cobaltstrike | 77f715afc909001ea68970aff88d0680a77c388b7d2efe3e7da1bb010933ca95

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

78157e3684830cac82e27935bf3801f7
SHA1

02f241e80c95e17af13e006854a694a2d1d3545a
SHA256

77f715afc909001ea68970aff88d0680a77c388b7d2efe3e7da1bb010933ca95
SHA512

5246dbbc37718767a212107beb85f5c7100ed9553cfc6a477a5bfd222fcb24e36cff1d47feb2e9ea1d47e9e9184d79a932ffdf174414a57db568950bd3bb059a
SSDEEP

98304:demTLkNdfE0pZ3G56utgpPFotBER/mQ32lUA:E+P56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001924c-8.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001926b-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019271-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019277-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019389-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-148.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193c4-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019382-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2260-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x000700000001924c-8.dat	xmrig
behavioral1/files/0x000700000001926b-17.dat	xmrig
behavioral1/memory/2156-23-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019271-24.dat	xmrig
behavioral1/memory/2908-29-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019277-34.dat	xmrig
behavioral1/files/0x0006000000019389-44.dat	xmrig
behavioral1/files/0x0005000000019d2d-134.dat	xmrig
behavioral1/files/0x000500000001a311-189.dat	xmrig
behavioral1/memory/2764-849-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2908-410-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c63-180.dat	xmrig
behavioral1/files/0x0005000000019c48-178.dat	xmrig
behavioral1/files/0x000500000001a08b-173.dat	xmrig
behavioral1/files/0x00050000000196be-166.dat	xmrig
behavioral1/files/0x0005000000019639-163.dat	xmrig
behavioral1/files/0x0005000000019fc9-160.dat	xmrig
behavioral1/files/0x0005000000019623-150.dat	xmrig
behavioral1/files/0x0005000000019dc1-148.dat	xmrig
behavioral1/files/0x00080000000193c4-140.dat	xmrig
behavioral1/files/0x0005000000019d54-136.dat	xmrig
behavioral1/memory/2260-118-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2668-110-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196f6-109.dat	xmrig
behavioral1/files/0x000500000001998a-106.dat	xmrig
behavioral1/memory/2260-100-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b3-183.dat	xmrig
behavioral1/files/0x0005000000019627-78.dat	xmrig
behavioral1/files/0x0005000000019620-56.dat	xmrig
behavioral1/files/0x000500000001a078-169.dat	xmrig
behavioral1/files/0x0005000000019faf-156.dat	xmrig
behavioral1/files/0x0005000000019db5-143.dat	xmrig
behavioral1/files/0x0005000000019c4a-132.dat	xmrig
behavioral1/files/0x0005000000019c43-121.dat	xmrig
behavioral1/memory/1832-114-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2752-102-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x000500000001967d-92.dat	xmrig
behavioral1/memory/2892-84-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000019629-81.dat	xmrig
behavioral1/memory/2764-43-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2780-77-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2844-76-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019625-72.dat	xmrig
behavioral1/files/0x0005000000019621-70.dat	xmrig
behavioral1/files/0x000500000001961f-69.dat	xmrig
behavioral1/files/0x0006000000019382-38.dat	xmrig
behavioral1/memory/2260-41-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/700-37-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2344-15-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2268-14-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2752-3716-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2844-3718-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1832-3721-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2156-3720-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2892-3724-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2668-3723-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/700-3722-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2344-3719-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2780-3717-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2268-4204-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2764-4206-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2908-4218-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2344	tfgNVvj.exe
2268	ANnucGG.exe
2156	JMYJsqm.exe
2908	WYzNsYr.exe
700	SyJWMZd.exe
2764	WnMMtcC.exe
2892	nIdrucn.exe
2752	aPypzrR.exe
2844	EkNXrOy.exe
2780	eiWoztW.exe
2668	UQjgjBc.exe
1832	BKZRtge.exe
1600	jdnMSRP.exe
1820	kZVNIzC.exe
2936	oatmyfy.exe
2948	YSTqQVA.exe
2880	CYNgwWr.exe
2356	BtAdicO.exe
2724	ltutBTQ.exe
600	ulouqWO.exe
2076	nwypLlq.exe
2672	RYlgvlm.exe
2652	xhTCJEh.exe
892	xwAomWI.exe
2580	vOMZXRs.exe
2012	DtavYzE.exe
2852	LpZhKVn.exe
1380	HvOMFvn.exe
1868	Yixaejr.exe
776	UaPgICY.exe
2396	BUULVpa.exe
1668	brTDueS.exe
2348	QxPaJyo.exe
616	oZLcWSI.exe
2984	tpffTKE.exe
928	POpYiAr.exe
1664	TQjBGXT.exe
784	eRHGaXf.exe
1772	vtUiseo.exe
716	eACNXsl.exe
2544	oWlKsuo.exe
532	iRSYCNi.exe
2572	QRWeqwb.exe
1156	IRMwZvy.exe
1508	flVdEui.exe
372	ooexIhC.exe
1792	sMjDlwU.exe
1588	MGDjPHq.exe
896	ToGVRmt.exe
2516	zjMCvNd.exe
1584	bHExAIL.exe
1692	tIVETNu.exe
2528	hJiskhD.exe
2836	LMpfLAg.exe
2968	onKkkHP.exe
680	DVcuZyd.exe
652	jtbPSSa.exe
2708	gNefHNK.exe
2800	rFoHWQx.exe
2720	vgGToEM.exe
1712	lunOPNO.exe
1268	GociAMg.exe
1996	nBUEEpj.exe
1872	biFNSBE.exe

Loads dropped DLL 64 IoCs

pid	Process
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2260-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x000700000001924c-8.dat	upx
behavioral1/files/0x000700000001926b-17.dat	upx
behavioral1/memory/2156-23-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0007000000019271-24.dat	upx
behavioral1/memory/2908-29-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0006000000019277-34.dat	upx
behavioral1/files/0x0006000000019389-44.dat	upx
behavioral1/files/0x0005000000019d2d-134.dat	upx
behavioral1/files/0x000500000001a311-189.dat	upx
behavioral1/memory/2764-849-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2908-410-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0005000000019c63-180.dat	upx
behavioral1/files/0x0005000000019c48-178.dat	upx
behavioral1/files/0x000500000001a08b-173.dat	upx
behavioral1/files/0x00050000000196be-166.dat	upx
behavioral1/files/0x0005000000019639-163.dat	upx
behavioral1/files/0x0005000000019fc9-160.dat	upx
behavioral1/files/0x0005000000019623-150.dat	upx
behavioral1/files/0x0005000000019dc1-148.dat	upx
behavioral1/files/0x00080000000193c4-140.dat	upx
behavioral1/files/0x0005000000019d54-136.dat	upx
behavioral1/memory/2668-110-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x00050000000196f6-109.dat	upx
behavioral1/files/0x000500000001998a-106.dat	upx
behavioral1/files/0x000500000001a0b3-183.dat	upx
behavioral1/files/0x0005000000019627-78.dat	upx
behavioral1/files/0x0005000000019620-56.dat	upx
behavioral1/files/0x000500000001a078-169.dat	upx
behavioral1/files/0x0005000000019faf-156.dat	upx
behavioral1/files/0x0005000000019db5-143.dat	upx
behavioral1/files/0x0005000000019c4a-132.dat	upx
behavioral1/files/0x0005000000019c43-121.dat	upx
behavioral1/memory/1832-114-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2752-102-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x000500000001967d-92.dat	upx
behavioral1/memory/2892-84-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000019629-81.dat	upx
behavioral1/memory/2764-43-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2780-77-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2844-76-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0005000000019625-72.dat	upx
behavioral1/files/0x0005000000019621-70.dat	upx
behavioral1/files/0x000500000001961f-69.dat	upx
behavioral1/files/0x0006000000019382-38.dat	upx
behavioral1/memory/2260-41-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/700-37-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2344-15-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2268-14-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2752-3716-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2844-3718-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1832-3721-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2156-3720-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2892-3724-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2668-3723-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/700-3722-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2344-3719-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2780-3717-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2268-4204-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2764-4206-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2908-4218-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gwquWZo.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVmoQCk.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bivadJZ.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjhIUYo.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtKDwnG.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqWxLcV.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPypzrR.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKZRtge.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfPmfeA.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHtEVIF.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQeFkPI.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGcivHE.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YICWNeA.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmkjufE.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVvlWpC.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyOnsfg.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtcXQaI.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYhOIyH.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYeHVEb.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwgTnTI.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voHJGFp.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFhljCq.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqvzJmc.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEPzrtY.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFVCuXo.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxvgGrC.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lunOPNO.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToQUOHW.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weKhMjJ.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrUZPdV.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFvEcut.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyVIwwO.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yixaejr.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIkWFfY.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzwiBAb.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjaDXnQ.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JupyXgh.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwpUYuA.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odRWAKF.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmVCALp.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kIVuUcX.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMwRMWK.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDMBnWq.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpufXlr.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCkYacw.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWJDoeO.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpgmmBz.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckFlreB.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPOEydP.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgIFqoh.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqHfSMa.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMuHluf.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcFnCUv.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYNgwWr.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaPgICY.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQzqQBD.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXKBWkY.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFrvuQF.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVJecaz.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGGzZwG.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHqqCGz.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZVNIzC.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJCsBwR.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQAoRJQ.exe	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2344	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2260 wrote to memory of 2344	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2260 wrote to memory of 2344	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2260 wrote to memory of 2268	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2260 wrote to memory of 2268	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2260 wrote to memory of 2268	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2260 wrote to memory of 2156	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2260 wrote to memory of 2156	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2260 wrote to memory of 2156	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2260 wrote to memory of 2908	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2260 wrote to memory of 2908	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2260 wrote to memory of 2908	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2260 wrote to memory of 700	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2260 wrote to memory of 700	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2260 wrote to memory of 700	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2260 wrote to memory of 2764	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2260 wrote to memory of 2764	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2260 wrote to memory of 2764	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2260 wrote to memory of 2892	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2260 wrote to memory of 2892	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2260 wrote to memory of 2892	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2260 wrote to memory of 2880	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2260 wrote to memory of 2880	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2260 wrote to memory of 2880	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2260 wrote to memory of 2752	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2260 wrote to memory of 2752	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2260 wrote to memory of 2752	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2260 wrote to memory of 2724	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2260 wrote to memory of 2724	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2260 wrote to memory of 2724	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2260 wrote to memory of 2844	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2260 wrote to memory of 2844	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2260 wrote to memory of 2844	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2260 wrote to memory of 600	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2260 wrote to memory of 600	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2260 wrote to memory of 600	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2260 wrote to memory of 2780	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2260 wrote to memory of 2780	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2260 wrote to memory of 2780	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2260 wrote to memory of 2672	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2260 wrote to memory of 2672	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2260 wrote to memory of 2672	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2260 wrote to memory of 2668	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2260 wrote to memory of 2668	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2260 wrote to memory of 2668	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2260 wrote to memory of 2652	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2260 wrote to memory of 2652	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2260 wrote to memory of 2652	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2260 wrote to memory of 1832	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2260 wrote to memory of 1832	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2260 wrote to memory of 1832	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2260 wrote to memory of 892	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2260 wrote to memory of 892	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2260 wrote to memory of 892	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2260 wrote to memory of 1600	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2260 wrote to memory of 1600	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2260 wrote to memory of 1600	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2260 wrote to memory of 2012	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2260 wrote to memory of 2012	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2260 wrote to memory of 2012	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2260 wrote to memory of 1820	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2260 wrote to memory of 1820	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2260 wrote to memory of 1820	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2260 wrote to memory of 2852	2260	2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-19_78157e3684830cac82e27935bf3801f7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\System\tfgNVvj.exe
  C:\Windows\System\tfgNVvj.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\ANnucGG.exe
  C:\Windows\System\ANnucGG.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\JMYJsqm.exe
  C:\Windows\System\JMYJsqm.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\WYzNsYr.exe
  C:\Windows\System\WYzNsYr.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\SyJWMZd.exe
  C:\Windows\System\SyJWMZd.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\WnMMtcC.exe
  C:\Windows\System\WnMMtcC.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\nIdrucn.exe
  C:\Windows\System\nIdrucn.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\CYNgwWr.exe
  C:\Windows\System\CYNgwWr.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\aPypzrR.exe
  C:\Windows\System\aPypzrR.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ltutBTQ.exe
  C:\Windows\System\ltutBTQ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\EkNXrOy.exe
  C:\Windows\System\EkNXrOy.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ulouqWO.exe
  C:\Windows\System\ulouqWO.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\eiWoztW.exe
  C:\Windows\System\eiWoztW.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\RYlgvlm.exe
  C:\Windows\System\RYlgvlm.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\UQjgjBc.exe
  C:\Windows\System\UQjgjBc.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\xhTCJEh.exe
  C:\Windows\System\xhTCJEh.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\BKZRtge.exe
  C:\Windows\System\BKZRtge.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\xwAomWI.exe
  C:\Windows\System\xwAomWI.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\jdnMSRP.exe
  C:\Windows\System\jdnMSRP.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\DtavYzE.exe
  C:\Windows\System\DtavYzE.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\kZVNIzC.exe
  C:\Windows\System\kZVNIzC.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\LpZhKVn.exe
  C:\Windows\System\LpZhKVn.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\oatmyfy.exe
  C:\Windows\System\oatmyfy.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\HvOMFvn.exe
  C:\Windows\System\HvOMFvn.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\YSTqQVA.exe
  C:\Windows\System\YSTqQVA.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\UaPgICY.exe
  C:\Windows\System\UaPgICY.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\BtAdicO.exe
  C:\Windows\System\BtAdicO.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\BUULVpa.exe
  C:\Windows\System\BUULVpa.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\nwypLlq.exe
  C:\Windows\System\nwypLlq.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\QxPaJyo.exe
  C:\Windows\System\QxPaJyo.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\vOMZXRs.exe
  C:\Windows\System\vOMZXRs.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\oZLcWSI.exe
  C:\Windows\System\oZLcWSI.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\Yixaejr.exe
  C:\Windows\System\Yixaejr.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\tpffTKE.exe
  C:\Windows\System\tpffTKE.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\brTDueS.exe
  C:\Windows\System\brTDueS.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\TQjBGXT.exe
  C:\Windows\System\TQjBGXT.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\POpYiAr.exe
  C:\Windows\System\POpYiAr.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\vtUiseo.exe
  C:\Windows\System\vtUiseo.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\eRHGaXf.exe
  C:\Windows\System\eRHGaXf.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\eACNXsl.exe
  C:\Windows\System\eACNXsl.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\oWlKsuo.exe
  C:\Windows\System\oWlKsuo.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\iRSYCNi.exe
  C:\Windows\System\iRSYCNi.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\QRWeqwb.exe
  C:\Windows\System\QRWeqwb.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\IRMwZvy.exe
  C:\Windows\System\IRMwZvy.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\flVdEui.exe
  C:\Windows\System\flVdEui.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\sMjDlwU.exe
  C:\Windows\System\sMjDlwU.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\ooexIhC.exe
  C:\Windows\System\ooexIhC.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\ToGVRmt.exe
  C:\Windows\System\ToGVRmt.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\MGDjPHq.exe
  C:\Windows\System\MGDjPHq.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\zjMCvNd.exe
  C:\Windows\System\zjMCvNd.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\bHExAIL.exe
  C:\Windows\System\bHExAIL.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\tIVETNu.exe
  C:\Windows\System\tIVETNu.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\hJiskhD.exe
  C:\Windows\System\hJiskhD.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\jtbPSSa.exe
  C:\Windows\System\jtbPSSa.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\LMpfLAg.exe
  C:\Windows\System\LMpfLAg.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\rFoHWQx.exe
  C:\Windows\System\rFoHWQx.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\onKkkHP.exe
  C:\Windows\System\onKkkHP.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\vgGToEM.exe
  C:\Windows\System\vgGToEM.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\DVcuZyd.exe
  C:\Windows\System\DVcuZyd.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\lunOPNO.exe
  C:\Windows\System\lunOPNO.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\gNefHNK.exe
  C:\Windows\System\gNefHNK.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\nBUEEpj.exe
  C:\Windows\System\nBUEEpj.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\GociAMg.exe
  C:\Windows\System\GociAMg.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\iIqTQnL.exe
  C:\Windows\System\iIqTQnL.exe
  2⤵
  PID:2128
- C:\Windows\System\biFNSBE.exe
  C:\Windows\System\biFNSBE.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\kEAImZj.exe
  C:\Windows\System\kEAImZj.exe
  2⤵
  PID:1540
- C:\Windows\System\iruWion.exe
  C:\Windows\System\iruWion.exe
  2⤵
  PID:2636
- C:\Windows\System\HJnKxwp.exe
  C:\Windows\System\HJnKxwp.exe
  2⤵
  PID:1520
- C:\Windows\System\gzuvAPI.exe
  C:\Windows\System\gzuvAPI.exe
  2⤵
  PID:3024
- C:\Windows\System\LsMAJLp.exe
  C:\Windows\System\LsMAJLp.exe
  2⤵
  PID:1976
- C:\Windows\System\IbkALoZ.exe
  C:\Windows\System\IbkALoZ.exe
  2⤵
  PID:1304
- C:\Windows\System\CLAdNWi.exe
  C:\Windows\System\CLAdNWi.exe
  2⤵
  PID:1356
- C:\Windows\System\qsdOMMj.exe
  C:\Windows\System\qsdOMMj.exe
  2⤵
  PID:2212
- C:\Windows\System\NXxGMMm.exe
  C:\Windows\System\NXxGMMm.exe
  2⤵
  PID:2296
- C:\Windows\System\EeIyxvH.exe
  C:\Windows\System\EeIyxvH.exe
  2⤵
  PID:1944
- C:\Windows\System\sZqSpdg.exe
  C:\Windows\System\sZqSpdg.exe
  2⤵
  PID:1560
- C:\Windows\System\qODqyen.exe
  C:\Windows\System\qODqyen.exe
  2⤵
  PID:3056
- C:\Windows\System\TqPUqWh.exe
  C:\Windows\System\TqPUqWh.exe
  2⤵
  PID:2148
- C:\Windows\System\ODHEFFB.exe
  C:\Windows\System\ODHEFFB.exe
  2⤵
  PID:1920
- C:\Windows\System\peQqTuO.exe
  C:\Windows\System\peQqTuO.exe
  2⤵
  PID:1684
- C:\Windows\System\gDHblpS.exe
  C:\Windows\System\gDHblpS.exe
  2⤵
  PID:2420
- C:\Windows\System\puwXKsS.exe
  C:\Windows\System\puwXKsS.exe
  2⤵
  PID:1556
- C:\Windows\System\mwadYzD.exe
  C:\Windows\System\mwadYzD.exe
  2⤵
  PID:2196
- C:\Windows\System\zrFUyvM.exe
  C:\Windows\System\zrFUyvM.exe
  2⤵
  PID:2884
- C:\Windows\System\ccxYRrV.exe
  C:\Windows\System\ccxYRrV.exe
  2⤵
  PID:3008
- C:\Windows\System\pxryqSB.exe
  C:\Windows\System\pxryqSB.exe
  2⤵
  PID:1144
- C:\Windows\System\OVChznt.exe
  C:\Windows\System\OVChznt.exe
  2⤵
  PID:2316
- C:\Windows\System\xZcbzvA.exe
  C:\Windows\System\xZcbzvA.exe
  2⤵
  PID:304
- C:\Windows\System\jtDKISz.exe
  C:\Windows\System\jtDKISz.exe
  2⤵
  PID:1796
- C:\Windows\System\YXKhRXE.exe
  C:\Windows\System\YXKhRXE.exe
  2⤵
  PID:1060
- C:\Windows\System\djHCqSp.exe
  C:\Windows\System\djHCqSp.exe
  2⤵
  PID:2568
- C:\Windows\System\qgfKoIR.exe
  C:\Windows\System\qgfKoIR.exe
  2⤵
  PID:1972
- C:\Windows\System\maXpwRF.exe
  C:\Windows\System\maXpwRF.exe
  2⤵
  PID:2972
- C:\Windows\System\gmnlUas.exe
  C:\Windows\System\gmnlUas.exe
  2⤵
  PID:2172
- C:\Windows\System\RAoswIp.exe
  C:\Windows\System\RAoswIp.exe
  2⤵
  PID:3088
- C:\Windows\System\KXLOJyi.exe
  C:\Windows\System\KXLOJyi.exe
  2⤵
  PID:3112
- C:\Windows\System\iHJvsiE.exe
  C:\Windows\System\iHJvsiE.exe
  2⤵
  PID:3128
- C:\Windows\System\aBVDyhf.exe
  C:\Windows\System\aBVDyhf.exe
  2⤵
  PID:3148
- C:\Windows\System\oFWyNUk.exe
  C:\Windows\System\oFWyNUk.exe
  2⤵
  PID:3164
- C:\Windows\System\osLjOqV.exe
  C:\Windows\System\osLjOqV.exe
  2⤵
  PID:3180
- C:\Windows\System\HkJGhVp.exe
  C:\Windows\System\HkJGhVp.exe
  2⤵
  PID:3200
- C:\Windows\System\bwgjtVU.exe
  C:\Windows\System\bwgjtVU.exe
  2⤵
  PID:3220
- C:\Windows\System\cxoqphQ.exe
  C:\Windows\System\cxoqphQ.exe
  2⤵
  PID:3236
- C:\Windows\System\WKWsVZq.exe
  C:\Windows\System\WKWsVZq.exe
  2⤵
  PID:3264
- C:\Windows\System\hTCbvkN.exe
  C:\Windows\System\hTCbvkN.exe
  2⤵
  PID:3288
- C:\Windows\System\UQzqQBD.exe
  C:\Windows\System\UQzqQBD.exe
  2⤵
  PID:3304
- C:\Windows\System\ihzVzUX.exe
  C:\Windows\System\ihzVzUX.exe
  2⤵
  PID:3320
- C:\Windows\System\EqXXPwE.exe
  C:\Windows\System\EqXXPwE.exe
  2⤵
  PID:3340
- C:\Windows\System\HUDFoYx.exe
  C:\Windows\System\HUDFoYx.exe
  2⤵
  PID:3356
- C:\Windows\System\TTrPuSa.exe
  C:\Windows\System\TTrPuSa.exe
  2⤵
  PID:3372
- C:\Windows\System\kqhniso.exe
  C:\Windows\System\kqhniso.exe
  2⤵
  PID:3400
- C:\Windows\System\yvKavit.exe
  C:\Windows\System\yvKavit.exe
  2⤵
  PID:3416
- C:\Windows\System\CWYZXoT.exe
  C:\Windows\System\CWYZXoT.exe
  2⤵
  PID:3432
- C:\Windows\System\nxxIovO.exe
  C:\Windows\System\nxxIovO.exe
  2⤵
  PID:3448
- C:\Windows\System\ZeQgCLB.exe
  C:\Windows\System\ZeQgCLB.exe
  2⤵
  PID:3464
- C:\Windows\System\QRPWhNa.exe
  C:\Windows\System\QRPWhNa.exe
  2⤵
  PID:3484
- C:\Windows\System\fVIGLIK.exe
  C:\Windows\System\fVIGLIK.exe
  2⤵
  PID:3512
- C:\Windows\System\gTgJCzo.exe
  C:\Windows\System\gTgJCzo.exe
  2⤵
  PID:3536
- C:\Windows\System\icLOqxp.exe
  C:\Windows\System\icLOqxp.exe
  2⤵
  PID:3576
- C:\Windows\System\xDXMlgg.exe
  C:\Windows\System\xDXMlgg.exe
  2⤵
  PID:3612
- C:\Windows\System\LUEPWKY.exe
  C:\Windows\System\LUEPWKY.exe
  2⤵
  PID:3632
- C:\Windows\System\pHoopsU.exe
  C:\Windows\System\pHoopsU.exe
  2⤵
  PID:3656
- C:\Windows\System\WAZEkSb.exe
  C:\Windows\System\WAZEkSb.exe
  2⤵
  PID:3672
- C:\Windows\System\TnAAVyo.exe
  C:\Windows\System\TnAAVyo.exe
  2⤵
  PID:3692
- C:\Windows\System\rYUKUuv.exe
  C:\Windows\System\rYUKUuv.exe
  2⤵
  PID:3716
- C:\Windows\System\wglCpDO.exe
  C:\Windows\System\wglCpDO.exe
  2⤵
  PID:3736
- C:\Windows\System\TpvWmex.exe
  C:\Windows\System\TpvWmex.exe
  2⤵
  PID:3756
- C:\Windows\System\HQBRSnp.exe
  C:\Windows\System\HQBRSnp.exe
  2⤵
  PID:3776
- C:\Windows\System\EKFvorj.exe
  C:\Windows\System\EKFvorj.exe
  2⤵
  PID:3792
- C:\Windows\System\NrLavoz.exe
  C:\Windows\System\NrLavoz.exe
  2⤵
  PID:3812
- C:\Windows\System\ghskxDi.exe
  C:\Windows\System\ghskxDi.exe
  2⤵
  PID:3832
- C:\Windows\System\XASRKac.exe
  C:\Windows\System\XASRKac.exe
  2⤵
  PID:3852
- C:\Windows\System\KPFpKbq.exe
  C:\Windows\System\KPFpKbq.exe
  2⤵
  PID:3872
- C:\Windows\System\DGYenJF.exe
  C:\Windows\System\DGYenJF.exe
  2⤵
  PID:3896
- C:\Windows\System\LMmgIjg.exe
  C:\Windows\System\LMmgIjg.exe
  2⤵
  PID:3912
- C:\Windows\System\ClcnXsk.exe
  C:\Windows\System\ClcnXsk.exe
  2⤵
  PID:3936
- C:\Windows\System\pOnSUYb.exe
  C:\Windows\System\pOnSUYb.exe
  2⤵
  PID:3956
- C:\Windows\System\NUQgtyy.exe
  C:\Windows\System\NUQgtyy.exe
  2⤵
  PID:3972
- C:\Windows\System\EskMRey.exe
  C:\Windows\System\EskMRey.exe
  2⤵
  PID:3996
- C:\Windows\System\OADRFck.exe
  C:\Windows\System\OADRFck.exe
  2⤵
  PID:4016
- C:\Windows\System\BtCgfts.exe
  C:\Windows\System\BtCgfts.exe
  2⤵
  PID:4032
- C:\Windows\System\EWkjaFm.exe
  C:\Windows\System\EWkjaFm.exe
  2⤵
  PID:4052
- C:\Windows\System\hcxkXQI.exe
  C:\Windows\System\hcxkXQI.exe
  2⤵
  PID:4072
- C:\Windows\System\ueHXkOj.exe
  C:\Windows\System\ueHXkOj.exe
  2⤵
  PID:4092
- C:\Windows\System\RZojpWQ.exe
  C:\Windows\System\RZojpWQ.exe
  2⤵
  PID:2448
- C:\Windows\System\JkGgQLs.exe
  C:\Windows\System\JkGgQLs.exe
  2⤵
  PID:3068
- C:\Windows\System\cjymjYa.exe
  C:\Windows\System\cjymjYa.exe
  2⤵
  PID:1852
- C:\Windows\System\lKvbAng.exe
  C:\Windows\System\lKvbAng.exe
  2⤵
  PID:1696
- C:\Windows\System\QqyXQhI.exe
  C:\Windows\System\QqyXQhI.exe
  2⤵
  PID:548
- C:\Windows\System\NCPeGgc.exe
  C:\Windows\System\NCPeGgc.exe
  2⤵
  PID:1308
- C:\Windows\System\LNSkwag.exe
  C:\Windows\System\LNSkwag.exe
  2⤵
  PID:3020
- C:\Windows\System\oaXfMUE.exe
  C:\Windows\System\oaXfMUE.exe
  2⤵
  PID:2028
- C:\Windows\System\XnTtNKv.exe
  C:\Windows\System\XnTtNKv.exe
  2⤵
  PID:1336
- C:\Windows\System\YICWNeA.exe
  C:\Windows\System\YICWNeA.exe
  2⤵
  PID:2112
- C:\Windows\System\phncAKH.exe
  C:\Windows\System\phncAKH.exe
  2⤵
  PID:2988
- C:\Windows\System\spOXwfZ.exe
  C:\Windows\System\spOXwfZ.exe
  2⤵
  PID:2808
- C:\Windows\System\AVVSHvM.exe
  C:\Windows\System\AVVSHvM.exe
  2⤵
  PID:3104
- C:\Windows\System\ilquLBB.exe
  C:\Windows\System\ilquLBB.exe
  2⤵
  PID:3144
- C:\Windows\System\EbnVBin.exe
  C:\Windows\System\EbnVBin.exe
  2⤵
  PID:3212
- C:\Windows\System\IpMcGQg.exe
  C:\Windows\System\IpMcGQg.exe
  2⤵
  PID:3252
- C:\Windows\System\SKxLVbj.exe
  C:\Windows\System\SKxLVbj.exe
  2⤵
  PID:3260
- C:\Windows\System\PDoHAOt.exe
  C:\Windows\System\PDoHAOt.exe
  2⤵
  PID:3192
- C:\Windows\System\emJSqUx.exe
  C:\Windows\System\emJSqUx.exe
  2⤵
  PID:3300
- C:\Windows\System\ihmcrBp.exe
  C:\Windows\System\ihmcrBp.exe
  2⤵
  PID:3408
- C:\Windows\System\frudrze.exe
  C:\Windows\System\frudrze.exe
  2⤵
  PID:3480
- C:\Windows\System\uaMiWTM.exe
  C:\Windows\System\uaMiWTM.exe
  2⤵
  PID:3528
- C:\Windows\System\snHdkia.exe
  C:\Windows\System\snHdkia.exe
  2⤵
  PID:3284
- C:\Windows\System\uVyYUrq.exe
  C:\Windows\System\uVyYUrq.exe
  2⤵
  PID:3392
- C:\Windows\System\NCJaVDM.exe
  C:\Windows\System\NCJaVDM.exe
  2⤵
  PID:3460
- C:\Windows\System\WXNtUqc.exe
  C:\Windows\System\WXNtUqc.exe
  2⤵
  PID:3596
- C:\Windows\System\YEGoCGa.exe
  C:\Windows\System\YEGoCGa.exe
  2⤵
  PID:3544
- C:\Windows\System\uteJcsW.exe
  C:\Windows\System\uteJcsW.exe
  2⤵
  PID:3600
- C:\Windows\System\mTrBjXo.exe
  C:\Windows\System\mTrBjXo.exe
  2⤵
  PID:3640
- C:\Windows\System\VHVZYHd.exe
  C:\Windows\System\VHVZYHd.exe
  2⤵
  PID:3624
- C:\Windows\System\XlrXlkE.exe
  C:\Windows\System\XlrXlkE.exe
  2⤵
  PID:3664
- C:\Windows\System\sNQDKpJ.exe
  C:\Windows\System\sNQDKpJ.exe
  2⤵
  PID:3708
- C:\Windows\System\mwpXoBp.exe
  C:\Windows\System\mwpXoBp.exe
  2⤵
  PID:3768
- C:\Windows\System\nLTPPnp.exe
  C:\Windows\System\nLTPPnp.exe
  2⤵
  PID:3788
- C:\Windows\System\ActMeVi.exe
  C:\Windows\System\ActMeVi.exe
  2⤵
  PID:3840
- C:\Windows\System\RXRDrpP.exe
  C:\Windows\System\RXRDrpP.exe
  2⤵
  PID:3820
- C:\Windows\System\dCYSdtM.exe
  C:\Windows\System\dCYSdtM.exe
  2⤵
  PID:3924
- C:\Windows\System\IrsCmEE.exe
  C:\Windows\System\IrsCmEE.exe
  2⤵
  PID:3908
- C:\Windows\System\oJtkCqT.exe
  C:\Windows\System\oJtkCqT.exe
  2⤵
  PID:3948
- C:\Windows\System\wACbiuZ.exe
  C:\Windows\System\wACbiuZ.exe
  2⤵
  PID:3980
- C:\Windows\System\FmSRZoD.exe
  C:\Windows\System\FmSRZoD.exe
  2⤵
  PID:4040
- C:\Windows\System\bSeBcNX.exe
  C:\Windows\System\bSeBcNX.exe
  2⤵
  PID:4044
- C:\Windows\System\IMgiCYt.exe
  C:\Windows\System\IMgiCYt.exe
  2⤵
  PID:4068
- C:\Windows\System\aaNYyCO.exe
  C:\Windows\System\aaNYyCO.exe
  2⤵
  PID:2144
- C:\Windows\System\SWaVsRL.exe
  C:\Windows\System\SWaVsRL.exe
  2⤵
  PID:280
- C:\Windows\System\vfROyYZ.exe
  C:\Windows\System\vfROyYZ.exe
  2⤵
  PID:944
- C:\Windows\System\WOuUbsf.exe
  C:\Windows\System\WOuUbsf.exe
  2⤵
  PID:1804
- C:\Windows\System\TgsLmLm.exe
  C:\Windows\System\TgsLmLm.exe
  2⤵
  PID:2760
- C:\Windows\System\PAIMlZy.exe
  C:\Windows\System\PAIMlZy.exe
  2⤵
  PID:2408
- C:\Windows\System\iGCxaiv.exe
  C:\Windows\System\iGCxaiv.exe
  2⤵
  PID:1360
- C:\Windows\System\WiBqTkg.exe
  C:\Windows\System\WiBqTkg.exe
  2⤵
  PID:1756
- C:\Windows\System\BQxUzVU.exe
  C:\Windows\System\BQxUzVU.exe
  2⤵
  PID:3124
- C:\Windows\System\YXpMbsX.exe
  C:\Windows\System\YXpMbsX.exe
  2⤵
  PID:3096
- C:\Windows\System\NnDzgDy.exe
  C:\Windows\System\NnDzgDy.exe
  2⤵
  PID:3188
- C:\Windows\System\gmoyClN.exe
  C:\Windows\System\gmoyClN.exe
  2⤵
  PID:3232
- C:\Windows\System\JUdJYLS.exe
  C:\Windows\System\JUdJYLS.exe
  2⤵
  PID:3440
- C:\Windows\System\qdwUhwI.exe
  C:\Windows\System\qdwUhwI.exe
  2⤵
  PID:3384
- C:\Windows\System\lVNrMWy.exe
  C:\Windows\System\lVNrMWy.exe
  2⤵
  PID:3380
- C:\Windows\System\VZFQrDF.exe
  C:\Windows\System\VZFQrDF.exe
  2⤵
  PID:3424
- C:\Windows\System\JHnalOp.exe
  C:\Windows\System\JHnalOp.exe
  2⤵
  PID:3508
- C:\Windows\System\xweTTNg.exe
  C:\Windows\System\xweTTNg.exe
  2⤵
  PID:3680
- C:\Windows\System\rTQUFEL.exe
  C:\Windows\System\rTQUFEL.exe
  2⤵
  PID:3688
- C:\Windows\System\GSyWSDv.exe
  C:\Windows\System\GSyWSDv.exe
  2⤵
  PID:3752
- C:\Windows\System\uGLZeTi.exe
  C:\Windows\System\uGLZeTi.exe
  2⤵
  PID:3844
- C:\Windows\System\pdsdOTH.exe
  C:\Windows\System\pdsdOTH.exe
  2⤵
  PID:3868
- C:\Windows\System\hGlZEcp.exe
  C:\Windows\System\hGlZEcp.exe
  2⤵
  PID:4048
- C:\Windows\System\XVoFMCA.exe
  C:\Windows\System\XVoFMCA.exe
  2⤵
  PID:1620
- C:\Windows\System\WnEBaOx.exe
  C:\Windows\System\WnEBaOx.exe
  2⤵
  PID:3920
- C:\Windows\System\kYJPtxV.exe
  C:\Windows\System\kYJPtxV.exe
  2⤵
  PID:3244
- C:\Windows\System\rMTtGRt.exe
  C:\Windows\System\rMTtGRt.exe
  2⤵
  PID:3120
- C:\Windows\System\ObxhqAB.exe
  C:\Windows\System\ObxhqAB.exe
  2⤵
  PID:3368
- C:\Windows\System\fvgXaXH.exe
  C:\Windows\System\fvgXaXH.exe
  2⤵
  PID:3988
- C:\Windows\System\xqyqmeE.exe
  C:\Windows\System\xqyqmeE.exe
  2⤵
  PID:3076
- C:\Windows\System\QhXwaei.exe
  C:\Windows\System\QhXwaei.exe
  2⤵
  PID:844
- C:\Windows\System\ySYLFrt.exe
  C:\Windows\System\ySYLFrt.exe
  2⤵
  PID:864
- C:\Windows\System\tUMzsdz.exe
  C:\Windows\System\tUMzsdz.exe
  2⤵
  PID:3352
- C:\Windows\System\zmgXcvt.exe
  C:\Windows\System\zmgXcvt.exe
  2⤵
  PID:3504
- C:\Windows\System\SOgWCIb.exe
  C:\Windows\System\SOgWCIb.exe
  2⤵
  PID:3764
- C:\Windows\System\CgRkzwG.exe
  C:\Windows\System\CgRkzwG.exe
  2⤵
  PID:3500
- C:\Windows\System\DjarlMU.exe
  C:\Windows\System\DjarlMU.exe
  2⤵
  PID:4028
- C:\Windows\System\APsJHxz.exe
  C:\Windows\System\APsJHxz.exe
  2⤵
  PID:3196
- C:\Windows\System\AusdUwl.exe
  C:\Windows\System\AusdUwl.exe
  2⤵
  PID:3316
- C:\Windows\System\MUKnhZN.exe
  C:\Windows\System\MUKnhZN.exe
  2⤵
  PID:3784
- C:\Windows\System\PogUQzy.exe
  C:\Windows\System\PogUQzy.exe
  2⤵
  PID:3808
- C:\Windows\System\HJVkenT.exe
  C:\Windows\System\HJVkenT.exe
  2⤵
  PID:3888
- C:\Windows\System\rReETFC.exe
  C:\Windows\System\rReETFC.exe
  2⤵
  PID:2240
- C:\Windows\System\zuybsep.exe
  C:\Windows\System\zuybsep.exe
  2⤵
  PID:4104
- C:\Windows\System\pOgxOsV.exe
  C:\Windows\System\pOgxOsV.exe
  2⤵
  PID:4120
- C:\Windows\System\PDkcUAv.exe
  C:\Windows\System\PDkcUAv.exe
  2⤵
  PID:4136
- C:\Windows\System\MypIGdT.exe
  C:\Windows\System\MypIGdT.exe
  2⤵
  PID:4152
- C:\Windows\System\zLVwnhM.exe
  C:\Windows\System\zLVwnhM.exe
  2⤵
  PID:4168
- C:\Windows\System\GuHyKYG.exe
  C:\Windows\System\GuHyKYG.exe
  2⤵
  PID:4200
- C:\Windows\System\yqXvPoh.exe
  C:\Windows\System\yqXvPoh.exe
  2⤵
  PID:4220
- C:\Windows\System\xZPlxkt.exe
  C:\Windows\System\xZPlxkt.exe
  2⤵
  PID:4236
- C:\Windows\System\PCMbjqw.exe
  C:\Windows\System\PCMbjqw.exe
  2⤵
  PID:4260
- C:\Windows\System\TaGdAFR.exe
  C:\Windows\System\TaGdAFR.exe
  2⤵
  PID:4284
- C:\Windows\System\RbUTshM.exe
  C:\Windows\System\RbUTshM.exe
  2⤵
  PID:4324
- C:\Windows\System\nsPyoBI.exe
  C:\Windows\System\nsPyoBI.exe
  2⤵
  PID:4372
- C:\Windows\System\myHFRUZ.exe
  C:\Windows\System\myHFRUZ.exe
  2⤵
  PID:4392
- C:\Windows\System\AiOmZcp.exe
  C:\Windows\System\AiOmZcp.exe
  2⤵
  PID:4408
- C:\Windows\System\jediZQt.exe
  C:\Windows\System\jediZQt.exe
  2⤵
  PID:4428
- C:\Windows\System\JBfWCZN.exe
  C:\Windows\System\JBfWCZN.exe
  2⤵
  PID:4456
- C:\Windows\System\kneANqq.exe
  C:\Windows\System\kneANqq.exe
  2⤵
  PID:4476
- C:\Windows\System\fBnxmWC.exe
  C:\Windows\System\fBnxmWC.exe
  2⤵
  PID:4496
- C:\Windows\System\AOOaAZG.exe
  C:\Windows\System\AOOaAZG.exe
  2⤵
  PID:4512
- C:\Windows\System\CJCsBwR.exe
  C:\Windows\System\CJCsBwR.exe
  2⤵
  PID:4532
- C:\Windows\System\bDcdlku.exe
  C:\Windows\System\bDcdlku.exe
  2⤵
  PID:4556
- C:\Windows\System\YiIIEiC.exe
  C:\Windows\System\YiIIEiC.exe
  2⤵
  PID:4576
- C:\Windows\System\lPOEydP.exe
  C:\Windows\System\lPOEydP.exe
  2⤵
  PID:4596
- C:\Windows\System\UNVCMFp.exe
  C:\Windows\System\UNVCMFp.exe
  2⤵
  PID:4620
- C:\Windows\System\jqAllir.exe
  C:\Windows\System\jqAllir.exe
  2⤵
  PID:4636
- C:\Windows\System\sXtegKi.exe
  C:\Windows\System\sXtegKi.exe
  2⤵
  PID:4656
- C:\Windows\System\YbbwbqD.exe
  C:\Windows\System\YbbwbqD.exe
  2⤵
  PID:4676
- C:\Windows\System\voHJGFp.exe
  C:\Windows\System\voHJGFp.exe
  2⤵
  PID:4696
- C:\Windows\System\DTiRHOS.exe
  C:\Windows\System\DTiRHOS.exe
  2⤵
  PID:4712
- C:\Windows\System\JeaIgba.exe
  C:\Windows\System\JeaIgba.exe
  2⤵
  PID:4728
- C:\Windows\System\bTevBPm.exe
  C:\Windows\System\bTevBPm.exe
  2⤵
  PID:4744
- C:\Windows\System\AcZSNZs.exe
  C:\Windows\System\AcZSNZs.exe
  2⤵
  PID:4768
- C:\Windows\System\wSYPzEC.exe
  C:\Windows\System\wSYPzEC.exe
  2⤵
  PID:4784
- C:\Windows\System\JJDgvUm.exe
  C:\Windows\System\JJDgvUm.exe
  2⤵
  PID:4816
- C:\Windows\System\lPxqKLm.exe
  C:\Windows\System\lPxqKLm.exe
  2⤵
  PID:4836
- C:\Windows\System\OhLKWrx.exe
  C:\Windows\System\OhLKWrx.exe
  2⤵
  PID:4852
- C:\Windows\System\NCHYPZK.exe
  C:\Windows\System\NCHYPZK.exe
  2⤵
  PID:4872
- C:\Windows\System\eFWehbM.exe
  C:\Windows\System\eFWehbM.exe
  2⤵
  PID:4896
- C:\Windows\System\lmzrsfv.exe
  C:\Windows\System\lmzrsfv.exe
  2⤵
  PID:4912
- C:\Windows\System\fOzIdbS.exe
  C:\Windows\System\fOzIdbS.exe
  2⤵
  PID:4928
- C:\Windows\System\WOzmFeI.exe
  C:\Windows\System\WOzmFeI.exe
  2⤵
  PID:4952
- C:\Windows\System\nSsHbSR.exe
  C:\Windows\System\nSsHbSR.exe
  2⤵
  PID:4972
- C:\Windows\System\uvrPDzi.exe
  C:\Windows\System\uvrPDzi.exe
  2⤵
  PID:4988
- C:\Windows\System\hbVPHmd.exe
  C:\Windows\System\hbVPHmd.exe
  2⤵
  PID:5012
- C:\Windows\System\STmoAip.exe
  C:\Windows\System\STmoAip.exe
  2⤵
  PID:5028
- C:\Windows\System\UZRlYhg.exe
  C:\Windows\System\UZRlYhg.exe
  2⤵
  PID:5044
- C:\Windows\System\YyIXwOi.exe
  C:\Windows\System\YyIXwOi.exe
  2⤵
  PID:5060
- C:\Windows\System\QUayKRG.exe
  C:\Windows\System\QUayKRG.exe
  2⤵
  PID:5076
- C:\Windows\System\TGrJzfm.exe
  C:\Windows\System\TGrJzfm.exe
  2⤵
  PID:5100
- C:\Windows\System\iMVYijy.exe
  C:\Windows\System\iMVYijy.exe
  2⤵
  PID:5116
- C:\Windows\System\qfRKzRq.exe
  C:\Windows\System\qfRKzRq.exe
  2⤵
  PID:3652
- C:\Windows\System\EiGzSMY.exe
  C:\Windows\System\EiGzSMY.exe
  2⤵
  PID:3216
- C:\Windows\System\mKHmLpl.exe
  C:\Windows\System\mKHmLpl.exe
  2⤵
  PID:1240
- C:\Windows\System\odRWAKF.exe
  C:\Windows\System\odRWAKF.exe
  2⤵
  PID:3968
- C:\Windows\System\ucYZrsq.exe
  C:\Windows\System\ucYZrsq.exe
  2⤵
  PID:1592
- C:\Windows\System\lYoxKvS.exe
  C:\Windows\System\lYoxKvS.exe
  2⤵
  PID:1736
- C:\Windows\System\WePvBlW.exe
  C:\Windows\System\WePvBlW.exe
  2⤵
  PID:4176
- C:\Windows\System\ydBGrVH.exe
  C:\Windows\System\ydBGrVH.exe
  2⤵
  PID:4192
- C:\Windows\System\INtuZCc.exe
  C:\Windows\System\INtuZCc.exe
  2⤵
  PID:4268
- C:\Windows\System\BwJOukh.exe
  C:\Windows\System\BwJOukh.exe
  2⤵
  PID:3668
- C:\Windows\System\xoEsqRs.exe
  C:\Windows\System\xoEsqRs.exe
  2⤵
  PID:4160
- C:\Windows\System\KVZWiVo.exe
  C:\Windows\System\KVZWiVo.exe
  2⤵
  PID:4212
- C:\Windows\System\vypjQlC.exe
  C:\Windows\System\vypjQlC.exe
  2⤵
  PID:3524
- C:\Windows\System\OZcdxLt.exe
  C:\Windows\System\OZcdxLt.exe
  2⤵
  PID:4348
- C:\Windows\System\LTgPXah.exe
  C:\Windows\System\LTgPXah.exe
  2⤵
  PID:4364
- C:\Windows\System\JsLumdL.exe
  C:\Windows\System\JsLumdL.exe
  2⤵
  PID:4440
- C:\Windows\System\LtGpPmM.exe
  C:\Windows\System\LtGpPmM.exe
  2⤵
  PID:4388
- C:\Windows\System\ektvbZh.exe
  C:\Windows\System\ektvbZh.exe
  2⤵
  PID:4484
- C:\Windows\System\xqagSWF.exe
  C:\Windows\System\xqagSWF.exe
  2⤵
  PID:4524
- C:\Windows\System\FoMhEEb.exe
  C:\Windows\System\FoMhEEb.exe
  2⤵
  PID:4472
- C:\Windows\System\igpRKju.exe
  C:\Windows\System\igpRKju.exe
  2⤵
  PID:4540
- C:\Windows\System\vJQdXxK.exe
  C:\Windows\System\vJQdXxK.exe
  2⤵
  PID:4544
- C:\Windows\System\aJklqRZ.exe
  C:\Windows\System\aJklqRZ.exe
  2⤵
  PID:4644
- C:\Windows\System\aUezYTf.exe
  C:\Windows\System\aUezYTf.exe
  2⤵
  PID:4688
- C:\Windows\System\OTrVxpF.exe
  C:\Windows\System\OTrVxpF.exe
  2⤵
  PID:4752
- C:\Windows\System\HVzykId.exe
  C:\Windows\System\HVzykId.exe
  2⤵
  PID:4592
- C:\Windows\System\tkWSOYY.exe
  C:\Windows\System\tkWSOYY.exe
  2⤵
  PID:4800
- C:\Windows\System\ajKcwPU.exe
  C:\Windows\System\ajKcwPU.exe
  2⤵
  PID:4808
- C:\Windows\System\NdSrgYN.exe
  C:\Windows\System\NdSrgYN.exe
  2⤵
  PID:4884
- C:\Windows\System\QkeMGSP.exe
  C:\Windows\System\QkeMGSP.exe
  2⤵
  PID:4968
- C:\Windows\System\WgxHkCe.exe
  C:\Windows\System\WgxHkCe.exe
  2⤵
  PID:5004
- C:\Windows\System\KphhbDy.exe
  C:\Windows\System\KphhbDy.exe
  2⤵
  PID:5068
- C:\Windows\System\KIWdfuD.exe
  C:\Windows\System\KIWdfuD.exe
  2⤵
  PID:3208
- C:\Windows\System\cvbGLpS.exe
  C:\Windows\System\cvbGLpS.exe
  2⤵
  PID:4708
- C:\Windows\System\RFhljCq.exe
  C:\Windows\System\RFhljCq.exe
  2⤵
  PID:4704
- C:\Windows\System\YzfRChH.exe
  C:\Windows\System\YzfRChH.exe
  2⤵
  PID:4780
- C:\Windows\System\QUfIaDJ.exe
  C:\Windows\System\QUfIaDJ.exe
  2⤵
  PID:4868
- C:\Windows\System\YgjsJCj.exe
  C:\Windows\System\YgjsJCj.exe
  2⤵
  PID:4936
- C:\Windows\System\SfFtGnf.exe
  C:\Windows\System\SfFtGnf.exe
  2⤵
  PID:2496
- C:\Windows\System\lbTuBiF.exe
  C:\Windows\System\lbTuBiF.exe
  2⤵
  PID:4272
- C:\Windows\System\LIkWFfY.exe
  C:\Windows\System\LIkWFfY.exe
  2⤵
  PID:2756
- C:\Windows\System\QeZtBGO.exe
  C:\Windows\System\QeZtBGO.exe
  2⤵
  PID:5096
- C:\Windows\System\VQAgain.exe
  C:\Windows\System\VQAgain.exe
  2⤵
  PID:2072
- C:\Windows\System\PyvAJxs.exe
  C:\Windows\System\PyvAJxs.exe
  2⤵
  PID:4248
- C:\Windows\System\dTQfyQK.exe
  C:\Windows\System\dTQfyQK.exe
  2⤵
  PID:4228
- C:\Windows\System\GEaMauU.exe
  C:\Windows\System\GEaMauU.exe
  2⤵
  PID:3892
- C:\Windows\System\VocLEed.exe
  C:\Windows\System\VocLEed.exe
  2⤵
  PID:3276
- C:\Windows\System\RXXjUjy.exe
  C:\Windows\System\RXXjUjy.exe
  2⤵
  PID:5092
- C:\Windows\System\uKstvLN.exe
  C:\Windows\System\uKstvLN.exe
  2⤵
  PID:4100
- C:\Windows\System\qhLupKn.exe
  C:\Windows\System\qhLupKn.exe
  2⤵
  PID:4244
- C:\Windows\System\CKyNJpz.exe
  C:\Windows\System\CKyNJpz.exe
  2⤵
  PID:4400
- C:\Windows\System\OUZkdRz.exe
  C:\Windows\System\OUZkdRz.exe
  2⤵
  PID:4764
- C:\Windows\System\lUZfAai.exe
  C:\Windows\System\lUZfAai.exe
  2⤵
  PID:5024
- C:\Windows\System\fWJDoeO.exe
  C:\Windows\System\fWJDoeO.exe
  2⤵
  PID:3496
- C:\Windows\System\nQnCLEa.exe
  C:\Windows\System\nQnCLEa.exe
  2⤵
  PID:2616
- C:\Windows\System\chHCGHT.exe
  C:\Windows\System\chHCGHT.exe
  2⤵
  PID:4292
- C:\Windows\System\qblKkLf.exe
  C:\Windows\System\qblKkLf.exe
  2⤵
  PID:4356
- C:\Windows\System\hMyFvKc.exe
  C:\Windows\System\hMyFvKc.exe
  2⤵
  PID:4436
- C:\Windows\System\ZlOnqHC.exe
  C:\Windows\System\ZlOnqHC.exe
  2⤵
  PID:4520
- C:\Windows\System\ZhwUrcI.exe
  C:\Windows\System\ZhwUrcI.exe
  2⤵
  PID:4880
- C:\Windows\System\BDAZFpC.exe
  C:\Windows\System\BDAZFpC.exe
  2⤵
  PID:5112
- C:\Windows\System\iuoyraR.exe
  C:\Windows\System\iuoyraR.exe
  2⤵
  PID:2600
- C:\Windows\System\OTZnxFp.exe
  C:\Windows\System\OTZnxFp.exe
  2⤵
  PID:4860
- C:\Windows\System\ZQgWNhb.exe
  C:\Windows\System\ZQgWNhb.exe
  2⤵
  PID:3472
- C:\Windows\System\Blqogsp.exe
  C:\Windows\System\Blqogsp.exe
  2⤵
  PID:4144
- C:\Windows\System\JmVCALp.exe
  C:\Windows\System\JmVCALp.exe
  2⤵
  PID:3884
- C:\Windows\System\zLWWsCl.exe
  C:\Windows\System\zLWWsCl.exe
  2⤵
  PID:4548
- C:\Windows\System\xkVbMgt.exe
  C:\Windows\System\xkVbMgt.exe
  2⤵
  PID:4684
- C:\Windows\System\xNNbUrW.exe
  C:\Windows\System\xNNbUrW.exe
  2⤵
  PID:5000
- C:\Windows\System\lUNiGGC.exe
  C:\Windows\System\lUNiGGC.exe
  2⤵
  PID:4628
- C:\Windows\System\dCLLmaz.exe
  C:\Windows\System\dCLLmaz.exe
  2⤵
  PID:4920
- C:\Windows\System\oqeqOYq.exe
  C:\Windows\System\oqeqOYq.exe
  2⤵
  PID:5040
- C:\Windows\System\iZaCzjH.exe
  C:\Windows\System\iZaCzjH.exe
  2⤵
  PID:4184
- C:\Windows\System\uyTVulU.exe
  C:\Windows\System\uyTVulU.exe
  2⤵
  PID:4252
- C:\Windows\System\HxzJBZa.exe
  C:\Windows\System\HxzJBZa.exe
  2⤵
  PID:888
- C:\Windows\System\PbdvLyD.exe
  C:\Windows\System\PbdvLyD.exe
  2⤵
  PID:4608
- C:\Windows\System\oUJLvop.exe
  C:\Windows\System\oUJLvop.exe
  2⤵
  PID:4948
- C:\Windows\System\rgwEWsJ.exe
  C:\Windows\System\rgwEWsJ.exe
  2⤵
  PID:552
- C:\Windows\System\aZeevaG.exe
  C:\Windows\System\aZeevaG.exe
  2⤵
  PID:2648
- C:\Windows\System\BlDYIVo.exe
  C:\Windows\System\BlDYIVo.exe
  2⤵
  PID:5136
- C:\Windows\System\mtbEbDN.exe
  C:\Windows\System\mtbEbDN.exe
  2⤵
  PID:5152
- C:\Windows\System\VWLUBLf.exe
  C:\Windows\System\VWLUBLf.exe
  2⤵
  PID:5168
- C:\Windows\System\wEEpTBF.exe
  C:\Windows\System\wEEpTBF.exe
  2⤵
  PID:5188
- C:\Windows\System\JsEjObV.exe
  C:\Windows\System\JsEjObV.exe
  2⤵
  PID:5204
- C:\Windows\System\imPnKbe.exe
  C:\Windows\System\imPnKbe.exe
  2⤵
  PID:5224
- C:\Windows\System\vaEeNqh.exe
  C:\Windows\System\vaEeNqh.exe
  2⤵
  PID:5240
- C:\Windows\System\PiLtFPk.exe
  C:\Windows\System\PiLtFPk.exe
  2⤵
  PID:5256
- C:\Windows\System\VBvGSKU.exe
  C:\Windows\System\VBvGSKU.exe
  2⤵
  PID:5280
- C:\Windows\System\EJBSCtK.exe
  C:\Windows\System\EJBSCtK.exe
  2⤵
  PID:5296
- C:\Windows\System\nqRbFFi.exe
  C:\Windows\System\nqRbFFi.exe
  2⤵
  PID:5312
- C:\Windows\System\sSKsMuO.exe
  C:\Windows\System\sSKsMuO.exe
  2⤵
  PID:5328
- C:\Windows\System\ButQSJY.exe
  C:\Windows\System\ButQSJY.exe
  2⤵
  PID:5344
- C:\Windows\System\IAlYkRh.exe
  C:\Windows\System\IAlYkRh.exe
  2⤵
  PID:5360
- C:\Windows\System\GQDtDSr.exe
  C:\Windows\System\GQDtDSr.exe
  2⤵
  PID:5380
- C:\Windows\System\DZYNcWE.exe
  C:\Windows\System\DZYNcWE.exe
  2⤵
  PID:5396
- C:\Windows\System\FZdtjeF.exe
  C:\Windows\System\FZdtjeF.exe
  2⤵
  PID:5412
- C:\Windows\System\ynpHyDZ.exe
  C:\Windows\System\ynpHyDZ.exe
  2⤵
  PID:5428
- C:\Windows\System\vhxGwzL.exe
  C:\Windows\System\vhxGwzL.exe
  2⤵
  PID:5444
- C:\Windows\System\gLPtvdl.exe
  C:\Windows\System\gLPtvdl.exe
  2⤵
  PID:5460
- C:\Windows\System\CTUWgxi.exe
  C:\Windows\System\CTUWgxi.exe
  2⤵
  PID:5476
- C:\Windows\System\vRJNpXm.exe
  C:\Windows\System\vRJNpXm.exe
  2⤵
  PID:5492
- C:\Windows\System\VgNoTKi.exe
  C:\Windows\System\VgNoTKi.exe
  2⤵
  PID:5508
- C:\Windows\System\PKJjsoN.exe
  C:\Windows\System\PKJjsoN.exe
  2⤵
  PID:5524
- C:\Windows\System\ZVmWnEj.exe
  C:\Windows\System\ZVmWnEj.exe
  2⤵
  PID:5540
- C:\Windows\System\NrZTPIz.exe
  C:\Windows\System\NrZTPIz.exe
  2⤵
  PID:5556
- C:\Windows\System\qnoOmUL.exe
  C:\Windows\System\qnoOmUL.exe
  2⤵
  PID:5572
- C:\Windows\System\ToQUOHW.exe
  C:\Windows\System\ToQUOHW.exe
  2⤵
  PID:5588
- C:\Windows\System\brzajaA.exe
  C:\Windows\System\brzajaA.exe
  2⤵
  PID:5604
- C:\Windows\System\byYgNyI.exe
  C:\Windows\System\byYgNyI.exe
  2⤵
  PID:5620
- C:\Windows\System\nBipgfh.exe
  C:\Windows\System\nBipgfh.exe
  2⤵
  PID:5636
- C:\Windows\System\dzeRGbE.exe
  C:\Windows\System\dzeRGbE.exe
  2⤵
  PID:5652
- C:\Windows\System\KgjUTrJ.exe
  C:\Windows\System\KgjUTrJ.exe
  2⤵
  PID:5668
- C:\Windows\System\KmvoBNl.exe
  C:\Windows\System\KmvoBNl.exe
  2⤵
  PID:5684
- C:\Windows\System\flXDLPF.exe
  C:\Windows\System\flXDLPF.exe
  2⤵
  PID:5700
- C:\Windows\System\HuraFrn.exe
  C:\Windows\System\HuraFrn.exe
  2⤵
  PID:5716
- C:\Windows\System\vxqhZuv.exe
  C:\Windows\System\vxqhZuv.exe
  2⤵
  PID:5732
- C:\Windows\System\iOEkqfL.exe
  C:\Windows\System\iOEkqfL.exe
  2⤵
  PID:5748
- C:\Windows\System\sgboowH.exe
  C:\Windows\System\sgboowH.exe
  2⤵
  PID:5764
- C:\Windows\System\fDSgqat.exe
  C:\Windows\System\fDSgqat.exe
  2⤵
  PID:5780
- C:\Windows\System\JvCBbpc.exe
  C:\Windows\System\JvCBbpc.exe
  2⤵
  PID:5796
- C:\Windows\System\QgiJpDh.exe
  C:\Windows\System\QgiJpDh.exe
  2⤵
  PID:5812
- C:\Windows\System\lYAsysf.exe
  C:\Windows\System\lYAsysf.exe
  2⤵
  PID:5828
- C:\Windows\System\kiHwyWd.exe
  C:\Windows\System\kiHwyWd.exe
  2⤵
  PID:5844
- C:\Windows\System\zzHaFep.exe
  C:\Windows\System\zzHaFep.exe
  2⤵
  PID:5860
- C:\Windows\System\FQSusFB.exe
  C:\Windows\System\FQSusFB.exe
  2⤵
  PID:5876
- C:\Windows\System\feNAHyd.exe
  C:\Windows\System\feNAHyd.exe
  2⤵
  PID:5892
- C:\Windows\System\bepgqaR.exe
  C:\Windows\System\bepgqaR.exe
  2⤵
  PID:5908
- C:\Windows\System\IQAoRJQ.exe
  C:\Windows\System\IQAoRJQ.exe
  2⤵
  PID:5924
- C:\Windows\System\JRHROvK.exe
  C:\Windows\System\JRHROvK.exe
  2⤵
  PID:5940
- C:\Windows\System\WJqGQth.exe
  C:\Windows\System\WJqGQth.exe
  2⤵
  PID:5956
- C:\Windows\System\sfranoj.exe
  C:\Windows\System\sfranoj.exe
  2⤵
  PID:5972
- C:\Windows\System\kcsbkcG.exe
  C:\Windows\System\kcsbkcG.exe
  2⤵
  PID:5988
- C:\Windows\System\FyceoAB.exe
  C:\Windows\System\FyceoAB.exe
  2⤵
  PID:6004
- C:\Windows\System\IxEumoL.exe
  C:\Windows\System\IxEumoL.exe
  2⤵
  PID:6020
- C:\Windows\System\drrrsDG.exe
  C:\Windows\System\drrrsDG.exe
  2⤵
  PID:6036
- C:\Windows\System\XiIjwtM.exe
  C:\Windows\System\XiIjwtM.exe
  2⤵
  PID:6052
- C:\Windows\System\vefQxny.exe
  C:\Windows\System\vefQxny.exe
  2⤵
  PID:6068
- C:\Windows\System\nPnoMZK.exe
  C:\Windows\System\nPnoMZK.exe
  2⤵
  PID:6084
- C:\Windows\System\JpnsPYT.exe
  C:\Windows\System\JpnsPYT.exe
  2⤵
  PID:6100
- C:\Windows\System\OLQyYHj.exe
  C:\Windows\System\OLQyYHj.exe
  2⤵
  PID:6116
- C:\Windows\System\kcjchBT.exe
  C:\Windows\System\kcjchBT.exe
  2⤵
  PID:6132
- C:\Windows\System\SAUOARS.exe
  C:\Windows\System\SAUOARS.exe
  2⤵
  PID:2588
- C:\Windows\System\vhyASSg.exe
  C:\Windows\System\vhyASSg.exe
  2⤵
  PID:5052
- C:\Windows\System\CSAKwaU.exe
  C:\Windows\System\CSAKwaU.exe
  2⤵
  PID:812
- C:\Windows\System\GGQBavw.exe
  C:\Windows\System\GGQBavw.exe
  2⤵
  PID:4380
- C:\Windows\System\MrmZurM.exe
  C:\Windows\System\MrmZurM.exe
  2⤵
  PID:4384
- C:\Windows\System\DSLDjVh.exe
  C:\Windows\System\DSLDjVh.exe
  2⤵
  PID:5200
- C:\Windows\System\MqvzJmc.exe
  C:\Windows\System\MqvzJmc.exe
  2⤵
  PID:4832
- C:\Windows\System\LsTeNZB.exe
  C:\Windows\System\LsTeNZB.exe
  2⤵
  PID:4424
- C:\Windows\System\ppTLCaU.exe
  C:\Windows\System\ppTLCaU.exe
  2⤵
  PID:5236
- C:\Windows\System\hUGEUoP.exe
  C:\Windows\System\hUGEUoP.exe
  2⤵
  PID:5108
- C:\Windows\System\gtACiHd.exe
  C:\Windows\System\gtACiHd.exe
  2⤵
  PID:4792
- C:\Windows\System\xBuyToF.exe
  C:\Windows\System\xBuyToF.exe
  2⤵
  PID:4776
- C:\Windows\System\geMUNAW.exe
  C:\Windows\System\geMUNAW.exe
  2⤵
  PID:4132
- C:\Windows\System\YXcOJGX.exe
  C:\Windows\System\YXcOJGX.exe
  2⤵
  PID:4740
- C:\Windows\System\HPDnwnN.exe
  C:\Windows\System\HPDnwnN.exe
  2⤵
  PID:4844
- C:\Windows\System\SbWOutr.exe
  C:\Windows\System\SbWOutr.exe
  2⤵
  PID:5180
- C:\Windows\System\ybchwJn.exe
  C:\Windows\System\ybchwJn.exe
  2⤵
  PID:5220
- C:\Windows\System\JdLhYBq.exe
  C:\Windows\System\JdLhYBq.exe
  2⤵
  PID:5292
- C:\Windows\System\cVxpYuj.exe
  C:\Windows\System\cVxpYuj.exe
  2⤵
  PID:5352
- C:\Windows\System\EsDPmQY.exe
  C:\Windows\System\EsDPmQY.exe
  2⤵
  PID:5308
- C:\Windows\System\xCouMnq.exe
  C:\Windows\System\xCouMnq.exe
  2⤵
  PID:2104
- C:\Windows\System\HlqqFWf.exe
  C:\Windows\System\HlqqFWf.exe
  2⤵
  PID:5392
- C:\Windows\System\WfxRzzR.exe
  C:\Windows\System\WfxRzzR.exe
  2⤵
  PID:5424
- C:\Windows\System\eKoaFgv.exe
  C:\Windows\System\eKoaFgv.exe
  2⤵
  PID:5456
- C:\Windows\System\pDZTtax.exe
  C:\Windows\System\pDZTtax.exe
  2⤵
  PID:5488
- C:\Windows\System\SisYSAU.exe
  C:\Windows\System\SisYSAU.exe
  2⤵
  PID:5520
- C:\Windows\System\SQOXcTg.exe
  C:\Windows\System\SQOXcTg.exe
  2⤵
  PID:5564
- C:\Windows\System\AzwiBAb.exe
  C:\Windows\System\AzwiBAb.exe
  2⤵
  PID:5596
- C:\Windows\System\nFwvWwH.exe
  C:\Windows\System\nFwvWwH.exe
  2⤵
  PID:5628
- C:\Windows\System\eAUloPF.exe
  C:\Windows\System\eAUloPF.exe
  2⤵
  PID:5660
- C:\Windows\System\FyOnsfg.exe
  C:\Windows\System\FyOnsfg.exe
  2⤵
  PID:5692
- C:\Windows\System\KUcpGJx.exe
  C:\Windows\System\KUcpGJx.exe
  2⤵
  PID:5740
- C:\Windows\System\VgSMJgy.exe
  C:\Windows\System\VgSMJgy.exe
  2⤵
  PID:5728
- C:\Windows\System\fswGERN.exe
  C:\Windows\System\fswGERN.exe
  2⤵
  PID:5788
- C:\Windows\System\WwlgAxr.exe
  C:\Windows\System\WwlgAxr.exe
  2⤵
  PID:5820
- C:\Windows\System\LhJNuIy.exe
  C:\Windows\System\LhJNuIy.exe
  2⤵
  PID:2284
- C:\Windows\System\Ixkcapd.exe
  C:\Windows\System\Ixkcapd.exe
  2⤵
  PID:5852
- C:\Windows\System\AygEQKy.exe
  C:\Windows\System\AygEQKy.exe
  2⤵
  PID:5904
- C:\Windows\System\zLjRhHt.exe
  C:\Windows\System\zLjRhHt.exe
  2⤵
  PID:5936
- C:\Windows\System\uwkKmOT.exe
  C:\Windows\System\uwkKmOT.exe
  2⤵
  PID:5952
- C:\Windows\System\rIvcwel.exe
  C:\Windows\System\rIvcwel.exe
  2⤵
  PID:5984
- C:\Windows\System\NUYARva.exe
  C:\Windows\System\NUYARva.exe
  2⤵
  PID:6016
- C:\Windows\System\OKiZDlU.exe
  C:\Windows\System\OKiZDlU.exe
  2⤵
  PID:6060
- C:\Windows\System\MqbKCKt.exe
  C:\Windows\System\MqbKCKt.exe
  2⤵
  PID:6092
- C:\Windows\System\qUvYaEk.exe
  C:\Windows\System\qUvYaEk.exe
  2⤵
  PID:6124
- C:\Windows\System\rLRobDY.exe
  C:\Windows\System\rLRobDY.exe
  2⤵
  PID:6140
- C:\Windows\System\IiFGEMn.exe
  C:\Windows\System\IiFGEMn.exe
  2⤵
  PID:5124
- C:\Windows\System\SFNtarH.exe
  C:\Windows\System\SFNtarH.exe
  2⤵
  PID:5160
- C:\Windows\System\ujFlsxe.exe
  C:\Windows\System\ujFlsxe.exe
  2⤵
  PID:5008
- C:\Windows\System\rKJvAbO.exe
  C:\Windows\System\rKJvAbO.exe
  2⤵
  PID:4340
- C:\Windows\System\vIIvgOA.exe
  C:\Windows\System\vIIvgOA.exe
  2⤵
  PID:2888
- C:\Windows\System\srGNDZj.exe
  C:\Windows\System\srGNDZj.exe
  2⤵
  PID:4668
- C:\Windows\System\GcfCfrA.exe
  C:\Windows\System\GcfCfrA.exe
  2⤵
  PID:3772
- C:\Windows\System\NSZAIXV.exe
  C:\Windows\System\NSZAIXV.exe
  2⤵
  PID:5176
- C:\Windows\System\NWbpoJb.exe
  C:\Windows\System\NWbpoJb.exe
  2⤵
  PID:5288
- C:\Windows\System\UmISBas.exe
  C:\Windows\System\UmISBas.exe
  2⤵
  PID:5324
- C:\Windows\System\hwylxdZ.exe
  C:\Windows\System\hwylxdZ.exe
  2⤵
  PID:5368
- C:\Windows\System\bXaZect.exe
  C:\Windows\System\bXaZect.exe
  2⤵
  PID:5420
- C:\Windows\System\mqCsYjZ.exe
  C:\Windows\System\mqCsYjZ.exe
  2⤵
  PID:5516
- C:\Windows\System\BdyBXfy.exe
  C:\Windows\System\BdyBXfy.exe
  2⤵
  PID:5568
- C:\Windows\System\pcrQwpY.exe
  C:\Windows\System\pcrQwpY.exe
  2⤵
  PID:5616
- C:\Windows\System\ctALCkk.exe
  C:\Windows\System\ctALCkk.exe
  2⤵
  PID:5680
- C:\Windows\System\XhTgiMI.exe
  C:\Windows\System\XhTgiMI.exe
  2⤵
  PID:5776
- C:\Windows\System\ddGiFjX.exe
  C:\Windows\System\ddGiFjX.exe
  2⤵
  PID:5824
- C:\Windows\System\nFjrthN.exe
  C:\Windows\System\nFjrthN.exe
  2⤵
  PID:5900
- C:\Windows\System\WrBwipr.exe
  C:\Windows\System\WrBwipr.exe
  2⤵
  PID:5920
- C:\Windows\System\mXKBWkY.exe
  C:\Windows\System\mXKBWkY.exe
  2⤵
  PID:2840
- C:\Windows\System\ZxLeJfs.exe
  C:\Windows\System\ZxLeJfs.exe
  2⤵
  PID:6044
- C:\Windows\System\mVuGJYE.exe
  C:\Windows\System\mVuGJYE.exe
  2⤵
  PID:6108
- C:\Windows\System\SzTusjX.exe
  C:\Windows\System\SzTusjX.exe
  2⤵
  PID:2632
- C:\Windows\System\hdhiTIs.exe
  C:\Windows\System\hdhiTIs.exe
  2⤵
  PID:1312
- C:\Windows\System\jpgmmBz.exe
  C:\Windows\System\jpgmmBz.exe
  2⤵
  PID:4672
- C:\Windows\System\phdmoRh.exe
  C:\Windows\System\phdmoRh.exe
  2⤵
  PID:4908
- C:\Windows\System\WfPmfeA.exe
  C:\Windows\System\WfPmfeA.exe
  2⤵
  PID:5264
- C:\Windows\System\HlAXkmY.exe
  C:\Windows\System\HlAXkmY.exe
  2⤵
  PID:5276
- C:\Windows\System\UDaxobt.exe
  C:\Windows\System\UDaxobt.exe
  2⤵
  PID:1112
- C:\Windows\System\QazazgV.exe
  C:\Windows\System\QazazgV.exe
  2⤵
  PID:5472
- C:\Windows\System\nPSaAwE.exe
  C:\Windows\System\nPSaAwE.exe
  2⤵
  PID:5632
- C:\Windows\System\fBMRnNs.exe
  C:\Windows\System\fBMRnNs.exe
  2⤵
  PID:5792
- C:\Windows\System\VtHpzyF.exe
  C:\Windows\System\VtHpzyF.exe
  2⤵
  PID:5884
- C:\Windows\System\YnoDsdB.exe
  C:\Windows\System\YnoDsdB.exe
  2⤵
  PID:6032
- C:\Windows\System\pykYsQS.exe
  C:\Windows\System\pykYsQS.exe
  2⤵
  PID:6128
- C:\Windows\System\gYiaMMt.exe
  C:\Windows\System\gYiaMMt.exe
  2⤵
  PID:6156
- C:\Windows\System\smQeFQg.exe
  C:\Windows\System\smQeFQg.exe
  2⤵
  PID:6172
- C:\Windows\System\IDkLRpp.exe
  C:\Windows\System\IDkLRpp.exe
  2⤵
  PID:6188
- C:\Windows\System\SyurlER.exe
  C:\Windows\System\SyurlER.exe
  2⤵
  PID:6204
- C:\Windows\System\JShLdSp.exe
  C:\Windows\System\JShLdSp.exe
  2⤵
  PID:6220
- C:\Windows\System\OawsoXT.exe
  C:\Windows\System\OawsoXT.exe
  2⤵
  PID:6236
- C:\Windows\System\ryVFPem.exe
  C:\Windows\System\ryVFPem.exe
  2⤵
  PID:6252
- C:\Windows\System\QEnngxE.exe
  C:\Windows\System\QEnngxE.exe
  2⤵
  PID:6268
- C:\Windows\System\sewtvwF.exe
  C:\Windows\System\sewtvwF.exe
  2⤵
  PID:6284
- C:\Windows\System\KZzIrcI.exe
  C:\Windows\System\KZzIrcI.exe
  2⤵
  PID:6300
- C:\Windows\System\dRxBDxZ.exe
  C:\Windows\System\dRxBDxZ.exe
  2⤵
  PID:6316
- C:\Windows\System\UQOihTj.exe
  C:\Windows\System\UQOihTj.exe
  2⤵
  PID:6332
- C:\Windows\System\liYOWPe.exe
  C:\Windows\System\liYOWPe.exe
  2⤵
  PID:6348
- C:\Windows\System\RjuDJzq.exe
  C:\Windows\System\RjuDJzq.exe
  2⤵
  PID:6364
- C:\Windows\System\BckeLMd.exe
  C:\Windows\System\BckeLMd.exe
  2⤵
  PID:6380
- C:\Windows\System\HCxCixr.exe
  C:\Windows\System\HCxCixr.exe
  2⤵
  PID:6396
- C:\Windows\System\epLSnUE.exe
  C:\Windows\System\epLSnUE.exe
  2⤵
  PID:6412
- C:\Windows\System\jYmcQud.exe
  C:\Windows\System\jYmcQud.exe
  2⤵
  PID:6428
- C:\Windows\System\gIrSQJo.exe
  C:\Windows\System\gIrSQJo.exe
  2⤵
  PID:6444
- C:\Windows\System\ptTLIOs.exe
  C:\Windows\System\ptTLIOs.exe
  2⤵
  PID:6460
- C:\Windows\System\JnizCDU.exe
  C:\Windows\System\JnizCDU.exe
  2⤵
  PID:6476
- C:\Windows\System\qZKkoub.exe
  C:\Windows\System\qZKkoub.exe
  2⤵
  PID:6492
- C:\Windows\System\ktDusDw.exe
  C:\Windows\System\ktDusDw.exe
  2⤵
  PID:6512
- C:\Windows\System\heFvQEv.exe
  C:\Windows\System\heFvQEv.exe
  2⤵
  PID:6528
- C:\Windows\System\fQkucmL.exe
  C:\Windows\System\fQkucmL.exe
  2⤵
  PID:6544
- C:\Windows\System\KXOCfUp.exe
  C:\Windows\System\KXOCfUp.exe
  2⤵
  PID:6560
- C:\Windows\System\voMUVsp.exe
  C:\Windows\System\voMUVsp.exe
  2⤵
  PID:6576
- C:\Windows\System\KIcSgRS.exe
  C:\Windows\System\KIcSgRS.exe
  2⤵
  PID:6592
- C:\Windows\System\HTtFyJy.exe
  C:\Windows\System\HTtFyJy.exe
  2⤵
  PID:6608
- C:\Windows\System\rVccZTk.exe
  C:\Windows\System\rVccZTk.exe
  2⤵
  PID:6624
- C:\Windows\System\jmAwdQw.exe
  C:\Windows\System\jmAwdQw.exe
  2⤵
  PID:6640
- C:\Windows\System\QMHuWsV.exe
  C:\Windows\System\QMHuWsV.exe
  2⤵
  PID:6656
- C:\Windows\System\jXmnBlC.exe
  C:\Windows\System\jXmnBlC.exe
  2⤵
  PID:6672
- C:\Windows\System\KGBLFzy.exe
  C:\Windows\System\KGBLFzy.exe
  2⤵
  PID:6688
- C:\Windows\System\nrKjPQq.exe
  C:\Windows\System\nrKjPQq.exe
  2⤵
  PID:6704
- C:\Windows\System\yFMFfYC.exe
  C:\Windows\System\yFMFfYC.exe
  2⤵
  PID:6720
- C:\Windows\System\xtYShBq.exe
  C:\Windows\System\xtYShBq.exe
  2⤵
  PID:6736
- C:\Windows\System\YOQmNFJ.exe
  C:\Windows\System\YOQmNFJ.exe
  2⤵
  PID:6752
- C:\Windows\System\kxEyyLF.exe
  C:\Windows\System\kxEyyLF.exe
  2⤵
  PID:6768
- C:\Windows\System\UcUKdLK.exe
  C:\Windows\System\UcUKdLK.exe
  2⤵
  PID:6784
- C:\Windows\System\GeGuNfp.exe
  C:\Windows\System\GeGuNfp.exe
  2⤵
  PID:6800
- C:\Windows\System\aqgoxDg.exe
  C:\Windows\System\aqgoxDg.exe
  2⤵
  PID:6816
- C:\Windows\System\vNdceIQ.exe
  C:\Windows\System\vNdceIQ.exe
  2⤵
  PID:6832
- C:\Windows\System\ioKSwJb.exe
  C:\Windows\System\ioKSwJb.exe
  2⤵
  PID:6848
- C:\Windows\System\bwJgEgK.exe
  C:\Windows\System\bwJgEgK.exe
  2⤵
  PID:6864
- C:\Windows\System\mBOcDor.exe
  C:\Windows\System\mBOcDor.exe
  2⤵
  PID:6880
- C:\Windows\System\rUtCjFk.exe
  C:\Windows\System\rUtCjFk.exe
  2⤵
  PID:6896
- C:\Windows\System\XmkjufE.exe
  C:\Windows\System\XmkjufE.exe
  2⤵
  PID:6912
- C:\Windows\System\iLBNfFy.exe
  C:\Windows\System\iLBNfFy.exe
  2⤵
  PID:6928
- C:\Windows\System\FCSNBHp.exe
  C:\Windows\System\FCSNBHp.exe
  2⤵
  PID:6944
- C:\Windows\System\NhTEVTL.exe
  C:\Windows\System\NhTEVTL.exe
  2⤵
  PID:6960
- C:\Windows\System\lsUsMzl.exe
  C:\Windows\System\lsUsMzl.exe
  2⤵
  PID:6976
- C:\Windows\System\wdCEFax.exe
  C:\Windows\System\wdCEFax.exe
  2⤵
  PID:6992
- C:\Windows\System\YmOTleY.exe
  C:\Windows\System\YmOTleY.exe
  2⤵
  PID:7008
- C:\Windows\System\cnKUKET.exe
  C:\Windows\System\cnKUKET.exe
  2⤵
  PID:7024
- C:\Windows\System\dMkXSWa.exe
  C:\Windows\System\dMkXSWa.exe
  2⤵
  PID:7040
- C:\Windows\System\KxAcJGj.exe
  C:\Windows\System\KxAcJGj.exe
  2⤵
  PID:7056
- C:\Windows\System\FOZiKyC.exe
  C:\Windows\System\FOZiKyC.exe
  2⤵
  PID:7072
- C:\Windows\System\ZqYRHqD.exe
  C:\Windows\System\ZqYRHqD.exe
  2⤵
  PID:7088
- C:\Windows\System\eYitpXz.exe
  C:\Windows\System\eYitpXz.exe
  2⤵
  PID:7104
- C:\Windows\System\FAtpiiI.exe
  C:\Windows\System\FAtpiiI.exe
  2⤵
  PID:7120
- C:\Windows\System\AzJQhAG.exe
  C:\Windows\System\AzJQhAG.exe
  2⤵
  PID:7136
- C:\Windows\System\IAOAFsf.exe
  C:\Windows\System\IAOAFsf.exe
  2⤵
  PID:7152
- C:\Windows\System\ItwlsvH.exe
  C:\Windows\System\ItwlsvH.exe
  2⤵
  PID:4924
- C:\Windows\System\LnBoqgV.exe
  C:\Windows\System\LnBoqgV.exe
  2⤵
  PID:4344
- C:\Windows\System\uqUAlQd.exe
  C:\Windows\System\uqUAlQd.exe
  2⤵
  PID:1004
- C:\Windows\System\PUqAMsr.exe
  C:\Windows\System\PUqAMsr.exe
  2⤵
  PID:2200
- C:\Windows\System\pXwejch.exe
  C:\Windows\System\pXwejch.exe
  2⤵
  PID:5548
- C:\Windows\System\tusvLcj.exe
  C:\Windows\System\tusvLcj.exe
  2⤵
  PID:5772
- C:\Windows\System\lOFDgQW.exe
  C:\Windows\System\lOFDgQW.exe
  2⤵
  PID:6000
- C:\Windows\System\HcAaJBR.exe
  C:\Windows\System\HcAaJBR.exe
  2⤵
  PID:2712
- C:\Windows\System\nMctvsl.exe
  C:\Windows\System\nMctvsl.exe
  2⤵
  PID:6180
- C:\Windows\System\ZQarMPQ.exe
  C:\Windows\System\ZQarMPQ.exe
  2⤵
  PID:6212
- C:\Windows\System\pFVVJvS.exe
  C:\Windows\System\pFVVJvS.exe
  2⤵
  PID:6244
- C:\Windows\System\CyjkeRf.exe
  C:\Windows\System\CyjkeRf.exe
  2⤵
  PID:6276
- C:\Windows\System\afdQgiw.exe
  C:\Windows\System\afdQgiw.exe
  2⤵
  PID:6308
- C:\Windows\System\YIpoIYF.exe
  C:\Windows\System\YIpoIYF.exe
  2⤵
  PID:6340
- C:\Windows\System\MFcBCCl.exe
  C:\Windows\System\MFcBCCl.exe
  2⤵
  PID:6372
- C:\Windows\System\wuCfxIN.exe
  C:\Windows\System\wuCfxIN.exe
  2⤵
  PID:6404
- C:\Windows\System\ZHtwYqa.exe
  C:\Windows\System\ZHtwYqa.exe
  2⤵
  PID:6424
- C:\Windows\System\LtzUZBE.exe
  C:\Windows\System\LtzUZBE.exe
  2⤵
  PID:6456
- C:\Windows\System\QKSDpHI.exe
  C:\Windows\System\QKSDpHI.exe
  2⤵
  PID:6472
- C:\Windows\System\JOaBUHP.exe
  C:\Windows\System\JOaBUHP.exe
  2⤵
  PID:6524
- C:\Windows\System\eIfWjdK.exe
  C:\Windows\System\eIfWjdK.exe
  2⤵
  PID:6556
- C:\Windows\System\ZwlYODQ.exe
  C:\Windows\System\ZwlYODQ.exe
  2⤵
  PID:6588
- C:\Windows\System\bNITMYi.exe
  C:\Windows\System\bNITMYi.exe
  2⤵
  PID:6620
- C:\Windows\System\cMafAwB.exe
  C:\Windows\System\cMafAwB.exe
  2⤵
  PID:6652
- C:\Windows\System\rKdVshN.exe
  C:\Windows\System\rKdVshN.exe
  2⤵
  PID:6684
- C:\Windows\System\otvTHJl.exe
  C:\Windows\System\otvTHJl.exe
  2⤵
  PID:6700
- C:\Windows\System\ulZYsza.exe
  C:\Windows\System\ulZYsza.exe
  2⤵
  PID:6744
- C:\Windows\System\znFdOnZ.exe
  C:\Windows\System\znFdOnZ.exe
  2⤵
  PID:6776
- C:\Windows\System\eIMsexD.exe
  C:\Windows\System\eIMsexD.exe
  2⤵
  PID:6792
- C:\Windows\System\AlBHNSS.exe
  C:\Windows\System\AlBHNSS.exe
  2⤵
  PID:6840
- C:\Windows\System\klRPzFF.exe
  C:\Windows\System\klRPzFF.exe
  2⤵
  PID:2656
- C:\Windows\System\aaePWHX.exe
  C:\Windows\System\aaePWHX.exe
  2⤵
  PID:6904
- C:\Windows\System\YklSwAM.exe
  C:\Windows\System\YklSwAM.exe
  2⤵
  PID:6936
- C:\Windows\System\auCfgFk.exe
  C:\Windows\System\auCfgFk.exe
  2⤵
  PID:2644
- C:\Windows\System\dbLUmZW.exe
  C:\Windows\System\dbLUmZW.exe
  2⤵
  PID:6984
- C:\Windows\System\cWClZic.exe
  C:\Windows\System\cWClZic.exe
  2⤵
  PID:7032
- C:\Windows\System\rkcMEjW.exe
  C:\Windows\System\rkcMEjW.exe
  2⤵
  PID:7048
- C:\Windows\System\qixiZlj.exe
  C:\Windows\System\qixiZlj.exe
  2⤵
  PID:7068
- C:\Windows\System\DtmDifq.exe
  C:\Windows\System\DtmDifq.exe
  2⤵
  PID:7100
- C:\Windows\System\lnkdOMV.exe
  C:\Windows\System\lnkdOMV.exe
  2⤵
  PID:7132
- C:\Windows\System\GOxdfXn.exe
  C:\Windows\System\GOxdfXn.exe
  2⤵
  PID:7160
- C:\Windows\System\JebclIE.exe
  C:\Windows\System\JebclIE.exe
  2⤵
  PID:4444
- C:\Windows\System\QMGiwKr.exe
  C:\Windows\System\QMGiwKr.exe
  2⤵
  PID:5212
- C:\Windows\System\QRUFrEg.exe
  C:\Windows\System\QRUFrEg.exe
  2⤵
  PID:6504
- C:\Windows\System\JDCLAVC.exe
  C:\Windows\System\JDCLAVC.exe
  2⤵
  PID:6064
- C:\Windows\System\YJJwqUm.exe
  C:\Windows\System\YJJwqUm.exe
  2⤵
  PID:6168
- C:\Windows\System\vpsHINn.exe
  C:\Windows\System\vpsHINn.exe
  2⤵
  PID:6200
- C:\Windows\System\cliIVVA.exe
  C:\Windows\System\cliIVVA.exe
  2⤵
  PID:6248
- C:\Windows\System\uXiQaOi.exe
  C:\Windows\System\uXiQaOi.exe
  2⤵
  PID:6264
- C:\Windows\System\vqZdZPI.exe
  C:\Windows\System\vqZdZPI.exe
  2⤵
  PID:6328
- C:\Windows\System\oQPWhfL.exe
  C:\Windows\System\oQPWhfL.exe
  2⤵
  PID:6392
- C:\Windows\System\UuFHwLF.exe
  C:\Windows\System\UuFHwLF.exe
  2⤵
  PID:6440
- C:\Windows\System\wBaQCwy.exe
  C:\Windows\System\wBaQCwy.exe
  2⤵
  PID:6508
- C:\Windows\System\tcnUAIH.exe
  C:\Windows\System\tcnUAIH.exe
  2⤵
  PID:2960
- C:\Windows\System\oWJYPVw.exe
  C:\Windows\System\oWJYPVw.exe
  2⤵
  PID:6636
- C:\Windows\System\AXOABLK.exe
  C:\Windows\System\AXOABLK.exe
  2⤵
  PID:6680
- C:\Windows\System\bLIeRrx.exe
  C:\Windows\System\bLIeRrx.exe
  2⤵
  PID:2324
- C:\Windows\System\hMNVDgx.exe
  C:\Windows\System\hMNVDgx.exe
  2⤵
  PID:6760
- C:\Windows\System\RffVzsU.exe
  C:\Windows\System\RffVzsU.exe
  2⤵
  PID:6824
- C:\Windows\System\ipDYRJt.exe
  C:\Windows\System\ipDYRJt.exe
  2⤵
  PID:1984
- C:\Windows\System\qoGylXu.exe
  C:\Windows\System\qoGylXu.exe
  2⤵
  PID:6920
- C:\Windows\System\FCEMVzE.exe
  C:\Windows\System\FCEMVzE.exe
  2⤵
  PID:6972
- C:\Windows\System\blxsSkZ.exe
  C:\Windows\System\blxsSkZ.exe
  2⤵
  PID:7036
- C:\Windows\System\mXYsmWL.exe
  C:\Windows\System\mXYsmWL.exe
  2⤵
  PID:1040
- C:\Windows\System\BxnNgNp.exe
  C:\Windows\System\BxnNgNp.exe
  2⤵
  PID:7144
- C:\Windows\System\HqVfSlt.exe
  C:\Windows\System\HqVfSlt.exe
  2⤵
  PID:2092
- C:\Windows\System\CIMsRvo.exe
  C:\Windows\System\CIMsRvo.exe
  2⤵
  PID:5484
- C:\Windows\System\eRUeqZI.exe
  C:\Windows\System\eRUeqZI.exe
  2⤵
  PID:2856
- C:\Windows\System\JMaIDGJ.exe
  C:\Windows\System\JMaIDGJ.exe
  2⤵
  PID:5808
- C:\Windows\System\EoiKWlV.exe
  C:\Windows\System\EoiKWlV.exe
  2⤵
  PID:6216
- C:\Windows\System\NZsGzao.exe
  C:\Windows\System\NZsGzao.exe
  2⤵
  PID:6232
- C:\Windows\System\NjDdnII.exe
  C:\Windows\System\NjDdnII.exe
  2⤵
  PID:6312
- C:\Windows\System\NBZepgI.exe
  C:\Windows\System\NBZepgI.exe
  2⤵
  PID:1812
- C:\Windows\System\qZGuDXP.exe
  C:\Windows\System\qZGuDXP.exe
  2⤵
  PID:6484
- C:\Windows\System\LeicgGu.exe
  C:\Windows\System\LeicgGu.exe
  2⤵
  PID:6616
- C:\Windows\System\suLzoxs.exe
  C:\Windows\System\suLzoxs.exe
  2⤵
  PID:6648
- C:\Windows\System\xetnEyl.exe
  C:\Windows\System\xetnEyl.exe
  2⤵
  PID:2084
- C:\Windows\System\schUWvV.exe
  C:\Windows\System\schUWvV.exe
  2⤵
  PID:6876
- C:\Windows\System\rOkUJqY.exe
  C:\Windows\System\rOkUJqY.exe
  2⤵
  PID:6988
- C:\Windows\System\glzOXUq.exe
  C:\Windows\System\glzOXUq.exe
  2⤵
  PID:2424
- C:\Windows\System\JQldiWi.exe
  C:\Windows\System\JQldiWi.exe
  2⤵
  PID:6888
- C:\Windows\System\TQcyAAb.exe
  C:\Windows\System\TQcyAAb.exe
  2⤵
  PID:1800
- C:\Windows\System\MBhojlJ.exe
  C:\Windows\System\MBhojlJ.exe
  2⤵
  PID:6184
- C:\Windows\System\mATUGyB.exe
  C:\Windows\System\mATUGyB.exe
  2⤵
  PID:2428
- C:\Windows\System\XPbqANO.exe
  C:\Windows\System\XPbqANO.exe
  2⤵
  PID:6452
- C:\Windows\System\PwfwLCk.exe
  C:\Windows\System\PwfwLCk.exe
  2⤵
  PID:6520
- C:\Windows\System\MRAWqHH.exe
  C:\Windows\System\MRAWqHH.exe
  2⤵
  PID:6808
- C:\Windows\System\OEcvgly.exe
  C:\Windows\System\OEcvgly.exe
  2⤵
  PID:6956
- C:\Windows\System\bMhZjBl.exe
  C:\Windows\System\bMhZjBl.exe
  2⤵
  PID:2912
- C:\Windows\System\xjbRlin.exe
  C:\Windows\System\xjbRlin.exe
  2⤵
  PID:1624
- C:\Windows\System\YcrtyhF.exe
  C:\Windows\System\YcrtyhF.exe
  2⤵
  PID:7176
- C:\Windows\System\UqcGVfP.exe
  C:\Windows\System\UqcGVfP.exe
  2⤵
  PID:7192
- C:\Windows\System\SrtbeCj.exe
  C:\Windows\System\SrtbeCj.exe
  2⤵
  PID:7208
- C:\Windows\System\nJxTILj.exe
  C:\Windows\System\nJxTILj.exe
  2⤵
  PID:7224
- C:\Windows\System\dgYXjII.exe
  C:\Windows\System\dgYXjII.exe
  2⤵
  PID:7240
- C:\Windows\System\fcoPHxI.exe
  C:\Windows\System\fcoPHxI.exe
  2⤵
  PID:7260
- C:\Windows\System\SNKGKcg.exe
  C:\Windows\System\SNKGKcg.exe
  2⤵
  PID:7276
- C:\Windows\System\uASQRzG.exe
  C:\Windows\System\uASQRzG.exe
  2⤵
  PID:7292
- C:\Windows\System\OegMgqf.exe
  C:\Windows\System\OegMgqf.exe
  2⤵
  PID:7308
- C:\Windows\System\dsfrWeQ.exe
  C:\Windows\System\dsfrWeQ.exe
  2⤵
  PID:7324
- C:\Windows\System\NntnEIh.exe
  C:\Windows\System\NntnEIh.exe
  2⤵
  PID:7340
- C:\Windows\System\eMJQCkI.exe
  C:\Windows\System\eMJQCkI.exe
  2⤵
  PID:7356
- C:\Windows\System\jkRACad.exe
  C:\Windows\System\jkRACad.exe
  2⤵
  PID:7372
- C:\Windows\System\ITgUiAP.exe
  C:\Windows\System\ITgUiAP.exe
  2⤵
  PID:7388
- C:\Windows\System\zCFzFCm.exe
  C:\Windows\System\zCFzFCm.exe
  2⤵
  PID:7404
- C:\Windows\System\NdZzUke.exe
  C:\Windows\System\NdZzUke.exe
  2⤵
  PID:7420
- C:\Windows\System\xsyLiZv.exe
  C:\Windows\System\xsyLiZv.exe
  2⤵
  PID:7436
- C:\Windows\System\WtkTJdm.exe
  C:\Windows\System\WtkTJdm.exe
  2⤵
  PID:7456
- C:\Windows\System\PuecGuo.exe
  C:\Windows\System\PuecGuo.exe
  2⤵
  PID:7472
- C:\Windows\System\kIVuUcX.exe
  C:\Windows\System\kIVuUcX.exe
  2⤵
  PID:7488
- C:\Windows\System\gUGKyph.exe
  C:\Windows\System\gUGKyph.exe
  2⤵
  PID:7504
- C:\Windows\System\ITvYnEO.exe
  C:\Windows\System\ITvYnEO.exe
  2⤵
  PID:7520
- C:\Windows\System\viutavg.exe
  C:\Windows\System\viutavg.exe
  2⤵
  PID:7536
- C:\Windows\System\IebuCit.exe
  C:\Windows\System\IebuCit.exe
  2⤵
  PID:7552
- C:\Windows\System\ZUsPseW.exe
  C:\Windows\System\ZUsPseW.exe
  2⤵
  PID:7568
- C:\Windows\System\DKtnCxG.exe
  C:\Windows\System\DKtnCxG.exe
  2⤵
  PID:7584
- C:\Windows\System\cBSUqLG.exe
  C:\Windows\System\cBSUqLG.exe
  2⤵
  PID:7600
- C:\Windows\System\IkSnrdv.exe
  C:\Windows\System\IkSnrdv.exe
  2⤵
  PID:7616
- C:\Windows\System\NqdyKtM.exe
  C:\Windows\System\NqdyKtM.exe
  2⤵
  PID:7632
- C:\Windows\System\fcGsXCC.exe
  C:\Windows\System\fcGsXCC.exe
  2⤵
  PID:7648
- C:\Windows\System\qATXhbx.exe
  C:\Windows\System\qATXhbx.exe
  2⤵
  PID:7664
- C:\Windows\System\dgnvMzG.exe
  C:\Windows\System\dgnvMzG.exe
  2⤵
  PID:7680
- C:\Windows\System\uhRcFqH.exe
  C:\Windows\System\uhRcFqH.exe
  2⤵
  PID:7696
- C:\Windows\System\TkuUZGB.exe
  C:\Windows\System\TkuUZGB.exe
  2⤵
  PID:7712
- C:\Windows\System\dXkzehj.exe
  C:\Windows\System\dXkzehj.exe
  2⤵
  PID:7728
- C:\Windows\System\zxbtkHG.exe
  C:\Windows\System\zxbtkHG.exe
  2⤵
  PID:7744
- C:\Windows\System\aumxxSw.exe
  C:\Windows\System\aumxxSw.exe
  2⤵
  PID:7760
- C:\Windows\System\iUiODcY.exe
  C:\Windows\System\iUiODcY.exe
  2⤵
  PID:7776
- C:\Windows\System\TTywErM.exe
  C:\Windows\System\TTywErM.exe
  2⤵
  PID:7792
- C:\Windows\System\zoFKkQH.exe
  C:\Windows\System\zoFKkQH.exe
  2⤵
  PID:7808
- C:\Windows\System\hvunUqb.exe
  C:\Windows\System\hvunUqb.exe
  2⤵
  PID:7824
- C:\Windows\System\dMYliQM.exe
  C:\Windows\System\dMYliQM.exe
  2⤵
  PID:7840
- C:\Windows\System\IISwWRQ.exe
  C:\Windows\System\IISwWRQ.exe
  2⤵
  PID:7856
- C:\Windows\System\wDIkVuJ.exe
  C:\Windows\System\wDIkVuJ.exe
  2⤵
  PID:7876
- C:\Windows\System\hozWMqV.exe
  C:\Windows\System\hozWMqV.exe
  2⤵
  PID:7892
- C:\Windows\System\dUYrqeQ.exe
  C:\Windows\System\dUYrqeQ.exe
  2⤵
  PID:7908
- C:\Windows\System\BEkJYLT.exe
  C:\Windows\System\BEkJYLT.exe
  2⤵
  PID:7924
- C:\Windows\System\wqOFYlh.exe
  C:\Windows\System\wqOFYlh.exe
  2⤵
  PID:7940
- C:\Windows\System\PYKSWNC.exe
  C:\Windows\System\PYKSWNC.exe
  2⤵
  PID:7956
- C:\Windows\System\eyjbQcB.exe
  C:\Windows\System\eyjbQcB.exe
  2⤵
  PID:7972
- C:\Windows\System\IQuevUU.exe
  C:\Windows\System\IQuevUU.exe
  2⤵
  PID:7988
- C:\Windows\System\bFNncfu.exe
  C:\Windows\System\bFNncfu.exe
  2⤵
  PID:8004
- C:\Windows\System\GPFUSNu.exe
  C:\Windows\System\GPFUSNu.exe
  2⤵
  PID:8020
- C:\Windows\System\DrnwVXI.exe
  C:\Windows\System\DrnwVXI.exe
  2⤵
  PID:8036
- C:\Windows\System\QAPQwCY.exe
  C:\Windows\System\QAPQwCY.exe
  2⤵
  PID:8052
- C:\Windows\System\YfSuapm.exe
  C:\Windows\System\YfSuapm.exe
  2⤵
  PID:8068
- C:\Windows\System\CaTrRuz.exe
  C:\Windows\System\CaTrRuz.exe
  2⤵
  PID:8084
- C:\Windows\System\cGlcCfW.exe
  C:\Windows\System\cGlcCfW.exe
  2⤵
  PID:8100
- C:\Windows\System\xRJnnji.exe
  C:\Windows\System\xRJnnji.exe
  2⤵
  PID:8116
- C:\Windows\System\fcYaQZH.exe
  C:\Windows\System\fcYaQZH.exe
  2⤵
  PID:8132
- C:\Windows\System\lhZiTts.exe
  C:\Windows\System\lhZiTts.exe
  2⤵
  PID:8148
- C:\Windows\System\lGhOhZp.exe
  C:\Windows\System\lGhOhZp.exe
  2⤵
  PID:8164
- C:\Windows\System\eLLgblS.exe
  C:\Windows\System\eLLgblS.exe
  2⤵
  PID:8180
- C:\Windows\System\fnPUhET.exe
  C:\Windows\System\fnPUhET.exe
  2⤵
  PID:2452
- C:\Windows\System\JxcpkWZ.exe
  C:\Windows\System\JxcpkWZ.exe
  2⤵
  PID:6584
- C:\Windows\System\BpgcvZp.exe
  C:\Windows\System\BpgcvZp.exe
  2⤵
  PID:7096
- C:\Windows\System\lnHupdy.exe
  C:\Windows\System\lnHupdy.exe
  2⤵
  PID:2336
- C:\Windows\System\IHTmjge.exe
  C:\Windows\System\IHTmjge.exe
  2⤵
  PID:7188
- C:\Windows\System\mLTQlkH.exe
  C:\Windows\System\mLTQlkH.exe
  2⤵
  PID:2828
- C:\Windows\System\GYhHgrp.exe
  C:\Windows\System\GYhHgrp.exe
  2⤵
  PID:7220
- C:\Windows\System\mEjsJcm.exe
  C:\Windows\System\mEjsJcm.exe
  2⤵
  PID:2812
- C:\Windows\System\myjxwnK.exe
  C:\Windows\System\myjxwnK.exe
  2⤵
  PID:6712
- C:\Windows\System\yKoierl.exe
  C:\Windows\System\yKoierl.exe
  2⤵
  PID:336
- C:\Windows\System\jKNWpHE.exe
  C:\Windows\System\jKNWpHE.exe
  2⤵
  PID:1840
- C:\Windows\System\ipvXBus.exe
  C:\Windows\System\ipvXBus.exe
  2⤵
  PID:1720
- C:\Windows\System\QJENLLi.exe
  C:\Windows\System\QJENLLi.exe
  2⤵
  PID:2608
- C:\Windows\System\fbhjAiM.exe
  C:\Windows\System\fbhjAiM.exe
  2⤵
  PID:2436
- C:\Windows\System\lVvlWpC.exe
  C:\Windows\System\lVvlWpC.exe
  2⤵
  PID:7288
- C:\Windows\System\ukoMktO.exe
  C:\Windows\System\ukoMktO.exe
  2⤵
  PID:7352
- C:\Windows\System\YoJDAon.exe
  C:\Windows\System\YoJDAon.exe
  2⤵
  PID:7300
- C:\Windows\System\ESeqZnY.exe
  C:\Windows\System\ESeqZnY.exe
  2⤵
  PID:7368
- C:\Windows\System\MQtpKJs.exe
  C:\Windows\System\MQtpKJs.exe
  2⤵
  PID:7452
- C:\Windows\System\CgIFqoh.exe
  C:\Windows\System\CgIFqoh.exe
  2⤵
  PID:7428
- C:\Windows\System\ucIKCvM.exe
  C:\Windows\System\ucIKCvM.exe
  2⤵
  PID:7528
- C:\Windows\System\pPZWiOe.exe
  C:\Windows\System\pPZWiOe.exe
  2⤵
  PID:7560
- C:\Windows\System\WDuMJHd.exe
  C:\Windows\System\WDuMJHd.exe
  2⤵
  PID:7512
- C:\Windows\System\DOmbzBM.exe
  C:\Windows\System\DOmbzBM.exe
  2⤵
  PID:7576
- C:\Windows\System\BFGsBLd.exe
  C:\Windows\System\BFGsBLd.exe
  2⤵
  PID:7640
- C:\Windows\System\sGgVgwf.exe
  C:\Windows\System\sGgVgwf.exe
  2⤵
  PID:7704
- C:\Windows\System\TeZLZxb.exe
  C:\Windows\System\TeZLZxb.exe
  2⤵
  PID:7768
- C:\Windows\System\TpuFEfJ.exe
  C:\Windows\System\TpuFEfJ.exe
  2⤵
  PID:7596
- C:\Windows\System\VZZpCeT.exe
  C:\Windows\System\VZZpCeT.exe
  2⤵
  PID:7656
- C:\Windows\System\GOHIEza.exe
  C:\Windows\System\GOHIEza.exe
  2⤵
  PID:7720
- C:\Windows\System\EnYdFsP.exe
  C:\Windows\System\EnYdFsP.exe
  2⤵
  PID:7788
- C:\Windows\System\rShIsje.exe
  C:\Windows\System\rShIsje.exe
  2⤵
  PID:7800
- C:\Windows\System\IKPeDhi.exe
  C:\Windows\System\IKPeDhi.exe
  2⤵
  PID:7868
- C:\Windows\System\NNpFuLD.exe
  C:\Windows\System\NNpFuLD.exe
  2⤵
  PID:7932
- C:\Windows\System\gaGMjxZ.exe
  C:\Windows\System\gaGMjxZ.exe
  2⤵
  PID:7968
- C:\Windows\System\pSTICZk.exe
  C:\Windows\System\pSTICZk.exe
  2⤵
  PID:8032
- C:\Windows\System\DFllrgR.exe
  C:\Windows\System\DFllrgR.exe
  2⤵
  PID:8096
- C:\Windows\System\JrXKOWn.exe
  C:\Windows\System\JrXKOWn.exe
  2⤵
  PID:7888
- C:\Windows\System\ESyLgGG.exe
  C:\Windows\System\ESyLgGG.exe
  2⤵
  PID:7948
- C:\Windows\System\gjYNsok.exe
  C:\Windows\System\gjYNsok.exe
  2⤵
  PID:8124
- C:\Windows\System\bivadJZ.exe
  C:\Windows\System\bivadJZ.exe
  2⤵
  PID:8188
- C:\Windows\System\RoggUVA.exe
  C:\Windows\System\RoggUVA.exe
  2⤵
  PID:8016
- C:\Windows\System\FgMkjUD.exe
  C:\Windows\System\FgMkjUD.exe
  2⤵
  PID:8048
- C:\Windows\System\LQzsmSW.exe
  C:\Windows\System\LQzsmSW.exe
  2⤵
  PID:544
- C:\Windows\System\rMUogXW.exe
  C:\Windows\System\rMUogXW.exe
  2⤵
  PID:1780
- C:\Windows\System\JSwuTzt.exe
  C:\Windows\System\JSwuTzt.exe
  2⤵
  PID:960
- C:\Windows\System\kyQzAIZ.exe
  C:\Windows\System\kyQzAIZ.exe
  2⤵
  PID:2464
- C:\Windows\System\bBbXyZA.exe
  C:\Windows\System\bBbXyZA.exe
  2⤵
  PID:7128
- C:\Windows\System\JKgZTBS.exe
  C:\Windows\System\JKgZTBS.exe
  2⤵
  PID:7416
- C:\Windows\System\NRanlnI.exe
  C:\Windows\System\NRanlnI.exe
  2⤵
  PID:1924
- C:\Windows\System\QxxMBkU.exe
  C:\Windows\System\QxxMBkU.exe
  2⤵
  PID:2864
- C:\Windows\System\uKsWwXX.exe
  C:\Windows\System\uKsWwXX.exe
  2⤵
  PID:7320
- C:\Windows\System\scTpuiZ.exe
  C:\Windows\System\scTpuiZ.exe
  2⤵
  PID:7396
- C:\Windows\System\NcvYeEn.exe
  C:\Windows\System\NcvYeEn.exe
  2⤵
  PID:7400
- C:\Windows\System\sNCUbts.exe
  C:\Windows\System\sNCUbts.exe
  2⤵
  PID:7548
- C:\Windows\System\kNUSKta.exe
  C:\Windows\System\kNUSKta.exe
  2⤵
  PID:7724
- C:\Windows\System\NqhVSPv.exe
  C:\Windows\System\NqhVSPv.exe
  2⤵
  PID:7784
- C:\Windows\System\iEttnCa.exe
  C:\Windows\System\iEttnCa.exe
  2⤵
  PID:7836
- C:\Windows\System\pAEIBaS.exe
  C:\Windows\System\pAEIBaS.exe
  2⤵
  PID:7848
- C:\Windows\System\LXNAAmM.exe
  C:\Windows\System\LXNAAmM.exe
  2⤵
  PID:7964
- C:\Windows\System\SLEXNga.exe
  C:\Windows\System\SLEXNga.exe
  2⤵
  PID:8064
- C:\Windows\System\mtjDdLs.exe
  C:\Windows\System\mtjDdLs.exe
  2⤵
  PID:8156
- C:\Windows\System\XClDhhE.exe
  C:\Windows\System\XClDhhE.exe
  2⤵
  PID:868
- C:\Windows\System\WsBiWJv.exe
  C:\Windows\System\WsBiWJv.exe
  2⤵
  PID:8172
- C:\Windows\System\lASzfsn.exe
  C:\Windows\System\lASzfsn.exe
  2⤵
  PID:7980
- C:\Windows\System\XoQTBkO.exe
  C:\Windows\System\XoQTBkO.exe
  2⤵
  PID:7484
- C:\Windows\System\GrFzOFP.exe
  C:\Windows\System\GrFzOFP.exe
  2⤵
  PID:8108
- C:\Windows\System\lCjCpqx.exe
  C:\Windows\System\lCjCpqx.exe
  2⤵
  PID:7532
- C:\Windows\System\orkzmYh.exe
  C:\Windows\System\orkzmYh.exe
  2⤵
  PID:7852
- C:\Windows\System\TSnGxjs.exe
  C:\Windows\System\TSnGxjs.exe
  2⤵
  PID:8028
- C:\Windows\System\wJtJJlQ.exe
  C:\Windows\System\wJtJJlQ.exe
  2⤵
  PID:7268
- C:\Windows\System\oUuRPDB.exe
  C:\Windows\System\oUuRPDB.exe
  2⤵
  PID:7904
- C:\Windows\System\SMSjKkN.exe
  C:\Windows\System\SMSjKkN.exe
  2⤵
  PID:7820
- C:\Windows\System\vrHnYXA.exe
  C:\Windows\System\vrHnYXA.exe
  2⤵
  PID:7232
- C:\Windows\System\AHxeeKe.exe
  C:\Windows\System\AHxeeKe.exe
  2⤵
  PID:2472
- C:\Windows\System\cqejJZJ.exe
  C:\Windows\System\cqejJZJ.exe
  2⤵
  PID:7676
- C:\Windows\System\LaWIkaW.exe
  C:\Windows\System\LaWIkaW.exe
  2⤵
  PID:7480
- C:\Windows\System\PmOhQwi.exe
  C:\Windows\System\PmOhQwi.exe
  2⤵
  PID:8000
- C:\Windows\System\FsNFPYO.exe
  C:\Windows\System\FsNFPYO.exe
  2⤵
  PID:7592
- C:\Windows\System\HniLioz.exe
  C:\Windows\System\HniLioz.exe
  2⤵
  PID:7256
- C:\Windows\System\ICpbqTU.exe
  C:\Windows\System\ICpbqTU.exe
  2⤵
  PID:8208
- C:\Windows\System\BRRwUWa.exe
  C:\Windows\System\BRRwUWa.exe
  2⤵
  PID:8224
- C:\Windows\System\uvTIldN.exe
  C:\Windows\System\uvTIldN.exe
  2⤵
  PID:8240
- C:\Windows\System\xGnbcgx.exe
  C:\Windows\System\xGnbcgx.exe
  2⤵
  PID:8256
- C:\Windows\System\OuOBQOL.exe
  C:\Windows\System\OuOBQOL.exe
  2⤵
  PID:8272
- C:\Windows\System\qyWLlMv.exe
  C:\Windows\System\qyWLlMv.exe
  2⤵
  PID:8288
- C:\Windows\System\ShVFAqF.exe
  C:\Windows\System\ShVFAqF.exe
  2⤵
  PID:8304
- C:\Windows\System\ckFlreB.exe
  C:\Windows\System\ckFlreB.exe
  2⤵
  PID:8320
- C:\Windows\System\mXtyCyM.exe
  C:\Windows\System\mXtyCyM.exe
  2⤵
  PID:8336
- C:\Windows\System\VlnPQvA.exe
  C:\Windows\System\VlnPQvA.exe
  2⤵
  PID:8352
- C:\Windows\System\OFDASyu.exe
  C:\Windows\System\OFDASyu.exe
  2⤵
  PID:8368
- C:\Windows\System\PtcXQaI.exe
  C:\Windows\System\PtcXQaI.exe
  2⤵
  PID:8384
- C:\Windows\System\tpPdFXt.exe
  C:\Windows\System\tpPdFXt.exe
  2⤵
  PID:8400
- C:\Windows\System\rhhDbCQ.exe
  C:\Windows\System\rhhDbCQ.exe
  2⤵
  PID:8416
- C:\Windows\System\XgWpAqZ.exe
  C:\Windows\System\XgWpAqZ.exe
  2⤵
  PID:8432
- C:\Windows\System\DmerAex.exe
  C:\Windows\System\DmerAex.exe
  2⤵
  PID:8448
- C:\Windows\System\cEkCMnq.exe
  C:\Windows\System\cEkCMnq.exe
  2⤵
  PID:8464
- C:\Windows\System\PjhIUYo.exe
  C:\Windows\System\PjhIUYo.exe
  2⤵
  PID:8480
- C:\Windows\System\dAABXJj.exe
  C:\Windows\System\dAABXJj.exe
  2⤵
  PID:8496
- C:\Windows\System\VNHfjbg.exe
  C:\Windows\System\VNHfjbg.exe
  2⤵
  PID:8512
- C:\Windows\System\GHxEaTm.exe
  C:\Windows\System\GHxEaTm.exe
  2⤵
  PID:8528
- C:\Windows\System\YIGotjQ.exe
  C:\Windows\System\YIGotjQ.exe
  2⤵
  PID:8544
- C:\Windows\System\VDRKSUx.exe
  C:\Windows\System\VDRKSUx.exe
  2⤵
  PID:8560
- C:\Windows\System\kMhyFFJ.exe
  C:\Windows\System\kMhyFFJ.exe
  2⤵
  PID:8576
- C:\Windows\System\DUGiXba.exe
  C:\Windows\System\DUGiXba.exe
  2⤵
  PID:8592
- C:\Windows\System\QrJBYPa.exe
  C:\Windows\System\QrJBYPa.exe
  2⤵
  PID:8608
- C:\Windows\System\YbKkPRB.exe
  C:\Windows\System\YbKkPRB.exe
  2⤵
  PID:8624
- C:\Windows\System\PcBgBcr.exe
  C:\Windows\System\PcBgBcr.exe
  2⤵
  PID:8640
- C:\Windows\System\wjAzrsI.exe
  C:\Windows\System\wjAzrsI.exe
  2⤵
  PID:8656
- C:\Windows\System\tJScoWB.exe
  C:\Windows\System\tJScoWB.exe
  2⤵
  PID:8676
- C:\Windows\System\YegynKM.exe
  C:\Windows\System\YegynKM.exe
  2⤵
  PID:8692
- C:\Windows\System\fHtEVIF.exe
  C:\Windows\System\fHtEVIF.exe
  2⤵
  PID:8708
- C:\Windows\System\bPbuBWu.exe
  C:\Windows\System\bPbuBWu.exe
  2⤵
  PID:8724
- C:\Windows\System\hXkyQxS.exe
  C:\Windows\System\hXkyQxS.exe
  2⤵
  PID:8740
- C:\Windows\System\WUDlppi.exe
  C:\Windows\System\WUDlppi.exe
  2⤵
  PID:8756
- C:\Windows\System\VswmoEs.exe
  C:\Windows\System\VswmoEs.exe
  2⤵
  PID:8772
- C:\Windows\System\PpFuQpM.exe
  C:\Windows\System\PpFuQpM.exe
  2⤵
  PID:8788
- C:\Windows\System\cdWpICf.exe
  C:\Windows\System\cdWpICf.exe
  2⤵
  PID:8804
- C:\Windows\System\biUjmUM.exe
  C:\Windows\System\biUjmUM.exe
  2⤵
  PID:8820
- C:\Windows\System\THxLhAW.exe
  C:\Windows\System\THxLhAW.exe
  2⤵
  PID:8836
- C:\Windows\System\qIeqMCw.exe
  C:\Windows\System\qIeqMCw.exe
  2⤵
  PID:8852
- C:\Windows\System\MYVqBOy.exe
  C:\Windows\System\MYVqBOy.exe
  2⤵
  PID:8868
- C:\Windows\System\axMRZOl.exe
  C:\Windows\System\axMRZOl.exe
  2⤵
  PID:8884
- C:\Windows\System\UkphzHa.exe
  C:\Windows\System\UkphzHa.exe
  2⤵
  PID:8900
- C:\Windows\System\STYrSqC.exe
  C:\Windows\System\STYrSqC.exe
  2⤵
  PID:8916
- C:\Windows\System\LAmQqEs.exe
  C:\Windows\System\LAmQqEs.exe
  2⤵
  PID:8932
- C:\Windows\System\LcIWuFp.exe
  C:\Windows\System\LcIWuFp.exe
  2⤵
  PID:8948
- C:\Windows\System\dLtuSMO.exe
  C:\Windows\System\dLtuSMO.exe
  2⤵
  PID:8964
- C:\Windows\System\XExTzqa.exe
  C:\Windows\System\XExTzqa.exe
  2⤵
  PID:8980
- C:\Windows\System\EovEnEU.exe
  C:\Windows\System\EovEnEU.exe
  2⤵
  PID:8996
- C:\Windows\System\DZreTCf.exe
  C:\Windows\System\DZreTCf.exe
  2⤵
  PID:9012
- C:\Windows\System\hMEnkcq.exe
  C:\Windows\System\hMEnkcq.exe
  2⤵
  PID:9028
- C:\Windows\System\JUdjKjK.exe
  C:\Windows\System\JUdjKjK.exe
  2⤵
  PID:9048
- C:\Windows\System\YUpwfyF.exe
  C:\Windows\System\YUpwfyF.exe
  2⤵
  PID:9064
- C:\Windows\System\DIXeaiv.exe
  C:\Windows\System\DIXeaiv.exe
  2⤵
  PID:9080
- C:\Windows\System\IukoqaV.exe
  C:\Windows\System\IukoqaV.exe
  2⤵
  PID:9096
- C:\Windows\System\KttiVAo.exe
  C:\Windows\System\KttiVAo.exe
  2⤵
  PID:9112
- C:\Windows\System\fLhCyrN.exe
  C:\Windows\System\fLhCyrN.exe
  2⤵
  PID:9128
- C:\Windows\System\tQxqVas.exe
  C:\Windows\System\tQxqVas.exe
  2⤵
  PID:9144
- C:\Windows\System\iULwCbW.exe
  C:\Windows\System\iULwCbW.exe
  2⤵
  PID:9160
- C:\Windows\System\NmzeFsK.exe
  C:\Windows\System\NmzeFsK.exe
  2⤵
  PID:9176
- C:\Windows\System\vchhXEz.exe
  C:\Windows\System\vchhXEz.exe
  2⤵
  PID:9192
- C:\Windows\System\etSzAYn.exe
  C:\Windows\System\etSzAYn.exe
  2⤵
  PID:9208
- C:\Windows\System\GQwVVWO.exe
  C:\Windows\System\GQwVVWO.exe
  2⤵
  PID:1552
- C:\Windows\System\IUusnjw.exe
  C:\Windows\System\IUusnjw.exe
  2⤵
  PID:7216
- C:\Windows\System\tWPBTDR.exe
  C:\Windows\System\tWPBTDR.exe
  2⤵
  PID:8128
- C:\Windows\System\JimDKkt.exe
  C:\Windows\System\JimDKkt.exe
  2⤵
  PID:8204
- C:\Windows\System\YYPOwGk.exe
  C:\Windows\System\YYPOwGk.exe
  2⤵
  PID:8248
- C:\Windows\System\MxgraNz.exe
  C:\Windows\System\MxgraNz.exe
  2⤵
  PID:8300
- C:\Windows\System\fQsIyxS.exe
  C:\Windows\System\fQsIyxS.exe
  2⤵
  PID:8284
- C:\Windows\System\YoTCmYK.exe
  C:\Windows\System\YoTCmYK.exe
  2⤵
  PID:8316
- C:\Windows\System\cjwRonH.exe
  C:\Windows\System\cjwRonH.exe
  2⤵
  PID:8392
- C:\Windows\System\LRihVTS.exe
  C:\Windows\System\LRihVTS.exe
  2⤵
  PID:8456
- C:\Windows\System\wadXUVj.exe
  C:\Windows\System\wadXUVj.exe
  2⤵
  PID:8444
- C:\Windows\System\qgJFSNp.exe
  C:\Windows\System\qgJFSNp.exe
  2⤵
  PID:8380
- C:\Windows\System\LcvNqBp.exe
  C:\Windows\System\LcvNqBp.exe
  2⤵
  PID:8508
- C:\Windows\System\qywYADE.exe
  C:\Windows\System\qywYADE.exe
  2⤵
  PID:8552
- C:\Windows\System\QopeJUo.exe
  C:\Windows\System\QopeJUo.exe
  2⤵
  PID:8620
- C:\Windows\System\UqbETnF.exe
  C:\Windows\System\UqbETnF.exe
  2⤵
  PID:8540
- C:\Windows\System\JPWMQNs.exe
  C:\Windows\System\JPWMQNs.exe
  2⤵
  PID:8604
- C:\Windows\System\oKVuzcs.exe
  C:\Windows\System\oKVuzcs.exe
  2⤵
  PID:8684
- C:\Windows\System\PajOylD.exe
  C:\Windows\System\PajOylD.exe
  2⤵
  PID:8748
- C:\Windows\System\GCODqjB.exe
  C:\Windows\System\GCODqjB.exe
  2⤵
  PID:8812
- C:\Windows\System\xswCDub.exe
  C:\Windows\System\xswCDub.exe
  2⤵
  PID:8848
- C:\Windows\System\WDqNlbn.exe
  C:\Windows\System\WDqNlbn.exe
  2⤵
  PID:8908
- C:\Windows\System\gwquWZo.exe
  C:\Windows\System\gwquWZo.exe
  2⤵
  PID:8944
- C:\Windows\System\LYskrpq.exe
  C:\Windows\System\LYskrpq.exe
  2⤵
  PID:9004
- C:\Windows\System\lnJEJqj.exe
  C:\Windows\System\lnJEJqj.exe
  2⤵
  PID:8704
- C:\Windows\System\DtKDwnG.exe
  C:\Windows\System\DtKDwnG.exe
  2⤵
  PID:8860
- C:\Windows\System\wbRfxZl.exe
  C:\Windows\System\wbRfxZl.exe
  2⤵
  PID:8832
- C:\Windows\System\YyRAlxf.exe
  C:\Windows\System\YyRAlxf.exe
  2⤵
  PID:8928
- C:\Windows\System\PHYNCwb.exe
  C:\Windows\System\PHYNCwb.exe
  2⤵
  PID:8992
- C:\Windows\System\rveYSML.exe
  C:\Windows\System\rveYSML.exe
  2⤵
  PID:9060
- C:\Windows\System\BTItzjf.exe
  C:\Windows\System\BTItzjf.exe
  2⤵
  PID:9104
- C:\Windows\System\XMKnybk.exe
  C:\Windows\System\XMKnybk.exe
  2⤵
  PID:9088
- C:\Windows\System\Zniromo.exe
  C:\Windows\System\Zniromo.exe
  2⤵
  PID:9156
- C:\Windows\System\tGXbIZp.exe
  C:\Windows\System\tGXbIZp.exe
  2⤵
  PID:9184
- C:\Windows\System\TGxsXny.exe
  C:\Windows\System\TGxsXny.exe
  2⤵
  PID:7920
- C:\Windows\System\pujPTRo.exe
  C:\Windows\System\pujPTRo.exe
  2⤵
  PID:8268
- C:\Windows\System\EZUzJiJ.exe
  C:\Windows\System\EZUzJiJ.exe
  2⤵
  PID:1288
- C:\Windows\System\oPKVCLp.exe
  C:\Windows\System\oPKVCLp.exe
  2⤵
  PID:8264
- C:\Windows\System\spbXvxe.exe
  C:\Windows\System\spbXvxe.exe
  2⤵
  PID:7448
- C:\Windows\System\YoFRAui.exe
  C:\Windows\System\YoFRAui.exe
  2⤵
  PID:8408
- C:\Windows\System\UgJmELW.exe
  C:\Windows\System\UgJmELW.exe
  2⤵
  PID:8536
- C:\Windows\System\DKTHkfA.exe
  C:\Windows\System\DKTHkfA.exe
  2⤵
  PID:8780
- C:\Windows\System\kCRKzCP.exe
  C:\Windows\System\kCRKzCP.exe
  2⤵
  PID:8972
- C:\Windows\System\IKiHMoP.exe
  C:\Windows\System\IKiHMoP.exe
  2⤵
  PID:8476
- C:\Windows\System\WxOQdxz.exe
  C:\Windows\System\WxOQdxz.exe
  2⤵
  PID:8440
- C:\Windows\System\FtmBbEk.exe
  C:\Windows\System\FtmBbEk.exe
  2⤵
  PID:8588
- C:\Windows\System\YTmKhyO.exe
  C:\Windows\System\YTmKhyO.exe
  2⤵
  PID:8720
- C:\Windows\System\RziAngz.exe
  C:\Windows\System\RziAngz.exe
  2⤵
  PID:8800
- C:\Windows\System\arplyLy.exe
  C:\Windows\System\arplyLy.exe
  2⤵
  PID:9024
- C:\Windows\System\YQtfJpQ.exe
  C:\Windows\System\YQtfJpQ.exe
  2⤵
  PID:9168
- C:\Windows\System\DHmjdBH.exe
  C:\Windows\System\DHmjdBH.exe
  2⤵
  PID:7624
- C:\Windows\System\tuKKDIW.exe
  C:\Windows\System\tuKKDIW.exe
  2⤵
  PID:8988
- C:\Windows\System\xDBwBQb.exe
  C:\Windows\System\xDBwBQb.exe
  2⤵
  PID:9124
- C:\Windows\System\pqkahqk.exe
  C:\Windows\System\pqkahqk.exe
  2⤵
  PID:9204
- C:\Windows\System\uyHfjAV.exe
  C:\Windows\System\uyHfjAV.exe
  2⤵
  PID:8360
- C:\Windows\System\JQeFkPI.exe
  C:\Windows\System\JQeFkPI.exe
  2⤵
  PID:8880
- C:\Windows\System\ayqiERN.exe
  C:\Windows\System\ayqiERN.exe
  2⤵
  PID:8584
- C:\Windows\System\WqWxLcV.exe
  C:\Windows\System\WqWxLcV.exe
  2⤵
  PID:8700
- C:\Windows\System\lULkwra.exe
  C:\Windows\System\lULkwra.exe
  2⤵
  PID:8960
- C:\Windows\System\TFrvuQF.exe
  C:\Windows\System\TFrvuQF.exe
  2⤵
  PID:8524
- C:\Windows\System\jRhFSda.exe
  C:\Windows\System\jRhFSda.exe
  2⤵
  PID:8716
- C:\Windows\System\ajbrqyM.exe
  C:\Windows\System\ajbrqyM.exe
  2⤵
  PID:9232
- C:\Windows\System\PNktjuf.exe
  C:\Windows\System\PNktjuf.exe
  2⤵
  PID:9248
- C:\Windows\System\SPagITJ.exe
  C:\Windows\System\SPagITJ.exe
  2⤵
  PID:9264
- C:\Windows\System\onducLZ.exe
  C:\Windows\System\onducLZ.exe
  2⤵
  PID:9280
- C:\Windows\System\YOVudcy.exe
  C:\Windows\System\YOVudcy.exe
  2⤵
  PID:9300
- C:\Windows\System\uAcsGdp.exe
  C:\Windows\System\uAcsGdp.exe
  2⤵
  PID:9316
- C:\Windows\System\zYLsVco.exe
  C:\Windows\System\zYLsVco.exe
  2⤵
  PID:9332
- C:\Windows\System\bRcZuhj.exe
  C:\Windows\System\bRcZuhj.exe
  2⤵
  PID:9348
- C:\Windows\System\kesTZbg.exe
  C:\Windows\System\kesTZbg.exe
  2⤵
  PID:9364
- C:\Windows\System\xmnGlrx.exe
  C:\Windows\System\xmnGlrx.exe
  2⤵
  PID:9380
- C:\Windows\System\cBXlRas.exe
  C:\Windows\System\cBXlRas.exe
  2⤵
  PID:9396
- C:\Windows\System\mIlvILv.exe
  C:\Windows\System\mIlvILv.exe
  2⤵
  PID:9412
- C:\Windows\System\wXgYuRI.exe
  C:\Windows\System\wXgYuRI.exe
  2⤵
  PID:9428
- C:\Windows\System\ZoSOFGP.exe
  C:\Windows\System\ZoSOFGP.exe
  2⤵
  PID:9444
- C:\Windows\System\NeBjPGf.exe
  C:\Windows\System\NeBjPGf.exe
  2⤵
  PID:9460
- C:\Windows\System\mDPDind.exe
  C:\Windows\System\mDPDind.exe
  2⤵
  PID:9476
- C:\Windows\System\KgkZbXA.exe
  C:\Windows\System\KgkZbXA.exe
  2⤵
  PID:9492
- C:\Windows\System\ufubRDA.exe
  C:\Windows\System\ufubRDA.exe
  2⤵
  PID:9508
- C:\Windows\System\jmfuycF.exe
  C:\Windows\System\jmfuycF.exe
  2⤵
  PID:9524
- C:\Windows\System\sSWEcsJ.exe
  C:\Windows\System\sSWEcsJ.exe
  2⤵
  PID:9540
- C:\Windows\System\YMsTkOu.exe
  C:\Windows\System\YMsTkOu.exe
  2⤵
  PID:9556
- C:\Windows\System\hnFngFL.exe
  C:\Windows\System\hnFngFL.exe
  2⤵
  PID:9572
- C:\Windows\System\UTqJLie.exe
  C:\Windows\System\UTqJLie.exe
  2⤵
  PID:9588
- C:\Windows\System\FevdVHl.exe
  C:\Windows\System\FevdVHl.exe
  2⤵
  PID:9604
- C:\Windows\System\pdFZlql.exe
  C:\Windows\System\pdFZlql.exe
  2⤵
  PID:9620
- C:\Windows\System\LcvpamM.exe
  C:\Windows\System\LcvpamM.exe
  2⤵
  PID:9636
- C:\Windows\System\AjBVhVb.exe
  C:\Windows\System\AjBVhVb.exe
  2⤵
  PID:9652
- C:\Windows\System\MXMJeuj.exe
  C:\Windows\System\MXMJeuj.exe
  2⤵
  PID:9668
- C:\Windows\System\ThQZSIp.exe
  C:\Windows\System\ThQZSIp.exe
  2⤵
  PID:9684
- C:\Windows\System\DlcdpSZ.exe
  C:\Windows\System\DlcdpSZ.exe
  2⤵
  PID:9700
- C:\Windows\System\zttZWaD.exe
  C:\Windows\System\zttZWaD.exe
  2⤵
  PID:9716
- C:\Windows\System\nyAXBOe.exe
  C:\Windows\System\nyAXBOe.exe
  2⤵
  PID:9732
- C:\Windows\System\sFocxAY.exe
  C:\Windows\System\sFocxAY.exe
  2⤵
  PID:9748
- C:\Windows\System\aoMsNBh.exe
  C:\Windows\System\aoMsNBh.exe
  2⤵
  PID:9764
- C:\Windows\System\EfssQsh.exe
  C:\Windows\System\EfssQsh.exe
  2⤵
  PID:9780
- C:\Windows\System\iAfFnvk.exe
  C:\Windows\System\iAfFnvk.exe
  2⤵
  PID:9796
- C:\Windows\System\HmQdWtL.exe
  C:\Windows\System\HmQdWtL.exe
  2⤵
  PID:9812
- C:\Windows\System\kQOMawj.exe
  C:\Windows\System\kQOMawj.exe
  2⤵
  PID:9828
- C:\Windows\System\jsgdkSB.exe
  C:\Windows\System\jsgdkSB.exe
  2⤵
  PID:9844
- C:\Windows\System\weKhMjJ.exe
  C:\Windows\System\weKhMjJ.exe
  2⤵
  PID:9860
- C:\Windows\System\nnOipNu.exe
  C:\Windows\System\nnOipNu.exe
  2⤵
  PID:9876
- C:\Windows\System\rkQRJyM.exe
  C:\Windows\System\rkQRJyM.exe
  2⤵
  PID:9892
- C:\Windows\System\AgGZLnc.exe
  C:\Windows\System\AgGZLnc.exe
  2⤵
  PID:9908
- C:\Windows\System\vdwIedM.exe
  C:\Windows\System\vdwIedM.exe
  2⤵
  PID:9924
- C:\Windows\System\REmdqyz.exe
  C:\Windows\System\REmdqyz.exe
  2⤵
  PID:9940
- C:\Windows\System\nVokVBV.exe
  C:\Windows\System\nVokVBV.exe
  2⤵
  PID:9956
- C:\Windows\System\CuAhJDw.exe
  C:\Windows\System\CuAhJDw.exe
  2⤵
  PID:9972
- C:\Windows\System\EidXsln.exe
  C:\Windows\System\EidXsln.exe
  2⤵
  PID:9988
- C:\Windows\System\VMwRMWK.exe
  C:\Windows\System\VMwRMWK.exe
  2⤵
  PID:10004
- C:\Windows\System\FVjsOCz.exe
  C:\Windows\System\FVjsOCz.exe
  2⤵
  PID:10028
- C:\Windows\System\KnEFUPS.exe
  C:\Windows\System\KnEFUPS.exe
  2⤵
  PID:10044
- C:\Windows\System\JhcOyxY.exe
  C:\Windows\System\JhcOyxY.exe
  2⤵
  PID:10060
- C:\Windows\System\zfPAVWx.exe
  C:\Windows\System\zfPAVWx.exe
  2⤵
  PID:10076
- C:\Windows\System\IqbOnxH.exe
  C:\Windows\System\IqbOnxH.exe
  2⤵
  PID:10096
- C:\Windows\System\iHyrxhN.exe
  C:\Windows\System\iHyrxhN.exe
  2⤵
  PID:10112
- C:\Windows\System\ttYaYCu.exe
  C:\Windows\System\ttYaYCu.exe
  2⤵
  PID:10128
- C:\Windows\System\CKnfxNz.exe
  C:\Windows\System\CKnfxNz.exe
  2⤵
  PID:10144
- C:\Windows\System\gUbqOvM.exe
  C:\Windows\System\gUbqOvM.exe
  2⤵
  PID:10160
- C:\Windows\System\pqHfSMa.exe
  C:\Windows\System\pqHfSMa.exe
  2⤵
  PID:10176
- C:\Windows\System\HjaDXnQ.exe
  C:\Windows\System\HjaDXnQ.exe
  2⤵
  PID:10192
- C:\Windows\System\KDMBnWq.exe
  C:\Windows\System\KDMBnWq.exe
  2⤵
  PID:10208
- C:\Windows\System\tyHtPal.exe
  C:\Windows\System\tyHtPal.exe
  2⤵
  PID:10224
- C:\Windows\System\dhhwVUN.exe
  C:\Windows\System\dhhwVUN.exe
  2⤵
  PID:9152
- C:\Windows\System\BtDscCE.exe
  C:\Windows\System\BtDscCE.exe
  2⤵
  PID:8844
- C:\Windows\System\UeSjzwz.exe
  C:\Windows\System\UeSjzwz.exe
  2⤵
  PID:9288
- C:\Windows\System\YnBqZdy.exe
  C:\Windows\System\YnBqZdy.exe
  2⤵
  PID:9328
- C:\Windows\System\ozRrZyF.exe
  C:\Windows\System\ozRrZyF.exe
  2⤵
  PID:8896
- C:\Windows\System\TPQRbdR.exe
  C:\Windows\System\TPQRbdR.exe
  2⤵
  PID:9072
- C:\Windows\System\gPtkmzc.exe
  C:\Windows\System\gPtkmzc.exe
  2⤵
  PID:8736
- C:\Windows\System\BRAhhOv.exe
  C:\Windows\System\BRAhhOv.exe
  2⤵
  PID:8940
- C:\Windows\System\lKkwWma.exe
  C:\Windows\System\lKkwWma.exe
  2⤵
  PID:9308
- C:\Windows\System\CiShrmY.exe
  C:\Windows\System\CiShrmY.exe
  2⤵
  PID:9388
- C:\Windows\System\KZjKDBf.exe
  C:\Windows\System\KZjKDBf.exe
  2⤵
  PID:9424
- C:\Windows\System\vvLgaCX.exe
  C:\Windows\System\vvLgaCX.exe
  2⤵
  PID:9408
- C:\Windows\System\mgLmDrr.exe
  C:\Windows\System\mgLmDrr.exe
  2⤵
  PID:9436
- C:\Windows\System\SnZoFjD.exe
  C:\Windows\System\SnZoFjD.exe
  2⤵
  PID:9488
- C:\Windows\System\hpPBREE.exe
  C:\Windows\System\hpPBREE.exe
  2⤵
  PID:9552
- C:\Windows\System\VgHntnb.exe
  C:\Windows\System\VgHntnb.exe
  2⤵
  PID:9616
- C:\Windows\System\ldqVboE.exe
  C:\Windows\System\ldqVboE.exe
  2⤵
  PID:9676
- C:\Windows\System\OuwfNSR.exe
  C:\Windows\System\OuwfNSR.exe
  2⤵
  PID:9532
- C:\Windows\System\QoPZuqR.exe
  C:\Windows\System\QoPZuqR.exe
  2⤵
  PID:9500
- C:\Windows\System\zlgjzXr.exe
  C:\Windows\System\zlgjzXr.exe
  2⤵
  PID:9744
- C:\Windows\System\ZXqWptf.exe
  C:\Windows\System\ZXqWptf.exe
  2⤵
  PID:9568
- C:\Windows\System\OvcPcuj.exe
  C:\Windows\System\OvcPcuj.exe
  2⤵
  PID:9696
- C:\Windows\System\ktgkPNC.exe
  C:\Windows\System\ktgkPNC.exe
  2⤵
  PID:9776
- C:\Windows\System\hpufXlr.exe
  C:\Windows\System\hpufXlr.exe
  2⤵
  PID:9788
- C:\Windows\System\BUHwNrq.exe
  C:\Windows\System\BUHwNrq.exe
  2⤵
  PID:9840
- C:\Windows\System\RzKZJxK.exe
  C:\Windows\System\RzKZJxK.exe
  2⤵
  PID:9900
- C:\Windows\System\uETAYwp.exe
  C:\Windows\System\uETAYwp.exe
  2⤵
  PID:9916
- C:\Windows\System\DzSRPwj.exe
  C:\Windows\System\DzSRPwj.exe
  2⤵
  PID:9936
- C:\Windows\System\HMuYHmO.exe
  C:\Windows\System\HMuYHmO.exe
  2⤵
  PID:9980
- C:\Windows\System\KVyJXuE.exe
  C:\Windows\System\KVyJXuE.exe
  2⤵
  PID:10000
- C:\Windows\System\XWebrnH.exe
  C:\Windows\System\XWebrnH.exe
  2⤵
  PID:10088
- C:\Windows\System\oQWZBji.exe
  C:\Windows\System\oQWZBji.exe
  2⤵
  PID:10184
- C:\Windows\System\XvnzUgj.exe
  C:\Windows\System\XvnzUgj.exe
  2⤵
  PID:10084
- C:\Windows\System\jQOeCdh.exe
  C:\Windows\System\jQOeCdh.exe
  2⤵
  PID:10220
- C:\Windows\System\QNBzYvl.exe
  C:\Windows\System\QNBzYvl.exe
  2⤵
  PID:10072
- C:\Windows\System\GtCnopu.exe
  C:\Windows\System\GtCnopu.exe
  2⤵
  PID:10140
- C:\Windows\System\jkBuTIi.exe
  C:\Windows\System\jkBuTIi.exe
  2⤵
  PID:10232
- C:\Windows\System\ULSJygt.exe
  C:\Windows\System\ULSJygt.exe
  2⤵
  PID:9240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BKZRtge.exe

Filesize
6.0MB

MD5
7000e53e1dbcf3487bc4580bb57d7e14

SHA1
a004f1098e69d816e3c912ed53995d7ec74fb53a

SHA256
a52b40a284e2a591451d6d43efb63fb74460c0658e4f987b104dabc371e12a72

SHA512
473cccaa7c4d1b24944e439b4637c1145e45e88ed7ed8e4623ef6d78b15a90157384366b9368dd3bb01962dfa1ab3786231bc6d5a0a7dd675a54febc7b9097d7

Download Submit
C:\Windows\system\BtAdicO.exe

Filesize
6.0MB

MD5
0a810efc231bc45e366349936c0af085

SHA1
a498a2d120ff18dbcf53d099fa8f661318ba8b19

SHA256
9fe4637f5ff70a9504852685fc51685955bdf084ddd4bd7493e232f7684536d7

SHA512
0c7ae8eb5f408459965aff25d573d63c8e98cbeea9d54b11d55317ffc0dba9a8c6d244dec04c6eaee4f7a2b1086fc8f5a7caeda7240dd2a1f46e3f5f461ec690

Download Submit
C:\Windows\system\CYNgwWr.exe

Filesize
6.0MB

MD5
1a9e11af61b23378dbaf09da6524ff06

SHA1
6f2452755b94059bed2dff38a8de33f39878cbc6

SHA256
342fa9ea8519f551d237b3363512506c928f53900e48f0e11698cc5406289f63

SHA512
1996c04c9d340946d6fe20df11aefc5601246b996af71e48c8dd35ce7d066e5df3767da7f49eadf49e273b9da7a98d5f431dd42548c1f8ee5c08ec33cfe6a81c

Download Submit
C:\Windows\system\EkNXrOy.exe

Filesize
6.0MB

MD5
a18106190edcc93a0f05647a37b8ddb0

SHA1
aeb7192176973b5796be9311b4ca612a69efdf7e

SHA256
05add77774fb384aaf3708ea0c747118c9cc1e458f48130e1c24c88cae3c943e

SHA512
4e88b68e072cca45d75bd4be81e069e506989f3b66330274529c3ded3be2a1901b9e6363cb0ccd73c4ce572f5fcb10a3d67f039e5c9f7c4f7206d1df272219be

Download Submit
C:\Windows\system\HvOMFvn.exe

Filesize
6.0MB

MD5
700874bbade8c6735b34d5a113ff34bd

SHA1
8479ce3e0325454dbdb4543109211454dbc217a1

SHA256
cca18981ea8799442648a12f033932265937dc34e9968b81dbc692e7e0bebdc3

SHA512
9173d90df97f024090b2e74255cca2311b4b80d823741277ceaad5aee64e5be23de054ac989751d9488750d17e12645c8218f91a2131f71558735f80d3478fcd

Download Submit
C:\Windows\system\LpZhKVn.exe

Filesize
6.0MB

MD5
bf916ddc83d95d721068611b5f09e0ec

SHA1
6cc76f9b66bf5e89a6437bae828cbdf8bc55bff9

SHA256
e383eea3d13d1540ac4bb9980ae642b73e2898543750d5104350fb00bd140600

SHA512
9181979a0bd0d8c4b54fd73352308c222e981030505730a49e45445b6d8481deaa69371a452bdd00ded3fa0a54a6951cf9583e14661a83daea0c0dceb1fa7e22

Download Submit
C:\Windows\system\SyJWMZd.exe

Filesize
6.0MB

MD5
d8d771225615f9e6dba79a5da7750de0

SHA1
504a08480995f53a779fa205ba68ffe09de5acf3

SHA256
a3f696f123322250bd48f6dfb542cd670b90e65fcf7e7222b7d29ffb1fc8956a

SHA512
755b7557b73ffda99a35995bd5b24bbae23af4fa52d54e35b0b73b409224e29a2fe469a1ffba82be529b488c53a4a0aeb7341fbe907de52a5e6fe043006eff0a

Download Submit
C:\Windows\system\YSTqQVA.exe

Filesize
6.0MB

MD5
7acddb59e6196b77fc48f9e495bae1f2

SHA1
078255e36525e31fdf26b803b6c43885aff16dc2

SHA256
11fbe5e2e740c8c99a5fa2c77311b572cca2d37ab11517c1c568583fdd8c1987

SHA512
8e93b516b6489798192e37bef3971c3a6d1f3007ebea1f1d2f08e19e2ff2a367c43e608989ff1c387b70a6076b78a7f3e8fe3342b40ded769d3f21c4299a4dd5

Download Submit
C:\Windows\system\Yixaejr.exe

Filesize
6.0MB

MD5
3e68742fe03f94ef48b39a33615d7806

SHA1
6fd548d7457e9a5a47794129881e34d578ab1c99

SHA256
9034a886c9059daedda7f8b6b64b31eca8db857864d61eb04784d248beb860f5

SHA512
86e8d4ff47c713d96c239791a6e26431f07a7ed2b9898bdf872ff99e1b0959ff8af56bb5af3cdd953f14f453fb8d8f0025ceb7a03fa959e94662becb8f736552

Download Submit
C:\Windows\system\aPypzrR.exe

Filesize
6.0MB

MD5
2bc9186071cffa5b60530e81f0d267d5

SHA1
7b642d142641b38c3d5b717d4f7be074fab2a72b

SHA256
9562278c0be5eb2cb09323ef4f73570c9f1d907954f25f05fa0203c5981435ab

SHA512
813e8dabc84006083a4562db5040add2be2ba5fb5866c6a8ce280de1b58f35f01fd24069aafba266e1d15b861d936e814005ff66f138d609c5e8b1cee7cc3954

Download Submit
C:\Windows\system\eiWoztW.exe

Filesize
6.0MB

MD5
e1b901523e2b8c04c32bef67e3ffcf71

SHA1
e161c947866916a4dfabe76b152efb2d536a4b6a

SHA256
8c56dab912f8e90cbdb28e0c3ad60cd6a0585feeae0602f0294ab95562b1a4eb

SHA512
ec132d7881ff3d75dff52249691e39475386b4419eb25264f1e2a6781f84259b756975e8d6523a8c204322319af8c52496d3fa9af4564e548b82d905ad8a3c7b

Download Submit
C:\Windows\system\jdnMSRP.exe

Filesize
6.0MB

MD5
8bfb36d26d789667f2312141028cb97e

SHA1
87e831c6b0738bcbfe0977cf0b3005cec9d30a0a

SHA256
4bb4148e9d82af06a3bc4c71bc1342ca8e01bbc34eb5001d319a01bd0be924a8

SHA512
dcf2c7c74816a471df0b18dab878e11d1617e3d50eceae6a2a8e396898aeef61433a6410192ac9e3a09ebb51775d80e15f79571e03ca0bfa2c0f1f2e0e0c9e2f

Download Submit
C:\Windows\system\kZVNIzC.exe

Filesize
6.0MB

MD5
f99c2ce923dac35c74f02ddd3dec5b63

SHA1
b35e7eb364f6693d205f79f1f592e1e33ffc2b5a

SHA256
cd38d2c6862c70a0e02d35fb022173eb3cbcb49c0dc20952cfe6c2e7eb82ad3e

SHA512
fddd68f2f15b67ff12011b29d8caaee949daaeb3f977a7a2a471d1bdda4d8619c69e5bb75646cbab6da178cf98c20e3e7311e546da1d9b732c8992eac33f03ef

Download Submit
C:\Windows\system\nwypLlq.exe

Filesize
6.0MB

MD5
c662a769484b679e99735def14cb3375

SHA1
cb4fd378d8209ffafb6d3ab71f8ff553f4514fb1

SHA256
4b0c185e231653577243011580c607a7de398f76fc1aeecc39559dab7bc70ea2

SHA512
c3c957253ffd7a4cc70e933e8676eb2d341f518f377486ebab3f894ecde1ed7cef6a12bc2fea8555d23ff60d193a0db1293d9f5cbf02d3a6c806d0e4288c9e66

Download Submit
C:\Windows\system\oatmyfy.exe

Filesize
6.0MB

MD5
2a373539208a362c5ed6a3a9190e8566

SHA1
126504d642e49410ce467901ad47101ff988a5fb

SHA256
62343b4258149a91dbb97fd6f342376ec7b7930557dab784cc2eca61473a0141

SHA512
5be35e0cc84c6de515a21b006d46af08b40bdab53be8b70e42635e6f03e8a2480a7e3bfb15c7f6facf8d9e7e12f7bfb44c91904074566c7e405978c858733e20

Download Submit
C:\Windows\system\ulouqWO.exe

Filesize
6.0MB

MD5
f690da905b60046d91c71c02c36c03c8

SHA1
7663c80054cc4e94e5a57d49e011ce1e3104f5b7

SHA256
9d4d836284bb640bc2171e6f49df9f6eb855086aaf86aa0445a8f8d5835932dd

SHA512
2eea6d8ad16a7ea12ec066b4c96e3111eb6a0c172a597cfc1667245215e7bc543f9aec4d43c35936a03d11d817f24521db4b42360fffbd51805698fa6bac876e

Download Submit
C:\Windows\system\vOMZXRs.exe

Filesize
6.0MB

MD5
e554dba84ebd5f99fdcef5607a1379f8

SHA1
a03ed02df73188cf65c9566493386306fd64ded1

SHA256
517a8062777a3d5f06bb0209cc5a426c17b748318c00a8a855f2490c0ecd596e

SHA512
213961594bddc99e46984c007c35131e86d99241829a02bcb6a8c548d985686e2f5dfad55363ef3f7477e4408d88ff887153fde5b8702dcdbd61171411377dda

Download Submit
C:\Windows\system\xhTCJEh.exe

Filesize
6.0MB

MD5
6947d4599a131c92fd2757861b5998bb

SHA1
1b083701e7f06e3227c75130fb507e7c19e3d69f

SHA256
aa6951dd92921c28e64d032ef1c7e4ecc42e0522731b1f21f56f5c354c0ca877

SHA512
7f3754b122e593abace06fa2d4100177e6c166a03482c34ae1fbe7f25f612572a320d7c1173700c0c4e1b1b37e48e0da1a7beb4a736aa2d65e932510d144aa1f

Download Submit
C:\Windows\system\xwAomWI.exe

Filesize
6.0MB

MD5
3cbef28d4b15747aae325284bc4b4a1b

SHA1
36e128a5e632eb2785140b8d25fc18fbeddb2afa

SHA256
0eb40b137c552f7916a3ccbe0fa9e3344ece42fa575a9659ee6dd4b7ca10120f

SHA512
107060bf22fc6499032b857b7d1b24a22e5b71f901a4de8b5ee1d76b987ede51254bb2061b3adf19d22f7f5e4b663e6fb0b518480b7cc2bd4e632f08478f0bc3

Download Submit
\Windows\system\ANnucGG.exe

Filesize
6.0MB

MD5
5eb0c37a0e73acb872bb3ffa0596ad25

SHA1
0b7d05842099ed1ef2aa67936b1991b924d8f9d5

SHA256
7e4cf674b5ac740d34cb1b25751b83964063a9440168f09799f7baeededf0c88

SHA512
e18528199c9e788c9efe7231ad57bbe5190ffbaa5d861670587a51e46eeb3564dd60ad544177c20e4c210dd5d066a9db7b1ad2b5e9f74edc0521d8a0a3c726bb

Download Submit
\Windows\system\BUULVpa.exe

Filesize
6.0MB

MD5
26c7a1e46679d7cd079d574b4cdecfa7

SHA1
5f4eda3accf1fa2be2d32681ad6b5ede9997e9eb

SHA256
8f54142c427067980b0c143c5623b24cd296eb7d4b3518c400c1422cd1aa7f73

SHA512
800917b07d53671ead59d90f325eb65c7aaa978515ccb9a572972456d42a0e8451050e432a88c6bb8579d6389d862060b7abf07df26da68c0c865283f61a35f3

Download Submit
\Windows\system\DtavYzE.exe

Filesize
6.0MB

MD5
b8c80df8bbce3973edd60838bcc04e66

SHA1
083e635cf85ec1d9203052b3b97ac7a7ac2f2757

SHA256
53fe265513e9e2cdce94e4a9569c3d8f32763dec4817788f3e8823d81a751869

SHA512
877600434da84fd0dba049fd8c4a492442065a64a859b85171a956748af23cd01108d1c714d2dcb9760e5913135eb51e8159f8c47664ddc707aab027638212f0

Download Submit
\Windows\system\JMYJsqm.exe

Filesize
6.0MB

MD5
611cceb242509f1435e97adbb2082c71

SHA1
8967776148fd4e4d6b6253c0c12dd47ea1341199

SHA256
ceb6100cb2ad65aee36c197e873b6074a465c64339ba6951332331d963e5d7d4

SHA512
1cfa14b6e480287a039828b796c4c658f1ebbcc486c1d0a0ff8b74a5cbe77fe9a8e1f04e50c78772999f67213832dda77731d7545bb79e8fb415b5bb6e5872ac

Download Submit
\Windows\system\QxPaJyo.exe

Filesize
6.0MB

MD5
58a27e20ce18285ab3e28f1997c080f0

SHA1
bbc284df616ecea562ed8df206553c71816ea61b

SHA256
d02ceca7d0917d15bbd1afb7e93f15c9cee6e36ecd3df14915fd515f4d8b3946

SHA512
f0f3c9b1f9a848590d9570e52d3f88734d75decbc24cb118fdcfbd0346bf292b43d30525ddd34ac805fb009d10d6b9fb82756f2074da16ac2203d4bb92a050f8

Download Submit
\Windows\system\RYlgvlm.exe

Filesize
6.0MB

MD5
1fb77d00e78989eebf1208feafcf9070

SHA1
1a8bc1b7d8569fc878fc02b2d403a69321d34519

SHA256
3e29e195d466fe2d18306969e1a8cd8db1da468e2711e5c4d6a3f8dfaeb93083

SHA512
fb3a835ea177db1d12aa8b56beb3b99b20a9aa8a4ad6e62a9842154e0d3f527ed720416b9061a8a127e5d5ac05a0e550d67659d8e12cd4d520005b7540959490

Download Submit
\Windows\system\UQjgjBc.exe

Filesize
6.0MB

MD5
4dd5a73b4ab61dd83985cb02c9d13e76

SHA1
8131b28cc05616a441a06d58a92c9950a8ee9ee7

SHA256
3f5f749ba1c7003a4628d52d766d68a38a2f538982025f760b55004283d31f5c

SHA512
e9a0b846e97196e92f26db195795337ce71e3b75488f85d040256b9c050cfc31cf9d61862aa3cc219b0add5b0f85334930a97b900e6361dc3cc85df45824f9d5

Download Submit
\Windows\system\UaPgICY.exe

Filesize
6.0MB

MD5
fe5a64896b983766558e490140e28a73

SHA1
6baa6e8df83d36e174e779419392c8913cf41a35

SHA256
a269ed5c66f5560b03081626926277b230ecdf22f2027a96749fc234beaebd33

SHA512
8c50b6dea1cc57942d876851fecbd6e390466f05572bd00c97ccd6adef16bef51b5e7ac403220672b5650810c33f36f07ea9e0bfb05f64dab8b378ceeca9e95d

Download Submit
\Windows\system\WYzNsYr.exe

Filesize
6.0MB

MD5
4cfaacdd10f2bb0a913953457d315601

SHA1
a414d36d481d38ab62c02044da9659824bfee7d2

SHA256
8cd98dba9b5cf0448ef639d097973f0c73279220ff14460c4df12d53600b51fb

SHA512
68a7b523b4146e238eac14b49db60eb3f3f0f6e9994293994471efb283410f37f08af9c099f341e6cb328ef68d9971cf30bba688d468c48338dbc8dd6a52ff7a

Download Submit
\Windows\system\WnMMtcC.exe

Filesize
6.0MB

MD5
d151f8f024554cca51fe2284905430b1

SHA1
04e0c42b022cced219d967f90d901a5c05e0ff4f

SHA256
53eebc190d7e8ec45c17651ce3616f65d6b25f9edc0eed99e7d61659fc05d537

SHA512
1e852fe90693cbc83564c848c1d0a1bf72f44c5f165e4dd3faec66a8f7dd0c0554aed0e178dc11359623a77316fe532e52cc12d7ca0c362dbd85e1f58a8c29a5

Download Submit
\Windows\system\ltutBTQ.exe

Filesize
6.0MB

MD5
504da4a1b0ebef9353d8e3abe8e3ed1b

SHA1
69c8401a7840ad451f807a6b8a702f9cd2ba1185

SHA256
69a9e53fac921123686110efe2b48eaa92f73ddc01f95e82d24d891f7559fe63

SHA512
1214b4db4b2bda23ee4684c98291cc1d6a744eb05ef102e525597186048f1210402ea23592bfce1185aa07729ba22458024f2bd037587aaa0bb2a9de9228ca20

Download Submit
\Windows\system\nIdrucn.exe

Filesize
6.0MB

MD5
16bfd787ec57625d4efa5177778498a6

SHA1
6285efe95a00714adcf89b61f92cf1821edab2e2

SHA256
a1dfa479bd1900818984e38da3eef5f09774e093c4ee325ca4ff1610fa3a4a35

SHA512
aaf2b57f9a58894aec3f2e26339f6cc7723adce154ef2b81b9288b01626dc55ac7e58ec0f03568f3b5e7fa1c14d7ccdb28a05ca20ff63a341f40932c23032cde

Download Submit
\Windows\system\oZLcWSI.exe

Filesize
6.0MB

MD5
2e59f5c2de4e4c2ed91c44039856da4c

SHA1
e9da21e04719ec0d62227868db2677f9c09ec0d8

SHA256
ca28d729397147903c1548c466a4cce2b2ca089eef5b203880ad2a37e0d3bda3

SHA512
98d7753c02c203102dde403eb8f819dae4a326f6d9a8d6e67800f25ec9fc6234e5cc54fae78a12c78e240b842b7c7a669b123a2682f2b8c2a7413d884346bdcf

Download Submit
\Windows\system\tfgNVvj.exe

Filesize
6.0MB

MD5
6e6691d8ec78afc6f1ef55b202e7504f

SHA1
7c3594104a1c0776f8b5ed90de38c2eacf1e48bd

SHA256
4fb1f0a7bb8de203cd9ce995e515812b451e6eb6b5c0538b13ba85812144c3fb

SHA512
b7e430a5a482a3bae8de33dbebb07024dfb97c96224ebdbb3009f24f4bd0e8a42187f045feecef29b19f9a102840f1f213e8625c003b68109dbc0a0459046c2a

Download Submit
\Windows\system\tpffTKE.exe

Filesize
6.0MB

MD5
c22d2d08b5d9eebb829bc25d106c49c9

SHA1
46735c5c6f00eaadb3270f49b9baab1b81492355

SHA256
8d5653ebc985063593332a95e236a6a6bae3762caf4f169a3df1f35ab646d3dc

SHA512
e81b43d450faa3ae8d1a0e436233023c96bc2ce50053205111bc3ed8353a2e407a4a10848615319cfa514d7e0dabbf6840fd2ad5f19bc1c697c230fa4b1d5660

Download Submit
memory/700-37-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/700-3722-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-3721-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1832-114-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2156-23-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3720-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-1196-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-55-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2260-124-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-28-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-128-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-105-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2260-12-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-95-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-94-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2260-36-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2260-41-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-118-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2260-16-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2260-22-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-100-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-74-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2260-631-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2260-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2260-0-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-14-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2268-4204-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3719-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-15-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-110-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3723-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-102-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3716-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2764-43-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4206-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2764-849-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3717-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-77-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-76-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3718-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3724-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2892-84-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2908-29-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-410-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4218-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download