cobaltstrike | 35b60e5414688e5e387a00912b82339ad9715779b7688233c010f8628b337b29

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

02af6f6be2446672f873930d141113fd
SHA1

319c7bafe4c7987b03810474036c583686a498ca
SHA256

35b60e5414688e5e387a00912b82339ad9715779b7688233c010f8628b337b29
SHA512

280f9aff86c95e8472a666216057d6f65f9cdb6e6fcad6be58a2665d337dcaa6ebd4977de8e0675c8c7aa18677c5036874969fe3604429981bc53cccd055ea9c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU1:T+q56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d5-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195c2-7.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195c4-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195c6-22.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195c7-32.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195c8-36.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001945c-42.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195cc-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019cfc-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a481-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a485-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a489-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a483-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49e-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49b-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a0-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a493-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a4-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a491-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a8-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a6-168.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2568-0-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d5-3.dat	xmrig
behavioral1/files/0x00070000000195c2-7.dat	xmrig
behavioral1/memory/2440-12-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2024-15-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000195c4-16.dat	xmrig
behavioral1/files/0x00060000000195c6-22.dat	xmrig
behavioral1/memory/2720-23-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x00060000000195c7-32.dat	xmrig
behavioral1/memory/2152-34-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2568-33-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2816-29-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x00060000000195c8-36.dat	xmrig
behavioral1/memory/2348-39-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x000800000001945c-42.dat	xmrig
behavioral1/memory/2884-48-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195cc-50.dat	xmrig
behavioral1/files/0x0006000000019cfc-54.dat	xmrig
behavioral1/memory/2168-61-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2720-57-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2672-63-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a481-66.dat	xmrig
behavioral1/memory/2816-72-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x000500000001a485-77.dat	xmrig
behavioral1/memory/2568-83-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1500-96-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48d-102.dat	xmrig
behavioral1/memory/2796-88-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48b-108.dat	xmrig
behavioral1/files/0x000500000001a48f-105.dat	xmrig
behavioral1/memory/684-101-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2348-99-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a487-85.dat	xmrig
behavioral1/files/0x000500000001a489-92.dat	xmrig
behavioral1/memory/2328-84-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2152-81-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a483-80.dat	xmrig
behavioral1/memory/2676-79-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2884-111-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2568-75-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a495-121.dat	xmrig
behavioral1/files/0x000500000001a4a2-143.dat	xmrig
behavioral1/files/0x000500000001a49e-137.dat	xmrig
behavioral1/files/0x000500000001a499-129.dat	xmrig
behavioral1/files/0x000500000001a49b-132.dat	xmrig
behavioral1/files/0x000500000001a4a0-160.dat	xmrig
behavioral1/files/0x000500000001a497-156.dat	xmrig
behavioral1/files/0x000500000001a493-154.dat	xmrig
behavioral1/files/0x000500000001a4a4-146.dat	xmrig
behavioral1/files/0x000500000001a491-127.dat	xmrig
behavioral1/memory/2168-162-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ab-176.dat	xmrig
behavioral1/files/0x000500000001a4a8-171.dat	xmrig
behavioral1/memory/2568-375-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ad-185.dat	xmrig
behavioral1/files/0x000500000001a4af-188.dat	xmrig
behavioral1/files/0x000500000001a4a6-168.dat	xmrig
behavioral1/memory/684-1189-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2024-3440-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2720-3466-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2440-3485-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2816-3489-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2348-3501-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2152-3500-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2440	PUfGfTx.exe
2024	IGrRWqE.exe
2720	OJnlfqS.exe
2816	Dvrtsqs.exe
2152	RCHsPcX.exe
2348	ikktyBW.exe
2884	jixROob.exe
2168	hzrgViR.exe
2672	eUBBror.exe
2676	MaXYGKk.exe
2328	JZOZYVZ.exe
2796	qHPetLL.exe
1500	ESxDvPr.exe
684	udejGbN.exe
2148	BGKYizm.exe
2804	VBNvpaM.exe
1988	SuBigJC.exe
888	LlGnOej.exe
2188	WEQeZoU.exe
1848	HPqwaQi.exe
2956	nEayoMq.exe
2948	oSPntqj.exe
1104	Tccjrry.exe
328	UGfvzzl.exe
1304	UukAFTm.exe
3040	OZcIhAW.exe
2144	xroXzUr.exe
2444	qOcyZBU.exe
1964	ecYBvWS.exe
712	tWpXsZb.exe
2996	EmAWrYB.exe
1800	SeJNsSi.exe
1868	zsuAFZG.exe
1532	qGHfdUv.exe
1560	HuCOTmA.exe
1948	QJmsqLg.exe
1972	RvshykG.exe
1028	lQhMSMQ.exe
1784	LiUoaBb.exe
1776	ptKUpoW.exe
2344	JztFyab.exe
2460	HlxLwqi.exe
1664	IsccdPK.exe
2708	UKNThHJ.exe
1160	VTJDrNj.exe
1196	HMIMlAx.exe
2156	iWyrvwd.exe
1976	zcAGMWq.exe
2604	HqzJKEC.exe
1528	lWsKkxV.exe
1648	TUmyxxH.exe
2992	XYWrBKp.exe
2276	SMAlKUo.exe
1576	jmZMyLa.exe
1612	gePZsJQ.exe
2192	ewjPKkG.exe
2332	euyUclF.exe
2376	DYoZqeP.exe
2636	LCRQNgJ.exe
2976	fNqxKaX.exe
2892	tCWriWn.exe
2424	xUBahPO.exe
2864	XmfDtXo.exe
2452	ewnMGmz.exe

Loads dropped DLL 64 IoCs

pid	Process
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2568-0-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x000a0000000120d5-3.dat	upx
behavioral1/files/0x00070000000195c2-7.dat	upx
behavioral1/memory/2440-12-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2024-15-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00060000000195c4-16.dat	upx
behavioral1/files/0x00060000000195c6-22.dat	upx
behavioral1/memory/2720-23-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x00060000000195c7-32.dat	upx
behavioral1/memory/2152-34-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2568-33-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2816-29-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x00060000000195c8-36.dat	upx
behavioral1/memory/2348-39-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x000800000001945c-42.dat	upx
behavioral1/memory/2884-48-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x00070000000195cc-50.dat	upx
behavioral1/files/0x0006000000019cfc-54.dat	upx
behavioral1/memory/2168-61-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2720-57-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2672-63-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000500000001a481-66.dat	upx
behavioral1/memory/2816-72-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x000500000001a485-77.dat	upx
behavioral1/memory/1500-96-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x000500000001a48d-102.dat	upx
behavioral1/memory/2796-88-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x000500000001a48b-108.dat	upx
behavioral1/files/0x000500000001a48f-105.dat	upx
behavioral1/memory/684-101-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2348-99-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x000500000001a487-85.dat	upx
behavioral1/files/0x000500000001a489-92.dat	upx
behavioral1/memory/2328-84-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2152-81-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x000500000001a483-80.dat	upx
behavioral1/memory/2676-79-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2884-111-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x000500000001a495-121.dat	upx
behavioral1/files/0x000500000001a4a2-143.dat	upx
behavioral1/files/0x000500000001a49e-137.dat	upx
behavioral1/files/0x000500000001a499-129.dat	upx
behavioral1/files/0x000500000001a49b-132.dat	upx
behavioral1/files/0x000500000001a4a0-160.dat	upx
behavioral1/files/0x000500000001a497-156.dat	upx
behavioral1/files/0x000500000001a493-154.dat	upx
behavioral1/files/0x000500000001a4a4-146.dat	upx
behavioral1/files/0x000500000001a491-127.dat	upx
behavioral1/memory/2168-162-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x000500000001a4ab-176.dat	upx
behavioral1/files/0x000500000001a4a8-171.dat	upx
behavioral1/files/0x000500000001a4ad-185.dat	upx
behavioral1/files/0x000500000001a4af-188.dat	upx
behavioral1/files/0x000500000001a4a6-168.dat	upx
behavioral1/memory/684-1189-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2024-3440-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2720-3466-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2440-3485-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2816-3489-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2348-3501-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2152-3500-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2884-3506-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2168-3547-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2672-3578-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qJKnzLg.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozamQIf.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EntBnxz.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAjcefX.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUHlADJ.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhJCOUi.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KiqBUDZ.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMnVZQx.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmuzEyE.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIBpSDv.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhENkLd.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCVYdXi.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbkHpmU.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkslEfq.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSMQnVK.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACWsBez.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMWWNtb.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRMXTYH.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obcoinO.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCHsPcX.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJmsqLg.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaPnXpg.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVDUiId.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfmfBMj.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBErUKN.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVGYLMk.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnJvtmd.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzDeoQy.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLDOutU.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrejTVR.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCuiydV.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQetCQE.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DftoKVs.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNZmAFF.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrJyZKj.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsKVweb.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXrbqhh.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjHRIss.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaMBAKr.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRBeFjT.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKTKEFH.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsfjTco.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLeVXuI.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlIQQsP.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYSSoHo.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsccdPK.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFKheFr.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLHtSiC.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgyXHzK.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzMgvBF.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHqPDvk.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKeSEau.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUboHWH.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYlvJiW.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqAkEPx.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBgrZJP.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHWQZJb.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcxuJKX.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFjHSBf.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOSxINH.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTOWiYM.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtNsorm.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epTzucn.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEQeZoU.exe	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2440	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2568 wrote to memory of 2440	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2568 wrote to memory of 2440	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2568 wrote to memory of 2024	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2568 wrote to memory of 2024	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2568 wrote to memory of 2024	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2568 wrote to memory of 2816	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2568 wrote to memory of 2816	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2568 wrote to memory of 2816	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2568 wrote to memory of 2720	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2568 wrote to memory of 2720	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2568 wrote to memory of 2720	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2568 wrote to memory of 2152	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2568 wrote to memory of 2152	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2568 wrote to memory of 2152	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2568 wrote to memory of 2348	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2568 wrote to memory of 2348	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2568 wrote to memory of 2348	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2568 wrote to memory of 2884	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2568 wrote to memory of 2884	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2568 wrote to memory of 2884	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2568 wrote to memory of 2168	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2568 wrote to memory of 2168	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2568 wrote to memory of 2168	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2568 wrote to memory of 2672	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2568 wrote to memory of 2672	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2568 wrote to memory of 2672	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2568 wrote to memory of 2676	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2568 wrote to memory of 2676	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2568 wrote to memory of 2676	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2568 wrote to memory of 2796	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2568 wrote to memory of 2796	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2568 wrote to memory of 2796	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2568 wrote to memory of 2328	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2568 wrote to memory of 2328	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2568 wrote to memory of 2328	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2568 wrote to memory of 684	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2568 wrote to memory of 684	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2568 wrote to memory of 684	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2568 wrote to memory of 1500	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2568 wrote to memory of 1500	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2568 wrote to memory of 1500	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2568 wrote to memory of 2804	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2568 wrote to memory of 2804	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2568 wrote to memory of 2804	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2568 wrote to memory of 2148	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2568 wrote to memory of 2148	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2568 wrote to memory of 2148	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2568 wrote to memory of 1988	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2568 wrote to memory of 1988	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2568 wrote to memory of 1988	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2568 wrote to memory of 888	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2568 wrote to memory of 888	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2568 wrote to memory of 888	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2568 wrote to memory of 1104	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2568 wrote to memory of 1104	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2568 wrote to memory of 1104	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2568 wrote to memory of 2188	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2568 wrote to memory of 2188	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2568 wrote to memory of 2188	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2568 wrote to memory of 328	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2568 wrote to memory of 328	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2568 wrote to memory of 328	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2568 wrote to memory of 1848	2568	2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_02af6f6be2446672f873930d141113fd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Windows\System\PUfGfTx.exe
  C:\Windows\System\PUfGfTx.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\IGrRWqE.exe
  C:\Windows\System\IGrRWqE.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\Dvrtsqs.exe
  C:\Windows\System\Dvrtsqs.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\OJnlfqS.exe
  C:\Windows\System\OJnlfqS.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\RCHsPcX.exe
  C:\Windows\System\RCHsPcX.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\ikktyBW.exe
  C:\Windows\System\ikktyBW.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\jixROob.exe
  C:\Windows\System\jixROob.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\hzrgViR.exe
  C:\Windows\System\hzrgViR.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\eUBBror.exe
  C:\Windows\System\eUBBror.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\MaXYGKk.exe
  C:\Windows\System\MaXYGKk.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\qHPetLL.exe
  C:\Windows\System\qHPetLL.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\JZOZYVZ.exe
  C:\Windows\System\JZOZYVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\udejGbN.exe
  C:\Windows\System\udejGbN.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\ESxDvPr.exe
  C:\Windows\System\ESxDvPr.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\VBNvpaM.exe
  C:\Windows\System\VBNvpaM.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\BGKYizm.exe
  C:\Windows\System\BGKYizm.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\SuBigJC.exe
  C:\Windows\System\SuBigJC.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\LlGnOej.exe
  C:\Windows\System\LlGnOej.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\Tccjrry.exe
  C:\Windows\System\Tccjrry.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\WEQeZoU.exe
  C:\Windows\System\WEQeZoU.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\UGfvzzl.exe
  C:\Windows\System\UGfvzzl.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\HPqwaQi.exe
  C:\Windows\System\HPqwaQi.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\UukAFTm.exe
  C:\Windows\System\UukAFTm.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\nEayoMq.exe
  C:\Windows\System\nEayoMq.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\OZcIhAW.exe
  C:\Windows\System\OZcIhAW.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\oSPntqj.exe
  C:\Windows\System\oSPntqj.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\xroXzUr.exe
  C:\Windows\System\xroXzUr.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\qOcyZBU.exe
  C:\Windows\System\qOcyZBU.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\ecYBvWS.exe
  C:\Windows\System\ecYBvWS.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\tWpXsZb.exe
  C:\Windows\System\tWpXsZb.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\EmAWrYB.exe
  C:\Windows\System\EmAWrYB.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\SeJNsSi.exe
  C:\Windows\System\SeJNsSi.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\zsuAFZG.exe
  C:\Windows\System\zsuAFZG.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\qGHfdUv.exe
  C:\Windows\System\qGHfdUv.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\HuCOTmA.exe
  C:\Windows\System\HuCOTmA.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\QJmsqLg.exe
  C:\Windows\System\QJmsqLg.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\RvshykG.exe
  C:\Windows\System\RvshykG.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\lQhMSMQ.exe
  C:\Windows\System\lQhMSMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\LiUoaBb.exe
  C:\Windows\System\LiUoaBb.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ptKUpoW.exe
  C:\Windows\System\ptKUpoW.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\JztFyab.exe
  C:\Windows\System\JztFyab.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\HlxLwqi.exe
  C:\Windows\System\HlxLwqi.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\IsccdPK.exe
  C:\Windows\System\IsccdPK.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\UKNThHJ.exe
  C:\Windows\System\UKNThHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\VTJDrNj.exe
  C:\Windows\System\VTJDrNj.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\HMIMlAx.exe
  C:\Windows\System\HMIMlAx.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\iWyrvwd.exe
  C:\Windows\System\iWyrvwd.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\zcAGMWq.exe
  C:\Windows\System\zcAGMWq.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\HqzJKEC.exe
  C:\Windows\System\HqzJKEC.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\lWsKkxV.exe
  C:\Windows\System\lWsKkxV.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\TUmyxxH.exe
  C:\Windows\System\TUmyxxH.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\XYWrBKp.exe
  C:\Windows\System\XYWrBKp.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\SMAlKUo.exe
  C:\Windows\System\SMAlKUo.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\jmZMyLa.exe
  C:\Windows\System\jmZMyLa.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\gePZsJQ.exe
  C:\Windows\System\gePZsJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ewjPKkG.exe
  C:\Windows\System\ewjPKkG.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\euyUclF.exe
  C:\Windows\System\euyUclF.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\DYoZqeP.exe
  C:\Windows\System\DYoZqeP.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\LCRQNgJ.exe
  C:\Windows\System\LCRQNgJ.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\fNqxKaX.exe
  C:\Windows\System\fNqxKaX.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\tCWriWn.exe
  C:\Windows\System\tCWriWn.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\xUBahPO.exe
  C:\Windows\System\xUBahPO.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\XmfDtXo.exe
  C:\Windows\System\XmfDtXo.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\ewnMGmz.exe
  C:\Windows\System\ewnMGmz.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\aEbNFCt.exe
  C:\Windows\System\aEbNFCt.exe
  2⤵
  PID:2876
- C:\Windows\System\WMYopLE.exe
  C:\Windows\System\WMYopLE.exe
  2⤵
  PID:1504
- C:\Windows\System\yarNviv.exe
  C:\Windows\System\yarNviv.exe
  2⤵
  PID:816
- C:\Windows\System\WAOfWtD.exe
  C:\Windows\System\WAOfWtD.exe
  2⤵
  PID:1316
- C:\Windows\System\lKCcqnH.exe
  C:\Windows\System\lKCcqnH.exe
  2⤵
  PID:2652
- C:\Windows\System\MHvPXAb.exe
  C:\Windows\System\MHvPXAb.exe
  2⤵
  PID:792
- C:\Windows\System\SleCdTQ.exe
  C:\Windows\System\SleCdTQ.exe
  2⤵
  PID:2728
- C:\Windows\System\HUwAYMc.exe
  C:\Windows\System\HUwAYMc.exe
  2⤵
  PID:2900
- C:\Windows\System\caHKSXG.exe
  C:\Windows\System\caHKSXG.exe
  2⤵
  PID:2868
- C:\Windows\System\HInFhPX.exe
  C:\Windows\System\HInFhPX.exe
  2⤵
  PID:1916
- C:\Windows\System\NdjTVaL.exe
  C:\Windows\System\NdjTVaL.exe
  2⤵
  PID:548
- C:\Windows\System\iylFOiG.exe
  C:\Windows\System\iylFOiG.exe
  2⤵
  PID:1668
- C:\Windows\System\wOLaZcQ.exe
  C:\Windows\System\wOLaZcQ.exe
  2⤵
  PID:2856
- C:\Windows\System\jyROJky.exe
  C:\Windows\System\jyROJky.exe
  2⤵
  PID:2616
- C:\Windows\System\SoXQMSW.exe
  C:\Windows\System\SoXQMSW.exe
  2⤵
  PID:1740
- C:\Windows\System\wsBYNTO.exe
  C:\Windows\System\wsBYNTO.exe
  2⤵
  PID:2296
- C:\Windows\System\OPAFzcu.exe
  C:\Windows\System\OPAFzcu.exe
  2⤵
  PID:2336
- C:\Windows\System\KmWyQkv.exe
  C:\Windows\System\KmWyQkv.exe
  2⤵
  PID:648
- C:\Windows\System\CEZwiCD.exe
  C:\Windows\System\CEZwiCD.exe
  2⤵
  PID:2812
- C:\Windows\System\SawvHYu.exe
  C:\Windows\System\SawvHYu.exe
  2⤵
  PID:2504
- C:\Windows\System\dAUdfWX.exe
  C:\Windows\System\dAUdfWX.exe
  2⤵
  PID:2608
- C:\Windows\System\OfPjNSm.exe
  C:\Windows\System\OfPjNSm.exe
  2⤵
  PID:1788
- C:\Windows\System\BqtWXyE.exe
  C:\Windows\System\BqtWXyE.exe
  2⤵
  PID:1580
- C:\Windows\System\CBKuREw.exe
  C:\Windows\System\CBKuREw.exe
  2⤵
  PID:884
- C:\Windows\System\aFqPTmc.exe
  C:\Windows\System\aFqPTmc.exe
  2⤵
  PID:1912
- C:\Windows\System\GAHAAJm.exe
  C:\Windows\System\GAHAAJm.exe
  2⤵
  PID:2508
- C:\Windows\System\iRYQWGi.exe
  C:\Windows\System\iRYQWGi.exe
  2⤵
  PID:1564
- C:\Windows\System\hNacRLZ.exe
  C:\Windows\System\hNacRLZ.exe
  2⤵
  PID:1864
- C:\Windows\System\uxhghhQ.exe
  C:\Windows\System\uxhghhQ.exe
  2⤵
  PID:572
- C:\Windows\System\zIdQxnB.exe
  C:\Windows\System\zIdQxnB.exe
  2⤵
  PID:900
- C:\Windows\System\qugAwDd.exe
  C:\Windows\System\qugAwDd.exe
  2⤵
  PID:3024
- C:\Windows\System\hGybsDV.exe
  C:\Windows\System\hGybsDV.exe
  2⤵
  PID:1604
- C:\Windows\System\eYWmEVy.exe
  C:\Windows\System\eYWmEVy.exe
  2⤵
  PID:1156
- C:\Windows\System\tVEHrqk.exe
  C:\Windows\System\tVEHrqk.exe
  2⤵
  PID:2848
- C:\Windows\System\TRiiwuY.exe
  C:\Windows\System\TRiiwuY.exe
  2⤵
  PID:2012
- C:\Windows\System\wvECOWB.exe
  C:\Windows\System\wvECOWB.exe
  2⤵
  PID:2736
- C:\Windows\System\hJVAqJV.exe
  C:\Windows\System\hJVAqJV.exe
  2⤵
  PID:2704
- C:\Windows\System\izqWtzQ.exe
  C:\Windows\System\izqWtzQ.exe
  2⤵
  PID:3068
- C:\Windows\System\ErtHlqq.exe
  C:\Windows\System\ErtHlqq.exe
  2⤵
  PID:2540
- C:\Windows\System\oHmtGjl.exe
  C:\Windows\System\oHmtGjl.exe
  2⤵
  PID:2688
- C:\Windows\System\lXwMgPb.exe
  C:\Windows\System\lXwMgPb.exe
  2⤵
  PID:3056
- C:\Windows\System\ZBzagGL.exe
  C:\Windows\System\ZBzagGL.exe
  2⤵
  PID:2176
- C:\Windows\System\xImzlCB.exe
  C:\Windows\System\xImzlCB.exe
  2⤵
  PID:2852
- C:\Windows\System\bYARCno.exe
  C:\Windows\System\bYARCno.exe
  2⤵
  PID:2944
- C:\Windows\System\AYrPlfH.exe
  C:\Windows\System\AYrPlfH.exe
  2⤵
  PID:1760
- C:\Windows\System\VNkOmPN.exe
  C:\Windows\System\VNkOmPN.exe
  2⤵
  PID:2744
- C:\Windows\System\zcifjse.exe
  C:\Windows\System\zcifjse.exe
  2⤵
  PID:2088
- C:\Windows\System\aoJQTSd.exe
  C:\Windows\System\aoJQTSd.exe
  2⤵
  PID:2292
- C:\Windows\System\HmhATnJ.exe
  C:\Windows\System\HmhATnJ.exe
  2⤵
  PID:2680
- C:\Windows\System\GjQhwQZ.exe
  C:\Windows\System\GjQhwQZ.exe
  2⤵
  PID:3012
- C:\Windows\System\vlfHnqU.exe
  C:\Windows\System\vlfHnqU.exe
  2⤵
  PID:2516
- C:\Windows\System\mdQMdiD.exe
  C:\Windows\System\mdQMdiD.exe
  2⤵
  PID:1708
- C:\Windows\System\usONzaW.exe
  C:\Windows\System\usONzaW.exe
  2⤵
  PID:2612
- C:\Windows\System\qddbPRG.exe
  C:\Windows\System\qddbPRG.exe
  2⤵
  PID:2208
- C:\Windows\System\LDkdlqn.exe
  C:\Windows\System\LDkdlqn.exe
  2⤵
  PID:1388
- C:\Windows\System\XEisGlE.exe
  C:\Windows\System\XEisGlE.exe
  2⤵
  PID:2364
- C:\Windows\System\sXptJll.exe
  C:\Windows\System\sXptJll.exe
  2⤵
  PID:324
- C:\Windows\System\MguQhAl.exe
  C:\Windows\System\MguQhAl.exe
  2⤵
  PID:2084
- C:\Windows\System\DyOohlj.exe
  C:\Windows\System\DyOohlj.exe
  2⤵
  PID:2072
- C:\Windows\System\YlxoOuK.exe
  C:\Windows\System\YlxoOuK.exe
  2⤵
  PID:2388
- C:\Windows\System\KbLCfCC.exe
  C:\Windows\System\KbLCfCC.exe
  2⤵
  PID:2196
- C:\Windows\System\NjJVBft.exe
  C:\Windows\System\NjJVBft.exe
  2⤵
  PID:920
- C:\Windows\System\xxaAPSo.exe
  C:\Windows\System\xxaAPSo.exe
  2⤵
  PID:1820
- C:\Windows\System\BCFkSyE.exe
  C:\Windows\System\BCFkSyE.exe
  2⤵
  PID:2068
- C:\Windows\System\RHFXVKR.exe
  C:\Windows\System\RHFXVKR.exe
  2⤵
  PID:2916
- C:\Windows\System\ibdMyFW.exe
  C:\Windows\System\ibdMyFW.exe
  2⤵
  PID:2532
- C:\Windows\System\YmvGbUU.exe
  C:\Windows\System\YmvGbUU.exe
  2⤵
  PID:2684
- C:\Windows\System\KCLkXMo.exe
  C:\Windows\System\KCLkXMo.exe
  2⤵
  PID:1276
- C:\Windows\System\MCtdCzN.exe
  C:\Windows\System\MCtdCzN.exe
  2⤵
  PID:2200
- C:\Windows\System\dNXRnLY.exe
  C:\Windows\System\dNXRnLY.exe
  2⤵
  PID:2008
- C:\Windows\System\mqpyLSl.exe
  C:\Windows\System\mqpyLSl.exe
  2⤵
  PID:2456
- C:\Windows\System\XiRGQdL.exe
  C:\Windows\System\XiRGQdL.exe
  2⤵
  PID:844
- C:\Windows\System\PrTOUyA.exe
  C:\Windows\System\PrTOUyA.exe
  2⤵
  PID:1432
- C:\Windows\System\ZSCDtGL.exe
  C:\Windows\System\ZSCDtGL.exe
  2⤵
  PID:444
- C:\Windows\System\hECpKsE.exe
  C:\Windows\System\hECpKsE.exe
  2⤵
  PID:2280
- C:\Windows\System\TVFEqYD.exe
  C:\Windows\System\TVFEqYD.exe
  2⤵
  PID:2080
- C:\Windows\System\FIlXafs.exe
  C:\Windows\System\FIlXafs.exe
  2⤵
  PID:1992
- C:\Windows\System\wFKheFr.exe
  C:\Windows\System\wFKheFr.exe
  2⤵
  PID:1872
- C:\Windows\System\nahQxzP.exe
  C:\Windows\System\nahQxzP.exe
  2⤵
  PID:320
- C:\Windows\System\tLjIASj.exe
  C:\Windows\System\tLjIASj.exe
  2⤵
  PID:1552
- C:\Windows\System\CftwZGt.exe
  C:\Windows\System\CftwZGt.exe
  2⤵
  PID:1652
- C:\Windows\System\QQWJLII.exe
  C:\Windows\System\QQWJLII.exe
  2⤵
  PID:2360
- C:\Windows\System\vViimES.exe
  C:\Windows\System\vViimES.exe
  2⤵
  PID:2748
- C:\Windows\System\JSNrQss.exe
  C:\Windows\System\JSNrQss.exe
  2⤵
  PID:2716
- C:\Windows\System\sCIkRPX.exe
  C:\Windows\System\sCIkRPX.exe
  2⤵
  PID:344
- C:\Windows\System\hNCGHEq.exe
  C:\Windows\System\hNCGHEq.exe
  2⤵
  PID:2052
- C:\Windows\System\rVLgIlh.exe
  C:\Windows\System\rVLgIlh.exe
  2⤵
  PID:3084
- C:\Windows\System\xGtLDzv.exe
  C:\Windows\System\xGtLDzv.exe
  2⤵
  PID:3100
- C:\Windows\System\CsZRfhT.exe
  C:\Windows\System\CsZRfhT.exe
  2⤵
  PID:3116
- C:\Windows\System\CqqCbvi.exe
  C:\Windows\System\CqqCbvi.exe
  2⤵
  PID:3132
- C:\Windows\System\NnDaSak.exe
  C:\Windows\System\NnDaSak.exe
  2⤵
  PID:3148
- C:\Windows\System\tBiscMV.exe
  C:\Windows\System\tBiscMV.exe
  2⤵
  PID:3164
- C:\Windows\System\FiNYPCI.exe
  C:\Windows\System\FiNYPCI.exe
  2⤵
  PID:3180
- C:\Windows\System\CJtFpkP.exe
  C:\Windows\System\CJtFpkP.exe
  2⤵
  PID:3196
- C:\Windows\System\EAJNLHZ.exe
  C:\Windows\System\EAJNLHZ.exe
  2⤵
  PID:3212
- C:\Windows\System\QPuikmJ.exe
  C:\Windows\System\QPuikmJ.exe
  2⤵
  PID:3228
- C:\Windows\System\tCaUyoO.exe
  C:\Windows\System\tCaUyoO.exe
  2⤵
  PID:3244
- C:\Windows\System\nkVIOZm.exe
  C:\Windows\System\nkVIOZm.exe
  2⤵
  PID:3260
- C:\Windows\System\aRZsKxK.exe
  C:\Windows\System\aRZsKxK.exe
  2⤵
  PID:3276
- C:\Windows\System\BoHnFtF.exe
  C:\Windows\System\BoHnFtF.exe
  2⤵
  PID:3292
- C:\Windows\System\DXdTvgC.exe
  C:\Windows\System\DXdTvgC.exe
  2⤵
  PID:3308
- C:\Windows\System\lziciOJ.exe
  C:\Windows\System\lziciOJ.exe
  2⤵
  PID:3324
- C:\Windows\System\KBhlCXd.exe
  C:\Windows\System\KBhlCXd.exe
  2⤵
  PID:3340
- C:\Windows\System\StrQIZG.exe
  C:\Windows\System\StrQIZG.exe
  2⤵
  PID:3356
- C:\Windows\System\iIxaJwr.exe
  C:\Windows\System\iIxaJwr.exe
  2⤵
  PID:3372
- C:\Windows\System\mtwzpAG.exe
  C:\Windows\System\mtwzpAG.exe
  2⤵
  PID:3388
- C:\Windows\System\ZQjkvHN.exe
  C:\Windows\System\ZQjkvHN.exe
  2⤵
  PID:3404
- C:\Windows\System\qJdhmuD.exe
  C:\Windows\System\qJdhmuD.exe
  2⤵
  PID:3420
- C:\Windows\System\HqYdUkE.exe
  C:\Windows\System\HqYdUkE.exe
  2⤵
  PID:3436
- C:\Windows\System\zZXCqCc.exe
  C:\Windows\System\zZXCqCc.exe
  2⤵
  PID:3452
- C:\Windows\System\MxMfaJL.exe
  C:\Windows\System\MxMfaJL.exe
  2⤵
  PID:3468
- C:\Windows\System\rUhMefp.exe
  C:\Windows\System\rUhMefp.exe
  2⤵
  PID:3484
- C:\Windows\System\gRgOalg.exe
  C:\Windows\System\gRgOalg.exe
  2⤵
  PID:3500
- C:\Windows\System\VtoddKz.exe
  C:\Windows\System\VtoddKz.exe
  2⤵
  PID:3516
- C:\Windows\System\WtsWBsA.exe
  C:\Windows\System\WtsWBsA.exe
  2⤵
  PID:3532
- C:\Windows\System\mAQrLKl.exe
  C:\Windows\System\mAQrLKl.exe
  2⤵
  PID:3548
- C:\Windows\System\FUlXZCU.exe
  C:\Windows\System\FUlXZCU.exe
  2⤵
  PID:3564
- C:\Windows\System\WenRefl.exe
  C:\Windows\System\WenRefl.exe
  2⤵
  PID:3580
- C:\Windows\System\ofTJEPm.exe
  C:\Windows\System\ofTJEPm.exe
  2⤵
  PID:3596
- C:\Windows\System\nNKVuwc.exe
  C:\Windows\System\nNKVuwc.exe
  2⤵
  PID:3612
- C:\Windows\System\zHdIJWh.exe
  C:\Windows\System\zHdIJWh.exe
  2⤵
  PID:3628
- C:\Windows\System\IdHRppN.exe
  C:\Windows\System\IdHRppN.exe
  2⤵
  PID:3644
- C:\Windows\System\WLYUtlM.exe
  C:\Windows\System\WLYUtlM.exe
  2⤵
  PID:3660
- C:\Windows\System\uaRuRqE.exe
  C:\Windows\System\uaRuRqE.exe
  2⤵
  PID:3676
- C:\Windows\System\egfjjUa.exe
  C:\Windows\System\egfjjUa.exe
  2⤵
  PID:3692
- C:\Windows\System\yQHvgWN.exe
  C:\Windows\System\yQHvgWN.exe
  2⤵
  PID:3708
- C:\Windows\System\neJFDSM.exe
  C:\Windows\System\neJFDSM.exe
  2⤵
  PID:3724
- C:\Windows\System\aBDaGJH.exe
  C:\Windows\System\aBDaGJH.exe
  2⤵
  PID:3740
- C:\Windows\System\VgNwMtZ.exe
  C:\Windows\System\VgNwMtZ.exe
  2⤵
  PID:3756
- C:\Windows\System\haCyXyd.exe
  C:\Windows\System\haCyXyd.exe
  2⤵
  PID:3772
- C:\Windows\System\IymETEX.exe
  C:\Windows\System\IymETEX.exe
  2⤵
  PID:3788
- C:\Windows\System\YqpBMHQ.exe
  C:\Windows\System\YqpBMHQ.exe
  2⤵
  PID:3804
- C:\Windows\System\uaPnXpg.exe
  C:\Windows\System\uaPnXpg.exe
  2⤵
  PID:3820
- C:\Windows\System\ARiGmmI.exe
  C:\Windows\System\ARiGmmI.exe
  2⤵
  PID:3836
- C:\Windows\System\OyBSchm.exe
  C:\Windows\System\OyBSchm.exe
  2⤵
  PID:3852
- C:\Windows\System\fMtZgDF.exe
  C:\Windows\System\fMtZgDF.exe
  2⤵
  PID:3868
- C:\Windows\System\emlyRpe.exe
  C:\Windows\System\emlyRpe.exe
  2⤵
  PID:3884
- C:\Windows\System\uMJOWXt.exe
  C:\Windows\System\uMJOWXt.exe
  2⤵
  PID:3900
- C:\Windows\System\hGloLoL.exe
  C:\Windows\System\hGloLoL.exe
  2⤵
  PID:3916
- C:\Windows\System\puTGSSb.exe
  C:\Windows\System\puTGSSb.exe
  2⤵
  PID:3932
- C:\Windows\System\lCJtbZn.exe
  C:\Windows\System\lCJtbZn.exe
  2⤵
  PID:3948
- C:\Windows\System\giabpSo.exe
  C:\Windows\System\giabpSo.exe
  2⤵
  PID:3964
- C:\Windows\System\IxaEhXc.exe
  C:\Windows\System\IxaEhXc.exe
  2⤵
  PID:3980
- C:\Windows\System\KdRyvbz.exe
  C:\Windows\System\KdRyvbz.exe
  2⤵
  PID:3996
- C:\Windows\System\HEbeeNr.exe
  C:\Windows\System\HEbeeNr.exe
  2⤵
  PID:4016
- C:\Windows\System\IOlmSyn.exe
  C:\Windows\System\IOlmSyn.exe
  2⤵
  PID:4032
- C:\Windows\System\zqSibzq.exe
  C:\Windows\System\zqSibzq.exe
  2⤵
  PID:4048
- C:\Windows\System\WgnKskR.exe
  C:\Windows\System\WgnKskR.exe
  2⤵
  PID:4064
- C:\Windows\System\ygwlbSN.exe
  C:\Windows\System\ygwlbSN.exe
  2⤵
  PID:4080
- C:\Windows\System\JZDTrit.exe
  C:\Windows\System\JZDTrit.exe
  2⤵
  PID:1372
- C:\Windows\System\RqTOjYd.exe
  C:\Windows\System\RqTOjYd.exe
  2⤵
  PID:2096
- C:\Windows\System\BComyXU.exe
  C:\Windows\System\BComyXU.exe
  2⤵
  PID:2180
- C:\Windows\System\wseGDQY.exe
  C:\Windows\System\wseGDQY.exe
  2⤵
  PID:1100
- C:\Windows\System\xctRvfp.exe
  C:\Windows\System\xctRvfp.exe
  2⤵
  PID:2860
- C:\Windows\System\jCDandj.exe
  C:\Windows\System\jCDandj.exe
  2⤵
  PID:696
- C:\Windows\System\BYXwyGZ.exe
  C:\Windows\System\BYXwyGZ.exe
  2⤵
  PID:2628
- C:\Windows\System\qLlZvIx.exe
  C:\Windows\System\qLlZvIx.exe
  2⤵
  PID:3108
- C:\Windows\System\ZLAFLlo.exe
  C:\Windows\System\ZLAFLlo.exe
  2⤵
  PID:3128
- C:\Windows\System\XoYhESB.exe
  C:\Windows\System\XoYhESB.exe
  2⤵
  PID:3160
- C:\Windows\System\lfqvJTb.exe
  C:\Windows\System\lfqvJTb.exe
  2⤵
  PID:3188
- C:\Windows\System\VKxNSQx.exe
  C:\Windows\System\VKxNSQx.exe
  2⤵
  PID:3236
- C:\Windows\System\rLRilvK.exe
  C:\Windows\System\rLRilvK.exe
  2⤵
  PID:3252
- C:\Windows\System\sYlvJiW.exe
  C:\Windows\System\sYlvJiW.exe
  2⤵
  PID:3300
- C:\Windows\System\CrdDnkh.exe
  C:\Windows\System\CrdDnkh.exe
  2⤵
  PID:3316
- C:\Windows\System\glNUIWA.exe
  C:\Windows\System\glNUIWA.exe
  2⤵
  PID:3364
- C:\Windows\System\ACLoeFh.exe
  C:\Windows\System\ACLoeFh.exe
  2⤵
  PID:3380
- C:\Windows\System\xtGuZVs.exe
  C:\Windows\System\xtGuZVs.exe
  2⤵
  PID:3412
- C:\Windows\System\GTPnPkM.exe
  C:\Windows\System\GTPnPkM.exe
  2⤵
  PID:3444
- C:\Windows\System\zAjXlxT.exe
  C:\Windows\System\zAjXlxT.exe
  2⤵
  PID:3448
- C:\Windows\System\KetsasH.exe
  C:\Windows\System\KetsasH.exe
  2⤵
  PID:3480
- C:\Windows\System\MpElQae.exe
  C:\Windows\System\MpElQae.exe
  2⤵
  PID:3512
- C:\Windows\System\jrQVNao.exe
  C:\Windows\System\jrQVNao.exe
  2⤵
  PID:3560
- C:\Windows\System\rwNXTKf.exe
  C:\Windows\System\rwNXTKf.exe
  2⤵
  PID:1940
- C:\Windows\System\DfrOlqU.exe
  C:\Windows\System\DfrOlqU.exe
  2⤵
  PID:3604
- C:\Windows\System\CDjSblk.exe
  C:\Windows\System\CDjSblk.exe
  2⤵
  PID:3624
- C:\Windows\System\qlYsCzb.exe
  C:\Windows\System\qlYsCzb.exe
  2⤵
  PID:3656
- C:\Windows\System\RNtEoQO.exe
  C:\Windows\System\RNtEoQO.exe
  2⤵
  PID:3688
- C:\Windows\System\fTzvGVH.exe
  C:\Windows\System\fTzvGVH.exe
  2⤵
  PID:3720
- C:\Windows\System\jOMKDpZ.exe
  C:\Windows\System\jOMKDpZ.exe
  2⤵
  PID:3752
- C:\Windows\System\bdmmwKO.exe
  C:\Windows\System\bdmmwKO.exe
  2⤵
  PID:3784
- C:\Windows\System\KYiOLgV.exe
  C:\Windows\System\KYiOLgV.exe
  2⤵
  PID:3816
- C:\Windows\System\imqDUZY.exe
  C:\Windows\System\imqDUZY.exe
  2⤵
  PID:3848
- C:\Windows\System\wpMHXsg.exe
  C:\Windows\System\wpMHXsg.exe
  2⤵
  PID:3880
- C:\Windows\System\lGYALyJ.exe
  C:\Windows\System\lGYALyJ.exe
  2⤵
  PID:3912
- C:\Windows\System\TUnPUbZ.exe
  C:\Windows\System\TUnPUbZ.exe
  2⤵
  PID:3944
- C:\Windows\System\uZvjpwu.exe
  C:\Windows\System\uZvjpwu.exe
  2⤵
  PID:3976
- C:\Windows\System\DPAimat.exe
  C:\Windows\System\DPAimat.exe
  2⤵
  PID:2312
- C:\Windows\System\JiTzKaO.exe
  C:\Windows\System\JiTzKaO.exe
  2⤵
  PID:4028
- C:\Windows\System\ddechEJ.exe
  C:\Windows\System\ddechEJ.exe
  2⤵
  PID:4060
- C:\Windows\System\zQqJZeg.exe
  C:\Windows\System\zQqJZeg.exe
  2⤵
  PID:4092
- C:\Windows\System\rBvlCtE.exe
  C:\Windows\System\rBvlCtE.exe
  2⤵
  PID:2556
- C:\Windows\System\PXZZrhk.exe
  C:\Windows\System\PXZZrhk.exe
  2⤵
  PID:3048
- C:\Windows\System\WbOFVds.exe
  C:\Windows\System\WbOFVds.exe
  2⤵
  PID:3076
- C:\Windows\System\GRmtMdK.exe
  C:\Windows\System\GRmtMdK.exe
  2⤵
  PID:3124
- C:\Windows\System\HBxHAaj.exe
  C:\Windows\System\HBxHAaj.exe
  2⤵
  PID:3176
- C:\Windows\System\xwZkuCw.exe
  C:\Windows\System\xwZkuCw.exe
  2⤵
  PID:3208
- C:\Windows\System\SqFKUWV.exe
  C:\Windows\System\SqFKUWV.exe
  2⤵
  PID:3288
- C:\Windows\System\bXBGjRL.exe
  C:\Windows\System\bXBGjRL.exe
  2⤵
  PID:3352
- C:\Windows\System\rbXcDpq.exe
  C:\Windows\System\rbXcDpq.exe
  2⤵
  PID:3416
- C:\Windows\System\xqFOhkA.exe
  C:\Windows\System\xqFOhkA.exe
  2⤵
  PID:3492
- C:\Windows\System\qLcYssv.exe
  C:\Windows\System\qLcYssv.exe
  2⤵
  PID:3540
- C:\Windows\System\pOPSXLo.exe
  C:\Windows\System\pOPSXLo.exe
  2⤵
  PID:3576
- C:\Windows\System\jpwUqOf.exe
  C:\Windows\System\jpwUqOf.exe
  2⤵
  PID:3640
- C:\Windows\System\ceiXjwP.exe
  C:\Windows\System\ceiXjwP.exe
  2⤵
  PID:3672
- C:\Windows\System\HgOwwoy.exe
  C:\Windows\System\HgOwwoy.exe
  2⤵
  PID:3748
- C:\Windows\System\Gxyprkx.exe
  C:\Windows\System\Gxyprkx.exe
  2⤵
  PID:3812
- C:\Windows\System\XrYDwgM.exe
  C:\Windows\System\XrYDwgM.exe
  2⤵
  PID:3864
- C:\Windows\System\dknJnRX.exe
  C:\Windows\System\dknJnRX.exe
  2⤵
  PID:3928
- C:\Windows\System\hAnTZjJ.exe
  C:\Windows\System\hAnTZjJ.exe
  2⤵
  PID:1516
- C:\Windows\System\UwlIqeP.exe
  C:\Windows\System\UwlIqeP.exe
  2⤵
  PID:4024
- C:\Windows\System\yaGeAZk.exe
  C:\Windows\System\yaGeAZk.exe
  2⤵
  PID:4088
- C:\Windows\System\XwoInIS.exe
  C:\Windows\System\XwoInIS.exe
  2⤵
  PID:2632
- C:\Windows\System\rqQSRbM.exe
  C:\Windows\System\rqQSRbM.exe
  2⤵
  PID:3092
- C:\Windows\System\lUBMKID.exe
  C:\Windows\System\lUBMKID.exe
  2⤵
  PID:3140
- C:\Windows\System\dxoikYS.exe
  C:\Windows\System\dxoikYS.exe
  2⤵
  PID:3240
- C:\Windows\System\xTHplRW.exe
  C:\Windows\System\xTHplRW.exe
  2⤵
  PID:3336
- C:\Windows\System\ODhqsre.exe
  C:\Windows\System\ODhqsre.exe
  2⤵
  PID:3464
- C:\Windows\System\XHDufRl.exe
  C:\Windows\System\XHDufRl.exe
  2⤵
  PID:1240
- C:\Windows\System\AIxWoFX.exe
  C:\Windows\System\AIxWoFX.exe
  2⤵
  PID:3652
- C:\Windows\System\yJCXTYB.exe
  C:\Windows\System\yJCXTYB.exe
  2⤵
  PID:3768
- C:\Windows\System\SsYwyuh.exe
  C:\Windows\System\SsYwyuh.exe
  2⤵
  PID:3896
- C:\Windows\System\MvsgTXZ.exe
  C:\Windows\System\MvsgTXZ.exe
  2⤵
  PID:2932
- C:\Windows\System\ueohBqh.exe
  C:\Windows\System\ueohBqh.exe
  2⤵
  PID:776
- C:\Windows\System\wspMGOe.exe
  C:\Windows\System\wspMGOe.exe
  2⤵
  PID:2236
- C:\Windows\System\WQdwhgB.exe
  C:\Windows\System\WQdwhgB.exe
  2⤵
  PID:3396
- C:\Windows\System\yCJJdHA.exe
  C:\Windows\System\yCJJdHA.exe
  2⤵
  PID:3684
- C:\Windows\System\okkmMVX.exe
  C:\Windows\System\okkmMVX.exe
  2⤵
  PID:4104
- C:\Windows\System\ZwvmXLZ.exe
  C:\Windows\System\ZwvmXLZ.exe
  2⤵
  PID:4120
- C:\Windows\System\bQZNtZX.exe
  C:\Windows\System\bQZNtZX.exe
  2⤵
  PID:4136
- C:\Windows\System\PTNslUA.exe
  C:\Windows\System\PTNslUA.exe
  2⤵
  PID:4152
- C:\Windows\System\AERasuu.exe
  C:\Windows\System\AERasuu.exe
  2⤵
  PID:4168
- C:\Windows\System\VRGwWCQ.exe
  C:\Windows\System\VRGwWCQ.exe
  2⤵
  PID:4184
- C:\Windows\System\RPQnMyW.exe
  C:\Windows\System\RPQnMyW.exe
  2⤵
  PID:4200
- C:\Windows\System\RuhzHHp.exe
  C:\Windows\System\RuhzHHp.exe
  2⤵
  PID:4216
- C:\Windows\System\hFlEnTR.exe
  C:\Windows\System\hFlEnTR.exe
  2⤵
  PID:4232
- C:\Windows\System\MvIQueO.exe
  C:\Windows\System\MvIQueO.exe
  2⤵
  PID:4248
- C:\Windows\System\zaFiXjw.exe
  C:\Windows\System\zaFiXjw.exe
  2⤵
  PID:4264
- C:\Windows\System\aroEWhi.exe
  C:\Windows\System\aroEWhi.exe
  2⤵
  PID:4280
- C:\Windows\System\pQEdbWM.exe
  C:\Windows\System\pQEdbWM.exe
  2⤵
  PID:4296
- C:\Windows\System\tukivpL.exe
  C:\Windows\System\tukivpL.exe
  2⤵
  PID:4312
- C:\Windows\System\bIkFBDA.exe
  C:\Windows\System\bIkFBDA.exe
  2⤵
  PID:4328
- C:\Windows\System\LVGxceM.exe
  C:\Windows\System\LVGxceM.exe
  2⤵
  PID:4344
- C:\Windows\System\XDgDnPP.exe
  C:\Windows\System\XDgDnPP.exe
  2⤵
  PID:4360
- C:\Windows\System\BlNIoGb.exe
  C:\Windows\System\BlNIoGb.exe
  2⤵
  PID:4376
- C:\Windows\System\ioAqVIP.exe
  C:\Windows\System\ioAqVIP.exe
  2⤵
  PID:4392
- C:\Windows\System\mXbTYPS.exe
  C:\Windows\System\mXbTYPS.exe
  2⤵
  PID:4408
- C:\Windows\System\SRuFcma.exe
  C:\Windows\System\SRuFcma.exe
  2⤵
  PID:4424
- C:\Windows\System\WDLUIVR.exe
  C:\Windows\System\WDLUIVR.exe
  2⤵
  PID:4440
- C:\Windows\System\LgbNNog.exe
  C:\Windows\System\LgbNNog.exe
  2⤵
  PID:4456
- C:\Windows\System\TZLuuVJ.exe
  C:\Windows\System\TZLuuVJ.exe
  2⤵
  PID:4508
- C:\Windows\System\vwVxYKF.exe
  C:\Windows\System\vwVxYKF.exe
  2⤵
  PID:4532
- C:\Windows\System\UEbEqGX.exe
  C:\Windows\System\UEbEqGX.exe
  2⤵
  PID:4556
- C:\Windows\System\umSvTmJ.exe
  C:\Windows\System\umSvTmJ.exe
  2⤵
  PID:4580
- C:\Windows\System\BNXFhRu.exe
  C:\Windows\System\BNXFhRu.exe
  2⤵
  PID:4600
- C:\Windows\System\qaScshv.exe
  C:\Windows\System\qaScshv.exe
  2⤵
  PID:4616
- C:\Windows\System\FKupFLC.exe
  C:\Windows\System\FKupFLC.exe
  2⤵
  PID:4632
- C:\Windows\System\ngdQOJT.exe
  C:\Windows\System\ngdQOJT.exe
  2⤵
  PID:4648
- C:\Windows\System\WgGEuyx.exe
  C:\Windows\System\WgGEuyx.exe
  2⤵
  PID:4664
- C:\Windows\System\lxMAFKp.exe
  C:\Windows\System\lxMAFKp.exe
  2⤵
  PID:4684
- C:\Windows\System\YXfXYtU.exe
  C:\Windows\System\YXfXYtU.exe
  2⤵
  PID:4700
- C:\Windows\System\cSuGyFD.exe
  C:\Windows\System\cSuGyFD.exe
  2⤵
  PID:4716
- C:\Windows\System\zjXFHdr.exe
  C:\Windows\System\zjXFHdr.exe
  2⤵
  PID:4920
- C:\Windows\System\dzDeoQy.exe
  C:\Windows\System\dzDeoQy.exe
  2⤵
  PID:5028
- C:\Windows\System\FcYjinU.exe
  C:\Windows\System\FcYjinU.exe
  2⤵
  PID:5044
- C:\Windows\System\iaFSiXc.exe
  C:\Windows\System\iaFSiXc.exe
  2⤵
  PID:5060
- C:\Windows\System\iVpPNop.exe
  C:\Windows\System\iVpPNop.exe
  2⤵
  PID:5084
- C:\Windows\System\nPTZYjB.exe
  C:\Windows\System\nPTZYjB.exe
  2⤵
  PID:5100
- C:\Windows\System\bLbPIWK.exe
  C:\Windows\System\bLbPIWK.exe
  2⤵
  PID:5116
- C:\Windows\System\IeusDyA.exe
  C:\Windows\System\IeusDyA.exe
  2⤵
  PID:1404
- C:\Windows\System\oGNBouS.exe
  C:\Windows\System\oGNBouS.exe
  2⤵
  PID:2268
- C:\Windows\System\iSrABYh.exe
  C:\Windows\System\iSrABYh.exe
  2⤵
  PID:3432
- C:\Windows\System\ezcCYWC.exe
  C:\Windows\System\ezcCYWC.exe
  2⤵
  PID:4100
- C:\Windows\System\fKUYfyr.exe
  C:\Windows\System\fKUYfyr.exe
  2⤵
  PID:4128
- C:\Windows\System\VXrbqhh.exe
  C:\Windows\System\VXrbqhh.exe
  2⤵
  PID:4148
- C:\Windows\System\LXGAJkj.exe
  C:\Windows\System\LXGAJkj.exe
  2⤵
  PID:4192
- C:\Windows\System\ozamQIf.exe
  C:\Windows\System\ozamQIf.exe
  2⤵
  PID:1288
- C:\Windows\System\nlLkoOl.exe
  C:\Windows\System\nlLkoOl.exe
  2⤵
  PID:992
- C:\Windows\System\moxQgjO.exe
  C:\Windows\System\moxQgjO.exe
  2⤵
  PID:4288
- C:\Windows\System\sOLFlXq.exe
  C:\Windows\System\sOLFlXq.exe
  2⤵
  PID:4324
- C:\Windows\System\ngFuoKW.exe
  C:\Windows\System\ngFuoKW.exe
  2⤵
  PID:4384
- C:\Windows\System\IHNOpaT.exe
  C:\Windows\System\IHNOpaT.exe
  2⤵
  PID:4404
- C:\Windows\System\nNFvhZG.exe
  C:\Windows\System\nNFvhZG.exe
  2⤵
  PID:4452
- C:\Windows\System\jjocGga.exe
  C:\Windows\System\jjocGga.exe
  2⤵
  PID:4480
- C:\Windows\System\rsqNKiE.exe
  C:\Windows\System\rsqNKiE.exe
  2⤵
  PID:4544
- C:\Windows\System\MhrLXVu.exe
  C:\Windows\System\MhrLXVu.exe
  2⤵
  PID:4640
- C:\Windows\System\paqurdd.exe
  C:\Windows\System\paqurdd.exe
  2⤵
  PID:4680
- C:\Windows\System\qmuzEyE.exe
  C:\Windows\System\qmuzEyE.exe
  2⤵
  PID:4660
- C:\Windows\System\GNgfwIb.exe
  C:\Windows\System\GNgfwIb.exe
  2⤵
  PID:4728
- C:\Windows\System\vcnPDMP.exe
  C:\Windows\System\vcnPDMP.exe
  2⤵
  PID:4764
- C:\Windows\System\LllahVI.exe
  C:\Windows\System\LllahVI.exe
  2⤵
  PID:1340
- C:\Windows\System\rUybwnK.exe
  C:\Windows\System\rUybwnK.exe
  2⤵
  PID:4844
- C:\Windows\System\jrwslGt.exe
  C:\Windows\System\jrwslGt.exe
  2⤵
  PID:4868
- C:\Windows\System\NCwAfLR.exe
  C:\Windows\System\NCwAfLR.exe
  2⤵
  PID:4888
- C:\Windows\System\nOOumEf.exe
  C:\Windows\System\nOOumEf.exe
  2⤵
  PID:4908
- C:\Windows\System\gJydhQo.exe
  C:\Windows\System\gJydhQo.exe
  2⤵
  PID:4936
- C:\Windows\System\HvxWmCt.exe
  C:\Windows\System\HvxWmCt.exe
  2⤵
  PID:4976
- C:\Windows\System\YrZStbl.exe
  C:\Windows\System\YrZStbl.exe
  2⤵
  PID:4960
- C:\Windows\System\mnRKyHN.exe
  C:\Windows\System\mnRKyHN.exe
  2⤵
  PID:5072
- C:\Windows\System\lahwyOC.exe
  C:\Windows\System\lahwyOC.exe
  2⤵
  PID:5016
- C:\Windows\System\SiWWquL.exe
  C:\Windows\System\SiWWquL.exe
  2⤵
  PID:5052
- C:\Windows\System\xcFHwhW.exe
  C:\Windows\System\xcFHwhW.exe
  2⤵
  PID:4144
- C:\Windows\System\TpfyGtR.exe
  C:\Windows\System\TpfyGtR.exe
  2⤵
  PID:4176
- C:\Windows\System\wWqCiXw.exe
  C:\Windows\System\wWqCiXw.exe
  2⤵
  PID:2396
- C:\Windows\System\dnXhERw.exe
  C:\Windows\System\dnXhERw.exe
  2⤵
  PID:2724
- C:\Windows\System\edgEIGa.exe
  C:\Windows\System\edgEIGa.exe
  2⤵
  PID:4336
- C:\Windows\System\achNDyb.exe
  C:\Windows\System\achNDyb.exe
  2⤵
  PID:2056
- C:\Windows\System\tsftLcr.exe
  C:\Windows\System\tsftLcr.exe
  2⤵
  PID:4432
- C:\Windows\System\KSGdWLf.exe
  C:\Windows\System\KSGdWLf.exe
  2⤵
  PID:4400
- C:\Windows\System\hpVfVGL.exe
  C:\Windows\System\hpVfVGL.exe
  2⤵
  PID:1524
- C:\Windows\System\snaXLGF.exe
  C:\Windows\System\snaXLGF.exe
  2⤵
  PID:4824
- C:\Windows\System\sQaibDI.exe
  C:\Windows\System\sQaibDI.exe
  2⤵
  PID:4832
- C:\Windows\System\BgllSnW.exe
  C:\Windows\System\BgllSnW.exe
  2⤵
  PID:4948
- C:\Windows\System\sxMecBP.exe
  C:\Windows\System\sxMecBP.exe
  2⤵
  PID:4872
- C:\Windows\System\LWPCPAF.exe
  C:\Windows\System\LWPCPAF.exe
  2⤵
  PID:4912
- C:\Windows\System\VNhZigi.exe
  C:\Windows\System\VNhZigi.exe
  2⤵
  PID:5012
- C:\Windows\System\EEMsEWk.exe
  C:\Windows\System\EEMsEWk.exe
  2⤵
  PID:4956
- C:\Windows\System\CLoPqiH.exe
  C:\Windows\System\CLoPqiH.exe
  2⤵
  PID:3496
- C:\Windows\System\UhGhsdR.exe
  C:\Windows\System\UhGhsdR.exe
  2⤵
  PID:5108
- C:\Windows\System\TlnmQta.exe
  C:\Windows\System\TlnmQta.exe
  2⤵
  PID:3204
- C:\Windows\System\zFnqvga.exe
  C:\Windows\System\zFnqvga.exe
  2⤵
  PID:2400
- C:\Windows\System\kgSjdda.exe
  C:\Windows\System\kgSjdda.exe
  2⤵
  PID:4244
- C:\Windows\System\tImtptB.exe
  C:\Windows\System\tImtptB.exe
  2⤵
  PID:4260
- C:\Windows\System\ZZmVvsV.exe
  C:\Windows\System\ZZmVvsV.exe
  2⤵
  PID:4388
- C:\Windows\System\TmaVkpr.exe
  C:\Windows\System\TmaVkpr.exe
  2⤵
  PID:4540
- C:\Windows\System\qnnfRtb.exe
  C:\Windows\System\qnnfRtb.exe
  2⤵
  PID:4672
- C:\Windows\System\MBeXOgW.exe
  C:\Windows\System\MBeXOgW.exe
  2⤵
  PID:4468
- C:\Windows\System\zhkvxAC.exe
  C:\Windows\System\zhkvxAC.exe
  2⤵
  PID:1332
- C:\Windows\System\EGflkAm.exe
  C:\Windows\System\EGflkAm.exe
  2⤵
  PID:4416
- C:\Windows\System\zYUqaKB.exe
  C:\Windows\System\zYUqaKB.exe
  2⤵
  PID:4592
- C:\Windows\System\jjHRIss.exe
  C:\Windows\System\jjHRIss.exe
  2⤵
  PID:4708
- C:\Windows\System\CSNYMtQ.exe
  C:\Windows\System\CSNYMtQ.exe
  2⤵
  PID:4780
- C:\Windows\System\XLuDbIp.exe
  C:\Windows\System\XLuDbIp.exe
  2⤵
  PID:4012
- C:\Windows\System\ngWpCiX.exe
  C:\Windows\System\ngWpCiX.exe
  2⤵
  PID:4744
- C:\Windows\System\DxZcvvq.exe
  C:\Windows\System\DxZcvvq.exe
  2⤵
  PID:4752
- C:\Windows\System\ZAERlxo.exe
  C:\Windows\System\ZAERlxo.exe
  2⤵
  PID:4804
- C:\Windows\System\KKUTeqa.exe
  C:\Windows\System\KKUTeqa.exe
  2⤵
  PID:4816
- C:\Windows\System\udjznBx.exe
  C:\Windows\System\udjznBx.exe
  2⤵
  PID:4896
- C:\Windows\System\eJCzHRF.exe
  C:\Windows\System\eJCzHRF.exe
  2⤵
  PID:4884
- C:\Windows\System\PYNjDGc.exe
  C:\Windows\System\PYNjDGc.exe
  2⤵
  PID:1928
- C:\Windows\System\zwdWYFj.exe
  C:\Windows\System\zwdWYFj.exe
  2⤵
  PID:672
- C:\Windows\System\VLmcoMI.exe
  C:\Windows\System\VLmcoMI.exe
  2⤵
  PID:4748
- C:\Windows\System\nLCPotP.exe
  C:\Windows\System\nLCPotP.exe
  2⤵
  PID:4496
- C:\Windows\System\VqAkEPx.exe
  C:\Windows\System\VqAkEPx.exe
  2⤵
  PID:5096
- C:\Windows\System\kmrLhUM.exe
  C:\Windows\System\kmrLhUM.exe
  2⤵
  PID:4992
- C:\Windows\System\TefsgeH.exe
  C:\Windows\System\TefsgeH.exe
  2⤵
  PID:3096
- C:\Windows\System\KoPuOvZ.exe
  C:\Windows\System\KoPuOvZ.exe
  2⤵
  PID:4228
- C:\Windows\System\ZCmugJS.exe
  C:\Windows\System\ZCmugJS.exe
  2⤵
  PID:4320
- C:\Windows\System\xhcvAYP.exe
  C:\Windows\System\xhcvAYP.exe
  2⤵
  PID:4492
- C:\Windows\System\mimnYGU.exe
  C:\Windows\System\mimnYGU.exe
  2⤵
  PID:4612
- C:\Windows\System\uTZrsml.exe
  C:\Windows\System\uTZrsml.exe
  2⤵
  PID:4788
- C:\Windows\System\LUiNNiq.exe
  C:\Windows\System\LUiNNiq.exe
  2⤵
  PID:4820
- C:\Windows\System\HWriTkG.exe
  C:\Windows\System\HWriTkG.exe
  2⤵
  PID:4756
- C:\Windows\System\SGranQm.exe
  C:\Windows\System\SGranQm.exe
  2⤵
  PID:2076
- C:\Windows\System\PUMvClV.exe
  C:\Windows\System\PUMvClV.exe
  2⤵
  PID:1796
- C:\Windows\System\cMoxYiq.exe
  C:\Windows\System\cMoxYiq.exe
  2⤵
  PID:4272
- C:\Windows\System\vMaJfus.exe
  C:\Windows\System\vMaJfus.exe
  2⤵
  PID:5132
- C:\Windows\System\OFvcWbU.exe
  C:\Windows\System\OFvcWbU.exe
  2⤵
  PID:5148
- C:\Windows\System\sfAMWju.exe
  C:\Windows\System\sfAMWju.exe
  2⤵
  PID:5168
- C:\Windows\System\JvQbYxN.exe
  C:\Windows\System\JvQbYxN.exe
  2⤵
  PID:5184
- C:\Windows\System\chchexg.exe
  C:\Windows\System\chchexg.exe
  2⤵
  PID:5204
- C:\Windows\System\XhBYNoQ.exe
  C:\Windows\System\XhBYNoQ.exe
  2⤵
  PID:5256
- C:\Windows\System\NjQfByv.exe
  C:\Windows\System\NjQfByv.exe
  2⤵
  PID:5276
- C:\Windows\System\XHZJuLs.exe
  C:\Windows\System\XHZJuLs.exe
  2⤵
  PID:5300
- C:\Windows\System\EDqjoGk.exe
  C:\Windows\System\EDqjoGk.exe
  2⤵
  PID:5320
- C:\Windows\System\qHpFRSW.exe
  C:\Windows\System\qHpFRSW.exe
  2⤵
  PID:5340
- C:\Windows\System\EBgrZJP.exe
  C:\Windows\System\EBgrZJP.exe
  2⤵
  PID:5356
- C:\Windows\System\svOOjgs.exe
  C:\Windows\System\svOOjgs.exe
  2⤵
  PID:5376
- C:\Windows\System\xIBpSDv.exe
  C:\Windows\System\xIBpSDv.exe
  2⤵
  PID:5400
- C:\Windows\System\ZguPyVT.exe
  C:\Windows\System\ZguPyVT.exe
  2⤵
  PID:5416
- C:\Windows\System\sKTCOos.exe
  C:\Windows\System\sKTCOos.exe
  2⤵
  PID:5440
- C:\Windows\System\nVmZHXN.exe
  C:\Windows\System\nVmZHXN.exe
  2⤵
  PID:5456
- C:\Windows\System\xKQlvfD.exe
  C:\Windows\System\xKQlvfD.exe
  2⤵
  PID:5480
- C:\Windows\System\StilRyw.exe
  C:\Windows\System\StilRyw.exe
  2⤵
  PID:5500
- C:\Windows\System\mVKtVta.exe
  C:\Windows\System\mVKtVta.exe
  2⤵
  PID:5520
- C:\Windows\System\nYcmulp.exe
  C:\Windows\System\nYcmulp.exe
  2⤵
  PID:5540
- C:\Windows\System\DdzYZOc.exe
  C:\Windows\System\DdzYZOc.exe
  2⤵
  PID:5556
- C:\Windows\System\WRrGjfh.exe
  C:\Windows\System\WRrGjfh.exe
  2⤵
  PID:5576
- C:\Windows\System\RHrPqhf.exe
  C:\Windows\System\RHrPqhf.exe
  2⤵
  PID:5596
- C:\Windows\System\DeBmFol.exe
  C:\Windows\System\DeBmFol.exe
  2⤵
  PID:5612
- C:\Windows\System\oXviVeZ.exe
  C:\Windows\System\oXviVeZ.exe
  2⤵
  PID:5640
- C:\Windows\System\cprghRW.exe
  C:\Windows\System\cprghRW.exe
  2⤵
  PID:5656
- C:\Windows\System\nHWQZJb.exe
  C:\Windows\System\nHWQZJb.exe
  2⤵
  PID:5672
- C:\Windows\System\ArJnntB.exe
  C:\Windows\System\ArJnntB.exe
  2⤵
  PID:5688
- C:\Windows\System\HAbkqbH.exe
  C:\Windows\System\HAbkqbH.exe
  2⤵
  PID:5704
- C:\Windows\System\vFowaZg.exe
  C:\Windows\System\vFowaZg.exe
  2⤵
  PID:5744
- C:\Windows\System\CzBPZGf.exe
  C:\Windows\System\CzBPZGf.exe
  2⤵
  PID:5760
- C:\Windows\System\oWskqxC.exe
  C:\Windows\System\oWskqxC.exe
  2⤵
  PID:5780
- C:\Windows\System\LyrqiUi.exe
  C:\Windows\System\LyrqiUi.exe
  2⤵
  PID:5800
- C:\Windows\System\yvUmQct.exe
  C:\Windows\System\yvUmQct.exe
  2⤵
  PID:5820
- C:\Windows\System\xBjlHYI.exe
  C:\Windows\System\xBjlHYI.exe
  2⤵
  PID:5840
- C:\Windows\System\OlLyckt.exe
  C:\Windows\System\OlLyckt.exe
  2⤵
  PID:5860
- C:\Windows\System\WMeZznO.exe
  C:\Windows\System\WMeZznO.exe
  2⤵
  PID:5876
- C:\Windows\System\VrwqtFG.exe
  C:\Windows\System\VrwqtFG.exe
  2⤵
  PID:5900
- C:\Windows\System\GyMNjdZ.exe
  C:\Windows\System\GyMNjdZ.exe
  2⤵
  PID:5920
- C:\Windows\System\cNyLgpN.exe
  C:\Windows\System\cNyLgpN.exe
  2⤵
  PID:5940
- C:\Windows\System\sZCZVKc.exe
  C:\Windows\System\sZCZVKc.exe
  2⤵
  PID:5960
- C:\Windows\System\hzVjpIc.exe
  C:\Windows\System\hzVjpIc.exe
  2⤵
  PID:5984
- C:\Windows\System\CSOnlBK.exe
  C:\Windows\System\CSOnlBK.exe
  2⤵
  PID:6000
- C:\Windows\System\dwTdoKg.exe
  C:\Windows\System\dwTdoKg.exe
  2⤵
  PID:6020
- C:\Windows\System\hxlFgDc.exe
  C:\Windows\System\hxlFgDc.exe
  2⤵
  PID:6040
- C:\Windows\System\ircpzMC.exe
  C:\Windows\System\ircpzMC.exe
  2⤵
  PID:6060
- C:\Windows\System\BDoUkMS.exe
  C:\Windows\System\BDoUkMS.exe
  2⤵
  PID:6080
- C:\Windows\System\dekXSSy.exe
  C:\Windows\System\dekXSSy.exe
  2⤵
  PID:6100
- C:\Windows\System\iGPyGtL.exe
  C:\Windows\System\iGPyGtL.exe
  2⤵
  PID:6116
- C:\Windows\System\lOdZErI.exe
  C:\Windows\System\lOdZErI.exe
  2⤵
  PID:6136
- C:\Windows\System\GgldnYd.exe
  C:\Windows\System\GgldnYd.exe
  2⤵
  PID:5128
- C:\Windows\System\qnGZpjQ.exe
  C:\Windows\System\qnGZpjQ.exe
  2⤵
  PID:5200
- C:\Windows\System\vLoyqJr.exe
  C:\Windows\System\vLoyqJr.exe
  2⤵
  PID:4568
- C:\Windows\System\fLDOutU.exe
  C:\Windows\System\fLDOutU.exe
  2⤵
  PID:3924
- C:\Windows\System\kjAFFva.exe
  C:\Windows\System\kjAFFva.exe
  2⤵
  PID:2384
- C:\Windows\System\etbSkkX.exe
  C:\Windows\System\etbSkkX.exe
  2⤵
  PID:4776
- C:\Windows\System\UEUvArG.exe
  C:\Windows\System\UEUvArG.exe
  2⤵
  PID:5244
- C:\Windows\System\xrkdmWY.exe
  C:\Windows\System\xrkdmWY.exe
  2⤵
  PID:5272
- C:\Windows\System\ThrPNgp.exe
  C:\Windows\System\ThrPNgp.exe
  2⤵
  PID:5236
- C:\Windows\System\tpLGZyZ.exe
  C:\Windows\System\tpLGZyZ.exe
  2⤵
  PID:5296
- C:\Windows\System\DPFvetW.exe
  C:\Windows\System\DPFvetW.exe
  2⤵
  PID:5328
- C:\Windows\System\IvETuEo.exe
  C:\Windows\System\IvETuEo.exe
  2⤵
  PID:5388
- C:\Windows\System\OkTqYvY.exe
  C:\Windows\System\OkTqYvY.exe
  2⤵
  PID:5392
- C:\Windows\System\QNahNoE.exe
  C:\Windows\System\QNahNoE.exe
  2⤵
  PID:5412
- C:\Windows\System\zXNCvdX.exe
  C:\Windows\System\zXNCvdX.exe
  2⤵
  PID:5452
- C:\Windows\System\hzRBaJI.exe
  C:\Windows\System\hzRBaJI.exe
  2⤵
  PID:5508
- C:\Windows\System\NnfhZns.exe
  C:\Windows\System\NnfhZns.exe
  2⤵
  PID:5536
- C:\Windows\System\eIfJnTG.exe
  C:\Windows\System\eIfJnTG.exe
  2⤵
  PID:5592
- C:\Windows\System\XLzBDFB.exe
  C:\Windows\System\XLzBDFB.exe
  2⤵
  PID:5604
- C:\Windows\System\HGSRHGi.exe
  C:\Windows\System\HGSRHGi.exe
  2⤵
  PID:5636
- C:\Windows\System\DcMRwqu.exe
  C:\Windows\System\DcMRwqu.exe
  2⤵
  PID:5724
- C:\Windows\System\BAJHqTs.exe
  C:\Windows\System\BAJHqTs.exe
  2⤵
  PID:5728
- C:\Windows\System\DJLHJfJ.exe
  C:\Windows\System\DJLHJfJ.exe
  2⤵
  PID:5756
- C:\Windows\System\lxAAXJw.exe
  C:\Windows\System\lxAAXJw.exe
  2⤵
  PID:5776
- C:\Windows\System\aDPnihQ.exe
  C:\Windows\System\aDPnihQ.exe
  2⤵
  PID:5832
- C:\Windows\System\VWcCHlv.exe
  C:\Windows\System\VWcCHlv.exe
  2⤵
  PID:5848
- C:\Windows\System\bpTqcAs.exe
  C:\Windows\System\bpTqcAs.exe
  2⤵
  PID:5908
- C:\Windows\System\VlaZyow.exe
  C:\Windows\System\VlaZyow.exe
  2⤵
  PID:5884
- C:\Windows\System\QlxgObO.exe
  C:\Windows\System\QlxgObO.exe
  2⤵
  PID:5932
- C:\Windows\System\CqZJUgg.exe
  C:\Windows\System\CqZJUgg.exe
  2⤵
  PID:5968
- C:\Windows\System\kAINbMH.exe
  C:\Windows\System\kAINbMH.exe
  2⤵
  PID:6028
- C:\Windows\System\mCScGJb.exe
  C:\Windows\System\mCScGJb.exe
  2⤵
  PID:6008
- C:\Windows\System\MIMXxjA.exe
  C:\Windows\System\MIMXxjA.exe
  2⤵
  PID:6108
- C:\Windows\System\WaHtXnm.exe
  C:\Windows\System\WaHtXnm.exe
  2⤵
  PID:6016
- C:\Windows\System\gPMPEQE.exe
  C:\Windows\System\gPMPEQE.exe
  2⤵
  PID:5140
- C:\Windows\System\cnHNkAj.exe
  C:\Windows\System\cnHNkAj.exe
  2⤵
  PID:5268
- C:\Windows\System\CLeZQsj.exe
  C:\Windows\System\CLeZQsj.exe
  2⤵
  PID:5232
- C:\Windows\System\WzwdEqt.exe
  C:\Windows\System\WzwdEqt.exe
  2⤵
  PID:6124
- C:\Windows\System\hjQwZKR.exe
  C:\Windows\System\hjQwZKR.exe
  2⤵
  PID:4696
- C:\Windows\System\haJWFtP.exe
  C:\Windows\System\haJWFtP.exe
  2⤵
  PID:4984
- C:\Windows\System\XzIqZhM.exe
  C:\Windows\System\XzIqZhM.exe
  2⤵
  PID:5216
- C:\Windows\System\BWlckpn.exe
  C:\Windows\System\BWlckpn.exe
  2⤵
  PID:5336
- C:\Windows\System\inHbWnS.exe
  C:\Windows\System\inHbWnS.exe
  2⤵
  PID:5464
- C:\Windows\System\yQcJKhG.exe
  C:\Windows\System\yQcJKhG.exe
  2⤵
  PID:5436
- C:\Windows\System\qrMiBJn.exe
  C:\Windows\System\qrMiBJn.exe
  2⤵
  PID:5496
- C:\Windows\System\tyeUtvd.exe
  C:\Windows\System\tyeUtvd.exe
  2⤵
  PID:5588
- C:\Windows\System\zslawkh.exe
  C:\Windows\System\zslawkh.exe
  2⤵
  PID:5572
- C:\Windows\System\woYpAJo.exe
  C:\Windows\System\woYpAJo.exe
  2⤵
  PID:5700
- C:\Windows\System\aYFtvgD.exe
  C:\Windows\System\aYFtvgD.exe
  2⤵
  PID:5648
- C:\Windows\System\RzIBRwI.exe
  C:\Windows\System\RzIBRwI.exe
  2⤵
  PID:5828
- C:\Windows\System\CPoiztU.exe
  C:\Windows\System\CPoiztU.exe
  2⤵
  PID:5808
- C:\Windows\System\jRGVrZq.exe
  C:\Windows\System\jRGVrZq.exe
  2⤵
  PID:5928
- C:\Windows\System\jFFBzNP.exe
  C:\Windows\System\jFFBzNP.exe
  2⤵
  PID:6072
- C:\Windows\System\FIYoIAE.exe
  C:\Windows\System\FIYoIAE.exe
  2⤵
  PID:5916
- C:\Windows\System\BNATRVm.exe
  C:\Windows\System\BNATRVm.exe
  2⤵
  PID:5192
- C:\Windows\System\eJIDFQq.exe
  C:\Windows\System\eJIDFQq.exe
  2⤵
  PID:5124
- C:\Windows\System\mtitJHR.exe
  C:\Windows\System\mtitJHR.exe
  2⤵
  PID:5224
- C:\Windows\System\eSUcZEn.exe
  C:\Windows\System\eSUcZEn.exe
  2⤵
  PID:5160
- C:\Windows\System\PApFLuz.exe
  C:\Windows\System\PApFLuz.exe
  2⤵
  PID:5180
- C:\Windows\System\Kvqnswu.exe
  C:\Windows\System\Kvqnswu.exe
  2⤵
  PID:5284
- C:\Windows\System\KGirPJV.exe
  C:\Windows\System\KGirPJV.exe
  2⤵
  PID:5448
- C:\Windows\System\ODKsegX.exe
  C:\Windows\System\ODKsegX.exe
  2⤵
  PID:5424
- C:\Windows\System\FnCBzme.exe
  C:\Windows\System\FnCBzme.exe
  2⤵
  PID:5732
- C:\Windows\System\QRbzVNF.exe
  C:\Windows\System\QRbzVNF.exe
  2⤵
  PID:5532
- C:\Windows\System\RHifNDC.exe
  C:\Windows\System\RHifNDC.exe
  2⤵
  PID:5796
- C:\Windows\System\DmCKGKn.exe
  C:\Windows\System\DmCKGKn.exe
  2⤵
  PID:5872
- C:\Windows\System\xkKKDoA.exe
  C:\Windows\System\xkKKDoA.exe
  2⤵
  PID:5856
- C:\Windows\System\cCcDGQI.exe
  C:\Windows\System\cCcDGQI.exe
  2⤵
  PID:6048
- C:\Windows\System\kldqMFI.exe
  C:\Windows\System\kldqMFI.exe
  2⤵
  PID:6036
- C:\Windows\System\VUUXHtu.exe
  C:\Windows\System\VUUXHtu.exe
  2⤵
  PID:5312
- C:\Windows\System\bCJjTRg.exe
  C:\Windows\System\bCJjTRg.exe
  2⤵
  PID:5620
- C:\Windows\System\oxGkAbm.exe
  C:\Windows\System\oxGkAbm.exe
  2⤵
  PID:5364
- C:\Windows\System\JSVPIaY.exe
  C:\Windows\System\JSVPIaY.exe
  2⤵
  PID:5664
- C:\Windows\System\nTmVoav.exe
  C:\Windows\System\nTmVoav.exe
  2⤵
  PID:5512
- C:\Windows\System\RYfJypA.exe
  C:\Windows\System\RYfJypA.exe
  2⤵
  PID:5712
- C:\Windows\System\YyuvDsx.exe
  C:\Windows\System\YyuvDsx.exe
  2⤵
  PID:6056
- C:\Windows\System\LvqFqYg.exe
  C:\Windows\System\LvqFqYg.exe
  2⤵
  PID:6092
- C:\Windows\System\DJnRLbk.exe
  C:\Windows\System\DJnRLbk.exe
  2⤵
  PID:5164
- C:\Windows\System\MBDCdhB.exe
  C:\Windows\System\MBDCdhB.exe
  2⤵
  PID:5628
- C:\Windows\System\HWAvyFa.exe
  C:\Windows\System\HWAvyFa.exe
  2⤵
  PID:5428
- C:\Windows\System\fAcZCna.exe
  C:\Windows\System\fAcZCna.exe
  2⤵
  PID:6156
- C:\Windows\System\EntBnxz.exe
  C:\Windows\System\EntBnxz.exe
  2⤵
  PID:6180
- C:\Windows\System\UCxqZXb.exe
  C:\Windows\System\UCxqZXb.exe
  2⤵
  PID:6200
- C:\Windows\System\UUBeETY.exe
  C:\Windows\System\UUBeETY.exe
  2⤵
  PID:6224
- C:\Windows\System\IZeEoVH.exe
  C:\Windows\System\IZeEoVH.exe
  2⤵
  PID:6248
- C:\Windows\System\oBAyTYu.exe
  C:\Windows\System\oBAyTYu.exe
  2⤵
  PID:6264
- C:\Windows\System\quyeVzR.exe
  C:\Windows\System\quyeVzR.exe
  2⤵
  PID:6288
- C:\Windows\System\DEvwlCr.exe
  C:\Windows\System\DEvwlCr.exe
  2⤵
  PID:6308
- C:\Windows\System\ocnfutB.exe
  C:\Windows\System\ocnfutB.exe
  2⤵
  PID:6332
- C:\Windows\System\inLdhSm.exe
  C:\Windows\System\inLdhSm.exe
  2⤵
  PID:6352
- C:\Windows\System\MKtsLye.exe
  C:\Windows\System\MKtsLye.exe
  2⤵
  PID:6372
- C:\Windows\System\xsXWlPt.exe
  C:\Windows\System\xsXWlPt.exe
  2⤵
  PID:6388
- C:\Windows\System\PrejTVR.exe
  C:\Windows\System\PrejTVR.exe
  2⤵
  PID:6412
- C:\Windows\System\FoDPKfp.exe
  C:\Windows\System\FoDPKfp.exe
  2⤵
  PID:6428
- C:\Windows\System\UYWftEy.exe
  C:\Windows\System\UYWftEy.exe
  2⤵
  PID:6444
- C:\Windows\System\pzecbeL.exe
  C:\Windows\System\pzecbeL.exe
  2⤵
  PID:6460
- C:\Windows\System\PCYcIyM.exe
  C:\Windows\System\PCYcIyM.exe
  2⤵
  PID:6476
- C:\Windows\System\KHXEqhv.exe
  C:\Windows\System\KHXEqhv.exe
  2⤵
  PID:6492
- C:\Windows\System\rcVcgAe.exe
  C:\Windows\System\rcVcgAe.exe
  2⤵
  PID:6508
- C:\Windows\System\PQBLweR.exe
  C:\Windows\System\PQBLweR.exe
  2⤵
  PID:6528
- C:\Windows\System\yINkgSw.exe
  C:\Windows\System\yINkgSw.exe
  2⤵
  PID:6548
- C:\Windows\System\dkjANyr.exe
  C:\Windows\System\dkjANyr.exe
  2⤵
  PID:6572
- C:\Windows\System\HVmJXrZ.exe
  C:\Windows\System\HVmJXrZ.exe
  2⤵
  PID:6592
- C:\Windows\System\hAbByQd.exe
  C:\Windows\System\hAbByQd.exe
  2⤵
  PID:6612
- C:\Windows\System\bZDXvpx.exe
  C:\Windows\System\bZDXvpx.exe
  2⤵
  PID:6628
- C:\Windows\System\cAPPItR.exe
  C:\Windows\System\cAPPItR.exe
  2⤵
  PID:6644
- C:\Windows\System\TmHYKeT.exe
  C:\Windows\System\TmHYKeT.exe
  2⤵
  PID:6664
- C:\Windows\System\FmmJpaH.exe
  C:\Windows\System\FmmJpaH.exe
  2⤵
  PID:6684
- C:\Windows\System\RiSbhbg.exe
  C:\Windows\System\RiSbhbg.exe
  2⤵
  PID:6704
- C:\Windows\System\pyzcJch.exe
  C:\Windows\System\pyzcJch.exe
  2⤵
  PID:6720
- C:\Windows\System\AZtlAAv.exe
  C:\Windows\System\AZtlAAv.exe
  2⤵
  PID:6740
- C:\Windows\System\ZZYKcNV.exe
  C:\Windows\System\ZZYKcNV.exe
  2⤵
  PID:6760
- C:\Windows\System\hoNVaoE.exe
  C:\Windows\System\hoNVaoE.exe
  2⤵
  PID:6780
- C:\Windows\System\RfKQJYW.exe
  C:\Windows\System\RfKQJYW.exe
  2⤵
  PID:6796
- C:\Windows\System\xxusrgn.exe
  C:\Windows\System\xxusrgn.exe
  2⤵
  PID:6816
- C:\Windows\System\mUxTLJh.exe
  C:\Windows\System\mUxTLJh.exe
  2⤵
  PID:6832
- C:\Windows\System\TkiDozq.exe
  C:\Windows\System\TkiDozq.exe
  2⤵
  PID:6848
- C:\Windows\System\UHxxGZN.exe
  C:\Windows\System\UHxxGZN.exe
  2⤵
  PID:6872
- C:\Windows\System\fqToAjw.exe
  C:\Windows\System\fqToAjw.exe
  2⤵
  PID:6892
- C:\Windows\System\tQrryWO.exe
  C:\Windows\System\tQrryWO.exe
  2⤵
  PID:6916
- C:\Windows\System\vTndwdY.exe
  C:\Windows\System\vTndwdY.exe
  2⤵
  PID:6940
- C:\Windows\System\ACOfppF.exe
  C:\Windows\System\ACOfppF.exe
  2⤵
  PID:6964
- C:\Windows\System\nzwGSQA.exe
  C:\Windows\System\nzwGSQA.exe
  2⤵
  PID:6988
- C:\Windows\System\XKCcRXr.exe
  C:\Windows\System\XKCcRXr.exe
  2⤵
  PID:7012
- C:\Windows\System\rBrmaYq.exe
  C:\Windows\System\rBrmaYq.exe
  2⤵
  PID:7040
- C:\Windows\System\SkgyGZR.exe
  C:\Windows\System\SkgyGZR.exe
  2⤵
  PID:7060
- C:\Windows\System\duubmzC.exe
  C:\Windows\System\duubmzC.exe
  2⤵
  PID:7076
- C:\Windows\System\CANiHgl.exe
  C:\Windows\System\CANiHgl.exe
  2⤵
  PID:7104
- C:\Windows\System\MYgblGj.exe
  C:\Windows\System\MYgblGj.exe
  2⤵
  PID:7124
- C:\Windows\System\qoXysKp.exe
  C:\Windows\System\qoXysKp.exe
  2⤵
  PID:7148
- C:\Windows\System\KOOnBFS.exe
  C:\Windows\System\KOOnBFS.exe
  2⤵
  PID:7164
- C:\Windows\System\pfTWhgb.exe
  C:\Windows\System\pfTWhgb.exe
  2⤵
  PID:6240
- C:\Windows\System\LstwMGl.exe
  C:\Windows\System\LstwMGl.exe
  2⤵
  PID:5896
- C:\Windows\System\HrdNwsz.exe
  C:\Windows\System\HrdNwsz.exe
  2⤵
  PID:5948
- C:\Windows\System\vlUVNgu.exe
  C:\Windows\System\vlUVNgu.exe
  2⤵
  PID:5772
- C:\Windows\System\NfHAfLN.exe
  C:\Windows\System\NfHAfLN.exe
  2⤵
  PID:4952
- C:\Windows\System\kVuFahH.exe
  C:\Windows\System\kVuFahH.exe
  2⤵
  PID:6168
- C:\Windows\System\RgupdWc.exe
  C:\Windows\System\RgupdWc.exe
  2⤵
  PID:6220
- C:\Windows\System\qWEgeHT.exe
  C:\Windows\System\qWEgeHT.exe
  2⤵
  PID:6324
- C:\Windows\System\nqDbLVj.exe
  C:\Windows\System\nqDbLVj.exe
  2⤵
  PID:6320
- C:\Windows\System\DfIWBee.exe
  C:\Windows\System\DfIWBee.exe
  2⤵
  PID:6360
- C:\Windows\System\AaFONJN.exe
  C:\Windows\System\AaFONJN.exe
  2⤵
  PID:6404
- C:\Windows\System\FEGYbBj.exe
  C:\Windows\System\FEGYbBj.exe
  2⤵
  PID:6420
- C:\Windows\System\MxlCffe.exe
  C:\Windows\System\MxlCffe.exe
  2⤵
  PID:6504
- C:\Windows\System\GUrIizk.exe
  C:\Windows\System\GUrIizk.exe
  2⤵
  PID:6588
- C:\Windows\System\WJQZnrP.exe
  C:\Windows\System\WJQZnrP.exe
  2⤵
  PID:6624
- C:\Windows\System\RYfBTUD.exe
  C:\Windows\System\RYfBTUD.exe
  2⤵
  PID:6736
- C:\Windows\System\hVVFYhp.exe
  C:\Windows\System\hVVFYhp.exe
  2⤵
  PID:6808
- C:\Windows\System\UydNBmp.exe
  C:\Windows\System\UydNBmp.exe
  2⤵
  PID:6888
- C:\Windows\System\nzemtgB.exe
  C:\Windows\System\nzemtgB.exe
  2⤵
  PID:6560
- C:\Windows\System\KpCpPQU.exe
  C:\Windows\System\KpCpPQU.exe
  2⤵
  PID:6976
- C:\Windows\System\weNJsCL.exe
  C:\Windows\System\weNJsCL.exe
  2⤵
  PID:7028
- C:\Windows\System\fPlJIdm.exe
  C:\Windows\System\fPlJIdm.exe
  2⤵
  PID:6856
- C:\Windows\System\gScSeTx.exe
  C:\Windows\System\gScSeTx.exe
  2⤵
  PID:7072
- C:\Windows\System\DvKzrHm.exe
  C:\Windows\System\DvKzrHm.exe
  2⤵
  PID:7116
- C:\Windows\System\SFxnbbF.exe
  C:\Windows\System\SFxnbbF.exe
  2⤵
  PID:7156
- C:\Windows\System\NGgfQBj.exe
  C:\Windows\System\NGgfQBj.exe
  2⤵
  PID:6520
- C:\Windows\System\mFhZNEk.exe
  C:\Windows\System\mFhZNEk.exe
  2⤵
  PID:6568
- C:\Windows\System\NCCFCxN.exe
  C:\Windows\System\NCCFCxN.exe
  2⤵
  PID:6640
- C:\Windows\System\CwKGdgm.exe
  C:\Windows\System\CwKGdgm.exe
  2⤵
  PID:6748
- C:\Windows\System\HPJsFpZ.exe
  C:\Windows\System\HPJsFpZ.exe
  2⤵
  PID:6756
- C:\Windows\System\ziSJEDX.exe
  C:\Windows\System\ziSJEDX.exe
  2⤵
  PID:6908
- C:\Windows\System\lOKlwCR.exe
  C:\Windows\System\lOKlwCR.exe
  2⤵
  PID:7000
- C:\Windows\System\KSVVabK.exe
  C:\Windows\System\KSVVabK.exe
  2⤵
  PID:6232
- C:\Windows\System\EZXVYFD.exe
  C:\Windows\System\EZXVYFD.exe
  2⤵
  PID:6196
- C:\Windows\System\mNSttAT.exe
  C:\Windows\System\mNSttAT.exe
  2⤵
  PID:5996
- C:\Windows\System\BKlSoDd.exe
  C:\Windows\System\BKlSoDd.exe
  2⤵
  PID:6256
- C:\Windows\System\TlIyLhV.exe
  C:\Windows\System\TlIyLhV.exe
  2⤵
  PID:6348
- C:\Windows\System\AZYrEtG.exe
  C:\Windows\System\AZYrEtG.exe
  2⤵
  PID:6544
- C:\Windows\System\jLqmbeO.exe
  C:\Windows\System\jLqmbeO.exe
  2⤵
  PID:5316
- C:\Windows\System\HSCxTUZ.exe
  C:\Windows\System\HSCxTUZ.exe
  2⤵
  PID:6660
- C:\Windows\System\CWFMOWk.exe
  C:\Windows\System\CWFMOWk.exe
  2⤵
  PID:6212
- C:\Windows\System\WqYoPKz.exe
  C:\Windows\System\WqYoPKz.exe
  2⤵
  PID:6468
- C:\Windows\System\kXwaiTr.exe
  C:\Windows\System\kXwaiTr.exe
  2⤵
  PID:6300
- C:\Windows\System\SLDjSIB.exe
  C:\Windows\System\SLDjSIB.exe
  2⤵
  PID:6972
- C:\Windows\System\JyAwFKw.exe
  C:\Windows\System\JyAwFKw.exe
  2⤵
  PID:7036
- C:\Windows\System\MbCwXkG.exe
  C:\Windows\System\MbCwXkG.exe
  2⤵
  PID:6984
- C:\Windows\System\uNepkgF.exe
  C:\Windows\System\uNepkgF.exe
  2⤵
  PID:6712
- C:\Windows\System\rQDmnCs.exe
  C:\Windows\System\rQDmnCs.exe
  2⤵
  PID:6484
- C:\Windows\System\WWXQeIV.exe
  C:\Windows\System\WWXQeIV.exe
  2⤵
  PID:6900
- C:\Windows\System\KLeGdrU.exe
  C:\Windows\System\KLeGdrU.exe
  2⤵
  PID:6604
- C:\Windows\System\GPBMsTP.exe
  C:\Windows\System\GPBMsTP.exe
  2⤵
  PID:7008
- C:\Windows\System\ZXFQemm.exe
  C:\Windows\System\ZXFQemm.exe
  2⤵
  PID:7140
- C:\Windows\System\LPRdnKL.exe
  C:\Windows\System\LPRdnKL.exe
  2⤵
  PID:7084
- C:\Windows\System\czVRScH.exe
  C:\Windows\System\czVRScH.exe
  2⤵
  PID:5740
- C:\Windows\System\uAtojiA.exe
  C:\Windows\System\uAtojiA.exe
  2⤵
  PID:7052
- C:\Windows\System\dLvcOPL.exe
  C:\Windows\System\dLvcOPL.exe
  2⤵
  PID:5892
- C:\Windows\System\Yysrojb.exe
  C:\Windows\System\Yysrojb.exe
  2⤵
  PID:6208
- C:\Windows\System\mcwzZlU.exe
  C:\Windows\System\mcwzZlU.exe
  2⤵
  PID:6456
- C:\Windows\System\seWhavw.exe
  C:\Windows\System\seWhavw.exe
  2⤵
  PID:6580
- C:\Windows\System\OTsIBss.exe
  C:\Windows\System\OTsIBss.exe
  2⤵
  PID:6316
- C:\Windows\System\rnaatGi.exe
  C:\Windows\System\rnaatGi.exe
  2⤵
  PID:7092
- C:\Windows\System\ETsPsBz.exe
  C:\Windows\System\ETsPsBz.exe
  2⤵
  PID:6956
- C:\Windows\System\dEbFyvr.exe
  C:\Windows\System\dEbFyvr.exe
  2⤵
  PID:6692
- C:\Windows\System\pcvWEEO.exe
  C:\Windows\System\pcvWEEO.exe
  2⤵
  PID:6844
- C:\Windows\System\jDwZmMi.exe
  C:\Windows\System\jDwZmMi.exe
  2⤵
  PID:6408
- C:\Windows\System\tQxPoYO.exe
  C:\Windows\System\tQxPoYO.exe
  2⤵
  PID:4800
- C:\Windows\System\vKGwVia.exe
  C:\Windows\System\vKGwVia.exe
  2⤵
  PID:7132
- C:\Windows\System\UzhDdqD.exe
  C:\Windows\System\UzhDdqD.exe
  2⤵
  PID:6860
- C:\Windows\System\kUFNSVW.exe
  C:\Windows\System\kUFNSVW.exe
  2⤵
  PID:6608
- C:\Windows\System\cXjbqvS.exe
  C:\Windows\System\cXjbqvS.exe
  2⤵
  PID:6936
- C:\Windows\System\IXUzlrO.exe
  C:\Windows\System\IXUzlrO.exe
  2⤵
  PID:6436
- C:\Windows\System\dXRYXzA.exe
  C:\Windows\System\dXRYXzA.exe
  2⤵
  PID:6384
- C:\Windows\System\gFltCdL.exe
  C:\Windows\System\gFltCdL.exe
  2⤵
  PID:6716
- C:\Windows\System\ezqIRLa.exe
  C:\Windows\System\ezqIRLa.exe
  2⤵
  PID:6732
- C:\Windows\System\wuhtYVI.exe
  C:\Windows\System\wuhtYVI.exe
  2⤵
  PID:6236
- C:\Windows\System\jCuiydV.exe
  C:\Windows\System\jCuiydV.exe
  2⤵
  PID:6792
- C:\Windows\System\HwDnAYz.exe
  C:\Windows\System\HwDnAYz.exe
  2⤵
  PID:6828
- C:\Windows\System\xVXbZjF.exe
  C:\Windows\System\xVXbZjF.exe
  2⤵
  PID:6728
- C:\Windows\System\dsIklRb.exe
  C:\Windows\System\dsIklRb.exe
  2⤵
  PID:6540
- C:\Windows\System\cnwsiSR.exe
  C:\Windows\System\cnwsiSR.exe
  2⤵
  PID:7180
- C:\Windows\System\TAjcefX.exe
  C:\Windows\System\TAjcefX.exe
  2⤵
  PID:7196
- C:\Windows\System\OLTGPGR.exe
  C:\Windows\System\OLTGPGR.exe
  2⤵
  PID:7212
- C:\Windows\System\QcFEXKi.exe
  C:\Windows\System\QcFEXKi.exe
  2⤵
  PID:7232
- C:\Windows\System\LucSQxs.exe
  C:\Windows\System\LucSQxs.exe
  2⤵
  PID:7248
- C:\Windows\System\nlzjgva.exe
  C:\Windows\System\nlzjgva.exe
  2⤵
  PID:7268
- C:\Windows\System\rjYqdpD.exe
  C:\Windows\System\rjYqdpD.exe
  2⤵
  PID:7304
- C:\Windows\System\uMyHGtz.exe
  C:\Windows\System\uMyHGtz.exe
  2⤵
  PID:7324
- C:\Windows\System\dRDDbBE.exe
  C:\Windows\System\dRDDbBE.exe
  2⤵
  PID:7348
- C:\Windows\System\sAKCjup.exe
  C:\Windows\System\sAKCjup.exe
  2⤵
  PID:7364
- C:\Windows\System\NxMsVzy.exe
  C:\Windows\System\NxMsVzy.exe
  2⤵
  PID:7384
- C:\Windows\System\FPPVgMA.exe
  C:\Windows\System\FPPVgMA.exe
  2⤵
  PID:7400
- C:\Windows\System\aGileKM.exe
  C:\Windows\System\aGileKM.exe
  2⤵
  PID:7424
- C:\Windows\System\eVBdXJZ.exe
  C:\Windows\System\eVBdXJZ.exe
  2⤵
  PID:7440
- C:\Windows\System\bZcLhQx.exe
  C:\Windows\System\bZcLhQx.exe
  2⤵
  PID:7456
- C:\Windows\System\wLiGddz.exe
  C:\Windows\System\wLiGddz.exe
  2⤵
  PID:7476
- C:\Windows\System\KMOAtWi.exe
  C:\Windows\System\KMOAtWi.exe
  2⤵
  PID:7500
- C:\Windows\System\yaOtDlP.exe
  C:\Windows\System\yaOtDlP.exe
  2⤵
  PID:7516
- C:\Windows\System\tfVPInb.exe
  C:\Windows\System\tfVPInb.exe
  2⤵
  PID:7540
- C:\Windows\System\yjEzzhc.exe
  C:\Windows\System\yjEzzhc.exe
  2⤵
  PID:7560
- C:\Windows\System\kZTZUQU.exe
  C:\Windows\System\kZTZUQU.exe
  2⤵
  PID:7580
- C:\Windows\System\EXdLFjX.exe
  C:\Windows\System\EXdLFjX.exe
  2⤵
  PID:7596
- C:\Windows\System\qTruUSK.exe
  C:\Windows\System\qTruUSK.exe
  2⤵
  PID:7616
- C:\Windows\System\aRnjYCD.exe
  C:\Windows\System\aRnjYCD.exe
  2⤵
  PID:7640
- C:\Windows\System\eFBAIbB.exe
  C:\Windows\System\eFBAIbB.exe
  2⤵
  PID:7656
- C:\Windows\System\vcCyWnB.exe
  C:\Windows\System\vcCyWnB.exe
  2⤵
  PID:7676
- C:\Windows\System\yuWDlob.exe
  C:\Windows\System\yuWDlob.exe
  2⤵
  PID:7704
- C:\Windows\System\NkQyvET.exe
  C:\Windows\System\NkQyvET.exe
  2⤵
  PID:7724
- C:\Windows\System\osnpPIK.exe
  C:\Windows\System\osnpPIK.exe
  2⤵
  PID:7740
- C:\Windows\System\UDznnhE.exe
  C:\Windows\System\UDznnhE.exe
  2⤵
  PID:7764
- C:\Windows\System\zgWibMj.exe
  C:\Windows\System\zgWibMj.exe
  2⤵
  PID:7784
- C:\Windows\System\AljRFwi.exe
  C:\Windows\System\AljRFwi.exe
  2⤵
  PID:7800
- C:\Windows\System\XWwbciq.exe
  C:\Windows\System\XWwbciq.exe
  2⤵
  PID:7820
- C:\Windows\System\WupJTIb.exe
  C:\Windows\System\WupJTIb.exe
  2⤵
  PID:7840
- C:\Windows\System\TCianRC.exe
  C:\Windows\System\TCianRC.exe
  2⤵
  PID:7864
- C:\Windows\System\iOpMWQC.exe
  C:\Windows\System\iOpMWQC.exe
  2⤵
  PID:7880
- C:\Windows\System\EFjHSBf.exe
  C:\Windows\System\EFjHSBf.exe
  2⤵
  PID:7904
- C:\Windows\System\bRvcFhH.exe
  C:\Windows\System\bRvcFhH.exe
  2⤵
  PID:7920
- C:\Windows\System\GIhYuGl.exe
  C:\Windows\System\GIhYuGl.exe
  2⤵
  PID:7944
- C:\Windows\System\khXsgcu.exe
  C:\Windows\System\khXsgcu.exe
  2⤵
  PID:7960
- C:\Windows\System\PqGruNj.exe
  C:\Windows\System\PqGruNj.exe
  2⤵
  PID:7976
- C:\Windows\System\ygrulqC.exe
  C:\Windows\System\ygrulqC.exe
  2⤵
  PID:8004
- C:\Windows\System\nXQptAM.exe
  C:\Windows\System\nXQptAM.exe
  2⤵
  PID:8024
- C:\Windows\System\lUHlADJ.exe
  C:\Windows\System\lUHlADJ.exe
  2⤵
  PID:8044
- C:\Windows\System\wPokFZn.exe
  C:\Windows\System\wPokFZn.exe
  2⤵
  PID:8064
- C:\Windows\System\euDHoWc.exe
  C:\Windows\System\euDHoWc.exe
  2⤵
  PID:8084
- C:\Windows\System\VYOFpsD.exe
  C:\Windows\System\VYOFpsD.exe
  2⤵
  PID:8108
- C:\Windows\System\genTybF.exe
  C:\Windows\System\genTybF.exe
  2⤵
  PID:8132
- C:\Windows\System\fVDtfhY.exe
  C:\Windows\System\fVDtfhY.exe
  2⤵
  PID:8152
- C:\Windows\System\FIWQLAF.exe
  C:\Windows\System\FIWQLAF.exe
  2⤵
  PID:8168
- C:\Windows\System\ZDdnFBh.exe
  C:\Windows\System\ZDdnFBh.exe
  2⤵
  PID:8188
- C:\Windows\System\maGArRO.exe
  C:\Windows\System\maGArRO.exe
  2⤵
  PID:7176
- C:\Windows\System\lffkMlc.exe
  C:\Windows\System\lffkMlc.exe
  2⤵
  PID:7244
- C:\Windows\System\WiBHStx.exe
  C:\Windows\System\WiBHStx.exe
  2⤵
  PID:7288
- C:\Windows\System\MWzgdhI.exe
  C:\Windows\System\MWzgdhI.exe
  2⤵
  PID:6680
- C:\Windows\System\cEEMMXC.exe
  C:\Windows\System\cEEMMXC.exe
  2⤵
  PID:7224
- C:\Windows\System\TleBVeT.exe
  C:\Windows\System\TleBVeT.exe
  2⤵
  PID:7340
- C:\Windows\System\ZaMbvGY.exe
  C:\Windows\System\ZaMbvGY.exe
  2⤵
  PID:7336
- C:\Windows\System\jLLbZtX.exe
  C:\Windows\System\jLLbZtX.exe
  2⤵
  PID:7356
- C:\Windows\System\vfpUPns.exe
  C:\Windows\System\vfpUPns.exe
  2⤵
  PID:7416
- C:\Windows\System\SecXxJC.exe
  C:\Windows\System\SecXxJC.exe
  2⤵
  PID:7436
- C:\Windows\System\EnIcKqb.exe
  C:\Windows\System\EnIcKqb.exe
  2⤵
  PID:7524
- C:\Windows\System\RddIWne.exe
  C:\Windows\System\RddIWne.exe
  2⤵
  PID:7568
- C:\Windows\System\pZyqeUr.exe
  C:\Windows\System\pZyqeUr.exe
  2⤵
  PID:7608
- C:\Windows\System\lylBGXk.exe
  C:\Windows\System\lylBGXk.exe
  2⤵
  PID:7432
- C:\Windows\System\qxiavJL.exe
  C:\Windows\System\qxiavJL.exe
  2⤵
  PID:7684
- C:\Windows\System\TIAkBfX.exe
  C:\Windows\System\TIAkBfX.exe
  2⤵
  PID:7552
- C:\Windows\System\ANryGuc.exe
  C:\Windows\System\ANryGuc.exe
  2⤵
  PID:7632
- C:\Windows\System\ZKnfwlj.exe
  C:\Windows\System\ZKnfwlj.exe
  2⤵
  PID:7664
- C:\Windows\System\FEhPoXa.exe
  C:\Windows\System\FEhPoXa.exe
  2⤵
  PID:7712
- C:\Windows\System\raVXhar.exe
  C:\Windows\System\raVXhar.exe
  2⤵
  PID:7816
- C:\Windows\System\JPzbgXJ.exe
  C:\Windows\System\JPzbgXJ.exe
  2⤵
  PID:7856
- C:\Windows\System\iaMBAKr.exe
  C:\Windows\System\iaMBAKr.exe
  2⤵
  PID:7760
- C:\Windows\System\GiQhOyw.exe
  C:\Windows\System\GiQhOyw.exe
  2⤵
  PID:7896
- C:\Windows\System\wQZOskb.exe
  C:\Windows\System\wQZOskb.exe
  2⤵
  PID:7792
- C:\Windows\System\oxsijZK.exe
  C:\Windows\System\oxsijZK.exe
  2⤵
  PID:7940
- C:\Windows\System\QklpQfS.exe
  C:\Windows\System\QklpQfS.exe
  2⤵
  PID:8016
- C:\Windows\System\MaEwywr.exe
  C:\Windows\System\MaEwywr.exe
  2⤵
  PID:7996
- C:\Windows\System\dhENkLd.exe
  C:\Windows\System\dhENkLd.exe
  2⤵
  PID:8032
- C:\Windows\System\yavpgga.exe
  C:\Windows\System\yavpgga.exe
  2⤵
  PID:8092
- C:\Windows\System\tlOYnBZ.exe
  C:\Windows\System\tlOYnBZ.exe
  2⤵
  PID:8036
- C:\Windows\System\vRhliDk.exe
  C:\Windows\System\vRhliDk.exe
  2⤵
  PID:8128
- C:\Windows\System\IQWlJLd.exe
  C:\Windows\System\IQWlJLd.exe
  2⤵
  PID:8184
- C:\Windows\System\wMqdljz.exe
  C:\Windows\System\wMqdljz.exe
  2⤵
  PID:6996
- C:\Windows\System\cJyjidL.exe
  C:\Windows\System\cJyjidL.exe
  2⤵
  PID:7100
- C:\Windows\System\DJqCbBf.exe
  C:\Windows\System\DJqCbBf.exe
  2⤵
  PID:7256
- C:\Windows\System\wfPsaCT.exe
  C:\Windows\System\wfPsaCT.exe
  2⤵
  PID:7264
- C:\Windows\System\mheoMrE.exe
  C:\Windows\System\mheoMrE.exe
  2⤵
  PID:7380
- C:\Windows\System\zxkwmom.exe
  C:\Windows\System\zxkwmom.exe
  2⤵
  PID:7536
- C:\Windows\System\kAMsBjV.exe
  C:\Windows\System\kAMsBjV.exe
  2⤵
  PID:7556
- C:\Windows\System\YyHujEl.exe
  C:\Windows\System\YyHujEl.exe
  2⤵
  PID:7636
- C:\Windows\System\RgcGljw.exe
  C:\Windows\System\RgcGljw.exe
  2⤵
  PID:7776
- C:\Windows\System\HvYpnUP.exe
  C:\Windows\System\HvYpnUP.exe
  2⤵
  PID:7492
- C:\Windows\System\dUqjFnG.exe
  C:\Windows\System\dUqjFnG.exe
  2⤵
  PID:7648
- C:\Windows\System\LaOHNwY.exe
  C:\Windows\System\LaOHNwY.exe
  2⤵
  PID:7928
- C:\Windows\System\qQetCQE.exe
  C:\Windows\System\qQetCQE.exe
  2⤵
  PID:7876
- C:\Windows\System\WlVsSXu.exe
  C:\Windows\System\WlVsSXu.exe
  2⤵
  PID:7512
- C:\Windows\System\vsKEEAW.exe
  C:\Windows\System\vsKEEAW.exe
  2⤵
  PID:8056
- C:\Windows\System\geynliz.exe
  C:\Windows\System\geynliz.exe
  2⤵
  PID:7056
- C:\Windows\System\VyNhxLf.exe
  C:\Windows\System\VyNhxLf.exe
  2⤵
  PID:8144
- C:\Windows\System\wtUBVTD.exe
  C:\Windows\System\wtUBVTD.exe
  2⤵
  PID:7848
- C:\Windows\System\XENIIFL.exe
  C:\Windows\System\XENIIFL.exe
  2⤵
  PID:7916
- C:\Windows\System\JAHuhhH.exe
  C:\Windows\System\JAHuhhH.exe
  2⤵
  PID:7280
- C:\Windows\System\UzyUQxL.exe
  C:\Windows\System\UzyUQxL.exe
  2⤵
  PID:7320
- C:\Windows\System\LGFLcth.exe
  C:\Windows\System\LGFLcth.exe
  2⤵
  PID:8076
- C:\Windows\System\xREMRmu.exe
  C:\Windows\System\xREMRmu.exe
  2⤵
  PID:7528
- C:\Windows\System\XipoqmB.exe
  C:\Windows\System\XipoqmB.exe
  2⤵
  PID:7672
- C:\Windows\System\VqEHimU.exe
  C:\Windows\System\VqEHimU.exe
  2⤵
  PID:7756
- C:\Windows\System\isVUNqF.exe
  C:\Windows\System\isVUNqF.exe
  2⤵
  PID:7888
- C:\Windows\System\IdopLMt.exe
  C:\Windows\System\IdopLMt.exe
  2⤵
  PID:7720
- C:\Windows\System\WYpjynr.exe
  C:\Windows\System\WYpjynr.exe
  2⤵
  PID:7360
- C:\Windows\System\cWmthDi.exe
  C:\Windows\System\cWmthDi.exe
  2⤵
  PID:7956
- C:\Windows\System\kDTVoVv.exe
  C:\Windows\System\kDTVoVv.exe
  2⤵
  PID:8164
- C:\Windows\System\oEJFVww.exe
  C:\Windows\System\oEJFVww.exe
  2⤵
  PID:7392
- C:\Windows\System\DGdxeYi.exe
  C:\Windows\System\DGdxeYi.exe
  2⤵
  PID:7932
- C:\Windows\System\IRBeFjT.exe
  C:\Windows\System\IRBeFjT.exe
  2⤵
  PID:7992
- C:\Windows\System\bVDUiId.exe
  C:\Windows\System\bVDUiId.exe
  2⤵
  PID:7344
- C:\Windows\System\LsmGDLp.exe
  C:\Windows\System\LsmGDLp.exe
  2⤵
  PID:7372
- C:\Windows\System\gfwEfcq.exe
  C:\Windows\System\gfwEfcq.exe
  2⤵
  PID:7188
- C:\Windows\System\BbJwpYf.exe
  C:\Windows\System\BbJwpYf.exe
  2⤵
  PID:7892
- C:\Windows\System\LaaEMyb.exe
  C:\Windows\System\LaaEMyb.exe
  2⤵
  PID:7808
- C:\Windows\System\rJlUPfo.exe
  C:\Windows\System\rJlUPfo.exe
  2⤵
  PID:8000
- C:\Windows\System\jXQAque.exe
  C:\Windows\System\jXQAque.exe
  2⤵
  PID:7240
- C:\Windows\System\ModdTrn.exe
  C:\Windows\System\ModdTrn.exe
  2⤵
  PID:8160
- C:\Windows\System\hnIHOVb.exe
  C:\Windows\System\hnIHOVb.exe
  2⤵
  PID:7852
- C:\Windows\System\xTwfVzb.exe
  C:\Windows\System\xTwfVzb.exe
  2⤵
  PID:6304
- C:\Windows\System\GzllhLT.exe
  C:\Windows\System\GzllhLT.exe
  2⤵
  PID:7412
- C:\Windows\System\BlifBuS.exe
  C:\Windows\System\BlifBuS.exe
  2⤵
  PID:8104
- C:\Windows\System\hBRHOGh.exe
  C:\Windows\System\hBRHOGh.exe
  2⤵
  PID:7452
- C:\Windows\System\ZgnPCnM.exe
  C:\Windows\System\ZgnPCnM.exe
  2⤵
  PID:7604
- C:\Windows\System\SqeEcGm.exe
  C:\Windows\System\SqeEcGm.exe
  2⤵
  PID:8208
- C:\Windows\System\uPgitIE.exe
  C:\Windows\System\uPgitIE.exe
  2⤵
  PID:8232
- C:\Windows\System\fbtrSmN.exe
  C:\Windows\System\fbtrSmN.exe
  2⤵
  PID:8248
- C:\Windows\System\BfmfBMj.exe
  C:\Windows\System\BfmfBMj.exe
  2⤵
  PID:8268
- C:\Windows\System\YDTzXab.exe
  C:\Windows\System\YDTzXab.exe
  2⤵
  PID:8304
- C:\Windows\System\xBQzxwq.exe
  C:\Windows\System\xBQzxwq.exe
  2⤵
  PID:8320
- C:\Windows\System\pkIkmRL.exe
  C:\Windows\System\pkIkmRL.exe
  2⤵
  PID:8340
- C:\Windows\System\ZVTiMCX.exe
  C:\Windows\System\ZVTiMCX.exe
  2⤵
  PID:8356
- C:\Windows\System\tbNGvid.exe
  C:\Windows\System\tbNGvid.exe
  2⤵
  PID:8372
- C:\Windows\System\czFYThi.exe
  C:\Windows\System\czFYThi.exe
  2⤵
  PID:8404
- C:\Windows\System\qRxIUdP.exe
  C:\Windows\System\qRxIUdP.exe
  2⤵
  PID:8420
- C:\Windows\System\BXXxGli.exe
  C:\Windows\System\BXXxGli.exe
  2⤵
  PID:8436
- C:\Windows\System\aQqfiXc.exe
  C:\Windows\System\aQqfiXc.exe
  2⤵
  PID:8460
- C:\Windows\System\YzzQyCJ.exe
  C:\Windows\System\YzzQyCJ.exe
  2⤵
  PID:8476
- C:\Windows\System\XTpxtRt.exe
  C:\Windows\System\XTpxtRt.exe
  2⤵
  PID:8504
- C:\Windows\System\YFWkkdI.exe
  C:\Windows\System\YFWkkdI.exe
  2⤵
  PID:8520
- C:\Windows\System\qxoJrlh.exe
  C:\Windows\System\qxoJrlh.exe
  2⤵
  PID:8536
- C:\Windows\System\ZuEVnYn.exe
  C:\Windows\System\ZuEVnYn.exe
  2⤵
  PID:8552
- C:\Windows\System\kgTdzSi.exe
  C:\Windows\System\kgTdzSi.exe
  2⤵
  PID:8568
- C:\Windows\System\iTOWiYM.exe
  C:\Windows\System\iTOWiYM.exe
  2⤵
  PID:8600
- C:\Windows\System\rCBWjbe.exe
  C:\Windows\System\rCBWjbe.exe
  2⤵
  PID:8616
- C:\Windows\System\PPCYTTQ.exe
  C:\Windows\System\PPCYTTQ.exe
  2⤵
  PID:8636
- C:\Windows\System\LxqVpLm.exe
  C:\Windows\System\LxqVpLm.exe
  2⤵
  PID:8652
- C:\Windows\System\aasAWEB.exe
  C:\Windows\System\aasAWEB.exe
  2⤵
  PID:8676
- C:\Windows\System\RmAbyGN.exe
  C:\Windows\System\RmAbyGN.exe
  2⤵
  PID:8692
- C:\Windows\System\YRMXTYH.exe
  C:\Windows\System\YRMXTYH.exe
  2⤵
  PID:8720
- C:\Windows\System\HcGhOAY.exe
  C:\Windows\System\HcGhOAY.exe
  2⤵
  PID:8744
- C:\Windows\System\BqQYAqW.exe
  C:\Windows\System\BqQYAqW.exe
  2⤵
  PID:8760
- C:\Windows\System\YDVDqss.exe
  C:\Windows\System\YDVDqss.exe
  2⤵
  PID:8776
- C:\Windows\System\IkbHcxV.exe
  C:\Windows\System\IkbHcxV.exe
  2⤵
  PID:8800
- C:\Windows\System\PgmedrY.exe
  C:\Windows\System\PgmedrY.exe
  2⤵
  PID:8820
- C:\Windows\System\wQoTeoI.exe
  C:\Windows\System\wQoTeoI.exe
  2⤵
  PID:8840
- C:\Windows\System\OhNhsEN.exe
  C:\Windows\System\OhNhsEN.exe
  2⤵
  PID:8860
- C:\Windows\System\WphMJhy.exe
  C:\Windows\System\WphMJhy.exe
  2⤵
  PID:8876
- C:\Windows\System\AYqHqiE.exe
  C:\Windows\System\AYqHqiE.exe
  2⤵
  PID:8904
- C:\Windows\System\YICdfYu.exe
  C:\Windows\System\YICdfYu.exe
  2⤵
  PID:8932
- C:\Windows\System\ImOAvfh.exe
  C:\Windows\System\ImOAvfh.exe
  2⤵
  PID:8948
- C:\Windows\System\oEaLKLI.exe
  C:\Windows\System\oEaLKLI.exe
  2⤵
  PID:8964
- C:\Windows\System\hyjAWbx.exe
  C:\Windows\System\hyjAWbx.exe
  2⤵
  PID:8980
- C:\Windows\System\cAqywuc.exe
  C:\Windows\System\cAqywuc.exe
  2⤵
  PID:9008
- C:\Windows\System\SBdwPdd.exe
  C:\Windows\System\SBdwPdd.exe
  2⤵
  PID:9024
- C:\Windows\System\jHZCUzQ.exe
  C:\Windows\System\jHZCUzQ.exe
  2⤵
  PID:9040
- C:\Windows\System\wzUGjjS.exe
  C:\Windows\System\wzUGjjS.exe
  2⤵
  PID:9068
- C:\Windows\System\gwINrcr.exe
  C:\Windows\System\gwINrcr.exe
  2⤵
  PID:9084
- C:\Windows\System\UNuAQfS.exe
  C:\Windows\System\UNuAQfS.exe
  2⤵
  PID:9104
- C:\Windows\System\RAOFSUn.exe
  C:\Windows\System\RAOFSUn.exe
  2⤵
  PID:9128
- C:\Windows\System\rxencqw.exe
  C:\Windows\System\rxencqw.exe
  2⤵
  PID:9148
- C:\Windows\System\UNnJvMO.exe
  C:\Windows\System\UNnJvMO.exe
  2⤵
  PID:9168
- C:\Windows\System\hqUXYdN.exe
  C:\Windows\System\hqUXYdN.exe
  2⤵
  PID:9188
- C:\Windows\System\AhFwsKD.exe
  C:\Windows\System\AhFwsKD.exe
  2⤵
  PID:9204
- C:\Windows\System\udgXiXN.exe
  C:\Windows\System\udgXiXN.exe
  2⤵
  PID:8204
- C:\Windows\System\zqCeRDn.exe
  C:\Windows\System\zqCeRDn.exe
  2⤵
  PID:8260
- C:\Windows\System\GfjnDbL.exe
  C:\Windows\System\GfjnDbL.exe
  2⤵
  PID:8224
- C:\Windows\System\eQMUVVf.exe
  C:\Windows\System\eQMUVVf.exe
  2⤵
  PID:7468
- C:\Windows\System\LsOfbEd.exe
  C:\Windows\System\LsOfbEd.exe
  2⤵
  PID:8296
- C:\Windows\System\daQAZgo.exe
  C:\Windows\System\daQAZgo.exe
  2⤵
  PID:8316
- C:\Windows\System\JQNNMdq.exe
  C:\Windows\System\JQNNMdq.exe
  2⤵
  PID:8352
- C:\Windows\System\sltnIFa.exe
  C:\Windows\System\sltnIFa.exe
  2⤵
  PID:8392
- C:\Windows\System\lXqPelP.exe
  C:\Windows\System\lXqPelP.exe
  2⤵
  PID:8416
- C:\Windows\System\sqJyEGt.exe
  C:\Windows\System\sqJyEGt.exe
  2⤵
  PID:8448
- C:\Windows\System\LLmxwor.exe
  C:\Windows\System\LLmxwor.exe
  2⤵
  PID:8492
- C:\Windows\System\OHIXrdE.exe
  C:\Windows\System\OHIXrdE.exe
  2⤵
  PID:8472
- C:\Windows\System\wAuCbrP.exe
  C:\Windows\System\wAuCbrP.exe
  2⤵
  PID:8732
- C:\Windows\System\FpWDMxc.exe
  C:\Windows\System\FpWDMxc.exe
  2⤵
  PID:8772
- C:\Windows\System\QHftjMf.exe
  C:\Windows\System\QHftjMf.exe
  2⤵
  PID:8812
- C:\Windows\System\LNiDdRe.exe
  C:\Windows\System\LNiDdRe.exe
  2⤵
  PID:8576
- C:\Windows\System\FnwZzcD.exe
  C:\Windows\System\FnwZzcD.exe
  2⤵
  PID:8584
- C:\Windows\System\ImfZXoT.exe
  C:\Windows\System\ImfZXoT.exe
  2⤵
  PID:8884
- C:\Windows\System\ZeoyMDy.exe
  C:\Windows\System\ZeoyMDy.exe
  2⤵
  PID:8716
- C:\Windows\System\dcIdBmD.exe
  C:\Windows\System\dcIdBmD.exe
  2⤵
  PID:8660
- C:\Windows\System\jiEbQie.exe
  C:\Windows\System\jiEbQie.exe
  2⤵
  PID:8672
- C:\Windows\System\VnBXUKy.exe
  C:\Windows\System\VnBXUKy.exe
  2⤵
  PID:8708
- C:\Windows\System\VbMGfnF.exe
  C:\Windows\System\VbMGfnF.exe
  2⤵
  PID:8784
- C:\Windows\System\kFtLgvz.exe
  C:\Windows\System\kFtLgvz.exe
  2⤵
  PID:8832
- C:\Windows\System\xbTaQKZ.exe
  C:\Windows\System\xbTaQKZ.exe
  2⤵
  PID:8920
- C:\Windows\System\tJtrfxT.exe
  C:\Windows\System\tJtrfxT.exe
  2⤵
  PID:8928
- C:\Windows\System\QMGXWWc.exe
  C:\Windows\System\QMGXWWc.exe
  2⤵
  PID:8972
- C:\Windows\System\TGvarNA.exe
  C:\Windows\System\TGvarNA.exe
  2⤵
  PID:8992
- C:\Windows\System\PaoLogj.exe
  C:\Windows\System\PaoLogj.exe
  2⤵
  PID:9052
- C:\Windows\System\mwwVtkc.exe
  C:\Windows\System\mwwVtkc.exe
  2⤵
  PID:9092
- C:\Windows\System\rHMiGxi.exe
  C:\Windows\System\rHMiGxi.exe
  2⤵
  PID:9140
- C:\Windows\System\RchiOft.exe
  C:\Windows\System\RchiOft.exe
  2⤵
  PID:9184
- C:\Windows\System\ZlZuaTs.exe
  C:\Windows\System\ZlZuaTs.exe
  2⤵
  PID:8200
- C:\Windows\System\uCizCFC.exe
  C:\Windows\System\uCizCFC.exe
  2⤵
  PID:8280
- C:\Windows\System\LLBvPTl.exe
  C:\Windows\System\LLBvPTl.exe
  2⤵
  PID:8336
- C:\Windows\System\VMQHYsI.exe
  C:\Windows\System\VMQHYsI.exe
  2⤵
  PID:9004
- C:\Windows\System\CJYfUpi.exe
  C:\Windows\System\CJYfUpi.exe
  2⤵
  PID:9076
- C:\Windows\System\FqKYSBF.exe
  C:\Windows\System\FqKYSBF.exe
  2⤵
  PID:9112
- C:\Windows\System\NngVuiO.exe
  C:\Windows\System\NngVuiO.exe
  2⤵
  PID:9160
- C:\Windows\System\Jaoyibk.exe
  C:\Windows\System\Jaoyibk.exe
  2⤵
  PID:8444
- C:\Windows\System\DzSUTpY.exe
  C:\Windows\System\DzSUTpY.exe
  2⤵
  PID:4164
- C:\Windows\System\jPqSssr.exe
  C:\Windows\System\jPqSssr.exe
  2⤵
  PID:8380
- C:\Windows\System\CTNuuBE.exe
  C:\Windows\System\CTNuuBE.exe
  2⤵
  PID:8396
- C:\Windows\System\LrFVphl.exe
  C:\Windows\System\LrFVphl.exe
  2⤵
  PID:8588
- C:\Windows\System\IMWywRv.exe
  C:\Windows\System\IMWywRv.exe
  2⤵
  PID:8684
- C:\Windows\System\GLvYgRK.exe
  C:\Windows\System\GLvYgRK.exe
  2⤵
  PID:8544
- C:\Windows\System\gdggENd.exe
  C:\Windows\System\gdggENd.exe
  2⤵
  PID:8596
- C:\Windows\System\HVgfBEn.exe
  C:\Windows\System\HVgfBEn.exe
  2⤵
  PID:8752
- C:\Windows\System\FYyXGeE.exe
  C:\Windows\System\FYyXGeE.exe
  2⤵
  PID:8960
- C:\Windows\System\tPmjDxi.exe
  C:\Windows\System\tPmjDxi.exe
  2⤵
  PID:8632
- C:\Windows\System\YLfgfOG.exe
  C:\Windows\System\YLfgfOG.exe
  2⤵
  PID:8796
- C:\Windows\System\oXQhbRd.exe
  C:\Windows\System\oXQhbRd.exe
  2⤵
  PID:8996
- C:\Windows\System\qZJygXm.exe
  C:\Windows\System\qZJygXm.exe
  2⤵
  PID:1004
- C:\Windows\System\kgSyWOX.exe
  C:\Windows\System\kgSyWOX.exe
  2⤵
  PID:8728
- C:\Windows\System\rMohRrJ.exe
  C:\Windows\System\rMohRrJ.exe
  2⤵
  PID:8664
- C:\Windows\System\AKRVIJa.exe
  C:\Windows\System\AKRVIJa.exe
  2⤵
  PID:9020
- C:\Windows\System\spVUMlL.exe
  C:\Windows\System\spVUMlL.exe
  2⤵
  PID:9136
- C:\Windows\System\DkslEfq.exe
  C:\Windows\System\DkslEfq.exe
  2⤵
  PID:8924
- C:\Windows\System\vhJEqWV.exe
  C:\Windows\System\vhJEqWV.exe
  2⤵
  PID:8228
- C:\Windows\System\uUXEWdI.exe
  C:\Windows\System\uUXEWdI.exe
  2⤵
  PID:8264
- C:\Windows\System\lcxuJKX.exe
  C:\Windows\System\lcxuJKX.exe
  2⤵
  PID:9196
- C:\Windows\System\odahjMr.exe
  C:\Windows\System\odahjMr.exe
  2⤵
  PID:8368
- C:\Windows\System\lJejrEZ.exe
  C:\Windows\System\lJejrEZ.exe
  2⤵
  PID:8528
- C:\Windows\System\zpQEHww.exe
  C:\Windows\System\zpQEHww.exe
  2⤵
  PID:8624
- C:\Windows\System\ZnIpcGR.exe
  C:\Windows\System\ZnIpcGR.exe
  2⤵
  PID:8872
- C:\Windows\System\dtqsLlm.exe
  C:\Windows\System\dtqsLlm.exe
  2⤵
  PID:9048
- C:\Windows\System\kVvpCtY.exe
  C:\Windows\System\kVvpCtY.exe
  2⤵
  PID:9180
- C:\Windows\System\QTRXAuX.exe
  C:\Windows\System\QTRXAuX.exe
  2⤵
  PID:9156
- C:\Windows\System\VWKUqdZ.exe
  C:\Windows\System\VWKUqdZ.exe
  2⤵
  PID:8288
- C:\Windows\System\watHXFX.exe
  C:\Windows\System\watHXFX.exe
  2⤵
  PID:8768
- C:\Windows\System\asFbCSs.exe
  C:\Windows\System\asFbCSs.exe
  2⤵
  PID:8912
- C:\Windows\System\mCUWGac.exe
  C:\Windows\System\mCUWGac.exe
  2⤵
  PID:8704
- C:\Windows\System\tyRtgqv.exe
  C:\Windows\System\tyRtgqv.exe
  2⤵
  PID:8412
- C:\Windows\System\WBErUKN.exe
  C:\Windows\System\WBErUKN.exe
  2⤵
  PID:8608
- C:\Windows\System\RttjpIT.exe
  C:\Windows\System\RttjpIT.exe
  2⤵
  PID:8940
- C:\Windows\System\IWTWcvn.exe
  C:\Windows\System\IWTWcvn.exe
  2⤵
  PID:8456
- C:\Windows\System\OLZCICn.exe
  C:\Windows\System\OLZCICn.exe
  2⤵
  PID:9100
- C:\Windows\System\FljGJrr.exe
  C:\Windows\System\FljGJrr.exe
  2⤵
  PID:8892
- C:\Windows\System\ZhzLvDK.exe
  C:\Windows\System\ZhzLvDK.exe
  2⤵
  PID:9060
- C:\Windows\System\CDWJmXV.exe
  C:\Windows\System\CDWJmXV.exe
  2⤵
  PID:9224
- C:\Windows\System\dMkPSBV.exe
  C:\Windows\System\dMkPSBV.exe
  2⤵
  PID:9252
- C:\Windows\System\KGkMpKo.exe
  C:\Windows\System\KGkMpKo.exe
  2⤵
  PID:9272
- C:\Windows\System\nHGMYwt.exe
  C:\Windows\System\nHGMYwt.exe
  2⤵
  PID:9288
- C:\Windows\System\KyhibYw.exe
  C:\Windows\System\KyhibYw.exe
  2⤵
  PID:9312
- C:\Windows\System\MQkwyVC.exe
  C:\Windows\System\MQkwyVC.exe
  2⤵
  PID:9328
- C:\Windows\System\hDcrneI.exe
  C:\Windows\System\hDcrneI.exe
  2⤵
  PID:9344
- C:\Windows\System\sSMQnVK.exe
  C:\Windows\System\sSMQnVK.exe
  2⤵
  PID:9360
- C:\Windows\System\uzZMSHG.exe
  C:\Windows\System\uzZMSHG.exe
  2⤵
  PID:9376
- C:\Windows\System\YUSjOfS.exe
  C:\Windows\System\YUSjOfS.exe
  2⤵
  PID:9396
- C:\Windows\System\veDHIOR.exe
  C:\Windows\System\veDHIOR.exe
  2⤵
  PID:9412
- C:\Windows\System\HfjTwCW.exe
  C:\Windows\System\HfjTwCW.exe
  2⤵
  PID:9436
- C:\Windows\System\DXWbmzq.exe
  C:\Windows\System\DXWbmzq.exe
  2⤵
  PID:9456
- C:\Windows\System\uMnPUce.exe
  C:\Windows\System\uMnPUce.exe
  2⤵
  PID:9476
- C:\Windows\System\pFIrYGU.exe
  C:\Windows\System\pFIrYGU.exe
  2⤵
  PID:9492
- C:\Windows\System\eFpcBfp.exe
  C:\Windows\System\eFpcBfp.exe
  2⤵
  PID:9512
- C:\Windows\System\zmBliHF.exe
  C:\Windows\System\zmBliHF.exe
  2⤵
  PID:9532
- C:\Windows\System\aRxFccB.exe
  C:\Windows\System\aRxFccB.exe
  2⤵
  PID:9560
- C:\Windows\System\WIxVWQD.exe
  C:\Windows\System\WIxVWQD.exe
  2⤵
  PID:9576
- C:\Windows\System\TtyWVgw.exe
  C:\Windows\System\TtyWVgw.exe
  2⤵
  PID:9592
- C:\Windows\System\rKTKEFH.exe
  C:\Windows\System\rKTKEFH.exe
  2⤵
  PID:9612
- C:\Windows\System\DNZmAFF.exe
  C:\Windows\System\DNZmAFF.exe
  2⤵
  PID:9632
- C:\Windows\System\QZRKwCU.exe
  C:\Windows\System\QZRKwCU.exe
  2⤵
  PID:9652
- C:\Windows\System\QXNcvQJ.exe
  C:\Windows\System\QXNcvQJ.exe
  2⤵
  PID:9672
- C:\Windows\System\sjWdewm.exe
  C:\Windows\System\sjWdewm.exe
  2⤵
  PID:9692
- C:\Windows\System\jMkSCtw.exe
  C:\Windows\System\jMkSCtw.exe
  2⤵
  PID:9712
- C:\Windows\System\glYGMch.exe
  C:\Windows\System\glYGMch.exe
  2⤵
  PID:9732
- C:\Windows\System\IAXEIGU.exe
  C:\Windows\System\IAXEIGU.exe
  2⤵
  PID:9760
- C:\Windows\System\DINatih.exe
  C:\Windows\System\DINatih.exe
  2⤵
  PID:9776
- C:\Windows\System\WHhqwKU.exe
  C:\Windows\System\WHhqwKU.exe
  2⤵
  PID:9792
- C:\Windows\System\BTwNkVD.exe
  C:\Windows\System\BTwNkVD.exe
  2⤵
  PID:9812
- C:\Windows\System\jwCUQTa.exe
  C:\Windows\System\jwCUQTa.exe
  2⤵
  PID:9828
- C:\Windows\System\OByfqtp.exe
  C:\Windows\System\OByfqtp.exe
  2⤵
  PID:9844
- C:\Windows\System\jfDHZpn.exe
  C:\Windows\System\jfDHZpn.exe
  2⤵
  PID:9864
- C:\Windows\System\EyHasoI.exe
  C:\Windows\System\EyHasoI.exe
  2⤵
  PID:9880
- C:\Windows\System\ExSYehT.exe
  C:\Windows\System\ExSYehT.exe
  2⤵
  PID:9896
- C:\Windows\System\GIgGmrW.exe
  C:\Windows\System\GIgGmrW.exe
  2⤵
  PID:9912
- C:\Windows\System\aOSOPBJ.exe
  C:\Windows\System\aOSOPBJ.exe
  2⤵
  PID:9932
- C:\Windows\System\IrMZuKt.exe
  C:\Windows\System\IrMZuKt.exe
  2⤵
  PID:9948
- C:\Windows\System\Hgbboqc.exe
  C:\Windows\System\Hgbboqc.exe
  2⤵
  PID:9968
- C:\Windows\System\bslKjum.exe
  C:\Windows\System\bslKjum.exe
  2⤵
  PID:9992
- C:\Windows\System\PtTwDWU.exe
  C:\Windows\System\PtTwDWU.exe
  2⤵
  PID:10008
- C:\Windows\System\JkILJnj.exe
  C:\Windows\System\JkILJnj.exe
  2⤵
  PID:10028
- C:\Windows\System\aHFzVmX.exe
  C:\Windows\System\aHFzVmX.exe
  2⤵
  PID:10044
- C:\Windows\System\dXjzElY.exe
  C:\Windows\System\dXjzElY.exe
  2⤵
  PID:10068
- C:\Windows\System\lqHKzAj.exe
  C:\Windows\System\lqHKzAj.exe
  2⤵
  PID:10088
- C:\Windows\System\lXmnutt.exe
  C:\Windows\System\lXmnutt.exe
  2⤵
  PID:10112
- C:\Windows\System\rRRbfxP.exe
  C:\Windows\System\rRRbfxP.exe
  2⤵
  PID:10128
- C:\Windows\System\QZmxQsa.exe
  C:\Windows\System\QZmxQsa.exe
  2⤵
  PID:10148
- C:\Windows\System\BzsuqaB.exe
  C:\Windows\System\BzsuqaB.exe
  2⤵
  PID:10164
- C:\Windows\System\RrJyZKj.exe
  C:\Windows\System\RrJyZKj.exe
  2⤵
  PID:10180
- C:\Windows\System\GUpqkYB.exe
  C:\Windows\System\GUpqkYB.exe
  2⤵
  PID:10204
- C:\Windows\System\CAjItLi.exe
  C:\Windows\System\CAjItLi.exe
  2⤵
  PID:10220
- C:\Windows\System\ZEBFSAy.exe
  C:\Windows\System\ZEBFSAy.exe
  2⤵
  PID:9248
- C:\Windows\System\gLHtSiC.exe
  C:\Windows\System\gLHtSiC.exe
  2⤵
  PID:9268
- C:\Windows\System\qYdXdiQ.exe
  C:\Windows\System\qYdXdiQ.exe
  2⤵
  PID:9296
- C:\Windows\System\jHDWUcT.exe
  C:\Windows\System\jHDWUcT.exe
  2⤵
  PID:9384
- C:\Windows\System\KGNGpqn.exe
  C:\Windows\System\KGNGpqn.exe
  2⤵
  PID:9428
- C:\Windows\System\OpcxkFX.exe
  C:\Windows\System\OpcxkFX.exe
  2⤵
  PID:9472
- C:\Windows\System\LWiRAtC.exe
  C:\Windows\System\LWiRAtC.exe
  2⤵
  PID:9508
- C:\Windows\System\SkvkfeZ.exe
  C:\Windows\System\SkvkfeZ.exe
  2⤵
  PID:9556
- C:\Windows\System\efJjCEN.exe
  C:\Windows\System\efJjCEN.exe
  2⤵
  PID:9584
- C:\Windows\System\qatZkmi.exe
  C:\Windows\System\qatZkmi.exe
  2⤵
  PID:9368
- C:\Windows\System\wvzSnhm.exe
  C:\Windows\System\wvzSnhm.exe
  2⤵
  PID:9568
- C:\Windows\System\QxHcLnW.exe
  C:\Windows\System\QxHcLnW.exe
  2⤵
  PID:9628
- C:\Windows\System\wsKVweb.exe
  C:\Windows\System\wsKVweb.exe
  2⤵
  PID:9660
- C:\Windows\System\aJoLoyG.exe
  C:\Windows\System\aJoLoyG.exe
  2⤵
  PID:9708
- C:\Windows\System\mnZxaNM.exe
  C:\Windows\System\mnZxaNM.exe
  2⤵
  PID:9688
- C:\Windows\System\DuvHUGE.exe
  C:\Windows\System\DuvHUGE.exe
  2⤵
  PID:9784
- C:\Windows\System\nObaqjD.exe
  C:\Windows\System\nObaqjD.exe
  2⤵
  PID:9920
- C:\Windows\System\eZsqYGO.exe
  C:\Windows\System\eZsqYGO.exe
  2⤵
  PID:9852
- C:\Windows\System\RWeLEOt.exe
  C:\Windows\System\RWeLEOt.exe
  2⤵
  PID:9924
- C:\Windows\System\LxZJAtK.exe
  C:\Windows\System\LxZJAtK.exe
  2⤵
  PID:10040
- C:\Windows\System\FfkDSxv.exe
  C:\Windows\System\FfkDSxv.exe
  2⤵
  PID:10160
- C:\Windows\System\QYcPxyt.exe
  C:\Windows\System\QYcPxyt.exe
  2⤵
  PID:10228
- C:\Windows\System\nwuRxKd.exe
  C:\Windows\System\nwuRxKd.exe
  2⤵
  PID:9284
- C:\Windows\System\rfOsQWQ.exe
  C:\Windows\System\rfOsQWQ.exe
  2⤵
  PID:9500
- C:\Windows\System\MmVXsDD.exe
  C:\Windows\System\MmVXsDD.exe
  2⤵
  PID:9448
- C:\Windows\System\YMJLqIX.exe
  C:\Windows\System\YMJLqIX.exe
  2⤵
  PID:10052
- C:\Windows\System\wCVYdXi.exe
  C:\Windows\System\wCVYdXi.exe
  2⤵
  PID:10144
- C:\Windows\System\kYmQXTf.exe
  C:\Windows\System\kYmQXTf.exe
  2⤵
  PID:9804
- C:\Windows\System\ACWsBez.exe
  C:\Windows\System\ACWsBez.exe
  2⤵
  PID:9904
- C:\Windows\System\UewYHak.exe
  C:\Windows\System\UewYHak.exe
  2⤵
  PID:10060
- C:\Windows\System\kulFOhX.exe
  C:\Windows\System\kulFOhX.exe
  2⤵
  PID:10124
- C:\Windows\System\pKUfamb.exe
  C:\Windows\System\pKUfamb.exe
  2⤵
  PID:10212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ESxDvPr.exe

Filesize
6.0MB

MD5
c6395b08d1e659344ec4c2034ba0eb46

SHA1
73f988561fb210f11d2bf04a54b82d721ad3430b

SHA256
3417155362b207a8de610665a05094646f3519ebcdb1069340e8e67809c325ca

SHA512
9a5807a33d1583a67cf0cd10fea15c4ea805eee59bbecf85ff6a561df93bd077f08621c496d381dbdd0f92c8437310d0cd2f6a1a6ae0b35fde0991b5870bab6d

Download Submit
C:\Windows\system\EmAWrYB.exe

Filesize
6.0MB

MD5
eff130ed89c414fc3c77ec2710c421c6

SHA1
b3693b5c426856fd7fbcdfa3a28c5b78b951ad51

SHA256
d3da76ae8c7537890c88f075d17c6b2c24ee54a5774967e9c1c10c18ccba66d2

SHA512
b4055d9a5afca0277049070b3a09a8b05c403ae3fba68e706d0b35de92b1aaf7ae313c09799127a354350da9b2affb819b44dc5a149c1802d7e3e6c6907b091c

Download Submit
C:\Windows\system\JZOZYVZ.exe

Filesize
6.0MB

MD5
208c6d8cc448db2248c7877d0b6c7bb8

SHA1
aad0a2af86ad519780cfc9a5aead8f02cab6e898

SHA256
f91df23ad4617abbb45ac74019e755791a6828ea2594a685aaf6ab9f8997a371

SHA512
9379efe88fd398e625e3031e9441cdc952142cd8d72a2bcfc7a8f288f337adfe99fed8f5621e5809cb207e23e08e6f2a585ab2e0387e0534459ba4b6a25ef9df

Download Submit
C:\Windows\system\LlGnOej.exe

Filesize
6.0MB

MD5
f38ce1daf35b694d284610c80b48e116

SHA1
ec74d2b03cc0ab4ccead40192d74f1786acf2d18

SHA256
eb761631917faec77675af7b2fdf8d035c67a2e0d97adda11b46a3194062f181

SHA512
37411cdab66f3e8142adb159dde719ac6d0e11ba89d34efa276c4eb1c877ebc76cbec4a86738fb62fa4139c598a0b1747f45e6b28f2ffef0ec6b98791a297f7f

Download Submit
C:\Windows\system\MaXYGKk.exe

Filesize
6.0MB

MD5
561d9185ca96f33471f426930003aaa8

SHA1
e1cff6fae4bff77323c6b1cc63930a4f39b3434c

SHA256
7aa7cc3c01cb2d9bc3a6084ea5ae4fbc7f8d95c9f5ed266078f9a6e68e031a14

SHA512
c9dd4bb017afaf9d84d315d0aa1d38090f1470b433484335cb41f8a19548b10e2731086a95a396fec66fe1974f5db4ad15da8198c2617389ee10af069ea2445e

Download Submit
C:\Windows\system\OJnlfqS.exe

Filesize
6.0MB

MD5
a4752b6617f4d5427f4d7875e97c945a

SHA1
35cefe1ea9a323a7f578dfbb6195f14475183802

SHA256
cf45f6df0f5ed68b17dd635d6fb071a0fddaa1acbd8e7336f3fd6c6442b44cf9

SHA512
654a750e0afb034c73a89f7f20ca038ec7016646b9fc093ec175bd0bd4b297153d6985b0f4b7bb965fda4933729baca39a27d61e24360046d98998f2dba9485d

Download Submit
C:\Windows\system\OZcIhAW.exe

Filesize
6.0MB

MD5
48f1b8ccd8c89c44280a7f097f1c4c27

SHA1
6589e2d094886073f23c1de5c8dd3f533a0d56c7

SHA256
b1e19aaa93f20bffede931638d18ec7856af82a4967e3e3c3abbbe18437fd959

SHA512
862ca1c402896031340480422e571dcd2c02ae8f9d9f2705b906c0136f0bbf5375260e761d957790fd5743554e956d68f68c448bfbc9ec46c3684fe1b86db0fc

Download Submit
C:\Windows\system\RCHsPcX.exe

Filesize
6.0MB

MD5
155ac18e4f6e14628ffa8c07e7d218a5

SHA1
21fd92e37710317b97655ea828282819a98064d3

SHA256
691f791121708627166f7b552632d8eb30e145b961617f23ccd25589f728196d

SHA512
e3a67afac8cf9b5adfe5df03f6705b5dc78131818caeb8511357a5ab42623d2c864e69a51a05c73b6ff2cac28ddfcc4e8dcaca9081d3c4b7ce1735639c355389

Download Submit
C:\Windows\system\SeJNsSi.exe

Filesize
6.0MB

MD5
5f4cedf9db229de56cd17efce75cd880

SHA1
4e42c315e58d3fb284631f1939d3bcc7d3065b01

SHA256
b2720871d836394d1a5e355cf7be1fe36e1c671b9751b7ee66aff3168f028fbc

SHA512
c5f84fe60fa4879eb37a4ea4c2689cb6d8159b9bf2c4d540bc917283cc88d54d682cfe33bd34ee5246dd46edd086bacd78eaab7d89805c71d6d457d71ce5f232

Download Submit
C:\Windows\system\Tccjrry.exe

Filesize
6.0MB

MD5
99b6cdf972bff2b2100409eb9d78b74e

SHA1
884177cecf6c3ab7a46c0438d304538ba9d6b155

SHA256
b0565196229ec3024bc5e675b7d9ab2625ce7c3927a8c8d5e19aa9270d668dd5

SHA512
274a0490f76a6fd014c629dfec768dc33a9c239d3a5bae95ca787a6e4e6983e68535c3f200f0ffb5dc75dcacb2df82e8bbcb09f70061429dff8253156d9b3232

Download Submit
C:\Windows\system\UGfvzzl.exe

Filesize
6.0MB

MD5
1138086eea115d80ff5c67aef5784950

SHA1
8a00b32798033ac6482fa758a3a82361322db89b

SHA256
744be6bef0763e38f57745d81c1c224726d50064e5a67ca0322ed0f144d63b2e

SHA512
9d5b1c105220d607bd3323d36d1f5dfa1e8ce1401b2e2c395c0be991644483f5fe669a9ced7a9549cd0f13afe7acb845b6e057be0e6db1fe3e9d3e6b84670422

Download Submit
C:\Windows\system\VBNvpaM.exe

Filesize
6.0MB

MD5
c818e4dbe9c63580ede1fe5e04925f39

SHA1
3cca00e9e87586105db0663226afb2eac0602708

SHA256
c9047c453ae7ef60ae61dfa2be7f7dbae20e3feaf07b86c6e292bc8d0663bd8a

SHA512
be63b15a0deb8bca0d0c5f43a42511e25567be525e790b46a846b366a203771a7d81556c5ba4fcd02c53d6ea673168575e8e5883cdb475c8f1fe2c7bea347ec0

Download Submit
C:\Windows\system\qHPetLL.exe

Filesize
6.0MB

MD5
d67539b67f7a0c621facf0e505571370

SHA1
dd41300d8c230482d7daedea585d39405a951e68

SHA256
03ec6c5d2e3bfeaee55de7372aaa8e8e4bbf2a9e710e48969e9d724309d6be1b

SHA512
e9b3808a12e6d48589360441e27f1f544fbb20ee0d69db8ee4ce7b39d18e8a632e01c2f7ef83ae27fdcde89ded10fc6a46d33acd7aabcc5ea8c86add1075552f

Download Submit
C:\Windows\system\qOcyZBU.exe

Filesize
6.0MB

MD5
9d2c0675a5ae8ed72103a75856bbc718

SHA1
2318f8d104aca86a8f44cca79d2267a2c8fdc1fd

SHA256
f39c055772425fe6d534ba16845845cd4997742c1ad8a1c73f0d65b805d898fc

SHA512
91a5cdf01c4645d3e258d15f5684ce972ad84f9a10512a9e1c2f39e271c4c74231a811173555d9f238aec211f830e98cb4341f2ef65b7f513ecce0a3551c13ca

Download Submit
\Windows\system\BGKYizm.exe

Filesize
6.0MB

MD5
23a488d850dc98e9dc8d7e1eca23646e

SHA1
6f489ee8171cac139dfd7302303ff3b84db6ffe6

SHA256
ea6c203fb1dd8a346fe6a744fee66c1dcaaed506dcd0cd3ad426db3806fad15e

SHA512
9a79665017f08e164508aab4ff4346cd648900335e7cb3182c771895001e3e9c817428a89806cd1f043ab95f94b45615500d244746f7cb9cdc2633eb97ea7e77

Download Submit
\Windows\system\Dvrtsqs.exe

Filesize
6.0MB

MD5
9f93852bc340559a15a9b14124c48e52

SHA1
bd2b8e0970fa819ebac25c49804687e70a59e359

SHA256
3c3dbe03de50d7b990219dc8319e4472c3d0e7e6a16b43c359b0337b1a6e8597

SHA512
8a1b8f053425ee4643c96ff2084196d7bae02dc04174bf87af1cb6d55bc13c5b111605757d3b3037ce7af80bd5f38457b7328baa304e450000ce3a45e5ea5e48

Download Submit
\Windows\system\HPqwaQi.exe

Filesize
6.0MB

MD5
978bd3ab6d8b7eeb6bfce551ad9dba41

SHA1
36446aa4f4bd41535c53baef8e72d9e5c89c4929

SHA256
ffe127cc307443c80304ad0c9df3143cac4321d6dfd052a8cacaa2bf8699b6d0

SHA512
aea15036a33dc9ed1825fe56e35e9ff8588b60ce00fae04cc53317fee3f06f0a6accf21c3f03a9a662c6b2003989807ed4338e0ce632189dafcc7010d91a69e4

Download Submit
\Windows\system\IGrRWqE.exe

Filesize
6.0MB

MD5
eac33ca77653a1e2c71a3275dd4c9c0a

SHA1
d9b03bcc96d6a2371f1b4c7d2670372368ac9428

SHA256
df12e9ab267a0bb602889069af50dd971532ef144d17b5d65eafead86220f979

SHA512
e338534a3368873a923221f1180cb202349d55ebbcff04a3fd42528cbe0c6ede0c21a6b99a35254b2c183f7cc391bda6d30e51cf2b3793bb27db7e21e4ec073a

Download Submit
\Windows\system\PUfGfTx.exe

Filesize
6.0MB

MD5
b02e097c0ab3895ae5bc5b62f2ca0822

SHA1
f63ca802879b09ce9d778784206880efed1e3382

SHA256
b71be52c8a1b0849926b765f37be9a3aca2e605b74f62efb31f2b269e1e0ecb1

SHA512
b6aa69bf618368bcc76f35ca5abe2370040319697b6e86d1cd3a7945ad391c6140ed4d1c5f43b4015739bfa8d3c515855ff35a61ceb992e698de7995106202a7

Download Submit
\Windows\system\SuBigJC.exe

Filesize
6.0MB

MD5
4d4d7046c5f8e55c6906b06a5e2bdbb1

SHA1
cd4765dcb6d01bcc60af09b9d90734129e5471b6

SHA256
81b3ed32d02cd4a78d7091f33081dbf6c3616920c40221caea3de882d99e3fe0

SHA512
ce64d39eab28e35b2b266fbf72d12edfab47c82660a579915571bfe1407036cbfc5171e9d82ecbe817fcbbc5a3b4f5db06cebb4b8fa25d5b9906c14b275a81bb

Download Submit
\Windows\system\UukAFTm.exe

Filesize
6.0MB

MD5
721319d058caaea7c4e7e03c510ab6bc

SHA1
7a464ae5b39be95b36b62352abfbd3b09766bf44

SHA256
d421f6ebf9f5a04ee55fece19b6c4bb026d05055491b1a7fa70a5c680974d8dc

SHA512
e878be9e8b1f50057574709f44091720406230c181b6928a965004202335f2d11f3bcb23e5fd6757f0f2dd62fc56972c3a514a8bc0c70be4c879e875135dd069

Download Submit
\Windows\system\WEQeZoU.exe

Filesize
6.0MB

MD5
4e6a12188e045652927ab73304dbc9d8

SHA1
0aa13599ac10fd70530da0c3b95cbde0037e0a9f

SHA256
b71dda55a4510f2943452c43b19303a13b1abb2ea856cf8cf082437b04715a01

SHA512
5683ae90062a24530e7701ea54d4fb82b7da8f5e7e268a2b4ce2d4f94d251f31ae06299cd2d7c5e24ce380a7e36f6ebbdd17475bfc55046a8841fc6d6161cf5e

Download Submit
\Windows\system\eUBBror.exe

Filesize
6.0MB

MD5
dd728bdc8add20e97b1f54a865913294

SHA1
2cbc3d19645bf66317e28d15c45d069a1685d699

SHA256
f3b09a31c63847174bc3ab4f89326ae5001d7e71c0bb43c90767a04b63014c2a

SHA512
34ccadd1cc0def7e072276738122af0b393f0c9703462d8286aa15f363fb0e29fc01adcf3b25860aedcb39557a15c4bb7a3b07dfe2b05273133981709309f9aa

Download Submit
\Windows\system\ecYBvWS.exe

Filesize
6.0MB

MD5
6742e051fe5cb2d03df3925cf3a343ad

SHA1
36ac555e90c221724c5f66ea76a9b4a0283b2269

SHA256
95e0e816073a5da73e7a93831f2356f4fac333eaf1827b673e6705e6d3142af4

SHA512
acb760e33c6cb4d47586f4b067dd92633926790d98d5f3c6f0c437f2f614326095d91e8bd06d036607f3d739d0d4c3f8e05e2ae92232fd907deb77c89d8e2a27

Download Submit
\Windows\system\hzrgViR.exe

Filesize
6.0MB

MD5
27cbf28371dc65be91061bc98d4c67c7

SHA1
a4857268d4b371ba56d8f3f7424b7cd9cba7d2fd

SHA256
907a16b4e89dcf4ea08adfce273aaa5ad54a88d1e65ac958eb192838190c6539

SHA512
214835639d355003eb94cf130b82a6c269292866cd410b8ee3edd7cb52c72b7c919b75f07fed4e28b63b86433e3c9a667def794797eca875144d3ec82141cf14

Download Submit
\Windows\system\ikktyBW.exe

Filesize
6.0MB

MD5
1a0d68564b2ba4bf250373758a422720

SHA1
4a707305960582a5381561ab5b4126a6dca8a595

SHA256
2d6aa9a2b2f450bee51707d19cd1aa83fd6c81184699314a8d95969ab48042ff

SHA512
958d4b5e4d6520500e6443cbe986e48e527561151ba44ca768ea98f5694ecfc1833c6e816c7df7c49c83c27557879f12ced9831039fa28c1ff18245b21b202b9

Download Submit
\Windows\system\jixROob.exe

Filesize
6.0MB

MD5
e3b019137e2c34b6fa13f8740af62c7a

SHA1
1115064360267fb75caeb3e14ceaa1c091a5c998

SHA256
e7607d8dac8f151781599dd6723b108cbc57643989e0a923722a1ccce6977e40

SHA512
32b562edc4128f1b9810c5c8a05f8efd80a926d0a98ac4d4466cb2c9b6d041aa80db61c483c5e983dfbe21732c98a39d6705cb39c01cd0706250e8d4a78e44c0

Download Submit
\Windows\system\nEayoMq.exe

Filesize
6.0MB

MD5
ebd4c1fc2a2b775eb32b84147f32691e

SHA1
0b45b2c47b9cfdb27224253d09cb59e26830a818

SHA256
4f8c3d23c01563fcd925514e1c29788bec3c29d9e45f8153eecf3f70b79107a3

SHA512
307b8113f1ac84f9e08e3a77183cf2963f34665aad05214524d0f58c58a3f0a8809327377f7f92f843ad2be5eb4e188c12e99658b7e99448898a4d1beab9c691

Download Submit
\Windows\system\oSPntqj.exe

Filesize
6.0MB

MD5
68104e58a00d392f87a13b997cacab8a

SHA1
d0d24540fa29a1647c055dc1571d09978e8aeccf

SHA256
c3af7fcd3513f1cd8462fecb47b471b1f3e8738dbb4991bdb7899bb42be1e097

SHA512
8f17dd4cdc0fb6551e5d24a69197136a5879c717e965cce7e8545e457ff89f78f1337eea642bf11241aec30971daef5654cfd24cd75b22332517d01c7f1b079f

Download Submit
\Windows\system\tWpXsZb.exe

Filesize
6.0MB

MD5
2b25fff01e37a28e9b6e2ccded08dd43

SHA1
856fc0c69516cc57302f51dbb0d65952d8fcb3bb

SHA256
8f4883ead1ce47a653fcff283a42357634f527f081aca3e19aa9df1d5a772880

SHA512
be9e4b8ec3cacfa8b127212523313a5f0150e512297982a9a658a917e5f3343065a33ab3bb6026a33e04d38777e6302795f512d81a4b82a717d93d5fb784fbc7

Download Submit
\Windows\system\udejGbN.exe

Filesize
6.0MB

MD5
7a0ae8280e4bfb4bf88bbfc7c42b3b13

SHA1
e954057482c7cd02bcba826e31b10ddb9b5dc067

SHA256
3a95d889c796a082e2bc61533d7cd68054fdac8344d49d70b64bdd829c610c26

SHA512
2ffdd2220807179d5658bad79e66276455cdc47b13ec330a02ae4a1a25c95ef4adbe0ec8a163cba554d6e617418ef5de6d520208fd4659c913ecbae3115f226e

Download Submit
\Windows\system\xroXzUr.exe

Filesize
6.0MB

MD5
5b4298e1699af9594bb7c0ab30d6fc06

SHA1
3c76756e3ff0d6796bd8bd81af93f8f516d93f83

SHA256
e67f34013cf90b2c8241f50084a9d652d7c21908dfe3066960027cbf6652b270

SHA512
bb6cbd4f99e7d731e349e86d688669d6e13ef88331e4bbe1a932352e3b8f9cad4dc56d7b6b98405fe81d5c1cacd6a4b8aafc540055625f8633392d6971f7cd3f

Download Submit
memory/684-1189-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/684-101-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/684-3598-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1500-3595-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-96-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-15-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-3440-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-34-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3500-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-81-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-61-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-3547-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-162-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-84-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3580-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3501-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-39-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-99-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-12-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2440-3485-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2568-47-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2568-609-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2568-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2568-33-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2568-93-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2568-13-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2568-83-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2568-0-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2568-375-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-25-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-825-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2568-820-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2568-374-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2568-62-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2568-43-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-75-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-63-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3578-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3575-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-79-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-57-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3466-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-23-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-88-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3596-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3489-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2816-29-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2816-72-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3506-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-48-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-111-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download