cobaltstrike | e4c15450aa515d349ed8423752cfb615a0f9606974b9b090062afc54a27ff434

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8e70fedaa70fee615e696e46af94d4a1
SHA1

f9e9ee02468b2007117ad15a4dfbcc42be1e230a
SHA256

e4c15450aa515d349ed8423752cfb615a0f9606974b9b090062afc54a27ff434
SHA512

b31f364fe6eef6e5a8b528840c4775e7a8e5574547921dd8f37eae399543d2ae2efc7c546d769e8e73c8648285b7cb7fd9ad3e58ed60f8e40ff0c67cbc70a345
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUu:T+q56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000011ba1-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c4-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d9-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019401-27.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019403-29.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001942f-40.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000019382-44.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001947e-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019639-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43d-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a354-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-104.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2216-0-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0003000000011ba1-6.dat	xmrig
behavioral1/memory/2700-15-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2668-13-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193c4-12.dat	xmrig
behavioral1/files/0x00070000000193d9-19.dat	xmrig
behavioral1/memory/2804-22-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0006000000019401-27.dat	xmrig
behavioral1/memory/2664-28-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019403-29.dat	xmrig
behavioral1/memory/2560-36-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x000600000001942f-40.dat	xmrig
behavioral1/files/0x0032000000019382-44.dat	xmrig
behavioral1/files/0x000800000001947e-49.dat	xmrig
behavioral1/files/0x000500000001967d-59.dat	xmrig
behavioral1/files/0x00050000000196be-64.dat	xmrig
behavioral1/files/0x00050000000196f6-69.dat	xmrig
behavioral1/files/0x000500000001998a-72.dat	xmrig
behavioral1/files/0x0006000000019639-54.dat	xmrig
behavioral1/files/0x0005000000019c43-86.dat	xmrig
behavioral1/memory/2396-94-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c4a-109.dat	xmrig
behavioral1/files/0x0005000000019db5-129.dat	xmrig
behavioral1/memory/2664-547-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2560-549-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1268-678-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2700-221-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a441-185.dat	xmrig
behavioral1/files/0x000500000001a443-188.dat	xmrig
behavioral1/files/0x000500000001a43f-179.dat	xmrig
behavioral1/files/0x000500000001a43d-175.dat	xmrig
behavioral1/files/0x000500000001a311-164.dat	xmrig
behavioral1/files/0x000500000001a354-169.dat	xmrig
behavioral1/files/0x000500000001a0b3-159.dat	xmrig
behavioral1/files/0x000500000001a08b-154.dat	xmrig
behavioral1/files/0x000500000001a078-149.dat	xmrig
behavioral1/files/0x0005000000019fc9-144.dat	xmrig
behavioral1/files/0x0005000000019faf-139.dat	xmrig
behavioral1/files/0x0005000000019dc1-134.dat	xmrig
behavioral1/files/0x0005000000019d54-124.dat	xmrig
behavioral1/files/0x0005000000019d2d-119.dat	xmrig
behavioral1/files/0x0005000000019c63-114.dat	xmrig
behavioral1/files/0x0005000000019c48-104.dat	xmrig
behavioral1/memory/2984-84-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2216-83-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2484-82-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1268-99-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2588-96-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2216-95-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2656-80-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2216-92-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2088-91-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2216-90-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1520-87-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2216-79-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2548-78-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2700-4040-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2804-4041-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2560-4043-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2664-4042-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2588-4044-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2548-4046-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2656-4045-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2984-4047-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2668	LKEcpCM.exe
2700	XRKphvq.exe
2804	ENCdjeB.exe
2664	AfaMFxF.exe
2560	lpLrDlS.exe
2588	mXMJsTz.exe
2548	sqJsdUJ.exe
2656	tCIpPXv.exe
2484	LarPdFA.exe
2984	WDJFccm.exe
1520	uZitEiS.exe
2088	nabZxuF.exe
2396	kHJbZge.exe
1268	FzlUpbL.exe
1536	UUueXGW.exe
2360	JOlHvmT.exe
2988	nEWjdhA.exe
1744	gbdsSTP.exe
780	irBGlOj.exe
1756	ypLmkuw.exe
2168	vOZaljG.exe
2264	QLeluNp.exe
2928	ZrtCigp.exe
3004	mYoKgHo.exe
2196	uzmuAoi.exe
2828	SEWKkNR.exe
348	cINXcTl.exe
2832	eGYUgHT.exe
984	rAgFeOA.exe
2500	TueOLlK.exe
680	hNltAna.exe
2904	tmNECHd.exe
1948	idPQKFZ.exe
1956	HpAebOB.exe
1340	UUAherl.exe
2772	yvSxCqq.exe
2616	jyKituG.exe
1980	hjFaMbS.exe
728	ZmJtQii.exe
1768	RbGIXJY.exe
3056	vVwsohe.exe
2456	TwVlhXZ.exe
2268	kjNMDJV.exe
2436	LLuilxi.exe
2952	phHneie.exe
924	LvQmJXA.exe
1640	nLgenyM.exe
1484	VmhfFTD.exe
872	mYRwOFZ.exe
1648	hHmulRb.exe
3068	cIITxEr.exe
2680	PaQwNyp.exe
2448	BoKquvL.exe
2256	DRhiUhl.exe
2696	YKHERMA.exe
2736	eINFXeE.exe
2704	UCVPEVg.exe
2608	MyiWasF.exe
1812	evwuHKa.exe
712	QayhQwM.exe
2104	HxJnfPP.exe
2204	fdnTQEB.exe
3020	ieLAQZV.exe
836	xBRsrMV.exe

Loads dropped DLL 64 IoCs

pid	Process
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2216-0-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0003000000011ba1-6.dat	upx
behavioral1/memory/2700-15-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2668-13-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x00070000000193c4-12.dat	upx
behavioral1/files/0x00070000000193d9-19.dat	upx
behavioral1/memory/2804-22-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0006000000019401-27.dat	upx
behavioral1/memory/2664-28-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0006000000019403-29.dat	upx
behavioral1/memory/2560-36-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x000600000001942f-40.dat	upx
behavioral1/files/0x0032000000019382-44.dat	upx
behavioral1/files/0x000800000001947e-49.dat	upx
behavioral1/files/0x000500000001967d-59.dat	upx
behavioral1/files/0x00050000000196be-64.dat	upx
behavioral1/files/0x00050000000196f6-69.dat	upx
behavioral1/files/0x000500000001998a-72.dat	upx
behavioral1/files/0x0006000000019639-54.dat	upx
behavioral1/files/0x0005000000019c43-86.dat	upx
behavioral1/memory/2396-94-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0005000000019c4a-109.dat	upx
behavioral1/files/0x0005000000019db5-129.dat	upx
behavioral1/memory/2664-547-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2560-549-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1268-678-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2700-221-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x000500000001a441-185.dat	upx
behavioral1/files/0x000500000001a443-188.dat	upx
behavioral1/files/0x000500000001a43f-179.dat	upx
behavioral1/files/0x000500000001a43d-175.dat	upx
behavioral1/files/0x000500000001a311-164.dat	upx
behavioral1/files/0x000500000001a354-169.dat	upx
behavioral1/files/0x000500000001a0b3-159.dat	upx
behavioral1/files/0x000500000001a08b-154.dat	upx
behavioral1/files/0x000500000001a078-149.dat	upx
behavioral1/files/0x0005000000019fc9-144.dat	upx
behavioral1/files/0x0005000000019faf-139.dat	upx
behavioral1/files/0x0005000000019dc1-134.dat	upx
behavioral1/files/0x0005000000019d54-124.dat	upx
behavioral1/files/0x0005000000019d2d-119.dat	upx
behavioral1/files/0x0005000000019c63-114.dat	upx
behavioral1/files/0x0005000000019c48-104.dat	upx
behavioral1/memory/2984-84-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2484-82-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1268-99-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2588-96-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2216-95-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2656-80-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2088-91-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1520-87-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2548-78-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2700-4040-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2804-4041-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2560-4043-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2664-4042-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2588-4044-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2548-4046-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2656-4045-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2984-4047-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2484-4048-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2088-4050-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1520-4049-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2396-4051-0x000000013F110000-0x000000013F464000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mUZsYMx.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZrzxwz.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJzlYLP.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXYWjFE.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOSwuZg.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhQAStd.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldIuejt.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeAOGHo.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYfUjXx.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExmgPNe.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvQmJXA.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXgqdaI.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxoXIHF.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQPimdj.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiUySRk.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqbcPOW.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmhObxN.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiMXqIz.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OldafrG.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEdRAvl.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omNFdQq.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRjYpKY.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAblXEl.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxlJpzD.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBcXszb.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETAQCys.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRpqOZH.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgSTJsE.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLxlOXh.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TITSDnR.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGcXVjF.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSoQMbU.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNDLsOT.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFAhkIV.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPQyVRJ.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRHPatL.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtRqAmV.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaOgVSv.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAWdvFE.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsFeLpj.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvBxjkP.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXbPLBi.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZVQTuO.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veivOVF.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcFoDdZ.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftpogBR.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxyFzcL.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRyAPUy.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuYvNEE.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujfuqEg.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWiNJOD.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuuIZbN.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Emgoaow.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyJYyzH.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBcLsBE.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOorlVe.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gveePkv.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfaMFxF.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgcErnX.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTUjwmj.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRrPCSs.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDIwweo.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLgenyM.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZjJaHE.exe	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2668	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2216 wrote to memory of 2668	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2216 wrote to memory of 2668	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2216 wrote to memory of 2700	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2216 wrote to memory of 2700	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2216 wrote to memory of 2700	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2216 wrote to memory of 2804	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2216 wrote to memory of 2804	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2216 wrote to memory of 2804	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2216 wrote to memory of 2664	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2216 wrote to memory of 2664	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2216 wrote to memory of 2664	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2216 wrote to memory of 2560	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2216 wrote to memory of 2560	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2216 wrote to memory of 2560	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2216 wrote to memory of 2588	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2216 wrote to memory of 2588	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2216 wrote to memory of 2588	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2216 wrote to memory of 2548	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2216 wrote to memory of 2548	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2216 wrote to memory of 2548	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2216 wrote to memory of 2656	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2216 wrote to memory of 2656	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2216 wrote to memory of 2656	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2216 wrote to memory of 2484	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2216 wrote to memory of 2484	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2216 wrote to memory of 2484	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2216 wrote to memory of 2984	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2216 wrote to memory of 2984	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2216 wrote to memory of 2984	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2216 wrote to memory of 1520	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2216 wrote to memory of 1520	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2216 wrote to memory of 1520	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2216 wrote to memory of 2088	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2216 wrote to memory of 2088	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2216 wrote to memory of 2088	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2216 wrote to memory of 2396	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2216 wrote to memory of 2396	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2216 wrote to memory of 2396	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2216 wrote to memory of 1268	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2216 wrote to memory of 1268	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2216 wrote to memory of 1268	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2216 wrote to memory of 1536	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2216 wrote to memory of 1536	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2216 wrote to memory of 1536	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2216 wrote to memory of 2360	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2216 wrote to memory of 2360	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2216 wrote to memory of 2360	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2216 wrote to memory of 2988	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2216 wrote to memory of 2988	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2216 wrote to memory of 2988	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2216 wrote to memory of 1744	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2216 wrote to memory of 1744	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2216 wrote to memory of 1744	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2216 wrote to memory of 780	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2216 wrote to memory of 780	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2216 wrote to memory of 780	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2216 wrote to memory of 1756	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2216 wrote to memory of 1756	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2216 wrote to memory of 1756	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2216 wrote to memory of 2168	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2216 wrote to memory of 2168	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2216 wrote to memory of 2168	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2216 wrote to memory of 2264	2216	2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_8e70fedaa70fee615e696e46af94d4a1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\System\LKEcpCM.exe
  C:\Windows\System\LKEcpCM.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\XRKphvq.exe
  C:\Windows\System\XRKphvq.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ENCdjeB.exe
  C:\Windows\System\ENCdjeB.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\AfaMFxF.exe
  C:\Windows\System\AfaMFxF.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\lpLrDlS.exe
  C:\Windows\System\lpLrDlS.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\mXMJsTz.exe
  C:\Windows\System\mXMJsTz.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\sqJsdUJ.exe
  C:\Windows\System\sqJsdUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\tCIpPXv.exe
  C:\Windows\System\tCIpPXv.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\LarPdFA.exe
  C:\Windows\System\LarPdFA.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\WDJFccm.exe
  C:\Windows\System\WDJFccm.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\uZitEiS.exe
  C:\Windows\System\uZitEiS.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\nabZxuF.exe
  C:\Windows\System\nabZxuF.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\kHJbZge.exe
  C:\Windows\System\kHJbZge.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\FzlUpbL.exe
  C:\Windows\System\FzlUpbL.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\UUueXGW.exe
  C:\Windows\System\UUueXGW.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\JOlHvmT.exe
  C:\Windows\System\JOlHvmT.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\nEWjdhA.exe
  C:\Windows\System\nEWjdhA.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\gbdsSTP.exe
  C:\Windows\System\gbdsSTP.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\irBGlOj.exe
  C:\Windows\System\irBGlOj.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\ypLmkuw.exe
  C:\Windows\System\ypLmkuw.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\vOZaljG.exe
  C:\Windows\System\vOZaljG.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\QLeluNp.exe
  C:\Windows\System\QLeluNp.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ZrtCigp.exe
  C:\Windows\System\ZrtCigp.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\mYoKgHo.exe
  C:\Windows\System\mYoKgHo.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\uzmuAoi.exe
  C:\Windows\System\uzmuAoi.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\SEWKkNR.exe
  C:\Windows\System\SEWKkNR.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\cINXcTl.exe
  C:\Windows\System\cINXcTl.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\eGYUgHT.exe
  C:\Windows\System\eGYUgHT.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\rAgFeOA.exe
  C:\Windows\System\rAgFeOA.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\TueOLlK.exe
  C:\Windows\System\TueOLlK.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\hNltAna.exe
  C:\Windows\System\hNltAna.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\tmNECHd.exe
  C:\Windows\System\tmNECHd.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\idPQKFZ.exe
  C:\Windows\System\idPQKFZ.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\HpAebOB.exe
  C:\Windows\System\HpAebOB.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\UUAherl.exe
  C:\Windows\System\UUAherl.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\yvSxCqq.exe
  C:\Windows\System\yvSxCqq.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\jyKituG.exe
  C:\Windows\System\jyKituG.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\hjFaMbS.exe
  C:\Windows\System\hjFaMbS.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ZmJtQii.exe
  C:\Windows\System\ZmJtQii.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\RbGIXJY.exe
  C:\Windows\System\RbGIXJY.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\vVwsohe.exe
  C:\Windows\System\vVwsohe.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\TwVlhXZ.exe
  C:\Windows\System\TwVlhXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\kjNMDJV.exe
  C:\Windows\System\kjNMDJV.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\LLuilxi.exe
  C:\Windows\System\LLuilxi.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\LvQmJXA.exe
  C:\Windows\System\LvQmJXA.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\phHneie.exe
  C:\Windows\System\phHneie.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\VmhfFTD.exe
  C:\Windows\System\VmhfFTD.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\nLgenyM.exe
  C:\Windows\System\nLgenyM.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\hHmulRb.exe
  C:\Windows\System\hHmulRb.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\mYRwOFZ.exe
  C:\Windows\System\mYRwOFZ.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\BoKquvL.exe
  C:\Windows\System\BoKquvL.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\cIITxEr.exe
  C:\Windows\System\cIITxEr.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\DRhiUhl.exe
  C:\Windows\System\DRhiUhl.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\PaQwNyp.exe
  C:\Windows\System\PaQwNyp.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\eINFXeE.exe
  C:\Windows\System\eINFXeE.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\YKHERMA.exe
  C:\Windows\System\YKHERMA.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\UCVPEVg.exe
  C:\Windows\System\UCVPEVg.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\MyiWasF.exe
  C:\Windows\System\MyiWasF.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\evwuHKa.exe
  C:\Windows\System\evwuHKa.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\QayhQwM.exe
  C:\Windows\System\QayhQwM.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\fdnTQEB.exe
  C:\Windows\System\fdnTQEB.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\HxJnfPP.exe
  C:\Windows\System\HxJnfPP.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ieLAQZV.exe
  C:\Windows\System\ieLAQZV.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\xBRsrMV.exe
  C:\Windows\System\xBRsrMV.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\IjDnVzC.exe
  C:\Windows\System\IjDnVzC.exe
  2⤵
  PID:1952
- C:\Windows\System\YcbPeYi.exe
  C:\Windows\System\YcbPeYi.exe
  2⤵
  PID:2184
- C:\Windows\System\tOnJBwA.exe
  C:\Windows\System\tOnJBwA.exe
  2⤵
  PID:2924
- C:\Windows\System\HcitCxy.exe
  C:\Windows\System\HcitCxy.exe
  2⤵
  PID:1924
- C:\Windows\System\mUphKQE.exe
  C:\Windows\System\mUphKQE.exe
  2⤵
  PID:2836
- C:\Windows\System\IGQVvOp.exe
  C:\Windows\System\IGQVvOp.exe
  2⤵
  PID:944
- C:\Windows\System\NUhhrOf.exe
  C:\Windows\System\NUhhrOf.exe
  2⤵
  PID:1148
- C:\Windows\System\oRNRZXa.exe
  C:\Windows\System\oRNRZXa.exe
  2⤵
  PID:1580
- C:\Windows\System\zQSJlxh.exe
  C:\Windows\System\zQSJlxh.exe
  2⤵
  PID:1732
- C:\Windows\System\WlyqkyY.exe
  C:\Windows\System\WlyqkyY.exe
  2⤵
  PID:1772
- C:\Windows\System\arqpUmy.exe
  C:\Windows\System\arqpUmy.exe
  2⤵
  PID:1588
- C:\Windows\System\tZOuZdy.exe
  C:\Windows\System\tZOuZdy.exe
  2⤵
  PID:1860
- C:\Windows\System\HqaURpl.exe
  C:\Windows\System\HqaURpl.exe
  2⤵
  PID:2152
- C:\Windows\System\pGbKSMr.exe
  C:\Windows\System\pGbKSMr.exe
  2⤵
  PID:1988
- C:\Windows\System\MYDgCFy.exe
  C:\Windows\System\MYDgCFy.exe
  2⤵
  PID:352
- C:\Windows\System\gQIhxnF.exe
  C:\Windows\System\gQIhxnF.exe
  2⤵
  PID:1036
- C:\Windows\System\AlJSwaP.exe
  C:\Windows\System\AlJSwaP.exe
  2⤵
  PID:1788
- C:\Windows\System\wGnTUMD.exe
  C:\Windows\System\wGnTUMD.exe
  2⤵
  PID:2996
- C:\Windows\System\LdFheyI.exe
  C:\Windows\System\LdFheyI.exe
  2⤵
  PID:1936
- C:\Windows\System\TfwRRvo.exe
  C:\Windows\System\TfwRRvo.exe
  2⤵
  PID:2232
- C:\Windows\System\CAnDVav.exe
  C:\Windows\System\CAnDVav.exe
  2⤵
  PID:2888
- C:\Windows\System\KVRBMcv.exe
  C:\Windows\System\KVRBMcv.exe
  2⤵
  PID:2892
- C:\Windows\System\EtIcDXk.exe
  C:\Windows\System\EtIcDXk.exe
  2⤵
  PID:2600
- C:\Windows\System\kLWGXrT.exe
  C:\Windows\System\kLWGXrT.exe
  2⤵
  PID:2692
- C:\Windows\System\DpsBcwJ.exe
  C:\Windows\System\DpsBcwJ.exe
  2⤵
  PID:2348
- C:\Windows\System\KvBxjkP.exe
  C:\Windows\System\KvBxjkP.exe
  2⤵
  PID:1700
- C:\Windows\System\newBGQu.exe
  C:\Windows\System\newBGQu.exe
  2⤵
  PID:2076
- C:\Windows\System\GxaXXjC.exe
  C:\Windows\System\GxaXXjC.exe
  2⤵
  PID:480
- C:\Windows\System\oOpLsLC.exe
  C:\Windows\System\oOpLsLC.exe
  2⤵
  PID:1624
- C:\Windows\System\FlMudOQ.exe
  C:\Windows\System\FlMudOQ.exe
  2⤵
  PID:1904
- C:\Windows\System\ZAkrRaf.exe
  C:\Windows\System\ZAkrRaf.exe
  2⤵
  PID:1232
- C:\Windows\System\KODWMzq.exe
  C:\Windows\System\KODWMzq.exe
  2⤵
  PID:1864
- C:\Windows\System\VjiWWbe.exe
  C:\Windows\System\VjiWWbe.exe
  2⤵
  PID:2720
- C:\Windows\System\PedjFZa.exe
  C:\Windows\System\PedjFZa.exe
  2⤵
  PID:1620
- C:\Windows\System\kLJAore.exe
  C:\Windows\System\kLJAore.exe
  2⤵
  PID:1240
- C:\Windows\System\LUpNrjL.exe
  C:\Windows\System\LUpNrjL.exe
  2⤵
  PID:2276
- C:\Windows\System\OxiabRg.exe
  C:\Windows\System\OxiabRg.exe
  2⤵
  PID:2684
- C:\Windows\System\yDpULAT.exe
  C:\Windows\System\yDpULAT.exe
  2⤵
  PID:2764
- C:\Windows\System\XXBLTsW.exe
  C:\Windows\System\XXBLTsW.exe
  2⤵
  PID:1572
- C:\Windows\System\sEvfxrA.exe
  C:\Windows\System\sEvfxrA.exe
  2⤵
  PID:1716
- C:\Windows\System\gBkmNsl.exe
  C:\Windows\System\gBkmNsl.exe
  2⤵
  PID:2124
- C:\Windows\System\kdYQfNW.exe
  C:\Windows\System\kdYQfNW.exe
  2⤵
  PID:2284
- C:\Windows\System\wEbypFl.exe
  C:\Windows\System\wEbypFl.exe
  2⤵
  PID:884
- C:\Windows\System\NQyEVMR.exe
  C:\Windows\System\NQyEVMR.exe
  2⤵
  PID:2292
- C:\Windows\System\xvoraOY.exe
  C:\Windows\System\xvoraOY.exe
  2⤵
  PID:1964
- C:\Windows\System\uamqFCN.exe
  C:\Windows\System\uamqFCN.exe
  2⤵
  PID:2956
- C:\Windows\System\TSwDDbT.exe
  C:\Windows\System\TSwDDbT.exe
  2⤵
  PID:2728
- C:\Windows\System\BIlajTK.exe
  C:\Windows\System\BIlajTK.exe
  2⤵
  PID:1540
- C:\Windows\System\ksPUQzx.exe
  C:\Windows\System\ksPUQzx.exe
  2⤵
  PID:1312
- C:\Windows\System\JEXntxq.exe
  C:\Windows\System\JEXntxq.exe
  2⤵
  PID:1916
- C:\Windows\System\OECxEFh.exe
  C:\Windows\System\OECxEFh.exe
  2⤵
  PID:296
- C:\Windows\System\rGQNWuP.exe
  C:\Windows\System\rGQNWuP.exe
  2⤵
  PID:1996
- C:\Windows\System\zbJZPTN.exe
  C:\Windows\System\zbJZPTN.exe
  2⤵
  PID:3064
- C:\Windows\System\jpunXWL.exe
  C:\Windows\System\jpunXWL.exe
  2⤵
  PID:2252
- C:\Windows\System\OVRcOsl.exe
  C:\Windows\System\OVRcOsl.exe
  2⤵
  PID:264
- C:\Windows\System\FXZghmQ.exe
  C:\Windows\System\FXZghmQ.exe
  2⤵
  PID:2972
- C:\Windows\System\eiwKpxy.exe
  C:\Windows\System\eiwKpxy.exe
  2⤵
  PID:2052
- C:\Windows\System\BowbrTP.exe
  C:\Windows\System\BowbrTP.exe
  2⤵
  PID:776
- C:\Windows\System\OldafrG.exe
  C:\Windows\System\OldafrG.exe
  2⤵
  PID:1608
- C:\Windows\System\oXhdwXd.exe
  C:\Windows\System\oXhdwXd.exe
  2⤵
  PID:2748
- C:\Windows\System\QhRRyfE.exe
  C:\Windows\System\QhRRyfE.exe
  2⤵
  PID:2208
- C:\Windows\System\emkLacE.exe
  C:\Windows\System\emkLacE.exe
  2⤵
  PID:3092
- C:\Windows\System\MZNFtRm.exe
  C:\Windows\System\MZNFtRm.exe
  2⤵
  PID:3112
- C:\Windows\System\AVxQEEN.exe
  C:\Windows\System\AVxQEEN.exe
  2⤵
  PID:3132
- C:\Windows\System\FZOvVLf.exe
  C:\Windows\System\FZOvVLf.exe
  2⤵
  PID:3152
- C:\Windows\System\saUItFl.exe
  C:\Windows\System\saUItFl.exe
  2⤵
  PID:3168
- C:\Windows\System\smwIYSS.exe
  C:\Windows\System\smwIYSS.exe
  2⤵
  PID:3188
- C:\Windows\System\TKtgizo.exe
  C:\Windows\System\TKtgizo.exe
  2⤵
  PID:3216
- C:\Windows\System\GrCWDkh.exe
  C:\Windows\System\GrCWDkh.exe
  2⤵
  PID:3236
- C:\Windows\System\TfjfBAy.exe
  C:\Windows\System\TfjfBAy.exe
  2⤵
  PID:3260
- C:\Windows\System\EmWnzHg.exe
  C:\Windows\System\EmWnzHg.exe
  2⤵
  PID:3280
- C:\Windows\System\rkCockT.exe
  C:\Windows\System\rkCockT.exe
  2⤵
  PID:3300
- C:\Windows\System\tOPsEvj.exe
  C:\Windows\System\tOPsEvj.exe
  2⤵
  PID:3320
- C:\Windows\System\FuYvNEE.exe
  C:\Windows\System\FuYvNEE.exe
  2⤵
  PID:3336
- C:\Windows\System\cCzBhDJ.exe
  C:\Windows\System\cCzBhDJ.exe
  2⤵
  PID:3360
- C:\Windows\System\kNDZTMv.exe
  C:\Windows\System\kNDZTMv.exe
  2⤵
  PID:3380
- C:\Windows\System\NXudXmS.exe
  C:\Windows\System\NXudXmS.exe
  2⤵
  PID:3400
- C:\Windows\System\LSYKToU.exe
  C:\Windows\System\LSYKToU.exe
  2⤵
  PID:3416
- C:\Windows\System\IJBsYSG.exe
  C:\Windows\System\IJBsYSG.exe
  2⤵
  PID:3436
- C:\Windows\System\UweLjIC.exe
  C:\Windows\System\UweLjIC.exe
  2⤵
  PID:3452
- C:\Windows\System\ZytfTxR.exe
  C:\Windows\System\ZytfTxR.exe
  2⤵
  PID:3472
- C:\Windows\System\enplkOh.exe
  C:\Windows\System\enplkOh.exe
  2⤵
  PID:3488
- C:\Windows\System\UfFzYeb.exe
  C:\Windows\System\UfFzYeb.exe
  2⤵
  PID:3508
- C:\Windows\System\dKDSSSE.exe
  C:\Windows\System\dKDSSSE.exe
  2⤵
  PID:3528
- C:\Windows\System\IBcsGRi.exe
  C:\Windows\System\IBcsGRi.exe
  2⤵
  PID:3548
- C:\Windows\System\ahGDthq.exe
  C:\Windows\System\ahGDthq.exe
  2⤵
  PID:3568
- C:\Windows\System\cHVAssI.exe
  C:\Windows\System\cHVAssI.exe
  2⤵
  PID:3616
- C:\Windows\System\ZtsmPsE.exe
  C:\Windows\System\ZtsmPsE.exe
  2⤵
  PID:3632
- C:\Windows\System\mEpiOTF.exe
  C:\Windows\System\mEpiOTF.exe
  2⤵
  PID:3656
- C:\Windows\System\BolYyso.exe
  C:\Windows\System\BolYyso.exe
  2⤵
  PID:3676
- C:\Windows\System\NrnDFKS.exe
  C:\Windows\System\NrnDFKS.exe
  2⤵
  PID:3696
- C:\Windows\System\mJvPxmZ.exe
  C:\Windows\System\mJvPxmZ.exe
  2⤵
  PID:3712
- C:\Windows\System\MbbZfwz.exe
  C:\Windows\System\MbbZfwz.exe
  2⤵
  PID:3732
- C:\Windows\System\ltATVXj.exe
  C:\Windows\System\ltATVXj.exe
  2⤵
  PID:3752
- C:\Windows\System\ywAzarI.exe
  C:\Windows\System\ywAzarI.exe
  2⤵
  PID:3776
- C:\Windows\System\vJmobzx.exe
  C:\Windows\System\vJmobzx.exe
  2⤵
  PID:3796
- C:\Windows\System\dtPJtQs.exe
  C:\Windows\System\dtPJtQs.exe
  2⤵
  PID:3816
- C:\Windows\System\SpLxcdO.exe
  C:\Windows\System\SpLxcdO.exe
  2⤵
  PID:3832
- C:\Windows\System\nEKTIYB.exe
  C:\Windows\System\nEKTIYB.exe
  2⤵
  PID:3856
- C:\Windows\System\iamumOE.exe
  C:\Windows\System\iamumOE.exe
  2⤵
  PID:3876
- C:\Windows\System\LuOtmCw.exe
  C:\Windows\System\LuOtmCw.exe
  2⤵
  PID:3896
- C:\Windows\System\fsehFbJ.exe
  C:\Windows\System\fsehFbJ.exe
  2⤵
  PID:3916
- C:\Windows\System\jzPWBce.exe
  C:\Windows\System\jzPWBce.exe
  2⤵
  PID:3936
- C:\Windows\System\iQMClWH.exe
  C:\Windows\System\iQMClWH.exe
  2⤵
  PID:3956
- C:\Windows\System\WKyWlGJ.exe
  C:\Windows\System\WKyWlGJ.exe
  2⤵
  PID:3976
- C:\Windows\System\ZlAPXsq.exe
  C:\Windows\System\ZlAPXsq.exe
  2⤵
  PID:3996
- C:\Windows\System\YbegsKH.exe
  C:\Windows\System\YbegsKH.exe
  2⤵
  PID:4016
- C:\Windows\System\RWQIBVM.exe
  C:\Windows\System\RWQIBVM.exe
  2⤵
  PID:4032
- C:\Windows\System\GaxIMie.exe
  C:\Windows\System\GaxIMie.exe
  2⤵
  PID:4052
- C:\Windows\System\RUAKLZo.exe
  C:\Windows\System\RUAKLZo.exe
  2⤵
  PID:4076
- C:\Windows\System\qrVGsWv.exe
  C:\Windows\System\qrVGsWv.exe
  2⤵
  PID:968
- C:\Windows\System\RMZJBpx.exe
  C:\Windows\System\RMZJBpx.exe
  2⤵
  PID:2508
- C:\Windows\System\oFPvioT.exe
  C:\Windows\System\oFPvioT.exe
  2⤵
  PID:2624
- C:\Windows\System\vLVRupB.exe
  C:\Windows\System\vLVRupB.exe
  2⤵
  PID:3104
- C:\Windows\System\aDWXuIy.exe
  C:\Windows\System\aDWXuIy.exe
  2⤵
  PID:1968
- C:\Windows\System\wZyNGbP.exe
  C:\Windows\System\wZyNGbP.exe
  2⤵
  PID:1244
- C:\Windows\System\DPdIHPv.exe
  C:\Windows\System\DPdIHPv.exe
  2⤵
  PID:3128
- C:\Windows\System\NpeQcNe.exe
  C:\Windows\System\NpeQcNe.exe
  2⤵
  PID:3120
- C:\Windows\System\yFLdIdr.exe
  C:\Windows\System\yFLdIdr.exe
  2⤵
  PID:3232
- C:\Windows\System\OuvPKpG.exe
  C:\Windows\System\OuvPKpG.exe
  2⤵
  PID:3212
- C:\Windows\System\xzuEFLv.exe
  C:\Windows\System\xzuEFLv.exe
  2⤵
  PID:3272
- C:\Windows\System\ZdlXcTC.exe
  C:\Windows\System\ZdlXcTC.exe
  2⤵
  PID:3312
- C:\Windows\System\OEGpAtN.exe
  C:\Windows\System\OEGpAtN.exe
  2⤵
  PID:3356
- C:\Windows\System\RCDScNO.exe
  C:\Windows\System\RCDScNO.exe
  2⤵
  PID:3392
- C:\Windows\System\kfLmWbl.exe
  C:\Windows\System\kfLmWbl.exe
  2⤵
  PID:3460
- C:\Windows\System\SgRhgTZ.exe
  C:\Windows\System\SgRhgTZ.exe
  2⤵
  PID:3496
- C:\Windows\System\XZFctjD.exe
  C:\Windows\System\XZFctjD.exe
  2⤵
  PID:2808
- C:\Windows\System\zzaPCcn.exe
  C:\Windows\System\zzaPCcn.exe
  2⤵
  PID:3368
- C:\Windows\System\AAaZAlw.exe
  C:\Windows\System\AAaZAlw.exe
  2⤵
  PID:3408
- C:\Windows\System\XPWBcQa.exe
  C:\Windows\System\XPWBcQa.exe
  2⤵
  PID:3520
- C:\Windows\System\Dwtrgdm.exe
  C:\Windows\System\Dwtrgdm.exe
  2⤵
  PID:3560
- C:\Windows\System\AUBAUIh.exe
  C:\Windows\System\AUBAUIh.exe
  2⤵
  PID:2008
- C:\Windows\System\BvUPJBk.exe
  C:\Windows\System\BvUPJBk.exe
  2⤵
  PID:1256
- C:\Windows\System\XoXSnxo.exe
  C:\Windows\System\XoXSnxo.exe
  2⤵
  PID:536
- C:\Windows\System\cVRbjrS.exe
  C:\Windows\System\cVRbjrS.exe
  2⤵
  PID:2660
- C:\Windows\System\kQXisVn.exe
  C:\Windows\System\kQXisVn.exe
  2⤵
  PID:1468
- C:\Windows\System\TlDhyoc.exe
  C:\Windows\System\TlDhyoc.exe
  2⤵
  PID:3640
- C:\Windows\System\TlRcLfS.exe
  C:\Windows\System\TlRcLfS.exe
  2⤵
  PID:3684
- C:\Windows\System\tNwlWMy.exe
  C:\Windows\System\tNwlWMy.exe
  2⤵
  PID:3728
- C:\Windows\System\ltimdkg.exe
  C:\Windows\System\ltimdkg.exe
  2⤵
  PID:3664
- C:\Windows\System\ujfuqEg.exe
  C:\Windows\System\ujfuqEg.exe
  2⤵
  PID:3760
- C:\Windows\System\CyjzHOF.exe
  C:\Windows\System\CyjzHOF.exe
  2⤵
  PID:2740
- C:\Windows\System\muxpYWa.exe
  C:\Windows\System\muxpYWa.exe
  2⤵
  PID:3804
- C:\Windows\System\GPxwPaQ.exe
  C:\Windows\System\GPxwPaQ.exe
  2⤵
  PID:3840
- C:\Windows\System\MgwRsTn.exe
  C:\Windows\System\MgwRsTn.exe
  2⤵
  PID:3848
- C:\Windows\System\gcgnxJp.exe
  C:\Windows\System\gcgnxJp.exe
  2⤵
  PID:2672
- C:\Windows\System\fflNrrN.exe
  C:\Windows\System\fflNrrN.exe
  2⤵
  PID:3888
- C:\Windows\System\glklChI.exe
  C:\Windows\System\glklChI.exe
  2⤵
  PID:3924
- C:\Windows\System\NcexgFo.exe
  C:\Windows\System\NcexgFo.exe
  2⤵
  PID:3964
- C:\Windows\System\SRhXSqY.exe
  C:\Windows\System\SRhXSqY.exe
  2⤵
  PID:4004
- C:\Windows\System\ZHMSblg.exe
  C:\Windows\System\ZHMSblg.exe
  2⤵
  PID:3988
- C:\Windows\System\ZWiNJOD.exe
  C:\Windows\System\ZWiNJOD.exe
  2⤵
  PID:4084
- C:\Windows\System\CnMUAIs.exe
  C:\Windows\System\CnMUAIs.exe
  2⤵
  PID:1932
- C:\Windows\System\LAhKOka.exe
  C:\Windows\System\LAhKOka.exe
  2⤵
  PID:4088
- C:\Windows\System\mWGkBgv.exe
  C:\Windows\System\mWGkBgv.exe
  2⤵
  PID:2648
- C:\Windows\System\sFhVawc.exe
  C:\Windows\System\sFhVawc.exe
  2⤵
  PID:2940
- C:\Windows\System\gvcuvTR.exe
  C:\Windows\System\gvcuvTR.exe
  2⤵
  PID:3100
- C:\Windows\System\xNvpMFu.exe
  C:\Windows\System\xNvpMFu.exe
  2⤵
  PID:3084
- C:\Windows\System\UlLJdyd.exe
  C:\Windows\System\UlLJdyd.exe
  2⤵
  PID:3224
- C:\Windows\System\zHBhfoa.exe
  C:\Windows\System\zHBhfoa.exe
  2⤵
  PID:3124
- C:\Windows\System\uVedkst.exe
  C:\Windows\System\uVedkst.exe
  2⤵
  PID:3252
- C:\Windows\System\RXgqdaI.exe
  C:\Windows\System\RXgqdaI.exe
  2⤵
  PID:3316
- C:\Windows\System\FMfaUxC.exe
  C:\Windows\System\FMfaUxC.exe
  2⤵
  PID:3432
- C:\Windows\System\JxilBER.exe
  C:\Windows\System\JxilBER.exe
  2⤵
  PID:3292
- C:\Windows\System\gaaXDXd.exe
  C:\Windows\System\gaaXDXd.exe
  2⤵
  PID:3540
- C:\Windows\System\qtSTzxu.exe
  C:\Windows\System\qtSTzxu.exe
  2⤵
  PID:1368
- C:\Windows\System\ftUPKrt.exe
  C:\Windows\System\ftUPKrt.exe
  2⤵
  PID:3584
- C:\Windows\System\DetgJWP.exe
  C:\Windows\System\DetgJWP.exe
  2⤵
  PID:308
- C:\Windows\System\ZPOIZKR.exe
  C:\Windows\System\ZPOIZKR.exe
  2⤵
  PID:2756
- C:\Windows\System\kUIRIzP.exe
  C:\Windows\System\kUIRIzP.exe
  2⤵
  PID:2236
- C:\Windows\System\XFZdUYv.exe
  C:\Windows\System\XFZdUYv.exe
  2⤵
  PID:2752
- C:\Windows\System\SdgGBpP.exe
  C:\Windows\System\SdgGBpP.exe
  2⤵
  PID:1320
- C:\Windows\System\DTJAgKd.exe
  C:\Windows\System\DTJAgKd.exe
  2⤵
  PID:1016
- C:\Windows\System\ATAAxib.exe
  C:\Windows\System\ATAAxib.exe
  2⤵
  PID:2840
- C:\Windows\System\Pxhqgjn.exe
  C:\Windows\System\Pxhqgjn.exe
  2⤵
  PID:3708
- C:\Windows\System\VWqEDji.exe
  C:\Windows\System\VWqEDji.exe
  2⤵
  PID:3788
- C:\Windows\System\mrJoPzC.exe
  C:\Windows\System\mrJoPzC.exe
  2⤵
  PID:3892
- C:\Windows\System\ZdcrLZa.exe
  C:\Windows\System\ZdcrLZa.exe
  2⤵
  PID:3828
- C:\Windows\System\VYHkeno.exe
  C:\Windows\System\VYHkeno.exe
  2⤵
  PID:3724
- C:\Windows\System\ulmyVXg.exe
  C:\Windows\System\ulmyVXg.exe
  2⤵
  PID:3772
- C:\Windows\System\pmFHPDo.exe
  C:\Windows\System\pmFHPDo.exe
  2⤵
  PID:3912
- C:\Windows\System\cxoXIHF.exe
  C:\Windows\System\cxoXIHF.exe
  2⤵
  PID:3948
- C:\Windows\System\MLjnhUd.exe
  C:\Windows\System\MLjnhUd.exe
  2⤵
  PID:4008
- C:\Windows\System\SAdrcJi.exe
  C:\Windows\System\SAdrcJi.exe
  2⤵
  PID:1480
- C:\Windows\System\tZmPogR.exe
  C:\Windows\System\tZmPogR.exe
  2⤵
  PID:2776
- C:\Windows\System\RQzXXfM.exe
  C:\Windows\System\RQzXXfM.exe
  2⤵
  PID:1752
- C:\Windows\System\APzRfAh.exe
  C:\Windows\System\APzRfAh.exe
  2⤵
  PID:2780
- C:\Windows\System\HYapvWn.exe
  C:\Windows\System\HYapvWn.exe
  2⤵
  PID:3148
- C:\Windows\System\YoQozXh.exe
  C:\Windows\System\YoQozXh.exe
  2⤵
  PID:3344
- C:\Windows\System\fXlElpq.exe
  C:\Windows\System\fXlElpq.exe
  2⤵
  PID:3576
- C:\Windows\System\oqjFQcM.exe
  C:\Windows\System\oqjFQcM.exe
  2⤵
  PID:3480
- C:\Windows\System\kIzOIZf.exe
  C:\Windows\System\kIzOIZf.exe
  2⤵
  PID:3592
- C:\Windows\System\PvkBeiG.exe
  C:\Windows\System\PvkBeiG.exe
  2⤵
  PID:2072
- C:\Windows\System\Nqjqdvk.exe
  C:\Windows\System\Nqjqdvk.exe
  2⤵
  PID:2688
- C:\Windows\System\dZiVpoI.exe
  C:\Windows\System\dZiVpoI.exe
  2⤵
  PID:2568
- C:\Windows\System\GHkmOrO.exe
  C:\Windows\System\GHkmOrO.exe
  2⤵
  PID:2328
- C:\Windows\System\LbafcaN.exe
  C:\Windows\System\LbafcaN.exe
  2⤵
  PID:3652
- C:\Windows\System\wtqXEkF.exe
  C:\Windows\System\wtqXEkF.exe
  2⤵
  PID:3884
- C:\Windows\System\ZZDdyZU.exe
  C:\Windows\System\ZZDdyZU.exe
  2⤵
  PID:300
- C:\Windows\System\BcoAFfs.exe
  C:\Windows\System\BcoAFfs.exe
  2⤵
  PID:3932
- C:\Windows\System\XFYkzgC.exe
  C:\Windows\System\XFYkzgC.exe
  2⤵
  PID:3608
- C:\Windows\System\IDLYGDv.exe
  C:\Windows\System\IDLYGDv.exe
  2⤵
  PID:4024
- C:\Windows\System\FalQRCJ.exe
  C:\Windows\System\FalQRCJ.exe
  2⤵
  PID:4028
- C:\Windows\System\SmbQJot.exe
  C:\Windows\System\SmbQJot.exe
  2⤵
  PID:1508
- C:\Windows\System\aykyCrV.exe
  C:\Windows\System\aykyCrV.exe
  2⤵
  PID:2584
- C:\Windows\System\nbHapze.exe
  C:\Windows\System\nbHapze.exe
  2⤵
  PID:3012
- C:\Windows\System\xgcYINq.exe
  C:\Windows\System\xgcYINq.exe
  2⤵
  PID:3424
- C:\Windows\System\fFAhkIV.exe
  C:\Windows\System\fFAhkIV.exe
  2⤵
  PID:3544
- C:\Windows\System\kDJFtAe.exe
  C:\Windows\System\kDJFtAe.exe
  2⤵
  PID:1544
- C:\Windows\System\pTGVzon.exe
  C:\Windows\System\pTGVzon.exe
  2⤵
  PID:2532
- C:\Windows\System\WiyWrdw.exe
  C:\Windows\System\WiyWrdw.exe
  2⤵
  PID:4068
- C:\Windows\System\hFbJUGN.exe
  C:\Windows\System\hFbJUGN.exe
  2⤵
  PID:2412
- C:\Windows\System\djcdMpz.exe
  C:\Windows\System\djcdMpz.exe
  2⤵
  PID:3768
- C:\Windows\System\gSPwhJf.exe
  C:\Windows\System\gSPwhJf.exe
  2⤵
  PID:2724
- C:\Windows\System\jaJRqgM.exe
  C:\Windows\System\jaJRqgM.exe
  2⤵
  PID:3144
- C:\Windows\System\txcUXso.exe
  C:\Windows\System\txcUXso.exe
  2⤵
  PID:3992
- C:\Windows\System\zzFohtU.exe
  C:\Windows\System\zzFohtU.exe
  2⤵
  PID:2212
- C:\Windows\System\UKIEMpX.exe
  C:\Windows\System\UKIEMpX.exe
  2⤵
  PID:2016
- C:\Windows\System\qgluOLn.exe
  C:\Windows\System\qgluOLn.exe
  2⤵
  PID:3080
- C:\Windows\System\ruiJvYP.exe
  C:\Windows\System\ruiJvYP.exe
  2⤵
  PID:3824
- C:\Windows\System\DJiPoxl.exe
  C:\Windows\System\DJiPoxl.exe
  2⤵
  PID:3040
- C:\Windows\System\TSnFHTx.exe
  C:\Windows\System\TSnFHTx.exe
  2⤵
  PID:1416
- C:\Windows\System\DawwYdP.exe
  C:\Windows\System\DawwYdP.exe
  2⤵
  PID:4108
- C:\Windows\System\iDkuFhJ.exe
  C:\Windows\System\iDkuFhJ.exe
  2⤵
  PID:4128
- C:\Windows\System\QcjIRSD.exe
  C:\Windows\System\QcjIRSD.exe
  2⤵
  PID:4144
- C:\Windows\System\esGHifs.exe
  C:\Windows\System\esGHifs.exe
  2⤵
  PID:4160
- C:\Windows\System\bClwGLx.exe
  C:\Windows\System\bClwGLx.exe
  2⤵
  PID:4176
- C:\Windows\System\yQPimdj.exe
  C:\Windows\System\yQPimdj.exe
  2⤵
  PID:4192
- C:\Windows\System\wBGuFAV.exe
  C:\Windows\System\wBGuFAV.exe
  2⤵
  PID:4236
- C:\Windows\System\OLgrXuE.exe
  C:\Windows\System\OLgrXuE.exe
  2⤵
  PID:4256
- C:\Windows\System\RHmiWcZ.exe
  C:\Windows\System\RHmiWcZ.exe
  2⤵
  PID:4272
- C:\Windows\System\rXWKnqi.exe
  C:\Windows\System\rXWKnqi.exe
  2⤵
  PID:4288
- C:\Windows\System\FKMTzRo.exe
  C:\Windows\System\FKMTzRo.exe
  2⤵
  PID:4344
- C:\Windows\System\vVknpHu.exe
  C:\Windows\System\vVknpHu.exe
  2⤵
  PID:4360
- C:\Windows\System\dVRyyGF.exe
  C:\Windows\System\dVRyyGF.exe
  2⤵
  PID:4376
- C:\Windows\System\kYaVrAq.exe
  C:\Windows\System\kYaVrAq.exe
  2⤵
  PID:4396
- C:\Windows\System\iPWsoPb.exe
  C:\Windows\System\iPWsoPb.exe
  2⤵
  PID:4424
- C:\Windows\System\ZOCUtLa.exe
  C:\Windows\System\ZOCUtLa.exe
  2⤵
  PID:4444
- C:\Windows\System\wLqQULj.exe
  C:\Windows\System\wLqQULj.exe
  2⤵
  PID:4460
- C:\Windows\System\EXbPLBi.exe
  C:\Windows\System\EXbPLBi.exe
  2⤵
  PID:4476
- C:\Windows\System\AmRjzpM.exe
  C:\Windows\System\AmRjzpM.exe
  2⤵
  PID:4500
- C:\Windows\System\ZVjxCXh.exe
  C:\Windows\System\ZVjxCXh.exe
  2⤵
  PID:4516
- C:\Windows\System\TITSDnR.exe
  C:\Windows\System\TITSDnR.exe
  2⤵
  PID:4532
- C:\Windows\System\xmkBLdY.exe
  C:\Windows\System\xmkBLdY.exe
  2⤵
  PID:4548
- C:\Windows\System\rPVlFYu.exe
  C:\Windows\System\rPVlFYu.exe
  2⤵
  PID:4568
- C:\Windows\System\JKNjbTD.exe
  C:\Windows\System\JKNjbTD.exe
  2⤵
  PID:4584
- C:\Windows\System\vlJntCf.exe
  C:\Windows\System\vlJntCf.exe
  2⤵
  PID:4600
- C:\Windows\System\NwftXKI.exe
  C:\Windows\System\NwftXKI.exe
  2⤵
  PID:4620
- C:\Windows\System\HDkserz.exe
  C:\Windows\System\HDkserz.exe
  2⤵
  PID:4644
- C:\Windows\System\vapXHlA.exe
  C:\Windows\System\vapXHlA.exe
  2⤵
  PID:4668
- C:\Windows\System\uAATPns.exe
  C:\Windows\System\uAATPns.exe
  2⤵
  PID:4692
- C:\Windows\System\bXcZNtQ.exe
  C:\Windows\System\bXcZNtQ.exe
  2⤵
  PID:4708
- C:\Windows\System\SzGVAMy.exe
  C:\Windows\System\SzGVAMy.exe
  2⤵
  PID:4744
- C:\Windows\System\FiWZuen.exe
  C:\Windows\System\FiWZuen.exe
  2⤵
  PID:4760
- C:\Windows\System\qAXLqsp.exe
  C:\Windows\System\qAXLqsp.exe
  2⤵
  PID:4780
- C:\Windows\System\RswQMbR.exe
  C:\Windows\System\RswQMbR.exe
  2⤵
  PID:4804
- C:\Windows\System\ETMOCGH.exe
  C:\Windows\System\ETMOCGH.exe
  2⤵
  PID:4824
- C:\Windows\System\SANbfCJ.exe
  C:\Windows\System\SANbfCJ.exe
  2⤵
  PID:4844
- C:\Windows\System\qdcLbwU.exe
  C:\Windows\System\qdcLbwU.exe
  2⤵
  PID:4868
- C:\Windows\System\lvIFQJs.exe
  C:\Windows\System\lvIFQJs.exe
  2⤵
  PID:4884
- C:\Windows\System\dNonUMc.exe
  C:\Windows\System\dNonUMc.exe
  2⤵
  PID:4904
- C:\Windows\System\rDbaAKH.exe
  C:\Windows\System\rDbaAKH.exe
  2⤵
  PID:4920
- C:\Windows\System\DJydkqm.exe
  C:\Windows\System\DJydkqm.exe
  2⤵
  PID:4940
- C:\Windows\System\BKxOLqM.exe
  C:\Windows\System\BKxOLqM.exe
  2⤵
  PID:4956
- C:\Windows\System\QpXwHiA.exe
  C:\Windows\System\QpXwHiA.exe
  2⤵
  PID:4976
- C:\Windows\System\ZXtTmYx.exe
  C:\Windows\System\ZXtTmYx.exe
  2⤵
  PID:4996
- C:\Windows\System\BevblwW.exe
  C:\Windows\System\BevblwW.exe
  2⤵
  PID:5012
- C:\Windows\System\ZLWYBKC.exe
  C:\Windows\System\ZLWYBKC.exe
  2⤵
  PID:5032
- C:\Windows\System\pzdejSs.exe
  C:\Windows\System\pzdejSs.exe
  2⤵
  PID:5052
- C:\Windows\System\gIGmHur.exe
  C:\Windows\System\gIGmHur.exe
  2⤵
  PID:5076
- C:\Windows\System\xXVxvSW.exe
  C:\Windows\System\xXVxvSW.exe
  2⤵
  PID:5092
- C:\Windows\System\blTZvvz.exe
  C:\Windows\System\blTZvvz.exe
  2⤵
  PID:2192
- C:\Windows\System\BGcXVjF.exe
  C:\Windows\System\BGcXVjF.exe
  2⤵
  PID:4104
- C:\Windows\System\VItbfHE.exe
  C:\Windows\System\VItbfHE.exe
  2⤵
  PID:4172
- C:\Windows\System\fzOXJPy.exe
  C:\Windows\System\fzOXJPy.exe
  2⤵
  PID:616
- C:\Windows\System\jWYvWOB.exe
  C:\Windows\System\jWYvWOB.exe
  2⤵
  PID:3516
- C:\Windows\System\wbjdUOk.exe
  C:\Windows\System\wbjdUOk.exe
  2⤵
  PID:4220
- C:\Windows\System\vHSzEae.exe
  C:\Windows\System\vHSzEae.exe
  2⤵
  PID:2424
- C:\Windows\System\SXYWjFE.exe
  C:\Windows\System\SXYWjFE.exe
  2⤵
  PID:3792
- C:\Windows\System\bTizzfL.exe
  C:\Windows\System\bTizzfL.exe
  2⤵
  PID:4116
- C:\Windows\System\lgwuhYI.exe
  C:\Windows\System\lgwuhYI.exe
  2⤵
  PID:4188
- C:\Windows\System\MLcGyqy.exe
  C:\Windows\System\MLcGyqy.exe
  2⤵
  PID:4264
- C:\Windows\System\xwUWJPg.exe
  C:\Windows\System\xwUWJPg.exe
  2⤵
  PID:4312
- C:\Windows\System\XQQyCfG.exe
  C:\Windows\System\XQQyCfG.exe
  2⤵
  PID:4332
- C:\Windows\System\FGAAzNM.exe
  C:\Windows\System\FGAAzNM.exe
  2⤵
  PID:4372
- C:\Windows\System\RoaTBbM.exe
  C:\Windows\System\RoaTBbM.exe
  2⤵
  PID:4352
- C:\Windows\System\DAghuqY.exe
  C:\Windows\System\DAghuqY.exe
  2⤵
  PID:4408
- C:\Windows\System\ZmbabHi.exe
  C:\Windows\System\ZmbabHi.exe
  2⤵
  PID:4484
- C:\Windows\System\IRjMizk.exe
  C:\Windows\System\IRjMizk.exe
  2⤵
  PID:4528
- C:\Windows\System\nTILRdi.exe
  C:\Windows\System\nTILRdi.exe
  2⤵
  PID:4432
- C:\Windows\System\Xfyewha.exe
  C:\Windows\System\Xfyewha.exe
  2⤵
  PID:4640
- C:\Windows\System\wEjszEk.exe
  C:\Windows\System\wEjszEk.exe
  2⤵
  PID:4472
- C:\Windows\System\LvOwTGr.exe
  C:\Windows\System\LvOwTGr.exe
  2⤵
  PID:4508
- C:\Windows\System\PWQsSRi.exe
  C:\Windows\System\PWQsSRi.exe
  2⤵
  PID:4680
- C:\Windows\System\DhbqWgO.exe
  C:\Windows\System\DhbqWgO.exe
  2⤵
  PID:4688
- C:\Windows\System\qCTcWzb.exe
  C:\Windows\System\qCTcWzb.exe
  2⤵
  PID:4740
- C:\Windows\System\GIxMFvg.exe
  C:\Windows\System\GIxMFvg.exe
  2⤵
  PID:4700
- C:\Windows\System\dZUhkEM.exe
  C:\Windows\System\dZUhkEM.exe
  2⤵
  PID:4756
- C:\Windows\System\ucwvItV.exe
  C:\Windows\System\ucwvItV.exe
  2⤵
  PID:4792
- C:\Windows\System\QvDtoxV.exe
  C:\Windows\System\QvDtoxV.exe
  2⤵
  PID:4832
- C:\Windows\System\hlnnqIL.exe
  C:\Windows\System\hlnnqIL.exe
  2⤵
  PID:4856
- C:\Windows\System\PmOxxRd.exe
  C:\Windows\System\PmOxxRd.exe
  2⤵
  PID:4936
- C:\Windows\System\LOeTvKb.exe
  C:\Windows\System\LOeTvKb.exe
  2⤵
  PID:4880
- C:\Windows\System\euABgUg.exe
  C:\Windows\System\euABgUg.exe
  2⤵
  PID:4968
- C:\Windows\System\YaDcGmv.exe
  C:\Windows\System\YaDcGmv.exe
  2⤵
  PID:5040
- C:\Windows\System\FIdSeJH.exe
  C:\Windows\System\FIdSeJH.exe
  2⤵
  PID:4984
- C:\Windows\System\InkWZcs.exe
  C:\Windows\System\InkWZcs.exe
  2⤵
  PID:5108
- C:\Windows\System\tvAyRyh.exe
  C:\Windows\System\tvAyRyh.exe
  2⤵
  PID:5104
- C:\Windows\System\UzxzoFa.exe
  C:\Windows\System\UzxzoFa.exe
  2⤵
  PID:4208
- C:\Windows\System\eczdBiS.exe
  C:\Windows\System\eczdBiS.exe
  2⤵
  PID:840
- C:\Windows\System\nEdRAvl.exe
  C:\Windows\System\nEdRAvl.exe
  2⤵
  PID:2112
- C:\Windows\System\jvlYPbs.exe
  C:\Windows\System\jvlYPbs.exe
  2⤵
  PID:4184
- C:\Windows\System\pGouQJV.exe
  C:\Windows\System\pGouQJV.exe
  2⤵
  PID:4296
- C:\Windows\System\lHrbZOq.exe
  C:\Windows\System\lHrbZOq.exe
  2⤵
  PID:4324
- C:\Windows\System\rQRKMbl.exe
  C:\Windows\System\rQRKMbl.exe
  2⤵
  PID:4416
- C:\Windows\System\XzsHKYC.exe
  C:\Windows\System\XzsHKYC.exe
  2⤵
  PID:2528
- C:\Windows\System\DhENree.exe
  C:\Windows\System\DhENree.exe
  2⤵
  PID:4384
- C:\Windows\System\QaKgReU.exe
  C:\Windows\System\QaKgReU.exe
  2⤵
  PID:4576
- C:\Windows\System\oqWKrOb.exe
  C:\Windows\System\oqWKrOb.exe
  2⤵
  PID:4284
- C:\Windows\System\VCBqNqR.exe
  C:\Windows\System\VCBqNqR.exe
  2⤵
  PID:4388
- C:\Windows\System\SAvtTkh.exe
  C:\Windows\System\SAvtTkh.exe
  2⤵
  PID:4616
- C:\Windows\System\mpHvSec.exe
  C:\Windows\System\mpHvSec.exe
  2⤵
  PID:4664
- C:\Windows\System\yPBJCFT.exe
  C:\Windows\System\yPBJCFT.exe
  2⤵
  PID:4860
- C:\Windows\System\efrWYSN.exe
  C:\Windows\System\efrWYSN.exe
  2⤵
  PID:4836
- C:\Windows\System\ienneLF.exe
  C:\Windows\System\ienneLF.exe
  2⤵
  PID:4676
- C:\Windows\System\OmSyXul.exe
  C:\Windows\System\OmSyXul.exe
  2⤵
  PID:5084
- C:\Windows\System\eGkylho.exe
  C:\Windows\System\eGkylho.exe
  2⤵
  PID:5024
- C:\Windows\System\AjzTnNq.exe
  C:\Windows\System\AjzTnNq.exe
  2⤵
  PID:4992
- C:\Windows\System\dutVenK.exe
  C:\Windows\System\dutVenK.exe
  2⤵
  PID:5112
- C:\Windows\System\AmLvMtS.exe
  C:\Windows\System\AmLvMtS.exe
  2⤵
  PID:4232
- C:\Windows\System\IEIpCLi.exe
  C:\Windows\System\IEIpCLi.exe
  2⤵
  PID:4156
- C:\Windows\System\NhLxEDP.exe
  C:\Windows\System\NhLxEDP.exe
  2⤵
  PID:4248
- C:\Windows\System\nbyxJWh.exe
  C:\Windows\System\nbyxJWh.exe
  2⤵
  PID:4816
- C:\Windows\System\mGwQxoM.exe
  C:\Windows\System\mGwQxoM.exe
  2⤵
  PID:2788
- C:\Windows\System\aKjveKz.exe
  C:\Windows\System\aKjveKz.exe
  2⤵
  PID:444
- C:\Windows\System\TQipKmM.exe
  C:\Windows\System\TQipKmM.exe
  2⤵
  PID:4636
- C:\Windows\System\witGXlz.exe
  C:\Windows\System\witGXlz.exe
  2⤵
  PID:4628
- C:\Windows\System\YlcUvAC.exe
  C:\Windows\System\YlcUvAC.exe
  2⤵
  PID:5004
- C:\Windows\System\YrXsPme.exe
  C:\Windows\System\YrXsPme.exe
  2⤵
  PID:4776
- C:\Windows\System\ZDoHHEW.exe
  C:\Windows\System\ZDoHHEW.exe
  2⤵
  PID:4540
- C:\Windows\System\GbRFqgc.exe
  C:\Windows\System\GbRFqgc.exe
  2⤵
  PID:4800
- C:\Windows\System\GFkMWyd.exe
  C:\Windows\System\GFkMWyd.exe
  2⤵
  PID:3048
- C:\Windows\System\LAdNwpw.exe
  C:\Windows\System\LAdNwpw.exe
  2⤵
  PID:4820
- C:\Windows\System\pTBhreU.exe
  C:\Windows\System\pTBhreU.exe
  2⤵
  PID:4124
- C:\Windows\System\oNJRoVw.exe
  C:\Windows\System\oNJRoVw.exe
  2⤵
  PID:4140
- C:\Windows\System\PTYLCJf.exe
  C:\Windows\System\PTYLCJf.exe
  2⤵
  PID:4252
- C:\Windows\System\cPvzkPQ.exe
  C:\Windows\System\cPvzkPQ.exe
  2⤵
  PID:5124
- C:\Windows\System\omNFdQq.exe
  C:\Windows\System\omNFdQq.exe
  2⤵
  PID:5200
- C:\Windows\System\WOSwuZg.exe
  C:\Windows\System\WOSwuZg.exe
  2⤵
  PID:5216
- C:\Windows\System\BieTuib.exe
  C:\Windows\System\BieTuib.exe
  2⤵
  PID:5232
- C:\Windows\System\ZuZrjup.exe
  C:\Windows\System\ZuZrjup.exe
  2⤵
  PID:5252
- C:\Windows\System\SjyyTuC.exe
  C:\Windows\System\SjyyTuC.exe
  2⤵
  PID:5272
- C:\Windows\System\salxhnC.exe
  C:\Windows\System\salxhnC.exe
  2⤵
  PID:5288
- C:\Windows\System\rBZPsLC.exe
  C:\Windows\System\rBZPsLC.exe
  2⤵
  PID:5304
- C:\Windows\System\XHIcUIy.exe
  C:\Windows\System\XHIcUIy.exe
  2⤵
  PID:5320
- C:\Windows\System\vZVQTuO.exe
  C:\Windows\System\vZVQTuO.exe
  2⤵
  PID:5340
- C:\Windows\System\ZzWxTdL.exe
  C:\Windows\System\ZzWxTdL.exe
  2⤵
  PID:5356
- C:\Windows\System\JNWjNnE.exe
  C:\Windows\System\JNWjNnE.exe
  2⤵
  PID:5372
- C:\Windows\System\bYyYIfy.exe
  C:\Windows\System\bYyYIfy.exe
  2⤵
  PID:5388
- C:\Windows\System\pcBleVe.exe
  C:\Windows\System\pcBleVe.exe
  2⤵
  PID:5404
- C:\Windows\System\FbsrGLQ.exe
  C:\Windows\System\FbsrGLQ.exe
  2⤵
  PID:5420
- C:\Windows\System\GIgysFn.exe
  C:\Windows\System\GIgysFn.exe
  2⤵
  PID:5436
- C:\Windows\System\uyPLQwA.exe
  C:\Windows\System\uyPLQwA.exe
  2⤵
  PID:5472
- C:\Windows\System\MItwJRF.exe
  C:\Windows\System\MItwJRF.exe
  2⤵
  PID:5504
- C:\Windows\System\DTEHNOO.exe
  C:\Windows\System\DTEHNOO.exe
  2⤵
  PID:5528
- C:\Windows\System\megsLjw.exe
  C:\Windows\System\megsLjw.exe
  2⤵
  PID:5552
- C:\Windows\System\CSoQMbU.exe
  C:\Windows\System\CSoQMbU.exe
  2⤵
  PID:5568
- C:\Windows\System\vEprZMk.exe
  C:\Windows\System\vEprZMk.exe
  2⤵
  PID:5584
- C:\Windows\System\FmniRlu.exe
  C:\Windows\System\FmniRlu.exe
  2⤵
  PID:5600
- C:\Windows\System\bqQPLfO.exe
  C:\Windows\System\bqQPLfO.exe
  2⤵
  PID:5616
- C:\Windows\System\YoEPUZB.exe
  C:\Windows\System\YoEPUZB.exe
  2⤵
  PID:5632
- C:\Windows\System\WonkqKB.exe
  C:\Windows\System\WonkqKB.exe
  2⤵
  PID:5648
- C:\Windows\System\wuuIZbN.exe
  C:\Windows\System\wuuIZbN.exe
  2⤵
  PID:5664
- C:\Windows\System\ImsYiHu.exe
  C:\Windows\System\ImsYiHu.exe
  2⤵
  PID:5680
- C:\Windows\System\MHEprbb.exe
  C:\Windows\System\MHEprbb.exe
  2⤵
  PID:5696
- C:\Windows\System\htwaMEb.exe
  C:\Windows\System\htwaMEb.exe
  2⤵
  PID:5712
- C:\Windows\System\hJuaEGn.exe
  C:\Windows\System\hJuaEGn.exe
  2⤵
  PID:5728
- C:\Windows\System\uapGjZe.exe
  C:\Windows\System\uapGjZe.exe
  2⤵
  PID:5792
- C:\Windows\System\PWvEyjM.exe
  C:\Windows\System\PWvEyjM.exe
  2⤵
  PID:5816
- C:\Windows\System\pUarTIn.exe
  C:\Windows\System\pUarTIn.exe
  2⤵
  PID:5832
- C:\Windows\System\ECaVTEH.exe
  C:\Windows\System\ECaVTEH.exe
  2⤵
  PID:5848
- C:\Windows\System\onvMMEC.exe
  C:\Windows\System\onvMMEC.exe
  2⤵
  PID:5864
- C:\Windows\System\EwqcofM.exe
  C:\Windows\System\EwqcofM.exe
  2⤵
  PID:5880
- C:\Windows\System\oXaYItI.exe
  C:\Windows\System\oXaYItI.exe
  2⤵
  PID:5908
- C:\Windows\System\tVMZeNH.exe
  C:\Windows\System\tVMZeNH.exe
  2⤵
  PID:5932
- C:\Windows\System\mYIzPLd.exe
  C:\Windows\System\mYIzPLd.exe
  2⤵
  PID:5948
- C:\Windows\System\VcXybSX.exe
  C:\Windows\System\VcXybSX.exe
  2⤵
  PID:5968
- C:\Windows\System\josxfFb.exe
  C:\Windows\System\josxfFb.exe
  2⤵
  PID:5984
- C:\Windows\System\llRSsyQ.exe
  C:\Windows\System\llRSsyQ.exe
  2⤵
  PID:6004
- C:\Windows\System\DuIQJlX.exe
  C:\Windows\System\DuIQJlX.exe
  2⤵
  PID:6020
- C:\Windows\System\OcMZJby.exe
  C:\Windows\System\OcMZJby.exe
  2⤵
  PID:6056
- C:\Windows\System\COYEPFS.exe
  C:\Windows\System\COYEPFS.exe
  2⤵
  PID:6072
- C:\Windows\System\AMJlYuQ.exe
  C:\Windows\System\AMJlYuQ.exe
  2⤵
  PID:6088
- C:\Windows\System\LYxWGqo.exe
  C:\Windows\System\LYxWGqo.exe
  2⤵
  PID:6104
- C:\Windows\System\mppcRDD.exe
  C:\Windows\System\mppcRDD.exe
  2⤵
  PID:6120
- C:\Windows\System\SQTZaCJ.exe
  C:\Windows\System\SQTZaCJ.exe
  2⤵
  PID:6136
- C:\Windows\System\oRjYpKY.exe
  C:\Windows\System\oRjYpKY.exe
  2⤵
  PID:4404
- C:\Windows\System\adrUtZm.exe
  C:\Windows\System\adrUtZm.exe
  2⤵
  PID:4900
- C:\Windows\System\kyEWfBP.exe
  C:\Windows\System\kyEWfBP.exe
  2⤵
  PID:2564
- C:\Windows\System\aBCROvr.exe
  C:\Windows\System\aBCROvr.exe
  2⤵
  PID:5136
- C:\Windows\System\bOorlVe.exe
  C:\Windows\System\bOorlVe.exe
  2⤵
  PID:5168
- C:\Windows\System\ufPkZNr.exe
  C:\Windows\System\ufPkZNr.exe
  2⤵
  PID:4152
- C:\Windows\System\syUcrxw.exe
  C:\Windows\System\syUcrxw.exe
  2⤵
  PID:4772
- C:\Windows\System\lBBYMZH.exe
  C:\Windows\System\lBBYMZH.exe
  2⤵
  PID:5212
- C:\Windows\System\slngNOW.exe
  C:\Windows\System\slngNOW.exe
  2⤵
  PID:5280
- C:\Windows\System\TUcqnJc.exe
  C:\Windows\System\TUcqnJc.exe
  2⤵
  PID:5312
- C:\Windows\System\FSZFYwo.exe
  C:\Windows\System\FSZFYwo.exe
  2⤵
  PID:5380
- C:\Windows\System\OqPrdeY.exe
  C:\Windows\System\OqPrdeY.exe
  2⤵
  PID:5444
- C:\Windows\System\IiUySRk.exe
  C:\Windows\System\IiUySRk.exe
  2⤵
  PID:5428
- C:\Windows\System\BaxwTLb.exe
  C:\Windows\System\BaxwTLb.exe
  2⤵
  PID:5368
- C:\Windows\System\pFvLFcC.exe
  C:\Windows\System\pFvLFcC.exe
  2⤵
  PID:5296
- C:\Windows\System\mdAGLgd.exe
  C:\Windows\System\mdAGLgd.exe
  2⤵
  PID:5516
- C:\Windows\System\GIsQPFT.exe
  C:\Windows\System\GIsQPFT.exe
  2⤵
  PID:5484
- C:\Windows\System\mZtkWfr.exe
  C:\Windows\System\mZtkWfr.exe
  2⤵
  PID:5500
- C:\Windows\System\PdofPsv.exe
  C:\Windows\System\PdofPsv.exe
  2⤵
  PID:5580
- C:\Windows\System\iPJZcJj.exe
  C:\Windows\System\iPJZcJj.exe
  2⤵
  PID:5672
- C:\Windows\System\CHctAdM.exe
  C:\Windows\System\CHctAdM.exe
  2⤵
  PID:5560
- C:\Windows\System\aSjqhWM.exe
  C:\Windows\System\aSjqhWM.exe
  2⤵
  PID:5628
- C:\Windows\System\dVaNlcj.exe
  C:\Windows\System\dVaNlcj.exe
  2⤵
  PID:5720
- C:\Windows\System\TuRqizU.exe
  C:\Windows\System\TuRqizU.exe
  2⤵
  PID:5756
- C:\Windows\System\ipfSIoq.exe
  C:\Windows\System\ipfSIoq.exe
  2⤵
  PID:5772
- C:\Windows\System\sErkXbm.exe
  C:\Windows\System\sErkXbm.exe
  2⤵
  PID:5860
- C:\Windows\System\sQroOxC.exe
  C:\Windows\System\sQroOxC.exe
  2⤵
  PID:5804
- C:\Windows\System\OBaqLTH.exe
  C:\Windows\System\OBaqLTH.exe
  2⤵
  PID:5844
- C:\Windows\System\AjADuNx.exe
  C:\Windows\System\AjADuNx.exe
  2⤵
  PID:5904
- C:\Windows\System\yxEiabB.exe
  C:\Windows\System\yxEiabB.exe
  2⤵
  PID:5928
- C:\Windows\System\WWnjFcQ.exe
  C:\Windows\System\WWnjFcQ.exe
  2⤵
  PID:5940
- C:\Windows\System\NtlIAkQ.exe
  C:\Windows\System\NtlIAkQ.exe
  2⤵
  PID:6016
- C:\Windows\System\YOJiJJW.exe
  C:\Windows\System\YOJiJJW.exe
  2⤵
  PID:4912
- C:\Windows\System\WzANVHo.exe
  C:\Windows\System\WzANVHo.exe
  2⤵
  PID:6132
- C:\Windows\System\juYGhnJ.exe
  C:\Windows\System\juYGhnJ.exe
  2⤵
  PID:6040
- C:\Windows\System\jVPscle.exe
  C:\Windows\System\jVPscle.exe
  2⤵
  PID:6044
- C:\Windows\System\mnVlSfN.exe
  C:\Windows\System\mnVlSfN.exe
  2⤵
  PID:1272
- C:\Windows\System\tmHoxPk.exe
  C:\Windows\System\tmHoxPk.exe
  2⤵
  PID:5148
- C:\Windows\System\sctjcHA.exe
  C:\Windows\System\sctjcHA.exe
  2⤵
  PID:5164
- C:\Windows\System\VjfANUq.exe
  C:\Windows\System\VjfANUq.exe
  2⤵
  PID:5188
- C:\Windows\System\TnKpGxm.exe
  C:\Windows\System\TnKpGxm.exe
  2⤵
  PID:5020
- C:\Windows\System\shfZnDN.exe
  C:\Windows\System\shfZnDN.exe
  2⤵
  PID:5068
- C:\Windows\System\mLQWUxW.exe
  C:\Windows\System\mLQWUxW.exe
  2⤵
  PID:5228
- C:\Windows\System\phngrTD.exe
  C:\Windows\System\phngrTD.exe
  2⤵
  PID:5268
- C:\Windows\System\OduIkWl.exe
  C:\Windows\System\OduIkWl.exe
  2⤵
  PID:5352
- C:\Windows\System\aPHQToc.exe
  C:\Windows\System\aPHQToc.exe
  2⤵
  PID:5336
- C:\Windows\System\iPQyVRJ.exe
  C:\Windows\System\iPQyVRJ.exe
  2⤵
  PID:5512
- C:\Windows\System\MNaASIV.exe
  C:\Windows\System\MNaASIV.exe
  2⤵
  PID:5396
- C:\Windows\System\gStFhvD.exe
  C:\Windows\System\gStFhvD.exe
  2⤵
  PID:2064
- C:\Windows\System\uILGVYj.exe
  C:\Windows\System\uILGVYj.exe
  2⤵
  PID:5596
- C:\Windows\System\dsMTrDq.exe
  C:\Windows\System\dsMTrDq.exe
  2⤵
  PID:5784
- C:\Windows\System\aqvOfos.exe
  C:\Windows\System\aqvOfos.exe
  2⤵
  PID:5744
- C:\Windows\System\qzLDIQd.exe
  C:\Windows\System\qzLDIQd.exe
  2⤵
  PID:5788
- C:\Windows\System\EyzKkZZ.exe
  C:\Windows\System\EyzKkZZ.exe
  2⤵
  PID:5872
- C:\Windows\System\fQxjoQK.exe
  C:\Windows\System\fQxjoQK.exe
  2⤵
  PID:5964
- C:\Windows\System\KiPVGbl.exe
  C:\Windows\System\KiPVGbl.exe
  2⤵
  PID:6100
- C:\Windows\System\MvotwdN.exe
  C:\Windows\System\MvotwdN.exe
  2⤵
  PID:876
- C:\Windows\System\NOzbeTy.exe
  C:\Windows\System\NOzbeTy.exe
  2⤵
  PID:6116
- C:\Windows\System\EeGpsIh.exe
  C:\Windows\System\EeGpsIh.exe
  2⤵
  PID:5980
- C:\Windows\System\PAWNNCo.exe
  C:\Windows\System\PAWNNCo.exe
  2⤵
  PID:6112
- C:\Windows\System\UGSiKky.exe
  C:\Windows\System\UGSiKky.exe
  2⤵
  PID:4512
- C:\Windows\System\ctocSUl.exe
  C:\Windows\System\ctocSUl.exe
  2⤵
  PID:5156
- C:\Windows\System\TJXBgnL.exe
  C:\Windows\System\TJXBgnL.exe
  2⤵
  PID:4336
- C:\Windows\System\gHkVXAa.exe
  C:\Windows\System\gHkVXAa.exe
  2⤵
  PID:5240
- C:\Windows\System\tqYXhDm.exe
  C:\Windows\System\tqYXhDm.exe
  2⤵
  PID:5468
- C:\Windows\System\XEwxggP.exe
  C:\Windows\System\XEwxggP.exe
  2⤵
  PID:2492
- C:\Windows\System\vOjoPOw.exe
  C:\Windows\System\vOjoPOw.exe
  2⤵
  PID:5416
- C:\Windows\System\MxFYYPY.exe
  C:\Windows\System\MxFYYPY.exe
  2⤵
  PID:5460
- C:\Windows\System\TnhVDsN.exe
  C:\Windows\System\TnhVDsN.exe
  2⤵
  PID:5748
- C:\Windows\System\QJupTOS.exe
  C:\Windows\System\QJupTOS.exe
  2⤵
  PID:5764
- C:\Windows\System\jXogARQ.exe
  C:\Windows\System\jXogARQ.exe
  2⤵
  PID:5808
- C:\Windows\System\GYZKTkg.exe
  C:\Windows\System\GYZKTkg.exe
  2⤵
  PID:6000
- C:\Windows\System\tduvopy.exe
  C:\Windows\System\tduvopy.exe
  2⤵
  PID:5196
- C:\Windows\System\aDaCfbf.exe
  C:\Windows\System\aDaCfbf.exe
  2⤵
  PID:5328
- C:\Windows\System\XMOPLhB.exe
  C:\Windows\System\XMOPLhB.exe
  2⤵
  PID:5704
- C:\Windows\System\qICwEnx.exe
  C:\Windows\System\qICwEnx.exe
  2⤵
  PID:5856
- C:\Windows\System\VNdsjIx.exe
  C:\Windows\System\VNdsjIx.exe
  2⤵
  PID:5300
- C:\Windows\System\fndsFvI.exe
  C:\Windows\System\fndsFvI.exe
  2⤵
  PID:6080
- C:\Windows\System\uxXWyBy.exe
  C:\Windows\System\uxXWyBy.exe
  2⤵
  PID:6084
- C:\Windows\System\pgdcYPB.exe
  C:\Windows\System\pgdcYPB.exe
  2⤵
  PID:5960
- C:\Windows\System\tMjcViE.exe
  C:\Windows\System\tMjcViE.exe
  2⤵
  PID:3588
- C:\Windows\System\cNOrNPq.exe
  C:\Windows\System\cNOrNPq.exe
  2⤵
  PID:5480
- C:\Windows\System\LlaJKlx.exe
  C:\Windows\System\LlaJKlx.exe
  2⤵
  PID:5828
- C:\Windows\System\KKhBZtz.exe
  C:\Windows\System\KKhBZtz.exe
  2⤵
  PID:6096
- C:\Windows\System\dpmWOSS.exe
  C:\Windows\System\dpmWOSS.exe
  2⤵
  PID:5800
- C:\Windows\System\clGWPeY.exe
  C:\Windows\System\clGWPeY.exe
  2⤵
  PID:5184
- C:\Windows\System\PKkyDcj.exe
  C:\Windows\System\PKkyDcj.exe
  2⤵
  PID:5576
- C:\Windows\System\QInFgim.exe
  C:\Windows\System\QInFgim.exe
  2⤵
  PID:6160
- C:\Windows\System\nrnPuIi.exe
  C:\Windows\System\nrnPuIi.exe
  2⤵
  PID:6180
- C:\Windows\System\dNFyTGl.exe
  C:\Windows\System\dNFyTGl.exe
  2⤵
  PID:6220
- C:\Windows\System\apGVbRL.exe
  C:\Windows\System\apGVbRL.exe
  2⤵
  PID:6244
- C:\Windows\System\nMIixye.exe
  C:\Windows\System\nMIixye.exe
  2⤵
  PID:6260
- C:\Windows\System\NkPxxrJ.exe
  C:\Windows\System\NkPxxrJ.exe
  2⤵
  PID:6276
- C:\Windows\System\twofMaN.exe
  C:\Windows\System\twofMaN.exe
  2⤵
  PID:6292
- C:\Windows\System\cxCGXhz.exe
  C:\Windows\System\cxCGXhz.exe
  2⤵
  PID:6308
- C:\Windows\System\AuoVPRo.exe
  C:\Windows\System\AuoVPRo.exe
  2⤵
  PID:6324
- C:\Windows\System\QxbgGVA.exe
  C:\Windows\System\QxbgGVA.exe
  2⤵
  PID:6348
- C:\Windows\System\zRHPatL.exe
  C:\Windows\System\zRHPatL.exe
  2⤵
  PID:6368
- C:\Windows\System\prezFqt.exe
  C:\Windows\System\prezFqt.exe
  2⤵
  PID:6384
- C:\Windows\System\nxkOBSi.exe
  C:\Windows\System\nxkOBSi.exe
  2⤵
  PID:6400
- C:\Windows\System\yoxHzjU.exe
  C:\Windows\System\yoxHzjU.exe
  2⤵
  PID:6420
- C:\Windows\System\GRucQzQ.exe
  C:\Windows\System\GRucQzQ.exe
  2⤵
  PID:6440
- C:\Windows\System\veivOVF.exe
  C:\Windows\System\veivOVF.exe
  2⤵
  PID:6460
- C:\Windows\System\EeSWAdT.exe
  C:\Windows\System\EeSWAdT.exe
  2⤵
  PID:6480
- C:\Windows\System\tfDKcll.exe
  C:\Windows\System\tfDKcll.exe
  2⤵
  PID:6512
- C:\Windows\System\wdcAuWY.exe
  C:\Windows\System\wdcAuWY.exe
  2⤵
  PID:6536
- C:\Windows\System\pkHUFdo.exe
  C:\Windows\System\pkHUFdo.exe
  2⤵
  PID:6556
- C:\Windows\System\IwBJmKO.exe
  C:\Windows\System\IwBJmKO.exe
  2⤵
  PID:6576
- C:\Windows\System\IeVjHYz.exe
  C:\Windows\System\IeVjHYz.exe
  2⤵
  PID:6592
- C:\Windows\System\hUaHTIV.exe
  C:\Windows\System\hUaHTIV.exe
  2⤵
  PID:6608
- C:\Windows\System\JrOjBSI.exe
  C:\Windows\System\JrOjBSI.exe
  2⤵
  PID:6628
- C:\Windows\System\XzYbYRy.exe
  C:\Windows\System\XzYbYRy.exe
  2⤵
  PID:6648
- C:\Windows\System\GgrAbXB.exe
  C:\Windows\System\GgrAbXB.exe
  2⤵
  PID:6664
- C:\Windows\System\oupWqEV.exe
  C:\Windows\System\oupWqEV.exe
  2⤵
  PID:6704
- C:\Windows\System\UodbKNI.exe
  C:\Windows\System\UodbKNI.exe
  2⤵
  PID:6720
- C:\Windows\System\nYBzDlb.exe
  C:\Windows\System\nYBzDlb.exe
  2⤵
  PID:6740
- C:\Windows\System\POLDCKr.exe
  C:\Windows\System\POLDCKr.exe
  2⤵
  PID:6756
- C:\Windows\System\eORNyvi.exe
  C:\Windows\System\eORNyvi.exe
  2⤵
  PID:6772
- C:\Windows\System\tGXcvfm.exe
  C:\Windows\System\tGXcvfm.exe
  2⤵
  PID:6788
- C:\Windows\System\OcQHkrT.exe
  C:\Windows\System\OcQHkrT.exe
  2⤵
  PID:6804
- C:\Windows\System\eYysUSB.exe
  C:\Windows\System\eYysUSB.exe
  2⤵
  PID:6820
- C:\Windows\System\Emgoaow.exe
  C:\Windows\System\Emgoaow.exe
  2⤵
  PID:6836
- C:\Windows\System\yhyfiXz.exe
  C:\Windows\System\yhyfiXz.exe
  2⤵
  PID:6856
- C:\Windows\System\jMsdEPs.exe
  C:\Windows\System\jMsdEPs.exe
  2⤵
  PID:6876
- C:\Windows\System\KtOduFN.exe
  C:\Windows\System\KtOduFN.exe
  2⤵
  PID:6900
- C:\Windows\System\VIOSTzw.exe
  C:\Windows\System\VIOSTzw.exe
  2⤵
  PID:6920
- C:\Windows\System\fbBTtQF.exe
  C:\Windows\System\fbBTtQF.exe
  2⤵
  PID:6964
- C:\Windows\System\fTckgcU.exe
  C:\Windows\System\fTckgcU.exe
  2⤵
  PID:6980
- C:\Windows\System\ESqlrpF.exe
  C:\Windows\System\ESqlrpF.exe
  2⤵
  PID:7000
- C:\Windows\System\lksATWh.exe
  C:\Windows\System\lksATWh.exe
  2⤵
  PID:7016
- C:\Windows\System\IfgrvmR.exe
  C:\Windows\System\IfgrvmR.exe
  2⤵
  PID:7032
- C:\Windows\System\hssfPFj.exe
  C:\Windows\System\hssfPFj.exe
  2⤵
  PID:7048
- C:\Windows\System\JRFZzWs.exe
  C:\Windows\System\JRFZzWs.exe
  2⤵
  PID:7064
- C:\Windows\System\ctFtDkb.exe
  C:\Windows\System\ctFtDkb.exe
  2⤵
  PID:7084
- C:\Windows\System\WnZjuyS.exe
  C:\Windows\System\WnZjuyS.exe
  2⤵
  PID:7104
- C:\Windows\System\AzOvpyd.exe
  C:\Windows\System\AzOvpyd.exe
  2⤵
  PID:7120
- C:\Windows\System\MZoKtco.exe
  C:\Windows\System\MZoKtco.exe
  2⤵
  PID:7140
- C:\Windows\System\RXeninb.exe
  C:\Windows\System\RXeninb.exe
  2⤵
  PID:7156
- C:\Windows\System\vjmyBJV.exe
  C:\Windows\System\vjmyBJV.exe
  2⤵
  PID:5496
- C:\Windows\System\BkpKggl.exe
  C:\Windows\System\BkpKggl.exe
  2⤵
  PID:6028
- C:\Windows\System\wcFoDdZ.exe
  C:\Windows\System\wcFoDdZ.exe
  2⤵
  PID:6200
- C:\Windows\System\bSFcwnP.exe
  C:\Windows\System\bSFcwnP.exe
  2⤵
  PID:6156
- C:\Windows\System\iwSBRfp.exe
  C:\Windows\System\iwSBRfp.exe
  2⤵
  PID:6196
- C:\Windows\System\mUZsYMx.exe
  C:\Windows\System\mUZsYMx.exe
  2⤵
  PID:6272
- C:\Windows\System\gkpfjsL.exe
  C:\Windows\System\gkpfjsL.exe
  2⤵
  PID:6332
- C:\Windows\System\TFlTHWO.exe
  C:\Windows\System\TFlTHWO.exe
  2⤵
  PID:6252
- C:\Windows\System\ANiZoMe.exe
  C:\Windows\System\ANiZoMe.exe
  2⤵
  PID:6360
- C:\Windows\System\BTIbImd.exe
  C:\Windows\System\BTIbImd.exe
  2⤵
  PID:6408
- C:\Windows\System\cAKMPRw.exe
  C:\Windows\System\cAKMPRw.exe
  2⤵
  PID:6456
- C:\Windows\System\FbwUOCX.exe
  C:\Windows\System\FbwUOCX.exe
  2⤵
  PID:6488
- C:\Windows\System\INmaOZN.exe
  C:\Windows\System\INmaOZN.exe
  2⤵
  PID:6288
- C:\Windows\System\nWLBVUI.exe
  C:\Windows\System\nWLBVUI.exe
  2⤵
  PID:6548
- C:\Windows\System\CDwvixl.exe
  C:\Windows\System\CDwvixl.exe
  2⤵
  PID:6616
- C:\Windows\System\qGtWzYn.exe
  C:\Windows\System\qGtWzYn.exe
  2⤵
  PID:6524
- C:\Windows\System\NWToHnr.exe
  C:\Windows\System\NWToHnr.exe
  2⤵
  PID:6568
- C:\Windows\System\fCiOpNf.exe
  C:\Windows\System\fCiOpNf.exe
  2⤵
  PID:6636
- C:\Windows\System\TNgAPrx.exe
  C:\Windows\System\TNgAPrx.exe
  2⤵
  PID:6680
- C:\Windows\System\QbJbvBX.exe
  C:\Windows\System\QbJbvBX.exe
  2⤵
  PID:6692
- C:\Windows\System\CPWCiWU.exe
  C:\Windows\System\CPWCiWU.exe
  2⤵
  PID:6700
- C:\Windows\System\wtxNllg.exe
  C:\Windows\System\wtxNllg.exe
  2⤵
  PID:6812
- C:\Windows\System\zKkaUNZ.exe
  C:\Windows\System\zKkaUNZ.exe
  2⤵
  PID:6728
- C:\Windows\System\yDjbqrT.exe
  C:\Windows\System\yDjbqrT.exe
  2⤵
  PID:6892
- C:\Windows\System\UIysoDC.exe
  C:\Windows\System\UIysoDC.exe
  2⤵
  PID:6796
- C:\Windows\System\lqyyWwg.exe
  C:\Windows\System\lqyyWwg.exe
  2⤵
  PID:6912
- C:\Windows\System\OCUKjGv.exe
  C:\Windows\System\OCUKjGv.exe
  2⤵
  PID:6956
- C:\Windows\System\yyeHkfS.exe
  C:\Windows\System\yyeHkfS.exe
  2⤵
  PID:6992
- C:\Windows\System\wfbWMcU.exe
  C:\Windows\System\wfbWMcU.exe
  2⤵
  PID:7060
- C:\Windows\System\FljRqpE.exe
  C:\Windows\System\FljRqpE.exe
  2⤵
  PID:7132
- C:\Windows\System\KiPiUoa.exe
  C:\Windows\System\KiPiUoa.exe
  2⤵
  PID:6972
- C:\Windows\System\WJboJIn.exe
  C:\Windows\System\WJboJIn.exe
  2⤵
  PID:7152
- C:\Windows\System\VtwAwBD.exe
  C:\Windows\System\VtwAwBD.exe
  2⤵
  PID:7040
- C:\Windows\System\rSsuLZf.exe
  C:\Windows\System\rSsuLZf.exe
  2⤵
  PID:7112
- C:\Windows\System\nrFgdEy.exe
  C:\Windows\System\nrFgdEy.exe
  2⤵
  PID:1780
- C:\Windows\System\PXwZFoz.exe
  C:\Windows\System\PXwZFoz.exe
  2⤵
  PID:6036
- C:\Windows\System\GhQAStd.exe
  C:\Windows\System\GhQAStd.exe
  2⤵
  PID:6212
- C:\Windows\System\shwoSyo.exe
  C:\Windows\System\shwoSyo.exe
  2⤵
  PID:6216
- C:\Windows\System\cglXmvF.exe
  C:\Windows\System\cglXmvF.exe
  2⤵
  PID:6320
- C:\Windows\System\oBBvKOq.exe
  C:\Windows\System\oBBvKOq.exe
  2⤵
  PID:6268
- C:\Windows\System\PsQJAON.exe
  C:\Windows\System\PsQJAON.exe
  2⤵
  PID:6396
- C:\Windows\System\HFTDFRE.exe
  C:\Windows\System\HFTDFRE.exe
  2⤵
  PID:6584
- C:\Windows\System\JNPgSbd.exe
  C:\Windows\System\JNPgSbd.exe
  2⤵
  PID:6588
- C:\Windows\System\vCXIKBG.exe
  C:\Windows\System\vCXIKBG.exe
  2⤵
  PID:6564
- C:\Windows\System\drJYaqd.exe
  C:\Windows\System\drJYaqd.exe
  2⤵
  PID:6624
- C:\Windows\System\fmcjkvF.exe
  C:\Windows\System\fmcjkvF.exe
  2⤵
  PID:6848
- C:\Windows\System\fDliizS.exe
  C:\Windows\System\fDliizS.exe
  2⤵
  PID:6952
- C:\Windows\System\UEEDGXe.exe
  C:\Windows\System\UEEDGXe.exe
  2⤵
  PID:6948
- C:\Windows\System\iMFfIFG.exe
  C:\Windows\System\iMFfIFG.exe
  2⤵
  PID:6604
- C:\Windows\System\nomZkQC.exe
  C:\Windows\System\nomZkQC.exe
  2⤵
  PID:6712
- C:\Windows\System\kchBqIn.exe
  C:\Windows\System\kchBqIn.exe
  2⤵
  PID:6960
- C:\Windows\System\BVhsdLZ.exe
  C:\Windows\System\BVhsdLZ.exe
  2⤵
  PID:6828
- C:\Windows\System\ysvUueA.exe
  C:\Windows\System\ysvUueA.exe
  2⤵
  PID:7148
- C:\Windows\System\jUGIzIa.exe
  C:\Windows\System\jUGIzIa.exe
  2⤵
  PID:6188
- C:\Windows\System\HUHTRzb.exe
  C:\Windows\System\HUHTRzb.exe
  2⤵
  PID:7116
- C:\Windows\System\vttNkja.exe
  C:\Windows\System\vttNkja.exe
  2⤵
  PID:6448
- C:\Windows\System\VZgjZdy.exe
  C:\Windows\System\VZgjZdy.exe
  2⤵
  PID:6316
- C:\Windows\System\ldIuejt.exe
  C:\Windows\System\ldIuejt.exe
  2⤵
  PID:6476
- C:\Windows\System\QbLTmbY.exe
  C:\Windows\System\QbLTmbY.exe
  2⤵
  PID:6468
- C:\Windows\System\sAIowXK.exe
  C:\Windows\System\sAIowXK.exe
  2⤵
  PID:6532
- C:\Windows\System\vZrzxwz.exe
  C:\Windows\System\vZrzxwz.exe
  2⤵
  PID:6436
- C:\Windows\System\rjaRLfO.exe
  C:\Windows\System\rjaRLfO.exe
  2⤵
  PID:1840
- C:\Windows\System\frDQoBA.exe
  C:\Windows\System\frDQoBA.exe
  2⤵
  PID:6832
- C:\Windows\System\JHIyMFy.exe
  C:\Windows\System\JHIyMFy.exe
  2⤵
  PID:6736
- C:\Windows\System\kOkzDUG.exe
  C:\Windows\System\kOkzDUG.exe
  2⤵
  PID:6864
- C:\Windows\System\PzwmhqH.exe
  C:\Windows\System\PzwmhqH.exe
  2⤵
  PID:5548
- C:\Windows\System\wbqeTVi.exe
  C:\Windows\System\wbqeTVi.exe
  2⤵
  PID:5644
- C:\Windows\System\XRqIxLR.exe
  C:\Windows\System\XRqIxLR.exe
  2⤵
  PID:6416
- C:\Windows\System\JhSQlWx.exe
  C:\Windows\System\JhSQlWx.exe
  2⤵
  PID:6716
- C:\Windows\System\zRWtjcp.exe
  C:\Windows\System\zRWtjcp.exe
  2⤵
  PID:5660
- C:\Windows\System\deMiErw.exe
  C:\Windows\System\deMiErw.exe
  2⤵
  PID:6500
- C:\Windows\System\vdmZBfS.exe
  C:\Windows\System\vdmZBfS.exe
  2⤵
  PID:6732
- C:\Windows\System\xeAOGHo.exe
  C:\Windows\System\xeAOGHo.exe
  2⤵
  PID:6872
- C:\Windows\System\fvECULg.exe
  C:\Windows\System\fvECULg.exe
  2⤵
  PID:7056
- C:\Windows\System\BEQUXbn.exe
  C:\Windows\System\BEQUXbn.exe
  2⤵
  PID:7080
- C:\Windows\System\urWbyLP.exe
  C:\Windows\System\urWbyLP.exe
  2⤵
  PID:6392
- C:\Windows\System\kLoOnOt.exe
  C:\Windows\System\kLoOnOt.exe
  2⤵
  PID:7176
- C:\Windows\System\KZuchMu.exe
  C:\Windows\System\KZuchMu.exe
  2⤵
  PID:7192
- C:\Windows\System\NBpAOOB.exe
  C:\Windows\System\NBpAOOB.exe
  2⤵
  PID:7208
- C:\Windows\System\ZbkHqsO.exe
  C:\Windows\System\ZbkHqsO.exe
  2⤵
  PID:7260
- C:\Windows\System\JkbUqgE.exe
  C:\Windows\System\JkbUqgE.exe
  2⤵
  PID:7276
- C:\Windows\System\yyIOBNm.exe
  C:\Windows\System\yyIOBNm.exe
  2⤵
  PID:7292
- C:\Windows\System\WbruIFy.exe
  C:\Windows\System\WbruIFy.exe
  2⤵
  PID:7308
- C:\Windows\System\xgJqMxv.exe
  C:\Windows\System\xgJqMxv.exe
  2⤵
  PID:7324
- C:\Windows\System\nPWoeUD.exe
  C:\Windows\System\nPWoeUD.exe
  2⤵
  PID:7340
- C:\Windows\System\ZMwVGoc.exe
  C:\Windows\System\ZMwVGoc.exe
  2⤵
  PID:7356
- C:\Windows\System\pNCwblz.exe
  C:\Windows\System\pNCwblz.exe
  2⤵
  PID:7372
- C:\Windows\System\lyOwFrr.exe
  C:\Windows\System\lyOwFrr.exe
  2⤵
  PID:7392
- C:\Windows\System\oyJYyzH.exe
  C:\Windows\System\oyJYyzH.exe
  2⤵
  PID:7408
- C:\Windows\System\rvHDMel.exe
  C:\Windows\System\rvHDMel.exe
  2⤵
  PID:7424
- C:\Windows\System\LVJuuIS.exe
  C:\Windows\System\LVJuuIS.exe
  2⤵
  PID:7440
- C:\Windows\System\JupDWwi.exe
  C:\Windows\System\JupDWwi.exe
  2⤵
  PID:7456
- C:\Windows\System\RzIFcQy.exe
  C:\Windows\System\RzIFcQy.exe
  2⤵
  PID:7512
- C:\Windows\System\fBBKrzB.exe
  C:\Windows\System\fBBKrzB.exe
  2⤵
  PID:7528
- C:\Windows\System\DzgGZVV.exe
  C:\Windows\System\DzgGZVV.exe
  2⤵
  PID:7548
- C:\Windows\System\phImzwf.exe
  C:\Windows\System\phImzwf.exe
  2⤵
  PID:7572
- C:\Windows\System\frOqvry.exe
  C:\Windows\System\frOqvry.exe
  2⤵
  PID:7592
- C:\Windows\System\pSvvFui.exe
  C:\Windows\System\pSvvFui.exe
  2⤵
  PID:7608
- C:\Windows\System\TtYWyAZ.exe
  C:\Windows\System\TtYWyAZ.exe
  2⤵
  PID:7624
- C:\Windows\System\ssjCQJo.exe
  C:\Windows\System\ssjCQJo.exe
  2⤵
  PID:7644
- C:\Windows\System\baehhYF.exe
  C:\Windows\System\baehhYF.exe
  2⤵
  PID:7664
- C:\Windows\System\HUTKrVa.exe
  C:\Windows\System\HUTKrVa.exe
  2⤵
  PID:7680
- C:\Windows\System\tUUmfQb.exe
  C:\Windows\System\tUUmfQb.exe
  2⤵
  PID:7696
- C:\Windows\System\hETWpew.exe
  C:\Windows\System\hETWpew.exe
  2⤵
  PID:7712
- C:\Windows\System\DaNJtOr.exe
  C:\Windows\System\DaNJtOr.exe
  2⤵
  PID:7728
- C:\Windows\System\TgcErnX.exe
  C:\Windows\System\TgcErnX.exe
  2⤵
  PID:7752
- C:\Windows\System\ZNIbmKs.exe
  C:\Windows\System\ZNIbmKs.exe
  2⤵
  PID:7772
- C:\Windows\System\fDtWToP.exe
  C:\Windows\System\fDtWToP.exe
  2⤵
  PID:7792
- C:\Windows\System\hqbcPOW.exe
  C:\Windows\System\hqbcPOW.exe
  2⤵
  PID:7812
- C:\Windows\System\BChocAf.exe
  C:\Windows\System\BChocAf.exe
  2⤵
  PID:7832
- C:\Windows\System\TxoABUS.exe
  C:\Windows\System\TxoABUS.exe
  2⤵
  PID:7848
- C:\Windows\System\RpmLlAF.exe
  C:\Windows\System\RpmLlAF.exe
  2⤵
  PID:7864
- C:\Windows\System\nYBARut.exe
  C:\Windows\System\nYBARut.exe
  2⤵
  PID:7880
- C:\Windows\System\VdwYVzr.exe
  C:\Windows\System\VdwYVzr.exe
  2⤵
  PID:7896
- C:\Windows\System\EUVHpeW.exe
  C:\Windows\System\EUVHpeW.exe
  2⤵
  PID:7916
- C:\Windows\System\cuLOIHw.exe
  C:\Windows\System\cuLOIHw.exe
  2⤵
  PID:7936
- C:\Windows\System\EfpINMu.exe
  C:\Windows\System\EfpINMu.exe
  2⤵
  PID:7952
- C:\Windows\System\dJmJyJo.exe
  C:\Windows\System\dJmJyJo.exe
  2⤵
  PID:7968
- C:\Windows\System\hppRxuT.exe
  C:\Windows\System\hppRxuT.exe
  2⤵
  PID:8044
- C:\Windows\System\cONTdOM.exe
  C:\Windows\System\cONTdOM.exe
  2⤵
  PID:8060
- C:\Windows\System\QLtqviD.exe
  C:\Windows\System\QLtqviD.exe
  2⤵
  PID:8076
- C:\Windows\System\MZIYfFc.exe
  C:\Windows\System\MZIYfFc.exe
  2⤵
  PID:8092
- C:\Windows\System\IKWWBOD.exe
  C:\Windows\System\IKWWBOD.exe
  2⤵
  PID:8116
- C:\Windows\System\qdwvaPD.exe
  C:\Windows\System\qdwvaPD.exe
  2⤵
  PID:8140
- C:\Windows\System\LOURtyl.exe
  C:\Windows\System\LOURtyl.exe
  2⤵
  PID:8160
- C:\Windows\System\ooAokXj.exe
  C:\Windows\System\ooAokXj.exe
  2⤵
  PID:8176
- C:\Windows\System\BnaFPJy.exe
  C:\Windows\System\BnaFPJy.exe
  2⤵
  PID:6660
- C:\Windows\System\zAAjyva.exe
  C:\Windows\System\zAAjyva.exe
  2⤵
  PID:6240
- C:\Windows\System\SXkSXtj.exe
  C:\Windows\System\SXkSXtj.exe
  2⤵
  PID:4684
- C:\Windows\System\Mwjfkgf.exe
  C:\Windows\System\Mwjfkgf.exe
  2⤵
  PID:7096
- C:\Windows\System\okqpesy.exe
  C:\Windows\System\okqpesy.exe
  2⤵
  PID:7240
- C:\Windows\System\iuTDeVZ.exe
  C:\Windows\System\iuTDeVZ.exe
  2⤵
  PID:7188
- C:\Windows\System\nemLmBc.exe
  C:\Windows\System\nemLmBc.exe
  2⤵
  PID:7220
- C:\Windows\System\maSsFKJ.exe
  C:\Windows\System\maSsFKJ.exe
  2⤵
  PID:7284
- C:\Windows\System\SyaglmL.exe
  C:\Windows\System\SyaglmL.exe
  2⤵
  PID:7348
- C:\Windows\System\BrlJdTu.exe
  C:\Windows\System\BrlJdTu.exe
  2⤵
  PID:7416
- C:\Windows\System\gfHQSrr.exe
  C:\Windows\System\gfHQSrr.exe
  2⤵
  PID:7268
- C:\Windows\System\smEkqBi.exe
  C:\Windows\System\smEkqBi.exe
  2⤵
  PID:7332
- C:\Windows\System\AgVGqoh.exe
  C:\Windows\System\AgVGqoh.exe
  2⤵
  PID:7400
- C:\Windows\System\pudRYJa.exe
  C:\Windows\System\pudRYJa.exe
  2⤵
  PID:7464
- C:\Windows\System\EUmiwpf.exe
  C:\Windows\System\EUmiwpf.exe
  2⤵
  PID:7484
- C:\Windows\System\jxqcZXo.exe
  C:\Windows\System\jxqcZXo.exe
  2⤵
  PID:7616
- C:\Windows\System\raufcIE.exe
  C:\Windows\System\raufcIE.exe
  2⤵
  PID:7660
- C:\Windows\System\AmhuNLY.exe
  C:\Windows\System\AmhuNLY.exe
  2⤵
  PID:7760
- C:\Windows\System\PikjUoF.exe
  C:\Windows\System\PikjUoF.exe
  2⤵
  PID:7520
- C:\Windows\System\ohKVbic.exe
  C:\Windows\System\ohKVbic.exe
  2⤵
  PID:7808
- C:\Windows\System\yFNsEDz.exe
  C:\Windows\System\yFNsEDz.exe
  2⤵
  PID:7876
- C:\Windows\System\ePuyiNN.exe
  C:\Windows\System\ePuyiNN.exe
  2⤵
  PID:7944
- C:\Windows\System\DyujPOk.exe
  C:\Windows\System\DyujPOk.exe
  2⤵
  PID:7568
- C:\Windows\System\zLJEulM.exe
  C:\Windows\System\zLJEulM.exe
  2⤵
  PID:7708
- C:\Windows\System\ygAVkKc.exe
  C:\Windows\System\ygAVkKc.exe
  2⤵
  PID:7780
- C:\Windows\System\WKvDYZf.exe
  C:\Windows\System\WKvDYZf.exe
  2⤵
  PID:7860
- C:\Windows\System\lhphwyg.exe
  C:\Windows\System\lhphwyg.exe
  2⤵
  PID:8000
- C:\Windows\System\cGBDIBP.exe
  C:\Windows\System\cGBDIBP.exe
  2⤵
  PID:8016
- C:\Windows\System\BszQgkC.exe
  C:\Windows\System\BszQgkC.exe
  2⤵
  PID:8024
- C:\Windows\System\LtRqAmV.exe
  C:\Windows\System\LtRqAmV.exe
  2⤵
  PID:7640
- C:\Windows\System\BWFMYYh.exe
  C:\Windows\System\BWFMYYh.exe
  2⤵
  PID:8068
- C:\Windows\System\mCisMbn.exe
  C:\Windows\System\mCisMbn.exe
  2⤵
  PID:8084
- C:\Windows\System\KXdayCu.exe
  C:\Windows\System\KXdayCu.exe
  2⤵
  PID:8108
- C:\Windows\System\FTThIaH.exe
  C:\Windows\System\FTThIaH.exe
  2⤵
  PID:8156
- C:\Windows\System\WdTqpzl.exe
  C:\Windows\System\WdTqpzl.exe
  2⤵
  PID:8124
- C:\Windows\System\iZyjrKn.exe
  C:\Windows\System\iZyjrKn.exe
  2⤵
  PID:8128
- C:\Windows\System\AEdWSqP.exe
  C:\Windows\System\AEdWSqP.exe
  2⤵
  PID:6784
- C:\Windows\System\NJmfATj.exe
  C:\Windows\System\NJmfATj.exe
  2⤵
  PID:5088
- C:\Windows\System\OtkJJDm.exe
  C:\Windows\System\OtkJJDm.exe
  2⤵
  PID:7248
- C:\Windows\System\KMHqvTY.exe
  C:\Windows\System\KMHqvTY.exe
  2⤵
  PID:7448
- C:\Windows\System\CeLoxRc.exe
  C:\Windows\System\CeLoxRc.exe
  2⤵
  PID:6452
- C:\Windows\System\PzAOXVq.exe
  C:\Windows\System\PzAOXVq.exe
  2⤵
  PID:7384
- C:\Windows\System\NTMnlQG.exe
  C:\Windows\System\NTMnlQG.exe
  2⤵
  PID:7508
- C:\Windows\System\taSTjdM.exe
  C:\Windows\System\taSTjdM.exe
  2⤵
  PID:7580
- C:\Windows\System\CJzkJga.exe
  C:\Windows\System\CJzkJga.exe
  2⤵
  PID:7652
- C:\Windows\System\GcgMRcj.exe
  C:\Windows\System\GcgMRcj.exe
  2⤵
  PID:7844
- C:\Windows\System\EYhMZOd.exe
  C:\Windows\System\EYhMZOd.exe
  2⤵
  PID:7744
- C:\Windows\System\MaVnHpu.exe
  C:\Windows\System\MaVnHpu.exe
  2⤵
  PID:7704
- C:\Windows\System\nVnZlKY.exe
  C:\Windows\System\nVnZlKY.exe
  2⤵
  PID:7908
- C:\Windows\System\TEapSsg.exe
  C:\Windows\System\TEapSsg.exe
  2⤵
  PID:7824
- C:\Windows\System\tBcLsBE.exe
  C:\Windows\System\tBcLsBE.exe
  2⤵
  PID:7988
- C:\Windows\System\vCynraZ.exe
  C:\Windows\System\vCynraZ.exe
  2⤵
  PID:8012
- C:\Windows\System\YFrGnTF.exe
  C:\Windows\System\YFrGnTF.exe
  2⤵
  PID:7964
- C:\Windows\System\iIOPgUq.exe
  C:\Windows\System\iIOPgUq.exe
  2⤵
  PID:8040
- C:\Windows\System\yibMdzr.exe
  C:\Windows\System\yibMdzr.exe
  2⤵
  PID:8028
- C:\Windows\System\HLYBLme.exe
  C:\Windows\System\HLYBLme.exe
  2⤵
  PID:8172
- C:\Windows\System\WxCGKmc.exe
  C:\Windows\System\WxCGKmc.exe
  2⤵
  PID:5924
- C:\Windows\System\FUnLBci.exe
  C:\Windows\System\FUnLBci.exe
  2⤵
  PID:8056
- C:\Windows\System\oulFIec.exe
  C:\Windows\System\oulFIec.exe
  2⤵
  PID:7300
- C:\Windows\System\KTUORdi.exe
  C:\Windows\System\KTUORdi.exe
  2⤵
  PID:1568
- C:\Windows\System\xyUfePX.exe
  C:\Windows\System\xyUfePX.exe
  2⤵
  PID:7316
- C:\Windows\System\glLiprW.exe
  C:\Windows\System\glLiprW.exe
  2⤵
  PID:7436
- C:\Windows\System\zOFAesO.exe
  C:\Windows\System\zOFAesO.exe
  2⤵
  PID:7584
- C:\Windows\System\xFcyPVE.exe
  C:\Windows\System\xFcyPVE.exe
  2⤵
  PID:7800
- C:\Windows\System\aOdnbHy.exe
  C:\Windows\System\aOdnbHy.exe
  2⤵
  PID:7556
- C:\Windows\System\piGNeCm.exe
  C:\Windows\System\piGNeCm.exe
  2⤵
  PID:7476
- C:\Windows\System\lfSuGhI.exe
  C:\Windows\System\lfSuGhI.exe
  2⤵
  PID:7500
- C:\Windows\System\psObXfh.exe
  C:\Windows\System\psObXfh.exe
  2⤵
  PID:8104
- C:\Windows\System\ehYubZX.exe
  C:\Windows\System\ehYubZX.exe
  2⤵
  PID:7604
- C:\Windows\System\cdoOVnu.exe
  C:\Windows\System\cdoOVnu.exe
  2⤵
  PID:8004
- C:\Windows\System\cIWtcxg.exe
  C:\Windows\System\cIWtcxg.exe
  2⤵
  PID:8136
- C:\Windows\System\OYLlnDF.exe
  C:\Windows\System\OYLlnDF.exe
  2⤵
  PID:7676
- C:\Windows\System\BmhObxN.exe
  C:\Windows\System\BmhObxN.exe
  2⤵
  PID:7992
- C:\Windows\System\zxPmpti.exe
  C:\Windows\System\zxPmpti.exe
  2⤵
  PID:8052
- C:\Windows\System\dViNavd.exe
  C:\Windows\System\dViNavd.exe
  2⤵
  PID:7564
- C:\Windows\System\ozseMTf.exe
  C:\Windows\System\ozseMTf.exe
  2⤵
  PID:7924
- C:\Windows\System\jUrVhro.exe
  C:\Windows\System\jUrVhro.exe
  2⤵
  PID:7976
- C:\Windows\System\QgTXuzz.exe
  C:\Windows\System\QgTXuzz.exe
  2⤵
  PID:8008
- C:\Windows\System\ODdVjfr.exe
  C:\Windows\System\ODdVjfr.exe
  2⤵
  PID:7256
- C:\Windows\System\cZRmvBf.exe
  C:\Windows\System\cZRmvBf.exe
  2⤵
  PID:7748
- C:\Windows\System\zivGyjh.exe
  C:\Windows\System\zivGyjh.exe
  2⤵
  PID:6380
- C:\Windows\System\JVQHeNH.exe
  C:\Windows\System\JVQHeNH.exe
  2⤵
  PID:2044
- C:\Windows\System\FZYqZPy.exe
  C:\Windows\System\FZYqZPy.exe
  2⤵
  PID:7236
- C:\Windows\System\RTQwWLv.exe
  C:\Windows\System\RTQwWLv.exe
  2⤵
  PID:7828
- C:\Windows\System\fgkZQzE.exe
  C:\Windows\System\fgkZQzE.exe
  2⤵
  PID:7632
- C:\Windows\System\qRzJRSm.exe
  C:\Windows\System\qRzJRSm.exe
  2⤵
  PID:7560
- C:\Windows\System\eXyxOtv.exe
  C:\Windows\System\eXyxOtv.exe
  2⤵
  PID:7380
- C:\Windows\System\ebcglNE.exe
  C:\Windows\System\ebcglNE.exe
  2⤵
  PID:8196
- C:\Windows\System\TVVixIP.exe
  C:\Windows\System\TVVixIP.exe
  2⤵
  PID:8212
- C:\Windows\System\UaOgVSv.exe
  C:\Windows\System\UaOgVSv.exe
  2⤵
  PID:8228
- C:\Windows\System\QEAvcru.exe
  C:\Windows\System\QEAvcru.exe
  2⤵
  PID:8252
- C:\Windows\System\DETyYJY.exe
  C:\Windows\System\DETyYJY.exe
  2⤵
  PID:8268
- C:\Windows\System\xIQMJXK.exe
  C:\Windows\System\xIQMJXK.exe
  2⤵
  PID:8284
- C:\Windows\System\pGUkAQt.exe
  C:\Windows\System\pGUkAQt.exe
  2⤵
  PID:8304
- C:\Windows\System\Izjauxz.exe
  C:\Windows\System\Izjauxz.exe
  2⤵
  PID:8324
- C:\Windows\System\awCsHXk.exe
  C:\Windows\System\awCsHXk.exe
  2⤵
  PID:8344
- C:\Windows\System\JdiZVsq.exe
  C:\Windows\System\JdiZVsq.exe
  2⤵
  PID:8364
- C:\Windows\System\eJdHcXn.exe
  C:\Windows\System\eJdHcXn.exe
  2⤵
  PID:8384
- C:\Windows\System\ZBXrSmE.exe
  C:\Windows\System\ZBXrSmE.exe
  2⤵
  PID:8404
- C:\Windows\System\OqVjPkC.exe
  C:\Windows\System\OqVjPkC.exe
  2⤵
  PID:8420
- C:\Windows\System\rPskNGG.exe
  C:\Windows\System\rPskNGG.exe
  2⤵
  PID:8448
- C:\Windows\System\ogNcdBY.exe
  C:\Windows\System\ogNcdBY.exe
  2⤵
  PID:8464
- C:\Windows\System\BLOtpAy.exe
  C:\Windows\System\BLOtpAy.exe
  2⤵
  PID:8480
- C:\Windows\System\WwWAmXn.exe
  C:\Windows\System\WwWAmXn.exe
  2⤵
  PID:8504
- C:\Windows\System\tiKqnDu.exe
  C:\Windows\System\tiKqnDu.exe
  2⤵
  PID:8540
- C:\Windows\System\WIyQQHM.exe
  C:\Windows\System\WIyQQHM.exe
  2⤵
  PID:8564
- C:\Windows\System\cWxuwNM.exe
  C:\Windows\System\cWxuwNM.exe
  2⤵
  PID:8588
- C:\Windows\System\DekPgQL.exe
  C:\Windows\System\DekPgQL.exe
  2⤵
  PID:8604
- C:\Windows\System\TyMyrRp.exe
  C:\Windows\System\TyMyrRp.exe
  2⤵
  PID:8620
- C:\Windows\System\gWzRAFR.exe
  C:\Windows\System\gWzRAFR.exe
  2⤵
  PID:8640
- C:\Windows\System\mBcXszb.exe
  C:\Windows\System\mBcXszb.exe
  2⤵
  PID:8660
- C:\Windows\System\YiCXlsQ.exe
  C:\Windows\System\YiCXlsQ.exe
  2⤵
  PID:8692
- C:\Windows\System\ZRyWvNQ.exe
  C:\Windows\System\ZRyWvNQ.exe
  2⤵
  PID:8708
- C:\Windows\System\ffMhHHD.exe
  C:\Windows\System\ffMhHHD.exe
  2⤵
  PID:8728
- C:\Windows\System\MSEIrzb.exe
  C:\Windows\System\MSEIrzb.exe
  2⤵
  PID:8744
- C:\Windows\System\sFUmGZS.exe
  C:\Windows\System\sFUmGZS.exe
  2⤵
  PID:8760
- C:\Windows\System\CbYzMyA.exe
  C:\Windows\System\CbYzMyA.exe
  2⤵
  PID:8780
- C:\Windows\System\gShjidl.exe
  C:\Windows\System\gShjidl.exe
  2⤵
  PID:8804
- C:\Windows\System\qqBUOKJ.exe
  C:\Windows\System\qqBUOKJ.exe
  2⤵
  PID:8820
- C:\Windows\System\bxIaIxd.exe
  C:\Windows\System\bxIaIxd.exe
  2⤵
  PID:8848
- C:\Windows\System\yPwXkqA.exe
  C:\Windows\System\yPwXkqA.exe
  2⤵
  PID:8864
- C:\Windows\System\zHrtEUU.exe
  C:\Windows\System\zHrtEUU.exe
  2⤵
  PID:8888
- C:\Windows\System\JiyDAwd.exe
  C:\Windows\System\JiyDAwd.exe
  2⤵
  PID:8904
- C:\Windows\System\wVkDNtN.exe
  C:\Windows\System\wVkDNtN.exe
  2⤵
  PID:8924
- C:\Windows\System\nOMarEy.exe
  C:\Windows\System\nOMarEy.exe
  2⤵
  PID:8948
- C:\Windows\System\ZAjEFbw.exe
  C:\Windows\System\ZAjEFbw.exe
  2⤵
  PID:8972
- C:\Windows\System\KwTilLx.exe
  C:\Windows\System\KwTilLx.exe
  2⤵
  PID:8992
- C:\Windows\System\MjygGVO.exe
  C:\Windows\System\MjygGVO.exe
  2⤵
  PID:9008
- C:\Windows\System\GYkQBpB.exe
  C:\Windows\System\GYkQBpB.exe
  2⤵
  PID:9024
- C:\Windows\System\JgvVqdi.exe
  C:\Windows\System\JgvVqdi.exe
  2⤵
  PID:9056
- C:\Windows\System\qJysJPd.exe
  C:\Windows\System\qJysJPd.exe
  2⤵
  PID:9072
- C:\Windows\System\MPZWQjB.exe
  C:\Windows\System\MPZWQjB.exe
  2⤵
  PID:9088
- C:\Windows\System\NesRwFQ.exe
  C:\Windows\System\NesRwFQ.exe
  2⤵
  PID:9108
- C:\Windows\System\RXJtoJu.exe
  C:\Windows\System\RXJtoJu.exe
  2⤵
  PID:9124
- C:\Windows\System\huLvcmv.exe
  C:\Windows\System\huLvcmv.exe
  2⤵
  PID:9148
- C:\Windows\System\nvbHYfJ.exe
  C:\Windows\System\nvbHYfJ.exe
  2⤵
  PID:9164
- C:\Windows\System\ETAQCys.exe
  C:\Windows\System\ETAQCys.exe
  2⤵
  PID:9180
- C:\Windows\System\XEmBkTG.exe
  C:\Windows\System\XEmBkTG.exe
  2⤵
  PID:9196
- C:\Windows\System\WQCaJZv.exe
  C:\Windows\System\WQCaJZv.exe
  2⤵
  PID:8204
- C:\Windows\System\PvEfHft.exe
  C:\Windows\System\PvEfHft.exe
  2⤵
  PID:8280
- C:\Windows\System\DqYGyZi.exe
  C:\Windows\System\DqYGyZi.exe
  2⤵
  PID:8352
- C:\Windows\System\yoOMGmy.exe
  C:\Windows\System\yoOMGmy.exe
  2⤵
  PID:8396
- C:\Windows\System\kVvUSfN.exe
  C:\Windows\System\kVvUSfN.exe
  2⤵
  PID:8428
- C:\Windows\System\TitpFpB.exe
  C:\Windows\System\TitpFpB.exe
  2⤵
  PID:8472
- C:\Windows\System\oBMdKOI.exe
  C:\Windows\System\oBMdKOI.exe
  2⤵
  PID:8264
- C:\Windows\System\DQVZGtG.exe
  C:\Windows\System\DQVZGtG.exe
  2⤵
  PID:8220
- C:\Windows\System\FUtoesP.exe
  C:\Windows\System\FUtoesP.exe
  2⤵
  PID:8460
- C:\Windows\System\OkCSxNV.exe
  C:\Windows\System\OkCSxNV.exe
  2⤵
  PID:8492
- C:\Windows\System\lYKqvht.exe
  C:\Windows\System\lYKqvht.exe
  2⤵
  PID:8524
- C:\Windows\System\JSQvgwU.exe
  C:\Windows\System\JSQvgwU.exe
  2⤵
  PID:8552
- C:\Windows\System\QPfeJZI.exe
  C:\Windows\System\QPfeJZI.exe
  2⤵
  PID:8576
- C:\Windows\System\WsBGkTo.exe
  C:\Windows\System\WsBGkTo.exe
  2⤵
  PID:8652
- C:\Windows\System\nkPTQvE.exe
  C:\Windows\System\nkPTQvE.exe
  2⤵
  PID:8668
- C:\Windows\System\bfziqub.exe
  C:\Windows\System\bfziqub.exe
  2⤵
  PID:8700
- C:\Windows\System\LsRksqz.exe
  C:\Windows\System\LsRksqz.exe
  2⤵
  PID:8768
- C:\Windows\System\WRpqOZH.exe
  C:\Windows\System\WRpqOZH.exe
  2⤵
  PID:8720
- C:\Windows\System\mEbhddZ.exe
  C:\Windows\System\mEbhddZ.exe
  2⤵
  PID:8816
- C:\Windows\System\xWkrdPz.exe
  C:\Windows\System\xWkrdPz.exe
  2⤵
  PID:8840
- C:\Windows\System\XmYEtDn.exe
  C:\Windows\System\XmYEtDn.exe
  2⤵
  PID:8884
- C:\Windows\System\DiviWlW.exe
  C:\Windows\System\DiviWlW.exe
  2⤵
  PID:8876
- C:\Windows\System\HOQExCz.exe
  C:\Windows\System\HOQExCz.exe
  2⤵
  PID:8940
- C:\Windows\System\pHEpDLL.exe
  C:\Windows\System\pHEpDLL.exe
  2⤵
  PID:8988
- C:\Windows\System\ikcGzEn.exe
  C:\Windows\System\ikcGzEn.exe
  2⤵
  PID:9020
- C:\Windows\System\FaJWpOr.exe
  C:\Windows\System\FaJWpOr.exe
  2⤵
  PID:9048
- C:\Windows\System\qHVHMRV.exe
  C:\Windows\System\qHVHMRV.exe
  2⤵
  PID:9100
- C:\Windows\System\zVcRDUz.exe
  C:\Windows\System\zVcRDUz.exe
  2⤵
  PID:9116
- C:\Windows\System\fcsBnlU.exe
  C:\Windows\System\fcsBnlU.exe
  2⤵
  PID:9204
- C:\Windows\System\oVXbAyp.exe
  C:\Windows\System\oVXbAyp.exe
  2⤵
  PID:8320
- C:\Windows\System\jxVUXqT.exe
  C:\Windows\System\jxVUXqT.exe
  2⤵
  PID:8336
- C:\Windows\System\mJLUkka.exe
  C:\Windows\System\mJLUkka.exe
  2⤵
  PID:9084
- C:\Windows\System\nRQqbkC.exe
  C:\Windows\System\nRQqbkC.exe
  2⤵
  PID:9188
- C:\Windows\System\UpCqeLc.exe
  C:\Windows\System\UpCqeLc.exe
  2⤵
  PID:8244
- C:\Windows\System\uIYmsYE.exe
  C:\Windows\System\uIYmsYE.exe
  2⤵
  PID:8572
- C:\Windows\System\ZIlnsSp.exe
  C:\Windows\System\ZIlnsSp.exe
  2⤵
  PID:8636
- C:\Windows\System\TcySVVW.exe
  C:\Windows\System\TcySVVW.exe
  2⤵
  PID:8736
- C:\Windows\System\OcuiDlL.exe
  C:\Windows\System\OcuiDlL.exe
  2⤵
  PID:8360
- C:\Windows\System\zCtLJZS.exe
  C:\Windows\System\zCtLJZS.exe
  2⤵
  PID:8844
- C:\Windows\System\LLgyvxa.exe
  C:\Windows\System\LLgyvxa.exe
  2⤵
  PID:8920
- C:\Windows\System\UsDKlHi.exe
  C:\Windows\System\UsDKlHi.exe
  2⤵
  PID:8416
- C:\Windows\System\QvexnqV.exe
  C:\Windows\System\QvexnqV.exe
  2⤵
  PID:8648
- C:\Windows\System\ZVSeAAr.exe
  C:\Windows\System\ZVSeAAr.exe
  2⤵
  PID:8688
- C:\Windows\System\keQAYHH.exe
  C:\Windows\System\keQAYHH.exe
  2⤵
  PID:8900
- C:\Windows\System\einAgWx.exe
  C:\Windows\System\einAgWx.exe
  2⤵
  PID:8796
- C:\Windows\System\wYfQszv.exe
  C:\Windows\System\wYfQszv.exe
  2⤵
  PID:9004
- C:\Windows\System\JAOXAja.exe
  C:\Windows\System\JAOXAja.exe
  2⤵
  PID:9096
- C:\Windows\System\TylAWjL.exe
  C:\Windows\System\TylAWjL.exe
  2⤵
  PID:9172
- C:\Windows\System\LeuqvNz.exe
  C:\Windows\System\LeuqvNz.exe
  2⤵
  PID:8236
- C:\Windows\System\MEYUJpP.exe
  C:\Windows\System\MEYUJpP.exe
  2⤵
  PID:9156
- C:\Windows\System\iTeajHO.exe
  C:\Windows\System\iTeajHO.exe
  2⤵
  PID:8536
- C:\Windows\System\RVDnTdf.exe
  C:\Windows\System\RVDnTdf.exe
  2⤵
  PID:8276
- C:\Windows\System\ExADwbK.exe
  C:\Windows\System\ExADwbK.exe
  2⤵
  PID:8332
- C:\Windows\System\fxnVEBM.exe
  C:\Windows\System\fxnVEBM.exe
  2⤵
  PID:7472
- C:\Windows\System\eFUsjzp.exe
  C:\Windows\System\eFUsjzp.exe
  2⤵
  PID:8912
- C:\Windows\System\qLdjBSq.exe
  C:\Windows\System\qLdjBSq.exe
  2⤵
  PID:9032
- C:\Windows\System\bXwEPwm.exe
  C:\Windows\System\bXwEPwm.exe
  2⤵
  PID:8812
- C:\Windows\System\bQcmyII.exe
  C:\Windows\System\bQcmyII.exe
  2⤵
  PID:8980
- C:\Windows\System\VwKRQTd.exe
  C:\Windows\System\VwKRQTd.exe
  2⤵
  PID:9144
- C:\Windows\System\BgSTJsE.exe
  C:\Windows\System\BgSTJsE.exe
  2⤵
  PID:9160
- C:\Windows\System\YufIwfE.exe
  C:\Windows\System\YufIwfE.exe
  2⤵
  PID:8316
- C:\Windows\System\tGxzDlG.exe
  C:\Windows\System\tGxzDlG.exe
  2⤵
  PID:8756
- C:\Windows\System\WArNDLm.exe
  C:\Windows\System\WArNDLm.exe
  2⤵
  PID:9016
- C:\Windows\System\XzIuuyG.exe
  C:\Windows\System\XzIuuyG.exe
  2⤵
  PID:8500
- C:\Windows\System\ccgePGS.exe
  C:\Windows\System\ccgePGS.exe
  2⤵
  PID:8612
- C:\Windows\System\xVIYoip.exe
  C:\Windows\System\xVIYoip.exe
  2⤵
  PID:8516
- C:\Windows\System\dUaRnGR.exe
  C:\Windows\System\dUaRnGR.exe
  2⤵
  PID:7388
- C:\Windows\System\yzNJKBH.exe
  C:\Windows\System\yzNJKBH.exe
  2⤵
  PID:8836
- C:\Windows\System\weafnnJ.exe
  C:\Windows\System\weafnnJ.exe
  2⤵
  PID:8716
- C:\Windows\System\LfgCeUk.exe
  C:\Windows\System\LfgCeUk.exe
  2⤵
  PID:9052
- C:\Windows\System\bSFEXix.exe
  C:\Windows\System\bSFEXix.exe
  2⤵
  PID:8932
- C:\Windows\System\CIAVqQZ.exe
  C:\Windows\System\CIAVqQZ.exe
  2⤵
  PID:8548
- C:\Windows\System\CFFfBMM.exe
  C:\Windows\System\CFFfBMM.exe
  2⤵
  PID:9212
- C:\Windows\System\NLxlOXh.exe
  C:\Windows\System\NLxlOXh.exe
  2⤵
  PID:8632
- C:\Windows\System\pIFCEiW.exe
  C:\Windows\System\pIFCEiW.exe
  2⤵
  PID:9224
- C:\Windows\System\LyJpqSV.exe
  C:\Windows\System\LyJpqSV.exe
  2⤵
  PID:9248
- C:\Windows\System\xSjUeVk.exe
  C:\Windows\System\xSjUeVk.exe
  2⤵
  PID:9272
- C:\Windows\System\LZBlJcF.exe
  C:\Windows\System\LZBlJcF.exe
  2⤵
  PID:9292
- C:\Windows\System\NWpHkiX.exe
  C:\Windows\System\NWpHkiX.exe
  2⤵
  PID:9308
- C:\Windows\System\nEimhYf.exe
  C:\Windows\System\nEimhYf.exe
  2⤵
  PID:9324
- C:\Windows\System\AxrSjpM.exe
  C:\Windows\System\AxrSjpM.exe
  2⤵
  PID:9352
- C:\Windows\System\VMgYtaD.exe
  C:\Windows\System\VMgYtaD.exe
  2⤵
  PID:9368
- C:\Windows\System\ftpogBR.exe
  C:\Windows\System\ftpogBR.exe
  2⤵
  PID:9384
- C:\Windows\System\JMEQrjs.exe
  C:\Windows\System\JMEQrjs.exe
  2⤵
  PID:9416
- C:\Windows\System\wxOBBVd.exe
  C:\Windows\System\wxOBBVd.exe
  2⤵
  PID:9436
- C:\Windows\System\pAWdvFE.exe
  C:\Windows\System\pAWdvFE.exe
  2⤵
  PID:9456
- C:\Windows\System\YulerVf.exe
  C:\Windows\System\YulerVf.exe
  2⤵
  PID:9472
- C:\Windows\System\IzWiaub.exe
  C:\Windows\System\IzWiaub.exe
  2⤵
  PID:9488
- C:\Windows\System\QNrSaFW.exe
  C:\Windows\System\QNrSaFW.exe
  2⤵
  PID:9516
- C:\Windows\System\bNsZbZr.exe
  C:\Windows\System\bNsZbZr.exe
  2⤵
  PID:9532
- C:\Windows\System\TvwEFjc.exe
  C:\Windows\System\TvwEFjc.exe
  2⤵
  PID:9548
- C:\Windows\System\xZjJaHE.exe
  C:\Windows\System\xZjJaHE.exe
  2⤵
  PID:9564
- C:\Windows\System\cPzkiaU.exe
  C:\Windows\System\cPzkiaU.exe
  2⤵
  PID:9584
- C:\Windows\System\GDtUVIL.exe
  C:\Windows\System\GDtUVIL.exe
  2⤵
  PID:9604
- C:\Windows\System\JzcZAVl.exe
  C:\Windows\System\JzcZAVl.exe
  2⤵
  PID:9632
- C:\Windows\System\jGmZcXl.exe
  C:\Windows\System\jGmZcXl.exe
  2⤵
  PID:9652
- C:\Windows\System\klSpIap.exe
  C:\Windows\System\klSpIap.exe
  2⤵
  PID:9668
- C:\Windows\System\wDdlNDs.exe
  C:\Windows\System\wDdlNDs.exe
  2⤵
  PID:9684
- C:\Windows\System\GeGfoiP.exe
  C:\Windows\System\GeGfoiP.exe
  2⤵
  PID:9700
- C:\Windows\System\ZswLVEn.exe
  C:\Windows\System\ZswLVEn.exe
  2⤵
  PID:9732
- C:\Windows\System\PyBkSbP.exe
  C:\Windows\System\PyBkSbP.exe
  2⤵
  PID:9756
- C:\Windows\System\sNQpvGJ.exe
  C:\Windows\System\sNQpvGJ.exe
  2⤵
  PID:9772
- C:\Windows\System\zvhwkpm.exe
  C:\Windows\System\zvhwkpm.exe
  2⤵
  PID:9788
- C:\Windows\System\pzeQSVZ.exe
  C:\Windows\System\pzeQSVZ.exe
  2⤵
  PID:9804
- C:\Windows\System\BGsyCSB.exe
  C:\Windows\System\BGsyCSB.exe
  2⤵
  PID:9820
- C:\Windows\System\nzxjMyS.exe
  C:\Windows\System\nzxjMyS.exe
  2⤵
  PID:9836
- C:\Windows\System\hDDqYcu.exe
  C:\Windows\System\hDDqYcu.exe
  2⤵
  PID:9852
- C:\Windows\System\wpnskWq.exe
  C:\Windows\System\wpnskWq.exe
  2⤵
  PID:9868
- C:\Windows\System\VAGTjnQ.exe
  C:\Windows\System\VAGTjnQ.exe
  2⤵
  PID:9884
- C:\Windows\System\yYfUjXx.exe
  C:\Windows\System\yYfUjXx.exe
  2⤵
  PID:9936
- C:\Windows\System\jfxnEkr.exe
  C:\Windows\System\jfxnEkr.exe
  2⤵
  PID:9952
- C:\Windows\System\LqhdrJh.exe
  C:\Windows\System\LqhdrJh.exe
  2⤵
  PID:9968
- C:\Windows\System\uLErWtk.exe
  C:\Windows\System\uLErWtk.exe
  2⤵
  PID:9984
- C:\Windows\System\QLMFmqr.exe
  C:\Windows\System\QLMFmqr.exe
  2⤵
  PID:10000
- C:\Windows\System\WYGkmkm.exe
  C:\Windows\System\WYGkmkm.exe
  2⤵
  PID:10020
- C:\Windows\System\AhXwRLt.exe
  C:\Windows\System\AhXwRLt.exe
  2⤵
  PID:10040
- C:\Windows\System\VhKxhMx.exe
  C:\Windows\System\VhKxhMx.exe
  2⤵
  PID:10056
- C:\Windows\System\YAFrqfd.exe
  C:\Windows\System\YAFrqfd.exe
  2⤵
  PID:10072
- C:\Windows\System\gsfhnHQ.exe
  C:\Windows\System\gsfhnHQ.exe
  2⤵
  PID:10088
- C:\Windows\System\AryOaOG.exe
  C:\Windows\System\AryOaOG.exe
  2⤵
  PID:10124
- C:\Windows\System\iCBxAIf.exe
  C:\Windows\System\iCBxAIf.exe
  2⤵
  PID:10140
- C:\Windows\System\ZUwEQto.exe
  C:\Windows\System\ZUwEQto.exe
  2⤵
  PID:10164
- C:\Windows\System\HjqjLky.exe
  C:\Windows\System\HjqjLky.exe
  2⤵
  PID:10180
- C:\Windows\System\ZAblXEl.exe
  C:\Windows\System\ZAblXEl.exe
  2⤵
  PID:10204
- C:\Windows\System\LBgNeFv.exe
  C:\Windows\System\LBgNeFv.exe
  2⤵
  PID:10220
- C:\Windows\System\oOhkyaC.exe
  C:\Windows\System\oOhkyaC.exe
  2⤵
  PID:8960
- C:\Windows\System\vXiOEoe.exe
  C:\Windows\System\vXiOEoe.exe
  2⤵
  PID:9232
- C:\Windows\System\dTQknpf.exe
  C:\Windows\System\dTQknpf.exe
  2⤵
  PID:9244
- C:\Windows\System\kMNfEZs.exe
  C:\Windows\System\kMNfEZs.exe
  2⤵
  PID:9288
- C:\Windows\System\bqgJerc.exe
  C:\Windows\System\bqgJerc.exe
  2⤵
  PID:9320
- C:\Windows\System\LWrJfFA.exe
  C:\Windows\System\LWrJfFA.exe
  2⤵
  PID:9336
- C:\Windows\System\qAoaYhS.exe
  C:\Windows\System\qAoaYhS.exe
  2⤵
  PID:9400
- C:\Windows\System\sVollvE.exe
  C:\Windows\System\sVollvE.exe
  2⤵
  PID:9424
- C:\Windows\System\giBwSmr.exe
  C:\Windows\System\giBwSmr.exe
  2⤵
  PID:9452
- C:\Windows\System\pNfOJSI.exe
  C:\Windows\System\pNfOJSI.exe
  2⤵
  PID:9484
- C:\Windows\System\zNBLdJI.exe
  C:\Windows\System\zNBLdJI.exe
  2⤵
  PID:9512
- C:\Windows\System\rRHLEqJ.exe
  C:\Windows\System\rRHLEqJ.exe
  2⤵
  PID:9524
- C:\Windows\System\wUnORvj.exe
  C:\Windows\System\wUnORvj.exe
  2⤵
  PID:9612
- C:\Windows\System\ddXzZev.exe
  C:\Windows\System\ddXzZev.exe
  2⤵
  PID:9592
- C:\Windows\System\EYSHstf.exe
  C:\Windows\System\EYSHstf.exe
  2⤵
  PID:9620
- C:\Windows\System\FHYZoqt.exe
  C:\Windows\System\FHYZoqt.exe
  2⤵
  PID:9648
- C:\Windows\System\yvqGOkt.exe
  C:\Windows\System\yvqGOkt.exe
  2⤵
  PID:9664
- C:\Windows\System\LnQfpSF.exe
  C:\Windows\System\LnQfpSF.exe
  2⤵
  PID:9716
- C:\Windows\System\oajoAFk.exe
  C:\Windows\System\oajoAFk.exe
  2⤵
  PID:9744
- C:\Windows\System\OucFQaK.exe
  C:\Windows\System\OucFQaK.exe
  2⤵
  PID:9764
- C:\Windows\System\GVGftPS.exe
  C:\Windows\System\GVGftPS.exe
  2⤵
  PID:9844
- C:\Windows\System\KDIVDwN.exe
  C:\Windows\System\KDIVDwN.exe
  2⤵
  PID:9768
- C:\Windows\System\IKIqKvH.exe
  C:\Windows\System\IKIqKvH.exe
  2⤵
  PID:9832
- C:\Windows\System\pJgaLIR.exe
  C:\Windows\System\pJgaLIR.exe
  2⤵
  PID:9896
- C:\Windows\System\lMcqQUl.exe
  C:\Windows\System\lMcqQUl.exe
  2⤵
  PID:9916
- C:\Windows\System\QxyYlwB.exe
  C:\Windows\System\QxyYlwB.exe
  2⤵
  PID:9932
- C:\Windows\System\tXeQvnT.exe
  C:\Windows\System\tXeQvnT.exe
  2⤵
  PID:9944
- C:\Windows\System\EKlopId.exe
  C:\Windows\System\EKlopId.exe
  2⤵
  PID:9992
- C:\Windows\System\tWUcyAA.exe
  C:\Windows\System\tWUcyAA.exe
  2⤵
  PID:10036
- C:\Windows\System\ZsRvyQs.exe
  C:\Windows\System\ZsRvyQs.exe
  2⤵
  PID:10104
- C:\Windows\System\qoCMfLn.exe
  C:\Windows\System\qoCMfLn.exe
  2⤵
  PID:10084
- C:\Windows\System\QJZLScK.exe
  C:\Windows\System\QJZLScK.exe
  2⤵
  PID:10172
- C:\Windows\System\GVyGaUK.exe
  C:\Windows\System\GVyGaUK.exe
  2⤵
  PID:10216
- C:\Windows\System\ikbWbFm.exe
  C:\Windows\System\ikbWbFm.exe
  2⤵
  PID:9268
- C:\Windows\System\eQCsusv.exe
  C:\Windows\System\eQCsusv.exe
  2⤵
  PID:9540
- C:\Windows\System\GxlJpzD.exe
  C:\Windows\System\GxlJpzD.exe
  2⤵
  PID:9640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AfaMFxF.exe

Filesize
6.0MB

MD5
ff09623264fa2454405a183163d4cdaf

SHA1
256aa8c9f16156d221d736e9f02d880b5302efac

SHA256
bda75d6c9de3a6db96a7008ecae2b1bd32bc17cbc3ea0806da6493fc4d752102

SHA512
b5510dcb0716397c5d41b0396c3d9a2b3b2971a0d435498fe1428aea6320ee1bf44387a561c0ca71b9af25eefc7eb78ab5a539703f6752cc62cb8c9a3393165e

Download Submit
C:\Windows\system\ENCdjeB.exe

Filesize
6.0MB

MD5
c9f1125e8d4d5c0aa510231db99ecd40

SHA1
ef9e31d51be1b263c506d7d281cd296db5be658b

SHA256
ae54f8d8b4e8e351f6fad6cc8ed6160425645b3e8be8d928ccb917e740636db6

SHA512
cd42c28d5224e537cd41bb3748842e8e79e65e9475d500df64e41bfd74068053aec854e978c799738acd2939f16aa22e518f0676e430193b3db5942dcc2ba128

Download Submit
C:\Windows\system\JOlHvmT.exe

Filesize
6.0MB

MD5
30c2f306b27254c2731b90d0de39b2e2

SHA1
4977294ee36723e375dec0f53dca9a28a041f150

SHA256
c7a921999e69f82f18b88d092d73d7f8e636798162a31f3044b1e2172aacfd8c

SHA512
10301c4c7e586836cd49c97a014d2d3e6a7e3cd6c674b928f0f41a81b8868b0b3c2413d83a97620d30114dad09caac87520304a6c0facb4d886148802f4fdc3d

Download Submit
C:\Windows\system\LKEcpCM.exe

Filesize
6.0MB

MD5
6bad50e6dfbff05fc8305ccc89d54690

SHA1
4a51f5dc63b45a0fedb982838e340d465b25a953

SHA256
8738866a123af1625f5869c923dd030c9369809b84a2de227346311b29675518

SHA512
3c4e5557f8bf570623e5d6970adbc37397c43bf1de04dfccb3f4a3c913f0ea2dc66c3d4b483e709ca0ce585f13b7caa72a9d82f91dd1eea0a491ef23b56ee880

Download Submit
C:\Windows\system\LarPdFA.exe

Filesize
6.0MB

MD5
e58144625b750b802619ba8ba6902917

SHA1
1c2797015701f934399770b7f3d06a9067214358

SHA256
d6342520a4463240c43cb11ff793e29273783fa7324e17ed28f44b5b874d3973

SHA512
af6314da39fa1f39ee5f6d3ea335517e9fe602d67dbfe2ccdd8ac4de3d1a63a694e96cad1902b8d45da0c56ecf3bb112f2d0484a6cbf823df2e96aa789c0b195

Download Submit
C:\Windows\system\QLeluNp.exe

Filesize
6.0MB

MD5
0fc0a3db8205e25f68925b6c4c1fa3e3

SHA1
db737aab7af8bb7f0753a34e1c299c072dbf9bf4

SHA256
24325f791b33f01498daade9e271378f9133c046d62ac796267fe25e70f29dfc

SHA512
3fc6c2fc1fa464915f6dac5475a8f43def50342f4d6433da9d83ec3635f8f38bc831210e5ddf52dac1ae3108d591b536494c70fccc82da36ade6c0bd2396ea0d

Download Submit
C:\Windows\system\SEWKkNR.exe

Filesize
6.0MB

MD5
a409cd833751bba28c46a2e9010ee4df

SHA1
28efaaabf6476907939485e044b7112313d89276

SHA256
5d5687e1fee6c621b9d8bfbc30daed0df6cfa4ba5e13f5f1d9f6c83734412a0c

SHA512
4cc28cb9d7b613c907ce8760af9a9ad9fc81cbf8aeb009840386ba184e71b66d8964f71fff81bc1235037c1048e89b7a48a680010472ee063f7e92aee598609e

Download Submit
C:\Windows\system\TueOLlK.exe

Filesize
6.0MB

MD5
8a81e076efd99a5c9b0afec2219f5ac4

SHA1
21fdf8268475c1a2e24efbe936210047a4d7e4fd

SHA256
9cec84b52b9943b4b096e774cbbf09bfdef6582322909e210b3a37464fde1d3c

SHA512
799a4ae73c5947d5e6774e042656b3971b4b416e4b0345d6628203c6679ceb692f7a7069ca0047e20a0b88165fdc3d8c2b4e015174acdaac778b18bd930ea5b8

Download Submit
C:\Windows\system\UUueXGW.exe

Filesize
6.0MB

MD5
34a0a8e65402a72f2729b5b21247bdc6

SHA1
74fc5330a69d84ea2126211c148cc531d1ce9bca

SHA256
4fc614994da61e8298a7094aa09ad84cd28560218ff3766d5e795564bbdede36

SHA512
17f79146960a8b053608b32c3347b88b337239bca7890fa96aa65bf2e5db83c68e0842f801e49dad11eae4de3934a6d62e9823a4cf205ae4ca7628815da46379

Download Submit
C:\Windows\system\WDJFccm.exe

Filesize
6.0MB

MD5
97ea99f5c277735197ded92c9b3f1e91

SHA1
bd1c5417c32d297fe56ef0f5136da4424bbeb119

SHA256
ff2ff917b2e04444332f41d8b2b68968307282ffe3145ce8b6004e8b55117a40

SHA512
8fb2c39ea3db50575eaed2f38a069b57d51de8c9b42d20450a26c1049fda666aa0004bd487337acf6cf14ce39d01cdf52ce06787356c0944707f9a00c7fc4bd6

Download Submit
C:\Windows\system\XRKphvq.exe

Filesize
6.0MB

MD5
4a6fa08010f3c97fb88bfa8d3773c8ff

SHA1
99f134ba33fcaea87e527a818edd52e860856ce8

SHA256
fdfb26b33db9039aaa3434e5a9c2758f0c341f0122bf81a55150be1d5d3431fe

SHA512
d5a7d5bc091cf673c011957aa26f0fe92ff992b9500894206ab863dbd14e904dcb7fe996bbd79b0b692e965c3810ceb5590ddcfde19509c73579849e44801fb5

Download Submit
C:\Windows\system\ZrtCigp.exe

Filesize
6.0MB

MD5
599bcc111f370ba0de02596403df9695

SHA1
4673048347ed80b9cd23e7579675f7964f6cb3cc

SHA256
bed424d0069a74e8f6950b8ecb01a6596ed578c9e15d7597b51145ab55c97328

SHA512
7829454d03a4d955152d603c6ed5500d00382c2b6c3f2d9805d1e2ab4ab25ed011ce1da197ae9910d90ad1f189df5769ca310a3cc812cca031ab3fd44115e5af

Download Submit
C:\Windows\system\cINXcTl.exe

Filesize
6.0MB

MD5
a9c47bc52cbc87aca7a4681d7baaf79a

SHA1
2216d25cafe2bb196c2db09e0438fe24f2edbfd6

SHA256
90077d65d786a093a4eb1b020fd5875e9aee886555baa9501e1f94fc84c2e55c

SHA512
bc6a1106062d3eeeb9c80b58e371fce7bd708ef04a2d11f4bcfb9b5d698a1ea260154861241b7cc04a1708f56b1df397ac8ef4d430a701086e2ca4cfc512d57e

Download Submit
C:\Windows\system\eGYUgHT.exe

Filesize
6.0MB

MD5
56fca0ff524008ed1f7f70f7835f8eb3

SHA1
0541805fd04dbb13a32e0792144477b2e40d434d

SHA256
6c076150de3b80cf349968837d4bd0b9b67f4ef4d9b61fc879e9b362f9915e09

SHA512
f47fe30eb86b81cb086fdcf1923cee5dd3528ef6bc1575e1ad2bb87c4adb4c741d02dbe54dbe11d22bff8530de0823f0c55f1aa3b6512001f9f15d34e98a037e

Download Submit
C:\Windows\system\gbdsSTP.exe

Filesize
6.0MB

MD5
9e0dfe0e423ed682fdd139e3be0b4067

SHA1
d6351abbe75b847c510a04b79d6c7ceed15eea73

SHA256
5a8a16db1418f43052f8a636cceaf57bc337b2f20f6d6ad24e8b62945561f607

SHA512
c887a9f198ba628e823e844b67d9d367961ebb3cbd7bc51e50a9f43c5a22f8807d0e5dcc3eab0955abd27a4c06a796e7266869f92949fc61d04889e4122ba565

Download Submit
C:\Windows\system\hNltAna.exe

Filesize
6.0MB

MD5
ab7b8b203c5c8dc5edf52325055f3cbe

SHA1
d9777a4bfd7253de16dc17150dd65c3264cebb1d

SHA256
42cb551f1166866ce985781214a70a4d5856df071edbf1aa61fcd5f9f1ff9fe0

SHA512
bef239e23bbc653fdbdb950c82b7431da037e612033adea9a5709d72dbee2a8c4f58e2d5843765e28bb8b373de4b0b9e006f3334ff8a08468b0791459fc64070

Download Submit
C:\Windows\system\irBGlOj.exe

Filesize
6.0MB

MD5
5cb4848160341c99777cb4ac9b7a5365

SHA1
383ee77f089b8dec048d5be59ac392626b7ab861

SHA256
757081c1d6b5b36f4c768386b2a8bfd444fbd310cbb42b40a70e96b5ac3f1689

SHA512
705bf7b9c059503d0900e835fe52d99282f9ffd46e97b128396eba396f8df96d206499342df1cded05c1b7a621c31acc1db9004bd05cab463c77a97c0e5030ea

Download Submit
C:\Windows\system\mXMJsTz.exe

Filesize
6.0MB

MD5
e912a8c1deac752c0811eb2ffeb479b5

SHA1
2d3ea0ab6b9a403f2bc5ba6cca5f758ce213fd82

SHA256
b0e3728aeaee471fc8407118bf50cd4c826c0a52554100dabcceee83a56b917c

SHA512
d032ac77e1661f4859b8b6c3956e22d6c8a8b9cd0972559214849ceeb7689baa2d450e6bae533aa80f06145c9673db4e36e251b3309f12ec68173f2bdd0b1651

Download Submit
C:\Windows\system\mYoKgHo.exe

Filesize
6.0MB

MD5
62539bb34421dccda2930230b2fcec81

SHA1
00b30f27cb255328ad35e2435bc03a3154e0f6ab

SHA256
3f34e1c027fc83e7105678ee88495e5aed373b11132be101b8ffc1429a03a3e9

SHA512
634d949fb22652640658e3525178449c987818b08b4077b1bbc2f65f78fa4043309bbaefd25f0df14d46cba253c0974b59ece732a56777431a5acacdb51f42ee

Download Submit
C:\Windows\system\nEWjdhA.exe

Filesize
6.0MB

MD5
790bbc23af37cedc466b52baf8af24d6

SHA1
6f81072676669f5c3f6c708f1a1d46db9851c037

SHA256
766fbbe1e0106ef09b8863be07b07cb5946a4806e13542eb3b9a597edadcc910

SHA512
ba151d16c80250f1e20f5091672e840bd882884d1e5ca64e6d1fe761ddc6652c1f5fbe2fe2c2a910dcbf8deeb3aac54b7ba576b996fa64b1744494a36dd75f09

Download Submit
C:\Windows\system\nabZxuF.exe

Filesize
6.0MB

MD5
e7c38468cb9643c88c62264bd64a85c4

SHA1
44e88a086e16b617d6c3e49d34f1c033e6462a14

SHA256
f8a4019a0ac79a590d22a6d83aadbec67e398032b3b04e17cff892708e40e0df

SHA512
e952ec408b830babf76aa46df37dd3686c80d835480df211ddf154707852801b71755fa03ed8ee5539756f5ce10557d300727b6b14b99830f675e5d6ac693b34

Download Submit
C:\Windows\system\rAgFeOA.exe

Filesize
6.0MB

MD5
bbb993850d894b7d56be35c52d88399f

SHA1
1e913f75944f00c2c565a996c380da1cefa8f1cb

SHA256
a0bf52ce358f8e0412bd8a420b7a9256b542862d231b251078ed8feb5b292776

SHA512
b4ff399641e75f2a709593224e621cd00243c1e6f7a9f68dfe2598e3d17efd44149952b601694a504f39997f2e7dd05c54ddcd9eca5cc12a817ab2152ba67504

Download Submit
C:\Windows\system\sqJsdUJ.exe

Filesize
6.0MB

MD5
e2605eca76a6e4d3b8477bba03a0e457

SHA1
f83ae48c58b42a2ba379272b8547aa0c5d851ef2

SHA256
c70fe9e9823bfaf1faba866e144f894ce43fd35b7049e6354b550ba3bc2dc7b7

SHA512
68730548cc1b5fb7866fb96f2e4b85c91d4ae19a2eb714d774bded62c395e82e7aad8dd983b724ecc1c2599a984868f6d5cb8e24fe2f65d78cf24f4837d59005

Download Submit
C:\Windows\system\tCIpPXv.exe

Filesize
6.0MB

MD5
bc2bd3c4df59f4482894cfb88e338a14

SHA1
03898ca6cdb3c07b2ced5a124fadcfda3efda29a

SHA256
63b18109c9374effbb25f3eec667606dca471be7e7c0e5b98e8fe9b805748a19

SHA512
c24e4b547ec684e150b70f0ea321906ba63feb5bd215c56012ad02d644fe1c319e8f2d7f4a2124ca28649da64fd7ef26a52a24dae86bb9594c2023e9705eb2cc

Download Submit
C:\Windows\system\tmNECHd.exe

Filesize
6.0MB

MD5
9f0a84c69adfaf67332caca7c0156530

SHA1
27219291f10c7eab5b2f2515cd28362f09d2b199

SHA256
84f93193767dc5b39ee6496adef53eefa5e465aeda7136fb6ba995a33a6fb90c

SHA512
a6d583e4d0a15a25f288a9f3b54147b6c34acf47f9ccf816a916d253f2fa8eb4fc8376fcffc0c3f74da2dd4a0fc102b8e84895318db7f66e7f0a4d75cb1b1996

Download Submit
C:\Windows\system\uZitEiS.exe

Filesize
6.0MB

MD5
f4cd2cec7173f0f96cb6f54f3e59b3ec

SHA1
4f33b6c9dc69de636d30ef434ebd9d52eec677db

SHA256
d6b4df347670a1cc1cf17a32ba213acea2d6dc00e519119edf4cd751b9f4e3ab

SHA512
e5e88db1f879a09acf85bc7c8529c9881e3a630c55b620a40f74779b17a35c9eab11981ec73f046f4ed4ff7e18a175d6a11d674838546d3b0b65c67f66c1c556

Download Submit
C:\Windows\system\uzmuAoi.exe

Filesize
6.0MB

MD5
df027a542cf335635e1083a0c8b12326

SHA1
816031c3d3ae252f9c865b0de586d5164b8af2f3

SHA256
69edc3f6eddb48c02b6d492ceb634e15be030f9cbf83e89d2825ae647777f621

SHA512
282c86e1f5e45cba6ac7db9cfe44460a5f32035a28b9710ad6438f63b71b74a8dac85068ed06fd30d0a6a7072f47abf208de596599d23ef595abea57ab213f13

Download Submit
C:\Windows\system\vOZaljG.exe

Filesize
6.0MB

MD5
8764a7b93d162b2f49cb14250047bc59

SHA1
1fe1898a609ca28737203ad61dbe0a87c756a8c0

SHA256
81dd6775144f6371f3bb48188c42eafa5690efca97635bef1e0206113b48a39d

SHA512
55f3ce3545b3783ad8208ce9022a9d98c18f157582f955031e3c38ef1c340345197c912772b055a6ded2909450aaddbee840592c83907792e371dc7496c5a0bf

Download Submit
C:\Windows\system\ypLmkuw.exe

Filesize
6.0MB

MD5
f75932dccfbeb574c56cf4bc03dfddea

SHA1
0973a6fc12aced79203bd9858c25348a6bed2845

SHA256
13584f4758e705ddf9f6239924c7c1adc538ae221b55519ba707a7bb0ae5ea5f

SHA512
ff505c8a9b585ba2329e066dbd04ad387401efe65760660ad4db9ebe50d424e8db63e31af954db2b9d7b31814deccdbc1e4600d915d5cc3094a50f7d3a20cc9f

Download Submit
\Windows\system\FzlUpbL.exe

Filesize
6.0MB

MD5
58bf6dd3293ed3d3a98bd94f51a5365a

SHA1
ac216fe8501a2ff18b8ee67220fa5cce1e444832

SHA256
c57d921d271d88aa599013e98424ee313df1aa165107adee7fbb8925b6f1dc5d

SHA512
ba5051a0d39fc4b2f7885545f3719467f2d91a39cad2605a33b1c712b36e50e852309120eea293ed9a84c607ab3634d819513a004cd964690cc3cf2a4803cd19

Download Submit
\Windows\system\kHJbZge.exe

Filesize
6.0MB

MD5
e13dc46aaa1449e0c33e3b9fb7399955

SHA1
e11eb4613ad3ed7412fa508963eb24a418ccce25

SHA256
f50e9df8b00c171b6c34a5cd7abbb3e86553fd38f235e2788c8fdfd13684dd87

SHA512
22c818fea61b7ae69238d157401d2224ca640b961fd95faf5e23982c59b98f17427073b9d428f2b3264bd9d6270f9daae1d53a5c5557cd08e3e090c0c4430f46

Download Submit
\Windows\system\lpLrDlS.exe

Filesize
6.0MB

MD5
346d60a8e0748b59340bb76c6eceb830

SHA1
f38b3f1292fd7e37b321b0388dc67bbb9753e168

SHA256
b0bd0589c027450a5b2e980cd1bf984408a061b46e6eb90c53279627f27ab115

SHA512
802b2ecd74dff4fd0ab2016218fdf4f9a0a5483de67492f28ecb5cd2e41a6f15ad70de6b4b8147d8b33610b76ea6bdda5b195bfbc5ec9d80b387e68c2d512e92

Download Submit
memory/1268-4052-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-678-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-99-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1520-4049-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1520-87-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2088-4050-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2088-91-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2216-79-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2216-9-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-0-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2216-860-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-31-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-101-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-90-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2216-24-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-548-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-77-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-92-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2216-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2216-97-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2216-85-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-98-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-95-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2216-81-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-83-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-4051-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2396-94-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2484-82-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-4048-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4046-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2548-78-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4043-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2560-549-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2560-36-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2588-96-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4044-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4045-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2656-80-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2664-28-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-547-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4042-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-13-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-15-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2700-221-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4040-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4041-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2804-22-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2984-4047-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-84-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download