cobaltstrike | 8f1159a81d35952034f3e130ac27ff4c1ba485d5d474636e228087269eb645a9

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

17f62cd100b0508da246d1a65d7436c0
SHA1

e72061b27fc59de3af3c3b441577de63ba7023f7
SHA256

8f1159a81d35952034f3e130ac27ff4c1ba485d5d474636e228087269eb645a9
SHA512

991ea25a5b091032f667c0c5d9b56255e4fe9a4b2cdad6a6571d96da6ad729296e2ddac2eca9423ca9fb7d795af897c383f16a54e0ddbbae103abe6bdcf151fb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016a66-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3a-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c51-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d29-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-193.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-143.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-116.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-97.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-89.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000016560-68.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-74.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000171a8-60.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d06-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-3.dat	xmrig
behavioral1/files/0x0008000000016a66-8.dat	xmrig
behavioral1/files/0x0008000000016c3a-12.dat	xmrig
behavioral1/files/0x0008000000016c51-26.dat	xmrig
behavioral1/memory/2856-34-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cec-36.dat	xmrig
behavioral1/files/0x0007000000016cc8-31.dat	xmrig
behavioral1/memory/2656-27-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2888-25-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2756-24-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/3028-23-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2792-22-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2652-40-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d29-47.dat	xmrig
behavioral1/memory/3028-55-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2152-56-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/3028-70-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/2652-84-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2152-94-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x0005000000018728-136.dat	xmrig
behavioral1/files/0x000500000001925e-180.dat	xmrig
behavioral1/memory/3028-1203-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0005000000019350-189.dat	xmrig
behavioral1/files/0x0005000000019282-177.dat	xmrig
behavioral1/files/0x00050000000193b4-193.dat	xmrig
behavioral1/files/0x00050000000187a5-170.dat	xmrig
behavioral1/files/0x0005000000019334-184.dat	xmrig
behavioral1/files/0x0005000000019261-175.dat	xmrig
behavioral1/files/0x0005000000018784-161.dat	xmrig
behavioral1/files/0x00050000000186ee-129.dat	xmrig
behavioral1/files/0x0006000000019023-164.dat	xmrig
behavioral1/files/0x00050000000186e4-123.dat	xmrig
behavioral1/files/0x000500000001878f-152.dat	xmrig
behavioral1/files/0x000500000001873d-143.dat	xmrig
behavioral1/files/0x000d000000018676-112.dat	xmrig
behavioral1/files/0x00050000000186fd-134.dat	xmrig
behavioral1/files/0x00050000000186ea-126.dat	xmrig
behavioral1/files/0x0005000000018683-116.dat	xmrig
behavioral1/memory/3028-109-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2396-108-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/3028-107-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174cc-104.dat	xmrig
behavioral1/memory/1508-101-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017492-97.dat	xmrig
behavioral1/memory/1584-93-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/1236-86-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00060000000173a9-81.dat	xmrig
behavioral1/files/0x0006000000017488-89.dat	xmrig
behavioral1/memory/1868-78-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2396-71-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2656-69-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0036000000016560-68.dat	xmrig
behavioral1/files/0x00060000000173a7-74.dat	xmrig
behavioral1/memory/2388-64-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x00070000000171a8-60.dat	xmrig
behavioral1/memory/2996-52-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d06-46.dat	xmrig
behavioral1/memory/2888-3573-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2756-3561-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2792-3603-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2856-3611-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2656-3622-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2652-3677-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2756	dmiyZpr.exe
2888	GFxrpbz.exe
2792	eZZNgNY.exe
2656	QtSatwD.exe
2856	igxeJMi.exe
2652	BYrrVri.exe
2996	juMWwAh.exe
2152	hGsmffT.exe
2388	xjylmXx.exe
2396	kzWxWAX.exe
1868	hbPaLuK.exe
1236	dviGHFY.exe
1584	htgvoLI.exe
1508	MUbcqDU.exe
1744	YqJWggP.exe
1004	QuxJqZo.exe
1384	pCumnsp.exe
624	MLFyDCF.exe
968	kARuDHJ.exe
2512	aQyGEmL.exe
2136	KixVZIZ.exe
3012	oxttUJV.exe
320	khtvOKB.exe
2288	TtoYYvC.exe
1676	WveEkHA.exe
596	eSFPUpz.exe
1820	uwkePkT.exe
1336	cHPVSQx.exe
2916	dzGrsbr.exe
2100	XPolBcY.exe
756	mfeYGhp.exe
660	ulApDii.exe
2424	QrVjiSl.exe
2872	nkbtBOf.exe
1800	uSOgkPi.exe
2084	dOPAjdn.exe
1360	JiFfQbj.exe
2032	NHKMPwj.exe
1720	niWmjPJ.exe
564	FDawMRZ.exe
3000	NzsIKWA.exe
1824	gPVwOlZ.exe
2096	uflWOod.exe
2500	bmtKkhU.exe
3052	lYfMTnQ.exe
1460	FLULnmG.exe
1228	szocspW.exe
1056	DQDjRKe.exe
2944	qqrMDhe.exe
760	MPUpnRC.exe
2464	Aycvwhp.exe
1580	XAwVfem.exe
1184	ZXcBGjD.exe
872	bdFfiwO.exe
2456	znybZMN.exe
2740	lBXUSiD.exe
2776	LJnSYUh.exe
2572	NyjeAVF.exe
2384	QXuFVib.exe
764	OataZRX.exe
2960	kzAOdWf.exe
1864	MeyIVHM.exe
2276	EfXiAkt.exe
1212	ymalxec.exe

Loads dropped DLL 64 IoCs

pid	Process
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0003000000012000-3.dat	upx
behavioral1/files/0x0008000000016a66-8.dat	upx
behavioral1/files/0x0008000000016c3a-12.dat	upx
behavioral1/files/0x0008000000016c51-26.dat	upx
behavioral1/memory/2856-34-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0007000000016cec-36.dat	upx
behavioral1/files/0x0007000000016cc8-31.dat	upx
behavioral1/memory/2656-27-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2888-25-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2756-24-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2792-22-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2652-40-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0008000000016d29-47.dat	upx
behavioral1/memory/3028-55-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2152-56-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2652-84-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2152-94-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x0005000000018728-136.dat	upx
behavioral1/files/0x000500000001925e-180.dat	upx
behavioral1/files/0x0005000000019350-189.dat	upx
behavioral1/files/0x0005000000019282-177.dat	upx
behavioral1/files/0x00050000000193b4-193.dat	upx
behavioral1/files/0x00050000000187a5-170.dat	upx
behavioral1/files/0x0005000000019334-184.dat	upx
behavioral1/files/0x0005000000019261-175.dat	upx
behavioral1/files/0x0005000000018784-161.dat	upx
behavioral1/files/0x00050000000186ee-129.dat	upx
behavioral1/files/0x0006000000019023-164.dat	upx
behavioral1/files/0x00050000000186e4-123.dat	upx
behavioral1/files/0x000500000001878f-152.dat	upx
behavioral1/files/0x000500000001873d-143.dat	upx
behavioral1/files/0x000d000000018676-112.dat	upx
behavioral1/files/0x00050000000186fd-134.dat	upx
behavioral1/files/0x00050000000186ea-126.dat	upx
behavioral1/files/0x0005000000018683-116.dat	upx
behavioral1/memory/2396-108-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x00060000000174cc-104.dat	upx
behavioral1/memory/1508-101-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0006000000017492-97.dat	upx
behavioral1/memory/1584-93-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/1236-86-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00060000000173a9-81.dat	upx
behavioral1/files/0x0006000000017488-89.dat	upx
behavioral1/memory/1868-78-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2396-71-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2656-69-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x0036000000016560-68.dat	upx
behavioral1/files/0x00060000000173a7-74.dat	upx
behavioral1/memory/2388-64-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x00070000000171a8-60.dat	upx
behavioral1/memory/2996-52-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0007000000016d06-46.dat	upx
behavioral1/memory/2888-3573-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2756-3561-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2792-3603-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2856-3611-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2656-3622-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2652-3677-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2152-3704-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2996-3729-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2396-3742-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2388-3750-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/1236-3763-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ymalxec.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHHCxLb.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNSUGrQ.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnuQQjn.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaQxuWe.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjibdsK.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFIdhkg.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRoYNiA.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQEFVml.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKduaSO.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqMvhkE.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJgeXTG.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpiGPsV.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyjbFXl.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMavhVp.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiRMfIs.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXcBGjD.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxDuwMQ.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfVnnAU.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRQRJMa.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJnSYUh.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSfHmEQ.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLeHIVI.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTyJqVJ.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRUYyiB.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSarwao.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svwvGBC.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfeYGhp.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDnFZQe.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRhaQmi.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUUCauF.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGKowEa.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OocWjyA.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdAyIkM.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjGqJRj.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiuWAKd.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jngvWLM.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJcNoom.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNIFgKZ.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGsPkTg.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkenvgJ.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMYEdTS.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcLjbeW.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaVvQxx.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMwwyQn.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNqnuAo.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwUmASV.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEGsPtF.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grPjnBU.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nAwRTzR.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUAMbPX.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zILHdzc.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apHkPbt.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBiECVu.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgMKtCT.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHYhYOY.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgHeAhx.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGWOMdM.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmrolDl.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERjBlSR.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtpKITk.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFqnNCl.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbCGAOp.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtSatwD.exe	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2756	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2756	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2756	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 2888	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2888	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2888	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2792	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2792	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2792	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2656	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2656	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2656	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2856	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2856	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2856	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2652	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2652	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2652	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2996	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2996	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2996	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2152	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2152	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2152	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2388	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2388	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2388	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2396	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2396	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2396	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 1868	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 1868	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 1868	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 1236	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 1236	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 1236	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 1584	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1584	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1584	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1508	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1508	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1508	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 1744	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1744	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1744	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 1004	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 1004	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 1004	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 1384	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1384	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1384	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 624	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 624	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 624	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 968	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 968	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 968	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 320	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 320	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 320	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 2512	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 2512	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 2512	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 2288	3028	2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_17f62cd100b0508da246d1a65d7436c0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\System\dmiyZpr.exe
  C:\Windows\System\dmiyZpr.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\GFxrpbz.exe
  C:\Windows\System\GFxrpbz.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\eZZNgNY.exe
  C:\Windows\System\eZZNgNY.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\QtSatwD.exe
  C:\Windows\System\QtSatwD.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\igxeJMi.exe
  C:\Windows\System\igxeJMi.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\BYrrVri.exe
  C:\Windows\System\BYrrVri.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\juMWwAh.exe
  C:\Windows\System\juMWwAh.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\hGsmffT.exe
  C:\Windows\System\hGsmffT.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\xjylmXx.exe
  C:\Windows\System\xjylmXx.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\kzWxWAX.exe
  C:\Windows\System\kzWxWAX.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\hbPaLuK.exe
  C:\Windows\System\hbPaLuK.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\dviGHFY.exe
  C:\Windows\System\dviGHFY.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\htgvoLI.exe
  C:\Windows\System\htgvoLI.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\MUbcqDU.exe
  C:\Windows\System\MUbcqDU.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\YqJWggP.exe
  C:\Windows\System\YqJWggP.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\QuxJqZo.exe
  C:\Windows\System\QuxJqZo.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\pCumnsp.exe
  C:\Windows\System\pCumnsp.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\MLFyDCF.exe
  C:\Windows\System\MLFyDCF.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\kARuDHJ.exe
  C:\Windows\System\kARuDHJ.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\khtvOKB.exe
  C:\Windows\System\khtvOKB.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\aQyGEmL.exe
  C:\Windows\System\aQyGEmL.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\TtoYYvC.exe
  C:\Windows\System\TtoYYvC.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\KixVZIZ.exe
  C:\Windows\System\KixVZIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\WveEkHA.exe
  C:\Windows\System\WveEkHA.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\oxttUJV.exe
  C:\Windows\System\oxttUJV.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\uwkePkT.exe
  C:\Windows\System\uwkePkT.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\eSFPUpz.exe
  C:\Windows\System\eSFPUpz.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\dzGrsbr.exe
  C:\Windows\System\dzGrsbr.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\cHPVSQx.exe
  C:\Windows\System\cHPVSQx.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\mfeYGhp.exe
  C:\Windows\System\mfeYGhp.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\XPolBcY.exe
  C:\Windows\System\XPolBcY.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\QrVjiSl.exe
  C:\Windows\System\QrVjiSl.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\ulApDii.exe
  C:\Windows\System\ulApDii.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\nkbtBOf.exe
  C:\Windows\System\nkbtBOf.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\uSOgkPi.exe
  C:\Windows\System\uSOgkPi.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\JiFfQbj.exe
  C:\Windows\System\JiFfQbj.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\dOPAjdn.exe
  C:\Windows\System\dOPAjdn.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\NHKMPwj.exe
  C:\Windows\System\NHKMPwj.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\niWmjPJ.exe
  C:\Windows\System\niWmjPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\NzsIKWA.exe
  C:\Windows\System\NzsIKWA.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\FDawMRZ.exe
  C:\Windows\System\FDawMRZ.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\gPVwOlZ.exe
  C:\Windows\System\gPVwOlZ.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\uflWOod.exe
  C:\Windows\System\uflWOod.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\lYfMTnQ.exe
  C:\Windows\System\lYfMTnQ.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\bmtKkhU.exe
  C:\Windows\System\bmtKkhU.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\FLULnmG.exe
  C:\Windows\System\FLULnmG.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\szocspW.exe
  C:\Windows\System\szocspW.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\qqrMDhe.exe
  C:\Windows\System\qqrMDhe.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\DQDjRKe.exe
  C:\Windows\System\DQDjRKe.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ZXcBGjD.exe
  C:\Windows\System\ZXcBGjD.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\MPUpnRC.exe
  C:\Windows\System\MPUpnRC.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\bdFfiwO.exe
  C:\Windows\System\bdFfiwO.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\Aycvwhp.exe
  C:\Windows\System\Aycvwhp.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\znybZMN.exe
  C:\Windows\System\znybZMN.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\XAwVfem.exe
  C:\Windows\System\XAwVfem.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\lBXUSiD.exe
  C:\Windows\System\lBXUSiD.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\LJnSYUh.exe
  C:\Windows\System\LJnSYUh.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\NyjeAVF.exe
  C:\Windows\System\NyjeAVF.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\QXuFVib.exe
  C:\Windows\System\QXuFVib.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\kzAOdWf.exe
  C:\Windows\System\kzAOdWf.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\OataZRX.exe
  C:\Windows\System\OataZRX.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\EfXiAkt.exe
  C:\Windows\System\EfXiAkt.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\MeyIVHM.exe
  C:\Windows\System\MeyIVHM.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\ghjAhGR.exe
  C:\Windows\System\ghjAhGR.exe
  2⤵
  PID:856
- C:\Windows\System\ymalxec.exe
  C:\Windows\System\ymalxec.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\tmEsUYU.exe
  C:\Windows\System\tmEsUYU.exe
  2⤵
  PID:264
- C:\Windows\System\KmyQXYZ.exe
  C:\Windows\System\KmyQXYZ.exe
  2⤵
  PID:1740
- C:\Windows\System\UNIFgKZ.exe
  C:\Windows\System\UNIFgKZ.exe
  2⤵
  PID:2128
- C:\Windows\System\THfNXCU.exe
  C:\Windows\System\THfNXCU.exe
  2⤵
  PID:476
- C:\Windows\System\XFIdhkg.exe
  C:\Windows\System\XFIdhkg.exe
  2⤵
  PID:800
- C:\Windows\System\EBQdIgb.exe
  C:\Windows\System\EBQdIgb.exe
  2⤵
  PID:1816
- C:\Windows\System\HkFgyak.exe
  C:\Windows\System\HkFgyak.exe
  2⤵
  PID:2608
- C:\Windows\System\HjsBTbK.exe
  C:\Windows\System\HjsBTbK.exe
  2⤵
  PID:904
- C:\Windows\System\zXszpeR.exe
  C:\Windows\System\zXszpeR.exe
  2⤵
  PID:1672
- C:\Windows\System\NhTJQsQ.exe
  C:\Windows\System\NhTJQsQ.exe
  2⤵
  PID:1876
- C:\Windows\System\ayGseja.exe
  C:\Windows\System\ayGseja.exe
  2⤵
  PID:1912
- C:\Windows\System\tnFFzON.exe
  C:\Windows\System\tnFFzON.exe
  2⤵
  PID:2496
- C:\Windows\System\VVKPCFd.exe
  C:\Windows\System\VVKPCFd.exe
  2⤵
  PID:2868
- C:\Windows\System\EoRAOQC.exe
  C:\Windows\System\EoRAOQC.exe
  2⤵
  PID:2076
- C:\Windows\System\tjwgrdb.exe
  C:\Windows\System\tjwgrdb.exe
  2⤵
  PID:1052
- C:\Windows\System\oaPixNX.exe
  C:\Windows\System\oaPixNX.exe
  2⤵
  PID:2344
- C:\Windows\System\sgQzGzs.exe
  C:\Windows\System\sgQzGzs.exe
  2⤵
  PID:1920
- C:\Windows\System\crPRXdK.exe
  C:\Windows\System\crPRXdK.exe
  2⤵
  PID:2920
- C:\Windows\System\dHKJsug.exe
  C:\Windows\System\dHKJsug.exe
  2⤵
  PID:2952
- C:\Windows\System\nzuScgC.exe
  C:\Windows\System\nzuScgC.exe
  2⤵
  PID:1732
- C:\Windows\System\rayIZjA.exe
  C:\Windows\System\rayIZjA.exe
  2⤵
  PID:2320
- C:\Windows\System\rODibwT.exe
  C:\Windows\System\rODibwT.exe
  2⤵
  PID:2176
- C:\Windows\System\FRnHTTP.exe
  C:\Windows\System\FRnHTTP.exe
  2⤵
  PID:2676
- C:\Windows\System\KWpfoSD.exe
  C:\Windows\System\KWpfoSD.exe
  2⤵
  PID:2772
- C:\Windows\System\feHGGwr.exe
  C:\Windows\System\feHGGwr.exe
  2⤵
  PID:1464
- C:\Windows\System\MhSAeUg.exe
  C:\Windows\System\MhSAeUg.exe
  2⤵
  PID:1292
- C:\Windows\System\uWgboKd.exe
  C:\Windows\System\uWgboKd.exe
  2⤵
  PID:2704
- C:\Windows\System\OCTMVYV.exe
  C:\Windows\System\OCTMVYV.exe
  2⤵
  PID:2216
- C:\Windows\System\bAHAUVD.exe
  C:\Windows\System\bAHAUVD.exe
  2⤵
  PID:2412
- C:\Windows\System\HAZwxND.exe
  C:\Windows\System\HAZwxND.exe
  2⤵
  PID:2024
- C:\Windows\System\sWyxBRC.exe
  C:\Windows\System\sWyxBRC.exe
  2⤵
  PID:1880
- C:\Windows\System\bmEAwhp.exe
  C:\Windows\System\bmEAwhp.exe
  2⤵
  PID:2260
- C:\Windows\System\LEEatSe.exe
  C:\Windows\System\LEEatSe.exe
  2⤵
  PID:1328
- C:\Windows\System\zZYJQqV.exe
  C:\Windows\System\zZYJQqV.exe
  2⤵
  PID:628
- C:\Windows\System\hjrynfa.exe
  C:\Windows\System\hjrynfa.exe
  2⤵
  PID:288
- C:\Windows\System\IaBeQtp.exe
  C:\Windows\System\IaBeQtp.exe
  2⤵
  PID:1812
- C:\Windows\System\qRfCUTj.exe
  C:\Windows\System\qRfCUTj.exe
  2⤵
  PID:1076
- C:\Windows\System\CwITNPW.exe
  C:\Windows\System\CwITNPW.exe
  2⤵
  PID:1944
- C:\Windows\System\IjvqfZf.exe
  C:\Windows\System\IjvqfZf.exe
  2⤵
  PID:1960
- C:\Windows\System\ELXCrVa.exe
  C:\Windows\System\ELXCrVa.exe
  2⤵
  PID:2332
- C:\Windows\System\CQzUkoe.exe
  C:\Windows\System\CQzUkoe.exe
  2⤵
  PID:1608
- C:\Windows\System\Ehsznwb.exe
  C:\Windows\System\Ehsznwb.exe
  2⤵
  PID:2116
- C:\Windows\System\UaVvQxx.exe
  C:\Windows\System\UaVvQxx.exe
  2⤵
  PID:3080
- C:\Windows\System\rHTUdgb.exe
  C:\Windows\System\rHTUdgb.exe
  2⤵
  PID:3104
- C:\Windows\System\wKsPKoe.exe
  C:\Windows\System\wKsPKoe.exe
  2⤵
  PID:3120
- C:\Windows\System\kiImSIn.exe
  C:\Windows\System\kiImSIn.exe
  2⤵
  PID:3140
- C:\Windows\System\dbQhvCa.exe
  C:\Windows\System\dbQhvCa.exe
  2⤵
  PID:3164
- C:\Windows\System\uxgavNE.exe
  C:\Windows\System\uxgavNE.exe
  2⤵
  PID:3184
- C:\Windows\System\FHEMCog.exe
  C:\Windows\System\FHEMCog.exe
  2⤵
  PID:3200
- C:\Windows\System\FFPcATa.exe
  C:\Windows\System\FFPcATa.exe
  2⤵
  PID:3220
- C:\Windows\System\MdONxaD.exe
  C:\Windows\System\MdONxaD.exe
  2⤵
  PID:3236
- C:\Windows\System\QsUWoMY.exe
  C:\Windows\System\QsUWoMY.exe
  2⤵
  PID:3252
- C:\Windows\System\HBYOYfU.exe
  C:\Windows\System\HBYOYfU.exe
  2⤵
  PID:3288
- C:\Windows\System\aXAcsrk.exe
  C:\Windows\System\aXAcsrk.exe
  2⤵
  PID:3304
- C:\Windows\System\qZRLvhc.exe
  C:\Windows\System\qZRLvhc.exe
  2⤵
  PID:3324
- C:\Windows\System\qFSSWGi.exe
  C:\Windows\System\qFSSWGi.exe
  2⤵
  PID:3344
- C:\Windows\System\MwZxuKW.exe
  C:\Windows\System\MwZxuKW.exe
  2⤵
  PID:3360
- C:\Windows\System\dmtkjfb.exe
  C:\Windows\System\dmtkjfb.exe
  2⤵
  PID:3380
- C:\Windows\System\SRoYNiA.exe
  C:\Windows\System\SRoYNiA.exe
  2⤵
  PID:3400
- C:\Windows\System\QTyJqVJ.exe
  C:\Windows\System\QTyJqVJ.exe
  2⤵
  PID:3428
- C:\Windows\System\TzZRkoW.exe
  C:\Windows\System\TzZRkoW.exe
  2⤵
  PID:3448
- C:\Windows\System\TQLTdOY.exe
  C:\Windows\System\TQLTdOY.exe
  2⤵
  PID:3464
- C:\Windows\System\gJHKoPS.exe
  C:\Windows\System\gJHKoPS.exe
  2⤵
  PID:3488
- C:\Windows\System\qBCfXYk.exe
  C:\Windows\System\qBCfXYk.exe
  2⤵
  PID:3508
- C:\Windows\System\NYxxSEN.exe
  C:\Windows\System\NYxxSEN.exe
  2⤵
  PID:3524
- C:\Windows\System\ccZdEDP.exe
  C:\Windows\System\ccZdEDP.exe
  2⤵
  PID:3544
- C:\Windows\System\cAWrvEC.exe
  C:\Windows\System\cAWrvEC.exe
  2⤵
  PID:3564
- C:\Windows\System\tnTjfPK.exe
  C:\Windows\System\tnTjfPK.exe
  2⤵
  PID:3588
- C:\Windows\System\ssVLbRg.exe
  C:\Windows\System\ssVLbRg.exe
  2⤵
  PID:3608
- C:\Windows\System\oeksBQT.exe
  C:\Windows\System\oeksBQT.exe
  2⤵
  PID:3624
- C:\Windows\System\nTBDoAV.exe
  C:\Windows\System\nTBDoAV.exe
  2⤵
  PID:3648
- C:\Windows\System\UrqIxrB.exe
  C:\Windows\System\UrqIxrB.exe
  2⤵
  PID:3668
- C:\Windows\System\fQBaibm.exe
  C:\Windows\System\fQBaibm.exe
  2⤵
  PID:3684
- C:\Windows\System\fzKxdpm.exe
  C:\Windows\System\fzKxdpm.exe
  2⤵
  PID:3704
- C:\Windows\System\WLeFipx.exe
  C:\Windows\System\WLeFipx.exe
  2⤵
  PID:3728
- C:\Windows\System\ePHMqZK.exe
  C:\Windows\System\ePHMqZK.exe
  2⤵
  PID:3744
- C:\Windows\System\esIhDsv.exe
  C:\Windows\System\esIhDsv.exe
  2⤵
  PID:3768
- C:\Windows\System\AUNSJhI.exe
  C:\Windows\System\AUNSJhI.exe
  2⤵
  PID:3784
- C:\Windows\System\uMwwyQn.exe
  C:\Windows\System\uMwwyQn.exe
  2⤵
  PID:3804
- C:\Windows\System\rBQNori.exe
  C:\Windows\System\rBQNori.exe
  2⤵
  PID:3828
- C:\Windows\System\JmNaIjL.exe
  C:\Windows\System\JmNaIjL.exe
  2⤵
  PID:3848
- C:\Windows\System\wXUaaWc.exe
  C:\Windows\System\wXUaaWc.exe
  2⤵
  PID:3864
- C:\Windows\System\CQHvjri.exe
  C:\Windows\System\CQHvjri.exe
  2⤵
  PID:3884
- C:\Windows\System\qGJMUJY.exe
  C:\Windows\System\qGJMUJY.exe
  2⤵
  PID:3904
- C:\Windows\System\LdAyIkM.exe
  C:\Windows\System\LdAyIkM.exe
  2⤵
  PID:3924
- C:\Windows\System\rEhamGg.exe
  C:\Windows\System\rEhamGg.exe
  2⤵
  PID:3944
- C:\Windows\System\SUawVun.exe
  C:\Windows\System\SUawVun.exe
  2⤵
  PID:3964
- C:\Windows\System\HmpUMDX.exe
  C:\Windows\System\HmpUMDX.exe
  2⤵
  PID:3988
- C:\Windows\System\lkQPImY.exe
  C:\Windows\System\lkQPImY.exe
  2⤵
  PID:4004
- C:\Windows\System\UEwucvt.exe
  C:\Windows\System\UEwucvt.exe
  2⤵
  PID:4028
- C:\Windows\System\ugamiGF.exe
  C:\Windows\System\ugamiGF.exe
  2⤵
  PID:4052
- C:\Windows\System\EeZlwYQ.exe
  C:\Windows\System\EeZlwYQ.exe
  2⤵
  PID:4068
- C:\Windows\System\gQLsUFq.exe
  C:\Windows\System\gQLsUFq.exe
  2⤵
  PID:4092
- C:\Windows\System\FcOfpyw.exe
  C:\Windows\System\FcOfpyw.exe
  2⤵
  PID:1232
- C:\Windows\System\yeJWkUq.exe
  C:\Windows\System\yeJWkUq.exe
  2⤵
  PID:2900
- C:\Windows\System\qzkeGNO.exe
  C:\Windows\System\qzkeGNO.exe
  2⤵
  PID:1500
- C:\Windows\System\vsetBBd.exe
  C:\Windows\System\vsetBBd.exe
  2⤵
  PID:784
- C:\Windows\System\xloCjzF.exe
  C:\Windows\System\xloCjzF.exe
  2⤵
  PID:1332
- C:\Windows\System\MwNdAMI.exe
  C:\Windows\System\MwNdAMI.exe
  2⤵
  PID:712
- C:\Windows\System\BSUPsLH.exe
  C:\Windows\System\BSUPsLH.exe
  2⤵
  PID:3020
- C:\Windows\System\HygUueo.exe
  C:\Windows\System\HygUueo.exe
  2⤵
  PID:948
- C:\Windows\System\olCrorB.exe
  C:\Windows\System\olCrorB.exe
  2⤵
  PID:1712
- C:\Windows\System\UsPiLiu.exe
  C:\Windows\System\UsPiLiu.exe
  2⤵
  PID:1780
- C:\Windows\System\DKXvQZk.exe
  C:\Windows\System\DKXvQZk.exe
  2⤵
  PID:924
- C:\Windows\System\tdLqJGU.exe
  C:\Windows\System\tdLqJGU.exe
  2⤵
  PID:3076
- C:\Windows\System\wTBycmx.exe
  C:\Windows\System\wTBycmx.exe
  2⤵
  PID:1516
- C:\Windows\System\xujSWsX.exe
  C:\Windows\System\xujSWsX.exe
  2⤵
  PID:3112
- C:\Windows\System\ZdaoyuP.exe
  C:\Windows\System\ZdaoyuP.exe
  2⤵
  PID:3192
- C:\Windows\System\nJhvhHo.exe
  C:\Windows\System\nJhvhHo.exe
  2⤵
  PID:3132
- C:\Windows\System\DbEYePt.exe
  C:\Windows\System\DbEYePt.exe
  2⤵
  PID:3228
- C:\Windows\System\NUEsGiu.exe
  C:\Windows\System\NUEsGiu.exe
  2⤵
  PID:3276
- C:\Windows\System\ItJtSld.exe
  C:\Windows\System\ItJtSld.exe
  2⤵
  PID:3284
- C:\Windows\System\zTCgykZ.exe
  C:\Windows\System\zTCgykZ.exe
  2⤵
  PID:3352
- C:\Windows\System\unJdxft.exe
  C:\Windows\System\unJdxft.exe
  2⤵
  PID:3296
- C:\Windows\System\HXTWAxq.exe
  C:\Windows\System\HXTWAxq.exe
  2⤵
  PID:3376
- C:\Windows\System\FweTXyX.exe
  C:\Windows\System\FweTXyX.exe
  2⤵
  PID:3332
- C:\Windows\System\ehXlXfR.exe
  C:\Windows\System\ehXlXfR.exe
  2⤵
  PID:3472
- C:\Windows\System\nhcKxRT.exe
  C:\Windows\System\nhcKxRT.exe
  2⤵
  PID:3484
- C:\Windows\System\jKWBLHS.exe
  C:\Windows\System\jKWBLHS.exe
  2⤵
  PID:3500
- C:\Windows\System\oVoZRzV.exe
  C:\Windows\System\oVoZRzV.exe
  2⤵
  PID:3596
- C:\Windows\System\euZZMiO.exe
  C:\Windows\System\euZZMiO.exe
  2⤵
  PID:3532
- C:\Windows\System\kuvZkPA.exe
  C:\Windows\System\kuvZkPA.exe
  2⤵
  PID:3632
- C:\Windows\System\cfZlxGn.exe
  C:\Windows\System\cfZlxGn.exe
  2⤵
  PID:3620
- C:\Windows\System\XhFHWkq.exe
  C:\Windows\System\XhFHWkq.exe
  2⤵
  PID:3712
- C:\Windows\System\puUHmgA.exe
  C:\Windows\System\puUHmgA.exe
  2⤵
  PID:3660
- C:\Windows\System\hlNCGZC.exe
  C:\Windows\System\hlNCGZC.exe
  2⤵
  PID:3756
- C:\Windows\System\IqJdevn.exe
  C:\Windows\System\IqJdevn.exe
  2⤵
  PID:3796
- C:\Windows\System\FPSlpWu.exe
  C:\Windows\System\FPSlpWu.exe
  2⤵
  PID:3840
- C:\Windows\System\VPltjqm.exe
  C:\Windows\System\VPltjqm.exe
  2⤵
  PID:3872
- C:\Windows\System\nmyoNMg.exe
  C:\Windows\System\nmyoNMg.exe
  2⤵
  PID:3920
- C:\Windows\System\filaQrt.exe
  C:\Windows\System\filaQrt.exe
  2⤵
  PID:3900
- C:\Windows\System\EMaujGY.exe
  C:\Windows\System\EMaujGY.exe
  2⤵
  PID:3892
- C:\Windows\System\fuPxpTT.exe
  C:\Windows\System\fuPxpTT.exe
  2⤵
  PID:4048
- C:\Windows\System\sSMyXRZ.exe
  C:\Windows\System\sSMyXRZ.exe
  2⤵
  PID:3980
- C:\Windows\System\kWOHeVO.exe
  C:\Windows\System\kWOHeVO.exe
  2⤵
  PID:4076
- C:\Windows\System\wVpbosr.exe
  C:\Windows\System\wVpbosr.exe
  2⤵
  PID:1600
- C:\Windows\System\gGIrXuE.exe
  C:\Windows\System\gGIrXuE.exe
  2⤵
  PID:2368
- C:\Windows\System\pyqmQxE.exe
  C:\Windows\System\pyqmQxE.exe
  2⤵
  PID:2684
- C:\Windows\System\RHHGyZr.exe
  C:\Windows\System\RHHGyZr.exe
  2⤵
  PID:3056
- C:\Windows\System\AHYhYOY.exe
  C:\Windows\System\AHYhYOY.exe
  2⤵
  PID:1716
- C:\Windows\System\mhLbdnd.exe
  C:\Windows\System\mhLbdnd.exe
  2⤵
  PID:3088
- C:\Windows\System\GDdQxnX.exe
  C:\Windows\System\GDdQxnX.exe
  2⤵
  PID:3100
- C:\Windows\System\dpDltpu.exe
  C:\Windows\System\dpDltpu.exe
  2⤵
  PID:2484
- C:\Windows\System\JaJgsJM.exe
  C:\Windows\System\JaJgsJM.exe
  2⤵
  PID:3156
- C:\Windows\System\zxXnpie.exe
  C:\Windows\System\zxXnpie.exe
  2⤵
  PID:3316
- C:\Windows\System\CAHQJqO.exe
  C:\Windows\System\CAHQJqO.exe
  2⤵
  PID:2584
- C:\Windows\System\pbxYHMD.exe
  C:\Windows\System\pbxYHMD.exe
  2⤵
  PID:3180
- C:\Windows\System\VOuTGQj.exe
  C:\Windows\System\VOuTGQj.exe
  2⤵
  PID:3416
- C:\Windows\System\JuLRMGm.exe
  C:\Windows\System\JuLRMGm.exe
  2⤵
  PID:3248
- C:\Windows\System\KJXTCge.exe
  C:\Windows\System\KJXTCge.exe
  2⤵
  PID:3520
- C:\Windows\System\gMPOzIO.exe
  C:\Windows\System\gMPOzIO.exe
  2⤵
  PID:2788
- C:\Windows\System\PxyJJGh.exe
  C:\Windows\System\PxyJJGh.exe
  2⤵
  PID:3572
- C:\Windows\System\FyYrGPB.exe
  C:\Windows\System\FyYrGPB.exe
  2⤵
  PID:3664
- C:\Windows\System\FghCUgK.exe
  C:\Windows\System\FghCUgK.exe
  2⤵
  PID:3460
- C:\Windows\System\BpIFpez.exe
  C:\Windows\System\BpIFpez.exe
  2⤵
  PID:3600
- C:\Windows\System\nGdbtdX.exe
  C:\Windows\System\nGdbtdX.exe
  2⤵
  PID:3792
- C:\Windows\System\YCAggVk.exe
  C:\Windows\System\YCAggVk.exe
  2⤵
  PID:3860
- C:\Windows\System\eqjxDon.exe
  C:\Windows\System\eqjxDon.exe
  2⤵
  PID:4000
- C:\Windows\System\hXnwFBf.exe
  C:\Windows\System\hXnwFBf.exe
  2⤵
  PID:3764
- C:\Windows\System\lZMkxKN.exe
  C:\Windows\System\lZMkxKN.exe
  2⤵
  PID:3836
- C:\Windows\System\wRiBnrU.exe
  C:\Windows\System\wRiBnrU.exe
  2⤵
  PID:4020
- C:\Windows\System\NWPOBIl.exe
  C:\Windows\System\NWPOBIl.exe
  2⤵
  PID:2172
- C:\Windows\System\mzUDdNA.exe
  C:\Windows\System\mzUDdNA.exe
  2⤵
  PID:3932
- C:\Windows\System\bjyojwZ.exe
  C:\Windows\System\bjyojwZ.exe
  2⤵
  PID:1424
- C:\Windows\System\qFFWBWU.exe
  C:\Windows\System\qFFWBWU.exe
  2⤵
  PID:4084
- C:\Windows\System\tRYnVZa.exe
  C:\Windows\System\tRYnVZa.exe
  2⤵
  PID:2912
- C:\Windows\System\uCaTWuq.exe
  C:\Windows\System\uCaTWuq.exe
  2⤵
  PID:3272
- C:\Windows\System\UPAQeHF.exe
  C:\Windows\System\UPAQeHF.exe
  2⤵
  PID:3096
- C:\Windows\System\lrdGdzO.exe
  C:\Windows\System\lrdGdzO.exe
  2⤵
  PID:3212
- C:\Windows\System\GyMuzPf.exe
  C:\Windows\System\GyMuzPf.exe
  2⤵
  PID:3368
- C:\Windows\System\ONBROjQ.exe
  C:\Windows\System\ONBROjQ.exe
  2⤵
  PID:4112
- C:\Windows\System\TLMudiy.exe
  C:\Windows\System\TLMudiy.exe
  2⤵
  PID:4128
- C:\Windows\System\UeRfGfc.exe
  C:\Windows\System\UeRfGfc.exe
  2⤵
  PID:4148
- C:\Windows\System\FHhdHvK.exe
  C:\Windows\System\FHhdHvK.exe
  2⤵
  PID:4168
- C:\Windows\System\SWOIkVF.exe
  C:\Windows\System\SWOIkVF.exe
  2⤵
  PID:4192
- C:\Windows\System\tDvYXSP.exe
  C:\Windows\System\tDvYXSP.exe
  2⤵
  PID:4212
- C:\Windows\System\yEWxImW.exe
  C:\Windows\System\yEWxImW.exe
  2⤵
  PID:4236
- C:\Windows\System\NWdYJCR.exe
  C:\Windows\System\NWdYJCR.exe
  2⤵
  PID:4252
- C:\Windows\System\mAdfFQH.exe
  C:\Windows\System\mAdfFQH.exe
  2⤵
  PID:4276
- C:\Windows\System\nQSxVHy.exe
  C:\Windows\System\nQSxVHy.exe
  2⤵
  PID:4296
- C:\Windows\System\MoZjLXE.exe
  C:\Windows\System\MoZjLXE.exe
  2⤵
  PID:4320
- C:\Windows\System\MRAIEXF.exe
  C:\Windows\System\MRAIEXF.exe
  2⤵
  PID:4340
- C:\Windows\System\aQEruwT.exe
  C:\Windows\System\aQEruwT.exe
  2⤵
  PID:4360
- C:\Windows\System\qHbEFWO.exe
  C:\Windows\System\qHbEFWO.exe
  2⤵
  PID:4388
- C:\Windows\System\MZAHhMX.exe
  C:\Windows\System\MZAHhMX.exe
  2⤵
  PID:4408
- C:\Windows\System\zmHcwCx.exe
  C:\Windows\System\zmHcwCx.exe
  2⤵
  PID:4424
- C:\Windows\System\NqVBLuI.exe
  C:\Windows\System\NqVBLuI.exe
  2⤵
  PID:4444
- C:\Windows\System\rkWqhVz.exe
  C:\Windows\System\rkWqhVz.exe
  2⤵
  PID:4464
- C:\Windows\System\boyMVdd.exe
  C:\Windows\System\boyMVdd.exe
  2⤵
  PID:4480
- C:\Windows\System\atCUklS.exe
  C:\Windows\System\atCUklS.exe
  2⤵
  PID:4500
- C:\Windows\System\VzhyXBz.exe
  C:\Windows\System\VzhyXBz.exe
  2⤵
  PID:4528
- C:\Windows\System\jjGqJRj.exe
  C:\Windows\System\jjGqJRj.exe
  2⤵
  PID:4548
- C:\Windows\System\YCaiTXX.exe
  C:\Windows\System\YCaiTXX.exe
  2⤵
  PID:4564
- C:\Windows\System\blFgkvu.exe
  C:\Windows\System\blFgkvu.exe
  2⤵
  PID:4588
- C:\Windows\System\ounUCOd.exe
  C:\Windows\System\ounUCOd.exe
  2⤵
  PID:4604
- C:\Windows\System\JljmOcO.exe
  C:\Windows\System\JljmOcO.exe
  2⤵
  PID:4620
- C:\Windows\System\GfECBJU.exe
  C:\Windows\System\GfECBJU.exe
  2⤵
  PID:4644
- C:\Windows\System\qRUYyiB.exe
  C:\Windows\System\qRUYyiB.exe
  2⤵
  PID:4664
- C:\Windows\System\OWOWTME.exe
  C:\Windows\System\OWOWTME.exe
  2⤵
  PID:4680
- C:\Windows\System\bBXuUuu.exe
  C:\Windows\System\bBXuUuu.exe
  2⤵
  PID:4704
- C:\Windows\System\DEFKHYm.exe
  C:\Windows\System\DEFKHYm.exe
  2⤵
  PID:4720
- C:\Windows\System\ZJgeXTG.exe
  C:\Windows\System\ZJgeXTG.exe
  2⤵
  PID:4740
- C:\Windows\System\wRXTAJD.exe
  C:\Windows\System\wRXTAJD.exe
  2⤵
  PID:4764
- C:\Windows\System\DvmopqJ.exe
  C:\Windows\System\DvmopqJ.exe
  2⤵
  PID:4780
- C:\Windows\System\lqpkonc.exe
  C:\Windows\System\lqpkonc.exe
  2⤵
  PID:4804
- C:\Windows\System\sYWVrll.exe
  C:\Windows\System\sYWVrll.exe
  2⤵
  PID:4824
- C:\Windows\System\xsQhjZO.exe
  C:\Windows\System\xsQhjZO.exe
  2⤵
  PID:4844
- C:\Windows\System\eSiKhwr.exe
  C:\Windows\System\eSiKhwr.exe
  2⤵
  PID:4864
- C:\Windows\System\WZEmJQZ.exe
  C:\Windows\System\WZEmJQZ.exe
  2⤵
  PID:4884
- C:\Windows\System\pRcvugf.exe
  C:\Windows\System\pRcvugf.exe
  2⤵
  PID:4908
- C:\Windows\System\whuNlKF.exe
  C:\Windows\System\whuNlKF.exe
  2⤵
  PID:4928
- C:\Windows\System\OiGYgub.exe
  C:\Windows\System\OiGYgub.exe
  2⤵
  PID:4944
- C:\Windows\System\PXpDptC.exe
  C:\Windows\System\PXpDptC.exe
  2⤵
  PID:4968
- C:\Windows\System\hcqKrGL.exe
  C:\Windows\System\hcqKrGL.exe
  2⤵
  PID:4984
- C:\Windows\System\XkDhrjW.exe
  C:\Windows\System\XkDhrjW.exe
  2⤵
  PID:5000
- C:\Windows\System\KOWqoop.exe
  C:\Windows\System\KOWqoop.exe
  2⤵
  PID:5016
- C:\Windows\System\WiFwbDe.exe
  C:\Windows\System\WiFwbDe.exe
  2⤵
  PID:5044
- C:\Windows\System\rIIsMIv.exe
  C:\Windows\System\rIIsMIv.exe
  2⤵
  PID:5064
- C:\Windows\System\PQfXFvk.exe
  C:\Windows\System\PQfXFvk.exe
  2⤵
  PID:5084
- C:\Windows\System\sDLDCqe.exe
  C:\Windows\System\sDLDCqe.exe
  2⤵
  PID:5108
- C:\Windows\System\jLgLpXv.exe
  C:\Windows\System\jLgLpXv.exe
  2⤵
  PID:3724
- C:\Windows\System\zThvBGM.exe
  C:\Windows\System\zThvBGM.exe
  2⤵
  PID:3420
- C:\Windows\System\pNqnuAo.exe
  C:\Windows\System\pNqnuAo.exe
  2⤵
  PID:3752
- C:\Windows\System\PbAlGDi.exe
  C:\Windows\System\PbAlGDi.exe
  2⤵
  PID:4016
- C:\Windows\System\HDpXhPf.exe
  C:\Windows\System\HDpXhPf.exe
  2⤵
  PID:2800
- C:\Windows\System\JHjDGqc.exe
  C:\Windows\System\JHjDGqc.exe
  2⤵
  PID:3516
- C:\Windows\System\QEWckTR.exe
  C:\Windows\System\QEWckTR.exe
  2⤵
  PID:2144
- C:\Windows\System\yFFwOvz.exe
  C:\Windows\System\yFFwOvz.exe
  2⤵
  PID:2820
- C:\Windows\System\gzPPqPe.exe
  C:\Windows\System\gzPPqPe.exe
  2⤵
  PID:3320
- C:\Windows\System\JznfeqR.exe
  C:\Windows\System\JznfeqR.exe
  2⤵
  PID:4108
- C:\Windows\System\AgHeAhx.exe
  C:\Windows\System\AgHeAhx.exe
  2⤵
  PID:3876
- C:\Windows\System\tfQlMJA.exe
  C:\Windows\System\tfQlMJA.exe
  2⤵
  PID:3696
- C:\Windows\System\WNpjhqw.exe
  C:\Windows\System\WNpjhqw.exe
  2⤵
  PID:4224
- C:\Windows\System\MqOEJid.exe
  C:\Windows\System\MqOEJid.exe
  2⤵
  PID:3976
- C:\Windows\System\KTcrSAn.exe
  C:\Windows\System\KTcrSAn.exe
  2⤵
  PID:616
- C:\Windows\System\TWzdjdN.exe
  C:\Windows\System\TWzdjdN.exe
  2⤵
  PID:3336
- C:\Windows\System\BpGCrUX.exe
  C:\Windows\System\BpGCrUX.exe
  2⤵
  PID:4304
- C:\Windows\System\PytmNQR.exe
  C:\Windows\System\PytmNQR.exe
  2⤵
  PID:4348
- C:\Windows\System\kdZiKWV.exe
  C:\Windows\System\kdZiKWV.exe
  2⤵
  PID:4156
- C:\Windows\System\CskqRvc.exe
  C:\Windows\System\CskqRvc.exe
  2⤵
  PID:4204
- C:\Windows\System\iqEZabL.exe
  C:\Windows\System\iqEZabL.exe
  2⤵
  PID:4396
- C:\Windows\System\ApnhAch.exe
  C:\Windows\System\ApnhAch.exe
  2⤵
  PID:4440
- C:\Windows\System\IXeIrAv.exe
  C:\Windows\System\IXeIrAv.exe
  2⤵
  PID:4368
- C:\Windows\System\GtYdKex.exe
  C:\Windows\System\GtYdKex.exe
  2⤵
  PID:4328
- C:\Windows\System\dygtJYl.exe
  C:\Windows\System\dygtJYl.exe
  2⤵
  PID:4524
- C:\Windows\System\EwUmASV.exe
  C:\Windows\System\EwUmASV.exe
  2⤵
  PID:4488
- C:\Windows\System\tbAMsPB.exe
  C:\Windows\System\tbAMsPB.exe
  2⤵
  PID:4560
- C:\Windows\System\OrFqiVu.exe
  C:\Windows\System\OrFqiVu.exe
  2⤵
  PID:4640
- C:\Windows\System\Ptoryxg.exe
  C:\Windows\System\Ptoryxg.exe
  2⤵
  PID:4572
- C:\Windows\System\gPJBDXO.exe
  C:\Windows\System\gPJBDXO.exe
  2⤵
  PID:4672
- C:\Windows\System\oVNqNkz.exe
  C:\Windows\System\oVNqNkz.exe
  2⤵
  PID:4716
- C:\Windows\System\UXJHsAR.exe
  C:\Windows\System\UXJHsAR.exe
  2⤵
  PID:4760
- C:\Windows\System\fIxJpjc.exe
  C:\Windows\System\fIxJpjc.exe
  2⤵
  PID:4696
- C:\Windows\System\OLQaLip.exe
  C:\Windows\System\OLQaLip.exe
  2⤵
  PID:4736
- C:\Windows\System\EkUIzOU.exe
  C:\Windows\System\EkUIzOU.exe
  2⤵
  PID:4776
- C:\Windows\System\cRrEWEZ.exe
  C:\Windows\System\cRrEWEZ.exe
  2⤵
  PID:4820
- C:\Windows\System\XOWdqyY.exe
  C:\Windows\System\XOWdqyY.exe
  2⤵
  PID:4872
- C:\Windows\System\YlXeLtY.exe
  C:\Windows\System\YlXeLtY.exe
  2⤵
  PID:4876
- C:\Windows\System\ZtyBhXQ.exe
  C:\Windows\System\ZtyBhXQ.exe
  2⤵
  PID:4920
- C:\Windows\System\mvxcEJM.exe
  C:\Windows\System\mvxcEJM.exe
  2⤵
  PID:4952
- C:\Windows\System\cqqjScy.exe
  C:\Windows\System\cqqjScy.exe
  2⤵
  PID:4960
- C:\Windows\System\MqQtOwT.exe
  C:\Windows\System\MqQtOwT.exe
  2⤵
  PID:5036
- C:\Windows\System\VHsNvCW.exe
  C:\Windows\System\VHsNvCW.exe
  2⤵
  PID:5076
- C:\Windows\System\WFeNiIQ.exe
  C:\Windows\System\WFeNiIQ.exe
  2⤵
  PID:3040
- C:\Windows\System\WvceCBk.exe
  C:\Windows\System\WvceCBk.exe
  2⤵
  PID:3940
- C:\Windows\System\OdRKFAM.exe
  C:\Windows\System\OdRKFAM.exe
  2⤵
  PID:5096
- C:\Windows\System\tCHbLZY.exe
  C:\Windows\System\tCHbLZY.exe
  2⤵
  PID:3444
- C:\Windows\System\cpzstQD.exe
  C:\Windows\System\cpzstQD.exe
  2⤵
  PID:4176
- C:\Windows\System\zpopsst.exe
  C:\Windows\System\zpopsst.exe
  2⤵
  PID:3556
- C:\Windows\System\tkSJtMd.exe
  C:\Windows\System\tkSJtMd.exe
  2⤵
  PID:3916
- C:\Windows\System\CCHlAcC.exe
  C:\Windows\System\CCHlAcC.exe
  2⤵
  PID:3208
- C:\Windows\System\yoIAPQF.exe
  C:\Windows\System\yoIAPQF.exe
  2⤵
  PID:2508
- C:\Windows\System\TdYKIAU.exe
  C:\Windows\System\TdYKIAU.exe
  2⤵
  PID:3576
- C:\Windows\System\OfDpTZF.exe
  C:\Windows\System\OfDpTZF.exe
  2⤵
  PID:3008
- C:\Windows\System\FpUVXUl.exe
  C:\Windows\System\FpUVXUl.exe
  2⤵
  PID:4352
- C:\Windows\System\sXXvgOy.exe
  C:\Windows\System\sXXvgOy.exe
  2⤵
  PID:2160
- C:\Windows\System\kuslTQU.exe
  C:\Windows\System\kuslTQU.exe
  2⤵
  PID:2192
- C:\Windows\System\mGEyGNi.exe
  C:\Windows\System\mGEyGNi.exe
  2⤵
  PID:4384
- C:\Windows\System\sQorTex.exe
  C:\Windows\System\sQorTex.exe
  2⤵
  PID:4416
- C:\Windows\System\MezqcQU.exe
  C:\Windows\System\MezqcQU.exe
  2⤵
  PID:4200
- C:\Windows\System\gGlGyBr.exe
  C:\Windows\System\gGlGyBr.exe
  2⤵
  PID:4284
- C:\Windows\System\GZRvSGw.exe
  C:\Windows\System\GZRvSGw.exe
  2⤵
  PID:4536
- C:\Windows\System\sddtfBu.exe
  C:\Windows\System\sddtfBu.exe
  2⤵
  PID:4616
- C:\Windows\System\qkwpyFu.exe
  C:\Windows\System\qkwpyFu.exe
  2⤵
  PID:4692
- C:\Windows\System\JflGwdl.exe
  C:\Windows\System\JflGwdl.exe
  2⤵
  PID:4584
- C:\Windows\System\OrPcxFs.exe
  C:\Windows\System\OrPcxFs.exe
  2⤵
  PID:4772
- C:\Windows\System\yfvdSiN.exe
  C:\Windows\System\yfvdSiN.exe
  2⤵
  PID:4756
- C:\Windows\System\HfxOXZS.exe
  C:\Windows\System\HfxOXZS.exe
  2⤵
  PID:4964
- C:\Windows\System\DltvWha.exe
  C:\Windows\System\DltvWha.exe
  2⤵
  PID:4880
- C:\Windows\System\WNyWzAc.exe
  C:\Windows\System\WNyWzAc.exe
  2⤵
  PID:2544
- C:\Windows\System\EZFunud.exe
  C:\Windows\System\EZFunud.exe
  2⤵
  PID:5012
- C:\Windows\System\mDDJTNZ.exe
  C:\Windows\System\mDDJTNZ.exe
  2⤵
  PID:3616
- C:\Windows\System\aUFHnkR.exe
  C:\Windows\System\aUFHnkR.exe
  2⤵
  PID:5104
- C:\Windows\System\cbliFxb.exe
  C:\Windows\System\cbliFxb.exe
  2⤵
  PID:2968
- C:\Windows\System\UDaLSmp.exe
  C:\Windows\System\UDaLSmp.exe
  2⤵
  PID:2104
- C:\Windows\System\daNFEfM.exe
  C:\Windows\System\daNFEfM.exe
  2⤵
  PID:3972
- C:\Windows\System\MQrOzUa.exe
  C:\Windows\System\MQrOzUa.exe
  2⤵
  PID:4272
- C:\Windows\System\XCtgnYb.exe
  C:\Windows\System\XCtgnYb.exe
  2⤵
  PID:3560
- C:\Windows\System\NnilExw.exe
  C:\Windows\System\NnilExw.exe
  2⤵
  PID:3776
- C:\Windows\System\MulGlfZ.exe
  C:\Windows\System\MulGlfZ.exe
  2⤵
  PID:4512
- C:\Windows\System\VsTFmNL.exe
  C:\Windows\System\VsTFmNL.exe
  2⤵
  PID:4376
- C:\Windows\System\bDyTYBW.exe
  C:\Windows\System\bDyTYBW.exe
  2⤵
  PID:4596
- C:\Windows\System\gknWWOt.exe
  C:\Windows\System\gknWWOt.exe
  2⤵
  PID:4580
- C:\Windows\System\JIWEIpP.exe
  C:\Windows\System\JIWEIpP.exe
  2⤵
  PID:4400
- C:\Windows\System\bpwaaKU.exe
  C:\Windows\System\bpwaaKU.exe
  2⤵
  PID:4652
- C:\Windows\System\tCbviwN.exe
  C:\Windows\System\tCbviwN.exe
  2⤵
  PID:4812
- C:\Windows\System\uBsgyBE.exe
  C:\Windows\System\uBsgyBE.exe
  2⤵
  PID:4976
- C:\Windows\System\XaVSGTA.exe
  C:\Windows\System\XaVSGTA.exe
  2⤵
  PID:3816
- C:\Windows\System\OCibsts.exe
  C:\Windows\System\OCibsts.exe
  2⤵
  PID:5028
- C:\Windows\System\vdhTZxD.exe
  C:\Windows\System\vdhTZxD.exe
  2⤵
  PID:4228
- C:\Windows\System\qOXSdpD.exe
  C:\Windows\System\qOXSdpD.exe
  2⤵
  PID:5060
- C:\Windows\System\WbsEINX.exe
  C:\Windows\System\WbsEINX.exe
  2⤵
  PID:4064
- C:\Windows\System\TZTBdEJ.exe
  C:\Windows\System\TZTBdEJ.exe
  2⤵
  PID:2416
- C:\Windows\System\FEFjZjE.exe
  C:\Windows\System\FEFjZjE.exe
  2⤵
  PID:5132
- C:\Windows\System\PaKOZiV.exe
  C:\Windows\System\PaKOZiV.exe
  2⤵
  PID:5156
- C:\Windows\System\OnTZtTG.exe
  C:\Windows\System\OnTZtTG.exe
  2⤵
  PID:5172
- C:\Windows\System\HToiGNY.exe
  C:\Windows\System\HToiGNY.exe
  2⤵
  PID:5188
- C:\Windows\System\JUNPXvZ.exe
  C:\Windows\System\JUNPXvZ.exe
  2⤵
  PID:5204
- C:\Windows\System\AbEoehx.exe
  C:\Windows\System\AbEoehx.exe
  2⤵
  PID:5220
- C:\Windows\System\UbPsFQV.exe
  C:\Windows\System\UbPsFQV.exe
  2⤵
  PID:5236
- C:\Windows\System\LzUJZcK.exe
  C:\Windows\System\LzUJZcK.exe
  2⤵
  PID:5252
- C:\Windows\System\uVXKJuS.exe
  C:\Windows\System\uVXKJuS.exe
  2⤵
  PID:5268
- C:\Windows\System\hLhSJoN.exe
  C:\Windows\System\hLhSJoN.exe
  2⤵
  PID:5292
- C:\Windows\System\ZlmgdoO.exe
  C:\Windows\System\ZlmgdoO.exe
  2⤵
  PID:5308
- C:\Windows\System\JQrUgjz.exe
  C:\Windows\System\JQrUgjz.exe
  2⤵
  PID:5332
- C:\Windows\System\VStWLPI.exe
  C:\Windows\System\VStWLPI.exe
  2⤵
  PID:5348
- C:\Windows\System\FkwjKzo.exe
  C:\Windows\System\FkwjKzo.exe
  2⤵
  PID:5364
- C:\Windows\System\LzVHwnE.exe
  C:\Windows\System\LzVHwnE.exe
  2⤵
  PID:5388
- C:\Windows\System\zaxwosO.exe
  C:\Windows\System\zaxwosO.exe
  2⤵
  PID:5404
- C:\Windows\System\sdEJKfG.exe
  C:\Windows\System\sdEJKfG.exe
  2⤵
  PID:5428
- C:\Windows\System\eiErvic.exe
  C:\Windows\System\eiErvic.exe
  2⤵
  PID:5444
- C:\Windows\System\BGWOMdM.exe
  C:\Windows\System\BGWOMdM.exe
  2⤵
  PID:5460
- C:\Windows\System\RWTWOxw.exe
  C:\Windows\System\RWTWOxw.exe
  2⤵
  PID:5476
- C:\Windows\System\RHHCxLb.exe
  C:\Windows\System\RHHCxLb.exe
  2⤵
  PID:5492
- C:\Windows\System\wGscUtS.exe
  C:\Windows\System\wGscUtS.exe
  2⤵
  PID:5508
- C:\Windows\System\FpiGPsV.exe
  C:\Windows\System\FpiGPsV.exe
  2⤵
  PID:5524
- C:\Windows\System\VORsiqX.exe
  C:\Windows\System\VORsiqX.exe
  2⤵
  PID:5540
- C:\Windows\System\XRYgiQD.exe
  C:\Windows\System\XRYgiQD.exe
  2⤵
  PID:5572
- C:\Windows\System\GFWpyzo.exe
  C:\Windows\System\GFWpyzo.exe
  2⤵
  PID:5596
- C:\Windows\System\jZaHANl.exe
  C:\Windows\System\jZaHANl.exe
  2⤵
  PID:5624
- C:\Windows\System\krTibLh.exe
  C:\Windows\System\krTibLh.exe
  2⤵
  PID:5684
- C:\Windows\System\HXSJBdX.exe
  C:\Windows\System\HXSJBdX.exe
  2⤵
  PID:5704
- C:\Windows\System\BOwCazF.exe
  C:\Windows\System\BOwCazF.exe
  2⤵
  PID:5724
- C:\Windows\System\pBQGtMU.exe
  C:\Windows\System\pBQGtMU.exe
  2⤵
  PID:5744
- C:\Windows\System\rmXKJag.exe
  C:\Windows\System\rmXKJag.exe
  2⤵
  PID:5760
- C:\Windows\System\SvIYwbZ.exe
  C:\Windows\System\SvIYwbZ.exe
  2⤵
  PID:5776
- C:\Windows\System\lmEzlHv.exe
  C:\Windows\System\lmEzlHv.exe
  2⤵
  PID:5792
- C:\Windows\System\BCesxCx.exe
  C:\Windows\System\BCesxCx.exe
  2⤵
  PID:5808
- C:\Windows\System\aRKFfbN.exe
  C:\Windows\System\aRKFfbN.exe
  2⤵
  PID:5824
- C:\Windows\System\Rdgqudt.exe
  C:\Windows\System\Rdgqudt.exe
  2⤵
  PID:5852
- C:\Windows\System\NpvcxrG.exe
  C:\Windows\System\NpvcxrG.exe
  2⤵
  PID:5876
- C:\Windows\System\vlJbijv.exe
  C:\Windows\System\vlJbijv.exe
  2⤵
  PID:5896
- C:\Windows\System\YsYMezm.exe
  C:\Windows\System\YsYMezm.exe
  2⤵
  PID:5916
- C:\Windows\System\pseGOMp.exe
  C:\Windows\System\pseGOMp.exe
  2⤵
  PID:5948
- C:\Windows\System\MkYvkVj.exe
  C:\Windows\System\MkYvkVj.exe
  2⤵
  PID:5968
- C:\Windows\System\zGDzAqc.exe
  C:\Windows\System\zGDzAqc.exe
  2⤵
  PID:5988
- C:\Windows\System\XTakhmT.exe
  C:\Windows\System\XTakhmT.exe
  2⤵
  PID:6008
- C:\Windows\System\XDnFZQe.exe
  C:\Windows\System\XDnFZQe.exe
  2⤵
  PID:6024
- C:\Windows\System\MSvZeOx.exe
  C:\Windows\System\MSvZeOx.exe
  2⤵
  PID:6048
- C:\Windows\System\EjudWKz.exe
  C:\Windows\System\EjudWKz.exe
  2⤵
  PID:6064
- C:\Windows\System\fIjHhAg.exe
  C:\Windows\System\fIjHhAg.exe
  2⤵
  PID:6088
- C:\Windows\System\AvfxDhB.exe
  C:\Windows\System\AvfxDhB.exe
  2⤵
  PID:6104
- C:\Windows\System\rqRfaav.exe
  C:\Windows\System\rqRfaav.exe
  2⤵
  PID:6128
- C:\Windows\System\iGdJqPQ.exe
  C:\Windows\System\iGdJqPQ.exe
  2⤵
  PID:1700
- C:\Windows\System\QwIIaOJ.exe
  C:\Windows\System\QwIIaOJ.exe
  2⤵
  PID:4628
- C:\Windows\System\DnPjovB.exe
  C:\Windows\System\DnPjovB.exe
  2⤵
  PID:4420
- C:\Windows\System\gcTXiIl.exe
  C:\Windows\System\gcTXiIl.exe
  2⤵
  PID:4792
- C:\Windows\System\IujeUkY.exe
  C:\Windows\System\IujeUkY.exe
  2⤵
  PID:2564
- C:\Windows\System\NouEioS.exe
  C:\Windows\System\NouEioS.exe
  2⤵
  PID:4508
- C:\Windows\System\XShjvXt.exe
  C:\Windows\System\XShjvXt.exe
  2⤵
  PID:5180
- C:\Windows\System\mlGIGaU.exe
  C:\Windows\System\mlGIGaU.exe
  2⤵
  PID:5212
- C:\Windows\System\cADJWsE.exe
  C:\Windows\System\cADJWsE.exe
  2⤵
  PID:5276
- C:\Windows\System\lVNIMba.exe
  C:\Windows\System\lVNIMba.exe
  2⤵
  PID:5324
- C:\Windows\System\ZZhLvFT.exe
  C:\Windows\System\ZZhLvFT.exe
  2⤵
  PID:5396
- C:\Windows\System\gJfShpd.exe
  C:\Windows\System\gJfShpd.exe
  2⤵
  PID:4456
- C:\Windows\System\pQjCUVr.exe
  C:\Windows\System\pQjCUVr.exe
  2⤵
  PID:4836
- C:\Windows\System\ZaIoDaX.exe
  C:\Windows\System\ZaIoDaX.exe
  2⤵
  PID:5500
- C:\Windows\System\UqParBd.exe
  C:\Windows\System\UqParBd.exe
  2⤵
  PID:4980
- C:\Windows\System\RNfVOFA.exe
  C:\Windows\System\RNfVOFA.exe
  2⤵
  PID:4336
- C:\Windows\System\NXKdikk.exe
  C:\Windows\System\NXKdikk.exe
  2⤵
  PID:5164
- C:\Windows\System\pxDuwMQ.exe
  C:\Windows\System\pxDuwMQ.exe
  2⤵
  PID:5584
- C:\Windows\System\XcDcNdQ.exe
  C:\Windows\System\XcDcNdQ.exe
  2⤵
  PID:5640
- C:\Windows\System\VKPKVUi.exe
  C:\Windows\System\VKPKVUi.exe
  2⤵
  PID:5660
- C:\Windows\System\gHkpsVg.exe
  C:\Windows\System\gHkpsVg.exe
  2⤵
  PID:5680
- C:\Windows\System\YUDvShX.exe
  C:\Windows\System\YUDvShX.exe
  2⤵
  PID:5420
- C:\Windows\System\ZecfGOA.exe
  C:\Windows\System\ZecfGOA.exe
  2⤵
  PID:5488
- C:\Windows\System\grPjnBU.exe
  C:\Windows\System\grPjnBU.exe
  2⤵
  PID:5552
- C:\Windows\System\BZpmVCJ.exe
  C:\Windows\System\BZpmVCJ.exe
  2⤵
  PID:5604
- C:\Windows\System\yFFQXnG.exe
  C:\Windows\System\yFFQXnG.exe
  2⤵
  PID:5376
- C:\Windows\System\xVpLWKS.exe
  C:\Windows\System\xVpLWKS.exe
  2⤵
  PID:5264
- C:\Windows\System\GiuWAKd.exe
  C:\Windows\System\GiuWAKd.exe
  2⤵
  PID:5712
- C:\Windows\System\sbcYoiG.exe
  C:\Windows\System\sbcYoiG.exe
  2⤵
  PID:5788
- C:\Windows\System\dGNLFmM.exe
  C:\Windows\System\dGNLFmM.exe
  2⤵
  PID:5860
- C:\Windows\System\XrQFuph.exe
  C:\Windows\System\XrQFuph.exe
  2⤵
  PID:2352
- C:\Windows\System\esdKNMr.exe
  C:\Windows\System\esdKNMr.exe
  2⤵
  PID:5732
- C:\Windows\System\QtftidW.exe
  C:\Windows\System\QtftidW.exe
  2⤵
  PID:5904
- C:\Windows\System\xKCuonq.exe
  C:\Windows\System\xKCuonq.exe
  2⤵
  PID:5888
- C:\Windows\System\kkEaKDz.exe
  C:\Windows\System\kkEaKDz.exe
  2⤵
  PID:5800
- C:\Windows\System\PSPwHdL.exe
  C:\Windows\System\PSPwHdL.exe
  2⤵
  PID:5960
- C:\Windows\System\XsTXPVD.exe
  C:\Windows\System\XsTXPVD.exe
  2⤵
  PID:2664
- C:\Windows\System\HboHjsf.exe
  C:\Windows\System\HboHjsf.exe
  2⤵
  PID:6040
- C:\Windows\System\mEzANXq.exe
  C:\Windows\System\mEzANXq.exe
  2⤵
  PID:6044
- C:\Windows\System\CzwhfPA.exe
  C:\Windows\System\CzwhfPA.exe
  2⤵
  PID:6084
- C:\Windows\System\nAwRTzR.exe
  C:\Windows\System\nAwRTzR.exe
  2⤵
  PID:6124
- C:\Windows\System\TstHbAn.exe
  C:\Windows\System\TstHbAn.exe
  2⤵
  PID:2760
- C:\Windows\System\LGhvuSa.exe
  C:\Windows\System\LGhvuSa.exe
  2⤵
  PID:6100
- C:\Windows\System\IshqPnZ.exe
  C:\Windows\System\IshqPnZ.exe
  2⤵
  PID:5024
- C:\Windows\System\ymJdOMP.exe
  C:\Windows\System\ymJdOMP.exe
  2⤵
  PID:4460
- C:\Windows\System\vQDsrJN.exe
  C:\Windows\System\vQDsrJN.exe
  2⤵
  PID:3480
- C:\Windows\System\sSWyJbH.exe
  C:\Windows\System\sSWyJbH.exe
  2⤵
  PID:5244
- C:\Windows\System\sNeohqp.exe
  C:\Windows\System\sNeohqp.exe
  2⤵
  PID:5144
- C:\Windows\System\wBLZjjx.exe
  C:\Windows\System\wBLZjjx.exe
  2⤵
  PID:4600
- C:\Windows\System\KunPgmT.exe
  C:\Windows\System\KunPgmT.exe
  2⤵
  PID:292
- C:\Windows\System\DCmWsNl.exe
  C:\Windows\System\DCmWsNl.exe
  2⤵
  PID:3388
- C:\Windows\System\kUAMbPX.exe
  C:\Windows\System\kUAMbPX.exe
  2⤵
  PID:2880
- C:\Windows\System\STSHGuv.exe
  C:\Windows\System\STSHGuv.exe
  2⤵
  PID:5124
- C:\Windows\System\azFbpTJ.exe
  C:\Windows\System\azFbpTJ.exe
  2⤵
  PID:5656
- C:\Windows\System\dHJshnx.exe
  C:\Windows\System\dHJshnx.exe
  2⤵
  PID:5380
- C:\Windows\System\mJDjmAg.exe
  C:\Windows\System\mJDjmAg.exe
  2⤵
  PID:5548
- C:\Windows\System\aJtgMFy.exe
  C:\Windows\System\aJtgMFy.exe
  2⤵
  PID:5676
- C:\Windows\System\zNogNww.exe
  C:\Windows\System\zNogNww.exe
  2⤵
  PID:5564
- C:\Windows\System\gNSUGrQ.exe
  C:\Windows\System\gNSUGrQ.exe
  2⤵
  PID:5232
- C:\Windows\System\CmaFyAd.exe
  C:\Windows\System\CmaFyAd.exe
  2⤵
  PID:5692
- C:\Windows\System\LzDkseo.exe
  C:\Windows\System\LzDkseo.exe
  2⤵
  PID:5884
- C:\Windows\System\jgmlaYu.exe
  C:\Windows\System\jgmlaYu.exe
  2⤵
  PID:5752
- C:\Windows\System\FxrkboU.exe
  C:\Windows\System\FxrkboU.exe
  2⤵
  PID:5912
- C:\Windows\System\RkLwCgs.exe
  C:\Windows\System\RkLwCgs.exe
  2⤵
  PID:6032
- C:\Windows\System\GPHZKOY.exe
  C:\Windows\System\GPHZKOY.exe
  2⤵
  PID:5836
- C:\Windows\System\OoRWHhm.exe
  C:\Windows\System\OoRWHhm.exe
  2⤵
  PID:5944
- C:\Windows\System\lFwCSRm.exe
  C:\Windows\System\lFwCSRm.exe
  2⤵
  PID:6060
- C:\Windows\System\uYSWlNm.exe
  C:\Windows\System\uYSWlNm.exe
  2⤵
  PID:6120
- C:\Windows\System\KfJbdfv.exe
  C:\Windows\System\KfJbdfv.exe
  2⤵
  PID:4556
- C:\Windows\System\orLMxVT.exe
  C:\Windows\System\orLMxVT.exe
  2⤵
  PID:2768
- C:\Windows\System\uoioMwt.exe
  C:\Windows\System\uoioMwt.exe
  2⤵
  PID:2588
- C:\Windows\System\lkgfnEp.exe
  C:\Windows\System\lkgfnEp.exe
  2⤵
  PID:5072
- C:\Windows\System\vDgGwrX.exe
  C:\Windows\System\vDgGwrX.exe
  2⤵
  PID:3264
- C:\Windows\System\wvsBpSJ.exe
  C:\Windows\System\wvsBpSJ.exe
  2⤵
  PID:5520
- C:\Windows\System\TcGQOuB.exe
  C:\Windows\System\TcGQOuB.exe
  2⤵
  PID:5416
- C:\Windows\System\zpezFRP.exe
  C:\Windows\System\zpezFRP.exe
  2⤵
  PID:5820
- C:\Windows\System\PBurgyU.exe
  C:\Windows\System\PBurgyU.exe
  2⤵
  PID:5588
- C:\Windows\System\snPwhDs.exe
  C:\Windows\System\snPwhDs.exe
  2⤵
  PID:5304
- C:\Windows\System\YdgIDan.exe
  C:\Windows\System\YdgIDan.exe
  2⤵
  PID:2044
- C:\Windows\System\CHXwcga.exe
  C:\Windows\System\CHXwcga.exe
  2⤵
  PID:5964
- C:\Windows\System\CIwTBnK.exe
  C:\Windows\System\CIwTBnK.exe
  2⤵
  PID:5848
- C:\Windows\System\XlCPkXh.exe
  C:\Windows\System\XlCPkXh.exe
  2⤵
  PID:5804
- C:\Windows\System\xOdBgMg.exe
  C:\Windows\System\xOdBgMg.exe
  2⤵
  PID:3700
- C:\Windows\System\PBcFaUc.exe
  C:\Windows\System\PBcFaUc.exe
  2⤵
  PID:6020
- C:\Windows\System\vtVRECI.exe
  C:\Windows\System\vtVRECI.exe
  2⤵
  PID:5932
- C:\Windows\System\HmZvjoN.exe
  C:\Windows\System\HmZvjoN.exe
  2⤵
  PID:5980
- C:\Windows\System\JYkKKoK.exe
  C:\Windows\System\JYkKKoK.exe
  2⤵
  PID:5436
- C:\Windows\System\CyjbFXl.exe
  C:\Windows\System\CyjbFXl.exe
  2⤵
  PID:5148
- C:\Windows\System\msSNgvD.exe
  C:\Windows\System\msSNgvD.exe
  2⤵
  PID:5532
- C:\Windows\System\pgXzDAr.exe
  C:\Windows\System\pgXzDAr.exe
  2⤵
  PID:5340
- C:\Windows\System\oKeXpCr.exe
  C:\Windows\System\oKeXpCr.exe
  2⤵
  PID:5484
- C:\Windows\System\IMqHlok.exe
  C:\Windows\System\IMqHlok.exe
  2⤵
  PID:3244
- C:\Windows\System\oCDVVmy.exe
  C:\Windows\System\oCDVVmy.exe
  2⤵
  PID:2212
- C:\Windows\System\QrKwCya.exe
  C:\Windows\System\QrKwCya.exe
  2⤵
  PID:6056
- C:\Windows\System\jprTZKL.exe
  C:\Windows\System\jprTZKL.exe
  2⤵
  PID:6164
- C:\Windows\System\EFxRTuf.exe
  C:\Windows\System\EFxRTuf.exe
  2⤵
  PID:6184
- C:\Windows\System\UQmikrI.exe
  C:\Windows\System\UQmikrI.exe
  2⤵
  PID:6200
- C:\Windows\System\VRhaQmi.exe
  C:\Windows\System\VRhaQmi.exe
  2⤵
  PID:6224
- C:\Windows\System\uglZMcV.exe
  C:\Windows\System\uglZMcV.exe
  2⤵
  PID:6240
- C:\Windows\System\vvYCqXP.exe
  C:\Windows\System\vvYCqXP.exe
  2⤵
  PID:6260
- C:\Windows\System\ZXRsZGX.exe
  C:\Windows\System\ZXRsZGX.exe
  2⤵
  PID:6280
- C:\Windows\System\PNaYMIK.exe
  C:\Windows\System\PNaYMIK.exe
  2⤵
  PID:6296
- C:\Windows\System\tcBSHHM.exe
  C:\Windows\System\tcBSHHM.exe
  2⤵
  PID:6316
- C:\Windows\System\pPmUFDz.exe
  C:\Windows\System\pPmUFDz.exe
  2⤵
  PID:6336
- C:\Windows\System\geHMFrQ.exe
  C:\Windows\System\geHMFrQ.exe
  2⤵
  PID:6364
- C:\Windows\System\hKgMAFk.exe
  C:\Windows\System\hKgMAFk.exe
  2⤵
  PID:6384
- C:\Windows\System\KkwNwjI.exe
  C:\Windows\System\KkwNwjI.exe
  2⤵
  PID:6400
- C:\Windows\System\zyxsUyl.exe
  C:\Windows\System\zyxsUyl.exe
  2⤵
  PID:6424
- C:\Windows\System\xqiICaf.exe
  C:\Windows\System\xqiICaf.exe
  2⤵
  PID:6440
- C:\Windows\System\gtFMVnL.exe
  C:\Windows\System\gtFMVnL.exe
  2⤵
  PID:6460
- C:\Windows\System\ehJTtNA.exe
  C:\Windows\System\ehJTtNA.exe
  2⤵
  PID:6480
- C:\Windows\System\rCxhJuu.exe
  C:\Windows\System\rCxhJuu.exe
  2⤵
  PID:6500
- C:\Windows\System\aUFvIRl.exe
  C:\Windows\System\aUFvIRl.exe
  2⤵
  PID:6524
- C:\Windows\System\dxgBKaA.exe
  C:\Windows\System\dxgBKaA.exe
  2⤵
  PID:6544
- C:\Windows\System\EJoLjKH.exe
  C:\Windows\System\EJoLjKH.exe
  2⤵
  PID:6564
- C:\Windows\System\pAwCUZA.exe
  C:\Windows\System\pAwCUZA.exe
  2⤵
  PID:6584
- C:\Windows\System\pWPnLOo.exe
  C:\Windows\System\pWPnLOo.exe
  2⤵
  PID:6604
- C:\Windows\System\tTwPslN.exe
  C:\Windows\System\tTwPslN.exe
  2⤵
  PID:6620
- C:\Windows\System\evyUKUl.exe
  C:\Windows\System\evyUKUl.exe
  2⤵
  PID:6640
- C:\Windows\System\YNSThFC.exe
  C:\Windows\System\YNSThFC.exe
  2⤵
  PID:6656
- C:\Windows\System\NmdNeDt.exe
  C:\Windows\System\NmdNeDt.exe
  2⤵
  PID:6676
- C:\Windows\System\eGqfavG.exe
  C:\Windows\System\eGqfavG.exe
  2⤵
  PID:6700
- C:\Windows\System\BtpKITk.exe
  C:\Windows\System\BtpKITk.exe
  2⤵
  PID:6724
- C:\Windows\System\lzPvRph.exe
  C:\Windows\System\lzPvRph.exe
  2⤵
  PID:6744
- C:\Windows\System\MBMLTPg.exe
  C:\Windows\System\MBMLTPg.exe
  2⤵
  PID:6764
- C:\Windows\System\tlmxadt.exe
  C:\Windows\System\tlmxadt.exe
  2⤵
  PID:6784
- C:\Windows\System\obtleKK.exe
  C:\Windows\System\obtleKK.exe
  2⤵
  PID:6800
- C:\Windows\System\pkOVXLL.exe
  C:\Windows\System\pkOVXLL.exe
  2⤵
  PID:6824
- C:\Windows\System\qcYfljQ.exe
  C:\Windows\System\qcYfljQ.exe
  2⤵
  PID:6844
- C:\Windows\System\zeuPxUx.exe
  C:\Windows\System\zeuPxUx.exe
  2⤵
  PID:6864
- C:\Windows\System\TyJmEAB.exe
  C:\Windows\System\TyJmEAB.exe
  2⤵
  PID:6884
- C:\Windows\System\RNazLdi.exe
  C:\Windows\System\RNazLdi.exe
  2⤵
  PID:6904
- C:\Windows\System\zPLjrHw.exe
  C:\Windows\System\zPLjrHw.exe
  2⤵
  PID:6920
- C:\Windows\System\cgdmngp.exe
  C:\Windows\System\cgdmngp.exe
  2⤵
  PID:6936
- C:\Windows\System\eSEHrYO.exe
  C:\Windows\System\eSEHrYO.exe
  2⤵
  PID:6956
- C:\Windows\System\kWiSJjN.exe
  C:\Windows\System\kWiSJjN.exe
  2⤵
  PID:6976
- C:\Windows\System\Tmjwucf.exe
  C:\Windows\System\Tmjwucf.exe
  2⤵
  PID:6996
- C:\Windows\System\aHzBHBT.exe
  C:\Windows\System\aHzBHBT.exe
  2⤵
  PID:7016
- C:\Windows\System\LpfoXsp.exe
  C:\Windows\System\LpfoXsp.exe
  2⤵
  PID:7032
- C:\Windows\System\DKXSral.exe
  C:\Windows\System\DKXSral.exe
  2⤵
  PID:7052
- C:\Windows\System\AcNkuQk.exe
  C:\Windows\System\AcNkuQk.exe
  2⤵
  PID:7076
- C:\Windows\System\TGEmiWB.exe
  C:\Windows\System\TGEmiWB.exe
  2⤵
  PID:7092
- C:\Windows\System\tsKzPyg.exe
  C:\Windows\System\tsKzPyg.exe
  2⤵
  PID:7108
- C:\Windows\System\yUAvLoa.exe
  C:\Windows\System\yUAvLoa.exe
  2⤵
  PID:7132
- C:\Windows\System\MRvSgNg.exe
  C:\Windows\System\MRvSgNg.exe
  2⤵
  PID:7152
- C:\Windows\System\UwiKUrI.exe
  C:\Windows\System\UwiKUrI.exe
  2⤵
  PID:5700
- C:\Windows\System\pPzJTjn.exe
  C:\Windows\System\pPzJTjn.exe
  2⤵
  PID:5472
- C:\Windows\System\WWKSvkF.exe
  C:\Windows\System\WWKSvkF.exe
  2⤵
  PID:1768
- C:\Windows\System\geeBCMv.exe
  C:\Windows\System\geeBCMv.exe
  2⤵
  PID:1624
- C:\Windows\System\LcpMTGK.exe
  C:\Windows\System\LcpMTGK.exe
  2⤵
  PID:4660
- C:\Windows\System\XiOidUB.exe
  C:\Windows\System\XiOidUB.exe
  2⤵
  PID:5652
- C:\Windows\System\kPyPRmh.exe
  C:\Windows\System\kPyPRmh.exe
  2⤵
  PID:2852
- C:\Windows\System\EpCuXOm.exe
  C:\Windows\System\EpCuXOm.exe
  2⤵
  PID:6220
- C:\Windows\System\MWdzlOP.exe
  C:\Windows\System\MWdzlOP.exe
  2⤵
  PID:2764
- C:\Windows\System\yufDWXC.exe
  C:\Windows\System\yufDWXC.exe
  2⤵
  PID:6288
- C:\Windows\System\knhtpQm.exe
  C:\Windows\System\knhtpQm.exe
  2⤵
  PID:6236
- C:\Windows\System\XIOiDfN.exe
  C:\Windows\System\XIOiDfN.exe
  2⤵
  PID:6272
- C:\Windows\System\sMavhVp.exe
  C:\Windows\System\sMavhVp.exe
  2⤵
  PID:6380
- C:\Windows\System\VXIGwxq.exe
  C:\Windows\System\VXIGwxq.exe
  2⤵
  PID:6348
- C:\Windows\System\CBWgyFN.exe
  C:\Windows\System\CBWgyFN.exe
  2⤵
  PID:6412
- C:\Windows\System\BADNgIy.exe
  C:\Windows\System\BADNgIy.exe
  2⤵
  PID:6420
- C:\Windows\System\kGVekVH.exe
  C:\Windows\System\kGVekVH.exe
  2⤵
  PID:6456
- C:\Windows\System\sKGEjui.exe
  C:\Windows\System\sKGEjui.exe
  2⤵
  PID:6432
- C:\Windows\System\IQDZbwX.exe
  C:\Windows\System\IQDZbwX.exe
  2⤵
  PID:6496
- C:\Windows\System\ZoXtcoW.exe
  C:\Windows\System\ZoXtcoW.exe
  2⤵
  PID:6540
- C:\Windows\System\wERXTKy.exe
  C:\Windows\System\wERXTKy.exe
  2⤵
  PID:6508
- C:\Windows\System\SwkicDe.exe
  C:\Windows\System\SwkicDe.exe
  2⤵
  PID:6648
- C:\Windows\System\zeYDQkI.exe
  C:\Windows\System\zeYDQkI.exe
  2⤵
  PID:6692
- C:\Windows\System\yyJWruE.exe
  C:\Windows\System\yyJWruE.exe
  2⤵
  PID:6672
- C:\Windows\System\SAfAnWv.exe
  C:\Windows\System\SAfAnWv.exe
  2⤵
  PID:6720
- C:\Windows\System\DRzzLBD.exe
  C:\Windows\System\DRzzLBD.exe
  2⤵
  PID:6808
- C:\Windows\System\UmrolDl.exe
  C:\Windows\System\UmrolDl.exe
  2⤵
  PID:2040
- C:\Windows\System\UYbjKga.exe
  C:\Windows\System\UYbjKga.exe
  2⤵
  PID:6896
- C:\Windows\System\eMptJMs.exe
  C:\Windows\System\eMptJMs.exe
  2⤵
  PID:6760
- C:\Windows\System\qUTgsWO.exe
  C:\Windows\System\qUTgsWO.exe
  2⤵
  PID:6968
- C:\Windows\System\RSYKTyp.exe
  C:\Windows\System\RSYKTyp.exe
  2⤵
  PID:7004
- C:\Windows\System\sAebgbd.exe
  C:\Windows\System\sAebgbd.exe
  2⤵
  PID:7044
- C:\Windows\System\EzeWBuu.exe
  C:\Windows\System\EzeWBuu.exe
  2⤵
  PID:7088
- C:\Windows\System\wPuPAre.exe
  C:\Windows\System\wPuPAre.exe
  2⤵
  PID:7128
- C:\Windows\System\CFueMVO.exe
  C:\Windows\System\CFueMVO.exe
  2⤵
  PID:680
- C:\Windows\System\SlgqJqo.exe
  C:\Windows\System\SlgqJqo.exe
  2⤵
  PID:6832
- C:\Windows\System\ZEdBRjh.exe
  C:\Windows\System\ZEdBRjh.exe
  2⤵
  PID:2488
- C:\Windows\System\oLZxrwW.exe
  C:\Windows\System\oLZxrwW.exe
  2⤵
  PID:6912
- C:\Windows\System\FktzJKm.exe
  C:\Windows\System\FktzJKm.exe
  2⤵
  PID:6004
- C:\Windows\System\Keoxksv.exe
  C:\Windows\System\Keoxksv.exe
  2⤵
  PID:6992
- C:\Windows\System\ApoKEDq.exe
  C:\Windows\System\ApoKEDq.exe
  2⤵
  PID:7072
- C:\Windows\System\QRIUvAe.exe
  C:\Windows\System\QRIUvAe.exe
  2⤵
  PID:6216
- C:\Windows\System\NxzKvBZ.exe
  C:\Windows\System\NxzKvBZ.exe
  2⤵
  PID:6308
- C:\Windows\System\weVaIkV.exe
  C:\Windows\System\weVaIkV.exe
  2⤵
  PID:6112
- C:\Windows\System\wXBqJiD.exe
  C:\Windows\System\wXBqJiD.exe
  2⤵
  PID:6072
- C:\Windows\System\cmBnMTV.exe
  C:\Windows\System\cmBnMTV.exe
  2⤵
  PID:6248
- C:\Windows\System\ZnRGZqt.exe
  C:\Windows\System\ZnRGZqt.exe
  2⤵
  PID:2452
- C:\Windows\System\DGiLHEc.exe
  C:\Windows\System\DGiLHEc.exe
  2⤵
  PID:6172
- C:\Windows\System\ffYtdTG.exe
  C:\Windows\System\ffYtdTG.exe
  2⤵
  PID:5840
- C:\Windows\System\YGeRwkH.exe
  C:\Windows\System\YGeRwkH.exe
  2⤵
  PID:6572
- C:\Windows\System\FDUBArH.exe
  C:\Windows\System\FDUBArH.exe
  2⤵
  PID:6328
- C:\Windows\System\fpBwmDU.exe
  C:\Windows\System\fpBwmDU.exe
  2⤵
  PID:6360
- C:\Windows\System\WtyeseT.exe
  C:\Windows\System\WtyeseT.exe
  2⤵
  PID:6396
- C:\Windows\System\ogNIqPa.exe
  C:\Windows\System\ogNIqPa.exe
  2⤵
  PID:6736
- C:\Windows\System\KzQBdyn.exe
  C:\Windows\System\KzQBdyn.exe
  2⤵
  PID:6664
- C:\Windows\System\MyDAzhz.exe
  C:\Windows\System\MyDAzhz.exe
  2⤵
  PID:6516
- C:\Windows\System\LqeFaZL.exe
  C:\Windows\System\LqeFaZL.exe
  2⤵
  PID:6712
- C:\Windows\System\DxkYAWY.exe
  C:\Windows\System\DxkYAWY.exe
  2⤵
  PID:2236
- C:\Windows\System\FcyzFPP.exe
  C:\Windows\System\FcyzFPP.exe
  2⤵
  PID:2168
- C:\Windows\System\tWhNhGi.exe
  C:\Windows\System\tWhNhGi.exe
  2⤵
  PID:6776
- C:\Windows\System\wUXWuYb.exe
  C:\Windows\System\wUXWuYb.exe
  2⤵
  PID:400
- C:\Windows\System\rwTfecq.exe
  C:\Windows\System\rwTfecq.exe
  2⤵
  PID:7048
- C:\Windows\System\iMxpMoM.exe
  C:\Windows\System\iMxpMoM.exe
  2⤵
  PID:7008
- C:\Windows\System\KkFPGuG.exe
  C:\Windows\System\KkFPGuG.exe
  2⤵
  PID:3048
- C:\Windows\System\cVZWygx.exe
  C:\Windows\System\cVZWygx.exe
  2⤵
  PID:6836
- C:\Windows\System\RuqhgTk.exe
  C:\Windows\System\RuqhgTk.exe
  2⤵
  PID:444
- C:\Windows\System\SOTdbiL.exe
  C:\Windows\System\SOTdbiL.exe
  2⤵
  PID:1760
- C:\Windows\System\BmHgEfg.exe
  C:\Windows\System\BmHgEfg.exe
  2⤵
  PID:2360
- C:\Windows\System\jngvWLM.exe
  C:\Windows\System\jngvWLM.exe
  2⤵
  PID:6952
- C:\Windows\System\xUzEYYj.exe
  C:\Windows\System\xUzEYYj.exe
  2⤵
  PID:2112
- C:\Windows\System\QzBPClW.exe
  C:\Windows\System\QzBPClW.exe
  2⤵
  PID:2860
- C:\Windows\System\HuXQAkJ.exe
  C:\Windows\System\HuXQAkJ.exe
  2⤵
  PID:1988
- C:\Windows\System\FyDqvYs.exe
  C:\Windows\System\FyDqvYs.exe
  2⤵
  PID:3412
- C:\Windows\System\cNMjsYP.exe
  C:\Windows\System\cNMjsYP.exe
  2⤵
  PID:6160
- C:\Windows\System\MnFRpzM.exe
  C:\Windows\System\MnFRpzM.exe
  2⤵
  PID:7148
- C:\Windows\System\RoFHqAZ.exe
  C:\Windows\System\RoFHqAZ.exe
  2⤵
  PID:1724
- C:\Windows\System\xGsPkTg.exe
  C:\Windows\System\xGsPkTg.exe
  2⤵
  PID:6448
- C:\Windows\System\rGbnhjR.exe
  C:\Windows\System\rGbnhjR.exe
  2⤵
  PID:6252
- C:\Windows\System\kTLqDRy.exe
  C:\Windows\System\kTLqDRy.exe
  2⤵
  PID:6344
- C:\Windows\System\DAbdkjE.exe
  C:\Windows\System\DAbdkjE.exe
  2⤵
  PID:808
- C:\Windows\System\prMxaFL.exe
  C:\Windows\System\prMxaFL.exe
  2⤵
  PID:6632
- C:\Windows\System\czfTvUo.exe
  C:\Windows\System\czfTvUo.exe
  2⤵
  PID:6636
- C:\Windows\System\TCxSEwM.exe
  C:\Windows\System\TCxSEwM.exe
  2⤵
  PID:2292
- C:\Windows\System\hLVNAXK.exe
  C:\Windows\System\hLVNAXK.exe
  2⤵
  PID:6212
- C:\Windows\System\anXzODe.exe
  C:\Windows\System\anXzODe.exe
  2⤵
  PID:6860
- C:\Windows\System\UhKYwtN.exe
  C:\Windows\System\UhKYwtN.exe
  2⤵
  PID:6964
- C:\Windows\System\cAztkdD.exe
  C:\Windows\System\cAztkdD.exe
  2⤵
  PID:7160
- C:\Windows\System\CiRMfIs.exe
  C:\Windows\System\CiRMfIs.exe
  2⤵
  PID:7068
- C:\Windows\System\bcjUPQM.exe
  C:\Windows\System\bcjUPQM.exe
  2⤵
  PID:2092
- C:\Windows\System\JMWBXzQ.exe
  C:\Windows\System\JMWBXzQ.exe
  2⤵
  PID:2056
- C:\Windows\System\yFzucua.exe
  C:\Windows\System\yFzucua.exe
  2⤵
  PID:6276
- C:\Windows\System\SNtWzSL.exe
  C:\Windows\System\SNtWzSL.exe
  2⤵
  PID:6520
- C:\Windows\System\aHHnkjW.exe
  C:\Windows\System\aHHnkjW.exe
  2⤵
  PID:2348
- C:\Windows\System\GhGkbuA.exe
  C:\Windows\System\GhGkbuA.exe
  2⤵
  PID:7060
- C:\Windows\System\mVLWCji.exe
  C:\Windows\System\mVLWCji.exe
  2⤵
  PID:7184
- C:\Windows\System\nUZRwTJ.exe
  C:\Windows\System\nUZRwTJ.exe
  2⤵
  PID:7204
- C:\Windows\System\hMPcxDe.exe
  C:\Windows\System\hMPcxDe.exe
  2⤵
  PID:7224
- C:\Windows\System\PIJXdWg.exe
  C:\Windows\System\PIJXdWg.exe
  2⤵
  PID:7244
- C:\Windows\System\JKqPMtI.exe
  C:\Windows\System\JKqPMtI.exe
  2⤵
  PID:7264
- C:\Windows\System\SCllMHK.exe
  C:\Windows\System\SCllMHK.exe
  2⤵
  PID:7384
- C:\Windows\System\iKpFGzR.exe
  C:\Windows\System\iKpFGzR.exe
  2⤵
  PID:7400
- C:\Windows\System\fdWAXny.exe
  C:\Windows\System\fdWAXny.exe
  2⤵
  PID:7416
- C:\Windows\System\JtpWqoV.exe
  C:\Windows\System\JtpWqoV.exe
  2⤵
  PID:7432
- C:\Windows\System\jkwiyHK.exe
  C:\Windows\System\jkwiyHK.exe
  2⤵
  PID:7448
- C:\Windows\System\JLSprbN.exe
  C:\Windows\System\JLSprbN.exe
  2⤵
  PID:7468
- C:\Windows\System\TKTxPOW.exe
  C:\Windows\System\TKTxPOW.exe
  2⤵
  PID:7492
- C:\Windows\System\ezcDEPy.exe
  C:\Windows\System\ezcDEPy.exe
  2⤵
  PID:7512
- C:\Windows\System\IufYRFY.exe
  C:\Windows\System\IufYRFY.exe
  2⤵
  PID:7528
- C:\Windows\System\jBqVLka.exe
  C:\Windows\System\jBqVLka.exe
  2⤵
  PID:7548
- C:\Windows\System\ZhDbdWU.exe
  C:\Windows\System\ZhDbdWU.exe
  2⤵
  PID:7576
- C:\Windows\System\HEcSMGU.exe
  C:\Windows\System\HEcSMGU.exe
  2⤵
  PID:7596
- C:\Windows\System\GpuQQaU.exe
  C:\Windows\System\GpuQQaU.exe
  2⤵
  PID:7612
- C:\Windows\System\WeZuBTx.exe
  C:\Windows\System\WeZuBTx.exe
  2⤵
  PID:7632
- C:\Windows\System\wFLDUUW.exe
  C:\Windows\System\wFLDUUW.exe
  2⤵
  PID:7656
- C:\Windows\System\GFtQMsn.exe
  C:\Windows\System\GFtQMsn.exe
  2⤵
  PID:7672
- C:\Windows\System\GKvEHYd.exe
  C:\Windows\System\GKvEHYd.exe
  2⤵
  PID:7688
- C:\Windows\System\RCJLVbZ.exe
  C:\Windows\System\RCJLVbZ.exe
  2⤵
  PID:7708
- C:\Windows\System\WkYmYYT.exe
  C:\Windows\System\WkYmYYT.exe
  2⤵
  PID:7724
- C:\Windows\System\vmnXJKD.exe
  C:\Windows\System\vmnXJKD.exe
  2⤵
  PID:7740
- C:\Windows\System\uXOKjvf.exe
  C:\Windows\System\uXOKjvf.exe
  2⤵
  PID:7760
- C:\Windows\System\zjFRWpV.exe
  C:\Windows\System\zjFRWpV.exe
  2⤵
  PID:7776
- C:\Windows\System\RfVnnAU.exe
  C:\Windows\System\RfVnnAU.exe
  2⤵
  PID:7828
- C:\Windows\System\LqvlqWh.exe
  C:\Windows\System\LqvlqWh.exe
  2⤵
  PID:7844
- C:\Windows\System\QKgRVdy.exe
  C:\Windows\System\QKgRVdy.exe
  2⤵
  PID:7860
- C:\Windows\System\CIQEZNt.exe
  C:\Windows\System\CIQEZNt.exe
  2⤵
  PID:7876
- C:\Windows\System\TdSOnhU.exe
  C:\Windows\System\TdSOnhU.exe
  2⤵
  PID:7892
- C:\Windows\System\YaCHBhI.exe
  C:\Windows\System\YaCHBhI.exe
  2⤵
  PID:7912
- C:\Windows\System\OyddrOE.exe
  C:\Windows\System\OyddrOE.exe
  2⤵
  PID:7932
- C:\Windows\System\jpwIgdh.exe
  C:\Windows\System\jpwIgdh.exe
  2⤵
  PID:7952
- C:\Windows\System\goskOvj.exe
  C:\Windows\System\goskOvj.exe
  2⤵
  PID:7988
- C:\Windows\System\rEHJCCE.exe
  C:\Windows\System\rEHJCCE.exe
  2⤵
  PID:8008
- C:\Windows\System\BxwXQej.exe
  C:\Windows\System\BxwXQej.exe
  2⤵
  PID:8032
- C:\Windows\System\JPQjUeW.exe
  C:\Windows\System\JPQjUeW.exe
  2⤵
  PID:8048
- C:\Windows\System\pspQZGS.exe
  C:\Windows\System\pspQZGS.exe
  2⤵
  PID:8064
- C:\Windows\System\cSYKjlu.exe
  C:\Windows\System\cSYKjlu.exe
  2⤵
  PID:8080
- C:\Windows\System\vATQFtk.exe
  C:\Windows\System\vATQFtk.exe
  2⤵
  PID:8096
- C:\Windows\System\mSWkzOY.exe
  C:\Windows\System\mSWkzOY.exe
  2⤵
  PID:8112
- C:\Windows\System\QGpKKOO.exe
  C:\Windows\System\QGpKKOO.exe
  2⤵
  PID:8128
- C:\Windows\System\yXsbjJK.exe
  C:\Windows\System\yXsbjJK.exe
  2⤵
  PID:8144
- C:\Windows\System\WXVHeKI.exe
  C:\Windows\System\WXVHeKI.exe
  2⤵
  PID:8164
- C:\Windows\System\HFjpKjW.exe
  C:\Windows\System\HFjpKjW.exe
  2⤵
  PID:8180
- C:\Windows\System\nqNyqUX.exe
  C:\Windows\System\nqNyqUX.exe
  2⤵
  PID:6688
- C:\Windows\System\wbBMJZY.exe
  C:\Windows\System\wbBMJZY.exe
  2⤵
  PID:7196
- C:\Windows\System\iZArLFC.exe
  C:\Windows\System\iZArLFC.exe
  2⤵
  PID:7200
- C:\Windows\System\qNsoRCJ.exe
  C:\Windows\System\qNsoRCJ.exe
  2⤵
  PID:7288
- C:\Windows\System\kjtpgGt.exe
  C:\Windows\System\kjtpgGt.exe
  2⤵
  PID:7296
- C:\Windows\System\CdhsomB.exe
  C:\Windows\System\CdhsomB.exe
  2⤵
  PID:7308
- C:\Windows\System\ERjBlSR.exe
  C:\Windows\System\ERjBlSR.exe
  2⤵
  PID:7324
- C:\Windows\System\tPfNwva.exe
  C:\Windows\System\tPfNwva.exe
  2⤵
  PID:7344
- C:\Windows\System\TXGPYBM.exe
  C:\Windows\System\TXGPYBM.exe
  2⤵
  PID:1096
- C:\Windows\System\hINXNjk.exe
  C:\Windows\System\hINXNjk.exe
  2⤵
  PID:2976
- C:\Windows\System\KHflegk.exe
  C:\Windows\System\KHflegk.exe
  2⤵
  PID:6944
- C:\Windows\System\OnuQQjn.exe
  C:\Windows\System\OnuQQjn.exe
  2⤵
  PID:1972
- C:\Windows\System\FmpGoeU.exe
  C:\Windows\System\FmpGoeU.exe
  2⤵
  PID:5740
- C:\Windows\System\FSxVati.exe
  C:\Windows\System\FSxVati.exe
  2⤵
  PID:6408
- C:\Windows\System\PBiECVu.exe
  C:\Windows\System\PBiECVu.exe
  2⤵
  PID:7216
- C:\Windows\System\WDfAfxf.exe
  C:\Windows\System\WDfAfxf.exe
  2⤵
  PID:7356
- C:\Windows\System\cJQNwIy.exe
  C:\Windows\System\cJQNwIy.exe
  2⤵
  PID:7424
- C:\Windows\System\earCmEF.exe
  C:\Windows\System\earCmEF.exe
  2⤵
  PID:7440
- C:\Windows\System\EKqEHWN.exe
  C:\Windows\System\EKqEHWN.exe
  2⤵
  PID:7456
- C:\Windows\System\iHZIXxZ.exe
  C:\Windows\System\iHZIXxZ.exe
  2⤵
  PID:7488
- C:\Windows\System\CfDiocJ.exe
  C:\Windows\System\CfDiocJ.exe
  2⤵
  PID:7504
- C:\Windows\System\dMwGenp.exe
  C:\Windows\System\dMwGenp.exe
  2⤵
  PID:7508
- C:\Windows\System\qGvkZYy.exe
  C:\Windows\System\qGvkZYy.exe
  2⤵
  PID:7568
- C:\Windows\System\xoyqFxp.exe
  C:\Windows\System\xoyqFxp.exe
  2⤵
  PID:7648
- C:\Windows\System\viWoKoH.exe
  C:\Windows\System\viWoKoH.exe
  2⤵
  PID:7680
- C:\Windows\System\MRYRROa.exe
  C:\Windows\System\MRYRROa.exe
  2⤵
  PID:7800
- C:\Windows\System\KirJyth.exe
  C:\Windows\System\KirJyth.exe
  2⤵
  PID:7768
- C:\Windows\System\hvJYDcl.exe
  C:\Windows\System\hvJYDcl.exe
  2⤵
  PID:7628
- C:\Windows\System\JnWOVoA.exe
  C:\Windows\System\JnWOVoA.exe
  2⤵
  PID:7732
- C:\Windows\System\cJcNoom.exe
  C:\Windows\System\cJcNoom.exe
  2⤵
  PID:7824
- C:\Windows\System\TYYqgsO.exe
  C:\Windows\System\TYYqgsO.exe
  2⤵
  PID:7868
- C:\Windows\System\sQZWMeZ.exe
  C:\Windows\System\sQZWMeZ.exe
  2⤵
  PID:7904
- C:\Windows\System\DRMYJcz.exe
  C:\Windows\System\DRMYJcz.exe
  2⤵
  PID:7996
- C:\Windows\System\lwYqAXK.exe
  C:\Windows\System\lwYqAXK.exe
  2⤵
  PID:7972
- C:\Windows\System\iclacAF.exe
  C:\Windows\System\iclacAF.exe
  2⤵
  PID:8004
- C:\Windows\System\VwrXvwS.exe
  C:\Windows\System\VwrXvwS.exe
  2⤵
  PID:8092
- C:\Windows\System\jilVKVw.exe
  C:\Windows\System\jilVKVw.exe
  2⤵
  PID:8124
- C:\Windows\System\oYQmnYs.exe
  C:\Windows\System\oYQmnYs.exe
  2⤵
  PID:8160
- C:\Windows\System\pFqnNCl.exe
  C:\Windows\System\pFqnNCl.exe
  2⤵
  PID:7236
- C:\Windows\System\IgqBwGT.exe
  C:\Windows\System\IgqBwGT.exe
  2⤵
  PID:7320
- C:\Windows\System\WXgyYEv.exe
  C:\Windows\System\WXgyYEv.exe
  2⤵
  PID:7084
- C:\Windows\System\KLltvqC.exe
  C:\Windows\System\KLltvqC.exe
  2⤵
  PID:6468
- C:\Windows\System\hkspyxf.exe
  C:\Windows\System\hkspyxf.exe
  2⤵
  PID:8072
- C:\Windows\System\irVIgmd.exe
  C:\Windows\System\irVIgmd.exe
  2⤵
  PID:2848
- C:\Windows\System\rQeiDEr.exe
  C:\Windows\System\rQeiDEr.exe
  2⤵
  PID:2148
- C:\Windows\System\TFmdufw.exe
  C:\Windows\System\TFmdufw.exe
  2⤵
  PID:7028
- C:\Windows\System\ORnhKMw.exe
  C:\Windows\System\ORnhKMw.exe
  2⤵
  PID:7340
- C:\Windows\System\hEMnHQu.exe
  C:\Windows\System\hEMnHQu.exe
  2⤵
  PID:1492
- C:\Windows\System\PiLNcoW.exe
  C:\Windows\System\PiLNcoW.exe
  2⤵
  PID:7180
- C:\Windows\System\qLARcjK.exe
  C:\Windows\System\qLARcjK.exe
  2⤵
  PID:6816
- C:\Windows\System\jqnezUS.exe
  C:\Windows\System\jqnezUS.exe
  2⤵
  PID:6988
- C:\Windows\System\awMvoDC.exe
  C:\Windows\System\awMvoDC.exe
  2⤵
  PID:7396
- C:\Windows\System\mpSTdQY.exe
  C:\Windows\System\mpSTdQY.exe
  2⤵
  PID:7544
- C:\Windows\System\GScfwSO.exe
  C:\Windows\System\GScfwSO.exe
  2⤵
  PID:7484
- C:\Windows\System\cOBRRes.exe
  C:\Windows\System\cOBRRes.exe
  2⤵
  PID:7644
- C:\Windows\System\QLyVBog.exe
  C:\Windows\System\QLyVBog.exe
  2⤵
  PID:7720
- C:\Windows\System\ewJxiCJ.exe
  C:\Windows\System\ewJxiCJ.exe
  2⤵
  PID:7792
- C:\Windows\System\bHANmaA.exe
  C:\Windows\System\bHANmaA.exe
  2⤵
  PID:7700
- C:\Windows\System\YKERVwH.exe
  C:\Windows\System\YKERVwH.exe
  2⤵
  PID:7668
- C:\Windows\System\mrAnUSF.exe
  C:\Windows\System\mrAnUSF.exe
  2⤵
  PID:7816
- C:\Windows\System\oVyFbEv.exe
  C:\Windows\System\oVyFbEv.exe
  2⤵
  PID:7884
- C:\Windows\System\NYhWlZR.exe
  C:\Windows\System\NYhWlZR.exe
  2⤵
  PID:7872
- C:\Windows\System\ulxTHlI.exe
  C:\Windows\System\ulxTHlI.exe
  2⤵
  PID:8016
- C:\Windows\System\roRNTSd.exe
  C:\Windows\System\roRNTSd.exe
  2⤵
  PID:1484
- C:\Windows\System\zSgyqLD.exe
  C:\Windows\System\zSgyqLD.exe
  2⤵
  PID:8172
- C:\Windows\System\TbCGAOp.exe
  C:\Windows\System\TbCGAOp.exe
  2⤵
  PID:5412
- C:\Windows\System\iXYuxaw.exe
  C:\Windows\System\iXYuxaw.exe
  2⤵
  PID:7336
- C:\Windows\System\aSneZLu.exe
  C:\Windows\System\aSneZLu.exe
  2⤵
  PID:7500
- C:\Windows\System\mZGXrFY.exe
  C:\Windows\System\mZGXrFY.exe
  2⤵
  PID:6512
- C:\Windows\System\TEatSfJ.exe
  C:\Windows\System\TEatSfJ.exe
  2⤵
  PID:8136
- C:\Windows\System\qmysnSl.exe
  C:\Windows\System\qmysnSl.exe
  2⤵
  PID:6740
- C:\Windows\System\OXlAlSi.exe
  C:\Windows\System\OXlAlSi.exe
  2⤵
  PID:7592
- C:\Windows\System\PlcTaEy.exe
  C:\Windows\System\PlcTaEy.exe
  2⤵
  PID:5672
- C:\Windows\System\krApjKH.exe
  C:\Windows\System\krApjKH.exe
  2⤵
  PID:7352
- C:\Windows\System\UczHtvc.exe
  C:\Windows\System\UczHtvc.exe
  2⤵
  PID:7620
- C:\Windows\System\VQtDaLw.exe
  C:\Windows\System\VQtDaLw.exe
  2⤵
  PID:8028
- C:\Windows\System\oWYXadG.exe
  C:\Windows\System\oWYXadG.exe
  2⤵
  PID:1704
- C:\Windows\System\VTddoWL.exe
  C:\Windows\System\VTddoWL.exe
  2⤵
  PID:7752
- C:\Windows\System\zLAtVJP.exe
  C:\Windows\System\zLAtVJP.exe
  2⤵
  PID:8152
- C:\Windows\System\sXieQyl.exe
  C:\Windows\System\sXieQyl.exe
  2⤵
  PID:7852
- C:\Windows\System\fDUvFxs.exe
  C:\Windows\System\fDUvFxs.exe
  2⤵
  PID:7280
- C:\Windows\System\xruhreq.exe
  C:\Windows\System\xruhreq.exe
  2⤵
  PID:7040
- C:\Windows\System\VLFFgPa.exe
  C:\Windows\System\VLFFgPa.exe
  2⤵
  PID:8176
- C:\Windows\System\SZmJFLC.exe
  C:\Windows\System\SZmJFLC.exe
  2⤵
  PID:7256
- C:\Windows\System\nVmFzYb.exe
  C:\Windows\System\nVmFzYb.exe
  2⤵
  PID:7820
- C:\Windows\System\mqBPQfb.exe
  C:\Windows\System\mqBPQfb.exe
  2⤵
  PID:7304
- C:\Windows\System\dUUCauF.exe
  C:\Windows\System\dUUCauF.exe
  2⤵
  PID:7408
- C:\Windows\System\cWaVESx.exe
  C:\Windows\System\cWaVESx.exe
  2⤵
  PID:6708
- C:\Windows\System\otnOwwY.exe
  C:\Windows\System\otnOwwY.exe
  2⤵
  PID:7524
- C:\Windows\System\jEocsZE.exe
  C:\Windows\System\jEocsZE.exe
  2⤵
  PID:8208
- C:\Windows\System\WYfNhRR.exe
  C:\Windows\System\WYfNhRR.exe
  2⤵
  PID:8224
- C:\Windows\System\NijWUWM.exe
  C:\Windows\System\NijWUWM.exe
  2⤵
  PID:8240
- C:\Windows\System\jytDfvc.exe
  C:\Windows\System\jytDfvc.exe
  2⤵
  PID:8256
- C:\Windows\System\YcSZTkb.exe
  C:\Windows\System\YcSZTkb.exe
  2⤵
  PID:8272
- C:\Windows\System\dJCEsba.exe
  C:\Windows\System\dJCEsba.exe
  2⤵
  PID:8288
- C:\Windows\System\ScmZNyo.exe
  C:\Windows\System\ScmZNyo.exe
  2⤵
  PID:8304
- C:\Windows\System\rWKjMku.exe
  C:\Windows\System\rWKjMku.exe
  2⤵
  PID:8328
- C:\Windows\System\yXbBOUe.exe
  C:\Windows\System\yXbBOUe.exe
  2⤵
  PID:8344
- C:\Windows\System\noyfkUd.exe
  C:\Windows\System\noyfkUd.exe
  2⤵
  PID:8364
- C:\Windows\System\vxdHBqp.exe
  C:\Windows\System\vxdHBqp.exe
  2⤵
  PID:8384
- C:\Windows\System\VBmHZPQ.exe
  C:\Windows\System\VBmHZPQ.exe
  2⤵
  PID:8484
- C:\Windows\System\zQEFVml.exe
  C:\Windows\System\zQEFVml.exe
  2⤵
  PID:8500
- C:\Windows\System\KDsHXoy.exe
  C:\Windows\System\KDsHXoy.exe
  2⤵
  PID:8516
- C:\Windows\System\ZfFiLnJ.exe
  C:\Windows\System\ZfFiLnJ.exe
  2⤵
  PID:8540
- C:\Windows\System\iAzXovk.exe
  C:\Windows\System\iAzXovk.exe
  2⤵
  PID:8560
- C:\Windows\System\agwLWPy.exe
  C:\Windows\System\agwLWPy.exe
  2⤵
  PID:8576
- C:\Windows\System\dRvysBr.exe
  C:\Windows\System\dRvysBr.exe
  2⤵
  PID:8604
- C:\Windows\System\omcLSMz.exe
  C:\Windows\System\omcLSMz.exe
  2⤵
  PID:8624
- C:\Windows\System\wUjUPbM.exe
  C:\Windows\System\wUjUPbM.exe
  2⤵
  PID:8640
- C:\Windows\System\TsDWxMH.exe
  C:\Windows\System\TsDWxMH.exe
  2⤵
  PID:8656
- C:\Windows\System\EHbgsoE.exe
  C:\Windows\System\EHbgsoE.exe
  2⤵
  PID:8676
- C:\Windows\System\uUBEYuw.exe
  C:\Windows\System\uUBEYuw.exe
  2⤵
  PID:8692
- C:\Windows\System\lQiTlio.exe
  C:\Windows\System\lQiTlio.exe
  2⤵
  PID:8708
- C:\Windows\System\myFiEZi.exe
  C:\Windows\System\myFiEZi.exe
  2⤵
  PID:8724
- C:\Windows\System\dCoPuoh.exe
  C:\Windows\System\dCoPuoh.exe
  2⤵
  PID:8740
- C:\Windows\System\bNkldGe.exe
  C:\Windows\System\bNkldGe.exe
  2⤵
  PID:8756
- C:\Windows\System\bYFyauM.exe
  C:\Windows\System\bYFyauM.exe
  2⤵
  PID:8776
- C:\Windows\System\pRLSlDs.exe
  C:\Windows\System\pRLSlDs.exe
  2⤵
  PID:8792
- C:\Windows\System\rFrTTGb.exe
  C:\Windows\System\rFrTTGb.exe
  2⤵
  PID:8812
- C:\Windows\System\pIflaAq.exe
  C:\Windows\System\pIflaAq.exe
  2⤵
  PID:8828
- C:\Windows\System\AhwcaNo.exe
  C:\Windows\System\AhwcaNo.exe
  2⤵
  PID:8844
- C:\Windows\System\knEDaHc.exe
  C:\Windows\System\knEDaHc.exe
  2⤵
  PID:8860
- C:\Windows\System\bFoZjai.exe
  C:\Windows\System\bFoZjai.exe
  2⤵
  PID:8876
- C:\Windows\System\JUDJmJh.exe
  C:\Windows\System\JUDJmJh.exe
  2⤵
  PID:8892
- C:\Windows\System\ikIrsXb.exe
  C:\Windows\System\ikIrsXb.exe
  2⤵
  PID:8908
- C:\Windows\System\FSfHmEQ.exe
  C:\Windows\System\FSfHmEQ.exe
  2⤵
  PID:8952
- C:\Windows\System\ulUKGkz.exe
  C:\Windows\System\ulUKGkz.exe
  2⤵
  PID:8984
- C:\Windows\System\XQCuHnE.exe
  C:\Windows\System\XQCuHnE.exe
  2⤵
  PID:9028
- C:\Windows\System\NfOQFsW.exe
  C:\Windows\System\NfOQFsW.exe
  2⤵
  PID:9044
- C:\Windows\System\qBjToMk.exe
  C:\Windows\System\qBjToMk.exe
  2⤵
  PID:9060
- C:\Windows\System\EpSfCtb.exe
  C:\Windows\System\EpSfCtb.exe
  2⤵
  PID:9076
- C:\Windows\System\WqvELsU.exe
  C:\Windows\System\WqvELsU.exe
  2⤵
  PID:9092
- C:\Windows\System\QGshqFM.exe
  C:\Windows\System\QGshqFM.exe
  2⤵
  PID:9108
- C:\Windows\System\FsqTMmy.exe
  C:\Windows\System\FsqTMmy.exe
  2⤵
  PID:9124
- C:\Windows\System\bdkbifw.exe
  C:\Windows\System\bdkbifw.exe
  2⤵
  PID:9140
- C:\Windows\System\HMRVpjy.exe
  C:\Windows\System\HMRVpjy.exe
  2⤵
  PID:9156
- C:\Windows\System\IEsOkCF.exe
  C:\Windows\System\IEsOkCF.exe
  2⤵
  PID:9172
- C:\Windows\System\LVKXyBl.exe
  C:\Windows\System\LVKXyBl.exe
  2⤵
  PID:7784
- C:\Windows\System\HHCGHgQ.exe
  C:\Windows\System\HHCGHgQ.exe
  2⤵
  PID:8252
- C:\Windows\System\zIJWpbn.exe
  C:\Windows\System\zIJWpbn.exe
  2⤵
  PID:7572
- C:\Windows\System\vZvfeam.exe
  C:\Windows\System\vZvfeam.exe
  2⤵
  PID:7888
- C:\Windows\System\yZETgVX.exe
  C:\Windows\System\yZETgVX.exe
  2⤵
  PID:7808
- C:\Windows\System\mgmzWhf.exe
  C:\Windows\System\mgmzWhf.exe
  2⤵
  PID:7480
- C:\Windows\System\vgjNVFL.exe
  C:\Windows\System\vgjNVFL.exe
  2⤵
  PID:2600
- C:\Windows\System\npWMUQS.exe
  C:\Windows\System\npWMUQS.exe
  2⤵
  PID:8264
- C:\Windows\System\DxlUtJy.exe
  C:\Windows\System\DxlUtJy.exe
  2⤵
  PID:8324
- C:\Windows\System\QSLoRPO.exe
  C:\Windows\System\QSLoRPO.exe
  2⤵
  PID:8400
- C:\Windows\System\JOMNRiU.exe
  C:\Windows\System\JOMNRiU.exe
  2⤵
  PID:8376
- C:\Windows\System\UGMvUAb.exe
  C:\Windows\System\UGMvUAb.exe
  2⤵
  PID:8340
- C:\Windows\System\oZrhIyh.exe
  C:\Windows\System\oZrhIyh.exe
  2⤵
  PID:8428
- C:\Windows\System\fJRYNNR.exe
  C:\Windows\System\fJRYNNR.exe
  2⤵
  PID:8448
- C:\Windows\System\xybtuCB.exe
  C:\Windows\System\xybtuCB.exe
  2⤵
  PID:8460
- C:\Windows\System\rgbmmrh.exe
  C:\Windows\System\rgbmmrh.exe
  2⤵
  PID:8472
- C:\Windows\System\cdgOlgZ.exe
  C:\Windows\System\cdgOlgZ.exe
  2⤵
  PID:8492
- C:\Windows\System\LLeHIVI.exe
  C:\Windows\System\LLeHIVI.exe
  2⤵
  PID:8508
- C:\Windows\System\zkenvgJ.exe
  C:\Windows\System\zkenvgJ.exe
  2⤵
  PID:8552
- C:\Windows\System\fMhbvGX.exe
  C:\Windows\System\fMhbvGX.exe
  2⤵
  PID:8632
- C:\Windows\System\AgafKGs.exe
  C:\Windows\System\AgafKGs.exe
  2⤵
  PID:8664
- C:\Windows\System\WZMJdao.exe
  C:\Windows\System\WZMJdao.exe
  2⤵
  PID:8748
- C:\Windows\System\REtxglf.exe
  C:\Windows\System\REtxglf.exe
  2⤵
  PID:8732
- C:\Windows\System\zjjYHfB.exe
  C:\Windows\System\zjjYHfB.exe
  2⤵
  PID:8752
- C:\Windows\System\SwjQYmg.exe
  C:\Windows\System\SwjQYmg.exe
  2⤵
  PID:8620
- C:\Windows\System\FNRpnem.exe
  C:\Windows\System\FNRpnem.exe
  2⤵
  PID:8788
- C:\Windows\System\PsqnVMG.exe
  C:\Windows\System\PsqnVMG.exe
  2⤵
  PID:8884
- C:\Windows\System\rUUdBJy.exe
  C:\Windows\System\rUUdBJy.exe
  2⤵
  PID:8820
- C:\Windows\System\IIXefXS.exe
  C:\Windows\System\IIXefXS.exe
  2⤵
  PID:8920
- C:\Windows\System\PojuzrW.exe
  C:\Windows\System\PojuzrW.exe
  2⤵
  PID:8996
- C:\Windows\System\rXmIVcD.exe
  C:\Windows\System\rXmIVcD.exe
  2⤵
  PID:9008
- C:\Windows\System\YNFPAkd.exe
  C:\Windows\System\YNFPAkd.exe
  2⤵
  PID:9024
- C:\Windows\System\sbHgeVU.exe
  C:\Windows\System\sbHgeVU.exe
  2⤵
  PID:9100
- C:\Windows\System\ScIwBYH.exe
  C:\Windows\System\ScIwBYH.exe
  2⤵
  PID:9084
- C:\Windows\System\yfIOWeU.exe
  C:\Windows\System\yfIOWeU.exe
  2⤵
  PID:9180
- C:\Windows\System\IKJThkn.exe
  C:\Windows\System\IKJThkn.exe
  2⤵
  PID:9088
- C:\Windows\System\twLxvvV.exe
  C:\Windows\System\twLxvvV.exe
  2⤵
  PID:9188
- C:\Windows\System\BjHgnln.exe
  C:\Windows\System\BjHgnln.exe
  2⤵
  PID:6796
- C:\Windows\System\PSJOMCu.exe
  C:\Windows\System\PSJOMCu.exe
  2⤵
  PID:7920
- C:\Windows\System\DybeUTW.exe
  C:\Windows\System\DybeUTW.exe
  2⤵
  PID:7948
- C:\Windows\System\ScvHoAR.exe
  C:\Windows\System\ScvHoAR.exe
  2⤵
  PID:7772
- C:\Windows\System\tXCDZUz.exe
  C:\Windows\System\tXCDZUz.exe
  2⤵
  PID:8200
- C:\Windows\System\UJQDHFk.exe
  C:\Windows\System\UJQDHFk.exe
  2⤵
  PID:8232
- C:\Windows\System\raERDZB.exe
  C:\Windows\System\raERDZB.exe
  2⤵
  PID:8408
- C:\Windows\System\qINHuAK.exe
  C:\Windows\System\qINHuAK.exe
  2⤵
  PID:8416
- C:\Windows\System\IgwluDd.exe
  C:\Windows\System\IgwluDd.exe
  2⤵
  PID:8468
- C:\Windows\System\imSqhbR.exe
  C:\Windows\System\imSqhbR.exe
  2⤵
  PID:8432
- C:\Windows\System\XeUVZHD.exe
  C:\Windows\System\XeUVZHD.exe
  2⤵
  PID:8352
- C:\Windows\System\NWvhQJC.exe
  C:\Windows\System\NWvhQJC.exe
  2⤵
  PID:8512
- C:\Windows\System\rcmVZai.exe
  C:\Windows\System\rcmVZai.exe
  2⤵
  PID:8592
- C:\Windows\System\PytmcGr.exe
  C:\Windows\System\PytmcGr.exe
  2⤵
  PID:8736
- C:\Windows\System\MVxdGXw.exe
  C:\Windows\System\MVxdGXw.exe
  2⤵
  PID:8784
- C:\Windows\System\OYUWaii.exe
  C:\Windows\System\OYUWaii.exe
  2⤵
  PID:8928
- C:\Windows\System\wEUpNQU.exe
  C:\Windows\System\wEUpNQU.exe
  2⤵
  PID:8904
- C:\Windows\System\tsslqfL.exe
  C:\Windows\System\tsslqfL.exe
  2⤵
  PID:8968
- C:\Windows\System\IxVnrRB.exe
  C:\Windows\System\IxVnrRB.exe
  2⤵
  PID:8704
- C:\Windows\System\bidQlil.exe
  C:\Windows\System\bidQlil.exe
  2⤵
  PID:8856
- C:\Windows\System\OQOWGLl.exe
  C:\Windows\System\OQOWGLl.exe
  2⤵
  PID:9184
- C:\Windows\System\MVPytbI.exe
  C:\Windows\System\MVPytbI.exe
  2⤵
  PID:9204
- C:\Windows\System\hauiTyz.exe
  C:\Windows\System\hauiTyz.exe
  2⤵
  PID:8312
- C:\Windows\System\UsgyRIP.exe
  C:\Windows\System\UsgyRIP.exe
  2⤵
  PID:8056
- C:\Windows\System\vvrSbcV.exe
  C:\Windows\System\vvrSbcV.exe
  2⤵
  PID:8040
- C:\Windows\System\qqHwZDz.exe
  C:\Windows\System\qqHwZDz.exe
  2⤵
  PID:9052
- C:\Windows\System\mXCuIXk.exe
  C:\Windows\System\mXCuIXk.exe
  2⤵
  PID:8044
- C:\Windows\System\sVFIjxs.exe
  C:\Windows\System\sVFIjxs.exe
  2⤵
  PID:9020
- C:\Windows\System\nxWDPYp.exe
  C:\Windows\System\nxWDPYp.exe
  2⤵
  PID:8356
- C:\Windows\System\crBkhXh.exe
  C:\Windows\System\crBkhXh.exe
  2⤵
  PID:8420
- C:\Windows\System\sTzvCqc.exe
  C:\Windows\System\sTzvCqc.exe
  2⤵
  PID:8636
- C:\Windows\System\FLkrwcE.exe
  C:\Windows\System\FLkrwcE.exe
  2⤵
  PID:8824
- C:\Windows\System\sPfbseE.exe
  C:\Windows\System\sPfbseE.exe
  2⤵
  PID:9000
- C:\Windows\System\jttmpPB.exe
  C:\Windows\System\jttmpPB.exe
  2⤵
  PID:9132
- C:\Windows\System\ZETaDqF.exe
  C:\Windows\System\ZETaDqF.exe
  2⤵
  PID:9168
- C:\Windows\System\kGpHNAD.exe
  C:\Windows\System\kGpHNAD.exe
  2⤵
  PID:7332
- C:\Windows\System\EJaghyr.exe
  C:\Windows\System\EJaghyr.exe
  2⤵
  PID:8248
- C:\Windows\System\PdSgRyh.exe
  C:\Windows\System\PdSgRyh.exe
  2⤵
  PID:8300
- C:\Windows\System\sBjyGUO.exe
  C:\Windows\System\sBjyGUO.exe
  2⤵
  PID:8372
- C:\Windows\System\DRIJAQz.exe
  C:\Windows\System\DRIJAQz.exe
  2⤵
  PID:8720
- C:\Windows\System\QtjKQkb.exe
  C:\Windows\System\QtjKQkb.exe
  2⤵
  PID:8840
- C:\Windows\System\rqTAnYe.exe
  C:\Windows\System\rqTAnYe.exe
  2⤵
  PID:8940
- C:\Windows\System\vDNjuEy.exe
  C:\Windows\System\vDNjuEy.exe
  2⤵
  PID:9152
- C:\Windows\System\xVrIDcw.exe
  C:\Windows\System\xVrIDcw.exe
  2⤵
  PID:7836
- C:\Windows\System\Fjnjlyn.exe
  C:\Windows\System\Fjnjlyn.exe
  2⤵
  PID:9236
- C:\Windows\System\hgpNyPA.exe
  C:\Windows\System\hgpNyPA.exe
  2⤵
  PID:9256
- C:\Windows\System\aEAvgar.exe
  C:\Windows\System\aEAvgar.exe
  2⤵
  PID:9272
- C:\Windows\System\aJMmnLE.exe
  C:\Windows\System\aJMmnLE.exe
  2⤵
  PID:9292
- C:\Windows\System\yzSGPKY.exe
  C:\Windows\System\yzSGPKY.exe
  2⤵
  PID:9312
- C:\Windows\System\aIKWXvS.exe
  C:\Windows\System\aIKWXvS.exe
  2⤵
  PID:9336
- C:\Windows\System\stGCYFt.exe
  C:\Windows\System\stGCYFt.exe
  2⤵
  PID:9356
- C:\Windows\System\RsCawsg.exe
  C:\Windows\System\RsCawsg.exe
  2⤵
  PID:9372
- C:\Windows\System\QGKowEa.exe
  C:\Windows\System\QGKowEa.exe
  2⤵
  PID:9392
- C:\Windows\System\niwWyam.exe
  C:\Windows\System\niwWyam.exe
  2⤵
  PID:9408
- C:\Windows\System\bEGGfYC.exe
  C:\Windows\System\bEGGfYC.exe
  2⤵
  PID:9432
- C:\Windows\System\dFZEIWD.exe
  C:\Windows\System\dFZEIWD.exe
  2⤵
  PID:9448
- C:\Windows\System\jTxEEGw.exe
  C:\Windows\System\jTxEEGw.exe
  2⤵
  PID:9464
- C:\Windows\System\qzdjZjy.exe
  C:\Windows\System\qzdjZjy.exe
  2⤵
  PID:9484
- C:\Windows\System\rbwfyoz.exe
  C:\Windows\System\rbwfyoz.exe
  2⤵
  PID:9504
- C:\Windows\System\RcuRvTh.exe
  C:\Windows\System\RcuRvTh.exe
  2⤵
  PID:9524
- C:\Windows\System\NjAoRpM.exe
  C:\Windows\System\NjAoRpM.exe
  2⤵
  PID:9540
- C:\Windows\System\iXwInti.exe
  C:\Windows\System\iXwInti.exe
  2⤵
  PID:9556
- C:\Windows\System\LnWoVRQ.exe
  C:\Windows\System\LnWoVRQ.exe
  2⤵
  PID:9572
- C:\Windows\System\clYiogg.exe
  C:\Windows\System\clYiogg.exe
  2⤵
  PID:9616
- C:\Windows\System\dCvGfWr.exe
  C:\Windows\System\dCvGfWr.exe
  2⤵
  PID:9684
- C:\Windows\System\qzHSkml.exe
  C:\Windows\System\qzHSkml.exe
  2⤵
  PID:9704
- C:\Windows\System\DFezOGt.exe
  C:\Windows\System\DFezOGt.exe
  2⤵
  PID:9720
- C:\Windows\System\dRkIGwt.exe
  C:\Windows\System\dRkIGwt.exe
  2⤵
  PID:9736
- C:\Windows\System\NwvYmaq.exe
  C:\Windows\System\NwvYmaq.exe
  2⤵
  PID:9752
- C:\Windows\System\LzAMPtk.exe
  C:\Windows\System\LzAMPtk.exe
  2⤵
  PID:9768
- C:\Windows\System\GrjPBLF.exe
  C:\Windows\System\GrjPBLF.exe
  2⤵
  PID:9800
- C:\Windows\System\QAoOZfw.exe
  C:\Windows\System\QAoOZfw.exe
  2⤵
  PID:9828
- C:\Windows\System\ZZebTtY.exe
  C:\Windows\System\ZZebTtY.exe
  2⤵
  PID:9844
- C:\Windows\System\kMrJMdD.exe
  C:\Windows\System\kMrJMdD.exe
  2⤵
  PID:9868
- C:\Windows\System\ToHvDkO.exe
  C:\Windows\System\ToHvDkO.exe
  2⤵
  PID:9884
- C:\Windows\System\BXzLyPy.exe
  C:\Windows\System\BXzLyPy.exe
  2⤵
  PID:9904
- C:\Windows\System\nEGsPtF.exe
  C:\Windows\System\nEGsPtF.exe
  2⤵
  PID:9924
- C:\Windows\System\pMATFTz.exe
  C:\Windows\System\pMATFTz.exe
  2⤵
  PID:9944
- C:\Windows\System\BxDfdXE.exe
  C:\Windows\System\BxDfdXE.exe
  2⤵
  PID:9964
- C:\Windows\System\gXIyBqZ.exe
  C:\Windows\System\gXIyBqZ.exe
  2⤵
  PID:9984
- C:\Windows\System\ueAQmRL.exe
  C:\Windows\System\ueAQmRL.exe
  2⤵
  PID:10004
- C:\Windows\System\gtoZgWq.exe
  C:\Windows\System\gtoZgWq.exe
  2⤵
  PID:10028
- C:\Windows\System\ADfkcIM.exe
  C:\Windows\System\ADfkcIM.exe
  2⤵
  PID:10044
- C:\Windows\System\IRTYTlY.exe
  C:\Windows\System\IRTYTlY.exe
  2⤵
  PID:10064
- C:\Windows\System\GTcHtYY.exe
  C:\Windows\System\GTcHtYY.exe
  2⤵
  PID:10084
- C:\Windows\System\FSXXJyL.exe
  C:\Windows\System\FSXXJyL.exe
  2⤵
  PID:10100
- C:\Windows\System\FsPHdPl.exe
  C:\Windows\System\FsPHdPl.exe
  2⤵
  PID:10116
- C:\Windows\System\AqQPutV.exe
  C:\Windows\System\AqQPutV.exe
  2⤵
  PID:10132
- C:\Windows\System\iAiIMGU.exe
  C:\Windows\System\iAiIMGU.exe
  2⤵
  PID:10168
- C:\Windows\System\RJQFrZj.exe
  C:\Windows\System\RJQFrZj.exe
  2⤵
  PID:10188
- C:\Windows\System\qPGPYiI.exe
  C:\Windows\System\qPGPYiI.exe
  2⤵
  PID:10204
- C:\Windows\System\FscwRie.exe
  C:\Windows\System\FscwRie.exe
  2⤵
  PID:10220
- C:\Windows\System\YBlCvjd.exe
  C:\Windows\System\YBlCvjd.exe
  2⤵
  PID:8556
- C:\Windows\System\ooIKXRI.exe
  C:\Windows\System\ooIKXRI.exe
  2⤵
  PID:8320
- C:\Windows\System\xfDbgwk.exe
  C:\Windows\System\xfDbgwk.exe
  2⤵
  PID:9224
- C:\Windows\System\kSjdrMx.exe
  C:\Windows\System\kSjdrMx.exe
  2⤵
  PID:9268
- C:\Windows\System\iiBYHYg.exe
  C:\Windows\System\iiBYHYg.exe
  2⤵
  PID:9344
- C:\Windows\System\wEGRwXc.exe
  C:\Windows\System\wEGRwXc.exe
  2⤵
  PID:9384
- C:\Windows\System\zXtxFbL.exe
  C:\Windows\System\zXtxFbL.exe
  2⤵
  PID:9424
- C:\Windows\System\peFptkX.exe
  C:\Windows\System\peFptkX.exe
  2⤵
  PID:9492
- C:\Windows\System\FAMSsDc.exe
  C:\Windows\System\FAMSsDc.exe
  2⤵
  PID:9536
- C:\Windows\System\gvIrzOs.exe
  C:\Windows\System\gvIrzOs.exe
  2⤵
  PID:9364
- C:\Windows\System\rbmvFSS.exe
  C:\Windows\System\rbmvFSS.exe
  2⤵
  PID:8964
- C:\Windows\System\MxWSfxl.exe
  C:\Windows\System\MxWSfxl.exe
  2⤵
  PID:8444
- C:\Windows\System\UjFbRcs.exe
  C:\Windows\System\UjFbRcs.exe
  2⤵
  PID:9252
- C:\Windows\System\WepnXhW.exe
  C:\Windows\System\WepnXhW.exe
  2⤵
  PID:9324
- C:\Windows\System\bLgCWPD.exe
  C:\Windows\System\bLgCWPD.exe
  2⤵
  PID:9440
- C:\Windows\System\wkLSmFN.exe
  C:\Windows\System\wkLSmFN.exe
  2⤵
  PID:9480
- C:\Windows\System\hkOAmbf.exe
  C:\Windows\System\hkOAmbf.exe
  2⤵
  PID:9016
- C:\Windows\System\yTvaXmt.exe
  C:\Windows\System\yTvaXmt.exe
  2⤵
  PID:9580
- C:\Windows\System\xXcWSDe.exe
  C:\Windows\System\xXcWSDe.exe
  2⤵
  PID:9608
- C:\Windows\System\RqgjwTh.exe
  C:\Windows\System\RqgjwTh.exe
  2⤵
  PID:9636
- C:\Windows\System\dgseWXu.exe
  C:\Windows\System\dgseWXu.exe
  2⤵
  PID:9656
- C:\Windows\System\feyJlTB.exe
  C:\Windows\System\feyJlTB.exe
  2⤵
  PID:8548
- C:\Windows\System\fHGOVtw.exe
  C:\Windows\System\fHGOVtw.exe
  2⤵
  PID:9700
- C:\Windows\System\MPWJhXK.exe
  C:\Windows\System\MPWJhXK.exe
  2⤵
  PID:9748
- C:\Windows\System\wMpVdUj.exe
  C:\Windows\System\wMpVdUj.exe
  2⤵
  PID:9808
- C:\Windows\System\eGjxQuv.exe
  C:\Windows\System\eGjxQuv.exe
  2⤵
  PID:9788
- C:\Windows\System\zILHdzc.exe
  C:\Windows\System\zILHdzc.exe
  2⤵
  PID:9836
- C:\Windows\System\QOMcANc.exe
  C:\Windows\System\QOMcANc.exe
  2⤵
  PID:9880
- C:\Windows\System\pJQuaeM.exe
  C:\Windows\System\pJQuaeM.exe
  2⤵
  PID:9932
- C:\Windows\System\PLvQFNg.exe
  C:\Windows\System\PLvQFNg.exe
  2⤵
  PID:9972
- C:\Windows\System\jlxKfuM.exe
  C:\Windows\System\jlxKfuM.exe
  2⤵
  PID:10020
- C:\Windows\System\twZVxuo.exe
  C:\Windows\System\twZVxuo.exe
  2⤵
  PID:10056
- C:\Windows\System\oqxKBhg.exe
  C:\Windows\System\oqxKBhg.exe
  2⤵
  PID:10108
- C:\Windows\System\yBDadxP.exe
  C:\Windows\System\yBDadxP.exe
  2⤵
  PID:10152
- C:\Windows\System\mHcmZXj.exe
  C:\Windows\System\mHcmZXj.exe
  2⤵
  PID:10176
- C:\Windows\System\kikMZEX.exe
  C:\Windows\System\kikMZEX.exe
  2⤵
  PID:10228
- C:\Windows\System\kDfFZEa.exe
  C:\Windows\System\kDfFZEa.exe
  2⤵
  PID:9220
- C:\Windows\System\tWzMKrD.exe
  C:\Windows\System\tWzMKrD.exe
  2⤵
  PID:9420
- C:\Windows\System\EJPxQIr.exe
  C:\Windows\System\EJPxQIr.exe
  2⤵
  PID:8616
- C:\Windows\System\HsOIxww.exe
  C:\Windows\System\HsOIxww.exe
  2⤵
  PID:7788
- C:\Windows\System\iKpufiZ.exe
  C:\Windows\System\iKpufiZ.exe
  2⤵
  PID:9516
- C:\Windows\System\OoclvRq.exe
  C:\Windows\System\OoclvRq.exe
  2⤵
  PID:9600
- C:\Windows\System\JOZUBjP.exe
  C:\Windows\System\JOZUBjP.exe
  2⤵
  PID:9712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\KixVZIZ.exe

Filesize
6.0MB

MD5
aa1eff6c8ecf515265d0ed4c211bc0b3

SHA1
02322d4ecac60720bd1e9d63853768ee4c3fb5e2

SHA256
277f7f0580b9355467dd96a0e4cee472b17021731240262d98a324691c644a6b

SHA512
cbb856a83b253ccc45079f6c5dd41a57c9f64324d045081f0a740086d469a40e612f100884762ba053a5a854ba17bc0fb352a5877edac15b5d2adaf358c541dd

Download Submit
C:\Windows\system\MLFyDCF.exe

Filesize
6.0MB

MD5
6013f95a4d04e0932aa988ad45445c7a

SHA1
d415076aac4767900a7e929c1a312de26c151958

SHA256
4e4ee516f975f82d5033e5472f0ec269aca36041485247e308079bee15df9d21

SHA512
61913beb5ffbda59ff7729cf494581d4f8b69844f38162119f8344547be32df88247066697c11a934bd25de34c13198ddd9f9ddffbd514c61af041d16d52b6a9

Download Submit
C:\Windows\system\MUbcqDU.exe

Filesize
6.0MB

MD5
7885948a2b7736ffc984e0e5afb440c2

SHA1
471dedead2b8718de509c99bb57746a8bd6c83f3

SHA256
89701295efe405fbff9c35fca9579fa03682e3b88cf6abb39773a3528e591d4a

SHA512
32e15cf205e2ab9e1bd8ac7e686de67d29a0091e862cc3fd67dcab210c1d05961f3739133ea384d859fb071e1242269a0fc417ee07e340fb66329cae39f0ae03

Download Submit
C:\Windows\system\QtSatwD.exe

Filesize
6.0MB

MD5
260faee201db8915490605bab1c93987

SHA1
f3c06b5c205f6c7409f9f3bd92a9b38a9c714cb5

SHA256
f0615bbe92e9b0e1b45e8d369215eb9f7b5c1f931386be25d18bb683317af070

SHA512
ee8750231efbaaef1051ac85940cd693d7caa8ac4dd69fc4f8193662c9551c6325a0295eec235f05ae14977acd7ec4ea42fb8f31aa87d96136a90a1af502432b

Download Submit
C:\Windows\system\QuxJqZo.exe

Filesize
6.0MB

MD5
7b9b3b7fa963c35b1ba3de0cb6bfdab4

SHA1
f24eb630fd01fa3e3e6844c4c79b816f813d51fe

SHA256
60306c28e694ff52c35961f401c30ff0c203f27c55dbe10a9dc3c3301c4858d9

SHA512
b9f48c1f71bd1627770beb3489ec58092152cd57c5562bddfff972eb4335bdf9d54a174b363489ab2a663891b69812b54cb8dfeed6277bcb27c522d6fad4112b

Download Submit
C:\Windows\system\WveEkHA.exe

Filesize
6.0MB

MD5
79cbedab3776ea2a246c8aea97726bf8

SHA1
7798069d485e2ab297316e65881300491a62fdf6

SHA256
ce43d617365e1c3b9796c2d176b61064403914f1f79ff5f4b348933092ce05f9

SHA512
a37556bf5fa522314cdea9094a1c2239ca15f1b55d6f54a06129a9be95982121cd07cbeb1e1175b710ce90aff6a05a7973ee51ce5e4f7fa53064dad7f7ac8928

Download Submit
C:\Windows\system\XPolBcY.exe

Filesize
6.0MB

MD5
19b45a13f627293638f01b29a8cf213e

SHA1
ab347f9293ca48a8b6e5b13acb2c12fb2aa83ed2

SHA256
19dee6446d699ff59b44e9c5ad4bf902e6ae388c2990ed20910cac8b975788ef

SHA512
aec09f45313e5feaeb5b1998956bbad638ddaa206fccbcc45ef6b44c70cfb4dacc4056537e6ea0d28201154425f9035309e55d6d9b40d72b0e6ce8b3070f4a51

Download Submit
C:\Windows\system\YqJWggP.exe

Filesize
6.0MB

MD5
4ec541a8b9738509ff4b58dc8389c6e9

SHA1
78594a5a11c4adcaac192eb213b09501f3f29a10

SHA256
7318700cfa8e389dea4c3e9cb255b24a3035d89e65b32f710291579744a39fd2

SHA512
1493d828acc577da6ce92d7751d6ceb701fbc7bf2b64b819e688d9aabf2be64890f9316dc1d5338a62d4c9dd30a03098ce62872bf65537c40d2b8e228b3cbcbc

Download Submit
C:\Windows\system\aQyGEmL.exe

Filesize
6.0MB

MD5
885b78b3071e767310eecd489d2fc56a

SHA1
9c7b234bb6f7a1757aa05dc117eb9e03cb9e5bcb

SHA256
d32560e62726e7f0b56d8a5f31f4ecfb0dddf7300b2e86463fb4dc5900c9c5aa

SHA512
ed5a0eb217b064f0f2be767c2ecf0124eb3ed81450655a84ca493e654d693d8e6a2aaf97ee90a1f62d4cb4a490305994bb62ef943813785f9e7627e7d71cd593

Download Submit
C:\Windows\system\cHPVSQx.exe

Filesize
6.0MB

MD5
ada82930aa6d08e7ff567c6f1467e890

SHA1
b5e88287b794c248dfdad6df7ee0fb7d8ba9b53c

SHA256
f61d5a5681c4766cd9803a29c2498aa31e53a77b0c44e52cdeebe0a469b4ce55

SHA512
840c30245f30c11b6fd166ef89504becc56bfae54eb6a403308d654032606216036a4f4d88e1082029c75caf67f14f18fe9e7038740eb1dabe11dc95c8ea81f3

Download Submit
C:\Windows\system\dviGHFY.exe

Filesize
6.0MB

MD5
c60b53846349147f47eaf2aa1159c4e7

SHA1
7a123bae247bc26ec132d205f923adb79d48f026

SHA256
2d44ea0ad86e68e5b6d0928e1ed9c4db4d7e097e0c770a159267504d6d8da3c8

SHA512
a80d9c8c2304e3dbfdb45ca9738f7ca72d2457dc1cb1fec96d732cf838c060f4ff00230cf7924308aa2042144cac671fe9bf1d163cd68fcdcbf948b41e218464

Download Submit
C:\Windows\system\dzGrsbr.exe

Filesize
6.0MB

MD5
c26c2fc0689fe94b2d40b32b940c03bd

SHA1
ddef0a20d0a2bc99b52221da82f3da344078e99e

SHA256
d5f0c5d082efc082cb6ac32e54708b78ec66ae9c5248ba7f977706eb36528a04

SHA512
84506096859bacfd7b7c38f4b26ba84a0d4d2d01dfdcf1eb50171360d0726749c012903411509f804f2691e61f1ce838e4554a2b961895af41a23129aca380e0

Download Submit
C:\Windows\system\eSFPUpz.exe

Filesize
6.0MB

MD5
dce8c0abf65970fc6fb9adec8f3fb34b

SHA1
2b77709fadefe739d17266b342255294702d0db2

SHA256
055b00f7077d793ce9728305da0d3c53a928bb97641dfbaed59612787a03bd0d

SHA512
a1eab50b035dd0750bb6b28ba69e363261cea52eaecdf66109827d154e53872528e1ce25c73949e0545cd3274501a504d8957c3d3ebd3e0c75d1526c3c88100c

Download Submit
C:\Windows\system\hbPaLuK.exe

Filesize
6.0MB

MD5
e8ae138f23b30c085742f793deaa2a53

SHA1
b528f0ea6855f5c9616b828badfcfbbeddd1e458

SHA256
8b3f3f7f3786b8c5bd59629c20aa46580fb3d85bfd1d336ea5eaf0c7de62a41a

SHA512
96a84e10b591c6e1bfd41ecd78eb3fd68518fade65cc08f9d0829575e81e1bcd93003f3d390cdb315fe2cb0ad62c967d60831513aa89f64f88438cabf860668b

Download Submit
C:\Windows\system\htgvoLI.exe

Filesize
6.0MB

MD5
4ccaf5d265c20a1ee9f2a4b4a096e902

SHA1
1b72cce5b2ca893d14e7adefeef85ea9542fbb89

SHA256
04c334ea6bff3872ba02802ad69c35aa1aa838263e1918a40d729fece4e27a71

SHA512
378dc83cee777529dcc2991db69995ab67634de0118b0bb2f9e144baca3c9b4311ef2aad4d5c99278db4bb943e8d466258dc964683ece85dd175493270e62038

Download Submit
C:\Windows\system\igxeJMi.exe

Filesize
6.0MB

MD5
38d1937e55dae3813278abbc58dc8da0

SHA1
e786795915be1f798cdaa5f18afd3242001b5c62

SHA256
fd8ef141e5c9a869669545b3c670c89de91ed0f4cf8e4a9e6879e78bd0ad8df9

SHA512
ec2ff494a7a748d2c1b35cccc1c2958877934fb65f1b014983132d95144467bca84413cedeccc7f0675f1aeeafeeb38289da67046ec27a39ab389d28c0a96ae4

Download Submit
C:\Windows\system\juMWwAh.exe

Filesize
6.0MB

MD5
7903bed54efe75355f61df15e667aa54

SHA1
372bb9ad8454ee2c60ae6e5a3be4aecc3a963ac0

SHA256
0956831c4b1becc8ce449c599525b811723e4727eb860eea9c1bd954d7130e78

SHA512
758a168f39db9732ab9fad56c3bfb2ed957d696cba40b8276dc021fb8cd15a3f277298dca5ffb9f41216cc5042253170b0737cc50e97030c2ca8ef28173489af

Download Submit
C:\Windows\system\kARuDHJ.exe

Filesize
6.0MB

MD5
460f27dd440b7ed99af80cfff3872c91

SHA1
ed13fdf392466c3e3e5a9b2d8e54f7acc4dd33a4

SHA256
a21eb058dc867d4a513f43345effdd1c9ec53a8aecdeedace1243fe80e10e432

SHA512
b5786108577e5bca102c4bec4bafb1247f18a4d146a29070028d408fa576955b123c1681ab096db5df19616349081793bcc92a1388572f36380a6a326bc5221d

Download Submit
C:\Windows\system\kzWxWAX.exe

Filesize
6.0MB

MD5
75a3194957d3cc347bb834328252ceaf

SHA1
9931ee5e5a9eaa5c3ed65033bae61e8f9f42e852

SHA256
cd8464d2e72472be457b1724be233f2e7917257ec637f5ea7df613b04bc2c842

SHA512
78c832307457023d91b54f70cf7ffa409f5b89ee5ee7db16bf8348e1c6a17b467e2b4a17a913344bfe41e12b76223f0cd7cb38c7a7a0682b6a7e9c8e70277b84

Download Submit
C:\Windows\system\oxttUJV.exe

Filesize
6.0MB

MD5
72e05bd03b046cce3a928a49d7732c4c

SHA1
5b31a354c730ec70f5b965bdab15d83b964af182

SHA256
55388fb57729e523bb041f7b5d63ed4e5233bccab821ecd81a5e6a1b542d6b97

SHA512
bd89cf92fae0663ebdc9ef83794dca794a508c100918e72f2abbe52cef1a67eeaa75c971a14f5f1a47b5fe684626e6eea44a6f5187cf4d2899252e92c225fa57

Download Submit
C:\Windows\system\pCumnsp.exe

Filesize
6.0MB

MD5
d42c50d13bd457e54593719b691f69fe

SHA1
57bdcca5b736ab9aabb3ab17ef0a08d24c98205f

SHA256
f9ed982a9a1aa5b337bb49097a73041c5abd605d4c84ee7f883090c924e19653

SHA512
5afabcbe7cac267f10f22411dd19d515af019a270ffe20327015cb209abf253fe7e1154eb89f9197ada08144dd446c98cd5c4ba4ea4df41be7b5b683d6fd1576

Download Submit
C:\Windows\system\uwkePkT.exe

Filesize
6.0MB

MD5
ffd536fb6e097f924848ad3a5f5dcb82

SHA1
b7de516f910ab1c6ef370fc93381f2c6e48f39b3

SHA256
f59f20258b02523804272a7cc4306f9d329b3b6eb48f61ed213afbfbfc200439

SHA512
ece759a1eaac3969a4b1b4c98322d7eef510ef0d6321b4c17b04c6cad2e86c14bf6b5fb9ec705a5cc8274d284d443abe29097767598e0cca8b9298b033f87d80

Download Submit
C:\Windows\system\xjylmXx.exe

Filesize
6.0MB

MD5
afd4668c6b5cb0868692161a5fa56960

SHA1
322165b5c06a64b2627353297009a3f1905cf576

SHA256
bba1027656bf2d5bf6012ac0f6883fb4148dece453e70a2168d625654d09202d

SHA512
decd9cf0fd97e00837cfc8479f80422093bc68d38a0ce1e17fb976f7d158a2bd080fd97713ebb23593562bdd07df07e6239e3b1e33416a08dad0f1e9dd8a7360

Download Submit
\Windows\system\BYrrVri.exe

Filesize
6.0MB

MD5
967a6b4ca134580da7f04f475a2e0500

SHA1
afb2b400c80c2eff61fd637d9f53d13d7c561895

SHA256
b6c7f076bf9c852db20ad8c1248f6e7287adccfc67572128bb08a033297e9dfa

SHA512
334c6538ab4555378921a084f3fd22b92c307230b00ebbd7853ce3573efeb93fd937b3cde624955edff1c5f7bc608a918ae56af4fda704860ac7521b5b8f5f2d

Download Submit
\Windows\system\GFxrpbz.exe

Filesize
6.0MB

MD5
dade04ee97b526d088265446d687bfe4

SHA1
a94cf1b3e541fe10669e918b4377ae59801dd5d2

SHA256
1f21ec8d9a34d9c5e8d5c9fbc647c2bfb47957cb0dc3d0977fdf68e14c6bac40

SHA512
3bfdd185f6120febce605e3ef276015d2e2023b70285eba2d1b663d1de02587c58db2f903cd20ad8611f7a51a9763e6df4e7fc4d49924f626c18d4612c9b91f2

Download Submit
\Windows\system\QrVjiSl.exe

Filesize
6.0MB

MD5
7f7c663fd93abfb4c8af8538e8b60eba

SHA1
a8c353cfd1c1336b3bf9f32f5d7de03a1352da95

SHA256
d55ccf13d2a4b2ce4f0e295e9fc0a50f3460a460a2316f0d99863345223995a1

SHA512
b0ce052c0ff4777bb51e76cb750dcfeb450b410f70fcc980c75d20613e7d6961118c936460cc7481f291420d3088ac1286dbd11ec0ae68170b4244e7abad876e

Download Submit
\Windows\system\TtoYYvC.exe

Filesize
6.0MB

MD5
64e61c8066f9a2856c6c7da52fe9ad75

SHA1
f576054755346b5ee903af480e02003850043561

SHA256
27f2a1d58f12fabdf17c42f2bdaf9fcecdf8ba84114685c31fec459c6c186a96

SHA512
6c2d142ae579ff69a1b396b678531072cd248e191f4dd385eff212ee8d236774e0883497cc698ae3cc99e0b36a184745575e807e7b2e9ff5fc06a9c15bbf8aa4

Download Submit
\Windows\system\dmiyZpr.exe

Filesize
6.0MB

MD5
3fd3e2f8ef5fb0c9889abd1a599fbabd

SHA1
8dfc815cd807fb5824d0f3eb5c238ee53468f8b7

SHA256
ec14749b91b6c9dad9969582c1e2e75071d37a306d58f0e4f26359426ffcef8a

SHA512
0049f4d5741b10840cb5c1c5fbab7112b6cdb7bf9a8fc4e14d412d32b69af84517b6bcc6535b713f9dd6ec84837f7c9776c3a9c7becaf10a1b19ce45ffbe07d6

Download Submit
\Windows\system\eZZNgNY.exe

Filesize
6.0MB

MD5
4a35b1f07d846a70e374c870f25d2dac

SHA1
828204a955f3d68370314da9287ff88264ab489e

SHA256
0610cda5ce8237f6ea17215b0936b003531bf3a063aad6524f2462be0897b89b

SHA512
b5dbcc720b47964720aaea6f7b44a03d40411be9aad8bf393f96c82bc1e7222b9a8e6042e0bb98cf9d916b17f9a8fc085f11c826b8d6225c12886f3774d6e7fd

Download Submit
\Windows\system\hGsmffT.exe

Filesize
6.0MB

MD5
d8216f3783f87e2d39a0a707ea00d33e

SHA1
e5b7e1ee9950793a76cfc326b7f98c5c69b82010

SHA256
1d3cf1c08e9754a5b038fb101662a0ed06d4dffef1ce52676c2b16d4686b6f9b

SHA512
5b445b4ec0ddb95e48e5aaea56d6692c6724b1a412daed624d457555823d3b4c92afb52c95ad25677114d9ed6760ded595f7b57cb4dcbf3d87b3858448695799

Download Submit
\Windows\system\khtvOKB.exe

Filesize
6.0MB

MD5
b2574a7442942f678e0ae0ca554a7d3f

SHA1
8ee1494b15f572bb861ca2128777092359f51d7a

SHA256
bb4a650de5c70be19fea252f709bb34e0a32c0ff4efcdd5bb153d28b56d00296

SHA512
38688dc09aa71490afde12370b842d04cfa1c2ba29bf4cfe89a300e6472bedc4d1fd9c351cf16b8aca3a62104c9a0a388956fdc39f76b0275f63ebfe5c5786b9

Download Submit
\Windows\system\mfeYGhp.exe

Filesize
6.0MB

MD5
0367b811afce9bac139d1231f5cd8206

SHA1
905a5b72bee96181d24b758e8053ebcb663d3aa4

SHA256
7b5d31def240e541a815ad54763f923f7ae49ce28550bd351b27a52a2f3b4640

SHA512
894849e88243ac25b8acf4d673830da7ef795bc941370c88ac010012a8cb8b4a5e1bdc4a95034b2149186972e28a97c5f93ce428fa4c72ca616623f09318a548

Download Submit
\Windows\system\ulApDii.exe

Filesize
6.0MB

MD5
6ac32a38cf8055e728756669f430d36c

SHA1
c6f30254895f2ef1698d693cc84a28c08d0ae907

SHA256
2f784f94202fc57a0c2354c50234579f8ff14f32ee030a4de760a1d77418a4c6

SHA512
2083982452aa14018682310409b6aa6d09bd08a61c5005507b45e9e06875131da621b6bee7d91f40090c11c6352784e5baf3eaa1d71ff5e042a9b46238320d80

Download Submit
memory/1236-3763-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1236-86-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1508-101-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-3831-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-93-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-3757-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-78-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1868-3790-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3704-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2152-56-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2152-94-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2388-64-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3750-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2396-108-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3742-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-71-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-40-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3677-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2652-84-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2656-27-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3622-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2656-69-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2756-24-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3561-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3603-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2792-22-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3611-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-34-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-25-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3573-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2996-3729-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2996-52-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3028-70-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-53-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-63-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-51-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-23-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/3028-55-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-85-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3028-554-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3028-92-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-100-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/3028-37-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1203-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/3028-970-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-107-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-109-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/3028-33-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-18-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download