cobaltstrike | a6c3dc09ed683079fa211d32cc6821c32a1eeac7bbd9ff57e77ee6a6cee25d77

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

d959dcff096e126d8530ebab5e999a36
SHA1

e5ae7c3ef25f3ee3f5a406bfbd6c7faf1281bf7c
SHA256

a6c3dc09ed683079fa211d32cc6821c32a1eeac7bbd9ff57e77ee6a6cee25d77
SHA512

dbc4aae558010929483a1f0384494b47112ca31cdd8de16bc6876c151f808cf55db21901cc44399b509a4384c88902470b3fe1fd9a894c36c2d384136fd5ca05
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUH:eOl56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d02-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0c-19.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d1f-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d30-37.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001749c-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d40-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d38-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d27-30.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-65.dat	cobalt_reflective_dll
behavioral1/files/0x0028000000016ccb-69.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2816-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/files/0x000a000000016d02-10.dat	xmrig
behavioral1/memory/2724-15-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0c-19.dat	xmrig
behavioral1/files/0x0008000000016d1f-24.dat	xmrig
behavioral1/memory/2948-21-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2748-9-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2924-32-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2696-33-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d30-37.dat	xmrig
behavioral1/memory/2656-46-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2816-41-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x000800000001749c-54.dat	xmrig
behavioral1/memory/2172-53-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d40-52.dat	xmrig
behavioral1/memory/1524-51-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d38-45.dat	xmrig
behavioral1/files/0x0007000000016d27-30.dat	xmrig
behavioral1/files/0x0005000000019436-75.dat	xmrig
behavioral1/memory/1808-79-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x00050000000194bd-87.dat	xmrig
behavioral1/memory/2724-94-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000500000001960d-125.dat	xmrig
behavioral1/files/0x0005000000019612-139.dat	xmrig
behavioral1/files/0x0005000000019616-150.dat	xmrig
behavioral1/files/0x0005000000019c38-181.dat	xmrig
behavioral1/memory/2172-570-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2068-1169-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c36-179.dat	xmrig
behavioral1/files/0x000500000001997c-173.dat	xmrig
behavioral1/files/0x00050000000196e8-169.dat	xmrig
behavioral1/files/0x00050000000196ac-164.dat	xmrig
behavioral1/files/0x000500000001962a-159.dat	xmrig
behavioral1/files/0x0005000000019618-154.dat	xmrig
behavioral1/files/0x0005000000019614-145.dat	xmrig
behavioral1/files/0x0005000000019610-135.dat	xmrig
behavioral1/files/0x000500000001960e-129.dat	xmrig
behavioral1/files/0x000500000001960c-120.dat	xmrig
behavioral1/files/0x00050000000195d9-109.dat	xmrig
behavioral1/files/0x000500000001960a-114.dat	xmrig
behavioral1/files/0x00050000000194f3-101.dat	xmrig
behavioral1/files/0x0005000000019537-104.dat	xmrig
behavioral1/memory/2816-100-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/2068-99-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-81.dat	xmrig
behavioral1/memory/2196-92-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/1040-88-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/604-80-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/580-78-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2816-76-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x000500000001941a-65.dat	xmrig
behavioral1/files/0x0028000000016ccb-69.dat	xmrig
behavioral1/memory/2748-4023-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2948-4026-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2696-4027-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2924-4028-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2656-4029-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/1524-4030-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2172-4031-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/604-4032-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1040-4033-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/580-4034-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1808-4035-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2748	QwwuNiu.exe
2724	FBZADpi.exe
2948	GmgptWD.exe
2696	FTTSbRc.exe
2924	aTyGykp.exe
2656	KjHPVYO.exe
1524	ujONVYj.exe
2172	NxedPbI.exe
604	BAeaBuC.exe
1040	eBFzKVC.exe
580	pgQvxDY.exe
1808	SepKVqi.exe
2196	cyaObZR.exe
2068	FthyCBE.exe
2796	ohDfRxx.exe
2520	ylvkgvl.exe
2508	mPslHQo.exe
2668	keFVnxf.exe
2876	BeYrzqP.exe
2232	wIlkfJj.exe
2036	mjSnxIG.exe
2200	BpFWMfT.exe
2384	UNXLEPY.exe
1604	viZRLnU.exe
2468	UqYhUWU.exe
2276	DVCySHe.exe
296	qWmHBPP.exe
2260	XYlAbMH.exe
2212	BoQXeSG.exe
2532	PHxfLRh.exe
1840	ktuugpy.exe
1812	VALUqLI.exe
2032	HUoKZMw.exe
892	zmwuiWi.exe
1008	wNecfyB.exe
2112	SMLvXqY.exe
572	gxAKeMq.exe
1312	rsPipIO.exe
2404	uUEjpne.exe
2688	gURTSib.exe
2584	HorSKfF.exe
2552	esOwgpx.exe
2524	OMXSfpd.exe
2420	LJHtZQL.exe
2576	DiwFPBg.exe
1888	hbBiObI.exe
1368	AYzbNgb.exe
3056	BWQcwsw.exe
3004	mZLaOVh.exe
1652	liwvEmr.exe
2760	PNXvabm.exe
2844	PYWczNb.exe
2776	MDlQcEI.exe
2612	nkNrzKb.exe
2408	roHzOhJ.exe
2820	UIAIHKP.exe
2028	nSlRaAL.exe
1000	TBOXCOK.exe
2084	jbWnBzY.exe
2140	GTjXPbM.exe
2880	STDDAKi.exe
2896	EVeNQHm.exe
1740	lVicfjU.exe
692	tLBMdko.exe

Loads dropped DLL 64 IoCs

pid	Process
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/files/0x000a000000016d02-10.dat	upx
behavioral1/memory/2724-15-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0008000000016d0c-19.dat	upx
behavioral1/files/0x0008000000016d1f-24.dat	upx
behavioral1/memory/2948-21-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2748-9-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2924-32-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2696-33-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0007000000016d30-37.dat	upx
behavioral1/memory/2656-46-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2816-41-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x000800000001749c-54.dat	upx
behavioral1/memory/2172-53-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0007000000016d40-52.dat	upx
behavioral1/memory/1524-51-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0007000000016d38-45.dat	upx
behavioral1/files/0x0007000000016d27-30.dat	upx
behavioral1/files/0x0005000000019436-75.dat	upx
behavioral1/memory/1808-79-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x00050000000194bd-87.dat	upx
behavioral1/memory/2724-94-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000500000001960d-125.dat	upx
behavioral1/files/0x0005000000019612-139.dat	upx
behavioral1/files/0x0005000000019616-150.dat	upx
behavioral1/files/0x0005000000019c38-181.dat	upx
behavioral1/memory/2172-570-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2068-1169-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0005000000019c36-179.dat	upx
behavioral1/files/0x000500000001997c-173.dat	upx
behavioral1/files/0x00050000000196e8-169.dat	upx
behavioral1/files/0x00050000000196ac-164.dat	upx
behavioral1/files/0x000500000001962a-159.dat	upx
behavioral1/files/0x0005000000019618-154.dat	upx
behavioral1/files/0x0005000000019614-145.dat	upx
behavioral1/files/0x0005000000019610-135.dat	upx
behavioral1/files/0x000500000001960e-129.dat	upx
behavioral1/files/0x000500000001960c-120.dat	upx
behavioral1/files/0x00050000000195d9-109.dat	upx
behavioral1/files/0x000500000001960a-114.dat	upx
behavioral1/files/0x00050000000194f3-101.dat	upx
behavioral1/files/0x0005000000019537-104.dat	upx
behavioral1/memory/2068-99-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0005000000019441-81.dat	upx
behavioral1/memory/2196-92-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/1040-88-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/604-80-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/580-78-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x000500000001941a-65.dat	upx
behavioral1/files/0x0028000000016ccb-69.dat	upx
behavioral1/memory/2748-4023-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2948-4026-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2696-4027-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2924-4028-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2656-4029-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/1524-4030-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2172-4031-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/604-4032-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1040-4033-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/580-4034-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/1808-4035-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2196-4036-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2068-4037-0x000000013F200000-0x000000013F554000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UCJrqlD.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDRBGGF.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwRFyja.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpeznQx.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFeFgCJ.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WflAXbv.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJHOMip.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvUwQeJ.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTkwkoF.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzUhNbf.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfalPUi.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAnBcGq.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvpmZAG.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vAwcmQz.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrJcJRu.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpxOajN.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGCiUEu.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNXvabm.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbWnBzY.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGZxsII.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LctjvlH.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orVybae.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMdRQMj.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evxtNEf.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqXYxLl.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meboyPT.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbnkGJO.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFXHlZU.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnnsRGF.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpgtQgM.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBlCWjY.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDCipCM.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnXjCRi.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKyTVdA.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpFLaUq.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YsIfixZ.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKPIKcD.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSNJTDj.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUwpyWl.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PheWUYp.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwnRVqE.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgNxWMO.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsvWxVK.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXlvWaX.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmxWIsL.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUpujyZ.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWstPTt.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSDpEXD.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edtwXKb.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPvzlwS.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOTaxFS.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gorbmdq.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpmradX.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBYROlZ.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubdcHmP.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErjQRWE.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUSzMJd.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeYrzqP.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyikjpW.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNVqapU.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuorBhX.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VALUqLI.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTwwoTy.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYEdXHi.exe	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2748	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2748	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2748	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2724	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2724	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2724	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2948	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2948	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2948	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2696	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2696	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2696	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2924	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2924	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2924	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2656	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2656	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2656	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 1524	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 1524	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 1524	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2172	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 2172	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 2172	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 604	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 604	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 604	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1040	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 1040	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 1040	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 580	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 580	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 580	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 1808	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 1808	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 1808	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2068	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2068	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2068	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2196	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2196	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2196	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2796	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2796	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2796	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2520	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2520	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2520	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2508	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2508	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2508	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2668	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2668	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2668	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2876	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2876	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2876	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 2232	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2232	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2232	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2036	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2036	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2036	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2200	2816	2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_d959dcff096e126d8530ebab5e999a36_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\System\QwwuNiu.exe
  C:\Windows\System\QwwuNiu.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\FBZADpi.exe
  C:\Windows\System\FBZADpi.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\GmgptWD.exe
  C:\Windows\System\GmgptWD.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\FTTSbRc.exe
  C:\Windows\System\FTTSbRc.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\aTyGykp.exe
  C:\Windows\System\aTyGykp.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\KjHPVYO.exe
  C:\Windows\System\KjHPVYO.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\ujONVYj.exe
  C:\Windows\System\ujONVYj.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\NxedPbI.exe
  C:\Windows\System\NxedPbI.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\BAeaBuC.exe
  C:\Windows\System\BAeaBuC.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\eBFzKVC.exe
  C:\Windows\System\eBFzKVC.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\pgQvxDY.exe
  C:\Windows\System\pgQvxDY.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\SepKVqi.exe
  C:\Windows\System\SepKVqi.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\FthyCBE.exe
  C:\Windows\System\FthyCBE.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\cyaObZR.exe
  C:\Windows\System\cyaObZR.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ohDfRxx.exe
  C:\Windows\System\ohDfRxx.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ylvkgvl.exe
  C:\Windows\System\ylvkgvl.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\mPslHQo.exe
  C:\Windows\System\mPslHQo.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\keFVnxf.exe
  C:\Windows\System\keFVnxf.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\BeYrzqP.exe
  C:\Windows\System\BeYrzqP.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\wIlkfJj.exe
  C:\Windows\System\wIlkfJj.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\mjSnxIG.exe
  C:\Windows\System\mjSnxIG.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\BpFWMfT.exe
  C:\Windows\System\BpFWMfT.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\UNXLEPY.exe
  C:\Windows\System\UNXLEPY.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\viZRLnU.exe
  C:\Windows\System\viZRLnU.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\UqYhUWU.exe
  C:\Windows\System\UqYhUWU.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\DVCySHe.exe
  C:\Windows\System\DVCySHe.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\qWmHBPP.exe
  C:\Windows\System\qWmHBPP.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\XYlAbMH.exe
  C:\Windows\System\XYlAbMH.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\BoQXeSG.exe
  C:\Windows\System\BoQXeSG.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\PHxfLRh.exe
  C:\Windows\System\PHxfLRh.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\ktuugpy.exe
  C:\Windows\System\ktuugpy.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\VALUqLI.exe
  C:\Windows\System\VALUqLI.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\HUoKZMw.exe
  C:\Windows\System\HUoKZMw.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\zmwuiWi.exe
  C:\Windows\System\zmwuiWi.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\wNecfyB.exe
  C:\Windows\System\wNecfyB.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\SMLvXqY.exe
  C:\Windows\System\SMLvXqY.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\gxAKeMq.exe
  C:\Windows\System\gxAKeMq.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\rsPipIO.exe
  C:\Windows\System\rsPipIO.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\uUEjpne.exe
  C:\Windows\System\uUEjpne.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\gURTSib.exe
  C:\Windows\System\gURTSib.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\HorSKfF.exe
  C:\Windows\System\HorSKfF.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\esOwgpx.exe
  C:\Windows\System\esOwgpx.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\OMXSfpd.exe
  C:\Windows\System\OMXSfpd.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\LJHtZQL.exe
  C:\Windows\System\LJHtZQL.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\DiwFPBg.exe
  C:\Windows\System\DiwFPBg.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\hbBiObI.exe
  C:\Windows\System\hbBiObI.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\AYzbNgb.exe
  C:\Windows\System\AYzbNgb.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\BWQcwsw.exe
  C:\Windows\System\BWQcwsw.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\mZLaOVh.exe
  C:\Windows\System\mZLaOVh.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\liwvEmr.exe
  C:\Windows\System\liwvEmr.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\PNXvabm.exe
  C:\Windows\System\PNXvabm.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\PYWczNb.exe
  C:\Windows\System\PYWczNb.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\MDlQcEI.exe
  C:\Windows\System\MDlQcEI.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\nkNrzKb.exe
  C:\Windows\System\nkNrzKb.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\roHzOhJ.exe
  C:\Windows\System\roHzOhJ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\UIAIHKP.exe
  C:\Windows\System\UIAIHKP.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\nSlRaAL.exe
  C:\Windows\System\nSlRaAL.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\TBOXCOK.exe
  C:\Windows\System\TBOXCOK.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\jbWnBzY.exe
  C:\Windows\System\jbWnBzY.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\GTjXPbM.exe
  C:\Windows\System\GTjXPbM.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\STDDAKi.exe
  C:\Windows\System\STDDAKi.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\EVeNQHm.exe
  C:\Windows\System\EVeNQHm.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\lVicfjU.exe
  C:\Windows\System\lVicfjU.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\tLBMdko.exe
  C:\Windows\System\tLBMdko.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\dhESglS.exe
  C:\Windows\System\dhESglS.exe
  2⤵
  PID:2280
- C:\Windows\System\xNvZhND.exe
  C:\Windows\System\xNvZhND.exe
  2⤵
  PID:1924
- C:\Windows\System\FGZxsII.exe
  C:\Windows\System\FGZxsII.exe
  2⤵
  PID:2592
- C:\Windows\System\FkIBqyo.exe
  C:\Windows\System\FkIBqyo.exe
  2⤵
  PID:2300
- C:\Windows\System\EABAMNa.exe
  C:\Windows\System\EABAMNa.exe
  2⤵
  PID:856
- C:\Windows\System\iOkGYPS.exe
  C:\Windows\System\iOkGYPS.exe
  2⤵
  PID:1484
- C:\Windows\System\DPMgcks.exe
  C:\Windows\System\DPMgcks.exe
  2⤵
  PID:1280
- C:\Windows\System\TznaycM.exe
  C:\Windows\System\TznaycM.exe
  2⤵
  PID:624
- C:\Windows\System\JFtQQbl.exe
  C:\Windows\System\JFtQQbl.exe
  2⤵
  PID:2396
- C:\Windows\System\fbjavEe.exe
  C:\Windows\System\fbjavEe.exe
  2⤵
  PID:2004
- C:\Windows\System\CJScQnq.exe
  C:\Windows\System\CJScQnq.exe
  2⤵
  PID:1628
- C:\Windows\System\prDXPgH.exe
  C:\Windows\System\prDXPgH.exe
  2⤵
  PID:2496
- C:\Windows\System\cZDXbDF.exe
  C:\Windows\System\cZDXbDF.exe
  2⤵
  PID:1492
- C:\Windows\System\FspjBoY.exe
  C:\Windows\System\FspjBoY.exe
  2⤵
  PID:1896
- C:\Windows\System\eoiCPbk.exe
  C:\Windows\System\eoiCPbk.exe
  2⤵
  PID:2560
- C:\Windows\System\cqXYxLl.exe
  C:\Windows\System\cqXYxLl.exe
  2⤵
  PID:2252
- C:\Windows\System\zRleSHl.exe
  C:\Windows\System\zRleSHl.exe
  2⤵
  PID:2852
- C:\Windows\System\gpxOajN.exe
  C:\Windows\System\gpxOajN.exe
  2⤵
  PID:2340
- C:\Windows\System\yQNNAXh.exe
  C:\Windows\System\yQNNAXh.exe
  2⤵
  PID:340
- C:\Windows\System\JdayBrK.exe
  C:\Windows\System\JdayBrK.exe
  2⤵
  PID:968
- C:\Windows\System\LilwmOI.exe
  C:\Windows\System\LilwmOI.exe
  2⤵
  PID:2676
- C:\Windows\System\VRnefaN.exe
  C:\Windows\System\VRnefaN.exe
  2⤵
  PID:2224
- C:\Windows\System\SMnkNbT.exe
  C:\Windows\System\SMnkNbT.exe
  2⤵
  PID:2960
- C:\Windows\System\xbTiWNL.exe
  C:\Windows\System\xbTiWNL.exe
  2⤵
  PID:2860
- C:\Windows\System\otuNxEq.exe
  C:\Windows\System\otuNxEq.exe
  2⤵
  PID:976
- C:\Windows\System\luSFRdp.exe
  C:\Windows\System\luSFRdp.exe
  2⤵
  PID:2256
- C:\Windows\System\EwnRVqE.exe
  C:\Windows\System\EwnRVqE.exe
  2⤵
  PID:1092
- C:\Windows\System\rHtbGSW.exe
  C:\Windows\System\rHtbGSW.exe
  2⤵
  PID:876
- C:\Windows\System\cvUwQeJ.exe
  C:\Windows\System\cvUwQeJ.exe
  2⤵
  PID:1612
- C:\Windows\System\aXaizNC.exe
  C:\Windows\System\aXaizNC.exe
  2⤵
  PID:1320
- C:\Windows\System\ZlOOqLG.exe
  C:\Windows\System\ZlOOqLG.exe
  2⤵
  PID:2044
- C:\Windows\System\vfTLTQV.exe
  C:\Windows\System\vfTLTQV.exe
  2⤵
  PID:2208
- C:\Windows\System\pNsuepU.exe
  C:\Windows\System\pNsuepU.exe
  2⤵
  PID:2012
- C:\Windows\System\FbPwkJY.exe
  C:\Windows\System\FbPwkJY.exe
  2⤵
  PID:1548
- C:\Windows\System\xKElkug.exe
  C:\Windows\System\xKElkug.exe
  2⤵
  PID:2932
- C:\Windows\System\ettHFIE.exe
  C:\Windows\System\ettHFIE.exe
  2⤵
  PID:3000
- C:\Windows\System\qoFnYRK.exe
  C:\Windows\System\qoFnYRK.exe
  2⤵
  PID:2608
- C:\Windows\System\cjQeCMr.exe
  C:\Windows\System\cjQeCMr.exe
  2⤵
  PID:332
- C:\Windows\System\bOMotVN.exe
  C:\Windows\System\bOMotVN.exe
  2⤵
  PID:564
- C:\Windows\System\IzjSjcN.exe
  C:\Windows\System\IzjSjcN.exe
  2⤵
  PID:2460
- C:\Windows\System\fzUHLrb.exe
  C:\Windows\System\fzUHLrb.exe
  2⤵
  PID:1960
- C:\Windows\System\XpeznQx.exe
  C:\Windows\System\XpeznQx.exe
  2⤵
  PID:2016
- C:\Windows\System\LctjvlH.exe
  C:\Windows\System\LctjvlH.exe
  2⤵
  PID:1756
- C:\Windows\System\ZYTBDBf.exe
  C:\Windows\System\ZYTBDBf.exe
  2⤵
  PID:1028
- C:\Windows\System\gjHJPFH.exe
  C:\Windows\System\gjHJPFH.exe
  2⤵
  PID:2376
- C:\Windows\System\urixRhx.exe
  C:\Windows\System\urixRhx.exe
  2⤵
  PID:1716
- C:\Windows\System\QKynxwL.exe
  C:\Windows\System\QKynxwL.exe
  2⤵
  PID:3068
- C:\Windows\System\cBrIuZP.exe
  C:\Windows\System\cBrIuZP.exe
  2⤵
  PID:2168
- C:\Windows\System\YHwcrNf.exe
  C:\Windows\System\YHwcrNf.exe
  2⤵
  PID:2056
- C:\Windows\System\ouUxOnT.exe
  C:\Windows\System\ouUxOnT.exe
  2⤵
  PID:3060
- C:\Windows\System\SsBvXXN.exe
  C:\Windows\System\SsBvXXN.exe
  2⤵
  PID:1520
- C:\Windows\System\RkrTYhX.exe
  C:\Windows\System\RkrTYhX.exe
  2⤵
  PID:2024
- C:\Windows\System\dgyUOlW.exe
  C:\Windows\System\dgyUOlW.exe
  2⤵
  PID:2912
- C:\Windows\System\QvTcwOV.exe
  C:\Windows\System\QvTcwOV.exe
  2⤵
  PID:3088
- C:\Windows\System\lYdKbgz.exe
  C:\Windows\System\lYdKbgz.exe
  2⤵
  PID:3108
- C:\Windows\System\RmrnxCb.exe
  C:\Windows\System\RmrnxCb.exe
  2⤵
  PID:3128
- C:\Windows\System\PrNdbFv.exe
  C:\Windows\System\PrNdbFv.exe
  2⤵
  PID:3152
- C:\Windows\System\pKVuDlJ.exe
  C:\Windows\System\pKVuDlJ.exe
  2⤵
  PID:3168
- C:\Windows\System\VQNkzuG.exe
  C:\Windows\System\VQNkzuG.exe
  2⤵
  PID:3192
- C:\Windows\System\tgNxWMO.exe
  C:\Windows\System\tgNxWMO.exe
  2⤵
  PID:3212
- C:\Windows\System\oAsapQr.exe
  C:\Windows\System\oAsapQr.exe
  2⤵
  PID:3232
- C:\Windows\System\ijNykGa.exe
  C:\Windows\System\ijNykGa.exe
  2⤵
  PID:3252
- C:\Windows\System\gNaBMGl.exe
  C:\Windows\System\gNaBMGl.exe
  2⤵
  PID:3272
- C:\Windows\System\fRwXbtd.exe
  C:\Windows\System\fRwXbtd.exe
  2⤵
  PID:3292
- C:\Windows\System\FOwXAbL.exe
  C:\Windows\System\FOwXAbL.exe
  2⤵
  PID:3312
- C:\Windows\System\Nzfamyf.exe
  C:\Windows\System\Nzfamyf.exe
  2⤵
  PID:3332
- C:\Windows\System\gxQkxBp.exe
  C:\Windows\System\gxQkxBp.exe
  2⤵
  PID:3352
- C:\Windows\System\vCFRzYp.exe
  C:\Windows\System\vCFRzYp.exe
  2⤵
  PID:3372
- C:\Windows\System\aKdwwNO.exe
  C:\Windows\System\aKdwwNO.exe
  2⤵
  PID:3392
- C:\Windows\System\dExnUUo.exe
  C:\Windows\System\dExnUUo.exe
  2⤵
  PID:3412
- C:\Windows\System\DIaTcZy.exe
  C:\Windows\System\DIaTcZy.exe
  2⤵
  PID:3428
- C:\Windows\System\GfKCzwU.exe
  C:\Windows\System\GfKCzwU.exe
  2⤵
  PID:3452
- C:\Windows\System\EuwTFOO.exe
  C:\Windows\System\EuwTFOO.exe
  2⤵
  PID:3472
- C:\Windows\System\IKebXHS.exe
  C:\Windows\System\IKebXHS.exe
  2⤵
  PID:3492
- C:\Windows\System\XNWopzs.exe
  C:\Windows\System\XNWopzs.exe
  2⤵
  PID:3512
- C:\Windows\System\vMxCdcZ.exe
  C:\Windows\System\vMxCdcZ.exe
  2⤵
  PID:3532
- C:\Windows\System\PsrYOlq.exe
  C:\Windows\System\PsrYOlq.exe
  2⤵
  PID:3552
- C:\Windows\System\iaUtNas.exe
  C:\Windows\System\iaUtNas.exe
  2⤵
  PID:3572
- C:\Windows\System\uihqdwg.exe
  C:\Windows\System\uihqdwg.exe
  2⤵
  PID:3596
- C:\Windows\System\vsoYMQQ.exe
  C:\Windows\System\vsoYMQQ.exe
  2⤵
  PID:3616
- C:\Windows\System\uaRIKUc.exe
  C:\Windows\System\uaRIKUc.exe
  2⤵
  PID:3636
- C:\Windows\System\ATiSYer.exe
  C:\Windows\System\ATiSYer.exe
  2⤵
  PID:3656
- C:\Windows\System\DoTyTFV.exe
  C:\Windows\System\DoTyTFV.exe
  2⤵
  PID:3672
- C:\Windows\System\BVZivDr.exe
  C:\Windows\System\BVZivDr.exe
  2⤵
  PID:3692
- C:\Windows\System\MOBAebV.exe
  C:\Windows\System\MOBAebV.exe
  2⤵
  PID:3716
- C:\Windows\System\kMlwiSM.exe
  C:\Windows\System\kMlwiSM.exe
  2⤵
  PID:3736
- C:\Windows\System\TqXhyBg.exe
  C:\Windows\System\TqXhyBg.exe
  2⤵
  PID:3756
- C:\Windows\System\APPCUol.exe
  C:\Windows\System\APPCUol.exe
  2⤵
  PID:3776
- C:\Windows\System\vxqTTEZ.exe
  C:\Windows\System\vxqTTEZ.exe
  2⤵
  PID:3796
- C:\Windows\System\DaYoLAw.exe
  C:\Windows\System\DaYoLAw.exe
  2⤵
  PID:3812
- C:\Windows\System\LAlHcBF.exe
  C:\Windows\System\LAlHcBF.exe
  2⤵
  PID:3836
- C:\Windows\System\eDVsmWL.exe
  C:\Windows\System\eDVsmWL.exe
  2⤵
  PID:3856
- C:\Windows\System\oZdVYto.exe
  C:\Windows\System\oZdVYto.exe
  2⤵
  PID:3876
- C:\Windows\System\HbHmHvl.exe
  C:\Windows\System\HbHmHvl.exe
  2⤵
  PID:3892
- C:\Windows\System\iUuERoI.exe
  C:\Windows\System\iUuERoI.exe
  2⤵
  PID:3916
- C:\Windows\System\pEpRumx.exe
  C:\Windows\System\pEpRumx.exe
  2⤵
  PID:3940
- C:\Windows\System\jSoUwgb.exe
  C:\Windows\System\jSoUwgb.exe
  2⤵
  PID:3960
- C:\Windows\System\IqYyQYu.exe
  C:\Windows\System\IqYyQYu.exe
  2⤵
  PID:3980
- C:\Windows\System\mKoKUan.exe
  C:\Windows\System\mKoKUan.exe
  2⤵
  PID:4000
- C:\Windows\System\ifxszEv.exe
  C:\Windows\System\ifxszEv.exe
  2⤵
  PID:4020
- C:\Windows\System\EBsQyqX.exe
  C:\Windows\System\EBsQyqX.exe
  2⤵
  PID:4040
- C:\Windows\System\kyxgkbC.exe
  C:\Windows\System\kyxgkbC.exe
  2⤵
  PID:4060
- C:\Windows\System\mYjmpWT.exe
  C:\Windows\System\mYjmpWT.exe
  2⤵
  PID:4084
- C:\Windows\System\FDCkgbb.exe
  C:\Windows\System\FDCkgbb.exe
  2⤵
  PID:1844
- C:\Windows\System\UPhFTRm.exe
  C:\Windows\System\UPhFTRm.exe
  2⤵
  PID:1912
- C:\Windows\System\hTkwkoF.exe
  C:\Windows\System\hTkwkoF.exe
  2⤵
  PID:2308
- C:\Windows\System\tPfHGxB.exe
  C:\Windows\System\tPfHGxB.exe
  2⤵
  PID:2156
- C:\Windows\System\rHemOos.exe
  C:\Windows\System\rHemOos.exe
  2⤵
  PID:2412
- C:\Windows\System\SnXjCRi.exe
  C:\Windows\System\SnXjCRi.exe
  2⤵
  PID:3144
- C:\Windows\System\yjvisSl.exe
  C:\Windows\System\yjvisSl.exe
  2⤵
  PID:3116
- C:\Windows\System\yhxjmZY.exe
  C:\Windows\System\yhxjmZY.exe
  2⤵
  PID:3188
- C:\Windows\System\rjXrHtC.exe
  C:\Windows\System\rjXrHtC.exe
  2⤵
  PID:3160
- C:\Windows\System\xNJnNjr.exe
  C:\Windows\System\xNJnNjr.exe
  2⤵
  PID:3260
- C:\Windows\System\zgSnfMO.exe
  C:\Windows\System\zgSnfMO.exe
  2⤵
  PID:3264
- C:\Windows\System\ylshyrU.exe
  C:\Windows\System\ylshyrU.exe
  2⤵
  PID:2944
- C:\Windows\System\ilufkyN.exe
  C:\Windows\System\ilufkyN.exe
  2⤵
  PID:3344
- C:\Windows\System\TslXfTv.exe
  C:\Windows\System\TslXfTv.exe
  2⤵
  PID:3324
- C:\Windows\System\wrNXKjm.exe
  C:\Windows\System\wrNXKjm.exe
  2⤵
  PID:3368
- C:\Windows\System\ltCusJb.exe
  C:\Windows\System\ltCusJb.exe
  2⤵
  PID:3508
- C:\Windows\System\meboyPT.exe
  C:\Windows\System\meboyPT.exe
  2⤵
  PID:3436
- C:\Windows\System\tJLtpwG.exe
  C:\Windows\System\tJLtpwG.exe
  2⤵
  PID:3548
- C:\Windows\System\MZKMyDr.exe
  C:\Windows\System\MZKMyDr.exe
  2⤵
  PID:3580
- C:\Windows\System\EHvZfiv.exe
  C:\Windows\System\EHvZfiv.exe
  2⤵
  PID:3568
- C:\Windows\System\DGWAqUp.exe
  C:\Windows\System\DGWAqUp.exe
  2⤵
  PID:2628
- C:\Windows\System\FzmhAeo.exe
  C:\Windows\System\FzmhAeo.exe
  2⤵
  PID:3628
- C:\Windows\System\yxclhPU.exe
  C:\Windows\System\yxclhPU.exe
  2⤵
  PID:3668
- C:\Windows\System\SQOPBwP.exe
  C:\Windows\System\SQOPBwP.exe
  2⤵
  PID:3648
- C:\Windows\System\tVRUYPR.exe
  C:\Windows\System\tVRUYPR.exe
  2⤵
  PID:596
- C:\Windows\System\HbDFwni.exe
  C:\Windows\System\HbDFwni.exe
  2⤵
  PID:3684
- C:\Windows\System\ePMFyya.exe
  C:\Windows\System\ePMFyya.exe
  2⤵
  PID:3732
- C:\Windows\System\khJzUDy.exe
  C:\Windows\System\khJzUDy.exe
  2⤵
  PID:3788
- C:\Windows\System\TfOLjVE.exe
  C:\Windows\System\TfOLjVE.exe
  2⤵
  PID:3768
- C:\Windows\System\RSeoyiT.exe
  C:\Windows\System\RSeoyiT.exe
  2⤵
  PID:3908
- C:\Windows\System\yLxVcXY.exe
  C:\Windows\System\yLxVcXY.exe
  2⤵
  PID:3844
- C:\Windows\System\CMzokgX.exe
  C:\Windows\System\CMzokgX.exe
  2⤵
  PID:3884
- C:\Windows\System\lEKuCpk.exe
  C:\Windows\System\lEKuCpk.exe
  2⤵
  PID:3948
- C:\Windows\System\BEHASIM.exe
  C:\Windows\System\BEHASIM.exe
  2⤵
  PID:3988
- C:\Windows\System\SwjYemp.exe
  C:\Windows\System\SwjYemp.exe
  2⤵
  PID:3976
- C:\Windows\System\WGowhXS.exe
  C:\Windows\System\WGowhXS.exe
  2⤵
  PID:4012
- C:\Windows\System\QpypVxC.exe
  C:\Windows\System\QpypVxC.exe
  2⤵
  PID:2192
- C:\Windows\System\bEAFlju.exe
  C:\Windows\System\bEAFlju.exe
  2⤵
  PID:1624
- C:\Windows\System\tVzoUdz.exe
  C:\Windows\System\tVzoUdz.exe
  2⤵
  PID:1892
- C:\Windows\System\CVDzMzS.exe
  C:\Windows\System\CVDzMzS.exe
  2⤵
  PID:3184
- C:\Windows\System\jxPWjpj.exe
  C:\Windows\System\jxPWjpj.exe
  2⤵
  PID:3100
- C:\Windows\System\wRyjqvY.exe
  C:\Windows\System\wRyjqvY.exe
  2⤵
  PID:3200
- C:\Windows\System\yeJRAgQ.exe
  C:\Windows\System\yeJRAgQ.exe
  2⤵
  PID:3308
- C:\Windows\System\qCUOpDC.exe
  C:\Windows\System\qCUOpDC.exe
  2⤵
  PID:3244
- C:\Windows\System\HaBDKJS.exe
  C:\Windows\System\HaBDKJS.exe
  2⤵
  PID:3328
- C:\Windows\System\yRPucxK.exe
  C:\Windows\System\yRPucxK.exe
  2⤵
  PID:3348
- C:\Windows\System\hUnDTBS.exe
  C:\Windows\System\hUnDTBS.exe
  2⤵
  PID:3444
- C:\Windows\System\eEeQLJf.exe
  C:\Windows\System\eEeQLJf.exe
  2⤵
  PID:3524
- C:\Windows\System\vcopYzO.exe
  C:\Windows\System\vcopYzO.exe
  2⤵
  PID:3484
- C:\Windows\System\NsvWxVK.exe
  C:\Windows\System\NsvWxVK.exe
  2⤵
  PID:3592
- C:\Windows\System\SUvezWu.exe
  C:\Windows\System\SUvezWu.exe
  2⤵
  PID:3612
- C:\Windows\System\mGdfKQi.exe
  C:\Windows\System\mGdfKQi.exe
  2⤵
  PID:3700
- C:\Windows\System\oioFqld.exe
  C:\Windows\System\oioFqld.exe
  2⤵
  PID:3752
- C:\Windows\System\IFQVfea.exe
  C:\Windows\System\IFQVfea.exe
  2⤵
  PID:3712
- C:\Windows\System\vjcogYi.exe
  C:\Windows\System\vjcogYi.exe
  2⤵
  PID:3928
- C:\Windows\System\BYJWoef.exe
  C:\Windows\System\BYJWoef.exe
  2⤵
  PID:3824
- C:\Windows\System\YYVSIQk.exe
  C:\Windows\System\YYVSIQk.exe
  2⤵
  PID:3968
- C:\Windows\System\KrLGDZi.exe
  C:\Windows\System\KrLGDZi.exe
  2⤵
  PID:3804
- C:\Windows\System\kbSDvWP.exe
  C:\Windows\System\kbSDvWP.exe
  2⤵
  PID:4036
- C:\Windows\System\ZryOjSW.exe
  C:\Windows\System\ZryOjSW.exe
  2⤵
  PID:4048
- C:\Windows\System\YYSGrtu.exe
  C:\Windows\System\YYSGrtu.exe
  2⤵
  PID:3020
- C:\Windows\System\XpMTZDH.exe
  C:\Windows\System\XpMTZDH.exe
  2⤵
  PID:2968
- C:\Windows\System\bdNaTLD.exe
  C:\Windows\System\bdNaTLD.exe
  2⤵
  PID:1988
- C:\Windows\System\wTelRIe.exe
  C:\Windows\System\wTelRIe.exe
  2⤵
  PID:3248
- C:\Windows\System\TezFXaE.exe
  C:\Windows\System\TezFXaE.exe
  2⤵
  PID:3124
- C:\Windows\System\tmKoFGc.exe
  C:\Windows\System\tmKoFGc.exe
  2⤵
  PID:3240
- C:\Windows\System\fUwUwPo.exe
  C:\Windows\System\fUwUwPo.exe
  2⤵
  PID:3364
- C:\Windows\System\MjkiPZT.exe
  C:\Windows\System\MjkiPZT.exe
  2⤵
  PID:3400
- C:\Windows\System\jflwhdn.exe
  C:\Windows\System\jflwhdn.exe
  2⤵
  PID:3448
- C:\Windows\System\oYCtbVQ.exe
  C:\Windows\System\oYCtbVQ.exe
  2⤵
  PID:3624
- C:\Windows\System\EbEnlhK.exe
  C:\Windows\System\EbEnlhK.exe
  2⤵
  PID:3664
- C:\Windows\System\uXrdUBq.exe
  C:\Windows\System\uXrdUBq.exe
  2⤵
  PID:2704
- C:\Windows\System\HzlZbmF.exe
  C:\Windows\System\HzlZbmF.exe
  2⤵
  PID:3952
- C:\Windows\System\cXxbcow.exe
  C:\Windows\System\cXxbcow.exe
  2⤵
  PID:4016
- C:\Windows\System\ORqbTUe.exe
  C:\Windows\System\ORqbTUe.exe
  2⤵
  PID:4076
- C:\Windows\System\OolXLny.exe
  C:\Windows\System\OolXLny.exe
  2⤵
  PID:536
- C:\Windows\System\tdOsOFc.exe
  C:\Windows\System\tdOsOFc.exe
  2⤵
  PID:1816
- C:\Windows\System\lCipups.exe
  C:\Windows\System\lCipups.exe
  2⤵
  PID:3688
- C:\Windows\System\qvKewHc.exe
  C:\Windows\System\qvKewHc.exe
  2⤵
  PID:3848
- C:\Windows\System\jlnMeEU.exe
  C:\Windows\System\jlnMeEU.exe
  2⤵
  PID:4052
- C:\Windows\System\HkmBigi.exe
  C:\Windows\System\HkmBigi.exe
  2⤵
  PID:3104
- C:\Windows\System\GCiiTZt.exe
  C:\Windows\System\GCiiTZt.exe
  2⤵
  PID:2580
- C:\Windows\System\zyYJvCp.exe
  C:\Windows\System\zyYJvCp.exe
  2⤵
  PID:3500
- C:\Windows\System\sddxqpD.exe
  C:\Windows\System\sddxqpD.exe
  2⤵
  PID:2768
- C:\Windows\System\wbrUjZT.exe
  C:\Windows\System\wbrUjZT.exe
  2⤵
  PID:3784
- C:\Windows\System\cIFWjgM.exe
  C:\Windows\System\cIFWjgM.exe
  2⤵
  PID:2740
- C:\Windows\System\tEDFaGb.exe
  C:\Windows\System\tEDFaGb.exe
  2⤵
  PID:2076
- C:\Windows\System\CcdOGvf.exe
  C:\Windows\System\CcdOGvf.exe
  2⤵
  PID:3632
- C:\Windows\System\UgnxztU.exe
  C:\Windows\System\UgnxztU.exe
  2⤵
  PID:3724
- C:\Windows\System\sAOwVVf.exe
  C:\Windows\System\sAOwVVf.exe
  2⤵
  PID:3076
- C:\Windows\System\wFHDYjR.exe
  C:\Windows\System\wFHDYjR.exe
  2⤵
  PID:3404
- C:\Windows\System\kkvEOuG.exe
  C:\Windows\System\kkvEOuG.exe
  2⤵
  PID:4028
- C:\Windows\System\LxqFxoJ.exe
  C:\Windows\System\LxqFxoJ.exe
  2⤵
  PID:4080
- C:\Windows\System\YllIrLW.exe
  C:\Windows\System\YllIrLW.exe
  2⤵
  PID:3828
- C:\Windows\System\friHdVy.exe
  C:\Windows\System\friHdVy.exe
  2⤵
  PID:1228
- C:\Windows\System\vhYadWZ.exe
  C:\Windows\System\vhYadWZ.exe
  2⤵
  PID:4100
- C:\Windows\System\FATANKv.exe
  C:\Windows\System\FATANKv.exe
  2⤵
  PID:4116
- C:\Windows\System\YNpxULl.exe
  C:\Windows\System\YNpxULl.exe
  2⤵
  PID:4132
- C:\Windows\System\tXKcnCk.exe
  C:\Windows\System\tXKcnCk.exe
  2⤵
  PID:4148
- C:\Windows\System\BOTaMPs.exe
  C:\Windows\System\BOTaMPs.exe
  2⤵
  PID:4164
- C:\Windows\System\nffeUBP.exe
  C:\Windows\System\nffeUBP.exe
  2⤵
  PID:4180
- C:\Windows\System\gPrkVFG.exe
  C:\Windows\System\gPrkVFG.exe
  2⤵
  PID:4196
- C:\Windows\System\LrFoBXf.exe
  C:\Windows\System\LrFoBXf.exe
  2⤵
  PID:4212
- C:\Windows\System\DQlhwwt.exe
  C:\Windows\System\DQlhwwt.exe
  2⤵
  PID:4228
- C:\Windows\System\bcIkDOh.exe
  C:\Windows\System\bcIkDOh.exe
  2⤵
  PID:4244
- C:\Windows\System\BzmMjJG.exe
  C:\Windows\System\BzmMjJG.exe
  2⤵
  PID:4260
- C:\Windows\System\cMtXLfB.exe
  C:\Windows\System\cMtXLfB.exe
  2⤵
  PID:4276
- C:\Windows\System\YDNdCpq.exe
  C:\Windows\System\YDNdCpq.exe
  2⤵
  PID:4296
- C:\Windows\System\kTsRemW.exe
  C:\Windows\System\kTsRemW.exe
  2⤵
  PID:4312
- C:\Windows\System\EOSQlLH.exe
  C:\Windows\System\EOSQlLH.exe
  2⤵
  PID:4328
- C:\Windows\System\oJIgDul.exe
  C:\Windows\System\oJIgDul.exe
  2⤵
  PID:4344
- C:\Windows\System\ULpNFLv.exe
  C:\Windows\System\ULpNFLv.exe
  2⤵
  PID:4360
- C:\Windows\System\nTDkfNX.exe
  C:\Windows\System\nTDkfNX.exe
  2⤵
  PID:4376
- C:\Windows\System\BLrKsdY.exe
  C:\Windows\System\BLrKsdY.exe
  2⤵
  PID:4392
- C:\Windows\System\yBoaiNY.exe
  C:\Windows\System\yBoaiNY.exe
  2⤵
  PID:4408
- C:\Windows\System\WDzKPkC.exe
  C:\Windows\System\WDzKPkC.exe
  2⤵
  PID:4424
- C:\Windows\System\DJPkHBy.exe
  C:\Windows\System\DJPkHBy.exe
  2⤵
  PID:4440
- C:\Windows\System\VTxcsGQ.exe
  C:\Windows\System\VTxcsGQ.exe
  2⤵
  PID:4456
- C:\Windows\System\tHEWiyk.exe
  C:\Windows\System\tHEWiyk.exe
  2⤵
  PID:4472
- C:\Windows\System\qYoVUTc.exe
  C:\Windows\System\qYoVUTc.exe
  2⤵
  PID:4488
- C:\Windows\System\bJuSYOM.exe
  C:\Windows\System\bJuSYOM.exe
  2⤵
  PID:4504
- C:\Windows\System\hQOuWww.exe
  C:\Windows\System\hQOuWww.exe
  2⤵
  PID:4520
- C:\Windows\System\MKyTVdA.exe
  C:\Windows\System\MKyTVdA.exe
  2⤵
  PID:4536
- C:\Windows\System\jnJxlGc.exe
  C:\Windows\System\jnJxlGc.exe
  2⤵
  PID:4552
- C:\Windows\System\MOGNnVI.exe
  C:\Windows\System\MOGNnVI.exe
  2⤵
  PID:4568
- C:\Windows\System\nGCiUEu.exe
  C:\Windows\System\nGCiUEu.exe
  2⤵
  PID:4584
- C:\Windows\System\ZUBpCFt.exe
  C:\Windows\System\ZUBpCFt.exe
  2⤵
  PID:4600
- C:\Windows\System\dtZqjdH.exe
  C:\Windows\System\dtZqjdH.exe
  2⤵
  PID:4616
- C:\Windows\System\dHSZAVZ.exe
  C:\Windows\System\dHSZAVZ.exe
  2⤵
  PID:4632
- C:\Windows\System\gZKsfAP.exe
  C:\Windows\System\gZKsfAP.exe
  2⤵
  PID:4648
- C:\Windows\System\SapEvTm.exe
  C:\Windows\System\SapEvTm.exe
  2⤵
  PID:4664
- C:\Windows\System\XeeUriw.exe
  C:\Windows\System\XeeUriw.exe
  2⤵
  PID:4680
- C:\Windows\System\OWMDusv.exe
  C:\Windows\System\OWMDusv.exe
  2⤵
  PID:4696
- C:\Windows\System\zYSCHRu.exe
  C:\Windows\System\zYSCHRu.exe
  2⤵
  PID:4712
- C:\Windows\System\VMwCmVl.exe
  C:\Windows\System\VMwCmVl.exe
  2⤵
  PID:4728
- C:\Windows\System\pmNoWYK.exe
  C:\Windows\System\pmNoWYK.exe
  2⤵
  PID:4744
- C:\Windows\System\vlESdnH.exe
  C:\Windows\System\vlESdnH.exe
  2⤵
  PID:4760
- C:\Windows\System\edtwXKb.exe
  C:\Windows\System\edtwXKb.exe
  2⤵
  PID:4780
- C:\Windows\System\eEHDdFQ.exe
  C:\Windows\System\eEHDdFQ.exe
  2⤵
  PID:4800
- C:\Windows\System\XdIcLTY.exe
  C:\Windows\System\XdIcLTY.exe
  2⤵
  PID:4832
- C:\Windows\System\cGhrkrl.exe
  C:\Windows\System\cGhrkrl.exe
  2⤵
  PID:4896
- C:\Windows\System\wOMjRfc.exe
  C:\Windows\System\wOMjRfc.exe
  2⤵
  PID:4944
- C:\Windows\System\zIjfElo.exe
  C:\Windows\System\zIjfElo.exe
  2⤵
  PID:4960
- C:\Windows\System\NCwHVlb.exe
  C:\Windows\System\NCwHVlb.exe
  2⤵
  PID:4976
- C:\Windows\System\KxKBMEN.exe
  C:\Windows\System\KxKBMEN.exe
  2⤵
  PID:4996
- C:\Windows\System\eQEhGQz.exe
  C:\Windows\System\eQEhGQz.exe
  2⤵
  PID:5012
- C:\Windows\System\LRnCgon.exe
  C:\Windows\System\LRnCgon.exe
  2⤵
  PID:5028
- C:\Windows\System\lUmQMYf.exe
  C:\Windows\System\lUmQMYf.exe
  2⤵
  PID:5044
- C:\Windows\System\XhIBItK.exe
  C:\Windows\System\XhIBItK.exe
  2⤵
  PID:5064
- C:\Windows\System\fvbrzWY.exe
  C:\Windows\System\fvbrzWY.exe
  2⤵
  PID:5080
- C:\Windows\System\LGVfIop.exe
  C:\Windows\System\LGVfIop.exe
  2⤵
  PID:5096
- C:\Windows\System\VgcmRZY.exe
  C:\Windows\System\VgcmRZY.exe
  2⤵
  PID:5112
- C:\Windows\System\cwDlpDD.exe
  C:\Windows\System\cwDlpDD.exe
  2⤵
  PID:3224
- C:\Windows\System\ExNdelx.exe
  C:\Windows\System\ExNdelx.exe
  2⤵
  PID:3488
- C:\Windows\System\SGAFFws.exe
  C:\Windows\System\SGAFFws.exe
  2⤵
  PID:4124
- C:\Windows\System\iJHdrMa.exe
  C:\Windows\System\iJHdrMa.exe
  2⤵
  PID:4156
- C:\Windows\System\Arupvhz.exe
  C:\Windows\System\Arupvhz.exe
  2⤵
  PID:4188
- C:\Windows\System\MJuWTUi.exe
  C:\Windows\System\MJuWTUi.exe
  2⤵
  PID:4220
- C:\Windows\System\RmhkScB.exe
  C:\Windows\System\RmhkScB.exe
  2⤵
  PID:4252
- C:\Windows\System\TZcVyVY.exe
  C:\Windows\System\TZcVyVY.exe
  2⤵
  PID:4268
- C:\Windows\System\GKjqCCe.exe
  C:\Windows\System\GKjqCCe.exe
  2⤵
  PID:4304
- C:\Windows\System\LbnkGJO.exe
  C:\Windows\System\LbnkGJO.exe
  2⤵
  PID:4336
- C:\Windows\System\QFqUXqL.exe
  C:\Windows\System\QFqUXqL.exe
  2⤵
  PID:4368
- C:\Windows\System\IwYghQp.exe
  C:\Windows\System\IwYghQp.exe
  2⤵
  PID:4388
- C:\Windows\System\phILhbT.exe
  C:\Windows\System\phILhbT.exe
  2⤵
  PID:4420
- C:\Windows\System\ZHIKdjy.exe
  C:\Windows\System\ZHIKdjy.exe
  2⤵
  PID:4452
- C:\Windows\System\TRPWCHs.exe
  C:\Windows\System\TRPWCHs.exe
  2⤵
  PID:4484
- C:\Windows\System\IDbZVbK.exe
  C:\Windows\System\IDbZVbK.exe
  2⤵
  PID:4516
- C:\Windows\System\UNqAjLP.exe
  C:\Windows\System\UNqAjLP.exe
  2⤵
  PID:2604
- C:\Windows\System\cpJulUi.exe
  C:\Windows\System\cpJulUi.exe
  2⤵
  PID:4564
- C:\Windows\System\icTcAGK.exe
  C:\Windows\System\icTcAGK.exe
  2⤵
  PID:4612
- C:\Windows\System\EpFLaUq.exe
  C:\Windows\System\EpFLaUq.exe
  2⤵
  PID:4852
- C:\Windows\System\IQDQusg.exe
  C:\Windows\System\IQDQusg.exe
  2⤵
  PID:4868
- C:\Windows\System\HtstFBn.exe
  C:\Windows\System\HtstFBn.exe
  2⤵
  PID:4884
- C:\Windows\System\fBxpVdZ.exe
  C:\Windows\System\fBxpVdZ.exe
  2⤵
  PID:4992
- C:\Windows\System\ZKrmYfR.exe
  C:\Windows\System\ZKrmYfR.exe
  2⤵
  PID:5052
- C:\Windows\System\kFgtFIc.exe
  C:\Windows\System\kFgtFIc.exe
  2⤵
  PID:4068
- C:\Windows\System\ovrzzEA.exe
  C:\Windows\System\ovrzzEA.exe
  2⤵
  PID:4108
- C:\Windows\System\bPGiMMV.exe
  C:\Windows\System\bPGiMMV.exe
  2⤵
  PID:4140
- C:\Windows\System\btmpWzO.exe
  C:\Windows\System\btmpWzO.exe
  2⤵
  PID:4416
- C:\Windows\System\SxSYxAL.exe
  C:\Windows\System\SxSYxAL.exe
  2⤵
  PID:4544
- C:\Windows\System\mfTuUie.exe
  C:\Windows\System\mfTuUie.exe
  2⤵
  PID:2052
- C:\Windows\System\mAQOsLs.exe
  C:\Windows\System\mAQOsLs.exe
  2⤵
  PID:4372
- C:\Windows\System\ecjGxtu.exe
  C:\Windows\System\ecjGxtu.exe
  2⤵
  PID:4352
- C:\Windows\System\rxMaTQD.exe
  C:\Windows\System\rxMaTQD.exe
  2⤵
  PID:4548
- C:\Windows\System\KGcHSlf.exe
  C:\Windows\System\KGcHSlf.exe
  2⤵
  PID:4608
- C:\Windows\System\QTDmtwF.exe
  C:\Windows\System\QTDmtwF.exe
  2⤵
  PID:4644
- C:\Windows\System\vZOnhiF.exe
  C:\Windows\System\vZOnhiF.exe
  2⤵
  PID:1644
- C:\Windows\System\joeuTsP.exe
  C:\Windows\System\joeuTsP.exe
  2⤵
  PID:4688
- C:\Windows\System\nOZEBVV.exe
  C:\Windows\System\nOZEBVV.exe
  2⤵
  PID:4724
- C:\Windows\System\pDJKRKZ.exe
  C:\Windows\System\pDJKRKZ.exe
  2⤵
  PID:4436
- C:\Windows\System\AALvpwF.exe
  C:\Windows\System\AALvpwF.exe
  2⤵
  PID:4984
- C:\Windows\System\EaGcEzG.exe
  C:\Windows\System\EaGcEzG.exe
  2⤵
  PID:4284
- C:\Windows\System\tRKdtJL.exe
  C:\Windows\System\tRKdtJL.exe
  2⤵
  PID:4236
- C:\Windows\System\KngTMuF.exe
  C:\Windows\System\KngTMuF.exe
  2⤵
  PID:4628
- C:\Windows\System\bPaBiKl.exe
  C:\Windows\System\bPaBiKl.exe
  2⤵
  PID:4720
- C:\Windows\System\PKyDGtt.exe
  C:\Windows\System\PKyDGtt.exe
  2⤵
  PID:4756
- C:\Windows\System\ntXGqqH.exe
  C:\Windows\System\ntXGqqH.exe
  2⤵
  PID:4792
- C:\Windows\System\lAYePYl.exe
  C:\Windows\System\lAYePYl.exe
  2⤵
  PID:4912
- C:\Windows\System\HhPAgEs.exe
  C:\Windows\System\HhPAgEs.exe
  2⤵
  PID:4928
- C:\Windows\System\ARluKBt.exe
  C:\Windows\System\ARluKBt.exe
  2⤵
  PID:4932
- C:\Windows\System\jvUuDvz.exe
  C:\Windows\System\jvUuDvz.exe
  2⤵
  PID:5004
- C:\Windows\System\zFKKCKD.exe
  C:\Windows\System\zFKKCKD.exe
  2⤵
  PID:4952
- C:\Windows\System\hxgUqbm.exe
  C:\Windows\System\hxgUqbm.exe
  2⤵
  PID:4880
- C:\Windows\System\RfrjGqs.exe
  C:\Windows\System\RfrjGqs.exe
  2⤵
  PID:3652
- C:\Windows\System\zcwDlNI.exe
  C:\Windows\System\zcwDlNI.exe
  2⤵
  PID:2832
- C:\Windows\System\TosJflh.exe
  C:\Windows\System\TosJflh.exe
  2⤵
  PID:2640
- C:\Windows\System\xLcyQYc.exe
  C:\Windows\System\xLcyQYc.exe
  2⤵
  PID:1656
- C:\Windows\System\tkzwhFI.exe
  C:\Windows\System\tkzwhFI.exe
  2⤵
  PID:4656
- C:\Windows\System\oJdAuFN.exe
  C:\Windows\System\oJdAuFN.exe
  2⤵
  PID:4480
- C:\Windows\System\oepFKng.exe
  C:\Windows\System\oepFKng.exe
  2⤵
  PID:1836
- C:\Windows\System\aFYCYAn.exe
  C:\Windows\System\aFYCYAn.exe
  2⤵
  PID:4820
- C:\Windows\System\ZzYMOeC.exe
  C:\Windows\System\ZzYMOeC.exe
  2⤵
  PID:4752
- C:\Windows\System\TYGjXZz.exe
  C:\Windows\System\TYGjXZz.exe
  2⤵
  PID:4860
- C:\Windows\System\TdfVbfz.exe
  C:\Windows\System\TdfVbfz.exe
  2⤵
  PID:4968
- C:\Windows\System\egiTYEM.exe
  C:\Windows\System\egiTYEM.exe
  2⤵
  PID:5024
- C:\Windows\System\EbNMNBO.exe
  C:\Windows\System\EbNMNBO.exe
  2⤵
  PID:4208
- C:\Windows\System\eiDOEjl.exe
  C:\Windows\System\eiDOEjl.exe
  2⤵
  PID:4788
- C:\Windows\System\VQamBdn.exe
  C:\Windows\System\VQamBdn.exe
  2⤵
  PID:4956
- C:\Windows\System\wotgqal.exe
  C:\Windows\System\wotgqal.exe
  2⤵
  PID:2440
- C:\Windows\System\lFlmaAz.exe
  C:\Windows\System\lFlmaAz.exe
  2⤵
  PID:5008
- C:\Windows\System\YsIfixZ.exe
  C:\Windows\System\YsIfixZ.exe
  2⤵
  PID:4172
- C:\Windows\System\vBltMWd.exe
  C:\Windows\System\vBltMWd.exe
  2⤵
  PID:5140
- C:\Windows\System\SqBpJbZ.exe
  C:\Windows\System\SqBpJbZ.exe
  2⤵
  PID:5156
- C:\Windows\System\PLQOxzd.exe
  C:\Windows\System\PLQOxzd.exe
  2⤵
  PID:5172
- C:\Windows\System\gYVURwi.exe
  C:\Windows\System\gYVURwi.exe
  2⤵
  PID:5188
- C:\Windows\System\wFPqyFx.exe
  C:\Windows\System\wFPqyFx.exe
  2⤵
  PID:5204
- C:\Windows\System\oIvVxEV.exe
  C:\Windows\System\oIvVxEV.exe
  2⤵
  PID:5220
- C:\Windows\System\yqAySYj.exe
  C:\Windows\System\yqAySYj.exe
  2⤵
  PID:5236
- C:\Windows\System\XuGIbyh.exe
  C:\Windows\System\XuGIbyh.exe
  2⤵
  PID:5276
- C:\Windows\System\ispIAlL.exe
  C:\Windows\System\ispIAlL.exe
  2⤵
  PID:5332
- C:\Windows\System\LuEhqpY.exe
  C:\Windows\System\LuEhqpY.exe
  2⤵
  PID:5356
- C:\Windows\System\JUmMFwV.exe
  C:\Windows\System\JUmMFwV.exe
  2⤵
  PID:5372
- C:\Windows\System\ubdcHmP.exe
  C:\Windows\System\ubdcHmP.exe
  2⤵
  PID:5392
- C:\Windows\System\NCTphdf.exe
  C:\Windows\System\NCTphdf.exe
  2⤵
  PID:5408
- C:\Windows\System\YFeFgCJ.exe
  C:\Windows\System\YFeFgCJ.exe
  2⤵
  PID:5424
- C:\Windows\System\etZIXZb.exe
  C:\Windows\System\etZIXZb.exe
  2⤵
  PID:5440
- C:\Windows\System\PXSFLfP.exe
  C:\Windows\System\PXSFLfP.exe
  2⤵
  PID:5456
- C:\Windows\System\QplPfCL.exe
  C:\Windows\System\QplPfCL.exe
  2⤵
  PID:5472
- C:\Windows\System\EEJEDJQ.exe
  C:\Windows\System\EEJEDJQ.exe
  2⤵
  PID:5496
- C:\Windows\System\tRXFZXl.exe
  C:\Windows\System\tRXFZXl.exe
  2⤵
  PID:5512
- C:\Windows\System\KLbxfcG.exe
  C:\Windows\System\KLbxfcG.exe
  2⤵
  PID:5528
- C:\Windows\System\UXuGciC.exe
  C:\Windows\System\UXuGciC.exe
  2⤵
  PID:5544
- C:\Windows\System\gxjODzq.exe
  C:\Windows\System\gxjODzq.exe
  2⤵
  PID:5560
- C:\Windows\System\DBsxXIf.exe
  C:\Windows\System\DBsxXIf.exe
  2⤵
  PID:5576
- C:\Windows\System\xFzEfTH.exe
  C:\Windows\System\xFzEfTH.exe
  2⤵
  PID:5596
- C:\Windows\System\ydYvfZq.exe
  C:\Windows\System\ydYvfZq.exe
  2⤵
  PID:5620
- C:\Windows\System\FAJMKue.exe
  C:\Windows\System\FAJMKue.exe
  2⤵
  PID:5676
- C:\Windows\System\vDhspjR.exe
  C:\Windows\System\vDhspjR.exe
  2⤵
  PID:5692
- C:\Windows\System\mbuRmMc.exe
  C:\Windows\System\mbuRmMc.exe
  2⤵
  PID:5716
- C:\Windows\System\CLSEUvl.exe
  C:\Windows\System\CLSEUvl.exe
  2⤵
  PID:5732
- C:\Windows\System\jdoQIfu.exe
  C:\Windows\System\jdoQIfu.exe
  2⤵
  PID:5748
- C:\Windows\System\hGtXQsg.exe
  C:\Windows\System\hGtXQsg.exe
  2⤵
  PID:5764
- C:\Windows\System\ErjQRWE.exe
  C:\Windows\System\ErjQRWE.exe
  2⤵
  PID:5780
- C:\Windows\System\XzIsqku.exe
  C:\Windows\System\XzIsqku.exe
  2⤵
  PID:5796
- C:\Windows\System\GHJebEd.exe
  C:\Windows\System\GHJebEd.exe
  2⤵
  PID:5816
- C:\Windows\System\XIoePCO.exe
  C:\Windows\System\XIoePCO.exe
  2⤵
  PID:5836
- C:\Windows\System\CpNIUkx.exe
  C:\Windows\System\CpNIUkx.exe
  2⤵
  PID:5852
- C:\Windows\System\iGYdwGP.exe
  C:\Windows\System\iGYdwGP.exe
  2⤵
  PID:5868
- C:\Windows\System\IWLirTR.exe
  C:\Windows\System\IWLirTR.exe
  2⤵
  PID:5884
- C:\Windows\System\fuAMIMl.exe
  C:\Windows\System\fuAMIMl.exe
  2⤵
  PID:5900
- C:\Windows\System\DtmFbKY.exe
  C:\Windows\System\DtmFbKY.exe
  2⤵
  PID:5920
- C:\Windows\System\zRPXViD.exe
  C:\Windows\System\zRPXViD.exe
  2⤵
  PID:5944
- C:\Windows\System\IIUlMeb.exe
  C:\Windows\System\IIUlMeb.exe
  2⤵
  PID:5992
- C:\Windows\System\azsSduX.exe
  C:\Windows\System\azsSduX.exe
  2⤵
  PID:6016
- C:\Windows\System\OSTRwWl.exe
  C:\Windows\System\OSTRwWl.exe
  2⤵
  PID:6032
- C:\Windows\System\NEmQxHl.exe
  C:\Windows\System\NEmQxHl.exe
  2⤵
  PID:6052
- C:\Windows\System\bCSHHsD.exe
  C:\Windows\System\bCSHHsD.exe
  2⤵
  PID:6072
- C:\Windows\System\UcKLKcM.exe
  C:\Windows\System\UcKLKcM.exe
  2⤵
  PID:6088
- C:\Windows\System\HhqvRTY.exe
  C:\Windows\System\HhqvRTY.exe
  2⤵
  PID:6104
- C:\Windows\System\pUskIjo.exe
  C:\Windows\System\pUskIjo.exe
  2⤵
  PID:6120
- C:\Windows\System\LHsPbqu.exe
  C:\Windows\System\LHsPbqu.exe
  2⤵
  PID:6136
- C:\Windows\System\AYyyYuG.exe
  C:\Windows\System\AYyyYuG.exe
  2⤵
  PID:4840
- C:\Windows\System\lbHBzoG.exe
  C:\Windows\System\lbHBzoG.exe
  2⤵
  PID:1260
- C:\Windows\System\pCggUmZ.exe
  C:\Windows\System\pCggUmZ.exe
  2⤵
  PID:4924
- C:\Windows\System\vRorrsa.exe
  C:\Windows\System\vRorrsa.exe
  2⤵
  PID:5152
- C:\Windows\System\hQMYpqY.exe
  C:\Windows\System\hQMYpqY.exe
  2⤵
  PID:5072
- C:\Windows\System\jDKdJfi.exe
  C:\Windows\System\jDKdJfi.exe
  2⤵
  PID:5248
- C:\Windows\System\KbEgOVs.exe
  C:\Windows\System\KbEgOVs.exe
  2⤵
  PID:5264
- C:\Windows\System\igolHuU.exe
  C:\Windows\System\igolHuU.exe
  2⤵
  PID:5168
- C:\Windows\System\BEoOkEd.exe
  C:\Windows\System\BEoOkEd.exe
  2⤵
  PID:5128
- C:\Windows\System\PURlHEH.exe
  C:\Windows\System\PURlHEH.exe
  2⤵
  PID:5292
- C:\Windows\System\RsKdvaR.exe
  C:\Windows\System\RsKdvaR.exe
  2⤵
  PID:5308
- C:\Windows\System\uBMXIxs.exe
  C:\Windows\System\uBMXIxs.exe
  2⤵
  PID:5288
- C:\Windows\System\MDZEhSl.exe
  C:\Windows\System\MDZEhSl.exe
  2⤵
  PID:528
- C:\Windows\System\GREMPCk.exe
  C:\Windows\System\GREMPCk.exe
  2⤵
  PID:5384
- C:\Windows\System\fRgzyWU.exe
  C:\Windows\System\fRgzyWU.exe
  2⤵
  PID:1584
- C:\Windows\System\TrAWsDQ.exe
  C:\Windows\System\TrAWsDQ.exe
  2⤵
  PID:5492
- C:\Windows\System\cNySLhz.exe
  C:\Windows\System\cNySLhz.exe
  2⤵
  PID:5556
- C:\Windows\System\LuCZsuD.exe
  C:\Windows\System\LuCZsuD.exe
  2⤵
  PID:5592
- C:\Windows\System\YzDLfRf.exe
  C:\Windows\System\YzDLfRf.exe
  2⤵
  PID:5644
- C:\Windows\System\hyPlEBu.exe
  C:\Windows\System\hyPlEBu.exe
  2⤵
  PID:5660
- C:\Windows\System\dkEScey.exe
  C:\Windows\System\dkEScey.exe
  2⤵
  PID:5464
- C:\Windows\System\CfSsDgs.exe
  C:\Windows\System\CfSsDgs.exe
  2⤵
  PID:5572
- C:\Windows\System\YTiQKyk.exe
  C:\Windows\System\YTiQKyk.exe
  2⤵
  PID:5700
- C:\Windows\System\NNBPDEd.exe
  C:\Windows\System\NNBPDEd.exe
  2⤵
  PID:5772
- C:\Windows\System\XWHPKeS.exe
  C:\Windows\System\XWHPKeS.exe
  2⤵
  PID:5776
- C:\Windows\System\bKIIiOq.exe
  C:\Windows\System\bKIIiOq.exe
  2⤵
  PID:5812
- C:\Windows\System\FWswbgq.exe
  C:\Windows\System\FWswbgq.exe
  2⤵
  PID:5880
- C:\Windows\System\oYoZgZk.exe
  C:\Windows\System\oYoZgZk.exe
  2⤵
  PID:5956
- C:\Windows\System\DKcdBwI.exe
  C:\Windows\System\DKcdBwI.exe
  2⤵
  PID:5860
- C:\Windows\System\kGPRrav.exe
  C:\Windows\System\kGPRrav.exe
  2⤵
  PID:5896
- C:\Windows\System\UCJrqlD.exe
  C:\Windows\System\UCJrqlD.exe
  2⤵
  PID:5936
- C:\Windows\System\CTHEPCR.exe
  C:\Windows\System\CTHEPCR.exe
  2⤵
  PID:5968
- C:\Windows\System\TjfxkiB.exe
  C:\Windows\System\TjfxkiB.exe
  2⤵
  PID:5984
- C:\Windows\System\eamcMSN.exe
  C:\Windows\System\eamcMSN.exe
  2⤵
  PID:5828
- C:\Windows\System\JmssHpz.exe
  C:\Windows\System\JmssHpz.exe
  2⤵
  PID:6064
- C:\Windows\System\iIGPbPt.exe
  C:\Windows\System\iIGPbPt.exe
  2⤵
  PID:6128
- C:\Windows\System\rNpbaHs.exe
  C:\Windows\System\rNpbaHs.exe
  2⤵
  PID:4772
- C:\Windows\System\ruIkwLs.exe
  C:\Windows\System\ruIkwLs.exe
  2⤵
  PID:4500
- C:\Windows\System\EJXhvCF.exe
  C:\Windows\System\EJXhvCF.exe
  2⤵
  PID:4324
- C:\Windows\System\DEHnYpb.exe
  C:\Windows\System\DEHnYpb.exe
  2⤵
  PID:5148
- C:\Windows\System\NvqWlVk.exe
  C:\Windows\System\NvqWlVk.exe
  2⤵
  PID:5272
- C:\Windows\System\MNcgjpa.exe
  C:\Windows\System\MNcgjpa.exe
  2⤵
  PID:5320
- C:\Windows\System\gRHtdKR.exe
  C:\Windows\System\gRHtdKR.exe
  2⤵
  PID:5368
- C:\Windows\System\UzUhNbf.exe
  C:\Windows\System\UzUhNbf.exe
  2⤵
  PID:2648
- C:\Windows\System\WMEyOWS.exe
  C:\Windows\System\WMEyOWS.exe
  2⤵
  PID:5584
- C:\Windows\System\WflAXbv.exe
  C:\Windows\System\WflAXbv.exe
  2⤵
  PID:5656
- C:\Windows\System\NifTmdi.exe
  C:\Windows\System\NifTmdi.exe
  2⤵
  PID:5672
- C:\Windows\System\WSfqKrW.exe
  C:\Windows\System\WSfqKrW.exe
  2⤵
  PID:5540
- C:\Windows\System\zTTzhKG.exe
  C:\Windows\System\zTTzhKG.exe
  2⤵
  PID:5300
- C:\Windows\System\wYUrYdZ.exe
  C:\Windows\System\wYUrYdZ.exe
  2⤵
  PID:5340
- C:\Windows\System\fjLyGeM.exe
  C:\Windows\System\fjLyGeM.exe
  2⤵
  PID:5448
- C:\Windows\System\JfalPUi.exe
  C:\Windows\System\JfalPUi.exe
  2⤵
  PID:5668
- C:\Windows\System\Ruqvmtu.exe
  C:\Windows\System\Ruqvmtu.exe
  2⤵
  PID:5616
- C:\Windows\System\Anvvrvd.exe
  C:\Windows\System\Anvvrvd.exe
  2⤵
  PID:5848
- C:\Windows\System\sSOSsJL.exe
  C:\Windows\System\sSOSsJL.exe
  2⤵
  PID:5804
- C:\Windows\System\XctTsDA.exe
  C:\Windows\System\XctTsDA.exe
  2⤵
  PID:5892
- C:\Windows\System\JIkATfQ.exe
  C:\Windows\System\JIkATfQ.exe
  2⤵
  PID:5932
- C:\Windows\System\wkmulTt.exe
  C:\Windows\System\wkmulTt.exe
  2⤵
  PID:6008
- C:\Windows\System\zRpRrtz.exe
  C:\Windows\System\zRpRrtz.exe
  2⤵
  PID:5088
- C:\Windows\System\OiZZfEA.exe
  C:\Windows\System\OiZZfEA.exe
  2⤵
  PID:1680
- C:\Windows\System\CmrBhcm.exe
  C:\Windows\System\CmrBhcm.exe
  2⤵
  PID:6048
- C:\Windows\System\sTVKvOk.exe
  C:\Windows\System\sTVKvOk.exe
  2⤵
  PID:6116
- C:\Windows\System\uBcgdIo.exe
  C:\Windows\System\uBcgdIo.exe
  2⤵
  PID:5056
- C:\Windows\System\QATxMdu.exe
  C:\Windows\System\QATxMdu.exe
  2⤵
  PID:2428
- C:\Windows\System\MjrXyUM.exe
  C:\Windows\System\MjrXyUM.exe
  2⤵
  PID:5284
- C:\Windows\System\tFgnISQ.exe
  C:\Windows\System\tFgnISQ.exe
  2⤵
  PID:5244
- C:\Windows\System\rgoicFp.exe
  C:\Windows\System\rgoicFp.exe
  2⤵
  PID:4916
- C:\Windows\System\qzlvpEh.exe
  C:\Windows\System\qzlvpEh.exe
  2⤵
  PID:5304
- C:\Windows\System\BugQwII.exe
  C:\Windows\System\BugQwII.exe
  2⤵
  PID:1496
- C:\Windows\System\cpsvVqw.exe
  C:\Windows\System\cpsvVqw.exe
  2⤵
  PID:5612
- C:\Windows\System\oOtVCJm.exe
  C:\Windows\System\oOtVCJm.exe
  2⤵
  PID:5636
- C:\Windows\System\pIuFvWz.exe
  C:\Windows\System\pIuFvWz.exe
  2⤵
  PID:5912
- C:\Windows\System\mXlvWaX.exe
  C:\Windows\System\mXlvWaX.exe
  2⤵
  PID:5508
- C:\Windows\System\fFDkGeG.exe
  C:\Windows\System\fFDkGeG.exe
  2⤵
  PID:5404
- C:\Windows\System\RTwwoTy.exe
  C:\Windows\System\RTwwoTy.exe
  2⤵
  PID:6024
- C:\Windows\System\pUxBZzv.exe
  C:\Windows\System\pUxBZzv.exe
  2⤵
  PID:2888
- C:\Windows\System\WFXHlZU.exe
  C:\Windows\System\WFXHlZU.exe
  2⤵
  PID:2228
- C:\Windows\System\gUyHyAa.exe
  C:\Windows\System\gUyHyAa.exe
  2⤵
  PID:5980
- C:\Windows\System\xQbqmrE.exe
  C:\Windows\System\xQbqmrE.exe
  2⤵
  PID:4812
- C:\Windows\System\vAAUvtA.exe
  C:\Windows\System\vAAUvtA.exe
  2⤵
  PID:5504
- C:\Windows\System\LBqJYWh.exe
  C:\Windows\System\LBqJYWh.exe
  2⤵
  PID:5832
- C:\Windows\System\BEzjMqF.exe
  C:\Windows\System\BEzjMqF.exe
  2⤵
  PID:5316
- C:\Windows\System\lfsETRo.exe
  C:\Windows\System\lfsETRo.exe
  2⤵
  PID:2320
- C:\Windows\System\aKZYpqN.exe
  C:\Windows\System\aKZYpqN.exe
  2⤵
  PID:4592
- C:\Windows\System\vCbfKeW.exe
  C:\Windows\System\vCbfKeW.exe
  2⤵
  PID:4876
- C:\Windows\System\RSoUjnH.exe
  C:\Windows\System\RSoUjnH.exe
  2⤵
  PID:5420
- C:\Windows\System\YurpJsP.exe
  C:\Windows\System\YurpJsP.exe
  2⤵
  PID:5608
- C:\Windows\System\lAiJuCy.exe
  C:\Windows\System\lAiJuCy.exe
  2⤵
  PID:1620
- C:\Windows\System\eZXdRXr.exe
  C:\Windows\System\eZXdRXr.exe
  2⤵
  PID:5728
- C:\Windows\System\WdiJFIS.exe
  C:\Windows\System\WdiJFIS.exe
  2⤵
  PID:6028
- C:\Windows\System\aQLXhAS.exe
  C:\Windows\System\aQLXhAS.exe
  2⤵
  PID:5760
- C:\Windows\System\ehFBsrL.exe
  C:\Windows\System\ehFBsrL.exe
  2⤵
  PID:5632
- C:\Windows\System\OLxEbpD.exe
  C:\Windows\System\OLxEbpD.exe
  2⤵
  PID:5108
- C:\Windows\System\dMJvXwu.exe
  C:\Windows\System\dMJvXwu.exe
  2⤵
  PID:5708
- C:\Windows\System\mKQsFbM.exe
  C:\Windows\System\mKQsFbM.exe
  2⤵
  PID:5348
- C:\Windows\System\yCAwwgk.exe
  C:\Windows\System\yCAwwgk.exe
  2⤵
  PID:6160
- C:\Windows\System\pPIAJOU.exe
  C:\Windows\System\pPIAJOU.exe
  2⤵
  PID:6176
- C:\Windows\System\VGAYlbS.exe
  C:\Windows\System\VGAYlbS.exe
  2⤵
  PID:6192
- C:\Windows\System\bXgNUsL.exe
  C:\Windows\System\bXgNUsL.exe
  2⤵
  PID:6208
- C:\Windows\System\FpOzGPo.exe
  C:\Windows\System\FpOzGPo.exe
  2⤵
  PID:6224
- C:\Windows\System\mVvPeQi.exe
  C:\Windows\System\mVvPeQi.exe
  2⤵
  PID:6240
- C:\Windows\System\jwLLkwY.exe
  C:\Windows\System\jwLLkwY.exe
  2⤵
  PID:6256
- C:\Windows\System\NyikjpW.exe
  C:\Windows\System\NyikjpW.exe
  2⤵
  PID:6272
- C:\Windows\System\nVdriqT.exe
  C:\Windows\System\nVdriqT.exe
  2⤵
  PID:6288
- C:\Windows\System\OQCzIgm.exe
  C:\Windows\System\OQCzIgm.exe
  2⤵
  PID:6304
- C:\Windows\System\RmyBtZO.exe
  C:\Windows\System\RmyBtZO.exe
  2⤵
  PID:6320
- C:\Windows\System\OYFqBqF.exe
  C:\Windows\System\OYFqBqF.exe
  2⤵
  PID:6336
- C:\Windows\System\FECUJkc.exe
  C:\Windows\System\FECUJkc.exe
  2⤵
  PID:6352
- C:\Windows\System\xyrlYbP.exe
  C:\Windows\System\xyrlYbP.exe
  2⤵
  PID:6368
- C:\Windows\System\sRikwpR.exe
  C:\Windows\System\sRikwpR.exe
  2⤵
  PID:6388
- C:\Windows\System\ReqjcoO.exe
  C:\Windows\System\ReqjcoO.exe
  2⤵
  PID:6408
- C:\Windows\System\RpAempS.exe
  C:\Windows\System\RpAempS.exe
  2⤵
  PID:6424
- C:\Windows\System\sgsUtdW.exe
  C:\Windows\System\sgsUtdW.exe
  2⤵
  PID:6440
- C:\Windows\System\ewfUZsn.exe
  C:\Windows\System\ewfUZsn.exe
  2⤵
  PID:6456
- C:\Windows\System\sLCazWG.exe
  C:\Windows\System\sLCazWG.exe
  2⤵
  PID:6472
- C:\Windows\System\GSrgiFp.exe
  C:\Windows\System\GSrgiFp.exe
  2⤵
  PID:6488
- C:\Windows\System\OKjTNxV.exe
  C:\Windows\System\OKjTNxV.exe
  2⤵
  PID:6504
- C:\Windows\System\RTxEigV.exe
  C:\Windows\System\RTxEigV.exe
  2⤵
  PID:6520
- C:\Windows\System\rXVdfqA.exe
  C:\Windows\System\rXVdfqA.exe
  2⤵
  PID:6536
- C:\Windows\System\pLRmUpv.exe
  C:\Windows\System\pLRmUpv.exe
  2⤵
  PID:6552
- C:\Windows\System\sqqikNt.exe
  C:\Windows\System\sqqikNt.exe
  2⤵
  PID:6572
- C:\Windows\System\RTEPvGW.exe
  C:\Windows\System\RTEPvGW.exe
  2⤵
  PID:6588
- C:\Windows\System\aAgGcWI.exe
  C:\Windows\System\aAgGcWI.exe
  2⤵
  PID:6604
- C:\Windows\System\OcOuupc.exe
  C:\Windows\System\OcOuupc.exe
  2⤵
  PID:6620
- C:\Windows\System\DbRwmyW.exe
  C:\Windows\System\DbRwmyW.exe
  2⤵
  PID:6636
- C:\Windows\System\NwWMzoL.exe
  C:\Windows\System\NwWMzoL.exe
  2⤵
  PID:6652
- C:\Windows\System\KKnNHGX.exe
  C:\Windows\System\KKnNHGX.exe
  2⤵
  PID:6668
- C:\Windows\System\MiCdRrs.exe
  C:\Windows\System\MiCdRrs.exe
  2⤵
  PID:6684
- C:\Windows\System\BUKPbRe.exe
  C:\Windows\System\BUKPbRe.exe
  2⤵
  PID:6700
- C:\Windows\System\rfwGpFA.exe
  C:\Windows\System\rfwGpFA.exe
  2⤵
  PID:6716
- C:\Windows\System\WLuCLMp.exe
  C:\Windows\System\WLuCLMp.exe
  2⤵
  PID:6732
- C:\Windows\System\kXIDRUA.exe
  C:\Windows\System\kXIDRUA.exe
  2⤵
  PID:6748
- C:\Windows\System\asbiogW.exe
  C:\Windows\System\asbiogW.exe
  2⤵
  PID:6764
- C:\Windows\System\uUIQFpH.exe
  C:\Windows\System\uUIQFpH.exe
  2⤵
  PID:6780
- C:\Windows\System\wdqmSnJ.exe
  C:\Windows\System\wdqmSnJ.exe
  2⤵
  PID:6820
- C:\Windows\System\fFrxMRT.exe
  C:\Windows\System\fFrxMRT.exe
  2⤵
  PID:6836
- C:\Windows\System\JAHYaJw.exe
  C:\Windows\System\JAHYaJw.exe
  2⤵
  PID:6852
- C:\Windows\System\BfgVuHq.exe
  C:\Windows\System\BfgVuHq.exe
  2⤵
  PID:6868
- C:\Windows\System\CEXCrds.exe
  C:\Windows\System\CEXCrds.exe
  2⤵
  PID:6884
- C:\Windows\System\lJHOMip.exe
  C:\Windows\System\lJHOMip.exe
  2⤵
  PID:6900
- C:\Windows\System\qcuwuDR.exe
  C:\Windows\System\qcuwuDR.exe
  2⤵
  PID:6916
- C:\Windows\System\iZpONFg.exe
  C:\Windows\System\iZpONFg.exe
  2⤵
  PID:6932
- C:\Windows\System\HMlfxbN.exe
  C:\Windows\System\HMlfxbN.exe
  2⤵
  PID:6948
- C:\Windows\System\ZRPMnBK.exe
  C:\Windows\System\ZRPMnBK.exe
  2⤵
  PID:6964
- C:\Windows\System\qYIDTjW.exe
  C:\Windows\System\qYIDTjW.exe
  2⤵
  PID:6980
- C:\Windows\System\aiPGpoh.exe
  C:\Windows\System\aiPGpoh.exe
  2⤵
  PID:6996
- C:\Windows\System\HGmUFWl.exe
  C:\Windows\System\HGmUFWl.exe
  2⤵
  PID:7012
- C:\Windows\System\cgoOlXV.exe
  C:\Windows\System\cgoOlXV.exe
  2⤵
  PID:7028
- C:\Windows\System\vMKFppU.exe
  C:\Windows\System\vMKFppU.exe
  2⤵
  PID:7044
- C:\Windows\System\ZvXLdmx.exe
  C:\Windows\System\ZvXLdmx.exe
  2⤵
  PID:7068
- C:\Windows\System\LRczxgr.exe
  C:\Windows\System\LRczxgr.exe
  2⤵
  PID:7084
- C:\Windows\System\QMOdtxO.exe
  C:\Windows\System\QMOdtxO.exe
  2⤵
  PID:7100
- C:\Windows\System\RffSzFQ.exe
  C:\Windows\System\RffSzFQ.exe
  2⤵
  PID:7116
- C:\Windows\System\kzYLGIR.exe
  C:\Windows\System\kzYLGIR.exe
  2⤵
  PID:7132
- C:\Windows\System\LAQJNPp.exe
  C:\Windows\System\LAQJNPp.exe
  2⤵
  PID:7148
- C:\Windows\System\bAyYuWR.exe
  C:\Windows\System\bAyYuWR.exe
  2⤵
  PID:7164
- C:\Windows\System\MFDTSwz.exe
  C:\Windows\System\MFDTSwz.exe
  2⤵
  PID:1692
- C:\Windows\System\afskVzl.exe
  C:\Windows\System\afskVzl.exe
  2⤵
  PID:5200
- C:\Windows\System\TfsGZef.exe
  C:\Windows\System\TfsGZef.exe
  2⤵
  PID:6200
- C:\Windows\System\VaFKJFd.exe
  C:\Windows\System\VaFKJFd.exe
  2⤵
  PID:6236
- C:\Windows\System\sRjhhZk.exe
  C:\Windows\System\sRjhhZk.exe
  2⤵
  PID:5744
- C:\Windows\System\mqrmTFh.exe
  C:\Windows\System\mqrmTFh.exe
  2⤵
  PID:2240
- C:\Windows\System\CmxWIsL.exe
  C:\Windows\System\CmxWIsL.exe
  2⤵
  PID:5928
- C:\Windows\System\cQgWAbm.exe
  C:\Windows\System\cQgWAbm.exe
  2⤵
  PID:6152
- C:\Windows\System\HJMfGbm.exe
  C:\Windows\System\HJMfGbm.exe
  2⤵
  PID:6216
- C:\Windows\System\SNQOzRY.exe
  C:\Windows\System\SNQOzRY.exe
  2⤵
  PID:6284
- C:\Windows\System\ATcQMCk.exe
  C:\Windows\System\ATcQMCk.exe
  2⤵
  PID:6316
- C:\Windows\System\VNGUhVc.exe
  C:\Windows\System\VNGUhVc.exe
  2⤵
  PID:6380
- C:\Windows\System\VlbDuSz.exe
  C:\Windows\System\VlbDuSz.exe
  2⤵
  PID:6448
- C:\Windows\System\wcXqPPb.exe
  C:\Windows\System\wcXqPPb.exe
  2⤵
  PID:6512
- C:\Windows\System\puVGURg.exe
  C:\Windows\System\puVGURg.exe
  2⤵
  PID:6364
- C:\Windows\System\veVDnpM.exe
  C:\Windows\System\veVDnpM.exe
  2⤵
  PID:6436
- C:\Windows\System\OxNeLVc.exe
  C:\Windows\System\OxNeLVc.exe
  2⤵
  PID:6500
- C:\Windows\System\qSwasWH.exe
  C:\Windows\System\qSwasWH.exe
  2⤵
  PID:6532
- C:\Windows\System\HewAKtR.exe
  C:\Windows\System\HewAKtR.exe
  2⤵
  PID:6584
- C:\Windows\System\DIRBWgK.exe
  C:\Windows\System\DIRBWgK.exe
  2⤵
  PID:6568
- C:\Windows\System\FoDbEYd.exe
  C:\Windows\System\FoDbEYd.exe
  2⤵
  PID:6680
- C:\Windows\System\mZhuaNi.exe
  C:\Windows\System\mZhuaNi.exe
  2⤵
  PID:6564
- C:\Windows\System\yEUNTzi.exe
  C:\Windows\System\yEUNTzi.exe
  2⤵
  PID:6696
- C:\Windows\System\NUpujyZ.exe
  C:\Windows\System\NUpujyZ.exe
  2⤵
  PID:6632
- C:\Windows\System\aecnUSK.exe
  C:\Windows\System\aecnUSK.exe
  2⤵
  PID:3936
- C:\Windows\System\DVZVPEZ.exe
  C:\Windows\System\DVZVPEZ.exe
  2⤵
  PID:6776
- C:\Windows\System\OEbOHmH.exe
  C:\Windows\System\OEbOHmH.exe
  2⤵
  PID:6796
- C:\Windows\System\hCxTuyr.exe
  C:\Windows\System\hCxTuyr.exe
  2⤵
  PID:6812
- C:\Windows\System\vzSPjXB.exe
  C:\Windows\System\vzSPjXB.exe
  2⤵
  PID:6908
- C:\Windows\System\IaGuhrZ.exe
  C:\Windows\System\IaGuhrZ.exe
  2⤵
  PID:6976
- C:\Windows\System\dJGZHTh.exe
  C:\Windows\System\dJGZHTh.exe
  2⤵
  PID:6816
- C:\Windows\System\SMdbbSw.exe
  C:\Windows\System\SMdbbSw.exe
  2⤵
  PID:6944
- C:\Windows\System\qUeIHKn.exe
  C:\Windows\System\qUeIHKn.exe
  2⤵
  PID:6924
- C:\Windows\System\XWstPTt.exe
  C:\Windows\System\XWstPTt.exe
  2⤵
  PID:6892
- C:\Windows\System\ITScNvu.exe
  C:\Windows\System\ITScNvu.exe
  2⤵
  PID:6960
- C:\Windows\System\CjNlabv.exe
  C:\Windows\System\CjNlabv.exe
  2⤵
  PID:7024
- C:\Windows\System\nzaKOiP.exe
  C:\Windows\System\nzaKOiP.exe
  2⤵
  PID:7064
- C:\Windows\System\IZcuInd.exe
  C:\Windows\System\IZcuInd.exe
  2⤵
  PID:7128
- C:\Windows\System\NdiioPZ.exe
  C:\Windows\System\NdiioPZ.exe
  2⤵
  PID:1976
- C:\Windows\System\scdFnQu.exe
  C:\Windows\System\scdFnQu.exe
  2⤵
  PID:5216
- C:\Windows\System\zXupQqd.exe
  C:\Windows\System\zXupQqd.exe
  2⤵
  PID:6168
- C:\Windows\System\IyZJKMh.exe
  C:\Windows\System\IyZJKMh.exe
  2⤵
  PID:7144
- C:\Windows\System\zMmNcnf.exe
  C:\Windows\System\zMmNcnf.exe
  2⤵
  PID:6132
- C:\Windows\System\vlQTStN.exe
  C:\Windows\System\vlQTStN.exe
  2⤵
  PID:824
- C:\Windows\System\PPvzlwS.exe
  C:\Windows\System\PPvzlwS.exe
  2⤵
  PID:6420
- C:\Windows\System\mthrXxp.exe
  C:\Windows\System\mthrXxp.exe
  2⤵
  PID:6548
- C:\Windows\System\kTYrhmt.exe
  C:\Windows\System\kTYrhmt.exe
  2⤵
  PID:6312
- C:\Windows\System\BhDqClb.exe
  C:\Windows\System\BhDqClb.exe
  2⤵
  PID:6248
- C:\Windows\System\BOUNzGc.exe
  C:\Windows\System\BOUNzGc.exe
  2⤵
  PID:6480
- C:\Windows\System\pMiYmLl.exe
  C:\Windows\System\pMiYmLl.exe
  2⤵
  PID:6528
- C:\Windows\System\SsbdKmV.exe
  C:\Windows\System\SsbdKmV.exe
  2⤵
  PID:6712
- C:\Windows\System\zKdYQAa.exe
  C:\Windows\System\zKdYQAa.exe
  2⤵
  PID:6596
- C:\Windows\System\FhwkRdX.exe
  C:\Windows\System\FhwkRdX.exe
  2⤵
  PID:2980
- C:\Windows\System\OgDaHFD.exe
  C:\Windows\System\OgDaHFD.exe
  2⤵
  PID:6600
- C:\Windows\System\RGDiiuC.exe
  C:\Windows\System\RGDiiuC.exe
  2⤵
  PID:7036
- C:\Windows\System\TBlrXMM.exe
  C:\Windows\System\TBlrXMM.exe
  2⤵
  PID:7060
- C:\Windows\System\yflhNeA.exe
  C:\Windows\System\yflhNeA.exe
  2⤵
  PID:7140
- C:\Windows\System\ZSMFFon.exe
  C:\Windows\System\ZSMFFon.exe
  2⤵
  PID:1744
- C:\Windows\System\EIUWtLI.exe
  C:\Windows\System\EIUWtLI.exe
  2⤵
  PID:7172
- C:\Windows\System\irCycTz.exe
  C:\Windows\System\irCycTz.exe
  2⤵
  PID:7188
- C:\Windows\System\leyLYrw.exe
  C:\Windows\System\leyLYrw.exe
  2⤵
  PID:7204
- C:\Windows\System\dGmnOqo.exe
  C:\Windows\System\dGmnOqo.exe
  2⤵
  PID:7220
- C:\Windows\System\MfSaHPA.exe
  C:\Windows\System\MfSaHPA.exe
  2⤵
  PID:7236
- C:\Windows\System\CpyiCJf.exe
  C:\Windows\System\CpyiCJf.exe
  2⤵
  PID:7256
- C:\Windows\System\VeTkRpF.exe
  C:\Windows\System\VeTkRpF.exe
  2⤵
  PID:7272
- C:\Windows\System\cNyxplf.exe
  C:\Windows\System\cNyxplf.exe
  2⤵
  PID:7288
- C:\Windows\System\KYedmYM.exe
  C:\Windows\System\KYedmYM.exe
  2⤵
  PID:7304
- C:\Windows\System\rJOlLsD.exe
  C:\Windows\System\rJOlLsD.exe
  2⤵
  PID:7320
- C:\Windows\System\MxsSApf.exe
  C:\Windows\System\MxsSApf.exe
  2⤵
  PID:7336
- C:\Windows\System\zDRBGGF.exe
  C:\Windows\System\zDRBGGF.exe
  2⤵
  PID:7352
- C:\Windows\System\SLrRLvj.exe
  C:\Windows\System\SLrRLvj.exe
  2⤵
  PID:7368
- C:\Windows\System\IpLMIzg.exe
  C:\Windows\System\IpLMIzg.exe
  2⤵
  PID:7384
- C:\Windows\System\vRoNDQc.exe
  C:\Windows\System\vRoNDQc.exe
  2⤵
  PID:7400
- C:\Windows\System\ncKcAyc.exe
  C:\Windows\System\ncKcAyc.exe
  2⤵
  PID:7416
- C:\Windows\System\KwKCJRg.exe
  C:\Windows\System\KwKCJRg.exe
  2⤵
  PID:7432
- C:\Windows\System\TmiaBfa.exe
  C:\Windows\System\TmiaBfa.exe
  2⤵
  PID:7452
- C:\Windows\System\MfGWSNs.exe
  C:\Windows\System\MfGWSNs.exe
  2⤵
  PID:7468
- C:\Windows\System\PaLlOWb.exe
  C:\Windows\System\PaLlOWb.exe
  2⤵
  PID:7484
- C:\Windows\System\xGHMpVG.exe
  C:\Windows\System\xGHMpVG.exe
  2⤵
  PID:7500
- C:\Windows\System\uuGNFas.exe
  C:\Windows\System\uuGNFas.exe
  2⤵
  PID:7516
- C:\Windows\System\rjnkjer.exe
  C:\Windows\System\rjnkjer.exe
  2⤵
  PID:7532
- C:\Windows\System\SEoriMc.exe
  C:\Windows\System\SEoriMc.exe
  2⤵
  PID:7548
- C:\Windows\System\UuOuFoJ.exe
  C:\Windows\System\UuOuFoJ.exe
  2⤵
  PID:7564
- C:\Windows\System\AUZkMVR.exe
  C:\Windows\System\AUZkMVR.exe
  2⤵
  PID:7580
- C:\Windows\System\TyrepMw.exe
  C:\Windows\System\TyrepMw.exe
  2⤵
  PID:7596
- C:\Windows\System\JJHxkcC.exe
  C:\Windows\System\JJHxkcC.exe
  2⤵
  PID:7612
- C:\Windows\System\JHHDqHn.exe
  C:\Windows\System\JHHDqHn.exe
  2⤵
  PID:7628
- C:\Windows\System\EjdrbPk.exe
  C:\Windows\System\EjdrbPk.exe
  2⤵
  PID:7644
- C:\Windows\System\NCJxIqA.exe
  C:\Windows\System\NCJxIqA.exe
  2⤵
  PID:7660
- C:\Windows\System\mBPMXdl.exe
  C:\Windows\System\mBPMXdl.exe
  2⤵
  PID:7676
- C:\Windows\System\idZjAQP.exe
  C:\Windows\System\idZjAQP.exe
  2⤵
  PID:7692
- C:\Windows\System\YWlochF.exe
  C:\Windows\System\YWlochF.exe
  2⤵
  PID:7708
- C:\Windows\System\HinaREZ.exe
  C:\Windows\System\HinaREZ.exe
  2⤵
  PID:7724
- C:\Windows\System\utEGQua.exe
  C:\Windows\System\utEGQua.exe
  2⤵
  PID:7744
- C:\Windows\System\BFVDRle.exe
  C:\Windows\System\BFVDRle.exe
  2⤵
  PID:7760
- C:\Windows\System\fWFSnvA.exe
  C:\Windows\System\fWFSnvA.exe
  2⤵
  PID:7776
- C:\Windows\System\kWnGlwl.exe
  C:\Windows\System\kWnGlwl.exe
  2⤵
  PID:7792
- C:\Windows\System\aXQdVeA.exe
  C:\Windows\System\aXQdVeA.exe
  2⤵
  PID:7812
- C:\Windows\System\BztjMNo.exe
  C:\Windows\System\BztjMNo.exe
  2⤵
  PID:7828
- C:\Windows\System\fknachw.exe
  C:\Windows\System\fknachw.exe
  2⤵
  PID:7844
- C:\Windows\System\hNzFMsL.exe
  C:\Windows\System\hNzFMsL.exe
  2⤵
  PID:7860
- C:\Windows\System\vPIzCnw.exe
  C:\Windows\System\vPIzCnw.exe
  2⤵
  PID:7876
- C:\Windows\System\lRMOgfo.exe
  C:\Windows\System\lRMOgfo.exe
  2⤵
  PID:7892
- C:\Windows\System\oZffpIs.exe
  C:\Windows\System\oZffpIs.exe
  2⤵
  PID:7908
- C:\Windows\System\WhcdlOx.exe
  C:\Windows\System\WhcdlOx.exe
  2⤵
  PID:7924
- C:\Windows\System\DGBYHrq.exe
  C:\Windows\System\DGBYHrq.exe
  2⤵
  PID:7940
- C:\Windows\System\oAalphB.exe
  C:\Windows\System\oAalphB.exe
  2⤵
  PID:7956
- C:\Windows\System\ZitOUfk.exe
  C:\Windows\System\ZitOUfk.exe
  2⤵
  PID:7980
- C:\Windows\System\rktaKWn.exe
  C:\Windows\System\rktaKWn.exe
  2⤵
  PID:7996
- C:\Windows\System\STyyUSp.exe
  C:\Windows\System\STyyUSp.exe
  2⤵
  PID:8012
- C:\Windows\System\uwmgeoJ.exe
  C:\Windows\System\uwmgeoJ.exe
  2⤵
  PID:8032
- C:\Windows\System\KrliDUd.exe
  C:\Windows\System\KrliDUd.exe
  2⤵
  PID:8048
- C:\Windows\System\jRFIpIM.exe
  C:\Windows\System\jRFIpIM.exe
  2⤵
  PID:8064
- C:\Windows\System\RpRJVRX.exe
  C:\Windows\System\RpRJVRX.exe
  2⤵
  PID:8080
- C:\Windows\System\ZAEjLuZ.exe
  C:\Windows\System\ZAEjLuZ.exe
  2⤵
  PID:8100
- C:\Windows\System\mMImZgL.exe
  C:\Windows\System\mMImZgL.exe
  2⤵
  PID:8116
- C:\Windows\System\mXJdyak.exe
  C:\Windows\System\mXJdyak.exe
  2⤵
  PID:8132
- C:\Windows\System\cWzkRrH.exe
  C:\Windows\System\cWzkRrH.exe
  2⤵
  PID:8148
- C:\Windows\System\gcskmyi.exe
  C:\Windows\System\gcskmyi.exe
  2⤵
  PID:8164
- C:\Windows\System\OgYUQFX.exe
  C:\Windows\System\OgYUQFX.exe
  2⤵
  PID:8180
- C:\Windows\System\QRkNpMR.exe
  C:\Windows\System\QRkNpMR.exe
  2⤵
  PID:6376
- C:\Windows\System\OHPCQro.exe
  C:\Windows\System\OHPCQro.exe
  2⤵
  PID:1952
- C:\Windows\System\AvIGigs.exe
  C:\Windows\System\AvIGigs.exe
  2⤵
  PID:6648
- C:\Windows\System\qbFMMDa.exe
  C:\Windows\System\qbFMMDa.exe
  2⤵
  PID:7232
- C:\Windows\System\yYqGHAg.exe
  C:\Windows\System\yYqGHAg.exe
  2⤵
  PID:6300
- C:\Windows\System\MZnDsvu.exe
  C:\Windows\System\MZnDsvu.exe
  2⤵
  PID:7244
- C:\Windows\System\DnCmJun.exe
  C:\Windows\System\DnCmJun.exe
  2⤵
  PID:7124
- C:\Windows\System\hATrxQg.exe
  C:\Windows\System\hATrxQg.exe
  2⤵
  PID:6860
- C:\Windows\System\UMcWpEw.exe
  C:\Windows\System\UMcWpEw.exe
  2⤵
  PID:6808
- C:\Windows\System\LtxZFoy.exe
  C:\Windows\System\LtxZFoy.exe
  2⤵
  PID:6172
- C:\Windows\System\otpdbEa.exe
  C:\Windows\System\otpdbEa.exe
  2⤵
  PID:6832
- C:\Windows\System\fMipOJu.exe
  C:\Windows\System\fMipOJu.exe
  2⤵
  PID:6404
- C:\Windows\System\VrPCBoV.exe
  C:\Windows\System\VrPCBoV.exe
  2⤵
  PID:6084
- C:\Windows\System\pPCIlZP.exe
  C:\Windows\System\pPCIlZP.exe
  2⤵
  PID:7252
- C:\Windows\System\WGMsESm.exe
  C:\Windows\System\WGMsESm.exe
  2⤵
  PID:7316
- C:\Windows\System\MYEdXHi.exe
  C:\Windows\System\MYEdXHi.exe
  2⤵
  PID:7376
- C:\Windows\System\JylPgUU.exe
  C:\Windows\System\JylPgUU.exe
  2⤵
  PID:7440
- C:\Windows\System\cRGpgTv.exe
  C:\Windows\System\cRGpgTv.exe
  2⤵
  PID:7360
- C:\Windows\System\vKMQDWy.exe
  C:\Windows\System\vKMQDWy.exe
  2⤵
  PID:7332
- C:\Windows\System\aCXdhWe.exe
  C:\Windows\System\aCXdhWe.exe
  2⤵
  PID:7396
- C:\Windows\System\UDGIVER.exe
  C:\Windows\System\UDGIVER.exe
  2⤵
  PID:7492
- C:\Windows\System\vAwcmQz.exe
  C:\Windows\System\vAwcmQz.exe
  2⤵
  PID:7528
- C:\Windows\System\aQWKtUF.exe
  C:\Windows\System\aQWKtUF.exe
  2⤵
  PID:7480
- C:\Windows\System\pNdScPX.exe
  C:\Windows\System\pNdScPX.exe
  2⤵
  PID:7576
- C:\Windows\System\eioXvtw.exe
  C:\Windows\System\eioXvtw.exe
  2⤵
  PID:7604
- C:\Windows\System\akFknOx.exe
  C:\Windows\System\akFknOx.exe
  2⤵
  PID:7652
- C:\Windows\System\cWjZwyC.exe
  C:\Windows\System\cWjZwyC.exe
  2⤵
  PID:1712
- C:\Windows\System\vndIpxB.exe
  C:\Windows\System\vndIpxB.exe
  2⤵
  PID:7668
- C:\Windows\System\xChYdsT.exe
  C:\Windows\System\xChYdsT.exe
  2⤵
  PID:6384
- C:\Windows\System\ORoRuFY.exe
  C:\Windows\System\ORoRuFY.exe
  2⤵
  PID:7840
- C:\Windows\System\kljhHjj.exe
  C:\Windows\System\kljhHjj.exe
  2⤵
  PID:7916
- C:\Windows\System\jleXpIq.exe
  C:\Windows\System\jleXpIq.exe
  2⤵
  PID:7888
- C:\Windows\System\avlwIMs.exe
  C:\Windows\System\avlwIMs.exe
  2⤵
  PID:7968
- C:\Windows\System\GQmnBHI.exe
  C:\Windows\System\GQmnBHI.exe
  2⤵
  PID:7992
- C:\Windows\System\COjehPJ.exe
  C:\Windows\System\COjehPJ.exe
  2⤵
  PID:8008
- C:\Windows\System\NGozuGt.exe
  C:\Windows\System\NGozuGt.exe
  2⤵
  PID:8108
- C:\Windows\System\USiJVyd.exe
  C:\Windows\System\USiJVyd.exe
  2⤵
  PID:8088
- C:\Windows\System\PYlHAIo.exe
  C:\Windows\System\PYlHAIo.exe
  2⤵
  PID:8060
- C:\Windows\System\SztJKnK.exe
  C:\Windows\System\SztJKnK.exe
  2⤵
  PID:8096
- C:\Windows\System\UGftpgj.exe
  C:\Windows\System\UGftpgj.exe
  2⤵
  PID:6348
- C:\Windows\System\BEbIvde.exe
  C:\Windows\System\BEbIvde.exe
  2⤵
  PID:5684
- C:\Windows\System\NqmUJdJ.exe
  C:\Windows\System\NqmUJdJ.exe
  2⤵
  PID:7772
- C:\Windows\System\xZbUPOv.exe
  C:\Windows\System\xZbUPOv.exe
  2⤵
  PID:7856
- C:\Windows\System\rWZRrNu.exe
  C:\Windows\System\rWZRrNu.exe
  2⤵
  PID:8028
- C:\Windows\System\swDbZas.exe
  C:\Windows\System\swDbZas.exe
  2⤵
  PID:7988
- C:\Windows\System\VKztyBV.exe
  C:\Windows\System\VKztyBV.exe
  2⤵
  PID:8144
- C:\Windows\System\tzzIbmj.exe
  C:\Windows\System\tzzIbmj.exe
  2⤵
  PID:1700
- C:\Windows\System\VjfAdcZ.exe
  C:\Windows\System\VjfAdcZ.exe
  2⤵
  PID:1928
- C:\Windows\System\ALCrXZM.exe
  C:\Windows\System\ALCrXZM.exe
  2⤵
  PID:6992
- C:\Windows\System\jQBOyiL.exe
  C:\Windows\System\jQBOyiL.exe
  2⤵
  PID:6328
- C:\Windows\System\YXZiYxW.exe
  C:\Windows\System\YXZiYxW.exe
  2⤵
  PID:6400
- C:\Windows\System\eHBiOYN.exe
  C:\Windows\System\eHBiOYN.exe
  2⤵
  PID:6280
- C:\Windows\System\jYQoTVL.exe
  C:\Windows\System\jYQoTVL.exe
  2⤵
  PID:7344
- C:\Windows\System\YhOKitG.exe
  C:\Windows\System\YhOKitG.exe
  2⤵
  PID:6268
- C:\Windows\System\FDavtOd.exe
  C:\Windows\System\FDavtOd.exe
  2⤵
  PID:7300
- C:\Windows\System\IeAAeDe.exe
  C:\Windows\System\IeAAeDe.exe
  2⤵
  PID:7280
- C:\Windows\System\joXzUMB.exe
  C:\Windows\System\joXzUMB.exe
  2⤵
  PID:7496
- C:\Windows\System\NRhFkHT.exe
  C:\Windows\System\NRhFkHT.exe
  2⤵
  PID:7572
- C:\Windows\System\WEGHNAA.exe
  C:\Windows\System\WEGHNAA.exe
  2⤵
  PID:8056
- C:\Windows\System\pNmRvHy.exe
  C:\Windows\System\pNmRvHy.exe
  2⤵
  PID:7768
- C:\Windows\System\SAXIVEI.exe
  C:\Windows\System\SAXIVEI.exe
  2⤵
  PID:7464
- C:\Windows\System\kpuDXzs.exe
  C:\Windows\System\kpuDXzs.exe
  2⤵
  PID:7560
- C:\Windows\System\IxIhsve.exe
  C:\Windows\System\IxIhsve.exe
  2⤵
  PID:7740
- C:\Windows\System\OwUcoHZ.exe
  C:\Windows\System\OwUcoHZ.exe
  2⤵
  PID:7716
- C:\Windows\System\FfqnyBH.exe
  C:\Windows\System\FfqnyBH.exe
  2⤵
  PID:7976
- C:\Windows\System\QnfqCjV.exe
  C:\Windows\System\QnfqCjV.exe
  2⤵
  PID:8072
- C:\Windows\System\ryHbETc.exe
  C:\Windows\System\ryHbETc.exe
  2⤵
  PID:7800
- C:\Windows\System\FrJcJRu.exe
  C:\Windows\System\FrJcJRu.exe
  2⤵
  PID:7904
- C:\Windows\System\zoTRpSw.exe
  C:\Windows\System\zoTRpSw.exe
  2⤵
  PID:1940
- C:\Windows\System\uFgISpJ.exe
  C:\Windows\System\uFgISpJ.exe
  2⤵
  PID:8176
- C:\Windows\System\iuztxiV.exe
  C:\Windows\System\iuztxiV.exe
  2⤵
  PID:6804
- C:\Windows\System\VFGfPLR.exe
  C:\Windows\System\VFGfPLR.exe
  2⤵
  PID:7096
- C:\Windows\System\ehIhKyd.exe
  C:\Windows\System\ehIhKyd.exe
  2⤵
  PID:7424
- C:\Windows\System\HHtEGLX.exe
  C:\Windows\System\HHtEGLX.exe
  2⤵
  PID:2288
- C:\Windows\System\BqHGhda.exe
  C:\Windows\System\BqHGhda.exe
  2⤵
  PID:7216
- C:\Windows\System\uwiKJcM.exe
  C:\Windows\System\uwiKJcM.exe
  2⤵
  PID:7512
- C:\Windows\System\asPCVwv.exe
  C:\Windows\System\asPCVwv.exe
  2⤵
  PID:7688
- C:\Windows\System\LTnllez.exe
  C:\Windows\System\LTnllez.exe
  2⤵
  PID:7460
- C:\Windows\System\nrZucOx.exe
  C:\Windows\System\nrZucOx.exe
  2⤵
  PID:7752
- C:\Windows\System\xJrykfL.exe
  C:\Windows\System\xJrykfL.exe
  2⤵
  PID:8076
- C:\Windows\System\eihTyZh.exe
  C:\Windows\System\eihTyZh.exe
  2⤵
  PID:7820
- C:\Windows\System\SIfVSom.exe
  C:\Windows\System\SIfVSom.exe
  2⤵
  PID:6956
- C:\Windows\System\rHxYiyp.exe
  C:\Windows\System\rHxYiyp.exe
  2⤵
  PID:6468
- C:\Windows\System\BDzeicw.exe
  C:\Windows\System\BDzeicw.exe
  2⤵
  PID:7636
- C:\Windows\System\UaAlHPl.exe
  C:\Windows\System\UaAlHPl.exe
  2⤵
  PID:6728
- C:\Windows\System\HustWAi.exe
  C:\Windows\System\HustWAi.exe
  2⤵
  PID:7428
- C:\Windows\System\voDLYkv.exe
  C:\Windows\System\voDLYkv.exe
  2⤵
  PID:8020
- C:\Windows\System\ViJOLgK.exe
  C:\Windows\System\ViJOLgK.exe
  2⤵
  PID:7640
- C:\Windows\System\bFpjkCz.exe
  C:\Windows\System\bFpjkCz.exe
  2⤵
  PID:6744
- C:\Windows\System\LTwAbAS.exe
  C:\Windows\System\LTwAbAS.exe
  2⤵
  PID:8140
- C:\Windows\System\juAGYhu.exe
  C:\Windows\System\juAGYhu.exe
  2⤵
  PID:7852
- C:\Windows\System\APJNvmu.exe
  C:\Windows\System\APJNvmu.exe
  2⤵
  PID:8204
- C:\Windows\System\FsMtzHJ.exe
  C:\Windows\System\FsMtzHJ.exe
  2⤵
  PID:8220
- C:\Windows\System\mepKlVc.exe
  C:\Windows\System\mepKlVc.exe
  2⤵
  PID:8236
- C:\Windows\System\wFaemYP.exe
  C:\Windows\System\wFaemYP.exe
  2⤵
  PID:8252
- C:\Windows\System\QNVqapU.exe
  C:\Windows\System\QNVqapU.exe
  2⤵
  PID:8268
- C:\Windows\System\NzVUtAq.exe
  C:\Windows\System\NzVUtAq.exe
  2⤵
  PID:8284
- C:\Windows\System\KELRSUb.exe
  C:\Windows\System\KELRSUb.exe
  2⤵
  PID:8300
- C:\Windows\System\YAoqPtJ.exe
  C:\Windows\System\YAoqPtJ.exe
  2⤵
  PID:8316
- C:\Windows\System\iGjnltW.exe
  C:\Windows\System\iGjnltW.exe
  2⤵
  PID:8332
- C:\Windows\System\apWosUk.exe
  C:\Windows\System\apWosUk.exe
  2⤵
  PID:8348
- C:\Windows\System\WfmFUbM.exe
  C:\Windows\System\WfmFUbM.exe
  2⤵
  PID:8364
- C:\Windows\System\bOTaxFS.exe
  C:\Windows\System\bOTaxFS.exe
  2⤵
  PID:8380
- C:\Windows\System\Gorbmdq.exe
  C:\Windows\System\Gorbmdq.exe
  2⤵
  PID:8396
- C:\Windows\System\gFjLSXo.exe
  C:\Windows\System\gFjLSXo.exe
  2⤵
  PID:8412
- C:\Windows\System\NDarQjT.exe
  C:\Windows\System\NDarQjT.exe
  2⤵
  PID:8428
- C:\Windows\System\zeBaYhg.exe
  C:\Windows\System\zeBaYhg.exe
  2⤵
  PID:8444
- C:\Windows\System\NnDQrPi.exe
  C:\Windows\System\NnDQrPi.exe
  2⤵
  PID:8460
- C:\Windows\System\TybvgwM.exe
  C:\Windows\System\TybvgwM.exe
  2⤵
  PID:8476
- C:\Windows\System\iUSBSBT.exe
  C:\Windows\System\iUSBSBT.exe
  2⤵
  PID:8492
- C:\Windows\System\yAnBcGq.exe
  C:\Windows\System\yAnBcGq.exe
  2⤵
  PID:8508
- C:\Windows\System\qDxgQNf.exe
  C:\Windows\System\qDxgQNf.exe
  2⤵
  PID:8524
- C:\Windows\System\oCANVZs.exe
  C:\Windows\System\oCANVZs.exe
  2⤵
  PID:8540
- C:\Windows\System\fAIYsNI.exe
  C:\Windows\System\fAIYsNI.exe
  2⤵
  PID:8556
- C:\Windows\System\fuMYHok.exe
  C:\Windows\System\fuMYHok.exe
  2⤵
  PID:8572
- C:\Windows\System\qEBTBmj.exe
  C:\Windows\System\qEBTBmj.exe
  2⤵
  PID:8588
- C:\Windows\System\HhJhFNH.exe
  C:\Windows\System\HhJhFNH.exe
  2⤵
  PID:8604
- C:\Windows\System\RzRMZSi.exe
  C:\Windows\System\RzRMZSi.exe
  2⤵
  PID:8620
- C:\Windows\System\wUMifsd.exe
  C:\Windows\System\wUMifsd.exe
  2⤵
  PID:8636
- C:\Windows\System\iwhaYmD.exe
  C:\Windows\System\iwhaYmD.exe
  2⤵
  PID:8652
- C:\Windows\System\eGIgjSp.exe
  C:\Windows\System\eGIgjSp.exe
  2⤵
  PID:8668
- C:\Windows\System\qqPkQRY.exe
  C:\Windows\System\qqPkQRY.exe
  2⤵
  PID:8684
- C:\Windows\System\KkWcXRo.exe
  C:\Windows\System\KkWcXRo.exe
  2⤵
  PID:8700
- C:\Windows\System\uHrJazm.exe
  C:\Windows\System\uHrJazm.exe
  2⤵
  PID:8716
- C:\Windows\System\EfwTnOQ.exe
  C:\Windows\System\EfwTnOQ.exe
  2⤵
  PID:8732
- C:\Windows\System\orVybae.exe
  C:\Windows\System\orVybae.exe
  2⤵
  PID:8748
- C:\Windows\System\wsdtdLB.exe
  C:\Windows\System\wsdtdLB.exe
  2⤵
  PID:8764
- C:\Windows\System\THKGqkv.exe
  C:\Windows\System\THKGqkv.exe
  2⤵
  PID:8780
- C:\Windows\System\nKHlvoQ.exe
  C:\Windows\System\nKHlvoQ.exe
  2⤵
  PID:8796
- C:\Windows\System\mgUGKKK.exe
  C:\Windows\System\mgUGKKK.exe
  2⤵
  PID:8812
- C:\Windows\System\kqyOGUT.exe
  C:\Windows\System\kqyOGUT.exe
  2⤵
  PID:8828
- C:\Windows\System\nbTYjtM.exe
  C:\Windows\System\nbTYjtM.exe
  2⤵
  PID:8844
- C:\Windows\System\xCvqdNL.exe
  C:\Windows\System\xCvqdNL.exe
  2⤵
  PID:8860
- C:\Windows\System\iIFDgqm.exe
  C:\Windows\System\iIFDgqm.exe
  2⤵
  PID:8876
- C:\Windows\System\tXmXHee.exe
  C:\Windows\System\tXmXHee.exe
  2⤵
  PID:8892
- C:\Windows\System\VcKzUCK.exe
  C:\Windows\System\VcKzUCK.exe
  2⤵
  PID:8908
- C:\Windows\System\TbodXpI.exe
  C:\Windows\System\TbodXpI.exe
  2⤵
  PID:8928
- C:\Windows\System\ffXOrSV.exe
  C:\Windows\System\ffXOrSV.exe
  2⤵
  PID:8944
- C:\Windows\System\JzlMHpI.exe
  C:\Windows\System\JzlMHpI.exe
  2⤵
  PID:8960
- C:\Windows\System\oQNsBJW.exe
  C:\Windows\System\oQNsBJW.exe
  2⤵
  PID:8976
- C:\Windows\System\DiEETcJ.exe
  C:\Windows\System\DiEETcJ.exe
  2⤵
  PID:8992
- C:\Windows\System\jwgnFRo.exe
  C:\Windows\System\jwgnFRo.exe
  2⤵
  PID:9008
- C:\Windows\System\IKVfjCH.exe
  C:\Windows\System\IKVfjCH.exe
  2⤵
  PID:9024
- C:\Windows\System\HpgtQgM.exe
  C:\Windows\System\HpgtQgM.exe
  2⤵
  PID:9040
- C:\Windows\System\CbQMhhM.exe
  C:\Windows\System\CbQMhhM.exe
  2⤵
  PID:9056
- C:\Windows\System\hdSkXdR.exe
  C:\Windows\System\hdSkXdR.exe
  2⤵
  PID:9072
- C:\Windows\System\lFqURXC.exe
  C:\Windows\System\lFqURXC.exe
  2⤵
  PID:9088
- C:\Windows\System\agScgwb.exe
  C:\Windows\System\agScgwb.exe
  2⤵
  PID:9104
- C:\Windows\System\BqsKHap.exe
  C:\Windows\System\BqsKHap.exe
  2⤵
  PID:9120
- C:\Windows\System\xFTTKuu.exe
  C:\Windows\System\xFTTKuu.exe
  2⤵
  PID:9136
- C:\Windows\System\hPBDlYc.exe
  C:\Windows\System\hPBDlYc.exe
  2⤵
  PID:9152
- C:\Windows\System\KNTZIlt.exe
  C:\Windows\System\KNTZIlt.exe
  2⤵
  PID:9168
- C:\Windows\System\XQKxtJz.exe
  C:\Windows\System\XQKxtJz.exe
  2⤵
  PID:9184
- C:\Windows\System\QDMuVKu.exe
  C:\Windows\System\QDMuVKu.exe
  2⤵
  PID:9200
- C:\Windows\System\MGFrNLn.exe
  C:\Windows\System\MGFrNLn.exe
  2⤵
  PID:8196
- C:\Windows\System\guwAOay.exe
  C:\Windows\System\guwAOay.exe
  2⤵
  PID:6772
- C:\Windows\System\kotdNzG.exe
  C:\Windows\System\kotdNzG.exe
  2⤵
  PID:8232
- C:\Windows\System\duiQFje.exe
  C:\Windows\System\duiQFje.exe
  2⤵
  PID:8248
- C:\Windows\System\pTqBBJe.exe
  C:\Windows\System\pTqBBJe.exe
  2⤵
  PID:8296
- C:\Windows\System\kTqkyLq.exe
  C:\Windows\System\kTqkyLq.exe
  2⤵
  PID:8328
- C:\Windows\System\HYIurmx.exe
  C:\Windows\System\HYIurmx.exe
  2⤵
  PID:8360
- C:\Windows\System\qfmFWxZ.exe
  C:\Windows\System\qfmFWxZ.exe
  2⤵
  PID:8420
- C:\Windows\System\oJJLFdi.exe
  C:\Windows\System\oJJLFdi.exe
  2⤵
  PID:8488
- C:\Windows\System\Qiebdig.exe
  C:\Windows\System\Qiebdig.exe
  2⤵
  PID:8436
- C:\Windows\System\wbYZKzT.exe
  C:\Windows\System\wbYZKzT.exe
  2⤵
  PID:8472
- C:\Windows\System\rPishlh.exe
  C:\Windows\System\rPishlh.exe
  2⤵
  PID:8520
- C:\Windows\System\FsPGbjy.exe
  C:\Windows\System\FsPGbjy.exe
  2⤵
  PID:8552
- C:\Windows\System\dZAIiit.exe
  C:\Windows\System\dZAIiit.exe
  2⤵
  PID:8616
- C:\Windows\System\ebjMWUX.exe
  C:\Windows\System\ebjMWUX.exe
  2⤵
  PID:8644
- C:\Windows\System\NmzgWjE.exe
  C:\Windows\System\NmzgWjE.exe
  2⤵
  PID:8680
- C:\Windows\System\HnPhQem.exe
  C:\Windows\System\HnPhQem.exe
  2⤵
  PID:8692
- C:\Windows\System\SRMRDvg.exe
  C:\Windows\System\SRMRDvg.exe
  2⤵
  PID:8660
- C:\Windows\System\PpmradX.exe
  C:\Windows\System\PpmradX.exe
  2⤵
  PID:8744
- C:\Windows\System\VDNlPjD.exe
  C:\Windows\System\VDNlPjD.exe
  2⤵
  PID:8776
- C:\Windows\System\EWyqops.exe
  C:\Windows\System\EWyqops.exe
  2⤵
  PID:8840
- C:\Windows\System\wuorBhX.exe
  C:\Windows\System\wuorBhX.exe
  2⤵
  PID:8868
- C:\Windows\System\bddVsYJ.exe
  C:\Windows\System\bddVsYJ.exe
  2⤵
  PID:8872
- C:\Windows\System\kaXxQcM.exe
  C:\Windows\System\kaXxQcM.exe
  2⤵
  PID:8888
- C:\Windows\System\AmHYyco.exe
  C:\Windows\System\AmHYyco.exe
  2⤵
  PID:8968
- C:\Windows\System\NhwBdzL.exe
  C:\Windows\System\NhwBdzL.exe
  2⤵
  PID:1572
- C:\Windows\System\xBblfYb.exe
  C:\Windows\System\xBblfYb.exe
  2⤵
  PID:9004
- C:\Windows\System\gyRektP.exe
  C:\Windows\System\gyRektP.exe
  2⤵
  PID:9032
- C:\Windows\System\scPPjmp.exe
  C:\Windows\System\scPPjmp.exe
  2⤵
  PID:9016
- C:\Windows\System\BQUGkVL.exe
  C:\Windows\System\BQUGkVL.exe
  2⤵
  PID:9100
- C:\Windows\System\LBcWrWu.exe
  C:\Windows\System\LBcWrWu.exe
  2⤵
  PID:9132
- C:\Windows\System\wWWCgPU.exe
  C:\Windows\System\wWWCgPU.exe
  2⤵
  PID:9196
- C:\Windows\System\EInrCni.exe
  C:\Windows\System\EInrCni.exe
  2⤵
  PID:8216
- C:\Windows\System\dZAiVSd.exe
  C:\Windows\System\dZAiVSd.exe
  2⤵
  PID:9144
- C:\Windows\System\KJecwww.exe
  C:\Windows\System\KJecwww.exe
  2⤵
  PID:9176
- C:\Windows\System\myszTDX.exe
  C:\Windows\System\myszTDX.exe
  2⤵
  PID:8324
- C:\Windows\System\NdEZFEc.exe
  C:\Windows\System\NdEZFEc.exe
  2⤵
  PID:8408
- C:\Windows\System\cUGcXyl.exe
  C:\Windows\System\cUGcXyl.exe
  2⤵
  PID:8356
- C:\Windows\System\pNQpxWa.exe
  C:\Windows\System\pNQpxWa.exe
  2⤵
  PID:8484
- C:\Windows\System\ZMgMdtW.exe
  C:\Windows\System\ZMgMdtW.exe
  2⤵
  PID:8536
- C:\Windows\System\ANpdNrr.exe
  C:\Windows\System\ANpdNrr.exe
  2⤵
  PID:8612
- C:\Windows\System\fXyNRgf.exe
  C:\Windows\System\fXyNRgf.exe
  2⤵
  PID:8712
- C:\Windows\System\TiEDADZ.exe
  C:\Windows\System\TiEDADZ.exe
  2⤵
  PID:8596
- C:\Windows\System\RbBDsIA.exe
  C:\Windows\System\RbBDsIA.exe
  2⤵
  PID:8600
- C:\Windows\System\levpwiU.exe
  C:\Windows\System\levpwiU.exe
  2⤵
  PID:8956
- C:\Windows\System\uWkRvGy.exe
  C:\Windows\System\uWkRvGy.exe
  2⤵
  PID:1512
- C:\Windows\System\etPqpfd.exe
  C:\Windows\System\etPqpfd.exe
  2⤵
  PID:8728
- C:\Windows\System\IhLbqhW.exe
  C:\Windows\System\IhLbqhW.exe
  2⤵
  PID:8904
- C:\Windows\System\bRmkjkT.exe
  C:\Windows\System\bRmkjkT.exe
  2⤵
  PID:7544
- C:\Windows\System\MTkYJBT.exe
  C:\Windows\System\MTkYJBT.exe
  2⤵
  PID:8984
- C:\Windows\System\mzEBlof.exe
  C:\Windows\System\mzEBlof.exe
  2⤵
  PID:8312
- C:\Windows\System\FZRqnGK.exe
  C:\Windows\System\FZRqnGK.exe
  2⤵
  PID:8344
- C:\Windows\System\qUSzMJd.exe
  C:\Windows\System\qUSzMJd.exe
  2⤵
  PID:8392
- C:\Windows\System\hCdoHlF.exe
  C:\Windows\System\hCdoHlF.exe
  2⤵
  PID:8504
- C:\Windows\System\wcfScPI.exe
  C:\Windows\System\wcfScPI.exe
  2⤵
  PID:8708
- C:\Windows\System\ogrCvjP.exe
  C:\Windows\System\ogrCvjP.exe
  2⤵
  PID:8884
- C:\Windows\System\NyHKNHZ.exe
  C:\Windows\System\NyHKNHZ.exe
  2⤵
  PID:9052
- C:\Windows\System\ihGCiFc.exe
  C:\Windows\System\ihGCiFc.exe
  2⤵
  PID:8824
- C:\Windows\System\nptlOlp.exe
  C:\Windows\System\nptlOlp.exe
  2⤵
  PID:9000
- C:\Windows\System\OHWGgPg.exe
  C:\Windows\System\OHWGgPg.exe
  2⤵
  PID:8424
- C:\Windows\System\rvpmZAG.exe
  C:\Windows\System\rvpmZAG.exe
  2⤵
  PID:9148
- C:\Windows\System\fqqjAzP.exe
  C:\Windows\System\fqqjAzP.exe
  2⤵
  PID:8852
- C:\Windows\System\WDmPHul.exe
  C:\Windows\System\WDmPHul.exe
  2⤵
  PID:8916
- C:\Windows\System\CiLkNIS.exe
  C:\Windows\System\CiLkNIS.exe
  2⤵
  PID:8972
- C:\Windows\System\HfZWKqV.exe
  C:\Windows\System\HfZWKqV.exe
  2⤵
  PID:9164
- C:\Windows\System\zKPIKcD.exe
  C:\Windows\System\zKPIKcD.exe
  2⤵
  PID:8632
- C:\Windows\System\pagwkDA.exe
  C:\Windows\System\pagwkDA.exe
  2⤵
  PID:8788
- C:\Windows\System\SDSkVKx.exe
  C:\Windows\System\SDSkVKx.exe
  2⤵
  PID:9232
- C:\Windows\System\CnnsRGF.exe
  C:\Windows\System\CnnsRGF.exe
  2⤵
  PID:9248
- C:\Windows\System\inlGIFQ.exe
  C:\Windows\System\inlGIFQ.exe
  2⤵
  PID:9264
- C:\Windows\System\EtPoeay.exe
  C:\Windows\System\EtPoeay.exe
  2⤵
  PID:9280
- C:\Windows\System\nwmuIfj.exe
  C:\Windows\System\nwmuIfj.exe
  2⤵
  PID:9296
- C:\Windows\System\ELpFBYd.exe
  C:\Windows\System\ELpFBYd.exe
  2⤵
  PID:9312
- C:\Windows\System\WikltmZ.exe
  C:\Windows\System\WikltmZ.exe
  2⤵
  PID:9340
- C:\Windows\System\HmghrlG.exe
  C:\Windows\System\HmghrlG.exe
  2⤵
  PID:9376
- C:\Windows\System\UaOcLhJ.exe
  C:\Windows\System\UaOcLhJ.exe
  2⤵
  PID:9396
- C:\Windows\System\LoJJjRl.exe
  C:\Windows\System\LoJJjRl.exe
  2⤵
  PID:9412
- C:\Windows\System\wPXcJYT.exe
  C:\Windows\System\wPXcJYT.exe
  2⤵
  PID:9428
- C:\Windows\System\yxCOSDA.exe
  C:\Windows\System\yxCOSDA.exe
  2⤵
  PID:9444
- C:\Windows\System\mLZxzut.exe
  C:\Windows\System\mLZxzut.exe
  2⤵
  PID:9912
- C:\Windows\System\vdcNuJG.exe
  C:\Windows\System\vdcNuJG.exe
  2⤵
  PID:9964
- C:\Windows\System\azJXThX.exe
  C:\Windows\System\azJXThX.exe
  2⤵
  PID:9984
- C:\Windows\System\DDOOTQL.exe
  C:\Windows\System\DDOOTQL.exe
  2⤵
  PID:10168
- C:\Windows\System\fpDHIjh.exe
  C:\Windows\System\fpDHIjh.exe
  2⤵
  PID:10204
- C:\Windows\System\qjGNbxy.exe
  C:\Windows\System\qjGNbxy.exe
  2⤵
  PID:10220
- C:\Windows\System\jyJVxWI.exe
  C:\Windows\System\jyJVxWI.exe
  2⤵
  PID:10236
- C:\Windows\System\EYWpgpI.exe
  C:\Windows\System\EYWpgpI.exe
  2⤵
  PID:9260
- C:\Windows\System\JGRVfwU.exe
  C:\Windows\System\JGRVfwU.exe
  2⤵
  PID:9240
- C:\Windows\System\ECFwfzN.exe
  C:\Windows\System\ECFwfzN.exe
  2⤵
  PID:9276
- C:\Windows\System\KqHEOOh.exe
  C:\Windows\System\KqHEOOh.exe
  2⤵
  PID:9332
- C:\Windows\System\zbvMTHj.exe
  C:\Windows\System\zbvMTHj.exe
  2⤵
  PID:9384
- C:\Windows\System\KcoSPPR.exe
  C:\Windows\System\KcoSPPR.exe
  2⤵
  PID:9356
- C:\Windows\System\tJUcuQo.exe
  C:\Windows\System\tJUcuQo.exe
  2⤵
  PID:9372
- C:\Windows\System\saoOPtM.exe
  C:\Windows\System\saoOPtM.exe
  2⤵
  PID:9436
- C:\Windows\System\gBIhjRE.exe
  C:\Windows\System\gBIhjRE.exe
  2⤵
  PID:9460
- C:\Windows\System\WkrYydr.exe
  C:\Windows\System\WkrYydr.exe
  2⤵
  PID:9472
- C:\Windows\System\ptnSmQZ.exe
  C:\Windows\System\ptnSmQZ.exe
  2⤵
  PID:9636
- C:\Windows\System\nPxgVXk.exe
  C:\Windows\System\nPxgVXk.exe
  2⤵
  PID:9976
- C:\Windows\System\tsRdDWT.exe
  C:\Windows\System\tsRdDWT.exe
  2⤵
  PID:10044
- C:\Windows\System\iJuBfGN.exe
  C:\Windows\System\iJuBfGN.exe
  2⤵
  PID:10052
- C:\Windows\System\jMAXbFn.exe
  C:\Windows\System\jMAXbFn.exe
  2⤵
  PID:8920
- C:\Windows\System\SnbdjEW.exe
  C:\Windows\System\SnbdjEW.exe
  2⤵
  PID:9352
- C:\Windows\System\dMBOAhJ.exe
  C:\Windows\System\dMBOAhJ.exe
  2⤵
  PID:9452
- C:\Windows\System\ZWxmjRW.exe
  C:\Windows\System\ZWxmjRW.exe
  2⤵
  PID:9496
- C:\Windows\System\LlnGsUB.exe
  C:\Windows\System\LlnGsUB.exe
  2⤵
  PID:9520
- C:\Windows\System\eXoAXIp.exe
  C:\Windows\System\eXoAXIp.exe
  2⤵
  PID:9548
- C:\Windows\System\CBCDKJM.exe
  C:\Windows\System\CBCDKJM.exe
  2⤵
  PID:9504
- C:\Windows\System\zPxcgBc.exe
  C:\Windows\System\zPxcgBc.exe
  2⤵
  PID:9584
- C:\Windows\System\ujdRAqx.exe
  C:\Windows\System\ujdRAqx.exe
  2⤵
  PID:9612
- C:\Windows\System\YOIPsBq.exe
  C:\Windows\System\YOIPsBq.exe
  2⤵
  PID:9676
- C:\Windows\System\bELQwXj.exe
  C:\Windows\System\bELQwXj.exe
  2⤵
  PID:9692
- C:\Windows\System\lRhTwlO.exe
  C:\Windows\System\lRhTwlO.exe
  2⤵
  PID:9732
- C:\Windows\System\fyPEOkv.exe
  C:\Windows\System\fyPEOkv.exe
  2⤵
  PID:9752
- C:\Windows\System\vbjUeCF.exe
  C:\Windows\System\vbjUeCF.exe
  2⤵
  PID:9772
- C:\Windows\System\ouxaEoA.exe
  C:\Windows\System\ouxaEoA.exe
  2⤵
  PID:9788
- C:\Windows\System\nRhzUyL.exe
  C:\Windows\System\nRhzUyL.exe
  2⤵
  PID:9804
- C:\Windows\System\NzhGsdD.exe
  C:\Windows\System\NzhGsdD.exe
  2⤵
  PID:9824
- C:\Windows\System\QmdCMdF.exe
  C:\Windows\System\QmdCMdF.exe
  2⤵
  PID:9836
- C:\Windows\System\phWCQqW.exe
  C:\Windows\System\phWCQqW.exe
  2⤵
  PID:9864
- C:\Windows\System\jVZYdAs.exe
  C:\Windows\System\jVZYdAs.exe
  2⤵
  PID:9872
- C:\Windows\System\wcDlqZV.exe
  C:\Windows\System\wcDlqZV.exe
  2⤵
  PID:9900
- C:\Windows\System\MOlKtdT.exe
  C:\Windows\System\MOlKtdT.exe
  2⤵
  PID:9920
- C:\Windows\System\dSoMnVE.exe
  C:\Windows\System\dSoMnVE.exe
  2⤵
  PID:9956
- C:\Windows\System\ZqJaGdr.exe
  C:\Windows\System\ZqJaGdr.exe
  2⤵
  PID:9972
- C:\Windows\System\yCvhXFW.exe
  C:\Windows\System\yCvhXFW.exe
  2⤵
  PID:10080
- C:\Windows\System\xVnoqMF.exe
  C:\Windows\System\xVnoqMF.exe
  2⤵
  PID:10056
- C:\Windows\System\kamPqOg.exe
  C:\Windows\System\kamPqOg.exe
  2⤵
  PID:10060
- C:\Windows\System\QrDFBSh.exe
  C:\Windows\System\QrDFBSh.exe
  2⤵
  PID:10100
- C:\Windows\System\WXdeUQh.exe
  C:\Windows\System\WXdeUQh.exe
  2⤵
  PID:9256
- C:\Windows\System\FuuICIR.exe
  C:\Windows\System\FuuICIR.exe
  2⤵
  PID:9408
- C:\Windows\System\uepXHoZ.exe
  C:\Windows\System\uepXHoZ.exe
  2⤵
  PID:10228
- C:\Windows\System\mgGgCEe.exe
  C:\Windows\System\mgGgCEe.exe
  2⤵
  PID:10184
- C:\Windows\System\oxOyhDr.exe
  C:\Windows\System\oxOyhDr.exe
  2⤵
  PID:10192
- C:\Windows\System\EVlWhTx.exe
  C:\Windows\System\EVlWhTx.exe
  2⤵
  PID:10124
- C:\Windows\System\ICKnpZc.exe
  C:\Windows\System\ICKnpZc.exe
  2⤵
  PID:9512
- C:\Windows\System\RPAZJol.exe
  C:\Windows\System\RPAZJol.exe
  2⤵
  PID:9508
- C:\Windows\System\mBCMIkW.exe
  C:\Windows\System\mBCMIkW.exe
  2⤵
  PID:9544
- C:\Windows\System\KWltCnr.exe
  C:\Windows\System\KWltCnr.exe
  2⤵
  PID:9564
- C:\Windows\System\irSRSvY.exe
  C:\Windows\System\irSRSvY.exe
  2⤵
  PID:9664
- C:\Windows\System\LyWeBbR.exe
  C:\Windows\System\LyWeBbR.exe
  2⤵
  PID:9708
- C:\Windows\System\WqEjKXD.exe
  C:\Windows\System\WqEjKXD.exe
  2⤵
  PID:9728
- C:\Windows\System\koTXKxZ.exe
  C:\Windows\System\koTXKxZ.exe
  2⤵
  PID:9760
- C:\Windows\System\BMRpzgL.exe
  C:\Windows\System\BMRpzgL.exe
  2⤵
  PID:9840
- C:\Windows\System\EXJdKdt.exe
  C:\Windows\System\EXJdKdt.exe
  2⤵
  PID:9816
- C:\Windows\System\NukmoXP.exe
  C:\Windows\System\NukmoXP.exe
  2⤵
  PID:9852
- C:\Windows\System\AphOtOU.exe
  C:\Windows\System\AphOtOU.exe
  2⤵
  PID:9748
- C:\Windows\System\dvwYyGa.exe
  C:\Windows\System\dvwYyGa.exe
  2⤵
  PID:9952
- C:\Windows\System\ooNeiGw.exe
  C:\Windows\System\ooNeiGw.exe
  2⤵
  PID:10036
- C:\Windows\System\Ndzwklj.exe
  C:\Windows\System\Ndzwklj.exe
  2⤵
  PID:10032
- C:\Windows\System\aJHqPnM.exe
  C:\Windows\System\aJHqPnM.exe
  2⤵
  PID:10088
- C:\Windows\System\JDTbcsF.exe
  C:\Windows\System\JDTbcsF.exe
  2⤵
  PID:10200
- C:\Windows\System\zloPlsk.exe
  C:\Windows\System\zloPlsk.exe
  2⤵
  PID:9228
- C:\Windows\System\TGbisQg.exe
  C:\Windows\System\TGbisQg.exe
  2⤵
  PID:10164
- C:\Windows\System\WLWxnLl.exe
  C:\Windows\System\WLWxnLl.exe
  2⤵
  PID:10160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BeYrzqP.exe

Filesize
6.1MB

MD5
48ea21b2fb285b7ecb0ba7b84235e7b3

SHA1
ff9c37d9e7a7c2527783da9269974d0c5f25e9ba

SHA256
bfd8eb601cded7351a994897ed4eca3269c20e26ae5f7bddd399f2753e6e1952

SHA512
e70231870c5540725a5ff4e06a4811870ca7ac1e00e6b876d44e616d6600e2409f7effe429cea4891db8ddc464d472207735fa701357f4bbaf4c6a5c449cbec6

Download Submit
C:\Windows\system\BoQXeSG.exe

Filesize
6.1MB

MD5
4f1c159495833c077f167d963222bd31

SHA1
bef19007b57f8399b8d75ad2599191b8f4cc66e8

SHA256
29b2f766b4fe5c5a6300b346c377ed94eacc03cea47278af562bbd22351bc776

SHA512
8eaa94be183e68956591de2614a849a4c68c94d0084ccc53ba9f0e8477e74d805cb7f5e84382e1c8697e6279a933da0563682635f69d7373c07b18e0f93aee54

Download Submit
C:\Windows\system\BpFWMfT.exe

Filesize
6.1MB

MD5
95134069948a556b1df21cfbcbda6b5b

SHA1
42352fe1de0f376c74d51b37fd1298526ed871df

SHA256
bc3df76342a0292f2c29c091432ce94e46ea1fe3faf7e95bb7f6881a7bcd6933

SHA512
276e8ed967eab1d703479e1761ee31a209847a845abe18799b9d276631c5635e1cba9526774cfa4a966379082fab531eb8d319c12cce5fb9d122f2e7a6ee3df9

Download Submit
C:\Windows\system\DVCySHe.exe

Filesize
6.1MB

MD5
81f50753d00cc35d8da12ac4542e395b

SHA1
c4142bff18378a3a28380def505fdf3de36879dd

SHA256
3c05f0abb66f258a58c455c31e2c588077a984fee9d2d3216f9a418b39c8ccf1

SHA512
27e6c00ad9d12f89dd2dc88fbb63d054aa47d31e20c694bd008c129ab22dcb5d3b8ffffcc6700da4a6a5cf13e75919c3b0b1ec756c97e3448825e10c58fc0855

Download Submit
C:\Windows\system\FTTSbRc.exe

Filesize
6.1MB

MD5
2dc3237ab916fd78323df1604c89ba0d

SHA1
a469d87ef8dcce33b0222bd3b1596fa970041d32

SHA256
09162b531a3fae24b587aa2ba2ac987931fe9532f4f4bd3363e0a679a99232e0

SHA512
94aa1c0ec331e10d01f09eadd08bfddd61e7781620038bc9daf4a93ae0237c7da91ba760305b28947a1bb849201ce4512d17b3ec5ef5baaa4c02f88fd529631d

Download Submit
C:\Windows\system\GmgptWD.exe

Filesize
6.1MB

MD5
f2431fc5b599bc2621af0159f7f5c738

SHA1
7a20168a4f1cadc6bb333facde3379a69568c119

SHA256
ef634c6a66cc758b4211c39e76de024d056c4698c8a524c9f53f47931ddf2183

SHA512
3947038b45dc98fb0bcee94f1a5fd602f0514d297e1d9847a4956fb809d3b5d3fe209e0e1bf18c2139b6186bb161200074e79b285a001dcd2c685eda6c2d9f04

Download Submit
C:\Windows\system\KjHPVYO.exe

Filesize
6.1MB

MD5
37ca2fff7e2fffec3144ed543af596ee

SHA1
343b342e475243bb30cf7caa85a2d207d6b61ef0

SHA256
6301a75fb37b5b4391cc554970f15c366aeeb2d656afdd435960ccb1a5e71562

SHA512
23a708b2f76330930c5a4f4e97f13c162668b2168324fca7f531612d56d39408b900161923dd27dd4d95af174e6011099f7b55ddf8a3aaa3e93813ff02885531

Download Submit
C:\Windows\system\NxedPbI.exe

Filesize
6.1MB

MD5
5f908970b429688e14409dac6b2e676a

SHA1
015e211d7f14f4b4d07ccce2dc9096d71d536c30

SHA256
b366d8e06334f3e1384535fbd4763b5d8b21b69431f1685b8171dd8a328b677a

SHA512
ef7aa4c6be8c5906a6e1053df9da1db6297a2489055c9d2a1f1645526ea84772af97fd5abf504d27bd7ca0e46c5a00af3a09d5ec3e59bcb776ba262d6bbbf049

Download Submit
C:\Windows\system\PHxfLRh.exe

Filesize
6.1MB

MD5
3e3de50a10ca930ee2a3540e89aac137

SHA1
8a54502ca092dd207e3c39e32fd0643df89c1cf3

SHA256
376ab16f4651bc568dfed7857e6d85d4b5f75f52a5c02a3b0a0dce1d5ea8c538

SHA512
4496a59a970b99b3774ae537c5648cb5da43ca53459953e11b4e01c996ee22fe28c39978141573d52940aaaad268c81c325403588a86499e270a7641e8982b2b

Download Submit
C:\Windows\system\QwwuNiu.exe

Filesize
6.1MB

MD5
500f85a0af2e9458e4f41dd71a9567b8

SHA1
ad0a7e06272d02890e46bbd53c7efed41e513e16

SHA256
84810f2726a3093aa5c62e6deb269558b3b5daf5c867c15ae409651b0db4f05a

SHA512
48404db6409a9e674378c6c8992ddb83ff160997653a67fd170f2d0384fa2a7b4d0105c453363e8177f0f313999601ee4eee3eb4624fbd629352f2770afb8c89

Download Submit
C:\Windows\system\SepKVqi.exe

Filesize
6.1MB

MD5
9fffb1c9e8eb41a0aa93187f30be3b73

SHA1
37ae22b8de21d39b5ee80717c9ee8bda10b8731c

SHA256
6739216f98a28c0818c703a2f501b5a7bcbafbe06a00dd9704413f6a680bf873

SHA512
c9b3b836dfd9302044a85e4b92c4baa1af4ad8779a168ad22303916a83ec0638f7796a48e615000347f149e2f267fe1f71116acd356e5511e051385c1591a22e

Download Submit
C:\Windows\system\UNXLEPY.exe

Filesize
6.1MB

MD5
2b5a1c44cf06002d95ff14914301e52c

SHA1
e4745b57d0c733e7283f6020ceca4bda4a5c9039

SHA256
f96de834c561a2cea8926149d57f82909adfd2d46d1ef5cbfee3e44869b0899b

SHA512
c43921bdebcacbbbea6ddc3700de5d0b5dfcea5219d8b42573d79fac7f7a6f29f207ffafe1381d3c368043a5300c1683cab411a4b995e2a37933d83f61543e19

Download Submit
C:\Windows\system\UqYhUWU.exe

Filesize
6.1MB

MD5
fb7072968797c12ab0e5c092864534eb

SHA1
34a96c07e98b7bedd58bc2bb82a7457031ceb1da

SHA256
147c18995385f5647751d4eca3694188f606e1f56fb0ffdc9358c7295ab94596

SHA512
9f8ce1845214788079e88a3bc3bd0086a489bcd185195a7d3506713afa83977b5c8984f61b26b752fc4d7dbba90cb75a889ae2706da720ce086c0277d49cd79f

Download Submit
C:\Windows\system\XYlAbMH.exe

Filesize
6.1MB

MD5
d3c5c13480d5583b878e0d2a13bcb145

SHA1
f982a3ad497b40f8ea74c5333a4a93b012300336

SHA256
e6a0b240941b260046ef46a9c2a36d318c9765a5112d3ed40d0fc1e3c726f1c0

SHA512
c24bc627c0e16c33ad4b554da9037b28e04303a22ea4549d75de8229d0f3f329479a84ba60ad5c12ee69573eb01f5ca82b60da17833eb2f48cd38752b715c5ef

Download Submit
C:\Windows\system\aTyGykp.exe

Filesize
6.1MB

MD5
558931e140049f4a12d938d56e0cd677

SHA1
d053e3d956179b9afbcd04350792ecc4b0b1cf22

SHA256
2f64aeb32da4144a6f7d71ea33e1cd59e555b0aa0d172513d2f1bc1a22492a37

SHA512
37b0819846a01e818bab0d1e100844c5a43605a8b8ac5b3ee95a5f27a94ef2745b1c081ef452da481c2eb2fa9a998bda60711d16137d32e052db74a1812678a3

Download Submit
C:\Windows\system\cyaObZR.exe

Filesize
6.1MB

MD5
151d39c25f02ad61ca48a8d5951ccfa4

SHA1
ef7398fe5901d27003fdc7c6c96a107fcc4ac22c

SHA256
7a312a8e4ea1a5e919cf5593fdbffbf9ed485e019271a7a264c3a85bd57fe12a

SHA512
be827e610c1900d6880f9f36272dbad123ad4b8bad12f3d0fded76f77bd36ae28bd8e0ea913f4b644f3849742ab8386ff6eb5783bfc1fe945b684c05ea460d38

Download Submit
C:\Windows\system\eBFzKVC.exe

Filesize
6.1MB

MD5
6f44d89fc2c71c642f1d1f8838692f73

SHA1
24af19e44e4f27081609080cd7a77c3be1f4c5e4

SHA256
eb32d6d28c37e5c4348eb1a50fad03cf94a6601bd7f17b40c549f3ccfc45b752

SHA512
3fc82dc5899e0d745a45d2e3882d2471ae38189aa7085a9930c9d08c0c1dc17a5eb08e0aa29dc49f6fadd5a66e8d74ed05b2a4ef44b5079e8d25a5dd5d836c49

Download Submit
C:\Windows\system\keFVnxf.exe

Filesize
6.1MB

MD5
140945316477270799c2ad3e50f616ca

SHA1
fa358489fd2c51ff518657fab7ab67707fcbabde

SHA256
11b1e5abccc1e722d6da6fa41230bf9d7991d4af15f5e34508bbb9b4d4705674

SHA512
d0102abe140558e7a3ebb33b639e5aebfe5ab3c0a1f16cce1b07f4e323bbc2f7c54d47a0a30124e5dcc99a8b616f848b1c865a69a39febb988e9e5a0014989c8

Download Submit
C:\Windows\system\ktuugpy.exe

Filesize
6.1MB

MD5
7f136a5013c0f3b0879bff6304f9f555

SHA1
71ae534f445bc50f5b48eaa036add29786f3de0b

SHA256
e40af83811aeb022b296f67a6a5c8acdca4648e3efc2180eb09609076a895cad

SHA512
2a8675a1b0fffac2134ca3bb39dedb879cc8ffeaedbcdb44d667e0543ce6b438b7b5f9897482ab37f9e19c42405c214d9dcbfb161d318dd9962ed18379f01c3f

Download Submit
C:\Windows\system\mPslHQo.exe

Filesize
6.1MB

MD5
495316e06faadd5ba8e32647ab76f846

SHA1
615e66b2fcccb59277967fd5d9d0da374de74539

SHA256
751927625dbb779822c98db23c4349f65907857f7a70b9349ff6fd0cd99a4a24

SHA512
4a7db25d29603fcb4964631ecdec8bc466bae8f129e6032e0c481140f1cf359ef18d7e60620b97de8d9e0e015dbc000b82f221760bd6125d5c20a21c54729b24

Download Submit
C:\Windows\system\mjSnxIG.exe

Filesize
6.1MB

MD5
413c31ec61507f792e0fe41615d0adcb

SHA1
ecd9dafd39899a2a97416f73ea6e6ee1463d3285

SHA256
1a67d9e8272658d07674fbefb5eda449b3a8281db7872a33962ede6d76810a2c

SHA512
329339c49d638e415f4528908da3f4203311414755f8faa1dd09e8cf8ad6f61c6376b9dccacc0a0bbc67435ae24e3ca900943171fe1eea50c9472de861a804cc

Download Submit
C:\Windows\system\ohDfRxx.exe

Filesize
6.1MB

MD5
6884dc018ea9df1dcaaf0921f9ad03a9

SHA1
287ce7b658e27dc7ccc947f1041c7aa2432bc2ba

SHA256
d9d2737f5a4d8d5e67bed8278e8014ac27d946d3005228ee1f706f9ba524bdef

SHA512
167dbf0066712f285a0fc8602c108ebd94e13d17319970aaba49b34eec90e1e23ef79a1bdf38d7fe1a8cbfbb086e3346f7bde186b379a324bc197d6fbc0f1f6e

Download Submit
C:\Windows\system\pgQvxDY.exe

Filesize
6.1MB

MD5
e7ccdd27ff01ad3ef544c637a891c87f

SHA1
305487e8d0ba8143a08bfa191162ceda86ab815b

SHA256
31731cf699a129fcf14d18f160f3414249a2ca503226fb8cd2ef9d93ddd1dd7a

SHA512
ae09b04c703e95ecd32ce45a7afebe5ca7370b4aa665eabe013297a7606f3e3e39ee2696145c601880bf646898a8d902b4b05e42e2fba72bfc58efb7d3b9b672

Download Submit
C:\Windows\system\qWmHBPP.exe

Filesize
6.1MB

MD5
65a6d9fce7be651d71f7bf572a5237c0

SHA1
86f3927e68b0894db1ce284e0cb42babfe562e15

SHA256
5b731ce911ef68fb7a5883b4c2d87436cc9e5a4388685386a6c0dc2cf1056251

SHA512
d799c5d9a1479251c5a0b0951dbf8552a8f56754371bd437d6b1fe85bcb5989de69e6186f4f9b1f2aa18e874330e6914ee53086160f38f176e7b5430f52786ed

Download Submit
C:\Windows\system\ujONVYj.exe

Filesize
6.1MB

MD5
64b5337a6daf0b689a99712bea09cd95

SHA1
f5347eeabf2b20ebb30c9e07e634a1fb9fe9dc6d

SHA256
e4b24af11e0aaba1764601f75ec6d35aff80d04e7770987ee1043e8532a88d72

SHA512
4904c5420378b61a6fb1a9286c009736c7382f0b8d8515e630420d02519e80082a4ae998b694a0a41706e80f3844619b490d503716f756d50f2fde712688e3c7

Download Submit
C:\Windows\system\viZRLnU.exe

Filesize
6.1MB

MD5
0d489edb892aad61e362de09d0493df3

SHA1
d9f626b92c4efc5715fc1f244ef5a4da6cfc25ef

SHA256
48f40826c7c092a3240635d8f6e08371939347e92fc450d0c445697716ac5498

SHA512
f11b45f7339dbb50465d9b70624bdca90d26ede614422b225191f176de32b03ed06d5aaaa695eee3808100496d2b0aba7a9dd90ebe226e5ed90cde4349962815

Download Submit
C:\Windows\system\wIlkfJj.exe

Filesize
6.1MB

MD5
a80e02c1a3eaa9432f51a563c80419ca

SHA1
8084aa069f2889127dddaf86640b355614c68e24

SHA256
0c59834305ba03f565ce3ae86493ffacf4ab539256ad79260b97fb9654068ece

SHA512
0c4aee84cc5797e761a917edef9e93a02af8bcc7ec7351c3cad1b18bae160ed425f1cca386aa5a2b04317967e78493c8c62ee427cf575a427c679b5b470f7a49

Download Submit
C:\Windows\system\ylvkgvl.exe

Filesize
6.1MB

MD5
5031a496198018d8377313ce082c439a

SHA1
be216ef7d26591339f8715133bc9a8ba5f0c645c

SHA256
7822c89b7bce6703adf5e20d802bbe6e1632375548e258bdc878668e5ce6a2fa

SHA512
d95439221e7871cd1bc165a8ff5f32e29f934056e4fd78c3161499566eafa190761829ff086ea8b4b2cd549b12e211a65557ac3f27abd0aa3097f96bc909fa44

Download Submit
\Windows\system\BAeaBuC.exe

Filesize
6.1MB

MD5
64f5374219d5695daa390085220f8e8a

SHA1
ab459264260c80da2e8d92971a61b7b4afdebde0

SHA256
010c3ece848143131ba62bf17ec40c6a12c90c45f8c4f2446ebd316e98882eda

SHA512
e8da256d344b51ca2a69f4871e95c1d790fc69d1c12fbc7eef2a446b4020655836043fce8646cd137339bd7ecd8af7bee34bd6969d64e14abe20d453146f3aa2

Download Submit
\Windows\system\FBZADpi.exe

Filesize
6.1MB

MD5
a637718498fe0949c31d066cc5fadd08

SHA1
ede70a34ab6ddae92f9efdc2123d4c09724ea548

SHA256
05477e77e8941ac06a253a7be7a36a78e8338f46fe7a2f4f1016e2a8769cad4e

SHA512
6801f2043837a0808f6a4e886930515cd7a96efa45020638aebf4d03b23861cd22fc21bda66fc35e71ed56c9892bbe6c4739a51b304e9e30dc0fb20a57f82ab7

Download Submit
\Windows\system\FthyCBE.exe

Filesize
6.1MB

MD5
3f4c956708fdeccdb3b0716193c0cf0c

SHA1
fb809166bfdf987f249d2d7feaa46782dd49f649

SHA256
c47d78e5ef79cfaaf1a864e7b225ae982fec3e6faba0163ef2c24504b86a6deb

SHA512
a49a7fe286bf039ea372b6c6ce34fb711943a4ffee841e813ff7727625268cdbe8c733fc35b248f66e7c37eb8ce790988f63e089a7762b6313c3c5fcb94f4590

Download Submit
\Windows\system\VALUqLI.exe

Filesize
6.1MB

MD5
da1ed2fffb94632a802eadcd6ecbf034

SHA1
2698cd3a143d930f788a3dc1f4e60f2179914bfa

SHA256
2b31eb02dae5649cd72ad56ec6d727b4f4ecb436af7344b6bb5abfc1cf62400f

SHA512
4c91e9d4de70e6fbc7efd9df76640c0246cf436415a07175faf46bc98f2c7e9e8b2734a5c563998d6984e3ece76d300bdbda52bc988e2a1c24d8a45971c674f1

Download Submit
memory/580-4034-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/580-78-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/604-4032-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/604-80-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1040-88-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1040-4033-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1524-51-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1524-4030-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1808-4035-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1808-79-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1169-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2068-99-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2068-4037-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2172-53-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2172-570-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2172-4031-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2196-92-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-4036-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-46-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4029-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4027-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2696-33-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2724-15-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-94-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4023-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2748-9-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2816-760-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-8-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2816-41-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-487-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-91-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2816-76-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1389-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-34-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2816-100-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-772-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-0-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-60-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2816-40-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2816-63-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2816-756-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2816-89-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-928-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2924-4028-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2924-32-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2948-21-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4026-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download