cobaltstrike | b6c6721aa15418d06c4e981297c888f99828826cceb5daecf1359c208abe93f5

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e2d0b7f0ad6053cbf2f2a78dc8942fa1
SHA1

6bd329c8f4c802383dcd884b420e628162742a67
SHA256

b6c6721aa15418d06c4e981297c888f99828826cceb5daecf1359c208abe93f5
SHA512

1024a9618ac8a27e46d82d254e68cb08aec27a685151f6091b147c7e3b11bdbdd3503e2057771bea030c94f337841cfbcbca527fc81f2a849d124627b053e2b0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016621-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016af7-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c3a-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c5c-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cfd-33.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-37.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939c-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019429-49.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016307-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941b-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca5-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c53-22.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral1/memory/1304-0-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202c-3.dat	xmrig
behavioral1/files/0x0008000000016621-10.dat	xmrig
behavioral1/files/0x0008000000016af7-14.dat	xmrig
behavioral1/files/0x0007000000016c3a-18.dat	xmrig
behavioral1/files/0x0007000000016c5c-25.dat	xmrig
behavioral1/files/0x0008000000016cfd-33.dat	xmrig
behavioral1/files/0x000500000001938e-37.dat	xmrig
behavioral1/files/0x000500000001939c-41.dat	xmrig
behavioral1/files/0x0005000000019429-49.dat	xmrig
behavioral1/files/0x0009000000016307-70.dat	xmrig
behavioral1/files/0x00050000000194d0-95.dat	xmrig
behavioral1/files/0x00050000000194da-102.dat	xmrig
behavioral1/files/0x00050000000195f9-140.dat	xmrig
behavioral1/memory/1232-2071-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x00050000000195fd-161.dat	xmrig
behavioral1/files/0x00050000000195ff-158.dat	xmrig
behavioral1/files/0x0005000000019601-162.dat	xmrig
behavioral1/files/0x00050000000195c0-132.dat	xmrig
behavioral1/files/0x00050000000195fe-156.dat	xmrig
behavioral1/files/0x00050000000195fb-146.dat	xmrig
behavioral1/files/0x00050000000195f7-136.dat	xmrig
behavioral1/files/0x0005000000019581-127.dat	xmrig
behavioral1/files/0x000500000001955c-121.dat	xmrig
behavioral1/files/0x00050000000194e6-112.dat	xmrig
behavioral1/files/0x0005000000019551-117.dat	xmrig
behavioral1/files/0x00050000000194e4-108.dat	xmrig
behavioral1/files/0x00050000000194c6-92.dat	xmrig
behavioral1/files/0x000500000001949d-86.dat	xmrig
behavioral1/files/0x0005000000019490-82.dat	xmrig
behavioral1/files/0x0005000000019481-77.dat	xmrig
behavioral1/files/0x000500000001946b-69.dat	xmrig
behavioral1/memory/1032-64-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000500000001941b-45.dat	xmrig
behavioral1/files/0x0007000000016ca5-30.dat	xmrig
behavioral1/files/0x0007000000016c53-22.dat	xmrig
behavioral1/memory/2184-2337-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/484-2310-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2268-2225-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/1304-2914-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/484-3012-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/1032-3038-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2184-3039-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2268-3042-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/1232-3037-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1304-3011-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1304-2999-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/1304-3136-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2340	opGECUP.exe
1032	qLCqleH.exe
1232	GzISmun.exe
2268	XlmEooR.exe
484	cirHFBZ.exe
2184	XkjQOEB.exe
2460	MMxDfqJ.exe
2832	FNBBVdE.exe
2944	QFRgcpz.exe
2828	HtTcnup.exe
2808	tkBwJis.exe
2836	SpdLAxg.exe
2740	RJrIpKj.exe
2536	QUwYwTx.exe
2108	qDbRyuu.exe
2764	btwpUOp.exe
864	pYKaUgE.exe
3048	MHVjYwJ.exe
2736	dLBuHqR.exe
1228	WuTBDIU.exe
2908	QtnhCSN.exe
3036	LMIwFsz.exe
1264	nsmERoA.exe
1560	ZoqlZcj.exe
1180	oRbofJN.exe
1136	OxWYWZJ.exe
2520	CsbBlNt.exe
2152	DAnZAEU.exe
2352	tkuvPig.exe
1852	MbKpCbE.exe
2392	sMNnsCh.exe
2468	ooFaxnT.exe
1120	LNehuqJ.exe
2084	QwKtuqP.exe
2260	FJdXtnM.exe
1764	FALnnzb.exe
2308	fnrHtAy.exe
956	YEPITqd.exe
2360	mcSOqHj.exe
1476	rKkajNj.exe
288	dTASkZg.exe
2000	PwKISiU.exe
3032	gaMzNYg.exe
836	mezWwfk.exe
2452	FsuCgSa.exe
1596	VIWCjde.exe
1504	kmagzZX.exe
1804	UHVXPjY.exe
2356	Urmshce.exe
2504	YqunMDn.exe
1728	YLiZzOq.exe
2604	msXJWKH.exe
1724	QraYByz.exe
304	LzZQvrw.exe
2584	HxXwfSm.exe
884	jKfdbuQ.exe
1044	JtktVxT.exe
1700	wHvKpFP.exe
1548	bNodQeH.exe
1680	qpLmBUn.exe
2760	zxkBqZn.exe
2276	pgWqxbi.exe
2240	xiXDDOb.exe
2300	OQUxEgw.exe

Loads dropped DLL 64 IoCs

pid	Process
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1304-0-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-3.dat	upx
behavioral1/files/0x0008000000016621-10.dat	upx
behavioral1/files/0x0008000000016af7-14.dat	upx
behavioral1/files/0x0007000000016c3a-18.dat	upx
behavioral1/files/0x0007000000016c5c-25.dat	upx
behavioral1/files/0x0008000000016cfd-33.dat	upx
behavioral1/files/0x000500000001938e-37.dat	upx
behavioral1/files/0x000500000001939c-41.dat	upx
behavioral1/files/0x0005000000019429-49.dat	upx
behavioral1/files/0x0009000000016307-70.dat	upx
behavioral1/files/0x00050000000194d0-95.dat	upx
behavioral1/files/0x00050000000194da-102.dat	upx
behavioral1/files/0x00050000000195f9-140.dat	upx
behavioral1/memory/1232-2071-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x00050000000195fd-161.dat	upx
behavioral1/files/0x00050000000195ff-158.dat	upx
behavioral1/files/0x0005000000019601-162.dat	upx
behavioral1/files/0x00050000000195c0-132.dat	upx
behavioral1/files/0x00050000000195fe-156.dat	upx
behavioral1/files/0x00050000000195fb-146.dat	upx
behavioral1/files/0x00050000000195f7-136.dat	upx
behavioral1/files/0x0005000000019581-127.dat	upx
behavioral1/files/0x000500000001955c-121.dat	upx
behavioral1/files/0x00050000000194e6-112.dat	upx
behavioral1/files/0x0005000000019551-117.dat	upx
behavioral1/files/0x00050000000194e4-108.dat	upx
behavioral1/files/0x00050000000194c6-92.dat	upx
behavioral1/files/0x000500000001949d-86.dat	upx
behavioral1/files/0x0005000000019490-82.dat	upx
behavioral1/files/0x0005000000019481-77.dat	upx
behavioral1/files/0x000500000001946b-69.dat	upx
behavioral1/memory/1032-64-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000500000001941b-45.dat	upx
behavioral1/files/0x0007000000016ca5-30.dat	upx
behavioral1/files/0x0007000000016c53-22.dat	upx
behavioral1/memory/2184-2337-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/484-2310-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2268-2225-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/1304-2914-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/484-3012-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/1032-3038-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2184-3039-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2268-3042-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/1232-3037-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DBYycQu.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEIoKwo.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgkZtOm.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsJPMYK.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSkycuh.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXnQRku.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wRUDnAf.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqiElyp.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfUNWJI.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VORMuAA.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDmkPJY.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXwuZIx.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIhdHQv.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGqRGlW.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KprqqTf.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRwmBBG.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdeQTyj.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXZTwlw.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIqEtam.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIwRsWB.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoTieOw.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzISmun.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIpJHnf.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLFYHCe.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMuBuER.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGCltpm.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Upsorwj.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOlHtJE.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXDivfG.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQPCZhh.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voofwNa.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkjwigC.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wotPVZw.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKdFTvE.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeSegpx.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faEYaKv.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgDaCXw.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTcKoKA.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyVwJth.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGuxdiR.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQSzPTV.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joTjgKW.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLiZzOq.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgAAHkz.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEngXpd.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwVEzDB.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NiwfMCj.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcGohjS.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghLDgmP.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msXJWKH.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRHljiw.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZytNSfA.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxlrHOo.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BleJLGv.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIvfPpK.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quNcuFf.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUibrTB.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYrbFpX.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnCahmN.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIFPvBj.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOVSAPm.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOQuWUv.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjoeVbH.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCefRxE.exe	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2340	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1304 wrote to memory of 2340	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1304 wrote to memory of 2340	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1304 wrote to memory of 1032	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1304 wrote to memory of 1032	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1304 wrote to memory of 1032	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1304 wrote to memory of 1232	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1304 wrote to memory of 1232	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1304 wrote to memory of 1232	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1304 wrote to memory of 2268	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1304 wrote to memory of 2268	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1304 wrote to memory of 2268	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1304 wrote to memory of 484	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1304 wrote to memory of 484	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1304 wrote to memory of 484	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1304 wrote to memory of 2184	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1304 wrote to memory of 2184	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1304 wrote to memory of 2184	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1304 wrote to memory of 2460	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1304 wrote to memory of 2460	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1304 wrote to memory of 2460	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1304 wrote to memory of 2832	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1304 wrote to memory of 2832	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1304 wrote to memory of 2832	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1304 wrote to memory of 2944	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1304 wrote to memory of 2944	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1304 wrote to memory of 2944	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1304 wrote to memory of 2828	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1304 wrote to memory of 2828	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1304 wrote to memory of 2828	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1304 wrote to memory of 2808	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1304 wrote to memory of 2808	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1304 wrote to memory of 2808	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1304 wrote to memory of 2836	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1304 wrote to memory of 2836	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1304 wrote to memory of 2836	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1304 wrote to memory of 2740	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1304 wrote to memory of 2740	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1304 wrote to memory of 2740	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1304 wrote to memory of 2536	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1304 wrote to memory of 2536	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1304 wrote to memory of 2536	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1304 wrote to memory of 2108	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1304 wrote to memory of 2108	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1304 wrote to memory of 2108	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1304 wrote to memory of 2764	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1304 wrote to memory of 2764	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1304 wrote to memory of 2764	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1304 wrote to memory of 864	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1304 wrote to memory of 864	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1304 wrote to memory of 864	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1304 wrote to memory of 3048	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1304 wrote to memory of 3048	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1304 wrote to memory of 3048	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1304 wrote to memory of 2736	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1304 wrote to memory of 2736	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1304 wrote to memory of 2736	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1304 wrote to memory of 1228	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1304 wrote to memory of 1228	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1304 wrote to memory of 1228	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1304 wrote to memory of 2908	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1304 wrote to memory of 2908	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1304 wrote to memory of 2908	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1304 wrote to memory of 3036	1304	2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_e2d0b7f0ad6053cbf2f2a78dc8942fa1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\System\opGECUP.exe
  C:\Windows\System\opGECUP.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\qLCqleH.exe
  C:\Windows\System\qLCqleH.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\GzISmun.exe
  C:\Windows\System\GzISmun.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\XlmEooR.exe
  C:\Windows\System\XlmEooR.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\cirHFBZ.exe
  C:\Windows\System\cirHFBZ.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\XkjQOEB.exe
  C:\Windows\System\XkjQOEB.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\MMxDfqJ.exe
  C:\Windows\System\MMxDfqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\FNBBVdE.exe
  C:\Windows\System\FNBBVdE.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\QFRgcpz.exe
  C:\Windows\System\QFRgcpz.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\HtTcnup.exe
  C:\Windows\System\HtTcnup.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\tkBwJis.exe
  C:\Windows\System\tkBwJis.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\SpdLAxg.exe
  C:\Windows\System\SpdLAxg.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\RJrIpKj.exe
  C:\Windows\System\RJrIpKj.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\QUwYwTx.exe
  C:\Windows\System\QUwYwTx.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\qDbRyuu.exe
  C:\Windows\System\qDbRyuu.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\btwpUOp.exe
  C:\Windows\System\btwpUOp.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\pYKaUgE.exe
  C:\Windows\System\pYKaUgE.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\MHVjYwJ.exe
  C:\Windows\System\MHVjYwJ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\dLBuHqR.exe
  C:\Windows\System\dLBuHqR.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\WuTBDIU.exe
  C:\Windows\System\WuTBDIU.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\QtnhCSN.exe
  C:\Windows\System\QtnhCSN.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\LMIwFsz.exe
  C:\Windows\System\LMIwFsz.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\nsmERoA.exe
  C:\Windows\System\nsmERoA.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\ZoqlZcj.exe
  C:\Windows\System\ZoqlZcj.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\oRbofJN.exe
  C:\Windows\System\oRbofJN.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\OxWYWZJ.exe
  C:\Windows\System\OxWYWZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\CsbBlNt.exe
  C:\Windows\System\CsbBlNt.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\DAnZAEU.exe
  C:\Windows\System\DAnZAEU.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\tkuvPig.exe
  C:\Windows\System\tkuvPig.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\sMNnsCh.exe
  C:\Windows\System\sMNnsCh.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\MbKpCbE.exe
  C:\Windows\System\MbKpCbE.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\QwKtuqP.exe
  C:\Windows\System\QwKtuqP.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\ooFaxnT.exe
  C:\Windows\System\ooFaxnT.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\FJdXtnM.exe
  C:\Windows\System\FJdXtnM.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\LNehuqJ.exe
  C:\Windows\System\LNehuqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\fnrHtAy.exe
  C:\Windows\System\fnrHtAy.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\FALnnzb.exe
  C:\Windows\System\FALnnzb.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\YEPITqd.exe
  C:\Windows\System\YEPITqd.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\mcSOqHj.exe
  C:\Windows\System\mcSOqHj.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\rKkajNj.exe
  C:\Windows\System\rKkajNj.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\dTASkZg.exe
  C:\Windows\System\dTASkZg.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\PwKISiU.exe
  C:\Windows\System\PwKISiU.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\gaMzNYg.exe
  C:\Windows\System\gaMzNYg.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\VIWCjde.exe
  C:\Windows\System\VIWCjde.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\mezWwfk.exe
  C:\Windows\System\mezWwfk.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\kmagzZX.exe
  C:\Windows\System\kmagzZX.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\FsuCgSa.exe
  C:\Windows\System\FsuCgSa.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\UHVXPjY.exe
  C:\Windows\System\UHVXPjY.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\Urmshce.exe
  C:\Windows\System\Urmshce.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\YqunMDn.exe
  C:\Windows\System\YqunMDn.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\YLiZzOq.exe
  C:\Windows\System\YLiZzOq.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\msXJWKH.exe
  C:\Windows\System\msXJWKH.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\QraYByz.exe
  C:\Windows\System\QraYByz.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\LzZQvrw.exe
  C:\Windows\System\LzZQvrw.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\HxXwfSm.exe
  C:\Windows\System\HxXwfSm.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\jKfdbuQ.exe
  C:\Windows\System\jKfdbuQ.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\JtktVxT.exe
  C:\Windows\System\JtktVxT.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\wHvKpFP.exe
  C:\Windows\System\wHvKpFP.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\bNodQeH.exe
  C:\Windows\System\bNodQeH.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\qpLmBUn.exe
  C:\Windows\System\qpLmBUn.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\zxkBqZn.exe
  C:\Windows\System\zxkBqZn.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\xiXDDOb.exe
  C:\Windows\System\xiXDDOb.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\pgWqxbi.exe
  C:\Windows\System\pgWqxbi.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\EqeKmBl.exe
  C:\Windows\System\EqeKmBl.exe
  2⤵
  PID:2936
- C:\Windows\System\OQUxEgw.exe
  C:\Windows\System\OQUxEgw.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\kilPCqB.exe
  C:\Windows\System\kilPCqB.exe
  2⤵
  PID:2844
- C:\Windows\System\btJXlQP.exe
  C:\Windows\System\btJXlQP.exe
  2⤵
  PID:2984
- C:\Windows\System\uFFSIUM.exe
  C:\Windows\System\uFFSIUM.exe
  2⤵
  PID:2688
- C:\Windows\System\ZbrpdVS.exe
  C:\Windows\System\ZbrpdVS.exe
  2⤵
  PID:2728
- C:\Windows\System\UkzhXOm.exe
  C:\Windows\System\UkzhXOm.exe
  2⤵
  PID:1632
- C:\Windows\System\acJNztc.exe
  C:\Windows\System\acJNztc.exe
  2⤵
  PID:1244
- C:\Windows\System\OQKgPAm.exe
  C:\Windows\System\OQKgPAm.exe
  2⤵
  PID:3068
- C:\Windows\System\maNNJpW.exe
  C:\Windows\System\maNNJpW.exe
  2⤵
  PID:2876
- C:\Windows\System\jGvbpTI.exe
  C:\Windows\System\jGvbpTI.exe
  2⤵
  PID:1140
- C:\Windows\System\qFhwLJD.exe
  C:\Windows\System\qFhwLJD.exe
  2⤵
  PID:2292
- C:\Windows\System\PeSRsPy.exe
  C:\Windows\System\PeSRsPy.exe
  2⤵
  PID:2156
- C:\Windows\System\ZQEETCy.exe
  C:\Windows\System\ZQEETCy.exe
  2⤵
  PID:2132
- C:\Windows\System\MpxRinz.exe
  C:\Windows\System\MpxRinz.exe
  2⤵
  PID:1924
- C:\Windows\System\kDqKauo.exe
  C:\Windows\System\kDqKauo.exe
  2⤵
  PID:1408
- C:\Windows\System\aVrQWmJ.exe
  C:\Windows\System\aVrQWmJ.exe
  2⤵
  PID:2088
- C:\Windows\System\bIRFzgm.exe
  C:\Windows\System\bIRFzgm.exe
  2⤵
  PID:772
- C:\Windows\System\eFxTieQ.exe
  C:\Windows\System\eFxTieQ.exe
  2⤵
  PID:1072
- C:\Windows\System\IbBZZsx.exe
  C:\Windows\System\IbBZZsx.exe
  2⤵
  PID:1380
- C:\Windows\System\DopCBVq.exe
  C:\Windows\System\DopCBVq.exe
  2⤵
  PID:1824
- C:\Windows\System\gkamaAb.exe
  C:\Windows\System\gkamaAb.exe
  2⤵
  PID:848
- C:\Windows\System\IlRSaKl.exe
  C:\Windows\System\IlRSaKl.exe
  2⤵
  PID:2004
- C:\Windows\System\DjpVBIR.exe
  C:\Windows\System\DjpVBIR.exe
  2⤵
  PID:1340
- C:\Windows\System\ZydUspz.exe
  C:\Windows\System\ZydUspz.exe
  2⤵
  PID:2412
- C:\Windows\System\LwkoauS.exe
  C:\Windows\System\LwkoauS.exe
  2⤵
  PID:1760
- C:\Windows\System\EfUNWJI.exe
  C:\Windows\System\EfUNWJI.exe
  2⤵
  PID:1316
- C:\Windows\System\AyaaQmf.exe
  C:\Windows\System\AyaaQmf.exe
  2⤵
  PID:2620
- C:\Windows\System\dXnRmfU.exe
  C:\Windows\System\dXnRmfU.exe
  2⤵
  PID:1716
- C:\Windows\System\yKsnSvx.exe
  C:\Windows\System\yKsnSvx.exe
  2⤵
  PID:2368
- C:\Windows\System\JTgPkLZ.exe
  C:\Windows\System\JTgPkLZ.exe
  2⤵
  PID:328
- C:\Windows\System\JVOjDLQ.exe
  C:\Windows\System\JVOjDLQ.exe
  2⤵
  PID:2436
- C:\Windows\System\amVgwkb.exe
  C:\Windows\System\amVgwkb.exe
  2⤵
  PID:2972
- C:\Windows\System\XfHcuYF.exe
  C:\Windows\System\XfHcuYF.exe
  2⤵
  PID:1600
- C:\Windows\System\Rttlqln.exe
  C:\Windows\System\Rttlqln.exe
  2⤵
  PID:2680
- C:\Windows\System\aPgkBnK.exe
  C:\Windows\System\aPgkBnK.exe
  2⤵
  PID:1604
- C:\Windows\System\DeiJrVu.exe
  C:\Windows\System\DeiJrVu.exe
  2⤵
  PID:2336
- C:\Windows\System\bIhVVXw.exe
  C:\Windows\System\bIhVVXw.exe
  2⤵
  PID:1704
- C:\Windows\System\vEnqeof.exe
  C:\Windows\System\vEnqeof.exe
  2⤵
  PID:2868
- C:\Windows\System\ETcvhIM.exe
  C:\Windows\System\ETcvhIM.exe
  2⤵
  PID:2732
- C:\Windows\System\qWrOMaj.exe
  C:\Windows\System\qWrOMaj.exe
  2⤵
  PID:820
- C:\Windows\System\HaiqqAF.exe
  C:\Windows\System\HaiqqAF.exe
  2⤵
  PID:1860
- C:\Windows\System\kxZPVKz.exe
  C:\Windows\System\kxZPVKz.exe
  2⤵
  PID:1668
- C:\Windows\System\OGPCACj.exe
  C:\Windows\System\OGPCACj.exe
  2⤵
  PID:2080
- C:\Windows\System\ajCzfje.exe
  C:\Windows\System\ajCzfje.exe
  2⤵
  PID:1420
- C:\Windows\System\YyVwJth.exe
  C:\Windows\System\YyVwJth.exe
  2⤵
  PID:2716
- C:\Windows\System\YiZjSov.exe
  C:\Windows\System\YiZjSov.exe
  2⤵
  PID:1568
- C:\Windows\System\PNZcqvl.exe
  C:\Windows\System\PNZcqvl.exe
  2⤵
  PID:952
- C:\Windows\System\vqmmCIf.exe
  C:\Windows\System\vqmmCIf.exe
  2⤵
  PID:688
- C:\Windows\System\mHRLuBd.exe
  C:\Windows\System\mHRLuBd.exe
  2⤵
  PID:2144
- C:\Windows\System\AZqoZLs.exe
  C:\Windows\System\AZqoZLs.exe
  2⤵
  PID:2488
- C:\Windows\System\uDPSpaQ.exe
  C:\Windows\System\uDPSpaQ.exe
  2⤵
  PID:2384
- C:\Windows\System\MGtKKAu.exe
  C:\Windows\System\MGtKKAu.exe
  2⤵
  PID:2820
- C:\Windows\System\NFwoiDB.exe
  C:\Windows\System\NFwoiDB.exe
  2⤵
  PID:2848
- C:\Windows\System\ZBTLyFU.exe
  C:\Windows\System\ZBTLyFU.exe
  2⤵
  PID:1984
- C:\Windows\System\SavLPIC.exe
  C:\Windows\System\SavLPIC.exe
  2⤵
  PID:3088
- C:\Windows\System\mNjNgou.exe
  C:\Windows\System\mNjNgou.exe
  2⤵
  PID:3108
- C:\Windows\System\PmvjcUf.exe
  C:\Windows\System\PmvjcUf.exe
  2⤵
  PID:3128
- C:\Windows\System\mUAayxl.exe
  C:\Windows\System\mUAayxl.exe
  2⤵
  PID:3148
- C:\Windows\System\BiROlUl.exe
  C:\Windows\System\BiROlUl.exe
  2⤵
  PID:3168
- C:\Windows\System\POUNzGm.exe
  C:\Windows\System\POUNzGm.exe
  2⤵
  PID:3188
- C:\Windows\System\agfKDpS.exe
  C:\Windows\System\agfKDpS.exe
  2⤵
  PID:3208
- C:\Windows\System\WMAJLVW.exe
  C:\Windows\System\WMAJLVW.exe
  2⤵
  PID:3228
- C:\Windows\System\fCbRoce.exe
  C:\Windows\System\fCbRoce.exe
  2⤵
  PID:3248
- C:\Windows\System\CzYUdHJ.exe
  C:\Windows\System\CzYUdHJ.exe
  2⤵
  PID:3268
- C:\Windows\System\zLmfwbe.exe
  C:\Windows\System\zLmfwbe.exe
  2⤵
  PID:3288
- C:\Windows\System\SCpeWSa.exe
  C:\Windows\System\SCpeWSa.exe
  2⤵
  PID:3308
- C:\Windows\System\ABsPfST.exe
  C:\Windows\System\ABsPfST.exe
  2⤵
  PID:3328
- C:\Windows\System\fYsxlZM.exe
  C:\Windows\System\fYsxlZM.exe
  2⤵
  PID:3348
- C:\Windows\System\XOICLez.exe
  C:\Windows\System\XOICLez.exe
  2⤵
  PID:3368
- C:\Windows\System\cxoscKY.exe
  C:\Windows\System\cxoscKY.exe
  2⤵
  PID:3388
- C:\Windows\System\clGpbhs.exe
  C:\Windows\System\clGpbhs.exe
  2⤵
  PID:3408
- C:\Windows\System\jQmxXmg.exe
  C:\Windows\System\jQmxXmg.exe
  2⤵
  PID:3428
- C:\Windows\System\nfswfru.exe
  C:\Windows\System\nfswfru.exe
  2⤵
  PID:3448
- C:\Windows\System\kWsOWQn.exe
  C:\Windows\System\kWsOWQn.exe
  2⤵
  PID:3468
- C:\Windows\System\MYHDAba.exe
  C:\Windows\System\MYHDAba.exe
  2⤵
  PID:3488
- C:\Windows\System\mDEgJIN.exe
  C:\Windows\System\mDEgJIN.exe
  2⤵
  PID:3508
- C:\Windows\System\jpzvzFl.exe
  C:\Windows\System\jpzvzFl.exe
  2⤵
  PID:3528
- C:\Windows\System\rDJHddW.exe
  C:\Windows\System\rDJHddW.exe
  2⤵
  PID:3548
- C:\Windows\System\TkCUXwk.exe
  C:\Windows\System\TkCUXwk.exe
  2⤵
  PID:3568
- C:\Windows\System\FDHLbDA.exe
  C:\Windows\System\FDHLbDA.exe
  2⤵
  PID:3588
- C:\Windows\System\bEMQmqW.exe
  C:\Windows\System\bEMQmqW.exe
  2⤵
  PID:3608
- C:\Windows\System\YxmCWoP.exe
  C:\Windows\System\YxmCWoP.exe
  2⤵
  PID:3632
- C:\Windows\System\EoDXijh.exe
  C:\Windows\System\EoDXijh.exe
  2⤵
  PID:3652
- C:\Windows\System\yXftooZ.exe
  C:\Windows\System\yXftooZ.exe
  2⤵
  PID:3672
- C:\Windows\System\VWoSoFJ.exe
  C:\Windows\System\VWoSoFJ.exe
  2⤵
  PID:3692
- C:\Windows\System\zjWzbZt.exe
  C:\Windows\System\zjWzbZt.exe
  2⤵
  PID:3712
- C:\Windows\System\hCfOyhM.exe
  C:\Windows\System\hCfOyhM.exe
  2⤵
  PID:3732
- C:\Windows\System\muWdNpD.exe
  C:\Windows\System\muWdNpD.exe
  2⤵
  PID:3752
- C:\Windows\System\FvqdpIk.exe
  C:\Windows\System\FvqdpIk.exe
  2⤵
  PID:3772
- C:\Windows\System\mbEdMAh.exe
  C:\Windows\System\mbEdMAh.exe
  2⤵
  PID:3792
- C:\Windows\System\DFeaHYo.exe
  C:\Windows\System\DFeaHYo.exe
  2⤵
  PID:3812
- C:\Windows\System\xeSegpx.exe
  C:\Windows\System\xeSegpx.exe
  2⤵
  PID:3832
- C:\Windows\System\zjtqKRq.exe
  C:\Windows\System\zjtqKRq.exe
  2⤵
  PID:3852
- C:\Windows\System\Zvyzkeq.exe
  C:\Windows\System\Zvyzkeq.exe
  2⤵
  PID:3872
- C:\Windows\System\cDnWYEp.exe
  C:\Windows\System\cDnWYEp.exe
  2⤵
  PID:3892
- C:\Windows\System\kiyCJGP.exe
  C:\Windows\System\kiyCJGP.exe
  2⤵
  PID:3912
- C:\Windows\System\tONPgMY.exe
  C:\Windows\System\tONPgMY.exe
  2⤵
  PID:3932
- C:\Windows\System\WSpiRHC.exe
  C:\Windows\System\WSpiRHC.exe
  2⤵
  PID:3952
- C:\Windows\System\qwkhCjo.exe
  C:\Windows\System\qwkhCjo.exe
  2⤵
  PID:3972
- C:\Windows\System\KCZJmEf.exe
  C:\Windows\System\KCZJmEf.exe
  2⤵
  PID:3992
- C:\Windows\System\NilOhMt.exe
  C:\Windows\System\NilOhMt.exe
  2⤵
  PID:4012
- C:\Windows\System\gRwmBBG.exe
  C:\Windows\System\gRwmBBG.exe
  2⤵
  PID:4032
- C:\Windows\System\ZWadaIH.exe
  C:\Windows\System\ZWadaIH.exe
  2⤵
  PID:4052
- C:\Windows\System\ZszysCX.exe
  C:\Windows\System\ZszysCX.exe
  2⤵
  PID:4072
- C:\Windows\System\XxDjwZY.exe
  C:\Windows\System\XxDjwZY.exe
  2⤵
  PID:4092
- C:\Windows\System\JUNtPrK.exe
  C:\Windows\System\JUNtPrK.exe
  2⤵
  PID:2196
- C:\Windows\System\MUvRmRp.exe
  C:\Windows\System\MUvRmRp.exe
  2⤵
  PID:1856
- C:\Windows\System\onRQtPY.exe
  C:\Windows\System\onRQtPY.exe
  2⤵
  PID:2788
- C:\Windows\System\wMZtNnW.exe
  C:\Windows\System\wMZtNnW.exe
  2⤵
  PID:1980
- C:\Windows\System\LCLEpZB.exe
  C:\Windows\System\LCLEpZB.exe
  2⤵
  PID:1300
- C:\Windows\System\MOZCNKJ.exe
  C:\Windows\System\MOZCNKJ.exe
  2⤵
  PID:2016
- C:\Windows\System\zDpIxBa.exe
  C:\Windows\System\zDpIxBa.exe
  2⤵
  PID:560
- C:\Windows\System\wzIEsUS.exe
  C:\Windows\System\wzIEsUS.exe
  2⤵
  PID:1588
- C:\Windows\System\FiRVdUh.exe
  C:\Windows\System\FiRVdUh.exe
  2⤵
  PID:1748
- C:\Windows\System\EGuxdiR.exe
  C:\Windows\System\EGuxdiR.exe
  2⤵
  PID:1672
- C:\Windows\System\oZPNfQr.exe
  C:\Windows\System\oZPNfQr.exe
  2⤵
  PID:1864
- C:\Windows\System\quNcuFf.exe
  C:\Windows\System\quNcuFf.exe
  2⤵
  PID:3096
- C:\Windows\System\CWYIahc.exe
  C:\Windows\System\CWYIahc.exe
  2⤵
  PID:3136
- C:\Windows\System\vHvXhJX.exe
  C:\Windows\System\vHvXhJX.exe
  2⤵
  PID:3160
- C:\Windows\System\KKRMFPM.exe
  C:\Windows\System\KKRMFPM.exe
  2⤵
  PID:3196
- C:\Windows\System\svmLsmo.exe
  C:\Windows\System\svmLsmo.exe
  2⤵
  PID:3220
- C:\Windows\System\UsPJawK.exe
  C:\Windows\System\UsPJawK.exe
  2⤵
  PID:3260
- C:\Windows\System\lQwVdaO.exe
  C:\Windows\System\lQwVdaO.exe
  2⤵
  PID:3304
- C:\Windows\System\KUOpJfa.exe
  C:\Windows\System\KUOpJfa.exe
  2⤵
  PID:3336
- C:\Windows\System\ZCZDHBp.exe
  C:\Windows\System\ZCZDHBp.exe
  2⤵
  PID:3360
- C:\Windows\System\JxQEAnK.exe
  C:\Windows\System\JxQEAnK.exe
  2⤵
  PID:3416
- C:\Windows\System\UIjsnbI.exe
  C:\Windows\System\UIjsnbI.exe
  2⤵
  PID:3436
- C:\Windows\System\pmLBbVV.exe
  C:\Windows\System\pmLBbVV.exe
  2⤵
  PID:3464
- C:\Windows\System\KSYzQfi.exe
  C:\Windows\System\KSYzQfi.exe
  2⤵
  PID:3480
- C:\Windows\System\dRLUUGv.exe
  C:\Windows\System\dRLUUGv.exe
  2⤵
  PID:3536
- C:\Windows\System\bfsScte.exe
  C:\Windows\System\bfsScte.exe
  2⤵
  PID:3584
- C:\Windows\System\noaRmtW.exe
  C:\Windows\System\noaRmtW.exe
  2⤵
  PID:3596
- C:\Windows\System\NsGrZrn.exe
  C:\Windows\System\NsGrZrn.exe
  2⤵
  PID:3640
- C:\Windows\System\elLwyfg.exe
  C:\Windows\System\elLwyfg.exe
  2⤵
  PID:3648
- C:\Windows\System\zSShLIu.exe
  C:\Windows\System\zSShLIu.exe
  2⤵
  PID:3704
- C:\Windows\System\MTfKyhZ.exe
  C:\Windows\System\MTfKyhZ.exe
  2⤵
  PID:3728
- C:\Windows\System\fcPkeLP.exe
  C:\Windows\System\fcPkeLP.exe
  2⤵
  PID:3764
- C:\Windows\System\qFggZBy.exe
  C:\Windows\System\qFggZBy.exe
  2⤵
  PID:3828
- C:\Windows\System\yhTJrWs.exe
  C:\Windows\System\yhTJrWs.exe
  2⤵
  PID:3840
- C:\Windows\System\wxBoDXO.exe
  C:\Windows\System\wxBoDXO.exe
  2⤵
  PID:3864
- C:\Windows\System\INEqChw.exe
  C:\Windows\System\INEqChw.exe
  2⤵
  PID:3904
- C:\Windows\System\NRZKlNi.exe
  C:\Windows\System\NRZKlNi.exe
  2⤵
  PID:3944
- C:\Windows\System\CiNfIRp.exe
  C:\Windows\System\CiNfIRp.exe
  2⤵
  PID:3988
- C:\Windows\System\ZTVhzoa.exe
  C:\Windows\System\ZTVhzoa.exe
  2⤵
  PID:4004
- C:\Windows\System\asStKeY.exe
  C:\Windows\System\asStKeY.exe
  2⤵
  PID:4068
- C:\Windows\System\LnxcFyC.exe
  C:\Windows\System\LnxcFyC.exe
  2⤵
  PID:4088
- C:\Windows\System\EozYRNU.exe
  C:\Windows\System\EozYRNU.exe
  2⤵
  PID:2964
- C:\Windows\System\PZEoIdT.exe
  C:\Windows\System\PZEoIdT.exe
  2⤵
  PID:3064
- C:\Windows\System\XuTplni.exe
  C:\Windows\System\XuTplni.exe
  2⤵
  PID:632
- C:\Windows\System\pAvYNOm.exe
  C:\Windows\System\pAvYNOm.exe
  2⤵
  PID:2480
- C:\Windows\System\RFplskQ.exe
  C:\Windows\System\RFplskQ.exe
  2⤵
  PID:1580
- C:\Windows\System\YNQCguG.exe
  C:\Windows\System\YNQCguG.exe
  2⤵
  PID:3084
- C:\Windows\System\lyiUdtI.exe
  C:\Windows\System\lyiUdtI.exe
  2⤵
  PID:3076
- C:\Windows\System\JCeHGsP.exe
  C:\Windows\System\JCeHGsP.exe
  2⤵
  PID:3164
- C:\Windows\System\vXIpsRm.exe
  C:\Windows\System\vXIpsRm.exe
  2⤵
  PID:3200
- C:\Windows\System\DmWgfEp.exe
  C:\Windows\System\DmWgfEp.exe
  2⤵
  PID:3284
- C:\Windows\System\dqDtWXr.exe
  C:\Windows\System\dqDtWXr.exe
  2⤵
  PID:3384
- C:\Windows\System\fTIBpaN.exe
  C:\Windows\System\fTIBpaN.exe
  2⤵
  PID:3420
- C:\Windows\System\axnPtcY.exe
  C:\Windows\System\axnPtcY.exe
  2⤵
  PID:3456
- C:\Windows\System\rgoKMkv.exe
  C:\Windows\System\rgoKMkv.exe
  2⤵
  PID:3520
- C:\Windows\System\mxSzmOV.exe
  C:\Windows\System\mxSzmOV.exe
  2⤵
  PID:3540
- C:\Windows\System\zKUhvid.exe
  C:\Windows\System\zKUhvid.exe
  2⤵
  PID:2636
- C:\Windows\System\mgByerF.exe
  C:\Windows\System\mgByerF.exe
  2⤵
  PID:3700
- C:\Windows\System\bafmBpe.exe
  C:\Windows\System\bafmBpe.exe
  2⤵
  PID:3744
- C:\Windows\System\ozfqLVF.exe
  C:\Windows\System\ozfqLVF.exe
  2⤵
  PID:3820
- C:\Windows\System\XmrKxAX.exe
  C:\Windows\System\XmrKxAX.exe
  2⤵
  PID:3884
- C:\Windows\System\YtwZzWg.exe
  C:\Windows\System\YtwZzWg.exe
  2⤵
  PID:3940
- C:\Windows\System\hINAqfW.exe
  C:\Windows\System\hINAqfW.exe
  2⤵
  PID:4020
- C:\Windows\System\uMMqLtM.exe
  C:\Windows\System\uMMqLtM.exe
  2⤵
  PID:4040
- C:\Windows\System\PpLjIAw.exe
  C:\Windows\System\PpLjIAw.exe
  2⤵
  PID:4080
- C:\Windows\System\HMtvXHM.exe
  C:\Windows\System\HMtvXHM.exe
  2⤵
  PID:2344
- C:\Windows\System\imAbXhU.exe
  C:\Windows\System\imAbXhU.exe
  2⤵
  PID:896
- C:\Windows\System\EMjtHBi.exe
  C:\Windows\System\EMjtHBi.exe
  2⤵
  PID:2312
- C:\Windows\System\QlJCtld.exe
  C:\Windows\System\QlJCtld.exe
  2⤵
  PID:3180
- C:\Windows\System\UjoeVbH.exe
  C:\Windows\System\UjoeVbH.exe
  2⤵
  PID:3224
- C:\Windows\System\DGyGpex.exe
  C:\Windows\System\DGyGpex.exe
  2⤵
  PID:3316
- C:\Windows\System\AXHxSJo.exe
  C:\Windows\System\AXHxSJo.exe
  2⤵
  PID:4108
- C:\Windows\System\LxpsHES.exe
  C:\Windows\System\LxpsHES.exe
  2⤵
  PID:4128
- C:\Windows\System\GOHIEza.exe
  C:\Windows\System\GOHIEza.exe
  2⤵
  PID:4148
- C:\Windows\System\vsoBpjJ.exe
  C:\Windows\System\vsoBpjJ.exe
  2⤵
  PID:4168
- C:\Windows\System\ktfzMvM.exe
  C:\Windows\System\ktfzMvM.exe
  2⤵
  PID:4188
- C:\Windows\System\NgUGiUz.exe
  C:\Windows\System\NgUGiUz.exe
  2⤵
  PID:4208
- C:\Windows\System\Tkjdffu.exe
  C:\Windows\System\Tkjdffu.exe
  2⤵
  PID:4228
- C:\Windows\System\GiAmoOl.exe
  C:\Windows\System\GiAmoOl.exe
  2⤵
  PID:4248
- C:\Windows\System\IwVIwOj.exe
  C:\Windows\System\IwVIwOj.exe
  2⤵
  PID:4272
- C:\Windows\System\guHfwFg.exe
  C:\Windows\System\guHfwFg.exe
  2⤵
  PID:4292
- C:\Windows\System\ZhBsjzH.exe
  C:\Windows\System\ZhBsjzH.exe
  2⤵
  PID:4312
- C:\Windows\System\UhmawBd.exe
  C:\Windows\System\UhmawBd.exe
  2⤵
  PID:4332
- C:\Windows\System\yqcbSlH.exe
  C:\Windows\System\yqcbSlH.exe
  2⤵
  PID:4352
- C:\Windows\System\LDQgpHI.exe
  C:\Windows\System\LDQgpHI.exe
  2⤵
  PID:4372
- C:\Windows\System\PSDhvEw.exe
  C:\Windows\System\PSDhvEw.exe
  2⤵
  PID:4392
- C:\Windows\System\IsgdvDc.exe
  C:\Windows\System\IsgdvDc.exe
  2⤵
  PID:4412
- C:\Windows\System\YhNQYiY.exe
  C:\Windows\System\YhNQYiY.exe
  2⤵
  PID:4432
- C:\Windows\System\UKiShGQ.exe
  C:\Windows\System\UKiShGQ.exe
  2⤵
  PID:4452
- C:\Windows\System\RnypMrJ.exe
  C:\Windows\System\RnypMrJ.exe
  2⤵
  PID:4472
- C:\Windows\System\WMgyIbG.exe
  C:\Windows\System\WMgyIbG.exe
  2⤵
  PID:4492
- C:\Windows\System\ITbyoHj.exe
  C:\Windows\System\ITbyoHj.exe
  2⤵
  PID:4512
- C:\Windows\System\LmfJYre.exe
  C:\Windows\System\LmfJYre.exe
  2⤵
  PID:4532
- C:\Windows\System\iPZPABK.exe
  C:\Windows\System\iPZPABK.exe
  2⤵
  PID:4552
- C:\Windows\System\WgxeocG.exe
  C:\Windows\System\WgxeocG.exe
  2⤵
  PID:4572
- C:\Windows\System\xydJFKr.exe
  C:\Windows\System\xydJFKr.exe
  2⤵
  PID:4592
- C:\Windows\System\ZtQNkyM.exe
  C:\Windows\System\ZtQNkyM.exe
  2⤵
  PID:4612
- C:\Windows\System\KwcjllX.exe
  C:\Windows\System\KwcjllX.exe
  2⤵
  PID:4632
- C:\Windows\System\lHWZtQR.exe
  C:\Windows\System\lHWZtQR.exe
  2⤵
  PID:4652
- C:\Windows\System\jWuswma.exe
  C:\Windows\System\jWuswma.exe
  2⤵
  PID:4672
- C:\Windows\System\OzBzFUA.exe
  C:\Windows\System\OzBzFUA.exe
  2⤵
  PID:4692
- C:\Windows\System\XHwjSTw.exe
  C:\Windows\System\XHwjSTw.exe
  2⤵
  PID:4712
- C:\Windows\System\tlQaJFB.exe
  C:\Windows\System\tlQaJFB.exe
  2⤵
  PID:4732
- C:\Windows\System\nIFPvBj.exe
  C:\Windows\System\nIFPvBj.exe
  2⤵
  PID:4752
- C:\Windows\System\HQSFHpF.exe
  C:\Windows\System\HQSFHpF.exe
  2⤵
  PID:4772
- C:\Windows\System\VNlMjwX.exe
  C:\Windows\System\VNlMjwX.exe
  2⤵
  PID:4792
- C:\Windows\System\AIdRYBK.exe
  C:\Windows\System\AIdRYBK.exe
  2⤵
  PID:4812
- C:\Windows\System\tMwswBL.exe
  C:\Windows\System\tMwswBL.exe
  2⤵
  PID:4828
- C:\Windows\System\OSkycuh.exe
  C:\Windows\System\OSkycuh.exe
  2⤵
  PID:4848
- C:\Windows\System\UwqJeKu.exe
  C:\Windows\System\UwqJeKu.exe
  2⤵
  PID:4872
- C:\Windows\System\edgaeLl.exe
  C:\Windows\System\edgaeLl.exe
  2⤵
  PID:4892
- C:\Windows\System\wRbrhoy.exe
  C:\Windows\System\wRbrhoy.exe
  2⤵
  PID:4912
- C:\Windows\System\VnlJdBg.exe
  C:\Windows\System\VnlJdBg.exe
  2⤵
  PID:4932
- C:\Windows\System\TOzTrLz.exe
  C:\Windows\System\TOzTrLz.exe
  2⤵
  PID:4952
- C:\Windows\System\NycACKO.exe
  C:\Windows\System\NycACKO.exe
  2⤵
  PID:4972
- C:\Windows\System\sfLeoFT.exe
  C:\Windows\System\sfLeoFT.exe
  2⤵
  PID:4992
- C:\Windows\System\pbKHHhy.exe
  C:\Windows\System\pbKHHhy.exe
  2⤵
  PID:5012
- C:\Windows\System\bvnoLeM.exe
  C:\Windows\System\bvnoLeM.exe
  2⤵
  PID:5032
- C:\Windows\System\bdMOFem.exe
  C:\Windows\System\bdMOFem.exe
  2⤵
  PID:5056
- C:\Windows\System\RAwMxOU.exe
  C:\Windows\System\RAwMxOU.exe
  2⤵
  PID:5076
- C:\Windows\System\xgAAHkz.exe
  C:\Windows\System\xgAAHkz.exe
  2⤵
  PID:5096
- C:\Windows\System\npwalYm.exe
  C:\Windows\System\npwalYm.exe
  2⤵
  PID:5116
- C:\Windows\System\DyRPawy.exe
  C:\Windows\System\DyRPawy.exe
  2⤵
  PID:3400
- C:\Windows\System\DVaFgmB.exe
  C:\Windows\System\DVaFgmB.exe
  2⤵
  PID:3604
- C:\Windows\System\CmfsKlK.exe
  C:\Windows\System\CmfsKlK.exe
  2⤵
  PID:3616
- C:\Windows\System\CMBJgqf.exe
  C:\Windows\System\CMBJgqf.exe
  2⤵
  PID:3768
- C:\Windows\System\duIpTAl.exe
  C:\Windows\System\duIpTAl.exe
  2⤵
  PID:3888
- C:\Windows\System\gUsmfiT.exe
  C:\Windows\System\gUsmfiT.exe
  2⤵
  PID:3928
- C:\Windows\System\WsPAkJu.exe
  C:\Windows\System\WsPAkJu.exe
  2⤵
  PID:4048
- C:\Windows\System\KaNQGSR.exe
  C:\Windows\System\KaNQGSR.exe
  2⤵
  PID:1236
- C:\Windows\System\yOPKFRF.exe
  C:\Windows\System\yOPKFRF.exe
  2⤵
  PID:3124
- C:\Windows\System\RjuJcvG.exe
  C:\Windows\System\RjuJcvG.exe
  2⤵
  PID:3080
- C:\Windows\System\EpGdKuO.exe
  C:\Windows\System\EpGdKuO.exe
  2⤵
  PID:3280
- C:\Windows\System\PAiGpnL.exe
  C:\Windows\System\PAiGpnL.exe
  2⤵
  PID:4116
- C:\Windows\System\oTUnJHP.exe
  C:\Windows\System\oTUnJHP.exe
  2⤵
  PID:4140
- C:\Windows\System\TTdMFNs.exe
  C:\Windows\System\TTdMFNs.exe
  2⤵
  PID:4184
- C:\Windows\System\hvaTYIO.exe
  C:\Windows\System\hvaTYIO.exe
  2⤵
  PID:4200
- C:\Windows\System\ppBuNHL.exe
  C:\Windows\System\ppBuNHL.exe
  2⤵
  PID:4256
- C:\Windows\System\xnFiLrx.exe
  C:\Windows\System\xnFiLrx.exe
  2⤵
  PID:4300
- C:\Windows\System\KCesRhM.exe
  C:\Windows\System\KCesRhM.exe
  2⤵
  PID:4320
- C:\Windows\System\XGpMzgv.exe
  C:\Windows\System\XGpMzgv.exe
  2⤵
  PID:4344
- C:\Windows\System\BhuLewj.exe
  C:\Windows\System\BhuLewj.exe
  2⤵
  PID:4364
- C:\Windows\System\GvJEBBu.exe
  C:\Windows\System\GvJEBBu.exe
  2⤵
  PID:4424
- C:\Windows\System\aWjaNUs.exe
  C:\Windows\System\aWjaNUs.exe
  2⤵
  PID:4440
- C:\Windows\System\oStdRlA.exe
  C:\Windows\System\oStdRlA.exe
  2⤵
  PID:4480
- C:\Windows\System\xzTSYlM.exe
  C:\Windows\System\xzTSYlM.exe
  2⤵
  PID:4520
- C:\Windows\System\ZbnHAOs.exe
  C:\Windows\System\ZbnHAOs.exe
  2⤵
  PID:4544
- C:\Windows\System\ukwCMlZ.exe
  C:\Windows\System\ukwCMlZ.exe
  2⤵
  PID:4588
- C:\Windows\System\sBfSvxQ.exe
  C:\Windows\System\sBfSvxQ.exe
  2⤵
  PID:4604
- C:\Windows\System\dUibrTB.exe
  C:\Windows\System\dUibrTB.exe
  2⤵
  PID:4668
- C:\Windows\System\McjdOhn.exe
  C:\Windows\System\McjdOhn.exe
  2⤵
  PID:4708
- C:\Windows\System\sgKBpnI.exe
  C:\Windows\System\sgKBpnI.exe
  2⤵
  PID:4720
- C:\Windows\System\ZInuFDc.exe
  C:\Windows\System\ZInuFDc.exe
  2⤵
  PID:4744
- C:\Windows\System\xdeqpuP.exe
  C:\Windows\System\xdeqpuP.exe
  2⤵
  PID:4764
- C:\Windows\System\jfSRmLr.exe
  C:\Windows\System\jfSRmLr.exe
  2⤵
  PID:4804
- C:\Windows\System\oJdNXUD.exe
  C:\Windows\System\oJdNXUD.exe
  2⤵
  PID:4864
- C:\Windows\System\rnyjfVl.exe
  C:\Windows\System\rnyjfVl.exe
  2⤵
  PID:4908
- C:\Windows\System\LYlKCkT.exe
  C:\Windows\System\LYlKCkT.exe
  2⤵
  PID:4920
- C:\Windows\System\FrlxIHf.exe
  C:\Windows\System\FrlxIHf.exe
  2⤵
  PID:4980
- C:\Windows\System\GTXPtuQ.exe
  C:\Windows\System\GTXPtuQ.exe
  2⤵
  PID:4984
- C:\Windows\System\AbDiADq.exe
  C:\Windows\System\AbDiADq.exe
  2⤵
  PID:5028
- C:\Windows\System\VWCQikI.exe
  C:\Windows\System\VWCQikI.exe
  2⤵
  PID:5052
- C:\Windows\System\wQSzPTV.exe
  C:\Windows\System\wQSzPTV.exe
  2⤵
  PID:5092
- C:\Windows\System\OGWsYWU.exe
  C:\Windows\System\OGWsYWU.exe
  2⤵
  PID:3516
- C:\Windows\System\lpAcyQU.exe
  C:\Windows\System\lpAcyQU.exe
  2⤵
  PID:3660
- C:\Windows\System\fYiENQF.exe
  C:\Windows\System\fYiENQF.exe
  2⤵
  PID:3760
- C:\Windows\System\SZBLCOr.exe
  C:\Windows\System\SZBLCOr.exe
  2⤵
  PID:3860
- C:\Windows\System\nIKiAZQ.exe
  C:\Windows\System\nIKiAZQ.exe
  2⤵
  PID:3960
- C:\Windows\System\TGxKrXT.exe
  C:\Windows\System\TGxKrXT.exe
  2⤵
  PID:2112
- C:\Windows\System\rpwUUWh.exe
  C:\Windows\System\rpwUUWh.exe
  2⤵
  PID:3244
- C:\Windows\System\efOiYzO.exe
  C:\Windows\System\efOiYzO.exe
  2⤵
  PID:4136
- C:\Windows\System\EsuZLrM.exe
  C:\Windows\System\EsuZLrM.exe
  2⤵
  PID:4160
- C:\Windows\System\JMExHPC.exe
  C:\Windows\System\JMExHPC.exe
  2⤵
  PID:4216
- C:\Windows\System\SzHfdRm.exe
  C:\Windows\System\SzHfdRm.exe
  2⤵
  PID:4288
- C:\Windows\System\FEJkXoU.exe
  C:\Windows\System\FEJkXoU.exe
  2⤵
  PID:4368
- C:\Windows\System\qtbbDBl.exe
  C:\Windows\System\qtbbDBl.exe
  2⤵
  PID:4428
- C:\Windows\System\BuOacxx.exe
  C:\Windows\System\BuOacxx.exe
  2⤵
  PID:4464
- C:\Windows\System\QcgxphH.exe
  C:\Windows\System\QcgxphH.exe
  2⤵
  PID:4504
- C:\Windows\System\NxvMGdA.exe
  C:\Windows\System\NxvMGdA.exe
  2⤵
  PID:4568
- C:\Windows\System\DeknVUy.exe
  C:\Windows\System\DeknVUy.exe
  2⤵
  PID:4624
- C:\Windows\System\ITfPBiw.exe
  C:\Windows\System\ITfPBiw.exe
  2⤵
  PID:4664
- C:\Windows\System\OZWnqCu.exe
  C:\Windows\System\OZWnqCu.exe
  2⤵
  PID:4724
- C:\Windows\System\HMuBuER.exe
  C:\Windows\System\HMuBuER.exe
  2⤵
  PID:4800
- C:\Windows\System\OXgzhQg.exe
  C:\Windows\System\OXgzhQg.exe
  2⤵
  PID:4860
- C:\Windows\System\voivCqZ.exe
  C:\Windows\System\voivCqZ.exe
  2⤵
  PID:4880
- C:\Windows\System\RcIJKdO.exe
  C:\Windows\System\RcIJKdO.exe
  2⤵
  PID:4964
- C:\Windows\System\FRXCSRA.exe
  C:\Windows\System\FRXCSRA.exe
  2⤵
  PID:5008
- C:\Windows\System\DWrPcHA.exe
  C:\Windows\System\DWrPcHA.exe
  2⤵
  PID:5112
- C:\Windows\System\nnWmsMS.exe
  C:\Windows\System\nnWmsMS.exe
  2⤵
  PID:3404
- C:\Windows\System\OXSaeEz.exe
  C:\Windows\System\OXSaeEz.exe
  2⤵
  PID:3628
- C:\Windows\System\qOlyXhk.exe
  C:\Windows\System\qOlyXhk.exe
  2⤵
  PID:3848
- C:\Windows\System\gfUGHiO.exe
  C:\Windows\System\gfUGHiO.exe
  2⤵
  PID:3236
- C:\Windows\System\pmkvOvk.exe
  C:\Windows\System\pmkvOvk.exe
  2⤵
  PID:3320
- C:\Windows\System\mDTNodv.exe
  C:\Windows\System\mDTNodv.exe
  2⤵
  PID:4204
- C:\Windows\System\IGhjoPE.exe
  C:\Windows\System\IGhjoPE.exe
  2⤵
  PID:4284
- C:\Windows\System\mDKTbZu.exe
  C:\Windows\System\mDKTbZu.exe
  2⤵
  PID:5132
- C:\Windows\System\edspPug.exe
  C:\Windows\System\edspPug.exe
  2⤵
  PID:5152
- C:\Windows\System\MaEQmxR.exe
  C:\Windows\System\MaEQmxR.exe
  2⤵
  PID:5172
- C:\Windows\System\ZKEWbsE.exe
  C:\Windows\System\ZKEWbsE.exe
  2⤵
  PID:5192
- C:\Windows\System\UbqHVzK.exe
  C:\Windows\System\UbqHVzK.exe
  2⤵
  PID:5212
- C:\Windows\System\jmlpoFa.exe
  C:\Windows\System\jmlpoFa.exe
  2⤵
  PID:5232
- C:\Windows\System\tKpeBkn.exe
  C:\Windows\System\tKpeBkn.exe
  2⤵
  PID:5252
- C:\Windows\System\JqdsqCO.exe
  C:\Windows\System\JqdsqCO.exe
  2⤵
  PID:5272
- C:\Windows\System\pFHVRzV.exe
  C:\Windows\System\pFHVRzV.exe
  2⤵
  PID:5292
- C:\Windows\System\sMwARnc.exe
  C:\Windows\System\sMwARnc.exe
  2⤵
  PID:5312
- C:\Windows\System\HWpfdqN.exe
  C:\Windows\System\HWpfdqN.exe
  2⤵
  PID:5332
- C:\Windows\System\vXnQRku.exe
  C:\Windows\System\vXnQRku.exe
  2⤵
  PID:5352
- C:\Windows\System\zXlhaki.exe
  C:\Windows\System\zXlhaki.exe
  2⤵
  PID:5372
- C:\Windows\System\EbBhpVV.exe
  C:\Windows\System\EbBhpVV.exe
  2⤵
  PID:5392
- C:\Windows\System\CkzDHrV.exe
  C:\Windows\System\CkzDHrV.exe
  2⤵
  PID:5412
- C:\Windows\System\UNrDQMi.exe
  C:\Windows\System\UNrDQMi.exe
  2⤵
  PID:5432
- C:\Windows\System\UQycUFz.exe
  C:\Windows\System\UQycUFz.exe
  2⤵
  PID:5452
- C:\Windows\System\nTikVxp.exe
  C:\Windows\System\nTikVxp.exe
  2⤵
  PID:5472
- C:\Windows\System\CzZiEgI.exe
  C:\Windows\System\CzZiEgI.exe
  2⤵
  PID:5492
- C:\Windows\System\QFvPcvq.exe
  C:\Windows\System\QFvPcvq.exe
  2⤵
  PID:5512
- C:\Windows\System\TvnEPSh.exe
  C:\Windows\System\TvnEPSh.exe
  2⤵
  PID:5532
- C:\Windows\System\VVBWHbU.exe
  C:\Windows\System\VVBWHbU.exe
  2⤵
  PID:5552
- C:\Windows\System\hyHbiNC.exe
  C:\Windows\System\hyHbiNC.exe
  2⤵
  PID:5572
- C:\Windows\System\vIrMJZq.exe
  C:\Windows\System\vIrMJZq.exe
  2⤵
  PID:5592
- C:\Windows\System\wUgvcVi.exe
  C:\Windows\System\wUgvcVi.exe
  2⤵
  PID:5612
- C:\Windows\System\FMFabVO.exe
  C:\Windows\System\FMFabVO.exe
  2⤵
  PID:5632
- C:\Windows\System\rpneEua.exe
  C:\Windows\System\rpneEua.exe
  2⤵
  PID:5652
- C:\Windows\System\gBjETan.exe
  C:\Windows\System\gBjETan.exe
  2⤵
  PID:5672
- C:\Windows\System\WddLSFy.exe
  C:\Windows\System\WddLSFy.exe
  2⤵
  PID:5692
- C:\Windows\System\jYzNkkb.exe
  C:\Windows\System\jYzNkkb.exe
  2⤵
  PID:5712
- C:\Windows\System\StqvJzK.exe
  C:\Windows\System\StqvJzK.exe
  2⤵
  PID:5732
- C:\Windows\System\SGGijIf.exe
  C:\Windows\System\SGGijIf.exe
  2⤵
  PID:5752
- C:\Windows\System\dvPgqip.exe
  C:\Windows\System\dvPgqip.exe
  2⤵
  PID:5772
- C:\Windows\System\DvPPATG.exe
  C:\Windows\System\DvPPATG.exe
  2⤵
  PID:5792
- C:\Windows\System\NiwfMCj.exe
  C:\Windows\System\NiwfMCj.exe
  2⤵
  PID:5812
- C:\Windows\System\UvkSBMk.exe
  C:\Windows\System\UvkSBMk.exe
  2⤵
  PID:5832
- C:\Windows\System\OMICGYG.exe
  C:\Windows\System\OMICGYG.exe
  2⤵
  PID:5852
- C:\Windows\System\MvRpSaU.exe
  C:\Windows\System\MvRpSaU.exe
  2⤵
  PID:5872
- C:\Windows\System\FTEuzBn.exe
  C:\Windows\System\FTEuzBn.exe
  2⤵
  PID:5896
- C:\Windows\System\gCyRFKs.exe
  C:\Windows\System\gCyRFKs.exe
  2⤵
  PID:5916
- C:\Windows\System\jmaavpc.exe
  C:\Windows\System\jmaavpc.exe
  2⤵
  PID:5936
- C:\Windows\System\LKbKXfx.exe
  C:\Windows\System\LKbKXfx.exe
  2⤵
  PID:5956
- C:\Windows\System\zOMlVnr.exe
  C:\Windows\System\zOMlVnr.exe
  2⤵
  PID:5976
- C:\Windows\System\tRBKHdW.exe
  C:\Windows\System\tRBKHdW.exe
  2⤵
  PID:5996
- C:\Windows\System\WIqNMMG.exe
  C:\Windows\System\WIqNMMG.exe
  2⤵
  PID:6016
- C:\Windows\System\CjECFdZ.exe
  C:\Windows\System\CjECFdZ.exe
  2⤵
  PID:6036
- C:\Windows\System\VYLVqLQ.exe
  C:\Windows\System\VYLVqLQ.exe
  2⤵
  PID:6056
- C:\Windows\System\HpRWyXs.exe
  C:\Windows\System\HpRWyXs.exe
  2⤵
  PID:6076
- C:\Windows\System\OHnmAyi.exe
  C:\Windows\System\OHnmAyi.exe
  2⤵
  PID:6096
- C:\Windows\System\LXoQQGI.exe
  C:\Windows\System\LXoQQGI.exe
  2⤵
  PID:6116
- C:\Windows\System\EQhqdJK.exe
  C:\Windows\System\EQhqdJK.exe
  2⤵
  PID:6136
- C:\Windows\System\MMBPRLT.exe
  C:\Windows\System\MMBPRLT.exe
  2⤵
  PID:4468
- C:\Windows\System\jLlqNwa.exe
  C:\Windows\System\jLlqNwa.exe
  2⤵
  PID:4488
- C:\Windows\System\bGNMwdf.exe
  C:\Windows\System\bGNMwdf.exe
  2⤵
  PID:4580
- C:\Windows\System\YWefiGW.exe
  C:\Windows\System\YWefiGW.exe
  2⤵
  PID:4644
- C:\Windows\System\WSAGYUo.exe
  C:\Windows\System\WSAGYUo.exe
  2⤵
  PID:4844
- C:\Windows\System\rkpIvMn.exe
  C:\Windows\System\rkpIvMn.exe
  2⤵
  PID:4924
- C:\Windows\System\CAwOeRE.exe
  C:\Windows\System\CAwOeRE.exe
  2⤵
  PID:4944
- C:\Windows\System\BaPhFkk.exe
  C:\Windows\System\BaPhFkk.exe
  2⤵
  PID:5064
- C:\Windows\System\IkvmRCK.exe
  C:\Windows\System\IkvmRCK.exe
  2⤵
  PID:5104
- C:\Windows\System\rnPcUvs.exe
  C:\Windows\System\rnPcUvs.exe
  2⤵
  PID:3216
- C:\Windows\System\hBvamMl.exe
  C:\Windows\System\hBvamMl.exe
  2⤵
  PID:4120
- C:\Windows\System\jJWQFUY.exe
  C:\Windows\System\jJWQFUY.exe
  2⤵
  PID:4324
- C:\Windows\System\ddLFcrJ.exe
  C:\Windows\System\ddLFcrJ.exe
  2⤵
  PID:5160
- C:\Windows\System\IyRcdUh.exe
  C:\Windows\System\IyRcdUh.exe
  2⤵
  PID:5164
- C:\Windows\System\zCoSJoF.exe
  C:\Windows\System\zCoSJoF.exe
  2⤵
  PID:5184
- C:\Windows\System\HvuLQVE.exe
  C:\Windows\System\HvuLQVE.exe
  2⤵
  PID:5240
- C:\Windows\System\PjxtklK.exe
  C:\Windows\System\PjxtklK.exe
  2⤵
  PID:5280
- C:\Windows\System\knHwJuN.exe
  C:\Windows\System\knHwJuN.exe
  2⤵
  PID:5300
- C:\Windows\System\DgmGOSB.exe
  C:\Windows\System\DgmGOSB.exe
  2⤵
  PID:5360
- C:\Windows\System\OZeGjFb.exe
  C:\Windows\System\OZeGjFb.exe
  2⤵
  PID:5364
- C:\Windows\System\ctdAifF.exe
  C:\Windows\System\ctdAifF.exe
  2⤵
  PID:5384
- C:\Windows\System\tWaiXZh.exe
  C:\Windows\System\tWaiXZh.exe
  2⤵
  PID:5424
- C:\Windows\System\PqYivrs.exe
  C:\Windows\System\PqYivrs.exe
  2⤵
  PID:5468
- C:\Windows\System\yfgARrp.exe
  C:\Windows\System\yfgARrp.exe
  2⤵
  PID:5508
- C:\Windows\System\BVPYAru.exe
  C:\Windows\System\BVPYAru.exe
  2⤵
  PID:5560
- C:\Windows\System\jJLFEym.exe
  C:\Windows\System\jJLFEym.exe
  2⤵
  PID:5564
- C:\Windows\System\hMOVbVF.exe
  C:\Windows\System\hMOVbVF.exe
  2⤵
  PID:5604
- C:\Windows\System\EvgbyZV.exe
  C:\Windows\System\EvgbyZV.exe
  2⤵
  PID:5644
- C:\Windows\System\SHTLVxl.exe
  C:\Windows\System\SHTLVxl.exe
  2⤵
  PID:5688
- C:\Windows\System\CzOtOWg.exe
  C:\Windows\System\CzOtOWg.exe
  2⤵
  PID:5700
- C:\Windows\System\oiFXQsX.exe
  C:\Windows\System\oiFXQsX.exe
  2⤵
  PID:5768
- C:\Windows\System\phcbyws.exe
  C:\Windows\System\phcbyws.exe
  2⤵
  PID:5780
- C:\Windows\System\GRhBAGg.exe
  C:\Windows\System\GRhBAGg.exe
  2⤵
  PID:5804
- C:\Windows\System\RvnENUr.exe
  C:\Windows\System\RvnENUr.exe
  2⤵
  PID:5848
- C:\Windows\System\blaJAIr.exe
  C:\Windows\System\blaJAIr.exe
  2⤵
  PID:5884
- C:\Windows\System\dounZzL.exe
  C:\Windows\System\dounZzL.exe
  2⤵
  PID:5908
- C:\Windows\System\VIYBJya.exe
  C:\Windows\System\VIYBJya.exe
  2⤵
  PID:5964
- C:\Windows\System\tKVUInd.exe
  C:\Windows\System\tKVUInd.exe
  2⤵
  PID:5984
- C:\Windows\System\qBDSYAB.exe
  C:\Windows\System\qBDSYAB.exe
  2⤵
  PID:6008
- C:\Windows\System\JGazcpC.exe
  C:\Windows\System\JGazcpC.exe
  2⤵
  PID:6028
- C:\Windows\System\hgahQRP.exe
  C:\Windows\System\hgahQRP.exe
  2⤵
  PID:6072
- C:\Windows\System\wemrPyy.exe
  C:\Windows\System\wemrPyy.exe
  2⤵
  PID:6108
- C:\Windows\System\kalPWmQ.exe
  C:\Windows\System\kalPWmQ.exe
  2⤵
  PID:4388
- C:\Windows\System\bzMKHif.exe
  C:\Windows\System\bzMKHif.exe
  2⤵
  PID:4600
- C:\Windows\System\eEyfHQS.exe
  C:\Windows\System\eEyfHQS.exe
  2⤵
  PID:4684
- C:\Windows\System\OzHroLm.exe
  C:\Windows\System\OzHroLm.exe
  2⤵
  PID:4900
- C:\Windows\System\ztGCqch.exe
  C:\Windows\System\ztGCqch.exe
  2⤵
  PID:4884
- C:\Windows\System\qnuWEXT.exe
  C:\Windows\System\qnuWEXT.exe
  2⤵
  PID:3908
- C:\Windows\System\LDcgjJt.exe
  C:\Windows\System\LDcgjJt.exe
  2⤵
  PID:4164
- C:\Windows\System\zVhsBJH.exe
  C:\Windows\System\zVhsBJH.exe
  2⤵
  PID:4280
- C:\Windows\System\WpCQkhS.exe
  C:\Windows\System\WpCQkhS.exe
  2⤵
  PID:5144
- C:\Windows\System\ArDYBoR.exe
  C:\Windows\System\ArDYBoR.exe
  2⤵
  PID:5224
- C:\Windows\System\waylvks.exe
  C:\Windows\System\waylvks.exe
  2⤵
  PID:5260
- C:\Windows\System\zOIdXbI.exe
  C:\Windows\System\zOIdXbI.exe
  2⤵
  PID:5348
- C:\Windows\System\jcSvwtR.exe
  C:\Windows\System\jcSvwtR.exe
  2⤵
  PID:5420
- C:\Windows\System\ytwcRPi.exe
  C:\Windows\System\ytwcRPi.exe
  2⤵
  PID:5444
- C:\Windows\System\ZTlYlWQ.exe
  C:\Windows\System\ZTlYlWQ.exe
  2⤵
  PID:5484
- C:\Windows\System\JwSAryd.exe
  C:\Windows\System\JwSAryd.exe
  2⤵
  PID:5544
- C:\Windows\System\fGYGIGd.exe
  C:\Windows\System\fGYGIGd.exe
  2⤵
  PID:5628
- C:\Windows\System\nePxyGg.exe
  C:\Windows\System\nePxyGg.exe
  2⤵
  PID:5680
- C:\Windows\System\QtWxwPS.exe
  C:\Windows\System\QtWxwPS.exe
  2⤵
  PID:5764
- C:\Windows\System\bqTBSxd.exe
  C:\Windows\System\bqTBSxd.exe
  2⤵
  PID:5784
- C:\Windows\System\wjMmPna.exe
  C:\Windows\System\wjMmPna.exe
  2⤵
  PID:5824
- C:\Windows\System\RTbfKNX.exe
  C:\Windows\System\RTbfKNX.exe
  2⤵
  PID:5912
- C:\Windows\System\GDxlXxB.exe
  C:\Windows\System\GDxlXxB.exe
  2⤵
  PID:5968
- C:\Windows\System\uGZLFmt.exe
  C:\Windows\System\uGZLFmt.exe
  2⤵
  PID:5988
- C:\Windows\System\KOaEgoI.exe
  C:\Windows\System\KOaEgoI.exe
  2⤵
  PID:6088
- C:\Windows\System\WxyZUuS.exe
  C:\Windows\System\WxyZUuS.exe
  2⤵
  PID:4340
- C:\Windows\System\OudTiyF.exe
  C:\Windows\System\OudTiyF.exe
  2⤵
  PID:4620
- C:\Windows\System\xltBYpu.exe
  C:\Windows\System\xltBYpu.exe
  2⤵
  PID:4640
- C:\Windows\System\spCHJBT.exe
  C:\Windows\System\spCHJBT.exe
  2⤵
  PID:3740
- C:\Windows\System\LWfRQjL.exe
  C:\Windows\System\LWfRQjL.exe
  2⤵
  PID:2136
- C:\Windows\System\uNcNVXM.exe
  C:\Windows\System\uNcNVXM.exe
  2⤵
  PID:5200
- C:\Windows\System\JfybSDz.exe
  C:\Windows\System\JfybSDz.exe
  2⤵
  PID:5268
- C:\Windows\System\ujPESae.exe
  C:\Windows\System\ujPESae.exe
  2⤵
  PID:5328
- C:\Windows\System\ISGqYcR.exe
  C:\Windows\System\ISGqYcR.exe
  2⤵
  PID:5428
- C:\Windows\System\dVEgMen.exe
  C:\Windows\System\dVEgMen.exe
  2⤵
  PID:5568
- C:\Windows\System\OnVlSKU.exe
  C:\Windows\System\OnVlSKU.exe
  2⤵
  PID:5584
- C:\Windows\System\LWFIEIH.exe
  C:\Windows\System\LWFIEIH.exe
  2⤵
  PID:5720
- C:\Windows\System\JpkDiGF.exe
  C:\Windows\System\JpkDiGF.exe
  2⤵
  PID:5788
- C:\Windows\System\SvoHTnv.exe
  C:\Windows\System\SvoHTnv.exe
  2⤵
  PID:6156
- C:\Windows\System\PUcKawe.exe
  C:\Windows\System\PUcKawe.exe
  2⤵
  PID:6176
- C:\Windows\System\nzZGvOh.exe
  C:\Windows\System\nzZGvOh.exe
  2⤵
  PID:6196
- C:\Windows\System\PGZesyS.exe
  C:\Windows\System\PGZesyS.exe
  2⤵
  PID:6216
- C:\Windows\System\NwloWmC.exe
  C:\Windows\System\NwloWmC.exe
  2⤵
  PID:6236
- C:\Windows\System\KeLpnrI.exe
  C:\Windows\System\KeLpnrI.exe
  2⤵
  PID:6256
- C:\Windows\System\tMTcWSA.exe
  C:\Windows\System\tMTcWSA.exe
  2⤵
  PID:6276
- C:\Windows\System\ZNWutOf.exe
  C:\Windows\System\ZNWutOf.exe
  2⤵
  PID:6296
- C:\Windows\System\oxQWNeq.exe
  C:\Windows\System\oxQWNeq.exe
  2⤵
  PID:6316
- C:\Windows\System\djoGzLv.exe
  C:\Windows\System\djoGzLv.exe
  2⤵
  PID:6336
- C:\Windows\System\bKBwAOx.exe
  C:\Windows\System\bKBwAOx.exe
  2⤵
  PID:6356
- C:\Windows\System\bdHyqog.exe
  C:\Windows\System\bdHyqog.exe
  2⤵
  PID:6376
- C:\Windows\System\CdGoysB.exe
  C:\Windows\System\CdGoysB.exe
  2⤵
  PID:6396
- C:\Windows\System\lPDyYeB.exe
  C:\Windows\System\lPDyYeB.exe
  2⤵
  PID:6416
- C:\Windows\System\ZILUUQI.exe
  C:\Windows\System\ZILUUQI.exe
  2⤵
  PID:6436
- C:\Windows\System\TILIsFa.exe
  C:\Windows\System\TILIsFa.exe
  2⤵
  PID:6456
- C:\Windows\System\IjhmTsm.exe
  C:\Windows\System\IjhmTsm.exe
  2⤵
  PID:6476
- C:\Windows\System\BmGRZzw.exe
  C:\Windows\System\BmGRZzw.exe
  2⤵
  PID:6496
- C:\Windows\System\dqrPYJC.exe
  C:\Windows\System\dqrPYJC.exe
  2⤵
  PID:6516
- C:\Windows\System\ntHKjzx.exe
  C:\Windows\System\ntHKjzx.exe
  2⤵
  PID:6536
- C:\Windows\System\CktitAo.exe
  C:\Windows\System\CktitAo.exe
  2⤵
  PID:6556
- C:\Windows\System\TWcMOwP.exe
  C:\Windows\System\TWcMOwP.exe
  2⤵
  PID:6580
- C:\Windows\System\ZKJMlst.exe
  C:\Windows\System\ZKJMlst.exe
  2⤵
  PID:6600
- C:\Windows\System\WcEGzmw.exe
  C:\Windows\System\WcEGzmw.exe
  2⤵
  PID:6620
- C:\Windows\System\xaDVYsr.exe
  C:\Windows\System\xaDVYsr.exe
  2⤵
  PID:6640
- C:\Windows\System\lwLBhwQ.exe
  C:\Windows\System\lwLBhwQ.exe
  2⤵
  PID:6660
- C:\Windows\System\ljwtWrJ.exe
  C:\Windows\System\ljwtWrJ.exe
  2⤵
  PID:6680
- C:\Windows\System\IWowDFD.exe
  C:\Windows\System\IWowDFD.exe
  2⤵
  PID:6700
- C:\Windows\System\uaNAwBj.exe
  C:\Windows\System\uaNAwBj.exe
  2⤵
  PID:6720
- C:\Windows\System\mxzyoTD.exe
  C:\Windows\System\mxzyoTD.exe
  2⤵
  PID:6740
- C:\Windows\System\qYszNvO.exe
  C:\Windows\System\qYszNvO.exe
  2⤵
  PID:6760
- C:\Windows\System\udjzRSs.exe
  C:\Windows\System\udjzRSs.exe
  2⤵
  PID:6780
- C:\Windows\System\KeiKEve.exe
  C:\Windows\System\KeiKEve.exe
  2⤵
  PID:6800
- C:\Windows\System\HlWqMEc.exe
  C:\Windows\System\HlWqMEc.exe
  2⤵
  PID:6820
- C:\Windows\System\wOVSAPm.exe
  C:\Windows\System\wOVSAPm.exe
  2⤵
  PID:6840
- C:\Windows\System\jxzsCjG.exe
  C:\Windows\System\jxzsCjG.exe
  2⤵
  PID:6860
- C:\Windows\System\zVqSeoW.exe
  C:\Windows\System\zVqSeoW.exe
  2⤵
  PID:6880
- C:\Windows\System\cljANaz.exe
  C:\Windows\System\cljANaz.exe
  2⤵
  PID:6900
- C:\Windows\System\HOlaxpC.exe
  C:\Windows\System\HOlaxpC.exe
  2⤵
  PID:6920
- C:\Windows\System\flUpqJC.exe
  C:\Windows\System\flUpqJC.exe
  2⤵
  PID:6940
- C:\Windows\System\eIMkCDN.exe
  C:\Windows\System\eIMkCDN.exe
  2⤵
  PID:6960
- C:\Windows\System\nYsUSZh.exe
  C:\Windows\System\nYsUSZh.exe
  2⤵
  PID:6980
- C:\Windows\System\lTyUjOF.exe
  C:\Windows\System\lTyUjOF.exe
  2⤵
  PID:7000
- C:\Windows\System\KulUIkH.exe
  C:\Windows\System\KulUIkH.exe
  2⤵
  PID:7020
- C:\Windows\System\gFrVRtG.exe
  C:\Windows\System\gFrVRtG.exe
  2⤵
  PID:7040
- C:\Windows\System\gsujvTn.exe
  C:\Windows\System\gsujvTn.exe
  2⤵
  PID:7060
- C:\Windows\System\gMNBLWh.exe
  C:\Windows\System\gMNBLWh.exe
  2⤵
  PID:7080
- C:\Windows\System\IJSJeIO.exe
  C:\Windows\System\IJSJeIO.exe
  2⤵
  PID:7100
- C:\Windows\System\YIYpnAD.exe
  C:\Windows\System\YIYpnAD.exe
  2⤵
  PID:7120
- C:\Windows\System\nqwgzzu.exe
  C:\Windows\System\nqwgzzu.exe
  2⤵
  PID:7140
- C:\Windows\System\HYBIPnN.exe
  C:\Windows\System\HYBIPnN.exe
  2⤵
  PID:7160
- C:\Windows\System\yXzBBcV.exe
  C:\Windows\System\yXzBBcV.exe
  2⤵
  PID:5944
- C:\Windows\System\tKxqUps.exe
  C:\Windows\System\tKxqUps.exe
  2⤵
  PID:6044
- C:\Windows\System\LATAnPs.exe
  C:\Windows\System\LATAnPs.exe
  2⤵
  PID:6084
- C:\Windows\System\RGUhAiw.exe
  C:\Windows\System\RGUhAiw.exe
  2⤵
  PID:4420
- C:\Windows\System\bxbiIvI.exe
  C:\Windows\System\bxbiIvI.exe
  2⤵
  PID:5000
- C:\Windows\System\lrhXhwd.exe
  C:\Windows\System\lrhXhwd.exe
  2⤵
  PID:5220
- C:\Windows\System\BzRzQJX.exe
  C:\Windows\System\BzRzQJX.exe
  2⤵
  PID:5284
- C:\Windows\System\XnmCIbK.exe
  C:\Windows\System\XnmCIbK.exe
  2⤵
  PID:5460
- C:\Windows\System\awVAVDl.exe
  C:\Windows\System\awVAVDl.exe
  2⤵
  PID:5588
- C:\Windows\System\cSBMBiP.exe
  C:\Windows\System\cSBMBiP.exe
  2⤵
  PID:5840
- C:\Windows\System\CaWpxlP.exe
  C:\Windows\System\CaWpxlP.exe
  2⤵
  PID:6172
- C:\Windows\System\FLFYHCe.exe
  C:\Windows\System\FLFYHCe.exe
  2⤵
  PID:6212
- C:\Windows\System\WjZVdLb.exe
  C:\Windows\System\WjZVdLb.exe
  2⤵
  PID:2696
- C:\Windows\System\ZYNxBZz.exe
  C:\Windows\System\ZYNxBZz.exe
  2⤵
  PID:2720
- C:\Windows\System\UFBJfoV.exe
  C:\Windows\System\UFBJfoV.exe
  2⤵
  PID:6284
- C:\Windows\System\nJpWXzz.exe
  C:\Windows\System\nJpWXzz.exe
  2⤵
  PID:6324
- C:\Windows\System\ddCkkTZ.exe
  C:\Windows\System\ddCkkTZ.exe
  2⤵
  PID:6344
- C:\Windows\System\lcYOPfo.exe
  C:\Windows\System\lcYOPfo.exe
  2⤵
  PID:6348
- C:\Windows\System\vvVjPOA.exe
  C:\Windows\System\vvVjPOA.exe
  2⤵
  PID:6388
- C:\Windows\System\VyyLprb.exe
  C:\Windows\System\VyyLprb.exe
  2⤵
  PID:6448
- C:\Windows\System\aaIpqXa.exe
  C:\Windows\System\aaIpqXa.exe
  2⤵
  PID:6492
- C:\Windows\System\PvAotJl.exe
  C:\Windows\System\PvAotJl.exe
  2⤵
  PID:6512
- C:\Windows\System\SxsEjhm.exe
  C:\Windows\System\SxsEjhm.exe
  2⤵
  PID:6528
- C:\Windows\System\ZyqiQbU.exe
  C:\Windows\System\ZyqiQbU.exe
  2⤵
  PID:6572
- C:\Windows\System\qsAVymk.exe
  C:\Windows\System\qsAVymk.exe
  2⤵
  PID:6592
- C:\Windows\System\RDpnJRH.exe
  C:\Windows\System\RDpnJRH.exe
  2⤵
  PID:6632
- C:\Windows\System\gFeRAjx.exe
  C:\Windows\System\gFeRAjx.exe
  2⤵
  PID:6676
- C:\Windows\System\cvBKYye.exe
  C:\Windows\System\cvBKYye.exe
  2⤵
  PID:6716
- C:\Windows\System\cjRjvtq.exe
  C:\Windows\System\cjRjvtq.exe
  2⤵
  PID:6748
- C:\Windows\System\eXqatLs.exe
  C:\Windows\System\eXqatLs.exe
  2⤵
  PID:6776
- C:\Windows\System\ciqIsxy.exe
  C:\Windows\System\ciqIsxy.exe
  2⤵
  PID:6816
- C:\Windows\System\UxngWGk.exe
  C:\Windows\System\UxngWGk.exe
  2⤵
  PID:6848
- C:\Windows\System\tkhoXSm.exe
  C:\Windows\System\tkhoXSm.exe
  2⤵
  PID:6876
- C:\Windows\System\mgBlCxk.exe
  C:\Windows\System\mgBlCxk.exe
  2⤵
  PID:6908
- C:\Windows\System\lwRPXRd.exe
  C:\Windows\System\lwRPXRd.exe
  2⤵
  PID:6968
- C:\Windows\System\vDTPCDv.exe
  C:\Windows\System\vDTPCDv.exe
  2⤵
  PID:6972
- C:\Windows\System\iFSFrmQ.exe
  C:\Windows\System\iFSFrmQ.exe
  2⤵
  PID:7016
- C:\Windows\System\qpKpLsq.exe
  C:\Windows\System\qpKpLsq.exe
  2⤵
  PID:7048
- C:\Windows\System\hioLvtE.exe
  C:\Windows\System\hioLvtE.exe
  2⤵
  PID:7092
- C:\Windows\System\ueNGqpd.exe
  C:\Windows\System\ueNGqpd.exe
  2⤵
  PID:7116
- C:\Windows\System\ikhOSJD.exe
  C:\Windows\System\ikhOSJD.exe
  2⤵
  PID:7148
- C:\Windows\System\DYIjFhi.exe
  C:\Windows\System\DYIjFhi.exe
  2⤵
  PID:5880
- C:\Windows\System\gZmTyEb.exe
  C:\Windows\System\gZmTyEb.exe
  2⤵
  PID:6132
- C:\Windows\System\gGeVZMI.exe
  C:\Windows\System\gGeVZMI.exe
  2⤵
  PID:2592
- C:\Windows\System\sDgxObE.exe
  C:\Windows\System\sDgxObE.exe
  2⤵
  PID:5208
- C:\Windows\System\hamHrAz.exe
  C:\Windows\System\hamHrAz.exe
  2⤵
  PID:5640
- C:\Windows\System\KCGeANI.exe
  C:\Windows\System\KCGeANI.exe
  2⤵
  PID:5892
- C:\Windows\System\XVyvjqf.exe
  C:\Windows\System\XVyvjqf.exe
  2⤵
  PID:6152
- C:\Windows\System\nSMMNCT.exe
  C:\Windows\System\nSMMNCT.exe
  2⤵
  PID:6224
- C:\Windows\System\koNQNGF.exe
  C:\Windows\System\koNQNGF.exe
  2⤵
  PID:6264
- C:\Windows\System\NdUSJIa.exe
  C:\Windows\System\NdUSJIa.exe
  2⤵
  PID:6288
- C:\Windows\System\cwYGrvy.exe
  C:\Windows\System\cwYGrvy.exe
  2⤵
  PID:6372
- C:\Windows\System\YgYnnJI.exe
  C:\Windows\System\YgYnnJI.exe
  2⤵
  PID:6428
- C:\Windows\System\rowDptL.exe
  C:\Windows\System\rowDptL.exe
  2⤵
  PID:6464
- C:\Windows\System\fQLUJLa.exe
  C:\Windows\System\fQLUJLa.exe
  2⤵
  PID:6488
- C:\Windows\System\wvBGELE.exe
  C:\Windows\System\wvBGELE.exe
  2⤵
  PID:6616
- C:\Windows\System\aldqYCm.exe
  C:\Windows\System\aldqYCm.exe
  2⤵
  PID:6628
- C:\Windows\System\LdECQRP.exe
  C:\Windows\System\LdECQRP.exe
  2⤵
  PID:6708
- C:\Windows\System\RPlsCSK.exe
  C:\Windows\System\RPlsCSK.exe
  2⤵
  PID:6756
- C:\Windows\System\GosZMAW.exe
  C:\Windows\System\GosZMAW.exe
  2⤵
  PID:6796
- C:\Windows\System\icnwHUr.exe
  C:\Windows\System\icnwHUr.exe
  2⤵
  PID:6868
- C:\Windows\System\qAoBmuc.exe
  C:\Windows\System\qAoBmuc.exe
  2⤵
  PID:6896
- C:\Windows\System\IGXLVNZ.exe
  C:\Windows\System\IGXLVNZ.exe
  2⤵
  PID:6952
- C:\Windows\System\gxZHYWl.exe
  C:\Windows\System\gxZHYWl.exe
  2⤵
  PID:7028
- C:\Windows\System\CTytdVo.exe
  C:\Windows\System\CTytdVo.exe
  2⤵
  PID:7076
- C:\Windows\System\KvZNYfg.exe
  C:\Windows\System\KvZNYfg.exe
  2⤵
  PID:7132
- C:\Windows\System\FNCHSsm.exe
  C:\Windows\System\FNCHSsm.exe
  2⤵
  PID:7156
- C:\Windows\System\cwGMcuf.exe
  C:\Windows\System\cwGMcuf.exe
  2⤵
  PID:3556
- C:\Windows\System\OdzsRCr.exe
  C:\Windows\System\OdzsRCr.exe
  2⤵
  PID:5440
- C:\Windows\System\lURQXeq.exe
  C:\Windows\System\lURQXeq.exe
  2⤵
  PID:5744
- C:\Windows\System\cTkJnFF.exe
  C:\Windows\System\cTkJnFF.exe
  2⤵
  PID:6308
- C:\Windows\System\NFdOcNu.exe
  C:\Windows\System\NFdOcNu.exe
  2⤵
  PID:6248
- C:\Windows\System\JRFFaGp.exe
  C:\Windows\System\JRFFaGp.exe
  2⤵
  PID:6404
- C:\Windows\System\BOCxTVg.exe
  C:\Windows\System\BOCxTVg.exe
  2⤵
  PID:6452
- C:\Windows\System\tPSoHUF.exe
  C:\Windows\System\tPSoHUF.exe
  2⤵
  PID:6596
- C:\Windows\System\ObEEOiv.exe
  C:\Windows\System\ObEEOiv.exe
  2⤵
  PID:6636
- C:\Windows\System\OJGbANj.exe
  C:\Windows\System\OJGbANj.exe
  2⤵
  PID:7184
- C:\Windows\System\pIEtymc.exe
  C:\Windows\System\pIEtymc.exe
  2⤵
  PID:7204
- C:\Windows\System\EBhRRmJ.exe
  C:\Windows\System\EBhRRmJ.exe
  2⤵
  PID:7224
- C:\Windows\System\QdWchYu.exe
  C:\Windows\System\QdWchYu.exe
  2⤵
  PID:7240
- C:\Windows\System\LKJJjdo.exe
  C:\Windows\System\LKJJjdo.exe
  2⤵
  PID:7264
- C:\Windows\System\EjTAMqs.exe
  C:\Windows\System\EjTAMqs.exe
  2⤵
  PID:7284
- C:\Windows\System\sjUFlYy.exe
  C:\Windows\System\sjUFlYy.exe
  2⤵
  PID:7304
- C:\Windows\System\UQoAeiP.exe
  C:\Windows\System\UQoAeiP.exe
  2⤵
  PID:7324
- C:\Windows\System\pEtpcnT.exe
  C:\Windows\System\pEtpcnT.exe
  2⤵
  PID:7344
- C:\Windows\System\HXhNIZA.exe
  C:\Windows\System\HXhNIZA.exe
  2⤵
  PID:7364
- C:\Windows\System\inBwmir.exe
  C:\Windows\System\inBwmir.exe
  2⤵
  PID:7384
- C:\Windows\System\QNUPmoj.exe
  C:\Windows\System\QNUPmoj.exe
  2⤵
  PID:7404
- C:\Windows\System\qJeyApr.exe
  C:\Windows\System\qJeyApr.exe
  2⤵
  PID:7424
- C:\Windows\System\btEyXIb.exe
  C:\Windows\System\btEyXIb.exe
  2⤵
  PID:7444
- C:\Windows\System\UeroCop.exe
  C:\Windows\System\UeroCop.exe
  2⤵
  PID:7464
- C:\Windows\System\BNrcBHF.exe
  C:\Windows\System\BNrcBHF.exe
  2⤵
  PID:7484
- C:\Windows\System\jmOuvOc.exe
  C:\Windows\System\jmOuvOc.exe
  2⤵
  PID:7504
- C:\Windows\System\dxdJpiF.exe
  C:\Windows\System\dxdJpiF.exe
  2⤵
  PID:7524
- C:\Windows\System\OiZrowt.exe
  C:\Windows\System\OiZrowt.exe
  2⤵
  PID:7544
- C:\Windows\System\PHYEbrH.exe
  C:\Windows\System\PHYEbrH.exe
  2⤵
  PID:7564
- C:\Windows\System\DcchDdC.exe
  C:\Windows\System\DcchDdC.exe
  2⤵
  PID:7584
- C:\Windows\System\cBZBYkJ.exe
  C:\Windows\System\cBZBYkJ.exe
  2⤵
  PID:7600
- C:\Windows\System\AMzpnTj.exe
  C:\Windows\System\AMzpnTj.exe
  2⤵
  PID:7624
- C:\Windows\System\IgoOZLX.exe
  C:\Windows\System\IgoOZLX.exe
  2⤵
  PID:7640
- C:\Windows\System\kbPlUsh.exe
  C:\Windows\System\kbPlUsh.exe
  2⤵
  PID:7660
- C:\Windows\System\QLqEojZ.exe
  C:\Windows\System\QLqEojZ.exe
  2⤵
  PID:7680
- C:\Windows\System\ToMXzxt.exe
  C:\Windows\System\ToMXzxt.exe
  2⤵
  PID:7696
- C:\Windows\System\ojLmgTB.exe
  C:\Windows\System\ojLmgTB.exe
  2⤵
  PID:7724
- C:\Windows\System\FMAmMkf.exe
  C:\Windows\System\FMAmMkf.exe
  2⤵
  PID:7744
- C:\Windows\System\sPbTTTC.exe
  C:\Windows\System\sPbTTTC.exe
  2⤵
  PID:7764
- C:\Windows\System\uDuTIZn.exe
  C:\Windows\System\uDuTIZn.exe
  2⤵
  PID:7784
- C:\Windows\System\kdUdBbI.exe
  C:\Windows\System\kdUdBbI.exe
  2⤵
  PID:7804
- C:\Windows\System\lZNwPHc.exe
  C:\Windows\System\lZNwPHc.exe
  2⤵
  PID:7824
- C:\Windows\System\NhfnZGL.exe
  C:\Windows\System\NhfnZGL.exe
  2⤵
  PID:7844
- C:\Windows\System\HHWCgUF.exe
  C:\Windows\System\HHWCgUF.exe
  2⤵
  PID:7868
- C:\Windows\System\TOtbkWz.exe
  C:\Windows\System\TOtbkWz.exe
  2⤵
  PID:7888
- C:\Windows\System\UkjXeSU.exe
  C:\Windows\System\UkjXeSU.exe
  2⤵
  PID:7908
- C:\Windows\System\AMfHdDi.exe
  C:\Windows\System\AMfHdDi.exe
  2⤵
  PID:7928
- C:\Windows\System\PoenhjV.exe
  C:\Windows\System\PoenhjV.exe
  2⤵
  PID:7948
- C:\Windows\System\RzmvZHX.exe
  C:\Windows\System\RzmvZHX.exe
  2⤵
  PID:7964
- C:\Windows\System\TAzJRPc.exe
  C:\Windows\System\TAzJRPc.exe
  2⤵
  PID:7988
- C:\Windows\System\JpKinaH.exe
  C:\Windows\System\JpKinaH.exe
  2⤵
  PID:8008
- C:\Windows\System\KopDKWe.exe
  C:\Windows\System\KopDKWe.exe
  2⤵
  PID:8028
- C:\Windows\System\LoemzEz.exe
  C:\Windows\System\LoemzEz.exe
  2⤵
  PID:8048
- C:\Windows\System\ChiTkJR.exe
  C:\Windows\System\ChiTkJR.exe
  2⤵
  PID:8068
- C:\Windows\System\kuVYbXV.exe
  C:\Windows\System\kuVYbXV.exe
  2⤵
  PID:8088
- C:\Windows\System\AFHYIZL.exe
  C:\Windows\System\AFHYIZL.exe
  2⤵
  PID:8124
- C:\Windows\System\XNAbdww.exe
  C:\Windows\System\XNAbdww.exe
  2⤵
  PID:8144
- C:\Windows\System\inJkZPV.exe
  C:\Windows\System\inJkZPV.exe
  2⤵
  PID:8160
- C:\Windows\System\iNdXrZd.exe
  C:\Windows\System\iNdXrZd.exe
  2⤵
  PID:8180
- C:\Windows\System\rSSHfaG.exe
  C:\Windows\System\rSSHfaG.exe
  2⤵
  PID:6836
- C:\Windows\System\irLgsdZ.exe
  C:\Windows\System\irLgsdZ.exe
  2⤵
  PID:6936
- C:\Windows\System\TZPAQSS.exe
  C:\Windows\System\TZPAQSS.exe
  2⤵
  PID:6956
- C:\Windows\System\dDhGwHu.exe
  C:\Windows\System\dDhGwHu.exe
  2⤵
  PID:7052
- C:\Windows\System\oRHljiw.exe
  C:\Windows\System\oRHljiw.exe
  2⤵
  PID:7152
- C:\Windows\System\SpztIHD.exe
  C:\Windows\System\SpztIHD.exe
  2⤵
  PID:4264
- C:\Windows\System\IFevmDb.exe
  C:\Windows\System\IFevmDb.exe
  2⤵
  PID:4176
- C:\Windows\System\RjeYbQT.exe
  C:\Windows\System\RjeYbQT.exe
  2⤵
  PID:6204
- C:\Windows\System\VHmzmEB.exe
  C:\Windows\System\VHmzmEB.exe
  2⤵
  PID:6328
- C:\Windows\System\wtbNXnm.exe
  C:\Windows\System\wtbNXnm.exe
  2⤵
  PID:6532
- C:\Windows\System\AEixpKZ.exe
  C:\Windows\System\AEixpKZ.exe
  2⤵
  PID:7172
- C:\Windows\System\YWbIliP.exe
  C:\Windows\System\YWbIliP.exe
  2⤵
  PID:7200
- C:\Windows\System\KKKOYTC.exe
  C:\Windows\System\KKKOYTC.exe
  2⤵
  PID:7220
- C:\Windows\System\OYoCDgy.exe
  C:\Windows\System\OYoCDgy.exe
  2⤵
  PID:7260
- C:\Windows\System\oXemoNs.exe
  C:\Windows\System\oXemoNs.exe
  2⤵
  PID:7272
- C:\Windows\System\muUYVEw.exe
  C:\Windows\System\muUYVEw.exe
  2⤵
  PID:7320
- C:\Windows\System\DWlOIaX.exe
  C:\Windows\System\DWlOIaX.exe
  2⤵
  PID:7380
- C:\Windows\System\OjymGuc.exe
  C:\Windows\System\OjymGuc.exe
  2⤵
  PID:7420
- C:\Windows\System\eWNegSi.exe
  C:\Windows\System\eWNegSi.exe
  2⤵
  PID:7460
- C:\Windows\System\hPaoaUe.exe
  C:\Windows\System\hPaoaUe.exe
  2⤵
  PID:7472
- C:\Windows\System\rxytxLt.exe
  C:\Windows\System\rxytxLt.exe
  2⤵
  PID:7476
- C:\Windows\System\aTGRSAh.exe
  C:\Windows\System\aTGRSAh.exe
  2⤵
  PID:7512
- C:\Windows\System\DSCDigu.exe
  C:\Windows\System\DSCDigu.exe
  2⤵
  PID:7580
- C:\Windows\System\vxPNZdj.exe
  C:\Windows\System\vxPNZdj.exe
  2⤵
  PID:7612
- C:\Windows\System\EhRdXBR.exe
  C:\Windows\System\EhRdXBR.exe
  2⤵
  PID:7648
- C:\Windows\System\gRgDvRG.exe
  C:\Windows\System\gRgDvRG.exe
  2⤵
  PID:7692
- C:\Windows\System\qVKPkLR.exe
  C:\Windows\System\qVKPkLR.exe
  2⤵
  PID:7672
- C:\Windows\System\kjmzvWp.exe
  C:\Windows\System\kjmzvWp.exe
  2⤵
  PID:7740
- C:\Windows\System\JlxaXhN.exe
  C:\Windows\System\JlxaXhN.exe
  2⤵
  PID:7776
- C:\Windows\System\qsYonKW.exe
  C:\Windows\System\qsYonKW.exe
  2⤵
  PID:7816
- C:\Windows\System\FNHjHSK.exe
  C:\Windows\System\FNHjHSK.exe
  2⤵
  PID:7904
- C:\Windows\System\ZClTAZF.exe
  C:\Windows\System\ZClTAZF.exe
  2⤵
  PID:7972
- C:\Windows\System\uicUFmq.exe
  C:\Windows\System\uicUFmq.exe
  2⤵
  PID:7840
- C:\Windows\System\HCrPSgN.exe
  C:\Windows\System\HCrPSgN.exe
  2⤵
  PID:7880
- C:\Windows\System\ezihcUf.exe
  C:\Windows\System\ezihcUf.exe
  2⤵
  PID:8020
- C:\Windows\System\tesGiUw.exe
  C:\Windows\System\tesGiUw.exe
  2⤵
  PID:7960
- C:\Windows\System\HCefRxE.exe
  C:\Windows\System\HCefRxE.exe
  2⤵
  PID:8044
- C:\Windows\System\jGtXfCM.exe
  C:\Windows\System\jGtXfCM.exe
  2⤵
  PID:8080
- C:\Windows\System\ZRQvmkE.exe
  C:\Windows\System\ZRQvmkE.exe
  2⤵
  PID:3020
- C:\Windows\System\HPcSYrL.exe
  C:\Windows\System\HPcSYrL.exe
  2⤵
  PID:8104
- C:\Windows\System\cKscGir.exe
  C:\Windows\System\cKscGir.exe
  2⤵
  PID:6852
- C:\Windows\System\viHpwhJ.exe
  C:\Windows\System\viHpwhJ.exe
  2⤵
  PID:6112
- C:\Windows\System\dGoNwgj.exe
  C:\Windows\System\dGoNwgj.exe
  2⤵
  PID:8168
- C:\Windows\System\jlNsdDk.exe
  C:\Windows\System\jlNsdDk.exe
  2⤵
  PID:6392
- C:\Windows\System\xUDDLuP.exe
  C:\Windows\System\xUDDLuP.exe
  2⤵
  PID:6564
- C:\Windows\System\zcJRtAO.exe
  C:\Windows\System\zcJRtAO.exe
  2⤵
  PID:2804
- C:\Windows\System\kflUOAL.exe
  C:\Windows\System\kflUOAL.exe
  2⤵
  PID:7088
- C:\Windows\System\GGmiVcC.exe
  C:\Windows\System\GGmiVcC.exe
  2⤵
  PID:4780
- C:\Windows\System\LcVcVdv.exe
  C:\Windows\System\LcVcVdv.exe
  2⤵
  PID:7300
- C:\Windows\System\TdBGgZn.exe
  C:\Windows\System\TdBGgZn.exe
  2⤵
  PID:7372
- C:\Windows\System\ddkNPRM.exe
  C:\Windows\System\ddkNPRM.exe
  2⤵
  PID:7256
- C:\Windows\System\fAeYdps.exe
  C:\Windows\System\fAeYdps.exe
  2⤵
  PID:7416
- C:\Windows\System\aVaPvJD.exe
  C:\Windows\System\aVaPvJD.exe
  2⤵
  PID:7396
- C:\Windows\System\IdMhoZJ.exe
  C:\Windows\System\IdMhoZJ.exe
  2⤵
  PID:7496
- C:\Windows\System\koiBAMB.exe
  C:\Windows\System\koiBAMB.exe
  2⤵
  PID:7356
- C:\Windows\System\EAJfEMw.exe
  C:\Windows\System\EAJfEMw.exe
  2⤵
  PID:7440
- C:\Windows\System\fgLSjEn.exe
  C:\Windows\System\fgLSjEn.exe
  2⤵
  PID:7616
- C:\Windows\System\zMhGlxp.exe
  C:\Windows\System\zMhGlxp.exe
  2⤵
  PID:7736
- C:\Windows\System\eEgvOEP.exe
  C:\Windows\System\eEgvOEP.exe
  2⤵
  PID:2264
- C:\Windows\System\ryFPHEO.exe
  C:\Windows\System\ryFPHEO.exe
  2⤵
  PID:7864
- C:\Windows\System\XJScckl.exe
  C:\Windows\System\XJScckl.exe
  2⤵
  PID:7896
- C:\Windows\System\yGnJDis.exe
  C:\Windows\System\yGnJDis.exe
  2⤵
  PID:7984
- C:\Windows\System\OSqyssB.exe
  C:\Windows\System\OSqyssB.exe
  2⤵
  PID:2816
- C:\Windows\System\yUldQAy.exe
  C:\Windows\System\yUldQAy.exe
  2⤵
  PID:7920
- C:\Windows\System\cuxUnBY.exe
  C:\Windows\System\cuxUnBY.exe
  2⤵
  PID:8000
- C:\Windows\System\MQXpzsx.exe
  C:\Windows\System\MQXpzsx.exe
  2⤵
  PID:8188
- C:\Windows\System\ZJNhFMA.exe
  C:\Windows\System\ZJNhFMA.exe
  2⤵
  PID:8140
- C:\Windows\System\XIoDQhS.exe
  C:\Windows\System\XIoDQhS.exe
  2⤵
  PID:6424
- C:\Windows\System\oeBOeAF.exe
  C:\Windows\System\oeBOeAF.exe
  2⤵
  PID:8076
- C:\Windows\System\LnHmCjV.exe
  C:\Windows\System\LnHmCjV.exe
  2⤵
  PID:7400
- C:\Windows\System\IQxjwCd.exe
  C:\Windows\System\IQxjwCd.exe
  2⤵
  PID:7452
- C:\Windows\System\OXdozBD.exe
  C:\Windows\System\OXdozBD.exe
  2⤵
  PID:7536
- C:\Windows\System\lnTaqYz.exe
  C:\Windows\System\lnTaqYz.exe
  2⤵
  PID:8172
- C:\Windows\System\nLSkhFO.exe
  C:\Windows\System\nLSkhFO.exe
  2⤵
  PID:6552
- C:\Windows\System\AhZcSug.exe
  C:\Windows\System\AhZcSug.exe
  2⤵
  PID:356
- C:\Windows\System\LPbjgto.exe
  C:\Windows\System\LPbjgto.exe
  2⤵
  PID:664
- C:\Windows\System\LHdzXyM.exe
  C:\Windows\System\LHdzXyM.exe
  2⤵
  PID:7760
- C:\Windows\System\cxGpMMW.exe
  C:\Windows\System\cxGpMMW.exe
  2⤵
  PID:7336
- C:\Windows\System\JlerFXw.exe
  C:\Windows\System\JlerFXw.exe
  2⤵
  PID:7176
- C:\Windows\System\HqhLfmz.exe
  C:\Windows\System\HqhLfmz.exe
  2⤵
  PID:6976
- C:\Windows\System\AHMhUNm.exe
  C:\Windows\System\AHMhUNm.exe
  2⤵
  PID:6772
- C:\Windows\System\BDzPZjV.exe
  C:\Windows\System\BDzPZjV.exe
  2⤵
  PID:3028
- C:\Windows\System\awmRbvs.exe
  C:\Windows\System\awmRbvs.exe
  2⤵
  PID:7480
- C:\Windows\System\BbshlDF.exe
  C:\Windows\System\BbshlDF.exe
  2⤵
  PID:1712
- C:\Windows\System\NYQZJmP.exe
  C:\Windows\System\NYQZJmP.exe
  2⤵
  PID:2032
- C:\Windows\System\CKUAUzQ.exe
  C:\Windows\System\CKUAUzQ.exe
  2⤵
  PID:7944
- C:\Windows\System\gYPlOTu.exe
  C:\Windows\System\gYPlOTu.exe
  2⤵
  PID:8152
- C:\Windows\System\gGDUxwt.exe
  C:\Windows\System\gGDUxwt.exe
  2⤵
  PID:7376
- C:\Windows\System\ALECQNp.exe
  C:\Windows\System\ALECQNp.exe
  2⤵
  PID:2092
- C:\Windows\System\AUpfGWg.exe
  C:\Windows\System\AUpfGWg.exe
  2⤵
  PID:6932
- C:\Windows\System\bywPcuP.exe
  C:\Windows\System\bywPcuP.exe
  2⤵
  PID:7296
- C:\Windows\System\nyohnNA.exe
  C:\Windows\System\nyohnNA.exe
  2⤵
  PID:8004
- C:\Windows\System\SKVrXmQ.exe
  C:\Windows\System\SKVrXmQ.exe
  2⤵
  PID:7876
- C:\Windows\System\RjpCxLZ.exe
  C:\Windows\System\RjpCxLZ.exe
  2⤵
  PID:2204
- C:\Windows\System\RUYhEEX.exe
  C:\Windows\System\RUYhEEX.exe
  2⤵
  PID:7596
- C:\Windows\System\psHxuQi.exe
  C:\Windows\System\psHxuQi.exe
  2⤵
  PID:7632
- C:\Windows\System\VSehzmR.exe
  C:\Windows\System\VSehzmR.exe
  2⤵
  PID:2140
- C:\Windows\System\wQPyUFa.exe
  C:\Windows\System\wQPyUFa.exe
  2⤵
  PID:2304
- C:\Windows\System\OFZctMS.exe
  C:\Windows\System\OFZctMS.exe
  2⤵
  PID:6412
- C:\Windows\System\VmfVJzZ.exe
  C:\Windows\System\VmfVJzZ.exe
  2⤵
  PID:1468
- C:\Windows\System\XnIXuPt.exe
  C:\Windows\System\XnIXuPt.exe
  2⤵
  PID:7608
- C:\Windows\System\dIpJHnf.exe
  C:\Windows\System\dIpJHnf.exe
  2⤵
  PID:2712
- C:\Windows\System\BfMmsOx.exe
  C:\Windows\System\BfMmsOx.exe
  2⤵
  PID:1752
- C:\Windows\System\GtwvzTC.exe
  C:\Windows\System\GtwvzTC.exe
  2⤵
  PID:6444
- C:\Windows\System\fhcSrRD.exe
  C:\Windows\System\fhcSrRD.exe
  2⤵
  PID:7412
- C:\Windows\System\zvFnbPM.exe
  C:\Windows\System\zvFnbPM.exe
  2⤵
  PID:2928
- C:\Windows\System\pmyQTcq.exe
  C:\Windows\System\pmyQTcq.exe
  2⤵
  PID:980
- C:\Windows\System\IozeRhP.exe
  C:\Windows\System\IozeRhP.exe
  2⤵
  PID:2176
- C:\Windows\System\MOndCPa.exe
  C:\Windows\System\MOndCPa.exe
  2⤵
  PID:7716
- C:\Windows\System\RjlWXgJ.exe
  C:\Windows\System\RjlWXgJ.exe
  2⤵
  PID:2992
- C:\Windows\System\qdVNVEz.exe
  C:\Windows\System\qdVNVEz.exe
  2⤵
  PID:2128
- C:\Windows\System\AlmAwuO.exe
  C:\Windows\System\AlmAwuO.exe
  2⤵
  PID:2920
- C:\Windows\System\JltjzRb.exe
  C:\Windows\System\JltjzRb.exe
  2⤵
  PID:1848
- C:\Windows\System\kWXkjkq.exe
  C:\Windows\System\kWXkjkq.exe
  2⤵
  PID:3052
- C:\Windows\System\XnzGOlM.exe
  C:\Windows\System\XnzGOlM.exe
  2⤵
  PID:1312
- C:\Windows\System\QbMRSSw.exe
  C:\Windows\System\QbMRSSw.exe
  2⤵
  PID:8200
- C:\Windows\System\pUcHPkp.exe
  C:\Windows\System\pUcHPkp.exe
  2⤵
  PID:8216
- C:\Windows\System\xMZVoaV.exe
  C:\Windows\System\xMZVoaV.exe
  2⤵
  PID:8232
- C:\Windows\System\QEBqvWI.exe
  C:\Windows\System\QEBqvWI.exe
  2⤵
  PID:8248
- C:\Windows\System\TuSUPOA.exe
  C:\Windows\System\TuSUPOA.exe
  2⤵
  PID:8264
- C:\Windows\System\DBYycQu.exe
  C:\Windows\System\DBYycQu.exe
  2⤵
  PID:8280
- C:\Windows\System\oxVZmmr.exe
  C:\Windows\System\oxVZmmr.exe
  2⤵
  PID:8296
- C:\Windows\System\MEZqiKV.exe
  C:\Windows\System\MEZqiKV.exe
  2⤵
  PID:8312
- C:\Windows\System\SHAHniA.exe
  C:\Windows\System\SHAHniA.exe
  2⤵
  PID:8328
- C:\Windows\System\eXDivfG.exe
  C:\Windows\System\eXDivfG.exe
  2⤵
  PID:8344
- C:\Windows\System\kLlJZeO.exe
  C:\Windows\System\kLlJZeO.exe
  2⤵
  PID:8360
- C:\Windows\System\rGnAbfa.exe
  C:\Windows\System\rGnAbfa.exe
  2⤵
  PID:8376
- C:\Windows\System\HGhOSru.exe
  C:\Windows\System\HGhOSru.exe
  2⤵
  PID:8392
- C:\Windows\System\kmXzOWD.exe
  C:\Windows\System\kmXzOWD.exe
  2⤵
  PID:8408
- C:\Windows\System\vzQJNIs.exe
  C:\Windows\System\vzQJNIs.exe
  2⤵
  PID:8424
- C:\Windows\System\nzxmwZa.exe
  C:\Windows\System\nzxmwZa.exe
  2⤵
  PID:8440
- C:\Windows\System\wFrShdo.exe
  C:\Windows\System\wFrShdo.exe
  2⤵
  PID:8456
- C:\Windows\System\ANuiome.exe
  C:\Windows\System\ANuiome.exe
  2⤵
  PID:8472
- C:\Windows\System\qBgdDVR.exe
  C:\Windows\System\qBgdDVR.exe
  2⤵
  PID:8488
- C:\Windows\System\rJboCno.exe
  C:\Windows\System\rJboCno.exe
  2⤵
  PID:8504
- C:\Windows\System\fDdaFDf.exe
  C:\Windows\System\fDdaFDf.exe
  2⤵
  PID:8520
- C:\Windows\System\wYNTjSq.exe
  C:\Windows\System\wYNTjSq.exe
  2⤵
  PID:8536
- C:\Windows\System\avmqCHV.exe
  C:\Windows\System\avmqCHV.exe
  2⤵
  PID:8556
- C:\Windows\System\sZCqOOz.exe
  C:\Windows\System\sZCqOOz.exe
  2⤵
  PID:8572
- C:\Windows\System\ILuwfGS.exe
  C:\Windows\System\ILuwfGS.exe
  2⤵
  PID:8588
- C:\Windows\System\NfFLdBp.exe
  C:\Windows\System\NfFLdBp.exe
  2⤵
  PID:8604
- C:\Windows\System\ZytNSfA.exe
  C:\Windows\System\ZytNSfA.exe
  2⤵
  PID:8620
- C:\Windows\System\wDhJegs.exe
  C:\Windows\System\wDhJegs.exe
  2⤵
  PID:8636
- C:\Windows\System\NUxBbwu.exe
  C:\Windows\System\NUxBbwu.exe
  2⤵
  PID:8652
- C:\Windows\System\kVPkEBT.exe
  C:\Windows\System\kVPkEBT.exe
  2⤵
  PID:8668
- C:\Windows\System\YCtavwm.exe
  C:\Windows\System\YCtavwm.exe
  2⤵
  PID:8684
- C:\Windows\System\GHJYWly.exe
  C:\Windows\System\GHJYWly.exe
  2⤵
  PID:8700
- C:\Windows\System\PyebcFp.exe
  C:\Windows\System\PyebcFp.exe
  2⤵
  PID:8720
- C:\Windows\System\tStYSxZ.exe
  C:\Windows\System\tStYSxZ.exe
  2⤵
  PID:8736
- C:\Windows\System\NgNUydR.exe
  C:\Windows\System\NgNUydR.exe
  2⤵
  PID:8752
- C:\Windows\System\IeLVpVo.exe
  C:\Windows\System\IeLVpVo.exe
  2⤵
  PID:8772
- C:\Windows\System\GYhfkcT.exe
  C:\Windows\System\GYhfkcT.exe
  2⤵
  PID:8792
- C:\Windows\System\kuPtKky.exe
  C:\Windows\System\kuPtKky.exe
  2⤵
  PID:8808
- C:\Windows\System\phIlkHK.exe
  C:\Windows\System\phIlkHK.exe
  2⤵
  PID:8824
- C:\Windows\System\wSDaxtd.exe
  C:\Windows\System\wSDaxtd.exe
  2⤵
  PID:8840
- C:\Windows\System\ENmAbfd.exe
  C:\Windows\System\ENmAbfd.exe
  2⤵
  PID:8856
- C:\Windows\System\ctOzSjP.exe
  C:\Windows\System\ctOzSjP.exe
  2⤵
  PID:8872
- C:\Windows\System\OORkkKq.exe
  C:\Windows\System\OORkkKq.exe
  2⤵
  PID:8888
- C:\Windows\System\ErJUVMR.exe
  C:\Windows\System\ErJUVMR.exe
  2⤵
  PID:8904
- C:\Windows\System\qFnBuHO.exe
  C:\Windows\System\qFnBuHO.exe
  2⤵
  PID:8920
- C:\Windows\System\OaogBUK.exe
  C:\Windows\System\OaogBUK.exe
  2⤵
  PID:8936
- C:\Windows\System\RslgxTb.exe
  C:\Windows\System\RslgxTb.exe
  2⤵
  PID:8956
- C:\Windows\System\SsizwYm.exe
  C:\Windows\System\SsizwYm.exe
  2⤵
  PID:8972
- C:\Windows\System\XDOUBJP.exe
  C:\Windows\System\XDOUBJP.exe
  2⤵
  PID:8988
- C:\Windows\System\YdjDSBW.exe
  C:\Windows\System\YdjDSBW.exe
  2⤵
  PID:9008
- C:\Windows\System\qdeQTyj.exe
  C:\Windows\System\qdeQTyj.exe
  2⤵
  PID:9024
- C:\Windows\System\XJZKjyv.exe
  C:\Windows\System\XJZKjyv.exe
  2⤵
  PID:9040
- C:\Windows\System\CRZbUfn.exe
  C:\Windows\System\CRZbUfn.exe
  2⤵
  PID:9072
- C:\Windows\System\FjPdIDR.exe
  C:\Windows\System\FjPdIDR.exe
  2⤵
  PID:9088
- C:\Windows\System\DPNIBJL.exe
  C:\Windows\System\DPNIBJL.exe
  2⤵
  PID:9104
- C:\Windows\System\eoSdhAJ.exe
  C:\Windows\System\eoSdhAJ.exe
  2⤵
  PID:9120
- C:\Windows\System\lukBMpY.exe
  C:\Windows\System\lukBMpY.exe
  2⤵
  PID:9136
- C:\Windows\System\MOAbrsd.exe
  C:\Windows\System\MOAbrsd.exe
  2⤵
  PID:9152
- C:\Windows\System\ZiqBVRe.exe
  C:\Windows\System\ZiqBVRe.exe
  2⤵
  PID:9168
- C:\Windows\System\roADUhg.exe
  C:\Windows\System\roADUhg.exe
  2⤵
  PID:9184
- C:\Windows\System\mmkNSIV.exe
  C:\Windows\System\mmkNSIV.exe
  2⤵
  PID:9208
- C:\Windows\System\vKfXlWx.exe
  C:\Windows\System\vKfXlWx.exe
  2⤵
  PID:7884
- C:\Windows\System\dCupUEl.exe
  C:\Windows\System\dCupUEl.exe
  2⤵
  PID:8016
- C:\Windows\System\uwPvHAz.exe
  C:\Windows\System\uwPvHAz.exe
  2⤵
  PID:8228
- C:\Windows\System\YvtkgoF.exe
  C:\Windows\System\YvtkgoF.exe
  2⤵
  PID:8244
- C:\Windows\System\hZDtCDu.exe
  C:\Windows\System\hZDtCDu.exe
  2⤵
  PID:8304
- C:\Windows\System\dnKdAMb.exe
  C:\Windows\System\dnKdAMb.exe
  2⤵
  PID:8368
- C:\Windows\System\zQPVbTR.exe
  C:\Windows\System\zQPVbTR.exe
  2⤵
  PID:804
- C:\Windows\System\PlYkhcP.exe
  C:\Windows\System\PlYkhcP.exe
  2⤵
  PID:8208
- C:\Windows\System\WtVYmeq.exe
  C:\Windows\System\WtVYmeq.exe
  2⤵
  PID:8436
- C:\Windows\System\pFXXCHZ.exe
  C:\Windows\System\pFXXCHZ.exe
  2⤵
  PID:8256
- C:\Windows\System\drTdZZv.exe
  C:\Windows\System\drTdZZv.exe
  2⤵
  PID:8320
- C:\Windows\System\WAURAfX.exe
  C:\Windows\System\WAURAfX.exe
  2⤵
  PID:8416
- C:\Windows\System\CLdkhan.exe
  C:\Windows\System\CLdkhan.exe
  2⤵
  PID:8452
- C:\Windows\System\lQkqdwN.exe
  C:\Windows\System\lQkqdwN.exe
  2⤵
  PID:8544
- C:\Windows\System\ApDEfAl.exe
  C:\Windows\System\ApDEfAl.exe
  2⤵
  PID:8580
- C:\Windows\System\wGsWALq.exe
  C:\Windows\System\wGsWALq.exe
  2⤵
  PID:7236
- C:\Windows\System\jOZerlM.exe
  C:\Windows\System\jOZerlM.exe
  2⤵
  PID:8708
- C:\Windows\System\afDltXP.exe
  C:\Windows\System\afDltXP.exe
  2⤵
  PID:8716
- C:\Windows\System\lDLGavb.exe
  C:\Windows\System\lDLGavb.exe
  2⤵
  PID:8464
- C:\Windows\System\UmxSDrv.exe
  C:\Windows\System\UmxSDrv.exe
  2⤵
  PID:8532
- C:\Windows\System\pnzNdkq.exe
  C:\Windows\System\pnzNdkq.exe
  2⤵
  PID:8628
- C:\Windows\System\gSUQOpu.exe
  C:\Windows\System\gSUQOpu.exe
  2⤵
  PID:8692
- C:\Windows\System\sJpPqSJ.exe
  C:\Windows\System\sJpPqSJ.exe
  2⤵
  PID:8760
- C:\Windows\System\GobMtRm.exe
  C:\Windows\System\GobMtRm.exe
  2⤵
  PID:8788
- C:\Windows\System\dEKJYzK.exe
  C:\Windows\System\dEKJYzK.exe
  2⤵
  PID:8880
- C:\Windows\System\DaImFKr.exe
  C:\Windows\System\DaImFKr.exe
  2⤵
  PID:8804
- C:\Windows\System\daVvJuO.exe
  C:\Windows\System\daVvJuO.exe
  2⤵
  PID:8836
- C:\Windows\System\jURWbdW.exe
  C:\Windows\System\jURWbdW.exe
  2⤵
  PID:8900
- C:\Windows\System\PRHKFkl.exe
  C:\Windows\System\PRHKFkl.exe
  2⤵
  PID:8964
- C:\Windows\System\EDbSknU.exe
  C:\Windows\System\EDbSknU.exe
  2⤵
  PID:9000
- C:\Windows\System\OSZAgvT.exe
  C:\Windows\System\OSZAgvT.exe
  2⤵
  PID:9036
- C:\Windows\System\boRRuDV.exe
  C:\Windows\System\boRRuDV.exe
  2⤵
  PID:9064
- C:\Windows\System\euipYAS.exe
  C:\Windows\System\euipYAS.exe
  2⤵
  PID:9096
- C:\Windows\System\HShJkmj.exe
  C:\Windows\System\HShJkmj.exe
  2⤵
  PID:7572
- C:\Windows\System\zlWqrbL.exe
  C:\Windows\System\zlWqrbL.exe
  2⤵
  PID:9176
- C:\Windows\System\BKXCAEY.exe
  C:\Windows\System\BKXCAEY.exe
  2⤵
  PID:8496
- C:\Windows\System\dCnyPYO.exe
  C:\Windows\System\dCnyPYO.exe
  2⤵
  PID:8664
- C:\Windows\System\fTOBIgA.exe
  C:\Windows\System\fTOBIgA.exe
  2⤵
  PID:8816
- C:\Windows\System\igzCBpn.exe
  C:\Windows\System\igzCBpn.exe
  2⤵
  PID:8984
- C:\Windows\System\AVsAVYw.exe
  C:\Windows\System\AVsAVYw.exe
  2⤵
  PID:8676
- C:\Windows\System\OEmpNmB.exe
  C:\Windows\System\OEmpNmB.exe
  2⤵
  PID:8404
- C:\Windows\System\HARjZQo.exe
  C:\Windows\System\HARjZQo.exe
  2⤵
  PID:8584
- C:\Windows\System\XoMQWED.exe
  C:\Windows\System\XoMQWED.exe
  2⤵
  PID:7676
- C:\Windows\System\szboVfX.exe
  C:\Windows\System\szboVfX.exe
  2⤵
  PID:9060
- C:\Windows\System\uOiyHoN.exe
  C:\Windows\System\uOiyHoN.exe
  2⤵
  PID:9128
- C:\Windows\System\ydxjXHA.exe
  C:\Windows\System\ydxjXHA.exe
  2⤵
  PID:8336
- C:\Windows\System\mjJQvWZ.exe
  C:\Windows\System\mjJQvWZ.exe
  2⤵
  PID:8384
- C:\Windows\System\gYIJBOZ.exe
  C:\Windows\System\gYIJBOZ.exe
  2⤵
  PID:8896
- C:\Windows\System\OihAAoA.exe
  C:\Windows\System\OihAAoA.exe
  2⤵
  PID:9180
- C:\Windows\System\vWVcIoQ.exe
  C:\Windows\System\vWVcIoQ.exe
  2⤵
  PID:9016
- C:\Windows\System\MdcZBLt.exe
  C:\Windows\System\MdcZBLt.exe
  2⤵
  PID:8448
- C:\Windows\System\gsYsxcj.exe
  C:\Windows\System\gsYsxcj.exe
  2⤵
  PID:8596
- C:\Windows\System\FmfuQLG.exe
  C:\Windows\System\FmfuQLG.exe
  2⤵
  PID:8732
- C:\Windows\System\JvBJAjh.exe
  C:\Windows\System\JvBJAjh.exe
  2⤵
  PID:8952
- C:\Windows\System\fnMPCUr.exe
  C:\Windows\System\fnMPCUr.exe
  2⤵
  PID:9032
- C:\Windows\System\uvUKYHZ.exe
  C:\Windows\System\uvUKYHZ.exe
  2⤵
  PID:9192
- C:\Windows\System\OChlRbp.exe
  C:\Windows\System\OChlRbp.exe
  2⤵
  PID:6508
- C:\Windows\System\bUaMBgR.exe
  C:\Windows\System\bUaMBgR.exe
  2⤵
  PID:9068
- C:\Windows\System\jNXyRUj.exe
  C:\Windows\System\jNXyRUj.exe
  2⤵
  PID:8528
- C:\Windows\System\UxRaVPT.exe
  C:\Windows\System\UxRaVPT.exe
  2⤵
  PID:8288
- C:\Windows\System\RFKwbNv.exe
  C:\Windows\System\RFKwbNv.exe
  2⤵
  PID:8224
- C:\Windows\System\HlmUrtA.exe
  C:\Windows\System\HlmUrtA.exe
  2⤵
  PID:8948
- C:\Windows\System\WOvSJlE.exe
  C:\Windows\System\WOvSJlE.exe
  2⤵
  PID:9160
- C:\Windows\System\VCQFfbH.exe
  C:\Windows\System\VCQFfbH.exe
  2⤵
  PID:1556
- C:\Windows\System\CAmQIOB.exe
  C:\Windows\System\CAmQIOB.exe
  2⤵
  PID:8484
- C:\Windows\System\DXLikDE.exe
  C:\Windows\System\DXLikDE.exe
  2⤵
  PID:9148
- C:\Windows\System\djIikMa.exe
  C:\Windows\System\djIikMa.exe
  2⤵
  PID:8400
- C:\Windows\System\aPbraxB.exe
  C:\Windows\System\aPbraxB.exe
  2⤵
  PID:9164
- C:\Windows\System\tQUjEqH.exe
  C:\Windows\System\tQUjEqH.exe
  2⤵
  PID:8388
- C:\Windows\System\YGfzxtf.exe
  C:\Windows\System\YGfzxtf.exe
  2⤵
  PID:2556
- C:\Windows\System\cdsoMen.exe
  C:\Windows\System\cdsoMen.exe
  2⤵
  PID:7560
- C:\Windows\System\YHgPVGv.exe
  C:\Windows\System\YHgPVGv.exe
  2⤵
  PID:7752
- C:\Windows\System\bmSihCQ.exe
  C:\Windows\System\bmSihCQ.exe
  2⤵
  PID:8324
- C:\Windows\System\PHaAotC.exe
  C:\Windows\System\PHaAotC.exe
  2⤵
  PID:9236
- C:\Windows\System\EYjyvJE.exe
  C:\Windows\System\EYjyvJE.exe
  2⤵
  PID:9260
- C:\Windows\System\ekzIVac.exe
  C:\Windows\System\ekzIVac.exe
  2⤵
  PID:9276
- C:\Windows\System\jNJoCmr.exe
  C:\Windows\System\jNJoCmr.exe
  2⤵
  PID:9296
- C:\Windows\System\dRxcksu.exe
  C:\Windows\System\dRxcksu.exe
  2⤵
  PID:9312
- C:\Windows\System\PhjMvbK.exe
  C:\Windows\System\PhjMvbK.exe
  2⤵
  PID:9328
- C:\Windows\System\SDcxEuh.exe
  C:\Windows\System\SDcxEuh.exe
  2⤵
  PID:9352
- C:\Windows\System\wSSmYaH.exe
  C:\Windows\System\wSSmYaH.exe
  2⤵
  PID:9372
- C:\Windows\System\muTrDjm.exe
  C:\Windows\System\muTrDjm.exe
  2⤵
  PID:9400
- C:\Windows\System\ZeySLtc.exe
  C:\Windows\System\ZeySLtc.exe
  2⤵
  PID:9416
- C:\Windows\System\arrzRvP.exe
  C:\Windows\System\arrzRvP.exe
  2⤵
  PID:9432
- C:\Windows\System\jHrwNWe.exe
  C:\Windows\System\jHrwNWe.exe
  2⤵
  PID:9460
- C:\Windows\System\tgXZVMR.exe
  C:\Windows\System\tgXZVMR.exe
  2⤵
  PID:9480
- C:\Windows\System\QtDOJDg.exe
  C:\Windows\System\QtDOJDg.exe
  2⤵
  PID:9496
- C:\Windows\System\gDjFUzq.exe
  C:\Windows\System\gDjFUzq.exe
  2⤵
  PID:9520
- C:\Windows\System\ZlyUqyp.exe
  C:\Windows\System\ZlyUqyp.exe
  2⤵
  PID:9536
- C:\Windows\System\ACASOct.exe
  C:\Windows\System\ACASOct.exe
  2⤵
  PID:9560
- C:\Windows\System\TxlrHOo.exe
  C:\Windows\System\TxlrHOo.exe
  2⤵
  PID:9584
- C:\Windows\System\RtgFkeo.exe
  C:\Windows\System\RtgFkeo.exe
  2⤵
  PID:9604
- C:\Windows\System\OoOVIkq.exe
  C:\Windows\System\OoOVIkq.exe
  2⤵
  PID:9620
- C:\Windows\System\WApwjup.exe
  C:\Windows\System\WApwjup.exe
  2⤵
  PID:9644
- C:\Windows\System\bMHgLcz.exe
  C:\Windows\System\bMHgLcz.exe
  2⤵
  PID:9664
- C:\Windows\System\GWkFgtH.exe
  C:\Windows\System\GWkFgtH.exe
  2⤵
  PID:9684
- C:\Windows\System\vLAmVxC.exe
  C:\Windows\System\vLAmVxC.exe
  2⤵
  PID:9704
- C:\Windows\System\sprLzEA.exe
  C:\Windows\System\sprLzEA.exe
  2⤵
  PID:9728
- C:\Windows\System\EVtjOtw.exe
  C:\Windows\System\EVtjOtw.exe
  2⤵
  PID:9748
- C:\Windows\System\AjMzNOE.exe
  C:\Windows\System\AjMzNOE.exe
  2⤵
  PID:9768
- C:\Windows\System\GRzLeLb.exe
  C:\Windows\System\GRzLeLb.exe
  2⤵
  PID:9784
- C:\Windows\System\rKivICQ.exe
  C:\Windows\System\rKivICQ.exe
  2⤵
  PID:9800
- C:\Windows\System\bSvzGiU.exe
  C:\Windows\System\bSvzGiU.exe
  2⤵
  PID:9816
- C:\Windows\System\fABtJgF.exe
  C:\Windows\System\fABtJgF.exe
  2⤵
  PID:9832
- C:\Windows\System\unJOMRq.exe
  C:\Windows\System\unJOMRq.exe
  2⤵
  PID:9848
- C:\Windows\System\JZvTpGt.exe
  C:\Windows\System\JZvTpGt.exe
  2⤵
  PID:9864
- C:\Windows\System\tYWRxvY.exe
  C:\Windows\System\tYWRxvY.exe
  2⤵
  PID:9880
- C:\Windows\System\DWPtqsT.exe
  C:\Windows\System\DWPtqsT.exe
  2⤵
  PID:9896
- C:\Windows\System\FpasCaA.exe
  C:\Windows\System\FpasCaA.exe
  2⤵
  PID:9912
- C:\Windows\System\hUtAriX.exe
  C:\Windows\System\hUtAriX.exe
  2⤵
  PID:9928
- C:\Windows\System\yKNhiTj.exe
  C:\Windows\System\yKNhiTj.exe
  2⤵
  PID:9944
- C:\Windows\System\WonbamR.exe
  C:\Windows\System\WonbamR.exe
  2⤵
  PID:9960
- C:\Windows\System\pziJXCz.exe
  C:\Windows\System\pziJXCz.exe
  2⤵
  PID:9976
- C:\Windows\System\JCmwSKQ.exe
  C:\Windows\System\JCmwSKQ.exe
  2⤵
  PID:9992
- C:\Windows\System\xdYVFrU.exe
  C:\Windows\System\xdYVFrU.exe
  2⤵
  PID:10008
- C:\Windows\System\bayKVpI.exe
  C:\Windows\System\bayKVpI.exe
  2⤵
  PID:10024
- C:\Windows\System\jRuQYRe.exe
  C:\Windows\System\jRuQYRe.exe
  2⤵
  PID:10040
- C:\Windows\System\jxJCtyp.exe
  C:\Windows\System\jxJCtyp.exe
  2⤵
  PID:10056
- C:\Windows\System\bOgRWsk.exe
  C:\Windows\System\bOgRWsk.exe
  2⤵
  PID:10072
- C:\Windows\System\bkwUuPq.exe
  C:\Windows\System\bkwUuPq.exe
  2⤵
  PID:10088
- C:\Windows\System\xlcTDwq.exe
  C:\Windows\System\xlcTDwq.exe
  2⤵
  PID:10112
- C:\Windows\System\ZskgsSX.exe
  C:\Windows\System\ZskgsSX.exe
  2⤵
  PID:10128
- C:\Windows\System\VvCyLsR.exe
  C:\Windows\System\VvCyLsR.exe
  2⤵
  PID:10144
- C:\Windows\System\RUqHSTc.exe
  C:\Windows\System\RUqHSTc.exe
  2⤵
  PID:10160
- C:\Windows\System\OGKUFbB.exe
  C:\Windows\System\OGKUFbB.exe
  2⤵
  PID:10176
- C:\Windows\System\hYNZPrk.exe
  C:\Windows\System\hYNZPrk.exe
  2⤵
  PID:10192
- C:\Windows\System\MFSXODh.exe
  C:\Windows\System\MFSXODh.exe
  2⤵
  PID:10208
- C:\Windows\System\wDNBmxh.exe
  C:\Windows\System\wDNBmxh.exe
  2⤵
  PID:10228
- C:\Windows\System\FZAPsAq.exe
  C:\Windows\System\FZAPsAq.exe
  2⤵
  PID:8884
- C:\Windows\System\yfuOjnG.exe
  C:\Windows\System\yfuOjnG.exe
  2⤵
  PID:9224
- C:\Windows\System\JUMlSsV.exe
  C:\Windows\System\JUMlSsV.exe
  2⤵
  PID:9252
- C:\Windows\System\jowkRgJ.exe
  C:\Windows\System\jowkRgJ.exe
  2⤵
  PID:9292
- C:\Windows\System\WRzrVqo.exe
  C:\Windows\System\WRzrVqo.exe
  2⤵
  PID:9336
- C:\Windows\System\KJvpPEc.exe
  C:\Windows\System\KJvpPEc.exe
  2⤵
  PID:9320
- C:\Windows\System\QFqcZrr.exe
  C:\Windows\System\QFqcZrr.exe
  2⤵
  PID:9388
- C:\Windows\System\lHSdIgR.exe
  C:\Windows\System\lHSdIgR.exe
  2⤵
  PID:9392
- C:\Windows\System\zTuiEtj.exe
  C:\Windows\System\zTuiEtj.exe
  2⤵
  PID:9428
- C:\Windows\System\RkHcgan.exe
  C:\Windows\System\RkHcgan.exe
  2⤵
  PID:9456
- C:\Windows\System\TXkPwoB.exe
  C:\Windows\System\TXkPwoB.exe
  2⤵
  PID:9488
- C:\Windows\System\wlRfMPX.exe
  C:\Windows\System\wlRfMPX.exe
  2⤵
  PID:9508
- C:\Windows\System\UlyQNlf.exe
  C:\Windows\System\UlyQNlf.exe
  2⤵
  PID:9548
- C:\Windows\System\PrHHhCw.exe
  C:\Windows\System\PrHHhCw.exe
  2⤵
  PID:9576
- C:\Windows\System\sASacVo.exe
  C:\Windows\System\sASacVo.exe
  2⤵
  PID:9812
- C:\Windows\System\EjGLbFQ.exe
  C:\Windows\System\EjGLbFQ.exe
  2⤵
  PID:9908
- C:\Windows\System\QffImRA.exe
  C:\Windows\System\QffImRA.exe
  2⤵
  PID:10036
- C:\Windows\System\jcBEoXE.exe
  C:\Windows\System\jcBEoXE.exe
  2⤵
  PID:10100
- C:\Windows\System\xeuQvfF.exe
  C:\Windows\System\xeuQvfF.exe
  2⤵
  PID:10200
- C:\Windows\System\XMVZMeB.exe
  C:\Windows\System\XMVZMeB.exe
  2⤵
  PID:9952
- C:\Windows\System\dQgVToO.exe
  C:\Windows\System\dQgVToO.exe
  2⤵
  PID:9760
- C:\Windows\System\sTSjBwN.exe
  C:\Windows\System\sTSjBwN.exe
  2⤵
  PID:9412
- C:\Windows\System\DlQXOjY.exe
  C:\Windows\System\DlQXOjY.exe
  2⤵
  PID:10188
- C:\Windows\System\UEkRGaY.exe
  C:\Windows\System\UEkRGaY.exe
  2⤵
  PID:9348
- C:\Windows\System\UKiYZSl.exe
  C:\Windows\System\UKiYZSl.exe
  2⤵
  PID:9956
- C:\Windows\System\BleJLGv.exe
  C:\Windows\System\BleJLGv.exe
  2⤵
  PID:9796
- C:\Windows\System\pjurPCC.exe
  C:\Windows\System\pjurPCC.exe
  2⤵
  PID:9600
- C:\Windows\System\OKTRmuj.exe
  C:\Windows\System\OKTRmuj.exe
  2⤵
  PID:9344
- C:\Windows\System\FOXmirq.exe
  C:\Windows\System\FOXmirq.exe
  2⤵
  PID:9640
- C:\Windows\System\jymrWbw.exe
  C:\Windows\System\jymrWbw.exe
  2⤵
  PID:9672
- C:\Windows\System\ejuJeeV.exe
  C:\Windows\System\ejuJeeV.exe
  2⤵
  PID:9364
- C:\Windows\System\GvIIIXp.exe
  C:\Windows\System\GvIIIXp.exe
  2⤵
  PID:9248
- C:\Windows\System\DxulnkE.exe
  C:\Windows\System\DxulnkE.exe
  2⤵
  PID:9712
- C:\Windows\System\Zlzhppk.exe
  C:\Windows\System\Zlzhppk.exe
  2⤵
  PID:9744
- C:\Windows\System\ifJjYPB.exe
  C:\Windows\System\ifJjYPB.exe
  2⤵
  PID:9232
- C:\Windows\System\XDZYmyS.exe
  C:\Windows\System\XDZYmyS.exe
  2⤵
  PID:9904
- C:\Windows\System\LhQTwij.exe
  C:\Windows\System\LhQTwij.exe
  2⤵
  PID:9972
- C:\Windows\System\xViajCO.exe
  C:\Windows\System\xViajCO.exe
  2⤵
  PID:8500
- C:\Windows\System\ehyykmX.exe
  C:\Windows\System\ehyykmX.exe
  2⤵
  PID:9828
- C:\Windows\System\eZEsXhe.exe
  C:\Windows\System\eZEsXhe.exe
  2⤵
  PID:9476
- C:\Windows\System\KuPRveE.exe
  C:\Windows\System\KuPRveE.exe
  2⤵
  PID:9528
- C:\Windows\System\EoTjHzO.exe
  C:\Windows\System\EoTjHzO.exe
  2⤵
  PID:10220
- C:\Windows\System\ZOXdjKM.exe
  C:\Windows\System\ZOXdjKM.exe
  2⤵
  PID:9888
- C:\Windows\System\hlwbVwc.exe
  C:\Windows\System\hlwbVwc.exe
  2⤵
  PID:10184
- C:\Windows\System\xitJdzR.exe
  C:\Windows\System\xitJdzR.exe
  2⤵
  PID:10084
- C:\Windows\System\WgYRscZ.exe
  C:\Windows\System\WgYRscZ.exe
  2⤵
  PID:9632
- C:\Windows\System\dOQUGNK.exe
  C:\Windows\System\dOQUGNK.exe
  2⤵
  PID:9424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CsbBlNt.exe

Filesize
6.0MB

MD5
5f8f9999dd1b08be73c4acc5cbfb6de7

SHA1
0ef53638df9d7c62a7a36dc26913df31491edf4a

SHA256
f772bf77801d12bc274f16c350140b669e736521d25a32f6d6d825e71eebd651

SHA512
607dac88ce31caf7b4895a12cbbf07dc68790be196c368f8cd8724af161235e67826aae9b8a40049c504b19f50064a4daf41317b100f3a24a57b6ad868e69d52

Download Submit
C:\Windows\system\FNBBVdE.exe

Filesize
6.0MB

MD5
9abacca29b082fbbf91a58f68550f3fc

SHA1
f4e7fe579987f2b3aa76e56bd6dd8442cd77584c

SHA256
7a1ec278d3e5cb2933d957524048f75c1557c48c35fa41509fb21089e6afffa2

SHA512
06ed445c6078e7e12da0365a28d63f3ed2c5cd564d2a4fc54e44ffabbffe0654c776694b9019708102decf07492642259caa2a658e31f23ce07cf96c94daa5ef

Download Submit
C:\Windows\system\GzISmun.exe

Filesize
6.0MB

MD5
43b8be9e9fd0abfc04c6a274020d4369

SHA1
d418725c4f772616e65bb07e2b21acb7a7a6c51d

SHA256
b622343eed00bead2552e0dbfde18569c9e49845d23ddde9b6c89a802680de4a

SHA512
e7aa645b8fcde657a35aa136ea8e6af1e47207f2dab3355664368926dbbab1ba84f3310c5a0396936d0a87216507e5e9152d536c8cb5fe2ef9d7c422a5e43ce0

Download Submit
C:\Windows\system\HtTcnup.exe

Filesize
6.0MB

MD5
77ccbb93e52b9883f24dd6d3b8694d14

SHA1
ad3e8ca3d84cc08cc124182cf8240d6609e04802

SHA256
617b10b7b56c114a0da813ece609b2620c154ecd11f4438ac7f0fd05c3967037

SHA512
176900c5850db135850eb8ef0f97d348da7ac2e827c5791952a2c393306cceb2bdf048bb4c374852297b6567b8271ffa058979236c6e88fd0980f77530167249

Download Submit
C:\Windows\system\LMIwFsz.exe

Filesize
6.0MB

MD5
e6fd627678348019b40578e8653e41d3

SHA1
303454562a67a9974cffbd4b74d3535fed00a623

SHA256
a3c6a77a794929490fae22d5f85298c7ee5f4a4c67894a1d002b8d642fbf7bbb

SHA512
bd3a5c28e23d4f4139c4bd19b0bcadea9ffcdb3e63da7f99f8ae4c102e17ac397edf3a1a16e1dfd425b979a22515a170fb97044a93cf30b0a139c8d4e6e546a9

Download Submit
C:\Windows\system\MHVjYwJ.exe

Filesize
6.0MB

MD5
d03a6c1858b67edc6110f625c9151d82

SHA1
013ab1f5086ed3dd39d4c5148d52998e71ed75c0

SHA256
8af51624e4a377448d30f767b3019f53182ad366988d0eaf87abdd168e476cf9

SHA512
50184272ac07e7c35377c86ff31463a239ea9e5edadf55d3ac7ed0ec6d44da716496537334cf5ae1622a89c34e3df4b8ed1032516b947448d65c80389090444f

Download Submit
C:\Windows\system\MMxDfqJ.exe

Filesize
6.0MB

MD5
f897727a345ba21e2672f09afc5776e2

SHA1
c8a989203e2878fa033f8d4c0e266636d6b4040a

SHA256
107d8daef360ddf683262967a968ae9a43a7e1ea892959b5035f4f0fd885288a

SHA512
d94d46d909da40ffe77e3ee7686c35852ec22b7bb3f1006d10f27256ffd52f8fc67f5a2b569e92cd5b1aa7c79a5621125d29082d789a1bbeddc5b2ea790104e1

Download Submit
C:\Windows\system\MbKpCbE.exe

Filesize
6.0MB

MD5
752cb9742b8480475f8df7cf2affbd8d

SHA1
912fe44cf2b52db0007bbe5a092537ee3f013e94

SHA256
622c50b270237d0a8fce2d3739b288ec4ead99ac482646bc1549256b095f49c2

SHA512
f2b9bcc1d0b067a6119ea846ead40466386db9f897ab3705104b5db8bbfbe4fde805057b27c3936f32223eaf3b1b39ff60e8217175a146509106acb5aa8f3e90

Download Submit
C:\Windows\system\OxWYWZJ.exe

Filesize
6.0MB

MD5
962496c9ee4cf8173695dd6759eb3566

SHA1
ba5bbd172a462c844f8a1035e55e9f69d3f2e1a8

SHA256
5dc4d38ff56f40d33986a6a07d5ac517ae3b462340292b557fa5aa02ba5ff6c7

SHA512
7043e58cf1714ad4a698c763b584dcc99ce3d0532dfb2e48a43533cf4e9d7e65363cdde1cd1ede0d504ecdf9f4f9466c2aa8eb2febb4d53b8d76c985d8cbf3f4

Download Submit
C:\Windows\system\QFRgcpz.exe

Filesize
6.0MB

MD5
0d0b7704bb5c269a25df16c5478f1468

SHA1
b80c6c98a7dc25d9bccd4a36321e1cab4f551b92

SHA256
9fe06ce8a1b8c869b7f5feae836c6fe87c49898a25e7e1e867e5df8667cbc99b

SHA512
0148705cd07ddbeaa0e64e8170a17db322a15e7e60691c70e4c145fe358457ea66449a1fbea33f5f5d0ae72c3d1dd8f4afd45210db7e393648b3768284548f09

Download Submit
C:\Windows\system\QtnhCSN.exe

Filesize
6.0MB

MD5
88d4ed0e8e4aabc96c670504bd901d68

SHA1
f7e7ba1c96bba3be28b9dc22fb75c8635f6062b2

SHA256
07f3954525ccfe75772fe6b8ba060a814eebebe71b02a030f83869477df6518c

SHA512
fdfe104b4e7c043c704a1f6238c429e9f3a98b1db7e61fd6fcbe7a730633f650c2035b4fd72ccbdd45b32b3c9228a78b2acee520c8ecc1364285de6f0ac27036

Download Submit
C:\Windows\system\RJrIpKj.exe

Filesize
6.0MB

MD5
0d6b7083b83ad9c3d8adde8eea8f7a33

SHA1
0edbf53c43ea60addc68498661ff6d28c7c02fa6

SHA256
82d8916bff902c24e02747ce98678749fd977d8f760e6cf6c42b371f3ea13622

SHA512
e2b220a171cd3e362ecdf9d18a708cbbdc5524ffa9ec2b65a2bd6be1b05535c611be479363bd8207861ad2a5a82c52ebf2818799c1748d3a5bb8e8236aa63253

Download Submit
C:\Windows\system\SpdLAxg.exe

Filesize
6.0MB

MD5
2c065ef88fae148ecd24f34b52d3ee54

SHA1
a10d039ad589273f5d949dc211c7e3861aa3cb30

SHA256
dd6aaacaeeb3838517266429a3199753f35175000c403154e8bf8c200414afd5

SHA512
3cde6445b6bb968ee159f6c6a09e134cb76a4356521002799c70090131aebbbd6c520d3ce8cca46ce899cc32d7ca1c75857782be415011c983db7c7f35cd370b

Download Submit
C:\Windows\system\WuTBDIU.exe

Filesize
6.0MB

MD5
5e75aa21aae20ab122304d4f752d0019

SHA1
a776ef058d475c9a24638004a0a5e3071e143c19

SHA256
1195c39175c1b7845abbb6d5e33b604de20203ecf1ec7496f7a55316c72c73d2

SHA512
9ad21848de2830e59bb6deb06b1380f6e95d472a69c741e1b6f9d83b0dc8c4e162b55636095e32471ef212b14c2dc33896223759dc18740c0c965a0b0633fdcf

Download Submit
C:\Windows\system\XkjQOEB.exe

Filesize
6.0MB

MD5
d5ee04bb81e6394f7e4be2b567bbc725

SHA1
8b8f9f74b8484af17ce484402d6f0db1b844cfbb

SHA256
dbdcea868ef57b1115ab2c5abd4fb8da8b75cae8650de41f9b3a5483c61c487f

SHA512
018f5d84c4357ca3b3995ee1f0cced0189a5aa53daa198728d0c98897b6a9defb9b4631aa4c0ddeffb8c594b33b2be8c73d76c86fc97a739ac39cf044217199b

Download Submit
C:\Windows\system\XlmEooR.exe

Filesize
6.0MB

MD5
6cad148a648c4a347cc1975fabfd37ef

SHA1
db0d058d2191defd654d0ba6d332525156bceb97

SHA256
125a44772e0faaaf4cb5d3568cf27a25d81a691cf71d84e99672a2eae0e8dcb4

SHA512
f2657faa9402a39f477bcf4ccef9eab80e13cb2ed4130cbc19fd764f029dc47654a08cb6c50c1b73c97c5292e5f299ac9dda35b0a7e95dd2ed043a0d8c8a7896

Download Submit
C:\Windows\system\ZoqlZcj.exe

Filesize
6.0MB

MD5
04d35e356ebd85a81df932e22b8b9de1

SHA1
5839cab195654faec55d713a1ef5b86a39e6379f

SHA256
0111af20eaad5c6fdff63fe425fc979ae9b5bddc601d18816bd3b9aef0814b74

SHA512
5a70516a5ca638fb12bd79839265b036cc1b8e2603c8ce0424c863ab702e7324bcc574a9486967fb539bb9ed83a956f3787ecce6278dd147263519f757fe3be9

Download Submit
C:\Windows\system\btwpUOp.exe

Filesize
6.0MB

MD5
169fab03405c74679f8ac867cc3b6c32

SHA1
e80dd0f4195b48d6072c743810176ec5419d023b

SHA256
d89658beaca39bdd572c72337bcde705af57f5c4d83f0605773468631fa41989

SHA512
e75100cbb192039f4fbf2a16332defaeb0d8f466eced6b1544adadf24391552d8142abdbeb417c267b2e34dec2f20064f88cea0ac416471b86fb128287de7344

Download Submit
C:\Windows\system\cirHFBZ.exe

Filesize
6.0MB

MD5
774e6f091236346459702d397716c6fb

SHA1
019548831256d6f3a232ad6c329eec3ac95521f3

SHA256
8f057e51e5781d906f5b3fce3ef9b189d16d1c88fe2c5ba263bc6bc1345a9614

SHA512
acc2b8dc0d95da39509301d84fd73e2310d8fd4fe3e7909138f0b4a100eab3d988a664dba14b88ed84cdaad52c9da5db549a0d2595dbd0bff4e7c90a417522ea

Download Submit
C:\Windows\system\nsmERoA.exe

Filesize
6.0MB

MD5
18f7294525fda67f03d206aa01e532e6

SHA1
c470cc29eab00888479a70cd8cd5c3e80af55950

SHA256
3ebed186945498a3c37433ce8b84882a7268cd6777a2183f572ac041e7a2ea12

SHA512
feec648070425e7d753ccedf56353baeedcf8a4f643cbec5dce84db293c4fa1248c615715afeb0a4ce16fec8ddfc7bb819f68e6f8fadd6707ee59cf4f0784d76

Download Submit
C:\Windows\system\oRbofJN.exe

Filesize
6.0MB

MD5
5453455f5c4dfc4c1b0e29d453245aa1

SHA1
ac748b34fb9bb1bb76f4109e30569245aecf54da

SHA256
80867bf0a0f9f7e6cd24b9db498c32b5c5436409d1328527aa85d7701d1a9e1a

SHA512
18443b85af0927f4a741c7c94702b4069d9db9a186431cc60f711ada5478e1149e0ff2e029d8746e970466c2bd81b62d8e86e0246752f3cc808fff2b3e44a537

Download Submit
C:\Windows\system\pYKaUgE.exe

Filesize
6.0MB

MD5
0c5765f1d18241e480c3c70ca9715144

SHA1
f47e2ac4236767c88f1ce7f32576519cbcace9a9

SHA256
801aea45167a306c2c464c7ea833cac6de088bf9e255f5c1c240fc34b9a4b1af

SHA512
ee7f46dc44da2509425f6fb69d17108f5cd12a0047163c559618d0958a1da1a643300ed2b55a478942697ba9cadfc6d222a3f961dcf64bad0200a941a3f51296

Download Submit
C:\Windows\system\qDbRyuu.exe

Filesize
6.0MB

MD5
52453f020a6caa7bcfda278a251303c5

SHA1
973c196e6fa932904a66950847dbb33394cbab70

SHA256
0f9114de6aebc146724ca4e7709ecdd8e0be422a54c693592b1f37de026714ef

SHA512
a40f55ccdf8d65223b93166cecd6250603180d3cc3f2d657849a2ea71060a7a4621a67e59e59f5d9b80f80f39f2a1ec09ab3e6c584113a550f52ebbca5be8eae

Download Submit
C:\Windows\system\qLCqleH.exe

Filesize
6.0MB

MD5
5f55fad9b0603c9ffe6f4be896154efb

SHA1
fe69eb761df0628a1797141301556bc771efa99c

SHA256
3013bb939500be932f0341eb36fb62dcfad4df67c23940069fe2406ec29ffe8d

SHA512
0f0da0b4a9a9b8bdb05d2569c8c4b8b15b94ea389d19991295c81cf89b5e6610a49501c781057a7af499e474d3f7b8cb388233f8d0d84d7e0c417d8cfbc92ca8

Download Submit
C:\Windows\system\sMNnsCh.exe

Filesize
6.0MB

MD5
240e5fd7f95e40635257ee32c875ff82

SHA1
18cee2e533e4a7a05c4ef9f3ef809b6cfe62f30a

SHA256
7c217b7527f14288e051fe261061c2e79f599b55627215542df0047374a31d40

SHA512
62e4059c4368878cf61005d4e4dfc0bcaf7ab00722873a6a3c30fe3e9e87c9daee7e0d9b725e3059483938b0b12ce15578641d5a0338715817b700029652c6fc

Download Submit
C:\Windows\system\tkBwJis.exe

Filesize
6.0MB

MD5
beea8fc8dd95712b80968cfe167c6f5c

SHA1
256a767235fa68cfefc5b31af9a7ee941c56bdc4

SHA256
811b48a49128bc7bf772ca687111889e09c65bb63df4c88cb4c8a65a5889c6c6

SHA512
6252342c651a2940ca6148768391e00c7903c7c4b803ecbce27a04a65d5add033af9d39f824b4fb7a3fa0f04c4c3dac64381d08161ae768b7417f3f1ad36bacd

Download Submit
C:\Windows\system\tkuvPig.exe

Filesize
6.0MB

MD5
c7f994a541d08109d384236f6c7a91b2

SHA1
d2f9bf9a04030d2bd8f96d396683503ac408b873

SHA256
cb6ccb63ecd13b9c993132c39b1f185485ecf78217f6d8b6d310b88e79cfb37c

SHA512
d68a149ed0f095cd8c3e7fcda87aba491a132bb8d36799cbe5f448ffbf8df5854de4efbcc3a40a5610aee3f9162d768512a5f44fc1a77cdc3fc44fa7e4e4e551

Download Submit
\Windows\system\DAnZAEU.exe

Filesize
6.0MB

MD5
897ddc84593ac06f2066e16f989c8e03

SHA1
81d980f3303e9fb0e15a6edc8c9d1d0b3306823a

SHA256
6bf199cef39d285913c45e7d02260d2de57db4993e305d05892ce41febef65bc

SHA512
bc111150ffac344d559dd592d8d216fa149f025b16ce50e26d1291d23babe2e74ad2478d28037b68a2db035144ce1155a8cdd39900b8198554d52668c16803a2

Download Submit
\Windows\system\QUwYwTx.exe

Filesize
6.0MB

MD5
7f15e4560454331300ada944649fb23c

SHA1
1f3ca8a29ccfb78bbbeb238f81440b773fe73b6e

SHA256
0b8e98a2c7277ef0e47ff3517a4a4adc094026fbb56f62ec0f548b37b7d79262

SHA512
0297677103ed95bebeb90977446f9f0e6eb898c947dde8465d9dd4b7c807a28f489e830edabf21cc08a05dea01efbc0e977f11212dbb1d73d25a75214a942f75

Download Submit
\Windows\system\QwKtuqP.exe

Filesize
6.0MB

MD5
bb98a487a29e7982a060c7b8ec8bb902

SHA1
ab5e7c922bebba6efa0a1479e0d5cbe8af586c25

SHA256
6a9004977100cfbea8d816293bb129f6ac399cba44aa9f27aa0fdd6f3e7c7b8a

SHA512
6f99acbaf8d2955cf1a3f5554b2d5d03b919409e1957b9e99605584b707afadcf277127dbafecbcd51358ed7097361945caf3c91fc252d6b650dee821434e81d

Download Submit
\Windows\system\dLBuHqR.exe

Filesize
6.0MB

MD5
7a3ec043dbc7dec485f92924392ebcae

SHA1
5b094582b53351be6ad78c96bc3fb89ac2207c1c

SHA256
8c12979f0db1ab877af80441cf7839a8c99d6a02c267154ba90fce7e3e114c9f

SHA512
90fd40a878191dabc87827f233261baf301bf294dc14b51ac13f220fa775ee721cfd590e2684ef61e09b13b7277c5789396677c0a27005cb04dbc7fb7867c634

Download Submit
\Windows\system\ooFaxnT.exe

Filesize
6.0MB

MD5
5eef5c859e7a4f20d71b16fab8d99d2e

SHA1
19ceef9d1f346f150f1cb705b83ceb776d7bd042

SHA256
0a78cde5157d84d4e09cacd3de6684b11a7ecebbeafb41ec6a396f6c9852381b

SHA512
6351855a52edeef5dc2477af54428a99c5d7bb9bd1fed85e3f333f90950ee4e84eb60dfedfee19bb4551b7d383db1d2aeebb30519a749194b8e23504dbd763ad

Download Submit
\Windows\system\opGECUP.exe

Filesize
6.0MB

MD5
82c650ac64735ee6e9b6f4127cd0cd18

SHA1
46ab9c613be90f60d8da5b9e8ef47831af1c4139

SHA256
27de7c3369d82e1e10f51f1cdc3f7c3de521a7b537478dbc86063e64a8232fe1

SHA512
2f2b795d81806e11e716947456b7325af1c816662e378c89f83b404fd29d9872203ee3af90c100d7e5676d6899c8f7d7aa338f04282af23601989b7cd1101531

Download Submit
memory/484-3012-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/484-2310-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-64-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1032-3038-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2071-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1232-3037-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2311-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2993-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2341-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2338-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1304-3136-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1304-3005-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1304-2228-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2914-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1304-3013-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2072-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-0-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1304-63-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1304-2999-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-65-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1304-3011-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-3039-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2337-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3042-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-2225-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download