cobaltstrike | 775e1ecab8b2dee987a415b2a9bb02fdc23f96b10d1fb57b4f2162a083a9403b

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

882543868ade7c714ec400ccb209bdad
SHA1

c584920dea6b6c56c96a4b9f3bfe8b9dbf1c7fd3
SHA256

775e1ecab8b2dee987a415b2a9bb02fdc23f96b10d1fb57b4f2162a083a9403b
SHA512

8ba13f946b18bdb517fc076cc94454728533a2a8a14bd155ba2e677f202ea20b48e69af87a2f1b35353a3a130bf41b0c2f7937f5888ecd95be98f8d6c0446f0b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUa:T+q56utgpPF8u/7a

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016875-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c80-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-199.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-96.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-87.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-79.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017049-63.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3a-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1996-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/files/0x0008000000016c66-9.dat	xmrig
behavioral1/files/0x0009000000016875-7.dat	xmrig
behavioral1/memory/2508-21-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/1888-19-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2684-12-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c80-26.dat	xmrig
behavioral1/memory/2296-27-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-36.dat	xmrig
behavioral1/memory/2440-34-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1256-41-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2508-57-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-68.dat	xmrig
behavioral1/memory/3068-73-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1996-85-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2664-89-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/1120-98-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x000500000001878e-138.dat	xmrig
behavioral1/memory/3068-145-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/940-1423-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1120-566-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2664-423-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2712-277-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-199.dat	xmrig
behavioral1/files/0x0005000000019360-194.dat	xmrig
behavioral1/files/0x000500000001933f-189.dat	xmrig
behavioral1/files/0x0005000000019297-184.dat	xmrig
behavioral1/files/0x0005000000019284-179.dat	xmrig
behavioral1/files/0x0005000000019278-174.dat	xmrig
behavioral1/files/0x0005000000019269-169.dat	xmrig
behavioral1/files/0x0005000000019250-164.dat	xmrig
behavioral1/files/0x0005000000019246-159.dat	xmrig
behavioral1/files/0x0006000000018c16-154.dat	xmrig
behavioral1/files/0x0006000000018b4e-149.dat	xmrig
behavioral1/files/0x00050000000187a8-143.dat	xmrig
behavioral1/files/0x0005000000018744-133.dat	xmrig
behavioral1/files/0x0005000000018739-128.dat	xmrig
behavioral1/files/0x0005000000018704-123.dat	xmrig
behavioral1/files/0x00050000000186f4-118.dat	xmrig
behavioral1/files/0x00050000000186f1-113.dat	xmrig
behavioral1/memory/940-107-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2176-106-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-104.dat	xmrig
behavioral1/memory/2728-97-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018686-96.dat	xmrig
behavioral1/memory/2800-88-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x000600000001755b-87.dat	xmrig
behavioral1/memory/2712-81-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/1256-80-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-79.dat	xmrig
behavioral1/memory/2440-72-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2176-65-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2296-64-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0007000000017049-63.dat	xmrig
behavioral1/memory/2728-58-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3a-56.dat	xmrig
behavioral1/memory/1996-53-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2800-50-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf5-49.dat	xmrig
behavioral1/memory/1996-46-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2684-45-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-33.dat	xmrig
behavioral1/memory/1996-40-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2684	gFXTcII.exe
1888	aEkxPlh.exe
2508	TsrTVfK.exe
2296	JoizdWG.exe
2440	uvhxqHR.exe
1256	uwyyRJe.exe
2800	vJPFnYB.exe
2728	aIWxgWe.exe
2176	WyFOfBq.exe
3068	jHqNrcd.exe
2712	USCzJbv.exe
2664	nQvRfrV.exe
1120	SZCGSiN.exe
940	spEgJbA.exe
1144	MkleCAP.exe
236	OKQopSs.exe
1672	FBbOCFQ.exe
1620	HyACorR.exe
1704	DVIHZLv.exe
1348	hximhzK.exe
2904	iSMdAew.exe
2900	PnUgWun.exe
2232	QHEqkbi.exe
2456	qyJrrtl.exe
2096	efodOjf.exe
572	FRSvHcJ.exe
1396	sxsauhT.exe
2580	FtaQIea.exe
448	zxCbtVk.exe
2108	zTYmGMj.exe
1612	vWrNntN.exe
1292	CyQhpiW.exe
2572	kGoxwLM.exe
2136	xYTuHGq.exe
1940	GhKRuOS.exe
1648	VnWsEMY.exe
896	NZOufmT.exe
1464	yMGVZqb.exe
1124	WBiZaya.exe
720	nfpJHLk.exe
1604	yaBSeKB.exe
2404	BRUVGSD.exe
2568	xWaWJog.exe
2436	rRvNYrr.exe
980	VnGfQXL.exe
2492	rgDGQJn.exe
1416	pMWaeXh.exe
876	WQsiCdZ.exe
1032	UNOzKrr.exe
2072	DZVIdIb.exe
1500	Eqbvdje.exe
1636	ubSCZVo.exe
2056	wxeQlrn.exe
2332	NOTeCbO.exe
904	SUHUcHK.exe
976	noOsXlg.exe
2452	oKKojNj.exe
2740	awRAKPz.exe
2632	YtAKCRF.exe
1840	qCMfDul.exe
1776	mGIRMak.exe
1968	hMuVhwF.exe
1364	fGzjrLZ.exe
1684	qRGBPRc.exe

Loads dropped DLL 64 IoCs

pid	Process
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1996-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/files/0x0008000000016c66-9.dat	upx
behavioral1/files/0x0009000000016875-7.dat	upx
behavioral1/memory/2508-21-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/1888-19-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2684-12-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0007000000016c80-26.dat	upx
behavioral1/memory/2296-27-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0007000000016cd7-36.dat	upx
behavioral1/memory/2440-34-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1256-41-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2508-57-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0006000000017497-68.dat	upx
behavioral1/memory/3068-73-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2664-89-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/1120-98-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000500000001878e-138.dat	upx
behavioral1/memory/3068-145-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/940-1423-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1120-566-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2664-423-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2712-277-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-199.dat	upx
behavioral1/files/0x0005000000019360-194.dat	upx
behavioral1/files/0x000500000001933f-189.dat	upx
behavioral1/files/0x0005000000019297-184.dat	upx
behavioral1/files/0x0005000000019284-179.dat	upx
behavioral1/files/0x0005000000019278-174.dat	upx
behavioral1/files/0x0005000000019269-169.dat	upx
behavioral1/files/0x0005000000019250-164.dat	upx
behavioral1/files/0x0005000000019246-159.dat	upx
behavioral1/files/0x0006000000018c16-154.dat	upx
behavioral1/files/0x0006000000018b4e-149.dat	upx
behavioral1/files/0x00050000000187a8-143.dat	upx
behavioral1/files/0x0005000000018744-133.dat	upx
behavioral1/files/0x0005000000018739-128.dat	upx
behavioral1/files/0x0005000000018704-123.dat	upx
behavioral1/files/0x00050000000186f4-118.dat	upx
behavioral1/files/0x00050000000186f1-113.dat	upx
behavioral1/memory/940-107-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2176-106-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-104.dat	upx
behavioral1/memory/2728-97-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0005000000018686-96.dat	upx
behavioral1/memory/2800-88-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x000600000001755b-87.dat	upx
behavioral1/memory/2712-81-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/1256-80-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x000600000001749c-79.dat	upx
behavioral1/memory/2440-72-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2176-65-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2296-64-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0007000000017049-63.dat	upx
behavioral1/memory/2728-58-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0009000000016d3a-56.dat	upx
behavioral1/memory/2800-50-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000016cf5-49.dat	upx
behavioral1/memory/2684-45-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-33.dat	upx
behavioral1/memory/1996-40-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/1888-2699-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2684-2697-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2296-2709-0x000000013F930000-0x000000013FC84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zyOJORV.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZpAetH.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxwjqyc.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BerpKcn.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epalMxE.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTnvFia.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjicRpV.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgpBQtA.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyzzoMY.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROyfqzw.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWtLhiK.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soGoBXZ.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqBpgyr.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCUyxpY.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBJznCm.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stzVLkj.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBbOCFQ.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgrfnIb.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbvlrdX.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amfClnf.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtOPWbU.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaeYfmx.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUVzFxz.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaDVOFZ.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHGqLnf.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQcwadV.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FthJsoU.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIjdTir.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldyIOYv.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RseiGot.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwAStNg.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHvufgt.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCZnuLk.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPseegI.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmnQZam.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccwuXSk.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsIKjkQ.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBkORuQ.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqjMWRk.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktQnTZP.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yhyibkh.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvoAxvK.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzGvdXn.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrtBQnH.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvbPdrt.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvXoCMD.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNSBPQM.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEcrzkY.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDzGnPu.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWYcCII.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwjfiGs.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpXglqG.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EeCkwNC.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irsPHZo.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbZljGk.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvFmBOs.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IihvKLf.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyyWhzi.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgaCLkr.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLoYjIz.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVMhtfY.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwFprcl.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrOjuOB.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJafFRC.exe	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2684	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1996 wrote to memory of 2684	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1996 wrote to memory of 2684	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1996 wrote to memory of 1888	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1996 wrote to memory of 1888	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1996 wrote to memory of 1888	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1996 wrote to memory of 2508	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1996 wrote to memory of 2508	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1996 wrote to memory of 2508	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1996 wrote to memory of 2296	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1996 wrote to memory of 2296	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1996 wrote to memory of 2296	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1996 wrote to memory of 2440	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1996 wrote to memory of 2440	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1996 wrote to memory of 2440	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1996 wrote to memory of 1256	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1996 wrote to memory of 1256	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1996 wrote to memory of 1256	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1996 wrote to memory of 2800	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1996 wrote to memory of 2800	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1996 wrote to memory of 2800	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1996 wrote to memory of 2728	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1996 wrote to memory of 2728	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1996 wrote to memory of 2728	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1996 wrote to memory of 2176	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1996 wrote to memory of 2176	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1996 wrote to memory of 2176	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1996 wrote to memory of 3068	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1996 wrote to memory of 3068	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1996 wrote to memory of 3068	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1996 wrote to memory of 2712	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1996 wrote to memory of 2712	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1996 wrote to memory of 2712	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1996 wrote to memory of 2664	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1996 wrote to memory of 2664	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1996 wrote to memory of 2664	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1996 wrote to memory of 1120	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1996 wrote to memory of 1120	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1996 wrote to memory of 1120	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1996 wrote to memory of 940	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1996 wrote to memory of 940	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1996 wrote to memory of 940	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1996 wrote to memory of 1144	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1996 wrote to memory of 1144	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1996 wrote to memory of 1144	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1996 wrote to memory of 236	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1996 wrote to memory of 236	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1996 wrote to memory of 236	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1996 wrote to memory of 1672	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1996 wrote to memory of 1672	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1996 wrote to memory of 1672	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1996 wrote to memory of 1620	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1996 wrote to memory of 1620	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1996 wrote to memory of 1620	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1996 wrote to memory of 1704	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1996 wrote to memory of 1704	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1996 wrote to memory of 1704	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1996 wrote to memory of 1348	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1996 wrote to memory of 1348	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1996 wrote to memory of 1348	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1996 wrote to memory of 2904	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1996 wrote to memory of 2904	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1996 wrote to memory of 2904	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1996 wrote to memory of 2900	1996	2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_882543868ade7c714ec400ccb209bdad_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\System\gFXTcII.exe
  C:\Windows\System\gFXTcII.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\aEkxPlh.exe
  C:\Windows\System\aEkxPlh.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\TsrTVfK.exe
  C:\Windows\System\TsrTVfK.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\JoizdWG.exe
  C:\Windows\System\JoizdWG.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\uvhxqHR.exe
  C:\Windows\System\uvhxqHR.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\uwyyRJe.exe
  C:\Windows\System\uwyyRJe.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\vJPFnYB.exe
  C:\Windows\System\vJPFnYB.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\aIWxgWe.exe
  C:\Windows\System\aIWxgWe.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\WyFOfBq.exe
  C:\Windows\System\WyFOfBq.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\jHqNrcd.exe
  C:\Windows\System\jHqNrcd.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\USCzJbv.exe
  C:\Windows\System\USCzJbv.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\nQvRfrV.exe
  C:\Windows\System\nQvRfrV.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\SZCGSiN.exe
  C:\Windows\System\SZCGSiN.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\spEgJbA.exe
  C:\Windows\System\spEgJbA.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\MkleCAP.exe
  C:\Windows\System\MkleCAP.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\OKQopSs.exe
  C:\Windows\System\OKQopSs.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\FBbOCFQ.exe
  C:\Windows\System\FBbOCFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\HyACorR.exe
  C:\Windows\System\HyACorR.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\DVIHZLv.exe
  C:\Windows\System\DVIHZLv.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\hximhzK.exe
  C:\Windows\System\hximhzK.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\iSMdAew.exe
  C:\Windows\System\iSMdAew.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\PnUgWun.exe
  C:\Windows\System\PnUgWun.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\QHEqkbi.exe
  C:\Windows\System\QHEqkbi.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\qyJrrtl.exe
  C:\Windows\System\qyJrrtl.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\efodOjf.exe
  C:\Windows\System\efodOjf.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\FRSvHcJ.exe
  C:\Windows\System\FRSvHcJ.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\sxsauhT.exe
  C:\Windows\System\sxsauhT.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\FtaQIea.exe
  C:\Windows\System\FtaQIea.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\zxCbtVk.exe
  C:\Windows\System\zxCbtVk.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\zTYmGMj.exe
  C:\Windows\System\zTYmGMj.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\vWrNntN.exe
  C:\Windows\System\vWrNntN.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\CyQhpiW.exe
  C:\Windows\System\CyQhpiW.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\kGoxwLM.exe
  C:\Windows\System\kGoxwLM.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\xYTuHGq.exe
  C:\Windows\System\xYTuHGq.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\GhKRuOS.exe
  C:\Windows\System\GhKRuOS.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\VnWsEMY.exe
  C:\Windows\System\VnWsEMY.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\NZOufmT.exe
  C:\Windows\System\NZOufmT.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\yMGVZqb.exe
  C:\Windows\System\yMGVZqb.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\WBiZaya.exe
  C:\Windows\System\WBiZaya.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\nfpJHLk.exe
  C:\Windows\System\nfpJHLk.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\yaBSeKB.exe
  C:\Windows\System\yaBSeKB.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\BRUVGSD.exe
  C:\Windows\System\BRUVGSD.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\xWaWJog.exe
  C:\Windows\System\xWaWJog.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\rRvNYrr.exe
  C:\Windows\System\rRvNYrr.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\VnGfQXL.exe
  C:\Windows\System\VnGfQXL.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\rgDGQJn.exe
  C:\Windows\System\rgDGQJn.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\pMWaeXh.exe
  C:\Windows\System\pMWaeXh.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\WQsiCdZ.exe
  C:\Windows\System\WQsiCdZ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\UNOzKrr.exe
  C:\Windows\System\UNOzKrr.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\DZVIdIb.exe
  C:\Windows\System\DZVIdIb.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\Eqbvdje.exe
  C:\Windows\System\Eqbvdje.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\ubSCZVo.exe
  C:\Windows\System\ubSCZVo.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\wxeQlrn.exe
  C:\Windows\System\wxeQlrn.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\NOTeCbO.exe
  C:\Windows\System\NOTeCbO.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\SUHUcHK.exe
  C:\Windows\System\SUHUcHK.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\noOsXlg.exe
  C:\Windows\System\noOsXlg.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\oKKojNj.exe
  C:\Windows\System\oKKojNj.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\awRAKPz.exe
  C:\Windows\System\awRAKPz.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\YtAKCRF.exe
  C:\Windows\System\YtAKCRF.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\qCMfDul.exe
  C:\Windows\System\qCMfDul.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\mGIRMak.exe
  C:\Windows\System\mGIRMak.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\hMuVhwF.exe
  C:\Windows\System\hMuVhwF.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\fGzjrLZ.exe
  C:\Windows\System\fGzjrLZ.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\qRGBPRc.exe
  C:\Windows\System\qRGBPRc.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\zuTGFFe.exe
  C:\Windows\System\zuTGFFe.exe
  2⤵
  PID:2668
- C:\Windows\System\xXoufcA.exe
  C:\Windows\System\xXoufcA.exe
  2⤵
  PID:1868
- C:\Windows\System\PiMuMqm.exe
  C:\Windows\System\PiMuMqm.exe
  2⤵
  PID:484
- C:\Windows\System\kcBHwtB.exe
  C:\Windows\System\kcBHwtB.exe
  2⤵
  PID:2028
- C:\Windows\System\EGgAKQU.exe
  C:\Windows\System\EGgAKQU.exe
  2⤵
  PID:672
- C:\Windows\System\YypGGsx.exe
  C:\Windows\System\YypGGsx.exe
  2⤵
  PID:2088
- C:\Windows\System\KHzfeeT.exe
  C:\Windows\System\KHzfeeT.exe
  2⤵
  PID:1276
- C:\Windows\System\kzHNbNQ.exe
  C:\Windows\System\kzHNbNQ.exe
  2⤵
  PID:1560
- C:\Windows\System\aKddjEj.exe
  C:\Windows\System\aKddjEj.exe
  2⤵
  PID:1632
- C:\Windows\System\GIxRXOD.exe
  C:\Windows\System\GIxRXOD.exe
  2⤵
  PID:544
- C:\Windows\System\PoqqAnt.exe
  C:\Windows\System\PoqqAnt.exe
  2⤵
  PID:1460
- C:\Windows\System\IxiTBKm.exe
  C:\Windows\System\IxiTBKm.exe
  2⤵
  PID:768
- C:\Windows\System\hYLcNfF.exe
  C:\Windows\System\hYLcNfF.exe
  2⤵
  PID:2468
- C:\Windows\System\isnzcAl.exe
  C:\Windows\System\isnzcAl.exe
  2⤵
  PID:1552
- C:\Windows\System\nyXaqfG.exe
  C:\Windows\System\nyXaqfG.exe
  2⤵
  PID:2448
- C:\Windows\System\RHXDBIi.exe
  C:\Windows\System\RHXDBIi.exe
  2⤵
  PID:1424
- C:\Windows\System\UinsRWV.exe
  C:\Windows\System\UinsRWV.exe
  2⤵
  PID:108
- C:\Windows\System\ttKvxnV.exe
  C:\Windows\System\ttKvxnV.exe
  2⤵
  PID:2164
- C:\Windows\System\YBKwzZv.exe
  C:\Windows\System\YBKwzZv.exe
  2⤵
  PID:1640
- C:\Windows\System\fbnvhsG.exe
  C:\Windows\System\fbnvhsG.exe
  2⤵
  PID:2892
- C:\Windows\System\xxIDcMI.exe
  C:\Windows\System\xxIDcMI.exe
  2⤵
  PID:2828
- C:\Windows\System\UdYbttV.exe
  C:\Windows\System\UdYbttV.exe
  2⤵
  PID:2488
- C:\Windows\System\QtiwWzs.exe
  C:\Windows\System\QtiwWzs.exe
  2⤵
  PID:2604
- C:\Windows\System\aVtLrNs.exe
  C:\Windows\System\aVtLrNs.exe
  2⤵
  PID:2196
- C:\Windows\System\jseExcg.exe
  C:\Windows\System\jseExcg.exe
  2⤵
  PID:1964
- C:\Windows\System\sAVzsYF.exe
  C:\Windows\System\sAVzsYF.exe
  2⤵
  PID:2908
- C:\Windows\System\HkvuaGo.exe
  C:\Windows\System\HkvuaGo.exe
  2⤵
  PID:2972
- C:\Windows\System\zryyhLb.exe
  C:\Windows\System\zryyhLb.exe
  2⤵
  PID:1232
- C:\Windows\System\EllcBwW.exe
  C:\Windows\System\EllcBwW.exe
  2⤵
  PID:1392
- C:\Windows\System\qbnhgWr.exe
  C:\Windows\System\qbnhgWr.exe
  2⤵
  PID:2976
- C:\Windows\System\WgBklwf.exe
  C:\Windows\System\WgBklwf.exe
  2⤵
  PID:1308
- C:\Windows\System\TPkaNYx.exe
  C:\Windows\System\TPkaNYx.exe
  2⤵
  PID:1928
- C:\Windows\System\huuwfia.exe
  C:\Windows\System\huuwfia.exe
  2⤵
  PID:3080
- C:\Windows\System\zpeRvFe.exe
  C:\Windows\System\zpeRvFe.exe
  2⤵
  PID:3100
- C:\Windows\System\iFvOFNP.exe
  C:\Windows\System\iFvOFNP.exe
  2⤵
  PID:3120
- C:\Windows\System\mBEcaNj.exe
  C:\Windows\System\mBEcaNj.exe
  2⤵
  PID:3140
- C:\Windows\System\XNeAlSp.exe
  C:\Windows\System\XNeAlSp.exe
  2⤵
  PID:3160
- C:\Windows\System\tLcltMR.exe
  C:\Windows\System\tLcltMR.exe
  2⤵
  PID:3180
- C:\Windows\System\xOHJmlR.exe
  C:\Windows\System\xOHJmlR.exe
  2⤵
  PID:3200
- C:\Windows\System\QpimxWO.exe
  C:\Windows\System\QpimxWO.exe
  2⤵
  PID:3216
- C:\Windows\System\jCZnuLk.exe
  C:\Windows\System\jCZnuLk.exe
  2⤵
  PID:3240
- C:\Windows\System\RTFVQqv.exe
  C:\Windows\System\RTFVQqv.exe
  2⤵
  PID:3264
- C:\Windows\System\tczRhFR.exe
  C:\Windows\System\tczRhFR.exe
  2⤵
  PID:3284
- C:\Windows\System\PyXeTLi.exe
  C:\Windows\System\PyXeTLi.exe
  2⤵
  PID:3304
- C:\Windows\System\XgBbHsg.exe
  C:\Windows\System\XgBbHsg.exe
  2⤵
  PID:3324
- C:\Windows\System\FHGPbni.exe
  C:\Windows\System\FHGPbni.exe
  2⤵
  PID:3344
- C:\Windows\System\uwyWBNQ.exe
  C:\Windows\System\uwyWBNQ.exe
  2⤵
  PID:3364
- C:\Windows\System\GDEbQcF.exe
  C:\Windows\System\GDEbQcF.exe
  2⤵
  PID:3384
- C:\Windows\System\NQZVcHL.exe
  C:\Windows\System\NQZVcHL.exe
  2⤵
  PID:3404
- C:\Windows\System\ESYSGMU.exe
  C:\Windows\System\ESYSGMU.exe
  2⤵
  PID:3424
- C:\Windows\System\IdUBfAm.exe
  C:\Windows\System\IdUBfAm.exe
  2⤵
  PID:3444
- C:\Windows\System\xDqgQBE.exe
  C:\Windows\System\xDqgQBE.exe
  2⤵
  PID:3464
- C:\Windows\System\okIhgCZ.exe
  C:\Windows\System\okIhgCZ.exe
  2⤵
  PID:3484
- C:\Windows\System\lJJdURn.exe
  C:\Windows\System\lJJdURn.exe
  2⤵
  PID:3504
- C:\Windows\System\CKVkvzh.exe
  C:\Windows\System\CKVkvzh.exe
  2⤵
  PID:3524
- C:\Windows\System\zGWJKkg.exe
  C:\Windows\System\zGWJKkg.exe
  2⤵
  PID:3540
- C:\Windows\System\JHwpXfV.exe
  C:\Windows\System\JHwpXfV.exe
  2⤵
  PID:3564
- C:\Windows\System\OjGYidG.exe
  C:\Windows\System\OjGYidG.exe
  2⤵
  PID:3584
- C:\Windows\System\AdNJcIc.exe
  C:\Windows\System\AdNJcIc.exe
  2⤵
  PID:3604
- C:\Windows\System\ATIAqoY.exe
  C:\Windows\System\ATIAqoY.exe
  2⤵
  PID:3624
- C:\Windows\System\OAiccsu.exe
  C:\Windows\System\OAiccsu.exe
  2⤵
  PID:3644
- C:\Windows\System\lsifkXv.exe
  C:\Windows\System\lsifkXv.exe
  2⤵
  PID:3664
- C:\Windows\System\QmwTQxu.exe
  C:\Windows\System\QmwTQxu.exe
  2⤵
  PID:3684
- C:\Windows\System\TvHtBxF.exe
  C:\Windows\System\TvHtBxF.exe
  2⤵
  PID:3708
- C:\Windows\System\qMchnLX.exe
  C:\Windows\System\qMchnLX.exe
  2⤵
  PID:3728
- C:\Windows\System\bjTiHqU.exe
  C:\Windows\System\bjTiHqU.exe
  2⤵
  PID:3748
- C:\Windows\System\SEEQGMs.exe
  C:\Windows\System\SEEQGMs.exe
  2⤵
  PID:3772
- C:\Windows\System\bshLaNv.exe
  C:\Windows\System\bshLaNv.exe
  2⤵
  PID:3792
- C:\Windows\System\fXldvKd.exe
  C:\Windows\System\fXldvKd.exe
  2⤵
  PID:3812
- C:\Windows\System\VTaOxAX.exe
  C:\Windows\System\VTaOxAX.exe
  2⤵
  PID:3832
- C:\Windows\System\FApZDuE.exe
  C:\Windows\System\FApZDuE.exe
  2⤵
  PID:3852
- C:\Windows\System\UcYwBgD.exe
  C:\Windows\System\UcYwBgD.exe
  2⤵
  PID:3872
- C:\Windows\System\HGaZoWo.exe
  C:\Windows\System\HGaZoWo.exe
  2⤵
  PID:3892
- C:\Windows\System\irfojzV.exe
  C:\Windows\System\irfojzV.exe
  2⤵
  PID:3912
- C:\Windows\System\kTpUeGA.exe
  C:\Windows\System\kTpUeGA.exe
  2⤵
  PID:3932
- C:\Windows\System\gVOpRPT.exe
  C:\Windows\System\gVOpRPT.exe
  2⤵
  PID:3952
- C:\Windows\System\WEmYYoP.exe
  C:\Windows\System\WEmYYoP.exe
  2⤵
  PID:3972
- C:\Windows\System\gWmPtyd.exe
  C:\Windows\System\gWmPtyd.exe
  2⤵
  PID:3992
- C:\Windows\System\CMTjUcB.exe
  C:\Windows\System\CMTjUcB.exe
  2⤵
  PID:4012
- C:\Windows\System\ZXYIFRl.exe
  C:\Windows\System\ZXYIFRl.exe
  2⤵
  PID:4032
- C:\Windows\System\jHkSGRB.exe
  C:\Windows\System\jHkSGRB.exe
  2⤵
  PID:4052
- C:\Windows\System\KFYKNKi.exe
  C:\Windows\System\KFYKNKi.exe
  2⤵
  PID:4072
- C:\Windows\System\jKqnkaQ.exe
  C:\Windows\System\jKqnkaQ.exe
  2⤵
  PID:4092
- C:\Windows\System\EcWFnLJ.exe
  C:\Windows\System\EcWFnLJ.exe
  2⤵
  PID:788
- C:\Windows\System\SdfnUFc.exe
  C:\Windows\System\SdfnUFc.exe
  2⤵
  PID:2384
- C:\Windows\System\OWEuPeK.exe
  C:\Windows\System\OWEuPeK.exe
  2⤵
  PID:972
- C:\Windows\System\YTEfasJ.exe
  C:\Windows\System\YTEfasJ.exe
  2⤵
  PID:836
- C:\Windows\System\dbBSCkB.exe
  C:\Windows\System\dbBSCkB.exe
  2⤵
  PID:2680
- C:\Windows\System\pFMQObQ.exe
  C:\Windows\System\pFMQObQ.exe
  2⤵
  PID:2888
- C:\Windows\System\EZDeGwW.exe
  C:\Windows\System\EZDeGwW.exe
  2⤵
  PID:1252
- C:\Windows\System\sRmArnR.exe
  C:\Windows\System\sRmArnR.exe
  2⤵
  PID:1344
- C:\Windows\System\grLsNZk.exe
  C:\Windows\System\grLsNZk.exe
  2⤵
  PID:1892
- C:\Windows\System\shHsVCU.exe
  C:\Windows\System\shHsVCU.exe
  2⤵
  PID:2400
- C:\Windows\System\FrUBBmv.exe
  C:\Windows\System\FrUBBmv.exe
  2⤵
  PID:2220
- C:\Windows\System\BCBsBBE.exe
  C:\Windows\System\BCBsBBE.exe
  2⤵
  PID:3076
- C:\Windows\System\RdPmlFs.exe
  C:\Windows\System\RdPmlFs.exe
  2⤵
  PID:952
- C:\Windows\System\KhWIVjy.exe
  C:\Windows\System\KhWIVjy.exe
  2⤵
  PID:3112
- C:\Windows\System\cwheKja.exe
  C:\Windows\System\cwheKja.exe
  2⤵
  PID:3152
- C:\Windows\System\QHjtADN.exe
  C:\Windows\System\QHjtADN.exe
  2⤵
  PID:3168
- C:\Windows\System\LSfVrwN.exe
  C:\Windows\System\LSfVrwN.exe
  2⤵
  PID:3236
- C:\Windows\System\ffVlXZk.exe
  C:\Windows\System\ffVlXZk.exe
  2⤵
  PID:3272
- C:\Windows\System\luDFrgq.exe
  C:\Windows\System\luDFrgq.exe
  2⤵
  PID:3312
- C:\Windows\System\MLBesVk.exe
  C:\Windows\System\MLBesVk.exe
  2⤵
  PID:3300
- C:\Windows\System\ENuLroW.exe
  C:\Windows\System\ENuLroW.exe
  2⤵
  PID:3356
- C:\Windows\System\suvBFRG.exe
  C:\Windows\System\suvBFRG.exe
  2⤵
  PID:3396
- C:\Windows\System\PzJOqyI.exe
  C:\Windows\System\PzJOqyI.exe
  2⤵
  PID:3412
- C:\Windows\System\nUfyCKz.exe
  C:\Windows\System\nUfyCKz.exe
  2⤵
  PID:3452
- C:\Windows\System\MBnqodN.exe
  C:\Windows\System\MBnqodN.exe
  2⤵
  PID:3492
- C:\Windows\System\esgQWRK.exe
  C:\Windows\System\esgQWRK.exe
  2⤵
  PID:3548
- C:\Windows\System\LGidOmj.exe
  C:\Windows\System\LGidOmj.exe
  2⤵
  PID:3532
- C:\Windows\System\vwwDiQJ.exe
  C:\Windows\System\vwwDiQJ.exe
  2⤵
  PID:3576
- C:\Windows\System\PbXQezb.exe
  C:\Windows\System\PbXQezb.exe
  2⤵
  PID:3616
- C:\Windows\System\uPpMQtv.exe
  C:\Windows\System\uPpMQtv.exe
  2⤵
  PID:3660
- C:\Windows\System\rCNzffi.exe
  C:\Windows\System\rCNzffi.exe
  2⤵
  PID:3716
- C:\Windows\System\OZJmApH.exe
  C:\Windows\System\OZJmApH.exe
  2⤵
  PID:3736
- C:\Windows\System\UnTGuzm.exe
  C:\Windows\System\UnTGuzm.exe
  2⤵
  PID:3760
- C:\Windows\System\OyNUatt.exe
  C:\Windows\System\OyNUatt.exe
  2⤵
  PID:3804
- C:\Windows\System\kQdYJhs.exe
  C:\Windows\System\kQdYJhs.exe
  2⤵
  PID:3848
- C:\Windows\System\qkclIpM.exe
  C:\Windows\System\qkclIpM.exe
  2⤵
  PID:3868
- C:\Windows\System\pStyiQR.exe
  C:\Windows\System\pStyiQR.exe
  2⤵
  PID:3900
- C:\Windows\System\foWfOSz.exe
  C:\Windows\System\foWfOSz.exe
  2⤵
  PID:3904
- C:\Windows\System\jJhuuiJ.exe
  C:\Windows\System\jJhuuiJ.exe
  2⤵
  PID:3964
- C:\Windows\System\eapznbw.exe
  C:\Windows\System\eapznbw.exe
  2⤵
  PID:3984
- C:\Windows\System\dIqRPbe.exe
  C:\Windows\System\dIqRPbe.exe
  2⤵
  PID:4048
- C:\Windows\System\QIwVtuJ.exe
  C:\Windows\System\QIwVtuJ.exe
  2⤵
  PID:4080
- C:\Windows\System\cbDEKEY.exe
  C:\Windows\System\cbDEKEY.exe
  2⤵
  PID:1584
- C:\Windows\System\hdyfwVT.exe
  C:\Windows\System\hdyfwVT.exe
  2⤵
  PID:1768
- C:\Windows\System\fiUQHAP.exe
  C:\Windows\System\fiUQHAP.exe
  2⤵
  PID:2252
- C:\Windows\System\mMOdwLb.exe
  C:\Windows\System\mMOdwLb.exe
  2⤵
  PID:2988
- C:\Windows\System\HsBRKEV.exe
  C:\Windows\System\HsBRKEV.exe
  2⤵
  PID:2844
- C:\Windows\System\bdjVBiC.exe
  C:\Windows\System\bdjVBiC.exe
  2⤵
  PID:1728
- C:\Windows\System\aPXlavc.exe
  C:\Windows\System\aPXlavc.exe
  2⤵
  PID:2696
- C:\Windows\System\oRiJzLe.exe
  C:\Windows\System\oRiJzLe.exe
  2⤵
  PID:1660
- C:\Windows\System\DwjfiGs.exe
  C:\Windows\System\DwjfiGs.exe
  2⤵
  PID:3088
- C:\Windows\System\dAbwGHl.exe
  C:\Windows\System\dAbwGHl.exe
  2⤵
  PID:3196
- C:\Windows\System\bfkajic.exe
  C:\Windows\System\bfkajic.exe
  2⤵
  PID:3232
- C:\Windows\System\klktcJL.exe
  C:\Windows\System\klktcJL.exe
  2⤵
  PID:3316
- C:\Windows\System\ZYlpDFY.exe
  C:\Windows\System\ZYlpDFY.exe
  2⤵
  PID:3280
- C:\Windows\System\TIHFRpV.exe
  C:\Windows\System\TIHFRpV.exe
  2⤵
  PID:3340
- C:\Windows\System\lwKIUJb.exe
  C:\Windows\System\lwKIUJb.exe
  2⤵
  PID:3472
- C:\Windows\System\VKcTQlB.exe
  C:\Windows\System\VKcTQlB.exe
  2⤵
  PID:3456
- C:\Windows\System\atOjIXM.exe
  C:\Windows\System\atOjIXM.exe
  2⤵
  PID:3592
- C:\Windows\System\tJXEUOu.exe
  C:\Windows\System\tJXEUOu.exe
  2⤵
  PID:3636
- C:\Windows\System\csBslWa.exe
  C:\Windows\System\csBslWa.exe
  2⤵
  PID:3652
- C:\Windows\System\OUDxCqI.exe
  C:\Windows\System\OUDxCqI.exe
  2⤵
  PID:3724
- C:\Windows\System\YTJVCdg.exe
  C:\Windows\System\YTJVCdg.exe
  2⤵
  PID:3764
- C:\Windows\System\dNjaGrt.exe
  C:\Windows\System\dNjaGrt.exe
  2⤵
  PID:3840
- C:\Windows\System\lCSTbYH.exe
  C:\Windows\System\lCSTbYH.exe
  2⤵
  PID:3884
- C:\Windows\System\wjOthiW.exe
  C:\Windows\System\wjOthiW.exe
  2⤵
  PID:3980
- C:\Windows\System\oCSmeJJ.exe
  C:\Windows\System\oCSmeJJ.exe
  2⤵
  PID:3988
- C:\Windows\System\IpQulLx.exe
  C:\Windows\System\IpQulLx.exe
  2⤵
  PID:4060
- C:\Windows\System\mKgkFvy.exe
  C:\Windows\System\mKgkFvy.exe
  2⤵
  PID:4088
- C:\Windows\System\DVnAaYz.exe
  C:\Windows\System\DVnAaYz.exe
  2⤵
  PID:2416
- C:\Windows\System\ijEcoHD.exe
  C:\Windows\System\ijEcoHD.exe
  2⤵
  PID:764
- C:\Windows\System\qfHecQM.exe
  C:\Windows\System\qfHecQM.exe
  2⤵
  PID:2360
- C:\Windows\System\yYpgXRb.exe
  C:\Windows\System\yYpgXRb.exe
  2⤵
  PID:1696
- C:\Windows\System\ZYUbaHU.exe
  C:\Windows\System\ZYUbaHU.exe
  2⤵
  PID:3192
- C:\Windows\System\FappzEu.exe
  C:\Windows\System\FappzEu.exe
  2⤵
  PID:3136
- C:\Windows\System\Irelsow.exe
  C:\Windows\System\Irelsow.exe
  2⤵
  PID:3392
- C:\Windows\System\dKChNmh.exe
  C:\Windows\System\dKChNmh.exe
  2⤵
  PID:3500
- C:\Windows\System\YriUxaK.exe
  C:\Windows\System\YriUxaK.exe
  2⤵
  PID:3460
- C:\Windows\System\rQDuOJA.exe
  C:\Windows\System\rQDuOJA.exe
  2⤵
  PID:3632
- C:\Windows\System\TSqzDFU.exe
  C:\Windows\System\TSqzDFU.exe
  2⤵
  PID:3672
- C:\Windows\System\JrvmqNK.exe
  C:\Windows\System\JrvmqNK.exe
  2⤵
  PID:3740
- C:\Windows\System\KGswGrI.exe
  C:\Windows\System\KGswGrI.exe
  2⤵
  PID:3860
- C:\Windows\System\cQPPvJX.exe
  C:\Windows\System\cQPPvJX.exe
  2⤵
  PID:4108
- C:\Windows\System\nQEgkIO.exe
  C:\Windows\System\nQEgkIO.exe
  2⤵
  PID:4128
- C:\Windows\System\JqqCtOD.exe
  C:\Windows\System\JqqCtOD.exe
  2⤵
  PID:4148
- C:\Windows\System\xJFwyRH.exe
  C:\Windows\System\xJFwyRH.exe
  2⤵
  PID:4168
- C:\Windows\System\vNIfYtu.exe
  C:\Windows\System\vNIfYtu.exe
  2⤵
  PID:4188
- C:\Windows\System\fGPSnuC.exe
  C:\Windows\System\fGPSnuC.exe
  2⤵
  PID:4208
- C:\Windows\System\kRsgIEi.exe
  C:\Windows\System\kRsgIEi.exe
  2⤵
  PID:4228
- C:\Windows\System\IIeVxVd.exe
  C:\Windows\System\IIeVxVd.exe
  2⤵
  PID:4248
- C:\Windows\System\KofEiXM.exe
  C:\Windows\System\KofEiXM.exe
  2⤵
  PID:4264
- C:\Windows\System\MLvxxum.exe
  C:\Windows\System\MLvxxum.exe
  2⤵
  PID:4288
- C:\Windows\System\XRNPAaq.exe
  C:\Windows\System\XRNPAaq.exe
  2⤵
  PID:4308
- C:\Windows\System\nBCDbIa.exe
  C:\Windows\System\nBCDbIa.exe
  2⤵
  PID:4328
- C:\Windows\System\teeXTqR.exe
  C:\Windows\System\teeXTqR.exe
  2⤵
  PID:4348
- C:\Windows\System\mmQymKa.exe
  C:\Windows\System\mmQymKa.exe
  2⤵
  PID:4368
- C:\Windows\System\AiNgpiY.exe
  C:\Windows\System\AiNgpiY.exe
  2⤵
  PID:4388
- C:\Windows\System\aQyKdAx.exe
  C:\Windows\System\aQyKdAx.exe
  2⤵
  PID:4408
- C:\Windows\System\ASBIPqT.exe
  C:\Windows\System\ASBIPqT.exe
  2⤵
  PID:4428
- C:\Windows\System\PxsPAFN.exe
  C:\Windows\System\PxsPAFN.exe
  2⤵
  PID:4448
- C:\Windows\System\JQwMNro.exe
  C:\Windows\System\JQwMNro.exe
  2⤵
  PID:4468
- C:\Windows\System\VUCSGzk.exe
  C:\Windows\System\VUCSGzk.exe
  2⤵
  PID:4488
- C:\Windows\System\awQIabh.exe
  C:\Windows\System\awQIabh.exe
  2⤵
  PID:4508
- C:\Windows\System\NhwQReF.exe
  C:\Windows\System\NhwQReF.exe
  2⤵
  PID:4528
- C:\Windows\System\jYwyOkv.exe
  C:\Windows\System\jYwyOkv.exe
  2⤵
  PID:4548
- C:\Windows\System\RRRxZzu.exe
  C:\Windows\System\RRRxZzu.exe
  2⤵
  PID:4568
- C:\Windows\System\XGqHeWZ.exe
  C:\Windows\System\XGqHeWZ.exe
  2⤵
  PID:4588
- C:\Windows\System\yMJMtbL.exe
  C:\Windows\System\yMJMtbL.exe
  2⤵
  PID:4608
- C:\Windows\System\EsACpnm.exe
  C:\Windows\System\EsACpnm.exe
  2⤵
  PID:4628
- C:\Windows\System\FtuNDtn.exe
  C:\Windows\System\FtuNDtn.exe
  2⤵
  PID:4652
- C:\Windows\System\JgGCyGT.exe
  C:\Windows\System\JgGCyGT.exe
  2⤵
  PID:4672
- C:\Windows\System\VDmMYoq.exe
  C:\Windows\System\VDmMYoq.exe
  2⤵
  PID:4692
- C:\Windows\System\WOpCEjd.exe
  C:\Windows\System\WOpCEjd.exe
  2⤵
  PID:4712
- C:\Windows\System\LymwsHJ.exe
  C:\Windows\System\LymwsHJ.exe
  2⤵
  PID:4732
- C:\Windows\System\NkGAiSs.exe
  C:\Windows\System\NkGAiSs.exe
  2⤵
  PID:4752
- C:\Windows\System\sVbQLGw.exe
  C:\Windows\System\sVbQLGw.exe
  2⤵
  PID:4772
- C:\Windows\System\HDvKekB.exe
  C:\Windows\System\HDvKekB.exe
  2⤵
  PID:4788
- C:\Windows\System\CIfuSmm.exe
  C:\Windows\System\CIfuSmm.exe
  2⤵
  PID:4812
- C:\Windows\System\iOVxnCB.exe
  C:\Windows\System\iOVxnCB.exe
  2⤵
  PID:4832
- C:\Windows\System\MuUYgHS.exe
  C:\Windows\System\MuUYgHS.exe
  2⤵
  PID:4852
- C:\Windows\System\urcQgRy.exe
  C:\Windows\System\urcQgRy.exe
  2⤵
  PID:4872
- C:\Windows\System\ZqyprVZ.exe
  C:\Windows\System\ZqyprVZ.exe
  2⤵
  PID:4892
- C:\Windows\System\JHUwicX.exe
  C:\Windows\System\JHUwicX.exe
  2⤵
  PID:4912
- C:\Windows\System\EyIKqqf.exe
  C:\Windows\System\EyIKqqf.exe
  2⤵
  PID:4932
- C:\Windows\System\hGQWpnb.exe
  C:\Windows\System\hGQWpnb.exe
  2⤵
  PID:4952
- C:\Windows\System\tcqdfML.exe
  C:\Windows\System\tcqdfML.exe
  2⤵
  PID:4972
- C:\Windows\System\dzapXIM.exe
  C:\Windows\System\dzapXIM.exe
  2⤵
  PID:4992
- C:\Windows\System\UduqUDc.exe
  C:\Windows\System\UduqUDc.exe
  2⤵
  PID:5012
- C:\Windows\System\LbCyOyg.exe
  C:\Windows\System\LbCyOyg.exe
  2⤵
  PID:5028
- C:\Windows\System\ZqofSqR.exe
  C:\Windows\System\ZqofSqR.exe
  2⤵
  PID:5052
- C:\Windows\System\liFPUxo.exe
  C:\Windows\System\liFPUxo.exe
  2⤵
  PID:5072
- C:\Windows\System\teliSnA.exe
  C:\Windows\System\teliSnA.exe
  2⤵
  PID:5092
- C:\Windows\System\VKFMhuV.exe
  C:\Windows\System\VKFMhuV.exe
  2⤵
  PID:5112
- C:\Windows\System\upUVvex.exe
  C:\Windows\System\upUVvex.exe
  2⤵
  PID:3960
- C:\Windows\System\XvZtfCK.exe
  C:\Windows\System\XvZtfCK.exe
  2⤵
  PID:4064
- C:\Windows\System\LvsloAQ.exe
  C:\Windows\System\LvsloAQ.exe
  2⤵
  PID:2928
- C:\Windows\System\cQUAXnm.exe
  C:\Windows\System\cQUAXnm.exe
  2⤵
  PID:2924
- C:\Windows\System\cABQOZZ.exe
  C:\Windows\System\cABQOZZ.exe
  2⤵
  PID:3096
- C:\Windows\System\oRgSgvU.exe
  C:\Windows\System\oRgSgvU.exe
  2⤵
  PID:3248
- C:\Windows\System\zgnuNsr.exe
  C:\Windows\System\zgnuNsr.exe
  2⤵
  PID:3432
- C:\Windows\System\QkHWVTT.exe
  C:\Windows\System\QkHWVTT.exe
  2⤵
  PID:3520
- C:\Windows\System\VZwJDvJ.exe
  C:\Windows\System\VZwJDvJ.exe
  2⤵
  PID:3784
- C:\Windows\System\Mrgwqbz.exe
  C:\Windows\System\Mrgwqbz.exe
  2⤵
  PID:3888
- C:\Windows\System\pHUXeqM.exe
  C:\Windows\System\pHUXeqM.exe
  2⤵
  PID:4120
- C:\Windows\System\yoMZjwC.exe
  C:\Windows\System\yoMZjwC.exe
  2⤵
  PID:4140
- C:\Windows\System\qXdWVOJ.exe
  C:\Windows\System\qXdWVOJ.exe
  2⤵
  PID:4180
- C:\Windows\System\cWgUCHT.exe
  C:\Windows\System\cWgUCHT.exe
  2⤵
  PID:4216
- C:\Windows\System\TksyKTn.exe
  C:\Windows\System\TksyKTn.exe
  2⤵
  PID:4272
- C:\Windows\System\QhwnIAt.exe
  C:\Windows\System\QhwnIAt.exe
  2⤵
  PID:4280
- C:\Windows\System\aQhrhKv.exe
  C:\Windows\System\aQhrhKv.exe
  2⤵
  PID:4304
- C:\Windows\System\JcqmOLt.exe
  C:\Windows\System\JcqmOLt.exe
  2⤵
  PID:4340
- C:\Windows\System\exJUfyS.exe
  C:\Windows\System\exJUfyS.exe
  2⤵
  PID:4384
- C:\Windows\System\lAPuNtH.exe
  C:\Windows\System\lAPuNtH.exe
  2⤵
  PID:4416
- C:\Windows\System\gjUwJVN.exe
  C:\Windows\System\gjUwJVN.exe
  2⤵
  PID:4440
- C:\Windows\System\kudLAmQ.exe
  C:\Windows\System\kudLAmQ.exe
  2⤵
  PID:4464
- C:\Windows\System\ZaTwGAm.exe
  C:\Windows\System\ZaTwGAm.exe
  2⤵
  PID:4520
- C:\Windows\System\lkqhvxq.exe
  C:\Windows\System\lkqhvxq.exe
  2⤵
  PID:4536
- C:\Windows\System\BPozLpf.exe
  C:\Windows\System\BPozLpf.exe
  2⤵
  PID:4540
- C:\Windows\System\YtdVIoN.exe
  C:\Windows\System\YtdVIoN.exe
  2⤵
  PID:4600
- C:\Windows\System\txjggzJ.exe
  C:\Windows\System\txjggzJ.exe
  2⤵
  PID:4648
- C:\Windows\System\DgZkmzo.exe
  C:\Windows\System\DgZkmzo.exe
  2⤵
  PID:4680
- C:\Windows\System\ERNDwmf.exe
  C:\Windows\System\ERNDwmf.exe
  2⤵
  PID:4644
- C:\Windows\System\wkPNMxN.exe
  C:\Windows\System\wkPNMxN.exe
  2⤵
  PID:4728
- C:\Windows\System\vaylaqu.exe
  C:\Windows\System\vaylaqu.exe
  2⤵
  PID:4768
- C:\Windows\System\zHhRZOH.exe
  C:\Windows\System\zHhRZOH.exe
  2⤵
  PID:4796
- C:\Windows\System\cITJhak.exe
  C:\Windows\System\cITJhak.exe
  2⤵
  PID:4840
- C:\Windows\System\IUCDqQr.exe
  C:\Windows\System\IUCDqQr.exe
  2⤵
  PID:4848
- C:\Windows\System\HyzzoMY.exe
  C:\Windows\System\HyzzoMY.exe
  2⤵
  PID:4884
- C:\Windows\System\lgIEfKk.exe
  C:\Windows\System\lgIEfKk.exe
  2⤵
  PID:4928
- C:\Windows\System\XglMVAX.exe
  C:\Windows\System\XglMVAX.exe
  2⤵
  PID:4944
- C:\Windows\System\fhtmrys.exe
  C:\Windows\System\fhtmrys.exe
  2⤵
  PID:5000
- C:\Windows\System\vvZWdai.exe
  C:\Windows\System\vvZWdai.exe
  2⤵
  PID:5024
- C:\Windows\System\oOvfQlq.exe
  C:\Windows\System\oOvfQlq.exe
  2⤵
  PID:5060
- C:\Windows\System\cBSOEwd.exe
  C:\Windows\System\cBSOEwd.exe
  2⤵
  PID:5064
- C:\Windows\System\JBzeiXj.exe
  C:\Windows\System\JBzeiXj.exe
  2⤵
  PID:5108
- C:\Windows\System\GaXWPRX.exe
  C:\Windows\System\GaXWPRX.exe
  2⤵
  PID:4028
- C:\Windows\System\FthJsoU.exe
  C:\Windows\System\FthJsoU.exe
  2⤵
  PID:2316
- C:\Windows\System\NbJFFLx.exe
  C:\Windows\System\NbJFFLx.exe
  2⤵
  PID:2624
- C:\Windows\System\vgaCLkr.exe
  C:\Windows\System\vgaCLkr.exe
  2⤵
  PID:3172
- C:\Windows\System\cVTYuff.exe
  C:\Windows\System\cVTYuff.exe
  2⤵
  PID:3580
- C:\Windows\System\KRxBoyo.exe
  C:\Windows\System\KRxBoyo.exe
  2⤵
  PID:4116
- C:\Windows\System\LbrzqsI.exe
  C:\Windows\System\LbrzqsI.exe
  2⤵
  PID:4176
- C:\Windows\System\WeVXfuL.exe
  C:\Windows\System\WeVXfuL.exe
  2⤵
  PID:4200
- C:\Windows\System\kOYumBN.exe
  C:\Windows\System\kOYumBN.exe
  2⤵
  PID:4224
- C:\Windows\System\byfUXPg.exe
  C:\Windows\System\byfUXPg.exe
  2⤵
  PID:4324
- C:\Windows\System\NDnFTBu.exe
  C:\Windows\System\NDnFTBu.exe
  2⤵
  PID:4344
- C:\Windows\System\HMvtxIQ.exe
  C:\Windows\System\HMvtxIQ.exe
  2⤵
  PID:4420
- C:\Windows\System\DHXdCAq.exe
  C:\Windows\System\DHXdCAq.exe
  2⤵
  PID:4480
- C:\Windows\System\EiTftny.exe
  C:\Windows\System\EiTftny.exe
  2⤵
  PID:4564
- C:\Windows\System\JALVPbs.exe
  C:\Windows\System\JALVPbs.exe
  2⤵
  PID:2540
- C:\Windows\System\oYVJsKx.exe
  C:\Windows\System\oYVJsKx.exe
  2⤵
  PID:4616
- C:\Windows\System\hPseegI.exe
  C:\Windows\System\hPseegI.exe
  2⤵
  PID:4684
- C:\Windows\System\knEODJN.exe
  C:\Windows\System\knEODJN.exe
  2⤵
  PID:4740
- C:\Windows\System\NUZeejd.exe
  C:\Windows\System\NUZeejd.exe
  2⤵
  PID:4744
- C:\Windows\System\nqBcAvy.exe
  C:\Windows\System\nqBcAvy.exe
  2⤵
  PID:4780
- C:\Windows\System\VnzjxNO.exe
  C:\Windows\System\VnzjxNO.exe
  2⤵
  PID:4844
- C:\Windows\System\KUSmFNp.exe
  C:\Windows\System\KUSmFNp.exe
  2⤵
  PID:4960
- C:\Windows\System\chpTfZb.exe
  C:\Windows\System\chpTfZb.exe
  2⤵
  PID:5004
- C:\Windows\System\ugoEJtq.exe
  C:\Windows\System\ugoEJtq.exe
  2⤵
  PID:5080
- C:\Windows\System\alQQRIR.exe
  C:\Windows\System\alQQRIR.exe
  2⤵
  PID:3924
- C:\Windows\System\GckUdec.exe
  C:\Windows\System\GckUdec.exe
  2⤵
  PID:3880
- C:\Windows\System\OBwMDRP.exe
  C:\Windows\System\OBwMDRP.exe
  2⤵
  PID:1428
- C:\Windows\System\IbMQjcJ.exe
  C:\Windows\System\IbMQjcJ.exe
  2⤵
  PID:3440
- C:\Windows\System\eVyUzWG.exe
  C:\Windows\System\eVyUzWG.exe
  2⤵
  PID:3844
- C:\Windows\System\svwRxnt.exe
  C:\Windows\System\svwRxnt.exe
  2⤵
  PID:4220
- C:\Windows\System\zrDSTRP.exe
  C:\Windows\System\zrDSTRP.exe
  2⤵
  PID:4316
- C:\Windows\System\gKYFycX.exe
  C:\Windows\System\gKYFycX.exe
  2⤵
  PID:4260
- C:\Windows\System\ZxZypAN.exe
  C:\Windows\System\ZxZypAN.exe
  2⤵
  PID:4444
- C:\Windows\System\YtarKkR.exe
  C:\Windows\System\YtarKkR.exe
  2⤵
  PID:2760
- C:\Windows\System\hiSaYUI.exe
  C:\Windows\System\hiSaYUI.exe
  2⤵
  PID:4524
- C:\Windows\System\kIfzafp.exe
  C:\Windows\System\kIfzafp.exe
  2⤵
  PID:4604
- C:\Windows\System\eMRErtX.exe
  C:\Windows\System\eMRErtX.exe
  2⤵
  PID:4708
- C:\Windows\System\iaeYfmx.exe
  C:\Windows\System\iaeYfmx.exe
  2⤵
  PID:4828
- C:\Windows\System\rKCfuij.exe
  C:\Windows\System\rKCfuij.exe
  2⤵
  PID:4908
- C:\Windows\System\dpXglqG.exe
  C:\Windows\System\dpXglqG.exe
  2⤵
  PID:5124
- C:\Windows\System\OSjqgyX.exe
  C:\Windows\System\OSjqgyX.exe
  2⤵
  PID:5144
- C:\Windows\System\ueeAFUH.exe
  C:\Windows\System\ueeAFUH.exe
  2⤵
  PID:5164
- C:\Windows\System\qDUtspC.exe
  C:\Windows\System\qDUtspC.exe
  2⤵
  PID:5184
- C:\Windows\System\rjoOcWT.exe
  C:\Windows\System\rjoOcWT.exe
  2⤵
  PID:5204
- C:\Windows\System\qgcDehO.exe
  C:\Windows\System\qgcDehO.exe
  2⤵
  PID:5224
- C:\Windows\System\eBrdVjH.exe
  C:\Windows\System\eBrdVjH.exe
  2⤵
  PID:5244
- C:\Windows\System\GxjUWbs.exe
  C:\Windows\System\GxjUWbs.exe
  2⤵
  PID:5264
- C:\Windows\System\ipwyGKS.exe
  C:\Windows\System\ipwyGKS.exe
  2⤵
  PID:5284
- C:\Windows\System\NqJJjqq.exe
  C:\Windows\System\NqJJjqq.exe
  2⤵
  PID:5304
- C:\Windows\System\DbxIipw.exe
  C:\Windows\System\DbxIipw.exe
  2⤵
  PID:5324
- C:\Windows\System\EbDKWEN.exe
  C:\Windows\System\EbDKWEN.exe
  2⤵
  PID:5344
- C:\Windows\System\AlZHTGP.exe
  C:\Windows\System\AlZHTGP.exe
  2⤵
  PID:5364
- C:\Windows\System\MzoEyJK.exe
  C:\Windows\System\MzoEyJK.exe
  2⤵
  PID:5384
- C:\Windows\System\DoKVEcI.exe
  C:\Windows\System\DoKVEcI.exe
  2⤵
  PID:5404
- C:\Windows\System\iruJRHX.exe
  C:\Windows\System\iruJRHX.exe
  2⤵
  PID:5424
- C:\Windows\System\AijSLwp.exe
  C:\Windows\System\AijSLwp.exe
  2⤵
  PID:5444
- C:\Windows\System\LUIBjJn.exe
  C:\Windows\System\LUIBjJn.exe
  2⤵
  PID:5464
- C:\Windows\System\bfNPuKH.exe
  C:\Windows\System\bfNPuKH.exe
  2⤵
  PID:5484
- C:\Windows\System\IAgRipu.exe
  C:\Windows\System\IAgRipu.exe
  2⤵
  PID:5504
- C:\Windows\System\bLmiLIT.exe
  C:\Windows\System\bLmiLIT.exe
  2⤵
  PID:5524
- C:\Windows\System\JlnMHzY.exe
  C:\Windows\System\JlnMHzY.exe
  2⤵
  PID:5544
- C:\Windows\System\NzpOifQ.exe
  C:\Windows\System\NzpOifQ.exe
  2⤵
  PID:5564
- C:\Windows\System\QksoPFf.exe
  C:\Windows\System\QksoPFf.exe
  2⤵
  PID:5584
- C:\Windows\System\AvXoCMD.exe
  C:\Windows\System\AvXoCMD.exe
  2⤵
  PID:5604
- C:\Windows\System\JoImbmR.exe
  C:\Windows\System\JoImbmR.exe
  2⤵
  PID:5624
- C:\Windows\System\BTmoybb.exe
  C:\Windows\System\BTmoybb.exe
  2⤵
  PID:5644
- C:\Windows\System\JHzVijG.exe
  C:\Windows\System\JHzVijG.exe
  2⤵
  PID:5664
- C:\Windows\System\ZfThizO.exe
  C:\Windows\System\ZfThizO.exe
  2⤵
  PID:5684
- C:\Windows\System\jwJZkBQ.exe
  C:\Windows\System\jwJZkBQ.exe
  2⤵
  PID:5704
- C:\Windows\System\WEXrDTE.exe
  C:\Windows\System\WEXrDTE.exe
  2⤵
  PID:5724
- C:\Windows\System\wWlNBUs.exe
  C:\Windows\System\wWlNBUs.exe
  2⤵
  PID:5744
- C:\Windows\System\XPYUbqC.exe
  C:\Windows\System\XPYUbqC.exe
  2⤵
  PID:5764
- C:\Windows\System\lwbnlqY.exe
  C:\Windows\System\lwbnlqY.exe
  2⤵
  PID:5784
- C:\Windows\System\EdItHHW.exe
  C:\Windows\System\EdItHHW.exe
  2⤵
  PID:5804
- C:\Windows\System\mmvoaZD.exe
  C:\Windows\System\mmvoaZD.exe
  2⤵
  PID:5824
- C:\Windows\System\uJGPKFZ.exe
  C:\Windows\System\uJGPKFZ.exe
  2⤵
  PID:5844
- C:\Windows\System\vLTglzJ.exe
  C:\Windows\System\vLTglzJ.exe
  2⤵
  PID:5868
- C:\Windows\System\tANPebt.exe
  C:\Windows\System\tANPebt.exe
  2⤵
  PID:5892
- C:\Windows\System\dbFCIBY.exe
  C:\Windows\System\dbFCIBY.exe
  2⤵
  PID:5912
- C:\Windows\System\czQbJsW.exe
  C:\Windows\System\czQbJsW.exe
  2⤵
  PID:5932
- C:\Windows\System\VjSQxPx.exe
  C:\Windows\System\VjSQxPx.exe
  2⤵
  PID:5952
- C:\Windows\System\eDretrI.exe
  C:\Windows\System\eDretrI.exe
  2⤵
  PID:5972
- C:\Windows\System\aKdxzKL.exe
  C:\Windows\System\aKdxzKL.exe
  2⤵
  PID:5992
- C:\Windows\System\RmuOSCn.exe
  C:\Windows\System\RmuOSCn.exe
  2⤵
  PID:6012
- C:\Windows\System\aHOglxc.exe
  C:\Windows\System\aHOglxc.exe
  2⤵
  PID:6032
- C:\Windows\System\tQjHwva.exe
  C:\Windows\System\tQjHwva.exe
  2⤵
  PID:6052
- C:\Windows\System\yIUdcLc.exe
  C:\Windows\System\yIUdcLc.exe
  2⤵
  PID:6072
- C:\Windows\System\vrftvvj.exe
  C:\Windows\System\vrftvvj.exe
  2⤵
  PID:6092
- C:\Windows\System\XMjBqHv.exe
  C:\Windows\System\XMjBqHv.exe
  2⤵
  PID:6112
- C:\Windows\System\MrOZdfJ.exe
  C:\Windows\System\MrOZdfJ.exe
  2⤵
  PID:6132
- C:\Windows\System\eBbbbem.exe
  C:\Windows\System\eBbbbem.exe
  2⤵
  PID:5044
- C:\Windows\System\AlJCkWK.exe
  C:\Windows\System\AlJCkWK.exe
  2⤵
  PID:684
- C:\Windows\System\mRCrESv.exe
  C:\Windows\System\mRCrESv.exe
  2⤵
  PID:3116
- C:\Windows\System\HBokOzN.exe
  C:\Windows\System\HBokOzN.exe
  2⤵
  PID:3292
- C:\Windows\System\spEwVtF.exe
  C:\Windows\System\spEwVtF.exe
  2⤵
  PID:3824
- C:\Windows\System\xkPRDJE.exe
  C:\Windows\System\xkPRDJE.exe
  2⤵
  PID:4284
- C:\Windows\System\XJFwEYE.exe
  C:\Windows\System\XJFwEYE.exe
  2⤵
  PID:1876
- C:\Windows\System\mBZTPmH.exe
  C:\Windows\System\mBZTPmH.exe
  2⤵
  PID:4636
- C:\Windows\System\xWmGHif.exe
  C:\Windows\System\xWmGHif.exe
  2⤵
  PID:4760
- C:\Windows\System\wFKmtJH.exe
  C:\Windows\System\wFKmtJH.exe
  2⤵
  PID:4820
- C:\Windows\System\CDcMVEy.exe
  C:\Windows\System\CDcMVEy.exe
  2⤵
  PID:4968
- C:\Windows\System\mAHXOHh.exe
  C:\Windows\System\mAHXOHh.exe
  2⤵
  PID:4920
- C:\Windows\System\ZJULVGF.exe
  C:\Windows\System\ZJULVGF.exe
  2⤵
  PID:5212
- C:\Windows\System\zLoYjIz.exe
  C:\Windows\System\zLoYjIz.exe
  2⤵
  PID:5216
- C:\Windows\System\xxAZVCF.exe
  C:\Windows\System\xxAZVCF.exe
  2⤵
  PID:5256
- C:\Windows\System\LBHAPYd.exe
  C:\Windows\System\LBHAPYd.exe
  2⤵
  PID:5300
- C:\Windows\System\vJvaIYB.exe
  C:\Windows\System\vJvaIYB.exe
  2⤵
  PID:5332
- C:\Windows\System\CoNTLUB.exe
  C:\Windows\System\CoNTLUB.exe
  2⤵
  PID:5352
- C:\Windows\System\oySKfbs.exe
  C:\Windows\System\oySKfbs.exe
  2⤵
  PID:5376
- C:\Windows\System\kIekUBZ.exe
  C:\Windows\System\kIekUBZ.exe
  2⤵
  PID:5420
- C:\Windows\System\gjIxWDc.exe
  C:\Windows\System\gjIxWDc.exe
  2⤵
  PID:5456
- C:\Windows\System\aDmJjcN.exe
  C:\Windows\System\aDmJjcN.exe
  2⤵
  PID:5476
- C:\Windows\System\YpeEZiL.exe
  C:\Windows\System\YpeEZiL.exe
  2⤵
  PID:5520
- C:\Windows\System\zxTAgxf.exe
  C:\Windows\System\zxTAgxf.exe
  2⤵
  PID:5556
- C:\Windows\System\GKFchOx.exe
  C:\Windows\System\GKFchOx.exe
  2⤵
  PID:5600
- C:\Windows\System\QTNFEwI.exe
  C:\Windows\System\QTNFEwI.exe
  2⤵
  PID:5632
- C:\Windows\System\QfcboFN.exe
  C:\Windows\System\QfcboFN.exe
  2⤵
  PID:5672
- C:\Windows\System\NrRMMWB.exe
  C:\Windows\System\NrRMMWB.exe
  2⤵
  PID:5696
- C:\Windows\System\FKtWcZh.exe
  C:\Windows\System\FKtWcZh.exe
  2⤵
  PID:2052
- C:\Windows\System\CKvTvMR.exe
  C:\Windows\System\CKvTvMR.exe
  2⤵
  PID:5760
- C:\Windows\System\SYVxWDs.exe
  C:\Windows\System\SYVxWDs.exe
  2⤵
  PID:5796
- C:\Windows\System\BjLabUa.exe
  C:\Windows\System\BjLabUa.exe
  2⤵
  PID:2836
- C:\Windows\System\zSuxDFZ.exe
  C:\Windows\System\zSuxDFZ.exe
  2⤵
  PID:5900
- C:\Windows\System\rdrvKzd.exe
  C:\Windows\System\rdrvKzd.exe
  2⤵
  PID:5884
- C:\Windows\System\WbpzXBh.exe
  C:\Windows\System\WbpzXBh.exe
  2⤵
  PID:5980
- C:\Windows\System\JVXTllO.exe
  C:\Windows\System\JVXTllO.exe
  2⤵
  PID:5920
- C:\Windows\System\sILvhoI.exe
  C:\Windows\System\sILvhoI.exe
  2⤵
  PID:5964
- C:\Windows\System\MUKFHtB.exe
  C:\Windows\System\MUKFHtB.exe
  2⤵
  PID:6040
- C:\Windows\System\HnkZmeU.exe
  C:\Windows\System\HnkZmeU.exe
  2⤵
  PID:6080
- C:\Windows\System\dhAUCEN.exe
  C:\Windows\System\dhAUCEN.exe
  2⤵
  PID:6104
- C:\Windows\System\HgNEPjQ.exe
  C:\Windows\System\HgNEPjQ.exe
  2⤵
  PID:2816
- C:\Windows\System\jyBIMTf.exe
  C:\Windows\System\jyBIMTf.exe
  2⤵
  PID:3968
- C:\Windows\System\fnQLntl.exe
  C:\Windows\System\fnQLntl.exe
  2⤵
  PID:2788
- C:\Windows\System\RZLjSwB.exe
  C:\Windows\System\RZLjSwB.exe
  2⤵
  PID:4164
- C:\Windows\System\GbbgNRk.exe
  C:\Windows\System\GbbgNRk.exe
  2⤵
  PID:4400
- C:\Windows\System\mPukguO.exe
  C:\Windows\System\mPukguO.exe
  2⤵
  PID:4624
- C:\Windows\System\ZTOqQwJ.exe
  C:\Windows\System\ZTOqQwJ.exe
  2⤵
  PID:4784
- C:\Windows\System\ZDRzyYy.exe
  C:\Windows\System\ZDRzyYy.exe
  2⤵
  PID:4940
- C:\Windows\System\tvCqWsi.exe
  C:\Windows\System\tvCqWsi.exe
  2⤵
  PID:5160
- C:\Windows\System\dSPWyDs.exe
  C:\Windows\System\dSPWyDs.exe
  2⤵
  PID:5252
- C:\Windows\System\evYwpYP.exe
  C:\Windows\System\evYwpYP.exe
  2⤵
  PID:5272
- C:\Windows\System\JIipzPe.exe
  C:\Windows\System\JIipzPe.exe
  2⤵
  PID:5292
- C:\Windows\System\sXkQkwY.exe
  C:\Windows\System\sXkQkwY.exe
  2⤵
  PID:5372
- C:\Windows\System\zohsXCp.exe
  C:\Windows\System\zohsXCp.exe
  2⤵
  PID:5432
- C:\Windows\System\DUiVHjs.exe
  C:\Windows\System\DUiVHjs.exe
  2⤵
  PID:5400
- C:\Windows\System\sHUDyWz.exe
  C:\Windows\System\sHUDyWz.exe
  2⤵
  PID:5536
- C:\Windows\System\tXUGQyN.exe
  C:\Windows\System\tXUGQyN.exe
  2⤵
  PID:5532
- C:\Windows\System\HRJYaDo.exe
  C:\Windows\System\HRJYaDo.exe
  2⤵
  PID:5620
- C:\Windows\System\XnKGlWY.exe
  C:\Windows\System\XnKGlWY.exe
  2⤵
  PID:5700
- C:\Windows\System\DOezYxA.exe
  C:\Windows\System\DOezYxA.exe
  2⤵
  PID:5772
- C:\Windows\System\BTEYsyH.exe
  C:\Windows\System\BTEYsyH.exe
  2⤵
  PID:5720
- C:\Windows\System\WzEiScG.exe
  C:\Windows\System\WzEiScG.exe
  2⤵
  PID:5840
- C:\Windows\System\exaNvzm.exe
  C:\Windows\System\exaNvzm.exe
  2⤵
  PID:5940
- C:\Windows\System\CyIHgxt.exe
  C:\Windows\System\CyIHgxt.exe
  2⤵
  PID:5948
- C:\Windows\System\USNEcOr.exe
  C:\Windows\System\USNEcOr.exe
  2⤵
  PID:5924
- C:\Windows\System\wjIlTeF.exe
  C:\Windows\System\wjIlTeF.exe
  2⤵
  PID:6084
- C:\Windows\System\VVzuDXA.exe
  C:\Windows\System\VVzuDXA.exe
  2⤵
  PID:6068
- C:\Windows\System\YoqJzWD.exe
  C:\Windows\System\YoqJzWD.exe
  2⤵
  PID:5084
- C:\Windows\System\qCxjauh.exe
  C:\Windows\System\qCxjauh.exe
  2⤵
  PID:3400
- C:\Windows\System\AnKAjNy.exe
  C:\Windows\System\AnKAjNy.exe
  2⤵
  PID:2080
- C:\Windows\System\MzotsZv.exe
  C:\Windows\System\MzotsZv.exe
  2⤵
  PID:1468
- C:\Windows\System\osqvXlA.exe
  C:\Windows\System\osqvXlA.exe
  2⤵
  PID:4360
- C:\Windows\System\gYBXiHQ.exe
  C:\Windows\System\gYBXiHQ.exe
  2⤵
  PID:5132
- C:\Windows\System\kmvBZxo.exe
  C:\Windows\System\kmvBZxo.exe
  2⤵
  PID:5136
- C:\Windows\System\mCDsKRV.exe
  C:\Windows\System\mCDsKRV.exe
  2⤵
  PID:5280
- C:\Windows\System\wcXcgvW.exe
  C:\Windows\System\wcXcgvW.exe
  2⤵
  PID:5440
- C:\Windows\System\OevIzNe.exe
  C:\Windows\System\OevIzNe.exe
  2⤵
  PID:5396
- C:\Windows\System\kHjLOdG.exe
  C:\Windows\System\kHjLOdG.exe
  2⤵
  PID:5392
- C:\Windows\System\iBQcvtJ.exe
  C:\Windows\System\iBQcvtJ.exe
  2⤵
  PID:2148
- C:\Windows\System\IOJjaKD.exe
  C:\Windows\System\IOJjaKD.exe
  2⤵
  PID:2764
- C:\Windows\System\tIKNcbY.exe
  C:\Windows\System\tIKNcbY.exe
  2⤵
  PID:5676
- C:\Windows\System\tpaYsHi.exe
  C:\Windows\System\tpaYsHi.exe
  2⤵
  PID:5276
- C:\Windows\System\NEyPvfa.exe
  C:\Windows\System\NEyPvfa.exe
  2⤵
  PID:5864
- C:\Windows\System\UMpSjWR.exe
  C:\Windows\System\UMpSjWR.exe
  2⤵
  PID:2756
- C:\Windows\System\iUVzFxz.exe
  C:\Windows\System\iUVzFxz.exe
  2⤵
  PID:6100
- C:\Windows\System\EHAXoRY.exe
  C:\Windows\System\EHAXoRY.exe
  2⤵
  PID:1724
- C:\Windows\System\lVWyjlG.exe
  C:\Windows\System\lVWyjlG.exe
  2⤵
  PID:1852
- C:\Windows\System\PSiBMTm.exe
  C:\Windows\System\PSiBMTm.exe
  2⤵
  PID:1496
- C:\Windows\System\bcyMVLy.exe
  C:\Windows\System\bcyMVLy.exe
  2⤵
  PID:5176
- C:\Windows\System\AsaUUYc.exe
  C:\Windows\System\AsaUUYc.exe
  2⤵
  PID:5312
- C:\Windows\System\ZzxIQMn.exe
  C:\Windows\System\ZzxIQMn.exe
  2⤵
  PID:5492
- C:\Windows\System\qzMtwgI.exe
  C:\Windows\System\qzMtwgI.exe
  2⤵
  PID:2708
- C:\Windows\System\TNZfxdO.exe
  C:\Windows\System\TNZfxdO.exe
  2⤵
  PID:5616
- C:\Windows\System\mnaioce.exe
  C:\Windows\System\mnaioce.exe
  2⤵
  PID:5820
- C:\Windows\System\GytIVTN.exe
  C:\Windows\System\GytIVTN.exe
  2⤵
  PID:5876
- C:\Windows\System\LFiiirs.exe
  C:\Windows\System\LFiiirs.exe
  2⤵
  PID:2648
- C:\Windows\System\MqPgQdy.exe
  C:\Windows\System\MqPgQdy.exe
  2⤵
  PID:6148
- C:\Windows\System\bLeEuoq.exe
  C:\Windows\System\bLeEuoq.exe
  2⤵
  PID:6168
- C:\Windows\System\AZxWVFB.exe
  C:\Windows\System\AZxWVFB.exe
  2⤵
  PID:6188
- C:\Windows\System\jZLIYqu.exe
  C:\Windows\System\jZLIYqu.exe
  2⤵
  PID:6208
- C:\Windows\System\wzGegMM.exe
  C:\Windows\System\wzGegMM.exe
  2⤵
  PID:6232
- C:\Windows\System\bGbdfhw.exe
  C:\Windows\System\bGbdfhw.exe
  2⤵
  PID:6252
- C:\Windows\System\GrXHBrw.exe
  C:\Windows\System\GrXHBrw.exe
  2⤵
  PID:6272
- C:\Windows\System\BmnQZam.exe
  C:\Windows\System\BmnQZam.exe
  2⤵
  PID:6292
- C:\Windows\System\rzhVYSX.exe
  C:\Windows\System\rzhVYSX.exe
  2⤵
  PID:6312
- C:\Windows\System\tJEMkOY.exe
  C:\Windows\System\tJEMkOY.exe
  2⤵
  PID:6332
- C:\Windows\System\HqQNNPB.exe
  C:\Windows\System\HqQNNPB.exe
  2⤵
  PID:6352
- C:\Windows\System\iAfCNRP.exe
  C:\Windows\System\iAfCNRP.exe
  2⤵
  PID:6372
- C:\Windows\System\zVXDfIf.exe
  C:\Windows\System\zVXDfIf.exe
  2⤵
  PID:6392
- C:\Windows\System\oPjOxqb.exe
  C:\Windows\System\oPjOxqb.exe
  2⤵
  PID:6412
- C:\Windows\System\PwnQocT.exe
  C:\Windows\System\PwnQocT.exe
  2⤵
  PID:6432
- C:\Windows\System\CQXhvye.exe
  C:\Windows\System\CQXhvye.exe
  2⤵
  PID:6452
- C:\Windows\System\XFcGOTa.exe
  C:\Windows\System\XFcGOTa.exe
  2⤵
  PID:6472
- C:\Windows\System\kfSlkob.exe
  C:\Windows\System\kfSlkob.exe
  2⤵
  PID:6492
- C:\Windows\System\iWuRsyU.exe
  C:\Windows\System\iWuRsyU.exe
  2⤵
  PID:6512
- C:\Windows\System\qliyruk.exe
  C:\Windows\System\qliyruk.exe
  2⤵
  PID:6532
- C:\Windows\System\sNEqaQD.exe
  C:\Windows\System\sNEqaQD.exe
  2⤵
  PID:6552
- C:\Windows\System\QqePYfZ.exe
  C:\Windows\System\QqePYfZ.exe
  2⤵
  PID:6572
- C:\Windows\System\PbKUCej.exe
  C:\Windows\System\PbKUCej.exe
  2⤵
  PID:6592
- C:\Windows\System\mepYlWU.exe
  C:\Windows\System\mepYlWU.exe
  2⤵
  PID:6612
- C:\Windows\System\HByyCdh.exe
  C:\Windows\System\HByyCdh.exe
  2⤵
  PID:6632
- C:\Windows\System\ybwfYqL.exe
  C:\Windows\System\ybwfYqL.exe
  2⤵
  PID:6652
- C:\Windows\System\kPTcCpo.exe
  C:\Windows\System\kPTcCpo.exe
  2⤵
  PID:6672
- C:\Windows\System\ClMysCM.exe
  C:\Windows\System\ClMysCM.exe
  2⤵
  PID:6692
- C:\Windows\System\fpFrCiC.exe
  C:\Windows\System\fpFrCiC.exe
  2⤵
  PID:6712
- C:\Windows\System\zqFxRqF.exe
  C:\Windows\System\zqFxRqF.exe
  2⤵
  PID:6732
- C:\Windows\System\YXjbBdu.exe
  C:\Windows\System\YXjbBdu.exe
  2⤵
  PID:6756
- C:\Windows\System\wFoxIhV.exe
  C:\Windows\System\wFoxIhV.exe
  2⤵
  PID:6776
- C:\Windows\System\YcawhKY.exe
  C:\Windows\System\YcawhKY.exe
  2⤵
  PID:6796
- C:\Windows\System\gBncBIg.exe
  C:\Windows\System\gBncBIg.exe
  2⤵
  PID:6816
- C:\Windows\System\tYOddGw.exe
  C:\Windows\System\tYOddGw.exe
  2⤵
  PID:6836
- C:\Windows\System\HEkszxB.exe
  C:\Windows\System\HEkszxB.exe
  2⤵
  PID:6856
- C:\Windows\System\UWLKANJ.exe
  C:\Windows\System\UWLKANJ.exe
  2⤵
  PID:6872
- C:\Windows\System\egPtLFF.exe
  C:\Windows\System\egPtLFF.exe
  2⤵
  PID:6896
- C:\Windows\System\OOPAbMk.exe
  C:\Windows\System\OOPAbMk.exe
  2⤵
  PID:6916
- C:\Windows\System\KMDwMet.exe
  C:\Windows\System\KMDwMet.exe
  2⤵
  PID:6936
- C:\Windows\System\pEXctUG.exe
  C:\Windows\System\pEXctUG.exe
  2⤵
  PID:6956
- C:\Windows\System\BjJWkSB.exe
  C:\Windows\System\BjJWkSB.exe
  2⤵
  PID:6976
- C:\Windows\System\CdAAwny.exe
  C:\Windows\System\CdAAwny.exe
  2⤵
  PID:6996
- C:\Windows\System\ExekYUl.exe
  C:\Windows\System\ExekYUl.exe
  2⤵
  PID:7016
- C:\Windows\System\QkrSqMb.exe
  C:\Windows\System\QkrSqMb.exe
  2⤵
  PID:7036
- C:\Windows\System\DwihBXh.exe
  C:\Windows\System\DwihBXh.exe
  2⤵
  PID:7056
- C:\Windows\System\FDHtYPZ.exe
  C:\Windows\System\FDHtYPZ.exe
  2⤵
  PID:7076
- C:\Windows\System\GEEkUJp.exe
  C:\Windows\System\GEEkUJp.exe
  2⤵
  PID:7096
- C:\Windows\System\epDOsqh.exe
  C:\Windows\System\epDOsqh.exe
  2⤵
  PID:7120
- C:\Windows\System\kZRJHMT.exe
  C:\Windows\System\kZRJHMT.exe
  2⤵
  PID:7140
- C:\Windows\System\XBSjlIa.exe
  C:\Windows\System\XBSjlIa.exe
  2⤵
  PID:7160
- C:\Windows\System\LKHeFrB.exe
  C:\Windows\System\LKHeFrB.exe
  2⤵
  PID:4424
- C:\Windows\System\oUcpuRK.exe
  C:\Windows\System\oUcpuRK.exe
  2⤵
  PID:2564
- C:\Windows\System\oUcUaeV.exe
  C:\Windows\System\oUcUaeV.exe
  2⤵
  PID:2812
- C:\Windows\System\IbFzigO.exe
  C:\Windows\System\IbFzigO.exe
  2⤵
  PID:5192
- C:\Windows\System\TPurmLT.exe
  C:\Windows\System\TPurmLT.exe
  2⤵
  PID:5812
- C:\Windows\System\lnRjEYc.exe
  C:\Windows\System\lnRjEYc.exe
  2⤵
  PID:5960
- C:\Windows\System\owYzVBf.exe
  C:\Windows\System\owYzVBf.exe
  2⤵
  PID:6156
- C:\Windows\System\mnzouXU.exe
  C:\Windows\System\mnzouXU.exe
  2⤵
  PID:6164
- C:\Windows\System\MxCBYxQ.exe
  C:\Windows\System\MxCBYxQ.exe
  2⤵
  PID:6184
- C:\Windows\System\aTfVUCD.exe
  C:\Windows\System\aTfVUCD.exe
  2⤵
  PID:6220
- C:\Windows\System\UapQxjo.exe
  C:\Windows\System\UapQxjo.exe
  2⤵
  PID:6268
- C:\Windows\System\QVwKZYw.exe
  C:\Windows\System\QVwKZYw.exe
  2⤵
  PID:6320
- C:\Windows\System\mMWXskx.exe
  C:\Windows\System\mMWXskx.exe
  2⤵
  PID:6360
- C:\Windows\System\PgcFFcg.exe
  C:\Windows\System\PgcFFcg.exe
  2⤵
  PID:6348
- C:\Windows\System\PcSlUSe.exe
  C:\Windows\System\PcSlUSe.exe
  2⤵
  PID:6388
- C:\Windows\System\ROyfqzw.exe
  C:\Windows\System\ROyfqzw.exe
  2⤵
  PID:6444
- C:\Windows\System\LOeaWbT.exe
  C:\Windows\System\LOeaWbT.exe
  2⤵
  PID:6480
- C:\Windows\System\khXlKqP.exe
  C:\Windows\System\khXlKqP.exe
  2⤵
  PID:6464
- C:\Windows\System\DthroJH.exe
  C:\Windows\System\DthroJH.exe
  2⤵
  PID:6528
- C:\Windows\System\nhlrZeh.exe
  C:\Windows\System\nhlrZeh.exe
  2⤵
  PID:6544
- C:\Windows\System\ZIvtBeq.exe
  C:\Windows\System\ZIvtBeq.exe
  2⤵
  PID:6584
- C:\Windows\System\djxNpZj.exe
  C:\Windows\System\djxNpZj.exe
  2⤵
  PID:6640
- C:\Windows\System\TzIxSZL.exe
  C:\Windows\System\TzIxSZL.exe
  2⤵
  PID:6660
- C:\Windows\System\LlhIUWw.exe
  C:\Windows\System\LlhIUWw.exe
  2⤵
  PID:6684
- C:\Windows\System\dUNfURy.exe
  C:\Windows\System\dUNfURy.exe
  2⤵
  PID:6728
- C:\Windows\System\RaQXwRy.exe
  C:\Windows\System\RaQXwRy.exe
  2⤵
  PID:6744
- C:\Windows\System\YCnvSZZ.exe
  C:\Windows\System\YCnvSZZ.exe
  2⤵
  PID:2328
- C:\Windows\System\TjIAXxH.exe
  C:\Windows\System\TjIAXxH.exe
  2⤵
  PID:3260
- C:\Windows\System\TmbsCus.exe
  C:\Windows\System\TmbsCus.exe
  2⤵
  PID:6848
- C:\Windows\System\KRJpSBE.exe
  C:\Windows\System\KRJpSBE.exe
  2⤵
  PID:6880
- C:\Windows\System\LXpdAdZ.exe
  C:\Windows\System\LXpdAdZ.exe
  2⤵
  PID:6868
- C:\Windows\System\CChChDk.exe
  C:\Windows\System\CChChDk.exe
  2⤵
  PID:6912
- C:\Windows\System\aYiloJL.exe
  C:\Windows\System\aYiloJL.exe
  2⤵
  PID:6952
- C:\Windows\System\MEhBmiR.exe
  C:\Windows\System\MEhBmiR.exe
  2⤵
  PID:6992
- C:\Windows\System\MmSleQS.exe
  C:\Windows\System\MmSleQS.exe
  2⤵
  PID:7044
- C:\Windows\System\FYtKEgI.exe
  C:\Windows\System\FYtKEgI.exe
  2⤵
  PID:7032
- C:\Windows\System\wBHuCtl.exe
  C:\Windows\System\wBHuCtl.exe
  2⤵
  PID:7092
- C:\Windows\System\OlTcfnJ.exe
  C:\Windows\System\OlTcfnJ.exe
  2⤵
  PID:3000
- C:\Windows\System\MWtLhiK.exe
  C:\Windows\System\MWtLhiK.exe
  2⤵
  PID:7108
- C:\Windows\System\ZOKLhSX.exe
  C:\Windows\System\ZOKLhSX.exe
  2⤵
  PID:6020
- C:\Windows\System\YteboDQ.exe
  C:\Windows\System\YteboDQ.exe
  2⤵
  PID:2864
- C:\Windows\System\WrbwmQo.exe
  C:\Windows\System\WrbwmQo.exe
  2⤵
  PID:5380
- C:\Windows\System\eWNqYfm.exe
  C:\Windows\System\eWNqYfm.exe
  2⤵
  PID:5692
- C:\Windows\System\DDTMOws.exe
  C:\Windows\System\DDTMOws.exe
  2⤵
  PID:2848
- C:\Windows\System\DDBcLPj.exe
  C:\Windows\System\DDBcLPj.exe
  2⤵
  PID:6248
- C:\Windows\System\mgWWata.exe
  C:\Windows\System\mgWWata.exe
  2⤵
  PID:6244
- C:\Windows\System\QKXUwHJ.exe
  C:\Windows\System\QKXUwHJ.exe
  2⤵
  PID:6308
- C:\Windows\System\BDFesvv.exe
  C:\Windows\System\BDFesvv.exe
  2⤵
  PID:6384
- C:\Windows\System\QSlCgkk.exe
  C:\Windows\System\QSlCgkk.exe
  2⤵
  PID:6424
- C:\Windows\System\uXXCpyn.exe
  C:\Windows\System\uXXCpyn.exe
  2⤵
  PID:6504
- C:\Windows\System\CWYkEFa.exe
  C:\Windows\System\CWYkEFa.exe
  2⤵
  PID:6564
- C:\Windows\System\SDNdXkC.exe
  C:\Windows\System\SDNdXkC.exe
  2⤵
  PID:2704
- C:\Windows\System\cCmJshY.exe
  C:\Windows\System\cCmJshY.exe
  2⤵
  PID:7116
- C:\Windows\System\ItQvIUQ.exe
  C:\Windows\System\ItQvIUQ.exe
  2⤵
  PID:6700
- C:\Windows\System\xDMiRBA.exe
  C:\Windows\System\xDMiRBA.exe
  2⤵
  PID:6604
- C:\Windows\System\CXdlZbT.exe
  C:\Windows\System\CXdlZbT.exe
  2⤵
  PID:6764
- C:\Windows\System\GEUrDIx.exe
  C:\Windows\System\GEUrDIx.exe
  2⤵
  PID:6788
- C:\Windows\System\ehpscKr.exe
  C:\Windows\System\ehpscKr.exe
  2⤵
  PID:6808
- C:\Windows\System\TYbZDwy.exe
  C:\Windows\System\TYbZDwy.exe
  2⤵
  PID:6748
- C:\Windows\System\muuVZWb.exe
  C:\Windows\System\muuVZWb.exe
  2⤵
  PID:6944
- C:\Windows\System\bhopByR.exe
  C:\Windows\System\bhopByR.exe
  2⤵
  PID:6984
- C:\Windows\System\UIYiUIT.exe
  C:\Windows\System\UIYiUIT.exe
  2⤵
  PID:7084
- C:\Windows\System\HtRbzLO.exe
  C:\Windows\System\HtRbzLO.exe
  2⤵
  PID:7128
- C:\Windows\System\tKABZrS.exe
  C:\Windows\System\tKABZrS.exe
  2⤵
  PID:5048
- C:\Windows\System\riHRwgn.exe
  C:\Windows\System\riHRwgn.exe
  2⤵
  PID:4904
- C:\Windows\System\yMoQCiP.exe
  C:\Windows\System\yMoQCiP.exe
  2⤵
  PID:924
- C:\Windows\System\mWXvjrS.exe
  C:\Windows\System\mWXvjrS.exe
  2⤵
  PID:5780
- C:\Windows\System\pqMOonb.exe
  C:\Windows\System\pqMOonb.exe
  2⤵
  PID:2036
- C:\Windows\System\jAryyQX.exe
  C:\Windows\System\jAryyQX.exe
  2⤵
  PID:2608
- C:\Windows\System\CnMxvAr.exe
  C:\Windows\System\CnMxvAr.exe
  2⤵
  PID:6400
- C:\Windows\System\lcHzMNh.exe
  C:\Windows\System\lcHzMNh.exe
  2⤵
  PID:6460
- C:\Windows\System\HaOCSNw.exe
  C:\Windows\System\HaOCSNw.exe
  2⤵
  PID:6560
- C:\Windows\System\ptnDlOl.exe
  C:\Windows\System\ptnDlOl.exe
  2⤵
  PID:6644
- C:\Windows\System\lBJPxda.exe
  C:\Windows\System\lBJPxda.exe
  2⤵
  PID:6624
- C:\Windows\System\cDOluqz.exe
  C:\Windows\System\cDOluqz.exe
  2⤵
  PID:6768
- C:\Windows\System\JGiGokA.exe
  C:\Windows\System\JGiGokA.exe
  2⤵
  PID:2528
- C:\Windows\System\EGksEit.exe
  C:\Windows\System\EGksEit.exe
  2⤵
  PID:6904
- C:\Windows\System\ATblifb.exe
  C:\Windows\System\ATblifb.exe
  2⤵
  PID:2272
- C:\Windows\System\vNzQhmt.exe
  C:\Windows\System\vNzQhmt.exe
  2⤵
  PID:7064
- C:\Windows\System\jXEDIqP.exe
  C:\Windows\System\jXEDIqP.exe
  2⤵
  PID:7072
- C:\Windows\System\xRxgRcd.exe
  C:\Windows\System\xRxgRcd.exe
  2⤵
  PID:5552
- C:\Windows\System\wTVCtdB.exe
  C:\Windows\System\wTVCtdB.exe
  2⤵
  PID:6224
- C:\Windows\System\GKtochk.exe
  C:\Windows\System\GKtochk.exe
  2⤵
  PID:2824
- C:\Windows\System\rNqupOH.exe
  C:\Windows\System\rNqupOH.exe
  2⤵
  PID:6300
- C:\Windows\System\FsYHoPh.exe
  C:\Windows\System\FsYHoPh.exe
  2⤵
  PID:6600
- C:\Windows\System\lZrzezx.exe
  C:\Windows\System\lZrzezx.exe
  2⤵
  PID:1004
- C:\Windows\System\KOqeeXe.exe
  C:\Windows\System\KOqeeXe.exe
  2⤵
  PID:2532
- C:\Windows\System\fngcqfO.exe
  C:\Windows\System\fngcqfO.exe
  2⤵
  PID:6924
- C:\Windows\System\SKLnvUe.exe
  C:\Windows\System\SKLnvUe.exe
  2⤵
  PID:7012
- C:\Windows\System\TzGMzbr.exe
  C:\Windows\System\TzGMzbr.exe
  2⤵
  PID:7048
- C:\Windows\System\lyXSGPU.exe
  C:\Windows\System\lyXSGPU.exe
  2⤵
  PID:7156
- C:\Windows\System\xngbClv.exe
  C:\Windows\System\xngbClv.exe
  2⤵
  PID:6180
- C:\Windows\System\ZDkfDsy.exe
  C:\Windows\System\ZDkfDsy.exe
  2⤵
  PID:6508
- C:\Windows\System\oeBaSzu.exe
  C:\Windows\System\oeBaSzu.exe
  2⤵
  PID:7068
- C:\Windows\System\HzpFGle.exe
  C:\Windows\System\HzpFGle.exe
  2⤵
  PID:7180
- C:\Windows\System\BohEYEL.exe
  C:\Windows\System\BohEYEL.exe
  2⤵
  PID:7204
- C:\Windows\System\oQMsVvn.exe
  C:\Windows\System\oQMsVvn.exe
  2⤵
  PID:7228
- C:\Windows\System\gKAAIaC.exe
  C:\Windows\System\gKAAIaC.exe
  2⤵
  PID:7252
- C:\Windows\System\Bktqzkp.exe
  C:\Windows\System\Bktqzkp.exe
  2⤵
  PID:7272
- C:\Windows\System\FyPDDrB.exe
  C:\Windows\System\FyPDDrB.exe
  2⤵
  PID:7292
- C:\Windows\System\TQTtREh.exe
  C:\Windows\System\TQTtREh.exe
  2⤵
  PID:7312
- C:\Windows\System\gKIZQib.exe
  C:\Windows\System\gKIZQib.exe
  2⤵
  PID:7332
- C:\Windows\System\rgrfnIb.exe
  C:\Windows\System\rgrfnIb.exe
  2⤵
  PID:7356
- C:\Windows\System\uFKLGkx.exe
  C:\Windows\System\uFKLGkx.exe
  2⤵
  PID:7376
- C:\Windows\System\QAujdgC.exe
  C:\Windows\System\QAujdgC.exe
  2⤵
  PID:7396
- C:\Windows\System\pZyEZQJ.exe
  C:\Windows\System\pZyEZQJ.exe
  2⤵
  PID:7416
- C:\Windows\System\LDAKLnX.exe
  C:\Windows\System\LDAKLnX.exe
  2⤵
  PID:7436
- C:\Windows\System\tVzgHae.exe
  C:\Windows\System\tVzgHae.exe
  2⤵
  PID:7456
- C:\Windows\System\RpzIDqZ.exe
  C:\Windows\System\RpzIDqZ.exe
  2⤵
  PID:7476
- C:\Windows\System\auxjbAW.exe
  C:\Windows\System\auxjbAW.exe
  2⤵
  PID:7496
- C:\Windows\System\gSJRSEW.exe
  C:\Windows\System\gSJRSEW.exe
  2⤵
  PID:7516
- C:\Windows\System\BudnZJF.exe
  C:\Windows\System\BudnZJF.exe
  2⤵
  PID:7536
- C:\Windows\System\HWKvhGV.exe
  C:\Windows\System\HWKvhGV.exe
  2⤵
  PID:7556
- C:\Windows\System\cTHvDoZ.exe
  C:\Windows\System\cTHvDoZ.exe
  2⤵
  PID:7576
- C:\Windows\System\wynXNsD.exe
  C:\Windows\System\wynXNsD.exe
  2⤵
  PID:7596
- C:\Windows\System\dGthbDR.exe
  C:\Windows\System\dGthbDR.exe
  2⤵
  PID:7616
- C:\Windows\System\ONyfClD.exe
  C:\Windows\System\ONyfClD.exe
  2⤵
  PID:7636
- C:\Windows\System\OnkRgAY.exe
  C:\Windows\System\OnkRgAY.exe
  2⤵
  PID:7656
- C:\Windows\System\ODgYgNy.exe
  C:\Windows\System\ODgYgNy.exe
  2⤵
  PID:7676
- C:\Windows\System\eFYnEZu.exe
  C:\Windows\System\eFYnEZu.exe
  2⤵
  PID:7696
- C:\Windows\System\WdaYuzu.exe
  C:\Windows\System\WdaYuzu.exe
  2⤵
  PID:7716
- C:\Windows\System\cNzTEdm.exe
  C:\Windows\System\cNzTEdm.exe
  2⤵
  PID:7736
- C:\Windows\System\ixUMWEQ.exe
  C:\Windows\System\ixUMWEQ.exe
  2⤵
  PID:7756
- C:\Windows\System\trrXHTm.exe
  C:\Windows\System\trrXHTm.exe
  2⤵
  PID:7776
- C:\Windows\System\hyBbjNk.exe
  C:\Windows\System\hyBbjNk.exe
  2⤵
  PID:7796
- C:\Windows\System\BoMRkCW.exe
  C:\Windows\System\BoMRkCW.exe
  2⤵
  PID:7816
- C:\Windows\System\mkmqXHV.exe
  C:\Windows\System\mkmqXHV.exe
  2⤵
  PID:7836
- C:\Windows\System\fjzbDvN.exe
  C:\Windows\System\fjzbDvN.exe
  2⤵
  PID:7856
- C:\Windows\System\yHTuzAd.exe
  C:\Windows\System\yHTuzAd.exe
  2⤵
  PID:7880
- C:\Windows\System\AItwrAI.exe
  C:\Windows\System\AItwrAI.exe
  2⤵
  PID:7900
- C:\Windows\System\zDKhBnZ.exe
  C:\Windows\System\zDKhBnZ.exe
  2⤵
  PID:7924
- C:\Windows\System\crxkLxm.exe
  C:\Windows\System\crxkLxm.exe
  2⤵
  PID:7944
- C:\Windows\System\PhdFQev.exe
  C:\Windows\System\PhdFQev.exe
  2⤵
  PID:7964
- C:\Windows\System\hNSBPQM.exe
  C:\Windows\System\hNSBPQM.exe
  2⤵
  PID:7984
- C:\Windows\System\dILwSVu.exe
  C:\Windows\System\dILwSVu.exe
  2⤵
  PID:8004
- C:\Windows\System\JdWYxEk.exe
  C:\Windows\System\JdWYxEk.exe
  2⤵
  PID:8024
- C:\Windows\System\kSjwZaz.exe
  C:\Windows\System\kSjwZaz.exe
  2⤵
  PID:8044
- C:\Windows\System\AbxupGR.exe
  C:\Windows\System\AbxupGR.exe
  2⤵
  PID:8064
- C:\Windows\System\PFvpbYT.exe
  C:\Windows\System\PFvpbYT.exe
  2⤵
  PID:8084
- C:\Windows\System\MQTRMUB.exe
  C:\Windows\System\MQTRMUB.exe
  2⤵
  PID:8104
- C:\Windows\System\fbOSNGE.exe
  C:\Windows\System\fbOSNGE.exe
  2⤵
  PID:8124
- C:\Windows\System\nvSrbej.exe
  C:\Windows\System\nvSrbej.exe
  2⤵
  PID:8144
- C:\Windows\System\jNhLfYw.exe
  C:\Windows\System\jNhLfYw.exe
  2⤵
  PID:8176
- C:\Windows\System\xbbdADJ.exe
  C:\Windows\System\xbbdADJ.exe
  2⤵
  PID:6812
- C:\Windows\System\miXsVcU.exe
  C:\Windows\System\miXsVcU.exe
  2⤵
  PID:2880
- C:\Windows\System\QNVCzWX.exe
  C:\Windows\System\QNVCzWX.exe
  2⤵
  PID:5236
- C:\Windows\System\jNAEtof.exe
  C:\Windows\System\jNAEtof.exe
  2⤵
  PID:2596
- C:\Windows\System\lOqAENL.exe
  C:\Windows\System\lOqAENL.exe
  2⤵
  PID:6260
- C:\Windows\System\iFvRtCv.exe
  C:\Windows\System\iFvRtCv.exe
  2⤵
  PID:6440
- C:\Windows\System\zgpEsNL.exe
  C:\Windows\System\zgpEsNL.exe
  2⤵
  PID:7188
- C:\Windows\System\kHdwISc.exe
  C:\Windows\System\kHdwISc.exe
  2⤵
  PID:7192
- C:\Windows\System\HUPgiRT.exe
  C:\Windows\System\HUPgiRT.exe
  2⤵
  PID:7248
- C:\Windows\System\KpkyPon.exe
  C:\Windows\System\KpkyPon.exe
  2⤵
  PID:7280
- C:\Windows\System\NMVJXbH.exe
  C:\Windows\System\NMVJXbH.exe
  2⤵
  PID:7304
- C:\Windows\System\FYtwgCl.exe
  C:\Windows\System\FYtwgCl.exe
  2⤵
  PID:7384
- C:\Windows\System\dNvhCNk.exe
  C:\Windows\System\dNvhCNk.exe
  2⤵
  PID:7388
- C:\Windows\System\rPhLfsD.exe
  C:\Windows\System\rPhLfsD.exe
  2⤵
  PID:7464
- C:\Windows\System\YZdqOlO.exe
  C:\Windows\System\YZdqOlO.exe
  2⤵
  PID:7448
- C:\Windows\System\GmbWGWW.exe
  C:\Windows\System\GmbWGWW.exe
  2⤵
  PID:7512
- C:\Windows\System\RnqDtYG.exe
  C:\Windows\System\RnqDtYG.exe
  2⤵
  PID:1904
- C:\Windows\System\HGiAudl.exe
  C:\Windows\System\HGiAudl.exe
  2⤵
  PID:7528
- C:\Windows\System\VILQRoG.exe
  C:\Windows\System\VILQRoG.exe
  2⤵
  PID:7584
- C:\Windows\System\srzFZEE.exe
  C:\Windows\System\srzFZEE.exe
  2⤵
  PID:1896
- C:\Windows\System\DekuKhY.exe
  C:\Windows\System\DekuKhY.exe
  2⤵
  PID:7628
- C:\Windows\System\VKwNLCA.exe
  C:\Windows\System\VKwNLCA.exe
  2⤵
  PID:7608
- C:\Windows\System\IBEpSfC.exe
  C:\Windows\System\IBEpSfC.exe
  2⤵
  PID:1420
- C:\Windows\System\xVxIYcM.exe
  C:\Windows\System\xVxIYcM.exe
  2⤵
  PID:2640
- C:\Windows\System\nQajKIa.exe
  C:\Windows\System\nQajKIa.exe
  2⤵
  PID:2832
- C:\Windows\System\tnqpdYN.exe
  C:\Windows\System\tnqpdYN.exe
  2⤵
  PID:7748
- C:\Windows\System\UmTStlS.exe
  C:\Windows\System\UmTStlS.exe
  2⤵
  PID:7784
- C:\Windows\System\ruDZyEG.exe
  C:\Windows\System\ruDZyEG.exe
  2⤵
  PID:7788
- C:\Windows\System\ZIueVzS.exe
  C:\Windows\System\ZIueVzS.exe
  2⤵
  PID:7804
- C:\Windows\System\omWYGfW.exe
  C:\Windows\System\omWYGfW.exe
  2⤵
  PID:2916
- C:\Windows\System\Uyvrxmv.exe
  C:\Windows\System\Uyvrxmv.exe
  2⤵
  PID:7852
- C:\Windows\System\dqouBqO.exe
  C:\Windows\System\dqouBqO.exe
  2⤵
  PID:7916
- C:\Windows\System\VQLQNJq.exe
  C:\Windows\System\VQLQNJq.exe
  2⤵
  PID:2060
- C:\Windows\System\hPFbLQS.exe
  C:\Windows\System\hPFbLQS.exe
  2⤵
  PID:660
- C:\Windows\System\julgkQq.exe
  C:\Windows\System\julgkQq.exe
  2⤵
  PID:7960
- C:\Windows\System\cLibuXO.exe
  C:\Windows\System\cLibuXO.exe
  2⤵
  PID:748
- C:\Windows\System\OydIqqp.exe
  C:\Windows\System\OydIqqp.exe
  2⤵
  PID:7976
- C:\Windows\System\xTLdRnF.exe
  C:\Windows\System\xTLdRnF.exe
  2⤵
  PID:8072
- C:\Windows\System\pIPNfIe.exe
  C:\Windows\System\pIPNfIe.exe
  2⤵
  PID:8076
- C:\Windows\System\qiBOBTk.exe
  C:\Windows\System\qiBOBTk.exe
  2⤵
  PID:8116
- C:\Windows\System\amsGhot.exe
  C:\Windows\System\amsGhot.exe
  2⤵
  PID:5200
- C:\Windows\System\FHeANek.exe
  C:\Windows\System\FHeANek.exe
  2⤵
  PID:8188
- C:\Windows\System\KqnnumA.exe
  C:\Windows\System\KqnnumA.exe
  2⤵
  PID:1680
- C:\Windows\System\zvsRCwb.exe
  C:\Windows\System\zvsRCwb.exe
  2⤵
  PID:1960
- C:\Windows\System\OWrwspi.exe
  C:\Windows\System\OWrwspi.exe
  2⤵
  PID:6864
- C:\Windows\System\WCwFnZL.exe
  C:\Windows\System\WCwFnZL.exe
  2⤵
  PID:5836
- C:\Windows\System\sCrOoEq.exe
  C:\Windows\System\sCrOoEq.exe
  2⤵
  PID:7224
- C:\Windows\System\CromQNi.exe
  C:\Windows\System\CromQNi.exe
  2⤵
  PID:7340
- C:\Windows\System\FDLijef.exe
  C:\Windows\System\FDLijef.exe
  2⤵
  PID:7348
- C:\Windows\System\rRvqbYh.exe
  C:\Windows\System\rRvqbYh.exe
  2⤵
  PID:6928
- C:\Windows\System\KQnRSRf.exe
  C:\Windows\System\KQnRSRf.exe
  2⤵
  PID:7172
- C:\Windows\System\VdfKPXt.exe
  C:\Windows\System\VdfKPXt.exe
  2⤵
  PID:7368
- C:\Windows\System\RaSUGWh.exe
  C:\Windows\System\RaSUGWh.exe
  2⤵
  PID:7504
- C:\Windows\System\UJUFJjR.exe
  C:\Windows\System\UJUFJjR.exe
  2⤵
  PID:7488
- C:\Windows\System\ZFTgGkd.exe
  C:\Windows\System\ZFTgGkd.exe
  2⤵
  PID:7568
- C:\Windows\System\mLRteAe.exe
  C:\Windows\System\mLRteAe.exe
  2⤵
  PID:7672
- C:\Windows\System\qLbqGEv.exe
  C:\Windows\System\qLbqGEv.exe
  2⤵
  PID:7692
- C:\Windows\System\BJuYZOC.exe
  C:\Windows\System\BJuYZOC.exe
  2⤵
  PID:7668
- C:\Windows\System\zMmWicf.exe
  C:\Windows\System\zMmWicf.exe
  2⤵
  PID:2968
- C:\Windows\System\fVPfMag.exe
  C:\Windows\System\fVPfMag.exe
  2⤵
  PID:2660
- C:\Windows\System\gAnXXHw.exe
  C:\Windows\System\gAnXXHw.exe
  2⤵
  PID:7808
- C:\Windows\System\hhCdFUC.exe
  C:\Windows\System\hhCdFUC.exe
  2⤵
  PID:1932
- C:\Windows\System\FFgcwFR.exe
  C:\Windows\System\FFgcwFR.exe
  2⤵
  PID:7940
- C:\Windows\System\IxFWsLp.exe
  C:\Windows\System\IxFWsLp.exe
  2⤵
  PID:2308
- C:\Windows\System\HwPTjux.exe
  C:\Windows\System\HwPTjux.exe
  2⤵
  PID:7872
- C:\Windows\System\ccAHsUU.exe
  C:\Windows\System\ccAHsUU.exe
  2⤵
  PID:1088
- C:\Windows\System\gOxUvND.exe
  C:\Windows\System\gOxUvND.exe
  2⤵
  PID:2856
- C:\Windows\System\KdSOOzu.exe
  C:\Windows\System\KdSOOzu.exe
  2⤵
  PID:8112
- C:\Windows\System\xZaQkfT.exe
  C:\Windows\System\xZaQkfT.exe
  2⤵
  PID:8136
- C:\Windows\System\GZCAknJ.exe
  C:\Windows\System\GZCAknJ.exe
  2⤵
  PID:8132
- C:\Windows\System\wiCctGr.exe
  C:\Windows\System\wiCctGr.exe
  2⤵
  PID:6964
- C:\Windows\System\TwcOkfN.exe
  C:\Windows\System\TwcOkfN.exe
  2⤵
  PID:1860
- C:\Windows\System\wyodJZs.exe
  C:\Windows\System\wyodJZs.exe
  2⤵
  PID:7324
- C:\Windows\System\DTkLqzm.exe
  C:\Windows\System\DTkLqzm.exe
  2⤵
  PID:844
- C:\Windows\System\vIBbqxr.exe
  C:\Windows\System\vIBbqxr.exe
  2⤵
  PID:7408
- C:\Windows\System\fzzxtof.exe
  C:\Windows\System\fzzxtof.exe
  2⤵
  PID:7428
- C:\Windows\System\Tlhpukn.exe
  C:\Windows\System\Tlhpukn.exe
  2⤵
  PID:7524
- C:\Windows\System\wjMoQFH.exe
  C:\Windows\System\wjMoQFH.exe
  2⤵
  PID:7236
- C:\Windows\System\uybZjOG.exe
  C:\Windows\System\uybZjOG.exe
  2⤵
  PID:7632
- C:\Windows\System\FZtMYpZ.exe
  C:\Windows\System\FZtMYpZ.exe
  2⤵
  PID:2940
- C:\Windows\System\CltqoFz.exe
  C:\Windows\System\CltqoFz.exe
  2⤵
  PID:7772
- C:\Windows\System\JeSgsbj.exe
  C:\Windows\System\JeSgsbj.exe
  2⤵
  PID:7864
- C:\Windows\System\lJEprLR.exe
  C:\Windows\System\lJEprLR.exe
  2⤵
  PID:7832
- C:\Windows\System\iIcHnIV.exe
  C:\Windows\System\iIcHnIV.exe
  2⤵
  PID:8060
- C:\Windows\System\TPggtWA.exe
  C:\Windows\System\TPggtWA.exe
  2⤵
  PID:8036
- C:\Windows\System\sQdRmdS.exe
  C:\Windows\System\sQdRmdS.exe
  2⤵
  PID:2600
- C:\Windows\System\CSqrkha.exe
  C:\Windows\System\CSqrkha.exe
  2⤵
  PID:7344
- C:\Windows\System\omBCHto.exe
  C:\Windows\System\omBCHto.exe
  2⤵
  PID:2268
- C:\Windows\System\FqQUMJC.exe
  C:\Windows\System\FqQUMJC.exe
  2⤵
  PID:7300
- C:\Windows\System\tJRqicc.exe
  C:\Windows\System\tJRqicc.exe
  2⤵
  PID:828
- C:\Windows\System\LrIkrkx.exe
  C:\Windows\System\LrIkrkx.exe
  2⤵
  PID:7452
- C:\Windows\System\IHQGxwG.exe
  C:\Windows\System\IHQGxwG.exe
  2⤵
  PID:7572
- C:\Windows\System\PpEDHsn.exe
  C:\Windows\System\PpEDHsn.exe
  2⤵
  PID:7708
- C:\Windows\System\zfGBrCx.exe
  C:\Windows\System\zfGBrCx.exe
  2⤵
  PID:7892
- C:\Windows\System\dvUWqtN.exe
  C:\Windows\System\dvUWqtN.exe
  2⤵
  PID:8152
- C:\Windows\System\JmgkPmF.exe
  C:\Windows\System\JmgkPmF.exe
  2⤵
  PID:6668
- C:\Windows\System\pmSznGa.exe
  C:\Windows\System\pmSznGa.exe
  2⤵
  PID:2172
- C:\Windows\System\gmXRoSt.exe
  C:\Windows\System\gmXRoSt.exe
  2⤵
  PID:7752
- C:\Windows\System\BpEqPFa.exe
  C:\Windows\System\BpEqPFa.exe
  2⤵
  PID:8096
- C:\Windows\System\KqAPnmy.exe
  C:\Windows\System\KqAPnmy.exe
  2⤵
  PID:7308
- C:\Windows\System\RMguKAm.exe
  C:\Windows\System\RMguKAm.exe
  2⤵
  PID:7952
- C:\Windows\System\jFRMLKS.exe
  C:\Windows\System\jFRMLKS.exe
  2⤵
  PID:7564
- C:\Windows\System\HuuUvgA.exe
  C:\Windows\System\HuuUvgA.exe
  2⤵
  PID:7648
- C:\Windows\System\HBnZcaB.exe
  C:\Windows\System\HBnZcaB.exe
  2⤵
  PID:1544
- C:\Windows\System\fXKNAhT.exe
  C:\Windows\System\fXKNAhT.exe
  2⤵
  PID:8196
- C:\Windows\System\tvGDBJP.exe
  C:\Windows\System\tvGDBJP.exe
  2⤵
  PID:8216
- C:\Windows\System\sWkfeFd.exe
  C:\Windows\System\sWkfeFd.exe
  2⤵
  PID:8232
- C:\Windows\System\GPgNxwX.exe
  C:\Windows\System\GPgNxwX.exe
  2⤵
  PID:8248
- C:\Windows\System\RqHAOaL.exe
  C:\Windows\System\RqHAOaL.exe
  2⤵
  PID:8268
- C:\Windows\System\sqvsyjc.exe
  C:\Windows\System\sqvsyjc.exe
  2⤵
  PID:8296
- C:\Windows\System\FVFCJhz.exe
  C:\Windows\System\FVFCJhz.exe
  2⤵
  PID:8320
- C:\Windows\System\pWfWbZj.exe
  C:\Windows\System\pWfWbZj.exe
  2⤵
  PID:8336
- C:\Windows\System\vXcZNpE.exe
  C:\Windows\System\vXcZNpE.exe
  2⤵
  PID:8356
- C:\Windows\System\qWNteHW.exe
  C:\Windows\System\qWNteHW.exe
  2⤵
  PID:8384
- C:\Windows\System\tjuKYeC.exe
  C:\Windows\System\tjuKYeC.exe
  2⤵
  PID:8400
- C:\Windows\System\qsoBxfO.exe
  C:\Windows\System\qsoBxfO.exe
  2⤵
  PID:8416
- C:\Windows\System\lqSENEV.exe
  C:\Windows\System\lqSENEV.exe
  2⤵
  PID:8432
- C:\Windows\System\kkEdnVL.exe
  C:\Windows\System\kkEdnVL.exe
  2⤵
  PID:8448
- C:\Windows\System\Ynkqibg.exe
  C:\Windows\System\Ynkqibg.exe
  2⤵
  PID:8464
- C:\Windows\System\fSLDXsG.exe
  C:\Windows\System\fSLDXsG.exe
  2⤵
  PID:8480
- C:\Windows\System\QpVKsnE.exe
  C:\Windows\System\QpVKsnE.exe
  2⤵
  PID:8496
- C:\Windows\System\cltKOGL.exe
  C:\Windows\System\cltKOGL.exe
  2⤵
  PID:8512
- C:\Windows\System\qpwGGgs.exe
  C:\Windows\System\qpwGGgs.exe
  2⤵
  PID:8528
- C:\Windows\System\iDyglAT.exe
  C:\Windows\System\iDyglAT.exe
  2⤵
  PID:8568
- C:\Windows\System\TOfjzGH.exe
  C:\Windows\System\TOfjzGH.exe
  2⤵
  PID:8588
- C:\Windows\System\cqbcbPT.exe
  C:\Windows\System\cqbcbPT.exe
  2⤵
  PID:8604
- C:\Windows\System\wxdIyfz.exe
  C:\Windows\System\wxdIyfz.exe
  2⤵
  PID:8620
- C:\Windows\System\UNFDHcu.exe
  C:\Windows\System\UNFDHcu.exe
  2⤵
  PID:8668
- C:\Windows\System\OrctYOh.exe
  C:\Windows\System\OrctYOh.exe
  2⤵
  PID:8684
- C:\Windows\System\NoYoDjJ.exe
  C:\Windows\System\NoYoDjJ.exe
  2⤵
  PID:8700
- C:\Windows\System\xPqSpln.exe
  C:\Windows\System\xPqSpln.exe
  2⤵
  PID:8724
- C:\Windows\System\zHQfXtu.exe
  C:\Windows\System\zHQfXtu.exe
  2⤵
  PID:8740
- C:\Windows\System\jCsSVut.exe
  C:\Windows\System\jCsSVut.exe
  2⤵
  PID:8756
- C:\Windows\System\HsTPpVx.exe
  C:\Windows\System\HsTPpVx.exe
  2⤵
  PID:8772
- C:\Windows\System\uMumTog.exe
  C:\Windows\System\uMumTog.exe
  2⤵
  PID:8788
- C:\Windows\System\aJxFWxq.exe
  C:\Windows\System\aJxFWxq.exe
  2⤵
  PID:8812
- C:\Windows\System\kftWFvf.exe
  C:\Windows\System\kftWFvf.exe
  2⤵
  PID:8828
- C:\Windows\System\rBHvKty.exe
  C:\Windows\System\rBHvKty.exe
  2⤵
  PID:8844
- C:\Windows\System\hvSifga.exe
  C:\Windows\System\hvSifga.exe
  2⤵
  PID:8872
- C:\Windows\System\cQTtypF.exe
  C:\Windows\System\cQTtypF.exe
  2⤵
  PID:8892
- C:\Windows\System\sKqIiPq.exe
  C:\Windows\System\sKqIiPq.exe
  2⤵
  PID:8920
- C:\Windows\System\WPAJcMu.exe
  C:\Windows\System\WPAJcMu.exe
  2⤵
  PID:8936
- C:\Windows\System\KkNiLvg.exe
  C:\Windows\System\KkNiLvg.exe
  2⤵
  PID:8952
- C:\Windows\System\lYhXdtI.exe
  C:\Windows\System\lYhXdtI.exe
  2⤵
  PID:8968
- C:\Windows\System\eWQphLo.exe
  C:\Windows\System\eWQphLo.exe
  2⤵
  PID:8984
- C:\Windows\System\pzOGFQn.exe
  C:\Windows\System\pzOGFQn.exe
  2⤵
  PID:9000
- C:\Windows\System\ymCeEcP.exe
  C:\Windows\System\ymCeEcP.exe
  2⤵
  PID:9016
- C:\Windows\System\iiQXhvG.exe
  C:\Windows\System\iiQXhvG.exe
  2⤵
  PID:9036
- C:\Windows\System\WaDswrl.exe
  C:\Windows\System\WaDswrl.exe
  2⤵
  PID:9056
- C:\Windows\System\uagdUKM.exe
  C:\Windows\System\uagdUKM.exe
  2⤵
  PID:9084
- C:\Windows\System\ygsERmr.exe
  C:\Windows\System\ygsERmr.exe
  2⤵
  PID:9104
- C:\Windows\System\ffrAccD.exe
  C:\Windows\System\ffrAccD.exe
  2⤵
  PID:9120
- C:\Windows\System\iATKsgV.exe
  C:\Windows\System\iATKsgV.exe
  2⤵
  PID:9144
- C:\Windows\System\XsnuKMh.exe
  C:\Windows\System\XsnuKMh.exe
  2⤵
  PID:9176
- C:\Windows\System\jwrukpv.exe
  C:\Windows\System\jwrukpv.exe
  2⤵
  PID:9196
- C:\Windows\System\oJUvAvL.exe
  C:\Windows\System\oJUvAvL.exe
  2⤵
  PID:8208
- C:\Windows\System\jzdzJRx.exe
  C:\Windows\System\jzdzJRx.exe
  2⤵
  PID:8228
- C:\Windows\System\aYceGeU.exe
  C:\Windows\System\aYceGeU.exe
  2⤵
  PID:8284
- C:\Windows\System\PNxbMys.exe
  C:\Windows\System\PNxbMys.exe
  2⤵
  PID:8304
- C:\Windows\System\OyBWTUn.exe
  C:\Windows\System\OyBWTUn.exe
  2⤵
  PID:8344
- C:\Windows\System\pMOiTpW.exe
  C:\Windows\System\pMOiTpW.exe
  2⤵
  PID:8352
- C:\Windows\System\iLFZRvd.exe
  C:\Windows\System\iLFZRvd.exe
  2⤵
  PID:8440
- C:\Windows\System\oUgEccJ.exe
  C:\Windows\System\oUgEccJ.exe
  2⤵
  PID:8424
- C:\Windows\System\iXBRowL.exe
  C:\Windows\System\iXBRowL.exe
  2⤵
  PID:8536
- C:\Windows\System\uXeWbjB.exe
  C:\Windows\System\uXeWbjB.exe
  2⤵
  PID:8564
- C:\Windows\System\emQYMLy.exe
  C:\Windows\System\emQYMLy.exe
  2⤵
  PID:8460
- C:\Windows\System\ixQhXnf.exe
  C:\Windows\System\ixQhXnf.exe
  2⤵
  PID:8520
- C:\Windows\System\ksWMeso.exe
  C:\Windows\System\ksWMeso.exe
  2⤵
  PID:8648
- C:\Windows\System\HgEluDQ.exe
  C:\Windows\System\HgEluDQ.exe
  2⤵
  PID:8800
- C:\Windows\System\sdIgRUT.exe
  C:\Windows\System\sdIgRUT.exe
  2⤵
  PID:8840
- C:\Windows\System\vFWUQxl.exe
  C:\Windows\System\vFWUQxl.exe
  2⤵
  PID:8780
- C:\Windows\System\oZCAUDB.exe
  C:\Windows\System\oZCAUDB.exe
  2⤵
  PID:8852
- C:\Windows\System\fMKyorB.exe
  C:\Windows\System\fMKyorB.exe
  2⤵
  PID:8888
- C:\Windows\System\uCgESLl.exe
  C:\Windows\System\uCgESLl.exe
  2⤵
  PID:8900
- C:\Windows\System\AaDVOFZ.exe
  C:\Windows\System\AaDVOFZ.exe
  2⤵
  PID:8964
- C:\Windows\System\lRbOceH.exe
  C:\Windows\System\lRbOceH.exe
  2⤵
  PID:8912
- C:\Windows\System\OWqlZns.exe
  C:\Windows\System\OWqlZns.exe
  2⤵
  PID:8976
- C:\Windows\System\HkCaNqE.exe
  C:\Windows\System\HkCaNqE.exe
  2⤵
  PID:8948
- C:\Windows\System\rKCHDSI.exe
  C:\Windows\System\rKCHDSI.exe
  2⤵
  PID:9012
- C:\Windows\System\lhYGDyk.exe
  C:\Windows\System\lhYGDyk.exe
  2⤵
  PID:9100
- C:\Windows\System\KUFVkhv.exe
  C:\Windows\System\KUFVkhv.exe
  2⤵
  PID:9156
- C:\Windows\System\NkyOQkI.exe
  C:\Windows\System\NkyOQkI.exe
  2⤵
  PID:9204
- C:\Windows\System\WqrCiCD.exe
  C:\Windows\System\WqrCiCD.exe
  2⤵
  PID:8212
- C:\Windows\System\otzFfFo.exe
  C:\Windows\System\otzFfFo.exe
  2⤵
  PID:9188
- C:\Windows\System\NHpBdvx.exe
  C:\Windows\System\NHpBdvx.exe
  2⤵
  PID:8288
- C:\Windows\System\JTaLTlU.exe
  C:\Windows\System\JTaLTlU.exe
  2⤵
  PID:8332
- C:\Windows\System\hpvzvpA.exe
  C:\Windows\System\hpvzvpA.exe
  2⤵
  PID:8408
- C:\Windows\System\DiAnqFL.exe
  C:\Windows\System\DiAnqFL.exe
  2⤵
  PID:8560
- C:\Windows\System\cFhqbFM.exe
  C:\Windows\System\cFhqbFM.exe
  2⤵
  PID:8492
- C:\Windows\System\LqNsEMM.exe
  C:\Windows\System\LqNsEMM.exe
  2⤵
  PID:8616
- C:\Windows\System\qTBKTYf.exe
  C:\Windows\System\qTBKTYf.exe
  2⤵
  PID:9048
- C:\Windows\System\lELLojS.exe
  C:\Windows\System\lELLojS.exe
  2⤵
  PID:8488
- C:\Windows\System\obvUXMU.exe
  C:\Windows\System\obvUXMU.exe
  2⤵
  PID:8664
- C:\Windows\System\TNnYHaI.exe
  C:\Windows\System\TNnYHaI.exe
  2⤵
  PID:8732
- C:\Windows\System\uMNBlXt.exe
  C:\Windows\System\uMNBlXt.exe
  2⤵
  PID:8708
- C:\Windows\System\GDpWsro.exe
  C:\Windows\System\GDpWsro.exe
  2⤵
  PID:8748
- C:\Windows\System\DkesdbI.exe
  C:\Windows\System\DkesdbI.exe
  2⤵
  PID:8884
- C:\Windows\System\EnNbUdp.exe
  C:\Windows\System\EnNbUdp.exe
  2⤵
  PID:8932
- C:\Windows\System\zBOXZhC.exe
  C:\Windows\System\zBOXZhC.exe
  2⤵
  PID:9076
- C:\Windows\System\ZmrNfpF.exe
  C:\Windows\System\ZmrNfpF.exe
  2⤵
  PID:9112
- C:\Windows\System\RHQMvyS.exe
  C:\Windows\System\RHQMvyS.exe
  2⤵
  PID:8980
- C:\Windows\System\Qmmaewj.exe
  C:\Windows\System\Qmmaewj.exe
  2⤵
  PID:9184
- C:\Windows\System\wnpdHZo.exe
  C:\Windows\System\wnpdHZo.exe
  2⤵
  PID:8328
- C:\Windows\System\imLjfTB.exe
  C:\Windows\System\imLjfTB.exe
  2⤵
  PID:9152
- C:\Windows\System\fwaBeCn.exe
  C:\Windows\System\fwaBeCn.exe
  2⤵
  PID:8364
- C:\Windows\System\UHazpcZ.exe
  C:\Windows\System\UHazpcZ.exe
  2⤵
  PID:8472
- C:\Windows\System\MEKuIQr.exe
  C:\Windows\System\MEKuIQr.exe
  2⤵
  PID:8544
- C:\Windows\System\JeSefPx.exe
  C:\Windows\System\JeSefPx.exe
  2⤵
  PID:8636
- C:\Windows\System\acRetgs.exe
  C:\Windows\System\acRetgs.exe
  2⤵
  PID:8548
- C:\Windows\System\MGdarxL.exe
  C:\Windows\System\MGdarxL.exe
  2⤵
  PID:8696
- C:\Windows\System\GqcQTiJ.exe
  C:\Windows\System\GqcQTiJ.exe
  2⤵
  PID:8820
- C:\Windows\System\bmYynWt.exe
  C:\Windows\System\bmYynWt.exe
  2⤵
  PID:8908
- C:\Windows\System\KTCLrwv.exe
  C:\Windows\System\KTCLrwv.exe
  2⤵
  PID:9172
- C:\Windows\System\BzlDnAA.exe
  C:\Windows\System\BzlDnAA.exe
  2⤵
  PID:8996
- C:\Windows\System\gwNsHrR.exe
  C:\Windows\System\gwNsHrR.exe
  2⤵
  PID:9064
- C:\Windows\System\aQtLXAR.exe
  C:\Windows\System\aQtLXAR.exe
  2⤵
  PID:8504
- C:\Windows\System\opvsthg.exe
  C:\Windows\System\opvsthg.exe
  2⤵
  PID:8796
- C:\Windows\System\Adocnrb.exe
  C:\Windows\System\Adocnrb.exe
  2⤵
  PID:9032
- C:\Windows\System\mIjCbvR.exe
  C:\Windows\System\mIjCbvR.exe
  2⤵
  PID:8380
- C:\Windows\System\aFAlYOF.exe
  C:\Windows\System\aFAlYOF.exe
  2⤵
  PID:9008
- C:\Windows\System\ZnNxLuA.exe
  C:\Windows\System\ZnNxLuA.exe
  2⤵
  PID:9096
- C:\Windows\System\FEGQIEC.exe
  C:\Windows\System\FEGQIEC.exe
  2⤵
  PID:6368
- C:\Windows\System\gmJWNYc.exe
  C:\Windows\System\gmJWNYc.exe
  2⤵
  PID:8880
- C:\Windows\System\GJfOZIV.exe
  C:\Windows\System\GJfOZIV.exe
  2⤵
  PID:8632
- C:\Windows\System\qJfBJGE.exe
  C:\Windows\System\qJfBJGE.exe
  2⤵
  PID:9068
- C:\Windows\System\WVuNnQm.exe
  C:\Windows\System\WVuNnQm.exe
  2⤵
  PID:8392
- C:\Windows\System\aTFsoFP.exe
  C:\Windows\System\aTFsoFP.exe
  2⤵
  PID:9072
- C:\Windows\System\AWSaRep.exe
  C:\Windows\System\AWSaRep.exe
  2⤵
  PID:9136
- C:\Windows\System\lpAVDss.exe
  C:\Windows\System\lpAVDss.exe
  2⤵
  PID:8508
- C:\Windows\System\ZnBJaed.exe
  C:\Windows\System\ZnBJaed.exe
  2⤵
  PID:8904
- C:\Windows\System\YrAaHFI.exe
  C:\Windows\System\YrAaHFI.exe
  2⤵
  PID:9236
- C:\Windows\System\pqzgtDH.exe
  C:\Windows\System\pqzgtDH.exe
  2⤵
  PID:9252
- C:\Windows\System\AsDpBXc.exe
  C:\Windows\System\AsDpBXc.exe
  2⤵
  PID:9268
- C:\Windows\System\YoSEBKU.exe
  C:\Windows\System\YoSEBKU.exe
  2⤵
  PID:9284
- C:\Windows\System\hMFJcGV.exe
  C:\Windows\System\hMFJcGV.exe
  2⤵
  PID:9300
- C:\Windows\System\nEndUqb.exe
  C:\Windows\System\nEndUqb.exe
  2⤵
  PID:9324
- C:\Windows\System\LjAHmPY.exe
  C:\Windows\System\LjAHmPY.exe
  2⤵
  PID:9340
- C:\Windows\System\INSUhsN.exe
  C:\Windows\System\INSUhsN.exe
  2⤵
  PID:9364
- C:\Windows\System\hxLSmKh.exe
  C:\Windows\System\hxLSmKh.exe
  2⤵
  PID:9380
- C:\Windows\System\ZTAIwhe.exe
  C:\Windows\System\ZTAIwhe.exe
  2⤵
  PID:9400
- C:\Windows\System\Yahmwyb.exe
  C:\Windows\System\Yahmwyb.exe
  2⤵
  PID:9416
- C:\Windows\System\nMrWhdw.exe
  C:\Windows\System\nMrWhdw.exe
  2⤵
  PID:9432
- C:\Windows\System\mgUFtTJ.exe
  C:\Windows\System\mgUFtTJ.exe
  2⤵
  PID:9452
- C:\Windows\System\qsLHRwc.exe
  C:\Windows\System\qsLHRwc.exe
  2⤵
  PID:9468
- C:\Windows\System\OXzispC.exe
  C:\Windows\System\OXzispC.exe
  2⤵
  PID:9492
- C:\Windows\System\qHYPPRQ.exe
  C:\Windows\System\qHYPPRQ.exe
  2⤵
  PID:9508
- C:\Windows\System\BautuNc.exe
  C:\Windows\System\BautuNc.exe
  2⤵
  PID:9528
- C:\Windows\System\NfYVtZm.exe
  C:\Windows\System\NfYVtZm.exe
  2⤵
  PID:9544
- C:\Windows\System\jMyGsUh.exe
  C:\Windows\System\jMyGsUh.exe
  2⤵
  PID:9564
- C:\Windows\System\cfjbswP.exe
  C:\Windows\System\cfjbswP.exe
  2⤵
  PID:9584
- C:\Windows\System\RZEBPYH.exe
  C:\Windows\System\RZEBPYH.exe
  2⤵
  PID:9608
- C:\Windows\System\mHJRIGr.exe
  C:\Windows\System\mHJRIGr.exe
  2⤵
  PID:9624
- C:\Windows\System\EyXILfN.exe
  C:\Windows\System\EyXILfN.exe
  2⤵
  PID:9644
- C:\Windows\System\iygICjw.exe
  C:\Windows\System\iygICjw.exe
  2⤵
  PID:9664
- C:\Windows\System\SOUnNyb.exe
  C:\Windows\System\SOUnNyb.exe
  2⤵
  PID:9724
- C:\Windows\System\yDNVPzY.exe
  C:\Windows\System\yDNVPzY.exe
  2⤵
  PID:9740
- C:\Windows\System\PCWAcXy.exe
  C:\Windows\System\PCWAcXy.exe
  2⤵
  PID:9760
- C:\Windows\System\YkdHqhn.exe
  C:\Windows\System\YkdHqhn.exe
  2⤵
  PID:9780
- C:\Windows\System\iUJocvr.exe
  C:\Windows\System\iUJocvr.exe
  2⤵
  PID:9796
- C:\Windows\System\AQFsqJm.exe
  C:\Windows\System\AQFsqJm.exe
  2⤵
  PID:9812
- C:\Windows\System\BIXIVxw.exe
  C:\Windows\System\BIXIVxw.exe
  2⤵
  PID:9832
- C:\Windows\System\dykYtPw.exe
  C:\Windows\System\dykYtPw.exe
  2⤵
  PID:9848
- C:\Windows\System\WfQinZJ.exe
  C:\Windows\System\WfQinZJ.exe
  2⤵
  PID:9868
- C:\Windows\System\wGGJhfj.exe
  C:\Windows\System\wGGJhfj.exe
  2⤵
  PID:9884
- C:\Windows\System\SXsvsDo.exe
  C:\Windows\System\SXsvsDo.exe
  2⤵
  PID:9912
- C:\Windows\System\EULHims.exe
  C:\Windows\System\EULHims.exe
  2⤵
  PID:9928
- C:\Windows\System\euVcQAF.exe
  C:\Windows\System\euVcQAF.exe
  2⤵
  PID:9952
- C:\Windows\System\mDmTpPS.exe
  C:\Windows\System\mDmTpPS.exe
  2⤵
  PID:9980
- C:\Windows\System\HdadKkN.exe
  C:\Windows\System\HdadKkN.exe
  2⤵
  PID:9996
- C:\Windows\System\GmwSxWO.exe
  C:\Windows\System\GmwSxWO.exe
  2⤵
  PID:10016
- C:\Windows\System\QNKFBgX.exe
  C:\Windows\System\QNKFBgX.exe
  2⤵
  PID:10044
- C:\Windows\System\BQANwrm.exe
  C:\Windows\System\BQANwrm.exe
  2⤵
  PID:10064
- C:\Windows\System\TYrPytD.exe
  C:\Windows\System\TYrPytD.exe
  2⤵
  PID:10080
- C:\Windows\System\kCzSkeB.exe
  C:\Windows\System\kCzSkeB.exe
  2⤵
  PID:10104
- C:\Windows\System\HSEvfad.exe
  C:\Windows\System\HSEvfad.exe
  2⤵
  PID:10120
- C:\Windows\System\HciwWlp.exe
  C:\Windows\System\HciwWlp.exe
  2⤵
  PID:10136
- C:\Windows\System\JhnJCkX.exe
  C:\Windows\System\JhnJCkX.exe
  2⤵
  PID:10152
- C:\Windows\System\AciQJIo.exe
  C:\Windows\System\AciQJIo.exe
  2⤵
  PID:10176
- C:\Windows\System\cZRahrx.exe
  C:\Windows\System\cZRahrx.exe
  2⤵
  PID:10196
- C:\Windows\System\FAsOMaO.exe
  C:\Windows\System\FAsOMaO.exe
  2⤵
  PID:10220
- C:\Windows\System\OqQvCDx.exe
  C:\Windows\System\OqQvCDx.exe
  2⤵
  PID:10236
- C:\Windows\System\SbcdUJv.exe
  C:\Windows\System\SbcdUJv.exe
  2⤵
  PID:8692
- C:\Windows\System\KozSsjG.exe
  C:\Windows\System\KozSsjG.exe
  2⤵
  PID:9280
- C:\Windows\System\KXLfDRR.exe
  C:\Windows\System\KXLfDRR.exe
  2⤵
  PID:9352
- C:\Windows\System\JZoedOs.exe
  C:\Windows\System\JZoedOs.exe
  2⤵
  PID:9388
- C:\Windows\System\sASfrDw.exe
  C:\Windows\System\sASfrDw.exe
  2⤵
  PID:9428
- C:\Windows\System\bfPAbJl.exe
  C:\Windows\System\bfPAbJl.exe
  2⤵
  PID:9500
- C:\Windows\System\rUGdpxZ.exe
  C:\Windows\System\rUGdpxZ.exe
  2⤵
  PID:9572
- C:\Windows\System\CBldpsC.exe
  C:\Windows\System\CBldpsC.exe
  2⤵
  PID:9480
- C:\Windows\System\XlCTBks.exe
  C:\Windows\System\XlCTBks.exe
  2⤵
  PID:9292
- C:\Windows\System\xxPPhfB.exe
  C:\Windows\System\xxPPhfB.exe
  2⤵
  PID:9336
- C:\Windows\System\FOpNOfU.exe
  C:\Windows\System\FOpNOfU.exe
  2⤵
  PID:9524
- C:\Windows\System\WPAOfVt.exe
  C:\Windows\System\WPAOfVt.exe
  2⤵
  PID:9596
- C:\Windows\System\YUyyGTQ.exe
  C:\Windows\System\YUyyGTQ.exe
  2⤵
  PID:9652
- C:\Windows\System\gdUgXIh.exe
  C:\Windows\System\gdUgXIh.exe
  2⤵
  PID:9684
- C:\Windows\System\yYghPzJ.exe
  C:\Windows\System\yYghPzJ.exe
  2⤵
  PID:9700
- C:\Windows\System\FEcuntw.exe
  C:\Windows\System\FEcuntw.exe
  2⤵
  PID:9720
- C:\Windows\System\TJPLpjD.exe
  C:\Windows\System\TJPLpjD.exe
  2⤵
  PID:9748
- C:\Windows\System\IPtjyun.exe
  C:\Windows\System\IPtjyun.exe
  2⤵
  PID:9844
- C:\Windows\System\ERwFDdr.exe
  C:\Windows\System\ERwFDdr.exe
  2⤵
  PID:9756
- C:\Windows\System\QNxSALp.exe
  C:\Windows\System\QNxSALp.exe
  2⤵
  PID:9920
- C:\Windows\System\LscJOvs.exe
  C:\Windows\System\LscJOvs.exe
  2⤵
  PID:9960
- C:\Windows\System\hNfubaZ.exe
  C:\Windows\System\hNfubaZ.exe
  2⤵
  PID:9896
- C:\Windows\System\lEHOCFI.exe
  C:\Windows\System\lEHOCFI.exe
  2⤵
  PID:10004
- C:\Windows\System\jEinQWu.exe
  C:\Windows\System\jEinQWu.exe
  2⤵
  PID:9936
- C:\Windows\System\kFmdZEg.exe
  C:\Windows\System\kFmdZEg.exe
  2⤵
  PID:10032
- C:\Windows\System\hiSsZGh.exe
  C:\Windows\System\hiSsZGh.exe
  2⤵
  PID:10028
- C:\Windows\System\NltmYzk.exe
  C:\Windows\System\NltmYzk.exe
  2⤵
  PID:10092
- C:\Windows\System\MgwZbKO.exe
  C:\Windows\System\MgwZbKO.exe
  2⤵
  PID:10128
- C:\Windows\System\nNQKUIr.exe
  C:\Windows\System\nNQKUIr.exe
  2⤵
  PID:10168
- C:\Windows\System\aEDiqze.exe
  C:\Windows\System\aEDiqze.exe
  2⤵
  PID:10212
- C:\Windows\System\OtSwqyD.exe
  C:\Windows\System\OtSwqyD.exe
  2⤵
  PID:10184
- C:\Windows\System\FhrnlTw.exe
  C:\Windows\System\FhrnlTw.exe
  2⤵
  PID:9396
- C:\Windows\System\GUPhFTj.exe
  C:\Windows\System\GUPhFTj.exe
  2⤵
  PID:9232
- C:\Windows\System\ApRrltB.exe
  C:\Windows\System\ApRrltB.exe
  2⤵
  PID:9408
- C:\Windows\System\vZBySLR.exe
  C:\Windows\System\vZBySLR.exe
  2⤵
  PID:10228
- C:\Windows\System\RlMQkFs.exe
  C:\Windows\System\RlMQkFs.exe
  2⤵
  PID:9516
- C:\Windows\System\iysxGfO.exe
  C:\Windows\System\iysxGfO.exe
  2⤵
  PID:9248
- C:\Windows\System\oDKOLuV.exe
  C:\Windows\System\oDKOLuV.exe
  2⤵
  PID:9580
- C:\Windows\System\LyFXYNu.exe
  C:\Windows\System\LyFXYNu.exe
  2⤵
  PID:9636
- C:\Windows\System\hATdngQ.exe
  C:\Windows\System\hATdngQ.exe
  2⤵
  PID:9696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CyQhpiW.exe

Filesize
6.0MB

MD5
e47aaaafe03892a104146c193677c7ca

SHA1
3ceb3f8ee66e6d03c707ae84721755a02a800a0b

SHA256
96a4ab360df857dfd35f96babcb4c88c28be47bec93064e8d4169519c16f4ffa

SHA512
f65e1353fd4493ae84808dfdb90f3d36e57cf7f782620011d4950ab17335b0d666be71bf6ed8efa968526d196c3b0dbe702cfb322ae9fdaec9f00083f90f0f9e

Download Submit
C:\Windows\system\DVIHZLv.exe

Filesize
6.0MB

MD5
527c409e3b632c63c6c863f3a919ca21

SHA1
df221c7157493310824c8bd340516288a55ba0b3

SHA256
997ed51d0e9d0afc2ceceffc5a54d6391083947195a668486f4747d257b1fcb0

SHA512
fa0ae06dc1c81340cb8f1807d343d4735eaf5982bdbf5e226325b8181be552e07a21ae78de8d21e5d8df2da514225ac681a858b041033f772ca3ad54e9254329

Download Submit
C:\Windows\system\FBbOCFQ.exe

Filesize
6.0MB

MD5
1dfb46714c1b65da12ef188315786e64

SHA1
d43198fd8f87f4a1b6565a099881e03bbf4c9c0b

SHA256
ec0d67e5ec6c4a2b053d706116f07fac6c2356ed16d6762a84ed770738235db7

SHA512
074e8b5c33488e78cf5fd473b23addd207bbf2f5e93c61e417719edec410342739071d6fafe7b26adf0b851188be3d6bf14230cddb9fda50333ad528a5e714be

Download Submit
C:\Windows\system\FRSvHcJ.exe

Filesize
6.0MB

MD5
fde40d53435df8553c6e4da1273e91c1

SHA1
f9d07859e2625f4b39548a2a541940a705ef5da6

SHA256
75792fa5522563c91afb65b90e313a2efea3be8d78f051af16cc179bb4141948

SHA512
ff73ab0ec8a2cbd4b7235ba344d189fc61c22d3f5e6ca7be10ec54e0a280d0a78ba81280f3503bc15e8083bb0bda980636d790f8212e0f5c16e35ec53dec030a

Download Submit
C:\Windows\system\FtaQIea.exe

Filesize
6.0MB

MD5
4b4a59c53ed096639615b8a24cac86e5

SHA1
1e070656d2552ec5e7a363fa51efd1df5802b2fd

SHA256
469b1f4f9e84474b5352a1f8071d5f64ebd7ff7a89d4db57a31f110578b72323

SHA512
efd1447dabc73e57b4878b9a2384552a56966081e6e4187ec5ea27b19d8f63f55eb373ecc7384a445ce916c90e49fbd8c0fa0b69659cd473e313c821760f0a2f

Download Submit
C:\Windows\system\HyACorR.exe

Filesize
6.0MB

MD5
823c5aadebcbf28b3c7d0f6854bd074f

SHA1
a34258c8bc666d2b141414fcc2931fefaa31eb82

SHA256
745986dbbbd7cd96add6f2dc07fbae750a98c8a2bfc97799708fa756ab307eb8

SHA512
642b06a82aa2848a3e28eeea7fb4a9affbccdc0a725b115e7a2a39f3496b68305b6261974c7167bbc849cecf710a873ea075f643dbf050fe203a8787f52db19b

Download Submit
C:\Windows\system\JoizdWG.exe

Filesize
6.0MB

MD5
8dd4edbc6e78d7809fc5fcc8ce0bb761

SHA1
77e4ec68bd0a65a236e448f9af4bbc925aae8c1a

SHA256
0cdd71d13cc34217511e3ce63aaf599fd69ebb6c9feb53c176480b82abb7ec0f

SHA512
51ae673d77e60c3467d47238fbf0a1ca4867e6ebc3dfd62440571fe178ceca2ce2dc3a2faca4b355eb59be15f073ed61e2296ca68d2a1ee71e0092a4be52d762

Download Submit
C:\Windows\system\MkleCAP.exe

Filesize
6.0MB

MD5
f4497c70f1ed86bb5991476e06a1e8f3

SHA1
69c1afb098c58c21d9a882e5044aa057850310cc

SHA256
8a459a39796ed48799987019747a48cdbc6f055faab8459703d1d80f76283681

SHA512
162d7aa6a570d0f6982816037e226a80b14176c9da8ec7884546c873fff8abeec5533222dbc8ccd7e4fb0abdf9a413ea1e385ddac8abe5627eea63d8c019484f

Download Submit
C:\Windows\system\OKQopSs.exe

Filesize
6.0MB

MD5
a84fe7a8f282f565ba2c3cac0d22e3d0

SHA1
d313d386cf1d56e74e3ec7e592c08d71d579904e

SHA256
1deb4835bd378d0f65e137b221c8d8687a50d280b364e9368bbb2b8025db702c

SHA512
034a1f7cec9755de54325021d5bfed3fcfb21a017801ceadc9b911e41fae7964abf3319419afb66279b485a537003249ef794e2b0b953452bf8c8b47537f953b

Download Submit
C:\Windows\system\PnUgWun.exe

Filesize
6.0MB

MD5
175e08ee19d401aee18f3930ef352f03

SHA1
3681481a54dd0ae0e2d317b656c714e530da8b8a

SHA256
e56a129b46220dd711e518c89b8a32b6f2bd632b22ff41f1e060ab8ec6de912b

SHA512
1883242982f3f1e200e566497369356895dd13233d2c72a91fd9c6daba909e1667b4bd9489b12e999120c3da43e745bee636d2503932a3f409644e87d6bc735d

Download Submit
C:\Windows\system\QHEqkbi.exe

Filesize
6.0MB

MD5
e5cda652a9bb8a9d25c58d9a62a2c030

SHA1
d0c0d3acd43024e8f2b53ba64c9bf64f86a661dd

SHA256
f7112a827d03ec42799036b63d1d227001d0f6fcf5ef8ed8db76ac415abc69b8

SHA512
373a9f3cd304a126a8b85901653ab3f47c0a93734439889244471a4f6c6f722dad5fdcd17c0cc0b9a1034d0495df16caecafddee020d5778dfaa1ab74f1af501

Download Submit
C:\Windows\system\SZCGSiN.exe

Filesize
6.0MB

MD5
9ca0d2bd12e04596d197e4d90af6007e

SHA1
b704a6d31810d17f011d05d032a6c2fafd9eed14

SHA256
c9e3cc07eaa92f5130d477eb5814a3d16e6c24cc311f5c9c8bddb9b98deab565

SHA512
cdbd9e781a8543c914fcabe1a89cd5db785b85b32a4cdf4bc039cb0b9bd7e435ef57f82fbf4d0c3df0b39b40199658e5f56b9b71ed762d1ebf7083f0e7347fd6

Download Submit
C:\Windows\system\TsrTVfK.exe

Filesize
6.0MB

MD5
2b0f13a928ba37ea90d9464135a629b1

SHA1
8219d48f13492474930313efcdf7c67c3b974e1b

SHA256
dd14bc88fa37122d97706016dc7aedc13075e03fe23779eb9a0cd1d0e0ec47e4

SHA512
7ffe1a1421075defa4d8bd8f003812cc2bab817592489efa593dcf53e7590b5dc7499cf2f6b6deac48cb4b0a25cf084d3f80333f87462f963d51bd3c89c7f542

Download Submit
C:\Windows\system\USCzJbv.exe

Filesize
6.0MB

MD5
51957896ddd07448c047a588103ceb9e

SHA1
99db0fb4a42ad718790a2f9eb14bc712e5f9f0c1

SHA256
a6659869eba2531a6d058be1673708e751fe167e484f565e8c48b8b5e609d6b3

SHA512
678ab60429cc8dcf74bb7c41ed86eb63c44533373e8869365ee9395979a2b2f2d4b87d1ae73da162f4eeac7db68eb27e72def634cb6b15d0f275a45c4abdba99

Download Submit
C:\Windows\system\WyFOfBq.exe

Filesize
6.0MB

MD5
8abec67afc8cb8037fec4fbbac118d1c

SHA1
8380f484c1edb47d27723914617ad9fec89422ab

SHA256
1d67baf25c4d88a84adeef2fbfeb0a1e8cfe9a8187d6d165f790a533cd1d3735

SHA512
2a79f3fe43b9fa4dd9577ceaaae1b93bf1547eb0f655d9f09bfef09f7f7276f1b28f11e0bf92cd733ce4b0ae188d9ac91e81814ab3f008f2227d0d130b7708c7

Download Submit
C:\Windows\system\aIWxgWe.exe

Filesize
6.0MB

MD5
b5cf234c07e88821de9122aa473cbb93

SHA1
629d5e33df86a61f5746d13f1c299b69cbcef7ba

SHA256
8aa61aa2a66b59ba4c0d4530143ed315e7909e233ce6324f972a1d9e156bf160

SHA512
6c102823f28f3aa44ebc709366923a86b2a59004fd77ce9eabe453df0378fdf9cada29f709c012bf89f1a9ddcb1d60f8db58ecc2b92dd2b39a424f8d42b06a47

Download Submit
C:\Windows\system\efodOjf.exe

Filesize
6.0MB

MD5
c1f623d49a2bd0a385450c811c3bb6a4

SHA1
3314e02b548562e3970381c701f0cafd5dadb922

SHA256
cf35be1d7962cce92a9c4835cc1a598b8137d2dd77abe518517fdfe1eadf54de

SHA512
a68e2b04a9739efd37b9228a25dadda4cf4660811be378354740b96a8a534a5e15fcfd71cabd21dbb0eaf5a9bb3b93f98f55dc1a84543c71996af83c250342d1

Download Submit
C:\Windows\system\hximhzK.exe

Filesize
6.0MB

MD5
7ebdd3acdd40c508ef6d5bc3aebf4d3b

SHA1
d9a81e5125de4cce34b937db1a0470d2070b08f6

SHA256
2f7b10c7dc3fe539642ce00b6b91da7e0aea2dd726e05062883f94a46219be08

SHA512
718c5b4b98678631abeed84b4c0023b5a28f87eb93108974ed2674eb96b9686eeef71a63c507306769df3855dad313e054a4dd498e423b1f1adbef65b52429e0

Download Submit
C:\Windows\system\iSMdAew.exe

Filesize
6.0MB

MD5
278dfe5526a5cc43e2a60fcf9c94d769

SHA1
c9cff4820537045f8458a73b6681207dddc3fd7c

SHA256
b2f377a3f93cdbbeae82ccca045e18d0f13ae6a60cba2cba070a5f2f60fbc830

SHA512
6d2ca51d5a81f1a5cd18d89ef825c4468f586ac68f1f4e1e2401b4b340e0a4399aa1e07433e0ce67cb806dd413a4cfe9a3ba41598527c14523fff09b2d4887e5

Download Submit
C:\Windows\system\nQvRfrV.exe

Filesize
6.0MB

MD5
66d732e2febb55d7abffb10bd53b2126

SHA1
6b070a68233b4e3ae91ebad6b08cadfec6a10a47

SHA256
a629f4e131fe596039f4102cf73a083472e4c2b6c9558f76fe0afed94a490f27

SHA512
f633f04e7e9721c4aef733463ac6318f8f0c24140723b9dca4ee34414faf7227792b543c698dc9664d633bff1302e547c7c90bcbbb5158613793fbf87e044663

Download Submit
C:\Windows\system\qyJrrtl.exe

Filesize
6.0MB

MD5
f31af9b490f1e6d205a8a21af299dbfe

SHA1
927695942a7348786f499671cbb472b1a7abbc39

SHA256
2ad73f7e7a129f3af4b59516e1fe5a115e17d4d756eb7c8f8395dd553a33e49c

SHA512
6a7c6f784a9bd83174130387f700b85079869c021d9dc57f704afb6a9fcf6e12f16a2bb4cfebef6241019ddde779ebda089e8e117527f67477208c0a3739967d

Download Submit
C:\Windows\system\spEgJbA.exe

Filesize
6.0MB

MD5
e96ecbf5f6efa04f79c8bd7fadd5178a

SHA1
efc1c2008506b829da93de2f34771f9d67270163

SHA256
7d60792b29715409a0537f722e46ad745022e5718f10445443f2d983b0b369c2

SHA512
cbf695b01725c1961372a3996c080a05923667837d60955d0d56b5a6d98a9f3c3801a6cf10aea0ccec3e08c86c5d1a83d314bc6589adaccb98bb916d423a33cf

Download Submit
C:\Windows\system\sxsauhT.exe

Filesize
6.0MB

MD5
5801ccc26e490d29eaa818b1081717a7

SHA1
06fb26b735b2cb1a4db37e358254688803989d4a

SHA256
6eeb68c84aa7ae0ec455177b58e75cc2bc7a3e67cf8a435b7b1931e9234f4303

SHA512
6d5af28d9472c891a7376598378a1a6c924c1b366a1bd4a8a9bc84c3ffc520ff2e37f4fe4b23b54fa1e2f947d4a997b01e40d888ef619c4070cc96e8ce943082

Download Submit
C:\Windows\system\uvhxqHR.exe

Filesize
6.0MB

MD5
b91ad4313948b6f0c12f025016506c8a

SHA1
03edf1a358785729dd69e813b8cbde5b545c1b8a

SHA256
b26ed28ec7924647208f17b620e174ab2f76a2f3197b033b45ed1050f0896e8a

SHA512
298bfe8d345564af980b74f225a7f88f78e7c64d021954a3139e953817363a36a0132e17c22afd3e10b8fac23ccdfb1e8bfa21de7e7253f15f55c8fdc421c56e

Download Submit
C:\Windows\system\vJPFnYB.exe

Filesize
6.0MB

MD5
ad4d889908e6c8ba874ad0fb40954113

SHA1
23b72d61be8c344a7bf6857854486d8dd096d627

SHA256
758dffe19b54651dd21f61729d7ee181f461c90dbb307fd0b5659f69c04e5079

SHA512
a51638ff810fa858e80e288a06226fe4496bdf623b375c9da6fddc1912e6871a10b398ba2f42ae719b61e10b7cee43bf3885afdf45df6c9c46be6080a48c37eb

Download Submit
C:\Windows\system\vWrNntN.exe

Filesize
6.0MB

MD5
58d427a792bd75a9399567dc29d441c6

SHA1
a601152e84a90ba11eb120210428ee7546b53a3c

SHA256
8c32e6e6d167a82be60e1c39c35df757dc9a60b314789d9abff0df334f08d1ee

SHA512
476b7baebafe2bac8789a49d4a93d3de3e098ab76852202fd3f3961a6e97dc9a9a5b929f57fbb04d4b6b0430105daf5c1f9dc194963eef175d3ac50ce065c0d1

Download Submit
C:\Windows\system\zTYmGMj.exe

Filesize
6.0MB

MD5
a459ce6c82547ef2565dcf18d1efe17e

SHA1
16e7fd91f9f5ca3680688d5da98a870f21b9a824

SHA256
6a03fc06be8ddbe19a4c5d2d30c2d3ff9f71dffc3c4e4fbfbac84e9bc71bc46d

SHA512
92010fa192dca496503c800f80a62c6f0a6d01adb7f134b490084ebed4b0e365391bad9d883caed518674a251df4a774636bd51bc47b1a581b5b819da1c69817

Download Submit
C:\Windows\system\zxCbtVk.exe

Filesize
6.0MB

MD5
d9c3ba2bdeef56e44d1c0883b1017b1c

SHA1
618e2ac31a0b5b4347448c8e3ceb17e543a34887

SHA256
840ab3b3a38b78de8223bfad66814ffe50c0842293d3d1181f64e6eecc7215db

SHA512
1f3feba75de3e324f8e218e1daaf34edfba95d7b96069fc0b0c28cb40341e94f04854ea0a8f6f4ec54a70c11c04c71bde9ec96296892b265deaa8868824d1e29

Download Submit
\Windows\system\aEkxPlh.exe

Filesize
6.0MB

MD5
40e124fbd5eb344b6823d944c32cc98d

SHA1
ba071f6f29d631d6e98dfbe1730046faec7e85e0

SHA256
dd1e5d8b213f1e5ee3410b662ddd63ef7bc2676d5cf11429b8f42006cb76360c

SHA512
9b53b020bcd88ada21d7dddaa26539ebda79ae39d59edce38a6aa71c9dad4d6651a855d51d6420e0368d64e8fff30b649f3e9804a68c50de5e59dae73c7ce0b6

Download Submit
\Windows\system\gFXTcII.exe

Filesize
6.0MB

MD5
19b8c3dec8cfb598d05d090c2b4a5427

SHA1
028b1100bd3060c0bf4f774b00e79d8bcc36e49d

SHA256
25673ac807a2c856ff17189f4d5c5c0e17cabca87a302c9cd00780a45a133309

SHA512
21935297347efb1fb3d758b4ec3eae24704c42e193013777514f5a8c817207de563b5befefc592f7e5b7af2cf4d4f0374cfa631e5acd9935fcdae0ea04c540de

Download Submit
\Windows\system\jHqNrcd.exe

Filesize
6.0MB

MD5
c9032b4862fca3ba4b5a9009c4f15109

SHA1
aaed38432e3f3f926c9c7d4973501c09735884a6

SHA256
944df2c0cabcdfcd9ec8aee429bacb314645933bc42f20e202dbe059e1b6ab53

SHA512
af5673e54ca2068b1eab6e48e15f75996deed8183744e885b843e72f6ee229f47e77b14a623917b8d0426c16bf0f18fac30155907318c666fdec5e0e9cfd2cf7

Download Submit
\Windows\system\uwyyRJe.exe

Filesize
6.0MB

MD5
f906b9555d7106092f5775334f593de4

SHA1
19d2767b3604c21ff1a6ed196cd2a651a0794cdc

SHA256
fd2d34b9817ec9f29716ead7cbaea2d53ef4d30a2777398c260f6a0cccd5ff3a

SHA512
fadb97ab9b18c998b0f884fe9c4adc01980506b68a0450a70a7abe514b6f2352ebad5de350d8f08a756b6a895aa6cfba56892ca63ae8a60a9bb245cde099e769

Download Submit
memory/940-107-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/940-1423-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/940-2735-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1120-2734-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1120-566-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1120-98-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1256-80-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1256-2723-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1256-41-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1888-19-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1888-2699-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1497-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1996-40-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1996-53-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-499-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1996-111-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-567-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-46-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-105-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-0-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-103-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-18-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-219-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1996-94-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1996-93-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-16-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-23-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1996-37-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1996-85-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-61-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-77-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1996-30-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-69-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-65-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-106-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-2730-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2709-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2296-27-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2296-64-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2440-72-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-34-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2720-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-57-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2508-4959-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2508-21-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2664-89-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2664-423-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2733-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2684-45-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2697-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2684-12-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2712-81-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2712-277-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2732-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2729-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-58-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-97-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2727-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-88-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-50-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2731-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-145-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-73-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download