cobaltstrike | 8be15f9de36ca2c84cef62b4890669a3209ac286e0ed09533e63feb25e753145

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

90847a1eb104d20d93bd2c38ac973651
SHA1

cbf5127e0b6116f24307a5fd38002b926ea2d3ec
SHA256

8be15f9de36ca2c84cef62b4890669a3209ac286e0ed09533e63feb25e753145
SHA512

5d98f363af80ca183073896851dbdaef732d4d2a8c5b8c05aa78479378817a648266f7a302d671a4678885790ee6ccabbfcf9e8f67b19d837552981e6ae92380
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d46-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dbe-11.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfc-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd1-29.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dd7-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018687-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-80.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-118.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-112.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ea4-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2332-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-6.dat	xmrig
behavioral1/memory/2520-7-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d46-9.dat	xmrig
behavioral1/memory/2516-14-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dbe-11.dat	xmrig
behavioral1/files/0x0009000000016cfc-25.dat	xmrig
behavioral1/memory/2732-28-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dd1-29.dat	xmrig
behavioral1/files/0x0009000000016dd7-38.dat	xmrig
behavioral1/memory/2736-40-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2680-21-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018687-49.dat	xmrig
behavioral1/memory/2680-51-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/948-55-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2864-48-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2872-67-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018f53-80.dat	xmrig
behavioral1/memory/2044-85-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2864-84-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000600000001903b-92.dat	xmrig
behavioral1/files/0x0005000000019256-133.dat	xmrig
behavioral1/files/0x000500000001936b-173.dat	xmrig
behavioral1/memory/2016-642-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1868-540-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2044-420-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2100-297-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2208-189-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a5-186.dat	xmrig
behavioral1/files/0x0005000000019423-192.dat	xmrig
behavioral1/files/0x0005000000019397-183.dat	xmrig
behavioral1/files/0x000500000001937b-178.dat	xmrig
behavioral1/files/0x0005000000019356-168.dat	xmrig
behavioral1/files/0x000500000001928c-158.dat	xmrig
behavioral1/files/0x0005000000019353-163.dat	xmrig
behavioral1/files/0x0005000000019266-149.dat	xmrig
behavioral1/files/0x0005000000019284-152.dat	xmrig
behavioral1/files/0x0005000000019259-138.dat	xmrig
behavioral1/files/0x0005000000019263-143.dat	xmrig
behavioral1/files/0x0005000000019244-128.dat	xmrig
behavioral1/files/0x000500000001922c-123.dat	xmrig
behavioral1/files/0x00050000000191ff-118.dat	xmrig
behavioral1/files/0x00060000000190e0-109.dat	xmrig
behavioral1/files/0x00050000000191d4-112.dat	xmrig
behavioral1/memory/1868-94-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/948-93-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2016-103-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2616-102-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2332-90-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/memory/2332-89-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x00060000000190ce-101.dat	xmrig
behavioral1/memory/2736-77-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c26-76.dat	xmrig
behavioral1/memory/2208-70-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c1a-69.dat	xmrig
behavioral1/memory/2616-63-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000018792-62.dat	xmrig
behavioral1/memory/2516-47-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ea4-46.dat	xmrig
behavioral1/memory/2332-33-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2332-52-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2332-50-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2520-39-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2872-36-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2520	vyzzCgS.exe
2516	tFMgRPR.exe
2680	lPziSXD.exe
2732	hknqPeR.exe
2872	VdlmzJZ.exe
2736	bKOSElX.exe
2864	crKdNKC.exe
948	LaGtzJX.exe
2616	jlfiyEq.exe
2208	LuOLPTS.exe
2100	GYPLAVa.exe
2044	tTeoRQy.exe
1868	bxFHHWr.exe
2016	AOGowVy.exe
1256	NYXrlGV.exe
2408	yhlVKMm.exe
2856	Zenbbul.exe
1892	gBJetag.exe
760	beQcgnH.exe
1664	ftPlAzF.exe
2956	wZSuAui.exe
2904	akuiSkF.exe
2204	RKQUMDN.exe
988	SpUGXJd.exe
1192	eHvIiEI.exe
2396	VVnNtso.exe
444	RDRmfio.exe
3032	jkWKxxf.exe
1848	pJhYcwZ.exe
344	ODhLHoL.exe
1612	ZMATfRq.exe
1888	KunUjWd.exe
2828	peEujRc.exe
540	rackxtB.exe
824	sxkbIzI.exe
2064	NtKTnBs.exe
564	OvYvZWe.exe
2556	tKhdvfy.exe
1608	WhppOtu.exe
2120	oUiAtfI.exe
2132	iTfQZCc.exe
2288	zUiPfIq.exe
1820	gJygyRf.exe
1452	fmePjJT.exe
1668	rPiZeQe.exe
1020	WLJmKjK.exe
888	XmOBmgr.exe
1696	aWkopbJ.exe
2436	YHtyqBq.exe
1508	vRFNbKz.exe
1624	SZZwdaS.exe
1716	JeUfXuU.exe
2496	wtqlSNH.exe
2824	NYaazIz.exe
2696	mpCONVb.exe
2580	caHkGGs.exe
2760	rzFePkJ.exe
1644	XdLdwtW.exe
2340	pFMfTCD.exe
2860	bdnsSIA.exe
2832	SiuoBVV.exe
1016	MYQOuhR.exe
2928	JAHbKAH.exe
1264	wInsdiQ.exe

Loads dropped DLL 64 IoCs

pid	Process
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2332-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-6.dat	upx
behavioral1/memory/2520-7-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x0008000000016d46-9.dat	upx
behavioral1/memory/2516-14-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0007000000016dbe-11.dat	upx
behavioral1/files/0x0009000000016cfc-25.dat	upx
behavioral1/memory/2732-28-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0007000000016dd1-29.dat	upx
behavioral1/files/0x0009000000016dd7-38.dat	upx
behavioral1/memory/2736-40-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2680-21-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0006000000018687-49.dat	upx
behavioral1/memory/2680-51-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/948-55-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2864-48-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2872-67-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x0006000000018f53-80.dat	upx
behavioral1/memory/2044-85-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2864-84-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000600000001903b-92.dat	upx
behavioral1/files/0x0005000000019256-133.dat	upx
behavioral1/files/0x000500000001936b-173.dat	upx
behavioral1/memory/2016-642-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1868-540-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2044-420-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2100-297-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2208-189-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x00050000000193a5-186.dat	upx
behavioral1/files/0x0005000000019423-192.dat	upx
behavioral1/files/0x0005000000019397-183.dat	upx
behavioral1/files/0x000500000001937b-178.dat	upx
behavioral1/files/0x0005000000019356-168.dat	upx
behavioral1/files/0x000500000001928c-158.dat	upx
behavioral1/files/0x0005000000019353-163.dat	upx
behavioral1/files/0x0005000000019266-149.dat	upx
behavioral1/files/0x0005000000019284-152.dat	upx
behavioral1/files/0x0005000000019259-138.dat	upx
behavioral1/files/0x0005000000019263-143.dat	upx
behavioral1/files/0x0005000000019244-128.dat	upx
behavioral1/files/0x000500000001922c-123.dat	upx
behavioral1/files/0x00050000000191ff-118.dat	upx
behavioral1/files/0x00060000000190e0-109.dat	upx
behavioral1/files/0x00050000000191d4-112.dat	upx
behavioral1/memory/1868-94-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/948-93-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2016-103-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2616-102-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x00060000000190ce-101.dat	upx
behavioral1/memory/2736-77-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x0006000000018c26-76.dat	upx
behavioral1/memory/2208-70-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0006000000018c1a-69.dat	upx
behavioral1/memory/2616-63-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000018792-62.dat	upx
behavioral1/memory/2516-47-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0008000000016ea4-46.dat	upx
behavioral1/memory/2332-33-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2520-39-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2872-36-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2736-3122-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2732-3143-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2516-3145-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2520-3150-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HSyXUiW.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyFvNPb.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUMLmRD.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovxzVEN.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vavaGJL.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyFwNZR.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbDuvXN.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqwLinP.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrWEBrP.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTeoRQy.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdpgGBn.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkTQbnU.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgBcSZp.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McWanPc.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWZBpkz.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMWghFY.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waLVtwl.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uphYslL.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtxlqXL.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEaFWZQ.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwOQsZf.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCQtJFB.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZVBmjZ.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvlClOo.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqWSeIk.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oziixVO.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGaXURH.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGtLqeD.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okbPEAz.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOqjokd.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEEagby.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjlSfOM.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOqaSEt.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rafdgtu.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUriMVR.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HagYyns.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHtyqBq.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVUizCk.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DshaQSB.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IovFIwv.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EafWsOP.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIxGNvG.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glDGPlJ.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amAMVXj.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbyUkRv.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODhLHoL.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPUujEU.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgFRxSO.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aoemneZ.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMnSqpU.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfAJnOu.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlJcChw.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEhxVnw.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdyvqAi.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTDMGRN.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsFsyJD.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZiHral.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMJeMKp.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsQYQNt.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTahCme.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CASvSwK.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYaazIz.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNLUltS.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKNlIWP.exe	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2520	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2332 wrote to memory of 2520	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2332 wrote to memory of 2520	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2332 wrote to memory of 2516	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2332 wrote to memory of 2516	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2332 wrote to memory of 2516	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2332 wrote to memory of 2680	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2332 wrote to memory of 2680	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2332 wrote to memory of 2680	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2332 wrote to memory of 2732	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2332 wrote to memory of 2732	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2332 wrote to memory of 2732	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2332 wrote to memory of 2872	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2332 wrote to memory of 2872	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2332 wrote to memory of 2872	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2332 wrote to memory of 2736	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2332 wrote to memory of 2736	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2332 wrote to memory of 2736	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2332 wrote to memory of 2864	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2332 wrote to memory of 2864	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2332 wrote to memory of 2864	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2332 wrote to memory of 948	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2332 wrote to memory of 948	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2332 wrote to memory of 948	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2332 wrote to memory of 2616	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2332 wrote to memory of 2616	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2332 wrote to memory of 2616	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2332 wrote to memory of 2208	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2332 wrote to memory of 2208	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2332 wrote to memory of 2208	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2332 wrote to memory of 2100	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2332 wrote to memory of 2100	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2332 wrote to memory of 2100	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2332 wrote to memory of 2044	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2332 wrote to memory of 2044	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2332 wrote to memory of 2044	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2332 wrote to memory of 1868	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2332 wrote to memory of 1868	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2332 wrote to memory of 1868	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2332 wrote to memory of 2016	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2332 wrote to memory of 2016	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2332 wrote to memory of 2016	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2332 wrote to memory of 1256	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2332 wrote to memory of 1256	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2332 wrote to memory of 1256	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2332 wrote to memory of 2408	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2332 wrote to memory of 2408	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2332 wrote to memory of 2408	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2332 wrote to memory of 2856	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2332 wrote to memory of 2856	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2332 wrote to memory of 2856	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2332 wrote to memory of 1892	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2332 wrote to memory of 1892	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2332 wrote to memory of 1892	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2332 wrote to memory of 760	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2332 wrote to memory of 760	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2332 wrote to memory of 760	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2332 wrote to memory of 1664	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2332 wrote to memory of 1664	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2332 wrote to memory of 1664	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2332 wrote to memory of 2956	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2332 wrote to memory of 2956	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2332 wrote to memory of 2956	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2332 wrote to memory of 2904	2332	2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_90847a1eb104d20d93bd2c38ac973651_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\System\vyzzCgS.exe
  C:\Windows\System\vyzzCgS.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\tFMgRPR.exe
  C:\Windows\System\tFMgRPR.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\lPziSXD.exe
  C:\Windows\System\lPziSXD.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\hknqPeR.exe
  C:\Windows\System\hknqPeR.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\VdlmzJZ.exe
  C:\Windows\System\VdlmzJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\bKOSElX.exe
  C:\Windows\System\bKOSElX.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\crKdNKC.exe
  C:\Windows\System\crKdNKC.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\LaGtzJX.exe
  C:\Windows\System\LaGtzJX.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\jlfiyEq.exe
  C:\Windows\System\jlfiyEq.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\LuOLPTS.exe
  C:\Windows\System\LuOLPTS.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\GYPLAVa.exe
  C:\Windows\System\GYPLAVa.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\tTeoRQy.exe
  C:\Windows\System\tTeoRQy.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\bxFHHWr.exe
  C:\Windows\System\bxFHHWr.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\AOGowVy.exe
  C:\Windows\System\AOGowVy.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\NYXrlGV.exe
  C:\Windows\System\NYXrlGV.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\yhlVKMm.exe
  C:\Windows\System\yhlVKMm.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\Zenbbul.exe
  C:\Windows\System\Zenbbul.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\gBJetag.exe
  C:\Windows\System\gBJetag.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\beQcgnH.exe
  C:\Windows\System\beQcgnH.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\ftPlAzF.exe
  C:\Windows\System\ftPlAzF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\wZSuAui.exe
  C:\Windows\System\wZSuAui.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\akuiSkF.exe
  C:\Windows\System\akuiSkF.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\RKQUMDN.exe
  C:\Windows\System\RKQUMDN.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\SpUGXJd.exe
  C:\Windows\System\SpUGXJd.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\eHvIiEI.exe
  C:\Windows\System\eHvIiEI.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\VVnNtso.exe
  C:\Windows\System\VVnNtso.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\RDRmfio.exe
  C:\Windows\System\RDRmfio.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\jkWKxxf.exe
  C:\Windows\System\jkWKxxf.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\pJhYcwZ.exe
  C:\Windows\System\pJhYcwZ.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\ODhLHoL.exe
  C:\Windows\System\ODhLHoL.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\KunUjWd.exe
  C:\Windows\System\KunUjWd.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\ZMATfRq.exe
  C:\Windows\System\ZMATfRq.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\peEujRc.exe
  C:\Windows\System\peEujRc.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\rackxtB.exe
  C:\Windows\System\rackxtB.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\sxkbIzI.exe
  C:\Windows\System\sxkbIzI.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\NtKTnBs.exe
  C:\Windows\System\NtKTnBs.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\OvYvZWe.exe
  C:\Windows\System\OvYvZWe.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\tKhdvfy.exe
  C:\Windows\System\tKhdvfy.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\WhppOtu.exe
  C:\Windows\System\WhppOtu.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\oUiAtfI.exe
  C:\Windows\System\oUiAtfI.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\iTfQZCc.exe
  C:\Windows\System\iTfQZCc.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\zUiPfIq.exe
  C:\Windows\System\zUiPfIq.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\gJygyRf.exe
  C:\Windows\System\gJygyRf.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\fmePjJT.exe
  C:\Windows\System\fmePjJT.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\rPiZeQe.exe
  C:\Windows\System\rPiZeQe.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\WLJmKjK.exe
  C:\Windows\System\WLJmKjK.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\XmOBmgr.exe
  C:\Windows\System\XmOBmgr.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\aWkopbJ.exe
  C:\Windows\System\aWkopbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\YHtyqBq.exe
  C:\Windows\System\YHtyqBq.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\vRFNbKz.exe
  C:\Windows\System\vRFNbKz.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\SZZwdaS.exe
  C:\Windows\System\SZZwdaS.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\JeUfXuU.exe
  C:\Windows\System\JeUfXuU.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\wtqlSNH.exe
  C:\Windows\System\wtqlSNH.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\NYaazIz.exe
  C:\Windows\System\NYaazIz.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\mpCONVb.exe
  C:\Windows\System\mpCONVb.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\caHkGGs.exe
  C:\Windows\System\caHkGGs.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\rzFePkJ.exe
  C:\Windows\System\rzFePkJ.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\XdLdwtW.exe
  C:\Windows\System\XdLdwtW.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\pFMfTCD.exe
  C:\Windows\System\pFMfTCD.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\bdnsSIA.exe
  C:\Windows\System\bdnsSIA.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\SiuoBVV.exe
  C:\Windows\System\SiuoBVV.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\MYQOuhR.exe
  C:\Windows\System\MYQOuhR.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\JAHbKAH.exe
  C:\Windows\System\JAHbKAH.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\wInsdiQ.exe
  C:\Windows\System\wInsdiQ.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\mvgrJEJ.exe
  C:\Windows\System\mvgrJEJ.exe
  2⤵
  PID:2912
- C:\Windows\System\libJdxK.exe
  C:\Windows\System\libJdxK.exe
  2⤵
  PID:1872
- C:\Windows\System\RPUujEU.exe
  C:\Windows\System\RPUujEU.exe
  2⤵
  PID:3064
- C:\Windows\System\xScyUbH.exe
  C:\Windows\System\xScyUbH.exe
  2⤵
  PID:2568
- C:\Windows\System\emOMUST.exe
  C:\Windows\System\emOMUST.exe
  2⤵
  PID:1528
- C:\Windows\System\zGHHWbk.exe
  C:\Windows\System\zGHHWbk.exe
  2⤵
  PID:1620
- C:\Windows\System\iLpAmGl.exe
  C:\Windows\System\iLpAmGl.exe
  2⤵
  PID:788
- C:\Windows\System\vavaGJL.exe
  C:\Windows\System\vavaGJL.exe
  2⤵
  PID:688
- C:\Windows\System\WzvSSTO.exe
  C:\Windows\System\WzvSSTO.exe
  2⤵
  PID:1520
- C:\Windows\System\AKPBpIf.exe
  C:\Windows\System\AKPBpIf.exe
  2⤵
  PID:1652
- C:\Windows\System\NPTAENv.exe
  C:\Windows\System\NPTAENv.exe
  2⤵
  PID:2320
- C:\Windows\System\MBowEIX.exe
  C:\Windows\System\MBowEIX.exe
  2⤵
  PID:2140
- C:\Windows\System\XAzUOJB.exe
  C:\Windows\System\XAzUOJB.exe
  2⤵
  PID:804
- C:\Windows\System\YhAMupD.exe
  C:\Windows\System\YhAMupD.exe
  2⤵
  PID:2380
- C:\Windows\System\GHfMOff.exe
  C:\Windows\System\GHfMOff.exe
  2⤵
  PID:1284
- C:\Windows\System\fTDMGRN.exe
  C:\Windows\System\fTDMGRN.exe
  2⤵
  PID:2544
- C:\Windows\System\QVUizCk.exe
  C:\Windows\System\QVUizCk.exe
  2⤵
  PID:2428
- C:\Windows\System\hZJanyf.exe
  C:\Windows\System\hZJanyf.exe
  2⤵
  PID:2532
- C:\Windows\System\rgEsRFb.exe
  C:\Windows\System\rgEsRFb.exe
  2⤵
  PID:2500
- C:\Windows\System\BqiywGe.exe
  C:\Windows\System\BqiywGe.exe
  2⤵
  PID:1712
- C:\Windows\System\lsKJSVQ.exe
  C:\Windows\System\lsKJSVQ.exe
  2⤵
  PID:2740
- C:\Windows\System\aqnOWNG.exe
  C:\Windows\System\aqnOWNG.exe
  2⤵
  PID:1636
- C:\Windows\System\IwJsEwm.exe
  C:\Windows\System\IwJsEwm.exe
  2⤵
  PID:1468
- C:\Windows\System\nhmGbwb.exe
  C:\Windows\System\nhmGbwb.exe
  2⤵
  PID:2000
- C:\Windows\System\XnZQBZN.exe
  C:\Windows\System\XnZQBZN.exe
  2⤵
  PID:1708
- C:\Windows\System\RehGCTT.exe
  C:\Windows\System\RehGCTT.exe
  2⤵
  PID:2176
- C:\Windows\System\eHzaWdY.exe
  C:\Windows\System\eHzaWdY.exe
  2⤵
  PID:2460
- C:\Windows\System\DshaQSB.exe
  C:\Windows\System\DshaQSB.exe
  2⤵
  PID:848
- C:\Windows\System\ZzUXltI.exe
  C:\Windows\System\ZzUXltI.exe
  2⤵
  PID:1900
- C:\Windows\System\MdtvIlS.exe
  C:\Windows\System\MdtvIlS.exe
  2⤵
  PID:1732
- C:\Windows\System\QFTwxcQ.exe
  C:\Windows\System\QFTwxcQ.exe
  2⤵
  PID:828
- C:\Windows\System\CNdwfPd.exe
  C:\Windows\System\CNdwfPd.exe
  2⤵
  PID:1700
- C:\Windows\System\PJIrzKS.exe
  C:\Windows\System\PJIrzKS.exe
  2⤵
  PID:2060
- C:\Windows\System\DEOLLND.exe
  C:\Windows\System\DEOLLND.exe
  2⤵
  PID:2056
- C:\Windows\System\hDsavvd.exe
  C:\Windows\System\hDsavvd.exe
  2⤵
  PID:324
- C:\Windows\System\YrmwhwW.exe
  C:\Windows\System\YrmwhwW.exe
  2⤵
  PID:3040
- C:\Windows\System\WjmFqAj.exe
  C:\Windows\System\WjmFqAj.exe
  2⤵
  PID:2424
- C:\Windows\System\ouMrCWy.exe
  C:\Windows\System\ouMrCWy.exe
  2⤵
  PID:2592
- C:\Windows\System\FDEnekW.exe
  C:\Windows\System\FDEnekW.exe
  2⤵
  PID:2844
- C:\Windows\System\AxaLpLR.exe
  C:\Windows\System\AxaLpLR.exe
  2⤵
  PID:1200
- C:\Windows\System\IcTnlBI.exe
  C:\Windows\System\IcTnlBI.exe
  2⤵
  PID:2324
- C:\Windows\System\LUsRNVl.exe
  C:\Windows\System\LUsRNVl.exe
  2⤵
  PID:2236
- C:\Windows\System\awHVaCz.exe
  C:\Windows\System\awHVaCz.exe
  2⤵
  PID:3080
- C:\Windows\System\PiAWRZB.exe
  C:\Windows\System\PiAWRZB.exe
  2⤵
  PID:3100
- C:\Windows\System\jrYIfaM.exe
  C:\Windows\System\jrYIfaM.exe
  2⤵
  PID:3120
- C:\Windows\System\ExYVYDF.exe
  C:\Windows\System\ExYVYDF.exe
  2⤵
  PID:3140
- C:\Windows\System\HZozMzw.exe
  C:\Windows\System\HZozMzw.exe
  2⤵
  PID:3164
- C:\Windows\System\ZTyjItu.exe
  C:\Windows\System\ZTyjItu.exe
  2⤵
  PID:3184
- C:\Windows\System\DeVuHDA.exe
  C:\Windows\System\DeVuHDA.exe
  2⤵
  PID:3204
- C:\Windows\System\dbwqHsi.exe
  C:\Windows\System\dbwqHsi.exe
  2⤵
  PID:3224
- C:\Windows\System\mcAHXbe.exe
  C:\Windows\System\mcAHXbe.exe
  2⤵
  PID:3244
- C:\Windows\System\Pwhewfh.exe
  C:\Windows\System\Pwhewfh.exe
  2⤵
  PID:3260
- C:\Windows\System\okbPEAz.exe
  C:\Windows\System\okbPEAz.exe
  2⤵
  PID:3284
- C:\Windows\System\GGJjzLM.exe
  C:\Windows\System\GGJjzLM.exe
  2⤵
  PID:3304
- C:\Windows\System\gBLJIWp.exe
  C:\Windows\System\gBLJIWp.exe
  2⤵
  PID:3324
- C:\Windows\System\WTslMjp.exe
  C:\Windows\System\WTslMjp.exe
  2⤵
  PID:3344
- C:\Windows\System\CSTBhAD.exe
  C:\Windows\System\CSTBhAD.exe
  2⤵
  PID:3364
- C:\Windows\System\dtyzZBP.exe
  C:\Windows\System\dtyzZBP.exe
  2⤵
  PID:3384
- C:\Windows\System\lRjLKCW.exe
  C:\Windows\System\lRjLKCW.exe
  2⤵
  PID:3404
- C:\Windows\System\oAeHzAP.exe
  C:\Windows\System\oAeHzAP.exe
  2⤵
  PID:3424
- C:\Windows\System\DisJEVF.exe
  C:\Windows\System\DisJEVF.exe
  2⤵
  PID:3444
- C:\Windows\System\gZkhKqd.exe
  C:\Windows\System\gZkhKqd.exe
  2⤵
  PID:3464
- C:\Windows\System\zsyQBah.exe
  C:\Windows\System\zsyQBah.exe
  2⤵
  PID:3484
- C:\Windows\System\EfSolIK.exe
  C:\Windows\System\EfSolIK.exe
  2⤵
  PID:3508
- C:\Windows\System\YWDJqHK.exe
  C:\Windows\System\YWDJqHK.exe
  2⤵
  PID:3528
- C:\Windows\System\aChzCbV.exe
  C:\Windows\System\aChzCbV.exe
  2⤵
  PID:3544
- C:\Windows\System\ujknMzO.exe
  C:\Windows\System\ujknMzO.exe
  2⤵
  PID:3568
- C:\Windows\System\MAeUyDs.exe
  C:\Windows\System\MAeUyDs.exe
  2⤵
  PID:3592
- C:\Windows\System\hliqERt.exe
  C:\Windows\System\hliqERt.exe
  2⤵
  PID:3612
- C:\Windows\System\qrtqanc.exe
  C:\Windows\System\qrtqanc.exe
  2⤵
  PID:3632
- C:\Windows\System\HMNNlZu.exe
  C:\Windows\System\HMNNlZu.exe
  2⤵
  PID:3656
- C:\Windows\System\ghzHcnw.exe
  C:\Windows\System\ghzHcnw.exe
  2⤵
  PID:3672
- C:\Windows\System\yCsTUmc.exe
  C:\Windows\System\yCsTUmc.exe
  2⤵
  PID:3696
- C:\Windows\System\zyizXtk.exe
  C:\Windows\System\zyizXtk.exe
  2⤵
  PID:3712
- C:\Windows\System\ySqpcWu.exe
  C:\Windows\System\ySqpcWu.exe
  2⤵
  PID:3736
- C:\Windows\System\hzORKYe.exe
  C:\Windows\System\hzORKYe.exe
  2⤵
  PID:3756
- C:\Windows\System\LdklJhH.exe
  C:\Windows\System\LdklJhH.exe
  2⤵
  PID:3776
- C:\Windows\System\sKTCrYr.exe
  C:\Windows\System\sKTCrYr.exe
  2⤵
  PID:3792
- C:\Windows\System\SCzexck.exe
  C:\Windows\System\SCzexck.exe
  2⤵
  PID:3816
- C:\Windows\System\tTTsVfc.exe
  C:\Windows\System\tTTsVfc.exe
  2⤵
  PID:3836
- C:\Windows\System\zNLUltS.exe
  C:\Windows\System\zNLUltS.exe
  2⤵
  PID:3856
- C:\Windows\System\cNkuCGq.exe
  C:\Windows\System\cNkuCGq.exe
  2⤵
  PID:3872
- C:\Windows\System\MBSddEA.exe
  C:\Windows\System\MBSddEA.exe
  2⤵
  PID:3900
- C:\Windows\System\LgeuOIF.exe
  C:\Windows\System\LgeuOIF.exe
  2⤵
  PID:3916
- C:\Windows\System\NDFMYJP.exe
  C:\Windows\System\NDFMYJP.exe
  2⤵
  PID:3940
- C:\Windows\System\LNEJHlf.exe
  C:\Windows\System\LNEJHlf.exe
  2⤵
  PID:3956
- C:\Windows\System\IMONObV.exe
  C:\Windows\System\IMONObV.exe
  2⤵
  PID:3980
- C:\Windows\System\KwWZTUs.exe
  C:\Windows\System\KwWZTUs.exe
  2⤵
  PID:4004
- C:\Windows\System\opLqdtQ.exe
  C:\Windows\System\opLqdtQ.exe
  2⤵
  PID:4024
- C:\Windows\System\uqKYjYj.exe
  C:\Windows\System\uqKYjYj.exe
  2⤵
  PID:4044
- C:\Windows\System\JPbuEWx.exe
  C:\Windows\System\JPbuEWx.exe
  2⤵
  PID:4064
- C:\Windows\System\DtoYnqm.exe
  C:\Windows\System\DtoYnqm.exe
  2⤵
  PID:4084
- C:\Windows\System\oZWSSAf.exe
  C:\Windows\System\oZWSSAf.exe
  2⤵
  PID:2128
- C:\Windows\System\SYOpjtT.exe
  C:\Windows\System\SYOpjtT.exe
  2⤵
  PID:1448
- C:\Windows\System\VugemUx.exe
  C:\Windows\System\VugemUx.exe
  2⤵
  PID:1460
- C:\Windows\System\JopEbWF.exe
  C:\Windows\System\JopEbWF.exe
  2⤵
  PID:1012
- C:\Windows\System\kgAukza.exe
  C:\Windows\System\kgAukza.exe
  2⤵
  PID:1628
- C:\Windows\System\ROrbtme.exe
  C:\Windows\System\ROrbtme.exe
  2⤵
  PID:876
- C:\Windows\System\ggQVdZH.exe
  C:\Windows\System\ggQVdZH.exe
  2⤵
  PID:1740
- C:\Windows\System\HSyXUiW.exe
  C:\Windows\System\HSyXUiW.exe
  2⤵
  PID:2800
- C:\Windows\System\ACXnnbj.exe
  C:\Windows\System\ACXnnbj.exe
  2⤵
  PID:3108
- C:\Windows\System\UwcbeUd.exe
  C:\Windows\System\UwcbeUd.exe
  2⤵
  PID:3112
- C:\Windows\System\QbsIcrJ.exe
  C:\Windows\System\QbsIcrJ.exe
  2⤵
  PID:3156
- C:\Windows\System\mSJWlvq.exe
  C:\Windows\System\mSJWlvq.exe
  2⤵
  PID:3192
- C:\Windows\System\gyBrtrE.exe
  C:\Windows\System\gyBrtrE.exe
  2⤵
  PID:3176
- C:\Windows\System\AvEUnnh.exe
  C:\Windows\System\AvEUnnh.exe
  2⤵
  PID:3212
- C:\Windows\System\ZufiqUU.exe
  C:\Windows\System\ZufiqUU.exe
  2⤵
  PID:3272
- C:\Windows\System\afyeWMC.exe
  C:\Windows\System\afyeWMC.exe
  2⤵
  PID:3252
- C:\Windows\System\hOoXHtS.exe
  C:\Windows\System\hOoXHtS.exe
  2⤵
  PID:3316
- C:\Windows\System\FMTmzRS.exe
  C:\Windows\System\FMTmzRS.exe
  2⤵
  PID:3336
- C:\Windows\System\XtzWIlM.exe
  C:\Windows\System\XtzWIlM.exe
  2⤵
  PID:3376
- C:\Windows\System\uTMfXfM.exe
  C:\Windows\System\uTMfXfM.exe
  2⤵
  PID:3476
- C:\Windows\System\FzOhqfd.exe
  C:\Windows\System\FzOhqfd.exe
  2⤵
  PID:3456
- C:\Windows\System\dsGMXsR.exe
  C:\Windows\System\dsGMXsR.exe
  2⤵
  PID:3520
- C:\Windows\System\QXCiKZo.exe
  C:\Windows\System\QXCiKZo.exe
  2⤵
  PID:3560
- C:\Windows\System\pyzDeCb.exe
  C:\Windows\System\pyzDeCb.exe
  2⤵
  PID:3588
- C:\Windows\System\yOgzhVk.exe
  C:\Windows\System\yOgzhVk.exe
  2⤵
  PID:3620
- C:\Windows\System\CFVfZtg.exe
  C:\Windows\System\CFVfZtg.exe
  2⤵
  PID:3680
- C:\Windows\System\svopANi.exe
  C:\Windows\System\svopANi.exe
  2⤵
  PID:3664
- C:\Windows\System\eYriCuo.exe
  C:\Windows\System\eYriCuo.exe
  2⤵
  PID:3728
- C:\Windows\System\NGtaIbo.exe
  C:\Windows\System\NGtaIbo.exe
  2⤵
  PID:3772
- C:\Windows\System\pBUMSPd.exe
  C:\Windows\System\pBUMSPd.exe
  2⤵
  PID:3808
- C:\Windows\System\DgoPdjN.exe
  C:\Windows\System\DgoPdjN.exe
  2⤵
  PID:3824
- C:\Windows\System\GbOEpwy.exe
  C:\Windows\System\GbOEpwy.exe
  2⤵
  PID:3880
- C:\Windows\System\apJnGuI.exe
  C:\Windows\System\apJnGuI.exe
  2⤵
  PID:3868
- C:\Windows\System\PGxjPtc.exe
  C:\Windows\System\PGxjPtc.exe
  2⤵
  PID:3932
- C:\Windows\System\MxxjiUR.exe
  C:\Windows\System\MxxjiUR.exe
  2⤵
  PID:3964
- C:\Windows\System\FCHQFIo.exe
  C:\Windows\System\FCHQFIo.exe
  2⤵
  PID:3952
- C:\Windows\System\tCZJomC.exe
  C:\Windows\System\tCZJomC.exe
  2⤵
  PID:4000
- C:\Windows\System\ZxBtavD.exe
  C:\Windows\System\ZxBtavD.exe
  2⤵
  PID:4036
- C:\Windows\System\hdXgAAE.exe
  C:\Windows\System\hdXgAAE.exe
  2⤵
  PID:4080
- C:\Windows\System\ukkdazX.exe
  C:\Windows\System\ukkdazX.exe
  2⤵
  PID:2080
- C:\Windows\System\awkwNpx.exe
  C:\Windows\System\awkwNpx.exe
  2⤵
  PID:792
- C:\Windows\System\BqvnHXP.exe
  C:\Windows\System\BqvnHXP.exe
  2⤵
  PID:2468
- C:\Windows\System\gyGMiHC.exe
  C:\Windows\System\gyGMiHC.exe
  2⤵
  PID:2168
- C:\Windows\System\fgFRxSO.exe
  C:\Windows\System\fgFRxSO.exe
  2⤵
  PID:1060
- C:\Windows\System\AOqjokd.exe
  C:\Windows\System\AOqjokd.exe
  2⤵
  PID:2924
- C:\Windows\System\zpbCNbC.exe
  C:\Windows\System\zpbCNbC.exe
  2⤵
  PID:3196
- C:\Windows\System\YIPqzZt.exe
  C:\Windows\System\YIPqzZt.exe
  2⤵
  PID:3216
- C:\Windows\System\bTcpNqA.exe
  C:\Windows\System\bTcpNqA.exe
  2⤵
  PID:3240
- C:\Windows\System\uGEzXSG.exe
  C:\Windows\System\uGEzXSG.exe
  2⤵
  PID:3360
- C:\Windows\System\fcnywXO.exe
  C:\Windows\System\fcnywXO.exe
  2⤵
  PID:3332
- C:\Windows\System\WyFvNPb.exe
  C:\Windows\System\WyFvNPb.exe
  2⤵
  PID:3420
- C:\Windows\System\VbhPQqE.exe
  C:\Windows\System\VbhPQqE.exe
  2⤵
  PID:3496
- C:\Windows\System\GGSjxPe.exe
  C:\Windows\System\GGSjxPe.exe
  2⤵
  PID:3516
- C:\Windows\System\wopSUsv.exe
  C:\Windows\System\wopSUsv.exe
  2⤵
  PID:3608
- C:\Windows\System\OKkKtpR.exe
  C:\Windows\System\OKkKtpR.exe
  2⤵
  PID:3688
- C:\Windows\System\YzmspZv.exe
  C:\Windows\System\YzmspZv.exe
  2⤵
  PID:3648
- C:\Windows\System\GsTfVyS.exe
  C:\Windows\System\GsTfVyS.exe
  2⤵
  PID:3720
- C:\Windows\System\TIeKVZy.exe
  C:\Windows\System\TIeKVZy.exe
  2⤵
  PID:3800
- C:\Windows\System\OgHZFWz.exe
  C:\Windows\System\OgHZFWz.exe
  2⤵
  PID:3852
- C:\Windows\System\yHEwuBr.exe
  C:\Windows\System\yHEwuBr.exe
  2⤵
  PID:3892
- C:\Windows\System\lfxXXXH.exe
  C:\Windows\System\lfxXXXH.exe
  2⤵
  PID:4016
- C:\Windows\System\gKNlIWP.exe
  C:\Windows\System\gKNlIWP.exe
  2⤵
  PID:4092
- C:\Windows\System\ShuanYu.exe
  C:\Windows\System\ShuanYu.exe
  2⤵
  PID:1132
- C:\Windows\System\maAUdSK.exe
  C:\Windows\System\maAUdSK.exe
  2⤵
  PID:1680
- C:\Windows\System\sBmqaPz.exe
  C:\Windows\System\sBmqaPz.exe
  2⤵
  PID:3148
- C:\Windows\System\LUbmfYz.exe
  C:\Windows\System\LUbmfYz.exe
  2⤵
  PID:572
- C:\Windows\System\asJzfQV.exe
  C:\Windows\System\asJzfQV.exe
  2⤵
  PID:1836
- C:\Windows\System\ZWrdbXd.exe
  C:\Windows\System\ZWrdbXd.exe
  2⤵
  PID:3300
- C:\Windows\System\mQRnLjl.exe
  C:\Windows\System\mQRnLjl.exe
  2⤵
  PID:3396
- C:\Windows\System\luHjPwd.exe
  C:\Windows\System\luHjPwd.exe
  2⤵
  PID:3096
- C:\Windows\System\cZqsnPN.exe
  C:\Windows\System\cZqsnPN.exe
  2⤵
  PID:3436
- C:\Windows\System\NOmNBmd.exe
  C:\Windows\System\NOmNBmd.exe
  2⤵
  PID:3692
- C:\Windows\System\vorljPB.exe
  C:\Windows\System\vorljPB.exe
  2⤵
  PID:3604
- C:\Windows\System\iLMCgdT.exe
  C:\Windows\System\iLMCgdT.exe
  2⤵
  PID:3924
- C:\Windows\System\HYNywVj.exe
  C:\Windows\System\HYNywVj.exe
  2⤵
  PID:3784
- C:\Windows\System\OmamEwz.exe
  C:\Windows\System\OmamEwz.exe
  2⤵
  PID:3912
- C:\Windows\System\BFXysBK.exe
  C:\Windows\System\BFXysBK.exe
  2⤵
  PID:3004
- C:\Windows\System\jKjKRKJ.exe
  C:\Windows\System\jKjKRKJ.exe
  2⤵
  PID:1576
- C:\Windows\System\eTunJPJ.exe
  C:\Windows\System\eTunJPJ.exe
  2⤵
  PID:1432
- C:\Windows\System\KtZlHWh.exe
  C:\Windows\System\KtZlHWh.exe
  2⤵
  PID:4116
- C:\Windows\System\oBbvIYO.exe
  C:\Windows\System\oBbvIYO.exe
  2⤵
  PID:4136
- C:\Windows\System\mNLFrTi.exe
  C:\Windows\System\mNLFrTi.exe
  2⤵
  PID:4152
- C:\Windows\System\bGvMhGT.exe
  C:\Windows\System\bGvMhGT.exe
  2⤵
  PID:4172
- C:\Windows\System\husaiji.exe
  C:\Windows\System\husaiji.exe
  2⤵
  PID:4192
- C:\Windows\System\AgXuuTh.exe
  C:\Windows\System\AgXuuTh.exe
  2⤵
  PID:4212
- C:\Windows\System\mIaqHgi.exe
  C:\Windows\System\mIaqHgi.exe
  2⤵
  PID:4236
- C:\Windows\System\rxLxgUh.exe
  C:\Windows\System\rxLxgUh.exe
  2⤵
  PID:4256
- C:\Windows\System\WOWGLtt.exe
  C:\Windows\System\WOWGLtt.exe
  2⤵
  PID:4272
- C:\Windows\System\OnfiiCp.exe
  C:\Windows\System\OnfiiCp.exe
  2⤵
  PID:4292
- C:\Windows\System\FmFhIeS.exe
  C:\Windows\System\FmFhIeS.exe
  2⤵
  PID:4316
- C:\Windows\System\luegHvR.exe
  C:\Windows\System\luegHvR.exe
  2⤵
  PID:4336
- C:\Windows\System\zcxvHVa.exe
  C:\Windows\System\zcxvHVa.exe
  2⤵
  PID:4356
- C:\Windows\System\PXkFpJM.exe
  C:\Windows\System\PXkFpJM.exe
  2⤵
  PID:4376
- C:\Windows\System\PARayFI.exe
  C:\Windows\System\PARayFI.exe
  2⤵
  PID:4392
- C:\Windows\System\amwXHSk.exe
  C:\Windows\System\amwXHSk.exe
  2⤵
  PID:4416
- C:\Windows\System\XHKPanX.exe
  C:\Windows\System\XHKPanX.exe
  2⤵
  PID:4436
- C:\Windows\System\zDpgkoZ.exe
  C:\Windows\System\zDpgkoZ.exe
  2⤵
  PID:4456
- C:\Windows\System\iFuiOUi.exe
  C:\Windows\System\iFuiOUi.exe
  2⤵
  PID:4476
- C:\Windows\System\pLJpRao.exe
  C:\Windows\System\pLJpRao.exe
  2⤵
  PID:4496
- C:\Windows\System\oYyVNRq.exe
  C:\Windows\System\oYyVNRq.exe
  2⤵
  PID:4520
- C:\Windows\System\GrpozDM.exe
  C:\Windows\System\GrpozDM.exe
  2⤵
  PID:4540
- C:\Windows\System\pnVzZPL.exe
  C:\Windows\System\pnVzZPL.exe
  2⤵
  PID:4560
- C:\Windows\System\ubABoxL.exe
  C:\Windows\System\ubABoxL.exe
  2⤵
  PID:4580
- C:\Windows\System\kNDjAle.exe
  C:\Windows\System\kNDjAle.exe
  2⤵
  PID:4600
- C:\Windows\System\cigDYSc.exe
  C:\Windows\System\cigDYSc.exe
  2⤵
  PID:4620
- C:\Windows\System\AxRXSms.exe
  C:\Windows\System\AxRXSms.exe
  2⤵
  PID:4640
- C:\Windows\System\odzVRUl.exe
  C:\Windows\System\odzVRUl.exe
  2⤵
  PID:4660
- C:\Windows\System\sldOzuP.exe
  C:\Windows\System\sldOzuP.exe
  2⤵
  PID:4680
- C:\Windows\System\nEwxFpk.exe
  C:\Windows\System\nEwxFpk.exe
  2⤵
  PID:4700
- C:\Windows\System\hSkxqHd.exe
  C:\Windows\System\hSkxqHd.exe
  2⤵
  PID:4720
- C:\Windows\System\cRjHWlt.exe
  C:\Windows\System\cRjHWlt.exe
  2⤵
  PID:4740
- C:\Windows\System\DLUSFMx.exe
  C:\Windows\System\DLUSFMx.exe
  2⤵
  PID:4760
- C:\Windows\System\WKqsJEx.exe
  C:\Windows\System\WKqsJEx.exe
  2⤵
  PID:4780
- C:\Windows\System\uDwYgsv.exe
  C:\Windows\System\uDwYgsv.exe
  2⤵
  PID:4800
- C:\Windows\System\aoemneZ.exe
  C:\Windows\System\aoemneZ.exe
  2⤵
  PID:4820
- C:\Windows\System\fpbTKKV.exe
  C:\Windows\System\fpbTKKV.exe
  2⤵
  PID:4840
- C:\Windows\System\kJxFyEx.exe
  C:\Windows\System\kJxFyEx.exe
  2⤵
  PID:4860
- C:\Windows\System\CeNOxDP.exe
  C:\Windows\System\CeNOxDP.exe
  2⤵
  PID:4880
- C:\Windows\System\XJPXtqP.exe
  C:\Windows\System\XJPXtqP.exe
  2⤵
  PID:4900
- C:\Windows\System\KHjoiik.exe
  C:\Windows\System\KHjoiik.exe
  2⤵
  PID:4920
- C:\Windows\System\wZUimsS.exe
  C:\Windows\System\wZUimsS.exe
  2⤵
  PID:4940
- C:\Windows\System\SBdNKfU.exe
  C:\Windows\System\SBdNKfU.exe
  2⤵
  PID:4960
- C:\Windows\System\lxpfmYv.exe
  C:\Windows\System\lxpfmYv.exe
  2⤵
  PID:4980
- C:\Windows\System\IouQtve.exe
  C:\Windows\System\IouQtve.exe
  2⤵
  PID:5000
- C:\Windows\System\ZPBViJo.exe
  C:\Windows\System\ZPBViJo.exe
  2⤵
  PID:5020
- C:\Windows\System\tYbjIME.exe
  C:\Windows\System\tYbjIME.exe
  2⤵
  PID:5040
- C:\Windows\System\UvPWZCM.exe
  C:\Windows\System\UvPWZCM.exe
  2⤵
  PID:5060
- C:\Windows\System\VJcCYgs.exe
  C:\Windows\System\VJcCYgs.exe
  2⤵
  PID:5080
- C:\Windows\System\hxVZKUs.exe
  C:\Windows\System\hxVZKUs.exe
  2⤵
  PID:5100
- C:\Windows\System\Atgodai.exe
  C:\Windows\System\Atgodai.exe
  2⤵
  PID:2184
- C:\Windows\System\HCzpCuc.exe
  C:\Windows\System\HCzpCuc.exe
  2⤵
  PID:1724
- C:\Windows\System\ngwKKQa.exe
  C:\Windows\System\ngwKKQa.exe
  2⤵
  PID:3524
- C:\Windows\System\ParvYym.exe
  C:\Windows\System\ParvYym.exe
  2⤵
  PID:3452
- C:\Windows\System\muODRAB.exe
  C:\Windows\System\muODRAB.exe
  2⤵
  PID:3668
- C:\Windows\System\FsinlrQ.exe
  C:\Windows\System\FsinlrQ.exe
  2⤵
  PID:3724
- C:\Windows\System\LgkoTOS.exe
  C:\Windows\System\LgkoTOS.exe
  2⤵
  PID:4072
- C:\Windows\System\cmxEGNf.exe
  C:\Windows\System\cmxEGNf.exe
  2⤵
  PID:3752
- C:\Windows\System\JsxSoZw.exe
  C:\Windows\System\JsxSoZw.exe
  2⤵
  PID:4124
- C:\Windows\System\ZxKOJtj.exe
  C:\Windows\System\ZxKOJtj.exe
  2⤵
  PID:4104
- C:\Windows\System\sBWRDuq.exe
  C:\Windows\System\sBWRDuq.exe
  2⤵
  PID:4168
- C:\Windows\System\tFJPQFb.exe
  C:\Windows\System\tFJPQFb.exe
  2⤵
  PID:4208
- C:\Windows\System\IjxROqK.exe
  C:\Windows\System\IjxROqK.exe
  2⤵
  PID:4180
- C:\Windows\System\dgrMzLP.exe
  C:\Windows\System\dgrMzLP.exe
  2⤵
  PID:4228
- C:\Windows\System\MZVZHbf.exe
  C:\Windows\System\MZVZHbf.exe
  2⤵
  PID:4304
- C:\Windows\System\JnlCzRF.exe
  C:\Windows\System\JnlCzRF.exe
  2⤵
  PID:4332
- C:\Windows\System\TGwmNgw.exe
  C:\Windows\System\TGwmNgw.exe
  2⤵
  PID:4348
- C:\Windows\System\jEPgHXs.exe
  C:\Windows\System\jEPgHXs.exe
  2⤵
  PID:4412
- C:\Windows\System\WEeGcEp.exe
  C:\Windows\System\WEeGcEp.exe
  2⤵
  PID:4432
- C:\Windows\System\aDVFEKj.exe
  C:\Windows\System\aDVFEKj.exe
  2⤵
  PID:4484
- C:\Windows\System\IsFsyJD.exe
  C:\Windows\System\IsFsyJD.exe
  2⤵
  PID:4488
- C:\Windows\System\QyaMpII.exe
  C:\Windows\System\QyaMpII.exe
  2⤵
  PID:4536
- C:\Windows\System\TCqnZbd.exe
  C:\Windows\System\TCqnZbd.exe
  2⤵
  PID:4556
- C:\Windows\System\gvBRfxo.exe
  C:\Windows\System\gvBRfxo.exe
  2⤵
  PID:4596
- C:\Windows\System\dvydtyn.exe
  C:\Windows\System\dvydtyn.exe
  2⤵
  PID:4656
- C:\Windows\System\xSFpSFj.exe
  C:\Windows\System\xSFpSFj.exe
  2⤵
  PID:4668
- C:\Windows\System\iPiZECC.exe
  C:\Windows\System\iPiZECC.exe
  2⤵
  PID:4692
- C:\Windows\System\eiUizDi.exe
  C:\Windows\System\eiUizDi.exe
  2⤵
  PID:4712
- C:\Windows\System\qSQsCIP.exe
  C:\Windows\System\qSQsCIP.exe
  2⤵
  PID:4776
- C:\Windows\System\cHDEMhw.exe
  C:\Windows\System\cHDEMhw.exe
  2⤵
  PID:4816
- C:\Windows\System\flrQoJi.exe
  C:\Windows\System\flrQoJi.exe
  2⤵
  PID:4828
- C:\Windows\System\qEbqqjW.exe
  C:\Windows\System\qEbqqjW.exe
  2⤵
  PID:4856
- C:\Windows\System\gJQQnKe.exe
  C:\Windows\System\gJQQnKe.exe
  2⤵
  PID:4876
- C:\Windows\System\JCFINiG.exe
  C:\Windows\System\JCFINiG.exe
  2⤵
  PID:4928
- C:\Windows\System\txoqcXZ.exe
  C:\Windows\System\txoqcXZ.exe
  2⤵
  PID:4948
- C:\Windows\System\nZxwpoB.exe
  C:\Windows\System\nZxwpoB.exe
  2⤵
  PID:4972
- C:\Windows\System\rMehZZj.exe
  C:\Windows\System\rMehZZj.exe
  2⤵
  PID:4996
- C:\Windows\System\lQoWDnm.exe
  C:\Windows\System\lQoWDnm.exe
  2⤵
  PID:5036
- C:\Windows\System\abPUbXW.exe
  C:\Windows\System\abPUbXW.exe
  2⤵
  PID:5076
- C:\Windows\System\IropUcN.exe
  C:\Windows\System\IropUcN.exe
  2⤵
  PID:5108
- C:\Windows\System\eiBJqUL.exe
  C:\Windows\System\eiBJqUL.exe
  2⤵
  PID:2280
- C:\Windows\System\hJEpJAv.exe
  C:\Windows\System\hJEpJAv.exe
  2⤵
  PID:3296
- C:\Windows\System\SqFEDua.exe
  C:\Windows\System\SqFEDua.exe
  2⤵
  PID:3704
- C:\Windows\System\tirocVq.exe
  C:\Windows\System\tirocVq.exe
  2⤵
  PID:3828
- C:\Windows\System\pLrMHXR.exe
  C:\Windows\System\pLrMHXR.exe
  2⤵
  PID:2880
- C:\Windows\System\FRBpRNJ.exe
  C:\Windows\System\FRBpRNJ.exe
  2⤵
  PID:4160
- C:\Windows\System\YhQSAIo.exe
  C:\Windows\System\YhQSAIo.exe
  2⤵
  PID:4112
- C:\Windows\System\YNjeLMK.exe
  C:\Windows\System\YNjeLMK.exe
  2⤵
  PID:4220
- C:\Windows\System\tzVwxZD.exe
  C:\Windows\System\tzVwxZD.exe
  2⤵
  PID:2792
- C:\Windows\System\VHpziUN.exe
  C:\Windows\System\VHpziUN.exe
  2⤵
  PID:4408
- C:\Windows\System\yfmjEEW.exe
  C:\Windows\System\yfmjEEW.exe
  2⤵
  PID:4404
- C:\Windows\System\NwhZYIq.exe
  C:\Windows\System\NwhZYIq.exe
  2⤵
  PID:4448
- C:\Windows\System\RnzSqbZ.exe
  C:\Windows\System\RnzSqbZ.exe
  2⤵
  PID:4528
- C:\Windows\System\xsmYEli.exe
  C:\Windows\System\xsmYEli.exe
  2⤵
  PID:4568
- C:\Windows\System\WYlndto.exe
  C:\Windows\System\WYlndto.exe
  2⤵
  PID:4648
- C:\Windows\System\xVvGeIi.exe
  C:\Windows\System\xVvGeIi.exe
  2⤵
  PID:4672
- C:\Windows\System\NvNqMFQ.exe
  C:\Windows\System\NvNqMFQ.exe
  2⤵
  PID:4732
- C:\Windows\System\PUQjspe.exe
  C:\Windows\System\PUQjspe.exe
  2⤵
  PID:4752
- C:\Windows\System\AlaHkKy.exe
  C:\Windows\System\AlaHkKy.exe
  2⤵
  PID:4852
- C:\Windows\System\ZMBBAyX.exe
  C:\Windows\System\ZMBBAyX.exe
  2⤵
  PID:4892
- C:\Windows\System\zqzFwYC.exe
  C:\Windows\System\zqzFwYC.exe
  2⤵
  PID:4956
- C:\Windows\System\EATvGKC.exe
  C:\Windows\System\EATvGKC.exe
  2⤵
  PID:4988
- C:\Windows\System\nahmhRh.exe
  C:\Windows\System\nahmhRh.exe
  2⤵
  PID:5088
- C:\Windows\System\sQLdVFO.exe
  C:\Windows\System\sQLdVFO.exe
  2⤵
  PID:5096
- C:\Windows\System\sQyVIzo.exe
  C:\Windows\System\sQyVIzo.exe
  2⤵
  PID:3320
- C:\Windows\System\rCWeTMx.exe
  C:\Windows\System\rCWeTMx.exe
  2⤵
  PID:3768
- C:\Windows\System\LEAqhzc.exe
  C:\Windows\System\LEAqhzc.exe
  2⤵
  PID:5132
- C:\Windows\System\blxcGsL.exe
  C:\Windows\System\blxcGsL.exe
  2⤵
  PID:5152
- C:\Windows\System\BlrLuIp.exe
  C:\Windows\System\BlrLuIp.exe
  2⤵
  PID:5172
- C:\Windows\System\pSBSWgM.exe
  C:\Windows\System\pSBSWgM.exe
  2⤵
  PID:5192
- C:\Windows\System\xCOCEyO.exe
  C:\Windows\System\xCOCEyO.exe
  2⤵
  PID:5212
- C:\Windows\System\vaxaGbe.exe
  C:\Windows\System\vaxaGbe.exe
  2⤵
  PID:5232
- C:\Windows\System\XRLZptb.exe
  C:\Windows\System\XRLZptb.exe
  2⤵
  PID:5252
- C:\Windows\System\PcclwBt.exe
  C:\Windows\System\PcclwBt.exe
  2⤵
  PID:5272
- C:\Windows\System\rEFJmKF.exe
  C:\Windows\System\rEFJmKF.exe
  2⤵
  PID:5292
- C:\Windows\System\lGomBRu.exe
  C:\Windows\System\lGomBRu.exe
  2⤵
  PID:5312
- C:\Windows\System\fbBIjbs.exe
  C:\Windows\System\fbBIjbs.exe
  2⤵
  PID:5332
- C:\Windows\System\FsSpOcq.exe
  C:\Windows\System\FsSpOcq.exe
  2⤵
  PID:5352
- C:\Windows\System\rNJsUbo.exe
  C:\Windows\System\rNJsUbo.exe
  2⤵
  PID:5372
- C:\Windows\System\rbBWLby.exe
  C:\Windows\System\rbBWLby.exe
  2⤵
  PID:5392
- C:\Windows\System\DpSpZsm.exe
  C:\Windows\System\DpSpZsm.exe
  2⤵
  PID:5412
- C:\Windows\System\mnQCses.exe
  C:\Windows\System\mnQCses.exe
  2⤵
  PID:5432
- C:\Windows\System\oOXyKmB.exe
  C:\Windows\System\oOXyKmB.exe
  2⤵
  PID:5456
- C:\Windows\System\fPvGvvo.exe
  C:\Windows\System\fPvGvvo.exe
  2⤵
  PID:5476
- C:\Windows\System\VqXGhos.exe
  C:\Windows\System\VqXGhos.exe
  2⤵
  PID:5496
- C:\Windows\System\LLUveVn.exe
  C:\Windows\System\LLUveVn.exe
  2⤵
  PID:5516
- C:\Windows\System\IcWDoAk.exe
  C:\Windows\System\IcWDoAk.exe
  2⤵
  PID:5536
- C:\Windows\System\bmJozdu.exe
  C:\Windows\System\bmJozdu.exe
  2⤵
  PID:5556
- C:\Windows\System\QegcYpv.exe
  C:\Windows\System\QegcYpv.exe
  2⤵
  PID:5576
- C:\Windows\System\ZbAcbOf.exe
  C:\Windows\System\ZbAcbOf.exe
  2⤵
  PID:5596
- C:\Windows\System\uRVmxAm.exe
  C:\Windows\System\uRVmxAm.exe
  2⤵
  PID:5616
- C:\Windows\System\btYGXfX.exe
  C:\Windows\System\btYGXfX.exe
  2⤵
  PID:5636
- C:\Windows\System\LsKaeVv.exe
  C:\Windows\System\LsKaeVv.exe
  2⤵
  PID:5656
- C:\Windows\System\aUokWWp.exe
  C:\Windows\System\aUokWWp.exe
  2⤵
  PID:5676
- C:\Windows\System\IMgfTul.exe
  C:\Windows\System\IMgfTul.exe
  2⤵
  PID:5692
- C:\Windows\System\udoXYjX.exe
  C:\Windows\System\udoXYjX.exe
  2⤵
  PID:5720
- C:\Windows\System\fqvkBvM.exe
  C:\Windows\System\fqvkBvM.exe
  2⤵
  PID:5740
- C:\Windows\System\pzaeGJH.exe
  C:\Windows\System\pzaeGJH.exe
  2⤵
  PID:5760
- C:\Windows\System\oRJHfnJ.exe
  C:\Windows\System\oRJHfnJ.exe
  2⤵
  PID:5780
- C:\Windows\System\jENXIXk.exe
  C:\Windows\System\jENXIXk.exe
  2⤵
  PID:5800
- C:\Windows\System\XcXDrgQ.exe
  C:\Windows\System\XcXDrgQ.exe
  2⤵
  PID:5820
- C:\Windows\System\xMyzifm.exe
  C:\Windows\System\xMyzifm.exe
  2⤵
  PID:5840
- C:\Windows\System\sKXXsfO.exe
  C:\Windows\System\sKXXsfO.exe
  2⤵
  PID:5856
- C:\Windows\System\ZnGXTrG.exe
  C:\Windows\System\ZnGXTrG.exe
  2⤵
  PID:5880
- C:\Windows\System\AgtQVZK.exe
  C:\Windows\System\AgtQVZK.exe
  2⤵
  PID:5900
- C:\Windows\System\IODWagj.exe
  C:\Windows\System\IODWagj.exe
  2⤵
  PID:5920
- C:\Windows\System\mCfZYhd.exe
  C:\Windows\System\mCfZYhd.exe
  2⤵
  PID:5940
- C:\Windows\System\WqOeopK.exe
  C:\Windows\System\WqOeopK.exe
  2⤵
  PID:5960
- C:\Windows\System\ejUvcpV.exe
  C:\Windows\System\ejUvcpV.exe
  2⤵
  PID:5980
- C:\Windows\System\hUumTTa.exe
  C:\Windows\System\hUumTTa.exe
  2⤵
  PID:6000
- C:\Windows\System\kUcAkgK.exe
  C:\Windows\System\kUcAkgK.exe
  2⤵
  PID:6020
- C:\Windows\System\vUrjMEu.exe
  C:\Windows\System\vUrjMEu.exe
  2⤵
  PID:6040
- C:\Windows\System\bQTerEZ.exe
  C:\Windows\System\bQTerEZ.exe
  2⤵
  PID:6060
- C:\Windows\System\QSwqDBp.exe
  C:\Windows\System\QSwqDBp.exe
  2⤵
  PID:6080
- C:\Windows\System\bwJrOyZ.exe
  C:\Windows\System\bwJrOyZ.exe
  2⤵
  PID:6100
- C:\Windows\System\XFavlIj.exe
  C:\Windows\System\XFavlIj.exe
  2⤵
  PID:6120
- C:\Windows\System\CfhWHEm.exe
  C:\Windows\System\CfhWHEm.exe
  2⤵
  PID:3844
- C:\Windows\System\wKntbst.exe
  C:\Windows\System\wKntbst.exe
  2⤵
  PID:3988
- C:\Windows\System\TLQbFTO.exe
  C:\Windows\System\TLQbFTO.exe
  2⤵
  PID:4232
- C:\Windows\System\qAUlywE.exe
  C:\Windows\System\qAUlywE.exe
  2⤵
  PID:4268
- C:\Windows\System\sChmzyP.exe
  C:\Windows\System\sChmzyP.exe
  2⤵
  PID:4400
- C:\Windows\System\kAsdQuY.exe
  C:\Windows\System\kAsdQuY.exe
  2⤵
  PID:4572
- C:\Windows\System\JAUrvqK.exe
  C:\Windows\System\JAUrvqK.exe
  2⤵
  PID:4608
- C:\Windows\System\kSdkCWK.exe
  C:\Windows\System\kSdkCWK.exe
  2⤵
  PID:4616
- C:\Windows\System\GnvbrdI.exe
  C:\Windows\System\GnvbrdI.exe
  2⤵
  PID:4696
- C:\Windows\System\OcKnXwN.exe
  C:\Windows\System\OcKnXwN.exe
  2⤵
  PID:4888
- C:\Windows\System\tTHMXKF.exe
  C:\Windows\System\tTHMXKF.exe
  2⤵
  PID:4932
- C:\Windows\System\hyPthEM.exe
  C:\Windows\System\hyPthEM.exe
  2⤵
  PID:2896
- C:\Windows\System\orlgBkg.exe
  C:\Windows\System\orlgBkg.exe
  2⤵
  PID:5068
- C:\Windows\System\HjFgeJB.exe
  C:\Windows\System\HjFgeJB.exe
  2⤵
  PID:3432
- C:\Windows\System\coCrEny.exe
  C:\Windows\System\coCrEny.exe
  2⤵
  PID:3832
- C:\Windows\System\IlAsClZ.exe
  C:\Windows\System\IlAsClZ.exe
  2⤵
  PID:5180
- C:\Windows\System\pDXQqJf.exe
  C:\Windows\System\pDXQqJf.exe
  2⤵
  PID:5220
- C:\Windows\System\yAvZzeV.exe
  C:\Windows\System\yAvZzeV.exe
  2⤵
  PID:5224
- C:\Windows\System\WGsSdsp.exe
  C:\Windows\System\WGsSdsp.exe
  2⤵
  PID:5244
- C:\Windows\System\zaVxEvR.exe
  C:\Windows\System\zaVxEvR.exe
  2⤵
  PID:5288
- C:\Windows\System\lbtiYPc.exe
  C:\Windows\System\lbtiYPc.exe
  2⤵
  PID:5348
- C:\Windows\System\IovFIwv.exe
  C:\Windows\System\IovFIwv.exe
  2⤵
  PID:5360
- C:\Windows\System\npKJYrc.exe
  C:\Windows\System\npKJYrc.exe
  2⤵
  PID:5384
- C:\Windows\System\IAEXQEo.exe
  C:\Windows\System\IAEXQEo.exe
  2⤵
  PID:5408
- C:\Windows\System\uHorjKr.exe
  C:\Windows\System\uHorjKr.exe
  2⤵
  PID:5440
- C:\Windows\System\zCtDwbh.exe
  C:\Windows\System\zCtDwbh.exe
  2⤵
  PID:5512
- C:\Windows\System\BnmBHfH.exe
  C:\Windows\System\BnmBHfH.exe
  2⤵
  PID:5524
- C:\Windows\System\gDMOGmP.exe
  C:\Windows\System\gDMOGmP.exe
  2⤵
  PID:5584
- C:\Windows\System\nJUrPYh.exe
  C:\Windows\System\nJUrPYh.exe
  2⤵
  PID:5568
- C:\Windows\System\cYNiKNn.exe
  C:\Windows\System\cYNiKNn.exe
  2⤵
  PID:5628
- C:\Windows\System\zOHuIBd.exe
  C:\Windows\System\zOHuIBd.exe
  2⤵
  PID:5644
- C:\Windows\System\kkKNRwH.exe
  C:\Windows\System\kkKNRwH.exe
  2⤵
  PID:5712
- C:\Windows\System\LEMtYsL.exe
  C:\Windows\System\LEMtYsL.exe
  2⤵
  PID:5748
- C:\Windows\System\ECsinjC.exe
  C:\Windows\System\ECsinjC.exe
  2⤵
  PID:2892
- C:\Windows\System\sruslYF.exe
  C:\Windows\System\sruslYF.exe
  2⤵
  PID:5796
- C:\Windows\System\jtEsvmW.exe
  C:\Windows\System\jtEsvmW.exe
  2⤵
  PID:5828
- C:\Windows\System\OVewQgp.exe
  C:\Windows\System\OVewQgp.exe
  2⤵
  PID:5864
- C:\Windows\System\ENohiRi.exe
  C:\Windows\System\ENohiRi.exe
  2⤵
  PID:5872
- C:\Windows\System\gSXwtvj.exe
  C:\Windows\System\gSXwtvj.exe
  2⤵
  PID:5892
- C:\Windows\System\RxNsFvn.exe
  C:\Windows\System\RxNsFvn.exe
  2⤵
  PID:5716
- C:\Windows\System\FgKAxGo.exe
  C:\Windows\System\FgKAxGo.exe
  2⤵
  PID:1688
- C:\Windows\System\DrsIjMP.exe
  C:\Windows\System\DrsIjMP.exe
  2⤵
  PID:2816
- C:\Windows\System\kLaVYWO.exe
  C:\Windows\System\kLaVYWO.exe
  2⤵
  PID:6028
- C:\Windows\System\PhHFlpe.exe
  C:\Windows\System\PhHFlpe.exe
  2⤵
  PID:6012
- C:\Windows\System\IUGdlHS.exe
  C:\Windows\System\IUGdlHS.exe
  2⤵
  PID:6056
- C:\Windows\System\BIcheky.exe
  C:\Windows\System\BIcheky.exe
  2⤵
  PID:6052
- C:\Windows\System\YNBAdjy.exe
  C:\Windows\System\YNBAdjy.exe
  2⤵
  PID:6116
- C:\Windows\System\TlbjAem.exe
  C:\Windows\System\TlbjAem.exe
  2⤵
  PID:6132
- C:\Windows\System\UESJewx.exe
  C:\Windows\System\UESJewx.exe
  2⤵
  PID:4108
- C:\Windows\System\LHToxHP.exe
  C:\Windows\System\LHToxHP.exe
  2⤵
  PID:4300
- C:\Windows\System\ZqgIrDw.exe
  C:\Windows\System\ZqgIrDw.exe
  2⤵
  PID:4492
- C:\Windows\System\kDKuyPz.exe
  C:\Windows\System\kDKuyPz.exe
  2⤵
  PID:4652
- C:\Windows\System\pzdiYVf.exe
  C:\Windows\System\pzdiYVf.exe
  2⤵
  PID:4576
- C:\Windows\System\wxhyauu.exe
  C:\Windows\System\wxhyauu.exe
  2⤵
  PID:4748
- C:\Windows\System\DZbfcIt.exe
  C:\Windows\System\DZbfcIt.exe
  2⤵
  PID:4868
- C:\Windows\System\XnSzmPS.exe
  C:\Windows\System\XnSzmPS.exe
  2⤵
  PID:5008
- C:\Windows\System\dCMycAW.exe
  C:\Windows\System\dCMycAW.exe
  2⤵
  PID:5048
- C:\Windows\System\tuKoByj.exe
  C:\Windows\System\tuKoByj.exe
  2⤵
  PID:3536
- C:\Windows\System\cwVIBfT.exe
  C:\Windows\System\cwVIBfT.exe
  2⤵
  PID:5144
- C:\Windows\System\ABxVVCU.exe
  C:\Windows\System\ABxVVCU.exe
  2⤵
  PID:5168
- C:\Windows\System\ATBnbLS.exe
  C:\Windows\System\ATBnbLS.exe
  2⤵
  PID:5248
- C:\Windows\System\nLADSeW.exe
  C:\Windows\System\nLADSeW.exe
  2⤵
  PID:5280
- C:\Windows\System\lkePLeL.exe
  C:\Windows\System\lkePLeL.exe
  2⤵
  PID:5328
- C:\Windows\System\USwLzSp.exe
  C:\Windows\System\USwLzSp.exe
  2⤵
  PID:5284
- C:\Windows\System\BOoqjzF.exe
  C:\Windows\System\BOoqjzF.exe
  2⤵
  PID:5400
- C:\Windows\System\RHnmedd.exe
  C:\Windows\System\RHnmedd.exe
  2⤵
  PID:5464
- C:\Windows\System\jOTCDNG.exe
  C:\Windows\System\jOTCDNG.exe
  2⤵
  PID:5504
- C:\Windows\System\eWVBqCd.exe
  C:\Windows\System\eWVBqCd.exe
  2⤵
  PID:5488
- C:\Windows\System\CHhDEqx.exe
  C:\Windows\System\CHhDEqx.exe
  2⤵
  PID:5528
- C:\Windows\System\pUQpypR.exe
  C:\Windows\System\pUQpypR.exe
  2⤵
  PID:5604
- C:\Windows\System\crCnpgf.exe
  C:\Windows\System\crCnpgf.exe
  2⤵
  PID:5304
- C:\Windows\System\IdTVTJz.exe
  C:\Windows\System\IdTVTJz.exe
  2⤵
  PID:5700
- C:\Windows\System\TvgprkH.exe
  C:\Windows\System\TvgprkH.exe
  2⤵
  PID:5728
- C:\Windows\System\tTDIIqh.exe
  C:\Windows\System\tTDIIqh.exe
  2⤵
  PID:5736
- C:\Windows\System\LNtFrWv.exe
  C:\Windows\System\LNtFrWv.exe
  2⤵
  PID:5768
- C:\Windows\System\QAuxokW.exe
  C:\Windows\System\QAuxokW.exe
  2⤵
  PID:5812
- C:\Windows\System\goZRQbX.exe
  C:\Windows\System\goZRQbX.exe
  2⤵
  PID:5852
- C:\Windows\System\yGNNqND.exe
  C:\Windows\System\yGNNqND.exe
  2⤵
  PID:5912
- C:\Windows\System\XHfgKDJ.exe
  C:\Windows\System\XHfgKDJ.exe
  2⤵
  PID:5948
- C:\Windows\System\DmEBrGH.exe
  C:\Windows\System\DmEBrGH.exe
  2⤵
  PID:5996
- C:\Windows\System\cItoXME.exe
  C:\Windows\System\cItoXME.exe
  2⤵
  PID:5972
- C:\Windows\System\gBXALJW.exe
  C:\Windows\System\gBXALJW.exe
  2⤵
  PID:6068
- C:\Windows\System\DbrMdli.exe
  C:\Windows\System\DbrMdli.exe
  2⤵
  PID:6092
- C:\Windows\System\VBTfrwF.exe
  C:\Windows\System\VBTfrwF.exe
  2⤵
  PID:4148
- C:\Windows\System\SvgBFxJ.exe
  C:\Windows\System\SvgBFxJ.exe
  2⤵
  PID:4388
- C:\Windows\System\upykCGr.exe
  C:\Windows\System\upykCGr.exe
  2⤵
  PID:4636
- C:\Windows\System\yuyNisw.exe
  C:\Windows\System\yuyNisw.exe
  2⤵
  PID:4796
- C:\Windows\System\LvlClOo.exe
  C:\Windows\System\LvlClOo.exe
  2⤵
  PID:5092
- C:\Windows\System\oyJavZq.exe
  C:\Windows\System\oyJavZq.exe
  2⤵
  PID:5124
- C:\Windows\System\PwWoyWd.exe
  C:\Windows\System\PwWoyWd.exe
  2⤵
  PID:5204
- C:\Windows\System\upPoHdB.exe
  C:\Windows\System\upPoHdB.exe
  2⤵
  PID:5240
- C:\Windows\System\FiiyBnV.exe
  C:\Windows\System\FiiyBnV.exe
  2⤵
  PID:5340
- C:\Windows\System\LqWKeiw.exe
  C:\Windows\System\LqWKeiw.exe
  2⤵
  PID:5424
- C:\Windows\System\rNzlBXk.exe
  C:\Windows\System\rNzlBXk.exe
  2⤵
  PID:5484
- C:\Windows\System\VGWqNde.exe
  C:\Windows\System\VGWqNde.exe
  2⤵
  PID:2252
- C:\Windows\System\lrymXxZ.exe
  C:\Windows\System\lrymXxZ.exe
  2⤵
  PID:5664
- C:\Windows\System\GBzfydN.exe
  C:\Windows\System\GBzfydN.exe
  2⤵
  PID:5160
- C:\Windows\System\iMnhrbK.exe
  C:\Windows\System\iMnhrbK.exe
  2⤵
  PID:5808
- C:\Windows\System\wzoYILh.exe
  C:\Windows\System\wzoYILh.exe
  2⤵
  PID:5876
- C:\Windows\System\OqGkaYG.exe
  C:\Windows\System\OqGkaYG.exe
  2⤵
  PID:5992
- C:\Windows\System\FGRjyxC.exe
  C:\Windows\System\FGRjyxC.exe
  2⤵
  PID:2116
- C:\Windows\System\TBYNzUg.exe
  C:\Windows\System\TBYNzUg.exe
  2⤵
  PID:6156
- C:\Windows\System\EbsWtzA.exe
  C:\Windows\System\EbsWtzA.exe
  2⤵
  PID:6176
- C:\Windows\System\KfDPkGt.exe
  C:\Windows\System\KfDPkGt.exe
  2⤵
  PID:6192
- C:\Windows\System\tLtKIRZ.exe
  C:\Windows\System\tLtKIRZ.exe
  2⤵
  PID:6208
- C:\Windows\System\xyvxLqx.exe
  C:\Windows\System\xyvxLqx.exe
  2⤵
  PID:6224
- C:\Windows\System\TcltXtJ.exe
  C:\Windows\System\TcltXtJ.exe
  2⤵
  PID:6240
- C:\Windows\System\ejyXJnB.exe
  C:\Windows\System\ejyXJnB.exe
  2⤵
  PID:6256
- C:\Windows\System\eXKhyya.exe
  C:\Windows\System\eXKhyya.exe
  2⤵
  PID:6272
- C:\Windows\System\EninrNc.exe
  C:\Windows\System\EninrNc.exe
  2⤵
  PID:6288
- C:\Windows\System\xTTdjgr.exe
  C:\Windows\System\xTTdjgr.exe
  2⤵
  PID:6304
- C:\Windows\System\TOFOyof.exe
  C:\Windows\System\TOFOyof.exe
  2⤵
  PID:6320
- C:\Windows\System\TmAAwRz.exe
  C:\Windows\System\TmAAwRz.exe
  2⤵
  PID:6336
- C:\Windows\System\SpLBDZI.exe
  C:\Windows\System\SpLBDZI.exe
  2⤵
  PID:6352
- C:\Windows\System\lviHjqM.exe
  C:\Windows\System\lviHjqM.exe
  2⤵
  PID:6368
- C:\Windows\System\ttSNANu.exe
  C:\Windows\System\ttSNANu.exe
  2⤵
  PID:6384
- C:\Windows\System\nLuaWAm.exe
  C:\Windows\System\nLuaWAm.exe
  2⤵
  PID:6400
- C:\Windows\System\fVtcPcX.exe
  C:\Windows\System\fVtcPcX.exe
  2⤵
  PID:6416
- C:\Windows\System\eXeBIUm.exe
  C:\Windows\System\eXeBIUm.exe
  2⤵
  PID:6432
- C:\Windows\System\EFvtmlP.exe
  C:\Windows\System\EFvtmlP.exe
  2⤵
  PID:6448
- C:\Windows\System\llvtQIH.exe
  C:\Windows\System\llvtQIH.exe
  2⤵
  PID:6464
- C:\Windows\System\kkAhaCe.exe
  C:\Windows\System\kkAhaCe.exe
  2⤵
  PID:6480
- C:\Windows\System\fuLuUpm.exe
  C:\Windows\System\fuLuUpm.exe
  2⤵
  PID:6496
- C:\Windows\System\fqqrSFK.exe
  C:\Windows\System\fqqrSFK.exe
  2⤵
  PID:6512
- C:\Windows\System\CeUFRVO.exe
  C:\Windows\System\CeUFRVO.exe
  2⤵
  PID:6528
- C:\Windows\System\dZErPpz.exe
  C:\Windows\System\dZErPpz.exe
  2⤵
  PID:6544
- C:\Windows\System\JwCbIPu.exe
  C:\Windows\System\JwCbIPu.exe
  2⤵
  PID:6560
- C:\Windows\System\oxeBWUH.exe
  C:\Windows\System\oxeBWUH.exe
  2⤵
  PID:6576
- C:\Windows\System\ZlnfPyc.exe
  C:\Windows\System\ZlnfPyc.exe
  2⤵
  PID:6592
- C:\Windows\System\ArZIErm.exe
  C:\Windows\System\ArZIErm.exe
  2⤵
  PID:6608
- C:\Windows\System\WXWejWl.exe
  C:\Windows\System\WXWejWl.exe
  2⤵
  PID:6624
- C:\Windows\System\bPzhtds.exe
  C:\Windows\System\bPzhtds.exe
  2⤵
  PID:6640
- C:\Windows\System\QQHXrdR.exe
  C:\Windows\System\QQHXrdR.exe
  2⤵
  PID:6656
- C:\Windows\System\yWEIRDY.exe
  C:\Windows\System\yWEIRDY.exe
  2⤵
  PID:6672
- C:\Windows\System\lpxzaLJ.exe
  C:\Windows\System\lpxzaLJ.exe
  2⤵
  PID:6688
- C:\Windows\System\ehpvZsW.exe
  C:\Windows\System\ehpvZsW.exe
  2⤵
  PID:6704
- C:\Windows\System\eulvNba.exe
  C:\Windows\System\eulvNba.exe
  2⤵
  PID:6724
- C:\Windows\System\WVncspp.exe
  C:\Windows\System\WVncspp.exe
  2⤵
  PID:6740
- C:\Windows\System\YxgEEVU.exe
  C:\Windows\System\YxgEEVU.exe
  2⤵
  PID:6756
- C:\Windows\System\gwDhuNF.exe
  C:\Windows\System\gwDhuNF.exe
  2⤵
  PID:6772
- C:\Windows\System\LeNQYmM.exe
  C:\Windows\System\LeNQYmM.exe
  2⤵
  PID:6788
- C:\Windows\System\lFKUEwg.exe
  C:\Windows\System\lFKUEwg.exe
  2⤵
  PID:6804
- C:\Windows\System\TxmmQpU.exe
  C:\Windows\System\TxmmQpU.exe
  2⤵
  PID:6820
- C:\Windows\System\nkkpqVr.exe
  C:\Windows\System\nkkpqVr.exe
  2⤵
  PID:6836
- C:\Windows\System\PgGdeAr.exe
  C:\Windows\System\PgGdeAr.exe
  2⤵
  PID:6852
- C:\Windows\System\JRaUvOD.exe
  C:\Windows\System\JRaUvOD.exe
  2⤵
  PID:6868
- C:\Windows\System\wRDIyiW.exe
  C:\Windows\System\wRDIyiW.exe
  2⤵
  PID:6884
- C:\Windows\System\MPHWdKJ.exe
  C:\Windows\System\MPHWdKJ.exe
  2⤵
  PID:6904
- C:\Windows\System\PwIuzKI.exe
  C:\Windows\System\PwIuzKI.exe
  2⤵
  PID:6920
- C:\Windows\System\uTCFuoG.exe
  C:\Windows\System\uTCFuoG.exe
  2⤵
  PID:6936
- C:\Windows\System\uhsBgPd.exe
  C:\Windows\System\uhsBgPd.exe
  2⤵
  PID:6952
- C:\Windows\System\OMWLYrz.exe
  C:\Windows\System\OMWLYrz.exe
  2⤵
  PID:6968
- C:\Windows\System\zHxOLCZ.exe
  C:\Windows\System\zHxOLCZ.exe
  2⤵
  PID:6984
- C:\Windows\System\oVFmHHB.exe
  C:\Windows\System\oVFmHHB.exe
  2⤵
  PID:7000
- C:\Windows\System\XhNBdHB.exe
  C:\Windows\System\XhNBdHB.exe
  2⤵
  PID:7016
- C:\Windows\System\NAqOrwb.exe
  C:\Windows\System\NAqOrwb.exe
  2⤵
  PID:7032
- C:\Windows\System\KUOEyol.exe
  C:\Windows\System\KUOEyol.exe
  2⤵
  PID:7048
- C:\Windows\System\NEqpCYX.exe
  C:\Windows\System\NEqpCYX.exe
  2⤵
  PID:7064
- C:\Windows\System\LRfWZuM.exe
  C:\Windows\System\LRfWZuM.exe
  2⤵
  PID:7080
- C:\Windows\System\xCvdssq.exe
  C:\Windows\System\xCvdssq.exe
  2⤵
  PID:7096
- C:\Windows\System\PtESIzt.exe
  C:\Windows\System\PtESIzt.exe
  2⤵
  PID:7112
- C:\Windows\System\BqFRXTj.exe
  C:\Windows\System\BqFRXTj.exe
  2⤵
  PID:7128
- C:\Windows\System\noGlgpo.exe
  C:\Windows\System\noGlgpo.exe
  2⤵
  PID:7144
- C:\Windows\System\uDCIxXH.exe
  C:\Windows\System\uDCIxXH.exe
  2⤵
  PID:7160
- C:\Windows\System\KAxviyq.exe
  C:\Windows\System\KAxviyq.exe
  2⤵
  PID:4128
- C:\Windows\System\iVVCRqs.exe
  C:\Windows\System\iVVCRqs.exe
  2⤵
  PID:4424
- C:\Windows\System\xCvYkUy.exe
  C:\Windows\System\xCvYkUy.exe
  2⤵
  PID:4912
- C:\Windows\System\CqxJFAe.exe
  C:\Windows\System\CqxJFAe.exe
  2⤵
  PID:1648
- C:\Windows\System\zePkOFr.exe
  C:\Windows\System\zePkOFr.exe
  2⤵
  PID:1864
- C:\Windows\System\YQUavSf.exe
  C:\Windows\System\YQUavSf.exe
  2⤵
  PID:2572
- C:\Windows\System\uOwCbon.exe
  C:\Windows\System\uOwCbon.exe
  2⤵
  PID:5624
- C:\Windows\System\ntmBmfk.exe
  C:\Windows\System\ntmBmfk.exe
  2⤵
  PID:2776
- C:\Windows\System\HreQFEN.exe
  C:\Windows\System\HreQFEN.exe
  2⤵
  PID:5932
- C:\Windows\System\DzlHpWM.exe
  C:\Windows\System\DzlHpWM.exe
  2⤵
  PID:6152
- C:\Windows\System\tJAGBfZ.exe
  C:\Windows\System\tJAGBfZ.exe
  2⤵
  PID:6200
- C:\Windows\System\udTnCJi.exe
  C:\Windows\System\udTnCJi.exe
  2⤵
  PID:6220
- C:\Windows\System\AkYKmHq.exe
  C:\Windows\System\AkYKmHq.exe
  2⤵
  PID:6252
- C:\Windows\System\zrFHdEG.exe
  C:\Windows\System\zrFHdEG.exe
  2⤵
  PID:6284
- C:\Windows\System\yecURsA.exe
  C:\Windows\System\yecURsA.exe
  2⤵
  PID:6316
- C:\Windows\System\vasTyfk.exe
  C:\Windows\System\vasTyfk.exe
  2⤵
  PID:1560
- C:\Windows\System\LEEUZXR.exe
  C:\Windows\System\LEEUZXR.exe
  2⤵
  PID:6376
- C:\Windows\System\NRxMlVn.exe
  C:\Windows\System\NRxMlVn.exe
  2⤵
  PID:6408
- C:\Windows\System\rkATfeH.exe
  C:\Windows\System\rkATfeH.exe
  2⤵
  PID:6428
- C:\Windows\System\NgodfxI.exe
  C:\Windows\System\NgodfxI.exe
  2⤵
  PID:6460
- C:\Windows\System\POUsDlB.exe
  C:\Windows\System\POUsDlB.exe
  2⤵
  PID:6504
- C:\Windows\System\IoVXzzk.exe
  C:\Windows\System\IoVXzzk.exe
  2⤵
  PID:6524
- C:\Windows\System\usmmlDU.exe
  C:\Windows\System\usmmlDU.exe
  2⤵
  PID:6556
- C:\Windows\System\TBtBWQV.exe
  C:\Windows\System\TBtBWQV.exe
  2⤵
  PID:6600
- C:\Windows\System\zTjmJyE.exe
  C:\Windows\System\zTjmJyE.exe
  2⤵
  PID:6632
- C:\Windows\System\PcJEpTi.exe
  C:\Windows\System\PcJEpTi.exe
  2⤵
  PID:2508
- C:\Windows\System\ruEbRgy.exe
  C:\Windows\System\ruEbRgy.exe
  2⤵
  PID:6680
- C:\Windows\System\UNgCIVn.exe
  C:\Windows\System\UNgCIVn.exe
  2⤵
  PID:6732
- C:\Windows\System\zisbnvE.exe
  C:\Windows\System\zisbnvE.exe
  2⤵
  PID:6764
- C:\Windows\System\tOexOur.exe
  C:\Windows\System\tOexOur.exe
  2⤵
  PID:6796
- C:\Windows\System\youxQiX.exe
  C:\Windows\System\youxQiX.exe
  2⤵
  PID:6828
- C:\Windows\System\GvRgsIb.exe
  C:\Windows\System\GvRgsIb.exe
  2⤵
  PID:6860
- C:\Windows\System\OvlkcPg.exe
  C:\Windows\System\OvlkcPg.exe
  2⤵
  PID:6876
- C:\Windows\System\nZGgixh.exe
  C:\Windows\System\nZGgixh.exe
  2⤵
  PID:6928
- C:\Windows\System\XmMfzWP.exe
  C:\Windows\System\XmMfzWP.exe
  2⤵
  PID:6960
- C:\Windows\System\hKzUclQ.exe
  C:\Windows\System\hKzUclQ.exe
  2⤵
  PID:6980
- C:\Windows\System\bEEagby.exe
  C:\Windows\System\bEEagby.exe
  2⤵
  PID:7024
- C:\Windows\System\UOWtgWS.exe
  C:\Windows\System\UOWtgWS.exe
  2⤵
  PID:7040
- C:\Windows\System\BdIcfLj.exe
  C:\Windows\System\BdIcfLj.exe
  2⤵
  PID:7088
- C:\Windows\System\hbjRsIV.exe
  C:\Windows\System\hbjRsIV.exe
  2⤵
  PID:7108
- C:\Windows\System\GoidSAo.exe
  C:\Windows\System\GoidSAo.exe
  2⤵
  PID:7136
- C:\Windows\System\QVrNDqc.exe
  C:\Windows\System\QVrNDqc.exe
  2⤵
  PID:6140
- C:\Windows\System\GKYDddg.exe
  C:\Windows\System\GKYDddg.exe
  2⤵
  PID:6900
- C:\Windows\System\mTNDbsS.exe
  C:\Windows\System\mTNDbsS.exe
  2⤵
  PID:5228
- C:\Windows\System\xPqleFt.exe
  C:\Windows\System\xPqleFt.exe
  2⤵
  PID:5444
- C:\Windows\System\WggbnfG.exe
  C:\Windows\System\WggbnfG.exe
  2⤵
  PID:2888
- C:\Windows\System\IEzDEVZ.exe
  C:\Windows\System\IEzDEVZ.exe
  2⤵
  PID:6048
- C:\Windows\System\dYXJjFz.exe
  C:\Windows\System\dYXJjFz.exe
  2⤵
  PID:6204
- C:\Windows\System\npUJPOh.exe
  C:\Windows\System\npUJPOh.exe
  2⤵
  PID:6280
- C:\Windows\System\bHigMAj.exe
  C:\Windows\System\bHigMAj.exe
  2⤵
  PID:6344
- C:\Windows\System\PgexZvq.exe
  C:\Windows\System\PgexZvq.exe
  2⤵
  PID:6396
- C:\Windows\System\MpPXsjF.exe
  C:\Windows\System\MpPXsjF.exe
  2⤵
  PID:6172
- C:\Windows\System\oUoBSzW.exe
  C:\Windows\System\oUoBSzW.exe
  2⤵
  PID:6508
- C:\Windows\System\TFjoAtq.exe
  C:\Windows\System\TFjoAtq.exe
  2⤵
  PID:6552
- C:\Windows\System\UqgNgIU.exe
  C:\Windows\System\UqgNgIU.exe
  2⤵
  PID:6636
- C:\Windows\System\GVxOZmO.exe
  C:\Windows\System\GVxOZmO.exe
  2⤵
  PID:6668
- C:\Windows\System\YLOPFgM.exe
  C:\Windows\System\YLOPFgM.exe
  2⤵
  PID:6768
- C:\Windows\System\SnxENEC.exe
  C:\Windows\System\SnxENEC.exe
  2⤵
  PID:6812
- C:\Windows\System\kvKjiJO.exe
  C:\Windows\System\kvKjiJO.exe
  2⤵
  PID:2780
- C:\Windows\System\pXYzOKd.exe
  C:\Windows\System\pXYzOKd.exe
  2⤵
  PID:6944
- C:\Windows\System\GghMNKB.exe
  C:\Windows\System\GghMNKB.exe
  2⤵
  PID:7008
- C:\Windows\System\SHVZjFh.exe
  C:\Windows\System\SHVZjFh.exe
  2⤵
  PID:1108
- C:\Windows\System\mzwxmDN.exe
  C:\Windows\System\mzwxmDN.exe
  2⤵
  PID:7124
- C:\Windows\System\PzlLkcI.exe
  C:\Windows\System\PzlLkcI.exe
  2⤵
  PID:2020
- C:\Windows\System\UjlSfOM.exe
  C:\Windows\System\UjlSfOM.exe
  2⤵
  PID:5428
- C:\Windows\System\UDbipgj.exe
  C:\Windows\System\UDbipgj.exe
  2⤵
  PID:5672
- C:\Windows\System\EFJqXCw.exe
  C:\Windows\System\EFJqXCw.exe
  2⤵
  PID:2900
- C:\Windows\System\CGshLlp.exe
  C:\Windows\System\CGshLlp.exe
  2⤵
  PID:6332
- C:\Windows\System\aIjztmx.exe
  C:\Windows\System\aIjztmx.exe
  2⤵
  PID:6444
- C:\Windows\System\VVgvjLa.exe
  C:\Windows\System\VVgvjLa.exe
  2⤵
  PID:6572
- C:\Windows\System\tyIilBo.exe
  C:\Windows\System\tyIilBo.exe
  2⤵
  PID:7176
- C:\Windows\System\OWGLmgY.exe
  C:\Windows\System\OWGLmgY.exe
  2⤵
  PID:7192
- C:\Windows\System\XtLIyRu.exe
  C:\Windows\System\XtLIyRu.exe
  2⤵
  PID:7208
- C:\Windows\System\tYQxyur.exe
  C:\Windows\System\tYQxyur.exe
  2⤵
  PID:7224
- C:\Windows\System\qCnkWjH.exe
  C:\Windows\System\qCnkWjH.exe
  2⤵
  PID:7240
- C:\Windows\System\FJKyYFQ.exe
  C:\Windows\System\FJKyYFQ.exe
  2⤵
  PID:7256
- C:\Windows\System\qZzVvvp.exe
  C:\Windows\System\qZzVvvp.exe
  2⤵
  PID:7272
- C:\Windows\System\SnqFGoh.exe
  C:\Windows\System\SnqFGoh.exe
  2⤵
  PID:7288
- C:\Windows\System\WKuUotp.exe
  C:\Windows\System\WKuUotp.exe
  2⤵
  PID:7304
- C:\Windows\System\LjwGYDo.exe
  C:\Windows\System\LjwGYDo.exe
  2⤵
  PID:7320
- C:\Windows\System\IreFBQh.exe
  C:\Windows\System\IreFBQh.exe
  2⤵
  PID:7336
- C:\Windows\System\fvOypNl.exe
  C:\Windows\System\fvOypNl.exe
  2⤵
  PID:7352
- C:\Windows\System\yNFNasQ.exe
  C:\Windows\System\yNFNasQ.exe
  2⤵
  PID:7368
- C:\Windows\System\NwOAGpn.exe
  C:\Windows\System\NwOAGpn.exe
  2⤵
  PID:7384
- C:\Windows\System\PuEAykb.exe
  C:\Windows\System\PuEAykb.exe
  2⤵
  PID:7400
- C:\Windows\System\hMBJcmY.exe
  C:\Windows\System\hMBJcmY.exe
  2⤵
  PID:7416
- C:\Windows\System\ZrtRHnc.exe
  C:\Windows\System\ZrtRHnc.exe
  2⤵
  PID:7432
- C:\Windows\System\xIAweWY.exe
  C:\Windows\System\xIAweWY.exe
  2⤵
  PID:7448
- C:\Windows\System\rogNaKF.exe
  C:\Windows\System\rogNaKF.exe
  2⤵
  PID:7464
- C:\Windows\System\QVnAYRv.exe
  C:\Windows\System\QVnAYRv.exe
  2⤵
  PID:7480
- C:\Windows\System\agFYVTH.exe
  C:\Windows\System\agFYVTH.exe
  2⤵
  PID:7496
- C:\Windows\System\kSkkmda.exe
  C:\Windows\System\kSkkmda.exe
  2⤵
  PID:7512
- C:\Windows\System\XrTQOYU.exe
  C:\Windows\System\XrTQOYU.exe
  2⤵
  PID:7528
- C:\Windows\System\PUqPbbl.exe
  C:\Windows\System\PUqPbbl.exe
  2⤵
  PID:7544
- C:\Windows\System\MfvGPdI.exe
  C:\Windows\System\MfvGPdI.exe
  2⤵
  PID:7560
- C:\Windows\System\mvdoeRm.exe
  C:\Windows\System\mvdoeRm.exe
  2⤵
  PID:7576
- C:\Windows\System\TiDMKBC.exe
  C:\Windows\System\TiDMKBC.exe
  2⤵
  PID:7592
- C:\Windows\System\LCoDZud.exe
  C:\Windows\System\LCoDZud.exe
  2⤵
  PID:7608
- C:\Windows\System\qyJjYXW.exe
  C:\Windows\System\qyJjYXW.exe
  2⤵
  PID:7624
- C:\Windows\System\HlWPmGB.exe
  C:\Windows\System\HlWPmGB.exe
  2⤵
  PID:7640
- C:\Windows\System\tdpgGBn.exe
  C:\Windows\System\tdpgGBn.exe
  2⤵
  PID:7656
- C:\Windows\System\IrTKEDo.exe
  C:\Windows\System\IrTKEDo.exe
  2⤵
  PID:7680
- C:\Windows\System\aXUzgwt.exe
  C:\Windows\System\aXUzgwt.exe
  2⤵
  PID:7696
- C:\Windows\System\xKeNSLS.exe
  C:\Windows\System\xKeNSLS.exe
  2⤵
  PID:7712
- C:\Windows\System\AgTQFZv.exe
  C:\Windows\System\AgTQFZv.exe
  2⤵
  PID:7728
- C:\Windows\System\iXRcYsu.exe
  C:\Windows\System\iXRcYsu.exe
  2⤵
  PID:7744
- C:\Windows\System\drpsKll.exe
  C:\Windows\System\drpsKll.exe
  2⤵
  PID:7760
- C:\Windows\System\VDLbBRz.exe
  C:\Windows\System\VDLbBRz.exe
  2⤵
  PID:7776
- C:\Windows\System\kWwqZrp.exe
  C:\Windows\System\kWwqZrp.exe
  2⤵
  PID:7792
- C:\Windows\System\KmoTCGt.exe
  C:\Windows\System\KmoTCGt.exe
  2⤵
  PID:7808
- C:\Windows\System\YcMLwgG.exe
  C:\Windows\System\YcMLwgG.exe
  2⤵
  PID:7824
- C:\Windows\System\EgQgIFs.exe
  C:\Windows\System\EgQgIFs.exe
  2⤵
  PID:7840
- C:\Windows\System\UoQjQBN.exe
  C:\Windows\System\UoQjQBN.exe
  2⤵
  PID:7856
- C:\Windows\System\DXsRLYb.exe
  C:\Windows\System\DXsRLYb.exe
  2⤵
  PID:7872
- C:\Windows\System\eGRZKMo.exe
  C:\Windows\System\eGRZKMo.exe
  2⤵
  PID:7888
- C:\Windows\System\OAuMVfy.exe
  C:\Windows\System\OAuMVfy.exe
  2⤵
  PID:7904
- C:\Windows\System\nIBQVuq.exe
  C:\Windows\System\nIBQVuq.exe
  2⤵
  PID:7920
- C:\Windows\System\DcoWAvE.exe
  C:\Windows\System\DcoWAvE.exe
  2⤵
  PID:7936
- C:\Windows\System\hcraWsa.exe
  C:\Windows\System\hcraWsa.exe
  2⤵
  PID:7952
- C:\Windows\System\VySurmq.exe
  C:\Windows\System\VySurmq.exe
  2⤵
  PID:7968
- C:\Windows\System\TvWNVIb.exe
  C:\Windows\System\TvWNVIb.exe
  2⤵
  PID:7984
- C:\Windows\System\UslwKLv.exe
  C:\Windows\System\UslwKLv.exe
  2⤵
  PID:8000
- C:\Windows\System\SwJfigZ.exe
  C:\Windows\System\SwJfigZ.exe
  2⤵
  PID:8016
- C:\Windows\System\ZUVrSwT.exe
  C:\Windows\System\ZUVrSwT.exe
  2⤵
  PID:8032
- C:\Windows\System\nqrDOCO.exe
  C:\Windows\System\nqrDOCO.exe
  2⤵
  PID:8048
- C:\Windows\System\tzcgyMn.exe
  C:\Windows\System\tzcgyMn.exe
  2⤵
  PID:8064
- C:\Windows\System\JCbbqbJ.exe
  C:\Windows\System\JCbbqbJ.exe
  2⤵
  PID:8080
- C:\Windows\System\meqPypy.exe
  C:\Windows\System\meqPypy.exe
  2⤵
  PID:8096
- C:\Windows\System\hLevugJ.exe
  C:\Windows\System\hLevugJ.exe
  2⤵
  PID:8112
- C:\Windows\System\eqxTuER.exe
  C:\Windows\System\eqxTuER.exe
  2⤵
  PID:8128
- C:\Windows\System\pmtdKyw.exe
  C:\Windows\System\pmtdKyw.exe
  2⤵
  PID:8144
- C:\Windows\System\ennfAVD.exe
  C:\Windows\System\ennfAVD.exe
  2⤵
  PID:8160
- C:\Windows\System\nQqNyUY.exe
  C:\Windows\System\nQqNyUY.exe
  2⤵
  PID:8176
- C:\Windows\System\olesLSK.exe
  C:\Windows\System\olesLSK.exe
  2⤵
  PID:6696
- C:\Windows\System\vqsotmQ.exe
  C:\Windows\System\vqsotmQ.exe
  2⤵
  PID:6832
- C:\Windows\System\eCUWhht.exe
  C:\Windows\System\eCUWhht.exe
  2⤵
  PID:6964
- C:\Windows\System\QPNKkua.exe
  C:\Windows\System\QPNKkua.exe
  2⤵
  PID:6712
- C:\Windows\System\PKkSDxl.exe
  C:\Windows\System\PKkSDxl.exe
  2⤵
  PID:4792
- C:\Windows\System\Qxtdnjq.exe
  C:\Windows\System\Qxtdnjq.exe
  2⤵
  PID:6148
- C:\Windows\System\ACCXrUd.exe
  C:\Windows\System\ACCXrUd.exe
  2⤵
  PID:6424
- C:\Windows\System\GRoUATJ.exe
  C:\Windows\System\GRoUATJ.exe
  2⤵
  PID:6664
- C:\Windows\System\mzyarhI.exe
  C:\Windows\System\mzyarhI.exe
  2⤵
  PID:7188
- C:\Windows\System\FqShdOC.exe
  C:\Windows\System\FqShdOC.exe
  2⤵
  PID:7216
- C:\Windows\System\prTKlco.exe
  C:\Windows\System\prTKlco.exe
  2⤵
  PID:7236
- C:\Windows\System\IGpLkdh.exe
  C:\Windows\System\IGpLkdh.exe
  2⤵
  PID:7284
- C:\Windows\System\leneDsf.exe
  C:\Windows\System\leneDsf.exe
  2⤵
  PID:7312
- C:\Windows\System\ecAshQD.exe
  C:\Windows\System\ecAshQD.exe
  2⤵
  PID:7348
- C:\Windows\System\NJJACAx.exe
  C:\Windows\System\NJJACAx.exe
  2⤵
  PID:7364
- C:\Windows\System\YObHpPr.exe
  C:\Windows\System\YObHpPr.exe
  2⤵
  PID:7408
- C:\Windows\System\pTfjAdE.exe
  C:\Windows\System\pTfjAdE.exe
  2⤵
  PID:7428
- C:\Windows\System\HQYRDWv.exe
  C:\Windows\System\HQYRDWv.exe
  2⤵
  PID:7472
- C:\Windows\System\NuwGpQM.exe
  C:\Windows\System\NuwGpQM.exe
  2⤵
  PID:7492
- C:\Windows\System\bbpahCJ.exe
  C:\Windows\System\bbpahCJ.exe
  2⤵
  PID:7524
- C:\Windows\System\tupZpys.exe
  C:\Windows\System\tupZpys.exe
  2⤵
  PID:1564
- C:\Windows\System\vEBQlMg.exe
  C:\Windows\System\vEBQlMg.exe
  2⤵
  PID:7584
- C:\Windows\System\EYkNTAL.exe
  C:\Windows\System\EYkNTAL.exe
  2⤵
  PID:7616
- C:\Windows\System\MmRphPJ.exe
  C:\Windows\System\MmRphPJ.exe
  2⤵
  PID:7636
- C:\Windows\System\CqoZocT.exe
  C:\Windows\System\CqoZocT.exe
  2⤵
  PID:7668
- C:\Windows\System\LjxtfvX.exe
  C:\Windows\System\LjxtfvX.exe
  2⤵
  PID:7708
- C:\Windows\System\opYdwXb.exe
  C:\Windows\System\opYdwXb.exe
  2⤵
  PID:7740
- C:\Windows\System\oziixVO.exe
  C:\Windows\System\oziixVO.exe
  2⤵
  PID:7772
- C:\Windows\System\fbSUtSA.exe
  C:\Windows\System\fbSUtSA.exe
  2⤵
  PID:7804
- C:\Windows\System\UJZzRhd.exe
  C:\Windows\System\UJZzRhd.exe
  2⤵
  PID:7836
- C:\Windows\System\IguJNBE.exe
  C:\Windows\System\IguJNBE.exe
  2⤵
  PID:7868
- C:\Windows\System\UiyTvsM.exe
  C:\Windows\System\UiyTvsM.exe
  2⤵
  PID:7900
- C:\Windows\System\uenLzCK.exe
  C:\Windows\System\uenLzCK.exe
  2⤵
  PID:7928
- C:\Windows\System\emRQXYK.exe
  C:\Windows\System\emRQXYK.exe
  2⤵
  PID:7960
- C:\Windows\System\SMbhrTj.exe
  C:\Windows\System\SMbhrTj.exe
  2⤵
  PID:7992
- C:\Windows\System\yylSWZM.exe
  C:\Windows\System\yylSWZM.exe
  2⤵
  PID:8012
- C:\Windows\System\cuXxrMb.exe
  C:\Windows\System\cuXxrMb.exe
  2⤵
  PID:8044
- C:\Windows\System\PKQuPem.exe
  C:\Windows\System\PKQuPem.exe
  2⤵
  PID:3540
- C:\Windows\System\LlBhZGz.exe
  C:\Windows\System\LlBhZGz.exe
  2⤵
  PID:8104
- C:\Windows\System\MnRzguZ.exe
  C:\Windows\System\MnRzguZ.exe
  2⤵
  PID:8136
- C:\Windows\System\HXDfZRE.exe
  C:\Windows\System\HXDfZRE.exe
  2⤵
  PID:8172
- C:\Windows\System\nFeeeui.exe
  C:\Windows\System\nFeeeui.exe
  2⤵
  PID:6896
- C:\Windows\System\FPNTJPH.exe
  C:\Windows\System\FPNTJPH.exe
  2⤵
  PID:7012
- C:\Windows\System\McWanPc.exe
  C:\Windows\System\McWanPc.exe
  2⤵
  PID:6312
- C:\Windows\System\iBhJLKd.exe
  C:\Windows\System\iBhJLKd.exe
  2⤵
  PID:6488
- C:\Windows\System\PDwpyLv.exe
  C:\Windows\System\PDwpyLv.exe
  2⤵
  PID:7204
- C:\Windows\System\oUBolBl.exe
  C:\Windows\System\oUBolBl.exe
  2⤵
  PID:7268
- C:\Windows\System\HwFIHqo.exe
  C:\Windows\System\HwFIHqo.exe
  2⤵
  PID:7328
- C:\Windows\System\FHIAUfH.exe
  C:\Windows\System\FHIAUfH.exe
  2⤵
  PID:7376
- C:\Windows\System\RvTiwfL.exe
  C:\Windows\System\RvTiwfL.exe
  2⤵
  PID:7424
- C:\Windows\System\Fpmfknq.exe
  C:\Windows\System\Fpmfknq.exe
  2⤵
  PID:7456
- C:\Windows\System\JNPVKXX.exe
  C:\Windows\System\JNPVKXX.exe
  2⤵
  PID:7520
- C:\Windows\System\cGKXUdu.exe
  C:\Windows\System\cGKXUdu.exe
  2⤵
  PID:7588
- C:\Windows\System\KEGIdNk.exe
  C:\Windows\System\KEGIdNk.exe
  2⤵
  PID:7620
- C:\Windows\System\IjrsXEo.exe
  C:\Windows\System\IjrsXEo.exe
  2⤵
  PID:2620
- C:\Windows\System\FshuzDH.exe
  C:\Windows\System\FshuzDH.exe
  2⤵
  PID:7704
- C:\Windows\System\WidQNUJ.exe
  C:\Windows\System\WidQNUJ.exe
  2⤵
  PID:7788
- C:\Windows\System\DXTfLvL.exe
  C:\Windows\System\DXTfLvL.exe
  2⤵
  PID:7864
- C:\Windows\System\DEqEAMB.exe
  C:\Windows\System\DEqEAMB.exe
  2⤵
  PID:7916
- C:\Windows\System\WtUuPGo.exe
  C:\Windows\System\WtUuPGo.exe
  2⤵
  PID:7980
- C:\Windows\System\kBQvdjh.exe
  C:\Windows\System\kBQvdjh.exe
  2⤵
  PID:7344
- C:\Windows\System\rjIPEuv.exe
  C:\Windows\System\rjIPEuv.exe
  2⤵
  PID:8076
- C:\Windows\System\eNbMNMU.exe
  C:\Windows\System\eNbMNMU.exe
  2⤵
  PID:8124
- C:\Windows\System\ZYoEAPM.exe
  C:\Windows\System\ZYoEAPM.exe
  2⤵
  PID:6800
- C:\Windows\System\BMgtyBn.exe
  C:\Windows\System\BMgtyBn.exe
  2⤵
  PID:3076
- C:\Windows\System\Vvhouie.exe
  C:\Windows\System\Vvhouie.exe
  2⤵
  PID:7248
- C:\Windows\System\wiVkosr.exe
  C:\Windows\System\wiVkosr.exe
  2⤵
  PID:992
- C:\Windows\System\kvXrAaE.exe
  C:\Windows\System\kvXrAaE.exe
  2⤵
  PID:2628
- C:\Windows\System\xtJUnDJ.exe
  C:\Windows\System\xtJUnDJ.exe
  2⤵
  PID:7396
- C:\Windows\System\wQOPfVa.exe
  C:\Windows\System\wQOPfVa.exe
  2⤵
  PID:7556
- C:\Windows\System\qQauHLc.exe
  C:\Windows\System\qQauHLc.exe
  2⤵
  PID:7540
- C:\Windows\System\HUpDZBm.exe
  C:\Windows\System\HUpDZBm.exe
  2⤵
  PID:7652
- C:\Windows\System\MqkAkXI.exe
  C:\Windows\System\MqkAkXI.exe
  2⤵
  PID:7768
- C:\Windows\System\tMWpYdN.exe
  C:\Windows\System\tMWpYdN.exe
  2⤵
  PID:1920
- C:\Windows\System\wChxymx.exe
  C:\Windows\System\wChxymx.exe
  2⤵
  PID:2012
- C:\Windows\System\zrdQkVn.exe
  C:\Windows\System\zrdQkVn.exe
  2⤵
  PID:8008
- C:\Windows\System\bOpxTWi.exe
  C:\Windows\System\bOpxTWi.exe
  2⤵
  PID:8072
- C:\Windows\System\HXhObFK.exe
  C:\Windows\System\HXhObFK.exe
  2⤵
  PID:6932
- C:\Windows\System\QAcTxCZ.exe
  C:\Windows\System\QAcTxCZ.exe
  2⤵
  PID:6268
- C:\Windows\System\TJwXTsK.exe
  C:\Windows\System\TJwXTsK.exe
  2⤵
  PID:7280
- C:\Windows\System\xJfNQup.exe
  C:\Windows\System\xJfNQup.exe
  2⤵
  PID:7412
- C:\Windows\System\lyFwNZR.exe
  C:\Windows\System\lyFwNZR.exe
  2⤵
  PID:2664
- C:\Windows\System\CrQMEbo.exe
  C:\Windows\System\CrQMEbo.exe
  2⤵
  PID:1852
- C:\Windows\System\nDudtsH.exe
  C:\Windows\System\nDudtsH.exe
  2⤵
  PID:7820
- C:\Windows\System\KhYJUmP.exe
  C:\Windows\System\KhYJUmP.exe
  2⤵
  PID:3016
- C:\Windows\System\KAbxchC.exe
  C:\Windows\System\KAbxchC.exe
  2⤵
  PID:1776
- C:\Windows\System\fUcsFOL.exe
  C:\Windows\System\fUcsFOL.exe
  2⤵
  PID:1604
- C:\Windows\System\rBWyobz.exe
  C:\Windows\System\rBWyobz.exe
  2⤵
  PID:8152
- C:\Windows\System\UShPVbi.exe
  C:\Windows\System\UShPVbi.exe
  2⤵
  PID:2416
- C:\Windows\System\RYnmKsx.exe
  C:\Windows\System\RYnmKsx.exe
  2⤵
  PID:3888
- C:\Windows\System\EDhVqHQ.exe
  C:\Windows\System\EDhVqHQ.exe
  2⤵
  PID:2480
- C:\Windows\System\hNeGbNN.exe
  C:\Windows\System\hNeGbNN.exe
  2⤵
  PID:7252
- C:\Windows\System\ylGenpS.exe
  C:\Windows\System\ylGenpS.exe
  2⤵
  PID:2484
- C:\Windows\System\rULIlQG.exe
  C:\Windows\System\rULIlQG.exe
  2⤵
  PID:7852
- C:\Windows\System\aNmYtYq.exe
  C:\Windows\System\aNmYtYq.exe
  2⤵
  PID:1436
- C:\Windows\System\KJBVEgK.exe
  C:\Windows\System\KJBVEgK.exe
  2⤵
  PID:7948
- C:\Windows\System\pBlFqap.exe
  C:\Windows\System\pBlFqap.exe
  2⤵
  PID:944
- C:\Windows\System\qWqzfoK.exe
  C:\Windows\System\qWqzfoK.exe
  2⤵
  PID:2488
- C:\Windows\System\IArmEhQ.exe
  C:\Windows\System\IArmEhQ.exe
  2⤵
  PID:1384
- C:\Windows\System\cMwhJEQ.exe
  C:\Windows\System\cMwhJEQ.exe
  2⤵
  PID:1592
- C:\Windows\System\eCuVbAT.exe
  C:\Windows\System\eCuVbAT.exe
  2⤵
  PID:2812
- C:\Windows\System\yEqwLNI.exe
  C:\Windows\System\yEqwLNI.exe
  2⤵
  PID:8188
- C:\Windows\System\tXPymyt.exe
  C:\Windows\System\tXPymyt.exe
  2⤵
  PID:1480
- C:\Windows\System\DIIcuKC.exe
  C:\Windows\System\DIIcuKC.exe
  2⤵
  PID:7444
- C:\Windows\System\KnJLEqg.exe
  C:\Windows\System\KnJLEqg.exe
  2⤵
  PID:1860
- C:\Windows\System\aTkqabs.exe
  C:\Windows\System\aTkqabs.exe
  2⤵
  PID:8208
- C:\Windows\System\nWMmapi.exe
  C:\Windows\System\nWMmapi.exe
  2⤵
  PID:8224
- C:\Windows\System\feMwotO.exe
  C:\Windows\System\feMwotO.exe
  2⤵
  PID:8240
- C:\Windows\System\KjEOpoi.exe
  C:\Windows\System\KjEOpoi.exe
  2⤵
  PID:8260
- C:\Windows\System\WftKCmu.exe
  C:\Windows\System\WftKCmu.exe
  2⤵
  PID:8276
- C:\Windows\System\ptIWuXy.exe
  C:\Windows\System\ptIWuXy.exe
  2⤵
  PID:8292
- C:\Windows\System\ESUchvi.exe
  C:\Windows\System\ESUchvi.exe
  2⤵
  PID:8308
- C:\Windows\System\JIOGotG.exe
  C:\Windows\System\JIOGotG.exe
  2⤵
  PID:8324
- C:\Windows\System\RsgPtxq.exe
  C:\Windows\System\RsgPtxq.exe
  2⤵
  PID:8340
- C:\Windows\System\bsZzVtv.exe
  C:\Windows\System\bsZzVtv.exe
  2⤵
  PID:8356
- C:\Windows\System\LndXhtn.exe
  C:\Windows\System\LndXhtn.exe
  2⤵
  PID:8372
- C:\Windows\System\xtLgLrZ.exe
  C:\Windows\System\xtLgLrZ.exe
  2⤵
  PID:8388
- C:\Windows\System\rXdxVzJ.exe
  C:\Windows\System\rXdxVzJ.exe
  2⤵
  PID:8404
- C:\Windows\System\bDGoqQz.exe
  C:\Windows\System\bDGoqQz.exe
  2⤵
  PID:8420
- C:\Windows\System\AkpxvCR.exe
  C:\Windows\System\AkpxvCR.exe
  2⤵
  PID:8436
- C:\Windows\System\ocKcjdZ.exe
  C:\Windows\System\ocKcjdZ.exe
  2⤵
  PID:8452
- C:\Windows\System\RgcFuWE.exe
  C:\Windows\System\RgcFuWE.exe
  2⤵
  PID:8472
- C:\Windows\System\GRRwagk.exe
  C:\Windows\System\GRRwagk.exe
  2⤵
  PID:8504
- C:\Windows\System\mfuHlYO.exe
  C:\Windows\System\mfuHlYO.exe
  2⤵
  PID:8528
- C:\Windows\System\VuHJuqs.exe
  C:\Windows\System\VuHJuqs.exe
  2⤵
  PID:8552
- C:\Windows\System\PrKiqUk.exe
  C:\Windows\System\PrKiqUk.exe
  2⤵
  PID:8568
- C:\Windows\System\RsYWVCn.exe
  C:\Windows\System\RsYWVCn.exe
  2⤵
  PID:8584
- C:\Windows\System\moAPVwk.exe
  C:\Windows\System\moAPVwk.exe
  2⤵
  PID:8600
- C:\Windows\System\jSjOgxM.exe
  C:\Windows\System\jSjOgxM.exe
  2⤵
  PID:8616
- C:\Windows\System\PCvOVle.exe
  C:\Windows\System\PCvOVle.exe
  2⤵
  PID:8632
- C:\Windows\System\jooHLhR.exe
  C:\Windows\System\jooHLhR.exe
  2⤵
  PID:8648
- C:\Windows\System\vcaFWEC.exe
  C:\Windows\System\vcaFWEC.exe
  2⤵
  PID:8664
- C:\Windows\System\eqycIQQ.exe
  C:\Windows\System\eqycIQQ.exe
  2⤵
  PID:8692
- C:\Windows\System\iqFlfUG.exe
  C:\Windows\System\iqFlfUG.exe
  2⤵
  PID:8748
- C:\Windows\System\APkUywu.exe
  C:\Windows\System\APkUywu.exe
  2⤵
  PID:8832
- C:\Windows\System\CSnOJUj.exe
  C:\Windows\System\CSnOJUj.exe
  2⤵
  PID:8884
- C:\Windows\System\ITZaBuh.exe
  C:\Windows\System\ITZaBuh.exe
  2⤵
  PID:8912
- C:\Windows\System\fTSmgQf.exe
  C:\Windows\System\fTSmgQf.exe
  2⤵
  PID:8928
- C:\Windows\System\FgpoKxm.exe
  C:\Windows\System\FgpoKxm.exe
  2⤵
  PID:8948
- C:\Windows\System\PVxWpkg.exe
  C:\Windows\System\PVxWpkg.exe
  2⤵
  PID:8972
- C:\Windows\System\EwkhwkB.exe
  C:\Windows\System\EwkhwkB.exe
  2⤵
  PID:8988
- C:\Windows\System\DMGtlzV.exe
  C:\Windows\System\DMGtlzV.exe
  2⤵
  PID:9004
- C:\Windows\System\LToYITA.exe
  C:\Windows\System\LToYITA.exe
  2⤵
  PID:9020
- C:\Windows\System\nvcDZhb.exe
  C:\Windows\System\nvcDZhb.exe
  2⤵
  PID:9040
- C:\Windows\System\QebsIwq.exe
  C:\Windows\System\QebsIwq.exe
  2⤵
  PID:9056
- C:\Windows\System\fFJYQHV.exe
  C:\Windows\System\fFJYQHV.exe
  2⤵
  PID:9072
- C:\Windows\System\RLyvDbm.exe
  C:\Windows\System\RLyvDbm.exe
  2⤵
  PID:9088
- C:\Windows\System\fkUSLCc.exe
  C:\Windows\System\fkUSLCc.exe
  2⤵
  PID:9104
- C:\Windows\System\KcHvdtY.exe
  C:\Windows\System\KcHvdtY.exe
  2⤵
  PID:9120
- C:\Windows\System\GTYuHrU.exe
  C:\Windows\System\GTYuHrU.exe
  2⤵
  PID:9136
- C:\Windows\System\tsOlBTN.exe
  C:\Windows\System\tsOlBTN.exe
  2⤵
  PID:9160
- C:\Windows\System\gjqnGkJ.exe
  C:\Windows\System\gjqnGkJ.exe
  2⤵
  PID:9176
- C:\Windows\System\XOsFBCG.exe
  C:\Windows\System\XOsFBCG.exe
  2⤵
  PID:9192
- C:\Windows\System\vzWBhsl.exe
  C:\Windows\System\vzWBhsl.exe
  2⤵
  PID:9212
- C:\Windows\System\pMxxsXt.exe
  C:\Windows\System\pMxxsXt.exe
  2⤵
  PID:2660
- C:\Windows\System\FYXslra.exe
  C:\Windows\System\FYXslra.exe
  2⤵
  PID:8216
- C:\Windows\System\NJBrSvK.exe
  C:\Windows\System\NJBrSvK.exe
  2⤵
  PID:8232
- C:\Windows\System\oxsgxdy.exe
  C:\Windows\System\oxsgxdy.exe
  2⤵
  PID:8256
- C:\Windows\System\rnMlXOT.exe
  C:\Windows\System\rnMlXOT.exe
  2⤵
  PID:8268
- C:\Windows\System\lEuoRwJ.exe
  C:\Windows\System\lEuoRwJ.exe
  2⤵
  PID:8320
- C:\Windows\System\mPqyBrk.exe
  C:\Windows\System\mPqyBrk.exe
  2⤵
  PID:8368
- C:\Windows\System\xTAhYOA.exe
  C:\Windows\System\xTAhYOA.exe
  2⤵
  PID:8412
- C:\Windows\System\AcSXRoH.exe
  C:\Windows\System\AcSXRoH.exe
  2⤵
  PID:8428
- C:\Windows\System\hnPvuTe.exe
  C:\Windows\System\hnPvuTe.exe
  2⤵
  PID:8460
- C:\Windows\System\LKOCpPp.exe
  C:\Windows\System\LKOCpPp.exe
  2⤵
  PID:8488
- C:\Windows\System\uuquPAb.exe
  C:\Windows\System\uuquPAb.exe
  2⤵
  PID:8512
- C:\Windows\System\nfPgBZT.exe
  C:\Windows\System\nfPgBZT.exe
  2⤵
  PID:8516
- C:\Windows\System\rQGxATM.exe
  C:\Windows\System\rQGxATM.exe
  2⤵
  PID:8548
- C:\Windows\System\WbBTCsx.exe
  C:\Windows\System\WbBTCsx.exe
  2⤵
  PID:8660
- C:\Windows\System\NPPljrF.exe
  C:\Windows\System\NPPljrF.exe
  2⤵
  PID:8684
- C:\Windows\System\qcSKCdZ.exe
  C:\Windows\System\qcSKCdZ.exe
  2⤵
  PID:8608
- C:\Windows\System\yISjmZa.exe
  C:\Windows\System\yISjmZa.exe
  2⤵
  PID:8672
- C:\Windows\System\hDDSRtG.exe
  C:\Windows\System\hDDSRtG.exe
  2⤵
  PID:8704
- C:\Windows\System\Orsiefq.exe
  C:\Windows\System\Orsiefq.exe
  2⤵
  PID:8720
- C:\Windows\System\azoCEQj.exe
  C:\Windows\System\azoCEQj.exe
  2⤵
  PID:8740
- C:\Windows\System\cDxUvCV.exe
  C:\Windows\System\cDxUvCV.exe
  2⤵
  PID:8760
- C:\Windows\System\CZPlwXB.exe
  C:\Windows\System\CZPlwXB.exe
  2⤵
  PID:8780
- C:\Windows\System\cFhXHqn.exe
  C:\Windows\System\cFhXHqn.exe
  2⤵
  PID:8796
- C:\Windows\System\PymklMV.exe
  C:\Windows\System\PymklMV.exe
  2⤵
  PID:8812
- C:\Windows\System\gzPEmGt.exe
  C:\Windows\System\gzPEmGt.exe
  2⤵
  PID:8828
- C:\Windows\System\hadzxPt.exe
  C:\Windows\System\hadzxPt.exe
  2⤵
  PID:8876
- C:\Windows\System\uOftIih.exe
  C:\Windows\System\uOftIih.exe
  2⤵
  PID:8936
- C:\Windows\System\qYyuuTB.exe
  C:\Windows\System\qYyuuTB.exe
  2⤵
  PID:8956
- C:\Windows\System\WMUUzWE.exe
  C:\Windows\System\WMUUzWE.exe
  2⤵
  PID:8920
- C:\Windows\System\gtQgBPR.exe
  C:\Windows\System\gtQgBPR.exe
  2⤵
  PID:9036
- C:\Windows\System\DvVCzQM.exe
  C:\Windows\System\DvVCzQM.exe
  2⤵
  PID:8996
- C:\Windows\System\SGmMfhM.exe
  C:\Windows\System\SGmMfhM.exe
  2⤵
  PID:9096
- C:\Windows\System\WPxupgr.exe
  C:\Windows\System\WPxupgr.exe
  2⤵
  PID:9148
- C:\Windows\System\eJUhgUp.exe
  C:\Windows\System\eJUhgUp.exe
  2⤵
  PID:9128
- C:\Windows\System\deuUIDt.exe
  C:\Windows\System\deuUIDt.exe
  2⤵
  PID:9184
- C:\Windows\System\TZRuKkp.exe
  C:\Windows\System\TZRuKkp.exe
  2⤵
  PID:9208
- C:\Windows\System\DKPuWVV.exe
  C:\Windows\System\DKPuWVV.exe
  2⤵
  PID:2084
- C:\Windows\System\SrKcTvm.exe
  C:\Windows\System\SrKcTvm.exe
  2⤵
  PID:8300
- C:\Windows\System\QGKrxLi.exe
  C:\Windows\System\QGKrxLi.exe
  2⤵
  PID:8288
- C:\Windows\System\kKOZBGL.exe
  C:\Windows\System\kKOZBGL.exe
  2⤵
  PID:8380
- C:\Windows\System\yeKmZKl.exe
  C:\Windows\System\yeKmZKl.exe
  2⤵
  PID:8484
- C:\Windows\System\jfwjXoV.exe
  C:\Windows\System\jfwjXoV.exe
  2⤵
  PID:8500
- C:\Windows\System\qkXbzNX.exe
  C:\Windows\System\qkXbzNX.exe
  2⤵
  PID:8464
- C:\Windows\System\dPxXulr.exe
  C:\Windows\System\dPxXulr.exe
  2⤵
  PID:8688
- C:\Windows\System\fYRdxsh.exe
  C:\Windows\System\fYRdxsh.exe
  2⤵
  PID:8592
- C:\Windows\System\FpglpTu.exe
  C:\Windows\System\FpglpTu.exe
  2⤵
  PID:8716
- C:\Windows\System\yrHiueL.exe
  C:\Windows\System\yrHiueL.exe
  2⤵
  PID:8736
- C:\Windows\System\LhMEelI.exe
  C:\Windows\System\LhMEelI.exe
  2⤵
  PID:8808
- C:\Windows\System\RXiDYOL.exe
  C:\Windows\System\RXiDYOL.exe
  2⤵
  PID:8792
- C:\Windows\System\ISrsGYq.exe
  C:\Windows\System\ISrsGYq.exe
  2⤵
  PID:8856
- C:\Windows\System\rRxXSiR.exe
  C:\Windows\System\rRxXSiR.exe
  2⤵
  PID:8864
- C:\Windows\System\iYtDSIm.exe
  C:\Windows\System\iYtDSIm.exe
  2⤵
  PID:8904
- C:\Windows\System\CAXvbEw.exe
  C:\Windows\System\CAXvbEw.exe
  2⤵
  PID:8980
- C:\Windows\System\MSharyo.exe
  C:\Windows\System\MSharyo.exe
  2⤵
  PID:9032
- C:\Windows\System\cFTHhQw.exe
  C:\Windows\System\cFTHhQw.exe
  2⤵
  PID:9084
- C:\Windows\System\hbOWhdD.exe
  C:\Windows\System\hbOWhdD.exe
  2⤵
  PID:9100
- C:\Windows\System\qTblzeD.exe
  C:\Windows\System\qTblzeD.exe
  2⤵
  PID:9172
- C:\Windows\System\GtYvPfo.exe
  C:\Windows\System\GtYvPfo.exe
  2⤵
  PID:9200
- C:\Windows\System\YNQzWPD.exe
  C:\Windows\System\YNQzWPD.exe
  2⤵
  PID:8252
- C:\Windows\System\girsyse.exe
  C:\Windows\System\girsyse.exe
  2⤵
  PID:8540
- C:\Windows\System\mNsEYms.exe
  C:\Windows\System\mNsEYms.exe
  2⤵
  PID:8416
- C:\Windows\System\XJePlfW.exe
  C:\Windows\System\XJePlfW.exe
  2⤵
  PID:8624
- C:\Windows\System\sahXzMA.exe
  C:\Windows\System\sahXzMA.exe
  2⤵
  PID:8756
- C:\Windows\System\UYoCdUn.exe
  C:\Windows\System\UYoCdUn.exe
  2⤵
  PID:8848
- C:\Windows\System\tEspGli.exe
  C:\Windows\System\tEspGli.exe
  2⤵
  PID:9012
- C:\Windows\System\MeanHwZ.exe
  C:\Windows\System\MeanHwZ.exe
  2⤵
  PID:9168
- C:\Windows\System\quUJYKI.exe
  C:\Windows\System\quUJYKI.exe
  2⤵
  PID:9068
- C:\Windows\System\jyZpbPa.exe
  C:\Windows\System\jyZpbPa.exe
  2⤵
  PID:8680
- C:\Windows\System\JyuDeTY.exe
  C:\Windows\System\JyuDeTY.exe
  2⤵
  PID:8712
- C:\Windows\System\ooCfnZo.exe
  C:\Windows\System\ooCfnZo.exe
  2⤵
  PID:8700
- C:\Windows\System\sdzMUgE.exe
  C:\Windows\System\sdzMUgE.exe
  2⤵
  PID:8900
- C:\Windows\System\yozbhzC.exe
  C:\Windows\System\yozbhzC.exe
  2⤵
  PID:9048
- C:\Windows\System\SgnnEsP.exe
  C:\Windows\System\SgnnEsP.exe
  2⤵
  PID:8220
- C:\Windows\System\wJyWBVO.exe
  C:\Windows\System\wJyWBVO.exe
  2⤵
  PID:8872
- C:\Windows\System\sneMjhS.exe
  C:\Windows\System\sneMjhS.exe
  2⤵
  PID:9028
- C:\Windows\System\YIrBaXf.exe
  C:\Windows\System\YIrBaXf.exe
  2⤵
  PID:9240
- C:\Windows\System\AjneCqy.exe
  C:\Windows\System\AjneCqy.exe
  2⤵
  PID:9264
- C:\Windows\System\QZArMfv.exe
  C:\Windows\System\QZArMfv.exe
  2⤵
  PID:9284
- C:\Windows\System\TITyazh.exe
  C:\Windows\System\TITyazh.exe
  2⤵
  PID:9300
- C:\Windows\System\sEKtKFW.exe
  C:\Windows\System\sEKtKFW.exe
  2⤵
  PID:9316
- C:\Windows\System\xLtxads.exe
  C:\Windows\System\xLtxads.exe
  2⤵
  PID:9332
- C:\Windows\System\roGzThh.exe
  C:\Windows\System\roGzThh.exe
  2⤵
  PID:9348
- C:\Windows\System\nFTLlkH.exe
  C:\Windows\System\nFTLlkH.exe
  2⤵
  PID:9368
- C:\Windows\System\uSxcVnZ.exe
  C:\Windows\System\uSxcVnZ.exe
  2⤵
  PID:9384
- C:\Windows\System\ZklYJFg.exe
  C:\Windows\System\ZklYJFg.exe
  2⤵
  PID:9404
- C:\Windows\System\NZiHral.exe
  C:\Windows\System\NZiHral.exe
  2⤵
  PID:9420
- C:\Windows\System\XgPdDPP.exe
  C:\Windows\System\XgPdDPP.exe
  2⤵
  PID:9436
- C:\Windows\System\gviteYH.exe
  C:\Windows\System\gviteYH.exe
  2⤵
  PID:9460
- C:\Windows\System\VELmgSa.exe
  C:\Windows\System\VELmgSa.exe
  2⤵
  PID:9480
- C:\Windows\System\dLDggfN.exe
  C:\Windows\System\dLDggfN.exe
  2⤵
  PID:9500
- C:\Windows\System\nXAGGmr.exe
  C:\Windows\System\nXAGGmr.exe
  2⤵
  PID:9520
- C:\Windows\System\YSqmctJ.exe
  C:\Windows\System\YSqmctJ.exe
  2⤵
  PID:9540
- C:\Windows\System\lqdLfeX.exe
  C:\Windows\System\lqdLfeX.exe
  2⤵
  PID:9564
- C:\Windows\System\dhKRraF.exe
  C:\Windows\System\dhKRraF.exe
  2⤵
  PID:9580
- C:\Windows\System\oziIJpG.exe
  C:\Windows\System\oziIJpG.exe
  2⤵
  PID:9596
- C:\Windows\System\TNqFwfw.exe
  C:\Windows\System\TNqFwfw.exe
  2⤵
  PID:9616
- C:\Windows\System\aUkQGnT.exe
  C:\Windows\System\aUkQGnT.exe
  2⤵
  PID:9632
- C:\Windows\System\CQEHccx.exe
  C:\Windows\System\CQEHccx.exe
  2⤵
  PID:9648
- C:\Windows\System\gklbtHH.exe
  C:\Windows\System\gklbtHH.exe
  2⤵
  PID:9664
- C:\Windows\System\yCLNglm.exe
  C:\Windows\System\yCLNglm.exe
  2⤵
  PID:9680
- C:\Windows\System\TrEhaQT.exe
  C:\Windows\System\TrEhaQT.exe
  2⤵
  PID:9712
- C:\Windows\System\QkPlVaA.exe
  C:\Windows\System\QkPlVaA.exe
  2⤵
  PID:9732
- C:\Windows\System\tvJdvoD.exe
  C:\Windows\System\tvJdvoD.exe
  2⤵
  PID:9748
- C:\Windows\System\HGOkLEP.exe
  C:\Windows\System\HGOkLEP.exe
  2⤵
  PID:9768
- C:\Windows\System\tRmduTE.exe
  C:\Windows\System\tRmduTE.exe
  2⤵
  PID:9784
- C:\Windows\System\USHQvYG.exe
  C:\Windows\System\USHQvYG.exe
  2⤵
  PID:9800
- C:\Windows\System\PIbFXSA.exe
  C:\Windows\System\PIbFXSA.exe
  2⤵
  PID:9816
- C:\Windows\System\mRztLhW.exe
  C:\Windows\System\mRztLhW.exe
  2⤵
  PID:9832
- C:\Windows\System\pIFcQdT.exe
  C:\Windows\System\pIFcQdT.exe
  2⤵
  PID:9848
- C:\Windows\System\EhyPAYn.exe
  C:\Windows\System\EhyPAYn.exe
  2⤵
  PID:9864
- C:\Windows\System\oENwCOu.exe
  C:\Windows\System\oENwCOu.exe
  2⤵
  PID:9880
- C:\Windows\System\zpyvuKP.exe
  C:\Windows\System\zpyvuKP.exe
  2⤵
  PID:9896
- C:\Windows\System\YLoCRnJ.exe
  C:\Windows\System\YLoCRnJ.exe
  2⤵
  PID:9912
- C:\Windows\System\VWLMTEq.exe
  C:\Windows\System\VWLMTEq.exe
  2⤵
  PID:9928
- C:\Windows\System\atyCvuO.exe
  C:\Windows\System\atyCvuO.exe
  2⤵
  PID:9944
- C:\Windows\System\IGqMRbK.exe
  C:\Windows\System\IGqMRbK.exe
  2⤵
  PID:9960
- C:\Windows\System\ZkcTEgy.exe
  C:\Windows\System\ZkcTEgy.exe
  2⤵
  PID:9976
- C:\Windows\System\WZyxCmu.exe
  C:\Windows\System\WZyxCmu.exe
  2⤵
  PID:9992
- C:\Windows\System\dydsYwq.exe
  C:\Windows\System\dydsYwq.exe
  2⤵
  PID:10008
- C:\Windows\System\fpVxvEC.exe
  C:\Windows\System\fpVxvEC.exe
  2⤵
  PID:10024
- C:\Windows\System\gOevkGF.exe
  C:\Windows\System\gOevkGF.exe
  2⤵
  PID:10040
- C:\Windows\System\NHAyDoP.exe
  C:\Windows\System\NHAyDoP.exe
  2⤵
  PID:10056
- C:\Windows\System\niKYEnj.exe
  C:\Windows\System\niKYEnj.exe
  2⤵
  PID:10076
- C:\Windows\System\uEWthLe.exe
  C:\Windows\System\uEWthLe.exe
  2⤵
  PID:10100
- C:\Windows\System\OZMKxyU.exe
  C:\Windows\System\OZMKxyU.exe
  2⤵
  PID:10116
- C:\Windows\System\dDjBgVz.exe
  C:\Windows\System\dDjBgVz.exe
  2⤵
  PID:10132
- C:\Windows\System\xDNyery.exe
  C:\Windows\System\xDNyery.exe
  2⤵
  PID:10156
- C:\Windows\System\ErlGZDK.exe
  C:\Windows\System\ErlGZDK.exe
  2⤵
  PID:9400
- C:\Windows\System\wVFvMWN.exe
  C:\Windows\System\wVFvMWN.exe
  2⤵
  PID:9476
- C:\Windows\System\SnvEKsi.exe
  C:\Windows\System\SnvEKsi.exe
  2⤵
  PID:9624
- C:\Windows\System\mGuqTIK.exe
  C:\Windows\System\mGuqTIK.exe
  2⤵
  PID:9592
- C:\Windows\System\jCrDBEY.exe
  C:\Windows\System\jCrDBEY.exe
  2⤵
  PID:9696
- C:\Windows\System\gihvSyQ.exe
  C:\Windows\System\gihvSyQ.exe
  2⤵
  PID:9720
- C:\Windows\System\ZMENQot.exe
  C:\Windows\System\ZMENQot.exe
  2⤵
  PID:9756
- C:\Windows\System\LNaeRMv.exe
  C:\Windows\System\LNaeRMv.exe
  2⤵
  PID:9780
- C:\Windows\System\OiDoREF.exe
  C:\Windows\System\OiDoREF.exe
  2⤵
  PID:9872
- C:\Windows\System\nSXZHdX.exe
  C:\Windows\System\nSXZHdX.exe
  2⤵
  PID:9936
- C:\Windows\System\AQPgyOZ.exe
  C:\Windows\System\AQPgyOZ.exe
  2⤵
  PID:10000
- C:\Windows\System\YDjGOzy.exe
  C:\Windows\System\YDjGOzy.exe
  2⤵
  PID:9764
- C:\Windows\System\BWvHJJR.exe
  C:\Windows\System\BWvHJJR.exe
  2⤵
  PID:9824
- C:\Windows\System\jlmkbBc.exe
  C:\Windows\System\jlmkbBc.exe
  2⤵
  PID:9920
- C:\Windows\System\MHBclXR.exe
  C:\Windows\System\MHBclXR.exe
  2⤵
  PID:10020
- C:\Windows\System\RtblOxf.exe
  C:\Windows\System\RtblOxf.exe
  2⤵
  PID:10108
- C:\Windows\System\uQppqbP.exe
  C:\Windows\System\uQppqbP.exe
  2⤵
  PID:10164
- C:\Windows\System\jIFFQYG.exe
  C:\Windows\System\jIFFQYG.exe
  2⤵
  PID:10188
- C:\Windows\System\BCDjika.exe
  C:\Windows\System\BCDjika.exe
  2⤵
  PID:10208
- C:\Windows\System\rSbUMDk.exe
  C:\Windows\System\rSbUMDk.exe
  2⤵
  PID:10224
- C:\Windows\System\eDLoeqr.exe
  C:\Windows\System\eDLoeqr.exe
  2⤵
  PID:9292
- C:\Windows\System\bofQyeE.exe
  C:\Windows\System\bofQyeE.exe
  2⤵
  PID:9360
- C:\Windows\System\GnMGdPu.exe
  C:\Windows\System\GnMGdPu.exe
  2⤵
  PID:9452
- C:\Windows\System\uzBBQGa.exe
  C:\Windows\System\uzBBQGa.exe
  2⤵
  PID:8944
- C:\Windows\System\vLYiZNl.exe
  C:\Windows\System\vLYiZNl.exe
  2⤵
  PID:8524
- C:\Windows\System\FaufBSx.exe
  C:\Windows\System\FaufBSx.exe
  2⤵
  PID:8656
- C:\Windows\System\ItKsYar.exe
  C:\Windows\System\ItKsYar.exe
  2⤵
  PID:9252
- C:\Windows\System\hEQQUvd.exe
  C:\Windows\System\hEQQUvd.exe
  2⤵
  PID:9276
- C:\Windows\System\KRHokON.exe
  C:\Windows\System\KRHokON.exe
  2⤵
  PID:9328
- C:\Windows\System\hgNvuYb.exe
  C:\Windows\System\hgNvuYb.exe
  2⤵
  PID:9488
- C:\Windows\System\IluttTa.exe
  C:\Windows\System\IluttTa.exe
  2⤵
  PID:9548
- C:\Windows\System\BIZBdhz.exe
  C:\Windows\System\BIZBdhz.exe
  2⤵
  PID:9432
- C:\Windows\System\mMJeMKp.exe
  C:\Windows\System\mMJeMKp.exe
  2⤵
  PID:9644
- C:\Windows\System\hFkTJyk.exe
  C:\Windows\System\hFkTJyk.exe
  2⤵
  PID:9708
- C:\Windows\System\SsmYWIA.exe
  C:\Windows\System\SsmYWIA.exe
  2⤵
  PID:9908
- C:\Windows\System\gOqaSEt.exe
  C:\Windows\System\gOqaSEt.exe
  2⤵
  PID:9724
- C:\Windows\System\MhqCNoZ.exe
  C:\Windows\System\MhqCNoZ.exe
  2⤵
  PID:9728
- C:\Windows\System\wIdgWEV.exe
  C:\Windows\System\wIdgWEV.exe
  2⤵
  PID:9972
- C:\Windows\System\jXSvmdr.exe
  C:\Windows\System\jXSvmdr.exe
  2⤵
  PID:9952
- C:\Windows\System\SsQenlo.exe
  C:\Windows\System\SsQenlo.exe
  2⤵
  PID:10124
- C:\Windows\System\XuKTZsy.exe
  C:\Windows\System\XuKTZsy.exe
  2⤵
  PID:10144
- C:\Windows\System\YdvScwp.exe
  C:\Windows\System\YdvScwp.exe
  2⤵
  PID:10064
- C:\Windows\System\AWWvVCc.exe
  C:\Windows\System\AWWvVCc.exe
  2⤵
  PID:10180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AOGowVy.exe

Filesize
6.0MB

MD5
0276af22d9495cecf2e75f1d7dc02274

SHA1
a8250a24b02b47ebae63d6d127f60b62879cc723

SHA256
65fc1eeac24c6bfa9d602a6e1efde6748a10432667ada71bbf59fed2d9947e7f

SHA512
b8c1f9a755018ce9950d2654f648159ca221c4c5328f107d8a159aab82a59c747343a070feb6ba6f9cf51f20234a09340592f17cfcbcc7f147eb1e89c6248e37

Download Submit
C:\Windows\system\GYPLAVa.exe

Filesize
6.0MB

MD5
83cb43146914f990a25d30bc101a51ac

SHA1
383d8ae04f3b5cb3e8f6f5adb44b5ee96e7de469

SHA256
487892bed2a6b809981c759fb46320125fe026727771953e24c68433f3f797ad

SHA512
ea4fee230a3ba46fe7772d605050ae78d0f053f5e112ea2f6753cb95e8224c62bb4f1e0d75f7912259a400fe97562dbf9f3420cfe26b40436408b0f5824bd038

Download Submit
C:\Windows\system\LuOLPTS.exe

Filesize
6.0MB

MD5
91a3a6735f90345f14ce8df4f0d2c6af

SHA1
020214bf459f3428d030a32d86d8fbfac41147f6

SHA256
b19c2c8c055bf497916b4440588f277e6cf165546c7c3f05a8013481ca30d53e

SHA512
c2edd07272ecc4887fa92b4ee86e09c5e2f38a228f7f122c1894619476563c9a4a8753b539809a8a960b365549b7e23c5f229f4e84ffbf3dd07d4522f64f62f8

Download Submit
C:\Windows\system\NYXrlGV.exe

Filesize
6.0MB

MD5
47ee143418ced14acd939bf11c371784

SHA1
4459b1d8d20ee0c6c48d3dd170a12f7f26014cc2

SHA256
91408d099c18d79d19bfedc0279f9dffad7d7d1d61c11b22a6a04f8de672a121

SHA512
ada8e1af6815ce5f513a0cb60d04f733146b3d16a0d996d6607e43e6f51f4477e0a0e9f06ce3457064b52216e488e6a25e824588137379125c9e4f2073a2c17a

Download Submit
C:\Windows\system\ODhLHoL.exe

Filesize
6.0MB

MD5
30fc7e77e071ef612bac3715ebc6e896

SHA1
fd47b1c368fe64f80d1b167042ff884c8f2cc269

SHA256
3db22a8682ec9dd5f7599d05f1658c189fc340fcb77ef717ecc3b2d914bb766c

SHA512
fb11baf2b886e1d727b369fd86eba5fdca149867e28cbbd8e7ad41f221ead2d3b4573be65d312627cf8c74f1ca890d46571d3a96c5f00949551811276cde8e1b

Download Submit
C:\Windows\system\RDRmfio.exe

Filesize
6.0MB

MD5
fb3411a06793c17a25f339753bc29c92

SHA1
254e16c4646b811fa341442bc8128c1aa0cc8eeb

SHA256
8b9ccb10eb92735c8872d8b545dd8baaafad634dc7b3f9659b181bbc204950b0

SHA512
c79e3b0f4ea3a4bc642443e36cd0239be348a56c5b42f8bb97e6a34dfdfc1b224932624f47006bb08ca662b3df970a0a8f212098c6031cb6ad939b17747525fe

Download Submit
C:\Windows\system\RKQUMDN.exe

Filesize
6.0MB

MD5
879b8d1efe43a50a7aba904d1a3753b2

SHA1
d2b64baa0830d420f5b9ca9eb5b5a410dde5e5c8

SHA256
634f56f15c32c5c61ff872c4fe933fb596a57b5a944884c1016dade166d6a591

SHA512
50604e9b2d0653074bc1a4aa89b8146bc447217f30154ba7c689b9cb60b5013d3c94f88480b4070b0be61f6e8fcaa0e4d64d3934976016ae280dbb51e210a5e3

Download Submit
C:\Windows\system\SpUGXJd.exe

Filesize
6.0MB

MD5
46e047e395a95be27d57d0f7df5de779

SHA1
eb4b85b55a81b4e177ef2957663612d9b0a628e8

SHA256
77cb58ba759db781edf5e3d301dbda1fca8cc5e806ae95939ed923d52f43d930

SHA512
ce596af54c9b61575d88ecbcd28180938ddedf8a775a065990e673dc7d540a3aec699d7c4a8ce6ed37781bf761293516e7f4cbb432da18798cf588afd9048171

Download Submit
C:\Windows\system\VVnNtso.exe

Filesize
6.0MB

MD5
3c4d239e1e27bf478b593cff64e7a5b7

SHA1
2cd2490abd4c46f6026e9d0c8886591dbd5fc01b

SHA256
8410830574bbfff56dae5b43ae70f4c77c65a95fe30abfd67c39dcb0ac6bb60d

SHA512
904b544d5df023fc901c1d761b20b0132da34c4a3da928c7664fc80598a4bfa4dec5d395b36f06812f85573770184200bf46a1f13e535caa3a5bef82c2352f3c

Download Submit
C:\Windows\system\ZMATfRq.exe

Filesize
6.0MB

MD5
219003bbbc048937e000f7652e1f2a15

SHA1
9d95c4eee1cd773e39ada085cb92d3cf0693c822

SHA256
ed76756a7088170a3aaef33c3007238784d08b9215933f15f335a1502565f18f

SHA512
fea18a3302d4c5b5b626215c6ce509b7863dd6637bce6dd015b1c2ec106e813f6b7ab570e2ab18f04c355401a1a3762ccba5f1ed259e7c02f33f41eae21658dd

Download Submit
C:\Windows\system\Zenbbul.exe

Filesize
6.0MB

MD5
676d96a5b16f0e040cc9160e87ddf773

SHA1
aa773065d51181c5f7e3bc865dd1a4b1551d396e

SHA256
c0b824e21fab80b674bd8e27231eec340f81ea9338458d7813b34c928b3e1ed8

SHA512
0675eee93b086e39ba02130d51bad424d76824b64b9bbe3f4c475198445e555a2c920ab22645f1e5b617ac533b670c3601751997d48d52f9d85fa3a2be4a59ec

Download Submit
C:\Windows\system\akuiSkF.exe

Filesize
6.0MB

MD5
8e22321b2e36c2f51c5a0cd4990c6190

SHA1
12929930cd65357188b010a008ee352eb1eafeb5

SHA256
71b28fa3cfdcb3086b83da59c27fc68e1ef9ebbe61e67209a0ef560f579b618a

SHA512
68b470c5b3259f6791b5a71ba8d90a0f3c3838163c481f92132d140e2101563e2335b22fc1593336ff42e30b84fb044732ed7d40ceb0da9ec2c55ef89300de25

Download Submit
C:\Windows\system\bKOSElX.exe

Filesize
6.0MB

MD5
41a56ae325d27029762df51b5dcb3c7c

SHA1
b35392785c7ecc93163b13503b46e5999248f234

SHA256
bceef0fe06eafc17f8183ecc5f847a26f7be7332fa92d1e7206bf51df84120d1

SHA512
fb5df677f33238992a1a8a10b703fba4a1f35bd190b330947b55a610f933e936f998527e696a163d0d96ac608f8310972578b4b4c85e70ad8abf5d46702e220f

Download Submit
C:\Windows\system\beQcgnH.exe

Filesize
6.0MB

MD5
ded69bf173257766e97a3d2e15e119be

SHA1
126a9b95b79e9d3be9fc75b2a3d3b299dddc9bef

SHA256
89eff022bb66a482f7a5f6f38b7219b9498ae86d0cdb348498a7594260b780cb

SHA512
d6ac1fcfbd3a8f11e2d06646ead9525a9f74f2df32c33a6ab801ffe38855679ee78d4b3195aeaa01b24e4027346eb61d12ca3d263009a392f9b455698a7eb5c5

Download Submit
C:\Windows\system\bxFHHWr.exe

Filesize
6.0MB

MD5
c25d7f378ba9fb319bdffec7bcebe0e0

SHA1
e3b120597f0f62fe72200d4b71b5800d2a08a820

SHA256
2613d5984c1f4e997287519eb1f60f7d74ea9ea02576ea7fb177ecf8b0b53f35

SHA512
18317b115d1a79f0756e39fb882fb9c662d80bc5f9b101a94c9620c184740e302f593cb6b469cae08d3f518c081333378ea1fe60e48a71338ed448e8c8cbc078

Download Submit
C:\Windows\system\crKdNKC.exe

Filesize
6.0MB

MD5
d3876d386f64b89c64f8daf3808664f1

SHA1
884a37aa85d6b9e08e6d5cb7af5c3d0a14bac984

SHA256
06c8a7d737d192c6a44d34e1daedcd7195577db10cd7232f779548c2ff0b6233

SHA512
bc56029aed65ce6ed54f70bdc93d4cc9fa910332a4b6ba15bae6eb230df28dad050235f482da14f29ec0663baeb2b5f7be3739496e23bfe501ef218fb3f649dc

Download Submit
C:\Windows\system\eHvIiEI.exe

Filesize
6.0MB

MD5
42879aa1ea665aa486a47d1fba0e1b9b

SHA1
47bd2123a809adbbac5dc1ea4d926564fa527678

SHA256
61b3abc649c1593636aafda1b491b5b78fd30f3295a7b6c7afa205c611644120

SHA512
6ff6a6632c3e9442391187a015735d29833f024c7d81928d898e1642b90925784335ec1c142da602fe75c403143cb5359858e3900e1bd2402e90fec492d9013b

Download Submit
C:\Windows\system\ftPlAzF.exe

Filesize
6.0MB

MD5
7c0484d5fbaad82c2fe3ac458dcc66a8

SHA1
e22c1306026f0f7546770aa3b9fe06fd36785d7b

SHA256
919b18af0ba24abafd9dfa73799ae9f9653c405a8beef3df6ab047e4c2b91060

SHA512
08887138baa3d21b92a182eb8497162b737c7d5fa19e57cf441bbc7caf177b743c6a6d87cbd0f99703d3d38c66cb837e44279bc45d65fbb32c3571f8e5c77704

Download Submit
C:\Windows\system\gBJetag.exe

Filesize
6.0MB

MD5
05a1f1dbbc265bd4bdf446b409b5fa20

SHA1
7c3190d1e7bfd2e53931caa3a4b6428dcbbc574c

SHA256
aaf58160831533fa8b7ec4e3308644c1464e96c8f726132b85594aae18f2ca61

SHA512
abf326a3de44a2fd13e8e09be1c1fe4c80f66c23d81924ffd09bf0c5930523463622ff6e0dbee2e6d369d04750c403e93029719c85c7a7f74bf2b5ff324c84c7

Download Submit
C:\Windows\system\hknqPeR.exe

Filesize
6.0MB

MD5
2188a1eb35040bdfc627234a3d9ad5e6

SHA1
2256ad13058d63e54ffc314535bad89f59dd07f8

SHA256
1c60a752edd1623fd2658299a182ca01e2c1a0509b4231e8ffdec49f59125059

SHA512
10a88fc9c0d3a8f36aa206689877c58f3e383ad791507bba0616487761be320db639df56c1edc1c30286e594a3cc5eff1f5bc548aea74c4b44b54a1be40c74b1

Download Submit
C:\Windows\system\jkWKxxf.exe

Filesize
6.0MB

MD5
0028ed3adf828fc1862445aa50a3f5b9

SHA1
8985ff24453ae67eeda9c558987075417b083d42

SHA256
df91ec15c0ec6a46d5608a99adab9a470a1a4955daf172f5eaaf49a7949e6892

SHA512
b0b2ded79ac72c70bc74313ab7fdff674a18f1f8dc86eba5610b80200549cc1642cdf058e2c399aa8a4974f8ca465385d27d3881608d0c3f2488df7679c3e751

Download Submit
C:\Windows\system\jlfiyEq.exe

Filesize
6.0MB

MD5
651f7a668855b2f0e207ab19194943ca

SHA1
da6a593bd1c36d86be15a0dcd449795f253914f3

SHA256
b74eb0dc940e4a0df5faf2a01e707b9c6f0111e0369585c9552cec1caa7ec75c

SHA512
ad6ad3dacfd454053e6a509ab85231d6109b78f9cd51881f7ee1566d6f98c42eb9c7fd3415d93d2137ab9aa71016b012ef0bdddcf56b0f22e3ed5d0a0c592386

Download Submit
C:\Windows\system\lPziSXD.exe

Filesize
6.0MB

MD5
42d2e2e566643c7235f764c7c39e1236

SHA1
5e2304c1af4bdece27531891b102f95abd0b7fa1

SHA256
af68a2e2fb0a606c71c5ca83c5cae0d0ac8e238109006328b1e3d0afdde92406

SHA512
5fe3387370eb057c1cefc37fcd843b26d84abcf0859d02bd88405f80f16fe06bde5ee8fcedd149f83702da21da2444dd3ed6a6bb5c436f1dcabaaf0e83cc4a36

Download Submit
C:\Windows\system\pJhYcwZ.exe

Filesize
6.0MB

MD5
047667f93db7abca6d9216812b33a3fc

SHA1
f51cc2fa46c7d96d6f2cbf11c0b3f9916ad0e6fe

SHA256
7a184e7059f24b59eed70bd00188ea784196a1b29bdbc28c45764f015f2a1499

SHA512
b27e9b8a7ca8aa7d98146692d750af754c0922f1849da73f5a74c3af2bb4e0024704f2828e082c6faf8a9ce55c004522077e06ee1ac73793e4a81921d2592311

Download Submit
C:\Windows\system\vyzzCgS.exe

Filesize
6.0MB

MD5
d70337c8ad8b36e414d0531687e9373a

SHA1
36cfd832e7da3b3a0c3d4eaa39aa7c95a3b1c333

SHA256
4e109d7d0fc2db4917a6b60a1d975a4e376bf9f760921a8f064f8c49bb31f4d0

SHA512
3a9b484a068b880b9ff11f2c2ef761031cfcfeed0484775a9549bd7020c07f6e7029e07a474591faa24e93e4b894947b13ef66825ee6f78dbeac035f530c387b

Download Submit
C:\Windows\system\wZSuAui.exe

Filesize
6.0MB

MD5
9a733f4c3216a3ce24d48c6d883b5f4b

SHA1
c9804ad2875d289532eaa4445e25dc5055ed36c1

SHA256
a6688b8f8a196d77396bb6eeb39ffa8b1e8430289f375aec8a9c36c719bf38c7

SHA512
10272a43a57e3e9889d444659f4350dae6c7c21f6ebc3f507e1c914b35b5936ab7a6f372cbb7a3fabbe64fb9d5f8f2c1ed774a5ad680043dcbb6cc34a95e7b49

Download Submit
C:\Windows\system\yhlVKMm.exe

Filesize
6.0MB

MD5
40717366f48394b4017fa82dfd91852e

SHA1
e22d4eaa54162f44a901f9952c3626bdf6b16fa3

SHA256
bd57d87a443c9cd1bec9b7eebdab58082b7ae001c5ba5fbd7015d13953a13792

SHA512
585058b47b926bffaa27e7915d0f1828429e8b48e59b89a2a20f2dd3220e1da17dac57e24eee5929954327af2c63b2ead40cfbfb28c11dda1a9deee9ac263f92

Download Submit
\Windows\system\KunUjWd.exe

Filesize
6.0MB

MD5
20bbcd27c2d8765f51fd22c49303a99d

SHA1
b7899e0cdd72ae1f1089611e8f4f7d9037fc6d2a

SHA256
faaa0532c2b99ac3efaa85e54b2fbd2f5692d2ed72f9a842327e2e37bc2337d2

SHA512
c45bc6b8f7388841c152352cb519e74b1adcb17b0cc6688ff9b49cfeaaec6e7c41e4df9c667d122403b7a2eea4c2fb7c973082effc75be956be5b519e482e4c8

Download Submit
\Windows\system\LaGtzJX.exe

Filesize
6.0MB

MD5
ca382818f27015b7bd9541c65364b33e

SHA1
feea3552c21a52b280d31a5fde3cc4ef66708de9

SHA256
ffbdc522b9c9df55b0624f6781a3a10d7fa3020cda6b90910d658f137258da7e

SHA512
d7aa0026833e6419fe04fa71add225050dbda43fadf6dd80408065c44f7ff6bcf526b165c057e0d27d3d79561ec8459055c8e5852a3a6325625ae7a8cb9a73a0

Download Submit
\Windows\system\VdlmzJZ.exe

Filesize
6.0MB

MD5
0d3585b6c4787d023396d689c901584c

SHA1
d4be3fe1a09e0761f66a2836dc0a6bad1d8e3832

SHA256
7cc7fce5972b51829009c415a1157ffe1506dedebc897948389ac1e5c42c0fbc

SHA512
5c042072f32046c2c8133389f5fd9a4b6d760d0931ed7c08cabefaa9551365d762795703ae400c7c9170a85cbe94ce95cdbb12e4edb06af4b4cfe0317eb42963

Download Submit
\Windows\system\tFMgRPR.exe

Filesize
6.0MB

MD5
9421e682e5af1c41c2cce9e820dd01ee

SHA1
24fa15b005834d934859bfdd9d5f3f6561da75c8

SHA256
6e23a586b04beb2d4dfe4d2fae1869e09c25f503d74f881ba87bd6b2b464e26a

SHA512
cb2535e5681b6a3350179b80922469a4a42b84fd6f853ae106433b53071a25dac767ca3325661c779978fe01731049c663aafe6bd85a7822b39f77f80f80520d

Download Submit
\Windows\system\tTeoRQy.exe

Filesize
6.0MB

MD5
f216b97f89e9ed7929cd800d18c50694

SHA1
b0a29bec9de6ee55607acab4a8f4ab589cc24a08

SHA256
611a88f920d8dfe87f6d11643ef790ff914b359f0b190bda193bf9521f2e8a8c

SHA512
116f46f94622758c5910a09642fbd4c169d4ceb4467293957c489b995c57d90391b6d464b10e6792a6ad1e5e63defa0844f88a7391eaeb10a8ab0e09ab1e24ce

Download Submit
memory/948-93-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/948-3171-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/948-55-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1868-94-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1868-540-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1868-3172-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2016-103-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2016-642-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3166-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2044-3165-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2044-420-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2044-85-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2100-297-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3167-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-189-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-70-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2208-3168-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-90-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-33-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-12-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-484-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-89-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2332-578-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2332-99-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2332-98-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-360-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2332-18-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-74-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-81-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-50-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-52-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2332-42-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2332-60-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-14-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2516-47-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3145-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3150-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2520-7-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2520-39-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2616-63-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3176-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2616-102-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2680-51-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-21-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3159-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-28-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3143-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2736-77-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3122-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2736-40-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3169-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-48-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-84-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-67-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-36-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4634-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download