cobaltstrike | 7c3a8c4b6e8331072c3a737094236439e528af962ec18396d22c3fe24f69a460

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fdd598eec002f086f6909443c2b31832
SHA1

dbeee046b76f6a8c31d4a56f3dab59ab7d8d7f82
SHA256

7c3a8c4b6e8331072c3a737094236439e528af962ec18396d22c3fe24f69a460
SHA512

33b49aee15d4e0a940ac08fe8f329dd08e715741b04ad6b4229ebd5becd9af21d971d74f883ed97512663df95acf9d255ccec744f44a74be75fe2726d1a63c78
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001227e-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c51-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c4a-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-14.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d0e-43.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-49.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016814-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-126.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-88.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-64.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-73.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000171a8-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d06-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2492-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000a00000001227e-6.dat	xmrig
behavioral1/files/0x0008000000016c51-11.dat	xmrig
behavioral1/files/0x0008000000016c4a-8.dat	xmrig
behavioral1/files/0x0007000000016cc8-14.dat	xmrig
behavioral1/memory/2332-34-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d0e-43.dat	xmrig
behavioral1/memory/2740-46-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d18-49.dat	xmrig
behavioral1/files/0x0009000000016814-90.dat	xmrig
behavioral1/files/0x0005000000018683-114.dat	xmrig
behavioral1/files/0x000500000001873d-143.dat	xmrig
behavioral1/files/0x0005000000019350-188.dat	xmrig
behavioral1/memory/2656-521-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019282-178.dat	xmrig
behavioral1/files/0x0005000000019334-182.dat	xmrig
behavioral1/files/0x000500000001925e-168.dat	xmrig
behavioral1/files/0x0005000000019261-174.dat	xmrig
behavioral1/files/0x00050000000187a5-159.dat	xmrig
behavioral1/files/0x0006000000019023-162.dat	xmrig
behavioral1/files/0x0005000000018784-148.dat	xmrig
behavioral1/files/0x000500000001878f-153.dat	xmrig
behavioral1/files/0x0005000000018728-138.dat	xmrig
behavioral1/files/0x00050000000186fd-133.dat	xmrig
behavioral1/files/0x00050000000186ee-129.dat	xmrig
behavioral1/files/0x00050000000186e4-126.dat	xmrig
behavioral1/files/0x000d000000018676-103.dat	xmrig
behavioral1/files/0x00050000000186ea-119.dat	xmrig
behavioral1/memory/1692-117-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2884-110-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017492-88.dat	xmrig
behavioral1/files/0x00060000000174cc-99.dat	xmrig
behavioral1/memory/2492-97-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2780-96-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2492-95-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/3028-94-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017488-85.dat	xmrig
behavioral1/memory/2624-81-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2656-67-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2940-65-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x00060000000173a7-64.dat	xmrig
behavioral1/memory/2848-75-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x00060000000173a9-73.dat	xmrig
behavioral1/memory/2884-51-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2492-59-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2912-58-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000171a8-54.dat	xmrig
behavioral1/memory/2848-39-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d06-37.dat	xmrig
behavioral1/memory/1240-32-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2476-31-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2940-29-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2116-28-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cec-25.dat	xmrig
behavioral1/memory/2912-4017-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2884-4020-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2848-4019-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2940-4016-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2740-4015-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2332-4014-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2476-4013-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1240-4018-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2116-4012-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2656-4025-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2476	GvTIECe.exe
1240	bmrLIjg.exe
2116	lvtZCZL.exe
2332	fZADodm.exe
2940	btMveIU.exe
2848	CLXkkjr.exe
2740	eFjRGZw.exe
2884	xPSkzMd.exe
2912	QlAkmrN.exe
2656	VsOvXkF.exe
2624	wzvGMdk.exe
3028	kgHZMMR.exe
2780	fsPOoDg.exe
1692	xxnfhay.exe
1992	SHpwBfn.exe
1396	PDvKGdt.exe
1544	efXUrlT.exe
376	mUhHoJS.exe
352	VEkkHYu.exe
1008	YNmmCvw.exe
2044	bOZfvyM.exe
2900	oaunydD.exe
1916	XPCTFsg.exe
2908	XTAPFlE.exe
2236	sOgnzsX.exe
2556	aHeKHtq.exe
2648	OBIRzMl.exe
2920	kLedWwX.exe
1084	jJoviRh.exe
2792	sSbpYHp.exe
1252	xsxJBEY.exe
1780	yZmJkMy.exe
380	VSUhFoI.exe
1768	jaxSTvP.exe
900	Nmhhgrt.exe
1588	ZDWVRlP.exe
1592	EYpBJgY.exe
1196	WTAJDyS.exe
752	PoTgUgr.exe
1004	rLieISr.exe
2336	nSYIjos.exe
2276	PVAXgTz.exe
2544	SpprFcd.exe
2928	zmeBjba.exe
2368	mPcgRfa.exe
2352	tkGETkv.exe
1632	WujHmFN.exe
348	UPaMAzN.exe
3060	TZNSPFV.exe
1416	VZniOJz.exe
1108	jZKQygl.exe
2268	UBdICfe.exe
1516	dBPSkGJ.exe
2228	ayMTieI.exe
2400	ecrXtkG.exe
2320	ebsCZKP.exe
2716	LrOPVxq.exe
2764	HvARaRO.exe
2484	YhSBmPv.exe
2680	neGuaiV.exe
3040	TtblkhV.exe
308	OwWGROS.exe
2580	aXtZjBn.exe
2032	ksxjfEB.exe

Loads dropped DLL 64 IoCs

pid	Process
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2492-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000a00000001227e-6.dat	upx
behavioral1/files/0x0008000000016c51-11.dat	upx
behavioral1/files/0x0008000000016c4a-8.dat	upx
behavioral1/files/0x0007000000016cc8-14.dat	upx
behavioral1/memory/2332-34-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0009000000016d0e-43.dat	upx
behavioral1/memory/2740-46-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x0008000000016d18-49.dat	upx
behavioral1/files/0x0009000000016814-90.dat	upx
behavioral1/files/0x0005000000018683-114.dat	upx
behavioral1/files/0x000500000001873d-143.dat	upx
behavioral1/files/0x0005000000019350-188.dat	upx
behavioral1/memory/2656-521-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019282-178.dat	upx
behavioral1/files/0x0005000000019334-182.dat	upx
behavioral1/files/0x000500000001925e-168.dat	upx
behavioral1/files/0x0005000000019261-174.dat	upx
behavioral1/files/0x00050000000187a5-159.dat	upx
behavioral1/files/0x0006000000019023-162.dat	upx
behavioral1/files/0x0005000000018784-148.dat	upx
behavioral1/files/0x000500000001878f-153.dat	upx
behavioral1/files/0x0005000000018728-138.dat	upx
behavioral1/files/0x00050000000186fd-133.dat	upx
behavioral1/files/0x00050000000186ee-129.dat	upx
behavioral1/files/0x00050000000186e4-126.dat	upx
behavioral1/files/0x000d000000018676-103.dat	upx
behavioral1/files/0x00050000000186ea-119.dat	upx
behavioral1/memory/1692-117-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2884-110-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0006000000017492-88.dat	upx
behavioral1/files/0x00060000000174cc-99.dat	upx
behavioral1/memory/2780-96-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/3028-94-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0006000000017488-85.dat	upx
behavioral1/memory/2624-81-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2656-67-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2940-65-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x00060000000173a7-64.dat	upx
behavioral1/memory/2848-75-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x00060000000173a9-73.dat	upx
behavioral1/memory/2884-51-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2492-59-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2912-58-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00060000000171a8-54.dat	upx
behavioral1/memory/2848-39-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x0007000000016d06-37.dat	upx
behavioral1/memory/1240-32-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2476-31-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2940-29-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2116-28-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0007000000016cec-25.dat	upx
behavioral1/memory/2912-4017-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2884-4020-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2848-4019-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2940-4016-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2740-4015-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2332-4014-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2476-4013-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1240-4018-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2116-4012-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2656-4025-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1692-4024-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2780-4023-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KobHLvC.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlNVxyK.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRdnKMx.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSHemGk.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSLiTfM.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOMVLBa.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBApdIo.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Voxpafv.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwfTltN.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmVMmED.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juHBuSs.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBujpsG.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTfJkNg.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTGxiqe.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfEGBed.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdRPNdl.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbewGta.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqRXHgH.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydGeMsE.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbwNzVN.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOcLSYL.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzVgBOL.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwWGROS.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOgpvKo.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReXSMhf.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLWGUDL.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNiqjrW.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgtTRIo.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCuwwyC.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvysLsJ.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdTgAYZ.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XctmouD.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klcTGij.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtCIanM.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvHtZZh.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVHoxJz.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpecDou.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLqADPW.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sOgnzsX.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWCUkQe.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfFOYDH.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuutiPY.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCevpRu.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFCYQCK.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkGETkv.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWUWiLX.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIqjzWr.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIVavcJ.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbHQgPW.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbauDzg.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTwfGnN.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQYtErI.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQHDrKw.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skvKiZX.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgxaHxw.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOETdWK.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbRpGzr.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFjRGZw.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nmhhgrt.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkmlMgw.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdFWXew.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVoheMN.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBFKnmR.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMttzDo.exe	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2476	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2492 wrote to memory of 2476	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2492 wrote to memory of 2476	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2492 wrote to memory of 1240	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2492 wrote to memory of 1240	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2492 wrote to memory of 1240	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2492 wrote to memory of 2116	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2492 wrote to memory of 2116	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2492 wrote to memory of 2116	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2492 wrote to memory of 2940	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2492 wrote to memory of 2940	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2492 wrote to memory of 2940	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2492 wrote to memory of 2332	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2492 wrote to memory of 2332	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2492 wrote to memory of 2332	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2492 wrote to memory of 2848	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2492 wrote to memory of 2848	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2492 wrote to memory of 2848	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2492 wrote to memory of 2740	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2492 wrote to memory of 2740	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2492 wrote to memory of 2740	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2492 wrote to memory of 2884	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2492 wrote to memory of 2884	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2492 wrote to memory of 2884	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2492 wrote to memory of 2912	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2492 wrote to memory of 2912	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2492 wrote to memory of 2912	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2492 wrote to memory of 2656	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2492 wrote to memory of 2656	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2492 wrote to memory of 2656	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2492 wrote to memory of 2624	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2492 wrote to memory of 2624	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2492 wrote to memory of 2624	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2492 wrote to memory of 2780	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2492 wrote to memory of 2780	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2492 wrote to memory of 2780	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2492 wrote to memory of 3028	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2492 wrote to memory of 3028	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2492 wrote to memory of 3028	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2492 wrote to memory of 1992	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2492 wrote to memory of 1992	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2492 wrote to memory of 1992	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2492 wrote to memory of 1692	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2492 wrote to memory of 1692	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2492 wrote to memory of 1692	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2492 wrote to memory of 376	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2492 wrote to memory of 376	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2492 wrote to memory of 376	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2492 wrote to memory of 1396	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2492 wrote to memory of 1396	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2492 wrote to memory of 1396	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2492 wrote to memory of 352	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2492 wrote to memory of 352	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2492 wrote to memory of 352	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2492 wrote to memory of 1544	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2492 wrote to memory of 1544	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2492 wrote to memory of 1544	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2492 wrote to memory of 1008	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2492 wrote to memory of 1008	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2492 wrote to memory of 1008	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2492 wrote to memory of 2044	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2492 wrote to memory of 2044	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2492 wrote to memory of 2044	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2492 wrote to memory of 2900	2492	2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_fdd598eec002f086f6909443c2b31832_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\System\GvTIECe.exe
  C:\Windows\System\GvTIECe.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\bmrLIjg.exe
  C:\Windows\System\bmrLIjg.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\lvtZCZL.exe
  C:\Windows\System\lvtZCZL.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\btMveIU.exe
  C:\Windows\System\btMveIU.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\fZADodm.exe
  C:\Windows\System\fZADodm.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\CLXkkjr.exe
  C:\Windows\System\CLXkkjr.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\eFjRGZw.exe
  C:\Windows\System\eFjRGZw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\xPSkzMd.exe
  C:\Windows\System\xPSkzMd.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\QlAkmrN.exe
  C:\Windows\System\QlAkmrN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\VsOvXkF.exe
  C:\Windows\System\VsOvXkF.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\wzvGMdk.exe
  C:\Windows\System\wzvGMdk.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\fsPOoDg.exe
  C:\Windows\System\fsPOoDg.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\kgHZMMR.exe
  C:\Windows\System\kgHZMMR.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\SHpwBfn.exe
  C:\Windows\System\SHpwBfn.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\xxnfhay.exe
  C:\Windows\System\xxnfhay.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\mUhHoJS.exe
  C:\Windows\System\mUhHoJS.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\PDvKGdt.exe
  C:\Windows\System\PDvKGdt.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\VEkkHYu.exe
  C:\Windows\System\VEkkHYu.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\efXUrlT.exe
  C:\Windows\System\efXUrlT.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\YNmmCvw.exe
  C:\Windows\System\YNmmCvw.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\bOZfvyM.exe
  C:\Windows\System\bOZfvyM.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\oaunydD.exe
  C:\Windows\System\oaunydD.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\XPCTFsg.exe
  C:\Windows\System\XPCTFsg.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\XTAPFlE.exe
  C:\Windows\System\XTAPFlE.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\sOgnzsX.exe
  C:\Windows\System\sOgnzsX.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\aHeKHtq.exe
  C:\Windows\System\aHeKHtq.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\OBIRzMl.exe
  C:\Windows\System\OBIRzMl.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\kLedWwX.exe
  C:\Windows\System\kLedWwX.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\jJoviRh.exe
  C:\Windows\System\jJoviRh.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\sSbpYHp.exe
  C:\Windows\System\sSbpYHp.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\xsxJBEY.exe
  C:\Windows\System\xsxJBEY.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\yZmJkMy.exe
  C:\Windows\System\yZmJkMy.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\VSUhFoI.exe
  C:\Windows\System\VSUhFoI.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\jaxSTvP.exe
  C:\Windows\System\jaxSTvP.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\Nmhhgrt.exe
  C:\Windows\System\Nmhhgrt.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\ZDWVRlP.exe
  C:\Windows\System\ZDWVRlP.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\EYpBJgY.exe
  C:\Windows\System\EYpBJgY.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\WTAJDyS.exe
  C:\Windows\System\WTAJDyS.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\PoTgUgr.exe
  C:\Windows\System\PoTgUgr.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\nSYIjos.exe
  C:\Windows\System\nSYIjos.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\rLieISr.exe
  C:\Windows\System\rLieISr.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\PVAXgTz.exe
  C:\Windows\System\PVAXgTz.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\SpprFcd.exe
  C:\Windows\System\SpprFcd.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\mPcgRfa.exe
  C:\Windows\System\mPcgRfa.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\zmeBjba.exe
  C:\Windows\System\zmeBjba.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\WujHmFN.exe
  C:\Windows\System\WujHmFN.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\tkGETkv.exe
  C:\Windows\System\tkGETkv.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\UPaMAzN.exe
  C:\Windows\System\UPaMAzN.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\TZNSPFV.exe
  C:\Windows\System\TZNSPFV.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\VZniOJz.exe
  C:\Windows\System\VZniOJz.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\jZKQygl.exe
  C:\Windows\System\jZKQygl.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\UBdICfe.exe
  C:\Windows\System\UBdICfe.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\dBPSkGJ.exe
  C:\Windows\System\dBPSkGJ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\ayMTieI.exe
  C:\Windows\System\ayMTieI.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ecrXtkG.exe
  C:\Windows\System\ecrXtkG.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\ebsCZKP.exe
  C:\Windows\System\ebsCZKP.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\LrOPVxq.exe
  C:\Windows\System\LrOPVxq.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\HvARaRO.exe
  C:\Windows\System\HvARaRO.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\YhSBmPv.exe
  C:\Windows\System\YhSBmPv.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\neGuaiV.exe
  C:\Windows\System\neGuaiV.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\TtblkhV.exe
  C:\Windows\System\TtblkhV.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\OwWGROS.exe
  C:\Windows\System\OwWGROS.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\aXtZjBn.exe
  C:\Windows\System\aXtZjBn.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ksxjfEB.exe
  C:\Windows\System\ksxjfEB.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\jJEAfyb.exe
  C:\Windows\System\jJEAfyb.exe
  2⤵
  PID:2036
- C:\Windows\System\RSDAPOM.exe
  C:\Windows\System\RSDAPOM.exe
  2⤵
  PID:1736
- C:\Windows\System\nSVjbKq.exe
  C:\Windows\System\nSVjbKq.exe
  2⤵
  PID:604
- C:\Windows\System\qjicZXj.exe
  C:\Windows\System\qjicZXj.exe
  2⤵
  PID:1552
- C:\Windows\System\vMipPfR.exe
  C:\Windows\System\vMipPfR.exe
  2⤵
  PID:1284
- C:\Windows\System\aPLEQaa.exe
  C:\Windows\System\aPLEQaa.exe
  2⤵
  PID:2084
- C:\Windows\System\LOocwfW.exe
  C:\Windows\System\LOocwfW.exe
  2⤵
  PID:2308
- C:\Windows\System\WjVJuxh.exe
  C:\Windows\System\WjVJuxh.exe
  2⤵
  PID:1272
- C:\Windows\System\HWUWiLX.exe
  C:\Windows\System\HWUWiLX.exe
  2⤵
  PID:1848
- C:\Windows\System\gADznZS.exe
  C:\Windows\System\gADznZS.exe
  2⤵
  PID:1664
- C:\Windows\System\KPLkOrA.exe
  C:\Windows\System\KPLkOrA.exe
  2⤵
  PID:608
- C:\Windows\System\VVDXcnH.exe
  C:\Windows\System\VVDXcnH.exe
  2⤵
  PID:1596
- C:\Windows\System\oKMyeEh.exe
  C:\Windows\System\oKMyeEh.exe
  2⤵
  PID:1604
- C:\Windows\System\HvHtZZh.exe
  C:\Windows\System\HvHtZZh.exe
  2⤵
  PID:2572
- C:\Windows\System\OhWZOeq.exe
  C:\Windows\System\OhWZOeq.exe
  2⤵
  PID:2532
- C:\Windows\System\BAmhNbl.exe
  C:\Windows\System\BAmhNbl.exe
  2⤵
  PID:3020
- C:\Windows\System\FDbGpTL.exe
  C:\Windows\System\FDbGpTL.exe
  2⤵
  PID:316
- C:\Windows\System\ueWIUZR.exe
  C:\Windows\System\ueWIUZR.exe
  2⤵
  PID:804
- C:\Windows\System\wmTcwbo.exe
  C:\Windows\System\wmTcwbo.exe
  2⤵
  PID:3052
- C:\Windows\System\ujwBzWq.exe
  C:\Windows\System\ujwBzWq.exe
  2⤵
  PID:1180
- C:\Windows\System\ylPTjRf.exe
  C:\Windows\System\ylPTjRf.exe
  2⤵
  PID:1508
- C:\Windows\System\cQWGFOA.exe
  C:\Windows\System\cQWGFOA.exe
  2⤵
  PID:1480
- C:\Windows\System\BGLiLSd.exe
  C:\Windows\System\BGLiLSd.exe
  2⤵
  PID:2700
- C:\Windows\System\bxQHmIt.exe
  C:\Windows\System\bxQHmIt.exe
  2⤵
  PID:2728
- C:\Windows\System\xsENhno.exe
  C:\Windows\System\xsENhno.exe
  2⤵
  PID:2860
- C:\Windows\System\RiVKqFI.exe
  C:\Windows\System\RiVKqFI.exe
  2⤵
  PID:2892
- C:\Windows\System\EIeIIBa.exe
  C:\Windows\System\EIeIIBa.exe
  2⤵
  PID:2140
- C:\Windows\System\PeOyevE.exe
  C:\Windows\System\PeOyevE.exe
  2⤵
  PID:1688
- C:\Windows\System\etucWEJ.exe
  C:\Windows\System\etucWEJ.exe
  2⤵
  PID:1900
- C:\Windows\System\jpSnUwO.exe
  C:\Windows\System\jpSnUwO.exe
  2⤵
  PID:2708
- C:\Windows\System\ravmRnK.exe
  C:\Windows\System\ravmRnK.exe
  2⤵
  PID:1708
- C:\Windows\System\oGnCeER.exe
  C:\Windows\System\oGnCeER.exe
  2⤵
  PID:2196
- C:\Windows\System\SlNVxyK.exe
  C:\Windows\System\SlNVxyK.exe
  2⤵
  PID:2592
- C:\Windows\System\tcGMkhg.exe
  C:\Windows\System\tcGMkhg.exe
  2⤵
  PID:1348
- C:\Windows\System\zjeMnQm.exe
  C:\Windows\System\zjeMnQm.exe
  2⤵
  PID:1680
- C:\Windows\System\wvDOteP.exe
  C:\Windows\System\wvDOteP.exe
  2⤵
  PID:468
- C:\Windows\System\fHWicXU.exe
  C:\Windows\System\fHWicXU.exe
  2⤵
  PID:2164
- C:\Windows\System\VkVBHbj.exe
  C:\Windows\System\VkVBHbj.exe
  2⤵
  PID:1460
- C:\Windows\System\tkKMAfo.exe
  C:\Windows\System\tkKMAfo.exe
  2⤵
  PID:1628
- C:\Windows\System\ssUJPNz.exe
  C:\Windows\System\ssUJPNz.exe
  2⤵
  PID:2420
- C:\Windows\System\QuoKoaw.exe
  C:\Windows\System\QuoKoaw.exe
  2⤵
  PID:3084
- C:\Windows\System\kJXyElI.exe
  C:\Windows\System\kJXyElI.exe
  2⤵
  PID:3104
- C:\Windows\System\LKcIXbB.exe
  C:\Windows\System\LKcIXbB.exe
  2⤵
  PID:3124
- C:\Windows\System\CDvnsvM.exe
  C:\Windows\System\CDvnsvM.exe
  2⤵
  PID:3144
- C:\Windows\System\gHbSmns.exe
  C:\Windows\System\gHbSmns.exe
  2⤵
  PID:3164
- C:\Windows\System\ouHSsnb.exe
  C:\Windows\System\ouHSsnb.exe
  2⤵
  PID:3184
- C:\Windows\System\NeNXhrY.exe
  C:\Windows\System\NeNXhrY.exe
  2⤵
  PID:3204
- C:\Windows\System\aqLZwTR.exe
  C:\Windows\System\aqLZwTR.exe
  2⤵
  PID:3224
- C:\Windows\System\hrJNTVI.exe
  C:\Windows\System\hrJNTVI.exe
  2⤵
  PID:3244
- C:\Windows\System\HmSDhxA.exe
  C:\Windows\System\HmSDhxA.exe
  2⤵
  PID:3264
- C:\Windows\System\KavwFOg.exe
  C:\Windows\System\KavwFOg.exe
  2⤵
  PID:3284
- C:\Windows\System\acDWnZJ.exe
  C:\Windows\System\acDWnZJ.exe
  2⤵
  PID:3304
- C:\Windows\System\yQYtErI.exe
  C:\Windows\System\yQYtErI.exe
  2⤵
  PID:3324
- C:\Windows\System\NgrZpZi.exe
  C:\Windows\System\NgrZpZi.exe
  2⤵
  PID:3344
- C:\Windows\System\FnrXNmV.exe
  C:\Windows\System\FnrXNmV.exe
  2⤵
  PID:3364
- C:\Windows\System\yYVnrtp.exe
  C:\Windows\System\yYVnrtp.exe
  2⤵
  PID:3384
- C:\Windows\System\OVkQdsB.exe
  C:\Windows\System\OVkQdsB.exe
  2⤵
  PID:3404
- C:\Windows\System\xuaMtyk.exe
  C:\Windows\System\xuaMtyk.exe
  2⤵
  PID:3424
- C:\Windows\System\xdAaKJB.exe
  C:\Windows\System\xdAaKJB.exe
  2⤵
  PID:3444
- C:\Windows\System\AVthOyp.exe
  C:\Windows\System\AVthOyp.exe
  2⤵
  PID:3464
- C:\Windows\System\KNDeqnf.exe
  C:\Windows\System\KNDeqnf.exe
  2⤵
  PID:3484
- C:\Windows\System\CyHccri.exe
  C:\Windows\System\CyHccri.exe
  2⤵
  PID:3504
- C:\Windows\System\vCTWMJS.exe
  C:\Windows\System\vCTWMJS.exe
  2⤵
  PID:3524
- C:\Windows\System\ollmVaT.exe
  C:\Windows\System\ollmVaT.exe
  2⤵
  PID:3544
- C:\Windows\System\MmscwTm.exe
  C:\Windows\System\MmscwTm.exe
  2⤵
  PID:3564
- C:\Windows\System\oeWnSbz.exe
  C:\Windows\System\oeWnSbz.exe
  2⤵
  PID:3580
- C:\Windows\System\pNczAjB.exe
  C:\Windows\System\pNczAjB.exe
  2⤵
  PID:3604
- C:\Windows\System\RLDFurM.exe
  C:\Windows\System\RLDFurM.exe
  2⤵
  PID:3624
- C:\Windows\System\wfhAhHZ.exe
  C:\Windows\System\wfhAhHZ.exe
  2⤵
  PID:3644
- C:\Windows\System\EBQsVhs.exe
  C:\Windows\System\EBQsVhs.exe
  2⤵
  PID:3664
- C:\Windows\System\fCuaCOK.exe
  C:\Windows\System\fCuaCOK.exe
  2⤵
  PID:3684
- C:\Windows\System\vEyKkky.exe
  C:\Windows\System\vEyKkky.exe
  2⤵
  PID:3704
- C:\Windows\System\CAERhfn.exe
  C:\Windows\System\CAERhfn.exe
  2⤵
  PID:3724
- C:\Windows\System\kolEyMX.exe
  C:\Windows\System\kolEyMX.exe
  2⤵
  PID:3744
- C:\Windows\System\JYBEXTA.exe
  C:\Windows\System\JYBEXTA.exe
  2⤵
  PID:3764
- C:\Windows\System\NxzcGoQ.exe
  C:\Windows\System\NxzcGoQ.exe
  2⤵
  PID:3784
- C:\Windows\System\RyfdXrR.exe
  C:\Windows\System\RyfdXrR.exe
  2⤵
  PID:3804
- C:\Windows\System\iaGeWni.exe
  C:\Windows\System\iaGeWni.exe
  2⤵
  PID:3824
- C:\Windows\System\WgtsQaR.exe
  C:\Windows\System\WgtsQaR.exe
  2⤵
  PID:3848
- C:\Windows\System\FAZRhBV.exe
  C:\Windows\System\FAZRhBV.exe
  2⤵
  PID:3868
- C:\Windows\System\yarUlac.exe
  C:\Windows\System\yarUlac.exe
  2⤵
  PID:3888
- C:\Windows\System\oFZrkVs.exe
  C:\Windows\System\oFZrkVs.exe
  2⤵
  PID:3908
- C:\Windows\System\sthhIMx.exe
  C:\Windows\System\sthhIMx.exe
  2⤵
  PID:3928
- C:\Windows\System\gHrCFWP.exe
  C:\Windows\System\gHrCFWP.exe
  2⤵
  PID:3944
- C:\Windows\System\BaztinF.exe
  C:\Windows\System\BaztinF.exe
  2⤵
  PID:3964
- C:\Windows\System\gbdNRED.exe
  C:\Windows\System\gbdNRED.exe
  2⤵
  PID:3984
- C:\Windows\System\ClpAqsP.exe
  C:\Windows\System\ClpAqsP.exe
  2⤵
  PID:4000
- C:\Windows\System\IwbImfV.exe
  C:\Windows\System\IwbImfV.exe
  2⤵
  PID:4020
- C:\Windows\System\pGprXmi.exe
  C:\Windows\System\pGprXmi.exe
  2⤵
  PID:4040
- C:\Windows\System\KWCUkQe.exe
  C:\Windows\System\KWCUkQe.exe
  2⤵
  PID:4056
- C:\Windows\System\gIbwDdn.exe
  C:\Windows\System\gIbwDdn.exe
  2⤵
  PID:4072
- C:\Windows\System\pZqLQjM.exe
  C:\Windows\System\pZqLQjM.exe
  2⤵
  PID:3056
- C:\Windows\System\fnaVxWt.exe
  C:\Windows\System\fnaVxWt.exe
  2⤵
  PID:2376
- C:\Windows\System\QblvtxW.exe
  C:\Windows\System\QblvtxW.exe
  2⤵
  PID:2652
- C:\Windows\System\bvtvKFu.exe
  C:\Windows\System\bvtvKFu.exe
  2⤵
  PID:2664
- C:\Windows\System\WDrkHTk.exe
  C:\Windows\System\WDrkHTk.exe
  2⤵
  PID:1104
- C:\Windows\System\aoexqFC.exe
  C:\Windows\System\aoexqFC.exe
  2⤵
  PID:848
- C:\Windows\System\dmOYROJ.exe
  C:\Windows\System\dmOYROJ.exe
  2⤵
  PID:1404
- C:\Windows\System\iFehicz.exe
  C:\Windows\System\iFehicz.exe
  2⤵
  PID:1200
- C:\Windows\System\iRdnKMx.exe
  C:\Windows\System\iRdnKMx.exe
  2⤵
  PID:976
- C:\Windows\System\rmhoSUw.exe
  C:\Windows\System\rmhoSUw.exe
  2⤵
  PID:556
- C:\Windows\System\rDlQNNt.exe
  C:\Windows\System\rDlQNNt.exe
  2⤵
  PID:2364
- C:\Windows\System\LnKMKGv.exe
  C:\Windows\System\LnKMKGv.exe
  2⤵
  PID:3092
- C:\Windows\System\SvysLsJ.exe
  C:\Windows\System\SvysLsJ.exe
  2⤵
  PID:3112
- C:\Windows\System\YkzqhLf.exe
  C:\Windows\System\YkzqhLf.exe
  2⤵
  PID:3116
- C:\Windows\System\TJVGDiN.exe
  C:\Windows\System\TJVGDiN.exe
  2⤵
  PID:3152
- C:\Windows\System\JnmiPcR.exe
  C:\Windows\System\JnmiPcR.exe
  2⤵
  PID:3192
- C:\Windows\System\sCteJAA.exe
  C:\Windows\System\sCteJAA.exe
  2⤵
  PID:3240
- C:\Windows\System\pVnBVNu.exe
  C:\Windows\System\pVnBVNu.exe
  2⤵
  PID:3292
- C:\Windows\System\pAspcqr.exe
  C:\Windows\System\pAspcqr.exe
  2⤵
  PID:3276
- C:\Windows\System\wOgpvKo.exe
  C:\Windows\System\wOgpvKo.exe
  2⤵
  PID:3320
- C:\Windows\System\xHRIYZR.exe
  C:\Windows\System\xHRIYZR.exe
  2⤵
  PID:3352
- C:\Windows\System\ODxsvOq.exe
  C:\Windows\System\ODxsvOq.exe
  2⤵
  PID:3376
- C:\Windows\System\qjjurpe.exe
  C:\Windows\System\qjjurpe.exe
  2⤵
  PID:3432
- C:\Windows\System\igVbPSX.exe
  C:\Windows\System\igVbPSX.exe
  2⤵
  PID:3460
- C:\Windows\System\QVGvKyj.exe
  C:\Windows\System\QVGvKyj.exe
  2⤵
  PID:3476
- C:\Windows\System\YpkdKqL.exe
  C:\Windows\System\YpkdKqL.exe
  2⤵
  PID:3512
- C:\Windows\System\IpjoGhK.exe
  C:\Windows\System\IpjoGhK.exe
  2⤵
  PID:3540
- C:\Windows\System\UwmXaoL.exe
  C:\Windows\System\UwmXaoL.exe
  2⤵
  PID:3588
- C:\Windows\System\MNttpKk.exe
  C:\Windows\System\MNttpKk.exe
  2⤵
  PID:3616
- C:\Windows\System\MqqgeAe.exe
  C:\Windows\System\MqqgeAe.exe
  2⤵
  PID:3700
- C:\Windows\System\cSCdPXW.exe
  C:\Windows\System\cSCdPXW.exe
  2⤵
  PID:3736
- C:\Windows\System\DVsZmyK.exe
  C:\Windows\System\DVsZmyK.exe
  2⤵
  PID:3812
- C:\Windows\System\IvnLCyU.exe
  C:\Windows\System\IvnLCyU.exe
  2⤵
  PID:3676
- C:\Windows\System\HMwxmQt.exe
  C:\Windows\System\HMwxmQt.exe
  2⤵
  PID:3760
- C:\Windows\System\ZzUfkwh.exe
  C:\Windows\System\ZzUfkwh.exe
  2⤵
  PID:3856
- C:\Windows\System\PBYjSXj.exe
  C:\Windows\System\PBYjSXj.exe
  2⤵
  PID:3904
- C:\Windows\System\uSUHRma.exe
  C:\Windows\System\uSUHRma.exe
  2⤵
  PID:3976
- C:\Windows\System\DmVMmED.exe
  C:\Windows\System\DmVMmED.exe
  2⤵
  PID:3880
- C:\Windows\System\koSkoLy.exe
  C:\Windows\System\koSkoLy.exe
  2⤵
  PID:3920
- C:\Windows\System\AlMNASA.exe
  C:\Windows\System\AlMNASA.exe
  2⤵
  PID:4048
- C:\Windows\System\vfFOYDH.exe
  C:\Windows\System\vfFOYDH.exe
  2⤵
  PID:3956
- C:\Windows\System\juHBuSs.exe
  C:\Windows\System\juHBuSs.exe
  2⤵
  PID:1504
- C:\Windows\System\FeFLXlH.exe
  C:\Windows\System\FeFLXlH.exe
  2⤵
  PID:2392
- C:\Windows\System\hEPDGag.exe
  C:\Windows\System\hEPDGag.exe
  2⤵
  PID:2212
- C:\Windows\System\aOhmRDK.exe
  C:\Windows\System\aOhmRDK.exe
  2⤵
  PID:1584
- C:\Windows\System\QScuccc.exe
  C:\Windows\System\QScuccc.exe
  2⤵
  PID:1388
- C:\Windows\System\apSrpGY.exe
  C:\Windows\System\apSrpGY.exe
  2⤵
  PID:1864
- C:\Windows\System\ZBFKnmR.exe
  C:\Windows\System\ZBFKnmR.exe
  2⤵
  PID:1828
- C:\Windows\System\FvAsRlI.exe
  C:\Windows\System\FvAsRlI.exe
  2⤵
  PID:772
- C:\Windows\System\LtQVUsp.exe
  C:\Windows\System\LtQVUsp.exe
  2⤵
  PID:2444
- C:\Windows\System\xMBiFiV.exe
  C:\Windows\System\xMBiFiV.exe
  2⤵
  PID:560
- C:\Windows\System\NGDdzYV.exe
  C:\Windows\System\NGDdzYV.exe
  2⤵
  PID:3096
- C:\Windows\System\nISeYsV.exe
  C:\Windows\System\nISeYsV.exe
  2⤵
  PID:3196
- C:\Windows\System\znXTKtb.exe
  C:\Windows\System\znXTKtb.exe
  2⤵
  PID:760
- C:\Windows\System\sQTHcUE.exe
  C:\Windows\System\sQTHcUE.exe
  2⤵
  PID:3280
- C:\Windows\System\YCREQQK.exe
  C:\Windows\System\YCREQQK.exe
  2⤵
  PID:3396
- C:\Windows\System\tmlsYaa.exe
  C:\Windows\System\tmlsYaa.exe
  2⤵
  PID:3516
- C:\Windows\System\uWqFAsc.exe
  C:\Windows\System\uWqFAsc.exe
  2⤵
  PID:3732
- C:\Windows\System\eSFDyGA.exe
  C:\Windows\System\eSFDyGA.exe
  2⤵
  PID:3752
- C:\Windows\System\XKXpius.exe
  C:\Windows\System\XKXpius.exe
  2⤵
  PID:3972
- C:\Windows\System\iIsTocm.exe
  C:\Windows\System\iIsTocm.exe
  2⤵
  PID:3256
- C:\Windows\System\tiJlSSC.exe
  C:\Windows\System\tiJlSSC.exe
  2⤵
  PID:3356
- C:\Windows\System\QSuLdSk.exe
  C:\Windows\System\QSuLdSk.exe
  2⤵
  PID:3068
- C:\Windows\System\JlKGqDh.exe
  C:\Windows\System\JlKGqDh.exe
  2⤵
  PID:2808
- C:\Windows\System\PGfXPjm.exe
  C:\Windows\System\PGfXPjm.exe
  2⤵
  PID:3652
- C:\Windows\System\YdghjeV.exe
  C:\Windows\System\YdghjeV.exe
  2⤵
  PID:3636
- C:\Windows\System\cjQUYHn.exe
  C:\Windows\System\cjQUYHn.exe
  2⤵
  PID:4120
- C:\Windows\System\DrKIUlE.exe
  C:\Windows\System\DrKIUlE.exe
  2⤵
  PID:4140
- C:\Windows\System\eJhMHhr.exe
  C:\Windows\System\eJhMHhr.exe
  2⤵
  PID:4160
- C:\Windows\System\xdTgAYZ.exe
  C:\Windows\System\xdTgAYZ.exe
  2⤵
  PID:4180
- C:\Windows\System\ReXSMhf.exe
  C:\Windows\System\ReXSMhf.exe
  2⤵
  PID:4196
- C:\Windows\System\KLvXrKs.exe
  C:\Windows\System\KLvXrKs.exe
  2⤵
  PID:4216
- C:\Windows\System\gJHzAKm.exe
  C:\Windows\System\gJHzAKm.exe
  2⤵
  PID:4240
- C:\Windows\System\UyFsSQb.exe
  C:\Windows\System\UyFsSQb.exe
  2⤵
  PID:4260
- C:\Windows\System\kGGHzHq.exe
  C:\Windows\System\kGGHzHq.exe
  2⤵
  PID:4284
- C:\Windows\System\vRCbYqU.exe
  C:\Windows\System\vRCbYqU.exe
  2⤵
  PID:4304
- C:\Windows\System\OPPQhlA.exe
  C:\Windows\System\OPPQhlA.exe
  2⤵
  PID:4324
- C:\Windows\System\YhdyWMk.exe
  C:\Windows\System\YhdyWMk.exe
  2⤵
  PID:4344
- C:\Windows\System\kOJARRb.exe
  C:\Windows\System\kOJARRb.exe
  2⤵
  PID:4364
- C:\Windows\System\kMxXWYW.exe
  C:\Windows\System\kMxXWYW.exe
  2⤵
  PID:4384
- C:\Windows\System\NQLMSCP.exe
  C:\Windows\System\NQLMSCP.exe
  2⤵
  PID:4404
- C:\Windows\System\ELFWrSA.exe
  C:\Windows\System\ELFWrSA.exe
  2⤵
  PID:4424
- C:\Windows\System\phNXNhl.exe
  C:\Windows\System\phNXNhl.exe
  2⤵
  PID:4444
- C:\Windows\System\zRzCfRm.exe
  C:\Windows\System\zRzCfRm.exe
  2⤵
  PID:4464
- C:\Windows\System\doBoLeZ.exe
  C:\Windows\System\doBoLeZ.exe
  2⤵
  PID:4484
- C:\Windows\System\OaRaNvW.exe
  C:\Windows\System\OaRaNvW.exe
  2⤵
  PID:4504
- C:\Windows\System\yIKzIvL.exe
  C:\Windows\System\yIKzIvL.exe
  2⤵
  PID:4524
- C:\Windows\System\zTiiYNm.exe
  C:\Windows\System\zTiiYNm.exe
  2⤵
  PID:4544
- C:\Windows\System\MqFNeBv.exe
  C:\Windows\System\MqFNeBv.exe
  2⤵
  PID:4564
- C:\Windows\System\beRgUcJ.exe
  C:\Windows\System\beRgUcJ.exe
  2⤵
  PID:4584
- C:\Windows\System\KhzyvOE.exe
  C:\Windows\System\KhzyvOE.exe
  2⤵
  PID:4604
- C:\Windows\System\GpiSpXf.exe
  C:\Windows\System\GpiSpXf.exe
  2⤵
  PID:4624
- C:\Windows\System\uHLgRDj.exe
  C:\Windows\System\uHLgRDj.exe
  2⤵
  PID:4644
- C:\Windows\System\lhxzIAu.exe
  C:\Windows\System\lhxzIAu.exe
  2⤵
  PID:4664
- C:\Windows\System\dONLAec.exe
  C:\Windows\System\dONLAec.exe
  2⤵
  PID:4684
- C:\Windows\System\Kiamsmo.exe
  C:\Windows\System\Kiamsmo.exe
  2⤵
  PID:4704
- C:\Windows\System\nflhwTh.exe
  C:\Windows\System\nflhwTh.exe
  2⤵
  PID:4724
- C:\Windows\System\xBDNGQD.exe
  C:\Windows\System\xBDNGQD.exe
  2⤵
  PID:4744
- C:\Windows\System\baVpBzt.exe
  C:\Windows\System\baVpBzt.exe
  2⤵
  PID:4764
- C:\Windows\System\eBujpsG.exe
  C:\Windows\System\eBujpsG.exe
  2⤵
  PID:4784
- C:\Windows\System\MMZylJV.exe
  C:\Windows\System\MMZylJV.exe
  2⤵
  PID:4804
- C:\Windows\System\mhaLJBj.exe
  C:\Windows\System\mhaLJBj.exe
  2⤵
  PID:4824
- C:\Windows\System\ZtcyNWe.exe
  C:\Windows\System\ZtcyNWe.exe
  2⤵
  PID:4848
- C:\Windows\System\VyGQvAw.exe
  C:\Windows\System\VyGQvAw.exe
  2⤵
  PID:4868
- C:\Windows\System\xJvafbl.exe
  C:\Windows\System\xJvafbl.exe
  2⤵
  PID:4888
- C:\Windows\System\iOrQSoc.exe
  C:\Windows\System\iOrQSoc.exe
  2⤵
  PID:4908
- C:\Windows\System\quiGKyp.exe
  C:\Windows\System\quiGKyp.exe
  2⤵
  PID:4928
- C:\Windows\System\HRVpTiI.exe
  C:\Windows\System\HRVpTiI.exe
  2⤵
  PID:4948
- C:\Windows\System\uIHPRfX.exe
  C:\Windows\System\uIHPRfX.exe
  2⤵
  PID:4968
- C:\Windows\System\oOpcsCs.exe
  C:\Windows\System\oOpcsCs.exe
  2⤵
  PID:4988
- C:\Windows\System\wGRoWPx.exe
  C:\Windows\System\wGRoWPx.exe
  2⤵
  PID:5008
- C:\Windows\System\fTQVuft.exe
  C:\Windows\System\fTQVuft.exe
  2⤵
  PID:5024
- C:\Windows\System\AIUkkrd.exe
  C:\Windows\System\AIUkkrd.exe
  2⤵
  PID:5048
- C:\Windows\System\TqnGjEl.exe
  C:\Windows\System\TqnGjEl.exe
  2⤵
  PID:5068
- C:\Windows\System\XctmouD.exe
  C:\Windows\System\XctmouD.exe
  2⤵
  PID:5088
- C:\Windows\System\XPDfraA.exe
  C:\Windows\System\XPDfraA.exe
  2⤵
  PID:5104
- C:\Windows\System\qeCdbrd.exe
  C:\Windows\System\qeCdbrd.exe
  2⤵
  PID:3716
- C:\Windows\System\CTfJkNg.exe
  C:\Windows\System\CTfJkNg.exe
  2⤵
  PID:3156
- C:\Windows\System\EozILxY.exe
  C:\Windows\System\EozILxY.exe
  2⤵
  PID:3480
- C:\Windows\System\KfTRPSk.exe
  C:\Windows\System\KfTRPSk.exe
  2⤵
  PID:3100
- C:\Windows\System\RsQNQfz.exe
  C:\Windows\System\RsQNQfz.exe
  2⤵
  PID:3136
- C:\Windows\System\XIOKNXD.exe
  C:\Windows\System\XIOKNXD.exe
  2⤵
  PID:3336
- C:\Windows\System\jLlAQtT.exe
  C:\Windows\System\jLlAQtT.exe
  2⤵
  PID:3620
- C:\Windows\System\vpwCjmf.exe
  C:\Windows\System\vpwCjmf.exe
  2⤵
  PID:1896
- C:\Windows\System\xMbcSXj.exe
  C:\Windows\System\xMbcSXj.exe
  2⤵
  PID:4032
- C:\Windows\System\fxdSzvp.exe
  C:\Windows\System\fxdSzvp.exe
  2⤵
  PID:3672
- C:\Windows\System\zSPMemm.exe
  C:\Windows\System\zSPMemm.exe
  2⤵
  PID:3884
- C:\Windows\System\GKPhcom.exe
  C:\Windows\System\GKPhcom.exe
  2⤵
  PID:3452
- C:\Windows\System\XhnCTAK.exe
  C:\Windows\System\XhnCTAK.exe
  2⤵
  PID:3332
- C:\Windows\System\jAVCUBF.exe
  C:\Windows\System\jAVCUBF.exe
  2⤵
  PID:3576
- C:\Windows\System\QuTgQKT.exe
  C:\Windows\System\QuTgQKT.exe
  2⤵
  PID:1188
- C:\Windows\System\ONNgQJl.exe
  C:\Windows\System\ONNgQJl.exe
  2⤵
  PID:4116
- C:\Windows\System\nQlBeFy.exe
  C:\Windows\System\nQlBeFy.exe
  2⤵
  PID:4112
- C:\Windows\System\XpsDwsh.exe
  C:\Windows\System\XpsDwsh.exe
  2⤵
  PID:4156
- C:\Windows\System\DuutiPY.exe
  C:\Windows\System\DuutiPY.exe
  2⤵
  PID:4232
- C:\Windows\System\LGabTru.exe
  C:\Windows\System\LGabTru.exe
  2⤵
  PID:4268
- C:\Windows\System\xdpLsdA.exe
  C:\Windows\System\xdpLsdA.exe
  2⤵
  PID:4280
- C:\Windows\System\GPkqOfb.exe
  C:\Windows\System\GPkqOfb.exe
  2⤵
  PID:4292
- C:\Windows\System\sSHemGk.exe
  C:\Windows\System\sSHemGk.exe
  2⤵
  PID:4316
- C:\Windows\System\KdFXzCQ.exe
  C:\Windows\System\KdFXzCQ.exe
  2⤵
  PID:4356
- C:\Windows\System\yXdanVT.exe
  C:\Windows\System\yXdanVT.exe
  2⤵
  PID:4380
- C:\Windows\System\GAfNtij.exe
  C:\Windows\System\GAfNtij.exe
  2⤵
  PID:4412
- C:\Windows\System\dQjvWvY.exe
  C:\Windows\System\dQjvWvY.exe
  2⤵
  PID:4460
- C:\Windows\System\oPqZBjj.exe
  C:\Windows\System\oPqZBjj.exe
  2⤵
  PID:4512
- C:\Windows\System\Bcaukkf.exe
  C:\Windows\System\Bcaukkf.exe
  2⤵
  PID:4496
- C:\Windows\System\QOBVgVm.exe
  C:\Windows\System\QOBVgVm.exe
  2⤵
  PID:4560
- C:\Windows\System\VofdLkF.exe
  C:\Windows\System\VofdLkF.exe
  2⤵
  PID:4592
- C:\Windows\System\QbGrclh.exe
  C:\Windows\System\QbGrclh.exe
  2⤵
  PID:4620
- C:\Windows\System\CeIiZqV.exe
  C:\Windows\System\CeIiZqV.exe
  2⤵
  PID:4672
- C:\Windows\System\JDRskVI.exe
  C:\Windows\System\JDRskVI.exe
  2⤵
  PID:4692
- C:\Windows\System\TuHOgnh.exe
  C:\Windows\System\TuHOgnh.exe
  2⤵
  PID:4732
- C:\Windows\System\SWJkorC.exe
  C:\Windows\System\SWJkorC.exe
  2⤵
  PID:4740
- C:\Windows\System\ogkJqkR.exe
  C:\Windows\System\ogkJqkR.exe
  2⤵
  PID:4772
- C:\Windows\System\rMhIEdA.exe
  C:\Windows\System\rMhIEdA.exe
  2⤵
  PID:4832
- C:\Windows\System\jMTTqjk.exe
  C:\Windows\System\jMTTqjk.exe
  2⤵
  PID:4884
- C:\Windows\System\knuhNyU.exe
  C:\Windows\System\knuhNyU.exe
  2⤵
  PID:4896
- C:\Windows\System\eufCVqe.exe
  C:\Windows\System\eufCVqe.exe
  2⤵
  PID:4920
- C:\Windows\System\JzXWzVT.exe
  C:\Windows\System\JzXWzVT.exe
  2⤵
  PID:4940
- C:\Windows\System\GLlnnwH.exe
  C:\Windows\System\GLlnnwH.exe
  2⤵
  PID:4976
- C:\Windows\System\uweEpkZ.exe
  C:\Windows\System\uweEpkZ.exe
  2⤵
  PID:5044
- C:\Windows\System\BiIzKoY.exe
  C:\Windows\System\BiIzKoY.exe
  2⤵
  PID:5064
- C:\Windows\System\sOlPhGR.exe
  C:\Windows\System\sOlPhGR.exe
  2⤵
  PID:5112
- C:\Windows\System\EAOzXyo.exe
  C:\Windows\System\EAOzXyo.exe
  2⤵
  PID:3776
- C:\Windows\System\JNBXNPQ.exe
  C:\Windows\System\JNBXNPQ.exe
  2⤵
  PID:3416
- C:\Windows\System\crkunOg.exe
  C:\Windows\System\crkunOg.exe
  2⤵
  PID:3836
- C:\Windows\System\wCkCpso.exe
  C:\Windows\System\wCkCpso.exe
  2⤵
  PID:3220
- C:\Windows\System\gUlSlXy.exe
  C:\Windows\System\gUlSlXy.exe
  2⤵
  PID:1608
- C:\Windows\System\fvPlJEb.exe
  C:\Windows\System\fvPlJEb.exe
  2⤵
  PID:2620
- C:\Windows\System\phhOHNk.exe
  C:\Windows\System\phhOHNk.exe
  2⤵
  PID:3952
- C:\Windows\System\DPVoyIw.exe
  C:\Windows\System\DPVoyIw.exe
  2⤵
  PID:3936
- C:\Windows\System\eoPYuzt.exe
  C:\Windows\System\eoPYuzt.exe
  2⤵
  PID:3560
- C:\Windows\System\ggrZler.exe
  C:\Windows\System\ggrZler.exe
  2⤵
  PID:4108
- C:\Windows\System\rmCeYzE.exe
  C:\Windows\System\rmCeYzE.exe
  2⤵
  PID:4188
- C:\Windows\System\QUxVacf.exe
  C:\Windows\System\QUxVacf.exe
  2⤵
  PID:2800
- C:\Windows\System\gcaarCn.exe
  C:\Windows\System\gcaarCn.exe
  2⤵
  PID:2816
- C:\Windows\System\mKIKgjK.exe
  C:\Windows\System\mKIKgjK.exe
  2⤵
  PID:4256
- C:\Windows\System\ewpYxKV.exe
  C:\Windows\System\ewpYxKV.exe
  2⤵
  PID:4300
- C:\Windows\System\XjsiejR.exe
  C:\Windows\System\XjsiejR.exe
  2⤵
  PID:4400
- C:\Windows\System\EykewSy.exe
  C:\Windows\System\EykewSy.exe
  2⤵
  PID:4436
- C:\Windows\System\gCucJox.exe
  C:\Windows\System\gCucJox.exe
  2⤵
  PID:4476
- C:\Windows\System\uwjGsEl.exe
  C:\Windows\System\uwjGsEl.exe
  2⤵
  PID:4532
- C:\Windows\System\hSYnMZb.exe
  C:\Windows\System\hSYnMZb.exe
  2⤵
  PID:4640
- C:\Windows\System\CQtTFxn.exe
  C:\Windows\System\CQtTFxn.exe
  2⤵
  PID:4632
- C:\Windows\System\FEXDprZ.exe
  C:\Windows\System\FEXDprZ.exe
  2⤵
  PID:4716
- C:\Windows\System\MgnKNoW.exe
  C:\Windows\System\MgnKNoW.exe
  2⤵
  PID:4792
- C:\Windows\System\mGZxdhq.exe
  C:\Windows\System\mGZxdhq.exe
  2⤵
  PID:4816
- C:\Windows\System\AzhWQss.exe
  C:\Windows\System\AzhWQss.exe
  2⤵
  PID:4904
- C:\Windows\System\dLGHVtg.exe
  C:\Windows\System\dLGHVtg.exe
  2⤵
  PID:4944
- C:\Windows\System\BpYObZn.exe
  C:\Windows\System\BpYObZn.exe
  2⤵
  PID:4956
- C:\Windows\System\RKWXhcR.exe
  C:\Windows\System\RKWXhcR.exe
  2⤵
  PID:5056
- C:\Windows\System\DwXPFBF.exe
  C:\Windows\System\DwXPFBF.exe
  2⤵
  PID:5080
- C:\Windows\System\dAazxXI.exe
  C:\Windows\System\dAazxXI.exe
  2⤵
  PID:2284
- C:\Windows\System\TMUypKQ.exe
  C:\Windows\System\TMUypKQ.exe
  2⤵
  PID:4844
- C:\Windows\System\ifzZVCa.exe
  C:\Windows\System\ifzZVCa.exe
  2⤵
  PID:3916
- C:\Windows\System\zXSLIld.exe
  C:\Windows\System\zXSLIld.exe
  2⤵
  PID:592
- C:\Windows\System\fiHYYWD.exe
  C:\Windows\System\fiHYYWD.exe
  2⤵
  PID:4028
- C:\Windows\System\NvXxYwl.exe
  C:\Windows\System\NvXxYwl.exe
  2⤵
  PID:5132
- C:\Windows\System\ofBmMJA.exe
  C:\Windows\System\ofBmMJA.exe
  2⤵
  PID:5156
- C:\Windows\System\GGgBcMm.exe
  C:\Windows\System\GGgBcMm.exe
  2⤵
  PID:5176
- C:\Windows\System\xeQRHbv.exe
  C:\Windows\System\xeQRHbv.exe
  2⤵
  PID:5196
- C:\Windows\System\xCnbEhN.exe
  C:\Windows\System\xCnbEhN.exe
  2⤵
  PID:5216
- C:\Windows\System\hAxdVlD.exe
  C:\Windows\System\hAxdVlD.exe
  2⤵
  PID:5236
- C:\Windows\System\LyAUfKR.exe
  C:\Windows\System\LyAUfKR.exe
  2⤵
  PID:5256
- C:\Windows\System\xkllcfV.exe
  C:\Windows\System\xkllcfV.exe
  2⤵
  PID:5276
- C:\Windows\System\gwmKgAq.exe
  C:\Windows\System\gwmKgAq.exe
  2⤵
  PID:5296
- C:\Windows\System\IeyAZAw.exe
  C:\Windows\System\IeyAZAw.exe
  2⤵
  PID:5316
- C:\Windows\System\zrbYKUO.exe
  C:\Windows\System\zrbYKUO.exe
  2⤵
  PID:5336
- C:\Windows\System\ZuGcXkP.exe
  C:\Windows\System\ZuGcXkP.exe
  2⤵
  PID:5356
- C:\Windows\System\xXlPsDG.exe
  C:\Windows\System\xXlPsDG.exe
  2⤵
  PID:5376
- C:\Windows\System\BtTxgbQ.exe
  C:\Windows\System\BtTxgbQ.exe
  2⤵
  PID:5396
- C:\Windows\System\bioqONA.exe
  C:\Windows\System\bioqONA.exe
  2⤵
  PID:5416
- C:\Windows\System\hDdoumL.exe
  C:\Windows\System\hDdoumL.exe
  2⤵
  PID:5436
- C:\Windows\System\wsdxeBB.exe
  C:\Windows\System\wsdxeBB.exe
  2⤵
  PID:5456
- C:\Windows\System\zkmlMgw.exe
  C:\Windows\System\zkmlMgw.exe
  2⤵
  PID:5476
- C:\Windows\System\RNuWQyH.exe
  C:\Windows\System\RNuWQyH.exe
  2⤵
  PID:5496
- C:\Windows\System\xBaTwzR.exe
  C:\Windows\System\xBaTwzR.exe
  2⤵
  PID:5516
- C:\Windows\System\SijGcMZ.exe
  C:\Windows\System\SijGcMZ.exe
  2⤵
  PID:5536
- C:\Windows\System\laiNIYD.exe
  C:\Windows\System\laiNIYD.exe
  2⤵
  PID:5556
- C:\Windows\System\LljYmpP.exe
  C:\Windows\System\LljYmpP.exe
  2⤵
  PID:5576
- C:\Windows\System\kNOoRjQ.exe
  C:\Windows\System\kNOoRjQ.exe
  2⤵
  PID:5596
- C:\Windows\System\TRJpjTF.exe
  C:\Windows\System\TRJpjTF.exe
  2⤵
  PID:5616
- C:\Windows\System\goShXXr.exe
  C:\Windows\System\goShXXr.exe
  2⤵
  PID:5636
- C:\Windows\System\hAcwust.exe
  C:\Windows\System\hAcwust.exe
  2⤵
  PID:5660
- C:\Windows\System\gSQsmhf.exe
  C:\Windows\System\gSQsmhf.exe
  2⤵
  PID:5680
- C:\Windows\System\CjjkSaJ.exe
  C:\Windows\System\CjjkSaJ.exe
  2⤵
  PID:5700
- C:\Windows\System\JDpXfSL.exe
  C:\Windows\System\JDpXfSL.exe
  2⤵
  PID:5720
- C:\Windows\System\AVHUzxV.exe
  C:\Windows\System\AVHUzxV.exe
  2⤵
  PID:5740
- C:\Windows\System\WfPHOKD.exe
  C:\Windows\System\WfPHOKD.exe
  2⤵
  PID:5760
- C:\Windows\System\sbxERaQ.exe
  C:\Windows\System\sbxERaQ.exe
  2⤵
  PID:5780
- C:\Windows\System\hZNYGvU.exe
  C:\Windows\System\hZNYGvU.exe
  2⤵
  PID:5800
- C:\Windows\System\TyczoLN.exe
  C:\Windows\System\TyczoLN.exe
  2⤵
  PID:5820
- C:\Windows\System\ChyPinL.exe
  C:\Windows\System\ChyPinL.exe
  2⤵
  PID:5840
- C:\Windows\System\AIHFAvq.exe
  C:\Windows\System\AIHFAvq.exe
  2⤵
  PID:5860
- C:\Windows\System\wtVGkzU.exe
  C:\Windows\System\wtVGkzU.exe
  2⤵
  PID:5880
- C:\Windows\System\FJkKLti.exe
  C:\Windows\System\FJkKLti.exe
  2⤵
  PID:5900
- C:\Windows\System\oXtOQUz.exe
  C:\Windows\System\oXtOQUz.exe
  2⤵
  PID:5920
- C:\Windows\System\lFwmPdJ.exe
  C:\Windows\System\lFwmPdJ.exe
  2⤵
  PID:5940
- C:\Windows\System\XqeZgbn.exe
  C:\Windows\System\XqeZgbn.exe
  2⤵
  PID:5960
- C:\Windows\System\xTRGjEs.exe
  C:\Windows\System\xTRGjEs.exe
  2⤵
  PID:5980
- C:\Windows\System\xVHoxJz.exe
  C:\Windows\System\xVHoxJz.exe
  2⤵
  PID:6000
- C:\Windows\System\fiuLPpe.exe
  C:\Windows\System\fiuLPpe.exe
  2⤵
  PID:6016
- C:\Windows\System\ppbDbJC.exe
  C:\Windows\System\ppbDbJC.exe
  2⤵
  PID:6040
- C:\Windows\System\wQzRCuD.exe
  C:\Windows\System\wQzRCuD.exe
  2⤵
  PID:6060
- C:\Windows\System\MMttzDo.exe
  C:\Windows\System\MMttzDo.exe
  2⤵
  PID:6080
- C:\Windows\System\juzIhsl.exe
  C:\Windows\System\juzIhsl.exe
  2⤵
  PID:6100
- C:\Windows\System\asMIwWU.exe
  C:\Windows\System\asMIwWU.exe
  2⤵
  PID:6120
- C:\Windows\System\hJNcqwj.exe
  C:\Windows\System\hJNcqwj.exe
  2⤵
  PID:6140
- C:\Windows\System\KCNHuvb.exe
  C:\Windows\System\KCNHuvb.exe
  2⤵
  PID:4132
- C:\Windows\System\GLWGUDL.exe
  C:\Windows\System\GLWGUDL.exe
  2⤵
  PID:4168
- C:\Windows\System\isJxRRF.exe
  C:\Windows\System\isJxRRF.exe
  2⤵
  PID:2812
- C:\Windows\System\sqRXAsw.exe
  C:\Windows\System\sqRXAsw.exe
  2⤵
  PID:4396
- C:\Windows\System\ncsfVyn.exe
  C:\Windows\System\ncsfVyn.exe
  2⤵
  PID:4520
- C:\Windows\System\bSnyoKl.exe
  C:\Windows\System\bSnyoKl.exe
  2⤵
  PID:4540
- C:\Windows\System\SqOMwSc.exe
  C:\Windows\System\SqOMwSc.exe
  2⤵
  PID:4596
- C:\Windows\System\gqQfwfP.exe
  C:\Windows\System\gqQfwfP.exe
  2⤵
  PID:4696
- C:\Windows\System\RKPtFKG.exe
  C:\Windows\System\RKPtFKG.exe
  2⤵
  PID:4812
- C:\Windows\System\yhRRDFU.exe
  C:\Windows\System\yhRRDFU.exe
  2⤵
  PID:4964
- C:\Windows\System\XzENQCe.exe
  C:\Windows\System\XzENQCe.exe
  2⤵
  PID:4980
- C:\Windows\System\MjGaaxt.exe
  C:\Windows\System\MjGaaxt.exe
  2⤵
  PID:3860
- C:\Windows\System\AlNsmfA.exe
  C:\Windows\System\AlNsmfA.exe
  2⤵
  PID:3412
- C:\Windows\System\ZevNixs.exe
  C:\Windows\System\ZevNixs.exe
  2⤵
  PID:3212
- C:\Windows\System\NIbkiGF.exe
  C:\Windows\System\NIbkiGF.exe
  2⤵
  PID:5124
- C:\Windows\System\ysETBrw.exe
  C:\Windows\System\ysETBrw.exe
  2⤵
  PID:5152
- C:\Windows\System\oiscyxF.exe
  C:\Windows\System\oiscyxF.exe
  2⤵
  PID:5184
- C:\Windows\System\EDBKqNc.exe
  C:\Windows\System\EDBKqNc.exe
  2⤵
  PID:5208
- C:\Windows\System\ZhNyHZI.exe
  C:\Windows\System\ZhNyHZI.exe
  2⤵
  PID:5252
- C:\Windows\System\eIJaVqc.exe
  C:\Windows\System\eIJaVqc.exe
  2⤵
  PID:5272
- C:\Windows\System\Gltjlll.exe
  C:\Windows\System\Gltjlll.exe
  2⤵
  PID:5312
- C:\Windows\System\GqdnEiF.exe
  C:\Windows\System\GqdnEiF.exe
  2⤵
  PID:5372
- C:\Windows\System\MPleaPn.exe
  C:\Windows\System\MPleaPn.exe
  2⤵
  PID:5384
- C:\Windows\System\badbxnL.exe
  C:\Windows\System\badbxnL.exe
  2⤵
  PID:5408
- C:\Windows\System\fRcSooY.exe
  C:\Windows\System\fRcSooY.exe
  2⤵
  PID:5452
- C:\Windows\System\QREUEnD.exe
  C:\Windows\System\QREUEnD.exe
  2⤵
  PID:5472
- C:\Windows\System\vKrbPsH.exe
  C:\Windows\System\vKrbPsH.exe
  2⤵
  PID:5508
- C:\Windows\System\lzxfyeM.exe
  C:\Windows\System\lzxfyeM.exe
  2⤵
  PID:5564
- C:\Windows\System\hPVZNAk.exe
  C:\Windows\System\hPVZNAk.exe
  2⤵
  PID:5584
- C:\Windows\System\wvvfaWq.exe
  C:\Windows\System\wvvfaWq.exe
  2⤵
  PID:5608
- C:\Windows\System\oumjtcW.exe
  C:\Windows\System\oumjtcW.exe
  2⤵
  PID:5656
- C:\Windows\System\NoPfiIJ.exe
  C:\Windows\System\NoPfiIJ.exe
  2⤵
  PID:5692
- C:\Windows\System\CmqEaOx.exe
  C:\Windows\System\CmqEaOx.exe
  2⤵
  PID:5716
- C:\Windows\System\seeOroA.exe
  C:\Windows\System\seeOroA.exe
  2⤵
  PID:5748
- C:\Windows\System\DJKALCP.exe
  C:\Windows\System\DJKALCP.exe
  2⤵
  PID:5788
- C:\Windows\System\uJHVLXz.exe
  C:\Windows\System\uJHVLXz.exe
  2⤵
  PID:5812
- C:\Windows\System\fVSuHPz.exe
  C:\Windows\System\fVSuHPz.exe
  2⤵
  PID:5836
- C:\Windows\System\lAahpng.exe
  C:\Windows\System\lAahpng.exe
  2⤵
  PID:5896
- C:\Windows\System\LrkbxVd.exe
  C:\Windows\System\LrkbxVd.exe
  2⤵
  PID:5936
- C:\Windows\System\BvdIxnY.exe
  C:\Windows\System\BvdIxnY.exe
  2⤵
  PID:5956
- C:\Windows\System\SEMeSZh.exe
  C:\Windows\System\SEMeSZh.exe
  2⤵
  PID:5988
- C:\Windows\System\vYaprxV.exe
  C:\Windows\System\vYaprxV.exe
  2⤵
  PID:6048
- C:\Windows\System\OmKwMSW.exe
  C:\Windows\System\OmKwMSW.exe
  2⤵
  PID:6052
- C:\Windows\System\HIVNPhE.exe
  C:\Windows\System\HIVNPhE.exe
  2⤵
  PID:6092
- C:\Windows\System\bMBvIFN.exe
  C:\Windows\System\bMBvIFN.exe
  2⤵
  PID:6128
- C:\Windows\System\eTpsSFj.exe
  C:\Windows\System\eTpsSFj.exe
  2⤵
  PID:4228
- C:\Windows\System\xMXikuu.exe
  C:\Windows\System\xMXikuu.exe
  2⤵
  PID:4352
- C:\Windows\System\saoSOJN.exe
  C:\Windows\System\saoSOJN.exe
  2⤵
  PID:4208
- C:\Windows\System\egqzmRC.exe
  C:\Windows\System\egqzmRC.exe
  2⤵
  PID:4572
- C:\Windows\System\TaVoeFi.exe
  C:\Windows\System\TaVoeFi.exe
  2⤵
  PID:2512
- C:\Windows\System\HzMmKwd.exe
  C:\Windows\System\HzMmKwd.exe
  2⤵
  PID:4736
- C:\Windows\System\TYFwtoC.exe
  C:\Windows\System\TYFwtoC.exe
  2⤵
  PID:4860
- C:\Windows\System\EHDiseW.exe
  C:\Windows\System\EHDiseW.exe
  2⤵
  PID:5100
- C:\Windows\System\AJgUoWi.exe
  C:\Windows\System\AJgUoWi.exe
  2⤵
  PID:4080
- C:\Windows\System\KeyCcSp.exe
  C:\Windows\System\KeyCcSp.exe
  2⤵
  PID:5140
- C:\Windows\System\fTHDiVC.exe
  C:\Windows\System\fTHDiVC.exe
  2⤵
  PID:5212
- C:\Windows\System\eVsIejU.exe
  C:\Windows\System\eVsIejU.exe
  2⤵
  PID:5144
- C:\Windows\System\TrPyPpi.exe
  C:\Windows\System\TrPyPpi.exe
  2⤵
  PID:5292
- C:\Windows\System\DzUJIhm.exe
  C:\Windows\System\DzUJIhm.exe
  2⤵
  PID:5364
- C:\Windows\System\bongRsr.exe
  C:\Windows\System\bongRsr.exe
  2⤵
  PID:5404
- C:\Windows\System\jYIJTLF.exe
  C:\Windows\System\jYIJTLF.exe
  2⤵
  PID:5444
- C:\Windows\System\ZFhYwKy.exe
  C:\Windows\System\ZFhYwKy.exe
  2⤵
  PID:5492
- C:\Windows\System\zYwFiMP.exe
  C:\Windows\System\zYwFiMP.exe
  2⤵
  PID:5544
- C:\Windows\System\tvYzqNv.exe
  C:\Windows\System\tvYzqNv.exe
  2⤵
  PID:5548
- C:\Windows\System\zdVwatg.exe
  C:\Windows\System\zdVwatg.exe
  2⤵
  PID:5628
- C:\Windows\System\oMJuHFv.exe
  C:\Windows\System\oMJuHFv.exe
  2⤵
  PID:5736
- C:\Windows\System\XXgnLMo.exe
  C:\Windows\System\XXgnLMo.exe
  2⤵
  PID:5752
- C:\Windows\System\CTxbypd.exe
  C:\Windows\System\CTxbypd.exe
  2⤵
  PID:5792
- C:\Windows\System\MQCbFbs.exe
  C:\Windows\System\MQCbFbs.exe
  2⤵
  PID:5852
- C:\Windows\System\NABXraC.exe
  C:\Windows\System\NABXraC.exe
  2⤵
  PID:5948
- C:\Windows\System\agvQIUl.exe
  C:\Windows\System\agvQIUl.exe
  2⤵
  PID:5976
- C:\Windows\System\HYsBhzq.exe
  C:\Windows\System\HYsBhzq.exe
  2⤵
  PID:6028
- C:\Windows\System\eJfSQfY.exe
  C:\Windows\System\eJfSQfY.exe
  2⤵
  PID:6088
- C:\Windows\System\gwaseAz.exe
  C:\Windows\System\gwaseAz.exe
  2⤵
  PID:6132
- C:\Windows\System\hHbXzhf.exe
  C:\Windows\System\hHbXzhf.exe
  2⤵
  PID:4296
- C:\Windows\System\VWBhlKr.exe
  C:\Windows\System\VWBhlKr.exe
  2⤵
  PID:4492
- C:\Windows\System\lvLfdhe.exe
  C:\Windows\System\lvLfdhe.exe
  2⤵
  PID:4916
- C:\Windows\System\NvaYOVs.exe
  C:\Windows\System\NvaYOVs.exe
  2⤵
  PID:4900
- C:\Windows\System\YcQKdcc.exe
  C:\Windows\System\YcQKdcc.exe
  2⤵
  PID:3400
- C:\Windows\System\wCevpRu.exe
  C:\Windows\System\wCevpRu.exe
  2⤵
  PID:5128
- C:\Windows\System\BHORguT.exe
  C:\Windows\System\BHORguT.exe
  2⤵
  PID:6160
- C:\Windows\System\SeDpNaJ.exe
  C:\Windows\System\SeDpNaJ.exe
  2⤵
  PID:6180
- C:\Windows\System\ysGkhYw.exe
  C:\Windows\System\ysGkhYw.exe
  2⤵
  PID:6200
- C:\Windows\System\QFLMQTt.exe
  C:\Windows\System\QFLMQTt.exe
  2⤵
  PID:6220
- C:\Windows\System\nlihwbW.exe
  C:\Windows\System\nlihwbW.exe
  2⤵
  PID:6240
- C:\Windows\System\SUyCnKI.exe
  C:\Windows\System\SUyCnKI.exe
  2⤵
  PID:6260
- C:\Windows\System\wiLEJrM.exe
  C:\Windows\System\wiLEJrM.exe
  2⤵
  PID:6280
- C:\Windows\System\DeKjslF.exe
  C:\Windows\System\DeKjslF.exe
  2⤵
  PID:6300
- C:\Windows\System\rhwYIWh.exe
  C:\Windows\System\rhwYIWh.exe
  2⤵
  PID:6320
- C:\Windows\System\txfAmHV.exe
  C:\Windows\System\txfAmHV.exe
  2⤵
  PID:6340
- C:\Windows\System\umGuKLx.exe
  C:\Windows\System\umGuKLx.exe
  2⤵
  PID:6360
- C:\Windows\System\aqrADYX.exe
  C:\Windows\System\aqrADYX.exe
  2⤵
  PID:6380
- C:\Windows\System\wUcFdWK.exe
  C:\Windows\System\wUcFdWK.exe
  2⤵
  PID:6400
- C:\Windows\System\xyEplRi.exe
  C:\Windows\System\xyEplRi.exe
  2⤵
  PID:6420
- C:\Windows\System\MczPXgP.exe
  C:\Windows\System\MczPXgP.exe
  2⤵
  PID:6440
- C:\Windows\System\tlbbUhj.exe
  C:\Windows\System\tlbbUhj.exe
  2⤵
  PID:6464
- C:\Windows\System\gfbmIgh.exe
  C:\Windows\System\gfbmIgh.exe
  2⤵
  PID:6488
- C:\Windows\System\dNJGzZw.exe
  C:\Windows\System\dNJGzZw.exe
  2⤵
  PID:6508
- C:\Windows\System\TgIpZie.exe
  C:\Windows\System\TgIpZie.exe
  2⤵
  PID:6528
- C:\Windows\System\FzUKxei.exe
  C:\Windows\System\FzUKxei.exe
  2⤵
  PID:6548
- C:\Windows\System\SgOgKJr.exe
  C:\Windows\System\SgOgKJr.exe
  2⤵
  PID:6568
- C:\Windows\System\klcTGij.exe
  C:\Windows\System\klcTGij.exe
  2⤵
  PID:6588
- C:\Windows\System\ERbFbgJ.exe
  C:\Windows\System\ERbFbgJ.exe
  2⤵
  PID:6608
- C:\Windows\System\eWPsqsj.exe
  C:\Windows\System\eWPsqsj.exe
  2⤵
  PID:6628
- C:\Windows\System\SILdszf.exe
  C:\Windows\System\SILdszf.exe
  2⤵
  PID:6648
- C:\Windows\System\iSFZpIG.exe
  C:\Windows\System\iSFZpIG.exe
  2⤵
  PID:6668
- C:\Windows\System\REWDkYg.exe
  C:\Windows\System\REWDkYg.exe
  2⤵
  PID:6688
- C:\Windows\System\iKPGJGp.exe
  C:\Windows\System\iKPGJGp.exe
  2⤵
  PID:6708
- C:\Windows\System\mvYOUiR.exe
  C:\Windows\System\mvYOUiR.exe
  2⤵
  PID:6728
- C:\Windows\System\ZTGxiqe.exe
  C:\Windows\System\ZTGxiqe.exe
  2⤵
  PID:6748
- C:\Windows\System\MdcIoqi.exe
  C:\Windows\System\MdcIoqi.exe
  2⤵
  PID:6768
- C:\Windows\System\qyDHYSd.exe
  C:\Windows\System\qyDHYSd.exe
  2⤵
  PID:6788
- C:\Windows\System\PntZuhK.exe
  C:\Windows\System\PntZuhK.exe
  2⤵
  PID:6808
- C:\Windows\System\FWznygo.exe
  C:\Windows\System\FWznygo.exe
  2⤵
  PID:6828
- C:\Windows\System\fJMvPwh.exe
  C:\Windows\System\fJMvPwh.exe
  2⤵
  PID:6848
- C:\Windows\System\IWyNZfp.exe
  C:\Windows\System\IWyNZfp.exe
  2⤵
  PID:6868
- C:\Windows\System\qbZmxwH.exe
  C:\Windows\System\qbZmxwH.exe
  2⤵
  PID:6888
- C:\Windows\System\EGygZBX.exe
  C:\Windows\System\EGygZBX.exe
  2⤵
  PID:6908
- C:\Windows\System\XMLhdOd.exe
  C:\Windows\System\XMLhdOd.exe
  2⤵
  PID:6928
- C:\Windows\System\mjyHMcE.exe
  C:\Windows\System\mjyHMcE.exe
  2⤵
  PID:6948
- C:\Windows\System\IyLmVuB.exe
  C:\Windows\System\IyLmVuB.exe
  2⤵
  PID:6968
- C:\Windows\System\SCcUrRw.exe
  C:\Windows\System\SCcUrRw.exe
  2⤵
  PID:6988
- C:\Windows\System\XSUBYLj.exe
  C:\Windows\System\XSUBYLj.exe
  2⤵
  PID:7008
- C:\Windows\System\tiKPZCY.exe
  C:\Windows\System\tiKPZCY.exe
  2⤵
  PID:7028
- C:\Windows\System\KXshDkF.exe
  C:\Windows\System\KXshDkF.exe
  2⤵
  PID:7048
- C:\Windows\System\UlRevzy.exe
  C:\Windows\System\UlRevzy.exe
  2⤵
  PID:7068
- C:\Windows\System\TWRGMil.exe
  C:\Windows\System\TWRGMil.exe
  2⤵
  PID:7088
- C:\Windows\System\WVgHZJP.exe
  C:\Windows\System\WVgHZJP.exe
  2⤵
  PID:7108
- C:\Windows\System\dkUYRWi.exe
  C:\Windows\System\dkUYRWi.exe
  2⤵
  PID:7128
- C:\Windows\System\MoFWIlc.exe
  C:\Windows\System\MoFWIlc.exe
  2⤵
  PID:7148
- C:\Windows\System\CTNLJCk.exe
  C:\Windows\System\CTNLJCk.exe
  2⤵
  PID:5188
- C:\Windows\System\UaeUJyJ.exe
  C:\Windows\System\UaeUJyJ.exe
  2⤵
  PID:5228
- C:\Windows\System\MGlHztj.exe
  C:\Windows\System\MGlHztj.exe
  2⤵
  PID:5368
- C:\Windows\System\dTAWucr.exe
  C:\Windows\System\dTAWucr.exe
  2⤵
  PID:5428
- C:\Windows\System\pyUkJME.exe
  C:\Windows\System\pyUkJME.exe
  2⤵
  PID:5604
- C:\Windows\System\eDGZayx.exe
  C:\Windows\System\eDGZayx.exe
  2⤵
  PID:5588
- C:\Windows\System\plIAWOS.exe
  C:\Windows\System\plIAWOS.exe
  2⤵
  PID:5688
- C:\Windows\System\xaXGHTL.exe
  C:\Windows\System\xaXGHTL.exe
  2⤵
  PID:5776
- C:\Windows\System\ohsrAGT.exe
  C:\Windows\System\ohsrAGT.exe
  2⤵
  PID:5856
- C:\Windows\System\xzdwZrX.exe
  C:\Windows\System\xzdwZrX.exe
  2⤵
  PID:5992
- C:\Windows\System\EQCOdbX.exe
  C:\Windows\System\EQCOdbX.exe
  2⤵
  PID:6096
- C:\Windows\System\qgGYWoH.exe
  C:\Windows\System\qgGYWoH.exe
  2⤵
  PID:4068
- C:\Windows\System\famLtWV.exe
  C:\Windows\System\famLtWV.exe
  2⤵
  PID:4420
- C:\Windows\System\SMKtYGw.exe
  C:\Windows\System\SMKtYGw.exe
  2⤵
  PID:5000
- C:\Windows\System\bQWDdWh.exe
  C:\Windows\System\bQWDdWh.exe
  2⤵
  PID:4104
- C:\Windows\System\fgtTRIo.exe
  C:\Windows\System\fgtTRIo.exe
  2⤵
  PID:6176
- C:\Windows\System\ZDqMNVE.exe
  C:\Windows\System\ZDqMNVE.exe
  2⤵
  PID:6196
- C:\Windows\System\EcgREgE.exe
  C:\Windows\System\EcgREgE.exe
  2⤵
  PID:6228
- C:\Windows\System\DMyXAyi.exe
  C:\Windows\System\DMyXAyi.exe
  2⤵
  PID:6252
- C:\Windows\System\LjVChdD.exe
  C:\Windows\System\LjVChdD.exe
  2⤵
  PID:6296
- C:\Windows\System\fUOikvc.exe
  C:\Windows\System\fUOikvc.exe
  2⤵
  PID:2732
- C:\Windows\System\hWsZWqr.exe
  C:\Windows\System\hWsZWqr.exe
  2⤵
  PID:6368
- C:\Windows\System\ryOZPXO.exe
  C:\Windows\System\ryOZPXO.exe
  2⤵
  PID:6388
- C:\Windows\System\qUSVpwW.exe
  C:\Windows\System\qUSVpwW.exe
  2⤵
  PID:6412
- C:\Windows\System\jIKXXNs.exe
  C:\Windows\System\jIKXXNs.exe
  2⤵
  PID:6452
- C:\Windows\System\BkJNBCL.exe
  C:\Windows\System\BkJNBCL.exe
  2⤵
  PID:6504
- C:\Windows\System\yNkxCIu.exe
  C:\Windows\System\yNkxCIu.exe
  2⤵
  PID:6524
- C:\Windows\System\iOPyPgX.exe
  C:\Windows\System\iOPyPgX.exe
  2⤵
  PID:6576
- C:\Windows\System\YnrgioB.exe
  C:\Windows\System\YnrgioB.exe
  2⤵
  PID:2500
- C:\Windows\System\rxQPBkB.exe
  C:\Windows\System\rxQPBkB.exe
  2⤵
  PID:6620
- C:\Windows\System\jdnedwp.exe
  C:\Windows\System\jdnedwp.exe
  2⤵
  PID:6656
- C:\Windows\System\ZqkRhrf.exe
  C:\Windows\System\ZqkRhrf.exe
  2⤵
  PID:6676
- C:\Windows\System\UMYYWVt.exe
  C:\Windows\System\UMYYWVt.exe
  2⤵
  PID:6716
- C:\Windows\System\iMUyEdS.exe
  C:\Windows\System\iMUyEdS.exe
  2⤵
  PID:6740
- C:\Windows\System\IlShufd.exe
  C:\Windows\System\IlShufd.exe
  2⤵
  PID:6784
- C:\Windows\System\AWlDOzS.exe
  C:\Windows\System\AWlDOzS.exe
  2⤵
  PID:6804
- C:\Windows\System\FWWLXrj.exe
  C:\Windows\System\FWWLXrj.exe
  2⤵
  PID:6836
- C:\Windows\System\cxFHqVy.exe
  C:\Windows\System\cxFHqVy.exe
  2⤵
  PID:6864
- C:\Windows\System\TcbumYp.exe
  C:\Windows\System\TcbumYp.exe
  2⤵
  PID:6896
- C:\Windows\System\xwcdMIq.exe
  C:\Windows\System\xwcdMIq.exe
  2⤵
  PID:6944
- C:\Windows\System\wMEzLgv.exe
  C:\Windows\System\wMEzLgv.exe
  2⤵
  PID:6940
- C:\Windows\System\gboeDfg.exe
  C:\Windows\System\gboeDfg.exe
  2⤵
  PID:6976
- C:\Windows\System\tZKEsmW.exe
  C:\Windows\System\tZKEsmW.exe
  2⤵
  PID:7004
- C:\Windows\System\FdugdyG.exe
  C:\Windows\System\FdugdyG.exe
  2⤵
  PID:7036
- C:\Windows\System\uYatcPo.exe
  C:\Windows\System\uYatcPo.exe
  2⤵
  PID:7060
- C:\Windows\System\lngpwKC.exe
  C:\Windows\System\lngpwKC.exe
  2⤵
  PID:7100
- C:\Windows\System\hTmcUsi.exe
  C:\Windows\System\hTmcUsi.exe
  2⤵
  PID:7120
- C:\Windows\System\FRtlusg.exe
  C:\Windows\System\FRtlusg.exe
  2⤵
  PID:7164
- C:\Windows\System\sdjGXXG.exe
  C:\Windows\System\sdjGXXG.exe
  2⤵
  PID:5304
- C:\Windows\System\EPIahTh.exe
  C:\Windows\System\EPIahTh.exe
  2⤵
  PID:5412
- C:\Windows\System\vRIlUrh.exe
  C:\Windows\System\vRIlUrh.exe
  2⤵
  PID:5568
- C:\Windows\System\GPaZNDJ.exe
  C:\Windows\System\GPaZNDJ.exe
  2⤵
  PID:5672
- C:\Windows\System\DxIZjPU.exe
  C:\Windows\System\DxIZjPU.exe
  2⤵
  PID:5892
- C:\Windows\System\bfUflKS.exe
  C:\Windows\System\bfUflKS.exe
  2⤵
  PID:6036
- C:\Windows\System\vHYBoNi.exe
  C:\Windows\System\vHYBoNi.exe
  2⤵
  PID:5652
- C:\Windows\System\tlpWIjE.exe
  C:\Windows\System\tlpWIjE.exe
  2⤵
  PID:4636
- C:\Windows\System\ISxvTog.exe
  C:\Windows\System\ISxvTog.exe
  2⤵
  PID:2856
- C:\Windows\System\HwyZKYU.exe
  C:\Windows\System\HwyZKYU.exe
  2⤵
  PID:6216
- C:\Windows\System\ghbMxJW.exe
  C:\Windows\System\ghbMxJW.exe
  2⤵
  PID:6236
- C:\Windows\System\sOPBJvH.exe
  C:\Windows\System\sOPBJvH.exe
  2⤵
  PID:6232
- C:\Windows\System\yzOyMZM.exe
  C:\Windows\System\yzOyMZM.exe
  2⤵
  PID:6328
- C:\Windows\System\UErAvvf.exe
  C:\Windows\System\UErAvvf.exe
  2⤵
  PID:6416
- C:\Windows\System\VcMYvuo.exe
  C:\Windows\System\VcMYvuo.exe
  2⤵
  PID:6436
- C:\Windows\System\gLAhmZU.exe
  C:\Windows\System\gLAhmZU.exe
  2⤵
  PID:6448
- C:\Windows\System\pQsIJSj.exe
  C:\Windows\System\pQsIJSj.exe
  2⤵
  PID:6604
- C:\Windows\System\ppGIxgr.exe
  C:\Windows\System\ppGIxgr.exe
  2⤵
  PID:6560
- C:\Windows\System\IajaxLl.exe
  C:\Windows\System\IajaxLl.exe
  2⤵
  PID:2280
- C:\Windows\System\yGCjbsY.exe
  C:\Windows\System\yGCjbsY.exe
  2⤵
  PID:6724
- C:\Windows\System\DNBfXjF.exe
  C:\Windows\System\DNBfXjF.exe
  2⤵
  PID:6776
- C:\Windows\System\Tnaamwo.exe
  C:\Windows\System\Tnaamwo.exe
  2⤵
  PID:6764
- C:\Windows\System\sdkUsAM.exe
  C:\Windows\System\sdkUsAM.exe
  2⤵
  PID:6880
- C:\Windows\System\dLwwFIC.exe
  C:\Windows\System\dLwwFIC.exe
  2⤵
  PID:6876
- C:\Windows\System\JSnEpKI.exe
  C:\Windows\System\JSnEpKI.exe
  2⤵
  PID:6916
- C:\Windows\System\pvlSrsl.exe
  C:\Windows\System\pvlSrsl.exe
  2⤵
  PID:7016
- C:\Windows\System\GbFtyvO.exe
  C:\Windows\System\GbFtyvO.exe
  2⤵
  PID:7040
- C:\Windows\System\JJlhNBD.exe
  C:\Windows\System\JJlhNBD.exe
  2⤵
  PID:7140
- C:\Windows\System\pvQZGls.exe
  C:\Windows\System\pvQZGls.exe
  2⤵
  PID:5288
- C:\Windows\System\JHQoSNa.exe
  C:\Windows\System\JHQoSNa.exe
  2⤵
  PID:5772
- C:\Windows\System\ZiUnZYX.exe
  C:\Windows\System\ZiUnZYX.exe
  2⤵
  PID:5464
- C:\Windows\System\sYwNGeZ.exe
  C:\Windows\System\sYwNGeZ.exe
  2⤵
  PID:5952
- C:\Windows\System\BzTKdJZ.exe
  C:\Windows\System\BzTKdJZ.exe
  2⤵
  PID:1704
- C:\Windows\System\oaeGJiK.exe
  C:\Windows\System\oaeGJiK.exe
  2⤵
  PID:3876
- C:\Windows\System\iJaUZJU.exe
  C:\Windows\System\iJaUZJU.exe
  2⤵
  PID:6152
- C:\Windows\System\xmaUvKH.exe
  C:\Windows\System\xmaUvKH.exe
  2⤵
  PID:6288
- C:\Windows\System\hoNHAEe.exe
  C:\Windows\System\hoNHAEe.exe
  2⤵
  PID:6308
- C:\Windows\System\EHBVeVV.exe
  C:\Windows\System\EHBVeVV.exe
  2⤵
  PID:6496
- C:\Windows\System\FASbFDg.exe
  C:\Windows\System\FASbFDg.exe
  2⤵
  PID:6540
- C:\Windows\System\OttINNa.exe
  C:\Windows\System\OttINNa.exe
  2⤵
  PID:6660
- C:\Windows\System\AuBmgmf.exe
  C:\Windows\System\AuBmgmf.exe
  2⤵
  PID:6824
- C:\Windows\System\wNfFxxy.exe
  C:\Windows\System\wNfFxxy.exe
  2⤵
  PID:6704
- C:\Windows\System\jnDQcIl.exe
  C:\Windows\System\jnDQcIl.exe
  2⤵
  PID:6936
- C:\Windows\System\tjEEthv.exe
  C:\Windows\System\tjEEthv.exe
  2⤵
  PID:6924
- C:\Windows\System\jSQQDGG.exe
  C:\Windows\System\jSQQDGG.exe
  2⤵
  PID:6964
- C:\Windows\System\huYCBSn.exe
  C:\Windows\System\huYCBSn.exe
  2⤵
  PID:7084
- C:\Windows\System\rjUvYzZ.exe
  C:\Windows\System\rjUvYzZ.exe
  2⤵
  PID:5816
- C:\Windows\System\ImYYDtD.exe
  C:\Windows\System\ImYYDtD.exe
  2⤵
  PID:5928
- C:\Windows\System\yJWYPvp.exe
  C:\Windows\System\yJWYPvp.exe
  2⤵
  PID:7184
- C:\Windows\System\fIlVxul.exe
  C:\Windows\System\fIlVxul.exe
  2⤵
  PID:7204
- C:\Windows\System\thrOcdG.exe
  C:\Windows\System\thrOcdG.exe
  2⤵
  PID:7224
- C:\Windows\System\djjdJvm.exe
  C:\Windows\System\djjdJvm.exe
  2⤵
  PID:7244
- C:\Windows\System\pBNwgAj.exe
  C:\Windows\System\pBNwgAj.exe
  2⤵
  PID:7264
- C:\Windows\System\PNkPiHV.exe
  C:\Windows\System\PNkPiHV.exe
  2⤵
  PID:7284
- C:\Windows\System\dwytrbk.exe
  C:\Windows\System\dwytrbk.exe
  2⤵
  PID:7304
- C:\Windows\System\TIblJxH.exe
  C:\Windows\System\TIblJxH.exe
  2⤵
  PID:7324
- C:\Windows\System\FooRizy.exe
  C:\Windows\System\FooRizy.exe
  2⤵
  PID:7344
- C:\Windows\System\oeeCbuC.exe
  C:\Windows\System\oeeCbuC.exe
  2⤵
  PID:7364
- C:\Windows\System\HelnqsW.exe
  C:\Windows\System\HelnqsW.exe
  2⤵
  PID:7384
- C:\Windows\System\WyHEgNi.exe
  C:\Windows\System\WyHEgNi.exe
  2⤵
  PID:7404
- C:\Windows\System\AvIOGpo.exe
  C:\Windows\System\AvIOGpo.exe
  2⤵
  PID:7424
- C:\Windows\System\hUAdklS.exe
  C:\Windows\System\hUAdklS.exe
  2⤵
  PID:7444
- C:\Windows\System\YvClShK.exe
  C:\Windows\System\YvClShK.exe
  2⤵
  PID:7468
- C:\Windows\System\JnAfQJW.exe
  C:\Windows\System\JnAfQJW.exe
  2⤵
  PID:7488
- C:\Windows\System\iVPPCQu.exe
  C:\Windows\System\iVPPCQu.exe
  2⤵
  PID:7508
- C:\Windows\System\cKuzXbP.exe
  C:\Windows\System\cKuzXbP.exe
  2⤵
  PID:7528
- C:\Windows\System\ouCMbnm.exe
  C:\Windows\System\ouCMbnm.exe
  2⤵
  PID:7544
- C:\Windows\System\IZgkIgW.exe
  C:\Windows\System\IZgkIgW.exe
  2⤵
  PID:7568
- C:\Windows\System\ztBgmcp.exe
  C:\Windows\System\ztBgmcp.exe
  2⤵
  PID:7588
- C:\Windows\System\IJnypek.exe
  C:\Windows\System\IJnypek.exe
  2⤵
  PID:7608
- C:\Windows\System\IdfySar.exe
  C:\Windows\System\IdfySar.exe
  2⤵
  PID:7628
- C:\Windows\System\CRekDsO.exe
  C:\Windows\System\CRekDsO.exe
  2⤵
  PID:7648
- C:\Windows\System\KqVmVMJ.exe
  C:\Windows\System\KqVmVMJ.exe
  2⤵
  PID:7668
- C:\Windows\System\vkCLwTe.exe
  C:\Windows\System\vkCLwTe.exe
  2⤵
  PID:7688
- C:\Windows\System\UVDQsqm.exe
  C:\Windows\System\UVDQsqm.exe
  2⤵
  PID:7708
- C:\Windows\System\qjvyWtc.exe
  C:\Windows\System\qjvyWtc.exe
  2⤵
  PID:7728
- C:\Windows\System\pHTqRVu.exe
  C:\Windows\System\pHTqRVu.exe
  2⤵
  PID:7748
- C:\Windows\System\DkAwVcg.exe
  C:\Windows\System\DkAwVcg.exe
  2⤵
  PID:7768
- C:\Windows\System\ttTrJgu.exe
  C:\Windows\System\ttTrJgu.exe
  2⤵
  PID:7788
- C:\Windows\System\SMkEJhB.exe
  C:\Windows\System\SMkEJhB.exe
  2⤵
  PID:7808
- C:\Windows\System\lhBDdJP.exe
  C:\Windows\System\lhBDdJP.exe
  2⤵
  PID:7828
- C:\Windows\System\qufTCXS.exe
  C:\Windows\System\qufTCXS.exe
  2⤵
  PID:7848
- C:\Windows\System\qiCVNmY.exe
  C:\Windows\System\qiCVNmY.exe
  2⤵
  PID:7868
- C:\Windows\System\fSuZgcm.exe
  C:\Windows\System\fSuZgcm.exe
  2⤵
  PID:7888
- C:\Windows\System\tguqaMc.exe
  C:\Windows\System\tguqaMc.exe
  2⤵
  PID:7908
- C:\Windows\System\wrllhYj.exe
  C:\Windows\System\wrllhYj.exe
  2⤵
  PID:7928
- C:\Windows\System\JiuNkpv.exe
  C:\Windows\System\JiuNkpv.exe
  2⤵
  PID:7944
- C:\Windows\System\NSJhMte.exe
  C:\Windows\System\NSJhMte.exe
  2⤵
  PID:7968
- C:\Windows\System\KRYDpZt.exe
  C:\Windows\System\KRYDpZt.exe
  2⤵
  PID:7988
- C:\Windows\System\zBtntvC.exe
  C:\Windows\System\zBtntvC.exe
  2⤵
  PID:8008
- C:\Windows\System\IJfXQOP.exe
  C:\Windows\System\IJfXQOP.exe
  2⤵
  PID:8024
- C:\Windows\System\hgukbNf.exe
  C:\Windows\System\hgukbNf.exe
  2⤵
  PID:8048
- C:\Windows\System\KPaBEJN.exe
  C:\Windows\System\KPaBEJN.exe
  2⤵
  PID:8068
- C:\Windows\System\WHotXqd.exe
  C:\Windows\System\WHotXqd.exe
  2⤵
  PID:8092
- C:\Windows\System\VpoRYgR.exe
  C:\Windows\System\VpoRYgR.exe
  2⤵
  PID:8112
- C:\Windows\System\fLWHEZg.exe
  C:\Windows\System\fLWHEZg.exe
  2⤵
  PID:8132
- C:\Windows\System\hbfZnga.exe
  C:\Windows\System\hbfZnga.exe
  2⤵
  PID:8152
- C:\Windows\System\HfTmPpl.exe
  C:\Windows\System\HfTmPpl.exe
  2⤵
  PID:8172
- C:\Windows\System\UxjJPxI.exe
  C:\Windows\System\UxjJPxI.exe
  2⤵
  PID:5572
- C:\Windows\System\QClADGz.exe
  C:\Windows\System\QClADGz.exe
  2⤵
  PID:4576
- C:\Windows\System\yYZQCOB.exe
  C:\Windows\System\yYZQCOB.exe
  2⤵
  PID:6168
- C:\Windows\System\QoYiSLL.exe
  C:\Windows\System\QoYiSLL.exe
  2⤵
  PID:6372
- C:\Windows\System\wOwzKtB.exe
  C:\Windows\System\wOwzKtB.exe
  2⤵
  PID:6584
- C:\Windows\System\VVEQGXj.exe
  C:\Windows\System\VVEQGXj.exe
  2⤵
  PID:2612
- C:\Windows\System\PINmURG.exe
  C:\Windows\System\PINmURG.exe
  2⤵
  PID:6640
- C:\Windows\System\rkhoKsv.exe
  C:\Windows\System\rkhoKsv.exe
  2⤵
  PID:6900
- C:\Windows\System\nxXvwEV.exe
  C:\Windows\System\nxXvwEV.exe
  2⤵
  PID:7056
- C:\Windows\System\ptcPKAw.exe
  C:\Windows\System\ptcPKAw.exe
  2⤵
  PID:7156
- C:\Windows\System\oLhzQIp.exe
  C:\Windows\System\oLhzQIp.exe
  2⤵
  PID:7200
- C:\Windows\System\NIKmcWB.exe
  C:\Windows\System\NIKmcWB.exe
  2⤵
  PID:7232
- C:\Windows\System\suIGckB.exe
  C:\Windows\System\suIGckB.exe
  2⤵
  PID:7216
- C:\Windows\System\fFbzPIC.exe
  C:\Windows\System\fFbzPIC.exe
  2⤵
  PID:7256
- C:\Windows\System\BfaVuzp.exe
  C:\Windows\System\BfaVuzp.exe
  2⤵
  PID:7296
- C:\Windows\System\iSxNeLO.exe
  C:\Windows\System\iSxNeLO.exe
  2⤵
  PID:7360
- C:\Windows\System\YEQDmdg.exe
  C:\Windows\System\YEQDmdg.exe
  2⤵
  PID:7400
- C:\Windows\System\UWkcPOB.exe
  C:\Windows\System\UWkcPOB.exe
  2⤵
  PID:7412
- C:\Windows\System\rLgVqod.exe
  C:\Windows\System\rLgVqod.exe
  2⤵
  PID:7476
- C:\Windows\System\zmtENBc.exe
  C:\Windows\System\zmtENBc.exe
  2⤵
  PID:6272
- C:\Windows\System\ICPFTZi.exe
  C:\Windows\System\ICPFTZi.exe
  2⤵
  PID:7524
- C:\Windows\System\kTWhWOX.exe
  C:\Windows\System\kTWhWOX.exe
  2⤵
  PID:7556
- C:\Windows\System\fVbRnNl.exe
  C:\Windows\System\fVbRnNl.exe
  2⤵
  PID:7596
- C:\Windows\System\kUEyoQB.exe
  C:\Windows\System\kUEyoQB.exe
  2⤵
  PID:7640
- C:\Windows\System\ElUxFCx.exe
  C:\Windows\System\ElUxFCx.exe
  2⤵
  PID:7620
- C:\Windows\System\tpTaNWO.exe
  C:\Windows\System\tpTaNWO.exe
  2⤵
  PID:7664
- C:\Windows\System\YnWnVrG.exe
  C:\Windows\System\YnWnVrG.exe
  2⤵
  PID:7720
- C:\Windows\System\iPJvzuS.exe
  C:\Windows\System\iPJvzuS.exe
  2⤵
  PID:7744
- C:\Windows\System\BkHYjlu.exe
  C:\Windows\System\BkHYjlu.exe
  2⤵
  PID:7796
- C:\Windows\System\orTBrmT.exe
  C:\Windows\System\orTBrmT.exe
  2⤵
  PID:7816
- C:\Windows\System\OVKZUgP.exe
  C:\Windows\System\OVKZUgP.exe
  2⤵
  PID:7820
- C:\Windows\System\CcfzWws.exe
  C:\Windows\System\CcfzWws.exe
  2⤵
  PID:7856
- C:\Windows\System\ENNboEm.exe
  C:\Windows\System\ENNboEm.exe
  2⤵
  PID:7924
- C:\Windows\System\wHkcCPs.exe
  C:\Windows\System\wHkcCPs.exe
  2⤵
  PID:7956
- C:\Windows\System\OELreao.exe
  C:\Windows\System\OELreao.exe
  2⤵
  PID:7976
- C:\Windows\System\PSVKFNy.exe
  C:\Windows\System\PSVKFNy.exe
  2⤵
  PID:8000
- C:\Windows\System\dzhFTWp.exe
  C:\Windows\System\dzhFTWp.exe
  2⤵
  PID:8040
- C:\Windows\System\vpndXfX.exe
  C:\Windows\System\vpndXfX.exe
  2⤵
  PID:8088
- C:\Windows\System\azDovTO.exe
  C:\Windows\System\azDovTO.exe
  2⤵
  PID:8128
- C:\Windows\System\XuyAHDC.exe
  C:\Windows\System\XuyAHDC.exe
  2⤵
  PID:8124
- C:\Windows\System\soHioBf.exe
  C:\Windows\System\soHioBf.exe
  2⤵
  PID:8164
- C:\Windows\System\ENOAPSV.exe
  C:\Windows\System\ENOAPSV.exe
  2⤵
  PID:8188
- C:\Windows\System\quAJvxW.exe
  C:\Windows\System\quAJvxW.exe
  2⤵
  PID:6188
- C:\Windows\System\AAqVZAc.exe
  C:\Windows\System\AAqVZAc.exe
  2⤵
  PID:3960
- C:\Windows\System\TegHphF.exe
  C:\Windows\System\TegHphF.exe
  2⤵
  PID:6544
- C:\Windows\System\UATGhet.exe
  C:\Windows\System\UATGhet.exe
  2⤵
  PID:6636
- C:\Windows\System\LjxzATD.exe
  C:\Windows\System\LjxzATD.exe
  2⤵
  PID:6980
- C:\Windows\System\pdUuUag.exe
  C:\Windows\System\pdUuUag.exe
  2⤵
  PID:5192
- C:\Windows\System\soEoeSK.exe
  C:\Windows\System\soEoeSK.exe
  2⤵
  PID:7236
- C:\Windows\System\eqbdgCA.exe
  C:\Windows\System\eqbdgCA.exe
  2⤵
  PID:7212
- C:\Windows\System\tVIZLZl.exe
  C:\Windows\System\tVIZLZl.exe
  2⤵
  PID:7300
- C:\Windows\System\PAJZobC.exe
  C:\Windows\System\PAJZobC.exe
  2⤵
  PID:7376
- C:\Windows\System\yfBkIMl.exe
  C:\Windows\System\yfBkIMl.exe
  2⤵
  PID:7452
- C:\Windows\System\XNjbQKh.exe
  C:\Windows\System\XNjbQKh.exe
  2⤵
  PID:7552
- C:\Windows\System\lUMDMeC.exe
  C:\Windows\System\lUMDMeC.exe
  2⤵
  PID:7516
- C:\Windows\System\UmxldOk.exe
  C:\Windows\System\UmxldOk.exe
  2⤵
  PID:7540
- C:\Windows\System\xVWkIHG.exe
  C:\Windows\System\xVWkIHG.exe
  2⤵
  PID:7636
- C:\Windows\System\SjdpEUL.exe
  C:\Windows\System\SjdpEUL.exe
  2⤵
  PID:7756
- C:\Windows\System\qNUKcJI.exe
  C:\Windows\System\qNUKcJI.exe
  2⤵
  PID:7800
- C:\Windows\System\gXWTUnf.exe
  C:\Windows\System\gXWTUnf.exe
  2⤵
  PID:7764
- C:\Windows\System\GkGhGcf.exe
  C:\Windows\System\GkGhGcf.exe
  2⤵
  PID:2100
- C:\Windows\System\eFtEAQJ.exe
  C:\Windows\System\eFtEAQJ.exe
  2⤵
  PID:7860
- C:\Windows\System\LAlqNJi.exe
  C:\Windows\System\LAlqNJi.exe
  2⤵
  PID:7980
- C:\Windows\System\haxSron.exe
  C:\Windows\System\haxSron.exe
  2⤵
  PID:7960
- C:\Windows\System\yAchmyC.exe
  C:\Windows\System\yAchmyC.exe
  2⤵
  PID:8100
- C:\Windows\System\kfKpfMK.exe
  C:\Windows\System\kfKpfMK.exe
  2⤵
  PID:8108
- C:\Windows\System\iJIxdgj.exe
  C:\Windows\System\iJIxdgj.exe
  2⤵
  PID:8160
- C:\Windows\System\hPkNVPl.exe
  C:\Windows\System\hPkNVPl.exe
  2⤵
  PID:6408
- C:\Windows\System\kgNszqT.exe
  C:\Windows\System\kgNszqT.exe
  2⤵
  PID:6760
- C:\Windows\System\EsMbwWK.exe
  C:\Windows\System\EsMbwWK.exe
  2⤵
  PID:6516
- C:\Windows\System\rDIozHd.exe
  C:\Windows\System\rDIozHd.exe
  2⤵
  PID:7020
- C:\Windows\System\EiTfnMa.exe
  C:\Windows\System\EiTfnMa.exe
  2⤵
  PID:7220
- C:\Windows\System\nNzexsA.exe
  C:\Windows\System\nNzexsA.exe
  2⤵
  PID:7292
- C:\Windows\System\uvtddmh.exe
  C:\Windows\System\uvtddmh.exe
  2⤵
  PID:7416
- C:\Windows\System\tnazjCS.exe
  C:\Windows\System\tnazjCS.exe
  2⤵
  PID:8084
- C:\Windows\System\ObiQqFQ.exe
  C:\Windows\System\ObiQqFQ.exe
  2⤵
  PID:7616
- C:\Windows\System\GZKDedV.exe
  C:\Windows\System\GZKDedV.exe
  2⤵
  PID:7704
- C:\Windows\System\AGvlnMf.exe
  C:\Windows\System\AGvlnMf.exe
  2⤵
  PID:7716
- C:\Windows\System\pVBNYeR.exe
  C:\Windows\System\pVBNYeR.exe
  2⤵
  PID:7884
- C:\Windows\System\ZvOINkd.exe
  C:\Windows\System\ZvOINkd.exe
  2⤵
  PID:8056
- C:\Windows\System\YpErGFN.exe
  C:\Windows\System\YpErGFN.exe
  2⤵
  PID:2736
- C:\Windows\System\forgNrB.exe
  C:\Windows\System\forgNrB.exe
  2⤵
  PID:8104
- C:\Windows\System\xjghpKh.exe
  C:\Windows\System\xjghpKh.exe
  2⤵
  PID:4676
- C:\Windows\System\IzQjChT.exe
  C:\Windows\System\IzQjChT.exe
  2⤵
  PID:7172
- C:\Windows\System\EbCezax.exe
  C:\Windows\System\EbCezax.exe
  2⤵
  PID:1852
- C:\Windows\System\MYawdox.exe
  C:\Windows\System\MYawdox.exe
  2⤵
  PID:7392
- C:\Windows\System\qinKMSM.exe
  C:\Windows\System\qinKMSM.exe
  2⤵
  PID:8212
- C:\Windows\System\LVWVqvr.exe
  C:\Windows\System\LVWVqvr.exe
  2⤵
  PID:8232
- C:\Windows\System\NDzuVtV.exe
  C:\Windows\System\NDzuVtV.exe
  2⤵
  PID:8252
- C:\Windows\System\cAJumyu.exe
  C:\Windows\System\cAJumyu.exe
  2⤵
  PID:8272
- C:\Windows\System\MfsjRhL.exe
  C:\Windows\System\MfsjRhL.exe
  2⤵
  PID:8292
- C:\Windows\System\MZYeddz.exe
  C:\Windows\System\MZYeddz.exe
  2⤵
  PID:8312
- C:\Windows\System\CCeAjYr.exe
  C:\Windows\System\CCeAjYr.exe
  2⤵
  PID:8332
- C:\Windows\System\jCViDbR.exe
  C:\Windows\System\jCViDbR.exe
  2⤵
  PID:8352
- C:\Windows\System\GaPUdqo.exe
  C:\Windows\System\GaPUdqo.exe
  2⤵
  PID:8372
- C:\Windows\System\oJZbOuu.exe
  C:\Windows\System\oJZbOuu.exe
  2⤵
  PID:8388
- C:\Windows\System\rzwtGpH.exe
  C:\Windows\System\rzwtGpH.exe
  2⤵
  PID:8408
- C:\Windows\System\ZirKbxe.exe
  C:\Windows\System\ZirKbxe.exe
  2⤵
  PID:8432
- C:\Windows\System\zZgNDUc.exe
  C:\Windows\System\zZgNDUc.exe
  2⤵
  PID:8452
- C:\Windows\System\uBpnwPg.exe
  C:\Windows\System\uBpnwPg.exe
  2⤵
  PID:8472
- C:\Windows\System\bmAJHgq.exe
  C:\Windows\System\bmAJHgq.exe
  2⤵
  PID:8496
- C:\Windows\System\PjNWwml.exe
  C:\Windows\System\PjNWwml.exe
  2⤵
  PID:8516
- C:\Windows\System\uZDSjkD.exe
  C:\Windows\System\uZDSjkD.exe
  2⤵
  PID:8536
- C:\Windows\System\GDatnYA.exe
  C:\Windows\System\GDatnYA.exe
  2⤵
  PID:8552
- C:\Windows\System\DFLBZvX.exe
  C:\Windows\System\DFLBZvX.exe
  2⤵
  PID:8572
- C:\Windows\System\gbewGta.exe
  C:\Windows\System\gbewGta.exe
  2⤵
  PID:8592
- C:\Windows\System\mrpsDOM.exe
  C:\Windows\System\mrpsDOM.exe
  2⤵
  PID:8616
- C:\Windows\System\dpznVCF.exe
  C:\Windows\System\dpznVCF.exe
  2⤵
  PID:8636
- C:\Windows\System\SIHohIf.exe
  C:\Windows\System\SIHohIf.exe
  2⤵
  PID:8656
- C:\Windows\System\tHrcOYL.exe
  C:\Windows\System\tHrcOYL.exe
  2⤵
  PID:8676
- C:\Windows\System\ONCuqTL.exe
  C:\Windows\System\ONCuqTL.exe
  2⤵
  PID:8700
- C:\Windows\System\DrVNTRN.exe
  C:\Windows\System\DrVNTRN.exe
  2⤵
  PID:8716
- C:\Windows\System\UAjKEuK.exe
  C:\Windows\System\UAjKEuK.exe
  2⤵
  PID:8732
- C:\Windows\System\KcPyvml.exe
  C:\Windows\System\KcPyvml.exe
  2⤵
  PID:8748
- C:\Windows\System\hJVrMjx.exe
  C:\Windows\System\hJVrMjx.exe
  2⤵
  PID:8764
- C:\Windows\System\zOLHZku.exe
  C:\Windows\System\zOLHZku.exe
  2⤵
  PID:8780
- C:\Windows\System\tefIXKM.exe
  C:\Windows\System\tefIXKM.exe
  2⤵
  PID:8796
- C:\Windows\System\hxYzpAC.exe
  C:\Windows\System\hxYzpAC.exe
  2⤵
  PID:8812
- C:\Windows\System\EQNlHBX.exe
  C:\Windows\System\EQNlHBX.exe
  2⤵
  PID:8828
- C:\Windows\System\tCpKxNt.exe
  C:\Windows\System\tCpKxNt.exe
  2⤵
  PID:8844
- C:\Windows\System\cBFuwAw.exe
  C:\Windows\System\cBFuwAw.exe
  2⤵
  PID:8860
- C:\Windows\System\YGuMkFX.exe
  C:\Windows\System\YGuMkFX.exe
  2⤵
  PID:8876
- C:\Windows\System\BOOicei.exe
  C:\Windows\System\BOOicei.exe
  2⤵
  PID:8900
- C:\Windows\System\yQLDvqK.exe
  C:\Windows\System\yQLDvqK.exe
  2⤵
  PID:8920
- C:\Windows\System\JUPeAyt.exe
  C:\Windows\System\JUPeAyt.exe
  2⤵
  PID:8936
- C:\Windows\System\HZQtYMR.exe
  C:\Windows\System\HZQtYMR.exe
  2⤵
  PID:8956
- C:\Windows\System\SFBkqRL.exe
  C:\Windows\System\SFBkqRL.exe
  2⤵
  PID:8972
- C:\Windows\System\qULyvoO.exe
  C:\Windows\System\qULyvoO.exe
  2⤵
  PID:8988
- C:\Windows\System\idxRTsD.exe
  C:\Windows\System\idxRTsD.exe
  2⤵
  PID:9004
- C:\Windows\System\GgyoOSq.exe
  C:\Windows\System\GgyoOSq.exe
  2⤵
  PID:9020
- C:\Windows\System\qSXVBHv.exe
  C:\Windows\System\qSXVBHv.exe
  2⤵
  PID:9036
- C:\Windows\System\vVIVsmk.exe
  C:\Windows\System\vVIVsmk.exe
  2⤵
  PID:9096
- C:\Windows\System\JQHDrKw.exe
  C:\Windows\System\JQHDrKw.exe
  2⤵
  PID:9116
- C:\Windows\System\NxvWUVk.exe
  C:\Windows\System\NxvWUVk.exe
  2⤵
  PID:9160
- C:\Windows\System\rDhfxfk.exe
  C:\Windows\System\rDhfxfk.exe
  2⤵
  PID:9180
- C:\Windows\System\UCVaqhY.exe
  C:\Windows\System\UCVaqhY.exe
  2⤵
  PID:9204
- C:\Windows\System\pMvQCmd.exe
  C:\Windows\System\pMvQCmd.exe
  2⤵
  PID:7432
- C:\Windows\System\VxJfoDm.exe
  C:\Windows\System\VxJfoDm.exe
  2⤵
  PID:7536
- C:\Windows\System\VhzqTxV.exe
  C:\Windows\System\VhzqTxV.exe
  2⤵
  PID:2328
- C:\Windows\System\MmUXnvL.exe
  C:\Windows\System\MmUXnvL.exe
  2⤵
  PID:2104
- C:\Windows\System\KNiqjrW.exe
  C:\Windows\System\KNiqjrW.exe
  2⤵
  PID:6432
- C:\Windows\System\wibDJMO.exe
  C:\Windows\System\wibDJMO.exe
  2⤵
  PID:8240
- C:\Windows\System\CbVaeXl.exe
  C:\Windows\System\CbVaeXl.exe
  2⤵
  PID:8248
- C:\Windows\System\XGTaZOu.exe
  C:\Windows\System\XGTaZOu.exe
  2⤵
  PID:8308
- C:\Windows\System\mJdPCJo.exe
  C:\Windows\System\mJdPCJo.exe
  2⤵
  PID:8320
- C:\Windows\System\wgYPJLZ.exe
  C:\Windows\System\wgYPJLZ.exe
  2⤵
  PID:8344
- C:\Windows\System\TGrdBEY.exe
  C:\Windows\System\TGrdBEY.exe
  2⤵
  PID:8360
- C:\Windows\System\LpecDou.exe
  C:\Windows\System\LpecDou.exe
  2⤵
  PID:8368
- C:\Windows\System\ZaDyZlT.exe
  C:\Windows\System\ZaDyZlT.exe
  2⤵
  PID:8420
- C:\Windows\System\HcimUrx.exe
  C:\Windows\System\HcimUrx.exe
  2⤵
  PID:8440
- C:\Windows\System\aIaFkdP.exe
  C:\Windows\System\aIaFkdP.exe
  2⤵
  PID:8512
- C:\Windows\System\hsZcFvD.exe
  C:\Windows\System\hsZcFvD.exe
  2⤵
  PID:8524
- C:\Windows\System\MzyraUb.exe
  C:\Windows\System\MzyraUb.exe
  2⤵
  PID:8548
- C:\Windows\System\FsBHBke.exe
  C:\Windows\System\FsBHBke.exe
  2⤵
  PID:8568
- C:\Windows\System\vVuTSNJ.exe
  C:\Windows\System\vVuTSNJ.exe
  2⤵
  PID:8600
- C:\Windows\System\fVaveQs.exe
  C:\Windows\System\fVaveQs.exe
  2⤵
  PID:8632
- C:\Windows\System\VgMSedr.exe
  C:\Windows\System\VgMSedr.exe
  2⤵
  PID:8672
- C:\Windows\System\IIAnYiS.exe
  C:\Windows\System\IIAnYiS.exe
  2⤵
  PID:8648
- C:\Windows\System\QQCKmEh.exe
  C:\Windows\System\QQCKmEh.exe
  2⤵
  PID:8852
- C:\Windows\System\BAvXXwf.exe
  C:\Windows\System\BAvXXwf.exe
  2⤵
  PID:8856
- C:\Windows\System\RHCvtqu.exe
  C:\Windows\System\RHCvtqu.exe
  2⤵
  PID:2456
- C:\Windows\System\bGMeHqw.exe
  C:\Windows\System\bGMeHqw.exe
  2⤵
  PID:8916
- C:\Windows\System\wgafWQI.exe
  C:\Windows\System\wgafWQI.exe
  2⤵
  PID:2828
- C:\Windows\System\jAjLFon.exe
  C:\Windows\System\jAjLFon.exe
  2⤵
  PID:8952
- C:\Windows\System\TWqOalU.exe
  C:\Windows\System\TWqOalU.exe
  2⤵
  PID:8984
- C:\Windows\System\CfDexBu.exe
  C:\Windows\System\CfDexBu.exe
  2⤵
  PID:9016
- C:\Windows\System\zXdTfgQ.exe
  C:\Windows\System\zXdTfgQ.exe
  2⤵
  PID:9044
- C:\Windows\System\nziCZFg.exe
  C:\Windows\System\nziCZFg.exe
  2⤵
  PID:2876
- C:\Windows\System\dFXLEPR.exe
  C:\Windows\System\dFXLEPR.exe
  2⤵
  PID:3436
- C:\Windows\System\xmhqUbv.exe
  C:\Windows\System\xmhqUbv.exe
  2⤵
  PID:9080
- C:\Windows\System\WvaXPIE.exe
  C:\Windows\System\WvaXPIE.exe
  2⤵
  PID:2644
- C:\Windows\System\EqqEgPF.exe
  C:\Windows\System\EqqEgPF.exe
  2⤵
  PID:1892
- C:\Windows\System\SKULYmd.exe
  C:\Windows\System\SKULYmd.exe
  2⤵
  PID:1772
- C:\Windows\System\VUPSoXz.exe
  C:\Windows\System\VUPSoXz.exe
  2⤵
  PID:9092
- C:\Windows\System\qwSdMqH.exe
  C:\Windows\System\qwSdMqH.exe
  2⤵
  PID:9128
- C:\Windows\System\xIqjzWr.exe
  C:\Windows\System\xIqjzWr.exe
  2⤵
  PID:9144
- C:\Windows\System\sXuILHI.exe
  C:\Windows\System\sXuILHI.exe
  2⤵
  PID:2976
- C:\Windows\System\EdKtpBr.exe
  C:\Windows\System\EdKtpBr.exe
  2⤵
  PID:9108
- C:\Windows\System\LDbpHtS.exe
  C:\Windows\System\LDbpHtS.exe
  2⤵
  PID:2428
- C:\Windows\System\gIwvOgx.exe
  C:\Windows\System\gIwvOgx.exe
  2⤵
  PID:7760
- C:\Windows\System\dQjfRjX.exe
  C:\Windows\System\dQjfRjX.exe
  2⤵
  PID:1716
- C:\Windows\System\qsewPDF.exe
  C:\Windows\System\qsewPDF.exe
  2⤵
  PID:2452
- C:\Windows\System\BcRxcws.exe
  C:\Windows\System\BcRxcws.exe
  2⤵
  PID:2704
- C:\Windows\System\tdFWXew.exe
  C:\Windows\System\tdFWXew.exe
  2⤵
  PID:2980
- C:\Windows\System\LitDOun.exe
  C:\Windows\System\LitDOun.exe
  2⤵
  PID:8224
- C:\Windows\System\TihonEP.exe
  C:\Windows\System\TihonEP.exe
  2⤵
  PID:8284
- C:\Windows\System\AVoheMN.exe
  C:\Windows\System\AVoheMN.exe
  2⤵
  PID:8396
- C:\Windows\System\aqWRefQ.exe
  C:\Windows\System\aqWRefQ.exe
  2⤵
  PID:8328
- C:\Windows\System\ABNcYvw.exe
  C:\Windows\System\ABNcYvw.exe
  2⤵
  PID:9084
- C:\Windows\System\skvKiZX.exe
  C:\Windows\System\skvKiZX.exe
  2⤵
  PID:8608
- C:\Windows\System\uLfZyfc.exe
  C:\Windows\System\uLfZyfc.exe
  2⤵
  PID:8348
- C:\Windows\System\voJVtdI.exe
  C:\Windows\System\voJVtdI.exe
  2⤵
  PID:8492
- C:\Windows\System\GxVhUyt.exe
  C:\Windows\System\GxVhUyt.exe
  2⤵
  PID:8564
- C:\Windows\System\wmQgUWG.exe
  C:\Windows\System\wmQgUWG.exe
  2⤵
  PID:3120
- C:\Windows\System\AhzNCOR.exe
  C:\Windows\System\AhzNCOR.exe
  2⤵
  PID:8772
- C:\Windows\System\CpFrpgm.exe
  C:\Windows\System\CpFrpgm.exe
  2⤵
  PID:8740
- C:\Windows\System\rkgXJwS.exe
  C:\Windows\System\rkgXJwS.exe
  2⤵
  PID:8996
- C:\Windows\System\ihLIspT.exe
  C:\Windows\System\ihLIspT.exe
  2⤵
  PID:2564
- C:\Windows\System\hcoQSmj.exe
  C:\Windows\System\hcoQSmj.exe
  2⤵
  PID:8808
- C:\Windows\System\gBXhqKH.exe
  C:\Windows\System\gBXhqKH.exe
  2⤵
  PID:8792
- C:\Windows\System\jRHahXI.exe
  C:\Windows\System\jRHahXI.exe
  2⤵
  PID:2640
- C:\Windows\System\YtCIanM.exe
  C:\Windows\System\YtCIanM.exe
  2⤵
  PID:584
- C:\Windows\System\IvZcXZO.exe
  C:\Windows\System\IvZcXZO.exe
  2⤵
  PID:2588
- C:\Windows\System\cOQoUbF.exe
  C:\Windows\System\cOQoUbF.exe
  2⤵
  PID:1912
- C:\Windows\System\SiQKPJy.exe
  C:\Windows\System\SiQKPJy.exe
  2⤵
  PID:8968
- C:\Windows\System\wtDpchb.exe
  C:\Windows\System\wtDpchb.exe
  2⤵
  PID:1712
- C:\Windows\System\sjckzXN.exe
  C:\Windows\System\sjckzXN.exe
  2⤵
  PID:9196
- C:\Windows\System\UFscOFe.exe
  C:\Windows\System\UFscOFe.exe
  2⤵
  PID:9212
- C:\Windows\System\bkajEKx.exe
  C:\Windows\System\bkajEKx.exe
  2⤵
  PID:2004
- C:\Windows\System\isLfdOB.exe
  C:\Windows\System\isLfdOB.exe
  2⤵
  PID:7680
- C:\Windows\System\HsLxGSt.exe
  C:\Windows\System\HsLxGSt.exe
  2⤵
  PID:7584
- C:\Windows\System\PoyLLlu.exe
  C:\Windows\System\PoyLLlu.exe
  2⤵
  PID:7952
- C:\Windows\System\EhSnPzO.exe
  C:\Windows\System\EhSnPzO.exe
  2⤵
  PID:6256
- C:\Windows\System\tzVgBOL.exe
  C:\Windows\System\tzVgBOL.exe
  2⤵
  PID:8004
- C:\Windows\System\gnetLnz.exe
  C:\Windows\System\gnetLnz.exe
  2⤵
  PID:8300
- C:\Windows\System\PBXyGQk.exe
  C:\Windows\System\PBXyGQk.exe
  2⤵
  PID:8228
- C:\Windows\System\aitsAIM.exe
  C:\Windows\System\aitsAIM.exe
  2⤵
  PID:8584
- C:\Windows\System\igUKMVq.exe
  C:\Windows\System\igUKMVq.exe
  2⤵
  PID:2972
- C:\Windows\System\FCEaMFO.exe
  C:\Windows\System\FCEaMFO.exe
  2⤵
  PID:8504
- C:\Windows\System\AwKZexI.exe
  C:\Windows\System\AwKZexI.exe
  2⤵
  PID:8948
- C:\Windows\System\hXclYNw.exe
  C:\Windows\System\hXclYNw.exe
  2⤵
  PID:8912
- C:\Windows\System\cEfvKBA.exe
  C:\Windows\System\cEfvKBA.exe
  2⤵
  PID:9140
- C:\Windows\System\yjDBhPu.exe
  C:\Windows\System\yjDBhPu.exe
  2⤵
  PID:8892
- C:\Windows\System\VlZeNDK.exe
  C:\Windows\System\VlZeNDK.exe
  2⤵
  PID:3024
- C:\Windows\System\iOtMxJY.exe
  C:\Windows\System\iOtMxJY.exe
  2⤵
  PID:1168
- C:\Windows\System\SyanjZC.exe
  C:\Windows\System\SyanjZC.exe
  2⤵
  PID:9172
- C:\Windows\System\kLXRRLR.exe
  C:\Windows\System\kLXRRLR.exe
  2⤵
  PID:2248
- C:\Windows\System\NkYkWWF.exe
  C:\Windows\System\NkYkWWF.exe
  2⤵
  PID:7440
- C:\Windows\System\MCxucIG.exe
  C:\Windows\System\MCxucIG.exe
  2⤵
  PID:8032
- C:\Windows\System\cioCBqp.exe
  C:\Windows\System\cioCBqp.exe
  2⤵
  PID:7176
- C:\Windows\System\SyNMCet.exe
  C:\Windows\System\SyNMCet.exe
  2⤵
  PID:2752
- C:\Windows\System\VBHKrCD.exe
  C:\Windows\System\VBHKrCD.exe
  2⤵
  PID:9032
- C:\Windows\System\nsUhvPd.exe
  C:\Windows\System\nsUhvPd.exe
  2⤵
  PID:8268
- C:\Windows\System\jBSZCgM.exe
  C:\Windows\System\jBSZCgM.exe
  2⤵
  PID:8324
- C:\Windows\System\VRnJMKu.exe
  C:\Windows\System\VRnJMKu.exe
  2⤵
  PID:8484
- C:\Windows\System\cMEZiTC.exe
  C:\Windows\System\cMEZiTC.exe
  2⤵
  PID:1216
- C:\Windows\System\vtXsWfs.exe
  C:\Windows\System\vtXsWfs.exe
  2⤵
  PID:8588
- C:\Windows\System\RAvvAOS.exe
  C:\Windows\System\RAvvAOS.exe
  2⤵
  PID:7940
- C:\Windows\System\bIznUDv.exe
  C:\Windows\System\bIznUDv.exe
  2⤵
  PID:1624
- C:\Windows\System\aEPdVXn.exe
  C:\Windows\System\aEPdVXn.exe
  2⤵
  PID:7252
- C:\Windows\System\XhRFYog.exe
  C:\Windows\System\XhRFYog.exe
  2⤵
  PID:3844
- C:\Windows\System\KkCWaTh.exe
  C:\Windows\System\KkCWaTh.exe
  2⤵
  PID:1924
- C:\Windows\System\tkwiPMW.exe
  C:\Windows\System\tkwiPMW.exe
  2⤵
  PID:1476
- C:\Windows\System\aLjgpXt.exe
  C:\Windows\System\aLjgpXt.exe
  2⤵
  PID:8744
- C:\Windows\System\Wkiyiqh.exe
  C:\Windows\System\Wkiyiqh.exe
  2⤵
  PID:8560
- C:\Windows\System\GaEUWHb.exe
  C:\Windows\System\GaEUWHb.exe
  2⤵
  PID:832
- C:\Windows\System\PhaGIdC.exe
  C:\Windows\System\PhaGIdC.exe
  2⤵
  PID:9220
- C:\Windows\System\QyiyuaZ.exe
  C:\Windows\System\QyiyuaZ.exe
  2⤵
  PID:9236
- C:\Windows\System\xrAPwsl.exe
  C:\Windows\System\xrAPwsl.exe
  2⤵
  PID:9264
- C:\Windows\System\bbqplzP.exe
  C:\Windows\System\bbqplzP.exe
  2⤵
  PID:9284
- C:\Windows\System\xvvhFCf.exe
  C:\Windows\System\xvvhFCf.exe
  2⤵
  PID:9300
- C:\Windows\System\MkmYfXn.exe
  C:\Windows\System\MkmYfXn.exe
  2⤵
  PID:9316
- C:\Windows\System\oWqAIiH.exe
  C:\Windows\System\oWqAIiH.exe
  2⤵
  PID:9332
- C:\Windows\System\gtWWtyq.exe
  C:\Windows\System\gtWWtyq.exe
  2⤵
  PID:9348
- C:\Windows\System\IqfmBwm.exe
  C:\Windows\System\IqfmBwm.exe
  2⤵
  PID:9372
- C:\Windows\System\CrEUgiQ.exe
  C:\Windows\System\CrEUgiQ.exe
  2⤵
  PID:9388
- C:\Windows\System\MEvMrgm.exe
  C:\Windows\System\MEvMrgm.exe
  2⤵
  PID:9408
- C:\Windows\System\ANnzdkO.exe
  C:\Windows\System\ANnzdkO.exe
  2⤵
  PID:9424
- C:\Windows\System\uCuwwyC.exe
  C:\Windows\System\uCuwwyC.exe
  2⤵
  PID:9444
- C:\Windows\System\rtkPxsl.exe
  C:\Windows\System\rtkPxsl.exe
  2⤵
  PID:9460
- C:\Windows\System\usOqvtU.exe
  C:\Windows\System\usOqvtU.exe
  2⤵
  PID:9476
- C:\Windows\System\hIXOueV.exe
  C:\Windows\System\hIXOueV.exe
  2⤵
  PID:9492
- C:\Windows\System\tlKPeoj.exe
  C:\Windows\System\tlKPeoj.exe
  2⤵
  PID:9508
- C:\Windows\System\CbufsJs.exe
  C:\Windows\System\CbufsJs.exe
  2⤵
  PID:9556
- C:\Windows\System\IpsrNGZ.exe
  C:\Windows\System\IpsrNGZ.exe
  2⤵
  PID:9572
- C:\Windows\System\tsWmbFh.exe
  C:\Windows\System\tsWmbFh.exe
  2⤵
  PID:9588
- C:\Windows\System\nOmauBd.exe
  C:\Windows\System\nOmauBd.exe
  2⤵
  PID:9604
- C:\Windows\System\gWCrDac.exe
  C:\Windows\System\gWCrDac.exe
  2⤵
  PID:9620
- C:\Windows\System\gANjncX.exe
  C:\Windows\System\gANjncX.exe
  2⤵
  PID:9636
- C:\Windows\System\vuPCUSm.exe
  C:\Windows\System\vuPCUSm.exe
  2⤵
  PID:9652
- C:\Windows\System\kTVITyh.exe
  C:\Windows\System\kTVITyh.exe
  2⤵
  PID:9668
- C:\Windows\System\BhCiEMr.exe
  C:\Windows\System\BhCiEMr.exe
  2⤵
  PID:9688
- C:\Windows\System\MVDaTIY.exe
  C:\Windows\System\MVDaTIY.exe
  2⤵
  PID:9712
- C:\Windows\System\BpRMUDF.exe
  C:\Windows\System\BpRMUDF.exe
  2⤵
  PID:9728
- C:\Windows\System\igvZVyv.exe
  C:\Windows\System\igvZVyv.exe
  2⤵
  PID:9744
- C:\Windows\System\bjnXPxG.exe
  C:\Windows\System\bjnXPxG.exe
  2⤵
  PID:9768
- C:\Windows\System\nlbVPzx.exe
  C:\Windows\System\nlbVPzx.exe
  2⤵
  PID:9796
- C:\Windows\System\HgxaHxw.exe
  C:\Windows\System\HgxaHxw.exe
  2⤵
  PID:9812
- C:\Windows\System\mqtHdHe.exe
  C:\Windows\System\mqtHdHe.exe
  2⤵
  PID:9864
- C:\Windows\System\TKxIvBQ.exe
  C:\Windows\System\TKxIvBQ.exe
  2⤵
  PID:9880
- C:\Windows\System\AAhkHhG.exe
  C:\Windows\System\AAhkHhG.exe
  2⤵
  PID:9896
- C:\Windows\System\taMOClK.exe
  C:\Windows\System\taMOClK.exe
  2⤵
  PID:9912
- C:\Windows\System\ONfZPhZ.exe
  C:\Windows\System\ONfZPhZ.exe
  2⤵
  PID:9928
- C:\Windows\System\ulLJKcx.exe
  C:\Windows\System\ulLJKcx.exe
  2⤵
  PID:9944
- C:\Windows\System\KTxyhYs.exe
  C:\Windows\System\KTxyhYs.exe
  2⤵
  PID:9960
- C:\Windows\System\srWzdAB.exe
  C:\Windows\System\srWzdAB.exe
  2⤵
  PID:9976
- C:\Windows\System\uirhQej.exe
  C:\Windows\System\uirhQej.exe
  2⤵
  PID:9992
- C:\Windows\System\IGUowaP.exe
  C:\Windows\System\IGUowaP.exe
  2⤵
  PID:10016
- C:\Windows\System\mctBGgb.exe
  C:\Windows\System\mctBGgb.exe
  2⤵
  PID:10044
- C:\Windows\System\afveBHo.exe
  C:\Windows\System\afveBHo.exe
  2⤵
  PID:10060
- C:\Windows\System\EslCCAw.exe
  C:\Windows\System\EslCCAw.exe
  2⤵
  PID:10076
- C:\Windows\System\wgaWack.exe
  C:\Windows\System\wgaWack.exe
  2⤵
  PID:10092
- C:\Windows\System\SvPDCHE.exe
  C:\Windows\System\SvPDCHE.exe
  2⤵
  PID:10108
- C:\Windows\System\hMyuVWJ.exe
  C:\Windows\System\hMyuVWJ.exe
  2⤵
  PID:10124
- C:\Windows\System\WFzgrfD.exe
  C:\Windows\System\WFzgrfD.exe
  2⤵
  PID:10144
- C:\Windows\System\hirOHlT.exe
  C:\Windows\System\hirOHlT.exe
  2⤵
  PID:10160
- C:\Windows\System\vtwqccH.exe
  C:\Windows\System\vtwqccH.exe
  2⤵
  PID:10192
- C:\Windows\System\COQqTIy.exe
  C:\Windows\System\COQqTIy.exe
  2⤵
  PID:10212
- C:\Windows\System\uqRXHgH.exe
  C:\Windows\System\uqRXHgH.exe
  2⤵
  PID:10228
- C:\Windows\System\tbrFDlb.exe
  C:\Windows\System\tbrFDlb.exe
  2⤵
  PID:9228
- C:\Windows\System\ZZUbLqL.exe
  C:\Windows\System\ZZUbLqL.exe
  2⤵
  PID:9124
- C:\Windows\System\XqvAgtC.exe
  C:\Windows\System\XqvAgtC.exe
  2⤵
  PID:9256
- C:\Windows\System\BMruTMX.exe
  C:\Windows\System\BMruTMX.exe
  2⤵
  PID:9280
- C:\Windows\System\hmgzDlG.exe
  C:\Windows\System\hmgzDlG.exe
  2⤵
  PID:9380
- C:\Windows\System\BSsKRyu.exe
  C:\Windows\System\BSsKRyu.exe
  2⤵
  PID:9452
- C:\Windows\System\CDkNKYo.exe
  C:\Windows\System\CDkNKYo.exe
  2⤵
  PID:9484
- C:\Windows\System\ikSsEnU.exe
  C:\Windows\System\ikSsEnU.exe
  2⤵
  PID:9540
- C:\Windows\System\CHATYol.exe
  C:\Windows\System\CHATYol.exe
  2⤵
  PID:9364
- C:\Windows\System\MACUGIo.exe
  C:\Windows\System\MACUGIo.exe
  2⤵
  PID:9396
- C:\Windows\System\lLqADPW.exe
  C:\Windows\System\lLqADPW.exe
  2⤵
  PID:9360
- C:\Windows\System\eieFExX.exe
  C:\Windows\System\eieFExX.exe
  2⤵
  PID:9432
- C:\Windows\System\FJmCmgc.exe
  C:\Windows\System\FJmCmgc.exe
  2⤵
  PID:9472
- C:\Windows\System\uCvTgDg.exe
  C:\Windows\System\uCvTgDg.exe
  2⤵
  PID:9752
- C:\Windows\System\sYllrwI.exe
  C:\Windows\System\sYllrwI.exe
  2⤵
  PID:9776
- C:\Windows\System\OoVXlZD.exe
  C:\Windows\System\OoVXlZD.exe
  2⤵
  PID:9804
- C:\Windows\System\uvldgyy.exe
  C:\Windows\System\uvldgyy.exe
  2⤵
  PID:9828
- C:\Windows\System\CIVavcJ.exe
  C:\Windows\System\CIVavcJ.exe
  2⤵
  PID:9848
- C:\Windows\System\rhtCNcU.exe
  C:\Windows\System\rhtCNcU.exe
  2⤵
  PID:9872
- C:\Windows\System\adRWvob.exe
  C:\Windows\System\adRWvob.exe
  2⤵
  PID:9936
- C:\Windows\System\dhynLkK.exe
  C:\Windows\System\dhynLkK.exe
  2⤵
  PID:9952
- C:\Windows\System\WpcLqDF.exe
  C:\Windows\System\WpcLqDF.exe
  2⤵
  PID:9972
- C:\Windows\System\FURWxpy.exe
  C:\Windows\System\FURWxpy.exe
  2⤵
  PID:10028
- C:\Windows\System\CCqPzfQ.exe
  C:\Windows\System\CCqPzfQ.exe
  2⤵
  PID:10000
- C:\Windows\System\wOtgdDz.exe
  C:\Windows\System\wOtgdDz.exe
  2⤵
  PID:10056
- C:\Windows\System\nKfhUhe.exe
  C:\Windows\System\nKfhUhe.exe
  2⤵
  PID:10088
- C:\Windows\System\oBjrVDB.exe
  C:\Windows\System\oBjrVDB.exe
  2⤵
  PID:10116
- C:\Windows\System\puxbxYq.exe
  C:\Windows\System\puxbxYq.exe
  2⤵
  PID:10132
- C:\Windows\System\gTAlGTg.exe
  C:\Windows\System\gTAlGTg.exe
  2⤵
  PID:10172
- C:\Windows\System\YgcUmBM.exe
  C:\Windows\System\YgcUmBM.exe
  2⤵
  PID:10204
- C:\Windows\System\exoiMZa.exe
  C:\Windows\System\exoiMZa.exe
  2⤵
  PID:10236
- C:\Windows\System\YMQUlqq.exe
  C:\Windows\System\YMQUlqq.exe
  2⤵
  PID:9312
- C:\Windows\System\RjiDCvT.exe
  C:\Windows\System\RjiDCvT.exe
  2⤵
  PID:9524
- C:\Windows\System\LOzHxHc.exe
  C:\Windows\System\LOzHxHc.exe
  2⤵
  PID:9532
- C:\Windows\System\xhfLVgU.exe
  C:\Windows\System\xhfLVgU.exe
  2⤵
  PID:9400
- C:\Windows\System\hLsaCoJ.exe
  C:\Windows\System\hLsaCoJ.exe
  2⤵
  PID:9504
- C:\Windows\System\wdnwbEX.exe
  C:\Windows\System\wdnwbEX.exe
  2⤵
  PID:9568
- C:\Windows\System\zoEtvrd.exe
  C:\Windows\System\zoEtvrd.exe
  2⤵
  PID:9680
- C:\Windows\System\BOMvqCJ.exe
  C:\Windows\System\BOMvqCJ.exe
  2⤵
  PID:9600
- C:\Windows\System\lbqUIVo.exe
  C:\Windows\System\lbqUIVo.exe
  2⤵
  PID:9664
- C:\Windows\System\BbvZxgF.exe
  C:\Windows\System\BbvZxgF.exe
  2⤵
  PID:9708
- C:\Windows\System\sxbKbnY.exe
  C:\Windows\System\sxbKbnY.exe
  2⤵
  PID:9760
- C:\Windows\System\DwhcqKq.exe
  C:\Windows\System\DwhcqKq.exe
  2⤵
  PID:9836
- C:\Windows\System\iWCHiCu.exe
  C:\Windows\System\iWCHiCu.exe
  2⤵
  PID:8788
- C:\Windows\System\zRsGCna.exe
  C:\Windows\System\zRsGCna.exe
  2⤵
  PID:9892
- C:\Windows\System\NAsQQSn.exe
  C:\Windows\System\NAsQQSn.exe
  2⤵
  PID:10008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CLXkkjr.exe

Filesize
6.0MB

MD5
a0c13b7728ace4c67b35fdf179ccbe9f

SHA1
99a592bd7cd5b80d995d3475bf4a4c2e59ba0bb5

SHA256
bf81d487a390b907a3444320c776c190debacaf39a82835fb070a62e55d1aca1

SHA512
a7655bf4ba4e6cfa7aca312aeff58d784c06b54698af07b055a4a73a383b30d7e68b6297e51f0f60b46bc88685ee0f28939d25c66aa265904bd01fdba22baba0

Download Submit
C:\Windows\system\GvTIECe.exe

Filesize
6.0MB

MD5
6c6dcf868d13957726ccd6e6d85930bf

SHA1
796a26813898519fb85dd0a3dbd67f0d65f8cbb3

SHA256
07a30de582779973b6ef0ef177ab15253b978e36e89661d4a5dba8f9e8d6f99e

SHA512
38cae0b0255d41122c99ae5d342d6d5468f85902b7efa9e43685fd3911243316211dba9badedc94c32e93afba3016750bb7d5601eba12dce945b091837398a32

Download Submit
C:\Windows\system\OBIRzMl.exe

Filesize
6.0MB

MD5
d10c63fb2b76deaa413bc785abcf7a05

SHA1
df05e45edac39f19847dcef2dddc5dbd6bc3abf7

SHA256
2c37ec6044a07e6898a4f939744589d0785011052f8e56c9c6bae29486c1221d

SHA512
c56e5eca5088d602a33cbe83cb20ff7d311e155de681bde038250412ef2fee40ea359cfaface04d11260fb1992ddd7bca5a76fb0132c04e891edf04a1a39ee37

Download Submit
C:\Windows\system\PDvKGdt.exe

Filesize
6.0MB

MD5
65ab6d6ba21ebe4c08c91c6caabf2d5c

SHA1
5e3a9106ce048d15043e931f1d8515986a271c86

SHA256
5494d6bcade0f4d22a5bbd65d668e5e78739d4eba372cb5b120b350e07e700bc

SHA512
e867c022167292a00d99fd998aa42a0f82c4840704a79d474673608edd78ab25b017e2167e44872a34d9d5768b603bbdc750ec4c38276713e2f045cd7e159d05

Download Submit
C:\Windows\system\QlAkmrN.exe

Filesize
6.0MB

MD5
829dce97746f3dcbfb1d77d5b619fae2

SHA1
725a28dff73c8925dc3aec1adabd8cff9a714677

SHA256
d67e629a13305fb4457cf84c2b6d4316e56d0945f952edab9544d5572f1d4c66

SHA512
2bb2273bca57fff010945aace39a2ea1d97ad2cdad58f393a3a21b7958b69aac1fa7e98e18b98c7d2384e0e2e7d7608bbb6b0d26cb9e3dcfc3a0e9c82901e8a5

Download Submit
C:\Windows\system\VEkkHYu.exe

Filesize
6.0MB

MD5
a8f226527006dfd4a5a2774fdda1ae3b

SHA1
fe520fe8d8ec7bd5a554af082cae31e7a2e1fe56

SHA256
5cd8496769182d4c89b5528e1e6d3442b1771e9ab48947f92547089439b0857c

SHA512
bf3071a07ac54ff71a06505ae099c594a27201f39bbba523241b65dc24d446fec560c0e1f51df0feaaff51b42e1b15d60e08ac6a00424ebe913e504c1d9c5e64

Download Submit
C:\Windows\system\VsOvXkF.exe

Filesize
6.0MB

MD5
ce45f45d13a5bbbf629c206fe3735a21

SHA1
9dd49131e22c9aa8793c4f6a0c519dd6bd297e83

SHA256
7fafe470c96c8ad734a840cbcc8634761fa10811bdd19b019ec7d705caedb2b1

SHA512
58a4b8502f2439b8a7646386dfa2e9178033cf8f105fb82e0f18e4b763094a53e48e6b2203861f5e5892a7a8e9d16b100e8cebddd173614649754563eca196b3

Download Submit
C:\Windows\system\XPCTFsg.exe

Filesize
6.0MB

MD5
f90cbbe37c92b23a4a0f195133a3be22

SHA1
f90356e8f2715eef0b5a06d49ff7b8f8c87235a5

SHA256
ee96c621c0b22609045638b326f38cf89ba152ffd2cb1de4589a4f50e54cb366

SHA512
437616105768b5dc1aadaf27f59756b90cab3968c6c79c1605bb94b332f580e195cdd98e766baa3d013d914997f5c1a09a4dc03d225dfe1835b74c88ba58df85

Download Submit
C:\Windows\system\XTAPFlE.exe

Filesize
6.0MB

MD5
68e1e975882855be65b73f8d8fa02419

SHA1
b04ff19177510edd6e77653ad118195a13b86c67

SHA256
1bb77b2c510c0ae87468e0a4ea58e5ee6049d5d603375d8a429dd4775a253a34

SHA512
56b3701c9a6fa3acc8009379fe7a0ebd6b29c4e629b6177ea18b29330b122fe36fba86d01f4e3c8cfa9d231a70df9e590430aa16fcdee259913d59bc12faa45e

Download Submit
C:\Windows\system\YNmmCvw.exe

Filesize
6.0MB

MD5
e598ffb64d3a7738e314fc52c0b7b25b

SHA1
c5e3ff74c0bb02c4664abbff758e8006abc2e2ea

SHA256
929a1a8d7607074e94e6a49295054afb98454a3622666540f2c140b9964fab82

SHA512
4156e12f20f632196710f98657be382db181b593275282fca8da61d26344dd112fdd38c2f82da677881d8c1752ae1e3b46725ae1e077e0d66d12c010c458df45

Download Submit
C:\Windows\system\aHeKHtq.exe

Filesize
6.0MB

MD5
b52c2ef7e21c78a1ec6f99fe553acb3f

SHA1
343bf4867c894e794d129e2838ef10ca28f6f6e8

SHA256
39374409a86c20d37d8bceff26df13f8b502cff626baedd2d9965a9dda626d17

SHA512
4a32afc1d84ab140324c230a5b9fe482246a2f7f12bc3d5f3d2e29ed697cdb2de64abcd7c8f7d63d41fae51d10399ae2744b9bdd8bceeb57869b1f1aa69c1ab3

Download Submit
C:\Windows\system\bOZfvyM.exe

Filesize
6.0MB

MD5
312066e74bf11d7f3caeaaafeaee706e

SHA1
fb439e49edc7cc5cf4be73d31adf5e031e293ad0

SHA256
ff36336bbb38b9105a84caa6a71725a56aeff32abdaf207be53ba9e99bf4432d

SHA512
a28e51b79555330e9844dd2eba9a8de0548e2ef4c16db885e2417fe60b0f7e9c8dcc604bd83ca7e3b6a175f0000378c026fff142d528a20de09585813182034e

Download Submit
C:\Windows\system\btMveIU.exe

Filesize
6.0MB

MD5
4bc15e259fca173f4a1eaa87b61bccfc

SHA1
3374d95cecbb5112db8ad80e19e66a20411273c1

SHA256
fad5548a3f0ee2d645fc70e7dbceb66150a87cc3396a07d3cb5f338b1d4f1ed7

SHA512
5eb6b6ba858abacef9e6f010945c7029f2a87dc079188351bccb756055b6447ecb17193f72491e9711255e482ffd6bd82915b89bfa409d7c89df360b15506999

Download Submit
C:\Windows\system\eFjRGZw.exe

Filesize
6.0MB

MD5
b5bcee467a412037a2914093ae282656

SHA1
2859b14a3aa8f3f0f287d41890928356be7dab65

SHA256
2ace2ee470fc9192de077356832c65b7e40da14fca5cdf41ad471effad568a5f

SHA512
55d5747f2fa9f1b237ebce037122769ac4ed7c966b08cbed1a2e04772c02dc8052c1cc54c14a5918ef7e3341f7785d1980a25c11c2caee40b2baa35b4cd43ab8

Download Submit
C:\Windows\system\efXUrlT.exe

Filesize
6.0MB

MD5
a0491f610c07a69ac6d135974bec27e6

SHA1
7a2b781bc4b234456d8e32aee623d3728546b67a

SHA256
0b6e3421cd55821fd0035fd910ba591256681f716d923aa878f8fa48cb74f282

SHA512
def54d915c3218f9807546ec9b1b2dde86b33c67eb6f0753df241cccec85e6990e7557b49d414234b963e3949673525559291cf6bb1f79ecd8b76f8ef96d5977

Download Submit
C:\Windows\system\fZADodm.exe

Filesize
6.0MB

MD5
415861e34e8af6819d43ba5834da20bd

SHA1
df815403bb913bf22c0e186577c4d17401d1962d

SHA256
a82b98700fccd62ea23d893eed0fbeca1b0ef83b191eed863847c76a54d65a8b

SHA512
6c715adcff75765261b5daa2705263dffc47c125258d7b14c679219d73fd0c3dfeb1da7440c8cb92b6182fa12c19f48d9eb3f7f186e6751b67e2fca1dd182677

Download Submit
C:\Windows\system\fsPOoDg.exe

Filesize
6.0MB

MD5
d25622c1db46c6cbc7ac403da656126b

SHA1
3a13c63b919726372a8ff2bfccb93e7bb0303977

SHA256
7cc98da51bf288f7fba57a8ad61d2d891812435f0711199591d509f23d1b9a1a

SHA512
3a37bc7912f46a095bb6f892d2a4dc0487041ff975adb5d27879d5cbcfc80e0c08db3d64c66a78f415f1ccaa0abd28acd049b0f696b96d675efd54a01b829e1f

Download Submit
C:\Windows\system\jJoviRh.exe

Filesize
6.0MB

MD5
ea5aa62a39a1d59a14a28ca70f860852

SHA1
0c2beb2ba7e0990bda5c6fd369264cc1dc8e238b

SHA256
d76a728883570f22fd4d99074cfa42e8a28faa23084f6a74b1e4b865059fec1b

SHA512
e31f798584bdde8593b93dc9db4f8310974548185d5531380769ec864b7ac83c78c013307d343ba2164a653818ec8c9622152d06d319447ade3be4919e213eea

Download Submit
C:\Windows\system\kLedWwX.exe

Filesize
6.0MB

MD5
96870c6c182878365876b7f7fcb5fa40

SHA1
a63753ce61df7204179378289c38589912c9c31e

SHA256
a9bb960addea08c608ced083d9a7930c8bec8221f1981ccb96d28b7e365664d1

SHA512
bc2292bc780683c388ed63a7aa9340b0331823d39ff5e4491d3b88538509309684f9bc0afe1729927c6846b402a5eeb95f41abd797b7f14ec4d0b027bdfbb4ee

Download Submit
C:\Windows\system\kgHZMMR.exe

Filesize
6.0MB

MD5
3cb78f0a519ed2df874ff0b9b8cb3747

SHA1
6340fad31236443e345e1e136dae558d548b7eea

SHA256
36e941ac9dc4d65b8d3d4b8a5ebc3e79623fc2e0a9a87e9d236f61fb3b154777

SHA512
bde39a22dd5fe3d7ef03dc04a4d535d0acc8c29cab7390e72e25b54e40755f255ea4356d2551a85cead17c574ea73c0ce7eb190705fdcaeec25e8659c6bded5a

Download Submit
C:\Windows\system\oaunydD.exe

Filesize
6.0MB

MD5
c0a4eb0b2a3cd2c1ee8a62b320862ec0

SHA1
914fd37711834592245d21826d24cc6bd91f1524

SHA256
aa4e3755309c6aaf8f93ef6176b58b3a2b1ebfc865753dfa4cacfcfc144901c1

SHA512
f543073fe7d900e82d235691038c5f6679d42a5bb93d5086a08107ff424927f946161f08e48239b36be9ca1a3d024d306c5df8e8f1c5e7741fc459f1a0c6c749

Download Submit
C:\Windows\system\sOgnzsX.exe

Filesize
6.0MB

MD5
9b4149c4c4c8c4ff67d13bb519b3a370

SHA1
63ba1a184460427c1d40db963ca55feb597a74bb

SHA256
28d39ea0c625690d526740abe0df37a3d5a43b9c6286d629af915192551997e0

SHA512
19f4565e74397fbf2a461060176c095f27955fce7106ec705376f729d83ff42c88a0a427708cc1aed73d9d47fd55f0dbc241ab9261ba3bc75f550ba691f7f101

Download Submit
C:\Windows\system\sSbpYHp.exe

Filesize
6.0MB

MD5
2b6bd7497fd079b8852ebba170458521

SHA1
b1969ee4f009ff54cf6a562896c4e71197717511

SHA256
9d60dc0f39d2f6e1628d33cd0ced2dd4beca88d641d7dd9ba6e974bc21c5c45d

SHA512
8c711204e6f39365a17571dd9c92261cea964874beb483f0288a474f283f5b4d8ecdfc8b336e6addda1b6b52d95df0dd64d7db6fc9dcf93f495e6d3383801374

Download Submit
C:\Windows\system\wzvGMdk.exe

Filesize
6.0MB

MD5
e89fea58dec2c863f8b2b1c9b141591c

SHA1
52c7af676f39abc5527ed9457193373e356a8083

SHA256
7f41983f5ebea4ad55317972b8a4cc75c73b7b3b08e17540b89d8ec29c196bdc

SHA512
16b0304501126471e1a67f59428f22088a92e8437227bc8f18d706422a74e01c0c6370d55681b127d8a044eb5c2cf09a611d29a4e7e078f00b2e654d102150c1

Download Submit
C:\Windows\system\xPSkzMd.exe

Filesize
6.0MB

MD5
2f9fa96e11fa583b846cf840583467bf

SHA1
b5ab0a9cff1241b8b45d4a97b29d42c2dbd579aa

SHA256
a4026820fc1413eb4aed77323d9ee7e624af645a9b28df38d9a0516501607a4b

SHA512
2d33689c39b8ccba89d1fd197f98f4b984f32c44bc602e2d69b7b5cd89476143bc66a8b38c815154b08a6b9612f7f76693bb2d320ff7ed7e8629f7bfad3fd1e6

Download Submit
C:\Windows\system\xsxJBEY.exe

Filesize
6.0MB

MD5
9d64ee650867e70a7fb284b9307962f0

SHA1
d885abf79a399193c894d0ea2aa4f342e91b0f61

SHA256
b3f421a0c57fa617e88fd45456ec713becaccb495d3e15d4434310feb2ddd1f2

SHA512
e65ceaac26438f92a9cba766d7752965244418fbc9869a98a75df9c56dcbc0f22bba7396701eb06a8d1e9309d7d761c406f065ffe0ef1a691aaaed979a0f847b

Download Submit
C:\Windows\system\xxnfhay.exe

Filesize
6.0MB

MD5
9861ee6773d45e6f13c77a3ef4287ed3

SHA1
462644d41231521058a79285cf82f30a6d8857d1

SHA256
1abf69f7e6293605afa28b5ec9734ba329a720f14e160d9ee0cc46433ec34f69

SHA512
5dfa44daa1fe4767303fec6757765f46fab87330ba6a59ece5dd111c6a64bb1353b292e63be8f267b41f3144cef735b607ba75932c74a4b68067841bbefca29a

Download Submit
C:\Windows\system\yZmJkMy.exe

Filesize
6.0MB

MD5
effda710b44b640bac734ef033cd1b70

SHA1
92c6e755118f77931514e1286980bab5d4c41104

SHA256
e32a9a1c22432df272eae60afa5a77eb7747e7c1e5eadf6bec88a3313477883f

SHA512
bed6437e4b545616493a8dc4fc308182c47ab1bd3b8076d0ba23b15e0bba086e8580b0a7bd71f93631948a00082401eccf459f5164cdff7f3dcddd05c37306ff

Download Submit
\Windows\system\SHpwBfn.exe

Filesize
6.0MB

MD5
2119fe7ab195b4edfc18621b7d8b61f4

SHA1
0c2e50dda239884230df4885517233e8e85d14d6

SHA256
9d97c1994d3ed2b21ebaef6c46feb6542703dfc526705dde1caf79271a863318

SHA512
d16f70c11ab7447fdf4a6b2b3218266b124ef4a2cb1437a5eb7779d0290309b2dec67f212bd7dbdff1c7d956f1198c328b0a84e4e1616b224a194ed161c6236f

Download Submit
\Windows\system\bmrLIjg.exe

Filesize
6.0MB

MD5
bda1e889a20d7581d2b613ea856f1d9b

SHA1
09a4244a9a1d0fa6ce12e8884fcb74a5a2bf0f70

SHA256
d6b9d1d99399adb21645134fb9d3029ec1b0decf459eaf54b9703d15b1bf1268

SHA512
d72294f59ac631ddea73289a32191e11f8b8dbcadb2160348d51bdf291d32a17988b3c496f6ad69c74b863c032e53bb52937229c3a972ddc18c7ac8ae7e78308

Download Submit
\Windows\system\lvtZCZL.exe

Filesize
6.0MB

MD5
f47f4a00d145cc52e336039e9d737fed

SHA1
a631fb2b2809821dfdde4c12319ef4b3235c4723

SHA256
d9d519d687294339a80689c6b19fbc344737e10e33e4a572c5f177c4efb40b8d

SHA512
fb2e816d58a93dda45a44306e8a589808cf1a1a1af17f7a6cd4299a9e850e8d1443327de8e7e1a3be6364edf28e145ba571c978b4e10dc689a15524c41fe2bc8

Download Submit
\Windows\system\mUhHoJS.exe

Filesize
6.0MB

MD5
185d710351fdb9f0dff115c4a1a15fb2

SHA1
bb64c7658a33803049dc381a4f2f5f03afde7c70

SHA256
fc27d479a769f21e2f6f8998310f379c7a7c3512184ce9fabdda846ca705a94b

SHA512
2604a091fe0fbcdb5792201855ba2fae228e62521b4f6d0b82dc3c1880758c118c79315a9824c52b7fdb2f3c806d22366ad157547980f3acd5ee19fff84c1546

Download Submit
memory/1240-32-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-4018-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-117-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1692-4024-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2116-28-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-4012-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-4014-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2332-34-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2476-31-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-4013-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-922-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2492-97-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2492-83-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2492-82-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-0-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2492-767-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2492-66-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2492-60-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-95-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2492-76-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2492-1070-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2492-15-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2492-59-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2492-33-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2492-57-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4021-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2624-81-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4025-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2656-521-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2656-67-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4015-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-46-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4023-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-96-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4019-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2848-39-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2848-75-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4020-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-51-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-110-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-58-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4017-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-29-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2940-4016-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2940-65-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3028-94-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-4022-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download