cobaltstrike | a8e0fa0f9551e133971e34dc574fbcebb535c80c22997a9fe134b023c0fcdc3b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b01394a5ace64fc89d19690c852d2530
SHA1

b32df83687c19b1f7fc10605750dc0bce35f9f39
SHA256

a8e0fa0f9551e133971e34dc574fbcebb535c80c22997a9fe134b023c0fcdc3b
SHA512

9d55edad6b808356cd0ad91c8cdef4767727934dad80c8016028cd67263f8cb9cc753281e244dd753184202285c6e50d52700ca53d118d83e6ff18e0c66e5dc0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e8f-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ef6-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f4f-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160db-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016239-63.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016599-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941b-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019429-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939c-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938a-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-98.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000015d33-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925b-75.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016307-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019242-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015fdb-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2756-0-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202c-6.dat	xmrig
behavioral1/files/0x0008000000015e8f-8.dat	xmrig
behavioral1/files/0x0008000000015ef6-12.dat	xmrig
behavioral1/memory/2888-23-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2484-22-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f4f-24.dat	xmrig
behavioral1/memory/2756-21-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2740-20-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2972-29-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x00070000000160db-38.dat	xmrig
behavioral1/memory/2604-49-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016239-63.dat	xmrig
behavioral1/memory/2656-45-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2756-67-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0008000000016599-70.dat	xmrig
behavioral1/memory/2780-71-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000500000001925d-91.dat	xmrig
behavioral1/memory/2972-95-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c0-191.dat	xmrig
behavioral1/memory/1660-373-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2948-572-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2944-976-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2780-254-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000500000001955c-183.dat	xmrig
behavioral1/files/0x00050000000194e6-173.dat	xmrig
behavioral1/files/0x00050000000194da-165.dat	xmrig
behavioral1/files/0x00050000000194c6-156.dat	xmrig
behavioral1/files/0x000500000001946b-149.dat	xmrig
behavioral1/files/0x0005000000019481-148.dat	xmrig
behavioral1/files/0x0005000000019490-146.dat	xmrig
behavioral1/files/0x000500000001941b-132.dat	xmrig
behavioral1/files/0x000500000001938e-122.dat	xmrig
behavioral1/files/0x00050000000195f7-194.dat	xmrig
behavioral1/files/0x0005000000019581-189.dat	xmrig
behavioral1/files/0x0005000000019551-179.dat	xmrig
behavioral1/files/0x00050000000194e4-171.dat	xmrig
behavioral1/files/0x00050000000194d0-162.dat	xmrig
behavioral1/files/0x000500000001949d-155.dat	xmrig
behavioral1/files/0x0005000000019429-137.dat	xmrig
behavioral1/files/0x000500000001939c-126.dat	xmrig
behavioral1/files/0x000500000001938a-117.dat	xmrig
behavioral1/files/0x0005000000019377-112.dat	xmrig
behavioral1/files/0x000500000001932a-106.dat	xmrig
behavioral1/memory/2944-100-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x000500000001930d-98.dat	xmrig
behavioral1/memory/1872-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2948-87-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0032000000015d33-84.dat	xmrig
behavioral1/memory/2756-78-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1660-77-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001925b-75.dat	xmrig
behavioral1/memory/2684-69-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0007000000016307-53.dat	xmrig
behavioral1/memory/2864-66-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2652-64-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019242-58.dat	xmrig
behavioral1/files/0x0007000000015fdb-33.dat	xmrig
behavioral1/memory/2888-4124-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2780-4129-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1660-4128-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2656-4127-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2484-4126-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2740-4130-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2888	kDDBlZE.exe
2740	LyhanCA.exe
2484	gCHuxDw.exe
2972	SOOMPdZ.exe
2656	snYRQPR.exe
2604	MvLllyj.exe
2652	tKLeKuL.exe
2864	FvLCVuF.exe
2684	dSBgBDk.exe
2780	cnOshSW.exe
1660	wIDxPJa.exe
2948	hflnnTj.exe
1872	elhOdlo.exe
2944	sVlPfNE.exe
1748	NhDjMNQ.exe
2596	SJCnqUN.exe
2300	aDndJes.exe
2120	mMnHYWo.exe
2516	oxpXdPg.exe
1544	ByUQCJW.exe
1584	BSuvTcb.exe
3032	mEiyiQi.exe
3044	RFeLazT.exe
2568	eKBymRK.exe
2068	WFThRpI.exe
1224	YzHvovr.exe
956	USyPEzr.exe
2204	FAbWrhT.exe
2476	OhUVwya.exe
1688	PRRPUnW.exe
1324	ZmXeHNX.exe
1976	qXaETSu.exe
2012	CRRpSBK.exe
700	bUmjOPa.exe
2536	UspSUsN.exe
896	mFemfZJ.exe
1924	PMkCsax.exe
1676	VhFfejn.exe
2252	PozGOES.exe
1520	opzvJnz.exe
1860	UWoRFzs.exe
1496	zcJxQYI.exe
2292	NfcfjSW.exe
1036	MkUjbGQ.exe
2016	wvBXCXx.exe
916	IewtqDk.exe
2528	LElKcfb.exe
316	EpFNxyk.exe
1616	icSjnPO.exe
1540	HfseOUa.exe
892	ybWroDB.exe
2884	zwOYcKK.exe
2824	AnIcTcZ.exe
2608	iLFQhqb.exe
2848	SvnOAur.exe
784	ZIQnemf.exe
536	rDtULlU.exe
2988	pmmWneF.exe
2296	stDQKKo.exe
2664	MQHcywp.exe
1764	CxZVQTV.exe
2248	UoTHGEg.exe
768	WuJfhGU.exe
1760	MSNfEuO.exe

Loads dropped DLL 64 IoCs

pid	Process
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2756-0-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-6.dat	upx
behavioral1/files/0x0008000000015e8f-8.dat	upx
behavioral1/files/0x0008000000015ef6-12.dat	upx
behavioral1/memory/2888-23-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2484-22-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0008000000015f4f-24.dat	upx
behavioral1/memory/2740-20-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2972-29-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x00070000000160db-38.dat	upx
behavioral1/memory/2604-49-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0007000000016239-63.dat	upx
behavioral1/memory/2656-45-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0008000000016599-70.dat	upx
behavioral1/memory/2780-71-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000500000001925d-91.dat	upx
behavioral1/memory/2972-95-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x00050000000195c0-191.dat	upx
behavioral1/memory/1660-373-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2948-572-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2944-976-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2780-254-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000500000001955c-183.dat	upx
behavioral1/files/0x00050000000194e6-173.dat	upx
behavioral1/files/0x00050000000194da-165.dat	upx
behavioral1/files/0x00050000000194c6-156.dat	upx
behavioral1/files/0x000500000001946b-149.dat	upx
behavioral1/files/0x0005000000019481-148.dat	upx
behavioral1/files/0x0005000000019490-146.dat	upx
behavioral1/files/0x000500000001941b-132.dat	upx
behavioral1/files/0x000500000001938e-122.dat	upx
behavioral1/files/0x00050000000195f7-194.dat	upx
behavioral1/files/0x0005000000019581-189.dat	upx
behavioral1/files/0x0005000000019551-179.dat	upx
behavioral1/files/0x00050000000194e4-171.dat	upx
behavioral1/files/0x00050000000194d0-162.dat	upx
behavioral1/files/0x000500000001949d-155.dat	upx
behavioral1/files/0x0005000000019429-137.dat	upx
behavioral1/files/0x000500000001939c-126.dat	upx
behavioral1/files/0x000500000001938a-117.dat	upx
behavioral1/files/0x0005000000019377-112.dat	upx
behavioral1/files/0x000500000001932a-106.dat	upx
behavioral1/memory/2944-100-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x000500000001930d-98.dat	upx
behavioral1/memory/1872-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2948-87-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0032000000015d33-84.dat	upx
behavioral1/memory/2756-78-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/1660-77-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x000500000001925b-75.dat	upx
behavioral1/memory/2684-69-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0007000000016307-53.dat	upx
behavioral1/memory/2864-66-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2652-64-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x0005000000019242-58.dat	upx
behavioral1/files/0x0007000000015fdb-33.dat	upx
behavioral1/memory/2888-4124-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2780-4129-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/1660-4128-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2656-4127-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2484-4126-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2740-4130-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2972-4139-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2652-4138-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CWPqrHW.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjtHINE.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rycxEOi.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aViqnXL.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Oizodbk.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffHgbSu.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgfgdqM.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sigUWRT.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjMngqO.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFyJchk.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxNXbTI.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTbBwQe.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehvcnhW.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyDbZHC.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPpgyjL.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoHhWFs.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjNaRNE.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFThRpI.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgEQJgI.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNfSqlU.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MemDZKh.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KepYDlV.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMkeqqF.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEbgwqi.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsBwbQZ.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpehtVN.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hreLaOg.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKmnNpO.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKLeKuL.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LElKcfb.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlqYjzx.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyhVihu.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPCtGPg.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubDFGkq.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEUpDSH.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGeNiss.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwRHbJz.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlQbevo.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPSFbNn.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcrLXQy.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJpaQjh.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjEovgJ.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsSgEPg.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhUVwya.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvnOAur.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlMjJyJ.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eONnaNu.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymjkLvY.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heWivJO.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNQPCga.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\woUreTX.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvfpIqH.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vAWNNbh.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGdgGjJ.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JZZisgl.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLYxqgh.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuJfhGU.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krMhcAX.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnwGyzd.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIcIRrw.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VocObrL.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcGmkVl.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEDshhr.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHiMthc.exe	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2888	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2756 wrote to memory of 2888	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2756 wrote to memory of 2888	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2756 wrote to memory of 2740	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 2740	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 2740	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 2484	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 2484	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 2484	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 2972	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2972	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2972	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2656	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2656	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2656	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2604	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2604	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2604	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2684	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2684	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2684	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2652	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2652	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2652	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2780	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 2780	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 2780	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 2864	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 2864	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 2864	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 1660	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 1660	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 1660	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 2948	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 2948	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 2948	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 1872	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 1872	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 1872	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 2944	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 2944	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 2944	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 1748	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 1748	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 1748	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 2596	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 2596	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 2596	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 2300	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 2300	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 2300	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 2120	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 2120	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 2120	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 2516	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 2516	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 2516	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 1544	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 1544	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 1544	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 1584	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 1584	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 1584	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 3044	2756	2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_b01394a5ace64fc89d19690c852d2530_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\System\kDDBlZE.exe
  C:\Windows\System\kDDBlZE.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\LyhanCA.exe
  C:\Windows\System\LyhanCA.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\gCHuxDw.exe
  C:\Windows\System\gCHuxDw.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\SOOMPdZ.exe
  C:\Windows\System\SOOMPdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\snYRQPR.exe
  C:\Windows\System\snYRQPR.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\MvLllyj.exe
  C:\Windows\System\MvLllyj.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\dSBgBDk.exe
  C:\Windows\System\dSBgBDk.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\tKLeKuL.exe
  C:\Windows\System\tKLeKuL.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\cnOshSW.exe
  C:\Windows\System\cnOshSW.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\FvLCVuF.exe
  C:\Windows\System\FvLCVuF.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\wIDxPJa.exe
  C:\Windows\System\wIDxPJa.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\hflnnTj.exe
  C:\Windows\System\hflnnTj.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\elhOdlo.exe
  C:\Windows\System\elhOdlo.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\sVlPfNE.exe
  C:\Windows\System\sVlPfNE.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\NhDjMNQ.exe
  C:\Windows\System\NhDjMNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\SJCnqUN.exe
  C:\Windows\System\SJCnqUN.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\aDndJes.exe
  C:\Windows\System\aDndJes.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\mMnHYWo.exe
  C:\Windows\System\mMnHYWo.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\oxpXdPg.exe
  C:\Windows\System\oxpXdPg.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ByUQCJW.exe
  C:\Windows\System\ByUQCJW.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\BSuvTcb.exe
  C:\Windows\System\BSuvTcb.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\RFeLazT.exe
  C:\Windows\System\RFeLazT.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\mEiyiQi.exe
  C:\Windows\System\mEiyiQi.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\FAbWrhT.exe
  C:\Windows\System\FAbWrhT.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\eKBymRK.exe
  C:\Windows\System\eKBymRK.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\mFemfZJ.exe
  C:\Windows\System\mFemfZJ.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\WFThRpI.exe
  C:\Windows\System\WFThRpI.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\PMkCsax.exe
  C:\Windows\System\PMkCsax.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\YzHvovr.exe
  C:\Windows\System\YzHvovr.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\VhFfejn.exe
  C:\Windows\System\VhFfejn.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\USyPEzr.exe
  C:\Windows\System\USyPEzr.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\opzvJnz.exe
  C:\Windows\System\opzvJnz.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\OhUVwya.exe
  C:\Windows\System\OhUVwya.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\UWoRFzs.exe
  C:\Windows\System\UWoRFzs.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\PRRPUnW.exe
  C:\Windows\System\PRRPUnW.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\zcJxQYI.exe
  C:\Windows\System\zcJxQYI.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\ZmXeHNX.exe
  C:\Windows\System\ZmXeHNX.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\MkUjbGQ.exe
  C:\Windows\System\MkUjbGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\qXaETSu.exe
  C:\Windows\System\qXaETSu.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\wvBXCXx.exe
  C:\Windows\System\wvBXCXx.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\CRRpSBK.exe
  C:\Windows\System\CRRpSBK.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\IewtqDk.exe
  C:\Windows\System\IewtqDk.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\bUmjOPa.exe
  C:\Windows\System\bUmjOPa.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\LElKcfb.exe
  C:\Windows\System\LElKcfb.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\UspSUsN.exe
  C:\Windows\System\UspSUsN.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\EpFNxyk.exe
  C:\Windows\System\EpFNxyk.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\PozGOES.exe
  C:\Windows\System\PozGOES.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\icSjnPO.exe
  C:\Windows\System\icSjnPO.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\NfcfjSW.exe
  C:\Windows\System\NfcfjSW.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ybWroDB.exe
  C:\Windows\System\ybWroDB.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\HfseOUa.exe
  C:\Windows\System\HfseOUa.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\AnIcTcZ.exe
  C:\Windows\System\AnIcTcZ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\zwOYcKK.exe
  C:\Windows\System\zwOYcKK.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\SvnOAur.exe
  C:\Windows\System\SvnOAur.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\iLFQhqb.exe
  C:\Windows\System\iLFQhqb.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\rDtULlU.exe
  C:\Windows\System\rDtULlU.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\ZIQnemf.exe
  C:\Windows\System\ZIQnemf.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\MQHcywp.exe
  C:\Windows\System\MQHcywp.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\pmmWneF.exe
  C:\Windows\System\pmmWneF.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\CxZVQTV.exe
  C:\Windows\System\CxZVQTV.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\stDQKKo.exe
  C:\Windows\System\stDQKKo.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\UoTHGEg.exe
  C:\Windows\System\UoTHGEg.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\WuJfhGU.exe
  C:\Windows\System\WuJfhGU.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\MSNfEuO.exe
  C:\Windows\System\MSNfEuO.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\YAulLhm.exe
  C:\Windows\System\YAulLhm.exe
  2⤵
  PID:2168
- C:\Windows\System\dpUaXep.exe
  C:\Windows\System\dpUaXep.exe
  2⤵
  PID:2128
- C:\Windows\System\mrbPOJE.exe
  C:\Windows\System\mrbPOJE.exe
  2⤵
  PID:2044
- C:\Windows\System\eDZfExL.exe
  C:\Windows\System\eDZfExL.exe
  2⤵
  PID:1896
- C:\Windows\System\EkBkwoB.exe
  C:\Windows\System\EkBkwoB.exe
  2⤵
  PID:924
- C:\Windows\System\ClOINlR.exe
  C:\Windows\System\ClOINlR.exe
  2⤵
  PID:836
- C:\Windows\System\RbeLfqQ.exe
  C:\Windows\System\RbeLfqQ.exe
  2⤵
  PID:1476
- C:\Windows\System\FTqeael.exe
  C:\Windows\System\FTqeael.exe
  2⤵
  PID:1612
- C:\Windows\System\XgcfnYT.exe
  C:\Windows\System\XgcfnYT.exe
  2⤵
  PID:1652
- C:\Windows\System\IomYIxC.exe
  C:\Windows\System\IomYIxC.exe
  2⤵
  PID:2428
- C:\Windows\System\QCEKAJL.exe
  C:\Windows\System\QCEKAJL.exe
  2⤵
  PID:2036
- C:\Windows\System\iYQXrcq.exe
  C:\Windows\System\iYQXrcq.exe
  2⤵
  PID:2072
- C:\Windows\System\wSlYkHb.exe
  C:\Windows\System\wSlYkHb.exe
  2⤵
  PID:1356
- C:\Windows\System\znWfbgV.exe
  C:\Windows\System\znWfbgV.exe
  2⤵
  PID:2520
- C:\Windows\System\FYselUd.exe
  C:\Windows\System\FYselUd.exe
  2⤵
  PID:684
- C:\Windows\System\OFnzAwO.exe
  C:\Windows\System\OFnzAwO.exe
  2⤵
  PID:2164
- C:\Windows\System\hhXXiCD.exe
  C:\Windows\System\hhXXiCD.exe
  2⤵
  PID:2908
- C:\Windows\System\TrMoBQY.exe
  C:\Windows\System\TrMoBQY.exe
  2⤵
  PID:876
- C:\Windows\System\ETJGZFk.exe
  C:\Windows\System\ETJGZFk.exe
  2⤵
  PID:1708
- C:\Windows\System\oyOqVHu.exe
  C:\Windows\System\oyOqVHu.exe
  2⤵
  PID:2688
- C:\Windows\System\oVnkaen.exe
  C:\Windows\System\oVnkaen.exe
  2⤵
  PID:276
- C:\Windows\System\rceQvtm.exe
  C:\Windows\System\rceQvtm.exe
  2⤵
  PID:2420
- C:\Windows\System\uvxcsUE.exe
  C:\Windows\System\uvxcsUE.exe
  2⤵
  PID:2580
- C:\Windows\System\gJXebPL.exe
  C:\Windows\System\gJXebPL.exe
  2⤵
  PID:2856
- C:\Windows\System\ZKpTtoy.exe
  C:\Windows\System\ZKpTtoy.exe
  2⤵
  PID:1268
- C:\Windows\System\tOwVnHG.exe
  C:\Windows\System\tOwVnHG.exe
  2⤵
  PID:1588
- C:\Windows\System\HrOzoFY.exe
  C:\Windows\System\HrOzoFY.exe
  2⤵
  PID:1696
- C:\Windows\System\VXWZhni.exe
  C:\Windows\System\VXWZhni.exe
  2⤵
  PID:2076
- C:\Windows\System\aPNCEHY.exe
  C:\Windows\System\aPNCEHY.exe
  2⤵
  PID:1900
- C:\Windows\System\BlcegHq.exe
  C:\Windows\System\BlcegHq.exe
  2⤵
  PID:988
- C:\Windows\System\YlQIFeB.exe
  C:\Windows\System\YlQIFeB.exe
  2⤵
  PID:2116
- C:\Windows\System\icNlDEF.exe
  C:\Windows\System\icNlDEF.exe
  2⤵
  PID:1248
- C:\Windows\System\MnPmonC.exe
  C:\Windows\System\MnPmonC.exe
  2⤵
  PID:3088
- C:\Windows\System\oqRbEBU.exe
  C:\Windows\System\oqRbEBU.exe
  2⤵
  PID:3104
- C:\Windows\System\XTmBokn.exe
  C:\Windows\System\XTmBokn.exe
  2⤵
  PID:3124
- C:\Windows\System\hJEhfVq.exe
  C:\Windows\System\hJEhfVq.exe
  2⤵
  PID:3144
- C:\Windows\System\NmyzECu.exe
  C:\Windows\System\NmyzECu.exe
  2⤵
  PID:3164
- C:\Windows\System\TCbCaen.exe
  C:\Windows\System\TCbCaen.exe
  2⤵
  PID:3188
- C:\Windows\System\RqAptgI.exe
  C:\Windows\System\RqAptgI.exe
  2⤵
  PID:3228
- C:\Windows\System\eFtexdg.exe
  C:\Windows\System\eFtexdg.exe
  2⤵
  PID:3244
- C:\Windows\System\rZFGoSS.exe
  C:\Windows\System\rZFGoSS.exe
  2⤵
  PID:3272
- C:\Windows\System\baqrahK.exe
  C:\Windows\System\baqrahK.exe
  2⤵
  PID:3288
- C:\Windows\System\zRSoNnX.exe
  C:\Windows\System\zRSoNnX.exe
  2⤵
  PID:3308
- C:\Windows\System\PzHxUrw.exe
  C:\Windows\System\PzHxUrw.exe
  2⤵
  PID:3328
- C:\Windows\System\zWuWrMD.exe
  C:\Windows\System\zWuWrMD.exe
  2⤵
  PID:3352
- C:\Windows\System\KtUotYP.exe
  C:\Windows\System\KtUotYP.exe
  2⤵
  PID:3376
- C:\Windows\System\VXoFNJb.exe
  C:\Windows\System\VXoFNJb.exe
  2⤵
  PID:3396
- C:\Windows\System\qXifHrf.exe
  C:\Windows\System\qXifHrf.exe
  2⤵
  PID:3416
- C:\Windows\System\OhINDyP.exe
  C:\Windows\System\OhINDyP.exe
  2⤵
  PID:3436
- C:\Windows\System\GrANLPa.exe
  C:\Windows\System\GrANLPa.exe
  2⤵
  PID:3456
- C:\Windows\System\xngOddk.exe
  C:\Windows\System\xngOddk.exe
  2⤵
  PID:3476
- C:\Windows\System\EPlTAui.exe
  C:\Windows\System\EPlTAui.exe
  2⤵
  PID:3496
- C:\Windows\System\CuqQJYe.exe
  C:\Windows\System\CuqQJYe.exe
  2⤵
  PID:3516
- C:\Windows\System\gOqLvJv.exe
  C:\Windows\System\gOqLvJv.exe
  2⤵
  PID:3532
- C:\Windows\System\KElMcpX.exe
  C:\Windows\System\KElMcpX.exe
  2⤵
  PID:3556
- C:\Windows\System\VRyyfha.exe
  C:\Windows\System\VRyyfha.exe
  2⤵
  PID:3576
- C:\Windows\System\neBCWnC.exe
  C:\Windows\System\neBCWnC.exe
  2⤵
  PID:3596
- C:\Windows\System\UhjLYGS.exe
  C:\Windows\System\UhjLYGS.exe
  2⤵
  PID:3616
- C:\Windows\System\eTwcPxZ.exe
  C:\Windows\System\eTwcPxZ.exe
  2⤵
  PID:3636
- C:\Windows\System\HCcOdrh.exe
  C:\Windows\System\HCcOdrh.exe
  2⤵
  PID:3656
- C:\Windows\System\gqGYRsv.exe
  C:\Windows\System\gqGYRsv.exe
  2⤵
  PID:3672
- C:\Windows\System\UBAsEzK.exe
  C:\Windows\System\UBAsEzK.exe
  2⤵
  PID:3696
- C:\Windows\System\kefxQZv.exe
  C:\Windows\System\kefxQZv.exe
  2⤵
  PID:3712
- C:\Windows\System\PQtRULQ.exe
  C:\Windows\System\PQtRULQ.exe
  2⤵
  PID:3736
- C:\Windows\System\WNMmZUu.exe
  C:\Windows\System\WNMmZUu.exe
  2⤵
  PID:3756
- C:\Windows\System\PqSydSv.exe
  C:\Windows\System\PqSydSv.exe
  2⤵
  PID:3776
- C:\Windows\System\HupLJXn.exe
  C:\Windows\System\HupLJXn.exe
  2⤵
  PID:3796
- C:\Windows\System\eMzfiDy.exe
  C:\Windows\System\eMzfiDy.exe
  2⤵
  PID:3816
- C:\Windows\System\MGPlupg.exe
  C:\Windows\System\MGPlupg.exe
  2⤵
  PID:3836
- C:\Windows\System\zvEZaRR.exe
  C:\Windows\System\zvEZaRR.exe
  2⤵
  PID:3856
- C:\Windows\System\AcmHFEx.exe
  C:\Windows\System\AcmHFEx.exe
  2⤵
  PID:3876
- C:\Windows\System\NbOiZSr.exe
  C:\Windows\System\NbOiZSr.exe
  2⤵
  PID:3896
- C:\Windows\System\sKWvGHr.exe
  C:\Windows\System\sKWvGHr.exe
  2⤵
  PID:3916
- C:\Windows\System\CHLxRIv.exe
  C:\Windows\System\CHLxRIv.exe
  2⤵
  PID:3936
- C:\Windows\System\wSTbgyv.exe
  C:\Windows\System\wSTbgyv.exe
  2⤵
  PID:3956
- C:\Windows\System\WwAVLoC.exe
  C:\Windows\System\WwAVLoC.exe
  2⤵
  PID:3976
- C:\Windows\System\OZASaOn.exe
  C:\Windows\System\OZASaOn.exe
  2⤵
  PID:3996
- C:\Windows\System\dsPBolf.exe
  C:\Windows\System\dsPBolf.exe
  2⤵
  PID:4016
- C:\Windows\System\hreLaOg.exe
  C:\Windows\System\hreLaOg.exe
  2⤵
  PID:4036
- C:\Windows\System\aUyueMb.exe
  C:\Windows\System\aUyueMb.exe
  2⤵
  PID:4056
- C:\Windows\System\fYmGFQh.exe
  C:\Windows\System\fYmGFQh.exe
  2⤵
  PID:4076
- C:\Windows\System\hkvTECX.exe
  C:\Windows\System\hkvTECX.exe
  2⤵
  PID:616
- C:\Windows\System\orenHbb.exe
  C:\Windows\System\orenHbb.exe
  2⤵
  PID:1672
- C:\Windows\System\ZOztRat.exe
  C:\Windows\System\ZOztRat.exe
  2⤵
  PID:1636
- C:\Windows\System\UWaUskX.exe
  C:\Windows\System\UWaUskX.exe
  2⤵
  PID:2464
- C:\Windows\System\XThtUtP.exe
  C:\Windows\System\XThtUtP.exe
  2⤵
  PID:2672
- C:\Windows\System\pWbyAyk.exe
  C:\Windows\System\pWbyAyk.exe
  2⤵
  PID:716
- C:\Windows\System\xfYtmNm.exe
  C:\Windows\System\xfYtmNm.exe
  2⤵
  PID:1628
- C:\Windows\System\zlZFBUQ.exe
  C:\Windows\System\zlZFBUQ.exe
  2⤵
  PID:2540
- C:\Windows\System\tVLziVC.exe
  C:\Windows\System\tVLziVC.exe
  2⤵
  PID:2836
- C:\Windows\System\UjjtSEo.exe
  C:\Windows\System\UjjtSEo.exe
  2⤵
  PID:1264
- C:\Windows\System\dqHNOjk.exe
  C:\Windows\System\dqHNOjk.exe
  2⤵
  PID:1756
- C:\Windows\System\QJJjDMF.exe
  C:\Windows\System\QJJjDMF.exe
  2⤵
  PID:908
- C:\Windows\System\EUedKQO.exe
  C:\Windows\System\EUedKQO.exe
  2⤵
  PID:3132
- C:\Windows\System\jKnyKHJ.exe
  C:\Windows\System\jKnyKHJ.exe
  2⤵
  PID:3176
- C:\Windows\System\GBoLDKf.exe
  C:\Windows\System\GBoLDKf.exe
  2⤵
  PID:2816
- C:\Windows\System\LMFIdfu.exe
  C:\Windows\System\LMFIdfu.exe
  2⤵
  PID:3116
- C:\Windows\System\oZbsKbX.exe
  C:\Windows\System\oZbsKbX.exe
  2⤵
  PID:3196
- C:\Windows\System\TDAvWcc.exe
  C:\Windows\System\TDAvWcc.exe
  2⤵
  PID:3220
- C:\Windows\System\yualzUa.exe
  C:\Windows\System\yualzUa.exe
  2⤵
  PID:3284
- C:\Windows\System\ysPMgUV.exe
  C:\Windows\System\ysPMgUV.exe
  2⤵
  PID:3264
- C:\Windows\System\tNVLREn.exe
  C:\Windows\System\tNVLREn.exe
  2⤵
  PID:3336
- C:\Windows\System\fRSMbFQ.exe
  C:\Windows\System\fRSMbFQ.exe
  2⤵
  PID:3344
- C:\Windows\System\kxNXbTI.exe
  C:\Windows\System\kxNXbTI.exe
  2⤵
  PID:3404
- C:\Windows\System\koQBDBI.exe
  C:\Windows\System\koQBDBI.exe
  2⤵
  PID:3444
- C:\Windows\System\mQBgVsP.exe
  C:\Windows\System\mQBgVsP.exe
  2⤵
  PID:3428
- C:\Windows\System\sUfMqAn.exe
  C:\Windows\System\sUfMqAn.exe
  2⤵
  PID:3468
- C:\Windows\System\ehwNAFL.exe
  C:\Windows\System\ehwNAFL.exe
  2⤵
  PID:3512
- C:\Windows\System\TuuBpos.exe
  C:\Windows\System\TuuBpos.exe
  2⤵
  PID:3544
- C:\Windows\System\AUDMyFk.exe
  C:\Windows\System\AUDMyFk.exe
  2⤵
  PID:3592
- C:\Windows\System\NiBPcrr.exe
  C:\Windows\System\NiBPcrr.exe
  2⤵
  PID:3612
- C:\Windows\System\bkslFEA.exe
  C:\Windows\System\bkslFEA.exe
  2⤵
  PID:3632
- C:\Windows\System\NsDdLJh.exe
  C:\Windows\System\NsDdLJh.exe
  2⤵
  PID:3684
- C:\Windows\System\ihQGufj.exe
  C:\Windows\System\ihQGufj.exe
  2⤵
  PID:3732
- C:\Windows\System\fMGZelt.exe
  C:\Windows\System\fMGZelt.exe
  2⤵
  PID:3744
- C:\Windows\System\mLbynXa.exe
  C:\Windows\System\mLbynXa.exe
  2⤵
  PID:3748
- C:\Windows\System\yuUMhei.exe
  C:\Windows\System\yuUMhei.exe
  2⤵
  PID:3812
- C:\Windows\System\eOJlWKt.exe
  C:\Windows\System\eOJlWKt.exe
  2⤵
  PID:3788
- C:\Windows\System\hhNpsHm.exe
  C:\Windows\System\hhNpsHm.exe
  2⤵
  PID:3892
- C:\Windows\System\QhwPBBH.exe
  C:\Windows\System\QhwPBBH.exe
  2⤵
  PID:3904
- C:\Windows\System\IYbTfOC.exe
  C:\Windows\System\IYbTfOC.exe
  2⤵
  PID:3968
- C:\Windows\System\gjxUgQd.exe
  C:\Windows\System\gjxUgQd.exe
  2⤵
  PID:4044
- C:\Windows\System\nTchyFU.exe
  C:\Windows\System\nTchyFU.exe
  2⤵
  PID:3988
- C:\Windows\System\XLTRLKq.exe
  C:\Windows\System\XLTRLKq.exe
  2⤵
  PID:4032
- C:\Windows\System\hZenLSK.exe
  C:\Windows\System\hZenLSK.exe
  2⤵
  PID:4072
- C:\Windows\System\incqikG.exe
  C:\Windows\System\incqikG.exe
  2⤵
  PID:1620
- C:\Windows\System\gyCHsrk.exe
  C:\Windows\System\gyCHsrk.exe
  2⤵
  PID:2188
- C:\Windows\System\jHTGeQR.exe
  C:\Windows\System\jHTGeQR.exe
  2⤵
  PID:2156
- C:\Windows\System\zTCJEwT.exe
  C:\Windows\System\zTCJEwT.exe
  2⤵
  PID:764
- C:\Windows\System\pyQNOew.exe
  C:\Windows\System\pyQNOew.exe
  2⤵
  PID:760
- C:\Windows\System\mLAuLCq.exe
  C:\Windows\System\mLAuLCq.exe
  2⤵
  PID:2980
- C:\Windows\System\sllkUPu.exe
  C:\Windows\System\sllkUPu.exe
  2⤵
  PID:1168
- C:\Windows\System\mfPxQej.exe
  C:\Windows\System\mfPxQej.exe
  2⤵
  PID:3184
- C:\Windows\System\WeeWkce.exe
  C:\Windows\System\WeeWkce.exe
  2⤵
  PID:1740
- C:\Windows\System\tVWwsgP.exe
  C:\Windows\System\tVWwsgP.exe
  2⤵
  PID:3156
- C:\Windows\System\dgvhiGQ.exe
  C:\Windows\System\dgvhiGQ.exe
  2⤵
  PID:3224
- C:\Windows\System\nQHcVNY.exe
  C:\Windows\System\nQHcVNY.exe
  2⤵
  PID:3320
- C:\Windows\System\SQhaOrA.exe
  C:\Windows\System\SQhaOrA.exe
  2⤵
  PID:3252
- C:\Windows\System\JUzLjTE.exe
  C:\Windows\System\JUzLjTE.exe
  2⤵
  PID:3412
- C:\Windows\System\UBzYDNb.exe
  C:\Windows\System\UBzYDNb.exe
  2⤵
  PID:3504
- C:\Windows\System\oycjrwO.exe
  C:\Windows\System\oycjrwO.exe
  2⤵
  PID:3472
- C:\Windows\System\WSzoVgX.exe
  C:\Windows\System\WSzoVgX.exe
  2⤵
  PID:3540
- C:\Windows\System\OyPQQJo.exe
  C:\Windows\System\OyPQQJo.exe
  2⤵
  PID:3588
- C:\Windows\System\bEDshhr.exe
  C:\Windows\System\bEDshhr.exe
  2⤵
  PID:3664
- C:\Windows\System\QadqXvw.exe
  C:\Windows\System\QadqXvw.exe
  2⤵
  PID:3772
- C:\Windows\System\wXramYW.exe
  C:\Windows\System\wXramYW.exe
  2⤵
  PID:3804
- C:\Windows\System\YyMUnua.exe
  C:\Windows\System\YyMUnua.exe
  2⤵
  PID:3828
- C:\Windows\System\tacqBMN.exe
  C:\Windows\System\tacqBMN.exe
  2⤵
  PID:3864
- C:\Windows\System\QRinFmT.exe
  C:\Windows\System\QRinFmT.exe
  2⤵
  PID:3908
- C:\Windows\System\xPEUmsi.exe
  C:\Windows\System\xPEUmsi.exe
  2⤵
  PID:4028
- C:\Windows\System\XVQiMnd.exe
  C:\Windows\System\XVQiMnd.exe
  2⤵
  PID:1572
- C:\Windows\System\uUrYknJ.exe
  C:\Windows\System\uUrYknJ.exe
  2⤵
  PID:288
- C:\Windows\System\HhcwKSc.exe
  C:\Windows\System\HhcwKSc.exe
  2⤵
  PID:1488
- C:\Windows\System\qzIwQbB.exe
  C:\Windows\System\qzIwQbB.exe
  2⤵
  PID:2852
- C:\Windows\System\WGiSyAv.exe
  C:\Windows\System\WGiSyAv.exe
  2⤵
  PID:2280
- C:\Windows\System\AFgSoJs.exe
  C:\Windows\System\AFgSoJs.exe
  2⤵
  PID:2512
- C:\Windows\System\jOCbwIC.exe
  C:\Windows\System\jOCbwIC.exe
  2⤵
  PID:3240
- C:\Windows\System\VUgSoEI.exe
  C:\Windows\System\VUgSoEI.exe
  2⤵
  PID:3304
- C:\Windows\System\IWIRAib.exe
  C:\Windows\System\IWIRAib.exe
  2⤵
  PID:3432
- C:\Windows\System\SUhzrfc.exe
  C:\Windows\System\SUhzrfc.exe
  2⤵
  PID:3492
- C:\Windows\System\uWTvGwx.exe
  C:\Windows\System\uWTvGwx.exe
  2⤵
  PID:3584
- C:\Windows\System\FReUqxO.exe
  C:\Windows\System\FReUqxO.exe
  2⤵
  PID:3680
- C:\Windows\System\oBobUlh.exe
  C:\Windows\System\oBobUlh.exe
  2⤵
  PID:3704
- C:\Windows\System\BTQzAJL.exe
  C:\Windows\System\BTQzAJL.exe
  2⤵
  PID:3872
- C:\Windows\System\vgWwCxQ.exe
  C:\Windows\System\vgWwCxQ.exe
  2⤵
  PID:4008
- C:\Windows\System\xrHFNjR.exe
  C:\Windows\System\xrHFNjR.exe
  2⤵
  PID:3948
- C:\Windows\System\swUjzYm.exe
  C:\Windows\System\swUjzYm.exe
  2⤵
  PID:4116
- C:\Windows\System\cboLLpX.exe
  C:\Windows\System\cboLLpX.exe
  2⤵
  PID:4136
- C:\Windows\System\nYfIPpE.exe
  C:\Windows\System\nYfIPpE.exe
  2⤵
  PID:4156
- C:\Windows\System\GELkzHr.exe
  C:\Windows\System\GELkzHr.exe
  2⤵
  PID:4176
- C:\Windows\System\lNSIKtY.exe
  C:\Windows\System\lNSIKtY.exe
  2⤵
  PID:4196
- C:\Windows\System\coAvhGf.exe
  C:\Windows\System\coAvhGf.exe
  2⤵
  PID:4216
- C:\Windows\System\McKTMJg.exe
  C:\Windows\System\McKTMJg.exe
  2⤵
  PID:4232
- C:\Windows\System\UAVpojT.exe
  C:\Windows\System\UAVpojT.exe
  2⤵
  PID:4256
- C:\Windows\System\oxidEYg.exe
  C:\Windows\System\oxidEYg.exe
  2⤵
  PID:4276
- C:\Windows\System\cDPTicM.exe
  C:\Windows\System\cDPTicM.exe
  2⤵
  PID:4296
- C:\Windows\System\vyxdhCl.exe
  C:\Windows\System\vyxdhCl.exe
  2⤵
  PID:4316
- C:\Windows\System\btpivDU.exe
  C:\Windows\System\btpivDU.exe
  2⤵
  PID:4336
- C:\Windows\System\GQFTSGe.exe
  C:\Windows\System\GQFTSGe.exe
  2⤵
  PID:4352
- C:\Windows\System\nwzbxuH.exe
  C:\Windows\System\nwzbxuH.exe
  2⤵
  PID:4376
- C:\Windows\System\zcrLXQy.exe
  C:\Windows\System\zcrLXQy.exe
  2⤵
  PID:4396
- C:\Windows\System\GRIkmSp.exe
  C:\Windows\System\GRIkmSp.exe
  2⤵
  PID:4412
- C:\Windows\System\iicnIGO.exe
  C:\Windows\System\iicnIGO.exe
  2⤵
  PID:4436
- C:\Windows\System\nqMjiWs.exe
  C:\Windows\System\nqMjiWs.exe
  2⤵
  PID:4456
- C:\Windows\System\YRoNIws.exe
  C:\Windows\System\YRoNIws.exe
  2⤵
  PID:4472
- C:\Windows\System\NAFRfiV.exe
  C:\Windows\System\NAFRfiV.exe
  2⤵
  PID:4492
- C:\Windows\System\aVFOTdL.exe
  C:\Windows\System\aVFOTdL.exe
  2⤵
  PID:4516
- C:\Windows\System\BYyJFzx.exe
  C:\Windows\System\BYyJFzx.exe
  2⤵
  PID:4536
- C:\Windows\System\CXIZcJV.exe
  C:\Windows\System\CXIZcJV.exe
  2⤵
  PID:4556
- C:\Windows\System\OpoSFGj.exe
  C:\Windows\System\OpoSFGj.exe
  2⤵
  PID:4576
- C:\Windows\System\jiLaUzC.exe
  C:\Windows\System\jiLaUzC.exe
  2⤵
  PID:4596
- C:\Windows\System\cBzqHij.exe
  C:\Windows\System\cBzqHij.exe
  2⤵
  PID:4612
- C:\Windows\System\rxvZruW.exe
  C:\Windows\System\rxvZruW.exe
  2⤵
  PID:4636
- C:\Windows\System\xXZruas.exe
  C:\Windows\System\xXZruas.exe
  2⤵
  PID:4656
- C:\Windows\System\RmBXQVd.exe
  C:\Windows\System\RmBXQVd.exe
  2⤵
  PID:4672
- C:\Windows\System\daHqXic.exe
  C:\Windows\System\daHqXic.exe
  2⤵
  PID:4696
- C:\Windows\System\nChBPot.exe
  C:\Windows\System\nChBPot.exe
  2⤵
  PID:4716
- C:\Windows\System\DQsMWVZ.exe
  C:\Windows\System\DQsMWVZ.exe
  2⤵
  PID:4736
- C:\Windows\System\dudqDeY.exe
  C:\Windows\System\dudqDeY.exe
  2⤵
  PID:4756
- C:\Windows\System\jTDbyHE.exe
  C:\Windows\System\jTDbyHE.exe
  2⤵
  PID:4776
- C:\Windows\System\yOQyGBS.exe
  C:\Windows\System\yOQyGBS.exe
  2⤵
  PID:4796
- C:\Windows\System\OXNtsyM.exe
  C:\Windows\System\OXNtsyM.exe
  2⤵
  PID:4816
- C:\Windows\System\qgFiMbL.exe
  C:\Windows\System\qgFiMbL.exe
  2⤵
  PID:4832
- C:\Windows\System\xGtgRQG.exe
  C:\Windows\System\xGtgRQG.exe
  2⤵
  PID:4848
- C:\Windows\System\zRtOyzk.exe
  C:\Windows\System\zRtOyzk.exe
  2⤵
  PID:4876
- C:\Windows\System\RUDwHpU.exe
  C:\Windows\System\RUDwHpU.exe
  2⤵
  PID:4896
- C:\Windows\System\PuvPGLS.exe
  C:\Windows\System\PuvPGLS.exe
  2⤵
  PID:4912
- C:\Windows\System\JiRBMlj.exe
  C:\Windows\System\JiRBMlj.exe
  2⤵
  PID:4936
- C:\Windows\System\TZwDTZU.exe
  C:\Windows\System\TZwDTZU.exe
  2⤵
  PID:4956
- C:\Windows\System\AsVLCSB.exe
  C:\Windows\System\AsVLCSB.exe
  2⤵
  PID:4976
- C:\Windows\System\KPQrXZx.exe
  C:\Windows\System\KPQrXZx.exe
  2⤵
  PID:4996
- C:\Windows\System\LTRvvUn.exe
  C:\Windows\System\LTRvvUn.exe
  2⤵
  PID:5016
- C:\Windows\System\NfNStdO.exe
  C:\Windows\System\NfNStdO.exe
  2⤵
  PID:5036
- C:\Windows\System\LibfYIi.exe
  C:\Windows\System\LibfYIi.exe
  2⤵
  PID:5056
- C:\Windows\System\MgyGoxY.exe
  C:\Windows\System\MgyGoxY.exe
  2⤵
  PID:5072
- C:\Windows\System\TPEWYZE.exe
  C:\Windows\System\TPEWYZE.exe
  2⤵
  PID:5092
- C:\Windows\System\mlqYjzx.exe
  C:\Windows\System\mlqYjzx.exe
  2⤵
  PID:5112
- C:\Windows\System\vHiMthc.exe
  C:\Windows\System\vHiMthc.exe
  2⤵
  PID:4064
- C:\Windows\System\JfClVki.exe
  C:\Windows\System\JfClVki.exe
  2⤵
  PID:1732
- C:\Windows\System\FMIRKFu.exe
  C:\Windows\System\FMIRKFu.exe
  2⤵
  PID:1460
- C:\Windows\System\OIRDQdb.exe
  C:\Windows\System\OIRDQdb.exe
  2⤵
  PID:3180
- C:\Windows\System\NcSpLyQ.exe
  C:\Windows\System\NcSpLyQ.exe
  2⤵
  PID:2772
- C:\Windows\System\simtnjO.exe
  C:\Windows\System\simtnjO.exe
  2⤵
  PID:3300
- C:\Windows\System\rFkzZsJ.exe
  C:\Windows\System\rFkzZsJ.exe
  2⤵
  PID:3624
- C:\Windows\System\OvgHfnF.exe
  C:\Windows\System\OvgHfnF.exe
  2⤵
  PID:3884
- C:\Windows\System\HgEQJgI.exe
  C:\Windows\System\HgEQJgI.exe
  2⤵
  PID:3784
- C:\Windows\System\ZKWDolG.exe
  C:\Windows\System\ZKWDolG.exe
  2⤵
  PID:3868
- C:\Windows\System\vxeuxJK.exe
  C:\Windows\System\vxeuxJK.exe
  2⤵
  PID:4128
- C:\Windows\System\iqXbjei.exe
  C:\Windows\System\iqXbjei.exe
  2⤵
  PID:4172
- C:\Windows\System\wKZwyBx.exe
  C:\Windows\System\wKZwyBx.exe
  2⤵
  PID:4240
- C:\Windows\System\rjxMuRh.exe
  C:\Windows\System\rjxMuRh.exe
  2⤵
  PID:4228
- C:\Windows\System\TIETmfl.exe
  C:\Windows\System\TIETmfl.exe
  2⤵
  PID:4292
- C:\Windows\System\wUGFspq.exe
  C:\Windows\System\wUGFspq.exe
  2⤵
  PID:4288
- C:\Windows\System\yStDjiA.exe
  C:\Windows\System\yStDjiA.exe
  2⤵
  PID:4344
- C:\Windows\System\WZDqxif.exe
  C:\Windows\System\WZDqxif.exe
  2⤵
  PID:2960
- C:\Windows\System\czlpPgV.exe
  C:\Windows\System\czlpPgV.exe
  2⤵
  PID:4408
- C:\Windows\System\qIJgPeB.exe
  C:\Windows\System\qIJgPeB.exe
  2⤵
  PID:4420
- C:\Windows\System\icSvOHn.exe
  C:\Windows\System\icSvOHn.exe
  2⤵
  PID:4432
- C:\Windows\System\iUeYNOz.exe
  C:\Windows\System\iUeYNOz.exe
  2⤵
  PID:4484
- C:\Windows\System\iRYLKxA.exe
  C:\Windows\System\iRYLKxA.exe
  2⤵
  PID:4512
- C:\Windows\System\UtgTCdS.exe
  C:\Windows\System\UtgTCdS.exe
  2⤵
  PID:4572
- C:\Windows\System\pIcRnkB.exe
  C:\Windows\System\pIcRnkB.exe
  2⤵
  PID:4592
- C:\Windows\System\yCGtBem.exe
  C:\Windows\System\yCGtBem.exe
  2⤵
  PID:4624
- C:\Windows\System\bUYRRHF.exe
  C:\Windows\System\bUYRRHF.exe
  2⤵
  PID:4648
- C:\Windows\System\cZgZnHZ.exe
  C:\Windows\System\cZgZnHZ.exe
  2⤵
  PID:4668
- C:\Windows\System\MJTpnjm.exe
  C:\Windows\System\MJTpnjm.exe
  2⤵
  PID:4708
- C:\Windows\System\tHgmtQj.exe
  C:\Windows\System\tHgmtQj.exe
  2⤵
  PID:4752
- C:\Windows\System\jnpzuKo.exe
  C:\Windows\System\jnpzuKo.exe
  2⤵
  PID:4788
- C:\Windows\System\uLgEhPM.exe
  C:\Windows\System\uLgEhPM.exe
  2⤵
  PID:4792
- C:\Windows\System\PzShVAM.exe
  C:\Windows\System\PzShVAM.exe
  2⤵
  PID:4856
- C:\Windows\System\oZohgJO.exe
  C:\Windows\System\oZohgJO.exe
  2⤵
  PID:4868
- C:\Windows\System\udYewSF.exe
  C:\Windows\System\udYewSF.exe
  2⤵
  PID:4904
- C:\Windows\System\LKEWjYf.exe
  C:\Windows\System\LKEWjYf.exe
  2⤵
  PID:4972
- C:\Windows\System\lTAvMXV.exe
  C:\Windows\System\lTAvMXV.exe
  2⤵
  PID:4984
- C:\Windows\System\MaJXsZG.exe
  C:\Windows\System\MaJXsZG.exe
  2⤵
  PID:5008
- C:\Windows\System\xFcCuzn.exe
  C:\Windows\System\xFcCuzn.exe
  2⤵
  PID:5048
- C:\Windows\System\NSlOLDr.exe
  C:\Windows\System\NSlOLDr.exe
  2⤵
  PID:5028
- C:\Windows\System\FrbkUrR.exe
  C:\Windows\System\FrbkUrR.exe
  2⤵
  PID:3984
- C:\Windows\System\RcnZjXb.exe
  C:\Windows\System\RcnZjXb.exe
  2⤵
  PID:2112
- C:\Windows\System\QLwVHKs.exe
  C:\Windows\System\QLwVHKs.exe
  2⤵
  PID:2668
- C:\Windows\System\SjEQmxT.exe
  C:\Windows\System\SjEQmxT.exe
  2⤵
  PID:2880
- C:\Windows\System\jbhYpEq.exe
  C:\Windows\System\jbhYpEq.exe
  2⤵
  PID:2872
- C:\Windows\System\LfgqEii.exe
  C:\Windows\System\LfgqEii.exe
  2⤵
  PID:3924
- C:\Windows\System\tZnsAzd.exe
  C:\Windows\System\tZnsAzd.exe
  2⤵
  PID:4104
- C:\Windows\System\CYYhqPy.exe
  C:\Windows\System\CYYhqPy.exe
  2⤵
  PID:2900
- C:\Windows\System\vJfAORY.exe
  C:\Windows\System\vJfAORY.exe
  2⤵
  PID:4148
- C:\Windows\System\MOwEcwz.exe
  C:\Windows\System\MOwEcwz.exe
  2⤵
  PID:4212
- C:\Windows\System\AvHVnuf.exe
  C:\Windows\System\AvHVnuf.exe
  2⤵
  PID:4284
- C:\Windows\System\rycxEOi.exe
  C:\Windows\System\rycxEOi.exe
  2⤵
  PID:4332
- C:\Windows\System\bavYeFn.exe
  C:\Windows\System\bavYeFn.exe
  2⤵
  PID:4272
- C:\Windows\System\qlMjJyJ.exe
  C:\Windows\System\qlMjJyJ.exe
  2⤵
  PID:4404
- C:\Windows\System\bnoBVOb.exe
  C:\Windows\System\bnoBVOb.exe
  2⤵
  PID:4392
- C:\Windows\System\BEqhnFC.exe
  C:\Windows\System\BEqhnFC.exe
  2⤵
  PID:4584
- C:\Windows\System\wHVkVQf.exe
  C:\Windows\System\wHVkVQf.exe
  2⤵
  PID:4768
- C:\Windows\System\LaeCUbD.exe
  C:\Windows\System\LaeCUbD.exe
  2⤵
  PID:4824
- C:\Windows\System\kPxCEWm.exe
  C:\Windows\System\kPxCEWm.exe
  2⤵
  PID:4932
- C:\Windows\System\XzADHTN.exe
  C:\Windows\System\XzADHTN.exe
  2⤵
  PID:5052
- C:\Windows\System\aiNovfY.exe
  C:\Windows\System\aiNovfY.exe
  2⤵
  PID:3112
- C:\Windows\System\HfScKmI.exe
  C:\Windows\System\HfScKmI.exe
  2⤵
  PID:3572
- C:\Windows\System\BwanDkm.exe
  C:\Windows\System\BwanDkm.exe
  2⤵
  PID:4480
- C:\Windows\System\QZVudFf.exe
  C:\Windows\System\QZVudFf.exe
  2⤵
  PID:4488
- C:\Windows\System\FwyQQDj.exe
  C:\Windows\System\FwyQQDj.exe
  2⤵
  PID:4188
- C:\Windows\System\saYkHIs.exe
  C:\Windows\System\saYkHIs.exe
  2⤵
  PID:4588
- C:\Windows\System\urAIRDZ.exe
  C:\Windows\System\urAIRDZ.exe
  2⤵
  PID:4428
- C:\Windows\System\KRqZDWn.exe
  C:\Windows\System\KRqZDWn.exe
  2⤵
  PID:4372
- C:\Windows\System\rYAkreu.exe
  C:\Windows\System\rYAkreu.exe
  2⤵
  PID:5136
- C:\Windows\System\XjvyCOT.exe
  C:\Windows\System\XjvyCOT.exe
  2⤵
  PID:5152
- C:\Windows\System\lsoidaJ.exe
  C:\Windows\System\lsoidaJ.exe
  2⤵
  PID:5168
- C:\Windows\System\qtBoSda.exe
  C:\Windows\System\qtBoSda.exe
  2⤵
  PID:5192
- C:\Windows\System\VJLPDeS.exe
  C:\Windows\System\VJLPDeS.exe
  2⤵
  PID:5208
- C:\Windows\System\DgNlemy.exe
  C:\Windows\System\DgNlemy.exe
  2⤵
  PID:5228
- C:\Windows\System\IantPyD.exe
  C:\Windows\System\IantPyD.exe
  2⤵
  PID:5308
- C:\Windows\System\MixaDsc.exe
  C:\Windows\System\MixaDsc.exe
  2⤵
  PID:5332
- C:\Windows\System\SRKsvNP.exe
  C:\Windows\System\SRKsvNP.exe
  2⤵
  PID:5352
- C:\Windows\System\heWivJO.exe
  C:\Windows\System\heWivJO.exe
  2⤵
  PID:5372
- C:\Windows\System\DuRtAur.exe
  C:\Windows\System\DuRtAur.exe
  2⤵
  PID:5388
- C:\Windows\System\AQkLled.exe
  C:\Windows\System\AQkLled.exe
  2⤵
  PID:5408
- C:\Windows\System\PHChGSH.exe
  C:\Windows\System\PHChGSH.exe
  2⤵
  PID:5428
- C:\Windows\System\BaNgyPv.exe
  C:\Windows\System\BaNgyPv.exe
  2⤵
  PID:5448
- C:\Windows\System\zTBNFBJ.exe
  C:\Windows\System\zTBNFBJ.exe
  2⤵
  PID:5464
- C:\Windows\System\kutJITx.exe
  C:\Windows\System\kutJITx.exe
  2⤵
  PID:5488
- C:\Windows\System\nMobtWR.exe
  C:\Windows\System\nMobtWR.exe
  2⤵
  PID:5504
- C:\Windows\System\SYfcqPz.exe
  C:\Windows\System\SYfcqPz.exe
  2⤵
  PID:5524
- C:\Windows\System\lpqnoRH.exe
  C:\Windows\System\lpqnoRH.exe
  2⤵
  PID:5540
- C:\Windows\System\HAiBVid.exe
  C:\Windows\System\HAiBVid.exe
  2⤵
  PID:5564
- C:\Windows\System\UsUQFQx.exe
  C:\Windows\System\UsUQFQx.exe
  2⤵
  PID:5580
- C:\Windows\System\qmhBmHu.exe
  C:\Windows\System\qmhBmHu.exe
  2⤵
  PID:5600
- C:\Windows\System\tMsEJmZ.exe
  C:\Windows\System\tMsEJmZ.exe
  2⤵
  PID:5620
- C:\Windows\System\SISKfqb.exe
  C:\Windows\System\SISKfqb.exe
  2⤵
  PID:5640
- C:\Windows\System\JJpaQjh.exe
  C:\Windows\System\JJpaQjh.exe
  2⤵
  PID:5656
- C:\Windows\System\AYizXEe.exe
  C:\Windows\System\AYizXEe.exe
  2⤵
  PID:5672
- C:\Windows\System\LxsRgWp.exe
  C:\Windows\System\LxsRgWp.exe
  2⤵
  PID:5688
- C:\Windows\System\XSccMtK.exe
  C:\Windows\System\XSccMtK.exe
  2⤵
  PID:5708
- C:\Windows\System\twlYBqz.exe
  C:\Windows\System\twlYBqz.exe
  2⤵
  PID:5728
- C:\Windows\System\gnhEqVQ.exe
  C:\Windows\System\gnhEqVQ.exe
  2⤵
  PID:5748
- C:\Windows\System\tCiIHjn.exe
  C:\Windows\System\tCiIHjn.exe
  2⤵
  PID:5764
- C:\Windows\System\OAiONTZ.exe
  C:\Windows\System\OAiONTZ.exe
  2⤵
  PID:5784
- C:\Windows\System\DxbkQeS.exe
  C:\Windows\System\DxbkQeS.exe
  2⤵
  PID:5800
- C:\Windows\System\YnJBGiw.exe
  C:\Windows\System\YnJBGiw.exe
  2⤵
  PID:5816
- C:\Windows\System\rUTgMRk.exe
  C:\Windows\System\rUTgMRk.exe
  2⤵
  PID:5832
- C:\Windows\System\uoaAsWV.exe
  C:\Windows\System\uoaAsWV.exe
  2⤵
  PID:5852
- C:\Windows\System\ZxPMpzt.exe
  C:\Windows\System\ZxPMpzt.exe
  2⤵
  PID:5868
- C:\Windows\System\drfJNOB.exe
  C:\Windows\System\drfJNOB.exe
  2⤵
  PID:5884
- C:\Windows\System\ediqDpO.exe
  C:\Windows\System\ediqDpO.exe
  2⤵
  PID:5900
- C:\Windows\System\ROtGqnQ.exe
  C:\Windows\System\ROtGqnQ.exe
  2⤵
  PID:5916
- C:\Windows\System\qWeFwVo.exe
  C:\Windows\System\qWeFwVo.exe
  2⤵
  PID:5932
- C:\Windows\System\YULaoxF.exe
  C:\Windows\System\YULaoxF.exe
  2⤵
  PID:5948
- C:\Windows\System\jhOQZXl.exe
  C:\Windows\System\jhOQZXl.exe
  2⤵
  PID:5964
- C:\Windows\System\WSIlocA.exe
  C:\Windows\System\WSIlocA.exe
  2⤵
  PID:5980
- C:\Windows\System\AkeeyAY.exe
  C:\Windows\System\AkeeyAY.exe
  2⤵
  PID:5996
- C:\Windows\System\LXRaiZW.exe
  C:\Windows\System\LXRaiZW.exe
  2⤵
  PID:6012
- C:\Windows\System\WRBclqe.exe
  C:\Windows\System\WRBclqe.exe
  2⤵
  PID:6028
- C:\Windows\System\YFtDkRM.exe
  C:\Windows\System\YFtDkRM.exe
  2⤵
  PID:6044
- C:\Windows\System\XgCXduk.exe
  C:\Windows\System\XgCXduk.exe
  2⤵
  PID:6060
- C:\Windows\System\nNrgYYO.exe
  C:\Windows\System\nNrgYYO.exe
  2⤵
  PID:6076
- C:\Windows\System\CyaAgPe.exe
  C:\Windows\System\CyaAgPe.exe
  2⤵
  PID:6092
- C:\Windows\System\NizQkEW.exe
  C:\Windows\System\NizQkEW.exe
  2⤵
  PID:6108
- C:\Windows\System\glKofnZ.exe
  C:\Windows\System\glKofnZ.exe
  2⤵
  PID:6124
- C:\Windows\System\WPSQVGl.exe
  C:\Windows\System\WPSQVGl.exe
  2⤵
  PID:6140
- C:\Windows\System\cUNJvGr.exe
  C:\Windows\System\cUNJvGr.exe
  2⤵
  PID:4924
- C:\Windows\System\ZglQXKr.exe
  C:\Windows\System\ZglQXKr.exe
  2⤵
  PID:3648
- C:\Windows\System\FmHOfrw.exe
  C:\Windows\System\FmHOfrw.exe
  2⤵
  PID:4544
- C:\Windows\System\FWjbUNO.exe
  C:\Windows\System\FWjbUNO.exe
  2⤵
  PID:4448
- C:\Windows\System\coOKRmQ.exe
  C:\Windows\System\coOKRmQ.exe
  2⤵
  PID:4732
- C:\Windows\System\sdDhouH.exe
  C:\Windows\System\sdDhouH.exe
  2⤵
  PID:5132
- C:\Windows\System\fQkCKNe.exe
  C:\Windows\System\fQkCKNe.exe
  2⤵
  PID:1908
- C:\Windows\System\EDfrvAi.exe
  C:\Windows\System\EDfrvAi.exe
  2⤵
  PID:5160
- C:\Windows\System\gaExtnu.exe
  C:\Windows\System\gaExtnu.exe
  2⤵
  PID:4992
- C:\Windows\System\KosPcLW.exe
  C:\Windows\System\KosPcLW.exe
  2⤵
  PID:5032
- C:\Windows\System\FYpEswV.exe
  C:\Windows\System\FYpEswV.exe
  2⤵
  PID:5104
- C:\Windows\System\sHkQFwu.exe
  C:\Windows\System\sHkQFwu.exe
  2⤵
  PID:3364
- C:\Windows\System\LhKEtgu.exe
  C:\Windows\System\LhKEtgu.exe
  2⤵
  PID:2444
- C:\Windows\System\AvWzNlB.exe
  C:\Windows\System\AvWzNlB.exe
  2⤵
  PID:5240
- C:\Windows\System\QITUjFk.exe
  C:\Windows\System\QITUjFk.exe
  2⤵
  PID:4532
- C:\Windows\System\CJCPjDi.exe
  C:\Windows\System\CJCPjDi.exe
  2⤵
  PID:5024
- C:\Windows\System\DMkeqqF.exe
  C:\Windows\System\DMkeqqF.exe
  2⤵
  PID:4444
- C:\Windows\System\IEgjxyh.exe
  C:\Windows\System\IEgjxyh.exe
  2⤵
  PID:4308
- C:\Windows\System\uTmdpfK.exe
  C:\Windows\System\uTmdpfK.exe
  2⤵
  PID:4664
- C:\Windows\System\dJaqUic.exe
  C:\Windows\System\dJaqUic.exe
  2⤵
  PID:5280
- C:\Windows\System\kDtDgEZ.exe
  C:\Windows\System\kDtDgEZ.exe
  2⤵
  PID:5148
- C:\Windows\System\rEymTFh.exe
  C:\Windows\System\rEymTFh.exe
  2⤵
  PID:5188
- C:\Windows\System\ploKXln.exe
  C:\Windows\System\ploKXln.exe
  2⤵
  PID:4844
- C:\Windows\System\IiNpJcO.exe
  C:\Windows\System\IiNpJcO.exe
  2⤵
  PID:5296
- C:\Windows\System\kasCcQy.exe
  C:\Windows\System\kasCcQy.exe
  2⤵
  PID:5316
- C:\Windows\System\fuikkMo.exe
  C:\Windows\System\fuikkMo.exe
  2⤵
  PID:5348
- C:\Windows\System\LkVIdLM.exe
  C:\Windows\System\LkVIdLM.exe
  2⤵
  PID:5416
- C:\Windows\System\FsOWQad.exe
  C:\Windows\System\FsOWQad.exe
  2⤵
  PID:5460
- C:\Windows\System\gmPCdOa.exe
  C:\Windows\System\gmPCdOa.exe
  2⤵
  PID:5536
- C:\Windows\System\FfXZMmW.exe
  C:\Windows\System\FfXZMmW.exe
  2⤵
  PID:5608
- C:\Windows\System\DyWxyNM.exe
  C:\Windows\System\DyWxyNM.exe
  2⤵
  PID:5652
- C:\Windows\System\zMtkCca.exe
  C:\Windows\System\zMtkCca.exe
  2⤵
  PID:5716
- C:\Windows\System\iZMpqXf.exe
  C:\Windows\System\iZMpqXf.exe
  2⤵
  PID:332
- C:\Windows\System\hkyOAgt.exe
  C:\Windows\System\hkyOAgt.exe
  2⤵
  PID:5796
- C:\Windows\System\ZFedKAN.exe
  C:\Windows\System\ZFedKAN.exe
  2⤵
  PID:5364
- C:\Windows\System\JuNQpmf.exe
  C:\Windows\System\JuNQpmf.exe
  2⤵
  PID:5808
- C:\Windows\System\oppzJbw.exe
  C:\Windows\System\oppzJbw.exe
  2⤵
  PID:2936
- C:\Windows\System\qUIVSNp.exe
  C:\Windows\System\qUIVSNp.exe
  2⤵
  PID:6088
- C:\Windows\System\kzxSsAt.exe
  C:\Windows\System\kzxSsAt.exe
  2⤵
  PID:4928
- C:\Windows\System\krzdoti.exe
  C:\Windows\System\krzdoti.exe
  2⤵
  PID:5128
- C:\Windows\System\nTPTLjv.exe
  C:\Windows\System\nTPTLjv.exe
  2⤵
  PID:5668
- C:\Windows\System\YwRpFCu.exe
  C:\Windows\System\YwRpFCu.exe
  2⤵
  PID:5084
- C:\Windows\System\YjiHdoH.exe
  C:\Windows\System\YjiHdoH.exe
  2⤵
  PID:6100
- C:\Windows\System\XAOEgoH.exe
  C:\Windows\System\XAOEgoH.exe
  2⤵
  PID:5204
- C:\Windows\System\BUouYPb.exe
  C:\Windows\System\BUouYPb.exe
  2⤵
  PID:3944
- C:\Windows\System\heuzhDu.exe
  C:\Windows\System\heuzhDu.exe
  2⤵
  PID:6136
- C:\Windows\System\iFILxIE.exe
  C:\Windows\System\iFILxIE.exe
  2⤵
  PID:3392
- C:\Windows\System\GpJsidP.exe
  C:\Windows\System\GpJsidP.exe
  2⤵
  PID:5220
- C:\Windows\System\nrWfQKR.exe
  C:\Windows\System\nrWfQKR.exe
  2⤵
  PID:5304
- C:\Windows\System\pojiKZx.exe
  C:\Windows\System\pojiKZx.exe
  2⤵
  PID:5088
- C:\Windows\System\MhXewQA.exe
  C:\Windows\System\MhXewQA.exe
  2⤵
  PID:5236
- C:\Windows\System\ARxMulf.exe
  C:\Windows\System\ARxMulf.exe
  2⤵
  PID:1516
- C:\Windows\System\fKWHZIt.exe
  C:\Windows\System\fKWHZIt.exe
  2⤵
  PID:5184
- C:\Windows\System\ossjSeA.exe
  C:\Windows\System\ossjSeA.exe
  2⤵
  PID:2104
- C:\Windows\System\iefrFcD.exe
  C:\Windows\System\iefrFcD.exe
  2⤵
  PID:5612
- C:\Windows\System\SGwmbft.exe
  C:\Windows\System\SGwmbft.exe
  2⤵
  PID:5828
- C:\Windows\System\TKWLFjm.exe
  C:\Windows\System\TKWLFjm.exe
  2⤵
  PID:5572
- C:\Windows\System\dqQwocx.exe
  C:\Windows\System\dqQwocx.exe
  2⤵
  PID:5328
- C:\Windows\System\auMWVii.exe
  C:\Windows\System\auMWVii.exe
  2⤵
  PID:5840
- C:\Windows\System\sMTOpMh.exe
  C:\Windows\System\sMTOpMh.exe
  2⤵
  PID:5864
- C:\Windows\System\mPVXCEx.exe
  C:\Windows\System\mPVXCEx.exe
  2⤵
  PID:5928
- C:\Windows\System\xqxQBYA.exe
  C:\Windows\System\xqxQBYA.exe
  2⤵
  PID:5992
- C:\Windows\System\mUFbLSu.exe
  C:\Windows\System\mUFbLSu.exe
  2⤵
  PID:4548
- C:\Windows\System\hevZMFq.exe
  C:\Windows\System\hevZMFq.exe
  2⤵
  PID:5484
- C:\Windows\System\qMxCqpR.exe
  C:\Windows\System\qMxCqpR.exe
  2⤵
  PID:584
- C:\Windows\System\EAYUuxB.exe
  C:\Windows\System\EAYUuxB.exe
  2⤵
  PID:3028
- C:\Windows\System\WqYNbmd.exe
  C:\Windows\System\WqYNbmd.exe
  2⤵
  PID:1932
- C:\Windows\System\FujTmWG.exe
  C:\Windows\System\FujTmWG.exe
  2⤵
  PID:2800
- C:\Windows\System\HNISBVm.exe
  C:\Windows\System\HNISBVm.exe
  2⤵
  PID:3100
- C:\Windows\System\SCosHBt.exe
  C:\Windows\System\SCosHBt.exe
  2⤵
  PID:2828
- C:\Windows\System\CyDQSgs.exe
  C:\Windows\System\CyDQSgs.exe
  2⤵
  PID:4132
- C:\Windows\System\gOEMuIo.exe
  C:\Windows\System\gOEMuIo.exe
  2⤵
  PID:2276
- C:\Windows\System\GebShit.exe
  C:\Windows\System\GebShit.exe
  2⤵
  PID:5848
- C:\Windows\System\IoIMUYu.exe
  C:\Windows\System\IoIMUYu.exe
  2⤵
  PID:5908
- C:\Windows\System\UVxmVld.exe
  C:\Windows\System\UVxmVld.exe
  2⤵
  PID:2840
- C:\Windows\System\QYwfqHe.exe
  C:\Windows\System\QYwfqHe.exe
  2⤵
  PID:660
- C:\Windows\System\NIdqrel.exe
  C:\Windows\System\NIdqrel.exe
  2⤵
  PID:2876
- C:\Windows\System\JlSDcbm.exe
  C:\Windows\System\JlSDcbm.exe
  2⤵
  PID:6008
- C:\Windows\System\oBCFaAN.exe
  C:\Windows\System\oBCFaAN.exe
  2⤵
  PID:6040
- C:\Windows\System\ZjEovgJ.exe
  C:\Windows\System\ZjEovgJ.exe
  2⤵
  PID:5516
- C:\Windows\System\hJgIBsV.exe
  C:\Windows\System\hJgIBsV.exe
  2⤵
  PID:5552
- C:\Windows\System\EdScafG.exe
  C:\Windows\System\EdScafG.exe
  2⤵
  PID:4864
- C:\Windows\System\ZWvAvsa.exe
  C:\Windows\System\ZWvAvsa.exe
  2⤵
  PID:2928
- C:\Windows\System\cNfSqlU.exe
  C:\Windows\System\cNfSqlU.exe
  2⤵
  PID:5124
- C:\Windows\System\uylQPjP.exe
  C:\Windows\System\uylQPjP.exe
  2⤵
  PID:6084
- C:\Windows\System\oJLmFaM.exe
  C:\Windows\System\oJLmFaM.exe
  2⤵
  PID:6132
- C:\Windows\System\XecfjAm.exe
  C:\Windows\System\XecfjAm.exe
  2⤵
  PID:5012
- C:\Windows\System\jzGhcFM.exe
  C:\Windows\System\jzGhcFM.exe
  2⤵
  PID:968
- C:\Windows\System\IZHQjBV.exe
  C:\Windows\System\IZHQjBV.exe
  2⤵
  PID:2424
- C:\Windows\System\KZWHXlL.exe
  C:\Windows\System\KZWHXlL.exe
  2⤵
  PID:1580
- C:\Windows\System\xhxZFlS.exe
  C:\Windows\System\xhxZFlS.exe
  2⤵
  PID:1016
- C:\Windows\System\bvFVmjQ.exe
  C:\Windows\System\bvFVmjQ.exe
  2⤵
  PID:3216
- C:\Windows\System\IqMMErJ.exe
  C:\Windows\System\IqMMErJ.exe
  2⤵
  PID:680
- C:\Windows\System\ROUKULM.exe
  C:\Windows\System\ROUKULM.exe
  2⤵
  PID:5292
- C:\Windows\System\WLKCueQ.exe
  C:\Windows\System\WLKCueQ.exe
  2⤵
  PID:4324
- C:\Windows\System\AYHXgVx.exe
  C:\Windows\System\AYHXgVx.exe
  2⤵
  PID:5404
- C:\Windows\System\imfGzbW.exe
  C:\Windows\System\imfGzbW.exe
  2⤵
  PID:1712
- C:\Windows\System\IfsVhvf.exe
  C:\Windows\System\IfsVhvf.exe
  2⤵
  PID:600
- C:\Windows\System\oxgMNoL.exe
  C:\Windows\System\oxgMNoL.exe
  2⤵
  PID:5780
- C:\Windows\System\pLvfMOC.exe
  C:\Windows\System\pLvfMOC.exe
  2⤵
  PID:2956
- C:\Windows\System\OrnLVMk.exe
  C:\Windows\System\OrnLVMk.exe
  2⤵
  PID:2784
- C:\Windows\System\YOrDiPx.exe
  C:\Windows\System\YOrDiPx.exe
  2⤵
  PID:5880
- C:\Windows\System\fwoourL.exe
  C:\Windows\System\fwoourL.exe
  2⤵
  PID:6004
- C:\Windows\System\lxfKghw.exe
  C:\Windows\System\lxfKghw.exe
  2⤵
  PID:1752
- C:\Windows\System\YxMbUUo.exe
  C:\Windows\System\YxMbUUo.exe
  2⤵
  PID:5340
- C:\Windows\System\MKtcoJI.exe
  C:\Windows\System\MKtcoJI.exe
  2⤵
  PID:5940
- C:\Windows\System\bhUDCzT.exe
  C:\Windows\System\bhUDCzT.exe
  2⤵
  PID:6104
- C:\Windows\System\QUeDDNo.exe
  C:\Windows\System\QUeDDNo.exe
  2⤵
  PID:5272
- C:\Windows\System\MGqLnlH.exe
  C:\Windows\System\MGqLnlH.exe
  2⤵
  PID:5636
- C:\Windows\System\nYmTHhj.exe
  C:\Windows\System\nYmTHhj.exe
  2⤵
  PID:5896
- C:\Windows\System\cDrqbcD.exe
  C:\Windows\System\cDrqbcD.exe
  2⤵
  PID:5740
- C:\Windows\System\kMITpQQ.exe
  C:\Windows\System\kMITpQQ.exe
  2⤵
  PID:1164
- C:\Windows\System\SUWieFW.exe
  C:\Windows\System\SUWieFW.exe
  2⤵
  PID:2632
- C:\Windows\System\JfcrkOK.exe
  C:\Windows\System\JfcrkOK.exe
  2⤵
  PID:2660
- C:\Windows\System\AsLVZOx.exe
  C:\Windows\System\AsLVZOx.exe
  2⤵
  PID:2748
- C:\Windows\System\GvrTYbJ.exe
  C:\Windows\System\GvrTYbJ.exe
  2⤵
  PID:5596
- C:\Windows\System\KOEJXdQ.exe
  C:\Windows\System\KOEJXdQ.exe
  2⤵
  PID:5144
- C:\Windows\System\pGbKUuF.exe
  C:\Windows\System\pGbKUuF.exe
  2⤵
  PID:5100
- C:\Windows\System\ZhNbifm.exe
  C:\Windows\System\ZhNbifm.exe
  2⤵
  PID:5436
- C:\Windows\System\WOUunoL.exe
  C:\Windows\System\WOUunoL.exe
  2⤵
  PID:920
- C:\Windows\System\OsbsATP.exe
  C:\Windows\System\OsbsATP.exe
  2⤵
  PID:5736
- C:\Windows\System\uSwwVfq.exe
  C:\Windows\System\uSwwVfq.exe
  2⤵
  PID:4452
- C:\Windows\System\kQnKRcS.exe
  C:\Windows\System\kQnKRcS.exe
  2⤵
  PID:6072
- C:\Windows\System\zMOVxuq.exe
  C:\Windows\System\zMOVxuq.exe
  2⤵
  PID:3016
- C:\Windows\System\qCusvpf.exe
  C:\Windows\System\qCusvpf.exe
  2⤵
  PID:5724
- C:\Windows\System\aViqnXL.exe
  C:\Windows\System\aViqnXL.exe
  2⤵
  PID:1736
- C:\Windows\System\siJNKxc.exe
  C:\Windows\System\siJNKxc.exe
  2⤵
  PID:2136
- C:\Windows\System\ljOiaYT.exe
  C:\Windows\System\ljOiaYT.exe
  2⤵
  PID:5756
- C:\Windows\System\TZgYCBR.exe
  C:\Windows\System\TZgYCBR.exe
  2⤵
  PID:2940
- C:\Windows\System\oGpiYAz.exe
  C:\Windows\System\oGpiYAz.exe
  2⤵
  PID:1092
- C:\Windows\System\WqFConU.exe
  C:\Windows\System\WqFConU.exe
  2⤵
  PID:5456
- C:\Windows\System\gqboBtr.exe
  C:\Windows\System\gqboBtr.exe
  2⤵
  PID:1788
- C:\Windows\System\PsbwggL.exe
  C:\Windows\System\PsbwggL.exe
  2⤵
  PID:4884
- C:\Windows\System\gShdTSt.exe
  C:\Windows\System\gShdTSt.exe
  2⤵
  PID:2220
- C:\Windows\System\CnMpJCa.exe
  C:\Windows\System\CnMpJCa.exe
  2⤵
  PID:2572
- C:\Windows\System\NHzETlR.exe
  C:\Windows\System\NHzETlR.exe
  2⤵
  PID:324
- C:\Windows\System\WhCZjyN.exe
  C:\Windows\System\WhCZjyN.exe
  2⤵
  PID:2592
- C:\Windows\System\VLdgmRM.exe
  C:\Windows\System\VLdgmRM.exe
  2⤵
  PID:2348
- C:\Windows\System\DtWcmbo.exe
  C:\Windows\System\DtWcmbo.exe
  2⤵
  PID:6156
- C:\Windows\System\XdwYLRD.exe
  C:\Windows\System\XdwYLRD.exe
  2⤵
  PID:6172
- C:\Windows\System\tOGuzQR.exe
  C:\Windows\System\tOGuzQR.exe
  2⤵
  PID:6188
- C:\Windows\System\wYOHwDF.exe
  C:\Windows\System\wYOHwDF.exe
  2⤵
  PID:6204
- C:\Windows\System\ActFQOe.exe
  C:\Windows\System\ActFQOe.exe
  2⤵
  PID:6220
- C:\Windows\System\xgJkqRs.exe
  C:\Windows\System\xgJkqRs.exe
  2⤵
  PID:6236
- C:\Windows\System\qvQYRQD.exe
  C:\Windows\System\qvQYRQD.exe
  2⤵
  PID:6252
- C:\Windows\System\ErFvVdO.exe
  C:\Windows\System\ErFvVdO.exe
  2⤵
  PID:6268
- C:\Windows\System\OqrvqOh.exe
  C:\Windows\System\OqrvqOh.exe
  2⤵
  PID:6284
- C:\Windows\System\WMmnMre.exe
  C:\Windows\System\WMmnMre.exe
  2⤵
  PID:6300
- C:\Windows\System\gDAwNOA.exe
  C:\Windows\System\gDAwNOA.exe
  2⤵
  PID:6316
- C:\Windows\System\QxQPQmU.exe
  C:\Windows\System\QxQPQmU.exe
  2⤵
  PID:6332
- C:\Windows\System\yEhKycN.exe
  C:\Windows\System\yEhKycN.exe
  2⤵
  PID:6348
- C:\Windows\System\IvBshjW.exe
  C:\Windows\System\IvBshjW.exe
  2⤵
  PID:6364
- C:\Windows\System\zJWLgIR.exe
  C:\Windows\System\zJWLgIR.exe
  2⤵
  PID:6380
- C:\Windows\System\qRzJYuO.exe
  C:\Windows\System\qRzJYuO.exe
  2⤵
  PID:6396
- C:\Windows\System\blVUSuo.exe
  C:\Windows\System\blVUSuo.exe
  2⤵
  PID:6412
- C:\Windows\System\bHMUaeB.exe
  C:\Windows\System\bHMUaeB.exe
  2⤵
  PID:6428
- C:\Windows\System\QkEVXwf.exe
  C:\Windows\System\QkEVXwf.exe
  2⤵
  PID:6444
- C:\Windows\System\cxhEArs.exe
  C:\Windows\System\cxhEArs.exe
  2⤵
  PID:6460
- C:\Windows\System\GSXmkKm.exe
  C:\Windows\System\GSXmkKm.exe
  2⤵
  PID:6476
- C:\Windows\System\mKTtRGc.exe
  C:\Windows\System\mKTtRGc.exe
  2⤵
  PID:6492
- C:\Windows\System\YSSgNMn.exe
  C:\Windows\System\YSSgNMn.exe
  2⤵
  PID:6508
- C:\Windows\System\wkrcYqN.exe
  C:\Windows\System\wkrcYqN.exe
  2⤵
  PID:6524
- C:\Windows\System\lpBtgWP.exe
  C:\Windows\System\lpBtgWP.exe
  2⤵
  PID:6540
- C:\Windows\System\zJcGTwC.exe
  C:\Windows\System\zJcGTwC.exe
  2⤵
  PID:6556
- C:\Windows\System\AIDjDhv.exe
  C:\Windows\System\AIDjDhv.exe
  2⤵
  PID:6572
- C:\Windows\System\JdqXKfs.exe
  C:\Windows\System\JdqXKfs.exe
  2⤵
  PID:6588
- C:\Windows\System\HzvIKxV.exe
  C:\Windows\System\HzvIKxV.exe
  2⤵
  PID:6604
- C:\Windows\System\KJRmjGp.exe
  C:\Windows\System\KJRmjGp.exe
  2⤵
  PID:6620
- C:\Windows\System\vClotkH.exe
  C:\Windows\System\vClotkH.exe
  2⤵
  PID:6636
- C:\Windows\System\wecxuos.exe
  C:\Windows\System\wecxuos.exe
  2⤵
  PID:6652
- C:\Windows\System\MgeYAoM.exe
  C:\Windows\System\MgeYAoM.exe
  2⤵
  PID:6668
- C:\Windows\System\sJqJerD.exe
  C:\Windows\System\sJqJerD.exe
  2⤵
  PID:6684
- C:\Windows\System\wHWnZna.exe
  C:\Windows\System\wHWnZna.exe
  2⤵
  PID:6700
- C:\Windows\System\wjWQBjO.exe
  C:\Windows\System\wjWQBjO.exe
  2⤵
  PID:6716
- C:\Windows\System\KoULwFG.exe
  C:\Windows\System\KoULwFG.exe
  2⤵
  PID:6732
- C:\Windows\System\uGdgGjJ.exe
  C:\Windows\System\uGdgGjJ.exe
  2⤵
  PID:6748
- C:\Windows\System\EmCOUqk.exe
  C:\Windows\System\EmCOUqk.exe
  2⤵
  PID:6764
- C:\Windows\System\Kdladgn.exe
  C:\Windows\System\Kdladgn.exe
  2⤵
  PID:6780
- C:\Windows\System\fPjxSNU.exe
  C:\Windows\System\fPjxSNU.exe
  2⤵
  PID:6796
- C:\Windows\System\TNQPCga.exe
  C:\Windows\System\TNQPCga.exe
  2⤵
  PID:6812
- C:\Windows\System\DUjvMGP.exe
  C:\Windows\System\DUjvMGP.exe
  2⤵
  PID:6828
- C:\Windows\System\MxedMlg.exe
  C:\Windows\System\MxedMlg.exe
  2⤵
  PID:6844
- C:\Windows\System\EDqiqTB.exe
  C:\Windows\System\EDqiqTB.exe
  2⤵
  PID:6860
- C:\Windows\System\vVSNNKh.exe
  C:\Windows\System\vVSNNKh.exe
  2⤵
  PID:6880
- C:\Windows\System\EFIhpRf.exe
  C:\Windows\System\EFIhpRf.exe
  2⤵
  PID:6896
- C:\Windows\System\NXyUCez.exe
  C:\Windows\System\NXyUCez.exe
  2⤵
  PID:6912
- C:\Windows\System\xbhIroo.exe
  C:\Windows\System\xbhIroo.exe
  2⤵
  PID:6928
- C:\Windows\System\kolWXmX.exe
  C:\Windows\System\kolWXmX.exe
  2⤵
  PID:6944
- C:\Windows\System\DTwBjWd.exe
  C:\Windows\System\DTwBjWd.exe
  2⤵
  PID:6960
- C:\Windows\System\nAulKXP.exe
  C:\Windows\System\nAulKXP.exe
  2⤵
  PID:6976
- C:\Windows\System\Oyfrzro.exe
  C:\Windows\System\Oyfrzro.exe
  2⤵
  PID:6992
- C:\Windows\System\JGeNiss.exe
  C:\Windows\System\JGeNiss.exe
  2⤵
  PID:7008
- C:\Windows\System\CWXjqkv.exe
  C:\Windows\System\CWXjqkv.exe
  2⤵
  PID:7024
- C:\Windows\System\AyjItXg.exe
  C:\Windows\System\AyjItXg.exe
  2⤵
  PID:7040
- C:\Windows\System\MemDZKh.exe
  C:\Windows\System\MemDZKh.exe
  2⤵
  PID:7056
- C:\Windows\System\aVKyReu.exe
  C:\Windows\System\aVKyReu.exe
  2⤵
  PID:7072
- C:\Windows\System\IWfRqfQ.exe
  C:\Windows\System\IWfRqfQ.exe
  2⤵
  PID:7088
- C:\Windows\System\cfWXvNK.exe
  C:\Windows\System\cfWXvNK.exe
  2⤵
  PID:7104
- C:\Windows\System\TNONLtz.exe
  C:\Windows\System\TNONLtz.exe
  2⤵
  PID:7120
- C:\Windows\System\HfvgbJe.exe
  C:\Windows\System\HfvgbJe.exe
  2⤵
  PID:7136
- C:\Windows\System\oVVdkBW.exe
  C:\Windows\System\oVVdkBW.exe
  2⤵
  PID:7152
- C:\Windows\System\gFdLzKn.exe
  C:\Windows\System\gFdLzKn.exe
  2⤵
  PID:5380
- C:\Windows\System\QhGwljU.exe
  C:\Windows\System\QhGwljU.exe
  2⤵
  PID:2208
- C:\Windows\System\gGERIgz.exe
  C:\Windows\System\gGERIgz.exe
  2⤵
  PID:6196
- C:\Windows\System\dRNBemE.exe
  C:\Windows\System\dRNBemE.exe
  2⤵
  PID:5548
- C:\Windows\System\DiKNNhx.exe
  C:\Windows\System\DiKNNhx.exe
  2⤵
  PID:6260
- C:\Windows\System\wGvYkVX.exe
  C:\Windows\System\wGvYkVX.exe
  2⤵
  PID:1920
- C:\Windows\System\KnyrvDv.exe
  C:\Windows\System\KnyrvDv.exe
  2⤵
  PID:5776
- C:\Windows\System\pJgwtCu.exe
  C:\Windows\System\pJgwtCu.exe
  2⤵
  PID:6148
- C:\Windows\System\qMZinUv.exe
  C:\Windows\System\qMZinUv.exe
  2⤵
  PID:6328
- C:\Windows\System\mpzcSXM.exe
  C:\Windows\System\mpzcSXM.exe
  2⤵
  PID:6324
- C:\Windows\System\GkKarrl.exe
  C:\Windows\System\GkKarrl.exe
  2⤵
  PID:6308
- C:\Windows\System\zKczFBl.exe
  C:\Windows\System\zKczFBl.exe
  2⤵
  PID:6372
- C:\Windows\System\vuJJEgl.exe
  C:\Windows\System\vuJJEgl.exe
  2⤵
  PID:6248
- C:\Windows\System\eJUpzgD.exe
  C:\Windows\System\eJUpzgD.exe
  2⤵
  PID:6376
- C:\Windows\System\wpCrNcw.exe
  C:\Windows\System\wpCrNcw.exe
  2⤵
  PID:6440
- C:\Windows\System\MZMLQZr.exe
  C:\Windows\System\MZMLQZr.exe
  2⤵
  PID:6520
- C:\Windows\System\ngxOvHd.exe
  C:\Windows\System\ngxOvHd.exe
  2⤵
  PID:6484
- C:\Windows\System\KepYDlV.exe
  C:\Windows\System\KepYDlV.exe
  2⤵
  PID:6648
- C:\Windows\System\OTPpdvI.exe
  C:\Windows\System\OTPpdvI.exe
  2⤵
  PID:2380
- C:\Windows\System\RcFVDhZ.exe
  C:\Windows\System\RcFVDhZ.exe
  2⤵
  PID:6804
- C:\Windows\System\mxaPlkR.exe
  C:\Windows\System\mxaPlkR.exe
  2⤵
  PID:6712
- C:\Windows\System\PzeMprp.exe
  C:\Windows\System\PzeMprp.exe
  2⤵
  PID:6840
- C:\Windows\System\drcOdUL.exe
  C:\Windows\System\drcOdUL.exe
  2⤵
  PID:6904
- C:\Windows\System\RzVsAkK.exe
  C:\Windows\System\RzVsAkK.exe
  2⤵
  PID:6908
- C:\Windows\System\AAEBeZq.exe
  C:\Windows\System\AAEBeZq.exe
  2⤵
  PID:7032
- C:\Windows\System\puJTAqo.exe
  C:\Windows\System\puJTAqo.exe
  2⤵
  PID:7100
- C:\Windows\System\krdjLQw.exe
  C:\Windows\System\krdjLQw.exe
  2⤵
  PID:7164
- C:\Windows\System\brQioSF.exe
  C:\Windows\System\brQioSF.exe
  2⤵
  PID:2560
- C:\Windows\System\QrNHbds.exe
  C:\Windows\System\QrNHbds.exe
  2⤵
  PID:6360
- C:\Windows\System\AkhDREW.exe
  C:\Windows\System\AkhDREW.exe
  2⤵
  PID:6552
- C:\Windows\System\ccoJoHB.exe
  C:\Windows\System\ccoJoHB.exe
  2⤵
  PID:5400
- C:\Windows\System\xwRHbJz.exe
  C:\Windows\System\xwRHbJz.exe
  2⤵
  PID:6216
- C:\Windows\System\dAsWeUx.exe
  C:\Windows\System\dAsWeUx.exe
  2⤵
  PID:6600
- C:\Windows\System\NmMzvEH.exe
  C:\Windows\System\NmMzvEH.exe
  2⤵
  PID:6956
- C:\Windows\System\uOhXukr.exe
  C:\Windows\System\uOhXukr.exe
  2⤵
  PID:7004
- C:\Windows\System\cpfmGFx.exe
  C:\Windows\System\cpfmGFx.exe
  2⤵
  PID:2184
- C:\Windows\System\YtdrgiD.exe
  C:\Windows\System\YtdrgiD.exe
  2⤵
  PID:6692
- C:\Windows\System\NmacAqR.exe
  C:\Windows\System\NmacAqR.exe
  2⤵
  PID:6808
- C:\Windows\System\FCYVznV.exe
  C:\Windows\System\FCYVznV.exe
  2⤵
  PID:6892
- C:\Windows\System\dguHCBQ.exe
  C:\Windows\System\dguHCBQ.exe
  2⤵
  PID:6824
- C:\Windows\System\MEtcdLX.exe
  C:\Windows\System\MEtcdLX.exe
  2⤵
  PID:6568
- C:\Windows\System\EfiXETp.exe
  C:\Windows\System\EfiXETp.exe
  2⤵
  PID:6888
- C:\Windows\System\nmOsFXA.exe
  C:\Windows\System\nmOsFXA.exe
  2⤵
  PID:7020
- C:\Windows\System\wZIITrt.exe
  C:\Windows\System\wZIITrt.exe
  2⤵
  PID:6632
- C:\Windows\System\eIhSQag.exe
  C:\Windows\System\eIhSQag.exe
  2⤵
  PID:6292
- C:\Windows\System\wPbYwfv.exe
  C:\Windows\System\wPbYwfv.exe
  2⤵
  PID:6728
- C:\Windows\System\EWCySzn.exe
  C:\Windows\System\EWCySzn.exe
  2⤵
  PID:6788
- C:\Windows\System\tzEUaqg.exe
  C:\Windows\System\tzEUaqg.exe
  2⤵
  PID:7080
- C:\Windows\System\sDxuteL.exe
  C:\Windows\System\sDxuteL.exe
  2⤵
  PID:6872
- C:\Windows\System\DGSqoOn.exe
  C:\Windows\System\DGSqoOn.exe
  2⤵
  PID:6232
- C:\Windows\System\QQrbFJr.exe
  C:\Windows\System\QQrbFJr.exe
  2⤵
  PID:6420
- C:\Windows\System\QykthbX.exe
  C:\Windows\System\QykthbX.exe
  2⤵
  PID:6536
- C:\Windows\System\mLfQFiK.exe
  C:\Windows\System\mLfQFiK.exe
  2⤵
  PID:6924
- C:\Windows\System\ZcXXwzB.exe
  C:\Windows\System\ZcXXwzB.exe
  2⤵
  PID:6772
- C:\Windows\System\eIcIRrw.exe
  C:\Windows\System\eIcIRrw.exe
  2⤵
  PID:6988
- C:\Windows\System\JjxTHcD.exe
  C:\Windows\System\JjxTHcD.exe
  2⤵
  PID:7096
- C:\Windows\System\xcnyQal.exe
  C:\Windows\System\xcnyQal.exe
  2⤵
  PID:6408
- C:\Windows\System\ZzCdPfj.exe
  C:\Windows\System\ZzCdPfj.exe
  2⤵
  PID:7132
- C:\Windows\System\uRtxFpO.exe
  C:\Windows\System\uRtxFpO.exe
  2⤵
  PID:6792
- C:\Windows\System\xGemiis.exe
  C:\Windows\System\xGemiis.exe
  2⤵
  PID:7052
- C:\Windows\System\SfPaNWl.exe
  C:\Windows\System\SfPaNWl.exe
  2⤵
  PID:6500
- C:\Windows\System\QpKAbos.exe
  C:\Windows\System\QpKAbos.exe
  2⤵
  PID:2588
- C:\Windows\System\BMhWRuT.exe
  C:\Windows\System\BMhWRuT.exe
  2⤵
  PID:6984
- C:\Windows\System\JZDiqBK.exe
  C:\Windows\System\JZDiqBK.exe
  2⤵
  PID:6344
- C:\Windows\System\DEtlnER.exe
  C:\Windows\System\DEtlnER.exe
  2⤵
  PID:6644
- C:\Windows\System\HGxdEmp.exe
  C:\Windows\System\HGxdEmp.exe
  2⤵
  PID:7172
- C:\Windows\System\szDYWKg.exe
  C:\Windows\System\szDYWKg.exe
  2⤵
  PID:7188
- C:\Windows\System\Nfhcogi.exe
  C:\Windows\System\Nfhcogi.exe
  2⤵
  PID:7204
- C:\Windows\System\ngZEGBa.exe
  C:\Windows\System\ngZEGBa.exe
  2⤵
  PID:7220
- C:\Windows\System\KFSqrQL.exe
  C:\Windows\System\KFSqrQL.exe
  2⤵
  PID:7236
- C:\Windows\System\PIyZWQx.exe
  C:\Windows\System\PIyZWQx.exe
  2⤵
  PID:7252
- C:\Windows\System\jbEGHyf.exe
  C:\Windows\System\jbEGHyf.exe
  2⤵
  PID:7268
- C:\Windows\System\wbfYciL.exe
  C:\Windows\System\wbfYciL.exe
  2⤵
  PID:7284
- C:\Windows\System\dQKemxe.exe
  C:\Windows\System\dQKemxe.exe
  2⤵
  PID:7300
- C:\Windows\System\RUBZShe.exe
  C:\Windows\System\RUBZShe.exe
  2⤵
  PID:7316
- C:\Windows\System\mjChsEx.exe
  C:\Windows\System\mjChsEx.exe
  2⤵
  PID:7332
- C:\Windows\System\YLNBUfU.exe
  C:\Windows\System\YLNBUfU.exe
  2⤵
  PID:7348
- C:\Windows\System\yIEbfAl.exe
  C:\Windows\System\yIEbfAl.exe
  2⤵
  PID:7364
- C:\Windows\System\WxskrSK.exe
  C:\Windows\System\WxskrSK.exe
  2⤵
  PID:7380
- C:\Windows\System\IUDAisb.exe
  C:\Windows\System\IUDAisb.exe
  2⤵
  PID:7396
- C:\Windows\System\UtNySVb.exe
  C:\Windows\System\UtNySVb.exe
  2⤵
  PID:7412
- C:\Windows\System\UKxZien.exe
  C:\Windows\System\UKxZien.exe
  2⤵
  PID:7428
- C:\Windows\System\brxPuvA.exe
  C:\Windows\System\brxPuvA.exe
  2⤵
  PID:7444
- C:\Windows\System\zLgAbfT.exe
  C:\Windows\System\zLgAbfT.exe
  2⤵
  PID:7460
- C:\Windows\System\SsmYXwY.exe
  C:\Windows\System\SsmYXwY.exe
  2⤵
  PID:7476
- C:\Windows\System\VSCqUZf.exe
  C:\Windows\System\VSCqUZf.exe
  2⤵
  PID:7492
- C:\Windows\System\AJXSTJx.exe
  C:\Windows\System\AJXSTJx.exe
  2⤵
  PID:7508
- C:\Windows\System\pcvBLKm.exe
  C:\Windows\System\pcvBLKm.exe
  2⤵
  PID:7524
- C:\Windows\System\RZLKChP.exe
  C:\Windows\System\RZLKChP.exe
  2⤵
  PID:7540
- C:\Windows\System\DuhGcIz.exe
  C:\Windows\System\DuhGcIz.exe
  2⤵
  PID:7556
- C:\Windows\System\vQmRUWb.exe
  C:\Windows\System\vQmRUWb.exe
  2⤵
  PID:7572
- C:\Windows\System\vvogMHY.exe
  C:\Windows\System\vvogMHY.exe
  2⤵
  PID:7588
- C:\Windows\System\OaHNgpl.exe
  C:\Windows\System\OaHNgpl.exe
  2⤵
  PID:7604
- C:\Windows\System\VocObrL.exe
  C:\Windows\System\VocObrL.exe
  2⤵
  PID:7620
- C:\Windows\System\HIYnwru.exe
  C:\Windows\System\HIYnwru.exe
  2⤵
  PID:7636
- C:\Windows\System\eONnaNu.exe
  C:\Windows\System\eONnaNu.exe
  2⤵
  PID:7652
- C:\Windows\System\OMpqNbF.exe
  C:\Windows\System\OMpqNbF.exe
  2⤵
  PID:7668
- C:\Windows\System\wNBayCP.exe
  C:\Windows\System\wNBayCP.exe
  2⤵
  PID:7684
- C:\Windows\System\vrhGqTJ.exe
  C:\Windows\System\vrhGqTJ.exe
  2⤵
  PID:7700
- C:\Windows\System\ZaLAxfM.exe
  C:\Windows\System\ZaLAxfM.exe
  2⤵
  PID:7720
- C:\Windows\System\acQWcDq.exe
  C:\Windows\System\acQWcDq.exe
  2⤵
  PID:7736
- C:\Windows\System\prqoicb.exe
  C:\Windows\System\prqoicb.exe
  2⤵
  PID:7752
- C:\Windows\System\McIdqWG.exe
  C:\Windows\System\McIdqWG.exe
  2⤵
  PID:7768
- C:\Windows\System\USpNCmK.exe
  C:\Windows\System\USpNCmK.exe
  2⤵
  PID:7784
- C:\Windows\System\mKSejJu.exe
  C:\Windows\System\mKSejJu.exe
  2⤵
  PID:7800
- C:\Windows\System\YuRlXKH.exe
  C:\Windows\System\YuRlXKH.exe
  2⤵
  PID:7816
- C:\Windows\System\hsqKBsQ.exe
  C:\Windows\System\hsqKBsQ.exe
  2⤵
  PID:7832
- C:\Windows\System\WXeLJAD.exe
  C:\Windows\System\WXeLJAD.exe
  2⤵
  PID:7848
- C:\Windows\System\uKzUcBC.exe
  C:\Windows\System\uKzUcBC.exe
  2⤵
  PID:7864
- C:\Windows\System\YdLuKDx.exe
  C:\Windows\System\YdLuKDx.exe
  2⤵
  PID:7880
- C:\Windows\System\OdvzaFM.exe
  C:\Windows\System\OdvzaFM.exe
  2⤵
  PID:7896
- C:\Windows\System\IlgQUEm.exe
  C:\Windows\System\IlgQUEm.exe
  2⤵
  PID:7912
- C:\Windows\System\LZCgChP.exe
  C:\Windows\System\LZCgChP.exe
  2⤵
  PID:7928
- C:\Windows\System\BwsSLuk.exe
  C:\Windows\System\BwsSLuk.exe
  2⤵
  PID:7944
- C:\Windows\System\TsxmwFY.exe
  C:\Windows\System\TsxmwFY.exe
  2⤵
  PID:7960
- C:\Windows\System\GrxkJEI.exe
  C:\Windows\System\GrxkJEI.exe
  2⤵
  PID:7976
- C:\Windows\System\HPXplLJ.exe
  C:\Windows\System\HPXplLJ.exe
  2⤵
  PID:7992
- C:\Windows\System\pgMnWWB.exe
  C:\Windows\System\pgMnWWB.exe
  2⤵
  PID:8008
- C:\Windows\System\IwIlbjw.exe
  C:\Windows\System\IwIlbjw.exe
  2⤵
  PID:8024
- C:\Windows\System\hwDhIjY.exe
  C:\Windows\System\hwDhIjY.exe
  2⤵
  PID:8040
- C:\Windows\System\yVQuyhy.exe
  C:\Windows\System\yVQuyhy.exe
  2⤵
  PID:8056
- C:\Windows\System\BXexCum.exe
  C:\Windows\System\BXexCum.exe
  2⤵
  PID:8072
- C:\Windows\System\JlcCWXt.exe
  C:\Windows\System\JlcCWXt.exe
  2⤵
  PID:8088
- C:\Windows\System\PweRpVI.exe
  C:\Windows\System\PweRpVI.exe
  2⤵
  PID:8104
- C:\Windows\System\EQnXmiV.exe
  C:\Windows\System\EQnXmiV.exe
  2⤵
  PID:8120
- C:\Windows\System\Jogeajl.exe
  C:\Windows\System\Jogeajl.exe
  2⤵
  PID:8136
- C:\Windows\System\ogRkjzn.exe
  C:\Windows\System\ogRkjzn.exe
  2⤵
  PID:8152
- C:\Windows\System\xMkcFkb.exe
  C:\Windows\System\xMkcFkb.exe
  2⤵
  PID:8168
- C:\Windows\System\zlgfZJj.exe
  C:\Windows\System\zlgfZJj.exe
  2⤵
  PID:8184
- C:\Windows\System\hjMnbvp.exe
  C:\Windows\System\hjMnbvp.exe
  2⤵
  PID:7216
- C:\Windows\System\SoeUdyO.exe
  C:\Windows\System\SoeUdyO.exe
  2⤵
  PID:7280
- C:\Windows\System\znnGUvx.exe
  C:\Windows\System\znnGUvx.exe
  2⤵
  PID:7340
- C:\Windows\System\nPopsEW.exe
  C:\Windows\System\nPopsEW.exe
  2⤵
  PID:7404
- C:\Windows\System\krTIIML.exe
  C:\Windows\System\krTIIML.exe
  2⤵
  PID:7472
- C:\Windows\System\JTrDpun.exe
  C:\Windows\System\JTrDpun.exe
  2⤵
  PID:7532
- C:\Windows\System\nVWskhN.exe
  C:\Windows\System\nVWskhN.exe
  2⤵
  PID:7596
- C:\Windows\System\yTbBwQe.exe
  C:\Windows\System\yTbBwQe.exe
  2⤵
  PID:3160
- C:\Windows\System\CQhArOt.exe
  C:\Windows\System\CQhArOt.exe
  2⤵
  PID:7692
- C:\Windows\System\aErWzJJ.exe
  C:\Windows\System\aErWzJJ.exe
  2⤵
  PID:7732
- C:\Windows\System\CLFqdfl.exe
  C:\Windows\System\CLFqdfl.exe
  2⤵
  PID:7792
- C:\Windows\System\cnVlVVp.exe
  C:\Windows\System\cnVlVVp.exe
  2⤵
  PID:6612
- C:\Windows\System\LlOgZoG.exe
  C:\Windows\System\LlOgZoG.exe
  2⤵
  PID:7888
- C:\Windows\System\krMhcAX.exe
  C:\Windows\System\krMhcAX.exe
  2⤵
  PID:7952
- C:\Windows\System\mcIXMBV.exe
  C:\Windows\System\mcIXMBV.exe
  2⤵
  PID:7988
- C:\Windows\System\Sgzlzek.exe
  C:\Windows\System\Sgzlzek.exe
  2⤵
  PID:8020
- C:\Windows\System\NHEkUOa.exe
  C:\Windows\System\NHEkUOa.exe
  2⤵
  PID:8084
- C:\Windows\System\zYbDPIC.exe
  C:\Windows\System\zYbDPIC.exe
  2⤵
  PID:6940
- C:\Windows\System\NTcnJUM.exe
  C:\Windows\System\NTcnJUM.exe
  2⤵
  PID:8176
- C:\Windows\System\tsFdVaF.exe
  C:\Windows\System\tsFdVaF.exe
  2⤵
  PID:7420
- C:\Windows\System\fPEgCOV.exe
  C:\Windows\System\fPEgCOV.exe
  2⤵
  PID:7548
- C:\Windows\System\QOvtQrj.exe
  C:\Windows\System\QOvtQrj.exe
  2⤵
  PID:7584
- C:\Windows\System\radTLag.exe
  C:\Windows\System\radTLag.exe
  2⤵
  PID:6472
- C:\Windows\System\DcrmdMX.exe
  C:\Windows\System\DcrmdMX.exe
  2⤵
  PID:7712
- C:\Windows\System\kjNaRNE.exe
  C:\Windows\System\kjNaRNE.exe
  2⤵
  PID:7200
- C:\Windows\System\Oizodbk.exe
  C:\Windows\System\Oizodbk.exe
  2⤵
  PID:7264
- C:\Windows\System\fCgNiQN.exe
  C:\Windows\System\fCgNiQN.exe
  2⤵
  PID:7408
- C:\Windows\System\nBdEacw.exe
  C:\Windows\System\nBdEacw.exe
  2⤵
  PID:7356
- C:\Windows\System\fikMrqX.exe
  C:\Windows\System\fikMrqX.exe
  2⤵
  PID:7828
- C:\Windows\System\ubDFGkq.exe
  C:\Windows\System\ubDFGkq.exe
  2⤵
  PID:7664
- C:\Windows\System\NIlPVTV.exe
  C:\Windows\System\NIlPVTV.exe
  2⤵
  PID:7488
- C:\Windows\System\AfcZzfA.exe
  C:\Windows\System\AfcZzfA.exe
  2⤵
  PID:7612
- C:\Windows\System\tMSXKSh.exe
  C:\Windows\System\tMSXKSh.exe
  2⤵
  PID:7676
- C:\Windows\System\XNHuXwY.exe
  C:\Windows\System\XNHuXwY.exe
  2⤵
  PID:7748
- C:\Windows\System\qRbZSqm.exe
  C:\Windows\System\qRbZSqm.exe
  2⤵
  PID:7844
- C:\Windows\System\GSDHUHG.exe
  C:\Windows\System\GSDHUHG.exe
  2⤵
  PID:7564
- C:\Windows\System\FBcnOdg.exe
  C:\Windows\System\FBcnOdg.exe
  2⤵
  PID:8160
- C:\Windows\System\oIWIfGZ.exe
  C:\Windows\System\oIWIfGZ.exe
  2⤵
  PID:7968
- C:\Windows\System\ZcgQeKN.exe
  C:\Windows\System\ZcgQeKN.exe
  2⤵
  PID:8036
- C:\Windows\System\dSUOHDe.exe
  C:\Windows\System\dSUOHDe.exe
  2⤵
  PID:8064
- C:\Windows\System\jWkMSgn.exe
  C:\Windows\System\jWkMSgn.exe
  2⤵
  PID:8128
- C:\Windows\System\mebpGvl.exe
  C:\Windows\System\mebpGvl.exe
  2⤵
  PID:7212
- C:\Windows\System\ELjayZl.exe
  C:\Windows\System\ELjayZl.exe
  2⤵
  PID:7660
- C:\Windows\System\CptDZNl.exe
  C:\Windows\System\CptDZNl.exe
  2⤵
  PID:7068
- C:\Windows\System\lFQCxPq.exe
  C:\Windows\System\lFQCxPq.exe
  2⤵
  PID:7328
- C:\Windows\System\gaCwInl.exe
  C:\Windows\System\gaCwInl.exe
  2⤵
  PID:8052
- C:\Windows\System\GfnByMW.exe
  C:\Windows\System\GfnByMW.exe
  2⤵
  PID:8148
- C:\Windows\System\jhcRXdn.exe
  C:\Windows\System\jhcRXdn.exe
  2⤵
  PID:7116
- C:\Windows\System\RDVvCZO.exe
  C:\Windows\System\RDVvCZO.exe
  2⤵
  PID:7580
- C:\Windows\System\AhfKPkf.exe
  C:\Windows\System\AhfKPkf.exe
  2⤵
  PID:7260
- C:\Windows\System\NbYmFih.exe
  C:\Windows\System\NbYmFih.exe
  2⤵
  PID:7924
- C:\Windows\System\AbiXWqz.exe
  C:\Windows\System\AbiXWqz.exe
  2⤵
  PID:7388
- C:\Windows\System\CundcdQ.exe
  C:\Windows\System\CundcdQ.exe
  2⤵
  PID:6280
- C:\Windows\System\OlpWbCE.exe
  C:\Windows\System\OlpWbCE.exe
  2⤵
  PID:8004
- C:\Windows\System\lxNjTkK.exe
  C:\Windows\System\lxNjTkK.exe
  2⤵
  PID:7440
- C:\Windows\System\sbfdipC.exe
  C:\Windows\System\sbfdipC.exe
  2⤵
  PID:7972
- C:\Windows\System\XQmKKUE.exe
  C:\Windows\System\XQmKKUE.exe
  2⤵
  PID:1480
- C:\Windows\System\qxmsIKY.exe
  C:\Windows\System\qxmsIKY.exe
  2⤵
  PID:7376
- C:\Windows\System\ajLQuQI.exe
  C:\Windows\System\ajLQuQI.exe
  2⤵
  PID:7232
- C:\Windows\System\TdWYhvv.exe
  C:\Windows\System\TdWYhvv.exe
  2⤵
  PID:7876
- C:\Windows\System\PVUvDSZ.exe
  C:\Windows\System\PVUvDSZ.exe
  2⤵
  PID:7276
- C:\Windows\System\cOmhTUX.exe
  C:\Windows\System\cOmhTUX.exe
  2⤵
  PID:8208
- C:\Windows\System\UBOAdxx.exe
  C:\Windows\System\UBOAdxx.exe
  2⤵
  PID:8228
- C:\Windows\System\PlQbevo.exe
  C:\Windows\System\PlQbevo.exe
  2⤵
  PID:8244
- C:\Windows\System\aonijCd.exe
  C:\Windows\System\aonijCd.exe
  2⤵
  PID:8260
- C:\Windows\System\zhsxtsO.exe
  C:\Windows\System\zhsxtsO.exe
  2⤵
  PID:8276
- C:\Windows\System\kVvnbtL.exe
  C:\Windows\System\kVvnbtL.exe
  2⤵
  PID:8292
- C:\Windows\System\AiaezUj.exe
  C:\Windows\System\AiaezUj.exe
  2⤵
  PID:8308
- C:\Windows\System\mWtskbz.exe
  C:\Windows\System\mWtskbz.exe
  2⤵
  PID:8324
- C:\Windows\System\XMmnuDY.exe
  C:\Windows\System\XMmnuDY.exe
  2⤵
  PID:8340
- C:\Windows\System\CMdkjht.exe
  C:\Windows\System\CMdkjht.exe
  2⤵
  PID:8356
- C:\Windows\System\NWxdiHB.exe
  C:\Windows\System\NWxdiHB.exe
  2⤵
  PID:8372
- C:\Windows\System\eoHQcxC.exe
  C:\Windows\System\eoHQcxC.exe
  2⤵
  PID:8388
- C:\Windows\System\CQlAzzF.exe
  C:\Windows\System\CQlAzzF.exe
  2⤵
  PID:8404
- C:\Windows\System\HYSDJOQ.exe
  C:\Windows\System\HYSDJOQ.exe
  2⤵
  PID:8420
- C:\Windows\System\TolfeRb.exe
  C:\Windows\System\TolfeRb.exe
  2⤵
  PID:8436
- C:\Windows\System\kpWACQc.exe
  C:\Windows\System\kpWACQc.exe
  2⤵
  PID:8452
- C:\Windows\System\rDmsjmM.exe
  C:\Windows\System\rDmsjmM.exe
  2⤵
  PID:8468
- C:\Windows\System\zIpTjdk.exe
  C:\Windows\System\zIpTjdk.exe
  2⤵
  PID:8484
- C:\Windows\System\EVqXGgi.exe
  C:\Windows\System\EVqXGgi.exe
  2⤵
  PID:8500
- C:\Windows\System\tQCfkDL.exe
  C:\Windows\System\tQCfkDL.exe
  2⤵
  PID:8516
- C:\Windows\System\eEkLcUG.exe
  C:\Windows\System\eEkLcUG.exe
  2⤵
  PID:8532
- C:\Windows\System\smqNJil.exe
  C:\Windows\System\smqNJil.exe
  2⤵
  PID:8548
- C:\Windows\System\jLhwYaX.exe
  C:\Windows\System\jLhwYaX.exe
  2⤵
  PID:8564
- C:\Windows\System\mSsIbzK.exe
  C:\Windows\System\mSsIbzK.exe
  2⤵
  PID:8580
- C:\Windows\System\tdVHIEw.exe
  C:\Windows\System\tdVHIEw.exe
  2⤵
  PID:8596
- C:\Windows\System\vnOGDQX.exe
  C:\Windows\System\vnOGDQX.exe
  2⤵
  PID:8612
- C:\Windows\System\VKZZrzL.exe
  C:\Windows\System\VKZZrzL.exe
  2⤵
  PID:8628
- C:\Windows\System\DrEjTnC.exe
  C:\Windows\System\DrEjTnC.exe
  2⤵
  PID:8644
- C:\Windows\System\ehvcnhW.exe
  C:\Windows\System\ehvcnhW.exe
  2⤵
  PID:8660
- C:\Windows\System\IPDtaZn.exe
  C:\Windows\System\IPDtaZn.exe
  2⤵
  PID:8676
- C:\Windows\System\SQrEFgB.exe
  C:\Windows\System\SQrEFgB.exe
  2⤵
  PID:8692
- C:\Windows\System\qpOZKFL.exe
  C:\Windows\System\qpOZKFL.exe
  2⤵
  PID:8708
- C:\Windows\System\CUfhwxB.exe
  C:\Windows\System\CUfhwxB.exe
  2⤵
  PID:8724
- C:\Windows\System\XOYhBvv.exe
  C:\Windows\System\XOYhBvv.exe
  2⤵
  PID:8740
- C:\Windows\System\LrtHvyj.exe
  C:\Windows\System\LrtHvyj.exe
  2⤵
  PID:8756
- C:\Windows\System\JbnYjMN.exe
  C:\Windows\System\JbnYjMN.exe
  2⤵
  PID:8772
- C:\Windows\System\yWmwhbp.exe
  C:\Windows\System\yWmwhbp.exe
  2⤵
  PID:8788
- C:\Windows\System\kiauPVr.exe
  C:\Windows\System\kiauPVr.exe
  2⤵
  PID:8804
- C:\Windows\System\VhlRlAM.exe
  C:\Windows\System\VhlRlAM.exe
  2⤵
  PID:8820
- C:\Windows\System\qyPNGqK.exe
  C:\Windows\System\qyPNGqK.exe
  2⤵
  PID:8836
- C:\Windows\System\hDFOkqB.exe
  C:\Windows\System\hDFOkqB.exe
  2⤵
  PID:8852
- C:\Windows\System\WDqkvTK.exe
  C:\Windows\System\WDqkvTK.exe
  2⤵
  PID:8868
- C:\Windows\System\EUBqDed.exe
  C:\Windows\System\EUBqDed.exe
  2⤵
  PID:8884
- C:\Windows\System\UpeROIZ.exe
  C:\Windows\System\UpeROIZ.exe
  2⤵
  PID:8900
- C:\Windows\System\FpLuXcU.exe
  C:\Windows\System\FpLuXcU.exe
  2⤵
  PID:8916
- C:\Windows\System\HOMIqGX.exe
  C:\Windows\System\HOMIqGX.exe
  2⤵
  PID:8932
- C:\Windows\System\bMSvrZT.exe
  C:\Windows\System\bMSvrZT.exe
  2⤵
  PID:8948
- C:\Windows\System\rgGaYjn.exe
  C:\Windows\System\rgGaYjn.exe
  2⤵
  PID:8964
- C:\Windows\System\HOOfJZe.exe
  C:\Windows\System\HOOfJZe.exe
  2⤵
  PID:8980
- C:\Windows\System\DdWPNXk.exe
  C:\Windows\System\DdWPNXk.exe
  2⤵
  PID:8996
- C:\Windows\System\MrVdyFO.exe
  C:\Windows\System\MrVdyFO.exe
  2⤵
  PID:9012
- C:\Windows\System\YyhVihu.exe
  C:\Windows\System\YyhVihu.exe
  2⤵
  PID:9028
- C:\Windows\System\JlwiToz.exe
  C:\Windows\System\JlwiToz.exe
  2⤵
  PID:9044
- C:\Windows\System\kkhrjfC.exe
  C:\Windows\System\kkhrjfC.exe
  2⤵
  PID:9060
- C:\Windows\System\PqBODnS.exe
  C:\Windows\System\PqBODnS.exe
  2⤵
  PID:9076
- C:\Windows\System\TqkPUMT.exe
  C:\Windows\System\TqkPUMT.exe
  2⤵
  PID:9092
- C:\Windows\System\BBQWSib.exe
  C:\Windows\System\BBQWSib.exe
  2⤵
  PID:9108
- C:\Windows\System\nzufhrP.exe
  C:\Windows\System\nzufhrP.exe
  2⤵
  PID:9124
- C:\Windows\System\nIIsRcG.exe
  C:\Windows\System\nIIsRcG.exe
  2⤵
  PID:9140
- C:\Windows\System\QNlHGnX.exe
  C:\Windows\System\QNlHGnX.exe
  2⤵
  PID:9156
- C:\Windows\System\ehQeCoq.exe
  C:\Windows\System\ehQeCoq.exe
  2⤵
  PID:9176
- C:\Windows\System\hqfWSrf.exe
  C:\Windows\System\hqfWSrf.exe
  2⤵
  PID:9192
- C:\Windows\System\CiiPobb.exe
  C:\Windows\System\CiiPobb.exe
  2⤵
  PID:9208
- C:\Windows\System\acpgHth.exe
  C:\Windows\System\acpgHth.exe
  2⤵
  PID:8200
- C:\Windows\System\ghlJxtu.exe
  C:\Windows\System\ghlJxtu.exe
  2⤵
  PID:8300
- C:\Windows\System\VtbgBYe.exe
  C:\Windows\System\VtbgBYe.exe
  2⤵
  PID:8332
- C:\Windows\System\IWpzyZx.exe
  C:\Windows\System\IWpzyZx.exe
  2⤵
  PID:8396
- C:\Windows\System\aFiSoPo.exe
  C:\Windows\System\aFiSoPo.exe
  2⤵
  PID:8460
- C:\Windows\System\bXPPBtY.exe
  C:\Windows\System\bXPPBtY.exe
  2⤵
  PID:8524
- C:\Windows\System\DFIixAU.exe
  C:\Windows\System\DFIixAU.exe
  2⤵
  PID:8588
- C:\Windows\System\tYoQmjR.exe
  C:\Windows\System\tYoQmjR.exe
  2⤵
  PID:7312
- C:\Windows\System\xsVMXKS.exe
  C:\Windows\System\xsVMXKS.exe
  2⤵
  PID:8688
- C:\Windows\System\mECnxxC.exe
  C:\Windows\System\mECnxxC.exe
  2⤵
  PID:8748
- C:\Windows\System\IqHRmcH.exe
  C:\Windows\System\IqHRmcH.exe
  2⤵
  PID:8816
- C:\Windows\System\FUIoSds.exe
  C:\Windows\System\FUIoSds.exe
  2⤵
  PID:8848
- C:\Windows\System\RDVOPCI.exe
  C:\Windows\System\RDVOPCI.exe
  2⤵
  PID:8912
- C:\Windows\System\VIzDNXT.exe
  C:\Windows\System\VIzDNXT.exe
  2⤵
  PID:8976
- C:\Windows\System\wQBHsGE.exe
  C:\Windows\System\wQBHsGE.exe
  2⤵
  PID:8100
- C:\Windows\System\Upgyknn.exe
  C:\Windows\System\Upgyknn.exe
  2⤵
  PID:9072
- C:\Windows\System\KGorqoc.exe
  C:\Windows\System\KGorqoc.exe
  2⤵
  PID:8016
- C:\Windows\System\uuprVUw.exe
  C:\Windows\System\uuprVUw.exe
  2⤵
  PID:7196
- C:\Windows\System\TtuPKmI.exe
  C:\Windows\System\TtuPKmI.exe
  2⤵
  PID:9164
- C:\Windows\System\rgfZZOD.exe
  C:\Windows\System\rgfZZOD.exe
  2⤵
  PID:9204
- C:\Windows\System\DlxLkTq.exe
  C:\Windows\System\DlxLkTq.exe
  2⤵
  PID:8240
- C:\Windows\System\sMJADNb.exe
  C:\Windows\System\sMJADNb.exe
  2⤵
  PID:8492
- C:\Windows\System\UqGlljd.exe
  C:\Windows\System\UqGlljd.exe
  2⤵
  PID:7860
- C:\Windows\System\zrcbnYP.exe
  C:\Windows\System\zrcbnYP.exe
  2⤵
  PID:6296
- C:\Windows\System\pPNbClf.exe
  C:\Windows\System\pPNbClf.exe
  2⤵
  PID:8720
- C:\Windows\System\OqRtGCh.exe
  C:\Windows\System\OqRtGCh.exe
  2⤵
  PID:8216
- C:\Windows\System\bAUCVcE.exe
  C:\Windows\System\bAUCVcE.exe
  2⤵
  PID:8256
- C:\Windows\System\YakbfPz.exe
  C:\Windows\System\YakbfPz.exe
  2⤵
  PID:8796
- C:\Windows\System\msLydUu.exe
  C:\Windows\System\msLydUu.exe
  2⤵
  PID:8828
- C:\Windows\System\CzPGiiz.exe
  C:\Windows\System\CzPGiiz.exe
  2⤵
  PID:8384
- C:\Windows\System\xyDJqjs.exe
  C:\Windows\System\xyDJqjs.exe
  2⤵
  PID:8476
- C:\Windows\System\cbElAPo.exe
  C:\Windows\System\cbElAPo.exe
  2⤵
  PID:8508
- C:\Windows\System\xPSFbNn.exe
  C:\Windows\System\xPSFbNn.exe
  2⤵
  PID:8572
- C:\Windows\System\bPUhzad.exe
  C:\Windows\System\bPUhzad.exe
  2⤵
  PID:9088
- C:\Windows\System\bUjAlBu.exe
  C:\Windows\System\bUjAlBu.exe
  2⤵
  PID:8672
- C:\Windows\System\uyskemm.exe
  C:\Windows\System\uyskemm.exe
  2⤵
  PID:8732
- C:\Windows\System\AyfXUsm.exe
  C:\Windows\System\AyfXUsm.exe
  2⤵
  PID:8764
- C:\Windows\System\jkXbQkE.exe
  C:\Windows\System\jkXbQkE.exe
  2⤵
  PID:8860
- C:\Windows\System\zFKpmXV.exe
  C:\Windows\System\zFKpmXV.exe
  2⤵
  PID:8924
- C:\Windows\System\voPcDYb.exe
  C:\Windows\System\voPcDYb.exe
  2⤵
  PID:8988
- C:\Windows\System\MdAuoUz.exe
  C:\Windows\System\MdAuoUz.exe
  2⤵
  PID:9056
- C:\Windows\System\GrrXfhM.exe
  C:\Windows\System\GrrXfhM.exe
  2⤵
  PID:8812
- C:\Windows\System\lRsycTU.exe
  C:\Windows\System\lRsycTU.exe
  2⤵
  PID:9188
- C:\Windows\System\MQalVUT.exe
  C:\Windows\System\MQalVUT.exe
  2⤵
  PID:8428
- C:\Windows\System\MRcDOOg.exe
  C:\Windows\System\MRcDOOg.exe
  2⤵
  PID:8656
- C:\Windows\System\XnekBXZ.exe
  C:\Windows\System\XnekBXZ.exe
  2⤵
  PID:9008
- C:\Windows\System\DTgOooA.exe
  C:\Windows\System\DTgOooA.exe
  2⤵
  PID:8144
- C:\Windows\System\snfReCe.exe
  C:\Windows\System\snfReCe.exe
  2⤵
  PID:8368
- C:\Windows\System\pMiJNTQ.exe
  C:\Windows\System\pMiJNTQ.exe
  2⤵
  PID:7180
- C:\Windows\System\jzkdszG.exe
  C:\Windows\System\jzkdszG.exe
  2⤵
  PID:8380
- C:\Windows\System\eHNflYE.exe
  C:\Windows\System\eHNflYE.exe
  2⤵
  PID:8604
- C:\Windows\System\qLjwLAA.exe
  C:\Windows\System\qLjwLAA.exe
  2⤵
  PID:8416
- C:\Windows\System\qhlEyko.exe
  C:\Windows\System\qhlEyko.exe
  2⤵
  PID:8624
- C:\Windows\System\zyRELXC.exe
  C:\Windows\System\zyRELXC.exe
  2⤵
  PID:8288
- C:\Windows\System\IoQfHJu.exe
  C:\Windows\System\IoQfHJu.exe
  2⤵
  PID:8540
- C:\Windows\System\wacHEOv.exe
  C:\Windows\System\wacHEOv.exe
  2⤵
  PID:8700
- C:\Windows\System\QdSkywW.exe
  C:\Windows\System\QdSkywW.exe
  2⤵
  PID:8960
- C:\Windows\System\QvYxAGa.exe
  C:\Windows\System\QvYxAGa.exe
  2⤵
  PID:8272
- C:\Windows\System\fYDHNFc.exe
  C:\Windows\System\fYDHNFc.exe
  2⤵
  PID:8892
- C:\Windows\System\KjqBucp.exe
  C:\Windows\System\KjqBucp.exe
  2⤵
  PID:9184
- C:\Windows\System\oCgeOxD.exe
  C:\Windows\System\oCgeOxD.exe
  2⤵
  PID:9200
- C:\Windows\System\hOiaFwV.exe
  C:\Windows\System\hOiaFwV.exe
  2⤵
  PID:9168
- C:\Windows\System\xyDbZHC.exe
  C:\Windows\System\xyDbZHC.exe
  2⤵
  PID:7728
- C:\Windows\System\rPxyPBw.exe
  C:\Windows\System\rPxyPBw.exe
  2⤵
  PID:8252
- C:\Windows\System\yhbEaMx.exe
  C:\Windows\System\yhbEaMx.exe
  2⤵
  PID:8000
- C:\Windows\System\VnlYyOx.exe
  C:\Windows\System\VnlYyOx.exe
  2⤵
  PID:9120
- C:\Windows\System\dFzCGtT.exe
  C:\Windows\System\dFzCGtT.exe
  2⤵
  PID:8832
- C:\Windows\System\Oycuwzy.exe
  C:\Windows\System\Oycuwzy.exe
  2⤵
  PID:8560
- C:\Windows\System\QKUvOeY.exe
  C:\Windows\System\QKUvOeY.exe
  2⤵
  PID:8880
- C:\Windows\System\hwwvuDs.exe
  C:\Windows\System\hwwvuDs.exe
  2⤵
  PID:8576
- C:\Windows\System\iPnCJfV.exe
  C:\Windows\System\iPnCJfV.exe
  2⤵
  PID:8620
- C:\Windows\System\MfqEyEZ.exe
  C:\Windows\System\MfqEyEZ.exe
  2⤵
  PID:9228
- C:\Windows\System\Zsnfcmc.exe
  C:\Windows\System\Zsnfcmc.exe
  2⤵
  PID:9244
- C:\Windows\System\ShougDG.exe
  C:\Windows\System\ShougDG.exe
  2⤵
  PID:9260
- C:\Windows\System\IdFztgO.exe
  C:\Windows\System\IdFztgO.exe
  2⤵
  PID:9276
- C:\Windows\System\eDQXuEa.exe
  C:\Windows\System\eDQXuEa.exe
  2⤵
  PID:9292
- C:\Windows\System\SzHwpBI.exe
  C:\Windows\System\SzHwpBI.exe
  2⤵
  PID:9308
- C:\Windows\System\jNNbLRy.exe
  C:\Windows\System\jNNbLRy.exe
  2⤵
  PID:9324
- C:\Windows\System\eyZdphT.exe
  C:\Windows\System\eyZdphT.exe
  2⤵
  PID:9340
- C:\Windows\System\wfPNPsJ.exe
  C:\Windows\System\wfPNPsJ.exe
  2⤵
  PID:9356
- C:\Windows\System\xxXylQF.exe
  C:\Windows\System\xxXylQF.exe
  2⤵
  PID:9372
- C:\Windows\System\iyqlmGo.exe
  C:\Windows\System\iyqlmGo.exe
  2⤵
  PID:9388
- C:\Windows\System\GBfpaGz.exe
  C:\Windows\System\GBfpaGz.exe
  2⤵
  PID:9404
- C:\Windows\System\rZylNsb.exe
  C:\Windows\System\rZylNsb.exe
  2⤵
  PID:9420
- C:\Windows\System\oKztYMz.exe
  C:\Windows\System\oKztYMz.exe
  2⤵
  PID:9436
- C:\Windows\System\nliLNVy.exe
  C:\Windows\System\nliLNVy.exe
  2⤵
  PID:9456
- C:\Windows\System\ItPhrxt.exe
  C:\Windows\System\ItPhrxt.exe
  2⤵
  PID:9472
- C:\Windows\System\yzmwXJh.exe
  C:\Windows\System\yzmwXJh.exe
  2⤵
  PID:9560
- C:\Windows\System\ZXICMig.exe
  C:\Windows\System\ZXICMig.exe
  2⤵
  PID:9580
- C:\Windows\System\wdyFzUC.exe
  C:\Windows\System\wdyFzUC.exe
  2⤵
  PID:9596
- C:\Windows\System\tKcLCWD.exe
  C:\Windows\System\tKcLCWD.exe
  2⤵
  PID:9612
- C:\Windows\System\UraACbW.exe
  C:\Windows\System\UraACbW.exe
  2⤵
  PID:9632
- C:\Windows\System\fVCFoeX.exe
  C:\Windows\System\fVCFoeX.exe
  2⤵
  PID:9648
- C:\Windows\System\YVOENNI.exe
  C:\Windows\System\YVOENNI.exe
  2⤵
  PID:9664
- C:\Windows\System\XsMHoIV.exe
  C:\Windows\System\XsMHoIV.exe
  2⤵
  PID:9680
- C:\Windows\System\UWdzEcw.exe
  C:\Windows\System\UWdzEcw.exe
  2⤵
  PID:9696
- C:\Windows\System\pbgcPwa.exe
  C:\Windows\System\pbgcPwa.exe
  2⤵
  PID:9712
- C:\Windows\System\woUreTX.exe
  C:\Windows\System\woUreTX.exe
  2⤵
  PID:9728
- C:\Windows\System\unBMCZG.exe
  C:\Windows\System\unBMCZG.exe
  2⤵
  PID:9748
- C:\Windows\System\WPAkMyN.exe
  C:\Windows\System\WPAkMyN.exe
  2⤵
  PID:9764
- C:\Windows\System\eZzrqKt.exe
  C:\Windows\System\eZzrqKt.exe
  2⤵
  PID:9780
- C:\Windows\System\mdVPzsM.exe
  C:\Windows\System\mdVPzsM.exe
  2⤵
  PID:9804
- C:\Windows\System\ffHgbSu.exe
  C:\Windows\System\ffHgbSu.exe
  2⤵
  PID:9820
- C:\Windows\System\ovYAdaQ.exe
  C:\Windows\System\ovYAdaQ.exe
  2⤵
  PID:9836
- C:\Windows\System\iSGCQxL.exe
  C:\Windows\System\iSGCQxL.exe
  2⤵
  PID:9856
- C:\Windows\System\sGxTYNG.exe
  C:\Windows\System\sGxTYNG.exe
  2⤵
  PID:9872
- C:\Windows\System\yEGYido.exe
  C:\Windows\System\yEGYido.exe
  2⤵
  PID:9888
- C:\Windows\System\lzSrlft.exe
  C:\Windows\System\lzSrlft.exe
  2⤵
  PID:9904
- C:\Windows\System\mVGpTHV.exe
  C:\Windows\System\mVGpTHV.exe
  2⤵
  PID:9920
- C:\Windows\System\MFmmnBr.exe
  C:\Windows\System\MFmmnBr.exe
  2⤵
  PID:9936
- C:\Windows\System\bpVykxg.exe
  C:\Windows\System\bpVykxg.exe
  2⤵
  PID:9960
- C:\Windows\System\fbQLBdi.exe
  C:\Windows\System\fbQLBdi.exe
  2⤵
  PID:9980
- C:\Windows\System\YPcDdAM.exe
  C:\Windows\System\YPcDdAM.exe
  2⤵
  PID:10000
- C:\Windows\System\DfIXvdW.exe
  C:\Windows\System\DfIXvdW.exe
  2⤵
  PID:10020
- C:\Windows\System\vWwTFyR.exe
  C:\Windows\System\vWwTFyR.exe
  2⤵
  PID:10036
- C:\Windows\System\QyuivpX.exe
  C:\Windows\System\QyuivpX.exe
  2⤵
  PID:10052
- C:\Windows\System\aJxITRH.exe
  C:\Windows\System\aJxITRH.exe
  2⤵
  PID:10072
- C:\Windows\System\UuZrVkB.exe
  C:\Windows\System\UuZrVkB.exe
  2⤵
  PID:10088
- C:\Windows\System\VqYDmnq.exe
  C:\Windows\System\VqYDmnq.exe
  2⤵
  PID:10104
- C:\Windows\System\sKeszTR.exe
  C:\Windows\System\sKeszTR.exe
  2⤵
  PID:10120
- C:\Windows\System\DRygAwp.exe
  C:\Windows\System\DRygAwp.exe
  2⤵
  PID:10136
- C:\Windows\System\FvGnsCl.exe
  C:\Windows\System\FvGnsCl.exe
  2⤵
  PID:10152
- C:\Windows\System\fiUFJcM.exe
  C:\Windows\System\fiUFJcM.exe
  2⤵
  PID:10168
- C:\Windows\System\Ogeivot.exe
  C:\Windows\System\Ogeivot.exe
  2⤵
  PID:10184
- C:\Windows\System\KHiWnUO.exe
  C:\Windows\System\KHiWnUO.exe
  2⤵
  PID:10200
- C:\Windows\System\eCPXpqp.exe
  C:\Windows\System\eCPXpqp.exe
  2⤵
  PID:10216
- C:\Windows\System\NcaTeDR.exe
  C:\Windows\System\NcaTeDR.exe
  2⤵
  PID:10236
- C:\Windows\System\rwTvrsL.exe
  C:\Windows\System\rwTvrsL.exe
  2⤵
  PID:9252
- C:\Windows\System\SsnqvQU.exe
  C:\Windows\System\SsnqvQU.exe
  2⤵
  PID:9288
- C:\Windows\System\ukYKiXo.exe
  C:\Windows\System\ukYKiXo.exe
  2⤵
  PID:7648
- C:\Windows\System\TZEcftv.exe
  C:\Windows\System\TZEcftv.exe
  2⤵
  PID:9320
- C:\Windows\System\cUtcRRu.exe
  C:\Windows\System\cUtcRRu.exe
  2⤵
  PID:8544
- C:\Windows\System\NTxKUTy.exe
  C:\Windows\System\NTxKUTy.exe
  2⤵
  PID:9268
- C:\Windows\System\qOezjTN.exe
  C:\Windows\System\qOezjTN.exe
  2⤵
  PID:9336
- C:\Windows\System\KEbgwqi.exe
  C:\Windows\System\KEbgwqi.exe
  2⤵
  PID:9412
- C:\Windows\System\KifUzOz.exe
  C:\Windows\System\KifUzOz.exe
  2⤵
  PID:9364
- C:\Windows\System\iOWIcuP.exe
  C:\Windows\System\iOWIcuP.exe
  2⤵
  PID:9428
- C:\Windows\System\udrEoNb.exe
  C:\Windows\System\udrEoNb.exe
  2⤵
  PID:9468
- C:\Windows\System\XHfmxzf.exe
  C:\Windows\System\XHfmxzf.exe
  2⤵
  PID:9488
- C:\Windows\System\nQTMXHE.exe
  C:\Windows\System\nQTMXHE.exe
  2⤵
  PID:9516
- C:\Windows\System\ijkzZWi.exe
  C:\Windows\System\ijkzZWi.exe
  2⤵
  PID:9524
- C:\Windows\System\jVyBxiv.exe
  C:\Windows\System\jVyBxiv.exe
  2⤵
  PID:9540
- C:\Windows\System\hGfjxVV.exe
  C:\Windows\System\hGfjxVV.exe
  2⤵
  PID:9588
- C:\Windows\System\msySmac.exe
  C:\Windows\System\msySmac.exe
  2⤵
  PID:9628
- C:\Windows\System\UzbzOdh.exe
  C:\Windows\System\UzbzOdh.exe
  2⤵
  PID:9692
- C:\Windows\System\nJxuSMr.exe
  C:\Windows\System\nJxuSMr.exe
  2⤵
  PID:9760
- C:\Windows\System\HhPMWkS.exe
  C:\Windows\System\HhPMWkS.exe
  2⤵
  PID:9604
- C:\Windows\System\DwStxyb.exe
  C:\Windows\System\DwStxyb.exe
  2⤵
  PID:9644
- C:\Windows\System\bUcQtAZ.exe
  C:\Windows\System\bUcQtAZ.exe
  2⤵
  PID:9708
- C:\Windows\System\CaaiVjH.exe
  C:\Windows\System\CaaiVjH.exe
  2⤵
  PID:9772
- C:\Windows\System\lGqwPXZ.exe
  C:\Windows\System\lGqwPXZ.exe
  2⤵
  PID:9828
- C:\Windows\System\fDEGgHA.exe
  C:\Windows\System\fDEGgHA.exe
  2⤵
  PID:9896
- C:\Windows\System\iJZbJsk.exe
  C:\Windows\System\iJZbJsk.exe
  2⤵
  PID:9848
- C:\Windows\System\OClJTqe.exe
  C:\Windows\System\OClJTqe.exe
  2⤵
  PID:9844
- C:\Windows\System\ZABFtez.exe
  C:\Windows\System\ZABFtez.exe
  2⤵
  PID:9884
- C:\Windows\System\kfQkkLt.exe
  C:\Windows\System\kfQkkLt.exe
  2⤵
  PID:9536
- C:\Windows\System\SOQKYjW.exe
  C:\Windows\System\SOQKYjW.exe
  2⤵
  PID:9976
- C:\Windows\System\kAZUhCM.exe
  C:\Windows\System\kAZUhCM.exe
  2⤵
  PID:10048
- C:\Windows\System\SvkBIqF.exe
  C:\Windows\System\SvkBIqF.exe
  2⤵
  PID:2084
- C:\Windows\System\PClSlrl.exe
  C:\Windows\System\PClSlrl.exe
  2⤵
  PID:10176
- C:\Windows\System\NRrqWfB.exe
  C:\Windows\System\NRrqWfB.exe
  2⤵
  PID:10212
- C:\Windows\System\JrdlDdO.exe
  C:\Windows\System\JrdlDdO.exe
  2⤵
  PID:9992
- C:\Windows\System\UpPWQYF.exe
  C:\Windows\System\UpPWQYF.exe
  2⤵
  PID:10064
- C:\Windows\System\PyJwsWP.exe
  C:\Windows\System\PyJwsWP.exe
  2⤵
  PID:10128
- C:\Windows\System\eMHcoKG.exe
  C:\Windows\System\eMHcoKG.exe
  2⤵
  PID:10192
- C:\Windows\System\wPagOFC.exe
  C:\Windows\System\wPagOFC.exe
  2⤵
  PID:10232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BSuvTcb.exe

Filesize
6.0MB

MD5
a8911a5bd0da0f1b5bd8a9f4e3268320

SHA1
7b81658eb55b30672d5c38cec7b7a6fdadc366eb

SHA256
0bf84b720b7b9edc133c4274acc1fa491f6d25bb941a90afd9615ccc03550469

SHA512
64cba3772359049026a57ad0f68d43fae213de142937d6c6e251b631eb623e52ea34affc4b196d5418cf98f421cbba7b80129c058f7603014382055ca0c3adfa

Download Submit
C:\Windows\system\ByUQCJW.exe

Filesize
6.0MB

MD5
ae095045c12295c1cf173638ae5e6470

SHA1
0d408e1cf7ba7d3e904f8f292536f94247b5eb2c

SHA256
2d295a03fa1cc1277a2ec49f2a055ca1d4dfaa524f0948a7cac8445f05922766

SHA512
991333f34bf660a9d0b75f5737692733b2c6c554969cdb916dcb43b078407c0a4968b6ba5767f81ea2f951ca21aa4032396c48b131598fe4525ec59cac8dcca6

Download Submit
C:\Windows\system\FvLCVuF.exe

Filesize
6.0MB

MD5
0b6e1332c474423fddee9aa2009835ba

SHA1
d46711c59cecdc5f0bb16be201c8553034b4e80a

SHA256
39bacb0a5022b184e60cc16714f104209bcb0b1a064a81fd7e4e01dabe0490a0

SHA512
c1d97f2c3149a5591f09422305e4738a04e085d5dd59c84eaaef0169b5ec91a62602553bd3dac06dc5cbbaef6dc102618757a9f5135cea5ef9a0f97a7f305426

Download Submit
C:\Windows\system\MvLllyj.exe

Filesize
6.0MB

MD5
1c2c978dfd6352e3f171bcbc2713b32f

SHA1
66df9f7436301106fe55f3c0f663bb84969c2bdb

SHA256
fd0936f277c0968d9b3f3607a40c934d87b1ea8431cb82591cab0f2ecda40be9

SHA512
200f4eb4ef3cb739ee578ae45a6c940237bba1ff6ffc131b1c113159cc663da564ccd3885687d00ce2df2634ec452da0fce244912c442f8bfc91ddceb7c8e436

Download Submit
C:\Windows\system\NhDjMNQ.exe

Filesize
6.0MB

MD5
a24ce7a9a0b7db516c599645b20cc27d

SHA1
baecd60c0fa9d09e6aae8212fa76291e11a09744

SHA256
e8418727b9a8e1abdb0ab644150a531c0f521a40c5ac3ef2a4f1c4b793e8d8e8

SHA512
b296b655728ace32dc76a050f9c1feb1503192deefcd7048ace7487f316f201283778ca10a41fa774b2666bb47811f0a329271d7275448b6553add56abcf4bd3

Download Submit
C:\Windows\system\OhUVwya.exe

Filesize
6.0MB

MD5
2e05b633471eff9e960e6168ad82d66c

SHA1
162b40b7d039135bf4e379e57306af41d1fa5827

SHA256
4f3ef0e90c8f2fdf562560f44836731f15872c5751bb523108e02b0fa1b0fa02

SHA512
5a9d0f5c02bf81941f71af6df6ca49dba93d2c8a6a597d5e17b4ab208235b107b691b327d96608e773f14dbd434f51549227dad6e4d8fb3931bd6ff06ef850dd

Download Submit
C:\Windows\system\RFeLazT.exe

Filesize
6.0MB

MD5
ddaaabba06fa6d10d3dc92ec8525ad12

SHA1
ed05b67878951b023e7f53f0c9ff1bde0aefb6d6

SHA256
9b526b5117b12e31d1bf37cb1abfca9a6d1c1980fed41ccebb0a0671d569c2c7

SHA512
3721bad62c8ac2cdf8019b3eb1270544c851446dc5770f13be6a98c3b532223f09ca6d73e7556710c708eade99f5c4947014bcf194e0f05d93e1700e6796e316

Download Submit
C:\Windows\system\SJCnqUN.exe

Filesize
6.0MB

MD5
288620f898cd4d211803a0e5ff615499

SHA1
66c8415e98f453e64a59639cf8fde926d4d21905

SHA256
aff86c7cc95c6341573d203e8f35aeb62b08cb136f4651e52372280a5188b4a5

SHA512
73d5df3c1526d65cb99081724635a38ebb565a3f2107f1c552e07a11a221819290060bd4e243c3a48fcee63cf3d1ff78fbf373c55eb4639d0d1583e28b384eb6

Download Submit
C:\Windows\system\USyPEzr.exe

Filesize
6.0MB

MD5
cf3db291b076bfbf869f5feb52cb8623

SHA1
11af6ee7479783c1241015acba2780f5b9cdc2cf

SHA256
1f05a42f82bf624b4ed08d0f9b229b3978f83ce132277d094af03e5d9ff0eb72

SHA512
a2bcc5ba52b82084f6b8ba4d78d235b00dd73b3212b1622051ac8c8881180a74ad0cdbde707666626a8d59339513b128a660b0ad81d8fab74fc74479939fafd7

Download Submit
C:\Windows\system\WFThRpI.exe

Filesize
6.0MB

MD5
f2b19994caa8dca97b579fb1502eab47

SHA1
0a7bb46c36319e74f780d03834eb522cf779fdda

SHA256
90ff2e3511c458240d447d0b465e173905ffa70d16f8472e0db800f75a0472e9

SHA512
9a7cd6e10eff84fdd0743e9ba0c5391f3256e0a87bb3920a9f8f0bec7ac08b90f252f90d96e577c0c9b993005c2dadf85e30e7cb0393102c0c920f76f6362ef6

Download Submit
C:\Windows\system\YzHvovr.exe

Filesize
6.0MB

MD5
7aee65765c7a7f05cf792d24833c7e3c

SHA1
ea628f93124cbe343ccf01752bb8c0102b0b38bd

SHA256
768013728452d2a633b0f13a1e0f0f8e9dcb65c7dd0e2cb1f4ba82b94ebc163a

SHA512
db2282bf3457793cb17ccc10f9973b6a936c795fc61a934a1f78599d292657722a64c73858e1c0da833789915cb4d2ac9975de4759edadba9aa762f8f7ea8652

Download Submit
C:\Windows\system\aDndJes.exe

Filesize
6.0MB

MD5
02148b2c4c8204ce3b93c6b362e0f2a9

SHA1
3fb0a1d765a65f8973732b099d0f6809d54fbd06

SHA256
6eb112114ad478a87f53b4706a268d7563ad2e387e816f83b1507a9574592d8d

SHA512
e740fa8ff2283697162a2ded40b6c3ad4c33894f3a0ef6d61e813bc967f7ceb823abaf633f6528db6ad4c89d70b9e159ed9710ed8a8c9779d877ecbd5bb384e6

Download Submit
C:\Windows\system\cnOshSW.exe

Filesize
6.0MB

MD5
840ad4d1eef2cd2c6c7000826c17f495

SHA1
608adecbe7505f5e441c0a7153bc08f3aab8fa98

SHA256
5aeb9484f60f60f99200e91adcbc245f79d940354c66b80e5c9c595c175b9647

SHA512
521e98a700f8f1464b1863e82a503a209ec142cbf005a671014acb283efbbdb580d3787b82c43f94bc12031ffa96e4eb7c9fcb39973f45ba0a582bd6c56e5be7

Download Submit
C:\Windows\system\dSBgBDk.exe

Filesize
6.0MB

MD5
72e051f1d366e3c3d573c42f1d0b5e8b

SHA1
97266b1fe985b9f6a3d5811f2f3e92c950fe3812

SHA256
a1e287ea95bb4ab6a4e4e0d9aceddfa9fcefc0bae5d377089a98f3a5e0dbf693

SHA512
6f4f0bef8fa1bf9bf71d1504a6e319a964308fb7df09515128f4d64d29feabf65dbe78316f773c71a5d95f6d3bc1663a9c5c2f504334796fd954ad2db0f0b8fb

Download Submit
C:\Windows\system\eKBymRK.exe

Filesize
6.0MB

MD5
60ab606f737b3f0d103617b2cd29cae1

SHA1
51a7c45946be9120b75788c25e0cd83c70ddc33f

SHA256
c9e66cb6d7e4b6c3ced0d3fcba4ba9cc08b303af39a68671fce754b6fd36b266

SHA512
c61222fb54604c963bd30550628080e2c8af899ff3a8371f9649f683189627b9fe09985ce24d113a7a90a3c4b65a836a8b316a6e7022e8d404d2f0482134beb6

Download Submit
C:\Windows\system\elhOdlo.exe

Filesize
6.0MB

MD5
3c1877f724dcae2fd1b65328f3555013

SHA1
4d978e9f2e94884673289fdcfdf92950670cdb37

SHA256
9cc72363f491e0607be4fafcddd1f7132c13ebede2e4f2f15f04851145658d5e

SHA512
bb4656f49aae7ff7cbd3ee8d0f631a2697fed152deed685e58b1407384525f4baa22d688f3c9ec50a2c413288dc6a142039d01a5c5e0227157ca61ef88b26d44

Download Submit
C:\Windows\system\hflnnTj.exe

Filesize
6.0MB

MD5
0edae0739409abaeef11acf1c26b0f0d

SHA1
187cc3c53f69be062e5a8156e112efdd740c91fe

SHA256
1958ed95f464a3c1700d948329c9b18e1dda8e35360aa33aa6a3f131378fb981

SHA512
d63944984b3f57f7e1542d6e19a690feea6c78c271a8d54bd152ce570dbe301a4629306621d084d3995fb695f140186ab3fa759c422ef3bba666601f7c842a12

Download Submit
C:\Windows\system\kDDBlZE.exe

Filesize
6.0MB

MD5
cbac216b1c9f7eaa91a68723c1330f16

SHA1
4d598e32c3fc27028c38b860cc919bc14ea901f6

SHA256
9c86d64355ca26b97782f01ebee6ad9b3e1bdba0033e4b07c5f4981fcf10324c

SHA512
9d47744a402dc6c8af0b0a34b57e71c99bccb787d3e21c41dd94138f6aa27556a0aef09fac5433ab18298d048b0155a9b6c48eb2139a5811beb5d8e9ec7b0399

Download Submit
C:\Windows\system\mEiyiQi.exe

Filesize
6.0MB

MD5
5a5bb6a4987f0420a3aba5a869375799

SHA1
20cf2cfcc6103a6ac610ed862bede7560b05c3aa

SHA256
b96449dc84b1182417088441ebabe4954483bd03575917d9f58ab342dd40d8cc

SHA512
daa861f8fde462efc51311258688c2ee14d5927e789f5cd0473534b722bb44dd2cebe51bca874102b17148a6acf426386a6a6e53f1df99eb833fb22da712b392

Download Submit
C:\Windows\system\mMnHYWo.exe

Filesize
6.0MB

MD5
28b05697d23149ed072fcf76488d0191

SHA1
1fdde033610b27443905e6873deaddd969180738

SHA256
2f8bd0d2afa6a9603a417ece674214a27afc8063cb8554e9c8660b3ef654cedf

SHA512
821a89261c61559abd2c264a1029d848110579962a33ce6ddf67d35e2633e9df25b6718852356f6d86dd18f665d0278f3d570b3507a0568f5780c30611d4a24f

Download Submit
C:\Windows\system\oxpXdPg.exe

Filesize
6.0MB

MD5
7c37e35ddd69418dff9eb78bf046ca88

SHA1
a612b9679183c0592351007ea40023f22ecbcb26

SHA256
4dc08deffeff868d9a498bd90e3485b97d2367b795924f2d148dda72d7a3af42

SHA512
dcaf01768ba7bea02290c47c962496f85f546419b29b9423f7e2e348568a811c1764bbe3e6e1867675e30e3b243c351b14b6e1f6af8559ee6b83edca35ae4964

Download Submit
C:\Windows\system\sVlPfNE.exe

Filesize
6.0MB

MD5
b98f8f0b0541ef3639e6ed77b1c2ba2b

SHA1
f2758783b099115629c5800f6b862839ebb92672

SHA256
bf54d60b8c7c77df24e04082d9121f8bf5992ee49e0a1bb17c48f73d7577780b

SHA512
2cb8e1301fb0168d8f4d75ec8bc8f1a5a8885863ff02d8cedc6ba0d8edd93da303460fc17cc43191e89c76bf35e9733e39c5f110a99147ee7b66d39fa76e846f

Download Submit
C:\Windows\system\snYRQPR.exe

Filesize
6.0MB

MD5
3ccc8a3aabfea77ec7f99faf9665849d

SHA1
3ead337049bbbbe475c2f73ce4f761c90c1221da

SHA256
a16df758b88274f7f436e8a32dadc2e5b9df0da796419f44b454874a3aaff010

SHA512
6523b254c6e8dc314bca6afc7b2bbd303af5897d9664d44a668fa8da1d79edf9e8304cb36c57536ed6d2491680bf56e0b53ecde47974646fd8e60574b589a303

Download Submit
C:\Windows\system\tKLeKuL.exe

Filesize
6.0MB

MD5
b93846fd0cd6965950315b4a293bf043

SHA1
32fbf011d7782acd23ed838fe6d30efa80f336e4

SHA256
52f161d1abf9b74368a027b0b1754135f8c2a188fdd3f417f91834a620e94324

SHA512
d4eb34b66de425f2791aaa15dc83f48a9413610c7bd0baac8c1a193d763d1bdd880878af9d14488038f963f8bc44e984ecbc05dd69fd15e33115d48d9be8858c

Download Submit
C:\Windows\system\wIDxPJa.exe

Filesize
6.0MB

MD5
0c77a70e67cd101fc34ba348ce0a9dbf

SHA1
867c483e310e8d267ef6abb4057f0f8f02defee7

SHA256
45e6edc6234f325369f61518950681c3ae37cc7269dbe921f86e0a3002218e46

SHA512
98807e138faa646a2689c386a7602e695aa51668ff628648d89447e696c2872b41b73f697955ee4ebbc9b2ff5b1b9da8a88d3ce2688b40211aa926c53183497c

Download Submit
\Windows\system\FAbWrhT.exe

Filesize
6.0MB

MD5
aaf362745b3a588482c1487e7cb8cbab

SHA1
3148047a3246c5426463708fc4a6e3271a636717

SHA256
b10372ca12a6df2d24c6775eee4c73eeb825a4866aa7e88c969558f1069b90ca

SHA512
2fb3f1719caae34ae64a86e490c45045ccca25431c0fbe018ebcae4e7fdf7bcba5912ec07dbdac5d09ce8dfeb606934f24e16b73cec749c388a24eb73fa54947

Download Submit
\Windows\system\LyhanCA.exe

Filesize
6.0MB

MD5
ffd5fea6d2e1d6261f95ad7d20218e53

SHA1
3b25eb33c217a4cea8e0e201706639c7766c791c

SHA256
4e79d83d229c1e008d8d84f96aaf208096580b6f2ce7a164c464d313643e8fc4

SHA512
e81f32cfb9ffdc5561b3ca514da4cb510c4680d7196c8b9cc0e6599c2191bc3487b796a1aaa72446fe1017c45c9ea0c15df3a117022fa8751ca0a2d4d5344640

Download Submit
\Windows\system\PMkCsax.exe

Filesize
6.0MB

MD5
260bef77aff848ce49065a7e665a3a59

SHA1
fa1beca0b3d91c706f56d5e00b00369d322dc618

SHA256
14599da490aa6c6e767367c18e70e54f81c54f9c670d9d6c784471b997f99463

SHA512
11ee41afac59c7d99dec9ad2100e0a77768ffb051f8ee8b8acb63a3dda27e350001dff0daf9601c23dd3957b8cf3efec6291c5fddb15558cdf00af6a9093f0f1

Download Submit
\Windows\system\PRRPUnW.exe

Filesize
6.0MB

MD5
5674294e6795cc9057527a0706730270

SHA1
c4ac6aa1cc2cb3cff783a535b296c5472055f592

SHA256
8a1a7881297d1dcbf6e4f442ddd4c45e05940871939324692c8d569fbb39eb3b

SHA512
cd2698971639807e4e6c8785c52407823569479291a4e4eac22db8cb72d85ee1f46a9b9a4f1ff783f5a9bd6ea848980a87eb6ee53824e366e158dfd5bc490f11

Download Submit
\Windows\system\SOOMPdZ.exe

Filesize
6.0MB

MD5
f6686b41ac4d2cce560d093536d220db

SHA1
ea86f177c79a31c16425b53fa5cd9f990b199c11

SHA256
e3fbe2e379b7483ad2dc432891ad8a85dae2ad99ccf6a9c304dfcb99b4446f1e

SHA512
3cde5a82d02b9c990eeb9229c31ff3ce348f07a000326219a44ed10f4a549b09a643c89bdd96aa0c8ddceb590d26263b599554be6525296e71c7b79f85396317

Download Submit
\Windows\system\UWoRFzs.exe

Filesize
6.0MB

MD5
3d80bb428e1e13c5b441b3a8ba9f7627

SHA1
4525f108df7653311d0f0c2eab58489132ba8bb7

SHA256
d8d881c9d49f746858d31366e631b05a0295715bf00b137a8abbe2b800a55065

SHA512
759afb424aa384b14bbaced17652cefef4d25d95a89de145886250ea76bfb4efeb6a1e7e44932a24c84884a511786415a5ec363b74540bd66b81399a4038ad2d

Download Submit
\Windows\system\VhFfejn.exe

Filesize
6.0MB

MD5
0779cc7bc124c1a5ab7b5ba56584249d

SHA1
41c7650fec4b93e75ad45d34827516af58f48af2

SHA256
cc224f58611a684607bd8c22c08520d04bea47134bf7f691d34d8ae574575b8e

SHA512
70375e3457646cf608d766f89e1b4afd902822d148ad771cbdbf1f8205cd2deafe11ed6f1107842424f2a2c48718c637385957650e2d9d079c144722a95c1a14

Download Submit
\Windows\system\gCHuxDw.exe

Filesize
6.0MB

MD5
afc0d032b78415d684430a849ef8ef36

SHA1
0116ae9dd4652bbc71046314d631926f6b8471b0

SHA256
8957b313702e3cef83c88325d5e3aa625d8b7d87a9f5924bfa10ce4c105b61ce

SHA512
857873f398ad6ccee37bf0c96430e9bb2188c0cb5ca212976ea1db1288cf6ee886929f17bee2c542b7c84232dca7758f5a6f6d3e3872dbde1c800e8963696a94

Download Submit
\Windows\system\mFemfZJ.exe

Filesize
6.0MB

MD5
04610e2a387c4e5a23c2bac824ff316f

SHA1
cf8c0bfd7a025fa4e94e002e44dd00d998f05396

SHA256
705e430b4ed43927d29cbde41bd9c61c3d26b84dc4713769b892e84ea4d347e7

SHA512
4bd95ca654eab2788a235d7b98ad620cc3fbe26de6edaa0864123c875e08635d8140d81beebd13135ef9166fd225fb45df6f13c92daad8fcad17d8f344bbe8fc

Download Submit
\Windows\system\opzvJnz.exe

Filesize
6.0MB

MD5
30fae2b765c13801c71dbf913ac6f7df

SHA1
2003057303298cd8b6ef55613f005778fd924e49

SHA256
48038d2839980e15ab6b84c10d1f305ef6e73225b366e5c320ab767acc34019e

SHA512
460d38b5a13c6e9cd946a8a0d71ba396c5b0609ce8635ea063a37221b45eb4ce0eb930c277c0c5ebf4bfe68e5c59887bf64561e4635336258a4ebafcf60e2964

Download Submit
memory/1660-373-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-4128-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-77-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1872-4372-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1872-94-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2484-4126-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2484-22-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2604-49-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4136-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-64-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4138-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-45-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4127-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4125-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2684-69-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4130-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2740-20-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2756-101-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-67-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2756-25-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2756-99-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2756-570-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2756-770-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2756-93-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2756-21-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2756-86-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1161-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-78-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2756-975-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2756-76-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2756-19-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2756-16-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2756-68-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2756-54-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-0-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2756-109-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-40-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2756-62-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-60-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2756-79-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2780-71-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4129-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2780-254-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4137-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2864-66-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4124-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2888-23-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2944-4135-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2944-976-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2944-100-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2948-87-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4134-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2948-572-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4139-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2972-95-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2972-29-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download