQbxCYW.exe
  2⤵
  PID:4176
- C:\Windows\System\cnpMoTT.exe
  C:\Windows\System\cnpMoTT.exe
  2⤵
  PID:4192
- C:\Windows\System\lOynJIM.exe
  C:\Windows\System\lOynJIM.exe
  2⤵
  PID:4228
- C:\Windows\System\ofRzZFM.exe
  C:\Windows\System\ofRzZFM.exe
  2⤵
  PID:4216
- C:\Windows\System\oTEGNfX.exe
  C:\Windows\System\oTEGNfX.exe
  2⤵
  PID:4280
- C:\Windows\System\kvyyMIg.exe
  C:\Windows\System\kvyyMIg.exe
  2⤵
  PID:4212
- C:\Windows\System\wCLlRNy.exe
  C:\Windows\System\wCLlRNy.exe
  2⤵
  PID:4320
- C:\Windows\System\WTwnuGu.exe
  C:\Windows\System\WTwnuGu.exe
  2⤵
  PID:4384
- C:\Windows\System\IgQPlth.exe
  C:\Windows\System\IgQPlth.exe
  2⤵
  PID:4452
- C:\Windows\System\YaCxzvy.exe
  C:\Windows\System\YaCxzvy.exe
  2⤵
  PID:4520
- C:\Windows\System\OSOMyZZ.exe
  C:\Windows\System\OSOMyZZ.exe
  2⤵
  PID:4528
- C:\Windows\System\YkWjijN.exe
  C:\Windows\System\YkWjijN.exe
  2⤵
  PID:4372
- C:\Windows\System\bCABDfs.exe
  C:\Windows\System\bCABDfs.exe
  2⤵
  PID:4568
- C:\Windows\System\MqADZWr.exe
  C:\Windows\System\MqADZWr.exe
  2⤵
  PID:4632
- C:\Windows\System\YESoWip.exe
  C:\Windows\System\YESoWip.exe
  2⤵
  PID:4604
- C:\Windows\System\MsMuTFa.exe
  C:\Windows\System\MsMuTFa.exe
  2⤵
  PID:4648
- C:\Windows\System\IuiUfhW.exe
  C:\Windows\System\IuiUfhW.exe
  2⤵
  PID:4680
- C:\Windows\System\pRbjLSz.exe
  C:\Windows\System\pRbjLSz.exe
  2⤵
  PID:4724
- C:\Windows\System\ilQyDbp.exe
  C:\Windows\System\ilQyDbp.exe
  2⤵
  PID:4752
- C:\Windows\System\tTKhnUS.exe
  C:\Windows\System\tTKhnUS.exe
  2⤵
  PID:4728
- C:\Windows\System\RDYpHdU.exe
  C:\Windows\System\RDYpHdU.exe
  2⤵
  PID:4768
- C:\Windows\System\sAWqdne.exe
  C:\Windows\System\sAWqdne.exe
  2⤵
  PID:2608
- C:\Windows\System\VIlJOel.exe
  C:\Windows\System\VIlJOel.exe
  2⤵
  PID:4836
- C:\Windows\System\ViMUsTr.exe
  C:\Windows\System\ViMUsTr.exe
  2⤵
  PID:4872
- C:\Windows\System\JMihZwC.exe
  C:\Windows\System\JMihZwC.exe
  2⤵
  PID:4908
- C:\Windows\System\ScenLvX.exe
  C:\Windows\System\ScenLvX.exe
  2⤵
  PID:4984
- C:\Windows\System\FqKSTio.exe
  C:\Windows\System\FqKSTio.exe
  2⤵
  PID:5044
- C:\Windows\System\QTZrLvw.exe
  C:\Windows\System\QTZrLvw.exe
  2⤵
  PID:1184
- C:\Windows\System\JJXqKwG.exe
  C:\Windows\System\JJXqKwG.exe
  2⤵
  PID:5032
- C:\Windows\System\zVNJbuX.exe
  C:\Windows\System\zVNJbuX.exe
  2⤵
  PID:3340
- C:\Windows\System\PXCCMEo.exe
  C:\Windows\System\PXCCMEo.exe
  2⤵
  PID:4104
- C:\Windows\System\xwnkqBZ.exe
  C:\Windows\System\xwnkqBZ.exe
  2⤵
  PID:3448
- C:\Windows\System\fOXNNhR.exe
  C:\Windows\System\fOXNNhR.exe
  2⤵
  PID:4188
- C:\Windows\System\pRCtBuK.exe
  C:\Windows\System\pRCtBuK.exe
  2⤵
  PID:4156
- C:\Windows\System\Ljeltlo.exe
  C:\Windows\System\Ljeltlo.exe
  2⤵
  PID:4356
- C:\Windows\System\NZrhvaB.exe
  C:\Windows\System\NZrhvaB.exe
  2⤵
  PID:4488
- C:\Windows\System\fJCFzoJ.exe
  C:\Windows\System\fJCFzoJ.exe
  2⤵
  PID:4420
- C:\Windows\System\igMoKmz.exe
  C:\Windows\System\igMoKmz.exe
  2⤵
  PID:4588
- C:\Windows\System\zSOIaQp.exe
  C:\Windows\System\zSOIaQp.exe
  2⤵
  PID:3124
- C:\Windows\System\hvEKxBe.exe
  C:\Windows\System\hvEKxBe.exe
  2⤵
  PID:4416
- C:\Windows\System\EJyPxAm.exe
  C:\Windows\System\EJyPxAm.exe
  2⤵
  PID:4668
- C:\Windows\System\rgNUvMF.exe
  C:\Windows\System\rgNUvMF.exe
  2⤵
  PID:4300
- C:\Windows\System\RksdUOh.exe
  C:\Windows\System\RksdUOh.exe
  2⤵
  PID:4736
- C:\Windows\System\XpeMDTy.exe
  C:\Windows\System\XpeMDTy.exe
  2⤵
  PID:4816
- C:\Windows\System\gLhpoYG.exe
  C:\Windows\System\gLhpoYG.exe
  2⤵
  PID:4852
- C:\Windows\System\DCnQuRs.exe
  C:\Windows\System\DCnQuRs.exe
  2⤵
  PID:4960
- C:\Windows\System\naoqqgo.exe
  C:\Windows\System\naoqqgo.exe
  2⤵
  PID:4928
- C:\Windows\System\wLELzch.exe
  C:\Windows\System\wLELzch.exe
  2⤵
  PID:4748
- C:\Windows\System\cvBiJTe.exe
  C:\Windows\System\cvBiJTe.exe
  2⤵
  PID:5012
- C:\Windows\System\ccQnZdz.exe
  C:\Windows\System\ccQnZdz.exe
  2⤵
  PID:5112
- C:\Windows\System\PkWIxcd.exe
  C:\Windows\System\PkWIxcd.exe
  2⤵
  PID:3444
- C:\Windows\System\eZWiITI.exe
  C:\Windows\System\eZWiITI.exe
  2⤵
  PID:2456
- C:\Windows\System\yFPJngH.exe
  C:\Windows\System\yFPJngH.exe
  2⤵
  PID:4440
- C:\Windows\System\oQJVcZP.exe
  C:\Windows\System\oQJVcZP.exe
  2⤵
  PID:4584
- C:\Windows\System\qJzpksz.exe
  C:\Windows\System\qJzpksz.exe
  2⤵
  PID:4500
- C:\Windows\System\KuPsXxq.exe
  C:\Windows\System\KuPsXxq.exe
  2⤵
  PID:4184
- C:\Windows\System\vEpxSPB.exe
  C:\Windows\System\vEpxSPB.exe
  2⤵
  PID:4556
- C:\Windows\System\ETRzoCS.exe
  C:\Windows\System\ETRzoCS.exe
  2⤵
  PID:4540
- C:\Windows\System\MZCaYKk.exe
  C:\Windows\System\MZCaYKk.exe
  2⤵
  PID:4904
- C:\Windows\System\WyXoQnC.exe
  C:\Windows\System\WyXoQnC.exe
  2⤵
  PID:5028
- C:\Windows\System\gEjbNag.exe
  C:\Windows\System\gEjbNag.exe
  2⤵
  PID:5076
- C:\Windows\System\vHjskOF.exe
  C:\Windows\System\vHjskOF.exe
  2⤵
  PID:4832
- C:\Windows\System\SCJyzdp.exe
  C:\Windows\System\SCJyzdp.exe
  2⤵
  PID:1544
- C:\Windows\System\BvGRzPB.exe
  C:\Windows\System\BvGRzPB.exe
  2⤵
  PID:4264
- C:\Windows\System\GNskqLx.exe
  C:\Windows\System\GNskqLx.exe
  2⤵
  PID:4504
- C:\Windows\System\WmXIuqE.exe
  C:\Windows\System\WmXIuqE.exe
  2⤵
  PID:3408
- C:\Windows\System\FlQRCnw.exe
  C:\Windows\System\FlQRCnw.exe
  2⤵
  PID:4864
- C:\Windows\System\JTNgfnu.exe
  C:\Windows\System\JTNgfnu.exe
  2⤵
  PID:4712
- C:\Windows\System\JbrMBJg.exe
  C:\Windows\System\JbrMBJg.exe
  2⤵
  PID:4788
- C:\Windows\System\YLNtTlP.exe
  C:\Windows\System\YLNtTlP.exe
  2⤵
  PID:4304
- C:\Windows\System\WsHupuI.exe
  C:\Windows\System\WsHupuI.exe
  2⤵
  PID:4312
- C:\Windows\System\CTEymwr.exe
  C:\Windows\System\CTEymwr.exe
  2⤵
  PID:4532
- C:\Windows\System\OSlHzbv.exe
  C:\Windows\System\OSlHzbv.exe
  2⤵
  PID:4976
- C:\Windows\System\EMtmnjm.exe
  C:\Windows\System\EMtmnjm.exe
  2⤵
  PID:3100
- C:\Windows\System\BAQVVBP.exe
  C:\Windows\System\BAQVVBP.exe
  2⤵
  PID:5124
- C:\Windows\System\DRtYWab.exe
  C:\Windows\System\DRtYWab.exe
  2⤵
  PID:5140
- C:\Windows\System\grzsvUn.exe
  C:\Windows\System\grzsvUn.exe
  2⤵
  PID:5156
- C:\Windows\System\NkGBoTY.exe
  C:\Windows\System\NkGBoTY.exe
  2⤵
  PID:5172
- C:\Windows\System\zvxYVlz.exe
  C:\Windows\System\zvxYVlz.exe
  2⤵
  PID:5188
- C:\Windows\System\ZlmQhTJ.exe
  C:\Windows\System\ZlmQhTJ.exe
  2⤵
  PID:5212
- C:\Windows\System\JjUQUIl.exe
  C:\Windows\System\JjUQUIl.exe
  2⤵
  PID:5260
- C:\Windows\System\mtqJurn.exe
  C:\Windows\System\mtqJurn.exe
  2⤵
  PID:5276
- C:\Windows\System\iuYXnUs.exe
  C:\Windows\System\iuYXnUs.exe
  2⤵
  PID:5296
- C:\Windows\System\sVWzuxK.exe
  C:\Windows\System\sVWzuxK.exe
  2⤵
  PID:5312
- C:\Windows\System\lFRDdli.exe
  C:\Windows\System\lFRDdli.exe
  2⤵
  PID:5340
- C:\Windows\System\vDllRfj.exe
  C:\Windows\System\vDllRfj.exe
  2⤵
  PID:5356
- C:\Windows\System\cOguNer.exe
  C:\Windows\System\cOguNer.exe
  2⤵
  PID:5372
- C:\Windows\System\JRzjntx.exe
  C:\Windows\System\JRzjntx.exe
  2⤵
  PID:5388
- C:\Windows\System\FZDJvFK.exe
  C:\Windows\System\FZDJvFK.exe
  2⤵
  PID:5404
- C:\Windows\System\aEbTAaL.exe
  C:\Windows\System\aEbTAaL.exe
  2⤵
  PID:5420
- C:\Windows\System\qXTLCVh.exe
  C:\Windows\System\qXTLCVh.exe
  2⤵
  PID:5436
- C:\Windows\System\cCnSrrs.exe
  C:\Windows\System\cCnSrrs.exe
  2⤵
  PID:5460
- C:\Windows\System\hAzurTY.exe
  C:\Windows\System\hAzurTY.exe
  2⤵
  PID:5492
- C:\Windows\System\bCboPzD.exe
  C:\Windows\System\bCboPzD.exe
  2⤵
  PID:5508
- C:\Windows\System\jSMsrvk.exe
  C:\Windows\System\jSMsrvk.exe
  2⤵
  PID:5540
- C:\Windows\System\yraVVGZ.exe
  C:\Windows\System\yraVVGZ.exe
  2⤵
  PID:5556
- C:\Windows\System\BoAIFqq.exe
  C:\Windows\System\BoAIFqq.exe
  2⤵
  PID:5572
- C:\Windows\System\GgDcbng.exe
  C:\Windows\System\GgDcbng.exe
  2⤵
  PID:5600
- C:\Windows\System\agLvqfC.exe
  C:\Windows\System\agLvqfC.exe
  2⤵
  PID:5616
- C:\Windows\System\koRhJAO.exe
  C:\Windows\System\koRhJAO.exe
  2⤵
  PID:5632
- C:\Windows\System\YTbApdZ.exe
  C:\Windows\System\YTbApdZ.exe
  2⤵
  PID:5656
- C:\Windows\System\YAiRcrQ.exe
  C:\Windows\System\YAiRcrQ.exe
  2⤵
  PID:5676
- C:\Windows\System\sdicmme.exe
  C:\Windows\System\sdicmme.exe
  2⤵
  PID:5696
- C:\Windows\System\PvfcAVv.exe
  C:\Windows\System\PvfcAVv.exe
  2⤵
  PID:5728
- C:\Windows\System\UiiRWSP.exe
  C:\Windows\System\UiiRWSP.exe
  2⤵
  PID:5744
- C:\Windows\System\bwymTga.exe
  C:\Windows\System\bwymTga.exe
  2⤵
  PID:5760
- C:\Windows\System\dBPQNPz.exe
  C:\Windows\System\dBPQNPz.exe
  2⤵
  PID:5776
- C:\Windows\System\hYFvQnm.exe
  C:\Windows\System\hYFvQnm.exe
  2⤵
  PID:5792
- C:\Windows\System\wZfyzHB.exe
  C:\Windows\System\wZfyzHB.exe
  2⤵
  PID:5812
- C:\Windows\System\AlJtiFT.exe
  C:\Windows\System\AlJtiFT.exe
  2⤵
  PID:5852
- C:\Windows\System\WvwvXSQ.exe
  C:\Windows\System\WvwvXSQ.exe
  2⤵
  PID:5868
- C:\Windows\System\HeWSCRD.exe
  C:\Windows\System\HeWSCRD.exe
  2⤵
  PID:5892
- C:\Windows\System\BRfxLgf.exe
  C:\Windows\System\BRfxLgf.exe
  2⤵
  PID:5908
- C:\Windows\System\PNuvkcg.exe
  C:\Windows\System\PNuvkcg.exe
  2⤵
  PID:5932
- C:\Windows\System\zvSlVAl.exe
  C:\Windows\System\zvSlVAl.exe
  2⤵
  PID:5960
- C:\Windows\System\avFGKhf.exe
  C:\Windows\System\avFGKhf.exe
  2⤵
  PID:5976
- C:\Windows\System\mCdQLkr.exe
  C:\Windows\System\mCdQLkr.exe
  2⤵
  PID:5996
- C:\Windows\System\oWfuGhn.exe
  C:\Windows\System\oWfuGhn.exe
  2⤵
  PID:6012
- C:\Windows\System\TbdxuJh.exe
  C:\Windows\System\TbdxuJh.exe
  2⤵
  PID:6028
- C:\Windows\System\oKAaBIk.exe
  C:\Windows\System\oKAaBIk.exe
  2⤵
  PID:6048
- C:\Windows\System\NQFYMVV.exe
  C:\Windows\System\NQFYMVV.exe
  2⤵
  PID:6064
- C:\Windows\System\strfrBs.exe
  C:\Windows\System\strfrBs.exe
  2⤵
  PID:6116
- C:\Windows\System\udyBaBs.exe
  C:\Windows\System\udyBaBs.exe
  2⤵
  PID:6132
- C:\Windows\System\NrJbMtK.exe
  C:\Windows\System\NrJbMtK.exe
  2⤵
  PID:4484
- C:\Windows\System\bPGjFeS.exe
  C:\Windows\System\bPGjFeS.exe
  2⤵
  PID:5152
- C:\Windows\System\zKOWZar.exe
  C:\Windows\System\zKOWZar.exe
  2⤵
  PID:4600
- C:\Windows\System\SYcUEYu.exe
  C:\Windows\System\SYcUEYu.exe
  2⤵
  PID:5224
- C:\Windows\System\eIakwyr.exe
  C:\Windows\System\eIakwyr.exe
  2⤵
  PID:5240
- C:\Windows\System\QsKGfij.exe
  C:\Windows\System\QsKGfij.exe
  2⤵
  PID:5204
- C:\Windows\System\iqjNLFK.exe
  C:\Windows\System\iqjNLFK.exe
  2⤵
  PID:4136
- C:\Windows\System\vTFXkIH.exe
  C:\Windows\System\vTFXkIH.exe
  2⤵
  PID:5248
- C:\Windows\System\tmayrui.exe
  C:\Windows\System\tmayrui.exe
  2⤵
  PID:5268
- C:\Windows\System\bHRoMdL.exe
  C:\Windows\System\bHRoMdL.exe
  2⤵
  PID:5364
- C:\Windows\System\AmVLcCb.exe
  C:\Windows\System\AmVLcCb.exe
  2⤵
  PID:5380
- C:\Windows\System\aflVkJl.exe
  C:\Windows\System\aflVkJl.exe
  2⤵
  PID:5448
- C:\Windows\System\CEireVo.exe
  C:\Windows\System\CEireVo.exe
  2⤵
  PID:5480
- C:\Windows\System\MaDzjeL.exe
  C:\Windows\System\MaDzjeL.exe
  2⤵
  PID:5520
- C:\Windows\System\hKjQViG.exe
  C:\Windows\System\hKjQViG.exe
  2⤵
  PID:5536
- C:\Windows\System\zRNaFOo.exe
  C:\Windows\System\zRNaFOo.exe
  2⤵
  PID:2588
- C:\Windows\System\Jutrrkf.exe
  C:\Windows\System\Jutrrkf.exe
  2⤵
  PID:5588
- C:\Windows\System\XdtsSAT.exe
  C:\Windows\System\XdtsSAT.exe
  2⤵
  PID:5596
- C:\Windows\System\OFwOghA.exe
  C:\Windows\System\OFwOghA.exe
  2⤵
  PID:5652
- C:\Windows\System\uCymYfB.exe
  C:\Windows\System\uCymYfB.exe
  2⤵
  PID:5712
- C:\Windows\System\kjJUGDx.exe
  C:\Windows\System\kjJUGDx.exe
  2⤵
  PID:5672
- C:\Windows\System\KyCLekm.exe
  C:\Windows\System\KyCLekm.exe
  2⤵
  PID:5788
- C:\Windows\System\YavdkLs.exe
  C:\Windows\System\YavdkLs.exe
  2⤵
  PID:5820
- C:\Windows\System\lOFkcDo.exe
  C:\Windows\System\lOFkcDo.exe
  2⤵
  PID:5804
- C:\Windows\System\xHucqbR.exe
  C:\Windows\System\xHucqbR.exe
  2⤵
  PID:5876
- C:\Windows\System\Wohztho.exe
  C:\Windows\System\Wohztho.exe
  2⤵
  PID:5860
- C:\Windows\System\FdJUdsa.exe
  C:\Windows\System\FdJUdsa.exe
  2⤵
  PID:5968
- C:\Windows\System\MQNdLJq.exe
  C:\Windows\System\MQNdLJq.exe
  2⤵
  PID:6036
- C:\Windows\System\StXQhyL.exe
  C:\Windows\System\StXQhyL.exe
  2⤵
  PID:5944
- C:\Windows\System\lMhVzfc.exe
  C:\Windows\System\lMhVzfc.exe
  2⤵
  PID:6024
- C:\Windows\System\qJeUtjC.exe
  C:\Windows\System\qJeUtjC.exe
  2⤵
  PID:5984
- C:\Windows\System\BSlkSqM.exe
  C:\Windows\System\BSlkSqM.exe
  2⤵
  PID:6104
- C:\Windows\System\yICJPUm.exe
  C:\Windows\System\yICJPUm.exe
  2⤵
  PID:6140
- C:\Windows\System\iPtpfhf.exe
  C:\Windows\System\iPtpfhf.exe
  2⤵
  PID:5236
- C:\Windows\System\WfueFlj.exe
  C:\Windows\System\WfueFlj.exe
  2⤵
  PID:6128
- C:\Windows\System\zaFTeKI.exe
  C:\Windows\System\zaFTeKI.exe
  2⤵
  PID:5168
- C:\Windows\System\kPzhgwp.exe
  C:\Windows\System\kPzhgwp.exe
  2⤵
  PID:5284
- C:\Windows\System\zNFCDnJ.exe
  C:\Windows\System\zNFCDnJ.exe
  2⤵
  PID:5308
- C:\Windows\System\ANvXkXN.exe
  C:\Windows\System\ANvXkXN.exe
  2⤵
  PID:5328
- C:\Windows\System\ATcJsZy.exe
  C:\Windows\System\ATcJsZy.exe
  2⤵
  PID:5396
- C:\Windows\System\pisIHwl.exe
  C:\Windows\System\pisIHwl.exe
  2⤵
  PID:5444
- C:\Windows\System\eKCRhRx.exe
  C:\Windows\System\eKCRhRx.exe
  2⤵
  PID:5524
- C:\Windows\System\xucFDoI.exe
  C:\Windows\System\xucFDoI.exe
  2⤵
  PID:5644
- C:\Windows\System\WcjJtzU.exe
  C:\Windows\System\WcjJtzU.exe
  2⤵
  PID:5708
- C:\Windows\System\KkkPTHg.exe
  C:\Windows\System\KkkPTHg.exe
  2⤵
  PID:5640
- C:\Windows\System\zOyupZG.exe
  C:\Windows\System\zOyupZG.exe
  2⤵
  PID:5848
- C:\Windows\System\NxMgAeU.exe
  C:\Windows\System\NxMgAeU.exe
  2⤵
  PID:5568
- C:\Windows\System\wpfPYEi.exe
  C:\Windows\System\wpfPYEi.exe
  2⤵
  PID:5928
- C:\Windows\System\jSxPykz.exe
  C:\Windows\System\jSxPykz.exe
  2⤵
  PID:6060
- C:\Windows\System\VTElWIk.exe
  C:\Windows\System\VTElWIk.exe
  2⤵
  PID:5136
- C:\Windows\System\tfmmnNf.exe
  C:\Windows\System\tfmmnNf.exe
  2⤵
  PID:5888
- C:\Windows\System\yFahzzM.exe
  C:\Windows\System\yFahzzM.exe
  2⤵
  PID:5324
- C:\Windows\System\mmPPEYl.exe
  C:\Windows\System\mmPPEYl.exe
  2⤵
  PID:6004
- C:\Windows\System\dWtkBSJ.exe
  C:\Windows\System\dWtkBSJ.exe
  2⤵
  PID:6080
- C:\Windows\System\QGyFhhQ.exe
  C:\Windows\System\QGyFhhQ.exe
  2⤵
  PID:5548
- C:\Windows\System\yEvanti.exe
  C:\Windows\System\yEvanti.exe
  2⤵
  PID:5668
- C:\Windows\System\ZYjJRDM.exe
  C:\Windows\System\ZYjJRDM.exe
  2⤵
  PID:5320
- C:\Windows\System\IXZIVDs.exe
  C:\Windows\System\IXZIVDs.exe
  2⤵
  PID:6092
- C:\Windows\System\ozNKtiF.exe
  C:\Windows\System\ozNKtiF.exe
  2⤵
  PID:5784
- C:\Windows\System\yVMTMeI.exe
  C:\Windows\System\yVMTMeI.exe
  2⤵
  PID:5504
- C:\Windows\System\DiIhnyi.exe
  C:\Windows\System\DiIhnyi.exe
  2⤵
  PID:5880
- C:\Windows\System\aWJZunG.exe
  C:\Windows\System\aWJZunG.exe
  2⤵
  PID:6044
- C:\Windows\System\dUXRVCi.exe
  C:\Windows\System\dUXRVCi.exe
  2⤵
  PID:5232
- C:\Windows\System\bXxQFyO.exe
  C:\Windows\System\bXxQFyO.exe
  2⤵
  PID:6112
- C:\Windows\System\LeQJxIx.exe
  C:\Windows\System\LeQJxIx.exe
  2⤵
  PID:5348
- C:\Windows\System\qakctVB.exe
  C:\Windows\System\qakctVB.exe
  2⤵
  PID:5336
- C:\Windows\System\BchMDab.exe
  C:\Windows\System\BchMDab.exe
  2⤵
  PID:5584
- C:\Windows\System\HOKYMSs.exe
  C:\Windows\System\HOKYMSs.exe
  2⤵
  PID:5244
- C:\Windows\System\FuYgkYx.exe
  C:\Windows\System\FuYgkYx.exe
  2⤵
  PID:6020
- C:\Windows\System\xerYxKX.exe
  C:\Windows\System\xerYxKX.exe
  2⤵
  PID:6088
- C:\Windows\System\rrOTUin.exe
  C:\Windows\System\rrOTUin.exe
  2⤵
  PID:5940
- C:\Windows\System\dkyEzsA.exe
  C:\Windows\System\dkyEzsA.exe
  2⤵
  PID:5800
- C:\Windows\System\MHGXQKw.exe
  C:\Windows\System\MHGXQKw.exe
  2⤵
  PID:5412
- C:\Windows\System\tcZKugl.exe
  C:\Windows\System\tcZKugl.exe
  2⤵
  PID:5476
- C:\Windows\System\DzNmZYC.exe
  C:\Windows\System\DzNmZYC.exe
  2⤵
  PID:5272
- C:\Windows\System\abqRHTP.exe
  C:\Windows\System\abqRHTP.exe
  2⤵
  PID:6008
- C:\Windows\System\IxWZcFy.exe
  C:\Windows\System\IxWZcFy.exe
  2⤵
  PID:6156
- C:\Windows\System\xpNzcRE.exe
  C:\Windows\System\xpNzcRE.exe
  2⤵
  PID:6172
- C:\Windows\System\klSnzfm.exe
  C:\Windows\System\klSnzfm.exe
  2⤵
  PID:6188
- C:\Windows\System\rUfjCwe.exe
  C:\Windows\System\rUfjCwe.exe
  2⤵
  PID:6208
- C:\Windows\System\uxtPdwy.exe
  C:\Windows\System\uxtPdwy.exe
  2⤵
  PID:6228
- C:\Windows\System\GwhmULW.exe
  C:\Windows\System\GwhmULW.exe
  2⤵
  PID:6252
- C:\Windows\System\lAJDOjh.exe
  C:\Windows\System\lAJDOjh.exe
  2⤵
  PID:6272
- C:\Windows\System\LeddRzb.exe
  C:\Windows\System\LeddRzb.exe
  2⤵
  PID:6316
- C:\Windows\System\INjOymR.exe
  C:\Windows\System\INjOymR.exe
  2⤵
  PID:6336
- C:\Windows\System\qcROxQW.exe
  C:\Windows\System\qcROxQW.exe
  2⤵
  PID:6352
- C:\Windows\System\PkGKZqN.exe
  C:\Windows\System\PkGKZqN.exe
  2⤵
  PID:6376
- C:\Windows\System\EctwGeD.exe
  C:\Windows\System\EctwGeD.exe
  2⤵
  PID:6392
- C:\Windows\System\CXvpjSt.exe
  C:\Windows\System\CXvpjSt.exe
  2⤵
  PID:6408
- C:\Windows\System\ojSMtiO.exe
  C:\Windows\System\ojSMtiO.exe
  2⤵
  PID:6428
- C:\Windows\System\pRxuvZf.exe
  C:\Windows\System\pRxuvZf.exe
  2⤵
  PID:6444
- C:\Windows\System\NfIGtPh.exe
  C:\Windows\System\NfIGtPh.exe
  2⤵
  PID:6464
- C:\Windows\System\IeWqWVO.exe
  C:\Windows\System\IeWqWVO.exe
  2⤵
  PID:6488
- C:\Windows\System\DiLkIlB.exe
  C:\Windows\System\DiLkIlB.exe
  2⤵
  PID:6504
- C:\Windows\System\oWDjUgW.exe
  C:\Windows\System\oWDjUgW.exe
  2⤵
  PID:6520
- C:\Windows\System\wECVouJ.exe
  C:\Windows\System\wECVouJ.exe
  2⤵
  PID:6536
- C:\Windows\System\cBMXdei.exe
  C:\Windows\System\cBMXdei.exe
  2⤵
  PID:6556
- C:\Windows\System\ESiRuRR.exe
  C:\Windows\System\ESiRuRR.exe
  2⤵
  PID:6572
- C:\Windows\System\RCNwbwU.exe
  C:\Windows\System\RCNwbwU.exe
  2⤵
  PID:6588
- C:\Windows\System\xyEvXfM.exe
  C:\Windows\System\xyEvXfM.exe
  2⤵
  PID:6604
- C:\Windows\System\ELGWtGB.exe
  C:\Windows\System\ELGWtGB.exe
  2⤵
  PID:6624
- C:\Windows\System\ssSThJC.exe
  C:\Windows\System\ssSThJC.exe
  2⤵
  PID:6644
- C:\Windows\System\jaZRUZP.exe
  C:\Windows\System\jaZRUZP.exe
  2⤵
  PID:6664
- C:\Windows\System\JliaQFk.exe
  C:\Windows\System\JliaQFk.exe
  2⤵
  PID:6688
- C:\Windows\System\ijqvTwK.exe
  C:\Windows\System\ijqvTwK.exe
  2⤵
  PID:6704
- C:\Windows\System\dqXwZUx.exe
  C:\Windows\System\dqXwZUx.exe
  2⤵
  PID:6720
- C:\Windows\System\CjWpXbK.exe
  C:\Windows\System\CjWpXbK.exe
  2⤵
  PID:6748
- C:\Windows\System\VAWhPyO.exe
  C:\Windows\System\VAWhPyO.exe
  2⤵
  PID:6768
- C:\Windows\System\LavEFwV.exe
  C:\Windows\System\LavEFwV.exe
  2⤵
  PID:6784
- C:\Windows\System\Ztacsxv.exe
  C:\Windows\System\Ztacsxv.exe
  2⤵
  PID:6804
- C:\Windows\System\QqVxTLC.exe
  C:\Windows\System\QqVxTLC.exe
  2⤵
  PID:6824
- C:\Windows\System\zguKcqA.exe
  C:\Windows\System\zguKcqA.exe
  2⤵
  PID:6864
- C:\Windows\System\bKtOJiv.exe
  C:\Windows\System\bKtOJiv.exe
  2⤵
  PID:6884
- C:\Windows\System\runKgcA.exe
  C:\Windows\System\runKgcA.exe
  2⤵
  PID:6900
- C:\Windows\System\YgcDFVu.exe
  C:\Windows\System\YgcDFVu.exe
  2⤵
  PID:6916
- C:\Windows\System\bbzduXU.exe
  C:\Windows\System\bbzduXU.exe
  2⤵
  PID:6936
- C:\Windows\System\jLKVqfL.exe
  C:\Windows\System\jLKVqfL.exe
  2⤵
  PID:6952
- C:\Windows\System\lBArdwB.exe
  C:\Windows\System\lBArdwB.exe
  2⤵
  PID:6972
- C:\Windows\System\ZccleJR.exe
  C:\Windows\System\ZccleJR.exe
  2⤵
  PID:6988
- C:\Windows\System\sjTKqme.exe
  C:\Windows\System\sjTKqme.exe
  2⤵
  PID:7004
- C:\Windows\System\cPScxCs.exe
  C:\Windows\System\cPScxCs.exe
  2⤵
  PID:7020
- C:\Windows\System\KoIaekk.exe
  C:\Windows\System\KoIaekk.exe
  2⤵
  PID:7040
- C:\Windows\System\qrHOSYB.exe
  C:\Windows\System\qrHOSYB.exe
  2⤵
  PID:7056
- C:\Windows\System\RBGHRgz.exe
  C:\Windows\System\RBGHRgz.exe
  2⤵
  PID:7076
- C:\Windows\System\srePPPh.exe
  C:\Windows\System\srePPPh.exe
  2⤵
  PID:7092
- C:\Windows\System\mvxyelJ.exe
  C:\Windows\System\mvxyelJ.exe
  2⤵
  PID:7160
- C:\Windows\System\LLGxGBk.exe
  C:\Windows\System\LLGxGBk.exe
  2⤵
  PID:1924
- C:\Windows\System\fodvhbb.exe
  C:\Windows\System\fodvhbb.exe
  2⤵
  PID:6216
- C:\Windows\System\RsjvHAm.exe
  C:\Windows\System\RsjvHAm.exe
  2⤵
  PID:5988
- C:\Windows\System\iSnzPPb.exe
  C:\Windows\System\iSnzPPb.exe
  2⤵
  PID:6204
- C:\Windows\System\fpsSKXd.exe
  C:\Windows\System\fpsSKXd.exe
  2⤵
  PID:6244
- C:\Windows\System\tcCdPqj.exe
  C:\Windows\System\tcCdPqj.exe
  2⤵
  PID:6248
- C:\Windows\System\NBVCXJT.exe
  C:\Windows\System\NBVCXJT.exe
  2⤵
  PID:5724
- C:\Windows\System\ajshwyV.exe
  C:\Windows\System\ajshwyV.exe
  2⤵
  PID:6300
- C:\Windows\System\gkjAntB.exe
  C:\Windows\System\gkjAntB.exe
  2⤵
  PID:1448
- C:\Windows\System\NvwNTGc.exe
  C:\Windows\System\NvwNTGc.exe
  2⤵
  PID:6324
- C:\Windows\System\qjXcayI.exe
  C:\Windows\System\qjXcayI.exe
  2⤵
  PID:6348
- C:\Windows\System\VOTevyL.exe
  C:\Windows\System\VOTevyL.exe
  2⤵
  PID:6372
- C:\Windows\System\VjlgkPH.exe
  C:\Windows\System\VjlgkPH.exe
  2⤵
  PID:6440
- C:\Windows\System\kvEbMMx.exe
  C:\Windows\System\kvEbMMx.exe
  2⤵
  PID:6484
- C:\Windows\System\nXIcBkv.exe
  C:\Windows\System\nXIcBkv.exe
  2⤵
  PID:6548
- C:\Windows\System\kDvumVk.exe
  C:\Windows\System\kDvumVk.exe
  2⤵
  PID:6612
- C:\Windows\System\LRAtwUt.exe
  C:\Windows\System\LRAtwUt.exe
  2⤵
  PID:6652
- C:\Windows\System\fSJstGr.exe
  C:\Windows\System\fSJstGr.exe
  2⤵
  PID:6728
- C:\Windows\System\eulepUy.exe
  C:\Windows\System\eulepUy.exe
  2⤵
  PID:6456
- C:\Windows\System\nTzFpUm.exe
  C:\Windows\System\nTzFpUm.exe
  2⤵
  PID:6528
- C:\Windows\System\cPngwyN.exe
  C:\Windows\System\cPngwyN.exe
  2⤵
  PID:2936
- C:\Windows\System\sbLmCnl.exe
  C:\Windows\System\sbLmCnl.exe
  2⤵
  PID:6780
- C:\Windows\System\OkLddXZ.exe
  C:\Windows\System\OkLddXZ.exe
  2⤵
  PID:6880
- C:\Windows\System\ZYzQdcH.exe
  C:\Windows\System\ZYzQdcH.exe
  2⤵
  PID:6948
- C:\Windows\System\fmXolvN.exe
  C:\Windows\System\fmXolvN.exe
  2⤵
  PID:7012
- C:\Windows\System\dNlcZxk.exe
  C:\Windows\System\dNlcZxk.exe
  2⤵
  PID:6756
- C:\Windows\System\WVXSNdU.exe
  C:\Windows\System\WVXSNdU.exe
  2⤵
  PID:6960
- C:\Windows\System\PHazUXB.exe
  C:\Windows\System\PHazUXB.exe
  2⤵
  PID:7068
- C:\Windows\System\NkOsqXj.exe
  C:\Windows\System\NkOsqXj.exe
  2⤵
  PID:7104
- C:\Windows\System\LuhFdLM.exe
  C:\Windows\System\LuhFdLM.exe
  2⤵
  PID:6860
- C:\Windows\System\LvHrWXg.exe
  C:\Windows\System\LvHrWXg.exe
  2⤵
  PID:7136
- C:\Windows\System\lKxbDMn.exe
  C:\Windows\System\lKxbDMn.exe
  2⤵
  PID:7036
- C:\Windows\System\fAqMzGW.exe
  C:\Windows\System\fAqMzGW.exe
  2⤵
  PID:6892
- C:\Windows\System\FpYpvsY.exe
  C:\Windows\System\FpYpvsY.exe
  2⤵
  PID:5736
- C:\Windows\System\NcPRgsY.exe
  C:\Windows\System\NcPRgsY.exe
  2⤵
  PID:6236
- C:\Windows\System\bXUTUgU.exe
  C:\Windows\System\bXUTUgU.exe
  2⤵
  PID:7148
- C:\Windows\System\iUciLnf.exe
  C:\Windows\System\iUciLnf.exe
  2⤵
  PID:6268
- C:\Windows\System\orVOsjI.exe
  C:\Windows\System\orVOsjI.exe
  2⤵
  PID:6308
- C:\Windows\System\ckQwCyV.exe
  C:\Windows\System\ckQwCyV.exe
  2⤵
  PID:6288
- C:\Windows\System\reIVNUd.exe
  C:\Windows\System\reIVNUd.exe
  2⤵
  PID:6404
- C:\Windows\System\zLEorWB.exe
  C:\Windows\System\zLEorWB.exe
  2⤵
  PID:6620
- C:\Windows\System\pqXnYcQ.exe
  C:\Windows\System\pqXnYcQ.exe
  2⤵
  PID:6284
- C:\Windows\System\FelObEx.exe
  C:\Windows\System\FelObEx.exe
  2⤵
  PID:6584
- C:\Windows\System\qOmokVW.exe
  C:\Windows\System\qOmokVW.exe
  2⤵
  PID:6424
- C:\Windows\System\KSYJwBZ.exe
  C:\Windows\System\KSYJwBZ.exe
  2⤵
  PID:6732
- C:\Windows\System\WpsBMoQ.exe
  C:\Windows\System\WpsBMoQ.exe
  2⤵
  PID:6672
- C:\Windows\System\wstGCQr.exe
  C:\Windows\System\wstGCQr.exe
  2⤵
  PID:6452
- C:\Windows\System\jeGJkNW.exe
  C:\Windows\System\jeGJkNW.exe
  2⤵
  PID:6816
- C:\Windows\System\lEIHVGo.exe
  C:\Windows\System\lEIHVGo.exe
  2⤵
  PID:6944
- C:\Windows\System\IlWMJEI.exe
  C:\Windows\System\IlWMJEI.exe
  2⤵
  PID:6984
- C:\Windows\System\PBgRxEs.exe
  C:\Windows\System\PBgRxEs.exe
  2⤵
  PID:6764
- C:\Windows\System\eeYsVbg.exe
  C:\Windows\System\eeYsVbg.exe
  2⤵
  PID:6840
- C:\Windows\System\SAmkwSf.exe
  C:\Windows\System\SAmkwSf.exe
  2⤵
  PID:7124
- C:\Windows\System\NypTBCM.exe
  C:\Windows\System\NypTBCM.exe
  2⤵
  PID:6996
- C:\Windows\System\xUzBejx.exe
  C:\Windows\System\xUzBejx.exe
  2⤵
  PID:6844
- C:\Windows\System\bWSpmDU.exe
  C:\Windows\System\bWSpmDU.exe
  2⤵
  PID:7156
- C:\Windows\System\sHwDajm.exe
  C:\Windows\System\sHwDajm.exe
  2⤵
  PID:6304
- C:\Windows\System\dWQulAA.exe
  C:\Windows\System\dWQulAA.exe
  2⤵
  PID:2612
- C:\Windows\System\FRgfual.exe
  C:\Windows\System\FRgfual.exe
  2⤵
  PID:6516
- C:\Windows\System\anYuvHw.exe
  C:\Windows\System\anYuvHw.exe
  2⤵
  PID:6696
- C:\Windows\System\PdlWfSz.exe
  C:\Windows\System\PdlWfSz.exe
  2⤵
  PID:6496
- C:\Windows\System\acfcBim.exe
  C:\Windows\System\acfcBim.exe
  2⤵
  PID:6596
- C:\Windows\System\VxeivCr.exe
  C:\Windows\System\VxeivCr.exe
  2⤵
  PID:7100
- C:\Windows\System\JbVvzJf.exe
  C:\Windows\System\JbVvzJf.exe
  2⤵
  PID:7000
- C:\Windows\System\fDezyfe.exe
  C:\Windows\System\fDezyfe.exe
  2⤵
  PID:6736
- C:\Windows\System\ucdBOJJ.exe
  C:\Windows\System\ucdBOJJ.exe
  2⤵
  PID:6196
- C:\Windows\System\iYilaVG.exe
  C:\Windows\System\iYilaVG.exe
  2⤵
  PID:6836
- C:\Windows\System\gPVIZDS.exe
  C:\Windows\System\gPVIZDS.exe
  2⤵
  PID:5500
- C:\Windows\System\NgnMSEd.exe
  C:\Windows\System\NgnMSEd.exe
  2⤵
  PID:6368
- C:\Windows\System\dvYsZZp.exe
  C:\Windows\System\dvYsZZp.exe
  2⤵
  PID:6384
- C:\Windows\System\GobBCRO.exe
  C:\Windows\System\GobBCRO.exe
  2⤵
  PID:6636
- C:\Windows\System\FSGGEzh.exe
  C:\Windows\System\FSGGEzh.exe
  2⤵
  PID:6500
- C:\Windows\System\buaOqsL.exe
  C:\Windows\System\buaOqsL.exe
  2⤵
  PID:7052
- C:\Windows\System\JZRiYIR.exe
  C:\Windows\System\JZRiYIR.exe
  2⤵
  PID:5900
- C:\Windows\System\faYkSea.exe
  C:\Windows\System\faYkSea.exe
  2⤵
  PID:6180
- C:\Windows\System\KVvPXLi.exe
  C:\Windows\System\KVvPXLi.exe
  2⤵
  PID:6712
- C:\Windows\System\riyRgeK.exe
  C:\Windows\System\riyRgeK.exe
  2⤵
  PID:6832
- C:\Windows\System\jURftzL.exe
  C:\Windows\System\jURftzL.exe
  2⤵
  PID:6932
- C:\Windows\System\XWdmONh.exe
  C:\Windows\System\XWdmONh.exe
  2⤵
  PID:6912
- C:\Windows\System\YgyZttP.exe
  C:\Windows\System\YgyZttP.exe
  2⤵
  PID:7184
- C:\Windows\System\IFcQLCe.exe
  C:\Windows\System\IFcQLCe.exe
  2⤵
  PID:7200
- C:\Windows\System\WGSAgxO.exe
  C:\Windows\System\WGSAgxO.exe
  2⤵
  PID:7216
- C:\Windows\System\OKgQFcB.exe
  C:\Windows\System\OKgQFcB.exe
  2⤵
  PID:7232
- C:\Windows\System\ZuneGot.exe
  C:\Windows\System\ZuneGot.exe
  2⤵
  PID:7252
- C:\Windows\System\CTxMUeX.exe
  C:\Windows\System\CTxMUeX.exe
  2⤵
  PID:7268
- C:\Windows\System\fgjQGEz.exe
  C:\Windows\System\fgjQGEz.exe
  2⤵
  PID:7324
- C:\Windows\System\wbhyHfu.exe
  C:\Windows\System\wbhyHfu.exe
  2⤵
  PID:7344
- C:\Windows\System\LPlWDNT.exe
  C:\Windows\System\LPlWDNT.exe
  2⤵
  PID:7360
- C:\Windows\System\klvZNXC.exe
  C:\Windows\System\klvZNXC.exe
  2⤵
  PID:7380
- C:\Windows\System\uxioqxC.exe
  C:\Windows\System\uxioqxC.exe
  2⤵
  PID:7396
- C:\Windows\System\VTgSZNp.exe
  C:\Windows\System\VTgSZNp.exe
  2⤵
  PID:7420
- C:\Windows\System\zMnbCWL.exe
  C:\Windows\System\zMnbCWL.exe
  2⤵
  PID:7436
- C:\Windows\System\kNGFmRE.exe
  C:\Windows\System\kNGFmRE.exe
  2⤵
  PID:7460
- C:\Windows\System\qrIxpGT.exe
  C:\Windows\System\qrIxpGT.exe
  2⤵
  PID:7476
- C:\Windows\System\blycRsb.exe
  C:\Windows\System\blycRsb.exe
  2⤵
  PID:7492
- C:\Windows\System\OpcmyEk.exe
  C:\Windows\System\OpcmyEk.exe
  2⤵
  PID:7508
- C:\Windows\System\fGkyEQi.exe
  C:\Windows\System\fGkyEQi.exe
  2⤵
  PID:7524
- C:\Windows\System\akWJjWh.exe
  C:\Windows\System\akWJjWh.exe
  2⤵
  PID:7544
- C:\Windows\System\quKronk.exe
  C:\Windows\System\quKronk.exe
  2⤵
  PID:7564
- C:\Windows\System\zghaJCX.exe
  C:\Windows\System\zghaJCX.exe
  2⤵
  PID:7584
- C:\Windows\System\DNTzgqA.exe
  C:\Windows\System\DNTzgqA.exe
  2⤵
  PID:7600
- C:\Windows\System\gsYFjpg.exe
  C:\Windows\System\gsYFjpg.exe
  2⤵
  PID:7616
- C:\Windows\System\iSLwSZR.exe
  C:\Windows\System\iSLwSZR.exe
  2⤵
  PID:7632
- C:\Windows\System\CvFKpkC.exe
  C:\Windows\System\CvFKpkC.exe
  2⤵
  PID:7652
- C:\Windows\System\BpSVluH.exe
  C:\Windows\System\BpSVluH.exe
  2⤵
  PID:7712
- C:\Windows\System\xpFgepm.exe
  C:\Windows\System\xpFgepm.exe
  2⤵
  PID:7736
- C:\Windows\System\govYhFv.exe
  C:\Windows\System\govYhFv.exe
  2⤵
  PID:7756
- C:\Windows\System\vTvaWYW.exe
  C:\Windows\System\vTvaWYW.exe
  2⤵
  PID:7772
- C:\Windows\System\JELcuJX.exe
  C:\Windows\System\JELcuJX.exe
  2⤵
  PID:7796
- C:\Windows\System\fyggIIK.exe
  C:\Windows\System\fyggIIK.exe
  2⤵
  PID:7812
- C:\Windows\System\ibAfCKI.exe
  C:\Windows\System\ibAfCKI.exe
  2⤵
  PID:7828
- C:\Windows\System\rtWxmmT.exe
  C:\Windows\System\rtWxmmT.exe
  2⤵
  PID:7844
- C:\Windows\System\WTRbHIm.exe
  C:\Windows\System\WTRbHIm.exe
  2⤵
  PID:7880
- C:\Windows\System\plWqjQC.exe
  C:\Windows\System\plWqjQC.exe
  2⤵
  PID:7896
- C:\Windows\System\meFnSzY.exe
  C:\Windows\System\meFnSzY.exe
  2⤵
  PID:7912
- C:\Windows\System\PuwwJIL.exe
  C:\Windows\System\PuwwJIL.exe
  2⤵
  PID:7936
- C:\Windows\System\oWMUAQC.exe
  C:\Windows\System\oWMUAQC.exe
  2⤵
  PID:7952
- C:\Windows\System\FeuOeTU.exe
  C:\Windows\System\FeuOeTU.exe
  2⤵
  PID:7976
- C:\Windows\System\TaxLmvP.exe
  C:\Windows\System\TaxLmvP.exe
  2⤵
  PID:7992
- C:\Windows\System\VPFXsnF.exe
  C:\Windows\System\VPFXsnF.exe
  2⤵
  PID:8008
- C:\Windows\System\jCjGZVX.exe
  C:\Windows\System\jCjGZVX.exe
  2⤵
  PID:8028
- C:\Windows\System\BfgqGyI.exe
  C:\Windows\System\BfgqGyI.exe
  2⤵
  PID:8044
- C:\Windows\System\qyfVQiV.exe
  C:\Windows\System\qyfVQiV.exe
  2⤵
  PID:8076
- C:\Windows\System\nODrXKx.exe
  C:\Windows\System\nODrXKx.exe
  2⤵
  PID:8096
- C:\Windows\System\IxctKIc.exe
  C:\Windows\System\IxctKIc.exe
  2⤵
  PID:8112
- C:\Windows\System\PlJTUyp.exe
  C:\Windows\System\PlJTUyp.exe
  2⤵
  PID:8136
- C:\Windows\System\YvwWmsO.exe
  C:\Windows\System\YvwWmsO.exe
  2⤵
  PID:8160
- C:\Windows\System\fJRAIVD.exe
  C:\Windows\System\fJRAIVD.exe
  2⤵
  PID:8176
- C:\Windows\System\LAoOlQw.exe
  C:\Windows\System\LAoOlQw.exe
  2⤵
  PID:6580
- C:\Windows\System\ZDUCsPV.exe
  C:\Windows\System\ZDUCsPV.exe
  2⤵
  PID:7212
- C:\Windows\System\VgBWjOf.exe
  C:\Windows\System\VgBWjOf.exe
  2⤵
  PID:7028
- C:\Windows\System\bkBiCyN.exe
  C:\Windows\System\bkBiCyN.exe
  2⤵
  PID:7132
- C:\Windows\System\ReytAuw.exe
  C:\Windows\System\ReytAuw.exe
  2⤵
  PID:7296
- C:\Windows\System\pfBdOjH.exe
  C:\Windows\System\pfBdOjH.exe
  2⤵
  PID:7316
- C:\Windows\System\AYAKDzc.exe
  C:\Windows\System\AYAKDzc.exe
  2⤵
  PID:6924
- C:\Windows\System\fYLHRBX.exe
  C:\Windows\System\fYLHRBX.exe
  2⤵
  PID:7224
- C:\Windows\System\vdDNoAN.exe
  C:\Windows\System\vdDNoAN.exe
  2⤵
  PID:7368
- C:\Windows\System\gKHzivA.exe
  C:\Windows\System\gKHzivA.exe
  2⤵
  PID:7412
- C:\Windows\System\ETUMCMS.exe
  C:\Windows\System\ETUMCMS.exe
  2⤵
  PID:7452
- C:\Windows\System\EUtBHmE.exe
  C:\Windows\System\EUtBHmE.exe
  2⤵
  PID:7520
- C:\Windows\System\nbWuNmL.exe
  C:\Windows\System\nbWuNmL.exe
  2⤵
  PID:7592
- C:\Windows\System\PeAcFFZ.exe
  C:\Windows\System\PeAcFFZ.exe
  2⤵
  PID:7668
- C:\Windows\System\ERXpFIW.exe
  C:\Windows\System\ERXpFIW.exe
  2⤵
  PID:7388
- C:\Windows\System\aDcfxiz.exe
  C:\Windows\System\aDcfxiz.exe
  2⤵
  PID:7468
- C:\Windows\System\Saeoucy.exe
  C:\Windows\System\Saeoucy.exe
  2⤵
  PID:7692
- C:\Windows\System\UWgXdcf.exe
  C:\Windows\System\UWgXdcf.exe
  2⤵
  PID:7704
- C:\Windows\System\Mhxafhe.exe
  C:\Windows\System\Mhxafhe.exe
  2⤵
  PID:7356
- C:\Windows\System\EThdyrR.exe
  C:\Windows\System\EThdyrR.exe
  2⤵
  PID:7728
- C:\Windows\System\jTYgdKD.exe
  C:\Windows\System\jTYgdKD.exe
  2⤵
  PID:7752
- C:\Windows\System\HCIFhda.exe
  C:\Windows\System\HCIFhda.exe
  2⤵
  PID:7768
- C:\Windows\System\XrdMsOy.exe
  C:\Windows\System\XrdMsOy.exe
  2⤵
  PID:7852
- C:\Windows\System\JlIEtfR.exe
  C:\Windows\System\JlIEtfR.exe
  2⤵
  PID:7836
- C:\Windows\System\idQvUZP.exe
  C:\Windows\System\idQvUZP.exe
  2⤵
  PID:7840
- C:\Windows\System\ibbrHev.exe
  C:\Windows\System\ibbrHev.exe
  2⤵
  PID:7892
- C:\Windows\System\TjBOeOL.exe
  C:\Windows\System\TjBOeOL.exe
  2⤵
  PID:7924
- C:\Windows\System\FlHxUze.exe
  C:\Windows\System\FlHxUze.exe
  2⤵
  PID:7984
- C:\Windows\System\CFeubsj.exe
  C:\Windows\System\CFeubsj.exe
  2⤵
  PID:7928
- C:\Windows\System\WjZCTfe.exe
  C:\Windows\System\WjZCTfe.exe
  2⤵
  PID:8060
- C:\Windows\System\QPngUDF.exe
  C:\Windows\System\QPngUDF.exe
  2⤵
  PID:8068
- C:\Windows\System\yjGlugb.exe
  C:\Windows\System\yjGlugb.exe
  2⤵
  PID:8104
- C:\Windows\System\sdLahoe.exe
  C:\Windows\System\sdLahoe.exe
  2⤵
  PID:8128
- C:\Windows\System\ayMtgIZ.exe
  C:\Windows\System\ayMtgIZ.exe
  2⤵
  PID:8184
- C:\Windows\System\pyJYRuG.exe
  C:\Windows\System\pyJYRuG.exe
  2⤵
  PID:7292
- C:\Windows\System\oRITqKB.exe
  C:\Windows\System\oRITqKB.exe
  2⤵
  PID:7176
- C:\Windows\System\zcqUCTk.exe
  C:\Windows\System\zcqUCTk.exe
  2⤵
  PID:7276
- C:\Windows\System\RyGvOSh.exe
  C:\Windows\System\RyGvOSh.exe
  2⤵
  PID:7332
- C:\Windows\System\pEBOdii.exe
  C:\Windows\System\pEBOdii.exe
  2⤵
  PID:7448
- C:\Windows\System\kuPKjAB.exe
  C:\Windows\System\kuPKjAB.exe
  2⤵
  PID:6476
- C:\Windows\System\fceXbsp.exe
  C:\Windows\System\fceXbsp.exe
  2⤵
  PID:7684
- C:\Windows\System\zTzYByz.exe
  C:\Windows\System\zTzYByz.exe
  2⤵
  PID:7488
- C:\Windows\System\adauIXK.exe
  C:\Windows\System\adauIXK.exe
  2⤵
  PID:7432
- C:\Windows\System\yUaJDmn.exe
  C:\Windows\System\yUaJDmn.exe
  2⤵
  PID:7504
- C:\Windows\System\WhZPelz.exe
  C:\Windows\System\WhZPelz.exe
  2⤵
  PID:7536
- C:\Windows\System\iMtkgwo.exe
  C:\Windows\System\iMtkgwo.exe
  2⤵
  PID:7608
- C:\Windows\System\OnOUBHu.exe
  C:\Windows\System\OnOUBHu.exe
  2⤵
  PID:7196
- C:\Windows\System\fcreRjK.exe
  C:\Windows\System\fcreRjK.exe
  2⤵
  PID:7748
- C:\Windows\System\AigQXtw.exe
  C:\Windows\System\AigQXtw.exe
  2⤵
  PID:7804
- C:\Windows\System\wsKHKLW.exe
  C:\Windows\System\wsKHKLW.exe
  2⤵
  PID:7920
- C:\Windows\System\kORJZzu.exe
  C:\Windows\System\kORJZzu.exe
  2⤵
  PID:8064
- C:\Windows\System\BOpRoYD.exe
  C:\Windows\System\BOpRoYD.exe
  2⤵
  PID:8144
- C:\Windows\System\UDDwFHH.exe
  C:\Windows\System\UDDwFHH.exe
  2⤵
  PID:7868
- C:\Windows\System\xaxzDWF.exe
  C:\Windows\System\xaxzDWF.exe
  2⤵
  PID:8148
- C:\Windows\System\nYvydVO.exe
  C:\Windows\System\nYvydVO.exe
  2⤵
  PID:6968
- C:\Windows\System\GirkrPo.exe
  C:\Windows\System\GirkrPo.exe
  2⤵
  PID:7556
- C:\Windows\System\savrMZU.exe
  C:\Windows\System\savrMZU.exe
  2⤵
  PID:7280
- C:\Windows\System\EOZtpBa.exe
  C:\Windows\System\EOZtpBa.exe
  2⤵
  PID:8108
- C:\Windows\System\mxObrzr.exe
  C:\Windows\System\mxObrzr.exe
  2⤵
  PID:6200
- C:\Windows\System\VFsKSHG.exe
  C:\Windows\System\VFsKSHG.exe
  2⤵
  PID:7408
- C:\Windows\System\QNusCcr.exe
  C:\Windows\System\QNusCcr.exe
  2⤵
  PID:8000
- C:\Windows\System\KeBXSlk.exe
  C:\Windows\System\KeBXSlk.exe
  2⤵
  PID:7576
- C:\Windows\System\wqkMoZx.exe
  C:\Windows\System\wqkMoZx.exe
  2⤵
  PID:7808
- C:\Windows\System\xWWILBl.exe
  C:\Windows\System\xWWILBl.exe
  2⤵
  PID:7764
- C:\Windows\System\lRRiwkK.exe
  C:\Windows\System\lRRiwkK.exe
  2⤵
  PID:7968
- C:\Windows\System\CshEIug.exe
  C:\Windows\System\CshEIug.exe
  2⤵
  PID:6800
- C:\Windows\System\AZgvFfK.exe
  C:\Windows\System\AZgvFfK.exe
  2⤵
  PID:8124
- C:\Windows\System\XqaOmPc.exe
  C:\Windows\System\XqaOmPc.exe
  2⤵
  PID:7336
- C:\Windows\System\EyJZHNF.exe
  C:\Windows\System\EyJZHNF.exe
  2⤵
  PID:7264
- C:\Windows\System\Tvbjjjy.exe
  C:\Windows\System\Tvbjjjy.exe
  2⤵
  PID:8172
- C:\Windows\System\DlqhIDy.exe
  C:\Windows\System\DlqhIDy.exe
  2⤵
  PID:7428
- C:\Windows\System\RBJDozg.exe
  C:\Windows\System\RBJDozg.exe
  2⤵
  PID:7744
- C:\Windows\System\Egaahwn.exe
  C:\Windows\System\Egaahwn.exe
  2⤵
  PID:7988
- C:\Windows\System\KBZfRWW.exe
  C:\Windows\System\KBZfRWW.exe
  2⤵
  PID:2796
- C:\Windows\System\rPtAPGh.exe
  C:\Windows\System\rPtAPGh.exe
  2⤵
  PID:7664
- C:\Windows\System\kDmGavP.exe
  C:\Windows\System\kDmGavP.exe
  2⤵
  PID:8220
- C:\Windows\System\bDjbvGW.exe
  C:\Windows\System\bDjbvGW.exe
  2⤵
  PID:8236
- C:\Windows\System\gYhjMJL.exe
  C:\Windows\System\gYhjMJL.exe
  2⤵
  PID:8252
- C:\Windows\System\CBsFUaE.exe
  C:\Windows\System\CBsFUaE.exe
  2⤵
  PID:8272
- C:\Windows\System\PYWhWod.exe
  C:\Windows\System\PYWhWod.exe
  2⤵
  PID:8292
- C:\Windows\System\dTuehkC.exe
  C:\Windows\System\dTuehkC.exe
  2⤵
  PID:8308
- C:\Windows\System\NzqaTtS.exe
  C:\Windows\System\NzqaTtS.exe
  2⤵
  PID:8332
- C:\Windows\System\GaxgabR.exe
  C:\Windows\System\GaxgabR.exe
  2⤵
  PID:8372
- C:\Windows\System\MUuVkcl.exe
  C:\Windows\System\MUuVkcl.exe
  2⤵
  PID:8388
- C:\Windows\System\fZWrKTd.exe
  C:\Windows\System\fZWrKTd.exe
  2⤵
  PID:8428
- C:\Windows\System\ApUGXUc.exe
  C:\Windows\System\ApUGXUc.exe
  2⤵
  PID:8448
- C:\Windows\System\ckvgVTH.exe
  C:\Windows\System\ckvgVTH.exe
  2⤵
  PID:8472
- C:\Windows\System\JBjxpSR.exe
  C:\Windows\System\JBjxpSR.exe
  2⤵
  PID:8488
- C:\Windows\System\SFUyRus.exe
  C:\Windows\System\SFUyRus.exe
  2⤵
  PID:8508
- C:\Windows\System\okUaOIO.exe
  C:\Windows\System\okUaOIO.exe
  2⤵
  PID:8528
- C:\Windows\System\NBiqTTU.exe
  C:\Windows\System\NBiqTTU.exe
  2⤵
  PID:8544
- C:\Windows\System\fvBRkwQ.exe
  C:\Windows\System\fvBRkwQ.exe
  2⤵
  PID:8568
- C:\Windows\System\EgTrZkx.exe
  C:\Windows\System\EgTrZkx.exe
  2⤵
  PID:8588
- C:\Windows\System\jpJVlTN.exe
  C:\Windows\System\jpJVlTN.exe
  2⤵
  PID:8604
- C:\Windows\System\TbGFttk.exe
  C:\Windows\System\TbGFttk.exe
  2⤵
  PID:8624
- C:\Windows\System\dbgvIls.exe
  C:\Windows\System\dbgvIls.exe
  2⤵
  PID:8644
- C:\Windows\System\LhFTpLb.exe
  C:\Windows\System\LhFTpLb.exe
  2⤵
  PID:8664
- C:\Windows\System\pKqkWIG.exe
  C:\Windows\System\pKqkWIG.exe
  2⤵
  PID:8680
- C:\Windows\System\rJJNLSn.exe
  C:\Windows\System\rJJNLSn.exe
  2⤵
  PID:8700
- C:\Windows\System\fHJCBdU.exe
  C:\Windows\System\fHJCBdU.exe
  2⤵
  PID:8724
- C:\Windows\System\VpmApwS.exe
  C:\Windows\System\VpmApwS.exe
  2⤵
  PID:8748
- C:\Windows\System\zZZSAeR.exe
  C:\Windows\System\zZZSAeR.exe
  2⤵
  PID:8780
- C:\Windows\System\MDsejiq.exe
  C:\Windows\System\MDsejiq.exe
  2⤵
  PID:8800
- C:\Windows\System\motyqUz.exe
  C:\Windows\System\motyqUz.exe
  2⤵
  PID:8816
- C:\Windows\System\LYpPvlr.exe
  C:\Windows\System\LYpPvlr.exe
  2⤵
  PID:8836
- C:\Windows\System\FAtsRrW.exe
  C:\Windows\System\FAtsRrW.exe
  2⤵
  PID:8860
- C:\Windows\System\jQhXAxD.exe
  C:\Windows\System\jQhXAxD.exe
  2⤵
  PID:8876
- C:\Windows\System\OmMunDI.exe
  C:\Windows\System\OmMunDI.exe
  2⤵
  PID:8908
- C:\Windows\System\IocivOa.exe
  C:\Windows\System\IocivOa.exe
  2⤵
  PID:8924
- C:\Windows\System\RapBqZa.exe
  C:\Windows\System\RapBqZa.exe
  2⤵
  PID:8940
- C:\Windows\System\bXKUHuw.exe
  C:\Windows\System\bXKUHuw.exe
  2⤵
  PID:8956
- C:\Windows\System\GpfqNJQ.exe
  C:\Windows\System\GpfqNJQ.exe
  2⤵
  PID:8972
- C:\Windows\System\gadDLkD.exe
  C:\Windows\System\gadDLkD.exe
  2⤵
  PID:9000
- C:\Windows\System\jFGAzwY.exe
  C:\Windows\System\jFGAzwY.exe
  2⤵
  PID:9024
- C:\Windows\System\elxXkPq.exe
  C:\Windows\System\elxXkPq.exe
  2⤵
  PID:9040
- C:\Windows\System\vIIMyGj.exe
  C:\Windows\System\vIIMyGj.exe
  2⤵
  PID:9056
- C:\Windows\System\IKpjIiC.exe
  C:\Windows\System\IKpjIiC.exe
  2⤵
  PID:9080
- C:\Windows\System\jvaGell.exe
  C:\Windows\System\jvaGell.exe
  2⤵
  PID:9100
- C:\Windows\System\VjmLPBR.exe
  C:\Windows\System\VjmLPBR.exe
  2⤵
  PID:9120
- C:\Windows\System\enmRrgF.exe
  C:\Windows\System\enmRrgF.exe
  2⤵
  PID:9140
- C:\Windows\System\iPuNpnR.exe
  C:\Windows\System\iPuNpnR.exe
  2⤵
  PID:9156
- C:\Windows\System\fouzEBm.exe
  C:\Windows\System\fouzEBm.exe
  2⤵
  PID:9172
- C:\Windows\System\ljZcTdH.exe
  C:\Windows\System\ljZcTdH.exe
  2⤵
  PID:9188
- C:\Windows\System\ApHeEii.exe
  C:\Windows\System\ApHeEii.exe
  2⤵
  PID:9212
- C:\Windows\System\jHBjacT.exe
  C:\Windows\System\jHBjacT.exe
  2⤵
  PID:7500
- C:\Windows\System\qcYVYuI.exe
  C:\Windows\System\qcYVYuI.exe
  2⤵
  PID:7908
- C:\Windows\System\NdWwFMP.exe
  C:\Windows\System\NdWwFMP.exe
  2⤵
  PID:8268
- C:\Windows\System\xyOsUyh.exe
  C:\Windows\System\xyOsUyh.exe
  2⤵
  PID:8304
- C:\Windows\System\YLkFJut.exe
  C:\Windows\System\YLkFJut.exe
  2⤵
  PID:8244
- C:\Windows\System\PUJBVCd.exe
  C:\Windows\System\PUJBVCd.exe
  2⤵
  PID:8284
- C:\Windows\System\WeHkHCE.exe
  C:\Windows\System\WeHkHCE.exe
  2⤵
  PID:8204
- C:\Windows\System\UpybBLb.exe
  C:\Windows\System\UpybBLb.exe
  2⤵
  PID:8396
- C:\Windows\System\vFsdKsH.exe
  C:\Windows\System\vFsdKsH.exe
  2⤵
  PID:8412
- C:\Windows\System\GggHuao.exe
  C:\Windows\System\GggHuao.exe
  2⤵
  PID:8036
- C:\Windows\System\EOnZzjx.exe
  C:\Windows\System\EOnZzjx.exe
  2⤵
  PID:8456
- C:\Windows\System\yYPLPWy.exe
  C:\Windows\System\yYPLPWy.exe
  2⤵
  PID:8480
- C:\Windows\System\zAHNZih.exe
  C:\Windows\System\zAHNZih.exe
  2⤵
  PID:8516
- C:\Windows\System\AvvmaSa.exe
  C:\Windows\System\AvvmaSa.exe
  2⤵
  PID:8556
- C:\Windows\System\ydCPGwJ.exe
  C:\Windows\System\ydCPGwJ.exe
  2⤵
  PID:8580
- C:\Windows\System\kcMkPDm.exe
  C:\Windows\System\kcMkPDm.exe
  2⤵
  PID:8632
- C:\Windows\System\daHsenb.exe
  C:\Windows\System\daHsenb.exe
  2⤵
  PID:8660
- C:\Windows\System\WLYTWAm.exe
  C:\Windows\System\WLYTWAm.exe
  2⤵
  PID:8692
- C:\Windows\System\FCTACLi.exe
  C:\Windows\System\FCTACLi.exe
  2⤵
  PID:8740
- C:\Windows\System\rNhDsKu.exe
  C:\Windows\System\rNhDsKu.exe
  2⤵
  PID:8756
- C:\Windows\System\ZpgSODb.exe
  C:\Windows\System\ZpgSODb.exe
  2⤵
  PID:8768
- C:\Windows\System\mUZtKVH.exe
  C:\Windows\System\mUZtKVH.exe
  2⤵
  PID:8788
- C:\Windows\System\zfdqSOS.exe
  C:\Windows\System\zfdqSOS.exe
  2⤵
  PID:8812
- C:\Windows\System\eGIHaIJ.exe
  C:\Windows\System\eGIHaIJ.exe
  2⤵
  PID:8868
- C:\Windows\System\GGESpcS.exe
  C:\Windows\System\GGESpcS.exe
  2⤵
  PID:8884
- C:\Windows\System\iAKekZf.exe
  C:\Windows\System\iAKekZf.exe
  2⤵
  PID:8952
- C:\Windows\System\GCnWkjv.exe
  C:\Windows\System\GCnWkjv.exe
  2⤵
  PID:8964
- C:\Windows\System\FkOeqVP.exe
  C:\Windows\System\FkOeqVP.exe
  2⤵
  PID:8996
- C:\Windows\System\qCinWCd.exe
  C:\Windows\System\qCinWCd.exe
  2⤵
  PID:9020
- C:\Windows\System\CvVlCas.exe
  C:\Windows\System\CvVlCas.exe
  2⤵
  PID:9072
- C:\Windows\System\taDNCUM.exe
  C:\Windows\System\taDNCUM.exe
  2⤵
  PID:9108
- C:\Windows\System\HJFKEqL.exe
  C:\Windows\System\HJFKEqL.exe
  2⤵
  PID:9152
- C:\Windows\System\cZEDhst.exe
  C:\Windows\System\cZEDhst.exe
  2⤵
  PID:9200
- C:\Windows\System\OHWeWes.exe
  C:\Windows\System\OHWeWes.exe
  2⤵
  PID:9208
- C:\Windows\System\iCTrqmn.exe
  C:\Windows\System\iCTrqmn.exe
  2⤵
  PID:9168
- C:\Windows\System\bKTgnaT.exe
  C:\Windows\System\bKTgnaT.exe
  2⤵
  PID:7352
- C:\Windows\System\ellHgAv.exe
  C:\Windows\System\ellHgAv.exe
  2⤵
  PID:8260
- C:\Windows\System\TVErVYy.exe
  C:\Windows\System\TVErVYy.exe
  2⤵
  PID:8208
- C:\Windows\System\BfIlqPV.exe
  C:\Windows\System\BfIlqPV.exe
  2⤵
  PID:8344
- C:\Windows\System\eGQCUao.exe
  C:\Windows\System\eGQCUao.exe
  2⤵
  PID:8320
- C:\Windows\System\ceJwutd.exe
  C:\Windows\System\ceJwutd.exe
  2⤵
  PID:8400
- C:\Windows\System\LILnxUq.exe
  C:\Windows\System\LILnxUq.exe
  2⤵
  PID:8468
- C:\Windows\System\tnqTEJH.exe
  C:\Windows\System\tnqTEJH.exe
  2⤵
  PID:8536
- C:\Windows\System\eNneieO.exe
  C:\Windows\System\eNneieO.exe
  2⤵
  PID:8620
- C:\Windows\System\kwxxTMZ.exe
  C:\Windows\System\kwxxTMZ.exe
  2⤵
  PID:8652
- C:\Windows\System\OvLziGy.exe
  C:\Windows\System\OvLziGy.exe
  2⤵
  PID:8736
- C:\Windows\System\cCQENof.exe
  C:\Windows\System\cCQENof.exe
  2⤵
  PID:8772
- C:\Windows\System\vJPZOjN.exe
  C:\Windows\System\vJPZOjN.exe
  2⤵
  PID:8932
- C:\Windows\System\oCKoEDO.exe
  C:\Windows\System\oCKoEDO.exe
  2⤵
  PID:9016
- C:\Windows\System\yKQRMSt.exe
  C:\Windows\System\yKQRMSt.exe
  2⤵
  PID:9128
- C:\Windows\System\JMPhNdi.exe
  C:\Windows\System\JMPhNdi.exe
  2⤵
  PID:9096
- C:\Windows\System\UQINeYr.exe
  C:\Windows\System\UQINeYr.exe
  2⤵
  PID:7864
- C:\Windows\System\JycPuqF.exe
  C:\Windows\System\JycPuqF.exe
  2⤵
  PID:8828
- C:\Windows\System\BUWhMtM.exe
  C:\Windows\System\BUWhMtM.exe
  2⤵
  PID:8852
- C:\Windows\System\yPFcBkI.exe
  C:\Windows\System\yPFcBkI.exe
  2⤵
  PID:8916
- C:\Windows\System\LWmhYDH.exe
  C:\Windows\System\LWmhYDH.exe
  2⤵
  PID:9092
- C:\Windows\System\HgIKPST.exe
  C:\Windows\System\HgIKPST.exe
  2⤵
  PID:8384
- C:\Windows\System\hgtKNKO.exe
  C:\Windows\System\hgtKNKO.exe
  2⤵
  PID:8200
- C:\Windows\System\Hfrpkhv.exe
  C:\Windows\System\Hfrpkhv.exe
  2⤵
  PID:2732
- C:\Windows\System\dfNKIxc.exe
  C:\Windows\System\dfNKIxc.exe
  2⤵
  PID:8484
- C:\Windows\System\ZkXhVQu.exe
  C:\Windows\System\ZkXhVQu.exe
  2⤵
  PID:8616
- C:\Windows\System\sBnGsuw.exe
  C:\Windows\System\sBnGsuw.exe
  2⤵
  PID:8576
- C:\Windows\System\XfQdBrR.exe
  C:\Windows\System\XfQdBrR.exe
  2⤵
  PID:8796
- C:\Windows\System\keUoZcj.exe
  C:\Windows\System\keUoZcj.exe
  2⤵
  PID:6656
- C:\Windows\System\lXwtEUC.exe
  C:\Windows\System\lXwtEUC.exe
  2⤵
  PID:9184
- C:\Windows\System\jaUxcaf.exe
  C:\Windows\System\jaUxcaf.exe
  2⤵
  PID:9076
- C:\Windows\System\HhqqJuO.exe
  C:\Windows\System\HhqqJuO.exe
  2⤵
  PID:8920
- C:\Windows\System\VMPfVYj.exe
  C:\Windows\System\VMPfVYj.exe
  2⤵
  PID:8948
- C:\Windows\System\geRBmKn.exe
  C:\Windows\System\geRBmKn.exe
  2⤵
  PID:7672
- C:\Windows\System\amZxamj.exe
  C:\Windows\System\amZxamj.exe
  2⤵
  PID:7676
- C:\Windows\System\IpLQvFQ.exe
  C:\Windows\System\IpLQvFQ.exe
  2⤵
  PID:8500
- C:\Windows\System\ygtGbiK.exe
  C:\Windows\System\ygtGbiK.exe
  2⤵
  PID:8600
- C:\Windows\System\kDMVvkE.exe
  C:\Windows\System\kDMVvkE.exe
  2⤵
  PID:8808
- C:\Windows\System\yKupVYX.exe
  C:\Windows\System\yKupVYX.exe
  2⤵
  PID:9008
- C:\Windows\System\xIujaUg.exe
  C:\Windows\System\xIujaUg.exe
  2⤵
  PID:9164
- C:\Windows\System\KeFHcCP.exe
  C:\Windows\System\KeFHcCP.exe
  2⤵
  PID:8520
- C:\Windows\System\mciyAzb.exe
  C:\Windows\System\mciyAzb.exe
  2⤵
  PID:8300
- C:\Windows\System\UbJyQer.exe
  C:\Windows\System\UbJyQer.exe
  2⤵
  PID:9204
- C:\Windows\System\IKAqyos.exe
  C:\Windows\System\IKAqyos.exe
  2⤵
  PID:9036
- C:\Windows\System\mNdzoCJ.exe
  C:\Windows\System\mNdzoCJ.exe
  2⤵
  PID:9068
- C:\Windows\System\vLUAGVW.exe
  C:\Windows\System\vLUAGVW.exe
  2⤵
  PID:2072
- C:\Windows\System\lGZxgmw.exe
  C:\Windows\System\lGZxgmw.exe
  2⤵
  PID:9224
- C:\Windows\System\OTwbbLk.exe
  C:\Windows\System\OTwbbLk.exe
  2⤵
  PID:9240
- C:\Windows\System\PMoIUVl.exe
  C:\Windows\System\PMoIUVl.exe
  2⤵
  PID:9260
- C:\Windows\System\WUVrKML.exe
  C:\Windows\System\WUVrKML.exe
  2⤵
  PID:9280
- C:\Windows\System\ZDLcSzy.exe
  C:\Windows\System\ZDLcSzy.exe
  2⤵
  PID:9300
- C:\Windows\System\LlunXld.exe
  C:\Windows\System\LlunXld.exe
  2⤵
  PID:9320
- C:\Windows\System\gEVufGm.exe
  C:\Windows\System\gEVufGm.exe
  2⤵
  PID:9336
- C:\Windows\System\FNfByKc.exe
  C:\Windows\System\FNfByKc.exe
  2⤵
  PID:9356
- C:\Windows\System\NcuTtyu.exe
  C:\Windows\System\NcuTtyu.exe
  2⤵
  PID:9372
- C:\Windows\System\ggqBTGA.exe
  C:\Windows\System\ggqBTGA.exe
  2⤵
  PID:9388
- C:\Windows\System\XpROLJL.exe
  C:\Windows\System\XpROLJL.exe
  2⤵
  PID:9436
- C:\Windows\System\gIaymBr.exe
  C:\Windows\System\gIaymBr.exe
  2⤵
  PID:9460
- C:\Windows\System\QmWDzpL.exe
  C:\Windows\System\QmWDzpL.exe
  2⤵
  PID:9476
- C:\Windows\System\VqcYCjJ.exe
  C:\Windows\System\VqcYCjJ.exe
  2⤵
  PID:9504
- C:\Windows\System\cYXdqEi.exe
  C:\Windows\System\cYXdqEi.exe
  2⤵
  PID:9520
- C:\Windows\System\EBNrpxn.exe
  C:\Windows\System\EBNrpxn.exe
  2⤵
  PID:9536
- C:\Windows\System\ulmNiLk.exe
  C:\Windows\System\ulmNiLk.exe
  2⤵
  PID:9560
- C:\Windows\System\nnnvWpi.exe
  C:\Windows\System\nnnvWpi.exe
  2⤵
  PID:9584
- C:\Windows\System\gIyxKYU.exe
  C:\Windows\System\gIyxKYU.exe
  2⤵
  PID:9600
- C:\Windows\System\imXvioo.exe
  C:\Windows\System\imXvioo.exe
  2⤵
  PID:9624
- C:\Windows\System\kLDxBcw.exe
  C:\Windows\System\kLDxBcw.exe
  2⤵
  PID:9648
- C:\Windows\System\CXjFqom.exe
  C:\Windows\System\CXjFqom.exe
  2⤵
  PID:9664
- C:\Windows\System\zdRUuzL.exe
  C:\Windows\System\zdRUuzL.exe
  2⤵
  PID:9688
- C:\Windows\System\RttEHjn.exe
  C:\Windows\System\RttEHjn.exe
  2⤵
  PID:9704
- C:\Windows\System\jQCBdBH.exe
  C:\Windows\System\jQCBdBH.exe
  2⤵
  PID:9728
- C:\Windows\System\EfGFduk.exe
  C:\Windows\System\EfGFduk.exe
  2⤵
  PID:9748
- C:\Windows\System\JYpaHUo.exe
  C:\Windows\System\JYpaHUo.exe
  2⤵
  PID:9768
- C:\Windows\System\SkLcymn.exe
  C:\Windows\System\SkLcymn.exe
  2⤵
  PID:9788
- C:\Windows\System\GFVGQcp.exe
  C:\Windows\System\GFVGQcp.exe
  2⤵
  PID:9808
- C:\Windows\System\fiIdYIp.exe
  C:\Windows\System\fiIdYIp.exe
  2⤵
  PID:9828
- C:\Windows\System\lANxZBS.exe
  C:\Windows\System\lANxZBS.exe
  2⤵
  PID:9844
- C:\Windows\System\HGFifpc.exe
  C:\Windows\System\HGFifpc.exe
  2⤵
  PID:9864
- C:\Windows\System\UtIhBhv.exe
  C:\Windows\System\UtIhBhv.exe
  2⤵
  PID:9884
- C:\Windows\System\gmvTVlg.exe
  C:\Windows\System\gmvTVlg.exe
  2⤵
  PID:9904
- C:\Windows\System\lHRgwDB.exe
  C:\Windows\System\lHRgwDB.exe
  2⤵
  PID:9924
- C:\Windows\System\jDqSIng.exe
  C:\Windows\System\jDqSIng.exe
  2⤵
  PID:9944
- C:\Windows\System\inPhTri.exe
  C:\Windows\System\inPhTri.exe
  2⤵
  PID:9968
- C:\Windows\System\SzCheFx.exe
  C:\Windows\System\SzCheFx.exe
  2⤵
  PID:9984
- C:\Windows\System\oMWrsXk.exe
  C:\Windows\System\oMWrsXk.exe
  2⤵
  PID:10000
- C:\Windows\System\VVWhQqz.exe
  C:\Windows\System\VVWhQqz.exe
  2⤵
  PID:10020
- C:\Windows\System\ZiSszlv.exe
  C:\Windows\System\ZiSszlv.exe
  2⤵
  PID:10040
- C:\Windows\System\CHDJweO.exe
  C:\Windows\System\CHDJweO.exe
  2⤵
  PID:10056
- C:\Windows\System\jCEbzrR.exe
  C:\Windows\System\jCEbzrR.exe
  2⤵
  PID:10072
- C:\Windows\System\KOqHBoT.exe
  C:\Windows\System\KOqHBoT.exe
  2⤵
  PID:10092
- C:\Windows\System\plckyfs.exe
  C:\Windows\System\plckyfs.exe
  2⤵
  PID:10124
- C:\Windows\System\MiDSnVS.exe
  C:\Windows\System\MiDSnVS.exe
  2⤵
  PID:10144
- C:\Windows\System\eLvsBNw.exe
  C:\Windows\System\eLvsBNw.exe
  2⤵
  PID:10172
- C:\Windows\System\Kijjshn.exe
  C:\Windows\System\Kijjshn.exe
  2⤵
  PID:10192
- C:\Windows\System\ldDKEFj.exe
  C:\Windows\System\ldDKEFj.exe
  2⤵
  PID:10208
- C:\Windows\System\qyJVAOy.exe
  C:\Windows\System\qyJVAOy.exe
  2⤵
  PID:10236
- C:\Windows\System\YVoaDTn.exe
  C:\Windows\System\YVoaDTn.exe
  2⤵
  PID:9276
- C:\Windows\System\VBMyldS.exe
  C:\Windows\System\VBMyldS.exe
  2⤵
  PID:9352
- C:\Windows\System\ZvFZZvU.exe
  C:\Windows\System\ZvFZZvU.exe
  2⤵
  PID:8776
- C:\Windows\System\gGOIkMh.exe
  C:\Windows\System\gGOIkMh.exe
  2⤵
  PID:9288
- C:\Windows\System\tDxDMkC.exe
  C:\Windows\System\tDxDMkC.exe
  2⤵
  PID:9396
- C:\Windows\System\NLgxVwr.exe
  C:\Windows\System\NLgxVwr.exe
  2⤵
  PID:9332
- C:\Windows\System\rgXMjMe.exe
  C:\Windows\System\rgXMjMe.exe
  2⤵
  PID:9252
- C:\Windows\System\UjXCQlj.exe
  C:\Windows\System\UjXCQlj.exe
  2⤵
  PID:8904
- C:\Windows\System\duvKNyG.exe
  C:\Windows\System\duvKNyG.exe
  2⤵
  PID:9448
- C:\Windows\System\WpMoHOd.exe
  C:\Windows\System\WpMoHOd.exe
  2⤵
  PID:9496
- C:\Windows\System\TavJaIP.exe
  C:\Windows\System\TavJaIP.exe
  2⤵
  PID:9516
- C:\Windows\System\FKpNfIV.exe
  C:\Windows\System\FKpNfIV.exe
  2⤵
  PID:9568
- C:\Windows\System\sSAwMww.exe
  C:\Windows\System\sSAwMww.exe
  2⤵
  PID:9580
- C:\Windows\System\cTNTDbs.exe
  C:\Windows\System\cTNTDbs.exe
  2⤵
  PID:9620
- C:\Windows\System\mmsZUaD.exe
  C:\Windows\System\mmsZUaD.exe
  2⤵
  PID:9660
- C:\Windows\System\LVvBjFm.exe
  C:\Windows\System\LVvBjFm.exe
  2⤵
  PID:9696
- C:\Windows\System\idDRlJd.exe
  C:\Windows\System\idDRlJd.exe
  2⤵
  PID:9720
- C:\Windows\System\xHLmOUc.exe
  C:\Windows\System\xHLmOUc.exe
  2⤵
  PID:9756
- C:\Windows\System\ANJKnNM.exe
  C:\Windows\System\ANJKnNM.exe
  2⤵
  PID:9784
- C:\Windows\System\ibWgyRi.exe
  C:\Windows\System\ibWgyRi.exe
  2⤵
  PID:9824
- C:\Windows\System\bbAYrXa.exe
  C:\Windows\System\bbAYrXa.exe
  2⤵
  PID:9860
- C:\Windows\System\abeEzFU.exe
  C:\Windows\System\abeEzFU.exe
  2⤵
  PID:9920
- C:\Windows\System\KMNRkkp.exe
  C:\Windows\System\KMNRkkp.exe
  2⤵
  PID:9956
- C:\Windows\System\oCuONzl.exe
  C:\Windows\System\oCuONzl.exe
  2⤵
  PID:9980
- C:\Windows\System\FekLKRt.exe
  C:\Windows\System\FekLKRt.exe
  2⤵
  PID:10052
- C:\Windows\System\TeQvGiA.exe
  C:\Windows\System\TeQvGiA.exe
  2⤵
  PID:10112
- C:\Windows\System\UOjJdUs.exe
  C:\Windows\System\UOjJdUs.exe
  2⤵
  PID:9992
- C:\Windows\System\PceyHuw.exe
  C:\Windows\System\PceyHuw.exe
  2⤵
  PID:10132
- C:\Windows\System\OEYuswV.exe
  C:\Windows\System\OEYuswV.exe
  2⤵
  PID:10140
- C:\Windows\System\Ojavjuz.exe
  C:\Windows\System\Ojavjuz.exe
  2⤵
  PID:10184
- C:\Windows\System\qVEJhjc.exe
  C:\Windows\System\qVEJhjc.exe
  2⤵
  PID:10216
- C:\Windows\System\NAYRJTZ.exe
  C:\Windows\System\NAYRJTZ.exe
  2⤵
  PID:9236
- C:\Windows\System\JINqTjP.exe
  C:\Windows\System\JINqTjP.exe
  2⤵
  PID:9312
- C:\Windows\System\wHTKrTV.exe
  C:\Windows\System\wHTKrTV.exe
  2⤵
  PID:9424
- C:\Windows\System\lzFnDpY.exe
  C:\Windows\System\lzFnDpY.exe
  2⤵
  PID:9256
- C:\Windows\System\eCrxEiJ.exe
  C:\Windows\System\eCrxEiJ.exe
  2⤵
  PID:9408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DAWyInJ.exe

Filesize
6.0MB

MD5
3be3b2395d8b54fe42a0eb237b3b6536

SHA1
fd55e1a545fa003390223d1a9598768de476c7bf

SHA256
297541f13b61c7975ac4060f76c5ac0bea6a5804c38e286581bc798e92ff68ce

SHA512
bfb937e9acb61b4f6e81ba8bd3358c62e7586d459b0045f29a2545173d048f830997c100880b6b1ed0902cd0c9e094c300b2041e800aee353e281f7c113af413

Download Submit
C:\Windows\system\HcPNXaA.exe

Filesize
6.0MB

MD5
ac2336593bdb2baf6be62d6b8a3e8d51

SHA1
8c2155ef3f9ed928adcd7680a66c7b7e81ce046d

SHA256
3641794e63943f23c0ebe4b0359049af84263e5ee3cde93767a13d4c53d8dabc

SHA512
c9239319811ed0e3470d5a7955f4995410f445a7d3b6d93cd2361150d1ee2cdb6cfdd283991e245c71f49c838ab2adcc56707824f9cd37ce0c864cbdf948b81f

Download Submit
C:\Windows\system\KsLOkSq.exe

Filesize
6.0MB

MD5
1aacb77445d49fad1f6e61ce564b95b1

SHA1
5c32d3c6628075e309dfd4ee26853482aeb6ea42

SHA256
32990cff6b3b2a7c6144f8cb25b160e412fde0c7d29f8dbb14e9f82535dbfab8

SHA512
d66005554bf3e88583a8ad6c9a7eca9b0751d4b2d221506560f4834a3cedd25b78b547eb9f8e314412837b0228cb1cd83f9ddb5efc9e0fe4a283460a56c7b711

Download Submit
C:\Windows\system\OUCitGA.exe

Filesize
6.0MB

MD5
40fefc60681fe4dfbc9e9c551ee2aaff

SHA1
f8529b5e5e023460f7972c560a7bcd639a965640

SHA256
646764aa85672dc4fe6e01f6366430b139b7ae2ad706d8d62b7a118cb05b547b

SHA512
0e3192ec64ec2e3576eab216ab5b6e25471092cfb7fca155ecaa4030ef88922d6653179ea2395ba9d846370d1db176b84558fe89d556569c13b2fe3cb0cfd7b9

Download Submit
C:\Windows\system\PyzaiXs.exe

Filesize
6.0MB

MD5
68d740cd07ec6d99693cbc4575b48c42

SHA1
50137f81307239fc043c218fd77d3a77cb4f8660

SHA256
931cd1c72586c39e6eaec032409b16982e59c6e79678955eec4c11fbb5124f76

SHA512
ce5666a961c482eba8d20bc65327e8c4cbd21e06747464cf2c99a94081270b428cb4dae1d61dc6fa3fe87af7f0a5156ecf1aa3faaeede48dcd175a148b307eab

Download Submit
C:\Windows\system\RnFVOMG.exe

Filesize
6.0MB

MD5
eba70f5ce94655cc6bbefcab71a199ca

SHA1
334f25465bb1ffc669898191446c2eacf7b62e70

SHA256
2503d9c9bacf1d617a1606416b3a379fd452acc40d9166e3bf60dc37f6db3245

SHA512
2f3171b752d94a81f836212fc9ede4ca343beeb39b70575bb455f2eab28cdf2738bfb4d15bd2be751ee405a4299da577babb3d0105b3cb2ef918b3bc480ebdd9

Download Submit
C:\Windows\system\SQHrYoG.exe

Filesize
6.0MB

MD5
962017d857f656d0ce9d37e4e5b6bb37

SHA1
abb974da81db477efe78d650dae88530674aca7d

SHA256
5314f75e60f121e27643b241fe5254434be1156a79a3d52aefc7fd49d000ea68

SHA512
9d1b4732e285bec2eb2236a1411c4719b52e8ed5d53bff2a448b3a3c73e855445885c8fff2e7615fc941d57b333cd5f59e2db3173e6b2c6ccfdc43bfedd5b156

Download Submit
C:\Windows\system\TgsXQbO.exe

Filesize
6.0MB

MD5
5badd70b15532c152de3694f658215c1

SHA1
c0e07f1662b06738ce2fb48d5c249e21eb918cf5

SHA256
7672d3f1518585df8e10c19205fd52eb7e619d658dbe98fe19547011ae13579e

SHA512
83eb2f0fd96452d313e1a291c92a5e6e06a26ab599d6a76accf38a8f9affaf07b200a978d6ab7ce1accdd830dfcedad5d8feb6526c09f6e9047626ceb26d2f61

Download Submit
C:\Windows\system\ZYMTjUd.exe

Filesize
6.0MB

MD5
7ee5a2d03fc7dd27d229ec17e71e66a7

SHA1
0ff2ccc1d34d9b2fba97b5db11b53996b1946814

SHA256
a476c1f8a0782c28b01d58a4fc4d3025bc763bcc9d78ead7696c62589a5282d2

SHA512
401152db01ecac568d8ac05606c039f86b2f39c8902a1c4e0f0204a3c52ffbe71b806ae96f87b874427e929f8c4d7daca1b8dbd601da218f21614b35c005b3fc

Download Submit
C:\Windows\system\eBInIOZ.exe

Filesize
6.0MB

MD5
cd050851cb52f54f6c370c4553fddc2a

SHA1
5798718378dad1e35561e51a33c678450e5ea8a0

SHA256
ea75e4011e5cd291a0b2ca14836c6acd8a0d8a79b8ee05b20069befab940632c

SHA512
acaa713d52d671c7e0f42973483c8093ffbc017dd37dd05498cee0d98aa57e3c03f4bc3f54a213046478c0ddff2e3d494f2704f44c2201096c6e30b9415a7567

Download Submit
C:\Windows\system\ereIjbg.exe

Filesize
6.0MB

MD5
d596d78fab884c72c341330751fb9755

SHA1
a73ebc66b37dd5377c7bbc1ac791e636d767a9bf

SHA256
9eb73079449b84c899d85c0fc674dd4f875c09ef30a5fd89ba5ae14f526331a8

SHA512
3f2f346ef4b184ad3603aab086bb79fd040068f7e6d9bf43f3493c28d2717786b6149c0bc08d62ce3a5aa2250747f3a1d9ef6b172c0ef8c944a71b22a8ff579c

Download Submit
C:\Windows\system\fQUtAQW.exe

Filesize
6.0MB

MD5
7c9ee43052b7d04ed02706c64a279857

SHA1
1af6d35d005658d46bf6495503ae36a490b3ba66

SHA256
fdedffc2f78e85927fe7a79d1e12544a561fca4667991b51c47f7ee75f905043

SHA512
36c0400daaa5e711f8b1b152f65d42ebe3db0995865ce37a150511240e6cecdf63e22dd64da8a7c065c53119a8933cb75e2a23d20adfd8909228ac9f424ec8ae

Download Submit
C:\Windows\system\fjCtVMb.exe

Filesize
6.0MB

MD5
243a03de50c81025b0e5a15a7cb0b9f4

SHA1
15d67e4be899f617946dc8cc06a7a4b8133331d8

SHA256
104b8c9ceb6b5475109ca0329992128f6c56b10bfcca7615bb5ecff001a34cad

SHA512
87fa3e69f84064f60d54b0ee10f856de53dd073fd7dec53a1c07fdee3b8c06c4e1bc831f79069d8ba04e794e742b966cbecffd1f0246bb2195e3953c5ea523c9

Download Submit
C:\Windows\system\gUBxvUb.exe

Filesize
6.0MB

MD5
332bfeded3ddf55171fa49d5ce4edb57

SHA1
fd91df00228f1d1ecb3cbb6d5c36c7945dfa1847

SHA256
cb780d241afeb79db7e29fde7b330367bf69a2e6b51e3a4e915170e29d10c635

SHA512
2699a1d51142aaf47af54d60edd4303ff6fe4ff75415521f910249da42df96c1f2b253f9c00bf18da38524429f6af5fb63df84262662acc92c48f9f72cc79264

Download Submit
C:\Windows\system\iDsKzBZ.exe

Filesize
8B

MD5
779237432ef61627a360e927103f2f86

SHA1
b08bc8353334ce9997d62d03189cb6cf90ee8f8d

SHA256
8e8773e40e7c0885c0a0e43b982ce4968656181634449a59c5ac2e422ae2082e

SHA512
52189d179ac3bfc43e003111b1ea2fb1ae0c165965dee31632ce23ee676d47d1c928773fd8680496f22ec99b10a36f3570a6d4c5ca147dd288c46e66a652236a

Download Submit
C:\Windows\system\imeInnl.exe

Filesize
6.0MB

MD5
ab699d92420ac65470c46057e77354af

SHA1
46bfc24a4ade92bd04484c24bdee1503c0997db3

SHA256
267ab57ed7381df2f51cbb1229a228a370be6843118a93905df7bdc54ef6f641

SHA512
ca4749bdffc9bf3ec26d8e0e66cdbc2397e097f01a6bfc74147fda45151fc61f547f57c44e6076a862142a026339fc4db70e4f507ae7f02d387dd6a7c3d5ae67

Download Submit
C:\Windows\system\jDmhCnK.exe

Filesize
6.0MB

MD5
092f0480aa5eb89fec473520737dbdcb

SHA1
d8ece4b1a978ddea6c413c4137e49610333b6ff8

SHA256
48e14da1463cf91c03d03a03de43a0e204e89b14abfea3fc4d4940347c45a129

SHA512
38ebcf1021247b3aa009b156a3ad7e7e2a51cd5932b19776002ca50a3f183191a3a4c4a0373407868a0c3f73f337c08d1236cc565c08a231fb2cdc9ff84485f2

Download Submit
C:\Windows\system\jRisZbV.exe

Filesize
6.0MB

MD5
f50f03c2e54d7771d8f623f159cfa88f

SHA1
c24c96b1919f97bbf6b6ef68b64b98f45878069f

SHA256
ed8c8ed6116ec4f3ae1829c2a8bfa1d6d42dc8818416bc1c7a3bbbdf524474b5

SHA512
a12df80991de629a05c98087c2c50c049dcbba255ebf339eb4e847e02875e032e1dc116c81128b6aa86cd514379747526c91a8fe204a74b58cf22c54b5e2d1b3

Download Submit
C:\Windows\system\kFizsEZ.exe

Filesize
6.0MB

MD5
6246c4de874dbdcf3d51f635c1d5b813

SHA1
800168e20cb9ff4011193f1341cd3e11bcf2c36d

SHA256
e5da0cfdd97c5ce7a2c661aa06a38f12333b258c6573ff158cffdd09a5f2bbda

SHA512
bcb923e27f353a8d019082bb9455593337442d42be5d33ea181f33a357d958ac19a3e62c5f5343faaaa967bba2b96ec83038bcc1a9424fc85979f8d94d0b0058

Download Submit
C:\Windows\system\oLpXkTJ.exe

Filesize
6.0MB

MD5
205f5da22dd5b8febc20b9ad80583b19

SHA1
dd26605c71d064a1452777eff0c47aee2f368265

SHA256
fbfad93ad301610e5ed6c72f3630f5a3d3d7b77cf792d00186508fd2a6edc382

SHA512
671b5b911a93a6a8da0d9bd2c433a7bf59164a805e159bd1970455e30cda710a3f6b0ad183cf47e9ab1a3746a3ef4c1142d15def61fee911ba9c39f0e26d9b73

Download Submit
C:\Windows\system\rHEyTKq.exe

Filesize
6.0MB

MD5
63f9773ced8cdbf1c7caaa54f1c863ba

SHA1
671dbda28116a9c622470dc834fd876f4132e106

SHA256
2712a0c6159a97c7caa125cdead79049257d84aa2802a6fc534ec11592db8705

SHA512
de30322668d64530de8efc9bdd0d935d01ce4500855ebdd9b05851c7602b248544308d77095540fdc80140a22c531769d52576bd78b7bae4a88b4e4de3c0652f

Download Submit
C:\Windows\system\rHpZOZe.exe

Filesize
6.0MB

MD5
2f62eed8450749c94c4bd5991df1c19a

SHA1
3d79c836e983d722de87c8f98b1a618f69907028

SHA256
78c1852a84ee6645beaf41b0aa440dbf39e69d3a5fee6a13efa8fd17290fd952

SHA512
eae7c6996142e33507cba21127e1ff640d6c2c1bf00bd96b9f62c0686a1e5ed91debdf148bdfc6a50661d388862f3885554b48aa7ea5ab887f140fd4019ac898

Download Submit
C:\Windows\system\rguKGNK.exe

Filesize
6.0MB

MD5
ea7b950dcc53659563e5b6fda288ed58

SHA1
b19c4e8b46fb91c621b42713fe2100e94f7b4d59

SHA256
877053af88ea80534d6187749248aa596fc81c2b6ffbae615295d983f77e6275

SHA512
0eb0e1bad178a026ff20140379b49a2aff0628b56b4ceb2e397a4ec45a0acd238fb74f83ebfc2da1989b9b42b1b4a55491d6f2691a660c603f3a1fd598c09c92

Download Submit
C:\Windows\system\rlYCJBF.exe

Filesize
6.0MB

MD5
e4cabdfaa428725c7a931c97f3e5bb93

SHA1
5a6e7cae433e458dc312abe40b6ea5d267160eab

SHA256
ce57c53ffc85a7492ccdeac9206ae4ed677f20e309b68b9a31ba185dadcd9645

SHA512
aecaeb0eab1444c0cf7374fcf3ac0bad77de1a297c8527e4fba50be9a005bfb80d059a7e1c131d668350731ad93eae68b668a7a576f9b7c6db64abe41410e469

Download Submit
C:\Windows\system\tiEQXZo.exe

Filesize
6.0MB

MD5
839929499afc8fed450552cdd61a0c46

SHA1
d5272e3e07a23ed0286e7bbc0bb7a83f28d7d9fa

SHA256
7d1b3ec6d854694ebc73d34e50199eaca22e27ec764b795b5c6a1d6a45d0d483

SHA512
be8150ca3dc4b46df0c9568ba802d1f1f4e742ccd8e619b0c738e4f998f560a02b5fbef54499471365326321d68839dfe7f372408c2dc25bf1b789d53c8e87ba

Download Submit
\Windows\system\JVOenAD.exe

Filesize
6.0MB

MD5
980ea6d67268778c76edec6dab121e75

SHA1
1387bfa0dfa8b19e949564a9ffadda6ad249b8b7

SHA256
772cb32c6e41bc131763889eb6a068055a54f5c99c7bbab76fa9d57647296b03

SHA512
3a053b4c07266e4284136b5147c95abcc7451b444986aabc91c9938f67650ce388a25c581d4b9ffe8b92e88dbc7927b5df5f53dc04706d94e1bf6f04f3d604f0

Download Submit
\Windows\system\JWMvQIS.exe

Filesize
6.0MB

MD5
bd235677176c837ef12e8159433e5836

SHA1
4b1f2b8a219225885acdd89a7ff77615af5ce79e

SHA256
f4822c1834dcbe1468626809037ba5cdb502d69dab974fbcb9e8d99e7a418265

SHA512
630478e5a235195930507afb4bc2376575fb6e1d724af19087fac8680a38b3d4a1e1821c8fae6a9b3d086d1d60725801f6c6c7f364088d8530d94377b2925e44

Download Submit
\Windows\system\VGDCPhX.exe

Filesize
6.0MB

MD5
5ebdbfa8999f38a00d9ba1dfe315b3e0

SHA1
2cec1e36981bd5ad46ad76eb04b3166f20cd1566

SHA256
d437cf9f65ce8d5f48f2eeaa39620980838683cf631b10e74de3a71e19fddba1

SHA512
e567c0c3e781ff3e0643a6fbefc319e9b1b7f20041b4f8ad881bc60965cedb143d072b0eee8c77e777e4394974cae8818af865701681c1689793daba3fe8adbd

Download Submit
\Windows\system\VRbHmBm.exe

Filesize
6.0MB

MD5
8e64255dd87aab2fc3a11b4e24ffb22e

SHA1
3575567f19196679496a9c4ff0714883b0b235d4

SHA256
956bab6d71758475de953f2443d7fb498b110f99213a8891aa51dc258b677091

SHA512
625106cf3f98f96577d0b8e86c084301d933cbc708b73fa8d3ebd5db0599c32402edae04cd50ca90576f4c2a5692612961c462d85930bba05c574d577c099439

Download Submit
\Windows\system\gVyrsQb.exe

Filesize
6.0MB

MD5
1cbed97f7849ab36ae4e78c748b3e94d

SHA1
6aec059d953decbbc44252836d6495b85479befe

SHA256
9448668133d598fad120b90f222f1adf3452fc70f73a917ef96893d12dd81397

SHA512
00124e02880bf8402e5531810f9131688e1728e547327c7d457490d553d2587bc11d5870bc6122661a417e4d25b42556fd82122d008854341a42b667cce89bd5

Download Submit
\Windows\system\pVzKJFG.exe

Filesize
6.0MB

MD5
a470c826ba4e9a0a89a8d4692e94a356

SHA1
fa3da1c543c478ad69a56f9eebb021588c7eba29

SHA256
b915f13405264fd4377e4cbc35608bffed7fd966e0ed4f45da2d5e07d49233e4

SHA512
65db27de4b94227d6813cbd5f8a6ea6d4686511ba2ae33370144040de9ced69d5b52e23476c42a430def91c54a7653532da0662257e9ea1d670b13e7cd6bcdbd

Download Submit
\Windows\system\piXkTuj.exe

Filesize
6.0MB

MD5
4f887f3bcb0138ff054c8636757533b8

SHA1
2489e6ee495b40b71c4f434720bc18cda231054c

SHA256
54abd00ad3526b1495ec691e73346c5474aa949bb0f191e9152dffc97449e623

SHA512
677fd9de832e9e2de2ebb8fe5b716e47d69165c80e6a91c04a79793fdfd72128a2bbb91e5131eac3f2bd6c08342ea40158bb9fb373ea17f58bf6ae36e7d69748

Download Submit
\Windows\system\qlbLSDT.exe

Filesize
6.0MB

MD5
d474fd149fad9c5c73d23e6c0ed76b9b

SHA1
35abeb9b53509de5df5722960100c4955fa094f9

SHA256
38b56872799e93404dc89dddf21fbbf9c6ba47879bc93c6665b5d2ddd81b7af1

SHA512
0c117ed416db24c4b51f12e711a09d2d235cd93d2e830477060f51c276a2ae8e7273e8bf2f8ae7183848a199855202040601c5b0bbc3ac1fe8a32c8ebe66f96f

Download Submit
memory/336-3069-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/336-52-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/336-14-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/852-33-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/852-3121-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/852-73-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2228-12-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2228-3059-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2272-28-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2272-65-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2272-3079-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2280-21-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-57-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3111-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3363-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-102-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-78-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3346-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-50-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3134-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3343-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-66-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-597-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3183-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2692-58-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2692-362-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2800-110-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3356-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-47-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3127-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2988-31-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2988-293-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2988-113-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2988-7-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2988-19-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2988-69-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-53-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2988-23-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2988-782-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2988-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2988-686-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-108-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2988-0-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2988-783-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2988-44-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2988-40-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2988-60-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-84-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2988-786-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2988-111-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download