cobaltstrike | 247b0f243f9f3e71b86359414a7fec0208c1152082255ea7652434793ba56ff8

Analysis

max time kernel
148s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a05d3ff8262c7ecbd3ce5d1ec1852901
SHA1

8a91a2b84e9d9cab862197e5dfb9a1b03bc4d781
SHA256

247b0f243f9f3e71b86359414a7fec0208c1152082255ea7652434793ba56ff8
SHA512

4ff118d282a9fb97ca3373e00da737a55a7bc91a0669000de99741da2271b862ffcf03046cc217178d0d3152032cdc36b724f062a27e09c73243d964d9245abc
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012281-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd0-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de8-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-18.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-41.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-45.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-49.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-57.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017400-37.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edb-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1908-0-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0009000000012281-6.dat	xmrig
behavioral1/files/0x0008000000016dd0-12.dat	xmrig
behavioral1/files/0x0007000000016de8-16.dat	xmrig
behavioral1/files/0x0007000000016eb8-18.dat	xmrig
behavioral1/files/0x00080000000173f3-34.dat	xmrig
behavioral1/files/0x0006000000018f65-41.dat	xmrig
behavioral1/files/0x000600000001904c-45.dat	xmrig
behavioral1/files/0x00060000000190e1-49.dat	xmrig
behavioral1/files/0x00050000000191d2-53.dat	xmrig
behavioral1/files/0x0005000000019259-69.dat	xmrig
behavioral1/files/0x0005000000019278-99.dat	xmrig
behavioral1/files/0x0005000000019319-111.dat	xmrig
behavioral1/files/0x0005000000019377-121.dat	xmrig
behavioral1/files/0x000500000001946a-160.dat	xmrig
behavioral1/memory/2336-1185-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/1908-1181-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2336-345-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2288-408-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2684-407-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2776-405-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2872-403-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2224-401-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2796-399-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2888-397-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2732-395-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2912-393-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2860-391-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2748-389-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1984-387-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2332-385-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945b-152.dat	xmrig
behavioral1/files/0x0005000000019446-144.dat	xmrig
behavioral1/files/0x00050000000193c1-136.dat	xmrig
behavioral1/files/0x0005000000019387-127.dat	xmrig
behavioral1/files/0x00050000000193a4-126.dat	xmrig
behavioral1/files/0x0005000000019479-163.dat	xmrig
behavioral1/files/0x0005000000019465-157.dat	xmrig
behavioral1/files/0x0005000000019450-149.dat	xmrig
behavioral1/files/0x0005000000019433-141.dat	xmrig
behavioral1/files/0x00050000000193b3-135.dat	xmrig
behavioral1/files/0x0005000000019365-115.dat	xmrig
behavioral1/files/0x000500000001929a-106.dat	xmrig
behavioral1/files/0x0005000000019275-96.dat	xmrig
behavioral1/files/0x000500000001926c-91.dat	xmrig
behavioral1/files/0x0005000000019268-86.dat	xmrig
behavioral1/files/0x0005000000019240-65.dat	xmrig
behavioral1/files/0x0005000000019217-61.dat	xmrig
behavioral1/files/0x00050000000191f6-57.dat	xmrig
behavioral1/files/0x0007000000017400-37.dat	xmrig
behavioral1/files/0x000700000001707c-29.dat	xmrig
behavioral1/files/0x0007000000016edb-26.dat	xmrig
behavioral1/memory/2288-2663-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2684-2662-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2912-2664-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2776-2682-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2748-2679-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2860-2695-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2872-2696-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1984-2693-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2888-2672-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2224-2668-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2336-2667-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2732-2692-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2684	mdtpvBd.exe
2336	dGrmkLn.exe
2288	BdPJCYP.exe
2332	bTkuzyu.exe
1984	QfZKFBY.exe
2748	cCwcaDP.exe
2860	bSKROyj.exe
2912	eqantOp.exe
2732	orBfIDM.exe
2888	ZJQKUMi.exe
2796	IyvXtjJ.exe
2224	nCQSuTo.exe
2872	MRcrLfo.exe
2776	BqIHLEI.exe
2604	ERBkAaX.exe
1988	GLwbUVN.exe
1920	RhmPeKg.exe
1252	rUvmUaU.exe
1932	CHjzFZv.exe
484	gtTfKxW.exe
536	BOebuXK.exe
1624	ILNYuSF.exe
2808	DRCywVy.exe
1132	yLbBMLr.exe
2972	vdBpxgV.exe
2280	DNuiXSC.exe
2544	nVcafaE.exe
1844	TKGUbdp.exe
3016	niCOLGB.exe
356	tvrLDnA.exe
1316	blLOEzX.exe
1640	oYOjIWf.exe
2956	JyRhdNw.exe
316	FaaNDfB.exe
2096	TQKhTmo.exe
2104	uGfFibD.exe
1692	XvVoDUY.exe
560	LJtmoop.exe
2812	lTPELhG.exe
3040	iEHcqwt.exe
1528	mbcyKiZ.exe
2428	WIXDzsx.exe
1820	VREPgyp.exe
2540	rUmkVbo.exe
880	MJsenXP.exe
2272	uQsmpen.exe
1764	eDjcIMK.exe
1492	dfDUBKY.exe
1740	CAAwPsK.exe
2152	KZSWHyy.exe
896	hOgaKpz.exe
2232	xhMiSwL.exe
2240	FSKoMRs.exe
2168	oryqNsj.exe
1912	ItGgEhF.exe
296	fOnKYdf.exe
1676	JWSJumj.exe
1952	eGiZEGU.exe
1708	elGKxlx.exe
2740	dimVYHp.exe
2628	HmeDOZd.exe
304	APrvLKE.exe
2656	KbqbFVm.exe
2852	RZqPwIZ.exe

Loads dropped DLL 64 IoCs

pid	Process
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1908-0-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0009000000012281-6.dat	upx
behavioral1/files/0x0008000000016dd0-12.dat	upx
behavioral1/files/0x0007000000016de8-16.dat	upx
behavioral1/files/0x0007000000016eb8-18.dat	upx
behavioral1/files/0x00080000000173f3-34.dat	upx
behavioral1/files/0x0006000000018f65-41.dat	upx
behavioral1/files/0x000600000001904c-45.dat	upx
behavioral1/files/0x00060000000190e1-49.dat	upx
behavioral1/files/0x00050000000191d2-53.dat	upx
behavioral1/files/0x0005000000019259-69.dat	upx
behavioral1/files/0x0005000000019278-99.dat	upx
behavioral1/files/0x0005000000019319-111.dat	upx
behavioral1/files/0x0005000000019377-121.dat	upx
behavioral1/files/0x000500000001946a-160.dat	upx
behavioral1/memory/2336-1185-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1908-1181-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2336-345-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2288-408-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2684-407-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2776-405-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2872-403-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2224-401-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2796-399-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2888-397-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2732-395-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2912-393-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2860-391-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2748-389-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1984-387-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2332-385-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x000500000001945b-152.dat	upx
behavioral1/files/0x0005000000019446-144.dat	upx
behavioral1/files/0x00050000000193c1-136.dat	upx
behavioral1/files/0x0005000000019387-127.dat	upx
behavioral1/files/0x00050000000193a4-126.dat	upx
behavioral1/files/0x0005000000019479-163.dat	upx
behavioral1/files/0x0005000000019465-157.dat	upx
behavioral1/files/0x0005000000019450-149.dat	upx
behavioral1/files/0x0005000000019433-141.dat	upx
behavioral1/files/0x00050000000193b3-135.dat	upx
behavioral1/files/0x0005000000019365-115.dat	upx
behavioral1/files/0x000500000001929a-106.dat	upx
behavioral1/files/0x0005000000019275-96.dat	upx
behavioral1/files/0x000500000001926c-91.dat	upx
behavioral1/files/0x0005000000019268-86.dat	upx
behavioral1/files/0x0005000000019240-65.dat	upx
behavioral1/files/0x0005000000019217-61.dat	upx
behavioral1/files/0x00050000000191f6-57.dat	upx
behavioral1/files/0x0007000000017400-37.dat	upx
behavioral1/files/0x000700000001707c-29.dat	upx
behavioral1/files/0x0007000000016edb-26.dat	upx
behavioral1/memory/2288-2663-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2684-2662-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2912-2664-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2776-2682-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2748-2679-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2860-2695-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2872-2696-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/1984-2693-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2888-2672-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2224-2668-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2336-2667-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2732-2692-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\yLbBMLr.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYtSxwE.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZWuwYn.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQqGXiv.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHUzZKv.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYZKPNE.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJxCjaX.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnVEEuZ.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFiXOmd.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JefRTeG.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVgcuhq.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUACiJZ.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkntVlm.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQvjcfD.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cesifsO.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbYIYoP.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYDraHx.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJJANiQ.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNToBdU.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOdIngW.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgUcrPh.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHmlDkO.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnULRGr.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKyfQWR.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebruupw.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBplgtd.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsXmgoT.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMoKxAp.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sybAPqM.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCZsfRO.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbojWAv.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWTuvCu.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dloUXmo.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBYHitg.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuSVuqb.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLlBCoJ.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUxYQLk.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCyftHq.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MocApFT.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGQQuQz.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxdldwB.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSKROyj.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtTfKxW.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFpEUoc.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMQHVIN.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdgjwez.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWWuXBs.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqTNzRF.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqantOp.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEmECJk.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMnKLOT.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whTFTOz.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FolnUPK.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMQkLxJ.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gShNlng.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWNPCQP.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whcwvZJ.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwcUGcv.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IieTuvm.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEGsyin.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmrCXyk.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAgfAHb.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNuAnrq.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIkVaCz.exe	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2684	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1908 wrote to memory of 2684	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1908 wrote to memory of 2684	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1908 wrote to memory of 2336	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1908 wrote to memory of 2336	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1908 wrote to memory of 2336	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1908 wrote to memory of 2288	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1908 wrote to memory of 2288	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1908 wrote to memory of 2288	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1908 wrote to memory of 2332	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1908 wrote to memory of 2332	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1908 wrote to memory of 2332	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1908 wrote to memory of 1984	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1908 wrote to memory of 1984	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1908 wrote to memory of 1984	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1908 wrote to memory of 2748	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1908 wrote to memory of 2748	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1908 wrote to memory of 2748	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1908 wrote to memory of 2860	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1908 wrote to memory of 2860	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1908 wrote to memory of 2860	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1908 wrote to memory of 2912	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1908 wrote to memory of 2912	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1908 wrote to memory of 2912	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1908 wrote to memory of 2732	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1908 wrote to memory of 2732	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1908 wrote to memory of 2732	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1908 wrote to memory of 2888	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1908 wrote to memory of 2888	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1908 wrote to memory of 2888	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1908 wrote to memory of 2796	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1908 wrote to memory of 2796	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1908 wrote to memory of 2796	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1908 wrote to memory of 2224	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1908 wrote to memory of 2224	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1908 wrote to memory of 2224	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1908 wrote to memory of 2872	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1908 wrote to memory of 2872	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1908 wrote to memory of 2872	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1908 wrote to memory of 2776	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1908 wrote to memory of 2776	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1908 wrote to memory of 2776	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1908 wrote to memory of 2604	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1908 wrote to memory of 2604	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1908 wrote to memory of 2604	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1908 wrote to memory of 1988	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1908 wrote to memory of 1988	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1908 wrote to memory of 1988	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1908 wrote to memory of 1920	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1908 wrote to memory of 1920	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1908 wrote to memory of 1920	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1908 wrote to memory of 1252	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1908 wrote to memory of 1252	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1908 wrote to memory of 1252	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1908 wrote to memory of 1932	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1908 wrote to memory of 1932	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1908 wrote to memory of 1932	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1908 wrote to memory of 484	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1908 wrote to memory of 484	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1908 wrote to memory of 484	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1908 wrote to memory of 536	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1908 wrote to memory of 536	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1908 wrote to memory of 536	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1908 wrote to memory of 1624	1908	2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_a05d3ff8262c7ecbd3ce5d1ec1852901_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\System\mdtpvBd.exe
  C:\Windows\System\mdtpvBd.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\dGrmkLn.exe
  C:\Windows\System\dGrmkLn.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\BdPJCYP.exe
  C:\Windows\System\BdPJCYP.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\bTkuzyu.exe
  C:\Windows\System\bTkuzyu.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\QfZKFBY.exe
  C:\Windows\System\QfZKFBY.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\cCwcaDP.exe
  C:\Windows\System\cCwcaDP.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\bSKROyj.exe
  C:\Windows\System\bSKROyj.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\eqantOp.exe
  C:\Windows\System\eqantOp.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\orBfIDM.exe
  C:\Windows\System\orBfIDM.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ZJQKUMi.exe
  C:\Windows\System\ZJQKUMi.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\IyvXtjJ.exe
  C:\Windows\System\IyvXtjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\nCQSuTo.exe
  C:\Windows\System\nCQSuTo.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\MRcrLfo.exe
  C:\Windows\System\MRcrLfo.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\BqIHLEI.exe
  C:\Windows\System\BqIHLEI.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ERBkAaX.exe
  C:\Windows\System\ERBkAaX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\GLwbUVN.exe
  C:\Windows\System\GLwbUVN.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\RhmPeKg.exe
  C:\Windows\System\RhmPeKg.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\rUvmUaU.exe
  C:\Windows\System\rUvmUaU.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\CHjzFZv.exe
  C:\Windows\System\CHjzFZv.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\gtTfKxW.exe
  C:\Windows\System\gtTfKxW.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\BOebuXK.exe
  C:\Windows\System\BOebuXK.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\ILNYuSF.exe
  C:\Windows\System\ILNYuSF.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\DRCywVy.exe
  C:\Windows\System\DRCywVy.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\yLbBMLr.exe
  C:\Windows\System\yLbBMLr.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\vdBpxgV.exe
  C:\Windows\System\vdBpxgV.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\JyRhdNw.exe
  C:\Windows\System\JyRhdNw.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\DNuiXSC.exe
  C:\Windows\System\DNuiXSC.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\TQKhTmo.exe
  C:\Windows\System\TQKhTmo.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\nVcafaE.exe
  C:\Windows\System\nVcafaE.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\uGfFibD.exe
  C:\Windows\System\uGfFibD.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\TKGUbdp.exe
  C:\Windows\System\TKGUbdp.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\MJsenXP.exe
  C:\Windows\System\MJsenXP.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\niCOLGB.exe
  C:\Windows\System\niCOLGB.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\uQsmpen.exe
  C:\Windows\System\uQsmpen.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\tvrLDnA.exe
  C:\Windows\System\tvrLDnA.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\eDjcIMK.exe
  C:\Windows\System\eDjcIMK.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\blLOEzX.exe
  C:\Windows\System\blLOEzX.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\dfDUBKY.exe
  C:\Windows\System\dfDUBKY.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\oYOjIWf.exe
  C:\Windows\System\oYOjIWf.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\CAAwPsK.exe
  C:\Windows\System\CAAwPsK.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\FaaNDfB.exe
  C:\Windows\System\FaaNDfB.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\KZSWHyy.exe
  C:\Windows\System\KZSWHyy.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\XvVoDUY.exe
  C:\Windows\System\XvVoDUY.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\hOgaKpz.exe
  C:\Windows\System\hOgaKpz.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\LJtmoop.exe
  C:\Windows\System\LJtmoop.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\xhMiSwL.exe
  C:\Windows\System\xhMiSwL.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\lTPELhG.exe
  C:\Windows\System\lTPELhG.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\FSKoMRs.exe
  C:\Windows\System\FSKoMRs.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\iEHcqwt.exe
  C:\Windows\System\iEHcqwt.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\oryqNsj.exe
  C:\Windows\System\oryqNsj.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\mbcyKiZ.exe
  C:\Windows\System\mbcyKiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ItGgEhF.exe
  C:\Windows\System\ItGgEhF.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\WIXDzsx.exe
  C:\Windows\System\WIXDzsx.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\fOnKYdf.exe
  C:\Windows\System\fOnKYdf.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\VREPgyp.exe
  C:\Windows\System\VREPgyp.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\JWSJumj.exe
  C:\Windows\System\JWSJumj.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\rUmkVbo.exe
  C:\Windows\System\rUmkVbo.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\eGiZEGU.exe
  C:\Windows\System\eGiZEGU.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\elGKxlx.exe
  C:\Windows\System\elGKxlx.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\RZqPwIZ.exe
  C:\Windows\System\RZqPwIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\dimVYHp.exe
  C:\Windows\System\dimVYHp.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\ATdosoC.exe
  C:\Windows\System\ATdosoC.exe
  2⤵
  PID:2768
- C:\Windows\System\HmeDOZd.exe
  C:\Windows\System\HmeDOZd.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\hvAjIzk.exe
  C:\Windows\System\hvAjIzk.exe
  2⤵
  PID:1968
- C:\Windows\System\APrvLKE.exe
  C:\Windows\System\APrvLKE.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\YRFnjVz.exe
  C:\Windows\System\YRFnjVz.exe
  2⤵
  PID:3060
- C:\Windows\System\KbqbFVm.exe
  C:\Windows\System\KbqbFVm.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\qUdcCKn.exe
  C:\Windows\System\qUdcCKn.exe
  2⤵
  PID:2144
- C:\Windows\System\KAfHcpN.exe
  C:\Windows\System\KAfHcpN.exe
  2⤵
  PID:636
- C:\Windows\System\BVBCIew.exe
  C:\Windows\System\BVBCIew.exe
  2⤵
  PID:1296
- C:\Windows\System\jFTKeCV.exe
  C:\Windows\System\jFTKeCV.exe
  2⤵
  PID:1416
- C:\Windows\System\jPcLYWl.exe
  C:\Windows\System\jPcLYWl.exe
  2⤵
  PID:2180
- C:\Windows\System\qHsTUGD.exe
  C:\Windows\System\qHsTUGD.exe
  2⤵
  PID:2824
- C:\Windows\System\gtVRDzz.exe
  C:\Windows\System\gtVRDzz.exe
  2⤵
  PID:1080
- C:\Windows\System\GuRGgxu.exe
  C:\Windows\System\GuRGgxu.exe
  2⤵
  PID:1312
- C:\Windows\System\LFHsitJ.exe
  C:\Windows\System\LFHsitJ.exe
  2⤵
  PID:1788
- C:\Windows\System\WDKluOO.exe
  C:\Windows\System\WDKluOO.exe
  2⤵
  PID:3056
- C:\Windows\System\TiolXAK.exe
  C:\Windows\System\TiolXAK.exe
  2⤵
  PID:588
- C:\Windows\System\YsJZtRS.exe
  C:\Windows\System\YsJZtRS.exe
  2⤵
  PID:1028
- C:\Windows\System\eswrCwl.exe
  C:\Windows\System\eswrCwl.exe
  2⤵
  PID:2112
- C:\Windows\System\oQwlIbk.exe
  C:\Windows\System\oQwlIbk.exe
  2⤵
  PID:1524
- C:\Windows\System\wKWZRGR.exe
  C:\Windows\System\wKWZRGR.exe
  2⤵
  PID:2688
- C:\Windows\System\mgUcrPh.exe
  C:\Windows\System\mgUcrPh.exe
  2⤵
  PID:2444
- C:\Windows\System\OulOtrZ.exe
  C:\Windows\System\OulOtrZ.exe
  2⤵
  PID:2300
- C:\Windows\System\EGYlqDC.exe
  C:\Windows\System\EGYlqDC.exe
  2⤵
  PID:612
- C:\Windows\System\hTOddNy.exe
  C:\Windows\System\hTOddNy.exe
  2⤵
  PID:948
- C:\Windows\System\UvRYied.exe
  C:\Windows\System\UvRYied.exe
  2⤵
  PID:2664
- C:\Windows\System\wgtLcuT.exe
  C:\Windows\System\wgtLcuT.exe
  2⤵
  PID:2176
- C:\Windows\System\HHFFrMO.exe
  C:\Windows\System\HHFFrMO.exe
  2⤵
  PID:2432
- C:\Windows\System\eTsoLzP.exe
  C:\Windows\System\eTsoLzP.exe
  2⤵
  PID:2292
- C:\Windows\System\jSCIBbW.exe
  C:\Windows\System\jSCIBbW.exe
  2⤵
  PID:2616
- C:\Windows\System\AeStKVn.exe
  C:\Windows\System\AeStKVn.exe
  2⤵
  PID:1936
- C:\Windows\System\OTiGUzs.exe
  C:\Windows\System\OTiGUzs.exe
  2⤵
  PID:840
- C:\Windows\System\ikJDFEP.exe
  C:\Windows\System\ikJDFEP.exe
  2⤵
  PID:1796
- C:\Windows\System\EnGceIN.exe
  C:\Windows\System\EnGceIN.exe
  2⤵
  PID:856
- C:\Windows\System\oYHjRYI.exe
  C:\Windows\System\oYHjRYI.exe
  2⤵
  PID:1616
- C:\Windows\System\JkKuvkU.exe
  C:\Windows\System\JkKuvkU.exe
  2⤵
  PID:2420
- C:\Windows\System\eYuZeGb.exe
  C:\Windows\System\eYuZeGb.exe
  2⤵
  PID:2884
- C:\Windows\System\zbADfzQ.exe
  C:\Windows\System\zbADfzQ.exe
  2⤵
  PID:2640
- C:\Windows\System\dSmvZmO.exe
  C:\Windows\System\dSmvZmO.exe
  2⤵
  PID:664
- C:\Windows\System\wZykjjm.exe
  C:\Windows\System\wZykjjm.exe
  2⤵
  PID:1996
- C:\Windows\System\RPSKzif.exe
  C:\Windows\System\RPSKzif.exe
  2⤵
  PID:2948
- C:\Windows\System\kWbeLBK.exe
  C:\Windows\System\kWbeLBK.exe
  2⤵
  PID:2156
- C:\Windows\System\LzVNvsi.exe
  C:\Windows\System\LzVNvsi.exe
  2⤵
  PID:2000
- C:\Windows\System\QlZYJFy.exe
  C:\Windows\System\QlZYJFy.exe
  2⤵
  PID:1108
- C:\Windows\System\PFJmduN.exe
  C:\Windows\System\PFJmduN.exe
  2⤵
  PID:768
- C:\Windows\System\IzxAueg.exe
  C:\Windows\System\IzxAueg.exe
  2⤵
  PID:2088
- C:\Windows\System\TsckSWC.exe
  C:\Windows\System\TsckSWC.exe
  2⤵
  PID:1620
- C:\Windows\System\mQziJlf.exe
  C:\Windows\System\mQziJlf.exe
  2⤵
  PID:784
- C:\Windows\System\awxbJHa.exe
  C:\Windows\System\awxbJHa.exe
  2⤵
  PID:1268
- C:\Windows\System\RbNGibM.exe
  C:\Windows\System\RbNGibM.exe
  2⤵
  PID:1584
- C:\Windows\System\kODghRb.exe
  C:\Windows\System\kODghRb.exe
  2⤵
  PID:3120
- C:\Windows\System\lLDKUyh.exe
  C:\Windows\System\lLDKUyh.exe
  2⤵
  PID:3204
- C:\Windows\System\hOEfIbc.exe
  C:\Windows\System\hOEfIbc.exe
  2⤵
  PID:3220
- C:\Windows\System\PJxCjaX.exe
  C:\Windows\System\PJxCjaX.exe
  2⤵
  PID:3236
- C:\Windows\System\qiLlQtb.exe
  C:\Windows\System\qiLlQtb.exe
  2⤵
  PID:3252
- C:\Windows\System\EEClvhg.exe
  C:\Windows\System\EEClvhg.exe
  2⤵
  PID:3276
- C:\Windows\System\oSyUIFn.exe
  C:\Windows\System\oSyUIFn.exe
  2⤵
  PID:3292
- C:\Windows\System\IFWYFmu.exe
  C:\Windows\System\IFWYFmu.exe
  2⤵
  PID:3316
- C:\Windows\System\MdzJQcQ.exe
  C:\Windows\System\MdzJQcQ.exe
  2⤵
  PID:3332
- C:\Windows\System\llKnlae.exe
  C:\Windows\System\llKnlae.exe
  2⤵
  PID:3352
- C:\Windows\System\tauftAJ.exe
  C:\Windows\System\tauftAJ.exe
  2⤵
  PID:3384
- C:\Windows\System\deflYvv.exe
  C:\Windows\System\deflYvv.exe
  2⤵
  PID:3400
- C:\Windows\System\hxmOONd.exe
  C:\Windows\System\hxmOONd.exe
  2⤵
  PID:3424
- C:\Windows\System\WcQHXeZ.exe
  C:\Windows\System\WcQHXeZ.exe
  2⤵
  PID:3440
- C:\Windows\System\SYPpVtr.exe
  C:\Windows\System\SYPpVtr.exe
  2⤵
  PID:3456
- C:\Windows\System\onZwqeo.exe
  C:\Windows\System\onZwqeo.exe
  2⤵
  PID:3472
- C:\Windows\System\cmJESkL.exe
  C:\Windows\System\cmJESkL.exe
  2⤵
  PID:3492
- C:\Windows\System\OpRHUuz.exe
  C:\Windows\System\OpRHUuz.exe
  2⤵
  PID:3516
- C:\Windows\System\BeOQmEb.exe
  C:\Windows\System\BeOQmEb.exe
  2⤵
  PID:3536
- C:\Windows\System\wtfUjXJ.exe
  C:\Windows\System\wtfUjXJ.exe
  2⤵
  PID:3556
- C:\Windows\System\pHucgVW.exe
  C:\Windows\System\pHucgVW.exe
  2⤵
  PID:3572
- C:\Windows\System\mlYAbde.exe
  C:\Windows\System\mlYAbde.exe
  2⤵
  PID:3592
- C:\Windows\System\UlOtDFy.exe
  C:\Windows\System\UlOtDFy.exe
  2⤵
  PID:3616
- C:\Windows\System\ZGZtISu.exe
  C:\Windows\System\ZGZtISu.exe
  2⤵
  PID:3632
- C:\Windows\System\dUMvlIN.exe
  C:\Windows\System\dUMvlIN.exe
  2⤵
  PID:3656
- C:\Windows\System\LonwlTd.exe
  C:\Windows\System\LonwlTd.exe
  2⤵
  PID:3672
- C:\Windows\System\IUhxant.exe
  C:\Windows\System\IUhxant.exe
  2⤵
  PID:3688
- C:\Windows\System\NhLqkEF.exe
  C:\Windows\System\NhLqkEF.exe
  2⤵
  PID:3712
- C:\Windows\System\zCWuhRF.exe
  C:\Windows\System\zCWuhRF.exe
  2⤵
  PID:3744
- C:\Windows\System\aDjwJtF.exe
  C:\Windows\System\aDjwJtF.exe
  2⤵
  PID:3760
- C:\Windows\System\BfVhVaT.exe
  C:\Windows\System\BfVhVaT.exe
  2⤵
  PID:3776
- C:\Windows\System\UlaDFQU.exe
  C:\Windows\System\UlaDFQU.exe
  2⤵
  PID:3792
- C:\Windows\System\ffufrAe.exe
  C:\Windows\System\ffufrAe.exe
  2⤵
  PID:3808
- C:\Windows\System\jEHVHLo.exe
  C:\Windows\System\jEHVHLo.exe
  2⤵
  PID:3824
- C:\Windows\System\KXLQKje.exe
  C:\Windows\System\KXLQKje.exe
  2⤵
  PID:3840
- C:\Windows\System\nXDKFVw.exe
  C:\Windows\System\nXDKFVw.exe
  2⤵
  PID:3856
- C:\Windows\System\wIJMFQf.exe
  C:\Windows\System\wIJMFQf.exe
  2⤵
  PID:3876
- C:\Windows\System\lCFbmlr.exe
  C:\Windows\System\lCFbmlr.exe
  2⤵
  PID:3908
- C:\Windows\System\OYrUlXa.exe
  C:\Windows\System\OYrUlXa.exe
  2⤵
  PID:3928
- C:\Windows\System\VhgTGKM.exe
  C:\Windows\System\VhgTGKM.exe
  2⤵
  PID:3944
- C:\Windows\System\wNpRoKF.exe
  C:\Windows\System\wNpRoKF.exe
  2⤵
  PID:3960
- C:\Windows\System\CmmrDOZ.exe
  C:\Windows\System\CmmrDOZ.exe
  2⤵
  PID:3984
- C:\Windows\System\kLSLAGa.exe
  C:\Windows\System\kLSLAGa.exe
  2⤵
  PID:4000
- C:\Windows\System\VxZXopK.exe
  C:\Windows\System\VxZXopK.exe
  2⤵
  PID:4016
- C:\Windows\System\WBqDrao.exe
  C:\Windows\System\WBqDrao.exe
  2⤵
  PID:4036
- C:\Windows\System\QDUPJpA.exe
  C:\Windows\System\QDUPJpA.exe
  2⤵
  PID:4052
- C:\Windows\System\eonopfG.exe
  C:\Windows\System\eonopfG.exe
  2⤵
  PID:4068
- C:\Windows\System\dYDGKrX.exe
  C:\Windows\System\dYDGKrX.exe
  2⤵
  PID:4084
- C:\Windows\System\maCozxt.exe
  C:\Windows\System\maCozxt.exe
  2⤵
  PID:2320
- C:\Windows\System\vHjnWOK.exe
  C:\Windows\System\vHjnWOK.exe
  2⤵
  PID:1948
- C:\Windows\System\HLWAmgj.exe
  C:\Windows\System\HLWAmgj.exe
  2⤵
  PID:872
- C:\Windows\System\uGFSbcg.exe
  C:\Windows\System\uGFSbcg.exe
  2⤵
  PID:1572
- C:\Windows\System\slpMjzF.exe
  C:\Windows\System\slpMjzF.exe
  2⤵
  PID:2928
- C:\Windows\System\vRdRisJ.exe
  C:\Windows\System\vRdRisJ.exe
  2⤵
  PID:2368
- C:\Windows\System\sfGzXiZ.exe
  C:\Windows\System\sfGzXiZ.exe
  2⤵
  PID:2116
- C:\Windows\System\tFpEUoc.exe
  C:\Windows\System\tFpEUoc.exe
  2⤵
  PID:2324
- C:\Windows\System\KRwbDcm.exe
  C:\Windows\System\KRwbDcm.exe
  2⤵
  PID:984
- C:\Windows\System\DwNxJGB.exe
  C:\Windows\System\DwNxJGB.exe
  2⤵
  PID:1608
- C:\Windows\System\yzqiUSN.exe
  C:\Windows\System\yzqiUSN.exe
  2⤵
  PID:2588
- C:\Windows\System\yZsUpdl.exe
  C:\Windows\System\yZsUpdl.exe
  2⤵
  PID:2200
- C:\Windows\System\hnXczaf.exe
  C:\Windows\System\hnXczaf.exe
  2⤵
  PID:3156
- C:\Windows\System\raHHWza.exe
  C:\Windows\System\raHHWza.exe
  2⤵
  PID:3248
- C:\Windows\System\FwKuaSI.exe
  C:\Windows\System\FwKuaSI.exe
  2⤵
  PID:3172
- C:\Windows\System\Bscluvh.exe
  C:\Windows\System\Bscluvh.exe
  2⤵
  PID:3188
- C:\Windows\System\cpWEuFy.exe
  C:\Windows\System\cpWEuFy.exe
  2⤵
  PID:3328
- C:\Windows\System\rzonAMs.exe
  C:\Windows\System\rzonAMs.exe
  2⤵
  PID:3368
- C:\Windows\System\AJFcqTe.exe
  C:\Windows\System\AJFcqTe.exe
  2⤵
  PID:3200
- C:\Windows\System\qSclibK.exe
  C:\Windows\System\qSclibK.exe
  2⤵
  PID:3412
- C:\Windows\System\vpIjRUt.exe
  C:\Windows\System\vpIjRUt.exe
  2⤵
  PID:3480
- C:\Windows\System\XjsMfjE.exe
  C:\Windows\System\XjsMfjE.exe
  2⤵
  PID:3524
- C:\Windows\System\JMGcVRm.exe
  C:\Windows\System\JMGcVRm.exe
  2⤵
  PID:3568
- C:\Windows\System\SKeyYOK.exe
  C:\Windows\System\SKeyYOK.exe
  2⤵
  PID:3312
- C:\Windows\System\UfnhNqK.exe
  C:\Windows\System\UfnhNqK.exe
  2⤵
  PID:3604
- C:\Windows\System\CHHNHcf.exe
  C:\Windows\System\CHHNHcf.exe
  2⤵
  PID:3648
- C:\Windows\System\XaxWHsL.exe
  C:\Windows\System\XaxWHsL.exe
  2⤵
  PID:3232
- C:\Windows\System\qVgcuhq.exe
  C:\Windows\System\qVgcuhq.exe
  2⤵
  PID:3304
- C:\Windows\System\UfDnWeo.exe
  C:\Windows\System\UfDnWeo.exe
  2⤵
  PID:3720
- C:\Windows\System\MexaNXV.exe
  C:\Windows\System\MexaNXV.exe
  2⤵
  PID:3740
- C:\Windows\System\InGlscn.exe
  C:\Windows\System\InGlscn.exe
  2⤵
  PID:3800
- C:\Windows\System\VycXbiu.exe
  C:\Windows\System\VycXbiu.exe
  2⤵
  PID:3864
- C:\Windows\System\wEhlkCK.exe
  C:\Windows\System\wEhlkCK.exe
  2⤵
  PID:3920
- C:\Windows\System\QVhOzxs.exe
  C:\Windows\System\QVhOzxs.exe
  2⤵
  PID:3992
- C:\Windows\System\fbKJYlc.exe
  C:\Windows\System\fbKJYlc.exe
  2⤵
  PID:4032
- C:\Windows\System\YqSOwGa.exe
  C:\Windows\System\YqSOwGa.exe
  2⤵
  PID:380
- C:\Windows\System\HzAeXoE.exe
  C:\Windows\System\HzAeXoE.exe
  2⤵
  PID:2772
- C:\Windows\System\oEAGFLA.exe
  C:\Windows\System\oEAGFLA.exe
  2⤵
  PID:2764
- C:\Windows\System\QOgzHmU.exe
  C:\Windows\System\QOgzHmU.exe
  2⤵
  PID:3164
- C:\Windows\System\UDImjsh.exe
  C:\Windows\System\UDImjsh.exe
  2⤵
  PID:3376
- C:\Windows\System\tEWTTnK.exe
  C:\Windows\System\tEWTTnK.exe
  2⤵
  PID:3528
- C:\Windows\System\QefkDYZ.exe
  C:\Windows\System\QefkDYZ.exe
  2⤵
  PID:3340
- C:\Windows\System\pzQNcYT.exe
  C:\Windows\System\pzQNcYT.exe
  2⤵
  PID:3768
- C:\Windows\System\OzbiXjM.exe
  C:\Windows\System\OzbiXjM.exe
  2⤵
  PID:4100
- C:\Windows\System\Wgixdhw.exe
  C:\Windows\System\Wgixdhw.exe
  2⤵
  PID:4116
- C:\Windows\System\Erejgig.exe
  C:\Windows\System\Erejgig.exe
  2⤵
  PID:4132
- C:\Windows\System\vWrbUAu.exe
  C:\Windows\System\vWrbUAu.exe
  2⤵
  PID:4148
- C:\Windows\System\EWzwFOU.exe
  C:\Windows\System\EWzwFOU.exe
  2⤵
  PID:4164
- C:\Windows\System\Safoolk.exe
  C:\Windows\System\Safoolk.exe
  2⤵
  PID:4180
- C:\Windows\System\alDHzie.exe
  C:\Windows\System\alDHzie.exe
  2⤵
  PID:4196
- C:\Windows\System\xEEfuqY.exe
  C:\Windows\System\xEEfuqY.exe
  2⤵
  PID:4212
- C:\Windows\System\amWjXtP.exe
  C:\Windows\System\amWjXtP.exe
  2⤵
  PID:4228
- C:\Windows\System\JQNkQAI.exe
  C:\Windows\System\JQNkQAI.exe
  2⤵
  PID:4244
- C:\Windows\System\PQcKhAp.exe
  C:\Windows\System\PQcKhAp.exe
  2⤵
  PID:4260
- C:\Windows\System\CbGRLkM.exe
  C:\Windows\System\CbGRLkM.exe
  2⤵
  PID:4276
- C:\Windows\System\JVbBUxl.exe
  C:\Windows\System\JVbBUxl.exe
  2⤵
  PID:4292
- C:\Windows\System\hkBbDor.exe
  C:\Windows\System\hkBbDor.exe
  2⤵
  PID:4308
- C:\Windows\System\oTfMonj.exe
  C:\Windows\System\oTfMonj.exe
  2⤵
  PID:4324
- C:\Windows\System\oaiClav.exe
  C:\Windows\System\oaiClav.exe
  2⤵
  PID:4340
- C:\Windows\System\wYnaFoE.exe
  C:\Windows\System\wYnaFoE.exe
  2⤵
  PID:4356
- C:\Windows\System\zxMmxWI.exe
  C:\Windows\System\zxMmxWI.exe
  2⤵
  PID:4372
- C:\Windows\System\LeAsxgJ.exe
  C:\Windows\System\LeAsxgJ.exe
  2⤵
  PID:4388
- C:\Windows\System\BpifGaP.exe
  C:\Windows\System\BpifGaP.exe
  2⤵
  PID:4404
- C:\Windows\System\BnAewJs.exe
  C:\Windows\System\BnAewJs.exe
  2⤵
  PID:4420
- C:\Windows\System\FMKKVYj.exe
  C:\Windows\System\FMKKVYj.exe
  2⤵
  PID:4436
- C:\Windows\System\sPJvinO.exe
  C:\Windows\System\sPJvinO.exe
  2⤵
  PID:4452
- C:\Windows\System\TlNjvnN.exe
  C:\Windows\System\TlNjvnN.exe
  2⤵
  PID:4468
- C:\Windows\System\bpkyfWY.exe
  C:\Windows\System\bpkyfWY.exe
  2⤵
  PID:4484
- C:\Windows\System\eNJXLvK.exe
  C:\Windows\System\eNJXLvK.exe
  2⤵
  PID:4500
- C:\Windows\System\IBGmkKx.exe
  C:\Windows\System\IBGmkKx.exe
  2⤵
  PID:4516
- C:\Windows\System\ftaREVi.exe
  C:\Windows\System\ftaREVi.exe
  2⤵
  PID:4532
- C:\Windows\System\lVghiGk.exe
  C:\Windows\System\lVghiGk.exe
  2⤵
  PID:4564
- C:\Windows\System\rjCVGFE.exe
  C:\Windows\System\rjCVGFE.exe
  2⤵
  PID:4592
- C:\Windows\System\qNWsnyy.exe
  C:\Windows\System\qNWsnyy.exe
  2⤵
  PID:4616
- C:\Windows\System\SJWmiIO.exe
  C:\Windows\System\SJWmiIO.exe
  2⤵
  PID:4708
- C:\Windows\System\tzNUcSO.exe
  C:\Windows\System\tzNUcSO.exe
  2⤵
  PID:4728
- C:\Windows\System\ybwTSmD.exe
  C:\Windows\System\ybwTSmD.exe
  2⤵
  PID:4748
- C:\Windows\System\BblTSTm.exe
  C:\Windows\System\BblTSTm.exe
  2⤵
  PID:4764
- C:\Windows\System\xREHXDp.exe
  C:\Windows\System\xREHXDp.exe
  2⤵
  PID:4780
- C:\Windows\System\QncDnPR.exe
  C:\Windows\System\QncDnPR.exe
  2⤵
  PID:4796
- C:\Windows\System\iPxZjLC.exe
  C:\Windows\System\iPxZjLC.exe
  2⤵
  PID:4812
- C:\Windows\System\yBGiVYh.exe
  C:\Windows\System\yBGiVYh.exe
  2⤵
  PID:4828
- C:\Windows\System\dXkFoYo.exe
  C:\Windows\System\dXkFoYo.exe
  2⤵
  PID:4844
- C:\Windows\System\qSxByqy.exe
  C:\Windows\System\qSxByqy.exe
  2⤵
  PID:4868
- C:\Windows\System\tRiAxlt.exe
  C:\Windows\System\tRiAxlt.exe
  2⤵
  PID:4884
- C:\Windows\System\wxhKOfY.exe
  C:\Windows\System\wxhKOfY.exe
  2⤵
  PID:4900
- C:\Windows\System\hLmmIcj.exe
  C:\Windows\System\hLmmIcj.exe
  2⤵
  PID:4916
- C:\Windows\System\QcWnxks.exe
  C:\Windows\System\QcWnxks.exe
  2⤵
  PID:4940
- C:\Windows\System\mgelXeA.exe
  C:\Windows\System\mgelXeA.exe
  2⤵
  PID:4960
- C:\Windows\System\SCZsfRO.exe
  C:\Windows\System\SCZsfRO.exe
  2⤵
  PID:4976
- C:\Windows\System\yAaZfVe.exe
  C:\Windows\System\yAaZfVe.exe
  2⤵
  PID:4992
- C:\Windows\System\QbjjLNy.exe
  C:\Windows\System\QbjjLNy.exe
  2⤵
  PID:5008
- C:\Windows\System\bpgtzCt.exe
  C:\Windows\System\bpgtzCt.exe
  2⤵
  PID:5024
- C:\Windows\System\gHAJchS.exe
  C:\Windows\System\gHAJchS.exe
  2⤵
  PID:5040
- C:\Windows\System\mShasSp.exe
  C:\Windows\System\mShasSp.exe
  2⤵
  PID:5056
- C:\Windows\System\hlEEKmS.exe
  C:\Windows\System\hlEEKmS.exe
  2⤵
  PID:5072
- C:\Windows\System\axzypBS.exe
  C:\Windows\System\axzypBS.exe
  2⤵
  PID:5088
- C:\Windows\System\pWxGovw.exe
  C:\Windows\System\pWxGovw.exe
  2⤵
  PID:5104
- C:\Windows\System\vPcGqml.exe
  C:\Windows\System\vPcGqml.exe
  2⤵
  PID:4028
- C:\Windows\System\VGxTyTL.exe
  C:\Windows\System\VGxTyTL.exe
  2⤵
  PID:376
- C:\Windows\System\hQKOTio.exe
  C:\Windows\System\hQKOTio.exe
  2⤵
  PID:3348
- C:\Windows\System\zHmvLlO.exe
  C:\Windows\System\zHmvLlO.exe
  2⤵
  PID:4140
- C:\Windows\System\TsLyKDs.exe
  C:\Windows\System\TsLyKDs.exe
  2⤵
  PID:4204
- C:\Windows\System\mpTVQKP.exe
  C:\Windows\System\mpTVQKP.exe
  2⤵
  PID:4268
- C:\Windows\System\bGrHYXH.exe
  C:\Windows\System\bGrHYXH.exe
  2⤵
  PID:4332
- C:\Windows\System\MtEODcM.exe
  C:\Windows\System\MtEODcM.exe
  2⤵
  PID:4396
- C:\Windows\System\tMdNhWW.exe
  C:\Windows\System\tMdNhWW.exe
  2⤵
  PID:3584
- C:\Windows\System\ExGelQo.exe
  C:\Windows\System\ExGelQo.exe
  2⤵
  PID:3816
- C:\Windows\System\NqvyWYd.exe
  C:\Windows\System\NqvyWYd.exe
  2⤵
  PID:3624
- C:\Windows\System\DmUZCNw.exe
  C:\Windows\System\DmUZCNw.exe
  2⤵
  PID:3852
- C:\Windows\System\MmxTNix.exe
  C:\Windows\System\MmxTNix.exe
  2⤵
  PID:3704
- C:\Windows\System\DlFusEL.exe
  C:\Windows\System\DlFusEL.exe
  2⤵
  PID:3504
- C:\Windows\System\PsbUwga.exe
  C:\Windows\System\PsbUwga.exe
  2⤵
  PID:3512
- C:\Windows\System\wrrLtcC.exe
  C:\Windows\System\wrrLtcC.exe
  2⤵
  PID:3972
- C:\Windows\System\PjmaWZP.exe
  C:\Windows\System\PjmaWZP.exe
  2⤵
  PID:4492
- C:\Windows\System\nQHxwaT.exe
  C:\Windows\System\nQHxwaT.exe
  2⤵
  PID:868
- C:\Windows\System\mEFBokH.exe
  C:\Windows\System\mEFBokH.exe
  2⤵
  PID:4580
- C:\Windows\System\aBqEAkk.exe
  C:\Windows\System\aBqEAkk.exe
  2⤵
  PID:4628
- C:\Windows\System\yqQIfMo.exe
  C:\Windows\System\yqQIfMo.exe
  2⤵
  PID:4644
- C:\Windows\System\FZgwzHI.exe
  C:\Windows\System\FZgwzHI.exe
  2⤵
  PID:4660
- C:\Windows\System\cjCpHqN.exe
  C:\Windows\System\cjCpHqN.exe
  2⤵
  PID:4700
- C:\Windows\System\fsdWKcX.exe
  C:\Windows\System\fsdWKcX.exe
  2⤵
  PID:4684
- C:\Windows\System\OgJpSQQ.exe
  C:\Windows\System\OgJpSQQ.exe
  2⤵
  PID:3580
- C:\Windows\System\VqEhPwF.exe
  C:\Windows\System\VqEhPwF.exe
  2⤵
  PID:3892
- C:\Windows\System\IqxMZGr.exe
  C:\Windows\System\IqxMZGr.exe
  2⤵
  PID:4740
- C:\Windows\System\PpqwRFy.exe
  C:\Windows\System\PpqwRFy.exe
  2⤵
  PID:3756
- C:\Windows\System\xjyfpYv.exe
  C:\Windows\System\xjyfpYv.exe
  2⤵
  PID:4012
- C:\Windows\System\NkrEoGE.exe
  C:\Windows\System\NkrEoGE.exe
  2⤵
  PID:4048
- C:\Windows\System\mZGvOPR.exe
  C:\Windows\System\mZGvOPR.exe
  2⤵
  PID:2276
- C:\Windows\System\xRDsDup.exe
  C:\Windows\System\xRDsDup.exe
  2⤵
  PID:3112
- C:\Windows\System\XrGquHm.exe
  C:\Windows\System\XrGquHm.exe
  2⤵
  PID:3044
- C:\Windows\System\lylCSJd.exe
  C:\Windows\System\lylCSJd.exe
  2⤵
  PID:3216
- C:\Windows\System\gDakoze.exe
  C:\Windows\System\gDakoze.exe
  2⤵
  PID:4552
- C:\Windows\System\qnJIWhe.exe
  C:\Windows\System\qnJIWhe.exe
  2⤵
  PID:4892
- C:\Windows\System\CQDegrx.exe
  C:\Windows\System\CQDegrx.exe
  2⤵
  PID:4820
- C:\Windows\System\NeAPmbc.exe
  C:\Windows\System\NeAPmbc.exe
  2⤵
  PID:3408
- C:\Windows\System\NLKIpsZ.exe
  C:\Windows\System\NLKIpsZ.exe
  2⤵
  PID:3180
- C:\Windows\System\wfDFWya.exe
  C:\Windows\System\wfDFWya.exe
  2⤵
  PID:4724
- C:\Windows\System\MuBqLHr.exe
  C:\Windows\System\MuBqLHr.exe
  2⤵
  PID:4600
- C:\Windows\System\HEmgSXk.exe
  C:\Windows\System\HEmgSXk.exe
  2⤵
  PID:4480
- C:\Windows\System\WVlDagh.exe
  C:\Windows\System\WVlDagh.exe
  2⤵
  PID:4444
- C:\Windows\System\ZDroikv.exe
  C:\Windows\System\ZDroikv.exe
  2⤵
  PID:4380
- C:\Windows\System\kPPmnQF.exe
  C:\Windows\System\kPPmnQF.exe
  2⤵
  PID:4288
- C:\Windows\System\fKEarlv.exe
  C:\Windows\System\fKEarlv.exe
  2⤵
  PID:4224
- C:\Windows\System\xZehjqX.exe
  C:\Windows\System\xZehjqX.exe
  2⤵
  PID:4188
- C:\Windows\System\kwdQIQB.exe
  C:\Windows\System\kwdQIQB.exe
  2⤵
  PID:3916
- C:\Windows\System\DEmaief.exe
  C:\Windows\System\DEmaief.exe
  2⤵
  PID:4972
- C:\Windows\System\HCaxRRb.exe
  C:\Windows\System\HCaxRRb.exe
  2⤵
  PID:5036
- C:\Windows\System\GlRDemn.exe
  C:\Windows\System\GlRDemn.exe
  2⤵
  PID:5100
- C:\Windows\System\aaMhIoR.exe
  C:\Windows\System\aaMhIoR.exe
  2⤵
  PID:4108
- C:\Windows\System\JoPfstb.exe
  C:\Windows\System\JoPfstb.exe
  2⤵
  PID:3324
- C:\Windows\System\ScGOnuN.exe
  C:\Windows\System\ScGOnuN.exe
  2⤵
  PID:3836
- C:\Windows\System\agPNXvH.exe
  C:\Windows\System\agPNXvH.exe
  2⤵
  PID:3736
- C:\Windows\System\eKPSFdk.exe
  C:\Windows\System\eKPSFdk.exe
  2⤵
  PID:3344
- C:\Windows\System\KSHIEXB.exe
  C:\Windows\System\KSHIEXB.exe
  2⤵
  PID:3272
- C:\Windows\System\zZlmwBG.exe
  C:\Windows\System\zZlmwBG.exe
  2⤵
  PID:4856
- C:\Windows\System\ShDWSty.exe
  C:\Windows\System\ShDWSty.exe
  2⤵
  PID:4912
- C:\Windows\System\FsOHdYI.exe
  C:\Windows\System\FsOHdYI.exe
  2⤵
  PID:3788
- C:\Windows\System\vPVuisX.exe
  C:\Windows\System\vPVuisX.exe
  2⤵
  PID:3500
- C:\Windows\System\lWgjHol.exe
  C:\Windows\System\lWgjHol.exe
  2⤵
  PID:4524
- C:\Windows\System\eujovWL.exe
  C:\Windows\System\eujovWL.exe
  2⤵
  PID:4652
- C:\Windows\System\GsFRmQP.exe
  C:\Windows\System\GsFRmQP.exe
  2⤵
  PID:3664
- C:\Windows\System\AVsTUMf.exe
  C:\Windows\System\AVsTUMf.exe
  2⤵
  PID:4840
- C:\Windows\System\txlxfJs.exe
  C:\Windows\System\txlxfJs.exe
  2⤵
  PID:2832
- C:\Windows\System\nuNJxmo.exe
  C:\Windows\System\nuNJxmo.exe
  2⤵
  PID:4604
- C:\Windows\System\AhDNchl.exe
  C:\Windows\System\AhDNchl.exe
  2⤵
  PID:4788
- C:\Windows\System\ecacSqG.exe
  C:\Windows\System\ecacSqG.exe
  2⤵
  PID:3548
- C:\Windows\System\nxfCXGL.exe
  C:\Windows\System\nxfCXGL.exe
  2⤵
  PID:4460
- C:\Windows\System\KUTfRUZ.exe
  C:\Windows\System\KUTfRUZ.exe
  2⤵
  PID:3904
- C:\Windows\System\MSavlfC.exe
  C:\Windows\System\MSavlfC.exe
  2⤵
  PID:4428
- C:\Windows\System\mJNxLap.exe
  C:\Windows\System\mJNxLap.exe
  2⤵
  PID:4172
- C:\Windows\System\EJcSXSI.exe
  C:\Windows\System\EJcSXSI.exe
  2⤵
  PID:5112
- C:\Windows\System\nqtJxCl.exe
  C:\Windows\System\nqtJxCl.exe
  2⤵
  PID:5048
- C:\Windows\System\soZgnkJ.exe
  C:\Windows\System\soZgnkJ.exe
  2⤵
  PID:4412
- C:\Windows\System\pvNlHeF.exe
  C:\Windows\System\pvNlHeF.exe
  2⤵
  PID:4636
- C:\Windows\System\elkvwsV.exe
  C:\Windows\System\elkvwsV.exe
  2⤵
  PID:4676
- C:\Windows\System\RBRkMPZ.exe
  C:\Windows\System\RBRkMPZ.exe
  2⤵
  PID:4808
- C:\Windows\System\CKgNZdt.exe
  C:\Windows\System\CKgNZdt.exe
  2⤵
  PID:1784
- C:\Windows\System\SykJtiS.exe
  C:\Windows\System\SykJtiS.exe
  2⤵
  PID:4924
- C:\Windows\System\CdmbFUU.exe
  C:\Windows\System\CdmbFUU.exe
  2⤵
  PID:4608
- C:\Windows\System\jxKRayt.exe
  C:\Windows\System\jxKRayt.exe
  2⤵
  PID:2260
- C:\Windows\System\EavPOpr.exe
  C:\Windows\System\EavPOpr.exe
  2⤵
  PID:4128
- C:\Windows\System\lzQKMQk.exe
  C:\Windows\System\lzQKMQk.exe
  2⤵
  PID:5032
- C:\Windows\System\ULRuAFm.exe
  C:\Windows\System\ULRuAFm.exe
  2⤵
  PID:4092
- C:\Windows\System\xQjrBFg.exe
  C:\Windows\System\xQjrBFg.exe
  2⤵
  PID:4720
- C:\Windows\System\NbojWAv.exe
  C:\Windows\System\NbojWAv.exe
  2⤵
  PID:4240
- C:\Windows\System\yiPQKHN.exe
  C:\Windows\System\yiPQKHN.exe
  2⤵
  PID:3956
- C:\Windows\System\TXbYYhs.exe
  C:\Windows\System\TXbYYhs.exe
  2⤵
  PID:3644
- C:\Windows\System\whcwvZJ.exe
  C:\Windows\System\whcwvZJ.exe
  2⤵
  PID:4688
- C:\Windows\System\mfTxNeo.exe
  C:\Windows\System\mfTxNeo.exe
  2⤵
  PID:4776
- C:\Windows\System\LyaqCBN.exe
  C:\Windows\System\LyaqCBN.exe
  2⤵
  PID:4876
- C:\Windows\System\BxdIyKG.exe
  C:\Windows\System\BxdIyKG.exe
  2⤵
  PID:2328
- C:\Windows\System\NtopDss.exe
  C:\Windows\System\NtopDss.exe
  2⤵
  PID:3128
- C:\Windows\System\CTSYqtL.exe
  C:\Windows\System\CTSYqtL.exe
  2⤵
  PID:3432
- C:\Windows\System\mvStSwl.exe
  C:\Windows\System\mvStSwl.exe
  2⤵
  PID:5116
- C:\Windows\System\NjZKwlP.exe
  C:\Windows\System\NjZKwlP.exe
  2⤵
  PID:4704
- C:\Windows\System\uSrwfpl.exe
  C:\Windows\System\uSrwfpl.exe
  2⤵
  PID:4284
- C:\Windows\System\ZIkSfmz.exe
  C:\Windows\System\ZIkSfmz.exe
  2⤵
  PID:5080
- C:\Windows\System\ZspFUwn.exe
  C:\Windows\System\ZspFUwn.exe
  2⤵
  PID:4476
- C:\Windows\System\hQIrHDx.exe
  C:\Windows\System\hQIrHDx.exe
  2⤵
  PID:4548
- C:\Windows\System\NyxOMgk.exe
  C:\Windows\System\NyxOMgk.exe
  2⤵
  PID:3228
- C:\Windows\System\qucUqEB.exe
  C:\Windows\System\qucUqEB.exe
  2⤵
  PID:4192
- C:\Windows\System\QuWaArw.exe
  C:\Windows\System\QuWaArw.exe
  2⤵
  PID:5124
- C:\Windows\System\dEoYkyL.exe
  C:\Windows\System\dEoYkyL.exe
  2⤵
  PID:5140
- C:\Windows\System\TXGiYVL.exe
  C:\Windows\System\TXGiYVL.exe
  2⤵
  PID:5156
- C:\Windows\System\jfWdOdA.exe
  C:\Windows\System\jfWdOdA.exe
  2⤵
  PID:5172
- C:\Windows\System\bzmAUAD.exe
  C:\Windows\System\bzmAUAD.exe
  2⤵
  PID:5188
- C:\Windows\System\GbdAonM.exe
  C:\Windows\System\GbdAonM.exe
  2⤵
  PID:5204
- C:\Windows\System\SdeeTqM.exe
  C:\Windows\System\SdeeTqM.exe
  2⤵
  PID:5220
- C:\Windows\System\lHUzZKv.exe
  C:\Windows\System\lHUzZKv.exe
  2⤵
  PID:5236
- C:\Windows\System\nZXYcdD.exe
  C:\Windows\System\nZXYcdD.exe
  2⤵
  PID:5252
- C:\Windows\System\ngEVDFw.exe
  C:\Windows\System\ngEVDFw.exe
  2⤵
  PID:5268
- C:\Windows\System\SPRsQjw.exe
  C:\Windows\System\SPRsQjw.exe
  2⤵
  PID:5284
- C:\Windows\System\CuCbOpO.exe
  C:\Windows\System\CuCbOpO.exe
  2⤵
  PID:5300
- C:\Windows\System\QhBprGO.exe
  C:\Windows\System\QhBprGO.exe
  2⤵
  PID:5316
- C:\Windows\System\XAPmzvM.exe
  C:\Windows\System\XAPmzvM.exe
  2⤵
  PID:5332
- C:\Windows\System\UbWGwZa.exe
  C:\Windows\System\UbWGwZa.exe
  2⤵
  PID:5348
- C:\Windows\System\KTGGIoE.exe
  C:\Windows\System\KTGGIoE.exe
  2⤵
  PID:5364
- C:\Windows\System\cDtfAaR.exe
  C:\Windows\System\cDtfAaR.exe
  2⤵
  PID:5380
- C:\Windows\System\VSxJtnz.exe
  C:\Windows\System\VSxJtnz.exe
  2⤵
  PID:5396
- C:\Windows\System\cKFxmkM.exe
  C:\Windows\System\cKFxmkM.exe
  2⤵
  PID:5412
- C:\Windows\System\wDmyfcC.exe
  C:\Windows\System\wDmyfcC.exe
  2⤵
  PID:5428
- C:\Windows\System\bItoqYS.exe
  C:\Windows\System\bItoqYS.exe
  2⤵
  PID:5444
- C:\Windows\System\FEZQFOz.exe
  C:\Windows\System\FEZQFOz.exe
  2⤵
  PID:5460
- C:\Windows\System\DtXtDvc.exe
  C:\Windows\System\DtXtDvc.exe
  2⤵
  PID:5476
- C:\Windows\System\CbPOfdw.exe
  C:\Windows\System\CbPOfdw.exe
  2⤵
  PID:5492
- C:\Windows\System\XkchxQC.exe
  C:\Windows\System\XkchxQC.exe
  2⤵
  PID:5508
- C:\Windows\System\NANjvLi.exe
  C:\Windows\System\NANjvLi.exe
  2⤵
  PID:5524
- C:\Windows\System\BiVdNWV.exe
  C:\Windows\System\BiVdNWV.exe
  2⤵
  PID:5540
- C:\Windows\System\WWfXFyA.exe
  C:\Windows\System\WWfXFyA.exe
  2⤵
  PID:5556
- C:\Windows\System\UkCwTpo.exe
  C:\Windows\System\UkCwTpo.exe
  2⤵
  PID:5572
- C:\Windows\System\VWTuvCu.exe
  C:\Windows\System\VWTuvCu.exe
  2⤵
  PID:5588
- C:\Windows\System\fJJANiQ.exe
  C:\Windows\System\fJJANiQ.exe
  2⤵
  PID:5604
- C:\Windows\System\EzQtdxC.exe
  C:\Windows\System\EzQtdxC.exe
  2⤵
  PID:5620
- C:\Windows\System\cQDFcuF.exe
  C:\Windows\System\cQDFcuF.exe
  2⤵
  PID:5636
- C:\Windows\System\eIYaheV.exe
  C:\Windows\System\eIYaheV.exe
  2⤵
  PID:5656
- C:\Windows\System\FoTDCnj.exe
  C:\Windows\System\FoTDCnj.exe
  2⤵
  PID:5672
- C:\Windows\System\GBwHVIL.exe
  C:\Windows\System\GBwHVIL.exe
  2⤵
  PID:5688
- C:\Windows\System\RooCntV.exe
  C:\Windows\System\RooCntV.exe
  2⤵
  PID:5704
- C:\Windows\System\AuTeqbh.exe
  C:\Windows\System\AuTeqbh.exe
  2⤵
  PID:5720
- C:\Windows\System\lZyRMQI.exe
  C:\Windows\System\lZyRMQI.exe
  2⤵
  PID:5736
- C:\Windows\System\fHZFfFn.exe
  C:\Windows\System\fHZFfFn.exe
  2⤵
  PID:5752
- C:\Windows\System\KAUlFUa.exe
  C:\Windows\System\KAUlFUa.exe
  2⤵
  PID:5768
- C:\Windows\System\qlYNVjx.exe
  C:\Windows\System\qlYNVjx.exe
  2⤵
  PID:5784
- C:\Windows\System\fMQHVIN.exe
  C:\Windows\System\fMQHVIN.exe
  2⤵
  PID:5800
- C:\Windows\System\eiWmkMW.exe
  C:\Windows\System\eiWmkMW.exe
  2⤵
  PID:5816
- C:\Windows\System\BFsprCG.exe
  C:\Windows\System\BFsprCG.exe
  2⤵
  PID:5832
- C:\Windows\System\IieajdP.exe
  C:\Windows\System\IieajdP.exe
  2⤵
  PID:5848
- C:\Windows\System\nBmRMWE.exe
  C:\Windows\System\nBmRMWE.exe
  2⤵
  PID:5864
- C:\Windows\System\enPqQjs.exe
  C:\Windows\System\enPqQjs.exe
  2⤵
  PID:5880
- C:\Windows\System\ruTXGCf.exe
  C:\Windows\System\ruTXGCf.exe
  2⤵
  PID:5896
- C:\Windows\System\joJodAT.exe
  C:\Windows\System\joJodAT.exe
  2⤵
  PID:5912
- C:\Windows\System\cUHimOl.exe
  C:\Windows\System\cUHimOl.exe
  2⤵
  PID:5928
- C:\Windows\System\OkHegVq.exe
  C:\Windows\System\OkHegVq.exe
  2⤵
  PID:5944
- C:\Windows\System\SSLDFpG.exe
  C:\Windows\System\SSLDFpG.exe
  2⤵
  PID:5960
- C:\Windows\System\wjhvBpn.exe
  C:\Windows\System\wjhvBpn.exe
  2⤵
  PID:5976
- C:\Windows\System\dokaDWg.exe
  C:\Windows\System\dokaDWg.exe
  2⤵
  PID:5992
- C:\Windows\System\izSirHo.exe
  C:\Windows\System\izSirHo.exe
  2⤵
  PID:6008
- C:\Windows\System\OHdhpis.exe
  C:\Windows\System\OHdhpis.exe
  2⤵
  PID:6024
- C:\Windows\System\qrYSvLm.exe
  C:\Windows\System\qrYSvLm.exe
  2⤵
  PID:6040
- C:\Windows\System\rudFAiS.exe
  C:\Windows\System\rudFAiS.exe
  2⤵
  PID:6056
- C:\Windows\System\PRFcQLh.exe
  C:\Windows\System\PRFcQLh.exe
  2⤵
  PID:6072
- C:\Windows\System\vZfqzUM.exe
  C:\Windows\System\vZfqzUM.exe
  2⤵
  PID:6088
- C:\Windows\System\AXEemHq.exe
  C:\Windows\System\AXEemHq.exe
  2⤵
  PID:6104
- C:\Windows\System\vBvsulH.exe
  C:\Windows\System\vBvsulH.exe
  2⤵
  PID:6120
- C:\Windows\System\fCfapSr.exe
  C:\Windows\System\fCfapSr.exe
  2⤵
  PID:6136
- C:\Windows\System\SKSWtAr.exe
  C:\Windows\System\SKSWtAr.exe
  2⤵
  PID:944
- C:\Windows\System\ObygyCu.exe
  C:\Windows\System\ObygyCu.exe
  2⤵
  PID:3608
- C:\Windows\System\HfVuoiK.exe
  C:\Windows\System\HfVuoiK.exe
  2⤵
  PID:4512
- C:\Windows\System\aqVqZkN.exe
  C:\Windows\System\aqVqZkN.exe
  2⤵
  PID:5228
- C:\Windows\System\xfiPvvL.exe
  C:\Windows\System\xfiPvvL.exe
  2⤵
  PID:5872
- C:\Windows\System\wYqkiUY.exe
  C:\Windows\System\wYqkiUY.exe
  2⤵
  PID:5936
- C:\Windows\System\NFkqaEW.exe
  C:\Windows\System\NFkqaEW.exe
  2⤵
  PID:5972
- C:\Windows\System\WAboHQM.exe
  C:\Windows\System\WAboHQM.exe
  2⤵
  PID:6032
- C:\Windows\System\MkSxliz.exe
  C:\Windows\System\MkSxliz.exe
  2⤵
  PID:1688
- C:\Windows\System\YeeJGLp.exe
  C:\Windows\System\YeeJGLp.exe
  2⤵
  PID:2204
- C:\Windows\System\qjBXMuM.exe
  C:\Windows\System\qjBXMuM.exe
  2⤵
  PID:4588
- C:\Windows\System\QdjuwwY.exe
  C:\Windows\System\QdjuwwY.exe
  2⤵
  PID:1600
- C:\Windows\System\nDbuSLT.exe
  C:\Windows\System\nDbuSLT.exe
  2⤵
  PID:2680
- C:\Windows\System\gyhVsbC.exe
  C:\Windows\System\gyhVsbC.exe
  2⤵
  PID:6048
- C:\Windows\System\buhiEoq.exe
  C:\Windows\System\buhiEoq.exe
  2⤵
  PID:6112
- C:\Windows\System\BZqYcjH.exe
  C:\Windows\System\BZqYcjH.exe
  2⤵
  PID:4760
- C:\Windows\System\QnPyQrp.exe
  C:\Windows\System\QnPyQrp.exe
  2⤵
  PID:5924
- C:\Windows\System\zNQcSaA.exe
  C:\Windows\System\zNQcSaA.exe
  2⤵
  PID:5860
- C:\Windows\System\KUtugVm.exe
  C:\Windows\System\KUtugVm.exe
  2⤵
  PID:5796
- C:\Windows\System\VhGKAlx.exe
  C:\Windows\System\VhGKAlx.exe
  2⤵
  PID:5732
- C:\Windows\System\PnzITct.exe
  C:\Windows\System\PnzITct.exe
  2⤵
  PID:2516
- C:\Windows\System\UzvoVXj.exe
  C:\Windows\System\UzvoVXj.exe
  2⤵
  PID:2220
- C:\Windows\System\ekRLYWS.exe
  C:\Windows\System\ekRLYWS.exe
  2⤵
  PID:2920
- C:\Windows\System\mPEVMIr.exe
  C:\Windows\System\mPEVMIr.exe
  2⤵
  PID:3092
- C:\Windows\System\ANyCaFG.exe
  C:\Windows\System\ANyCaFG.exe
  2⤵
  PID:1480
- C:\Windows\System\MtndPXt.exe
  C:\Windows\System\MtndPXt.exe
  2⤵
  PID:5516
- C:\Windows\System\iiRkPNC.exe
  C:\Windows\System\iiRkPNC.exe
  2⤵
  PID:5216
- C:\Windows\System\bGhJCgF.exe
  C:\Windows\System\bGhJCgF.exe
  2⤵
  PID:2940
- C:\Windows\System\iSfmXLU.exe
  C:\Windows\System\iSfmXLU.exe
  2⤵
  PID:2028
- C:\Windows\System\eQIHFJM.exe
  C:\Windows\System\eQIHFJM.exe
  2⤵
  PID:980
- C:\Windows\System\tJqMlGD.exe
  C:\Windows\System\tJqMlGD.exe
  2⤵
  PID:2700
- C:\Windows\System\DSWOuWc.exe
  C:\Windows\System\DSWOuWc.exe
  2⤵
  PID:5436
- C:\Windows\System\VXtZsoy.exe
  C:\Windows\System\VXtZsoy.exe
  2⤵
  PID:5684
- C:\Windows\System\xLynmij.exe
  C:\Windows\System\xLynmij.exe
  2⤵
  PID:5472
- C:\Windows\System\bidrlzg.exe
  C:\Windows\System\bidrlzg.exe
  2⤵
  PID:5564
- C:\Windows\System\mRuzCmp.exe
  C:\Windows\System\mRuzCmp.exe
  2⤵
  PID:5600
- C:\Windows\System\pEUgZQf.exe
  C:\Windows\System\pEUgZQf.exe
  2⤵
  PID:5696
- C:\Windows\System\GIDvZuA.exe
  C:\Windows\System\GIDvZuA.exe
  2⤵
  PID:5776
- C:\Windows\System\yZCKDqY.exe
  C:\Windows\System\yZCKDqY.exe
  2⤵
  PID:5840
- C:\Windows\System\QwLMSMz.exe
  C:\Windows\System\QwLMSMz.exe
  2⤵
  PID:5904
- C:\Windows\System\UlGsTbe.exe
  C:\Windows\System\UlGsTbe.exe
  2⤵
  PID:6064
- C:\Windows\System\IolHVTz.exe
  C:\Windows\System\IolHVTz.exe
  2⤵
  PID:6096
- C:\Windows\System\bUbwGdE.exe
  C:\Windows\System\bUbwGdE.exe
  2⤵
  PID:4624
- C:\Windows\System\bRARarX.exe
  C:\Windows\System\bRARarX.exe
  2⤵
  PID:5988
- C:\Windows\System\MkgDQoG.exe
  C:\Windows\System\MkgDQoG.exe
  2⤵
  PID:5956
- C:\Windows\System\yKsIfpH.exe
  C:\Windows\System\yKsIfpH.exe
  2⤵
  PID:5888
- C:\Windows\System\LxvAVEZ.exe
  C:\Windows\System\LxvAVEZ.exe
  2⤵
  PID:2896
- C:\Windows\System\PcvncFB.exe
  C:\Windows\System\PcvncFB.exe
  2⤵
  PID:3076
- C:\Windows\System\ZmZyOHm.exe
  C:\Windows\System\ZmZyOHm.exe
  2⤵
  PID:2944
- C:\Windows\System\NzhDVHn.exe
  C:\Windows\System\NzhDVHn.exe
  2⤵
  PID:3080
- C:\Windows\System\oFnaTPX.exe
  C:\Windows\System\oFnaTPX.exe
  2⤵
  PID:3448
- C:\Windows\System\PsecHxN.exe
  C:\Windows\System\PsecHxN.exe
  2⤵
  PID:2672
- C:\Windows\System\UroyBci.exe
  C:\Windows\System\UroyBci.exe
  2⤵
  PID:5132
- C:\Windows\System\XbpHJbi.exe
  C:\Windows\System\XbpHJbi.exe
  2⤵
  PID:5196
- C:\Windows\System\fqbEUpc.exe
  C:\Windows\System\fqbEUpc.exe
  2⤵
  PID:3940
- C:\Windows\System\OIqOmsb.exe
  C:\Windows\System\OIqOmsb.exe
  2⤵
  PID:5356
- C:\Windows\System\LpuQcFb.exe
  C:\Windows\System\LpuQcFb.exe
  2⤵
  PID:5484
- C:\Windows\System\lKieNRN.exe
  C:\Windows\System\lKieNRN.exe
  2⤵
  PID:5292
- C:\Windows\System\APUlOvl.exe
  C:\Windows\System\APUlOvl.exe
  2⤵
  PID:5456
- C:\Windows\System\ONMaMSD.exe
  C:\Windows\System\ONMaMSD.exe
  2⤵
  PID:572
- C:\Windows\System\RvptPkr.exe
  C:\Windows\System\RvptPkr.exe
  2⤵
  PID:5340
- C:\Windows\System\CfWKflV.exe
  C:\Windows\System\CfWKflV.exe
  2⤵
  PID:4320
- C:\Windows\System\OTrrsTy.exe
  C:\Windows\System\OTrrsTy.exe
  2⤵
  PID:5248
- C:\Windows\System\IbaxtfT.exe
  C:\Windows\System\IbaxtfT.exe
  2⤵
  PID:5296
- C:\Windows\System\tQgqOyS.exe
  C:\Windows\System\tQgqOyS.exe
  2⤵
  PID:5344
- C:\Windows\System\gBipHSy.exe
  C:\Windows\System\gBipHSy.exe
  2⤵
  PID:5568
- C:\Windows\System\GowZhOF.exe
  C:\Windows\System\GowZhOF.exe
  2⤵
  PID:5408
- C:\Windows\System\LkiQsUo.exe
  C:\Windows\System\LkiQsUo.exe
  2⤵
  PID:5780
- C:\Windows\System\jxbNIFX.exe
  C:\Windows\System\jxbNIFX.exe
  2⤵
  PID:5644
- C:\Windows\System\yHgGCgG.exe
  C:\Windows\System\yHgGCgG.exe
  2⤵
  PID:2356
- C:\Windows\System\ZkNTJak.exe
  C:\Windows\System\ZkNTJak.exe
  2⤵
  PID:3300
- C:\Windows\System\PqcsrxU.exe
  C:\Windows\System\PqcsrxU.exe
  2⤵
  PID:2992
- C:\Windows\System\nDkzNvU.exe
  C:\Windows\System\nDkzNvU.exe
  2⤵
  PID:2492
- C:\Windows\System\KvepYyn.exe
  C:\Windows\System\KvepYyn.exe
  2⤵
  PID:4256
- C:\Windows\System\GzasawO.exe
  C:\Windows\System\GzasawO.exe
  2⤵
  PID:5052
- C:\Windows\System\DoOdmQf.exe
  C:\Windows\System\DoOdmQf.exe
  2⤵
  PID:2620
- C:\Windows\System\CveIoqj.exe
  C:\Windows\System\CveIoqj.exe
  2⤵
  PID:3184
- C:\Windows\System\lAgfAHb.exe
  C:\Windows\System\lAgfAHb.exe
  2⤵
  PID:6316
- C:\Windows\System\bXSXQgv.exe
  C:\Windows\System\bXSXQgv.exe
  2⤵
  PID:6388
- C:\Windows\System\AtawXIJ.exe
  C:\Windows\System\AtawXIJ.exe
  2⤵
  PID:6404
- C:\Windows\System\uKHKbsC.exe
  C:\Windows\System\uKHKbsC.exe
  2⤵
  PID:6420
- C:\Windows\System\YMeEezL.exe
  C:\Windows\System\YMeEezL.exe
  2⤵
  PID:6436
- C:\Windows\System\XHtqshW.exe
  C:\Windows\System\XHtqshW.exe
  2⤵
  PID:6452
- C:\Windows\System\brHJhfs.exe
  C:\Windows\System\brHJhfs.exe
  2⤵
  PID:6468
- C:\Windows\System\nXICOri.exe
  C:\Windows\System\nXICOri.exe
  2⤵
  PID:6484
- C:\Windows\System\DfdeCbi.exe
  C:\Windows\System\DfdeCbi.exe
  2⤵
  PID:6500
- C:\Windows\System\rZpFvJJ.exe
  C:\Windows\System\rZpFvJJ.exe
  2⤵
  PID:6516
- C:\Windows\System\OBXyrDi.exe
  C:\Windows\System\OBXyrDi.exe
  2⤵
  PID:6532
- C:\Windows\System\vxSgyzR.exe
  C:\Windows\System\vxSgyzR.exe
  2⤵
  PID:6548
- C:\Windows\System\ECYUbAd.exe
  C:\Windows\System\ECYUbAd.exe
  2⤵
  PID:6564
- C:\Windows\System\ycutmPp.exe
  C:\Windows\System\ycutmPp.exe
  2⤵
  PID:6580
- C:\Windows\System\YNOPXgV.exe
  C:\Windows\System\YNOPXgV.exe
  2⤵
  PID:6596
- C:\Windows\System\ThMrbQC.exe
  C:\Windows\System\ThMrbQC.exe
  2⤵
  PID:6612
- C:\Windows\System\KHKrUzN.exe
  C:\Windows\System\KHKrUzN.exe
  2⤵
  PID:6628
- C:\Windows\System\hlaVFSf.exe
  C:\Windows\System\hlaVFSf.exe
  2⤵
  PID:6644
- C:\Windows\System\WGWEBfS.exe
  C:\Windows\System\WGWEBfS.exe
  2⤵
  PID:6660
- C:\Windows\System\WdIZBOj.exe
  C:\Windows\System\WdIZBOj.exe
  2⤵
  PID:6676
- C:\Windows\System\KBoLPHx.exe
  C:\Windows\System\KBoLPHx.exe
  2⤵
  PID:6692
- C:\Windows\System\oBEhxaQ.exe
  C:\Windows\System\oBEhxaQ.exe
  2⤵
  PID:6708
- C:\Windows\System\IZSKuEj.exe
  C:\Windows\System\IZSKuEj.exe
  2⤵
  PID:6724
- C:\Windows\System\ZMBtIdD.exe
  C:\Windows\System\ZMBtIdD.exe
  2⤵
  PID:6740
- C:\Windows\System\IobyeQJ.exe
  C:\Windows\System\IobyeQJ.exe
  2⤵
  PID:6756
- C:\Windows\System\FrEXeRt.exe
  C:\Windows\System\FrEXeRt.exe
  2⤵
  PID:6772
- C:\Windows\System\dfaIeLS.exe
  C:\Windows\System\dfaIeLS.exe
  2⤵
  PID:6788
- C:\Windows\System\shwQeXX.exe
  C:\Windows\System\shwQeXX.exe
  2⤵
  PID:6804
- C:\Windows\System\LWdFVUq.exe
  C:\Windows\System\LWdFVUq.exe
  2⤵
  PID:6820
- C:\Windows\System\jcaCgYu.exe
  C:\Windows\System\jcaCgYu.exe
  2⤵
  PID:6836
- C:\Windows\System\FPIkjvI.exe
  C:\Windows\System\FPIkjvI.exe
  2⤵
  PID:6852
- C:\Windows\System\CYOGuEB.exe
  C:\Windows\System\CYOGuEB.exe
  2⤵
  PID:6868
- C:\Windows\System\xMvEtYZ.exe
  C:\Windows\System\xMvEtYZ.exe
  2⤵
  PID:6884
- C:\Windows\System\AQILzqC.exe
  C:\Windows\System\AQILzqC.exe
  2⤵
  PID:6900
- C:\Windows\System\IyzutSc.exe
  C:\Windows\System\IyzutSc.exe
  2⤵
  PID:6916
- C:\Windows\System\xNnqBVC.exe
  C:\Windows\System\xNnqBVC.exe
  2⤵
  PID:6936
- C:\Windows\System\UdAKxEn.exe
  C:\Windows\System\UdAKxEn.exe
  2⤵
  PID:6952
- C:\Windows\System\vPPJyzl.exe
  C:\Windows\System\vPPJyzl.exe
  2⤵
  PID:6968
- C:\Windows\System\CPDlxCF.exe
  C:\Windows\System\CPDlxCF.exe
  2⤵
  PID:6984
- C:\Windows\System\auaIuLQ.exe
  C:\Windows\System\auaIuLQ.exe
  2⤵
  PID:7000
- C:\Windows\System\CLdmkdR.exe
  C:\Windows\System\CLdmkdR.exe
  2⤵
  PID:7016
- C:\Windows\System\CLVmbNp.exe
  C:\Windows\System\CLVmbNp.exe
  2⤵
  PID:7032
- C:\Windows\System\SWzwiRQ.exe
  C:\Windows\System\SWzwiRQ.exe
  2⤵
  PID:7048
- C:\Windows\System\araYqWs.exe
  C:\Windows\System\araYqWs.exe
  2⤵
  PID:7064
- C:\Windows\System\SoSuCBh.exe
  C:\Windows\System\SoSuCBh.exe
  2⤵
  PID:7080
- C:\Windows\System\gRfPSjU.exe
  C:\Windows\System\gRfPSjU.exe
  2⤵
  PID:7096
- C:\Windows\System\GzCAxeS.exe
  C:\Windows\System\GzCAxeS.exe
  2⤵
  PID:7112
- C:\Windows\System\entGcel.exe
  C:\Windows\System\entGcel.exe
  2⤵
  PID:7128
- C:\Windows\System\hVAJNzX.exe
  C:\Windows\System\hVAJNzX.exe
  2⤵
  PID:7144
- C:\Windows\System\TgOOJmm.exe
  C:\Windows\System\TgOOJmm.exe
  2⤵
  PID:7160
- C:\Windows\System\lhlDibm.exe
  C:\Windows\System\lhlDibm.exe
  2⤵
  PID:6016
- C:\Windows\System\JCZLuFl.exe
  C:\Windows\System\JCZLuFl.exe
  2⤵
  PID:5424
- C:\Windows\System\UCwVIsD.exe
  C:\Windows\System\UCwVIsD.exe
  2⤵
  PID:1488
- C:\Windows\System\hmbCERp.exe
  C:\Windows\System\hmbCERp.exe
  2⤵
  PID:2160
- C:\Windows\System\SoixuuL.exe
  C:\Windows\System\SoixuuL.exe
  2⤵
  PID:5744
- C:\Windows\System\FAcRKeF.exe
  C:\Windows\System\FAcRKeF.exe
  2⤵
  PID:2076
- C:\Windows\System\IvbTAET.exe
  C:\Windows\System\IvbTAET.exe
  2⤵
  PID:4124
- C:\Windows\System\TuYYgpH.exe
  C:\Windows\System\TuYYgpH.exe
  2⤵
  PID:5324
- C:\Windows\System\QmxxwNK.exe
  C:\Windows\System\QmxxwNK.exe
  2⤵
  PID:5616
- C:\Windows\System\IwVgRCx.exe
  C:\Windows\System\IwVgRCx.exe
  2⤵
  PID:5468
- C:\Windows\System\KrxxdSO.exe
  C:\Windows\System\KrxxdSO.exe
  2⤵
  PID:5532
- C:\Windows\System\VEfsxeL.exe
  C:\Windows\System\VEfsxeL.exe
  2⤵
  PID:6084
- C:\Windows\System\chUMftW.exe
  C:\Windows\System\chUMftW.exe
  2⤵
  PID:6152
- C:\Windows\System\MzShDoa.exe
  C:\Windows\System\MzShDoa.exe
  2⤵
  PID:6168
- C:\Windows\System\VwnGIdz.exe
  C:\Windows\System\VwnGIdz.exe
  2⤵
  PID:6196
- C:\Windows\System\CopHfSN.exe
  C:\Windows\System\CopHfSN.exe
  2⤵
  PID:6200
- C:\Windows\System\vFrSjhZ.exe
  C:\Windows\System\vFrSjhZ.exe
  2⤵
  PID:6216
- C:\Windows\System\FhhJWfU.exe
  C:\Windows\System\FhhJWfU.exe
  2⤵
  PID:6232
- C:\Windows\System\yCavCkF.exe
  C:\Windows\System\yCavCkF.exe
  2⤵
  PID:6252
- C:\Windows\System\QDyrRlM.exe
  C:\Windows\System\QDyrRlM.exe
  2⤵
  PID:6264
- C:\Windows\System\DYIQZvI.exe
  C:\Windows\System\DYIQZvI.exe
  2⤵
  PID:6292
- C:\Windows\System\XELLetd.exe
  C:\Windows\System\XELLetd.exe
  2⤵
  PID:6308
- C:\Windows\System\VIkVaCz.exe
  C:\Windows\System\VIkVaCz.exe
  2⤵
  PID:6324
- C:\Windows\System\RusHLao.exe
  C:\Windows\System\RusHLao.exe
  2⤵
  PID:6340
- C:\Windows\System\lDWxERH.exe
  C:\Windows\System\lDWxERH.exe
  2⤵
  PID:6356
- C:\Windows\System\fUyevKi.exe
  C:\Windows\System\fUyevKi.exe
  2⤵
  PID:828
- C:\Windows\System\VCXuzmh.exe
  C:\Windows\System\VCXuzmh.exe
  2⤵
  PID:2736
- C:\Windows\System\reTATpe.exe
  C:\Windows\System\reTATpe.exe
  2⤵
  PID:6396
- C:\Windows\System\YPdRDcj.exe
  C:\Windows\System\YPdRDcj.exe
  2⤵
  PID:6492
- C:\Windows\System\VBVlqcv.exe
  C:\Windows\System\VBVlqcv.exe
  2⤵
  PID:6556
- C:\Windows\System\CvghuYI.exe
  C:\Windows\System\CvghuYI.exe
  2⤵
  PID:2284
- C:\Windows\System\rzcVoEA.exe
  C:\Windows\System\rzcVoEA.exe
  2⤵
  PID:6444
- C:\Windows\System\FixFROK.exe
  C:\Windows\System\FixFROK.exe
  2⤵
  PID:6572
- C:\Windows\System\GSTqNad.exe
  C:\Windows\System\GSTqNad.exe
  2⤵
  PID:6604
- C:\Windows\System\dZocwqw.exe
  C:\Windows\System\dZocwqw.exe
  2⤵
  PID:2848
- C:\Windows\System\JuIUady.exe
  C:\Windows\System\JuIUady.exe
  2⤵
  PID:6544
- C:\Windows\System\IHFNrIe.exe
  C:\Windows\System\IHFNrIe.exe
  2⤵
  PID:6476
- C:\Windows\System\lJTstaX.exe
  C:\Windows\System\lJTstaX.exe
  2⤵
  PID:2908
- C:\Windows\System\dUccwoy.exe
  C:\Windows\System\dUccwoy.exe
  2⤵
  PID:6688
- C:\Windows\System\WpZAklu.exe
  C:\Windows\System\WpZAklu.exe
  2⤵
  PID:6752
- C:\Windows\System\xXRLFwg.exe
  C:\Windows\System\xXRLFwg.exe
  2⤵
  PID:6784
- C:\Windows\System\qYEwswh.exe
  C:\Windows\System\qYEwswh.exe
  2⤵
  PID:6844
- C:\Windows\System\EoDwYbt.exe
  C:\Windows\System\EoDwYbt.exe
  2⤵
  PID:6912
- C:\Windows\System\aeFaQEi.exe
  C:\Windows\System\aeFaQEi.exe
  2⤵
  PID:6976
- C:\Windows\System\lMQfMJx.exe
  C:\Windows\System\lMQfMJx.exe
  2⤵
  PID:7012
- C:\Windows\System\UlPsaoX.exe
  C:\Windows\System\UlPsaoX.exe
  2⤵
  PID:7040
- C:\Windows\System\jCenFeR.exe
  C:\Windows\System\jCenFeR.exe
  2⤵
  PID:1472
- C:\Windows\System\HyXJEqL.exe
  C:\Windows\System\HyXJEqL.exe
  2⤵
  PID:7024
- C:\Windows\System\JtkHwia.exe
  C:\Windows\System\JtkHwia.exe
  2⤵
  PID:7056
- C:\Windows\System\jmDJbkm.exe
  C:\Windows\System\jmDJbkm.exe
  2⤵
  PID:6960
- C:\Windows\System\NLuKseQ.exe
  C:\Windows\System\NLuKseQ.exe
  2⤵
  PID:7060
- C:\Windows\System\CpsdijU.exe
  C:\Windows\System\CpsdijU.exe
  2⤵
  PID:6892
- C:\Windows\System\bhaqUoW.exe
  C:\Windows\System\bhaqUoW.exe
  2⤵
  PID:2676
- C:\Windows\System\HdFPaIF.exe
  C:\Windows\System\HdFPaIF.exe
  2⤵
  PID:2828
- C:\Windows\System\AtOfgpx.exe
  C:\Windows\System\AtOfgpx.exe
  2⤵
  PID:7136
- C:\Windows\System\vHCIDPu.exe
  C:\Windows\System\vHCIDPu.exe
  2⤵
  PID:5760
- C:\Windows\System\FZMQrUJ.exe
  C:\Windows\System\FZMQrUJ.exe
  2⤵
  PID:5584
- C:\Windows\System\jIVMwfB.exe
  C:\Windows\System\jIVMwfB.exe
  2⤵
  PID:2876
- C:\Windows\System\tqczAlx.exe
  C:\Windows\System\tqczAlx.exe
  2⤵
  PID:5452
- C:\Windows\System\RQbfAGJ.exe
  C:\Windows\System\RQbfAGJ.exe
  2⤵
  PID:5152
- C:\Windows\System\BVzSBzG.exe
  C:\Windows\System\BVzSBzG.exe
  2⤵
  PID:3048
- C:\Windows\System\bnZakIS.exe
  C:\Windows\System\bnZakIS.exe
  2⤵
  PID:5308
- C:\Windows\System\XEOGhMT.exe
  C:\Windows\System\XEOGhMT.exe
  2⤵
  PID:5392
- C:\Windows\System\KgIomCL.exe
  C:\Windows\System\KgIomCL.exe
  2⤵
  PID:5668
- C:\Windows\System\tBKLZir.exe
  C:\Windows\System\tBKLZir.exe
  2⤵
  PID:6160
- C:\Windows\System\kiZPtSC.exe
  C:\Windows\System\kiZPtSC.exe
  2⤵
  PID:6148
- C:\Windows\System\xPCOAPE.exe
  C:\Windows\System\xPCOAPE.exe
  2⤵
  PID:6212
- C:\Windows\System\UxbpEnd.exe
  C:\Windows\System\UxbpEnd.exe
  2⤵
  PID:6208
- C:\Windows\System\uxMaYYW.exe
  C:\Windows\System\uxMaYYW.exe
  2⤵
  PID:236
- C:\Windows\System\eYCvmKl.exe
  C:\Windows\System\eYCvmKl.exe
  2⤵
  PID:584
- C:\Windows\System\NgWdXqO.exe
  C:\Windows\System\NgWdXqO.exe
  2⤵
  PID:6304
- C:\Windows\System\CHWhqOL.exe
  C:\Windows\System\CHWhqOL.exe
  2⤵
  PID:6348
- C:\Windows\System\semxLwz.exe
  C:\Windows\System\semxLwz.exe
  2⤵
  PID:6368
- C:\Windows\System\qVcadmD.exe
  C:\Windows\System\qVcadmD.exe
  2⤵
  PID:5276
- C:\Windows\System\EOiqOXi.exe
  C:\Windows\System\EOiqOXi.exe
  2⤵
  PID:2924
- C:\Windows\System\oPZFSCX.exe
  C:\Windows\System\oPZFSCX.exe
  2⤵
  PID:2312
- C:\Windows\System\XWYIwfW.exe
  C:\Windows\System\XWYIwfW.exe
  2⤵
  PID:6540
- C:\Windows\System\upusEFT.exe
  C:\Windows\System\upusEFT.exe
  2⤵
  PID:6592
- C:\Windows\System\VxSDHzV.exe
  C:\Windows\System\VxSDHzV.exe
  2⤵
  PID:6812
- C:\Windows\System\NIEcGsP.exe
  C:\Windows\System\NIEcGsP.exe
  2⤵
  PID:6512
- C:\Windows\System\VjsyIJs.exe
  C:\Windows\System\VjsyIJs.exe
  2⤵
  PID:6480
- C:\Windows\System\JWfZtOz.exe
  C:\Windows\System\JWfZtOz.exe
  2⤵
  PID:6948
- C:\Windows\System\eYdThOl.exe
  C:\Windows\System\eYdThOl.exe
  2⤵
  PID:6672
- C:\Windows\System\lpfLkEp.exe
  C:\Windows\System\lpfLkEp.exe
  2⤵
  PID:6796
- C:\Windows\System\NYjkJnp.exe
  C:\Windows\System\NYjkJnp.exe
  2⤵
  PID:7152
- C:\Windows\System\eSGNxKz.exe
  C:\Windows\System\eSGNxKz.exe
  2⤵
  PID:596
- C:\Windows\System\nCAnOIL.exe
  C:\Windows\System\nCAnOIL.exe
  2⤵
  PID:5488
- C:\Windows\System\NOWpOwg.exe
  C:\Windows\System\NOWpOwg.exe
  2⤵
  PID:2388
- C:\Windows\System\MzCeDui.exe
  C:\Windows\System\MzCeDui.exe
  2⤵
  PID:2068
- C:\Windows\System\QTUrCmX.exe
  C:\Windows\System\QTUrCmX.exe
  2⤵
  PID:6828
- C:\Windows\System\owZIyeB.exe
  C:\Windows\System\owZIyeB.exe
  2⤵
  PID:5580
- C:\Windows\System\WWlxpRT.exe
  C:\Windows\System\WWlxpRT.exe
  2⤵
  PID:7076
- C:\Windows\System\hhTzWOx.exe
  C:\Windows\System\hhTzWOx.exe
  2⤵
  PID:6224
- C:\Windows\System\VewtOnT.exe
  C:\Windows\System\VewtOnT.exe
  2⤵
  PID:5520
- C:\Windows\System\WEbZodZ.exe
  C:\Windows\System\WEbZodZ.exe
  2⤵
  PID:2864
- C:\Windows\System\itpuXft.exe
  C:\Windows\System\itpuXft.exe
  2⤵
  PID:6336
- C:\Windows\System\TMuInBh.exe
  C:\Windows\System\TMuInBh.exe
  2⤵
  PID:1852
- C:\Windows\System\XWjXELv.exe
  C:\Windows\System\XWjXELv.exe
  2⤵
  PID:1596
- C:\Windows\System\txCYsZP.exe
  C:\Windows\System\txCYsZP.exe
  2⤵
  PID:6432
- C:\Windows\System\qYtHumP.exe
  C:\Windows\System\qYtHumP.exe
  2⤵
  PID:6944
- C:\Windows\System\EpnFrRe.exe
  C:\Windows\System\EpnFrRe.exe
  2⤵
  PID:6528
- C:\Windows\System\EABdzOo.exe
  C:\Windows\System\EABdzOo.exe
  2⤵
  PID:1776
- C:\Windows\System\GuGfVYk.exe
  C:\Windows\System\GuGfVYk.exe
  2⤵
  PID:6276
- C:\Windows\System\ktstSCg.exe
  C:\Windows\System\ktstSCg.exe
  2⤵
  PID:6260
- C:\Windows\System\ZHlgQRI.exe
  C:\Windows\System\ZHlgQRI.exe
  2⤵
  PID:1924
- C:\Windows\System\JjOsmPr.exe
  C:\Windows\System\JjOsmPr.exe
  2⤵
  PID:6280
- C:\Windows\System\XxHqfeZ.exe
  C:\Windows\System\XxHqfeZ.exe
  2⤵
  PID:6004
- C:\Windows\System\RZilquV.exe
  C:\Windows\System\RZilquV.exe
  2⤵
  PID:6416
- C:\Windows\System\SYtSxwE.exe
  C:\Windows\System\SYtSxwE.exe
  2⤵
  PID:2372
- C:\Windows\System\ivmADjU.exe
  C:\Windows\System\ivmADjU.exe
  2⤵
  PID:6748
- C:\Windows\System\YxirmHx.exe
  C:\Windows\System\YxirmHx.exe
  2⤵
  PID:7072
- C:\Windows\System\McYQRbm.exe
  C:\Windows\System\McYQRbm.exe
  2⤵
  PID:6880
- C:\Windows\System\JRunEya.exe
  C:\Windows\System\JRunEya.exe
  2⤵
  PID:3968
- C:\Windows\System\vDBpehu.exe
  C:\Windows\System\vDBpehu.exe
  2⤵
  PID:7172
- C:\Windows\System\AIWSYFC.exe
  C:\Windows\System\AIWSYFC.exe
  2⤵
  PID:7188
- C:\Windows\System\FJyMjxX.exe
  C:\Windows\System\FJyMjxX.exe
  2⤵
  PID:7204
- C:\Windows\System\tzVYBrj.exe
  C:\Windows\System\tzVYBrj.exe
  2⤵
  PID:7220
- C:\Windows\System\oylZfVR.exe
  C:\Windows\System\oylZfVR.exe
  2⤵
  PID:7240
- C:\Windows\System\SIAClht.exe
  C:\Windows\System\SIAClht.exe
  2⤵
  PID:7280
- C:\Windows\System\ajJWytg.exe
  C:\Windows\System\ajJWytg.exe
  2⤵
  PID:7296
- C:\Windows\System\YVWvvvb.exe
  C:\Windows\System\YVWvvvb.exe
  2⤵
  PID:7312
- C:\Windows\System\qoWgiWq.exe
  C:\Windows\System\qoWgiWq.exe
  2⤵
  PID:7328
- C:\Windows\System\ZCyftHq.exe
  C:\Windows\System\ZCyftHq.exe
  2⤵
  PID:7344
- C:\Windows\System\osDlTDc.exe
  C:\Windows\System\osDlTDc.exe
  2⤵
  PID:7372
- C:\Windows\System\MOuQElv.exe
  C:\Windows\System\MOuQElv.exe
  2⤵
  PID:7392
- C:\Windows\System\kBOPZxN.exe
  C:\Windows\System\kBOPZxN.exe
  2⤵
  PID:7420
- C:\Windows\System\sHpdzjG.exe
  C:\Windows\System\sHpdzjG.exe
  2⤵
  PID:7468
- C:\Windows\System\SbEHbHd.exe
  C:\Windows\System\SbEHbHd.exe
  2⤵
  PID:7496
- C:\Windows\System\ZxHcmcb.exe
  C:\Windows\System\ZxHcmcb.exe
  2⤵
  PID:7512
- C:\Windows\System\MmrUZHa.exe
  C:\Windows\System\MmrUZHa.exe
  2⤵
  PID:7528
- C:\Windows\System\oaCXIEa.exe
  C:\Windows\System\oaCXIEa.exe
  2⤵
  PID:7544
- C:\Windows\System\fBMSeIT.exe
  C:\Windows\System\fBMSeIT.exe
  2⤵
  PID:7560
- C:\Windows\System\IMRYuDD.exe
  C:\Windows\System\IMRYuDD.exe
  2⤵
  PID:7576
- C:\Windows\System\bhwDjWE.exe
  C:\Windows\System\bhwDjWE.exe
  2⤵
  PID:7592
- C:\Windows\System\mOWWQLk.exe
  C:\Windows\System\mOWWQLk.exe
  2⤵
  PID:7608
- C:\Windows\System\vjPGwYf.exe
  C:\Windows\System\vjPGwYf.exe
  2⤵
  PID:7624
- C:\Windows\System\bTkfczD.exe
  C:\Windows\System\bTkfczD.exe
  2⤵
  PID:7640
- C:\Windows\System\OxCQpvW.exe
  C:\Windows\System\OxCQpvW.exe
  2⤵
  PID:7656
- C:\Windows\System\EweyvBS.exe
  C:\Windows\System\EweyvBS.exe
  2⤵
  PID:7672
- C:\Windows\System\zGgFJGJ.exe
  C:\Windows\System\zGgFJGJ.exe
  2⤵
  PID:7688
- C:\Windows\System\vyHHMPy.exe
  C:\Windows\System\vyHHMPy.exe
  2⤵
  PID:7704
- C:\Windows\System\owfVieO.exe
  C:\Windows\System\owfVieO.exe
  2⤵
  PID:7720
- C:\Windows\System\xnbvTzx.exe
  C:\Windows\System\xnbvTzx.exe
  2⤵
  PID:7736
- C:\Windows\System\vrQJRod.exe
  C:\Windows\System\vrQJRod.exe
  2⤵
  PID:7752
- C:\Windows\System\veGZLca.exe
  C:\Windows\System\veGZLca.exe
  2⤵
  PID:7768
- C:\Windows\System\Avfxzby.exe
  C:\Windows\System\Avfxzby.exe
  2⤵
  PID:7784
- C:\Windows\System\fQLDUCV.exe
  C:\Windows\System\fQLDUCV.exe
  2⤵
  PID:7800
- C:\Windows\System\VnVEEuZ.exe
  C:\Windows\System\VnVEEuZ.exe
  2⤵
  PID:7816
- C:\Windows\System\QSgTpdu.exe
  C:\Windows\System\QSgTpdu.exe
  2⤵
  PID:7832
- C:\Windows\System\NtZuEig.exe
  C:\Windows\System\NtZuEig.exe
  2⤵
  PID:7848
- C:\Windows\System\xGwflRW.exe
  C:\Windows\System\xGwflRW.exe
  2⤵
  PID:7864
- C:\Windows\System\TVWTJXM.exe
  C:\Windows\System\TVWTJXM.exe
  2⤵
  PID:7880
- C:\Windows\System\THGeDao.exe
  C:\Windows\System\THGeDao.exe
  2⤵
  PID:7896
- C:\Windows\System\MNkxafZ.exe
  C:\Windows\System\MNkxafZ.exe
  2⤵
  PID:7912
- C:\Windows\System\xKivcyT.exe
  C:\Windows\System\xKivcyT.exe
  2⤵
  PID:7928
- C:\Windows\System\ObkYlJa.exe
  C:\Windows\System\ObkYlJa.exe
  2⤵
  PID:7944
- C:\Windows\System\XFcZewr.exe
  C:\Windows\System\XFcZewr.exe
  2⤵
  PID:7960
- C:\Windows\System\ykDgYtG.exe
  C:\Windows\System\ykDgYtG.exe
  2⤵
  PID:7976
- C:\Windows\System\pGejBQC.exe
  C:\Windows\System\pGejBQC.exe
  2⤵
  PID:7992
- C:\Windows\System\zdJXefD.exe
  C:\Windows\System\zdJXefD.exe
  2⤵
  PID:8008
- C:\Windows\System\pDzlWDi.exe
  C:\Windows\System\pDzlWDi.exe
  2⤵
  PID:8024
- C:\Windows\System\uVbzPNf.exe
  C:\Windows\System\uVbzPNf.exe
  2⤵
  PID:8040
- C:\Windows\System\nxbVECg.exe
  C:\Windows\System\nxbVECg.exe
  2⤵
  PID:8056
- C:\Windows\System\COKXnry.exe
  C:\Windows\System\COKXnry.exe
  2⤵
  PID:8072
- C:\Windows\System\LpHAiLP.exe
  C:\Windows\System\LpHAiLP.exe
  2⤵
  PID:8088
- C:\Windows\System\WDUkoZV.exe
  C:\Windows\System\WDUkoZV.exe
  2⤵
  PID:8104
- C:\Windows\System\XlQVGju.exe
  C:\Windows\System\XlQVGju.exe
  2⤵
  PID:8120
- C:\Windows\System\ABuaoAj.exe
  C:\Windows\System\ABuaoAj.exe
  2⤵
  PID:8136
- C:\Windows\System\kddTyJj.exe
  C:\Windows\System\kddTyJj.exe
  2⤵
  PID:8152
- C:\Windows\System\tMTsLCO.exe
  C:\Windows\System\tMTsLCO.exe
  2⤵
  PID:8168
- C:\Windows\System\TofZmrx.exe
  C:\Windows\System\TofZmrx.exe
  2⤵
  PID:8184
- C:\Windows\System\TyniODv.exe
  C:\Windows\System\TyniODv.exe
  2⤵
  PID:1736
- C:\Windows\System\tjeeVMi.exe
  C:\Windows\System\tjeeVMi.exe
  2⤵
  PID:6428
- C:\Windows\System\nzNKbKX.exe
  C:\Windows\System\nzNKbKX.exe
  2⤵
  PID:7124
- C:\Windows\System\ymjeNLG.exe
  C:\Windows\System\ymjeNLG.exe
  2⤵
  PID:7212
- C:\Windows\System\mAIbJaF.exe
  C:\Windows\System\mAIbJaF.exe
  2⤵
  PID:2660
- C:\Windows\System\FWIIeAF.exe
  C:\Windows\System\FWIIeAF.exe
  2⤵
  PID:6768
- C:\Windows\System\EPXZYqo.exe
  C:\Windows\System\EPXZYqo.exe
  2⤵
  PID:7232
- C:\Windows\System\gkVuOpU.exe
  C:\Windows\System\gkVuOpU.exe
  2⤵
  PID:7324
- C:\Windows\System\baQgbic.exe
  C:\Windows\System\baQgbic.exe
  2⤵
  PID:7368
- C:\Windows\System\tXOCzHk.exe
  C:\Windows\System\tXOCzHk.exe
  2⤵
  PID:7408
- C:\Windows\System\MocApFT.exe
  C:\Windows\System\MocApFT.exe
  2⤵
  PID:7476
- C:\Windows\System\MEvvFoP.exe
  C:\Windows\System\MEvvFoP.exe
  2⤵
  PID:7492
- C:\Windows\System\WZHoARf.exe
  C:\Windows\System\WZHoARf.exe
  2⤵
  PID:7556
- C:\Windows\System\mmtfAcR.exe
  C:\Windows\System\mmtfAcR.exe
  2⤵
  PID:7620
- C:\Windows\System\yEWcrJQ.exe
  C:\Windows\System\yEWcrJQ.exe
  2⤵
  PID:7684
- C:\Windows\System\KZWMZSA.exe
  C:\Windows\System\KZWMZSA.exe
  2⤵
  PID:7748
- C:\Windows\System\UGgpsFz.exe
  C:\Windows\System\UGgpsFz.exe
  2⤵
  PID:7812
- C:\Windows\System\myIDvcE.exe
  C:\Windows\System\myIDvcE.exe
  2⤵
  PID:7876
- C:\Windows\System\gLfbjxm.exe
  C:\Windows\System\gLfbjxm.exe
  2⤵
  PID:7940
- C:\Windows\System\NQtmCOA.exe
  C:\Windows\System\NQtmCOA.exe
  2⤵
  PID:7504
- C:\Windows\System\XJnqjqf.exe
  C:\Windows\System\XJnqjqf.exe
  2⤵
  PID:8036
- C:\Windows\System\hPMAYVh.exe
  C:\Windows\System\hPMAYVh.exe
  2⤵
  PID:8096
- C:\Windows\System\JJgNsCE.exe
  C:\Windows\System\JJgNsCE.exe
  2⤵
  PID:8132
- C:\Windows\System\xRcYglw.exe
  C:\Windows\System\xRcYglw.exe
  2⤵
  PID:6464
- C:\Windows\System\tPuhCQM.exe
  C:\Windows\System\tPuhCQM.exe
  2⤵
  PID:7828
- C:\Windows\System\DSdOvsb.exe
  C:\Windows\System\DSdOvsb.exe
  2⤵
  PID:7924
- C:\Windows\System\jPEpGIu.exe
  C:\Windows\System\jPEpGIu.exe
  2⤵
  PID:7984
- C:\Windows\System\KhzQbsl.exe
  C:\Windows\System\KhzQbsl.exe
  2⤵
  PID:7236
- C:\Windows\System\ubnAerc.exe
  C:\Windows\System\ubnAerc.exe
  2⤵
  PID:7256
- C:\Windows\System\biXHeEZ.exe
  C:\Windows\System\biXHeEZ.exe
  2⤵
  PID:7272
- C:\Windows\System\XUaugdF.exe
  C:\Windows\System\XUaugdF.exe
  2⤵
  PID:7364
- C:\Windows\System\ZZVDsoT.exe
  C:\Windows\System\ZZVDsoT.exe
  2⤵
  PID:7248
- C:\Windows\System\RfnLFdO.exe
  C:\Windows\System\RfnLFdO.exe
  2⤵
  PID:7668
- C:\Windows\System\FBhPAfQ.exe
  C:\Windows\System\FBhPAfQ.exe
  2⤵
  PID:7680
- C:\Windows\System\FYUYiyZ.exe
  C:\Windows\System\FYUYiyZ.exe
  2⤵
  PID:7920
- C:\Windows\System\cKUYILA.exe
  C:\Windows\System\cKUYILA.exe
  2⤵
  PID:7380
- C:\Windows\System\qpUyfts.exe
  C:\Windows\System\qpUyfts.exe
  2⤵
  PID:7436
- C:\Windows\System\ByBpUqO.exe
  C:\Windows\System\ByBpUqO.exe
  2⤵
  PID:7456
- C:\Windows\System\IuVBRRJ.exe
  C:\Windows\System\IuVBRRJ.exe
  2⤵
  PID:8032
- C:\Windows\System\ibnvDal.exe
  C:\Windows\System\ibnvDal.exe
  2⤵
  PID:7600
- C:\Windows\System\FPIEfPA.exe
  C:\Windows\System\FPIEfPA.exe
  2⤵
  PID:8084
- C:\Windows\System\FxZHUYA.exe
  C:\Windows\System\FxZHUYA.exe
  2⤵
  PID:8112
- C:\Windows\System\reCIitU.exe
  C:\Windows\System\reCIitU.exe
  2⤵
  PID:7760
- C:\Windows\System\GSRZRZr.exe
  C:\Windows\System\GSRZRZr.exe
  2⤵
  PID:7744
- C:\Windows\System\GbemoHd.exe
  C:\Windows\System\GbemoHd.exe
  2⤵
  PID:2648
- C:\Windows\System\BhPbxxh.exe
  C:\Windows\System\BhPbxxh.exe
  2⤵
  PID:7988
- C:\Windows\System\MNToBdU.exe
  C:\Windows\System\MNToBdU.exe
  2⤵
  PID:8052
- C:\Windows\System\IbNyDwN.exe
  C:\Windows\System\IbNyDwN.exe
  2⤵
  PID:7304
- C:\Windows\System\ZlANDnP.exe
  C:\Windows\System\ZlANDnP.exe
  2⤵
  PID:7448
- C:\Windows\System\IxjMRML.exe
  C:\Windows\System\IxjMRML.exe
  2⤵
  PID:7552
- C:\Windows\System\ODWJLrv.exe
  C:\Windows\System\ODWJLrv.exe
  2⤵
  PID:7872
- C:\Windows\System\oWevTGQ.exe
  C:\Windows\System\oWevTGQ.exe
  2⤵
  PID:7336
- C:\Windows\System\ipPcYEx.exe
  C:\Windows\System\ipPcYEx.exe
  2⤵
  PID:7340
- C:\Windows\System\OMtQwvW.exe
  C:\Windows\System\OMtQwvW.exe
  2⤵
  PID:7464
- C:\Windows\System\ykpEWBW.exe
  C:\Windows\System\ykpEWBW.exe
  2⤵
  PID:7320
- C:\Windows\System\ujzCAEc.exe
  C:\Windows\System\ujzCAEc.exe
  2⤵
  PID:7452
- C:\Windows\System\eeABZPQ.exe
  C:\Windows\System\eeABZPQ.exe
  2⤵
  PID:996
- C:\Windows\System\jZaYxCc.exe
  C:\Windows\System\jZaYxCc.exe
  2⤵
  PID:8020
- C:\Windows\System\FUnZFLU.exe
  C:\Windows\System\FUnZFLU.exe
  2⤵
  PID:8148
- C:\Windows\System\rhrAaau.exe
  C:\Windows\System\rhrAaau.exe
  2⤵
  PID:7484
- C:\Windows\System\tgHoFbm.exe
  C:\Windows\System\tgHoFbm.exe
  2⤵
  PID:7824
- C:\Windows\System\LVicNMY.exe
  C:\Windows\System\LVicNMY.exe
  2⤵
  PID:7180
- C:\Windows\System\MtLkUzS.exe
  C:\Windows\System\MtLkUzS.exe
  2⤵
  PID:7844
- C:\Windows\System\NbBMklO.exe
  C:\Windows\System\NbBMklO.exe
  2⤵
  PID:7292
- C:\Windows\System\drYwvHv.exe
  C:\Windows\System\drYwvHv.exe
  2⤵
  PID:7568
- C:\Windows\System\KuxFRNe.exe
  C:\Windows\System\KuxFRNe.exe
  2⤵
  PID:1076
- C:\Windows\System\gPVPHnB.exe
  C:\Windows\System\gPVPHnB.exe
  2⤵
  PID:3152
- C:\Windows\System\PgMfFmb.exe
  C:\Windows\System\PgMfFmb.exe
  2⤵
  PID:8200
- C:\Windows\System\uczmKRo.exe
  C:\Windows\System\uczmKRo.exe
  2⤵
  PID:8216
- C:\Windows\System\ENfYmey.exe
  C:\Windows\System\ENfYmey.exe
  2⤵
  PID:8232
- C:\Windows\System\PDuBaxy.exe
  C:\Windows\System\PDuBaxy.exe
  2⤵
  PID:8248
- C:\Windows\System\yHyuZWr.exe
  C:\Windows\System\yHyuZWr.exe
  2⤵
  PID:8264
- C:\Windows\System\lZLHIzU.exe
  C:\Windows\System\lZLHIzU.exe
  2⤵
  PID:8280
- C:\Windows\System\XzRIwMD.exe
  C:\Windows\System\XzRIwMD.exe
  2⤵
  PID:8296
- C:\Windows\System\krhuWsk.exe
  C:\Windows\System\krhuWsk.exe
  2⤵
  PID:8312
- C:\Windows\System\ZxCOBuD.exe
  C:\Windows\System\ZxCOBuD.exe
  2⤵
  PID:8328
- C:\Windows\System\ojfXzRL.exe
  C:\Windows\System\ojfXzRL.exe
  2⤵
  PID:8344
- C:\Windows\System\gUACiJZ.exe
  C:\Windows\System\gUACiJZ.exe
  2⤵
  PID:8360
- C:\Windows\System\niwEUuH.exe
  C:\Windows\System\niwEUuH.exe
  2⤵
  PID:8380
- C:\Windows\System\qkgNRyG.exe
  C:\Windows\System\qkgNRyG.exe
  2⤵
  PID:8396
- C:\Windows\System\fEmECJk.exe
  C:\Windows\System\fEmECJk.exe
  2⤵
  PID:8496
- C:\Windows\System\dOFlKgN.exe
  C:\Windows\System\dOFlKgN.exe
  2⤵
  PID:8524
- C:\Windows\System\cDpxDIL.exe
  C:\Windows\System\cDpxDIL.exe
  2⤵
  PID:8544
- C:\Windows\System\uKehfAw.exe
  C:\Windows\System\uKehfAw.exe
  2⤵
  PID:8564
- C:\Windows\System\DWcOPdF.exe
  C:\Windows\System\DWcOPdF.exe
  2⤵
  PID:8592
- C:\Windows\System\UKafkaj.exe
  C:\Windows\System\UKafkaj.exe
  2⤵
  PID:8612
- C:\Windows\System\EXvqCGi.exe
  C:\Windows\System\EXvqCGi.exe
  2⤵
  PID:8628
- C:\Windows\System\XXRtbUr.exe
  C:\Windows\System\XXRtbUr.exe
  2⤵
  PID:8644
- C:\Windows\System\CtcyQjg.exe
  C:\Windows\System\CtcyQjg.exe
  2⤵
  PID:8660
- C:\Windows\System\UDvEgOV.exe
  C:\Windows\System\UDvEgOV.exe
  2⤵
  PID:8680
- C:\Windows\System\XiLNGSn.exe
  C:\Windows\System\XiLNGSn.exe
  2⤵
  PID:8696
- C:\Windows\System\yiIVTsA.exe
  C:\Windows\System\yiIVTsA.exe
  2⤵
  PID:8712
- C:\Windows\System\qllZjPS.exe
  C:\Windows\System\qllZjPS.exe
  2⤵
  PID:8728
- C:\Windows\System\SFDBypS.exe
  C:\Windows\System\SFDBypS.exe
  2⤵
  PID:8812
- C:\Windows\System\CalNPcZ.exe
  C:\Windows\System\CalNPcZ.exe
  2⤵
  PID:8856
- C:\Windows\System\LmigMMc.exe
  C:\Windows\System\LmigMMc.exe
  2⤵
  PID:8872
- C:\Windows\System\DxHnbzu.exe
  C:\Windows\System\DxHnbzu.exe
  2⤵
  PID:8892
- C:\Windows\System\FPBicBt.exe
  C:\Windows\System\FPBicBt.exe
  2⤵
  PID:8908
- C:\Windows\System\aFiePxq.exe
  C:\Windows\System\aFiePxq.exe
  2⤵
  PID:8924
- C:\Windows\System\WnlIjCC.exe
  C:\Windows\System\WnlIjCC.exe
  2⤵
  PID:8952
- C:\Windows\System\XGKbtyg.exe
  C:\Windows\System\XGKbtyg.exe
  2⤵
  PID:8968
- C:\Windows\System\mjAQLXt.exe
  C:\Windows\System\mjAQLXt.exe
  2⤵
  PID:8984
- C:\Windows\System\JRStCER.exe
  C:\Windows\System\JRStCER.exe
  2⤵
  PID:9000
- C:\Windows\System\nCSfZYK.exe
  C:\Windows\System\nCSfZYK.exe
  2⤵
  PID:9016
- C:\Windows\System\JUjKyPZ.exe
  C:\Windows\System\JUjKyPZ.exe
  2⤵
  PID:9032
- C:\Windows\System\vOvvjcL.exe
  C:\Windows\System\vOvvjcL.exe
  2⤵
  PID:9048
- C:\Windows\System\xTLdpYG.exe
  C:\Windows\System\xTLdpYG.exe
  2⤵
  PID:9096
- C:\Windows\System\zMKKadv.exe
  C:\Windows\System\zMKKadv.exe
  2⤵
  PID:9116
- C:\Windows\System\KoLsCkD.exe
  C:\Windows\System\KoLsCkD.exe
  2⤵
  PID:9132
- C:\Windows\System\bcBPwcd.exe
  C:\Windows\System\bcBPwcd.exe
  2⤵
  PID:9148
- C:\Windows\System\DtReUVD.exe
  C:\Windows\System\DtReUVD.exe
  2⤵
  PID:9168
- C:\Windows\System\kIDxNSP.exe
  C:\Windows\System\kIDxNSP.exe
  2⤵
  PID:9184
- C:\Windows\System\IQQpWtX.exe
  C:\Windows\System\IQQpWtX.exe
  2⤵
  PID:9200
- C:\Windows\System\yIVPfRP.exe
  C:\Windows\System\yIVPfRP.exe
  2⤵
  PID:8240
- C:\Windows\System\ukCYwIm.exe
  C:\Windows\System\ukCYwIm.exe
  2⤵
  PID:8304
- C:\Windows\System\LKTVeAi.exe
  C:\Windows\System\LKTVeAi.exe
  2⤵
  PID:7388
- C:\Windows\System\GQAiKOA.exe
  C:\Windows\System\GQAiKOA.exe
  2⤵
  PID:8372
- C:\Windows\System\PhvVHTM.exe
  C:\Windows\System\PhvVHTM.exe
  2⤵
  PID:8196
- C:\Windows\System\sZeFwNX.exe
  C:\Windows\System\sZeFwNX.exe
  2⤵
  PID:8320
- C:\Windows\System\vgCLHnK.exe
  C:\Windows\System\vgCLHnK.exe
  2⤵
  PID:7216
- C:\Windows\System\VnKRNuF.exe
  C:\Windows\System\VnKRNuF.exe
  2⤵
  PID:7488
- C:\Windows\System\ZEXgEOu.exe
  C:\Windows\System\ZEXgEOu.exe
  2⤵
  PID:7728
- C:\Windows\System\mObxpce.exe
  C:\Windows\System\mObxpce.exe
  2⤵
  PID:8160
- C:\Windows\System\ntHWTHk.exe
  C:\Windows\System\ntHWTHk.exe
  2⤵
  PID:8256
- C:\Windows\System\IGLhCIK.exe
  C:\Windows\System\IGLhCIK.exe
  2⤵
  PID:8356
- C:\Windows\System\KJcriqt.exe
  C:\Windows\System\KJcriqt.exe
  2⤵
  PID:8416
- C:\Windows\System\QIJwFVG.exe
  C:\Windows\System\QIJwFVG.exe
  2⤵
  PID:8576
- C:\Windows\System\kZtLOjI.exe
  C:\Windows\System\kZtLOjI.exe
  2⤵
  PID:8688
- C:\Windows\System\vZSVhjq.exe
  C:\Windows\System\vZSVhjq.exe
  2⤵
  PID:8604
- C:\Windows\System\MIOVEDu.exe
  C:\Windows\System\MIOVEDu.exe
  2⤵
  PID:8676
- C:\Windows\System\BVdJejl.exe
  C:\Windows\System\BVdJejl.exe
  2⤵
  PID:8748
- C:\Windows\System\fPelPNy.exe
  C:\Windows\System\fPelPNy.exe
  2⤵
  PID:8772
- C:\Windows\System\UromlNo.exe
  C:\Windows\System\UromlNo.exe
  2⤵
  PID:8784
- C:\Windows\System\zkPqTff.exe
  C:\Windows\System\zkPqTff.exe
  2⤵
  PID:8800
- C:\Windows\System\jtltjwU.exe
  C:\Windows\System\jtltjwU.exe
  2⤵
  PID:8840
- C:\Windows\System\tdyuPwj.exe
  C:\Windows\System\tdyuPwj.exe
  2⤵
  PID:8844
- C:\Windows\System\esPoyvO.exe
  C:\Windows\System\esPoyvO.exe
  2⤵
  PID:8852
- C:\Windows\System\yWnWUPC.exe
  C:\Windows\System\yWnWUPC.exe
  2⤵
  PID:8904
- C:\Windows\System\IfCKDWL.exe
  C:\Windows\System\IfCKDWL.exe
  2⤵
  PID:8936
- C:\Windows\System\hbxoQfH.exe
  C:\Windows\System\hbxoQfH.exe
  2⤵
  PID:9056
- C:\Windows\System\EgaBxvj.exe
  C:\Windows\System\EgaBxvj.exe
  2⤵
  PID:8992
- C:\Windows\System\CYwHqtA.exe
  C:\Windows\System\CYwHqtA.exe
  2⤵
  PID:9012
- C:\Windows\System\fzZpAYC.exe
  C:\Windows\System\fzZpAYC.exe
  2⤵
  PID:8796
- C:\Windows\System\zexBhkJ.exe
  C:\Windows\System\zexBhkJ.exe
  2⤵
  PID:9088
- C:\Windows\System\lwcUGcv.exe
  C:\Windows\System\lwcUGcv.exe
  2⤵
  PID:9124
- C:\Windows\System\WMAYYOH.exe
  C:\Windows\System\WMAYYOH.exe
  2⤵
  PID:9196
- C:\Windows\System\rsDRpSi.exe
  C:\Windows\System\rsDRpSi.exe
  2⤵
  PID:8368
- C:\Windows\System\rFLWVun.exe
  C:\Windows\System\rFLWVun.exe
  2⤵
  PID:8404
- C:\Windows\System\crwhXSl.exe
  C:\Windows\System\crwhXSl.exe
  2⤵
  PID:7428
- C:\Windows\System\faVDOBS.exe
  C:\Windows\System\faVDOBS.exe
  2⤵
  PID:8260
- C:\Windows\System\BEZXwrl.exe
  C:\Windows\System\BEZXwrl.exe
  2⤵
  PID:8944
- C:\Windows\System\bvBGWLL.exe
  C:\Windows\System\bvBGWLL.exe
  2⤵
  PID:8476
- C:\Windows\System\cxuyXeO.exe
  C:\Windows\System\cxuyXeO.exe
  2⤵
  PID:8460
- C:\Windows\System\rEgSVQX.exe
  C:\Windows\System\rEgSVQX.exe
  2⤵
  PID:8448
- C:\Windows\System\PyMEZrm.exe
  C:\Windows\System\PyMEZrm.exe
  2⤵
  PID:8432
- C:\Windows\System\KjGkhru.exe
  C:\Windows\System\KjGkhru.exe
  2⤵
  PID:8484
- C:\Windows\System\kHZLYsI.exe
  C:\Windows\System\kHZLYsI.exe
  2⤵
  PID:8520
- C:\Windows\System\oOTqIgh.exe
  C:\Windows\System\oOTqIgh.exe
  2⤵
  PID:8572
- C:\Windows\System\TLzHVgi.exe
  C:\Windows\System\TLzHVgi.exe
  2⤵
  PID:8580
- C:\Windows\System\QpuJPCC.exe
  C:\Windows\System\QpuJPCC.exe
  2⤵
  PID:8600
- C:\Windows\System\NAfFesY.exe
  C:\Windows\System\NAfFesY.exe
  2⤵
  PID:8744
- C:\Windows\System\icganvU.exe
  C:\Windows\System\icganvU.exe
  2⤵
  PID:8820
- C:\Windows\System\mjlRPvS.exe
  C:\Windows\System\mjlRPvS.exe
  2⤵
  PID:8656
- C:\Windows\System\dIbWMIj.exe
  C:\Windows\System\dIbWMIj.exe
  2⤵
  PID:8652
- C:\Windows\System\ViLxOBd.exe
  C:\Windows\System\ViLxOBd.exe
  2⤵
  PID:8704
- C:\Windows\System\PtMpjwf.exe
  C:\Windows\System\PtMpjwf.exe
  2⤵
  PID:8760
- C:\Windows\System\kHmlDkO.exe
  C:\Windows\System\kHmlDkO.exe
  2⤵
  PID:8828
- C:\Windows\System\ZkPrHDo.exe
  C:\Windows\System\ZkPrHDo.exe
  2⤵
  PID:8964
- C:\Windows\System\MaTuMmV.exe
  C:\Windows\System\MaTuMmV.exe
  2⤵
  PID:9060
- C:\Windows\System\TqBPpZq.exe
  C:\Windows\System\TqBPpZq.exe
  2⤵
  PID:8976
- C:\Windows\System\jyUMFhP.exe
  C:\Windows\System\jyUMFhP.exe
  2⤵
  PID:9068
- C:\Windows\System\UzMsGMK.exe
  C:\Windows\System\UzMsGMK.exe
  2⤵
  PID:9140
- C:\Windows\System\BVIvPvV.exe
  C:\Windows\System\BVIvPvV.exe
  2⤵
  PID:9176
- C:\Windows\System\kojRRBH.exe
  C:\Windows\System\kojRRBH.exe
  2⤵
  PID:9208
- C:\Windows\System\fwlIuhy.exe
  C:\Windows\System\fwlIuhy.exe
  2⤵
  PID:8272
- C:\Windows\System\qbcXqua.exe
  C:\Windows\System\qbcXqua.exe
  2⤵
  PID:8228
- C:\Windows\System\KAwWbqC.exe
  C:\Windows\System\KAwWbqC.exe
  2⤵
  PID:7716
- C:\Windows\System\dKGdJPr.exe
  C:\Windows\System\dKGdJPr.exe
  2⤵
  PID:7808
- C:\Windows\System\tJLpzjx.exe
  C:\Windows\System\tJLpzjx.exe
  2⤵
  PID:8428
- C:\Windows\System\NQMZIFW.exe
  C:\Windows\System\NQMZIFW.exe
  2⤵
  PID:8464
- C:\Windows\System\YijvPBc.exe
  C:\Windows\System\YijvPBc.exe
  2⤵
  PID:8444
- C:\Windows\System\kEiwbrJ.exe
  C:\Windows\System\kEiwbrJ.exe
  2⤵
  PID:8480
- C:\Windows\System\wyafCGI.exe
  C:\Windows\System\wyafCGI.exe
  2⤵
  PID:8560
- C:\Windows\System\ChPVevo.exe
  C:\Windows\System\ChPVevo.exe
  2⤵
  PID:8740
- C:\Windows\System\ZeNoTgN.exe
  C:\Windows\System\ZeNoTgN.exe
  2⤵
  PID:8848
- C:\Windows\System\lWsgmAo.exe
  C:\Windows\System\lWsgmAo.exe
  2⤵
  PID:8808
- C:\Windows\System\UJcCmhu.exe
  C:\Windows\System\UJcCmhu.exe
  2⤵
  PID:9104
- C:\Windows\System\LknCqPV.exe
  C:\Windows\System\LknCqPV.exe
  2⤵
  PID:8180
- C:\Windows\System\BvEHTSb.exe
  C:\Windows\System\BvEHTSb.exe
  2⤵
  PID:8672
- C:\Windows\System\QOvJIUn.exe
  C:\Windows\System\QOvJIUn.exe
  2⤵
  PID:8996
- C:\Windows\System\xXiNNAb.exe
  C:\Windows\System\xXiNNAb.exe
  2⤵
  PID:9180
- C:\Windows\System\yiYakkm.exe
  C:\Windows\System\yiYakkm.exe
  2⤵
  PID:8352
- C:\Windows\System\ERFkqKX.exe
  C:\Windows\System\ERFkqKX.exe
  2⤵
  PID:8412
- C:\Windows\System\MouRsaD.exe
  C:\Windows\System\MouRsaD.exe
  2⤵
  PID:8508
- C:\Windows\System\dgOiGvg.exe
  C:\Windows\System\dgOiGvg.exe
  2⤵
  PID:8736
- C:\Windows\System\DXBazOo.exe
  C:\Windows\System\DXBazOo.exe
  2⤵
  PID:8540
- C:\Windows\System\vIRNhfh.exe
  C:\Windows\System\vIRNhfh.exe
  2⤵
  PID:9076
- C:\Windows\System\tlLyeCF.exe
  C:\Windows\System\tlLyeCF.exe
  2⤵
  PID:9092
- C:\Windows\System\BOKVYNb.exe
  C:\Windows\System\BOKVYNb.exe
  2⤵
  PID:9128
- C:\Windows\System\eetCtAD.exe
  C:\Windows\System\eetCtAD.exe
  2⤵
  PID:8408
- C:\Windows\System\XkXnnFz.exe
  C:\Windows\System\XkXnnFz.exe
  2⤵
  PID:9156
- C:\Windows\System\Hjcotzp.exe
  C:\Windows\System\Hjcotzp.exe
  2⤵
  PID:9232
- C:\Windows\System\AkYknTF.exe
  C:\Windows\System\AkYknTF.exe
  2⤵
  PID:9248
- C:\Windows\System\mvmvMbR.exe
  C:\Windows\System\mvmvMbR.exe
  2⤵
  PID:9264
- C:\Windows\System\JEIgeeP.exe
  C:\Windows\System\JEIgeeP.exe
  2⤵
  PID:9280
- C:\Windows\System\PtBeYIV.exe
  C:\Windows\System\PtBeYIV.exe
  2⤵
  PID:9296
- C:\Windows\System\YYhJscS.exe
  C:\Windows\System\YYhJscS.exe
  2⤵
  PID:9312
- C:\Windows\System\RHpfcuw.exe
  C:\Windows\System\RHpfcuw.exe
  2⤵
  PID:9328
- C:\Windows\System\rZTjwvh.exe
  C:\Windows\System\rZTjwvh.exe
  2⤵
  PID:9344
- C:\Windows\System\IKGPCIW.exe
  C:\Windows\System\IKGPCIW.exe
  2⤵
  PID:9360
- C:\Windows\System\eSOjQXH.exe
  C:\Windows\System\eSOjQXH.exe
  2⤵
  PID:9376
- C:\Windows\System\HGcKpKU.exe
  C:\Windows\System\HGcKpKU.exe
  2⤵
  PID:9392
- C:\Windows\System\CCnMaMp.exe
  C:\Windows\System\CCnMaMp.exe
  2⤵
  PID:9412
- C:\Windows\System\avkFxop.exe
  C:\Windows\System\avkFxop.exe
  2⤵
  PID:9428
- C:\Windows\System\UIGsGBI.exe
  C:\Windows\System\UIGsGBI.exe
  2⤵
  PID:9444
- C:\Windows\System\kULrhgb.exe
  C:\Windows\System\kULrhgb.exe
  2⤵
  PID:9464
- C:\Windows\System\waOgTXW.exe
  C:\Windows\System\waOgTXW.exe
  2⤵
  PID:9480
- C:\Windows\System\DkHwFQW.exe
  C:\Windows\System\DkHwFQW.exe
  2⤵
  PID:9496
- C:\Windows\System\GEVAxHP.exe
  C:\Windows\System\GEVAxHP.exe
  2⤵
  PID:9516
- C:\Windows\System\BGxNZVD.exe
  C:\Windows\System\BGxNZVD.exe
  2⤵
  PID:9536
- C:\Windows\System\AcEFoeL.exe
  C:\Windows\System\AcEFoeL.exe
  2⤵
  PID:9552
- C:\Windows\System\GULQTjL.exe
  C:\Windows\System\GULQTjL.exe
  2⤵
  PID:9568
- C:\Windows\System\qMnKLOT.exe
  C:\Windows\System\qMnKLOT.exe
  2⤵
  PID:9584
- C:\Windows\System\iMQmDQN.exe
  C:\Windows\System\iMQmDQN.exe
  2⤵
  PID:9600
- C:\Windows\System\usAxPYp.exe
  C:\Windows\System\usAxPYp.exe
  2⤵
  PID:9616
- C:\Windows\System\gsOmufv.exe
  C:\Windows\System\gsOmufv.exe
  2⤵
  PID:9632
- C:\Windows\System\eTELrIg.exe
  C:\Windows\System\eTELrIg.exe
  2⤵
  PID:9648
- C:\Windows\System\zTGWrdK.exe
  C:\Windows\System\zTGWrdK.exe
  2⤵
  PID:9664
- C:\Windows\System\xROikmm.exe
  C:\Windows\System\xROikmm.exe
  2⤵
  PID:9696
- C:\Windows\System\nxwYErb.exe
  C:\Windows\System\nxwYErb.exe
  2⤵
  PID:9736
- C:\Windows\System\FIBxcKc.exe
  C:\Windows\System\FIBxcKc.exe
  2⤵
  PID:9756
- C:\Windows\System\dsPfUHj.exe
  C:\Windows\System\dsPfUHj.exe
  2⤵
  PID:9776
- C:\Windows\System\HRbsnRT.exe
  C:\Windows\System\HRbsnRT.exe
  2⤵
  PID:9796
- C:\Windows\System\NqdnvDa.exe
  C:\Windows\System\NqdnvDa.exe
  2⤵
  PID:9816
- C:\Windows\System\gKuVYyO.exe
  C:\Windows\System\gKuVYyO.exe
  2⤵
  PID:9844
- C:\Windows\System\kbXJLZj.exe
  C:\Windows\System\kbXJLZj.exe
  2⤵
  PID:9876
- C:\Windows\System\dMaVhek.exe
  C:\Windows\System\dMaVhek.exe
  2⤵
  PID:9920
- C:\Windows\System\RNqtQOn.exe
  C:\Windows\System\RNqtQOn.exe
  2⤵
  PID:9992
- C:\Windows\System\NjAXQjX.exe
  C:\Windows\System\NjAXQjX.exe
  2⤵
  PID:10040
- C:\Windows\System\ZZrXsbS.exe
  C:\Windows\System\ZZrXsbS.exe
  2⤵
  PID:10084
- C:\Windows\System\YySatuk.exe
  C:\Windows\System\YySatuk.exe
  2⤵
  PID:10104
- C:\Windows\System\GDtIfGc.exe
  C:\Windows\System\GDtIfGc.exe
  2⤵
  PID:10120
- C:\Windows\System\QQZcveu.exe
  C:\Windows\System\QQZcveu.exe
  2⤵
  PID:10136
- C:\Windows\System\nvmIqJp.exe
  C:\Windows\System\nvmIqJp.exe
  2⤵
  PID:10152
- C:\Windows\System\XPpJIOo.exe
  C:\Windows\System\XPpJIOo.exe
  2⤵
  PID:10176
- C:\Windows\System\UHyShBh.exe
  C:\Windows\System\UHyShBh.exe
  2⤵
  PID:10196
- C:\Windows\System\BGQMwJF.exe
  C:\Windows\System\BGQMwJF.exe
  2⤵
  PID:10236
- C:\Windows\System\mgLaARS.exe
  C:\Windows\System\mgLaARS.exe
  2⤵
  PID:9304
- C:\Windows\System\DFchnpH.exe
  C:\Windows\System\DFchnpH.exe
  2⤵
  PID:9288
- C:\Windows\System\yQugouL.exe
  C:\Windows\System\yQugouL.exe
  2⤵
  PID:8724
- C:\Windows\System\VRtuVIl.exe
  C:\Windows\System\VRtuVIl.exe
  2⤵
  PID:9260
- C:\Windows\System\SLQwazt.exe
  C:\Windows\System\SLQwazt.exe
  2⤵
  PID:9384
- C:\Windows\System\EQJorQk.exe
  C:\Windows\System\EQJorQk.exe
  2⤵
  PID:9472
- C:\Windows\System\SxCwkEN.exe
  C:\Windows\System\SxCwkEN.exe
  2⤵
  PID:9508
- C:\Windows\System\EFCpNsh.exe
  C:\Windows\System\EFCpNsh.exe
  2⤵
  PID:9576
- C:\Windows\System\YOWJdxV.exe
  C:\Windows\System\YOWJdxV.exe
  2⤵
  PID:9492
- C:\Windows\System\tmtKnvs.exe
  C:\Windows\System\tmtKnvs.exe
  2⤵
  PID:9532
- C:\Windows\System\uUBluDw.exe
  C:\Windows\System\uUBluDw.exe
  2⤵
  PID:9612
- C:\Windows\System\tMQkLxJ.exe
  C:\Windows\System\tMQkLxJ.exe
  2⤵
  PID:9644
- C:\Windows\System\TUgVAXY.exe
  C:\Windows\System\TUgVAXY.exe
  2⤵
  PID:9676
- C:\Windows\System\whTFTOz.exe
  C:\Windows\System\whTFTOz.exe
  2⤵
  PID:9976
- C:\Windows\System\EfMwGln.exe
  C:\Windows\System\EfMwGln.exe
  2⤵
  PID:10060
- C:\Windows\System\RnSBEvz.exe
  C:\Windows\System\RnSBEvz.exe
  2⤵
  PID:9276
- C:\Windows\System\FSKjqAI.exe
  C:\Windows\System\FSKjqAI.exe
  2⤵
  PID:10008
- C:\Windows\System\IGDFYPX.exe
  C:\Windows\System\IGDFYPX.exe
  2⤵
  PID:10144
- C:\Windows\System\NIwSpPt.exe
  C:\Windows\System\NIwSpPt.exe
  2⤵
  PID:10220
- C:\Windows\System\LTbMgLG.exe
  C:\Windows\System\LTbMgLG.exe
  2⤵
  PID:9908
- C:\Windows\System\yXnNGuF.exe
  C:\Windows\System\yXnNGuF.exe
  2⤵
  PID:10072
- C:\Windows\System\EPkjvCE.exe
  C:\Windows\System\EPkjvCE.exe
  2⤵
  PID:10192
- C:\Windows\System\MKyfQWR.exe
  C:\Windows\System\MKyfQWR.exe
  2⤵
  PID:9192
- C:\Windows\System\WsXmgoT.exe
  C:\Windows\System\WsXmgoT.exe
  2⤵
  PID:8456
- C:\Windows\System\NLUUfBE.exe
  C:\Windows\System\NLUUfBE.exe
  2⤵
  PID:9488
- C:\Windows\System\tPzgDIu.exe
  C:\Windows\System\tPzgDIu.exe
  2⤵
  PID:10028
- C:\Windows\System\EKDCMwW.exe
  C:\Windows\System\EKDCMwW.exe
  2⤵
  PID:10128
- C:\Windows\System\laavxAc.exe
  C:\Windows\System\laavxAc.exe
  2⤵
  PID:10172
- C:\Windows\System\mvXUTtE.exe
  C:\Windows\System\mvXUTtE.exe
  2⤵
  PID:10068
- C:\Windows\System\nBcMZbd.exe
  C:\Windows\System\nBcMZbd.exe
  2⤵
  PID:10112
- C:\Windows\System\IFYSaqa.exe
  C:\Windows\System\IFYSaqa.exe
  2⤵
  PID:9340
- C:\Windows\System\wQeKQoI.exe
  C:\Windows\System\wQeKQoI.exe
  2⤵
  PID:9408
- C:\Windows\System\vbEpDCY.exe
  C:\Windows\System\vbEpDCY.exe
  2⤵
  PID:9436
- C:\Windows\System\NTqbiQq.exe
  C:\Windows\System\NTqbiQq.exe
  2⤵
  PID:9424
- C:\Windows\System\dOpythl.exe
  C:\Windows\System\dOpythl.exe
  2⤵
  PID:9560
- C:\Windows\System\dPGfquc.exe
  C:\Windows\System\dPGfquc.exe
  2⤵
  PID:9680
- C:\Windows\System\gWIkaGq.exe
  C:\Windows\System\gWIkaGq.exe
  2⤵
  PID:9784
- C:\Windows\System\ZnOmgRG.exe
  C:\Windows\System\ZnOmgRG.exe
  2⤵
  PID:9836
- C:\Windows\System\ojphkZc.exe
  C:\Windows\System\ojphkZc.exe
  2⤵
  PID:9772
- C:\Windows\System\qnSwdJl.exe
  C:\Windows\System\qnSwdJl.exe
  2⤵
  PID:9904
- C:\Windows\System\pyRfGgA.exe
  C:\Windows\System\pyRfGgA.exe
  2⤵
  PID:9812
- C:\Windows\System\ilabCQU.exe
  C:\Windows\System\ilabCQU.exe
  2⤵
  PID:9944
- C:\Windows\System\lsmyYQC.exe
  C:\Windows\System\lsmyYQC.exe
  2⤵
  PID:9708
- C:\Windows\System\KnYmKAV.exe
  C:\Windows\System\KnYmKAV.exe
  2⤵
  PID:10052
- C:\Windows\System\YCScHlU.exe
  C:\Windows\System\YCScHlU.exe
  2⤵
  PID:9764
- C:\Windows\System\PUYIcLY.exe
  C:\Windows\System\PUYIcLY.exe
  2⤵
  PID:9244
- C:\Windows\System\zdKpUaV.exe
  C:\Windows\System\zdKpUaV.exe
  2⤵
  PID:9960
- C:\Windows\System\kYCNEEi.exe
  C:\Windows\System\kYCNEEi.exe
  2⤵
  PID:10188
- C:\Windows\System\HQCslgy.exe
  C:\Windows\System\HQCslgy.exe
  2⤵
  PID:10024
- C:\Windows\System\dloUXmo.exe
  C:\Windows\System\dloUXmo.exe
  2⤵
  PID:10092
- C:\Windows\System\wMEvFHT.exe
  C:\Windows\System\wMEvFHT.exe
  2⤵
  PID:10164
- C:\Windows\System\NbpcAOk.exe
  C:\Windows\System\NbpcAOk.exe
  2⤵
  PID:10232
- C:\Windows\System\gsmvRiX.exe
  C:\Windows\System\gsmvRiX.exe
  2⤵
  PID:8308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BOebuXK.exe

Filesize
6.0MB

MD5
e5b0c76d513ce222ec6035f842599334

SHA1
30006e2aa0ced7dd36e54dcd4abf449df872dfbc

SHA256
2478bfeaf25d87e59b4297b93e3ff0ccb3650e45667041372f969e356b6f0e59

SHA512
5abcf84ea21e724bf9a9af3a8767a54ceaaaa4280303cd6618b21fc9e0689f9e75ccfc6f154d89183ad4e77b46051f7bc575a000694d2419efa0a98a9c5f1cd2

Download Submit
C:\Windows\system\BdPJCYP.exe

Filesize
6.0MB

MD5
995377b437f730d74b8dff95e800e216

SHA1
188e585016ee5c356409b45d3bfe8eed9d8266ed

SHA256
591383d3b0974ed99fa5eeb21eab6b551acfdc3df618a34278742148957beb8a

SHA512
442caed708f90062d1a7d46c9f43d881132d91f3432bbc192098d677ff818ca7085a92e56cef564ab203c355f613c458c75b223cbe7be8475ddfbe025ce38b21

Download Submit
C:\Windows\system\BqIHLEI.exe

Filesize
6.0MB

MD5
f4c2a4094d8a4485b6603d5566045c34

SHA1
ec2cdbb8d335a9299e1fd861d8e4b65703162088

SHA256
5fadbd524320da9d7b179cd99e7da002607beaf22babfb053c4816a266087251

SHA512
76284eef4b7cf977a89674432bce94c80c15fa6d12d17189fa7207631ad01a9681357e8a4c2db9396842d666de41c6208f5b16c90a53ca0b52835a0f731268bd

Download Submit
C:\Windows\system\CHjzFZv.exe

Filesize
6.0MB

MD5
55cb5bd52cd0792db059a5aed397c07d

SHA1
d741fbe89ab9873b0b7c746f7c37230b6fd43cf0

SHA256
6b88040416192a15fa38a70e21dc3f5cd1f99b5b958cc411ad2a0bf81c831f98

SHA512
5558323313a9425e10477498e84ef82399c3ee1969463393a20fcd1c308d9d50a83773e9ce466b14f9e1608c60a74c48b7c14d506f6b41f70fb669918da9c310

Download Submit
C:\Windows\system\DNuiXSC.exe

Filesize
6.0MB

MD5
56ba3c596a93491e6bf29016b7a0036f

SHA1
e84d370e376f726f9c057dd8542c24797db8d9b9

SHA256
5aeb1aa9fd3cb82efe5c301c0b7ad9d3dc71aabe92fb0145d78780865f077939

SHA512
6a791623dea0483f70ce48acfdb71702bf1cb96fa3e7b4d72515a68c4d27748e21ca6f87a3c8889198391533c76d03e73a11faa8dc94270a3d2b2a2e6049adde

Download Submit
C:\Windows\system\DRCywVy.exe

Filesize
6.0MB

MD5
d417422d70cc8f72db9094ca1fd37f77

SHA1
1eefbf5926930f44cbd62eb11a45e94cd0270781

SHA256
6633de54bb07cee30b8dba3c3523331b4fc33ac99ae146801a3b17e3b188ff7c

SHA512
a6dfb010947abec4829bc06a4dcd968d41eae3e870b7a9da98dd85f7e3c9d8e9b6251ab20f7fb2483187b3f55ecefaad2c029b64a86a23b7934af00a6463511c

Download Submit
C:\Windows\system\ERBkAaX.exe

Filesize
6.0MB

MD5
73186c48b4da645558c0cbd88553c56e

SHA1
35d83828bd2aeafc3f63a70699f5e59e718e7e7e

SHA256
e8c5b768fcd8401aba578a1b62a8933560346f0ed091f6866c98ffa704897f0b

SHA512
cb7e890178444c22125b0d3f931232f57583bbccbeb45e1dc35d6f9250a11229f96d9d1fede69c4997b4be67c93df1d80e74c1349cff1110ab8f470efa08dd83

Download Submit
C:\Windows\system\GLwbUVN.exe

Filesize
6.0MB

MD5
6869b47494eb313629f7be2cb5a00de6

SHA1
f6f425e8a75b9cb14f845301e6538780fd729c5d

SHA256
5a318731977301e4d1b60afeb713d28691fd00939746f8e76172fc1b7a907531

SHA512
8130e9308562dcdceb572f7ffdf12b5b7b3f41e462d05db99750c52040b6107d6c15f619899da2edcd5168bf45352b5903695910f047641adb52aee0d8fc1379

Download Submit
C:\Windows\system\ILNYuSF.exe

Filesize
6.0MB

MD5
cd953c2102b81100bb5eeac36ec7637f

SHA1
fcd7c8dbd4bf969e7132b36b3700988f46b3cd4c

SHA256
a1c9fb13afaae2c48e59c56da9f54f78c431bc8701163a4cebc874c391898c71

SHA512
c4894314573cf447aa563f067293725638cf3d8947cd0946015ab0a685d7b1f2ce9e6887ece08be25b77d1edeb2b0240e639ddb8bf4908228432ebc7170cd41a

Download Submit
C:\Windows\system\IyvXtjJ.exe

Filesize
6.0MB

MD5
a46a2ad7aaf71c274e7d002113ab78c1

SHA1
322cb29f432feed071dffc545083ecd2fa5af1fb

SHA256
f0b800538a5f2264b46c054fc04aef7e4e0863a7dffcec5c96719dac8b87f5e4

SHA512
35e7d869c55229ab4ad997d84768ca87a77bc18928239bde29c3f29b15b02ddd991d1dea186f21c40e816130677d5758abae523fcd8fd29576845cab38688f72

Download Submit
C:\Windows\system\MRcrLfo.exe

Filesize
6.0MB

MD5
feb4e72da1954b2eb44f0aff31a45f9f

SHA1
73add46f7dd299737de8df7b21a0c1bec2a9d185

SHA256
ec165beb085b178058675ec032fc6c0264fff160b6fc608dff8f3f2ce8f77b7c

SHA512
3a65304211e90daf362006e74a4c446b9a92c71bf96bbb66676ed3170a3a6a18a6ad90e83cc2d5f8bd055c5811c9d44e37f90f3209454dcc44a011031ddcb85f

Download Submit
C:\Windows\system\QfZKFBY.exe

Filesize
6.0MB

MD5
3085ee3a977335f27e6349234467d211

SHA1
3dcaa3496467a14a662e01dcd9ce864602905e6b

SHA256
3656e486e698d84d18a02d5f5029e21fa77018004ff3196ca03fe2f43426a60f

SHA512
4da93ad2beb9e30db442212ac69ae94edb0bdd09845aede786e2cc72b4efb2484fad70cc880ab13741436a48f3dbd33b7991026dfa6ea01373685a5aa12d8f4d

Download Submit
C:\Windows\system\RhmPeKg.exe

Filesize
6.0MB

MD5
a3bc0547604b1191d69a9bc9313a768e

SHA1
5cd973ba10d3e10229fdd94ca12a020303b6057d

SHA256
aa38d2a3018618a08ba17a6a4e02731b1d86003a3159750318015ca1b0aa45a3

SHA512
d0d38debf83bf405051b47ae33e124faac5c58b8a62ec4151860760f627d3f36f937265a22cdd3b151f15c0d1a032f791ef03070d0813d3fee441b9442e1e1a5

Download Submit
C:\Windows\system\TKGUbdp.exe

Filesize
6.0MB

MD5
ef6b3a06ab6f515e1dd758db278c7b46

SHA1
9dcd52a018c06121c93472eb672174017ce580a3

SHA256
3611151578bc8f84220aa285fabc99770d5f928fa50eabed5157f15cd6f923d0

SHA512
9775a4633a02f434ca1186a818134694b5c123d65e54ee61899560105d37dbaa0e7f6c092f8e1617c95d44671b75b6f6faad4d344c93287354216d920c3a5a36

Download Submit
C:\Windows\system\ZJQKUMi.exe

Filesize
6.0MB

MD5
1bb9eb3acb38c300601da736d33a610b

SHA1
5c218ff99e3b6bd591bb518238a71ff8968ab4ed

SHA256
2760c6b2d7e92a77e6581fc6e4eb7103fb143f5022ddd16820a248a478f3e897

SHA512
628e6248be11ec86cc80318904a6b1a7a0d4c343c5c3b3797d50f7076d966b660871dd2f8b2d0b4ef1943968257149dbfbc40df14eb0ee355e9acfb5a3f1e447

Download Submit
C:\Windows\system\bSKROyj.exe

Filesize
6.0MB

MD5
4c32a422b4230f42bd55c2d23a79cc08

SHA1
ae5914b56c2039cea2a3fca6df04386b17b4e310

SHA256
c3e235f3aa8d073be06581898c49aa74ef18b97add2e1cf1ffeb8ca9c3aba6d6

SHA512
10d1a617cba2d7b1bc9c7d2983200ee3958d73157d4cc5b089c8fc698c9dcc3f8a0b315ef4b07f636b39e13bcffed4478f53a4e48264d6955d83ccb3f7f1a3f2

Download Submit
C:\Windows\system\cCwcaDP.exe

Filesize
6.0MB

MD5
82abcfb9ff8a33b0db36681cb1141f4a

SHA1
8999550882c22e03e5b98e260e3d0406f13be096

SHA256
00eae193c715998debf006f9cdccb82c656a60074292071f411a590ee420c0dc

SHA512
d6fad22a809c1287b3378cbc9c8a4344626d28e1fded69f9b7ed31ee016539b8c88ba5b0833790875fe2c4dab8bdec25ba0adadbbf52bcf108d578106dd49d8e

Download Submit
C:\Windows\system\dGrmkLn.exe

Filesize
6.0MB

MD5
6944ebd7cc01e4290d4af4ad97ebb36e

SHA1
6c4e945436252a3018242b08c2b047ed1a1ad420

SHA256
3fbf6fe5261bee65744a6d600b10880c1315ddb22666c62c6035aaabdbe7f843

SHA512
0857415a54d372ec0642cc4f5e9056b95167a1944da320d2e90e76af035cdf8ca6e56aaadbb3c4d655e1f1eeceacd3c34a21018591c83d4e648f321e2a350897

Download Submit
C:\Windows\system\eqantOp.exe

Filesize
6.0MB

MD5
40f23a4ff498dd47f5d8325e062e364d

SHA1
c0219c212e4d52cc24716d52929862c535823c52

SHA256
908917bfad4102cac6cddcd14f0dbb720de82cda3a1c0c68b67b8644f5fb8153

SHA512
9914cc086a1c0b9bbd5ae423d5ff48e90df906ef408487a146c63cdad84ee65fcd521274150073052c95bd92579e7f1fba39d8b6146c4f04384a074c41837bf5

Download Submit
C:\Windows\system\mdtpvBd.exe

Filesize
6.0MB

MD5
e0ea859cff634cabd4b9ecddf14c8d21

SHA1
466609c7cd173f347023e787de52ecf9c8e14fea

SHA256
07d2a24ff0187a70fa24f1f3b68a6553329c3c9f797dfaf950057b7d79d22156

SHA512
2c063c6091bf9884fae163448295260f0808305fe2fca9696089a4f336ce17b47dd669aee1686bdaa257d9f660be02632cca6e3e4dda3d7c2379183d22b2509b

Download Submit
C:\Windows\system\nCQSuTo.exe

Filesize
6.0MB

MD5
6012888052e229ed2eb4682c91040a79

SHA1
923a3f3ca827752b06e320cea0028d107f42ac5b

SHA256
52aefb04f31827c46b01c9e62bb70a46319ec0e6d920d90993a084c6b79f4d1e

SHA512
96c9e66de5b273c20a2c619070a50fe1e9a61e42681b39bdd280e776b6aac9ffd282621d2baaa97faa9adb9da0a7900c07c113ac29827c6d88540e1eda42a08c

Download Submit
C:\Windows\system\nVcafaE.exe

Filesize
6.0MB

MD5
d8fb2c65d67aa14f0b0c900502dd9602

SHA1
75a87c41599df52cd74b37f4ee60544b0f1b3a1e

SHA256
68100cba129d12eca46c6b517a3ebef9121b3c3051dc538c5574ba40426006f8

SHA512
66c33c22fd83510cb9ae7d68df4903041c85be09aa01d73143a4d38c0cb9f0cd85a912c7bf78c9b9cd9c4da3b22ddf2c1fc66538f4b80932965d5fcf155d60a4

Download Submit
C:\Windows\system\niCOLGB.exe

Filesize
6.0MB

MD5
8404d2f89020e4d86c27a0389618e57b

SHA1
7667a54cffc0272739b3a6f8bc78d49ef37c6b56

SHA256
ce0f6da850bbb1c21774388014a85cdfac02d6ae54aa0231702d9d0c0f0db056

SHA512
42d773f8605e3064cfa784ef99945353b4bee1ce500e2116e19fa56db7e505a37ca807fc5f1429f0a1ae16a6eb2a18a504159c0798e017d38feb046c5675df0c

Download Submit
C:\Windows\system\orBfIDM.exe

Filesize
6.0MB

MD5
b3b235a63c719eec3b06bf68f15e85d0

SHA1
fec8a7254a04377533453a3f322ba84a7acab42f

SHA256
aab29dd6370d8e2bbb8c5f68fbcc036348d707f0c2659bf950a5c41b01a13dd9

SHA512
72097cb1f5d8af9bc88686ec221d60bfb9ecdfc005f60ce63bb4bde2cd11c5fb291e20dd857dba275dc09f6c645f3d407aa6f4f412d7c47aedc90f74eff171a8

Download Submit
C:\Windows\system\rUvmUaU.exe

Filesize
6.0MB

MD5
c5891cfb082014eeddd3681beb6d2a34

SHA1
b81a1dfebbc504fa4f44ab2400be5d016de72d25

SHA256
d78b0edf017fb911ebf30b2f8217286cfd15e449aa3a06a5b469e98fad2f99a5

SHA512
b9df06216bd1ae86a1c0db3ca396e5aacae916b95fa0fb5385ecdb6865ab5ae9bb66607aacfcdc0b1fd8da06d500a2de2cae39f466195b85e945daec0ee048f5

Download Submit
C:\Windows\system\vdBpxgV.exe

Filesize
6.0MB

MD5
a585baa8d436a061b680aad9211a90ad

SHA1
97e754dd20de4b9526851b1a2aeb56bde4845f4d

SHA256
18a9266be7d7d456667f5d1441aca04586629eeb1b55f08030bb4abd14961605

SHA512
8b954a8083322a05c19926f202259878491be23777aa7ab9ffdb67a9229219ddf4d75988c3ffae7a994420c8a8cd682d670a10171e338e7b74dfb3f01838a147

Download Submit
C:\Windows\system\yLbBMLr.exe

Filesize
6.0MB

MD5
97c10acfeba5dcf0f3da9ac3107bff0c

SHA1
2bc51bf079e9857bbca65dd4361de2f6b84c8575

SHA256
4e73d02fb50e082d9751d5c5f5d140a205ae99bd6e9739b20f3b7083dfcc9d2b

SHA512
6e8a0e8942dcacb52ab43d33accc74db49b5b96f75916e864e4f211e2f5a9eea1b55bf8db010d8a979ad7e3eb7e97f486ffe3bf7c05281540367a558a22b93da

Download Submit
\Windows\system\JyRhdNw.exe

Filesize
6.0MB

MD5
de728e75cc8115056a55b3c40eebf229

SHA1
3698fb83c5d2c5e5a75dbe8179547c1f08b176c1

SHA256
0a5046c53c5cf46c60d627eee95474d1a8178c5fc50e4b5f00c00a915d18e40b

SHA512
7d0fad4e7ad0e8e8d9c6efa9596b4374a5535db06427d590ce1f23e4d1d01f81bbfe0ab41f423fc79fac3ce4b392840842cbed0151a6a58ae5e66a776cd09e03

Download Submit
\Windows\system\MJsenXP.exe

Filesize
6.0MB

MD5
0351c867f7115041a123b7987eb573e4

SHA1
79034474b1e3b118ecb70a634e3a2abe6c9149f0

SHA256
c33fe9c9ab17b4646ed1fd87c6c519d2675dec62f4e9e732efa6450218112561

SHA512
585af79eddbc32cb4f7e7e55232f26a7638b8f7d399b12659cfed855820223a21303ec198f658d725efdd806527b1efc465a2c3adcffbcf3e5de3e5624afb4eb

Download Submit
\Windows\system\TQKhTmo.exe

Filesize
6.0MB

MD5
d53dd075ab5ed3b857e3b9202a9605d9

SHA1
2d7d70a3cda033604330a1bd3ff658c719d85ca9

SHA256
22046ceee47ac4f8be37524e8c8be14078231c55e5f607d69e900144713d4468

SHA512
3333b5861f583a1f80caf04b2fbe4dceb2aed65979f4e8991aff47908c0c1e4f5e2236bda869fc395cebdb5b88a832323d768ce475a555a698ff67bb72f7866e

Download Submit
\Windows\system\bTkuzyu.exe

Filesize
6.0MB

MD5
7647ec66538d692962f54062e80ce5bc

SHA1
b8305bc634c9059a89a71eb99845e01332907624

SHA256
f394bf6287cdafcd43ce008620a485ca85c61781638de354f3f00add41ee99af

SHA512
7d482577201ed164f122b734a5a46243fc1285755c5f7d7bad3f095ed068a16108e81b9aa5d0ae154cdc7683e89f076af513d291faef0dd121cbd64140027c5f

Download Submit
\Windows\system\gtTfKxW.exe

Filesize
6.0MB

MD5
6718ccf39605c3f97fda3c81104d8727

SHA1
6256a6aa67d4e39c2f7f12e6b3ba0df6074f0334

SHA256
8a962b7d5f49f61d7375433f88a2da0c80968b67cea10cb857466ba2656d807f

SHA512
6f02725def7d4eee671ce580c0cb074ee1a2272e0756ff466b412ca5927fb9e847708b1bd6fdda654ae875e400e10803a7dd35f564599adfe38150c20ebac3a8

Download Submit
\Windows\system\tvrLDnA.exe

Filesize
6.0MB

MD5
b98fac92ccd8e44eb7128eec59308eb6

SHA1
6333f8ce00158f9f7743435c226c9bef94474e37

SHA256
6de7d78e11c704aef99849422f24ce5e210971cabf9137b67545a3d7c47459af

SHA512
564cd121eeb68c22a082bcfb9926b573d2e82884c3b3c1749b0b88aa58a1205deb43b7731f918157d0ca7e208463be7997851852259c5061e64eef58bf5febb4

Download Submit
\Windows\system\uGfFibD.exe

Filesize
6.0MB

MD5
8ec1d54ed3193508a34bdea648095c42

SHA1
bc7d84dc8dc175e18d16eeb3b92b92cd2e8e930f

SHA256
ae77fb8e96309a84d58ad21aa44f1886205fb0ea9743eecdfd73d58d6981e889

SHA512
0b8ba637eb07125744eea41b9e67bd743839ef3886684094335d6685e77cb0750d9b60d7e9271e1c9099b724aec7dc8dd82f26e1a9c40ac04c328dd383f16916

Download Submit
\Windows\system\uQsmpen.exe

Filesize
6.0MB

MD5
bffc3ac5fd7fa0324cdbfc49e6d90bd3

SHA1
a689aa444a21714263c4944d6e161e93c3816755

SHA256
f8cc939cb0efdadb4c0eea3b304091d349ee07dd0202c4e3e59b6d678aee8665

SHA512
d7d8435c10d30f0dd5aa06d3a4f9f6bd696e9e620ca43a6ea91b8834a488099ef890800b68c65fff3a0bb78fa92e25a06a7f7f87b4733c658f43a651475fef0c

Download Submit
memory/1908-1239-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1241-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-400-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3418-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-398-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2737-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-396-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3203-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1908-394-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3079-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-392-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3132-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1908-390-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3025-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1908-388-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/1908-386-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1908-10-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-402-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-409-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-404-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1183-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-406-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1181-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1225-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1238-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1237-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1325-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1260-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1908-0-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1984-387-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1984-2693-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2224-401-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2668-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2288-408-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2288-2663-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2676-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-385-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1185-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2336-345-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2336-2667-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2662-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-407-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2692-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2732-395-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2679-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-389-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2682-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2776-405-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2796-399-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2669-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2695-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2860-391-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2696-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2872-403-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2672-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2888-397-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2912-393-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2664-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download