cobaltstrike | e610229b058765cd83a456a012ca0ea9ee916e33aba3f9b732ba37f7a4548b16

Analysis

max time kernel
127s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4b140800f6e83d71a3f89e2c7c7c49c1
SHA1

58397172e9538fcec7ee6589b75c4b079e14e46a
SHA256

e610229b058765cd83a456a012ca0ea9ee916e33aba3f9b732ba37f7a4548b16
SHA512

3f098d4ba5469a501d106833d02c1082328331fb68ee983dc7d5be708131dd171d9af587fdbbf62bd018337fed6d5dd4bddc5822d2e91c29c5bde65f58b220e3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUK:T+q56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000a000000012263-6.dat	cobalt_reflective_dll
behavioral1/files/0x000a00000001746f-12.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000018650-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bf-18.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939c-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-152.dat	cobalt_reflective_dll
behavioral1/files/0x0038000000017021-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019429-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941b-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938a-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018703-41.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000186d8-36.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c9-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c5-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1824-0-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012263-6.dat	xmrig
behavioral1/files/0x000a00000001746f-12.dat	xmrig
behavioral1/files/0x0033000000018650-16.dat	xmrig
behavioral1/files/0x00060000000186bf-18.dat	xmrig
behavioral1/files/0x000600000001932a-45.dat	xmrig
behavioral1/files/0x000500000001938e-60.dat	xmrig
behavioral1/files/0x000500000001939c-65.dat	xmrig
behavioral1/files/0x000500000001946b-80.dat	xmrig
behavioral1/files/0x00050000000194da-110.dat	xmrig
behavioral1/files/0x00050000000195f7-146.dat	xmrig
behavioral1/files/0x00050000000195f9-160.dat	xmrig
behavioral1/memory/2800-597-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x00050000000195fd-157.dat	xmrig
behavioral1/files/0x00050000000195c0-152.dat	xmrig
behavioral1/files/0x0038000000017021-148.dat	xmrig
behavioral1/files/0x00050000000195fe-165.dat	xmrig
behavioral1/files/0x000500000001955c-142.dat	xmrig
behavioral1/files/0x0005000000019581-137.dat	xmrig
behavioral1/files/0x00050000000194e6-120.dat	xmrig
behavioral1/memory/3044-675-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2900-130-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019551-125.dat	xmrig
behavioral1/files/0x00050000000194e4-116.dat	xmrig
behavioral1/memory/1824-721-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2984-720-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/1824-742-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2904-749-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2840-736-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2972-718-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d0-105.dat	xmrig
behavioral1/files/0x00050000000194c6-100.dat	xmrig
behavioral1/files/0x000500000001949d-95.dat	xmrig
behavioral1/files/0x0005000000019490-90.dat	xmrig
behavioral1/files/0x0005000000019481-85.dat	xmrig
behavioral1/files/0x0005000000019429-75.dat	xmrig
behavioral1/files/0x000500000001941b-70.dat	xmrig
behavioral1/files/0x000500000001938a-55.dat	xmrig
behavioral1/files/0x0005000000019377-50.dat	xmrig
behavioral1/files/0x0008000000018703-41.dat	xmrig
behavioral1/files/0x00090000000186d8-36.dat	xmrig
behavioral1/files/0x00060000000186c9-30.dat	xmrig
behavioral1/files/0x00060000000186c5-26.dat	xmrig
behavioral1/memory/2704-1064-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2104-1165-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/1824-1171-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1824-1116-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2312-1110-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1824-1404-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2152-1398-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/828-1621-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2872-2884-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2840-2888-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2972-2887-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2704-2889-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/3044-2896-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2800-2895-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2152-2894-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2312-2893-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/828-2892-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2900-2891-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2984-2890-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2104-2905-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2904-2903-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

lOCRjaw.exeYviwXTj.exeBvicsnB.exeMBlhnjL.exeAFropYs.exeheuVzwp.exenPObrFW.exeGEzHAfD.exenRUHOQF.exeTTlUKyH.exekXZnkZo.exeCgHtPlp.exeVUznUNk.exeNNRSLMM.exevjUfUGd.exeyToqFYk.exejXsUrZN.exeJKIzbHu.exeajuAbFf.exeLtnGovA.exeWuxbhXt.exepRcZPcw.exeMpaucEJ.exeTDyDafi.exeElPlBHt.exeYqvBDlu.exeoSqKwLf.exeVZHEmDg.exepDVOEQx.exeByQexap.exexFhpWGN.exebIMoVez.exeSJqHObH.exeyHeVVuT.exeYUvCXcm.exeQBuPxsL.exeDFtMvzW.exekcuuVJm.exeexSvndk.exeXSEymce.exeZCUJZDi.exepaxKYLo.exePlgtLuF.exesWkExvD.exegLoVCDu.exeRZMZfUk.exeVtEnmfK.exenLcGsbV.exeNqVPPoq.exeBhdFLZU.exeXWAlJuR.exeFicslyZ.exeYVSbulj.exeeXWFyhn.exeWfAKbwX.exepWgPeUc.exeRBLdypb.exeUMsvNPg.exeYPkjkcH.execdBXMkF.exetARvyQc.exeeRgsIOP.exeqcTSwbz.exeOINrhUc.exe

pid	Process
2872	lOCRjaw.exe
2900	YviwXTj.exe
2800	BvicsnB.exe
3044	MBlhnjL.exe
2972	AFropYs.exe
2984	heuVzwp.exe
2840	nPObrFW.exe
2904	GEzHAfD.exe
2704	nRUHOQF.exe
2312	TTlUKyH.exe
2104	kXZnkZo.exe
2152	CgHtPlp.exe
828	VUznUNk.exe
2380	NNRSLMM.exe
2136	vjUfUGd.exe
2260	yToqFYk.exe
764	jXsUrZN.exe
2348	JKIzbHu.exe
2024	ajuAbFf.exe
1576	LtnGovA.exe
2764	WuxbhXt.exe
3004	pRcZPcw.exe
2316	MpaucEJ.exe
2412	TDyDafi.exe
1324	ElPlBHt.exe
2416	YqvBDlu.exe
2096	oSqKwLf.exe
2468	VZHEmDg.exe
2160	pDVOEQx.exe
2084	ByQexap.exe
1116	xFhpWGN.exe
2232	bIMoVez.exe
880	SJqHObH.exe
2556	yHeVVuT.exe
468	YUvCXcm.exe
1752	QBuPxsL.exe
1044	DFtMvzW.exe
2756	kcuuVJm.exe
1344	exSvndk.exe
1660	XSEymce.exe
1676	ZCUJZDi.exe
896	paxKYLo.exe
1784	PlgtLuF.exe
1944	sWkExvD.exe
840	gLoVCDu.exe
2584	RZMZfUk.exe
2608	VtEnmfK.exe
2132	nLcGsbV.exe
2352	NqVPPoq.exe
2424	BhdFLZU.exe
1008	XWAlJuR.exe
980	FicslyZ.exe
1748	YVSbulj.exe
2768	eXWFyhn.exe
1740	WfAKbwX.exe
2820	pWgPeUc.exe
1568	RBLdypb.exe
2884	UMsvNPg.exe
2120	YPkjkcH.exe
3000	cdBXMkF.exe
2912	tARvyQc.exe
2740	eRgsIOP.exe
2732	qcTSwbz.exe
2908	OINrhUc.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1824-0-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x000a000000012263-6.dat	upx
behavioral1/files/0x000a00000001746f-12.dat	upx
behavioral1/files/0x0033000000018650-16.dat	upx
behavioral1/files/0x00060000000186bf-18.dat	upx
behavioral1/files/0x000600000001932a-45.dat	upx
behavioral1/files/0x000500000001938e-60.dat	upx
behavioral1/files/0x000500000001939c-65.dat	upx
behavioral1/files/0x000500000001946b-80.dat	upx
behavioral1/files/0x00050000000194da-110.dat	upx
behavioral1/files/0x00050000000195f7-146.dat	upx
behavioral1/files/0x00050000000195f9-160.dat	upx
behavioral1/memory/2800-597-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x00050000000195fd-157.dat	upx
behavioral1/files/0x00050000000195c0-152.dat	upx
behavioral1/files/0x0038000000017021-148.dat	upx
behavioral1/files/0x00050000000195fe-165.dat	upx
behavioral1/files/0x000500000001955c-142.dat	upx
behavioral1/files/0x0005000000019581-137.dat	upx
behavioral1/files/0x00050000000194e6-120.dat	upx
behavioral1/memory/3044-675-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2900-130-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0005000000019551-125.dat	upx
behavioral1/files/0x00050000000194e4-116.dat	upx
behavioral1/memory/2984-720-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2904-749-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2840-736-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2972-718-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x00050000000194d0-105.dat	upx
behavioral1/files/0x00050000000194c6-100.dat	upx
behavioral1/files/0x000500000001949d-95.dat	upx
behavioral1/files/0x0005000000019490-90.dat	upx
behavioral1/files/0x0005000000019481-85.dat	upx
behavioral1/files/0x0005000000019429-75.dat	upx
behavioral1/files/0x000500000001941b-70.dat	upx
behavioral1/files/0x000500000001938a-55.dat	upx
behavioral1/files/0x0005000000019377-50.dat	upx
behavioral1/files/0x0008000000018703-41.dat	upx
behavioral1/files/0x00090000000186d8-36.dat	upx
behavioral1/files/0x00060000000186c9-30.dat	upx
behavioral1/files/0x00060000000186c5-26.dat	upx
behavioral1/memory/2704-1064-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2104-1165-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2312-1110-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2152-1398-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/828-1621-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2872-2884-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2840-2888-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2972-2887-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2704-2889-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/3044-2896-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2800-2895-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2152-2894-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2312-2893-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/828-2892-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2900-2891-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2984-2890-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2104-2905-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2904-2903-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2380-2989-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/1824-4228-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\tUocYsG.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJgmdvS.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWAfeOb.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tSyRtAP.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIHJvIj.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuBwhOE.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKpPVgc.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdQGYWY.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnEoBBZ.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQalOSu.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFbNuYB.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVZFIrk.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFsrixG.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDFhdQo.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfmOVSH.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdBhGud.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbwHIyq.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qupHSRP.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQbNnGf.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgQQyJM.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoQcLXl.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnHwmxD.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipiDoYJ.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqkhZmL.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOaeXpX.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOuZvRz.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDDrPNZ.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpSHKab.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MAtTfyL.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDVOEQx.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwNNOrd.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWSDwOz.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfJNBOh.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLbkiXx.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlLClEl.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krOisOo.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EeLqXwP.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koskAly.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPevQpy.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cotKmHF.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMgFNCb.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrlZaJG.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mnvstus.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsumlfB.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAgoiaM.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHJhERv.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxgOgIJ.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNlKOKW.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPXirmZ.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDJOYiB.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBFHGtl.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFGXHOG.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaAJqkv.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CykThKo.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwwTiWq.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXbZmBt.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvcPvfX.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXRziHz.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONFRcMb.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVpILuX.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAdXmbk.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpGUITV.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLBazPI.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soIAYrR.exe	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 1824 wrote to memory of 2872	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1824 wrote to memory of 2872	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1824 wrote to memory of 2872	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1824 wrote to memory of 2900	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1824 wrote to memory of 2900	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1824 wrote to memory of 2900	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1824 wrote to memory of 2800	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1824 wrote to memory of 2800	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1824 wrote to memory of 2800	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1824 wrote to memory of 3044	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1824 wrote to memory of 3044	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1824 wrote to memory of 3044	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1824 wrote to memory of 2972	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1824 wrote to memory of 2972	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1824 wrote to memory of 2972	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1824 wrote to memory of 2984	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1824 wrote to memory of 2984	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1824 wrote to memory of 2984	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1824 wrote to memory of 2840	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1824 wrote to memory of 2840	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1824 wrote to memory of 2840	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1824 wrote to memory of 2904	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1824 wrote to memory of 2904	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1824 wrote to memory of 2904	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1824 wrote to memory of 2704	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1824 wrote to memory of 2704	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1824 wrote to memory of 2704	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1824 wrote to memory of 2312	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1824 wrote to memory of 2312	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1824 wrote to memory of 2312	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1824 wrote to memory of 2104	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1824 wrote to memory of 2104	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1824 wrote to memory of 2104	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1824 wrote to memory of 2152	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1824 wrote to memory of 2152	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1824 wrote to memory of 2152	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1824 wrote to memory of 828	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1824 wrote to memory of 828	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1824 wrote to memory of 828	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1824 wrote to memory of 2380	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1824 wrote to memory of 2380	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1824 wrote to memory of 2380	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1824 wrote to memory of 2136	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1824 wrote to memory of 2136	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1824 wrote to memory of 2136	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1824 wrote to memory of 2260	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1824 wrote to memory of 2260	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1824 wrote to memory of 2260	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1824 wrote to memory of 764	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1824 wrote to memory of 764	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1824 wrote to memory of 764	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1824 wrote to memory of 2348	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1824 wrote to memory of 2348	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1824 wrote to memory of 2348	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1824 wrote to memory of 2024	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1824 wrote to memory of 2024	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1824 wrote to memory of 2024	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1824 wrote to memory of 1576	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1824 wrote to memory of 1576	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1824 wrote to memory of 1576	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1824 wrote to memory of 2764	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1824 wrote to memory of 2764	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1824 wrote to memory of 2764	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1824 wrote to memory of 3004	1824	2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_4b140800f6e83d71a3f89e2c7c7c49c1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\System\lOCRjaw.exe
  C:\Windows\System\lOCRjaw.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\YviwXTj.exe
  C:\Windows\System\YviwXTj.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\BvicsnB.exe
  C:\Windows\System\BvicsnB.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\MBlhnjL.exe
  C:\Windows\System\MBlhnjL.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\AFropYs.exe
  C:\Windows\System\AFropYs.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\heuVzwp.exe
  C:\Windows\System\heuVzwp.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\nPObrFW.exe
  C:\Windows\System\nPObrFW.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\GEzHAfD.exe
  C:\Windows\System\GEzHAfD.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\nRUHOQF.exe
  C:\Windows\System\nRUHOQF.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\TTlUKyH.exe
  C:\Windows\System\TTlUKyH.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\kXZnkZo.exe
  C:\Windows\System\kXZnkZo.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\CgHtPlp.exe
  C:\Windows\System\CgHtPlp.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\VUznUNk.exe
  C:\Windows\System\VUznUNk.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\NNRSLMM.exe
  C:\Windows\System\NNRSLMM.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\vjUfUGd.exe
  C:\Windows\System\vjUfUGd.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\yToqFYk.exe
  C:\Windows\System\yToqFYk.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\jXsUrZN.exe
  C:\Windows\System\jXsUrZN.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\JKIzbHu.exe
  C:\Windows\System\JKIzbHu.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ajuAbFf.exe
  C:\Windows\System\ajuAbFf.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\LtnGovA.exe
  C:\Windows\System\LtnGovA.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\WuxbhXt.exe
  C:\Windows\System\WuxbhXt.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\pRcZPcw.exe
  C:\Windows\System\pRcZPcw.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\MpaucEJ.exe
  C:\Windows\System\MpaucEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\TDyDafi.exe
  C:\Windows\System\TDyDafi.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\ElPlBHt.exe
  C:\Windows\System\ElPlBHt.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\oSqKwLf.exe
  C:\Windows\System\oSqKwLf.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\YqvBDlu.exe
  C:\Windows\System\YqvBDlu.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\pDVOEQx.exe
  C:\Windows\System\pDVOEQx.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\VZHEmDg.exe
  C:\Windows\System\VZHEmDg.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\bIMoVez.exe
  C:\Windows\System\bIMoVez.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\ByQexap.exe
  C:\Windows\System\ByQexap.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\SJqHObH.exe
  C:\Windows\System\SJqHObH.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\xFhpWGN.exe
  C:\Windows\System\xFhpWGN.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\yHeVVuT.exe
  C:\Windows\System\yHeVVuT.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\YUvCXcm.exe
  C:\Windows\System\YUvCXcm.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\QBuPxsL.exe
  C:\Windows\System\QBuPxsL.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\DFtMvzW.exe
  C:\Windows\System\DFtMvzW.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\kcuuVJm.exe
  C:\Windows\System\kcuuVJm.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\exSvndk.exe
  C:\Windows\System\exSvndk.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\XSEymce.exe
  C:\Windows\System\XSEymce.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\ZCUJZDi.exe
  C:\Windows\System\ZCUJZDi.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\paxKYLo.exe
  C:\Windows\System\paxKYLo.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\PlgtLuF.exe
  C:\Windows\System\PlgtLuF.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\sWkExvD.exe
  C:\Windows\System\sWkExvD.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\gLoVCDu.exe
  C:\Windows\System\gLoVCDu.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\RZMZfUk.exe
  C:\Windows\System\RZMZfUk.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\VtEnmfK.exe
  C:\Windows\System\VtEnmfK.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\nLcGsbV.exe
  C:\Windows\System\nLcGsbV.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\NqVPPoq.exe
  C:\Windows\System\NqVPPoq.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\BhdFLZU.exe
  C:\Windows\System\BhdFLZU.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\XWAlJuR.exe
  C:\Windows\System\XWAlJuR.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\FicslyZ.exe
  C:\Windows\System\FicslyZ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\YVSbulj.exe
  C:\Windows\System\YVSbulj.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\eXWFyhn.exe
  C:\Windows\System\eXWFyhn.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\WfAKbwX.exe
  C:\Windows\System\WfAKbwX.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\pWgPeUc.exe
  C:\Windows\System\pWgPeUc.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\RBLdypb.exe
  C:\Windows\System\RBLdypb.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\UMsvNPg.exe
  C:\Windows\System\UMsvNPg.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\YPkjkcH.exe
  C:\Windows\System\YPkjkcH.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\cdBXMkF.exe
  C:\Windows\System\cdBXMkF.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\tARvyQc.exe
  C:\Windows\System\tARvyQc.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\eRgsIOP.exe
  C:\Windows\System\eRgsIOP.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qcTSwbz.exe
  C:\Windows\System\qcTSwbz.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\OINrhUc.exe
  C:\Windows\System\OINrhUc.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\RuBwhOE.exe
  C:\Windows\System\RuBwhOE.exe
  2⤵
  PID:2080
- C:\Windows\System\MndsAbl.exe
  C:\Windows\System\MndsAbl.exe
  2⤵
  PID:2264
- C:\Windows\System\DCbcOED.exe
  C:\Windows\System\DCbcOED.exe
  2⤵
  PID:2980
- C:\Windows\System\jTmdzCG.exe
  C:\Windows\System\jTmdzCG.exe
  2⤵
  PID:2956
- C:\Windows\System\htNZAkC.exe
  C:\Windows\System\htNZAkC.exe
  2⤵
  PID:2572
- C:\Windows\System\oAEjuWW.exe
  C:\Windows\System\oAEjuWW.exe
  2⤵
  PID:1420
- C:\Windows\System\fnwGVkE.exe
  C:\Windows\System\fnwGVkE.exe
  2⤵
  PID:2964
- C:\Windows\System\VXmaeHH.exe
  C:\Windows\System\VXmaeHH.exe
  2⤵
  PID:1928
- C:\Windows\System\QuvYkkb.exe
  C:\Windows\System\QuvYkkb.exe
  2⤵
  PID:2552
- C:\Windows\System\EPasYRi.exe
  C:\Windows\System\EPasYRi.exe
  2⤵
  PID:1672
- C:\Windows\System\FCxuyVR.exe
  C:\Windows\System\FCxuyVR.exe
  2⤵
  PID:2224
- C:\Windows\System\AqOSSIk.exe
  C:\Windows\System\AqOSSIk.exe
  2⤵
  PID:1284
- C:\Windows\System\nzsmlnL.exe
  C:\Windows\System\nzsmlnL.exe
  2⤵
  PID:1132
- C:\Windows\System\EQuVXJM.exe
  C:\Windows\System\EQuVXJM.exe
  2⤵
  PID:1336
- C:\Windows\System\eLJiNnw.exe
  C:\Windows\System\eLJiNnw.exe
  2⤵
  PID:1536
- C:\Windows\System\hEVNMxR.exe
  C:\Windows\System\hEVNMxR.exe
  2⤵
  PID:1768
- C:\Windows\System\MFHshWl.exe
  C:\Windows\System\MFHshWl.exe
  2⤵
  PID:660
- C:\Windows\System\mjrnGXc.exe
  C:\Windows\System\mjrnGXc.exe
  2⤵
  PID:1664
- C:\Windows\System\mqoyNcU.exe
  C:\Windows\System\mqoyNcU.exe
  2⤵
  PID:608
- C:\Windows\System\AficHWg.exe
  C:\Windows\System\AficHWg.exe
  2⤵
  PID:1516
- C:\Windows\System\qKLXYze.exe
  C:\Windows\System\qKLXYze.exe
  2⤵
  PID:1732
- C:\Windows\System\FSpknbO.exe
  C:\Windows\System\FSpknbO.exe
  2⤵
  PID:1988
- C:\Windows\System\xJNjgZZ.exe
  C:\Windows\System\xJNjgZZ.exe
  2⤵
  PID:2340
- C:\Windows\System\iwFhyrv.exe
  C:\Windows\System\iwFhyrv.exe
  2⤵
  PID:3056
- C:\Windows\System\jRoMOVd.exe
  C:\Windows\System\jRoMOVd.exe
  2⤵
  PID:876
- C:\Windows\System\rlxmlIA.exe
  C:\Windows\System\rlxmlIA.exe
  2⤵
  PID:316
- C:\Windows\System\qoZlSOx.exe
  C:\Windows\System\qoZlSOx.exe
  2⤵
  PID:1680
- C:\Windows\System\cxBdpWt.exe
  C:\Windows\System\cxBdpWt.exe
  2⤵
  PID:2496
- C:\Windows\System\vVxTgCv.exe
  C:\Windows\System\vVxTgCv.exe
  2⤵
  PID:2940
- C:\Windows\System\sDCWTxs.exe
  C:\Windows\System\sDCWTxs.exe
  2⤵
  PID:2736
- C:\Windows\System\tcNvrkV.exe
  C:\Windows\System\tcNvrkV.exe
  2⤵
  PID:2324
- C:\Windows\System\lTXtqDg.exe
  C:\Windows\System\lTXtqDg.exe
  2⤵
  PID:1248
- C:\Windows\System\MVpILuX.exe
  C:\Windows\System\MVpILuX.exe
  2⤵
  PID:2140
- C:\Windows\System\yHDKDvw.exe
  C:\Windows\System\yHDKDvw.exe
  2⤵
  PID:2948
- C:\Windows\System\eAdXmbk.exe
  C:\Windows\System\eAdXmbk.exe
  2⤵
  PID:332
- C:\Windows\System\iWhelgk.exe
  C:\Windows\System\iWhelgk.exe
  2⤵
  PID:2044
- C:\Windows\System\ZMfIEDM.exe
  C:\Windows\System\ZMfIEDM.exe
  2⤵
  PID:2000
- C:\Windows\System\uilcADm.exe
  C:\Windows\System\uilcADm.exe
  2⤵
  PID:2456
- C:\Windows\System\TaHQbKP.exe
  C:\Windows\System\TaHQbKP.exe
  2⤵
  PID:2548
- C:\Windows\System\BORWFem.exe
  C:\Windows\System\BORWFem.exe
  2⤵
  PID:436
- C:\Windows\System\rAXMhat.exe
  C:\Windows\System\rAXMhat.exe
  2⤵
  PID:680
- C:\Windows\System\AhLtuvU.exe
  C:\Windows\System\AhLtuvU.exe
  2⤵
  PID:352
- C:\Windows\System\FXlYbCE.exe
  C:\Windows\System\FXlYbCE.exe
  2⤵
  PID:2392
- C:\Windows\System\GmiDaFG.exe
  C:\Windows\System\GmiDaFG.exe
  2⤵
  PID:1736
- C:\Windows\System\WXEFgDo.exe
  C:\Windows\System\WXEFgDo.exe
  2⤵
  PID:2068
- C:\Windows\System\cFALMno.exe
  C:\Windows\System\cFALMno.exe
  2⤵
  PID:2108
- C:\Windows\System\noOyXVY.exe
  C:\Windows\System\noOyXVY.exe
  2⤵
  PID:1720
- C:\Windows\System\svKAqEz.exe
  C:\Windows\System\svKAqEz.exe
  2⤵
  PID:2916
- C:\Windows\System\AcifJaN.exe
  C:\Windows\System\AcifJaN.exe
  2⤵
  PID:2708
- C:\Windows\System\hLqGuCS.exe
  C:\Windows\System\hLqGuCS.exe
  2⤵
  PID:2204
- C:\Windows\System\LpJkAed.exe
  C:\Windows\System\LpJkAed.exe
  2⤵
  PID:2052
- C:\Windows\System\lQdywVZ.exe
  C:\Windows\System\lQdywVZ.exe
  2⤵
  PID:3088
- C:\Windows\System\CkwGUkl.exe
  C:\Windows\System\CkwGUkl.exe
  2⤵
  PID:3104
- C:\Windows\System\NIBkmkD.exe
  C:\Windows\System\NIBkmkD.exe
  2⤵
  PID:3120
- C:\Windows\System\gJypVgP.exe
  C:\Windows\System\gJypVgP.exe
  2⤵
  PID:3136
- C:\Windows\System\ILdyKaJ.exe
  C:\Windows\System\ILdyKaJ.exe
  2⤵
  PID:3152
- C:\Windows\System\cDHuBBY.exe
  C:\Windows\System\cDHuBBY.exe
  2⤵
  PID:3168
- C:\Windows\System\NNrKlqq.exe
  C:\Windows\System\NNrKlqq.exe
  2⤵
  PID:3184
- C:\Windows\System\oDSumUQ.exe
  C:\Windows\System\oDSumUQ.exe
  2⤵
  PID:3200
- C:\Windows\System\Eswsahh.exe
  C:\Windows\System\Eswsahh.exe
  2⤵
  PID:3216
- C:\Windows\System\UMSDlsb.exe
  C:\Windows\System\UMSDlsb.exe
  2⤵
  PID:3232
- C:\Windows\System\LNePYfr.exe
  C:\Windows\System\LNePYfr.exe
  2⤵
  PID:3248
- C:\Windows\System\UddjWap.exe
  C:\Windows\System\UddjWap.exe
  2⤵
  PID:3264
- C:\Windows\System\fNegPQS.exe
  C:\Windows\System\fNegPQS.exe
  2⤵
  PID:3280
- C:\Windows\System\DxjLuSF.exe
  C:\Windows\System\DxjLuSF.exe
  2⤵
  PID:3296
- C:\Windows\System\PjQibaW.exe
  C:\Windows\System\PjQibaW.exe
  2⤵
  PID:3312
- C:\Windows\System\kbbemBh.exe
  C:\Windows\System\kbbemBh.exe
  2⤵
  PID:3328
- C:\Windows\System\ULaoyPF.exe
  C:\Windows\System\ULaoyPF.exe
  2⤵
  PID:3344
- C:\Windows\System\oOwsIAC.exe
  C:\Windows\System\oOwsIAC.exe
  2⤵
  PID:3360
- C:\Windows\System\weptBsY.exe
  C:\Windows\System\weptBsY.exe
  2⤵
  PID:3376
- C:\Windows\System\NCEdHEA.exe
  C:\Windows\System\NCEdHEA.exe
  2⤵
  PID:3392
- C:\Windows\System\nQVmiGe.exe
  C:\Windows\System\nQVmiGe.exe
  2⤵
  PID:3408
- C:\Windows\System\DyORvNP.exe
  C:\Windows\System\DyORvNP.exe
  2⤵
  PID:3424
- C:\Windows\System\Zogqlgr.exe
  C:\Windows\System\Zogqlgr.exe
  2⤵
  PID:3440
- C:\Windows\System\RbqfdxV.exe
  C:\Windows\System\RbqfdxV.exe
  2⤵
  PID:3456
- C:\Windows\System\rrcLwxP.exe
  C:\Windows\System\rrcLwxP.exe
  2⤵
  PID:3472
- C:\Windows\System\NTPPbhl.exe
  C:\Windows\System\NTPPbhl.exe
  2⤵
  PID:3488
- C:\Windows\System\VNeFSHI.exe
  C:\Windows\System\VNeFSHI.exe
  2⤵
  PID:3504
- C:\Windows\System\iNENWBY.exe
  C:\Windows\System\iNENWBY.exe
  2⤵
  PID:3520
- C:\Windows\System\gDvadix.exe
  C:\Windows\System\gDvadix.exe
  2⤵
  PID:3536
- C:\Windows\System\SDxcbkK.exe
  C:\Windows\System\SDxcbkK.exe
  2⤵
  PID:3552
- C:\Windows\System\rFmJGOu.exe
  C:\Windows\System\rFmJGOu.exe
  2⤵
  PID:3568
- C:\Windows\System\KuHGQaU.exe
  C:\Windows\System\KuHGQaU.exe
  2⤵
  PID:3584
- C:\Windows\System\YIcSauS.exe
  C:\Windows\System\YIcSauS.exe
  2⤵
  PID:3600
- C:\Windows\System\aUJRpFV.exe
  C:\Windows\System\aUJRpFV.exe
  2⤵
  PID:3616
- C:\Windows\System\Cihjnjc.exe
  C:\Windows\System\Cihjnjc.exe
  2⤵
  PID:3636
- C:\Windows\System\AsKULrN.exe
  C:\Windows\System\AsKULrN.exe
  2⤵
  PID:3652
- C:\Windows\System\miRprTe.exe
  C:\Windows\System\miRprTe.exe
  2⤵
  PID:3668
- C:\Windows\System\jBzTeZF.exe
  C:\Windows\System\jBzTeZF.exe
  2⤵
  PID:3684
- C:\Windows\System\WQsUEXL.exe
  C:\Windows\System\WQsUEXL.exe
  2⤵
  PID:3700
- C:\Windows\System\cXPKYyL.exe
  C:\Windows\System\cXPKYyL.exe
  2⤵
  PID:3716
- C:\Windows\System\NOMcNVO.exe
  C:\Windows\System\NOMcNVO.exe
  2⤵
  PID:3732
- C:\Windows\System\qqvowPp.exe
  C:\Windows\System\qqvowPp.exe
  2⤵
  PID:3748
- C:\Windows\System\OMrzYJZ.exe
  C:\Windows\System\OMrzYJZ.exe
  2⤵
  PID:3764
- C:\Windows\System\GtbHYIh.exe
  C:\Windows\System\GtbHYIh.exe
  2⤵
  PID:3780
- C:\Windows\System\gGwpgLb.exe
  C:\Windows\System\gGwpgLb.exe
  2⤵
  PID:3796
- C:\Windows\System\FbknIfm.exe
  C:\Windows\System\FbknIfm.exe
  2⤵
  PID:3812
- C:\Windows\System\pIkNHAE.exe
  C:\Windows\System\pIkNHAE.exe
  2⤵
  PID:3828
- C:\Windows\System\HiorLtR.exe
  C:\Windows\System\HiorLtR.exe
  2⤵
  PID:3844
- C:\Windows\System\COGWQaZ.exe
  C:\Windows\System\COGWQaZ.exe
  2⤵
  PID:3860
- C:\Windows\System\zYHWfSi.exe
  C:\Windows\System\zYHWfSi.exe
  2⤵
  PID:3876
- C:\Windows\System\OsbqfyG.exe
  C:\Windows\System\OsbqfyG.exe
  2⤵
  PID:3892
- C:\Windows\System\dLTNyhe.exe
  C:\Windows\System\dLTNyhe.exe
  2⤵
  PID:3908
- C:\Windows\System\bLnzObg.exe
  C:\Windows\System\bLnzObg.exe
  2⤵
  PID:3924
- C:\Windows\System\TuAkitZ.exe
  C:\Windows\System\TuAkitZ.exe
  2⤵
  PID:3940
- C:\Windows\System\CNxidtv.exe
  C:\Windows\System\CNxidtv.exe
  2⤵
  PID:3956
- C:\Windows\System\bqigZZF.exe
  C:\Windows\System\bqigZZF.exe
  2⤵
  PID:3972
- C:\Windows\System\nhwuqgC.exe
  C:\Windows\System\nhwuqgC.exe
  2⤵
  PID:3988
- C:\Windows\System\bgBQDKp.exe
  C:\Windows\System\bgBQDKp.exe
  2⤵
  PID:4004
- C:\Windows\System\GZoUJoU.exe
  C:\Windows\System\GZoUJoU.exe
  2⤵
  PID:4020
- C:\Windows\System\XWyaLQK.exe
  C:\Windows\System\XWyaLQK.exe
  2⤵
  PID:4036
- C:\Windows\System\pYMhewM.exe
  C:\Windows\System\pYMhewM.exe
  2⤵
  PID:4052
- C:\Windows\System\Wqgrzgw.exe
  C:\Windows\System\Wqgrzgw.exe
  2⤵
  PID:4068
- C:\Windows\System\adsgsGn.exe
  C:\Windows\System\adsgsGn.exe
  2⤵
  PID:4084
- C:\Windows\System\zRCUAix.exe
  C:\Windows\System\zRCUAix.exe
  2⤵
  PID:1280
- C:\Windows\System\oUwxKKs.exe
  C:\Windows\System\oUwxKKs.exe
  2⤵
  PID:2580
- C:\Windows\System\zkernmS.exe
  C:\Windows\System\zkernmS.exe
  2⤵
  PID:1064
- C:\Windows\System\IkGUmQb.exe
  C:\Windows\System\IkGUmQb.exe
  2⤵
  PID:668
- C:\Windows\System\UuqAuwX.exe
  C:\Windows\System\UuqAuwX.exe
  2⤵
  PID:2280
- C:\Windows\System\LVTzZyA.exe
  C:\Windows\System\LVTzZyA.exe
  2⤵
  PID:2176
- C:\Windows\System\pIJfLLl.exe
  C:\Windows\System\pIJfLLl.exe
  2⤵
  PID:1312
- C:\Windows\System\dnHwmxD.exe
  C:\Windows\System\dnHwmxD.exe
  2⤵
  PID:268
- C:\Windows\System\sYxfHES.exe
  C:\Windows\System\sYxfHES.exe
  2⤵
  PID:1268
- C:\Windows\System\qHeJwab.exe
  C:\Windows\System\qHeJwab.exe
  2⤵
  PID:2760
- C:\Windows\System\yGWhRbp.exe
  C:\Windows\System\yGWhRbp.exe
  2⤵
  PID:2824
- C:\Windows\System\WAiqTGR.exe
  C:\Windows\System\WAiqTGR.exe
  2⤵
  PID:2004
- C:\Windows\System\cmhPrag.exe
  C:\Windows\System\cmhPrag.exe
  2⤵
  PID:1948
- C:\Windows\System\cmsjLDz.exe
  C:\Windows\System\cmsjLDz.exe
  2⤵
  PID:3080
- C:\Windows\System\mfszHwa.exe
  C:\Windows\System\mfszHwa.exe
  2⤵
  PID:3112
- C:\Windows\System\jlgLjoN.exe
  C:\Windows\System\jlgLjoN.exe
  2⤵
  PID:3144
- C:\Windows\System\VRdusEh.exe
  C:\Windows\System\VRdusEh.exe
  2⤵
  PID:3176
- C:\Windows\System\jHdzZxl.exe
  C:\Windows\System\jHdzZxl.exe
  2⤵
  PID:3192
- C:\Windows\System\IcgGSKA.exe
  C:\Windows\System\IcgGSKA.exe
  2⤵
  PID:3240
- C:\Windows\System\yjQLsQb.exe
  C:\Windows\System\yjQLsQb.exe
  2⤵
  PID:3272
- C:\Windows\System\cdLEkBT.exe
  C:\Windows\System\cdLEkBT.exe
  2⤵
  PID:3304
- C:\Windows\System\xBKNIhk.exe
  C:\Windows\System\xBKNIhk.exe
  2⤵
  PID:3336
- C:\Windows\System\PFDbVzj.exe
  C:\Windows\System\PFDbVzj.exe
  2⤵
  PID:3368
- C:\Windows\System\dOnSvtw.exe
  C:\Windows\System\dOnSvtw.exe
  2⤵
  PID:3400
- C:\Windows\System\cdYadrw.exe
  C:\Windows\System\cdYadrw.exe
  2⤵
  PID:3420
- C:\Windows\System\sTNUGzg.exe
  C:\Windows\System\sTNUGzg.exe
  2⤵
  PID:3448
- C:\Windows\System\aMaPXqx.exe
  C:\Windows\System\aMaPXqx.exe
  2⤵
  PID:3496
- C:\Windows\System\nqhQlKQ.exe
  C:\Windows\System\nqhQlKQ.exe
  2⤵
  PID:3512
- C:\Windows\System\pfSIfth.exe
  C:\Windows\System\pfSIfth.exe
  2⤵
  PID:3560
- C:\Windows\System\LeiKkin.exe
  C:\Windows\System\LeiKkin.exe
  2⤵
  PID:1448
- C:\Windows\System\acRBdnz.exe
  C:\Windows\System\acRBdnz.exe
  2⤵
  PID:796
- C:\Windows\System\HcGxgbV.exe
  C:\Windows\System\HcGxgbV.exe
  2⤵
  PID:3128
- C:\Windows\System\OvGryfr.exe
  C:\Windows\System\OvGryfr.exe
  2⤵
  PID:3276
- C:\Windows\System\NFwpcDE.exe
  C:\Windows\System\NFwpcDE.exe
  2⤵
  PID:3356
- C:\Windows\System\JCMNzSQ.exe
  C:\Windows\System\JCMNzSQ.exe
  2⤵
  PID:3468
- C:\Windows\System\IiUeygn.exe
  C:\Windows\System\IiUeygn.exe
  2⤵
  PID:3432
- C:\Windows\System\lKOhCbe.exe
  C:\Windows\System\lKOhCbe.exe
  2⤵
  PID:3548
- C:\Windows\System\sBFHGtl.exe
  C:\Windows\System\sBFHGtl.exe
  2⤵
  PID:3596
- C:\Windows\System\dYBvuRy.exe
  C:\Windows\System\dYBvuRy.exe
  2⤵
  PID:868
- C:\Windows\System\sJwdIyl.exe
  C:\Windows\System\sJwdIyl.exe
  2⤵
  PID:2868
- C:\Windows\System\FXWezaH.exe
  C:\Windows\System\FXWezaH.exe
  2⤵
  PID:2752
- C:\Windows\System\bSVnptH.exe
  C:\Windows\System\bSVnptH.exe
  2⤵
  PID:1796
- C:\Windows\System\URnDRkm.exe
  C:\Windows\System\URnDRkm.exe
  2⤵
  PID:2448
- C:\Windows\System\xtqpgaC.exe
  C:\Windows\System\xtqpgaC.exe
  2⤵
  PID:2208
- C:\Windows\System\JtpbOZm.exe
  C:\Windows\System\JtpbOZm.exe
  2⤵
  PID:2804
- C:\Windows\System\qOyfrFV.exe
  C:\Windows\System\qOyfrFV.exe
  2⤵
  PID:2632
- C:\Windows\System\LdGOFNN.exe
  C:\Windows\System\LdGOFNN.exe
  2⤵
  PID:448
- C:\Windows\System\oransYS.exe
  C:\Windows\System\oransYS.exe
  2⤵
  PID:2516
- C:\Windows\System\wMMcuGg.exe
  C:\Windows\System\wMMcuGg.exe
  2⤵
  PID:3760
- C:\Windows\System\PJypXIA.exe
  C:\Windows\System\PJypXIA.exe
  2⤵
  PID:3680
- C:\Windows\System\QQHXQEh.exe
  C:\Windows\System\QQHXQEh.exe
  2⤵
  PID:3712
- C:\Windows\System\XULMZGv.exe
  C:\Windows\System\XULMZGv.exe
  2⤵
  PID:3772
- C:\Windows\System\eHJylIP.exe
  C:\Windows\System\eHJylIP.exe
  2⤵
  PID:3836
- C:\Windows\System\BitfMwh.exe
  C:\Windows\System\BitfMwh.exe
  2⤵
  PID:3840
- C:\Windows\System\AftHOyl.exe
  C:\Windows\System\AftHOyl.exe
  2⤵
  PID:3904
- C:\Windows\System\tqgJWqF.exe
  C:\Windows\System\tqgJWqF.exe
  2⤵
  PID:3932
- C:\Windows\System\xaQShvV.exe
  C:\Windows\System\xaQShvV.exe
  2⤵
  PID:4016
- C:\Windows\System\MHEBakD.exe
  C:\Windows\System\MHEBakD.exe
  2⤵
  PID:4048
- C:\Windows\System\AZyNMIQ.exe
  C:\Windows\System\AZyNMIQ.exe
  2⤵
  PID:4080
- C:\Windows\System\NXqyWBI.exe
  C:\Windows\System\NXqyWBI.exe
  2⤵
  PID:1032
- C:\Windows\System\YrtdwwF.exe
  C:\Windows\System\YrtdwwF.exe
  2⤵
  PID:1224
- C:\Windows\System\FaTPnbn.exe
  C:\Windows\System\FaTPnbn.exe
  2⤵
  PID:2992
- C:\Windows\System\omSAloP.exe
  C:\Windows\System\omSAloP.exe
  2⤵
  PID:2036
- C:\Windows\System\eVSZKSa.exe
  C:\Windows\System\eVSZKSa.exe
  2⤵
  PID:2968
- C:\Windows\System\HzQzilX.exe
  C:\Windows\System\HzQzilX.exe
  2⤵
  PID:3580
- C:\Windows\System\fUVnkLt.exe
  C:\Windows\System\fUVnkLt.exe
  2⤵
  PID:2472
- C:\Windows\System\MRxexPC.exe
  C:\Windows\System\MRxexPC.exe
  2⤵
  PID:1456
- C:\Windows\System\aTSDpOc.exe
  C:\Windows\System\aTSDpOc.exe
  2⤵
  PID:2500
- C:\Windows\System\mVtfnSR.exe
  C:\Windows\System\mVtfnSR.exe
  2⤵
  PID:3340
- C:\Windows\System\utKmYWF.exe
  C:\Windows\System\utKmYWF.exe
  2⤵
  PID:3564
- C:\Windows\System\ktmtlOi.exe
  C:\Windows\System\ktmtlOi.exe
  2⤵
  PID:2928
- C:\Windows\System\WWLjxXi.exe
  C:\Windows\System\WWLjxXi.exe
  2⤵
  PID:3212
- C:\Windows\System\UzgNMDE.exe
  C:\Windows\System\UzgNMDE.exe
  2⤵
  PID:3416
- C:\Windows\System\xkLKSlw.exe
  C:\Windows\System\xkLKSlw.exe
  2⤵
  PID:2216
- C:\Windows\System\EhAKXhN.exe
  C:\Windows\System\EhAKXhN.exe
  2⤵
  PID:3824
- C:\Windows\System\LvoWNWD.exe
  C:\Windows\System\LvoWNWD.exe
  2⤵
  PID:3776
- C:\Windows\System\xiHjczv.exe
  C:\Windows\System\xiHjczv.exe
  2⤵
  PID:2220
- C:\Windows\System\wMykVBa.exe
  C:\Windows\System\wMykVBa.exe
  2⤵
  PID:2128
- C:\Windows\System\osLCrrw.exe
  C:\Windows\System\osLCrrw.exe
  2⤵
  PID:3952
- C:\Windows\System\OMgFNCb.exe
  C:\Windows\System\OMgFNCb.exe
  2⤵
  PID:1820
- C:\Windows\System\CHzkXLr.exe
  C:\Windows\System\CHzkXLr.exe
  2⤵
  PID:776
- C:\Windows\System\DSerkch.exe
  C:\Windows\System\DSerkch.exe
  2⤵
  PID:2088
- C:\Windows\System\fcYydUx.exe
  C:\Windows\System\fcYydUx.exe
  2⤵
  PID:2028
- C:\Windows\System\GrlZaJG.exe
  C:\Windows\System\GrlZaJG.exe
  2⤵
  PID:2772
- C:\Windows\System\taRohvE.exe
  C:\Windows\System\taRohvE.exe
  2⤵
  PID:3804
- C:\Windows\System\ToOuXjQ.exe
  C:\Windows\System\ToOuXjQ.exe
  2⤵
  PID:3964
- C:\Windows\System\mDuczWX.exe
  C:\Windows\System\mDuczWX.exe
  2⤵
  PID:3968
- C:\Windows\System\hWWIOei.exe
  C:\Windows\System\hWWIOei.exe
  2⤵
  PID:4112
- C:\Windows\System\cLaIslN.exe
  C:\Windows\System\cLaIslN.exe
  2⤵
  PID:4128
- C:\Windows\System\bXIlklx.exe
  C:\Windows\System\bXIlklx.exe
  2⤵
  PID:4144
- C:\Windows\System\unNVxWg.exe
  C:\Windows\System\unNVxWg.exe
  2⤵
  PID:4160
- C:\Windows\System\LqmUPCp.exe
  C:\Windows\System\LqmUPCp.exe
  2⤵
  PID:4176
- C:\Windows\System\AwqcXtC.exe
  C:\Windows\System\AwqcXtC.exe
  2⤵
  PID:4192
- C:\Windows\System\ZvpoEhE.exe
  C:\Windows\System\ZvpoEhE.exe
  2⤵
  PID:4208
- C:\Windows\System\EQDBbvt.exe
  C:\Windows\System\EQDBbvt.exe
  2⤵
  PID:4224
- C:\Windows\System\OQjLXUc.exe
  C:\Windows\System\OQjLXUc.exe
  2⤵
  PID:4240
- C:\Windows\System\yNfXAYg.exe
  C:\Windows\System\yNfXAYg.exe
  2⤵
  PID:4256
- C:\Windows\System\AobXCBv.exe
  C:\Windows\System\AobXCBv.exe
  2⤵
  PID:4272
- C:\Windows\System\IuXPPXo.exe
  C:\Windows\System\IuXPPXo.exe
  2⤵
  PID:4288
- C:\Windows\System\tBhqyeq.exe
  C:\Windows\System\tBhqyeq.exe
  2⤵
  PID:4304
- C:\Windows\System\nkYmZfs.exe
  C:\Windows\System\nkYmZfs.exe
  2⤵
  PID:4320
- C:\Windows\System\HFGXHOG.exe
  C:\Windows\System\HFGXHOG.exe
  2⤵
  PID:4336
- C:\Windows\System\VaNGCbo.exe
  C:\Windows\System\VaNGCbo.exe
  2⤵
  PID:4352
- C:\Windows\System\eGkDCDp.exe
  C:\Windows\System\eGkDCDp.exe
  2⤵
  PID:4368
- C:\Windows\System\XUqMPMS.exe
  C:\Windows\System\XUqMPMS.exe
  2⤵
  PID:4384
- C:\Windows\System\LRhmMGF.exe
  C:\Windows\System\LRhmMGF.exe
  2⤵
  PID:4400
- C:\Windows\System\doaAUAd.exe
  C:\Windows\System\doaAUAd.exe
  2⤵
  PID:4416
- C:\Windows\System\eVIahhR.exe
  C:\Windows\System\eVIahhR.exe
  2⤵
  PID:4432
- C:\Windows\System\pFlYPGz.exe
  C:\Windows\System\pFlYPGz.exe
  2⤵
  PID:4448
- C:\Windows\System\MvMXfrC.exe
  C:\Windows\System\MvMXfrC.exe
  2⤵
  PID:4464
- C:\Windows\System\jNWuVlJ.exe
  C:\Windows\System\jNWuVlJ.exe
  2⤵
  PID:4480
- C:\Windows\System\zOJWTiH.exe
  C:\Windows\System\zOJWTiH.exe
  2⤵
  PID:4496
- C:\Windows\System\wvRPqeW.exe
  C:\Windows\System\wvRPqeW.exe
  2⤵
  PID:4512
- C:\Windows\System\qQFxmsS.exe
  C:\Windows\System\qQFxmsS.exe
  2⤵
  PID:4528
- C:\Windows\System\tObmumY.exe
  C:\Windows\System\tObmumY.exe
  2⤵
  PID:4544
- C:\Windows\System\dTCbjDJ.exe
  C:\Windows\System\dTCbjDJ.exe
  2⤵
  PID:4560
- C:\Windows\System\vqywcFb.exe
  C:\Windows\System\vqywcFb.exe
  2⤵
  PID:4576
- C:\Windows\System\CNFtYLF.exe
  C:\Windows\System\CNFtYLF.exe
  2⤵
  PID:4592
- C:\Windows\System\LSobxcW.exe
  C:\Windows\System\LSobxcW.exe
  2⤵
  PID:4608
- C:\Windows\System\mAsCkql.exe
  C:\Windows\System\mAsCkql.exe
  2⤵
  PID:4628
- C:\Windows\System\qAjfWNo.exe
  C:\Windows\System\qAjfWNo.exe
  2⤵
  PID:4644
- C:\Windows\System\Mnvstus.exe
  C:\Windows\System\Mnvstus.exe
  2⤵
  PID:4664
- C:\Windows\System\VwwTiWq.exe
  C:\Windows\System\VwwTiWq.exe
  2⤵
  PID:4680
- C:\Windows\System\JBawaQa.exe
  C:\Windows\System\JBawaQa.exe
  2⤵
  PID:4696
- C:\Windows\System\zgPNDhZ.exe
  C:\Windows\System\zgPNDhZ.exe
  2⤵
  PID:4712
- C:\Windows\System\xlzgWGK.exe
  C:\Windows\System\xlzgWGK.exe
  2⤵
  PID:4728
- C:\Windows\System\RRyIeNI.exe
  C:\Windows\System\RRyIeNI.exe
  2⤵
  PID:4744
- C:\Windows\System\FadAbcg.exe
  C:\Windows\System\FadAbcg.exe
  2⤵
  PID:4760
- C:\Windows\System\WdGYBDv.exe
  C:\Windows\System\WdGYBDv.exe
  2⤵
  PID:4776
- C:\Windows\System\tYGKVeu.exe
  C:\Windows\System\tYGKVeu.exe
  2⤵
  PID:4792
- C:\Windows\System\JodIXvI.exe
  C:\Windows\System\JodIXvI.exe
  2⤵
  PID:4808
- C:\Windows\System\BGpnYoW.exe
  C:\Windows\System\BGpnYoW.exe
  2⤵
  PID:4824
- C:\Windows\System\RErOIRL.exe
  C:\Windows\System\RErOIRL.exe
  2⤵
  PID:4840
- C:\Windows\System\MadnCFi.exe
  C:\Windows\System\MadnCFi.exe
  2⤵
  PID:4856
- C:\Windows\System\ckKTiqQ.exe
  C:\Windows\System\ckKTiqQ.exe
  2⤵
  PID:4872
- C:\Windows\System\NSLdeJw.exe
  C:\Windows\System\NSLdeJw.exe
  2⤵
  PID:4888
- C:\Windows\System\zCwKwZg.exe
  C:\Windows\System\zCwKwZg.exe
  2⤵
  PID:4904
- C:\Windows\System\ytLXXwX.exe
  C:\Windows\System\ytLXXwX.exe
  2⤵
  PID:4920
- C:\Windows\System\ptqcHHb.exe
  C:\Windows\System\ptqcHHb.exe
  2⤵
  PID:4936
- C:\Windows\System\NkRiHPF.exe
  C:\Windows\System\NkRiHPF.exe
  2⤵
  PID:4952
- C:\Windows\System\YpFUZdb.exe
  C:\Windows\System\YpFUZdb.exe
  2⤵
  PID:4968
- C:\Windows\System\Ekgchyc.exe
  C:\Windows\System\Ekgchyc.exe
  2⤵
  PID:4984
- C:\Windows\System\uUcBHDa.exe
  C:\Windows\System\uUcBHDa.exe
  2⤵
  PID:5000
- C:\Windows\System\gAtypir.exe
  C:\Windows\System\gAtypir.exe
  2⤵
  PID:5016
- C:\Windows\System\eXRBABY.exe
  C:\Windows\System\eXRBABY.exe
  2⤵
  PID:5032
- C:\Windows\System\RLubzYn.exe
  C:\Windows\System\RLubzYn.exe
  2⤵
  PID:5048
- C:\Windows\System\lsJnrxh.exe
  C:\Windows\System\lsJnrxh.exe
  2⤵
  PID:5064
- C:\Windows\System\oCCcAXm.exe
  C:\Windows\System\oCCcAXm.exe
  2⤵
  PID:5080
- C:\Windows\System\wnBnZWJ.exe
  C:\Windows\System\wnBnZWJ.exe
  2⤵
  PID:5096
- C:\Windows\System\cgwtEYj.exe
  C:\Windows\System\cgwtEYj.exe
  2⤵
  PID:5112
- C:\Windows\System\VpBSYPV.exe
  C:\Windows\System\VpBSYPV.exe
  2⤵
  PID:3644
- C:\Windows\System\VWuMHOk.exe
  C:\Windows\System\VWuMHOk.exe
  2⤵
  PID:3884
- C:\Windows\System\PrlTHGJ.exe
  C:\Windows\System\PrlTHGJ.exe
  2⤵
  PID:3936
- C:\Windows\System\DVarJhK.exe
  C:\Windows\System\DVarJhK.exe
  2⤵
  PID:2168
- C:\Windows\System\relYMVF.exe
  C:\Windows\System\relYMVF.exe
  2⤵
  PID:2828
- C:\Windows\System\ICqQBrX.exe
  C:\Windows\System\ICqQBrX.exe
  2⤵
  PID:2844
- C:\Windows\System\OnNfims.exe
  C:\Windows\System\OnNfims.exe
  2⤵
  PID:3096
- C:\Windows\System\jthcyLE.exe
  C:\Windows\System\jthcyLE.exe
  2⤵
  PID:3308
- C:\Windows\System\XHJhERv.exe
  C:\Windows\System\XHJhERv.exe
  2⤵
  PID:1040
- C:\Windows\System\aiYPkVZ.exe
  C:\Windows\System\aiYPkVZ.exe
  2⤵
  PID:3384
- C:\Windows\System\ZkTNNvc.exe
  C:\Windows\System\ZkTNNvc.exe
  2⤵
  PID:3648
- C:\Windows\System\QfpOXdq.exe
  C:\Windows\System\QfpOXdq.exe
  2⤵
  PID:2244
- C:\Windows\System\nbXvNPc.exe
  C:\Windows\System\nbXvNPc.exe
  2⤵
  PID:2284
- C:\Windows\System\TnNNUpX.exe
  C:\Windows\System\TnNNUpX.exe
  2⤵
  PID:2788
- C:\Windows\System\PQlDLEG.exe
  C:\Windows\System\PQlDLEG.exe
  2⤵
  PID:4136
- C:\Windows\System\haoupXd.exe
  C:\Windows\System\haoupXd.exe
  2⤵
  PID:4200
- C:\Windows\System\OTEilte.exe
  C:\Windows\System\OTEilte.exe
  2⤵
  PID:3692
- C:\Windows\System\fhNoWUg.exe
  C:\Windows\System\fhNoWUg.exe
  2⤵
  PID:4300
- C:\Windows\System\zyuASiH.exe
  C:\Windows\System\zyuASiH.exe
  2⤵
  PID:4396
- C:\Windows\System\lTguzgE.exe
  C:\Windows\System\lTguzgE.exe
  2⤵
  PID:4520
- C:\Windows\System\XhjUFeb.exe
  C:\Windows\System\XhjUFeb.exe
  2⤵
  PID:4524
- C:\Windows\System\tEhMxsA.exe
  C:\Windows\System\tEhMxsA.exe
  2⤵
  PID:4652
- C:\Windows\System\XLDEftZ.exe
  C:\Windows\System\XLDEftZ.exe
  2⤵
  PID:1104
- C:\Windows\System\WlLClEl.exe
  C:\Windows\System\WlLClEl.exe
  2⤵
  PID:4156
- C:\Windows\System\pdRRtyW.exe
  C:\Windows\System\pdRRtyW.exe
  2⤵
  PID:4220
- C:\Windows\System\BncEvkj.exe
  C:\Windows\System\BncEvkj.exe
  2⤵
  PID:5136
- C:\Windows\System\EUWxzmX.exe
  C:\Windows\System\EUWxzmX.exe
  2⤵
  PID:5152
- C:\Windows\System\vFmkowu.exe
  C:\Windows\System\vFmkowu.exe
  2⤵
  PID:5168
- C:\Windows\System\tVhTiCt.exe
  C:\Windows\System\tVhTiCt.exe
  2⤵
  PID:5184
- C:\Windows\System\OmoxJqn.exe
  C:\Windows\System\OmoxJqn.exe
  2⤵
  PID:5200
- C:\Windows\System\zVmxeaB.exe
  C:\Windows\System\zVmxeaB.exe
  2⤵
  PID:5216
- C:\Windows\System\PalpuFj.exe
  C:\Windows\System\PalpuFj.exe
  2⤵
  PID:5232
- C:\Windows\System\cpFrUDo.exe
  C:\Windows\System\cpFrUDo.exe
  2⤵
  PID:5248
- C:\Windows\System\gTgZYSU.exe
  C:\Windows\System\gTgZYSU.exe
  2⤵
  PID:5264
- C:\Windows\System\aWOxwFF.exe
  C:\Windows\System\aWOxwFF.exe
  2⤵
  PID:5280
- C:\Windows\System\tUocYsG.exe
  C:\Windows\System\tUocYsG.exe
  2⤵
  PID:5296
- C:\Windows\System\NkCQiSP.exe
  C:\Windows\System\NkCQiSP.exe
  2⤵
  PID:5312
- C:\Windows\System\IFBhGsA.exe
  C:\Windows\System\IFBhGsA.exe
  2⤵
  PID:5328
- C:\Windows\System\LjXULrd.exe
  C:\Windows\System\LjXULrd.exe
  2⤵
  PID:5344
- C:\Windows\System\pWbfjrn.exe
  C:\Windows\System\pWbfjrn.exe
  2⤵
  PID:5360
- C:\Windows\System\jIUBDLI.exe
  C:\Windows\System\jIUBDLI.exe
  2⤵
  PID:5376
- C:\Windows\System\EQUiEqc.exe
  C:\Windows\System\EQUiEqc.exe
  2⤵
  PID:5392
- C:\Windows\System\VZRXewC.exe
  C:\Windows\System\VZRXewC.exe
  2⤵
  PID:5408
- C:\Windows\System\MuVpXmo.exe
  C:\Windows\System\MuVpXmo.exe
  2⤵
  PID:5424
- C:\Windows\System\ZDaXImF.exe
  C:\Windows\System\ZDaXImF.exe
  2⤵
  PID:5444
- C:\Windows\System\mPuyHUM.exe
  C:\Windows\System\mPuyHUM.exe
  2⤵
  PID:5460
- C:\Windows\System\KKjOkxt.exe
  C:\Windows\System\KKjOkxt.exe
  2⤵
  PID:5476
- C:\Windows\System\iIVPtAZ.exe
  C:\Windows\System\iIVPtAZ.exe
  2⤵
  PID:5492
- C:\Windows\System\uLUMrgr.exe
  C:\Windows\System\uLUMrgr.exe
  2⤵
  PID:5520
- C:\Windows\System\JYZoFJA.exe
  C:\Windows\System\JYZoFJA.exe
  2⤵
  PID:5540
- C:\Windows\System\RnkiFHf.exe
  C:\Windows\System\RnkiFHf.exe
  2⤵
  PID:5560
- C:\Windows\System\tZVFANS.exe
  C:\Windows\System\tZVFANS.exe
  2⤵
  PID:5576
- C:\Windows\System\SrBEZPZ.exe
  C:\Windows\System\SrBEZPZ.exe
  2⤵
  PID:5592
- C:\Windows\System\MphOVFo.exe
  C:\Windows\System\MphOVFo.exe
  2⤵
  PID:5608
- C:\Windows\System\pLNhdpv.exe
  C:\Windows\System\pLNhdpv.exe
  2⤵
  PID:5640
- C:\Windows\System\XdktiHM.exe
  C:\Windows\System\XdktiHM.exe
  2⤵
  PID:5660
- C:\Windows\System\HMhRXQJ.exe
  C:\Windows\System\HMhRXQJ.exe
  2⤵
  PID:5676
- C:\Windows\System\iKuIuNK.exe
  C:\Windows\System\iKuIuNK.exe
  2⤵
  PID:5692
- C:\Windows\System\eslAnCs.exe
  C:\Windows\System\eslAnCs.exe
  2⤵
  PID:5708
- C:\Windows\System\wspilho.exe
  C:\Windows\System\wspilho.exe
  2⤵
  PID:5724
- C:\Windows\System\IaiPmZb.exe
  C:\Windows\System\IaiPmZb.exe
  2⤵
  PID:5740
- C:\Windows\System\HgJnSOn.exe
  C:\Windows\System\HgJnSOn.exe
  2⤵
  PID:5756
- C:\Windows\System\gfkWhmL.exe
  C:\Windows\System\gfkWhmL.exe
  2⤵
  PID:5772
- C:\Windows\System\hVyeKcF.exe
  C:\Windows\System\hVyeKcF.exe
  2⤵
  PID:5788
- C:\Windows\System\bZqYlUD.exe
  C:\Windows\System\bZqYlUD.exe
  2⤵
  PID:5804
- C:\Windows\System\AUSmGRY.exe
  C:\Windows\System\AUSmGRY.exe
  2⤵
  PID:5820
- C:\Windows\System\dUtBBGP.exe
  C:\Windows\System\dUtBBGP.exe
  2⤵
  PID:5836
- C:\Windows\System\dzbUyDY.exe
  C:\Windows\System\dzbUyDY.exe
  2⤵
  PID:5852
- C:\Windows\System\XfWmVfJ.exe
  C:\Windows\System\XfWmVfJ.exe
  2⤵
  PID:5872
- C:\Windows\System\jwNADuJ.exe
  C:\Windows\System\jwNADuJ.exe
  2⤵
  PID:5888
- C:\Windows\System\tGaXaBj.exe
  C:\Windows\System\tGaXaBj.exe
  2⤵
  PID:5908
- C:\Windows\System\gcNitwy.exe
  C:\Windows\System\gcNitwy.exe
  2⤵
  PID:5924
- C:\Windows\System\oxJKgfr.exe
  C:\Windows\System\oxJKgfr.exe
  2⤵
  PID:5944
- C:\Windows\System\VpWxnYh.exe
  C:\Windows\System\VpWxnYh.exe
  2⤵
  PID:5964
- C:\Windows\System\rFZCLmC.exe
  C:\Windows\System\rFZCLmC.exe
  2⤵
  PID:5980
- C:\Windows\System\WYJdgNi.exe
  C:\Windows\System\WYJdgNi.exe
  2⤵
  PID:5996
- C:\Windows\System\tJoCIlS.exe
  C:\Windows\System\tJoCIlS.exe
  2⤵
  PID:6012
- C:\Windows\System\CXkxjFL.exe
  C:\Windows\System\CXkxjFL.exe
  2⤵
  PID:6036
- C:\Windows\System\lIllRzZ.exe
  C:\Windows\System\lIllRzZ.exe
  2⤵
  PID:6052
- C:\Windows\System\DBimJbc.exe
  C:\Windows\System\DBimJbc.exe
  2⤵
  PID:6072
- C:\Windows\System\YYxSUpp.exe
  C:\Windows\System\YYxSUpp.exe
  2⤵
  PID:6088
- C:\Windows\System\NRGWvoK.exe
  C:\Windows\System\NRGWvoK.exe
  2⤵
  PID:6108
- C:\Windows\System\cVXLCnr.exe
  C:\Windows\System\cVXLCnr.exe
  2⤵
  PID:6124
- C:\Windows\System\hRRlSsH.exe
  C:\Windows\System\hRRlSsH.exe
  2⤵
  PID:4376
- C:\Windows\System\cPwZLME.exe
  C:\Windows\System\cPwZLME.exe
  2⤵
  PID:4820
- C:\Windows\System\KGUWQRb.exe
  C:\Windows\System\KGUWQRb.exe
  2⤵
  PID:4428
- C:\Windows\System\DVxFzVE.exe
  C:\Windows\System\DVxFzVE.exe
  2⤵
  PID:4616
- C:\Windows\System\EQLuNwP.exe
  C:\Windows\System\EQLuNwP.exe
  2⤵
  PID:5076
- C:\Windows\System\MEjxZLv.exe
  C:\Windows\System\MEjxZLv.exe
  2⤵
  PID:2360
- C:\Windows\System\jJIUJdB.exe
  C:\Windows\System\jJIUJdB.exe
  2⤵
  PID:756
- C:\Windows\System\EVfxLwa.exe
  C:\Windows\System\EVfxLwa.exe
  2⤵
  PID:4124
- C:\Windows\System\lOusqSu.exe
  C:\Windows\System\lOusqSu.exe
  2⤵
  PID:4172
- C:\Windows\System\huqdcSB.exe
  C:\Windows\System\huqdcSB.exe
  2⤵
  PID:4492
- C:\Windows\System\UIYsGxe.exe
  C:\Windows\System\UIYsGxe.exe
  2⤵
  PID:5128
- C:\Windows\System\AKMPIZf.exe
  C:\Windows\System\AKMPIZf.exe
  2⤵
  PID:5192
- C:\Windows\System\wntrdXo.exe
  C:\Windows\System\wntrdXo.exe
  2⤵
  PID:5256
- C:\Windows\System\CseOHHS.exe
  C:\Windows\System\CseOHHS.exe
  2⤵
  PID:5320
- C:\Windows\System\JLUCiFl.exe
  C:\Windows\System\JLUCiFl.exe
  2⤵
  PID:4852
- C:\Windows\System\vZqyJJA.exe
  C:\Windows\System\vZqyJJA.exe
  2⤵
  PID:5600
- C:\Windows\System\kDMASUR.exe
  C:\Windows\System\kDMASUR.exe
  2⤵
  PID:5684
- C:\Windows\System\tZNjAGO.exe
  C:\Windows\System\tZNjAGO.exe
  2⤵
  PID:5688
- C:\Windows\System\MZPDhRn.exe
  C:\Windows\System\MZPDhRn.exe
  2⤵
  PID:5784
- C:\Windows\System\BOikmaq.exe
  C:\Windows\System\BOikmaq.exe
  2⤵
  PID:5884
- C:\Windows\System\cPAcRoq.exe
  C:\Windows\System\cPAcRoq.exe
  2⤵
  PID:5920
- C:\Windows\System\OuuRIqe.exe
  C:\Windows\System\OuuRIqe.exe
  2⤵
  PID:5956
- C:\Windows\System\zLwRADP.exe
  C:\Windows\System\zLwRADP.exe
  2⤵
  PID:6032
- C:\Windows\System\ciRBVMU.exe
  C:\Windows\System\ciRBVMU.exe
  2⤵
  PID:6028
- C:\Windows\System\NjGHDPq.exe
  C:\Windows\System\NjGHDPq.exe
  2⤵
  PID:6104
- C:\Windows\System\BwToaIA.exe
  C:\Windows\System\BwToaIA.exe
  2⤵
  PID:6140
- C:\Windows\System\oYWqZNr.exe
  C:\Windows\System\oYWqZNr.exe
  2⤵
  PID:3660
- C:\Windows\System\IIiRUeQ.exe
  C:\Windows\System\IIiRUeQ.exe
  2⤵
  PID:5228
- C:\Windows\System\rGCsWBS.exe
  C:\Windows\System\rGCsWBS.exe
  2⤵
  PID:5732
- C:\Windows\System\ZRheAqq.exe
  C:\Windows\System\ZRheAqq.exe
  2⤵
  PID:4168
- C:\Windows\System\QOOmNdn.exe
  C:\Windows\System\QOOmNdn.exe
  2⤵
  PID:5704
- C:\Windows\System\nBRzoDA.exe
  C:\Windows\System\nBRzoDA.exe
  2⤵
  PID:5828
- C:\Windows\System\BcFjZvh.exe
  C:\Windows\System\BcFjZvh.exe
  2⤵
  PID:5900
- C:\Windows\System\nVAbQDR.exe
  C:\Windows\System\nVAbQDR.exe
  2⤵
  PID:5940
- C:\Windows\System\ecwWfUs.exe
  C:\Windows\System\ecwWfUs.exe
  2⤵
  PID:5976
- C:\Windows\System\YJvWllg.exe
  C:\Windows\System\YJvWllg.exe
  2⤵
  PID:6048
- C:\Windows\System\HvoVkqj.exe
  C:\Windows\System\HvoVkqj.exe
  2⤵
  PID:6120
- C:\Windows\System\Bucdjzh.exe
  C:\Windows\System\Bucdjzh.exe
  2⤵
  PID:4552
- C:\Windows\System\oIVFpkg.exe
  C:\Windows\System\oIVFpkg.exe
  2⤵
  PID:3084
- C:\Windows\System\tvREPif.exe
  C:\Windows\System\tvREPif.exe
  2⤵
  PID:5164
- C:\Windows\System\eYSanXb.exe
  C:\Windows\System\eYSanXb.exe
  2⤵
  PID:3696
- C:\Windows\System\GpFxuUY.exe
  C:\Windows\System\GpFxuUY.exe
  2⤵
  PID:4948
- C:\Windows\System\QZqtTGY.exe
  C:\Windows\System\QZqtTGY.exe
  2⤵
  PID:4944
- C:\Windows\System\SKquBHx.exe
  C:\Windows\System\SKquBHx.exe
  2⤵
  PID:4980
- C:\Windows\System\pwNNOrd.exe
  C:\Windows\System\pwNNOrd.exe
  2⤵
  PID:5420
- C:\Windows\System\uZFuKrx.exe
  C:\Windows\System\uZFuKrx.exe
  2⤵
  PID:4252
- C:\Windows\System\rfDeSEn.exe
  C:\Windows\System\rfDeSEn.exe
  2⤵
  PID:2328
- C:\Windows\System\vqVtMJc.exe
  C:\Windows\System\vqVtMJc.exe
  2⤵
  PID:4316
- C:\Windows\System\tbKuaxH.exe
  C:\Windows\System\tbKuaxH.exe
  2⤵
  PID:4928
- C:\Windows\System\usIufYz.exe
  C:\Windows\System\usIufYz.exe
  2⤵
  PID:4440
- C:\Windows\System\kliEIps.exe
  C:\Windows\System\kliEIps.exe
  2⤵
  PID:5028
- C:\Windows\System\WgDTIBK.exe
  C:\Windows\System\WgDTIBK.exe
  2⤵
  PID:4640
- C:\Windows\System\SgGGacT.exe
  C:\Windows\System\SgGGacT.exe
  2⤵
  PID:4572
- C:\Windows\System\CKbnxPO.exe
  C:\Windows\System\CKbnxPO.exe
  2⤵
  PID:4508
- C:\Windows\System\DIoVLCn.exe
  C:\Windows\System\DIoVLCn.exe
  2⤵
  PID:4736
- C:\Windows\System\qOPsakn.exe
  C:\Windows\System\qOPsakn.exe
  2⤵
  PID:4836
- C:\Windows\System\lZwExfn.exe
  C:\Windows\System\lZwExfn.exe
  2⤵
  PID:4864
- C:\Windows\System\vQpyRTL.exe
  C:\Windows\System\vQpyRTL.exe
  2⤵
  PID:4800
- C:\Windows\System\rwZdtrV.exe
  C:\Windows\System\rwZdtrV.exe
  2⤵
  PID:4964
- C:\Windows\System\AGvqDDc.exe
  C:\Windows\System\AGvqDDc.exe
  2⤵
  PID:5088
- C:\Windows\System\MEhRrKs.exe
  C:\Windows\System\MEhRrKs.exe
  2⤵
  PID:5864
- C:\Windows\System\VrCijiN.exe
  C:\Windows\System\VrCijiN.exe
  2⤵
  PID:1872
- C:\Windows\System\JmFbCfT.exe
  C:\Windows\System\JmFbCfT.exe
  2⤵
  PID:2832
- C:\Windows\System\oBoXrfm.exe
  C:\Windows\System\oBoXrfm.exe
  2⤵
  PID:2408
- C:\Windows\System\GRVJQgr.exe
  C:\Windows\System\GRVJQgr.exe
  2⤵
  PID:4364
- C:\Windows\System\kuhpbJD.exe
  C:\Windows\System\kuhpbJD.exe
  2⤵
  PID:4188
- C:\Windows\System\ETmMwPf.exe
  C:\Windows\System\ETmMwPf.exe
  2⤵
  PID:5176
- C:\Windows\System\wWweTOj.exe
  C:\Windows\System\wWweTOj.exe
  2⤵
  PID:5240
- C:\Windows\System\ZEfdXnb.exe
  C:\Windows\System\ZEfdXnb.exe
  2⤵
  PID:5400
- C:\Windows\System\VOnQwSJ.exe
  C:\Windows\System\VOnQwSJ.exe
  2⤵
  PID:5340
- C:\Windows\System\wkFuxOW.exe
  C:\Windows\System\wkFuxOW.exe
  2⤵
  PID:5436
- C:\Windows\System\TQFLYqz.exe
  C:\Windows\System\TQFLYqz.exe
  2⤵
  PID:5504
- C:\Windows\System\ZFdELRf.exe
  C:\Windows\System\ZFdELRf.exe
  2⤵
  PID:5552
- C:\Windows\System\ZfJHPMP.exe
  C:\Windows\System\ZfJHPMP.exe
  2⤵
  PID:5588
- C:\Windows\System\DZXfvGR.exe
  C:\Windows\System\DZXfvGR.exe
  2⤵
  PID:5992
- C:\Windows\System\vrRkVth.exe
  C:\Windows\System\vrRkVth.exe
  2⤵
  PID:5072
- C:\Windows\System\kSiHSfs.exe
  C:\Windows\System\kSiHSfs.exe
  2⤵
  PID:6020
- C:\Windows\System\SNIeREx.exe
  C:\Windows\System\SNIeREx.exe
  2⤵
  PID:5700
- C:\Windows\System\CsumlfB.exe
  C:\Windows\System\CsumlfB.exe
  2⤵
  PID:6132
- C:\Windows\System\bijJTTP.exe
  C:\Windows\System\bijJTTP.exe
  2⤵
  PID:5632
- C:\Windows\System\gRWDdBE.exe
  C:\Windows\System\gRWDdBE.exe
  2⤵
  PID:6024
- C:\Windows\System\kfJgPpc.exe
  C:\Windows\System\kfJgPpc.exe
  2⤵
  PID:5868
- C:\Windows\System\BcYaYXC.exe
  C:\Windows\System\BcYaYXC.exe
  2⤵
  PID:5800
- C:\Windows\System\xLsMtGz.exe
  C:\Windows\System\xLsMtGz.exe
  2⤵
  PID:6084
- C:\Windows\System\fKpPVgc.exe
  C:\Windows\System\fKpPVgc.exe
  2⤵
  PID:3452
- C:\Windows\System\TDaiMuA.exe
  C:\Windows\System\TDaiMuA.exe
  2⤵
  PID:4588
- C:\Windows\System\hYNeNHt.exe
  C:\Windows\System\hYNeNHt.exe
  2⤵
  PID:2032
- C:\Windows\System\CMyUJIY.exe
  C:\Windows\System\CMyUJIY.exe
  2⤵
  PID:4348
- C:\Windows\System\brWbIth.exe
  C:\Windows\System\brWbIth.exe
  2⤵
  PID:4604
- C:\Windows\System\VNsgxKu.exe
  C:\Windows\System\VNsgxKu.exe
  2⤵
  PID:4960
- C:\Windows\System\QnVOPjX.exe
  C:\Windows\System\QnVOPjX.exe
  2⤵
  PID:5092
- C:\Windows\System\YsgJbwY.exe
  C:\Windows\System\YsgJbwY.exe
  2⤵
  PID:4488
- C:\Windows\System\FzrMYJu.exe
  C:\Windows\System\FzrMYJu.exe
  2⤵
  PID:2720
- C:\Windows\System\rWccsCa.exe
  C:\Windows\System\rWccsCa.exe
  2⤵
  PID:5244
- C:\Windows\System\OiZeSzB.exe
  C:\Windows\System\OiZeSzB.exe
  2⤵
  PID:5532
- C:\Windows\System\RQTCUqs.exe
  C:\Windows\System\RQTCUqs.exe
  2⤵
  PID:5008
- C:\Windows\System\TCEANGW.exe
  C:\Windows\System\TCEANGW.exe
  2⤵
  PID:4312
- C:\Windows\System\jIsDoxj.exe
  C:\Windows\System\jIsDoxj.exe
  2⤵
  PID:4672
- C:\Windows\System\oHZqwYZ.exe
  C:\Windows\System\oHZqwYZ.exe
  2⤵
  PID:4152
- C:\Windows\System\sZUvdjp.exe
  C:\Windows\System\sZUvdjp.exe
  2⤵
  PID:2808
- C:\Windows\System\ZeAbZxh.exe
  C:\Windows\System\ZeAbZxh.exe
  2⤵
  PID:4688
- C:\Windows\System\YgxwqeF.exe
  C:\Windows\System\YgxwqeF.exe
  2⤵
  PID:5336
- C:\Windows\System\FAgoiaM.exe
  C:\Windows\System\FAgoiaM.exe
  2⤵
  PID:5572
- C:\Windows\System\kaNTdRQ.exe
  C:\Windows\System\kaNTdRQ.exe
  2⤵
  PID:3728
- C:\Windows\System\AkyuEbu.exe
  C:\Windows\System\AkyuEbu.exe
  2⤵
  PID:3980
- C:\Windows\System\zNPhsqc.exe
  C:\Windows\System\zNPhsqc.exe
  2⤵
  PID:5720
- C:\Windows\System\KmeEgDy.exe
  C:\Windows\System\KmeEgDy.exe
  2⤵
  PID:5880
- C:\Windows\System\twWWkew.exe
  C:\Windows\System\twWWkew.exe
  2⤵
  PID:5292
- C:\Windows\System\FzcyElY.exe
  C:\Windows\System\FzcyElY.exe
  2⤵
  PID:6008
- C:\Windows\System\mcTQSHM.exe
  C:\Windows\System\mcTQSHM.exe
  2⤵
  PID:4916
- C:\Windows\System\tfptQZU.exe
  C:\Windows\System\tfptQZU.exe
  2⤵
  PID:3160
- C:\Windows\System\plijtzM.exe
  C:\Windows\System\plijtzM.exe
  2⤵
  PID:4976
- C:\Windows\System\qHkkygD.exe
  C:\Windows\System\qHkkygD.exe
  2⤵
  PID:5060
- C:\Windows\System\ybCJrdx.exe
  C:\Windows\System\ybCJrdx.exe
  2⤵
  PID:4108
- C:\Windows\System\yGdUZyo.exe
  C:\Windows\System\yGdUZyo.exe
  2⤵
  PID:4536
- C:\Windows\System\cKenDKm.exe
  C:\Windows\System\cKenDKm.exe
  2⤵
  PID:4692
- C:\Windows\System\OtkwJzW.exe
  C:\Windows\System\OtkwJzW.exe
  2⤵
  PID:4740
- C:\Windows\System\STtYlbn.exe
  C:\Windows\System\STtYlbn.exe
  2⤵
  PID:6160
- C:\Windows\System\iJzEhsw.exe
  C:\Windows\System\iJzEhsw.exe
  2⤵
  PID:6176
- C:\Windows\System\EtScTgH.exe
  C:\Windows\System\EtScTgH.exe
  2⤵
  PID:6192
- C:\Windows\System\KVVjdCQ.exe
  C:\Windows\System\KVVjdCQ.exe
  2⤵
  PID:6208
- C:\Windows\System\EsrJjoq.exe
  C:\Windows\System\EsrJjoq.exe
  2⤵
  PID:6228
- C:\Windows\System\iTFBSVW.exe
  C:\Windows\System\iTFBSVW.exe
  2⤵
  PID:6244
- C:\Windows\System\dosEQvU.exe
  C:\Windows\System\dosEQvU.exe
  2⤵
  PID:6264
- C:\Windows\System\pJxamoQ.exe
  C:\Windows\System\pJxamoQ.exe
  2⤵
  PID:6280
- C:\Windows\System\PmUOpAF.exe
  C:\Windows\System\PmUOpAF.exe
  2⤵
  PID:6296
- C:\Windows\System\eoLWWpq.exe
  C:\Windows\System\eoLWWpq.exe
  2⤵
  PID:6312
- C:\Windows\System\graZyyb.exe
  C:\Windows\System\graZyyb.exe
  2⤵
  PID:6328
- C:\Windows\System\cpgZWGI.exe
  C:\Windows\System\cpgZWGI.exe
  2⤵
  PID:6344
- C:\Windows\System\UiYWUeB.exe
  C:\Windows\System\UiYWUeB.exe
  2⤵
  PID:6360
- C:\Windows\System\vIafChE.exe
  C:\Windows\System\vIafChE.exe
  2⤵
  PID:6376
- C:\Windows\System\TCPzDYz.exe
  C:\Windows\System\TCPzDYz.exe
  2⤵
  PID:6392
- C:\Windows\System\xaImWRC.exe
  C:\Windows\System\xaImWRC.exe
  2⤵
  PID:6408
- C:\Windows\System\nfiYzeM.exe
  C:\Windows\System\nfiYzeM.exe
  2⤵
  PID:6424
- C:\Windows\System\eACeDda.exe
  C:\Windows\System\eACeDda.exe
  2⤵
  PID:6440
- C:\Windows\System\awsbCqI.exe
  C:\Windows\System\awsbCqI.exe
  2⤵
  PID:6456
- C:\Windows\System\zQKkAZc.exe
  C:\Windows\System\zQKkAZc.exe
  2⤵
  PID:6472
- C:\Windows\System\sdQGYWY.exe
  C:\Windows\System\sdQGYWY.exe
  2⤵
  PID:6488
- C:\Windows\System\IJoqMcR.exe
  C:\Windows\System\IJoqMcR.exe
  2⤵
  PID:6504
- C:\Windows\System\nihCKas.exe
  C:\Windows\System\nihCKas.exe
  2⤵
  PID:6520
- C:\Windows\System\cKAlNnm.exe
  C:\Windows\System\cKAlNnm.exe
  2⤵
  PID:6536
- C:\Windows\System\HRSLHLo.exe
  C:\Windows\System\HRSLHLo.exe
  2⤵
  PID:6560
- C:\Windows\System\mTUjmHg.exe
  C:\Windows\System\mTUjmHg.exe
  2⤵
  PID:6576
- C:\Windows\System\ucMmCZU.exe
  C:\Windows\System\ucMmCZU.exe
  2⤵
  PID:6592
- C:\Windows\System\yWsjvTf.exe
  C:\Windows\System\yWsjvTf.exe
  2⤵
  PID:6608
- C:\Windows\System\bfyfMLF.exe
  C:\Windows\System\bfyfMLF.exe
  2⤵
  PID:6628
- C:\Windows\System\gzPYriq.exe
  C:\Windows\System\gzPYriq.exe
  2⤵
  PID:6700
- C:\Windows\System\CMsAbIF.exe
  C:\Windows\System\CMsAbIF.exe
  2⤵
  PID:6720
- C:\Windows\System\SSbtLHh.exe
  C:\Windows\System\SSbtLHh.exe
  2⤵
  PID:6736
- C:\Windows\System\uvcPvfX.exe
  C:\Windows\System\uvcPvfX.exe
  2⤵
  PID:6752
- C:\Windows\System\cZyyoeF.exe
  C:\Windows\System\cZyyoeF.exe
  2⤵
  PID:6768
- C:\Windows\System\EffVzCb.exe
  C:\Windows\System\EffVzCb.exe
  2⤵
  PID:6784
- C:\Windows\System\DLxSEhQ.exe
  C:\Windows\System\DLxSEhQ.exe
  2⤵
  PID:6816
- C:\Windows\System\cYSWnny.exe
  C:\Windows\System\cYSWnny.exe
  2⤵
  PID:6832
- C:\Windows\System\taeKwWf.exe
  C:\Windows\System\taeKwWf.exe
  2⤵
  PID:6848
- C:\Windows\System\iPoRyIs.exe
  C:\Windows\System\iPoRyIs.exe
  2⤵
  PID:6864
- C:\Windows\System\tAJawNp.exe
  C:\Windows\System\tAJawNp.exe
  2⤵
  PID:6880
- C:\Windows\System\VWSDwOz.exe
  C:\Windows\System\VWSDwOz.exe
  2⤵
  PID:6896
- C:\Windows\System\EnEoBBZ.exe
  C:\Windows\System\EnEoBBZ.exe
  2⤵
  PID:6912
- C:\Windows\System\bsBsaFP.exe
  C:\Windows\System\bsBsaFP.exe
  2⤵
  PID:6928
- C:\Windows\System\mLGKdjn.exe
  C:\Windows\System\mLGKdjn.exe
  2⤵
  PID:6944
- C:\Windows\System\DtliCvc.exe
  C:\Windows\System\DtliCvc.exe
  2⤵
  PID:6960
- C:\Windows\System\hlVKoaG.exe
  C:\Windows\System\hlVKoaG.exe
  2⤵
  PID:6976
- C:\Windows\System\RZcAkik.exe
  C:\Windows\System\RZcAkik.exe
  2⤵
  PID:6992
- C:\Windows\System\MayezaO.exe
  C:\Windows\System\MayezaO.exe
  2⤵
  PID:7008
- C:\Windows\System\axtgcam.exe
  C:\Windows\System\axtgcam.exe
  2⤵
  PID:7024
- C:\Windows\System\KsvZkHv.exe
  C:\Windows\System\KsvZkHv.exe
  2⤵
  PID:7040
- C:\Windows\System\vyOEcnz.exe
  C:\Windows\System\vyOEcnz.exe
  2⤵
  PID:7056
- C:\Windows\System\tWACpwu.exe
  C:\Windows\System\tWACpwu.exe
  2⤵
  PID:7072
- C:\Windows\System\wKTAAQS.exe
  C:\Windows\System\wKTAAQS.exe
  2⤵
  PID:7108
- C:\Windows\System\mlJnoZE.exe
  C:\Windows\System\mlJnoZE.exe
  2⤵
  PID:7128
- C:\Windows\System\XtlmvWX.exe
  C:\Windows\System\XtlmvWX.exe
  2⤵
  PID:7144
- C:\Windows\System\ZDYhsqN.exe
  C:\Windows\System\ZDYhsqN.exe
  2⤵
  PID:7160
- C:\Windows\System\cFweuUU.exe
  C:\Windows\System\cFweuUU.exe
  2⤵
  PID:5620
- C:\Windows\System\MgXxkyA.exe
  C:\Windows\System\MgXxkyA.exe
  2⤵
  PID:5276
- C:\Windows\System\eGwjbxy.exe
  C:\Windows\System\eGwjbxy.exe
  2⤵
  PID:5848
- C:\Windows\System\JKpqmpj.exe
  C:\Windows\System\JKpqmpj.exe
  2⤵
  PID:2896
- C:\Windows\System\lDFhdQo.exe
  C:\Windows\System\lDFhdQo.exe
  2⤵
  PID:4804
- C:\Windows\System\GysQCgg.exe
  C:\Windows\System\GysQCgg.exe
  2⤵
  PID:6188
- C:\Windows\System\MmLjFIy.exe
  C:\Windows\System\MmLjFIy.exe
  2⤵
  PID:4868
- C:\Windows\System\Lkuphmc.exe
  C:\Windows\System\Lkuphmc.exe
  2⤵
  PID:6256
- C:\Windows\System\YmMFgJk.exe
  C:\Windows\System\YmMFgJk.exe
  2⤵
  PID:5584
- C:\Windows\System\DLzxRgE.exe
  C:\Windows\System\DLzxRgE.exe
  2⤵
  PID:6200
- C:\Windows\System\VABjGhR.exe
  C:\Windows\System\VABjGhR.exe
  2⤵
  PID:6272
- C:\Windows\System\tJJOZCy.exe
  C:\Windows\System\tJJOZCy.exe
  2⤵
  PID:6336
- C:\Windows\System\tFCyQFo.exe
  C:\Windows\System\tFCyQFo.exe
  2⤵
  PID:6400
- C:\Windows\System\ORfpExd.exe
  C:\Windows\System\ORfpExd.exe
  2⤵
  PID:6288
- C:\Windows\System\gFseBNJ.exe
  C:\Windows\System\gFseBNJ.exe
  2⤵
  PID:6320
- C:\Windows\System\aPZVDZi.exe
  C:\Windows\System\aPZVDZi.exe
  2⤵
  PID:5952
- C:\Windows\System\OnOazgy.exe
  C:\Windows\System\OnOazgy.exe
  2⤵
  PID:4768
- C:\Windows\System\iwPsIKb.exe
  C:\Windows\System\iwPsIKb.exe
  2⤵
  PID:6500
- C:\Windows\System\fChuHAL.exe
  C:\Windows\System\fChuHAL.exe
  2⤵
  PID:6356
- C:\Windows\System\ccBNIJd.exe
  C:\Windows\System\ccBNIJd.exe
  2⤵
  PID:6420
- C:\Windows\System\MnLeLhV.exe
  C:\Windows\System\MnLeLhV.exe
  2⤵
  PID:6572
- C:\Windows\System\hfJNBOh.exe
  C:\Windows\System\hfJNBOh.exe
  2⤵
  PID:6480
- C:\Windows\System\rhkIygg.exe
  C:\Windows\System\rhkIygg.exe
  2⤵
  PID:6548
- C:\Windows\System\exZRTCU.exe
  C:\Windows\System\exZRTCU.exe
  2⤵
  PID:6616
- C:\Windows\System\HcYcxHD.exe
  C:\Windows\System\HcYcxHD.exe
  2⤵
  PID:6624
- C:\Windows\System\OBDMqvI.exe
  C:\Windows\System\OBDMqvI.exe
  2⤵
  PID:6640
- C:\Windows\System\oBglbaT.exe
  C:\Windows\System\oBglbaT.exe
  2⤵
  PID:6660
- C:\Windows\System\SeedJuO.exe
  C:\Windows\System\SeedJuO.exe
  2⤵
  PID:6676
- C:\Windows\System\zdoPnjz.exe
  C:\Windows\System\zdoPnjz.exe
  2⤵
  PID:6696
- C:\Windows\System\jkRponG.exe
  C:\Windows\System\jkRponG.exe
  2⤵
  PID:6760
- C:\Windows\System\ZxrsbAI.exe
  C:\Windows\System\ZxrsbAI.exe
  2⤵
  PID:6708
- C:\Windows\System\jfmOVSH.exe
  C:\Windows\System\jfmOVSH.exe
  2⤵
  PID:6748
- C:\Windows\System\qluHpik.exe
  C:\Windows\System\qluHpik.exe
  2⤵
  PID:6804
- C:\Windows\System\uiOjsoZ.exe
  C:\Windows\System\uiOjsoZ.exe
  2⤵
  PID:6872
- C:\Windows\System\xbWpzKX.exe
  C:\Windows\System\xbWpzKX.exe
  2⤵
  PID:7000
- C:\Windows\System\OPwbYaI.exe
  C:\Windows\System\OPwbYaI.exe
  2⤵
  PID:6936
- C:\Windows\System\eXbZSQg.exe
  C:\Windows\System\eXbZSQg.exe
  2⤵
  PID:6824
- C:\Windows\System\RwJuyeC.exe
  C:\Windows\System\RwJuyeC.exe
  2⤵
  PID:6892
- C:\Windows\System\dEfAxqw.exe
  C:\Windows\System\dEfAxqw.exe
  2⤵
  PID:6956
- C:\Windows\System\EnSoaBQ.exe
  C:\Windows\System\EnSoaBQ.exe
  2⤵
  PID:7020
- C:\Windows\System\zytgbRq.exe
  C:\Windows\System\zytgbRq.exe
  2⤵
  PID:7064
- C:\Windows\System\JrkgMss.exe
  C:\Windows\System\JrkgMss.exe
  2⤵
  PID:7088
- C:\Windows\System\dkQFTIh.exe
  C:\Windows\System\dkQFTIh.exe
  2⤵
  PID:7104
- C:\Windows\System\VSmlItx.exe
  C:\Windows\System\VSmlItx.exe
  2⤵
  PID:988
- C:\Windows\System\LIJayam.exe
  C:\Windows\System\LIJayam.exe
  2⤵
  PID:7152
- C:\Windows\System\ZYiSJmw.exe
  C:\Windows\System\ZYiSJmw.exe
  2⤵
  PID:5780
- C:\Windows\System\FSjVVkF.exe
  C:\Windows\System\FSjVVkF.exe
  2⤵
  PID:5844
- C:\Windows\System\GeEeaoX.exe
  C:\Windows\System\GeEeaoX.exe
  2⤵
  PID:5056
- C:\Windows\System\SFPxcsM.exe
  C:\Windows\System\SFPxcsM.exe
  2⤵
  PID:6304
- C:\Windows\System\KIgwGes.exe
  C:\Windows\System\KIgwGes.exe
  2⤵
  PID:5352
- C:\Windows\System\ElcrmTA.exe
  C:\Windows\System\ElcrmTA.exe
  2⤵
  PID:6156
- C:\Windows\System\rDfMkYI.exe
  C:\Windows\System\rDfMkYI.exe
  2⤵
  PID:4284
- C:\Windows\System\TnWjKQI.exe
  C:\Windows\System\TnWjKQI.exe
  2⤵
  PID:6416
- C:\Windows\System\jCTvxUf.exe
  C:\Windows\System\jCTvxUf.exe
  2⤵
  PID:6584
- C:\Windows\System\AXrRfWP.exe
  C:\Windows\System\AXrRfWP.exe
  2⤵
  PID:6672
- C:\Windows\System\SLbkiXx.exe
  C:\Windows\System\SLbkiXx.exe
  2⤵
  PID:6744
- C:\Windows\System\oFYUrsI.exe
  C:\Windows\System\oFYUrsI.exe
  2⤵
  PID:6876
- C:\Windows\System\DODBwDJ.exe
  C:\Windows\System\DODBwDJ.exe
  2⤵
  PID:6988
- C:\Windows\System\NIQvRgG.exe
  C:\Windows\System\NIQvRgG.exe
  2⤵
  PID:7140
- C:\Windows\System\zYxrCFC.exe
  C:\Windows\System\zYxrCFC.exe
  2⤵
  PID:4996
- C:\Windows\System\xsngRUn.exe
  C:\Windows\System\xsngRUn.exe
  2⤵
  PID:6224
- C:\Windows\System\cYnjMFv.exe
  C:\Windows\System\cYnjMFv.exe
  2⤵
  PID:6888
- C:\Windows\System\hlflGun.exe
  C:\Windows\System\hlflGun.exe
  2⤵
  PID:5628
- C:\Windows\System\gddvxTx.exe
  C:\Windows\System\gddvxTx.exe
  2⤵
  PID:7184
- C:\Windows\System\QSHpdiQ.exe
  C:\Windows\System\QSHpdiQ.exe
  2⤵
  PID:7200
- C:\Windows\System\lyqkxxX.exe
  C:\Windows\System\lyqkxxX.exe
  2⤵
  PID:7216
- C:\Windows\System\fDSdzhv.exe
  C:\Windows\System\fDSdzhv.exe
  2⤵
  PID:7232
- C:\Windows\System\VYMgVOX.exe
  C:\Windows\System\VYMgVOX.exe
  2⤵
  PID:7248
- C:\Windows\System\bYoLszr.exe
  C:\Windows\System\bYoLszr.exe
  2⤵
  PID:7264
- C:\Windows\System\wdBhGud.exe
  C:\Windows\System\wdBhGud.exe
  2⤵
  PID:7280
- C:\Windows\System\iFLXLfn.exe
  C:\Windows\System\iFLXLfn.exe
  2⤵
  PID:7296
- C:\Windows\System\Tjxbbrh.exe
  C:\Windows\System\Tjxbbrh.exe
  2⤵
  PID:7312
- C:\Windows\System\vZDaPoK.exe
  C:\Windows\System\vZDaPoK.exe
  2⤵
  PID:7332
- C:\Windows\System\JeTHaIa.exe
  C:\Windows\System\JeTHaIa.exe
  2⤵
  PID:7348
- C:\Windows\System\DVdszYi.exe
  C:\Windows\System\DVdszYi.exe
  2⤵
  PID:7364
- C:\Windows\System\yTUGMXk.exe
  C:\Windows\System\yTUGMXk.exe
  2⤵
  PID:7380
- C:\Windows\System\WsZRtsc.exe
  C:\Windows\System\WsZRtsc.exe
  2⤵
  PID:7396
- C:\Windows\System\YrIVpag.exe
  C:\Windows\System\YrIVpag.exe
  2⤵
  PID:7412
- C:\Windows\System\cNGgyYy.exe
  C:\Windows\System\cNGgyYy.exe
  2⤵
  PID:7428
- C:\Windows\System\GCGeVJn.exe
  C:\Windows\System\GCGeVJn.exe
  2⤵
  PID:7444
- C:\Windows\System\EACXMko.exe
  C:\Windows\System\EACXMko.exe
  2⤵
  PID:7460
- C:\Windows\System\WADPcjo.exe
  C:\Windows\System\WADPcjo.exe
  2⤵
  PID:7476
- C:\Windows\System\CVYJVxa.exe
  C:\Windows\System\CVYJVxa.exe
  2⤵
  PID:7492
- C:\Windows\System\eyZtpgr.exe
  C:\Windows\System\eyZtpgr.exe
  2⤵
  PID:7508
- C:\Windows\System\HpGUITV.exe
  C:\Windows\System\HpGUITV.exe
  2⤵
  PID:7524
- C:\Windows\System\YqzLbzz.exe
  C:\Windows\System\YqzLbzz.exe
  2⤵
  PID:7540
- C:\Windows\System\JnUSMYx.exe
  C:\Windows\System\JnUSMYx.exe
  2⤵
  PID:7556
- C:\Windows\System\dUsedCw.exe
  C:\Windows\System\dUsedCw.exe
  2⤵
  PID:7572
- C:\Windows\System\xvUVUNX.exe
  C:\Windows\System\xvUVUNX.exe
  2⤵
  PID:7588
- C:\Windows\System\rEGYmRJ.exe
  C:\Windows\System\rEGYmRJ.exe
  2⤵
  PID:7604
- C:\Windows\System\OTIhQpc.exe
  C:\Windows\System\OTIhQpc.exe
  2⤵
  PID:7620
- C:\Windows\System\HXEhqtx.exe
  C:\Windows\System\HXEhqtx.exe
  2⤵
  PID:7636
- C:\Windows\System\WOgzfTW.exe
  C:\Windows\System\WOgzfTW.exe
  2⤵
  PID:7652
- C:\Windows\System\rOzEgXz.exe
  C:\Windows\System\rOzEgXz.exe
  2⤵
  PID:7668
- C:\Windows\System\cbMeMsV.exe
  C:\Windows\System\cbMeMsV.exe
  2⤵
  PID:7684
- C:\Windows\System\yBNovkS.exe
  C:\Windows\System\yBNovkS.exe
  2⤵
  PID:7700
- C:\Windows\System\jTJbuPl.exe
  C:\Windows\System\jTJbuPl.exe
  2⤵
  PID:7720
- C:\Windows\System\mvWhkzh.exe
  C:\Windows\System\mvWhkzh.exe
  2⤵
  PID:7736
- C:\Windows\System\cbgeuux.exe
  C:\Windows\System\cbgeuux.exe
  2⤵
  PID:7752
- C:\Windows\System\nzKvdCl.exe
  C:\Windows\System\nzKvdCl.exe
  2⤵
  PID:7768
- C:\Windows\System\kdwUqou.exe
  C:\Windows\System\kdwUqou.exe
  2⤵
  PID:7784
- C:\Windows\System\vABFgYU.exe
  C:\Windows\System\vABFgYU.exe
  2⤵
  PID:7800
- C:\Windows\System\lTgBnaX.exe
  C:\Windows\System\lTgBnaX.exe
  2⤵
  PID:7816
- C:\Windows\System\yJhmiuu.exe
  C:\Windows\System\yJhmiuu.exe
  2⤵
  PID:7832
- C:\Windows\System\ZIVpOxa.exe
  C:\Windows\System\ZIVpOxa.exe
  2⤵
  PID:7848
- C:\Windows\System\mDDrPNZ.exe
  C:\Windows\System\mDDrPNZ.exe
  2⤵
  PID:7864
- C:\Windows\System\ipiDoYJ.exe
  C:\Windows\System\ipiDoYJ.exe
  2⤵
  PID:7880
- C:\Windows\System\QoCYjnR.exe
  C:\Windows\System\QoCYjnR.exe
  2⤵
  PID:7896
- C:\Windows\System\WdhceNI.exe
  C:\Windows\System\WdhceNI.exe
  2⤵
  PID:7912
- C:\Windows\System\htMSyry.exe
  C:\Windows\System\htMSyry.exe
  2⤵
  PID:7928
- C:\Windows\System\CgwlrSf.exe
  C:\Windows\System\CgwlrSf.exe
  2⤵
  PID:7968
- C:\Windows\System\SebElBz.exe
  C:\Windows\System\SebElBz.exe
  2⤵
  PID:7992
- C:\Windows\System\MUKjrfG.exe
  C:\Windows\System\MUKjrfG.exe
  2⤵
  PID:8008
- C:\Windows\System\QzwHNqi.exe
  C:\Windows\System\QzwHNqi.exe
  2⤵
  PID:8024
- C:\Windows\System\BLkNPEk.exe
  C:\Windows\System\BLkNPEk.exe
  2⤵
  PID:8040
- C:\Windows\System\WjafTOi.exe
  C:\Windows\System\WjafTOi.exe
  2⤵
  PID:8056
- C:\Windows\System\yGouQgf.exe
  C:\Windows\System\yGouQgf.exe
  2⤵
  PID:8072
- C:\Windows\System\rKQfgMO.exe
  C:\Windows\System\rKQfgMO.exe
  2⤵
  PID:8088
- C:\Windows\System\xJgmdvS.exe
  C:\Windows\System\xJgmdvS.exe
  2⤵
  PID:8104
- C:\Windows\System\YRKEzXe.exe
  C:\Windows\System\YRKEzXe.exe
  2⤵
  PID:8120
- C:\Windows\System\NIiVwjy.exe
  C:\Windows\System\NIiVwjy.exe
  2⤵
  PID:8136
- C:\Windows\System\nRYGxSd.exe
  C:\Windows\System\nRYGxSd.exe
  2⤵
  PID:8152
- C:\Windows\System\PPrBgFb.exe
  C:\Windows\System\PPrBgFb.exe
  2⤵
  PID:8180
- C:\Windows\System\OEpjqkH.exe
  C:\Windows\System\OEpjqkH.exe
  2⤵
  PID:7212
- C:\Windows\System\xLIPQYH.exe
  C:\Windows\System\xLIPQYH.exe
  2⤵
  PID:7308
- C:\Windows\System\TGjOMtr.exe
  C:\Windows\System\TGjOMtr.exe
  2⤵
  PID:6260
- C:\Windows\System\GZDKMQI.exe
  C:\Windows\System\GZDKMQI.exe
  2⤵
  PID:7036
- C:\Windows\System\ToCibiw.exe
  C:\Windows\System\ToCibiw.exe
  2⤵
  PID:6656
- C:\Windows\System\GnxvstF.exe
  C:\Windows\System\GnxvstF.exe
  2⤵
  PID:6568
- C:\Windows\System\ziZdQgc.exe
  C:\Windows\System\ziZdQgc.exe
  2⤵
  PID:6544
- C:\Windows\System\wioJdpL.exe
  C:\Windows\System\wioJdpL.exe
  2⤵
  PID:6692
- C:\Windows\System\MuWqIpZ.exe
  C:\Windows\System\MuWqIpZ.exe
  2⤵
  PID:6968
- C:\Windows\System\FCsIxlo.exe
  C:\Windows\System\FCsIxlo.exe
  2⤵
  PID:6952
- C:\Windows\System\jbhBWyq.exe
  C:\Windows\System\jbhBWyq.exe
  2⤵
  PID:7100
- C:\Windows\System\xIeEInh.exe
  C:\Windows\System\xIeEInh.exe
  2⤵
  PID:6388
- C:\Windows\System\WwdcbAk.exe
  C:\Windows\System\WwdcbAk.exe
  2⤵
  PID:6668
- C:\Windows\System\UnIzCAo.exe
  C:\Windows\System\UnIzCAo.exe
  2⤵
  PID:7084
- C:\Windows\System\mOgYBHH.exe
  C:\Windows\System\mOgYBHH.exe
  2⤵
  PID:7196
- C:\Windows\System\XztSpGy.exe
  C:\Windows\System\XztSpGy.exe
  2⤵
  PID:7288
- C:\Windows\System\gQppHVM.exe
  C:\Windows\System\gQppHVM.exe
  2⤵
  PID:7324
- C:\Windows\System\SnxeVub.exe
  C:\Windows\System\SnxeVub.exe
  2⤵
  PID:7392
- C:\Windows\System\kPsxdvs.exe
  C:\Windows\System\kPsxdvs.exe
  2⤵
  PID:7404
- C:\Windows\System\VBjCulY.exe
  C:\Windows\System\VBjCulY.exe
  2⤵
  PID:7468
- C:\Windows\System\aqTltpi.exe
  C:\Windows\System\aqTltpi.exe
  2⤵
  PID:7452
- C:\Windows\System\CEsLdJm.exe
  C:\Windows\System\CEsLdJm.exe
  2⤵
  PID:7424
- C:\Windows\System\FyAcZiD.exe
  C:\Windows\System\FyAcZiD.exe
  2⤵
  PID:7548
- C:\Windows\System\YqkhZmL.exe
  C:\Windows\System\YqkhZmL.exe
  2⤵
  PID:7616
- C:\Windows\System\CXbZmBt.exe
  C:\Windows\System\CXbZmBt.exe
  2⤵
  PID:7680
- C:\Windows\System\ihGcaVS.exe
  C:\Windows\System\ihGcaVS.exe
  2⤵
  PID:7532
- C:\Windows\System\IzLulFC.exe
  C:\Windows\System\IzLulFC.exe
  2⤵
  PID:7596
- C:\Windows\System\dlCHLWe.exe
  C:\Windows\System\dlCHLWe.exe
  2⤵
  PID:7692
- C:\Windows\System\hpWVNWH.exe
  C:\Windows\System\hpWVNWH.exe
  2⤵
  PID:7764
- C:\Windows\System\gCeBRtI.exe
  C:\Windows\System\gCeBRtI.exe
  2⤵
  PID:7860
- C:\Windows\System\XjNiJml.exe
  C:\Windows\System\XjNiJml.exe
  2⤵
  PID:7732
- C:\Windows\System\IaEXcrx.exe
  C:\Windows\System\IaEXcrx.exe
  2⤵
  PID:7808
- C:\Windows\System\xfVJSAA.exe
  C:\Windows\System\xfVJSAA.exe
  2⤵
  PID:7776
- C:\Windows\System\ssZwRra.exe
  C:\Windows\System\ssZwRra.exe
  2⤵
  PID:7876
- C:\Windows\System\aPZgPMB.exe
  C:\Windows\System\aPZgPMB.exe
  2⤵
  PID:7328
- C:\Windows\System\lsLkkUu.exe
  C:\Windows\System\lsLkkUu.exe
  2⤵
  PID:7984
- C:\Windows\System\VZZpSxc.exe
  C:\Windows\System\VZZpSxc.exe
  2⤵
  PID:7964
- C:\Windows\System\lhWofEy.exe
  C:\Windows\System\lhWofEy.exe
  2⤵
  PID:8052
- C:\Windows\System\NRRFONE.exe
  C:\Windows\System\NRRFONE.exe
  2⤵
  PID:8112
- C:\Windows\System\rIfCDKu.exe
  C:\Windows\System\rIfCDKu.exe
  2⤵
  PID:7952
- C:\Windows\System\WNDUCnW.exe
  C:\Windows\System\WNDUCnW.exe
  2⤵
  PID:8032
- C:\Windows\System\uovKEMK.exe
  C:\Windows\System\uovKEMK.exe
  2⤵
  PID:8064
- C:\Windows\System\jAMntiZ.exe
  C:\Windows\System\jAMntiZ.exe
  2⤵
  PID:8132
- C:\Windows\System\PJcZsDr.exe
  C:\Windows\System\PJcZsDr.exe
  2⤵
  PID:8188
- C:\Windows\System\nYZVFqb.exe
  C:\Windows\System\nYZVFqb.exe
  2⤵
  PID:7180
- C:\Windows\System\QdvvEpD.exe
  C:\Windows\System\QdvvEpD.exe
  2⤵
  PID:6636
- C:\Windows\System\XQalOSu.exe
  C:\Windows\System\XQalOSu.exe
  2⤵
  PID:6908
- C:\Windows\System\HoNvvAE.exe
  C:\Windows\System\HoNvvAE.exe
  2⤵
  PID:8172
- C:\Windows\System\FJdkuFr.exe
  C:\Windows\System\FJdkuFr.exe
  2⤵
  PID:6452
- C:\Windows\System\krxsojY.exe
  C:\Windows\System\krxsojY.exe
  2⤵
  PID:6684
- C:\Windows\System\wNdvumA.exe
  C:\Windows\System\wNdvumA.exe
  2⤵
  PID:7032
- C:\Windows\System\VsNZhZZ.exe
  C:\Windows\System\VsNZhZZ.exe
  2⤵
  PID:6168
- C:\Windows\System\xCfgCml.exe
  C:\Windows\System\xCfgCml.exe
  2⤵
  PID:6732
- C:\Windows\System\flMGKLU.exe
  C:\Windows\System\flMGKLU.exe
  2⤵
  PID:7388
- C:\Windows\System\lINLpFy.exe
  C:\Windows\System\lINLpFy.exe
  2⤵
  PID:7612
- C:\Windows\System\FDkBKQu.exe
  C:\Windows\System\FDkBKQu.exe
  2⤵
  PID:6184
- C:\Windows\System\iVkNqWV.exe
  C:\Windows\System\iVkNqWV.exe
  2⤵
  PID:7504
- C:\Windows\System\dSKLvLc.exe
  C:\Windows\System\dSKLvLc.exe
  2⤵
  PID:7648
- C:\Windows\System\kmocYlh.exe
  C:\Windows\System\kmocYlh.exe
  2⤵
  PID:7632
- C:\Windows\System\wCDgopu.exe
  C:\Windows\System\wCDgopu.exe
  2⤵
  PID:7908
- C:\Windows\System\RVZjSOa.exe
  C:\Windows\System\RVZjSOa.exe
  2⤵
  PID:8084
- C:\Windows\System\TCKVeDU.exe
  C:\Windows\System\TCKVeDU.exe
  2⤵
  PID:8096
- C:\Windows\System\zZlZoEg.exe
  C:\Windows\System\zZlZoEg.exe
  2⤵
  PID:6512
- C:\Windows\System\haWsIhK.exe
  C:\Windows\System\haWsIhK.exe
  2⤵
  PID:7096
- C:\Windows\System\UofgSQZ.exe
  C:\Windows\System\UofgSQZ.exe
  2⤵
  PID:7828
- C:\Windows\System\mTpXlvx.exe
  C:\Windows\System\mTpXlvx.exe
  2⤵
  PID:7840
- C:\Windows\System\UPxFzXn.exe
  C:\Windows\System\UPxFzXn.exe
  2⤵
  PID:7956
- C:\Windows\System\YgmamjW.exe
  C:\Windows\System\YgmamjW.exe
  2⤵
  PID:8036
- C:\Windows\System\twUcnhF.exe
  C:\Windows\System\twUcnhF.exe
  2⤵
  PID:6372
- C:\Windows\System\dOaeXpX.exe
  C:\Windows\System\dOaeXpX.exe
  2⤵
  PID:8176
- C:\Windows\System\sWqkxKY.exe
  C:\Windows\System\sWqkxKY.exe
  2⤵
  PID:7192
- C:\Windows\System\cVMAIwt.exe
  C:\Windows\System\cVMAIwt.exe
  2⤵
  PID:7376
- C:\Windows\System\jaCYbtG.exe
  C:\Windows\System\jaCYbtG.exe
  2⤵
  PID:7260
- C:\Windows\System\vJBuTWM.exe
  C:\Windows\System\vJBuTWM.exe
  2⤵
  PID:7488
- C:\Windows\System\kEDCpgk.exe
  C:\Windows\System\kEDCpgk.exe
  2⤵
  PID:7760
- C:\Windows\System\ySbQlxP.exe
  C:\Windows\System\ySbQlxP.exe
  2⤵
  PID:7440
- C:\Windows\System\FddKIIW.exe
  C:\Windows\System\FddKIIW.exe
  2⤵
  PID:7660
- C:\Windows\System\aMkUVxz.exe
  C:\Windows\System\aMkUVxz.exe
  2⤵
  PID:6368
- C:\Windows\System\PUtzypG.exe
  C:\Windows\System\PUtzypG.exe
  2⤵
  PID:7120
- C:\Windows\System\ACTfYzE.exe
  C:\Windows\System\ACTfYzE.exe
  2⤵
  PID:7976
- C:\Windows\System\zhJlaoz.exe
  C:\Windows\System\zhJlaoz.exe
  2⤵
  PID:8204
- C:\Windows\System\ugVNKYF.exe
  C:\Windows\System\ugVNKYF.exe
  2⤵
  PID:8220
- C:\Windows\System\dLLClCw.exe
  C:\Windows\System\dLLClCw.exe
  2⤵
  PID:8236
- C:\Windows\System\JPWFNOX.exe
  C:\Windows\System\JPWFNOX.exe
  2⤵
  PID:8252
- C:\Windows\System\JLBazPI.exe
  C:\Windows\System\JLBazPI.exe
  2⤵
  PID:8268
- C:\Windows\System\TfuoCkl.exe
  C:\Windows\System\TfuoCkl.exe
  2⤵
  PID:8288
- C:\Windows\System\MlVEAhY.exe
  C:\Windows\System\MlVEAhY.exe
  2⤵
  PID:8304
- C:\Windows\System\ugQYrZf.exe
  C:\Windows\System\ugQYrZf.exe
  2⤵
  PID:8320
- C:\Windows\System\rDouewF.exe
  C:\Windows\System\rDouewF.exe
  2⤵
  PID:8340
- C:\Windows\System\ZBLuKmD.exe
  C:\Windows\System\ZBLuKmD.exe
  2⤵
  PID:8356
- C:\Windows\System\jsqBOcp.exe
  C:\Windows\System\jsqBOcp.exe
  2⤵
  PID:8372
- C:\Windows\System\qpXUtsR.exe
  C:\Windows\System\qpXUtsR.exe
  2⤵
  PID:8388
- C:\Windows\System\oPeCbZl.exe
  C:\Windows\System\oPeCbZl.exe
  2⤵
  PID:8404
- C:\Windows\System\RoMxHtt.exe
  C:\Windows\System\RoMxHtt.exe
  2⤵
  PID:8420
- C:\Windows\System\OEFTJlb.exe
  C:\Windows\System\OEFTJlb.exe
  2⤵
  PID:8436
- C:\Windows\System\RrmoRpI.exe
  C:\Windows\System\RrmoRpI.exe
  2⤵
  PID:8452
- C:\Windows\System\NONKpok.exe
  C:\Windows\System\NONKpok.exe
  2⤵
  PID:8468
- C:\Windows\System\ezTYsNu.exe
  C:\Windows\System\ezTYsNu.exe
  2⤵
  PID:8484
- C:\Windows\System\toNjmWU.exe
  C:\Windows\System\toNjmWU.exe
  2⤵
  PID:8500
- C:\Windows\System\gUpWXKI.exe
  C:\Windows\System\gUpWXKI.exe
  2⤵
  PID:8516
- C:\Windows\System\YddknyV.exe
  C:\Windows\System\YddknyV.exe
  2⤵
  PID:8532
- C:\Windows\System\ZayAIfc.exe
  C:\Windows\System\ZayAIfc.exe
  2⤵
  PID:8548
- C:\Windows\System\kAWfJmZ.exe
  C:\Windows\System\kAWfJmZ.exe
  2⤵
  PID:8568
- C:\Windows\System\hyPjBEG.exe
  C:\Windows\System\hyPjBEG.exe
  2⤵
  PID:8584
- C:\Windows\System\XvTMOqh.exe
  C:\Windows\System\XvTMOqh.exe
  2⤵
  PID:8600
- C:\Windows\System\QAGODCN.exe
  C:\Windows\System\QAGODCN.exe
  2⤵
  PID:8616
- C:\Windows\System\pypOLCs.exe
  C:\Windows\System\pypOLCs.exe
  2⤵
  PID:8632
- C:\Windows\System\TCnWlhg.exe
  C:\Windows\System\TCnWlhg.exe
  2⤵
  PID:8648
- C:\Windows\System\kMmnpWO.exe
  C:\Windows\System\kMmnpWO.exe
  2⤵
  PID:8664
- C:\Windows\System\qGpoHHQ.exe
  C:\Windows\System\qGpoHHQ.exe
  2⤵
  PID:8680
- C:\Windows\System\ImCRstw.exe
  C:\Windows\System\ImCRstw.exe
  2⤵
  PID:8696
- C:\Windows\System\TLRJwbq.exe
  C:\Windows\System\TLRJwbq.exe
  2⤵
  PID:8712
- C:\Windows\System\zhODUpl.exe
  C:\Windows\System\zhODUpl.exe
  2⤵
  PID:8728
- C:\Windows\System\hSuGAEX.exe
  C:\Windows\System\hSuGAEX.exe
  2⤵
  PID:8744
- C:\Windows\System\cQFLmle.exe
  C:\Windows\System\cQFLmle.exe
  2⤵
  PID:8764
- C:\Windows\System\FQnhTgI.exe
  C:\Windows\System\FQnhTgI.exe
  2⤵
  PID:8784
- C:\Windows\System\NsnrECf.exe
  C:\Windows\System\NsnrECf.exe
  2⤵
  PID:8800
- C:\Windows\System\letNUcj.exe
  C:\Windows\System\letNUcj.exe
  2⤵
  PID:8816
- C:\Windows\System\ixPmLTJ.exe
  C:\Windows\System\ixPmLTJ.exe
  2⤵
  PID:8840
- C:\Windows\System\BXRziHz.exe
  C:\Windows\System\BXRziHz.exe
  2⤵
  PID:8856
- C:\Windows\System\UboTYjA.exe
  C:\Windows\System\UboTYjA.exe
  2⤵
  PID:8876
- C:\Windows\System\rfdOANr.exe
  C:\Windows\System\rfdOANr.exe
  2⤵
  PID:8892
- C:\Windows\System\LISBTbs.exe
  C:\Windows\System\LISBTbs.exe
  2⤵
  PID:8908
- C:\Windows\System\AuWVRgT.exe
  C:\Windows\System\AuWVRgT.exe
  2⤵
  PID:8928
- C:\Windows\System\KdhDPBF.exe
  C:\Windows\System\KdhDPBF.exe
  2⤵
  PID:8944
- C:\Windows\System\rjoxjgA.exe
  C:\Windows\System\rjoxjgA.exe
  2⤵
  PID:8964
- C:\Windows\System\iWfzldt.exe
  C:\Windows\System\iWfzldt.exe
  2⤵
  PID:8980
- C:\Windows\System\aHdKSPB.exe
  C:\Windows\System\aHdKSPB.exe
  2⤵
  PID:8996
- C:\Windows\System\XrYoFxP.exe
  C:\Windows\System\XrYoFxP.exe
  2⤵
  PID:9012
- C:\Windows\System\htPGfha.exe
  C:\Windows\System\htPGfha.exe
  2⤵
  PID:9028
- C:\Windows\System\KDrFWeE.exe
  C:\Windows\System\KDrFWeE.exe
  2⤵
  PID:9044
- C:\Windows\System\zBPKDwc.exe
  C:\Windows\System\zBPKDwc.exe
  2⤵
  PID:9060
- C:\Windows\System\EBPsVXZ.exe
  C:\Windows\System\EBPsVXZ.exe
  2⤵
  PID:9076
- C:\Windows\System\xohYeLR.exe
  C:\Windows\System\xohYeLR.exe
  2⤵
  PID:9092
- C:\Windows\System\gMKZLfX.exe
  C:\Windows\System\gMKZLfX.exe
  2⤵
  PID:9112
- C:\Windows\System\MKcoJiB.exe
  C:\Windows\System\MKcoJiB.exe
  2⤵
  PID:9132
- C:\Windows\System\NaNzNuF.exe
  C:\Windows\System\NaNzNuF.exe
  2⤵
  PID:9148
- C:\Windows\System\UaKLQGq.exe
  C:\Windows\System\UaKLQGq.exe
  2⤵
  PID:9164
- C:\Windows\System\OQcfFer.exe
  C:\Windows\System\OQcfFer.exe
  2⤵
  PID:9180
- C:\Windows\System\VPnxSPi.exe
  C:\Windows\System\VPnxSPi.exe
  2⤵
  PID:9196
- C:\Windows\System\AsuDfHm.exe
  C:\Windows\System\AsuDfHm.exe
  2⤵
  PID:7940
- C:\Windows\System\HEGuzQy.exe
  C:\Windows\System\HEGuzQy.exe
  2⤵
  PID:8228
- C:\Windows\System\PiXwIew.exe
  C:\Windows\System\PiXwIew.exe
  2⤵
  PID:8264
- C:\Windows\System\UXYyukB.exe
  C:\Windows\System\UXYyukB.exe
  2⤵
  PID:8168
- C:\Windows\System\JQoAdcY.exe
  C:\Windows\System\JQoAdcY.exe
  2⤵
  PID:8332
- C:\Windows\System\eqWKsNW.exe
  C:\Windows\System\eqWKsNW.exe
  2⤵
  PID:7856
- C:\Windows\System\EyQSBji.exe
  C:\Windows\System\EyQSBji.exe
  2⤵
  PID:5160
- C:\Windows\System\mgMLdMW.exe
  C:\Windows\System\mgMLdMW.exe
  2⤵
  PID:8428
- C:\Windows\System\oRcSORF.exe
  C:\Windows\System\oRcSORF.exe
  2⤵
  PID:8492
- C:\Windows\System\JlCEyIc.exe
  C:\Windows\System\JlCEyIc.exe
  2⤵
  PID:8528
- C:\Windows\System\movptPU.exe
  C:\Windows\System\movptPU.exe
  2⤵
  PID:8328
- C:\Windows\System\cnJlGgJ.exe
  C:\Windows\System\cnJlGgJ.exe
  2⤵
  PID:8656
- C:\Windows\System\OKkSqjg.exe
  C:\Windows\System\OKkSqjg.exe
  2⤵
  PID:8720
- C:\Windows\System\nbwHIyq.exe
  C:\Windows\System\nbwHIyq.exe
  2⤵
  PID:7272
- C:\Windows\System\eUvfnNB.exe
  C:\Windows\System\eUvfnNB.exe
  2⤵
  PID:7980
- C:\Windows\System\ZxzaSog.exe
  C:\Windows\System\ZxzaSog.exe
  2⤵
  PID:8248
- C:\Windows\System\fTqyKyJ.exe
  C:\Windows\System\fTqyKyJ.exe
  2⤵
  PID:8312
- C:\Windows\System\goECYDG.exe
  C:\Windows\System\goECYDG.exe
  2⤵
  PID:8380
- C:\Windows\System\udVmmIf.exe
  C:\Windows\System\udVmmIf.exe
  2⤵
  PID:8444
- C:\Windows\System\igcaoNN.exe
  C:\Windows\System\igcaoNN.exe
  2⤵
  PID:8540
- C:\Windows\System\XdLfFKx.exe
  C:\Windows\System\XdLfFKx.exe
  2⤵
  PID:8612
- C:\Windows\System\DrRmdqM.exe
  C:\Windows\System\DrRmdqM.exe
  2⤵
  PID:8676
- C:\Windows\System\ScrrtWz.exe
  C:\Windows\System\ScrrtWz.exe
  2⤵
  PID:8740
- C:\Windows\System\NDKtCxi.exe
  C:\Windows\System\NDKtCxi.exe
  2⤵
  PID:8824
- C:\Windows\System\CjuBitc.exe
  C:\Windows\System\CjuBitc.exe
  2⤵
  PID:8752
- C:\Windows\System\eyoRgja.exe
  C:\Windows\System\eyoRgja.exe
  2⤵
  PID:8868
- C:\Windows\System\mMvfyrV.exe
  C:\Windows\System\mMvfyrV.exe
  2⤵
  PID:8972
- C:\Windows\System\zCPbopo.exe
  C:\Windows\System\zCPbopo.exe
  2⤵
  PID:9036
- C:\Windows\System\lUVdWxj.exe
  C:\Windows\System\lUVdWxj.exe
  2⤵
  PID:9100
- C:\Windows\System\lpJfscH.exe
  C:\Windows\System\lpJfscH.exe
  2⤵
  PID:9172
- C:\Windows\System\coOhTnH.exe
  C:\Windows\System\coOhTnH.exe
  2⤵
  PID:9212
- C:\Windows\System\MHMuxkN.exe
  C:\Windows\System\MHMuxkN.exe
  2⤵
  PID:7872
- C:\Windows\System\RmLXvYw.exe
  C:\Windows\System\RmLXvYw.exe
  2⤵
  PID:8460
- C:\Windows\System\pVsSNSe.exe
  C:\Windows\System\pVsSNSe.exe
  2⤵
  PID:8692
- C:\Windows\System\wVqUCIK.exe
  C:\Windows\System\wVqUCIK.exe
  2⤵
  PID:8276
- C:\Windows\System\HwhNChe.exe
  C:\Windows\System\HwhNChe.exe
  2⤵
  PID:8576
- C:\Windows\System\TMqLbaw.exe
  C:\Windows\System\TMqLbaw.exe
  2⤵
  PID:8736
- C:\Windows\System\nqPCKlN.exe
  C:\Windows\System\nqPCKlN.exe
  2⤵
  PID:9068
- C:\Windows\System\ujvgqWW.exe
  C:\Windows\System\ujvgqWW.exe
  2⤵
  PID:9208
- C:\Windows\System\DbtSUpY.exe
  C:\Windows\System\DbtSUpY.exe
  2⤵
  PID:8808
- C:\Windows\System\bnAjYua.exe
  C:\Windows\System\bnAjYua.exe
  2⤵
  PID:9228
- C:\Windows\System\IWAfeOb.exe
  C:\Windows\System\IWAfeOb.exe
  2⤵
  PID:9244
- C:\Windows\System\OvxymMS.exe
  C:\Windows\System\OvxymMS.exe
  2⤵
  PID:9260
- C:\Windows\System\MduHklb.exe
  C:\Windows\System\MduHklb.exe
  2⤵
  PID:9276
- C:\Windows\System\UEjiSAk.exe
  C:\Windows\System\UEjiSAk.exe
  2⤵
  PID:9292
- C:\Windows\System\dZxkCjG.exe
  C:\Windows\System\dZxkCjG.exe
  2⤵
  PID:9308
- C:\Windows\System\sFXtiOs.exe
  C:\Windows\System\sFXtiOs.exe
  2⤵
  PID:9324
- C:\Windows\System\aNjHHcQ.exe
  C:\Windows\System\aNjHHcQ.exe
  2⤵
  PID:9340
- C:\Windows\System\fDpShWP.exe
  C:\Windows\System\fDpShWP.exe
  2⤵
  PID:9356
- C:\Windows\System\krOisOo.exe
  C:\Windows\System\krOisOo.exe
  2⤵
  PID:9372
- C:\Windows\System\ZVmXXKF.exe
  C:\Windows\System\ZVmXXKF.exe
  2⤵
  PID:9388
- C:\Windows\System\LFONaBh.exe
  C:\Windows\System\LFONaBh.exe
  2⤵
  PID:9404
- C:\Windows\System\TVwlEDG.exe
  C:\Windows\System\TVwlEDG.exe
  2⤵
  PID:9420
- C:\Windows\System\kgZfbuB.exe
  C:\Windows\System\kgZfbuB.exe
  2⤵
  PID:9436
- C:\Windows\System\qqzcoSG.exe
  C:\Windows\System\qqzcoSG.exe
  2⤵
  PID:9452
- C:\Windows\System\AiLnUxW.exe
  C:\Windows\System\AiLnUxW.exe
  2⤵
  PID:9468
- C:\Windows\System\dzGmdkg.exe
  C:\Windows\System\dzGmdkg.exe
  2⤵
  PID:9484
- C:\Windows\System\UOHDclw.exe
  C:\Windows\System\UOHDclw.exe
  2⤵
  PID:9500
- C:\Windows\System\dusIrzY.exe
  C:\Windows\System\dusIrzY.exe
  2⤵
  PID:9516
- C:\Windows\System\sgEfjzF.exe
  C:\Windows\System\sgEfjzF.exe
  2⤵
  PID:9532
- C:\Windows\System\oojNjMk.exe
  C:\Windows\System\oojNjMk.exe
  2⤵
  PID:9548
- C:\Windows\System\ZnAeBdL.exe
  C:\Windows\System\ZnAeBdL.exe
  2⤵
  PID:9564
- C:\Windows\System\WLzsbNT.exe
  C:\Windows\System\WLzsbNT.exe
  2⤵
  PID:9580
- C:\Windows\System\pLuaafd.exe
  C:\Windows\System\pLuaafd.exe
  2⤵
  PID:9596
- C:\Windows\System\fgcCPNq.exe
  C:\Windows\System\fgcCPNq.exe
  2⤵
  PID:9612
- C:\Windows\System\orbjUzT.exe
  C:\Windows\System\orbjUzT.exe
  2⤵
  PID:9628
- C:\Windows\System\zySIMid.exe
  C:\Windows\System\zySIMid.exe
  2⤵
  PID:9644
- C:\Windows\System\AEPAZUR.exe
  C:\Windows\System\AEPAZUR.exe
  2⤵
  PID:9660
- C:\Windows\System\wbNgDGt.exe
  C:\Windows\System\wbNgDGt.exe
  2⤵
  PID:9676
- C:\Windows\System\NxgOgIJ.exe
  C:\Windows\System\NxgOgIJ.exe
  2⤵
  PID:9692
- C:\Windows\System\lobHpcT.exe
  C:\Windows\System\lobHpcT.exe
  2⤵
  PID:9708
- C:\Windows\System\sdtNocK.exe
  C:\Windows\System\sdtNocK.exe
  2⤵
  PID:9724
- C:\Windows\System\fYHPDNs.exe
  C:\Windows\System\fYHPDNs.exe
  2⤵
  PID:9744
- C:\Windows\System\dDMxCks.exe
  C:\Windows\System\dDMxCks.exe
  2⤵
  PID:9760
- C:\Windows\System\Bdadncv.exe
  C:\Windows\System\Bdadncv.exe
  2⤵
  PID:9780
- C:\Windows\System\OMbhjSK.exe
  C:\Windows\System\OMbhjSK.exe
  2⤵
  PID:9808
- C:\Windows\System\KhajyjZ.exe
  C:\Windows\System\KhajyjZ.exe
  2⤵
  PID:9832
- C:\Windows\System\FOuZvRz.exe
  C:\Windows\System\FOuZvRz.exe
  2⤵
  PID:9848
- C:\Windows\System\UvIKkvy.exe
  C:\Windows\System\UvIKkvy.exe
  2⤵
  PID:9864
- C:\Windows\System\WENEjhM.exe
  C:\Windows\System\WENEjhM.exe
  2⤵
  PID:9880
- C:\Windows\System\djinPnI.exe
  C:\Windows\System\djinPnI.exe
  2⤵
  PID:9896
- C:\Windows\System\wouacBF.exe
  C:\Windows\System\wouacBF.exe
  2⤵
  PID:9912
- C:\Windows\System\EIiupWH.exe
  C:\Windows\System\EIiupWH.exe
  2⤵
  PID:9928
- C:\Windows\System\vDiTUAV.exe
  C:\Windows\System\vDiTUAV.exe
  2⤵
  PID:9944
- C:\Windows\System\eiwUQdW.exe
  C:\Windows\System\eiwUQdW.exe
  2⤵
  PID:9960
- C:\Windows\System\UYAmQXR.exe
  C:\Windows\System\UYAmQXR.exe
  2⤵
  PID:9976
- C:\Windows\System\BSVOnOb.exe
  C:\Windows\System\BSVOnOb.exe
  2⤵
  PID:9992
- C:\Windows\System\vWNHdwZ.exe
  C:\Windows\System\vWNHdwZ.exe
  2⤵
  PID:10008
- C:\Windows\System\TNbAaMG.exe
  C:\Windows\System\TNbAaMG.exe
  2⤵
  PID:10024
- C:\Windows\System\tdimskO.exe
  C:\Windows\System\tdimskO.exe
  2⤵
  PID:10040
- C:\Windows\System\YVtdpfT.exe
  C:\Windows\System\YVtdpfT.exe
  2⤵
  PID:10056
- C:\Windows\System\MyMseWN.exe
  C:\Windows\System\MyMseWN.exe
  2⤵
  PID:10072
- C:\Windows\System\tJyZiCb.exe
  C:\Windows\System\tJyZiCb.exe
  2⤵
  PID:10092
- C:\Windows\System\avVfHFz.exe
  C:\Windows\System\avVfHFz.exe
  2⤵
  PID:10108
- C:\Windows\System\pNYIsVS.exe
  C:\Windows\System\pNYIsVS.exe
  2⤵
  PID:10124
- C:\Windows\System\rWcTlQr.exe
  C:\Windows\System\rWcTlQr.exe
  2⤵
  PID:10140
- C:\Windows\System\ZctVKOI.exe
  C:\Windows\System\ZctVKOI.exe
  2⤵
  PID:10156
- C:\Windows\System\JMGPCag.exe
  C:\Windows\System\JMGPCag.exe
  2⤵
  PID:10172
- C:\Windows\System\gNHkLue.exe
  C:\Windows\System\gNHkLue.exe
  2⤵
  PID:10188
- C:\Windows\System\qWqHWDd.exe
  C:\Windows\System\qWqHWDd.exe
  2⤵
  PID:10212
- C:\Windows\System\NSxjYEb.exe
  C:\Windows\System\NSxjYEb.exe
  2⤵
  PID:9448
- C:\Windows\System\MIBRdAF.exe
  C:\Windows\System\MIBRdAF.exe
  2⤵
  PID:8212
- C:\Windows\System\BoAFdou.exe
  C:\Windows\System\BoAFdou.exe
  2⤵
  PID:9608
- C:\Windows\System\mRdOpQg.exe
  C:\Windows\System\mRdOpQg.exe
  2⤵
  PID:9732
- C:\Windows\System\eHeqCMZ.exe
  C:\Windows\System\eHeqCMZ.exe
  2⤵
  PID:8904
- C:\Windows\System\wVuaQiP.exe
  C:\Windows\System\wVuaQiP.exe
  2⤵
  PID:8412
- C:\Windows\System\azglTFW.exe
  C:\Windows\System\azglTFW.exe
  2⤵
  PID:9120
- C:\Windows\System\AUQqome.exe
  C:\Windows\System\AUQqome.exe
  2⤵
  PID:8416
- C:\Windows\System\xshEjvl.exe
  C:\Windows\System\xshEjvl.exe
  2⤵
  PID:9268
- C:\Windows\System\DJpnSXr.exe
  C:\Windows\System\DJpnSXr.exe
  2⤵
  PID:9336
- C:\Windows\System\KmKSwOx.exe
  C:\Windows\System\KmKSwOx.exe
  2⤵
  PID:9400
- C:\Windows\System\RweRAKK.exe
  C:\Windows\System\RweRAKK.exe
  2⤵
  PID:9464
- C:\Windows\System\rCyqcWj.exe
  C:\Windows\System\rCyqcWj.exe
  2⤵
  PID:9528
- C:\Windows\System\XzivwZl.exe
  C:\Windows\System\XzivwZl.exe
  2⤵
  PID:9592
- C:\Windows\System\okdhHBs.exe
  C:\Windows\System\okdhHBs.exe
  2⤵
  PID:9656
- C:\Windows\System\rBGXHGZ.exe
  C:\Windows\System\rBGXHGZ.exe
  2⤵
  PID:9720
- C:\Windows\System\xayejbp.exe
  C:\Windows\System\xayejbp.exe
  2⤵
  PID:9776
- C:\Windows\System\vzwCIWP.exe
  C:\Windows\System\vzwCIWP.exe
  2⤵
  PID:9788
- C:\Windows\System\cEJQifE.exe
  C:\Windows\System\cEJQifE.exe
  2⤵
  PID:9804
- C:\Windows\System\rSmzJXa.exe
  C:\Windows\System\rSmzJXa.exe
  2⤵
  PID:9876
- C:\Windows\System\LiSiWMV.exe
  C:\Windows\System\LiSiWMV.exe
  2⤵
  PID:9892
- C:\Windows\System\oPgmRZH.exe
  C:\Windows\System\oPgmRZH.exe
  2⤵
  PID:9956
- C:\Windows\System\NimWcuf.exe
  C:\Windows\System\NimWcuf.exe
  2⤵
  PID:5484
- C:\Windows\System\zjeAvXD.exe
  C:\Windows\System\zjeAvXD.exe
  2⤵
  PID:10020
- C:\Windows\System\QavkYzE.exe
  C:\Windows\System\QavkYzE.exe
  2⤵
  PID:10080
- C:\Windows\System\eOOXhPT.exe
  C:\Windows\System\eOOXhPT.exe
  2⤵
  PID:9972
- C:\Windows\System\AGxBqqv.exe
  C:\Windows\System\AGxBqqv.exe
  2⤵
  PID:10068
- C:\Windows\System\zafbSMZ.exe
  C:\Windows\System\zafbSMZ.exe
  2⤵
  PID:10120
- C:\Windows\System\xZaUKCX.exe
  C:\Windows\System\xZaUKCX.exe
  2⤵
  PID:10136
- C:\Windows\System\UBHFKED.exe
  C:\Windows\System\UBHFKED.exe
  2⤵
  PID:10180
- C:\Windows\System\zalplGQ.exe
  C:\Windows\System\zalplGQ.exe
  2⤵
  PID:10152
- C:\Windows\System\beGHxeb.exe
  C:\Windows\System\beGHxeb.exe
  2⤵
  PID:10228
- C:\Windows\System\EVhkYAW.exe
  C:\Windows\System\EVhkYAW.exe
  2⤵
  PID:8020
- C:\Windows\System\ENOjmfe.exe
  C:\Windows\System\ENOjmfe.exe
  2⤵
  PID:9072
- C:\Windows\System\PhZsQem.exe
  C:\Windows\System\PhZsQem.exe
  2⤵
  PID:9348
- C:\Windows\System\JNsgSlq.exe
  C:\Windows\System\JNsgSlq.exe
  2⤵
  PID:9316
- C:\Windows\System\tVvnqlK.exe
  C:\Windows\System\tVvnqlK.exe
  2⤵
  PID:9736
- C:\Windows\System\GfJmpyV.exe
  C:\Windows\System\GfJmpyV.exe
  2⤵
  PID:8888
- C:\Windows\System\ikRnPch.exe
  C:\Windows\System\ikRnPch.exe
  2⤵
  PID:9544
- C:\Windows\System\zdKmmjm.exe
  C:\Windows\System\zdKmmjm.exe
  2⤵
  PID:9576
- C:\Windows\System\UGfLptV.exe
  C:\Windows\System\UGfLptV.exe
  2⤵
  PID:9604
- C:\Windows\System\XidiYXk.exe
  C:\Windows\System\XidiYXk.exe
  2⤵
  PID:9668
- C:\Windows\System\jSamgBD.exe
  C:\Windows\System\jSamgBD.exe
  2⤵
  PID:9700
- C:\Windows\System\sCaOULA.exe
  C:\Windows\System\sCaOULA.exe
  2⤵
  PID:9704
- C:\Windows\System\DkQLVPh.exe
  C:\Windows\System\DkQLVPh.exe
  2⤵
  PID:8644
- C:\Windows\System\eXMnANM.exe
  C:\Windows\System\eXMnANM.exe
  2⤵
  PID:8956
- C:\Windows\System\zwXhKHN.exe
  C:\Windows\System\zwXhKHN.exe
  2⤵
  PID:9188
- C:\Windows\System\XTOuOvc.exe
  C:\Windows\System\XTOuOvc.exe
  2⤵
  PID:8544
- C:\Windows\System\zbftGtY.exe
  C:\Windows\System\zbftGtY.exe
  2⤵
  PID:9088
- C:\Windows\System\xCboorE.exe
  C:\Windows\System\xCboorE.exe
  2⤵
  PID:9160
- C:\Windows\System\qAZSBAg.exe
  C:\Windows\System\qAZSBAg.exe
  2⤵
  PID:6800
- C:\Windows\System\uzfyMxh.exe
  C:\Windows\System\uzfyMxh.exe
  2⤵
  PID:8592
- C:\Windows\System\sVploBq.exe
  C:\Windows\System\sVploBq.exe
  2⤵
  PID:8004
- C:\Windows\System\CHhHjLx.exe
  C:\Windows\System\CHhHjLx.exe
  2⤵
  PID:8352
- C:\Windows\System\WgjWJCw.exe
  C:\Windows\System\WgjWJCw.exe
  2⤵
  PID:8672
- C:\Windows\System\NYVYNqM.exe
  C:\Windows\System\NYVYNqM.exe
  2⤵
  PID:9144
- C:\Windows\System\ucyiRUz.exe
  C:\Windows\System\ucyiRUz.exe
  2⤵
  PID:10220
- C:\Windows\System\CuKRvcq.exe
  C:\Windows\System\CuKRvcq.exe
  2⤵
  PID:9236
- C:\Windows\System\clSfwof.exe
  C:\Windows\System\clSfwof.exe
  2⤵
  PID:9396
- C:\Windows\System\YlakZuR.exe
  C:\Windows\System\YlakZuR.exe
  2⤵
  PID:9716
- C:\Windows\System\Rozdnfj.exe
  C:\Windows\System\Rozdnfj.exe
  2⤵
  PID:9844
- C:\Windows\System\oCLFHbc.exe
  C:\Windows\System\oCLFHbc.exe
  2⤵
  PID:9652
- C:\Windows\System\jGleFHI.exe
  C:\Windows\System\jGleFHI.exe
  2⤵
  PID:9800
- C:\Windows\System\eFPHrHS.exe
  C:\Windows\System\eFPHrHS.exe
  2⤵
  PID:9984
- C:\Windows\System\YounKfT.exe
  C:\Windows\System\YounKfT.exe
  2⤵
  PID:9968
- C:\Windows\System\YDkJpnw.exe
  C:\Windows\System\YDkJpnw.exe
  2⤵
  PID:10204
- C:\Windows\System\udPtIHq.exe
  C:\Windows\System\udPtIHq.exe
  2⤵
  PID:10196
- C:\Windows\System\DTDbpvB.exe
  C:\Windows\System\DTDbpvB.exe
  2⤵
  PID:9256
- C:\Windows\System\gYwCBRu.exe
  C:\Windows\System\gYwCBRu.exe
  2⤵
  PID:9988
- C:\Windows\System\GrSdZKI.exe
  C:\Windows\System\GrSdZKI.exe
  2⤵
  PID:8992
- C:\Windows\System\aYMuKAZ.exe
  C:\Windows\System\aYMuKAZ.exe
  2⤵
  PID:8920
- C:\Windows\System\nInutHL.exe
  C:\Windows\System\nInutHL.exe
  2⤵
  PID:8300
- C:\Windows\System\EnJnETu.exe
  C:\Windows\System\EnJnETu.exe
  2⤵
  PID:7176
- C:\Windows\System\kFOxYTS.exe
  C:\Windows\System\kFOxYTS.exe
  2⤵
  PID:9416
- C:\Windows\System\eWsoSwv.exe
  C:\Windows\System\eWsoSwv.exe
  2⤵
  PID:8336
- C:\Windows\System\iZsnghV.exe
  C:\Windows\System\iZsnghV.exe
  2⤵
  PID:8760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFropYs.exe

Filesize
6.0MB

MD5
5b380a202fd7faf2a4a4b31443b5b3c5

SHA1
24e32aab166381e8cd3013d7bc4da6237d53a8d0

SHA256
7fa2f82978b9b855e8186a7a38b0328b10dae578bb82194174cd077da72338ce

SHA512
0b7cbdf811f82892d93fbba279cf5cf99731a2f72da6c61ad5fb823fe9f8bc7f353729ad032a347f624df9ce40417583856f5f90ff9897ce9067cf2d95a61c04

Download Submit
C:\Windows\system\BvicsnB.exe

Filesize
6.0MB

MD5
1d23810d2fa9ad5c4dd28033b2f792ab

SHA1
1d45a9ddd4a682ac17e562d3c9efa13dfdfe46a3

SHA256
36712377172b7ced6feee730a1c0de4939307ad2272d012b3f69019bd57c480a

SHA512
978c60be7111035342c7c47d8b758057f6ad536ccc33420e67fbcb4e1b9a0593aabe9db03b5014feddfda2d3e6ebce5d108827b13cdf6b5222f57434268ba5d9

Download Submit
C:\Windows\system\ByQexap.exe

Filesize
6.0MB

MD5
113e2223ba2e1b5df7e45898d2aa233e

SHA1
95ae57c23ad64800ac09bf564d354ef256b4bdcf

SHA256
e6f84beaaf6b166051ce3f91544e128648f2fd7cfb016a816a932fc98f1dda0c

SHA512
57808bf65be226e8ee6990ec3df9c0a88d307c3c79142b33245a88d94e64d2719a023d939132692f0d16651ac20f2c9dca94fa6530e5a7339a59ad6554584634

Download Submit
C:\Windows\system\CgHtPlp.exe

Filesize
6.0MB

MD5
22ec9e18f11aada755c038a73c3f2763

SHA1
9ba8155958819010ff3d2a12f7ae80ee24c73938

SHA256
03f609d3afe9d3d57447678993106c993a8a68932f4981f264c08e7593d381c5

SHA512
f2cac6f3fcf8bf537535456c0312d16d5e0206452cc46eb282442514e126468712b7a8e0f645d1c835d78fa052eec02695327d7857300fe721cec3e12dbab804

Download Submit
C:\Windows\system\ElPlBHt.exe

Filesize
6.0MB

MD5
d9b9e919b0dca90785525d9f8c04d1e5

SHA1
bef951842cf68ca559091a2be7c898778844bf86

SHA256
7af1a91b6dd56126d125d249b3b420dd8a22af7872f77d602dcc73dd7f2a0c13

SHA512
4ef9276950cd35ada03ddaaa2ef5d639021c902dd7bc2a601610dff626deefe22c081fa70297ddd6f045c78248190a93a66b7f785fa4d70e58eb9edf52e020d4

Download Submit
C:\Windows\system\GEzHAfD.exe

Filesize
6.0MB

MD5
48bcb6a6a1ec84964b9835a03ba78daa

SHA1
c5fcfd1976efd78bde09c61a76ccbf9005694d5d

SHA256
6819c617216c837854c81b206a8eda41c7a8be2fefbff94014b4f314ca737eff

SHA512
e131abde408a7acd8be885578b4341ec9f3f4aeeac90564204e70a1b1ab7ddfc1fc5397c146828ca27f7014d9935b79f525aced1ea0142510a51714741f7840d

Download Submit
C:\Windows\system\JKIzbHu.exe

Filesize
6.0MB

MD5
24fa6eea17633a873505f996934b8842

SHA1
2197d040a8f4ee12f8b99192d70e7f37eae3b756

SHA256
3a9fc19de5cd8b24ff96ee1cc9dab0801c330e5f28b848b1cf38f453b91ebf3b

SHA512
2ec3a5517ca6057a0215f19568e10de26b9afd53499ae934f61dd56edd184177b8ae541d04a07b9bd5fcb8fc0acb7ebcaa85bd34066b00d3209ef386fdffb190

Download Submit
C:\Windows\system\LtnGovA.exe

Filesize
6.0MB

MD5
4ad149adbdded75f9e35237e76777f1b

SHA1
982ed1c9592d0a5a070e6b39905baf5237f1fc60

SHA256
bc1bc58a2dd0da78bf7ed7218475ad34ebffa719720e09fdbdd6664f99e0e9a4

SHA512
40e58e662e39610aaa823282cc5928e362bbf2f7fb56102c4e2d6f687580de61d7f0c45f3561bf582f94abdec4b2301b0c879598d3dc35204b5578e9c0a4bdb2

Download Submit
C:\Windows\system\MpaucEJ.exe

Filesize
6.0MB

MD5
0ecfa40ebddd0cb9343ea5343a38b45b

SHA1
684b95e9d50c28f5c591bad63fbadf6d064fd492

SHA256
3364d8960dfe2510dd6ca2fb66a68f80afb72618d624180e9a0e86443103251c

SHA512
e1977db6d2598c1cb26fd58733f6f01142cb1d33429f6546171466554d969a0cf36b57672063fe234f42dfdc80be1218af92d776eb887f5487d752fa5e76fbea

Download Submit
C:\Windows\system\NNRSLMM.exe

Filesize
6.0MB

MD5
a24fe8ee83f81e39d35481006dda0800

SHA1
9294571857cfc13890553596bb00aeb9d25e9407

SHA256
8d3480c27f6f800f3072e0de816a994845d18b7d693a96dc45a9f4bb19225716

SHA512
7fceddd7465ab709cd05e52ce033aa2854a4208ed63ef2a220d9960705376c8c718630926141f1872d82aa9912c55845929097cb94249a383378a671e4aa8744

Download Submit
C:\Windows\system\TDyDafi.exe

Filesize
6.0MB

MD5
821f34ad2f822124b0922aa3a151c176

SHA1
3c6b21e5db56a6aab9dc4023aa1c36cea277813f

SHA256
1e0a804c9b563b17c38d7abb86a5a70ad6c21125fddc10badb30f55cedfc6467

SHA512
59a526b1ff0dbddbd4fd12eb994a0664277327893609af3788f4a2603a4ae190a9f494f87675bfc32132d46b387542c6f7fd6abe31ab48a79f9ea87c294ee7b8

Download Submit
C:\Windows\system\TTlUKyH.exe

Filesize
6.0MB

MD5
e10bf0937da362b4dd5f2bfc63edb5e6

SHA1
940da158e0f5e3d818ce77b60b403b68e267caeb

SHA256
8f8faed6aa0866c54203185795d3d16d79088b8ea63949fbe3f5336622e0dcbb

SHA512
553328ead8d2f6a8bd9310b7cd81e5e7d79036c214a552cc23342b1797d3dcbdd24db0f567188934468a4d5f552623b760158d79003826e37afe1bef78d24f53

Download Submit
C:\Windows\system\VUznUNk.exe

Filesize
6.0MB

MD5
c65dd88fd55ffd2bcb8fc107a952632a

SHA1
f0a0131939ae57f25e82e1f299eac11643fd00f3

SHA256
547d443fab058b813a95cf192d26b1259ef82bf3b4c38117c907ce569828c0d5

SHA512
30a2970c4a2d1c61d4f343c868be4764a3286495a0f2f038a298fe75eccc12a76043a4d608541ae8e1f92742f77f460a689b60edd65ed1dda51f3fd157fcf10e

Download Submit
C:\Windows\system\VZHEmDg.exe

Filesize
6.0MB

MD5
b395dcb532a328f0357503f2782c1072

SHA1
a71cba490253a36d184b380360cd9d660b134429

SHA256
25a7a1231a4dd741787bff3d337a9fc0e7ea8762b8e59fd9b43c105360d44fde

SHA512
fe66db12a23431c15765cfc95e4efc3b131d0471b3e05be35dbacce67fefc2a2dd40dd622f2dc5caceec0c9d4508f7a4041a6f8b6532e816bca3fb658ee9956b

Download Submit
C:\Windows\system\WuxbhXt.exe

Filesize
6.0MB

MD5
2f6c962832d84ad81ff39d4a96c45366

SHA1
d8ede80938278a0c4094564ba57079d7be3497b2

SHA256
ede5312b42c2576adbbff3a7b64cce120610533d10d328bc699c17b8e79dad47

SHA512
5b0912c5dd9e788404c7ae7c89b1c49bc6739507b9fd728e40cae23e1f9ccf85a66c09415904d84d6b2bb08e1e13d64bbcba621c58d4530bd8a40acfc3c2ac49

Download Submit
C:\Windows\system\YqvBDlu.exe

Filesize
6.0MB

MD5
5bf40bf306d7f7825d3573b0e78b3186

SHA1
dea4bfbc1a774e8b9dd0791de2e8ab9b45e2bbf9

SHA256
0e59a3dbcabdc8a54bde2ac262e4753ad108f99aa4ea97516983e98194597c06

SHA512
09973d3a184e65363ab8db1688a4086ca9761384477122285e292be4c3a3173783fe37510b5fd5169cc19cec2e7b9639859b2ab33eda9a4b8050b246a790bfbf

Download Submit
C:\Windows\system\YviwXTj.exe

Filesize
6.0MB

MD5
a583424add03c957d94d437b659278d1

SHA1
4dbaaf9814537d23a8731bf304a377fa89607bb9

SHA256
c79f3640ff4b2f9e6166b678659cddb220b6dd74787e4d7c9b228c9eba87cc63

SHA512
d1ab569e6674961abf59916861af4f5febb5ad96bafbd6bcdfe0190fcd742ef8089857e768e87fa4e69872eb2c221ff6322537b219d6b24e394f34bb9a66df5c

Download Submit
C:\Windows\system\ajuAbFf.exe

Filesize
6.0MB

MD5
b3b8dfff2c627cce8e566a04dbb85a9a

SHA1
44a42a462eac8b93354f43696190229f1a9b7b74

SHA256
6868c65f0bbf2c7a17c5fb65723d4033634d6b5fa71dc5cd0dc48173b08be8f7

SHA512
5216a760590a8b55d2f84bb32b1a2ac97282fb5bfd21c5439edfded617f685c4daddbd5cb2c4918a6d9770c849d2b5dfa7d264a103c456990b6625dd5e261100

Download Submit
C:\Windows\system\heuVzwp.exe

Filesize
6.0MB

MD5
e0b6220701b90013b45b03e807a37d09

SHA1
d1aa1daf82700d44f522689806d4aa6d8656c15c

SHA256
9c932b434e02571aad6533aed24956eec4907d5094f5cda326f36bbbbfaf7c6c

SHA512
41632047699f871420044c67e7f8b69ecabbc5eeca813115c1b176e8538599fe0a5042535c764ce1a0b9417b17ad0f82cbaca007f43ef5c3937cd5e5d9f4a837

Download Submit
C:\Windows\system\jXsUrZN.exe

Filesize
6.0MB

MD5
fc87c71a35a0ca7b5f8853cdc68866bd

SHA1
f99db77d70aff4155cba9d5acb7f21f4f70a2f3e

SHA256
e25132ea1c114d2b075f2dffae50f79d0a3da3456d08644734f95f886b5a5a89

SHA512
53d0ecd28f9042f5d963475301149ba762cdda65f7a6f5d0df74269cc21b06d68a266c5b2d0dca9a1a76e886e273028a69a488bd48f5864201dfd01411e48e80

Download Submit
C:\Windows\system\kXZnkZo.exe

Filesize
6.0MB

MD5
398dab019a7172d037cc0420f6a51930

SHA1
c8cdfc06daa404181df2a1befabce831fa85f441

SHA256
9f001f232520497d2d19b0e064bbae684f8d8e06e90b31b3a6b20c68d7586e71

SHA512
96d5102d1eaca1187cca93f2839160bb2831003f129866dff697bf2ddcd731721cff625c675bed7ecab811dc3deea20d5331c6e9a14535c4a7f8ac7193f6604f

Download Submit
C:\Windows\system\lOCRjaw.exe

Filesize
6.0MB

MD5
11482fc332ed6b7667381270e69e62fa

SHA1
f5f02e2b5d2cb02afbe4e667533339313e2eb3ba

SHA256
1be884140e340d12f23d418c5a27d960d3a847e2928c00163c21a2369b5e6224

SHA512
785e5227cbce45a2254650c243d26fccd7920edb553ad121536211e03b80fd00573bdad14689ee70dae449c33aeb6af71a1919ca0a9a2109a641eb8c85438ddf

Download Submit
C:\Windows\system\nPObrFW.exe

Filesize
6.0MB

MD5
b86c587f694623dfb5262c74ec91f51b

SHA1
d8803f4a9251c5e7a35471b6aea935a035d59fd6

SHA256
8231d86d5187ff94d970e52b6706162fb073f89bf6b9210d588d67a8dc7995d7

SHA512
79522bbafc39478e63ecbced4e2413f139fe3869a392f708f143ec578cb83bb0ad4793d62284835d8bdf73f581d7779941e0d0023505958b84bea7c96939d678

Download Submit
C:\Windows\system\nRUHOQF.exe

Filesize
6.0MB

MD5
95fc2b23119078f2babda93688bffb7f

SHA1
2c903091caa89b487035ff3f78aed92219525788

SHA256
87dfa273b02f8b74585575b58cb26f795c68e9cb489497cff38bc0daf2c0c1d8

SHA512
6a608c12bfc285311b9502c48f552b504553d0f593f22cce13da238206c3e6b7e8b3985349a4310e65cffb8416e387e0330ba777f346bd8e67f12e1df6f91ff9

Download Submit
C:\Windows\system\oSqKwLf.exe

Filesize
6.0MB

MD5
c220c50f5c5b61fa775ce2d91c119b15

SHA1
df0c6a1f20323775387cd89131063915b63b79fa

SHA256
2111d777883ccaa49e96bbf95cc9bf333d604bb2c1ef17d3e9626aa27dfca57a

SHA512
d49dbcfdd52df6024515af4b1243b32d95e75436b933cef89b898ad70e71833895d2451cc268a80ffccb954d302de70f68b3d24ad9ba583acc0850e0dbf90629

Download Submit
C:\Windows\system\pDVOEQx.exe

Filesize
6.0MB

MD5
2121afd6d8a5bdd246e622228d9cb8f1

SHA1
b7e483fc2433d077ec84e3211c31c6e0390ffc8b

SHA256
4b5fb7397d54ca85e6f995a724a9e2f20a2bc65c5047ab90c2425da02277df5b

SHA512
82e637e8c8f3134c02ad70291bbfe328a1f1a24333f0031d6d1d6644f68117d2fea622e728a5bab70ea1a62a5c1a0c55cede036b534a3a60c31ff844b7d78fb7

Download Submit
C:\Windows\system\pRcZPcw.exe

Filesize
6.0MB

MD5
e1141a25ad933b58697428befe1d95d5

SHA1
0a2a11d9344b266caa94bcda538fbfc1742766b6

SHA256
d7b958233f6b5f2af5f3a8d068d4d2fc5073a65d37086584dc99e2f4a1cef55f

SHA512
217e68d66ba546b85f69177323a5ab54f7561ddc8bd235f3cd3755e184bb39273472bf1311de14bfaad19cdf5569ed5eefc5e1b34d67d4554b82fe3608c5d3b3

Download Submit
C:\Windows\system\vjUfUGd.exe

Filesize
6.0MB

MD5
1a4cdf4918e7ba61ce83f8ad159870d3

SHA1
da1c254bb620427c7fff7cf9ef5d7e9c33ee5d61

SHA256
a59f8e80fa628db8b6e240843e9d8fb60a1ea76373c9228263ab4dbede2edf87

SHA512
0c108d7cb6bcb740228a3a4cabf6b3c9ce3d2d916df5005fc15d1be40279d7ff2fbf2b4eec11a45b1fda14e91431fced8a0a9615f8a525c381b5c9250388a058

Download Submit
C:\Windows\system\xFhpWGN.exe

Filesize
6.0MB

MD5
a578b76b3670c28524373aa4deea4a04

SHA1
c28c43134374fb61a7ca3e4fba5fb2b48fcfd73f

SHA256
5d8fd2e79c3d5c52f441c74b2176d7189f8de10530e20fbdf63c2fe7cffc533d

SHA512
403f942a25ef4e37f76c7db761d8ddfcee4a33f0b681d011b306633d10709e97cbefb9bd605d6ca898d568c468dd03997e2dd99d8ef6de697bf1bf3243f83eca

Download Submit
C:\Windows\system\yToqFYk.exe

Filesize
6.0MB

MD5
1c07ce5d4a66dad790cc9acc12aeaf33

SHA1
35a20c770ef79fc217c32eebfb56785c0abe7984

SHA256
b8b9531fed7c8cbc97f0eae8a3f217e535b9d719cb0a12710aa6709186532f16

SHA512
b98c7003f3f632c930aabf2966a4650150edd7dcb31602718927d198a06c841d1bdbf3750f8765d5e28d2b51b06fda13a6c494ec4ae16f690bc38dae66ec6ad6

Download Submit
\Windows\system\MBlhnjL.exe

Filesize
6.0MB

MD5
8d51bc91995364d501117f0e3a77f7ef

SHA1
099f32fc191013352d88684f612267e9312344be

SHA256
35ea9fba5bc306d9bfd07e3fc2508cebe4fbe34dc67fa51bcc8fa2eec24ec937

SHA512
dac3507bbdb734ed7fc77272e5a4e11ae8825b55d29a2b3a2a5e881871e85a8cabf0da3ac9c03e9bda54d34e045396e8e4e1af0821afb6234be07545989dada5

Download Submit
\Windows\system\SJqHObH.exe

Filesize
6.0MB

MD5
1958e86bb4a9fb94b06a26f797796815

SHA1
88b2ba8ce6a41946486c23b4a2a76512b7b5cf86

SHA256
14ab871eb9bcb088850205963fd0bd4fccf8fabe0e61751ef722ff0c5a604f7d

SHA512
27db0810b68cc242dcf824ec5289331277bb1d3c49ca6a44947e99ad0b20b98c1d5e0f266a02fff2c6b95f5d5c645ab5e553f122fc8a7805f6798f520e3224ed

Download Submit
\Windows\system\bIMoVez.exe

Filesize
6.0MB

MD5
67b0030db44f82a319eb4037de2e9c70

SHA1
d495539201a84c52a37752c3d4be350566209746

SHA256
9e4bbcac11aef70041a1784e8607ba891bae5f94c2c72876c1c59a49908afe72

SHA512
065abe4a6c5d1a519fac211747ed64119b4727ed86c39ddf30a62a1df1560ac7c596105d5c7ac23d56b6381cff96f29b5acfbee729424818cb6172d779b0d53d

Download Submit
memory/828-1621-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/828-2892-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-742-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1824-1065-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1824-4228-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-3025-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-3009-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-756-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-719-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1824-679-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1824-721-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-0-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-129-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1824-1116-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1824-131-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1824-630-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1824-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1824-10-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1824-1404-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-1171-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1165-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2905-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2152-1398-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2894-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1110-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2893-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2989-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1064-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2889-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2895-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2800-597-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2888-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-736-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2884-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2900-130-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2891-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2904-749-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2903-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2887-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-718-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-720-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2890-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2896-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-675-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download