cobaltstrike | 6cf6a377bc306f9a2c4015be09eb947653b9aaea62cdf3602274a52ace6ec677

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

07037db49ee4589f65faf8454acafe10
SHA1

e58e302804c04e2190a3d38d636f5aaae895824a
SHA256

6cf6a377bc306f9a2c4015be09eb947653b9aaea62cdf3602274a52ace6ec677
SHA512

388b3b76cd4fb4cd5e11511d663f51afb2b1a072b393e87425ded9f2790d607d506d8a3370544371e08571b1329b79da7501c08bb12fac831a6df47232ccefc7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUc:T+q56utgpPF8u/7c

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012267-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d81-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec9-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f71-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ff5-29.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d2a-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2e-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-68.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d72-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-182.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-177.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-167.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-162.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747d-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017491-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017047-142.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001743a-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb4-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de0-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d69-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d63-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-74.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016241-66.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016101-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2068-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x000c000000012267-3.dat	xmrig
behavioral1/files/0x0007000000015d81-8.dat	xmrig
behavioral1/files/0x0007000000015ec9-12.dat	xmrig
behavioral1/memory/2432-20-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/320-21-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2920-19-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f71-22.dat	xmrig
behavioral1/memory/2068-23-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ff5-29.dat	xmrig
behavioral1/memory/2580-28-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2052-35-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d2a-36.dat	xmrig
behavioral1/memory/2880-40-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d2e-54.dat	xmrig
behavioral1/memory/2068-50-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d36-68.dat	xmrig
behavioral1/memory/2880-84-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2084-98-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d72-115.dat	xmrig
behavioral1/files/0x0006000000016dd9-122.dat	xmrig
behavioral1/memory/2088-1128-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2852-1437-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2692-675-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2628-398-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f8-192.dat	xmrig
behavioral1/files/0x00050000000186f2-187.dat	xmrig
behavioral1/files/0x000500000001868b-182.dat	xmrig
behavioral1/files/0x0011000000018682-177.dat	xmrig
behavioral1/files/0x001400000001866f-172.dat	xmrig
behavioral1/files/0x0006000000018669-167.dat	xmrig
behavioral1/files/0x00060000000175e7-162.dat	xmrig
behavioral1/files/0x000600000001747d-152.dat	xmrig
behavioral1/files/0x0006000000017491-157.dat	xmrig
behavioral1/files/0x0006000000017047-142.dat	xmrig
behavioral1/files/0x000600000001743a-147.dat	xmrig
behavioral1/files/0x0006000000016eb4-137.dat	xmrig
behavioral1/files/0x0006000000016dea-132.dat	xmrig
behavioral1/files/0x0006000000016de0-127.dat	xmrig
behavioral1/files/0x0006000000016d6d-113.dat	xmrig
behavioral1/files/0x0006000000016d69-106.dat	xmrig
behavioral1/memory/2852-99-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d63-96.dat	xmrig
behavioral1/memory/2088-92-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2692-83-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d4f-89.dat	xmrig
behavioral1/files/0x0006000000016d47-81.dat	xmrig
behavioral1/memory/2628-77-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2640-71-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/3060-70-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d3f-74.dat	xmrig
behavioral1/files/0x0009000000016241-66.dat	xmrig
behavioral1/memory/2068-65-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2084-62-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2068-61-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2892-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0009000000016101-46.dat	xmrig
behavioral1/memory/2068-2976-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2920-3978-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2432-3977-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/320-3971-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2580-4180-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2052-4179-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2880-4182-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
320	GmODbmp.exe
2920	XfNXYHB.exe
2432	zIXshza.exe
2580	hDnzElH.exe
2052	SRYAIZH.exe
2880	vMHYwCY.exe
2892	gWmrhNC.exe
2084	qbosyFz.exe
3060	ThYpcMi.exe
2640	udkeMGU.exe
2628	SuZNYqk.exe
2692	umVufDN.exe
2088	auUYaLc.exe
2852	XXZhwAb.exe
2868	oReGBOC.exe
2676	ocCGcth.exe
2848	ISZndrR.exe
2856	JSvXVTn.exe
1028	KkPSdwq.exe
3024	fAmMoHU.exe
812	iBfJRFX.exe
772	MNfgCFP.exe
1440	zCbTiJR.exe
2656	aKxuNfm.exe
2080	QyKCECV.exe
2384	JkvlePf.exe
1700	uULuQko.exe
2488	fdcLDnJ.exe
1876	bJOHojU.exe
708	yLzJsrT.exe
1348	YKYxzzq.exe
676	zOetdtG.exe
680	YpspeSl.exe
1628	zTDJFGZ.exe
2000	ghQKjfw.exe
884	dxywWWP.exe
1960	mwbyfKY.exe
1260	pfeNbxk.exe
1952	biFmiDW.exe
1544	asaALhT.exe
1596	XOVPFzL.exe
2988	tnLrKKf.exe
1140	TuQicPc.exe
2528	fSvAMzn.exe
1532	ZMQFCjl.exe
1576	FjjEepP.exe
1844	lcOZvwM.exe
1996	TWRtiEJ.exe
1956	uBLQsWY.exe
2560	wRoMpCC.exe
1652	EIbtHYt.exe
904	NKIOdHX.exe
1640	hObFbXz.exe
1540	OLHBglC.exe
1608	uZrZLIM.exe
1728	wOalDIf.exe
2428	ANSahbG.exe
2192	iILzFLH.exe
2760	pnvflaC.exe
2828	LBViapQ.exe
2992	mZdMTad.exe
2140	RBSccne.exe
2652	dljouMC.exe
1308	SYIYZQb.exe

Loads dropped DLL 64 IoCs

pid	Process
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2068-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x000c000000012267-3.dat	upx
behavioral1/files/0x0007000000015d81-8.dat	upx
behavioral1/files/0x0007000000015ec9-12.dat	upx
behavioral1/memory/2432-20-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/320-21-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2920-19-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0007000000015f71-22.dat	upx
behavioral1/files/0x0007000000015ff5-29.dat	upx
behavioral1/memory/2580-28-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2052-35-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0009000000015d2a-36.dat	upx
behavioral1/memory/2880-40-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0007000000016d2e-54.dat	upx
behavioral1/memory/2068-50-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0006000000016d36-68.dat	upx
behavioral1/memory/2880-84-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2084-98-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0006000000016d72-115.dat	upx
behavioral1/files/0x0006000000016dd9-122.dat	upx
behavioral1/memory/2088-1128-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2852-1437-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2692-675-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2628-398-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x00050000000186f8-192.dat	upx
behavioral1/files/0x00050000000186f2-187.dat	upx
behavioral1/files/0x000500000001868b-182.dat	upx
behavioral1/files/0x0011000000018682-177.dat	upx
behavioral1/files/0x001400000001866f-172.dat	upx
behavioral1/files/0x0006000000018669-167.dat	upx
behavioral1/files/0x00060000000175e7-162.dat	upx
behavioral1/files/0x000600000001747d-152.dat	upx
behavioral1/files/0x0006000000017491-157.dat	upx
behavioral1/files/0x0006000000017047-142.dat	upx
behavioral1/files/0x000600000001743a-147.dat	upx
behavioral1/files/0x0006000000016eb4-137.dat	upx
behavioral1/files/0x0006000000016dea-132.dat	upx
behavioral1/files/0x0006000000016de0-127.dat	upx
behavioral1/files/0x0006000000016d6d-113.dat	upx
behavioral1/files/0x0006000000016d69-106.dat	upx
behavioral1/memory/2852-99-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0006000000016d63-96.dat	upx
behavioral1/memory/2088-92-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2692-83-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0006000000016d4f-89.dat	upx
behavioral1/files/0x0006000000016d47-81.dat	upx
behavioral1/memory/2628-77-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2640-71-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/3060-70-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0006000000016d3f-74.dat	upx
behavioral1/files/0x0009000000016241-66.dat	upx
behavioral1/memory/2084-62-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2892-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0009000000016101-46.dat	upx
behavioral1/memory/2920-3978-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2432-3977-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/320-3971-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2580-4180-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2052-4179-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2880-4182-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2892-4181-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2088-4188-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2692-4187-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/3060-4186-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HSNkBWr.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmhdmPE.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dekvwTa.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emVaiqt.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdjDIZe.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUiBUDR.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEVKJBg.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beNcbRC.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVcSZeX.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNsgGse.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChylpqW.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXCoZKC.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPWoAys.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIWQCec.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHqihwS.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnIgrmj.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmRsJuk.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezpQlUH.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnvyOQq.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzYQnKr.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEImcJo.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRVvCcs.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrUCVxZ.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLDZQpg.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWvcVWq.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvHOYAh.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKmersl.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVuotzS.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFjSGly.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAeKeFM.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHymegg.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlVlhWy.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqvyPqJ.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcrsvVr.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoDkzFi.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XupoTWC.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNkObdY.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrxAaBT.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXmHIGL.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZZRgjT.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpLdEud.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnQjwvM.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPEWwci.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PVxDIns.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csyhGOd.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMHYwCY.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWqZBhZ.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNIjccV.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npdqqzL.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csxTSPT.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSTkTFl.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOxpfXT.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUYfLJX.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trtFMMe.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBugBrg.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCsHtlu.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHletkD.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zsuEJrn.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiZNHPR.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfiVFpu.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NedmIAD.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKyvvKT.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIDrJfW.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoGztiR.exe	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 320	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2068 wrote to memory of 320	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2068 wrote to memory of 320	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2068 wrote to memory of 2920	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2068 wrote to memory of 2920	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2068 wrote to memory of 2920	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2068 wrote to memory of 2432	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2068 wrote to memory of 2432	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2068 wrote to memory of 2432	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2068 wrote to memory of 2580	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2068 wrote to memory of 2580	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2068 wrote to memory of 2580	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2068 wrote to memory of 2052	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2068 wrote to memory of 2052	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2068 wrote to memory of 2052	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2068 wrote to memory of 2880	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2068 wrote to memory of 2880	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2068 wrote to memory of 2880	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2068 wrote to memory of 2892	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2068 wrote to memory of 2892	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2068 wrote to memory of 2892	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2068 wrote to memory of 3060	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2068 wrote to memory of 3060	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2068 wrote to memory of 3060	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2068 wrote to memory of 2084	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2068 wrote to memory of 2084	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2068 wrote to memory of 2084	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2068 wrote to memory of 2640	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2068 wrote to memory of 2640	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2068 wrote to memory of 2640	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2068 wrote to memory of 2628	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2068 wrote to memory of 2628	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2068 wrote to memory of 2628	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2068 wrote to memory of 2692	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2068 wrote to memory of 2692	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2068 wrote to memory of 2692	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2068 wrote to memory of 2088	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2068 wrote to memory of 2088	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2068 wrote to memory of 2088	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2068 wrote to memory of 2852	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2068 wrote to memory of 2852	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2068 wrote to memory of 2852	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2068 wrote to memory of 2868	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2068 wrote to memory of 2868	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2068 wrote to memory of 2868	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2068 wrote to memory of 2676	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2068 wrote to memory of 2676	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2068 wrote to memory of 2676	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2068 wrote to memory of 2848	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2068 wrote to memory of 2848	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2068 wrote to memory of 2848	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2068 wrote to memory of 2856	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2068 wrote to memory of 2856	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2068 wrote to memory of 2856	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2068 wrote to memory of 1028	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2068 wrote to memory of 1028	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2068 wrote to memory of 1028	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2068 wrote to memory of 3024	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2068 wrote to memory of 3024	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2068 wrote to memory of 3024	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2068 wrote to memory of 812	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2068 wrote to memory of 812	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2068 wrote to memory of 812	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2068 wrote to memory of 772	2068	2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_07037db49ee4589f65faf8454acafe10_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\System\GmODbmp.exe
  C:\Windows\System\GmODbmp.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\XfNXYHB.exe
  C:\Windows\System\XfNXYHB.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\zIXshza.exe
  C:\Windows\System\zIXshza.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\hDnzElH.exe
  C:\Windows\System\hDnzElH.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\SRYAIZH.exe
  C:\Windows\System\SRYAIZH.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\vMHYwCY.exe
  C:\Windows\System\vMHYwCY.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\gWmrhNC.exe
  C:\Windows\System\gWmrhNC.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ThYpcMi.exe
  C:\Windows\System\ThYpcMi.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\qbosyFz.exe
  C:\Windows\System\qbosyFz.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\udkeMGU.exe
  C:\Windows\System\udkeMGU.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\SuZNYqk.exe
  C:\Windows\System\SuZNYqk.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\umVufDN.exe
  C:\Windows\System\umVufDN.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\auUYaLc.exe
  C:\Windows\System\auUYaLc.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\XXZhwAb.exe
  C:\Windows\System\XXZhwAb.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\oReGBOC.exe
  C:\Windows\System\oReGBOC.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ocCGcth.exe
  C:\Windows\System\ocCGcth.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ISZndrR.exe
  C:\Windows\System\ISZndrR.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\JSvXVTn.exe
  C:\Windows\System\JSvXVTn.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\KkPSdwq.exe
  C:\Windows\System\KkPSdwq.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\fAmMoHU.exe
  C:\Windows\System\fAmMoHU.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\iBfJRFX.exe
  C:\Windows\System\iBfJRFX.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\MNfgCFP.exe
  C:\Windows\System\MNfgCFP.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\zCbTiJR.exe
  C:\Windows\System\zCbTiJR.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\aKxuNfm.exe
  C:\Windows\System\aKxuNfm.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\QyKCECV.exe
  C:\Windows\System\QyKCECV.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\JkvlePf.exe
  C:\Windows\System\JkvlePf.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\uULuQko.exe
  C:\Windows\System\uULuQko.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\fdcLDnJ.exe
  C:\Windows\System\fdcLDnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\bJOHojU.exe
  C:\Windows\System\bJOHojU.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\yLzJsrT.exe
  C:\Windows\System\yLzJsrT.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\YKYxzzq.exe
  C:\Windows\System\YKYxzzq.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\zOetdtG.exe
  C:\Windows\System\zOetdtG.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\YpspeSl.exe
  C:\Windows\System\YpspeSl.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\zTDJFGZ.exe
  C:\Windows\System\zTDJFGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\ghQKjfw.exe
  C:\Windows\System\ghQKjfw.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\dxywWWP.exe
  C:\Windows\System\dxywWWP.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\mwbyfKY.exe
  C:\Windows\System\mwbyfKY.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\pfeNbxk.exe
  C:\Windows\System\pfeNbxk.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\biFmiDW.exe
  C:\Windows\System\biFmiDW.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\asaALhT.exe
  C:\Windows\System\asaALhT.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\XOVPFzL.exe
  C:\Windows\System\XOVPFzL.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\tnLrKKf.exe
  C:\Windows\System\tnLrKKf.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\TuQicPc.exe
  C:\Windows\System\TuQicPc.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\fSvAMzn.exe
  C:\Windows\System\fSvAMzn.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\ZMQFCjl.exe
  C:\Windows\System\ZMQFCjl.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\FjjEepP.exe
  C:\Windows\System\FjjEepP.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\lcOZvwM.exe
  C:\Windows\System\lcOZvwM.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\TWRtiEJ.exe
  C:\Windows\System\TWRtiEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\uBLQsWY.exe
  C:\Windows\System\uBLQsWY.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\wRoMpCC.exe
  C:\Windows\System\wRoMpCC.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\EIbtHYt.exe
  C:\Windows\System\EIbtHYt.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\NKIOdHX.exe
  C:\Windows\System\NKIOdHX.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\hObFbXz.exe
  C:\Windows\System\hObFbXz.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\OLHBglC.exe
  C:\Windows\System\OLHBglC.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\uZrZLIM.exe
  C:\Windows\System\uZrZLIM.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\wOalDIf.exe
  C:\Windows\System\wOalDIf.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\ANSahbG.exe
  C:\Windows\System\ANSahbG.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\iILzFLH.exe
  C:\Windows\System\iILzFLH.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\pnvflaC.exe
  C:\Windows\System\pnvflaC.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\LBViapQ.exe
  C:\Windows\System\LBViapQ.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\mZdMTad.exe
  C:\Windows\System\mZdMTad.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\dljouMC.exe
  C:\Windows\System\dljouMC.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\RBSccne.exe
  C:\Windows\System\RBSccne.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\tkvOJWh.exe
  C:\Windows\System\tkvOJWh.exe
  2⤵
  PID:2672
- C:\Windows\System\SYIYZQb.exe
  C:\Windows\System\SYIYZQb.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\yRkgpiZ.exe
  C:\Windows\System\yRkgpiZ.exe
  2⤵
  PID:3020
- C:\Windows\System\NbuhPHb.exe
  C:\Windows\System\NbuhPHb.exe
  2⤵
  PID:620
- C:\Windows\System\MshyXvk.exe
  C:\Windows\System\MshyXvk.exe
  2⤵
  PID:2932
- C:\Windows\System\hCfgIaV.exe
  C:\Windows\System\hCfgIaV.exe
  2⤵
  PID:2948
- C:\Windows\System\ZuUUBoT.exe
  C:\Windows\System\ZuUUBoT.exe
  2⤵
  PID:308
- C:\Windows\System\eGqlGeL.exe
  C:\Windows\System\eGqlGeL.exe
  2⤵
  PID:1288
- C:\Windows\System\BJJjmQr.exe
  C:\Windows\System\BJJjmQr.exe
  2⤵
  PID:2392
- C:\Windows\System\zyOkRju.exe
  C:\Windows\System\zyOkRju.exe
  2⤵
  PID:1744
- C:\Windows\System\ByYrgHy.exe
  C:\Windows\System\ByYrgHy.exe
  2⤵
  PID:2500
- C:\Windows\System\wWFENFP.exe
  C:\Windows\System\wWFENFP.exe
  2⤵
  PID:1136
- C:\Windows\System\RtXLdeC.exe
  C:\Windows\System\RtXLdeC.exe
  2⤵
  PID:560
- C:\Windows\System\gKqhUDi.exe
  C:\Windows\System\gKqhUDi.exe
  2⤵
  PID:1796
- C:\Windows\System\ChlXRQD.exe
  C:\Windows\System\ChlXRQD.exe
  2⤵
  PID:1048
- C:\Windows\System\tNEfbsu.exe
  C:\Windows\System\tNEfbsu.exe
  2⤵
  PID:1656
- C:\Windows\System\TKyvvKT.exe
  C:\Windows\System\TKyvvKT.exe
  2⤵
  PID:2388
- C:\Windows\System\HarOQjW.exe
  C:\Windows\System\HarOQjW.exe
  2⤵
  PID:1712
- C:\Windows\System\xKUetIg.exe
  C:\Windows\System\xKUetIg.exe
  2⤵
  PID:916
- C:\Windows\System\QPPAtse.exe
  C:\Windows\System\QPPAtse.exe
  2⤵
  PID:1332
- C:\Windows\System\WbXUlBW.exe
  C:\Windows\System\WbXUlBW.exe
  2⤵
  PID:1312
- C:\Windows\System\xWvnwPF.exe
  C:\Windows\System\xWvnwPF.exe
  2⤵
  PID:2576
- C:\Windows\System\kgQCYAt.exe
  C:\Windows\System\kgQCYAt.exe
  2⤵
  PID:2092
- C:\Windows\System\ccoyAle.exe
  C:\Windows\System\ccoyAle.exe
  2⤵
  PID:1984
- C:\Windows\System\xbdiuJd.exe
  C:\Windows\System\xbdiuJd.exe
  2⤵
  PID:1752
- C:\Windows\System\gAxKJfE.exe
  C:\Windows\System\gAxKJfE.exe
  2⤵
  PID:888
- C:\Windows\System\JfQGWPA.exe
  C:\Windows\System\JfQGWPA.exe
  2⤵
  PID:1616
- C:\Windows\System\iLvIFeN.exe
  C:\Windows\System\iLvIFeN.exe
  2⤵
  PID:2240
- C:\Windows\System\iavXbxe.exe
  C:\Windows\System\iavXbxe.exe
  2⤵
  PID:2376
- C:\Windows\System\SQnimlA.exe
  C:\Windows\System\SQnimlA.exe
  2⤵
  PID:2724
- C:\Windows\System\LLlzStb.exe
  C:\Windows\System\LLlzStb.exe
  2⤵
  PID:2420
- C:\Windows\System\XPDkSfp.exe
  C:\Windows\System\XPDkSfp.exe
  2⤵
  PID:816
- C:\Windows\System\iZsgaHw.exe
  C:\Windows\System\iZsgaHw.exe
  2⤵
  PID:2804
- C:\Windows\System\mghIUGy.exe
  C:\Windows\System\mghIUGy.exe
  2⤵
  PID:2940
- C:\Windows\System\BuKVnTN.exe
  C:\Windows\System\BuKVnTN.exe
  2⤵
  PID:588
- C:\Windows\System\mlLWudW.exe
  C:\Windows\System\mlLWudW.exe
  2⤵
  PID:2336
- C:\Windows\System\janVkhL.exe
  C:\Windows\System\janVkhL.exe
  2⤵
  PID:2860
- C:\Windows\System\fozDOvV.exe
  C:\Windows\System\fozDOvV.exe
  2⤵
  PID:1972
- C:\Windows\System\eGunoLz.exe
  C:\Windows\System\eGunoLz.exe
  2⤵
  PID:1828
- C:\Windows\System\qlSdUkQ.exe
  C:\Windows\System\qlSdUkQ.exe
  2⤵
  PID:1808
- C:\Windows\System\LVTGVyN.exe
  C:\Windows\System\LVTGVyN.exe
  2⤵
  PID:692
- C:\Windows\System\ZYcUtlw.exe
  C:\Windows\System\ZYcUtlw.exe
  2⤵
  PID:1668
- C:\Windows\System\iLZSlaw.exe
  C:\Windows\System\iLZSlaw.exe
  2⤵
  PID:3044
- C:\Windows\System\TSueQjV.exe
  C:\Windows\System\TSueQjV.exe
  2⤵
  PID:1304
- C:\Windows\System\TnyGcGX.exe
  C:\Windows\System\TnyGcGX.exe
  2⤵
  PID:1908
- C:\Windows\System\ieWCtwI.exe
  C:\Windows\System\ieWCtwI.exe
  2⤵
  PID:2252
- C:\Windows\System\ocIEoNp.exe
  C:\Windows\System\ocIEoNp.exe
  2⤵
  PID:2532
- C:\Windows\System\kEHYJcg.exe
  C:\Windows\System\kEHYJcg.exe
  2⤵
  PID:1144
- C:\Windows\System\okHMEZR.exe
  C:\Windows\System\okHMEZR.exe
  2⤵
  PID:1812
- C:\Windows\System\fYhybjc.exe
  C:\Windows\System\fYhybjc.exe
  2⤵
  PID:1816
- C:\Windows\System\jJFEeRF.exe
  C:\Windows\System\jJFEeRF.exe
  2⤵
  PID:3080
- C:\Windows\System\tkPObzO.exe
  C:\Windows\System\tkPObzO.exe
  2⤵
  PID:3096
- C:\Windows\System\uqYoSyA.exe
  C:\Windows\System\uqYoSyA.exe
  2⤵
  PID:3112
- C:\Windows\System\GziJlOE.exe
  C:\Windows\System\GziJlOE.exe
  2⤵
  PID:3128
- C:\Windows\System\enDyiiA.exe
  C:\Windows\System\enDyiiA.exe
  2⤵
  PID:3152
- C:\Windows\System\wJqESrv.exe
  C:\Windows\System\wJqESrv.exe
  2⤵
  PID:3172
- C:\Windows\System\KtyhAjv.exe
  C:\Windows\System\KtyhAjv.exe
  2⤵
  PID:3196
- C:\Windows\System\RpvijjT.exe
  C:\Windows\System\RpvijjT.exe
  2⤵
  PID:3224
- C:\Windows\System\gHpihLb.exe
  C:\Windows\System\gHpihLb.exe
  2⤵
  PID:3244
- C:\Windows\System\PZOAwhi.exe
  C:\Windows\System\PZOAwhi.exe
  2⤵
  PID:3264
- C:\Windows\System\ChGjwar.exe
  C:\Windows\System\ChGjwar.exe
  2⤵
  PID:3284
- C:\Windows\System\ExGwtaa.exe
  C:\Windows\System\ExGwtaa.exe
  2⤵
  PID:3304
- C:\Windows\System\fsViCmQ.exe
  C:\Windows\System\fsViCmQ.exe
  2⤵
  PID:3324
- C:\Windows\System\Gmrmzhx.exe
  C:\Windows\System\Gmrmzhx.exe
  2⤵
  PID:3344
- C:\Windows\System\eaHThkS.exe
  C:\Windows\System\eaHThkS.exe
  2⤵
  PID:3360
- C:\Windows\System\MjQOHhI.exe
  C:\Windows\System\MjQOHhI.exe
  2⤵
  PID:3376
- C:\Windows\System\MdDljpj.exe
  C:\Windows\System\MdDljpj.exe
  2⤵
  PID:3400
- C:\Windows\System\fQSVPQV.exe
  C:\Windows\System\fQSVPQV.exe
  2⤵
  PID:3416
- C:\Windows\System\cdxeEcQ.exe
  C:\Windows\System\cdxeEcQ.exe
  2⤵
  PID:3436
- C:\Windows\System\rpFcWUg.exe
  C:\Windows\System\rpFcWUg.exe
  2⤵
  PID:3460
- C:\Windows\System\tdLtWYi.exe
  C:\Windows\System\tdLtWYi.exe
  2⤵
  PID:3476
- C:\Windows\System\NLoCpKv.exe
  C:\Windows\System\NLoCpKv.exe
  2⤵
  PID:3496
- C:\Windows\System\LPSVVYW.exe
  C:\Windows\System\LPSVVYW.exe
  2⤵
  PID:3524
- C:\Windows\System\JjubTkx.exe
  C:\Windows\System\JjubTkx.exe
  2⤵
  PID:3540
- C:\Windows\System\fqloBAT.exe
  C:\Windows\System\fqloBAT.exe
  2⤵
  PID:3560
- C:\Windows\System\VRZOfhj.exe
  C:\Windows\System\VRZOfhj.exe
  2⤵
  PID:3580
- C:\Windows\System\WtbxylI.exe
  C:\Windows\System\WtbxylI.exe
  2⤵
  PID:3604
- C:\Windows\System\lOgFoPr.exe
  C:\Windows\System\lOgFoPr.exe
  2⤵
  PID:3624
- C:\Windows\System\ZIDrJfW.exe
  C:\Windows\System\ZIDrJfW.exe
  2⤵
  PID:3644
- C:\Windows\System\vBEZNqK.exe
  C:\Windows\System\vBEZNqK.exe
  2⤵
  PID:3664
- C:\Windows\System\ikyMzfy.exe
  C:\Windows\System\ikyMzfy.exe
  2⤵
  PID:3684
- C:\Windows\System\easqnan.exe
  C:\Windows\System\easqnan.exe
  2⤵
  PID:3700
- C:\Windows\System\LPfKiiM.exe
  C:\Windows\System\LPfKiiM.exe
  2⤵
  PID:3720
- C:\Windows\System\EwPVFlg.exe
  C:\Windows\System\EwPVFlg.exe
  2⤵
  PID:3740
- C:\Windows\System\ObeJdGf.exe
  C:\Windows\System\ObeJdGf.exe
  2⤵
  PID:3756
- C:\Windows\System\bmHxEax.exe
  C:\Windows\System\bmHxEax.exe
  2⤵
  PID:3780
- C:\Windows\System\igEJdGP.exe
  C:\Windows\System\igEJdGP.exe
  2⤵
  PID:3796
- C:\Windows\System\vjMZFbX.exe
  C:\Windows\System\vjMZFbX.exe
  2⤵
  PID:3816
- C:\Windows\System\jzhLlLl.exe
  C:\Windows\System\jzhLlLl.exe
  2⤵
  PID:3840
- C:\Windows\System\CSXrAuj.exe
  C:\Windows\System\CSXrAuj.exe
  2⤵
  PID:3856
- C:\Windows\System\dekvwTa.exe
  C:\Windows\System\dekvwTa.exe
  2⤵
  PID:3872
- C:\Windows\System\xcnuzdg.exe
  C:\Windows\System\xcnuzdg.exe
  2⤵
  PID:3900
- C:\Windows\System\pMQdWuP.exe
  C:\Windows\System\pMQdWuP.exe
  2⤵
  PID:3916
- C:\Windows\System\clclJnu.exe
  C:\Windows\System\clclJnu.exe
  2⤵
  PID:3940
- C:\Windows\System\GpomUrW.exe
  C:\Windows\System\GpomUrW.exe
  2⤵
  PID:3956
- C:\Windows\System\TgvlsvE.exe
  C:\Windows\System\TgvlsvE.exe
  2⤵
  PID:3976
- C:\Windows\System\NzXbtez.exe
  C:\Windows\System\NzXbtez.exe
  2⤵
  PID:4004
- C:\Windows\System\OLktKgk.exe
  C:\Windows\System\OLktKgk.exe
  2⤵
  PID:4024
- C:\Windows\System\ychStVw.exe
  C:\Windows\System\ychStVw.exe
  2⤵
  PID:4044
- C:\Windows\System\sEjyeEN.exe
  C:\Windows\System\sEjyeEN.exe
  2⤵
  PID:4060
- C:\Windows\System\SMitVkE.exe
  C:\Windows\System\SMitVkE.exe
  2⤵
  PID:4076
- C:\Windows\System\HOEdmRk.exe
  C:\Windows\System\HOEdmRk.exe
  2⤵
  PID:1180
- C:\Windows\System\EdwjQVL.exe
  C:\Windows\System\EdwjQVL.exe
  2⤵
  PID:1248
- C:\Windows\System\xgRCdzM.exe
  C:\Windows\System\xgRCdzM.exe
  2⤵
  PID:2360
- C:\Windows\System\oMZrtxC.exe
  C:\Windows\System\oMZrtxC.exe
  2⤵
  PID:2952
- C:\Windows\System\QiZLFEp.exe
  C:\Windows\System\QiZLFEp.exe
  2⤵
  PID:1184
- C:\Windows\System\hOjdZIv.exe
  C:\Windows\System\hOjdZIv.exe
  2⤵
  PID:2604
- C:\Windows\System\uwcuATF.exe
  C:\Windows\System\uwcuATF.exe
  2⤵
  PID:2460
- C:\Windows\System\pNmlfby.exe
  C:\Windows\System\pNmlfby.exe
  2⤵
  PID:1840
- C:\Windows\System\LXkmleK.exe
  C:\Windows\System\LXkmleK.exe
  2⤵
  PID:1884
- C:\Windows\System\UaPQyzO.exe
  C:\Windows\System\UaPQyzO.exe
  2⤵
  PID:892
- C:\Windows\System\tYeZXig.exe
  C:\Windows\System\tYeZXig.exe
  2⤵
  PID:1940
- C:\Windows\System\ZFtDSXM.exe
  C:\Windows\System\ZFtDSXM.exe
  2⤵
  PID:3104
- C:\Windows\System\lRsOVrl.exe
  C:\Windows\System\lRsOVrl.exe
  2⤵
  PID:3148
- C:\Windows\System\VQwTYpN.exe
  C:\Windows\System\VQwTYpN.exe
  2⤵
  PID:3124
- C:\Windows\System\JXXfQeN.exe
  C:\Windows\System\JXXfQeN.exe
  2⤵
  PID:3092
- C:\Windows\System\NnmQiUm.exe
  C:\Windows\System\NnmQiUm.exe
  2⤵
  PID:3232
- C:\Windows\System\BXkUflH.exe
  C:\Windows\System\BXkUflH.exe
  2⤵
  PID:3272
- C:\Windows\System\GHakvpL.exe
  C:\Windows\System\GHakvpL.exe
  2⤵
  PID:3320
- C:\Windows\System\rnatFtm.exe
  C:\Windows\System\rnatFtm.exe
  2⤵
  PID:3352
- C:\Windows\System\rKmersl.exe
  C:\Windows\System\rKmersl.exe
  2⤵
  PID:3356
- C:\Windows\System\PKaZgVU.exe
  C:\Windows\System\PKaZgVU.exe
  2⤵
  PID:3424
- C:\Windows\System\xJYMdwB.exe
  C:\Windows\System\xJYMdwB.exe
  2⤵
  PID:3372
- C:\Windows\System\fZsbtMo.exe
  C:\Windows\System\fZsbtMo.exe
  2⤵
  PID:3472
- C:\Windows\System\LJolwef.exe
  C:\Windows\System\LJolwef.exe
  2⤵
  PID:3488
- C:\Windows\System\ZcHnoHV.exe
  C:\Windows\System\ZcHnoHV.exe
  2⤵
  PID:3520
- C:\Windows\System\WUlCBrJ.exe
  C:\Windows\System\WUlCBrJ.exe
  2⤵
  PID:3548
- C:\Windows\System\pzPSttZ.exe
  C:\Windows\System\pzPSttZ.exe
  2⤵
  PID:3600
- C:\Windows\System\jIHYObd.exe
  C:\Windows\System\jIHYObd.exe
  2⤵
  PID:3576
- C:\Windows\System\GGPGYwe.exe
  C:\Windows\System\GGPGYwe.exe
  2⤵
  PID:3672
- C:\Windows\System\ZfqZWFq.exe
  C:\Windows\System\ZfqZWFq.exe
  2⤵
  PID:2228
- C:\Windows\System\wZVRDRu.exe
  C:\Windows\System\wZVRDRu.exe
  2⤵
  PID:3824
- C:\Windows\System\VifVdop.exe
  C:\Windows\System\VifVdop.exe
  2⤵
  PID:3696
- C:\Windows\System\VTvLgCm.exe
  C:\Windows\System\VTvLgCm.exe
  2⤵
  PID:3864
- C:\Windows\System\lhIrpuN.exe
  C:\Windows\System\lhIrpuN.exe
  2⤵
  PID:3768
- C:\Windows\System\ScpQEox.exe
  C:\Windows\System\ScpQEox.exe
  2⤵
  PID:3804
- C:\Windows\System\LUgedpU.exe
  C:\Windows\System\LUgedpU.exe
  2⤵
  PID:3880
- C:\Windows\System\YbpWUTF.exe
  C:\Windows\System\YbpWUTF.exe
  2⤵
  PID:3996
- C:\Windows\System\kcZEAmx.exe
  C:\Windows\System\kcZEAmx.exe
  2⤵
  PID:3932
- C:\Windows\System\ZupPzCi.exe
  C:\Windows\System\ZupPzCi.exe
  2⤵
  PID:3964
- C:\Windows\System\nZhheNh.exe
  C:\Windows\System\nZhheNh.exe
  2⤵
  PID:1892
- C:\Windows\System\lAaxdjJ.exe
  C:\Windows\System\lAaxdjJ.exe
  2⤵
  PID:3972
- C:\Windows\System\mIPIrsK.exe
  C:\Windows\System\mIPIrsK.exe
  2⤵
  PID:3040
- C:\Windows\System\OOChiCb.exe
  C:\Windows\System\OOChiCb.exe
  2⤵
  PID:2624
- C:\Windows\System\sjXRZJL.exe
  C:\Windows\System\sjXRZJL.exe
  2⤵
  PID:4092
- C:\Windows\System\fanINXg.exe
  C:\Windows\System\fanINXg.exe
  2⤵
  PID:2660
- C:\Windows\System\hIxdtEZ.exe
  C:\Windows\System\hIxdtEZ.exe
  2⤵
  PID:3180
- C:\Windows\System\owsKPyU.exe
  C:\Windows\System\owsKPyU.exe
  2⤵
  PID:3028
- C:\Windows\System\QEbTBFV.exe
  C:\Windows\System\QEbTBFV.exe
  2⤵
  PID:3312
- C:\Windows\System\kVcSZeX.exe
  C:\Windows\System\kVcSZeX.exe
  2⤵
  PID:3340
- C:\Windows\System\VZpiSWe.exe
  C:\Windows\System\VZpiSWe.exe
  2⤵
  PID:1484
- C:\Windows\System\qLuzGIw.exe
  C:\Windows\System\qLuzGIw.exe
  2⤵
  PID:1736
- C:\Windows\System\AturwqM.exe
  C:\Windows\System\AturwqM.exe
  2⤵
  PID:3164
- C:\Windows\System\MlnrTgP.exe
  C:\Windows\System\MlnrTgP.exe
  2⤵
  PID:3532
- C:\Windows\System\MbQfHUL.exe
  C:\Windows\System\MbQfHUL.exe
  2⤵
  PID:3236
- C:\Windows\System\XoDkzFi.exe
  C:\Windows\System\XoDkzFi.exe
  2⤵
  PID:3260
- C:\Windows\System\eXsIIJN.exe
  C:\Windows\System\eXsIIJN.exe
  2⤵
  PID:3392
- C:\Windows\System\lNlokte.exe
  C:\Windows\System\lNlokte.exe
  2⤵
  PID:3492
- C:\Windows\System\izxXYra.exe
  C:\Windows\System\izxXYra.exe
  2⤵
  PID:3640
- C:\Windows\System\xqCzqYj.exe
  C:\Windows\System\xqCzqYj.exe
  2⤵
  PID:3692
- C:\Windows\System\XkleQth.exe
  C:\Windows\System\XkleQth.exe
  2⤵
  PID:3536
- C:\Windows\System\niFMCJu.exe
  C:\Windows\System\niFMCJu.exe
  2⤵
  PID:3912
- C:\Windows\System\nUNCNvl.exe
  C:\Windows\System\nUNCNvl.exe
  2⤵
  PID:3752
- C:\Windows\System\smSWTrP.exe
  C:\Windows\System\smSWTrP.exe
  2⤵
  PID:4036
- C:\Windows\System\WukadRp.exe
  C:\Windows\System\WukadRp.exe
  2⤵
  PID:3792
- C:\Windows\System\KwoGYIk.exe
  C:\Windows\System\KwoGYIk.exe
  2⤵
  PID:4084
- C:\Windows\System\AlUdLxe.exe
  C:\Windows\System\AlUdLxe.exe
  2⤵
  PID:1672
- C:\Windows\System\CTHllRX.exe
  C:\Windows\System\CTHllRX.exe
  2⤵
  PID:864
- C:\Windows\System\ECyMaYU.exe
  C:\Windows\System\ECyMaYU.exe
  2⤵
  PID:3144
- C:\Windows\System\DdUcoDX.exe
  C:\Windows\System\DdUcoDX.exe
  2⤵
  PID:3240
- C:\Windows\System\kUCDSCB.exe
  C:\Windows\System\kUCDSCB.exe
  2⤵
  PID:1320
- C:\Windows\System\kFfOign.exe
  C:\Windows\System\kFfOign.exe
  2⤵
  PID:1792
- C:\Windows\System\LcRhILx.exe
  C:\Windows\System\LcRhILx.exe
  2⤵
  PID:3064
- C:\Windows\System\bSyOKpu.exe
  C:\Windows\System\bSyOKpu.exe
  2⤵
  PID:3120
- C:\Windows\System\dYoTibQ.exe
  C:\Windows\System\dYoTibQ.exe
  2⤵
  PID:3552
- C:\Windows\System\fdMgTIx.exe
  C:\Windows\System\fdMgTIx.exe
  2⤵
  PID:3204
- C:\Windows\System\cAHyqZw.exe
  C:\Windows\System\cAHyqZw.exe
  2⤵
  PID:3252
- C:\Windows\System\oCijaGa.exe
  C:\Windows\System\oCijaGa.exe
  2⤵
  PID:4072
- C:\Windows\System\OOKCPZY.exe
  C:\Windows\System\OOKCPZY.exe
  2⤵
  PID:3572
- C:\Windows\System\oAMwyuO.exe
  C:\Windows\System\oAMwyuO.exe
  2⤵
  PID:3660
- C:\Windows\System\SUGahoc.exe
  C:\Windows\System\SUGahoc.exe
  2⤵
  PID:3924
- C:\Windows\System\cRbnTVZ.exe
  C:\Windows\System\cRbnTVZ.exe
  2⤵
  PID:2268
- C:\Windows\System\DYKonWx.exe
  C:\Windows\System\DYKonWx.exe
  2⤵
  PID:2480
- C:\Windows\System\vVNbDRd.exe
  C:\Windows\System\vVNbDRd.exe
  2⤵
  PID:4108
- C:\Windows\System\QljpIVV.exe
  C:\Windows\System\QljpIVV.exe
  2⤵
  PID:4132
- C:\Windows\System\GbadlWi.exe
  C:\Windows\System\GbadlWi.exe
  2⤵
  PID:4152
- C:\Windows\System\pBuaqll.exe
  C:\Windows\System\pBuaqll.exe
  2⤵
  PID:4172
- C:\Windows\System\vtWvosV.exe
  C:\Windows\System\vtWvosV.exe
  2⤵
  PID:4192
- C:\Windows\System\sWgRopS.exe
  C:\Windows\System\sWgRopS.exe
  2⤵
  PID:4212
- C:\Windows\System\KdcaxAe.exe
  C:\Windows\System\KdcaxAe.exe
  2⤵
  PID:4232
- C:\Windows\System\msAwrKH.exe
  C:\Windows\System\msAwrKH.exe
  2⤵
  PID:4252
- C:\Windows\System\CxNXnUg.exe
  C:\Windows\System\CxNXnUg.exe
  2⤵
  PID:4272
- C:\Windows\System\SLMBoDm.exe
  C:\Windows\System\SLMBoDm.exe
  2⤵
  PID:4292
- C:\Windows\System\uCzHwLk.exe
  C:\Windows\System\uCzHwLk.exe
  2⤵
  PID:4312
- C:\Windows\System\JptIWyQ.exe
  C:\Windows\System\JptIWyQ.exe
  2⤵
  PID:4332
- C:\Windows\System\sMJtdLV.exe
  C:\Windows\System\sMJtdLV.exe
  2⤵
  PID:4352
- C:\Windows\System\LNIRxWi.exe
  C:\Windows\System\LNIRxWi.exe
  2⤵
  PID:4372
- C:\Windows\System\eUGCUxG.exe
  C:\Windows\System\eUGCUxG.exe
  2⤵
  PID:4392
- C:\Windows\System\ndfgQAZ.exe
  C:\Windows\System\ndfgQAZ.exe
  2⤵
  PID:4412
- C:\Windows\System\fCbvqFO.exe
  C:\Windows\System\fCbvqFO.exe
  2⤵
  PID:4428
- C:\Windows\System\yvxeTmv.exe
  C:\Windows\System\yvxeTmv.exe
  2⤵
  PID:4448
- C:\Windows\System\pRtccxI.exe
  C:\Windows\System\pRtccxI.exe
  2⤵
  PID:4468
- C:\Windows\System\EJCgMoO.exe
  C:\Windows\System\EJCgMoO.exe
  2⤵
  PID:4492
- C:\Windows\System\VDBlLPX.exe
  C:\Windows\System\VDBlLPX.exe
  2⤵
  PID:4512
- C:\Windows\System\aiJWJFD.exe
  C:\Windows\System\aiJWJFD.exe
  2⤵
  PID:4532
- C:\Windows\System\oVJcupS.exe
  C:\Windows\System\oVJcupS.exe
  2⤵
  PID:4548
- C:\Windows\System\ntdAtYV.exe
  C:\Windows\System\ntdAtYV.exe
  2⤵
  PID:4572
- C:\Windows\System\bDGvaUr.exe
  C:\Windows\System\bDGvaUr.exe
  2⤵
  PID:4592
- C:\Windows\System\VyvSrMD.exe
  C:\Windows\System\VyvSrMD.exe
  2⤵
  PID:4612
- C:\Windows\System\cXUomXt.exe
  C:\Windows\System\cXUomXt.exe
  2⤵
  PID:4632
- C:\Windows\System\CLTLpCJ.exe
  C:\Windows\System\CLTLpCJ.exe
  2⤵
  PID:4652
- C:\Windows\System\GHMuaEj.exe
  C:\Windows\System\GHMuaEj.exe
  2⤵
  PID:4672
- C:\Windows\System\rWGIzPv.exe
  C:\Windows\System\rWGIzPv.exe
  2⤵
  PID:4692
- C:\Windows\System\JqsbPmM.exe
  C:\Windows\System\JqsbPmM.exe
  2⤵
  PID:4712
- C:\Windows\System\VyxxxJY.exe
  C:\Windows\System\VyxxxJY.exe
  2⤵
  PID:4732
- C:\Windows\System\zrFeKkl.exe
  C:\Windows\System\zrFeKkl.exe
  2⤵
  PID:4752
- C:\Windows\System\kWGGNtN.exe
  C:\Windows\System\kWGGNtN.exe
  2⤵
  PID:4772
- C:\Windows\System\UUNLtoS.exe
  C:\Windows\System\UUNLtoS.exe
  2⤵
  PID:4792
- C:\Windows\System\iLJrHiG.exe
  C:\Windows\System\iLJrHiG.exe
  2⤵
  PID:4812
- C:\Windows\System\MjoNAKt.exe
  C:\Windows\System\MjoNAKt.exe
  2⤵
  PID:4828
- C:\Windows\System\UOJBhPP.exe
  C:\Windows\System\UOJBhPP.exe
  2⤵
  PID:4848
- C:\Windows\System\drTneNh.exe
  C:\Windows\System\drTneNh.exe
  2⤵
  PID:4868
- C:\Windows\System\npFOMFt.exe
  C:\Windows\System\npFOMFt.exe
  2⤵
  PID:4888
- C:\Windows\System\PNrLztr.exe
  C:\Windows\System\PNrLztr.exe
  2⤵
  PID:4908
- C:\Windows\System\svvQtdZ.exe
  C:\Windows\System\svvQtdZ.exe
  2⤵
  PID:4924
- C:\Windows\System\tDIoKlE.exe
  C:\Windows\System\tDIoKlE.exe
  2⤵
  PID:4948
- C:\Windows\System\arsJSWI.exe
  C:\Windows\System\arsJSWI.exe
  2⤵
  PID:4976
- C:\Windows\System\famCNAH.exe
  C:\Windows\System\famCNAH.exe
  2⤵
  PID:4996
- C:\Windows\System\XELpoEZ.exe
  C:\Windows\System\XELpoEZ.exe
  2⤵
  PID:5016
- C:\Windows\System\csxTSPT.exe
  C:\Windows\System\csxTSPT.exe
  2⤵
  PID:5036
- C:\Windows\System\QVuotzS.exe
  C:\Windows\System\QVuotzS.exe
  2⤵
  PID:5056
- C:\Windows\System\gkmqldG.exe
  C:\Windows\System\gkmqldG.exe
  2⤵
  PID:5072
- C:\Windows\System\jDYVQLZ.exe
  C:\Windows\System\jDYVQLZ.exe
  2⤵
  PID:5096
- C:\Windows\System\ghqSBYw.exe
  C:\Windows\System\ghqSBYw.exe
  2⤵
  PID:5116
- C:\Windows\System\SUwkNMY.exe
  C:\Windows\System\SUwkNMY.exe
  2⤵
  PID:372
- C:\Windows\System\JYRpFir.exe
  C:\Windows\System\JYRpFir.exe
  2⤵
  PID:3456
- C:\Windows\System\CoGztiR.exe
  C:\Windows\System\CoGztiR.exe
  2⤵
  PID:3396
- C:\Windows\System\KEhRtFw.exe
  C:\Windows\System\KEhRtFw.exe
  2⤵
  PID:3632
- C:\Windows\System\EPbftKa.exe
  C:\Windows\System\EPbftKa.exe
  2⤵
  PID:2896
- C:\Windows\System\mzvQzsh.exe
  C:\Windows\System\mzvQzsh.exe
  2⤵
  PID:4020
- C:\Windows\System\jBOsLkv.exe
  C:\Windows\System\jBOsLkv.exe
  2⤵
  PID:3896
- C:\Windows\System\kbOJrzf.exe
  C:\Windows\System\kbOJrzf.exe
  2⤵
  PID:3828
- C:\Windows\System\rOwgHSw.exe
  C:\Windows\System\rOwgHSw.exe
  2⤵
  PID:3076
- C:\Windows\System\GglUJue.exe
  C:\Windows\System\GglUJue.exe
  2⤵
  PID:4124
- C:\Windows\System\fOIJfUG.exe
  C:\Windows\System\fOIJfUG.exe
  2⤵
  PID:4160
- C:\Windows\System\eZpmPJs.exe
  C:\Windows\System\eZpmPJs.exe
  2⤵
  PID:4144
- C:\Windows\System\CmhdmPE.exe
  C:\Windows\System\CmhdmPE.exe
  2⤵
  PID:4184
- C:\Windows\System\xHavUcp.exe
  C:\Windows\System\xHavUcp.exe
  2⤵
  PID:4220
- C:\Windows\System\sggVtHX.exe
  C:\Windows\System\sggVtHX.exe
  2⤵
  PID:4260
- C:\Windows\System\WBxeFuj.exe
  C:\Windows\System\WBxeFuj.exe
  2⤵
  PID:4308
- C:\Windows\System\FQFgdLL.exe
  C:\Windows\System\FQFgdLL.exe
  2⤵
  PID:4368
- C:\Windows\System\ubpSrVX.exe
  C:\Windows\System\ubpSrVX.exe
  2⤵
  PID:4344
- C:\Windows\System\XYPnTuK.exe
  C:\Windows\System\XYPnTuK.exe
  2⤵
  PID:4408
- C:\Windows\System\JcVMGFa.exe
  C:\Windows\System\JcVMGFa.exe
  2⤵
  PID:4384
- C:\Windows\System\EttQwgh.exe
  C:\Windows\System\EttQwgh.exe
  2⤵
  PID:4420
- C:\Windows\System\XkoZnac.exe
  C:\Windows\System\XkoZnac.exe
  2⤵
  PID:4456
- C:\Windows\System\YesVvft.exe
  C:\Windows\System\YesVvft.exe
  2⤵
  PID:4508
- C:\Windows\System\ujpWMPS.exe
  C:\Windows\System\ujpWMPS.exe
  2⤵
  PID:4540
- C:\Windows\System\IlRUgvR.exe
  C:\Windows\System\IlRUgvR.exe
  2⤵
  PID:4588
- C:\Windows\System\nRBIrhe.exe
  C:\Windows\System\nRBIrhe.exe
  2⤵
  PID:4644
- C:\Windows\System\zwTSXXv.exe
  C:\Windows\System\zwTSXXv.exe
  2⤵
  PID:4628
- C:\Windows\System\JbgcFpU.exe
  C:\Windows\System\JbgcFpU.exe
  2⤵
  PID:4724
- C:\Windows\System\edkpuEs.exe
  C:\Windows\System\edkpuEs.exe
  2⤵
  PID:4708
- C:\Windows\System\aNnEHVf.exe
  C:\Windows\System\aNnEHVf.exe
  2⤵
  PID:4744
- C:\Windows\System\ptjrhkp.exe
  C:\Windows\System\ptjrhkp.exe
  2⤵
  PID:4800
- C:\Windows\System\SnrXzNv.exe
  C:\Windows\System\SnrXzNv.exe
  2⤵
  PID:4840
- C:\Windows\System\QBugBrg.exe
  C:\Windows\System\QBugBrg.exe
  2⤵
  PID:4880
- C:\Windows\System\nFialde.exe
  C:\Windows\System\nFialde.exe
  2⤵
  PID:4864
- C:\Windows\System\ygHJwyI.exe
  C:\Windows\System\ygHJwyI.exe
  2⤵
  PID:4904
- C:\Windows\System\jQHQlGp.exe
  C:\Windows\System\jQHQlGp.exe
  2⤵
  PID:5004
- C:\Windows\System\OeVcWrV.exe
  C:\Windows\System\OeVcWrV.exe
  2⤵
  PID:4936
- C:\Windows\System\gttylaQ.exe
  C:\Windows\System\gttylaQ.exe
  2⤵
  PID:5052
- C:\Windows\System\drfOWfN.exe
  C:\Windows\System\drfOWfN.exe
  2⤵
  PID:5032
- C:\Windows\System\TFjSGly.exe
  C:\Windows\System\TFjSGly.exe
  2⤵
  PID:5084
- C:\Windows\System\qhFuNqG.exe
  C:\Windows\System\qhFuNqG.exe
  2⤵
  PID:3588
- C:\Windows\System\IcxHSDH.exe
  C:\Windows\System\IcxHSDH.exe
  2⤵
  PID:5064
- C:\Windows\System\qUzSlXN.exe
  C:\Windows\System\qUzSlXN.exe
  2⤵
  PID:5108
- C:\Windows\System\wSBrnOe.exe
  C:\Windows\System\wSBrnOe.exe
  2⤵
  PID:3884
- C:\Windows\System\eYahQvn.exe
  C:\Windows\System\eYahQvn.exe
  2⤵
  PID:3736
- C:\Windows\System\FkjiMqn.exe
  C:\Windows\System\FkjiMqn.exe
  2⤵
  PID:4200
- C:\Windows\System\PWDZPOY.exe
  C:\Windows\System\PWDZPOY.exe
  2⤵
  PID:4224
- C:\Windows\System\ZtdaybZ.exe
  C:\Windows\System\ZtdaybZ.exe
  2⤵
  PID:3948
- C:\Windows\System\jNeiYAU.exe
  C:\Windows\System\jNeiYAU.exe
  2⤵
  PID:3772
- C:\Windows\System\ZYwupHz.exe
  C:\Windows\System\ZYwupHz.exe
  2⤵
  PID:4404
- C:\Windows\System\YuFTxPI.exe
  C:\Windows\System\YuFTxPI.exe
  2⤵
  PID:4488
- C:\Windows\System\koUtodx.exe
  C:\Windows\System\koUtodx.exe
  2⤵
  PID:4148
- C:\Windows\System\JBvmHqV.exe
  C:\Windows\System\JBvmHqV.exe
  2⤵
  PID:4680
- C:\Windows\System\vUCFfcH.exe
  C:\Windows\System\vUCFfcH.exe
  2⤵
  PID:4664
- C:\Windows\System\sAeKeFM.exe
  C:\Windows\System\sAeKeFM.exe
  2⤵
  PID:4876
- C:\Windows\System\AMiuVff.exe
  C:\Windows\System\AMiuVff.exe
  2⤵
  PID:5008
- C:\Windows\System\xMvActl.exe
  C:\Windows\System\xMvActl.exe
  2⤵
  PID:4244
- C:\Windows\System\iNOpgwt.exe
  C:\Windows\System\iNOpgwt.exe
  2⤵
  PID:5024
- C:\Windows\System\xbFtnii.exe
  C:\Windows\System\xbFtnii.exe
  2⤵
  PID:4300
- C:\Windows\System\deVnOLQ.exe
  C:\Windows\System\deVnOLQ.exe
  2⤵
  PID:4364
- C:\Windows\System\ZOusOlZ.exe
  C:\Windows\System\ZOusOlZ.exe
  2⤵
  PID:3680
- C:\Windows\System\rNzcHoJ.exe
  C:\Windows\System\rNzcHoJ.exe
  2⤵
  PID:3776
- C:\Windows\System\BuqRDEr.exe
  C:\Windows\System\BuqRDEr.exe
  2⤵
  PID:4324
- C:\Windows\System\qJlmKAe.exe
  C:\Windows\System\qJlmKAe.exe
  2⤵
  PID:4528
- C:\Windows\System\DnDyQsK.exe
  C:\Windows\System\DnDyQsK.exe
  2⤵
  PID:4568
- C:\Windows\System\tacAFcx.exe
  C:\Windows\System\tacAFcx.exe
  2⤵
  PID:4640
- C:\Windows\System\bMeTJPN.exe
  C:\Windows\System\bMeTJPN.exe
  2⤵
  PID:4580
- C:\Windows\System\XpLoANU.exe
  C:\Windows\System\XpLoANU.exe
  2⤵
  PID:4720
- C:\Windows\System\zOcMgUI.exe
  C:\Windows\System\zOcMgUI.exe
  2⤵
  PID:4740
- C:\Windows\System\GdcKVya.exe
  C:\Windows\System\GdcKVya.exe
  2⤵
  PID:4204
- C:\Windows\System\hmcOdkw.exe
  C:\Windows\System\hmcOdkw.exe
  2⤵
  PID:4240
- C:\Windows\System\OJkKSWN.exe
  C:\Windows\System\OJkKSWN.exe
  2⤵
  PID:4984
- C:\Windows\System\GVXvQQb.exe
  C:\Windows\System\GVXvQQb.exe
  2⤵
  PID:3208
- C:\Windows\System\EueoaDj.exe
  C:\Windows\System\EueoaDj.exe
  2⤵
  PID:4168
- C:\Windows\System\lEImcJo.exe
  C:\Windows\System\lEImcJo.exe
  2⤵
  PID:1108
- C:\Windows\System\rMkEVOe.exe
  C:\Windows\System\rMkEVOe.exe
  2⤵
  PID:4520
- C:\Windows\System\OkCocaa.exe
  C:\Windows\System\OkCocaa.exe
  2⤵
  PID:4340
- C:\Windows\System\jmRsJuk.exe
  C:\Windows\System\jmRsJuk.exe
  2⤵
  PID:4780
- C:\Windows\System\fcpYHVn.exe
  C:\Windows\System\fcpYHVn.exe
  2⤵
  PID:4788
- C:\Windows\System\ILeqbUF.exe
  C:\Windows\System\ILeqbUF.exe
  2⤵
  PID:3444
- C:\Windows\System\PpUJhhD.exe
  C:\Windows\System\PpUJhhD.exe
  2⤵
  PID:4116
- C:\Windows\System\gUPlTyU.exe
  C:\Windows\System\gUPlTyU.exe
  2⤵
  PID:4556
- C:\Windows\System\zGsOoyW.exe
  C:\Windows\System\zGsOoyW.exe
  2⤵
  PID:2220
- C:\Windows\System\cfjatcz.exe
  C:\Windows\System\cfjatcz.exe
  2⤵
  PID:5124
- C:\Windows\System\vbXdEhn.exe
  C:\Windows\System\vbXdEhn.exe
  2⤵
  PID:5140
- C:\Windows\System\ZwaGKqn.exe
  C:\Windows\System\ZwaGKqn.exe
  2⤵
  PID:5156
- C:\Windows\System\GXBtLTO.exe
  C:\Windows\System\GXBtLTO.exe
  2⤵
  PID:5172
- C:\Windows\System\kASvSbJ.exe
  C:\Windows\System\kASvSbJ.exe
  2⤵
  PID:5188
- C:\Windows\System\yEsTOJr.exe
  C:\Windows\System\yEsTOJr.exe
  2⤵
  PID:5204
- C:\Windows\System\tVhjnJh.exe
  C:\Windows\System\tVhjnJh.exe
  2⤵
  PID:5228
- C:\Windows\System\wjXZSWE.exe
  C:\Windows\System\wjXZSWE.exe
  2⤵
  PID:5244
- C:\Windows\System\YlnWDZg.exe
  C:\Windows\System\YlnWDZg.exe
  2⤵
  PID:5260
- C:\Windows\System\iTftPKg.exe
  C:\Windows\System\iTftPKg.exe
  2⤵
  PID:5276
- C:\Windows\System\NwqvbPl.exe
  C:\Windows\System\NwqvbPl.exe
  2⤵
  PID:5292
- C:\Windows\System\WZpPNCZ.exe
  C:\Windows\System\WZpPNCZ.exe
  2⤵
  PID:5308
- C:\Windows\System\ZZYQeQD.exe
  C:\Windows\System\ZZYQeQD.exe
  2⤵
  PID:5324
- C:\Windows\System\CvDLjnZ.exe
  C:\Windows\System\CvDLjnZ.exe
  2⤵
  PID:5340
- C:\Windows\System\FSuCDzL.exe
  C:\Windows\System\FSuCDzL.exe
  2⤵
  PID:5356
- C:\Windows\System\PLXGWbK.exe
  C:\Windows\System\PLXGWbK.exe
  2⤵
  PID:5372
- C:\Windows\System\wKablJS.exe
  C:\Windows\System\wKablJS.exe
  2⤵
  PID:5388
- C:\Windows\System\eLwLyAJ.exe
  C:\Windows\System\eLwLyAJ.exe
  2⤵
  PID:5408
- C:\Windows\System\ngtKrCI.exe
  C:\Windows\System\ngtKrCI.exe
  2⤵
  PID:5424
- C:\Windows\System\ZigtnTE.exe
  C:\Windows\System\ZigtnTE.exe
  2⤵
  PID:5440
- C:\Windows\System\jQAhRqH.exe
  C:\Windows\System\jQAhRqH.exe
  2⤵
  PID:5456
- C:\Windows\System\VdAnTpK.exe
  C:\Windows\System\VdAnTpK.exe
  2⤵
  PID:5472
- C:\Windows\System\VkmGzKK.exe
  C:\Windows\System\VkmGzKK.exe
  2⤵
  PID:5488
- C:\Windows\System\XzylGiT.exe
  C:\Windows\System\XzylGiT.exe
  2⤵
  PID:5504
- C:\Windows\System\bRiPrMj.exe
  C:\Windows\System\bRiPrMj.exe
  2⤵
  PID:5520
- C:\Windows\System\BHmvSbq.exe
  C:\Windows\System\BHmvSbq.exe
  2⤵
  PID:5536
- C:\Windows\System\gKvESHA.exe
  C:\Windows\System\gKvESHA.exe
  2⤵
  PID:5552
- C:\Windows\System\mAMQWiO.exe
  C:\Windows\System\mAMQWiO.exe
  2⤵
  PID:5568
- C:\Windows\System\vtvaXpd.exe
  C:\Windows\System\vtvaXpd.exe
  2⤵
  PID:5584
- C:\Windows\System\TyydqXf.exe
  C:\Windows\System\TyydqXf.exe
  2⤵
  PID:5600
- C:\Windows\System\AoFycoG.exe
  C:\Windows\System\AoFycoG.exe
  2⤵
  PID:5616
- C:\Windows\System\sTXXtnu.exe
  C:\Windows\System\sTXXtnu.exe
  2⤵
  PID:5632
- C:\Windows\System\awerTVw.exe
  C:\Windows\System\awerTVw.exe
  2⤵
  PID:5648
- C:\Windows\System\oYzcMuJ.exe
  C:\Windows\System\oYzcMuJ.exe
  2⤵
  PID:5664
- C:\Windows\System\AgrsSlu.exe
  C:\Windows\System\AgrsSlu.exe
  2⤵
  PID:5680
- C:\Windows\System\nFgApSQ.exe
  C:\Windows\System\nFgApSQ.exe
  2⤵
  PID:5704
- C:\Windows\System\VJeefTR.exe
  C:\Windows\System\VJeefTR.exe
  2⤵
  PID:5720
- C:\Windows\System\rcLnnpt.exe
  C:\Windows\System\rcLnnpt.exe
  2⤵
  PID:5736
- C:\Windows\System\nauDMSV.exe
  C:\Windows\System\nauDMSV.exe
  2⤵
  PID:5756
- C:\Windows\System\YnVHoDA.exe
  C:\Windows\System\YnVHoDA.exe
  2⤵
  PID:5772
- C:\Windows\System\ufuTqng.exe
  C:\Windows\System\ufuTqng.exe
  2⤵
  PID:5788
- C:\Windows\System\QkoDPpt.exe
  C:\Windows\System\QkoDPpt.exe
  2⤵
  PID:5804
- C:\Windows\System\sWbzhqV.exe
  C:\Windows\System\sWbzhqV.exe
  2⤵
  PID:5820
- C:\Windows\System\akAAnYQ.exe
  C:\Windows\System\akAAnYQ.exe
  2⤵
  PID:5836
- C:\Windows\System\SObfyGX.exe
  C:\Windows\System\SObfyGX.exe
  2⤵
  PID:5852
- C:\Windows\System\qIeLcQu.exe
  C:\Windows\System\qIeLcQu.exe
  2⤵
  PID:5868
- C:\Windows\System\MTOaGLZ.exe
  C:\Windows\System\MTOaGLZ.exe
  2⤵
  PID:5884
- C:\Windows\System\cALZNTZ.exe
  C:\Windows\System\cALZNTZ.exe
  2⤵
  PID:5900
- C:\Windows\System\JQyntuS.exe
  C:\Windows\System\JQyntuS.exe
  2⤵
  PID:5916
- C:\Windows\System\jGrUhNa.exe
  C:\Windows\System\jGrUhNa.exe
  2⤵
  PID:5932
- C:\Windows\System\bgwuXkL.exe
  C:\Windows\System\bgwuXkL.exe
  2⤵
  PID:5948
- C:\Windows\System\FprvQQW.exe
  C:\Windows\System\FprvQQW.exe
  2⤵
  PID:5964
- C:\Windows\System\UURQpVy.exe
  C:\Windows\System\UURQpVy.exe
  2⤵
  PID:5980
- C:\Windows\System\RvxEbqM.exe
  C:\Windows\System\RvxEbqM.exe
  2⤵
  PID:5996
- C:\Windows\System\cgzEUVP.exe
  C:\Windows\System\cgzEUVP.exe
  2⤵
  PID:6012
- C:\Windows\System\BXCoZKC.exe
  C:\Windows\System\BXCoZKC.exe
  2⤵
  PID:6032
- C:\Windows\System\vCXCsQh.exe
  C:\Windows\System\vCXCsQh.exe
  2⤵
  PID:6048
- C:\Windows\System\PDYZZHt.exe
  C:\Windows\System\PDYZZHt.exe
  2⤵
  PID:6064
- C:\Windows\System\rCqvoKg.exe
  C:\Windows\System\rCqvoKg.exe
  2⤵
  PID:6080
- C:\Windows\System\hIlzDop.exe
  C:\Windows\System\hIlzDop.exe
  2⤵
  PID:6096
- C:\Windows\System\CXejJty.exe
  C:\Windows\System\CXejJty.exe
  2⤵
  PID:6112
- C:\Windows\System\NiqmNYG.exe
  C:\Windows\System\NiqmNYG.exe
  2⤵
  PID:6128
- C:\Windows\System\VLqvxYu.exe
  C:\Windows\System\VLqvxYu.exe
  2⤵
  PID:4860
- C:\Windows\System\fNPXptO.exe
  C:\Windows\System\fNPXptO.exe
  2⤵
  PID:4944
- C:\Windows\System\GQpzhuT.exe
  C:\Windows\System\GQpzhuT.exe
  2⤵
  PID:5092
- C:\Windows\System\qNIjccV.exe
  C:\Windows\System\qNIjccV.exe
  2⤵
  PID:3192
- C:\Windows\System\VUHotJn.exe
  C:\Windows\System\VUHotJn.exe
  2⤵
  PID:4264
- C:\Windows\System\qeBUJth.exe
  C:\Windows\System\qeBUJth.exe
  2⤵
  PID:5752
- C:\Windows\System\TSldAFj.exe
  C:\Windows\System\TSldAFj.exe
  2⤵
  PID:5880
- C:\Windows\System\vRYxyjn.exe
  C:\Windows\System\vRYxyjn.exe
  2⤵
  PID:5912
- C:\Windows\System\aERyAgy.exe
  C:\Windows\System\aERyAgy.exe
  2⤵
  PID:5892
- C:\Windows\System\lMuiLoJ.exe
  C:\Windows\System\lMuiLoJ.exe
  2⤵
  PID:5972
- C:\Windows\System\OWeIbiO.exe
  C:\Windows\System\OWeIbiO.exe
  2⤵
  PID:2572
- C:\Windows\System\vJdqvEo.exe
  C:\Windows\System\vJdqvEo.exe
  2⤵
  PID:5992
- C:\Windows\System\WQTgCkK.exe
  C:\Windows\System\WQTgCkK.exe
  2⤵
  PID:6020
- C:\Windows\System\XdPGmOe.exe
  C:\Windows\System\XdPGmOe.exe
  2⤵
  PID:6136
- C:\Windows\System\FdHaIlv.exe
  C:\Windows\System\FdHaIlv.exe
  2⤵
  PID:6056
- C:\Windows\System\wAAKeTY.exe
  C:\Windows\System\wAAKeTY.exe
  2⤵
  PID:2812
- C:\Windows\System\GGrDXOi.exe
  C:\Windows\System\GGrDXOi.exe
  2⤵
  PID:6120
- C:\Windows\System\ZWqAyyo.exe
  C:\Windows\System\ZWqAyyo.exe
  2⤵
  PID:3504
- C:\Windows\System\RjYhqwK.exe
  C:\Windows\System\RjYhqwK.exe
  2⤵
  PID:2756
- C:\Windows\System\XiMvxbh.exe
  C:\Windows\System\XiMvxbh.exe
  2⤵
  PID:5152
- C:\Windows\System\qHgJlYB.exe
  C:\Windows\System\qHgJlYB.exe
  2⤵
  PID:4988
- C:\Windows\System\LltpkQC.exe
  C:\Windows\System\LltpkQC.exe
  2⤵
  PID:3412
- C:\Windows\System\cXHeHmt.exe
  C:\Windows\System\cXHeHmt.exe
  2⤵
  PID:5284
- C:\Windows\System\rADdWiU.exe
  C:\Windows\System\rADdWiU.exe
  2⤵
  PID:4896
- C:\Windows\System\ZOzCZSr.exe
  C:\Windows\System\ZOzCZSr.exe
  2⤵
  PID:5196
- C:\Windows\System\VycmOAF.exe
  C:\Windows\System\VycmOAF.exe
  2⤵
  PID:5380
- C:\Windows\System\heTTRyx.exe
  C:\Windows\System\heTTRyx.exe
  2⤵
  PID:5268
- C:\Windows\System\cCMuemI.exe
  C:\Windows\System\cCMuemI.exe
  2⤵
  PID:5416
- C:\Windows\System\AgCELva.exe
  C:\Windows\System\AgCELva.exe
  2⤵
  PID:2780
- C:\Windows\System\LtlPOkZ.exe
  C:\Windows\System\LtlPOkZ.exe
  2⤵
  PID:5484
- C:\Windows\System\SjnYOZh.exe
  C:\Windows\System\SjnYOZh.exe
  2⤵
  PID:5512
- C:\Windows\System\ShXQyKk.exe
  C:\Windows\System\ShXQyKk.exe
  2⤵
  PID:5436
- C:\Windows\System\vbOqhGY.exe
  C:\Windows\System\vbOqhGY.exe
  2⤵
  PID:5608
- C:\Windows\System\RYjtPRg.exe
  C:\Windows\System\RYjtPRg.exe
  2⤵
  PID:5528
- C:\Windows\System\QKkoLfZ.exe
  C:\Windows\System\QKkoLfZ.exe
  2⤵
  PID:5564
- C:\Windows\System\xpRTpJh.exe
  C:\Windows\System\xpRTpJh.exe
  2⤵
  PID:5624
- C:\Windows\System\awuBEla.exe
  C:\Windows\System\awuBEla.exe
  2⤵
  PID:4684
- C:\Windows\System\pXHhFAW.exe
  C:\Windows\System\pXHhFAW.exe
  2⤵
  PID:5628
- C:\Windows\System\WMjrUDX.exe
  C:\Windows\System\WMjrUDX.exe
  2⤵
  PID:5656
- C:\Windows\System\oqrSPGK.exe
  C:\Windows\System\oqrSPGK.exe
  2⤵
  PID:5688
- C:\Windows\System\wHymegg.exe
  C:\Windows\System\wHymegg.exe
  2⤵
  PID:2636
- C:\Windows\System\UwjDVCN.exe
  C:\Windows\System\UwjDVCN.exe
  2⤵
  PID:5768
- C:\Windows\System\dTfussd.exe
  C:\Windows\System\dTfussd.exe
  2⤵
  PID:4360
- C:\Windows\System\IyhXrbd.exe
  C:\Windows\System\IyhXrbd.exe
  2⤵
  PID:5800
- C:\Windows\System\VxFMNGo.exe
  C:\Windows\System\VxFMNGo.exe
  2⤵
  PID:5940
- C:\Windows\System\OkuwseP.exe
  C:\Windows\System\OkuwseP.exe
  2⤵
  PID:5908
- C:\Windows\System\uILzCXd.exe
  C:\Windows\System\uILzCXd.exe
  2⤵
  PID:2328
- C:\Windows\System\CRVvCcs.exe
  C:\Windows\System\CRVvCcs.exe
  2⤵
  PID:4836
- C:\Windows\System\HSNkBWr.exe
  C:\Windows\System\HSNkBWr.exe
  2⤵
  PID:6104
- C:\Windows\System\DSTkTFl.exe
  C:\Windows\System\DSTkTFl.exe
  2⤵
  PID:6108
- C:\Windows\System\lWpBeTm.exe
  C:\Windows\System\lWpBeTm.exe
  2⤵
  PID:3000
- C:\Windows\System\JHBFusg.exe
  C:\Windows\System\JHBFusg.exe
  2⤵
  PID:5184
- C:\Windows\System\dcmbAwQ.exe
  C:\Windows\System\dcmbAwQ.exe
  2⤵
  PID:5256
- C:\Windows\System\NqOpQhv.exe
  C:\Windows\System\NqOpQhv.exe
  2⤵
  PID:5236
- C:\Windows\System\kXzzjqk.exe
  C:\Windows\System\kXzzjqk.exe
  2⤵
  PID:4604
- C:\Windows\System\HbUaGZb.exe
  C:\Windows\System\HbUaGZb.exe
  2⤵
  PID:5316
- C:\Windows\System\ADMnynt.exe
  C:\Windows\System\ADMnynt.exe
  2⤵
  PID:5352
- C:\Windows\System\trrgMJM.exe
  C:\Windows\System\trrgMJM.exe
  2⤵
  PID:5304
- C:\Windows\System\LXmHIGL.exe
  C:\Windows\System\LXmHIGL.exe
  2⤵
  PID:5364
- C:\Windows\System\ZPGfScI.exe
  C:\Windows\System\ZPGfScI.exe
  2⤵
  PID:5544
- C:\Windows\System\vayQvVn.exe
  C:\Windows\System\vayQvVn.exe
  2⤵
  PID:5560
- C:\Windows\System\yezxPUS.exe
  C:\Windows\System\yezxPUS.exe
  2⤵
  PID:5592
- C:\Windows\System\WGTBadg.exe
  C:\Windows\System\WGTBadg.exe
  2⤵
  PID:5744
- C:\Windows\System\SIZDfgS.exe
  C:\Windows\System\SIZDfgS.exe
  2⤵
  PID:5660
- C:\Windows\System\NZZRgjT.exe
  C:\Windows\System\NZZRgjT.exe
  2⤵
  PID:5816
- C:\Windows\System\BQkZCee.exe
  C:\Windows\System\BQkZCee.exe
  2⤵
  PID:5796
- C:\Windows\System\jLaJiSZ.exe
  C:\Windows\System\jLaJiSZ.exe
  2⤵
  PID:6008
- C:\Windows\System\fsDoydv.exe
  C:\Windows\System\fsDoydv.exe
  2⤵
  PID:6092
- C:\Windows\System\dhJfqKj.exe
  C:\Windows\System\dhJfqKj.exe
  2⤵
  PID:5088
- C:\Windows\System\isWHHTz.exe
  C:\Windows\System\isWHHTz.exe
  2⤵
  PID:2492
- C:\Windows\System\HJKxkxK.exe
  C:\Windows\System\HJKxkxK.exe
  2⤵
  PID:5224
- C:\Windows\System\QBXcfiC.exe
  C:\Windows\System\QBXcfiC.exe
  2⤵
  PID:4480
- C:\Windows\System\qGdQaFW.exe
  C:\Windows\System\qGdQaFW.exe
  2⤵
  PID:2752
- C:\Windows\System\QkvJrJP.exe
  C:\Windows\System\QkvJrJP.exe
  2⤵
  PID:5272
- C:\Windows\System\DpFKXHr.exe
  C:\Windows\System\DpFKXHr.exe
  2⤵
  PID:5532
- C:\Windows\System\ucIpefI.exe
  C:\Windows\System\ucIpefI.exe
  2⤵
  PID:2728
- C:\Windows\System\stZywEo.exe
  C:\Windows\System\stZywEo.exe
  2⤵
  PID:5716
- C:\Windows\System\vCtxEJu.exe
  C:\Windows\System\vCtxEJu.exe
  2⤵
  PID:2348
- C:\Windows\System\ZkYiUWy.exe
  C:\Windows\System\ZkYiUWy.exe
  2⤵
  PID:2288
- C:\Windows\System\EjZEaEF.exe
  C:\Windows\System\EjZEaEF.exe
  2⤵
  PID:572
- C:\Windows\System\GdYeMWk.exe
  C:\Windows\System\GdYeMWk.exe
  2⤵
  PID:5212
- C:\Windows\System\NdycWAq.exe
  C:\Windows\System\NdycWAq.exe
  2⤵
  PID:5132
- C:\Windows\System\NOHXNoH.exe
  C:\Windows\System\NOHXNoH.exe
  2⤵
  PID:5320
- C:\Windows\System\xpLdEud.exe
  C:\Windows\System\xpLdEud.exe
  2⤵
  PID:5464
- C:\Windows\System\fLZphBm.exe
  C:\Windows\System\fLZphBm.exe
  2⤵
  PID:1776
- C:\Windows\System\YWejfFe.exe
  C:\Windows\System\YWejfFe.exe
  2⤵
  PID:1732
- C:\Windows\System\PGQcsYC.exe
  C:\Windows\System\PGQcsYC.exe
  2⤵
  PID:5924
- C:\Windows\System\gpdCWro.exe
  C:\Windows\System\gpdCWro.exe
  2⤵
  PID:2748
- C:\Windows\System\kbUFoba.exe
  C:\Windows\System\kbUFoba.exe
  2⤵
  PID:4804
- C:\Windows\System\cqLNhgL.exe
  C:\Windows\System\cqLNhgL.exe
  2⤵
  PID:856
- C:\Windows\System\aSQqDEO.exe
  C:\Windows\System\aSQqDEO.exe
  2⤵
  PID:6152
- C:\Windows\System\BSsoCkX.exe
  C:\Windows\System\BSsoCkX.exe
  2⤵
  PID:6168
- C:\Windows\System\RmySTdI.exe
  C:\Windows\System\RmySTdI.exe
  2⤵
  PID:6208
- C:\Windows\System\MoCtvib.exe
  C:\Windows\System\MoCtvib.exe
  2⤵
  PID:6228
- C:\Windows\System\SxJzpIw.exe
  C:\Windows\System\SxJzpIw.exe
  2⤵
  PID:6244
- C:\Windows\System\ZnMKuOw.exe
  C:\Windows\System\ZnMKuOw.exe
  2⤵
  PID:6260
- C:\Windows\System\oAfSalM.exe
  C:\Windows\System\oAfSalM.exe
  2⤵
  PID:6276
- C:\Windows\System\AKBIlZC.exe
  C:\Windows\System\AKBIlZC.exe
  2⤵
  PID:6292
- C:\Windows\System\ILBBNhU.exe
  C:\Windows\System\ILBBNhU.exe
  2⤵
  PID:6308
- C:\Windows\System\GSpgqOi.exe
  C:\Windows\System\GSpgqOi.exe
  2⤵
  PID:6324
- C:\Windows\System\FVHrxYe.exe
  C:\Windows\System\FVHrxYe.exe
  2⤵
  PID:6340
- C:\Windows\System\OpuaaaP.exe
  C:\Windows\System\OpuaaaP.exe
  2⤵
  PID:6356
- C:\Windows\System\BOjmMFW.exe
  C:\Windows\System\BOjmMFW.exe
  2⤵
  PID:6372
- C:\Windows\System\QsWABfG.exe
  C:\Windows\System\QsWABfG.exe
  2⤵
  PID:6388
- C:\Windows\System\sRSUsPY.exe
  C:\Windows\System\sRSUsPY.exe
  2⤵
  PID:6408
- C:\Windows\System\iRbwhEq.exe
  C:\Windows\System\iRbwhEq.exe
  2⤵
  PID:6424
- C:\Windows\System\oOUKryo.exe
  C:\Windows\System\oOUKryo.exe
  2⤵
  PID:6440
- C:\Windows\System\dZgMZAt.exe
  C:\Windows\System\dZgMZAt.exe
  2⤵
  PID:6456
- C:\Windows\System\gkFDdVk.exe
  C:\Windows\System\gkFDdVk.exe
  2⤵
  PID:6472
- C:\Windows\System\WrIrnEA.exe
  C:\Windows\System\WrIrnEA.exe
  2⤵
  PID:6488
- C:\Windows\System\bqNTMub.exe
  C:\Windows\System\bqNTMub.exe
  2⤵
  PID:6504
- C:\Windows\System\gLIIFBM.exe
  C:\Windows\System\gLIIFBM.exe
  2⤵
  PID:6520
- C:\Windows\System\EQImcyA.exe
  C:\Windows\System\EQImcyA.exe
  2⤵
  PID:6536
- C:\Windows\System\rwogkKB.exe
  C:\Windows\System\rwogkKB.exe
  2⤵
  PID:6552
- C:\Windows\System\oXoTNxZ.exe
  C:\Windows\System\oXoTNxZ.exe
  2⤵
  PID:6568
- C:\Windows\System\wclHmCa.exe
  C:\Windows\System\wclHmCa.exe
  2⤵
  PID:6584
- C:\Windows\System\pgKWgKN.exe
  C:\Windows\System\pgKWgKN.exe
  2⤵
  PID:6600
- C:\Windows\System\gidhCWT.exe
  C:\Windows\System\gidhCWT.exe
  2⤵
  PID:6616
- C:\Windows\System\hbXYkRh.exe
  C:\Windows\System\hbXYkRh.exe
  2⤵
  PID:6632
- C:\Windows\System\nKXSfYQ.exe
  C:\Windows\System\nKXSfYQ.exe
  2⤵
  PID:6648
- C:\Windows\System\emVaiqt.exe
  C:\Windows\System\emVaiqt.exe
  2⤵
  PID:6664
- C:\Windows\System\PPeSTDP.exe
  C:\Windows\System\PPeSTDP.exe
  2⤵
  PID:6680
- C:\Windows\System\RuxURNP.exe
  C:\Windows\System\RuxURNP.exe
  2⤵
  PID:6696
- C:\Windows\System\YDpTBOf.exe
  C:\Windows\System\YDpTBOf.exe
  2⤵
  PID:6712
- C:\Windows\System\VjfWkLn.exe
  C:\Windows\System\VjfWkLn.exe
  2⤵
  PID:6728
- C:\Windows\System\KjYjhMU.exe
  C:\Windows\System\KjYjhMU.exe
  2⤵
  PID:6744
- C:\Windows\System\eviVSzG.exe
  C:\Windows\System\eviVSzG.exe
  2⤵
  PID:6760
- C:\Windows\System\KigTqMN.exe
  C:\Windows\System\KigTqMN.exe
  2⤵
  PID:6776
- C:\Windows\System\NxgmHSq.exe
  C:\Windows\System\NxgmHSq.exe
  2⤵
  PID:6792
- C:\Windows\System\NpDBxWW.exe
  C:\Windows\System\NpDBxWW.exe
  2⤵
  PID:6808
- C:\Windows\System\fdYRMOJ.exe
  C:\Windows\System\fdYRMOJ.exe
  2⤵
  PID:6824
- C:\Windows\System\xPBaUCh.exe
  C:\Windows\System\xPBaUCh.exe
  2⤵
  PID:6840
- C:\Windows\System\zOxpfXT.exe
  C:\Windows\System\zOxpfXT.exe
  2⤵
  PID:6856
- C:\Windows\System\lxTuHNz.exe
  C:\Windows\System\lxTuHNz.exe
  2⤵
  PID:6872
- C:\Windows\System\EctrAhE.exe
  C:\Windows\System\EctrAhE.exe
  2⤵
  PID:6888
- C:\Windows\System\UHPppmK.exe
  C:\Windows\System\UHPppmK.exe
  2⤵
  PID:6904
- C:\Windows\System\maVyNyz.exe
  C:\Windows\System\maVyNyz.exe
  2⤵
  PID:6920
- C:\Windows\System\oCatGgE.exe
  C:\Windows\System\oCatGgE.exe
  2⤵
  PID:6936
- C:\Windows\System\knwnptB.exe
  C:\Windows\System\knwnptB.exe
  2⤵
  PID:6952
- C:\Windows\System\VTOhYSA.exe
  C:\Windows\System\VTOhYSA.exe
  2⤵
  PID:6968
- C:\Windows\System\rqaltKK.exe
  C:\Windows\System\rqaltKK.exe
  2⤵
  PID:6984
- C:\Windows\System\CbDsDuN.exe
  C:\Windows\System\CbDsDuN.exe
  2⤵
  PID:7000
- C:\Windows\System\HdjDIZe.exe
  C:\Windows\System\HdjDIZe.exe
  2⤵
  PID:7016
- C:\Windows\System\oxeqXdo.exe
  C:\Windows\System\oxeqXdo.exe
  2⤵
  PID:7032
- C:\Windows\System\NahSCqT.exe
  C:\Windows\System\NahSCqT.exe
  2⤵
  PID:7048
- C:\Windows\System\dehFNgp.exe
  C:\Windows\System\dehFNgp.exe
  2⤵
  PID:7064
- C:\Windows\System\rweJgYD.exe
  C:\Windows\System\rweJgYD.exe
  2⤵
  PID:7080
- C:\Windows\System\hAnEVXi.exe
  C:\Windows\System\hAnEVXi.exe
  2⤵
  PID:7096
- C:\Windows\System\prcfFBj.exe
  C:\Windows\System\prcfFBj.exe
  2⤵
  PID:7112
- C:\Windows\System\JJLyLys.exe
  C:\Windows\System\JJLyLys.exe
  2⤵
  PID:7128
- C:\Windows\System\SjswFxs.exe
  C:\Windows\System\SjswFxs.exe
  2⤵
  PID:7144
- C:\Windows\System\ViYvXpy.exe
  C:\Windows\System\ViYvXpy.exe
  2⤵
  PID:7160
- C:\Windows\System\ezpQlUH.exe
  C:\Windows\System\ezpQlUH.exe
  2⤵
  PID:1004
- C:\Windows\System\NDBSHTG.exe
  C:\Windows\System\NDBSHTG.exe
  2⤵
  PID:4140
- C:\Windows\System\qEFlrnR.exe
  C:\Windows\System\qEFlrnR.exe
  2⤵
  PID:6216
- C:\Windows\System\mqHSmwS.exe
  C:\Windows\System\mqHSmwS.exe
  2⤵
  PID:6256
- C:\Windows\System\smAFWSN.exe
  C:\Windows\System\smAFWSN.exe
  2⤵
  PID:6316
- C:\Windows\System\ACPjZEW.exe
  C:\Windows\System\ACPjZEW.exe
  2⤵
  PID:6164
- C:\Windows\System\PkKwyqM.exe
  C:\Windows\System\PkKwyqM.exe
  2⤵
  PID:2776
- C:\Windows\System\GQKkQCF.exe
  C:\Windows\System\GQKkQCF.exe
  2⤵
  PID:824
- C:\Windows\System\JkAegFS.exe
  C:\Windows\System\JkAegFS.exe
  2⤵
  PID:6484
- C:\Windows\System\QExVeUR.exe
  C:\Windows\System\QExVeUR.exe
  2⤵
  PID:1592
- C:\Windows\System\MyLSAXd.exe
  C:\Windows\System\MyLSAXd.exe
  2⤵
  PID:5812
- C:\Windows\System\hgzTNue.exe
  C:\Windows\System\hgzTNue.exe
  2⤵
  PID:6576
- C:\Windows\System\GDnTtym.exe
  C:\Windows\System\GDnTtym.exe
  2⤵
  PID:6640
- C:\Windows\System\zRhWQBe.exe
  C:\Windows\System\zRhWQBe.exe
  2⤵
  PID:6676
- C:\Windows\System\EWlufNV.exe
  C:\Windows\System\EWlufNV.exe
  2⤵
  PID:6496
- C:\Windows\System\bEuJrJH.exe
  C:\Windows\System\bEuJrJH.exe
  2⤵
  PID:6180
- C:\Windows\System\PTCtQWP.exe
  C:\Windows\System\PTCtQWP.exe
  2⤵
  PID:6196
- C:\Windows\System\Yvpzsts.exe
  C:\Windows\System\Yvpzsts.exe
  2⤵
  PID:6240
- C:\Windows\System\eLBErMe.exe
  C:\Windows\System\eLBErMe.exe
  2⤵
  PID:6300
- C:\Windows\System\bFkErUh.exe
  C:\Windows\System\bFkErUh.exe
  2⤵
  PID:6364
- C:\Windows\System\rDnMUzw.exe
  C:\Windows\System\rDnMUzw.exe
  2⤵
  PID:6432
- C:\Windows\System\oFaxvvz.exe
  C:\Windows\System\oFaxvvz.exe
  2⤵
  PID:6500
- C:\Windows\System\yFpWxIJ.exe
  C:\Windows\System\yFpWxIJ.exe
  2⤵
  PID:6564
- C:\Windows\System\VNLvtLy.exe
  C:\Windows\System\VNLvtLy.exe
  2⤵
  PID:6656
- C:\Windows\System\dUXzZPO.exe
  C:\Windows\System\dUXzZPO.exe
  2⤵
  PID:6720
- C:\Windows\System\gWwPFGZ.exe
  C:\Windows\System\gWwPFGZ.exe
  2⤵
  PID:2904
- C:\Windows\System\PCzQdER.exe
  C:\Windows\System\PCzQdER.exe
  2⤵
  PID:6800
- C:\Windows\System\MSWXtml.exe
  C:\Windows\System\MSWXtml.exe
  2⤵
  PID:6900
- C:\Windows\System\dxEezXK.exe
  C:\Windows\System\dxEezXK.exe
  2⤵
  PID:6756
- C:\Windows\System\TBUOcVE.exe
  C:\Windows\System\TBUOcVE.exe
  2⤵
  PID:6820
- C:\Windows\System\rcebEsf.exe
  C:\Windows\System\rcebEsf.exe
  2⤵
  PID:6960
- C:\Windows\System\TUGbpVj.exe
  C:\Windows\System\TUGbpVj.exe
  2⤵
  PID:2944
- C:\Windows\System\MDeZLdL.exe
  C:\Windows\System\MDeZLdL.exe
  2⤵
  PID:6912
- C:\Windows\System\aUiBUDR.exe
  C:\Windows\System\aUiBUDR.exe
  2⤵
  PID:6976
- C:\Windows\System\LIAFoQl.exe
  C:\Windows\System\LIAFoQl.exe
  2⤵
  PID:7028
- C:\Windows\System\cTWlEUi.exe
  C:\Windows\System\cTWlEUi.exe
  2⤵
  PID:7088
- C:\Windows\System\otSaZLn.exe
  C:\Windows\System\otSaZLn.exe
  2⤵
  PID:7120
- C:\Windows\System\JSVwodN.exe
  C:\Windows\System\JSVwodN.exe
  2⤵
  PID:7140
- C:\Windows\System\IAoPBQI.exe
  C:\Windows\System\IAoPBQI.exe
  2⤵
  PID:6160
- C:\Windows\System\hycrrxu.exe
  C:\Windows\System\hycrrxu.exe
  2⤵
  PID:900
- C:\Windows\System\rwPMwqj.exe
  C:\Windows\System\rwPMwqj.exe
  2⤵
  PID:6352
- C:\Windows\System\htknzIS.exe
  C:\Windows\System\htknzIS.exe
  2⤵
  PID:6252
- C:\Windows\System\qGiuXXP.exe
  C:\Windows\System\qGiuXXP.exe
  2⤵
  PID:6516
- C:\Windows\System\Mbsxplk.exe
  C:\Windows\System\Mbsxplk.exe
  2⤵
  PID:1272
- C:\Windows\System\qUYfLJX.exe
  C:\Windows\System\qUYfLJX.exe
  2⤵
  PID:5168
- C:\Windows\System\nRUUTJQ.exe
  C:\Windows\System\nRUUTJQ.exe
  2⤵
  PID:6608
- C:\Windows\System\ykeaPHT.exe
  C:\Windows\System\ykeaPHT.exe
  2⤵
  PID:6672
- C:\Windows\System\KMbTMqF.exe
  C:\Windows\System\KMbTMqF.exe
  2⤵
  PID:6268
- C:\Windows\System\AlxLxPX.exe
  C:\Windows\System\AlxLxPX.exe
  2⤵
  PID:6204
- C:\Windows\System\ZAgyVmS.exe
  C:\Windows\System\ZAgyVmS.exe
  2⤵
  PID:6188
- C:\Windows\System\XvEDbgu.exe
  C:\Windows\System\XvEDbgu.exe
  2⤵
  PID:6464
- C:\Windows\System\hvebuvg.exe
  C:\Windows\System\hvebuvg.exe
  2⤵
  PID:6404
- C:\Windows\System\IINbunw.exe
  C:\Windows\System\IINbunw.exe
  2⤵
  PID:6768
- C:\Windows\System\ImlTbHN.exe
  C:\Windows\System\ImlTbHN.exe
  2⤵
  PID:2372
- C:\Windows\System\LioGbmq.exe
  C:\Windows\System\LioGbmq.exe
  2⤵
  PID:6816
- C:\Windows\System\DurgODZ.exe
  C:\Windows\System\DurgODZ.exe
  2⤵
  PID:1000
- C:\Windows\System\vqyxJzN.exe
  C:\Windows\System\vqyxJzN.exe
  2⤵
  PID:7044
- C:\Windows\System\jiygAHP.exe
  C:\Windows\System\jiygAHP.exe
  2⤵
  PID:6688
- C:\Windows\System\hEVKJBg.exe
  C:\Windows\System\hEVKJBg.exe
  2⤵
  PID:6752
- C:\Windows\System\JNSFGbG.exe
  C:\Windows\System\JNSFGbG.exe
  2⤵
  PID:7024
- C:\Windows\System\EIFSzkg.exe
  C:\Windows\System\EIFSzkg.exe
  2⤵
  PID:7076
- C:\Windows\System\tbUwMlt.exe
  C:\Windows\System\tbUwMlt.exe
  2⤵
  PID:6288
- C:\Windows\System\TIpKJFC.exe
  C:\Windows\System\TIpKJFC.exe
  2⤵
  PID:6224
- C:\Windows\System\QErXOTi.exe
  C:\Windows\System\QErXOTi.exe
  2⤵
  PID:6348
- C:\Windows\System\EtrOyaq.exe
  C:\Windows\System\EtrOyaq.exe
  2⤵
  PID:2404
- C:\Windows\System\CMZYwtN.exe
  C:\Windows\System\CMZYwtN.exe
  2⤵
  PID:6148
- C:\Windows\System\RpmYIDO.exe
  C:\Windows\System\RpmYIDO.exe
  2⤵
  PID:5732
- C:\Windows\System\hHbjUmW.exe
  C:\Windows\System\hHbjUmW.exe
  2⤵
  PID:6532
- C:\Windows\System\TKtGtOr.exe
  C:\Windows\System\TKtGtOr.exe
  2⤵
  PID:6400
- C:\Windows\System\jbdYNng.exe
  C:\Windows\System\jbdYNng.exe
  2⤵
  PID:6964
- C:\Windows\System\OTdzrOh.exe
  C:\Windows\System\OTdzrOh.exe
  2⤵
  PID:7108
- C:\Windows\System\vIPqrgF.exe
  C:\Windows\System\vIPqrgF.exe
  2⤵
  PID:6996
- C:\Windows\System\hCVNMFa.exe
  C:\Windows\System\hCVNMFa.exe
  2⤵
  PID:1152
- C:\Windows\System\AfkcKOj.exe
  C:\Windows\System\AfkcKOj.exe
  2⤵
  PID:1832
- C:\Windows\System\XVNyvig.exe
  C:\Windows\System\XVNyvig.exe
  2⤵
  PID:1064
- C:\Windows\System\cybAnYD.exe
  C:\Windows\System\cybAnYD.exe
  2⤵
  PID:2984
- C:\Windows\System\jhUdpyK.exe
  C:\Windows\System\jhUdpyK.exe
  2⤵
  PID:1404
- C:\Windows\System\mUAeMNr.exe
  C:\Windows\System\mUAeMNr.exe
  2⤵
  PID:6804
- C:\Windows\System\dSaAqhc.exe
  C:\Windows\System\dSaAqhc.exe
  2⤵
  PID:6336
- C:\Windows\System\BWKyLgX.exe
  C:\Windows\System\BWKyLgX.exe
  2⤵
  PID:2504
- C:\Windows\System\dXbrxGz.exe
  C:\Windows\System\dXbrxGz.exe
  2⤵
  PID:1904
- C:\Windows\System\wtaXegV.exe
  C:\Windows\System\wtaXegV.exe
  2⤵
  PID:1032
- C:\Windows\System\rbDbYnN.exe
  C:\Windows\System\rbDbYnN.exe
  2⤵
  PID:6736
- C:\Windows\System\KBjAUfx.exe
  C:\Windows\System\KBjAUfx.exe
  2⤵
  PID:7180
- C:\Windows\System\EjbKCLg.exe
  C:\Windows\System\EjbKCLg.exe
  2⤵
  PID:7196
- C:\Windows\System\WJZsjSJ.exe
  C:\Windows\System\WJZsjSJ.exe
  2⤵
  PID:7212
- C:\Windows\System\GgHWmxH.exe
  C:\Windows\System\GgHWmxH.exe
  2⤵
  PID:7228
- C:\Windows\System\WxPHOFG.exe
  C:\Windows\System\WxPHOFG.exe
  2⤵
  PID:7244
- C:\Windows\System\lPmYbAX.exe
  C:\Windows\System\lPmYbAX.exe
  2⤵
  PID:7260
- C:\Windows\System\uiOKNIe.exe
  C:\Windows\System\uiOKNIe.exe
  2⤵
  PID:7276
- C:\Windows\System\gXumGPo.exe
  C:\Windows\System\gXumGPo.exe
  2⤵
  PID:7292
- C:\Windows\System\JYehXZX.exe
  C:\Windows\System\JYehXZX.exe
  2⤵
  PID:7308
- C:\Windows\System\LiUBFDb.exe
  C:\Windows\System\LiUBFDb.exe
  2⤵
  PID:7324
- C:\Windows\System\UbXuYDD.exe
  C:\Windows\System\UbXuYDD.exe
  2⤵
  PID:7340
- C:\Windows\System\WdroDQh.exe
  C:\Windows\System\WdroDQh.exe
  2⤵
  PID:7356
- C:\Windows\System\HstDDFQ.exe
  C:\Windows\System\HstDDFQ.exe
  2⤵
  PID:7372
- C:\Windows\System\lDQLhNP.exe
  C:\Windows\System\lDQLhNP.exe
  2⤵
  PID:7388
- C:\Windows\System\uqBqtCQ.exe
  C:\Windows\System\uqBqtCQ.exe
  2⤵
  PID:7404
- C:\Windows\System\PYYlPYJ.exe
  C:\Windows\System\PYYlPYJ.exe
  2⤵
  PID:7420
- C:\Windows\System\pphEKQZ.exe
  C:\Windows\System\pphEKQZ.exe
  2⤵
  PID:7436
- C:\Windows\System\oPkgByH.exe
  C:\Windows\System\oPkgByH.exe
  2⤵
  PID:7452
- C:\Windows\System\cwmysHE.exe
  C:\Windows\System\cwmysHE.exe
  2⤵
  PID:7468
- C:\Windows\System\HxEqMzq.exe
  C:\Windows\System\HxEqMzq.exe
  2⤵
  PID:7484
- C:\Windows\System\EFLqUvQ.exe
  C:\Windows\System\EFLqUvQ.exe
  2⤵
  PID:7500
- C:\Windows\System\BWeUaiv.exe
  C:\Windows\System\BWeUaiv.exe
  2⤵
  PID:7516
- C:\Windows\System\uHYuhtz.exe
  C:\Windows\System\uHYuhtz.exe
  2⤵
  PID:7532
- C:\Windows\System\NedmIAD.exe
  C:\Windows\System\NedmIAD.exe
  2⤵
  PID:7548
- C:\Windows\System\xEZKNnK.exe
  C:\Windows\System\xEZKNnK.exe
  2⤵
  PID:7568
- C:\Windows\System\iXNoijM.exe
  C:\Windows\System\iXNoijM.exe
  2⤵
  PID:7584
- C:\Windows\System\sHBCtdM.exe
  C:\Windows\System\sHBCtdM.exe
  2⤵
  PID:7600
- C:\Windows\System\VYFThvG.exe
  C:\Windows\System\VYFThvG.exe
  2⤵
  PID:7616
- C:\Windows\System\gkDEsTe.exe
  C:\Windows\System\gkDEsTe.exe
  2⤵
  PID:7632
- C:\Windows\System\iuuArKl.exe
  C:\Windows\System\iuuArKl.exe
  2⤵
  PID:7648
- C:\Windows\System\wHDyGzf.exe
  C:\Windows\System\wHDyGzf.exe
  2⤵
  PID:7664
- C:\Windows\System\terzHLl.exe
  C:\Windows\System\terzHLl.exe
  2⤵
  PID:7680
- C:\Windows\System\vvkruTA.exe
  C:\Windows\System\vvkruTA.exe
  2⤵
  PID:7696
- C:\Windows\System\dqrGWqG.exe
  C:\Windows\System\dqrGWqG.exe
  2⤵
  PID:7712
- C:\Windows\System\qzwBEpf.exe
  C:\Windows\System\qzwBEpf.exe
  2⤵
  PID:7728
- C:\Windows\System\rcznBuj.exe
  C:\Windows\System\rcznBuj.exe
  2⤵
  PID:7744
- C:\Windows\System\FJFxtql.exe
  C:\Windows\System\FJFxtql.exe
  2⤵
  PID:7760
- C:\Windows\System\tQEoKZJ.exe
  C:\Windows\System\tQEoKZJ.exe
  2⤵
  PID:7776
- C:\Windows\System\VUYxZRJ.exe
  C:\Windows\System\VUYxZRJ.exe
  2⤵
  PID:7792
- C:\Windows\System\bfUjKHU.exe
  C:\Windows\System\bfUjKHU.exe
  2⤵
  PID:7808
- C:\Windows\System\ndzMaBv.exe
  C:\Windows\System\ndzMaBv.exe
  2⤵
  PID:7824
- C:\Windows\System\hCsHtlu.exe
  C:\Windows\System\hCsHtlu.exe
  2⤵
  PID:7840
- C:\Windows\System\IgtuOQX.exe
  C:\Windows\System\IgtuOQX.exe
  2⤵
  PID:7856
- C:\Windows\System\QpZRLXQ.exe
  C:\Windows\System\QpZRLXQ.exe
  2⤵
  PID:7872
- C:\Windows\System\vqTLtCd.exe
  C:\Windows\System\vqTLtCd.exe
  2⤵
  PID:7888
- C:\Windows\System\QGwARUD.exe
  C:\Windows\System\QGwARUD.exe
  2⤵
  PID:7904
- C:\Windows\System\RKPXgBH.exe
  C:\Windows\System\RKPXgBH.exe
  2⤵
  PID:7924
- C:\Windows\System\XtUCSDS.exe
  C:\Windows\System\XtUCSDS.exe
  2⤵
  PID:7940
- C:\Windows\System\pNZFpEF.exe
  C:\Windows\System\pNZFpEF.exe
  2⤵
  PID:7956
- C:\Windows\System\wyYouUq.exe
  C:\Windows\System\wyYouUq.exe
  2⤵
  PID:7972
- C:\Windows\System\ByWxtXA.exe
  C:\Windows\System\ByWxtXA.exe
  2⤵
  PID:7988
- C:\Windows\System\RXFfDYd.exe
  C:\Windows\System\RXFfDYd.exe
  2⤵
  PID:8004
- C:\Windows\System\zOArDKj.exe
  C:\Windows\System\zOArDKj.exe
  2⤵
  PID:8020
- C:\Windows\System\hLSTcil.exe
  C:\Windows\System\hLSTcil.exe
  2⤵
  PID:8036
- C:\Windows\System\WTwMtaN.exe
  C:\Windows\System\WTwMtaN.exe
  2⤵
  PID:8052
- C:\Windows\System\gVgOUGt.exe
  C:\Windows\System\gVgOUGt.exe
  2⤵
  PID:8068
- C:\Windows\System\NNiWFVv.exe
  C:\Windows\System\NNiWFVv.exe
  2⤵
  PID:8084
- C:\Windows\System\ecQQLQD.exe
  C:\Windows\System\ecQQLQD.exe
  2⤵
  PID:8100
- C:\Windows\System\ZpXecpV.exe
  C:\Windows\System\ZpXecpV.exe
  2⤵
  PID:8116
- C:\Windows\System\LnIgrmj.exe
  C:\Windows\System\LnIgrmj.exe
  2⤵
  PID:8132
- C:\Windows\System\bTXbILJ.exe
  C:\Windows\System\bTXbILJ.exe
  2⤵
  PID:8148
- C:\Windows\System\TprffOS.exe
  C:\Windows\System\TprffOS.exe
  2⤵
  PID:8164
- C:\Windows\System\ZoIJDir.exe
  C:\Windows\System\ZoIJDir.exe
  2⤵
  PID:8180
- C:\Windows\System\ftMNrHz.exe
  C:\Windows\System\ftMNrHz.exe
  2⤵
  PID:6468
- C:\Windows\System\aGITYQW.exe
  C:\Windows\System\aGITYQW.exe
  2⤵
  PID:6836
- C:\Windows\System\SENeAOQ.exe
  C:\Windows\System\SENeAOQ.exe
  2⤵
  PID:1632
- C:\Windows\System\vkHixyY.exe
  C:\Windows\System\vkHixyY.exe
  2⤵
  PID:7176
- C:\Windows\System\CIrDidp.exe
  C:\Windows\System\CIrDidp.exe
  2⤵
  PID:7240
- C:\Windows\System\FciiMIN.exe
  C:\Windows\System\FciiMIN.exe
  2⤵
  PID:7332
- C:\Windows\System\EdyEuOW.exe
  C:\Windows\System\EdyEuOW.exe
  2⤵
  PID:7396
- C:\Windows\System\xBiAIVq.exe
  C:\Windows\System\xBiAIVq.exe
  2⤵
  PID:7460
- C:\Windows\System\VIVewHN.exe
  C:\Windows\System\VIVewHN.exe
  2⤵
  PID:7528
- C:\Windows\System\PogBxDC.exe
  C:\Windows\System\PogBxDC.exe
  2⤵
  PID:7492
- C:\Windows\System\mUaUvZA.exe
  C:\Windows\System\mUaUvZA.exe
  2⤵
  PID:7316
- C:\Windows\System\sXOJcLB.exe
  C:\Windows\System\sXOJcLB.exe
  2⤵
  PID:7256
- C:\Windows\System\eHletkD.exe
  C:\Windows\System\eHletkD.exe
  2⤵
  PID:7576
- C:\Windows\System\FnQjwvM.exe
  C:\Windows\System\FnQjwvM.exe
  2⤵
  PID:7384
- C:\Windows\System\JlVlhWy.exe
  C:\Windows\System\JlVlhWy.exe
  2⤵
  PID:7480
- C:\Windows\System\zsuEJrn.exe
  C:\Windows\System\zsuEJrn.exe
  2⤵
  PID:7540
- C:\Windows\System\TDvZkFM.exe
  C:\Windows\System\TDvZkFM.exe
  2⤵
  PID:7624
- C:\Windows\System\YHzNbnZ.exe
  C:\Windows\System\YHzNbnZ.exe
  2⤵
  PID:7688
- C:\Windows\System\pOQjsDz.exe
  C:\Windows\System\pOQjsDz.exe
  2⤵
  PID:7644
- C:\Windows\System\ZFMWVxB.exe
  C:\Windows\System\ZFMWVxB.exe
  2⤵
  PID:7704
- C:\Windows\System\TnuThhY.exe
  C:\Windows\System\TnuThhY.exe
  2⤵
  PID:7752
- C:\Windows\System\NmfJSNN.exe
  C:\Windows\System\NmfJSNN.exe
  2⤵
  PID:7788
- C:\Windows\System\BuJJJDU.exe
  C:\Windows\System\BuJJJDU.exe
  2⤵
  PID:7136
- C:\Windows\System\NVpDlxz.exe
  C:\Windows\System\NVpDlxz.exe
  2⤵
  PID:7768
- C:\Windows\System\SQHlNaJ.exe
  C:\Windows\System\SQHlNaJ.exe
  2⤵
  PID:7772
- C:\Windows\System\KdNJcnB.exe
  C:\Windows\System\KdNJcnB.exe
  2⤵
  PID:7864
- C:\Windows\System\PSDykLc.exe
  C:\Windows\System\PSDykLc.exe
  2⤵
  PID:7920
- C:\Windows\System\IMjjMhG.exe
  C:\Windows\System\IMjjMhG.exe
  2⤵
  PID:7984
- C:\Windows\System\SBOaOeR.exe
  C:\Windows\System\SBOaOeR.exe
  2⤵
  PID:6560
- C:\Windows\System\RDMNVAd.exe
  C:\Windows\System\RDMNVAd.exe
  2⤵
  PID:8160
- C:\Windows\System\nmSBtcI.exe
  C:\Windows\System\nmSBtcI.exe
  2⤵
  PID:3712
- C:\Windows\System\HyZqfuh.exe
  C:\Windows\System\HyZqfuh.exe
  2⤵
  PID:7300
- C:\Windows\System\zkDjQLZ.exe
  C:\Windows\System\zkDjQLZ.exe
  2⤵
  PID:6548
- C:\Windows\System\OYgMmRV.exe
  C:\Windows\System\OYgMmRV.exe
  2⤵
  PID:7412
- C:\Windows\System\fhiaMpk.exe
  C:\Windows\System\fhiaMpk.exe
  2⤵
  PID:7304
- C:\Windows\System\ykKGeLg.exe
  C:\Windows\System\ykKGeLg.exe
  2⤵
  PID:7288
- C:\Windows\System\IKIOvdv.exe
  C:\Windows\System\IKIOvdv.exe
  2⤵
  PID:7596
- C:\Windows\System\ODiCOBC.exe
  C:\Windows\System\ODiCOBC.exe
  2⤵
  PID:7724
- C:\Windows\System\FVZOzTX.exe
  C:\Windows\System\FVZOzTX.exe
  2⤵
  PID:7252
- C:\Windows\System\teKXNFU.exe
  C:\Windows\System\teKXNFU.exe
  2⤵
  PID:7656
- C:\Windows\System\bdIoZVe.exe
  C:\Windows\System\bdIoZVe.exe
  2⤵
  PID:7784
- C:\Windows\System\FPWoAys.exe
  C:\Windows\System\FPWoAys.exe
  2⤵
  PID:7836
- C:\Windows\System\KRmVWAb.exe
  C:\Windows\System\KRmVWAb.exe
  2⤵
  PID:7832
- C:\Windows\System\GXynKAY.exe
  C:\Windows\System\GXynKAY.exe
  2⤵
  PID:7952
- C:\Windows\System\bXTmVsW.exe
  C:\Windows\System\bXTmVsW.exe
  2⤵
  PID:7936
- C:\Windows\System\xCuLaah.exe
  C:\Windows\System\xCuLaah.exe
  2⤵
  PID:8076
- C:\Windows\System\QqaxxXv.exe
  C:\Windows\System\QqaxxXv.exe
  2⤵
  PID:8060
- C:\Windows\System\QUjlcwq.exe
  C:\Windows\System\QUjlcwq.exe
  2⤵
  PID:8064
- C:\Windows\System\onlghoT.exe
  C:\Windows\System\onlghoT.exe
  2⤵
  PID:8112
- C:\Windows\System\mTOZSwt.exe
  C:\Windows\System\mTOZSwt.exe
  2⤵
  PID:8124
- C:\Windows\System\NcFkfVo.exe
  C:\Windows\System\NcFkfVo.exe
  2⤵
  PID:7220
- C:\Windows\System\SssiPUS.exe
  C:\Windows\System\SssiPUS.exe
  2⤵
  PID:7432
- C:\Windows\System\eXYFSKx.exe
  C:\Windows\System\eXYFSKx.exe
  2⤵
  PID:7612
- C:\Windows\System\mSWYcAP.exe
  C:\Windows\System\mSWYcAP.exe
  2⤵
  PID:7880
- C:\Windows\System\zLUFWHN.exe
  C:\Windows\System\zLUFWHN.exe
  2⤵
  PID:7736
- C:\Windows\System\tPvmvZA.exe
  C:\Windows\System\tPvmvZA.exe
  2⤵
  PID:7672
- C:\Windows\System\NtOVmCo.exe
  C:\Windows\System\NtOVmCo.exe
  2⤵
  PID:7448
- C:\Windows\System\HdndZkk.exe
  C:\Windows\System\HdndZkk.exe
  2⤵
  PID:8012
- C:\Windows\System\JkiVtSf.exe
  C:\Windows\System\JkiVtSf.exe
  2⤵
  PID:7012
- C:\Windows\System\fxXJiGn.exe
  C:\Windows\System\fxXJiGn.exe
  2⤵
  PID:7964
- C:\Windows\System\SMoRAXy.exe
  C:\Windows\System\SMoRAXy.exe
  2⤵
  PID:7236
- C:\Windows\System\TvTgefV.exe
  C:\Windows\System\TvTgefV.exe
  2⤵
  PID:6384
- C:\Windows\System\nDwcSkT.exe
  C:\Windows\System\nDwcSkT.exe
  2⤵
  PID:8032
- C:\Windows\System\DYhBjzB.exe
  C:\Windows\System\DYhBjzB.exe
  2⤵
  PID:7512
- C:\Windows\System\GSijmbX.exe
  C:\Windows\System\GSijmbX.exe
  2⤵
  PID:8208
- C:\Windows\System\brrvEXC.exe
  C:\Windows\System\brrvEXC.exe
  2⤵
  PID:8224
- C:\Windows\System\VVJbQDg.exe
  C:\Windows\System\VVJbQDg.exe
  2⤵
  PID:8240
- C:\Windows\System\jyuborG.exe
  C:\Windows\System\jyuborG.exe
  2⤵
  PID:8256
- C:\Windows\System\kpSGwPY.exe
  C:\Windows\System\kpSGwPY.exe
  2⤵
  PID:8272
- C:\Windows\System\wFSFXUR.exe
  C:\Windows\System\wFSFXUR.exe
  2⤵
  PID:8288
- C:\Windows\System\elhdSUn.exe
  C:\Windows\System\elhdSUn.exe
  2⤵
  PID:8304
- C:\Windows\System\VyszKxL.exe
  C:\Windows\System\VyszKxL.exe
  2⤵
  PID:8320
- C:\Windows\System\JrkbIoM.exe
  C:\Windows\System\JrkbIoM.exe
  2⤵
  PID:8336
- C:\Windows\System\WzFKNbA.exe
  C:\Windows\System\WzFKNbA.exe
  2⤵
  PID:8352
- C:\Windows\System\CzLezyy.exe
  C:\Windows\System\CzLezyy.exe
  2⤵
  PID:8368
- C:\Windows\System\URyAyjo.exe
  C:\Windows\System\URyAyjo.exe
  2⤵
  PID:8384
- C:\Windows\System\XyWtfmx.exe
  C:\Windows\System\XyWtfmx.exe
  2⤵
  PID:8400
- C:\Windows\System\mkkHhRd.exe
  C:\Windows\System\mkkHhRd.exe
  2⤵
  PID:8416
- C:\Windows\System\kuTKFXK.exe
  C:\Windows\System\kuTKFXK.exe
  2⤵
  PID:8432
- C:\Windows\System\trtFMMe.exe
  C:\Windows\System\trtFMMe.exe
  2⤵
  PID:8448
- C:\Windows\System\WNfpiOM.exe
  C:\Windows\System\WNfpiOM.exe
  2⤵
  PID:8464
- C:\Windows\System\MRjsjIU.exe
  C:\Windows\System\MRjsjIU.exe
  2⤵
  PID:8480
- C:\Windows\System\keOXKXP.exe
  C:\Windows\System\keOXKXP.exe
  2⤵
  PID:8496
- C:\Windows\System\SEaLnMY.exe
  C:\Windows\System\SEaLnMY.exe
  2⤵
  PID:8512
- C:\Windows\System\suxmGiv.exe
  C:\Windows\System\suxmGiv.exe
  2⤵
  PID:8528
- C:\Windows\System\ZmWsGAt.exe
  C:\Windows\System\ZmWsGAt.exe
  2⤵
  PID:8544
- C:\Windows\System\ZJxlGJr.exe
  C:\Windows\System\ZJxlGJr.exe
  2⤵
  PID:8560
- C:\Windows\System\ErFWljc.exe
  C:\Windows\System\ErFWljc.exe
  2⤵
  PID:8576
- C:\Windows\System\LwNJYdm.exe
  C:\Windows\System\LwNJYdm.exe
  2⤵
  PID:8592
- C:\Windows\System\xTryKWE.exe
  C:\Windows\System\xTryKWE.exe
  2⤵
  PID:8608
- C:\Windows\System\VGoKWVB.exe
  C:\Windows\System\VGoKWVB.exe
  2⤵
  PID:8624
- C:\Windows\System\oLkQIiK.exe
  C:\Windows\System\oLkQIiK.exe
  2⤵
  PID:8640
- C:\Windows\System\LjeSOMg.exe
  C:\Windows\System\LjeSOMg.exe
  2⤵
  PID:8656
- C:\Windows\System\FkAVguq.exe
  C:\Windows\System\FkAVguq.exe
  2⤵
  PID:8672
- C:\Windows\System\LUjRFIS.exe
  C:\Windows\System\LUjRFIS.exe
  2⤵
  PID:8688
- C:\Windows\System\gykhzkb.exe
  C:\Windows\System\gykhzkb.exe
  2⤵
  PID:8704
- C:\Windows\System\sIWfSDE.exe
  C:\Windows\System\sIWfSDE.exe
  2⤵
  PID:8720
- C:\Windows\System\yeKPpmV.exe
  C:\Windows\System\yeKPpmV.exe
  2⤵
  PID:8736
- C:\Windows\System\HNvQeNG.exe
  C:\Windows\System\HNvQeNG.exe
  2⤵
  PID:8752
- C:\Windows\System\mvZQCSi.exe
  C:\Windows\System\mvZQCSi.exe
  2⤵
  PID:8768
- C:\Windows\System\nFESLab.exe
  C:\Windows\System\nFESLab.exe
  2⤵
  PID:8784
- C:\Windows\System\rYIDYRm.exe
  C:\Windows\System\rYIDYRm.exe
  2⤵
  PID:8800
- C:\Windows\System\Rpecuub.exe
  C:\Windows\System\Rpecuub.exe
  2⤵
  PID:8816
- C:\Windows\System\WdZLJAX.exe
  C:\Windows\System\WdZLJAX.exe
  2⤵
  PID:8832
- C:\Windows\System\SdzUJQe.exe
  C:\Windows\System\SdzUJQe.exe
  2⤵
  PID:8848
- C:\Windows\System\BpnSudQ.exe
  C:\Windows\System\BpnSudQ.exe
  2⤵
  PID:8864
- C:\Windows\System\VkZFiPp.exe
  C:\Windows\System\VkZFiPp.exe
  2⤵
  PID:8880
- C:\Windows\System\TNsgGse.exe
  C:\Windows\System\TNsgGse.exe
  2⤵
  PID:8896
- C:\Windows\System\jyfAeHg.exe
  C:\Windows\System\jyfAeHg.exe
  2⤵
  PID:8912
- C:\Windows\System\utlaoek.exe
  C:\Windows\System\utlaoek.exe
  2⤵
  PID:8928
- C:\Windows\System\yswbavY.exe
  C:\Windows\System\yswbavY.exe
  2⤵
  PID:8944
- C:\Windows\System\xnJkbeR.exe
  C:\Windows\System\xnJkbeR.exe
  2⤵
  PID:8964
- C:\Windows\System\VwvpJuf.exe
  C:\Windows\System\VwvpJuf.exe
  2⤵
  PID:8980
- C:\Windows\System\IypCtLo.exe
  C:\Windows\System\IypCtLo.exe
  2⤵
  PID:8996
- C:\Windows\System\sNghqwe.exe
  C:\Windows\System\sNghqwe.exe
  2⤵
  PID:9012
- C:\Windows\System\yJWmuxm.exe
  C:\Windows\System\yJWmuxm.exe
  2⤵
  PID:9028
- C:\Windows\System\nYJkUyq.exe
  C:\Windows\System\nYJkUyq.exe
  2⤵
  PID:9044
- C:\Windows\System\wqYAKzZ.exe
  C:\Windows\System\wqYAKzZ.exe
  2⤵
  PID:9060
- C:\Windows\System\UBxPtpw.exe
  C:\Windows\System\UBxPtpw.exe
  2⤵
  PID:9076
- C:\Windows\System\iEHxsbf.exe
  C:\Windows\System\iEHxsbf.exe
  2⤵
  PID:9092
- C:\Windows\System\CHocCni.exe
  C:\Windows\System\CHocCni.exe
  2⤵
  PID:9108
- C:\Windows\System\alxKhfB.exe
  C:\Windows\System\alxKhfB.exe
  2⤵
  PID:9124
- C:\Windows\System\uIWQCec.exe
  C:\Windows\System\uIWQCec.exe
  2⤵
  PID:9140
- C:\Windows\System\cIGocfm.exe
  C:\Windows\System\cIGocfm.exe
  2⤵
  PID:9156
- C:\Windows\System\eGLAICh.exe
  C:\Windows\System\eGLAICh.exe
  2⤵
  PID:9172
- C:\Windows\System\DZTEFDn.exe
  C:\Windows\System\DZTEFDn.exe
  2⤵
  PID:9188
- C:\Windows\System\DPZkiNe.exe
  C:\Windows\System\DPZkiNe.exe
  2⤵
  PID:9204
- C:\Windows\System\GcHubab.exe
  C:\Windows\System\GcHubab.exe
  2⤵
  PID:8108
- C:\Windows\System\IFogzIx.exe
  C:\Windows\System\IFogzIx.exe
  2⤵
  PID:8172
- C:\Windows\System\iJxxWWD.exe
  C:\Windows\System\iJxxWWD.exe
  2⤵
  PID:7556
- C:\Windows\System\JfoSMfB.exe
  C:\Windows\System\JfoSMfB.exe
  2⤵
  PID:8028
- C:\Windows\System\eqxMIMe.exe
  C:\Windows\System\eqxMIMe.exe
  2⤵
  PID:8200
- C:\Windows\System\HSmDiLS.exe
  C:\Windows\System\HSmDiLS.exe
  2⤵
  PID:8252
- C:\Windows\System\WtdHYYk.exe
  C:\Windows\System\WtdHYYk.exe
  2⤵
  PID:8280
- C:\Windows\System\DQRgnUG.exe
  C:\Windows\System\DQRgnUG.exe
  2⤵
  PID:8344
- C:\Windows\System\HjMUvXk.exe
  C:\Windows\System\HjMUvXk.exe
  2⤵
  PID:8268
- C:\Windows\System\ElUPIZB.exe
  C:\Windows\System\ElUPIZB.exe
  2⤵
  PID:8444
- C:\Windows\System\WsjQZiX.exe
  C:\Windows\System\WsjQZiX.exe
  2⤵
  PID:8300
- C:\Windows\System\TChFfiw.exe
  C:\Windows\System\TChFfiw.exe
  2⤵
  PID:8360
- C:\Windows\System\rHtzZHu.exe
  C:\Windows\System\rHtzZHu.exe
  2⤵
  PID:8396
- C:\Windows\System\mhZPzrz.exe
  C:\Windows\System\mhZPzrz.exe
  2⤵
  PID:8460
- C:\Windows\System\DkTqXTF.exe
  C:\Windows\System\DkTqXTF.exe
  2⤵
  PID:8540
- C:\Windows\System\LVxTLNZ.exe
  C:\Windows\System\LVxTLNZ.exe
  2⤵
  PID:8524
- C:\Windows\System\ZqvyPqJ.exe
  C:\Windows\System\ZqvyPqJ.exe
  2⤵
  PID:8632
- C:\Windows\System\MlqQwsn.exe
  C:\Windows\System\MlqQwsn.exe
  2⤵
  PID:8668
- C:\Windows\System\MVQAWgM.exe
  C:\Windows\System\MVQAWgM.exe
  2⤵
  PID:8728
- C:\Windows\System\HCueLWo.exe
  C:\Windows\System\HCueLWo.exe
  2⤵
  PID:8792
- C:\Windows\System\SKQXjnd.exe
  C:\Windows\System\SKQXjnd.exe
  2⤵
  PID:8744
- C:\Windows\System\figCmNJ.exe
  C:\Windows\System\figCmNJ.exe
  2⤵
  PID:8780
- C:\Windows\System\tZWiXHG.exe
  C:\Windows\System\tZWiXHG.exe
  2⤵
  PID:8680
- C:\Windows\System\cHgpbHF.exe
  C:\Windows\System\cHgpbHF.exe
  2⤵
  PID:8856
- C:\Windows\System\hCSKIwB.exe
  C:\Windows\System\hCSKIwB.exe
  2⤵
  PID:7592
- C:\Windows\System\qgEUMwN.exe
  C:\Windows\System\qgEUMwN.exe
  2⤵
  PID:8872
- C:\Windows\System\cyWALLz.exe
  C:\Windows\System\cyWALLz.exe
  2⤵
  PID:8892
- C:\Windows\System\UaDjuXV.exe
  C:\Windows\System\UaDjuXV.exe
  2⤵
  PID:8908
- C:\Windows\System\idSdWwd.exe
  C:\Windows\System\idSdWwd.exe
  2⤵
  PID:8988
- C:\Windows\System\KRTfFMs.exe
  C:\Windows\System\KRTfFMs.exe
  2⤵
  PID:8992
- C:\Windows\System\VbBtrZl.exe
  C:\Windows\System\VbBtrZl.exe
  2⤵
  PID:9116
- C:\Windows\System\CeoRegP.exe
  C:\Windows\System\CeoRegP.exe
  2⤵
  PID:9152
- C:\Windows\System\hWuRGdd.exe
  C:\Windows\System\hWuRGdd.exe
  2⤵
  PID:7820
- C:\Windows\System\gHqihwS.exe
  C:\Windows\System\gHqihwS.exe
  2⤵
  PID:9104
- C:\Windows\System\jgvMTmu.exe
  C:\Windows\System\jgvMTmu.exe
  2⤵
  PID:9004
- C:\Windows\System\IZrczZl.exe
  C:\Windows\System\IZrczZl.exe
  2⤵
  PID:9072
- C:\Windows\System\woAJHCv.exe
  C:\Windows\System\woAJHCv.exe
  2⤵
  PID:9164
- C:\Windows\System\mBNnmis.exe
  C:\Windows\System\mBNnmis.exe
  2⤵
  PID:8176
- C:\Windows\System\ufavLyI.exe
  C:\Windows\System\ufavLyI.exe
  2⤵
  PID:8264
- C:\Windows\System\QrUCVxZ.exe
  C:\Windows\System\QrUCVxZ.exe
  2⤵
  PID:8476
- C:\Windows\System\IMuVHCi.exe
  C:\Windows\System\IMuVHCi.exe
  2⤵
  PID:8508
- C:\Windows\System\pQTQCTg.exe
  C:\Windows\System\pQTQCTg.exe
  2⤵
  PID:1580
- C:\Windows\System\CobpkEN.exe
  C:\Windows\System\CobpkEN.exe
  2⤵
  PID:8312
- C:\Windows\System\wjjjBQr.exe
  C:\Windows\System\wjjjBQr.exe
  2⤵
  PID:8316
- C:\Windows\System\rqqBYtT.exe
  C:\Windows\System\rqqBYtT.exe
  2⤵
  PID:8332
- C:\Windows\System\oyhAeNa.exe
  C:\Windows\System\oyhAeNa.exe
  2⤵
  PID:8520
- C:\Windows\System\OiZNHPR.exe
  C:\Windows\System\OiZNHPR.exe
  2⤵
  PID:8764
- C:\Windows\System\gdCHwrU.exe
  C:\Windows\System\gdCHwrU.exe
  2⤵
  PID:8748
- C:\Windows\System\XDdckqs.exe
  C:\Windows\System\XDdckqs.exe
  2⤵
  PID:8812
- C:\Windows\System\pYRiLQM.exe
  C:\Windows\System\pYRiLQM.exe
  2⤵
  PID:8888
- C:\Windows\System\UNSBcoo.exe
  C:\Windows\System\UNSBcoo.exe
  2⤵
  PID:9084
- C:\Windows\System\MYNVtqh.exe
  C:\Windows\System\MYNVtqh.exe
  2⤵
  PID:8976
- C:\Windows\System\msgiWXh.exe
  C:\Windows\System\msgiWXh.exe
  2⤵
  PID:9148
- C:\Windows\System\aikRWIC.exe
  C:\Windows\System\aikRWIC.exe
  2⤵
  PID:8488
- C:\Windows\System\lPxcRna.exe
  C:\Windows\System\lPxcRna.exe
  2⤵
  PID:9036
- C:\Windows\System\RSbFpUg.exe
  C:\Windows\System\RSbFpUg.exe
  2⤵
  PID:8376
- C:\Windows\System\nOemBvi.exe
  C:\Windows\System\nOemBvi.exe
  2⤵
  PID:8620
- C:\Windows\System\NrXHWli.exe
  C:\Windows\System\NrXHWli.exe
  2⤵
  PID:8588
- C:\Windows\System\aiGFkDC.exe
  C:\Windows\System\aiGFkDC.exe
  2⤵
  PID:8328
- C:\Windows\System\cVkgSYx.exe
  C:\Windows\System\cVkgSYx.exe
  2⤵
  PID:9196
- C:\Windows\System\kdivQZX.exe
  C:\Windows\System\kdivQZX.exe
  2⤵
  PID:8700
- C:\Windows\System\LhjIrQk.exe
  C:\Windows\System\LhjIrQk.exe
  2⤵
  PID:8392
- C:\Windows\System\eGQstgM.exe
  C:\Windows\System\eGQstgM.exe
  2⤵
  PID:9228
- C:\Windows\System\FxZUMYP.exe
  C:\Windows\System\FxZUMYP.exe
  2⤵
  PID:9244
- C:\Windows\System\OZkFRYF.exe
  C:\Windows\System\OZkFRYF.exe
  2⤵
  PID:9260
- C:\Windows\System\GQaxkpt.exe
  C:\Windows\System\GQaxkpt.exe
  2⤵
  PID:9276
- C:\Windows\System\dIMoYqE.exe
  C:\Windows\System\dIMoYqE.exe
  2⤵
  PID:9292
- C:\Windows\System\nGRLmqJ.exe
  C:\Windows\System\nGRLmqJ.exe
  2⤵
  PID:9308
- C:\Windows\System\YJwBdSX.exe
  C:\Windows\System\YJwBdSX.exe
  2⤵
  PID:9324
- C:\Windows\System\kkRWfnR.exe
  C:\Windows\System\kkRWfnR.exe
  2⤵
  PID:9340
- C:\Windows\System\rnNxBVp.exe
  C:\Windows\System\rnNxBVp.exe
  2⤵
  PID:9356
- C:\Windows\System\TeYsZDr.exe
  C:\Windows\System\TeYsZDr.exe
  2⤵
  PID:9372
- C:\Windows\System\NJGObMV.exe
  C:\Windows\System\NJGObMV.exe
  2⤵
  PID:9388
- C:\Windows\System\KVnGWSQ.exe
  C:\Windows\System\KVnGWSQ.exe
  2⤵
  PID:9404
- C:\Windows\System\wZjcPLy.exe
  C:\Windows\System\wZjcPLy.exe
  2⤵
  PID:9420
- C:\Windows\System\FGSRlYh.exe
  C:\Windows\System\FGSRlYh.exe
  2⤵
  PID:9436
- C:\Windows\System\hzxmpUC.exe
  C:\Windows\System\hzxmpUC.exe
  2⤵
  PID:9452
- C:\Windows\System\VZnSrqO.exe
  C:\Windows\System\VZnSrqO.exe
  2⤵
  PID:9468
- C:\Windows\System\WnTAGeD.exe
  C:\Windows\System\WnTAGeD.exe
  2⤵
  PID:9484
- C:\Windows\System\kzDIhMd.exe
  C:\Windows\System\kzDIhMd.exe
  2⤵
  PID:9500
- C:\Windows\System\lKOOUss.exe
  C:\Windows\System\lKOOUss.exe
  2⤵
  PID:9516
- C:\Windows\System\Kkabojj.exe
  C:\Windows\System\Kkabojj.exe
  2⤵
  PID:9532
- C:\Windows\System\qooBIWs.exe
  C:\Windows\System\qooBIWs.exe
  2⤵
  PID:9548
- C:\Windows\System\wXQqEvY.exe
  C:\Windows\System\wXQqEvY.exe
  2⤵
  PID:9564
- C:\Windows\System\hXqCPrl.exe
  C:\Windows\System\hXqCPrl.exe
  2⤵
  PID:9580
- C:\Windows\System\yWYAQfE.exe
  C:\Windows\System\yWYAQfE.exe
  2⤵
  PID:9596
- C:\Windows\System\gSGMQDN.exe
  C:\Windows\System\gSGMQDN.exe
  2⤵
  PID:9612
- C:\Windows\System\efcMCqZ.exe
  C:\Windows\System\efcMCqZ.exe
  2⤵
  PID:9628
- C:\Windows\System\jyqIuXW.exe
  C:\Windows\System\jyqIuXW.exe
  2⤵
  PID:9644
- C:\Windows\System\xuGGMsZ.exe
  C:\Windows\System\xuGGMsZ.exe
  2⤵
  PID:9660
- C:\Windows\System\dNUDgjW.exe
  C:\Windows\System\dNUDgjW.exe
  2⤵
  PID:9676
- C:\Windows\System\dblGODO.exe
  C:\Windows\System\dblGODO.exe
  2⤵
  PID:9692
- C:\Windows\System\ghTBUqN.exe
  C:\Windows\System\ghTBUqN.exe
  2⤵
  PID:9708
- C:\Windows\System\mUzLAfX.exe
  C:\Windows\System\mUzLAfX.exe
  2⤵
  PID:9724
- C:\Windows\System\viJVcwr.exe
  C:\Windows\System\viJVcwr.exe
  2⤵
  PID:9740
- C:\Windows\System\ghlgoVl.exe
  C:\Windows\System\ghlgoVl.exe
  2⤵
  PID:9756
- C:\Windows\System\AYWnIor.exe
  C:\Windows\System\AYWnIor.exe
  2⤵
  PID:9772
- C:\Windows\System\DAuNZKF.exe
  C:\Windows\System\DAuNZKF.exe
  2⤵
  PID:9788
- C:\Windows\System\VXZOgEL.exe
  C:\Windows\System\VXZOgEL.exe
  2⤵
  PID:9804
- C:\Windows\System\GatSYnT.exe
  C:\Windows\System\GatSYnT.exe
  2⤵
  PID:9820
- C:\Windows\System\SQjNkye.exe
  C:\Windows\System\SQjNkye.exe
  2⤵
  PID:9836
- C:\Windows\System\TJhHddl.exe
  C:\Windows\System\TJhHddl.exe
  2⤵
  PID:9852
- C:\Windows\System\RFMXPTz.exe
  C:\Windows\System\RFMXPTz.exe
  2⤵
  PID:9868
- C:\Windows\System\RYKTiZl.exe
  C:\Windows\System\RYKTiZl.exe
  2⤵
  PID:9884
- C:\Windows\System\zcRUtSd.exe
  C:\Windows\System\zcRUtSd.exe
  2⤵
  PID:9900
- C:\Windows\System\SKOLgbg.exe
  C:\Windows\System\SKOLgbg.exe
  2⤵
  PID:9916
- C:\Windows\System\cPEWwci.exe
  C:\Windows\System\cPEWwci.exe
  2⤵
  PID:9932
- C:\Windows\System\JjiPQPI.exe
  C:\Windows\System\JjiPQPI.exe
  2⤵
  PID:9948
- C:\Windows\System\jpjFKeS.exe
  C:\Windows\System\jpjFKeS.exe
  2⤵
  PID:9964
- C:\Windows\System\iSBeGqR.exe
  C:\Windows\System\iSBeGqR.exe
  2⤵
  PID:9980
- C:\Windows\System\BSUTjlE.exe
  C:\Windows\System\BSUTjlE.exe
  2⤵
  PID:9996
- C:\Windows\System\FBQETIt.exe
  C:\Windows\System\FBQETIt.exe
  2⤵
  PID:10012
- C:\Windows\System\WzUbxxr.exe
  C:\Windows\System\WzUbxxr.exe
  2⤵
  PID:10028
- C:\Windows\System\rObXVLk.exe
  C:\Windows\System\rObXVLk.exe
  2⤵
  PID:10044
- C:\Windows\System\IeRpawI.exe
  C:\Windows\System\IeRpawI.exe
  2⤵
  PID:10060
- C:\Windows\System\qTQWDLj.exe
  C:\Windows\System\qTQWDLj.exe
  2⤵
  PID:10076
- C:\Windows\System\wiuRPdh.exe
  C:\Windows\System\wiuRPdh.exe
  2⤵
  PID:10092
- C:\Windows\System\WByYqOT.exe
  C:\Windows\System\WByYqOT.exe
  2⤵
  PID:10108
- C:\Windows\System\hMfEFLY.exe
  C:\Windows\System\hMfEFLY.exe
  2⤵
  PID:10128
- C:\Windows\System\wCteSrv.exe
  C:\Windows\System\wCteSrv.exe
  2⤵
  PID:10144
- C:\Windows\System\JAXZoeB.exe
  C:\Windows\System\JAXZoeB.exe
  2⤵
  PID:10160
- C:\Windows\System\XPadrrf.exe
  C:\Windows\System\XPadrrf.exe
  2⤵
  PID:10176
- C:\Windows\System\MnhmyvP.exe
  C:\Windows\System\MnhmyvP.exe
  2⤵
  PID:10192
- C:\Windows\System\XSEadyW.exe
  C:\Windows\System\XSEadyW.exe
  2⤵
  PID:10208
- C:\Windows\System\TduthEz.exe
  C:\Windows\System\TduthEz.exe
  2⤵
  PID:10224
- C:\Windows\System\WQeeBAM.exe
  C:\Windows\System\WQeeBAM.exe
  2⤵
  PID:9220
- C:\Windows\System\YiJHyWS.exe
  C:\Windows\System\YiJHyWS.exe
  2⤵
  PID:8248
- C:\Windows\System\ziXTGnP.exe
  C:\Windows\System\ziXTGnP.exe
  2⤵
  PID:8456
- C:\Windows\System\banSLMQ.exe
  C:\Windows\System\banSLMQ.exe
  2⤵
  PID:8808
- C:\Windows\System\GtPVDfw.exe
  C:\Windows\System\GtPVDfw.exe
  2⤵
  PID:9024
- C:\Windows\System\uXedsmM.exe
  C:\Windows\System\uXedsmM.exe
  2⤵
  PID:8760
- C:\Windows\System\FVnFsLC.exe
  C:\Windows\System\FVnFsLC.exe
  2⤵
  PID:9252
- C:\Windows\System\CTDFsxb.exe
  C:\Windows\System\CTDFsxb.exe
  2⤵
  PID:9272
- C:\Windows\System\xHuWkVn.exe
  C:\Windows\System\xHuWkVn.exe
  2⤵
  PID:9348
- C:\Windows\System\PVxDIns.exe
  C:\Windows\System\PVxDIns.exe
  2⤵
  PID:9336
- C:\Windows\System\OmUjQYS.exe
  C:\Windows\System\OmUjQYS.exe
  2⤵
  PID:9364
- C:\Windows\System\pnvyOQq.exe
  C:\Windows\System\pnvyOQq.exe
  2⤵
  PID:9304
- C:\Windows\System\jwjmtJV.exe
  C:\Windows\System\jwjmtJV.exe
  2⤵
  PID:9512
- C:\Windows\System\reOmlbW.exe
  C:\Windows\System\reOmlbW.exe
  2⤵
  PID:9544
- C:\Windows\System\MbErDdX.exe
  C:\Windows\System\MbErDdX.exe
  2⤵
  PID:9604
- C:\Windows\System\SlVYieQ.exe
  C:\Windows\System\SlVYieQ.exe
  2⤵
  PID:9668
- C:\Windows\System\ClGOecQ.exe
  C:\Windows\System\ClGOecQ.exe
  2⤵
  PID:9704
- C:\Windows\System\ZsiXHaj.exe
  C:\Windows\System\ZsiXHaj.exe
  2⤵
  PID:9524
- C:\Windows\System\tANEZHA.exe
  C:\Windows\System\tANEZHA.exe
  2⤵
  PID:9748
- C:\Windows\System\bTvTAAz.exe
  C:\Windows\System\bTvTAAz.exe
  2⤵
  PID:9588
- C:\Windows\System\ChylpqW.exe
  C:\Windows\System\ChylpqW.exe
  2⤵
  PID:9652
- C:\Windows\System\lRWFWkk.exe
  C:\Windows\System\lRWFWkk.exe
  2⤵
  PID:9720
- C:\Windows\System\iYQQjvd.exe
  C:\Windows\System\iYQQjvd.exe
  2⤵
  PID:9812
- C:\Windows\System\zugqdsW.exe
  C:\Windows\System\zugqdsW.exe
  2⤵
  PID:9860
- C:\Windows\System\bfKUikT.exe
  C:\Windows\System\bfKUikT.exe
  2⤵
  PID:9928
- C:\Windows\System\umixPoD.exe
  C:\Windows\System\umixPoD.exe
  2⤵
  PID:9848
- C:\Windows\System\bGEjxCX.exe
  C:\Windows\System\bGEjxCX.exe
  2⤵
  PID:9992
- C:\Windows\System\GzYQnKr.exe
  C:\Windows\System\GzYQnKr.exe
  2⤵
  PID:10052
- C:\Windows\System\PKxoadU.exe
  C:\Windows\System\PKxoadU.exe
  2⤵
  PID:10084
- C:\Windows\System\zdkhzGZ.exe
  C:\Windows\System\zdkhzGZ.exe
  2⤵
  PID:9940
- C:\Windows\System\SZAXUpz.exe
  C:\Windows\System\SZAXUpz.exe
  2⤵
  PID:10004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\JSvXVTn.exe

Filesize
6.0MB

MD5
a10cc688ab8b7202fe8c67c1bd1c21cd

SHA1
9f73b996ea3baa35bf48e69ac297acc557b5fd18

SHA256
1d98f03a0369f61289e14412b56095f3fb13908d59928ae02bdaf065fd1bae4e

SHA512
570dee0db00c1b1c78e51b727ee80fbad754596c0cd06d82fa3031f4bcd65210afc124178d3ee1c57e66a5bfc876273325a8bb004738dc7e041417e87c788c80

Download Submit
C:\Windows\system\JkvlePf.exe

Filesize
6.0MB

MD5
a633baf38e74c0898e243b3414387998

SHA1
c78409fdb7898b7742ab17e0ccaf9f800e756b2d

SHA256
a70a28a65f6e9c96152532df6de2551a3cf73924095671a1ae0957aa7a565026

SHA512
859d6dfbb36918a0fb49fda16622b475c1ecb31b05e63566bb85bc1aab198fc33a55c6335a7a5a1ac3f11b34e141834f5fbc1097438c5bd318bd67165729a296

Download Submit
C:\Windows\system\KkPSdwq.exe

Filesize
6.0MB

MD5
ddeacb6f08618848237f67bbdcf292cc

SHA1
716db29d929f496db4d862b7e756c3af5e6ecba1

SHA256
f30429fa6cc27d628cacb8a6cb35cb302f80b7a63671f4253569f59c9ab0f6e7

SHA512
347b4f5b3e012b23acb8094769f92a7c94e4e026a4a355e196e9fa6b398dd86f658d00297be21e1a91532abbfcd2f90c9b5a9d42770f330e1cf4bee48f88b47f

Download Submit
C:\Windows\system\MNfgCFP.exe

Filesize
6.0MB

MD5
33f339f2259515ce71dd2375e517b9d1

SHA1
9136ba6ce601f4e0de2728bb2b3eb84e55a5dec9

SHA256
a698ea276e597470d273338fcfdb89ba2b04b0957376d41ca54c2bf110409ada

SHA512
89791a39d0188ee3007df00a8dbfb561e24a34d8f42a845637ed36fbc8c885182de154e50b31f78bbec0474cf5ad50c0f15e4397a4eaf22565d3e301927ee991

Download Submit
C:\Windows\system\QyKCECV.exe

Filesize
6.0MB

MD5
6b75e2aab0d361187d8084ec0e96949d

SHA1
b05819f744b22b772d0a077f686d00ff8e59bac6

SHA256
d0ba31bf5b25e83248a2658b48bd33961725701f9234bd109c4295654d03163a

SHA512
8387038afc75934102652d67073060cff761f264e0fae59cab1ca4810b2912b06f6cc1f82c31c0e7f8895f693f2211b0086418fbd0fd2a87a860b120a7c4322d

Download Submit
C:\Windows\system\SuZNYqk.exe

Filesize
6.0MB

MD5
54f211d7b9cb12fb85c0a07dc9217690

SHA1
145417b6855f82c5f05c27901acf829f124472f5

SHA256
e9d9e6a5c2f78f155c9aa563f7c68615028b308cd3ef525a644e23556bc30019

SHA512
dea2b32670a7e9d7d61a29e4be04ec175bfc6fa5af9b996cb1f2181f9e23f69e49275e8dac1cd7d92f5fba164d0529d181fb56c32654041793b632f191d00169

Download Submit
C:\Windows\system\ThYpcMi.exe

Filesize
6.0MB

MD5
ccbe93942930c42d2e40dd269896406b

SHA1
f2d84a3450f51000e62d86557ab2776821afd5ec

SHA256
4afdbb6a7c6359f38c70f550e2bf2079a5829dad43849caddc6b2aa0cf5c120c

SHA512
cfe1287f41e26b8d2f9ffdb192582ba8fb2e26fe975f2e0426d77c4cf999793ae91c8b1fc6bc4d9928187fed0828a2df8512c8799770a4c44367590ba5565334

Download Submit
C:\Windows\system\XXZhwAb.exe

Filesize
6.0MB

MD5
d170762fb29ac9acfe0f03598a31aaee

SHA1
b6952e870bc8bf9c289512cf71764962823481f6

SHA256
652a3b0ca80e7c31ec7728f9d97b9c031dc73090779c427e39a85bbf31ab2b43

SHA512
3d94c1252c8feaa9b12b00a74b3217c7da79b1924b66c4b99d9ef2b6ba5fd078f62c78ba83de4a4491e03f60c6c1d31e24942ca2565c91ee2d50d05069d3c7e9

Download Submit
C:\Windows\system\YKYxzzq.exe

Filesize
6.0MB

MD5
0f14e412728365ed07e41a3074493cbe

SHA1
6d532389a7b5aeabe4be1b72b16b05f6983c6edf

SHA256
dfd69cb7cf27514a97807ec76db04fc3669a43b14597e83a04f5363516e2f2ea

SHA512
debc3a6523fadcca744d41ab5cfbdff444811e3cd3e100119f0c362e5e912aef71b2d0dca342c01086dbf2171e9744bfb9d2343bd67bbe309a56a199e0e3c9ed

Download Submit
C:\Windows\system\aKxuNfm.exe

Filesize
6.0MB

MD5
f3ccf8dff30dc4457adf055b088097c6

SHA1
8f82ed11f28c6dc19396f79722875852d8cca641

SHA256
133fd8ec9e4efa80adb6033953cf5a7640d74415a7b8ac6d1fbad1e49946cfa1

SHA512
94db5bf3b25147b458464f9e5b52d44799bfe3da3e3e3221c8c7ca2d49da9ab51dd40129f23b7c57f47a9f36a4d1a831f132c246d6138481d40c04b4ae32748c

Download Submit
C:\Windows\system\auUYaLc.exe

Filesize
6.0MB

MD5
28643f8197346c5007f0960bdbc81c1f

SHA1
1244ccfe0d9d290cfb2177564971e670f74505d5

SHA256
e19b59d7baf99c07d346e9987bfe728142683e5bd28bfe22dc3388ebfc007465

SHA512
492063e5dcb0cc5b2d9c4d161d6d20253a9ecdea25c599a224ac62a4d52837303b3d3d81be458ffea8500d5626679f192e4f289d6e75a90532216de567eb5177

Download Submit
C:\Windows\system\bJOHojU.exe

Filesize
6.0MB

MD5
97ac529608ed2eac0be935b31dcb3d99

SHA1
2665fa493b573c737148c41be51263c3313501d0

SHA256
5c694c9a1a7fa611dee3e2d707e63623ba22b57784b08f82a8adb3ed96421ff5

SHA512
39655136a8087cf602db985ec61b45fb645507d3405b11178016a761cf7ee066b6946154ad7ecf46340fedf4621293918dfcdfbd0f33e17dc3465129d60d4b5d

Download Submit
C:\Windows\system\fAmMoHU.exe

Filesize
6.0MB

MD5
1b1571dd505354c5a69acc1f88903889

SHA1
070fed9b06eef0df602a5547fb0fa5e2af579bf1

SHA256
3315ecf7e6797a8f4b86cdc3672a15a89aa8151e296b08597de54970eaa2ea79

SHA512
64b8bc8ad52a92dc7c715c8d76aa1e8c1b0a3100c6a7180816da263b2c72208480c907dc8b4b11e1b5b9004c7f7c70658926e4d2ba2fb2d4b52c32c49c474c80

Download Submit
C:\Windows\system\fdcLDnJ.exe

Filesize
6.0MB

MD5
2a3c8d54923094ba91666802cd39c7b6

SHA1
059059eaba268a1bcd1c440cd11c60511df74080

SHA256
7ff21706c9fd197fc7fb192912852678ce51a70bd74612d6c64ef6bbeb74a2c5

SHA512
a7888cf546edb9199b221918eb4245db180f470722c37bb73575ea586935e638af9d81518b7686482430026dcdac85b9b829e4338feb33163cc01cb2ed89cb9c

Download Submit
C:\Windows\system\gWmrhNC.exe

Filesize
6.0MB

MD5
f741fbea2acda82d327458f04b517a05

SHA1
dea460151bda21299631011e3da5a6d2cd17db9c

SHA256
6500e2bcffb88ec2d5db94ed39a543e3914b7156e9ced1a9fa22e7edc84e158e

SHA512
9efcf380f83da90149613741583c415c827eb262dfa518192fd8bada0aa8f956bfb9a71ac19c5f60ee29b0fbca99d57ce40bde26d65b3292bc8cdd8807627b9d

Download Submit
C:\Windows\system\iBfJRFX.exe

Filesize
6.0MB

MD5
2474d93c375f168e92c51fbe9e557bd9

SHA1
97723ad0657a3b98c2809dc5be02e5b614b1e451

SHA256
2f9c6e727214f50318ec1abdbd7a9cb5ca89a585b730e680a2953ad56c4d10ae

SHA512
210446f4f6da44131e51ffb36f3623aae1d5faf90baeec03ceef8dbe237f9ace10f826c4e88bed20b1cf4c739e188602aacf68c681a237aca8c9e1afe34950af

Download Submit
C:\Windows\system\oReGBOC.exe

Filesize
6.0MB

MD5
7caf415ecd6458f48b8ccb182f99dd58

SHA1
c5fadfee632feaa969385e131215ae06ab7f729f

SHA256
f66cd4c27ec7903e06549fa8e0e919de33ffcc7b6c1e591e9708acc62db93b1f

SHA512
d2bd1169dac7918ae9bcb34ac088221dd342fb3cadae6748d9a50fcf0350ddb6cc10528797db4239a877c85cf512a22264398218cb997e4b706c29ff3cea721d

Download Submit
C:\Windows\system\ocCGcth.exe

Filesize
6.0MB

MD5
e6cae56cdcc48ea7ea7e07a7f538402a

SHA1
274df9d104a29031ac00121983aa8c5fed5e4b8c

SHA256
2f66e940065da095c6b50cded7d2418a38af94491a581a0621a38aa1aa09dfbe

SHA512
b09ae8993a0f49775b01dd05cc7633ec383552e7b0edc7a384c0f595e00e3def5739ede3ed2e9fe127e068944883b8d508331d5f711de5ba31d721c8f811f8fd

Download Submit
C:\Windows\system\uULuQko.exe

Filesize
6.0MB

MD5
48840bff88c4b6e7c6afad64a1bcb910

SHA1
1e58124bc8444ac7f1cd4e87d49b3c26c43d9d16

SHA256
b2fd4e6ca1f734dcaefd600a5636ba0d9d8ffb2f308a51ec742d377adf365fcb

SHA512
bfb2e7d1f4763e10cb86b458d95f77c7bd625d56a9fff508cfc56423286d6b152eadc19fccfe97930c064be203ee8dac23614eb36efc8eff971994a599ad3d02

Download Submit
C:\Windows\system\udkeMGU.exe

Filesize
6.0MB

MD5
28d977b3302fdfd3200b1d79267ee9a3

SHA1
54429a1f5a5b65d3c6659ae06dcc79dea6d95951

SHA256
88ff12229108d3a48b538f9486b57d66b18d6058d7e4991ba56fc0ac10a17fa6

SHA512
2060f145481a210f92de76c36be22cd26ebdd6a16a3ecb5e6ee6fb6c62c30757bd848657009eedd46ac5cb8972a4787de17219444319c19afcb81e371be15414

Download Submit
C:\Windows\system\umVufDN.exe

Filesize
6.0MB

MD5
e96344e07dfb2eeb1b7d187fb3ca4183

SHA1
63cb57f43f266a60bd5d63e56cc215594d1602d1

SHA256
fa95986e3f76551862bdc3fdcc060b2bead27b0d15af1c18483cd10bf23fa5a5

SHA512
6e1cbbc7cbeb7b6ba611b29a5a7c6d4f3466bac812ad02fc7dbb72b85d2b1c5a70cb04580340b2f9dc13fdf0378968ac7ba3ccbd43e3c58902ff9077b9b41b4c

Download Submit
C:\Windows\system\yLzJsrT.exe

Filesize
6.0MB

MD5
6e8dd2a7395e4b3a7e014cb67d0795b9

SHA1
61e500b2e1c93034c1a9f090d7ce1a214678399c

SHA256
3f5bf151bfd7a2dbf3aaf27ce4a16f77f9119c5227bd22085ac15d55ccaf9bda

SHA512
86cd21bfeae3eb41599ca8688810d4be1630c15149375d85b3047a24094a63fafbd0957941821f2d6c34d67cad59c8acb75881eebc81e7f9e0b367be57fd29c9

Download Submit
C:\Windows\system\zCbTiJR.exe

Filesize
6.0MB

MD5
2c6fa6fe9e806622ee552e9016c2f89b

SHA1
8779811f940e9897d76dee4767e4a8c1082552f0

SHA256
b9fa73de7604b5ce2298666f73c2b07dd1f3e9a6da6aadff908ab0d0e83b10fb

SHA512
277ae5e660d789a9a5c07e955dab78252d13b66a6359e9d39f724343c27b040a478486c537af86359b2ac5e1f8f306dcc6d93e1819bef4e1c26b436103c0f6a9

Download Submit
C:\Windows\system\zOetdtG.exe

Filesize
6.0MB

MD5
67150bc6a52958c7e9af381482d7f745

SHA1
a613df1d385cb55721614810614c5640508029e4

SHA256
b6f5992613065afb5e0c62a8795e9dac93d93b5e615300079efef771670e5536

SHA512
0a8b1283ce8cc2d3ddbd5d1f011b31979b31d10e48d9441253e21dd6551c0cb493f3330e8a4006d44d1cfeb700274a858a96984d6d7686cd0766d97605f3b84c

Download Submit
\Windows\system\GmODbmp.exe

Filesize
6.0MB

MD5
0468c01c3397d0e38dd6a1948270d651

SHA1
3cfab4ca37a3697d398160cfe461d5886fc53320

SHA256
9ea4a3a9df7bd7d04621186098bcd600a7a07c637a1d8ce1923d490431403e6a

SHA512
9fe40830d20d5858ca23dc71ed3596ab1aaa6e0b5d7c94ac6283c70b5441487bf981f2b2d4cfdc1192c0d4310444c5d999ece2544a10128bd5585574f565f193

Download Submit
\Windows\system\ISZndrR.exe

Filesize
6.0MB

MD5
96ccf90835367da306ad9114cab33eb3

SHA1
3533fb446d0e5e995246ba4c61718890e748390e

SHA256
c78c77dad29cea119726c545b003f428986d72a19f80e707064b738603f166eb

SHA512
7c099f00b6ab4339533be0720596d2d701187d82252dcd74044226c96fc5217a18bda84d4653cfb6190498d29163865010165a99ab25d23e7904a294bc7a92b0

Download Submit
\Windows\system\SRYAIZH.exe

Filesize
6.0MB

MD5
d91af7b036601025fe171dc77dd470f7

SHA1
0c3a998f35f1365505227d114fe0fe7cd12fa36a

SHA256
5a4b8769c6f22b4cd6cdf935866e0f33cd479a279a4902c5c787df4dc2367988

SHA512
bac0de88db8c5f50fad2864e45e68c8d5db19f6026bf2d103f5d75e92cb57cb7aa08f69467bbcdfdb0d19293d3e6efd16a3bcad93d10f6d7644d115662f8fe12

Download Submit
\Windows\system\XfNXYHB.exe

Filesize
6.0MB

MD5
8afa9996ade85c3cf52d7c4f87db9a41

SHA1
2ae26a8d412bb11e3a72c2f68ffda7dd4887b619

SHA256
d69aa50481de5d9b56f044280882e8aae15d841e1fb80a65e8abc2cf468cecf6

SHA512
ad8e278ef24a2b948b506dc83c4ad1d076da68fc4946be5185d51661b72012993aa3b3560eb10d104a563ef1cef50c20ad755f09a149fb0a63768d0efd9d2391

Download Submit
\Windows\system\hDnzElH.exe

Filesize
6.0MB

MD5
c93a94a5aaf53f5bc7096265ea2e7391

SHA1
d7fe094bce553080a1274d5c5370229eebbea494

SHA256
062673e9a1418540190c4761718081e10d8af42593b68a98fa0c2bd601bc6f14

SHA512
f796dd25202bdb78782873ba8bf3dc0e24bc4d50e374c3841e9dad4a9434228e8ea03dd09920ecf9a9283f8f4fd68d358d538a41238f9877a56bc3a887e8da07

Download Submit
\Windows\system\qbosyFz.exe

Filesize
6.0MB

MD5
db30e9c866b3d3a700492de5526ff7b4

SHA1
34e489538c28ddcf75d4ab3be3efc1fce24a1029

SHA256
a94df66dde2bf31e1aebcde26ead0d8489798f565c35160791c2686eda8e4c84

SHA512
40f3e965e08155511e5d4b66ece47b3ff0622b3ae305d16a4d9bebe73ab573410d9a728772d01f66fce4e937b0a7dfab89a3049c93e5c18a72198f694de0b823

Download Submit
\Windows\system\vMHYwCY.exe

Filesize
6.0MB

MD5
fa76368918eb9531ef7f459d252e1182

SHA1
c4938b9cb3ea11e4bd95b9799584a401c0222ade

SHA256
43be711d97c6707eead88b21822c959c2a0162b5fd75c38c97bb0c69bda7d13c

SHA512
7fd45f4d94e8a55cbf4d8995e25846c16c68edcfe71f0aee448e032011a508ad6401aac7093ee31441b8ce18d336f636a913c3f2a4d57d043843c406c709a1e9

Download Submit
\Windows\system\zIXshza.exe

Filesize
6.0MB

MD5
5ca7a1ae266819207b642eb4caa89112

SHA1
416c9c3cd59238e7aec283763caa5b3af77b1e1b

SHA256
faad08d7efba0e1b0ea9d2a5e53d074c400f59fc51c4de14a0dfc0687b3ae41f

SHA512
b231108f0ac7a702e9d7ad8982ec4136ae6e5de989a2161d168f9d46f4e81e3c57e2bf333137fafa543f460f890ca785b8e770201c2887c57553d0ea73cfaadf

Download Submit
memory/320-3971-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/320-21-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2052-4179-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2052-35-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2068-82-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2068-100-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-37-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2068-61-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-76-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2068-0-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2068-34-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2068-395-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2068-23-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2068-48-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2068-110-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2068-18-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2068-101-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2068-1121-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2068-97-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-64-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-65-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2068-91-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2068-674-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1436-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2068-2976-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2068-50-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2084-62-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-98-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-4183-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-1128-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2088-92-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2088-4188-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2432-20-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3977-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4180-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2580-28-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2628-398-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2628-77-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4184-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2640-71-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4185-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4187-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-83-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-675-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4189-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1437-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2852-99-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2880-40-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4182-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2880-84-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4181-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2892-49-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2920-19-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3978-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3060-4186-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-70-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download