cobaltstrike | 23563b50da16400ec121f70ed4021b004e6cf73e42a940c70e06ef4bb5d7ecac

Analysis

max time kernel
132s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

86e898db70729fad9df367cb372e852d
SHA1

1c2237ea875625b94b60deab90b3c98a3e10f203
SHA256

23563b50da16400ec121f70ed4021b004e6cf73e42a940c70e06ef4bb5d7ecac
SHA512

f75e61d654871709b8f812216cfab33bd0b3e7784f96623e575c597e35c1fc4923d57cd2b1cac04d8d9847fdba6e2e6ea591e92b4d06e2fd8a6f79d6bde852e1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-24.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-15.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001660e-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-30.dat	cobalt_reflective_dll
behavioral1/files/0x00340000000162e4-59.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017570-52.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-146.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-96.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-82.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-89.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-70.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-65.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d22-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-48.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012280-3.dat	xmrig
behavioral1/memory/2708-21-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2752-23-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2780-20-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c89-24.dat	xmrig
behavioral1/files/0x0008000000016890-15.dat	xmrig
behavioral1/files/0x000800000001660e-11.dat	xmrig
behavioral1/files/0x0007000000016ca0-30.dat	xmrig
behavioral1/files/0x00340000000162e4-59.dat	xmrig
behavioral1/files/0x0008000000017570-52.dat	xmrig
behavioral1/memory/2380-84-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001871c-114.dat	xmrig
behavioral1/files/0x0006000000018d83-135.dat	xmrig
behavioral1/files/0x0005000000019261-165.dat	xmrig
behavioral1/files/0x0005000000019354-191.dat	xmrig
behavioral1/memory/1632-780-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2380-986-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1912-349-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x00050000000192a1-186.dat	xmrig
behavioral1/files/0x0005000000019299-181.dat	xmrig
behavioral1/files/0x000500000001927a-176.dat	xmrig
behavioral1/files/0x0005000000019274-170.dat	xmrig
behavioral1/files/0x000500000001924f-161.dat	xmrig
behavioral1/files/0x0005000000019237-156.dat	xmrig
behavioral1/files/0x0005000000019203-151.dat	xmrig
behavioral1/files/0x0006000000019056-146.dat	xmrig
behavioral1/files/0x0006000000018fdf-141.dat	xmrig
behavioral1/files/0x0006000000018d7b-131.dat	xmrig
behavioral1/files/0x0006000000018be7-126.dat	xmrig
behavioral1/files/0x0005000000018745-121.dat	xmrig
behavioral1/files/0x000500000001870c-111.dat	xmrig
behavioral1/memory/2600-107-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2672-106-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018706-103.dat	xmrig
behavioral1/memory/1632-98-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0005000000018697-96.dat	xmrig
behavioral1/memory/1168-93-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2904-86-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1952-85-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f7-82.dat	xmrig
behavioral1/files/0x000d000000018683-89.dat	xmrig
behavioral1/memory/1912-79-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1732-78-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2380-77-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/1488-76-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2548-74-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2596-71-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cf0-70.dat	xmrig
behavioral1/files/0x00060000000175f1-65.dat	xmrig
behavioral1/files/0x0008000000016d22-64.dat	xmrig
behavioral1/files/0x0007000000016cab-48.dat	xmrig
behavioral1/memory/2600-46-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2672-29-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2780-2908-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2708-2906-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2752-2905-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2548-2983-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/1632-3003-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2672-3002-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1732-3000-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/1168-2999-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1952-2998-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2600-2997-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2780	DKyLZrl.exe
2752	sJBoCUp.exe
2708	AQOXYwQ.exe
2672	SIgDKMl.exe
2600	omhOxfU.exe
2596	Orgojug.exe
2548	TXkulft.exe
1732	DGzYtek.exe
1488	yVgNdPu.exe
1912	EafYmyI.exe
1952	aoCvcUk.exe
2904	bAAXQCu.exe
1168	SvqocCG.exe
1632	gThSMGF.exe
2620	iRVaHiL.exe
2348	nkWYumv.exe
2872	ZuZABAc.exe
2832	TKxhzZz.exe
1416	vZrqdOT.exe
708	eoYgGaN.exe
1028	NQOWKoe.exe
856	EQgIuGV.exe
1104	PyrBjuh.exe
2248	kBkvWCN.exe
2364	aIMPMAS.exe
2236	XGvjHaq.exe
2112	MbVBOCF.exe
1932	SuGezxf.exe
2420	GIBFNfY.exe
840	WbQMVVQ.exe
2528	ENiFaYj.exe
2508	CkIAiLJ.exe
952	ArLJdDt.exe
884	oiuHQZl.exe
1812	HpAPcgr.exe
2940	tqhCzue.exe
1544	qtqsfmv.exe
1752	iugnffC.exe
1728	ALwWKEQ.exe
1920	vzccnjL.exe
3000	BmjqjJZ.exe
2300	TPRIZun.exe
2100	nuinBfd.exe
2484	nQAqfcj.exe
2328	hlGOVuv.exe
2088	YKzTQfY.exe
996	ohpYWOJ.exe
2992	tmlQwbD.exe
1976	DpQrAgR.exe
1964	QzgiIcW.exe
1688	vJFkTwi.exe
2476	RUiuEvq.exe
2452	eNXEUeX.exe
1600	VoIFfOp.exe
1596	cdgsSIl.exe
2784	fvJMcUT.exe
2392	tabNJop.exe
2748	mjExbDP.exe
2668	yrCJxQu.exe
2588	WwtQkpO.exe
1532	wUxoSIU.exe
2572	aJSPByU.exe
2916	NBiWZVA.exe
2280	JoblxpC.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000a000000012280-3.dat	upx
behavioral1/memory/2708-21-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2752-23-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2780-20-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0007000000016c89-24.dat	upx
behavioral1/files/0x0008000000016890-15.dat	upx
behavioral1/files/0x000800000001660e-11.dat	upx
behavioral1/files/0x0007000000016ca0-30.dat	upx
behavioral1/files/0x00340000000162e4-59.dat	upx
behavioral1/files/0x0008000000017570-52.dat	upx
behavioral1/memory/2380-84-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000500000001871c-114.dat	upx
behavioral1/files/0x0006000000018d83-135.dat	upx
behavioral1/files/0x0005000000019261-165.dat	upx
behavioral1/files/0x0005000000019354-191.dat	upx
behavioral1/memory/1632-780-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1912-349-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00050000000192a1-186.dat	upx
behavioral1/files/0x0005000000019299-181.dat	upx
behavioral1/files/0x000500000001927a-176.dat	upx
behavioral1/files/0x0005000000019274-170.dat	upx
behavioral1/files/0x000500000001924f-161.dat	upx
behavioral1/files/0x0005000000019237-156.dat	upx
behavioral1/files/0x0005000000019203-151.dat	upx
behavioral1/files/0x0006000000019056-146.dat	upx
behavioral1/files/0x0006000000018fdf-141.dat	upx
behavioral1/files/0x0006000000018d7b-131.dat	upx
behavioral1/files/0x0006000000018be7-126.dat	upx
behavioral1/files/0x0005000000018745-121.dat	upx
behavioral1/files/0x000500000001870c-111.dat	upx
behavioral1/memory/2600-107-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2672-106-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x0005000000018706-103.dat	upx
behavioral1/memory/1632-98-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0005000000018697-96.dat	upx
behavioral1/memory/1168-93-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2904-86-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/1952-85-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x00060000000175f7-82.dat	upx
behavioral1/files/0x000d000000018683-89.dat	upx
behavioral1/memory/1912-79-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/1732-78-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/1488-76-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2548-74-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2596-71-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0009000000016cf0-70.dat	upx
behavioral1/files/0x00060000000175f1-65.dat	upx
behavioral1/files/0x0008000000016d22-64.dat	upx
behavioral1/files/0x0007000000016cab-48.dat	upx
behavioral1/memory/2600-46-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2672-29-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2780-2908-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2708-2906-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2752-2905-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2548-2983-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/1632-3003-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2672-3002-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1732-3000-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/1168-2999-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1952-2998-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2600-2997-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/1488-2996-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1912-2994-0x000000013F200000-0x000000013F554000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QOnuIsy.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXEahiM.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebUoCfr.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZADXsX.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixVOAIM.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWWpZxW.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKxhzZz.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPRIZun.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSRmfJi.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyAXIOS.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAdyDtG.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBlHXWm.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVEWTmS.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUKPghK.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMQAsfH.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsXXdpk.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gThSMGF.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVVfXeq.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTwiHTQ.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHNHWbQ.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyQaNWb.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WggyZWE.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BcNZmzo.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpIBkKZ.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMsDUsg.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRgMmls.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUcMhQm.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crGWvTA.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmjqjJZ.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIaNeSm.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzDoVZb.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOFbiJe.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QigVMhH.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeaTboz.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvbahxZ.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjYetmp.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWiORcg.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpQrAgR.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpwGNQG.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVzEcbf.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJYSMVv.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsTrtgs.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUXSomM.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdtgZox.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psZUbUL.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWMfhjc.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfMULJb.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKWxFLm.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVBgXUq.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiZhOHM.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjExbDP.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybSalTs.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfqCLEZ.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psoUOyK.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAMtqAV.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlUGplZ.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHiavml.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQuYDXA.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyFmGvo.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzyXUqY.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTdELKi.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYIJyui.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mirfndt.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYMPrqo.exe	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2752	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2752	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2752	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 2780	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2780	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2780	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2708	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2708	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2708	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2672	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2672	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2672	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2600	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2600	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2600	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2548	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2548	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2548	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2596	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2596	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2596	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 1912	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 1912	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 1912	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 1732	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 1732	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 1732	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 1952	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 1952	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 1952	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 1488	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 1488	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 1488	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2904	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2904	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2904	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 1168	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1168	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1168	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1632	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1632	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1632	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 2620	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2620	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2620	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 2348	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2348	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2348	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 2872	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2872	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2872	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 2832	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 2832	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 2832	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1416	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1416	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1416	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 708	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 708	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 708	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1028	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1028	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1028	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 856	2380	2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_86e898db70729fad9df367cb372e852d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\sJBoCUp.exe
  C:\Windows\System\sJBoCUp.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\DKyLZrl.exe
  C:\Windows\System\DKyLZrl.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\AQOXYwQ.exe
  C:\Windows\System\AQOXYwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\SIgDKMl.exe
  C:\Windows\System\SIgDKMl.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\omhOxfU.exe
  C:\Windows\System\omhOxfU.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\TXkulft.exe
  C:\Windows\System\TXkulft.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\Orgojug.exe
  C:\Windows\System\Orgojug.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\EafYmyI.exe
  C:\Windows\System\EafYmyI.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\DGzYtek.exe
  C:\Windows\System\DGzYtek.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\aoCvcUk.exe
  C:\Windows\System\aoCvcUk.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\yVgNdPu.exe
  C:\Windows\System\yVgNdPu.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\bAAXQCu.exe
  C:\Windows\System\bAAXQCu.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\SvqocCG.exe
  C:\Windows\System\SvqocCG.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\gThSMGF.exe
  C:\Windows\System\gThSMGF.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\iRVaHiL.exe
  C:\Windows\System\iRVaHiL.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\nkWYumv.exe
  C:\Windows\System\nkWYumv.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ZuZABAc.exe
  C:\Windows\System\ZuZABAc.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\TKxhzZz.exe
  C:\Windows\System\TKxhzZz.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\vZrqdOT.exe
  C:\Windows\System\vZrqdOT.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\eoYgGaN.exe
  C:\Windows\System\eoYgGaN.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\NQOWKoe.exe
  C:\Windows\System\NQOWKoe.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\EQgIuGV.exe
  C:\Windows\System\EQgIuGV.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\PyrBjuh.exe
  C:\Windows\System\PyrBjuh.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\kBkvWCN.exe
  C:\Windows\System\kBkvWCN.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\aIMPMAS.exe
  C:\Windows\System\aIMPMAS.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\XGvjHaq.exe
  C:\Windows\System\XGvjHaq.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\MbVBOCF.exe
  C:\Windows\System\MbVBOCF.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\SuGezxf.exe
  C:\Windows\System\SuGezxf.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\GIBFNfY.exe
  C:\Windows\System\GIBFNfY.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\WbQMVVQ.exe
  C:\Windows\System\WbQMVVQ.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\ENiFaYj.exe
  C:\Windows\System\ENiFaYj.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\CkIAiLJ.exe
  C:\Windows\System\CkIAiLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\ArLJdDt.exe
  C:\Windows\System\ArLJdDt.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\oiuHQZl.exe
  C:\Windows\System\oiuHQZl.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\HpAPcgr.exe
  C:\Windows\System\HpAPcgr.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\tqhCzue.exe
  C:\Windows\System\tqhCzue.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\qtqsfmv.exe
  C:\Windows\System\qtqsfmv.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\iugnffC.exe
  C:\Windows\System\iugnffC.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ALwWKEQ.exe
  C:\Windows\System\ALwWKEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\vzccnjL.exe
  C:\Windows\System\vzccnjL.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\BmjqjJZ.exe
  C:\Windows\System\BmjqjJZ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\TPRIZun.exe
  C:\Windows\System\TPRIZun.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\nuinBfd.exe
  C:\Windows\System\nuinBfd.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\nQAqfcj.exe
  C:\Windows\System\nQAqfcj.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\hlGOVuv.exe
  C:\Windows\System\hlGOVuv.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\YKzTQfY.exe
  C:\Windows\System\YKzTQfY.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ohpYWOJ.exe
  C:\Windows\System\ohpYWOJ.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\tmlQwbD.exe
  C:\Windows\System\tmlQwbD.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\DpQrAgR.exe
  C:\Windows\System\DpQrAgR.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\QzgiIcW.exe
  C:\Windows\System\QzgiIcW.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\vJFkTwi.exe
  C:\Windows\System\vJFkTwi.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\RUiuEvq.exe
  C:\Windows\System\RUiuEvq.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\eNXEUeX.exe
  C:\Windows\System\eNXEUeX.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\VoIFfOp.exe
  C:\Windows\System\VoIFfOp.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\cdgsSIl.exe
  C:\Windows\System\cdgsSIl.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\fvJMcUT.exe
  C:\Windows\System\fvJMcUT.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\tabNJop.exe
  C:\Windows\System\tabNJop.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\mjExbDP.exe
  C:\Windows\System\mjExbDP.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\yrCJxQu.exe
  C:\Windows\System\yrCJxQu.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\WwtQkpO.exe
  C:\Windows\System\WwtQkpO.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\wUxoSIU.exe
  C:\Windows\System\wUxoSIU.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\aJSPByU.exe
  C:\Windows\System\aJSPByU.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\NBiWZVA.exe
  C:\Windows\System\NBiWZVA.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\apqboTb.exe
  C:\Windows\System\apqboTb.exe
  2⤵
  PID:2052
- C:\Windows\System\JoblxpC.exe
  C:\Windows\System\JoblxpC.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\axJCOfM.exe
  C:\Windows\System\axJCOfM.exe
  2⤵
  PID:1524
- C:\Windows\System\GfCqKga.exe
  C:\Windows\System\GfCqKga.exe
  2⤵
  PID:1548
- C:\Windows\System\JIfLtNP.exe
  C:\Windows\System\JIfLtNP.exe
  2⤵
  PID:660
- C:\Windows\System\ACrBzhT.exe
  C:\Windows\System\ACrBzhT.exe
  2⤵
  PID:2972
- C:\Windows\System\rBCotaf.exe
  C:\Windows\System\rBCotaf.exe
  2⤵
  PID:1140
- C:\Windows\System\XJhNsBn.exe
  C:\Windows\System\XJhNsBn.exe
  2⤵
  PID:572
- C:\Windows\System\AdICAOe.exe
  C:\Windows\System\AdICAOe.exe
  2⤵
  PID:2212
- C:\Windows\System\hSWROUq.exe
  C:\Windows\System\hSWROUq.exe
  2⤵
  PID:2128
- C:\Windows\System\wEBpiyv.exe
  C:\Windows\System\wEBpiyv.exe
  2⤵
  PID:2176
- C:\Windows\System\CuPEWGO.exe
  C:\Windows\System\CuPEWGO.exe
  2⤵
  PID:1320
- C:\Windows\System\jmsOhKs.exe
  C:\Windows\System\jmsOhKs.exe
  2⤵
  PID:1324
- C:\Windows\System\DgHHoyW.exe
  C:\Windows\System\DgHHoyW.exe
  2⤵
  PID:784
- C:\Windows\System\ExEwxRN.exe
  C:\Windows\System\ExEwxRN.exe
  2⤵
  PID:2092
- C:\Windows\System\CyomYcc.exe
  C:\Windows\System\CyomYcc.exe
  2⤵
  PID:2396
- C:\Windows\System\UMBopaK.exe
  C:\Windows\System\UMBopaK.exe
  2⤵
  PID:1864
- C:\Windows\System\smCQRVv.exe
  C:\Windows\System\smCQRVv.exe
  2⤵
  PID:356
- C:\Windows\System\TWqchOP.exe
  C:\Windows\System\TWqchOP.exe
  2⤵
  PID:2204
- C:\Windows\System\AvSDxNO.exe
  C:\Windows\System\AvSDxNO.exe
  2⤵
  PID:2000
- C:\Windows\System\WeUZIti.exe
  C:\Windows\System\WeUZIti.exe
  2⤵
  PID:3008
- C:\Windows\System\RHxpaGb.exe
  C:\Windows\System\RHxpaGb.exe
  2⤵
  PID:1652
- C:\Windows\System\eCRCfdA.exe
  C:\Windows\System\eCRCfdA.exe
  2⤵
  PID:1692
- C:\Windows\System\MxHjmTG.exe
  C:\Windows\System\MxHjmTG.exe
  2⤵
  PID:1980
- C:\Windows\System\ipWEsbj.exe
  C:\Windows\System\ipWEsbj.exe
  2⤵
  PID:1564
- C:\Windows\System\MCzIcYu.exe
  C:\Windows\System\MCzIcYu.exe
  2⤵
  PID:1592
- C:\Windows\System\zcxOdCK.exe
  C:\Windows\System\zcxOdCK.exe
  2⤵
  PID:2728
- C:\Windows\System\KjfKMXy.exe
  C:\Windows\System\KjfKMXy.exe
  2⤵
  PID:2688
- C:\Windows\System\hqWpyaP.exe
  C:\Windows\System\hqWpyaP.exe
  2⤵
  PID:2892
- C:\Windows\System\IWnUswp.exe
  C:\Windows\System\IWnUswp.exe
  2⤵
  PID:3028
- C:\Windows\System\mmCnklb.exe
  C:\Windows\System\mmCnklb.exe
  2⤵
  PID:3048
- C:\Windows\System\HVAlQXy.exe
  C:\Windows\System\HVAlQXy.exe
  2⤵
  PID:2876
- C:\Windows\System\iErcsXL.exe
  C:\Windows\System\iErcsXL.exe
  2⤵
  PID:2868
- C:\Windows\System\YtpHMzI.exe
  C:\Windows\System\YtpHMzI.exe
  2⤵
  PID:2012
- C:\Windows\System\MEKgXZK.exe
  C:\Windows\System\MEKgXZK.exe
  2⤵
  PID:2268
- C:\Windows\System\ZQoVDQT.exe
  C:\Windows\System\ZQoVDQT.exe
  2⤵
  PID:1160
- C:\Windows\System\jRrnybQ.exe
  C:\Windows\System\jRrnybQ.exe
  2⤵
  PID:876
- C:\Windows\System\wWHgwHd.exe
  C:\Windows\System\wWHgwHd.exe
  2⤵
  PID:908
- C:\Windows\System\hfOXrsU.exe
  C:\Windows\System\hfOXrsU.exe
  2⤵
  PID:2152
- C:\Windows\System\zROOZZx.exe
  C:\Windows\System\zROOZZx.exe
  2⤵
  PID:1368
- C:\Windows\System\oKqQmvO.exe
  C:\Windows\System\oKqQmvO.exe
  2⤵
  PID:616
- C:\Windows\System\EjMfiRl.exe
  C:\Windows\System\EjMfiRl.exe
  2⤵
  PID:2412
- C:\Windows\System\XVnGybm.exe
  C:\Windows\System\XVnGybm.exe
  2⤵
  PID:3068
- C:\Windows\System\hSUPNwJ.exe
  C:\Windows\System\hSUPNwJ.exe
  2⤵
  PID:2344
- C:\Windows\System\HbJPCuX.exe
  C:\Windows\System\HbJPCuX.exe
  2⤵
  PID:3088
- C:\Windows\System\JyAvZGZ.exe
  C:\Windows\System\JyAvZGZ.exe
  2⤵
  PID:3108
- C:\Windows\System\hEbdcTz.exe
  C:\Windows\System\hEbdcTz.exe
  2⤵
  PID:3128
- C:\Windows\System\IsgJsMK.exe
  C:\Windows\System\IsgJsMK.exe
  2⤵
  PID:3148
- C:\Windows\System\DIaNeSm.exe
  C:\Windows\System\DIaNeSm.exe
  2⤵
  PID:3168
- C:\Windows\System\psIVMBI.exe
  C:\Windows\System\psIVMBI.exe
  2⤵
  PID:3184
- C:\Windows\System\JyaceHv.exe
  C:\Windows\System\JyaceHv.exe
  2⤵
  PID:3208
- C:\Windows\System\IvskMob.exe
  C:\Windows\System\IvskMob.exe
  2⤵
  PID:3224
- C:\Windows\System\PFxFyiv.exe
  C:\Windows\System\PFxFyiv.exe
  2⤵
  PID:3248
- C:\Windows\System\gaMPfDM.exe
  C:\Windows\System\gaMPfDM.exe
  2⤵
  PID:3268
- C:\Windows\System\TBdQURM.exe
  C:\Windows\System\TBdQURM.exe
  2⤵
  PID:3292
- C:\Windows\System\etmJzjZ.exe
  C:\Windows\System\etmJzjZ.exe
  2⤵
  PID:3308
- C:\Windows\System\RfkIXCS.exe
  C:\Windows\System\RfkIXCS.exe
  2⤵
  PID:3328
- C:\Windows\System\fUISOiI.exe
  C:\Windows\System\fUISOiI.exe
  2⤵
  PID:3352
- C:\Windows\System\IjpVsFb.exe
  C:\Windows\System\IjpVsFb.exe
  2⤵
  PID:3376
- C:\Windows\System\nIuzqoP.exe
  C:\Windows\System\nIuzqoP.exe
  2⤵
  PID:3396
- C:\Windows\System\uYuOlQx.exe
  C:\Windows\System\uYuOlQx.exe
  2⤵
  PID:3416
- C:\Windows\System\RmMJiOa.exe
  C:\Windows\System\RmMJiOa.exe
  2⤵
  PID:3432
- C:\Windows\System\yRyNKwF.exe
  C:\Windows\System\yRyNKwF.exe
  2⤵
  PID:3452
- C:\Windows\System\bVkaogU.exe
  C:\Windows\System\bVkaogU.exe
  2⤵
  PID:3472
- C:\Windows\System\RaMLtKk.exe
  C:\Windows\System\RaMLtKk.exe
  2⤵
  PID:3496
- C:\Windows\System\ApEocRR.exe
  C:\Windows\System\ApEocRR.exe
  2⤵
  PID:3512
- C:\Windows\System\CbCimcP.exe
  C:\Windows\System\CbCimcP.exe
  2⤵
  PID:3536
- C:\Windows\System\dBiWvly.exe
  C:\Windows\System\dBiWvly.exe
  2⤵
  PID:3556
- C:\Windows\System\qtduAVV.exe
  C:\Windows\System\qtduAVV.exe
  2⤵
  PID:3576
- C:\Windows\System\jZyNGEt.exe
  C:\Windows\System\jZyNGEt.exe
  2⤵
  PID:3592
- C:\Windows\System\tgcRpjR.exe
  C:\Windows\System\tgcRpjR.exe
  2⤵
  PID:3616
- C:\Windows\System\jIsBmoj.exe
  C:\Windows\System\jIsBmoj.exe
  2⤵
  PID:3636
- C:\Windows\System\RkWMoSr.exe
  C:\Windows\System\RkWMoSr.exe
  2⤵
  PID:3656
- C:\Windows\System\mMYcoay.exe
  C:\Windows\System\mMYcoay.exe
  2⤵
  PID:3676
- C:\Windows\System\aXeAdVZ.exe
  C:\Windows\System\aXeAdVZ.exe
  2⤵
  PID:3696
- C:\Windows\System\DkIlCme.exe
  C:\Windows\System\DkIlCme.exe
  2⤵
  PID:3712
- C:\Windows\System\RnfrCZe.exe
  C:\Windows\System\RnfrCZe.exe
  2⤵
  PID:3732
- C:\Windows\System\TZdfxTW.exe
  C:\Windows\System\TZdfxTW.exe
  2⤵
  PID:3756
- C:\Windows\System\SUNFnTL.exe
  C:\Windows\System\SUNFnTL.exe
  2⤵
  PID:3776
- C:\Windows\System\NIDcWqz.exe
  C:\Windows\System\NIDcWqz.exe
  2⤵
  PID:3792
- C:\Windows\System\QsVZKMV.exe
  C:\Windows\System\QsVZKMV.exe
  2⤵
  PID:3812
- C:\Windows\System\ybSalTs.exe
  C:\Windows\System\ybSalTs.exe
  2⤵
  PID:3836
- C:\Windows\System\QRQMshp.exe
  C:\Windows\System\QRQMshp.exe
  2⤵
  PID:3856
- C:\Windows\System\uAyGfac.exe
  C:\Windows\System\uAyGfac.exe
  2⤵
  PID:3876
- C:\Windows\System\MmLKCts.exe
  C:\Windows\System\MmLKCts.exe
  2⤵
  PID:3896
- C:\Windows\System\JeMZAOg.exe
  C:\Windows\System\JeMZAOg.exe
  2⤵
  PID:3916
- C:\Windows\System\nOFbUHn.exe
  C:\Windows\System\nOFbUHn.exe
  2⤵
  PID:3936
- C:\Windows\System\PxDfpIF.exe
  C:\Windows\System\PxDfpIF.exe
  2⤵
  PID:3952
- C:\Windows\System\UZqTklI.exe
  C:\Windows\System\UZqTklI.exe
  2⤵
  PID:3972
- C:\Windows\System\jddNjHw.exe
  C:\Windows\System\jddNjHw.exe
  2⤵
  PID:3992
- C:\Windows\System\jpwGNQG.exe
  C:\Windows\System\jpwGNQG.exe
  2⤵
  PID:4016
- C:\Windows\System\QuiDoav.exe
  C:\Windows\System\QuiDoav.exe
  2⤵
  PID:4032
- C:\Windows\System\KXcnxjP.exe
  C:\Windows\System\KXcnxjP.exe
  2⤵
  PID:4056
- C:\Windows\System\FgvMlbg.exe
  C:\Windows\System\FgvMlbg.exe
  2⤵
  PID:4072
- C:\Windows\System\bPjdzRP.exe
  C:\Windows\System\bPjdzRP.exe
  2⤵
  PID:2472
- C:\Windows\System\MoOPLmR.exe
  C:\Windows\System\MoOPLmR.exe
  2⤵
  PID:1588
- C:\Windows\System\PEsQIBo.exe
  C:\Windows\System\PEsQIBo.exe
  2⤵
  PID:2756
- C:\Windows\System\KZRrAsX.exe
  C:\Windows\System\KZRrAsX.exe
  2⤵
  PID:2700
- C:\Windows\System\QOnuIsy.exe
  C:\Windows\System\QOnuIsy.exe
  2⤵
  PID:2592
- C:\Windows\System\AOlfxvl.exe
  C:\Windows\System\AOlfxvl.exe
  2⤵
  PID:812
- C:\Windows\System\DpdPFzP.exe
  C:\Windows\System\DpdPFzP.exe
  2⤵
  PID:484
- C:\Windows\System\aDVxOtW.exe
  C:\Windows\System\aDVxOtW.exe
  2⤵
  PID:2536
- C:\Windows\System\WBTyneK.exe
  C:\Windows\System\WBTyneK.exe
  2⤵
  PID:2968
- C:\Windows\System\gtHxhiI.exe
  C:\Windows\System\gtHxhiI.exe
  2⤵
  PID:2036
- C:\Windows\System\dFhdDcN.exe
  C:\Windows\System\dFhdDcN.exe
  2⤵
  PID:1608
- C:\Windows\System\hizyOoP.exe
  C:\Windows\System\hizyOoP.exe
  2⤵
  PID:1312
- C:\Windows\System\TGDxUQc.exe
  C:\Windows\System\TGDxUQc.exe
  2⤵
  PID:1000
- C:\Windows\System\XZrMAHJ.exe
  C:\Windows\System\XZrMAHJ.exe
  2⤵
  PID:3080
- C:\Windows\System\iEqPhCQ.exe
  C:\Windows\System\iEqPhCQ.exe
  2⤵
  PID:3100
- C:\Windows\System\eDTdQpL.exe
  C:\Windows\System\eDTdQpL.exe
  2⤵
  PID:3096
- C:\Windows\System\ZFKlTXo.exe
  C:\Windows\System\ZFKlTXo.exe
  2⤵
  PID:3196
- C:\Windows\System\SRuRpON.exe
  C:\Windows\System\SRuRpON.exe
  2⤵
  PID:3136
- C:\Windows\System\CZJeGLr.exe
  C:\Windows\System\CZJeGLr.exe
  2⤵
  PID:3216
- C:\Windows\System\OgTZoCR.exe
  C:\Windows\System\OgTZoCR.exe
  2⤵
  PID:3260
- C:\Windows\System\GmMerSH.exe
  C:\Windows\System\GmMerSH.exe
  2⤵
  PID:3324
- C:\Windows\System\iUNIbub.exe
  C:\Windows\System\iUNIbub.exe
  2⤵
  PID:3368
- C:\Windows\System\Ykwzglq.exe
  C:\Windows\System\Ykwzglq.exe
  2⤵
  PID:3348
- C:\Windows\System\GzuDsyk.exe
  C:\Windows\System\GzuDsyk.exe
  2⤵
  PID:3412
- C:\Windows\System\WgxWNoY.exe
  C:\Windows\System\WgxWNoY.exe
  2⤵
  PID:3480
- C:\Windows\System\junpFJC.exe
  C:\Windows\System\junpFJC.exe
  2⤵
  PID:3464
- C:\Windows\System\aLkdANV.exe
  C:\Windows\System\aLkdANV.exe
  2⤵
  PID:3528
- C:\Windows\System\ohHVMTk.exe
  C:\Windows\System\ohHVMTk.exe
  2⤵
  PID:3460
- C:\Windows\System\eaLJPFu.exe
  C:\Windows\System\eaLJPFu.exe
  2⤵
  PID:3552
- C:\Windows\System\TVYgVtv.exe
  C:\Windows\System\TVYgVtv.exe
  2⤵
  PID:3612
- C:\Windows\System\FfufWHY.exe
  C:\Windows\System\FfufWHY.exe
  2⤵
  PID:3588
- C:\Windows\System\DDQPpaT.exe
  C:\Windows\System\DDQPpaT.exe
  2⤵
  PID:3664
- C:\Windows\System\FrVKMtM.exe
  C:\Windows\System\FrVKMtM.exe
  2⤵
  PID:3720
- C:\Windows\System\vyFmGvo.exe
  C:\Windows\System\vyFmGvo.exe
  2⤵
  PID:3708
- C:\Windows\System\AcPHojN.exe
  C:\Windows\System\AcPHojN.exe
  2⤵
  PID:3808
- C:\Windows\System\mYgtsCl.exe
  C:\Windows\System\mYgtsCl.exe
  2⤵
  PID:3748
- C:\Windows\System\GtoGpgV.exe
  C:\Windows\System\GtoGpgV.exe
  2⤵
  PID:3884
- C:\Windows\System\LHUDlwS.exe
  C:\Windows\System\LHUDlwS.exe
  2⤵
  PID:3784
- C:\Windows\System\SlHTLdl.exe
  C:\Windows\System\SlHTLdl.exe
  2⤵
  PID:3868
- C:\Windows\System\PkLasNq.exe
  C:\Windows\System\PkLasNq.exe
  2⤵
  PID:3928
- C:\Windows\System\BBYphVM.exe
  C:\Windows\System\BBYphVM.exe
  2⤵
  PID:3964
- C:\Windows\System\pMHfXCc.exe
  C:\Windows\System\pMHfXCc.exe
  2⤵
  PID:4012
- C:\Windows\System\mvCPbxU.exe
  C:\Windows\System\mvCPbxU.exe
  2⤵
  PID:4052
- C:\Windows\System\MAGjBDK.exe
  C:\Windows\System\MAGjBDK.exe
  2⤵
  PID:3980
- C:\Windows\System\gqMHPFH.exe
  C:\Windows\System\gqMHPFH.exe
  2⤵
  PID:4084
- C:\Windows\System\LBqGTIx.exe
  C:\Windows\System\LBqGTIx.exe
  2⤵
  PID:4068
- C:\Windows\System\ksBqbDi.exe
  C:\Windows\System\ksBqbDi.exe
  2⤵
  PID:2676
- C:\Windows\System\gBdXBjF.exe
  C:\Windows\System\gBdXBjF.exe
  2⤵
  PID:2692
- C:\Windows\System\iJiIoUW.exe
  C:\Windows\System\iJiIoUW.exe
  2⤵
  PID:2560
- C:\Windows\System\ivxxTUS.exe
  C:\Windows\System\ivxxTUS.exe
  2⤵
  PID:1004
- C:\Windows\System\lvzmyXa.exe
  C:\Windows\System\lvzmyXa.exe
  2⤵
  PID:776
- C:\Windows\System\mTFYycB.exe
  C:\Windows\System\mTFYycB.exe
  2⤵
  PID:3060
- C:\Windows\System\pcHZyeT.exe
  C:\Windows\System\pcHZyeT.exe
  2⤵
  PID:2816
- C:\Windows\System\MWXAzkK.exe
  C:\Windows\System\MWXAzkK.exe
  2⤵
  PID:3192
- C:\Windows\System\wAxJEEi.exe
  C:\Windows\System\wAxJEEi.exe
  2⤵
  PID:3204
- C:\Windows\System\NVJVAcr.exe
  C:\Windows\System\NVJVAcr.exe
  2⤵
  PID:3240
- C:\Windows\System\ZXEahiM.exe
  C:\Windows\System\ZXEahiM.exe
  2⤵
  PID:3256
- C:\Windows\System\tbJiVAk.exe
  C:\Windows\System\tbJiVAk.exe
  2⤵
  PID:3288
- C:\Windows\System\NxTOqlg.exe
  C:\Windows\System\NxTOqlg.exe
  2⤵
  PID:3440
- C:\Windows\System\NyeEjvT.exe
  C:\Windows\System\NyeEjvT.exe
  2⤵
  PID:3448
- C:\Windows\System\ziEqbTI.exe
  C:\Windows\System\ziEqbTI.exe
  2⤵
  PID:3524
- C:\Windows\System\PluaueT.exe
  C:\Windows\System\PluaueT.exe
  2⤵
  PID:3340
- C:\Windows\System\tjefEkR.exe
  C:\Windows\System\tjefEkR.exe
  2⤵
  PID:3648
- C:\Windows\System\bVzEcbf.exe
  C:\Windows\System\bVzEcbf.exe
  2⤵
  PID:3632
- C:\Windows\System\vNIprxw.exe
  C:\Windows\System\vNIprxw.exe
  2⤵
  PID:3800
- C:\Windows\System\IImbigC.exe
  C:\Windows\System\IImbigC.exe
  2⤵
  PID:3724
- C:\Windows\System\wTNUaBE.exe
  C:\Windows\System\wTNUaBE.exe
  2⤵
  PID:3848
- C:\Windows\System\XWdOPkA.exe
  C:\Windows\System\XWdOPkA.exe
  2⤵
  PID:3960
- C:\Windows\System\UYxtjkW.exe
  C:\Windows\System\UYxtjkW.exe
  2⤵
  PID:3908
- C:\Windows\System\TUsiYeC.exe
  C:\Windows\System\TUsiYeC.exe
  2⤵
  PID:3932
- C:\Windows\System\SQCKgnP.exe
  C:\Windows\System\SQCKgnP.exe
  2⤵
  PID:4088
- C:\Windows\System\EnwOflj.exe
  C:\Windows\System\EnwOflj.exe
  2⤵
  PID:2948
- C:\Windows\System\GlXjHzy.exe
  C:\Windows\System\GlXjHzy.exe
  2⤵
  PID:3744
- C:\Windows\System\bWjToWz.exe
  C:\Windows\System\bWjToWz.exe
  2⤵
  PID:956
- C:\Windows\System\ybBmfcn.exe
  C:\Windows\System\ybBmfcn.exe
  2⤵
  PID:4108
- C:\Windows\System\xiyXmjK.exe
  C:\Windows\System\xiyXmjK.exe
  2⤵
  PID:4124
- C:\Windows\System\HfnRJAF.exe
  C:\Windows\System\HfnRJAF.exe
  2⤵
  PID:4156
- C:\Windows\System\WnApYUz.exe
  C:\Windows\System\WnApYUz.exe
  2⤵
  PID:4180
- C:\Windows\System\znhKEnW.exe
  C:\Windows\System\znhKEnW.exe
  2⤵
  PID:4200
- C:\Windows\System\yzDoVZb.exe
  C:\Windows\System\yzDoVZb.exe
  2⤵
  PID:4220
- C:\Windows\System\yagESeR.exe
  C:\Windows\System\yagESeR.exe
  2⤵
  PID:4240
- C:\Windows\System\yrjTvsB.exe
  C:\Windows\System\yrjTvsB.exe
  2⤵
  PID:4256
- C:\Windows\System\tiNvFxx.exe
  C:\Windows\System\tiNvFxx.exe
  2⤵
  PID:4280
- C:\Windows\System\xCCztfb.exe
  C:\Windows\System\xCCztfb.exe
  2⤵
  PID:4296
- C:\Windows\System\jgPNZwb.exe
  C:\Windows\System\jgPNZwb.exe
  2⤵
  PID:4312
- C:\Windows\System\glzCIpC.exe
  C:\Windows\System\glzCIpC.exe
  2⤵
  PID:4332
- C:\Windows\System\HJyUHQR.exe
  C:\Windows\System\HJyUHQR.exe
  2⤵
  PID:4352
- C:\Windows\System\IjunsXb.exe
  C:\Windows\System\IjunsXb.exe
  2⤵
  PID:4372
- C:\Windows\System\oEkzCiS.exe
  C:\Windows\System\oEkzCiS.exe
  2⤵
  PID:4396
- C:\Windows\System\NtfLuLg.exe
  C:\Windows\System\NtfLuLg.exe
  2⤵
  PID:4412
- C:\Windows\System\lOFbiJe.exe
  C:\Windows\System\lOFbiJe.exe
  2⤵
  PID:4440
- C:\Windows\System\TSigmJd.exe
  C:\Windows\System\TSigmJd.exe
  2⤵
  PID:4460
- C:\Windows\System\QhGiMnw.exe
  C:\Windows\System\QhGiMnw.exe
  2⤵
  PID:4480
- C:\Windows\System\siOLyoG.exe
  C:\Windows\System\siOLyoG.exe
  2⤵
  PID:4496
- C:\Windows\System\ZXFGLSY.exe
  C:\Windows\System\ZXFGLSY.exe
  2⤵
  PID:4520
- C:\Windows\System\RMdmhLE.exe
  C:\Windows\System\RMdmhLE.exe
  2⤵
  PID:4540
- C:\Windows\System\ueLpJXP.exe
  C:\Windows\System\ueLpJXP.exe
  2⤵
  PID:4560
- C:\Windows\System\eFFMxFt.exe
  C:\Windows\System\eFFMxFt.exe
  2⤵
  PID:4576
- C:\Windows\System\WZjAFKh.exe
  C:\Windows\System\WZjAFKh.exe
  2⤵
  PID:4600
- C:\Windows\System\FwMyflP.exe
  C:\Windows\System\FwMyflP.exe
  2⤵
  PID:4620
- C:\Windows\System\SraDFYa.exe
  C:\Windows\System\SraDFYa.exe
  2⤵
  PID:4640
- C:\Windows\System\KNcQytp.exe
  C:\Windows\System\KNcQytp.exe
  2⤵
  PID:4656
- C:\Windows\System\XGPXKph.exe
  C:\Windows\System\XGPXKph.exe
  2⤵
  PID:4672
- C:\Windows\System\IeQQgoC.exe
  C:\Windows\System\IeQQgoC.exe
  2⤵
  PID:4692
- C:\Windows\System\YcYIxCp.exe
  C:\Windows\System\YcYIxCp.exe
  2⤵
  PID:4716
- C:\Windows\System\lDFoIYq.exe
  C:\Windows\System\lDFoIYq.exe
  2⤵
  PID:4732
- C:\Windows\System\ThKjrRH.exe
  C:\Windows\System\ThKjrRH.exe
  2⤵
  PID:4756
- C:\Windows\System\AViLzEQ.exe
  C:\Windows\System\AViLzEQ.exe
  2⤵
  PID:4776
- C:\Windows\System\nVcjWUT.exe
  C:\Windows\System\nVcjWUT.exe
  2⤵
  PID:4800
- C:\Windows\System\otNHDYf.exe
  C:\Windows\System\otNHDYf.exe
  2⤵
  PID:4816
- C:\Windows\System\WICgAau.exe
  C:\Windows\System\WICgAau.exe
  2⤵
  PID:4840
- C:\Windows\System\hdZUXbk.exe
  C:\Windows\System\hdZUXbk.exe
  2⤵
  PID:4860
- C:\Windows\System\QgiuFyZ.exe
  C:\Windows\System\QgiuFyZ.exe
  2⤵
  PID:4884
- C:\Windows\System\BwutltT.exe
  C:\Windows\System\BwutltT.exe
  2⤵
  PID:4900
- C:\Windows\System\melwPsX.exe
  C:\Windows\System\melwPsX.exe
  2⤵
  PID:4924
- C:\Windows\System\szXQWpj.exe
  C:\Windows\System\szXQWpj.exe
  2⤵
  PID:4940
- C:\Windows\System\eujeKAD.exe
  C:\Windows\System\eujeKAD.exe
  2⤵
  PID:4964
- C:\Windows\System\SKFkREn.exe
  C:\Windows\System\SKFkREn.exe
  2⤵
  PID:4988
- C:\Windows\System\qDKTjaO.exe
  C:\Windows\System\qDKTjaO.exe
  2⤵
  PID:5008
- C:\Windows\System\tjTVLLG.exe
  C:\Windows\System\tjTVLLG.exe
  2⤵
  PID:5024
- C:\Windows\System\SuLtakW.exe
  C:\Windows\System\SuLtakW.exe
  2⤵
  PID:5044
- C:\Windows\System\AXfowUU.exe
  C:\Windows\System\AXfowUU.exe
  2⤵
  PID:5064
- C:\Windows\System\ssVeWCv.exe
  C:\Windows\System\ssVeWCv.exe
  2⤵
  PID:5084
- C:\Windows\System\ldjVfhH.exe
  C:\Windows\System\ldjVfhH.exe
  2⤵
  PID:5104
- C:\Windows\System\sHurzDp.exe
  C:\Windows\System\sHurzDp.exe
  2⤵
  PID:1572
- C:\Windows\System\yXTgKYi.exe
  C:\Windows\System\yXTgKYi.exe
  2⤵
  PID:1636
- C:\Windows\System\vMvSHYo.exe
  C:\Windows\System\vMvSHYo.exe
  2⤵
  PID:3012
- C:\Windows\System\xSFNSuV.exe
  C:\Windows\System\xSFNSuV.exe
  2⤵
  PID:916
- C:\Windows\System\BNPbqcK.exe
  C:\Windows\System\BNPbqcK.exe
  2⤵
  PID:3164
- C:\Windows\System\tluCgHg.exe
  C:\Windows\System\tluCgHg.exe
  2⤵
  PID:3120
- C:\Windows\System\kGoViiH.exe
  C:\Windows\System\kGoViiH.exe
  2⤵
  PID:3424
- C:\Windows\System\tmYgLrW.exe
  C:\Windows\System\tmYgLrW.exe
  2⤵
  PID:3672
- C:\Windows\System\QxARtVA.exe
  C:\Windows\System\QxARtVA.exe
  2⤵
  PID:3336
- C:\Windows\System\KmTmWUL.exe
  C:\Windows\System\KmTmWUL.exe
  2⤵
  PID:3788
- C:\Windows\System\mzyXUqY.exe
  C:\Windows\System\mzyXUqY.exe
  2⤵
  PID:3508
- C:\Windows\System\ebUoCfr.exe
  C:\Windows\System\ebUoCfr.exe
  2⤵
  PID:3968
- C:\Windows\System\jCTTXIP.exe
  C:\Windows\System\jCTTXIP.exe
  2⤵
  PID:3864
- C:\Windows\System\cZrzYKQ.exe
  C:\Windows\System\cZrzYKQ.exe
  2⤵
  PID:2288
- C:\Windows\System\zNeQkUQ.exe
  C:\Windows\System\zNeQkUQ.exe
  2⤵
  PID:4140
- C:\Windows\System\GEJDKey.exe
  C:\Windows\System\GEJDKey.exe
  2⤵
  PID:4152
- C:\Windows\System\vopZIBV.exe
  C:\Windows\System\vopZIBV.exe
  2⤵
  PID:3984
- C:\Windows\System\NetXTSp.exe
  C:\Windows\System\NetXTSp.exe
  2⤵
  PID:4120
- C:\Windows\System\CDIQTLl.exe
  C:\Windows\System\CDIQTLl.exe
  2⤵
  PID:4168
- C:\Windows\System\vDAToiz.exe
  C:\Windows\System\vDAToiz.exe
  2⤵
  PID:4268
- C:\Windows\System\RqKFCOT.exe
  C:\Windows\System\RqKFCOT.exe
  2⤵
  PID:4304
- C:\Windows\System\gXcsBdj.exe
  C:\Windows\System\gXcsBdj.exe
  2⤵
  PID:4344
- C:\Windows\System\QfiWtNJ.exe
  C:\Windows\System\QfiWtNJ.exe
  2⤵
  PID:4384
- C:\Windows\System\uWohKAq.exe
  C:\Windows\System\uWohKAq.exe
  2⤵
  PID:4252
- C:\Windows\System\sicBqHx.exe
  C:\Windows\System\sicBqHx.exe
  2⤵
  PID:4324
- C:\Windows\System\WNODLhY.exe
  C:\Windows\System\WNODLhY.exe
  2⤵
  PID:4328
- C:\Windows\System\ATPPBSa.exe
  C:\Windows\System\ATPPBSa.exe
  2⤵
  PID:4516
- C:\Windows\System\GnOIVxB.exe
  C:\Windows\System\GnOIVxB.exe
  2⤵
  PID:4408
- C:\Windows\System\MqiPrPQ.exe
  C:\Windows\System\MqiPrPQ.exe
  2⤵
  PID:4592
- C:\Windows\System\ulKwYJv.exe
  C:\Windows\System\ulKwYJv.exe
  2⤵
  PID:4488
- C:\Windows\System\HpwZwXL.exe
  C:\Windows\System\HpwZwXL.exe
  2⤵
  PID:4664
- C:\Windows\System\QigVMhH.exe
  C:\Windows\System\QigVMhH.exe
  2⤵
  PID:4704
- C:\Windows\System\ePibkbl.exe
  C:\Windows\System\ePibkbl.exe
  2⤵
  PID:4616
- C:\Windows\System\JOeaKll.exe
  C:\Windows\System\JOeaKll.exe
  2⤵
  PID:4748
- C:\Windows\System\YdggscV.exe
  C:\Windows\System\YdggscV.exe
  2⤵
  PID:4792
- C:\Windows\System\rNzJrmD.exe
  C:\Windows\System\rNzJrmD.exe
  2⤵
  PID:4836
- C:\Windows\System\MLwbicQ.exe
  C:\Windows\System\MLwbicQ.exe
  2⤵
  PID:4872
- C:\Windows\System\TFVUkjU.exe
  C:\Windows\System\TFVUkjU.exe
  2⤵
  PID:4768
- C:\Windows\System\lmVlgyU.exe
  C:\Windows\System\lmVlgyU.exe
  2⤵
  PID:4852
- C:\Windows\System\TCqdbZh.exe
  C:\Windows\System\TCqdbZh.exe
  2⤵
  PID:4920
- C:\Windows\System\yAONLnu.exe
  C:\Windows\System\yAONLnu.exe
  2⤵
  PID:4952
- C:\Windows\System\JDEKdDj.exe
  C:\Windows\System\JDEKdDj.exe
  2⤵
  PID:5032
- C:\Windows\System\vErSWkT.exe
  C:\Windows\System\vErSWkT.exe
  2⤵
  PID:5076
- C:\Windows\System\ccPyetJ.exe
  C:\Windows\System\ccPyetJ.exe
  2⤵
  PID:4932
- C:\Windows\System\IgXhpSm.exe
  C:\Windows\System\IgXhpSm.exe
  2⤵
  PID:5112
- C:\Windows\System\TCSMqKq.exe
  C:\Windows\System\TCSMqKq.exe
  2⤵
  PID:2520
- C:\Windows\System\wLgDKWy.exe
  C:\Windows\System\wLgDKWy.exe
  2⤵
  PID:3180
- C:\Windows\System\jIqjBZu.exe
  C:\Windows\System\jIqjBZu.exe
  2⤵
  PID:5052
- C:\Windows\System\JAovEQr.exe
  C:\Windows\System\JAovEQr.exe
  2⤵
  PID:3444
- C:\Windows\System\VtJalRQ.exe
  C:\Windows\System\VtJalRQ.exe
  2⤵
  PID:3116
- C:\Windows\System\fxGdJTc.exe
  C:\Windows\System\fxGdJTc.exe
  2⤵
  PID:3220
- C:\Windows\System\OljZPqt.exe
  C:\Windows\System\OljZPqt.exe
  2⤵
  PID:3564
- C:\Windows\System\hAZrjma.exe
  C:\Windows\System\hAZrjma.exe
  2⤵
  PID:3764
- C:\Windows\System\KDaPvmh.exe
  C:\Windows\System\KDaPvmh.exe
  2⤵
  PID:4132
- C:\Windows\System\LBlHXWm.exe
  C:\Windows\System\LBlHXWm.exe
  2⤵
  PID:4196
- C:\Windows\System\weMiftD.exe
  C:\Windows\System\weMiftD.exe
  2⤵
  PID:4380
- C:\Windows\System\vcMcowb.exe
  C:\Windows\System\vcMcowb.exe
  2⤵
  PID:2932
- C:\Windows\System\AbhECJq.exe
  C:\Windows\System\AbhECJq.exe
  2⤵
  PID:4420
- C:\Windows\System\aJPrpkM.exe
  C:\Windows\System\aJPrpkM.exe
  2⤵
  PID:4232
- C:\Windows\System\JFKvPoY.exe
  C:\Windows\System\JFKvPoY.exe
  2⤵
  PID:4044
- C:\Windows\System\dvcZztx.exe
  C:\Windows\System\dvcZztx.exe
  2⤵
  PID:4552
- C:\Windows\System\KgkwAgy.exe
  C:\Windows\System\KgkwAgy.exe
  2⤵
  PID:4364
- C:\Windows\System\KbQfMNa.exe
  C:\Windows\System\KbQfMNa.exe
  2⤵
  PID:4368
- C:\Windows\System\XROdHkk.exe
  C:\Windows\System\XROdHkk.exe
  2⤵
  PID:4572
- C:\Windows\System\ArRZmSW.exe
  C:\Windows\System\ArRZmSW.exe
  2⤵
  PID:4492
- C:\Windows\System\ptCAQbP.exe
  C:\Windows\System\ptCAQbP.exe
  2⤵
  PID:4740
- C:\Windows\System\HWfvOIA.exe
  C:\Windows\System\HWfvOIA.exe
  2⤵
  PID:4728
- C:\Windows\System\XmQzRhq.exe
  C:\Windows\System\XmQzRhq.exe
  2⤵
  PID:4684
- C:\Windows\System\tvGpOaR.exe
  C:\Windows\System\tvGpOaR.exe
  2⤵
  PID:4812
- C:\Windows\System\psZUbUL.exe
  C:\Windows\System\psZUbUL.exe
  2⤵
  PID:4896
- C:\Windows\System\RYInkZu.exe
  C:\Windows\System\RYInkZu.exe
  2⤵
  PID:5004
- C:\Windows\System\meCgvyg.exe
  C:\Windows\System\meCgvyg.exe
  2⤵
  PID:4996
- C:\Windows\System\kGNtUtm.exe
  C:\Windows\System\kGNtUtm.exe
  2⤵
  PID:3124
- C:\Windows\System\FHgWeTG.exe
  C:\Windows\System\FHgWeTG.exe
  2⤵
  PID:3360
- C:\Windows\System\VNNbfVG.exe
  C:\Windows\System\VNNbfVG.exe
  2⤵
  PID:5140
- C:\Windows\System\cHiavml.exe
  C:\Windows\System\cHiavml.exe
  2⤵
  PID:5160
- C:\Windows\System\iNFNDQx.exe
  C:\Windows\System\iNFNDQx.exe
  2⤵
  PID:5180
- C:\Windows\System\vSRmfJi.exe
  C:\Windows\System\vSRmfJi.exe
  2⤵
  PID:5200
- C:\Windows\System\IvcjoHU.exe
  C:\Windows\System\IvcjoHU.exe
  2⤵
  PID:5220
- C:\Windows\System\OceyuNQ.exe
  C:\Windows\System\OceyuNQ.exe
  2⤵
  PID:5240
- C:\Windows\System\YoYigwB.exe
  C:\Windows\System\YoYigwB.exe
  2⤵
  PID:5260
- C:\Windows\System\YEcOUCG.exe
  C:\Windows\System\YEcOUCG.exe
  2⤵
  PID:5280
- C:\Windows\System\TFGYmvK.exe
  C:\Windows\System\TFGYmvK.exe
  2⤵
  PID:5300
- C:\Windows\System\MSuHpCm.exe
  C:\Windows\System\MSuHpCm.exe
  2⤵
  PID:5320
- C:\Windows\System\DzWBdUT.exe
  C:\Windows\System\DzWBdUT.exe
  2⤵
  PID:5340
- C:\Windows\System\ApYDDtx.exe
  C:\Windows\System\ApYDDtx.exe
  2⤵
  PID:5364
- C:\Windows\System\PsgFceo.exe
  C:\Windows\System\PsgFceo.exe
  2⤵
  PID:5384
- C:\Windows\System\NPhhioW.exe
  C:\Windows\System\NPhhioW.exe
  2⤵
  PID:5404
- C:\Windows\System\pgKlZEm.exe
  C:\Windows\System\pgKlZEm.exe
  2⤵
  PID:5424
- C:\Windows\System\oqOSdsy.exe
  C:\Windows\System\oqOSdsy.exe
  2⤵
  PID:5444
- C:\Windows\System\LDOQDkA.exe
  C:\Windows\System\LDOQDkA.exe
  2⤵
  PID:5464
- C:\Windows\System\FzEONcf.exe
  C:\Windows\System\FzEONcf.exe
  2⤵
  PID:5484
- C:\Windows\System\OBXVFRr.exe
  C:\Windows\System\OBXVFRr.exe
  2⤵
  PID:5504
- C:\Windows\System\pDMAxnv.exe
  C:\Windows\System\pDMAxnv.exe
  2⤵
  PID:5524
- C:\Windows\System\BUofLzT.exe
  C:\Windows\System\BUofLzT.exe
  2⤵
  PID:5544
- C:\Windows\System\fzBkqGH.exe
  C:\Windows\System\fzBkqGH.exe
  2⤵
  PID:5564
- C:\Windows\System\RiTtxYV.exe
  C:\Windows\System\RiTtxYV.exe
  2⤵
  PID:5584
- C:\Windows\System\yubyLTy.exe
  C:\Windows\System\yubyLTy.exe
  2⤵
  PID:5604
- C:\Windows\System\QAZtddg.exe
  C:\Windows\System\QAZtddg.exe
  2⤵
  PID:5624
- C:\Windows\System\RVblsDG.exe
  C:\Windows\System\RVblsDG.exe
  2⤵
  PID:5644
- C:\Windows\System\ZRAgMge.exe
  C:\Windows\System\ZRAgMge.exe
  2⤵
  PID:5664
- C:\Windows\System\ZDjDjRX.exe
  C:\Windows\System\ZDjDjRX.exe
  2⤵
  PID:5684
- C:\Windows\System\YqjnVIi.exe
  C:\Windows\System\YqjnVIi.exe
  2⤵
  PID:5708
- C:\Windows\System\qmASvoc.exe
  C:\Windows\System\qmASvoc.exe
  2⤵
  PID:5728
- C:\Windows\System\SNzfgrx.exe
  C:\Windows\System\SNzfgrx.exe
  2⤵
  PID:5748
- C:\Windows\System\BcNZmzo.exe
  C:\Windows\System\BcNZmzo.exe
  2⤵
  PID:5768
- C:\Windows\System\NtWfFPK.exe
  C:\Windows\System\NtWfFPK.exe
  2⤵
  PID:5788
- C:\Windows\System\YdfhCDn.exe
  C:\Windows\System\YdfhCDn.exe
  2⤵
  PID:5808
- C:\Windows\System\bWxEafR.exe
  C:\Windows\System\bWxEafR.exe
  2⤵
  PID:5828
- C:\Windows\System\QcOWIbu.exe
  C:\Windows\System\QcOWIbu.exe
  2⤵
  PID:5848
- C:\Windows\System\GtbsCCw.exe
  C:\Windows\System\GtbsCCw.exe
  2⤵
  PID:5868
- C:\Windows\System\fFdJvle.exe
  C:\Windows\System\fFdJvle.exe
  2⤵
  PID:5888
- C:\Windows\System\AypJYlq.exe
  C:\Windows\System\AypJYlq.exe
  2⤵
  PID:5908
- C:\Windows\System\OBCAdLF.exe
  C:\Windows\System\OBCAdLF.exe
  2⤵
  PID:5928
- C:\Windows\System\BMmEbJr.exe
  C:\Windows\System\BMmEbJr.exe
  2⤵
  PID:5948
- C:\Windows\System\LcKblOV.exe
  C:\Windows\System\LcKblOV.exe
  2⤵
  PID:5968
- C:\Windows\System\bKzmpXl.exe
  C:\Windows\System\bKzmpXl.exe
  2⤵
  PID:5988
- C:\Windows\System\mAtspXg.exe
  C:\Windows\System\mAtspXg.exe
  2⤵
  PID:6008
- C:\Windows\System\krxaprt.exe
  C:\Windows\System\krxaprt.exe
  2⤵
  PID:6028
- C:\Windows\System\aaBPkNb.exe
  C:\Windows\System\aaBPkNb.exe
  2⤵
  PID:6048
- C:\Windows\System\ICyjkqm.exe
  C:\Windows\System\ICyjkqm.exe
  2⤵
  PID:6068
- C:\Windows\System\yXNxohV.exe
  C:\Windows\System\yXNxohV.exe
  2⤵
  PID:6088
- C:\Windows\System\ALKesOK.exe
  C:\Windows\System\ALKesOK.exe
  2⤵
  PID:6112
- C:\Windows\System\RKOxGWh.exe
  C:\Windows\System\RKOxGWh.exe
  2⤵
  PID:6132
- C:\Windows\System\uxZpRad.exe
  C:\Windows\System\uxZpRad.exe
  2⤵
  PID:3428
- C:\Windows\System\GjHnIPh.exe
  C:\Windows\System\GjHnIPh.exe
  2⤵
  PID:3052
- C:\Windows\System\cdMkQaL.exe
  C:\Windows\System\cdMkQaL.exe
  2⤵
  PID:3280
- C:\Windows\System\fTdELKi.exe
  C:\Windows\System\fTdELKi.exe
  2⤵
  PID:3704
- C:\Windows\System\JPgDWmN.exe
  C:\Windows\System\JPgDWmN.exe
  2⤵
  PID:4136
- C:\Windows\System\UHJIZMV.exe
  C:\Windows\System\UHJIZMV.exe
  2⤵
  PID:4080
- C:\Windows\System\QymTNXN.exe
  C:\Windows\System\QymTNXN.exe
  2⤵
  PID:4432
- C:\Windows\System\FCMRTbS.exe
  C:\Windows\System\FCMRTbS.exe
  2⤵
  PID:4340
- C:\Windows\System\byoRdde.exe
  C:\Windows\System\byoRdde.exe
  2⤵
  PID:4504
- C:\Windows\System\rVfJyOI.exe
  C:\Windows\System\rVfJyOI.exe
  2⤵
  PID:4584
- C:\Windows\System\jbNpwqA.exe
  C:\Windows\System\jbNpwqA.exe
  2⤵
  PID:4632
- C:\Windows\System\cFjLPZM.exe
  C:\Windows\System\cFjLPZM.exe
  2⤵
  PID:4700
- C:\Windows\System\srqFuyj.exe
  C:\Windows\System\srqFuyj.exe
  2⤵
  PID:4824
- C:\Windows\System\IUevgTd.exe
  C:\Windows\System\IUevgTd.exe
  2⤵
  PID:4880
- C:\Windows\System\OQACrIO.exe
  C:\Windows\System\OQACrIO.exe
  2⤵
  PID:5080
- C:\Windows\System\nSMFTjP.exe
  C:\Windows\System\nSMFTjP.exe
  2⤵
  PID:5016
- C:\Windows\System\QWXyUFp.exe
  C:\Windows\System\QWXyUFp.exe
  2⤵
  PID:5128
- C:\Windows\System\FQnYTwh.exe
  C:\Windows\System\FQnYTwh.exe
  2⤵
  PID:5148
- C:\Windows\System\SkcuCnM.exe
  C:\Windows\System\SkcuCnM.exe
  2⤵
  PID:5188
- C:\Windows\System\bCuEarm.exe
  C:\Windows\System\bCuEarm.exe
  2⤵
  PID:5212
- C:\Windows\System\AUQLoQb.exe
  C:\Windows\System\AUQLoQb.exe
  2⤵
  PID:5252
- C:\Windows\System\jhYdzUV.exe
  C:\Windows\System\jhYdzUV.exe
  2⤵
  PID:5296
- C:\Windows\System\fZqfKqP.exe
  C:\Windows\System\fZqfKqP.exe
  2⤵
  PID:5312
- C:\Windows\System\qhZvIqQ.exe
  C:\Windows\System\qhZvIqQ.exe
  2⤵
  PID:5372
- C:\Windows\System\GtSjpOY.exe
  C:\Windows\System\GtSjpOY.exe
  2⤵
  PID:5412
- C:\Windows\System\LYeFhOZ.exe
  C:\Windows\System\LYeFhOZ.exe
  2⤵
  PID:5432
- C:\Windows\System\ecgUZVm.exe
  C:\Windows\System\ecgUZVm.exe
  2⤵
  PID:5436
- C:\Windows\System\yKFfzsf.exe
  C:\Windows\System\yKFfzsf.exe
  2⤵
  PID:5480
- C:\Windows\System\eaJaSCX.exe
  C:\Windows\System\eaJaSCX.exe
  2⤵
  PID:5512
- C:\Windows\System\GlzJIUa.exe
  C:\Windows\System\GlzJIUa.exe
  2⤵
  PID:5560
- C:\Windows\System\RduxquS.exe
  C:\Windows\System\RduxquS.exe
  2⤵
  PID:5612
- C:\Windows\System\zWuoDab.exe
  C:\Windows\System\zWuoDab.exe
  2⤵
  PID:5632
- C:\Windows\System\ayLRquA.exe
  C:\Windows\System\ayLRquA.exe
  2⤵
  PID:5636
- C:\Windows\System\Orumvko.exe
  C:\Windows\System\Orumvko.exe
  2⤵
  PID:5676
- C:\Windows\System\XqArkBK.exe
  C:\Windows\System\XqArkBK.exe
  2⤵
  PID:5724
- C:\Windows\System\kSZmwyw.exe
  C:\Windows\System\kSZmwyw.exe
  2⤵
  PID:5764
- C:\Windows\System\bfZohnk.exe
  C:\Windows\System\bfZohnk.exe
  2⤵
  PID:5796
- C:\Windows\System\rtNaSjf.exe
  C:\Windows\System\rtNaSjf.exe
  2⤵
  PID:5820
- C:\Windows\System\XFixbjE.exe
  C:\Windows\System\XFixbjE.exe
  2⤵
  PID:5840
- C:\Windows\System\TRAGXxM.exe
  C:\Windows\System\TRAGXxM.exe
  2⤵
  PID:5884
- C:\Windows\System\pdEjGId.exe
  C:\Windows\System\pdEjGId.exe
  2⤵
  PID:5920
- C:\Windows\System\OXlByCc.exe
  C:\Windows\System\OXlByCc.exe
  2⤵
  PID:5976
- C:\Windows\System\YmrGgvz.exe
  C:\Windows\System\YmrGgvz.exe
  2⤵
  PID:5996
- C:\Windows\System\sfNqXPp.exe
  C:\Windows\System\sfNqXPp.exe
  2⤵
  PID:6020
- C:\Windows\System\aBOOeJn.exe
  C:\Windows\System\aBOOeJn.exe
  2⤵
  PID:6064
- C:\Windows\System\AEjslAE.exe
  C:\Windows\System\AEjslAE.exe
  2⤵
  PID:6096
- C:\Windows\System\wvTDlxG.exe
  C:\Windows\System\wvTDlxG.exe
  2⤵
  PID:6124
- C:\Windows\System\wiEUIKN.exe
  C:\Windows\System\wiEUIKN.exe
  2⤵
  PID:5060
- C:\Windows\System\HFaHuSV.exe
  C:\Windows\System\HFaHuSV.exe
  2⤵
  PID:3740
- C:\Windows\System\CjNnKwY.exe
  C:\Windows\System\CjNnKwY.exe
  2⤵
  PID:3820
- C:\Windows\System\PyfhVrU.exe
  C:\Windows\System\PyfhVrU.exe
  2⤵
  PID:4028
- C:\Windows\System\ebequhr.exe
  C:\Windows\System\ebequhr.exe
  2⤵
  PID:3988
- C:\Windows\System\OPQWWcs.exe
  C:\Windows\System\OPQWWcs.exe
  2⤵
  PID:4424
- C:\Windows\System\joJErAQ.exe
  C:\Windows\System\joJErAQ.exe
  2⤵
  PID:4532
- C:\Windows\System\xEYqcWz.exe
  C:\Windows\System\xEYqcWz.exe
  2⤵
  PID:4688
- C:\Windows\System\szRCSTJ.exe
  C:\Windows\System\szRCSTJ.exe
  2⤵
  PID:5072
- C:\Windows\System\EJIIqXw.exe
  C:\Windows\System\EJIIqXw.exe
  2⤵
  PID:4972
- C:\Windows\System\jGkDXXs.exe
  C:\Windows\System\jGkDXXs.exe
  2⤵
  PID:5132
- C:\Windows\System\JVDmFhb.exe
  C:\Windows\System\JVDmFhb.exe
  2⤵
  PID:5216
- C:\Windows\System\CjYnlQB.exe
  C:\Windows\System\CjYnlQB.exe
  2⤵
  PID:5272
- C:\Windows\System\ScOqyRx.exe
  C:\Windows\System\ScOqyRx.exe
  2⤵
  PID:5356
- C:\Windows\System\waXutxT.exe
  C:\Windows\System\waXutxT.exe
  2⤵
  PID:5396
- C:\Windows\System\pvxQibt.exe
  C:\Windows\System\pvxQibt.exe
  2⤵
  PID:5440
- C:\Windows\System\CfkTvmJ.exe
  C:\Windows\System\CfkTvmJ.exe
  2⤵
  PID:5540
- C:\Windows\System\SltbynS.exe
  C:\Windows\System\SltbynS.exe
  2⤵
  PID:5572
- C:\Windows\System\sTGpwOp.exe
  C:\Windows\System\sTGpwOp.exe
  2⤵
  PID:5660
- C:\Windows\System\zvxFvcM.exe
  C:\Windows\System\zvxFvcM.exe
  2⤵
  PID:5680
- C:\Windows\System\OfqCLEZ.exe
  C:\Windows\System\OfqCLEZ.exe
  2⤵
  PID:5776
- C:\Windows\System\BzNWZrg.exe
  C:\Windows\System\BzNWZrg.exe
  2⤵
  PID:5824
- C:\Windows\System\jICgbrx.exe
  C:\Windows\System\jICgbrx.exe
  2⤵
  PID:5836
- C:\Windows\System\AwwypPo.exe
  C:\Windows\System\AwwypPo.exe
  2⤵
  PID:5896
- C:\Windows\System\PKNQjCK.exe
  C:\Windows\System\PKNQjCK.exe
  2⤵
  PID:5956
- C:\Windows\System\XfZzZDv.exe
  C:\Windows\System\XfZzZDv.exe
  2⤵
  PID:6000
- C:\Windows\System\HowgFXB.exe
  C:\Windows\System\HowgFXB.exe
  2⤵
  PID:6100
- C:\Windows\System\UQLAGwM.exe
  C:\Windows\System\UQLAGwM.exe
  2⤵
  PID:3300
- C:\Windows\System\xFEoLct.exe
  C:\Windows\System\xFEoLct.exe
  2⤵
  PID:3284
- C:\Windows\System\BHZbpcf.exe
  C:\Windows\System\BHZbpcf.exe
  2⤵
  PID:6160
- C:\Windows\System\vshIEJD.exe
  C:\Windows\System\vshIEJD.exe
  2⤵
  PID:6180
- C:\Windows\System\RRVLjuL.exe
  C:\Windows\System\RRVLjuL.exe
  2⤵
  PID:6200
- C:\Windows\System\FdsdMlc.exe
  C:\Windows\System\FdsdMlc.exe
  2⤵
  PID:6220
- C:\Windows\System\goHelMJ.exe
  C:\Windows\System\goHelMJ.exe
  2⤵
  PID:6240
- C:\Windows\System\MMYEXLd.exe
  C:\Windows\System\MMYEXLd.exe
  2⤵
  PID:6260
- C:\Windows\System\vRgymJy.exe
  C:\Windows\System\vRgymJy.exe
  2⤵
  PID:6280
- C:\Windows\System\jNqQGsZ.exe
  C:\Windows\System\jNqQGsZ.exe
  2⤵
  PID:6300
- C:\Windows\System\pHNxpOV.exe
  C:\Windows\System\pHNxpOV.exe
  2⤵
  PID:6320
- C:\Windows\System\SOZxojA.exe
  C:\Windows\System\SOZxojA.exe
  2⤵
  PID:6340
- C:\Windows\System\wKnghRK.exe
  C:\Windows\System\wKnghRK.exe
  2⤵
  PID:6360
- C:\Windows\System\rgCkxRd.exe
  C:\Windows\System\rgCkxRd.exe
  2⤵
  PID:6380
- C:\Windows\System\MiVJFUB.exe
  C:\Windows\System\MiVJFUB.exe
  2⤵
  PID:6400
- C:\Windows\System\zpkynCp.exe
  C:\Windows\System\zpkynCp.exe
  2⤵
  PID:6420
- C:\Windows\System\pbkwQqs.exe
  C:\Windows\System\pbkwQqs.exe
  2⤵
  PID:6440
- C:\Windows\System\uWokobW.exe
  C:\Windows\System\uWokobW.exe
  2⤵
  PID:6460
- C:\Windows\System\IfJLmGz.exe
  C:\Windows\System\IfJLmGz.exe
  2⤵
  PID:6480
- C:\Windows\System\pBRYCBK.exe
  C:\Windows\System\pBRYCBK.exe
  2⤵
  PID:6500
- C:\Windows\System\IcAjlry.exe
  C:\Windows\System\IcAjlry.exe
  2⤵
  PID:6520
- C:\Windows\System\mZmPCYf.exe
  C:\Windows\System\mZmPCYf.exe
  2⤵
  PID:6540
- C:\Windows\System\gVbJMOC.exe
  C:\Windows\System\gVbJMOC.exe
  2⤵
  PID:6560
- C:\Windows\System\JYGDVUX.exe
  C:\Windows\System\JYGDVUX.exe
  2⤵
  PID:6580
- C:\Windows\System\KIevcUY.exe
  C:\Windows\System\KIevcUY.exe
  2⤵
  PID:6604
- C:\Windows\System\IysTSNt.exe
  C:\Windows\System\IysTSNt.exe
  2⤵
  PID:6624
- C:\Windows\System\uJAPiPi.exe
  C:\Windows\System\uJAPiPi.exe
  2⤵
  PID:6644
- C:\Windows\System\QUkHURT.exe
  C:\Windows\System\QUkHURT.exe
  2⤵
  PID:6664
- C:\Windows\System\kjCqwXF.exe
  C:\Windows\System\kjCqwXF.exe
  2⤵
  PID:6688
- C:\Windows\System\dNBvgZR.exe
  C:\Windows\System\dNBvgZR.exe
  2⤵
  PID:6708
- C:\Windows\System\KDmpEgh.exe
  C:\Windows\System\KDmpEgh.exe
  2⤵
  PID:6728
- C:\Windows\System\dUFFZTm.exe
  C:\Windows\System\dUFFZTm.exe
  2⤵
  PID:6748
- C:\Windows\System\XyXlCAM.exe
  C:\Windows\System\XyXlCAM.exe
  2⤵
  PID:6768
- C:\Windows\System\QaRNPNa.exe
  C:\Windows\System\QaRNPNa.exe
  2⤵
  PID:6788
- C:\Windows\System\PdpmDsh.exe
  C:\Windows\System\PdpmDsh.exe
  2⤵
  PID:6808
- C:\Windows\System\nVTgyHQ.exe
  C:\Windows\System\nVTgyHQ.exe
  2⤵
  PID:6828
- C:\Windows\System\KacCJHH.exe
  C:\Windows\System\KacCJHH.exe
  2⤵
  PID:6848
- C:\Windows\System\hPuIZYl.exe
  C:\Windows\System\hPuIZYl.exe
  2⤵
  PID:6868
- C:\Windows\System\ubWQnWa.exe
  C:\Windows\System\ubWQnWa.exe
  2⤵
  PID:6888
- C:\Windows\System\DQHSrVS.exe
  C:\Windows\System\DQHSrVS.exe
  2⤵
  PID:6908
- C:\Windows\System\JTYQORQ.exe
  C:\Windows\System\JTYQORQ.exe
  2⤵
  PID:6928
- C:\Windows\System\jvYhMhx.exe
  C:\Windows\System\jvYhMhx.exe
  2⤵
  PID:6948
- C:\Windows\System\lNgtzZt.exe
  C:\Windows\System\lNgtzZt.exe
  2⤵
  PID:6968
- C:\Windows\System\crEwjqn.exe
  C:\Windows\System\crEwjqn.exe
  2⤵
  PID:6988
- C:\Windows\System\EGSPmDE.exe
  C:\Windows\System\EGSPmDE.exe
  2⤵
  PID:7008
- C:\Windows\System\uBnVYTY.exe
  C:\Windows\System\uBnVYTY.exe
  2⤵
  PID:7028
- C:\Windows\System\zyoVkrI.exe
  C:\Windows\System\zyoVkrI.exe
  2⤵
  PID:7048
- C:\Windows\System\vxhehfV.exe
  C:\Windows\System\vxhehfV.exe
  2⤵
  PID:7068
- C:\Windows\System\uzCvfUs.exe
  C:\Windows\System\uzCvfUs.exe
  2⤵
  PID:7088
- C:\Windows\System\pHHWmQY.exe
  C:\Windows\System\pHHWmQY.exe
  2⤵
  PID:7108
- C:\Windows\System\nFmqCxu.exe
  C:\Windows\System\nFmqCxu.exe
  2⤵
  PID:7128
- C:\Windows\System\PpuUngJ.exe
  C:\Windows\System\PpuUngJ.exe
  2⤵
  PID:7148
- C:\Windows\System\bpTgBAi.exe
  C:\Windows\System\bpTgBAi.exe
  2⤵
  PID:4172
- C:\Windows\System\GgmmScd.exe
  C:\Windows\System\GgmmScd.exe
  2⤵
  PID:4348
- C:\Windows\System\zSAfwDs.exe
  C:\Windows\System\zSAfwDs.exe
  2⤵
  PID:4628
- C:\Windows\System\AKFhwke.exe
  C:\Windows\System\AKFhwke.exe
  2⤵
  PID:4764
- C:\Windows\System\NxfsDIw.exe
  C:\Windows\System\NxfsDIw.exe
  2⤵
  PID:2768
- C:\Windows\System\ekvWoFR.exe
  C:\Windows\System\ekvWoFR.exe
  2⤵
  PID:5208
- C:\Windows\System\uOTWaCC.exe
  C:\Windows\System\uOTWaCC.exe
  2⤵
  PID:5276
- C:\Windows\System\SRcqIQo.exe
  C:\Windows\System\SRcqIQo.exe
  2⤵
  PID:5376
- C:\Windows\System\yfGjZxf.exe
  C:\Windows\System\yfGjZxf.exe
  2⤵
  PID:5500
- C:\Windows\System\aWMfhjc.exe
  C:\Windows\System\aWMfhjc.exe
  2⤵
  PID:5552
- C:\Windows\System\hNBEZEi.exe
  C:\Windows\System\hNBEZEi.exe
  2⤵
  PID:5600
- C:\Windows\System\FQQmRYv.exe
  C:\Windows\System\FQQmRYv.exe
  2⤵
  PID:5736
- C:\Windows\System\lOnEfoA.exe
  C:\Windows\System\lOnEfoA.exe
  2⤵
  PID:5844
- C:\Windows\System\QPfJXOc.exe
  C:\Windows\System\QPfJXOc.exe
  2⤵
  PID:5944
- C:\Windows\System\dvJNbMi.exe
  C:\Windows\System\dvJNbMi.exe
  2⤵
  PID:6004
- C:\Windows\System\TBdKOJA.exe
  C:\Windows\System\TBdKOJA.exe
  2⤵
  PID:6084
- C:\Windows\System\KHGXzQY.exe
  C:\Windows\System\KHGXzQY.exe
  2⤵
  PID:6156
- C:\Windows\System\UgcOTKM.exe
  C:\Windows\System\UgcOTKM.exe
  2⤵
  PID:6196
- C:\Windows\System\WEfwlUf.exe
  C:\Windows\System\WEfwlUf.exe
  2⤵
  PID:6228
- C:\Windows\System\WWwPvWj.exe
  C:\Windows\System\WWwPvWj.exe
  2⤵
  PID:6256
- C:\Windows\System\FiyugQk.exe
  C:\Windows\System\FiyugQk.exe
  2⤵
  PID:6288
- C:\Windows\System\VxsCHGG.exe
  C:\Windows\System\VxsCHGG.exe
  2⤵
  PID:6312
- C:\Windows\System\ibfwoyJ.exe
  C:\Windows\System\ibfwoyJ.exe
  2⤵
  PID:6356
- C:\Windows\System\dvrdrcP.exe
  C:\Windows\System\dvrdrcP.exe
  2⤵
  PID:6388
- C:\Windows\System\cRCwxEd.exe
  C:\Windows\System\cRCwxEd.exe
  2⤵
  PID:6428
- C:\Windows\System\syHGddd.exe
  C:\Windows\System\syHGddd.exe
  2⤵
  PID:6456
- C:\Windows\System\kzDIxmI.exe
  C:\Windows\System\kzDIxmI.exe
  2⤵
  PID:6488
- C:\Windows\System\CLtepBX.exe
  C:\Windows\System\CLtepBX.exe
  2⤵
  PID:6512
- C:\Windows\System\NnCVNYx.exe
  C:\Windows\System\NnCVNYx.exe
  2⤵
  PID:6556
- C:\Windows\System\nkysWiZ.exe
  C:\Windows\System\nkysWiZ.exe
  2⤵
  PID:6588
- C:\Windows\System\toudbry.exe
  C:\Windows\System\toudbry.exe
  2⤵
  PID:6632
- C:\Windows\System\rMxdOpY.exe
  C:\Windows\System\rMxdOpY.exe
  2⤵
  PID:6660
- C:\Windows\System\qMVxkkL.exe
  C:\Windows\System\qMVxkkL.exe
  2⤵
  PID:6696
- C:\Windows\System\EAvOoRy.exe
  C:\Windows\System\EAvOoRy.exe
  2⤵
  PID:6736
- C:\Windows\System\VVVeyjp.exe
  C:\Windows\System\VVVeyjp.exe
  2⤵
  PID:6760
- C:\Windows\System\mPurnpy.exe
  C:\Windows\System\mPurnpy.exe
  2⤵
  PID:6804
- C:\Windows\System\RGNAdMu.exe
  C:\Windows\System\RGNAdMu.exe
  2⤵
  PID:6824
- C:\Windows\System\lgHWFIU.exe
  C:\Windows\System\lgHWFIU.exe
  2⤵
  PID:6864
- C:\Windows\System\JyxLWFo.exe
  C:\Windows\System\JyxLWFo.exe
  2⤵
  PID:6896
- C:\Windows\System\prhQUgl.exe
  C:\Windows\System\prhQUgl.exe
  2⤵
  PID:6920
- C:\Windows\System\PkFLqMb.exe
  C:\Windows\System\PkFLqMb.exe
  2⤵
  PID:6964
- C:\Windows\System\skYhjKx.exe
  C:\Windows\System\skYhjKx.exe
  2⤵
  PID:7004
- C:\Windows\System\ROkhqsu.exe
  C:\Windows\System\ROkhqsu.exe
  2⤵
  PID:7020
- C:\Windows\System\fbxpUsF.exe
  C:\Windows\System\fbxpUsF.exe
  2⤵
  PID:7064
- C:\Windows\System\WxdRyLX.exe
  C:\Windows\System\WxdRyLX.exe
  2⤵
  PID:7096
- C:\Windows\System\GbUnbPJ.exe
  C:\Windows\System\GbUnbPJ.exe
  2⤵
  PID:7120
- C:\Windows\System\gRNGeJW.exe
  C:\Windows\System\gRNGeJW.exe
  2⤵
  PID:7140
- C:\Windows\System\bdkgRgS.exe
  C:\Windows\System\bdkgRgS.exe
  2⤵
  PID:4104
- C:\Windows\System\TDoPYBy.exe
  C:\Windows\System\TDoPYBy.exe
  2⤵
  PID:4456
- C:\Windows\System\WcWxHfh.exe
  C:\Windows\System\WcWxHfh.exe
  2⤵
  PID:5288
- C:\Windows\System\PhBbAFU.exe
  C:\Windows\System\PhBbAFU.exe
  2⤵
  PID:5460
- C:\Windows\System\aedRKhm.exe
  C:\Windows\System\aedRKhm.exe
  2⤵
  PID:5492
- C:\Windows\System\rvqSpBv.exe
  C:\Windows\System\rvqSpBv.exe
  2⤵
  PID:5620
- C:\Windows\System\uYkbCIw.exe
  C:\Windows\System\uYkbCIw.exe
  2⤵
  PID:5804
- C:\Windows\System\QpsAlAt.exe
  C:\Windows\System\QpsAlAt.exe
  2⤵
  PID:5904
- C:\Windows\System\NKlFNts.exe
  C:\Windows\System\NKlFNts.exe
  2⤵
  PID:6044
- C:\Windows\System\sSimHbC.exe
  C:\Windows\System\sSimHbC.exe
  2⤵
  PID:6168
- C:\Windows\System\TjdFEwp.exe
  C:\Windows\System\TjdFEwp.exe
  2⤵
  PID:6232
- C:\Windows\System\wxokmyS.exe
  C:\Windows\System\wxokmyS.exe
  2⤵
  PID:6276
- C:\Windows\System\NnCWUKX.exe
  C:\Windows\System\NnCWUKX.exe
  2⤵
  PID:6316
- C:\Windows\System\cUuQvZF.exe
  C:\Windows\System\cUuQvZF.exe
  2⤵
  PID:6376
- C:\Windows\System\BcFfnag.exe
  C:\Windows\System\BcFfnag.exe
  2⤵
  PID:6448
- C:\Windows\System\JlcSswe.exe
  C:\Windows\System\JlcSswe.exe
  2⤵
  PID:6508
- C:\Windows\System\ZkymMsV.exe
  C:\Windows\System\ZkymMsV.exe
  2⤵
  PID:6568
- C:\Windows\System\kZPHgZf.exe
  C:\Windows\System\kZPHgZf.exe
  2⤵
  PID:6612
- C:\Windows\System\XQSObrP.exe
  C:\Windows\System\XQSObrP.exe
  2⤵
  PID:6656
- C:\Windows\System\udSaeQL.exe
  C:\Windows\System\udSaeQL.exe
  2⤵
  PID:6756
- C:\Windows\System\WdGUIOA.exe
  C:\Windows\System\WdGUIOA.exe
  2⤵
  PID:6684
- C:\Windows\System\AaznmdX.exe
  C:\Windows\System\AaznmdX.exe
  2⤵
  PID:6880
- C:\Windows\System\RDHcMyT.exe
  C:\Windows\System\RDHcMyT.exe
  2⤵
  PID:6900
- C:\Windows\System\TQaKorv.exe
  C:\Windows\System\TQaKorv.exe
  2⤵
  PID:6976
- C:\Windows\System\FeHwjmz.exe
  C:\Windows\System\FeHwjmz.exe
  2⤵
  PID:6984
- C:\Windows\System\XAujcQT.exe
  C:\Windows\System\XAujcQT.exe
  2⤵
  PID:7080
- C:\Windows\System\wdLIJJm.exe
  C:\Windows\System\wdLIJJm.exe
  2⤵
  PID:7164
- C:\Windows\System\SFwQFuO.exe
  C:\Windows\System\SFwQFuO.exe
  2⤵
  PID:4292
- C:\Windows\System\iOMmcAb.exe
  C:\Windows\System\iOMmcAb.exe
  2⤵
  PID:4976
- C:\Windows\System\TbzUiVv.exe
  C:\Windows\System\TbzUiVv.exe
  2⤵
  PID:5172
- C:\Windows\System\NeaTboz.exe
  C:\Windows\System\NeaTboz.exe
  2⤵
  PID:5416
- C:\Windows\System\CfenXeE.exe
  C:\Windows\System\CfenXeE.exe
  2⤵
  PID:5960
- C:\Windows\System\TULlbHs.exe
  C:\Windows\System\TULlbHs.exe
  2⤵
  PID:6192
- C:\Windows\System\lrtmnuD.exe
  C:\Windows\System\lrtmnuD.exe
  2⤵
  PID:6272
- C:\Windows\System\TauHprn.exe
  C:\Windows\System\TauHprn.exe
  2⤵
  PID:6332
- C:\Windows\System\qySNqGJ.exe
  C:\Windows\System\qySNqGJ.exe
  2⤵
  PID:6336
- C:\Windows\System\mVfUvAJ.exe
  C:\Windows\System\mVfUvAJ.exe
  2⤵
  PID:6408
- C:\Windows\System\OyhYwNE.exe
  C:\Windows\System\OyhYwNE.exe
  2⤵
  PID:6536
- C:\Windows\System\RIOIXDU.exe
  C:\Windows\System\RIOIXDU.exe
  2⤵
  PID:6680
- C:\Windows\System\nJTwdXp.exe
  C:\Windows\System\nJTwdXp.exe
  2⤵
  PID:2604
- C:\Windows\System\kUGelqQ.exe
  C:\Windows\System\kUGelqQ.exe
  2⤵
  PID:7180
- C:\Windows\System\ppkalCW.exe
  C:\Windows\System\ppkalCW.exe
  2⤵
  PID:7200
- C:\Windows\System\yQuYDXA.exe
  C:\Windows\System\yQuYDXA.exe
  2⤵
  PID:7224
- C:\Windows\System\yXkXJfc.exe
  C:\Windows\System\yXkXJfc.exe
  2⤵
  PID:7244
- C:\Windows\System\fvSgUVm.exe
  C:\Windows\System\fvSgUVm.exe
  2⤵
  PID:7260
- C:\Windows\System\UOkvwog.exe
  C:\Windows\System\UOkvwog.exe
  2⤵
  PID:7280
- C:\Windows\System\HcrODJe.exe
  C:\Windows\System\HcrODJe.exe
  2⤵
  PID:7300
- C:\Windows\System\vQwUiPE.exe
  C:\Windows\System\vQwUiPE.exe
  2⤵
  PID:7324
- C:\Windows\System\aKhdnGa.exe
  C:\Windows\System\aKhdnGa.exe
  2⤵
  PID:7344
- C:\Windows\System\xrtlLAS.exe
  C:\Windows\System\xrtlLAS.exe
  2⤵
  PID:7368
- C:\Windows\System\bGFGYbM.exe
  C:\Windows\System\bGFGYbM.exe
  2⤵
  PID:7388
- C:\Windows\System\ffnDsud.exe
  C:\Windows\System\ffnDsud.exe
  2⤵
  PID:7408
- C:\Windows\System\doNxZZv.exe
  C:\Windows\System\doNxZZv.exe
  2⤵
  PID:7424
- C:\Windows\System\XbpRpvK.exe
  C:\Windows\System\XbpRpvK.exe
  2⤵
  PID:7440
- C:\Windows\System\RIQUvTM.exe
  C:\Windows\System\RIQUvTM.exe
  2⤵
  PID:7464
- C:\Windows\System\sqDXgpk.exe
  C:\Windows\System\sqDXgpk.exe
  2⤵
  PID:7484
- C:\Windows\System\WtuLCVb.exe
  C:\Windows\System\WtuLCVb.exe
  2⤵
  PID:7508
- C:\Windows\System\wtXmEwK.exe
  C:\Windows\System\wtXmEwK.exe
  2⤵
  PID:7528
- C:\Windows\System\GLYvgqk.exe
  C:\Windows\System\GLYvgqk.exe
  2⤵
  PID:7552
- C:\Windows\System\DDZhkPQ.exe
  C:\Windows\System\DDZhkPQ.exe
  2⤵
  PID:7572
- C:\Windows\System\OsouMIZ.exe
  C:\Windows\System\OsouMIZ.exe
  2⤵
  PID:7592
- C:\Windows\System\CEoqTvi.exe
  C:\Windows\System\CEoqTvi.exe
  2⤵
  PID:7612
- C:\Windows\System\OVmjHMx.exe
  C:\Windows\System\OVmjHMx.exe
  2⤵
  PID:7628
- C:\Windows\System\MMrnjwB.exe
  C:\Windows\System\MMrnjwB.exe
  2⤵
  PID:7644
- C:\Windows\System\SMOdvyU.exe
  C:\Windows\System\SMOdvyU.exe
  2⤵
  PID:7668
- C:\Windows\System\ZKYndGN.exe
  C:\Windows\System\ZKYndGN.exe
  2⤵
  PID:7692
- C:\Windows\System\rYyGkTo.exe
  C:\Windows\System\rYyGkTo.exe
  2⤵
  PID:7712
- C:\Windows\System\GuUlJIb.exe
  C:\Windows\System\GuUlJIb.exe
  2⤵
  PID:7732
- C:\Windows\System\mCppEhL.exe
  C:\Windows\System\mCppEhL.exe
  2⤵
  PID:7752
- C:\Windows\System\YbGOjLi.exe
  C:\Windows\System\YbGOjLi.exe
  2⤵
  PID:7772
- C:\Windows\System\fXjQRKx.exe
  C:\Windows\System\fXjQRKx.exe
  2⤵
  PID:7792
- C:\Windows\System\TmejVgt.exe
  C:\Windows\System\TmejVgt.exe
  2⤵
  PID:7808
- C:\Windows\System\DUSSCbJ.exe
  C:\Windows\System\DUSSCbJ.exe
  2⤵
  PID:7828
- C:\Windows\System\PzeYpbh.exe
  C:\Windows\System\PzeYpbh.exe
  2⤵
  PID:7852
- C:\Windows\System\lVEWTmS.exe
  C:\Windows\System\lVEWTmS.exe
  2⤵
  PID:7872
- C:\Windows\System\bFKCZxw.exe
  C:\Windows\System\bFKCZxw.exe
  2⤵
  PID:7892
- C:\Windows\System\ZeJGuFP.exe
  C:\Windows\System\ZeJGuFP.exe
  2⤵
  PID:7912
- C:\Windows\System\BwgipwU.exe
  C:\Windows\System\BwgipwU.exe
  2⤵
  PID:7932
- C:\Windows\System\cimfNpF.exe
  C:\Windows\System\cimfNpF.exe
  2⤵
  PID:7956
- C:\Windows\System\bJDzpUW.exe
  C:\Windows\System\bJDzpUW.exe
  2⤵
  PID:7980
- C:\Windows\System\AjzOriQ.exe
  C:\Windows\System\AjzOriQ.exe
  2⤵
  PID:8000
- C:\Windows\System\bOPEDNy.exe
  C:\Windows\System\bOPEDNy.exe
  2⤵
  PID:8020
- C:\Windows\System\UESziUV.exe
  C:\Windows\System\UESziUV.exe
  2⤵
  PID:8040
- C:\Windows\System\wKzYcPg.exe
  C:\Windows\System\wKzYcPg.exe
  2⤵
  PID:8060
- C:\Windows\System\TbWZAIz.exe
  C:\Windows\System\TbWZAIz.exe
  2⤵
  PID:8080
- C:\Windows\System\HfYmjRt.exe
  C:\Windows\System\HfYmjRt.exe
  2⤵
  PID:8100
- C:\Windows\System\RYumpTd.exe
  C:\Windows\System\RYumpTd.exe
  2⤵
  PID:8116
- C:\Windows\System\UTGPWGb.exe
  C:\Windows\System\UTGPWGb.exe
  2⤵
  PID:8140
- C:\Windows\System\xOLCAFs.exe
  C:\Windows\System\xOLCAFs.exe
  2⤵
  PID:8160
- C:\Windows\System\lDmdYGJ.exe
  C:\Windows\System\lDmdYGJ.exe
  2⤵
  PID:8180
- C:\Windows\System\vfMULJb.exe
  C:\Windows\System\vfMULJb.exe
  2⤵
  PID:6844
- C:\Windows\System\QHKzOaj.exe
  C:\Windows\System\QHKzOaj.exe
  2⤵
  PID:6796
- C:\Windows\System\UlGhwYU.exe
  C:\Windows\System\UlGhwYU.exe
  2⤵
  PID:6856
- C:\Windows\System\MDBdOdK.exe
  C:\Windows\System\MDBdOdK.exe
  2⤵
  PID:6840
- C:\Windows\System\APABnpv.exe
  C:\Windows\System\APABnpv.exe
  2⤵
  PID:2372
- C:\Windows\System\vCMmVup.exe
  C:\Windows\System\vCMmVup.exe
  2⤵
  PID:7076
- C:\Windows\System\qsFklGf.exe
  C:\Windows\System\qsFklGf.exe
  2⤵
  PID:7156
- C:\Windows\System\KkQDjvT.exe
  C:\Windows\System\KkQDjvT.exe
  2⤵
  PID:7144
- C:\Windows\System\SkhAlDm.exe
  C:\Windows\System\SkhAlDm.exe
  2⤵
  PID:5740
- C:\Windows\System\MRkUPpJ.exe
  C:\Windows\System\MRkUPpJ.exe
  2⤵
  PID:6076
- C:\Windows\System\sCFwXBF.exe
  C:\Windows\System\sCFwXBF.exe
  2⤵
  PID:5516
- C:\Windows\System\UKZFGHE.exe
  C:\Windows\System\UKZFGHE.exe
  2⤵
  PID:6368
- C:\Windows\System\AbfwQTb.exe
  C:\Windows\System\AbfwQTb.exe
  2⤵
  PID:6268
- C:\Windows\System\sIXkJec.exe
  C:\Windows\System\sIXkJec.exe
  2⤵
  PID:6652
- C:\Windows\System\gISQwqM.exe
  C:\Windows\System\gISQwqM.exe
  2⤵
  PID:7192
- C:\Windows\System\dPlMYgg.exe
  C:\Windows\System\dPlMYgg.exe
  2⤵
  PID:2148
- C:\Windows\System\byOfSKj.exe
  C:\Windows\System\byOfSKj.exe
  2⤵
  PID:7232
- C:\Windows\System\OkkcZAa.exe
  C:\Windows\System\OkkcZAa.exe
  2⤵
  PID:7216
- C:\Windows\System\OtxsSzq.exe
  C:\Windows\System\OtxsSzq.exe
  2⤵
  PID:7316
- C:\Windows\System\UIctxJX.exe
  C:\Windows\System\UIctxJX.exe
  2⤵
  PID:7352
- C:\Windows\System\YVkjEjQ.exe
  C:\Windows\System\YVkjEjQ.exe
  2⤵
  PID:7296
- C:\Windows\System\NYYDcrN.exe
  C:\Windows\System\NYYDcrN.exe
  2⤵
  PID:7376
- C:\Windows\System\glrjDAb.exe
  C:\Windows\System\glrjDAb.exe
  2⤵
  PID:7380
- C:\Windows\System\jPBYKAd.exe
  C:\Windows\System\jPBYKAd.exe
  2⤵
  PID:7420
- C:\Windows\System\aYhvDrN.exe
  C:\Windows\System\aYhvDrN.exe
  2⤵
  PID:7448
- C:\Windows\System\ofkeeya.exe
  C:\Windows\System\ofkeeya.exe
  2⤵
  PID:7492
- C:\Windows\System\bCfxAUx.exe
  C:\Windows\System\bCfxAUx.exe
  2⤵
  PID:7560
- C:\Windows\System\CjqjnPi.exe
  C:\Windows\System\CjqjnPi.exe
  2⤵
  PID:7540
- C:\Windows\System\eNxBiqh.exe
  C:\Windows\System\eNxBiqh.exe
  2⤵
  PID:7588
- C:\Windows\System\XKFYkuk.exe
  C:\Windows\System\XKFYkuk.exe
  2⤵
  PID:7640
- C:\Windows\System\cnsyKjl.exe
  C:\Windows\System\cnsyKjl.exe
  2⤵
  PID:7664
- C:\Windows\System\UpcsOoy.exe
  C:\Windows\System\UpcsOoy.exe
  2⤵
  PID:7720
- C:\Windows\System\tVVfXeq.exe
  C:\Windows\System\tVVfXeq.exe
  2⤵
  PID:7704
- C:\Windows\System\uVFGahw.exe
  C:\Windows\System\uVFGahw.exe
  2⤵
  PID:7744
- C:\Windows\System\HSWXnUm.exe
  C:\Windows\System\HSWXnUm.exe
  2⤵
  PID:7800
- C:\Windows\System\OmoTXFH.exe
  C:\Windows\System\OmoTXFH.exe
  2⤵
  PID:7840
- C:\Windows\System\MATdMZq.exe
  C:\Windows\System\MATdMZq.exe
  2⤵
  PID:7820
- C:\Windows\System\dXqRSwE.exe
  C:\Windows\System\dXqRSwE.exe
  2⤵
  PID:7888
- C:\Windows\System\OLVHeWF.exe
  C:\Windows\System\OLVHeWF.exe
  2⤵
  PID:7908
- C:\Windows\System\VKWxFLm.exe
  C:\Windows\System\VKWxFLm.exe
  2⤵
  PID:7972
- C:\Windows\System\UngYrZG.exe
  C:\Windows\System\UngYrZG.exe
  2⤵
  PID:8012
- C:\Windows\System\TMdaimA.exe
  C:\Windows\System\TMdaimA.exe
  2⤵
  PID:7996
- C:\Windows\System\dUFVKEm.exe
  C:\Windows\System\dUFVKEm.exe
  2⤵
  PID:8068
- C:\Windows\System\CrWSeyf.exe
  C:\Windows\System\CrWSeyf.exe
  2⤵
  PID:8092
- C:\Windows\System\asRPIJy.exe
  C:\Windows\System\asRPIJy.exe
  2⤵
  PID:8132
- C:\Windows\System\quVgIhX.exe
  C:\Windows\System\quVgIhX.exe
  2⤵
  PID:8172
- C:\Windows\System\MelEEhR.exe
  C:\Windows\System\MelEEhR.exe
  2⤵
  PID:6860
- C:\Windows\System\UyhpvHa.exe
  C:\Windows\System\UyhpvHa.exe
  2⤵
  PID:3044
- C:\Windows\System\yyAXIOS.exe
  C:\Windows\System\yyAXIOS.exe
  2⤵
  PID:6996
- C:\Windows\System\MTwiHTQ.exe
  C:\Windows\System\MTwiHTQ.exe
  2⤵
  PID:4116
- C:\Windows\System\DSYkFAL.exe
  C:\Windows\System\DSYkFAL.exe
  2⤵
  PID:4248
- C:\Windows\System\nxCQlIb.exe
  C:\Windows\System\nxCQlIb.exe
  2⤵
  PID:4276
- C:\Windows\System\QyGJuLc.exe
  C:\Windows\System\QyGJuLc.exe
  2⤵
  PID:2584
- C:\Windows\System\RRTNbdY.exe
  C:\Windows\System\RRTNbdY.exe
  2⤵
  PID:6700
- C:\Windows\System\fFNxENP.exe
  C:\Windows\System\fFNxENP.exe
  2⤵
  PID:6416
- C:\Windows\System\IdvsnJq.exe
  C:\Windows\System\IdvsnJq.exe
  2⤵
  PID:2828
- C:\Windows\System\ZoskjzN.exe
  C:\Windows\System\ZoskjzN.exe
  2⤵
  PID:7176
- C:\Windows\System\oYIJyui.exe
  C:\Windows\System\oYIJyui.exe
  2⤵
  PID:7256
- C:\Windows\System\VSelUdg.exe
  C:\Windows\System\VSelUdg.exe
  2⤵
  PID:7340
- C:\Windows\System\GkpeZlK.exe
  C:\Windows\System\GkpeZlK.exe
  2⤵
  PID:7432
- C:\Windows\System\ECISanx.exe
  C:\Windows\System\ECISanx.exe
  2⤵
  PID:7384
- C:\Windows\System\ZFkMZCv.exe
  C:\Windows\System\ZFkMZCv.exe
  2⤵
  PID:7524
- C:\Windows\System\gesxLvN.exe
  C:\Windows\System\gesxLvN.exe
  2⤵
  PID:7604
- C:\Windows\System\tbxHYzY.exe
  C:\Windows\System\tbxHYzY.exe
  2⤵
  PID:7504
- C:\Windows\System\BlBuzaC.exe
  C:\Windows\System\BlBuzaC.exe
  2⤵
  PID:7684
- C:\Windows\System\VKIQWvd.exe
  C:\Windows\System\VKIQWvd.exe
  2⤵
  PID:7676
- C:\Windows\System\keUDzDx.exe
  C:\Windows\System\keUDzDx.exe
  2⤵
  PID:7708
- C:\Windows\System\eArXhBr.exe
  C:\Windows\System\eArXhBr.exe
  2⤵
  PID:7860
- C:\Windows\System\WpIBkKZ.exe
  C:\Windows\System\WpIBkKZ.exe
  2⤵
  PID:7780
- C:\Windows\System\YVfKljy.exe
  C:\Windows\System\YVfKljy.exe
  2⤵
  PID:7952
- C:\Windows\System\anAUOfp.exe
  C:\Windows\System\anAUOfp.exe
  2⤵
  PID:7928
- C:\Windows\System\CwmTnoF.exe
  C:\Windows\System\CwmTnoF.exe
  2⤵
  PID:8008
- C:\Windows\System\pyJmqET.exe
  C:\Windows\System\pyJmqET.exe
  2⤵
  PID:8096
- C:\Windows\System\ciFrAbq.exe
  C:\Windows\System\ciFrAbq.exe
  2⤵
  PID:8128
- C:\Windows\System\gsyTQyO.exe
  C:\Windows\System\gsyTQyO.exe
  2⤵
  PID:8152
- C:\Windows\System\aOGkrsT.exe
  C:\Windows\System\aOGkrsT.exe
  2⤵
  PID:6916
- C:\Windows\System\cJvqJzH.exe
  C:\Windows\System\cJvqJzH.exe
  2⤵
  PID:5248
- C:\Windows\System\lyZUvGG.exe
  C:\Windows\System\lyZUvGG.exe
  2⤵
  PID:2232
- C:\Windows\System\PwoWyUg.exe
  C:\Windows\System\PwoWyUg.exe
  2⤵
  PID:6576
- C:\Windows\System\nLGrclj.exe
  C:\Windows\System\nLGrclj.exe
  2⤵
  PID:7312
- C:\Windows\System\RzbXMDN.exe
  C:\Windows\System\RzbXMDN.exe
  2⤵
  PID:1612
- C:\Windows\System\srvwSgI.exe
  C:\Windows\System\srvwSgI.exe
  2⤵
  PID:6676
- C:\Windows\System\TErrVan.exe
  C:\Windows\System\TErrVan.exe
  2⤵
  PID:7208
- C:\Windows\System\UWJzhIl.exe
  C:\Windows\System\UWJzhIl.exe
  2⤵
  PID:7624
- C:\Windows\System\IQTDStO.exe
  C:\Windows\System\IQTDStO.exe
  2⤵
  PID:7396
- C:\Windows\System\jcIrQON.exe
  C:\Windows\System\jcIrQON.exe
  2⤵
  PID:8056
- C:\Windows\System\LvGJCYH.exe
  C:\Windows\System\LvGJCYH.exe
  2⤵
  PID:7568
- C:\Windows\System\LsIhZsh.exe
  C:\Windows\System\LsIhZsh.exe
  2⤵
  PID:8168
- C:\Windows\System\hhdwXYh.exe
  C:\Windows\System\hhdwXYh.exe
  2⤵
  PID:7656
- C:\Windows\System\HAsIoNk.exe
  C:\Windows\System\HAsIoNk.exe
  2⤵
  PID:7700
- C:\Windows\System\qOoReHc.exe
  C:\Windows\System\qOoReHc.exe
  2⤵
  PID:7024
- C:\Windows\System\dMZBPYk.exe
  C:\Windows\System\dMZBPYk.exe
  2⤵
  PID:6148
- C:\Windows\System\GctchwM.exe
  C:\Windows\System\GctchwM.exe
  2⤵
  PID:6956
- C:\Windows\System\CSpujJT.exe
  C:\Windows\System\CSpujJT.exe
  2⤵
  PID:6468
- C:\Windows\System\tBQNAjl.exe
  C:\Windows\System\tBQNAjl.exe
  2⤵
  PID:8204
- C:\Windows\System\JycxQXD.exe
  C:\Windows\System\JycxQXD.exe
  2⤵
  PID:8224
- C:\Windows\System\UfgSAtv.exe
  C:\Windows\System\UfgSAtv.exe
  2⤵
  PID:8248
- C:\Windows\System\YSIvNoZ.exe
  C:\Windows\System\YSIvNoZ.exe
  2⤵
  PID:8268
- C:\Windows\System\vJLxXnR.exe
  C:\Windows\System\vJLxXnR.exe
  2⤵
  PID:8288
- C:\Windows\System\NotpRpw.exe
  C:\Windows\System\NotpRpw.exe
  2⤵
  PID:8308
- C:\Windows\System\lmXnYiw.exe
  C:\Windows\System\lmXnYiw.exe
  2⤵
  PID:8328
- C:\Windows\System\OmVzDGW.exe
  C:\Windows\System\OmVzDGW.exe
  2⤵
  PID:8352
- C:\Windows\System\WmZlgUd.exe
  C:\Windows\System\WmZlgUd.exe
  2⤵
  PID:8372
- C:\Windows\System\MgwedQo.exe
  C:\Windows\System\MgwedQo.exe
  2⤵
  PID:8392
- C:\Windows\System\JfCPgRX.exe
  C:\Windows\System\JfCPgRX.exe
  2⤵
  PID:8412
- C:\Windows\System\mnWivAR.exe
  C:\Windows\System\mnWivAR.exe
  2⤵
  PID:8432
- C:\Windows\System\GPAzBTh.exe
  C:\Windows\System\GPAzBTh.exe
  2⤵
  PID:8448
- C:\Windows\System\gSEHEbw.exe
  C:\Windows\System\gSEHEbw.exe
  2⤵
  PID:8472
- C:\Windows\System\USDVCrt.exe
  C:\Windows\System\USDVCrt.exe
  2⤵
  PID:8492
- C:\Windows\System\luiJpRV.exe
  C:\Windows\System\luiJpRV.exe
  2⤵
  PID:8512
- C:\Windows\System\yclvxOw.exe
  C:\Windows\System\yclvxOw.exe
  2⤵
  PID:8532
- C:\Windows\System\jGjIByM.exe
  C:\Windows\System\jGjIByM.exe
  2⤵
  PID:8552
- C:\Windows\System\ofixPIi.exe
  C:\Windows\System\ofixPIi.exe
  2⤵
  PID:8572
- C:\Windows\System\PXxVBSJ.exe
  C:\Windows\System\PXxVBSJ.exe
  2⤵
  PID:8588
- C:\Windows\System\jIyszmZ.exe
  C:\Windows\System\jIyszmZ.exe
  2⤵
  PID:8604
- C:\Windows\System\hhWfIqQ.exe
  C:\Windows\System\hhWfIqQ.exe
  2⤵
  PID:8620
- C:\Windows\System\zIBeYVT.exe
  C:\Windows\System\zIBeYVT.exe
  2⤵
  PID:8636
- C:\Windows\System\PhYTwJe.exe
  C:\Windows\System\PhYTwJe.exe
  2⤵
  PID:8652
- C:\Windows\System\aGtyHSR.exe
  C:\Windows\System\aGtyHSR.exe
  2⤵
  PID:8668
- C:\Windows\System\jFRfGBD.exe
  C:\Windows\System\jFRfGBD.exe
  2⤵
  PID:8684
- C:\Windows\System\qTLJbHl.exe
  C:\Windows\System\qTLJbHl.exe
  2⤵
  PID:8712
- C:\Windows\System\BNjkMhc.exe
  C:\Windows\System\BNjkMhc.exe
  2⤵
  PID:8728
- C:\Windows\System\eCcMZSF.exe
  C:\Windows\System\eCcMZSF.exe
  2⤵
  PID:8752
- C:\Windows\System\FsMziEK.exe
  C:\Windows\System\FsMziEK.exe
  2⤵
  PID:8768
- C:\Windows\System\NRSQTHK.exe
  C:\Windows\System\NRSQTHK.exe
  2⤵
  PID:8784
- C:\Windows\System\CXeWycF.exe
  C:\Windows\System\CXeWycF.exe
  2⤵
  PID:8800
- C:\Windows\System\ElitkpN.exe
  C:\Windows\System\ElitkpN.exe
  2⤵
  PID:8816
- C:\Windows\System\ENjmcok.exe
  C:\Windows\System\ENjmcok.exe
  2⤵
  PID:8836
- C:\Windows\System\wzIkydh.exe
  C:\Windows\System\wzIkydh.exe
  2⤵
  PID:8856
- C:\Windows\System\IHNHWbQ.exe
  C:\Windows\System\IHNHWbQ.exe
  2⤵
  PID:8876
- C:\Windows\System\jwFrrvk.exe
  C:\Windows\System\jwFrrvk.exe
  2⤵
  PID:8896
- C:\Windows\System\YwTleIv.exe
  C:\Windows\System\YwTleIv.exe
  2⤵
  PID:8920
- C:\Windows\System\laofhSk.exe
  C:\Windows\System\laofhSk.exe
  2⤵
  PID:8956
- C:\Windows\System\hLAGrpx.exe
  C:\Windows\System\hLAGrpx.exe
  2⤵
  PID:8972
- C:\Windows\System\ypFhsRv.exe
  C:\Windows\System\ypFhsRv.exe
  2⤵
  PID:9024
- C:\Windows\System\jVnNvUX.exe
  C:\Windows\System\jVnNvUX.exe
  2⤵
  PID:9040
- C:\Windows\System\AbGxaCI.exe
  C:\Windows\System\AbGxaCI.exe
  2⤵
  PID:9072
- C:\Windows\System\yMBDhhg.exe
  C:\Windows\System\yMBDhhg.exe
  2⤵
  PID:9088
- C:\Windows\System\iUWgUXX.exe
  C:\Windows\System\iUWgUXX.exe
  2⤵
  PID:9104
- C:\Windows\System\clMXpxN.exe
  C:\Windows\System\clMXpxN.exe
  2⤵
  PID:9120
- C:\Windows\System\aEygxbQ.exe
  C:\Windows\System\aEygxbQ.exe
  2⤵
  PID:9136
- C:\Windows\System\mPIpigf.exe
  C:\Windows\System\mPIpigf.exe
  2⤵
  PID:9152
- C:\Windows\System\bHGpObi.exe
  C:\Windows\System\bHGpObi.exe
  2⤵
  PID:9168
- C:\Windows\System\vgOGJSz.exe
  C:\Windows\System\vgOGJSz.exe
  2⤵
  PID:9212
- C:\Windows\System\PoZfgut.exe
  C:\Windows\System\PoZfgut.exe
  2⤵
  PID:7364
- C:\Windows\System\dThquQX.exe
  C:\Windows\System\dThquQX.exe
  2⤵
  PID:7848
- C:\Windows\System\yVhBIYZ.exe
  C:\Windows\System\yVhBIYZ.exe
  2⤵
  PID:7836
- C:\Windows\System\DEHjeZb.exe
  C:\Windows\System\DEHjeZb.exe
  2⤵
  PID:7580
- C:\Windows\System\SpCdDGq.exe
  C:\Windows\System\SpCdDGq.exe
  2⤵
  PID:7400
- C:\Windows\System\xPqUhio.exe
  C:\Windows\System\xPqUhio.exe
  2⤵
  PID:8176
- C:\Windows\System\mEiwyCb.exe
  C:\Windows\System\mEiwyCb.exe
  2⤵
  PID:7276
- C:\Windows\System\RAehtDb.exe
  C:\Windows\System\RAehtDb.exe
  2⤵
  PID:8036
- C:\Windows\System\wSLumrp.exe
  C:\Windows\System\wSLumrp.exe
  2⤵
  PID:7456
- C:\Windows\System\QzzIeoT.exe
  C:\Windows\System\QzzIeoT.exe
  2⤵
  PID:8216
- C:\Windows\System\UHwXFCI.exe
  C:\Windows\System\UHwXFCI.exe
  2⤵
  PID:8200
- C:\Windows\System\QUcMhQm.exe
  C:\Windows\System\QUcMhQm.exe
  2⤵
  PID:8264
- C:\Windows\System\MJYSMVv.exe
  C:\Windows\System\MJYSMVv.exe
  2⤵
  PID:8280
- C:\Windows\System\yeKBvld.exe
  C:\Windows\System\yeKBvld.exe
  2⤵
  PID:8316
- C:\Windows\System\bWxFMVc.exe
  C:\Windows\System\bWxFMVc.exe
  2⤵
  PID:8336
- C:\Windows\System\psoUOyK.exe
  C:\Windows\System\psoUOyK.exe
  2⤵
  PID:8368
- C:\Windows\System\PtHjABw.exe
  C:\Windows\System\PtHjABw.exe
  2⤵
  PID:8424
- C:\Windows\System\obWaPZm.exe
  C:\Windows\System\obWaPZm.exe
  2⤵
  PID:8464
- C:\Windows\System\BngXjaI.exe
  C:\Windows\System\BngXjaI.exe
  2⤵
  PID:8480
- C:\Windows\System\BSYLdWI.exe
  C:\Windows\System\BSYLdWI.exe
  2⤵
  PID:8504
- C:\Windows\System\zJjTRnA.exe
  C:\Windows\System\zJjTRnA.exe
  2⤵
  PID:8524
- C:\Windows\System\boeNelH.exe
  C:\Windows\System\boeNelH.exe
  2⤵
  PID:8584
- C:\Windows\System\WVOsIPE.exe
  C:\Windows\System\WVOsIPE.exe
  2⤵
  PID:8568
- C:\Windows\System\QMIyhMe.exe
  C:\Windows\System\QMIyhMe.exe
  2⤵
  PID:8616
- C:\Windows\System\eGSGfDX.exe
  C:\Windows\System\eGSGfDX.exe
  2⤵
  PID:8648
- C:\Windows\System\AIigEGU.exe
  C:\Windows\System\AIigEGU.exe
  2⤵
  PID:8664
- C:\Windows\System\GAKPzKh.exe
  C:\Windows\System\GAKPzKh.exe
  2⤵
  PID:3040
- C:\Windows\System\zZyUjeb.exe
  C:\Windows\System\zZyUjeb.exe
  2⤵
  PID:8744
- C:\Windows\System\DKomhQI.exe
  C:\Windows\System\DKomhQI.exe
  2⤵
  PID:8792
- C:\Windows\System\hFzeIpW.exe
  C:\Windows\System\hFzeIpW.exe
  2⤵
  PID:8832
- C:\Windows\System\AFqeIAi.exe
  C:\Windows\System\AFqeIAi.exe
  2⤵
  PID:8848
- C:\Windows\System\QAdyDtG.exe
  C:\Windows\System\QAdyDtG.exe
  2⤵
  PID:8888
- C:\Windows\System\SsdMQPQ.exe
  C:\Windows\System\SsdMQPQ.exe
  2⤵
  PID:8932
- C:\Windows\System\pUlnsYb.exe
  C:\Windows\System\pUlnsYb.exe
  2⤵
  PID:8944
- C:\Windows\System\NgbrykY.exe
  C:\Windows\System\NgbrykY.exe
  2⤵
  PID:8968
- C:\Windows\System\XMujUGd.exe
  C:\Windows\System\XMujUGd.exe
  2⤵
  PID:9004
- C:\Windows\System\cHTJtKo.exe
  C:\Windows\System\cHTJtKo.exe
  2⤵
  PID:9008
- C:\Windows\System\loCmXGf.exe
  C:\Windows\System\loCmXGf.exe
  2⤵
  PID:9032
- C:\Windows\System\VIlzJkd.exe
  C:\Windows\System\VIlzJkd.exe
  2⤵
  PID:9056
- C:\Windows\System\wbGQFUZ.exe
  C:\Windows\System\wbGQFUZ.exe
  2⤵
  PID:2568
- C:\Windows\System\vSvMwdk.exe
  C:\Windows\System\vSvMwdk.exe
  2⤵
  PID:9112
- C:\Windows\System\JWemGMk.exe
  C:\Windows\System\JWemGMk.exe
  2⤵
  PID:9148
- C:\Windows\System\NZqpavQ.exe
  C:\Windows\System\NZqpavQ.exe
  2⤵
  PID:9132
- C:\Windows\System\cAMtqAV.exe
  C:\Windows\System\cAMtqAV.exe
  2⤵
  PID:9184
- C:\Windows\System\IzyhILI.exe
  C:\Windows\System\IzyhILI.exe
  2⤵
  PID:9200
- C:\Windows\System\UMeNtXu.exe
  C:\Windows\System\UMeNtXu.exe
  2⤵
  PID:1616
- C:\Windows\System\cABFIOY.exe
  C:\Windows\System\cABFIOY.exe
  2⤵
  PID:3020
- C:\Windows\System\NYMNYlR.exe
  C:\Windows\System\NYMNYlR.exe
  2⤵
  PID:2652
- C:\Windows\System\fRMOuiP.exe
  C:\Windows\System\fRMOuiP.exe
  2⤵
  PID:332
- C:\Windows\System\RikuDPE.exe
  C:\Windows\System\RikuDPE.exe
  2⤵
  PID:7924
- C:\Windows\System\wNNWfBc.exe
  C:\Windows\System\wNNWfBc.exe
  2⤵
  PID:7948
- C:\Windows\System\ibQkqsX.exe
  C:\Windows\System\ibQkqsX.exe
  2⤵
  PID:7084
- C:\Windows\System\nbnZRLM.exe
  C:\Windows\System\nbnZRLM.exe
  2⤵
  PID:2924
- C:\Windows\System\qhhDsZs.exe
  C:\Windows\System\qhhDsZs.exe
  2⤵
  PID:7920
- C:\Windows\System\uEDSJhD.exe
  C:\Windows\System\uEDSJhD.exe
  2⤵
  PID:8240
- C:\Windows\System\LvTWQEq.exe
  C:\Windows\System\LvTWQEq.exe
  2⤵
  PID:8256
- C:\Windows\System\HDVxsHs.exe
  C:\Windows\System\HDVxsHs.exe
  2⤵
  PID:8344
- C:\Windows\System\zMAvbqn.exe
  C:\Windows\System\zMAvbqn.exe
  2⤵
  PID:8428
- C:\Windows\System\WuysVge.exe
  C:\Windows\System\WuysVge.exe
  2⤵
  PID:8540
- C:\Windows\System\zLPyKVO.exe
  C:\Windows\System\zLPyKVO.exe
  2⤵
  PID:8488
- C:\Windows\System\fVAzGbS.exe
  C:\Windows\System\fVAzGbS.exe
  2⤵
  PID:8600
- C:\Windows\System\gMsDUsg.exe
  C:\Windows\System\gMsDUsg.exe
  2⤵
  PID:8632
- C:\Windows\System\vKmNngc.exe
  C:\Windows\System\vKmNngc.exe
  2⤵
  PID:8776
- C:\Windows\System\ybsXpTx.exe
  C:\Windows\System\ybsXpTx.exe
  2⤵
  PID:8844
- C:\Windows\System\JIggyyF.exe
  C:\Windows\System\JIggyyF.exe
  2⤵
  PID:8952
- C:\Windows\System\LNTTbgo.exe
  C:\Windows\System\LNTTbgo.exe
  2⤵
  PID:9048
- C:\Windows\System\zUFSves.exe
  C:\Windows\System\zUFSves.exe
  2⤵
  PID:8992
- C:\Windows\System\fmKbykP.exe
  C:\Windows\System\fmKbykP.exe
  2⤵
  PID:1408
- C:\Windows\System\GPEGpDv.exe
  C:\Windows\System\GPEGpDv.exe
  2⤵
  PID:316
- C:\Windows\System\nutRhYL.exe
  C:\Windows\System\nutRhYL.exe
  2⤵
  PID:2908
- C:\Windows\System\xxbfQtB.exe
  C:\Windows\System\xxbfQtB.exe
  2⤵
  PID:9144
- C:\Windows\System\OcfkAKq.exe
  C:\Windows\System\OcfkAKq.exe
  2⤵
  PID:9180
- C:\Windows\System\jHRBSwr.exe
  C:\Windows\System\jHRBSwr.exe
  2⤵
  PID:2824
- C:\Windows\System\zzZvUeE.exe
  C:\Windows\System\zzZvUeE.exe
  2⤵
  PID:1924
- C:\Windows\System\Mirfndt.exe
  C:\Windows\System\Mirfndt.exe
  2⤵
  PID:1560
- C:\Windows\System\gbtwJYn.exe
  C:\Windows\System\gbtwJYn.exe
  2⤵
  PID:2732
- C:\Windows\System\crGWvTA.exe
  C:\Windows\System\crGWvTA.exe
  2⤵
  PID:544
- C:\Windows\System\JNNARki.exe
  C:\Windows\System\JNNARki.exe
  2⤵
  PID:1868
- C:\Windows\System\BbnuroX.exe
  C:\Windows\System\BbnuroX.exe
  2⤵
  PID:2532
- C:\Windows\System\XZSCwpl.exe
  C:\Windows\System\XZSCwpl.exe
  2⤵
  PID:2724
- C:\Windows\System\eessqyA.exe
  C:\Windows\System\eessqyA.exe
  2⤵
  PID:7992
- C:\Windows\System\abzLeDF.exe
  C:\Windows\System\abzLeDF.exe
  2⤵
  PID:8232
- C:\Windows\System\xKrjjVR.exe
  C:\Windows\System\xKrjjVR.exe
  2⤵
  PID:3236
- C:\Windows\System\FLjuzxb.exe
  C:\Windows\System\FLjuzxb.exe
  2⤵
  PID:8500
- C:\Windows\System\gZmZiXc.exe
  C:\Windows\System\gZmZiXc.exe
  2⤵
  PID:8628
- C:\Windows\System\oaIBQiz.exe
  C:\Windows\System\oaIBQiz.exe
  2⤵
  PID:8484
- C:\Windows\System\CPMvRra.exe
  C:\Windows\System\CPMvRra.exe
  2⤵
  PID:9000
- C:\Windows\System\PRcciwW.exe
  C:\Windows\System\PRcciwW.exe
  2⤵
  PID:8780
- C:\Windows\System\jUDCAWe.exe
  C:\Windows\System\jUDCAWe.exe
  2⤵
  PID:8892
- C:\Windows\System\XTtsdnX.exe
  C:\Windows\System\XTtsdnX.exe
  2⤵
  PID:8940
- C:\Windows\System\HujXagn.exe
  C:\Windows\System\HujXagn.exe
  2⤵
  PID:8984
- C:\Windows\System\dMOGpOW.exe
  C:\Windows\System\dMOGpOW.exe
  2⤵
  PID:9068
- C:\Windows\System\tUDphCV.exe
  C:\Windows\System\tUDphCV.exe
  2⤵
  PID:9116
- C:\Windows\System\MABUdse.exe
  C:\Windows\System\MABUdse.exe
  2⤵
  PID:2024
- C:\Windows\System\VKsuBkX.exe
  C:\Windows\System\VKsuBkX.exe
  2⤵
  PID:4188
- C:\Windows\System\TUhWeoi.exe
  C:\Windows\System\TUhWeoi.exe
  2⤵
  PID:1700
- C:\Windows\System\AksjnMB.exe
  C:\Windows\System\AksjnMB.exe
  2⤵
  PID:2844
- C:\Windows\System\IXsbrBq.exe
  C:\Windows\System\IXsbrBq.exe
  2⤵
  PID:6740
- C:\Windows\System\VZHBFNr.exe
  C:\Windows\System\VZHBFNr.exe
  2⤵
  PID:8304
- C:\Windows\System\NYUXfPx.exe
  C:\Windows\System\NYUXfPx.exe
  2⤵
  PID:8380
- C:\Windows\System\QcpInrB.exe
  C:\Windows\System\QcpInrB.exe
  2⤵
  PID:8528
- C:\Windows\System\DmBFsMX.exe
  C:\Windows\System\DmBFsMX.exe
  2⤵
  PID:2976
- C:\Windows\System\YljBMBp.exe
  C:\Windows\System\YljBMBp.exe
  2⤵
  PID:8696
- C:\Windows\System\jDDwJyc.exe
  C:\Windows\System\jDDwJyc.exe
  2⤵
  PID:2272
- C:\Windows\System\VggLcMu.exe
  C:\Windows\System\VggLcMu.exe
  2⤵
  PID:2808
- C:\Windows\System\nVPexCp.exe
  C:\Windows\System\nVPexCp.exe
  2⤵
  PID:2264
- C:\Windows\System\JJHFiPU.exe
  C:\Windows\System\JJHFiPU.exe
  2⤵
  PID:1364
- C:\Windows\System\XHlHvug.exe
  C:\Windows\System\XHlHvug.exe
  2⤵
  PID:7880
- C:\Windows\System\JWORlmD.exe
  C:\Windows\System\JWORlmD.exe
  2⤵
  PID:8284
- C:\Windows\System\FxHobMH.exe
  C:\Windows\System\FxHobMH.exe
  2⤵
  PID:1796
- C:\Windows\System\sDaeBsu.exe
  C:\Windows\System\sDaeBsu.exe
  2⤵
  PID:8928
- C:\Windows\System\vyQaNWb.exe
  C:\Windows\System\vyQaNWb.exe
  2⤵
  PID:9060
- C:\Windows\System\SehiNFR.exe
  C:\Windows\System\SehiNFR.exe
  2⤵
  PID:7748
- C:\Windows\System\wOfvMah.exe
  C:\Windows\System\wOfvMah.exe
  2⤵
  PID:9196
- C:\Windows\System\zGITPMC.exe
  C:\Windows\System\zGITPMC.exe
  2⤵
  PID:8748
- C:\Windows\System\waOzHtR.exe
  C:\Windows\System\waOzHtR.exe
  2⤵
  PID:3944
- C:\Windows\System\GvmYqeh.exe
  C:\Windows\System\GvmYqeh.exe
  2⤵
  PID:2252
- C:\Windows\System\bfYVGfy.exe
  C:\Windows\System\bfYVGfy.exe
  2⤵
  PID:1084
- C:\Windows\System\OxqEAGr.exe
  C:\Windows\System\OxqEAGr.exe
  2⤵
  PID:8220
- C:\Windows\System\ZXuWcUH.exe
  C:\Windows\System\ZXuWcUH.exe
  2⤵
  PID:8444
- C:\Windows\System\KYQNNEe.exe
  C:\Windows\System\KYQNNEe.exe
  2⤵
  PID:1484
- C:\Windows\System\VGPVwMc.exe
  C:\Windows\System\VGPVwMc.exe
  2⤵
  PID:9220
- C:\Windows\System\Jddzeoe.exe
  C:\Windows\System\Jddzeoe.exe
  2⤵
  PID:9248
- C:\Windows\System\lOkqROm.exe
  C:\Windows\System\lOkqROm.exe
  2⤵
  PID:9296
- C:\Windows\System\KvhSISB.exe
  C:\Windows\System\KvhSISB.exe
  2⤵
  PID:9312
- C:\Windows\System\RhJKwBj.exe
  C:\Windows\System\RhJKwBj.exe
  2⤵
  PID:9328
- C:\Windows\System\rwqRrbN.exe
  C:\Windows\System\rwqRrbN.exe
  2⤵
  PID:9344
- C:\Windows\System\OPWbJTn.exe
  C:\Windows\System\OPWbJTn.exe
  2⤵
  PID:9360
- C:\Windows\System\fQptmEE.exe
  C:\Windows\System\fQptmEE.exe
  2⤵
  PID:9376
- C:\Windows\System\olIjHvS.exe
  C:\Windows\System\olIjHvS.exe
  2⤵
  PID:9392
- C:\Windows\System\fspVKvd.exe
  C:\Windows\System\fspVKvd.exe
  2⤵
  PID:9408
- C:\Windows\System\cPPToQy.exe
  C:\Windows\System\cPPToQy.exe
  2⤵
  PID:9424
- C:\Windows\System\QHRqHcC.exe
  C:\Windows\System\QHRqHcC.exe
  2⤵
  PID:9456
- C:\Windows\System\hxsLDfI.exe
  C:\Windows\System\hxsLDfI.exe
  2⤵
  PID:9480
- C:\Windows\System\FqpvBuW.exe
  C:\Windows\System\FqpvBuW.exe
  2⤵
  PID:9496
- C:\Windows\System\IDDhMNF.exe
  C:\Windows\System\IDDhMNF.exe
  2⤵
  PID:9516
- C:\Windows\System\fHxgxCB.exe
  C:\Windows\System\fHxgxCB.exe
  2⤵
  PID:9536
- C:\Windows\System\sBCRPMx.exe
  C:\Windows\System\sBCRPMx.exe
  2⤵
  PID:9552
- C:\Windows\System\eTNvKzw.exe
  C:\Windows\System\eTNvKzw.exe
  2⤵
  PID:9596
- C:\Windows\System\XTucPXj.exe
  C:\Windows\System\XTucPXj.exe
  2⤵
  PID:9616
- C:\Windows\System\vPDFucN.exe
  C:\Windows\System\vPDFucN.exe
  2⤵
  PID:9640
- C:\Windows\System\hEgHifO.exe
  C:\Windows\System\hEgHifO.exe
  2⤵
  PID:9664
- C:\Windows\System\DgCPPps.exe
  C:\Windows\System\DgCPPps.exe
  2⤵
  PID:9680
- C:\Windows\System\fDsSSTe.exe
  C:\Windows\System\fDsSSTe.exe
  2⤵
  PID:9700
- C:\Windows\System\VXhVxeC.exe
  C:\Windows\System\VXhVxeC.exe
  2⤵
  PID:9716
- C:\Windows\System\OscgNQF.exe
  C:\Windows\System\OscgNQF.exe
  2⤵
  PID:9736
- C:\Windows\System\meOyvTT.exe
  C:\Windows\System\meOyvTT.exe
  2⤵
  PID:9752
- C:\Windows\System\aIgmQdt.exe
  C:\Windows\System\aIgmQdt.exe
  2⤵
  PID:9772
- C:\Windows\System\WMPKfSV.exe
  C:\Windows\System\WMPKfSV.exe
  2⤵
  PID:9788
- C:\Windows\System\qzARXtr.exe
  C:\Windows\System\qzARXtr.exe
  2⤵
  PID:9808
- C:\Windows\System\icwkhKv.exe
  C:\Windows\System\icwkhKv.exe
  2⤵
  PID:9832
- C:\Windows\System\sorVrTT.exe
  C:\Windows\System\sorVrTT.exe
  2⤵
  PID:9896
- C:\Windows\System\VSpCnDV.exe
  C:\Windows\System\VSpCnDV.exe
  2⤵
  PID:9928
- C:\Windows\System\hgjMzEs.exe
  C:\Windows\System\hgjMzEs.exe
  2⤵
  PID:9944
- C:\Windows\System\jCLIhuV.exe
  C:\Windows\System\jCLIhuV.exe
  2⤵
  PID:9960
- C:\Windows\System\HKfQRwE.exe
  C:\Windows\System\HKfQRwE.exe
  2⤵
  PID:9980
- C:\Windows\System\RvuOImH.exe
  C:\Windows\System\RvuOImH.exe
  2⤵
  PID:10000
- C:\Windows\System\srNTwQR.exe
  C:\Windows\System\srNTwQR.exe
  2⤵
  PID:10024
- C:\Windows\System\fSwOshw.exe
  C:\Windows\System\fSwOshw.exe
  2⤵
  PID:10044
- C:\Windows\System\ldJdAmr.exe
  C:\Windows\System\ldJdAmr.exe
  2⤵
  PID:10064
- C:\Windows\System\aYRCIrO.exe
  C:\Windows\System\aYRCIrO.exe
  2⤵
  PID:10084
- C:\Windows\System\yLmKVqi.exe
  C:\Windows\System\yLmKVqi.exe
  2⤵
  PID:10100
- C:\Windows\System\ANPKUzp.exe
  C:\Windows\System\ANPKUzp.exe
  2⤵
  PID:10116
- C:\Windows\System\bPfsoag.exe
  C:\Windows\System\bPfsoag.exe
  2⤵
  PID:10132
- C:\Windows\System\hDBhBDA.exe
  C:\Windows\System\hDBhBDA.exe
  2⤵
  PID:10148
- C:\Windows\System\NxudLsG.exe
  C:\Windows\System\NxudLsG.exe
  2⤵
  PID:10164
- C:\Windows\System\rBVPWmg.exe
  C:\Windows\System\rBVPWmg.exe
  2⤵
  PID:10204
- C:\Windows\System\owSLxtB.exe
  C:\Windows\System\owSLxtB.exe
  2⤵
  PID:10224
- C:\Windows\System\aWbiyiD.exe
  C:\Windows\System\aWbiyiD.exe
  2⤵
  PID:7784
- C:\Windows\System\kGoFLIH.exe
  C:\Windows\System\kGoFLIH.exe
  2⤵
  PID:9020
- C:\Windows\System\UGnoHnF.exe
  C:\Windows\System\UGnoHnF.exe
  2⤵
  PID:9264
- C:\Windows\System\ryshWFB.exe
  C:\Windows\System\ryshWFB.exe
  2⤵
  PID:9244
- C:\Windows\System\JSRrilP.exe
  C:\Windows\System\JSRrilP.exe
  2⤵
  PID:9324
- C:\Windows\System\jxwMqmT.exe
  C:\Windows\System\jxwMqmT.exe
  2⤵
  PID:9388
- C:\Windows\System\kBLgpkf.exe
  C:\Windows\System\kBLgpkf.exe
  2⤵
  PID:9464
- C:\Windows\System\AkDGhmm.exe
  C:\Windows\System\AkDGhmm.exe
  2⤵
  PID:8320
- C:\Windows\System\CPcuSFx.exe
  C:\Windows\System\CPcuSFx.exe
  2⤵
  PID:9452
- C:\Windows\System\hUFOYpY.exe
  C:\Windows\System\hUFOYpY.exe
  2⤵
  PID:9528
- C:\Windows\System\ESGjbWs.exe
  C:\Windows\System\ESGjbWs.exe
  2⤵
  PID:9532
- C:\Windows\System\uBpjypr.exe
  C:\Windows\System\uBpjypr.exe
  2⤵
  PID:9564
- C:\Windows\System\ccHDHSX.exe
  C:\Windows\System\ccHDHSX.exe
  2⤵
  PID:9580
- C:\Windows\System\pEgrbvr.exe
  C:\Windows\System\pEgrbvr.exe
  2⤵
  PID:9604
- C:\Windows\System\nLaepqq.exe
  C:\Windows\System\nLaepqq.exe
  2⤵
  PID:9624
- C:\Windows\System\VFBcRTY.exe
  C:\Windows\System\VFBcRTY.exe
  2⤵
  PID:9628
- C:\Windows\System\CIxFPAI.exe
  C:\Windows\System\CIxFPAI.exe
  2⤵
  PID:9696
- C:\Windows\System\ylJlGct.exe
  C:\Windows\System\ylJlGct.exe
  2⤵
  PID:9712
- C:\Windows\System\FiysbMY.exe
  C:\Windows\System\FiysbMY.exe
  2⤵
  PID:9732
- C:\Windows\System\wIljSFm.exe
  C:\Windows\System\wIljSFm.exe
  2⤵
  PID:9760
- C:\Windows\System\qDarRYa.exe
  C:\Windows\System\qDarRYa.exe
  2⤵
  PID:9524
- C:\Windows\System\TyzZHQS.exe
  C:\Windows\System\TyzZHQS.exe
  2⤵
  PID:9820
- C:\Windows\System\HnQOtXd.exe
  C:\Windows\System\HnQOtXd.exe
  2⤵
  PID:9844
- C:\Windows\System\IBDJKrb.exe
  C:\Windows\System\IBDJKrb.exe
  2⤵
  PID:9892
- C:\Windows\System\KcWjVrC.exe
  C:\Windows\System\KcWjVrC.exe
  2⤵
  PID:9876
- C:\Windows\System\rSLlEmY.exe
  C:\Windows\System\rSLlEmY.exe
  2⤵
  PID:9924
- C:\Windows\System\IKErpsu.exe
  C:\Windows\System\IKErpsu.exe
  2⤵
  PID:9972
- C:\Windows\System\UrAgIZN.exe
  C:\Windows\System\UrAgIZN.exe
  2⤵
  PID:10012
- C:\Windows\System\BsRAxpl.exe
  C:\Windows\System\BsRAxpl.exe
  2⤵
  PID:9988
- C:\Windows\System\oHlZIMZ.exe
  C:\Windows\System\oHlZIMZ.exe
  2⤵
  PID:10040
- C:\Windows\System\kLYUnVv.exe
  C:\Windows\System\kLYUnVv.exe
  2⤵
  PID:9908
- C:\Windows\System\MHGpMbC.exe
  C:\Windows\System\MHGpMbC.exe
  2⤵
  PID:10016
- C:\Windows\System\qbikyii.exe
  C:\Windows\System\qbikyii.exe
  2⤵
  PID:10176
- C:\Windows\System\LxaNeyI.exe
  C:\Windows\System\LxaNeyI.exe
  2⤵
  PID:10232
- C:\Windows\System\SxXYVIz.exe
  C:\Windows\System\SxXYVIz.exe
  2⤵
  PID:10160
- C:\Windows\System\jKBZwzS.exe
  C:\Windows\System\jKBZwzS.exe
  2⤵
  PID:10216
- C:\Windows\System\fsTrtgs.exe
  C:\Windows\System\fsTrtgs.exe
  2⤵
  PID:9400
- C:\Windows\System\EGcXtBV.exe
  C:\Windows\System\EGcXtBV.exe
  2⤵
  PID:9356
- C:\Windows\System\NwWtSwx.exe
  C:\Windows\System\NwWtSwx.exe
  2⤵
  PID:9492
- C:\Windows\System\JaVhdVI.exe
  C:\Windows\System\JaVhdVI.exe
  2⤵
  PID:9420
- C:\Windows\System\oYMPrqo.exe
  C:\Windows\System\oYMPrqo.exe
  2⤵
  PID:9276
- C:\Windows\System\VmDarZu.exe
  C:\Windows\System\VmDarZu.exe
  2⤵
  PID:9868
- C:\Windows\System\jhXfvJG.exe
  C:\Windows\System\jhXfvJG.exe
  2⤵
  PID:9676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AQOXYwQ.exe

Filesize
6.0MB

MD5
2b6f504ec977c49d0290006ed9d38cc5

SHA1
d2fc896510cf04842c18020a1f05df3d20dd8ade

SHA256
0fb735810e4ec20883ee70f2d7fa5ef38a9ccebc3ee68583554a0cff08e996a6

SHA512
0249b81f4cad6988b7db07fcd9475ab3eef920c229564a13707d31839f060c1e658f940efd9d0e3fbeff6da6902c7d5701e4bab7382be016594507b7c35a07c4

Download Submit
C:\Windows\system\CkIAiLJ.exe

Filesize
6.0MB

MD5
7872edad74f31cad0843da1e8a5c363c

SHA1
c119bae5f680c6084e012acb42b075db50ed4b4c

SHA256
e268f1c51935a9db80cfd7460ab05d56e1d13e74381332abe2f48dd75acba39d

SHA512
55829080990c5d5844ca4f70f96a7c568d5e1bc87e8824cddbb917c1dc001806f3bf5840d2815429958e5a38d49592f2c9639fab55928b61c986a10b0068ecda

Download Submit
C:\Windows\system\DGzYtek.exe

Filesize
6.0MB

MD5
fa89b687a8207d2c4d5720bd3fcf7bed

SHA1
e2f134a1764fb849431537ab448cc6f92aaf38d0

SHA256
01d14a3b71c9109debb98a199a0ff73a964eada24f91a7cbb1aff2ef51b0d71b

SHA512
e9ca88730d9c867ddf41151b7d0b882b34a94373814a16da3eec2386ab9362697d82833b46a63184e957406c613a34f8895683657806c7df417ffd5e183611a4

Download Submit
C:\Windows\system\DKyLZrl.exe

Filesize
6.0MB

MD5
6c4ec0c22a3a25d75653483e8cc4f71f

SHA1
1587e2c0f66b7df6ba841d2239fe67574e9a01b5

SHA256
de165e49524520f1f049f1c019ff378b046e40ad66999d2a434ec6a947455bb3

SHA512
47987dffa93df20bd9e832c59b4fa87df6dc827b96f6b9b0bbdce439b5d6698e777bba551173ad984955fc56fb0d1f519e75db724ccae005c2ed460064abde96

Download Submit
C:\Windows\system\ENiFaYj.exe

Filesize
6.0MB

MD5
e8e69ef3b1802135613dabca8c3b3714

SHA1
d55987167ad60731a82f1a7243b3a8757e21bbdf

SHA256
1310a5f7fc410a2d0c8e88989fbf9c2435923683d28b25e445b7bd5b13703366

SHA512
81656d3c4c8c9ba864a97ab039ba61299a65ed7184bd8e835f5f554fcca1d274505873c4f4281da54e55b0531350e16599f5993bcbd79335efddc8123112538c

Download Submit
C:\Windows\system\EQgIuGV.exe

Filesize
6.0MB

MD5
3784d83016fc447796587725d9430cd8

SHA1
69a35921c9fa0f3982ead6fd3bfaf0455e6f5070

SHA256
35f865d8e6204afffa6af0f8463ec3d876de5b2dfc2b53f179257922a71c13e0

SHA512
cc1d59940f96c8b6f328141a11c9e04ea580b24bd58895f840c47cc73dd3444151a06e7ed1eb98cd478ec3e02434ce3ef50dbad981fc4de4843db035447709cb

Download Submit
C:\Windows\system\EafYmyI.exe

Filesize
6.0MB

MD5
c54a643c0cd68d53ba20ab5dd08aa45e

SHA1
da9e9fc3004118bf8f3e1694b976eb1299309d3d

SHA256
a46a7806ad720436349695e1d4e1baa3d78f627030ae38a863dd299a102936b2

SHA512
e7830d32d9680e97cee3201e152abee67a45180c46347f54109dce70c493e1b3779a967a460a3e4c45457387ea3847d45c3ed4eff5e273d7a9883d3c7b8e0da3

Download Submit
C:\Windows\system\GIBFNfY.exe

Filesize
6.0MB

MD5
1370e830b9444b4cf7c84f8e4cba8873

SHA1
17d2359ec35638aae3f88f4cf62d04136c41e855

SHA256
e1255feecd0f1c89a683033192e52cee25577fbee2394671638ecb0fb8125a16

SHA512
636133a3573ecc3b0c0d1f315326a94bbf8dd14036398cf360b5cf947e847420621e8c3a00d1ca056034e7cc24890daeb3bb0db16e1f352378c572cc9253e7a2

Download Submit
C:\Windows\system\MbVBOCF.exe

Filesize
6.0MB

MD5
77a46f0b331f80459d2f74c670574c51

SHA1
f566c5289335721eef3611e2a1cb902adcb1af20

SHA256
e1e5235513744ab8e2a2391841f882a1e4710c875117e8aaa92a586a2d477c42

SHA512
c2d9f4ad0cd3dca47fe095dc2ebfbe6d1146e742628ffa15505e332599ace773c72fa9fe99e36c12fcdb9b63c09c14f357efb0436b7d68f3ccffecb9d99f7fea

Download Submit
C:\Windows\system\NQOWKoe.exe

Filesize
6.0MB

MD5
e2e28ec28a145ed570b2a1027df93faf

SHA1
6b5a7eecc37bf4154d1dec92e4eed049ad9c0800

SHA256
fc80cb0b44b914d75964d26c0e85c488827b1c4306aa5201d79cd6897f37a44d

SHA512
276a9861ac7839c08a8ce7cfc8b84b42164ce1bbaa2d716a39d0a8e321bf80954661922c4b282765041ee8af85b62ea89a784ec03f6d551b742fd8e4ac18b5c4

Download Submit
C:\Windows\system\Orgojug.exe

Filesize
6.0MB

MD5
6845c43845973d2608df1bd2be5ef864

SHA1
2564ca0791d77f0335b0d1703d86e1adef4b4e02

SHA256
e9c0b1f3b1025ccd0d69841fad0187a19b9940d957eafe6a0f1f43596f29996a

SHA512
3f123e1dc5c2984026279f857e2edd717de44f0f68fddbcbe28a4b78ef90e9f6ce5832b92ee2ffe2b6f4660abf2aa4cd2bdb16ab4c6f4627b9a3b7fbe84d1f8b

Download Submit
C:\Windows\system\PyrBjuh.exe

Filesize
6.0MB

MD5
362ecf5444844d9d02b46f1f60957e6a

SHA1
4f1e0bf2be61487cd8b6dd8d2243a7ea1ec46055

SHA256
0cfbca4a6e5e8dc0dc04d9adea9ba4ddca26a8560bf841fb95c9590d05cd1986

SHA512
323ee04ab64ed148b31a5af504d1c676b5cdc565486ca9696f003a4dfabc051bd4b555dc0a67517cc2c17e3e072c62e424daa71fe3289c4ab9629c025135ca83

Download Submit
C:\Windows\system\SuGezxf.exe

Filesize
6.0MB

MD5
26a80121d86d10e6c10a3923498ab44e

SHA1
a7d4375790f07685e1d828636a2bf687b2c77634

SHA256
d769c1294a76b55b50ee463a085f1e329022c1fb7b36f88732de3313bb964441

SHA512
906c81b3265609ca9529033e350c9ba1ff0a85c898e8edea7f7471e539a4de74e2a5765d933b2b3d426e17d8dc4415149aa54996ae4051666b46e4253e7780dc

Download Submit
C:\Windows\system\SvqocCG.exe

Filesize
6.0MB

MD5
c4bfa60a58b798fc2f75c1233dcc917e

SHA1
d40c408eabd4c3658220a7bc9d20eea40f462f48

SHA256
0bda451da9c6463d3fdae5c7572418bd0e23633bbba61ccb552e3dbd79650d81

SHA512
4d961ecc55282f1f9168230dea80a229d07e42ad840c87e56fddd6c867bdef4ce144d2bc863edfeda18948de41f4f4ade32ec9a82cd4a59742829228c25c2bb9

Download Submit
C:\Windows\system\TKxhzZz.exe

Filesize
6.0MB

MD5
95c0b162be4475398f0c1bf95d0b17f0

SHA1
007ccc46aebbe63668db6c576e54405de08a321c

SHA256
6c75ea553c07dd18a04a94ef8e7c42470395c5da42b6f030cacb85fb031b8839

SHA512
fdc86abfd724fdf19281cda19fafca90ebec5040109a005a008862559403e4db376c6bc1c4090b8dad50f3e08c87cd5873f65b5b4ee450c23d16cc1c135f792c

Download Submit
C:\Windows\system\TXkulft.exe

Filesize
6.0MB

MD5
ea05dcbeb96bbe7f5a6fb2a7bbfff36b

SHA1
74109b6beff5022f8a636bf4e7be90f06ece532a

SHA256
fbf3f52f3a6d771e53078b5a0dfc4dfce608e1888db5e5233e8b8a5ffbc640db

SHA512
b29047e90206aeabcd15d5aa219058e50ea0cbe36c0788bdbd3a2a1bb16141569f8545ecd2fb8d6da6c17f5dcdf1c95bd0070fe978c62764457f35485f6fe6b5

Download Submit
C:\Windows\system\WbQMVVQ.exe

Filesize
6.0MB

MD5
001db35b9a3f6a0f63216615889a53ef

SHA1
001c58795ff6e7c673932f178f6f26211b2c05b4

SHA256
2e6610a7fc3e7d795737afb6c43b29a8bd65febf2f66235fb68a54bb6ec78337

SHA512
afc751ed3d533d79a232977a5b303904fae793368730b17fd8798a935d695d43193a6bee4b8899ea75791253a12f48c1ec91c8c4617bb28c62394bf883f9b6dc

Download Submit
C:\Windows\system\XGvjHaq.exe

Filesize
6.0MB

MD5
bb422114d4b245e9fbf87e1d44487771

SHA1
798308cf83697840b4b23b7aab6a99b952b6fded

SHA256
dd84cb9363dc8ffe9d162f48623cbd07654380f42ad10d08d9107ce11b961cd1

SHA512
d495b86ea75669e91a61e7d2865c2a97df9b31215e115fd510f607e42de7d8be4a47524759a7d671aa8a19c11fe1c69f32d92042ad0136eb74f95f42c3df24ee

Download Submit
C:\Windows\system\aIMPMAS.exe

Filesize
6.0MB

MD5
1e4b34900df5a03f68803f0dda378241

SHA1
a6cf812787e3ffdef48dc4cd6c280cfbd223bff2

SHA256
2c22e63ca6dbd223906d6a9ab837f076d107c7f85382dfa719076c18638431fe

SHA512
73b33d826c31eb108c8a19687bee9c0827296a60e769c81aa44027ca7336769a9e120afc0d858031ed8ca7687453ecfb0008f2fd24093cdce7781de273cd9b91

Download Submit
C:\Windows\system\bAAXQCu.exe

Filesize
6.0MB

MD5
7d3efef6ac45aac79ded20cae8607e9d

SHA1
6eb5b842ce0aae97ed58001f035ef66ea3c52453

SHA256
e9d144aa6d01c7f183a89e118ad528c6afb2967047a8b6717df295960978ab2f

SHA512
b27678d35472467ee3ae0a4e0a49b727ea1808a129eaf6bdffbc24ac2ee96cfa7f212f812df0b064e6f18381bec1c5b32efb5c7d64a264b01ea22847349fee4f

Download Submit
C:\Windows\system\eoYgGaN.exe

Filesize
6.0MB

MD5
1766481b98a0a850d3eef78dbcab4b3f

SHA1
213787758f4786198194c7ab116f61bd9b9858a2

SHA256
dc7b6db3d6ed86a60fd381e7a5425a6efc1af92ebe2dffba58da9f70428ade76

SHA512
f04945c4bb423053c9ae7eebcc01460365749c981fa2c77dd98475850ea851cc73910bb7990f84448ee6b9498872bbabf22208519a3984b111c3b27e085223bc

Download Submit
C:\Windows\system\gThSMGF.exe

Filesize
6.0MB

MD5
6fa91aa892be8a6cdb406c64107119c5

SHA1
3ed37d573547376cec567c5bc33c4fc5cd403387

SHA256
d341603b8a72283aa39c30c443ccee58608350c53f12236f94056bdc90774589

SHA512
deb36e72ede4f899474b46e8b5e9e2895acfe2f23002d8675740139780ed20896208f75e4c980f1760e5c2958231bbcba471fb62bd7df2b4c648695115e2d0e6

Download Submit
C:\Windows\system\iRVaHiL.exe

Filesize
6.0MB

MD5
740519eefd5bc8fb7479edc9eacba098

SHA1
2c1cc135b73f918704a8b13932dc001ea04fac1c

SHA256
80571e1d0158cca97fa4de2988434ddd77e8d8ac956d5d2fee253dc7d4c87cf5

SHA512
478a08a66f543f9ba10c79059c04dfc153c8625c67a1d49278e56362d097605bf797e9ec552684cd32b8a7b81afd3d1a4049a815d4478e0638adc691b070b4e2

Download Submit
C:\Windows\system\kBkvWCN.exe

Filesize
6.0MB

MD5
8e3b26d96b7e175a42900438f1b7602b

SHA1
8cdbde6dbd0da6acdfcf26f4fc50f925485d59c8

SHA256
250565115ae0788967cc8b4302ec50958f57986cfe0c9034c4820623262b5770

SHA512
c0fd0c8b5ed2b99c975d325b3111455026623a27b234d1be2aeddba5c4cf6f479a400b776db71d86ad40a9ca120cd491c8d84382b956455c68e6723008dec28a

Download Submit
C:\Windows\system\nkWYumv.exe

Filesize
6.0MB

MD5
50e35996ae0dd86a92d6bb11ac3d3069

SHA1
b837db0e1ace37e44e47eead6925386760d03c0c

SHA256
8a966192885e98ba98e1bfec31a20b0218e4163ad7c2a723ce2ff30c191fe3d7

SHA512
f54abd31c3b690fb22cc709955ee7c8ff0051334bbd4693d114e389697e93745f4f4a091fc7f5477e27b615b701df4af989096115fe6e5b7713eed58aa3b3714

Download Submit
C:\Windows\system\vZrqdOT.exe

Filesize
6.0MB

MD5
9af44e500ded9c3b3c5df61562465ea2

SHA1
2e490eda113982a5fc72871502ffe649fcd11973

SHA256
bf13541cc273c0170fa852453c978ff4dd6821637757d13c2fae75d45d0f8834

SHA512
9a0ca9158bb70ca15cbce5a104667c225e51aae47c3b7c63deaecd0811598f64c5ba24aadc90a4d056b1e113f832464f6554e1e1bad3d9623debe2e6a3f4a1cf

Download Submit
C:\Windows\system\yVgNdPu.exe

Filesize
6.0MB

MD5
03a7d900c4b1f5cf05b7c1df695c68a8

SHA1
9f5ea04a751fd082e2138f3b22cfd33778529686

SHA256
b9b536226026cd1e061a6f4ee911df7f39e45223b6a9d15c66ebeaa4f78dd6a1

SHA512
4978a3067db450f639e3f15d41c725abe295147350c4f730e105881706cbf747e946075a0f9f2306951e21b3569fbdf68eb6f7c8ec04362d614571148449a544

Download Submit
\Windows\system\SIgDKMl.exe

Filesize
6.0MB

MD5
c9017ebfeefcada5a8d5ba4b58b6b13b

SHA1
625939034873d190e3b38f81a641bf408af3e9d8

SHA256
bae2897d066e17fb4ccf3b7505543d58d8cf456026b342e7a80db27f8cddaa87

SHA512
def7e9d32c2259a3e698019e770d959bdedd34dd502857f5a100c1ff437bc780969673e41f22b344d7374ad60b3b21a0bc18c662ed73b6790b16cc41736a84f5

Download Submit
\Windows\system\ZuZABAc.exe

Filesize
6.0MB

MD5
8896ac6d5aef3d76c1d2a8c02b0bbb70

SHA1
c9c23b92253a452497eaea55590f292c9891c7e4

SHA256
7fa9793b7db9ef1d7d542ff103415d59959fde48af79fe870e98e160eb90a310

SHA512
7ab792431cfb54d4835760355f761713b41b6c2a9e4eecf2b4ecbe03202bfc84a5edd4c039c654bc9f3da997862f73552a442d8a407d29cb82961c33febb35b9

Download Submit
\Windows\system\aoCvcUk.exe

Filesize
6.0MB

MD5
fd65bf3fd7f4b8a39406a55dbbaa1dae

SHA1
8d17c1c45325e431528f459c933b351050a12bba

SHA256
7476f11232dff069e443afc02eb63b1ce11d1e7f6c29a9eb874487ff42533be5

SHA512
b10a0140b4744a900e847cf696eb9c7514cae17ad0cdddff14b5bc29b4efd6f0773eca0d4e6e009d52d6ab154873dc9c39a70a9e975701111617bdc0182a1b54

Download Submit
\Windows\system\omhOxfU.exe

Filesize
6.0MB

MD5
eb5105f9e6b262678daa0ab7fe93c52e

SHA1
13ab029389aee78d9aa7891b180a94d37313d55a

SHA256
37245ba7d2dc939eaa870abc1956ab8f359d319e3c1e7ffaaee0fab4ee94598d

SHA512
53a37d3c01f2763d6842b6c6b345ceb4e0969874276bf20ed9e8188c50c407fa6cc92d213752b58751b28a3601e3a8d05f55aa4862cb4f3978508e2e5a82e53a

Download Submit
\Windows\system\sJBoCUp.exe

Filesize
6.0MB

MD5
14d38303f400732620d8ed1c034a7af4

SHA1
a6b150ad3c49531bd329252c12e37b438ab0db9c

SHA256
79ca46575a9467861e7c95595d064910224c5e7ba02c35591b43d0115c8ce5f7

SHA512
b610e2a1bf314eae692f1170784f75f90ea00d46a905ddd4f17c5a0b521cee3d000a8ed2b9347c91a74adae9b47040d514f9485eef34ed3bdceaf471a5cc5686

Download Submit
memory/1168-93-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1168-2999-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1488-2996-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1488-76-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1632-3003-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1632-780-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1632-98-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3000-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-78-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1912-2994-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1912-349-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1912-79-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1952-85-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1952-2998-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2380-75-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2380-25-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-92-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2380-22-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2380-618-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2380-986-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2380-97-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2380-77-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2380-19-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2380-108-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2380-84-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-73-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2380-72-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2380-13-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2380-38-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2380-67-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-47-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2380-62-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2548-2983-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-74-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-71-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2991-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2600-46-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2997-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2600-107-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3002-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-29-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-106-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2906-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-21-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-2905-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2752-23-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2908-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2780-20-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2904-86-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2904-5505-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download