cobaltstrike | b10d0c4c4e18b2eb67a73545ad31cfacf2f7a4aa24d32d62c2687af8a347035a

Analysis

max time kernel
126s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/12/2024, 07:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

23e9e1f97bc4152f60af547730949149
SHA1

e321c3da941a5bb5f1ea286d1d9220ff34b545db
SHA256

b10d0c4c4e18b2eb67a73545ad31cfacf2f7a4aa24d32d62c2687af8a347035a
SHA512

b458bb591bb0ab4231785a88980b68fae5467bf8e220f2511b58af7e6fb484ed85c620f494b75958539d362e9516528b0bb4f2bb321994ad9e0f58464fd25e95
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUs:eOl56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0005000000010300-6.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000018617-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018636-17.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001907c-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-27.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001919c-31.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000191ad-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019c0b-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a470-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-51.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193a8-42.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2080-0-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x0005000000010300-6.dat	xmrig
behavioral1/files/0x000b000000018617-8.dat	xmrig
behavioral1/files/0x0007000000018636-17.dat	xmrig
behavioral1/files/0x000700000001907c-22.dat	xmrig
behavioral1/files/0x0007000000019080-27.dat	xmrig
behavioral1/files/0x000600000001919c-31.dat	xmrig
behavioral1/files/0x00090000000191ad-37.dat	xmrig
behavioral1/files/0x0006000000019c0b-46.dat	xmrig
behavioral1/files/0x0005000000019f71-71.dat	xmrig
behavioral1/files/0x000500000001a020-76.dat	xmrig
behavioral1/files/0x000500000001a445-129.dat	xmrig
behavioral1/files/0x000500000001a463-151.dat	xmrig
behavioral1/memory/2664-631-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2604-641-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2080-1774-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2080-1791-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2080-1693-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2980-773-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2568-643-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2596-639-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/1816-649-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2196-647-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2080-646-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2956-637-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2632-645-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2852-635-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2564-633-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2764-629-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2708-626-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2372-624-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a470-162.dat	xmrig
behavioral1/files/0x000500000001a46d-156.dat	xmrig
behavioral1/files/0x000500000001a454-145.dat	xmrig
behavioral1/files/0x000500000001a452-141.dat	xmrig
behavioral1/files/0x000500000001a447-135.dat	xmrig
behavioral1/files/0x000500000001a423-125.dat	xmrig
behavioral1/files/0x000500000001a3ed-121.dat	xmrig
behavioral1/files/0x000500000001a3e8-108.dat	xmrig
behavioral1/files/0x000500000001a3ea-114.dat	xmrig
behavioral1/files/0x000500000001a3e6-106.dat	xmrig
behavioral1/files/0x000500000001a3e4-102.dat	xmrig
behavioral1/files/0x000500000001a2fc-96.dat	xmrig
behavioral1/files/0x000500000001a2b9-91.dat	xmrig
behavioral1/files/0x000500000001a05a-86.dat	xmrig
behavioral1/files/0x000500000001a033-81.dat	xmrig
behavioral1/files/0x0005000000019f57-66.dat	xmrig
behavioral1/files/0x0005000000019d69-61.dat	xmrig
behavioral1/files/0x0005000000019d5c-56.dat	xmrig
behavioral1/files/0x0005000000019cfc-51.dat	xmrig
behavioral1/files/0x00080000000193a8-42.dat	xmrig
behavioral1/memory/2372-3346-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2980-3337-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2852-3363-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2956-3362-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2664-3341-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2596-3368-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2196-3390-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2632-3389-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1816-3572-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2604-3411-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2568-3376-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2708-3336-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2564-3335-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2980	qLyTAcY.exe
2372	lRjoOaD.exe
2708	uYjRDpR.exe
2764	fqiUcLb.exe
2664	ewjiPSb.exe
2564	jfZIyCc.exe
2852	EkUEHpF.exe
2956	hddKzZS.exe
2596	QtaoALb.exe
2604	TztFjCh.exe
2568	pSqDdYt.exe
2632	XMhpeyN.exe
2196	XeKSRMB.exe
1816	jyNnVqk.exe
1468	VqmmZOr.exe
2820	IpmeSKr.exe
1556	GoRcyYi.exe
1560	kdvqoPk.exe
908	twtvKmO.exe
2940	DsvEvOj.exe
2376	LmrvprK.exe
1368	xerzzzs.exe
344	dWaWHxo.exe
2160	ZWlggdN.exe
1092	moSaMbO.exe
2312	vKmXrhQ.exe
1028	uVqNgUE.exe
2152	XaWIDIH.exe
440	LNCGjlP.exe
2876	jqRUUwo.exe
2792	tlDDwfL.exe
820	tiYmHej.exe
2168	hdegsiv.exe
1084	ZVjftcl.exe
1620	bMykKum.exe
2216	VOwmNBS.exe
2172	cNCqhec.exe
1636	UNvyqFc.exe
1532	swzEclO.exe
236	AjhtjHa.exe
1588	ZBYyNOJ.exe
1720	YQTEhxH.exe
900	SpmmsZD.exe
2248	hhRzysj.exe
2108	EtXiAyz.exe
756	AQWmMlI.exe
1036	BJGRJst.exe
2112	erxfjVd.exe
1680	hEDQkZT.exe
1828	lUtFnqJ.exe
3048	tgnrRoj.exe
1876	lgIlnse.exe
2320	biBExXP.exe
1756	lZRLBzn.exe
1740	vlTCIjG.exe
2488	RccJQMb.exe
2524	HQeBTIe.exe
108	yADWdbd.exe
1580	paZtjUA.exe
1056	JAdTtkc.exe
2832	yKGLZYU.exe
2844	JLKVTLZ.exe
2840	RnAoBEX.exe
2724	yHPkZJY.exe

Loads dropped DLL 64 IoCs

pid	Process
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2080-0-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x0005000000010300-6.dat	upx
behavioral1/files/0x000b000000018617-8.dat	upx
behavioral1/files/0x0007000000018636-17.dat	upx
behavioral1/files/0x000700000001907c-22.dat	upx
behavioral1/files/0x0007000000019080-27.dat	upx
behavioral1/files/0x000600000001919c-31.dat	upx
behavioral1/files/0x00090000000191ad-37.dat	upx
behavioral1/files/0x0006000000019c0b-46.dat	upx
behavioral1/files/0x0005000000019f71-71.dat	upx
behavioral1/files/0x000500000001a020-76.dat	upx
behavioral1/files/0x000500000001a445-129.dat	upx
behavioral1/files/0x000500000001a463-151.dat	upx
behavioral1/memory/2664-631-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2604-641-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2080-1693-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2980-773-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2568-643-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2596-639-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/1816-649-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2196-647-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2956-637-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2632-645-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2852-635-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2564-633-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2764-629-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2708-626-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2372-624-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x000500000001a470-162.dat	upx
behavioral1/files/0x000500000001a46d-156.dat	upx
behavioral1/files/0x000500000001a454-145.dat	upx
behavioral1/files/0x000500000001a452-141.dat	upx
behavioral1/files/0x000500000001a447-135.dat	upx
behavioral1/files/0x000500000001a423-125.dat	upx
behavioral1/files/0x000500000001a3ed-121.dat	upx
behavioral1/files/0x000500000001a3e8-108.dat	upx
behavioral1/files/0x000500000001a3ea-114.dat	upx
behavioral1/files/0x000500000001a3e6-106.dat	upx
behavioral1/files/0x000500000001a3e4-102.dat	upx
behavioral1/files/0x000500000001a2fc-96.dat	upx
behavioral1/files/0x000500000001a2b9-91.dat	upx
behavioral1/files/0x000500000001a05a-86.dat	upx
behavioral1/files/0x000500000001a033-81.dat	upx
behavioral1/files/0x0005000000019f57-66.dat	upx
behavioral1/files/0x0005000000019d69-61.dat	upx
behavioral1/files/0x0005000000019d5c-56.dat	upx
behavioral1/files/0x0005000000019cfc-51.dat	upx
behavioral1/files/0x00080000000193a8-42.dat	upx
behavioral1/memory/2372-3346-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2980-3337-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2852-3363-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2956-3362-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2664-3341-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2596-3368-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2196-3390-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2632-3389-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1816-3572-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2604-3411-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2568-3376-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2708-3336-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2564-3335-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2764-3328-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rbqPCPF.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJxJMIZ.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjCeQuo.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdDvwVn.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWBTgGP.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvCmtgI.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFeciUe.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbiilkT.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAERVSf.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acyPNFT.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtVNTFu.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DklDHHm.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMBVCFh.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEYoUKp.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umEzjIY.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjGiDUI.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRKOXxO.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzdCUsz.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbTcugU.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNCFBPc.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWokTGm.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNfwQxk.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PptagyI.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRkolAa.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZldALb.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyIBxjf.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Npxseli.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmWBinH.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwpmyRu.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcKazkQ.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXevage.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTriHyN.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIGWkbv.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfbykBn.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChEhPLm.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPOcMpI.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDzVfnk.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQFQNTQ.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNCqhec.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjyVXxd.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kIFeOmx.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcXwOoP.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaEhynu.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhJlcRj.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUTxZVr.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWKgags.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPrKzLk.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIWWqdg.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVXHHkL.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfQLwwg.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuCsLPH.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPmxlMS.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPPmzwP.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXtauTp.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQRVErX.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHtaQgL.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVBltXg.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BinkDTx.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcYLJOX.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fynWeWJ.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUBIbAu.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgOhCVP.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjDOuYm.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybKTIHF.exe	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2980	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 2980	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 2980	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 2372	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2372	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2372	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2708	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2708	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2708	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2764	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2764	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2764	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2664	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2664	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2664	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 2564	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2564	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2564	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 2852	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2852	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2852	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2956	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2956	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2956	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2596	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2596	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2596	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2604	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2604	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2604	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2568	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 2568	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 2568	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 2632	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 2632	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 2632	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 2196	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 2196	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 2196	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 1816	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 1816	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 1816	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 1468	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 1468	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 1468	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 2820	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 2820	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 2820	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 1556	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 1556	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 1556	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 1560	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 1560	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 1560	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 908	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 908	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 908	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 2940	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 2940	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 2940	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 2376	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2376	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2376	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 344	2080	2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_23e9e1f97bc4152f60af547730949149_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\System\qLyTAcY.exe
  C:\Windows\System\qLyTAcY.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\lRjoOaD.exe
  C:\Windows\System\lRjoOaD.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\uYjRDpR.exe
  C:\Windows\System\uYjRDpR.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\fqiUcLb.exe
  C:\Windows\System\fqiUcLb.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ewjiPSb.exe
  C:\Windows\System\ewjiPSb.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\jfZIyCc.exe
  C:\Windows\System\jfZIyCc.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\EkUEHpF.exe
  C:\Windows\System\EkUEHpF.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\hddKzZS.exe
  C:\Windows\System\hddKzZS.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\QtaoALb.exe
  C:\Windows\System\QtaoALb.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\TztFjCh.exe
  C:\Windows\System\TztFjCh.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\pSqDdYt.exe
  C:\Windows\System\pSqDdYt.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\XMhpeyN.exe
  C:\Windows\System\XMhpeyN.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\XeKSRMB.exe
  C:\Windows\System\XeKSRMB.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\jyNnVqk.exe
  C:\Windows\System\jyNnVqk.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\VqmmZOr.exe
  C:\Windows\System\VqmmZOr.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\IpmeSKr.exe
  C:\Windows\System\IpmeSKr.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\GoRcyYi.exe
  C:\Windows\System\GoRcyYi.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\kdvqoPk.exe
  C:\Windows\System\kdvqoPk.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\twtvKmO.exe
  C:\Windows\System\twtvKmO.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\DsvEvOj.exe
  C:\Windows\System\DsvEvOj.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\LmrvprK.exe
  C:\Windows\System\LmrvprK.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\dWaWHxo.exe
  C:\Windows\System\dWaWHxo.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\xerzzzs.exe
  C:\Windows\System\xerzzzs.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\ZWlggdN.exe
  C:\Windows\System\ZWlggdN.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\moSaMbO.exe
  C:\Windows\System\moSaMbO.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\vKmXrhQ.exe
  C:\Windows\System\vKmXrhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\uVqNgUE.exe
  C:\Windows\System\uVqNgUE.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\XaWIDIH.exe
  C:\Windows\System\XaWIDIH.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\LNCGjlP.exe
  C:\Windows\System\LNCGjlP.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\jqRUUwo.exe
  C:\Windows\System\jqRUUwo.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\tlDDwfL.exe
  C:\Windows\System\tlDDwfL.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\tiYmHej.exe
  C:\Windows\System\tiYmHej.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\hdegsiv.exe
  C:\Windows\System\hdegsiv.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ZVjftcl.exe
  C:\Windows\System\ZVjftcl.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\bMykKum.exe
  C:\Windows\System\bMykKum.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\VOwmNBS.exe
  C:\Windows\System\VOwmNBS.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\cNCqhec.exe
  C:\Windows\System\cNCqhec.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\UNvyqFc.exe
  C:\Windows\System\UNvyqFc.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\swzEclO.exe
  C:\Windows\System\swzEclO.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\AjhtjHa.exe
  C:\Windows\System\AjhtjHa.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\ZBYyNOJ.exe
  C:\Windows\System\ZBYyNOJ.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\YQTEhxH.exe
  C:\Windows\System\YQTEhxH.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\SpmmsZD.exe
  C:\Windows\System\SpmmsZD.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\hhRzysj.exe
  C:\Windows\System\hhRzysj.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\EtXiAyz.exe
  C:\Windows\System\EtXiAyz.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\AQWmMlI.exe
  C:\Windows\System\AQWmMlI.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\BJGRJst.exe
  C:\Windows\System\BJGRJst.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\erxfjVd.exe
  C:\Windows\System\erxfjVd.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\hEDQkZT.exe
  C:\Windows\System\hEDQkZT.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\lUtFnqJ.exe
  C:\Windows\System\lUtFnqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\tgnrRoj.exe
  C:\Windows\System\tgnrRoj.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\lgIlnse.exe
  C:\Windows\System\lgIlnse.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\biBExXP.exe
  C:\Windows\System\biBExXP.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\lZRLBzn.exe
  C:\Windows\System\lZRLBzn.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\vlTCIjG.exe
  C:\Windows\System\vlTCIjG.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\RccJQMb.exe
  C:\Windows\System\RccJQMb.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\HQeBTIe.exe
  C:\Windows\System\HQeBTIe.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\yADWdbd.exe
  C:\Windows\System\yADWdbd.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\paZtjUA.exe
  C:\Windows\System\paZtjUA.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\JAdTtkc.exe
  C:\Windows\System\JAdTtkc.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\yKGLZYU.exe
  C:\Windows\System\yKGLZYU.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\JLKVTLZ.exe
  C:\Windows\System\JLKVTLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\RnAoBEX.exe
  C:\Windows\System\RnAoBEX.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\yHPkZJY.exe
  C:\Windows\System\yHPkZJY.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\owzrYXf.exe
  C:\Windows\System\owzrYXf.exe
  2⤵
  PID:2588
- C:\Windows\System\pFUlhcN.exe
  C:\Windows\System\pFUlhcN.exe
  2⤵
  PID:1328
- C:\Windows\System\BIKylVB.exe
  C:\Windows\System\BIKylVB.exe
  2⤵
  PID:2120
- C:\Windows\System\uITYSbP.exe
  C:\Windows\System\uITYSbP.exe
  2⤵
  PID:2796
- C:\Windows\System\BQtlefn.exe
  C:\Windows\System\BQtlefn.exe
  2⤵
  PID:1824
- C:\Windows\System\NTFSbHp.exe
  C:\Windows\System\NTFSbHp.exe
  2⤵
  PID:2540
- C:\Windows\System\zkWtrHj.exe
  C:\Windows\System\zkWtrHj.exe
  2⤵
  PID:2936
- C:\Windows\System\syZVKtf.exe
  C:\Windows\System\syZVKtf.exe
  2⤵
  PID:1948
- C:\Windows\System\fTIPYZM.exe
  C:\Windows\System\fTIPYZM.exe
  2⤵
  PID:464
- C:\Windows\System\adAAUYF.exe
  C:\Windows\System\adAAUYF.exe
  2⤵
  PID:2212
- C:\Windows\System\BfohqyN.exe
  C:\Windows\System\BfohqyN.exe
  2⤵
  PID:1432
- C:\Windows\System\pCyTlkB.exe
  C:\Windows\System\pCyTlkB.exe
  2⤵
  PID:792
- C:\Windows\System\GnWCLHX.exe
  C:\Windows\System\GnWCLHX.exe
  2⤵
  PID:1060
- C:\Windows\System\ZZBfcNq.exe
  C:\Windows\System\ZZBfcNq.exe
  2⤵
  PID:948
- C:\Windows\System\HkFIqQq.exe
  C:\Windows\System\HkFIqQq.exe
  2⤵
  PID:1304
- C:\Windows\System\CaXZCvF.exe
  C:\Windows\System\CaXZCvF.exe
  2⤵
  PID:1284
- C:\Windows\System\gPPmzwP.exe
  C:\Windows\System\gPPmzwP.exe
  2⤵
  PID:492
- C:\Windows\System\xVHXgEV.exe
  C:\Windows\System\xVHXgEV.exe
  2⤵
  PID:1864
- C:\Windows\System\ziAifaf.exe
  C:\Windows\System\ziAifaf.exe
  2⤵
  PID:2900
- C:\Windows\System\FqMkRlA.exe
  C:\Windows\System\FqMkRlA.exe
  2⤵
  PID:1944
- C:\Windows\System\pyWmmuP.exe
  C:\Windows\System\pyWmmuP.exe
  2⤵
  PID:1708
- C:\Windows\System\DETiBHY.exe
  C:\Windows\System\DETiBHY.exe
  2⤵
  PID:2156
- C:\Windows\System\xlpfdie.exe
  C:\Windows\System\xlpfdie.exe
  2⤵
  PID:1248
- C:\Windows\System\BNTNMIc.exe
  C:\Windows\System\BNTNMIc.exe
  2⤵
  PID:2316
- C:\Windows\System\WNvAFjK.exe
  C:\Windows\System\WNvAFjK.exe
  2⤵
  PID:2184
- C:\Windows\System\UuMcDDc.exe
  C:\Windows\System\UuMcDDc.exe
  2⤵
  PID:2516
- C:\Windows\System\YwThfjD.exe
  C:\Windows\System\YwThfjD.exe
  2⤵
  PID:788
- C:\Windows\System\PDxtscj.exe
  C:\Windows\System\PDxtscj.exe
  2⤵
  PID:2460
- C:\Windows\System\rWtbWWJ.exe
  C:\Windows\System\rWtbWWJ.exe
  2⤵
  PID:1552
- C:\Windows\System\qQkGxcC.exe
  C:\Windows\System\qQkGxcC.exe
  2⤵
  PID:2652
- C:\Windows\System\EWbreNo.exe
  C:\Windows\System\EWbreNo.exe
  2⤵
  PID:2436
- C:\Windows\System\XPHRHJT.exe
  C:\Windows\System\XPHRHJT.exe
  2⤵
  PID:2996
- C:\Windows\System\GoEiclJ.exe
  C:\Windows\System\GoEiclJ.exe
  2⤵
  PID:2584
- C:\Windows\System\BZXjtnP.exe
  C:\Windows\System\BZXjtnP.exe
  2⤵
  PID:2552
- C:\Windows\System\SvXbZdq.exe
  C:\Windows\System\SvXbZdq.exe
  2⤵
  PID:1640
- C:\Windows\System\fiDAIlR.exe
  C:\Windows\System\fiDAIlR.exe
  2⤵
  PID:1488
- C:\Windows\System\BCoHUpq.exe
  C:\Windows\System\BCoHUpq.exe
  2⤵
  PID:532
- C:\Windows\System\leUvnJU.exe
  C:\Windows\System\leUvnJU.exe
  2⤵
  PID:2136
- C:\Windows\System\QAeSiTt.exe
  C:\Windows\System\QAeSiTt.exe
  2⤵
  PID:2000
- C:\Windows\System\HsQQrvb.exe
  C:\Windows\System\HsQQrvb.exe
  2⤵
  PID:2500
- C:\Windows\System\pjeFHNu.exe
  C:\Windows\System\pjeFHNu.exe
  2⤵
  PID:1152
- C:\Windows\System\djXBZJx.exe
  C:\Windows\System\djXBZJx.exe
  2⤵
  PID:872
- C:\Windows\System\EwBOotQ.exe
  C:\Windows\System\EwBOotQ.exe
  2⤵
  PID:1272
- C:\Windows\System\QruKQaL.exe
  C:\Windows\System\QruKQaL.exe
  2⤵
  PID:860
- C:\Windows\System\fBqiXJt.exe
  C:\Windows\System\fBqiXJt.exe
  2⤵
  PID:1628
- C:\Windows\System\bEyipln.exe
  C:\Windows\System\bEyipln.exe
  2⤵
  PID:988
- C:\Windows\System\TmqOyVO.exe
  C:\Windows\System\TmqOyVO.exe
  2⤵
  PID:1984
- C:\Windows\System\SefEecJ.exe
  C:\Windows\System\SefEecJ.exe
  2⤵
  PID:888
- C:\Windows\System\CpDcZhP.exe
  C:\Windows\System\CpDcZhP.exe
  2⤵
  PID:2292
- C:\Windows\System\mArbBjV.exe
  C:\Windows\System\mArbBjV.exe
  2⤵
  PID:2076
- C:\Windows\System\YKFWTpn.exe
  C:\Windows\System\YKFWTpn.exe
  2⤵
  PID:1584
- C:\Windows\System\ezTjlmV.exe
  C:\Windows\System\ezTjlmV.exe
  2⤵
  PID:2784
- C:\Windows\System\JXNdlkG.exe
  C:\Windows\System\JXNdlkG.exe
  2⤵
  PID:2672
- C:\Windows\System\uBUlTMh.exe
  C:\Windows\System\uBUlTMh.exe
  2⤵
  PID:2740
- C:\Windows\System\IgofMqd.exe
  C:\Windows\System\IgofMqd.exe
  2⤵
  PID:3008
- C:\Windows\System\iNNJNXC.exe
  C:\Windows\System\iNNJNXC.exe
  2⤵
  PID:2148
- C:\Windows\System\UxbXLED.exe
  C:\Windows\System\UxbXLED.exe
  2⤵
  PID:3088
- C:\Windows\System\tpKYYzb.exe
  C:\Windows\System\tpKYYzb.exe
  2⤵
  PID:3108
- C:\Windows\System\JOYmFlZ.exe
  C:\Windows\System\JOYmFlZ.exe
  2⤵
  PID:3128
- C:\Windows\System\WAABJUw.exe
  C:\Windows\System\WAABJUw.exe
  2⤵
  PID:3148
- C:\Windows\System\mvjIORd.exe
  C:\Windows\System\mvjIORd.exe
  2⤵
  PID:3164
- C:\Windows\System\OSJoukj.exe
  C:\Windows\System\OSJoukj.exe
  2⤵
  PID:3192
- C:\Windows\System\zOivwJb.exe
  C:\Windows\System\zOivwJb.exe
  2⤵
  PID:3208
- C:\Windows\System\DpTQhaW.exe
  C:\Windows\System\DpTQhaW.exe
  2⤵
  PID:3228
- C:\Windows\System\TNbvlFs.exe
  C:\Windows\System\TNbvlFs.exe
  2⤵
  PID:3252
- C:\Windows\System\mMXRibX.exe
  C:\Windows\System\mMXRibX.exe
  2⤵
  PID:3268
- C:\Windows\System\AuCtdQV.exe
  C:\Windows\System\AuCtdQV.exe
  2⤵
  PID:3284
- C:\Windows\System\YhUttSl.exe
  C:\Windows\System\YhUttSl.exe
  2⤵
  PID:3312
- C:\Windows\System\QHMoFcO.exe
  C:\Windows\System\QHMoFcO.exe
  2⤵
  PID:3328
- C:\Windows\System\NKYZkvk.exe
  C:\Windows\System\NKYZkvk.exe
  2⤵
  PID:3348
- C:\Windows\System\toNbwOY.exe
  C:\Windows\System\toNbwOY.exe
  2⤵
  PID:3368
- C:\Windows\System\gmegbGC.exe
  C:\Windows\System\gmegbGC.exe
  2⤵
  PID:3384
- C:\Windows\System\jkCSodj.exe
  C:\Windows\System\jkCSodj.exe
  2⤵
  PID:3412
- C:\Windows\System\mFYSzVU.exe
  C:\Windows\System\mFYSzVU.exe
  2⤵
  PID:3432
- C:\Windows\System\tjguNlQ.exe
  C:\Windows\System\tjguNlQ.exe
  2⤵
  PID:3448
- C:\Windows\System\NfiypAC.exe
  C:\Windows\System\NfiypAC.exe
  2⤵
  PID:3472
- C:\Windows\System\xOsOYOZ.exe
  C:\Windows\System\xOsOYOZ.exe
  2⤵
  PID:3488
- C:\Windows\System\VMJUEBe.exe
  C:\Windows\System\VMJUEBe.exe
  2⤵
  PID:3508
- C:\Windows\System\onLPwPu.exe
  C:\Windows\System\onLPwPu.exe
  2⤵
  PID:3528
- C:\Windows\System\MOqYQEz.exe
  C:\Windows\System\MOqYQEz.exe
  2⤵
  PID:3548
- C:\Windows\System\ViRtdbW.exe
  C:\Windows\System\ViRtdbW.exe
  2⤵
  PID:3568
- C:\Windows\System\qEYoUKp.exe
  C:\Windows\System\qEYoUKp.exe
  2⤵
  PID:3592
- C:\Windows\System\SftQfDH.exe
  C:\Windows\System\SftQfDH.exe
  2⤵
  PID:3612
- C:\Windows\System\eLVlbCy.exe
  C:\Windows\System\eLVlbCy.exe
  2⤵
  PID:3628
- C:\Windows\System\dEuVFZo.exe
  C:\Windows\System\dEuVFZo.exe
  2⤵
  PID:3648
- C:\Windows\System\QdEfDve.exe
  C:\Windows\System\QdEfDve.exe
  2⤵
  PID:3668
- C:\Windows\System\gUGlQXe.exe
  C:\Windows\System\gUGlQXe.exe
  2⤵
  PID:3688
- C:\Windows\System\CdrYnYr.exe
  C:\Windows\System\CdrYnYr.exe
  2⤵
  PID:3708
- C:\Windows\System\ppzbkYs.exe
  C:\Windows\System\ppzbkYs.exe
  2⤵
  PID:3732
- C:\Windows\System\Cjggxdr.exe
  C:\Windows\System\Cjggxdr.exe
  2⤵
  PID:3748
- C:\Windows\System\HxiAdNO.exe
  C:\Windows\System\HxiAdNO.exe
  2⤵
  PID:3768
- C:\Windows\System\ZEIUeVQ.exe
  C:\Windows\System\ZEIUeVQ.exe
  2⤵
  PID:3792
- C:\Windows\System\HthHkAl.exe
  C:\Windows\System\HthHkAl.exe
  2⤵
  PID:3812
- C:\Windows\System\QLKKDeh.exe
  C:\Windows\System\QLKKDeh.exe
  2⤵
  PID:3832
- C:\Windows\System\tzzEJJr.exe
  C:\Windows\System\tzzEJJr.exe
  2⤵
  PID:3848
- C:\Windows\System\mWMPyki.exe
  C:\Windows\System\mWMPyki.exe
  2⤵
  PID:3872
- C:\Windows\System\lPShCqM.exe
  C:\Windows\System\lPShCqM.exe
  2⤵
  PID:3888
- C:\Windows\System\mCozsdc.exe
  C:\Windows\System\mCozsdc.exe
  2⤵
  PID:3912
- C:\Windows\System\aIXiqxF.exe
  C:\Windows\System\aIXiqxF.exe
  2⤵
  PID:3932
- C:\Windows\System\pZaDHGS.exe
  C:\Windows\System\pZaDHGS.exe
  2⤵
  PID:3952
- C:\Windows\System\fmoHKon.exe
  C:\Windows\System\fmoHKon.exe
  2⤵
  PID:3968
- C:\Windows\System\kMkYZcu.exe
  C:\Windows\System\kMkYZcu.exe
  2⤵
  PID:3988
- C:\Windows\System\nojxIvb.exe
  C:\Windows\System\nojxIvb.exe
  2⤵
  PID:4008
- C:\Windows\System\zzkSBUO.exe
  C:\Windows\System\zzkSBUO.exe
  2⤵
  PID:4024
- C:\Windows\System\zwbtWiG.exe
  C:\Windows\System\zwbtWiG.exe
  2⤵
  PID:4044
- C:\Windows\System\bwsgXZW.exe
  C:\Windows\System\bwsgXZW.exe
  2⤵
  PID:4068
- C:\Windows\System\mQCwuWF.exe
  C:\Windows\System\mQCwuWF.exe
  2⤵
  PID:4084
- C:\Windows\System\iMaqmjy.exe
  C:\Windows\System\iMaqmjy.exe
  2⤵
  PID:660
- C:\Windows\System\vHzVZIL.exe
  C:\Windows\System\vHzVZIL.exe
  2⤵
  PID:904
- C:\Windows\System\cnBvPiM.exe
  C:\Windows\System\cnBvPiM.exe
  2⤵
  PID:3044
- C:\Windows\System\ybKTIHF.exe
  C:\Windows\System\ybKTIHF.exe
  2⤵
  PID:1372
- C:\Windows\System\vqnYzIk.exe
  C:\Windows\System\vqnYzIk.exe
  2⤵
  PID:1260
- C:\Windows\System\mWrREKx.exe
  C:\Windows\System\mWrREKx.exe
  2⤵
  PID:1928
- C:\Windows\System\gGfPJFO.exe
  C:\Windows\System\gGfPJFO.exe
  2⤵
  PID:2332
- C:\Windows\System\yxcEJiY.exe
  C:\Windows\System\yxcEJiY.exe
  2⤵
  PID:3000
- C:\Windows\System\aDFTfWb.exe
  C:\Windows\System\aDFTfWb.exe
  2⤵
  PID:2920
- C:\Windows\System\CWKVrRZ.exe
  C:\Windows\System\CWKVrRZ.exe
  2⤵
  PID:2624
- C:\Windows\System\mMGRqbR.exe
  C:\Windows\System\mMGRqbR.exe
  2⤵
  PID:1860
- C:\Windows\System\VbNtNUx.exe
  C:\Windows\System\VbNtNUx.exe
  2⤵
  PID:3096
- C:\Windows\System\jVnsxXN.exe
  C:\Windows\System\jVnsxXN.exe
  2⤵
  PID:3136
- C:\Windows\System\QOgCMLW.exe
  C:\Windows\System\QOgCMLW.exe
  2⤵
  PID:3116
- C:\Windows\System\hsjOxro.exe
  C:\Windows\System\hsjOxro.exe
  2⤵
  PID:3156
- C:\Windows\System\uEYPLtm.exe
  C:\Windows\System\uEYPLtm.exe
  2⤵
  PID:3160
- C:\Windows\System\pFrEZPm.exe
  C:\Windows\System\pFrEZPm.exe
  2⤵
  PID:3204
- C:\Windows\System\DNOrdzm.exe
  C:\Windows\System\DNOrdzm.exe
  2⤵
  PID:3264
- C:\Windows\System\xEThGfP.exe
  C:\Windows\System\xEThGfP.exe
  2⤵
  PID:3296
- C:\Windows\System\PJAirMw.exe
  C:\Windows\System\PJAirMw.exe
  2⤵
  PID:3496
- C:\Windows\System\UFIsncL.exe
  C:\Windows\System\UFIsncL.exe
  2⤵
  PID:3696
- C:\Windows\System\uCmNCxa.exe
  C:\Windows\System\uCmNCxa.exe
  2⤵
  PID:3740
- C:\Windows\System\zsPYqiE.exe
  C:\Windows\System\zsPYqiE.exe
  2⤵
  PID:3788
- C:\Windows\System\omkkskY.exe
  C:\Windows\System\omkkskY.exe
  2⤵
  PID:3824
- C:\Windows\System\JTwrlaZ.exe
  C:\Windows\System\JTwrlaZ.exe
  2⤵
  PID:3860
- C:\Windows\System\kbBqaip.exe
  C:\Windows\System\kbBqaip.exe
  2⤵
  PID:3948
- C:\Windows\System\XGKEqIh.exe
  C:\Windows\System\XGKEqIh.exe
  2⤵
  PID:3680
- C:\Windows\System\douSZbu.exe
  C:\Windows\System\douSZbu.exe
  2⤵
  PID:4056
- C:\Windows\System\JZRWGiu.exe
  C:\Windows\System\JZRWGiu.exe
  2⤵
  PID:1872
- C:\Windows\System\fOPjVvT.exe
  C:\Windows\System\fOPjVvT.exe
  2⤵
  PID:3728
- C:\Windows\System\mceHxYv.exe
  C:\Windows\System\mceHxYv.exe
  2⤵
  PID:744
- C:\Windows\System\KsNCPfj.exe
  C:\Windows\System\KsNCPfj.exe
  2⤵
  PID:568
- C:\Windows\System\lJNOueu.exe
  C:\Windows\System\lJNOueu.exe
  2⤵
  PID:3804
- C:\Windows\System\JHPoflr.exe
  C:\Windows\System\JHPoflr.exe
  2⤵
  PID:3996
- C:\Windows\System\kQIJEog.exe
  C:\Windows\System\kQIJEog.exe
  2⤵
  PID:1020
- C:\Windows\System\zesritQ.exe
  C:\Windows\System\zesritQ.exe
  2⤵
  PID:3880
- C:\Windows\System\orLBgOE.exe
  C:\Windows\System\orLBgOE.exe
  2⤵
  PID:2640
- C:\Windows\System\AVrpcnb.exe
  C:\Windows\System\AVrpcnb.exe
  2⤵
  PID:3188
- C:\Windows\System\sJuAaAt.exe
  C:\Windows\System\sJuAaAt.exe
  2⤵
  PID:3308
- C:\Windows\System\VazRZIz.exe
  C:\Windows\System\VazRZIz.exe
  2⤵
  PID:3076
- C:\Windows\System\Npxseli.exe
  C:\Windows\System\Npxseli.exe
  2⤵
  PID:4032
- C:\Windows\System\lAFbzkZ.exe
  C:\Windows\System\lAFbzkZ.exe
  2⤵
  PID:4076
- C:\Windows\System\bvMFmRJ.exe
  C:\Windows\System\bvMFmRJ.exe
  2⤵
  PID:3224
- C:\Windows\System\aEyjDab.exe
  C:\Windows\System\aEyjDab.exe
  2⤵
  PID:1724
- C:\Windows\System\sclfMQh.exe
  C:\Windows\System\sclfMQh.exe
  2⤵
  PID:3056
- C:\Windows\System\umEzjIY.exe
  C:\Windows\System\umEzjIY.exe
  2⤵
  PID:3556
- C:\Windows\System\gXabNPW.exe
  C:\Windows\System\gXabNPW.exe
  2⤵
  PID:3588
- C:\Windows\System\asfqmUZ.exe
  C:\Windows\System\asfqmUZ.exe
  2⤵
  PID:3620
- C:\Windows\System\uhLfFNG.exe
  C:\Windows\System\uhLfFNG.exe
  2⤵
  PID:3608
- C:\Windows\System\oXuWFKi.exe
  C:\Windows\System\oXuWFKi.exe
  2⤵
  PID:3776
- C:\Windows\System\YtUXVbq.exe
  C:\Windows\System\YtUXVbq.exe
  2⤵
  PID:3976
- C:\Windows\System\lAiyVbH.exe
  C:\Windows\System\lAiyVbH.exe
  2⤵
  PID:4020
- C:\Windows\System\VfegXQh.exe
  C:\Windows\System\VfegXQh.exe
  2⤵
  PID:3684
- C:\Windows\System\venCLxG.exe
  C:\Windows\System\venCLxG.exe
  2⤵
  PID:3808
- C:\Windows\System\DOLCJgF.exe
  C:\Windows\System\DOLCJgF.exe
  2⤵
  PID:4104
- C:\Windows\System\DDLoiFE.exe
  C:\Windows\System\DDLoiFE.exe
  2⤵
  PID:4120
- C:\Windows\System\kJUIzqx.exe
  C:\Windows\System\kJUIzqx.exe
  2⤵
  PID:4136
- C:\Windows\System\dfWLmMX.exe
  C:\Windows\System\dfWLmMX.exe
  2⤵
  PID:4152
- C:\Windows\System\epRKrER.exe
  C:\Windows\System\epRKrER.exe
  2⤵
  PID:4168
- C:\Windows\System\dwZEgGp.exe
  C:\Windows\System\dwZEgGp.exe
  2⤵
  PID:4184
- C:\Windows\System\YgSEStG.exe
  C:\Windows\System\YgSEStG.exe
  2⤵
  PID:4200
- C:\Windows\System\oWICZtz.exe
  C:\Windows\System\oWICZtz.exe
  2⤵
  PID:4216
- C:\Windows\System\yUDjcBD.exe
  C:\Windows\System\yUDjcBD.exe
  2⤵
  PID:4232
- C:\Windows\System\FbcWYam.exe
  C:\Windows\System\FbcWYam.exe
  2⤵
  PID:4248
- C:\Windows\System\iiNvVDK.exe
  C:\Windows\System\iiNvVDK.exe
  2⤵
  PID:4264
- C:\Windows\System\DXtPFXk.exe
  C:\Windows\System\DXtPFXk.exe
  2⤵
  PID:4280
- C:\Windows\System\UHkaGiC.exe
  C:\Windows\System\UHkaGiC.exe
  2⤵
  PID:4296
- C:\Windows\System\lUJujAa.exe
  C:\Windows\System\lUJujAa.exe
  2⤵
  PID:4316
- C:\Windows\System\VRhHLHP.exe
  C:\Windows\System\VRhHLHP.exe
  2⤵
  PID:4332
- C:\Windows\System\YHCUnex.exe
  C:\Windows\System\YHCUnex.exe
  2⤵
  PID:4348
- C:\Windows\System\fitSgrt.exe
  C:\Windows\System\fitSgrt.exe
  2⤵
  PID:4364
- C:\Windows\System\CjSNhiH.exe
  C:\Windows\System\CjSNhiH.exe
  2⤵
  PID:4380
- C:\Windows\System\hrcgiZq.exe
  C:\Windows\System\hrcgiZq.exe
  2⤵
  PID:4396
- C:\Windows\System\lTJQECA.exe
  C:\Windows\System\lTJQECA.exe
  2⤵
  PID:4412
- C:\Windows\System\FYJBJoH.exe
  C:\Windows\System\FYJBJoH.exe
  2⤵
  PID:4428
- C:\Windows\System\UWKgags.exe
  C:\Windows\System\UWKgags.exe
  2⤵
  PID:4444
- C:\Windows\System\lKwqULz.exe
  C:\Windows\System\lKwqULz.exe
  2⤵
  PID:4492
- C:\Windows\System\HOcrRTb.exe
  C:\Windows\System\HOcrRTb.exe
  2⤵
  PID:4556
- C:\Windows\System\GFBOZrF.exe
  C:\Windows\System\GFBOZrF.exe
  2⤵
  PID:4680
- C:\Windows\System\fdJuTuK.exe
  C:\Windows\System\fdJuTuK.exe
  2⤵
  PID:4700
- C:\Windows\System\fedMKrp.exe
  C:\Windows\System\fedMKrp.exe
  2⤵
  PID:4716
- C:\Windows\System\MCiSgRO.exe
  C:\Windows\System\MCiSgRO.exe
  2⤵
  PID:4732
- C:\Windows\System\vyxKbRN.exe
  C:\Windows\System\vyxKbRN.exe
  2⤵
  PID:4752
- C:\Windows\System\CINLrFU.exe
  C:\Windows\System\CINLrFU.exe
  2⤵
  PID:4768
- C:\Windows\System\WfrzUJs.exe
  C:\Windows\System\WfrzUJs.exe
  2⤵
  PID:4784
- C:\Windows\System\HvpAUTO.exe
  C:\Windows\System\HvpAUTO.exe
  2⤵
  PID:4800
- C:\Windows\System\IXVbxZU.exe
  C:\Windows\System\IXVbxZU.exe
  2⤵
  PID:4816
- C:\Windows\System\VEkhFkW.exe
  C:\Windows\System\VEkhFkW.exe
  2⤵
  PID:4832
- C:\Windows\System\AtVGFNy.exe
  C:\Windows\System\AtVGFNy.exe
  2⤵
  PID:4860
- C:\Windows\System\pivmCzz.exe
  C:\Windows\System\pivmCzz.exe
  2⤵
  PID:4884
- C:\Windows\System\MSAdhcr.exe
  C:\Windows\System\MSAdhcr.exe
  2⤵
  PID:4900
- C:\Windows\System\rkgzqnt.exe
  C:\Windows\System\rkgzqnt.exe
  2⤵
  PID:4920
- C:\Windows\System\yZiLAzd.exe
  C:\Windows\System\yZiLAzd.exe
  2⤵
  PID:4956
- C:\Windows\System\BEQMObd.exe
  C:\Windows\System\BEQMObd.exe
  2⤵
  PID:4984
- C:\Windows\System\TgGgFma.exe
  C:\Windows\System\TgGgFma.exe
  2⤵
  PID:5000
- C:\Windows\System\sUYdUSB.exe
  C:\Windows\System\sUYdUSB.exe
  2⤵
  PID:5020
- C:\Windows\System\ubNsDmy.exe
  C:\Windows\System\ubNsDmy.exe
  2⤵
  PID:5044
- C:\Windows\System\dKgGVIY.exe
  C:\Windows\System\dKgGVIY.exe
  2⤵
  PID:5064
- C:\Windows\System\BPHUlJD.exe
  C:\Windows\System\BPHUlJD.exe
  2⤵
  PID:5084
- C:\Windows\System\VxxYRgA.exe
  C:\Windows\System\VxxYRgA.exe
  2⤵
  PID:5104
- C:\Windows\System\cHZyYHZ.exe
  C:\Windows\System\cHZyYHZ.exe
  2⤵
  PID:3928
- C:\Windows\System\OsciTWu.exe
  C:\Windows\System\OsciTWu.exe
  2⤵
  PID:1728
- C:\Windows\System\jgivGuV.exe
  C:\Windows\System\jgivGuV.exe
  2⤵
  PID:2208
- C:\Windows\System\hePmeRz.exe
  C:\Windows\System\hePmeRz.exe
  2⤵
  PID:3656
- C:\Windows\System\TjpfRik.exe
  C:\Windows\System\TjpfRik.exe
  2⤵
  PID:4100
- C:\Windows\System\WuhHjIF.exe
  C:\Windows\System\WuhHjIF.exe
  2⤵
  PID:4164
- C:\Windows\System\BtoZyVx.exe
  C:\Windows\System\BtoZyVx.exe
  2⤵
  PID:3700
- C:\Windows\System\OvbDfbS.exe
  C:\Windows\System\OvbDfbS.exe
  2⤵
  PID:3820
- C:\Windows\System\epwdgAP.exe
  C:\Windows\System\epwdgAP.exe
  2⤵
  PID:3940
- C:\Windows\System\GfAImRG.exe
  C:\Windows\System\GfAImRG.exe
  2⤵
  PID:2892
- C:\Windows\System\vKVZQth.exe
  C:\Windows\System\vKVZQth.exe
  2⤵
  PID:3716
- C:\Windows\System\ZxKjpbr.exe
  C:\Windows\System\ZxKjpbr.exe
  2⤵
  PID:4212
- C:\Windows\System\pGBssqn.exe
  C:\Windows\System\pGBssqn.exe
  2⤵
  PID:4116
- C:\Windows\System\mPGwBFK.exe
  C:\Windows\System\mPGwBFK.exe
  2⤵
  PID:3980
- C:\Windows\System\DcKSoJs.exe
  C:\Windows\System\DcKSoJs.exe
  2⤵
  PID:3376
- C:\Windows\System\bpFGJzF.exe
  C:\Windows\System\bpFGJzF.exe
  2⤵
  PID:4036
- C:\Windows\System\VChNPLM.exe
  C:\Windows\System\VChNPLM.exe
  2⤵
  PID:3840
- C:\Windows\System\XlwPuCJ.exe
  C:\Windows\System\XlwPuCJ.exe
  2⤵
  PID:4324
- C:\Windows\System\ZfMvqbq.exe
  C:\Windows\System\ZfMvqbq.exe
  2⤵
  PID:4344
- C:\Windows\System\gZmGJVP.exe
  C:\Windows\System\gZmGJVP.exe
  2⤵
  PID:4424
- C:\Windows\System\ntmKwoB.exe
  C:\Windows\System\ntmKwoB.exe
  2⤵
  PID:4464
- C:\Windows\System\Ijtphrk.exe
  C:\Windows\System\Ijtphrk.exe
  2⤵
  PID:4484
- C:\Windows\System\LXNqyfu.exe
  C:\Windows\System\LXNqyfu.exe
  2⤵
  PID:4408
- C:\Windows\System\BAGhona.exe
  C:\Windows\System\BAGhona.exe
  2⤵
  PID:4500
- C:\Windows\System\mrWJWyZ.exe
  C:\Windows\System\mrWJWyZ.exe
  2⤵
  PID:4520
- C:\Windows\System\PIddhmK.exe
  C:\Windows\System\PIddhmK.exe
  2⤵
  PID:4580
- C:\Windows\System\ZtYBwxU.exe
  C:\Windows\System\ZtYBwxU.exe
  2⤵
  PID:4604
- C:\Windows\System\pkMzEbO.exe
  C:\Windows\System\pkMzEbO.exe
  2⤵
  PID:4624
- C:\Windows\System\Npohocz.exe
  C:\Windows\System\Npohocz.exe
  2⤵
  PID:4644
- C:\Windows\System\TdlIsyp.exe
  C:\Windows\System\TdlIsyp.exe
  2⤵
  PID:4660
- C:\Windows\System\HSTttgK.exe
  C:\Windows\System\HSTttgK.exe
  2⤵
  PID:4524
- C:\Windows\System\qWUOiiY.exe
  C:\Windows\System\qWUOiiY.exe
  2⤵
  PID:4540
- C:\Windows\System\jmcxGjO.exe
  C:\Windows\System\jmcxGjO.exe
  2⤵
  PID:4712
- C:\Windows\System\BkVjOoq.exe
  C:\Windows\System\BkVjOoq.exe
  2⤵
  PID:4808
- C:\Windows\System\WkvJGRF.exe
  C:\Windows\System\WkvJGRF.exe
  2⤵
  PID:4856
- C:\Windows\System\inhRHQP.exe
  C:\Windows\System\inhRHQP.exe
  2⤵
  PID:4696
- C:\Windows\System\yCBRmhO.exe
  C:\Windows\System\yCBRmhO.exe
  2⤵
  PID:4912
- C:\Windows\System\UmavwUC.exe
  C:\Windows\System\UmavwUC.exe
  2⤵
  PID:4792
- C:\Windows\System\ukPPpkT.exe
  C:\Windows\System\ukPPpkT.exe
  2⤵
  PID:4928
- C:\Windows\System\aKagcbI.exe
  C:\Windows\System\aKagcbI.exe
  2⤵
  PID:4944
- C:\Windows\System\QKmgxel.exe
  C:\Windows\System\QKmgxel.exe
  2⤵
  PID:4964
- C:\Windows\System\cDzIPiB.exe
  C:\Windows\System\cDzIPiB.exe
  2⤵
  PID:4976
- C:\Windows\System\koxaTgC.exe
  C:\Windows\System\koxaTgC.exe
  2⤵
  PID:5016
- C:\Windows\System\lvphhCP.exe
  C:\Windows\System\lvphhCP.exe
  2⤵
  PID:5052
- C:\Windows\System\sbruUua.exe
  C:\Windows\System\sbruUua.exe
  2⤵
  PID:5096
- C:\Windows\System\yJdccAK.exe
  C:\Windows\System\yJdccAK.exe
  2⤵
  PID:3124
- C:\Windows\System\fJDtIIs.exe
  C:\Windows\System\fJDtIIs.exe
  2⤵
  PID:3216
- C:\Windows\System\oHiRbII.exe
  C:\Windows\System\oHiRbII.exe
  2⤵
  PID:4060
- C:\Windows\System\cUIlvfh.exe
  C:\Windows\System\cUIlvfh.exe
  2⤵
  PID:4228
- C:\Windows\System\HUoozsE.exe
  C:\Windows\System\HUoozsE.exe
  2⤵
  PID:4256
- C:\Windows\System\nfowLAV.exe
  C:\Windows\System\nfowLAV.exe
  2⤵
  PID:4292
- C:\Windows\System\SpJyGwZ.exe
  C:\Windows\System\SpJyGwZ.exe
  2⤵
  PID:4288
- C:\Windows\System\WnwqGOR.exe
  C:\Windows\System\WnwqGOR.exe
  2⤵
  PID:4272
- C:\Windows\System\mTwXIAZ.exe
  C:\Windows\System\mTwXIAZ.exe
  2⤵
  PID:3600
- C:\Windows\System\ESKLISj.exe
  C:\Windows\System\ESKLISj.exe
  2⤵
  PID:3184
- C:\Windows\System\VRZYstD.exe
  C:\Windows\System\VRZYstD.exe
  2⤵
  PID:4356
- C:\Windows\System\sDpQVck.exe
  C:\Windows\System\sDpQVck.exe
  2⤵
  PID:1064
- C:\Windows\System\WSAfQeV.exe
  C:\Windows\System\WSAfQeV.exe
  2⤵
  PID:4420
- C:\Windows\System\JvnbYcx.exe
  C:\Windows\System\JvnbYcx.exe
  2⤵
  PID:4516
- C:\Windows\System\SKVAXZz.exe
  C:\Windows\System\SKVAXZz.exe
  2⤵
  PID:4592
- C:\Windows\System\fmESskh.exe
  C:\Windows\System\fmESskh.exe
  2⤵
  PID:4440
- C:\Windows\System\GYfKJbA.exe
  C:\Windows\System\GYfKJbA.exe
  2⤵
  PID:4640
- C:\Windows\System\JDVcmgo.exe
  C:\Windows\System\JDVcmgo.exe
  2⤵
  PID:4620
- C:\Windows\System\NVGKZGt.exe
  C:\Windows\System\NVGKZGt.exe
  2⤵
  PID:4840
- C:\Windows\System\AhhqCVl.exe
  C:\Windows\System\AhhqCVl.exe
  2⤵
  PID:4880
- C:\Windows\System\SbZAzLu.exe
  C:\Windows\System\SbZAzLu.exe
  2⤵
  PID:4908
- C:\Windows\System\SqoJFIU.exe
  C:\Windows\System\SqoJFIU.exe
  2⤵
  PID:4744
- C:\Windows\System\uNJluWu.exe
  C:\Windows\System\uNJluWu.exe
  2⤵
  PID:4868
- C:\Windows\System\XVxDZJw.exe
  C:\Windows\System\XVxDZJw.exe
  2⤵
  PID:4948
- C:\Windows\System\rbqPCPF.exe
  C:\Windows\System\rbqPCPF.exe
  2⤵
  PID:5032
- C:\Windows\System\BLkJSIr.exe
  C:\Windows\System\BLkJSIr.exe
  2⤵
  PID:5092
- C:\Windows\System\tHfPfXH.exe
  C:\Windows\System\tHfPfXH.exe
  2⤵
  PID:4940
- C:\Windows\System\ZXtauTp.exe
  C:\Windows\System\ZXtauTp.exe
  2⤵
  PID:5080
- C:\Windows\System\ZcrSTFF.exe
  C:\Windows\System\ZcrSTFF.exe
  2⤵
  PID:3664
- C:\Windows\System\TayyeTT.exe
  C:\Windows\System\TayyeTT.exe
  2⤵
  PID:1960
- C:\Windows\System\WNSHbxp.exe
  C:\Windows\System\WNSHbxp.exe
  2⤵
  PID:4180
- C:\Windows\System\THDmQeA.exe
  C:\Windows\System\THDmQeA.exe
  2⤵
  PID:3676
- C:\Windows\System\UMfqrzi.exe
  C:\Windows\System\UMfqrzi.exe
  2⤵
  PID:1244
- C:\Windows\System\NSzhspV.exe
  C:\Windows\System\NSzhspV.exe
  2⤵
  PID:3080
- C:\Windows\System\gLwGKhZ.exe
  C:\Windows\System\gLwGKhZ.exe
  2⤵
  PID:4372
- C:\Windows\System\ucCkOHG.exe
  C:\Windows\System\ucCkOHG.exe
  2⤵
  PID:4476
- C:\Windows\System\uclNdpJ.exe
  C:\Windows\System\uclNdpJ.exe
  2⤵
  PID:4576
- C:\Windows\System\YzuwwaG.exe
  C:\Windows\System\YzuwwaG.exe
  2⤵
  PID:4668
- C:\Windows\System\pcaeTdZ.exe
  C:\Windows\System\pcaeTdZ.exe
  2⤵
  PID:4688
- C:\Windows\System\oRQwRjn.exe
  C:\Windows\System\oRQwRjn.exe
  2⤵
  PID:4796
- C:\Windows\System\AxGHLzH.exe
  C:\Windows\System\AxGHLzH.exe
  2⤵
  PID:4676
- C:\Windows\System\aNQeWwt.exe
  C:\Windows\System\aNQeWwt.exe
  2⤵
  PID:5076
- C:\Windows\System\DZfvsRo.exe
  C:\Windows\System\DZfvsRo.exe
  2⤵
  PID:3868
- C:\Windows\System\gBLkwyP.exe
  C:\Windows\System\gBLkwyP.exe
  2⤵
  PID:5040
- C:\Windows\System\uOSstRy.exe
  C:\Windows\System\uOSstRy.exe
  2⤵
  PID:2992
- C:\Windows\System\dJKKOek.exe
  C:\Windows\System\dJKKOek.exe
  2⤵
  PID:5140
- C:\Windows\System\OXevage.exe
  C:\Windows\System\OXevage.exe
  2⤵
  PID:5156
- C:\Windows\System\jjvoQzX.exe
  C:\Windows\System\jjvoQzX.exe
  2⤵
  PID:5180
- C:\Windows\System\leKVqGG.exe
  C:\Windows\System\leKVqGG.exe
  2⤵
  PID:5204
- C:\Windows\System\EWxGxMs.exe
  C:\Windows\System\EWxGxMs.exe
  2⤵
  PID:5224
- C:\Windows\System\yvPamrk.exe
  C:\Windows\System\yvPamrk.exe
  2⤵
  PID:5244
- C:\Windows\System\yhgHvaw.exe
  C:\Windows\System\yhgHvaw.exe
  2⤵
  PID:5260
- C:\Windows\System\Fpcoejx.exe
  C:\Windows\System\Fpcoejx.exe
  2⤵
  PID:5284
- C:\Windows\System\tgYPnHw.exe
  C:\Windows\System\tgYPnHw.exe
  2⤵
  PID:5300
- C:\Windows\System\zlZkghy.exe
  C:\Windows\System\zlZkghy.exe
  2⤵
  PID:5316
- C:\Windows\System\eWjNzXg.exe
  C:\Windows\System\eWjNzXg.exe
  2⤵
  PID:5332
- C:\Windows\System\cAEkWBA.exe
  C:\Windows\System\cAEkWBA.exe
  2⤵
  PID:5348
- C:\Windows\System\aAgCiZs.exe
  C:\Windows\System\aAgCiZs.exe
  2⤵
  PID:5364
- C:\Windows\System\utGNDnp.exe
  C:\Windows\System\utGNDnp.exe
  2⤵
  PID:5384
- C:\Windows\System\LQykNXe.exe
  C:\Windows\System\LQykNXe.exe
  2⤵
  PID:5400
- C:\Windows\System\sRfnpXt.exe
  C:\Windows\System\sRfnpXt.exe
  2⤵
  PID:5416
- C:\Windows\System\uejBMMS.exe
  C:\Windows\System\uejBMMS.exe
  2⤵
  PID:5432
- C:\Windows\System\ojaiOrq.exe
  C:\Windows\System\ojaiOrq.exe
  2⤵
  PID:5448
- C:\Windows\System\PpxkKnZ.exe
  C:\Windows\System\PpxkKnZ.exe
  2⤵
  PID:5464
- C:\Windows\System\ZWQRceh.exe
  C:\Windows\System\ZWQRceh.exe
  2⤵
  PID:5480
- C:\Windows\System\GIsxCxt.exe
  C:\Windows\System\GIsxCxt.exe
  2⤵
  PID:5496
- C:\Windows\System\MXGgkSz.exe
  C:\Windows\System\MXGgkSz.exe
  2⤵
  PID:5512
- C:\Windows\System\zKuOhVZ.exe
  C:\Windows\System\zKuOhVZ.exe
  2⤵
  PID:5528
- C:\Windows\System\hOXVTOj.exe
  C:\Windows\System\hOXVTOj.exe
  2⤵
  PID:5548
- C:\Windows\System\BWtAXjR.exe
  C:\Windows\System\BWtAXjR.exe
  2⤵
  PID:5576
- C:\Windows\System\MPcqEYL.exe
  C:\Windows\System\MPcqEYL.exe
  2⤵
  PID:5600
- C:\Windows\System\aNccoJu.exe
  C:\Windows\System\aNccoJu.exe
  2⤵
  PID:5620
- C:\Windows\System\oqhidKf.exe
  C:\Windows\System\oqhidKf.exe
  2⤵
  PID:5648
- C:\Windows\System\TWQDQOE.exe
  C:\Windows\System\TWQDQOE.exe
  2⤵
  PID:5664
- C:\Windows\System\lxNDPhe.exe
  C:\Windows\System\lxNDPhe.exe
  2⤵
  PID:5680
- C:\Windows\System\SMVnppS.exe
  C:\Windows\System\SMVnppS.exe
  2⤵
  PID:5696
- C:\Windows\System\OEVHLuu.exe
  C:\Windows\System\OEVHLuu.exe
  2⤵
  PID:5712
- C:\Windows\System\TMGCejD.exe
  C:\Windows\System\TMGCejD.exe
  2⤵
  PID:5728
- C:\Windows\System\NOHdxYh.exe
  C:\Windows\System\NOHdxYh.exe
  2⤵
  PID:5748
- C:\Windows\System\CoGuPxF.exe
  C:\Windows\System\CoGuPxF.exe
  2⤵
  PID:5764
- C:\Windows\System\MfzGguF.exe
  C:\Windows\System\MfzGguF.exe
  2⤵
  PID:5780
- C:\Windows\System\THjpBtC.exe
  C:\Windows\System\THjpBtC.exe
  2⤵
  PID:5796
- C:\Windows\System\AQiqVOk.exe
  C:\Windows\System\AQiqVOk.exe
  2⤵
  PID:5812
- C:\Windows\System\BpWlOPh.exe
  C:\Windows\System\BpWlOPh.exe
  2⤵
  PID:5828
- C:\Windows\System\BWBTgGP.exe
  C:\Windows\System\BWBTgGP.exe
  2⤵
  PID:5848
- C:\Windows\System\aNAaXGf.exe
  C:\Windows\System\aNAaXGf.exe
  2⤵
  PID:5864
- C:\Windows\System\XSEEdXF.exe
  C:\Windows\System\XSEEdXF.exe
  2⤵
  PID:5888
- C:\Windows\System\izMpqvV.exe
  C:\Windows\System\izMpqvV.exe
  2⤵
  PID:5904
- C:\Windows\System\BJtCQXN.exe
  C:\Windows\System\BJtCQXN.exe
  2⤵
  PID:5920
- C:\Windows\System\kpfXbIn.exe
  C:\Windows\System\kpfXbIn.exe
  2⤵
  PID:5944
- C:\Windows\System\HaKdkkZ.exe
  C:\Windows\System\HaKdkkZ.exe
  2⤵
  PID:5964
- C:\Windows\System\BkLSQAK.exe
  C:\Windows\System\BkLSQAK.exe
  2⤵
  PID:5980
- C:\Windows\System\OhKRrnh.exe
  C:\Windows\System\OhKRrnh.exe
  2⤵
  PID:6000
- C:\Windows\System\PIcyKCh.exe
  C:\Windows\System\PIcyKCh.exe
  2⤵
  PID:6016
- C:\Windows\System\nzYzHgD.exe
  C:\Windows\System\nzYzHgD.exe
  2⤵
  PID:6032
- C:\Windows\System\kwRVlII.exe
  C:\Windows\System\kwRVlII.exe
  2⤵
  PID:6048
- C:\Windows\System\bseWrhR.exe
  C:\Windows\System\bseWrhR.exe
  2⤵
  PID:6068
- C:\Windows\System\ZBclEsC.exe
  C:\Windows\System\ZBclEsC.exe
  2⤵
  PID:6092
- C:\Windows\System\EIaEnym.exe
  C:\Windows\System\EIaEnym.exe
  2⤵
  PID:6108
- C:\Windows\System\bPRnjPQ.exe
  C:\Windows\System\bPRnjPQ.exe
  2⤵
  PID:6124
- C:\Windows\System\wQRVErX.exe
  C:\Windows\System\wQRVErX.exe
  2⤵
  PID:3640
- C:\Windows\System\PpSgCGl.exe
  C:\Windows\System\PpSgCGl.exe
  2⤵
  PID:2860
- C:\Windows\System\UWQCLJf.exe
  C:\Windows\System\UWQCLJf.exe
  2⤵
  PID:4148
- C:\Windows\System\YldAbVi.exe
  C:\Windows\System\YldAbVi.exe
  2⤵
  PID:4144
- C:\Windows\System\ExpTjSb.exe
  C:\Windows\System\ExpTjSb.exe
  2⤵
  PID:3764
- C:\Windows\System\IHUISXN.exe
  C:\Windows\System\IHUISXN.exe
  2⤵
  PID:3660
- C:\Windows\System\tigaBWM.exe
  C:\Windows\System\tigaBWM.exe
  2⤵
  PID:4708
- C:\Windows\System\mEinMEF.exe
  C:\Windows\System\mEinMEF.exe
  2⤵
  PID:4460
- C:\Windows\System\WQCVybg.exe
  C:\Windows\System\WQCVybg.exe
  2⤵
  PID:4160
- C:\Windows\System\aLSGPGE.exe
  C:\Windows\System\aLSGPGE.exe
  2⤵
  PID:3636
- C:\Windows\System\rcxuDNd.exe
  C:\Windows\System\rcxuDNd.exe
  2⤵
  PID:5176
- C:\Windows\System\HltQVtb.exe
  C:\Windows\System\HltQVtb.exe
  2⤵
  PID:2472
- C:\Windows\System\HEZcPxe.exe
  C:\Windows\System\HEZcPxe.exe
  2⤵
  PID:5720
- C:\Windows\System\IyLPRur.exe
  C:\Windows\System\IyLPRur.exe
  2⤵
  PID:5232
- C:\Windows\System\oARcCGC.exe
  C:\Windows\System\oARcCGC.exe
  2⤵
  PID:3292
- C:\Windows\System\uabDDyi.exe
  C:\Windows\System\uabDDyi.exe
  2⤵
  PID:5236
- C:\Windows\System\TDeKDRZ.exe
  C:\Windows\System\TDeKDRZ.exe
  2⤵
  PID:5756
- C:\Windows\System\mfqnWpe.exe
  C:\Windows\System\mfqnWpe.exe
  2⤵
  PID:5820
- C:\Windows\System\BlnSsmI.exe
  C:\Windows\System\BlnSsmI.exe
  2⤵
  PID:5928
- C:\Windows\System\kfgVIEo.exe
  C:\Windows\System\kfgVIEo.exe
  2⤵
  PID:5976
- C:\Windows\System\IPIBrLt.exe
  C:\Windows\System\IPIBrLt.exe
  2⤵
  PID:6044
- C:\Windows\System\dsZSvFu.exe
  C:\Windows\System\dsZSvFu.exe
  2⤵
  PID:6120
- C:\Windows\System\xppLPlc.exe
  C:\Windows\System\xppLPlc.exe
  2⤵
  PID:4196
- C:\Windows\System\DoTQfXs.exe
  C:\Windows\System\DoTQfXs.exe
  2⤵
  PID:4472
- C:\Windows\System\KSqrVSS.exe
  C:\Windows\System\KSqrVSS.exe
  2⤵
  PID:5276
- C:\Windows\System\opmfwVG.exe
  C:\Windows\System\opmfwVG.exe
  2⤵
  PID:5128
- C:\Windows\System\HCYjSIC.exe
  C:\Windows\System\HCYjSIC.exe
  2⤵
  PID:5544
- C:\Windows\System\BGWopqV.exe
  C:\Windows\System\BGWopqV.exe
  2⤵
  PID:5640
- C:\Windows\System\EdWxScE.exe
  C:\Windows\System\EdWxScE.exe
  2⤵
  PID:5744
- C:\Windows\System\vHJWNxQ.exe
  C:\Windows\System\vHJWNxQ.exe
  2⤵
  PID:5836
- C:\Windows\System\rmepShT.exe
  C:\Windows\System\rmepShT.exe
  2⤵
  PID:5884
- C:\Windows\System\DPdrlCJ.exe
  C:\Windows\System\DPdrlCJ.exe
  2⤵
  PID:5988
- C:\Windows\System\OXhLjzo.exe
  C:\Windows\System\OXhLjzo.exe
  2⤵
  PID:6056
- C:\Windows\System\BPcAaqk.exe
  C:\Windows\System\BPcAaqk.exe
  2⤵
  PID:6132
- C:\Windows\System\jEwBytg.exe
  C:\Windows\System\jEwBytg.exe
  2⤵
  PID:3844
- C:\Windows\System\RrzuKik.exe
  C:\Windows\System\RrzuKik.exe
  2⤵
  PID:4572
- C:\Windows\System\jLtwhkU.exe
  C:\Windows\System\jLtwhkU.exe
  2⤵
  PID:5740
- C:\Windows\System\UyZPgUH.exe
  C:\Windows\System\UyZPgUH.exe
  2⤵
  PID:5588
- C:\Windows\System\PemenDm.exe
  C:\Windows\System\PemenDm.exe
  2⤵
  PID:5220
- C:\Windows\System\FGSdzmU.exe
  C:\Windows\System\FGSdzmU.exe
  2⤵
  PID:5476
- C:\Windows\System\ouIUiZx.exe
  C:\Windows\System\ouIUiZx.exe
  2⤵
  PID:5328
- C:\Windows\System\SnncGJZ.exe
  C:\Windows\System\SnncGJZ.exe
  2⤵
  PID:5396
- C:\Windows\System\YYbmZfe.exe
  C:\Windows\System\YYbmZfe.exe
  2⤵
  PID:5488
- C:\Windows\System\ECRjiLP.exe
  C:\Windows\System\ECRjiLP.exe
  2⤵
  PID:5568
- C:\Windows\System\qJtRqSx.exe
  C:\Windows\System\qJtRqSx.exe
  2⤵
  PID:5608
- C:\Windows\System\VHFfHEW.exe
  C:\Windows\System\VHFfHEW.exe
  2⤵
  PID:3908
- C:\Windows\System\mACSKsE.exe
  C:\Windows\System\mACSKsE.exe
  2⤵
  PID:5692
- C:\Windows\System\rLpLhBN.exe
  C:\Windows\System\rLpLhBN.exe
  2⤵
  PID:6084
- C:\Windows\System\DqNYhrP.exe
  C:\Windows\System\DqNYhrP.exe
  2⤵
  PID:5056
- C:\Windows\System\DWRjjld.exe
  C:\Windows\System\DWRjjld.exe
  2⤵
  PID:5152
- C:\Windows\System\JKdqGBU.exe
  C:\Windows\System\JKdqGBU.exe
  2⤵
  PID:5856
- C:\Windows\System\IRfkfyv.exe
  C:\Windows\System\IRfkfyv.exe
  2⤵
  PID:4992
- C:\Windows\System\gCCEELg.exe
  C:\Windows\System\gCCEELg.exe
  2⤵
  PID:6076
- C:\Windows\System\iriZZDF.exe
  C:\Windows\System\iriZZDF.exe
  2⤵
  PID:5956
- C:\Windows\System\jKtwOzZ.exe
  C:\Windows\System\jKtwOzZ.exe
  2⤵
  PID:4968
- C:\Windows\System\RUIhncX.exe
  C:\Windows\System\RUIhncX.exe
  2⤵
  PID:4824
- C:\Windows\System\NKpNdLH.exe
  C:\Windows\System\NKpNdLH.exe
  2⤵
  PID:5736
- C:\Windows\System\AdIuRcL.exe
  C:\Windows\System\AdIuRcL.exe
  2⤵
  PID:5880
- C:\Windows\System\ouPheQw.exe
  C:\Windows\System\ouPheQw.exe
  2⤵
  PID:5708
- C:\Windows\System\HyCRWcF.exe
  C:\Windows\System\HyCRWcF.exe
  2⤵
  PID:5996
- C:\Windows\System\OjGiDUI.exe
  C:\Windows\System\OjGiDUI.exe
  2⤵
  PID:5536
- C:\Windows\System\oghrBJq.exe
  C:\Windows\System\oghrBJq.exe
  2⤵
  PID:5164
- C:\Windows\System\eqYbVop.exe
  C:\Windows\System\eqYbVop.exe
  2⤵
  PID:5252
- C:\Windows\System\dFepnvq.exe
  C:\Windows\System\dFepnvq.exe
  2⤵
  PID:5292
- C:\Windows\System\UTlWZiT.exe
  C:\Windows\System\UTlWZiT.exe
  2⤵
  PID:5428
- C:\Windows\System\rlTTKJZ.exe
  C:\Windows\System\rlTTKJZ.exe
  2⤵
  PID:5572
- C:\Windows\System\bKbsVWE.exe
  C:\Windows\System\bKbsVWE.exe
  2⤵
  PID:5240
- C:\Windows\System\WZiJZCj.exe
  C:\Windows\System\WZiJZCj.exe
  2⤵
  PID:5688
- C:\Windows\System\FjxfOCy.exe
  C:\Windows\System\FjxfOCy.exe
  2⤵
  PID:6088
- C:\Windows\System\wFGXqwD.exe
  C:\Windows\System\wFGXqwD.exe
  2⤵
  PID:5192
- C:\Windows\System\AnASbZB.exe
  C:\Windows\System\AnASbZB.exe
  2⤵
  PID:6012
- C:\Windows\System\eGyNAdX.exe
  C:\Windows\System\eGyNAdX.exe
  2⤵
  PID:5268
- C:\Windows\System\aeJSIDA.exe
  C:\Windows\System\aeJSIDA.exe
  2⤵
  PID:5408
- C:\Windows\System\XTvibrk.exe
  C:\Windows\System\XTvibrk.exe
  2⤵
  PID:6160
- C:\Windows\System\xTiYTCo.exe
  C:\Windows\System\xTiYTCo.exe
  2⤵
  PID:6180
- C:\Windows\System\aMPeWtq.exe
  C:\Windows\System\aMPeWtq.exe
  2⤵
  PID:6200
- C:\Windows\System\FVmayFe.exe
  C:\Windows\System\FVmayFe.exe
  2⤵
  PID:6216
- C:\Windows\System\KmNGPas.exe
  C:\Windows\System\KmNGPas.exe
  2⤵
  PID:6240
- C:\Windows\System\FqzYnjB.exe
  C:\Windows\System\FqzYnjB.exe
  2⤵
  PID:6256
- C:\Windows\System\yhfreKj.exe
  C:\Windows\System\yhfreKj.exe
  2⤵
  PID:6276
- C:\Windows\System\sAERVSf.exe
  C:\Windows\System\sAERVSf.exe
  2⤵
  PID:6296
- C:\Windows\System\nfCDgIN.exe
  C:\Windows\System\nfCDgIN.exe
  2⤵
  PID:6316
- C:\Windows\System\fLLHufz.exe
  C:\Windows\System\fLLHufz.exe
  2⤵
  PID:6336
- C:\Windows\System\eDdetnC.exe
  C:\Windows\System\eDdetnC.exe
  2⤵
  PID:6356
- C:\Windows\System\ZpOEHRy.exe
  C:\Windows\System\ZpOEHRy.exe
  2⤵
  PID:6380
- C:\Windows\System\OcCvFTL.exe
  C:\Windows\System\OcCvFTL.exe
  2⤵
  PID:6396
- C:\Windows\System\ihQbCeB.exe
  C:\Windows\System\ihQbCeB.exe
  2⤵
  PID:6420
- C:\Windows\System\TSKnUPk.exe
  C:\Windows\System\TSKnUPk.exe
  2⤵
  PID:6436
- C:\Windows\System\jrAwcvB.exe
  C:\Windows\System\jrAwcvB.exe
  2⤵
  PID:6460
- C:\Windows\System\wfDMmFp.exe
  C:\Windows\System\wfDMmFp.exe
  2⤵
  PID:6480
- C:\Windows\System\DPonpex.exe
  C:\Windows\System\DPonpex.exe
  2⤵
  PID:6496
- C:\Windows\System\eMLIgTz.exe
  C:\Windows\System\eMLIgTz.exe
  2⤵
  PID:6512
- C:\Windows\System\fmBJuTf.exe
  C:\Windows\System\fmBJuTf.exe
  2⤵
  PID:6536
- C:\Windows\System\EelUYno.exe
  C:\Windows\System\EelUYno.exe
  2⤵
  PID:6552
- C:\Windows\System\lGqaUXt.exe
  C:\Windows\System\lGqaUXt.exe
  2⤵
  PID:6568
- C:\Windows\System\XNnGEUU.exe
  C:\Windows\System\XNnGEUU.exe
  2⤵
  PID:6588
- C:\Windows\System\eVnmLlX.exe
  C:\Windows\System\eVnmLlX.exe
  2⤵
  PID:6612
- C:\Windows\System\BSwrvyf.exe
  C:\Windows\System\BSwrvyf.exe
  2⤵
  PID:6660
- C:\Windows\System\qLHbKpK.exe
  C:\Windows\System\qLHbKpK.exe
  2⤵
  PID:6676
- C:\Windows\System\XdtatRc.exe
  C:\Windows\System\XdtatRc.exe
  2⤵
  PID:6696
- C:\Windows\System\emitzyV.exe
  C:\Windows\System\emitzyV.exe
  2⤵
  PID:6716
- C:\Windows\System\EexldAg.exe
  C:\Windows\System\EexldAg.exe
  2⤵
  PID:6740
- C:\Windows\System\QPaTDDk.exe
  C:\Windows\System\QPaTDDk.exe
  2⤵
  PID:6756
- C:\Windows\System\wfyjcTS.exe
  C:\Windows\System\wfyjcTS.exe
  2⤵
  PID:6776
- C:\Windows\System\QZEWOdK.exe
  C:\Windows\System\QZEWOdK.exe
  2⤵
  PID:6792
- C:\Windows\System\RoFpZoe.exe
  C:\Windows\System\RoFpZoe.exe
  2⤵
  PID:6808
- C:\Windows\System\cVBSUOf.exe
  C:\Windows\System\cVBSUOf.exe
  2⤵
  PID:6832
- C:\Windows\System\kFGFdka.exe
  C:\Windows\System\kFGFdka.exe
  2⤵
  PID:6848
- C:\Windows\System\BkELChM.exe
  C:\Windows\System\BkELChM.exe
  2⤵
  PID:6868
- C:\Windows\System\YTDvjZg.exe
  C:\Windows\System\YTDvjZg.exe
  2⤵
  PID:6888
- C:\Windows\System\WfeoHci.exe
  C:\Windows\System\WfeoHci.exe
  2⤵
  PID:6908
- C:\Windows\System\BnqYbrI.exe
  C:\Windows\System\BnqYbrI.exe
  2⤵
  PID:6928
- C:\Windows\System\HRJZLKc.exe
  C:\Windows\System\HRJZLKc.exe
  2⤵
  PID:6944
- C:\Windows\System\QSLairo.exe
  C:\Windows\System\QSLairo.exe
  2⤵
  PID:6960
- C:\Windows\System\vLgPVui.exe
  C:\Windows\System\vLgPVui.exe
  2⤵
  PID:6976
- C:\Windows\System\lXRsVkf.exe
  C:\Windows\System\lXRsVkf.exe
  2⤵
  PID:6992
- C:\Windows\System\nEJBDWn.exe
  C:\Windows\System\nEJBDWn.exe
  2⤵
  PID:7008
- C:\Windows\System\vFBBzUI.exe
  C:\Windows\System\vFBBzUI.exe
  2⤵
  PID:7024
- C:\Windows\System\CWQgYdf.exe
  C:\Windows\System\CWQgYdf.exe
  2⤵
  PID:7040
- C:\Windows\System\hRFAOkw.exe
  C:\Windows\System\hRFAOkw.exe
  2⤵
  PID:7056
- C:\Windows\System\MAzPfRn.exe
  C:\Windows\System\MAzPfRn.exe
  2⤵
  PID:7072
- C:\Windows\System\aTKIzDw.exe
  C:\Windows\System\aTKIzDw.exe
  2⤵
  PID:7092
- C:\Windows\System\jkMzozx.exe
  C:\Windows\System\jkMzozx.exe
  2⤵
  PID:7112
- C:\Windows\System\FPrKzLk.exe
  C:\Windows\System\FPrKzLk.exe
  2⤵
  PID:7128
- C:\Windows\System\LLwVlaC.exe
  C:\Windows\System\LLwVlaC.exe
  2⤵
  PID:7144
- C:\Windows\System\WXJxbHH.exe
  C:\Windows\System\WXJxbHH.exe
  2⤵
  PID:7160
- C:\Windows\System\vPVfYJx.exe
  C:\Windows\System\vPVfYJx.exe
  2⤵
  PID:1008
- C:\Windows\System\YcoGuTb.exe
  C:\Windows\System\YcoGuTb.exe
  2⤵
  PID:5628
- C:\Windows\System\DjdIaYs.exe
  C:\Windows\System\DjdIaYs.exe
  2⤵
  PID:6140
- C:\Windows\System\TnGalsE.exe
  C:\Windows\System\TnGalsE.exe
  2⤵
  PID:5456
- C:\Windows\System\anwyjiB.exe
  C:\Windows\System\anwyjiB.exe
  2⤵
  PID:5360
- C:\Windows\System\XaSfIcW.exe
  C:\Windows\System\XaSfIcW.exe
  2⤵
  PID:5308
- C:\Windows\System\iTriHyN.exe
  C:\Windows\System\iTriHyN.exe
  2⤵
  PID:5556
- C:\Windows\System\LsFrAUq.exe
  C:\Windows\System\LsFrAUq.exe
  2⤵
  PID:5788
- C:\Windows\System\brzsSbI.exe
  C:\Windows\System\brzsSbI.exe
  2⤵
  PID:5940
- C:\Windows\System\xmcOKGZ.exe
  C:\Windows\System\xmcOKGZ.exe
  2⤵
  PID:5972
- C:\Windows\System\QJMtyYR.exe
  C:\Windows\System\QJMtyYR.exe
  2⤵
  PID:6148
- C:\Windows\System\lZiYRUP.exe
  C:\Windows\System\lZiYRUP.exe
  2⤵
  PID:6188
- C:\Windows\System\fRoylTr.exe
  C:\Windows\System\fRoylTr.exe
  2⤵
  PID:6228
- C:\Windows\System\EuJcUGC.exe
  C:\Windows\System\EuJcUGC.exe
  2⤵
  PID:6272
- C:\Windows\System\hHAsDQx.exe
  C:\Windows\System\hHAsDQx.exe
  2⤵
  PID:6268
- C:\Windows\System\zOamgEW.exe
  C:\Windows\System\zOamgEW.exe
  2⤵
  PID:6168
- C:\Windows\System\FwEolCC.exe
  C:\Windows\System\FwEolCC.exe
  2⤵
  PID:6308
- C:\Windows\System\uCMqjKc.exe
  C:\Windows\System\uCMqjKc.exe
  2⤵
  PID:6352
- C:\Windows\System\YGFlvET.exe
  C:\Windows\System\YGFlvET.exe
  2⤵
  PID:6248
- C:\Windows\System\EeQKoqa.exe
  C:\Windows\System\EeQKoqa.exe
  2⤵
  PID:6468
- C:\Windows\System\dsUQLFx.exe
  C:\Windows\System\dsUQLFx.exe
  2⤵
  PID:6504
- C:\Windows\System\JrdAbnF.exe
  C:\Windows\System\JrdAbnF.exe
  2⤵
  PID:6292
- C:\Windows\System\PgNLJHv.exe
  C:\Windows\System\PgNLJHv.exe
  2⤵
  PID:6364
- C:\Windows\System\xBOWMqg.exe
  C:\Windows\System\xBOWMqg.exe
  2⤵
  PID:6544
- C:\Windows\System\zprgrJH.exe
  C:\Windows\System\zprgrJH.exe
  2⤵
  PID:6580
- C:\Windows\System\UrGxcTt.exe
  C:\Windows\System\UrGxcTt.exe
  2⤵
  PID:6412
- C:\Windows\System\TEGqleG.exe
  C:\Windows\System\TEGqleG.exe
  2⤵
  PID:6448
- C:\Windows\System\MuBILSY.exe
  C:\Windows\System\MuBILSY.exe
  2⤵
  PID:6492
- C:\Windows\System\nCOLKnz.exe
  C:\Windows\System\nCOLKnz.exe
  2⤵
  PID:6628
- C:\Windows\System\ptoywTr.exe
  C:\Windows\System\ptoywTr.exe
  2⤵
  PID:6640
- C:\Windows\System\QlSLCCl.exe
  C:\Windows\System\QlSLCCl.exe
  2⤵
  PID:6608
- C:\Windows\System\OFBnYLG.exe
  C:\Windows\System\OFBnYLG.exe
  2⤵
  PID:2592
- C:\Windows\System\NKdhTiA.exe
  C:\Windows\System\NKdhTiA.exe
  2⤵
  PID:3544
- C:\Windows\System\UmWBinH.exe
  C:\Windows\System\UmWBinH.exe
  2⤵
  PID:6724
- C:\Windows\System\ECcrgSX.exe
  C:\Windows\System\ECcrgSX.exe
  2⤵
  PID:6880
- C:\Windows\System\mnOZTRW.exe
  C:\Windows\System\mnOZTRW.exe
  2⤵
  PID:2944
- C:\Windows\System\yMGocNe.exe
  C:\Windows\System\yMGocNe.exe
  2⤵
  PID:6752
- C:\Windows\System\zXUicGN.exe
  C:\Windows\System\zXUicGN.exe
  2⤵
  PID:6820
- C:\Windows\System\BXceYsS.exe
  C:\Windows\System\BXceYsS.exe
  2⤵
  PID:6864
- C:\Windows\System\OnWHrrO.exe
  C:\Windows\System\OnWHrrO.exe
  2⤵
  PID:6904
- C:\Windows\System\IUBdUdo.exe
  C:\Windows\System\IUBdUdo.exe
  2⤵
  PID:6984
- C:\Windows\System\VaPwDlr.exe
  C:\Windows\System\VaPwDlr.exe
  2⤵
  PID:7020
- C:\Windows\System\ofXSTQg.exe
  C:\Windows\System\ofXSTQg.exe
  2⤵
  PID:7052
- C:\Windows\System\FbdxTHr.exe
  C:\Windows\System\FbdxTHr.exe
  2⤵
  PID:7100
- C:\Windows\System\drgxqVs.exe
  C:\Windows\System\drgxqVs.exe
  2⤵
  PID:1032
- C:\Windows\System\LAEwOzP.exe
  C:\Windows\System\LAEwOzP.exe
  2⤵
  PID:2760
- C:\Windows\System\NWRhBdA.exe
  C:\Windows\System\NWRhBdA.exe
  2⤵
  PID:5508
- C:\Windows\System\fvUfvsP.exe
  C:\Windows\System\fvUfvsP.exe
  2⤵
  PID:5280
- C:\Windows\System\BbFDBem.exe
  C:\Windows\System\BbFDBem.exe
  2⤵
  PID:5372
- C:\Windows\System\YuJEspX.exe
  C:\Windows\System\YuJEspX.exe
  2⤵
  PID:5900
- C:\Windows\System\ixYcZPq.exe
  C:\Windows\System\ixYcZPq.exe
  2⤵
  PID:3280
- C:\Windows\System\mMMlgSd.exe
  C:\Windows\System\mMMlgSd.exe
  2⤵
  PID:6304
- C:\Windows\System\SiQXAQc.exe
  C:\Windows\System\SiQXAQc.exe
  2⤵
  PID:2692
- C:\Windows\System\MGAtQod.exe
  C:\Windows\System\MGAtQod.exe
  2⤵
  PID:6896
- C:\Windows\System\bRVewWh.exe
  C:\Windows\System\bRVewWh.exe
  2⤵
  PID:7004
- C:\Windows\System\CYbSmTB.exe
  C:\Windows\System\CYbSmTB.exe
  2⤵
  PID:6600
- C:\Windows\System\cODBjlW.exe
  C:\Windows\System\cODBjlW.exe
  2⤵
  PID:5132
- C:\Windows\System\DUtFjlo.exe
  C:\Windows\System\DUtFjlo.exe
  2⤵
  PID:3336
- C:\Windows\System\ltVlquJ.exe
  C:\Windows\System\ltVlquJ.exe
  2⤵
  PID:3468
- C:\Windows\System\wQZGjCN.exe
  C:\Windows\System\wQZGjCN.exe
  2⤵
  PID:6844
- C:\Windows\System\VMfvRaN.exe
  C:\Windows\System\VMfvRaN.exe
  2⤵
  PID:2628
- C:\Windows\System\eprRujY.exe
  C:\Windows\System\eprRujY.exe
  2⤵
  PID:6952
- C:\Windows\System\DtPbNBt.exe
  C:\Windows\System\DtPbNBt.exe
  2⤵
  PID:7108
- C:\Windows\System\qaZdxUu.exe
  C:\Windows\System\qaZdxUu.exe
  2⤵
  PID:5060
- C:\Windows\System\vdGQHgk.exe
  C:\Windows\System\vdGQHgk.exe
  2⤵
  PID:4848
- C:\Windows\System\nWUyLPU.exe
  C:\Windows\System\nWUyLPU.exe
  2⤵
  PID:4404
- C:\Windows\System\dfcPvoL.exe
  C:\Windows\System\dfcPvoL.exe
  2⤵
  PID:3344
- C:\Windows\System\YTDrCEK.exe
  C:\Windows\System\YTDrCEK.exe
  2⤵
  PID:6348
- C:\Windows\System\aHeTbHG.exe
  C:\Windows\System\aHeTbHG.exe
  2⤵
  PID:3324
- C:\Windows\System\nuWnYcW.exe
  C:\Windows\System\nuWnYcW.exe
  2⤵
  PID:6508
- C:\Windows\System\wlWYsaH.exe
  C:\Windows\System\wlWYsaH.exe
  2⤵
  PID:6372
- C:\Windows\System\ZyjAaJM.exe
  C:\Windows\System\ZyjAaJM.exe
  2⤵
  PID:768
- C:\Windows\System\soXaVug.exe
  C:\Windows\System\soXaVug.exe
  2⤵
  PID:6564
- C:\Windows\System\ysUzTwi.exe
  C:\Windows\System\ysUzTwi.exe
  2⤵
  PID:3500
- C:\Windows\System\IvLNxUM.exe
  C:\Windows\System\IvLNxUM.exe
  2⤵
  PID:3540
- C:\Windows\System\HWPSGxm.exe
  C:\Windows\System\HWPSGxm.exe
  2⤵
  PID:3024
- C:\Windows\System\icYSHhN.exe
  C:\Windows\System\icYSHhN.exe
  2⤵
  PID:1688
- C:\Windows\System\YlmMWCk.exe
  C:\Windows\System\YlmMWCk.exe
  2⤵
  PID:6816
- C:\Windows\System\pYMRnck.exe
  C:\Windows\System\pYMRnck.exe
  2⤵
  PID:6452
- C:\Windows\System\DqXXXRO.exe
  C:\Windows\System\DqXXXRO.exe
  2⤵
  PID:6972
- C:\Windows\System\XJxJMIZ.exe
  C:\Windows\System\XJxJMIZ.exe
  2⤵
  PID:6804
- C:\Windows\System\IuPYOHt.exe
  C:\Windows\System\IuPYOHt.exe
  2⤵
  PID:5872
- C:\Windows\System\qYiGBQU.exe
  C:\Windows\System\qYiGBQU.exe
  2⤵
  PID:6856
- C:\Windows\System\LPTFjVc.exe
  C:\Windows\System\LPTFjVc.exe
  2⤵
  PID:6728
- C:\Windows\System\RynHPqi.exe
  C:\Windows\System\RynHPqi.exe
  2⤵
  PID:2668
- C:\Windows\System\sYFIyut.exe
  C:\Windows\System\sYFIyut.exe
  2⤵
  PID:5876
- C:\Windows\System\daeJmBv.exe
  C:\Windows\System\daeJmBv.exe
  2⤵
  PID:5616
- C:\Windows\System\kJCRbMk.exe
  C:\Windows\System\kJCRbMk.exe
  2⤵
  PID:6212
- C:\Windows\System\ldNNgmv.exe
  C:\Windows\System\ldNNgmv.exe
  2⤵
  PID:6232
- C:\Windows\System\OFQmKoJ.exe
  C:\Windows\System\OFQmKoJ.exe
  2⤵
  PID:264
- C:\Windows\System\pagtiQw.exe
  C:\Windows\System\pagtiQw.exe
  2⤵
  PID:6408
- C:\Windows\System\YwFHaDH.exe
  C:\Windows\System\YwFHaDH.exe
  2⤵
  PID:6576
- C:\Windows\System\tLdBJku.exe
  C:\Windows\System\tLdBJku.exe
  2⤵
  PID:2732
- C:\Windows\System\bPoFpgE.exe
  C:\Windows\System\bPoFpgE.exe
  2⤵
  PID:6584
- C:\Windows\System\pbYVAtr.exe
  C:\Windows\System\pbYVAtr.exe
  2⤵
  PID:6712
- C:\Windows\System\oohvpta.exe
  C:\Windows\System\oohvpta.exe
  2⤵
  PID:4896
- C:\Windows\System\YZAwLgB.exe
  C:\Windows\System\YZAwLgB.exe
  2⤵
  PID:3428
- C:\Windows\System\KRKOXxO.exe
  C:\Windows\System\KRKOXxO.exe
  2⤵
  PID:6936
- C:\Windows\System\hcJIGZp.exe
  C:\Windows\System\hcJIGZp.exe
  2⤵
  PID:5916
- C:\Windows\System\zzBiFpo.exe
  C:\Windows\System\zzBiFpo.exe
  2⤵
  PID:6884
- C:\Windows\System\PbkxaKz.exe
  C:\Windows\System\PbkxaKz.exe
  2⤵
  PID:5524
- C:\Windows\System\GeWkgaU.exe
  C:\Windows\System\GeWkgaU.exe
  2⤵
  PID:2704
- C:\Windows\System\qudafaS.exe
  C:\Windows\System\qudafaS.exe
  2⤵
  PID:944
- C:\Windows\System\DjNPVDm.exe
  C:\Windows\System\DjNPVDm.exe
  2⤵
  PID:6444
- C:\Windows\System\jBoUVdZ.exe
  C:\Windows\System\jBoUVdZ.exe
  2⤵
  PID:3400
- C:\Windows\System\NLFndWQ.exe
  C:\Windows\System\NLFndWQ.exe
  2⤵
  PID:6528
- C:\Windows\System\OiySIRH.exe
  C:\Windows\System\OiySIRH.exe
  2⤵
  PID:7152
- C:\Windows\System\uErsreY.exe
  C:\Windows\System\uErsreY.exe
  2⤵
  PID:2948
- C:\Windows\System\GkRrvtE.exe
  C:\Windows\System\GkRrvtE.exe
  2⤵
  PID:7036
- C:\Windows\System\cONEyod.exe
  C:\Windows\System\cONEyod.exe
  2⤵
  PID:2400
- C:\Windows\System\dmMhGVL.exe
  C:\Windows\System\dmMhGVL.exe
  2⤵
  PID:4312
- C:\Windows\System\IrYdLiA.exe
  C:\Windows\System\IrYdLiA.exe
  2⤵
  PID:7172
- C:\Windows\System\LDwLkXf.exe
  C:\Windows\System\LDwLkXf.exe
  2⤵
  PID:7192
- C:\Windows\System\kOJULra.exe
  C:\Windows\System\kOJULra.exe
  2⤵
  PID:7212
- C:\Windows\System\wRDAUPW.exe
  C:\Windows\System\wRDAUPW.exe
  2⤵
  PID:7232
- C:\Windows\System\ZAhKEwz.exe
  C:\Windows\System\ZAhKEwz.exe
  2⤵
  PID:7252
- C:\Windows\System\ugiOVFF.exe
  C:\Windows\System\ugiOVFF.exe
  2⤵
  PID:7272
- C:\Windows\System\VsxjXql.exe
  C:\Windows\System\VsxjXql.exe
  2⤵
  PID:7292
- C:\Windows\System\kYKJIDI.exe
  C:\Windows\System\kYKJIDI.exe
  2⤵
  PID:7308
- C:\Windows\System\fOBwKQz.exe
  C:\Windows\System\fOBwKQz.exe
  2⤵
  PID:7332
- C:\Windows\System\cuRQvXH.exe
  C:\Windows\System\cuRQvXH.exe
  2⤵
  PID:7352
- C:\Windows\System\NyiOmpI.exe
  C:\Windows\System\NyiOmpI.exe
  2⤵
  PID:7372
- C:\Windows\System\cXLVJcg.exe
  C:\Windows\System\cXLVJcg.exe
  2⤵
  PID:7388
- C:\Windows\System\HzqzeNm.exe
  C:\Windows\System\HzqzeNm.exe
  2⤵
  PID:7408
- C:\Windows\System\ByfDkCx.exe
  C:\Windows\System\ByfDkCx.exe
  2⤵
  PID:7428
- C:\Windows\System\JTPUVWK.exe
  C:\Windows\System\JTPUVWK.exe
  2⤵
  PID:7444
- C:\Windows\System\ZeUosMG.exe
  C:\Windows\System\ZeUosMG.exe
  2⤵
  PID:7468
- C:\Windows\System\UuBGQvu.exe
  C:\Windows\System\UuBGQvu.exe
  2⤵
  PID:7488
- C:\Windows\System\lDvWHNz.exe
  C:\Windows\System\lDvWHNz.exe
  2⤵
  PID:7508
- C:\Windows\System\rCtaewp.exe
  C:\Windows\System\rCtaewp.exe
  2⤵
  PID:7536
- C:\Windows\System\FffbxWA.exe
  C:\Windows\System\FffbxWA.exe
  2⤵
  PID:7552
- C:\Windows\System\GKtgigx.exe
  C:\Windows\System\GKtgigx.exe
  2⤵
  PID:7572
- C:\Windows\System\juafZUO.exe
  C:\Windows\System\juafZUO.exe
  2⤵
  PID:7588
- C:\Windows\System\tTunEng.exe
  C:\Windows\System\tTunEng.exe
  2⤵
  PID:7612
- C:\Windows\System\fynWeWJ.exe
  C:\Windows\System\fynWeWJ.exe
  2⤵
  PID:7632
- C:\Windows\System\ppNzJNy.exe
  C:\Windows\System\ppNzJNy.exe
  2⤵
  PID:7648
- C:\Windows\System\UWOaULP.exe
  C:\Windows\System\UWOaULP.exe
  2⤵
  PID:7664
- C:\Windows\System\DwpmyRu.exe
  C:\Windows\System\DwpmyRu.exe
  2⤵
  PID:7684
- C:\Windows\System\MCSSkud.exe
  C:\Windows\System\MCSSkud.exe
  2⤵
  PID:7700
- C:\Windows\System\eoVeFio.exe
  C:\Windows\System\eoVeFio.exe
  2⤵
  PID:7720
- C:\Windows\System\WSaueiD.exe
  C:\Windows\System\WSaueiD.exe
  2⤵
  PID:7740
- C:\Windows\System\fovJCoP.exe
  C:\Windows\System\fovJCoP.exe
  2⤵
  PID:7760
- C:\Windows\System\JjFBCwX.exe
  C:\Windows\System\JjFBCwX.exe
  2⤵
  PID:7776
- C:\Windows\System\ByjtGso.exe
  C:\Windows\System\ByjtGso.exe
  2⤵
  PID:7796
- C:\Windows\System\APOQbHV.exe
  C:\Windows\System\APOQbHV.exe
  2⤵
  PID:7812
- C:\Windows\System\mHwJFbi.exe
  C:\Windows\System\mHwJFbi.exe
  2⤵
  PID:7832
- C:\Windows\System\PSnxlPr.exe
  C:\Windows\System\PSnxlPr.exe
  2⤵
  PID:7852
- C:\Windows\System\VOLaQAh.exe
  C:\Windows\System\VOLaQAh.exe
  2⤵
  PID:7868
- C:\Windows\System\lzsidUz.exe
  C:\Windows\System\lzsidUz.exe
  2⤵
  PID:7884
- C:\Windows\System\JotxCHI.exe
  C:\Windows\System\JotxCHI.exe
  2⤵
  PID:7900
- C:\Windows\System\cOtqVXD.exe
  C:\Windows\System\cOtqVXD.exe
  2⤵
  PID:7916
- C:\Windows\System\ZKSWjhx.exe
  C:\Windows\System\ZKSWjhx.exe
  2⤵
  PID:7932
- C:\Windows\System\jFXcmlp.exe
  C:\Windows\System\jFXcmlp.exe
  2⤵
  PID:7952
- C:\Windows\System\ASwKvAU.exe
  C:\Windows\System\ASwKvAU.exe
  2⤵
  PID:7968
- C:\Windows\System\GoJtwLY.exe
  C:\Windows\System\GoJtwLY.exe
  2⤵
  PID:7984
- C:\Windows\System\lMbKBAl.exe
  C:\Windows\System\lMbKBAl.exe
  2⤵
  PID:8000
- C:\Windows\System\eiTOMKU.exe
  C:\Windows\System\eiTOMKU.exe
  2⤵
  PID:8016
- C:\Windows\System\kpIJCUz.exe
  C:\Windows\System\kpIJCUz.exe
  2⤵
  PID:8032
- C:\Windows\System\DOEpUkN.exe
  C:\Windows\System\DOEpUkN.exe
  2⤵
  PID:8048
- C:\Windows\System\wkEBeRX.exe
  C:\Windows\System\wkEBeRX.exe
  2⤵
  PID:8064
- C:\Windows\System\OdvBHAH.exe
  C:\Windows\System\OdvBHAH.exe
  2⤵
  PID:8080
- C:\Windows\System\sStHqjk.exe
  C:\Windows\System\sStHqjk.exe
  2⤵
  PID:8096
- C:\Windows\System\tiKPFqk.exe
  C:\Windows\System\tiKPFqk.exe
  2⤵
  PID:8112
- C:\Windows\System\hMrGThD.exe
  C:\Windows\System\hMrGThD.exe
  2⤵
  PID:8128
- C:\Windows\System\YcLoaLf.exe
  C:\Windows\System\YcLoaLf.exe
  2⤵
  PID:6668
- C:\Windows\System\whnXpbl.exe
  C:\Windows\System\whnXpbl.exe
  2⤵
  PID:7016
- C:\Windows\System\TYrctgC.exe
  C:\Windows\System\TYrctgC.exe
  2⤵
  PID:7136
- C:\Windows\System\zgdgcKQ.exe
  C:\Windows\System\zgdgcKQ.exe
  2⤵
  PID:7200
- C:\Windows\System\oGvEzYk.exe
  C:\Windows\System\oGvEzYk.exe
  2⤵
  PID:7180
- C:\Windows\System\jWFueUl.exe
  C:\Windows\System\jWFueUl.exe
  2⤵
  PID:7244
- C:\Windows\System\OwsECot.exe
  C:\Windows\System\OwsECot.exe
  2⤵
  PID:7280
- C:\Windows\System\HIWWqdg.exe
  C:\Windows\System\HIWWqdg.exe
  2⤵
  PID:7284
- C:\Windows\System\YyrIhwI.exe
  C:\Windows\System\YyrIhwI.exe
  2⤵
  PID:7320
- C:\Windows\System\hVGJkrZ.exe
  C:\Windows\System\hVGJkrZ.exe
  2⤵
  PID:7364
- C:\Windows\System\WcMwrhp.exe
  C:\Windows\System\WcMwrhp.exe
  2⤵
  PID:7396
- C:\Windows\System\kQkgpOq.exe
  C:\Windows\System\kQkgpOq.exe
  2⤵
  PID:7436
- C:\Windows\System\nbecnNO.exe
  C:\Windows\System\nbecnNO.exe
  2⤵
  PID:2288
- C:\Windows\System\QFqrQWk.exe
  C:\Windows\System\QFqrQWk.exe
  2⤵
  PID:7420
- C:\Windows\System\MFWhsgM.exe
  C:\Windows\System\MFWhsgM.exe
  2⤵
  PID:2960
- C:\Windows\System\katHPDT.exe
  C:\Windows\System\katHPDT.exe
  2⤵
  PID:7456
- C:\Windows\System\uwVYsHC.exe
  C:\Windows\System\uwVYsHC.exe
  2⤵
  PID:7504
- C:\Windows\System\xPbmrmC.exe
  C:\Windows\System\xPbmrmC.exe
  2⤵
  PID:7544
- C:\Windows\System\dZiwvzR.exe
  C:\Windows\System\dZiwvzR.exe
  2⤵
  PID:7560
- C:\Windows\System\ERKbmTb.exe
  C:\Windows\System\ERKbmTb.exe
  2⤵
  PID:7584
- C:\Windows\System\CqKvvHB.exe
  C:\Windows\System\CqKvvHB.exe
  2⤵
  PID:7628
- C:\Windows\System\DlAehKb.exe
  C:\Windows\System\DlAehKb.exe
  2⤵
  PID:7728
- C:\Windows\System\nNYKZpd.exe
  C:\Windows\System\nNYKZpd.exe
  2⤵
  PID:7772
- C:\Windows\System\rIAbvMi.exe
  C:\Windows\System\rIAbvMi.exe
  2⤵
  PID:7860
- C:\Windows\System\BKFORRt.exe
  C:\Windows\System\BKFORRt.exe
  2⤵
  PID:7880
- C:\Windows\System\TlHFgiC.exe
  C:\Windows\System\TlHFgiC.exe
  2⤵
  PID:7940
- C:\Windows\System\jkPkuzY.exe
  C:\Windows\System\jkPkuzY.exe
  2⤵
  PID:8008
- C:\Windows\System\GJUsbxI.exe
  C:\Windows\System\GJUsbxI.exe
  2⤵
  PID:8072
- C:\Windows\System\CxEJjIR.exe
  C:\Windows\System\CxEJjIR.exe
  2⤵
  PID:7708
- C:\Windows\System\ztIgpcl.exe
  C:\Windows\System\ztIgpcl.exe
  2⤵
  PID:7784
- C:\Windows\System\UvdMYiW.exe
  C:\Windows\System\UvdMYiW.exe
  2⤵
  PID:7820
- C:\Windows\System\smJfkIy.exe
  C:\Windows\System\smJfkIy.exe
  2⤵
  PID:7924
- C:\Windows\System\kewejkS.exe
  C:\Windows\System\kewejkS.exe
  2⤵
  PID:7992
- C:\Windows\System\iDphdno.exe
  C:\Windows\System\iDphdno.exe
  2⤵
  PID:8060
- C:\Windows\System\eIGWkbv.exe
  C:\Windows\System\eIGWkbv.exe
  2⤵
  PID:8124
- C:\Windows\System\gAuSgmP.exe
  C:\Windows\System\gAuSgmP.exe
  2⤵
  PID:7944
- C:\Windows\System\mbsPFby.exe
  C:\Windows\System\mbsPFby.exe
  2⤵
  PID:8188
- C:\Windows\System\FOcFQLP.exe
  C:\Windows\System\FOcFQLP.exe
  2⤵
  PID:2236
- C:\Windows\System\OxkkUWr.exe
  C:\Windows\System\OxkkUWr.exe
  2⤵
  PID:6344
- C:\Windows\System\mRdCUfq.exe
  C:\Windows\System\mRdCUfq.exe
  2⤵
  PID:3444
- C:\Windows\System\GidZMwp.exe
  C:\Windows\System\GidZMwp.exe
  2⤵
  PID:8172
- C:\Windows\System\BDkTdNw.exe
  C:\Windows\System\BDkTdNw.exe
  2⤵
  PID:8168
- C:\Windows\System\qgZUIEx.exe
  C:\Windows\System\qgZUIEx.exe
  2⤵
  PID:2972
- C:\Windows\System\HXbUVwz.exe
  C:\Windows\System\HXbUVwz.exe
  2⤵
  PID:2032
- C:\Windows\System\HlCXelD.exe
  C:\Windows\System\HlCXelD.exe
  2⤵
  PID:1656
- C:\Windows\System\AjnFyUG.exe
  C:\Windows\System\AjnFyUG.exe
  2⤵
  PID:7340
- C:\Windows\System\fczoBHw.exe
  C:\Windows\System\fczoBHw.exe
  2⤵
  PID:7404
- C:\Windows\System\dTaGBHa.exe
  C:\Windows\System\dTaGBHa.exe
  2⤵
  PID:7596
- C:\Windows\System\puyMKKE.exe
  C:\Windows\System\puyMKKE.exe
  2⤵
  PID:7524
- C:\Windows\System\MtwiSHY.exe
  C:\Windows\System\MtwiSHY.exe
  2⤵
  PID:1600
- C:\Windows\System\PgZCnab.exe
  C:\Windows\System\PgZCnab.exe
  2⤵
  PID:7580
- C:\Windows\System\EPlfnjg.exe
  C:\Windows\System\EPlfnjg.exe
  2⤵
  PID:7656
- C:\Windows\System\TakQVOE.exe
  C:\Windows\System\TakQVOE.exe
  2⤵
  PID:7676
- C:\Windows\System\rJulfBA.exe
  C:\Windows\System\rJulfBA.exe
  2⤵
  PID:7808
- C:\Windows\System\iOmfKNa.exe
  C:\Windows\System\iOmfKNa.exe
  2⤵
  PID:7876
- C:\Windows\System\XqWHVtv.exe
  C:\Windows\System\XqWHVtv.exe
  2⤵
  PID:7980
- C:\Windows\System\VvFXxsl.exe
  C:\Windows\System\VvFXxsl.exe
  2⤵
  PID:7792
- C:\Windows\System\LfbykBn.exe
  C:\Windows\System\LfbykBn.exe
  2⤵
  PID:8180
- C:\Windows\System\RIKVTTO.exe
  C:\Windows\System\RIKVTTO.exe
  2⤵
  PID:8156
- C:\Windows\System\SHXDcfF.exe
  C:\Windows\System\SHXDcfF.exe
  2⤵
  PID:7328
- C:\Windows\System\SmNPYeQ.exe
  C:\Windows\System\SmNPYeQ.exe
  2⤵
  PID:6876
- C:\Windows\System\WFgLTqK.exe
  C:\Windows\System\WFgLTqK.exe
  2⤵
  PID:8040
- C:\Windows\System\TwSfchx.exe
  C:\Windows\System\TwSfchx.exe
  2⤵
  PID:7748
- C:\Windows\System\EgxJTRc.exe
  C:\Windows\System\EgxJTRc.exe
  2⤵
  PID:8056
- C:\Windows\System\ZnPLkkv.exe
  C:\Windows\System\ZnPLkkv.exe
  2⤵
  PID:1548
- C:\Windows\System\ITMLCvT.exe
  C:\Windows\System\ITMLCvT.exe
  2⤵
  PID:7248
- C:\Windows\System\EwOueuJ.exe
  C:\Windows\System\EwOueuJ.exe
  2⤵
  PID:6768
- C:\Windows\System\hckeULX.exe
  C:\Windows\System\hckeULX.exe
  2⤵
  PID:7496
- C:\Windows\System\QgVBKBN.exe
  C:\Windows\System\QgVBKBN.exe
  2⤵
  PID:7600
- C:\Windows\System\RTHhBql.exe
  C:\Windows\System\RTHhBql.exe
  2⤵
  PID:2408
- C:\Windows\System\ubOWkFY.exe
  C:\Windows\System\ubOWkFY.exe
  2⤵
  PID:7604
- C:\Windows\System\puujjYE.exe
  C:\Windows\System\puujjYE.exe
  2⤵
  PID:8136
- C:\Windows\System\DLHIvoj.exe
  C:\Windows\System\DLHIvoj.exe
  2⤵
  PID:6560
- C:\Windows\System\PoSAeUD.exe
  C:\Windows\System\PoSAeUD.exe
  2⤵
  PID:7864
- C:\Windows\System\DwmPptr.exe
  C:\Windows\System\DwmPptr.exe
  2⤵
  PID:8152
- C:\Windows\System\OAQEbfz.exe
  C:\Windows\System\OAQEbfz.exe
  2⤵
  PID:7824
- C:\Windows\System\BPEGnOn.exe
  C:\Windows\System\BPEGnOn.exe
  2⤵
  PID:6736
- C:\Windows\System\RmRENgS.exe
  C:\Windows\System\RmRENgS.exe
  2⤵
  PID:1768
- C:\Windows\System\jZELMAH.exe
  C:\Windows\System\jZELMAH.exe
  2⤵
  PID:6688
- C:\Windows\System\cWuTJag.exe
  C:\Windows\System\cWuTJag.exe
  2⤵
  PID:7088
- C:\Windows\System\DdGGelX.exe
  C:\Windows\System\DdGGelX.exe
  2⤵
  PID:7844
- C:\Windows\System\AiciTsN.exe
  C:\Windows\System\AiciTsN.exe
  2⤵
  PID:7204
- C:\Windows\System\TwqNdvr.exe
  C:\Windows\System\TwqNdvr.exe
  2⤵
  PID:7644
- C:\Windows\System\iwfTaYw.exe
  C:\Windows\System\iwfTaYw.exe
  2⤵
  PID:2680
- C:\Windows\System\IHEYcNV.exe
  C:\Windows\System\IHEYcNV.exe
  2⤵
  PID:7220
- C:\Windows\System\PDEQKjG.exe
  C:\Windows\System\PDEQKjG.exe
  2⤵
  PID:6532
- C:\Windows\System\DfNoSAr.exe
  C:\Windows\System\DfNoSAr.exe
  2⤵
  PID:6860
- C:\Windows\System\bvsKTLO.exe
  C:\Windows\System\bvsKTLO.exe
  2⤵
  PID:7304
- C:\Windows\System\WRIguRo.exe
  C:\Windows\System\WRIguRo.exe
  2⤵
  PID:7892
- C:\Windows\System\cfSyplb.exe
  C:\Windows\System\cfSyplb.exe
  2⤵
  PID:7452
- C:\Windows\System\BtvYzqZ.exe
  C:\Windows\System\BtvYzqZ.exe
  2⤵
  PID:7348
- C:\Windows\System\GVXHHkL.exe
  C:\Windows\System\GVXHHkL.exe
  2⤵
  PID:3484
- C:\Windows\System\tHwiYNU.exe
  C:\Windows\System\tHwiYNU.exe
  2⤵
  PID:2132
- C:\Windows\System\dtxReNB.exe
  C:\Windows\System\dtxReNB.exe
  2⤵
  PID:8120
- C:\Windows\System\NjPigQq.exe
  C:\Windows\System\NjPigQq.exe
  2⤵
  PID:7752
- C:\Windows\System\DNDaJEM.exe
  C:\Windows\System\DNDaJEM.exe
  2⤵
  PID:8208
- C:\Windows\System\fksoeVh.exe
  C:\Windows\System\fksoeVh.exe
  2⤵
  PID:8224
- C:\Windows\System\eoEbLqd.exe
  C:\Windows\System\eoEbLqd.exe
  2⤵
  PID:8240
- C:\Windows\System\KVeeILQ.exe
  C:\Windows\System\KVeeILQ.exe
  2⤵
  PID:8260
- C:\Windows\System\marvMKd.exe
  C:\Windows\System\marvMKd.exe
  2⤵
  PID:8276
- C:\Windows\System\zcPouZw.exe
  C:\Windows\System\zcPouZw.exe
  2⤵
  PID:8292
- C:\Windows\System\PalGwxT.exe
  C:\Windows\System\PalGwxT.exe
  2⤵
  PID:8308
- C:\Windows\System\acyPNFT.exe
  C:\Windows\System\acyPNFT.exe
  2⤵
  PID:8324
- C:\Windows\System\OXuZkAY.exe
  C:\Windows\System\OXuZkAY.exe
  2⤵
  PID:8340
- C:\Windows\System\nTeGhtG.exe
  C:\Windows\System\nTeGhtG.exe
  2⤵
  PID:8356
- C:\Windows\System\FSYKGPv.exe
  C:\Windows\System\FSYKGPv.exe
  2⤵
  PID:8372
- C:\Windows\System\MQZakAX.exe
  C:\Windows\System\MQZakAX.exe
  2⤵
  PID:8388
- C:\Windows\System\qnzNtXQ.exe
  C:\Windows\System\qnzNtXQ.exe
  2⤵
  PID:8404
- C:\Windows\System\doqsSxK.exe
  C:\Windows\System\doqsSxK.exe
  2⤵
  PID:8420
- C:\Windows\System\wtrIJEZ.exe
  C:\Windows\System\wtrIJEZ.exe
  2⤵
  PID:8436
- C:\Windows\System\lCHlpye.exe
  C:\Windows\System\lCHlpye.exe
  2⤵
  PID:8452
- C:\Windows\System\peminiW.exe
  C:\Windows\System\peminiW.exe
  2⤵
  PID:8468
- C:\Windows\System\qzuJhgZ.exe
  C:\Windows\System\qzuJhgZ.exe
  2⤵
  PID:8484
- C:\Windows\System\OWDxbcB.exe
  C:\Windows\System\OWDxbcB.exe
  2⤵
  PID:8500
- C:\Windows\System\jFbdIgO.exe
  C:\Windows\System\jFbdIgO.exe
  2⤵
  PID:8516
- C:\Windows\System\KUcWYXM.exe
  C:\Windows\System\KUcWYXM.exe
  2⤵
  PID:8532
- C:\Windows\System\GaBFwhp.exe
  C:\Windows\System\GaBFwhp.exe
  2⤵
  PID:8548
- C:\Windows\System\TtNDtma.exe
  C:\Windows\System\TtNDtma.exe
  2⤵
  PID:8564
- C:\Windows\System\AkvhRVx.exe
  C:\Windows\System\AkvhRVx.exe
  2⤵
  PID:8580
- C:\Windows\System\WqDYxTZ.exe
  C:\Windows\System\WqDYxTZ.exe
  2⤵
  PID:8596
- C:\Windows\System\wXJaQBK.exe
  C:\Windows\System\wXJaQBK.exe
  2⤵
  PID:8612
- C:\Windows\System\JlmFTRV.exe
  C:\Windows\System\JlmFTRV.exe
  2⤵
  PID:8628
- C:\Windows\System\cjFIRmz.exe
  C:\Windows\System\cjFIRmz.exe
  2⤵
  PID:8644
- C:\Windows\System\obGjqTm.exe
  C:\Windows\System\obGjqTm.exe
  2⤵
  PID:8660
- C:\Windows\System\ZyTGdrV.exe
  C:\Windows\System\ZyTGdrV.exe
  2⤵
  PID:8676
- C:\Windows\System\ufuuYkQ.exe
  C:\Windows\System\ufuuYkQ.exe
  2⤵
  PID:8696
- C:\Windows\System\TOGPYTk.exe
  C:\Windows\System\TOGPYTk.exe
  2⤵
  PID:8712
- C:\Windows\System\jGCjJxJ.exe
  C:\Windows\System\jGCjJxJ.exe
  2⤵
  PID:8732
- C:\Windows\System\MxSFFRa.exe
  C:\Windows\System\MxSFFRa.exe
  2⤵
  PID:8748
- C:\Windows\System\bKdsctv.exe
  C:\Windows\System\bKdsctv.exe
  2⤵
  PID:8788
- C:\Windows\System\LRrHFBA.exe
  C:\Windows\System\LRrHFBA.exe
  2⤵
  PID:8812
- C:\Windows\System\WRXNkRY.exe
  C:\Windows\System\WRXNkRY.exe
  2⤵
  PID:8828
- C:\Windows\System\uRfcRTb.exe
  C:\Windows\System\uRfcRTb.exe
  2⤵
  PID:8860
- C:\Windows\System\AXSKnUl.exe
  C:\Windows\System\AXSKnUl.exe
  2⤵
  PID:8876
- C:\Windows\System\XeLuXkY.exe
  C:\Windows\System\XeLuXkY.exe
  2⤵
  PID:8892
- C:\Windows\System\IdJgDTr.exe
  C:\Windows\System\IdJgDTr.exe
  2⤵
  PID:8908
- C:\Windows\System\SuRvLQC.exe
  C:\Windows\System\SuRvLQC.exe
  2⤵
  PID:8936
- C:\Windows\System\FkSrFwL.exe
  C:\Windows\System\FkSrFwL.exe
  2⤵
  PID:8956
- C:\Windows\System\BjyVXxd.exe
  C:\Windows\System\BjyVXxd.exe
  2⤵
  PID:8996
- C:\Windows\System\XtUlVHk.exe
  C:\Windows\System\XtUlVHk.exe
  2⤵
  PID:9104
- C:\Windows\System\jHqtQFJ.exe
  C:\Windows\System\jHqtQFJ.exe
  2⤵
  PID:9120
- C:\Windows\System\PIapQfw.exe
  C:\Windows\System\PIapQfw.exe
  2⤵
  PID:9144
- C:\Windows\System\QxNqdCp.exe
  C:\Windows\System\QxNqdCp.exe
  2⤵
  PID:9160
- C:\Windows\System\sMhaxBY.exe
  C:\Windows\System\sMhaxBY.exe
  2⤵
  PID:9192
- C:\Windows\System\IRlKrvr.exe
  C:\Windows\System\IRlKrvr.exe
  2⤵
  PID:7228
- C:\Windows\System\SVVgkVF.exe
  C:\Windows\System\SVVgkVF.exe
  2⤵
  PID:8248
- C:\Windows\System\BuVOtcI.exe
  C:\Windows\System\BuVOtcI.exe
  2⤵
  PID:7732
- C:\Windows\System\UXwJwcc.exe
  C:\Windows\System\UXwJwcc.exe
  2⤵
  PID:8216
- C:\Windows\System\kzlBdpz.exe
  C:\Windows\System\kzlBdpz.exe
  2⤵
  PID:8204
- C:\Windows\System\LvCORYJ.exe
  C:\Windows\System\LvCORYJ.exe
  2⤵
  PID:8320
- C:\Windows\System\HBdjHQb.exe
  C:\Windows\System\HBdjHQb.exe
  2⤵
  PID:8332
- C:\Windows\System\voWNKTV.exe
  C:\Windows\System\voWNKTV.exe
  2⤵
  PID:8364
- C:\Windows\System\fdhtAlj.exe
  C:\Windows\System\fdhtAlj.exe
  2⤵
  PID:8448
- C:\Windows\System\DdZVWSe.exe
  C:\Windows\System\DdZVWSe.exe
  2⤵
  PID:8508
- C:\Windows\System\kIFeOmx.exe
  C:\Windows\System\kIFeOmx.exe
  2⤵
  PID:8540
- C:\Windows\System\IhZjotZ.exe
  C:\Windows\System\IhZjotZ.exe
  2⤵
  PID:8492
- C:\Windows\System\YdXjyUA.exe
  C:\Windows\System\YdXjyUA.exe
  2⤵
  PID:8556
- C:\Windows\System\eLfGhJg.exe
  C:\Windows\System\eLfGhJg.exe
  2⤵
  PID:8576
- C:\Windows\System\BzdCUsz.exe
  C:\Windows\System\BzdCUsz.exe
  2⤵
  PID:8656
- C:\Windows\System\HuqAFsF.exe
  C:\Windows\System\HuqAFsF.exe
  2⤵
  PID:8652
- C:\Windows\System\lZlVtft.exe
  C:\Windows\System\lZlVtft.exe
  2⤵
  PID:8668
- C:\Windows\System\ExnzpLU.exe
  C:\Windows\System\ExnzpLU.exe
  2⤵
  PID:8720
- C:\Windows\System\GgUImIJ.exe
  C:\Windows\System\GgUImIJ.exe
  2⤵
  PID:8728
- C:\Windows\System\GZssYks.exe
  C:\Windows\System\GZssYks.exe
  2⤵
  PID:8804
- C:\Windows\System\HKQDLAz.exe
  C:\Windows\System\HKQDLAz.exe
  2⤵
  PID:8836
- C:\Windows\System\GYbjgvO.exe
  C:\Windows\System\GYbjgvO.exe
  2⤵
  PID:8868
- C:\Windows\System\ZLzkitg.exe
  C:\Windows\System\ZLzkitg.exe
  2⤵
  PID:8980
- C:\Windows\System\XkhbAOx.exe
  C:\Windows\System\XkhbAOx.exe
  2⤵
  PID:8992
- C:\Windows\System\kvoLhfP.exe
  C:\Windows\System\kvoLhfP.exe
  2⤵
  PID:9020
- C:\Windows\System\AZQCbjD.exe
  C:\Windows\System\AZQCbjD.exe
  2⤵
  PID:9040
- C:\Windows\System\udETbJp.exe
  C:\Windows\System\udETbJp.exe
  2⤵
  PID:9056
- C:\Windows\System\AUCeiAb.exe
  C:\Windows\System\AUCeiAb.exe
  2⤵
  PID:9076
- C:\Windows\System\SqNmzGv.exe
  C:\Windows\System\SqNmzGv.exe
  2⤵
  PID:9092
- C:\Windows\System\XdUbUJJ.exe
  C:\Windows\System\XdUbUJJ.exe
  2⤵
  PID:9112
- C:\Windows\System\FYnLvvq.exe
  C:\Windows\System\FYnLvvq.exe
  2⤵
  PID:9140
- C:\Windows\System\qTTVVly.exe
  C:\Windows\System\qTTVVly.exe
  2⤵
  PID:9180
- C:\Windows\System\AmDhgqB.exe
  C:\Windows\System\AmDhgqB.exe
  2⤵
  PID:9200
- C:\Windows\System\PTxxojY.exe
  C:\Windows\System\PTxxojY.exe
  2⤵
  PID:7692
- C:\Windows\System\cvyknHw.exe
  C:\Windows\System\cvyknHw.exe
  2⤵
  PID:8140
- C:\Windows\System\npTWGye.exe
  C:\Windows\System\npTWGye.exe
  2⤵
  PID:8236
- C:\Windows\System\PHWcbWf.exe
  C:\Windows\System\PHWcbWf.exe
  2⤵
  PID:8220
- C:\Windows\System\PYdZWvR.exe
  C:\Windows\System\PYdZWvR.exe
  2⤵
  PID:8272
- C:\Windows\System\VqbZwHa.exe
  C:\Windows\System\VqbZwHa.exe
  2⤵
  PID:8432
- C:\Windows\System\xJFoHgq.exe
  C:\Windows\System\xJFoHgq.exe
  2⤵
  PID:8400
- C:\Windows\System\ncvliPv.exe
  C:\Windows\System\ncvliPv.exe
  2⤵
  PID:8688
- C:\Windows\System\VDtkqjh.exe
  C:\Windows\System\VDtkqjh.exe
  2⤵
  PID:8464
- C:\Windows\System\TBmeBJg.exe
  C:\Windows\System\TBmeBJg.exe
  2⤵
  PID:8784
- C:\Windows\System\QCkwJOs.exe
  C:\Windows\System\QCkwJOs.exe
  2⤵
  PID:8900
- C:\Windows\System\KqEqPVV.exe
  C:\Windows\System\KqEqPVV.exe
  2⤵
  PID:8924
- C:\Windows\System\CGpBfDl.exe
  C:\Windows\System\CGpBfDl.exe
  2⤵
  PID:8968
- C:\Windows\System\PptagyI.exe
  C:\Windows\System\PptagyI.exe
  2⤵
  PID:9032
- C:\Windows\System\jlgVWdG.exe
  C:\Windows\System\jlgVWdG.exe
  2⤵
  PID:9036
- C:\Windows\System\vQRqtyV.exe
  C:\Windows\System\vQRqtyV.exe
  2⤵
  PID:9100
- C:\Windows\System\ldJvapN.exe
  C:\Windows\System\ldJvapN.exe
  2⤵
  PID:7908
- C:\Windows\System\CpCQTLL.exe
  C:\Windows\System\CpCQTLL.exe
  2⤵
  PID:9060
- C:\Windows\System\hudBRCC.exe
  C:\Windows\System\hudBRCC.exe
  2⤵
  PID:8984
- C:\Windows\System\LrJntEv.exe
  C:\Windows\System\LrJntEv.exe
  2⤵
  PID:9204
- C:\Windows\System\zkUunKQ.exe
  C:\Windows\System\zkUunKQ.exe
  2⤵
  PID:8932
- C:\Windows\System\cJpDfSa.exe
  C:\Windows\System\cJpDfSa.exe
  2⤵
  PID:8416
- C:\Windows\System\rzpPmPi.exe
  C:\Windows\System\rzpPmPi.exe
  2⤵
  PID:8352
- C:\Windows\System\ynUOWod.exe
  C:\Windows\System\ynUOWod.exe
  2⤵
  PID:8444
- C:\Windows\System\hbWIIRU.exe
  C:\Windows\System\hbWIIRU.exe
  2⤵
  PID:8692
- C:\Windows\System\YbvdbKG.exe
  C:\Windows\System\YbvdbKG.exe
  2⤵
  PID:8744
- C:\Windows\System\rCrfENw.exe
  C:\Windows\System\rCrfENw.exe
  2⤵
  PID:8604
- C:\Windows\System\vMYaZuF.exe
  C:\Windows\System\vMYaZuF.exe
  2⤵
  PID:8844
- C:\Windows\System\FhJJhqJ.exe
  C:\Windows\System\FhJJhqJ.exe
  2⤵
  PID:8916
- C:\Windows\System\smXnyGj.exe
  C:\Windows\System\smXnyGj.exe
  2⤵
  PID:9052
- C:\Windows\System\RcNJUJo.exe
  C:\Windows\System\RcNJUJo.exe
  2⤵
  PID:9208
- C:\Windows\System\WrNeLZz.exe
  C:\Windows\System\WrNeLZz.exe
  2⤵
  PID:8904
- C:\Windows\System\mgdmavv.exe
  C:\Windows\System\mgdmavv.exe
  2⤵
  PID:7912
- C:\Windows\System\sBdiPEI.exe
  C:\Windows\System\sBdiPEI.exe
  2⤵
  PID:8300
- C:\Windows\System\gqUDiNR.exe
  C:\Windows\System\gqUDiNR.exe
  2⤵
  PID:7624
- C:\Windows\System\WUBIbAu.exe
  C:\Windows\System\WUBIbAu.exe
  2⤵
  PID:8348
- C:\Windows\System\ThagbBT.exe
  C:\Windows\System\ThagbBT.exe
  2⤵
  PID:8888
- C:\Windows\System\RTxPdHd.exe
  C:\Windows\System\RTxPdHd.exe
  2⤵
  PID:9088
- C:\Windows\System\NYZmfyQ.exe
  C:\Windows\System\NYZmfyQ.exe
  2⤵
  PID:8288
- C:\Windows\System\xgACKJC.exe
  C:\Windows\System\xgACKJC.exe
  2⤵
  PID:8636
- C:\Windows\System\onXxrla.exe
  C:\Windows\System\onXxrla.exe
  2⤵
  PID:9132
- C:\Windows\System\UJdMQxe.exe
  C:\Windows\System\UJdMQxe.exe
  2⤵
  PID:2504
- C:\Windows\System\OoThFRn.exe
  C:\Windows\System\OoThFRn.exe
  2⤵
  PID:8304
- C:\Windows\System\oEieAxL.exe
  C:\Windows\System\oEieAxL.exe
  2⤵
  PID:9184
- C:\Windows\System\twXqTqz.exe
  C:\Windows\System\twXqTqz.exe
  2⤵
  PID:9156
- C:\Windows\System\YjqWsHu.exe
  C:\Windows\System\YjqWsHu.exe
  2⤵
  PID:7360
- C:\Windows\System\PpjVQoK.exe
  C:\Windows\System\PpjVQoK.exe
  2⤵
  PID:9232
- C:\Windows\System\hPbCmQH.exe
  C:\Windows\System\hPbCmQH.exe
  2⤵
  PID:9248
- C:\Windows\System\VKJswCc.exe
  C:\Windows\System\VKJswCc.exe
  2⤵
  PID:9264
- C:\Windows\System\YlwWUwF.exe
  C:\Windows\System\YlwWUwF.exe
  2⤵
  PID:9280
- C:\Windows\System\UEknVcO.exe
  C:\Windows\System\UEknVcO.exe
  2⤵
  PID:9300
- C:\Windows\System\VUCsJyU.exe
  C:\Windows\System\VUCsJyU.exe
  2⤵
  PID:9316
- C:\Windows\System\uZrvpJR.exe
  C:\Windows\System\uZrvpJR.exe
  2⤵
  PID:9352
- C:\Windows\System\vOUFQTz.exe
  C:\Windows\System\vOUFQTz.exe
  2⤵
  PID:9380
- C:\Windows\System\ovGkuTO.exe
  C:\Windows\System\ovGkuTO.exe
  2⤵
  PID:9404
- C:\Windows\System\SWobfhz.exe
  C:\Windows\System\SWobfhz.exe
  2⤵
  PID:9424
- C:\Windows\System\ZFTHwyZ.exe
  C:\Windows\System\ZFTHwyZ.exe
  2⤵
  PID:9444
- C:\Windows\System\NxIvANq.exe
  C:\Windows\System\NxIvANq.exe
  2⤵
  PID:9460
- C:\Windows\System\lZldALb.exe
  C:\Windows\System\lZldALb.exe
  2⤵
  PID:9484
- C:\Windows\System\JghpFOi.exe
  C:\Windows\System\JghpFOi.exe
  2⤵
  PID:9500
- C:\Windows\System\QzQwxCY.exe
  C:\Windows\System\QzQwxCY.exe
  2⤵
  PID:9516
- C:\Windows\System\diCuwWA.exe
  C:\Windows\System\diCuwWA.exe
  2⤵
  PID:9540
- C:\Windows\System\XrjixEy.exe
  C:\Windows\System\XrjixEy.exe
  2⤵
  PID:9560
- C:\Windows\System\PTGBExo.exe
  C:\Windows\System\PTGBExo.exe
  2⤵
  PID:9576
- C:\Windows\System\PEzjiNh.exe
  C:\Windows\System\PEzjiNh.exe
  2⤵
  PID:9600
- C:\Windows\System\ZYzptpX.exe
  C:\Windows\System\ZYzptpX.exe
  2⤵
  PID:9624
- C:\Windows\System\ruVLUum.exe
  C:\Windows\System\ruVLUum.exe
  2⤵
  PID:9648
- C:\Windows\System\LnWDEqj.exe
  C:\Windows\System\LnWDEqj.exe
  2⤵
  PID:9668
- C:\Windows\System\HNsWJQP.exe
  C:\Windows\System\HNsWJQP.exe
  2⤵
  PID:9684
- C:\Windows\System\MIbmoHc.exe
  C:\Windows\System\MIbmoHc.exe
  2⤵
  PID:9708
- C:\Windows\System\IpiPvGb.exe
  C:\Windows\System\IpiPvGb.exe
  2⤵
  PID:9724
- C:\Windows\System\EQLjzhr.exe
  C:\Windows\System\EQLjzhr.exe
  2⤵
  PID:9748
- C:\Windows\System\wibFWTa.exe
  C:\Windows\System\wibFWTa.exe
  2⤵
  PID:9764
- C:\Windows\System\jdAXoNc.exe
  C:\Windows\System\jdAXoNc.exe
  2⤵
  PID:9780
- C:\Windows\System\KCWChfz.exe
  C:\Windows\System\KCWChfz.exe
  2⤵
  PID:9796
- C:\Windows\System\GnVTudm.exe
  C:\Windows\System\GnVTudm.exe
  2⤵
  PID:9816
- C:\Windows\System\GMiykqW.exe
  C:\Windows\System\GMiykqW.exe
  2⤵
  PID:9836
- C:\Windows\System\NDcFFrW.exe
  C:\Windows\System\NDcFFrW.exe
  2⤵
  PID:9852
- C:\Windows\System\gvPxKRP.exe
  C:\Windows\System\gvPxKRP.exe
  2⤵
  PID:9872
- C:\Windows\System\SmjyrTc.exe
  C:\Windows\System\SmjyrTc.exe
  2⤵
  PID:9908
- C:\Windows\System\BlVCdPc.exe
  C:\Windows\System\BlVCdPc.exe
  2⤵
  PID:9924
- C:\Windows\System\NnWbcCp.exe
  C:\Windows\System\NnWbcCp.exe
  2⤵
  PID:9944
- C:\Windows\System\jsHuuai.exe
  C:\Windows\System\jsHuuai.exe
  2⤵
  PID:9960
- C:\Windows\System\edqghDp.exe
  C:\Windows\System\edqghDp.exe
  2⤵
  PID:9976
- C:\Windows\System\rMWaiYj.exe
  C:\Windows\System\rMWaiYj.exe
  2⤵
  PID:9992
- C:\Windows\System\HtVNTFu.exe
  C:\Windows\System\HtVNTFu.exe
  2⤵
  PID:10008
- C:\Windows\System\zTSKPCF.exe
  C:\Windows\System\zTSKPCF.exe
  2⤵
  PID:10028
- C:\Windows\System\KmNwwsf.exe
  C:\Windows\System\KmNwwsf.exe
  2⤵
  PID:10044
- C:\Windows\System\UydOQxW.exe
  C:\Windows\System\UydOQxW.exe
  2⤵
  PID:10064
- C:\Windows\System\LGmJuWb.exe
  C:\Windows\System\LGmJuWb.exe
  2⤵
  PID:10108
- C:\Windows\System\xbeGUSN.exe
  C:\Windows\System\xbeGUSN.exe
  2⤵
  PID:10128
- C:\Windows\System\eENrfJC.exe
  C:\Windows\System\eENrfJC.exe
  2⤵
  PID:10144
- C:\Windows\System\olJcSlR.exe
  C:\Windows\System\olJcSlR.exe
  2⤵
  PID:10160
- C:\Windows\System\PiQYxUM.exe
  C:\Windows\System\PiQYxUM.exe
  2⤵
  PID:10180
- C:\Windows\System\bnLKFoz.exe
  C:\Windows\System\bnLKFoz.exe
  2⤵
  PID:10196
- C:\Windows\System\hQTRxIW.exe
  C:\Windows\System\hQTRxIW.exe
  2⤵
  PID:10212
- C:\Windows\System\lHtaQgL.exe
  C:\Windows\System\lHtaQgL.exe
  2⤵
  PID:10232
- C:\Windows\System\cfXRExk.exe
  C:\Windows\System\cfXRExk.exe
  2⤵
  PID:9024
- C:\Windows\System\vJEDoJz.exe
  C:\Windows\System\vJEDoJz.exe
  2⤵
  PID:8572
- C:\Windows\System\ENhkeEr.exe
  C:\Windows\System\ENhkeEr.exe
  2⤵
  PID:8952
- C:\Windows\System\sBrogGt.exe
  C:\Windows\System\sBrogGt.exe
  2⤵
  PID:9340
- C:\Windows\System\SBJQXQg.exe
  C:\Windows\System\SBJQXQg.exe
  2⤵
  PID:9344
- C:\Windows\System\vdyyrqj.exe
  C:\Windows\System\vdyyrqj.exe
  2⤵
  PID:9388
- C:\Windows\System\kpEJOtM.exe
  C:\Windows\System\kpEJOtM.exe
  2⤵
  PID:9412
- C:\Windows\System\BediJWs.exe
  C:\Windows\System\BediJWs.exe
  2⤵
  PID:9452
- C:\Windows\System\hUmYsAC.exe
  C:\Windows\System\hUmYsAC.exe
  2⤵
  PID:9476
- C:\Windows\System\lkpnPrs.exe
  C:\Windows\System\lkpnPrs.exe
  2⤵
  PID:9492
- C:\Windows\System\oKNqnBS.exe
  C:\Windows\System\oKNqnBS.exe
  2⤵
  PID:9568
- C:\Windows\System\UqFlEPq.exe
  C:\Windows\System\UqFlEPq.exe
  2⤵
  PID:9556
- C:\Windows\System\ZcXwOoP.exe
  C:\Windows\System\ZcXwOoP.exe
  2⤵
  PID:9592
- C:\Windows\System\omRJZpW.exe
  C:\Windows\System\omRJZpW.exe
  2⤵
  PID:9620
- C:\Windows\System\AAgZyNe.exe
  C:\Windows\System\AAgZyNe.exe
  2⤵
  PID:9660
- C:\Windows\System\oMPaPXK.exe
  C:\Windows\System\oMPaPXK.exe
  2⤵
  PID:9696
- C:\Windows\System\hAZbodS.exe
  C:\Windows\System\hAZbodS.exe
  2⤵
  PID:9716
- C:\Windows\System\OEQfTOd.exe
  C:\Windows\System\OEQfTOd.exe
  2⤵
  PID:9760
- C:\Windows\System\SdvxEKK.exe
  C:\Windows\System\SdvxEKK.exe
  2⤵
  PID:9812
- C:\Windows\System\iUxiuzA.exe
  C:\Windows\System\iUxiuzA.exe
  2⤵
  PID:9888
- C:\Windows\System\LxZwDgE.exe
  C:\Windows\System\LxZwDgE.exe
  2⤵
  PID:9788
- C:\Windows\System\bcxVGhj.exe
  C:\Windows\System\bcxVGhj.exe
  2⤵
  PID:9936
- C:\Windows\System\FCibEbk.exe
  C:\Windows\System\FCibEbk.exe
  2⤵
  PID:10004
- C:\Windows\System\JUStruo.exe
  C:\Windows\System\JUStruo.exe
  2⤵
  PID:10040
- C:\Windows\System\VyGroOz.exe
  C:\Windows\System\VyGroOz.exe
  2⤵
  PID:10020
- C:\Windows\System\tWApCwF.exe
  C:\Windows\System\tWApCwF.exe
  2⤵
  PID:10056
- C:\Windows\System\bbHRTIK.exe
  C:\Windows\System\bbHRTIK.exe
  2⤵
  PID:10088
- C:\Windows\System\Fbdxona.exe
  C:\Windows\System\Fbdxona.exe
  2⤵
  PID:10104
- C:\Windows\System\HxhKbbL.exe
  C:\Windows\System\HxhKbbL.exe
  2⤵
  PID:10120
- C:\Windows\System\FIwrosh.exe
  C:\Windows\System\FIwrosh.exe
  2⤵
  PID:10204
- C:\Windows\System\eWnvovw.exe
  C:\Windows\System\eWnvovw.exe
  2⤵
  PID:9292
- C:\Windows\System\lBpVIFw.exe
  C:\Windows\System\lBpVIFw.exe
  2⤵
  PID:10156
- C:\Windows\System\HqKKWYB.exe
  C:\Windows\System\HqKKWYB.exe
  2⤵
  PID:9400
- C:\Windows\System\tnnFfhn.exe
  C:\Windows\System\tnnFfhn.exe
  2⤵
  PID:9524
- C:\Windows\System\xICwZHd.exe
  C:\Windows\System\xICwZHd.exe
  2⤵
  PID:9548
- C:\Windows\System\lpTyfVl.exe
  C:\Windows\System\lpTyfVl.exe
  2⤵
  PID:9256
- C:\Windows\System\KKrTFts.exe
  C:\Windows\System\KKrTFts.exe
  2⤵
  PID:9364
- C:\Windows\System\lEDVTnb.exe
  C:\Windows\System\lEDVTnb.exe
  2⤵
  PID:9808
- C:\Windows\System\ROMkzbD.exe
  C:\Windows\System\ROMkzbD.exe
  2⤵
  PID:9332
- C:\Windows\System\SwlWWhJ.exe
  C:\Windows\System\SwlWWhJ.exe
  2⤵
  PID:9416
- C:\Windows\System\ErYHGQn.exe
  C:\Windows\System\ErYHGQn.exe
  2⤵
  PID:9616
- C:\Windows\System\fKwtFBV.exe
  C:\Windows\System\fKwtFBV.exe
  2⤵
  PID:9692
- C:\Windows\System\JvCmtgI.exe
  C:\Windows\System\JvCmtgI.exe
  2⤵
  PID:9756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DsvEvOj.exe

Filesize
6.0MB

MD5
40e4efbfc51b909c2c84ca6af25ff23e

SHA1
5c713ad1d36c592aeba17f9e4a6777706e14e568

SHA256
d36cb7d5629eadaa2fe38b9de62499d0e9948bed2bc47481f5a1cc1d88ca4010

SHA512
d863e3272575f2ec3776e1a3024ebc7625d2c5790a4b396e3a14873d5090a9b1c9d6738e855bfe04309399abbf801d1f44578b33ac4af5e24ac5057a8eb4f099

Download Submit
C:\Windows\system\EkUEHpF.exe

Filesize
6.0MB

MD5
63e5241fe20f658d0302c50d3966708f

SHA1
bbabdf58b77920c7060dfec0e304fb5569c93242

SHA256
2eed65cd55c16fa1479efb2a35ee53a47d2f37df7b75e4aeedfe6973b5e98295

SHA512
7c766b0d240d184fc3dc93482bd6d6ef9f5fed20e09b5ef2d40a74a71e009d76c751dae6246f8fd9b50c5473a706724a66656cda167f2e517f9d8ef36cdf26ce

Download Submit
C:\Windows\system\GoRcyYi.exe

Filesize
6.0MB

MD5
0c3811dc2d607f81465c3be4e2f0214e

SHA1
fa46eec88479d7bb3584bc8380afbf60ca08eb46

SHA256
727e74dfcfe397cceb4efe40b0187f4a8c0ed6430aa58e1ef59f0cb730d8452e

SHA512
47ad80e4bcf09558f33912ca47680f83cbb071dcc9a327b1ced4e7d07b530385d3209b40fbac5e9bdfa66a0dc138cc3669dad7e25761f13b90a93b6c05e76993

Download Submit
C:\Windows\system\IpmeSKr.exe

Filesize
6.0MB

MD5
2d9a6234f3dabaf1c1d577f1d98ecdfb

SHA1
479b95719bf990ba7d65f746fd623e41a96faee2

SHA256
c0b61eb8e5c1cdd3b2e40fcb727c79ee8cf2eb7f052e49d90dc801b5cbecc560

SHA512
14dfcb6e97fda93bde4f8cbe03d87b5866eca649888b64fb4837f8ffea77abeee10dfdc122409ce6dcbf47f7be7344f733285c96ec20cb961a07a5ca6928c55f

Download Submit
C:\Windows\system\LNCGjlP.exe

Filesize
6.0MB

MD5
9f1ea65ef4d709c72c1775b517d88c20

SHA1
309f7a2def382214e1ec21086fbb27ddd513c184

SHA256
fc6342c1a4d7e50718d1bbba5e661d378aecca0bc7d110dd2862db3405e6c45a

SHA512
3fa18f84435867a53f21b0951450d0f6ee8644c06123e9f383059584b924a8d6ca84b13bbaa3654e35ac43d23507a8fbf1eb7eae5333629b725c195a8cd87550

Download Submit
C:\Windows\system\LmrvprK.exe

Filesize
6.0MB

MD5
e3656fab063742336897e176faa8ca96

SHA1
225e204bb4a935e2fe515a81225923e85c4e9fdd

SHA256
7c6917d17235d4a46a84e7db00a614317cba5b242e8f153ffaada1d483482f0a

SHA512
8edefad0e4b325feb0aa2b3ceafddcbf3f7ddec6e181e8e16743709d30741b4ef6f0391cce855589ce9404f9260f370a60b4b11abcba05b6b53ff02d6b1814a0

Download Submit
C:\Windows\system\QtaoALb.exe

Filesize
6.0MB

MD5
6376fea0c0ec3b9e6905db274097af3c

SHA1
c6d1d253b4f969103c895ec97bf5ad4b253558f7

SHA256
61c971bdada4c522874baa6feb5c300cb0fb7949ae6524c9b27a13b39e9d8dbd

SHA512
f1035456731d2588ee4269a49f982a6815bc92b7d67f0a76f3c0d652b31a223ef4b2150895b787034a5885450eae9b793ad973820cdf1ecc808d3522591f8f40

Download Submit
C:\Windows\system\TztFjCh.exe

Filesize
6.0MB

MD5
845544fb516d3b1bae2423400b22122c

SHA1
158674f7da7bc63b919c3f8bb865418089c5c9de

SHA256
c624a3145220f659da43d90abf131bdcf80d2a8d3783df51a1dcbd8c51fbc9c5

SHA512
932e5099d06dfb69d2987a6601c731f36d817a83d5e4aeef1623a9ba67691aa0ef4e83ca0390ee91208497de9c8853e7958e17998596b01da6c62c88d91ecb14

Download Submit
C:\Windows\system\VqmmZOr.exe

Filesize
6.0MB

MD5
555ef9d3955d2f4bc7371ec91fb2eca5

SHA1
31f525e84244a29f199143e42ec764ee965bc55d

SHA256
b721b77f631b2ad1fbc7ff4a3c17d047c810459cf9985dda2f75e54e20cf486f

SHA512
667f81a514e39717fd26d657c9520552b7f76fcdc4c6d074f58ac3aacb3dd0db8a5a8f1467a7be79ce1b0f292471680ddd3beb044ed9d36cd3d473a45504e288

Download Submit
C:\Windows\system\XMhpeyN.exe

Filesize
6.0MB

MD5
8ab37fc36e6123f4c87c44fe7ce55250

SHA1
1fff09f62fb1c6c70e4949e67c9e6d738920eee6

SHA256
2d7c5bc7f722612321975b9830910a5df5ff218a268653c6abfbf56750457e99

SHA512
e768eab27ad03125f726f2590e410ebf5d272c82e1a443c4f4b587e6ac3a5a0a4af4005622401c201a58fc7ffe45eba1f85079ba9aebadf964e1d85e23832b73

Download Submit
C:\Windows\system\XaWIDIH.exe

Filesize
6.0MB

MD5
24e9a7d28ba90f530bfd62d135a89acf

SHA1
0f864178e9cdc6a6266abf32da23df3fb1cfb070

SHA256
f062d60e17d06761de92373e86c736ce1d1f3c0248ccd3c8823e9ff645b51f6a

SHA512
6c882316f7686580126d9971301dbb49614785066be152b4e099a5d0776cb8efcd11325f1c8fbb5468895dd614b8c69248e05aee5f4bf8f88a63df0d57767c9b

Download Submit
C:\Windows\system\XeKSRMB.exe

Filesize
6.0MB

MD5
c0cef788143103fe43c0be85036f0ccb

SHA1
16849a1ba95510f1d81b2238e41fc1c4a4c40ef8

SHA256
17b2282241ddda37d45a323424e4956ea31da94aa8836ce6e6851bb6c032660f

SHA512
23e2c39a33d8b37afb3061731a0fcee0afdb3f830152ad92df28c8839f0e03d0eb35b31075e85190ab31082c19978f47bcc84b06f7ae6aa4a843fc0c9c0136e3

Download Submit
C:\Windows\system\ZWlggdN.exe

Filesize
6.0MB

MD5
c2d0de48e69b16efba64c8a9f5ea989e

SHA1
5068d49cf4fc894b51249d0b5367fa352adbfd77

SHA256
b1de5bf221fa6168f258e2a2749fea12aff1ef00071d445bc336d582a2b85523

SHA512
32650c8ba995059a773b1f030968cab59aaa6f36175de3f8cfad261f41fe05e49e903c7a14ad788ce4df4e9739b61491121f41b156326ebf6127a75bdc734c20

Download Submit
C:\Windows\system\ewjiPSb.exe

Filesize
6.0MB

MD5
bf0f3ed2f1e3ca2444bc03395b20250f

SHA1
a2dcd72b60425c69028648909e846e6216a8307b

SHA256
bf4cffe7ffd6ef1ccbd99e5de1f67352b134bc83ef53009bc14479d23b537a6f

SHA512
9b19f054479375fc017a9d5634f245fba4918223315680684671ded4a5fa105eaa2004d4efb3080d7524a909acb9eaee983fcc9da1248b7bee078d972fa6be69

Download Submit
C:\Windows\system\fqiUcLb.exe

Filesize
6.0MB

MD5
16b4408bbf4d3bd302ed78ef8116a90f

SHA1
a554d9d0e0e6c053d6bb29f890ee844fb0bcd856

SHA256
6d7a8362ae66f8bf24829bcecb82e96e9db3285785c5d6c4454f98a3e6f3a031

SHA512
82e5bc81d56dda61bd8f22eefdc2fc9cc0650fbc82a60cd0b8330ab3eee84545fb5ef98196b7de34d65ecb8dbe6f98040d07c573e357716ecea16cbe994ac408

Download Submit
C:\Windows\system\hddKzZS.exe

Filesize
6.0MB

MD5
feb995d776a5d08aae67c04f9e1adfc9

SHA1
372bfe0e545b4d40675bd996183f898753840ac0

SHA256
db5fac02656d49904de4fe400bd469f655c1ce309a242d6278eda19a07ced7db

SHA512
1831fba682b342599f582400b479467951b8fccae4f984427af596d2bd5cce1ebd6e7bd215d6c336419633be84ad187f43deb99a4fbe3477f513d664d8dde603

Download Submit
C:\Windows\system\jfZIyCc.exe

Filesize
6.0MB

MD5
79b848075f575e30584f249eb41b5cd1

SHA1
53add7f074821ee3dbbbbdf82c1d4cc3dedb3038

SHA256
bd9708857bee0705f81c364e1be5b56a0f2b59cca67c93dbad2008ab7e26012d

SHA512
3ef45f51887e6986b50e60920b2a060b63816b0e264e7fcdf0dfb88fd10dbcaa2604977c21026c7bb19d82962aedef115656d5394bc0247e071eec53b99f1412

Download Submit
C:\Windows\system\jqRUUwo.exe

Filesize
6.0MB

MD5
bded75b13ea5cf19c73ffab5411c2c3b

SHA1
e474ea81d156900b5fd3b247f4f82e53a4db4e0c

SHA256
c9b1954e057f69d67fa4cece0bcef4cec930491ee3625707d8aadcf63db6f1b4

SHA512
fd40a1fe32ef534e3af6229a4b1a7784e020ac60e4d29a1a84c13d40bf3610eaf7d85a3c02ac895a1c988e81a15b225f26b622bc84884b051e947a2050a11c9e

Download Submit
C:\Windows\system\jyNnVqk.exe

Filesize
6.0MB

MD5
658fa21bba5971bbd10bc5057a6bfe5e

SHA1
b1efc74098db7b7fc18d19cea3a15b8e897b5ad2

SHA256
fc632886d793f69a262e590f4fb849162584f7954304c7b27fd331153cbf3b03

SHA512
c7336ff6db1fc4aa7f31ddce0a499b7062e2dbf1d0801953f11ab011caf2434a765b5f1702436b8ee28d01f8692bd8c46aa181d683168bf0098a170ccc44d8c0

Download Submit
C:\Windows\system\kdvqoPk.exe

Filesize
6.0MB

MD5
29a4c67b1f89f9495f554fa6d9d1aee6

SHA1
5db83e6959eb9e8d730dadbcb4977889ca8d0e07

SHA256
809de4aa4a12c40870efd9404d30ef09044cad05ba89facd9869eb3b6d02a8a2

SHA512
02a53e844e56b9a30ee0dbca4b8c87ee4f0260fe965dee8e94e2564164cff55acb7edbad4e3676e76a138add29f623b7e3242ecf7edb274258656e1bfec44378

Download Submit
C:\Windows\system\moSaMbO.exe

Filesize
6.0MB

MD5
31f113de82fdaa0bae22f0018a9d0734

SHA1
1a50d2dfd99973df93083b0f25f7ade4a78e430c

SHA256
2133f9dbdbb33463f09ab1f4140d1def1063b9942ab4302dab7cbd1ddb9a32ca

SHA512
e8a8f7b8a290b3f0219ad81181ae6807391eb26558b199bdfb35a967f52ff8ba7a655ceb37b2028a8da35fa734b7db1740504369477ec9272586e9aec91ac73c

Download Submit
C:\Windows\system\pSqDdYt.exe

Filesize
6.0MB

MD5
7473042b57cedefe19f329f08afa2cdd

SHA1
4466ce62a33b846f618f02f34c3830c623349cb9

SHA256
1edf09bff6f603829871d719dcc56a3a027afbc448c574be1936664fa97a29b5

SHA512
7be0cb75ca355d8bfed80a8d3482808f2fcf288dd88a9ef83112a07666cb22d4e48802940aee657e4c6146b87e557f32d845f7408c12e92350ef8ee09c2966e0

Download Submit
C:\Windows\system\qLyTAcY.exe

Filesize
6.0MB

MD5
f3b4d17d95cd5e3fdfcd901e0f2668dc

SHA1
5e13ed521b979b28229486d8ee873603e69b4495

SHA256
136864474094941cbd89b5bf895677f02acf4132dc490d07a63d889f685c0cf8

SHA512
8829dffbf7ff143fa23593fadde2392863753cc2a4f10621169d3069edd70a3b6b835094838a3219f9b2c3fed5ad4e025acf08224ddbce0f4c52ef8385c29941

Download Submit
C:\Windows\system\tiYmHej.exe

Filesize
6.0MB

MD5
c919adba5b3450d3bade1dca463c137f

SHA1
f6ca5c693430dee90bcf152d381fc31c462e4230

SHA256
1afbf06859a630509b7f2f0df9b41960a0ee5443eb09d300f9f58a73d80f0eb7

SHA512
016c8077ef61d058bd2c7a783c707e2472559e37a4f31a7ee4d0e1af59141c70b35d721973b1023454ff83e84273e7010502f1acff03805c04192ad4db317bea

Download Submit
C:\Windows\system\tlDDwfL.exe

Filesize
6.0MB

MD5
58e48d6e99ba864e3e769878fb8c645e

SHA1
85d99936569d5ed17a12859a1b57e4424694eab7

SHA256
88bc0f1d4ad375852022c4a67c1fdf9338dbf18572e2451853fd7029f30a150e

SHA512
c93a29b22e43e681936216b837cba4f463714e8a8660048bdd6db3a8794468ea3aeecadab594df3f06fdf2b05d5d4590fba6ed1e7347a697c3ef029d850e1b2d

Download Submit
C:\Windows\system\twtvKmO.exe

Filesize
6.0MB

MD5
51de4ee57e713d9c761f64a5be9fe9b0

SHA1
d93582f330840b7303859bb655c613ca1b579669

SHA256
32a802069f3147cb78dc2506af2330e10163af283228cc6ecf41616157fe4703

SHA512
41cdb9afa17e787e2a96a4db9bb110306a7f99d3ea8d60893197a994f76e094df1518d9638cc1597529e037f255afc88d1eb2eb05a2d4615805be906c99c18fe

Download Submit
C:\Windows\system\uVqNgUE.exe

Filesize
6.0MB

MD5
9eeecad71f5ec6c234bef922837df6ef

SHA1
29e088b2f503a307f185663e17a69666bfe88710

SHA256
dc96296eae13679d85d41536c35854c1d76cb2a9c58497d463565107172e0059

SHA512
48b7bb529e42d18cb8022a2dc497e9cb6a90208f2c4d8d403962ec7afa0e883d66cf0b8441c10dc2f47e53367eb863ab51cf38b3609a63fdf83f433f2426d4e5

Download Submit
C:\Windows\system\uYjRDpR.exe

Filesize
6.0MB

MD5
88661eb240507bd4328ae9faa99dab16

SHA1
afda4731890fcb1df282e59b11d44007624028f7

SHA256
34e581d2c893c082896c69fd95e3f644d316c60f522b28689c15916a8642d0d8

SHA512
d55e137a08a4acf00d8972b31a324568c5bd9c5f3aa6c55e9e4ef5f0c0f3e943f610f5e1c64bf5cecd9369a2bce3c88604283e12672c44f0ce583aacbc6651a1

Download Submit
C:\Windows\system\xerzzzs.exe

Filesize
6.0MB

MD5
fcabdec21f4629347fb668904a8d8f27

SHA1
400475cd431856271cb1c7bd554b07bf46d0f606

SHA256
018e3a4336bffea2635dbbd7a9f50efa24450f6725ed522dff515a4353037a5a

SHA512
152f85d71420aaefedbfd83668b6633d95c34208fc8edd097b18f7da0f6466e73bebcf161e4ca7d30dfa192fdd9288aa1b9b43d37088ab95043f198f6c513d4f

Download Submit
\Windows\system\dWaWHxo.exe

Filesize
6.0MB

MD5
a0f541526ef231ae8154d8a9d18df14f

SHA1
65f561694556658d54fe2ea34894073c906c8dc8

SHA256
22e9d0519e099d71e3b8ece9a0973f29cc2d1ab5a84069384bb2068ceb1ee398

SHA512
97b3d5e3ac665d1b707bdd9c662020e871c48330b671b82ddc208a9028a6a085993f59fe244f3548b665824f162323ad2593374d1bf10ac7e3675d57f280c6af

Download Submit
\Windows\system\lRjoOaD.exe

Filesize
6.0MB

MD5
e91beb0c1c40e55848a25bbf1104b481

SHA1
6fb41aec26c4bcea9c817421ee784037e2d9eaec

SHA256
60e52181d547bb053ad753cbf14082f5f0438cfdb3a81afaa087d1c4095b689d

SHA512
54ded72768a2ad82c3b1db51a2947b99cf061506190a8dc7ede782980282a854701a9fbb29aa249d0f511ea185846d8b4162d0529f9c8ff8ce7da7ce3814623b

Download Submit
\Windows\system\vKmXrhQ.exe

Filesize
6.0MB

MD5
afa804b0a199c0597385e2f7267b93d6

SHA1
3c4fe4c89864d3b12cdb7b8c0095ffbf48f2910f

SHA256
59a298341d00db6d3fbabf74e05b0b94e016f633f302351d89cb71b05bfbdc56

SHA512
488b73c26fec2e2bcbba7fe7cf844a1b84bda4ffeaae30e83cc8208821f6149137661d4607ca75654117d9f552d5e62e15eef7c2cee814f1de03ff026ed0c04e

Download Submit
memory/1816-3572-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-649-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1777-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2080-11-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1693-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2080-1817-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-642-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2080-640-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-625-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-650-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1779-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2080-630-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2080-646-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-638-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-648-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-644-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2080-636-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1695-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-634-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1771-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-632-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-0-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2080-627-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1775-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1774-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2080-623-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1781-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1782-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1791-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1801-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1829-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1834-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1767-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1768-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-647-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3390-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3346-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-624-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3335-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-633-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-643-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3376-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3368-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-639-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3411-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-641-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3389-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2632-645-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3341-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2664-631-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2708-626-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3336-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-629-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3328-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3363-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2852-635-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3362-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2956-637-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2980-773-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3337-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download