cobaltstrike | a7445332274aa2062cc1d2c32e8b014fde8dc1f67910a993a8f6aad409fb43c7

Analysis

max time kernel
149s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 00:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7e53c4cbc3da1a628771c9c863e82084
SHA1

5235ceed27679d3bde27a1b8449c8b71af7ac114
SHA256

a7445332274aa2062cc1d2c32e8b014fde8dc1f67910a993a8f6aad409fb43c7
SHA512

276b3fe147b68e9745e1e3ead39722e11a4195046839cf1926d3a91314da7fd33d5eb9f57c2c7dbfbaafab00f4a35ab688b5f9e61df18c5a1bf93519f1c8fa59
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b05-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-27.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-54.dat	cobalt_reflective_dll
behavioral1/files/0x0003000000018334-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-62.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b71-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b89-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b59-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b50-9.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-3.dat	xmrig
behavioral1/files/0x0009000000018b05-7.dat	xmrig
behavioral1/memory/2804-22-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b54-27.dat	xmrig
behavioral1/memory/2936-42-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-54.dat	xmrig
behavioral1/files/0x0003000000018334-71.dat	xmrig
behavioral1/memory/2380-84-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf5-102.dat	xmrig
behavioral1/files/0x0005000000019bf9-113.dat	xmrig
behavioral1/files/0x0005000000019d6d-131.dat	xmrig
behavioral1/files/0x0005000000019e92-138.dat	xmrig
behavioral1/files/0x0005000000019fd4-143.dat	xmrig
behavioral1/files/0x000500000001a400-193.dat	xmrig
behavioral1/memory/2380-491-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2608-1891-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2876-1880-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/1168-1956-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2416-1955-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/900-1949-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2996-1906-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2396-1929-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2028-1921-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/1720-1910-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2448-1866-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2936-1864-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2804-1844-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2984-1843-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2380-401-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2028-300-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2380-299-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-183.dat	xmrig
behavioral1/files/0x000500000001a3fd-187.dat	xmrig
behavioral1/files/0x000500000001a3f6-178.dat	xmrig
behavioral1/files/0x000500000001a3ab-173.dat	xmrig
behavioral1/files/0x000500000001a309-168.dat	xmrig
behavioral1/files/0x000500000001a0b6-163.dat	xmrig
behavioral1/files/0x000500000001a049-158.dat	xmrig
behavioral1/files/0x000500000001a03c-153.dat	xmrig
behavioral1/files/0x0005000000019fdd-148.dat	xmrig
behavioral1/files/0x0005000000019d62-128.dat	xmrig
behavioral1/files/0x0005000000019d61-124.dat	xmrig
behavioral1/files/0x0005000000019c3c-118.dat	xmrig
behavioral1/memory/1168-104-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf6-107.dat	xmrig
behavioral1/memory/2380-101-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2876-100-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2028-83-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/900-81-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019820-77.dat	xmrig
behavioral1/memory/2416-96-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2396-95-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2312-93-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001998d-88.dat	xmrig
behavioral1/files/0x00050000000197fd-76.dat	xmrig
behavioral1/memory/2996-58-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/1720-57-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2380-66-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2608-65-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019761-62.dat	xmrig
behavioral1/files/0x0009000000018b71-53.dat	xmrig
behavioral1/memory/2876-47-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b89-41.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2804	ZsvDJCq.exe
2448	pUKHgop.exe
2984	wqcztmp.exe
2312	inUNrKB.exe
2936	KPHEPYQ.exe
2876	iiDhSIT.exe
1720	ZjUTVuo.exe
2996	iAbHJyH.exe
2608	CGhqrdw.exe
900	XrGjqUZ.exe
2028	tFvjoEK.exe
2396	xBtlHVE.exe
2416	ozVIpVI.exe
1168	qTdwyBs.exe
3020	ykrihUR.exe
3060	DbARmiu.exe
2300	aUOVpjB.exe
2952	SGPbQAk.exe
2004	bjvaIDn.exe
2540	kkYLQcb.exe
2896	ICYabSi.exe
800	CUISDRE.exe
1744	CPFnDHt.exe
2188	YGUucOl.exe
1524	NLUTkbX.exe
2452	qaFcjwa.exe
2492	xjIwslg.exe
2684	aqRjPTk.exe
2140	qZGdZtp.exe
1716	RgErVND.exe
2652	pbJwVLT.exe
2012	FtkvMOY.exe
340	JhJBzJi.exe
2584	uUQtlMC.exe
1244	kbQiFpP.exe
2444	SkcazYT.exe
456	lxIrmKv.exe
1556	YBLTLsg.exe
1488	bsXeTLj.exe
2688	YQUgtTO.exe
2008	CAwqwGr.exe
2556	nZgaLNN.exe
1736	FCicQEq.exe
1756	jYKFrRH.exe
1656	GvXySYX.exe
1780	TZSuVhd.exe
2268	QlYvNIh.exe
2308	smMhwyW.exe
2256	MpeMRSX.exe
316	ASbKewV.exe
472	vhgnuWy.exe
1940	yDAaMdA.exe
332	HGOsHOG.exe
884	XClBkMS.exe
2552	qivNFID.exe
1184	EfiRIPX.exe
2912	pngwJVm.exe
2596	XuOtykW.exe
1064	TRoeVLw.exe
2812	wQJEwVw.exe
2172	BvolAHY.exe
2872	jxSLEFY.exe
2036	kYdZCfG.exe
2716	nFmqFnI.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-3.dat	upx
behavioral1/files/0x0009000000018b05-7.dat	upx
behavioral1/memory/2804-22-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0007000000018b54-27.dat	upx
behavioral1/memory/2936-42-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000500000001975a-54.dat	upx
behavioral1/files/0x0003000000018334-71.dat	upx
behavioral1/files/0x0005000000019bf5-102.dat	upx
behavioral1/files/0x0005000000019bf9-113.dat	upx
behavioral1/files/0x0005000000019d6d-131.dat	upx
behavioral1/files/0x0005000000019e92-138.dat	upx
behavioral1/files/0x0005000000019fd4-143.dat	upx
behavioral1/files/0x000500000001a400-193.dat	upx
behavioral1/memory/2608-1891-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2876-1880-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1168-1956-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2416-1955-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/900-1949-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2996-1906-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2396-1929-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2028-1921-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/1720-1910-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2448-1866-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2936-1864-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2804-1844-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2984-1843-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2028-300-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-183.dat	upx
behavioral1/files/0x000500000001a3fd-187.dat	upx
behavioral1/files/0x000500000001a3f6-178.dat	upx
behavioral1/files/0x000500000001a3ab-173.dat	upx
behavioral1/files/0x000500000001a309-168.dat	upx
behavioral1/files/0x000500000001a0b6-163.dat	upx
behavioral1/files/0x000500000001a049-158.dat	upx
behavioral1/files/0x000500000001a03c-153.dat	upx
behavioral1/files/0x0005000000019fdd-148.dat	upx
behavioral1/files/0x0005000000019d62-128.dat	upx
behavioral1/files/0x0005000000019d61-124.dat	upx
behavioral1/files/0x0005000000019c3c-118.dat	upx
behavioral1/memory/1168-104-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0005000000019bf6-107.dat	upx
behavioral1/memory/2876-100-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2028-83-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/900-81-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0005000000019820-77.dat	upx
behavioral1/memory/2416-96-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2396-95-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2312-93-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x000500000001998d-88.dat	upx
behavioral1/files/0x00050000000197fd-76.dat	upx
behavioral1/memory/2996-58-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/1720-57-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2380-66-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2608-65-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0005000000019761-62.dat	upx
behavioral1/files/0x0009000000018b71-53.dat	upx
behavioral1/memory/2876-47-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0007000000018b89-41.dat	upx
behavioral1/files/0x0007000000018b59-33.dat	upx
behavioral1/memory/2312-29-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0007000000018b50-9.dat	upx
behavioral1/memory/2984-21-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2448-20-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XnYCbts.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMojznZ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okPjlBQ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSnVTzI.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLWnMRL.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGFMkOY.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlYvNIh.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hejUQwR.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMTkHCW.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwKNhSZ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecUPbRk.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeRrSvF.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdBmQFJ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKqAVVn.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLuzdha.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIcCpKi.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkcOkkc.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqFTFma.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNyHYhV.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyiGxRB.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KSEEJRx.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHkPgQv.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUnJYxn.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKiRShM.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMZPlbS.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtONRtx.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvXySYX.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjTlLDu.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIZCtXN.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiWYcxQ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLaxGRT.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmurISg.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MslRExn.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxWaBwK.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUGHuMi.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGHfVft.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXoHPxF.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIcGPhz.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzOWiVQ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTYLrQX.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQXRrQD.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cohgiyc.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrGjqUZ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OeUUmMb.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGZpeqL.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IusKlmJ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBlAciy.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALlUzRb.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hjgigid.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctvUTmZ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJGRZbZ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjtXlpH.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfTVSFi.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqSEXdB.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRtqLvh.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVBhucy.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYdZCfG.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCqlOyV.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RScxBeQ.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoueNnx.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMNAfPw.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaQVCCH.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRmalTl.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXIcZvW.exe	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2804	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2380 wrote to memory of 2804	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2380 wrote to memory of 2804	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2380 wrote to memory of 2448	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2448	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2448	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2984	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2984	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2984	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2312	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2312	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2312	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2936	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2936	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2936	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 1720	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 1720	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 1720	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2876	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2876	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2876	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2996	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2996	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2996	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2608	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2608	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2608	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 900	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 900	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 900	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2028	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2028	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2028	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2416	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2416	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2416	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2396	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2396	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2396	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 1168	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1168	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1168	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 3020	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 3020	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 3020	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 3060	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 3060	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 3060	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2300	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2300	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2300	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2952	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2952	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2952	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2004	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 2004	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 2004	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 2540	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 2540	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 2540	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 2896	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 2896	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 2896	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 800	2380	2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_7e53c4cbc3da1a628771c9c863e82084_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\ZsvDJCq.exe
  C:\Windows\System\ZsvDJCq.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\pUKHgop.exe
  C:\Windows\System\pUKHgop.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\wqcztmp.exe
  C:\Windows\System\wqcztmp.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\inUNrKB.exe
  C:\Windows\System\inUNrKB.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\KPHEPYQ.exe
  C:\Windows\System\KPHEPYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ZjUTVuo.exe
  C:\Windows\System\ZjUTVuo.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\iiDhSIT.exe
  C:\Windows\System\iiDhSIT.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\iAbHJyH.exe
  C:\Windows\System\iAbHJyH.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\CGhqrdw.exe
  C:\Windows\System\CGhqrdw.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\XrGjqUZ.exe
  C:\Windows\System\XrGjqUZ.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\tFvjoEK.exe
  C:\Windows\System\tFvjoEK.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ozVIpVI.exe
  C:\Windows\System\ozVIpVI.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\xBtlHVE.exe
  C:\Windows\System\xBtlHVE.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\qTdwyBs.exe
  C:\Windows\System\qTdwyBs.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\ykrihUR.exe
  C:\Windows\System\ykrihUR.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\DbARmiu.exe
  C:\Windows\System\DbARmiu.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\aUOVpjB.exe
  C:\Windows\System\aUOVpjB.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\SGPbQAk.exe
  C:\Windows\System\SGPbQAk.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\bjvaIDn.exe
  C:\Windows\System\bjvaIDn.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\kkYLQcb.exe
  C:\Windows\System\kkYLQcb.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ICYabSi.exe
  C:\Windows\System\ICYabSi.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\CUISDRE.exe
  C:\Windows\System\CUISDRE.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\CPFnDHt.exe
  C:\Windows\System\CPFnDHt.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\YGUucOl.exe
  C:\Windows\System\YGUucOl.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\NLUTkbX.exe
  C:\Windows\System\NLUTkbX.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\qaFcjwa.exe
  C:\Windows\System\qaFcjwa.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\xjIwslg.exe
  C:\Windows\System\xjIwslg.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\aqRjPTk.exe
  C:\Windows\System\aqRjPTk.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\qZGdZtp.exe
  C:\Windows\System\qZGdZtp.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\RgErVND.exe
  C:\Windows\System\RgErVND.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\pbJwVLT.exe
  C:\Windows\System\pbJwVLT.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\FtkvMOY.exe
  C:\Windows\System\FtkvMOY.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\JhJBzJi.exe
  C:\Windows\System\JhJBzJi.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\uUQtlMC.exe
  C:\Windows\System\uUQtlMC.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\kbQiFpP.exe
  C:\Windows\System\kbQiFpP.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\SkcazYT.exe
  C:\Windows\System\SkcazYT.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\lxIrmKv.exe
  C:\Windows\System\lxIrmKv.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\bsXeTLj.exe
  C:\Windows\System\bsXeTLj.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\YBLTLsg.exe
  C:\Windows\System\YBLTLsg.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\nZgaLNN.exe
  C:\Windows\System\nZgaLNN.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\YQUgtTO.exe
  C:\Windows\System\YQUgtTO.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\FCicQEq.exe
  C:\Windows\System\FCicQEq.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\CAwqwGr.exe
  C:\Windows\System\CAwqwGr.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\jYKFrRH.exe
  C:\Windows\System\jYKFrRH.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\GvXySYX.exe
  C:\Windows\System\GvXySYX.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\vhgnuWy.exe
  C:\Windows\System\vhgnuWy.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\TZSuVhd.exe
  C:\Windows\System\TZSuVhd.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\yDAaMdA.exe
  C:\Windows\System\yDAaMdA.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\QlYvNIh.exe
  C:\Windows\System\QlYvNIh.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\HGOsHOG.exe
  C:\Windows\System\HGOsHOG.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\smMhwyW.exe
  C:\Windows\System\smMhwyW.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\XClBkMS.exe
  C:\Windows\System\XClBkMS.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\MpeMRSX.exe
  C:\Windows\System\MpeMRSX.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\qivNFID.exe
  C:\Windows\System\qivNFID.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\ASbKewV.exe
  C:\Windows\System\ASbKewV.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\EfiRIPX.exe
  C:\Windows\System\EfiRIPX.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\pngwJVm.exe
  C:\Windows\System\pngwJVm.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\jxSLEFY.exe
  C:\Windows\System\jxSLEFY.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\XuOtykW.exe
  C:\Windows\System\XuOtykW.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\nFmqFnI.exe
  C:\Windows\System\nFmqFnI.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\TRoeVLw.exe
  C:\Windows\System\TRoeVLw.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\JSVKXHs.exe
  C:\Windows\System\JSVKXHs.exe
  2⤵
  PID:2728
- C:\Windows\System\wQJEwVw.exe
  C:\Windows\System\wQJEwVw.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\pSBfSzo.exe
  C:\Windows\System\pSBfSzo.exe
  2⤵
  PID:1172
- C:\Windows\System\BvolAHY.exe
  C:\Windows\System\BvolAHY.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\kXoHPxF.exe
  C:\Windows\System\kXoHPxF.exe
  2⤵
  PID:2968
- C:\Windows\System\kYdZCfG.exe
  C:\Windows\System\kYdZCfG.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\WeFzTJG.exe
  C:\Windows\System\WeFzTJG.exe
  2⤵
  PID:584
- C:\Windows\System\TVFtAlb.exe
  C:\Windows\System\TVFtAlb.exe
  2⤵
  PID:2240
- C:\Windows\System\FDYChND.exe
  C:\Windows\System\FDYChND.exe
  2⤵
  PID:2504
- C:\Windows\System\FnLKgmu.exe
  C:\Windows\System\FnLKgmu.exe
  2⤵
  PID:1968
- C:\Windows\System\BblMsIe.exe
  C:\Windows\System\BblMsIe.exe
  2⤵
  PID:2056
- C:\Windows\System\aIKNXqa.exe
  C:\Windows\System\aIKNXqa.exe
  2⤵
  PID:2548
- C:\Windows\System\QWJOAne.exe
  C:\Windows\System\QWJOAne.exe
  2⤵
  PID:2032
- C:\Windows\System\PeSonFx.exe
  C:\Windows\System\PeSonFx.exe
  2⤵
  PID:2524
- C:\Windows\System\VsTaokz.exe
  C:\Windows\System\VsTaokz.exe
  2⤵
  PID:1076
- C:\Windows\System\YljYkqL.exe
  C:\Windows\System\YljYkqL.exe
  2⤵
  PID:288
- C:\Windows\System\olQvSTy.exe
  C:\Windows\System\olQvSTy.exe
  2⤵
  PID:1372
- C:\Windows\System\mWISLsC.exe
  C:\Windows\System\mWISLsC.exe
  2⤵
  PID:2392
- C:\Windows\System\fLODweB.exe
  C:\Windows\System\fLODweB.exe
  2⤵
  PID:2648
- C:\Windows\System\HdRBoJq.exe
  C:\Windows\System\HdRBoJq.exe
  2⤵
  PID:1356
- C:\Windows\System\bVtbdhD.exe
  C:\Windows\System\bVtbdhD.exe
  2⤵
  PID:1604
- C:\Windows\System\mbpSRox.exe
  C:\Windows\System\mbpSRox.exe
  2⤵
  PID:2000
- C:\Windows\System\zTxNfVY.exe
  C:\Windows\System\zTxNfVY.exe
  2⤵
  PID:2460
- C:\Windows\System\VobCBFj.exe
  C:\Windows\System\VobCBFj.exe
  2⤵
  PID:3024
- C:\Windows\System\zLuzdha.exe
  C:\Windows\System\zLuzdha.exe
  2⤵
  PID:2848
- C:\Windows\System\HrwwTOH.exe
  C:\Windows\System\HrwwTOH.exe
  2⤵
  PID:2100
- C:\Windows\System\EJJoVnz.exe
  C:\Windows\System\EJJoVnz.exe
  2⤵
  PID:2296
- C:\Windows\System\aUIEVOd.exe
  C:\Windows\System\aUIEVOd.exe
  2⤵
  PID:876
- C:\Windows\System\QinSUbW.exe
  C:\Windows\System\QinSUbW.exe
  2⤵
  PID:2852
- C:\Windows\System\VBybdLv.exe
  C:\Windows\System\VBybdLv.exe
  2⤵
  PID:2568
- C:\Windows\System\UuiQwzC.exe
  C:\Windows\System\UuiQwzC.exe
  2⤵
  PID:2956
- C:\Windows\System\SuWhENP.exe
  C:\Windows\System\SuWhENP.exe
  2⤵
  PID:1260
- C:\Windows\System\cBKFAtZ.exe
  C:\Windows\System\cBKFAtZ.exe
  2⤵
  PID:1484
- C:\Windows\System\CfBSgvq.exe
  C:\Windows\System\CfBSgvq.exe
  2⤵
  PID:592
- C:\Windows\System\tVXhjVF.exe
  C:\Windows\System\tVXhjVF.exe
  2⤵
  PID:2088
- C:\Windows\System\ZycFFZc.exe
  C:\Windows\System\ZycFFZc.exe
  2⤵
  PID:1052
- C:\Windows\System\GpygSpS.exe
  C:\Windows\System\GpygSpS.exe
  2⤵
  PID:2476
- C:\Windows\System\oUMEwiY.exe
  C:\Windows\System\oUMEwiY.exe
  2⤵
  PID:2284
- C:\Windows\System\ydqGXSy.exe
  C:\Windows\System\ydqGXSy.exe
  2⤵
  PID:1552
- C:\Windows\System\pLaxGRT.exe
  C:\Windows\System\pLaxGRT.exe
  2⤵
  PID:2420
- C:\Windows\System\KjtYDyI.exe
  C:\Windows\System\KjtYDyI.exe
  2⤵
  PID:1132
- C:\Windows\System\ACiFIic.exe
  C:\Windows\System\ACiFIic.exe
  2⤵
  PID:1640
- C:\Windows\System\eutjUzw.exe
  C:\Windows\System\eutjUzw.exe
  2⤵
  PID:2020
- C:\Windows\System\ZGtvTeZ.exe
  C:\Windows\System\ZGtvTeZ.exe
  2⤵
  PID:392
- C:\Windows\System\wKiRShM.exe
  C:\Windows\System\wKiRShM.exe
  2⤵
  PID:2368
- C:\Windows\System\fzAZSBf.exe
  C:\Windows\System\fzAZSBf.exe
  2⤵
  PID:1116
- C:\Windows\System\NFAEIBG.exe
  C:\Windows\System\NFAEIBG.exe
  2⤵
  PID:2964
- C:\Windows\System\Fmgpgux.exe
  C:\Windows\System\Fmgpgux.exe
  2⤵
  PID:3036
- C:\Windows\System\eXKqoJh.exe
  C:\Windows\System\eXKqoJh.exe
  2⤵
  PID:2732
- C:\Windows\System\iBdVXfd.exe
  C:\Windows\System\iBdVXfd.exe
  2⤵
  PID:2900
- C:\Windows\System\sIrWqDp.exe
  C:\Windows\System\sIrWqDp.exe
  2⤵
  PID:2640
- C:\Windows\System\MMNGdUh.exe
  C:\Windows\System\MMNGdUh.exe
  2⤵
  PID:2484
- C:\Windows\System\kwOkZjx.exe
  C:\Windows\System\kwOkZjx.exe
  2⤵
  PID:1748
- C:\Windows\System\nCwxKfw.exe
  C:\Windows\System\nCwxKfw.exe
  2⤵
  PID:3080
- C:\Windows\System\dPbpIYi.exe
  C:\Windows\System\dPbpIYi.exe
  2⤵
  PID:3104
- C:\Windows\System\PbCdicp.exe
  C:\Windows\System\PbCdicp.exe
  2⤵
  PID:3128
- C:\Windows\System\JubliLA.exe
  C:\Windows\System\JubliLA.exe
  2⤵
  PID:3144
- C:\Windows\System\uiWnBAI.exe
  C:\Windows\System\uiWnBAI.exe
  2⤵
  PID:3172
- C:\Windows\System\whdGCAd.exe
  C:\Windows\System\whdGCAd.exe
  2⤵
  PID:3192
- C:\Windows\System\HQEuFdJ.exe
  C:\Windows\System\HQEuFdJ.exe
  2⤵
  PID:3212
- C:\Windows\System\YOcuZua.exe
  C:\Windows\System\YOcuZua.exe
  2⤵
  PID:3228
- C:\Windows\System\ZGUyWgr.exe
  C:\Windows\System\ZGUyWgr.exe
  2⤵
  PID:3252
- C:\Windows\System\CFLQRoe.exe
  C:\Windows\System\CFLQRoe.exe
  2⤵
  PID:3272
- C:\Windows\System\nZPGlHa.exe
  C:\Windows\System\nZPGlHa.exe
  2⤵
  PID:3296
- C:\Windows\System\KYKBUwK.exe
  C:\Windows\System\KYKBUwK.exe
  2⤵
  PID:3316
- C:\Windows\System\fqiFHcK.exe
  C:\Windows\System\fqiFHcK.exe
  2⤵
  PID:3332
- C:\Windows\System\gWdKssf.exe
  C:\Windows\System\gWdKssf.exe
  2⤵
  PID:3360
- C:\Windows\System\Qalbfft.exe
  C:\Windows\System\Qalbfft.exe
  2⤵
  PID:3376
- C:\Windows\System\APBNJLl.exe
  C:\Windows\System\APBNJLl.exe
  2⤵
  PID:3392
- C:\Windows\System\csQeifj.exe
  C:\Windows\System\csQeifj.exe
  2⤵
  PID:3412
- C:\Windows\System\VRJWIqI.exe
  C:\Windows\System\VRJWIqI.exe
  2⤵
  PID:3428
- C:\Windows\System\NZUNQXB.exe
  C:\Windows\System\NZUNQXB.exe
  2⤵
  PID:3460
- C:\Windows\System\nMHumjo.exe
  C:\Windows\System\nMHumjo.exe
  2⤵
  PID:3480
- C:\Windows\System\CMiYPpX.exe
  C:\Windows\System\CMiYPpX.exe
  2⤵
  PID:3504
- C:\Windows\System\JPVIGuG.exe
  C:\Windows\System\JPVIGuG.exe
  2⤵
  PID:3524
- C:\Windows\System\wemYPWj.exe
  C:\Windows\System\wemYPWj.exe
  2⤵
  PID:3544
- C:\Windows\System\VuhZumK.exe
  C:\Windows\System\VuhZumK.exe
  2⤵
  PID:3564
- C:\Windows\System\KWORYWD.exe
  C:\Windows\System\KWORYWD.exe
  2⤵
  PID:3584
- C:\Windows\System\gmQaoIG.exe
  C:\Windows\System\gmQaoIG.exe
  2⤵
  PID:3604
- C:\Windows\System\zjSCQLi.exe
  C:\Windows\System\zjSCQLi.exe
  2⤵
  PID:3624
- C:\Windows\System\IwLfbAK.exe
  C:\Windows\System\IwLfbAK.exe
  2⤵
  PID:3644
- C:\Windows\System\ArhstlE.exe
  C:\Windows\System\ArhstlE.exe
  2⤵
  PID:3660
- C:\Windows\System\PpdttHw.exe
  C:\Windows\System\PpdttHw.exe
  2⤵
  PID:3688
- C:\Windows\System\jjAuYRZ.exe
  C:\Windows\System\jjAuYRZ.exe
  2⤵
  PID:3712
- C:\Windows\System\HlPSomG.exe
  C:\Windows\System\HlPSomG.exe
  2⤵
  PID:3732
- C:\Windows\System\BOMStuX.exe
  C:\Windows\System\BOMStuX.exe
  2⤵
  PID:3752
- C:\Windows\System\ALlUzRb.exe
  C:\Windows\System\ALlUzRb.exe
  2⤵
  PID:3772
- C:\Windows\System\HLjFdtu.exe
  C:\Windows\System\HLjFdtu.exe
  2⤵
  PID:3792
- C:\Windows\System\dBTaGfN.exe
  C:\Windows\System\dBTaGfN.exe
  2⤵
  PID:3812
- C:\Windows\System\ZfOBdKb.exe
  C:\Windows\System\ZfOBdKb.exe
  2⤵
  PID:3832
- C:\Windows\System\hejUQwR.exe
  C:\Windows\System\hejUQwR.exe
  2⤵
  PID:3852
- C:\Windows\System\qZbHkvh.exe
  C:\Windows\System\qZbHkvh.exe
  2⤵
  PID:3868
- C:\Windows\System\nMPONmH.exe
  C:\Windows\System\nMPONmH.exe
  2⤵
  PID:3888
- C:\Windows\System\vnNNZYh.exe
  C:\Windows\System\vnNNZYh.exe
  2⤵
  PID:3908
- C:\Windows\System\VaOXaRR.exe
  C:\Windows\System\VaOXaRR.exe
  2⤵
  PID:3932
- C:\Windows\System\iVoYRdx.exe
  C:\Windows\System\iVoYRdx.exe
  2⤵
  PID:3952
- C:\Windows\System\KSnVTzI.exe
  C:\Windows\System\KSnVTzI.exe
  2⤵
  PID:3972
- C:\Windows\System\kDAWDEr.exe
  C:\Windows\System\kDAWDEr.exe
  2⤵
  PID:3992
- C:\Windows\System\WyDPdki.exe
  C:\Windows\System\WyDPdki.exe
  2⤵
  PID:4012
- C:\Windows\System\rnPqtkX.exe
  C:\Windows\System\rnPqtkX.exe
  2⤵
  PID:4028
- C:\Windows\System\ewxSJTG.exe
  C:\Windows\System\ewxSJTG.exe
  2⤵
  PID:4052
- C:\Windows\System\kPlYRbE.exe
  C:\Windows\System\kPlYRbE.exe
  2⤵
  PID:4076
- C:\Windows\System\gWIfkuI.exe
  C:\Windows\System\gWIfkuI.exe
  2⤵
  PID:1804
- C:\Windows\System\EgSzFBf.exe
  C:\Windows\System\EgSzFBf.exe
  2⤵
  PID:2428
- C:\Windows\System\AJTqofI.exe
  C:\Windows\System\AJTqofI.exe
  2⤵
  PID:1608
- C:\Windows\System\HPRQNOh.exe
  C:\Windows\System\HPRQNOh.exe
  2⤵
  PID:1528
- C:\Windows\System\OeAOrKv.exe
  C:\Windows\System\OeAOrKv.exe
  2⤵
  PID:1708
- C:\Windows\System\kMRXxCn.exe
  C:\Windows\System\kMRXxCn.exe
  2⤵
  PID:1576
- C:\Windows\System\LPfKnqf.exe
  C:\Windows\System\LPfKnqf.exe
  2⤵
  PID:2840
- C:\Windows\System\QnEruAL.exe
  C:\Windows\System\QnEruAL.exe
  2⤵
  PID:2292
- C:\Windows\System\CvFQuSz.exe
  C:\Windows\System\CvFQuSz.exe
  2⤵
  PID:3100
- C:\Windows\System\xcOTVvg.exe
  C:\Windows\System\xcOTVvg.exe
  2⤵
  PID:1776
- C:\Windows\System\sWFTwPp.exe
  C:\Windows\System\sWFTwPp.exe
  2⤵
  PID:3184
- C:\Windows\System\UFgNCsH.exe
  C:\Windows\System\UFgNCsH.exe
  2⤵
  PID:3120
- C:\Windows\System\DvPFCam.exe
  C:\Windows\System\DvPFCam.exe
  2⤵
  PID:3160
- C:\Windows\System\nIpJqzj.exe
  C:\Windows\System\nIpJqzj.exe
  2⤵
  PID:3200
- C:\Windows\System\ZkovKIA.exe
  C:\Windows\System\ZkovKIA.exe
  2⤵
  PID:3264
- C:\Windows\System\uHykHhZ.exe
  C:\Windows\System\uHykHhZ.exe
  2⤵
  PID:3304
- C:\Windows\System\qllrIXE.exe
  C:\Windows\System\qllrIXE.exe
  2⤵
  PID:3288
- C:\Windows\System\vHrOeFf.exe
  C:\Windows\System\vHrOeFf.exe
  2⤵
  PID:3328
- C:\Windows\System\XbymEgW.exe
  C:\Windows\System\XbymEgW.exe
  2⤵
  PID:3468
- C:\Windows\System\OucGJmd.exe
  C:\Windows\System\OucGJmd.exe
  2⤵
  PID:3368
- C:\Windows\System\taCKDtP.exe
  C:\Windows\System\taCKDtP.exe
  2⤵
  PID:3440
- C:\Windows\System\QtzlqPO.exe
  C:\Windows\System\QtzlqPO.exe
  2⤵
  PID:3448
- C:\Windows\System\iRNccDU.exe
  C:\Windows\System\iRNccDU.exe
  2⤵
  PID:3244
- C:\Windows\System\BwpyRjr.exe
  C:\Windows\System\BwpyRjr.exe
  2⤵
  PID:3536
- C:\Windows\System\pGrrFvu.exe
  C:\Windows\System\pGrrFvu.exe
  2⤵
  PID:3596
- C:\Windows\System\suEgobT.exe
  C:\Windows\System\suEgobT.exe
  2⤵
  PID:3636
- C:\Windows\System\xZktZsm.exe
  C:\Windows\System\xZktZsm.exe
  2⤵
  PID:3684
- C:\Windows\System\ZkvPjJq.exe
  C:\Windows\System\ZkvPjJq.exe
  2⤵
  PID:3652
- C:\Windows\System\nRShphS.exe
  C:\Windows\System\nRShphS.exe
  2⤵
  PID:3700
- C:\Windows\System\OxdfjQb.exe
  C:\Windows\System\OxdfjQb.exe
  2⤵
  PID:3748
- C:\Windows\System\UFPjyNR.exe
  C:\Windows\System\UFPjyNR.exe
  2⤵
  PID:3780
- C:\Windows\System\JuYycYr.exe
  C:\Windows\System\JuYycYr.exe
  2⤵
  PID:3844
- C:\Windows\System\DRFClxY.exe
  C:\Windows\System\DRFClxY.exe
  2⤵
  PID:3884
- C:\Windows\System\TvcHKwS.exe
  C:\Windows\System\TvcHKwS.exe
  2⤵
  PID:3920
- C:\Windows\System\EMTkHCW.exe
  C:\Windows\System\EMTkHCW.exe
  2⤵
  PID:3960
- C:\Windows\System\KupUzOp.exe
  C:\Windows\System\KupUzOp.exe
  2⤵
  PID:3948
- C:\Windows\System\RWCrrVM.exe
  C:\Windows\System\RWCrrVM.exe
  2⤵
  PID:3944
- C:\Windows\System\xwShgXZ.exe
  C:\Windows\System\xwShgXZ.exe
  2⤵
  PID:4020
- C:\Windows\System\itvXqRq.exe
  C:\Windows\System\itvXqRq.exe
  2⤵
  PID:4084
- C:\Windows\System\KnXEYkN.exe
  C:\Windows\System\KnXEYkN.exe
  2⤵
  PID:4060
- C:\Windows\System\KzdqILE.exe
  C:\Windows\System\KzdqILE.exe
  2⤵
  PID:920
- C:\Windows\System\LYfXHlM.exe
  C:\Windows\System\LYfXHlM.exe
  2⤵
  PID:2272
- C:\Windows\System\LOJBtfz.exe
  C:\Windows\System\LOJBtfz.exe
  2⤵
  PID:2260
- C:\Windows\System\txCWkkU.exe
  C:\Windows\System\txCWkkU.exe
  2⤵
  PID:3096
- C:\Windows\System\kxWaBwK.exe
  C:\Windows\System\kxWaBwK.exe
  2⤵
  PID:3140
- C:\Windows\System\tcCANXB.exe
  C:\Windows\System\tcCANXB.exe
  2⤵
  PID:3092
- C:\Windows\System\BJINTzN.exe
  C:\Windows\System\BJINTzN.exe
  2⤵
  PID:3152
- C:\Windows\System\hakwzIE.exe
  C:\Windows\System\hakwzIE.exe
  2⤵
  PID:2844
- C:\Windows\System\gWEtQWT.exe
  C:\Windows\System\gWEtQWT.exe
  2⤵
  PID:3236
- C:\Windows\System\tkNwkpK.exe
  C:\Windows\System\tkNwkpK.exe
  2⤵
  PID:3340
- C:\Windows\System\TgcyFve.exe
  C:\Windows\System\TgcyFve.exe
  2⤵
  PID:3344
- C:\Windows\System\LrIEOBx.exe
  C:\Windows\System\LrIEOBx.exe
  2⤵
  PID:3436
- C:\Windows\System\GlTsiVH.exe
  C:\Windows\System\GlTsiVH.exe
  2⤵
  PID:3456
- C:\Windows\System\pOunfyP.exe
  C:\Windows\System\pOunfyP.exe
  2⤵
  PID:3532
- C:\Windows\System\fMAiLJT.exe
  C:\Windows\System\fMAiLJT.exe
  2⤵
  PID:3680
- C:\Windows\System\wKCDLmz.exe
  C:\Windows\System\wKCDLmz.exe
  2⤵
  PID:2456
- C:\Windows\System\JzqahFW.exe
  C:\Windows\System\JzqahFW.exe
  2⤵
  PID:3696
- C:\Windows\System\TWzCtiG.exe
  C:\Windows\System\TWzCtiG.exe
  2⤵
  PID:3768
- C:\Windows\System\nUgFjrJ.exe
  C:\Windows\System\nUgFjrJ.exe
  2⤵
  PID:3788
- C:\Windows\System\qPaKnkS.exe
  C:\Windows\System\qPaKnkS.exe
  2⤵
  PID:3820
- C:\Windows\System\XuOXlPe.exe
  C:\Windows\System\XuOXlPe.exe
  2⤵
  PID:3896
- C:\Windows\System\ohlEFwo.exe
  C:\Windows\System\ohlEFwo.exe
  2⤵
  PID:3964
- C:\Windows\System\GOKgrta.exe
  C:\Windows\System\GOKgrta.exe
  2⤵
  PID:4040
- C:\Windows\System\BQkcVfM.exe
  C:\Windows\System\BQkcVfM.exe
  2⤵
  PID:3984
- C:\Windows\System\BUaumgK.exe
  C:\Windows\System\BUaumgK.exe
  2⤵
  PID:4112
- C:\Windows\System\xjbTTBa.exe
  C:\Windows\System\xjbTTBa.exe
  2⤵
  PID:4132
- C:\Windows\System\gMUWiBN.exe
  C:\Windows\System\gMUWiBN.exe
  2⤵
  PID:4152
- C:\Windows\System\YkEAvdN.exe
  C:\Windows\System\YkEAvdN.exe
  2⤵
  PID:4176
- C:\Windows\System\fccRZcK.exe
  C:\Windows\System\fccRZcK.exe
  2⤵
  PID:4196
- C:\Windows\System\KeBIdRV.exe
  C:\Windows\System\KeBIdRV.exe
  2⤵
  PID:4216
- C:\Windows\System\zTStnfd.exe
  C:\Windows\System\zTStnfd.exe
  2⤵
  PID:4240
- C:\Windows\System\emLMFIf.exe
  C:\Windows\System\emLMFIf.exe
  2⤵
  PID:4260
- C:\Windows\System\VwKNhSZ.exe
  C:\Windows\System\VwKNhSZ.exe
  2⤵
  PID:4276
- C:\Windows\System\tXiIRAe.exe
  C:\Windows\System\tXiIRAe.exe
  2⤵
  PID:4300
- C:\Windows\System\QcrhHTf.exe
  C:\Windows\System\QcrhHTf.exe
  2⤵
  PID:4320
- C:\Windows\System\URXuhuF.exe
  C:\Windows\System\URXuhuF.exe
  2⤵
  PID:4340
- C:\Windows\System\eswLxla.exe
  C:\Windows\System\eswLxla.exe
  2⤵
  PID:4356
- C:\Windows\System\lXZNTgO.exe
  C:\Windows\System\lXZNTgO.exe
  2⤵
  PID:4376
- C:\Windows\System\zibAuRy.exe
  C:\Windows\System\zibAuRy.exe
  2⤵
  PID:4396
- C:\Windows\System\TbSvuDW.exe
  C:\Windows\System\TbSvuDW.exe
  2⤵
  PID:4416
- C:\Windows\System\hyDSljz.exe
  C:\Windows\System\hyDSljz.exe
  2⤵
  PID:4440
- C:\Windows\System\EayOsHw.exe
  C:\Windows\System\EayOsHw.exe
  2⤵
  PID:4456
- C:\Windows\System\oEBJTcV.exe
  C:\Windows\System\oEBJTcV.exe
  2⤵
  PID:4480
- C:\Windows\System\QyyRtyb.exe
  C:\Windows\System\QyyRtyb.exe
  2⤵
  PID:4496
- C:\Windows\System\fQpqubR.exe
  C:\Windows\System\fQpqubR.exe
  2⤵
  PID:4520
- C:\Windows\System\EedFPfM.exe
  C:\Windows\System\EedFPfM.exe
  2⤵
  PID:4540
- C:\Windows\System\ICnGGMG.exe
  C:\Windows\System\ICnGGMG.exe
  2⤵
  PID:4560
- C:\Windows\System\hMeVznj.exe
  C:\Windows\System\hMeVznj.exe
  2⤵
  PID:4584
- C:\Windows\System\eyvwGgU.exe
  C:\Windows\System\eyvwGgU.exe
  2⤵
  PID:4604
- C:\Windows\System\NfKepMM.exe
  C:\Windows\System\NfKepMM.exe
  2⤵
  PID:4628
- C:\Windows\System\XnYCbts.exe
  C:\Windows\System\XnYCbts.exe
  2⤵
  PID:4648
- C:\Windows\System\SWzfoMf.exe
  C:\Windows\System\SWzfoMf.exe
  2⤵
  PID:4668
- C:\Windows\System\SuODlCc.exe
  C:\Windows\System\SuODlCc.exe
  2⤵
  PID:4688
- C:\Windows\System\iBVTTsb.exe
  C:\Windows\System\iBVTTsb.exe
  2⤵
  PID:4708
- C:\Windows\System\timwtfd.exe
  C:\Windows\System\timwtfd.exe
  2⤵
  PID:4724
- C:\Windows\System\GaCJuJH.exe
  C:\Windows\System\GaCJuJH.exe
  2⤵
  PID:4748
- C:\Windows\System\HUknfbC.exe
  C:\Windows\System\HUknfbC.exe
  2⤵
  PID:4768
- C:\Windows\System\aLWJvKz.exe
  C:\Windows\System\aLWJvKz.exe
  2⤵
  PID:4784
- C:\Windows\System\ElGKxcm.exe
  C:\Windows\System\ElGKxcm.exe
  2⤵
  PID:4804
- C:\Windows\System\sHEJjqV.exe
  C:\Windows\System\sHEJjqV.exe
  2⤵
  PID:4824
- C:\Windows\System\iXNdiDP.exe
  C:\Windows\System\iXNdiDP.exe
  2⤵
  PID:4848
- C:\Windows\System\wbyuunE.exe
  C:\Windows\System\wbyuunE.exe
  2⤵
  PID:4864
- C:\Windows\System\JtzkBki.exe
  C:\Windows\System\JtzkBki.exe
  2⤵
  PID:4880
- C:\Windows\System\uTDDeFb.exe
  C:\Windows\System\uTDDeFb.exe
  2⤵
  PID:4904
- C:\Windows\System\Tpibxsv.exe
  C:\Windows\System\Tpibxsv.exe
  2⤵
  PID:4928
- C:\Windows\System\wGCgMWe.exe
  C:\Windows\System\wGCgMWe.exe
  2⤵
  PID:4948
- C:\Windows\System\pxSnbTq.exe
  C:\Windows\System\pxSnbTq.exe
  2⤵
  PID:4964
- C:\Windows\System\wraWQeu.exe
  C:\Windows\System\wraWQeu.exe
  2⤵
  PID:4992
- C:\Windows\System\ewFJLFQ.exe
  C:\Windows\System\ewFJLFQ.exe
  2⤵
  PID:5012
- C:\Windows\System\yqQjrXj.exe
  C:\Windows\System\yqQjrXj.exe
  2⤵
  PID:5036
- C:\Windows\System\HiuOrUg.exe
  C:\Windows\System\HiuOrUg.exe
  2⤵
  PID:5056
- C:\Windows\System\aJeqYaJ.exe
  C:\Windows\System\aJeqYaJ.exe
  2⤵
  PID:5076
- C:\Windows\System\rBoCtiV.exe
  C:\Windows\System\rBoCtiV.exe
  2⤵
  PID:5096
- C:\Windows\System\EgdOBkB.exe
  C:\Windows\System\EgdOBkB.exe
  2⤵
  PID:5116
- C:\Windows\System\zfZnIWQ.exe
  C:\Windows\System\zfZnIWQ.exe
  2⤵
  PID:2360
- C:\Windows\System\jHVcBDQ.exe
  C:\Windows\System\jHVcBDQ.exe
  2⤵
  PID:3164
- C:\Windows\System\MalzXOE.exe
  C:\Windows\System\MalzXOE.exe
  2⤵
  PID:1632
- C:\Windows\System\KXhsvLi.exe
  C:\Windows\System\KXhsvLi.exe
  2⤵
  PID:3076
- C:\Windows\System\Uqbktoa.exe
  C:\Windows\System\Uqbktoa.exe
  2⤵
  PID:3204
- C:\Windows\System\vLhvYrF.exe
  C:\Windows\System\vLhvYrF.exe
  2⤵
  PID:3424
- C:\Windows\System\fAxzMcc.exe
  C:\Windows\System\fAxzMcc.exe
  2⤵
  PID:3500
- C:\Windows\System\FBlAciy.exe
  C:\Windows\System\FBlAciy.exe
  2⤵
  PID:3580
- C:\Windows\System\eNBnHpf.exe
  C:\Windows\System\eNBnHpf.exe
  2⤵
  PID:3708
- C:\Windows\System\WbRgsTy.exe
  C:\Windows\System\WbRgsTy.exe
  2⤵
  PID:3640
- C:\Windows\System\NsKjUyG.exe
  C:\Windows\System\NsKjUyG.exe
  2⤵
  PID:3764
- C:\Windows\System\gGrMFnH.exe
  C:\Windows\System\gGrMFnH.exe
  2⤵
  PID:3924
- C:\Windows\System\guMofDV.exe
  C:\Windows\System\guMofDV.exe
  2⤵
  PID:4036
- C:\Windows\System\XAtSLsc.exe
  C:\Windows\System\XAtSLsc.exe
  2⤵
  PID:4100
- C:\Windows\System\QFHeEdr.exe
  C:\Windows\System\QFHeEdr.exe
  2⤵
  PID:4104
- C:\Windows\System\epCyzcZ.exe
  C:\Windows\System\epCyzcZ.exe
  2⤵
  PID:4124
- C:\Windows\System\vDNUQqE.exe
  C:\Windows\System\vDNUQqE.exe
  2⤵
  PID:4168
- C:\Windows\System\XGvqGdh.exe
  C:\Windows\System\XGvqGdh.exe
  2⤵
  PID:4232
- C:\Windows\System\coSGZGw.exe
  C:\Windows\System\coSGZGw.exe
  2⤵
  PID:4248
- C:\Windows\System\TBMyFdm.exe
  C:\Windows\System\TBMyFdm.exe
  2⤵
  PID:4252
- C:\Windows\System\DsKrtZu.exe
  C:\Windows\System\DsKrtZu.exe
  2⤵
  PID:4348
- C:\Windows\System\pfTZisf.exe
  C:\Windows\System\pfTZisf.exe
  2⤵
  PID:4336
- C:\Windows\System\feivoQh.exe
  C:\Windows\System\feivoQh.exe
  2⤵
  PID:4424
- C:\Windows\System\qZHcvqX.exe
  C:\Windows\System\qZHcvqX.exe
  2⤵
  PID:4408
- C:\Windows\System\bjwYUVr.exe
  C:\Windows\System\bjwYUVr.exe
  2⤵
  PID:4476
- C:\Windows\System\PNBoNTS.exe
  C:\Windows\System\PNBoNTS.exe
  2⤵
  PID:4508
- C:\Windows\System\GcYkLoO.exe
  C:\Windows\System\GcYkLoO.exe
  2⤵
  PID:4488
- C:\Windows\System\VTxLVYb.exe
  C:\Windows\System\VTxLVYb.exe
  2⤵
  PID:4592
- C:\Windows\System\ZDMSseh.exe
  C:\Windows\System\ZDMSseh.exe
  2⤵
  PID:4576
- C:\Windows\System\DVzwJJb.exe
  C:\Windows\System\DVzwJJb.exe
  2⤵
  PID:4616
- C:\Windows\System\PTseXaY.exe
  C:\Windows\System\PTseXaY.exe
  2⤵
  PID:4656
- C:\Windows\System\JPaWFNB.exe
  C:\Windows\System\JPaWFNB.exe
  2⤵
  PID:4720
- C:\Windows\System\wpgMfBG.exe
  C:\Windows\System\wpgMfBG.exe
  2⤵
  PID:4760
- C:\Windows\System\OLPOSgr.exe
  C:\Windows\System\OLPOSgr.exe
  2⤵
  PID:4736
- C:\Windows\System\hEZUYsi.exe
  C:\Windows\System\hEZUYsi.exe
  2⤵
  PID:4776
- C:\Windows\System\CcgLmuI.exe
  C:\Windows\System\CcgLmuI.exe
  2⤵
  PID:4836
- C:\Windows\System\DFXefif.exe
  C:\Windows\System\DFXefif.exe
  2⤵
  PID:4856
- C:\Windows\System\ayKfDrS.exe
  C:\Windows\System\ayKfDrS.exe
  2⤵
  PID:4924
- C:\Windows\System\ZPqZjAD.exe
  C:\Windows\System\ZPqZjAD.exe
  2⤵
  PID:4900
- C:\Windows\System\rlaDdNV.exe
  C:\Windows\System\rlaDdNV.exe
  2⤵
  PID:4980
- C:\Windows\System\YUtYuAz.exe
  C:\Windows\System\YUtYuAz.exe
  2⤵
  PID:5004
- C:\Windows\System\WUzTNdy.exe
  C:\Windows\System\WUzTNdy.exe
  2⤵
  PID:5032
- C:\Windows\System\iEecbPi.exe
  C:\Windows\System\iEecbPi.exe
  2⤵
  PID:5072
- C:\Windows\System\BllRIyA.exe
  C:\Windows\System\BllRIyA.exe
  2⤵
  PID:5028
- C:\Windows\System\zlHoHlY.exe
  C:\Windows\System\zlHoHlY.exe
  2⤵
  PID:1816
- C:\Windows\System\gtNrRKT.exe
  C:\Windows\System\gtNrRKT.exe
  2⤵
  PID:1832
- C:\Windows\System\BTnSOmF.exe
  C:\Windows\System\BTnSOmF.exe
  2⤵
  PID:976
- C:\Windows\System\xZaWLoE.exe
  C:\Windows\System\xZaWLoE.exe
  2⤵
  PID:3356
- C:\Windows\System\SikqXkM.exe
  C:\Windows\System\SikqXkM.exe
  2⤵
  PID:3372
- C:\Windows\System\dAWrAMO.exe
  C:\Windows\System\dAWrAMO.exe
  2⤵
  PID:3808
- C:\Windows\System\syyObFt.exe
  C:\Windows\System\syyObFt.exe
  2⤵
  PID:3632
- C:\Windows\System\WlVpEEK.exe
  C:\Windows\System\WlVpEEK.exe
  2⤵
  PID:3576
- C:\Windows\System\bYoQmgl.exe
  C:\Windows\System\bYoQmgl.exe
  2⤵
  PID:3864
- C:\Windows\System\PRrxLbc.exe
  C:\Windows\System\PRrxLbc.exe
  2⤵
  PID:4024
- C:\Windows\System\yDaCWXc.exe
  C:\Windows\System\yDaCWXc.exe
  2⤵
  PID:4188
- C:\Windows\System\dvWcvIz.exe
  C:\Windows\System\dvWcvIz.exe
  2⤵
  PID:4284
- C:\Windows\System\xzUvuyH.exe
  C:\Windows\System\xzUvuyH.exe
  2⤵
  PID:4272
- C:\Windows\System\zGauoOt.exe
  C:\Windows\System\zGauoOt.exe
  2⤵
  PID:4464
- C:\Windows\System\EMdMszq.exe
  C:\Windows\System\EMdMszq.exe
  2⤵
  PID:4552
- C:\Windows\System\KzBnRtL.exe
  C:\Windows\System\KzBnRtL.exe
  2⤵
  PID:4532
- C:\Windows\System\iBlnXxO.exe
  C:\Windows\System\iBlnXxO.exe
  2⤵
  PID:4512
- C:\Windows\System\bKKvMoV.exe
  C:\Windows\System\bKKvMoV.exe
  2⤵
  PID:4600
- C:\Windows\System\gFbtfkN.exe
  C:\Windows\System\gFbtfkN.exe
  2⤵
  PID:4704
- C:\Windows\System\DyiSmYj.exe
  C:\Windows\System\DyiSmYj.exe
  2⤵
  PID:4612
- C:\Windows\System\qiitfms.exe
  C:\Windows\System\qiitfms.exe
  2⤵
  PID:4620
- C:\Windows\System\qkmaQGd.exe
  C:\Windows\System\qkmaQGd.exe
  2⤵
  PID:4820
- C:\Windows\System\DuEdisZ.exe
  C:\Windows\System\DuEdisZ.exe
  2⤵
  PID:4896
- C:\Windows\System\FZvKXCO.exe
  C:\Windows\System\FZvKXCO.exe
  2⤵
  PID:4840
- C:\Windows\System\FCbKBgu.exe
  C:\Windows\System\FCbKBgu.exe
  2⤵
  PID:4944
- C:\Windows\System\CGtvMxq.exe
  C:\Windows\System\CGtvMxq.exe
  2⤵
  PID:5112
- C:\Windows\System\ocNtHQg.exe
  C:\Windows\System\ocNtHQg.exe
  2⤵
  PID:5108
- C:\Windows\System\LWjklfj.exe
  C:\Windows\System\LWjklfj.exe
  2⤵
  PID:2740
- C:\Windows\System\sjZaQCD.exe
  C:\Windows\System\sjZaQCD.exe
  2⤵
  PID:3268
- C:\Windows\System\VvKTCnQ.exe
  C:\Windows\System\VvKTCnQ.exe
  2⤵
  PID:3592
- C:\Windows\System\zsPdBlK.exe
  C:\Windows\System\zsPdBlK.exe
  2⤵
  PID:840
- C:\Windows\System\GUksakb.exe
  C:\Windows\System\GUksakb.exe
  2⤵
  PID:4148
- C:\Windows\System\ecUPbRk.exe
  C:\Windows\System\ecUPbRk.exe
  2⤵
  PID:5140
- C:\Windows\System\SBjEMxD.exe
  C:\Windows\System\SBjEMxD.exe
  2⤵
  PID:5160
- C:\Windows\System\qbMPTXp.exe
  C:\Windows\System\qbMPTXp.exe
  2⤵
  PID:5180
- C:\Windows\System\UsbVWEM.exe
  C:\Windows\System\UsbVWEM.exe
  2⤵
  PID:5200
- C:\Windows\System\NOFKPJp.exe
  C:\Windows\System\NOFKPJp.exe
  2⤵
  PID:5220
- C:\Windows\System\mLRgNwz.exe
  C:\Windows\System\mLRgNwz.exe
  2⤵
  PID:5236
- C:\Windows\System\aeeTkJC.exe
  C:\Windows\System\aeeTkJC.exe
  2⤵
  PID:5264
- C:\Windows\System\uPbiVIk.exe
  C:\Windows\System\uPbiVIk.exe
  2⤵
  PID:5284
- C:\Windows\System\JssZlSH.exe
  C:\Windows\System\JssZlSH.exe
  2⤵
  PID:5304
- C:\Windows\System\Qqxsroq.exe
  C:\Windows\System\Qqxsroq.exe
  2⤵
  PID:5320
- C:\Windows\System\oQGukEH.exe
  C:\Windows\System\oQGukEH.exe
  2⤵
  PID:5344
- C:\Windows\System\QxmrUoB.exe
  C:\Windows\System\QxmrUoB.exe
  2⤵
  PID:5364
- C:\Windows\System\wWhAtRY.exe
  C:\Windows\System\wWhAtRY.exe
  2⤵
  PID:5384
- C:\Windows\System\oVrYROM.exe
  C:\Windows\System\oVrYROM.exe
  2⤵
  PID:5400
- C:\Windows\System\XBtVfwJ.exe
  C:\Windows\System\XBtVfwJ.exe
  2⤵
  PID:5424
- C:\Windows\System\gnIKntm.exe
  C:\Windows\System\gnIKntm.exe
  2⤵
  PID:5444
- C:\Windows\System\AdyuFza.exe
  C:\Windows\System\AdyuFza.exe
  2⤵
  PID:5464
- C:\Windows\System\xBldpfn.exe
  C:\Windows\System\xBldpfn.exe
  2⤵
  PID:5484
- C:\Windows\System\QpxfNPq.exe
  C:\Windows\System\QpxfNPq.exe
  2⤵
  PID:5508
- C:\Windows\System\HJMYsbt.exe
  C:\Windows\System\HJMYsbt.exe
  2⤵
  PID:5528
- C:\Windows\System\mqSEXdB.exe
  C:\Windows\System\mqSEXdB.exe
  2⤵
  PID:5548
- C:\Windows\System\OnIoHIN.exe
  C:\Windows\System\OnIoHIN.exe
  2⤵
  PID:5564
- C:\Windows\System\grfKVKX.exe
  C:\Windows\System\grfKVKX.exe
  2⤵
  PID:5588
- C:\Windows\System\vtGtAqB.exe
  C:\Windows\System\vtGtAqB.exe
  2⤵
  PID:5608
- C:\Windows\System\iaYZqbd.exe
  C:\Windows\System\iaYZqbd.exe
  2⤵
  PID:5624
- C:\Windows\System\DLXkuCh.exe
  C:\Windows\System\DLXkuCh.exe
  2⤵
  PID:5644
- C:\Windows\System\wEpwVZY.exe
  C:\Windows\System\wEpwVZY.exe
  2⤵
  PID:5668
- C:\Windows\System\yVkvMlJ.exe
  C:\Windows\System\yVkvMlJ.exe
  2⤵
  PID:5692
- C:\Windows\System\TaBUtKM.exe
  C:\Windows\System\TaBUtKM.exe
  2⤵
  PID:5712
- C:\Windows\System\IzTJvsn.exe
  C:\Windows\System\IzTJvsn.exe
  2⤵
  PID:5732
- C:\Windows\System\faFFTYz.exe
  C:\Windows\System\faFFTYz.exe
  2⤵
  PID:5752
- C:\Windows\System\vYYwptr.exe
  C:\Windows\System\vYYwptr.exe
  2⤵
  PID:5768
- C:\Windows\System\NqirHvb.exe
  C:\Windows\System\NqirHvb.exe
  2⤵
  PID:5788
- C:\Windows\System\TZqxwHS.exe
  C:\Windows\System\TZqxwHS.exe
  2⤵
  PID:5808
- C:\Windows\System\HrKFBMO.exe
  C:\Windows\System\HrKFBMO.exe
  2⤵
  PID:5832
- C:\Windows\System\NxMeNik.exe
  C:\Windows\System\NxMeNik.exe
  2⤵
  PID:5856
- C:\Windows\System\XPXDnWP.exe
  C:\Windows\System\XPXDnWP.exe
  2⤵
  PID:5872
- C:\Windows\System\hOgaint.exe
  C:\Windows\System\hOgaint.exe
  2⤵
  PID:5896
- C:\Windows\System\yvdqwYf.exe
  C:\Windows\System\yvdqwYf.exe
  2⤵
  PID:5916
- C:\Windows\System\PrERHIt.exe
  C:\Windows\System\PrERHIt.exe
  2⤵
  PID:5936
- C:\Windows\System\bpXfCrw.exe
  C:\Windows\System\bpXfCrw.exe
  2⤵
  PID:5956
- C:\Windows\System\sJaaepB.exe
  C:\Windows\System\sJaaepB.exe
  2⤵
  PID:5976
- C:\Windows\System\soOeUkO.exe
  C:\Windows\System\soOeUkO.exe
  2⤵
  PID:5996
- C:\Windows\System\rmcqRuk.exe
  C:\Windows\System\rmcqRuk.exe
  2⤵
  PID:6016
- C:\Windows\System\cuVjhMx.exe
  C:\Windows\System\cuVjhMx.exe
  2⤵
  PID:6036
- C:\Windows\System\PgaEFPG.exe
  C:\Windows\System\PgaEFPG.exe
  2⤵
  PID:6052
- C:\Windows\System\vzPmbAM.exe
  C:\Windows\System\vzPmbAM.exe
  2⤵
  PID:6072
- C:\Windows\System\klOMMao.exe
  C:\Windows\System\klOMMao.exe
  2⤵
  PID:6096
- C:\Windows\System\lGqDNeL.exe
  C:\Windows\System\lGqDNeL.exe
  2⤵
  PID:6120
- C:\Windows\System\ZdorCaF.exe
  C:\Windows\System\ZdorCaF.exe
  2⤵
  PID:6140
- C:\Windows\System\wYxUdYn.exe
  C:\Windows\System\wYxUdYn.exe
  2⤵
  PID:3988
- C:\Windows\System\MGpKIwW.exe
  C:\Windows\System\MGpKIwW.exe
  2⤵
  PID:4212
- C:\Windows\System\QBqYsJW.exe
  C:\Windows\System\QBqYsJW.exe
  2⤵
  PID:4572
- C:\Windows\System\HAbAQPz.exe
  C:\Windows\System\HAbAQPz.exe
  2⤵
  PID:4368
- C:\Windows\System\uvtGUli.exe
  C:\Windows\System\uvtGUli.exe
  2⤵
  PID:4448
- C:\Windows\System\ECVdwEx.exe
  C:\Windows\System\ECVdwEx.exe
  2⤵
  PID:2776
- C:\Windows\System\GByXnLs.exe
  C:\Windows\System\GByXnLs.exe
  2⤵
  PID:4528
- C:\Windows\System\lEDqarH.exe
  C:\Windows\System\lEDqarH.exe
  2⤵
  PID:4872
- C:\Windows\System\MtzQgDS.exe
  C:\Windows\System\MtzQgDS.exe
  2⤵
  PID:5008
- C:\Windows\System\qeIoRAz.exe
  C:\Windows\System\qeIoRAz.exe
  2⤵
  PID:5084
- C:\Windows\System\ZdFqGcR.exe
  C:\Windows\System\ZdFqGcR.exe
  2⤵
  PID:5048
- C:\Windows\System\SfEIYxr.exe
  C:\Windows\System\SfEIYxr.exe
  2⤵
  PID:5104
- C:\Windows\System\KejbpkZ.exe
  C:\Windows\System\KejbpkZ.exe
  2⤵
  PID:3572
- C:\Windows\System\DapOcrZ.exe
  C:\Windows\System\DapOcrZ.exe
  2⤵
  PID:5128
- C:\Windows\System\cDKSAkz.exe
  C:\Windows\System\cDKSAkz.exe
  2⤵
  PID:5244
- C:\Windows\System\pljtUDq.exe
  C:\Windows\System\pljtUDq.exe
  2⤵
  PID:5216
- C:\Windows\System\XIdRDgd.exe
  C:\Windows\System\XIdRDgd.exe
  2⤵
  PID:5196
- C:\Windows\System\SNdvLVm.exe
  C:\Windows\System\SNdvLVm.exe
  2⤵
  PID:5260
- C:\Windows\System\ZlxdCuz.exe
  C:\Windows\System\ZlxdCuz.exe
  2⤵
  PID:5280
- C:\Windows\System\HhusJpX.exe
  C:\Windows\System\HhusJpX.exe
  2⤵
  PID:5336
- C:\Windows\System\ESjTuXX.exe
  C:\Windows\System\ESjTuXX.exe
  2⤵
  PID:5372
- C:\Windows\System\wOGGaNI.exe
  C:\Windows\System\wOGGaNI.exe
  2⤵
  PID:5356
- C:\Windows\System\qOYClIo.exe
  C:\Windows\System\qOYClIo.exe
  2⤵
  PID:5452
- C:\Windows\System\ErEvyEg.exe
  C:\Windows\System\ErEvyEg.exe
  2⤵
  PID:5460
- C:\Windows\System\vZemEqu.exe
  C:\Windows\System\vZemEqu.exe
  2⤵
  PID:5472
- C:\Windows\System\KbfFjua.exe
  C:\Windows\System\KbfFjua.exe
  2⤵
  PID:5516
- C:\Windows\System\hVClbDk.exe
  C:\Windows\System\hVClbDk.exe
  2⤵
  PID:5572
- C:\Windows\System\QOAAXXQ.exe
  C:\Windows\System\QOAAXXQ.exe
  2⤵
  PID:5560
- C:\Windows\System\slfZdTJ.exe
  C:\Windows\System\slfZdTJ.exe
  2⤵
  PID:5620
- C:\Windows\System\Grbuase.exe
  C:\Windows\System\Grbuase.exe
  2⤵
  PID:5640
- C:\Windows\System\UhqJotE.exe
  C:\Windows\System\UhqJotE.exe
  2⤵
  PID:5632
- C:\Windows\System\fLBoZdv.exe
  C:\Windows\System\fLBoZdv.exe
  2⤵
  PID:5740
- C:\Windows\System\bLNJUCe.exe
  C:\Windows\System\bLNJUCe.exe
  2⤵
  PID:5776
- C:\Windows\System\xmkFaNZ.exe
  C:\Windows\System\xmkFaNZ.exe
  2⤵
  PID:5816
- C:\Windows\System\PPkSjGW.exe
  C:\Windows\System\PPkSjGW.exe
  2⤵
  PID:5828
- C:\Windows\System\EUIORXM.exe
  C:\Windows\System\EUIORXM.exe
  2⤵
  PID:5840
- C:\Windows\System\cDfDUzX.exe
  C:\Windows\System\cDfDUzX.exe
  2⤵
  PID:5880
- C:\Windows\System\TTnZEQU.exe
  C:\Windows\System\TTnZEQU.exe
  2⤵
  PID:5924
- C:\Windows\System\mengAtd.exe
  C:\Windows\System\mengAtd.exe
  2⤵
  PID:5984
- C:\Windows\System\JxGUrSb.exe
  C:\Windows\System\JxGUrSb.exe
  2⤵
  PID:5968
- C:\Windows\System\shsHMBL.exe
  C:\Windows\System\shsHMBL.exe
  2⤵
  PID:6012
- C:\Windows\System\VUTKBuR.exe
  C:\Windows\System\VUTKBuR.exe
  2⤵
  PID:6068
- C:\Windows\System\psFYlCu.exe
  C:\Windows\System\psFYlCu.exe
  2⤵
  PID:6116
- C:\Windows\System\ghCYduB.exe
  C:\Windows\System\ghCYduB.exe
  2⤵
  PID:6088
- C:\Windows\System\JFlIzaJ.exe
  C:\Windows\System\JFlIzaJ.exe
  2⤵
  PID:6132
- C:\Windows\System\nInYjvM.exe
  C:\Windows\System\nInYjvM.exe
  2⤵
  PID:4328
- C:\Windows\System\UZDZiWp.exe
  C:\Windows\System\UZDZiWp.exe
  2⤵
  PID:4384
- C:\Windows\System\OIxJJUV.exe
  C:\Windows\System\OIxJJUV.exe
  2⤵
  PID:4680
- C:\Windows\System\ffcRxTt.exe
  C:\Windows\System\ffcRxTt.exe
  2⤵
  PID:4744
- C:\Windows\System\aczmeME.exe
  C:\Windows\System\aczmeME.exe
  2⤵
  PID:4888
- C:\Windows\System\qMIxims.exe
  C:\Windows\System\qMIxims.exe
  2⤵
  PID:4920
- C:\Windows\System\HjpawRC.exe
  C:\Windows\System\HjpawRC.exe
  2⤵
  PID:3220
- C:\Windows\System\RStGTDs.exe
  C:\Windows\System\RStGTDs.exe
  2⤵
  PID:5136
- C:\Windows\System\qqCuXeN.exe
  C:\Windows\System\qqCuXeN.exe
  2⤵
  PID:5176
- C:\Windows\System\fIfFdvX.exe
  C:\Windows\System\fIfFdvX.exe
  2⤵
  PID:5208
- C:\Windows\System\WXiuEDJ.exe
  C:\Windows\System\WXiuEDJ.exe
  2⤵
  PID:5312
- C:\Windows\System\hmqnnbi.exe
  C:\Windows\System\hmqnnbi.exe
  2⤵
  PID:5328
- C:\Windows\System\hTEseEN.exe
  C:\Windows\System\hTEseEN.exe
  2⤵
  PID:5412
- C:\Windows\System\KpNpCbV.exe
  C:\Windows\System\KpNpCbV.exe
  2⤵
  PID:5504
- C:\Windows\System\jeRrSvF.exe
  C:\Windows\System\jeRrSvF.exe
  2⤵
  PID:5520
- C:\Windows\System\HbmjxlN.exe
  C:\Windows\System\HbmjxlN.exe
  2⤵
  PID:5596
- C:\Windows\System\ZLniHkf.exe
  C:\Windows\System\ZLniHkf.exe
  2⤵
  PID:5580
- C:\Windows\System\JOxWKLM.exe
  C:\Windows\System\JOxWKLM.exe
  2⤵
  PID:5664
- C:\Windows\System\HGXPSQR.exe
  C:\Windows\System\HGXPSQR.exe
  2⤵
  PID:5720
- C:\Windows\System\rwYdQKV.exe
  C:\Windows\System\rwYdQKV.exe
  2⤵
  PID:5800
- C:\Windows\System\QoaBORY.exe
  C:\Windows\System\QoaBORY.exe
  2⤵
  PID:5848
- C:\Windows\System\UAOQtVV.exe
  C:\Windows\System\UAOQtVV.exe
  2⤵
  PID:5944
- C:\Windows\System\rBgnULT.exe
  C:\Windows\System\rBgnULT.exe
  2⤵
  PID:5928
- C:\Windows\System\eLnPVTa.exe
  C:\Windows\System\eLnPVTa.exe
  2⤵
  PID:5952
- C:\Windows\System\FASdiLx.exe
  C:\Windows\System\FASdiLx.exe
  2⤵
  PID:5964
- C:\Windows\System\BFBrpvH.exe
  C:\Windows\System\BFBrpvH.exe
  2⤵
  PID:6080
- C:\Windows\System\mQXvrFX.exe
  C:\Windows\System\mQXvrFX.exe
  2⤵
  PID:6084
- C:\Windows\System\OqaQNPW.exe
  C:\Windows\System\OqaQNPW.exe
  2⤵
  PID:4432
- C:\Windows\System\SDaOMti.exe
  C:\Windows\System\SDaOMti.exe
  2⤵
  PID:5052
- C:\Windows\System\QvEPENs.exe
  C:\Windows\System\QvEPENs.exe
  2⤵
  PID:4236
- C:\Windows\System\GUNdSeI.exe
  C:\Windows\System\GUNdSeI.exe
  2⤵
  PID:5908
- C:\Windows\System\iWTcwEQ.exe
  C:\Windows\System\iWTcwEQ.exe
  2⤵
  PID:4816
- C:\Windows\System\jgOgXAY.exe
  C:\Windows\System\jgOgXAY.exe
  2⤵
  PID:640
- C:\Windows\System\nSpIpyx.exe
  C:\Windows\System\nSpIpyx.exe
  2⤵
  PID:5272
- C:\Windows\System\IisZPIt.exe
  C:\Windows\System\IisZPIt.exe
  2⤵
  PID:5212
- C:\Windows\System\GaBIbay.exe
  C:\Windows\System\GaBIbay.exe
  2⤵
  PID:5456
- C:\Windows\System\Jhlnnpg.exe
  C:\Windows\System\Jhlnnpg.exe
  2⤵
  PID:5544
- C:\Windows\System\jxhyHii.exe
  C:\Windows\System\jxhyHii.exe
  2⤵
  PID:5536
- C:\Windows\System\GiIIyMB.exe
  C:\Windows\System\GiIIyMB.exe
  2⤵
  PID:5660
- C:\Windows\System\XEuKamt.exe
  C:\Windows\System\XEuKamt.exe
  2⤵
  PID:5584
- C:\Windows\System\xFgkcgR.exe
  C:\Windows\System\xFgkcgR.exe
  2⤵
  PID:1688
- C:\Windows\System\lyNqPlA.exe
  C:\Windows\System\lyNqPlA.exe
  2⤵
  PID:5760
- C:\Windows\System\QmtcPUr.exe
  C:\Windows\System\QmtcPUr.exe
  2⤵
  PID:5820
- C:\Windows\System\hQNoVmv.exe
  C:\Windows\System\hQNoVmv.exe
  2⤵
  PID:6064
- C:\Windows\System\pDZbSYm.exe
  C:\Windows\System\pDZbSYm.exe
  2⤵
  PID:5864
- C:\Windows\System\nsScNXg.exe
  C:\Windows\System\nsScNXg.exe
  2⤵
  PID:4128
- C:\Windows\System\PyleAaq.exe
  C:\Windows\System\PyleAaq.exe
  2⤵
  PID:4144
- C:\Windows\System\CSonrvH.exe
  C:\Windows\System\CSonrvH.exe
  2⤵
  PID:4960
- C:\Windows\System\WzqrOSQ.exe
  C:\Windows\System\WzqrOSQ.exe
  2⤵
  PID:4372
- C:\Windows\System\YYccuCV.exe
  C:\Windows\System\YYccuCV.exe
  2⤵
  PID:2768
- C:\Windows\System\iPXXnXj.exe
  C:\Windows\System\iPXXnXj.exe
  2⤵
  PID:3044
- C:\Windows\System\FBFEjsA.exe
  C:\Windows\System\FBFEjsA.exe
  2⤵
  PID:5684
- C:\Windows\System\RRtqLvh.exe
  C:\Windows\System\RRtqLvh.exe
  2⤵
  PID:6156
- C:\Windows\System\qIGhsyQ.exe
  C:\Windows\System\qIGhsyQ.exe
  2⤵
  PID:6180
- C:\Windows\System\utpuQbV.exe
  C:\Windows\System\utpuQbV.exe
  2⤵
  PID:6204
- C:\Windows\System\wikvyln.exe
  C:\Windows\System\wikvyln.exe
  2⤵
  PID:6224
- C:\Windows\System\NdBmQFJ.exe
  C:\Windows\System\NdBmQFJ.exe
  2⤵
  PID:6244
- C:\Windows\System\fvYVVaR.exe
  C:\Windows\System\fvYVVaR.exe
  2⤵
  PID:6264
- C:\Windows\System\AKCAfqa.exe
  C:\Windows\System\AKCAfqa.exe
  2⤵
  PID:6284
- C:\Windows\System\QiqETnX.exe
  C:\Windows\System\QiqETnX.exe
  2⤵
  PID:6300
- C:\Windows\System\JYQYtnM.exe
  C:\Windows\System\JYQYtnM.exe
  2⤵
  PID:6324
- C:\Windows\System\FGMWODW.exe
  C:\Windows\System\FGMWODW.exe
  2⤵
  PID:6344
- C:\Windows\System\ADRTsxZ.exe
  C:\Windows\System\ADRTsxZ.exe
  2⤵
  PID:6360
- C:\Windows\System\nGHfVft.exe
  C:\Windows\System\nGHfVft.exe
  2⤵
  PID:6380
- C:\Windows\System\CMRyKXS.exe
  C:\Windows\System\CMRyKXS.exe
  2⤵
  PID:6400
- C:\Windows\System\PCtqoYP.exe
  C:\Windows\System\PCtqoYP.exe
  2⤵
  PID:6424
- C:\Windows\System\eQBRRaD.exe
  C:\Windows\System\eQBRRaD.exe
  2⤵
  PID:6444
- C:\Windows\System\lXSTyJx.exe
  C:\Windows\System\lXSTyJx.exe
  2⤵
  PID:6464
- C:\Windows\System\zIjUpCw.exe
  C:\Windows\System\zIjUpCw.exe
  2⤵
  PID:6484
- C:\Windows\System\AimEzhO.exe
  C:\Windows\System\AimEzhO.exe
  2⤵
  PID:6504
- C:\Windows\System\MxmvLpg.exe
  C:\Windows\System\MxmvLpg.exe
  2⤵
  PID:6524
- C:\Windows\System\oXutwiR.exe
  C:\Windows\System\oXutwiR.exe
  2⤵
  PID:6544
- C:\Windows\System\whJQLmT.exe
  C:\Windows\System\whJQLmT.exe
  2⤵
  PID:6564
- C:\Windows\System\MRpLCbl.exe
  C:\Windows\System\MRpLCbl.exe
  2⤵
  PID:6588
- C:\Windows\System\JfkxhVt.exe
  C:\Windows\System\JfkxhVt.exe
  2⤵
  PID:6608
- C:\Windows\System\whJpvYo.exe
  C:\Windows\System\whJpvYo.exe
  2⤵
  PID:6628
- C:\Windows\System\YeBVWmR.exe
  C:\Windows\System\YeBVWmR.exe
  2⤵
  PID:6648
- C:\Windows\System\WwNUega.exe
  C:\Windows\System\WwNUega.exe
  2⤵
  PID:6664
- C:\Windows\System\pxAHNtp.exe
  C:\Windows\System\pxAHNtp.exe
  2⤵
  PID:6684
- C:\Windows\System\vazIqXZ.exe
  C:\Windows\System\vazIqXZ.exe
  2⤵
  PID:6708
- C:\Windows\System\JZPmfNY.exe
  C:\Windows\System\JZPmfNY.exe
  2⤵
  PID:6728
- C:\Windows\System\mMOQJVJ.exe
  C:\Windows\System\mMOQJVJ.exe
  2⤵
  PID:6748
- C:\Windows\System\HCHRiaU.exe
  C:\Windows\System\HCHRiaU.exe
  2⤵
  PID:6768
- C:\Windows\System\sQNrcbC.exe
  C:\Windows\System\sQNrcbC.exe
  2⤵
  PID:6788
- C:\Windows\System\qAojCRh.exe
  C:\Windows\System\qAojCRh.exe
  2⤵
  PID:6808
- C:\Windows\System\KnRJmUe.exe
  C:\Windows\System\KnRJmUe.exe
  2⤵
  PID:6828
- C:\Windows\System\VmEgNcB.exe
  C:\Windows\System\VmEgNcB.exe
  2⤵
  PID:6848
- C:\Windows\System\LNDOMxW.exe
  C:\Windows\System\LNDOMxW.exe
  2⤵
  PID:6868
- C:\Windows\System\QuTjExq.exe
  C:\Windows\System\QuTjExq.exe
  2⤵
  PID:6888
- C:\Windows\System\QILWJbF.exe
  C:\Windows\System\QILWJbF.exe
  2⤵
  PID:6908
- C:\Windows\System\zBQguPn.exe
  C:\Windows\System\zBQguPn.exe
  2⤵
  PID:6924
- C:\Windows\System\LXImSSX.exe
  C:\Windows\System\LXImSSX.exe
  2⤵
  PID:6948
- C:\Windows\System\artkFOW.exe
  C:\Windows\System\artkFOW.exe
  2⤵
  PID:6968
- C:\Windows\System\NtDJrwx.exe
  C:\Windows\System\NtDJrwx.exe
  2⤵
  PID:6988
- C:\Windows\System\BsavegH.exe
  C:\Windows\System\BsavegH.exe
  2⤵
  PID:7004
- C:\Windows\System\bEGsBUz.exe
  C:\Windows\System\bEGsBUz.exe
  2⤵
  PID:7024
- C:\Windows\System\xaKwCbx.exe
  C:\Windows\System\xaKwCbx.exe
  2⤵
  PID:7048
- C:\Windows\System\XiGRkxv.exe
  C:\Windows\System\XiGRkxv.exe
  2⤵
  PID:7072
- C:\Windows\System\UinkERv.exe
  C:\Windows\System\UinkERv.exe
  2⤵
  PID:7092
- C:\Windows\System\cwYwArp.exe
  C:\Windows\System\cwYwArp.exe
  2⤵
  PID:7108
- C:\Windows\System\FuaLiBp.exe
  C:\Windows\System\FuaLiBp.exe
  2⤵
  PID:7132
- C:\Windows\System\dcQjTzk.exe
  C:\Windows\System\dcQjTzk.exe
  2⤵
  PID:7152
- C:\Windows\System\NsZmHJU.exe
  C:\Windows\System\NsZmHJU.exe
  2⤵
  PID:5604
- C:\Windows\System\zIGBVFp.exe
  C:\Windows\System\zIGBVFp.exe
  2⤵
  PID:5784
- C:\Windows\System\sPeqPNU.exe
  C:\Windows\System\sPeqPNU.exe
  2⤵
  PID:6104
- C:\Windows\System\wpUZLnA.exe
  C:\Windows\System\wpUZLnA.exe
  2⤵
  PID:5688
- C:\Windows\System\hvzxfYZ.exe
  C:\Windows\System\hvzxfYZ.exe
  2⤵
  PID:4364
- C:\Windows\System\ByEiPJJ.exe
  C:\Windows\System\ByEiPJJ.exe
  2⤵
  PID:3928
- C:\Windows\System\cNhjCSW.exe
  C:\Windows\System\cNhjCSW.exe
  2⤵
  PID:5248
- C:\Windows\System\NHKjcuG.exe
  C:\Windows\System\NHKjcuG.exe
  2⤵
  PID:4108
- C:\Windows\System\kfqYHvx.exe
  C:\Windows\System\kfqYHvx.exe
  2⤵
  PID:5436
- C:\Windows\System\xKWVPOy.exe
  C:\Windows\System\xKWVPOy.exe
  2⤵
  PID:6172
- C:\Windows\System\dzQlmKT.exe
  C:\Windows\System\dzQlmKT.exe
  2⤵
  PID:6152
- C:\Windows\System\FFTVHYq.exe
  C:\Windows\System\FFTVHYq.exe
  2⤵
  PID:6192
- C:\Windows\System\tdXBzGa.exe
  C:\Windows\System\tdXBzGa.exe
  2⤵
  PID:6236
- C:\Windows\System\xKRNHLb.exe
  C:\Windows\System\xKRNHLb.exe
  2⤵
  PID:6276
- C:\Windows\System\ATwyOGE.exe
  C:\Windows\System\ATwyOGE.exe
  2⤵
  PID:6312
- C:\Windows\System\wKvResk.exe
  C:\Windows\System\wKvResk.exe
  2⤵
  PID:6372
- C:\Windows\System\yBATjCo.exe
  C:\Windows\System\yBATjCo.exe
  2⤵
  PID:6396
- C:\Windows\System\lHHmWbn.exe
  C:\Windows\System\lHHmWbn.exe
  2⤵
  PID:6392
- C:\Windows\System\KTZAcok.exe
  C:\Windows\System\KTZAcok.exe
  2⤵
  PID:6456
- C:\Windows\System\kfCOMMB.exe
  C:\Windows\System\kfCOMMB.exe
  2⤵
  PID:6500
- C:\Windows\System\TVsGuzL.exe
  C:\Windows\System\TVsGuzL.exe
  2⤵
  PID:1292
- C:\Windows\System\CHwarOl.exe
  C:\Windows\System\CHwarOl.exe
  2⤵
  PID:6516
- C:\Windows\System\qLeSncX.exe
  C:\Windows\System\qLeSncX.exe
  2⤵
  PID:6560
- C:\Windows\System\QAHBnzY.exe
  C:\Windows\System\QAHBnzY.exe
  2⤵
  PID:6624
- C:\Windows\System\CSbsIfu.exe
  C:\Windows\System\CSbsIfu.exe
  2⤵
  PID:6580
- C:\Windows\System\VxCAFVS.exe
  C:\Windows\System\VxCAFVS.exe
  2⤵
  PID:6700
- C:\Windows\System\ToLUiSK.exe
  C:\Windows\System\ToLUiSK.exe
  2⤵
  PID:2068
- C:\Windows\System\TxcPMno.exe
  C:\Windows\System\TxcPMno.exe
  2⤵
  PID:6716
- C:\Windows\System\DLrTDPZ.exe
  C:\Windows\System\DLrTDPZ.exe
  2⤵
  PID:6784
- C:\Windows\System\ObwaDtf.exe
  C:\Windows\System\ObwaDtf.exe
  2⤵
  PID:6820
- C:\Windows\System\lXiRTRT.exe
  C:\Windows\System\lXiRTRT.exe
  2⤵
  PID:2320
- C:\Windows\System\tvzwUtS.exe
  C:\Windows\System\tvzwUtS.exe
  2⤵
  PID:6836
- C:\Windows\System\kPPxibg.exe
  C:\Windows\System\kPPxibg.exe
  2⤵
  PID:6900
- C:\Windows\System\UHFKMBK.exe
  C:\Windows\System\UHFKMBK.exe
  2⤵
  PID:6976
- C:\Windows\System\NEGbYpP.exe
  C:\Windows\System\NEGbYpP.exe
  2⤵
  PID:3040
- C:\Windows\System\lcpLWzX.exe
  C:\Windows\System\lcpLWzX.exe
  2⤵
  PID:6960
- C:\Windows\System\hGDgRXl.exe
  C:\Windows\System\hGDgRXl.exe
  2⤵
  PID:6996
- C:\Windows\System\ynkIzHf.exe
  C:\Windows\System\ynkIzHf.exe
  2⤵
  PID:7032
- C:\Windows\System\IrLdkkN.exe
  C:\Windows\System\IrLdkkN.exe
  2⤵
  PID:7080
- C:\Windows\System\dENowUx.exe
  C:\Windows\System\dENowUx.exe
  2⤵
  PID:7084
- C:\Windows\System\dUaZbub.exe
  C:\Windows\System\dUaZbub.exe
  2⤵
  PID:7124
- C:\Windows\System\wHebtlW.exe
  C:\Windows\System\wHebtlW.exe
  2⤵
  PID:5764
- C:\Windows\System\rnTzrwq.exe
  C:\Windows\System\rnTzrwq.exe
  2⤵
  PID:7164
- C:\Windows\System\DLUFrzi.exe
  C:\Windows\System\DLUFrzi.exe
  2⤵
  PID:2744
- C:\Windows\System\mLWnMRL.exe
  C:\Windows\System\mLWnMRL.exe
  2⤵
  PID:4436
- C:\Windows\System\cozydpg.exe
  C:\Windows\System\cozydpg.exe
  2⤵
  PID:6136
- C:\Windows\System\ECLFJBG.exe
  C:\Windows\System\ECLFJBG.exe
  2⤵
  PID:6200
- C:\Windows\System\kTYgIVB.exe
  C:\Windows\System\kTYgIVB.exe
  2⤵
  PID:4660
- C:\Windows\System\mrHBHcx.exe
  C:\Windows\System\mrHBHcx.exe
  2⤵
  PID:6336
- C:\Windows\System\MpVVefp.exe
  C:\Windows\System\MpVVefp.exe
  2⤵
  PID:6308
- C:\Windows\System\ScQJXBh.exe
  C:\Windows\System\ScQJXBh.exe
  2⤵
  PID:6436
- C:\Windows\System\DhedzPP.exe
  C:\Windows\System\DhedzPP.exe
  2⤵
  PID:6356
- C:\Windows\System\chflwFz.exe
  C:\Windows\System\chflwFz.exe
  2⤵
  PID:6576
- C:\Windows\System\iZewsfl.exe
  C:\Windows\System\iZewsfl.exe
  2⤵
  PID:6476
- C:\Windows\System\bQeptDx.exe
  C:\Windows\System\bQeptDx.exe
  2⤵
  PID:6644
- C:\Windows\System\uDGIeND.exe
  C:\Windows\System\uDGIeND.exe
  2⤵
  PID:6656
- C:\Windows\System\WBqfKZL.exe
  C:\Windows\System\WBqfKZL.exe
  2⤵
  PID:6680
- C:\Windows\System\QxuXNfF.exe
  C:\Windows\System\QxuXNfF.exe
  2⤵
  PID:6896
- C:\Windows\System\eAaRaEQ.exe
  C:\Windows\System\eAaRaEQ.exe
  2⤵
  PID:6944
- C:\Windows\System\rgYRVTU.exe
  C:\Windows\System\rgYRVTU.exe
  2⤵
  PID:2992
- C:\Windows\System\VEESLbl.exe
  C:\Windows\System\VEESLbl.exe
  2⤵
  PID:6696
- C:\Windows\System\keIZSKq.exe
  C:\Windows\System\keIZSKq.exe
  2⤵
  PID:6776
- C:\Windows\System\diyOYGK.exe
  C:\Windows\System\diyOYGK.exe
  2⤵
  PID:4516
- C:\Windows\System\drLqRbL.exe
  C:\Windows\System\drLqRbL.exe
  2⤵
  PID:6760
- C:\Windows\System\xyptYgd.exe
  C:\Windows\System\xyptYgd.exe
  2⤵
  PID:6272
- C:\Windows\System\nHUmism.exe
  C:\Windows\System\nHUmism.exe
  2⤵
  PID:6260
- C:\Windows\System\CKcqqpZ.exe
  C:\Windows\System\CKcqqpZ.exe
  2⤵
  PID:6584
- C:\Windows\System\sBoXOts.exe
  C:\Windows\System\sBoXOts.exe
  2⤵
  PID:7100
- C:\Windows\System\HDcFGsm.exe
  C:\Windows\System\HDcFGsm.exe
  2⤵
  PID:1100
- C:\Windows\System\QQDGptZ.exe
  C:\Windows\System\QQDGptZ.exe
  2⤵
  PID:6252
- C:\Windows\System\shHfOcS.exe
  C:\Windows\System\shHfOcS.exe
  2⤵
  PID:5708
- C:\Windows\System\NWqsQGm.exe
  C:\Windows\System\NWqsQGm.exe
  2⤵
  PID:2536
- C:\Windows\System\wEqIGKx.exe
  C:\Windows\System\wEqIGKx.exe
  2⤵
  PID:6176
- C:\Windows\System\IAFiVeI.exe
  C:\Windows\System\IAFiVeI.exe
  2⤵
  PID:2976
- C:\Windows\System\aLWofHY.exe
  C:\Windows\System\aLWofHY.exe
  2⤵
  PID:6280
- C:\Windows\System\joYuKuS.exe
  C:\Windows\System\joYuKuS.exe
  2⤵
  PID:6008
- C:\Windows\System\NGMyXcw.exe
  C:\Windows\System\NGMyXcw.exe
  2⤵
  PID:6936
- C:\Windows\System\AlIrEUs.exe
  C:\Windows\System\AlIrEUs.exe
  2⤵
  PID:6460
- C:\Windows\System\RmJtYAT.exe
  C:\Windows\System\RmJtYAT.exe
  2⤵
  PID:6800
- C:\Windows\System\tLEqxod.exe
  C:\Windows\System\tLEqxod.exe
  2⤵
  PID:7184
- C:\Windows\System\IGYejzg.exe
  C:\Windows\System\IGYejzg.exe
  2⤵
  PID:7200
- C:\Windows\System\nuoIqVO.exe
  C:\Windows\System\nuoIqVO.exe
  2⤵
  PID:7220
- C:\Windows\System\ytObFcg.exe
  C:\Windows\System\ytObFcg.exe
  2⤵
  PID:7244
- C:\Windows\System\KJaOWqJ.exe
  C:\Windows\System\KJaOWqJ.exe
  2⤵
  PID:7264
- C:\Windows\System\zawIwbt.exe
  C:\Windows\System\zawIwbt.exe
  2⤵
  PID:7288
- C:\Windows\System\jYZBXYo.exe
  C:\Windows\System\jYZBXYo.exe
  2⤵
  PID:7308
- C:\Windows\System\LIeScqy.exe
  C:\Windows\System\LIeScqy.exe
  2⤵
  PID:7324
- C:\Windows\System\iHpclxz.exe
  C:\Windows\System\iHpclxz.exe
  2⤵
  PID:7340
- C:\Windows\System\eVNGovh.exe
  C:\Windows\System\eVNGovh.exe
  2⤵
  PID:7368
- C:\Windows\System\RHXphjm.exe
  C:\Windows\System\RHXphjm.exe
  2⤵
  PID:7388
- C:\Windows\System\PFhnKaH.exe
  C:\Windows\System\PFhnKaH.exe
  2⤵
  PID:7412
- C:\Windows\System\kHqebWO.exe
  C:\Windows\System\kHqebWO.exe
  2⤵
  PID:7432
- C:\Windows\System\oUnJYxn.exe
  C:\Windows\System\oUnJYxn.exe
  2⤵
  PID:7448
- C:\Windows\System\SPdWFXi.exe
  C:\Windows\System\SPdWFXi.exe
  2⤵
  PID:7468
- C:\Windows\System\YImykXW.exe
  C:\Windows\System\YImykXW.exe
  2⤵
  PID:7484
- C:\Windows\System\gpYBZws.exe
  C:\Windows\System\gpYBZws.exe
  2⤵
  PID:7504
- C:\Windows\System\ahvJaQW.exe
  C:\Windows\System\ahvJaQW.exe
  2⤵
  PID:7524
- C:\Windows\System\xcezrge.exe
  C:\Windows\System\xcezrge.exe
  2⤵
  PID:7540
- C:\Windows\System\gzsEZxZ.exe
  C:\Windows\System\gzsEZxZ.exe
  2⤵
  PID:7560
- C:\Windows\System\DSqrsfM.exe
  C:\Windows\System\DSqrsfM.exe
  2⤵
  PID:7580
- C:\Windows\System\pmsJDCc.exe
  C:\Windows\System\pmsJDCc.exe
  2⤵
  PID:7608
- C:\Windows\System\OpKgrFI.exe
  C:\Windows\System\OpKgrFI.exe
  2⤵
  PID:7640
- C:\Windows\System\wvghFqR.exe
  C:\Windows\System\wvghFqR.exe
  2⤵
  PID:7688
- C:\Windows\System\GThBmRe.exe
  C:\Windows\System\GThBmRe.exe
  2⤵
  PID:7708
- C:\Windows\System\UfUXfQH.exe
  C:\Windows\System\UfUXfQH.exe
  2⤵
  PID:7728
- C:\Windows\System\VuKmzLN.exe
  C:\Windows\System\VuKmzLN.exe
  2⤵
  PID:7744
- C:\Windows\System\rCXgBRC.exe
  C:\Windows\System\rCXgBRC.exe
  2⤵
  PID:7764
- C:\Windows\System\lRARvwu.exe
  C:\Windows\System\lRARvwu.exe
  2⤵
  PID:7780
- C:\Windows\System\PmSTUAi.exe
  C:\Windows\System\PmSTUAi.exe
  2⤵
  PID:7800
- C:\Windows\System\TAQWyuk.exe
  C:\Windows\System\TAQWyuk.exe
  2⤵
  PID:7824
- C:\Windows\System\DGZpeqL.exe
  C:\Windows\System\DGZpeqL.exe
  2⤵
  PID:7848
- C:\Windows\System\cXbXLIZ.exe
  C:\Windows\System\cXbXLIZ.exe
  2⤵
  PID:7864
- C:\Windows\System\CMugdye.exe
  C:\Windows\System\CMugdye.exe
  2⤵
  PID:7892
- C:\Windows\System\irkemZo.exe
  C:\Windows\System\irkemZo.exe
  2⤵
  PID:7916
- C:\Windows\System\XCMNzfm.exe
  C:\Windows\System\XCMNzfm.exe
  2⤵
  PID:7932
- C:\Windows\System\bAWuQzY.exe
  C:\Windows\System\bAWuQzY.exe
  2⤵
  PID:7956
- C:\Windows\System\mfPYZUG.exe
  C:\Windows\System\mfPYZUG.exe
  2⤵
  PID:7972
- C:\Windows\System\kSvwHKq.exe
  C:\Windows\System\kSvwHKq.exe
  2⤵
  PID:7988
- C:\Windows\System\tANdbQT.exe
  C:\Windows\System\tANdbQT.exe
  2⤵
  PID:8008
- C:\Windows\System\pOsxjgT.exe
  C:\Windows\System\pOsxjgT.exe
  2⤵
  PID:8024
- C:\Windows\System\iGajuYF.exe
  C:\Windows\System\iGajuYF.exe
  2⤵
  PID:8044
- C:\Windows\System\FvAGIHD.exe
  C:\Windows\System\FvAGIHD.exe
  2⤵
  PID:8060
- C:\Windows\System\RuJTWIg.exe
  C:\Windows\System\RuJTWIg.exe
  2⤵
  PID:8080
- C:\Windows\System\AZQMZaN.exe
  C:\Windows\System\AZQMZaN.exe
  2⤵
  PID:8100
- C:\Windows\System\rovsuFr.exe
  C:\Windows\System\rovsuFr.exe
  2⤵
  PID:8116
- C:\Windows\System\vcjAsrk.exe
  C:\Windows\System\vcjAsrk.exe
  2⤵
  PID:8136
- C:\Windows\System\GcKsrSb.exe
  C:\Windows\System\GcKsrSb.exe
  2⤵
  PID:8160
- C:\Windows\System\TDKmiMv.exe
  C:\Windows\System\TDKmiMv.exe
  2⤵
  PID:8180
- C:\Windows\System\RgJZTGn.exe
  C:\Windows\System\RgJZTGn.exe
  2⤵
  PID:6764
- C:\Windows\System\oTcKufG.exe
  C:\Windows\System\oTcKufG.exe
  2⤵
  PID:5992
- C:\Windows\System\mBpzpub.exe
  C:\Windows\System\mBpzpub.exe
  2⤵
  PID:6536
- C:\Windows\System\cfGsgTb.exe
  C:\Windows\System\cfGsgTb.exe
  2⤵
  PID:6904
- C:\Windows\System\FQtwXxr.exe
  C:\Windows\System\FQtwXxr.exe
  2⤵
  PID:6880
- C:\Windows\System\SOdbAsP.exe
  C:\Windows\System\SOdbAsP.exe
  2⤵
  PID:6736
- C:\Windows\System\RYquImx.exe
  C:\Windows\System\RYquImx.exe
  2⤵
  PID:7212
- C:\Windows\System\MmRtcRQ.exe
  C:\Windows\System\MmRtcRQ.exe
  2⤵
  PID:2440
- C:\Windows\System\jcudmPg.exe
  C:\Windows\System\jcudmPg.exe
  2⤵
  PID:6196
- C:\Windows\System\MMqaCyK.exe
  C:\Windows\System\MMqaCyK.exe
  2⤵
  PID:7380
- C:\Windows\System\mPDcAvH.exe
  C:\Windows\System\mPDcAvH.exe
  2⤵
  PID:7088
- C:\Windows\System\tJDCgjm.exe
  C:\Windows\System\tJDCgjm.exe
  2⤵
  PID:7148
- C:\Windows\System\GQrqJjH.exe
  C:\Windows\System\GQrqJjH.exe
  2⤵
  PID:7464
- C:\Windows\System\aTDVVgL.exe
  C:\Windows\System\aTDVVgL.exe
  2⤵
  PID:7532
- C:\Windows\System\ybzXtfm.exe
  C:\Windows\System\ybzXtfm.exe
  2⤵
  PID:1960
- C:\Windows\System\EhhEMyg.exe
  C:\Windows\System\EhhEMyg.exe
  2⤵
  PID:7228
- C:\Windows\System\pojRglO.exe
  C:\Windows\System\pojRglO.exe
  2⤵
  PID:7356
- C:\Windows\System\BHmdfTZ.exe
  C:\Windows\System\BHmdfTZ.exe
  2⤵
  PID:7352
- C:\Windows\System\wrmTPDB.exe
  C:\Windows\System\wrmTPDB.exe
  2⤵
  PID:7616
- C:\Windows\System\MRPtKog.exe
  C:\Windows\System\MRPtKog.exe
  2⤵
  PID:7636
- C:\Windows\System\LVltwwq.exe
  C:\Windows\System\LVltwwq.exe
  2⤵
  PID:7588
- C:\Windows\System\uaKxsxp.exe
  C:\Windows\System\uaKxsxp.exe
  2⤵
  PID:7480
- C:\Windows\System\NrQysfE.exe
  C:\Windows\System\NrQysfE.exe
  2⤵
  PID:7604
- C:\Windows\System\GhfWvGQ.exe
  C:\Windows\System\GhfWvGQ.exe
  2⤵
  PID:2600
- C:\Windows\System\dwLuxBS.exe
  C:\Windows\System\dwLuxBS.exe
  2⤵
  PID:7808
- C:\Windows\System\JXNFStR.exe
  C:\Windows\System\JXNFStR.exe
  2⤵
  PID:2108
- C:\Windows\System\SVaoWpa.exe
  C:\Windows\System\SVaoWpa.exe
  2⤵
  PID:7940
- C:\Windows\System\BihFFxD.exe
  C:\Windows\System\BihFFxD.exe
  2⤵
  PID:7984
- C:\Windows\System\SrMaoSA.exe
  C:\Windows\System\SrMaoSA.exe
  2⤵
  PID:7664
- C:\Windows\System\YPSPbbr.exe
  C:\Windows\System\YPSPbbr.exe
  2⤵
  PID:7676
- C:\Windows\System\HfjmrSR.exe
  C:\Windows\System\HfjmrSR.exe
  2⤵
  PID:7724
- C:\Windows\System\OOcgcYs.exe
  C:\Windows\System\OOcgcYs.exe
  2⤵
  PID:8176
- C:\Windows\System\PjPlfWt.exe
  C:\Windows\System\PjPlfWt.exe
  2⤵
  PID:6368
- C:\Windows\System\GANLEvW.exe
  C:\Windows\System\GANLEvW.exe
  2⤵
  PID:7720
- C:\Windows\System\mqhBvTo.exe
  C:\Windows\System\mqhBvTo.exe
  2⤵
  PID:7760
- C:\Windows\System\WdBexPJ.exe
  C:\Windows\System\WdBexPJ.exe
  2⤵
  PID:7844
- C:\Windows\System\BtLiPAb.exe
  C:\Windows\System\BtLiPAb.exe
  2⤵
  PID:7888
- C:\Windows\System\lowiNhS.exe
  C:\Windows\System\lowiNhS.exe
  2⤵
  PID:7924
- C:\Windows\System\FoGjMpo.exe
  C:\Windows\System\FoGjMpo.exe
  2⤵
  PID:7968
- C:\Windows\System\GCUEYVo.exe
  C:\Windows\System\GCUEYVo.exe
  2⤵
  PID:6956
- C:\Windows\System\eRaWDEo.exe
  C:\Windows\System\eRaWDEo.exe
  2⤵
  PID:6864
- C:\Windows\System\jbAHjZV.exe
  C:\Windows\System\jbAHjZV.exe
  2⤵
  PID:6980
- C:\Windows\System\vwCDOEE.exe
  C:\Windows\System\vwCDOEE.exe
  2⤵
  PID:7428
- C:\Windows\System\vldJnua.exe
  C:\Windows\System\vldJnua.exe
  2⤵
  PID:6164
- C:\Windows\System\wAPXQSQ.exe
  C:\Windows\System\wAPXQSQ.exe
  2⤵
  PID:5380
- C:\Windows\System\oIhcjAB.exe
  C:\Windows\System\oIhcjAB.exe
  2⤵
  PID:7496
- C:\Windows\System\SJoVeXr.exe
  C:\Windows\System\SJoVeXr.exe
  2⤵
  PID:7592
- C:\Windows\System\aGZcPue.exe
  C:\Windows\System\aGZcPue.exe
  2⤵
  PID:7276
- C:\Windows\System\JVVoYqo.exe
  C:\Windows\System\JVVoYqo.exe
  2⤵
  PID:7576
- C:\Windows\System\krJHBQb.exe
  C:\Windows\System\krJHBQb.exe
  2⤵
  PID:7628
- C:\Windows\System\rwwCbzp.exe
  C:\Windows\System\rwwCbzp.exe
  2⤵
  PID:7548
- C:\Windows\System\gRdToHR.exe
  C:\Windows\System\gRdToHR.exe
  2⤵
  PID:2356
- C:\Windows\System\RvJeYmp.exe
  C:\Windows\System\RvJeYmp.exe
  2⤵
  PID:7860
- C:\Windows\System\BokwnDX.exe
  C:\Windows\System\BokwnDX.exe
  2⤵
  PID:1096
- C:\Windows\System\bCqwwGJ.exe
  C:\Windows\System\bCqwwGJ.exe
  2⤵
  PID:8128
- C:\Windows\System\LIuyHpl.exe
  C:\Windows\System\LIuyHpl.exe
  2⤵
  PID:7196
- C:\Windows\System\xflJXBh.exe
  C:\Windows\System\xflJXBh.exe
  2⤵
  PID:7796
- C:\Windows\System\vMTbhjM.exe
  C:\Windows\System\vMTbhjM.exe
  2⤵
  PID:7520
- C:\Windows\System\zVYunpu.exe
  C:\Windows\System\zVYunpu.exe
  2⤵
  PID:2860
- C:\Windows\System\eXiGgJm.exe
  C:\Windows\System\eXiGgJm.exe
  2⤵
  PID:7776
- C:\Windows\System\VmDYKKc.exe
  C:\Windows\System\VmDYKKc.exe
  2⤵
  PID:7020
- C:\Windows\System\hzRPHDk.exe
  C:\Windows\System\hzRPHDk.exe
  2⤵
  PID:8052
- C:\Windows\System\PsJiOXn.exe
  C:\Windows\System\PsJiOXn.exe
  2⤵
  PID:8092
- C:\Windows\System\RHgPJkR.exe
  C:\Windows\System\RHgPJkR.exe
  2⤵
  PID:8032
- C:\Windows\System\bLtiWVj.exe
  C:\Windows\System\bLtiWVj.exe
  2⤵
  PID:1408
- C:\Windows\System\mqBKpjB.exe
  C:\Windows\System\mqBKpjB.exe
  2⤵
  PID:8036
- C:\Windows\System\VZiJqCH.exe
  C:\Windows\System\VZiJqCH.exe
  2⤵
  PID:6860
- C:\Windows\System\pYSAlpi.exe
  C:\Windows\System\pYSAlpi.exe
  2⤵
  PID:7060
- C:\Windows\System\IIpuLtY.exe
  C:\Windows\System\IIpuLtY.exe
  2⤵
  PID:952
- C:\Windows\System\GVjVEsO.exe
  C:\Windows\System\GVjVEsO.exe
  2⤵
  PID:6552
- C:\Windows\System\eMzENhQ.exe
  C:\Windows\System\eMzENhQ.exe
  2⤵
  PID:7964
- C:\Windows\System\txkcJuT.exe
  C:\Windows\System\txkcJuT.exe
  2⤵
  PID:7376
- C:\Windows\System\sVFTGrs.exe
  C:\Windows\System\sVFTGrs.exe
  2⤵
  PID:1532
- C:\Windows\System\cbBtWKj.exe
  C:\Windows\System\cbBtWKj.exe
  2⤵
  PID:6220
- C:\Windows\System\RIcGPhz.exe
  C:\Windows\System\RIcGPhz.exe
  2⤵
  PID:6940
- C:\Windows\System\wQjBott.exe
  C:\Windows\System\wQjBott.exe
  2⤵
  PID:6876
- C:\Windows\System\ndXaNGR.exe
  C:\Windows\System\ndXaNGR.exe
  2⤵
  PID:7948
- C:\Windows\System\XxBRLSD.exe
  C:\Windows\System\XxBRLSD.exe
  2⤵
  PID:1996
- C:\Windows\System\zjPsQtg.exe
  C:\Windows\System\zjPsQtg.exe
  2⤵
  PID:7364
- C:\Windows\System\aDlXUaV.exe
  C:\Windows\System\aDlXUaV.exe
  2⤵
  PID:7772
- C:\Windows\System\NFypdmN.exe
  C:\Windows\System\NFypdmN.exe
  2⤵
  PID:2196
- C:\Windows\System\PyhdYGr.exe
  C:\Windows\System\PyhdYGr.exe
  2⤵
  PID:2072
- C:\Windows\System\YJCoSNM.exe
  C:\Windows\System\YJCoSNM.exe
  2⤵
  PID:7556
- C:\Windows\System\bTjfBbf.exe
  C:\Windows\System\bTjfBbf.exe
  2⤵
  PID:6840
- C:\Windows\System\wGQlygT.exe
  C:\Windows\System\wGQlygT.exe
  2⤵
  PID:3408
- C:\Windows\System\EXfCyDY.exe
  C:\Windows\System\EXfCyDY.exe
  2⤵
  PID:1020
- C:\Windows\System\vIvMOBe.exe
  C:\Windows\System\vIvMOBe.exe
  2⤵
  PID:2252
- C:\Windows\System\ZwFAusH.exe
  C:\Windows\System\ZwFAusH.exe
  2⤵
  PID:8156
- C:\Windows\System\LPtqqxE.exe
  C:\Windows\System\LPtqqxE.exe
  2⤵
  PID:1612
- C:\Windows\System\tMNAfPw.exe
  C:\Windows\System\tMNAfPw.exe
  2⤵
  PID:7256
- C:\Windows\System\beryoFP.exe
  C:\Windows\System\beryoFP.exe
  2⤵
  PID:7284
- C:\Windows\System\PMVHlwr.exe
  C:\Windows\System\PMVHlwr.exe
  2⤵
  PID:7832
- C:\Windows\System\UdTymQt.exe
  C:\Windows\System\UdTymQt.exe
  2⤵
  PID:7660
- C:\Windows\System\azShyyC.exe
  C:\Windows\System\azShyyC.exe
  2⤵
  PID:7272
- C:\Windows\System\PMPdNFr.exe
  C:\Windows\System\PMPdNFr.exe
  2⤵
  PID:7440
- C:\Windows\System\fMojznZ.exe
  C:\Windows\System\fMojznZ.exe
  2⤵
  PID:7704
- C:\Windows\System\WyfvcHC.exe
  C:\Windows\System\WyfvcHC.exe
  2⤵
  PID:436
- C:\Windows\System\QaFGhCx.exe
  C:\Windows\System\QaFGhCx.exe
  2⤵
  PID:1616
- C:\Windows\System\mxBQqsc.exe
  C:\Windows\System\mxBQqsc.exe
  2⤵
  PID:6480
- C:\Windows\System\hbpgtPm.exe
  C:\Windows\System\hbpgtPm.exe
  2⤵
  PID:7788
- C:\Windows\System\mSDpzLS.exe
  C:\Windows\System\mSDpzLS.exe
  2⤵
  PID:7620
- C:\Windows\System\fCKcGiq.exe
  C:\Windows\System\fCKcGiq.exe
  2⤵
  PID:1572
- C:\Windows\System\zwylGPz.exe
  C:\Windows\System\zwylGPz.exe
  2⤵
  PID:2192
- C:\Windows\System\pSmfLfM.exe
  C:\Windows\System\pSmfLfM.exe
  2⤵
  PID:6432
- C:\Windows\System\bpDHHDz.exe
  C:\Windows\System\bpDHHDz.exe
  2⤵
  PID:8152
- C:\Windows\System\mTYMCvk.exe
  C:\Windows\System\mTYMCvk.exe
  2⤵
  PID:7856
- C:\Windows\System\BHFLlZL.exe
  C:\Windows\System\BHFLlZL.exe
  2⤵
  PID:7516
- C:\Windows\System\CcYnwwV.exe
  C:\Windows\System\CcYnwwV.exe
  2⤵
  PID:2928
- C:\Windows\System\pAfmidu.exe
  C:\Windows\System\pAfmidu.exe
  2⤵
  PID:2888
- C:\Windows\System\rRNWNBN.exe
  C:\Windows\System\rRNWNBN.exe
  2⤵
  PID:7740
- C:\Windows\System\ayYXsHM.exe
  C:\Windows\System\ayYXsHM.exe
  2⤵
  PID:7624
- C:\Windows\System\HiTazBG.exe
  C:\Windows\System\HiTazBG.exe
  2⤵
  PID:2692
- C:\Windows\System\mDYlLYU.exe
  C:\Windows\System\mDYlLYU.exe
  2⤵
  PID:7396
- C:\Windows\System\rhrrrmG.exe
  C:\Windows\System\rhrrrmG.exe
  2⤵
  PID:7424
- C:\Windows\System\ZGbcEJB.exe
  C:\Windows\System\ZGbcEJB.exe
  2⤵
  PID:6412
- C:\Windows\System\OAFeOnJ.exe
  C:\Windows\System\OAFeOnJ.exe
  2⤵
  PID:8188
- C:\Windows\System\gaxsOpb.exe
  C:\Windows\System\gaxsOpb.exe
  2⤵
  PID:1108
- C:\Windows\System\YtsSjLP.exe
  C:\Windows\System\YtsSjLP.exe
  2⤵
  PID:2432
- C:\Windows\System\enEXsjP.exe
  C:\Windows\System\enEXsjP.exe
  2⤵
  PID:612
- C:\Windows\System\fzktBZM.exe
  C:\Windows\System\fzktBZM.exe
  2⤵
  PID:7904
- C:\Windows\System\yoRMFMq.exe
  C:\Windows\System\yoRMFMq.exe
  2⤵
  PID:7900
- C:\Windows\System\mrEYdfh.exe
  C:\Windows\System\mrEYdfh.exe
  2⤵
  PID:2084
- C:\Windows\System\gHXflJx.exe
  C:\Windows\System\gHXflJx.exe
  2⤵
  PID:2500
- C:\Windows\System\QUGHuMi.exe
  C:\Windows\System\QUGHuMi.exe
  2⤵
  PID:2080
- C:\Windows\System\gOAkusU.exe
  C:\Windows\System\gOAkusU.exe
  2⤵
  PID:6824
- C:\Windows\System\GZUwyEd.exe
  C:\Windows\System\GZUwyEd.exe
  2⤵
  PID:7840
- C:\Windows\System\dCFWnkL.exe
  C:\Windows\System\dCFWnkL.exe
  2⤵
  PID:2488
- C:\Windows\System\hTmJAqJ.exe
  C:\Windows\System\hTmJAqJ.exe
  2⤵
  PID:8196
- C:\Windows\System\YFQMlrl.exe
  C:\Windows\System\YFQMlrl.exe
  2⤵
  PID:8212
- C:\Windows\System\kjoNfKd.exe
  C:\Windows\System\kjoNfKd.exe
  2⤵
  PID:8228
- C:\Windows\System\DgScHXY.exe
  C:\Windows\System\DgScHXY.exe
  2⤵
  PID:8244
- C:\Windows\System\jzrAkME.exe
  C:\Windows\System\jzrAkME.exe
  2⤵
  PID:8260
- C:\Windows\System\oaSjCyd.exe
  C:\Windows\System\oaSjCyd.exe
  2⤵
  PID:8276
- C:\Windows\System\FYcAkXr.exe
  C:\Windows\System\FYcAkXr.exe
  2⤵
  PID:8292
- C:\Windows\System\ADORIoH.exe
  C:\Windows\System\ADORIoH.exe
  2⤵
  PID:8308
- C:\Windows\System\hlLInsI.exe
  C:\Windows\System\hlLInsI.exe
  2⤵
  PID:8324
- C:\Windows\System\PXIynZF.exe
  C:\Windows\System\PXIynZF.exe
  2⤵
  PID:8340
- C:\Windows\System\VXRgBWc.exe
  C:\Windows\System\VXRgBWc.exe
  2⤵
  PID:8356
- C:\Windows\System\aEdUZul.exe
  C:\Windows\System\aEdUZul.exe
  2⤵
  PID:8372
- C:\Windows\System\nhdLDPZ.exe
  C:\Windows\System\nhdLDPZ.exe
  2⤵
  PID:8388
- C:\Windows\System\BAhggVi.exe
  C:\Windows\System\BAhggVi.exe
  2⤵
  PID:8404
- C:\Windows\System\izIeKGd.exe
  C:\Windows\System\izIeKGd.exe
  2⤵
  PID:8420
- C:\Windows\System\mxEsCsS.exe
  C:\Windows\System\mxEsCsS.exe
  2⤵
  PID:8436
- C:\Windows\System\HpAbcVP.exe
  C:\Windows\System\HpAbcVP.exe
  2⤵
  PID:8452
- C:\Windows\System\jasvbSe.exe
  C:\Windows\System\jasvbSe.exe
  2⤵
  PID:8468
- C:\Windows\System\noPVbYe.exe
  C:\Windows\System\noPVbYe.exe
  2⤵
  PID:8484
- C:\Windows\System\oLtbRUF.exe
  C:\Windows\System\oLtbRUF.exe
  2⤵
  PID:8500
- C:\Windows\System\vnDsbJx.exe
  C:\Windows\System\vnDsbJx.exe
  2⤵
  PID:8516
- C:\Windows\System\CKIMPtP.exe
  C:\Windows\System\CKIMPtP.exe
  2⤵
  PID:8532
- C:\Windows\System\dBzRkHs.exe
  C:\Windows\System\dBzRkHs.exe
  2⤵
  PID:8552
- C:\Windows\System\ybQSLGc.exe
  C:\Windows\System\ybQSLGc.exe
  2⤵
  PID:8568
- C:\Windows\System\XCrPGoX.exe
  C:\Windows\System\XCrPGoX.exe
  2⤵
  PID:8584
- C:\Windows\System\IOmjQfQ.exe
  C:\Windows\System\IOmjQfQ.exe
  2⤵
  PID:8600
- C:\Windows\System\nIryadX.exe
  C:\Windows\System\nIryadX.exe
  2⤵
  PID:8616
- C:\Windows\System\PaIBecB.exe
  C:\Windows\System\PaIBecB.exe
  2⤵
  PID:8632
- C:\Windows\System\yrzrMvD.exe
  C:\Windows\System\yrzrMvD.exe
  2⤵
  PID:8648
- C:\Windows\System\LYPxXaa.exe
  C:\Windows\System\LYPxXaa.exe
  2⤵
  PID:8664
- C:\Windows\System\dgeIqSe.exe
  C:\Windows\System\dgeIqSe.exe
  2⤵
  PID:8680
- C:\Windows\System\HLvnZYg.exe
  C:\Windows\System\HLvnZYg.exe
  2⤵
  PID:8696
- C:\Windows\System\OeUUmMb.exe
  C:\Windows\System\OeUUmMb.exe
  2⤵
  PID:8712
- C:\Windows\System\UMSaSpQ.exe
  C:\Windows\System\UMSaSpQ.exe
  2⤵
  PID:8728
- C:\Windows\System\PSrdPKU.exe
  C:\Windows\System\PSrdPKU.exe
  2⤵
  PID:8744
- C:\Windows\System\FtOrdLX.exe
  C:\Windows\System\FtOrdLX.exe
  2⤵
  PID:8760
- C:\Windows\System\lzzVgQq.exe
  C:\Windows\System\lzzVgQq.exe
  2⤵
  PID:8776
- C:\Windows\System\YJNUVeA.exe
  C:\Windows\System\YJNUVeA.exe
  2⤵
  PID:8792
- C:\Windows\System\bhPYdaM.exe
  C:\Windows\System\bhPYdaM.exe
  2⤵
  PID:8808
- C:\Windows\System\ZRrZWeR.exe
  C:\Windows\System\ZRrZWeR.exe
  2⤵
  PID:8824
- C:\Windows\System\qGFYHfC.exe
  C:\Windows\System\qGFYHfC.exe
  2⤵
  PID:8840
- C:\Windows\System\SYgFBoX.exe
  C:\Windows\System\SYgFBoX.exe
  2⤵
  PID:8856
- C:\Windows\System\iApMMlP.exe
  C:\Windows\System\iApMMlP.exe
  2⤵
  PID:8872
- C:\Windows\System\pNvIwAP.exe
  C:\Windows\System\pNvIwAP.exe
  2⤵
  PID:8888
- C:\Windows\System\SMtRZHE.exe
  C:\Windows\System\SMtRZHE.exe
  2⤵
  PID:8904
- C:\Windows\System\nunMWEj.exe
  C:\Windows\System\nunMWEj.exe
  2⤵
  PID:8920
- C:\Windows\System\qZROMsd.exe
  C:\Windows\System\qZROMsd.exe
  2⤵
  PID:8936
- C:\Windows\System\fEfNicD.exe
  C:\Windows\System\fEfNicD.exe
  2⤵
  PID:8952
- C:\Windows\System\nydNbWL.exe
  C:\Windows\System\nydNbWL.exe
  2⤵
  PID:8968
- C:\Windows\System\dMqXPcG.exe
  C:\Windows\System\dMqXPcG.exe
  2⤵
  PID:8984
- C:\Windows\System\TebKnYY.exe
  C:\Windows\System\TebKnYY.exe
  2⤵
  PID:9000
- C:\Windows\System\NBHXNhm.exe
  C:\Windows\System\NBHXNhm.exe
  2⤵
  PID:9016
- C:\Windows\System\MlaFPsW.exe
  C:\Windows\System\MlaFPsW.exe
  2⤵
  PID:9036
- C:\Windows\System\pWKkbEx.exe
  C:\Windows\System\pWKkbEx.exe
  2⤵
  PID:9052
- C:\Windows\System\KLlNbUc.exe
  C:\Windows\System\KLlNbUc.exe
  2⤵
  PID:9068
- C:\Windows\System\pNXkuhM.exe
  C:\Windows\System\pNXkuhM.exe
  2⤵
  PID:9084
- C:\Windows\System\CCVlLSh.exe
  C:\Windows\System\CCVlLSh.exe
  2⤵
  PID:9100
- C:\Windows\System\ptHIgJB.exe
  C:\Windows\System\ptHIgJB.exe
  2⤵
  PID:9116
- C:\Windows\System\SgjHvAe.exe
  C:\Windows\System\SgjHvAe.exe
  2⤵
  PID:9132
- C:\Windows\System\vSFkzLm.exe
  C:\Windows\System\vSFkzLm.exe
  2⤵
  PID:9148
- C:\Windows\System\zXvsaHy.exe
  C:\Windows\System\zXvsaHy.exe
  2⤵
  PID:9164
- C:\Windows\System\vRXfwiV.exe
  C:\Windows\System\vRXfwiV.exe
  2⤵
  PID:9180
- C:\Windows\System\lEmWmvA.exe
  C:\Windows\System\lEmWmvA.exe
  2⤵
  PID:9196
- C:\Windows\System\oHKerZj.exe
  C:\Windows\System\oHKerZj.exe
  2⤵
  PID:9212
- C:\Windows\System\XXnQQej.exe
  C:\Windows\System\XXnQQej.exe
  2⤵
  PID:8236
- C:\Windows\System\HXXwWnw.exe
  C:\Windows\System\HXXwWnw.exe
  2⤵
  PID:8272
- C:\Windows\System\rCtrLSj.exe
  C:\Windows\System\rCtrLSj.exe
  2⤵
  PID:1400
- C:\Windows\System\gQahUff.exe
  C:\Windows\System\gQahUff.exe
  2⤵
  PID:8336
- C:\Windows\System\xQKWdaP.exe
  C:\Windows\System\xQKWdaP.exe
  2⤵
  PID:8220
- C:\Windows\System\EeBsTzp.exe
  C:\Windows\System\EeBsTzp.exe
  2⤵
  PID:8364
- C:\Windows\System\DqlcpEG.exe
  C:\Windows\System\DqlcpEG.exe
  2⤵
  PID:8396
- C:\Windows\System\jsOJSKN.exe
  C:\Windows\System\jsOJSKN.exe
  2⤵
  PID:8460
- C:\Windows\System\vJBNBNC.exe
  C:\Windows\System\vJBNBNC.exe
  2⤵
  PID:8524
- C:\Windows\System\aEHrQIQ.exe
  C:\Windows\System\aEHrQIQ.exe
  2⤵
  PID:8476
- C:\Windows\System\rKzZyrJ.exe
  C:\Windows\System\rKzZyrJ.exe
  2⤵
  PID:8560
- C:\Windows\System\qJBQBoB.exe
  C:\Windows\System\qJBQBoB.exe
  2⤵
  PID:8480
- C:\Windows\System\voEslWz.exe
  C:\Windows\System\voEslWz.exe
  2⤵
  PID:7536
- C:\Windows\System\wNZmCEo.exe
  C:\Windows\System\wNZmCEo.exe
  2⤵
  PID:8628
- C:\Windows\System\vqRIBMp.exe
  C:\Windows\System\vqRIBMp.exe
  2⤵
  PID:8576
- C:\Windows\System\JwbPzDj.exe
  C:\Windows\System\JwbPzDj.exe
  2⤵
  PID:8692
- C:\Windows\System\mvwdZRz.exe
  C:\Windows\System\mvwdZRz.exe
  2⤵
  PID:8720
- C:\Windows\System\IoueNnx.exe
  C:\Windows\System\IoueNnx.exe
  2⤵
  PID:8676
- C:\Windows\System\LzuLIrf.exe
  C:\Windows\System\LzuLIrf.exe
  2⤵
  PID:8756
- C:\Windows\System\ymYTFNs.exe
  C:\Windows\System\ymYTFNs.exe
  2⤵
  PID:8772
- C:\Windows\System\LempXEP.exe
  C:\Windows\System\LempXEP.exe
  2⤵
  PID:8848
- C:\Windows\System\MLuijmX.exe
  C:\Windows\System\MLuijmX.exe
  2⤵
  PID:8832
- C:\Windows\System\YjTEvWO.exe
  C:\Windows\System\YjTEvWO.exe
  2⤵
  PID:8864
- C:\Windows\System\msGLvcZ.exe
  C:\Windows\System\msGLvcZ.exe
  2⤵
  PID:8960
- C:\Windows\System\fBAPqDF.exe
  C:\Windows\System\fBAPqDF.exe
  2⤵
  PID:8976
- C:\Windows\System\nBiqPfi.exe
  C:\Windows\System\nBiqPfi.exe
  2⤵
  PID:9008
- C:\Windows\System\gGjXQjm.exe
  C:\Windows\System\gGjXQjm.exe
  2⤵
  PID:8996
- C:\Windows\System\WnURctR.exe
  C:\Windows\System\WnURctR.exe
  2⤵
  PID:9028
- C:\Windows\System\xpPIxGr.exe
  C:\Windows\System\xpPIxGr.exe
  2⤵
  PID:9140
- C:\Windows\System\PRFkagK.exe
  C:\Windows\System\PRFkagK.exe
  2⤵
  PID:9060
- C:\Windows\System\PYWNOwI.exe
  C:\Windows\System\PYWNOwI.exe
  2⤵
  PID:9064
- C:\Windows\System\glOUpDm.exe
  C:\Windows\System\glOUpDm.exe
  2⤵
  PID:1684
- C:\Windows\System\wQPiGvH.exe
  C:\Windows\System\wQPiGvH.exe
  2⤵
  PID:9096
- C:\Windows\System\lbFeZOw.exe
  C:\Windows\System\lbFeZOw.exe
  2⤵
  PID:8268
- C:\Windows\System\uEumYZv.exe
  C:\Windows\System\uEumYZv.exe
  2⤵
  PID:2560
- C:\Windows\System\vghUtEO.exe
  C:\Windows\System\vghUtEO.exe
  2⤵
  PID:8432
- C:\Windows\System\utbtZQm.exe
  C:\Windows\System\utbtZQm.exe
  2⤵
  PID:7420
- C:\Windows\System\PiVOtBe.exe
  C:\Windows\System\PiVOtBe.exe
  2⤵
  PID:7944
- C:\Windows\System\mIIdcEs.exe
  C:\Windows\System\mIIdcEs.exe
  2⤵
  PID:8384
- C:\Windows\System\cBCdGtz.exe
  C:\Windows\System\cBCdGtz.exe
  2⤵
  PID:8448
- C:\Windows\System\GCjNQJV.exe
  C:\Windows\System\GCjNQJV.exe
  2⤵
  PID:8660
- C:\Windows\System\AHNEnzl.exe
  C:\Windows\System\AHNEnzl.exe
  2⤵
  PID:8412
- C:\Windows\System\KgwHpHp.exe
  C:\Windows\System\KgwHpHp.exe
  2⤵
  PID:8880
- C:\Windows\System\JkZjgRG.exe
  C:\Windows\System\JkZjgRG.exe
  2⤵
  PID:8512
- C:\Windows\System\nuzScRH.exe
  C:\Windows\System\nuzScRH.exe
  2⤵
  PID:8612
- C:\Windows\System\aOyZZrU.exe
  C:\Windows\System\aOyZZrU.exe
  2⤵
  PID:8836
- C:\Windows\System\TeNCoJM.exe
  C:\Windows\System\TeNCoJM.exe
  2⤵
  PID:8820
- C:\Windows\System\MRWuFNS.exe
  C:\Windows\System\MRWuFNS.exe
  2⤵
  PID:7652
- C:\Windows\System\mCCJVKS.exe
  C:\Windows\System\mCCJVKS.exe
  2⤵
  PID:8916
- C:\Windows\System\AWwGwKq.exe
  C:\Windows\System\AWwGwKq.exe
  2⤵
  PID:9076
- C:\Windows\System\bQtAGLF.exe
  C:\Windows\System\bQtAGLF.exe
  2⤵
  PID:8992
- C:\Windows\System\pvpXrnq.exe
  C:\Windows\System\pvpXrnq.exe
  2⤵
  PID:9208
- C:\Windows\System\GhZPXIK.exe
  C:\Windows\System\GhZPXIK.exe
  2⤵
  PID:8332
- C:\Windows\System\NdRAOrH.exe
  C:\Windows\System\NdRAOrH.exe
  2⤵
  PID:556
- C:\Windows\System\qhwtpIn.exe
  C:\Windows\System\qhwtpIn.exe
  2⤵
  PID:8316
- C:\Windows\System\RVVwfDN.exe
  C:\Windows\System\RVVwfDN.exe
  2⤵
  PID:9192
- C:\Windows\System\bhSuNKg.exe
  C:\Windows\System\bhSuNKg.exe
  2⤵
  PID:8564
- C:\Windows\System\QjuJDAp.exe
  C:\Windows\System\QjuJDAp.exe
  2⤵
  PID:8896
- C:\Windows\System\aLzKYwi.exe
  C:\Windows\System\aLzKYwi.exe
  2⤵
  PID:8644
- C:\Windows\System\lBzfeul.exe
  C:\Windows\System\lBzfeul.exe
  2⤵
  PID:8768
- C:\Windows\System\vMZPlbS.exe
  C:\Windows\System\vMZPlbS.exe
  2⤵
  PID:8740
- C:\Windows\System\fNsFtlp.exe
  C:\Windows\System\fNsFtlp.exe
  2⤵
  PID:8900
- C:\Windows\System\OCbRPRV.exe
  C:\Windows\System\OCbRPRV.exe
  2⤵
  PID:1112
- C:\Windows\System\INakGiK.exe
  C:\Windows\System\INakGiK.exe
  2⤵
  PID:8688
- C:\Windows\System\sHoIpkK.exe
  C:\Windows\System\sHoIpkK.exe
  2⤵
  PID:9024
- C:\Windows\System\JOmIfdV.exe
  C:\Windows\System\JOmIfdV.exe
  2⤵
  PID:8288
- C:\Windows\System\ybzHRFW.exe
  C:\Windows\System\ybzHRFW.exe
  2⤵
  PID:8416
- C:\Windows\System\OzOWiVQ.exe
  C:\Windows\System\OzOWiVQ.exe
  2⤵
  PID:432
- C:\Windows\System\wPbQSxg.exe
  C:\Windows\System\wPbQSxg.exe
  2⤵
  PID:8304
- C:\Windows\System\NwtbTQg.exe
  C:\Windows\System\NwtbTQg.exe
  2⤵
  PID:9204
- C:\Windows\System\TxOyyHO.exe
  C:\Windows\System\TxOyyHO.exe
  2⤵
  PID:8400
- C:\Windows\System\ujTgShz.exe
  C:\Windows\System\ujTgShz.exe
  2⤵
  PID:7648
- C:\Windows\System\BNWEUxG.exe
  C:\Windows\System\BNWEUxG.exe
  2⤵
  PID:8964
- C:\Windows\System\rtdMXqp.exe
  C:\Windows\System\rtdMXqp.exe
  2⤵
  PID:9228
- C:\Windows\System\BmTCJjd.exe
  C:\Windows\System\BmTCJjd.exe
  2⤵
  PID:9244
- C:\Windows\System\dyVxNcS.exe
  C:\Windows\System\dyVxNcS.exe
  2⤵
  PID:9260
- C:\Windows\System\AyBFZQy.exe
  C:\Windows\System\AyBFZQy.exe
  2⤵
  PID:9276
- C:\Windows\System\zoauHXh.exe
  C:\Windows\System\zoauHXh.exe
  2⤵
  PID:9292
- C:\Windows\System\IxXLRYi.exe
  C:\Windows\System\IxXLRYi.exe
  2⤵
  PID:9308
- C:\Windows\System\MGgqGLk.exe
  C:\Windows\System\MGgqGLk.exe
  2⤵
  PID:9324
- C:\Windows\System\PhPovEc.exe
  C:\Windows\System\PhPovEc.exe
  2⤵
  PID:9340
- C:\Windows\System\kBvJgut.exe
  C:\Windows\System\kBvJgut.exe
  2⤵
  PID:9356
- C:\Windows\System\vtONRtx.exe
  C:\Windows\System\vtONRtx.exe
  2⤵
  PID:9372
- C:\Windows\System\ylznhkE.exe
  C:\Windows\System\ylznhkE.exe
  2⤵
  PID:9388
- C:\Windows\System\ACacGGZ.exe
  C:\Windows\System\ACacGGZ.exe
  2⤵
  PID:9404
- C:\Windows\System\HzaPmDv.exe
  C:\Windows\System\HzaPmDv.exe
  2⤵
  PID:9424
- C:\Windows\System\uVPBfKe.exe
  C:\Windows\System\uVPBfKe.exe
  2⤵
  PID:9440
- C:\Windows\System\vECrhKG.exe
  C:\Windows\System\vECrhKG.exe
  2⤵
  PID:9456
- C:\Windows\System\SkcpPEY.exe
  C:\Windows\System\SkcpPEY.exe
  2⤵
  PID:9472
- C:\Windows\System\spSeSpd.exe
  C:\Windows\System\spSeSpd.exe
  2⤵
  PID:9488
- C:\Windows\System\fmgYYiI.exe
  C:\Windows\System\fmgYYiI.exe
  2⤵
  PID:9504
- C:\Windows\System\rEcyHQL.exe
  C:\Windows\System\rEcyHQL.exe
  2⤵
  PID:9520
- C:\Windows\System\NBJHBtG.exe
  C:\Windows\System\NBJHBtG.exe
  2⤵
  PID:9536
- C:\Windows\System\vlZhcjZ.exe
  C:\Windows\System\vlZhcjZ.exe
  2⤵
  PID:9552
- C:\Windows\System\oZpWbRc.exe
  C:\Windows\System\oZpWbRc.exe
  2⤵
  PID:9568
- C:\Windows\System\esSAeaP.exe
  C:\Windows\System\esSAeaP.exe
  2⤵
  PID:9584
- C:\Windows\System\oPmVDAZ.exe
  C:\Windows\System\oPmVDAZ.exe
  2⤵
  PID:9600
- C:\Windows\System\MRjrYVq.exe
  C:\Windows\System\MRjrYVq.exe
  2⤵
  PID:9616
- C:\Windows\System\hkLDoxh.exe
  C:\Windows\System\hkLDoxh.exe
  2⤵
  PID:9632
- C:\Windows\System\TUBWBzo.exe
  C:\Windows\System\TUBWBzo.exe
  2⤵
  PID:9648
- C:\Windows\System\zdFoAhy.exe
  C:\Windows\System\zdFoAhy.exe
  2⤵
  PID:9664
- C:\Windows\System\GlSjkoT.exe
  C:\Windows\System\GlSjkoT.exe
  2⤵
  PID:9680
- C:\Windows\System\XnkrEFN.exe
  C:\Windows\System\XnkrEFN.exe
  2⤵
  PID:9696
- C:\Windows\System\IjusQkd.exe
  C:\Windows\System\IjusQkd.exe
  2⤵
  PID:9712
- C:\Windows\System\cKcQlpe.exe
  C:\Windows\System\cKcQlpe.exe
  2⤵
  PID:9728
- C:\Windows\System\QWJURIB.exe
  C:\Windows\System\QWJURIB.exe
  2⤵
  PID:9744
- C:\Windows\System\CJkBoGH.exe
  C:\Windows\System\CJkBoGH.exe
  2⤵
  PID:9760
- C:\Windows\System\KvXagFW.exe
  C:\Windows\System\KvXagFW.exe
  2⤵
  PID:9776
- C:\Windows\System\AnryGTd.exe
  C:\Windows\System\AnryGTd.exe
  2⤵
  PID:9792
- C:\Windows\System\uEGNDDt.exe
  C:\Windows\System\uEGNDDt.exe
  2⤵
  PID:9808
- C:\Windows\System\iXgYYQc.exe
  C:\Windows\System\iXgYYQc.exe
  2⤵
  PID:9824
- C:\Windows\System\OAgSMvV.exe
  C:\Windows\System\OAgSMvV.exe
  2⤵
  PID:9840
- C:\Windows\System\LfuajMq.exe
  C:\Windows\System\LfuajMq.exe
  2⤵
  PID:9856
- C:\Windows\System\dXVTNHj.exe
  C:\Windows\System\dXVTNHj.exe
  2⤵
  PID:9872
- C:\Windows\System\wdZiQKm.exe
  C:\Windows\System\wdZiQKm.exe
  2⤵
  PID:9888
- C:\Windows\System\HScUKcn.exe
  C:\Windows\System\HScUKcn.exe
  2⤵
  PID:9904
- C:\Windows\System\WKigBZd.exe
  C:\Windows\System\WKigBZd.exe
  2⤵
  PID:9924
- C:\Windows\System\uVZjICV.exe
  C:\Windows\System\uVZjICV.exe
  2⤵
  PID:9940
- C:\Windows\System\eLQGzGv.exe
  C:\Windows\System\eLQGzGv.exe
  2⤵
  PID:9956
- C:\Windows\System\OEUoKVq.exe
  C:\Windows\System\OEUoKVq.exe
  2⤵
  PID:9972
- C:\Windows\System\zsjMFAc.exe
  C:\Windows\System\zsjMFAc.exe
  2⤵
  PID:9988
- C:\Windows\System\pYMUWGb.exe
  C:\Windows\System\pYMUWGb.exe
  2⤵
  PID:10004
- C:\Windows\System\nMJcchy.exe
  C:\Windows\System\nMJcchy.exe
  2⤵
  PID:10020
- C:\Windows\System\ZURaxsm.exe
  C:\Windows\System\ZURaxsm.exe
  2⤵
  PID:10036
- C:\Windows\System\brGyOmV.exe
  C:\Windows\System\brGyOmV.exe
  2⤵
  PID:10052
- C:\Windows\System\kQPKULc.exe
  C:\Windows\System\kQPKULc.exe
  2⤵
  PID:10068
- C:\Windows\System\yFQtYJr.exe
  C:\Windows\System\yFQtYJr.exe
  2⤵
  PID:10084
- C:\Windows\System\gWHuDnJ.exe
  C:\Windows\System\gWHuDnJ.exe
  2⤵
  PID:10100
- C:\Windows\System\kvdOmwq.exe
  C:\Windows\System\kvdOmwq.exe
  2⤵
  PID:10116
- C:\Windows\System\GhgeEFL.exe
  C:\Windows\System\GhgeEFL.exe
  2⤵
  PID:10132
- C:\Windows\System\LmrciJM.exe
  C:\Windows\System\LmrciJM.exe
  2⤵
  PID:10148
- C:\Windows\System\QLJJJtu.exe
  C:\Windows\System\QLJJJtu.exe
  2⤵
  PID:10176
- C:\Windows\System\LsVJsIW.exe
  C:\Windows\System\LsVJsIW.exe
  2⤵
  PID:10192
- C:\Windows\System\OkDCJJg.exe
  C:\Windows\System\OkDCJJg.exe
  2⤵
  PID:10208
- C:\Windows\System\mobQZxk.exe
  C:\Windows\System\mobQZxk.exe
  2⤵
  PID:10224
- C:\Windows\System\SAXfxsp.exe
  C:\Windows\System\SAXfxsp.exe
  2⤵
  PID:9220
- C:\Windows\System\AlQfHqQ.exe
  C:\Windows\System\AlQfHqQ.exe
  2⤵
  PID:9284
- C:\Windows\System\nnDzayk.exe
  C:\Windows\System\nnDzayk.exe
  2⤵
  PID:9240
- C:\Windows\System\gdYegsd.exe
  C:\Windows\System\gdYegsd.exe
  2⤵
  PID:9272
- C:\Windows\System\CbcXJvJ.exe
  C:\Windows\System\CbcXJvJ.exe
  2⤵
  PID:9300
- C:\Windows\System\xloggDU.exe
  C:\Windows\System\xloggDU.exe
  2⤵
  PID:9336
- C:\Windows\System\vxJuait.exe
  C:\Windows\System\vxJuait.exe
  2⤵
  PID:9368
- C:\Windows\System\WUsQVGJ.exe
  C:\Windows\System\WUsQVGJ.exe
  2⤵
  PID:9448
- C:\Windows\System\cGmnHqF.exe
  C:\Windows\System\cGmnHqF.exe
  2⤵
  PID:9480
- C:\Windows\System\IrRHNxv.exe
  C:\Windows\System\IrRHNxv.exe
  2⤵
  PID:9528
- C:\Windows\System\CrJeEwv.exe
  C:\Windows\System\CrJeEwv.exe
  2⤵
  PID:9548
- C:\Windows\System\BlQCQkW.exe
  C:\Windows\System\BlQCQkW.exe
  2⤵
  PID:9560
- C:\Windows\System\mvVhOaa.exe
  C:\Windows\System\mvVhOaa.exe
  2⤵
  PID:9580
- C:\Windows\System\itXLsdq.exe
  C:\Windows\System\itXLsdq.exe
  2⤵
  PID:9640
- C:\Windows\System\HMnsLAC.exe
  C:\Windows\System\HMnsLAC.exe
  2⤵
  PID:9660
- C:\Windows\System\uLCXnFb.exe
  C:\Windows\System\uLCXnFb.exe
  2⤵
  PID:9624
- C:\Windows\System\jpgrWku.exe
  C:\Windows\System\jpgrWku.exe
  2⤵
  PID:9692
- C:\Windows\System\IzljhuF.exe
  C:\Windows\System\IzljhuF.exe
  2⤵
  PID:9752
- C:\Windows\System\tYSTSOK.exe
  C:\Windows\System\tYSTSOK.exe
  2⤵
  PID:9772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CGhqrdw.exe

Filesize
6.0MB

MD5
5b5471fbf65bcd5888a0871d14328f0e

SHA1
d09873ad26d7277f6e3e92205154488419770850

SHA256
5f256609cf919e0c4f62b3ccffc65b91cdf987ffa98854916ccfbd4db999e3c8

SHA512
67d41fe57868137fbe0d419e8befbe7459dff3c4e49c80009aaf247cd00fcb7f7c9ba4f60c1ce76167709b8ce82c3396884b2fbefa64c0b178dbd8e9af3433d1

Download Submit
C:\Windows\system\CPFnDHt.exe

Filesize
6.0MB

MD5
76dd597cd8f0b23661c37128e363c0c7

SHA1
b28e9f3d5fef61c5a24efc6d0b167572eb549eed

SHA256
738891e19a7c25f5c7b773e6d8d85ccd4eac3e439ceb2bea82a3d9f5b477fd3b

SHA512
7c5c19e9a4a2f414c1328915540eadc47d44893915e0eb008eec8dfdb9e4469a2ccf4835b63c39fc54c4155550f6334bdf2de25c60aa260d6309493ed5755e2f

Download Submit
C:\Windows\system\CUISDRE.exe

Filesize
6.0MB

MD5
ee327004bd05837111d6af31611eb485

SHA1
717e2ef688c6311873680cdf576b92c8a658831a

SHA256
acd793f8bd463c8b333c66db760a4e9555b12b9dab35673f098622c431f74526

SHA512
c37dcabb695a6020abeae257bf7d7b7f9f95f1bdb7509ef26550aca78e589cfbb65c997293ab98031e7aa4befac1bf5e335285c264e790ebdc53276ef0b125bf

Download Submit
C:\Windows\system\DbARmiu.exe

Filesize
6.0MB

MD5
ee9fba0b578ec517ee9d947cc6d1c223

SHA1
b5e2a2b7859a3327a6994636232709dedfcbbd84

SHA256
ac6dcdaf114cabec0c21d7eaf53696b4029a8a06f329f41b988222f0dab90c48

SHA512
dbc12b5cf1bb9a352c9eceed79dedebd4c9749bffc49845061fc89f510779ec26ee680a1c68779e7450fd9273c629c1655a4f676913c6ff7cf259c6ca2322e8b

Download Submit
C:\Windows\system\FtkvMOY.exe

Filesize
6.0MB

MD5
228261881bb13bd9f86b335225cbed9c

SHA1
c816b118f043ec5b346c8cb1e97442bc2fd52d61

SHA256
6e1ecfec29f5dc60075cac5cba326118b3b29b7a04fb9685784cc2b62528b048

SHA512
9187edb22c5adf08ee3cf02295f0286a02f7808a75d686cd7d907c17f483c4ce6240d91a94bcbfa78d39cdc3767cedcc3a163060b3495777fdaa15a04b1d06c5

Download Submit
C:\Windows\system\ICYabSi.exe

Filesize
6.0MB

MD5
ef6cd976b049b91c09e5adf354b1bb31

SHA1
5293160dfbf95fed4ec97fa63fbe35d5a88d1010

SHA256
9acbe73f82d1ae8a6ba7a3e010c715f6cac5f7e99afcf61aa1a30e8ba3d050da

SHA512
02a5f344208605c0dab294498742007441210052bca35f980d74f8859740a685d2d901254809c83f6e3ba94c8c6614c20d1788fa9266284135245fe90de505f2

Download Submit
C:\Windows\system\KPHEPYQ.exe

Filesize
6.0MB

MD5
1542807d57d4d5f4d28f0041736b23b8

SHA1
0a8f4fffbb25f52e0b5587513301f03a7a3bd985

SHA256
f03346ea7880f99273caaded62a0ca58396ba4c7fad5676e851fe53a42793e0a

SHA512
727ce823f22b8307d9f5c85db9b065d09974fa302d52b2e1831b5e3f27f3a8e42008004c9ca41bee026bf7e0fc986446da85a628639dd3481eef1c06be9a3053

Download Submit
C:\Windows\system\NLUTkbX.exe

Filesize
6.0MB

MD5
66573daebd8bb136551c1ff4e813cf4f

SHA1
be1242ca59c8984159956629305c55d1299a8d28

SHA256
ec6e5e3841579ea672f57c05b94e93efefa3801b20a7ffce64e4958ee3a19666

SHA512
f3a8bef7a7bee125ab40f392ec93f9b909143f5356aff8e660fabd2414ae01e2a6e6491cb7131b5ec10a4d479ff6f7c94aef8e0c564d51a656601c05a6243880

Download Submit
C:\Windows\system\RgErVND.exe

Filesize
6.0MB

MD5
14cdef82c28134ee54f73e0a3d0f2e8f

SHA1
854dce84b2e12a0d5032099fc00fbc8d2f485a54

SHA256
8f60d10f0099635d9299b827f2f3e1ccfed70cd847bad5a15b3726cd4df90308

SHA512
da0a7a3c45a871d5591edde37cbe1b3b9dcadda56506827c3b7003ee937846fa7d97ac8c7e5e53a639f3589fcb916c1a29f84c589133f9f5c958c95fb842034e

Download Submit
C:\Windows\system\SGPbQAk.exe

Filesize
6.0MB

MD5
b70e7b88a91bd5fcb5eecbf410ada772

SHA1
363405ad4e1ab5e800f8b62fe70007fabb491c0e

SHA256
86438d480936b1a90a91d5bbec708bbe3fe522629e2a11e241c4ee2b2cad8ff6

SHA512
06a04cacdc7d2d6aee9b614a9adc21e744fff6fbf9f035ffde36aa7cf0ea4a218dcfec7a9de60f310209debd2997b24dc2ce62bd759a4abd3a75f52e10635b78

Download Submit
C:\Windows\system\XrGjqUZ.exe

Filesize
6.0MB

MD5
cfc4e3864c9c773b8776a560cb80c443

SHA1
c67243540666689b2ef8472f51fc201e44644ace

SHA256
c78c049adfb21d8ce9606f5de9afea99e9154377a9b454c373c335efd44d12eb

SHA512
a6c88a1fd39bb240c8e81a4e7aa58dcf6c9aa14f9ff01dbc92d18f60ed605548b060764a38bf7f542b8e49343300d60a12830e30927f448fd80db5182cfc312a

Download Submit
C:\Windows\system\YGUucOl.exe

Filesize
6.0MB

MD5
7ec523e73ab84942b0d17c624997d846

SHA1
9ce7762e7e5f942657368129ced86168c367afac

SHA256
fe163ba0713efba52e2debf30e524d8a0c59d91ece509024d1555c3b3b11405f

SHA512
f9ee1b04da07103ff39aad7598d660b10779989b963e34b69da6e463511b6547376136eac303534e2f17bdc829c84bd2f83ad68aa270b9467a1254fe118e3ef5

Download Submit
C:\Windows\system\ZjUTVuo.exe

Filesize
6.0MB

MD5
300bb7b7a2bcc3dfd6b27e72cf5905ce

SHA1
a17db469dffdc70f9ab6547a807615a5826ceb31

SHA256
160f56ae95a0cb4270815fe67982914be5273832a37575c9fc6946a1768cce33

SHA512
11ad61fabd50ff2016295a9d15970d0bf6c5412d4f7df59b16c0f18021122fbcf97f741cae8d7bc625c3d917eb6b1df456f7e47d24b33e4fe52056a3d4908f60

Download Submit
C:\Windows\system\aUOVpjB.exe

Filesize
6.0MB

MD5
b2e185e9cfd4e9474c6531b5bc05883b

SHA1
1df03d3c16345912003f734f731f8859cdff9e43

SHA256
3d9fba4d7dc4ab6aa2a8ad76b993b70003a7e0894226fec45b0cd79871963d76

SHA512
63d9bc270d5d9df3d85d4fdc9de15ddf5ad3eb5ede0c8796e735c8cced7bfd128c6194e8672a49b790c0854f206d52675d0f06ce3fd59aa1987869161b3757fe

Download Submit
C:\Windows\system\aqRjPTk.exe

Filesize
6.0MB

MD5
9af518118da43eb88a383751d831b9b6

SHA1
9de9d2891f63bb2976cd38ba148c22ebf6f044dd

SHA256
f5d83ed65c4ea6abb3b1f4fe39b11c0b6dc6feb98d10fbbd37c6864032c77b05

SHA512
658e98cba01e744bfffe1984962b0e6003d2a8aad4f82c5354b76eeb49107ff5eac117f45ef292bfa63cfe3dd1582b4b5616ac29e243f2d5cfe6ab1c92a35ed9

Download Submit
C:\Windows\system\bjvaIDn.exe

Filesize
6.0MB

MD5
e557e6bda5004feb043d1d85ebd2c485

SHA1
2fbb345fec4daf8c9f30067c335f04d5014959ed

SHA256
b5cfbd99f1ff3f3998a468be9871e8cd3f87b2b05050a0702e4f436c0286cfc7

SHA512
76762c34e9743ee75beebead9abfa1375c278d0157641a250ba89f20f330ce0249563fc42736fc48001ae208e26990d99f9ed1564b845ac7fc007544ce241c19

Download Submit
C:\Windows\system\iAbHJyH.exe

Filesize
6.0MB

MD5
1dc9ea374f91d1c45f05c4cec819ac04

SHA1
dd8868d7abe4607883265bdf9a81561fd88134e0

SHA256
ed373395d9c40773d53f5effc585119b00bcb2b44a1ac3d6f66e7bfda6da01dd

SHA512
fd2323d62621f5216f963142827371a0f0c7dff349aeb40c57ff94fbf6e8cb9baa25f5b911a18c18e41788d02552884a923228526d66e3dfb4e8b5f7275a4a3f

Download Submit
C:\Windows\system\iiDhSIT.exe

Filesize
6.0MB

MD5
0f41a76ca34076a1f2b47f4308200747

SHA1
79aef013bc190d854edfc7053b9787d1d898b907

SHA256
3d3dc4ae3d4a9ba164f2f5a42a416a643541ae669637883d8748a2bfa7ca0eda

SHA512
314827f7a888f11dc943a6bcc90c645f7102b1983e4a654594b376b3ed21eb89e0bd399a8773536bc4b6d112cdf251c4876661bcc9c7517b7046f51da22d7d77

Download Submit
C:\Windows\system\inUNrKB.exe

Filesize
6.0MB

MD5
ddde0939479740393e5c579abefc66ab

SHA1
13ccfaf79bd3116ff923528d71d2fd93e71d6454

SHA256
e406f54379b85acd8c89aa02cce75a3de9f8b59f7e5d6b9d14b4ff5d2311ecca

SHA512
3331f149d4e5d40196d7ace3df12e91ebef9eff2bd8f202b6c2798b8baf25ac8e36359425594ac4717077e69cad21ed7a1d17581c3d6a1d415c20ac9483a90bc

Download Submit
C:\Windows\system\pbJwVLT.exe

Filesize
6.0MB

MD5
78a15f2674e194d93bcef7dc1dc185ff

SHA1
c1964ce27e8314c8ad68debf1c9e02911e386c77

SHA256
dc057cf8d4cde452fc5b1e32fe6079b806c3f6350b80ee2a5225ec0261eaf1bc

SHA512
9441891d89dee7b59f75a2434b9b88f220082c505e6ff51eae92d4a66cc0c943d74531514c48bc5152748ac8ce66c2a9ea5b5740db13647cfc966ccaa75a750c

Download Submit
C:\Windows\system\qTdwyBs.exe

Filesize
6.0MB

MD5
f1cb460f2fc41e33637e142614a62fcd

SHA1
173d3d8654d6a5cb0fb92791e09fcbd352f21c49

SHA256
11d735aa5be3f782f91e4f627e87b83838a494533aca2331e7a101dc1df9130c

SHA512
d36389348385bdeaaf094ef4043f1833da4444e320bdad605d34a3eac4916a74b583ff70fde0775ba6fc63b6c066e26244a0eb3d9249567a0e96370a7ba98c81

Download Submit
C:\Windows\system\qZGdZtp.exe

Filesize
6.0MB

MD5
218fbbb24bcf3bbb96f77df7a1d143b4

SHA1
4d6d1ab8b2e8f14b19f830aa5a9be687f8561157

SHA256
ff4e0e0fd004c96c1149a65677bdb1449c584a13a7c0ca122e367b6efdb5657e

SHA512
87870e08ad7cada2eeca99e8fa6c08d991048367cd794277f4812debf7ff824716be7c65321b6604837ccd7bd6e26b4f92fd1a2784a29b940c586540555d6a8a

Download Submit
C:\Windows\system\qaFcjwa.exe

Filesize
6.0MB

MD5
175deb66653992171bd5a2047e95d3a2

SHA1
394bb40f19bd62415283b7f7dbc4f98253a1811a

SHA256
93e305e55ba5763eddea504f7ffaf18e6bd7b91a15aeb50c06f5e2f82edb5335

SHA512
4679863c09dabeb82ac541517ce7cb99112e9e544165fa4d4fcf56b4de4fff15ee2455392bce9e1e46f26f822a6177c998580acd0a1d1a5c06a51e5d7fe5aaaa

Download Submit
C:\Windows\system\tFvjoEK.exe

Filesize
6.0MB

MD5
637c9198f13b6e5867408495a1db5b18

SHA1
3ccb3c835f59ef67c69f8609cc7a5f08816e52fc

SHA256
3e7c8e34c77275c21d95eef47b0895f9338855e254e5e2b181fac76241ae53dc

SHA512
5c14d16917d946743da0337674e4369229d55a1af0dee3eb0f4547f91b991fd9434644bebe3f5472f4e908ef279e38c1fa1bc5a7625fcb9e28889b00e74f0941

Download Submit
C:\Windows\system\wqcztmp.exe

Filesize
6.0MB

MD5
3c73a4397677fcc0f1b88a3d685a3558

SHA1
6b7a961c08201fe7606ec6fc32c8e5a276d21e59

SHA256
612414272322863e475e0478f6d34f8c0030edf0813cf1f2f959edf843409adc

SHA512
9f2107a98fc8c031a9be628ae6a4563bb3ee4c8cd7ab16e878e0791401683dc12d9b4cc55a0a41949a48394b9d077569fb95d4b3bbc5f67eb8293a4bd4db6a12

Download Submit
C:\Windows\system\xBtlHVE.exe

Filesize
6.0MB

MD5
e43b2e365fb92024b967d8333937e1f6

SHA1
8460b8374841bb13852a6683b4ad74bb94fde7e5

SHA256
dfe48d88c7797feafffce0b2e2da3b6359b863cc48e3fee4fd0fbfeb786b9c15

SHA512
8cca4a70a0854384fab58b7d621f243e01a8410bbbb64d1fb90e1bddbfe139f0f0168222c55e793c284ff84e232b4085f44f34bfed82123669eed3282d015e9e

Download Submit
C:\Windows\system\xjIwslg.exe

Filesize
6.0MB

MD5
48a4d7f64ef694741316267d425c8a29

SHA1
4455ac1f4a25c99e16fe467d43db8ca838b4f795

SHA256
a4d808252d6e242dcff6b0f278fe8dfd1ae09e39ccde4d7359a97195dc501755

SHA512
9c0e60116a9a9821ce9f4b37592dc9690750d52238c5837a9da11ad9aed5e93c3e86171fdc6b152ca052f66043ca70c8bcbece55fd9e2496da2d806f221fa18a

Download Submit
C:\Windows\system\ykrihUR.exe

Filesize
6.0MB

MD5
2dfa5077f678a67e3cc882e2914b0257

SHA1
0eb1d323c7430da5dd93dbf09cb3bf3f722112f0

SHA256
6cca576aa2833fad927f80f6a8a73a3e2d78599c5c1ae3279c22cddd3e28a54d

SHA512
2e5bbaa79815c6f64865fdeda446982bf8611598913c446732785ef9967f494284d58709a9a4a63806c732746ddc72a1c6a0d3364d5c138d5a6082dd2fe68f16

Download Submit
\Windows\system\ZsvDJCq.exe

Filesize
6.0MB

MD5
470acc7ace8d22436948ac677fc0a1f2

SHA1
714196dd52e6e8a7f982bd91c82ff04a38852515

SHA256
6bf22dd1dcfd04eb97f9af2957ea4acf3b1aee7da4c298a47a89b98348f52e8d

SHA512
8e5a053b80d3535b135bb23427dad6e6151ebb83e6be8c70a5dc292b1810649da9ce9825361dfe96d8b0eae6fef2feab6d9a243e8ab8ca5c593cf46c10707141

Download Submit
\Windows\system\kkYLQcb.exe

Filesize
6.0MB

MD5
e727f8bc5a7429a0efd47002b9891872

SHA1
6a17293a4ce74f59d5893c65530af4b088585c8f

SHA256
8538cd529a2222a3d157e105ee61e3780b7d84acc02ddd4d938f2201266cb3f5

SHA512
e8f6ecc5263c335a2bd0329f3b2c19b77ff21010ba3725d186377f7034883f52ff2071a8199d18151dc2715a9128699c5f48d0fea86c6a530a053ffcad982113

Download Submit
\Windows\system\ozVIpVI.exe

Filesize
6.0MB

MD5
799ad7e2c3390280213f391f5c63fe1b

SHA1
93a78d239361fa7eacc1e37a37ca03ca1f98d8b9

SHA256
bce3bb46915bfba35b7b48201af104da0c22cd78301e105689773a032cbac7c0

SHA512
da0b877f795c13e82516ae74b87d9c13ad4ca8a8b3bd1f0b0c1bbb4d3befc54f2016ea938f3472271f0d122ac2feaf24b5ba75fe9726df6eec71b605d7a6576b

Download Submit
\Windows\system\pUKHgop.exe

Filesize
6.0MB

MD5
7464a838119ceb8ed1c5dfaf038eccc3

SHA1
39af9cf71cf3805f7a2c0e9021f6b040c5e72783

SHA256
a35928b2eddfe675ab163df084919a2346aa1363a9b7048326b634114f6a1286

SHA512
b19712410fb9b1cde9fc79516ae34dcf93898255f1ff79b96e44401666f4f67e36d44cf25d207624bbd217addb46ecd174dd9b4e30c54453402137ba8ce577e6

Download Submit
memory/900-1949-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/900-81-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-104-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1168-1956-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1720-57-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-1910-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-300-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2028-83-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2028-1921-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2312-29-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-93-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2271-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-82-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-94-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-28-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-109-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-84-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-37-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2380-12-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2380-491-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-101-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2380-19-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2380-51-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-52-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2380-213-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-79-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-299-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-23-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2380-64-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-66-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-348-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-44-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x0000000000090000-0x00000000000A0000-memory.dmp

Filesize
64KB

Download
memory/2380-401-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2380-67-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2396-95-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1929-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2416-96-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1955-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-20-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1866-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2608-65-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1891-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1844-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2804-22-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2876-47-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-100-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1880-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1864-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2936-42-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1843-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2984-21-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2996-58-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1906-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download