cobaltstrike | daf6494352167cf7c3884ed01b8622fa461f676eb13b06a206861d39e480da9d

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

df40602ab9ea44aba863d4782327cf35
SHA1

b634ecd670808e95ea766958fd326bc44d8fb31b
SHA256

daf6494352167cf7c3884ed01b8622fa461f676eb13b06a206861d39e480da9d
SHA512

81d4f8c2593a113bef3018c3c23f91cd662373592aa27024775440d46a80f9a8eb564971f88e62536cfdae7f04db7035c5c6ffe408350beb2257ffd8504bfe4c
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUw:eOl56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e00000001418b-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d2f-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e05-24.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0e-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e16-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015ce8-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e5b-48.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018710-54.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015eff-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018718-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018780-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018766-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b62-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019230-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019223-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b68-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932d-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933b-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019374-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939b-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b5-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e8-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949e-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194cd-197.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c4-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f7-182.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2120-0-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000e00000001418b-3.dat	xmrig
behavioral1/files/0x0008000000015d2f-12.dat	xmrig
behavioral1/memory/2120-10-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/1168-23-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2468-22-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e05-24.dat	xmrig
behavioral1/memory/2152-17-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d0e-16.dat	xmrig
behavioral1/memory/2676-29-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2916-36-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2772-43-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e16-34.dat	xmrig
behavioral1/files/0x0009000000015ce8-40.dat	xmrig
behavioral1/memory/2712-49-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e5b-48.dat	xmrig
behavioral1/memory/2120-45-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x0005000000018710-54.dat	xmrig
behavioral1/files/0x0009000000015eff-51.dat	xmrig
behavioral1/memory/1088-65-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/1516-63-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2676-58-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x0005000000018718-66.dat	xmrig
behavioral1/memory/2120-69-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2608-71-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2916-67-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018780-82.dat	xmrig
behavioral1/memory/676-86-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2712-83-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/1300-79-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0005000000018766-78.dat	xmrig
behavioral1/memory/2120-76-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2772-75-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2120-88-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b62-96.dat	xmrig
behavioral1/memory/1516-91-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-128.dat	xmrig
behavioral1/files/0x000500000001930d-136.dat	xmrig
behavioral1/files/0x0005000000019246-135.dat	xmrig
behavioral1/files/0x0005000000019230-134.dat	xmrig
behavioral1/files/0x0006000000018bf3-133.dat	xmrig
behavioral1/files/0x000500000001926b-132.dat	xmrig
behavioral1/files/0x0005000000019223-120.dat	xmrig
behavioral1/memory/2016-105-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1300-137-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2608-102-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b68-101.dat	xmrig
behavioral1/memory/2120-99-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2120-98-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/676-138-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000500000001932d-145.dat	xmrig
behavioral1/files/0x000500000001933b-151.dat	xmrig
behavioral1/files/0x0005000000019374-155.dat	xmrig
behavioral1/files/0x000500000001939b-168.dat	xmrig
behavioral1/files/0x00050000000193b3-167.dat	xmrig
behavioral1/files/0x00050000000193b5-172.dat	xmrig
behavioral1/files/0x00050000000193e8-177.dat	xmrig
behavioral1/files/0x000500000001949e-187.dat	xmrig
behavioral1/memory/2864-303-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2016-392-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2120-391-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2120-216-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x00050000000194cd-197.dat	xmrig
behavioral1/files/0x00050000000194c4-192.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2152	fvmwiMj.exe
2468	BHQSTna.exe
1168	ThCyCSt.exe
2676	KPgulHw.exe
2916	QQHrxXN.exe
2772	MwTZrxZ.exe
2712	bDiagKK.exe
1088	ZeeIMnc.exe
1516	XmPOwfg.exe
2608	omRgzBG.exe
1300	ZvHeDDO.exe
676	pHDIRxn.exe
2864	wQqdBor.exe
2016	hAIxMqV.exe
2360	nNEhMZO.exe
2708	tYBfXre.exe
1084	ufQprNs.exe
1760	iIFlTnx.exe
2836	xegGHdX.exe
1056	HYsGETl.exe
264	yfhXlmL.exe
2972	NtuAybg.exe
2520	MDqivGW.exe
2928	jCzdcRy.exe
1012	neQkPzN.exe
1976	CfaLZfO.exe
1028	RBodYQM.exe
2092	ALvgzSa.exe
1048	NPJsuCx.exe
1804	nSbbjWA.exe
1632	dFuQopG.exe
2200	oUUpXfa.exe
1700	UIgqMrk.exe
1780	BBgVHPz.exe
2064	DCbByzx.exe
1644	cayBNrZ.exe
1652	cWbsiez.exe
292	pRfgVUv.exe
3036	GdjnvYN.exe
3020	BBVEgkA.exe
3032	LBhAteU.exe
1240	OcRgiRh.exe
1348	iLoyhMo.exe
2968	dLAMqrH.exe
2020	BnalBRu.exe
1904	rlBMugQ.exe
1432	XBLgqvq.exe
2616	YjrfzDV.exe
1568	gQDBKmg.exe
1684	YQGfOjo.exe
2124	pYvfIps.exe
876	PYgilkr.exe
2684	pHbkifQ.exe
2396	JGyQpnz.exe
2748	pfmswag.exe
2128	jXvaPSn.exe
2820	BJSIPDP.exe
2188	KtljWxK.exe
1504	TBbYxuM.exe
2704	aWqAKZM.exe
2728	DMaBQmG.exe
3000	GlHQAbX.exe
2484	tXZgXiB.exe
2588	YQuzOnz.exe

Loads dropped DLL 64 IoCs

pid	Process
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2120-0-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000e00000001418b-3.dat	upx
behavioral1/files/0x0008000000015d2f-12.dat	upx
behavioral1/memory/2120-10-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/1168-23-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2468-22-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0007000000015e05-24.dat	upx
behavioral1/memory/2152-17-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0008000000015d0e-16.dat	upx
behavioral1/memory/2676-29-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2916-36-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2772-43-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0007000000015e16-34.dat	upx
behavioral1/files/0x0009000000015ce8-40.dat	upx
behavioral1/memory/2712-49-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0007000000015e5b-48.dat	upx
behavioral1/memory/2120-45-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x0005000000018710-54.dat	upx
behavioral1/files/0x0009000000015eff-51.dat	upx
behavioral1/memory/1088-65-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/1516-63-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2676-58-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x0005000000018718-66.dat	upx
behavioral1/memory/2608-71-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2916-67-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0005000000018780-82.dat	upx
behavioral1/memory/676-86-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2712-83-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/1300-79-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0005000000018766-78.dat	upx
behavioral1/memory/2772-75-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0006000000018b62-96.dat	upx
behavioral1/memory/1516-91-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x0005000000019240-128.dat	upx
behavioral1/files/0x000500000001930d-136.dat	upx
behavioral1/files/0x0005000000019246-135.dat	upx
behavioral1/files/0x0005000000019230-134.dat	upx
behavioral1/files/0x0006000000018bf3-133.dat	upx
behavioral1/files/0x000500000001926b-132.dat	upx
behavioral1/files/0x0005000000019223-120.dat	upx
behavioral1/memory/2016-105-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/1300-137-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2608-102-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0006000000018b68-101.dat	upx
behavioral1/memory/676-138-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x000500000001932d-145.dat	upx
behavioral1/files/0x000500000001933b-151.dat	upx
behavioral1/files/0x0005000000019374-155.dat	upx
behavioral1/files/0x000500000001939b-168.dat	upx
behavioral1/files/0x00050000000193b3-167.dat	upx
behavioral1/files/0x00050000000193b5-172.dat	upx
behavioral1/files/0x00050000000193e8-177.dat	upx
behavioral1/files/0x000500000001949e-187.dat	upx
behavioral1/memory/2864-303-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2016-392-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x00050000000194cd-197.dat	upx
behavioral1/files/0x00050000000194c4-192.dat	upx
behavioral1/files/0x00050000000193f7-182.dat	upx
behavioral1/memory/1168-3046-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2152-3049-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2468-3048-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2772-3099-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2676-3100-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1088-3326-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MyFCEHL.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGIbJLP.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEelxgw.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXkoSxc.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJJHoak.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjMkRZx.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gymWSxb.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLVIewF.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfaIQdS.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLPWCUj.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgPzcTv.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXZVUpP.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezLsXMg.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLnUqDD.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFMyPbX.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTvuBYl.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iornGJy.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjSpzGj.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaqjbBO.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdVCZjp.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrijhLR.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faRgXHk.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRxXdLJ.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvYdPIm.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnutBPX.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMnTcTL.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIqxqCD.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwumMcU.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCNftsq.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipSlYqA.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueKlcWG.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDHFiYq.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHCTaUU.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XefYSDS.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plcNTHx.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWPMoai.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lByrLqu.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHWjzEa.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHoXkdX.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNGbfoS.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tixJGDa.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OeeStnf.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdjnvYN.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meWGBMt.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCFmlQL.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjLFqjt.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuTFhsT.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiYDdzg.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpsORYI.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfZReKe.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPpOCPW.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMdKWdD.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTDAzWD.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtITMyc.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHlRKCm.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxyMwYN.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGaGmrm.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xegGHdX.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMfJQNo.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APtNnsF.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bABazdX.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAyHrvd.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWJcEYi.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDWQQFo.exe	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2152	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2152	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2152	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2468	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2468	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2468	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 1168	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 1168	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 1168	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 2676	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2676	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2676	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2916	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2916	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2916	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2772	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2772	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2772	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2712	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2712	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2712	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 1088	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 1088	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 1088	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 1516	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 1516	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 1516	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2608	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2608	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2608	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 1300	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 1300	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 1300	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 676	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 676	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 676	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 2864	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 2864	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 2864	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 2016	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 2016	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 2016	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 1760	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 1760	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 1760	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 2360	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2360	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2360	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2836	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 2836	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 2836	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 2708	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 2708	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 2708	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 1056	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 1056	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 1056	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 1084	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 1084	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 1084	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 264	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 264	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 264	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 2972	2120	2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_df40602ab9ea44aba863d4782327cf35_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\System\fvmwiMj.exe
  C:\Windows\System\fvmwiMj.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\BHQSTna.exe
  C:\Windows\System\BHQSTna.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ThCyCSt.exe
  C:\Windows\System\ThCyCSt.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\KPgulHw.exe
  C:\Windows\System\KPgulHw.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\QQHrxXN.exe
  C:\Windows\System\QQHrxXN.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\MwTZrxZ.exe
  C:\Windows\System\MwTZrxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\bDiagKK.exe
  C:\Windows\System\bDiagKK.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ZeeIMnc.exe
  C:\Windows\System\ZeeIMnc.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\XmPOwfg.exe
  C:\Windows\System\XmPOwfg.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\omRgzBG.exe
  C:\Windows\System\omRgzBG.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ZvHeDDO.exe
  C:\Windows\System\ZvHeDDO.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\pHDIRxn.exe
  C:\Windows\System\pHDIRxn.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\wQqdBor.exe
  C:\Windows\System\wQqdBor.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\hAIxMqV.exe
  C:\Windows\System\hAIxMqV.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\iIFlTnx.exe
  C:\Windows\System\iIFlTnx.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\nNEhMZO.exe
  C:\Windows\System\nNEhMZO.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\xegGHdX.exe
  C:\Windows\System\xegGHdX.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\tYBfXre.exe
  C:\Windows\System\tYBfXre.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\HYsGETl.exe
  C:\Windows\System\HYsGETl.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ufQprNs.exe
  C:\Windows\System\ufQprNs.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\yfhXlmL.exe
  C:\Windows\System\yfhXlmL.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\NtuAybg.exe
  C:\Windows\System\NtuAybg.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\MDqivGW.exe
  C:\Windows\System\MDqivGW.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\jCzdcRy.exe
  C:\Windows\System\jCzdcRy.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\CfaLZfO.exe
  C:\Windows\System\CfaLZfO.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\neQkPzN.exe
  C:\Windows\System\neQkPzN.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\RBodYQM.exe
  C:\Windows\System\RBodYQM.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\ALvgzSa.exe
  C:\Windows\System\ALvgzSa.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\NPJsuCx.exe
  C:\Windows\System\NPJsuCx.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\nSbbjWA.exe
  C:\Windows\System\nSbbjWA.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\dFuQopG.exe
  C:\Windows\System\dFuQopG.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\oUUpXfa.exe
  C:\Windows\System\oUUpXfa.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\UIgqMrk.exe
  C:\Windows\System\UIgqMrk.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\BBgVHPz.exe
  C:\Windows\System\BBgVHPz.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\DCbByzx.exe
  C:\Windows\System\DCbByzx.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\cayBNrZ.exe
  C:\Windows\System\cayBNrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\cWbsiez.exe
  C:\Windows\System\cWbsiez.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\pRfgVUv.exe
  C:\Windows\System\pRfgVUv.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\GdjnvYN.exe
  C:\Windows\System\GdjnvYN.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\BBVEgkA.exe
  C:\Windows\System\BBVEgkA.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\LBhAteU.exe
  C:\Windows\System\LBhAteU.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\OcRgiRh.exe
  C:\Windows\System\OcRgiRh.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\iLoyhMo.exe
  C:\Windows\System\iLoyhMo.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\dLAMqrH.exe
  C:\Windows\System\dLAMqrH.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\BnalBRu.exe
  C:\Windows\System\BnalBRu.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\rlBMugQ.exe
  C:\Windows\System\rlBMugQ.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\XBLgqvq.exe
  C:\Windows\System\XBLgqvq.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\YjrfzDV.exe
  C:\Windows\System\YjrfzDV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\gQDBKmg.exe
  C:\Windows\System\gQDBKmg.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\YQGfOjo.exe
  C:\Windows\System\YQGfOjo.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\pYvfIps.exe
  C:\Windows\System\pYvfIps.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\PYgilkr.exe
  C:\Windows\System\PYgilkr.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\pHbkifQ.exe
  C:\Windows\System\pHbkifQ.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\JGyQpnz.exe
  C:\Windows\System\JGyQpnz.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\pfmswag.exe
  C:\Windows\System\pfmswag.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\jXvaPSn.exe
  C:\Windows\System\jXvaPSn.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\BJSIPDP.exe
  C:\Windows\System\BJSIPDP.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\KtljWxK.exe
  C:\Windows\System\KtljWxK.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\TBbYxuM.exe
  C:\Windows\System\TBbYxuM.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\aWqAKZM.exe
  C:\Windows\System\aWqAKZM.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\DMaBQmG.exe
  C:\Windows\System\DMaBQmG.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\GlHQAbX.exe
  C:\Windows\System\GlHQAbX.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\tXZgXiB.exe
  C:\Windows\System\tXZgXiB.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\YQuzOnz.exe
  C:\Windows\System\YQuzOnz.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\OYVPtLz.exe
  C:\Windows\System\OYVPtLz.exe
  2⤵
  PID:3048
- C:\Windows\System\KwGXqzw.exe
  C:\Windows\System\KwGXqzw.exe
  2⤵
  PID:3016
- C:\Windows\System\RQTeYUF.exe
  C:\Windows\System\RQTeYUF.exe
  2⤵
  PID:1112
- C:\Windows\System\kkCrokk.exe
  C:\Windows\System\kkCrokk.exe
  2⤵
  PID:1892
- C:\Windows\System\JVKpNYX.exe
  C:\Windows\System\JVKpNYX.exe
  2⤵
  PID:1940
- C:\Windows\System\kYFCJQU.exe
  C:\Windows\System\kYFCJQU.exe
  2⤵
  PID:2376
- C:\Windows\System\amhOSin.exe
  C:\Windows\System\amhOSin.exe
  2⤵
  PID:1448
- C:\Windows\System\IPNkxDV.exe
  C:\Windows\System\IPNkxDV.exe
  2⤵
  PID:468
- C:\Windows\System\ajXjxrd.exe
  C:\Windows\System\ajXjxrd.exe
  2⤵
  PID:2860
- C:\Windows\System\HIYqCDR.exe
  C:\Windows\System\HIYqCDR.exe
  2⤵
  PID:1076
- C:\Windows\System\bnjPUPp.exe
  C:\Windows\System\bnjPUPp.exe
  2⤵
  PID:2988
- C:\Windows\System\NkjmESG.exe
  C:\Windows\System\NkjmESG.exe
  2⤵
  PID:1440
- C:\Windows\System\scpnHdO.exe
  C:\Windows\System\scpnHdO.exe
  2⤵
  PID:1512
- C:\Windows\System\UueTrAQ.exe
  C:\Windows\System\UueTrAQ.exe
  2⤵
  PID:1628
- C:\Windows\System\HAiBNKV.exe
  C:\Windows\System\HAiBNKV.exe
  2⤵
  PID:1668
- C:\Windows\System\cgjEFlA.exe
  C:\Windows\System\cgjEFlA.exe
  2⤵
  PID:2888
- C:\Windows\System\fnfBJbf.exe
  C:\Windows\System\fnfBJbf.exe
  2⤵
  PID:2184
- C:\Windows\System\MbUXZkw.exe
  C:\Windows\System\MbUXZkw.exe
  2⤵
  PID:2160
- C:\Windows\System\enEDMIA.exe
  C:\Windows\System\enEDMIA.exe
  2⤵
  PID:2516
- C:\Windows\System\NqUsICP.exe
  C:\Windows\System\NqUsICP.exe
  2⤵
  PID:2420
- C:\Windows\System\qZybrCl.exe
  C:\Windows\System\qZybrCl.exe
  2⤵
  PID:1896
- C:\Windows\System\AxMlzrv.exe
  C:\Windows\System\AxMlzrv.exe
  2⤵
  PID:956
- C:\Windows\System\nTpvURI.exe
  C:\Windows\System\nTpvURI.exe
  2⤵
  PID:2132
- C:\Windows\System\BKuYhKQ.exe
  C:\Windows\System\BKuYhKQ.exe
  2⤵
  PID:1124
- C:\Windows\System\xhTAivY.exe
  C:\Windows\System\xhTAivY.exe
  2⤵
  PID:2036
- C:\Windows\System\ugparji.exe
  C:\Windows\System\ugparji.exe
  2⤵
  PID:2252
- C:\Windows\System\XQiixmd.exe
  C:\Windows\System\XQiixmd.exe
  2⤵
  PID:2220
- C:\Windows\System\Podvjyq.exe
  C:\Windows\System\Podvjyq.exe
  2⤵
  PID:1932
- C:\Windows\System\ZtBVPQh.exe
  C:\Windows\System\ZtBVPQh.exe
  2⤵
  PID:1992
- C:\Windows\System\qdxDmoI.exe
  C:\Windows\System\qdxDmoI.exe
  2⤵
  PID:1444
- C:\Windows\System\qZzUhyW.exe
  C:\Windows\System\qZzUhyW.exe
  2⤵
  PID:2276
- C:\Windows\System\AduuHHM.exe
  C:\Windows\System\AduuHHM.exe
  2⤵
  PID:2908
- C:\Windows\System\tcFbolK.exe
  C:\Windows\System\tcFbolK.exe
  2⤵
  PID:2960
- C:\Windows\System\mJRqbvA.exe
  C:\Windows\System\mJRqbvA.exe
  2⤵
  PID:2324
- C:\Windows\System\pQDBxhh.exe
  C:\Windows\System\pQDBxhh.exe
  2⤵
  PID:1172
- C:\Windows\System\mNOEtys.exe
  C:\Windows\System\mNOEtys.exe
  2⤵
  PID:2984
- C:\Windows\System\YvasaQO.exe
  C:\Windows\System\YvasaQO.exe
  2⤵
  PID:2672
- C:\Windows\System\krzfXNQ.exe
  C:\Windows\System\krzfXNQ.exe
  2⤵
  PID:2912
- C:\Windows\System\HodkLEL.exe
  C:\Windows\System\HodkLEL.exe
  2⤵
  PID:2824
- C:\Windows\System\UpWovsx.exe
  C:\Windows\System\UpWovsx.exe
  2⤵
  PID:2056
- C:\Windows\System\TKhJgwe.exe
  C:\Windows\System\TKhJgwe.exe
  2⤵
  PID:2204
- C:\Windows\System\rjFoROS.exe
  C:\Windows\System\rjFoROS.exe
  2⤵
  PID:2992
- C:\Windows\System\RocRUaZ.exe
  C:\Windows\System\RocRUaZ.exe
  2⤵
  PID:2568
- C:\Windows\System\irYXcJj.exe
  C:\Windows\System\irYXcJj.exe
  2⤵
  PID:568
- C:\Windows\System\eaoSPCZ.exe
  C:\Windows\System\eaoSPCZ.exe
  2⤵
  PID:1496
- C:\Windows\System\gUyafDA.exe
  C:\Windows\System\gUyafDA.exe
  2⤵
  PID:1852
- C:\Windows\System\PMqjtwl.exe
  C:\Windows\System\PMqjtwl.exe
  2⤵
  PID:2604
- C:\Windows\System\TcbnjBZ.exe
  C:\Windows\System\TcbnjBZ.exe
  2⤵
  PID:576
- C:\Windows\System\BXcuIvL.exe
  C:\Windows\System\BXcuIvL.exe
  2⤵
  PID:2872
- C:\Windows\System\xGHPREu.exe
  C:\Windows\System\xGHPREu.exe
  2⤵
  PID:992
- C:\Windows\System\cKSjduK.exe
  C:\Windows\System\cKSjduK.exe
  2⤵
  PID:2868
- C:\Windows\System\JZGbnEs.exe
  C:\Windows\System\JZGbnEs.exe
  2⤵
  PID:2304
- C:\Windows\System\jCKxseT.exe
  C:\Windows\System\jCKxseT.exe
  2⤵
  PID:2428
- C:\Windows\System\rMugmTB.exe
  C:\Windows\System\rMugmTB.exe
  2⤵
  PID:2264
- C:\Windows\System\JzBSoqn.exe
  C:\Windows\System\JzBSoqn.exe
  2⤵
  PID:348
- C:\Windows\System\uOMwZTV.exe
  C:\Windows\System\uOMwZTV.exe
  2⤵
  PID:980
- C:\Windows\System\tTqfPgu.exe
  C:\Windows\System\tTqfPgu.exe
  2⤵
  PID:2348
- C:\Windows\System\AnfjaYg.exe
  C:\Windows\System\AnfjaYg.exe
  2⤵
  PID:388
- C:\Windows\System\HJRWFiv.exe
  C:\Windows\System\HJRWFiv.exe
  2⤵
  PID:700
- C:\Windows\System\LDnjYSJ.exe
  C:\Windows\System\LDnjYSJ.exe
  2⤵
  PID:3028
- C:\Windows\System\ftJBDcK.exe
  C:\Windows\System\ftJBDcK.exe
  2⤵
  PID:1860
- C:\Windows\System\OMSQmqk.exe
  C:\Windows\System\OMSQmqk.exe
  2⤵
  PID:856
- C:\Windows\System\QuIrNaD.exe
  C:\Windows\System\QuIrNaD.exe
  2⤵
  PID:1412
- C:\Windows\System\VaJhlpb.exe
  C:\Windows\System\VaJhlpb.exe
  2⤵
  PID:2560
- C:\Windows\System\TqYfVRw.exe
  C:\Windows\System\TqYfVRw.exe
  2⤵
  PID:2448
- C:\Windows\System\UPmHXfl.exe
  C:\Windows\System\UPmHXfl.exe
  2⤵
  PID:2564
- C:\Windows\System\ICKZJyp.exe
  C:\Windows\System\ICKZJyp.exe
  2⤵
  PID:2648
- C:\Windows\System\NZYJFui.exe
  C:\Windows\System\NZYJFui.exe
  2⤵
  PID:2996
- C:\Windows\System\zPBjYUA.exe
  C:\Windows\System\zPBjYUA.exe
  2⤵
  PID:2548
- C:\Windows\System\rQjcLQY.exe
  C:\Windows\System\rQjcLQY.exe
  2⤵
  PID:1372
- C:\Windows\System\sQMMgLt.exe
  C:\Windows\System\sQMMgLt.exe
  2⤵
  PID:1800
- C:\Windows\System\xuNrlQu.exe
  C:\Windows\System\xuNrlQu.exe
  2⤵
  PID:1808
- C:\Windows\System\bouYDGH.exe
  C:\Windows\System\bouYDGH.exe
  2⤵
  PID:2884
- C:\Windows\System\LJVAItD.exe
  C:\Windows\System\LJVAItD.exe
  2⤵
  PID:1288
- C:\Windows\System\RVorynA.exe
  C:\Windows\System\RVorynA.exe
  2⤵
  PID:2040
- C:\Windows\System\fcTBQRi.exe
  C:\Windows\System\fcTBQRi.exe
  2⤵
  PID:2944
- C:\Windows\System\pubfOiV.exe
  C:\Windows\System\pubfOiV.exe
  2⤵
  PID:2596
- C:\Windows\System\uZzyixY.exe
  C:\Windows\System\uZzyixY.exe
  2⤵
  PID:2980
- C:\Windows\System\jdnSYWu.exe
  C:\Windows\System\jdnSYWu.exe
  2⤵
  PID:2400
- C:\Windows\System\qKMilZa.exe
  C:\Windows\System\qKMilZa.exe
  2⤵
  PID:2268
- C:\Windows\System\WoyVvXk.exe
  C:\Windows\System\WoyVvXk.exe
  2⤵
  PID:2196
- C:\Windows\System\ZFoeCFO.exe
  C:\Windows\System\ZFoeCFO.exe
  2⤵
  PID:2640
- C:\Windows\System\Odtjmij.exe
  C:\Windows\System\Odtjmij.exe
  2⤵
  PID:2812
- C:\Windows\System\GJYohJX.exe
  C:\Windows\System\GJYohJX.exe
  2⤵
  PID:2300
- C:\Windows\System\KJJSBGa.exe
  C:\Windows\System\KJJSBGa.exe
  2⤵
  PID:2512
- C:\Windows\System\Vptstek.exe
  C:\Windows\System\Vptstek.exe
  2⤵
  PID:1676
- C:\Windows\System\FSdqLin.exe
  C:\Windows\System\FSdqLin.exe
  2⤵
  PID:2576
- C:\Windows\System\EfuSgYm.exe
  C:\Windows\System\EfuSgYm.exe
  2⤵
  PID:1624
- C:\Windows\System\lbUDQmP.exe
  C:\Windows\System\lbUDQmP.exe
  2⤵
  PID:1536
- C:\Windows\System\mDTvObu.exe
  C:\Windows\System\mDTvObu.exe
  2⤵
  PID:2368
- C:\Windows\System\qphetMZ.exe
  C:\Windows\System\qphetMZ.exe
  2⤵
  PID:2192
- C:\Windows\System\tOGMDNE.exe
  C:\Windows\System\tOGMDNE.exe
  2⤵
  PID:1308
- C:\Windows\System\ZRqZDqZ.exe
  C:\Windows\System\ZRqZDqZ.exe
  2⤵
  PID:1672
- C:\Windows\System\HdsfyQe.exe
  C:\Windows\System\HdsfyQe.exe
  2⤵
  PID:1484
- C:\Windows\System\UqcqPBE.exe
  C:\Windows\System\UqcqPBE.exe
  2⤵
  PID:3008
- C:\Windows\System\AwqyGLF.exe
  C:\Windows\System\AwqyGLF.exe
  2⤵
  PID:1656
- C:\Windows\System\ejeNYWK.exe
  C:\Windows\System\ejeNYWK.exe
  2⤵
  PID:1460
- C:\Windows\System\QXTZBDt.exe
  C:\Windows\System\QXTZBDt.exe
  2⤵
  PID:2724
- C:\Windows\System\gwVQfgN.exe
  C:\Windows\System\gwVQfgN.exe
  2⤵
  PID:1492
- C:\Windows\System\uMaMWww.exe
  C:\Windows\System\uMaMWww.exe
  2⤵
  PID:2600
- C:\Windows\System\gLXWMbx.exe
  C:\Windows\System\gLXWMbx.exe
  2⤵
  PID:1256
- C:\Windows\System\OViMCdL.exe
  C:\Windows\System\OViMCdL.exe
  2⤵
  PID:1888
- C:\Windows\System\SfUejnt.exe
  C:\Windows\System\SfUejnt.exe
  2⤵
  PID:2112
- C:\Windows\System\lzNrwRK.exe
  C:\Windows\System\lzNrwRK.exe
  2⤵
  PID:1312
- C:\Windows\System\aTwUtvZ.exe
  C:\Windows\System\aTwUtvZ.exe
  2⤵
  PID:1980
- C:\Windows\System\lYGWCOi.exe
  C:\Windows\System\lYGWCOi.exe
  2⤵
  PID:1840
- C:\Windows\System\uGLOOUV.exe
  C:\Windows\System\uGLOOUV.exe
  2⤵
  PID:744
- C:\Windows\System\CLMmyxE.exe
  C:\Windows\System\CLMmyxE.exe
  2⤵
  PID:2032
- C:\Windows\System\HXwjIbU.exe
  C:\Windows\System\HXwjIbU.exe
  2⤵
  PID:1864
- C:\Windows\System\ffoiFpx.exe
  C:\Windows\System\ffoiFpx.exe
  2⤵
  PID:2424
- C:\Windows\System\nClzEQc.exe
  C:\Windows\System\nClzEQc.exe
  2⤵
  PID:3088
- C:\Windows\System\UWUHOHs.exe
  C:\Windows\System\UWUHOHs.exe
  2⤵
  PID:3108
- C:\Windows\System\ICwljrL.exe
  C:\Windows\System\ICwljrL.exe
  2⤵
  PID:3132
- C:\Windows\System\qfWlPpM.exe
  C:\Windows\System\qfWlPpM.exe
  2⤵
  PID:3160
- C:\Windows\System\wrijhLR.exe
  C:\Windows\System\wrijhLR.exe
  2⤵
  PID:3180
- C:\Windows\System\aazmYOP.exe
  C:\Windows\System\aazmYOP.exe
  2⤵
  PID:3196
- C:\Windows\System\ljCOhkO.exe
  C:\Windows\System\ljCOhkO.exe
  2⤵
  PID:3212
- C:\Windows\System\LGGhMdY.exe
  C:\Windows\System\LGGhMdY.exe
  2⤵
  PID:3232
- C:\Windows\System\QaMOdYb.exe
  C:\Windows\System\QaMOdYb.exe
  2⤵
  PID:3252
- C:\Windows\System\xzsqWgC.exe
  C:\Windows\System\xzsqWgC.exe
  2⤵
  PID:3276
- C:\Windows\System\ftDmXIj.exe
  C:\Windows\System\ftDmXIj.exe
  2⤵
  PID:3292
- C:\Windows\System\OABNLWC.exe
  C:\Windows\System\OABNLWC.exe
  2⤵
  PID:3308
- C:\Windows\System\cENgQmZ.exe
  C:\Windows\System\cENgQmZ.exe
  2⤵
  PID:3332
- C:\Windows\System\mhYwiev.exe
  C:\Windows\System\mhYwiev.exe
  2⤵
  PID:3352
- C:\Windows\System\LlZoTjW.exe
  C:\Windows\System\LlZoTjW.exe
  2⤵
  PID:3368
- C:\Windows\System\VAsJQXy.exe
  C:\Windows\System\VAsJQXy.exe
  2⤵
  PID:3384
- C:\Windows\System\mcXDvYI.exe
  C:\Windows\System\mcXDvYI.exe
  2⤵
  PID:3400
- C:\Windows\System\ESGrvTG.exe
  C:\Windows\System\ESGrvTG.exe
  2⤵
  PID:3416
- C:\Windows\System\TTbzxFH.exe
  C:\Windows\System\TTbzxFH.exe
  2⤵
  PID:3432
- C:\Windows\System\eRgGaPK.exe
  C:\Windows\System\eRgGaPK.exe
  2⤵
  PID:3456
- C:\Windows\System\HVzQYRM.exe
  C:\Windows\System\HVzQYRM.exe
  2⤵
  PID:3476
- C:\Windows\System\IaWXCPR.exe
  C:\Windows\System\IaWXCPR.exe
  2⤵
  PID:3492
- C:\Windows\System\iLTXFxF.exe
  C:\Windows\System\iLTXFxF.exe
  2⤵
  PID:3508
- C:\Windows\System\gUsUaPe.exe
  C:\Windows\System\gUsUaPe.exe
  2⤵
  PID:3532
- C:\Windows\System\pHWOnDh.exe
  C:\Windows\System\pHWOnDh.exe
  2⤵
  PID:3564
- C:\Windows\System\ljKqbgX.exe
  C:\Windows\System\ljKqbgX.exe
  2⤵
  PID:3592
- C:\Windows\System\TVezmfH.exe
  C:\Windows\System\TVezmfH.exe
  2⤵
  PID:3624
- C:\Windows\System\rTLgYUJ.exe
  C:\Windows\System\rTLgYUJ.exe
  2⤵
  PID:3640
- C:\Windows\System\gEASgze.exe
  C:\Windows\System\gEASgze.exe
  2⤵
  PID:3656
- C:\Windows\System\slXGFes.exe
  C:\Windows\System\slXGFes.exe
  2⤵
  PID:3704
- C:\Windows\System\niKIhYn.exe
  C:\Windows\System\niKIhYn.exe
  2⤵
  PID:3728
- C:\Windows\System\yQcfPDu.exe
  C:\Windows\System\yQcfPDu.exe
  2⤵
  PID:3744
- C:\Windows\System\WFcNztt.exe
  C:\Windows\System\WFcNztt.exe
  2⤵
  PID:3760
- C:\Windows\System\kaaTQlL.exe
  C:\Windows\System\kaaTQlL.exe
  2⤵
  PID:3776
- C:\Windows\System\FpMiPqc.exe
  C:\Windows\System\FpMiPqc.exe
  2⤵
  PID:3792
- C:\Windows\System\mdyERDE.exe
  C:\Windows\System\mdyERDE.exe
  2⤵
  PID:3808
- C:\Windows\System\mBoekrp.exe
  C:\Windows\System\mBoekrp.exe
  2⤵
  PID:3824
- C:\Windows\System\CQvdPbU.exe
  C:\Windows\System\CQvdPbU.exe
  2⤵
  PID:3840
- C:\Windows\System\XTuUdHv.exe
  C:\Windows\System\XTuUdHv.exe
  2⤵
  PID:3856
- C:\Windows\System\tBnLXnW.exe
  C:\Windows\System\tBnLXnW.exe
  2⤵
  PID:3872
- C:\Windows\System\tikaeNw.exe
  C:\Windows\System\tikaeNw.exe
  2⤵
  PID:3900
- C:\Windows\System\kPwXWNT.exe
  C:\Windows\System\kPwXWNT.exe
  2⤵
  PID:3920
- C:\Windows\System\ZxwnXGE.exe
  C:\Windows\System\ZxwnXGE.exe
  2⤵
  PID:3936
- C:\Windows\System\DZnMTcW.exe
  C:\Windows\System\DZnMTcW.exe
  2⤵
  PID:3956
- C:\Windows\System\JItgXyJ.exe
  C:\Windows\System\JItgXyJ.exe
  2⤵
  PID:3992
- C:\Windows\System\ODblsyX.exe
  C:\Windows\System\ODblsyX.exe
  2⤵
  PID:4012
- C:\Windows\System\qIqfFZd.exe
  C:\Windows\System\qIqfFZd.exe
  2⤵
  PID:4028
- C:\Windows\System\jJGdjad.exe
  C:\Windows\System\jJGdjad.exe
  2⤵
  PID:4044
- C:\Windows\System\VCAMtSb.exe
  C:\Windows\System\VCAMtSb.exe
  2⤵
  PID:4080
- C:\Windows\System\hhMsHPe.exe
  C:\Windows\System\hhMsHPe.exe
  2⤵
  PID:1784
- C:\Windows\System\RiXBAls.exe
  C:\Windows\System\RiXBAls.exe
  2⤵
  PID:2540
- C:\Windows\System\mgIMqki.exe
  C:\Windows\System\mgIMqki.exe
  2⤵
  PID:3116
- C:\Windows\System\LTcuIic.exe
  C:\Windows\System\LTcuIic.exe
  2⤵
  PID:3128
- C:\Windows\System\lvxCXQi.exe
  C:\Windows\System\lvxCXQi.exe
  2⤵
  PID:3176
- C:\Windows\System\dkhAoyE.exe
  C:\Windows\System\dkhAoyE.exe
  2⤵
  PID:3244
- C:\Windows\System\zvNudWc.exe
  C:\Windows\System\zvNudWc.exe
  2⤵
  PID:3324
- C:\Windows\System\UuddNTa.exe
  C:\Windows\System\UuddNTa.exe
  2⤵
  PID:3364
- C:\Windows\System\WrtdXBS.exe
  C:\Windows\System\WrtdXBS.exe
  2⤵
  PID:3428
- C:\Windows\System\PAfrOBh.exe
  C:\Windows\System\PAfrOBh.exe
  2⤵
  PID:3188
- C:\Windows\System\sYFAGDG.exe
  C:\Windows\System\sYFAGDG.exe
  2⤵
  PID:2892
- C:\Windows\System\DHHLvOh.exe
  C:\Windows\System\DHHLvOh.exe
  2⤵
  PID:1232
- C:\Windows\System\AwAzxQO.exe
  C:\Windows\System\AwAzxQO.exe
  2⤵
  PID:3548
- C:\Windows\System\VamqMgO.exe
  C:\Windows\System\VamqMgO.exe
  2⤵
  PID:3560
- C:\Windows\System\ANAfkIz.exe
  C:\Windows\System\ANAfkIz.exe
  2⤵
  PID:3104
- C:\Windows\System\NNowjBC.exe
  C:\Windows\System\NNowjBC.exe
  2⤵
  PID:3608
- C:\Windows\System\EvjpsNf.exe
  C:\Windows\System\EvjpsNf.exe
  2⤵
  PID:3264
- C:\Windows\System\ledkHYF.exe
  C:\Windows\System\ledkHYF.exe
  2⤵
  PID:3380
- C:\Windows\System\DGbbguW.exe
  C:\Windows\System\DGbbguW.exe
  2⤵
  PID:3440
- C:\Windows\System\IqMRThn.exe
  C:\Windows\System\IqMRThn.exe
  2⤵
  PID:3484
- C:\Windows\System\KfUNvTn.exe
  C:\Windows\System\KfUNvTn.exe
  2⤵
  PID:3572
- C:\Windows\System\QmbagnM.exe
  C:\Windows\System\QmbagnM.exe
  2⤵
  PID:1564
- C:\Windows\System\ugBjatV.exe
  C:\Windows\System\ugBjatV.exe
  2⤵
  PID:3784
- C:\Windows\System\RSnGqch.exe
  C:\Windows\System\RSnGqch.exe
  2⤵
  PID:3848
- C:\Windows\System\OxBrRWA.exe
  C:\Windows\System\OxBrRWA.exe
  2⤵
  PID:3888
- C:\Windows\System\gTXCkJt.exe
  C:\Windows\System\gTXCkJt.exe
  2⤵
  PID:3964
- C:\Windows\System\lTCbTJs.exe
  C:\Windows\System\lTCbTJs.exe
  2⤵
  PID:3836
- C:\Windows\System\pwewpzD.exe
  C:\Windows\System\pwewpzD.exe
  2⤵
  PID:3908
- C:\Windows\System\EWdbdMT.exe
  C:\Windows\System\EWdbdMT.exe
  2⤵
  PID:3948
- C:\Windows\System\AGTOrtt.exe
  C:\Windows\System\AGTOrtt.exe
  2⤵
  PID:3800
- C:\Windows\System\iMRTTaW.exe
  C:\Windows\System\iMRTTaW.exe
  2⤵
  PID:4036
- C:\Windows\System\DvFZWhZ.exe
  C:\Windows\System\DvFZWhZ.exe
  2⤵
  PID:3980
- C:\Windows\System\vBwvAtJ.exe
  C:\Windows\System\vBwvAtJ.exe
  2⤵
  PID:4024
- C:\Windows\System\JUdhSLY.exe
  C:\Windows\System\JUdhSLY.exe
  2⤵
  PID:4060
- C:\Windows\System\QgjIVUu.exe
  C:\Windows\System\QgjIVUu.exe
  2⤵
  PID:3316
- C:\Windows\System\aCxBSPb.exe
  C:\Windows\System\aCxBSPb.exe
  2⤵
  PID:2508
- C:\Windows\System\iAjnXSi.exe
  C:\Windows\System\iAjnXSi.exe
  2⤵
  PID:3220
- C:\Windows\System\ROqTxpZ.exe
  C:\Windows\System\ROqTxpZ.exe
  2⤵
  PID:3360
- C:\Windows\System\gQVMqTu.exe
  C:\Windows\System\gQVMqTu.exe
  2⤵
  PID:3504
- C:\Windows\System\YWfGXsW.exe
  C:\Windows\System\YWfGXsW.exe
  2⤵
  PID:3100
- C:\Windows\System\DHavYgj.exe
  C:\Windows\System\DHavYgj.exe
  2⤵
  PID:3268
- C:\Windows\System\ByNrliU.exe
  C:\Windows\System\ByNrliU.exe
  2⤵
  PID:3552
- C:\Windows\System\sTDAzWD.exe
  C:\Windows\System\sTDAzWD.exe
  2⤵
  PID:3152
- C:\Windows\System\ECIswkH.exe
  C:\Windows\System\ECIswkH.exe
  2⤵
  PID:3304
- C:\Windows\System\YhPnKCL.exe
  C:\Windows\System\YhPnKCL.exe
  2⤵
  PID:3376
- C:\Windows\System\pIaHuZB.exe
  C:\Windows\System\pIaHuZB.exe
  2⤵
  PID:2028
- C:\Windows\System\xrpkYkN.exe
  C:\Windows\System\xrpkYkN.exe
  2⤵
  PID:3712
- C:\Windows\System\PeQMvJx.exe
  C:\Windows\System\PeQMvJx.exe
  2⤵
  PID:3816
- C:\Windows\System\wTtbZuQ.exe
  C:\Windows\System\wTtbZuQ.exe
  2⤵
  PID:3932
- C:\Windows\System\SDSQzqN.exe
  C:\Windows\System\SDSQzqN.exe
  2⤵
  PID:3884
- C:\Windows\System\APtNnsF.exe
  C:\Windows\System\APtNnsF.exe
  2⤵
  PID:3916
- C:\Windows\System\LXdMHZD.exe
  C:\Windows\System\LXdMHZD.exe
  2⤵
  PID:3668
- C:\Windows\System\BMSDmKg.exe
  C:\Windows\System\BMSDmKg.exe
  2⤵
  PID:3284
- C:\Windows\System\JDtmfob.exe
  C:\Windows\System\JDtmfob.exe
  2⤵
  PID:3084
- C:\Windows\System\DFbQhnq.exe
  C:\Windows\System\DFbQhnq.exe
  2⤵
  PID:4052
- C:\Windows\System\YOqeiaD.exe
  C:\Windows\System\YOqeiaD.exe
  2⤵
  PID:3024
- C:\Windows\System\FlkgDGk.exe
  C:\Windows\System\FlkgDGk.exe
  2⤵
  PID:3616
- C:\Windows\System\DHEgmFz.exe
  C:\Windows\System\DHEgmFz.exe
  2⤵
  PID:4068
- C:\Windows\System\glAPesh.exe
  C:\Windows\System\glAPesh.exe
  2⤵
  PID:3672
- C:\Windows\System\JCrKwUx.exe
  C:\Windows\System\JCrKwUx.exe
  2⤵
  PID:3300
- C:\Windows\System\RJPUaZQ.exe
  C:\Windows\System\RJPUaZQ.exe
  2⤵
  PID:3528
- C:\Windows\System\nIGVlLE.exe
  C:\Windows\System\nIGVlLE.exe
  2⤵
  PID:3696
- C:\Windows\System\OJjYUSW.exe
  C:\Windows\System\OJjYUSW.exe
  2⤵
  PID:3928
- C:\Windows\System\VPJAYVU.exe
  C:\Windows\System\VPJAYVU.exe
  2⤵
  PID:4076
- C:\Windows\System\OlHSuzr.exe
  C:\Windows\System\OlHSuzr.exe
  2⤵
  PID:3680
- C:\Windows\System\HCXxdGr.exe
  C:\Windows\System\HCXxdGr.exe
  2⤵
  PID:4008
- C:\Windows\System\VuFyKQC.exe
  C:\Windows\System\VuFyKQC.exe
  2⤵
  PID:3140
- C:\Windows\System\HjNfjVv.exe
  C:\Windows\System\HjNfjVv.exe
  2⤵
  PID:3412
- C:\Windows\System\SrQkFyG.exe
  C:\Windows\System\SrQkFyG.exe
  2⤵
  PID:3896
- C:\Windows\System\LYdaYka.exe
  C:\Windows\System\LYdaYka.exe
  2⤵
  PID:3716
- C:\Windows\System\qVkuBuK.exe
  C:\Windows\System\qVkuBuK.exe
  2⤵
  PID:3144
- C:\Windows\System\xtfNuWk.exe
  C:\Windows\System\xtfNuWk.exe
  2⤵
  PID:3472
- C:\Windows\System\EeDOKqS.exe
  C:\Windows\System\EeDOKqS.exe
  2⤵
  PID:3976
- C:\Windows\System\DJanzVk.exe
  C:\Windows\System\DJanzVk.exe
  2⤵
  PID:3396
- C:\Windows\System\zRKFUHZ.exe
  C:\Windows\System\zRKFUHZ.exe
  2⤵
  PID:3520
- C:\Windows\System\RewOSQs.exe
  C:\Windows\System\RewOSQs.exe
  2⤵
  PID:3344
- C:\Windows\System\RxXJpgO.exe
  C:\Windows\System\RxXJpgO.exe
  2⤵
  PID:3632
- C:\Windows\System\HDxJGeA.exe
  C:\Windows\System\HDxJGeA.exe
  2⤵
  PID:3156
- C:\Windows\System\kAxJfyA.exe
  C:\Windows\System\kAxJfyA.exe
  2⤵
  PID:3988
- C:\Windows\System\JcOiIlV.exe
  C:\Windows\System\JcOiIlV.exe
  2⤵
  PID:3348
- C:\Windows\System\iagvVnW.exe
  C:\Windows\System\iagvVnW.exe
  2⤵
  PID:3684
- C:\Windows\System\ulxNTgt.exe
  C:\Windows\System\ulxNTgt.exe
  2⤵
  PID:3168
- C:\Windows\System\BTJsPor.exe
  C:\Windows\System\BTJsPor.exe
  2⤵
  PID:4112
- C:\Windows\System\KnwjwqR.exe
  C:\Windows\System\KnwjwqR.exe
  2⤵
  PID:4128
- C:\Windows\System\gNdyGZW.exe
  C:\Windows\System\gNdyGZW.exe
  2⤵
  PID:4144
- C:\Windows\System\EvCVaaG.exe
  C:\Windows\System\EvCVaaG.exe
  2⤵
  PID:4160
- C:\Windows\System\IbbLtMw.exe
  C:\Windows\System\IbbLtMw.exe
  2⤵
  PID:4176
- C:\Windows\System\tCFXQCZ.exe
  C:\Windows\System\tCFXQCZ.exe
  2⤵
  PID:4192
- C:\Windows\System\ueTHHPt.exe
  C:\Windows\System\ueTHHPt.exe
  2⤵
  PID:4208
- C:\Windows\System\vJWAGBE.exe
  C:\Windows\System\vJWAGBE.exe
  2⤵
  PID:4240
- C:\Windows\System\sgIwWzN.exe
  C:\Windows\System\sgIwWzN.exe
  2⤵
  PID:4256
- C:\Windows\System\fOVrpPo.exe
  C:\Windows\System\fOVrpPo.exe
  2⤵
  PID:4272
- C:\Windows\System\NIVSlYl.exe
  C:\Windows\System\NIVSlYl.exe
  2⤵
  PID:4292
- C:\Windows\System\GunYpME.exe
  C:\Windows\System\GunYpME.exe
  2⤵
  PID:4312
- C:\Windows\System\GsjbunU.exe
  C:\Windows\System\GsjbunU.exe
  2⤵
  PID:4372
- C:\Windows\System\eqfbNzZ.exe
  C:\Windows\System\eqfbNzZ.exe
  2⤵
  PID:4392
- C:\Windows\System\vhgvTsU.exe
  C:\Windows\System\vhgvTsU.exe
  2⤵
  PID:4408
- C:\Windows\System\uKHEDfG.exe
  C:\Windows\System\uKHEDfG.exe
  2⤵
  PID:4424
- C:\Windows\System\QunmCYy.exe
  C:\Windows\System\QunmCYy.exe
  2⤵
  PID:4444
- C:\Windows\System\HSVmruK.exe
  C:\Windows\System\HSVmruK.exe
  2⤵
  PID:4460
- C:\Windows\System\rpcohzV.exe
  C:\Windows\System\rpcohzV.exe
  2⤵
  PID:4476
- C:\Windows\System\lqiVsyp.exe
  C:\Windows\System\lqiVsyp.exe
  2⤵
  PID:4496
- C:\Windows\System\ahyWqqL.exe
  C:\Windows\System\ahyWqqL.exe
  2⤵
  PID:4516
- C:\Windows\System\GVAXzcl.exe
  C:\Windows\System\GVAXzcl.exe
  2⤵
  PID:4532
- C:\Windows\System\ZMrUApz.exe
  C:\Windows\System\ZMrUApz.exe
  2⤵
  PID:4548
- C:\Windows\System\qcnAcff.exe
  C:\Windows\System\qcnAcff.exe
  2⤵
  PID:4568
- C:\Windows\System\yGlKktc.exe
  C:\Windows\System\yGlKktc.exe
  2⤵
  PID:4584
- C:\Windows\System\wqLVjQh.exe
  C:\Windows\System\wqLVjQh.exe
  2⤵
  PID:4600
- C:\Windows\System\SSGBITk.exe
  C:\Windows\System\SSGBITk.exe
  2⤵
  PID:4616
- C:\Windows\System\kEoNpzD.exe
  C:\Windows\System\kEoNpzD.exe
  2⤵
  PID:4640
- C:\Windows\System\KSdDdDW.exe
  C:\Windows\System\KSdDdDW.exe
  2⤵
  PID:4668
- C:\Windows\System\zvoZEkH.exe
  C:\Windows\System\zvoZEkH.exe
  2⤵
  PID:4684
- C:\Windows\System\DwfawGl.exe
  C:\Windows\System\DwfawGl.exe
  2⤵
  PID:4732
- C:\Windows\System\lMQvHZb.exe
  C:\Windows\System\lMQvHZb.exe
  2⤵
  PID:4748
- C:\Windows\System\XPqSUyi.exe
  C:\Windows\System\XPqSUyi.exe
  2⤵
  PID:4764
- C:\Windows\System\YvfStyE.exe
  C:\Windows\System\YvfStyE.exe
  2⤵
  PID:4780
- C:\Windows\System\qbxzlEx.exe
  C:\Windows\System\qbxzlEx.exe
  2⤵
  PID:4796
- C:\Windows\System\XZRqldf.exe
  C:\Windows\System\XZRqldf.exe
  2⤵
  PID:4812
- C:\Windows\System\ElAuRIb.exe
  C:\Windows\System\ElAuRIb.exe
  2⤵
  PID:4832
- C:\Windows\System\BGEBaZj.exe
  C:\Windows\System\BGEBaZj.exe
  2⤵
  PID:4848
- C:\Windows\System\CtenmEJ.exe
  C:\Windows\System\CtenmEJ.exe
  2⤵
  PID:4872
- C:\Windows\System\YNrmqVM.exe
  C:\Windows\System\YNrmqVM.exe
  2⤵
  PID:4896
- C:\Windows\System\CgbJMFk.exe
  C:\Windows\System\CgbJMFk.exe
  2⤵
  PID:4916
- C:\Windows\System\pBTbTHg.exe
  C:\Windows\System\pBTbTHg.exe
  2⤵
  PID:4936
- C:\Windows\System\bLPwQWW.exe
  C:\Windows\System\bLPwQWW.exe
  2⤵
  PID:4952
- C:\Windows\System\hThOpye.exe
  C:\Windows\System\hThOpye.exe
  2⤵
  PID:4972
- C:\Windows\System\DJAANEI.exe
  C:\Windows\System\DJAANEI.exe
  2⤵
  PID:4992
- C:\Windows\System\sIZtUKa.exe
  C:\Windows\System\sIZtUKa.exe
  2⤵
  PID:5008
- C:\Windows\System\cGkrhXE.exe
  C:\Windows\System\cGkrhXE.exe
  2⤵
  PID:5048
- C:\Windows\System\XlWvnxE.exe
  C:\Windows\System\XlWvnxE.exe
  2⤵
  PID:5068
- C:\Windows\System\AjhbIYq.exe
  C:\Windows\System\AjhbIYq.exe
  2⤵
  PID:5088
- C:\Windows\System\EeEbFDZ.exe
  C:\Windows\System\EeEbFDZ.exe
  2⤵
  PID:5108
- C:\Windows\System\OXTQsaP.exe
  C:\Windows\System\OXTQsaP.exe
  2⤵
  PID:3868
- C:\Windows\System\tlyyNDU.exe
  C:\Windows\System\tlyyNDU.exe
  2⤵
  PID:4152
- C:\Windows\System\wLWCScq.exe
  C:\Windows\System\wLWCScq.exe
  2⤵
  PID:4188
- C:\Windows\System\QAwuNXk.exe
  C:\Windows\System\QAwuNXk.exe
  2⤵
  PID:4228
- C:\Windows\System\eOHqTOe.exe
  C:\Windows\System\eOHqTOe.exe
  2⤵
  PID:4264
- C:\Windows\System\VCgVZUE.exe
  C:\Windows\System\VCgVZUE.exe
  2⤵
  PID:4340
- C:\Windows\System\ndxmtsI.exe
  C:\Windows\System\ndxmtsI.exe
  2⤵
  PID:4172
- C:\Windows\System\sDIhgrI.exe
  C:\Windows\System\sDIhgrI.exe
  2⤵
  PID:4280
- C:\Windows\System\giCsFvE.exe
  C:\Windows\System\giCsFvE.exe
  2⤵
  PID:4324
- C:\Windows\System\ymyvvgu.exe
  C:\Windows\System\ymyvvgu.exe
  2⤵
  PID:4364
- C:\Windows\System\PctcbSa.exe
  C:\Windows\System\PctcbSa.exe
  2⤵
  PID:4380
- C:\Windows\System\cfEJkjm.exe
  C:\Windows\System\cfEJkjm.exe
  2⤵
  PID:4404
- C:\Windows\System\gnCEQuY.exe
  C:\Windows\System\gnCEQuY.exe
  2⤵
  PID:4528
- C:\Windows\System\NZsvchn.exe
  C:\Windows\System\NZsvchn.exe
  2⤵
  PID:4596
- C:\Windows\System\kaxvRNo.exe
  C:\Windows\System\kaxvRNo.exe
  2⤵
  PID:4628
- C:\Windows\System\LehEIMO.exe
  C:\Windows\System\LehEIMO.exe
  2⤵
  PID:4544
- C:\Windows\System\QLeMtOh.exe
  C:\Windows\System\QLeMtOh.exe
  2⤵
  PID:4612
- C:\Windows\System\RmrbTdE.exe
  C:\Windows\System\RmrbTdE.exe
  2⤵
  PID:4472
- C:\Windows\System\UNuPlUQ.exe
  C:\Windows\System\UNuPlUQ.exe
  2⤵
  PID:4680
- C:\Windows\System\gabmPjW.exe
  C:\Windows\System\gabmPjW.exe
  2⤵
  PID:4692
- C:\Windows\System\AabOkxd.exe
  C:\Windows\System\AabOkxd.exe
  2⤵
  PID:4716
- C:\Windows\System\prKPMDS.exe
  C:\Windows\System\prKPMDS.exe
  2⤵
  PID:4700
- C:\Windows\System\UHEQsia.exe
  C:\Windows\System\UHEQsia.exe
  2⤵
  PID:4772
- C:\Windows\System\KHKuMfl.exe
  C:\Windows\System\KHKuMfl.exe
  2⤵
  PID:4844
- C:\Windows\System\AyNKiCA.exe
  C:\Windows\System\AyNKiCA.exe
  2⤵
  PID:4824
- C:\Windows\System\MMsRVKm.exe
  C:\Windows\System\MMsRVKm.exe
  2⤵
  PID:4864
- C:\Windows\System\wAcriuz.exe
  C:\Windows\System\wAcriuz.exe
  2⤵
  PID:4788
- C:\Windows\System\EhVGpLK.exe
  C:\Windows\System\EhVGpLK.exe
  2⤵
  PID:5000
- C:\Windows\System\PMqtNqm.exe
  C:\Windows\System\PMqtNqm.exe
  2⤵
  PID:5016
- C:\Windows\System\RksYlVm.exe
  C:\Windows\System\RksYlVm.exe
  2⤵
  PID:4948
- C:\Windows\System\oiiSZZi.exe
  C:\Windows\System\oiiSZZi.exe
  2⤵
  PID:5032
- C:\Windows\System\UzXaCdY.exe
  C:\Windows\System\UzXaCdY.exe
  2⤵
  PID:5056
- C:\Windows\System\ircPUiF.exe
  C:\Windows\System\ircPUiF.exe
  2⤵
  PID:5096
- C:\Windows\System\uhQTZzd.exe
  C:\Windows\System\uhQTZzd.exe
  2⤵
  PID:5116
- C:\Windows\System\blGNjjN.exe
  C:\Windows\System\blGNjjN.exe
  2⤵
  PID:4124
- C:\Windows\System\WEtdYud.exe
  C:\Windows\System\WEtdYud.exe
  2⤵
  PID:5080
- C:\Windows\System\fAtMOye.exe
  C:\Windows\System\fAtMOye.exe
  2⤵
  PID:4300
- C:\Windows\System\iRZqpLk.exe
  C:\Windows\System\iRZqpLk.exe
  2⤵
  PID:4248
- C:\Windows\System\kzsshQd.exe
  C:\Windows\System\kzsshQd.exe
  2⤵
  PID:4416
- C:\Windows\System\ddHaIRp.exe
  C:\Windows\System\ddHaIRp.exe
  2⤵
  PID:4420
- C:\Windows\System\XHUdrLe.exe
  C:\Windows\System\XHUdrLe.exe
  2⤵
  PID:4508
- C:\Windows\System\feIykAZ.exe
  C:\Windows\System\feIykAZ.exe
  2⤵
  PID:4652
- C:\Windows\System\nVVDLEx.exe
  C:\Windows\System\nVVDLEx.exe
  2⤵
  PID:4720
- C:\Windows\System\FwEPxNm.exe
  C:\Windows\System\FwEPxNm.exe
  2⤵
  PID:4336
- C:\Windows\System\YyqZDCp.exe
  C:\Windows\System\YyqZDCp.exe
  2⤵
  PID:4856
- C:\Windows\System\EOxkpKP.exe
  C:\Windows\System\EOxkpKP.exe
  2⤵
  PID:4964
- C:\Windows\System\uBtlPnT.exe
  C:\Windows\System\uBtlPnT.exe
  2⤵
  PID:4884
- C:\Windows\System\eRLyGkN.exe
  C:\Windows\System\eRLyGkN.exe
  2⤵
  PID:4740
- C:\Windows\System\KfDrRHH.exe
  C:\Windows\System\KfDrRHH.exe
  2⤵
  PID:4924
- C:\Windows\System\JJGegKC.exe
  C:\Windows\System\JJGegKC.exe
  2⤵
  PID:4492
- C:\Windows\System\IiECFHe.exe
  C:\Windows\System\IiECFHe.exe
  2⤵
  PID:4608
- C:\Windows\System\yziQzLB.exe
  C:\Windows\System\yziQzLB.exe
  2⤵
  PID:5040
- C:\Windows\System\cnlmciB.exe
  C:\Windows\System\cnlmciB.exe
  2⤵
  PID:4744
- C:\Windows\System\zgCKPwm.exe
  C:\Windows\System\zgCKPwm.exe
  2⤵
  PID:3880
- C:\Windows\System\wwwjFKj.exe
  C:\Windows\System\wwwjFKj.exe
  2⤵
  PID:5024
- C:\Windows\System\qbFolVj.exe
  C:\Windows\System\qbFolVj.exe
  2⤵
  PID:4224
- C:\Windows\System\fRyBLtG.exe
  C:\Windows\System\fRyBLtG.exe
  2⤵
  PID:4204
- C:\Windows\System\jgFbLJN.exe
  C:\Windows\System\jgFbLJN.exe
  2⤵
  PID:4236
- C:\Windows\System\eBthURE.exe
  C:\Windows\System\eBthURE.exe
  2⤵
  PID:4512
- C:\Windows\System\FJEnUyK.exe
  C:\Windows\System\FJEnUyK.exe
  2⤵
  PID:4960
- C:\Windows\System\nuKEyIc.exe
  C:\Windows\System\nuKEyIc.exe
  2⤵
  PID:4360
- C:\Windows\System\KxGNZXe.exe
  C:\Windows\System\KxGNZXe.exe
  2⤵
  PID:3080
- C:\Windows\System\xGCHlRh.exe
  C:\Windows\System\xGCHlRh.exe
  2⤵
  PID:4232
- C:\Windows\System\NmhqCar.exe
  C:\Windows\System\NmhqCar.exe
  2⤵
  PID:4808
- C:\Windows\System\kyVNXYW.exe
  C:\Windows\System\kyVNXYW.exe
  2⤵
  PID:4648
- C:\Windows\System\MNNBOiB.exe
  C:\Windows\System\MNNBOiB.exe
  2⤵
  PID:5104
- C:\Windows\System\ASgfTQQ.exe
  C:\Windows\System\ASgfTQQ.exe
  2⤵
  PID:4984
- C:\Windows\System\BXdBIap.exe
  C:\Windows\System\BXdBIap.exe
  2⤵
  PID:4400
- C:\Windows\System\VthRmXd.exe
  C:\Windows\System\VthRmXd.exe
  2⤵
  PID:4928
- C:\Windows\System\WkuzkYR.exe
  C:\Windows\System\WkuzkYR.exe
  2⤵
  PID:5124
- C:\Windows\System\YXZVUpP.exe
  C:\Windows\System\YXZVUpP.exe
  2⤵
  PID:5140
- C:\Windows\System\LygDhlC.exe
  C:\Windows\System\LygDhlC.exe
  2⤵
  PID:5156
- C:\Windows\System\enEIqMP.exe
  C:\Windows\System\enEIqMP.exe
  2⤵
  PID:5172
- C:\Windows\System\eXZEzxL.exe
  C:\Windows\System\eXZEzxL.exe
  2⤵
  PID:5188
- C:\Windows\System\RvVlTsJ.exe
  C:\Windows\System\RvVlTsJ.exe
  2⤵
  PID:5216
- C:\Windows\System\euBNanM.exe
  C:\Windows\System\euBNanM.exe
  2⤵
  PID:5236
- C:\Windows\System\DvyIxkC.exe
  C:\Windows\System\DvyIxkC.exe
  2⤵
  PID:5256
- C:\Windows\System\mVfeOJK.exe
  C:\Windows\System\mVfeOJK.exe
  2⤵
  PID:5284
- C:\Windows\System\fIPSurw.exe
  C:\Windows\System\fIPSurw.exe
  2⤵
  PID:5300
- C:\Windows\System\urEIeaX.exe
  C:\Windows\System\urEIeaX.exe
  2⤵
  PID:5316
- C:\Windows\System\HgOvmkT.exe
  C:\Windows\System\HgOvmkT.exe
  2⤵
  PID:5332
- C:\Windows\System\WfmYiUu.exe
  C:\Windows\System\WfmYiUu.exe
  2⤵
  PID:5348
- C:\Windows\System\XUrJtua.exe
  C:\Windows\System\XUrJtua.exe
  2⤵
  PID:5364
- C:\Windows\System\SDFOSJd.exe
  C:\Windows\System\SDFOSJd.exe
  2⤵
  PID:5380
- C:\Windows\System\ODBUrDR.exe
  C:\Windows\System\ODBUrDR.exe
  2⤵
  PID:5396
- C:\Windows\System\eSoTvWQ.exe
  C:\Windows\System\eSoTvWQ.exe
  2⤵
  PID:5412
- C:\Windows\System\thuDoNT.exe
  C:\Windows\System\thuDoNT.exe
  2⤵
  PID:5428
- C:\Windows\System\pqcIBIt.exe
  C:\Windows\System\pqcIBIt.exe
  2⤵
  PID:5444
- C:\Windows\System\GEcsbih.exe
  C:\Windows\System\GEcsbih.exe
  2⤵
  PID:5460
- C:\Windows\System\fgjgldR.exe
  C:\Windows\System\fgjgldR.exe
  2⤵
  PID:5476
- C:\Windows\System\dEQlDgw.exe
  C:\Windows\System\dEQlDgw.exe
  2⤵
  PID:5492
- C:\Windows\System\MkibSOl.exe
  C:\Windows\System\MkibSOl.exe
  2⤵
  PID:5512
- C:\Windows\System\IRprpds.exe
  C:\Windows\System\IRprpds.exe
  2⤵
  PID:5532
- C:\Windows\System\UBuKUyz.exe
  C:\Windows\System\UBuKUyz.exe
  2⤵
  PID:5560
- C:\Windows\System\wvCysqx.exe
  C:\Windows\System\wvCysqx.exe
  2⤵
  PID:5576
- C:\Windows\System\ZrCAUoe.exe
  C:\Windows\System\ZrCAUoe.exe
  2⤵
  PID:5592
- C:\Windows\System\IZoSgzr.exe
  C:\Windows\System\IZoSgzr.exe
  2⤵
  PID:5608
- C:\Windows\System\zqswpEI.exe
  C:\Windows\System\zqswpEI.exe
  2⤵
  PID:5624
- C:\Windows\System\TCCxxye.exe
  C:\Windows\System\TCCxxye.exe
  2⤵
  PID:5640
- C:\Windows\System\ZIeMBOY.exe
  C:\Windows\System\ZIeMBOY.exe
  2⤵
  PID:5660
- C:\Windows\System\POVTbOp.exe
  C:\Windows\System\POVTbOp.exe
  2⤵
  PID:5680
- C:\Windows\System\wHDFOgy.exe
  C:\Windows\System\wHDFOgy.exe
  2⤵
  PID:5704
- C:\Windows\System\XyVVXLq.exe
  C:\Windows\System\XyVVXLq.exe
  2⤵
  PID:5728
- C:\Windows\System\KtcxkhO.exe
  C:\Windows\System\KtcxkhO.exe
  2⤵
  PID:5756
- C:\Windows\System\PcqySpn.exe
  C:\Windows\System\PcqySpn.exe
  2⤵
  PID:5776
- C:\Windows\System\nCtHMyt.exe
  C:\Windows\System\nCtHMyt.exe
  2⤵
  PID:5796
- C:\Windows\System\pZADavR.exe
  C:\Windows\System\pZADavR.exe
  2⤵
  PID:5820
- C:\Windows\System\TRneLcf.exe
  C:\Windows\System\TRneLcf.exe
  2⤵
  PID:5844
- C:\Windows\System\pOrqQbp.exe
  C:\Windows\System\pOrqQbp.exe
  2⤵
  PID:5860
- C:\Windows\System\NsCVrhl.exe
  C:\Windows\System\NsCVrhl.exe
  2⤵
  PID:5876
- C:\Windows\System\JGdjFZD.exe
  C:\Windows\System\JGdjFZD.exe
  2⤵
  PID:5896
- C:\Windows\System\ZdhOKau.exe
  C:\Windows\System\ZdhOKau.exe
  2⤵
  PID:5916
- C:\Windows\System\FvZJehH.exe
  C:\Windows\System\FvZJehH.exe
  2⤵
  PID:5932
- C:\Windows\System\lcGsjDC.exe
  C:\Windows\System\lcGsjDC.exe
  2⤵
  PID:5948
- C:\Windows\System\KasGKNT.exe
  C:\Windows\System\KasGKNT.exe
  2⤵
  PID:5964
- C:\Windows\System\wrrIBSB.exe
  C:\Windows\System\wrrIBSB.exe
  2⤵
  PID:5980
- C:\Windows\System\qMdzRUx.exe
  C:\Windows\System\qMdzRUx.exe
  2⤵
  PID:5996
- C:\Windows\System\dShuMNR.exe
  C:\Windows\System\dShuMNR.exe
  2⤵
  PID:6020
- C:\Windows\System\XOWYBbe.exe
  C:\Windows\System\XOWYBbe.exe
  2⤵
  PID:6036
- C:\Windows\System\DvUnuwR.exe
  C:\Windows\System\DvUnuwR.exe
  2⤵
  PID:6052
- C:\Windows\System\rjZbWyo.exe
  C:\Windows\System\rjZbWyo.exe
  2⤵
  PID:6068
- C:\Windows\System\rfXSnfa.exe
  C:\Windows\System\rfXSnfa.exe
  2⤵
  PID:6084
- C:\Windows\System\JqmzvMC.exe
  C:\Windows\System\JqmzvMC.exe
  2⤵
  PID:6100
- C:\Windows\System\RCPKJQX.exe
  C:\Windows\System\RCPKJQX.exe
  2⤵
  PID:6116
- C:\Windows\System\yUmHlwn.exe
  C:\Windows\System\yUmHlwn.exe
  2⤵
  PID:6136
- C:\Windows\System\fREtsmT.exe
  C:\Windows\System\fREtsmT.exe
  2⤵
  PID:4632
- C:\Windows\System\GTVvlit.exe
  C:\Windows\System\GTVvlit.exe
  2⤵
  PID:4988
- C:\Windows\System\DRHRVVh.exe
  C:\Windows\System\DRHRVVh.exe
  2⤵
  PID:3664
- C:\Windows\System\eWHHOQn.exe
  C:\Windows\System\eWHHOQn.exe
  2⤵
  PID:5004
- C:\Windows\System\TryYxpS.exe
  C:\Windows\System\TryYxpS.exe
  2⤵
  PID:5136
- C:\Windows\System\LBCSteH.exe
  C:\Windows\System\LBCSteH.exe
  2⤵
  PID:4488
- C:\Windows\System\WGhIwTw.exe
  C:\Windows\System\WGhIwTw.exe
  2⤵
  PID:5224
- C:\Windows\System\MGEcQIY.exe
  C:\Windows\System\MGEcQIY.exe
  2⤵
  PID:5232
- C:\Windows\System\SFYPbyE.exe
  C:\Windows\System\SFYPbyE.exe
  2⤵
  PID:5264
- C:\Windows\System\lLCniuF.exe
  C:\Windows\System\lLCniuF.exe
  2⤵
  PID:5280
- C:\Windows\System\OAvYMEJ.exe
  C:\Windows\System\OAvYMEJ.exe
  2⤵
  PID:5372
- C:\Windows\System\nIGKYWk.exe
  C:\Windows\System\nIGKYWk.exe
  2⤵
  PID:5404
- C:\Windows\System\urRUZTU.exe
  C:\Windows\System\urRUZTU.exe
  2⤵
  PID:5292
- C:\Windows\System\VeAusMG.exe
  C:\Windows\System\VeAusMG.exe
  2⤵
  PID:5456
- C:\Windows\System\Pdirgds.exe
  C:\Windows\System\Pdirgds.exe
  2⤵
  PID:5452
- C:\Windows\System\GIsXKfw.exe
  C:\Windows\System\GIsXKfw.exe
  2⤵
  PID:5388
- C:\Windows\System\WguaIPK.exe
  C:\Windows\System\WguaIPK.exe
  2⤵
  PID:5324
- C:\Windows\System\nLWYZxA.exe
  C:\Windows\System\nLWYZxA.exe
  2⤵
  PID:5544
- C:\Windows\System\NTAELcf.exe
  C:\Windows\System\NTAELcf.exe
  2⤵
  PID:5528
- C:\Windows\System\tWaDbFm.exe
  C:\Windows\System\tWaDbFm.exe
  2⤵
  PID:5572
- C:\Windows\System\ffKoUXP.exe
  C:\Windows\System\ffKoUXP.exe
  2⤵
  PID:5620
- C:\Windows\System\VGJcWHy.exe
  C:\Windows\System\VGJcWHy.exe
  2⤵
  PID:5632
- C:\Windows\System\GTCHeCx.exe
  C:\Windows\System\GTCHeCx.exe
  2⤵
  PID:5696
- C:\Windows\System\FeVVBBB.exe
  C:\Windows\System\FeVVBBB.exe
  2⤵
  PID:5736
- C:\Windows\System\RxHwmUZ.exe
  C:\Windows\System\RxHwmUZ.exe
  2⤵
  PID:5788
- C:\Windows\System\SENhbYL.exe
  C:\Windows\System\SENhbYL.exe
  2⤵
  PID:5840
- C:\Windows\System\ZvYxxpu.exe
  C:\Windows\System\ZvYxxpu.exe
  2⤵
  PID:5836
- C:\Windows\System\yaHmxxX.exe
  C:\Windows\System\yaHmxxX.exe
  2⤵
  PID:5772
- C:\Windows\System\iqEnmoG.exe
  C:\Windows\System\iqEnmoG.exe
  2⤵
  PID:5720
- C:\Windows\System\BtVIcUS.exe
  C:\Windows\System\BtVIcUS.exe
  2⤵
  PID:5888
- C:\Windows\System\zHbFPnx.exe
  C:\Windows\System\zHbFPnx.exe
  2⤵
  PID:5928
- C:\Windows\System\RYyUUPZ.exe
  C:\Windows\System\RYyUUPZ.exe
  2⤵
  PID:6004
- C:\Windows\System\hzeonwe.exe
  C:\Windows\System\hzeonwe.exe
  2⤵
  PID:5972
- C:\Windows\System\RXTRlGY.exe
  C:\Windows\System\RXTRlGY.exe
  2⤵
  PID:6032
- C:\Windows\System\rZzGcDH.exe
  C:\Windows\System\rZzGcDH.exe
  2⤵
  PID:6124
- C:\Windows\System\pbcDkrS.exe
  C:\Windows\System\pbcDkrS.exe
  2⤵
  PID:6048
- C:\Windows\System\BpWcfpf.exe
  C:\Windows\System\BpWcfpf.exe
  2⤵
  PID:6112
- C:\Windows\System\peBWXDk.exe
  C:\Windows\System\peBWXDk.exe
  2⤵
  PID:4332
- C:\Windows\System\bbuMoFA.exe
  C:\Windows\System\bbuMoFA.exe
  2⤵
  PID:4676
- C:\Windows\System\KCvRTfY.exe
  C:\Windows\System\KCvRTfY.exe
  2⤵
  PID:5184
- C:\Windows\System\tARlgXq.exe
  C:\Windows\System\tARlgXq.exe
  2⤵
  PID:5376
- C:\Windows\System\ODgxtyC.exe
  C:\Windows\System\ODgxtyC.exe
  2⤵
  PID:5508
- C:\Windows\System\ELsAmqa.exe
  C:\Windows\System\ELsAmqa.exe
  2⤵
  PID:4320
- C:\Windows\System\BmgkSdF.exe
  C:\Windows\System\BmgkSdF.exe
  2⤵
  PID:5208
- C:\Windows\System\EJsfMYq.exe
  C:\Windows\System\EJsfMYq.exe
  2⤵
  PID:5500
- C:\Windows\System\DIgNmEj.exe
  C:\Windows\System\DIgNmEj.exe
  2⤵
  PID:5556
- C:\Windows\System\ueSeRCm.exe
  C:\Windows\System\ueSeRCm.exe
  2⤵
  PID:5588
- C:\Windows\System\jUFTrss.exe
  C:\Windows\System\jUFTrss.exe
  2⤵
  PID:5688
- C:\Windows\System\seDQJWg.exe
  C:\Windows\System\seDQJWg.exe
  2⤵
  PID:5828
- C:\Windows\System\mgzpmHL.exe
  C:\Windows\System\mgzpmHL.exe
  2⤵
  PID:5816
- C:\Windows\System\ZYkVskK.exe
  C:\Windows\System\ZYkVskK.exe
  2⤵
  PID:5944
- C:\Windows\System\SjjTHlZ.exe
  C:\Windows\System\SjjTHlZ.exe
  2⤵
  PID:6096
- C:\Windows\System\lwumMcU.exe
  C:\Windows\System\lwumMcU.exe
  2⤵
  PID:5884
- C:\Windows\System\XznPTNO.exe
  C:\Windows\System\XznPTNO.exe
  2⤵
  PID:5856
- C:\Windows\System\CvYdPIm.exe
  C:\Windows\System\CvYdPIm.exe
  2⤵
  PID:5992
- C:\Windows\System\pqDEwiZ.exe
  C:\Windows\System\pqDEwiZ.exe
  2⤵
  PID:6044
- C:\Windows\System\OhvwKwv.exe
  C:\Windows\System\OhvwKwv.exe
  2⤵
  PID:4136
- C:\Windows\System\DLKDPwI.exe
  C:\Windows\System\DLKDPwI.exe
  2⤵
  PID:5204
- C:\Windows\System\mtclRTn.exe
  C:\Windows\System\mtclRTn.exe
  2⤵
  PID:5420
- C:\Windows\System\cFcaqqX.exe
  C:\Windows\System\cFcaqqX.exe
  2⤵
  PID:5252
- C:\Windows\System\CsuoGeA.exe
  C:\Windows\System\CsuoGeA.exe
  2⤵
  PID:5616
- C:\Windows\System\uGmOWId.exe
  C:\Windows\System\uGmOWId.exe
  2⤵
  PID:5712
- C:\Windows\System\nLGnbTH.exe
  C:\Windows\System\nLGnbTH.exe
  2⤵
  PID:5868
- C:\Windows\System\OYcZYFv.exe
  C:\Windows\System\OYcZYFv.exe
  2⤵
  PID:4756
- C:\Windows\System\DFjGsoI.exe
  C:\Windows\System\DFjGsoI.exe
  2⤵
  PID:5196
- C:\Windows\System\DCdZjLj.exe
  C:\Windows\System\DCdZjLj.exe
  2⤵
  PID:5328
- C:\Windows\System\WqKOjMG.exe
  C:\Windows\System\WqKOjMG.exe
  2⤵
  PID:5740
- C:\Windows\System\umounPN.exe
  C:\Windows\System\umounPN.exe
  2⤵
  PID:5764
- C:\Windows\System\oLEdPFf.exe
  C:\Windows\System\oLEdPFf.exe
  2⤵
  PID:6132
- C:\Windows\System\Yzbqbug.exe
  C:\Windows\System\Yzbqbug.exe
  2⤵
  PID:5656
- C:\Windows\System\NGJpEWN.exe
  C:\Windows\System\NGJpEWN.exe
  2⤵
  PID:5064
- C:\Windows\System\JpIVRVu.exe
  C:\Windows\System\JpIVRVu.exe
  2⤵
  PID:4944
- C:\Windows\System\AnJErPF.exe
  C:\Windows\System\AnJErPF.exe
  2⤵
  PID:5940
- C:\Windows\System\TxSxLTf.exe
  C:\Windows\System\TxSxLTf.exe
  2⤵
  PID:5152
- C:\Windows\System\LrrsuXm.exe
  C:\Windows\System\LrrsuXm.exe
  2⤵
  PID:5312
- C:\Windows\System\PdgYmPr.exe
  C:\Windows\System\PdgYmPr.exe
  2⤵
  PID:6152
- C:\Windows\System\jZHfGxg.exe
  C:\Windows\System\jZHfGxg.exe
  2⤵
  PID:6172
- C:\Windows\System\DmHtmit.exe
  C:\Windows\System\DmHtmit.exe
  2⤵
  PID:6188
- C:\Windows\System\eQbWvuS.exe
  C:\Windows\System\eQbWvuS.exe
  2⤵
  PID:6212
- C:\Windows\System\SffhBSB.exe
  C:\Windows\System\SffhBSB.exe
  2⤵
  PID:6236
- C:\Windows\System\RwpXffQ.exe
  C:\Windows\System\RwpXffQ.exe
  2⤵
  PID:6252
- C:\Windows\System\cxiSzjM.exe
  C:\Windows\System\cxiSzjM.exe
  2⤵
  PID:6276
- C:\Windows\System\YIqSOKX.exe
  C:\Windows\System\YIqSOKX.exe
  2⤵
  PID:6296
- C:\Windows\System\yAtNMIG.exe
  C:\Windows\System\yAtNMIG.exe
  2⤵
  PID:6324
- C:\Windows\System\mEcPomb.exe
  C:\Windows\System\mEcPomb.exe
  2⤵
  PID:6340
- C:\Windows\System\NpiUMOr.exe
  C:\Windows\System\NpiUMOr.exe
  2⤵
  PID:6356
- C:\Windows\System\kMHVHxb.exe
  C:\Windows\System\kMHVHxb.exe
  2⤵
  PID:6372
- C:\Windows\System\YIiRuLQ.exe
  C:\Windows\System\YIiRuLQ.exe
  2⤵
  PID:6388
- C:\Windows\System\XXNqKhH.exe
  C:\Windows\System\XXNqKhH.exe
  2⤵
  PID:6412
- C:\Windows\System\MyFCEHL.exe
  C:\Windows\System\MyFCEHL.exe
  2⤵
  PID:6432
- C:\Windows\System\RqlNYiW.exe
  C:\Windows\System\RqlNYiW.exe
  2⤵
  PID:6456
- C:\Windows\System\NJFCbNP.exe
  C:\Windows\System\NJFCbNP.exe
  2⤵
  PID:6472
- C:\Windows\System\HGqZzPU.exe
  C:\Windows\System\HGqZzPU.exe
  2⤵
  PID:6488
- C:\Windows\System\vpJPSJz.exe
  C:\Windows\System\vpJPSJz.exe
  2⤵
  PID:6504
- C:\Windows\System\tKIAhCj.exe
  C:\Windows\System\tKIAhCj.exe
  2⤵
  PID:6528
- C:\Windows\System\TZccVyD.exe
  C:\Windows\System\TZccVyD.exe
  2⤵
  PID:6552
- C:\Windows\System\kNDgbpG.exe
  C:\Windows\System\kNDgbpG.exe
  2⤵
  PID:6568
- C:\Windows\System\fCSzkXT.exe
  C:\Windows\System\fCSzkXT.exe
  2⤵
  PID:6596
- C:\Windows\System\adFYEyc.exe
  C:\Windows\System\adFYEyc.exe
  2⤵
  PID:6620
- C:\Windows\System\QRrsQEb.exe
  C:\Windows\System\QRrsQEb.exe
  2⤵
  PID:6640
- C:\Windows\System\vSBDwLi.exe
  C:\Windows\System\vSBDwLi.exe
  2⤵
  PID:6664
- C:\Windows\System\SXMcdvr.exe
  C:\Windows\System\SXMcdvr.exe
  2⤵
  PID:6680
- C:\Windows\System\XrmNKph.exe
  C:\Windows\System\XrmNKph.exe
  2⤵
  PID:6720
- C:\Windows\System\zcfCxoa.exe
  C:\Windows\System\zcfCxoa.exe
  2⤵
  PID:6736
- C:\Windows\System\ZGybmVg.exe
  C:\Windows\System\ZGybmVg.exe
  2⤵
  PID:6752
- C:\Windows\System\mmwUNxa.exe
  C:\Windows\System\mmwUNxa.exe
  2⤵
  PID:6768
- C:\Windows\System\rApWILy.exe
  C:\Windows\System\rApWILy.exe
  2⤵
  PID:6784
- C:\Windows\System\hnWLfnw.exe
  C:\Windows\System\hnWLfnw.exe
  2⤵
  PID:6804
- C:\Windows\System\taptWWa.exe
  C:\Windows\System\taptWWa.exe
  2⤵
  PID:6820
- C:\Windows\System\nsWhqbL.exe
  C:\Windows\System\nsWhqbL.exe
  2⤵
  PID:6840
- C:\Windows\System\NHcjclz.exe
  C:\Windows\System\NHcjclz.exe
  2⤵
  PID:6860
- C:\Windows\System\txtCucP.exe
  C:\Windows\System\txtCucP.exe
  2⤵
  PID:6876
- C:\Windows\System\ikjQUdy.exe
  C:\Windows\System\ikjQUdy.exe
  2⤵
  PID:6892
- C:\Windows\System\LFjWhdS.exe
  C:\Windows\System\LFjWhdS.exe
  2⤵
  PID:6908
- C:\Windows\System\ZYhXdma.exe
  C:\Windows\System\ZYhXdma.exe
  2⤵
  PID:6924
- C:\Windows\System\pDIbRHd.exe
  C:\Windows\System\pDIbRHd.exe
  2⤵
  PID:6940
- C:\Windows\System\xHxfUln.exe
  C:\Windows\System\xHxfUln.exe
  2⤵
  PID:6960
- C:\Windows\System\LIemlXa.exe
  C:\Windows\System\LIemlXa.exe
  2⤵
  PID:6976
- C:\Windows\System\yANIGoF.exe
  C:\Windows\System\yANIGoF.exe
  2⤵
  PID:6992
- C:\Windows\System\ZbXQykE.exe
  C:\Windows\System\ZbXQykE.exe
  2⤵
  PID:7008
- C:\Windows\System\hAlmIVu.exe
  C:\Windows\System\hAlmIVu.exe
  2⤵
  PID:7024
- C:\Windows\System\nFfyoOF.exe
  C:\Windows\System\nFfyoOF.exe
  2⤵
  PID:7040
- C:\Windows\System\oJjrrSJ.exe
  C:\Windows\System\oJjrrSJ.exe
  2⤵
  PID:7056
- C:\Windows\System\hwvaLTY.exe
  C:\Windows\System\hwvaLTY.exe
  2⤵
  PID:7072
- C:\Windows\System\vnHmcOF.exe
  C:\Windows\System\vnHmcOF.exe
  2⤵
  PID:7108
- C:\Windows\System\urJnyni.exe
  C:\Windows\System\urJnyni.exe
  2⤵
  PID:7124
- C:\Windows\System\Udksxdv.exe
  C:\Windows\System\Udksxdv.exe
  2⤵
  PID:7140
- C:\Windows\System\iaPDhSV.exe
  C:\Windows\System\iaPDhSV.exe
  2⤵
  PID:7156
- C:\Windows\System\eNNMQTY.exe
  C:\Windows\System\eNNMQTY.exe
  2⤵
  PID:6160
- C:\Windows\System\VTXfYMO.exe
  C:\Windows\System\VTXfYMO.exe
  2⤵
  PID:6028
- C:\Windows\System\lVnPHfr.exe
  C:\Windows\System\lVnPHfr.exe
  2⤵
  PID:6204
- C:\Windows\System\YuZGsTh.exe
  C:\Windows\System\YuZGsTh.exe
  2⤵
  PID:6224
- C:\Windows\System\MtEGbMH.exe
  C:\Windows\System\MtEGbMH.exe
  2⤵
  PID:6148
- C:\Windows\System\FqMrqkC.exe
  C:\Windows\System\FqMrqkC.exe
  2⤵
  PID:6260
- C:\Windows\System\qOkbpUT.exe
  C:\Windows\System\qOkbpUT.exe
  2⤵
  PID:6288
- C:\Windows\System\hSbCdmg.exe
  C:\Windows\System\hSbCdmg.exe
  2⤵
  PID:6308
- C:\Windows\System\dZGGgWv.exe
  C:\Windows\System\dZGGgWv.exe
  2⤵
  PID:6408
- C:\Windows\System\thOafxt.exe
  C:\Windows\System\thOafxt.exe
  2⤵
  PID:6320
- C:\Windows\System\sNZIXqM.exe
  C:\Windows\System\sNZIXqM.exe
  2⤵
  PID:6444
- C:\Windows\System\hfRchav.exe
  C:\Windows\System\hfRchav.exe
  2⤵
  PID:6480
- C:\Windows\System\ZkadxPo.exe
  C:\Windows\System\ZkadxPo.exe
  2⤵
  PID:6560
- C:\Windows\System\JViRNHR.exe
  C:\Windows\System\JViRNHR.exe
  2⤵
  PID:6612
- C:\Windows\System\roHdqMR.exe
  C:\Windows\System\roHdqMR.exe
  2⤵
  PID:6660
- C:\Windows\System\ztXuSsK.exe
  C:\Windows\System\ztXuSsK.exe
  2⤵
  PID:6696
- C:\Windows\System\PJfKOuQ.exe
  C:\Windows\System\PJfKOuQ.exe
  2⤵
  PID:6536
- C:\Windows\System\RsFCnNf.exe
  C:\Windows\System\RsFCnNf.exe
  2⤵
  PID:6576
- C:\Windows\System\ZsyvQsf.exe
  C:\Windows\System\ZsyvQsf.exe
  2⤵
  PID:6632
- C:\Windows\System\hHsTaJo.exe
  C:\Windows\System\hHsTaJo.exe
  2⤵
  PID:6428
- C:\Windows\System\wArWXlX.exe
  C:\Windows\System\wArWXlX.exe
  2⤵
  PID:6712
- C:\Windows\System\YUnJmfe.exe
  C:\Windows\System\YUnJmfe.exe
  2⤵
  PID:6780
- C:\Windows\System\BMzEwyD.exe
  C:\Windows\System\BMzEwyD.exe
  2⤵
  PID:6728
- C:\Windows\System\cvMxhlH.exe
  C:\Windows\System\cvMxhlH.exe
  2⤵
  PID:6796
- C:\Windows\System\nyTdTLr.exe
  C:\Windows\System\nyTdTLr.exe
  2⤵
  PID:6948
- C:\Windows\System\XKsjQff.exe
  C:\Windows\System\XKsjQff.exe
  2⤵
  PID:7004
- C:\Windows\System\GnAAJDx.exe
  C:\Windows\System\GnAAJDx.exe
  2⤵
  PID:6900
- C:\Windows\System\zDMLiwx.exe
  C:\Windows\System\zDMLiwx.exe
  2⤵
  PID:6936
- C:\Windows\System\TIiueyR.exe
  C:\Windows\System\TIiueyR.exe
  2⤵
  PID:7016
- C:\Windows\System\YecowtI.exe
  C:\Windows\System\YecowtI.exe
  2⤵
  PID:7064
- C:\Windows\System\JiMkPbb.exe
  C:\Windows\System\JiMkPbb.exe
  2⤵
  PID:7132
- C:\Windows\System\KgVXKZv.exe
  C:\Windows\System\KgVXKZv.exe
  2⤵
  PID:5872
- C:\Windows\System\iYWEAoZ.exe
  C:\Windows\System\iYWEAoZ.exe
  2⤵
  PID:5988
- C:\Windows\System\xmrAOMx.exe
  C:\Windows\System\xmrAOMx.exe
  2⤵
  PID:5356
- C:\Windows\System\OHBQZJF.exe
  C:\Windows\System\OHBQZJF.exe
  2⤵
  PID:6400
- C:\Windows\System\OLWbqIe.exe
  C:\Windows\System\OLWbqIe.exe
  2⤵
  PID:6348
- C:\Windows\System\WxOZccg.exe
  C:\Windows\System\WxOZccg.exe
  2⤵
  PID:6184
- C:\Windows\System\ZcjQBwN.exe
  C:\Windows\System\ZcjQBwN.exe
  2⤵
  PID:6364
- C:\Windows\System\aetzGLk.exe
  C:\Windows\System\aetzGLk.exe
  2⤵
  PID:6448
- C:\Windows\System\wYsupas.exe
  C:\Windows\System\wYsupas.exe
  2⤵
  PID:6496
- C:\Windows\System\LsmJVFT.exe
  C:\Windows\System\LsmJVFT.exe
  2⤵
  PID:6588
- C:\Windows\System\XLeCABh.exe
  C:\Windows\System\XLeCABh.exe
  2⤵
  PID:6548
- C:\Windows\System\SufLDIh.exe
  C:\Windows\System\SufLDIh.exe
  2⤵
  PID:6384
- C:\Windows\System\FwvjgLd.exe
  C:\Windows\System\FwvjgLd.exe
  2⤵
  PID:6744
- C:\Windows\System\bUjrThO.exe
  C:\Windows\System\bUjrThO.exe
  2⤵
  PID:6748
- C:\Windows\System\FXVNelI.exe
  C:\Windows\System\FXVNelI.exe
  2⤵
  PID:6816
- C:\Windows\System\WVeBIOl.exe
  C:\Windows\System\WVeBIOl.exe
  2⤵
  PID:6884
- C:\Windows\System\oAadSpm.exe
  C:\Windows\System\oAadSpm.exe
  2⤵
  PID:7036
- C:\Windows\System\virtIKI.exe
  C:\Windows\System\virtIKI.exe
  2⤵
  PID:6792
- C:\Windows\System\IUECXbq.exe
  C:\Windows\System\IUECXbq.exe
  2⤵
  PID:6956
- C:\Windows\System\pTAsYBe.exe
  C:\Windows\System\pTAsYBe.exe
  2⤵
  PID:7052
- C:\Windows\System\oHtkLny.exe
  C:\Windows\System\oHtkLny.exe
  2⤵
  PID:7092
- C:\Windows\System\vEhLOjt.exe
  C:\Windows\System\vEhLOjt.exe
  2⤵
  PID:5212
- C:\Windows\System\dhpuLbX.exe
  C:\Windows\System\dhpuLbX.exe
  2⤵
  PID:7080
- C:\Windows\System\YNJkJuu.exe
  C:\Windows\System\YNJkJuu.exe
  2⤵
  PID:6092
- C:\Windows\System\dVNvCmT.exe
  C:\Windows\System\dVNvCmT.exe
  2⤵
  PID:6244
- C:\Windows\System\TnPGPpm.exe
  C:\Windows\System\TnPGPpm.exe
  2⤵
  PID:5524
- C:\Windows\System\cGbQXHD.exe
  C:\Windows\System\cGbQXHD.exe
  2⤵
  PID:6380
- C:\Windows\System\ozvMjRe.exe
  C:\Windows\System\ozvMjRe.exe
  2⤵
  PID:6304
- C:\Windows\System\USBoMXS.exe
  C:\Windows\System\USBoMXS.exe
  2⤵
  PID:6648
- C:\Windows\System\QcaDgpC.exe
  C:\Windows\System\QcaDgpC.exe
  2⤵
  PID:6856
- C:\Windows\System\wXFErQl.exe
  C:\Windows\System\wXFErQl.exe
  2⤵
  PID:7000
- C:\Windows\System\Amergha.exe
  C:\Windows\System\Amergha.exe
  2⤵
  PID:6700
- C:\Windows\System\jukAcTE.exe
  C:\Windows\System\jukAcTE.exe
  2⤵
  PID:6708
- C:\Windows\System\gBvXlZN.exe
  C:\Windows\System\gBvXlZN.exe
  2⤵
  PID:6520
- C:\Windows\System\EmnzXNA.exe
  C:\Windows\System\EmnzXNA.exe
  2⤵
  PID:6672
- C:\Windows\System\dKyDOvj.exe
  C:\Windows\System\dKyDOvj.exe
  2⤵
  PID:7148
- C:\Windows\System\pbWXBqi.exe
  C:\Windows\System\pbWXBqi.exe
  2⤵
  PID:6852
- C:\Windows\System\uGeyWbP.exe
  C:\Windows\System\uGeyWbP.exe
  2⤵
  PID:6512
- C:\Windows\System\kRJcqBW.exe
  C:\Windows\System\kRJcqBW.exe
  2⤵
  PID:7164
- C:\Windows\System\nFMyPbX.exe
  C:\Windows\System\nFMyPbX.exe
  2⤵
  PID:7152
- C:\Windows\System\jVeWPzm.exe
  C:\Windows\System\jVeWPzm.exe
  2⤵
  PID:7176
- C:\Windows\System\YnutBPX.exe
  C:\Windows\System\YnutBPX.exe
  2⤵
  PID:7192
- C:\Windows\System\wPdatue.exe
  C:\Windows\System\wPdatue.exe
  2⤵
  PID:7208
- C:\Windows\System\tlMWuJt.exe
  C:\Windows\System\tlMWuJt.exe
  2⤵
  PID:7224
- C:\Windows\System\doaIoUV.exe
  C:\Windows\System\doaIoUV.exe
  2⤵
  PID:7240
- C:\Windows\System\rirfXCk.exe
  C:\Windows\System\rirfXCk.exe
  2⤵
  PID:7256
- C:\Windows\System\MVkxkNn.exe
  C:\Windows\System\MVkxkNn.exe
  2⤵
  PID:7272
- C:\Windows\System\sLfWSse.exe
  C:\Windows\System\sLfWSse.exe
  2⤵
  PID:7288
- C:\Windows\System\QJyfavG.exe
  C:\Windows\System\QJyfavG.exe
  2⤵
  PID:7304
- C:\Windows\System\fNIZCGK.exe
  C:\Windows\System\fNIZCGK.exe
  2⤵
  PID:7320
- C:\Windows\System\jGddbju.exe
  C:\Windows\System\jGddbju.exe
  2⤵
  PID:7336
- C:\Windows\System\WRjElHP.exe
  C:\Windows\System\WRjElHP.exe
  2⤵
  PID:7352
- C:\Windows\System\PRzjNUs.exe
  C:\Windows\System\PRzjNUs.exe
  2⤵
  PID:7368
- C:\Windows\System\sOYHVFv.exe
  C:\Windows\System\sOYHVFv.exe
  2⤵
  PID:7384
- C:\Windows\System\mznjpSS.exe
  C:\Windows\System\mznjpSS.exe
  2⤵
  PID:7400
- C:\Windows\System\NNbAyVZ.exe
  C:\Windows\System\NNbAyVZ.exe
  2⤵
  PID:7416
- C:\Windows\System\VhxDbfy.exe
  C:\Windows\System\VhxDbfy.exe
  2⤵
  PID:7432
- C:\Windows\System\HJklojY.exe
  C:\Windows\System\HJklojY.exe
  2⤵
  PID:7448
- C:\Windows\System\CroWvWS.exe
  C:\Windows\System\CroWvWS.exe
  2⤵
  PID:7464
- C:\Windows\System\gehydEA.exe
  C:\Windows\System\gehydEA.exe
  2⤵
  PID:7480
- C:\Windows\System\fiKVtQA.exe
  C:\Windows\System\fiKVtQA.exe
  2⤵
  PID:7496
- C:\Windows\System\tEjXgOh.exe
  C:\Windows\System\tEjXgOh.exe
  2⤵
  PID:7512
- C:\Windows\System\IznTDvg.exe
  C:\Windows\System\IznTDvg.exe
  2⤵
  PID:7528
- C:\Windows\System\QZghGaM.exe
  C:\Windows\System\QZghGaM.exe
  2⤵
  PID:7544
- C:\Windows\System\GNyhUQM.exe
  C:\Windows\System\GNyhUQM.exe
  2⤵
  PID:7560
- C:\Windows\System\DyOGpAZ.exe
  C:\Windows\System\DyOGpAZ.exe
  2⤵
  PID:7576
- C:\Windows\System\BUSIDWn.exe
  C:\Windows\System\BUSIDWn.exe
  2⤵
  PID:7592
- C:\Windows\System\KvzLmAt.exe
  C:\Windows\System\KvzLmAt.exe
  2⤵
  PID:7608
- C:\Windows\System\CNFTXay.exe
  C:\Windows\System\CNFTXay.exe
  2⤵
  PID:7624
- C:\Windows\System\GvELuWC.exe
  C:\Windows\System\GvELuWC.exe
  2⤵
  PID:7640
- C:\Windows\System\XtRAdcH.exe
  C:\Windows\System\XtRAdcH.exe
  2⤵
  PID:7656
- C:\Windows\System\IuoXSoB.exe
  C:\Windows\System\IuoXSoB.exe
  2⤵
  PID:7672
- C:\Windows\System\WSjJdPu.exe
  C:\Windows\System\WSjJdPu.exe
  2⤵
  PID:7692
- C:\Windows\System\kmiFYvE.exe
  C:\Windows\System\kmiFYvE.exe
  2⤵
  PID:7708
- C:\Windows\System\gWtYZYk.exe
  C:\Windows\System\gWtYZYk.exe
  2⤵
  PID:7728
- C:\Windows\System\eXXnSxA.exe
  C:\Windows\System\eXXnSxA.exe
  2⤵
  PID:7744
- C:\Windows\System\HCoMqJo.exe
  C:\Windows\System\HCoMqJo.exe
  2⤵
  PID:7760
- C:\Windows\System\xxzcOby.exe
  C:\Windows\System\xxzcOby.exe
  2⤵
  PID:7776
- C:\Windows\System\uXnCAIX.exe
  C:\Windows\System\uXnCAIX.exe
  2⤵
  PID:7792
- C:\Windows\System\ZOsowao.exe
  C:\Windows\System\ZOsowao.exe
  2⤵
  PID:7808
- C:\Windows\System\gQmbGrU.exe
  C:\Windows\System\gQmbGrU.exe
  2⤵
  PID:7824
- C:\Windows\System\WdPnwBM.exe
  C:\Windows\System\WdPnwBM.exe
  2⤵
  PID:7840
- C:\Windows\System\aYXRXxo.exe
  C:\Windows\System\aYXRXxo.exe
  2⤵
  PID:7856
- C:\Windows\System\eEkgKfN.exe
  C:\Windows\System\eEkgKfN.exe
  2⤵
  PID:7872
- C:\Windows\System\BgGzfRs.exe
  C:\Windows\System\BgGzfRs.exe
  2⤵
  PID:7888
- C:\Windows\System\NzTynIH.exe
  C:\Windows\System\NzTynIH.exe
  2⤵
  PID:7904
- C:\Windows\System\iObyGNL.exe
  C:\Windows\System\iObyGNL.exe
  2⤵
  PID:7920
- C:\Windows\System\xChUauc.exe
  C:\Windows\System\xChUauc.exe
  2⤵
  PID:7936
- C:\Windows\System\iKQJdcN.exe
  C:\Windows\System\iKQJdcN.exe
  2⤵
  PID:7952
- C:\Windows\System\DGELDKJ.exe
  C:\Windows\System\DGELDKJ.exe
  2⤵
  PID:7968
- C:\Windows\System\NdjhtRc.exe
  C:\Windows\System\NdjhtRc.exe
  2⤵
  PID:7984
- C:\Windows\System\cjArScf.exe
  C:\Windows\System\cjArScf.exe
  2⤵
  PID:8000
- C:\Windows\System\VVOKaVK.exe
  C:\Windows\System\VVOKaVK.exe
  2⤵
  PID:8016
- C:\Windows\System\eoGScQG.exe
  C:\Windows\System\eoGScQG.exe
  2⤵
  PID:8032
- C:\Windows\System\lYYntLF.exe
  C:\Windows\System\lYYntLF.exe
  2⤵
  PID:8052
- C:\Windows\System\OUgmDnG.exe
  C:\Windows\System\OUgmDnG.exe
  2⤵
  PID:8068
- C:\Windows\System\Vkbvesq.exe
  C:\Windows\System\Vkbvesq.exe
  2⤵
  PID:8096
- C:\Windows\System\oGwsrhQ.exe
  C:\Windows\System\oGwsrhQ.exe
  2⤵
  PID:8116
- C:\Windows\System\zAEHleV.exe
  C:\Windows\System\zAEHleV.exe
  2⤵
  PID:8132
- C:\Windows\System\lCnGESD.exe
  C:\Windows\System\lCnGESD.exe
  2⤵
  PID:8148
- C:\Windows\System\pPaSwPx.exe
  C:\Windows\System\pPaSwPx.exe
  2⤵
  PID:8164
- C:\Windows\System\QcptsjD.exe
  C:\Windows\System\QcptsjD.exe
  2⤵
  PID:8188
- C:\Windows\System\NABoGEE.exe
  C:\Windows\System\NABoGEE.exe
  2⤵
  PID:7116
- C:\Windows\System\uVGqVtZ.exe
  C:\Windows\System\uVGqVtZ.exe
  2⤵
  PID:7204
- C:\Windows\System\JHYREVv.exe
  C:\Windows\System\JHYREVv.exe
  2⤵
  PID:7296
- C:\Windows\System\axKpruR.exe
  C:\Windows\System\axKpruR.exe
  2⤵
  PID:7300
- C:\Windows\System\cUpwVUT.exe
  C:\Windows\System\cUpwVUT.exe
  2⤵
  PID:7316
- C:\Windows\System\sWJcEYi.exe
  C:\Windows\System\sWJcEYi.exe
  2⤵
  PID:7344
- C:\Windows\System\ZWLmEXJ.exe
  C:\Windows\System\ZWLmEXJ.exe
  2⤵
  PID:7408
- C:\Windows\System\KqSLgwP.exe
  C:\Windows\System\KqSLgwP.exe
  2⤵
  PID:7472
- C:\Windows\System\zlOTfan.exe
  C:\Windows\System\zlOTfan.exe
  2⤵
  PID:7428
- C:\Windows\System\HTWYrTU.exe
  C:\Windows\System\HTWYrTU.exe
  2⤵
  PID:7456
- C:\Windows\System\CrOehry.exe
  C:\Windows\System\CrOehry.exe
  2⤵
  PID:7476
- C:\Windows\System\SteyjMZ.exe
  C:\Windows\System\SteyjMZ.exe
  2⤵
  PID:7520
- C:\Windows\System\qCroIhY.exe
  C:\Windows\System\qCroIhY.exe
  2⤵
  PID:7568
- C:\Windows\System\XtyEUJq.exe
  C:\Windows\System\XtyEUJq.exe
  2⤵
  PID:7616
- C:\Windows\System\LfZwsqC.exe
  C:\Windows\System\LfZwsqC.exe
  2⤵
  PID:7620
- C:\Windows\System\EaGMBtb.exe
  C:\Windows\System\EaGMBtb.exe
  2⤵
  PID:7664
- C:\Windows\System\iCzPszs.exe
  C:\Windows\System\iCzPszs.exe
  2⤵
  PID:7756
- C:\Windows\System\QSDhkOv.exe
  C:\Windows\System\QSDhkOv.exe
  2⤵
  PID:7736
- C:\Windows\System\iRrtrpA.exe
  C:\Windows\System\iRrtrpA.exe
  2⤵
  PID:7752
- C:\Windows\System\AVFrGaT.exe
  C:\Windows\System\AVFrGaT.exe
  2⤵
  PID:7804
- C:\Windows\System\qXNJkmM.exe
  C:\Windows\System\qXNJkmM.exe
  2⤵
  PID:7816
- C:\Windows\System\PfIrnxf.exe
  C:\Windows\System\PfIrnxf.exe
  2⤵
  PID:7868
- C:\Windows\System\CgjgKXB.exe
  C:\Windows\System\CgjgKXB.exe
  2⤵
  PID:7944
- C:\Windows\System\fvuCsth.exe
  C:\Windows\System\fvuCsth.exe
  2⤵
  PID:7896
- C:\Windows\System\KQWmnnV.exe
  C:\Windows\System\KQWmnnV.exe
  2⤵
  PID:7932
- C:\Windows\System\OFzvCzz.exe
  C:\Windows\System\OFzvCzz.exe
  2⤵
  PID:7992
- C:\Windows\System\aQWWGDQ.exe
  C:\Windows\System\aQWWGDQ.exe
  2⤵
  PID:8076
- C:\Windows\System\uEhxrnm.exe
  C:\Windows\System\uEhxrnm.exe
  2⤵
  PID:8064
- C:\Windows\System\cBeQCLU.exe
  C:\Windows\System\cBeQCLU.exe
  2⤵
  PID:8104
- C:\Windows\System\meWGBMt.exe
  C:\Windows\System\meWGBMt.exe
  2⤵
  PID:8172
- C:\Windows\System\hgbISaI.exe
  C:\Windows\System\hgbISaI.exe
  2⤵
  PID:8124
- C:\Windows\System\aakLbDH.exe
  C:\Windows\System\aakLbDH.exe
  2⤵
  PID:8180
- C:\Windows\System\UifeBxI.exe
  C:\Windows\System\UifeBxI.exe
  2⤵
  PID:7200
- C:\Windows\System\QaLTCDv.exe
  C:\Windows\System\QaLTCDv.exe
  2⤵
  PID:7236
- C:\Windows\System\cOTYjcX.exe
  C:\Windows\System\cOTYjcX.exe
  2⤵
  PID:7332
- C:\Windows\System\zAWagHq.exe
  C:\Windows\System\zAWagHq.exe
  2⤵
  PID:7284
- C:\Windows\System\uMmkhwr.exe
  C:\Windows\System\uMmkhwr.exe
  2⤵
  PID:7492
- C:\Windows\System\iOVibiX.exe
  C:\Windows\System\iOVibiX.exe
  2⤵
  PID:7604
- C:\Windows\System\XoQngJI.exe
  C:\Windows\System\XoQngJI.exe
  2⤵
  PID:7768
- C:\Windows\System\ZUIsgdh.exe
  C:\Windows\System\ZUIsgdh.exe
  2⤵
  PID:7688
- C:\Windows\System\abNVWGj.exe
  C:\Windows\System\abNVWGj.exe
  2⤵
  PID:7716
- C:\Windows\System\YEFtJUO.exe
  C:\Windows\System\YEFtJUO.exe
  2⤵
  PID:7864
- C:\Windows\System\sTiYAYi.exe
  C:\Windows\System\sTiYAYi.exe
  2⤵
  PID:7928
- C:\Windows\System\wbmWJLO.exe
  C:\Windows\System\wbmWJLO.exe
  2⤵
  PID:7852
- C:\Windows\System\hITjyEf.exe
  C:\Windows\System\hITjyEf.exe
  2⤵
  PID:8060
- C:\Windows\System\QHNHPKQ.exe
  C:\Windows\System\QHNHPKQ.exe
  2⤵
  PID:8012
- C:\Windows\System\hUeOyGR.exe
  C:\Windows\System\hUeOyGR.exe
  2⤵
  PID:8176
- C:\Windows\System\DIyJvOE.exe
  C:\Windows\System\DIyJvOE.exe
  2⤵
  PID:8140
- C:\Windows\System\dPFEOFT.exe
  C:\Windows\System\dPFEOFT.exe
  2⤵
  PID:7268
- C:\Windows\System\lPJqWEs.exe
  C:\Windows\System\lPJqWEs.exe
  2⤵
  PID:7360
- C:\Windows\System\MpFunLH.exe
  C:\Windows\System\MpFunLH.exe
  2⤵
  PID:7460
- C:\Windows\System\SFxpjmp.exe
  C:\Windows\System\SFxpjmp.exe
  2⤵
  PID:6988
- C:\Windows\System\oKqeeSk.exe
  C:\Windows\System\oKqeeSk.exe
  2⤵
  PID:7652
- C:\Windows\System\hSzesLw.exe
  C:\Windows\System\hSzesLw.exe
  2⤵
  PID:7912
- C:\Windows\System\qAouMJY.exe
  C:\Windows\System\qAouMJY.exe
  2⤵
  PID:7700
- C:\Windows\System\MBEBZsS.exe
  C:\Windows\System\MBEBZsS.exe
  2⤵
  PID:7424
- C:\Windows\System\IBGDLcD.exe
  C:\Windows\System\IBGDLcD.exe
  2⤵
  PID:7836
- C:\Windows\System\HiRjXgQ.exe
  C:\Windows\System\HiRjXgQ.exe
  2⤵
  PID:7392
- C:\Windows\System\IBTibRY.exe
  C:\Windows\System\IBTibRY.exe
  2⤵
  PID:7380
- C:\Windows\System\GWBRtHc.exe
  C:\Windows\System\GWBRtHc.exe
  2⤵
  PID:8208
- C:\Windows\System\fHrOqUf.exe
  C:\Windows\System\fHrOqUf.exe
  2⤵
  PID:8224
- C:\Windows\System\Gvhosyf.exe
  C:\Windows\System\Gvhosyf.exe
  2⤵
  PID:8240
- C:\Windows\System\TcSFXeC.exe
  C:\Windows\System\TcSFXeC.exe
  2⤵
  PID:8256
- C:\Windows\System\aJyDQjS.exe
  C:\Windows\System\aJyDQjS.exe
  2⤵
  PID:8284
- C:\Windows\System\VAZUbgj.exe
  C:\Windows\System\VAZUbgj.exe
  2⤵
  PID:8300
- C:\Windows\System\zZpfMpY.exe
  C:\Windows\System\zZpfMpY.exe
  2⤵
  PID:8316
- C:\Windows\System\EijfbaI.exe
  C:\Windows\System\EijfbaI.exe
  2⤵
  PID:8332
- C:\Windows\System\DUWSFjU.exe
  C:\Windows\System\DUWSFjU.exe
  2⤵
  PID:8348
- C:\Windows\System\UqTbIRn.exe
  C:\Windows\System\UqTbIRn.exe
  2⤵
  PID:8364
- C:\Windows\System\eqcAUgT.exe
  C:\Windows\System\eqcAUgT.exe
  2⤵
  PID:8380
- C:\Windows\System\ngvBpse.exe
  C:\Windows\System\ngvBpse.exe
  2⤵
  PID:8396
- C:\Windows\System\dAKnTzK.exe
  C:\Windows\System\dAKnTzK.exe
  2⤵
  PID:8412
- C:\Windows\System\QlDujlM.exe
  C:\Windows\System\QlDujlM.exe
  2⤵
  PID:8428
- C:\Windows\System\AHVnoYF.exe
  C:\Windows\System\AHVnoYF.exe
  2⤵
  PID:8444
- C:\Windows\System\VmTpaKi.exe
  C:\Windows\System\VmTpaKi.exe
  2⤵
  PID:8460
- C:\Windows\System\fKXnYxx.exe
  C:\Windows\System\fKXnYxx.exe
  2⤵
  PID:8476
- C:\Windows\System\ZUmWFEH.exe
  C:\Windows\System\ZUmWFEH.exe
  2⤵
  PID:8492
- C:\Windows\System\tHCWWUc.exe
  C:\Windows\System\tHCWWUc.exe
  2⤵
  PID:8512
- C:\Windows\System\OabBAZV.exe
  C:\Windows\System\OabBAZV.exe
  2⤵
  PID:8528
- C:\Windows\System\ZYjUwcC.exe
  C:\Windows\System\ZYjUwcC.exe
  2⤵
  PID:8544
- C:\Windows\System\YtnTAiM.exe
  C:\Windows\System\YtnTAiM.exe
  2⤵
  PID:8560
- C:\Windows\System\tHKwHZI.exe
  C:\Windows\System\tHKwHZI.exe
  2⤵
  PID:8576
- C:\Windows\System\QPWKGMq.exe
  C:\Windows\System\QPWKGMq.exe
  2⤵
  PID:8600
- C:\Windows\System\ZYWydSM.exe
  C:\Windows\System\ZYWydSM.exe
  2⤵
  PID:8700
- C:\Windows\System\SJhXEuP.exe
  C:\Windows\System\SJhXEuP.exe
  2⤵
  PID:8772
- C:\Windows\System\mPcIoLN.exe
  C:\Windows\System\mPcIoLN.exe
  2⤵
  PID:8788
- C:\Windows\System\UXIkuML.exe
  C:\Windows\System\UXIkuML.exe
  2⤵
  PID:8804
- C:\Windows\System\pnztPoZ.exe
  C:\Windows\System\pnztPoZ.exe
  2⤵
  PID:8820
- C:\Windows\System\fdgeoyM.exe
  C:\Windows\System\fdgeoyM.exe
  2⤵
  PID:8836
- C:\Windows\System\WdmKPKM.exe
  C:\Windows\System\WdmKPKM.exe
  2⤵
  PID:8852
- C:\Windows\System\muzDGLn.exe
  C:\Windows\System\muzDGLn.exe
  2⤵
  PID:8868
- C:\Windows\System\YLsJZld.exe
  C:\Windows\System\YLsJZld.exe
  2⤵
  PID:8884
- C:\Windows\System\IfnakBp.exe
  C:\Windows\System\IfnakBp.exe
  2⤵
  PID:8900
- C:\Windows\System\cWnPOwB.exe
  C:\Windows\System\cWnPOwB.exe
  2⤵
  PID:8916
- C:\Windows\System\bCFmlQL.exe
  C:\Windows\System\bCFmlQL.exe
  2⤵
  PID:8932
- C:\Windows\System\DwqXrxE.exe
  C:\Windows\System\DwqXrxE.exe
  2⤵
  PID:8948
- C:\Windows\System\csRNnZa.exe
  C:\Windows\System\csRNnZa.exe
  2⤵
  PID:8964
- C:\Windows\System\HyRVfEL.exe
  C:\Windows\System\HyRVfEL.exe
  2⤵
  PID:8980
- C:\Windows\System\XRNdUak.exe
  C:\Windows\System\XRNdUak.exe
  2⤵
  PID:8996
- C:\Windows\System\RDynJtK.exe
  C:\Windows\System\RDynJtK.exe
  2⤵
  PID:9012
- C:\Windows\System\toBocYx.exe
  C:\Windows\System\toBocYx.exe
  2⤵
  PID:9028
- C:\Windows\System\UHZEPMl.exe
  C:\Windows\System\UHZEPMl.exe
  2⤵
  PID:9044
- C:\Windows\System\flkKLAC.exe
  C:\Windows\System\flkKLAC.exe
  2⤵
  PID:9060
- C:\Windows\System\oZfcVEU.exe
  C:\Windows\System\oZfcVEU.exe
  2⤵
  PID:9076
- C:\Windows\System\NviIomp.exe
  C:\Windows\System\NviIomp.exe
  2⤵
  PID:9092
- C:\Windows\System\pieDbod.exe
  C:\Windows\System\pieDbod.exe
  2⤵
  PID:9108
- C:\Windows\System\JoFtZFL.exe
  C:\Windows\System\JoFtZFL.exe
  2⤵
  PID:9124
- C:\Windows\System\BaMKjre.exe
  C:\Windows\System\BaMKjre.exe
  2⤵
  PID:9140
- C:\Windows\System\ZRisAet.exe
  C:\Windows\System\ZRisAet.exe
  2⤵
  PID:9156
- C:\Windows\System\jcBCKMO.exe
  C:\Windows\System\jcBCKMO.exe
  2⤵
  PID:9172
- C:\Windows\System\HBZCbsW.exe
  C:\Windows\System\HBZCbsW.exe
  2⤵
  PID:9188
- C:\Windows\System\yTvuBYl.exe
  C:\Windows\System\yTvuBYl.exe
  2⤵
  PID:9204
- C:\Windows\System\jRiTOnC.exe
  C:\Windows\System\jRiTOnC.exe
  2⤵
  PID:7264
- C:\Windows\System\IIINARp.exe
  C:\Windows\System\IIINARp.exe
  2⤵
  PID:8080
- C:\Windows\System\qOTDnRl.exe
  C:\Windows\System\qOTDnRl.exe
  2⤵
  PID:7900
- C:\Windows\System\AZFkcLS.exe
  C:\Windows\System\AZFkcLS.exe
  2⤵
  PID:8248
- C:\Windows\System\mNqNNQo.exe
  C:\Windows\System\mNqNNQo.exe
  2⤵
  PID:7632
- C:\Windows\System\OGYQQTY.exe
  C:\Windows\System\OGYQQTY.exe
  2⤵
  PID:8356
- C:\Windows\System\oOwXsrr.exe
  C:\Windows\System\oOwXsrr.exe
  2⤵
  PID:8392
- C:\Windows\System\bdPrFvS.exe
  C:\Windows\System\bdPrFvS.exe
  2⤵
  PID:8456
- C:\Windows\System\iagwGgy.exe
  C:\Windows\System\iagwGgy.exe
  2⤵
  PID:8524
- C:\Windows\System\jDOZcyX.exe
  C:\Windows\System\jDOZcyX.exe
  2⤵
  PID:8500
- C:\Windows\System\evRsiDt.exe
  C:\Windows\System\evRsiDt.exe
  2⤵
  PID:7444
- C:\Windows\System\EbGsMbi.exe
  C:\Windows\System\EbGsMbi.exe
  2⤵
  PID:8272
- C:\Windows\System\UpXghdD.exe
  C:\Windows\System\UpXghdD.exe
  2⤵
  PID:8236
- C:\Windows\System\wXdRPta.exe
  C:\Windows\System\wXdRPta.exe
  2⤵
  PID:8404
- C:\Windows\System\UwyuOTA.exe
  C:\Windows\System\UwyuOTA.exe
  2⤵
  PID:8340
- C:\Windows\System\mzMIfvF.exe
  C:\Windows\System\mzMIfvF.exe
  2⤵
  PID:8588
- C:\Windows\System\UjEZQrE.exe
  C:\Windows\System\UjEZQrE.exe
  2⤵
  PID:8612
- C:\Windows\System\HdnaQDN.exe
  C:\Windows\System\HdnaQDN.exe
  2⤵
  PID:8640
- C:\Windows\System\LQwkFUp.exe
  C:\Windows\System\LQwkFUp.exe
  2⤵
  PID:8656
- C:\Windows\System\iyCdcal.exe
  C:\Windows\System\iyCdcal.exe
  2⤵
  PID:8676
- C:\Windows\System\BjmYKzT.exe
  C:\Windows\System\BjmYKzT.exe
  2⤵
  PID:8716
- C:\Windows\System\Ksoojzz.exe
  C:\Windows\System\Ksoojzz.exe
  2⤵
  PID:8740
- C:\Windows\System\bhHpOkN.exe
  C:\Windows\System\bhHpOkN.exe
  2⤵
  PID:8696
- C:\Windows\System\aEkGhhh.exe
  C:\Windows\System\aEkGhhh.exe
  2⤵
  PID:8764
- C:\Windows\System\wBonIyr.exe
  C:\Windows\System\wBonIyr.exe
  2⤵
  PID:8844
- C:\Windows\System\kzYbCby.exe
  C:\Windows\System\kzYbCby.exe
  2⤵
  PID:9200
- C:\Windows\System\sxTTCZx.exe
  C:\Windows\System\sxTTCZx.exe
  2⤵
  PID:8328
- C:\Windows\System\nufSqsE.exe
  C:\Windows\System\nufSqsE.exe
  2⤵
  PID:8940
- C:\Windows\System\xdnrUeM.exe
  C:\Windows\System\xdnrUeM.exe
  2⤵
  PID:9024
- C:\Windows\System\kPhAfjL.exe
  C:\Windows\System\kPhAfjL.exe
  2⤵
  PID:9104
- C:\Windows\System\MsFYdXW.exe
  C:\Windows\System\MsFYdXW.exe
  2⤵
  PID:9132
- C:\Windows\System\yosbVAd.exe
  C:\Windows\System\yosbVAd.exe
  2⤵
  PID:8540
- C:\Windows\System\adupdwJ.exe
  C:\Windows\System\adupdwJ.exe
  2⤵
  PID:8624
- C:\Windows\System\BQFnPrS.exe
  C:\Windows\System\BQFnPrS.exe
  2⤵
  PID:8648
- C:\Windows\System\WbnCnbc.exe
  C:\Windows\System\WbnCnbc.exe
  2⤵
  PID:8712
- C:\Windows\System\gbWRsdG.exe
  C:\Windows\System\gbWRsdG.exe
  2⤵
  PID:8760
- C:\Windows\System\IKpQfdp.exe
  C:\Windows\System\IKpQfdp.exe
  2⤵
  PID:8752
- C:\Windows\System\NlJTwsj.exe
  C:\Windows\System\NlJTwsj.exe
  2⤵
  PID:8800
- C:\Windows\System\QKpRobE.exe
  C:\Windows\System\QKpRobE.exe
  2⤵
  PID:8860
- C:\Windows\System\VadaZkN.exe
  C:\Windows\System\VadaZkN.exe
  2⤵
  PID:8944
- C:\Windows\System\WqqopWk.exe
  C:\Windows\System\WqqopWk.exe
  2⤵
  PID:8972
- C:\Windows\System\ZBVTggG.exe
  C:\Windows\System\ZBVTggG.exe
  2⤵
  PID:9100
- C:\Windows\System\sBBSFCq.exe
  C:\Windows\System\sBBSFCq.exe
  2⤵
  PID:9084
- C:\Windows\System\NSnmYwS.exe
  C:\Windows\System\NSnmYwS.exe
  2⤵
  PID:7772
- C:\Windows\System\BUXklGO.exe
  C:\Windows\System\BUXklGO.exe
  2⤵
  PID:8388
- C:\Windows\System\KNygfXA.exe
  C:\Windows\System\KNygfXA.exe
  2⤵
  PID:8452
- C:\Windows\System\PdWVNAE.exe
  C:\Windows\System\PdWVNAE.exe
  2⤵
  PID:8204
- C:\Windows\System\xAduxrt.exe
  C:\Windows\System\xAduxrt.exe
  2⤵
  PID:8584
- C:\Windows\System\udCNMri.exe
  C:\Windows\System\udCNMri.exe
  2⤵
  PID:8440
- C:\Windows\System\kqXoJTh.exe
  C:\Windows\System\kqXoJTh.exe
  2⤵
  PID:9148
- C:\Windows\System\rekmvUE.exe
  C:\Windows\System\rekmvUE.exe
  2⤵
  PID:8280
- C:\Windows\System\uZVGDNE.exe
  C:\Windows\System\uZVGDNE.exe
  2⤵
  PID:8608
- C:\Windows\System\QJZrFXD.exe
  C:\Windows\System\QJZrFXD.exe
  2⤵
  PID:8708
- C:\Windows\System\BielJZf.exe
  C:\Windows\System\BielJZf.exe
  2⤵
  PID:8796
- C:\Windows\System\sfYPjJS.exe
  C:\Windows\System\sfYPjJS.exe
  2⤵
  PID:8828
- C:\Windows\System\FRcqkLO.exe
  C:\Windows\System\FRcqkLO.exe
  2⤵
  PID:8912
- C:\Windows\System\SnPhHAN.exe
  C:\Windows\System\SnPhHAN.exe
  2⤵
  PID:8956
- C:\Windows\System\YwLtZWl.exe
  C:\Windows\System\YwLtZWl.exe
  2⤵
  PID:8976
- C:\Windows\System\GrhoIjU.exe
  C:\Windows\System\GrhoIjU.exe
  2⤵
  PID:7960
- C:\Windows\System\IInUFAX.exe
  C:\Windows\System\IInUFAX.exe
  2⤵
  PID:9072
- C:\Windows\System\xUVlcZe.exe
  C:\Windows\System\xUVlcZe.exe
  2⤵
  PID:8372
- C:\Windows\System\yPSHQDp.exe
  C:\Windows\System\yPSHQDp.exe
  2⤵
  PID:9184
- C:\Windows\System\MFJwEpC.exe
  C:\Windows\System\MFJwEpC.exe
  2⤵
  PID:8632
- C:\Windows\System\awqPyKR.exe
  C:\Windows\System\awqPyKR.exe
  2⤵
  PID:8668
- C:\Windows\System\wSDbsYq.exe
  C:\Windows\System\wSDbsYq.exe
  2⤵
  PID:8832
- C:\Windows\System\VRjmGzA.exe
  C:\Windows\System\VRjmGzA.exe
  2⤵
  PID:8876
- C:\Windows\System\ZtDOmcO.exe
  C:\Windows\System\ZtDOmcO.exe
  2⤵
  PID:8728
- C:\Windows\System\kEJFKXV.exe
  C:\Windows\System\kEJFKXV.exe
  2⤵
  PID:8028
- C:\Windows\System\WHvUHiw.exe
  C:\Windows\System\WHvUHiw.exe
  2⤵
  PID:8472
- C:\Windows\System\AtzNnyQ.exe
  C:\Windows\System\AtzNnyQ.exe
  2⤵
  PID:8572
- C:\Windows\System\KtZoXjk.exe
  C:\Windows\System\KtZoXjk.exe
  2⤵
  PID:8892
- C:\Windows\System\fHYtsTZ.exe
  C:\Windows\System\fHYtsTZ.exe
  2⤵
  PID:8508
- C:\Windows\System\bkiutpo.exe
  C:\Windows\System\bkiutpo.exe
  2⤵
  PID:9088
- C:\Windows\System\hdiIZPQ.exe
  C:\Windows\System\hdiIZPQ.exe
  2⤵
  PID:9152
- C:\Windows\System\aIwtcMK.exe
  C:\Windows\System\aIwtcMK.exe
  2⤵
  PID:8652
- C:\Windows\System\gzqzDGt.exe
  C:\Windows\System\gzqzDGt.exe
  2⤵
  PID:8556
- C:\Windows\System\pBJRHLg.exe
  C:\Windows\System\pBJRHLg.exe
  2⤵
  PID:9120
- C:\Windows\System\mFuBNdF.exe
  C:\Windows\System\mFuBNdF.exe
  2⤵
  PID:8780
- C:\Windows\System\cRlkGOY.exe
  C:\Windows\System\cRlkGOY.exe
  2⤵
  PID:8568
- C:\Windows\System\mAoUsDr.exe
  C:\Windows\System\mAoUsDr.exe
  2⤵
  PID:9248
- C:\Windows\System\pGTLzwz.exe
  C:\Windows\System\pGTLzwz.exe
  2⤵
  PID:9264
- C:\Windows\System\yCxpcrj.exe
  C:\Windows\System\yCxpcrj.exe
  2⤵
  PID:9288
- C:\Windows\System\rnaARGV.exe
  C:\Windows\System\rnaARGV.exe
  2⤵
  PID:9304
- C:\Windows\System\QABUkrE.exe
  C:\Windows\System\QABUkrE.exe
  2⤵
  PID:9320
- C:\Windows\System\zaAwPtP.exe
  C:\Windows\System\zaAwPtP.exe
  2⤵
  PID:9340
- C:\Windows\System\ulGrRPG.exe
  C:\Windows\System\ulGrRPG.exe
  2⤵
  PID:9360
- C:\Windows\System\yPOqsGJ.exe
  C:\Windows\System\yPOqsGJ.exe
  2⤵
  PID:9384
- C:\Windows\System\WvPQGEP.exe
  C:\Windows\System\WvPQGEP.exe
  2⤵
  PID:9400
- C:\Windows\System\mFxImlI.exe
  C:\Windows\System\mFxImlI.exe
  2⤵
  PID:9424
- C:\Windows\System\LXTJIIC.exe
  C:\Windows\System\LXTJIIC.exe
  2⤵
  PID:9448
- C:\Windows\System\bBHgxdU.exe
  C:\Windows\System\bBHgxdU.exe
  2⤵
  PID:9464
- C:\Windows\System\xzXuMRM.exe
  C:\Windows\System\xzXuMRM.exe
  2⤵
  PID:9484
- C:\Windows\System\xfNjxVG.exe
  C:\Windows\System\xfNjxVG.exe
  2⤵
  PID:9504
- C:\Windows\System\YiYyyuA.exe
  C:\Windows\System\YiYyyuA.exe
  2⤵
  PID:9528
- C:\Windows\System\InOsGHo.exe
  C:\Windows\System\InOsGHo.exe
  2⤵
  PID:9544
- C:\Windows\System\QfYtCgn.exe
  C:\Windows\System\QfYtCgn.exe
  2⤵
  PID:9560
- C:\Windows\System\ikNHeTM.exe
  C:\Windows\System\ikNHeTM.exe
  2⤵
  PID:9584
- C:\Windows\System\rWoszOq.exe
  C:\Windows\System\rWoszOq.exe
  2⤵
  PID:9604
- C:\Windows\System\xBypENJ.exe
  C:\Windows\System\xBypENJ.exe
  2⤵
  PID:9624
- C:\Windows\System\xrWCoCS.exe
  C:\Windows\System\xrWCoCS.exe
  2⤵
  PID:9640
- C:\Windows\System\xMgoYNe.exe
  C:\Windows\System\xMgoYNe.exe
  2⤵
  PID:9672
- C:\Windows\System\BEoauSp.exe
  C:\Windows\System\BEoauSp.exe
  2⤵
  PID:9688
- C:\Windows\System\bJpUuFV.exe
  C:\Windows\System\bJpUuFV.exe
  2⤵
  PID:9704
- C:\Windows\System\NrFzJII.exe
  C:\Windows\System\NrFzJII.exe
  2⤵
  PID:9720
- C:\Windows\System\UbYCeZC.exe
  C:\Windows\System\UbYCeZC.exe
  2⤵
  PID:9740
- C:\Windows\System\StDVFLa.exe
  C:\Windows\System\StDVFLa.exe
  2⤵
  PID:9772
- C:\Windows\System\iTyVWmB.exe
  C:\Windows\System\iTyVWmB.exe
  2⤵
  PID:9788
- C:\Windows\System\IMVMwpQ.exe
  C:\Windows\System\IMVMwpQ.exe
  2⤵
  PID:9804
- C:\Windows\System\fHTtEcu.exe
  C:\Windows\System\fHTtEcu.exe
  2⤵
  PID:9820
- C:\Windows\System\AyqIdbX.exe
  C:\Windows\System\AyqIdbX.exe
  2⤵
  PID:9840
- C:\Windows\System\CgTBpev.exe
  C:\Windows\System\CgTBpev.exe
  2⤵
  PID:9872
- C:\Windows\System\TdOQutV.exe
  C:\Windows\System\TdOQutV.exe
  2⤵
  PID:9888
- C:\Windows\System\CbzmzDT.exe
  C:\Windows\System\CbzmzDT.exe
  2⤵
  PID:9912
- C:\Windows\System\cjsYAcA.exe
  C:\Windows\System\cjsYAcA.exe
  2⤵
  PID:9932
- C:\Windows\System\nwqiVFc.exe
  C:\Windows\System\nwqiVFc.exe
  2⤵
  PID:9956
- C:\Windows\System\hAgTtEb.exe
  C:\Windows\System\hAgTtEb.exe
  2⤵
  PID:9976
- C:\Windows\System\UVrYFXg.exe
  C:\Windows\System\UVrYFXg.exe
  2⤵
  PID:9992
- C:\Windows\System\gkESWPd.exe
  C:\Windows\System\gkESWPd.exe
  2⤵
  PID:10008
- C:\Windows\System\dlLcnHz.exe
  C:\Windows\System\dlLcnHz.exe
  2⤵
  PID:10032
- C:\Windows\System\eaqgOFY.exe
  C:\Windows\System\eaqgOFY.exe
  2⤵
  PID:10048
- C:\Windows\System\qEDPrAa.exe
  C:\Windows\System\qEDPrAa.exe
  2⤵
  PID:10072
- C:\Windows\System\qKXJsqr.exe
  C:\Windows\System\qKXJsqr.exe
  2⤵
  PID:10092
- C:\Windows\System\slqbWkp.exe
  C:\Windows\System\slqbWkp.exe
  2⤵
  PID:10108
- C:\Windows\System\ePpyscG.exe
  C:\Windows\System\ePpyscG.exe
  2⤵
  PID:10124
- C:\Windows\System\ptXgXUb.exe
  C:\Windows\System\ptXgXUb.exe
  2⤵
  PID:10140
- C:\Windows\System\eIUQpeC.exe
  C:\Windows\System\eIUQpeC.exe
  2⤵
  PID:10156
- C:\Windows\System\DCgidwr.exe
  C:\Windows\System\DCgidwr.exe
  2⤵
  PID:10176
- C:\Windows\System\SPeOFMm.exe
  C:\Windows\System\SPeOFMm.exe
  2⤵
  PID:10192
- C:\Windows\System\rEQRdaQ.exe
  C:\Windows\System\rEQRdaQ.exe
  2⤵
  PID:7584
- C:\Windows\System\UexHYkR.exe
  C:\Windows\System\UexHYkR.exe
  2⤵
  PID:9228
- C:\Windows\System\kTlFofH.exe
  C:\Windows\System\kTlFofH.exe
  2⤵
  PID:9244
- C:\Windows\System\zsRGwFC.exe
  C:\Windows\System\zsRGwFC.exe
  2⤵
  PID:9296
- C:\Windows\System\aqXtXcE.exe
  C:\Windows\System\aqXtXcE.exe
  2⤵
  PID:9348
- C:\Windows\System\mKrStiv.exe
  C:\Windows\System\mKrStiv.exe
  2⤵
  PID:9356
- C:\Windows\System\KZhcEFb.exe
  C:\Windows\System\KZhcEFb.exe
  2⤵
  PID:9396
- C:\Windows\System\XTfNqfk.exe
  C:\Windows\System\XTfNqfk.exe
  2⤵
  PID:9416
- C:\Windows\System\GBoRNZK.exe
  C:\Windows\System\GBoRNZK.exe
  2⤵
  PID:9440
- C:\Windows\System\GQmIDxz.exe
  C:\Windows\System\GQmIDxz.exe
  2⤵
  PID:9512
- C:\Windows\System\qTBKFGT.exe
  C:\Windows\System\qTBKFGT.exe
  2⤵
  PID:9492
- C:\Windows\System\mMyUbqr.exe
  C:\Windows\System\mMyUbqr.exe
  2⤵
  PID:9540
- C:\Windows\System\zvBWEtQ.exe
  C:\Windows\System\zvBWEtQ.exe
  2⤵
  PID:9576
- C:\Windows\System\lUFhdVI.exe
  C:\Windows\System\lUFhdVI.exe
  2⤵
  PID:9636
- C:\Windows\System\GGMbPbG.exe
  C:\Windows\System\GGMbPbG.exe
  2⤵
  PID:9652
- C:\Windows\System\ivKwgTd.exe
  C:\Windows\System\ivKwgTd.exe
  2⤵
  PID:9748
- C:\Windows\System\taePZrn.exe
  C:\Windows\System\taePZrn.exe
  2⤵
  PID:9728
- C:\Windows\System\rueWJRz.exe
  C:\Windows\System\rueWJRz.exe
  2⤵
  PID:9800
- C:\Windows\System\rtuIRvN.exe
  C:\Windows\System\rtuIRvN.exe
  2⤵
  PID:9780
- C:\Windows\System\ZHvBsvI.exe
  C:\Windows\System\ZHvBsvI.exe
  2⤵
  PID:9816
- C:\Windows\System\ZfOwCzr.exe
  C:\Windows\System\ZfOwCzr.exe
  2⤵
  PID:9880
- C:\Windows\System\DHttVqS.exe
  C:\Windows\System\DHttVqS.exe
  2⤵
  PID:9920
- C:\Windows\System\IWhVrln.exe
  C:\Windows\System\IWhVrln.exe
  2⤵
  PID:9944
- C:\Windows\System\kPMdJHR.exe
  C:\Windows\System\kPMdJHR.exe
  2⤵
  PID:9988
- C:\Windows\System\rSxGIyK.exe
  C:\Windows\System\rSxGIyK.exe
  2⤵
  PID:10020
- C:\Windows\System\ZntzzbP.exe
  C:\Windows\System\ZntzzbP.exe
  2⤵
  PID:10056
- C:\Windows\System\UHOMesj.exe
  C:\Windows\System\UHOMesj.exe
  2⤵
  PID:10080
- C:\Windows\System\TkfLgkh.exe
  C:\Windows\System\TkfLgkh.exe
  2⤵
  PID:10120
- C:\Windows\System\GrdCdMj.exe
  C:\Windows\System\GrdCdMj.exe
  2⤵
  PID:10200
- C:\Windows\System\QGOKAJi.exe
  C:\Windows\System\QGOKAJi.exe
  2⤵
  PID:10172
- C:\Windows\System\XCaaYMs.exe
  C:\Windows\System\XCaaYMs.exe
  2⤵
  PID:10228
- C:\Windows\System\TTdmcpZ.exe
  C:\Windows\System\TTdmcpZ.exe
  2⤵
  PID:9224
- C:\Windows\System\EgsvwRp.exe
  C:\Windows\System\EgsvwRp.exe
  2⤵
  PID:10220
- C:\Windows\System\MvaCEwT.exe
  C:\Windows\System\MvaCEwT.exe
  2⤵
  PID:9276
- C:\Windows\System\tRiPDoi.exe
  C:\Windows\System\tRiPDoi.exe
  2⤵
  PID:9328
- C:\Windows\System\aSNAdFo.exe
  C:\Windows\System\aSNAdFo.exe
  2⤵
  PID:9316
- C:\Windows\System\oNAboNs.exe
  C:\Windows\System\oNAboNs.exe
  2⤵
  PID:9456
- C:\Windows\System\SWVMTPW.exe
  C:\Windows\System\SWVMTPW.exe
  2⤵
  PID:9596
- C:\Windows\System\YgVDhgR.exe
  C:\Windows\System\YgVDhgR.exe
  2⤵
  PID:9616
- C:\Windows\System\BOHvcsm.exe
  C:\Windows\System\BOHvcsm.exe
  2⤵
  PID:9500
- C:\Windows\System\VVBCNxJ.exe
  C:\Windows\System\VVBCNxJ.exe
  2⤵
  PID:9680
- C:\Windows\System\fJxDLdb.exe
  C:\Windows\System\fJxDLdb.exe
  2⤵
  PID:9696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALvgzSa.exe

Filesize
6.0MB

MD5
8f0d9286c6a9bc293c3eefa2f865f519

SHA1
3af2a6fa90e8790c75c9c60518ec19715fb91bbc

SHA256
aaed788cb2056ff5f5067e54894ed275dce25cefc6a116c983c457fcb22acc90

SHA512
a583f0eaf37223525cb77f2f619266d3d5b80afcac90ad44d77636fa98012259ce6b716022bb7ef367f6baf5760184cfd4cf8e3815aaefa2825312a7191bb574

Download Submit
C:\Windows\system\BHQSTna.exe

Filesize
6.0MB

MD5
d6244b1d937387a264f027b97e7abc09

SHA1
a08d1c9184abdbe396b1c0840bbcd2d5ad562767

SHA256
66e3b615801497aebbc0617e5989e06de7289cd5e416a4bb6fa3c729a92a485c

SHA512
3de5d439588d5b15bf9624fa413475df99fa84efd83c0f39b4eb70f68a14cb9e3f161ab928b36df41dd03882f5c17c8f068f82a14906305a5a51b52976fce578

Download Submit
C:\Windows\system\CfaLZfO.exe

Filesize
6.0MB

MD5
a5b58d4b9f7e81030a5d03e72586ba73

SHA1
32ef86cf6585e60c3bb03c115cfc83e900a87fc7

SHA256
9526fb7136239840dc8125fddd2785fc07f76590d6da16f73c3105ab9576dde1

SHA512
35c4b5d3f2d71549098740805c6b12f1f0c5face2738463769424eee706ea8cfb9b83d83affb930fd7acdcbba26ce4ec1b4f088d4f20f226fcad026d6d16f001

Download Submit
C:\Windows\system\HYsGETl.exe

Filesize
6.0MB

MD5
e12943a7bdd005f4914a00f457d17112

SHA1
527c94d74693fa313379e45d3632f08403ecac56

SHA256
ecdca7b415ba4d3f342865a8dc07cef6fee8c2f6305cb3c50894ae5e12cdc407

SHA512
842a7015465e332c9d103b0a3b28dbd5ef5873ba0a82ede7ae9d8b5a4bfc03958307db9f443a92128cb2437baa57db2100b621d6c40e8695267dae8649e3d501

Download Submit
C:\Windows\system\MwTZrxZ.exe

Filesize
6.0MB

MD5
4de90b92a35d2d4e1acdc7cc781aedbf

SHA1
ed13be9800d53a344f2cc588454a87402e34e77d

SHA256
3f8bd648f625e1ade39e8cee508aebe9ba81d335f411159b0038786cb6f5f370

SHA512
fe310af70ba869da989509d6d89007cf40cfff4ee3ede88b15a8e78465dee87911cae1d3ab1c878a19d71133e6e5405bf4e82053f6168b48010334a85ddffefa

Download Submit
C:\Windows\system\NPJsuCx.exe

Filesize
6.0MB

MD5
0ea275e95f2a013c910302dd3515300a

SHA1
19f2373352f3bc1808313c504e47720e9d14be78

SHA256
c436f241a547a82a6dedeeab49cef8d8f663d812de4fc862c2fdad9743086cd8

SHA512
17fefaa38abb04719252d096fe083985adf3bba1ef61def2405728239e1c8a189006e456b9f5c77f438aabb0c9bad058b789b0d13962c7e941bdb30804f78914

Download Submit
C:\Windows\system\NtuAybg.exe

Filesize
6.0MB

MD5
adef09d08a9f5acd8a02719d8cfbfffe

SHA1
9ca5c1d891520b4c4b46724a0cf228369b9accba

SHA256
b6ca67a3bf33a9941217ee5e8c7ff4167eaac64a3f133e826aa31fb0269804bb

SHA512
62a17a1e2e18f52ea912c9df192c85660385c169248d421db4053c5a646811ca8cf7e87cfaf97baaa85c683d14cab219815b89e53e938b0ba597c26c8a5a4887

Download Submit
C:\Windows\system\QQHrxXN.exe

Filesize
6.0MB

MD5
6cbcb959f0bf99e80a35a1a020dab3a3

SHA1
9047fe19a18df92997de17319c4c09e58c28b3d3

SHA256
e35304caf13046423e46cd438495e2fc88cb98206a2700e6baf8f434ea4878c4

SHA512
720ce88c1c9b32acb5c51e37262c3a735c668b77ac0e275e47e9f42b1c8b31cbe172dd3dceed6f5f093557867f7f8c8e43f9bf0d1c89b7ab86fbc2459d8e9dbf

Download Submit
C:\Windows\system\QxUgSlw.exe

Filesize
8B

MD5
233ad0a93050b25a2933161cb0c1e844

SHA1
5d6abe11c440f202c3cf2e62a3e4ba6946f74e62

SHA256
7643fddf26c35443f4dedd19782d6d957601204192a2428e51f79b4879dac5a3

SHA512
7b51090ab0576ffe5a381c5f0cdc84b682c329ca9b1f4b13d42098cb71d1bea23c62d21a34381636472df37accc2c4412ebd72bb849e579fc9265a9a12f9d485

Download Submit
C:\Windows\system\RBodYQM.exe

Filesize
6.0MB

MD5
fbe94532928ef45ca17b8ba4f85f186d

SHA1
c007418038843b91602476cb8e1a103de1f5f873

SHA256
cd1d1abc04485e1ca270b36dc1d4076702b02f0404e6b4011c7d4b1772353482

SHA512
bc754eaf3dae7f6f1235192d4c7b84d1d7ffb6957a98d2cabef926100531942a49b1e0d4d5a951782851e874a08cf9bcb8894c056fa582f0f802ca034c2b7183

Download Submit
C:\Windows\system\ZvHeDDO.exe

Filesize
6.0MB

MD5
b688a498483d125ad65c8d5ac7230cde

SHA1
8fdd4dd46518072a49c23b57f78fc63e39eab253

SHA256
362f4d3fcaa09aff08888f9e95fc18104a4a8e31e940e563d9ecee9b6d29df59

SHA512
d0fd98280c125375ad0cf5ce36c87a11ce58655f37c1c0ff48c91a82174d36a18c4258b241e1dc27cdd75a8084290378a3421f8bb0da27a306fb278d63a8df85

Download Submit
C:\Windows\system\bDiagKK.exe

Filesize
6.0MB

MD5
6add1976cf68e5c7f1dfc4b6bf6507c0

SHA1
0889dcc8bb53180de61c583d2635c2399b21d865

SHA256
dd9f4129469384a3d7b85fe3aa170a6d126ed223da82f700bdad712ca17e64e6

SHA512
344502dc6c4415c9a534152ab3102d4c035e08d7d86dade80258bec85eb72059dd22630e4500e4ecd8655187b91d1565a84e67dd12da40a40ac5d8f18c40f7c7

Download Submit
C:\Windows\system\dFuQopG.exe

Filesize
6.0MB

MD5
a43643dc4ed3d959c59d42b6cc21f173

SHA1
608bc3e8c807c498a64d50fe4c0c66098d6fe033

SHA256
3892e2fb1c86055e56456d7bcca6c686a2bd5c6b23e6624a558cd8412dd5a928

SHA512
4072a5318e80efc2b616584081192432c1d142316c5bce24ee2ff3841532a22261072972bccbc14f632fb84af9fcb5c2423b18a7d26b532118446202754e0f13

Download Submit
C:\Windows\system\hAIxMqV.exe

Filesize
6.0MB

MD5
7f7ebf9238fe6a584daba627168c0508

SHA1
c8a1a1e30311cd40f63c7d1ddcc2cecccfd7bd17

SHA256
4b3b736267552ccb2f531fd110a63f02b290308fbb339126bf883abca7fa5dc0

SHA512
0c5f107ef68e0a818710f20f1bff63e22dd89e44a8025050c3657cefdee07a1688336c2ab53ee65cffc51c4aa05ebdcef090b5f51d4d118ef4bb58c904235ffe

Download Submit
C:\Windows\system\iIFlTnx.exe

Filesize
6.0MB

MD5
884c4406a5123ff0723d2ecda1fa5b0e

SHA1
f98b1ab187df169f5e8a54987bea0837f1723ba9

SHA256
1ed188170d0b571835951ad0e273f0d14e9a73218da2feb68e85d2ed1e11d31f

SHA512
59704297781fd17d5f218a5110457171ce81d3d24558bd9763e85aa02340988eae88837eb42dfe4b9409265208c5f2d6f49aeca6758f1fe45c14f8cf362581d6

Download Submit
C:\Windows\system\nNEhMZO.exe

Filesize
6.0MB

MD5
8930c42916918e80659bf247b6173d88

SHA1
704aa272b983c4fa752548d2390c8554837b7f8e

SHA256
a3c860a6eb100a0ccd6352f431fca2580f82c7ed75118088793418cbefe6b3c3

SHA512
31ae2e5c9b545d33917398664719e920af66e6db9b9c0e6a71797d83c88f773e078e3d556c86375a77f7d30e6e5c2467df4761746683a6b77e127b22a1625aad

Download Submit
C:\Windows\system\nSbbjWA.exe

Filesize
6.0MB

MD5
e03d4de1e24d7d513c1c2a9a7b2f3c24

SHA1
c46fbd29a011b74e5168e13855dfda9794a30a87

SHA256
6c43627c791cc70ffb695793d3e68e73950b5155b49a8a76c4cd308dc743f43f

SHA512
0a546e21524f6afc7d1125aa105a443303cc9513f3242153fe5d4d0e89f9f497cc6c89714cdc9b0bb31aad40ddf7e4712a710025211a252bb27e7683be11290e

Download Submit
C:\Windows\system\neQkPzN.exe

Filesize
6.0MB

MD5
a6ce65a09beb7f22566301291a9ebea0

SHA1
51154510a5a5b2025bdbe6bffcd1fb215166421f

SHA256
72a7850c21ee745ac3e49e8686ac5f8d75ef3613fbceb9cf5b5d851075bb3748

SHA512
0ee5c62916d62467fdf133ca3a5a08081c2c275c4283234552cdb9dc2a57563d63f49f17c9474e226950fa39385f5d36f6fa653bd9d52e815268837eb348aab2

Download Submit
C:\Windows\system\oUUpXfa.exe

Filesize
6.0MB

MD5
5f2cd8d1fd1b6eea8aad95cfa2654aa3

SHA1
0d3c5d607d51bb2ddaf4148fc3ad50b7e98138b8

SHA256
7e1dc670ed79041ffd3d7397437c15f4e8f49712182549a3add52b8ef3ac8d68

SHA512
7537ff9bef421595c8f3e0dc80a57845e57240513d8ffc4689a1b3011d743de7e11797602eff009379b577c86fbb8059660ada8247a268655919bb26eed22e4b

Download Submit
C:\Windows\system\tYBfXre.exe

Filesize
6.0MB

MD5
4c6cb898b35be367a115b8575ccfbd8b

SHA1
03f18541994a6e02fa14adfb4361923775eaaffd

SHA256
87d3ea351d5dff6e3b3ddd258239c05a3a572e572106da10344ae7d4789d0684

SHA512
038610bac978c0c45ae7ee61b4e2cee6754809fbeed7c64fd46d7e2652df8c02caaefe880bcc55da5f3ce5813a1fda205a7e80632a25137a1e107057c81b5078

Download Submit
C:\Windows\system\ufQprNs.exe

Filesize
6.0MB

MD5
ce0e2c1ce918baf3d286640daf2c0c3f

SHA1
78480a05c9f530efcbce797cef2fe8650c51571d

SHA256
aedf87d9d22716c343f3cf596a6a1a12cdec3b7adf43f65144468bafe645a119

SHA512
b7d163f66e656bcf3c6664fddf1510944e6347aa9a078f15b639a5e1c0804270ba1b136cc08b8b756c9c05c5592e11c3a388bf4430254ad2abfc0d139d84ffc9

Download Submit
C:\Windows\system\wQqdBor.exe

Filesize
6.0MB

MD5
70aa71b42829880e30df46afdec370bd

SHA1
f086313cbcb039182d8172d1c0f3a00ef29a93b7

SHA256
34bb1a07742c1c54f9698190154b837a891b8aff59d71034d7aea7575a683e7f

SHA512
f4fac4e3a2ff8c0d2134e42a678771caa28f05ee996948a534d9d5bd5c506da018bc93964f50f6780b7e54d9949ac02b0f6df356d6c0e12f05dd509a4b06b18e

Download Submit
C:\Windows\system\xegGHdX.exe

Filesize
6.0MB

MD5
a792ee8ec7b0c6a803e0ba5377bb0e1a

SHA1
23cbb1f31ca2f39935df237607f71fc194cec6db

SHA256
203f512830f6a162f2c666adfd4c007462ada1700d80f9ec82ada54683f20600

SHA512
5707cf97f7ee208af906b22baeaa0bea3691ace304955e1a9ab052d7c256d635b5f4585448140de062e721dc9ae7410413f68aa6eba33438934f7e3b00f8b4b3

Download Submit
C:\Windows\system\yfhXlmL.exe

Filesize
6.0MB

MD5
1277e4e96fd3e446ecb3637490ffb27f

SHA1
ebb9c2c4be56caa9c6dfb2d6c57365174e33f540

SHA256
988eed30c4cc7d3763aaed5305d8d21e66301de9fa83c91e67020cafe949ee44

SHA512
9689118382a7b4aa975c46842fd0ae07b747bfedda41d4f6489ddb933b7c04d0a79202a5d4e04c7fe1cc2294e5b515ebd5cef42bbced7b021ba74ef34ab6cfb6

Download Submit
\Windows\system\KPgulHw.exe

Filesize
6.0MB

MD5
9360feffa041d33ffac3df09b1f4dadf

SHA1
fb98ffa090ae9801882e8871b8c5d056a4348073

SHA256
52c79932b4dbe30ae7bf6d114771332c30b45bd85db41e56d2df64c6b5955c28

SHA512
cb414e3380f5436a821768366b95b0efbd2fc4e8a6bdb4d2e9d9cc92684ac8e867f3787210996f433a98a1b97b8c60d446ef61f9967a560a2867364bb8488016

Download Submit
\Windows\system\MDqivGW.exe

Filesize
6.0MB

MD5
feb7df8dc87d47c2bd3484b5c174a243

SHA1
b1ba58ac4880238d80ceda4d0a6e35e1cf7485cc

SHA256
6547ae18da29d1f3aaccb5d6468df9fa6d05e0950da9d4475457d983e9c384be

SHA512
cbb59b146c232ceb60ed0e9d62e76621130de24919dd16626f53640d1bd982260c61718b47c2f97eebbc80f057069c6c51b2405ca97c3bec1005d8bf6d5164c8

Download Submit
\Windows\system\ThCyCSt.exe

Filesize
6.0MB

MD5
4e4d40fd7e8280116b324f2b8c77d8d4

SHA1
78eb5505be718c1d697e7a7cf40de48b0c1b0220

SHA256
a53a8a537cc1b81373b990415a10380ba812fc0ea188b3f61f2324ee6672b001

SHA512
8acf015643fc44c359e050fe64f7cf8a9137a5f531c89c9c2be4d6ad30cfd12bf6fa9beff079b6cac2f6c7dbf32cb7d28277deb544ca6f2d1d8aae645bcec159

Download Submit
\Windows\system\XmPOwfg.exe

Filesize
6.0MB

MD5
5dbbad4a41d4d5672dbadff219573a33

SHA1
514e8927a2d3fb1ab390dcc9f01dbccdffada580

SHA256
94d3487bc7f88ac8697588ed9ec6cf1dbab4e199c9af2049cbd1626e6928d3fa

SHA512
ad5927ffd287c01b9aa59ded1df946937a1369a1df4279fafb7fb6f9581ab61fd04f2c6a713eb8efd7e7bb89f6f9dc3811607c55bc189c358c1465aef7593b20

Download Submit
\Windows\system\ZeeIMnc.exe

Filesize
6.0MB

MD5
9c68ea4a6b530c9d10becc2ded0d16c0

SHA1
321327b156dc19a89fe5d2d7faea7f68f20efce6

SHA256
715b73d351208e00632140ba6081458841c3b68e91e5371c6a8adc3001173fb4

SHA512
f0c5c1003a186a81fab79d17a59c6960f28118368eeb8ed58193603048965b86eda6555283ea932ffdb1a444205699eafa78ac415d727af7ab521afc7c068902

Download Submit
\Windows\system\fvmwiMj.exe

Filesize
6.0MB

MD5
1a65f5a0fed8d10c90f740af59df9b8c

SHA1
82b4e02d7fbe06001f8b883581dcb1bf8e52db46

SHA256
9902ea178b2f7798dedf0836d1adbe21812640d4bdfe07f68e3b1f2b08938b24

SHA512
751d47f87510c950011e0818855abb88eaaeecf44f8ecd01a2498a7d11e31c8ac83fa1140136d177c82f0d3b675e6bc3169899d3d79fc922103218082da9a6b7

Download Submit
\Windows\system\jCzdcRy.exe

Filesize
6.0MB

MD5
7be193313012706544f29fca2ae95ec0

SHA1
244aaa2afdc8025225881f6e80768ec71ca6da2d

SHA256
e2782fb14e7e4bccd211841ecbc8bcef91338ede67aaa9aa282e96dde04d3144

SHA512
28728834a99496d63c45f0b8d8efcf5ffd3116b1add75a3857be482764accf5ce0dad85450d451f7b6cf20f43bc1e6b2fb8d7ed562ee516a6fb830d51b992038

Download Submit
\Windows\system\omRgzBG.exe

Filesize
6.0MB

MD5
92cdce0799a9b0ae2c5742611fe2c431

SHA1
941a4abc16456f20226041678522345f5ef118dd

SHA256
07f056be7a23f6db4bfce7649b90282d17a0198c8af6a2e80c4609c8570fa208

SHA512
c56e10ef4e38d976655c77dcc3d5eee04e8605ee4ea1f6fbe1d10264e43042481a42d3cff3ddd1167fa72f68693f846f492e6e5b1b5a81da7bb1569de612ab5a

Download Submit
\Windows\system\pHDIRxn.exe

Filesize
6.0MB

MD5
10f74d60a0c042185ee4ade3fbe04697

SHA1
7b993a3c130e166ec10e59f8dbf2feee8de2dcdf

SHA256
293222f28804e8f96f81faec818f97444882cd02db2483d1bd16e75c87bf79fd

SHA512
c79c780ba0b369921ccfce906ff9b2d21e081256a71e67a18688f2c8571053ab2c949cb8812349d2c6b4a7475ef4b304fa8c5d61c1baa194ce1259789c5a859f

Download Submit
memory/676-3690-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/676-86-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/676-138-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1088-3326-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1088-65-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-3046-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-23-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1300-3440-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1300-79-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1300-137-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1516-63-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1516-91-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1516-3344-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2016-105-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2016-392-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3704-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2120-98-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-87-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2120-38-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-69-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-0-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2120-127-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-59-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2120-76-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2120-99-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2120-15-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2120-111-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2120-31-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-10-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2120-95-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2120-216-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2120-21-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2120-25-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2120-391-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2120-88-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2120-45-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3049-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2152-17-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2468-22-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3048-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-71-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3377-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-102-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3100-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2676-58-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2676-29-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2712-83-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3342-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-49-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-75-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3099-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-43-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-303-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4062-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3323-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-36-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-67-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download