cobaltstrike | bc0b02723257077ee9431ccc758afb4836c2e9a0c58a7a88d96588100ff5de39

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9bb116c27eace44406b01ed9c9ae08b5
SHA1

38ec0080fd4a3785b9da77bcf7ac3398554ebe1b
SHA256

bc0b02723257077ee9431ccc758afb4836c2e9a0c58a7a88d96588100ff5de39
SHA512

ed3cb44945fda62a1b795ffee4923544deba7f4d5f25fa383542a09505e4a844339162d55f93cd3838703f26ffbc96dd7b92529b75ba375d90d1b3e366cd3b11
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d96-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3e-24.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfc-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd1-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-14.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-157.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-155.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018792-151.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9a-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-90.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-88.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-87.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d46-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-108.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral1/memory/1704-0-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/files/0x0008000000016dd1-40.dat	xmrig
behavioral1/files/0x0007000000016d96-28.dat	xmrig
behavioral1/files/0x0007000000016d3e-24.dat	xmrig
behavioral1/files/0x0009000000016cfc-23.dat	xmrig
behavioral1/files/0x0007000000016cd1-19.dat	xmrig
behavioral1/files/0x0007000000016d36-14.dat	xmrig
behavioral1/memory/2544-8-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2876-51-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2920-50-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ff-83.dat	xmrig
behavioral1/memory/2656-1090-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2848-1087-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/1704-630-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001937b-162.dat	xmrig
behavioral1/files/0x0005000000019356-161.dat	xmrig
behavioral1/files/0x000500000001928c-160.dat	xmrig
behavioral1/files/0x0005000000019266-159.dat	xmrig
behavioral1/files/0x0005000000019259-158.dat	xmrig
behavioral1/files/0x0005000000019244-157.dat	xmrig
behavioral1/files/0x00060000000190e0-155.dat	xmrig
behavioral1/files/0x000600000001903b-154.dat	xmrig
behavioral1/files/0x0006000000018c26-152.dat	xmrig
behavioral1/files/0x0006000000018792-151.dat	xmrig
behavioral1/files/0x0007000000016d9a-150.dat	xmrig
behavioral1/files/0x00050000000193a5-148.dat	xmrig
behavioral1/files/0x0005000000019353-133.dat	xmrig
behavioral1/files/0x0005000000019284-132.dat	xmrig
behavioral1/memory/2848-123-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019263-117.dat	xmrig
behavioral1/files/0x00050000000191d4-90.dat	xmrig
behavioral1/files/0x00060000000190ce-88.dat	xmrig
behavioral1/files/0x0006000000018f53-87.dat	xmrig
behavioral1/files/0x0007000000016d46-86.dat	xmrig
behavioral1/memory/1704-65-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/1052-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c1a-62.dat	xmrig
behavioral1/memory/2312-55-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2316-39-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019423-163.dat	xmrig
behavioral1/files/0x0005000000019397-147.dat	xmrig
behavioral1/files/0x000500000001936b-145.dat	xmrig
behavioral1/memory/3068-129-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2656-127-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019256-109.dat	xmrig
behavioral1/files/0x000500000001922c-108.dat	xmrig
behavioral1/memory/2908-101-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2572-60-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2572-4032-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2544-4033-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2876-4035-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2908-4036-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2316-4040-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2656-4039-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/3068-4038-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2312-4037-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1052-4034-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2920-4041-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2848-4042-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2544	kMMjoEC.exe
2572	gewsMMh.exe
1052	SlHQEDr.exe
2316	RQrblbN.exe
2920	THjwWpe.exe
2876	GqAWklc.exe
2312	sTJVrxy.exe
2908	EGjjKpO.exe
2848	rHWhEuF.exe
2656	zOvRlwj.exe
3068	KFbTtzk.exe
1108	IeoPwrI.exe
1516	wROBOpA.exe
2840	adbdVIa.exe
1896	WJtfFyS.exe
2424	PuiiWeH.exe
1712	fIVmQfL.exe
752	RfareAg.exe
2936	UsxoDLx.exe
2756	jKbyVYw.exe
2168	PtYsHjt.exe
2884	CjxBDSH.exe
316	QxoMEsZ.exe
2176	GNUqUUm.exe
984	OxCYGXz.exe
1888	JHJdjpC.exe
1724	hHitbON.exe
2804	SZaDmQU.exe
2832	UjOlGBb.exe
2956	GIpBwJN.exe
1984	IbqiNha.exe
2452	cuVQVXC.exe
3020	qdVIJUm.exe
1536	qZBDXOz.exe
1664	giJhfZn.exe
928	ZbYofth.exe
1972	pteflnv.exe
1356	BUEmZKa.exe
484	awCKXWA.exe
896	rNvboxQ.exe
1372	JgHGYfX.exe
1008	UygfBDy.exe
2360	gpFqqVh.exe
2488	SQrGIle.exe
3040	fiSZHYA.exe
3048	FvQRGnG.exe
3036	OuLcUxX.exe
2568	bMYihSd.exe
1624	nefZRXx.exe
1640	NodPsXa.exe
2132	ogfbNpS.exe
2592	ziVGkIV.exe
1800	zOcgWcB.exe
1840	QYARzCt.exe
888	uQIpYIC.exe
1880	dTXkgMT.exe
1916	cRgnZwR.exe
1604	VVOBQzz.exe
2148	SoLiJwh.exe
2540	wuslZtt.exe
2380	WQhIKBF.exe
1996	uEFoNjl.exe
2880	nlbujWy.exe
2764	jfaGRts.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/files/0x0008000000016dd1-40.dat	upx
behavioral1/files/0x0007000000016d96-28.dat	upx
behavioral1/files/0x0007000000016d3e-24.dat	upx
behavioral1/files/0x0009000000016cfc-23.dat	upx
behavioral1/files/0x0007000000016cd1-19.dat	upx
behavioral1/files/0x0007000000016d36-14.dat	upx
behavioral1/memory/2544-8-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2876-51-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2920-50-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x00050000000191ff-83.dat	upx
behavioral1/memory/2656-1090-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2848-1087-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1704-630-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x000500000001937b-162.dat	upx
behavioral1/files/0x0005000000019356-161.dat	upx
behavioral1/files/0x000500000001928c-160.dat	upx
behavioral1/files/0x0005000000019266-159.dat	upx
behavioral1/files/0x0005000000019259-158.dat	upx
behavioral1/files/0x0005000000019244-157.dat	upx
behavioral1/files/0x00060000000190e0-155.dat	upx
behavioral1/files/0x000600000001903b-154.dat	upx
behavioral1/files/0x0006000000018c26-152.dat	upx
behavioral1/files/0x0006000000018792-151.dat	upx
behavioral1/files/0x0007000000016d9a-150.dat	upx
behavioral1/files/0x00050000000193a5-148.dat	upx
behavioral1/files/0x0005000000019353-133.dat	upx
behavioral1/files/0x0005000000019284-132.dat	upx
behavioral1/memory/2848-123-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0005000000019263-117.dat	upx
behavioral1/files/0x00050000000191d4-90.dat	upx
behavioral1/files/0x00060000000190ce-88.dat	upx
behavioral1/files/0x0006000000018f53-87.dat	upx
behavioral1/files/0x0007000000016d46-86.dat	upx
behavioral1/memory/1052-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0006000000018c1a-62.dat	upx
behavioral1/memory/2312-55-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2316-39-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0005000000019423-163.dat	upx
behavioral1/files/0x0005000000019397-147.dat	upx
behavioral1/files/0x000500000001936b-145.dat	upx
behavioral1/memory/3068-129-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2656-127-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0005000000019256-109.dat	upx
behavioral1/files/0x000500000001922c-108.dat	upx
behavioral1/memory/2908-101-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2572-60-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2572-4032-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2544-4033-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2876-4035-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2908-4036-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2316-4040-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2656-4039-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/3068-4038-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2312-4037-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1052-4034-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2920-4041-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2848-4042-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iTXQoBX.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyJbgFh.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROJkMsX.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkfdlTr.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAlDifh.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVEDygL.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffBasPU.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRZwEze.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzrjCdt.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmeOUEy.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLmnuoP.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUjCjqv.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uiiPnNL.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kODHbmt.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsAJITo.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqVEFuN.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxLTOIL.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfRAnGv.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIorrui.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJvuiWu.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNYlLCw.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpiBQov.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrLfDlr.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsaEUWZ.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLguXKs.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyGRdoX.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGvBnug.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcUTtwN.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TULIPbM.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LagnYUD.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJNNvWy.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zejHHqA.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUASWkp.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhRtpzF.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjmENKn.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFOdmWn.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObsaUyz.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONDzoCF.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ektoGNk.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWoloaH.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFWdSUd.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIVmQfL.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbqiNha.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsOqMXn.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGSsdzl.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHJHshK.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyrBhGr.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNroStu.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntKtRdt.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOcHvev.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBbyvpe.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozjuwdU.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSdbkpi.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njrBtji.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuLcUxX.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jghfvMY.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXPkyjE.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtwEGZI.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSOOrQK.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gewsMMh.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHZidDQ.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfcSMmH.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbkDhwM.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybXTLWo.exe	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2544	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 2544	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 2544	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 2572	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2572	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2572	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 1052	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 1052	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 1052	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 2920	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 2920	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 2920	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 2316	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2316	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2316	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2848	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2848	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2848	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2876	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2876	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2876	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2756	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2756	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2756	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2312	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2312	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2312	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2168	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 2168	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 2168	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 2908	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2908	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2908	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2884	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2884	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2884	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2656	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2656	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2656	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 316	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 316	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 316	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 3068	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 3068	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 3068	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 2176	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 2176	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 2176	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 1108	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 1108	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 1108	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 984	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 984	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 984	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1516	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 1516	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 1516	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 1888	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 1888	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 1888	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 2840	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 2840	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 2840	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 1724	1704	2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_9bb116c27eace44406b01ed9c9ae08b5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\System\kMMjoEC.exe
  C:\Windows\System\kMMjoEC.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\gewsMMh.exe
  C:\Windows\System\gewsMMh.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\SlHQEDr.exe
  C:\Windows\System\SlHQEDr.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\THjwWpe.exe
  C:\Windows\System\THjwWpe.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\RQrblbN.exe
  C:\Windows\System\RQrblbN.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\rHWhEuF.exe
  C:\Windows\System\rHWhEuF.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GqAWklc.exe
  C:\Windows\System\GqAWklc.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\jKbyVYw.exe
  C:\Windows\System\jKbyVYw.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\sTJVrxy.exe
  C:\Windows\System\sTJVrxy.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\PtYsHjt.exe
  C:\Windows\System\PtYsHjt.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\EGjjKpO.exe
  C:\Windows\System\EGjjKpO.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\CjxBDSH.exe
  C:\Windows\System\CjxBDSH.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\zOvRlwj.exe
  C:\Windows\System\zOvRlwj.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\QxoMEsZ.exe
  C:\Windows\System\QxoMEsZ.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\KFbTtzk.exe
  C:\Windows\System\KFbTtzk.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\GNUqUUm.exe
  C:\Windows\System\GNUqUUm.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\IeoPwrI.exe
  C:\Windows\System\IeoPwrI.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\OxCYGXz.exe
  C:\Windows\System\OxCYGXz.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\wROBOpA.exe
  C:\Windows\System\wROBOpA.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\JHJdjpC.exe
  C:\Windows\System\JHJdjpC.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\adbdVIa.exe
  C:\Windows\System\adbdVIa.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\hHitbON.exe
  C:\Windows\System\hHitbON.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\WJtfFyS.exe
  C:\Windows\System\WJtfFyS.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\SZaDmQU.exe
  C:\Windows\System\SZaDmQU.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\PuiiWeH.exe
  C:\Windows\System\PuiiWeH.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\UjOlGBb.exe
  C:\Windows\System\UjOlGBb.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\fIVmQfL.exe
  C:\Windows\System\fIVmQfL.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\GIpBwJN.exe
  C:\Windows\System\GIpBwJN.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\RfareAg.exe
  C:\Windows\System\RfareAg.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\IbqiNha.exe
  C:\Windows\System\IbqiNha.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\UsxoDLx.exe
  C:\Windows\System\UsxoDLx.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\qdVIJUm.exe
  C:\Windows\System\qdVIJUm.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\cuVQVXC.exe
  C:\Windows\System\cuVQVXC.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\qZBDXOz.exe
  C:\Windows\System\qZBDXOz.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\giJhfZn.exe
  C:\Windows\System\giJhfZn.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\BUEmZKa.exe
  C:\Windows\System\BUEmZKa.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\ZbYofth.exe
  C:\Windows\System\ZbYofth.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\awCKXWA.exe
  C:\Windows\System\awCKXWA.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\pteflnv.exe
  C:\Windows\System\pteflnv.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\JgHGYfX.exe
  C:\Windows\System\JgHGYfX.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\rNvboxQ.exe
  C:\Windows\System\rNvboxQ.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\UygfBDy.exe
  C:\Windows\System\UygfBDy.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\gpFqqVh.exe
  C:\Windows\System\gpFqqVh.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\SQrGIle.exe
  C:\Windows\System\SQrGIle.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\fiSZHYA.exe
  C:\Windows\System\fiSZHYA.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\FvQRGnG.exe
  C:\Windows\System\FvQRGnG.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\OuLcUxX.exe
  C:\Windows\System\OuLcUxX.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\bMYihSd.exe
  C:\Windows\System\bMYihSd.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\nefZRXx.exe
  C:\Windows\System\nefZRXx.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\NodPsXa.exe
  C:\Windows\System\NodPsXa.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ogfbNpS.exe
  C:\Windows\System\ogfbNpS.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\ziVGkIV.exe
  C:\Windows\System\ziVGkIV.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\zOcgWcB.exe
  C:\Windows\System\zOcgWcB.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\QYARzCt.exe
  C:\Windows\System\QYARzCt.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\uQIpYIC.exe
  C:\Windows\System\uQIpYIC.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\dTXkgMT.exe
  C:\Windows\System\dTXkgMT.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\cRgnZwR.exe
  C:\Windows\System\cRgnZwR.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\VVOBQzz.exe
  C:\Windows\System\VVOBQzz.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\SoLiJwh.exe
  C:\Windows\System\SoLiJwh.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\wuslZtt.exe
  C:\Windows\System\wuslZtt.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\WQhIKBF.exe
  C:\Windows\System\WQhIKBF.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\uEFoNjl.exe
  C:\Windows\System\uEFoNjl.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\nlbujWy.exe
  C:\Windows\System\nlbujWy.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\jfaGRts.exe
  C:\Windows\System\jfaGRts.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\gzLuZVV.exe
  C:\Windows\System\gzLuZVV.exe
  2⤵
  PID:2916
- C:\Windows\System\LOaMQgY.exe
  C:\Windows\System\LOaMQgY.exe
  2⤵
  PID:2676
- C:\Windows\System\tqQPgmp.exe
  C:\Windows\System\tqQPgmp.exe
  2⤵
  PID:1908
- C:\Windows\System\PLNafya.exe
  C:\Windows\System\PLNafya.exe
  2⤵
  PID:852
- C:\Windows\System\aHLGPku.exe
  C:\Windows\System\aHLGPku.exe
  2⤵
  PID:2788
- C:\Windows\System\VujhpkC.exe
  C:\Windows\System\VujhpkC.exe
  2⤵
  PID:1348
- C:\Windows\System\TVLMtQc.exe
  C:\Windows\System\TVLMtQc.exe
  2⤵
  PID:2860
- C:\Windows\System\kKIPQba.exe
  C:\Windows\System\kKIPQba.exe
  2⤵
  PID:1872
- C:\Windows\System\jHKfAin.exe
  C:\Windows\System\jHKfAin.exe
  2⤵
  PID:3008
- C:\Windows\System\VWoeFYe.exe
  C:\Windows\System\VWoeFYe.exe
  2⤵
  PID:2816
- C:\Windows\System\CtCiyvQ.exe
  C:\Windows\System\CtCiyvQ.exe
  2⤵
  PID:2092
- C:\Windows\System\pRuYrWQ.exe
  C:\Windows\System\pRuYrWQ.exe
  2⤵
  PID:1388
- C:\Windows\System\imTwKDT.exe
  C:\Windows\System\imTwKDT.exe
  2⤵
  PID:2824
- C:\Windows\System\EAncUGs.exe
  C:\Windows\System\EAncUGs.exe
  2⤵
  PID:2704
- C:\Windows\System\kjekQkQ.exe
  C:\Windows\System\kjekQkQ.exe
  2⤵
  PID:960
- C:\Windows\System\sUpxegW.exe
  C:\Windows\System\sUpxegW.exe
  2⤵
  PID:3052
- C:\Windows\System\RtJkoMP.exe
  C:\Windows\System\RtJkoMP.exe
  2⤵
  PID:1500
- C:\Windows\System\dRhXBoh.exe
  C:\Windows\System\dRhXBoh.exe
  2⤵
  PID:1612
- C:\Windows\System\tAeVvjf.exe
  C:\Windows\System\tAeVvjf.exe
  2⤵
  PID:1768
- C:\Windows\System\BtITuoJ.exe
  C:\Windows\System\BtITuoJ.exe
  2⤵
  PID:308
- C:\Windows\System\PTOLRFM.exe
  C:\Windows\System\PTOLRFM.exe
  2⤵
  PID:1824
- C:\Windows\System\ROJkMsX.exe
  C:\Windows\System\ROJkMsX.exe
  2⤵
  PID:1484
- C:\Windows\System\aBSljSL.exe
  C:\Windows\System\aBSljSL.exe
  2⤵
  PID:1320
- C:\Windows\System\jQnnkog.exe
  C:\Windows\System\jQnnkog.exe
  2⤵
  PID:2244
- C:\Windows\System\QKuczki.exe
  C:\Windows\System\QKuczki.exe
  2⤵
  PID:2212
- C:\Windows\System\TprjHDf.exe
  C:\Windows\System\TprjHDf.exe
  2⤵
  PID:376
- C:\Windows\System\WIlZYeN.exe
  C:\Windows\System\WIlZYeN.exe
  2⤵
  PID:2496
- C:\Windows\System\zPoYyhc.exe
  C:\Windows\System\zPoYyhc.exe
  2⤵
  PID:1480
- C:\Windows\System\sjeRirb.exe
  C:\Windows\System\sjeRirb.exe
  2⤵
  PID:352
- C:\Windows\System\iewOmLe.exe
  C:\Windows\System\iewOmLe.exe
  2⤵
  PID:1040
- C:\Windows\System\bFCDKcq.exe
  C:\Windows\System\bFCDKcq.exe
  2⤵
  PID:1592
- C:\Windows\System\PHZidDQ.exe
  C:\Windows\System\PHZidDQ.exe
  2⤵
  PID:2104
- C:\Windows\System\EWeGgWg.exe
  C:\Windows\System\EWeGgWg.exe
  2⤵
  PID:2112
- C:\Windows\System\jjybnVG.exe
  C:\Windows\System\jjybnVG.exe
  2⤵
  PID:2760
- C:\Windows\System\BhdcaXo.exe
  C:\Windows\System\BhdcaXo.exe
  2⤵
  PID:2660
- C:\Windows\System\SJQUoJN.exe
  C:\Windows\System\SJQUoJN.exe
  2⤵
  PID:2124
- C:\Windows\System\umkOqvr.exe
  C:\Windows\System\umkOqvr.exe
  2⤵
  PID:1720
- C:\Windows\System\lwlayNY.exe
  C:\Windows\System\lwlayNY.exe
  2⤵
  PID:1184
- C:\Windows\System\JDUeDKE.exe
  C:\Windows\System\JDUeDKE.exe
  2⤵
  PID:2116
- C:\Windows\System\IxXAHRA.exe
  C:\Windows\System\IxXAHRA.exe
  2⤵
  PID:2624
- C:\Windows\System\kQbvgiC.exe
  C:\Windows\System\kQbvgiC.exe
  2⤵
  PID:2000
- C:\Windows\System\nDUDHxY.exe
  C:\Windows\System\nDUDHxY.exe
  2⤵
  PID:1432
- C:\Windows\System\qcMbXHM.exe
  C:\Windows\System\qcMbXHM.exe
  2⤵
  PID:3076
- C:\Windows\System\rpYfpos.exe
  C:\Windows\System\rpYfpos.exe
  2⤵
  PID:3092
- C:\Windows\System\MEQMXRU.exe
  C:\Windows\System\MEQMXRU.exe
  2⤵
  PID:3108
- C:\Windows\System\kEjiWoV.exe
  C:\Windows\System\kEjiWoV.exe
  2⤵
  PID:3124
- C:\Windows\System\IwIrBNV.exe
  C:\Windows\System\IwIrBNV.exe
  2⤵
  PID:3140
- C:\Windows\System\VcajcCC.exe
  C:\Windows\System\VcajcCC.exe
  2⤵
  PID:3156
- C:\Windows\System\SVVKoBT.exe
  C:\Windows\System\SVVKoBT.exe
  2⤵
  PID:3172
- C:\Windows\System\WrufuSo.exe
  C:\Windows\System\WrufuSo.exe
  2⤵
  PID:3188
- C:\Windows\System\HRZEIyQ.exe
  C:\Windows\System\HRZEIyQ.exe
  2⤵
  PID:3204
- C:\Windows\System\QVdYhdq.exe
  C:\Windows\System\QVdYhdq.exe
  2⤵
  PID:3220
- C:\Windows\System\XcAgGmO.exe
  C:\Windows\System\XcAgGmO.exe
  2⤵
  PID:3236
- C:\Windows\System\lgFEyOh.exe
  C:\Windows\System\lgFEyOh.exe
  2⤵
  PID:3252
- C:\Windows\System\oGCMGks.exe
  C:\Windows\System\oGCMGks.exe
  2⤵
  PID:3268
- C:\Windows\System\MkfdlTr.exe
  C:\Windows\System\MkfdlTr.exe
  2⤵
  PID:3284
- C:\Windows\System\MsjabKQ.exe
  C:\Windows\System\MsjabKQ.exe
  2⤵
  PID:3300
- C:\Windows\System\wvnOWSt.exe
  C:\Windows\System\wvnOWSt.exe
  2⤵
  PID:3316
- C:\Windows\System\WAnDqoB.exe
  C:\Windows\System\WAnDqoB.exe
  2⤵
  PID:3332
- C:\Windows\System\QorybNQ.exe
  C:\Windows\System\QorybNQ.exe
  2⤵
  PID:3348
- C:\Windows\System\cmASNTA.exe
  C:\Windows\System\cmASNTA.exe
  2⤵
  PID:3364
- C:\Windows\System\LqPJKix.exe
  C:\Windows\System\LqPJKix.exe
  2⤵
  PID:3380
- C:\Windows\System\YPKlQJQ.exe
  C:\Windows\System\YPKlQJQ.exe
  2⤵
  PID:3396
- C:\Windows\System\oVjqNJA.exe
  C:\Windows\System\oVjqNJA.exe
  2⤵
  PID:3412
- C:\Windows\System\WAlTqVq.exe
  C:\Windows\System\WAlTqVq.exe
  2⤵
  PID:3428
- C:\Windows\System\SaRAHVy.exe
  C:\Windows\System\SaRAHVy.exe
  2⤵
  PID:3444
- C:\Windows\System\wHanFIC.exe
  C:\Windows\System\wHanFIC.exe
  2⤵
  PID:3460
- C:\Windows\System\ixXvxTz.exe
  C:\Windows\System\ixXvxTz.exe
  2⤵
  PID:3476
- C:\Windows\System\cGXmyPW.exe
  C:\Windows\System\cGXmyPW.exe
  2⤵
  PID:3492
- C:\Windows\System\OjEFSWt.exe
  C:\Windows\System\OjEFSWt.exe
  2⤵
  PID:3508
- C:\Windows\System\OqdFeOl.exe
  C:\Windows\System\OqdFeOl.exe
  2⤵
  PID:3524
- C:\Windows\System\pRzFdsq.exe
  C:\Windows\System\pRzFdsq.exe
  2⤵
  PID:3540
- C:\Windows\System\DMydYyV.exe
  C:\Windows\System\DMydYyV.exe
  2⤵
  PID:3556
- C:\Windows\System\gPBApid.exe
  C:\Windows\System\gPBApid.exe
  2⤵
  PID:3572
- C:\Windows\System\BYtaQSK.exe
  C:\Windows\System\BYtaQSK.exe
  2⤵
  PID:3588
- C:\Windows\System\ZJhiMBb.exe
  C:\Windows\System\ZJhiMBb.exe
  2⤵
  PID:3604
- C:\Windows\System\SpBDCTu.exe
  C:\Windows\System\SpBDCTu.exe
  2⤵
  PID:3620
- C:\Windows\System\NExDwTT.exe
  C:\Windows\System\NExDwTT.exe
  2⤵
  PID:3636
- C:\Windows\System\rCpnXeE.exe
  C:\Windows\System\rCpnXeE.exe
  2⤵
  PID:3652
- C:\Windows\System\WHXdWNh.exe
  C:\Windows\System\WHXdWNh.exe
  2⤵
  PID:3668
- C:\Windows\System\hpAMlIY.exe
  C:\Windows\System\hpAMlIY.exe
  2⤵
  PID:3684
- C:\Windows\System\Ehceimy.exe
  C:\Windows\System\Ehceimy.exe
  2⤵
  PID:3700
- C:\Windows\System\bHCudaV.exe
  C:\Windows\System\bHCudaV.exe
  2⤵
  PID:3716
- C:\Windows\System\bsZlizA.exe
  C:\Windows\System\bsZlizA.exe
  2⤵
  PID:3732
- C:\Windows\System\vgqxWDW.exe
  C:\Windows\System\vgqxWDW.exe
  2⤵
  PID:3748
- C:\Windows\System\rKofBBy.exe
  C:\Windows\System\rKofBBy.exe
  2⤵
  PID:3764
- C:\Windows\System\MOrGthx.exe
  C:\Windows\System\MOrGthx.exe
  2⤵
  PID:3780
- C:\Windows\System\wDiJMNc.exe
  C:\Windows\System\wDiJMNc.exe
  2⤵
  PID:3796
- C:\Windows\System\bUpxNKd.exe
  C:\Windows\System\bUpxNKd.exe
  2⤵
  PID:3812
- C:\Windows\System\DDaKmfr.exe
  C:\Windows\System\DDaKmfr.exe
  2⤵
  PID:3828
- C:\Windows\System\iYSkabn.exe
  C:\Windows\System\iYSkabn.exe
  2⤵
  PID:3844
- C:\Windows\System\SHPKElo.exe
  C:\Windows\System\SHPKElo.exe
  2⤵
  PID:3860
- C:\Windows\System\cOojkUt.exe
  C:\Windows\System\cOojkUt.exe
  2⤵
  PID:3876
- C:\Windows\System\rbdALWv.exe
  C:\Windows\System\rbdALWv.exe
  2⤵
  PID:3892
- C:\Windows\System\dYKxSdH.exe
  C:\Windows\System\dYKxSdH.exe
  2⤵
  PID:3908
- C:\Windows\System\MFnQiEN.exe
  C:\Windows\System\MFnQiEN.exe
  2⤵
  PID:3924
- C:\Windows\System\bAVGTLL.exe
  C:\Windows\System\bAVGTLL.exe
  2⤵
  PID:3940
- C:\Windows\System\ohTMwtw.exe
  C:\Windows\System\ohTMwtw.exe
  2⤵
  PID:3956
- C:\Windows\System\GPmImvJ.exe
  C:\Windows\System\GPmImvJ.exe
  2⤵
  PID:3972
- C:\Windows\System\msTMInh.exe
  C:\Windows\System\msTMInh.exe
  2⤵
  PID:3988
- C:\Windows\System\PsJszeR.exe
  C:\Windows\System\PsJszeR.exe
  2⤵
  PID:4004
- C:\Windows\System\bxzlxFJ.exe
  C:\Windows\System\bxzlxFJ.exe
  2⤵
  PID:4020
- C:\Windows\System\HbllwUZ.exe
  C:\Windows\System\HbllwUZ.exe
  2⤵
  PID:4036
- C:\Windows\System\vmkOrJk.exe
  C:\Windows\System\vmkOrJk.exe
  2⤵
  PID:4052
- C:\Windows\System\PQHdFzB.exe
  C:\Windows\System\PQHdFzB.exe
  2⤵
  PID:4068
- C:\Windows\System\ijqkUMt.exe
  C:\Windows\System\ijqkUMt.exe
  2⤵
  PID:4084
- C:\Windows\System\ZStZOcI.exe
  C:\Windows\System\ZStZOcI.exe
  2⤵
  PID:2084
- C:\Windows\System\HzTbCvf.exe
  C:\Windows\System\HzTbCvf.exe
  2⤵
  PID:1544
- C:\Windows\System\KqgQehH.exe
  C:\Windows\System\KqgQehH.exe
  2⤵
  PID:2336
- C:\Windows\System\xLVWaWV.exe
  C:\Windows\System\xLVWaWV.exe
  2⤵
  PID:1316
- C:\Windows\System\tUASWkp.exe
  C:\Windows\System\tUASWkp.exe
  2⤵
  PID:3028
- C:\Windows\System\rfkuNhH.exe
  C:\Windows\System\rfkuNhH.exe
  2⤵
  PID:652
- C:\Windows\System\WuGNbTm.exe
  C:\Windows\System\WuGNbTm.exe
  2⤵
  PID:880
- C:\Windows\System\DwAGebx.exe
  C:\Windows\System\DwAGebx.exe
  2⤵
  PID:2160
- C:\Windows\System\LaRxlAN.exe
  C:\Windows\System\LaRxlAN.exe
  2⤵
  PID:2852
- C:\Windows\System\zNYlLCw.exe
  C:\Windows\System\zNYlLCw.exe
  2⤵
  PID:1468
- C:\Windows\System\XBQpglN.exe
  C:\Windows\System\XBQpglN.exe
  2⤵
  PID:2996
- C:\Windows\System\nhFdJlv.exe
  C:\Windows\System\nhFdJlv.exe
  2⤵
  PID:2028
- C:\Windows\System\BSWOkTf.exe
  C:\Windows\System\BSWOkTf.exe
  2⤵
  PID:1700
- C:\Windows\System\PppKZve.exe
  C:\Windows\System\PppKZve.exe
  2⤵
  PID:1300
- C:\Windows\System\dpmYpYw.exe
  C:\Windows\System\dpmYpYw.exe
  2⤵
  PID:3104
- C:\Windows\System\osabHLq.exe
  C:\Windows\System\osabHLq.exe
  2⤵
  PID:3136
- C:\Windows\System\qkdhVmg.exe
  C:\Windows\System\qkdhVmg.exe
  2⤵
  PID:3164
- C:\Windows\System\ijtJddQ.exe
  C:\Windows\System\ijtJddQ.exe
  2⤵
  PID:3216
- C:\Windows\System\BwMYeKW.exe
  C:\Windows\System\BwMYeKW.exe
  2⤵
  PID:3228
- C:\Windows\System\SmPAPkq.exe
  C:\Windows\System\SmPAPkq.exe
  2⤵
  PID:3280
- C:\Windows\System\mrgiOAQ.exe
  C:\Windows\System\mrgiOAQ.exe
  2⤵
  PID:3296
- C:\Windows\System\KPxqAyS.exe
  C:\Windows\System\KPxqAyS.exe
  2⤵
  PID:3328
- C:\Windows\System\uiiPnNL.exe
  C:\Windows\System\uiiPnNL.exe
  2⤵
  PID:3376
- C:\Windows\System\JmxdrJE.exe
  C:\Windows\System\JmxdrJE.exe
  2⤵
  PID:3408
- C:\Windows\System\HDprhSi.exe
  C:\Windows\System\HDprhSi.exe
  2⤵
  PID:3424
- C:\Windows\System\HxAaKzB.exe
  C:\Windows\System\HxAaKzB.exe
  2⤵
  PID:3452
- C:\Windows\System\NAVrkkV.exe
  C:\Windows\System\NAVrkkV.exe
  2⤵
  PID:3532
- C:\Windows\System\kGYbULZ.exe
  C:\Windows\System\kGYbULZ.exe
  2⤵
  PID:3536
- C:\Windows\System\vpiBQov.exe
  C:\Windows\System\vpiBQov.exe
  2⤵
  PID:3552
- C:\Windows\System\CDugpHu.exe
  C:\Windows\System\CDugpHu.exe
  2⤵
  PID:3600
- C:\Windows\System\JHiZdbF.exe
  C:\Windows\System\JHiZdbF.exe
  2⤵
  PID:3628
- C:\Windows\System\LUPjmmA.exe
  C:\Windows\System\LUPjmmA.exe
  2⤵
  PID:3648
- C:\Windows\System\LvyiRAa.exe
  C:\Windows\System\LvyiRAa.exe
  2⤵
  PID:3696
- C:\Windows\System\wfgLtvG.exe
  C:\Windows\System\wfgLtvG.exe
  2⤵
  PID:3708
- C:\Windows\System\BxnGDpp.exe
  C:\Windows\System\BxnGDpp.exe
  2⤵
  PID:3760
- C:\Windows\System\pWXsQAg.exe
  C:\Windows\System\pWXsQAg.exe
  2⤵
  PID:3788
- C:\Windows\System\VzKteSC.exe
  C:\Windows\System\VzKteSC.exe
  2⤵
  PID:3824
- C:\Windows\System\kyqNMUc.exe
  C:\Windows\System\kyqNMUc.exe
  2⤵
  PID:3856
- C:\Windows\System\GXnueje.exe
  C:\Windows\System\GXnueje.exe
  2⤵
  PID:3872
- C:\Windows\System\jNIOpBP.exe
  C:\Windows\System\jNIOpBP.exe
  2⤵
  PID:3904
- C:\Windows\System\wNMzloZ.exe
  C:\Windows\System\wNMzloZ.exe
  2⤵
  PID:3952
- C:\Windows\System\ntKtRdt.exe
  C:\Windows\System\ntKtRdt.exe
  2⤵
  PID:3984
- C:\Windows\System\jKfoqvL.exe
  C:\Windows\System\jKfoqvL.exe
  2⤵
  PID:4000
- C:\Windows\System\vgRHbeC.exe
  C:\Windows\System\vgRHbeC.exe
  2⤵
  PID:4032
- C:\Windows\System\YteBYEZ.exe
  C:\Windows\System\YteBYEZ.exe
  2⤵
  PID:4064
- C:\Windows\System\phOWyQS.exe
  C:\Windows\System\phOWyQS.exe
  2⤵
  PID:1636
- C:\Windows\System\wjLhCHi.exe
  C:\Windows\System\wjLhCHi.exe
  2⤵
  PID:2468
- C:\Windows\System\HwRlAJR.exe
  C:\Windows\System\HwRlAJR.exe
  2⤵
  PID:768
- C:\Windows\System\RsUhSCX.exe
  C:\Windows\System\RsUhSCX.exe
  2⤵
  PID:2440
- C:\Windows\System\zJVDGYl.exe
  C:\Windows\System\zJVDGYl.exe
  2⤵
  PID:2748
- C:\Windows\System\kSWqcuv.exe
  C:\Windows\System\kSWqcuv.exe
  2⤵
  PID:2664
- C:\Windows\System\ZhRtpzF.exe
  C:\Windows\System\ZhRtpzF.exe
  2⤵
  PID:3084
- C:\Windows\System\cMWhhSN.exe
  C:\Windows\System\cMWhhSN.exe
  2⤵
  PID:3100
- C:\Windows\System\dbNWWzd.exe
  C:\Windows\System\dbNWWzd.exe
  2⤵
  PID:3260
- C:\Windows\System\AznVyFT.exe
  C:\Windows\System\AznVyFT.exe
  2⤵
  PID:3248
- C:\Windows\System\qWONAnK.exe
  C:\Windows\System\qWONAnK.exe
  2⤵
  PID:3308
- C:\Windows\System\oyEgVJk.exe
  C:\Windows\System\oyEgVJk.exe
  2⤵
  PID:3404
- C:\Windows\System\UkxWIWh.exe
  C:\Windows\System\UkxWIWh.exe
  2⤵
  PID:3472
- C:\Windows\System\ZmwnKQJ.exe
  C:\Windows\System\ZmwnKQJ.exe
  2⤵
  PID:3500
- C:\Windows\System\udVOpEM.exe
  C:\Windows\System\udVOpEM.exe
  2⤵
  PID:3596
- C:\Windows\System\TISSSWE.exe
  C:\Windows\System\TISSSWE.exe
  2⤵
  PID:3728
- C:\Windows\System\KOCBGCA.exe
  C:\Windows\System\KOCBGCA.exe
  2⤵
  PID:3676
- C:\Windows\System\NauvBLJ.exe
  C:\Windows\System\NauvBLJ.exe
  2⤵
  PID:3776
- C:\Windows\System\lIRyzJi.exe
  C:\Windows\System\lIRyzJi.exe
  2⤵
  PID:3900
- C:\Windows\System\YRyvMmW.exe
  C:\Windows\System\YRyvMmW.exe
  2⤵
  PID:3916
- C:\Windows\System\YExhfVP.exe
  C:\Windows\System\YExhfVP.exe
  2⤵
  PID:3948
- C:\Windows\System\YPVvWRV.exe
  C:\Windows\System\YPVvWRV.exe
  2⤵
  PID:4012
- C:\Windows\System\kcWobqf.exe
  C:\Windows\System\kcWobqf.exe
  2⤵
  PID:4060
- C:\Windows\System\kODHbmt.exe
  C:\Windows\System\kODHbmt.exe
  2⤵
  PID:3032
- C:\Windows\System\mpIIxgb.exe
  C:\Windows\System\mpIIxgb.exe
  2⤵
  PID:2672
- C:\Windows\System\xFPnmQO.exe
  C:\Windows\System\xFPnmQO.exe
  2⤵
  PID:3116
- C:\Windows\System\pyDnktJ.exe
  C:\Windows\System\pyDnktJ.exe
  2⤵
  PID:3148
- C:\Windows\System\aWxytQF.exe
  C:\Windows\System\aWxytQF.exe
  2⤵
  PID:3184
- C:\Windows\System\ZjmENKn.exe
  C:\Windows\System\ZjmENKn.exe
  2⤵
  PID:3436
- C:\Windows\System\ASeaJqL.exe
  C:\Windows\System\ASeaJqL.exe
  2⤵
  PID:4100
- C:\Windows\System\EAAldgC.exe
  C:\Windows\System\EAAldgC.exe
  2⤵
  PID:4116
- C:\Windows\System\MYxLzaX.exe
  C:\Windows\System\MYxLzaX.exe
  2⤵
  PID:4132
- C:\Windows\System\GtPomhY.exe
  C:\Windows\System\GtPomhY.exe
  2⤵
  PID:4148
- C:\Windows\System\CHglaRB.exe
  C:\Windows\System\CHglaRB.exe
  2⤵
  PID:4164
- C:\Windows\System\UyOAFdW.exe
  C:\Windows\System\UyOAFdW.exe
  2⤵
  PID:4180
- C:\Windows\System\lzwEiei.exe
  C:\Windows\System\lzwEiei.exe
  2⤵
  PID:4196
- C:\Windows\System\ekCzrUW.exe
  C:\Windows\System\ekCzrUW.exe
  2⤵
  PID:4212
- C:\Windows\System\LNxkhrv.exe
  C:\Windows\System\LNxkhrv.exe
  2⤵
  PID:4228
- C:\Windows\System\DHniQZJ.exe
  C:\Windows\System\DHniQZJ.exe
  2⤵
  PID:4244
- C:\Windows\System\iUJWfHV.exe
  C:\Windows\System\iUJWfHV.exe
  2⤵
  PID:4264
- C:\Windows\System\XRzDJdQ.exe
  C:\Windows\System\XRzDJdQ.exe
  2⤵
  PID:4280
- C:\Windows\System\cbaFEQu.exe
  C:\Windows\System\cbaFEQu.exe
  2⤵
  PID:4296
- C:\Windows\System\hqWHuSN.exe
  C:\Windows\System\hqWHuSN.exe
  2⤵
  PID:4316
- C:\Windows\System\vbmsPLx.exe
  C:\Windows\System\vbmsPLx.exe
  2⤵
  PID:4332
- C:\Windows\System\ZmrUgLZ.exe
  C:\Windows\System\ZmrUgLZ.exe
  2⤵
  PID:4348
- C:\Windows\System\LCkNFeX.exe
  C:\Windows\System\LCkNFeX.exe
  2⤵
  PID:4364
- C:\Windows\System\siXstUG.exe
  C:\Windows\System\siXstUG.exe
  2⤵
  PID:4380
- C:\Windows\System\ndufJqz.exe
  C:\Windows\System\ndufJqz.exe
  2⤵
  PID:4396
- C:\Windows\System\bCnzvDR.exe
  C:\Windows\System\bCnzvDR.exe
  2⤵
  PID:4412
- C:\Windows\System\eAlDifh.exe
  C:\Windows\System\eAlDifh.exe
  2⤵
  PID:4428
- C:\Windows\System\ismrWUW.exe
  C:\Windows\System\ismrWUW.exe
  2⤵
  PID:4444
- C:\Windows\System\ipAyHHm.exe
  C:\Windows\System\ipAyHHm.exe
  2⤵
  PID:4460
- C:\Windows\System\wSyDyWr.exe
  C:\Windows\System\wSyDyWr.exe
  2⤵
  PID:4476
- C:\Windows\System\FwOLjdL.exe
  C:\Windows\System\FwOLjdL.exe
  2⤵
  PID:4492
- C:\Windows\System\PinntdW.exe
  C:\Windows\System\PinntdW.exe
  2⤵
  PID:4508
- C:\Windows\System\teTVdbK.exe
  C:\Windows\System\teTVdbK.exe
  2⤵
  PID:4524
- C:\Windows\System\bpGuAtt.exe
  C:\Windows\System\bpGuAtt.exe
  2⤵
  PID:4540
- C:\Windows\System\aXtHrGs.exe
  C:\Windows\System\aXtHrGs.exe
  2⤵
  PID:4556
- C:\Windows\System\vgOTbPe.exe
  C:\Windows\System\vgOTbPe.exe
  2⤵
  PID:4572
- C:\Windows\System\KzvVQKx.exe
  C:\Windows\System\KzvVQKx.exe
  2⤵
  PID:4588
- C:\Windows\System\lEFPNXS.exe
  C:\Windows\System\lEFPNXS.exe
  2⤵
  PID:4604
- C:\Windows\System\cCBczFL.exe
  C:\Windows\System\cCBczFL.exe
  2⤵
  PID:4620
- C:\Windows\System\lwefUHb.exe
  C:\Windows\System\lwefUHb.exe
  2⤵
  PID:4636
- C:\Windows\System\OqNHmft.exe
  C:\Windows\System\OqNHmft.exe
  2⤵
  PID:4652
- C:\Windows\System\iQnVjhs.exe
  C:\Windows\System\iQnVjhs.exe
  2⤵
  PID:4668
- C:\Windows\System\fIlbssr.exe
  C:\Windows\System\fIlbssr.exe
  2⤵
  PID:4684
- C:\Windows\System\wJqNHoT.exe
  C:\Windows\System\wJqNHoT.exe
  2⤵
  PID:4700
- C:\Windows\System\lPPZYCT.exe
  C:\Windows\System\lPPZYCT.exe
  2⤵
  PID:4716
- C:\Windows\System\HhJickb.exe
  C:\Windows\System\HhJickb.exe
  2⤵
  PID:4732
- C:\Windows\System\gFOdmWn.exe
  C:\Windows\System\gFOdmWn.exe
  2⤵
  PID:4748
- C:\Windows\System\BeJMKFE.exe
  C:\Windows\System\BeJMKFE.exe
  2⤵
  PID:4764
- C:\Windows\System\dyYQwyw.exe
  C:\Windows\System\dyYQwyw.exe
  2⤵
  PID:4780
- C:\Windows\System\DsAJITo.exe
  C:\Windows\System\DsAJITo.exe
  2⤵
  PID:4796
- C:\Windows\System\oQtbpug.exe
  C:\Windows\System\oQtbpug.exe
  2⤵
  PID:4812
- C:\Windows\System\nMiruDC.exe
  C:\Windows\System\nMiruDC.exe
  2⤵
  PID:4828
- C:\Windows\System\FrLFLYb.exe
  C:\Windows\System\FrLFLYb.exe
  2⤵
  PID:4844
- C:\Windows\System\PGvngfr.exe
  C:\Windows\System\PGvngfr.exe
  2⤵
  PID:4860
- C:\Windows\System\uUXHnLV.exe
  C:\Windows\System\uUXHnLV.exe
  2⤵
  PID:4876
- C:\Windows\System\jORWxiz.exe
  C:\Windows\System\jORWxiz.exe
  2⤵
  PID:4892
- C:\Windows\System\qDpZPMw.exe
  C:\Windows\System\qDpZPMw.exe
  2⤵
  PID:4908
- C:\Windows\System\VqlNrdy.exe
  C:\Windows\System\VqlNrdy.exe
  2⤵
  PID:4924
- C:\Windows\System\VZxnKLO.exe
  C:\Windows\System\VZxnKLO.exe
  2⤵
  PID:4940
- C:\Windows\System\kAosAoF.exe
  C:\Windows\System\kAosAoF.exe
  2⤵
  PID:4956
- C:\Windows\System\enduLaP.exe
  C:\Windows\System\enduLaP.exe
  2⤵
  PID:4972
- C:\Windows\System\IODCUYV.exe
  C:\Windows\System\IODCUYV.exe
  2⤵
  PID:4988
- C:\Windows\System\mgDchoi.exe
  C:\Windows\System\mgDchoi.exe
  2⤵
  PID:5004
- C:\Windows\System\BjeVnPR.exe
  C:\Windows\System\BjeVnPR.exe
  2⤵
  PID:5020
- C:\Windows\System\xWGvxAz.exe
  C:\Windows\System\xWGvxAz.exe
  2⤵
  PID:5036
- C:\Windows\System\cQkgemi.exe
  C:\Windows\System\cQkgemi.exe
  2⤵
  PID:5052
- C:\Windows\System\pJOjhpo.exe
  C:\Windows\System\pJOjhpo.exe
  2⤵
  PID:5068
- C:\Windows\System\ajXApts.exe
  C:\Windows\System\ajXApts.exe
  2⤵
  PID:5084
- C:\Windows\System\qtCdqaZ.exe
  C:\Windows\System\qtCdqaZ.exe
  2⤵
  PID:5100
- C:\Windows\System\QaXmjlf.exe
  C:\Windows\System\QaXmjlf.exe
  2⤵
  PID:5116
- C:\Windows\System\gKhgsYZ.exe
  C:\Windows\System\gKhgsYZ.exe
  2⤵
  PID:3660
- C:\Windows\System\bInUlPS.exe
  C:\Windows\System\bInUlPS.exe
  2⤵
  PID:3852
- C:\Windows\System\FnTWywU.exe
  C:\Windows\System\FnTWywU.exe
  2⤵
  PID:3932
- C:\Windows\System\NRjrBYd.exe
  C:\Windows\System\NRjrBYd.exe
  2⤵
  PID:4028
- C:\Windows\System\QPtZcxQ.exe
  C:\Windows\System\QPtZcxQ.exe
  2⤵
  PID:2928
- C:\Windows\System\xiTzxBl.exe
  C:\Windows\System\xiTzxBl.exe
  2⤵
  PID:1260
- C:\Windows\System\lerjtHD.exe
  C:\Windows\System\lerjtHD.exe
  2⤵
  PID:3324
- C:\Windows\System\VGezRDA.exe
  C:\Windows\System\VGezRDA.exe
  2⤵
  PID:3388
- C:\Windows\System\NOcHvev.exe
  C:\Windows\System\NOcHvev.exe
  2⤵
  PID:4172
- C:\Windows\System\LSuvmGZ.exe
  C:\Windows\System\LSuvmGZ.exe
  2⤵
  PID:4160
- C:\Windows\System\dXtYopj.exe
  C:\Windows\System\dXtYopj.exe
  2⤵
  PID:4240
- C:\Windows\System\UOHJEGx.exe
  C:\Windows\System\UOHJEGx.exe
  2⤵
  PID:4192
- C:\Windows\System\skdXhjJ.exe
  C:\Windows\System\skdXhjJ.exe
  2⤵
  PID:4304
- C:\Windows\System\oJxhDYJ.exe
  C:\Windows\System\oJxhDYJ.exe
  2⤵
  PID:4308
- C:\Windows\System\XDkFDRn.exe
  C:\Windows\System\XDkFDRn.exe
  2⤵
  PID:4328
- C:\Windows\System\edmlyrJ.exe
  C:\Windows\System\edmlyrJ.exe
  2⤵
  PID:4404
- C:\Windows\System\wXAvnOw.exe
  C:\Windows\System\wXAvnOw.exe
  2⤵
  PID:4388
- C:\Windows\System\jghfvMY.exe
  C:\Windows\System\jghfvMY.exe
  2⤵
  PID:4424
- C:\Windows\System\IuhUXLT.exe
  C:\Windows\System\IuhUXLT.exe
  2⤵
  PID:4472
- C:\Windows\System\QYJDTZz.exe
  C:\Windows\System\QYJDTZz.exe
  2⤵
  PID:4504
- C:\Windows\System\VuyADXm.exe
  C:\Windows\System\VuyADXm.exe
  2⤵
  PID:4520
- C:\Windows\System\SXDcIof.exe
  C:\Windows\System\SXDcIof.exe
  2⤵
  PID:4568
- C:\Windows\System\RjbYoXd.exe
  C:\Windows\System\RjbYoXd.exe
  2⤵
  PID:4580
- C:\Windows\System\HXvNjvl.exe
  C:\Windows\System\HXvNjvl.exe
  2⤵
  PID:4632
- C:\Windows\System\drLIdKc.exe
  C:\Windows\System\drLIdKc.exe
  2⤵
  PID:4644
- C:\Windows\System\PjPWNxN.exe
  C:\Windows\System\PjPWNxN.exe
  2⤵
  PID:4724
- C:\Windows\System\vOPkhrG.exe
  C:\Windows\System\vOPkhrG.exe
  2⤵
  PID:4712
- C:\Windows\System\Nrrkmbi.exe
  C:\Windows\System\Nrrkmbi.exe
  2⤵
  PID:4744
- C:\Windows\System\koqvsBE.exe
  C:\Windows\System\koqvsBE.exe
  2⤵
  PID:4260
- C:\Windows\System\SzBUaSh.exe
  C:\Windows\System\SzBUaSh.exe
  2⤵
  PID:4852
- C:\Windows\System\zNLkBrw.exe
  C:\Windows\System\zNLkBrw.exe
  2⤵
  PID:4836
- C:\Windows\System\JcwMZVh.exe
  C:\Windows\System\JcwMZVh.exe
  2⤵
  PID:4872
- C:\Windows\System\xzdsncO.exe
  C:\Windows\System\xzdsncO.exe
  2⤵
  PID:4920
- C:\Windows\System\pZSUePB.exe
  C:\Windows\System\pZSUePB.exe
  2⤵
  PID:4952
- C:\Windows\System\WkDMVxb.exe
  C:\Windows\System\WkDMVxb.exe
  2⤵
  PID:4984
- C:\Windows\System\LlJQFbE.exe
  C:\Windows\System\LlJQFbE.exe
  2⤵
  PID:5044
- C:\Windows\System\cjpQKBu.exe
  C:\Windows\System\cjpQKBu.exe
  2⤵
  PID:5028
- C:\Windows\System\IGLOkZc.exe
  C:\Windows\System\IGLOkZc.exe
  2⤵
  PID:5064
- C:\Windows\System\ZegDcAB.exe
  C:\Windows\System\ZegDcAB.exe
  2⤵
  PID:5112
- C:\Windows\System\UmBweKq.exe
  C:\Windows\System\UmBweKq.exe
  2⤵
  PID:3612
- C:\Windows\System\YbThasD.exe
  C:\Windows\System\YbThasD.exe
  2⤵
  PID:1552
- C:\Windows\System\oXPGQuU.exe
  C:\Windows\System\oXPGQuU.exe
  2⤵
  PID:2612
- C:\Windows\System\hSWuAaN.exe
  C:\Windows\System\hSWuAaN.exe
  2⤵
  PID:3372
- C:\Windows\System\AFNZgsn.exe
  C:\Windows\System\AFNZgsn.exe
  2⤵
  PID:4128
- C:\Windows\System\ZPOYAXK.exe
  C:\Windows\System\ZPOYAXK.exe
  2⤵
  PID:4252
- C:\Windows\System\pxHtaUl.exe
  C:\Windows\System\pxHtaUl.exe
  2⤵
  PID:4220
- C:\Windows\System\vxHfGFB.exe
  C:\Windows\System\vxHfGFB.exe
  2⤵
  PID:4324
- C:\Windows\System\lmDPQVC.exe
  C:\Windows\System\lmDPQVC.exe
  2⤵
  PID:4420
- C:\Windows\System\AlgAXfE.exe
  C:\Windows\System\AlgAXfE.exe
  2⤵
  PID:4456
- C:\Windows\System\bQxBctg.exe
  C:\Windows\System\bQxBctg.exe
  2⤵
  PID:4552
- C:\Windows\System\CjYMdVt.exe
  C:\Windows\System\CjYMdVt.exe
  2⤵
  PID:4600
- C:\Windows\System\IGCRSOg.exe
  C:\Windows\System\IGCRSOg.exe
  2⤵
  PID:4648
- C:\Windows\System\aOGFHuE.exe
  C:\Windows\System\aOGFHuE.exe
  2⤵
  PID:4680
- C:\Windows\System\zTlrXoo.exe
  C:\Windows\System\zTlrXoo.exe
  2⤵
  PID:4772
- C:\Windows\System\JccKZHw.exe
  C:\Windows\System\JccKZHw.exe
  2⤵
  PID:5132
- C:\Windows\System\GZENxxL.exe
  C:\Windows\System\GZENxxL.exe
  2⤵
  PID:5148
- C:\Windows\System\UIeBSsn.exe
  C:\Windows\System\UIeBSsn.exe
  2⤵
  PID:5168
- C:\Windows\System\MTeZPPJ.exe
  C:\Windows\System\MTeZPPJ.exe
  2⤵
  PID:5184
- C:\Windows\System\ALLNaGm.exe
  C:\Windows\System\ALLNaGm.exe
  2⤵
  PID:5204
- C:\Windows\System\veywBVh.exe
  C:\Windows\System\veywBVh.exe
  2⤵
  PID:5220
- C:\Windows\System\QjYuoWG.exe
  C:\Windows\System\QjYuoWG.exe
  2⤵
  PID:5236
- C:\Windows\System\oEENLPu.exe
  C:\Windows\System\oEENLPu.exe
  2⤵
  PID:5252
- C:\Windows\System\uVNMqFE.exe
  C:\Windows\System\uVNMqFE.exe
  2⤵
  PID:5268
- C:\Windows\System\hrwSlJw.exe
  C:\Windows\System\hrwSlJw.exe
  2⤵
  PID:5284
- C:\Windows\System\dHNHlwN.exe
  C:\Windows\System\dHNHlwN.exe
  2⤵
  PID:5300
- C:\Windows\System\ReUJYRP.exe
  C:\Windows\System\ReUJYRP.exe
  2⤵
  PID:5316
- C:\Windows\System\AcFEIKS.exe
  C:\Windows\System\AcFEIKS.exe
  2⤵
  PID:5332
- C:\Windows\System\NBbyvpe.exe
  C:\Windows\System\NBbyvpe.exe
  2⤵
  PID:5348
- C:\Windows\System\cQtfquX.exe
  C:\Windows\System\cQtfquX.exe
  2⤵
  PID:5364
- C:\Windows\System\ZjZiYzv.exe
  C:\Windows\System\ZjZiYzv.exe
  2⤵
  PID:5380
- C:\Windows\System\pRsGSCz.exe
  C:\Windows\System\pRsGSCz.exe
  2⤵
  PID:5396
- C:\Windows\System\dqeGrOI.exe
  C:\Windows\System\dqeGrOI.exe
  2⤵
  PID:5412
- C:\Windows\System\HqPwqbq.exe
  C:\Windows\System\HqPwqbq.exe
  2⤵
  PID:5428
- C:\Windows\System\BaUGLrC.exe
  C:\Windows\System\BaUGLrC.exe
  2⤵
  PID:5444
- C:\Windows\System\OncRSfS.exe
  C:\Windows\System\OncRSfS.exe
  2⤵
  PID:5464
- C:\Windows\System\WrxzJlZ.exe
  C:\Windows\System\WrxzJlZ.exe
  2⤵
  PID:5480
- C:\Windows\System\ScHSuSa.exe
  C:\Windows\System\ScHSuSa.exe
  2⤵
  PID:5496
- C:\Windows\System\QbQIesM.exe
  C:\Windows\System\QbQIesM.exe
  2⤵
  PID:5512
- C:\Windows\System\eGWHydY.exe
  C:\Windows\System\eGWHydY.exe
  2⤵
  PID:5528
- C:\Windows\System\ltJgIqj.exe
  C:\Windows\System\ltJgIqj.exe
  2⤵
  PID:5544
- C:\Windows\System\qMydPTY.exe
  C:\Windows\System\qMydPTY.exe
  2⤵
  PID:5560
- C:\Windows\System\oXWFVYb.exe
  C:\Windows\System\oXWFVYb.exe
  2⤵
  PID:5576
- C:\Windows\System\kWfkBkA.exe
  C:\Windows\System\kWfkBkA.exe
  2⤵
  PID:5592
- C:\Windows\System\JdADpII.exe
  C:\Windows\System\JdADpII.exe
  2⤵
  PID:5608
- C:\Windows\System\uePgcqx.exe
  C:\Windows\System\uePgcqx.exe
  2⤵
  PID:5624
- C:\Windows\System\ZfAtsVj.exe
  C:\Windows\System\ZfAtsVj.exe
  2⤵
  PID:5640
- C:\Windows\System\kAPyrNv.exe
  C:\Windows\System\kAPyrNv.exe
  2⤵
  PID:5656
- C:\Windows\System\EdIiFZQ.exe
  C:\Windows\System\EdIiFZQ.exe
  2⤵
  PID:5672
- C:\Windows\System\hJEhxto.exe
  C:\Windows\System\hJEhxto.exe
  2⤵
  PID:5688
- C:\Windows\System\uyarWcl.exe
  C:\Windows\System\uyarWcl.exe
  2⤵
  PID:5704
- C:\Windows\System\vsOqMXn.exe
  C:\Windows\System\vsOqMXn.exe
  2⤵
  PID:5720
- C:\Windows\System\golnPzq.exe
  C:\Windows\System\golnPzq.exe
  2⤵
  PID:5736
- C:\Windows\System\ETuNGoB.exe
  C:\Windows\System\ETuNGoB.exe
  2⤵
  PID:5752
- C:\Windows\System\KixeQiL.exe
  C:\Windows\System\KixeQiL.exe
  2⤵
  PID:5768
- C:\Windows\System\JakbLdr.exe
  C:\Windows\System\JakbLdr.exe
  2⤵
  PID:5784
- C:\Windows\System\AaCgJOl.exe
  C:\Windows\System\AaCgJOl.exe
  2⤵
  PID:5800
- C:\Windows\System\CndRJJs.exe
  C:\Windows\System\CndRJJs.exe
  2⤵
  PID:5816
- C:\Windows\System\Lcxhsbt.exe
  C:\Windows\System\Lcxhsbt.exe
  2⤵
  PID:5832
- C:\Windows\System\YkMHsvO.exe
  C:\Windows\System\YkMHsvO.exe
  2⤵
  PID:5848
- C:\Windows\System\lLFfmfk.exe
  C:\Windows\System\lLFfmfk.exe
  2⤵
  PID:5864
- C:\Windows\System\kvlzEBO.exe
  C:\Windows\System\kvlzEBO.exe
  2⤵
  PID:5880
- C:\Windows\System\wSafsgs.exe
  C:\Windows\System\wSafsgs.exe
  2⤵
  PID:5896
- C:\Windows\System\xUVFysT.exe
  C:\Windows\System\xUVFysT.exe
  2⤵
  PID:5912
- C:\Windows\System\kpUwdFe.exe
  C:\Windows\System\kpUwdFe.exe
  2⤵
  PID:5928
- C:\Windows\System\MZNGNPy.exe
  C:\Windows\System\MZNGNPy.exe
  2⤵
  PID:5944
- C:\Windows\System\BOdHZTu.exe
  C:\Windows\System\BOdHZTu.exe
  2⤵
  PID:5960
- C:\Windows\System\HvbSfev.exe
  C:\Windows\System\HvbSfev.exe
  2⤵
  PID:5976
- C:\Windows\System\KSbyqMk.exe
  C:\Windows\System\KSbyqMk.exe
  2⤵
  PID:5992
- C:\Windows\System\wPBjTbR.exe
  C:\Windows\System\wPBjTbR.exe
  2⤵
  PID:6008
- C:\Windows\System\qdJQMnY.exe
  C:\Windows\System\qdJQMnY.exe
  2⤵
  PID:6024
- C:\Windows\System\VCFFXIO.exe
  C:\Windows\System\VCFFXIO.exe
  2⤵
  PID:6040
- C:\Windows\System\hjrewmy.exe
  C:\Windows\System\hjrewmy.exe
  2⤵
  PID:6056
- C:\Windows\System\OiSdkNC.exe
  C:\Windows\System\OiSdkNC.exe
  2⤵
  PID:6072
- C:\Windows\System\dFcysby.exe
  C:\Windows\System\dFcysby.exe
  2⤵
  PID:6088
- C:\Windows\System\hyiMnuf.exe
  C:\Windows\System\hyiMnuf.exe
  2⤵
  PID:6104
- C:\Windows\System\URDKTsA.exe
  C:\Windows\System\URDKTsA.exe
  2⤵
  PID:6120
- C:\Windows\System\yNOeYtv.exe
  C:\Windows\System\yNOeYtv.exe
  2⤵
  PID:6136
- C:\Windows\System\PSneIuW.exe
  C:\Windows\System\PSneIuW.exe
  2⤵
  PID:4804
- C:\Windows\System\AeNelGP.exe
  C:\Windows\System\AeNelGP.exe
  2⤵
  PID:5012
- C:\Windows\System\KDTHmrv.exe
  C:\Windows\System\KDTHmrv.exe
  2⤵
  PID:4900
- C:\Windows\System\ygmftpz.exe
  C:\Windows\System\ygmftpz.exe
  2⤵
  PID:3692
- C:\Windows\System\RMkDway.exe
  C:\Windows\System\RMkDway.exe
  2⤵
  PID:4124
- C:\Windows\System\hRwCYES.exe
  C:\Windows\System\hRwCYES.exe
  2⤵
  PID:4436
- C:\Windows\System\FTRoPGu.exe
  C:\Windows\System\FTRoPGu.exe
  2⤵
  PID:4664
- C:\Windows\System\VTykweq.exe
  C:\Windows\System\VTykweq.exe
  2⤵
  PID:5144
- C:\Windows\System\VYOwIXP.exe
  C:\Windows\System\VYOwIXP.exe
  2⤵
  PID:5212
- C:\Windows\System\ZosbAGN.exe
  C:\Windows\System\ZosbAGN.exe
  2⤵
  PID:5092
- C:\Windows\System\lGvmrIf.exe
  C:\Windows\System\lGvmrIf.exe
  2⤵
  PID:5276
- C:\Windows\System\KOOqkWN.exe
  C:\Windows\System\KOOqkWN.exe
  2⤵
  PID:4108
- C:\Windows\System\MWRxwLh.exe
  C:\Windows\System\MWRxwLh.exe
  2⤵
  PID:4360
- C:\Windows\System\draUDQV.exe
  C:\Windows\System\draUDQV.exe
  2⤵
  PID:5344
- C:\Windows\System\QUFaugF.exe
  C:\Windows\System\QUFaugF.exe
  2⤵
  PID:4344
- C:\Windows\System\HTAEBmA.exe
  C:\Windows\System\HTAEBmA.exe
  2⤵
  PID:5408
- C:\Windows\System\xHdpBDx.exe
  C:\Windows\System\xHdpBDx.exe
  2⤵
  PID:4756
- C:\Windows\System\FfmHBiy.exe
  C:\Windows\System\FfmHBiy.exe
  2⤵
  PID:5436
- C:\Windows\System\ochouoN.exe
  C:\Windows\System\ochouoN.exe
  2⤵
  PID:5192
- C:\Windows\System\tKQpbdx.exe
  C:\Windows\System\tKQpbdx.exe
  2⤵
  PID:5260
- C:\Windows\System\EopwVcE.exe
  C:\Windows\System\EopwVcE.exe
  2⤵
  PID:5540
- C:\Windows\System\ApGRUYO.exe
  C:\Windows\System\ApGRUYO.exe
  2⤵
  PID:5460
- C:\Windows\System\ozjuwdU.exe
  C:\Windows\System\ozjuwdU.exe
  2⤵
  PID:5392
- C:\Windows\System\LxcdUAE.exe
  C:\Windows\System\LxcdUAE.exe
  2⤵
  PID:5328
- C:\Windows\System\wuZPQeu.exe
  C:\Windows\System\wuZPQeu.exe
  2⤵
  PID:5572
- C:\Windows\System\qxyOWCd.exe
  C:\Windows\System\qxyOWCd.exe
  2⤵
  PID:5492
- C:\Windows\System\OLmlita.exe
  C:\Windows\System\OLmlita.exe
  2⤵
  PID:5584
- C:\Windows\System\MVoxCaA.exe
  C:\Windows\System\MVoxCaA.exe
  2⤵
  PID:5588
- C:\Windows\System\GISlTEg.exe
  C:\Windows\System\GISlTEg.exe
  2⤵
  PID:5652
- C:\Windows\System\anNCDFj.exe
  C:\Windows\System\anNCDFj.exe
  2⤵
  PID:5728
- C:\Windows\System\nSchZlc.exe
  C:\Windows\System\nSchZlc.exe
  2⤵
  PID:5792
- C:\Windows\System\lMbrNBx.exe
  C:\Windows\System\lMbrNBx.exe
  2⤵
  PID:5856
- C:\Windows\System\FKTnvQL.exe
  C:\Windows\System\FKTnvQL.exe
  2⤵
  PID:5712
- C:\Windows\System\rJRIMhE.exe
  C:\Windows\System\rJRIMhE.exe
  2⤵
  PID:5812
- C:\Windows\System\whnNuOU.exe
  C:\Windows\System\whnNuOU.exe
  2⤵
  PID:5840
- C:\Windows\System\lrLfDlr.exe
  C:\Windows\System\lrLfDlr.exe
  2⤵
  PID:5892
- C:\Windows\System\qGkWiIC.exe
  C:\Windows\System\qGkWiIC.exe
  2⤵
  PID:5956
- C:\Windows\System\CfoCUaS.exe
  C:\Windows\System\CfoCUaS.exe
  2⤵
  PID:6020
- C:\Windows\System\jixlatl.exe
  C:\Windows\System\jixlatl.exe
  2⤵
  PID:5904
- C:\Windows\System\GHxDbiA.exe
  C:\Windows\System\GHxDbiA.exe
  2⤵
  PID:5968
- C:\Windows\System\qUyRMgQ.exe
  C:\Windows\System\qUyRMgQ.exe
  2⤵
  PID:6032
- C:\Windows\System\DbOrMxk.exe
  C:\Windows\System\DbOrMxk.exe
  2⤵
  PID:6084
- C:\Windows\System\hyHXFXe.exe
  C:\Windows\System\hyHXFXe.exe
  2⤵
  PID:4808
- C:\Windows\System\PmviBbZ.exe
  C:\Windows\System\PmviBbZ.exe
  2⤵
  PID:6096
- C:\Windows\System\HIzQCPG.exe
  C:\Windows\System\HIzQCPG.exe
  2⤵
  PID:3196
- C:\Windows\System\MhpBLFd.exe
  C:\Windows\System\MhpBLFd.exe
  2⤵
  PID:4904
- C:\Windows\System\KoVIkwX.exe
  C:\Windows\System\KoVIkwX.exe
  2⤵
  PID:4564
- C:\Windows\System\dpAdvJf.exe
  C:\Windows\System\dpAdvJf.exe
  2⤵
  PID:4820
- C:\Windows\System\ZCmFmor.exe
  C:\Windows\System\ZCmFmor.exe
  2⤵
  PID:5108
- C:\Windows\System\dKIMvdc.exe
  C:\Windows\System\dKIMvdc.exe
  2⤵
  PID:1532
- C:\Windows\System\JhbbjHs.exe
  C:\Windows\System\JhbbjHs.exe
  2⤵
  PID:4236
- C:\Windows\System\YfkzRww.exe
  C:\Windows\System\YfkzRww.exe
  2⤵
  PID:4708
- C:\Windows\System\sDGWLjc.exe
  C:\Windows\System\sDGWLjc.exe
  2⤵
  PID:5472
- C:\Windows\System\zKfZHFu.exe
  C:\Windows\System\zKfZHFu.exe
  2⤵
  PID:5536
- C:\Windows\System\YSdfSBR.exe
  C:\Windows\System\YSdfSBR.exe
  2⤵
  PID:5420
- C:\Windows\System\GdMgDXG.exe
  C:\Windows\System\GdMgDXG.exe
  2⤵
  PID:5360
- C:\Windows\System\otogxgG.exe
  C:\Windows\System\otogxgG.exe
  2⤵
  PID:5556
- C:\Windows\System\jzrQrQW.exe
  C:\Windows\System\jzrQrQW.exe
  2⤵
  PID:5764
- C:\Windows\System\kieHMvs.exe
  C:\Windows\System\kieHMvs.exe
  2⤵
  PID:6148
- C:\Windows\System\smhOcNf.exe
  C:\Windows\System\smhOcNf.exe
  2⤵
  PID:6168
- C:\Windows\System\pbCGYQx.exe
  C:\Windows\System\pbCGYQx.exe
  2⤵
  PID:6188
- C:\Windows\System\qSjYdGe.exe
  C:\Windows\System\qSjYdGe.exe
  2⤵
  PID:6204
- C:\Windows\System\rIqHGIA.exe
  C:\Windows\System\rIqHGIA.exe
  2⤵
  PID:6220
- C:\Windows\System\MJOyesb.exe
  C:\Windows\System\MJOyesb.exe
  2⤵
  PID:6236
- C:\Windows\System\WFuynea.exe
  C:\Windows\System\WFuynea.exe
  2⤵
  PID:6252
- C:\Windows\System\AfjjTPC.exe
  C:\Windows\System\AfjjTPC.exe
  2⤵
  PID:6272
- C:\Windows\System\QRSsInf.exe
  C:\Windows\System\QRSsInf.exe
  2⤵
  PID:6288
- C:\Windows\System\ssUuiBB.exe
  C:\Windows\System\ssUuiBB.exe
  2⤵
  PID:6304
- C:\Windows\System\MgmIZxr.exe
  C:\Windows\System\MgmIZxr.exe
  2⤵
  PID:6320
- C:\Windows\System\JKvdWJT.exe
  C:\Windows\System\JKvdWJT.exe
  2⤵
  PID:6336
- C:\Windows\System\gENqDoS.exe
  C:\Windows\System\gENqDoS.exe
  2⤵
  PID:6384
- C:\Windows\System\EszIvqf.exe
  C:\Windows\System\EszIvqf.exe
  2⤵
  PID:6400
- C:\Windows\System\fUWKvwo.exe
  C:\Windows\System\fUWKvwo.exe
  2⤵
  PID:6416
- C:\Windows\System\ZSdbkpi.exe
  C:\Windows\System\ZSdbkpi.exe
  2⤵
  PID:6432
- C:\Windows\System\jKenlaW.exe
  C:\Windows\System\jKenlaW.exe
  2⤵
  PID:6448
- C:\Windows\System\nOsOVZk.exe
  C:\Windows\System\nOsOVZk.exe
  2⤵
  PID:6464
- C:\Windows\System\xbcHsMQ.exe
  C:\Windows\System\xbcHsMQ.exe
  2⤵
  PID:6480
- C:\Windows\System\pvtLGZq.exe
  C:\Windows\System\pvtLGZq.exe
  2⤵
  PID:6496
- C:\Windows\System\TvMzEos.exe
  C:\Windows\System\TvMzEos.exe
  2⤵
  PID:6512
- C:\Windows\System\DATTnxR.exe
  C:\Windows\System\DATTnxR.exe
  2⤵
  PID:6528
- C:\Windows\System\SPJSAYq.exe
  C:\Windows\System\SPJSAYq.exe
  2⤵
  PID:6544
- C:\Windows\System\WFiUzQx.exe
  C:\Windows\System\WFiUzQx.exe
  2⤵
  PID:6560
- C:\Windows\System\gnawMCD.exe
  C:\Windows\System\gnawMCD.exe
  2⤵
  PID:6576
- C:\Windows\System\AudWTka.exe
  C:\Windows\System\AudWTka.exe
  2⤵
  PID:6592
- C:\Windows\System\esmFDIr.exe
  C:\Windows\System\esmFDIr.exe
  2⤵
  PID:6608
- C:\Windows\System\VtcjZBY.exe
  C:\Windows\System\VtcjZBY.exe
  2⤵
  PID:6628
- C:\Windows\System\yDORRDC.exe
  C:\Windows\System\yDORRDC.exe
  2⤵
  PID:6644
- C:\Windows\System\ZkhuNub.exe
  C:\Windows\System\ZkhuNub.exe
  2⤵
  PID:6660
- C:\Windows\System\wfvzvhr.exe
  C:\Windows\System\wfvzvhr.exe
  2⤵
  PID:6676
- C:\Windows\System\WrrldRs.exe
  C:\Windows\System\WrrldRs.exe
  2⤵
  PID:6692
- C:\Windows\System\ePmyVfB.exe
  C:\Windows\System\ePmyVfB.exe
  2⤵
  PID:6708
- C:\Windows\System\GtoNyTr.exe
  C:\Windows\System\GtoNyTr.exe
  2⤵
  PID:6724
- C:\Windows\System\HnOgJnp.exe
  C:\Windows\System\HnOgJnp.exe
  2⤵
  PID:6740
- C:\Windows\System\eaJPpZT.exe
  C:\Windows\System\eaJPpZT.exe
  2⤵
  PID:6756
- C:\Windows\System\pHJWnkI.exe
  C:\Windows\System\pHJWnkI.exe
  2⤵
  PID:6772
- C:\Windows\System\GLScyfy.exe
  C:\Windows\System\GLScyfy.exe
  2⤵
  PID:6788
- C:\Windows\System\IQSxzcV.exe
  C:\Windows\System\IQSxzcV.exe
  2⤵
  PID:6804
- C:\Windows\System\yKzfTvw.exe
  C:\Windows\System\yKzfTvw.exe
  2⤵
  PID:6824
- C:\Windows\System\BrGTAzJ.exe
  C:\Windows\System\BrGTAzJ.exe
  2⤵
  PID:6840
- C:\Windows\System\SEzaHbd.exe
  C:\Windows\System\SEzaHbd.exe
  2⤵
  PID:6856
- C:\Windows\System\ohhZjrZ.exe
  C:\Windows\System\ohhZjrZ.exe
  2⤵
  PID:6872
- C:\Windows\System\eABBYRt.exe
  C:\Windows\System\eABBYRt.exe
  2⤵
  PID:6888
- C:\Windows\System\pvOZmcz.exe
  C:\Windows\System\pvOZmcz.exe
  2⤵
  PID:6904
- C:\Windows\System\KpPOVcn.exe
  C:\Windows\System\KpPOVcn.exe
  2⤵
  PID:6924
- C:\Windows\System\WRMkuMs.exe
  C:\Windows\System\WRMkuMs.exe
  2⤵
  PID:6944
- C:\Windows\System\NXGAbmk.exe
  C:\Windows\System\NXGAbmk.exe
  2⤵
  PID:6964
- C:\Windows\System\nXPkyjE.exe
  C:\Windows\System\nXPkyjE.exe
  2⤵
  PID:6980
- C:\Windows\System\cZawDfS.exe
  C:\Windows\System\cZawDfS.exe
  2⤵
  PID:6996
- C:\Windows\System\OfcSMmH.exe
  C:\Windows\System\OfcSMmH.exe
  2⤵
  PID:7012
- C:\Windows\System\vksdayn.exe
  C:\Windows\System\vksdayn.exe
  2⤵
  PID:7028
- C:\Windows\System\wgjBRXa.exe
  C:\Windows\System\wgjBRXa.exe
  2⤵
  PID:7044
- C:\Windows\System\hoeyhYB.exe
  C:\Windows\System\hoeyhYB.exe
  2⤵
  PID:7060
- C:\Windows\System\pZnXWiN.exe
  C:\Windows\System\pZnXWiN.exe
  2⤵
  PID:7076
- C:\Windows\System\GbkDhwM.exe
  C:\Windows\System\GbkDhwM.exe
  2⤵
  PID:7092
- C:\Windows\System\FMklqQm.exe
  C:\Windows\System\FMklqQm.exe
  2⤵
  PID:7116
- C:\Windows\System\IhwxkiZ.exe
  C:\Windows\System\IhwxkiZ.exe
  2⤵
  PID:7140
- C:\Windows\System\BiOYpbA.exe
  C:\Windows\System\BiOYpbA.exe
  2⤵
  PID:5808
- C:\Windows\System\ZXiircJ.exe
  C:\Windows\System\ZXiircJ.exe
  2⤵
  PID:5940
- C:\Windows\System\NixZwvN.exe
  C:\Windows\System\NixZwvN.exe
  2⤵
  PID:5684
- C:\Windows\System\KNydrvX.exe
  C:\Windows\System\KNydrvX.exe
  2⤵
  PID:4932
- C:\Windows\System\SNtsvai.exe
  C:\Windows\System\SNtsvai.exe
  2⤵
  PID:6156
- C:\Windows\System\lLjoQaJ.exe
  C:\Windows\System\lLjoQaJ.exe
  2⤵
  PID:6228
- C:\Windows\System\sfcGgPC.exe
  C:\Windows\System\sfcGgPC.exe
  2⤵
  PID:2808
- C:\Windows\System\mSxQdHf.exe
  C:\Windows\System\mSxQdHf.exe
  2⤵
  PID:6264
- C:\Windows\System\ziTwkFJ.exe
  C:\Windows\System\ziTwkFJ.exe
  2⤵
  PID:6296
- C:\Windows\System\RPPWLeW.exe
  C:\Windows\System\RPPWLeW.exe
  2⤵
  PID:6344
- C:\Windows\System\rDmdspL.exe
  C:\Windows\System\rDmdspL.exe
  2⤵
  PID:6360
- C:\Windows\System\lLZgfSF.exe
  C:\Windows\System\lLZgfSF.exe
  2⤵
  PID:6376
- C:\Windows\System\mMbrBTW.exe
  C:\Windows\System\mMbrBTW.exe
  2⤵
  PID:6408
- C:\Windows\System\rHmFfxE.exe
  C:\Windows\System\rHmFfxE.exe
  2⤵
  PID:6268
- C:\Windows\System\RWEzKQB.exe
  C:\Windows\System\RWEzKQB.exe
  2⤵
  PID:6476
- C:\Windows\System\GXOtVav.exe
  C:\Windows\System\GXOtVav.exe
  2⤵
  PID:6504
- C:\Windows\System\mxmkSge.exe
  C:\Windows\System\mxmkSge.exe
  2⤵
  PID:6488
- C:\Windows\System\GsaEUWZ.exe
  C:\Windows\System\GsaEUWZ.exe
  2⤵
  PID:6492
- C:\Windows\System\XFGAdwC.exe
  C:\Windows\System\XFGAdwC.exe
  2⤵
  PID:6568
- C:\Windows\System\ybXTLWo.exe
  C:\Windows\System\ybXTLWo.exe
  2⤵
  PID:6556
- C:\Windows\System\pIfKUWT.exe
  C:\Windows\System\pIfKUWT.exe
  2⤵
  PID:6588
- C:\Windows\System\lYHYaFG.exe
  C:\Windows\System\lYHYaFG.exe
  2⤵
  PID:6668
- C:\Windows\System\PYLcExH.exe
  C:\Windows\System\PYLcExH.exe
  2⤵
  PID:6732
- C:\Windows\System\IlrCoWG.exe
  C:\Windows\System\IlrCoWG.exe
  2⤵
  PID:6796
- C:\Windows\System\tCDswVQ.exe
  C:\Windows\System\tCDswVQ.exe
  2⤵
  PID:6864
- C:\Windows\System\uJcRmOT.exe
  C:\Windows\System\uJcRmOT.exe
  2⤵
  PID:6932
- C:\Windows\System\jZQYsCF.exe
  C:\Windows\System\jZQYsCF.exe
  2⤵
  PID:6976
- C:\Windows\System\eOANdxk.exe
  C:\Windows\System\eOANdxk.exe
  2⤵
  PID:7040
- C:\Windows\System\LOnmNKJ.exe
  C:\Windows\System\LOnmNKJ.exe
  2⤵
  PID:7100
- C:\Windows\System\quqNvcK.exe
  C:\Windows\System\quqNvcK.exe
  2⤵
  PID:7156
- C:\Windows\System\bYzvHni.exe
  C:\Windows\System\bYzvHni.exe
  2⤵
  PID:2076
- C:\Windows\System\SNINJqD.exe
  C:\Windows\System\SNINJqD.exe
  2⤵
  PID:6080
- C:\Windows\System\mlZElYH.exe
  C:\Windows\System\mlZElYH.exe
  2⤵
  PID:5280
- C:\Windows\System\IOsMTmS.exe
  C:\Windows\System\IOsMTmS.exe
  2⤵
  PID:5232
- C:\Windows\System\nbvRMKg.exe
  C:\Windows\System\nbvRMKg.exe
  2⤵
  PID:6244
- C:\Windows\System\CwdZvHD.exe
  C:\Windows\System\CwdZvHD.exe
  2⤵
  PID:6260
- C:\Windows\System\wleUBHn.exe
  C:\Windows\System\wleUBHn.exe
  2⤵
  PID:6332
- C:\Windows\System\ilqRdeD.exe
  C:\Windows\System\ilqRdeD.exe
  2⤵
  PID:6700
- C:\Windows\System\rMKtTia.exe
  C:\Windows\System\rMKtTia.exe
  2⤵
  PID:7176
- C:\Windows\System\kNINdZs.exe
  C:\Windows\System\kNINdZs.exe
  2⤵
  PID:7200
- C:\Windows\System\OLguXKs.exe
  C:\Windows\System\OLguXKs.exe
  2⤵
  PID:7416
- C:\Windows\System\AqJqXlg.exe
  C:\Windows\System\AqJqXlg.exe
  2⤵
  PID:7520
- C:\Windows\System\mLMBoYC.exe
  C:\Windows\System\mLMBoYC.exe
  2⤵
  PID:7776
- C:\Windows\System\ZXJHcRU.exe
  C:\Windows\System\ZXJHcRU.exe
  2⤵
  PID:8036
- C:\Windows\System\QfbExyO.exe
  C:\Windows\System\QfbExyO.exe
  2⤵
  PID:7352
- C:\Windows\System\qGTroik.exe
  C:\Windows\System\qGTroik.exe
  2⤵
  PID:7756
- C:\Windows\System\kqHwFjY.exe
  C:\Windows\System\kqHwFjY.exe
  2⤵
  PID:7192
- C:\Windows\System\OVMmpTf.exe
  C:\Windows\System\OVMmpTf.exe
  2⤵
  PID:7444
- C:\Windows\System\BglVcCA.exe
  C:\Windows\System\BglVcCA.exe
  2⤵
  PID:7460
- C:\Windows\System\ZDWewnC.exe
  C:\Windows\System\ZDWewnC.exe
  2⤵
  PID:7484
- C:\Windows\System\wzbZlVs.exe
  C:\Windows\System\wzbZlVs.exe
  2⤵
  PID:7508
- C:\Windows\System\gBpEahf.exe
  C:\Windows\System\gBpEahf.exe
  2⤵
  PID:7784
- C:\Windows\System\mHfwKuf.exe
  C:\Windows\System\mHfwKuf.exe
  2⤵
  PID:7804
- C:\Windows\System\HvuFtJk.exe
  C:\Windows\System\HvuFtJk.exe
  2⤵
  PID:7820
- C:\Windows\System\cuuraHv.exe
  C:\Windows\System\cuuraHv.exe
  2⤵
  PID:7848
- C:\Windows\System\FQSXvlp.exe
  C:\Windows\System\FQSXvlp.exe
  2⤵
  PID:7876
- C:\Windows\System\iOBeSti.exe
  C:\Windows\System\iOBeSti.exe
  2⤵
  PID:7896
- C:\Windows\System\vlCwxqB.exe
  C:\Windows\System\vlCwxqB.exe
  2⤵
  PID:7916
- C:\Windows\System\qdJGoQf.exe
  C:\Windows\System\qdJGoQf.exe
  2⤵
  PID:7936
- C:\Windows\System\fGTFLzt.exe
  C:\Windows\System\fGTFLzt.exe
  2⤵
  PID:7956
- C:\Windows\System\mUFTsBO.exe
  C:\Windows\System\mUFTsBO.exe
  2⤵
  PID:7980
- C:\Windows\System\yVEDygL.exe
  C:\Windows\System\yVEDygL.exe
  2⤵
  PID:8044
- C:\Windows\System\rzkhsCG.exe
  C:\Windows\System\rzkhsCG.exe
  2⤵
  PID:8064
- C:\Windows\System\tqVEFuN.exe
  C:\Windows\System\tqVEFuN.exe
  2⤵
  PID:8080
- C:\Windows\System\cuppfmR.exe
  C:\Windows\System\cuppfmR.exe
  2⤵
  PID:8104
- C:\Windows\System\JlQjXSe.exe
  C:\Windows\System\JlQjXSe.exe
  2⤵
  PID:8124
- C:\Windows\System\fOOjdDQ.exe
  C:\Windows\System\fOOjdDQ.exe
  2⤵
  PID:8144
- C:\Windows\System\rCIsKyG.exe
  C:\Windows\System\rCIsKyG.exe
  2⤵
  PID:8164
- C:\Windows\System\EYCBYem.exe
  C:\Windows\System\EYCBYem.exe
  2⤵
  PID:8180
- C:\Windows\System\jXAIYNf.exe
  C:\Windows\System\jXAIYNf.exe
  2⤵
  PID:5696
- C:\Windows\System\WZxZdzq.exe
  C:\Windows\System\WZxZdzq.exe
  2⤵
  PID:6312
- C:\Windows\System\oGyfZeK.exe
  C:\Windows\System\oGyfZeK.exe
  2⤵
  PID:6936
- C:\Windows\System\fPvyxOS.exe
  C:\Windows\System\fPvyxOS.exe
  2⤵
  PID:2792
- C:\Windows\System\mqmfZWU.exe
  C:\Windows\System\mqmfZWU.exe
  2⤵
  PID:6064
- C:\Windows\System\zxrcPdR.exe
  C:\Windows\System\zxrcPdR.exe
  2⤵
  PID:6652
- C:\Windows\System\Tnfxpkn.exe
  C:\Windows\System\Tnfxpkn.exe
  2⤵
  PID:6720
- C:\Windows\System\OeckImV.exe
  C:\Windows\System\OeckImV.exe
  2⤵
  PID:1732
- C:\Windows\System\SjKHZhp.exe
  C:\Windows\System\SjKHZhp.exe
  2⤵
  PID:2752
- C:\Windows\System\boaZDEA.exe
  C:\Windows\System\boaZDEA.exe
  2⤵
  PID:7236
- C:\Windows\System\lKyozUs.exe
  C:\Windows\System\lKyozUs.exe
  2⤵
  PID:7256
- C:\Windows\System\qTGKfvG.exe
  C:\Windows\System\qTGKfvG.exe
  2⤵
  PID:7272
- C:\Windows\System\WbQAeqJ.exe
  C:\Windows\System\WbQAeqJ.exe
  2⤵
  PID:2992
- C:\Windows\System\edFKZOl.exe
  C:\Windows\System\edFKZOl.exe
  2⤵
  PID:7292
- C:\Windows\System\tgGlvVb.exe
  C:\Windows\System\tgGlvVb.exe
  2⤵
  PID:7312
- C:\Windows\System\vHMyjeG.exe
  C:\Windows\System\vHMyjeG.exe
  2⤵
  PID:6820
- C:\Windows\System\KSCGSzJ.exe
  C:\Windows\System\KSCGSzJ.exe
  2⤵
  PID:6884
- C:\Windows\System\VcIvWvl.exe
  C:\Windows\System\VcIvWvl.exe
  2⤵
  PID:6916
- C:\Windows\System\SIEjxcP.exe
  C:\Windows\System\SIEjxcP.exe
  2⤵
  PID:7364
- C:\Windows\System\ujhUlmS.exe
  C:\Windows\System\ujhUlmS.exe
  2⤵
  PID:7384
- C:\Windows\System\qoOWpvW.exe
  C:\Windows\System\qoOWpvW.exe
  2⤵
  PID:2204
- C:\Windows\System\zbByORO.exe
  C:\Windows\System\zbByORO.exe
  2⤵
  PID:7528
- C:\Windows\System\TSBGggQ.exe
  C:\Windows\System\TSBGggQ.exe
  2⤵
  PID:1152
- C:\Windows\System\QtpoUik.exe
  C:\Windows\System\QtpoUik.exe
  2⤵
  PID:7544
- C:\Windows\System\iTXQoBX.exe
  C:\Windows\System\iTXQoBX.exe
  2⤵
  PID:7564
- C:\Windows\System\omTtCAq.exe
  C:\Windows\System\omTtCAq.exe
  2⤵
  PID:7572
- C:\Windows\System\ZcYzpJr.exe
  C:\Windows\System\ZcYzpJr.exe
  2⤵
  PID:7088
- C:\Windows\System\ZwQifDs.exe
  C:\Windows\System\ZwQifDs.exe
  2⤵
  PID:5952
- C:\Windows\System\iBoDNuu.exe
  C:\Windows\System\iBoDNuu.exe
  2⤵
  PID:2372
- C:\Windows\System\WeQOyPA.exe
  C:\Windows\System\WeQOyPA.exe
  2⤵
  PID:5096
- C:\Windows\System\FurHRYQ.exe
  C:\Windows\System\FurHRYQ.exe
  2⤵
  PID:7576
- C:\Windows\System\IGWNEdz.exe
  C:\Windows\System\IGWNEdz.exe
  2⤵
  PID:7596
- C:\Windows\System\fftaAsh.exe
  C:\Windows\System\fftaAsh.exe
  2⤵
  PID:2332
- C:\Windows\System\uTcyKTs.exe
  C:\Windows\System\uTcyKTs.exe
  2⤵
  PID:6176
- C:\Windows\System\nFizatp.exe
  C:\Windows\System\nFizatp.exe
  2⤵
  PID:5828
- C:\Windows\System\AVujhxg.exe
  C:\Windows\System\AVujhxg.exe
  2⤵
  PID:6016
- C:\Windows\System\cAgIClm.exe
  C:\Windows\System\cAgIClm.exe
  2⤵
  PID:2964
- C:\Windows\System\wrnsSKc.exe
  C:\Windows\System\wrnsSKc.exe
  2⤵
  PID:6196
- C:\Windows\System\WyaaFbz.exe
  C:\Windows\System\WyaaFbz.exe
  2⤵
  PID:2068
- C:\Windows\System\YwJoWKr.exe
  C:\Windows\System\YwJoWKr.exe
  2⤵
  PID:7620
- C:\Windows\System\JygDXCi.exe
  C:\Windows\System\JygDXCi.exe
  2⤵
  PID:7640
- C:\Windows\System\ebwzbrz.exe
  C:\Windows\System\ebwzbrz.exe
  2⤵
  PID:7660
- C:\Windows\System\nKCaNon.exe
  C:\Windows\System\nKCaNon.exe
  2⤵
  PID:7680
- C:\Windows\System\QOhZlch.exe
  C:\Windows\System\QOhZlch.exe
  2⤵
  PID:6396
- C:\Windows\System\ivhSoqY.exe
  C:\Windows\System\ivhSoqY.exe
  2⤵
  PID:6524
- C:\Windows\System\QXKKiPo.exe
  C:\Windows\System\QXKKiPo.exe
  2⤵
  PID:6764
- C:\Windows\System\QWFNket.exe
  C:\Windows\System\QWFNket.exe
  2⤵
  PID:1752
- C:\Windows\System\ugHYUdd.exe
  C:\Windows\System\ugHYUdd.exe
  2⤵
  PID:5160
- C:\Windows\System\xfcvYem.exe
  C:\Windows\System\xfcvYem.exe
  2⤵
  PID:2416
- C:\Windows\System\TmliPDg.exe
  C:\Windows\System\TmliPDg.exe
  2⤵
  PID:5264
- C:\Windows\System\aTLSCQk.exe
  C:\Windows\System\aTLSCQk.exe
  2⤵
  PID:5156
- C:\Windows\System\hQMhMky.exe
  C:\Windows\System\hQMhMky.exe
  2⤵
  PID:7704
- C:\Windows\System\aDQKBrg.exe
  C:\Windows\System\aDQKBrg.exe
  2⤵
  PID:7724
- C:\Windows\System\fdZYtaf.exe
  C:\Windows\System\fdZYtaf.exe
  2⤵
  PID:7188
- C:\Windows\System\nQXTSiN.exe
  C:\Windows\System\nQXTSiN.exe
  2⤵
  PID:6472
- C:\Windows\System\LDkSUGf.exe
  C:\Windows\System\LDkSUGf.exe
  2⤵
  PID:6584
- C:\Windows\System\bCGbFGy.exe
  C:\Windows\System\bCGbFGy.exe
  2⤵
  PID:7452
- C:\Windows\System\XxAMjDT.exe
  C:\Windows\System\XxAMjDT.exe
  2⤵
  PID:7504
- C:\Windows\System\xqMrosQ.exe
  C:\Windows\System\xqMrosQ.exe
  2⤵
  PID:7476
- C:\Windows\System\NIDsVme.exe
  C:\Windows\System\NIDsVme.exe
  2⤵
  PID:7796
- C:\Windows\System\zFZdbtR.exe
  C:\Windows\System\zFZdbtR.exe
  2⤵
  PID:7832
- C:\Windows\System\aZguLFq.exe
  C:\Windows\System\aZguLFq.exe
  2⤵
  PID:7892
- C:\Windows\System\TIMRqNu.exe
  C:\Windows\System\TIMRqNu.exe
  2⤵
  PID:7928
- C:\Windows\System\OvBniUp.exe
  C:\Windows\System\OvBniUp.exe
  2⤵
  PID:7944
- C:\Windows\System\ByelySB.exe
  C:\Windows\System\ByelySB.exe
  2⤵
  PID:8052
- C:\Windows\System\zRlixHC.exe
  C:\Windows\System\zRlixHC.exe
  2⤵
  PID:8100
- C:\Windows\System\HSILPCx.exe
  C:\Windows\System\HSILPCx.exe
  2⤵
  PID:8136
- C:\Windows\System\RCqpFas.exe
  C:\Windows\System\RCqpFas.exe
  2⤵
  PID:8176
- C:\Windows\System\eTdSExi.exe
  C:\Windows\System\eTdSExi.exe
  2⤵
  PID:4616
- C:\Windows\System\Xndbthi.exe
  C:\Windows\System\Xndbthi.exe
  2⤵
  PID:5700
- C:\Windows\System\XskNGCb.exe
  C:\Windows\System\XskNGCb.exe
  2⤵
  PID:6620
- C:\Windows\System\qnHGumw.exe
  C:\Windows\System\qnHGumw.exe
  2⤵
  PID:6748
- C:\Windows\System\envFFil.exe
  C:\Windows\System\envFFil.exe
  2⤵
  PID:6716
- C:\Windows\System\YwilpMU.exe
  C:\Windows\System\YwilpMU.exe
  2⤵
  PID:7224
- C:\Windows\System\rRmlagA.exe
  C:\Windows\System\rRmlagA.exe
  2⤵
  PID:7244
- C:\Windows\System\bvdfEZs.exe
  C:\Windows\System\bvdfEZs.exe
  2⤵
  PID:6784
- C:\Windows\System\cQVYwCt.exe
  C:\Windows\System\cQVYwCt.exe
  2⤵
  PID:7328
- C:\Windows\System\tZMJLpu.exe
  C:\Windows\System\tZMJLpu.exe
  2⤵
  PID:7332
- C:\Windows\System\GeoRfAQ.exe
  C:\Windows\System\GeoRfAQ.exe
  2⤵
  PID:6852
- C:\Windows\System\RSvzIgA.exe
  C:\Windows\System\RSvzIgA.exe
  2⤵
  PID:7360
- C:\Windows\System\qQGcpGf.exe
  C:\Windows\System\qQGcpGf.exe
  2⤵
  PID:7392
- C:\Windows\System\hNEsZsU.exe
  C:\Windows\System\hNEsZsU.exe
  2⤵
  PID:7540
- C:\Windows\System\LyGRdoX.exe
  C:\Windows\System\LyGRdoX.exe
  2⤵
  PID:2648
- C:\Windows\System\KxKGpKk.exe
  C:\Windows\System\KxKGpKk.exe
  2⤵
  PID:7024
- C:\Windows\System\kOHFgfO.exe
  C:\Windows\System\kOHFgfO.exe
  2⤵
  PID:7132
- C:\Windows\System\DBQZyfa.exe
  C:\Windows\System\DBQZyfa.exe
  2⤵
  PID:4980
- C:\Windows\System\KMBZOWF.exe
  C:\Windows\System\KMBZOWF.exe
  2⤵
  PID:7588
- C:\Windows\System\FDhutci.exe
  C:\Windows\System\FDhutci.exe
  2⤵
  PID:2136
- C:\Windows\System\jYmPwIf.exe
  C:\Windows\System\jYmPwIf.exe
  2⤵
  PID:5748
- C:\Windows\System\XCGBBFz.exe
  C:\Windows\System\XCGBBFz.exe
  2⤵
  PID:5060
- C:\Windows\System\fedrLla.exe
  C:\Windows\System\fedrLla.exe
  2⤵
  PID:2284
- C:\Windows\System\xBdiJWn.exe
  C:\Windows\System\xBdiJWn.exe
  2⤵
  PID:2352
- C:\Windows\System\hGfBoyP.exe
  C:\Windows\System\hGfBoyP.exe
  2⤵
  PID:7652
- C:\Windows\System\cZTvtGM.exe
  C:\Windows\System\cZTvtGM.exe
  2⤵
  PID:7668
- C:\Windows\System\KZJwfFD.exe
  C:\Windows\System\KZJwfFD.exe
  2⤵
  PID:6552
- C:\Windows\System\sjLnali.exe
  C:\Windows\System\sjLnali.exe
  2⤵
  PID:6460
- C:\Windows\System\TUlfBQe.exe
  C:\Windows\System\TUlfBQe.exe
  2⤵
  PID:6248
- C:\Windows\System\swaXklY.exe
  C:\Windows\System\swaXklY.exe
  2⤵
  PID:5404
- C:\Windows\System\tEZoxqd.exe
  C:\Windows\System\tEZoxqd.exe
  2⤵
  PID:7736
- C:\Windows\System\TlPWIDo.exe
  C:\Windows\System\TlPWIDo.exe
  2⤵
  PID:5760
- C:\Windows\System\CLadEcZ.exe
  C:\Windows\System\CLadEcZ.exe
  2⤵
  PID:7720
- C:\Windows\System\aLoDjKU.exe
  C:\Windows\System\aLoDjKU.exe
  2⤵
  PID:7748
- C:\Windows\System\iWfvbBH.exe
  C:\Windows\System\iWfvbBH.exe
  2⤵
  PID:6540
- C:\Windows\System\IaIQJDr.exe
  C:\Windows\System\IaIQJDr.exe
  2⤵
  PID:7432
- C:\Windows\System\daNUIls.exe
  C:\Windows\System\daNUIls.exe
  2⤵
  PID:6952
- C:\Windows\System\pWMFxPU.exe
  C:\Windows\System\pWMFxPU.exe
  2⤵
  PID:7924
- C:\Windows\System\TTOGAnL.exe
  C:\Windows\System\TTOGAnL.exe
  2⤵
  PID:7952
- C:\Windows\System\YdDjKiH.exe
  C:\Windows\System\YdDjKiH.exe
  2⤵
  PID:8028
- C:\Windows\System\olABkzD.exe
  C:\Windows\System\olABkzD.exe
  2⤵
  PID:8056
- C:\Windows\System\TTqHxrr.exe
  C:\Windows\System\TTqHxrr.exe
  2⤵
  PID:8152
- C:\Windows\System\XJpBmLU.exe
  C:\Windows\System\XJpBmLU.exe
  2⤵
  PID:5048
- C:\Windows\System\SFBWYBP.exe
  C:\Windows\System\SFBWYBP.exe
  2⤵
  PID:7164
- C:\Windows\System\UGqZtQI.exe
  C:\Windows\System\UGqZtQI.exe
  2⤵
  PID:7264
- C:\Windows\System\NcyTgat.exe
  C:\Windows\System\NcyTgat.exe
  2⤵
  PID:7252
- C:\Windows\System\glZmehG.exe
  C:\Windows\System\glZmehG.exe
  2⤵
  PID:7288
- C:\Windows\System\KPLDPKM.exe
  C:\Windows\System\KPLDPKM.exe
  2⤵
  PID:7336
- C:\Windows\System\ffBasPU.exe
  C:\Windows\System\ffBasPU.exe
  2⤵
  PID:4312
- C:\Windows\System\xImPgKz.exe
  C:\Windows\System\xImPgKz.exe
  2⤵
  PID:1796
- C:\Windows\System\BVWgxQv.exe
  C:\Windows\System\BVWgxQv.exe
  2⤵
  PID:7128
- C:\Windows\System\smdrKly.exe
  C:\Windows\System\smdrKly.exe
  2⤵
  PID:6992
- C:\Windows\System\DehReyP.exe
  C:\Windows\System\DehReyP.exe
  2⤵
  PID:1892
- C:\Windows\System\ZQedmbR.exe
  C:\Windows\System\ZQedmbR.exe
  2⤵
  PID:356
- C:\Windows\System\qbbntrr.exe
  C:\Windows\System\qbbntrr.exe
  2⤵
  PID:1848
- C:\Windows\System\gHYlTsa.exe
  C:\Windows\System\gHYlTsa.exe
  2⤵
  PID:7648
- C:\Windows\System\baNrfKY.exe
  C:\Windows\System\baNrfKY.exe
  2⤵
  PID:6368
- C:\Windows\System\gfQigpP.exe
  C:\Windows\System\gfQigpP.exe
  2⤵
  PID:7636
- C:\Windows\System\txzRuQL.exe
  C:\Windows\System\txzRuQL.exe
  2⤵
  PID:6456
- C:\Windows\System\deRRvfk.exe
  C:\Windows\System\deRRvfk.exe
  2⤵
  PID:5228
- C:\Windows\System\kBlzGBN.exe
  C:\Windows\System\kBlzGBN.exe
  2⤵
  PID:2632
- C:\Windows\System\qCwROmk.exe
  C:\Windows\System\qCwROmk.exe
  2⤵
  PID:7184
- C:\Windows\System\JpgzrJq.exe
  C:\Windows\System\JpgzrJq.exe
  2⤵
  PID:7840
- C:\Windows\System\ViMURuI.exe
  C:\Windows\System\ViMURuI.exe
  2⤵
  PID:7904
- C:\Windows\System\XxmsSQO.exe
  C:\Windows\System\XxmsSQO.exe
  2⤵
  PID:7800
- C:\Windows\System\bQQDAYm.exe
  C:\Windows\System\bQQDAYm.exe
  2⤵
  PID:7972
- C:\Windows\System\irIbUnU.exe
  C:\Windows\System\irIbUnU.exe
  2⤵
  PID:6832
- C:\Windows\System\KJiJCUZ.exe
  C:\Windows\System\KJiJCUZ.exe
  2⤵
  PID:8172
- C:\Windows\System\GaytIxI.exe
  C:\Windows\System\GaytIxI.exe
  2⤵
  PID:7732
- C:\Windows\System\PpBUPPd.exe
  C:\Windows\System\PpBUPPd.exe
  2⤵
  PID:872
- C:\Windows\System\ObsaUyz.exe
  C:\Windows\System\ObsaUyz.exe
  2⤵
  PID:7408
- C:\Windows\System\jdTGhfm.exe
  C:\Windows\System\jdTGhfm.exe
  2⤵
  PID:6880
- C:\Windows\System\AHtGWqj.exe
  C:\Windows\System\AHtGWqj.exe
  2⤵
  PID:7348
- C:\Windows\System\QpNFbyb.exe
  C:\Windows\System\QpNFbyb.exe
  2⤵
  PID:5604
- C:\Windows\System\WGlMDyx.exe
  C:\Windows\System\WGlMDyx.exe
  2⤵
  PID:2192
- C:\Windows\System\okrIzIp.exe
  C:\Windows\System\okrIzIp.exe
  2⤵
  PID:1788
- C:\Windows\System\bFIahPN.exe
  C:\Windows\System\bFIahPN.exe
  2⤵
  PID:7656
- C:\Windows\System\bIHdABc.exe
  C:\Windows\System\bIHdABc.exe
  2⤵
  PID:5872
- C:\Windows\System\UQgHuKT.exe
  C:\Windows\System\UQgHuKT.exe
  2⤵
  PID:1524
- C:\Windows\System\AlynKiA.exe
  C:\Windows\System\AlynKiA.exe
  2⤵
  PID:7712
- C:\Windows\System\ossuwXH.exe
  C:\Windows\System\ossuwXH.exe
  2⤵
  PID:7828
- C:\Windows\System\bibEspl.exe
  C:\Windows\System\bibEspl.exe
  2⤵
  PID:6352
- C:\Windows\System\nzoTdEz.exe
  C:\Windows\System\nzoTdEz.exe
  2⤵
  PID:2128
- C:\Windows\System\iaONoof.exe
  C:\Windows\System\iaONoof.exe
  2⤵
  PID:6508
- C:\Windows\System\QcJmyYG.exe
  C:\Windows\System\QcJmyYG.exe
  2⤵
  PID:7844
- C:\Windows\System\dUcoMBy.exe
  C:\Windows\System\dUcoMBy.exe
  2⤵
  PID:1856
- C:\Windows\System\OUjHjTc.exe
  C:\Windows\System\OUjHjTc.exe
  2⤵
  PID:1792
- C:\Windows\System\bbytHBe.exe
  C:\Windows\System\bbytHBe.exe
  2⤵
  PID:628
- C:\Windows\System\GUhmmxx.exe
  C:\Windows\System\GUhmmxx.exe
  2⤵
  PID:6356
- C:\Windows\System\KUjVrmD.exe
  C:\Windows\System\KUjVrmD.exe
  2⤵
  PID:7988
- C:\Windows\System\pmOwVZe.exe
  C:\Windows\System\pmOwVZe.exe
  2⤵
  PID:6412
- C:\Windows\System\kzpBiHH.exe
  C:\Windows\System\kzpBiHH.exe
  2⤵
  PID:8032
- C:\Windows\System\khXtode.exe
  C:\Windows\System\khXtode.exe
  2⤵
  PID:7552
- C:\Windows\System\MavuLOo.exe
  C:\Windows\System\MavuLOo.exe
  2⤵
  PID:6848
- C:\Windows\System\ALJPOVc.exe
  C:\Windows\System\ALJPOVc.exe
  2⤵
  PID:1424
- C:\Windows\System\YyDHmNq.exe
  C:\Windows\System\YyDHmNq.exe
  2⤵
  PID:7608
- C:\Windows\System\DIjMzWp.exe
  C:\Windows\System\DIjMzWp.exe
  2⤵
  PID:660
- C:\Windows\System\guBEFLQ.exe
  C:\Windows\System\guBEFLQ.exe
  2⤵
  PID:7716
- C:\Windows\System\YvaqFmZ.exe
  C:\Windows\System\YvaqFmZ.exe
  2⤵
  PID:7700
- C:\Windows\System\oLtBOKC.exe
  C:\Windows\System\oLtBOKC.exe
  2⤵
  PID:7884
- C:\Windows\System\tVUCUAZ.exe
  C:\Windows\System\tVUCUAZ.exe
  2⤵
  PID:2008
- C:\Windows\System\zSrNbyF.exe
  C:\Windows\System\zSrNbyF.exe
  2⤵
  PID:444
- C:\Windows\System\MDqfhIa.exe
  C:\Windows\System\MDqfhIa.exe
  2⤵
  PID:8188
- C:\Windows\System\vRZwEze.exe
  C:\Windows\System\vRZwEze.exe
  2⤵
  PID:1128
- C:\Windows\System\dBpuZBn.exe
  C:\Windows\System\dBpuZBn.exe
  2⤵
  PID:2976
- C:\Windows\System\KDjOjJC.exe
  C:\Windows\System\KDjOjJC.exe
  2⤵
  PID:7568
- C:\Windows\System\ficfADH.exe
  C:\Windows\System\ficfADH.exe
  2⤵
  PID:6688
- C:\Windows\System\uxLTOIL.exe
  C:\Windows\System\uxLTOIL.exe
  2⤵
  PID:1272
- C:\Windows\System\utGIVUp.exe
  C:\Windows\System\utGIVUp.exe
  2⤵
  PID:7696
- C:\Windows\System\EUXikho.exe
  C:\Windows\System\EUXikho.exe
  2⤵
  PID:6372
- C:\Windows\System\NPoDtvu.exe
  C:\Windows\System\NPoDtvu.exe
  2⤵
  PID:1860
- C:\Windows\System\NbdPNni.exe
  C:\Windows\System\NbdPNni.exe
  2⤵
  PID:5196
- C:\Windows\System\SdlZkvS.exe
  C:\Windows\System\SdlZkvS.exe
  2⤵
  PID:2256
- C:\Windows\System\YzASegV.exe
  C:\Windows\System\YzASegV.exe
  2⤵
  PID:8200
- C:\Windows\System\lbprESx.exe
  C:\Windows\System\lbprESx.exe
  2⤵
  PID:8256
- C:\Windows\System\BcSsXll.exe
  C:\Windows\System\BcSsXll.exe
  2⤵
  PID:8272
- C:\Windows\System\gyCuVPQ.exe
  C:\Windows\System\gyCuVPQ.exe
  2⤵
  PID:8288
- C:\Windows\System\OkwJdzU.exe
  C:\Windows\System\OkwJdzU.exe
  2⤵
  PID:8304
- C:\Windows\System\jTUTYAA.exe
  C:\Windows\System\jTUTYAA.exe
  2⤵
  PID:8320
- C:\Windows\System\yEIuJjK.exe
  C:\Windows\System\yEIuJjK.exe
  2⤵
  PID:8336
- C:\Windows\System\KtZjIcA.exe
  C:\Windows\System\KtZjIcA.exe
  2⤵
  PID:8352
- C:\Windows\System\imUuPSf.exe
  C:\Windows\System\imUuPSf.exe
  2⤵
  PID:8368
- C:\Windows\System\ZTCIuSl.exe
  C:\Windows\System\ZTCIuSl.exe
  2⤵
  PID:8384
- C:\Windows\System\zkNgmXZ.exe
  C:\Windows\System\zkNgmXZ.exe
  2⤵
  PID:8404
- C:\Windows\System\CwFlUdV.exe
  C:\Windows\System\CwFlUdV.exe
  2⤵
  PID:8436
- C:\Windows\System\HpTEPVj.exe
  C:\Windows\System\HpTEPVj.exe
  2⤵
  PID:8480
- C:\Windows\System\ozoYptv.exe
  C:\Windows\System\ozoYptv.exe
  2⤵
  PID:8496
- C:\Windows\System\QYqBSiU.exe
  C:\Windows\System\QYqBSiU.exe
  2⤵
  PID:8512
- C:\Windows\System\KNXJxTb.exe
  C:\Windows\System\KNXJxTb.exe
  2⤵
  PID:8528
- C:\Windows\System\DJUciIe.exe
  C:\Windows\System\DJUciIe.exe
  2⤵
  PID:8544
- C:\Windows\System\vDDseQK.exe
  C:\Windows\System\vDDseQK.exe
  2⤵
  PID:8560
- C:\Windows\System\yNLUEoZ.exe
  C:\Windows\System\yNLUEoZ.exe
  2⤵
  PID:8576
- C:\Windows\System\KtNthqW.exe
  C:\Windows\System\KtNthqW.exe
  2⤵
  PID:8592
- C:\Windows\System\TIcixLE.exe
  C:\Windows\System\TIcixLE.exe
  2⤵
  PID:8608
- C:\Windows\System\ZZnjPxq.exe
  C:\Windows\System\ZZnjPxq.exe
  2⤵
  PID:8624
- C:\Windows\System\VJAMmoZ.exe
  C:\Windows\System\VJAMmoZ.exe
  2⤵
  PID:8640
- C:\Windows\System\CfcLghF.exe
  C:\Windows\System\CfcLghF.exe
  2⤵
  PID:8656
- C:\Windows\System\QcChxkj.exe
  C:\Windows\System\QcChxkj.exe
  2⤵
  PID:8672
- C:\Windows\System\oflRfIP.exe
  C:\Windows\System\oflRfIP.exe
  2⤵
  PID:8688
- C:\Windows\System\KCQOJNN.exe
  C:\Windows\System\KCQOJNN.exe
  2⤵
  PID:8704
- C:\Windows\System\jemSEmx.exe
  C:\Windows\System\jemSEmx.exe
  2⤵
  PID:8720
- C:\Windows\System\bAlDyil.exe
  C:\Windows\System\bAlDyil.exe
  2⤵
  PID:8736
- C:\Windows\System\SRkSyhp.exe
  C:\Windows\System\SRkSyhp.exe
  2⤵
  PID:8752
- C:\Windows\System\MKyDeiZ.exe
  C:\Windows\System\MKyDeiZ.exe
  2⤵
  PID:8772
- C:\Windows\System\ONDzoCF.exe
  C:\Windows\System\ONDzoCF.exe
  2⤵
  PID:8788
- C:\Windows\System\zTYDdyD.exe
  C:\Windows\System\zTYDdyD.exe
  2⤵
  PID:8804
- C:\Windows\System\iwtwkam.exe
  C:\Windows\System\iwtwkam.exe
  2⤵
  PID:8820
- C:\Windows\System\jroAitn.exe
  C:\Windows\System\jroAitn.exe
  2⤵
  PID:8836
- C:\Windows\System\BomeGCk.exe
  C:\Windows\System\BomeGCk.exe
  2⤵
  PID:8852
- C:\Windows\System\IzaZfBm.exe
  C:\Windows\System\IzaZfBm.exe
  2⤵
  PID:8868
- C:\Windows\System\VeOkBrh.exe
  C:\Windows\System\VeOkBrh.exe
  2⤵
  PID:8884
- C:\Windows\System\QbijCHf.exe
  C:\Windows\System\QbijCHf.exe
  2⤵
  PID:8900
- C:\Windows\System\ikilkBI.exe
  C:\Windows\System\ikilkBI.exe
  2⤵
  PID:8920
- C:\Windows\System\kyoILcA.exe
  C:\Windows\System\kyoILcA.exe
  2⤵
  PID:8936
- C:\Windows\System\mRSObhT.exe
  C:\Windows\System\mRSObhT.exe
  2⤵
  PID:8952
- C:\Windows\System\JnVNUPU.exe
  C:\Windows\System\JnVNUPU.exe
  2⤵
  PID:8968
- C:\Windows\System\IyCLJQN.exe
  C:\Windows\System\IyCLJQN.exe
  2⤵
  PID:8984
- C:\Windows\System\qWfDWnu.exe
  C:\Windows\System\qWfDWnu.exe
  2⤵
  PID:9000
- C:\Windows\System\exSiZmT.exe
  C:\Windows\System\exSiZmT.exe
  2⤵
  PID:9016
- C:\Windows\System\YNSQBGS.exe
  C:\Windows\System\YNSQBGS.exe
  2⤵
  PID:9032
- C:\Windows\System\uznylRD.exe
  C:\Windows\System\uznylRD.exe
  2⤵
  PID:9048
- C:\Windows\System\ORUgiSD.exe
  C:\Windows\System\ORUgiSD.exe
  2⤵
  PID:9064
- C:\Windows\System\vfRAnGv.exe
  C:\Windows\System\vfRAnGv.exe
  2⤵
  PID:9080
- C:\Windows\System\gwmKFiI.exe
  C:\Windows\System\gwmKFiI.exe
  2⤵
  PID:9096
- C:\Windows\System\JQIwamJ.exe
  C:\Windows\System\JQIwamJ.exe
  2⤵
  PID:9112
- C:\Windows\System\rUJgRpQ.exe
  C:\Windows\System\rUJgRpQ.exe
  2⤵
  PID:9128
- C:\Windows\System\pGvBnug.exe
  C:\Windows\System\pGvBnug.exe
  2⤵
  PID:9148
- C:\Windows\System\cYpDxcu.exe
  C:\Windows\System\cYpDxcu.exe
  2⤵
  PID:9164
- C:\Windows\System\gaGCFOV.exe
  C:\Windows\System\gaGCFOV.exe
  2⤵
  PID:9180
- C:\Windows\System\GaKAesI.exe
  C:\Windows\System\GaKAesI.exe
  2⤵
  PID:9196
- C:\Windows\System\ioeIHnQ.exe
  C:\Windows\System\ioeIHnQ.exe
  2⤵
  PID:9212
- C:\Windows\System\DpzqPUj.exe
  C:\Windows\System\DpzqPUj.exe
  2⤵
  PID:2364
- C:\Windows\System\xzrjCdt.exe
  C:\Windows\System\xzrjCdt.exe
  2⤵
  PID:7400
- C:\Windows\System\ttfUlAc.exe
  C:\Windows\System\ttfUlAc.exe
  2⤵
  PID:2924
- C:\Windows\System\boZYuAb.exe
  C:\Windows\System\boZYuAb.exe
  2⤵
  PID:7496
- C:\Windows\System\WRJeQFR.exe
  C:\Windows\System\WRJeQFR.exe
  2⤵
  PID:1980
- C:\Windows\System\XQkPIaF.exe
  C:\Windows\System\XQkPIaF.exe
  2⤵
  PID:8268
- C:\Windows\System\eaHqdjD.exe
  C:\Windows\System\eaHqdjD.exe
  2⤵
  PID:8332
- C:\Windows\System\neOpjkx.exe
  C:\Windows\System\neOpjkx.exe
  2⤵
  PID:8236
- C:\Windows\System\XdJplPb.exe
  C:\Windows\System\XdJplPb.exe
  2⤵
  PID:8212
- C:\Windows\System\NmvpeaP.exe
  C:\Windows\System\NmvpeaP.exe
  2⤵
  PID:8364
- C:\Windows\System\QGtwZLw.exe
  C:\Windows\System\QGtwZLw.exe
  2⤵
  PID:8400
- C:\Windows\System\gGSsdzl.exe
  C:\Windows\System\gGSsdzl.exe
  2⤵
  PID:8280
- C:\Windows\System\pLQxYNH.exe
  C:\Windows\System\pLQxYNH.exe
  2⤵
  PID:8380
- C:\Windows\System\LqzpQtG.exe
  C:\Windows\System\LqzpQtG.exe
  2⤵
  PID:8428
- C:\Windows\System\JMmngYG.exe
  C:\Windows\System\JMmngYG.exe
  2⤵
  PID:8464
- C:\Windows\System\AiUBmzk.exe
  C:\Windows\System\AiUBmzk.exe
  2⤵
  PID:8448
- C:\Windows\System\iOHvPqZ.exe
  C:\Windows\System\iOHvPqZ.exe
  2⤵
  PID:8540
- C:\Windows\System\hPiQsDE.exe
  C:\Windows\System\hPiQsDE.exe
  2⤵
  PID:8488
- C:\Windows\System\GmYkADn.exe
  C:\Windows\System\GmYkADn.exe
  2⤵
  PID:8552
- C:\Windows\System\HSmdeSD.exe
  C:\Windows\System\HSmdeSD.exe
  2⤵
  PID:8648
- C:\Windows\System\twXoDta.exe
  C:\Windows\System\twXoDta.exe
  2⤵
  PID:8632
- C:\Windows\System\cHXYIpl.exe
  C:\Windows\System\cHXYIpl.exe
  2⤵
  PID:8668
- C:\Windows\System\vqCFGlM.exe
  C:\Windows\System\vqCFGlM.exe
  2⤵
  PID:8732
- C:\Windows\System\upRPAJZ.exe
  C:\Windows\System\upRPAJZ.exe
  2⤵
  PID:8768
- C:\Windows\System\eOFkglN.exe
  C:\Windows\System\eOFkglN.exe
  2⤵
  PID:8744
- C:\Windows\System\uIqhzsY.exe
  C:\Windows\System\uIqhzsY.exe
  2⤵
  PID:8844
- C:\Windows\System\mtizkFz.exe
  C:\Windows\System\mtizkFz.exe
  2⤵
  PID:8728
- C:\Windows\System\EjLCZOv.exe
  C:\Windows\System\EjLCZOv.exe
  2⤵
  PID:8828
- C:\Windows\System\xWcJIFC.exe
  C:\Windows\System\xWcJIFC.exe
  2⤵
  PID:8860
- C:\Windows\System\yZfyPEd.exe
  C:\Windows\System\yZfyPEd.exe
  2⤵
  PID:8948
- C:\Windows\System\bHRCGMz.exe
  C:\Windows\System\bHRCGMz.exe
  2⤵
  PID:8980
- C:\Windows\System\TSxmrGL.exe
  C:\Windows\System\TSxmrGL.exe
  2⤵
  PID:8960
- C:\Windows\System\NQbRYow.exe
  C:\Windows\System\NQbRYow.exe
  2⤵
  PID:9024
- C:\Windows\System\IauqVuR.exe
  C:\Windows\System\IauqVuR.exe
  2⤵
  PID:9092
- C:\Windows\System\CirRdmk.exe
  C:\Windows\System\CirRdmk.exe
  2⤵
  PID:8248
- C:\Windows\System\kzJmoqT.exe
  C:\Windows\System\kzJmoqT.exe
  2⤵
  PID:9072
- C:\Windows\System\KpsBfdb.exe
  C:\Windows\System\KpsBfdb.exe
  2⤵
  PID:9204
- C:\Windows\System\KbGlXZs.exe
  C:\Windows\System\KbGlXZs.exe
  2⤵
  PID:8460
- C:\Windows\System\foSQrMJ.exe
  C:\Windows\System\foSQrMJ.exe
  2⤵
  PID:8344
- C:\Windows\System\HCbDLPH.exe
  C:\Windows\System\HCbDLPH.exe
  2⤵
  PID:8476
- C:\Windows\System\sVDYJPP.exe
  C:\Windows\System\sVDYJPP.exe
  2⤵
  PID:8616
- C:\Windows\System\ebIXpGt.exe
  C:\Windows\System\ebIXpGt.exe
  2⤵
  PID:8600
- C:\Windows\System\qgGZqdu.exe
  C:\Windows\System\qgGZqdu.exe
  2⤵
  PID:8664
- C:\Windows\System\ELnpRox.exe
  C:\Windows\System\ELnpRox.exe
  2⤵
  PID:8396
- C:\Windows\System\XMNrQhR.exe
  C:\Windows\System\XMNrQhR.exe
  2⤵
  PID:8228
- C:\Windows\System\sVuXHjw.exe
  C:\Windows\System\sVuXHjw.exe
  2⤵
  PID:8520
- C:\Windows\System\rIyDdLt.exe
  C:\Windows\System\rIyDdLt.exe
  2⤵
  PID:8584
- C:\Windows\System\CCyjhhd.exe
  C:\Windows\System\CCyjhhd.exe
  2⤵
  PID:8420
- C:\Windows\System\VPxMAMU.exe
  C:\Windows\System\VPxMAMU.exe
  2⤵
  PID:8800
- C:\Windows\System\lmZuQZE.exe
  C:\Windows\System\lmZuQZE.exe
  2⤵
  PID:8864
- C:\Windows\System\ywyLZDM.exe
  C:\Windows\System\ywyLZDM.exe
  2⤵
  PID:8876
- C:\Windows\System\xUcWjIU.exe
  C:\Windows\System\xUcWjIU.exe
  2⤵
  PID:8976
- C:\Windows\System\mFAOcDO.exe
  C:\Windows\System\mFAOcDO.exe
  2⤵
  PID:9060
- C:\Windows\System\GMiHQbF.exe
  C:\Windows\System\GMiHQbF.exe
  2⤵
  PID:8996
- C:\Windows\System\JkYCdyB.exe
  C:\Windows\System\JkYCdyB.exe
  2⤵
  PID:9160
- C:\Windows\System\RIzBhDv.exe
  C:\Windows\System\RIzBhDv.exe
  2⤵
  PID:6164
- C:\Windows\System\BEokyoN.exe
  C:\Windows\System\BEokyoN.exe
  2⤵
  PID:9012
- C:\Windows\System\tWejBxw.exe
  C:\Windows\System\tWejBxw.exe
  2⤵
  PID:9140
- C:\Windows\System\hHmqcPY.exe
  C:\Windows\System\hHmqcPY.exe
  2⤵
  PID:9172
- C:\Windows\System\aSascmp.exe
  C:\Windows\System\aSascmp.exe
  2⤵
  PID:8224
- C:\Windows\System\MPxdrhD.exe
  C:\Windows\System\MPxdrhD.exe
  2⤵
  PID:8780
- C:\Windows\System\GBKxGPj.exe
  C:\Windows\System\GBKxGPj.exe
  2⤵
  PID:8712
- C:\Windows\System\dZJowxA.exe
  C:\Windows\System\dZJowxA.exe
  2⤵
  PID:9188
- C:\Windows\System\DsPrJWO.exe
  C:\Windows\System\DsPrJWO.exe
  2⤵
  PID:8916
- C:\Windows\System\MUgBWVK.exe
  C:\Windows\System\MUgBWVK.exe
  2⤵
  PID:8700
- C:\Windows\System\YtNUesA.exe
  C:\Windows\System\YtNUesA.exe
  2⤵
  PID:8456
- C:\Windows\System\NcKtnaV.exe
  C:\Windows\System\NcKtnaV.exe
  2⤵
  PID:9136
- C:\Windows\System\FJmSpJq.exe
  C:\Windows\System\FJmSpJq.exe
  2⤵
  PID:8264
- C:\Windows\System\tJZEzuy.exe
  C:\Windows\System\tJZEzuy.exe
  2⤵
  PID:8424
- C:\Windows\System\aFOLjFM.exe
  C:\Windows\System\aFOLjFM.exe
  2⤵
  PID:8232
- C:\Windows\System\YoDTrMQ.exe
  C:\Windows\System\YoDTrMQ.exe
  2⤵
  PID:8328
- C:\Windows\System\zMLFiJe.exe
  C:\Windows\System\zMLFiJe.exe
  2⤵
  PID:9056
- C:\Windows\System\MqAYySY.exe
  C:\Windows\System\MqAYySY.exe
  2⤵
  PID:8748
- C:\Windows\System\uhOAtXO.exe
  C:\Windows\System\uhOAtXO.exe
  2⤵
  PID:9220
- C:\Windows\System\hqVFsiB.exe
  C:\Windows\System\hqVFsiB.exe
  2⤵
  PID:9236
- C:\Windows\System\dlRKprl.exe
  C:\Windows\System\dlRKprl.exe
  2⤵
  PID:9252
- C:\Windows\System\TniKyjx.exe
  C:\Windows\System\TniKyjx.exe
  2⤵
  PID:9268
- C:\Windows\System\JgFHZtF.exe
  C:\Windows\System\JgFHZtF.exe
  2⤵
  PID:9284
- C:\Windows\System\bxMgzRt.exe
  C:\Windows\System\bxMgzRt.exe
  2⤵
  PID:9300
- C:\Windows\System\MHgJnNI.exe
  C:\Windows\System\MHgJnNI.exe
  2⤵
  PID:9316
- C:\Windows\System\ULLouOd.exe
  C:\Windows\System\ULLouOd.exe
  2⤵
  PID:9336
- C:\Windows\System\gNsTuqG.exe
  C:\Windows\System\gNsTuqG.exe
  2⤵
  PID:9356
- C:\Windows\System\bwtsBFM.exe
  C:\Windows\System\bwtsBFM.exe
  2⤵
  PID:9480
- C:\Windows\System\iHJHshK.exe
  C:\Windows\System\iHJHshK.exe
  2⤵
  PID:9496
- C:\Windows\System\XBiSwYl.exe
  C:\Windows\System\XBiSwYl.exe
  2⤵
  PID:9512
- C:\Windows\System\EWhSDXw.exe
  C:\Windows\System\EWhSDXw.exe
  2⤵
  PID:9528
- C:\Windows\System\LyMnINu.exe
  C:\Windows\System\LyMnINu.exe
  2⤵
  PID:9544
- C:\Windows\System\CRnGadF.exe
  C:\Windows\System\CRnGadF.exe
  2⤵
  PID:9560
- C:\Windows\System\jSAAuso.exe
  C:\Windows\System\jSAAuso.exe
  2⤵
  PID:9576
- C:\Windows\System\uyACsEI.exe
  C:\Windows\System\uyACsEI.exe
  2⤵
  PID:9592
- C:\Windows\System\PjbGmck.exe
  C:\Windows\System\PjbGmck.exe
  2⤵
  PID:9608
- C:\Windows\System\rkUAJNs.exe
  C:\Windows\System\rkUAJNs.exe
  2⤵
  PID:9624
- C:\Windows\System\UtwEGZI.exe
  C:\Windows\System\UtwEGZI.exe
  2⤵
  PID:9648
- C:\Windows\System\gNQYmKa.exe
  C:\Windows\System\gNQYmKa.exe
  2⤵
  PID:9664
- C:\Windows\System\LWdYoOR.exe
  C:\Windows\System\LWdYoOR.exe
  2⤵
  PID:9680
- C:\Windows\System\NTbggXb.exe
  C:\Windows\System\NTbggXb.exe
  2⤵
  PID:9696
- C:\Windows\System\UmSEywL.exe
  C:\Windows\System\UmSEywL.exe
  2⤵
  PID:9712
- C:\Windows\System\pWaKrIk.exe
  C:\Windows\System\pWaKrIk.exe
  2⤵
  PID:9728
- C:\Windows\System\CyrBhGr.exe
  C:\Windows\System\CyrBhGr.exe
  2⤵
  PID:9744
- C:\Windows\System\WPjyQBj.exe
  C:\Windows\System\WPjyQBj.exe
  2⤵
  PID:9760
- C:\Windows\System\fmeOUEy.exe
  C:\Windows\System\fmeOUEy.exe
  2⤵
  PID:9776
- C:\Windows\System\UufzjMd.exe
  C:\Windows\System\UufzjMd.exe
  2⤵
  PID:9792
- C:\Windows\System\sMYtsct.exe
  C:\Windows\System\sMYtsct.exe
  2⤵
  PID:9808
- C:\Windows\System\TWPtuIY.exe
  C:\Windows\System\TWPtuIY.exe
  2⤵
  PID:9824
- C:\Windows\System\SeAZroB.exe
  C:\Windows\System\SeAZroB.exe
  2⤵
  PID:9840
- C:\Windows\System\bjrMpYq.exe
  C:\Windows\System\bjrMpYq.exe
  2⤵
  PID:9856
- C:\Windows\System\VPOEiYY.exe
  C:\Windows\System\VPOEiYY.exe
  2⤵
  PID:9872
- C:\Windows\System\TcwHIsk.exe
  C:\Windows\System\TcwHIsk.exe
  2⤵
  PID:9888
- C:\Windows\System\fwTezyo.exe
  C:\Windows\System\fwTezyo.exe
  2⤵
  PID:9904
- C:\Windows\System\rNtISGR.exe
  C:\Windows\System\rNtISGR.exe
  2⤵
  PID:9920
- C:\Windows\System\mdZXFUt.exe
  C:\Windows\System\mdZXFUt.exe
  2⤵
  PID:9936
- C:\Windows\System\LQACwMf.exe
  C:\Windows\System\LQACwMf.exe
  2⤵
  PID:9952
- C:\Windows\System\ayXlGPr.exe
  C:\Windows\System\ayXlGPr.exe
  2⤵
  PID:9968
- C:\Windows\System\WWeSmHV.exe
  C:\Windows\System\WWeSmHV.exe
  2⤵
  PID:9984
- C:\Windows\System\QvkugzQ.exe
  C:\Windows\System\QvkugzQ.exe
  2⤵
  PID:10000
- C:\Windows\System\MNMiSsh.exe
  C:\Windows\System\MNMiSsh.exe
  2⤵
  PID:10016
- C:\Windows\System\ZXpUTsz.exe
  C:\Windows\System\ZXpUTsz.exe
  2⤵
  PID:10032
- C:\Windows\System\teZCjEF.exe
  C:\Windows\System\teZCjEF.exe
  2⤵
  PID:10052
- C:\Windows\System\PupcSMr.exe
  C:\Windows\System\PupcSMr.exe
  2⤵
  PID:10120
- C:\Windows\System\RqEdrXw.exe
  C:\Windows\System\RqEdrXw.exe
  2⤵
  PID:10136
- C:\Windows\System\tcUTtwN.exe
  C:\Windows\System\tcUTtwN.exe
  2⤵
  PID:10196
- C:\Windows\System\FEUTjyO.exe
  C:\Windows\System\FEUTjyO.exe
  2⤵
  PID:10224
- C:\Windows\System\FQzCuCl.exe
  C:\Windows\System\FQzCuCl.exe
  2⤵
  PID:2740
- C:\Windows\System\rRiDPLB.exe
  C:\Windows\System\rRiDPLB.exe
  2⤵
  PID:9276
- C:\Windows\System\hlYOEyF.exe
  C:\Windows\System\hlYOEyF.exe
  2⤵
  PID:9228
- C:\Windows\System\dqlafHL.exe
  C:\Windows\System\dqlafHL.exe
  2⤵
  PID:9296
- C:\Windows\System\BvmEzYM.exe
  C:\Windows\System\BvmEzYM.exe
  2⤵
  PID:9308
- C:\Windows\System\SVnNfZt.exe
  C:\Windows\System\SVnNfZt.exe
  2⤵
  PID:9352
- C:\Windows\System\UEGYuUj.exe
  C:\Windows\System\UEGYuUj.exe
  2⤵
  PID:9376
- C:\Windows\System\rLclUtv.exe
  C:\Windows\System\rLclUtv.exe
  2⤵
  PID:9412
- C:\Windows\System\voctYoH.exe
  C:\Windows\System\voctYoH.exe
  2⤵
  PID:9456
- C:\Windows\System\viZROhw.exe
  C:\Windows\System\viZROhw.exe
  2⤵
  PID:9476
- C:\Windows\System\jDtAKKb.exe
  C:\Windows\System\jDtAKKb.exe
  2⤵
  PID:9600
- C:\Windows\System\IzTqTvR.exe
  C:\Windows\System\IzTqTvR.exe
  2⤵
  PID:9788
- C:\Windows\System\nSZguzI.exe
  C:\Windows\System\nSZguzI.exe
  2⤵
  PID:9708
- C:\Windows\System\uXfQJaE.exe
  C:\Windows\System\uXfQJaE.exe
  2⤵
  PID:9804
- C:\Windows\System\enBvlwA.exe
  C:\Windows\System\enBvlwA.exe
  2⤵
  PID:9660
- C:\Windows\System\LEpMLJQ.exe
  C:\Windows\System\LEpMLJQ.exe
  2⤵
  PID:9644
- C:\Windows\System\XcUJrun.exe
  C:\Windows\System\XcUJrun.exe
  2⤵
  PID:9864
- C:\Windows\System\ektoGNk.exe
  C:\Windows\System\ektoGNk.exe
  2⤵
  PID:9912
- C:\Windows\System\jZQHxst.exe
  C:\Windows\System\jZQHxst.exe
  2⤵
  PID:9928
- C:\Windows\System\yEmjONI.exe
  C:\Windows\System\yEmjONI.exe
  2⤵
  PID:10024
- C:\Windows\System\GvgegDX.exe
  C:\Windows\System\GvgegDX.exe
  2⤵
  PID:8348
- C:\Windows\System\zGYQjSO.exe
  C:\Windows\System\zGYQjSO.exe
  2⤵
  PID:10080
- C:\Windows\System\TULIPbM.exe
  C:\Windows\System\TULIPbM.exe
  2⤵
  PID:10112
- C:\Windows\System\PeUjvXn.exe
  C:\Windows\System\PeUjvXn.exe
  2⤵
  PID:10128
- C:\Windows\System\SkBWuDn.exe
  C:\Windows\System\SkBWuDn.exe
  2⤵
  PID:10212
- C:\Windows\System\lVBClek.exe
  C:\Windows\System\lVBClek.exe
  2⤵
  PID:10144
- C:\Windows\System\kEBbZLl.exe
  C:\Windows\System\kEBbZLl.exe
  2⤵
  PID:10184
- C:\Windows\System\GTfqukU.exe
  C:\Windows\System\GTfqukU.exe
  2⤵
  PID:10232
- C:\Windows\System\MWoloaH.exe
  C:\Windows\System\MWoloaH.exe
  2⤵
  PID:9088
- C:\Windows\System\yaLWMcG.exe
  C:\Windows\System\yaLWMcG.exe
  2⤵
  PID:5552
- C:\Windows\System\QWsVOlN.exe
  C:\Windows\System\QWsVOlN.exe
  2⤵
  PID:9248
- C:\Windows\System\aIegPyc.exe
  C:\Windows\System\aIegPyc.exe
  2⤵
  PID:9388
- C:\Windows\System\vjmXlVF.exe
  C:\Windows\System\vjmXlVF.exe
  2⤵
  PID:9372
- C:\Windows\System\fgnIvZE.exe
  C:\Windows\System\fgnIvZE.exe
  2⤵
  PID:9404
- C:\Windows\System\ktGuzCD.exe
  C:\Windows\System\ktGuzCD.exe
  2⤵
  PID:9436
- C:\Windows\System\UCpoYVU.exe
  C:\Windows\System\UCpoYVU.exe
  2⤵
  PID:9468
- C:\Windows\System\ncGmtZC.exe
  C:\Windows\System\ncGmtZC.exe
  2⤵
  PID:9488
- C:\Windows\System\RBpuUgZ.exe
  C:\Windows\System\RBpuUgZ.exe
  2⤵
  PID:9556
- C:\Windows\System\yvfUCWk.exe
  C:\Windows\System\yvfUCWk.exe
  2⤵
  PID:9616
- C:\Windows\System\apUjYkl.exe
  C:\Windows\System\apUjYkl.exe
  2⤵
  PID:9568
- C:\Windows\System\hjzsIuw.exe
  C:\Windows\System\hjzsIuw.exe
  2⤵
  PID:9536
- C:\Windows\System\AseuWRn.exe
  C:\Windows\System\AseuWRn.exe
  2⤵
  PID:9816
- C:\Windows\System\JweuhOq.exe
  C:\Windows\System\JweuhOq.exe
  2⤵
  PID:9800
- C:\Windows\System\hIorrui.exe
  C:\Windows\System\hIorrui.exe
  2⤵
  PID:9880
- C:\Windows\System\kIEiuNZ.exe
  C:\Windows\System\kIEiuNZ.exe
  2⤵
  PID:9620
- C:\Windows\System\ksKlWZT.exe
  C:\Windows\System\ksKlWZT.exe
  2⤵
  PID:9916
- C:\Windows\System\vbxevWD.exe
  C:\Windows\System\vbxevWD.exe
  2⤵
  PID:10008
- C:\Windows\System\MVzWPHZ.exe
  C:\Windows\System\MVzWPHZ.exe
  2⤵
  PID:9996
- C:\Windows\System\LbhJhXX.exe
  C:\Windows\System\LbhJhXX.exe
  2⤵
  PID:10044
- C:\Windows\System\uxDSUIL.exe
  C:\Windows\System\uxDSUIL.exe
  2⤵
  PID:10084
- C:\Windows\System\uIdEebU.exe
  C:\Windows\System\uIdEebU.exe
  2⤵
  PID:10104
- C:\Windows\System\RdoPdkH.exe
  C:\Windows\System\RdoPdkH.exe
  2⤵
  PID:10176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CjxBDSH.exe

Filesize
6.0MB

MD5
01402b9bda42026c461491e5ff0ace21

SHA1
b670a9c4d65ddb3bec0bc35aa3b5f889c63f5a6b

SHA256
d926845f8f380e298314cade0fd2d7b094c4bb94b1bd7f070c60dda34e495169

SHA512
02ed1bd688700a3cf04de8fde198eb7b3054a83ebb0453cec603688579008cdda46751437ef963926b860b8105c33a1871d49717dce1461387efc6e4d9659c8a

Download Submit
C:\Windows\system\EGjjKpO.exe

Filesize
6.0MB

MD5
e5f3c17f8ac8cd667f3a3d0bd2eff623

SHA1
1672bb5cf5f6128070c0e3804e43085664a53074

SHA256
5f154130260626726eed24f4b6bb8a678c17b4c5638fae853aa98fa9c4f8df6d

SHA512
4a8cef11ba48e1aaf2da61271ad5d93e92908d3e07f807fa17d9da64cd9b743a63f36df9faeb59f9a04e56c31be57423974d1df2c5d209077e950157a20637a4

Download Submit
C:\Windows\system\GIpBwJN.exe

Filesize
6.0MB

MD5
67847144a728f6b0808551499b0bff93

SHA1
d6ac53427b476ca89e0938a0e7a4c8e0e3324b27

SHA256
fb17000753b841bb0a01da07ee7b9d9acd878e955c98692a3ec885a228a4b1ac

SHA512
a58e6ec75dadf1a77a3e08e0526ff8b11d638172f1ca57b3ee512ba8ac978489cbf99b877b80e7863da5422cfbee04a6d7bf64758319ec69fbb5e0ea58535c95

Download Submit
C:\Windows\system\GNUqUUm.exe

Filesize
6.0MB

MD5
f3990e77f5f0f15dfea41c731e5f8a06

SHA1
f16c70d71e5b0e3daa45ed50da2bb36839ea5f1a

SHA256
70230b22c00b0bcca9afc5a1670df6847329fa656f2da591519a9fe563f95670

SHA512
6061704a1cfa67abeaf8a07a2156a94abf5ed24c5504ab1de47ca2c2389a56a338a744ac34c74e68486264be4fedf22ee95505a976c6bb6cccab03ed659a1f1d

Download Submit
C:\Windows\system\IbqiNha.exe

Filesize
6.0MB

MD5
00d3dd6b6d0e88c5722aa79e7add0621

SHA1
f2c2456db0adb8b4628e3ca302890dbd49c698e5

SHA256
993e26452c8545ae55870b54d58b0d2229d174e0e799885e41a572656b83787b

SHA512
2d19f06aed8325259e8e3e57091e37a834343d3f282184f2aeca7e5dbfd44ccad97ed37c0753369177d827e4b3460c268aa8e9561ae78fcda3fef1ed704cc380

Download Submit
C:\Windows\system\IeoPwrI.exe

Filesize
6.0MB

MD5
9930c8a915633816c2c3f2d2eeaebde2

SHA1
3a91e447bb356489141980e937a0e959ce754c23

SHA256
8ed3315c7f3a737f54efdd272c33c40444a3df1b0ef200e3ac13a523813cd7d6

SHA512
56047baabe3d24a1257f578db572d70afff3d679c5b8eff026530f7c044a45abca067a6d3924b98e2e3591de9a5dd6691015c720b78b3450b9770a1e29c565c1

Download Submit
C:\Windows\system\JHJdjpC.exe

Filesize
6.0MB

MD5
33c1e7c0f8bcf8d9c37b9e45036bd6a5

SHA1
55dbe23f0c301590c36284d6f1573b759059b6e2

SHA256
8fc1707cf4f2c9921e1740763ad7367d0ce88f2e53fecbec33d0195ae11d7dc4

SHA512
cb6fb2b772fc4f62715fdeebaff9953acd2fd9d13d9be23a86fd712966880bf8dd64d5baad76f00cb0779aad644c39f215d5a8a3e54079c24f792a04295b7f6d

Download Submit
C:\Windows\system\KFbTtzk.exe

Filesize
6.0MB

MD5
96486c11dc4e360af83a071a7997fdf3

SHA1
f7ea4990ad371576c3440ec1e0eb61dc950d3516

SHA256
4bbe5b2106cfee66443349740e1cbcbf3b57f1d8097dbb9034427517063ffab9

SHA512
0a6ea61d78c3c05de0be585f540a1eaa5b381703f4ed8388037ab95fac6531620f63dee3b29220e1a03c8f0efb24ece312f17f3a28957d901f8832eddf84156f

Download Submit
C:\Windows\system\PtYsHjt.exe

Filesize
6.0MB

MD5
c63057ae21c41598d7510ebc9d194871

SHA1
c97f97c5475ede48a20c8ccaf4a4ccb8f59acb7f

SHA256
159379cc5e134abb0e073c8c469b1fd2a505423c3f0c51ecc58091091c5ec02b

SHA512
71b0ad3647bbd19846dea0eee6a80d47ceb46cc68a5b34f84b548a4ff293c7d101bb111650bef08b135ccb186d70261a5a9b195e95a21c6b69bfe6daca2b948b

Download Submit
C:\Windows\system\PuiiWeH.exe

Filesize
6.0MB

MD5
9ff93cd92f9c1d7b0f64fad271999707

SHA1
175e5162c423f6a764e6c91d820a657eedb1bce1

SHA256
a750b6f1bacf4f9b8778ebce6a5e4393421ec51d1fe8bbc17eb905ebe777d660

SHA512
6246f42a7f1bfffda9ec0f114a993033c71d71505b3851e09933b02b30ce92306430b8f55477f60609b5f8e1de99b967fa4fb2e8c52fa555ed263d4b620bf945

Download Submit
C:\Windows\system\QxoMEsZ.exe

Filesize
6.0MB

MD5
198a5bc0c717f97b4a6f6b495b381b1f

SHA1
03f5013120ae42d4942ce5470fee1b6e9d00c0a4

SHA256
c255f66cb18d2689f555c4e400e85d35fb3c046c5f945c1a47a5ffac396d76d4

SHA512
4009d7cae8b5868e48b53a8bbf1c688b7b9e0cfd2f85801949d0772150074b428616ccf490cc2a74d75a230e99db3f00a3821eef1c9accf75d9f6e502555e64b

Download Submit
C:\Windows\system\RQrblbN.exe

Filesize
6.0MB

MD5
4a5508fcecaca2b4ed20425edaa445a7

SHA1
b19c75a9794c18073757e2c6085fc6c070defacb

SHA256
fdb3422873584b35c99d67952d3b6c4d4d07dbcb916da0100c3c8bc200ca5c50

SHA512
4c25cedcdd43e5ad1ceeceb97bace1b62ccbc8f29619d0672458689f871ec73fd0389634d3bf446f1d5b0457ca7b6508f51afb2aab174e888e4283e2135960a7

Download Submit
C:\Windows\system\RfareAg.exe

Filesize
6.0MB

MD5
448c6cf9b89ea43f29853d44a65323c4

SHA1
381e2b521857848749da676baee6ddbd30ce04d7

SHA256
9d763318058fd1f0da8eb41d093fa818653ebdb59f731a7c754b4610b9796e35

SHA512
2f3960c7aed534c441a53e3bad1b795af6a00775826066b4c094f23664c7b1d6ca3c5d15dd528e51971526d6e5bbb8eb2ffce9d01e97ed0696950991b81562b7

Download Submit
C:\Windows\system\SZaDmQU.exe

Filesize
6.0MB

MD5
22f3e20d2abff06574646f5aaf87ffe8

SHA1
25209de8dc84ef9f187bffd75ed5f945cf563fb3

SHA256
5a5d8732ccfab9350b0f03ba160ef4b8000465e36faec52674972babe2fa23b2

SHA512
c6576e3f05467f0d93c175f951892eaff3f54c15fedf9eb07dfb3a3560e2f560d9653903f7b48db0d9713119efed828905589b39055bfdb2147d11e069377d08

Download Submit
C:\Windows\system\SlHQEDr.exe

Filesize
6.0MB

MD5
11f6b5ce5c02757c89e62d51d2ef0a05

SHA1
3b2253b286146bba2093626b40bbeb72b7941307

SHA256
41b12da821e025f1e606de8bb9c64a02cd5ab13927248cb828a6571cf616cd69

SHA512
df7be954483b0394574b1f5d3464b83db8ec62bbbfb2890f831c3bd9e2339141df75fc997cee61622203a7e965a236da329c9a8eb5e2334e518e5845623b56cc

Download Submit
C:\Windows\system\THjwWpe.exe

Filesize
6.0MB

MD5
e4ac8f47803434147a80545a38e950e9

SHA1
214d48349962ed7916034eb4fe69cd4ad1e552ea

SHA256
48d6b2093a68caca9cc71d78e9bc1a7c45b86f72f074a23e9d89cadc0a7a4bdd

SHA512
e47b7f8fc01f538b9a429a628a2be8c184a1050a2d21aa2028fe990042a1ad99b28bb98181f7d6f8a53ac46404fee130b36113ffec2d987164b72c803feda2d6

Download Submit
C:\Windows\system\UjOlGBb.exe

Filesize
6.0MB

MD5
39a90a87ddc72484c56ac5606ccce9fd

SHA1
52f8a45b228ad19eeb3db7877620180a9a71f14c

SHA256
82cbb4885acdf8844fbae2baf90af7042a1f75640ea922470fe59d4a7d7230a8

SHA512
6de21ff42fc3aa2e581c0e43622594284c879d9fef9e67699eae753ba8bc39b31961747b8b3084114c624d4092ef71486d42db461f510a5102f0159f535055ce

Download Submit
C:\Windows\system\UsxoDLx.exe

Filesize
6.0MB

MD5
4504c177d08bee88009903a51473e205

SHA1
9cc4ee684cb572a435c185e33f71c8f2c9d1dd8c

SHA256
1a1dbfd20aacd148a0c24016b3cdb2790fa64cd6a2efc24a480cd087231c8aab

SHA512
38a6e8110adb8776bdea4a83fa88a6835a3c0276281ebd0dd5186a9973215756db6a29d8dd3a6042e9a93a0f694383ad98db23a0830fe316a0c12b22ae25d506

Download Submit
C:\Windows\system\WJtfFyS.exe

Filesize
6.0MB

MD5
f04d75236dab61f0173426f574eb4dd9

SHA1
3de1665b233e8d189825f86874073486f5702dd7

SHA256
9a09102f210b9891e69efda0601a13cd2f9ab3bca27bbb24e3a63b47ffe447bf

SHA512
a236a624d34d5a2575f04290b639e6127b09277b26ea1a2c4a09c9c9aad139cbcafdbae325b47242e74b06904c28bf56567b14ede4ccd703b55ea3c05c9d8337

Download Submit
C:\Windows\system\adbdVIa.exe

Filesize
6.0MB

MD5
3df7e6735a3a7f5af3c2d9e7971cbf3b

SHA1
0d39c97278b839171f1762adf7ddfa728ce9126f

SHA256
46facefba6a93049eea5a3d63f4b144a79c3e21f5cbe05088bbb4dd10667a1b1

SHA512
1b08a33240c308c362ef84007346e0c0b13ffe2d9777132a71117115012e102111110ab63b673ac010f897529326b4f16a12c95ad6dcf4c7a2ba062b1f54948e

Download Submit
C:\Windows\system\fIVmQfL.exe

Filesize
6.0MB

MD5
1076bf5ae369ac8d6723aa2bb43440ab

SHA1
d6da7e60c55614c55ea49c6485e9c5f6c4cef55a

SHA256
cc5493837a87cc770c83712c5321cc01039f31350b8d732c18d9928ea9c797dc

SHA512
ba85fc5c8b6d42572f7509d5ba31751f5a6e816c5363f804324033ad0e2b2cecf2983055ab50662e553514345b94045497028bab3e101ca1dac73f4d46940b02

Download Submit
C:\Windows\system\gewsMMh.exe

Filesize
6.0MB

MD5
37aef552779081dcaf2e57857bb7083c

SHA1
7b8e2ba563a7da976ecd60c5b289b03d908098a2

SHA256
aed4547ac375608ba6138a558b0f7154ddfeb2c644f8062da25ac52913d99283

SHA512
e26a5ba899575cd6da776e2b85cda1af88b107d9b922d1e2e264a35bb06030a97b01eeeddce71f69a05157796f8e7c05e4f50d7692f9c5d1946228d139953f52

Download Submit
C:\Windows\system\hHitbON.exe

Filesize
6.0MB

MD5
9cd456e367b33aa11808e8de7103c082

SHA1
3c34cf947e4333307fa931343056ed58c268ea13

SHA256
7266719367192d984ce5df1ada632755aee5dbe657f79ed9d51ba18e2b2a53cb

SHA512
0ca07ca38da4b6916f4d93ce1340476ed669cd1a49d058edb41bee51d5fefcaac42c4540fcc62806917cafd5d1689f83e3eccdebbb5abf86ef93ff7abd8790a7

Download Submit
C:\Windows\system\jKbyVYw.exe

Filesize
6.0MB

MD5
19c24bc83cdcca0015c5385e05407efa

SHA1
a5c66a5e96b7be84a51d0baccf4581d39c17a7e8

SHA256
3728c625f95333f914bd086ffab2626d50675682e5db480f21e8c0605a99bfa3

SHA512
a8c35095f3b6bd1e57c2659dedabcd0360b70154354ad67ed0d4fb637cfa48bd2470a3b71e914439f439a8c6a9ab28128317144dc54cd47936359c61ed062a92

Download Submit
C:\Windows\system\kMMjoEC.exe

Filesize
6.0MB

MD5
bd67b0f60ffdcdf9e9042678a9fd2338

SHA1
abc0348172d0cacfa69c2b0671e06572f2e5ee94

SHA256
316726cc6a6fca7de5345cfc1de33255a3dca1bbbc4dadd1677e8698af9d7e43

SHA512
018b61cb6cf911d436bc0843133221896e146dc5cd28573408e006b48b05414e6231508dcae945fff2c05af25276fa09f4d0ef3871e2730ff4533d33e8342c86

Download Submit
C:\Windows\system\rHWhEuF.exe

Filesize
6.0MB

MD5
a15901bd22b105f77b49ade1a4562c8b

SHA1
d24717e44cc9d624a17aa8a38b7f863053ac43d2

SHA256
e4823c31c7222a75c14339c86d150736d83bb6e55b9fce052176dd1d5b350762

SHA512
10b3b2157cf0cebe2acd6a9b964c6dbb01d1a35c7bc3dce8dfb97af96d9d68752fc7604be9b717e2a0c75bb1dd8a53dfb6c91d359526096ce3ce89778a97c408

Download Submit
C:\Windows\system\wROBOpA.exe

Filesize
6.0MB

MD5
ad675d29b6e1e530e86d5c052a141ff2

SHA1
296dc74868277543476c401f551a10d63d982b93

SHA256
5d9e369d2942f26286448bcacab2e217c1476868e3a648ef6d88b00402c13e2a

SHA512
0dbcd6c920de5f41d666881262ca6bd9952adcb2f6e4a3c9942bdf91a5f78cad5a6847860cf565f8863dfaab4280260b8142eade8fd049367820dfc9af176bc9

Download Submit
C:\Windows\system\zOvRlwj.exe

Filesize
6.0MB

MD5
e3e52158a319d1ac0f7ea42a9ef86bce

SHA1
66502e9db896699f7475267eb9f39e54df743f20

SHA256
073fc057758a88539b376775ee18b428855ca161cfc2a84a0d1dd549cad7f963

SHA512
cf8e36a0d5d2548043633990ae819d775fba115f7ba03f7a86ede6a14f2611b8ef72f1763d9ac3a9ad3cc02563347080cc344f105d153ac59e43b5e36ce74b50

Download Submit
\Windows\system\GqAWklc.exe

Filesize
6.0MB

MD5
ae7ac2b0367b2da4519fd896387a6992

SHA1
fb0ff95ac347ef850197a649da78118d1e4fc69e

SHA256
078126f4228dd012684ed4b9fbe0f508c1ac511f4418f30a608ad65b190e5021

SHA512
442ab565874db16da3ce8fe3f71d188d788737d92e2cc71600079af0149bed66c62c48171dbad886d684b1e5f31ef377376cca92e814890b07d05b9e64c4797c

Download Submit
\Windows\system\OxCYGXz.exe

Filesize
6.0MB

MD5
a77018984d007d9ce5c8c4c38b3d1423

SHA1
30392e11e949f4ad884571d60c3015ef9d971a16

SHA256
9734e9b6cdfdb84c635555a23083253a72639c6e7f2be6067aaf02db137ff180

SHA512
85c3e1d226883b69c1df57f0cc17e24d4a6be33ba44b501f8f5b037a340279b47ddeeb21985620e958fcf6068de57faf9f33c9eef1e2d33ceee4f1962f138a1a

Download Submit
\Windows\system\cuVQVXC.exe

Filesize
6.0MB

MD5
fe0852e8ccd57c5ccb4e2b50a7249312

SHA1
f05d786c621b3b6c3c41889d069644295c21af76

SHA256
01ebe957d6d1c05d32e56dfa132bee5c663abc12c31903d879af7c88b6439236

SHA512
24b35a075bd65a3b522f1a1c8b0d6a79cdb0a2c6997cdc85e357eb45cb7b7527bd83a96953af1013f4e7246f6cebeaaddc102962369364219dc326ad4a5fdc09

Download Submit
\Windows\system\qdVIJUm.exe

Filesize
6.0MB

MD5
ad3dfa51ba00430c05f4e0d71699709d

SHA1
31c23d55d43e672827eebec644e6355483a88a7c

SHA256
e85d6694a3957c56a5876adbd0be626b1b02359ef1bf498d594232493008d660

SHA512
af59c7ec1c4711996998588faa5eb0b797be5ddb494bbed04cca1524b3af8c467b42577737f650d075b9a01f836f4673b52aab0682f8b57d697773e219871bab

Download Submit
\Windows\system\sTJVrxy.exe

Filesize
6.0MB

MD5
88f18515eb6928939da2b26dc33df63b

SHA1
507b6bb5133bfa3d34698a23a18f4f22eca9bbb4

SHA256
8b6843fa3ba78ac5c53eac2571f2dfe669d1c7e7877951cf189c57bed684b46f

SHA512
c75673d3d45c9cd79868d9cdb60b4d077b65233ef01f1e71e0c87dae37210191244ad58bbf012994770446f970fd843c6eec12b7ff2df3b13570f654995093a8

Download Submit
memory/1052-4034-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1052-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1704-45-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-59-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1704-1814-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1704-0-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-845-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1704-116-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1704-115-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1704-137-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1704-111-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1704-49-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1704-142-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-65-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1704-849-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1704-94-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1704-34-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1704-15-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-630-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-55-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2312-4037-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2316-39-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2316-4040-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2544-8-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-4033-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-60-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4032-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1090-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4039-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-127-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4042-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1087-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-123-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4035-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2876-51-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4036-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-101-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-50-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4041-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/3068-4038-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3068-129-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download