cobaltstrike | 4499c3f2adf625bff8396e7514cdfa52d3e29d97c31700bc3eaea16b7b2e3728

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 06:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

57721ae37b50163934ddfc63c755c687
SHA1

e9fe851891e565d8a16387ea8bfa474b583e3d81
SHA256

4499c3f2adf625bff8396e7514cdfa52d3e29d97c31700bc3eaea16b7b2e3728
SHA512

1ad4f127c3f7bd1c6bd43cf76c32fb795b83901b5116f4c6fa9481b0f112ea842c490b4c41dcf4c2a68de70056f907e6944746bd5c62cb3486ae27945225ad16
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUq:eOl56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000016d17-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3b-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d1f-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d46-33.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-197.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-105.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cc9-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-63.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d66-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-22.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000012263-14.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/272-0-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d17-10.dat	xmrig
behavioral1/files/0x0007000000016d3b-31.dat	xmrig
behavioral1/files/0x0008000000016d1f-35.dat	xmrig
behavioral1/memory/2956-36-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2920-34-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d46-33.dat	xmrig
behavioral1/memory/272-41-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2776-43-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1864-50-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d0-56.dat	xmrig
behavioral1/files/0x00050000000194e4-72.dat	xmrig
behavioral1/memory/2460-81-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2524-90-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/3008-98-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/1068-107-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x00050000000195f7-124.dat	xmrig
behavioral1/files/0x00050000000195fb-134.dat	xmrig
behavioral1/files/0x0005000000019605-162.dat	xmrig
behavioral1/files/0x0005000000019c34-197.dat	xmrig
behavioral1/memory/2460-363-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/1068-821-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/272-914-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/3008-674-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2524-489-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/272-278-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2632-204-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c32-194.dat	xmrig
behavioral1/files/0x0005000000019999-189.dat	xmrig
behavioral1/files/0x00050000000196ed-184.dat	xmrig
behavioral1/files/0x0005000000019659-174.dat	xmrig
behavioral1/files/0x000500000001969b-179.dat	xmrig
behavioral1/files/0x0005000000019615-169.dat	xmrig
behavioral1/files/0x0005000000019603-159.dat	xmrig
behavioral1/files/0x0005000000019601-155.dat	xmrig
behavioral1/files/0x00050000000195fe-145.dat	xmrig
behavioral1/files/0x00050000000195ff-149.dat	xmrig
behavioral1/files/0x00050000000195fd-140.dat	xmrig
behavioral1/files/0x00050000000195f9-130.dat	xmrig
behavioral1/files/0x00050000000195c0-119.dat	xmrig
behavioral1/files/0x0005000000019581-114.dat	xmrig
behavioral1/memory/272-112-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/272-111-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2804-106-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x000500000001955c-105.dat	xmrig
behavioral1/memory/3056-97-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cc9-96.dat	xmrig
behavioral1/memory/1864-89-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019551-88.dat	xmrig
behavioral1/files/0x00050000000194e6-80.dat	xmrig
behavioral1/memory/272-78-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2956-77-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2632-74-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2920-73-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/1900-68-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2804-64-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x00050000000194da-63.dat	xmrig
behavioral1/memory/3056-57-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1176-49-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2092-48-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d66-47.dat	xmrig
behavioral1/files/0x0007000000016d42-22.dat	xmrig
behavioral1/memory/2092-15-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-14.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2092	jdVtVAE.exe
1176	XqJmEiz.exe
1900	qZXflCH.exe
2920	EmCeXxU.exe
2956	kFgZhbu.exe
2776	xCmftnc.exe
1864	jfxKLWw.exe
3056	WyFbkSj.exe
2804	sQGWbgb.exe
2632	RWtWUwo.exe
2460	HMVHcvi.exe
2524	pPlhytb.exe
3008	yOPMWPm.exe
1068	QlsjHVE.exe
2452	gcxudjU.exe
3000	RBmtrjc.exe
2980	MeeasFS.exe
904	AfiYqGq.exe
2872	IuwLJeB.exe
2812	fpFTBJq.exe
1840	jwuCyem.exe
336	hReeJAr.exe
2488	YLHQFsm.exe
2500	YznLZFy.exe
408	cQYsnzy.exe
2604	xvimaaB.exe
1168	LTkGDKw.exe
1716	UAkIWux.exe
1016	OwGzgQk.exe
2416	TGhxrkc.exe
3012	vsQbwXH.exe
1472	DtamPmv.exe
1428	JXApHKR.exe
2528	bWgOGId.exe
2164	ZoZbeTc.exe
2012	ywaLixZ.exe
1784	KbYCtjy.exe
2224	FgpSQDB.exe
1424	kIZNjXx.exe
1020	ShjOKno.exe
1968	sclySnQ.exe
912	UdLHQqj.exe
1640	JhZEZVD.exe
692	WeFkhmV.exe
936	ZoPShlt.exe
1524	DdLKzBr.exe
2392	Nznsunx.exe
2304	crIfOvh.exe
2724	CnfTILd.exe
2876	xlTdyQf.exe
2796	anjLlow.exe
812	XWCSouL.exe
2556	BXGnJAo.exe
1416	GImYfiF.exe
2884	OrpMKMB.exe
1028	lXeblTz.exe
2808	mRoPxfO.exe
860	IjjxWuT.exe
548	lukgyaY.exe
2496	QvtfxEi.exe
1692	lMoSyXY.exe
2212	vlzQMlY.exe
284	sEsUyxB.exe
1720	jdBulxE.exe

Loads dropped DLL 64 IoCs

pid	Process
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/272-0-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0007000000016d17-10.dat	upx
behavioral1/files/0x0007000000016d3b-31.dat	upx
behavioral1/files/0x0008000000016d1f-35.dat	upx
behavioral1/memory/2956-36-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2920-34-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0007000000016d46-33.dat	upx
behavioral1/memory/272-41-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2776-43-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1864-50-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x00050000000194d0-56.dat	upx
behavioral1/files/0x00050000000194e4-72.dat	upx
behavioral1/memory/2460-81-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2524-90-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/3008-98-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/1068-107-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x00050000000195f7-124.dat	upx
behavioral1/files/0x00050000000195fb-134.dat	upx
behavioral1/files/0x0005000000019605-162.dat	upx
behavioral1/files/0x0005000000019c34-197.dat	upx
behavioral1/memory/2460-363-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/1068-821-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/3008-674-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2524-489-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2632-204-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0005000000019c32-194.dat	upx
behavioral1/files/0x0005000000019999-189.dat	upx
behavioral1/files/0x00050000000196ed-184.dat	upx
behavioral1/files/0x0005000000019659-174.dat	upx
behavioral1/files/0x000500000001969b-179.dat	upx
behavioral1/files/0x0005000000019615-169.dat	upx
behavioral1/files/0x0005000000019603-159.dat	upx
behavioral1/files/0x0005000000019601-155.dat	upx
behavioral1/files/0x00050000000195fe-145.dat	upx
behavioral1/files/0x00050000000195ff-149.dat	upx
behavioral1/files/0x00050000000195fd-140.dat	upx
behavioral1/files/0x00050000000195f9-130.dat	upx
behavioral1/files/0x00050000000195c0-119.dat	upx
behavioral1/files/0x0005000000019581-114.dat	upx
behavioral1/memory/2804-106-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x000500000001955c-105.dat	upx
behavioral1/memory/3056-97-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0009000000016cc9-96.dat	upx
behavioral1/memory/1864-89-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0005000000019551-88.dat	upx
behavioral1/files/0x00050000000194e6-80.dat	upx
behavioral1/memory/2956-77-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2632-74-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2920-73-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1900-68-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2804-64-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x00050000000194da-63.dat	upx
behavioral1/memory/3056-57-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1176-49-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2092-48-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0008000000016d66-47.dat	upx
behavioral1/files/0x0007000000016d42-22.dat	upx
behavioral1/memory/2092-15-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000c000000012263-14.dat	upx
behavioral1/memory/1900-32-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/1176-19-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/3056-3231-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1176-3230-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/1900-3237-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zDsmAsn.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORFners.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBDJdOi.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vweIcCR.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSSGoND.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nznsunx.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjiXHId.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUXNcFx.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfZkGXH.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzYwIvZ.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybWJxrG.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Uqbqdup.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvzzwiO.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpaoGlA.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owCZjQS.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RotZrQn.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkJxPUW.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArbnlKL.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrMNfhr.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\domOwmq.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiPoGkB.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRVyMMm.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrLDviO.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjCBEDJ.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPkyVEa.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWWHjUV.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdjdCoi.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBVNLIK.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFTQDRi.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDzmoLr.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyDGgmp.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUQpDcD.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdnZFwL.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DILrskd.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyURBMt.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGhgGcs.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLddxPk.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfDuqVq.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVURhPd.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERFzrMM.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXgNIDm.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhrfoOq.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtwuRiP.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnOaTRv.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkyVXFZ.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmHueRH.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkxOWRN.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQqEOBp.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miFCZtc.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjVhGwa.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBEeGew.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqpVQma.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbWMYzC.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUWpCTO.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqnhUxl.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnctqFq.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRNqvLw.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFFbogt.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvYMlaU.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQKLdLO.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amsbRQx.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXDHHMn.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MORVqdb.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsTsaQf.exe	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 272 wrote to memory of 1176	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 272 wrote to memory of 1176	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 272 wrote to memory of 1176	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 272 wrote to memory of 2092	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 272 wrote to memory of 2092	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 272 wrote to memory of 2092	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 272 wrote to memory of 2956	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 272 wrote to memory of 2956	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 272 wrote to memory of 2956	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 272 wrote to memory of 1900	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 272 wrote to memory of 1900	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 272 wrote to memory of 1900	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 272 wrote to memory of 2776	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 272 wrote to memory of 2776	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 272 wrote to memory of 2776	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 272 wrote to memory of 2920	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 272 wrote to memory of 2920	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 272 wrote to memory of 2920	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 272 wrote to memory of 1864	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 272 wrote to memory of 1864	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 272 wrote to memory of 1864	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 272 wrote to memory of 3056	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 272 wrote to memory of 3056	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 272 wrote to memory of 3056	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 272 wrote to memory of 2804	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 272 wrote to memory of 2804	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 272 wrote to memory of 2804	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 272 wrote to memory of 2632	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 272 wrote to memory of 2632	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 272 wrote to memory of 2632	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 272 wrote to memory of 2460	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 272 wrote to memory of 2460	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 272 wrote to memory of 2460	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 272 wrote to memory of 2524	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 272 wrote to memory of 2524	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 272 wrote to memory of 2524	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 272 wrote to memory of 3008	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 272 wrote to memory of 3008	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 272 wrote to memory of 3008	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 272 wrote to memory of 1068	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 272 wrote to memory of 1068	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 272 wrote to memory of 1068	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 272 wrote to memory of 2452	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 272 wrote to memory of 2452	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 272 wrote to memory of 2452	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 272 wrote to memory of 3000	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 272 wrote to memory of 3000	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 272 wrote to memory of 3000	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 272 wrote to memory of 2980	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 272 wrote to memory of 2980	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 272 wrote to memory of 2980	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 272 wrote to memory of 904	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 272 wrote to memory of 904	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 272 wrote to memory of 904	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 272 wrote to memory of 2872	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 272 wrote to memory of 2872	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 272 wrote to memory of 2872	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 272 wrote to memory of 2812	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 272 wrote to memory of 2812	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 272 wrote to memory of 2812	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 272 wrote to memory of 1840	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 272 wrote to memory of 1840	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 272 wrote to memory of 1840	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 272 wrote to memory of 336	272	2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-29_57721ae37b50163934ddfc63c755c687_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:272
- C:\Windows\System\XqJmEiz.exe
  C:\Windows\System\XqJmEiz.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\jdVtVAE.exe
  C:\Windows\System\jdVtVAE.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\kFgZhbu.exe
  C:\Windows\System\kFgZhbu.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\qZXflCH.exe
  C:\Windows\System\qZXflCH.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\xCmftnc.exe
  C:\Windows\System\xCmftnc.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\EmCeXxU.exe
  C:\Windows\System\EmCeXxU.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\jfxKLWw.exe
  C:\Windows\System\jfxKLWw.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\WyFbkSj.exe
  C:\Windows\System\WyFbkSj.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\sQGWbgb.exe
  C:\Windows\System\sQGWbgb.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\RWtWUwo.exe
  C:\Windows\System\RWtWUwo.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\HMVHcvi.exe
  C:\Windows\System\HMVHcvi.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\pPlhytb.exe
  C:\Windows\System\pPlhytb.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\yOPMWPm.exe
  C:\Windows\System\yOPMWPm.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\QlsjHVE.exe
  C:\Windows\System\QlsjHVE.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\gcxudjU.exe
  C:\Windows\System\gcxudjU.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\RBmtrjc.exe
  C:\Windows\System\RBmtrjc.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\MeeasFS.exe
  C:\Windows\System\MeeasFS.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\AfiYqGq.exe
  C:\Windows\System\AfiYqGq.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\IuwLJeB.exe
  C:\Windows\System\IuwLJeB.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\fpFTBJq.exe
  C:\Windows\System\fpFTBJq.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\jwuCyem.exe
  C:\Windows\System\jwuCyem.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\hReeJAr.exe
  C:\Windows\System\hReeJAr.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\YLHQFsm.exe
  C:\Windows\System\YLHQFsm.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\YznLZFy.exe
  C:\Windows\System\YznLZFy.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\cQYsnzy.exe
  C:\Windows\System\cQYsnzy.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\xvimaaB.exe
  C:\Windows\System\xvimaaB.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\LTkGDKw.exe
  C:\Windows\System\LTkGDKw.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\UAkIWux.exe
  C:\Windows\System\UAkIWux.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\OwGzgQk.exe
  C:\Windows\System\OwGzgQk.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\TGhxrkc.exe
  C:\Windows\System\TGhxrkc.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\vsQbwXH.exe
  C:\Windows\System\vsQbwXH.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\DtamPmv.exe
  C:\Windows\System\DtamPmv.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\JXApHKR.exe
  C:\Windows\System\JXApHKR.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\bWgOGId.exe
  C:\Windows\System\bWgOGId.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\ZoZbeTc.exe
  C:\Windows\System\ZoZbeTc.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ywaLixZ.exe
  C:\Windows\System\ywaLixZ.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\KbYCtjy.exe
  C:\Windows\System\KbYCtjy.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\FgpSQDB.exe
  C:\Windows\System\FgpSQDB.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\kIZNjXx.exe
  C:\Windows\System\kIZNjXx.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\ShjOKno.exe
  C:\Windows\System\ShjOKno.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\sclySnQ.exe
  C:\Windows\System\sclySnQ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\UdLHQqj.exe
  C:\Windows\System\UdLHQqj.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\JhZEZVD.exe
  C:\Windows\System\JhZEZVD.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\WeFkhmV.exe
  C:\Windows\System\WeFkhmV.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ZoPShlt.exe
  C:\Windows\System\ZoPShlt.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\DdLKzBr.exe
  C:\Windows\System\DdLKzBr.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\Nznsunx.exe
  C:\Windows\System\Nznsunx.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\crIfOvh.exe
  C:\Windows\System\crIfOvh.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\CnfTILd.exe
  C:\Windows\System\CnfTILd.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\xlTdyQf.exe
  C:\Windows\System\xlTdyQf.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\anjLlow.exe
  C:\Windows\System\anjLlow.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\XWCSouL.exe
  C:\Windows\System\XWCSouL.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\BXGnJAo.exe
  C:\Windows\System\BXGnJAo.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\GImYfiF.exe
  C:\Windows\System\GImYfiF.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\OrpMKMB.exe
  C:\Windows\System\OrpMKMB.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\lXeblTz.exe
  C:\Windows\System\lXeblTz.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\mRoPxfO.exe
  C:\Windows\System\mRoPxfO.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\IjjxWuT.exe
  C:\Windows\System\IjjxWuT.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\lukgyaY.exe
  C:\Windows\System\lukgyaY.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\QvtfxEi.exe
  C:\Windows\System\QvtfxEi.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\lMoSyXY.exe
  C:\Windows\System\lMoSyXY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\vlzQMlY.exe
  C:\Windows\System\vlzQMlY.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\sEsUyxB.exe
  C:\Windows\System\sEsUyxB.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\jdBulxE.exe
  C:\Windows\System\jdBulxE.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\ziDhNSW.exe
  C:\Windows\System\ziDhNSW.exe
  2⤵
  PID:1284
- C:\Windows\System\CanJBYI.exe
  C:\Windows\System\CanJBYI.exe
  2⤵
  PID:2216
- C:\Windows\System\AqpoNvg.exe
  C:\Windows\System\AqpoNvg.exe
  2⤵
  PID:468
- C:\Windows\System\nWyhHbf.exe
  C:\Windows\System\nWyhHbf.exe
  2⤵
  PID:2100
- C:\Windows\System\OBJmKll.exe
  C:\Windows\System\OBJmKll.exe
  2⤵
  PID:592
- C:\Windows\System\aBQzYDC.exe
  C:\Windows\System\aBQzYDC.exe
  2⤵
  PID:1964
- C:\Windows\System\wqAwZlU.exe
  C:\Windows\System\wqAwZlU.exe
  2⤵
  PID:1648
- C:\Windows\System\ztWhDdg.exe
  C:\Windows\System\ztWhDdg.exe
  2⤵
  PID:1516
- C:\Windows\System\GgTlYNF.exe
  C:\Windows\System\GgTlYNF.exe
  2⤵
  PID:2568
- C:\Windows\System\UgZISFp.exe
  C:\Windows\System\UgZISFp.exe
  2⤵
  PID:792
- C:\Windows\System\RDveINc.exe
  C:\Windows\System\RDveINc.exe
  2⤵
  PID:2940
- C:\Windows\System\TaKJGsV.exe
  C:\Windows\System\TaKJGsV.exe
  2⤵
  PID:2844
- C:\Windows\System\uGHWnKb.exe
  C:\Windows\System\uGHWnKb.exe
  2⤵
  PID:2660
- C:\Windows\System\MUXLbqO.exe
  C:\Windows\System\MUXLbqO.exe
  2⤵
  PID:2168
- C:\Windows\System\JOMeQcM.exe
  C:\Windows\System\JOMeQcM.exe
  2⤵
  PID:3048
- C:\Windows\System\zpeAIrw.exe
  C:\Windows\System\zpeAIrw.exe
  2⤵
  PID:2904
- C:\Windows\System\VhKAJep.exe
  C:\Windows\System\VhKAJep.exe
  2⤵
  PID:2868
- C:\Windows\System\DwFXtvU.exe
  C:\Windows\System\DwFXtvU.exe
  2⤵
  PID:1744
- C:\Windows\System\ppUDdgA.exe
  C:\Windows\System\ppUDdgA.exe
  2⤵
  PID:2192
- C:\Windows\System\fHLpNwZ.exe
  C:\Windows\System\fHLpNwZ.exe
  2⤵
  PID:3080
- C:\Windows\System\LKFEtGI.exe
  C:\Windows\System\LKFEtGI.exe
  2⤵
  PID:3100
- C:\Windows\System\lrVBSep.exe
  C:\Windows\System\lrVBSep.exe
  2⤵
  PID:3120
- C:\Windows\System\YvYGPIk.exe
  C:\Windows\System\YvYGPIk.exe
  2⤵
  PID:3144
- C:\Windows\System\ROZojMe.exe
  C:\Windows\System\ROZojMe.exe
  2⤵
  PID:3164
- C:\Windows\System\wkgeYNs.exe
  C:\Windows\System\wkgeYNs.exe
  2⤵
  PID:3184
- C:\Windows\System\VtHQrsh.exe
  C:\Windows\System\VtHQrsh.exe
  2⤵
  PID:3204
- C:\Windows\System\qsYxLaC.exe
  C:\Windows\System\qsYxLaC.exe
  2⤵
  PID:3224
- C:\Windows\System\BKDYUSU.exe
  C:\Windows\System\BKDYUSU.exe
  2⤵
  PID:3244
- C:\Windows\System\BMaAXXc.exe
  C:\Windows\System\BMaAXXc.exe
  2⤵
  PID:3260
- C:\Windows\System\xBDUwjD.exe
  C:\Windows\System\xBDUwjD.exe
  2⤵
  PID:3284
- C:\Windows\System\KGxOThP.exe
  C:\Windows\System\KGxOThP.exe
  2⤵
  PID:3304
- C:\Windows\System\ETWgDKZ.exe
  C:\Windows\System\ETWgDKZ.exe
  2⤵
  PID:3324
- C:\Windows\System\CjgyBtD.exe
  C:\Windows\System\CjgyBtD.exe
  2⤵
  PID:3344
- C:\Windows\System\MRVmmDU.exe
  C:\Windows\System\MRVmmDU.exe
  2⤵
  PID:3364
- C:\Windows\System\ubwzJti.exe
  C:\Windows\System\ubwzJti.exe
  2⤵
  PID:3384
- C:\Windows\System\ASCsGcA.exe
  C:\Windows\System\ASCsGcA.exe
  2⤵
  PID:3404
- C:\Windows\System\vVpUUVw.exe
  C:\Windows\System\vVpUUVw.exe
  2⤵
  PID:3424
- C:\Windows\System\AoseTSF.exe
  C:\Windows\System\AoseTSF.exe
  2⤵
  PID:3444
- C:\Windows\System\sqnhUxl.exe
  C:\Windows\System\sqnhUxl.exe
  2⤵
  PID:3464
- C:\Windows\System\FSfsEZJ.exe
  C:\Windows\System\FSfsEZJ.exe
  2⤵
  PID:3484
- C:\Windows\System\yzKuGox.exe
  C:\Windows\System\yzKuGox.exe
  2⤵
  PID:3508
- C:\Windows\System\jiPoGkB.exe
  C:\Windows\System\jiPoGkB.exe
  2⤵
  PID:3528
- C:\Windows\System\oAgVjQD.exe
  C:\Windows\System\oAgVjQD.exe
  2⤵
  PID:3548
- C:\Windows\System\cfmdyFD.exe
  C:\Windows\System\cfmdyFD.exe
  2⤵
  PID:3568
- C:\Windows\System\WudpeSx.exe
  C:\Windows\System\WudpeSx.exe
  2⤵
  PID:3588
- C:\Windows\System\eCiLjfq.exe
  C:\Windows\System\eCiLjfq.exe
  2⤵
  PID:3608
- C:\Windows\System\oGYwDaE.exe
  C:\Windows\System\oGYwDaE.exe
  2⤵
  PID:3628
- C:\Windows\System\aPZoBQT.exe
  C:\Windows\System\aPZoBQT.exe
  2⤵
  PID:3648
- C:\Windows\System\IHJkPJL.exe
  C:\Windows\System\IHJkPJL.exe
  2⤵
  PID:3668
- C:\Windows\System\OzQoEbU.exe
  C:\Windows\System\OzQoEbU.exe
  2⤵
  PID:3688
- C:\Windows\System\FspIIxu.exe
  C:\Windows\System\FspIIxu.exe
  2⤵
  PID:3708
- C:\Windows\System\ocmAGbU.exe
  C:\Windows\System\ocmAGbU.exe
  2⤵
  PID:3728
- C:\Windows\System\VdBzdlM.exe
  C:\Windows\System\VdBzdlM.exe
  2⤵
  PID:3748
- C:\Windows\System\WXbSOCW.exe
  C:\Windows\System\WXbSOCW.exe
  2⤵
  PID:3768
- C:\Windows\System\kaqzhwn.exe
  C:\Windows\System\kaqzhwn.exe
  2⤵
  PID:3788
- C:\Windows\System\IkWHiBH.exe
  C:\Windows\System\IkWHiBH.exe
  2⤵
  PID:3808
- C:\Windows\System\WgLSONh.exe
  C:\Windows\System\WgLSONh.exe
  2⤵
  PID:3828
- C:\Windows\System\QVFpcRJ.exe
  C:\Windows\System\QVFpcRJ.exe
  2⤵
  PID:3848
- C:\Windows\System\sysWXWY.exe
  C:\Windows\System\sysWXWY.exe
  2⤵
  PID:3868
- C:\Windows\System\MdcHDAF.exe
  C:\Windows\System\MdcHDAF.exe
  2⤵
  PID:3888
- C:\Windows\System\PBSPdxn.exe
  C:\Windows\System\PBSPdxn.exe
  2⤵
  PID:3908
- C:\Windows\System\EPEJxHt.exe
  C:\Windows\System\EPEJxHt.exe
  2⤵
  PID:3928
- C:\Windows\System\ceXSzsg.exe
  C:\Windows\System\ceXSzsg.exe
  2⤵
  PID:3948
- C:\Windows\System\YbBOtpf.exe
  C:\Windows\System\YbBOtpf.exe
  2⤵
  PID:3972
- C:\Windows\System\xGdKZiL.exe
  C:\Windows\System\xGdKZiL.exe
  2⤵
  PID:3992
- C:\Windows\System\NWKBotq.exe
  C:\Windows\System\NWKBotq.exe
  2⤵
  PID:4012
- C:\Windows\System\HKHcTkV.exe
  C:\Windows\System\HKHcTkV.exe
  2⤵
  PID:4032
- C:\Windows\System\Jkzmsko.exe
  C:\Windows\System\Jkzmsko.exe
  2⤵
  PID:4052
- C:\Windows\System\vESSCol.exe
  C:\Windows\System\vESSCol.exe
  2⤵
  PID:4072
- C:\Windows\System\muZnpdc.exe
  C:\Windows\System\muZnpdc.exe
  2⤵
  PID:4092
- C:\Windows\System\TbOxeIJ.exe
  C:\Windows\System\TbOxeIJ.exe
  2⤵
  PID:1484
- C:\Windows\System\wchTBCN.exe
  C:\Windows\System\wchTBCN.exe
  2⤵
  PID:1280
- C:\Windows\System\TxHqAGj.exe
  C:\Windows\System\TxHqAGj.exe
  2⤵
  PID:1668
- C:\Windows\System\rkKvVMA.exe
  C:\Windows\System\rkKvVMA.exe
  2⤵
  PID:2264
- C:\Windows\System\sinRepK.exe
  C:\Windows\System\sinRepK.exe
  2⤵
  PID:900
- C:\Windows\System\YlFbTzz.exe
  C:\Windows\System\YlFbTzz.exe
  2⤵
  PID:2316
- C:\Windows\System\FSIRGyK.exe
  C:\Windows\System\FSIRGyK.exe
  2⤵
  PID:1520
- C:\Windows\System\GgSuXra.exe
  C:\Windows\System\GgSuXra.exe
  2⤵
  PID:2672
- C:\Windows\System\ZaXxDJN.exe
  C:\Windows\System\ZaXxDJN.exe
  2⤵
  PID:2860
- C:\Windows\System\pokwkxo.exe
  C:\Windows\System\pokwkxo.exe
  2⤵
  PID:2692
- C:\Windows\System\FBKjCSG.exe
  C:\Windows\System\FBKjCSG.exe
  2⤵
  PID:1296
- C:\Windows\System\ygkmStl.exe
  C:\Windows\System\ygkmStl.exe
  2⤵
  PID:1032
- C:\Windows\System\uoAsbPF.exe
  C:\Windows\System\uoAsbPF.exe
  2⤵
  PID:2228
- C:\Windows\System\pegHgrs.exe
  C:\Windows\System\pegHgrs.exe
  2⤵
  PID:3108
- C:\Windows\System\DbFKbVG.exe
  C:\Windows\System\DbFKbVG.exe
  2⤵
  PID:3156
- C:\Windows\System\yswnDLo.exe
  C:\Windows\System\yswnDLo.exe
  2⤵
  PID:3200
- C:\Windows\System\iAdfeAa.exe
  C:\Windows\System\iAdfeAa.exe
  2⤵
  PID:3232
- C:\Windows\System\eNrBjGZ.exe
  C:\Windows\System\eNrBjGZ.exe
  2⤵
  PID:3268
- C:\Windows\System\nSTDaaA.exe
  C:\Windows\System\nSTDaaA.exe
  2⤵
  PID:3300
- C:\Windows\System\BfdnGMR.exe
  C:\Windows\System\BfdnGMR.exe
  2⤵
  PID:3332
- C:\Windows\System\OLddxPk.exe
  C:\Windows\System\OLddxPk.exe
  2⤵
  PID:3356
- C:\Windows\System\czeFCKf.exe
  C:\Windows\System\czeFCKf.exe
  2⤵
  PID:3400
- C:\Windows\System\VcALpAm.exe
  C:\Windows\System\VcALpAm.exe
  2⤵
  PID:3432
- C:\Windows\System\miFCZtc.exe
  C:\Windows\System\miFCZtc.exe
  2⤵
  PID:3456
- C:\Windows\System\vYVkHGo.exe
  C:\Windows\System\vYVkHGo.exe
  2⤵
  PID:3496
- C:\Windows\System\BlbGMiC.exe
  C:\Windows\System\BlbGMiC.exe
  2⤵
  PID:3544
- C:\Windows\System\RhrfoOq.exe
  C:\Windows\System\RhrfoOq.exe
  2⤵
  PID:3560
- C:\Windows\System\hXSmYHq.exe
  C:\Windows\System\hXSmYHq.exe
  2⤵
  PID:3616
- C:\Windows\System\XlJzaeK.exe
  C:\Windows\System\XlJzaeK.exe
  2⤵
  PID:3644
- C:\Windows\System\PYRoOKz.exe
  C:\Windows\System\PYRoOKz.exe
  2⤵
  PID:3684
- C:\Windows\System\NkCyVRO.exe
  C:\Windows\System\NkCyVRO.exe
  2⤵
  PID:3700
- C:\Windows\System\BqexSWP.exe
  C:\Windows\System\BqexSWP.exe
  2⤵
  PID:3740
- C:\Windows\System\GNQbqAn.exe
  C:\Windows\System\GNQbqAn.exe
  2⤵
  PID:3780
- C:\Windows\System\ozQOFIp.exe
  C:\Windows\System\ozQOFIp.exe
  2⤵
  PID:3816
- C:\Windows\System\BDWZrIk.exe
  C:\Windows\System\BDWZrIk.exe
  2⤵
  PID:3856
- C:\Windows\System\GvAtfAu.exe
  C:\Windows\System\GvAtfAu.exe
  2⤵
  PID:3876
- C:\Windows\System\WDEPedO.exe
  C:\Windows\System\WDEPedO.exe
  2⤵
  PID:3900
- C:\Windows\System\rBVNLIK.exe
  C:\Windows\System\rBVNLIK.exe
  2⤵
  PID:3944
- C:\Windows\System\IEJssxZ.exe
  C:\Windows\System\IEJssxZ.exe
  2⤵
  PID:3964
- C:\Windows\System\PJTnPUS.exe
  C:\Windows\System\PJTnPUS.exe
  2⤵
  PID:4004
- C:\Windows\System\YSsWQBn.exe
  C:\Windows\System\YSsWQBn.exe
  2⤵
  PID:4060
- C:\Windows\System\gqAPyOf.exe
  C:\Windows\System\gqAPyOf.exe
  2⤵
  PID:4080
- C:\Windows\System\YIWfKjq.exe
  C:\Windows\System\YIWfKjq.exe
  2⤵
  PID:788
- C:\Windows\System\TxKkEcB.exe
  C:\Windows\System\TxKkEcB.exe
  2⤵
  PID:564
- C:\Windows\System\dYddybg.exe
  C:\Windows\System\dYddybg.exe
  2⤵
  PID:1616
- C:\Windows\System\kgFhUsq.exe
  C:\Windows\System\kgFhUsq.exe
  2⤵
  PID:2252
- C:\Windows\System\yaqsPwT.exe
  C:\Windows\System\yaqsPwT.exe
  2⤵
  PID:2652
- C:\Windows\System\FRzMZdL.exe
  C:\Windows\System\FRzMZdL.exe
  2⤵
  PID:1480
- C:\Windows\System\JOOdfjd.exe
  C:\Windows\System\JOOdfjd.exe
  2⤵
  PID:2024
- C:\Windows\System\PRstppa.exe
  C:\Windows\System\PRstppa.exe
  2⤵
  PID:3076
- C:\Windows\System\QBeBYiZ.exe
  C:\Windows\System\QBeBYiZ.exe
  2⤵
  PID:3132
- C:\Windows\System\UCgygyG.exe
  C:\Windows\System\UCgygyG.exe
  2⤵
  PID:3196
- C:\Windows\System\gxxTVAf.exe
  C:\Windows\System\gxxTVAf.exe
  2⤵
  PID:3280
- C:\Windows\System\SECCxQG.exe
  C:\Windows\System\SECCxQG.exe
  2⤵
  PID:3316
- C:\Windows\System\kTqKqoZ.exe
  C:\Windows\System\kTqKqoZ.exe
  2⤵
  PID:3380
- C:\Windows\System\fexcPlC.exe
  C:\Windows\System\fexcPlC.exe
  2⤵
  PID:3420
- C:\Windows\System\LtdcxXk.exe
  C:\Windows\System\LtdcxXk.exe
  2⤵
  PID:3504
- C:\Windows\System\BRHyMyO.exe
  C:\Windows\System\BRHyMyO.exe
  2⤵
  PID:3556
- C:\Windows\System\pNWOiOk.exe
  C:\Windows\System\pNWOiOk.exe
  2⤵
  PID:3596
- C:\Windows\System\oOeyhxI.exe
  C:\Windows\System\oOeyhxI.exe
  2⤵
  PID:3660
- C:\Windows\System\CHWMezZ.exe
  C:\Windows\System\CHWMezZ.exe
  2⤵
  PID:3724
- C:\Windows\System\WnQxysS.exe
  C:\Windows\System\WnQxysS.exe
  2⤵
  PID:3764
- C:\Windows\System\kaMXQIw.exe
  C:\Windows\System\kaMXQIw.exe
  2⤵
  PID:3836
- C:\Windows\System\FElBLCk.exe
  C:\Windows\System\FElBLCk.exe
  2⤵
  PID:3880
- C:\Windows\System\wZTFHmr.exe
  C:\Windows\System\wZTFHmr.exe
  2⤵
  PID:3936
- C:\Windows\System\ZfwpYsl.exe
  C:\Windows\System\ZfwpYsl.exe
  2⤵
  PID:4028
- C:\Windows\System\toDOZGG.exe
  C:\Windows\System\toDOZGG.exe
  2⤵
  PID:4068
- C:\Windows\System\GxgCPEf.exe
  C:\Windows\System\GxgCPEf.exe
  2⤵
  PID:4084
- C:\Windows\System\LlkVSuS.exe
  C:\Windows\System\LlkVSuS.exe
  2⤵
  PID:2340
- C:\Windows\System\iDgQYSH.exe
  C:\Windows\System\iDgQYSH.exe
  2⤵
  PID:2248
- C:\Windows\System\hNGZwkJ.exe
  C:\Windows\System\hNGZwkJ.exe
  2⤵
  PID:2864
- C:\Windows\System\tqXDjIX.exe
  C:\Windows\System\tqXDjIX.exe
  2⤵
  PID:3096
- C:\Windows\System\nzwfOaP.exe
  C:\Windows\System\nzwfOaP.exe
  2⤵
  PID:3152
- C:\Windows\System\vfLwXMC.exe
  C:\Windows\System\vfLwXMC.exe
  2⤵
  PID:4108
- C:\Windows\System\azBmPRc.exe
  C:\Windows\System\azBmPRc.exe
  2⤵
  PID:4128
- C:\Windows\System\FbAuesx.exe
  C:\Windows\System\FbAuesx.exe
  2⤵
  PID:4148
- C:\Windows\System\waKdUxe.exe
  C:\Windows\System\waKdUxe.exe
  2⤵
  PID:4168
- C:\Windows\System\xfRSMdV.exe
  C:\Windows\System\xfRSMdV.exe
  2⤵
  PID:4188
- C:\Windows\System\coLlqUX.exe
  C:\Windows\System\coLlqUX.exe
  2⤵
  PID:4208
- C:\Windows\System\KuhMxAQ.exe
  C:\Windows\System\KuhMxAQ.exe
  2⤵
  PID:4228
- C:\Windows\System\eztacnx.exe
  C:\Windows\System\eztacnx.exe
  2⤵
  PID:4248
- C:\Windows\System\vsvPdFU.exe
  C:\Windows\System\vsvPdFU.exe
  2⤵
  PID:4268
- C:\Windows\System\QFdvUAQ.exe
  C:\Windows\System\QFdvUAQ.exe
  2⤵
  PID:4288
- C:\Windows\System\ZcJKfSL.exe
  C:\Windows\System\ZcJKfSL.exe
  2⤵
  PID:4312
- C:\Windows\System\aPDJlRQ.exe
  C:\Windows\System\aPDJlRQ.exe
  2⤵
  PID:4332
- C:\Windows\System\lIoyEaU.exe
  C:\Windows\System\lIoyEaU.exe
  2⤵
  PID:4352
- C:\Windows\System\lDqRRKj.exe
  C:\Windows\System\lDqRRKj.exe
  2⤵
  PID:4372
- C:\Windows\System\UIJLeDu.exe
  C:\Windows\System\UIJLeDu.exe
  2⤵
  PID:4392
- C:\Windows\System\GhBRiHu.exe
  C:\Windows\System\GhBRiHu.exe
  2⤵
  PID:4412
- C:\Windows\System\jXmMQlK.exe
  C:\Windows\System\jXmMQlK.exe
  2⤵
  PID:4432
- C:\Windows\System\CsaezMG.exe
  C:\Windows\System\CsaezMG.exe
  2⤵
  PID:4452
- C:\Windows\System\eAxMXKf.exe
  C:\Windows\System\eAxMXKf.exe
  2⤵
  PID:4472
- C:\Windows\System\sjfPxni.exe
  C:\Windows\System\sjfPxni.exe
  2⤵
  PID:4492
- C:\Windows\System\NRUXRBQ.exe
  C:\Windows\System\NRUXRBQ.exe
  2⤵
  PID:4512
- C:\Windows\System\iakBsGC.exe
  C:\Windows\System\iakBsGC.exe
  2⤵
  PID:4532
- C:\Windows\System\AFMmiVx.exe
  C:\Windows\System\AFMmiVx.exe
  2⤵
  PID:4552
- C:\Windows\System\unNATSq.exe
  C:\Windows\System\unNATSq.exe
  2⤵
  PID:4572
- C:\Windows\System\nPyBUWo.exe
  C:\Windows\System\nPyBUWo.exe
  2⤵
  PID:4592
- C:\Windows\System\ztlqQEY.exe
  C:\Windows\System\ztlqQEY.exe
  2⤵
  PID:4612
- C:\Windows\System\JnjeiZT.exe
  C:\Windows\System\JnjeiZT.exe
  2⤵
  PID:4632
- C:\Windows\System\dBKxzHo.exe
  C:\Windows\System\dBKxzHo.exe
  2⤵
  PID:4652
- C:\Windows\System\lmrTUSW.exe
  C:\Windows\System\lmrTUSW.exe
  2⤵
  PID:4672
- C:\Windows\System\ipOYNiH.exe
  C:\Windows\System\ipOYNiH.exe
  2⤵
  PID:4696
- C:\Windows\System\uKgNfdM.exe
  C:\Windows\System\uKgNfdM.exe
  2⤵
  PID:4716
- C:\Windows\System\jkbQlEA.exe
  C:\Windows\System\jkbQlEA.exe
  2⤵
  PID:4736
- C:\Windows\System\SUnJVKD.exe
  C:\Windows\System\SUnJVKD.exe
  2⤵
  PID:4756
- C:\Windows\System\XWKJJcW.exe
  C:\Windows\System\XWKJJcW.exe
  2⤵
  PID:4776
- C:\Windows\System\sXtlLeh.exe
  C:\Windows\System\sXtlLeh.exe
  2⤵
  PID:4796
- C:\Windows\System\sQNOdLI.exe
  C:\Windows\System\sQNOdLI.exe
  2⤵
  PID:4816
- C:\Windows\System\FGDolgF.exe
  C:\Windows\System\FGDolgF.exe
  2⤵
  PID:4836
- C:\Windows\System\SvUFYxV.exe
  C:\Windows\System\SvUFYxV.exe
  2⤵
  PID:4856
- C:\Windows\System\OLWAZsu.exe
  C:\Windows\System\OLWAZsu.exe
  2⤵
  PID:4876
- C:\Windows\System\sgpGeSR.exe
  C:\Windows\System\sgpGeSR.exe
  2⤵
  PID:4896
- C:\Windows\System\qlmbqPw.exe
  C:\Windows\System\qlmbqPw.exe
  2⤵
  PID:4916
- C:\Windows\System\cTsCeXq.exe
  C:\Windows\System\cTsCeXq.exe
  2⤵
  PID:4936
- C:\Windows\System\cgAcboa.exe
  C:\Windows\System\cgAcboa.exe
  2⤵
  PID:4956
- C:\Windows\System\cYgaWPN.exe
  C:\Windows\System\cYgaWPN.exe
  2⤵
  PID:4976
- C:\Windows\System\mVnYTED.exe
  C:\Windows\System\mVnYTED.exe
  2⤵
  PID:4996
- C:\Windows\System\GgohJpS.exe
  C:\Windows\System\GgohJpS.exe
  2⤵
  PID:5016
- C:\Windows\System\wMJyITd.exe
  C:\Windows\System\wMJyITd.exe
  2⤵
  PID:5036
- C:\Windows\System\vftnmOA.exe
  C:\Windows\System\vftnmOA.exe
  2⤵
  PID:5056
- C:\Windows\System\ufuTVaf.exe
  C:\Windows\System\ufuTVaf.exe
  2⤵
  PID:5076
- C:\Windows\System\TxyQrtW.exe
  C:\Windows\System\TxyQrtW.exe
  2⤵
  PID:5096
- C:\Windows\System\MdbEUOQ.exe
  C:\Windows\System\MdbEUOQ.exe
  2⤵
  PID:5116
- C:\Windows\System\qLTJgfI.exe
  C:\Windows\System\qLTJgfI.exe
  2⤵
  PID:3276
- C:\Windows\System\wZArsUS.exe
  C:\Windows\System\wZArsUS.exe
  2⤵
  PID:3412
- C:\Windows\System\KsPJguO.exe
  C:\Windows\System\KsPJguO.exe
  2⤵
  PID:3416
- C:\Windows\System\VFYFMbl.exe
  C:\Windows\System\VFYFMbl.exe
  2⤵
  PID:3600
- C:\Windows\System\EyLHRXS.exe
  C:\Windows\System\EyLHRXS.exe
  2⤵
  PID:3704
- C:\Windows\System\mZBNKBY.exe
  C:\Windows\System\mZBNKBY.exe
  2⤵
  PID:3796
- C:\Windows\System\uFGReGO.exe
  C:\Windows\System\uFGReGO.exe
  2⤵
  PID:3896
- C:\Windows\System\tBTqHCF.exe
  C:\Windows\System\tBTqHCF.exe
  2⤵
  PID:3968
- C:\Windows\System\xzeyRZS.exe
  C:\Windows\System\xzeyRZS.exe
  2⤵
  PID:4044
- C:\Windows\System\zWGfRoD.exe
  C:\Windows\System\zWGfRoD.exe
  2⤵
  PID:1940
- C:\Windows\System\RotZrQn.exe
  C:\Windows\System\RotZrQn.exe
  2⤵
  PID:1036
- C:\Windows\System\reQfjlp.exe
  C:\Windows\System\reQfjlp.exe
  2⤵
  PID:316
- C:\Windows\System\PpFopza.exe
  C:\Windows\System\PpFopza.exe
  2⤵
  PID:4104
- C:\Windows\System\tBrCjkA.exe
  C:\Windows\System\tBrCjkA.exe
  2⤵
  PID:4144
- C:\Windows\System\KqGnUAq.exe
  C:\Windows\System\KqGnUAq.exe
  2⤵
  PID:4196
- C:\Windows\System\ZjiXDqx.exe
  C:\Windows\System\ZjiXDqx.exe
  2⤵
  PID:4200
- C:\Windows\System\VYtvKgK.exe
  C:\Windows\System\VYtvKgK.exe
  2⤵
  PID:4220
- C:\Windows\System\TaRFkTW.exe
  C:\Windows\System\TaRFkTW.exe
  2⤵
  PID:4276
- C:\Windows\System\cNxJQOD.exe
  C:\Windows\System\cNxJQOD.exe
  2⤵
  PID:4328
- C:\Windows\System\khyraVV.exe
  C:\Windows\System\khyraVV.exe
  2⤵
  PID:4360
- C:\Windows\System\gAAsrJO.exe
  C:\Windows\System\gAAsrJO.exe
  2⤵
  PID:4380
- C:\Windows\System\kGkdpJt.exe
  C:\Windows\System\kGkdpJt.exe
  2⤵
  PID:4404
- C:\Windows\System\kWvRltm.exe
  C:\Windows\System\kWvRltm.exe
  2⤵
  PID:4448
- C:\Windows\System\FhVGTRV.exe
  C:\Windows\System\FhVGTRV.exe
  2⤵
  PID:4480
- C:\Windows\System\BSOmXeM.exe
  C:\Windows\System\BSOmXeM.exe
  2⤵
  PID:4504
- C:\Windows\System\EocxqlC.exe
  C:\Windows\System\EocxqlC.exe
  2⤵
  PID:4548
- C:\Windows\System\FCyVgGM.exe
  C:\Windows\System\FCyVgGM.exe
  2⤵
  PID:4580
- C:\Windows\System\IAMyAcu.exe
  C:\Windows\System\IAMyAcu.exe
  2⤵
  PID:4604
- C:\Windows\System\gXLAhfe.exe
  C:\Windows\System\gXLAhfe.exe
  2⤵
  PID:4648
- C:\Windows\System\wcRIuxJ.exe
  C:\Windows\System\wcRIuxJ.exe
  2⤵
  PID:4680
- C:\Windows\System\NxzgmBb.exe
  C:\Windows\System\NxzgmBb.exe
  2⤵
  PID:4712
- C:\Windows\System\gRlOpRD.exe
  C:\Windows\System\gRlOpRD.exe
  2⤵
  PID:4744
- C:\Windows\System\WZigmiY.exe
  C:\Windows\System\WZigmiY.exe
  2⤵
  PID:4784
- C:\Windows\System\BPdYRiG.exe
  C:\Windows\System\BPdYRiG.exe
  2⤵
  PID:4808
- C:\Windows\System\orAlBhG.exe
  C:\Windows\System\orAlBhG.exe
  2⤵
  PID:4828
- C:\Windows\System\iCYSmfJ.exe
  C:\Windows\System\iCYSmfJ.exe
  2⤵
  PID:4888
- C:\Windows\System\VCxLpLF.exe
  C:\Windows\System\VCxLpLF.exe
  2⤵
  PID:4904
- C:\Windows\System\qvxcYJb.exe
  C:\Windows\System\qvxcYJb.exe
  2⤵
  PID:4972
- C:\Windows\System\iQMugMR.exe
  C:\Windows\System\iQMugMR.exe
  2⤵
  PID:4984
- C:\Windows\System\gfXUrPW.exe
  C:\Windows\System\gfXUrPW.exe
  2⤵
  PID:5008
- C:\Windows\System\YDgIjOp.exe
  C:\Windows\System\YDgIjOp.exe
  2⤵
  PID:5052
- C:\Windows\System\JcdsNkn.exe
  C:\Windows\System\JcdsNkn.exe
  2⤵
  PID:5064
- C:\Windows\System\XGEVUxA.exe
  C:\Windows\System\XGEVUxA.exe
  2⤵
  PID:5104
- C:\Windows\System\XthGPli.exe
  C:\Windows\System\XthGPli.exe
  2⤵
  PID:3352
- C:\Windows\System\srFTvyF.exe
  C:\Windows\System\srFTvyF.exe
  2⤵
  PID:3636
- C:\Windows\System\gvYNLLC.exe
  C:\Windows\System\gvYNLLC.exe
  2⤵
  PID:3656
- C:\Windows\System\QHlNAlA.exe
  C:\Windows\System\QHlNAlA.exe
  2⤵
  PID:3736
- C:\Windows\System\yclibrg.exe
  C:\Windows\System\yclibrg.exe
  2⤵
  PID:3860
- C:\Windows\System\gQGtLZI.exe
  C:\Windows\System\gQGtLZI.exe
  2⤵
  PID:2060
- C:\Windows\System\EWFGnTd.exe
  C:\Windows\System\EWFGnTd.exe
  2⤵
  PID:2184
- C:\Windows\System\HfmLHLj.exe
  C:\Windows\System\HfmLHLj.exe
  2⤵
  PID:3176
- C:\Windows\System\FopSlrm.exe
  C:\Windows\System\FopSlrm.exe
  2⤵
  PID:4136
- C:\Windows\System\lrIRkwL.exe
  C:\Windows\System\lrIRkwL.exe
  2⤵
  PID:4176
- C:\Windows\System\FNayOnZ.exe
  C:\Windows\System\FNayOnZ.exe
  2⤵
  PID:4260
- C:\Windows\System\GbNxPgI.exe
  C:\Windows\System\GbNxPgI.exe
  2⤵
  PID:4348
- C:\Windows\System\EkturMZ.exe
  C:\Windows\System\EkturMZ.exe
  2⤵
  PID:4344
- C:\Windows\System\rnsxqBC.exe
  C:\Windows\System\rnsxqBC.exe
  2⤵
  PID:4384
- C:\Windows\System\MrnRZPS.exe
  C:\Windows\System\MrnRZPS.exe
  2⤵
  PID:4508
- C:\Windows\System\AJeRWoi.exe
  C:\Windows\System\AJeRWoi.exe
  2⤵
  PID:4560
- C:\Windows\System\MLITlot.exe
  C:\Windows\System\MLITlot.exe
  2⤵
  PID:4640
- C:\Windows\System\FpOajEK.exe
  C:\Windows\System\FpOajEK.exe
  2⤵
  PID:4688
- C:\Windows\System\wsmpsrM.exe
  C:\Windows\System\wsmpsrM.exe
  2⤵
  PID:2772
- C:\Windows\System\HzpNdUq.exe
  C:\Windows\System\HzpNdUq.exe
  2⤵
  PID:4772
- C:\Windows\System\rwiOpEQ.exe
  C:\Windows\System\rwiOpEQ.exe
  2⤵
  PID:4804
- C:\Windows\System\pyRSJJW.exe
  C:\Windows\System\pyRSJJW.exe
  2⤵
  PID:4788
- C:\Windows\System\dnbTqwW.exe
  C:\Windows\System\dnbTqwW.exe
  2⤵
  PID:4884
- C:\Windows\System\oJbPnGH.exe
  C:\Windows\System\oJbPnGH.exe
  2⤵
  PID:4944
- C:\Windows\System\wKaseHX.exe
  C:\Windows\System\wKaseHX.exe
  2⤵
  PID:4964
- C:\Windows\System\ZbigbRL.exe
  C:\Windows\System\ZbigbRL.exe
  2⤵
  PID:5012
- C:\Windows\System\nfrsiaK.exe
  C:\Windows\System\nfrsiaK.exe
  2⤵
  PID:3180
- C:\Windows\System\APPGPiA.exe
  C:\Windows\System\APPGPiA.exe
  2⤵
  PID:3292
- C:\Windows\System\IBjWldO.exe
  C:\Windows\System\IBjWldO.exe
  2⤵
  PID:3536
- C:\Windows\System\ctxzaqt.exe
  C:\Windows\System\ctxzaqt.exe
  2⤵
  PID:3984
- C:\Windows\System\mrPZGyR.exe
  C:\Windows\System\mrPZGyR.exe
  2⤵
  PID:3960
- C:\Windows\System\drCqVhz.exe
  C:\Windows\System\drCqVhz.exe
  2⤵
  PID:1732
- C:\Windows\System\rrPNsJQ.exe
  C:\Windows\System\rrPNsJQ.exe
  2⤵
  PID:4244
- C:\Windows\System\FVxDtLS.exe
  C:\Windows\System\FVxDtLS.exe
  2⤵
  PID:4300
- C:\Windows\System\MgdnNvQ.exe
  C:\Windows\System\MgdnNvQ.exe
  2⤵
  PID:4400
- C:\Windows\System\wkHLlvC.exe
  C:\Windows\System\wkHLlvC.exe
  2⤵
  PID:4468
- C:\Windows\System\UmpMvxw.exe
  C:\Windows\System\UmpMvxw.exe
  2⤵
  PID:4568
- C:\Windows\System\nlJWbIN.exe
  C:\Windows\System\nlJWbIN.exe
  2⤵
  PID:4528
- C:\Windows\System\sazOoBF.exe
  C:\Windows\System\sazOoBF.exe
  2⤵
  PID:4664
- C:\Windows\System\VNoZoFa.exe
  C:\Windows\System\VNoZoFa.exe
  2⤵
  PID:4832
- C:\Windows\System\sLmBAJM.exe
  C:\Windows\System\sLmBAJM.exe
  2⤵
  PID:4924
- C:\Windows\System\UiKdyMk.exe
  C:\Windows\System\UiKdyMk.exe
  2⤵
  PID:4952
- C:\Windows\System\hwOwIkC.exe
  C:\Windows\System\hwOwIkC.exe
  2⤵
  PID:2748
- C:\Windows\System\dhnmvxt.exe
  C:\Windows\System\dhnmvxt.exe
  2⤵
  PID:3252
- C:\Windows\System\hKXTEGq.exe
  C:\Windows\System\hKXTEGq.exe
  2⤵
  PID:5108
- C:\Windows\System\VlmPTYq.exe
  C:\Windows\System\VlmPTYq.exe
  2⤵
  PID:4024
- C:\Windows\System\ilQjgAB.exe
  C:\Windows\System\ilQjgAB.exe
  2⤵
  PID:4160
- C:\Windows\System\BRLxAYQ.exe
  C:\Windows\System\BRLxAYQ.exe
  2⤵
  PID:4256
- C:\Windows\System\zajYdRS.exe
  C:\Windows\System\zajYdRS.exe
  2⤵
  PID:4440
- C:\Windows\System\kmVxtnC.exe
  C:\Windows\System\kmVxtnC.exe
  2⤵
  PID:4464
- C:\Windows\System\ORFners.exe
  C:\Windows\System\ORFners.exe
  2⤵
  PID:4668
- C:\Windows\System\GTckSKF.exe
  C:\Windows\System\GTckSKF.exe
  2⤵
  PID:5028
- C:\Windows\System\ZSmENTP.exe
  C:\Windows\System\ZSmENTP.exe
  2⤵
  PID:5132
- C:\Windows\System\EOSOJfu.exe
  C:\Windows\System\EOSOJfu.exe
  2⤵
  PID:5152
- C:\Windows\System\rOuoBkp.exe
  C:\Windows\System\rOuoBkp.exe
  2⤵
  PID:5172
- C:\Windows\System\CZxKtRd.exe
  C:\Windows\System\CZxKtRd.exe
  2⤵
  PID:5192
- C:\Windows\System\uJQhdCF.exe
  C:\Windows\System\uJQhdCF.exe
  2⤵
  PID:5212
- C:\Windows\System\GCnOzMS.exe
  C:\Windows\System\GCnOzMS.exe
  2⤵
  PID:5232
- C:\Windows\System\BTeFvps.exe
  C:\Windows\System\BTeFvps.exe
  2⤵
  PID:5252
- C:\Windows\System\cGpkJAf.exe
  C:\Windows\System\cGpkJAf.exe
  2⤵
  PID:5272
- C:\Windows\System\secHiMZ.exe
  C:\Windows\System\secHiMZ.exe
  2⤵
  PID:5292
- C:\Windows\System\HNQrJki.exe
  C:\Windows\System\HNQrJki.exe
  2⤵
  PID:5312
- C:\Windows\System\XvOTKOy.exe
  C:\Windows\System\XvOTKOy.exe
  2⤵
  PID:5332
- C:\Windows\System\NHfKcVZ.exe
  C:\Windows\System\NHfKcVZ.exe
  2⤵
  PID:5352
- C:\Windows\System\Whciwtu.exe
  C:\Windows\System\Whciwtu.exe
  2⤵
  PID:5372
- C:\Windows\System\MYbOcIk.exe
  C:\Windows\System\MYbOcIk.exe
  2⤵
  PID:5392
- C:\Windows\System\vwmZSKF.exe
  C:\Windows\System\vwmZSKF.exe
  2⤵
  PID:5412
- C:\Windows\System\KFUsjSO.exe
  C:\Windows\System\KFUsjSO.exe
  2⤵
  PID:5432
- C:\Windows\System\DoynmYn.exe
  C:\Windows\System\DoynmYn.exe
  2⤵
  PID:5448
- C:\Windows\System\PHNknkW.exe
  C:\Windows\System\PHNknkW.exe
  2⤵
  PID:5472
- C:\Windows\System\GDFytrK.exe
  C:\Windows\System\GDFytrK.exe
  2⤵
  PID:5492
- C:\Windows\System\szimczT.exe
  C:\Windows\System\szimczT.exe
  2⤵
  PID:5512
- C:\Windows\System\iGqMsxD.exe
  C:\Windows\System\iGqMsxD.exe
  2⤵
  PID:5532
- C:\Windows\System\sMlDTPF.exe
  C:\Windows\System\sMlDTPF.exe
  2⤵
  PID:5552
- C:\Windows\System\khehrcl.exe
  C:\Windows\System\khehrcl.exe
  2⤵
  PID:5572
- C:\Windows\System\DEZHmkc.exe
  C:\Windows\System\DEZHmkc.exe
  2⤵
  PID:5592
- C:\Windows\System\EdXFKKf.exe
  C:\Windows\System\EdXFKKf.exe
  2⤵
  PID:5612
- C:\Windows\System\bGJVzfO.exe
  C:\Windows\System\bGJVzfO.exe
  2⤵
  PID:5628
- C:\Windows\System\hDHcvhR.exe
  C:\Windows\System\hDHcvhR.exe
  2⤵
  PID:5652
- C:\Windows\System\CtVhdYp.exe
  C:\Windows\System\CtVhdYp.exe
  2⤵
  PID:5668
- C:\Windows\System\ezOqjtV.exe
  C:\Windows\System\ezOqjtV.exe
  2⤵
  PID:5692
- C:\Windows\System\aqlPZxp.exe
  C:\Windows\System\aqlPZxp.exe
  2⤵
  PID:5712
- C:\Windows\System\RRDDBlA.exe
  C:\Windows\System\RRDDBlA.exe
  2⤵
  PID:5732
- C:\Windows\System\RCDtWzD.exe
  C:\Windows\System\RCDtWzD.exe
  2⤵
  PID:5752
- C:\Windows\System\HvRhwsT.exe
  C:\Windows\System\HvRhwsT.exe
  2⤵
  PID:5772
- C:\Windows\System\BCwgLdc.exe
  C:\Windows\System\BCwgLdc.exe
  2⤵
  PID:5792
- C:\Windows\System\oMheUfQ.exe
  C:\Windows\System\oMheUfQ.exe
  2⤵
  PID:5812
- C:\Windows\System\GiEdHPk.exe
  C:\Windows\System\GiEdHPk.exe
  2⤵
  PID:5832
- C:\Windows\System\EuDecDv.exe
  C:\Windows\System\EuDecDv.exe
  2⤵
  PID:5852
- C:\Windows\System\FHUsQCA.exe
  C:\Windows\System\FHUsQCA.exe
  2⤵
  PID:5872
- C:\Windows\System\IAuVgyj.exe
  C:\Windows\System\IAuVgyj.exe
  2⤵
  PID:5892
- C:\Windows\System\BzgqcZr.exe
  C:\Windows\System\BzgqcZr.exe
  2⤵
  PID:5912
- C:\Windows\System\TQpjhDO.exe
  C:\Windows\System\TQpjhDO.exe
  2⤵
  PID:5932
- C:\Windows\System\XqVBYQj.exe
  C:\Windows\System\XqVBYQj.exe
  2⤵
  PID:5952
- C:\Windows\System\nFcqEjA.exe
  C:\Windows\System\nFcqEjA.exe
  2⤵
  PID:5972
- C:\Windows\System\tFAABcE.exe
  C:\Windows\System\tFAABcE.exe
  2⤵
  PID:5992
- C:\Windows\System\yKueERI.exe
  C:\Windows\System\yKueERI.exe
  2⤵
  PID:6012
- C:\Windows\System\FfoUpTw.exe
  C:\Windows\System\FfoUpTw.exe
  2⤵
  PID:6032
- C:\Windows\System\idfmKmg.exe
  C:\Windows\System\idfmKmg.exe
  2⤵
  PID:6052
- C:\Windows\System\ciDpeOr.exe
  C:\Windows\System\ciDpeOr.exe
  2⤵
  PID:6072
- C:\Windows\System\QcNSMJJ.exe
  C:\Windows\System\QcNSMJJ.exe
  2⤵
  PID:6092
- C:\Windows\System\xeaRuSP.exe
  C:\Windows\System\xeaRuSP.exe
  2⤵
  PID:6112
- C:\Windows\System\CcBWoKV.exe
  C:\Windows\System\CcBWoKV.exe
  2⤵
  PID:6132
- C:\Windows\System\WtxOWqc.exe
  C:\Windows\System\WtxOWqc.exe
  2⤵
  PID:5084
- C:\Windows\System\mFFmupb.exe
  C:\Windows\System\mFFmupb.exe
  2⤵
  PID:3360
- C:\Windows\System\eGjAIZS.exe
  C:\Windows\System\eGjAIZS.exe
  2⤵
  PID:3520
- C:\Windows\System\rNasEna.exe
  C:\Windows\System\rNasEna.exe
  2⤵
  PID:4120
- C:\Windows\System\INTFOZR.exe
  C:\Windows\System\INTFOZR.exe
  2⤵
  PID:1012
- C:\Windows\System\CiRMosW.exe
  C:\Windows\System\CiRMosW.exe
  2⤵
  PID:2840
- C:\Windows\System\pTkRJDA.exe
  C:\Windows\System\pTkRJDA.exe
  2⤵
  PID:4864
- C:\Windows\System\xQbTrWa.exe
  C:\Windows\System\xQbTrWa.exe
  2⤵
  PID:5128
- C:\Windows\System\BvNuubm.exe
  C:\Windows\System\BvNuubm.exe
  2⤵
  PID:5144
- C:\Windows\System\UpIRbmj.exe
  C:\Windows\System\UpIRbmj.exe
  2⤵
  PID:5168
- C:\Windows\System\dwZuoLc.exe
  C:\Windows\System\dwZuoLc.exe
  2⤵
  PID:5204
- C:\Windows\System\rmvkcWV.exe
  C:\Windows\System\rmvkcWV.exe
  2⤵
  PID:5260
- C:\Windows\System\FkUHdaE.exe
  C:\Windows\System\FkUHdaE.exe
  2⤵
  PID:5248
- C:\Windows\System\bvQXUyR.exe
  C:\Windows\System\bvQXUyR.exe
  2⤵
  PID:5288
- C:\Windows\System\ekEwWar.exe
  C:\Windows\System\ekEwWar.exe
  2⤵
  PID:5348
- C:\Windows\System\bQluFBt.exe
  C:\Windows\System\bQluFBt.exe
  2⤵
  PID:2924
- C:\Windows\System\vaObiAv.exe
  C:\Windows\System\vaObiAv.exe
  2⤵
  PID:5364
- C:\Windows\System\rlDSdkv.exe
  C:\Windows\System\rlDSdkv.exe
  2⤵
  PID:5400
- C:\Windows\System\kFBrkJU.exe
  C:\Windows\System\kFBrkJU.exe
  2⤵
  PID:5468
- C:\Windows\System\JKvlEst.exe
  C:\Windows\System\JKvlEst.exe
  2⤵
  PID:5488
- C:\Windows\System\QwVlXjC.exe
  C:\Windows\System\QwVlXjC.exe
  2⤵
  PID:2644
- C:\Windows\System\LGeHHqf.exe
  C:\Windows\System\LGeHHqf.exe
  2⤵
  PID:5548
- C:\Windows\System\aOlERPB.exe
  C:\Windows\System\aOlERPB.exe
  2⤵
  PID:5560
- C:\Windows\System\TRJhsjt.exe
  C:\Windows\System\TRJhsjt.exe
  2⤵
  PID:2648
- C:\Windows\System\QrnUDWI.exe
  C:\Windows\System\QrnUDWI.exe
  2⤵
  PID:5624
- C:\Windows\System\bOioxBC.exe
  C:\Windows\System\bOioxBC.exe
  2⤵
  PID:5648
- C:\Windows\System\lHfqKGQ.exe
  C:\Windows\System\lHfqKGQ.exe
  2⤵
  PID:5688
- C:\Windows\System\aONVkDK.exe
  C:\Windows\System\aONVkDK.exe
  2⤵
  PID:5720
- C:\Windows\System\LxNWreu.exe
  C:\Windows\System\LxNWreu.exe
  2⤵
  PID:5744
- C:\Windows\System\tpYeqMY.exe
  C:\Windows\System\tpYeqMY.exe
  2⤵
  PID:5764
- C:\Windows\System\PWoPkJM.exe
  C:\Windows\System\PWoPkJM.exe
  2⤵
  PID:5804
- C:\Windows\System\NRUZjWJ.exe
  C:\Windows\System\NRUZjWJ.exe
  2⤵
  PID:5868
- C:\Windows\System\kTklXRT.exe
  C:\Windows\System\kTklXRT.exe
  2⤵
  PID:5880
- C:\Windows\System\ldKzITh.exe
  C:\Windows\System\ldKzITh.exe
  2⤵
  PID:5884
- C:\Windows\System\RzCbawo.exe
  C:\Windows\System\RzCbawo.exe
  2⤵
  PID:5928
- C:\Windows\System\cQMtvKl.exe
  C:\Windows\System\cQMtvKl.exe
  2⤵
  PID:2848
- C:\Windows\System\tLowcgA.exe
  C:\Windows\System\tLowcgA.exe
  2⤵
  PID:5988
- C:\Windows\System\ZZGxzpJ.exe
  C:\Windows\System\ZZGxzpJ.exe
  2⤵
  PID:6004
- C:\Windows\System\EYLlmoh.exe
  C:\Windows\System\EYLlmoh.exe
  2⤵
  PID:6060
- C:\Windows\System\XBZZavy.exe
  C:\Windows\System\XBZZavy.exe
  2⤵
  PID:6068
- C:\Windows\System\MBSCDGD.exe
  C:\Windows\System\MBSCDGD.exe
  2⤵
  PID:6080
- C:\Windows\System\mVTwFlX.exe
  C:\Windows\System\mVTwFlX.exe
  2⤵
  PID:6120
- C:\Windows\System\RErOTTi.exe
  C:\Windows\System\RErOTTi.exe
  2⤵
  PID:2448
- C:\Windows\System\jBRWEdD.exe
  C:\Windows\System\jBRWEdD.exe
  2⤵
  PID:5044
- C:\Windows\System\WbFzrZV.exe
  C:\Windows\System\WbFzrZV.exe
  2⤵
  PID:1992
- C:\Windows\System\GZywhqp.exe
  C:\Windows\System\GZywhqp.exe
  2⤵
  PID:2960
- C:\Windows\System\ZYPzTuw.exe
  C:\Windows\System\ZYPzTuw.exe
  2⤵
  PID:2464
- C:\Windows\System\peqMWqS.exe
  C:\Windows\System\peqMWqS.exe
  2⤵
  PID:4600
- C:\Windows\System\PPblGaX.exe
  C:\Windows\System\PPblGaX.exe
  2⤵
  PID:4892
- C:\Windows\System\DHbjWzT.exe
  C:\Windows\System\DHbjWzT.exe
  2⤵
  PID:5184
- C:\Windows\System\jMeKuGH.exe
  C:\Windows\System\jMeKuGH.exe
  2⤵
  PID:5308
- C:\Windows\System\utaiMzz.exe
  C:\Windows\System\utaiMzz.exe
  2⤵
  PID:5304
- C:\Windows\System\wJoIZoW.exe
  C:\Windows\System\wJoIZoW.exe
  2⤵
  PID:5340
- C:\Windows\System\TbzpPRq.exe
  C:\Windows\System\TbzpPRq.exe
  2⤵
  PID:5324
- C:\Windows\System\WTGDRMc.exe
  C:\Windows\System\WTGDRMc.exe
  2⤵
  PID:5428
- C:\Windows\System\CtLVBdQ.exe
  C:\Windows\System\CtLVBdQ.exe
  2⤵
  PID:5500
- C:\Windows\System\pPCinQv.exe
  C:\Windows\System\pPCinQv.exe
  2⤵
  PID:2704
- C:\Windows\System\qyURBMt.exe
  C:\Windows\System\qyURBMt.exe
  2⤵
  PID:2588
- C:\Windows\System\njKosuW.exe
  C:\Windows\System\njKosuW.exe
  2⤵
  PID:5584
- C:\Windows\System\NLrwAkv.exe
  C:\Windows\System\NLrwAkv.exe
  2⤵
  PID:2708
- C:\Windows\System\KTCmMUq.exe
  C:\Windows\System\KTCmMUq.exe
  2⤵
  PID:5708
- C:\Windows\System\QSaREgm.exe
  C:\Windows\System\QSaREgm.exe
  2⤵
  PID:5800
- C:\Windows\System\PzoJPCE.exe
  C:\Windows\System\PzoJPCE.exe
  2⤵
  PID:5824
- C:\Windows\System\fnqEYPi.exe
  C:\Windows\System\fnqEYPi.exe
  2⤵
  PID:5864
- C:\Windows\System\DRXvCEd.exe
  C:\Windows\System\DRXvCEd.exe
  2⤵
  PID:5920
- C:\Windows\System\bOHFAdw.exe
  C:\Windows\System\bOHFAdw.exe
  2⤵
  PID:5980
- C:\Windows\System\mTfqnnO.exe
  C:\Windows\System\mTfqnnO.exe
  2⤵
  PID:6024
- C:\Windows\System\YmyAvpB.exe
  C:\Windows\System\YmyAvpB.exe
  2⤵
  PID:2468
- C:\Windows\System\uLOnsxe.exe
  C:\Windows\System\uLOnsxe.exe
  2⤵
  PID:6124
- C:\Windows\System\iKBWmQZ.exe
  C:\Windows\System\iKBWmQZ.exe
  2⤵
  PID:6140
- C:\Windows\System\qpewuFx.exe
  C:\Windows\System\qpewuFx.exe
  2⤵
  PID:1232
- C:\Windows\System\rNVuhgX.exe
  C:\Windows\System\rNVuhgX.exe
  2⤵
  PID:1172
- C:\Windows\System\FNcTTgQ.exe
  C:\Windows\System\FNcTTgQ.exe
  2⤵
  PID:5140
- C:\Windows\System\velkYeS.exe
  C:\Windows\System\velkYeS.exe
  2⤵
  PID:4764
- C:\Windows\System\JThdMeT.exe
  C:\Windows\System\JThdMeT.exe
  2⤵
  PID:5200
- C:\Windows\System\ViaFEHe.exe
  C:\Windows\System\ViaFEHe.exe
  2⤵
  PID:5240
- C:\Windows\System\LqnldOl.exe
  C:\Windows\System\LqnldOl.exe
  2⤵
  PID:5360
- C:\Windows\System\FvHHsmb.exe
  C:\Windows\System\FvHHsmb.exe
  2⤵
  PID:5420
- C:\Windows\System\YcmfGSn.exe
  C:\Windows\System\YcmfGSn.exe
  2⤵
  PID:5580
- C:\Windows\System\lDYcKqD.exe
  C:\Windows\System\lDYcKqD.exe
  2⤵
  PID:5524
- C:\Windows\System\VOJIejM.exe
  C:\Windows\System\VOJIejM.exe
  2⤵
  PID:5640
- C:\Windows\System\TXYaZFC.exe
  C:\Windows\System\TXYaZFC.exe
  2⤵
  PID:5768
- C:\Windows\System\VECiSic.exe
  C:\Windows\System\VECiSic.exe
  2⤵
  PID:5840
- C:\Windows\System\sViXcYV.exe
  C:\Windows\System\sViXcYV.exe
  2⤵
  PID:5888
- C:\Windows\System\WMptEOH.exe
  C:\Windows\System\WMptEOH.exe
  2⤵
  PID:2972
- C:\Windows\System\DslvCxv.exe
  C:\Windows\System\DslvCxv.exe
  2⤵
  PID:6044
- C:\Windows\System\hvqAzfs.exe
  C:\Windows\System\hvqAzfs.exe
  2⤵
  PID:6084
- C:\Windows\System\tPkyVEa.exe
  C:\Windows\System\tPkyVEa.exe
  2⤵
  PID:3844
- C:\Windows\System\GuVWEVX.exe
  C:\Windows\System\GuVWEVX.exe
  2⤵
  PID:2104
- C:\Windows\System\GGghRIY.exe
  C:\Windows\System\GGghRIY.exe
  2⤵
  PID:1644
- C:\Windows\System\QDvKIrB.exe
  C:\Windows\System\QDvKIrB.exe
  2⤵
  PID:2768
- C:\Windows\System\kzJbodW.exe
  C:\Windows\System\kzJbodW.exe
  2⤵
  PID:3500
- C:\Windows\System\KGeeOaX.exe
  C:\Windows\System\KGeeOaX.exe
  2⤵
  PID:5444
- C:\Windows\System\jxwANBA.exe
  C:\Windows\System\jxwANBA.exe
  2⤵
  PID:2936
- C:\Windows\System\zdFvcAB.exe
  C:\Windows\System\zdFvcAB.exe
  2⤵
  PID:5676
- C:\Windows\System\jGPvWII.exe
  C:\Windows\System\jGPvWII.exe
  2⤵
  PID:5684
- C:\Windows\System\qLWhgEe.exe
  C:\Windows\System\qLWhgEe.exe
  2⤵
  PID:5948
- C:\Windows\System\zziWUkk.exe
  C:\Windows\System\zziWUkk.exe
  2⤵
  PID:5944
- C:\Windows\System\lvOnxex.exe
  C:\Windows\System\lvOnxex.exe
  2⤵
  PID:6040
- C:\Windows\System\HnfKkDj.exe
  C:\Windows\System\HnfKkDj.exe
  2⤵
  PID:4280
- C:\Windows\System\WoLoSMO.exe
  C:\Windows\System\WoLoSMO.exe
  2⤵
  PID:5188
- C:\Windows\System\FBDJdOi.exe
  C:\Windows\System\FBDJdOi.exe
  2⤵
  PID:5380
- C:\Windows\System\wyOOQiw.exe
  C:\Windows\System\wyOOQiw.exe
  2⤵
  PID:4684
- C:\Windows\System\YQnKktY.exe
  C:\Windows\System\YQnKktY.exe
  2⤵
  PID:5528
- C:\Windows\System\XdjcCWd.exe
  C:\Windows\System\XdjcCWd.exe
  2⤵
  PID:5740
- C:\Windows\System\bRnpGFD.exe
  C:\Windows\System\bRnpGFD.exe
  2⤵
  PID:876
- C:\Windows\System\KMkkgMf.exe
  C:\Windows\System\KMkkgMf.exe
  2⤵
  PID:5924
- C:\Windows\System\BNZhRni.exe
  C:\Windows\System\BNZhRni.exe
  2⤵
  PID:1872
- C:\Windows\System\RClYNbo.exe
  C:\Windows\System\RClYNbo.exe
  2⤵
  PID:5164
- C:\Windows\System\qLkooin.exe
  C:\Windows\System\qLkooin.exe
  2⤵
  PID:2784
- C:\Windows\System\xntGelg.exe
  C:\Windows\System\xntGelg.exe
  2⤵
  PID:6000
- C:\Windows\System\xCLNQoG.exe
  C:\Windows\System\xCLNQoG.exe
  2⤵
  PID:2160
- C:\Windows\System\WjGFqzO.exe
  C:\Windows\System\WjGFqzO.exe
  2⤵
  PID:4484
- C:\Windows\System\EyDGgmp.exe
  C:\Windows\System\EyDGgmp.exe
  2⤵
  PID:5440
- C:\Windows\System\nOqjpHr.exe
  C:\Windows\System\nOqjpHr.exe
  2⤵
  PID:3028
- C:\Windows\System\TSTYzye.exe
  C:\Windows\System\TSTYzye.exe
  2⤵
  PID:6148
- C:\Windows\System\hcPNvDv.exe
  C:\Windows\System\hcPNvDv.exe
  2⤵
  PID:6168
- C:\Windows\System\XKHTMio.exe
  C:\Windows\System\XKHTMio.exe
  2⤵
  PID:6188
- C:\Windows\System\mUZTQVs.exe
  C:\Windows\System\mUZTQVs.exe
  2⤵
  PID:6208
- C:\Windows\System\IXdvfxS.exe
  C:\Windows\System\IXdvfxS.exe
  2⤵
  PID:6228
- C:\Windows\System\WtmVjmZ.exe
  C:\Windows\System\WtmVjmZ.exe
  2⤵
  PID:6244
- C:\Windows\System\EoloCrk.exe
  C:\Windows\System\EoloCrk.exe
  2⤵
  PID:6260
- C:\Windows\System\EEHPAhm.exe
  C:\Windows\System\EEHPAhm.exe
  2⤵
  PID:6284
- C:\Windows\System\MjHwdzR.exe
  C:\Windows\System\MjHwdzR.exe
  2⤵
  PID:6300
- C:\Windows\System\WpNKpOV.exe
  C:\Windows\System\WpNKpOV.exe
  2⤵
  PID:6316
- C:\Windows\System\nsIwCbq.exe
  C:\Windows\System\nsIwCbq.exe
  2⤵
  PID:6340
- C:\Windows\System\doQuajF.exe
  C:\Windows\System\doQuajF.exe
  2⤵
  PID:6356
- C:\Windows\System\ukmNcLM.exe
  C:\Windows\System\ukmNcLM.exe
  2⤵
  PID:6384
- C:\Windows\System\IYJhMgm.exe
  C:\Windows\System\IYJhMgm.exe
  2⤵
  PID:6400
- C:\Windows\System\BoYDugO.exe
  C:\Windows\System\BoYDugO.exe
  2⤵
  PID:6416
- C:\Windows\System\ZOySnQL.exe
  C:\Windows\System\ZOySnQL.exe
  2⤵
  PID:6444
- C:\Windows\System\qrMFoAn.exe
  C:\Windows\System\qrMFoAn.exe
  2⤵
  PID:6460
- C:\Windows\System\RqUIyBw.exe
  C:\Windows\System\RqUIyBw.exe
  2⤵
  PID:6484
- C:\Windows\System\TNapmSD.exe
  C:\Windows\System\TNapmSD.exe
  2⤵
  PID:6500
- C:\Windows\System\KLOTwXJ.exe
  C:\Windows\System\KLOTwXJ.exe
  2⤵
  PID:6520
- C:\Windows\System\bfXEwmC.exe
  C:\Windows\System\bfXEwmC.exe
  2⤵
  PID:6540
- C:\Windows\System\FOoVZaV.exe
  C:\Windows\System\FOoVZaV.exe
  2⤵
  PID:6564
- C:\Windows\System\QBxuuei.exe
  C:\Windows\System\QBxuuei.exe
  2⤵
  PID:6580
- C:\Windows\System\zXkaYhb.exe
  C:\Windows\System\zXkaYhb.exe
  2⤵
  PID:6608
- C:\Windows\System\jiWvKhG.exe
  C:\Windows\System\jiWvKhG.exe
  2⤵
  PID:6624
- C:\Windows\System\nBdRwau.exe
  C:\Windows\System\nBdRwau.exe
  2⤵
  PID:6640
- C:\Windows\System\fegXyMM.exe
  C:\Windows\System\fegXyMM.exe
  2⤵
  PID:6672
- C:\Windows\System\eYKrXwK.exe
  C:\Windows\System\eYKrXwK.exe
  2⤵
  PID:6688
- C:\Windows\System\VPSzyeV.exe
  C:\Windows\System\VPSzyeV.exe
  2⤵
  PID:6704
- C:\Windows\System\kSFGvxg.exe
  C:\Windows\System\kSFGvxg.exe
  2⤵
  PID:6728
- C:\Windows\System\NepcROe.exe
  C:\Windows\System\NepcROe.exe
  2⤵
  PID:6744
- C:\Windows\System\cKmQRqc.exe
  C:\Windows\System\cKmQRqc.exe
  2⤵
  PID:6760
- C:\Windows\System\kYmxJFE.exe
  C:\Windows\System\kYmxJFE.exe
  2⤵
  PID:6784
- C:\Windows\System\yaQUxsI.exe
  C:\Windows\System\yaQUxsI.exe
  2⤵
  PID:6800
- C:\Windows\System\inJHImP.exe
  C:\Windows\System\inJHImP.exe
  2⤵
  PID:6816
- C:\Windows\System\wrVWvOm.exe
  C:\Windows\System\wrVWvOm.exe
  2⤵
  PID:6836
- C:\Windows\System\RguxLdI.exe
  C:\Windows\System\RguxLdI.exe
  2⤵
  PID:6852
- C:\Windows\System\oGPZYSh.exe
  C:\Windows\System\oGPZYSh.exe
  2⤵
  PID:6872
- C:\Windows\System\kfQJiHX.exe
  C:\Windows\System\kfQJiHX.exe
  2⤵
  PID:6888
- C:\Windows\System\CZmweYA.exe
  C:\Windows\System\CZmweYA.exe
  2⤵
  PID:6912
- C:\Windows\System\boCVNNi.exe
  C:\Windows\System\boCVNNi.exe
  2⤵
  PID:6936
- C:\Windows\System\wZOlKWU.exe
  C:\Windows\System\wZOlKWU.exe
  2⤵
  PID:6968
- C:\Windows\System\xsVYqjg.exe
  C:\Windows\System\xsVYqjg.exe
  2⤵
  PID:6984
- C:\Windows\System\LHXYCAx.exe
  C:\Windows\System\LHXYCAx.exe
  2⤵
  PID:7000
- C:\Windows\System\PoNXMfJ.exe
  C:\Windows\System\PoNXMfJ.exe
  2⤵
  PID:7016
- C:\Windows\System\TOVJjVk.exe
  C:\Windows\System\TOVJjVk.exe
  2⤵
  PID:7036
- C:\Windows\System\GaZnNpo.exe
  C:\Windows\System\GaZnNpo.exe
  2⤵
  PID:7068
- C:\Windows\System\aBlYUXG.exe
  C:\Windows\System\aBlYUXG.exe
  2⤵
  PID:7088
- C:\Windows\System\PJnjYlN.exe
  C:\Windows\System\PJnjYlN.exe
  2⤵
  PID:7108
- C:\Windows\System\xisecbc.exe
  C:\Windows\System\xisecbc.exe
  2⤵
  PID:7124
- C:\Windows\System\ysMmyFd.exe
  C:\Windows\System\ysMmyFd.exe
  2⤵
  PID:7140
- C:\Windows\System\YLeoLhN.exe
  C:\Windows\System\YLeoLhN.exe
  2⤵
  PID:7156
- C:\Windows\System\vhUhvnf.exe
  C:\Windows\System\vhUhvnf.exe
  2⤵
  PID:4424
- C:\Windows\System\RECacTG.exe
  C:\Windows\System\RECacTG.exe
  2⤵
  PID:5664
- C:\Windows\System\jmCUoxD.exe
  C:\Windows\System\jmCUoxD.exe
  2⤵
  PID:2016
- C:\Windows\System\FVVlytO.exe
  C:\Windows\System\FVVlytO.exe
  2⤵
  PID:1712
- C:\Windows\System\fpZlgOL.exe
  C:\Windows\System\fpZlgOL.exe
  2⤵
  PID:2820
- C:\Windows\System\JeFQnkE.exe
  C:\Windows\System\JeFQnkE.exe
  2⤵
  PID:2036
- C:\Windows\System\GxjhifP.exe
  C:\Windows\System\GxjhifP.exe
  2⤵
  PID:6280
- C:\Windows\System\RhTWKCr.exe
  C:\Windows\System\RhTWKCr.exe
  2⤵
  PID:2932
- C:\Windows\System\eTOAnTj.exe
  C:\Windows\System\eTOAnTj.exe
  2⤵
  PID:6348
- C:\Windows\System\cvzRdNM.exe
  C:\Windows\System\cvzRdNM.exe
  2⤵
  PID:6396
- C:\Windows\System\napQmtD.exe
  C:\Windows\System\napQmtD.exe
  2⤵
  PID:6332
- C:\Windows\System\tnSanWM.exe
  C:\Windows\System\tnSanWM.exe
  2⤵
  PID:6424
- C:\Windows\System\NvSKred.exe
  C:\Windows\System\NvSKred.exe
  2⤵
  PID:2856
- C:\Windows\System\BluRYNZ.exe
  C:\Windows\System\BluRYNZ.exe
  2⤵
  PID:6368
- C:\Windows\System\uYIKmsR.exe
  C:\Windows\System\uYIKmsR.exe
  2⤵
  PID:6408
- C:\Windows\System\JEUmGEs.exe
  C:\Windows\System\JEUmGEs.exe
  2⤵
  PID:6480
- C:\Windows\System\DabohGc.exe
  C:\Windows\System\DabohGc.exe
  2⤵
  PID:6508
- C:\Windows\System\yOnguCO.exe
  C:\Windows\System\yOnguCO.exe
  2⤵
  PID:2616
- C:\Windows\System\BoFRbmX.exe
  C:\Windows\System\BoFRbmX.exe
  2⤵
  PID:6548
- C:\Windows\System\WqPhInj.exe
  C:\Windows\System\WqPhInj.exe
  2⤵
  PID:6588
- C:\Windows\System\rENgMIe.exe
  C:\Windows\System\rENgMIe.exe
  2⤵
  PID:6532
- C:\Windows\System\MRSgvzx.exe
  C:\Windows\System\MRSgvzx.exe
  2⤵
  PID:1796
- C:\Windows\System\TGvcCBJ.exe
  C:\Windows\System\TGvcCBJ.exe
  2⤵
  PID:6536
- C:\Windows\System\jAgrHqI.exe
  C:\Windows\System\jAgrHqI.exe
  2⤵
  PID:6620
- C:\Windows\System\TXCdpzP.exe
  C:\Windows\System\TXCdpzP.exe
  2⤵
  PID:6684
- C:\Windows\System\tHBwYuN.exe
  C:\Windows\System\tHBwYuN.exe
  2⤵
  PID:6656
- C:\Windows\System\KUhXsHx.exe
  C:\Windows\System\KUhXsHx.exe
  2⤵
  PID:2008
- C:\Windows\System\xjNpSZF.exe
  C:\Windows\System\xjNpSZF.exe
  2⤵
  PID:6828
- C:\Windows\System\nvuXqFg.exe
  C:\Windows\System\nvuXqFg.exe
  2⤵
  PID:6920
- C:\Windows\System\DohkNUj.exe
  C:\Windows\System\DohkNUj.exe
  2⤵
  PID:6776
- C:\Windows\System\YdIAsWA.exe
  C:\Windows\System\YdIAsWA.exe
  2⤵
  PID:6848
- C:\Windows\System\KEjzxsw.exe
  C:\Windows\System\KEjzxsw.exe
  2⤵
  PID:6948
- C:\Windows\System\dyDMfzp.exe
  C:\Windows\System\dyDMfzp.exe
  2⤵
  PID:6964
- C:\Windows\System\WDFfSOi.exe
  C:\Windows\System\WDFfSOi.exe
  2⤵
  PID:7024
- C:\Windows\System\XhYfkWi.exe
  C:\Windows\System\XhYfkWi.exe
  2⤵
  PID:7032
- C:\Windows\System\TVOaorg.exe
  C:\Windows\System\TVOaorg.exe
  2⤵
  PID:7076
- C:\Windows\System\FdzBvGd.exe
  C:\Windows\System\FdzBvGd.exe
  2⤵
  PID:7152
- C:\Windows\System\MKeccxN.exe
  C:\Windows\System\MKeccxN.exe
  2⤵
  PID:7100
- C:\Windows\System\luBQLgc.exe
  C:\Windows\System\luBQLgc.exe
  2⤵
  PID:6176
- C:\Windows\System\wIHzjnN.exe
  C:\Windows\System\wIHzjnN.exe
  2⤵
  PID:2696
- C:\Windows\System\EZnmeOR.exe
  C:\Windows\System\EZnmeOR.exe
  2⤵
  PID:7096
- C:\Windows\System\mKfprgs.exe
  C:\Windows\System\mKfprgs.exe
  2⤵
  PID:2928
- C:\Windows\System\xEWBifn.exe
  C:\Windows\System\xEWBifn.exe
  2⤵
  PID:5604
- C:\Windows\System\VlCdTNh.exe
  C:\Windows\System\VlCdTNh.exe
  2⤵
  PID:6236
- C:\Windows\System\AyrIUUe.exe
  C:\Windows\System\AyrIUUe.exe
  2⤵
  PID:6272
- C:\Windows\System\VyZxXuH.exe
  C:\Windows\System\VyZxXuH.exe
  2⤵
  PID:1860
- C:\Windows\System\iZDlbpa.exe
  C:\Windows\System\iZDlbpa.exe
  2⤵
  PID:6308
- C:\Windows\System\MbWolhT.exe
  C:\Windows\System\MbWolhT.exe
  2⤵
  PID:1856
- C:\Windows\System\kusbQJL.exe
  C:\Windows\System\kusbQJL.exe
  2⤵
  PID:6324
- C:\Windows\System\LNjhZdq.exe
  C:\Windows\System\LNjhZdq.exe
  2⤵
  PID:6560
- C:\Windows\System\EtQvbRL.exe
  C:\Windows\System\EtQvbRL.exe
  2⤵
  PID:6572
- C:\Windows\System\RokJksT.exe
  C:\Windows\System\RokJksT.exe
  2⤵
  PID:6296
- C:\Windows\System\OgsHdrx.exe
  C:\Windows\System\OgsHdrx.exe
  2⤵
  PID:6716
- C:\Windows\System\vhFTORv.exe
  C:\Windows\System\vhFTORv.exe
  2⤵
  PID:2368
- C:\Windows\System\nYKkdcP.exe
  C:\Windows\System\nYKkdcP.exe
  2⤵
  PID:6636
- C:\Windows\System\XFyBzWU.exe
  C:\Windows\System\XFyBzWU.exe
  2⤵
  PID:6860
- C:\Windows\System\pnOaTRv.exe
  C:\Windows\System\pnOaTRv.exe
  2⤵
  PID:6768
- C:\Windows\System\AwieEXZ.exe
  C:\Windows\System\AwieEXZ.exe
  2⤵
  PID:6928
- C:\Windows\System\oiPzFyu.exe
  C:\Windows\System\oiPzFyu.exe
  2⤵
  PID:2880
- C:\Windows\System\iszVvnp.exe
  C:\Windows\System\iszVvnp.exe
  2⤵
  PID:6976
- C:\Windows\System\vjVhGwa.exe
  C:\Windows\System\vjVhGwa.exe
  2⤵
  PID:6772
- C:\Windows\System\NCpWfOw.exe
  C:\Windows\System\NCpWfOw.exe
  2⤵
  PID:7012
- C:\Windows\System\DLfDhJc.exe
  C:\Windows\System\DLfDhJc.exe
  2⤵
  PID:7080
- C:\Windows\System\pEEeZna.exe
  C:\Windows\System\pEEeZna.exe
  2⤵
  PID:6880
- C:\Windows\System\ELsWeoQ.exe
  C:\Windows\System\ELsWeoQ.exe
  2⤵
  PID:7048
- C:\Windows\System\QPWdMWp.exe
  C:\Windows\System\QPWdMWp.exe
  2⤵
  PID:7056
- C:\Windows\System\iJRyykg.exe
  C:\Windows\System\iJRyykg.exe
  2⤵
  PID:3004
- C:\Windows\System\ygpFxtd.exe
  C:\Windows\System\ygpFxtd.exe
  2⤵
  PID:1988
- C:\Windows\System\ZUPuyfb.exe
  C:\Windows\System\ZUPuyfb.exe
  2⤵
  PID:4296
- C:\Windows\System\gkoWglF.exe
  C:\Windows\System\gkoWglF.exe
  2⤵
  PID:6796
- C:\Windows\System\ymjGJJT.exe
  C:\Windows\System\ymjGJJT.exe
  2⤵
  PID:6896
- C:\Windows\System\JPGfZMZ.exe
  C:\Windows\System\JPGfZMZ.exe
  2⤵
  PID:2892
- C:\Windows\System\WWtJZUN.exe
  C:\Windows\System\WWtJZUN.exe
  2⤵
  PID:7148
- C:\Windows\System\mLFXKZI.exe
  C:\Windows\System\mLFXKZI.exe
  2⤵
  PID:6224
- C:\Windows\System\MIbwMwv.exe
  C:\Windows\System\MIbwMwv.exe
  2⤵
  PID:6516
- C:\Windows\System\RpNcNOa.exe
  C:\Windows\System\RpNcNOa.exe
  2⤵
  PID:6720
- C:\Windows\System\rfxRhku.exe
  C:\Windows\System\rfxRhku.exe
  2⤵
  PID:6312
- C:\Windows\System\Szvbijc.exe
  C:\Windows\System\Szvbijc.exe
  2⤵
  PID:6160
- C:\Windows\System\ymieHja.exe
  C:\Windows\System\ymieHja.exe
  2⤵
  PID:6492
- C:\Windows\System\hYBPlxO.exe
  C:\Windows\System\hYBPlxO.exe
  2⤵
  PID:6596
- C:\Windows\System\szQbeSI.exe
  C:\Windows\System\szQbeSI.exe
  2⤵
  PID:2244
- C:\Windows\System\bfZkGXH.exe
  C:\Windows\System\bfZkGXH.exe
  2⤵
  PID:6740
- C:\Windows\System\cGFMocY.exe
  C:\Windows\System\cGFMocY.exe
  2⤵
  PID:6668
- C:\Windows\System\PDDNQGs.exe
  C:\Windows\System\PDDNQGs.exe
  2⤵
  PID:7136
- C:\Windows\System\yIoBNCi.exe
  C:\Windows\System\yIoBNCi.exe
  2⤵
  PID:372
- C:\Windows\System\smThdQn.exe
  C:\Windows\System\smThdQn.exe
  2⤵
  PID:7172
- C:\Windows\System\QbbogUk.exe
  C:\Windows\System\QbbogUk.exe
  2⤵
  PID:7188
- C:\Windows\System\RDGgefv.exe
  C:\Windows\System\RDGgefv.exe
  2⤵
  PID:7204
- C:\Windows\System\OHgvezE.exe
  C:\Windows\System\OHgvezE.exe
  2⤵
  PID:7220
- C:\Windows\System\DymnbZQ.exe
  C:\Windows\System\DymnbZQ.exe
  2⤵
  PID:7236
- C:\Windows\System\ZBYmKFN.exe
  C:\Windows\System\ZBYmKFN.exe
  2⤵
  PID:7328
- C:\Windows\System\UNibtdR.exe
  C:\Windows\System\UNibtdR.exe
  2⤵
  PID:7348
- C:\Windows\System\xjCBEDJ.exe
  C:\Windows\System\xjCBEDJ.exe
  2⤵
  PID:7364
- C:\Windows\System\TyFdbSs.exe
  C:\Windows\System\TyFdbSs.exe
  2⤵
  PID:7384
- C:\Windows\System\MDEQoDJ.exe
  C:\Windows\System\MDEQoDJ.exe
  2⤵
  PID:7400
- C:\Windows\System\jRlMQmT.exe
  C:\Windows\System\jRlMQmT.exe
  2⤵
  PID:7416
- C:\Windows\System\tEvPRQe.exe
  C:\Windows\System\tEvPRQe.exe
  2⤵
  PID:7432
- C:\Windows\System\mQondwF.exe
  C:\Windows\System\mQondwF.exe
  2⤵
  PID:7448
- C:\Windows\System\IzaGGxg.exe
  C:\Windows\System\IzaGGxg.exe
  2⤵
  PID:7464
- C:\Windows\System\WBQhIRu.exe
  C:\Windows\System\WBQhIRu.exe
  2⤵
  PID:7492
- C:\Windows\System\TdlgBHT.exe
  C:\Windows\System\TdlgBHT.exe
  2⤵
  PID:7508
- C:\Windows\System\ANeCcEl.exe
  C:\Windows\System\ANeCcEl.exe
  2⤵
  PID:7532
- C:\Windows\System\ntMmaWv.exe
  C:\Windows\System\ntMmaWv.exe
  2⤵
  PID:7556
- C:\Windows\System\GoRgxgS.exe
  C:\Windows\System\GoRgxgS.exe
  2⤵
  PID:7580
- C:\Windows\System\EBXjPSd.exe
  C:\Windows\System\EBXjPSd.exe
  2⤵
  PID:7600
- C:\Windows\System\UFFxtBy.exe
  C:\Windows\System\UFFxtBy.exe
  2⤵
  PID:7620
- C:\Windows\System\QKRNSXW.exe
  C:\Windows\System\QKRNSXW.exe
  2⤵
  PID:7636
- C:\Windows\System\xyoYBJw.exe
  C:\Windows\System\xyoYBJw.exe
  2⤵
  PID:7652
- C:\Windows\System\DQVbqlT.exe
  C:\Windows\System\DQVbqlT.exe
  2⤵
  PID:7668
- C:\Windows\System\ZbmccsK.exe
  C:\Windows\System\ZbmccsK.exe
  2⤵
  PID:7684
- C:\Windows\System\WqRzlCJ.exe
  C:\Windows\System\WqRzlCJ.exe
  2⤵
  PID:7700
- C:\Windows\System\jTTDxvH.exe
  C:\Windows\System\jTTDxvH.exe
  2⤵
  PID:7724
- C:\Windows\System\JiIwmpb.exe
  C:\Windows\System\JiIwmpb.exe
  2⤵
  PID:7756
- C:\Windows\System\hTPxchy.exe
  C:\Windows\System\hTPxchy.exe
  2⤵
  PID:7776
- C:\Windows\System\pFXgMfQ.exe
  C:\Windows\System\pFXgMfQ.exe
  2⤵
  PID:7804
- C:\Windows\System\zulBOkn.exe
  C:\Windows\System\zulBOkn.exe
  2⤵
  PID:7820
- C:\Windows\System\ikkqwGr.exe
  C:\Windows\System\ikkqwGr.exe
  2⤵
  PID:7836
- C:\Windows\System\wbrLZoP.exe
  C:\Windows\System\wbrLZoP.exe
  2⤵
  PID:7860
- C:\Windows\System\JCJZCGB.exe
  C:\Windows\System\JCJZCGB.exe
  2⤵
  PID:7876
- C:\Windows\System\AmacBhy.exe
  C:\Windows\System\AmacBhy.exe
  2⤵
  PID:7892
- C:\Windows\System\xMRUhae.exe
  C:\Windows\System\xMRUhae.exe
  2⤵
  PID:7908
- C:\Windows\System\pnbQYXR.exe
  C:\Windows\System\pnbQYXR.exe
  2⤵
  PID:7924
- C:\Windows\System\wYsZtuR.exe
  C:\Windows\System\wYsZtuR.exe
  2⤵
  PID:7940
- C:\Windows\System\AVYAbvN.exe
  C:\Windows\System\AVYAbvN.exe
  2⤵
  PID:7964
- C:\Windows\System\fNffmxm.exe
  C:\Windows\System\fNffmxm.exe
  2⤵
  PID:7992
- C:\Windows\System\Awhtehh.exe
  C:\Windows\System\Awhtehh.exe
  2⤵
  PID:8008
- C:\Windows\System\YifZDLu.exe
  C:\Windows\System\YifZDLu.exe
  2⤵
  PID:8028
- C:\Windows\System\tJKhVBm.exe
  C:\Windows\System\tJKhVBm.exe
  2⤵
  PID:8052
- C:\Windows\System\Ljnixct.exe
  C:\Windows\System\Ljnixct.exe
  2⤵
  PID:8068
- C:\Windows\System\uBHlyLQ.exe
  C:\Windows\System\uBHlyLQ.exe
  2⤵
  PID:8100
- C:\Windows\System\uSzKQzL.exe
  C:\Windows\System\uSzKQzL.exe
  2⤵
  PID:8116
- C:\Windows\System\tszrrNW.exe
  C:\Windows\System\tszrrNW.exe
  2⤵
  PID:8132
- C:\Windows\System\PnevBKf.exe
  C:\Windows\System\PnevBKf.exe
  2⤵
  PID:8152
- C:\Windows\System\hIeniqY.exe
  C:\Windows\System\hIeniqY.exe
  2⤵
  PID:8168
- C:\Windows\System\nPgUXKh.exe
  C:\Windows\System\nPgUXKh.exe
  2⤵
  PID:8184
- C:\Windows\System\uQasuQe.exe
  C:\Windows\System\uQasuQe.exe
  2⤵
  PID:2600
- C:\Windows\System\bfGyUyp.exe
  C:\Windows\System\bfGyUyp.exe
  2⤵
  PID:6932
- C:\Windows\System\YOMgdPk.exe
  C:\Windows\System\YOMgdPk.exe
  2⤵
  PID:7200
- C:\Windows\System\EvIDTGI.exe
  C:\Windows\System\EvIDTGI.exe
  2⤵
  PID:7120
- C:\Windows\System\QUTdstN.exe
  C:\Windows\System\QUTdstN.exe
  2⤵
  PID:6700
- C:\Windows\System\NimBewb.exe
  C:\Windows\System\NimBewb.exe
  2⤵
  PID:6908
- C:\Windows\System\SnYsHAB.exe
  C:\Windows\System\SnYsHAB.exe
  2⤵
  PID:6292
- C:\Windows\System\urRGKtS.exe
  C:\Windows\System\urRGKtS.exe
  2⤵
  PID:7268
- C:\Windows\System\kADEWfk.exe
  C:\Windows\System\kADEWfk.exe
  2⤵
  PID:7280
- C:\Windows\System\UaUVsZQ.exe
  C:\Windows\System\UaUVsZQ.exe
  2⤵
  PID:7300
- C:\Windows\System\jLZxQyL.exe
  C:\Windows\System\jLZxQyL.exe
  2⤵
  PID:7320
- C:\Windows\System\QpbShmJ.exe
  C:\Windows\System\QpbShmJ.exe
  2⤵
  PID:7344
- C:\Windows\System\qxBAkLD.exe
  C:\Windows\System\qxBAkLD.exe
  2⤵
  PID:7440
- C:\Windows\System\VoMrAOi.exe
  C:\Windows\System\VoMrAOi.exe
  2⤵
  PID:7484
- C:\Windows\System\PBiRbFx.exe
  C:\Windows\System\PBiRbFx.exe
  2⤵
  PID:7392
- C:\Windows\System\AjhlQFl.exe
  C:\Windows\System\AjhlQFl.exe
  2⤵
  PID:7516
- C:\Windows\System\EmoLUNF.exe
  C:\Windows\System\EmoLUNF.exe
  2⤵
  PID:7568
- C:\Windows\System\nZWMSGN.exe
  C:\Windows\System\nZWMSGN.exe
  2⤵
  PID:7616
- C:\Windows\System\UUALbKy.exe
  C:\Windows\System\UUALbKy.exe
  2⤵
  PID:7648
- C:\Windows\System\dAzgBMi.exe
  C:\Windows\System\dAzgBMi.exe
  2⤵
  PID:7720
- C:\Windows\System\tdXTpld.exe
  C:\Windows\System\tdXTpld.exe
  2⤵
  PID:7628
- C:\Windows\System\PiPUTTI.exe
  C:\Windows\System\PiPUTTI.exe
  2⤵
  PID:7552
- C:\Windows\System\RvUSexN.exe
  C:\Windows\System\RvUSexN.exe
  2⤵
  PID:7772
- C:\Windows\System\paEMSlY.exe
  C:\Windows\System\paEMSlY.exe
  2⤵
  PID:7844
- C:\Windows\System\INMNViI.exe
  C:\Windows\System\INMNViI.exe
  2⤵
  PID:7884
- C:\Windows\System\zXFIolw.exe
  C:\Windows\System\zXFIolw.exe
  2⤵
  PID:7948
- C:\Windows\System\HInKCzD.exe
  C:\Windows\System\HInKCzD.exe
  2⤵
  PID:7960
- C:\Windows\System\vunsJUL.exe
  C:\Windows\System\vunsJUL.exe
  2⤵
  PID:7936
- C:\Windows\System\WaAKsXl.exe
  C:\Windows\System\WaAKsXl.exe
  2⤵
  PID:7792
- C:\Windows\System\RTgwOTE.exe
  C:\Windows\System\RTgwOTE.exe
  2⤵
  PID:7872
- C:\Windows\System\GhKOovm.exe
  C:\Windows\System\GhKOovm.exe
  2⤵
  PID:8040
- C:\Windows\System\RrYIKRt.exe
  C:\Windows\System\RrYIKRt.exe
  2⤵
  PID:8084
- C:\Windows\System\NbEyNfD.exe
  C:\Windows\System\NbEyNfD.exe
  2⤵
  PID:8128
- C:\Windows\System\vGbKEJT.exe
  C:\Windows\System\vGbKEJT.exe
  2⤵
  PID:8020
- C:\Windows\System\LAAVJXI.exe
  C:\Windows\System\LAAVJXI.exe
  2⤵
  PID:2676
- C:\Windows\System\UDbneLl.exe
  C:\Windows\System\UDbneLl.exe
  2⤵
  PID:8148
- C:\Windows\System\uoiSsUc.exe
  C:\Windows\System\uoiSsUc.exe
  2⤵
  PID:6336
- C:\Windows\System\DtInSgj.exe
  C:\Windows\System\DtInSgj.exe
  2⤵
  PID:6604
- C:\Windows\System\MiPSChT.exe
  C:\Windows\System\MiPSChT.exe
  2⤵
  PID:8176
- C:\Windows\System\KIlJBoq.exe
  C:\Windows\System\KIlJBoq.exe
  2⤵
  PID:7212
- C:\Windows\System\DaxesOS.exe
  C:\Windows\System\DaxesOS.exe
  2⤵
  PID:7104
- C:\Windows\System\DzvzEEg.exe
  C:\Windows\System\DzvzEEg.exe
  2⤵
  PID:7308
- C:\Windows\System\cJNOabB.exe
  C:\Windows\System\cJNOabB.exe
  2⤵
  PID:7380
- C:\Windows\System\RztjSJH.exe
  C:\Windows\System\RztjSJH.exe
  2⤵
  PID:7428
- C:\Windows\System\TcJXgsN.exe
  C:\Windows\System\TcJXgsN.exe
  2⤵
  PID:7336
- C:\Windows\System\Zwcmkvv.exe
  C:\Windows\System\Zwcmkvv.exe
  2⤵
  PID:7396
- C:\Windows\System\EjwmFCd.exe
  C:\Windows\System\EjwmFCd.exe
  2⤵
  PID:7456
- C:\Windows\System\wVFmGlu.exe
  C:\Windows\System\wVFmGlu.exe
  2⤵
  PID:7524
- C:\Windows\System\MzImuez.exe
  C:\Windows\System\MzImuez.exe
  2⤵
  PID:7680
- C:\Windows\System\HfRUArm.exe
  C:\Windows\System\HfRUArm.exe
  2⤵
  PID:7692
- C:\Windows\System\TlCSpRl.exe
  C:\Windows\System\TlCSpRl.exe
  2⤵
  PID:7712
- C:\Windows\System\GQsOWOk.exe
  C:\Windows\System\GQsOWOk.exe
  2⤵
  PID:7588
- C:\Windows\System\EocxCjW.exe
  C:\Windows\System\EocxCjW.exe
  2⤵
  PID:7852
- C:\Windows\System\PnmqxgJ.exe
  C:\Windows\System\PnmqxgJ.exe
  2⤵
  PID:7748
- C:\Windows\System\CLPvofH.exe
  C:\Windows\System\CLPvofH.exe
  2⤵
  PID:2200
- C:\Windows\System\NEUYWWP.exe
  C:\Windows\System\NEUYWWP.exe
  2⤵
  PID:2128
- C:\Windows\System\ulaInSN.exe
  C:\Windows\System\ulaInSN.exe
  2⤵
  PID:7784
- C:\Windows\System\IlFdkpD.exe
  C:\Windows\System\IlFdkpD.exe
  2⤵
  PID:7920
- C:\Windows\System\RIBhWxO.exe
  C:\Windows\System\RIBhWxO.exe
  2⤵
  PID:2004
- C:\Windows\System\gQklbGe.exe
  C:\Windows\System\gQklbGe.exe
  2⤵
  PID:8096
- C:\Windows\System\jzJUpQs.exe
  C:\Windows\System\jzJUpQs.exe
  2⤵
  PID:8164
- C:\Windows\System\xdFpjOK.exe
  C:\Windows\System\xdFpjOK.exe
  2⤵
  PID:7244
- C:\Windows\System\sxvjkOX.exe
  C:\Windows\System\sxvjkOX.exe
  2⤵
  PID:7184
- C:\Windows\System\HTKmrIr.exe
  C:\Windows\System\HTKmrIr.exe
  2⤵
  PID:6600
- C:\Windows\System\mlgWVla.exe
  C:\Windows\System\mlgWVla.exe
  2⤵
  PID:8112
- C:\Windows\System\fZvwnLJ.exe
  C:\Windows\System\fZvwnLJ.exe
  2⤵
  PID:7284
- C:\Windows\System\jNMzaGc.exe
  C:\Windows\System\jNMzaGc.exe
  2⤵
  PID:7424
- C:\Windows\System\tBUFRAO.exe
  C:\Windows\System\tBUFRAO.exe
  2⤵
  PID:7740
- C:\Windows\System\AdsUWAV.exe
  C:\Windows\System\AdsUWAV.exe
  2⤵
  PID:7816
- C:\Windows\System\jxwpRlP.exe
  C:\Windows\System\jxwpRlP.exe
  2⤵
  PID:7340
- C:\Windows\System\PMDnxRa.exe
  C:\Windows\System\PMDnxRa.exe
  2⤵
  PID:1460
- C:\Windows\System\KklHyjB.exe
  C:\Windows\System\KklHyjB.exe
  2⤵
  PID:7988
- C:\Windows\System\sjWaSvZ.exe
  C:\Windows\System\sjWaSvZ.exe
  2⤵
  PID:7500
- C:\Windows\System\Oejdepq.exe
  C:\Windows\System\Oejdepq.exe
  2⤵
  PID:528
- C:\Windows\System\UrhCpvt.exe
  C:\Windows\System\UrhCpvt.exe
  2⤵
  PID:7812
- C:\Windows\System\nhJnSoc.exe
  C:\Windows\System\nhJnSoc.exe
  2⤵
  PID:6660
- C:\Windows\System\LATBVFU.exe
  C:\Windows\System\LATBVFU.exe
  2⤵
  PID:8140
- C:\Windows\System\pgpFeIs.exe
  C:\Windows\System\pgpFeIs.exe
  2⤵
  PID:7276
- C:\Windows\System\ICxDJdV.exe
  C:\Windows\System\ICxDJdV.exe
  2⤵
  PID:7708
- C:\Windows\System\MAvjHHC.exe
  C:\Windows\System\MAvjHHC.exe
  2⤵
  PID:7768
- C:\Windows\System\KNYSbxe.exe
  C:\Windows\System\KNYSbxe.exe
  2⤵
  PID:6808
- C:\Windows\System\elKMTlE.exe
  C:\Windows\System\elKMTlE.exe
  2⤵
  PID:1008
- C:\Windows\System\eFIwitf.exe
  C:\Windows\System\eFIwitf.exe
  2⤵
  PID:7900
- C:\Windows\System\sNwcUJE.exe
  C:\Windows\System\sNwcUJE.exe
  2⤵
  PID:8088
- C:\Windows\System\MPHOApz.exe
  C:\Windows\System\MPHOApz.exe
  2⤵
  PID:8076
- C:\Windows\System\FiNPUxH.exe
  C:\Windows\System\FiNPUxH.exe
  2⤵
  PID:8080
- C:\Windows\System\NdHhpjE.exe
  C:\Windows\System\NdHhpjE.exe
  2⤵
  PID:8060
- C:\Windows\System\TkKBnaD.exe
  C:\Windows\System\TkKBnaD.exe
  2⤵
  PID:7800
- C:\Windows\System\cZQvEnd.exe
  C:\Windows\System\cZQvEnd.exe
  2⤵
  PID:8000
- C:\Windows\System\TTrdXtT.exe
  C:\Windows\System\TTrdXtT.exe
  2⤵
  PID:8044
- C:\Windows\System\AgQbNwZ.exe
  C:\Windows\System\AgQbNwZ.exe
  2⤵
  PID:6376
- C:\Windows\System\JPMoLGg.exe
  C:\Windows\System\JPMoLGg.exe
  2⤵
  PID:7828
- C:\Windows\System\EZoWhJq.exe
  C:\Windows\System\EZoWhJq.exe
  2⤵
  PID:6328
- C:\Windows\System\kyxsJQk.exe
  C:\Windows\System\kyxsJQk.exe
  2⤵
  PID:7408
- C:\Windows\System\vTAdERo.exe
  C:\Windows\System\vTAdERo.exe
  2⤵
  PID:7544
- C:\Windows\System\UJhnBmi.exe
  C:\Windows\System\UJhnBmi.exe
  2⤵
  PID:7660
- C:\Windows\System\TmwMDPe.exe
  C:\Windows\System\TmwMDPe.exe
  2⤵
  PID:8208
- C:\Windows\System\gNdsJAS.exe
  C:\Windows\System\gNdsJAS.exe
  2⤵
  PID:8232
- C:\Windows\System\BPZmPPY.exe
  C:\Windows\System\BPZmPPY.exe
  2⤵
  PID:8252
- C:\Windows\System\qhpMvHy.exe
  C:\Windows\System\qhpMvHy.exe
  2⤵
  PID:8276
- C:\Windows\System\NIGPeCh.exe
  C:\Windows\System\NIGPeCh.exe
  2⤵
  PID:8292
- C:\Windows\System\Iiwvwwj.exe
  C:\Windows\System\Iiwvwwj.exe
  2⤵
  PID:8308
- C:\Windows\System\cuKXoCR.exe
  C:\Windows\System\cuKXoCR.exe
  2⤵
  PID:8328
- C:\Windows\System\qpycfvq.exe
  C:\Windows\System\qpycfvq.exe
  2⤵
  PID:8352
- C:\Windows\System\PJhKknI.exe
  C:\Windows\System\PJhKknI.exe
  2⤵
  PID:8372
- C:\Windows\System\gSmtTjm.exe
  C:\Windows\System\gSmtTjm.exe
  2⤵
  PID:8388
- C:\Windows\System\zbkImmr.exe
  C:\Windows\System\zbkImmr.exe
  2⤵
  PID:8408
- C:\Windows\System\rbCVfWG.exe
  C:\Windows\System\rbCVfWG.exe
  2⤵
  PID:8424
- C:\Windows\System\ldwLyrE.exe
  C:\Windows\System\ldwLyrE.exe
  2⤵
  PID:8444
- C:\Windows\System\YLCeiyg.exe
  C:\Windows\System\YLCeiyg.exe
  2⤵
  PID:8460
- C:\Windows\System\yQBjOQT.exe
  C:\Windows\System\yQBjOQT.exe
  2⤵
  PID:8476
- C:\Windows\System\ObnoLeC.exe
  C:\Windows\System\ObnoLeC.exe
  2⤵
  PID:8492
- C:\Windows\System\NcKFcZs.exe
  C:\Windows\System\NcKFcZs.exe
  2⤵
  PID:8516
- C:\Windows\System\sXDHHMn.exe
  C:\Windows\System\sXDHHMn.exe
  2⤵
  PID:8532
- C:\Windows\System\JGqxVpr.exe
  C:\Windows\System\JGqxVpr.exe
  2⤵
  PID:8552
- C:\Windows\System\GdjqGFF.exe
  C:\Windows\System\GdjqGFF.exe
  2⤵
  PID:8576
- C:\Windows\System\GhLWWHs.exe
  C:\Windows\System\GhLWWHs.exe
  2⤵
  PID:8604
- C:\Windows\System\PvXeZpT.exe
  C:\Windows\System\PvXeZpT.exe
  2⤵
  PID:8628
- C:\Windows\System\hcxIzEj.exe
  C:\Windows\System\hcxIzEj.exe
  2⤵
  PID:8644
- C:\Windows\System\iKKHIDj.exe
  C:\Windows\System\iKKHIDj.exe
  2⤵
  PID:8716
- C:\Windows\System\PRDNfYv.exe
  C:\Windows\System\PRDNfYv.exe
  2⤵
  PID:8732
- C:\Windows\System\AsDjDlT.exe
  C:\Windows\System\AsDjDlT.exe
  2⤵
  PID:8752
- C:\Windows\System\kdMFIBv.exe
  C:\Windows\System\kdMFIBv.exe
  2⤵
  PID:8780
- C:\Windows\System\FofDFUH.exe
  C:\Windows\System\FofDFUH.exe
  2⤵
  PID:8800
- C:\Windows\System\uqWfDEb.exe
  C:\Windows\System\uqWfDEb.exe
  2⤵
  PID:8816
- C:\Windows\System\EsWUHMs.exe
  C:\Windows\System\EsWUHMs.exe
  2⤵
  PID:8832
- C:\Windows\System\agPBbGs.exe
  C:\Windows\System\agPBbGs.exe
  2⤵
  PID:8848
- C:\Windows\System\YbyKRbc.exe
  C:\Windows\System\YbyKRbc.exe
  2⤵
  PID:8864
- C:\Windows\System\LqnMGgJ.exe
  C:\Windows\System\LqnMGgJ.exe
  2⤵
  PID:8880
- C:\Windows\System\FVnmOIK.exe
  C:\Windows\System\FVnmOIK.exe
  2⤵
  PID:8900
- C:\Windows\System\aXlSVSG.exe
  C:\Windows\System\aXlSVSG.exe
  2⤵
  PID:8940
- C:\Windows\System\xznhIZd.exe
  C:\Windows\System\xznhIZd.exe
  2⤵
  PID:8956
- C:\Windows\System\LQIKZmi.exe
  C:\Windows\System\LQIKZmi.exe
  2⤵
  PID:8972
- C:\Windows\System\xYKOWQi.exe
  C:\Windows\System\xYKOWQi.exe
  2⤵
  PID:8992
- C:\Windows\System\XoSSXqF.exe
  C:\Windows\System\XoSSXqF.exe
  2⤵
  PID:9012
- C:\Windows\System\LJOhJkj.exe
  C:\Windows\System\LJOhJkj.exe
  2⤵
  PID:9028
- C:\Windows\System\gyeQbBV.exe
  C:\Windows\System\gyeQbBV.exe
  2⤵
  PID:9044
- C:\Windows\System\KYpAJjx.exe
  C:\Windows\System\KYpAJjx.exe
  2⤵
  PID:9068
- C:\Windows\System\NfbMAlf.exe
  C:\Windows\System\NfbMAlf.exe
  2⤵
  PID:9088
- C:\Windows\System\pUSGcpw.exe
  C:\Windows\System\pUSGcpw.exe
  2⤵
  PID:9112
- C:\Windows\System\WyIlVqZ.exe
  C:\Windows\System\WyIlVqZ.exe
  2⤵
  PID:9136
- C:\Windows\System\srrzBvu.exe
  C:\Windows\System\srrzBvu.exe
  2⤵
  PID:9152
- C:\Windows\System\WMXzzpy.exe
  C:\Windows\System\WMXzzpy.exe
  2⤵
  PID:9176
- C:\Windows\System\VofNjzp.exe
  C:\Windows\System\VofNjzp.exe
  2⤵
  PID:9196
- C:\Windows\System\RodRReO.exe
  C:\Windows\System\RodRReO.exe
  2⤵
  PID:9212
- C:\Windows\System\nyuuoIw.exe
  C:\Windows\System\nyuuoIw.exe
  2⤵
  PID:8284
- C:\Windows\System\zLctDtP.exe
  C:\Windows\System\zLctDtP.exe
  2⤵
  PID:8324
- C:\Windows\System\hnFnGrn.exe
  C:\Windows\System\hnFnGrn.exe
  2⤵
  PID:8396
- C:\Windows\System\RSCwYgt.exe
  C:\Windows\System\RSCwYgt.exe
  2⤵
  PID:8224
- C:\Windows\System\AwMnrAN.exe
  C:\Windows\System\AwMnrAN.exe
  2⤵
  PID:8336
- C:\Windows\System\okofoQk.exe
  C:\Windows\System\okofoQk.exe
  2⤵
  PID:8384
- C:\Windows\System\YtAndch.exe
  C:\Windows\System\YtAndch.exe
  2⤵
  PID:7476
- C:\Windows\System\JtCRhOs.exe
  C:\Windows\System\JtCRhOs.exe
  2⤵
  PID:8268
- C:\Windows\System\OBMPrdH.exe
  C:\Windows\System\OBMPrdH.exe
  2⤵
  PID:8500
- C:\Windows\System\VoysbTS.exe
  C:\Windows\System\VoysbTS.exe
  2⤵
  PID:8528
- C:\Windows\System\YeDHhMx.exe
  C:\Windows\System\YeDHhMx.exe
  2⤵
  PID:348
- C:\Windows\System\hmCRRhP.exe
  C:\Windows\System\hmCRRhP.exe
  2⤵
  PID:8564
- C:\Windows\System\qcSVObY.exe
  C:\Windows\System\qcSVObY.exe
  2⤵
  PID:8592
- C:\Windows\System\xjCGAGH.exe
  C:\Windows\System\xjCGAGH.exe
  2⤵
  PID:8620
- C:\Windows\System\OXXKyIf.exe
  C:\Windows\System\OXXKyIf.exe
  2⤵
  PID:8680
- C:\Windows\System\KQpLfhl.exe
  C:\Windows\System\KQpLfhl.exe
  2⤵
  PID:8700
- C:\Windows\System\TySpWWO.exe
  C:\Windows\System\TySpWWO.exe
  2⤵
  PID:8744
- C:\Windows\System\whfjwgo.exe
  C:\Windows\System\whfjwgo.exe
  2⤵
  PID:8768
- C:\Windows\System\PcJEcGv.exe
  C:\Windows\System\PcJEcGv.exe
  2⤵
  PID:8792
- C:\Windows\System\fqiONki.exe
  C:\Windows\System\fqiONki.exe
  2⤵
  PID:8872
- C:\Windows\System\ArWZjxd.exe
  C:\Windows\System\ArWZjxd.exe
  2⤵
  PID:8856
- C:\Windows\System\rQUfSao.exe
  C:\Windows\System\rQUfSao.exe
  2⤵
  PID:8916
- C:\Windows\System\vFTQDRi.exe
  C:\Windows\System\vFTQDRi.exe
  2⤵
  PID:8936
- C:\Windows\System\fMVvrNq.exe
  C:\Windows\System\fMVvrNq.exe
  2⤵
  PID:9020
- C:\Windows\System\rfwBBCe.exe
  C:\Windows\System\rfwBBCe.exe
  2⤵
  PID:9008
- C:\Windows\System\OlsawHt.exe
  C:\Windows\System\OlsawHt.exe
  2⤵
  PID:9040
- C:\Windows\System\jMvSZXn.exe
  C:\Windows\System\jMvSZXn.exe
  2⤵
  PID:9128
- C:\Windows\System\ZjrDNCD.exe
  C:\Windows\System\ZjrDNCD.exe
  2⤵
  PID:9052
- C:\Windows\System\AytPvaT.exe
  C:\Windows\System\AytPvaT.exe
  2⤵
  PID:9164
- C:\Windows\System\avErWyv.exe
  C:\Windows\System\avErWyv.exe
  2⤵
  PID:9100
- C:\Windows\System\VJpTjlZ.exe
  C:\Windows\System\VJpTjlZ.exe
  2⤵
  PID:8316
- C:\Windows\System\uJiFpxP.exe
  C:\Windows\System\uJiFpxP.exe
  2⤵
  PID:9192
- C:\Windows\System\WywBSsl.exe
  C:\Windows\System\WywBSsl.exe
  2⤵
  PID:9188
- C:\Windows\System\inztPhl.exe
  C:\Windows\System\inztPhl.exe
  2⤵
  PID:6824
- C:\Windows\System\UgiMDZD.exe
  C:\Windows\System\UgiMDZD.exe
  2⤵
  PID:8436
- C:\Windows\System\qDipOCD.exe
  C:\Windows\System\qDipOCD.exe
  2⤵
  PID:8304
- C:\Windows\System\vUFurvU.exe
  C:\Windows\System\vUFurvU.exe
  2⤵
  PID:8228
- C:\Windows\System\SebvKeb.exe
  C:\Windows\System\SebvKeb.exe
  2⤵
  PID:8452
- C:\Windows\System\sHZbDCT.exe
  C:\Windows\System\sHZbDCT.exe
  2⤵
  PID:8612
- C:\Windows\System\IFBhRwo.exe
  C:\Windows\System\IFBhRwo.exe
  2⤵
  PID:8764
- C:\Windows\System\VefPuwo.exe
  C:\Windows\System\VefPuwo.exe
  2⤵
  PID:8676
- C:\Windows\System\DvRHNWA.exe
  C:\Windows\System\DvRHNWA.exe
  2⤵
  PID:8776
- C:\Windows\System\QhLzcyV.exe
  C:\Windows\System\QhLzcyV.exe
  2⤵
  PID:8808
- C:\Windows\System\IorhOKn.exe
  C:\Windows\System\IorhOKn.exe
  2⤵
  PID:8892
- C:\Windows\System\GRlPxwR.exe
  C:\Windows\System\GRlPxwR.exe
  2⤵
  PID:8988
- C:\Windows\System\JMGhheZ.exe
  C:\Windows\System\JMGhheZ.exe
  2⤵
  PID:9160
- C:\Windows\System\ADaVxUw.exe
  C:\Windows\System\ADaVxUw.exe
  2⤵
  PID:8220
- C:\Windows\System\MGWbyRn.exe
  C:\Windows\System\MGWbyRn.exe
  2⤵
  PID:8416
- C:\Windows\System\teSmFkR.exe
  C:\Windows\System\teSmFkR.exe
  2⤵
  PID:8320
- C:\Windows\System\kxDOzdr.exe
  C:\Windows\System\kxDOzdr.exe
  2⤵
  PID:9168
- C:\Windows\System\yElUraN.exe
  C:\Windows\System\yElUraN.exe
  2⤵
  PID:8200
- C:\Windows\System\DILrskd.exe
  C:\Windows\System\DILrskd.exe
  2⤵
  PID:9108
- C:\Windows\System\EjunVMQ.exe
  C:\Windows\System\EjunVMQ.exe
  2⤵
  PID:8440
- C:\Windows\System\xtUyheE.exe
  C:\Windows\System\xtUyheE.exe
  2⤵
  PID:8524
- C:\Windows\System\DBtfjKM.exe
  C:\Windows\System\DBtfjKM.exe
  2⤵
  PID:8600
- C:\Windows\System\MULHbgQ.exe
  C:\Windows\System\MULHbgQ.exe
  2⤵
  PID:8640
- C:\Windows\System\gfuiXCt.exe
  C:\Windows\System\gfuiXCt.exe
  2⤵
  PID:8844
- C:\Windows\System\uGdGdRI.exe
  C:\Windows\System\uGdGdRI.exe
  2⤵
  PID:8860
- C:\Windows\System\crVMJqK.exe
  C:\Windows\System\crVMJqK.exe
  2⤵
  PID:8980
- C:\Windows\System\XYgMWvL.exe
  C:\Windows\System\XYgMWvL.exe
  2⤵
  PID:8984
- C:\Windows\System\wRbTzon.exe
  C:\Windows\System\wRbTzon.exe
  2⤵
  PID:8952
- C:\Windows\System\fEcHSYY.exe
  C:\Windows\System\fEcHSYY.exe
  2⤵
  PID:9120
- C:\Windows\System\BLIwuQU.exe
  C:\Windows\System\BLIwuQU.exe
  2⤵
  PID:8540
- C:\Windows\System\Uqbqdup.exe
  C:\Windows\System\Uqbqdup.exe
  2⤵
  PID:8812
- C:\Windows\System\DVpbhid.exe
  C:\Windows\System\DVpbhid.exe
  2⤵
  PID:9084
- C:\Windows\System\tsSPebW.exe
  C:\Windows\System\tsSPebW.exe
  2⤵
  PID:8728
- C:\Windows\System\xrlNxME.exe
  C:\Windows\System\xrlNxME.exe
  2⤵
  PID:8724
- C:\Windows\System\EzYwIvZ.exe
  C:\Windows\System\EzYwIvZ.exe
  2⤵
  PID:8928
- C:\Windows\System\OnsQxFu.exe
  C:\Windows\System\OnsQxFu.exe
  2⤵
  PID:7972
- C:\Windows\System\sOpQftp.exe
  C:\Windows\System\sOpQftp.exe
  2⤵
  PID:1592
- C:\Windows\System\VnAZuvO.exe
  C:\Windows\System\VnAZuvO.exe
  2⤵
  PID:8796
- C:\Windows\System\OIEMsaL.exe
  C:\Windows\System\OIEMsaL.exe
  2⤵
  PID:8420
- C:\Windows\System\GhIdywY.exe
  C:\Windows\System\GhIdywY.exe
  2⤵
  PID:8588
- C:\Windows\System\WTZSGbV.exe
  C:\Windows\System\WTZSGbV.exe
  2⤵
  PID:8760
- C:\Windows\System\uyChQqP.exe
  C:\Windows\System\uyChQqP.exe
  2⤵
  PID:8248
- C:\Windows\System\ckkiSOq.exe
  C:\Windows\System\ckkiSOq.exe
  2⤵
  PID:8748
- C:\Windows\System\VxxWpzK.exe
  C:\Windows\System\VxxWpzK.exe
  2⤵
  PID:9220
- C:\Windows\System\NsvCNIz.exe
  C:\Windows\System\NsvCNIz.exe
  2⤵
  PID:9236
- C:\Windows\System\ltWbRUq.exe
  C:\Windows\System\ltWbRUq.exe
  2⤵
  PID:9260
- C:\Windows\System\lGPGxpz.exe
  C:\Windows\System\lGPGxpz.exe
  2⤵
  PID:9284
- C:\Windows\System\wgTZPAf.exe
  C:\Windows\System\wgTZPAf.exe
  2⤵
  PID:9300
- C:\Windows\System\fvKdGYz.exe
  C:\Windows\System\fvKdGYz.exe
  2⤵
  PID:9316
- C:\Windows\System\KyxyZNy.exe
  C:\Windows\System\KyxyZNy.exe
  2⤵
  PID:9340
- C:\Windows\System\bVhEESm.exe
  C:\Windows\System\bVhEESm.exe
  2⤵
  PID:9356
- C:\Windows\System\YzIOWQL.exe
  C:\Windows\System\YzIOWQL.exe
  2⤵
  PID:9388
- C:\Windows\System\sEqhQGN.exe
  C:\Windows\System\sEqhQGN.exe
  2⤵
  PID:9404
- C:\Windows\System\nxqNpYB.exe
  C:\Windows\System\nxqNpYB.exe
  2⤵
  PID:9420
- C:\Windows\System\rejcsZC.exe
  C:\Windows\System\rejcsZC.exe
  2⤵
  PID:9436
- C:\Windows\System\gxwMXku.exe
  C:\Windows\System\gxwMXku.exe
  2⤵
  PID:9456
- C:\Windows\System\taehHmq.exe
  C:\Windows\System\taehHmq.exe
  2⤵
  PID:9476
- C:\Windows\System\iyqRSQh.exe
  C:\Windows\System\iyqRSQh.exe
  2⤵
  PID:9508
- C:\Windows\System\cTYlwkU.exe
  C:\Windows\System\cTYlwkU.exe
  2⤵
  PID:9524
- C:\Windows\System\XJhRJDF.exe
  C:\Windows\System\XJhRJDF.exe
  2⤵
  PID:9540
- C:\Windows\System\sgfuenb.exe
  C:\Windows\System\sgfuenb.exe
  2⤵
  PID:9560
- C:\Windows\System\TmgasBX.exe
  C:\Windows\System\TmgasBX.exe
  2⤵
  PID:9580
- C:\Windows\System\WkeScLq.exe
  C:\Windows\System\WkeScLq.exe
  2⤵
  PID:9596
- C:\Windows\System\DppVRUl.exe
  C:\Windows\System\DppVRUl.exe
  2⤵
  PID:9620
- C:\Windows\System\IkJxPUW.exe
  C:\Windows\System\IkJxPUW.exe
  2⤵
  PID:9636
- C:\Windows\System\YdDBUDO.exe
  C:\Windows\System\YdDBUDO.exe
  2⤵
  PID:9656
- C:\Windows\System\QGgmGAv.exe
  C:\Windows\System\QGgmGAv.exe
  2⤵
  PID:9672
- C:\Windows\System\gksjQmx.exe
  C:\Windows\System\gksjQmx.exe
  2⤵
  PID:9688
- C:\Windows\System\SmrdCDY.exe
  C:\Windows\System\SmrdCDY.exe
  2⤵
  PID:9704
- C:\Windows\System\pQVgZWR.exe
  C:\Windows\System\pQVgZWR.exe
  2⤵
  PID:9728
- C:\Windows\System\lAcHyJZ.exe
  C:\Windows\System\lAcHyJZ.exe
  2⤵
  PID:9748
- C:\Windows\System\BIfliQW.exe
  C:\Windows\System\BIfliQW.exe
  2⤵
  PID:9768
- C:\Windows\System\acGdTRX.exe
  C:\Windows\System\acGdTRX.exe
  2⤵
  PID:9784
- C:\Windows\System\wsdeqkU.exe
  C:\Windows\System\wsdeqkU.exe
  2⤵
  PID:9804
- C:\Windows\System\wbCullY.exe
  C:\Windows\System\wbCullY.exe
  2⤵
  PID:9820
- C:\Windows\System\VzQrRht.exe
  C:\Windows\System\VzQrRht.exe
  2⤵
  PID:9836
- C:\Windows\System\yyIZbNs.exe
  C:\Windows\System\yyIZbNs.exe
  2⤵
  PID:9860
- C:\Windows\System\BasefLr.exe
  C:\Windows\System\BasefLr.exe
  2⤵
  PID:9884
- C:\Windows\System\tqvvfTx.exe
  C:\Windows\System\tqvvfTx.exe
  2⤵
  PID:9932
- C:\Windows\System\LFFZQQR.exe
  C:\Windows\System\LFFZQQR.exe
  2⤵
  PID:9948
- C:\Windows\System\Xruqelk.exe
  C:\Windows\System\Xruqelk.exe
  2⤵
  PID:9968
- C:\Windows\System\mieayHv.exe
  C:\Windows\System\mieayHv.exe
  2⤵
  PID:9988
- C:\Windows\System\GiGOXiM.exe
  C:\Windows\System\GiGOXiM.exe
  2⤵
  PID:10004
- C:\Windows\System\mZsiiKd.exe
  C:\Windows\System\mZsiiKd.exe
  2⤵
  PID:10032
- C:\Windows\System\dfxCfeN.exe
  C:\Windows\System\dfxCfeN.exe
  2⤵
  PID:10056
- C:\Windows\System\zZACeOg.exe
  C:\Windows\System\zZACeOg.exe
  2⤵
  PID:10072
- C:\Windows\System\kyNCJdm.exe
  C:\Windows\System\kyNCJdm.exe
  2⤵
  PID:10088
- C:\Windows\System\EAnXZUm.exe
  C:\Windows\System\EAnXZUm.exe
  2⤵
  PID:10104
- C:\Windows\System\PJReYOk.exe
  C:\Windows\System\PJReYOk.exe
  2⤵
  PID:10132
- C:\Windows\System\NVohbyA.exe
  C:\Windows\System\NVohbyA.exe
  2⤵
  PID:10148
- C:\Windows\System\rFXhLfv.exe
  C:\Windows\System\rFXhLfv.exe
  2⤵
  PID:10176
- C:\Windows\System\XwfPanm.exe
  C:\Windows\System\XwfPanm.exe
  2⤵
  PID:10192
- C:\Windows\System\CNQNMPP.exe
  C:\Windows\System\CNQNMPP.exe
  2⤵
  PID:10208
- C:\Windows\System\GSWAjYC.exe
  C:\Windows\System\GSWAjYC.exe
  2⤵
  PID:10232
- C:\Windows\System\eECCGmP.exe
  C:\Windows\System\eECCGmP.exe
  2⤵
  PID:9204
- C:\Windows\System\BybuiML.exe
  C:\Windows\System\BybuiML.exe
  2⤵
  PID:9252
- C:\Windows\System\nQoGDWY.exe
  C:\Windows\System\nQoGDWY.exe
  2⤵
  PID:9280
- C:\Windows\System\GgYNoES.exe
  C:\Windows\System\GgYNoES.exe
  2⤵
  PID:9124
- C:\Windows\System\qdRzgSm.exe
  C:\Windows\System\qdRzgSm.exe
  2⤵
  PID:9372
- C:\Windows\System\FhytNLC.exe
  C:\Windows\System\FhytNLC.exe
  2⤵
  PID:9396
- C:\Windows\System\PxRzeCv.exe
  C:\Windows\System\PxRzeCv.exe
  2⤵
  PID:9464
- C:\Windows\System\TDBIEQW.exe
  C:\Windows\System\TDBIEQW.exe
  2⤵
  PID:9412
- C:\Windows\System\UnQIaxd.exe
  C:\Windows\System\UnQIaxd.exe
  2⤵
  PID:9500
- C:\Windows\System\lHXFCrP.exe
  C:\Windows\System\lHXFCrP.exe
  2⤵
  PID:9520
- C:\Windows\System\jGdMchc.exe
  C:\Windows\System\jGdMchc.exe
  2⤵
  PID:9556
- C:\Windows\System\WMLBLDf.exe
  C:\Windows\System\WMLBLDf.exe
  2⤵
  PID:9632
- C:\Windows\System\hsxOfKO.exe
  C:\Windows\System\hsxOfKO.exe
  2⤵
  PID:9740
- C:\Windows\System\kKVcGJs.exe
  C:\Windows\System\kKVcGJs.exe
  2⤵
  PID:9844
- C:\Windows\System\YLXBtpZ.exe
  C:\Windows\System\YLXBtpZ.exe
  2⤵
  PID:9892
- C:\Windows\System\kGKbLGF.exe
  C:\Windows\System\kGKbLGF.exe
  2⤵
  PID:9608
- C:\Windows\System\cwzWqiw.exe
  C:\Windows\System\cwzWqiw.exe
  2⤵
  PID:9644
- C:\Windows\System\XkDjgGq.exe
  C:\Windows\System\XkDjgGq.exe
  2⤵
  PID:9716
- C:\Windows\System\GVJwXgh.exe
  C:\Windows\System\GVJwXgh.exe
  2⤵
  PID:9760
- C:\Windows\System\PAwruIq.exe
  C:\Windows\System\PAwruIq.exe
  2⤵
  PID:9832
- C:\Windows\System\ZaHlPUC.exe
  C:\Windows\System\ZaHlPUC.exe
  2⤵
  PID:9904
- C:\Windows\System\VTclOVk.exe
  C:\Windows\System\VTclOVk.exe
  2⤵
  PID:9920
- C:\Windows\System\rJCOyyO.exe
  C:\Windows\System\rJCOyyO.exe
  2⤵
  PID:9956
- C:\Windows\System\gdLWBIW.exe
  C:\Windows\System\gdLWBIW.exe
  2⤵
  PID:10000
- C:\Windows\System\rwaaHDC.exe
  C:\Windows\System\rwaaHDC.exe
  2⤵
  PID:10020
- C:\Windows\System\zBEeGew.exe
  C:\Windows\System\zBEeGew.exe
  2⤵
  PID:10040
- C:\Windows\System\ErYEaGx.exe
  C:\Windows\System\ErYEaGx.exe
  2⤵
  PID:10080
- C:\Windows\System\KzRXgwX.exe
  C:\Windows\System\KzRXgwX.exe
  2⤵
  PID:10128
- C:\Windows\System\wwpVKua.exe
  C:\Windows\System\wwpVKua.exe
  2⤵
  PID:10160
- C:\Windows\System\LrubGjz.exe
  C:\Windows\System\LrubGjz.exe
  2⤵
  PID:10188
- C:\Windows\System\oicTTAx.exe
  C:\Windows\System\oicTTAx.exe
  2⤵
  PID:10052
- C:\Windows\System\GjdiATV.exe
  C:\Windows\System\GjdiATV.exe
  2⤵
  PID:8348
- C:\Windows\System\LQortPo.exe
  C:\Windows\System\LQortPo.exe
  2⤵
  PID:9248
- C:\Windows\System\pfkIVwZ.exe
  C:\Windows\System\pfkIVwZ.exe
  2⤵
  PID:9332
- C:\Windows\System\qhgmFop.exe
  C:\Windows\System\qhgmFop.exe
  2⤵
  PID:9364
- C:\Windows\System\HfscZGu.exe
  C:\Windows\System\HfscZGu.exe
  2⤵
  PID:9428
- C:\Windows\System\NvAaKbJ.exe
  C:\Windows\System\NvAaKbJ.exe
  2⤵
  PID:9448
- C:\Windows\System\UMEtbcQ.exe
  C:\Windows\System\UMEtbcQ.exe
  2⤵
  PID:9516
- C:\Windows\System\jgSZJQr.exe
  C:\Windows\System\jgSZJQr.exe
  2⤵
  PID:9588
- C:\Windows\System\HBTNlsb.exe
  C:\Windows\System\HBTNlsb.exe
  2⤵
  PID:9696
- C:\Windows\System\iHMRYgs.exe
  C:\Windows\System\iHMRYgs.exe
  2⤵
  PID:9852
- C:\Windows\System\bklnJKY.exe
  C:\Windows\System\bklnJKY.exe
  2⤵
  PID:9812
- C:\Windows\System\ZIlHQaW.exe
  C:\Windows\System\ZIlHQaW.exe
  2⤵
  PID:9576
- C:\Windows\System\LhmIJlM.exe
  C:\Windows\System\LhmIJlM.exe
  2⤵
  PID:9900
- C:\Windows\System\WQohgHf.exe
  C:\Windows\System\WQohgHf.exe
  2⤵
  PID:9684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AfiYqGq.exe

Filesize
6.0MB

MD5
589113d1d76cb8557b95a22376ee185f

SHA1
b65da23f864dce07a3868f715cc849fc6eec7bc8

SHA256
025c3a6d69dda9f0745e5bb737fe76a91ac9afa837e2b78d3185caf7464cf3fd

SHA512
f085cd1d24ee2ff6ed282539c2383253096054041915d6f47d5438a4dc14b67b29a8a679a261c4dcacf477436d70185611a079714a2b697384a69f527b15f7e8

Download Submit
C:\Windows\system\EmCeXxU.exe

Filesize
6.0MB

MD5
b92e2f28c7db6f8c7f4fa470af565f3a

SHA1
6625e15f80d7db960e5a6bd3cb5d516444d8a05c

SHA256
33d7703c8790802059faf3705a9ecc8ff28c36fb51e8a08b16775a3d358abbcc

SHA512
d3893942a1b415fb516505c69a5af971a473bfe7d18c58b682371ceba48b2e69da709725a325610744d882461bfa98a7950ee92dd72dad0616154f8a7f2130ae

Download Submit
C:\Windows\system\HMVHcvi.exe

Filesize
6.0MB

MD5
62f299f678f1fe5082cc7a3c4b201bb9

SHA1
1d36dce5f0b2a172b321f84905d0d02ba9adc3a8

SHA256
ff4bc836b81b1cde5431e26bad355a92edc3ee473c471729478713f3675de10e

SHA512
da621b02f226abe21d991ce93522bb79277d2f277c406e11e75b9055e6c86e7e4e180f2364bba399f47afa7dd6f3d156e73c54f91c74525b16df748688dafbc4

Download Submit
C:\Windows\system\IuwLJeB.exe

Filesize
6.0MB

MD5
9983507c10cc89cf9eb906275c19edd4

SHA1
2ff26ebb46575a501bb862de92b8ae8aa6a9ad5c

SHA256
a3025a6d98216ece38e0cea1094fc321f6930f2f95b84903854253d672807ee6

SHA512
107b6c445a3a01e1f29d8560433bead4f5c0f5d6d6efd5e86816bf87a73ef7e8a6ee13ba62fa2c175715ff7da6c89f43ee0e4da44ebb2a7ff146411724dc34ba

Download Submit
C:\Windows\system\LTkGDKw.exe

Filesize
6.0MB

MD5
ea0fbe9f33fc3ae446e3f113150d6d6c

SHA1
122ba19b82b3fea67022043ce738585b18a20e1d

SHA256
cc68bc4b490533d068a8570b7ddd54d08e9616a9e9b51c0d8f56d17444fe1b7e

SHA512
08efe383eddb0c11331ddce3d69c50c5e694f46c88f933264caa89aacdc45c24e9bd8462e315c169ea7dfccf798fcabc7888ec92fbf4b6e3f3453a6c691af4bb

Download Submit
C:\Windows\system\MeeasFS.exe

Filesize
6.0MB

MD5
bcabb71152b83f7cd4f371e397bb09ce

SHA1
bd766a1b93e0d560bb830b5f8e3479b9b2e7922f

SHA256
01689a710addc0cdd6246b75d8da0e5ad7d3737a9360b2953031e3211ee524da

SHA512
bc0d5dfd48046af6a6b5ead4f7460fd8d1c5e8aabb53dc82063ff2982198b0e481d2450353033903ed0d30efda7bee55efaa97043e9aeba6106b55a4c51d6122

Download Submit
C:\Windows\system\OwGzgQk.exe

Filesize
6.0MB

MD5
3ec00d8a3b15d59cb03f976f721b28a5

SHA1
d205e4d79adcb7ff1b3940f280fa6a4cedd4e2f2

SHA256
26dbb1d6fdfcc70f8e29570d8afa3aba7b1c5fe9f7b1f2d45435fcaf5518418e

SHA512
4f0cd1e35cf602235f47e7f319952135ea04d159e87b8d6f7ad42bbba82bd18b8b264a4b048aa2c498196d2747576e9e999191f98616439361f1342613956012

Download Submit
C:\Windows\system\QlsjHVE.exe

Filesize
6.0MB

MD5
7e08603d892982d0c393606a60e6c9e8

SHA1
12c6dffbc86392ffc09b1c17719a6336bba25fa1

SHA256
bebfd0b63c76e014019acd73c3a4bb6f8e39386b7eab312d62d59e58daaf97a2

SHA512
e8e6958cf52d2a292e91b5241849c1afcdaaabf1eaa3eed4a53de14e8c89371553b1f5e644049519bfd6dc20ed420e5197e3a8a943980e52cb2f35582d0ab696

Download Submit
C:\Windows\system\RBmtrjc.exe

Filesize
6.0MB

MD5
4ee24d14299cb75fd3422d9c820adcb6

SHA1
296433d465e29aab92ab42499452252ddd21126b

SHA256
95e629879d07b74d462ad0480ce7685e7cc3324fad52d9b620df42306998b1e3

SHA512
8955c3b161ce42b86708743786449b93b5e61935e3772dfdab12b3283c417aaa644d45f20cf2c6a4f6b38a0ee89d261d1a1d9fc4d0f98387ebd6ede7aac6628a

Download Submit
C:\Windows\system\RWtWUwo.exe

Filesize
6.0MB

MD5
ff90594cee04148e796e628e017981b6

SHA1
072fe248eeb35ef11f3556b35fc6b7817ee7ecad

SHA256
df7960030bc15aa1fcfd18f1e6c9ee84de6952ca5b3ded1a63938ed476616862

SHA512
b28d174494eea60758b51c45620d0b8f175151e552d4683b1f5405c9011e47ade027d1978763f134412cb90b893d34c0247192957b752128bc21fe7386b1ba99

Download Submit
C:\Windows\system\TGhxrkc.exe

Filesize
6.0MB

MD5
7610e9903618c40dab371a5460de40d3

SHA1
d2c8fedca98ff098215ee6ca280da67e7728a921

SHA256
b3d7cce12cfcf1079125d8dec7d1d1b11b73e4f3c857de08a3e639679692c754

SHA512
56d2c25eccfed92f8c670dbad690211870bf5f8fc0435b151df2de2ea97c1541292c2b0061c8a30e69a2229d169a13405c0083cb7f0830f4db94dbeb8f0991d8

Download Submit
C:\Windows\system\UAkIWux.exe

Filesize
6.0MB

MD5
2bd7ad2ba8cdcf76045a7053bc3e7b1d

SHA1
89c8c4aec92261b71a4287edaa1e990535611660

SHA256
0a37de2c18f837633a9ce491111a73401effe75aa0e4fca432f7ab6ae74cf38c

SHA512
f920e5f2a72bd3c0b1723d679b5e396703e0174b0203db00903c210b6e689c6e813ccea06382e6bdd440dfce0255ab1a5b90961ec063c54cb3f79876d20c5330

Download Submit
C:\Windows\system\WyFbkSj.exe

Filesize
6.0MB

MD5
f2e6aec35e3f1aed7c847d2540950614

SHA1
7942f24567344d736696ce54c4cd99c43239e932

SHA256
6f0dceea7468f6a0d5fa1c6ea66c698a79922e9151b175f0cd9a93e78a4954cb

SHA512
24a36db5da6973ea12b85c8ef1b749954931eae92e546d1e6544f1a6010b03313f8ea27b9988fc4e481c3b673f9bd1c9e7286449ffdc61e3632d30f07fadeb5f

Download Submit
C:\Windows\system\XqJmEiz.exe

Filesize
6.0MB

MD5
f69e1c9c3906e0f82e5d7b5a69553222

SHA1
00239f6bd105d5eff98ec0d8a0ecea6e348aeac0

SHA256
462ea7b7c3b8aa508b99a8b7ee876588305e40ae19e1c1715807ba99dafb346a

SHA512
1e7e72e61d3dcf432f476d65f2ab9704f9c0335ee8375347b46dc3f27fe0615c786f418ab6590bd5d72ab90fdc692988553e994bc07c4ae0f35bd4435ccf0673

Download Submit
C:\Windows\system\YLHQFsm.exe

Filesize
6.0MB

MD5
081d76a1c3e2af8d8b3604692b06bd65

SHA1
b6bcbb445b74301b9554e8f8bbf56b46394f1d5b

SHA256
454b5bd5f742f5c562f0682aa57a05c8974dfc26a522416cd30cb21cc6b0806b

SHA512
1a8a96c046d9e57b72c299c4b34d624bf3ead52a9ff94031d6344bb764f3680de02c6e621904ca2942b5295ee43ec5fdf99a7d6888b3de33b85d427c56a62177

Download Submit
C:\Windows\system\YznLZFy.exe

Filesize
6.0MB

MD5
b96fc68a143c8055a9374c1bdf889a93

SHA1
f85dc0f19303aa264b41c2cbf3a26a64e37c58a1

SHA256
8dbd37f07511f42e7f8d686dbee7dd58b26519193040d6f8fdf63b8d8b722110

SHA512
12e6285c6b09194bc3aa7de58ee922fd23db7e5da2d859da480c635d6ef193973c3aea4c9258abd9959693f6ad5bf2c4380fe3fdb6a0499009d26335cf90ee2b

Download Submit
C:\Windows\system\fpFTBJq.exe

Filesize
6.0MB

MD5
7ab6de2065c4bf89a7080661c10efcba

SHA1
1fd8f53e2c499a4b4885a0a571f74d90d395190d

SHA256
749912fbe2b01669c7cecb98e1bb31f24fd928e56b39a62e886894296fa0da29

SHA512
5b7a407bceebedb1746cda5ced0ef5337263a59d599fa07d8584e8ab913fc7f4aa15ca952f2c1dde6ef6a546c4b6477dad1e0a6050cba8e693cbf55819149311

Download Submit
C:\Windows\system\gcxudjU.exe

Filesize
6.0MB

MD5
569f9b661d5eccb5085706a8041c2bd9

SHA1
051e141d4c7cd1fca381848bbda6dabb9c4097f2

SHA256
c9fa5b7f9d940a570114705998d816f3ccd07ec167ab2c7288cf462f8fef144e

SHA512
050ce340fd0686699402884bffed91a04466a1167af047a18d0517026f21028686e7188d409893d1bde1c825fddb8915be55f1a7af9fa186cb92f4422ac1f6ef

Download Submit
C:\Windows\system\hReeJAr.exe

Filesize
6.0MB

MD5
b23a8a2c1c38acbc3edaf8671e64d922

SHA1
44ab23932c4d5a5722d8e949cc2d53ad57ea2e61

SHA256
5304d7820be6f8f7c43f5637ca76512d507c95b9b5b84304cfc0730f4a3324e9

SHA512
bb8499bc2ede98678401ee23f8da7fe7e416447f3240c0a6c7cacbbfbb3a7a97c07e0e659058c2725b90359801baf29f59e979b742e2a6fa6a036d5fc1ce138b

Download Submit
C:\Windows\system\jdVtVAE.exe

Filesize
6.0MB

MD5
e9a2cba418278083054fe63e0b45cffb

SHA1
44ff09d1028cb5f63d0a1c4273329004d8d94853

SHA256
aa61b32a367081c1559ae4586429a78666e17ec1fdb25215852ade722f490f88

SHA512
1dedcacedc157e85e56ecdb36aed26cfa9ac012699bf14715081656a5a4f4a848b877159535f2692e976369c5821e96979d7591e9fe03914d2585d256bc1d522

Download Submit
C:\Windows\system\jfxKLWw.exe

Filesize
6.0MB

MD5
88656e2df0712db65cfe2aaf5e839c8a

SHA1
094b7648b9f2ba9a713f2b880c426c247f9733be

SHA256
aa4c863727a62a8e7bcde415f4cc4424e5805af5242fae278db86b40a6ac80d5

SHA512
47cd91805275523b39147c0f442af60b235a304cf4d22c931aac5cabd937ad59ea209df826b2f5dbbf9febdde0ca1e9002b54c08bf4fda02f1d31d82226a7c95

Download Submit
C:\Windows\system\jwuCyem.exe

Filesize
6.0MB

MD5
f860fe0c5a02377c783a1481343a94ce

SHA1
384c6ff4646ca93a9650f6da91048ee7e09795ac

SHA256
c23e66a82b53a1fe7a77ec240eb253f275379788a04f32840a864a6a56757d47

SHA512
61b56e4c46e75d4a33d6e3c336e735a66736f19ce128f0cc180fe2bf760e02fd62db218a04166bcdc79a30d7598e6a54b6025d2307efde356a4abd31f971c4c7

Download Submit
C:\Windows\system\kFgZhbu.exe

Filesize
6.0MB

MD5
e393024c8caca2609b72073079b1d12e

SHA1
8480b216984e36bd1f212cd246d13fced51587a7

SHA256
b199f1bc825884ee368ecdfee4b17fbe60f1a44a3bcb98322135a6b5ec93cf99

SHA512
6e5e93c64d22d8249a3056360d51500a4aba9ce3c1127f85228d0531a9a707e1fc02b2ad3274999a5441cc556d5dea348b00e4637eb13ee1321c5c4b93fc6cc7

Download Submit
C:\Windows\system\lSESmvn.exe

Filesize
8B

MD5
86a32dd7a6cda56b5d0b5b6908906d1b

SHA1
12b1f9dcb13a1d7ad45d84b81ba2500fa910b8a3

SHA256
9353e58ec7b55ffdc7e0c9abedd18bf411f6acb3f7c6a6b68dd7fe0f16adc1bf

SHA512
a6ea811e282410cff38638390a537888d9006eb26ea91dc4c8b54deb41d862f882b1bd7194e8c5a5c611795e3b78cbd538bd9ea54447df506ae2673405fb188a

Download Submit
C:\Windows\system\pPlhytb.exe

Filesize
6.0MB

MD5
b70fdc190dabce5731a25884ae687d29

SHA1
e0c44e14c186cbf621d0bc01f9c175b3d88ff86a

SHA256
85e57541ce5ba554e97ddd99cb1cd6d8265ab378e5d9bc6313985e88ffd56c01

SHA512
ee26e8f7e16aa5460252a081e5df8c5847f4122448d4caca588b7bf2bd3d69797791bbe22c59baf22ecc7c1c302986db5664575e9b49167877c6abd8e0ededbf

Download Submit
C:\Windows\system\qZXflCH.exe

Filesize
6.0MB

MD5
cfb99d9324935634cf86ef182100ec1f

SHA1
14099b2526bfd7926aa6ac11917edb85a1a58789

SHA256
4f9bf66c17494c01b10e7071216b0f4c8cd7763e92cb45dd2722b4094357fb7b

SHA512
dbe0eeb959f8a77b1af288b6633f5144309ee394748d6f5dd8bff9f7a5542dfaa8650c0acb1904f9e00a5a1843790629a610305e6608d64a4bd7e40c707364c0

Download Submit
C:\Windows\system\sQGWbgb.exe

Filesize
6.0MB

MD5
7215dbeb5ff0173d9d99a35ed6fb7c26

SHA1
0162ce1a8ed59878c00b2cda0cb640823ee8704c

SHA256
01211cce5bf4b59c34a2ceed07aff7ee3648ff68754a7d5cb28b9a443e143401

SHA512
a30757614c25678df4e2e7db36309aabdd11b2564ab9e7fdbf22fcdb03a7db31db3d366d50edf65de5591508d023d1fecb596b1c7c90291aa9ad5d5b20a89619

Download Submit
C:\Windows\system\vsQbwXH.exe

Filesize
6.0MB

MD5
3430137ec387f501948c0f45e1940c00

SHA1
64adaff87da7836ba0eb8e4bc50d4b9095840dee

SHA256
5ca8bf7f7ca9e8ee8b4b144fef6387e99ecc2058af73be200f1ad5058b9330fd

SHA512
7b0bcdd0578f5dba9fd04e8711c70beb785ad0ce3f6f412a9581f201b36cbf3b0160e909af80c6dce9a5d9140df54dd2a99ddc23d9340d888408eff182b652be

Download Submit
C:\Windows\system\xvimaaB.exe

Filesize
6.0MB

MD5
6afa6298cf8f4e0833a00eab9b632532

SHA1
4ffb422e5df8a35fe2d87e22aeee8c066809c8a8

SHA256
0d9b9b040c3cabca5774f193a71f2ce5d9793a7c4cbea50f0fc29dc1de697479

SHA512
5e34d379519b888e4b3945aa6fa297d4fe062c7a265af856c796957f4b230d26427f5dfbac3c5a16a20628ba095041517d40354044bb2f71583596c8f7f79a19

Download Submit
C:\Windows\system\yOPMWPm.exe

Filesize
6.0MB

MD5
c2c9ff34ef42ee3a4b9f21ac1912984a

SHA1
ad63f2b2f1023092ffa8d4091a3f66ccb3bcb57e

SHA256
145032861fcff57378c18dec66b6563ba1405110c7203f47bb089c5f32591b7e

SHA512
1f931b05aaeb46f617521bca14279f7c31a8000abadd35fcd20c38d48542f30b1662825aa9497aedcdfac0a4ad58683564cdc76d50b40c251bd672b2156a37ce

Download Submit
\Windows\system\DtamPmv.exe

Filesize
6.0MB

MD5
6eaaff679f6df54c180f121683bbe79d

SHA1
bf6f6eb4116e2637b40e8816e1431955c0834549

SHA256
da67fa68a702965e230836a7a054f0595204811e57a4abd72256e45466d2fdd1

SHA512
c95b5fe1733c88ee2e8e0cba2d218d36dd35bf719a00f358b2114e8f22e8bf8983c9cf642eab54e9631d71674897d648ca9d556381f686ff2de6314dd8ff58b0

Download Submit
\Windows\system\cQYsnzy.exe

Filesize
6.0MB

MD5
832ad606d3ae483204b780c16b650c09

SHA1
9dab72c2d470f602122ede6057e10d0c21a9cc78

SHA256
41b574552f6f395ed855c5a5ab688c85bbeb1294254886d47c13f3a88958eca9

SHA512
57702205b738565db8ecf06f1e01ddfe3dfd25dddf056d01cea010c7698c1e94d2e1b98f84a7577dea539710f386294c6d6d96836beb8d1cefe3b70e1c9bb021

Download Submit
\Windows\system\xCmftnc.exe

Filesize
6.0MB

MD5
d66d93095861135b0c009bef5e09f4f7

SHA1
ff3b48b9e5339f35e482c70d69573956e55f2798

SHA256
d26505b8725ab2feefe95f6c0496f1c1858c3cb37f2d8775cdc52aafb6b48d8b

SHA512
f1b0536298d3e4277de0d356a5d3b343bf0c750f48143b8b0470a5c86aa4d4d889b721e4e861554eabeb79ec156b223f61e0bab4e4606bc8e57b2e80fe0a3bbd

Download Submit
memory/272-111-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/272-21-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/272-278-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/272-421-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/272-1-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/272-583-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/272-30-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/272-762-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/272-914-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/272-6-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/272-25-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/272-45-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/272-41-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/272-112-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/272-0-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/272-54-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/272-61-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/272-103-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/272-102-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/272-69-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/272-78-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/272-94-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/272-93-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/272-26-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/272-85-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1068-107-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1068-3266-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1068-821-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1176-3230-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1176-49-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1176-19-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1864-89-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1864-3244-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1864-50-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1900-32-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1900-3237-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1900-68-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2092-15-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-3238-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-48-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3247-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2460-81-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2460-363-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2524-90-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-489-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3249-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-74-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2632-204-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3246-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2776-43-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3368-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3248-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2804-106-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2804-64-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3235-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2920-73-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2920-34-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2956-36-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2956-77-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3250-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3008-674-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3267-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/3008-98-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/3056-3231-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/3056-57-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/3056-97-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download