cobaltstrike | 64def4b84090b285c7e7651ea3b32480e4645247d81c1a82480bbc1b5dff13cf

Analysis

max time kernel
151s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8069d73aee745a24376d01897abca045
SHA1

aacdac86c0617a8ac7045e0c4e7dc9296237f0db
SHA256

64def4b84090b285c7e7651ea3b32480e4645247d81c1a82480bbc1b5dff13cf
SHA512

6a9f689669166d80463834f99df1ac7a6d07878668b0a346ecbc59c665989c693ba45c5feabde3f03aeb5293a35f4a492a268ac1b87ed2efbd946d886d536fa2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000162e9-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016458-12.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000015e9a-25.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658d-26.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-40.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000167e3-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2c-54.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019326-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019394-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b8-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-195.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c7-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a0-94.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2204-0-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-6.dat	xmrig
behavioral1/memory/2784-9-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00080000000162e9-10.dat	xmrig
behavioral1/memory/2896-15-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0007000000016458-12.dat	xmrig
behavioral1/files/0x0014000000015e9a-25.dat	xmrig
behavioral1/files/0x000700000001658d-26.dat	xmrig
behavioral1/memory/2792-28-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2768-36-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/3028-35-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2204-31-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/files/0x000900000001660b-40.dat	xmrig
behavioral1/memory/2652-43-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x00090000000167e3-44.dat	xmrig
behavioral1/memory/2008-53-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d2c-54.dat	xmrig
behavioral1/memory/1036-58-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2204-51-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2204-45-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2896-60-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-62.dat	xmrig
behavioral1/memory/2324-67-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2652-69-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0005000000019326-72.dat	xmrig
behavioral1/memory/2140-75-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2204-70-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x000500000001932a-76.dat	xmrig
behavioral1/files/0x0005000000019394-82.dat	xmrig
behavioral1/memory/2204-89-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/1976-90-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1036-87-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b8-100.dat	xmrig
behavioral1/memory/1760-102-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x0005000000019489-124.dat	xmrig
behavioral1/files/0x000500000001948c-129.dat	xmrig
behavioral1/files/0x0005000000019490-134.dat	xmrig
behavioral1/files/0x00050000000194a3-140.dat	xmrig
behavioral1/files/0x00050000000194eb-145.dat	xmrig
behavioral1/files/0x00050000000195a7-175.dat	xmrig
behavioral1/files/0x00050000000195a9-181.dat	xmrig
behavioral1/memory/1476-338-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1760-390-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2204-264-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ad-191.dat	xmrig
behavioral1/files/0x00050000000195af-195.dat	xmrig
behavioral1/files/0x00050000000195ab-185.dat	xmrig
behavioral1/files/0x000500000001957c-170.dat	xmrig
behavioral1/files/0x0005000000019547-165.dat	xmrig
behavioral1/files/0x0005000000019515-160.dat	xmrig
behavioral1/files/0x000500000001950f-155.dat	xmrig
behavioral1/files/0x00050000000194ef-150.dat	xmrig
behavioral1/memory/2140-137-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0005000000019480-119.dat	xmrig
behavioral1/files/0x0005000000019470-114.dat	xmrig
behavioral1/files/0x00050000000193c7-110.dat	xmrig
behavioral1/memory/1476-96-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a0-94.dat	xmrig
behavioral1/memory/760-85-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2652-1342-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2768-1354-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2784-1353-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/3028-1348-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2896-1356-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2784	nZtTALQ.exe
2896	OopwnYL.exe
2792	DRHPOkT.exe
3028	GgcCqDq.exe
2768	MqvNQaO.exe
2652	OFEjbTo.exe
2008	lDvrnet.exe
1036	GYnmbIs.exe
2324	nFTptep.exe
2140	UwCMZqB.exe
760	jliCwXl.exe
1976	cNAHXpQ.exe
1476	TfeGEIf.exe
1760	yZTHGbf.exe
2892	TfEWXJe.exe
2972	GGKimvU.exe
1264	iIwWANN.exe
2284	MAfPERW.exe
320	AqiLPEt.exe
544	xOTvBBl.exe
2148	SLawTuj.exe
2160	SpVThzn.exe
2512	funxZdk.exe
2388	eQqrotL.exe
2072	mVaGQJn.exe
2476	pvVAoij.exe
1960	rADaanV.exe
1608	aAHHNci.exe
2076	BYkwcLH.exe
680	sbErwLC.exe
2116	HFzVcBY.exe
2460	ZvUnsOp.exe
1340	bGmqNqB.exe
1660	eFXIhJA.exe
2716	kzNnEiY.exe
1796	mWgMnHm.exe
1780	uXyFjUe.exe
1464	YTALugn.exe
2264	kRBLeHn.exe
2276	MdxFQMG.exe
1304	nyzrbvI.exe
2228	Bmbeyko.exe
2104	iPGMVsr.exe
2040	NlGwBve.exe
1000	doZExhK.exe
2300	saZkSPx.exe
1944	BoSftxd.exe
1504	XfwcMSM.exe
860	kNgNrXb.exe
744	mPuonGF.exe
1568	kHypkcV.exe
1684	ppoawrv.exe
2912	CrpnTuF.exe
2672	GAtHyPD.exe
2060	drdcKzr.exe
2824	mnSHrxQ.exe
1972	wfMZTcK.exe
2900	zgCXsNf.exe
1308	yAbFXsA.exe
2668	NBswPFk.exe
2692	xwpPSEA.exe
1148	xKznCcJ.exe
3000	naxrPgp.exe
2604	EYTYiUD.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x000c000000012262-6.dat	upx
behavioral1/memory/2784-9-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00080000000162e9-10.dat	upx
behavioral1/memory/2896-15-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0007000000016458-12.dat	upx
behavioral1/files/0x0014000000015e9a-25.dat	upx
behavioral1/files/0x000700000001658d-26.dat	upx
behavioral1/memory/2792-28-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2768-36-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/3028-35-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x000900000001660b-40.dat	upx
behavioral1/memory/2652-43-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x00090000000167e3-44.dat	upx
behavioral1/memory/2008-53-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0007000000016d2c-54.dat	upx
behavioral1/memory/1036-58-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2204-51-0x00000000022C0000-0x0000000002614000-memory.dmp	upx
behavioral1/memory/2204-45-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2896-60-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0002000000018334-62.dat	upx
behavioral1/memory/2324-67-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2652-69-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0005000000019326-72.dat	upx
behavioral1/memory/2140-75-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x000500000001932a-76.dat	upx
behavioral1/files/0x0005000000019394-82.dat	upx
behavioral1/memory/1976-90-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1036-87-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x00050000000193b8-100.dat	upx
behavioral1/memory/1760-102-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x0005000000019489-124.dat	upx
behavioral1/files/0x000500000001948c-129.dat	upx
behavioral1/files/0x0005000000019490-134.dat	upx
behavioral1/files/0x00050000000194a3-140.dat	upx
behavioral1/files/0x00050000000194eb-145.dat	upx
behavioral1/files/0x00050000000195a7-175.dat	upx
behavioral1/files/0x00050000000195a9-181.dat	upx
behavioral1/memory/1476-338-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1760-390-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x00050000000195ad-191.dat	upx
behavioral1/files/0x00050000000195af-195.dat	upx
behavioral1/files/0x00050000000195ab-185.dat	upx
behavioral1/files/0x000500000001957c-170.dat	upx
behavioral1/files/0x0005000000019547-165.dat	upx
behavioral1/files/0x0005000000019515-160.dat	upx
behavioral1/files/0x000500000001950f-155.dat	upx
behavioral1/files/0x00050000000194ef-150.dat	upx
behavioral1/memory/2140-137-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0005000000019480-119.dat	upx
behavioral1/files/0x0005000000019470-114.dat	upx
behavioral1/files/0x00050000000193c7-110.dat	upx
behavioral1/memory/1476-96-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x00050000000193a0-94.dat	upx
behavioral1/memory/760-85-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2652-1342-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2768-1354-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2784-1353-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/3028-1348-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2896-1356-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2792-1355-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/1036-1358-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2008-1357-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2324-1478-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DokCOXx.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaQvbuH.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnSHrxQ.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCshlJP.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zimGYEK.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDKdTGX.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuVhfOm.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkghteP.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHwcqdq.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhdZmiF.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMfMkoO.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tagnMen.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CViqLJJ.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDCbFux.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtDNiYf.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbOXXTX.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHhZgjZ.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHDqrcw.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLfSauW.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyMJUkc.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQDcNnH.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwZwVXy.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWpJNrL.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcRClnQ.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkQqBtV.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXGdXtg.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTjYWeq.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhEpeYC.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWbMOAw.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvxreog.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPsazUr.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFvVQGf.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFbbgXz.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkdYyiY.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPLenqs.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LiXrUeJ.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODdnZFX.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXTCnlX.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGORCer.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJvfrHC.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoHQtCO.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uheySud.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFzFPgy.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omxHqVR.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZFXLkh.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHVVlAe.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RioyANu.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEaCUeU.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMALetr.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myxsbax.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xznySSp.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfqTvDJ.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZVMNtOi.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsOeQJs.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqiLPEt.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azkIIxj.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRZMoFK.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFJyBMJ.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcduqSS.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJqHQvO.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBGXjnC.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPqOBQN.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsIpwoe.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGmFIAO.exe	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2784	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2784	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2784	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2896	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2896	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2896	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2792	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2792	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2792	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 3028	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 3028	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 3028	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 2768	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2768	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2768	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2652	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2652	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2652	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2008	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2008	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2008	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 1036	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 1036	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 1036	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2324	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2324	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2324	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2140	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2140	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2140	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 760	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 760	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 760	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 1976	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 1976	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 1976	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 1476	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 1476	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 1476	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 1760	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 1760	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 1760	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2892	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2892	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2892	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2972	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2972	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2972	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 1264	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 1264	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 1264	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 2284	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 2284	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 2284	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 320	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 320	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 320	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 544	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 544	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 544	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 2148	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 2148	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 2148	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 2160	2204	2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-23_8069d73aee745a24376d01897abca045_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\System\nZtTALQ.exe
  C:\Windows\System\nZtTALQ.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\OopwnYL.exe
  C:\Windows\System\OopwnYL.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\DRHPOkT.exe
  C:\Windows\System\DRHPOkT.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\GgcCqDq.exe
  C:\Windows\System\GgcCqDq.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\MqvNQaO.exe
  C:\Windows\System\MqvNQaO.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\OFEjbTo.exe
  C:\Windows\System\OFEjbTo.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\lDvrnet.exe
  C:\Windows\System\lDvrnet.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\GYnmbIs.exe
  C:\Windows\System\GYnmbIs.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\nFTptep.exe
  C:\Windows\System\nFTptep.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\UwCMZqB.exe
  C:\Windows\System\UwCMZqB.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\jliCwXl.exe
  C:\Windows\System\jliCwXl.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\cNAHXpQ.exe
  C:\Windows\System\cNAHXpQ.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\TfeGEIf.exe
  C:\Windows\System\TfeGEIf.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\yZTHGbf.exe
  C:\Windows\System\yZTHGbf.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\TfEWXJe.exe
  C:\Windows\System\TfEWXJe.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\GGKimvU.exe
  C:\Windows\System\GGKimvU.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\iIwWANN.exe
  C:\Windows\System\iIwWANN.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\MAfPERW.exe
  C:\Windows\System\MAfPERW.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\AqiLPEt.exe
  C:\Windows\System\AqiLPEt.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\xOTvBBl.exe
  C:\Windows\System\xOTvBBl.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\SLawTuj.exe
  C:\Windows\System\SLawTuj.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\SpVThzn.exe
  C:\Windows\System\SpVThzn.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\funxZdk.exe
  C:\Windows\System\funxZdk.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\eQqrotL.exe
  C:\Windows\System\eQqrotL.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\mVaGQJn.exe
  C:\Windows\System\mVaGQJn.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\pvVAoij.exe
  C:\Windows\System\pvVAoij.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\rADaanV.exe
  C:\Windows\System\rADaanV.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\aAHHNci.exe
  C:\Windows\System\aAHHNci.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\BYkwcLH.exe
  C:\Windows\System\BYkwcLH.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\sbErwLC.exe
  C:\Windows\System\sbErwLC.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\HFzVcBY.exe
  C:\Windows\System\HFzVcBY.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\ZvUnsOp.exe
  C:\Windows\System\ZvUnsOp.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\bGmqNqB.exe
  C:\Windows\System\bGmqNqB.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\eFXIhJA.exe
  C:\Windows\System\eFXIhJA.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\kzNnEiY.exe
  C:\Windows\System\kzNnEiY.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\mWgMnHm.exe
  C:\Windows\System\mWgMnHm.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\uXyFjUe.exe
  C:\Windows\System\uXyFjUe.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\YTALugn.exe
  C:\Windows\System\YTALugn.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\kRBLeHn.exe
  C:\Windows\System\kRBLeHn.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\MdxFQMG.exe
  C:\Windows\System\MdxFQMG.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\nyzrbvI.exe
  C:\Windows\System\nyzrbvI.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\Bmbeyko.exe
  C:\Windows\System\Bmbeyko.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\iPGMVsr.exe
  C:\Windows\System\iPGMVsr.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\NlGwBve.exe
  C:\Windows\System\NlGwBve.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\doZExhK.exe
  C:\Windows\System\doZExhK.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\saZkSPx.exe
  C:\Windows\System\saZkSPx.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\BoSftxd.exe
  C:\Windows\System\BoSftxd.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\XfwcMSM.exe
  C:\Windows\System\XfwcMSM.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\kNgNrXb.exe
  C:\Windows\System\kNgNrXb.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\mPuonGF.exe
  C:\Windows\System\mPuonGF.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\kHypkcV.exe
  C:\Windows\System\kHypkcV.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\ppoawrv.exe
  C:\Windows\System\ppoawrv.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\CrpnTuF.exe
  C:\Windows\System\CrpnTuF.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\GAtHyPD.exe
  C:\Windows\System\GAtHyPD.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\drdcKzr.exe
  C:\Windows\System\drdcKzr.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\mnSHrxQ.exe
  C:\Windows\System\mnSHrxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\wfMZTcK.exe
  C:\Windows\System\wfMZTcK.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\zgCXsNf.exe
  C:\Windows\System\zgCXsNf.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\yAbFXsA.exe
  C:\Windows\System\yAbFXsA.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\NBswPFk.exe
  C:\Windows\System\NBswPFk.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\xwpPSEA.exe
  C:\Windows\System\xwpPSEA.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\xKznCcJ.exe
  C:\Windows\System\xKznCcJ.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\naxrPgp.exe
  C:\Windows\System\naxrPgp.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\EYTYiUD.exe
  C:\Windows\System\EYTYiUD.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\Zznyjbw.exe
  C:\Windows\System\Zznyjbw.exe
  2⤵
  PID:2112
- C:\Windows\System\YfgfuQy.exe
  C:\Windows\System\YfgfuQy.exe
  2⤵
  PID:1260
- C:\Windows\System\ifXemeD.exe
  C:\Windows\System\ifXemeD.exe
  2⤵
  PID:2880
- C:\Windows\System\kNBHoIM.exe
  C:\Windows\System\kNBHoIM.exe
  2⤵
  PID:2052
- C:\Windows\System\EFXbcHy.exe
  C:\Windows\System\EFXbcHy.exe
  2⤵
  PID:1776
- C:\Windows\System\gjhhOot.exe
  C:\Windows\System\gjhhOot.exe
  2⤵
  PID:2000
- C:\Windows\System\zodcZor.exe
  C:\Windows\System\zodcZor.exe
  2⤵
  PID:2084
- C:\Windows\System\CedtLAs.exe
  C:\Windows\System\CedtLAs.exe
  2⤵
  PID:2168
- C:\Windows\System\UdMpnvw.exe
  C:\Windows\System\UdMpnvw.exe
  2⤵
  PID:2132
- C:\Windows\System\pzoMWFe.exe
  C:\Windows\System\pzoMWFe.exe
  2⤵
  PID:2484
- C:\Windows\System\cQFLdee.exe
  C:\Windows\System\cQFLdee.exe
  2⤵
  PID:1288
- C:\Windows\System\cBUCTLG.exe
  C:\Windows\System\cBUCTLG.exe
  2⤵
  PID:2960
- C:\Windows\System\szAShcj.exe
  C:\Windows\System\szAShcj.exe
  2⤵
  PID:736
- C:\Windows\System\NwOEjzO.exe
  C:\Windows\System\NwOEjzO.exe
  2⤵
  PID:1536
- C:\Windows\System\zUGdhZB.exe
  C:\Windows\System\zUGdhZB.exe
  2⤵
  PID:3060
- C:\Windows\System\OfGiWYj.exe
  C:\Windows\System\OfGiWYj.exe
  2⤵
  PID:1772
- C:\Windows\System\fgwQVkR.exe
  C:\Windows\System\fgwQVkR.exe
  2⤵
  PID:1376
- C:\Windows\System\wNtyckY.exe
  C:\Windows\System\wNtyckY.exe
  2⤵
  PID:2684
- C:\Windows\System\OUfACgS.exe
  C:\Windows\System\OUfACgS.exe
  2⤵
  PID:2548
- C:\Windows\System\EPQNOKy.exe
  C:\Windows\System\EPQNOKy.exe
  2⤵
  PID:1784
- C:\Windows\System\vHVmXed.exe
  C:\Windows\System\vHVmXed.exe
  2⤵
  PID:1488
- C:\Windows\System\rxMsxLg.exe
  C:\Windows\System\rxMsxLg.exe
  2⤵
  PID:1028
- C:\Windows\System\VLcqpDH.exe
  C:\Windows\System\VLcqpDH.exe
  2⤵
  PID:2240
- C:\Windows\System\UsYbFXi.exe
  C:\Windows\System\UsYbFXi.exe
  2⤵
  PID:2488
- C:\Windows\System\jIeVtJL.exe
  C:\Windows\System\jIeVtJL.exe
  2⤵
  PID:1032
- C:\Windows\System\wqApaNP.exe
  C:\Windows\System\wqApaNP.exe
  2⤵
  PID:1688
- C:\Windows\System\vSbAcBp.exe
  C:\Windows\System\vSbAcBp.exe
  2⤵
  PID:3044
- C:\Windows\System\LQqFvlp.exe
  C:\Windows\System\LQqFvlp.exe
  2⤵
  PID:2380
- C:\Windows\System\gzCQtid.exe
  C:\Windows\System\gzCQtid.exe
  2⤵
  PID:2184
- C:\Windows\System\AlFdLvC.exe
  C:\Windows\System\AlFdLvC.exe
  2⤵
  PID:2588
- C:\Windows\System\ZMbgsYo.exe
  C:\Windows\System\ZMbgsYo.exe
  2⤵
  PID:2868
- C:\Windows\System\GOLyPCa.exe
  C:\Windows\System\GOLyPCa.exe
  2⤵
  PID:2632
- C:\Windows\System\lWdxCOO.exe
  C:\Windows\System\lWdxCOO.exe
  2⤵
  PID:2232
- C:\Windows\System\qXXEHNT.exe
  C:\Windows\System\qXXEHNT.exe
  2⤵
  PID:1572
- C:\Windows\System\UozgLJw.exe
  C:\Windows\System\UozgLJw.exe
  2⤵
  PID:2704
- C:\Windows\System\MpHJWuW.exe
  C:\Windows\System\MpHJWuW.exe
  2⤵
  PID:2748
- C:\Windows\System\iXSMkXv.exe
  C:\Windows\System\iXSMkXv.exe
  2⤵
  PID:2596
- C:\Windows\System\CELFaBa.exe
  C:\Windows\System\CELFaBa.exe
  2⤵
  PID:2660
- C:\Windows\System\ITCezOt.exe
  C:\Windows\System\ITCezOt.exe
  2⤵
  PID:2520
- C:\Windows\System\aCBLzki.exe
  C:\Windows\System\aCBLzki.exe
  2⤵
  PID:1840
- C:\Windows\System\zCrSJNk.exe
  C:\Windows\System\zCrSJNk.exe
  2⤵
  PID:2468
- C:\Windows\System\uutBXgW.exe
  C:\Windows\System\uutBXgW.exe
  2⤵
  PID:932
- C:\Windows\System\WLBdbpB.exe
  C:\Windows\System\WLBdbpB.exe
  2⤵
  PID:1628
- C:\Windows\System\khlFMag.exe
  C:\Windows\System\khlFMag.exe
  2⤵
  PID:2320
- C:\Windows\System\gPSKNqd.exe
  C:\Windows\System\gPSKNqd.exe
  2⤵
  PID:1844
- C:\Windows\System\KJzAOxI.exe
  C:\Windows\System\KJzAOxI.exe
  2⤵
  PID:328
- C:\Windows\System\BLBkkxH.exe
  C:\Windows\System\BLBkkxH.exe
  2⤵
  PID:1732
- C:\Windows\System\yGjoQlI.exe
  C:\Windows\System\yGjoQlI.exe
  2⤵
  PID:908
- C:\Windows\System\JTBsCds.exe
  C:\Windows\System\JTBsCds.exe
  2⤵
  PID:1592
- C:\Windows\System\UoyFNyS.exe
  C:\Windows\System\UoyFNyS.exe
  2⤵
  PID:1256
- C:\Windows\System\cgSTlYR.exe
  C:\Windows\System\cgSTlYR.exe
  2⤵
  PID:2688
- C:\Windows\System\cwGxrIi.exe
  C:\Windows\System\cwGxrIi.exe
  2⤵
  PID:2864
- C:\Windows\System\KVlJHog.exe
  C:\Windows\System\KVlJHog.exe
  2⤵
  PID:2764
- C:\Windows\System\fGdBcKJ.exe
  C:\Windows\System\fGdBcKJ.exe
  2⤵
  PID:1520
- C:\Windows\System\hcAsqKz.exe
  C:\Windows\System\hcAsqKz.exe
  2⤵
  PID:2196
- C:\Windows\System\mXuJLEe.exe
  C:\Windows\System\mXuJLEe.exe
  2⤵
  PID:2108
- C:\Windows\System\MGbcHaO.exe
  C:\Windows\System\MGbcHaO.exe
  2⤵
  PID:2996
- C:\Windows\System\mwRkHGA.exe
  C:\Windows\System\mwRkHGA.exe
  2⤵
  PID:824
- C:\Windows\System\SorjuFl.exe
  C:\Windows\System\SorjuFl.exe
  2⤵
  PID:1640
- C:\Windows\System\IEBqlIX.exe
  C:\Windows\System\IEBqlIX.exe
  2⤵
  PID:2164
- C:\Windows\System\uNVdSUG.exe
  C:\Windows\System\uNVdSUG.exe
  2⤵
  PID:880
- C:\Windows\System\rwrHllW.exe
  C:\Windows\System\rwrHllW.exe
  2⤵
  PID:788
- C:\Windows\System\KTGPliK.exe
  C:\Windows\System\KTGPliK.exe
  2⤵
  PID:2700
- C:\Windows\System\QRROuqN.exe
  C:\Windows\System\QRROuqN.exe
  2⤵
  PID:1932
- C:\Windows\System\oeUrGKb.exe
  C:\Windows\System\oeUrGKb.exe
  2⤵
  PID:1804
- C:\Windows\System\BRKRbIQ.exe
  C:\Windows\System\BRKRbIQ.exe
  2⤵
  PID:2928
- C:\Windows\System\ETrQnme.exe
  C:\Windows\System\ETrQnme.exe
  2⤵
  PID:2020
- C:\Windows\System\DWpJNrL.exe
  C:\Windows\System\DWpJNrL.exe
  2⤵
  PID:2424
- C:\Windows\System\DyTqixp.exe
  C:\Windows\System\DyTqixp.exe
  2⤵
  PID:2708
- C:\Windows\System\mehUkjx.exe
  C:\Windows\System\mehUkjx.exe
  2⤵
  PID:1460
- C:\Windows\System\iRtaJZl.exe
  C:\Windows\System\iRtaJZl.exe
  2⤵
  PID:2396
- C:\Windows\System\NCvBVUP.exe
  C:\Windows\System\NCvBVUP.exe
  2⤵
  PID:1300
- C:\Windows\System\aCXugOr.exe
  C:\Windows\System\aCXugOr.exe
  2⤵
  PID:2152
- C:\Windows\System\NZDjlbx.exe
  C:\Windows\System\NZDjlbx.exe
  2⤵
  PID:1292
- C:\Windows\System\QOocsdl.exe
  C:\Windows\System\QOocsdl.exe
  2⤵
  PID:740
- C:\Windows\System\KyWmyrw.exe
  C:\Windows\System\KyWmyrw.exe
  2⤵
  PID:2464
- C:\Windows\System\QpaVzpZ.exe
  C:\Windows\System\QpaVzpZ.exe
  2⤵
  PID:2120
- C:\Windows\System\WEWDmJe.exe
  C:\Windows\System\WEWDmJe.exe
  2⤵
  PID:1088
- C:\Windows\System\rxrKKcl.exe
  C:\Windows\System\rxrKKcl.exe
  2⤵
  PID:2540
- C:\Windows\System\pLxBDOQ.exe
  C:\Windows\System\pLxBDOQ.exe
  2⤵
  PID:812
- C:\Windows\System\AhOYOSM.exe
  C:\Windows\System\AhOYOSM.exe
  2⤵
  PID:1920
- C:\Windows\System\bKIUYAY.exe
  C:\Windows\System\bKIUYAY.exe
  2⤵
  PID:1904
- C:\Windows\System\ERmYFch.exe
  C:\Windows\System\ERmYFch.exe
  2⤵
  PID:2608
- C:\Windows\System\AkTBnhv.exe
  C:\Windows\System\AkTBnhv.exe
  2⤵
  PID:280
- C:\Windows\System\DmULPeh.exe
  C:\Windows\System\DmULPeh.exe
  2⤵
  PID:2984
- C:\Windows\System\ouZHtFk.exe
  C:\Windows\System\ouZHtFk.exe
  2⤵
  PID:1388
- C:\Windows\System\NrSZoDG.exe
  C:\Windows\System\NrSZoDG.exe
  2⤵
  PID:872
- C:\Windows\System\sbaeDPf.exe
  C:\Windows\System\sbaeDPf.exe
  2⤵
  PID:264
- C:\Windows\System\JgArdPL.exe
  C:\Windows\System\JgArdPL.exe
  2⤵
  PID:1676
- C:\Windows\System\nzrJisx.exe
  C:\Windows\System\nzrJisx.exe
  2⤵
  PID:2304
- C:\Windows\System\SsTSkxs.exe
  C:\Windows\System\SsTSkxs.exe
  2⤵
  PID:564
- C:\Windows\System\VzeGVtI.exe
  C:\Windows\System\VzeGVtI.exe
  2⤵
  PID:2068
- C:\Windows\System\qnxjTSi.exe
  C:\Windows\System\qnxjTSi.exe
  2⤵
  PID:2508
- C:\Windows\System\ZYEUiJv.exe
  C:\Windows\System\ZYEUiJv.exe
  2⤵
  PID:936
- C:\Windows\System\hgpVzWY.exe
  C:\Windows\System\hgpVzWY.exe
  2⤵
  PID:612
- C:\Windows\System\ycNoQaR.exe
  C:\Windows\System\ycNoQaR.exe
  2⤵
  PID:388
- C:\Windows\System\IHfDKAo.exe
  C:\Windows\System\IHfDKAo.exe
  2⤵
  PID:1936
- C:\Windows\System\pYspiqv.exe
  C:\Windows\System\pYspiqv.exe
  2⤵
  PID:2988
- C:\Windows\System\AjJUmVN.exe
  C:\Windows\System\AjJUmVN.exe
  2⤵
  PID:1948
- C:\Windows\System\csEAVBX.exe
  C:\Windows\System\csEAVBX.exe
  2⤵
  PID:1712
- C:\Windows\System\wyeeOEb.exe
  C:\Windows\System\wyeeOEb.exe
  2⤵
  PID:2344
- C:\Windows\System\sFnVCYQ.exe
  C:\Windows\System\sFnVCYQ.exe
  2⤵
  PID:1668
- C:\Windows\System\WYtMPUH.exe
  C:\Windows\System\WYtMPUH.exe
  2⤵
  PID:2532
- C:\Windows\System\CeuAYIs.exe
  C:\Windows\System\CeuAYIs.exe
  2⤵
  PID:676
- C:\Windows\System\APhKZFn.exe
  C:\Windows\System\APhKZFn.exe
  2⤵
  PID:1736
- C:\Windows\System\hdIwOqC.exe
  C:\Windows\System\hdIwOqC.exe
  2⤵
  PID:1564
- C:\Windows\System\OqZZaix.exe
  C:\Windows\System\OqZZaix.exe
  2⤵
  PID:2288
- C:\Windows\System\kWaIHUD.exe
  C:\Windows\System\kWaIHUD.exe
  2⤵
  PID:2220
- C:\Windows\System\WQuPxvv.exe
  C:\Windows\System\WQuPxvv.exe
  2⤵
  PID:1900
- C:\Windows\System\JRvuJtP.exe
  C:\Windows\System\JRvuJtP.exe
  2⤵
  PID:2356
- C:\Windows\System\OiDVTrd.exe
  C:\Windows\System\OiDVTrd.exe
  2⤵
  PID:2964
- C:\Windows\System\hTfvGez.exe
  C:\Windows\System\hTfvGez.exe
  2⤵
  PID:2428
- C:\Windows\System\cyhRomm.exe
  C:\Windows\System\cyhRomm.exe
  2⤵
  PID:2952
- C:\Windows\System\IoeZgWy.exe
  C:\Windows\System\IoeZgWy.exe
  2⤵
  PID:1544
- C:\Windows\System\HhqSvlL.exe
  C:\Windows\System\HhqSvlL.exe
  2⤵
  PID:2804
- C:\Windows\System\hMrBtSl.exe
  C:\Windows\System\hMrBtSl.exe
  2⤵
  PID:3092
- C:\Windows\System\VCYKcrd.exe
  C:\Windows\System\VCYKcrd.exe
  2⤵
  PID:3108
- C:\Windows\System\FJHVRoA.exe
  C:\Windows\System\FJHVRoA.exe
  2⤵
  PID:3132
- C:\Windows\System\fpmSIIa.exe
  C:\Windows\System\fpmSIIa.exe
  2⤵
  PID:3148
- C:\Windows\System\EmSOHMy.exe
  C:\Windows\System\EmSOHMy.exe
  2⤵
  PID:3164
- C:\Windows\System\AGEcGCD.exe
  C:\Windows\System\AGEcGCD.exe
  2⤵
  PID:3192
- C:\Windows\System\wzUXfDn.exe
  C:\Windows\System\wzUXfDn.exe
  2⤵
  PID:3208
- C:\Windows\System\QCzwenl.exe
  C:\Windows\System\QCzwenl.exe
  2⤵
  PID:3232
- C:\Windows\System\xAAlLlu.exe
  C:\Windows\System\xAAlLlu.exe
  2⤵
  PID:3248
- C:\Windows\System\tFFieQq.exe
  C:\Windows\System\tFFieQq.exe
  2⤵
  PID:3268
- C:\Windows\System\XfVNyVG.exe
  C:\Windows\System\XfVNyVG.exe
  2⤵
  PID:3284
- C:\Windows\System\atVcRPI.exe
  C:\Windows\System\atVcRPI.exe
  2⤵
  PID:3308
- C:\Windows\System\oInEXYB.exe
  C:\Windows\System\oInEXYB.exe
  2⤵
  PID:3332
- C:\Windows\System\fxXtrzL.exe
  C:\Windows\System\fxXtrzL.exe
  2⤵
  PID:3348
- C:\Windows\System\mNMrEag.exe
  C:\Windows\System\mNMrEag.exe
  2⤵
  PID:3368
- C:\Windows\System\JKrflKu.exe
  C:\Windows\System\JKrflKu.exe
  2⤵
  PID:3384
- C:\Windows\System\fcflNcW.exe
  C:\Windows\System\fcflNcW.exe
  2⤵
  PID:3412
- C:\Windows\System\FuHMVPe.exe
  C:\Windows\System\FuHMVPe.exe
  2⤵
  PID:3428
- C:\Windows\System\RduZlJO.exe
  C:\Windows\System\RduZlJO.exe
  2⤵
  PID:3460
- C:\Windows\System\qEjDlQv.exe
  C:\Windows\System\qEjDlQv.exe
  2⤵
  PID:3476
- C:\Windows\System\nxFkERI.exe
  C:\Windows\System\nxFkERI.exe
  2⤵
  PID:3492
- C:\Windows\System\BPkxkPD.exe
  C:\Windows\System\BPkxkPD.exe
  2⤵
  PID:3516
- C:\Windows\System\ghNtIPu.exe
  C:\Windows\System\ghNtIPu.exe
  2⤵
  PID:3532
- C:\Windows\System\cvHYHxm.exe
  C:\Windows\System\cvHYHxm.exe
  2⤵
  PID:3548
- C:\Windows\System\szFkAmP.exe
  C:\Windows\System\szFkAmP.exe
  2⤵
  PID:3572
- C:\Windows\System\UClkGCF.exe
  C:\Windows\System\UClkGCF.exe
  2⤵
  PID:3596
- C:\Windows\System\UAKDRzZ.exe
  C:\Windows\System\UAKDRzZ.exe
  2⤵
  PID:3612
- C:\Windows\System\MPJBPuJ.exe
  C:\Windows\System\MPJBPuJ.exe
  2⤵
  PID:3636
- C:\Windows\System\rCgIJtc.exe
  C:\Windows\System\rCgIJtc.exe
  2⤵
  PID:3652
- C:\Windows\System\jKyCVOg.exe
  C:\Windows\System\jKyCVOg.exe
  2⤵
  PID:3680
- C:\Windows\System\NBKCasP.exe
  C:\Windows\System\NBKCasP.exe
  2⤵
  PID:3696
- C:\Windows\System\JAkUZZO.exe
  C:\Windows\System\JAkUZZO.exe
  2⤵
  PID:3716
- C:\Windows\System\hCtmTfA.exe
  C:\Windows\System\hCtmTfA.exe
  2⤵
  PID:3740
- C:\Windows\System\awPIpzL.exe
  C:\Windows\System\awPIpzL.exe
  2⤵
  PID:3756
- C:\Windows\System\XgAzsCl.exe
  C:\Windows\System\XgAzsCl.exe
  2⤵
  PID:3772
- C:\Windows\System\RZHyjWh.exe
  C:\Windows\System\RZHyjWh.exe
  2⤵
  PID:3796
- C:\Windows\System\YdlJrnn.exe
  C:\Windows\System\YdlJrnn.exe
  2⤵
  PID:3812
- C:\Windows\System\ZAriIVc.exe
  C:\Windows\System\ZAriIVc.exe
  2⤵
  PID:3832
- C:\Windows\System\BbzciAi.exe
  C:\Windows\System\BbzciAi.exe
  2⤵
  PID:3852
- C:\Windows\System\oQobFIE.exe
  C:\Windows\System\oQobFIE.exe
  2⤵
  PID:3868
- C:\Windows\System\QYskSUU.exe
  C:\Windows\System\QYskSUU.exe
  2⤵
  PID:3884
- C:\Windows\System\zTXmLGR.exe
  C:\Windows\System\zTXmLGR.exe
  2⤵
  PID:3908
- C:\Windows\System\Trqcfen.exe
  C:\Windows\System\Trqcfen.exe
  2⤵
  PID:3924
- C:\Windows\System\GYFrZCo.exe
  C:\Windows\System\GYFrZCo.exe
  2⤵
  PID:3940
- C:\Windows\System\dEkyBDF.exe
  C:\Windows\System\dEkyBDF.exe
  2⤵
  PID:3956
- C:\Windows\System\loDWRZR.exe
  C:\Windows\System\loDWRZR.exe
  2⤵
  PID:3996
- C:\Windows\System\rcEVWrD.exe
  C:\Windows\System\rcEVWrD.exe
  2⤵
  PID:4012
- C:\Windows\System\XCwQzlh.exe
  C:\Windows\System\XCwQzlh.exe
  2⤵
  PID:4032
- C:\Windows\System\QZXpmtw.exe
  C:\Windows\System\QZXpmtw.exe
  2⤵
  PID:4048
- C:\Windows\System\KzSLxcV.exe
  C:\Windows\System\KzSLxcV.exe
  2⤵
  PID:4064
- C:\Windows\System\YmCXhBT.exe
  C:\Windows\System\YmCXhBT.exe
  2⤵
  PID:4084
- C:\Windows\System\grGPThp.exe
  C:\Windows\System\grGPThp.exe
  2⤵
  PID:3076
- C:\Windows\System\uIqIpSY.exe
  C:\Windows\System\uIqIpSY.exe
  2⤵
  PID:3140
- C:\Windows\System\hcVjdYX.exe
  C:\Windows\System\hcVjdYX.exe
  2⤵
  PID:3180
- C:\Windows\System\wXeTyHY.exe
  C:\Windows\System\wXeTyHY.exe
  2⤵
  PID:3160
- C:\Windows\System\hUoRfYX.exe
  C:\Windows\System\hUoRfYX.exe
  2⤵
  PID:3228
- C:\Windows\System\mkZRJNp.exe
  C:\Windows\System\mkZRJNp.exe
  2⤵
  PID:3260
- C:\Windows\System\CsKwXMC.exe
  C:\Windows\System\CsKwXMC.exe
  2⤵
  PID:3304
- C:\Windows\System\qplRLXf.exe
  C:\Windows\System\qplRLXf.exe
  2⤵
  PID:3280
- C:\Windows\System\ETqdxQz.exe
  C:\Windows\System\ETqdxQz.exe
  2⤵
  PID:3340
- C:\Windows\System\PHSeRDv.exe
  C:\Windows\System\PHSeRDv.exe
  2⤵
  PID:3356
- C:\Windows\System\TSObxyU.exe
  C:\Windows\System\TSObxyU.exe
  2⤵
  PID:3420
- C:\Windows\System\keXZhWn.exe
  C:\Windows\System\keXZhWn.exe
  2⤵
  PID:3440
- C:\Windows\System\iHenSuw.exe
  C:\Windows\System\iHenSuw.exe
  2⤵
  PID:3468
- C:\Windows\System\yEdXfws.exe
  C:\Windows\System\yEdXfws.exe
  2⤵
  PID:3504
- C:\Windows\System\oZjyfuE.exe
  C:\Windows\System\oZjyfuE.exe
  2⤵
  PID:3580
- C:\Windows\System\BlHiWAz.exe
  C:\Windows\System\BlHiWAz.exe
  2⤵
  PID:3564
- C:\Windows\System\KuVdqkV.exe
  C:\Windows\System\KuVdqkV.exe
  2⤵
  PID:3624
- C:\Windows\System\VPqOBQN.exe
  C:\Windows\System\VPqOBQN.exe
  2⤵
  PID:3664
- C:\Windows\System\GmfmhAj.exe
  C:\Windows\System\GmfmhAj.exe
  2⤵
  PID:3676
- C:\Windows\System\xsPTEVp.exe
  C:\Windows\System\xsPTEVp.exe
  2⤵
  PID:3688
- C:\Windows\System\GsQNMdf.exe
  C:\Windows\System\GsQNMdf.exe
  2⤵
  PID:3728
- C:\Windows\System\CViqLJJ.exe
  C:\Windows\System\CViqLJJ.exe
  2⤵
  PID:3764
- C:\Windows\System\EYGnoVX.exe
  C:\Windows\System\EYGnoVX.exe
  2⤵
  PID:3788
- C:\Windows\System\ovOhsLP.exe
  C:\Windows\System\ovOhsLP.exe
  2⤵
  PID:3864
- C:\Windows\System\sQaXpyb.exe
  C:\Windows\System\sQaXpyb.exe
  2⤵
  PID:3876
- C:\Windows\System\SSeCZbv.exe
  C:\Windows\System\SSeCZbv.exe
  2⤵
  PID:3968
- C:\Windows\System\AhkNcYr.exe
  C:\Windows\System\AhkNcYr.exe
  2⤵
  PID:3980
- C:\Windows\System\dUHlXXO.exe
  C:\Windows\System\dUHlXXO.exe
  2⤵
  PID:3804
- C:\Windows\System\eXnwcKh.exe
  C:\Windows\System\eXnwcKh.exe
  2⤵
  PID:4024
- C:\Windows\System\cCPbgYZ.exe
  C:\Windows\System\cCPbgYZ.exe
  2⤵
  PID:4092
- C:\Windows\System\OdUhgzt.exe
  C:\Windows\System\OdUhgzt.exe
  2⤵
  PID:4004
- C:\Windows\System\WRCXliL.exe
  C:\Windows\System\WRCXliL.exe
  2⤵
  PID:3100
- C:\Windows\System\IuMBEGi.exe
  C:\Windows\System\IuMBEGi.exe
  2⤵
  PID:3088
- C:\Windows\System\svPWAuz.exe
  C:\Windows\System\svPWAuz.exe
  2⤵
  PID:3176
- C:\Windows\System\BUAdMIu.exe
  C:\Windows\System\BUAdMIu.exe
  2⤵
  PID:3256
- C:\Windows\System\mQDYIrh.exe
  C:\Windows\System\mQDYIrh.exe
  2⤵
  PID:3296
- C:\Windows\System\miHscZN.exe
  C:\Windows\System\miHscZN.exe
  2⤵
  PID:3380
- C:\Windows\System\MVDnxMZ.exe
  C:\Windows\System\MVDnxMZ.exe
  2⤵
  PID:3364
- C:\Windows\System\upbnaYs.exe
  C:\Windows\System\upbnaYs.exe
  2⤵
  PID:3396
- C:\Windows\System\TBvFnPF.exe
  C:\Windows\System\TBvFnPF.exe
  2⤵
  PID:3452
- C:\Windows\System\TKmtaiJ.exe
  C:\Windows\System\TKmtaiJ.exe
  2⤵
  PID:3528
- C:\Windows\System\pjoLFQN.exe
  C:\Windows\System\pjoLFQN.exe
  2⤵
  PID:3560
- C:\Windows\System\wgoVMtQ.exe
  C:\Windows\System\wgoVMtQ.exe
  2⤵
  PID:3644
- C:\Windows\System\OqhQRtE.exe
  C:\Windows\System\OqhQRtE.exe
  2⤵
  PID:3724
- C:\Windows\System\tqqITLN.exe
  C:\Windows\System\tqqITLN.exe
  2⤵
  PID:3456
- C:\Windows\System\wlkhCQh.exe
  C:\Windows\System\wlkhCQh.exe
  2⤵
  PID:3828
- C:\Windows\System\ckrpUUg.exe
  C:\Windows\System\ckrpUUg.exe
  2⤵
  PID:3964
- C:\Windows\System\bSttKpO.exe
  C:\Windows\System\bSttKpO.exe
  2⤵
  PID:3988
- C:\Windows\System\ruKIIwx.exe
  C:\Windows\System\ruKIIwx.exe
  2⤵
  PID:3920
- C:\Windows\System\HOTfnYE.exe
  C:\Windows\System\HOTfnYE.exe
  2⤵
  PID:2572
- C:\Windows\System\JNVfOZl.exe
  C:\Windows\System\JNVfOZl.exe
  2⤵
  PID:3084
- C:\Windows\System\CCqEool.exe
  C:\Windows\System\CCqEool.exe
  2⤵
  PID:3200
- C:\Windows\System\ResozJb.exe
  C:\Windows\System\ResozJb.exe
  2⤵
  PID:3172
- C:\Windows\System\QlVQeZH.exe
  C:\Windows\System\QlVQeZH.exe
  2⤵
  PID:3244
- C:\Windows\System\flyFHEC.exe
  C:\Windows\System\flyFHEC.exe
  2⤵
  PID:3484
- C:\Windows\System\CjenEGQ.exe
  C:\Windows\System\CjenEGQ.exe
  2⤵
  PID:3620
- C:\Windows\System\woPamdg.exe
  C:\Windows\System\woPamdg.exe
  2⤵
  PID:3556
- C:\Windows\System\TjuIcpV.exe
  C:\Windows\System\TjuIcpV.exe
  2⤵
  PID:2560
- C:\Windows\System\aTNvoIz.exe
  C:\Windows\System\aTNvoIz.exe
  2⤵
  PID:3824
- C:\Windows\System\oeFQDZY.exe
  C:\Windows\System\oeFQDZY.exe
  2⤵
  PID:3904
- C:\Windows\System\ZGWThKj.exe
  C:\Windows\System\ZGWThKj.exe
  2⤵
  PID:3972
- C:\Windows\System\axorvRp.exe
  C:\Windows\System\axorvRp.exe
  2⤵
  PID:3124
- C:\Windows\System\vvLNeGN.exe
  C:\Windows\System\vvLNeGN.exe
  2⤵
  PID:3292
- C:\Windows\System\ZFTyuBS.exe
  C:\Windows\System\ZFTyuBS.exe
  2⤵
  PID:3376
- C:\Windows\System\AGxoZMo.exe
  C:\Windows\System\AGxoZMo.exe
  2⤵
  PID:3436
- C:\Windows\System\xRiVYXO.exe
  C:\Windows\System\xRiVYXO.exe
  2⤵
  PID:3820
- C:\Windows\System\wPwaYWW.exe
  C:\Windows\System\wPwaYWW.exe
  2⤵
  PID:3844
- C:\Windows\System\JwApXKA.exe
  C:\Windows\System\JwApXKA.exe
  2⤵
  PID:1236
- C:\Windows\System\bUItkTE.exe
  C:\Windows\System\bUItkTE.exe
  2⤵
  PID:4060
- C:\Windows\System\USCnGET.exe
  C:\Windows\System\USCnGET.exe
  2⤵
  PID:3500
- C:\Windows\System\iDvxlLT.exe
  C:\Windows\System\iDvxlLT.exe
  2⤵
  PID:3704
- C:\Windows\System\TSeBBRz.exe
  C:\Windows\System\TSeBBRz.exe
  2⤵
  PID:3976
- C:\Windows\System\DokCOXx.exe
  C:\Windows\System\DokCOXx.exe
  2⤵
  PID:1728
- C:\Windows\System\UmqktkC.exe
  C:\Windows\System\UmqktkC.exe
  2⤵
  PID:3540
- C:\Windows\System\AyxcdIp.exe
  C:\Windows\System\AyxcdIp.exe
  2⤵
  PID:3900
- C:\Windows\System\zvkYugL.exe
  C:\Windows\System\zvkYugL.exe
  2⤵
  PID:3444
- C:\Windows\System\MhvZaYe.exe
  C:\Windows\System\MhvZaYe.exe
  2⤵
  PID:3896
- C:\Windows\System\BhqjzoD.exe
  C:\Windows\System\BhqjzoD.exe
  2⤵
  PID:3712
- C:\Windows\System\WPGzCZa.exe
  C:\Windows\System\WPGzCZa.exe
  2⤵
  PID:4120
- C:\Windows\System\RKRQZza.exe
  C:\Windows\System\RKRQZza.exe
  2⤵
  PID:4136
- C:\Windows\System\KprCYzg.exe
  C:\Windows\System\KprCYzg.exe
  2⤵
  PID:4152
- C:\Windows\System\WSfrYFJ.exe
  C:\Windows\System\WSfrYFJ.exe
  2⤵
  PID:4168
- C:\Windows\System\WYcdfmo.exe
  C:\Windows\System\WYcdfmo.exe
  2⤵
  PID:4188
- C:\Windows\System\KIfyqQh.exe
  C:\Windows\System\KIfyqQh.exe
  2⤵
  PID:4220
- C:\Windows\System\bANqmoW.exe
  C:\Windows\System\bANqmoW.exe
  2⤵
  PID:4240
- C:\Windows\System\pKKJnMF.exe
  C:\Windows\System\pKKJnMF.exe
  2⤵
  PID:4256
- C:\Windows\System\GJiQLmf.exe
  C:\Windows\System\GJiQLmf.exe
  2⤵
  PID:4272
- C:\Windows\System\drJiIAH.exe
  C:\Windows\System\drJiIAH.exe
  2⤵
  PID:4292
- C:\Windows\System\CbFskVZ.exe
  C:\Windows\System\CbFskVZ.exe
  2⤵
  PID:4320
- C:\Windows\System\wKVstbn.exe
  C:\Windows\System\wKVstbn.exe
  2⤵
  PID:4336
- C:\Windows\System\OFbbgXz.exe
  C:\Windows\System\OFbbgXz.exe
  2⤵
  PID:4356
- C:\Windows\System\guSiGKH.exe
  C:\Windows\System\guSiGKH.exe
  2⤵
  PID:4372
- C:\Windows\System\dDwydAW.exe
  C:\Windows\System\dDwydAW.exe
  2⤵
  PID:4400
- C:\Windows\System\GGZWCjo.exe
  C:\Windows\System\GGZWCjo.exe
  2⤵
  PID:4416
- C:\Windows\System\LSASpzS.exe
  C:\Windows\System\LSASpzS.exe
  2⤵
  PID:4436
- C:\Windows\System\fZMrkCg.exe
  C:\Windows\System\fZMrkCg.exe
  2⤵
  PID:4456
- C:\Windows\System\yKWECLE.exe
  C:\Windows\System\yKWECLE.exe
  2⤵
  PID:4484
- C:\Windows\System\wDSUBQg.exe
  C:\Windows\System\wDSUBQg.exe
  2⤵
  PID:4504
- C:\Windows\System\OLtTODW.exe
  C:\Windows\System\OLtTODW.exe
  2⤵
  PID:4520
- C:\Windows\System\LWaWKQe.exe
  C:\Windows\System\LWaWKQe.exe
  2⤵
  PID:4536
- C:\Windows\System\MzbYSWb.exe
  C:\Windows\System\MzbYSWb.exe
  2⤵
  PID:4552
- C:\Windows\System\VvAsmQf.exe
  C:\Windows\System\VvAsmQf.exe
  2⤵
  PID:4576
- C:\Windows\System\ITeCIzQ.exe
  C:\Windows\System\ITeCIzQ.exe
  2⤵
  PID:4604
- C:\Windows\System\LSCloFI.exe
  C:\Windows\System\LSCloFI.exe
  2⤵
  PID:4620
- C:\Windows\System\HZxfpUt.exe
  C:\Windows\System\HZxfpUt.exe
  2⤵
  PID:4644
- C:\Windows\System\hjAJtod.exe
  C:\Windows\System\hjAJtod.exe
  2⤵
  PID:4660
- C:\Windows\System\RzVaNHQ.exe
  C:\Windows\System\RzVaNHQ.exe
  2⤵
  PID:4684
- C:\Windows\System\XbAZRqG.exe
  C:\Windows\System\XbAZRqG.exe
  2⤵
  PID:4700
- C:\Windows\System\lrcviJD.exe
  C:\Windows\System\lrcviJD.exe
  2⤵
  PID:4724
- C:\Windows\System\PIuJUEi.exe
  C:\Windows\System\PIuJUEi.exe
  2⤵
  PID:4744
- C:\Windows\System\JnShJqq.exe
  C:\Windows\System\JnShJqq.exe
  2⤵
  PID:4764
- C:\Windows\System\AhkEzQb.exe
  C:\Windows\System\AhkEzQb.exe
  2⤵
  PID:4780
- C:\Windows\System\dZuwVco.exe
  C:\Windows\System\dZuwVco.exe
  2⤵
  PID:4800
- C:\Windows\System\ShFZUtA.exe
  C:\Windows\System\ShFZUtA.exe
  2⤵
  PID:4820
- C:\Windows\System\TKRtTPJ.exe
  C:\Windows\System\TKRtTPJ.exe
  2⤵
  PID:4840
- C:\Windows\System\ifuiDVd.exe
  C:\Windows\System\ifuiDVd.exe
  2⤵
  PID:4868
- C:\Windows\System\WkdYyiY.exe
  C:\Windows\System\WkdYyiY.exe
  2⤵
  PID:4884
- C:\Windows\System\xmYydRn.exe
  C:\Windows\System\xmYydRn.exe
  2⤵
  PID:4904
- C:\Windows\System\nNcTJxN.exe
  C:\Windows\System\nNcTJxN.exe
  2⤵
  PID:4920
- C:\Windows\System\KvEuTsR.exe
  C:\Windows\System\KvEuTsR.exe
  2⤵
  PID:4940
- C:\Windows\System\TiQMuqk.exe
  C:\Windows\System\TiQMuqk.exe
  2⤵
  PID:4968
- C:\Windows\System\hZVJAbm.exe
  C:\Windows\System\hZVJAbm.exe
  2⤵
  PID:4984
- C:\Windows\System\NRhtxGp.exe
  C:\Windows\System\NRhtxGp.exe
  2⤵
  PID:5004
- C:\Windows\System\cbWLdoH.exe
  C:\Windows\System\cbWLdoH.exe
  2⤵
  PID:5020
- C:\Windows\System\GyMzgnP.exe
  C:\Windows\System\GyMzgnP.exe
  2⤵
  PID:5040
- C:\Windows\System\YDvrjTn.exe
  C:\Windows\System\YDvrjTn.exe
  2⤵
  PID:5060
- C:\Windows\System\nqjSTkf.exe
  C:\Windows\System\nqjSTkf.exe
  2⤵
  PID:5076
- C:\Windows\System\MPmPnMB.exe
  C:\Windows\System\MPmPnMB.exe
  2⤵
  PID:5096
- C:\Windows\System\hCmKeCC.exe
  C:\Windows\System\hCmKeCC.exe
  2⤵
  PID:5112
- C:\Windows\System\ndPBjym.exe
  C:\Windows\System\ndPBjym.exe
  2⤵
  PID:4116
- C:\Windows\System\cNsXWmS.exe
  C:\Windows\System\cNsXWmS.exe
  2⤵
  PID:4184
- C:\Windows\System\yvnnJlf.exe
  C:\Windows\System\yvnnJlf.exe
  2⤵
  PID:4204
- C:\Windows\System\ArrUaCe.exe
  C:\Windows\System\ArrUaCe.exe
  2⤵
  PID:4236
- C:\Windows\System\khJXWZm.exe
  C:\Windows\System\khJXWZm.exe
  2⤵
  PID:4248
- C:\Windows\System\KkghteP.exe
  C:\Windows\System\KkghteP.exe
  2⤵
  PID:4300
- C:\Windows\System\ycskRVm.exe
  C:\Windows\System\ycskRVm.exe
  2⤵
  PID:4316
- C:\Windows\System\HxIJaxD.exe
  C:\Windows\System\HxIJaxD.exe
  2⤵
  PID:4348
- C:\Windows\System\YLSqOfH.exe
  C:\Windows\System\YLSqOfH.exe
  2⤵
  PID:4364
- C:\Windows\System\unnFUNn.exe
  C:\Windows\System\unnFUNn.exe
  2⤵
  PID:4408
- C:\Windows\System\NuhTNFx.exe
  C:\Windows\System\NuhTNFx.exe
  2⤵
  PID:4412
- C:\Windows\System\wNfWTTj.exe
  C:\Windows\System\wNfWTTj.exe
  2⤵
  PID:4480
- C:\Windows\System\VnhAfji.exe
  C:\Windows\System\VnhAfji.exe
  2⤵
  PID:4544
- C:\Windows\System\Gzyzvyp.exe
  C:\Windows\System\Gzyzvyp.exe
  2⤵
  PID:4568
- C:\Windows\System\SjCpsUJ.exe
  C:\Windows\System\SjCpsUJ.exe
  2⤵
  PID:4600
- C:\Windows\System\zPPtcNY.exe
  C:\Windows\System\zPPtcNY.exe
  2⤵
  PID:4640
- C:\Windows\System\eVHyAHM.exe
  C:\Windows\System\eVHyAHM.exe
  2⤵
  PID:4652
- C:\Windows\System\mBPnQyh.exe
  C:\Windows\System\mBPnQyh.exe
  2⤵
  PID:4708
- C:\Windows\System\prGlenH.exe
  C:\Windows\System\prGlenH.exe
  2⤵
  PID:4732
- C:\Windows\System\bCtGeIo.exe
  C:\Windows\System\bCtGeIo.exe
  2⤵
  PID:4760
- C:\Windows\System\RwzliBo.exe
  C:\Windows\System\RwzliBo.exe
  2⤵
  PID:4792
- C:\Windows\System\jJjMHIi.exe
  C:\Windows\System\jJjMHIi.exe
  2⤵
  PID:4848
- C:\Windows\System\YEeNrwQ.exe
  C:\Windows\System\YEeNrwQ.exe
  2⤵
  PID:4852
- C:\Windows\System\mqrOWBr.exe
  C:\Windows\System\mqrOWBr.exe
  2⤵
  PID:4880
- C:\Windows\System\NdTVlLh.exe
  C:\Windows\System\NdTVlLh.exe
  2⤵
  PID:4900
- C:\Windows\System\pbUePwT.exe
  C:\Windows\System\pbUePwT.exe
  2⤵
  PID:4960
- C:\Windows\System\xORHfVZ.exe
  C:\Windows\System\xORHfVZ.exe
  2⤵
  PID:4996
- C:\Windows\System\sOUDWZZ.exe
  C:\Windows\System\sOUDWZZ.exe
  2⤵
  PID:5068
- C:\Windows\System\VheOEMg.exe
  C:\Windows\System\VheOEMg.exe
  2⤵
  PID:5056
- C:\Windows\System\iWtfXzd.exe
  C:\Windows\System\iWtfXzd.exe
  2⤵
  PID:4144
- C:\Windows\System\inQtjUR.exe
  C:\Windows\System\inQtjUR.exe
  2⤵
  PID:5088
- C:\Windows\System\euONLGL.exe
  C:\Windows\System\euONLGL.exe
  2⤵
  PID:4112
- C:\Windows\System\IiVCnXP.exe
  C:\Windows\System\IiVCnXP.exe
  2⤵
  PID:4200
- C:\Windows\System\VWRvYEq.exe
  C:\Windows\System\VWRvYEq.exe
  2⤵
  PID:4280
- C:\Windows\System\jaITFle.exe
  C:\Windows\System\jaITFle.exe
  2⤵
  PID:4380
- C:\Windows\System\JDGTNMK.exe
  C:\Windows\System\JDGTNMK.exe
  2⤵
  PID:4424
- C:\Windows\System\fGSnZni.exe
  C:\Windows\System\fGSnZni.exe
  2⤵
  PID:4396
- C:\Windows\System\kfJsKKr.exe
  C:\Windows\System\kfJsKKr.exe
  2⤵
  PID:4468
- C:\Windows\System\gkweYDU.exe
  C:\Windows\System\gkweYDU.exe
  2⤵
  PID:4560
- C:\Windows\System\gpGnTyy.exe
  C:\Windows\System\gpGnTyy.exe
  2⤵
  PID:4592
- C:\Windows\System\ROwrjFT.exe
  C:\Windows\System\ROwrjFT.exe
  2⤵
  PID:4636
- C:\Windows\System\LuQhWLQ.exe
  C:\Windows\System\LuQhWLQ.exe
  2⤵
  PID:4712
- C:\Windows\System\aubqitT.exe
  C:\Windows\System\aubqitT.exe
  2⤵
  PID:4752
- C:\Windows\System\vyzuyAG.exe
  C:\Windows\System\vyzuyAG.exe
  2⤵
  PID:4936
- C:\Windows\System\McuvtCX.exe
  C:\Windows\System\McuvtCX.exe
  2⤵
  PID:4808
- C:\Windows\System\NlOcepr.exe
  C:\Windows\System\NlOcepr.exe
  2⤵
  PID:4916
- C:\Windows\System\aMapPks.exe
  C:\Windows\System\aMapPks.exe
  2⤵
  PID:4992
- C:\Windows\System\JcRClnQ.exe
  C:\Windows\System\JcRClnQ.exe
  2⤵
  PID:5016
- C:\Windows\System\bmMnzLC.exe
  C:\Windows\System\bmMnzLC.exe
  2⤵
  PID:4104
- C:\Windows\System\aBnFoZC.exe
  C:\Windows\System\aBnFoZC.exe
  2⤵
  PID:4216
- C:\Windows\System\xrJJzyQ.exe
  C:\Windows\System\xrJJzyQ.exe
  2⤵
  PID:4332
- C:\Windows\System\hAyUKQT.exe
  C:\Windows\System\hAyUKQT.exe
  2⤵
  PID:4432
- C:\Windows\System\AQItswO.exe
  C:\Windows\System\AQItswO.exe
  2⤵
  PID:4452
- C:\Windows\System\dcHhnQO.exe
  C:\Windows\System\dcHhnQO.exe
  2⤵
  PID:4656
- C:\Windows\System\ANEUGhN.exe
  C:\Windows\System\ANEUGhN.exe
  2⤵
  PID:4616
- C:\Windows\System\LweXOml.exe
  C:\Windows\System\LweXOml.exe
  2⤵
  PID:4812
- C:\Windows\System\ZBwOBxR.exe
  C:\Windows\System\ZBwOBxR.exe
  2⤵
  PID:4952
- C:\Windows\System\oRTpCXD.exe
  C:\Windows\System\oRTpCXD.exe
  2⤵
  PID:4912
- C:\Windows\System\gHXKZkU.exe
  C:\Windows\System\gHXKZkU.exe
  2⤵
  PID:5092
- C:\Windows\System\ecjhUal.exe
  C:\Windows\System\ecjhUal.exe
  2⤵
  PID:2212
- C:\Windows\System\AdwIiIs.exe
  C:\Windows\System\AdwIiIs.exe
  2⤵
  PID:4492
- C:\Windows\System\ijAjSXr.exe
  C:\Windows\System\ijAjSXr.exe
  2⤵
  PID:4588
- C:\Windows\System\DPLenqs.exe
  C:\Windows\System\DPLenqs.exe
  2⤵
  PID:4528
- C:\Windows\System\LGOeXHB.exe
  C:\Windows\System\LGOeXHB.exe
  2⤵
  PID:904
- C:\Windows\System\MzjgQVY.exe
  C:\Windows\System\MzjgQVY.exe
  2⤵
  PID:4108
- C:\Windows\System\JkrFvNm.exe
  C:\Windows\System\JkrFvNm.exe
  2⤵
  PID:4344
- C:\Windows\System\CwewdFH.exe
  C:\Windows\System\CwewdFH.exe
  2⤵
  PID:4980
- C:\Windows\System\tBjbeaf.exe
  C:\Windows\System\tBjbeaf.exe
  2⤵
  PID:4128
- C:\Windows\System\gUqgVGw.exe
  C:\Windows\System\gUqgVGw.exe
  2⤵
  PID:4564
- C:\Windows\System\gchxupJ.exe
  C:\Windows\System\gchxupJ.exe
  2⤵
  PID:5084
- C:\Windows\System\hiZAdHm.exe
  C:\Windows\System\hiZAdHm.exe
  2⤵
  PID:4308
- C:\Windows\System\dvmlGWx.exe
  C:\Windows\System\dvmlGWx.exe
  2⤵
  PID:4816
- C:\Windows\System\zzSwISF.exe
  C:\Windows\System\zzSwISF.exe
  2⤵
  PID:4516
- C:\Windows\System\RFzFPgy.exe
  C:\Windows\System\RFzFPgy.exe
  2⤵
  PID:4584
- C:\Windows\System\ewCmwUt.exe
  C:\Windows\System\ewCmwUt.exe
  2⤵
  PID:5032
- C:\Windows\System\sjkrtWN.exe
  C:\Windows\System\sjkrtWN.exe
  2⤵
  PID:944
- C:\Windows\System\uRZzxgJ.exe
  C:\Windows\System\uRZzxgJ.exe
  2⤵
  PID:4864
- C:\Windows\System\umampfj.exe
  C:\Windows\System\umampfj.exe
  2⤵
  PID:4312
- C:\Windows\System\lgwGycQ.exe
  C:\Windows\System\lgwGycQ.exe
  2⤵
  PID:5136
- C:\Windows\System\eTZOjZo.exe
  C:\Windows\System\eTZOjZo.exe
  2⤵
  PID:5152
- C:\Windows\System\FWgihht.exe
  C:\Windows\System\FWgihht.exe
  2⤵
  PID:5168
- C:\Windows\System\fsIpwoe.exe
  C:\Windows\System\fsIpwoe.exe
  2⤵
  PID:5188
- C:\Windows\System\gQCzSvP.exe
  C:\Windows\System\gQCzSvP.exe
  2⤵
  PID:5208
- C:\Windows\System\ysOuXYR.exe
  C:\Windows\System\ysOuXYR.exe
  2⤵
  PID:5232
- C:\Windows\System\iPHHDtc.exe
  C:\Windows\System\iPHHDtc.exe
  2⤵
  PID:5248
- C:\Windows\System\TnMwlbq.exe
  C:\Windows\System\TnMwlbq.exe
  2⤵
  PID:5280
- C:\Windows\System\sRBZRah.exe
  C:\Windows\System\sRBZRah.exe
  2⤵
  PID:5296
- C:\Windows\System\qXGOTxl.exe
  C:\Windows\System\qXGOTxl.exe
  2⤵
  PID:5312
- C:\Windows\System\tiOZfxx.exe
  C:\Windows\System\tiOZfxx.exe
  2⤵
  PID:5332
- C:\Windows\System\eETfpUX.exe
  C:\Windows\System\eETfpUX.exe
  2⤵
  PID:5360
- C:\Windows\System\WVsLJwp.exe
  C:\Windows\System\WVsLJwp.exe
  2⤵
  PID:5376
- C:\Windows\System\RzFjNYK.exe
  C:\Windows\System\RzFjNYK.exe
  2⤵
  PID:5392
- C:\Windows\System\JuIdUsD.exe
  C:\Windows\System\JuIdUsD.exe
  2⤵
  PID:5412
- C:\Windows\System\xFlQKou.exe
  C:\Windows\System\xFlQKou.exe
  2⤵
  PID:5432
- C:\Windows\System\qEugURe.exe
  C:\Windows\System\qEugURe.exe
  2⤵
  PID:5448
- C:\Windows\System\uaRorQx.exe
  C:\Windows\System\uaRorQx.exe
  2⤵
  PID:5472
- C:\Windows\System\XgrPXzl.exe
  C:\Windows\System\XgrPXzl.exe
  2⤵
  PID:5488
- C:\Windows\System\BhPMlEy.exe
  C:\Windows\System\BhPMlEy.exe
  2⤵
  PID:5504
- C:\Windows\System\TRjtdvL.exe
  C:\Windows\System\TRjtdvL.exe
  2⤵
  PID:5536
- C:\Windows\System\gmqChqA.exe
  C:\Windows\System\gmqChqA.exe
  2⤵
  PID:5552
- C:\Windows\System\nGaHkhd.exe
  C:\Windows\System\nGaHkhd.exe
  2⤵
  PID:5568
- C:\Windows\System\knwFKyk.exe
  C:\Windows\System\knwFKyk.exe
  2⤵
  PID:5596
- C:\Windows\System\CHDVLaY.exe
  C:\Windows\System\CHDVLaY.exe
  2⤵
  PID:5612
- C:\Windows\System\KhhcvmK.exe
  C:\Windows\System\KhhcvmK.exe
  2⤵
  PID:5632
- C:\Windows\System\jLkFeSX.exe
  C:\Windows\System\jLkFeSX.exe
  2⤵
  PID:5652
- C:\Windows\System\fSIZOdQ.exe
  C:\Windows\System\fSIZOdQ.exe
  2⤵
  PID:5680
- C:\Windows\System\FbSGYPC.exe
  C:\Windows\System\FbSGYPC.exe
  2⤵
  PID:5696
- C:\Windows\System\hQSMHsk.exe
  C:\Windows\System\hQSMHsk.exe
  2⤵
  PID:5720
- C:\Windows\System\RpUTFyd.exe
  C:\Windows\System\RpUTFyd.exe
  2⤵
  PID:5748
- C:\Windows\System\ZJxAcga.exe
  C:\Windows\System\ZJxAcga.exe
  2⤵
  PID:5768
- C:\Windows\System\ZsRQzUZ.exe
  C:\Windows\System\ZsRQzUZ.exe
  2⤵
  PID:5792
- C:\Windows\System\mQidIFw.exe
  C:\Windows\System\mQidIFw.exe
  2⤵
  PID:5812
- C:\Windows\System\rKvwuVe.exe
  C:\Windows\System\rKvwuVe.exe
  2⤵
  PID:5828
- C:\Windows\System\KHIHvcn.exe
  C:\Windows\System\KHIHvcn.exe
  2⤵
  PID:5844
- C:\Windows\System\TCJTMMR.exe
  C:\Windows\System\TCJTMMR.exe
  2⤵
  PID:5872
- C:\Windows\System\YCfEMzQ.exe
  C:\Windows\System\YCfEMzQ.exe
  2⤵
  PID:5888
- C:\Windows\System\rTfFVBu.exe
  C:\Windows\System\rTfFVBu.exe
  2⤵
  PID:5908
- C:\Windows\System\HaiXnbN.exe
  C:\Windows\System\HaiXnbN.exe
  2⤵
  PID:5924
- C:\Windows\System\mGCzcMi.exe
  C:\Windows\System\mGCzcMi.exe
  2⤵
  PID:5944
- C:\Windows\System\cKPfpJF.exe
  C:\Windows\System\cKPfpJF.exe
  2⤵
  PID:5972
- C:\Windows\System\JMbuPJO.exe
  C:\Windows\System\JMbuPJO.exe
  2⤵
  PID:5988
- C:\Windows\System\xdDbRHW.exe
  C:\Windows\System\xdDbRHW.exe
  2⤵
  PID:6008
- C:\Windows\System\iBYoNgI.exe
  C:\Windows\System\iBYoNgI.exe
  2⤵
  PID:6028
- C:\Windows\System\hsuIhIp.exe
  C:\Windows\System\hsuIhIp.exe
  2⤵
  PID:6044
- C:\Windows\System\BIcPIvR.exe
  C:\Windows\System\BIcPIvR.exe
  2⤵
  PID:6060
- C:\Windows\System\sLVTNCJ.exe
  C:\Windows\System\sLVTNCJ.exe
  2⤵
  PID:6084
- C:\Windows\System\LnmqeKj.exe
  C:\Windows\System\LnmqeKj.exe
  2⤵
  PID:6116
- C:\Windows\System\mDrIXuY.exe
  C:\Windows\System\mDrIXuY.exe
  2⤵
  PID:6132
- C:\Windows\System\oAUXeZZ.exe
  C:\Windows\System\oAUXeZZ.exe
  2⤵
  PID:5148
- C:\Windows\System\LAECsau.exe
  C:\Windows\System\LAECsau.exe
  2⤵
  PID:5204
- C:\Windows\System\toUdxpC.exe
  C:\Windows\System\toUdxpC.exe
  2⤵
  PID:5224
- C:\Windows\System\wxbOqHK.exe
  C:\Windows\System\wxbOqHK.exe
  2⤵
  PID:5264
- C:\Windows\System\aYqnbRf.exe
  C:\Windows\System\aYqnbRf.exe
  2⤵
  PID:5260
- C:\Windows\System\NXOocVM.exe
  C:\Windows\System\NXOocVM.exe
  2⤵
  PID:5340
- C:\Windows\System\yFfRLQm.exe
  C:\Windows\System\yFfRLQm.exe
  2⤵
  PID:5352
- C:\Windows\System\zuqzsFA.exe
  C:\Windows\System\zuqzsFA.exe
  2⤵
  PID:5428
- C:\Windows\System\CtKCvRe.exe
  C:\Windows\System\CtKCvRe.exe
  2⤵
  PID:5368
- C:\Windows\System\ZrUmcGI.exe
  C:\Windows\System\ZrUmcGI.exe
  2⤵
  PID:5468
- C:\Windows\System\qBHAdnT.exe
  C:\Windows\System\qBHAdnT.exe
  2⤵
  PID:5532
- C:\Windows\System\jpwXpOW.exe
  C:\Windows\System\jpwXpOW.exe
  2⤵
  PID:5580
- C:\Windows\System\YIILPAx.exe
  C:\Windows\System\YIILPAx.exe
  2⤵
  PID:5520
- C:\Windows\System\JrBNMoH.exe
  C:\Windows\System\JrBNMoH.exe
  2⤵
  PID:5560
- C:\Windows\System\JrpWWPX.exe
  C:\Windows\System\JrpWWPX.exe
  2⤵
  PID:5676
- C:\Windows\System\hjJIyon.exe
  C:\Windows\System\hjJIyon.exe
  2⤵
  PID:5648
- C:\Windows\System\XpJdnUU.exe
  C:\Windows\System\XpJdnUU.exe
  2⤵
  PID:5716
- C:\Windows\System\WXTCnlX.exe
  C:\Windows\System\WXTCnlX.exe
  2⤵
  PID:4428
- C:\Windows\System\uMGxcPt.exe
  C:\Windows\System\uMGxcPt.exe
  2⤵
  PID:5780
- C:\Windows\System\QXPaVIT.exe
  C:\Windows\System\QXPaVIT.exe
  2⤵
  PID:5800
- C:\Windows\System\oelPUkE.exe
  C:\Windows\System\oelPUkE.exe
  2⤵
  PID:5836
- C:\Windows\System\ehFvzfQ.exe
  C:\Windows\System\ehFvzfQ.exe
  2⤵
  PID:5864
- C:\Windows\System\VsmPLni.exe
  C:\Windows\System\VsmPLni.exe
  2⤵
  PID:5916
- C:\Windows\System\ccMDjfc.exe
  C:\Windows\System\ccMDjfc.exe
  2⤵
  PID:5956
- C:\Windows\System\EONaJSo.exe
  C:\Windows\System\EONaJSo.exe
  2⤵
  PID:5964
- C:\Windows\System\HDwNDnP.exe
  C:\Windows\System\HDwNDnP.exe
  2⤵
  PID:5996
- C:\Windows\System\erHUEhI.exe
  C:\Windows\System\erHUEhI.exe
  2⤵
  PID:6036
- C:\Windows\System\izmvRjW.exe
  C:\Windows\System\izmvRjW.exe
  2⤵
  PID:6068
- C:\Windows\System\bTQlwbH.exe
  C:\Windows\System\bTQlwbH.exe
  2⤵
  PID:6092
- C:\Windows\System\rWWIzaV.exe
  C:\Windows\System\rWWIzaV.exe
  2⤵
  PID:6104
- C:\Windows\System\fDWBhwT.exe
  C:\Windows\System\fDWBhwT.exe
  2⤵
  PID:5164
- C:\Windows\System\AUSYelw.exe
  C:\Windows\System\AUSYelw.exe
  2⤵
  PID:4512
- C:\Windows\System\woSMjrw.exe
  C:\Windows\System\woSMjrw.exe
  2⤵
  PID:5292
- C:\Windows\System\dSfzpDm.exe
  C:\Windows\System\dSfzpDm.exe
  2⤵
  PID:5268
- C:\Windows\System\iGORCer.exe
  C:\Windows\System\iGORCer.exe
  2⤵
  PID:4628
- C:\Windows\System\bsmcapU.exe
  C:\Windows\System\bsmcapU.exe
  2⤵
  PID:5464
- C:\Windows\System\vqhVaZI.exe
  C:\Windows\System\vqhVaZI.exe
  2⤵
  PID:5408
- C:\Windows\System\TcrDOrn.exe
  C:\Windows\System\TcrDOrn.exe
  2⤵
  PID:5484
- C:\Windows\System\WKNNKFs.exe
  C:\Windows\System\WKNNKFs.exe
  2⤵
  PID:5660
- C:\Windows\System\tKmbXUD.exe
  C:\Windows\System\tKmbXUD.exe
  2⤵
  PID:5668
- C:\Windows\System\RTYSVsV.exe
  C:\Windows\System\RTYSVsV.exe
  2⤵
  PID:5712
- C:\Windows\System\XDPzdfN.exe
  C:\Windows\System\XDPzdfN.exe
  2⤵
  PID:5620
- C:\Windows\System\LDxaHPj.exe
  C:\Windows\System\LDxaHPj.exe
  2⤵
  PID:5776
- C:\Windows\System\lhIndAQ.exe
  C:\Windows\System\lhIndAQ.exe
  2⤵
  PID:5852
- C:\Windows\System\oqAsEqC.exe
  C:\Windows\System\oqAsEqC.exe
  2⤵
  PID:5868
- C:\Windows\System\jUJfEwT.exe
  C:\Windows\System\jUJfEwT.exe
  2⤵
  PID:5920
- C:\Windows\System\ZoHQtCO.exe
  C:\Windows\System\ZoHQtCO.exe
  2⤵
  PID:5980
- C:\Windows\System\Qwemqtb.exe
  C:\Windows\System\Qwemqtb.exe
  2⤵
  PID:6056
- C:\Windows\System\nJGBvos.exe
  C:\Windows\System\nJGBvos.exe
  2⤵
  PID:5128
- C:\Windows\System\nDKSqDM.exe
  C:\Windows\System\nDKSqDM.exe
  2⤵
  PID:5180
- C:\Windows\System\xrhFmzZ.exe
  C:\Windows\System\xrhFmzZ.exe
  2⤵
  PID:5200
- C:\Windows\System\OTQziKA.exe
  C:\Windows\System\OTQziKA.exe
  2⤵
  PID:5256
- C:\Windows\System\EHwcqdq.exe
  C:\Windows\System\EHwcqdq.exe
  2⤵
  PID:5588
- C:\Windows\System\PnlYYTL.exe
  C:\Windows\System\PnlYYTL.exe
  2⤵
  PID:5400
- C:\Windows\System\aFigBSg.exe
  C:\Windows\System\aFigBSg.exe
  2⤵
  PID:5608
- C:\Windows\System\vKaCKeK.exe
  C:\Windows\System\vKaCKeK.exe
  2⤵
  PID:5736
- C:\Windows\System\TVWTWJy.exe
  C:\Windows\System\TVWTWJy.exe
  2⤵
  PID:5760
- C:\Windows\System\zWOmcts.exe
  C:\Windows\System\zWOmcts.exe
  2⤵
  PID:5900
- C:\Windows\System\wixuLcq.exe
  C:\Windows\System\wixuLcq.exe
  2⤵
  PID:6040
- C:\Windows\System\QXoSYMj.exe
  C:\Windows\System\QXoSYMj.exe
  2⤵
  PID:5860
- C:\Windows\System\XTZEZVz.exe
  C:\Windows\System\XTZEZVz.exe
  2⤵
  PID:6108
- C:\Windows\System\hSFbiOu.exe
  C:\Windows\System\hSFbiOu.exe
  2⤵
  PID:5272
- C:\Windows\System\VQHzVMW.exe
  C:\Windows\System\VQHzVMW.exe
  2⤵
  PID:5196
- C:\Windows\System\bpjPmEj.exe
  C:\Windows\System\bpjPmEj.exe
  2⤵
  PID:5576
- C:\Windows\System\jcxmBZT.exe
  C:\Windows\System\jcxmBZT.exe
  2⤵
  PID:5704
- C:\Windows\System\vJvfrHC.exe
  C:\Windows\System\vJvfrHC.exe
  2⤵
  PID:5788
- C:\Windows\System\QLfSauW.exe
  C:\Windows\System\QLfSauW.exe
  2⤵
  PID:5984
- C:\Windows\System\nPzwUgu.exe
  C:\Windows\System\nPzwUgu.exe
  2⤵
  PID:5968
- C:\Windows\System\BhnAoiy.exe
  C:\Windows\System\BhnAoiy.exe
  2⤵
  PID:5320
- C:\Windows\System\GorcbSO.exe
  C:\Windows\System\GorcbSO.exe
  2⤵
  PID:5740
- C:\Windows\System\wlowhoK.exe
  C:\Windows\System\wlowhoK.exe
  2⤵
  PID:5384
- C:\Windows\System\fOAPxfH.exe
  C:\Windows\System\fOAPxfH.exe
  2⤵
  PID:6080
- C:\Windows\System\veqnkFJ.exe
  C:\Windows\System\veqnkFJ.exe
  2⤵
  PID:5932
- C:\Windows\System\Cqkotvm.exe
  C:\Windows\System\Cqkotvm.exe
  2⤵
  PID:5528
- C:\Windows\System\iVgezTP.exe
  C:\Windows\System\iVgezTP.exe
  2⤵
  PID:6172
- C:\Windows\System\GcxjGvJ.exe
  C:\Windows\System\GcxjGvJ.exe
  2⤵
  PID:6192
- C:\Windows\System\gnhSAXJ.exe
  C:\Windows\System\gnhSAXJ.exe
  2⤵
  PID:6212
- C:\Windows\System\rUdwcGl.exe
  C:\Windows\System\rUdwcGl.exe
  2⤵
  PID:6236
- C:\Windows\System\OFEfjoi.exe
  C:\Windows\System\OFEfjoi.exe
  2⤵
  PID:6252
- C:\Windows\System\ykAXgpn.exe
  C:\Windows\System\ykAXgpn.exe
  2⤵
  PID:6272
- C:\Windows\System\kzysLLp.exe
  C:\Windows\System\kzysLLp.exe
  2⤵
  PID:6300
- C:\Windows\System\dzhYxZk.exe
  C:\Windows\System\dzhYxZk.exe
  2⤵
  PID:6320
- C:\Windows\System\LmGjngp.exe
  C:\Windows\System\LmGjngp.exe
  2⤵
  PID:6336
- C:\Windows\System\tWwREub.exe
  C:\Windows\System\tWwREub.exe
  2⤵
  PID:6352
- C:\Windows\System\bOZghdA.exe
  C:\Windows\System\bOZghdA.exe
  2⤵
  PID:6376
- C:\Windows\System\YAmSrzF.exe
  C:\Windows\System\YAmSrzF.exe
  2⤵
  PID:6400
- C:\Windows\System\QWlfACz.exe
  C:\Windows\System\QWlfACz.exe
  2⤵
  PID:6416
- C:\Windows\System\fJMuivD.exe
  C:\Windows\System\fJMuivD.exe
  2⤵
  PID:6440
- C:\Windows\System\eFJyBMJ.exe
  C:\Windows\System\eFJyBMJ.exe
  2⤵
  PID:6456
- C:\Windows\System\lGchzUc.exe
  C:\Windows\System\lGchzUc.exe
  2⤵
  PID:6480
- C:\Windows\System\RDCbFux.exe
  C:\Windows\System\RDCbFux.exe
  2⤵
  PID:6500
- C:\Windows\System\auWniff.exe
  C:\Windows\System\auWniff.exe
  2⤵
  PID:6520
- C:\Windows\System\uELGTcu.exe
  C:\Windows\System\uELGTcu.exe
  2⤵
  PID:6536
- C:\Windows\System\IKzzEAT.exe
  C:\Windows\System\IKzzEAT.exe
  2⤵
  PID:6560
- C:\Windows\System\BaoIpSt.exe
  C:\Windows\System\BaoIpSt.exe
  2⤵
  PID:6576
- C:\Windows\System\XegWZQz.exe
  C:\Windows\System\XegWZQz.exe
  2⤵
  PID:6596
- C:\Windows\System\dzZdlPC.exe
  C:\Windows\System\dzZdlPC.exe
  2⤵
  PID:6612
- C:\Windows\System\LuBrAZm.exe
  C:\Windows\System\LuBrAZm.exe
  2⤵
  PID:6628
- C:\Windows\System\jThuslp.exe
  C:\Windows\System\jThuslp.exe
  2⤵
  PID:6656
- C:\Windows\System\mciCIQG.exe
  C:\Windows\System\mciCIQG.exe
  2⤵
  PID:6672
- C:\Windows\System\tLyBuku.exe
  C:\Windows\System\tLyBuku.exe
  2⤵
  PID:6688
- C:\Windows\System\llSTcMI.exe
  C:\Windows\System\llSTcMI.exe
  2⤵
  PID:6712
- C:\Windows\System\qixjTuk.exe
  C:\Windows\System\qixjTuk.exe
  2⤵
  PID:6736
- C:\Windows\System\pAVvOmw.exe
  C:\Windows\System\pAVvOmw.exe
  2⤵
  PID:6760
- C:\Windows\System\qpcXqed.exe
  C:\Windows\System\qpcXqed.exe
  2⤵
  PID:6776
- C:\Windows\System\xIoOLLV.exe
  C:\Windows\System\xIoOLLV.exe
  2⤵
  PID:6792
- C:\Windows\System\oywiIzP.exe
  C:\Windows\System\oywiIzP.exe
  2⤵
  PID:6808
- C:\Windows\System\NUvMsRh.exe
  C:\Windows\System\NUvMsRh.exe
  2⤵
  PID:6824
- C:\Windows\System\sgybXLQ.exe
  C:\Windows\System\sgybXLQ.exe
  2⤵
  PID:6856
- C:\Windows\System\xeJNNgO.exe
  C:\Windows\System\xeJNNgO.exe
  2⤵
  PID:6872
- C:\Windows\System\uWnGfPE.exe
  C:\Windows\System\uWnGfPE.exe
  2⤵
  PID:6888
- C:\Windows\System\nRXILgX.exe
  C:\Windows\System\nRXILgX.exe
  2⤵
  PID:6904
- C:\Windows\System\pnttVAo.exe
  C:\Windows\System\pnttVAo.exe
  2⤵
  PID:6944
- C:\Windows\System\ZPLTYAR.exe
  C:\Windows\System\ZPLTYAR.exe
  2⤵
  PID:6964
- C:\Windows\System\lTpiGjm.exe
  C:\Windows\System\lTpiGjm.exe
  2⤵
  PID:6980
- C:\Windows\System\zvNSqJp.exe
  C:\Windows\System\zvNSqJp.exe
  2⤵
  PID:6996
- C:\Windows\System\afgclwm.exe
  C:\Windows\System\afgclwm.exe
  2⤵
  PID:7012
- C:\Windows\System\jGwJOrO.exe
  C:\Windows\System\jGwJOrO.exe
  2⤵
  PID:7044
- C:\Windows\System\TIAuOXl.exe
  C:\Windows\System\TIAuOXl.exe
  2⤵
  PID:7060
- C:\Windows\System\yKjCTab.exe
  C:\Windows\System\yKjCTab.exe
  2⤵
  PID:7084
- C:\Windows\System\tyleyxI.exe
  C:\Windows\System\tyleyxI.exe
  2⤵
  PID:7100
- C:\Windows\System\OnOnqdr.exe
  C:\Windows\System\OnOnqdr.exe
  2⤵
  PID:7116
- C:\Windows\System\sZaomlV.exe
  C:\Windows\System\sZaomlV.exe
  2⤵
  PID:7140
- C:\Windows\System\NBfcPYc.exe
  C:\Windows\System\NBfcPYc.exe
  2⤵
  PID:7164
- C:\Windows\System\mTRvpZB.exe
  C:\Windows\System\mTRvpZB.exe
  2⤵
  PID:6140
- C:\Windows\System\WTuCYXA.exe
  C:\Windows\System\WTuCYXA.exe
  2⤵
  PID:6164
- C:\Windows\System\whqzaWm.exe
  C:\Windows\System\whqzaWm.exe
  2⤵
  PID:6168
- C:\Windows\System\YztcINK.exe
  C:\Windows\System\YztcINK.exe
  2⤵
  PID:6200
- C:\Windows\System\aumRNWs.exe
  C:\Windows\System\aumRNWs.exe
  2⤵
  PID:6228
- C:\Windows\System\vacPSVa.exe
  C:\Windows\System\vacPSVa.exe
  2⤵
  PID:6248
- C:\Windows\System\NRvKFbR.exe
  C:\Windows\System\NRvKFbR.exe
  2⤵
  PID:5804
- C:\Windows\System\EprKjKV.exe
  C:\Windows\System\EprKjKV.exe
  2⤵
  PID:6332
- C:\Windows\System\tSLWROt.exe
  C:\Windows\System\tSLWROt.exe
  2⤵
  PID:6368
- C:\Windows\System\RsQKYwK.exe
  C:\Windows\System\RsQKYwK.exe
  2⤵
  PID:6396
- C:\Windows\System\rtvByXz.exe
  C:\Windows\System\rtvByXz.exe
  2⤵
  PID:6436
- C:\Windows\System\sGRgGAx.exe
  C:\Windows\System\sGRgGAx.exe
  2⤵
  PID:6468
- C:\Windows\System\cSWztyT.exe
  C:\Windows\System\cSWztyT.exe
  2⤵
  PID:6508
- C:\Windows\System\BZbNMeJ.exe
  C:\Windows\System\BZbNMeJ.exe
  2⤵
  PID:6528
- C:\Windows\System\sXJnmny.exe
  C:\Windows\System\sXJnmny.exe
  2⤵
  PID:6556
- C:\Windows\System\fLGTDQK.exe
  C:\Windows\System\fLGTDQK.exe
  2⤵
  PID:6636
- C:\Windows\System\IjtdAcs.exe
  C:\Windows\System\IjtdAcs.exe
  2⤵
  PID:6648
- C:\Windows\System\AGFKxpx.exe
  C:\Windows\System\AGFKxpx.exe
  2⤵
  PID:6696
- C:\Windows\System\kNheKMG.exe
  C:\Windows\System\kNheKMG.exe
  2⤵
  PID:6724
- C:\Windows\System\YpgwYRD.exe
  C:\Windows\System\YpgwYRD.exe
  2⤵
  PID:6744
- C:\Windows\System\cAbqDLM.exe
  C:\Windows\System\cAbqDLM.exe
  2⤵
  PID:6768
- C:\Windows\System\OfAoKTd.exe
  C:\Windows\System\OfAoKTd.exe
  2⤵
  PID:6820
- C:\Windows\System\XHeIXmP.exe
  C:\Windows\System\XHeIXmP.exe
  2⤵
  PID:6836
- C:\Windows\System\ariQYou.exe
  C:\Windows\System\ariQYou.exe
  2⤵
  PID:6896
- C:\Windows\System\fGcXsJM.exe
  C:\Windows\System\fGcXsJM.exe
  2⤵
  PID:6912
- C:\Windows\System\VTwlrDD.exe
  C:\Windows\System\VTwlrDD.exe
  2⤵
  PID:6956
- C:\Windows\System\ruPAkNw.exe
  C:\Windows\System\ruPAkNw.exe
  2⤵
  PID:6992
- C:\Windows\System\HTWzpum.exe
  C:\Windows\System\HTWzpum.exe
  2⤵
  PID:7036
- C:\Windows\System\UbQtaLD.exe
  C:\Windows\System\UbQtaLD.exe
  2⤵
  PID:7052
- C:\Windows\System\tFZLaAw.exe
  C:\Windows\System\tFZLaAw.exe
  2⤵
  PID:7080
- C:\Windows\System\sZdbiDs.exe
  C:\Windows\System\sZdbiDs.exe
  2⤵
  PID:7124
- C:\Windows\System\pPbPQrK.exe
  C:\Windows\System\pPbPQrK.exe
  2⤵
  PID:7156
- C:\Windows\System\tLwBQsC.exe
  C:\Windows\System\tLwBQsC.exe
  2⤵
  PID:6076
- C:\Windows\System\cUUPXLi.exe
  C:\Windows\System\cUUPXLi.exe
  2⤵
  PID:6184
- C:\Windows\System\daloUTG.exe
  C:\Windows\System\daloUTG.exe
  2⤵
  PID:6268
- C:\Windows\System\TcduqSS.exe
  C:\Windows\System\TcduqSS.exe
  2⤵
  PID:6312
- C:\Windows\System\lBgFbwO.exe
  C:\Windows\System\lBgFbwO.exe
  2⤵
  PID:6296
- C:\Windows\System\OUNtyNi.exe
  C:\Windows\System\OUNtyNi.exe
  2⤵
  PID:6392
- C:\Windows\System\QxgGTdI.exe
  C:\Windows\System\QxgGTdI.exe
  2⤵
  PID:6448
- C:\Windows\System\vLbgcBG.exe
  C:\Windows\System\vLbgcBG.exe
  2⤵
  PID:6476
- C:\Windows\System\LBYOCla.exe
  C:\Windows\System\LBYOCla.exe
  2⤵
  PID:6512
- C:\Windows\System\agJwzSn.exe
  C:\Windows\System\agJwzSn.exe
  2⤵
  PID:6644
- C:\Windows\System\omTfUSd.exe
  C:\Windows\System\omTfUSd.exe
  2⤵
  PID:6664
- C:\Windows\System\nuLaRWI.exe
  C:\Windows\System\nuLaRWI.exe
  2⤵
  PID:6708
- C:\Windows\System\nWgbZpT.exe
  C:\Windows\System\nWgbZpT.exe
  2⤵
  PID:6816
- C:\Windows\System\gWfbBNG.exe
  C:\Windows\System\gWfbBNG.exe
  2⤵
  PID:6868
- C:\Windows\System\UTbJZEI.exe
  C:\Windows\System\UTbJZEI.exe
  2⤵
  PID:6920
- C:\Windows\System\sKmSszK.exe
  C:\Windows\System\sKmSszK.exe
  2⤵
  PID:6732
- C:\Windows\System\Neegtwq.exe
  C:\Windows\System\Neegtwq.exe
  2⤵
  PID:7032
- C:\Windows\System\GKtkWFX.exe
  C:\Windows\System\GKtkWFX.exe
  2⤵
  PID:7112
- C:\Windows\System\lwlGfGx.exe
  C:\Windows\System\lwlGfGx.exe
  2⤵
  PID:7096
- C:\Windows\System\LbPYLKE.exe
  C:\Windows\System\LbPYLKE.exe
  2⤵
  PID:6288
- C:\Windows\System\fzIOkBe.exe
  C:\Windows\System\fzIOkBe.exe
  2⤵
  PID:6052
- C:\Windows\System\kTlKdkr.exe
  C:\Windows\System\kTlKdkr.exe
  2⤵
  PID:6260
- C:\Windows\System\RxJXKDd.exe
  C:\Windows\System\RxJXKDd.exe
  2⤵
  PID:6360
- C:\Windows\System\nJKJSSB.exe
  C:\Windows\System\nJKJSSB.exe
  2⤵
  PID:6544
- C:\Windows\System\tgpRUxO.exe
  C:\Windows\System\tgpRUxO.exe
  2⤵
  PID:6532
- C:\Windows\System\yjotRIA.exe
  C:\Windows\System\yjotRIA.exe
  2⤵
  PID:6608
- C:\Windows\System\tsdelDa.exe
  C:\Windows\System\tsdelDa.exe
  2⤵
  PID:6720
- C:\Windows\System\LmyPzNz.exe
  C:\Windows\System\LmyPzNz.exe
  2⤵
  PID:6704
- C:\Windows\System\SMRiEPn.exe
  C:\Windows\System\SMRiEPn.exe
  2⤵
  PID:6840
- C:\Windows\System\Sthtblt.exe
  C:\Windows\System\Sthtblt.exe
  2⤵
  PID:6884
- C:\Windows\System\YrkttbX.exe
  C:\Windows\System\YrkttbX.exe
  2⤵
  PID:1404
- C:\Windows\System\GGmFIAO.exe
  C:\Windows\System\GGmFIAO.exe
  2⤵
  PID:2564
- C:\Windows\System\TnjLEtn.exe
  C:\Windows\System\TnjLEtn.exe
  2⤵
  PID:1500
- C:\Windows\System\BHcZfUZ.exe
  C:\Windows\System\BHcZfUZ.exe
  2⤵
  PID:5820
- C:\Windows\System\MDcYzyO.exe
  C:\Windows\System\MDcYzyO.exe
  2⤵
  PID:7128
- C:\Windows\System\jGlqRkp.exe
  C:\Windows\System\jGlqRkp.exe
  2⤵
  PID:6152
- C:\Windows\System\DXHTHjD.exe
  C:\Windows\System\DXHTHjD.exe
  2⤵
  PID:6224
- C:\Windows\System\tgHncXL.exe
  C:\Windows\System\tgHncXL.exe
  2⤵
  PID:6388
- C:\Windows\System\JVWaxiS.exe
  C:\Windows\System\JVWaxiS.exe
  2⤵
  PID:6588
- C:\Windows\System\FFQcfMS.exe
  C:\Windows\System\FFQcfMS.exe
  2⤵
  PID:6756
- C:\Windows\System\fAhysJc.exe
  C:\Windows\System\fAhysJc.exe
  2⤵
  PID:6972
- C:\Windows\System\YymhdGF.exe
  C:\Windows\System\YymhdGF.exe
  2⤵
  PID:6988
- C:\Windows\System\YWQsHkP.exe
  C:\Windows\System\YWQsHkP.exe
  2⤵
  PID:1312
- C:\Windows\System\SqrHKXA.exe
  C:\Windows\System\SqrHKXA.exe
  2⤵
  PID:7072
- C:\Windows\System\nJqHQvO.exe
  C:\Windows\System\nJqHQvO.exe
  2⤵
  PID:6244
- C:\Windows\System\MxbbTEb.exe
  C:\Windows\System\MxbbTEb.exe
  2⤵
  PID:5160
- C:\Windows\System\ebXYeMa.exe
  C:\Windows\System\ebXYeMa.exe
  2⤵
  PID:6784
- C:\Windows\System\nYzCOSF.exe
  C:\Windows\System\nYzCOSF.exe
  2⤵
  PID:6924
- C:\Windows\System\OMSPcMw.exe
  C:\Windows\System\OMSPcMw.exe
  2⤵
  PID:7136
- C:\Windows\System\FMJtwhL.exe
  C:\Windows\System\FMJtwhL.exe
  2⤵
  PID:6428
- C:\Windows\System\nFcqsji.exe
  C:\Windows\System\nFcqsji.exe
  2⤵
  PID:2044
- C:\Windows\System\CPzDkwg.exe
  C:\Windows\System\CPzDkwg.exe
  2⤵
  PID:7076
- C:\Windows\System\LcAEtYm.exe
  C:\Windows\System\LcAEtYm.exe
  2⤵
  PID:6976
- C:\Windows\System\gMSNbAT.exe
  C:\Windows\System\gMSNbAT.exe
  2⤵
  PID:7176
- C:\Windows\System\qfCJssE.exe
  C:\Windows\System\qfCJssE.exe
  2⤵
  PID:7196
- C:\Windows\System\pnLGhOa.exe
  C:\Windows\System\pnLGhOa.exe
  2⤵
  PID:7212
- C:\Windows\System\lbIPeTU.exe
  C:\Windows\System\lbIPeTU.exe
  2⤵
  PID:7228
- C:\Windows\System\WcxXtFs.exe
  C:\Windows\System\WcxXtFs.exe
  2⤵
  PID:7248
- C:\Windows\System\neCzexm.exe
  C:\Windows\System\neCzexm.exe
  2⤵
  PID:7264
- C:\Windows\System\ReaNGIo.exe
  C:\Windows\System\ReaNGIo.exe
  2⤵
  PID:7280
- C:\Windows\System\cXTskzM.exe
  C:\Windows\System\cXTskzM.exe
  2⤵
  PID:7296
- C:\Windows\System\qiViNPZ.exe
  C:\Windows\System\qiViNPZ.exe
  2⤵
  PID:7316
- C:\Windows\System\hDBOIdB.exe
  C:\Windows\System\hDBOIdB.exe
  2⤵
  PID:7332
- C:\Windows\System\YiZSvcQ.exe
  C:\Windows\System\YiZSvcQ.exe
  2⤵
  PID:7348
- C:\Windows\System\ypPmJLK.exe
  C:\Windows\System\ypPmJLK.exe
  2⤵
  PID:7364
- C:\Windows\System\bWRiuXE.exe
  C:\Windows\System\bWRiuXE.exe
  2⤵
  PID:7384
- C:\Windows\System\hCzSmyg.exe
  C:\Windows\System\hCzSmyg.exe
  2⤵
  PID:7400
- C:\Windows\System\EDUDTSh.exe
  C:\Windows\System\EDUDTSh.exe
  2⤵
  PID:7416
- C:\Windows\System\QBrRLqM.exe
  C:\Windows\System\QBrRLqM.exe
  2⤵
  PID:7432
- C:\Windows\System\uGfBrPr.exe
  C:\Windows\System\uGfBrPr.exe
  2⤵
  PID:7448
- C:\Windows\System\objibZq.exe
  C:\Windows\System\objibZq.exe
  2⤵
  PID:7464
- C:\Windows\System\rUrhUto.exe
  C:\Windows\System\rUrhUto.exe
  2⤵
  PID:7480
- C:\Windows\System\fjxUiJN.exe
  C:\Windows\System\fjxUiJN.exe
  2⤵
  PID:7496
- C:\Windows\System\eCJQbcM.exe
  C:\Windows\System\eCJQbcM.exe
  2⤵
  PID:7512
- C:\Windows\System\HvvMPUB.exe
  C:\Windows\System\HvvMPUB.exe
  2⤵
  PID:7528
- C:\Windows\System\ZFahqEF.exe
  C:\Windows\System\ZFahqEF.exe
  2⤵
  PID:7544
- C:\Windows\System\KOtvkFH.exe
  C:\Windows\System\KOtvkFH.exe
  2⤵
  PID:7560
- C:\Windows\System\QwBalDa.exe
  C:\Windows\System\QwBalDa.exe
  2⤵
  PID:7576
- C:\Windows\System\DXHosVw.exe
  C:\Windows\System\DXHosVw.exe
  2⤵
  PID:7596
- C:\Windows\System\KaVfOZU.exe
  C:\Windows\System\KaVfOZU.exe
  2⤵
  PID:7612
- C:\Windows\System\HZpmZLM.exe
  C:\Windows\System\HZpmZLM.exe
  2⤵
  PID:7636
- C:\Windows\System\GxlVVLO.exe
  C:\Windows\System\GxlVVLO.exe
  2⤵
  PID:7652
- C:\Windows\System\NSpzXsL.exe
  C:\Windows\System\NSpzXsL.exe
  2⤵
  PID:7668
- C:\Windows\System\txMWXiY.exe
  C:\Windows\System\txMWXiY.exe
  2⤵
  PID:7684
- C:\Windows\System\MmTxAGu.exe
  C:\Windows\System\MmTxAGu.exe
  2⤵
  PID:7704
- C:\Windows\System\FAmKFKU.exe
  C:\Windows\System\FAmKFKU.exe
  2⤵
  PID:7732
- C:\Windows\System\wWhowXD.exe
  C:\Windows\System\wWhowXD.exe
  2⤵
  PID:7748
- C:\Windows\System\eyEjEvG.exe
  C:\Windows\System\eyEjEvG.exe
  2⤵
  PID:7768
- C:\Windows\System\hpooShO.exe
  C:\Windows\System\hpooShO.exe
  2⤵
  PID:7784
- C:\Windows\System\gEjpmNM.exe
  C:\Windows\System\gEjpmNM.exe
  2⤵
  PID:7800
- C:\Windows\System\QIHIsJU.exe
  C:\Windows\System\QIHIsJU.exe
  2⤵
  PID:7824
- C:\Windows\System\xznySSp.exe
  C:\Windows\System\xznySSp.exe
  2⤵
  PID:7844
- C:\Windows\System\WeAVqoV.exe
  C:\Windows\System\WeAVqoV.exe
  2⤵
  PID:7864
- C:\Windows\System\ALKhcbY.exe
  C:\Windows\System\ALKhcbY.exe
  2⤵
  PID:7884
- C:\Windows\System\HkteqSn.exe
  C:\Windows\System\HkteqSn.exe
  2⤵
  PID:7900
- C:\Windows\System\CxKSOKP.exe
  C:\Windows\System\CxKSOKP.exe
  2⤵
  PID:7924
- C:\Windows\System\oZfQTzF.exe
  C:\Windows\System\oZfQTzF.exe
  2⤵
  PID:7948
- C:\Windows\System\klxsrKw.exe
  C:\Windows\System\klxsrKw.exe
  2⤵
  PID:7968
- C:\Windows\System\NyXGCQV.exe
  C:\Windows\System\NyXGCQV.exe
  2⤵
  PID:7988
- C:\Windows\System\ilnSJiE.exe
  C:\Windows\System\ilnSJiE.exe
  2⤵
  PID:8004
- C:\Windows\System\gGMIxBk.exe
  C:\Windows\System\gGMIxBk.exe
  2⤵
  PID:8024
- C:\Windows\System\HeQeknz.exe
  C:\Windows\System\HeQeknz.exe
  2⤵
  PID:8040
- C:\Windows\System\xEhBiMd.exe
  C:\Windows\System\xEhBiMd.exe
  2⤵
  PID:8056
- C:\Windows\System\JoEtgrC.exe
  C:\Windows\System\JoEtgrC.exe
  2⤵
  PID:8076
- C:\Windows\System\tGVgDWb.exe
  C:\Windows\System\tGVgDWb.exe
  2⤵
  PID:8092
- C:\Windows\System\abnvItN.exe
  C:\Windows\System\abnvItN.exe
  2⤵
  PID:8108
- C:\Windows\System\lrjISHX.exe
  C:\Windows\System\lrjISHX.exe
  2⤵
  PID:8124
- C:\Windows\System\hkYkhlT.exe
  C:\Windows\System\hkYkhlT.exe
  2⤵
  PID:8140
- C:\Windows\System\SCvvwJD.exe
  C:\Windows\System\SCvvwJD.exe
  2⤵
  PID:8164
- C:\Windows\System\FGBipZG.exe
  C:\Windows\System\FGBipZG.exe
  2⤵
  PID:8184
- C:\Windows\System\ifklLCB.exe
  C:\Windows\System\ifklLCB.exe
  2⤵
  PID:7208
- C:\Windows\System\rclNKka.exe
  C:\Windows\System\rclNKka.exe
  2⤵
  PID:7272
- C:\Windows\System\htmiauU.exe
  C:\Windows\System\htmiauU.exe
  2⤵
  PID:7324
- C:\Windows\System\UwqaDNo.exe
  C:\Windows\System\UwqaDNo.exe
  2⤵
  PID:7340
- C:\Windows\System\nyFwNQR.exe
  C:\Windows\System\nyFwNQR.exe
  2⤵
  PID:7356
- C:\Windows\System\eWrYnCI.exe
  C:\Windows\System\eWrYnCI.exe
  2⤵
  PID:7428
- C:\Windows\System\OKpubpx.exe
  C:\Windows\System\OKpubpx.exe
  2⤵
  PID:7444
- C:\Windows\System\bpGUWQI.exe
  C:\Windows\System\bpGUWQI.exe
  2⤵
  PID:7520
- C:\Windows\System\FyjVCLG.exe
  C:\Windows\System\FyjVCLG.exe
  2⤵
  PID:7568
- C:\Windows\System\cNsEMWN.exe
  C:\Windows\System\cNsEMWN.exe
  2⤵
  PID:7588
- C:\Windows\System\ERGFEYM.exe
  C:\Windows\System\ERGFEYM.exe
  2⤵
  PID:7628
- C:\Windows\System\VnzFUaD.exe
  C:\Windows\System\VnzFUaD.exe
  2⤵
  PID:7816
- C:\Windows\System\ROwrpJf.exe
  C:\Windows\System\ROwrpJf.exe
  2⤵
  PID:7720
- C:\Windows\System\LiUhTdQ.exe
  C:\Windows\System\LiUhTdQ.exe
  2⤵
  PID:7796
- C:\Windows\System\MlDbzXP.exe
  C:\Windows\System\MlDbzXP.exe
  2⤵
  PID:7776
- C:\Windows\System\QarDjsO.exe
  C:\Windows\System\QarDjsO.exe
  2⤵
  PID:7832
- C:\Windows\System\qzJYkgE.exe
  C:\Windows\System\qzJYkgE.exe
  2⤵
  PID:7876
- C:\Windows\System\BJqVPBQ.exe
  C:\Windows\System\BJqVPBQ.exe
  2⤵
  PID:7912
- C:\Windows\System\YhEpeYC.exe
  C:\Windows\System\YhEpeYC.exe
  2⤵
  PID:7892
- C:\Windows\System\dBaQLTc.exe
  C:\Windows\System\dBaQLTc.exe
  2⤵
  PID:7932
- C:\Windows\System\ifQhHga.exe
  C:\Windows\System\ifQhHga.exe
  2⤵
  PID:7960
- C:\Windows\System\CHOmLxB.exe
  C:\Windows\System\CHOmLxB.exe
  2⤵
  PID:8016
- C:\Windows\System\fjTBgVk.exe
  C:\Windows\System\fjTBgVk.exe
  2⤵
  PID:8068
- C:\Windows\System\gxXqgRf.exe
  C:\Windows\System\gxXqgRf.exe
  2⤵
  PID:8132
- C:\Windows\System\bTPZhDD.exe
  C:\Windows\System\bTPZhDD.exe
  2⤵
  PID:8156
- C:\Windows\System\jYIKmDw.exe
  C:\Windows\System\jYIKmDw.exe
  2⤵
  PID:6620
- C:\Windows\System\QyMJUkc.exe
  C:\Windows\System\QyMJUkc.exe
  2⤵
  PID:7240
- C:\Windows\System\mGQIsfH.exe
  C:\Windows\System\mGQIsfH.exe
  2⤵
  PID:7184
- C:\Windows\System\DVlLSBe.exe
  C:\Windows\System\DVlLSBe.exe
  2⤵
  PID:7376
- C:\Windows\System\lRQrGxW.exe
  C:\Windows\System\lRQrGxW.exe
  2⤵
  PID:7424
- C:\Windows\System\gshrAJu.exe
  C:\Windows\System\gshrAJu.exe
  2⤵
  PID:7292
- C:\Windows\System\dvkqYvn.exe
  C:\Windows\System\dvkqYvn.exe
  2⤵
  PID:7524
- C:\Windows\System\Bafnkbp.exe
  C:\Windows\System\Bafnkbp.exe
  2⤵
  PID:7540
- C:\Windows\System\bZZXcrI.exe
  C:\Windows\System\bZZXcrI.exe
  2⤵
  PID:7536
- C:\Windows\System\SptuBde.exe
  C:\Windows\System\SptuBde.exe
  2⤵
  PID:7664
- C:\Windows\System\RmandhA.exe
  C:\Windows\System\RmandhA.exe
  2⤵
  PID:7728
- C:\Windows\System\GlHOSAl.exe
  C:\Windows\System\GlHOSAl.exe
  2⤵
  PID:7256
- C:\Windows\System\fYMJZsw.exe
  C:\Windows\System\fYMJZsw.exe
  2⤵
  PID:7260
- C:\Windows\System\IbKZaPh.exe
  C:\Windows\System\IbKZaPh.exe
  2⤵
  PID:7440
- C:\Windows\System\qqRYgXi.exe
  C:\Windows\System\qqRYgXi.exe
  2⤵
  PID:7584
- C:\Windows\System\mqasSBO.exe
  C:\Windows\System\mqasSBO.exe
  2⤵
  PID:7592
- C:\Windows\System\MKFlPoK.exe
  C:\Windows\System\MKFlPoK.exe
  2⤵
  PID:7792
- C:\Windows\System\OnGlbfK.exe
  C:\Windows\System\OnGlbfK.exe
  2⤵
  PID:7812
- C:\Windows\System\BHjJXIa.exe
  C:\Windows\System\BHjJXIa.exe
  2⤵
  PID:7820
- C:\Windows\System\ktAvdRx.exe
  C:\Windows\System\ktAvdRx.exe
  2⤵
  PID:7856
- C:\Windows\System\TtivFiW.exe
  C:\Windows\System\TtivFiW.exe
  2⤵
  PID:7996
- C:\Windows\System\ZZcjiPd.exe
  C:\Windows\System\ZZcjiPd.exe
  2⤵
  PID:8036
- C:\Windows\System\WDRrLrz.exe
  C:\Windows\System\WDRrLrz.exe
  2⤵
  PID:8100
- C:\Windows\System\RLvmNFO.exe
  C:\Windows\System\RLvmNFO.exe
  2⤵
  PID:8104
- C:\Windows\System\tDNaEPy.exe
  C:\Windows\System\tDNaEPy.exe
  2⤵
  PID:8020
- C:\Windows\System\PeVQJXL.exe
  C:\Windows\System\PeVQJXL.exe
  2⤵
  PID:7360
- C:\Windows\System\GmeOFBN.exe
  C:\Windows\System\GmeOFBN.exe
  2⤵
  PID:2568
- C:\Windows\System\TRNTNdp.exe
  C:\Windows\System\TRNTNdp.exe
  2⤵
  PID:7680
- C:\Windows\System\PNEoEOX.exe
  C:\Windows\System\PNEoEOX.exe
  2⤵
  PID:7760
- C:\Windows\System\AMGypgf.exe
  C:\Windows\System\AMGypgf.exe
  2⤵
  PID:7740
- C:\Windows\System\LhMKAtg.exe
  C:\Windows\System\LhMKAtg.exe
  2⤵
  PID:1708
- C:\Windows\System\wpgtMgS.exe
  C:\Windows\System\wpgtMgS.exe
  2⤵
  PID:7984
- C:\Windows\System\MBtiOvb.exe
  C:\Windows\System\MBtiOvb.exe
  2⤵
  PID:7940
- C:\Windows\System\omjnxqv.exe
  C:\Windows\System\omjnxqv.exe
  2⤵
  PID:7192
- C:\Windows\System\jPFYggf.exe
  C:\Windows\System\jPFYggf.exe
  2⤵
  PID:7556
- C:\Windows\System\PFEtASg.exe
  C:\Windows\System\PFEtASg.exe
  2⤵
  PID:7896
- C:\Windows\System\pNTyDxj.exe
  C:\Windows\System\pNTyDxj.exe
  2⤵
  PID:8064
- C:\Windows\System\AJIPlUD.exe
  C:\Windows\System\AJIPlUD.exe
  2⤵
  PID:8148
- C:\Windows\System\GbObuot.exe
  C:\Windows\System\GbObuot.exe
  2⤵
  PID:7852
- C:\Windows\System\KlKViIt.exe
  C:\Windows\System\KlKViIt.exe
  2⤵
  PID:8088
- C:\Windows\System\uqWLvvp.exe
  C:\Windows\System\uqWLvvp.exe
  2⤵
  PID:3040
- C:\Windows\System\ELTTTTt.exe
  C:\Windows\System\ELTTTTt.exe
  2⤵
  PID:8208
- C:\Windows\System\zPSskFi.exe
  C:\Windows\System\zPSskFi.exe
  2⤵
  PID:8236
- C:\Windows\System\YLQUCsZ.exe
  C:\Windows\System\YLQUCsZ.exe
  2⤵
  PID:8256
- C:\Windows\System\DJCelCk.exe
  C:\Windows\System\DJCelCk.exe
  2⤵
  PID:8272
- C:\Windows\System\XyPnPnf.exe
  C:\Windows\System\XyPnPnf.exe
  2⤵
  PID:8288
- C:\Windows\System\nAsVZiy.exe
  C:\Windows\System\nAsVZiy.exe
  2⤵
  PID:8304
- C:\Windows\System\WDDZJLL.exe
  C:\Windows\System\WDDZJLL.exe
  2⤵
  PID:8332
- C:\Windows\System\yGGWLCG.exe
  C:\Windows\System\yGGWLCG.exe
  2⤵
  PID:8348
- C:\Windows\System\DLfJUMh.exe
  C:\Windows\System\DLfJUMh.exe
  2⤵
  PID:8368
- C:\Windows\System\EiQuoJY.exe
  C:\Windows\System\EiQuoJY.exe
  2⤵
  PID:8384
- C:\Windows\System\MLgJCKV.exe
  C:\Windows\System\MLgJCKV.exe
  2⤵
  PID:8400
- C:\Windows\System\eKkfLkn.exe
  C:\Windows\System\eKkfLkn.exe
  2⤵
  PID:8440
- C:\Windows\System\CuDNHUk.exe
  C:\Windows\System\CuDNHUk.exe
  2⤵
  PID:8460
- C:\Windows\System\foTJMYj.exe
  C:\Windows\System\foTJMYj.exe
  2⤵
  PID:8476
- C:\Windows\System\pREnVIh.exe
  C:\Windows\System\pREnVIh.exe
  2⤵
  PID:8500
- C:\Windows\System\BGfPtYu.exe
  C:\Windows\System\BGfPtYu.exe
  2⤵
  PID:8520
- C:\Windows\System\jNzNFQu.exe
  C:\Windows\System\jNzNFQu.exe
  2⤵
  PID:8540
- C:\Windows\System\uUYbNUi.exe
  C:\Windows\System\uUYbNUi.exe
  2⤵
  PID:8560
- C:\Windows\System\tsvyUJk.exe
  C:\Windows\System\tsvyUJk.exe
  2⤵
  PID:8580
- C:\Windows\System\ibBzuzc.exe
  C:\Windows\System\ibBzuzc.exe
  2⤵
  PID:8600
- C:\Windows\System\sFGEScW.exe
  C:\Windows\System\sFGEScW.exe
  2⤵
  PID:8616
- C:\Windows\System\mYGxfRI.exe
  C:\Windows\System\mYGxfRI.exe
  2⤵
  PID:8632
- C:\Windows\System\WiakDIZ.exe
  C:\Windows\System\WiakDIZ.exe
  2⤵
  PID:8652
- C:\Windows\System\prwbpdm.exe
  C:\Windows\System\prwbpdm.exe
  2⤵
  PID:8684
- C:\Windows\System\iFxfphc.exe
  C:\Windows\System\iFxfphc.exe
  2⤵
  PID:8704
- C:\Windows\System\INIjerB.exe
  C:\Windows\System\INIjerB.exe
  2⤵
  PID:8720
- C:\Windows\System\QMZXUtu.exe
  C:\Windows\System\QMZXUtu.exe
  2⤵
  PID:8736
- C:\Windows\System\pZgyGRU.exe
  C:\Windows\System\pZgyGRU.exe
  2⤵
  PID:8752
- C:\Windows\System\yhiKemn.exe
  C:\Windows\System\yhiKemn.exe
  2⤵
  PID:8768
- C:\Windows\System\gTWYvlc.exe
  C:\Windows\System\gTWYvlc.exe
  2⤵
  PID:8788
- C:\Windows\System\KLSRZGR.exe
  C:\Windows\System\KLSRZGR.exe
  2⤵
  PID:8804
- C:\Windows\System\fPIIIPC.exe
  C:\Windows\System\fPIIIPC.exe
  2⤵
  PID:8820
- C:\Windows\System\PVQoItE.exe
  C:\Windows\System\PVQoItE.exe
  2⤵
  PID:8852
- C:\Windows\System\LSqISYj.exe
  C:\Windows\System\LSqISYj.exe
  2⤵
  PID:8868
- C:\Windows\System\bpISYvT.exe
  C:\Windows\System\bpISYvT.exe
  2⤵
  PID:8884
- C:\Windows\System\bcCSPuJ.exe
  C:\Windows\System\bcCSPuJ.exe
  2⤵
  PID:8900
- C:\Windows\System\HHKUwaO.exe
  C:\Windows\System\HHKUwaO.exe
  2⤵
  PID:8916
- C:\Windows\System\dNiraHA.exe
  C:\Windows\System\dNiraHA.exe
  2⤵
  PID:8936
- C:\Windows\System\jwSkCuw.exe
  C:\Windows\System\jwSkCuw.exe
  2⤵
  PID:8956
- C:\Windows\System\KYPuruY.exe
  C:\Windows\System\KYPuruY.exe
  2⤵
  PID:8972
- C:\Windows\System\oCGMzgP.exe
  C:\Windows\System\oCGMzgP.exe
  2⤵
  PID:8988
- C:\Windows\System\aEDsOiK.exe
  C:\Windows\System\aEDsOiK.exe
  2⤵
  PID:9004
- C:\Windows\System\FqfAGEv.exe
  C:\Windows\System\FqfAGEv.exe
  2⤵
  PID:9024
- C:\Windows\System\gbzZOEP.exe
  C:\Windows\System\gbzZOEP.exe
  2⤵
  PID:9044
- C:\Windows\System\rUMqLmA.exe
  C:\Windows\System\rUMqLmA.exe
  2⤵
  PID:9060
- C:\Windows\System\WWmWxSO.exe
  C:\Windows\System\WWmWxSO.exe
  2⤵
  PID:9076
- C:\Windows\System\CNVewtC.exe
  C:\Windows\System\CNVewtC.exe
  2⤵
  PID:9092
- C:\Windows\System\TLcWoKP.exe
  C:\Windows\System\TLcWoKP.exe
  2⤵
  PID:9108
- C:\Windows\System\mxJMaSt.exe
  C:\Windows\System\mxJMaSt.exe
  2⤵
  PID:9124
- C:\Windows\System\LmwcbAw.exe
  C:\Windows\System\LmwcbAw.exe
  2⤵
  PID:9140
- C:\Windows\System\yVVdnlV.exe
  C:\Windows\System\yVVdnlV.exe
  2⤵
  PID:9156
- C:\Windows\System\tiOHnRP.exe
  C:\Windows\System\tiOHnRP.exe
  2⤵
  PID:9172
- C:\Windows\System\rpjzFsI.exe
  C:\Windows\System\rpjzFsI.exe
  2⤵
  PID:9188
- C:\Windows\System\QpJgPzh.exe
  C:\Windows\System\QpJgPzh.exe
  2⤵
  PID:9204
- C:\Windows\System\WlYPfwO.exe
  C:\Windows\System\WlYPfwO.exe
  2⤵
  PID:8176
- C:\Windows\System\eFWaaUK.exe
  C:\Windows\System\eFWaaUK.exe
  2⤵
  PID:8296
- C:\Windows\System\txTQeBu.exe
  C:\Windows\System\txTQeBu.exe
  2⤵
  PID:8360
- C:\Windows\System\zNWtoUI.exe
  C:\Windows\System\zNWtoUI.exe
  2⤵
  PID:8436
- C:\Windows\System\ncAhOGt.exe
  C:\Windows\System\ncAhOGt.exe
  2⤵
  PID:8468
- C:\Windows\System\Ocoicge.exe
  C:\Windows\System\Ocoicge.exe
  2⤵
  PID:8472
- C:\Windows\System\JnIuHbx.exe
  C:\Windows\System\JnIuHbx.exe
  2⤵
  PID:8536
- C:\Windows\System\tZcyDiY.exe
  C:\Windows\System\tZcyDiY.exe
  2⤵
  PID:8516
- C:\Windows\System\JhYFRrg.exe
  C:\Windows\System\JhYFRrg.exe
  2⤵
  PID:8572
- C:\Windows\System\MDLZSjT.exe
  C:\Windows\System\MDLZSjT.exe
  2⤵
  PID:8608
- C:\Windows\System\JqXporl.exe
  C:\Windows\System\JqXporl.exe
  2⤵
  PID:8592
- C:\Windows\System\dQDcNnH.exe
  C:\Windows\System\dQDcNnH.exe
  2⤵
  PID:8672
- C:\Windows\System\XJOhGDF.exe
  C:\Windows\System\XJOhGDF.exe
  2⤵
  PID:8700
- C:\Windows\System\qZjWjwp.exe
  C:\Windows\System\qZjWjwp.exe
  2⤵
  PID:8728
- C:\Windows\System\AuIUoOC.exe
  C:\Windows\System\AuIUoOC.exe
  2⤵
  PID:8800
- C:\Windows\System\EiALLnk.exe
  C:\Windows\System\EiALLnk.exe
  2⤵
  PID:8780
- C:\Windows\System\DmAxynq.exe
  C:\Windows\System\DmAxynq.exe
  2⤵
  PID:8840
- C:\Windows\System\fyAfIGl.exe
  C:\Windows\System\fyAfIGl.exe
  2⤵
  PID:8912
- C:\Windows\System\wyKKgeh.exe
  C:\Windows\System\wyKKgeh.exe
  2⤵
  PID:8924
- C:\Windows\System\KLyzRQL.exe
  C:\Windows\System\KLyzRQL.exe
  2⤵
  PID:8980
- C:\Windows\System\AlitKvH.exe
  C:\Windows\System\AlitKvH.exe
  2⤵
  PID:8996
- C:\Windows\System\XWzCqyq.exe
  C:\Windows\System\XWzCqyq.exe
  2⤵
  PID:9000
- C:\Windows\System\suuPMZw.exe
  C:\Windows\System\suuPMZw.exe
  2⤵
  PID:9056
- C:\Windows\System\PGNmESY.exe
  C:\Windows\System\PGNmESY.exe
  2⤵
  PID:2316
- C:\Windows\System\ImYZGEE.exe
  C:\Windows\System\ImYZGEE.exe
  2⤵
  PID:9164
- C:\Windows\System\xatJLbS.exe
  C:\Windows\System\xatJLbS.exe
  2⤵
  PID:9116
- C:\Windows\System\QaQvbuH.exe
  C:\Windows\System\QaQvbuH.exe
  2⤵
  PID:9168
- C:\Windows\System\jBdMIxm.exe
  C:\Windows\System\jBdMIxm.exe
  2⤵
  PID:9200
- C:\Windows\System\FXMZrwG.exe
  C:\Windows\System\FXMZrwG.exe
  2⤵
  PID:8216
- C:\Windows\System\GomNMXQ.exe
  C:\Windows\System\GomNMXQ.exe
  2⤵
  PID:8228
- C:\Windows\System\ZduuOQu.exe
  C:\Windows\System\ZduuOQu.exe
  2⤵
  PID:8248
- C:\Windows\System\awauaXd.exe
  C:\Windows\System\awauaXd.exe
  2⤵
  PID:8284
- C:\Windows\System\jrCbvvl.exe
  C:\Windows\System\jrCbvvl.exe
  2⤵
  PID:8320
- C:\Windows\System\XkZLJDz.exe
  C:\Windows\System\XkZLJDz.exe
  2⤵
  PID:8392
- C:\Windows\System\pZZbWlz.exe
  C:\Windows\System\pZZbWlz.exe
  2⤵
  PID:8408
- C:\Windows\System\aKEOGfF.exe
  C:\Windows\System\aKEOGfF.exe
  2⤵
  PID:8420
- C:\Windows\System\qXgddnf.exe
  C:\Windows\System\qXgddnf.exe
  2⤵
  PID:8456
- C:\Windows\System\LyaSVXV.exe
  C:\Windows\System\LyaSVXV.exe
  2⤵
  PID:8532
- C:\Windows\System\CMXlYMV.exe
  C:\Windows\System\CMXlYMV.exe
  2⤵
  PID:8576
- C:\Windows\System\zHdcRmB.exe
  C:\Windows\System\zHdcRmB.exe
  2⤵
  PID:8644
- C:\Windows\System\XPmjXdD.exe
  C:\Windows\System\XPmjXdD.exe
  2⤵
  PID:8696
- C:\Windows\System\PvYzRTf.exe
  C:\Windows\System\PvYzRTf.exe
  2⤵
  PID:8716
- C:\Windows\System\gCFzWkv.exe
  C:\Windows\System\gCFzWkv.exe
  2⤵
  PID:8628
- C:\Windows\System\YZrttAN.exe
  C:\Windows\System\YZrttAN.exe
  2⤵
  PID:8776
- C:\Windows\System\mNCQqZp.exe
  C:\Windows\System\mNCQqZp.exe
  2⤵
  PID:8880
- C:\Windows\System\QUapcyV.exe
  C:\Windows\System\QUapcyV.exe
  2⤵
  PID:8952
- C:\Windows\System\KCdiYQM.exe
  C:\Windows\System\KCdiYQM.exe
  2⤵
  PID:8860
- C:\Windows\System\BUJsIxl.exe
  C:\Windows\System\BUJsIxl.exe
  2⤵
  PID:2252
- C:\Windows\System\fRPDTFI.exe
  C:\Windows\System\fRPDTFI.exe
  2⤵
  PID:9132
- C:\Windows\System\OlZvhJQ.exe
  C:\Windows\System\OlZvhJQ.exe
  2⤵
  PID:8796
- C:\Windows\System\fBzQiEs.exe
  C:\Windows\System\fBzQiEs.exe
  2⤵
  PID:2712
- C:\Windows\System\xtirtOk.exe
  C:\Windows\System\xtirtOk.exe
  2⤵
  PID:8832
- C:\Windows\System\QoMfSqp.exe
  C:\Windows\System\QoMfSqp.exe
  2⤵
  PID:8928
- C:\Windows\System\hmzdGpU.exe
  C:\Windows\System\hmzdGpU.exe
  2⤵
  PID:9136
- C:\Windows\System\dljbRCs.exe
  C:\Windows\System\dljbRCs.exe
  2⤵
  PID:9152
- C:\Windows\System\uTZXrcd.exe
  C:\Windows\System\uTZXrcd.exe
  2⤵
  PID:9196
- C:\Windows\System\zazyYdQ.exe
  C:\Windows\System\zazyYdQ.exe
  2⤵
  PID:8356
- C:\Windows\System\AaIuelm.exe
  C:\Windows\System\AaIuelm.exe
  2⤵
  PID:8268
- C:\Windows\System\XUwPdEw.exe
  C:\Windows\System\XUwPdEw.exe
  2⤵
  PID:8448
- C:\Windows\System\LwNeLMV.exe
  C:\Windows\System\LwNeLMV.exe
  2⤵
  PID:8552
- C:\Windows\System\KBjockZ.exe
  C:\Windows\System\KBjockZ.exe
  2⤵
  PID:8640
- C:\Windows\System\ALuwJzf.exe
  C:\Windows\System\ALuwJzf.exe
  2⤵
  PID:2752
- C:\Windows\System\xcdfrgn.exe
  C:\Windows\System\xcdfrgn.exe
  2⤵
  PID:8848
- C:\Windows\System\eBtTeih.exe
  C:\Windows\System\eBtTeih.exe
  2⤵
  PID:8748
- C:\Windows\System\XzserJX.exe
  C:\Windows\System\XzserJX.exe
  2⤵
  PID:9040
- C:\Windows\System\wDCeCAo.exe
  C:\Windows\System\wDCeCAo.exe
  2⤵
  PID:8376
- C:\Windows\System\vmiXiuG.exe
  C:\Windows\System\vmiXiuG.exe
  2⤵
  PID:8512
- C:\Windows\System\CyAqeNT.exe
  C:\Windows\System\CyAqeNT.exe
  2⤵
  PID:8680
- C:\Windows\System\cjFuGuy.exe
  C:\Windows\System\cjFuGuy.exe
  2⤵
  PID:9100
- C:\Windows\System\FfXXgWh.exe
  C:\Windows\System\FfXXgWh.exe
  2⤵
  PID:8200
- C:\Windows\System\FoNRmHd.exe
  C:\Windows\System\FoNRmHd.exe
  2⤵
  PID:9184
- C:\Windows\System\NAhmauz.exe
  C:\Windows\System\NAhmauz.exe
  2⤵
  PID:8328
- C:\Windows\System\nICdmXN.exe
  C:\Windows\System\nICdmXN.exe
  2⤵
  PID:8244
- C:\Windows\System\dTBjxLT.exe
  C:\Windows\System\dTBjxLT.exe
  2⤵
  PID:9228
- C:\Windows\System\YJRFYdd.exe
  C:\Windows\System\YJRFYdd.exe
  2⤵
  PID:9248
- C:\Windows\System\JkfhYMp.exe
  C:\Windows\System\JkfhYMp.exe
  2⤵
  PID:9264
- C:\Windows\System\CwtcIYO.exe
  C:\Windows\System\CwtcIYO.exe
  2⤵
  PID:9280
- C:\Windows\System\VJaPHGC.exe
  C:\Windows\System\VJaPHGC.exe
  2⤵
  PID:9308
- C:\Windows\System\cUaMCJs.exe
  C:\Windows\System\cUaMCJs.exe
  2⤵
  PID:9324
- C:\Windows\System\HyqHAft.exe
  C:\Windows\System\HyqHAft.exe
  2⤵
  PID:9344
- C:\Windows\System\vdcwXwP.exe
  C:\Windows\System\vdcwXwP.exe
  2⤵
  PID:9364
- C:\Windows\System\nUicqTq.exe
  C:\Windows\System\nUicqTq.exe
  2⤵
  PID:9384
- C:\Windows\System\mCfNTLy.exe
  C:\Windows\System\mCfNTLy.exe
  2⤵
  PID:9404
- C:\Windows\System\PqokzUY.exe
  C:\Windows\System\PqokzUY.exe
  2⤵
  PID:9420
- C:\Windows\System\NkSCpGd.exe
  C:\Windows\System\NkSCpGd.exe
  2⤵
  PID:9436
- C:\Windows\System\RkfXgaW.exe
  C:\Windows\System\RkfXgaW.exe
  2⤵
  PID:9460
- C:\Windows\System\NtypvzF.exe
  C:\Windows\System\NtypvzF.exe
  2⤵
  PID:9488
- C:\Windows\System\QNpDjnJ.exe
  C:\Windows\System\QNpDjnJ.exe
  2⤵
  PID:9504
- C:\Windows\System\yyIqpQy.exe
  C:\Windows\System\yyIqpQy.exe
  2⤵
  PID:9524
- C:\Windows\System\wQufbSA.exe
  C:\Windows\System\wQufbSA.exe
  2⤵
  PID:9544
- C:\Windows\System\hboORrn.exe
  C:\Windows\System\hboORrn.exe
  2⤵
  PID:9568
- C:\Windows\System\ysviYnM.exe
  C:\Windows\System\ysviYnM.exe
  2⤵
  PID:9584
- C:\Windows\System\qVPRmGo.exe
  C:\Windows\System\qVPRmGo.exe
  2⤵
  PID:9600
- C:\Windows\System\QamRVCQ.exe
  C:\Windows\System\QamRVCQ.exe
  2⤵
  PID:9616
- C:\Windows\System\QvVhiIc.exe
  C:\Windows\System\QvVhiIc.exe
  2⤵
  PID:9644
- C:\Windows\System\mUxoHgy.exe
  C:\Windows\System\mUxoHgy.exe
  2⤵
  PID:9660
- C:\Windows\System\MvetoSQ.exe
  C:\Windows\System\MvetoSQ.exe
  2⤵
  PID:9680
- C:\Windows\System\wsmjSPW.exe
  C:\Windows\System\wsmjSPW.exe
  2⤵
  PID:9708
- C:\Windows\System\tyOchEL.exe
  C:\Windows\System\tyOchEL.exe
  2⤵
  PID:9732
- C:\Windows\System\zPgxCAm.exe
  C:\Windows\System\zPgxCAm.exe
  2⤵
  PID:9748
- C:\Windows\System\FmUBJII.exe
  C:\Windows\System\FmUBJII.exe
  2⤵
  PID:9772
- C:\Windows\System\ObeoHQj.exe
  C:\Windows\System\ObeoHQj.exe
  2⤵
  PID:9788
- C:\Windows\System\qvMckqe.exe
  C:\Windows\System\qvMckqe.exe
  2⤵
  PID:9812
- C:\Windows\System\gsvpmae.exe
  C:\Windows\System\gsvpmae.exe
  2⤵
  PID:9828
- C:\Windows\System\PmysqxX.exe
  C:\Windows\System\PmysqxX.exe
  2⤵
  PID:9844
- C:\Windows\System\FarfPXG.exe
  C:\Windows\System\FarfPXG.exe
  2⤵
  PID:9864
- C:\Windows\System\nTrrMeZ.exe
  C:\Windows\System\nTrrMeZ.exe
  2⤵
  PID:9880
- C:\Windows\System\FakpUoh.exe
  C:\Windows\System\FakpUoh.exe
  2⤵
  PID:9908
- C:\Windows\System\fezcGCz.exe
  C:\Windows\System\fezcGCz.exe
  2⤵
  PID:9928
- C:\Windows\System\yRApokG.exe
  C:\Windows\System\yRApokG.exe
  2⤵
  PID:9948
- C:\Windows\System\DfVxUot.exe
  C:\Windows\System\DfVxUot.exe
  2⤵
  PID:9968
- C:\Windows\System\eovnwKv.exe
  C:\Windows\System\eovnwKv.exe
  2⤵
  PID:9996
- C:\Windows\System\CdkjNgG.exe
  C:\Windows\System\CdkjNgG.exe
  2⤵
  PID:10016
- C:\Windows\System\mNXcPFK.exe
  C:\Windows\System\mNXcPFK.exe
  2⤵
  PID:10032
- C:\Windows\System\YlnFhSE.exe
  C:\Windows\System\YlnFhSE.exe
  2⤵
  PID:10056
- C:\Windows\System\UPSWCeM.exe
  C:\Windows\System\UPSWCeM.exe
  2⤵
  PID:10072
- C:\Windows\System\zHrjVvD.exe
  C:\Windows\System\zHrjVvD.exe
  2⤵
  PID:10092
- C:\Windows\System\PKcbaNu.exe
  C:\Windows\System\PKcbaNu.exe
  2⤵
  PID:10112
- C:\Windows\System\pZLFouO.exe
  C:\Windows\System\pZLFouO.exe
  2⤵
  PID:10128
- C:\Windows\System\IsyaMts.exe
  C:\Windows\System\IsyaMts.exe
  2⤵
  PID:10148
- C:\Windows\System\mhdZmiF.exe
  C:\Windows\System\mhdZmiF.exe
  2⤵
  PID:10176
- C:\Windows\System\YrYCUtf.exe
  C:\Windows\System\YrYCUtf.exe
  2⤵
  PID:10192
- C:\Windows\System\FUMjxYq.exe
  C:\Windows\System\FUMjxYq.exe
  2⤵
  PID:10216
- C:\Windows\System\uNnnbIk.exe
  C:\Windows\System\uNnnbIk.exe
  2⤵
  PID:10232
- C:\Windows\System\crPFsBq.exe
  C:\Windows\System\crPFsBq.exe
  2⤵
  PID:8312
- C:\Windows\System\olJfhji.exe
  C:\Windows\System\olJfhji.exe
  2⤵
  PID:9224
- C:\Windows\System\iyjzywF.exe
  C:\Windows\System\iyjzywF.exe
  2⤵
  PID:9276
- C:\Windows\System\pynETlK.exe
  C:\Windows\System\pynETlK.exe
  2⤵
  PID:9292
- C:\Windows\System\bhokpCb.exe
  C:\Windows\System\bhokpCb.exe
  2⤵
  PID:9336
- C:\Windows\System\IBziQWc.exe
  C:\Windows\System\IBziQWc.exe
  2⤵
  PID:9360
- C:\Windows\System\NrGrVWG.exe
  C:\Windows\System\NrGrVWG.exe
  2⤵
  PID:9396
- C:\Windows\System\cZSXByU.exe
  C:\Windows\System\cZSXByU.exe
  2⤵
  PID:9444
- C:\Windows\System\yjpUagn.exe
  C:\Windows\System\yjpUagn.exe
  2⤵
  PID:9484
- C:\Windows\System\sfAOQqJ.exe
  C:\Windows\System\sfAOQqJ.exe
  2⤵
  PID:2728
- C:\Windows\System\Vgmrrsf.exe
  C:\Windows\System\Vgmrrsf.exe
  2⤵
  PID:9520
- C:\Windows\System\azkIIxj.exe
  C:\Windows\System\azkIIxj.exe
  2⤵
  PID:996
- C:\Windows\System\tCUIMLE.exe
  C:\Windows\System\tCUIMLE.exe
  2⤵
  PID:9592
- C:\Windows\System\phbIywg.exe
  C:\Windows\System\phbIywg.exe
  2⤵
  PID:9640
- C:\Windows\System\HJtWnqq.exe
  C:\Windows\System\HJtWnqq.exe
  2⤵
  PID:9632
- C:\Windows\System\VSodEDm.exe
  C:\Windows\System\VSodEDm.exe
  2⤵
  PID:9656
- C:\Windows\System\XfrVube.exe
  C:\Windows\System\XfrVube.exe
  2⤵
  PID:9720
- C:\Windows\System\FubKXOm.exe
  C:\Windows\System\FubKXOm.exe
  2⤵
  PID:1112
- C:\Windows\System\HEcoVRM.exe
  C:\Windows\System\HEcoVRM.exe
  2⤵
  PID:9796
- C:\Windows\System\aiOkopH.exe
  C:\Windows\System\aiOkopH.exe
  2⤵
  PID:9804
- C:\Windows\System\GtdjyRK.exe
  C:\Windows\System\GtdjyRK.exe
  2⤵
  PID:9856
- C:\Windows\System\OlsMIRh.exe
  C:\Windows\System\OlsMIRh.exe
  2⤵
  PID:9852
- C:\Windows\System\diWhljv.exe
  C:\Windows\System\diWhljv.exe
  2⤵
  PID:9900
- C:\Windows\System\jMeYDUk.exe
  C:\Windows\System\jMeYDUk.exe
  2⤵
  PID:9924
- C:\Windows\System\fXslYcz.exe
  C:\Windows\System\fXslYcz.exe
  2⤵
  PID:9976
- C:\Windows\System\kKKxtdB.exe
  C:\Windows\System\kKKxtdB.exe
  2⤵
  PID:10012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AqiLPEt.exe

Filesize
6.0MB

MD5
26e8c7b5b2a3007eac0393a8dd94c90d

SHA1
5f13d9faafc4a025c2b7ff24697bdfb609a931b9

SHA256
bbe866e0a5f3378287989e1fcb80eb0f969067a6931fe031f8d42e0db8b2acfd

SHA512
c8dc97893d98a11b6fa6924d8ae19551962ffb150da062a3d7197d052e5c7df4c6dd3c84bc3557cab64b89e05ae7e37e7ab3bc8c15eb7562af231f2d86f8ece8

Download Submit
C:\Windows\system\BYkwcLH.exe

Filesize
6.0MB

MD5
4108f73ba74a093ee51a8bac12622841

SHA1
2d2ae7f4725be07a2b020cd285ec1e84ba045970

SHA256
7d18178a3e47ee6a669ff35c9f3d63142f4559538d8e31b6c063447b667b2b67

SHA512
89dd5560158e54c1018a4f3788a117197155d0d0775b85e642c847518ccf5e15aeba26ef807d2989bc270382a7231d3f914146fe927dce8d6a88e30354253106

Download Submit
C:\Windows\system\DRHPOkT.exe

Filesize
6.0MB

MD5
8befbde0724b8564e51ee6cbe5a639d3

SHA1
dbecea869d4aef1e45ac89e7446065320c6380e1

SHA256
5d0f42ad7538a8baacbc2c8093d5077fc154f34d3601d8dae3663d77df8a120c

SHA512
6a88a653387622b9f0b83083760576f839772acd083f2028005aa68e422f9b899b41599668bcf71b57af97bab28c45e9695c612a27cd974a82078db3ec132769

Download Submit
C:\Windows\system\GGKimvU.exe

Filesize
6.0MB

MD5
c82f9523899701843244f8febdd7f652

SHA1
3a2c06aad7502ccd928f3a682171cdba1f2b9f3e

SHA256
bb6726e5996fbafb7ef33fe6f4834e9877a8f660e50821eb0a9e6f12e30ce569

SHA512
ff8af59bde898bee1065db2cca44c8be1ff0408b92511f03dd843404ec059e660aae173b6104989b9acb1670f64d287363d3821c47cb9869cac4c731ebcf8f40

Download Submit
C:\Windows\system\GgcCqDq.exe

Filesize
6.0MB

MD5
82bc09becb49db98ff0af18f4d1f502e

SHA1
9d5909dc1671e2995096833cacb78ffe7eed0c9c

SHA256
a24f9169ce6f0822eb242c43823ea938127f5fab9d68a90f9ed1670408055f48

SHA512
e8f3076858a2055784b33b5b8e8c5e41e2a6b6f845aedb57bb8f3d53ef282057e190b9c9f4c61b46c94055df7841eb8fcca19e0ae656810c8aedd2f9ffdd8046

Download Submit
C:\Windows\system\HFzVcBY.exe

Filesize
6.0MB

MD5
57cadf780acdd7fae63b96e596b359e4

SHA1
2462d5a5d484e9bcc8b899c2c21501ed300ee6f1

SHA256
ff761ef0541433d620b170e6a88d02cd588527943bf032aec524681120243feb

SHA512
b83edb3e631488a2909afed9b816adf1fb257832d3035b8fa8ba1c3622f0ad3d8cddb8af3ce5025f81b804c7f364cc5521461fa98f73806aafa2250acfa0075e

Download Submit
C:\Windows\system\MAfPERW.exe

Filesize
6.0MB

MD5
a3842ba3dd70b3fe26c349c3c1686e66

SHA1
f603a70090773f4e8b06fb31e4a860928e867251

SHA256
82d31e7cd04f7dd13e39f96cf8f7160385085f2836b70163ab7ae01f22061a8d

SHA512
256fb1ef54f3080e3f2941910bb4dc877724fba1b99bd4bd8014a07b1568a61e822179429efda825f743a866cff736ac34bec1a2537c5a895950183ff8c40dcf

Download Submit
C:\Windows\system\OFEjbTo.exe

Filesize
6.0MB

MD5
193b1a77e4ffb2cb0dbfd9010dc6855e

SHA1
3e8db3fb611a4fa2f8c0c471aab38570db0d1046

SHA256
2df5914316c1cb8e5b1215d8d55f72e871392b93b95182b92d16e988f464a89d

SHA512
93e13c3c0631e36e904141778c0713f9bd992f89c8d2249dde019c1f0ac2366c3518a13c30f09bee3d1e2e8b15faaeeb4345b3ff92d41edebfada071c49b07ec

Download Submit
C:\Windows\system\SLawTuj.exe

Filesize
6.0MB

MD5
b595bb98e2860d5523fee4fe8820d30b

SHA1
3f260ccc81985ee4ee82604bdf6debda40eecae6

SHA256
3bff50dc04b2f69f1ad325fea17f073dd1f08c1e23926443886ce5b767557b9e

SHA512
c05d2725d1783410b5d215788fddac30b55a18d232b0afc6211d541521ef1cabb1c9060652a0996d26dc8ec999a220d508956cac5a28329b51ff0587b588843f

Download Submit
C:\Windows\system\SpVThzn.exe

Filesize
6.0MB

MD5
dd6c1e1f39357097f29b6e64e64cdedc

SHA1
438c8386cb1828eafc7088f9cd0130cafe080436

SHA256
4a301439c549463cd417ce2f91c2f4711d8fc4ff45d27780f2fb02cce1b021c5

SHA512
2a464f8ede20c8ebb6c49930ddd67450d937b72f2764177e5fce01e8b1b6caf860333a2ae2538b226aa7da5af5dd396671d8c3b820fc036c9f9d2f62c509487d

Download Submit
C:\Windows\system\TfEWXJe.exe

Filesize
6.0MB

MD5
78e534c63cc83f8c39868f9e844c89dc

SHA1
4dbe9ff57f8223785d8edd1909275ec31bd815cc

SHA256
a52688b95248eff14304a251c8200edc8de969ff34bcb7fc56bd0696fac61a45

SHA512
6a1ee7882f43b0710fc46609401087758c301435b4513e51124de8986bba61c506be615dafa9f48e1fd482de4231ac4de40c2e3845dc270380b671f68e252397

Download Submit
C:\Windows\system\TfeGEIf.exe

Filesize
6.0MB

MD5
8e30a15d29ca4699e6140616176ada39

SHA1
37c5ad73ceeaabd8247bc5430b83b1398b0abfd0

SHA256
fb96a2b2376bda7a6b7cfa4782511c11f90cbb563becfc962bebb430690a3667

SHA512
a2662bc0b6ff9e44ce57cec6c0404cf50b88a2feba790e052b322bbd69c3114f0e3256e910f5032a6844eb88e0247004ea9d25013ea898f848a31614100f71c7

Download Submit
C:\Windows\system\UwCMZqB.exe

Filesize
6.0MB

MD5
c7001e5c9e7fb944607a0571288d5348

SHA1
797aeff7a2c531e0883e43e5bee3175f64b9d1c1

SHA256
755fbd7a55b4a47108c21699125873e940a937ecd2ad443986a072fa391e065f

SHA512
c7db6680fca9b992e46221bc773ce55cf92f376bc0fb3131ed6314aad9dde539be6511b467863bf74e09bae74a864c2d5e6be0e09946c67e7eadf8b5f9b001f8

Download Submit
C:\Windows\system\ZvUnsOp.exe

Filesize
6.0MB

MD5
5e3eb0a5f5938ba80ff07accf83549a0

SHA1
92d2a296d35b3530bf969eb12c8d96200d178615

SHA256
2012143b84befe6861be6603f37c66b51bdbfb5bc91791c567f2862c44eaf82f

SHA512
e8ca1532b150d3541ade62051734696ff97179248d79388b34ae348968acf08be2cc2945bb84ccfc4ca5653f6cba7fa044df7631e8e52a4ea600cb0acbf974ae

Download Submit
C:\Windows\system\aAHHNci.exe

Filesize
6.0MB

MD5
b0304204c278bb8c0541a27f8e5972a5

SHA1
d0df4c4f4be511ef458cdd6c269001d06b4b03bc

SHA256
e9943024ea8ba77862bc33fe2e3d9b3f576b1d8224cb62139a9b2a50ddff1053

SHA512
fd89deb2ffed154d3c662b5d5af7091396f92f8683ff40082635e79f26dbdef24e7b7db9aec6614dd6603908f9e6104f03079002dbcbf0e913a6dc9f3ec82cd7

Download Submit
C:\Windows\system\eQqrotL.exe

Filesize
6.0MB

MD5
43283917897adb901a496406311ea83a

SHA1
8c7a3c50260d1c49bebc2c5ccdc174e8f85426e1

SHA256
663b0504559334836a4bae9cbf22c1330014039e1a7a08f3848984104ff82939

SHA512
e14cea084e5542b6971df1426dc5303f5407f50fbba0ed9aa45c022bcbc2e200b627b6e8a43514e171a5a1e95008515cfed58f27d1b242f708707f3ce9f9a105

Download Submit
C:\Windows\system\funxZdk.exe

Filesize
6.0MB

MD5
3f11e402e628f85ece41199feeafba9d

SHA1
e80d74e9c4b011ee8e8117c15bb4ab9e73514198

SHA256
35f1b414d422f1d6892a98e69efc30ab5042c84947927e0cd923fcee491d1e87

SHA512
026d81b307929bd2f739dde38752e0a4d12ac254536d160b658b2eca72077909e3197469694260d19242352e162767d5ae09ef29542692778a1897c2f762e27f

Download Submit
C:\Windows\system\iIwWANN.exe

Filesize
6.0MB

MD5
3bf8c62f906e9bb410a5fb3fcd57160b

SHA1
2143a7f52c310c9c7ae897303987a1b85af0eca3

SHA256
f69453abe74ca10e3bec8d21bffe947df0dfd8482ea60320b779a2517bba67fa

SHA512
78601ef98ed53c94c0e4b60ec35004ff70b9ae47a7290d112094d67922691a9dd566fa11d3334091358cb9d451eb53b38bbe812f72bc891489b56bf4088e4c78

Download Submit
C:\Windows\system\mVaGQJn.exe

Filesize
6.0MB

MD5
96c49741bc583d23cedeacbdcbf1f986

SHA1
187a5391aa05a3938bf2080f4ef9f5245ec70656

SHA256
c635f26337e2cf34b1f58ac9841673587559fcc1aac8fa24b9d64d10e2dfb98e

SHA512
0e28522e9aa779d4c7b8dfec5e3919223f406eaa7fcc9280c2de80db02e4f8f4c4dda464a464eba2d34b5d0d969d0973628208e5fb431dd65c4c49a4172ab66e

Download Submit
C:\Windows\system\nZtTALQ.exe

Filesize
6.0MB

MD5
fab962b12e0e18937e566ceaeba31c57

SHA1
59fd009b7d9e55c2dc7adbff25beff243eb38c0a

SHA256
99992640e9a9b1b850729e256f4e267d56951c1002d0ed56783876eae3fb7b4e

SHA512
493b3d75c83030caddb27e28c8b876aa2c76f693a0de3cff71368a213f0cd61e65a83a0862f0db70fe785d958c345d9341cb7fb8cbc9aa81689d4600dc4f18f2

Download Submit
C:\Windows\system\pvVAoij.exe

Filesize
6.0MB

MD5
98f047381f64b46e89480efbf48cc17f

SHA1
8e275b65327dff78ba2dc782f345ff91ddf6a957

SHA256
ae841063fbf7638ebb6ce28eb5fdffa5092e491ae0f60c84db504d4ea0114eab

SHA512
cd03b5af47bdf496f8e6348f83e07ab4ea3d203d852315862046599d6c68e535f18dad42728e0ff168cb49a8f3bdb03f8b9ceab4cf8b7459d71912723605cda2

Download Submit
C:\Windows\system\rADaanV.exe

Filesize
6.0MB

MD5
eb8848d6afeb70cb5e1896fe544855af

SHA1
603f567b32ed17cfa6f2232d08c5fc31fbd6363e

SHA256
4cac34ec0d394598a492f2086f43ab4aa07e6f6bfe2e530c8f273f92d8e7da1b

SHA512
94f9aacce6fdee10b91133272d877c79c5c6c3ef3ce06b97b18bfcb402e331eb3a34c01eef51fe248fb30219acff19600b19928cdfb8df0df65fd64147a50ab4

Download Submit
C:\Windows\system\sbErwLC.exe

Filesize
6.0MB

MD5
ab8f1b7168895d36202c3915717f2add

SHA1
e64dd90d9798b5201651d1b5360218ae31312ff5

SHA256
1aa7c0389230c21f6fda924dfec92c47376b6663a3e6882678c070bc701e2f62

SHA512
42e2ba510e769a2a8e531229031137f0e1542ab5ab632d3c2553eb10d9034620f2f7ee7221845b44bb52b0eafd087f54197292a0a8144a94fc918a8b18c8e84a

Download Submit
C:\Windows\system\xOTvBBl.exe

Filesize
6.0MB

MD5
99710a999edbacacc6cd028eef19b939

SHA1
8cd9bef8cf6d41ed82c55e95a6167e8a4aa9633b

SHA256
9fb3e7be94d8e698d1d83622fee6a9007bd2f664be7e24c5ae6e7d250f9b5ccd

SHA512
8833543cb7bf502567fa25d9259b015bf7e06b7c4beb7cb0cf4b7b10e7269018c34b58fb54012d441685e5a44d91f0239e08cac05efb86e78421994b901a2251

Download Submit
C:\Windows\system\yZTHGbf.exe

Filesize
6.0MB

MD5
b67b24e225dc9ccc61471dcac6744432

SHA1
8b3641e57a3e8222edd8dc4ecf6ad960ba176452

SHA256
eeb45a9bc27184b96ca5d8f61311b811f929c276614d30d8e84608f7201eebe2

SHA512
476eb8ad4309f82551b94900fec207ead7ea3458f8be853b3519b7669f0e710c81f8deb56189a90a3538b8153d428b6e9c2f76f4b23ea8b44f465d997d2c79c3

Download Submit
\Windows\system\GYnmbIs.exe

Filesize
6.0MB

MD5
ad11058d6f57656af0ede0061a0dcc6c

SHA1
ee878457ebb9e00d2df5467545e645cc917a5328

SHA256
c26abe237af558dcec55b78128c07abfd5c464c75437c724a7be749091e15e36

SHA512
cea10853db85cbcc4e4a6c0e56e6e8c650046c9c55dd604cf49f8a24202f6eee2332bca0a6a7d97ddba5a04204c42909a7d2d2bb334431608061b7674b0561ec

Download Submit
\Windows\system\MqvNQaO.exe

Filesize
6.0MB

MD5
f20366951c51ce396ca1e36a9d8ddb08

SHA1
0c384c6169a36c0713f3ae8ae844bca8a83c4bbc

SHA256
d4cdd2895137c75eae5083d6c218e0c94445fea1ddc9d7ea13ccd0b4b308a380

SHA512
1bc8ac931466a35aceb6ef4d77cd1322db717b4e0db608ab6403feda074fb2158cfc52d97908311d2b811389061c46f83af8a97dc9027ebc801e41c60cedd21c

Download Submit
\Windows\system\OopwnYL.exe

Filesize
6.0MB

MD5
ef4ccd63ee5e12f42c5f87fee040ac45

SHA1
d06fdb8ccb96c636f35e647bc3820e60d2572c56

SHA256
4ed9950eda63dacbce2e856fa3e420fda97337711becfa712ce0c2ae00134d9a

SHA512
5d3490592c499736073a1061e0e36125aeee10f23f60c54f1a9748798b1a105f5e948929c6876062672de4d0c95c6f4e6b9ad6a033368419cd71ba1f7b48121a

Download Submit
\Windows\system\cNAHXpQ.exe

Filesize
6.0MB

MD5
d3af5fe421ec2a57488b0246c7539010

SHA1
8555886de47a7c42f5f4f49238a7cdd01bbbac94

SHA256
9c5e10ccaa2fca6342408e528934fe5c9d60a31ab7f43e5cd272d72e066c7cc3

SHA512
35116bd66a1cf47f22894dfa2599d6d457bc182c2ffde0ffa61be45776987df04b73214339d61b43b817170d8d282a01099fbcebac942c87c5190864381d9ac5

Download Submit
\Windows\system\jliCwXl.exe

Filesize
6.0MB

MD5
f7c1482a2a56e9b7330037b0c0c44927

SHA1
05d1d02177beaa698267d1c28334b161f50ffb7b

SHA256
e141356997243e256b560766b7265dae3453349e1ce501174a9db76cbaa70473

SHA512
a1a337bc7d6f285f6b6fb94ff7d50644f141ac9030c7d68d1caf2137dce20ad95dfeab41a3f76990890ce958fcd0801d605e4cc1f64c0150a50210c5a159df5b

Download Submit
\Windows\system\lDvrnet.exe

Filesize
6.0MB

MD5
b7eb01570ba58e2d77e68f89f37f5be5

SHA1
169066c0ab7c82bf59358c046a7de8322657c898

SHA256
3a72b7b075b46883c652a9426a6e2e81c5f9cc11d2b5399b949143cf584be90e

SHA512
e92eb879fc7930617a9603b99819e4432c86e26a6f950a8d1326fbb6c0b2d65601c4326c6a288bbf26e2656d775ff19614935a903aafecb3928dfaa1fb0ea376

Download Submit
\Windows\system\nFTptep.exe

Filesize
6.0MB

MD5
95bfe4f6b00c590898ebab5fba56a467

SHA1
3794eaf45a5dba01a76d5989aa66fd907aa1891c

SHA256
33b8a2ab263cdcc9054cac93f0cadb8463c0967fd072f426303578fa7ea3c903

SHA512
77f3d5f0ac974f6342a1a717035fdc08a7348d3ea621de72cf20b688f62ecdcf533bb6376a6937859166b1fbcb42fad9b40bd4f594f4a1cdbcba02417ea86445

Download Submit
memory/760-1574-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/760-85-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1036-58-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1036-87-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1036-1358-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1476-1595-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1476-96-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1476-338-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1760-1590-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1760-102-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1760-390-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1587-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1976-90-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2008-53-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2008-1357-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2140-137-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2140-1497-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2140-75-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2204-107-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2204-95-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-48-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-264-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-0-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2204-98-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2204-38-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2204-49-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2204-31-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-34-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-81-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2204-70-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2204-61-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-89-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-22-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2204-108-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-45-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2204-51-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-441-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2204-8-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1478-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-67-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-69-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2652-43-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1342-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2768-36-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1354-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1353-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-9-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1355-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2792-28-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1356-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2896-15-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2896-60-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1348-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/3028-35-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download