cobaltstrike | 274169cea95c7f05133ab2ad01832476342283ff02fe598ac4b09fb1052f2d43

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

08168749c11396c87fad5b43bbb28bdf
SHA1

273be04d737a17227ec717069a8db9b09dc1379e
SHA256

274169cea95c7f05133ab2ad01832476342283ff02fe598ac4b09fb1052f2d43
SHA512

db9d66f04900483ae2bf3ca424308e53eb55824ca731b7e0136ee49d86212d7818aadb159df7a8336afb0ccb12796040ca48091c46c10818d42202bfc6780f34
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000013a51-3.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f2-10.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f8-14.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018731-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018742-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019438-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-65.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001878c-63.dat	cobalt_reflective_dll
behavioral1/files/0x001700000001866f-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x000e000000013a51-3.dat	xmrig
behavioral1/files/0x00060000000186f2-10.dat	xmrig
behavioral1/files/0x00060000000186f8-14.dat	xmrig
behavioral1/memory/2044-11-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2384-21-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/3016-20-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2908-18-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0006000000018731-23.dat	xmrig
behavioral1/memory/1952-28-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0006000000018742-29.dat	xmrig
behavioral1/files/0x0007000000019438-53.dat	xmrig
behavioral1/files/0x0007000000018bf3-54.dat	xmrig
behavioral1/memory/2716-74-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2568-75-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1952-84-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2688-89-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2312-103-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000019622-167.dat	xmrig
behavioral1/memory/2936-647-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2312-1023-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/540-869-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2384-539-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2924-434-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000500000001962b-191.dat	xmrig
behavioral1/files/0x0005000000019627-181.dat	xmrig
behavioral1/files/0x000500000001963b-196.dat	xmrig
behavioral1/files/0x0005000000019629-187.dat	xmrig
behavioral1/files/0x0005000000019625-177.dat	xmrig
behavioral1/files/0x0005000000019623-171.dat	xmrig
behavioral1/files/0x0005000000019621-162.dat	xmrig
behavioral1/files/0x000500000001961d-152.dat	xmrig
behavioral1/files/0x000500000001961f-156.dat	xmrig
behavioral1/files/0x00050000000195e6-146.dat	xmrig
behavioral1/files/0x00050000000195a7-141.dat	xmrig
behavioral1/files/0x000500000001957e-136.dat	xmrig
behavioral1/files/0x000500000001952f-131.dat	xmrig
behavioral1/files/0x0005000000019506-125.dat	xmrig
behavioral1/files/0x00050000000194fc-121.dat	xmrig
behavioral1/files/0x00050000000194ef-116.dat	xmrig
behavioral1/files/0x00050000000194d0-111.dat	xmrig
behavioral1/files/0x00050000000194ad-102.dat	xmrig
behavioral1/memory/540-96-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019496-95.dat	xmrig
behavioral1/memory/2844-100-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2924-80-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-79.dat	xmrig
behavioral1/memory/2384-77-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2384-88-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/files/0x0005000000019467-87.dat	xmrig
behavioral1/memory/2384-56-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2712-73-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2384-68-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/3016-67-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0005000000019456-65.dat	xmrig
behavioral1/files/0x000700000001878c-63.dat	xmrig
behavioral1/memory/2844-60-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2908-52-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2044-51-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2740-43-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2384-42-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x001700000001866f-38.dat	xmrig
behavioral1/memory/2688-37-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/1952-4029-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2044	KldQtCo.exe
2908	gpiWDhr.exe
3016	EBUeXNr.exe
1952	aIFMyas.exe
2688	LQndVWA.exe
2740	teERgvt.exe
2844	qDrJsDH.exe
2716	gQwScXY.exe
2712	cRMOVSW.exe
2568	rfhZUeY.exe
2924	kOyQlyU.exe
2936	aGOiEXD.exe
540	TDspWeO.exe
2312	IrqTpgU.exe
708	awarVrn.exe
1204	MTCwtKp.exe
1316	jqOCRRL.exe
2304	vswZOpq.exe
1932	xGWpiML.exe
2008	ZAXWWUq.exe
1524	lNfbBSD.exe
1572	qWvOEmg.exe
1988	bKSmowW.exe
2372	WgmYzEl.exe
1784	svzoFxV.exe
2376	YspoTwy.exe
444	qymKYro.exe
2344	CtSbVEL.exe
712	LXVDRyb.exe
1304	ADidApW.exe
916	RKbiCdw.exe
1632	hDckcFb.exe
972	uJotuNr.exe
1264	nJQiZcy.exe
948	UJshkFn.exe
2260	cBMmPvM.exe
1468	dkrfxvc.exe
788	tXQZJuH.exe
1216	LKImlza.exe
280	YVWAlWn.exe
2476	XiNGxpi.exe
1440	SdDnuJp.exe
2156	OmSOcSy.exe
2248	IyCycYc.exe
2972	PSdOVCd.exe
1736	eyMemXz.exe
1396	cSJbjxm.exe
1428	iuXRFiR.exe
1848	ZsNvdwH.exe
2132	osRejzK.exe
2164	wfEliwc.exe
2168	SnmObCF.exe
2072	qdnqdfZ.exe
2460	tICjzlU.exe
2448	vKAvqxo.exe
2336	vTTFiLy.exe
2820	zuLPtDB.exe
2656	RcauYha.exe
2736	TVhFvGu.exe
2708	TBrqvon.exe
2600	CjVqPiC.exe
2684	PUShWQF.exe
1772	BmFDeoO.exe
604	SzZKEhk.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x000e000000013a51-3.dat	upx
behavioral1/files/0x00060000000186f2-10.dat	upx
behavioral1/files/0x00060000000186f8-14.dat	upx
behavioral1/memory/2044-11-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/3016-20-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2908-18-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0006000000018731-23.dat	upx
behavioral1/memory/1952-28-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0006000000018742-29.dat	upx
behavioral1/files/0x0007000000019438-53.dat	upx
behavioral1/files/0x0007000000018bf3-54.dat	upx
behavioral1/memory/2716-74-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2568-75-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/1952-84-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2688-89-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2312-103-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000019622-167.dat	upx
behavioral1/memory/2936-647-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2312-1023-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/540-869-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2924-434-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000500000001962b-191.dat	upx
behavioral1/files/0x0005000000019627-181.dat	upx
behavioral1/files/0x000500000001963b-196.dat	upx
behavioral1/files/0x0005000000019629-187.dat	upx
behavioral1/files/0x0005000000019625-177.dat	upx
behavioral1/files/0x0005000000019623-171.dat	upx
behavioral1/files/0x0005000000019621-162.dat	upx
behavioral1/files/0x000500000001961d-152.dat	upx
behavioral1/files/0x000500000001961f-156.dat	upx
behavioral1/files/0x00050000000195e6-146.dat	upx
behavioral1/files/0x00050000000195a7-141.dat	upx
behavioral1/files/0x000500000001957e-136.dat	upx
behavioral1/files/0x000500000001952f-131.dat	upx
behavioral1/files/0x0005000000019506-125.dat	upx
behavioral1/files/0x00050000000194fc-121.dat	upx
behavioral1/files/0x00050000000194ef-116.dat	upx
behavioral1/files/0x00050000000194d0-111.dat	upx
behavioral1/files/0x00050000000194ad-102.dat	upx
behavioral1/memory/540-96-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0005000000019496-95.dat	upx
behavioral1/memory/2844-100-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2924-80-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000500000001945c-79.dat	upx
behavioral1/memory/2384-88-0x0000000002430000-0x0000000002784000-memory.dmp	upx
behavioral1/files/0x0005000000019467-87.dat	upx
behavioral1/memory/2712-73-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/3016-67-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0005000000019456-65.dat	upx
behavioral1/files/0x000700000001878c-63.dat	upx
behavioral1/memory/2844-60-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2908-52-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2044-51-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2740-43-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2384-42-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x001700000001866f-38.dat	upx
behavioral1/memory/2688-37-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/1952-4029-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2740-4030-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2688-4031-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2844-4032-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2712-4033-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2716-4034-0x000000013FF10000-0x0000000140264000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OLWNycP.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGsydRX.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzCKodI.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbIDsVl.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhSqwlt.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQGzngM.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWaCNay.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDckcFb.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgyrUIw.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCHwSVx.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmFDeoO.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAtIenr.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcaZRbl.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqQurhU.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVKeZeD.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVjoWmz.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnlRzfh.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVMSfTN.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWxPdnk.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itvfeHh.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URnvkVr.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYALyDu.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AczHrQI.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpqUdbr.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDvfWqT.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbOfxuQ.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGutYjN.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YspoTwy.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgAhvnr.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OftHsry.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTZEKJt.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhkiVKq.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnKConx.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asRPgWJ.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbCUKHf.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPePHeJ.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyoRsBW.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDpGgmo.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgcWtmb.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tykgKTl.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBKZMfq.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMtrRtW.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYyowfp.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzPQpEN.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOzHMoW.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMSrWAa.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRTLYfr.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtFtKqv.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltkoRCk.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wvdoess.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnXOzqu.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDxNXWE.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjePkJn.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awokhgG.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHcXFBe.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BknXwHC.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QymCRvZ.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEDZtoL.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuUQuuL.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFQKsPN.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guCurCG.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdDnuJp.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyMemXz.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSORTpK.exe	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2044	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2044	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2044	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2908	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2908	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2908	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 3016	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 3016	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 3016	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 1952	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 1952	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 1952	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2688	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2688	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2688	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2740	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2740	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2740	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2716	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2716	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2716	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2844	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2844	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2844	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2568	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2568	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2568	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2712	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2712	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2712	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2924	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2924	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2924	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2936	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2936	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2936	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 540	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 540	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 540	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2312	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 2312	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 2312	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 708	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 708	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 708	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 1204	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1204	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1204	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1316	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1316	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1316	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 2304	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 2304	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 2304	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1932	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1932	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1932	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 2008	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 2008	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 2008	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 1524	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 1524	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 1524	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 1572	2384	2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_08168749c11396c87fad5b43bbb28bdf_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\KldQtCo.exe
  C:\Windows\System\KldQtCo.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\gpiWDhr.exe
  C:\Windows\System\gpiWDhr.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\EBUeXNr.exe
  C:\Windows\System\EBUeXNr.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\aIFMyas.exe
  C:\Windows\System\aIFMyas.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\LQndVWA.exe
  C:\Windows\System\LQndVWA.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\teERgvt.exe
  C:\Windows\System\teERgvt.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\gQwScXY.exe
  C:\Windows\System\gQwScXY.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\qDrJsDH.exe
  C:\Windows\System\qDrJsDH.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\rfhZUeY.exe
  C:\Windows\System\rfhZUeY.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\cRMOVSW.exe
  C:\Windows\System\cRMOVSW.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\kOyQlyU.exe
  C:\Windows\System\kOyQlyU.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\aGOiEXD.exe
  C:\Windows\System\aGOiEXD.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\TDspWeO.exe
  C:\Windows\System\TDspWeO.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\IrqTpgU.exe
  C:\Windows\System\IrqTpgU.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\awarVrn.exe
  C:\Windows\System\awarVrn.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\MTCwtKp.exe
  C:\Windows\System\MTCwtKp.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\jqOCRRL.exe
  C:\Windows\System\jqOCRRL.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\vswZOpq.exe
  C:\Windows\System\vswZOpq.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\xGWpiML.exe
  C:\Windows\System\xGWpiML.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ZAXWWUq.exe
  C:\Windows\System\ZAXWWUq.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\lNfbBSD.exe
  C:\Windows\System\lNfbBSD.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\qWvOEmg.exe
  C:\Windows\System\qWvOEmg.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\bKSmowW.exe
  C:\Windows\System\bKSmowW.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\WgmYzEl.exe
  C:\Windows\System\WgmYzEl.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\svzoFxV.exe
  C:\Windows\System\svzoFxV.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\YspoTwy.exe
  C:\Windows\System\YspoTwy.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\qymKYro.exe
  C:\Windows\System\qymKYro.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\CtSbVEL.exe
  C:\Windows\System\CtSbVEL.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\LXVDRyb.exe
  C:\Windows\System\LXVDRyb.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\ADidApW.exe
  C:\Windows\System\ADidApW.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\RKbiCdw.exe
  C:\Windows\System\RKbiCdw.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\hDckcFb.exe
  C:\Windows\System\hDckcFb.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\uJotuNr.exe
  C:\Windows\System\uJotuNr.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\nJQiZcy.exe
  C:\Windows\System\nJQiZcy.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\UJshkFn.exe
  C:\Windows\System\UJshkFn.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\cBMmPvM.exe
  C:\Windows\System\cBMmPvM.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\dkrfxvc.exe
  C:\Windows\System\dkrfxvc.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\tXQZJuH.exe
  C:\Windows\System\tXQZJuH.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\LKImlza.exe
  C:\Windows\System\LKImlza.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\YVWAlWn.exe
  C:\Windows\System\YVWAlWn.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\XiNGxpi.exe
  C:\Windows\System\XiNGxpi.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\SdDnuJp.exe
  C:\Windows\System\SdDnuJp.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\OmSOcSy.exe
  C:\Windows\System\OmSOcSy.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\IyCycYc.exe
  C:\Windows\System\IyCycYc.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\PSdOVCd.exe
  C:\Windows\System\PSdOVCd.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\eyMemXz.exe
  C:\Windows\System\eyMemXz.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\cSJbjxm.exe
  C:\Windows\System\cSJbjxm.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\iuXRFiR.exe
  C:\Windows\System\iuXRFiR.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\ZsNvdwH.exe
  C:\Windows\System\ZsNvdwH.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\osRejzK.exe
  C:\Windows\System\osRejzK.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\wfEliwc.exe
  C:\Windows\System\wfEliwc.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\SnmObCF.exe
  C:\Windows\System\SnmObCF.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\qdnqdfZ.exe
  C:\Windows\System\qdnqdfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\tICjzlU.exe
  C:\Windows\System\tICjzlU.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\vKAvqxo.exe
  C:\Windows\System\vKAvqxo.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\vTTFiLy.exe
  C:\Windows\System\vTTFiLy.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\zuLPtDB.exe
  C:\Windows\System\zuLPtDB.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\RcauYha.exe
  C:\Windows\System\RcauYha.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\TVhFvGu.exe
  C:\Windows\System\TVhFvGu.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\TBrqvon.exe
  C:\Windows\System\TBrqvon.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\CjVqPiC.exe
  C:\Windows\System\CjVqPiC.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\PUShWQF.exe
  C:\Windows\System\PUShWQF.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\BmFDeoO.exe
  C:\Windows\System\BmFDeoO.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\SzZKEhk.exe
  C:\Windows\System\SzZKEhk.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\fNUVKKu.exe
  C:\Windows\System\fNUVKKu.exe
  2⤵
  PID:2504
- C:\Windows\System\gnseSvX.exe
  C:\Windows\System\gnseSvX.exe
  2⤵
  PID:576
- C:\Windows\System\tesfzhw.exe
  C:\Windows\System\tesfzhw.exe
  2⤵
  PID:1740
- C:\Windows\System\whnxelJ.exe
  C:\Windows\System\whnxelJ.exe
  2⤵
  PID:2436
- C:\Windows\System\zpLEawZ.exe
  C:\Windows\System\zpLEawZ.exe
  2⤵
  PID:1980
- C:\Windows\System\HwtrXDa.exe
  C:\Windows\System\HwtrXDa.exe
  2⤵
  PID:848
- C:\Windows\System\yvguDUX.exe
  C:\Windows\System\yvguDUX.exe
  2⤵
  PID:2524
- C:\Windows\System\GnlSOwU.exe
  C:\Windows\System\GnlSOwU.exe
  2⤵
  PID:2064
- C:\Windows\System\aldJUre.exe
  C:\Windows\System\aldJUre.exe
  2⤵
  PID:1616
- C:\Windows\System\fQveuBo.exe
  C:\Windows\System\fQveuBo.exe
  2⤵
  PID:964
- C:\Windows\System\NwrktKB.exe
  C:\Windows\System\NwrktKB.exe
  2⤵
  PID:920
- C:\Windows\System\borfwfZ.exe
  C:\Windows\System\borfwfZ.exe
  2⤵
  PID:680
- C:\Windows\System\xYALyDu.exe
  C:\Windows\System\xYALyDu.exe
  2⤵
  PID:2868
- C:\Windows\System\CmMEqYJ.exe
  C:\Windows\System\CmMEqYJ.exe
  2⤵
  PID:1464
- C:\Windows\System\lCqUsfM.exe
  C:\Windows\System\lCqUsfM.exe
  2⤵
  PID:2968
- C:\Windows\System\uhnAkYo.exe
  C:\Windows\System\uhnAkYo.exe
  2⤵
  PID:1368
- C:\Windows\System\nHvZJgX.exe
  C:\Windows\System\nHvZJgX.exe
  2⤵
  PID:2348
- C:\Windows\System\SVFGYAJ.exe
  C:\Windows\System\SVFGYAJ.exe
  2⤵
  PID:2408
- C:\Windows\System\jlCNXPA.exe
  C:\Windows\System\jlCNXPA.exe
  2⤵
  PID:2832
- C:\Windows\System\jcoxjYb.exe
  C:\Windows\System\jcoxjYb.exe
  2⤵
  PID:1888
- C:\Windows\System\HMtrRtW.exe
  C:\Windows\System\HMtrRtW.exe
  2⤵
  PID:904
- C:\Windows\System\vYpfeFj.exe
  C:\Windows\System\vYpfeFj.exe
  2⤵
  PID:1780
- C:\Windows\System\dqQurhU.exe
  C:\Windows\System\dqQurhU.exe
  2⤵
  PID:1500
- C:\Windows\System\dzKHnuN.exe
  C:\Windows\System\dzKHnuN.exe
  2⤵
  PID:2420
- C:\Windows\System\TPaIFOm.exe
  C:\Windows\System\TPaIFOm.exe
  2⤵
  PID:2636
- C:\Windows\System\DIzDVRs.exe
  C:\Windows\System\DIzDVRs.exe
  2⤵
  PID:2696
- C:\Windows\System\LwqxNmQ.exe
  C:\Windows\System\LwqxNmQ.exe
  2⤵
  PID:2552
- C:\Windows\System\zKWUNos.exe
  C:\Windows\System\zKWUNos.exe
  2⤵
  PID:2792
- C:\Windows\System\JbQbkYe.exe
  C:\Windows\System\JbQbkYe.exe
  2⤵
  PID:2268
- C:\Windows\System\mMWRtht.exe
  C:\Windows\System\mMWRtht.exe
  2⤵
  PID:1748
- C:\Windows\System\uNkPwFI.exe
  C:\Windows\System\uNkPwFI.exe
  2⤵
  PID:2364
- C:\Windows\System\kUmsqgz.exe
  C:\Windows\System\kUmsqgz.exe
  2⤵
  PID:1960
- C:\Windows\System\itQiUyz.exe
  C:\Windows\System\itQiUyz.exe
  2⤵
  PID:2012
- C:\Windows\System\IkByNTx.exe
  C:\Windows\System\IkByNTx.exe
  2⤵
  PID:1192
- C:\Windows\System\xWSKVRH.exe
  C:\Windows\System\xWSKVRH.exe
  2⤵
  PID:1400
- C:\Windows\System\hVrrfyL.exe
  C:\Windows\System\hVrrfyL.exe
  2⤵
  PID:1480
- C:\Windows\System\WfgBVIj.exe
  C:\Windows\System\WfgBVIj.exe
  2⤵
  PID:860
- C:\Windows\System\yIezMqn.exe
  C:\Windows\System\yIezMqn.exe
  2⤵
  PID:1124
- C:\Windows\System\iKQAFXh.exe
  C:\Windows\System\iKQAFXh.exe
  2⤵
  PID:1408
- C:\Windows\System\wxqPTcE.exe
  C:\Windows\System\wxqPTcE.exe
  2⤵
  PID:1864
- C:\Windows\System\YxgDaVs.exe
  C:\Windows\System\YxgDaVs.exe
  2⤵
  PID:2392
- C:\Windows\System\zLVWiTJ.exe
  C:\Windows\System\zLVWiTJ.exe
  2⤵
  PID:1544
- C:\Windows\System\JuoSDZM.exe
  C:\Windows\System\JuoSDZM.exe
  2⤵
  PID:1532
- C:\Windows\System\nmfpuCy.exe
  C:\Windows\System\nmfpuCy.exe
  2⤵
  PID:2956
- C:\Windows\System\CcgNyAR.exe
  C:\Windows\System\CcgNyAR.exe
  2⤵
  PID:3056
- C:\Windows\System\SmVIpmY.exe
  C:\Windows\System\SmVIpmY.exe
  2⤵
  PID:2100
- C:\Windows\System\ZsiphSR.exe
  C:\Windows\System\ZsiphSR.exe
  2⤵
  PID:1912
- C:\Windows\System\hUNoXAt.exe
  C:\Windows\System\hUNoXAt.exe
  2⤵
  PID:1880
- C:\Windows\System\cgPbZQK.exe
  C:\Windows\System\cgPbZQK.exe
  2⤵
  PID:856
- C:\Windows\System\IjkIyhz.exe
  C:\Windows\System\IjkIyhz.exe
  2⤵
  PID:1792
- C:\Windows\System\SGqTdwR.exe
  C:\Windows\System\SGqTdwR.exe
  2⤵
  PID:2976
- C:\Windows\System\IOtUQDo.exe
  C:\Windows\System\IOtUQDo.exe
  2⤵
  PID:2300
- C:\Windows\System\eedhDcO.exe
  C:\Windows\System\eedhDcO.exe
  2⤵
  PID:3000
- C:\Windows\System\wCKsuhG.exe
  C:\Windows\System\wCKsuhG.exe
  2⤵
  PID:2624
- C:\Windows\System\djSNqBq.exe
  C:\Windows\System\djSNqBq.exe
  2⤵
  PID:1536
- C:\Windows\System\ZCmKDyV.exe
  C:\Windows\System\ZCmKDyV.exe
  2⤵
  PID:2944
- C:\Windows\System\PTBheHe.exe
  C:\Windows\System\PTBheHe.exe
  2⤵
  PID:2932
- C:\Windows\System\dGIfkuN.exe
  C:\Windows\System\dGIfkuN.exe
  2⤵
  PID:1636
- C:\Windows\System\BOCTaPY.exe
  C:\Windows\System\BOCTaPY.exe
  2⤵
  PID:3092
- C:\Windows\System\JAGBVLI.exe
  C:\Windows\System\JAGBVLI.exe
  2⤵
  PID:3112
- C:\Windows\System\IPePHeJ.exe
  C:\Windows\System\IPePHeJ.exe
  2⤵
  PID:3132
- C:\Windows\System\aixrxUB.exe
  C:\Windows\System\aixrxUB.exe
  2⤵
  PID:3148
- C:\Windows\System\sowMMYr.exe
  C:\Windows\System\sowMMYr.exe
  2⤵
  PID:3168
- C:\Windows\System\POwRggC.exe
  C:\Windows\System\POwRggC.exe
  2⤵
  PID:3188
- C:\Windows\System\WsdhXQl.exe
  C:\Windows\System\WsdhXQl.exe
  2⤵
  PID:3212
- C:\Windows\System\ResfzMB.exe
  C:\Windows\System\ResfzMB.exe
  2⤵
  PID:3232
- C:\Windows\System\GgBCFDA.exe
  C:\Windows\System\GgBCFDA.exe
  2⤵
  PID:3252
- C:\Windows\System\MSAbOhC.exe
  C:\Windows\System\MSAbOhC.exe
  2⤵
  PID:3268
- C:\Windows\System\TDYihIW.exe
  C:\Windows\System\TDYihIW.exe
  2⤵
  PID:3288
- C:\Windows\System\aBINjkR.exe
  C:\Windows\System\aBINjkR.exe
  2⤵
  PID:3308
- C:\Windows\System\WQjqtKH.exe
  C:\Windows\System\WQjqtKH.exe
  2⤵
  PID:3328
- C:\Windows\System\JwnWcDj.exe
  C:\Windows\System\JwnWcDj.exe
  2⤵
  PID:3344
- C:\Windows\System\HWMpvio.exe
  C:\Windows\System\HWMpvio.exe
  2⤵
  PID:3364
- C:\Windows\System\dtGcyro.exe
  C:\Windows\System\dtGcyro.exe
  2⤵
  PID:3384
- C:\Windows\System\qalzbgs.exe
  C:\Windows\System\qalzbgs.exe
  2⤵
  PID:3412
- C:\Windows\System\nWqwwoU.exe
  C:\Windows\System\nWqwwoU.exe
  2⤵
  PID:3428
- C:\Windows\System\gyyDYPl.exe
  C:\Windows\System\gyyDYPl.exe
  2⤵
  PID:3452
- C:\Windows\System\fQzkSmy.exe
  C:\Windows\System\fQzkSmy.exe
  2⤵
  PID:3468
- C:\Windows\System\YztRWlK.exe
  C:\Windows\System\YztRWlK.exe
  2⤵
  PID:3492
- C:\Windows\System\PthVppd.exe
  C:\Windows\System\PthVppd.exe
  2⤵
  PID:3508
- C:\Windows\System\MvyxhpY.exe
  C:\Windows\System\MvyxhpY.exe
  2⤵
  PID:3528
- C:\Windows\System\hwSVNXZ.exe
  C:\Windows\System\hwSVNXZ.exe
  2⤵
  PID:3548
- C:\Windows\System\xkWjbxB.exe
  C:\Windows\System\xkWjbxB.exe
  2⤵
  PID:3572
- C:\Windows\System\znUgkhM.exe
  C:\Windows\System\znUgkhM.exe
  2⤵
  PID:3592
- C:\Windows\System\QwDJWKM.exe
  C:\Windows\System\QwDJWKM.exe
  2⤵
  PID:3612
- C:\Windows\System\xWWMddY.exe
  C:\Windows\System\xWWMddY.exe
  2⤵
  PID:3632
- C:\Windows\System\otWOtQH.exe
  C:\Windows\System\otWOtQH.exe
  2⤵
  PID:3652
- C:\Windows\System\wvzEljb.exe
  C:\Windows\System\wvzEljb.exe
  2⤵
  PID:3672
- C:\Windows\System\bKMrglD.exe
  C:\Windows\System\bKMrglD.exe
  2⤵
  PID:3696
- C:\Windows\System\RlJUFec.exe
  C:\Windows\System\RlJUFec.exe
  2⤵
  PID:3716
- C:\Windows\System\ffDWnvb.exe
  C:\Windows\System\ffDWnvb.exe
  2⤵
  PID:3736
- C:\Windows\System\FyoRsBW.exe
  C:\Windows\System\FyoRsBW.exe
  2⤵
  PID:3752
- C:\Windows\System\eoURRuD.exe
  C:\Windows\System\eoURRuD.exe
  2⤵
  PID:3776
- C:\Windows\System\GMMqavd.exe
  C:\Windows\System\GMMqavd.exe
  2⤵
  PID:3796
- C:\Windows\System\AXYDlNU.exe
  C:\Windows\System\AXYDlNU.exe
  2⤵
  PID:3816
- C:\Windows\System\fCditHG.exe
  C:\Windows\System\fCditHG.exe
  2⤵
  PID:3836
- C:\Windows\System\wgPOdwA.exe
  C:\Windows\System\wgPOdwA.exe
  2⤵
  PID:3856
- C:\Windows\System\PUDxHGr.exe
  C:\Windows\System\PUDxHGr.exe
  2⤵
  PID:3872
- C:\Windows\System\FBtuUZy.exe
  C:\Windows\System\FBtuUZy.exe
  2⤵
  PID:3896
- C:\Windows\System\oRJBHXn.exe
  C:\Windows\System\oRJBHXn.exe
  2⤵
  PID:3916
- C:\Windows\System\gAVNyop.exe
  C:\Windows\System\gAVNyop.exe
  2⤵
  PID:3936
- C:\Windows\System\YxblUgQ.exe
  C:\Windows\System\YxblUgQ.exe
  2⤵
  PID:3956
- C:\Windows\System\mJeOhzd.exe
  C:\Windows\System\mJeOhzd.exe
  2⤵
  PID:3976
- C:\Windows\System\LbHXShf.exe
  C:\Windows\System\LbHXShf.exe
  2⤵
  PID:3996
- C:\Windows\System\dMipPeL.exe
  C:\Windows\System\dMipPeL.exe
  2⤵
  PID:4016
- C:\Windows\System\XnpHQUq.exe
  C:\Windows\System\XnpHQUq.exe
  2⤵
  PID:4032
- C:\Windows\System\jYyowfp.exe
  C:\Windows\System\jYyowfp.exe
  2⤵
  PID:4052
- C:\Windows\System\vaOAfKx.exe
  C:\Windows\System\vaOAfKx.exe
  2⤵
  PID:4072
- C:\Windows\System\AmwKQan.exe
  C:\Windows\System\AmwKQan.exe
  2⤵
  PID:4092
- C:\Windows\System\PGcHnCl.exe
  C:\Windows\System\PGcHnCl.exe
  2⤵
  PID:1940
- C:\Windows\System\zxaSbAJ.exe
  C:\Windows\System\zxaSbAJ.exe
  2⤵
  PID:328
- C:\Windows\System\kyrYjFL.exe
  C:\Windows\System\kyrYjFL.exe
  2⤵
  PID:844
- C:\Windows\System\YnnCBVp.exe
  C:\Windows\System\YnnCBVp.exe
  2⤵
  PID:2548
- C:\Windows\System\amsMnRn.exe
  C:\Windows\System\amsMnRn.exe
  2⤵
  PID:3080
- C:\Windows\System\QidiBsA.exe
  C:\Windows\System\QidiBsA.exe
  2⤵
  PID:3124
- C:\Windows\System\fVfDopE.exe
  C:\Windows\System\fVfDopE.exe
  2⤵
  PID:2900
- C:\Windows\System\dhfafCZ.exe
  C:\Windows\System\dhfafCZ.exe
  2⤵
  PID:3108
- C:\Windows\System\hTopEWZ.exe
  C:\Windows\System\hTopEWZ.exe
  2⤵
  PID:3208
- C:\Windows\System\pUPLOmC.exe
  C:\Windows\System\pUPLOmC.exe
  2⤵
  PID:3176
- C:\Windows\System\sfNcqxS.exe
  C:\Windows\System\sfNcqxS.exe
  2⤵
  PID:3276
- C:\Windows\System\YYKbnps.exe
  C:\Windows\System\YYKbnps.exe
  2⤵
  PID:3324
- C:\Windows\System\xSvbjmT.exe
  C:\Windows\System\xSvbjmT.exe
  2⤵
  PID:3224
- C:\Windows\System\AczHrQI.exe
  C:\Windows\System\AczHrQI.exe
  2⤵
  PID:3260
- C:\Windows\System\MpIsqCu.exe
  C:\Windows\System\MpIsqCu.exe
  2⤵
  PID:3408
- C:\Windows\System\JNIiUJa.exe
  C:\Windows\System\JNIiUJa.exe
  2⤵
  PID:3448
- C:\Windows\System\eAvdvUG.exe
  C:\Windows\System\eAvdvUG.exe
  2⤵
  PID:3484
- C:\Windows\System\pOZAlNJ.exe
  C:\Windows\System\pOZAlNJ.exe
  2⤵
  PID:3424
- C:\Windows\System\ATjOmRi.exe
  C:\Windows\System\ATjOmRi.exe
  2⤵
  PID:3524
- C:\Windows\System\XDpGgmo.exe
  C:\Windows\System\XDpGgmo.exe
  2⤵
  PID:3564
- C:\Windows\System\ojXjlBm.exe
  C:\Windows\System\ojXjlBm.exe
  2⤵
  PID:3544
- C:\Windows\System\ifebxUO.exe
  C:\Windows\System\ifebxUO.exe
  2⤵
  PID:3640
- C:\Windows\System\hdjZRWc.exe
  C:\Windows\System\hdjZRWc.exe
  2⤵
  PID:3688
- C:\Windows\System\SySZpoh.exe
  C:\Windows\System\SySZpoh.exe
  2⤵
  PID:3692
- C:\Windows\System\zBSbuao.exe
  C:\Windows\System\zBSbuao.exe
  2⤵
  PID:3724
- C:\Windows\System\roVDOiI.exe
  C:\Windows\System\roVDOiI.exe
  2⤵
  PID:3760
- C:\Windows\System\dWbHxlB.exe
  C:\Windows\System\dWbHxlB.exe
  2⤵
  PID:3812
- C:\Windows\System\CPmpCiH.exe
  C:\Windows\System\CPmpCiH.exe
  2⤵
  PID:3792
- C:\Windows\System\zLKgnHf.exe
  C:\Windows\System\zLKgnHf.exe
  2⤵
  PID:3828
- C:\Windows\System\aOncvuC.exe
  C:\Windows\System\aOncvuC.exe
  2⤵
  PID:3864
- C:\Windows\System\nnpgPOz.exe
  C:\Windows\System\nnpgPOz.exe
  2⤵
  PID:3932
- C:\Windows\System\pgMqHKr.exe
  C:\Windows\System\pgMqHKr.exe
  2⤵
  PID:3964
- C:\Windows\System\tFKUvhL.exe
  C:\Windows\System\tFKUvhL.exe
  2⤵
  PID:3952
- C:\Windows\System\WoSXczc.exe
  C:\Windows\System\WoSXczc.exe
  2⤵
  PID:3992
- C:\Windows\System\gmEhXSB.exe
  C:\Windows\System\gmEhXSB.exe
  2⤵
  PID:4044
- C:\Windows\System\TeLUUiF.exe
  C:\Windows\System\TeLUUiF.exe
  2⤵
  PID:4084
- C:\Windows\System\kkwKGVZ.exe
  C:\Windows\System\kkwKGVZ.exe
  2⤵
  PID:408
- C:\Windows\System\LkgYAmQ.exe
  C:\Windows\System\LkgYAmQ.exe
  2⤵
  PID:2144
- C:\Windows\System\ZpjTcQu.exe
  C:\Windows\System\ZpjTcQu.exe
  2⤵
  PID:2224
- C:\Windows\System\dJOpsTZ.exe
  C:\Windows\System\dJOpsTZ.exe
  2⤵
  PID:2016
- C:\Windows\System\wXJRrrR.exe
  C:\Windows\System\wXJRrrR.exe
  2⤵
  PID:2468
- C:\Windows\System\FDefSrz.exe
  C:\Windows\System\FDefSrz.exe
  2⤵
  PID:3160
- C:\Windows\System\utMAJXc.exe
  C:\Windows\System\utMAJXc.exe
  2⤵
  PID:3196
- C:\Windows\System\JgQHPmh.exe
  C:\Windows\System\JgQHPmh.exe
  2⤵
  PID:3336
- C:\Windows\System\qrISWOO.exe
  C:\Windows\System\qrISWOO.exe
  2⤵
  PID:3184
- C:\Windows\System\PYhKvDc.exe
  C:\Windows\System\PYhKvDc.exe
  2⤵
  PID:3300
- C:\Windows\System\KJVCbrI.exe
  C:\Windows\System\KJVCbrI.exe
  2⤵
  PID:3556
- C:\Windows\System\XygJsvo.exe
  C:\Windows\System\XygJsvo.exe
  2⤵
  PID:3568
- C:\Windows\System\TvRKCyi.exe
  C:\Windows\System\TvRKCyi.exe
  2⤵
  PID:3460
- C:\Windows\System\YobTSfw.exe
  C:\Windows\System\YobTSfw.exe
  2⤵
  PID:3600
- C:\Windows\System\iNpWNsD.exe
  C:\Windows\System\iNpWNsD.exe
  2⤵
  PID:3708
- C:\Windows\System\ztQnRbB.exe
  C:\Windows\System\ztQnRbB.exe
  2⤵
  PID:3748
- C:\Windows\System\XlFumQj.exe
  C:\Windows\System\XlFumQj.exe
  2⤵
  PID:3880
- C:\Windows\System\KgEgskD.exe
  C:\Windows\System\KgEgskD.exe
  2⤵
  PID:3772
- C:\Windows\System\AItrKQj.exe
  C:\Windows\System\AItrKQj.exe
  2⤵
  PID:3904
- C:\Windows\System\RRHUZoN.exe
  C:\Windows\System\RRHUZoN.exe
  2⤵
  PID:3912
- C:\Windows\System\IAGTaXZ.exe
  C:\Windows\System\IAGTaXZ.exe
  2⤵
  PID:3944
- C:\Windows\System\RSrclhi.exe
  C:\Windows\System\RSrclhi.exe
  2⤵
  PID:4060
- C:\Windows\System\SBpaHNU.exe
  C:\Windows\System\SBpaHNU.exe
  2⤵
  PID:4068
- C:\Windows\System\dunzMdK.exe
  C:\Windows\System\dunzMdK.exe
  2⤵
  PID:2188
- C:\Windows\System\ivdmgFO.exe
  C:\Windows\System\ivdmgFO.exe
  2⤵
  PID:1872
- C:\Windows\System\ZqtQTgw.exe
  C:\Windows\System\ZqtQTgw.exe
  2⤵
  PID:268
- C:\Windows\System\gYvyozR.exe
  C:\Windows\System\gYvyozR.exe
  2⤵
  PID:3404
- C:\Windows\System\hVkyMCU.exe
  C:\Windows\System\hVkyMCU.exe
  2⤵
  PID:3296
- C:\Windows\System\CglRBzj.exe
  C:\Windows\System\CglRBzj.exe
  2⤵
  PID:3360
- C:\Windows\System\vtAYdnG.exe
  C:\Windows\System\vtAYdnG.exe
  2⤵
  PID:3376
- C:\Windows\System\LiSvEZo.exe
  C:\Windows\System\LiSvEZo.exe
  2⤵
  PID:3420
- C:\Windows\System\ayqyEMc.exe
  C:\Windows\System\ayqyEMc.exe
  2⤵
  PID:3744
- C:\Windows\System\NOAHWgy.exe
  C:\Windows\System\NOAHWgy.exe
  2⤵
  PID:3668
- C:\Windows\System\tXBAfDv.exe
  C:\Windows\System\tXBAfDv.exe
  2⤵
  PID:2692
- C:\Windows\System\HDrqQEw.exe
  C:\Windows\System\HDrqQEw.exe
  2⤵
  PID:3704
- C:\Windows\System\stuZdWz.exe
  C:\Windows\System\stuZdWz.exe
  2⤵
  PID:4088
- C:\Windows\System\vsZqmoM.exe
  C:\Windows\System\vsZqmoM.exe
  2⤵
  PID:4004
- C:\Windows\System\TPHhdca.exe
  C:\Windows\System\TPHhdca.exe
  2⤵
  PID:3120
- C:\Windows\System\ZBYEDnO.exe
  C:\Windows\System\ZBYEDnO.exe
  2⤵
  PID:2576
- C:\Windows\System\PIWpbTP.exe
  C:\Windows\System\PIWpbTP.exe
  2⤵
  PID:3200
- C:\Windows\System\dSORTpK.exe
  C:\Windows\System\dSORTpK.exe
  2⤵
  PID:2704
- C:\Windows\System\yrVayQz.exe
  C:\Windows\System\yrVayQz.exe
  2⤵
  PID:3624
- C:\Windows\System\xVMSfTN.exe
  C:\Windows\System\xVMSfTN.exe
  2⤵
  PID:4112
- C:\Windows\System\FUrjoXN.exe
  C:\Windows\System\FUrjoXN.exe
  2⤵
  PID:4132
- C:\Windows\System\ZAHothX.exe
  C:\Windows\System\ZAHothX.exe
  2⤵
  PID:4152
- C:\Windows\System\kXhtxUs.exe
  C:\Windows\System\kXhtxUs.exe
  2⤵
  PID:4176
- C:\Windows\System\lxzKGWd.exe
  C:\Windows\System\lxzKGWd.exe
  2⤵
  PID:4200
- C:\Windows\System\pEoycuU.exe
  C:\Windows\System\pEoycuU.exe
  2⤵
  PID:4220
- C:\Windows\System\rpktxwC.exe
  C:\Windows\System\rpktxwC.exe
  2⤵
  PID:4240
- C:\Windows\System\rjMGGZj.exe
  C:\Windows\System\rjMGGZj.exe
  2⤵
  PID:4260
- C:\Windows\System\EQhksFz.exe
  C:\Windows\System\EQhksFz.exe
  2⤵
  PID:4280
- C:\Windows\System\dWczrfL.exe
  C:\Windows\System\dWczrfL.exe
  2⤵
  PID:4300
- C:\Windows\System\WMKNlGf.exe
  C:\Windows\System\WMKNlGf.exe
  2⤵
  PID:4320
- C:\Windows\System\asRPgWJ.exe
  C:\Windows\System\asRPgWJ.exe
  2⤵
  PID:4340
- C:\Windows\System\DFCHfLy.exe
  C:\Windows\System\DFCHfLy.exe
  2⤵
  PID:4360
- C:\Windows\System\mqeFcrL.exe
  C:\Windows\System\mqeFcrL.exe
  2⤵
  PID:4380
- C:\Windows\System\QymCRvZ.exe
  C:\Windows\System\QymCRvZ.exe
  2⤵
  PID:4400
- C:\Windows\System\WArbQim.exe
  C:\Windows\System\WArbQim.exe
  2⤵
  PID:4420
- C:\Windows\System\CIlBqVr.exe
  C:\Windows\System\CIlBqVr.exe
  2⤵
  PID:4440
- C:\Windows\System\rECaQgb.exe
  C:\Windows\System\rECaQgb.exe
  2⤵
  PID:4460
- C:\Windows\System\JFXFXca.exe
  C:\Windows\System\JFXFXca.exe
  2⤵
  PID:4480
- C:\Windows\System\RAtIenr.exe
  C:\Windows\System\RAtIenr.exe
  2⤵
  PID:4504
- C:\Windows\System\YMXfzCD.exe
  C:\Windows\System\YMXfzCD.exe
  2⤵
  PID:4524
- C:\Windows\System\YgooAFX.exe
  C:\Windows\System\YgooAFX.exe
  2⤵
  PID:4544
- C:\Windows\System\mNLFKWT.exe
  C:\Windows\System\mNLFKWT.exe
  2⤵
  PID:4564
- C:\Windows\System\suuGzmx.exe
  C:\Windows\System\suuGzmx.exe
  2⤵
  PID:4584
- C:\Windows\System\laxSUPB.exe
  C:\Windows\System\laxSUPB.exe
  2⤵
  PID:4604
- C:\Windows\System\KPxHJOk.exe
  C:\Windows\System\KPxHJOk.exe
  2⤵
  PID:4624
- C:\Windows\System\VyLrkeW.exe
  C:\Windows\System\VyLrkeW.exe
  2⤵
  PID:4644
- C:\Windows\System\jcBTPMH.exe
  C:\Windows\System\jcBTPMH.exe
  2⤵
  PID:4664
- C:\Windows\System\rLadTzL.exe
  C:\Windows\System\rLadTzL.exe
  2⤵
  PID:4684
- C:\Windows\System\tmnfxPs.exe
  C:\Windows\System\tmnfxPs.exe
  2⤵
  PID:4704
- C:\Windows\System\YjETRgH.exe
  C:\Windows\System\YjETRgH.exe
  2⤵
  PID:4720
- C:\Windows\System\bpbUVjo.exe
  C:\Windows\System\bpbUVjo.exe
  2⤵
  PID:4744
- C:\Windows\System\DbxGOjf.exe
  C:\Windows\System\DbxGOjf.exe
  2⤵
  PID:4764
- C:\Windows\System\nhlnYHb.exe
  C:\Windows\System\nhlnYHb.exe
  2⤵
  PID:4784
- C:\Windows\System\fBRPqSk.exe
  C:\Windows\System\fBRPqSk.exe
  2⤵
  PID:4804
- C:\Windows\System\ttAYfjd.exe
  C:\Windows\System\ttAYfjd.exe
  2⤵
  PID:4824
- C:\Windows\System\QuNJsFT.exe
  C:\Windows\System\QuNJsFT.exe
  2⤵
  PID:4844
- C:\Windows\System\tqgcJrE.exe
  C:\Windows\System\tqgcJrE.exe
  2⤵
  PID:4864
- C:\Windows\System\mvAtjlK.exe
  C:\Windows\System\mvAtjlK.exe
  2⤵
  PID:4884
- C:\Windows\System\FtsgOKg.exe
  C:\Windows\System\FtsgOKg.exe
  2⤵
  PID:4904
- C:\Windows\System\qbIKxfk.exe
  C:\Windows\System\qbIKxfk.exe
  2⤵
  PID:4924
- C:\Windows\System\NsypySc.exe
  C:\Windows\System\NsypySc.exe
  2⤵
  PID:4944
- C:\Windows\System\qDPRxnf.exe
  C:\Windows\System\qDPRxnf.exe
  2⤵
  PID:4964
- C:\Windows\System\sgyrUIw.exe
  C:\Windows\System\sgyrUIw.exe
  2⤵
  PID:4984
- C:\Windows\System\JJjzyIQ.exe
  C:\Windows\System\JJjzyIQ.exe
  2⤵
  PID:5000
- C:\Windows\System\WXnNgkW.exe
  C:\Windows\System\WXnNgkW.exe
  2⤵
  PID:5024
- C:\Windows\System\itycGsV.exe
  C:\Windows\System\itycGsV.exe
  2⤵
  PID:5044
- C:\Windows\System\TGkCzQi.exe
  C:\Windows\System\TGkCzQi.exe
  2⤵
  PID:5064
- C:\Windows\System\cKTNUgR.exe
  C:\Windows\System\cKTNUgR.exe
  2⤵
  PID:5080
- C:\Windows\System\feBvyyQ.exe
  C:\Windows\System\feBvyyQ.exe
  2⤵
  PID:5104
- C:\Windows\System\SWacjJK.exe
  C:\Windows\System\SWacjJK.exe
  2⤵
  PID:3244
- C:\Windows\System\ZQFRHLb.exe
  C:\Windows\System\ZQFRHLb.exe
  2⤵
  PID:3852
- C:\Windows\System\tKycGgQ.exe
  C:\Windows\System\tKycGgQ.exe
  2⤵
  PID:3588
- C:\Windows\System\aQYSjPN.exe
  C:\Windows\System\aQYSjPN.exe
  2⤵
  PID:3012
- C:\Windows\System\DQVXGLo.exe
  C:\Windows\System\DQVXGLo.exe
  2⤵
  PID:3164
- C:\Windows\System\uVhTfJr.exe
  C:\Windows\System\uVhTfJr.exe
  2⤵
  PID:1640
- C:\Windows\System\RIpyAQB.exe
  C:\Windows\System\RIpyAQB.exe
  2⤵
  PID:3316
- C:\Windows\System\HBKKEBs.exe
  C:\Windows\System\HBKKEBs.exe
  2⤵
  PID:4120
- C:\Windows\System\TzwTzro.exe
  C:\Windows\System\TzwTzro.exe
  2⤵
  PID:4172
- C:\Windows\System\empIgDv.exe
  C:\Windows\System\empIgDv.exe
  2⤵
  PID:4144
- C:\Windows\System\zMhWpoJ.exe
  C:\Windows\System\zMhWpoJ.exe
  2⤵
  PID:4212
- C:\Windows\System\oGYbgzi.exe
  C:\Windows\System\oGYbgzi.exe
  2⤵
  PID:4256
- C:\Windows\System\kcaZRbl.exe
  C:\Windows\System\kcaZRbl.exe
  2⤵
  PID:4288
- C:\Windows\System\rrUrLzQ.exe
  C:\Windows\System\rrUrLzQ.exe
  2⤵
  PID:4308
- C:\Windows\System\ElztzNA.exe
  C:\Windows\System\ElztzNA.exe
  2⤵
  PID:4332
- C:\Windows\System\NnqylhU.exe
  C:\Windows\System\NnqylhU.exe
  2⤵
  PID:4376
- C:\Windows\System\dIaenwV.exe
  C:\Windows\System\dIaenwV.exe
  2⤵
  PID:4388
- C:\Windows\System\ozQaerI.exe
  C:\Windows\System\ozQaerI.exe
  2⤵
  PID:4412
- C:\Windows\System\VIYvnmi.exe
  C:\Windows\System\VIYvnmi.exe
  2⤵
  PID:2668
- C:\Windows\System\JYxHsys.exe
  C:\Windows\System\JYxHsys.exe
  2⤵
  PID:4452
- C:\Windows\System\yDxNXWE.exe
  C:\Windows\System\yDxNXWE.exe
  2⤵
  PID:4476
- C:\Windows\System\OVaTJUG.exe
  C:\Windows\System\OVaTJUG.exe
  2⤵
  PID:4540
- C:\Windows\System\NVtaXoC.exe
  C:\Windows\System\NVtaXoC.exe
  2⤵
  PID:4580
- C:\Windows\System\frHSSNP.exe
  C:\Windows\System\frHSSNP.exe
  2⤵
  PID:4560
- C:\Windows\System\buxHfGj.exe
  C:\Windows\System\buxHfGj.exe
  2⤵
  PID:4620
- C:\Windows\System\XaXDlMj.exe
  C:\Windows\System\XaXDlMj.exe
  2⤵
  PID:4596
- C:\Windows\System\CZHJqgG.exe
  C:\Windows\System\CZHJqgG.exe
  2⤵
  PID:4700
- C:\Windows\System\AVxBXRj.exe
  C:\Windows\System\AVxBXRj.exe
  2⤵
  PID:4680
- C:\Windows\System\yqnDdqV.exe
  C:\Windows\System\yqnDdqV.exe
  2⤵
  PID:4736
- C:\Windows\System\liuNLaN.exe
  C:\Windows\System\liuNLaN.exe
  2⤵
  PID:4756
- C:\Windows\System\qjpSYBn.exe
  C:\Windows\System\qjpSYBn.exe
  2⤵
  PID:4820
- C:\Windows\System\oNCZOZa.exe
  C:\Windows\System\oNCZOZa.exe
  2⤵
  PID:4852
- C:\Windows\System\OgalGZF.exe
  C:\Windows\System\OgalGZF.exe
  2⤵
  PID:4892
- C:\Windows\System\JWrunQb.exe
  C:\Windows\System\JWrunQb.exe
  2⤵
  PID:4880
- C:\Windows\System\gnTXBdg.exe
  C:\Windows\System\gnTXBdg.exe
  2⤵
  PID:2452
- C:\Windows\System\jJygKhF.exe
  C:\Windows\System\jJygKhF.exe
  2⤵
  PID:4976
- C:\Windows\System\MbPnHPE.exe
  C:\Windows\System\MbPnHPE.exe
  2⤵
  PID:4960
- C:\Windows\System\AQwrHOl.exe
  C:\Windows\System\AQwrHOl.exe
  2⤵
  PID:5012
- C:\Windows\System\SvJJokY.exe
  C:\Windows\System\SvJJokY.exe
  2⤵
  PID:2216
- C:\Windows\System\yjpripi.exe
  C:\Windows\System\yjpripi.exe
  2⤵
  PID:5088
- C:\Windows\System\UFgouFt.exe
  C:\Windows\System\UFgouFt.exe
  2⤵
  PID:5076
- C:\Windows\System\XpaDsCE.exe
  C:\Windows\System\XpaDsCE.exe
  2⤵
  PID:5116
- C:\Windows\System\hfVQiNR.exe
  C:\Windows\System\hfVQiNR.exe
  2⤵
  PID:3908
- C:\Windows\System\LuQLrls.exe
  C:\Windows\System\LuQLrls.exe
  2⤵
  PID:4080
- C:\Windows\System\hPEaKuL.exe
  C:\Windows\System\hPEaKuL.exe
  2⤵
  PID:3144
- C:\Windows\System\mjePkJn.exe
  C:\Windows\System\mjePkJn.exe
  2⤵
  PID:4048
- C:\Windows\System\PszYgLf.exe
  C:\Windows\System\PszYgLf.exe
  2⤵
  PID:4108
- C:\Windows\System\HGOfeyQ.exe
  C:\Windows\System\HGOfeyQ.exe
  2⤵
  PID:4248
- C:\Windows\System\rSfDhDa.exe
  C:\Windows\System\rSfDhDa.exe
  2⤵
  PID:4272
- C:\Windows\System\MgAhvnr.exe
  C:\Windows\System\MgAhvnr.exe
  2⤵
  PID:4252
- C:\Windows\System\qzKlwoy.exe
  C:\Windows\System\qzKlwoy.exe
  2⤵
  PID:4392
- C:\Windows\System\ounBZEu.exe
  C:\Windows\System\ounBZEu.exe
  2⤵
  PID:4408
- C:\Windows\System\NuQOFpH.exe
  C:\Windows\System\NuQOFpH.exe
  2⤵
  PID:4432
- C:\Windows\System\BDNfewW.exe
  C:\Windows\System\BDNfewW.exe
  2⤵
  PID:4496
- C:\Windows\System\lgeQvPV.exe
  C:\Windows\System\lgeQvPV.exe
  2⤵
  PID:4472
- C:\Windows\System\WrdjYUG.exe
  C:\Windows\System\WrdjYUG.exe
  2⤵
  PID:4516
- C:\Windows\System\RNwwHYB.exe
  C:\Windows\System\RNwwHYB.exe
  2⤵
  PID:4652
- C:\Windows\System\CwctngW.exe
  C:\Windows\System\CwctngW.exe
  2⤵
  PID:4636
- C:\Windows\System\PWyOLmv.exe
  C:\Windows\System\PWyOLmv.exe
  2⤵
  PID:4692
- C:\Windows\System\tzpzIhy.exe
  C:\Windows\System\tzpzIhy.exe
  2⤵
  PID:4712
- C:\Windows\System\QPTrEnf.exe
  C:\Windows\System\QPTrEnf.exe
  2⤵
  PID:4760
- C:\Windows\System\cLNiAsy.exe
  C:\Windows\System\cLNiAsy.exe
  2⤵
  PID:4836
- C:\Windows\System\onOwZDe.exe
  C:\Windows\System\onOwZDe.exe
  2⤵
  PID:4936
- C:\Windows\System\EjnfJRy.exe
  C:\Windows\System\EjnfJRy.exe
  2⤵
  PID:4940
- C:\Windows\System\lzRKYkB.exe
  C:\Windows\System\lzRKYkB.exe
  2⤵
  PID:4956
- C:\Windows\System\xOozQBF.exe
  C:\Windows\System\xOozQBF.exe
  2⤵
  PID:4996
- C:\Windows\System\jAmznfW.exe
  C:\Windows\System\jAmznfW.exe
  2⤵
  PID:2920
- C:\Windows\System\XsQiSYF.exe
  C:\Windows\System\XsQiSYF.exe
  2⤵
  PID:2760
- C:\Windows\System\kiHFEVY.exe
  C:\Windows\System\kiHFEVY.exe
  2⤵
  PID:4040
- C:\Windows\System\qMGpMSb.exe
  C:\Windows\System\qMGpMSb.exe
  2⤵
  PID:4104
- C:\Windows\System\Ngvlzlb.exe
  C:\Windows\System\Ngvlzlb.exe
  2⤵
  PID:4232
- C:\Windows\System\lHOFQLb.exe
  C:\Windows\System\lHOFQLb.exe
  2⤵
  PID:4216
- C:\Windows\System\pGidUwt.exe
  C:\Windows\System\pGidUwt.exe
  2⤵
  PID:4416
- C:\Windows\System\DQFSbcs.exe
  C:\Windows\System\DQFSbcs.exe
  2⤵
  PID:2560
- C:\Windows\System\QMCnhIP.exe
  C:\Windows\System\QMCnhIP.exe
  2⤵
  PID:2456
- C:\Windows\System\OUxFwUC.exe
  C:\Windows\System\OUxFwUC.exe
  2⤵
  PID:4592
- C:\Windows\System\PzaXcZq.exe
  C:\Windows\System\PzaXcZq.exe
  2⤵
  PID:236
- C:\Windows\System\QQbZRFc.exe
  C:\Windows\System\QQbZRFc.exe
  2⤵
  PID:4752
- C:\Windows\System\oMYJcpM.exe
  C:\Windows\System\oMYJcpM.exe
  2⤵
  PID:4872
- C:\Windows\System\NUVzsdA.exe
  C:\Windows\System\NUVzsdA.exe
  2⤵
  PID:4800
- C:\Windows\System\eiotQYX.exe
  C:\Windows\System\eiotQYX.exe
  2⤵
  PID:2328
- C:\Windows\System\WCBGCoA.exe
  C:\Windows\System\WCBGCoA.exe
  2⤵
  PID:5032
- C:\Windows\System\NkVPGeu.exe
  C:\Windows\System\NkVPGeu.exe
  2⤵
  PID:5072
- C:\Windows\System\jsFoAwx.exe
  C:\Windows\System\jsFoAwx.exe
  2⤵
  PID:5132
- C:\Windows\System\lDnbOMA.exe
  C:\Windows\System\lDnbOMA.exe
  2⤵
  PID:5152
- C:\Windows\System\SjpqCXU.exe
  C:\Windows\System\SjpqCXU.exe
  2⤵
  PID:5172
- C:\Windows\System\zmYwVBq.exe
  C:\Windows\System\zmYwVBq.exe
  2⤵
  PID:5192
- C:\Windows\System\dFPkQqm.exe
  C:\Windows\System\dFPkQqm.exe
  2⤵
  PID:5212
- C:\Windows\System\hvvmtgo.exe
  C:\Windows\System\hvvmtgo.exe
  2⤵
  PID:5232
- C:\Windows\System\ZEtslSB.exe
  C:\Windows\System\ZEtslSB.exe
  2⤵
  PID:5252
- C:\Windows\System\MXIVDng.exe
  C:\Windows\System\MXIVDng.exe
  2⤵
  PID:5272
- C:\Windows\System\QGOBwss.exe
  C:\Windows\System\QGOBwss.exe
  2⤵
  PID:5292
- C:\Windows\System\SQNRTtY.exe
  C:\Windows\System\SQNRTtY.exe
  2⤵
  PID:5312
- C:\Windows\System\AhjYnBP.exe
  C:\Windows\System\AhjYnBP.exe
  2⤵
  PID:5332
- C:\Windows\System\XlXwSPw.exe
  C:\Windows\System\XlXwSPw.exe
  2⤵
  PID:5352
- C:\Windows\System\tYmCyRA.exe
  C:\Windows\System\tYmCyRA.exe
  2⤵
  PID:5376
- C:\Windows\System\pGlGhfM.exe
  C:\Windows\System\pGlGhfM.exe
  2⤵
  PID:5396
- C:\Windows\System\XQcksmz.exe
  C:\Windows\System\XQcksmz.exe
  2⤵
  PID:5416
- C:\Windows\System\gQThorU.exe
  C:\Windows\System\gQThorU.exe
  2⤵
  PID:5436
- C:\Windows\System\LVckJqp.exe
  C:\Windows\System\LVckJqp.exe
  2⤵
  PID:5456
- C:\Windows\System\NquTWer.exe
  C:\Windows\System\NquTWer.exe
  2⤵
  PID:5476
- C:\Windows\System\ooDuNIc.exe
  C:\Windows\System\ooDuNIc.exe
  2⤵
  PID:5496
- C:\Windows\System\AqflXKM.exe
  C:\Windows\System\AqflXKM.exe
  2⤵
  PID:5516
- C:\Windows\System\WnKhaTL.exe
  C:\Windows\System\WnKhaTL.exe
  2⤵
  PID:5536
- C:\Windows\System\FDbKLSg.exe
  C:\Windows\System\FDbKLSg.exe
  2⤵
  PID:5556
- C:\Windows\System\dsOsBlm.exe
  C:\Windows\System\dsOsBlm.exe
  2⤵
  PID:5576
- C:\Windows\System\dEMimnm.exe
  C:\Windows\System\dEMimnm.exe
  2⤵
  PID:5596
- C:\Windows\System\SFoMtlo.exe
  C:\Windows\System\SFoMtlo.exe
  2⤵
  PID:5616
- C:\Windows\System\yZJvoLW.exe
  C:\Windows\System\yZJvoLW.exe
  2⤵
  PID:5636
- C:\Windows\System\lLSthHk.exe
  C:\Windows\System\lLSthHk.exe
  2⤵
  PID:5656
- C:\Windows\System\gkoJChf.exe
  C:\Windows\System\gkoJChf.exe
  2⤵
  PID:5676
- C:\Windows\System\bfgGJso.exe
  C:\Windows\System\bfgGJso.exe
  2⤵
  PID:5696
- C:\Windows\System\CGIwcVB.exe
  C:\Windows\System\CGIwcVB.exe
  2⤵
  PID:5716
- C:\Windows\System\JXiCCQa.exe
  C:\Windows\System\JXiCCQa.exe
  2⤵
  PID:5736
- C:\Windows\System\cOkoNvz.exe
  C:\Windows\System\cOkoNvz.exe
  2⤵
  PID:5756
- C:\Windows\System\YxciITO.exe
  C:\Windows\System\YxciITO.exe
  2⤵
  PID:5776
- C:\Windows\System\zjUppMn.exe
  C:\Windows\System\zjUppMn.exe
  2⤵
  PID:5796
- C:\Windows\System\cmybwkE.exe
  C:\Windows\System\cmybwkE.exe
  2⤵
  PID:5816
- C:\Windows\System\yorqdwY.exe
  C:\Windows\System\yorqdwY.exe
  2⤵
  PID:5836
- C:\Windows\System\xEtkwxC.exe
  C:\Windows\System\xEtkwxC.exe
  2⤵
  PID:5856
- C:\Windows\System\utnGNqE.exe
  C:\Windows\System\utnGNqE.exe
  2⤵
  PID:5876
- C:\Windows\System\lvRIdVl.exe
  C:\Windows\System\lvRIdVl.exe
  2⤵
  PID:5896
- C:\Windows\System\ZYBvBgE.exe
  C:\Windows\System\ZYBvBgE.exe
  2⤵
  PID:5916
- C:\Windows\System\xuiigfE.exe
  C:\Windows\System\xuiigfE.exe
  2⤵
  PID:5936
- C:\Windows\System\LPdtxwL.exe
  C:\Windows\System\LPdtxwL.exe
  2⤵
  PID:5956
- C:\Windows\System\RJxJoOt.exe
  C:\Windows\System\RJxJoOt.exe
  2⤵
  PID:5976
- C:\Windows\System\TLUcoDf.exe
  C:\Windows\System\TLUcoDf.exe
  2⤵
  PID:5996
- C:\Windows\System\gOlVufD.exe
  C:\Windows\System\gOlVufD.exe
  2⤵
  PID:6016
- C:\Windows\System\cLmBhxl.exe
  C:\Windows\System\cLmBhxl.exe
  2⤵
  PID:6036
- C:\Windows\System\qEjNAEo.exe
  C:\Windows\System\qEjNAEo.exe
  2⤵
  PID:6056
- C:\Windows\System\UjPEJkT.exe
  C:\Windows\System\UjPEJkT.exe
  2⤵
  PID:6076
- C:\Windows\System\Gkfikxj.exe
  C:\Windows\System\Gkfikxj.exe
  2⤵
  PID:6096
- C:\Windows\System\uOpSISv.exe
  C:\Windows\System\uOpSISv.exe
  2⤵
  PID:6116
- C:\Windows\System\KgYtzyp.exe
  C:\Windows\System\KgYtzyp.exe
  2⤵
  PID:6136
- C:\Windows\System\bDXVibd.exe
  C:\Windows\System\bDXVibd.exe
  2⤵
  PID:2644
- C:\Windows\System\njjjvtl.exe
  C:\Windows\System\njjjvtl.exe
  2⤵
  PID:4184
- C:\Windows\System\grzGhNm.exe
  C:\Windows\System\grzGhNm.exe
  2⤵
  PID:4368
- C:\Windows\System\FNAptRu.exe
  C:\Windows\System\FNAptRu.exe
  2⤵
  PID:1624
- C:\Windows\System\FhzqiHL.exe
  C:\Windows\System\FhzqiHL.exe
  2⤵
  PID:1604
- C:\Windows\System\mREHvaq.exe
  C:\Windows\System\mREHvaq.exe
  2⤵
  PID:4576
- C:\Windows\System\RHcXFBe.exe
  C:\Windows\System\RHcXFBe.exe
  2⤵
  PID:4812
- C:\Windows\System\lCfihiv.exe
  C:\Windows\System\lCfihiv.exe
  2⤵
  PID:5016
- C:\Windows\System\eZpULlZ.exe
  C:\Windows\System\eZpULlZ.exe
  2⤵
  PID:3924
- C:\Windows\System\ZeivMJI.exe
  C:\Windows\System\ZeivMJI.exe
  2⤵
  PID:5140
- C:\Windows\System\awokhgG.exe
  C:\Windows\System\awokhgG.exe
  2⤵
  PID:5144
- C:\Windows\System\lENLxGd.exe
  C:\Windows\System\lENLxGd.exe
  2⤵
  PID:5208
- C:\Windows\System\AdDIWQw.exe
  C:\Windows\System\AdDIWQw.exe
  2⤵
  PID:5224
- C:\Windows\System\OfPZjrn.exe
  C:\Windows\System\OfPZjrn.exe
  2⤵
  PID:5264
- C:\Windows\System\TUZLvJk.exe
  C:\Windows\System\TUZLvJk.exe
  2⤵
  PID:5320
- C:\Windows\System\VjZEohF.exe
  C:\Windows\System\VjZEohF.exe
  2⤵
  PID:5340
- C:\Windows\System\fqKfHim.exe
  C:\Windows\System\fqKfHim.exe
  2⤵
  PID:5344
- C:\Windows\System\Hhjgunn.exe
  C:\Windows\System\Hhjgunn.exe
  2⤵
  PID:5408
- C:\Windows\System\gHPRbyd.exe
  C:\Windows\System\gHPRbyd.exe
  2⤵
  PID:5452
- C:\Windows\System\hBtpSWk.exe
  C:\Windows\System\hBtpSWk.exe
  2⤵
  PID:5468
- C:\Windows\System\dtqPemA.exe
  C:\Windows\System\dtqPemA.exe
  2⤵
  PID:5532
- C:\Windows\System\BLCNycJ.exe
  C:\Windows\System\BLCNycJ.exe
  2⤵
  PID:5552
- C:\Windows\System\PCbCWqJ.exe
  C:\Windows\System\PCbCWqJ.exe
  2⤵
  PID:5604
- C:\Windows\System\PmkVNTb.exe
  C:\Windows\System\PmkVNTb.exe
  2⤵
  PID:5608
- C:\Windows\System\zLwpclG.exe
  C:\Windows\System\zLwpclG.exe
  2⤵
  PID:5628
- C:\Windows\System\xPihYpQ.exe
  C:\Windows\System\xPihYpQ.exe
  2⤵
  PID:5684
- C:\Windows\System\mAhrIiE.exe
  C:\Windows\System\mAhrIiE.exe
  2⤵
  PID:5732
- C:\Windows\System\PJUCEFU.exe
  C:\Windows\System\PJUCEFU.exe
  2⤵
  PID:5764
- C:\Windows\System\HpAJhMe.exe
  C:\Windows\System\HpAJhMe.exe
  2⤵
  PID:5804
- C:\Windows\System\sBocPJJ.exe
  C:\Windows\System\sBocPJJ.exe
  2⤵
  PID:5808
- C:\Windows\System\GGHYWll.exe
  C:\Windows\System\GGHYWll.exe
  2⤵
  PID:5828
- C:\Windows\System\IVjDBaB.exe
  C:\Windows\System\IVjDBaB.exe
  2⤵
  PID:5892
- C:\Windows\System\AhBcmdF.exe
  C:\Windows\System\AhBcmdF.exe
  2⤵
  PID:5924
- C:\Windows\System\GhXuncK.exe
  C:\Windows\System\GhXuncK.exe
  2⤵
  PID:5944
- C:\Windows\System\LtdPLMX.exe
  C:\Windows\System\LtdPLMX.exe
  2⤵
  PID:2652
- C:\Windows\System\QrZFRtE.exe
  C:\Windows\System\QrZFRtE.exe
  2⤵
  PID:5988
- C:\Windows\System\GykypQx.exe
  C:\Windows\System\GykypQx.exe
  2⤵
  PID:6052
- C:\Windows\System\qwbYCxU.exe
  C:\Windows\System\qwbYCxU.exe
  2⤵
  PID:6072
- C:\Windows\System\aTaWQfb.exe
  C:\Windows\System\aTaWQfb.exe
  2⤵
  PID:6104
- C:\Windows\System\gMaZMIQ.exe
  C:\Windows\System\gMaZMIQ.exe
  2⤵
  PID:6108
- C:\Windows\System\LXrijYU.exe
  C:\Windows\System\LXrijYU.exe
  2⤵
  PID:4012
- C:\Windows\System\GOXSXJL.exe
  C:\Windows\System\GOXSXJL.exe
  2⤵
  PID:4268
- C:\Windows\System\GBTZLJE.exe
  C:\Windows\System\GBTZLJE.exe
  2⤵
  PID:4696
- C:\Windows\System\TtwfKzx.exe
  C:\Windows\System\TtwfKzx.exe
  2⤵
  PID:4772
- C:\Windows\System\RJeAwFH.exe
  C:\Windows\System\RJeAwFH.exe
  2⤵
  PID:4992
- C:\Windows\System\qsHjrWm.exe
  C:\Windows\System\qsHjrWm.exe
  2⤵
  PID:2400
- C:\Windows\System\tEQmPqq.exe
  C:\Windows\System\tEQmPqq.exe
  2⤵
  PID:5184
- C:\Windows\System\TqElvDU.exe
  C:\Windows\System\TqElvDU.exe
  2⤵
  PID:5220
- C:\Windows\System\twKxLLC.exe
  C:\Windows\System\twKxLLC.exe
  2⤵
  PID:5260
- C:\Windows\System\hWRDmUd.exe
  C:\Windows\System\hWRDmUd.exe
  2⤵
  PID:5288
- C:\Windows\System\MtQROZU.exe
  C:\Windows\System\MtQROZU.exe
  2⤵
  PID:5348
- C:\Windows\System\uRUTfEk.exe
  C:\Windows\System\uRUTfEk.exe
  2⤵
  PID:5428
- C:\Windows\System\yfxyckk.exe
  C:\Windows\System\yfxyckk.exe
  2⤵
  PID:5544
- C:\Windows\System\rFxQnJl.exe
  C:\Windows\System\rFxQnJl.exe
  2⤵
  PID:5528
- C:\Windows\System\xAYlbpi.exe
  C:\Windows\System\xAYlbpi.exe
  2⤵
  PID:5612
- C:\Windows\System\yQfdRcv.exe
  C:\Windows\System\yQfdRcv.exe
  2⤵
  PID:2680
- C:\Windows\System\DioTEcV.exe
  C:\Windows\System\DioTEcV.exe
  2⤵
  PID:5668
- C:\Windows\System\wicdMMi.exe
  C:\Windows\System\wicdMMi.exe
  2⤵
  PID:5692
- C:\Windows\System\uKCEanC.exe
  C:\Windows\System\uKCEanC.exe
  2⤵
  PID:5792
- C:\Windows\System\sofLAnD.exe
  C:\Windows\System\sofLAnD.exe
  2⤵
  PID:5844
- C:\Windows\System\pfYQMtT.exe
  C:\Windows\System\pfYQMtT.exe
  2⤵
  PID:5852
- C:\Windows\System\qnMaSIF.exe
  C:\Windows\System\qnMaSIF.exe
  2⤵
  PID:5888
- C:\Windows\System\SfQBVOw.exe
  C:\Windows\System\SfQBVOw.exe
  2⤵
  PID:5948
- C:\Windows\System\aKCrnpS.exe
  C:\Windows\System\aKCrnpS.exe
  2⤵
  PID:6032
- C:\Windows\System\qxVwNzE.exe
  C:\Windows\System\qxVwNzE.exe
  2⤵
  PID:6092
- C:\Windows\System\IfxKnCp.exe
  C:\Windows\System\IfxKnCp.exe
  2⤵
  PID:332
- C:\Windows\System\JoWMlok.exe
  C:\Windows\System\JoWMlok.exe
  2⤵
  PID:2772
- C:\Windows\System\tyCknQg.exe
  C:\Windows\System\tyCknQg.exe
  2⤵
  PID:4356
- C:\Windows\System\FAWXNVF.exe
  C:\Windows\System\FAWXNVF.exe
  2⤵
  PID:4916
- C:\Windows\System\HZOKONH.exe
  C:\Windows\System\HZOKONH.exe
  2⤵
  PID:5128
- C:\Windows\System\XlRdkJY.exe
  C:\Windows\System\XlRdkJY.exe
  2⤵
  PID:5324
- C:\Windows\System\ddDhmjw.exe
  C:\Windows\System\ddDhmjw.exe
  2⤵
  PID:5372
- C:\Windows\System\GCvzviu.exe
  C:\Windows\System\GCvzviu.exe
  2⤵
  PID:5392
- C:\Windows\System\QSvAOsO.exe
  C:\Windows\System\QSvAOsO.exe
  2⤵
  PID:5464
- C:\Windows\System\vhzTSWe.exe
  C:\Windows\System\vhzTSWe.exe
  2⤵
  PID:5572
- C:\Windows\System\mJTpgpe.exe
  C:\Windows\System\mJTpgpe.exe
  2⤵
  PID:5708
- C:\Windows\System\XrSEgNS.exe
  C:\Windows\System\XrSEgNS.exe
  2⤵
  PID:5768
- C:\Windows\System\zYoyGXx.exe
  C:\Windows\System\zYoyGXx.exe
  2⤵
  PID:5772
- C:\Windows\System\RjVFGcy.exe
  C:\Windows\System\RjVFGcy.exe
  2⤵
  PID:5904
- C:\Windows\System\fEZPkmA.exe
  C:\Windows\System\fEZPkmA.exe
  2⤵
  PID:6008
- C:\Windows\System\cJeZVNj.exe
  C:\Windows\System\cJeZVNj.exe
  2⤵
  PID:6088
- C:\Windows\System\AVcSbOz.exe
  C:\Windows\System\AVcSbOz.exe
  2⤵
  PID:4192
- C:\Windows\System\WXqvsST.exe
  C:\Windows\System\WXqvsST.exe
  2⤵
  PID:3712
- C:\Windows\System\PdvONLg.exe
  C:\Windows\System\PdvONLg.exe
  2⤵
  PID:2984
- C:\Windows\System\XhUIvwM.exe
  C:\Windows\System\XhUIvwM.exe
  2⤵
  PID:5228
- C:\Windows\System\MXZCTyw.exe
  C:\Windows\System\MXZCTyw.exe
  2⤵
  PID:2616
- C:\Windows\System\vCGhLrp.exe
  C:\Windows\System\vCGhLrp.exe
  2⤵
  PID:5488
- C:\Windows\System\BDpRdwy.exe
  C:\Windows\System\BDpRdwy.exe
  2⤵
  PID:5564
- C:\Windows\System\EwPyBBM.exe
  C:\Windows\System\EwPyBBM.exe
  2⤵
  PID:5744
- C:\Windows\System\BnXOHDO.exe
  C:\Windows\System\BnXOHDO.exe
  2⤵
  PID:5984
- C:\Windows\System\URRgDeV.exe
  C:\Windows\System\URRgDeV.exe
  2⤵
  PID:5972
- C:\Windows\System\lBSYEyF.exe
  C:\Windows\System\lBSYEyF.exe
  2⤵
  PID:6156
- C:\Windows\System\CwCMfUH.exe
  C:\Windows\System\CwCMfUH.exe
  2⤵
  PID:6176
- C:\Windows\System\gzPQpEN.exe
  C:\Windows\System\gzPQpEN.exe
  2⤵
  PID:6196
- C:\Windows\System\fMYEgCK.exe
  C:\Windows\System\fMYEgCK.exe
  2⤵
  PID:6216
- C:\Windows\System\EfYmCnh.exe
  C:\Windows\System\EfYmCnh.exe
  2⤵
  PID:6236
- C:\Windows\System\eDFwQBq.exe
  C:\Windows\System\eDFwQBq.exe
  2⤵
  PID:6256
- C:\Windows\System\tQdkapM.exe
  C:\Windows\System\tQdkapM.exe
  2⤵
  PID:6276
- C:\Windows\System\zReJfHD.exe
  C:\Windows\System\zReJfHD.exe
  2⤵
  PID:6296
- C:\Windows\System\lVKeZeD.exe
  C:\Windows\System\lVKeZeD.exe
  2⤵
  PID:6316
- C:\Windows\System\aJVYUDf.exe
  C:\Windows\System\aJVYUDf.exe
  2⤵
  PID:6336
- C:\Windows\System\UeUtnXi.exe
  C:\Windows\System\UeUtnXi.exe
  2⤵
  PID:6356
- C:\Windows\System\uDoANyH.exe
  C:\Windows\System\uDoANyH.exe
  2⤵
  PID:6376
- C:\Windows\System\SenTssL.exe
  C:\Windows\System\SenTssL.exe
  2⤵
  PID:6396
- C:\Windows\System\fiRDFcC.exe
  C:\Windows\System\fiRDFcC.exe
  2⤵
  PID:6416
- C:\Windows\System\hSadFpY.exe
  C:\Windows\System\hSadFpY.exe
  2⤵
  PID:6436
- C:\Windows\System\cEyCRdQ.exe
  C:\Windows\System\cEyCRdQ.exe
  2⤵
  PID:6456
- C:\Windows\System\HCfEhGY.exe
  C:\Windows\System\HCfEhGY.exe
  2⤵
  PID:6476
- C:\Windows\System\KWVzRKh.exe
  C:\Windows\System\KWVzRKh.exe
  2⤵
  PID:6496
- C:\Windows\System\SVSEKDq.exe
  C:\Windows\System\SVSEKDq.exe
  2⤵
  PID:6516
- C:\Windows\System\PviVDPD.exe
  C:\Windows\System\PviVDPD.exe
  2⤵
  PID:6536
- C:\Windows\System\FXbGTqm.exe
  C:\Windows\System\FXbGTqm.exe
  2⤵
  PID:6556
- C:\Windows\System\dKPsNim.exe
  C:\Windows\System\dKPsNim.exe
  2⤵
  PID:6576
- C:\Windows\System\kpqUdbr.exe
  C:\Windows\System\kpqUdbr.exe
  2⤵
  PID:6596
- C:\Windows\System\MQxIbhM.exe
  C:\Windows\System\MQxIbhM.exe
  2⤵
  PID:6616
- C:\Windows\System\ofKmhDo.exe
  C:\Windows\System\ofKmhDo.exe
  2⤵
  PID:6636
- C:\Windows\System\XDCsGYn.exe
  C:\Windows\System\XDCsGYn.exe
  2⤵
  PID:6656
- C:\Windows\System\TSLzOtE.exe
  C:\Windows\System\TSLzOtE.exe
  2⤵
  PID:6676
- C:\Windows\System\vOzDLdr.exe
  C:\Windows\System\vOzDLdr.exe
  2⤵
  PID:6696
- C:\Windows\System\WgYobpf.exe
  C:\Windows\System\WgYobpf.exe
  2⤵
  PID:6720
- C:\Windows\System\RkqPnzA.exe
  C:\Windows\System\RkqPnzA.exe
  2⤵
  PID:6740
- C:\Windows\System\YLsHAUc.exe
  C:\Windows\System\YLsHAUc.exe
  2⤵
  PID:6760
- C:\Windows\System\JgRryVL.exe
  C:\Windows\System\JgRryVL.exe
  2⤵
  PID:6780
- C:\Windows\System\QQDRMMn.exe
  C:\Windows\System\QQDRMMn.exe
  2⤵
  PID:6800
- C:\Windows\System\OwqZqxl.exe
  C:\Windows\System\OwqZqxl.exe
  2⤵
  PID:6820
- C:\Windows\System\cpUqbgM.exe
  C:\Windows\System\cpUqbgM.exe
  2⤵
  PID:6840
- C:\Windows\System\LZQGcNU.exe
  C:\Windows\System\LZQGcNU.exe
  2⤵
  PID:6860
- C:\Windows\System\FEdndHN.exe
  C:\Windows\System\FEdndHN.exe
  2⤵
  PID:6880
- C:\Windows\System\KvnIvAz.exe
  C:\Windows\System\KvnIvAz.exe
  2⤵
  PID:6900
- C:\Windows\System\BEbAcVN.exe
  C:\Windows\System\BEbAcVN.exe
  2⤵
  PID:6920
- C:\Windows\System\gYAedPq.exe
  C:\Windows\System\gYAedPq.exe
  2⤵
  PID:6940
- C:\Windows\System\LNjbZoI.exe
  C:\Windows\System\LNjbZoI.exe
  2⤵
  PID:6960
- C:\Windows\System\VnxFqLS.exe
  C:\Windows\System\VnxFqLS.exe
  2⤵
  PID:6980
- C:\Windows\System\KNbMNyJ.exe
  C:\Windows\System\KNbMNyJ.exe
  2⤵
  PID:7000
- C:\Windows\System\ZfkyEEO.exe
  C:\Windows\System\ZfkyEEO.exe
  2⤵
  PID:7020
- C:\Windows\System\JWcTJmU.exe
  C:\Windows\System\JWcTJmU.exe
  2⤵
  PID:7044
- C:\Windows\System\ryBryVY.exe
  C:\Windows\System\ryBryVY.exe
  2⤵
  PID:7084
- C:\Windows\System\PqgQxSH.exe
  C:\Windows\System\PqgQxSH.exe
  2⤵
  PID:7104
- C:\Windows\System\dNYmCRm.exe
  C:\Windows\System\dNYmCRm.exe
  2⤵
  PID:7120
- C:\Windows\System\VOcuLJM.exe
  C:\Windows\System\VOcuLJM.exe
  2⤵
  PID:7144
- C:\Windows\System\GTVOcSm.exe
  C:\Windows\System\GTVOcSm.exe
  2⤵
  PID:7160
- C:\Windows\System\mFckQcU.exe
  C:\Windows\System\mFckQcU.exe
  2⤵
  PID:6068
- C:\Windows\System\mWcaKbj.exe
  C:\Windows\System\mWcaKbj.exe
  2⤵
  PID:984
- C:\Windows\System\lpulBaW.exe
  C:\Windows\System\lpulBaW.exe
  2⤵
  PID:5168
- C:\Windows\System\TTZEKJt.exe
  C:\Windows\System\TTZEKJt.exe
  2⤵
  PID:5524
- C:\Windows\System\pzJKZNO.exe
  C:\Windows\System\pzJKZNO.exe
  2⤵
  PID:5652
- C:\Windows\System\dGkCdfm.exe
  C:\Windows\System\dGkCdfm.exe
  2⤵
  PID:5748
- C:\Windows\System\GEILBNw.exe
  C:\Windows\System\GEILBNw.exe
  2⤵
  PID:5832
- C:\Windows\System\cavydOW.exe
  C:\Windows\System\cavydOW.exe
  2⤵
  PID:1432
- C:\Windows\System\cmOCrYG.exe
  C:\Windows\System\cmOCrYG.exe
  2⤵
  PID:6168
- C:\Windows\System\yiuCWeE.exe
  C:\Windows\System\yiuCWeE.exe
  2⤵
  PID:6212
- C:\Windows\System\nSwLrhk.exe
  C:\Windows\System\nSwLrhk.exe
  2⤵
  PID:6268
- C:\Windows\System\GgVMKur.exe
  C:\Windows\System\GgVMKur.exe
  2⤵
  PID:6284
- C:\Windows\System\VhxNIZI.exe
  C:\Windows\System\VhxNIZI.exe
  2⤵
  PID:6288
- C:\Windows\System\wEDZtoL.exe
  C:\Windows\System\wEDZtoL.exe
  2⤵
  PID:6328
- C:\Windows\System\cRTLYfr.exe
  C:\Windows\System\cRTLYfr.exe
  2⤵
  PID:2060
- C:\Windows\System\xQIojTC.exe
  C:\Windows\System\xQIojTC.exe
  2⤵
  PID:6388
- C:\Windows\System\ltkViQi.exe
  C:\Windows\System\ltkViQi.exe
  2⤵
  PID:2316
- C:\Windows\System\juaKEnB.exe
  C:\Windows\System\juaKEnB.exe
  2⤵
  PID:6428
- C:\Windows\System\DWxPdnk.exe
  C:\Windows\System\DWxPdnk.exe
  2⤵
  PID:6444
- C:\Windows\System\qIjQWSg.exe
  C:\Windows\System\qIjQWSg.exe
  2⤵
  PID:6448
- C:\Windows\System\IkoNWQo.exe
  C:\Windows\System\IkoNWQo.exe
  2⤵
  PID:2592
- C:\Windows\System\gwJrnDE.exe
  C:\Windows\System\gwJrnDE.exe
  2⤵
  PID:6508
- C:\Windows\System\weWXANa.exe
  C:\Windows\System\weWXANa.exe
  2⤵
  PID:6548
- C:\Windows\System\qlGwSWs.exe
  C:\Windows\System\qlGwSWs.exe
  2⤵
  PID:6584
- C:\Windows\System\UfUNoOM.exe
  C:\Windows\System\UfUNoOM.exe
  2⤵
  PID:6564
- C:\Windows\System\lYjLspt.exe
  C:\Windows\System\lYjLspt.exe
  2⤵
  PID:6604
- C:\Windows\System\QlArino.exe
  C:\Windows\System\QlArino.exe
  2⤵
  PID:6628
- C:\Windows\System\tcOZtNE.exe
  C:\Windows\System\tcOZtNE.exe
  2⤵
  PID:1668
- C:\Windows\System\MSOhyhg.exe
  C:\Windows\System\MSOhyhg.exe
  2⤵
  PID:2428
- C:\Windows\System\ndyrPrV.exe
  C:\Windows\System\ndyrPrV.exe
  2⤵
  PID:6776
- C:\Windows\System\IOaJjXZ.exe
  C:\Windows\System\IOaJjXZ.exe
  2⤵
  PID:6836
- C:\Windows\System\nQFEYii.exe
  C:\Windows\System\nQFEYii.exe
  2⤵
  PID:1552
- C:\Windows\System\jRDqQsA.exe
  C:\Windows\System\jRDqQsA.exe
  2⤵
  PID:6868
- C:\Windows\System\sXInoMH.exe
  C:\Windows\System\sXInoMH.exe
  2⤵
  PID:1860
- C:\Windows\System\PaahxUc.exe
  C:\Windows\System\PaahxUc.exe
  2⤵
  PID:6912
- C:\Windows\System\rMLfeja.exe
  C:\Windows\System\rMLfeja.exe
  2⤵
  PID:1148
- C:\Windows\System\TuUQuuL.exe
  C:\Windows\System\TuUQuuL.exe
  2⤵
  PID:2276
- C:\Windows\System\SvzfcXV.exe
  C:\Windows\System\SvzfcXV.exe
  2⤵
  PID:276
- C:\Windows\System\EEydqsl.exe
  C:\Windows\System\EEydqsl.exe
  2⤵
  PID:6996
- C:\Windows\System\otrHFqs.exe
  C:\Windows\System\otrHFqs.exe
  2⤵
  PID:1104
- C:\Windows\System\YfHlMPX.exe
  C:\Windows\System\YfHlMPX.exe
  2⤵
  PID:7028
- C:\Windows\System\URnvkVr.exe
  C:\Windows\System\URnvkVr.exe
  2⤵
  PID:7064
- C:\Windows\System\hRDlPci.exe
  C:\Windows\System\hRDlPci.exe
  2⤵
  PID:7080
- C:\Windows\System\sGkGSqH.exe
  C:\Windows\System\sGkGSqH.exe
  2⤵
  PID:7128
- C:\Windows\System\kpIDWjV.exe
  C:\Windows\System\kpIDWjV.exe
  2⤵
  PID:7116
- C:\Windows\System\OinGSVd.exe
  C:\Windows\System\OinGSVd.exe
  2⤵
  PID:2556
- C:\Windows\System\iLVIQSD.exe
  C:\Windows\System\iLVIQSD.exe
  2⤵
  PID:2732
- C:\Windows\System\LexZQkO.exe
  C:\Windows\System\LexZQkO.exe
  2⤵
  PID:6172
- C:\Windows\System\MXvXRxP.exe
  C:\Windows\System\MXvXRxP.exe
  2⤵
  PID:6264
- C:\Windows\System\nAUNIzj.exe
  C:\Windows\System\nAUNIzj.exe
  2⤵
  PID:112
- C:\Windows\System\AscaBVT.exe
  C:\Windows\System\AscaBVT.exe
  2⤵
  PID:3044
- C:\Windows\System\ZvbshJA.exe
  C:\Windows\System\ZvbshJA.exe
  2⤵
  PID:4336
- C:\Windows\System\CbOErgu.exe
  C:\Windows\System\CbOErgu.exe
  2⤵
  PID:5304
- C:\Windows\System\MXgwtsN.exe
  C:\Windows\System\MXgwtsN.exe
  2⤵
  PID:6152
- C:\Windows\System\WPWyaZn.exe
  C:\Windows\System\WPWyaZn.exe
  2⤵
  PID:6224
- C:\Windows\System\dYkToDe.exe
  C:\Windows\System\dYkToDe.exe
  2⤵
  PID:6408
- C:\Windows\System\jzGjPDT.exe
  C:\Windows\System\jzGjPDT.exe
  2⤵
  PID:6624
- C:\Windows\System\ePLQyiV.exe
  C:\Windows\System\ePLQyiV.exe
  2⤵
  PID:1972
- C:\Windows\System\ZvuumRT.exe
  C:\Windows\System\ZvuumRT.exe
  2⤵
  PID:6528
- C:\Windows\System\WiVKcNq.exe
  C:\Windows\System\WiVKcNq.exe
  2⤵
  PID:2032
- C:\Windows\System\BbzqODO.exe
  C:\Windows\System\BbzqODO.exe
  2⤵
  PID:6644
- C:\Windows\System\xMABCqv.exe
  C:\Windows\System\xMABCqv.exe
  2⤵
  PID:6684
- C:\Windows\System\hRAPtzr.exe
  C:\Windows\System\hRAPtzr.exe
  2⤵
  PID:6736
- C:\Windows\System\kLhWBeE.exe
  C:\Windows\System\kLhWBeE.exe
  2⤵
  PID:6772
- C:\Windows\System\GxuJefc.exe
  C:\Windows\System\GxuJefc.exe
  2⤵
  PID:6856
- C:\Windows\System\TWtoopK.exe
  C:\Windows\System\TWtoopK.exe
  2⤵
  PID:6916
- C:\Windows\System\nQoVwqj.exe
  C:\Windows\System\nQoVwqj.exe
  2⤵
  PID:1504
- C:\Windows\System\sZCnbqn.exe
  C:\Windows\System\sZCnbqn.exe
  2⤵
  PID:6872
- C:\Windows\System\qSPowes.exe
  C:\Windows\System\qSPowes.exe
  2⤵
  PID:6968
- C:\Windows\System\xLQRhZh.exe
  C:\Windows\System\xLQRhZh.exe
  2⤵
  PID:5112
- C:\Windows\System\aOooAEV.exe
  C:\Windows\System\aOooAEV.exe
  2⤵
  PID:7096
- C:\Windows\System\QsvXtqO.exe
  C:\Windows\System\QsvXtqO.exe
  2⤵
  PID:7092
- C:\Windows\System\TkyfIgi.exe
  C:\Windows\System\TkyfIgi.exe
  2⤵
  PID:6024
- C:\Windows\System\RsaJKBN.exe
  C:\Windows\System\RsaJKBN.exe
  2⤵
  PID:6404
- C:\Windows\System\pafSOYc.exe
  C:\Windows\System\pafSOYc.exe
  2⤵
  PID:1692
- C:\Windows\System\OLWNycP.exe
  C:\Windows\System\OLWNycP.exe
  2⤵
  PID:6552
- C:\Windows\System\AIbGjGc.exe
  C:\Windows\System\AIbGjGc.exe
  2⤵
  PID:1496
- C:\Windows\System\KXcPGCN.exe
  C:\Windows\System\KXcPGCN.exe
  2⤵
  PID:6352
- C:\Windows\System\YbWlrKi.exe
  C:\Windows\System\YbWlrKi.exe
  2⤵
  PID:7156
- C:\Windows\System\fgvTZac.exe
  C:\Windows\System\fgvTZac.exe
  2⤵
  PID:1652
- C:\Windows\System\TakxnOI.exe
  C:\Windows\System\TakxnOI.exe
  2⤵
  PID:6608
- C:\Windows\System\rqteprz.exe
  C:\Windows\System\rqteprz.exe
  2⤵
  PID:1900
- C:\Windows\System\umbelmh.exe
  C:\Windows\System\umbelmh.exe
  2⤵
  PID:1796
- C:\Windows\System\rgEwEZS.exe
  C:\Windows\System\rgEwEZS.exe
  2⤵
  PID:6948
- C:\Windows\System\ehrkUGL.exe
  C:\Windows\System\ehrkUGL.exe
  2⤵
  PID:792
- C:\Windows\System\DfnFuBu.exe
  C:\Windows\System\DfnFuBu.exe
  2⤵
  PID:6932
- C:\Windows\System\oyoMXkm.exe
  C:\Windows\System\oyoMXkm.exe
  2⤵
  PID:1844
- C:\Windows\System\BKLWBlD.exe
  C:\Windows\System\BKLWBlD.exe
  2⤵
  PID:6188
- C:\Windows\System\SDzGcGi.exe
  C:\Windows\System\SDzGcGi.exe
  2⤵
  PID:5704
- C:\Windows\System\QmmhpCK.exe
  C:\Windows\System\QmmhpCK.exe
  2⤵
  PID:1892
- C:\Windows\System\VNyCVxg.exe
  C:\Windows\System\VNyCVxg.exe
  2⤵
  PID:6976
- C:\Windows\System\BAdvazD.exe
  C:\Windows\System\BAdvazD.exe
  2⤵
  PID:6504
- C:\Windows\System\CUOkkrr.exe
  C:\Windows\System\CUOkkrr.exe
  2⤵
  PID:7112
- C:\Windows\System\cWyxhyi.exe
  C:\Windows\System\cWyxhyi.exe
  2⤵
  PID:6664
- C:\Windows\System\PhrfJhq.exe
  C:\Windows\System\PhrfJhq.exe
  2⤵
  PID:6704
- C:\Windows\System\vLxjIlu.exe
  C:\Windows\System\vLxjIlu.exe
  2⤵
  PID:6648
- C:\Windows\System\GRjjaXV.exe
  C:\Windows\System\GRjjaXV.exe
  2⤵
  PID:6936
- C:\Windows\System\NUurWki.exe
  C:\Windows\System\NUurWki.exe
  2⤵
  PID:2512
- C:\Windows\System\NBiqBBA.exe
  C:\Windows\System\NBiqBBA.exe
  2⤵
  PID:5864
- C:\Windows\System\nBKKaYK.exe
  C:\Windows\System\nBKKaYK.exe
  2⤵
  PID:6668
- C:\Windows\System\hrSFAfp.exe
  C:\Windows\System\hrSFAfp.exe
  2⤵
  PID:7100
- C:\Windows\System\eQpCQyP.exe
  C:\Windows\System\eQpCQyP.exe
  2⤵
  PID:4188
- C:\Windows\System\BvlsnCW.exe
  C:\Windows\System\BvlsnCW.exe
  2⤵
  PID:6544
- C:\Windows\System\MDVFlYY.exe
  C:\Windows\System\MDVFlYY.exe
  2⤵
  PID:6712
- C:\Windows\System\nPfMOtv.exe
  C:\Windows\System\nPfMOtv.exe
  2⤵
  PID:6392
- C:\Windows\System\ZaLlwzW.exe
  C:\Windows\System\ZaLlwzW.exe
  2⤵
  PID:4500
- C:\Windows\System\ZwawZfP.exe
  C:\Windows\System\ZwawZfP.exe
  2⤵
  PID:6756
- C:\Windows\System\BakOIbX.exe
  C:\Windows\System\BakOIbX.exe
  2⤵
  PID:7192
- C:\Windows\System\rgcOCiY.exe
  C:\Windows\System\rgcOCiY.exe
  2⤵
  PID:7208
- C:\Windows\System\AODKGiP.exe
  C:\Windows\System\AODKGiP.exe
  2⤵
  PID:7224
- C:\Windows\System\qZyCbtY.exe
  C:\Windows\System\qZyCbtY.exe
  2⤵
  PID:7248
- C:\Windows\System\nusGdix.exe
  C:\Windows\System\nusGdix.exe
  2⤵
  PID:7272
- C:\Windows\System\ZzMsBbD.exe
  C:\Windows\System\ZzMsBbD.exe
  2⤵
  PID:7292
- C:\Windows\System\TotCiRY.exe
  C:\Windows\System\TotCiRY.exe
  2⤵
  PID:7308
- C:\Windows\System\PVMKGiX.exe
  C:\Windows\System\PVMKGiX.exe
  2⤵
  PID:7340
- C:\Windows\System\RfxkLgo.exe
  C:\Windows\System\RfxkLgo.exe
  2⤵
  PID:7356
- C:\Windows\System\CKueoaP.exe
  C:\Windows\System\CKueoaP.exe
  2⤵
  PID:7372
- C:\Windows\System\CtXWsep.exe
  C:\Windows\System\CtXWsep.exe
  2⤵
  PID:7388
- C:\Windows\System\DlQVXDU.exe
  C:\Windows\System\DlQVXDU.exe
  2⤵
  PID:7404
- C:\Windows\System\cyEaYfN.exe
  C:\Windows\System\cyEaYfN.exe
  2⤵
  PID:7420
- C:\Windows\System\BhkiVKq.exe
  C:\Windows\System\BhkiVKq.exe
  2⤵
  PID:7436
- C:\Windows\System\fnaVhbE.exe
  C:\Windows\System\fnaVhbE.exe
  2⤵
  PID:7452
- C:\Windows\System\oCkngPg.exe
  C:\Windows\System\oCkngPg.exe
  2⤵
  PID:7468
- C:\Windows\System\aAHaqZR.exe
  C:\Windows\System\aAHaqZR.exe
  2⤵
  PID:7484
- C:\Windows\System\zaRStHw.exe
  C:\Windows\System\zaRStHw.exe
  2⤵
  PID:7500
- C:\Windows\System\LiTlhDt.exe
  C:\Windows\System\LiTlhDt.exe
  2⤵
  PID:7516
- C:\Windows\System\nEmBXZu.exe
  C:\Windows\System\nEmBXZu.exe
  2⤵
  PID:7532
- C:\Windows\System\CpFQcAx.exe
  C:\Windows\System\CpFQcAx.exe
  2⤵
  PID:7548
- C:\Windows\System\swHXkCk.exe
  C:\Windows\System\swHXkCk.exe
  2⤵
  PID:7564
- C:\Windows\System\MQVBjHE.exe
  C:\Windows\System\MQVBjHE.exe
  2⤵
  PID:7644
- C:\Windows\System\ZJeTJsu.exe
  C:\Windows\System\ZJeTJsu.exe
  2⤵
  PID:7660
- C:\Windows\System\OtfyrMa.exe
  C:\Windows\System\OtfyrMa.exe
  2⤵
  PID:7680
- C:\Windows\System\GOWlhPY.exe
  C:\Windows\System\GOWlhPY.exe
  2⤵
  PID:7700
- C:\Windows\System\jcnwhwR.exe
  C:\Windows\System\jcnwhwR.exe
  2⤵
  PID:7716
- C:\Windows\System\lgWRntn.exe
  C:\Windows\System\lgWRntn.exe
  2⤵
  PID:7732
- C:\Windows\System\wHzmWJt.exe
  C:\Windows\System\wHzmWJt.exe
  2⤵
  PID:7748
- C:\Windows\System\CGJEgpi.exe
  C:\Windows\System\CGJEgpi.exe
  2⤵
  PID:7764
- C:\Windows\System\YnKConx.exe
  C:\Windows\System\YnKConx.exe
  2⤵
  PID:7780
- C:\Windows\System\SbCUKHf.exe
  C:\Windows\System\SbCUKHf.exe
  2⤵
  PID:7796
- C:\Windows\System\cthrjbD.exe
  C:\Windows\System\cthrjbD.exe
  2⤵
  PID:7816
- C:\Windows\System\LvyuPOO.exe
  C:\Windows\System\LvyuPOO.exe
  2⤵
  PID:7836
- C:\Windows\System\JBDgEev.exe
  C:\Windows\System\JBDgEev.exe
  2⤵
  PID:7856
- C:\Windows\System\LAAAiZO.exe
  C:\Windows\System\LAAAiZO.exe
  2⤵
  PID:7876
- C:\Windows\System\VKLzMrl.exe
  C:\Windows\System\VKLzMrl.exe
  2⤵
  PID:7900
- C:\Windows\System\XGjmAtO.exe
  C:\Windows\System\XGjmAtO.exe
  2⤵
  PID:7920
- C:\Windows\System\vLkQsSM.exe
  C:\Windows\System\vLkQsSM.exe
  2⤵
  PID:7944
- C:\Windows\System\wUNwvYZ.exe
  C:\Windows\System\wUNwvYZ.exe
  2⤵
  PID:7960
- C:\Windows\System\KLowVAC.exe
  C:\Windows\System\KLowVAC.exe
  2⤵
  PID:7976
- C:\Windows\System\VfnlsQx.exe
  C:\Windows\System\VfnlsQx.exe
  2⤵
  PID:7992
- C:\Windows\System\MVnfFXo.exe
  C:\Windows\System\MVnfFXo.exe
  2⤵
  PID:8012
- C:\Windows\System\xBNlCFX.exe
  C:\Windows\System\xBNlCFX.exe
  2⤵
  PID:8032
- C:\Windows\System\QQqmGiR.exe
  C:\Windows\System\QQqmGiR.exe
  2⤵
  PID:8048
- C:\Windows\System\JuEzYDN.exe
  C:\Windows\System\JuEzYDN.exe
  2⤵
  PID:8064
- C:\Windows\System\XVSxXrO.exe
  C:\Windows\System\XVSxXrO.exe
  2⤵
  PID:8084
- C:\Windows\System\ueVuOmi.exe
  C:\Windows\System\ueVuOmi.exe
  2⤵
  PID:8104
- C:\Windows\System\CQPFaze.exe
  C:\Windows\System\CQPFaze.exe
  2⤵
  PID:8172
- C:\Windows\System\IswRrBM.exe
  C:\Windows\System\IswRrBM.exe
  2⤵
  PID:8188
- C:\Windows\System\muciWOQ.exe
  C:\Windows\System\muciWOQ.exe
  2⤵
  PID:6732
- C:\Windows\System\ELSozQb.exe
  C:\Windows\System\ELSozQb.exe
  2⤵
  PID:6332
- C:\Windows\System\vAZlSzt.exe
  C:\Windows\System\vAZlSzt.exe
  2⤵
  PID:7172
- C:\Windows\System\LYJZEHA.exe
  C:\Windows\System\LYJZEHA.exe
  2⤵
  PID:7188
- C:\Windows\System\hyagWWD.exe
  C:\Windows\System\hyagWWD.exe
  2⤵
  PID:7240
- C:\Windows\System\CanpDxK.exe
  C:\Windows\System\CanpDxK.exe
  2⤵
  PID:7216
- C:\Windows\System\AtwNmHw.exe
  C:\Windows\System\AtwNmHw.exe
  2⤵
  PID:7268
- C:\Windows\System\rStUsDD.exe
  C:\Windows\System\rStUsDD.exe
  2⤵
  PID:7328
- C:\Windows\System\nINVMFZ.exe
  C:\Windows\System\nINVMFZ.exe
  2⤵
  PID:7304
- C:\Windows\System\BWTroJU.exe
  C:\Windows\System\BWTroJU.exe
  2⤵
  PID:7412
- C:\Windows\System\YbMRjZO.exe
  C:\Windows\System\YbMRjZO.exe
  2⤵
  PID:7476
- C:\Windows\System\wRJPMoj.exe
  C:\Windows\System\wRJPMoj.exe
  2⤵
  PID:7572
- C:\Windows\System\SnkNMcb.exe
  C:\Windows\System\SnkNMcb.exe
  2⤵
  PID:7364
- C:\Windows\System\cjqNNWf.exe
  C:\Windows\System\cjqNNWf.exe
  2⤵
  PID:7528
- C:\Windows\System\ASGmSMY.exe
  C:\Windows\System\ASGmSMY.exe
  2⤵
  PID:7600
- C:\Windows\System\FVSSTni.exe
  C:\Windows\System\FVSSTni.exe
  2⤵
  PID:7616
- C:\Windows\System\MeNhNlO.exe
  C:\Windows\System\MeNhNlO.exe
  2⤵
  PID:7640
- C:\Windows\System\TOphKeK.exe
  C:\Windows\System\TOphKeK.exe
  2⤵
  PID:7668
- C:\Windows\System\KWMqnfL.exe
  C:\Windows\System\KWMqnfL.exe
  2⤵
  PID:7696
- C:\Windows\System\ILYUayE.exe
  C:\Windows\System\ILYUayE.exe
  2⤵
  PID:7724
- C:\Windows\System\miulaBA.exe
  C:\Windows\System\miulaBA.exe
  2⤵
  PID:7792
- C:\Windows\System\xDlQJBn.exe
  C:\Windows\System\xDlQJBn.exe
  2⤵
  PID:7908
- C:\Windows\System\WiCAMgi.exe
  C:\Windows\System\WiCAMgi.exe
  2⤵
  PID:7952
- C:\Windows\System\aLiCHLC.exe
  C:\Windows\System\aLiCHLC.exe
  2⤵
  PID:8024
- C:\Windows\System\lCNwPVF.exe
  C:\Windows\System\lCNwPVF.exe
  2⤵
  PID:8092
- C:\Windows\System\yekZHKB.exe
  C:\Windows\System\yekZHKB.exe
  2⤵
  PID:7776
- C:\Windows\System\rhtviSm.exe
  C:\Windows\System\rhtviSm.exe
  2⤵
  PID:8040
- C:\Windows\System\pNIpjJB.exe
  C:\Windows\System\pNIpjJB.exe
  2⤵
  PID:8080
- C:\Windows\System\UFmAirl.exe
  C:\Windows\System\UFmAirl.exe
  2⤵
  PID:8152
- C:\Windows\System\rKjrQkw.exe
  C:\Windows\System\rKjrQkw.exe
  2⤵
  PID:8120
- C:\Windows\System\sFQKsPN.exe
  C:\Windows\System\sFQKsPN.exe
  2⤵
  PID:7812
- C:\Windows\System\NqZYqyV.exe
  C:\Windows\System\NqZYqyV.exe
  2⤵
  PID:7892
- C:\Windows\System\qgkwIJP.exe
  C:\Windows\System\qgkwIJP.exe
  2⤵
  PID:7932
- C:\Windows\System\jyjOpRC.exe
  C:\Windows\System\jyjOpRC.exe
  2⤵
  PID:6692
- C:\Windows\System\wsGZtCN.exe
  C:\Windows\System\wsGZtCN.exe
  2⤵
  PID:7284
- C:\Windows\System\HvbtdTN.exe
  C:\Windows\System\HvbtdTN.exe
  2⤵
  PID:7352
- C:\Windows\System\EmjUUbc.exe
  C:\Windows\System\EmjUUbc.exe
  2⤵
  PID:7540
- C:\Windows\System\emNXXWE.exe
  C:\Windows\System\emNXXWE.exe
  2⤵
  PID:7232
- C:\Windows\System\SRRFnkC.exe
  C:\Windows\System\SRRFnkC.exe
  2⤵
  PID:7264
- C:\Windows\System\OftHsry.exe
  C:\Windows\System\OftHsry.exe
  2⤵
  PID:7428
- C:\Windows\System\ToEUNZq.exe
  C:\Windows\System\ToEUNZq.exe
  2⤵
  PID:6748
- C:\Windows\System\pUfGJCt.exe
  C:\Windows\System\pUfGJCt.exe
  2⤵
  PID:7592
- C:\Windows\System\YnISBYb.exe
  C:\Windows\System\YnISBYb.exe
  2⤵
  PID:7604
- C:\Windows\System\MWKZnDW.exe
  C:\Windows\System\MWKZnDW.exe
  2⤵
  PID:7652
- C:\Windows\System\DvcRQYw.exe
  C:\Windows\System\DvcRQYw.exe
  2⤵
  PID:7708
- C:\Windows\System\fVuMlcw.exe
  C:\Windows\System\fVuMlcw.exe
  2⤵
  PID:7756
- C:\Windows\System\ICzJing.exe
  C:\Windows\System\ICzJing.exe
  2⤵
  PID:7760
- C:\Windows\System\OIWLNdw.exe
  C:\Windows\System\OIWLNdw.exe
  2⤵
  PID:7772
- C:\Windows\System\OXtpxjj.exe
  C:\Windows\System\OXtpxjj.exe
  2⤵
  PID:8160
- C:\Windows\System\PJpyNmG.exe
  C:\Windows\System\PJpyNmG.exe
  2⤵
  PID:7740
- C:\Windows\System\fWDuJMc.exe
  C:\Windows\System\fWDuJMc.exe
  2⤵
  PID:8136
- C:\Windows\System\hFgvklV.exe
  C:\Windows\System\hFgvklV.exe
  2⤵
  PID:7524
- C:\Windows\System\SlPhEEL.exe
  C:\Windows\System\SlPhEEL.exe
  2⤵
  PID:8144
- C:\Windows\System\iGUMzpU.exe
  C:\Windows\System\iGUMzpU.exe
  2⤵
  PID:7928
- C:\Windows\System\GCHwSVx.exe
  C:\Windows\System\GCHwSVx.exe
  2⤵
  PID:6852
- C:\Windows\System\OPnIVlx.exe
  C:\Windows\System\OPnIVlx.exe
  2⤵
  PID:7460
- C:\Windows\System\CJOxQfy.exe
  C:\Windows\System\CJOxQfy.exe
  2⤵
  PID:7492
- C:\Windows\System\BzRbsCx.exe
  C:\Windows\System\BzRbsCx.exe
  2⤵
  PID:7444
- C:\Windows\System\rkZQYWh.exe
  C:\Windows\System\rkZQYWh.exe
  2⤵
  PID:7828
- C:\Windows\System\SIoAXZZ.exe
  C:\Windows\System\SIoAXZZ.exe
  2⤵
  PID:7728
- C:\Windows\System\iOvHLDE.exe
  C:\Windows\System\iOvHLDE.exe
  2⤵
  PID:7612
- C:\Windows\System\DxMJtzT.exe
  C:\Windows\System\DxMJtzT.exe
  2⤵
  PID:7972
- C:\Windows\System\lDjniXy.exe
  C:\Windows\System\lDjniXy.exe
  2⤵
  PID:6204
- C:\Windows\System\ZYRIcmg.exe
  C:\Windows\System\ZYRIcmg.exe
  2⤵
  PID:8116
- C:\Windows\System\zBETDLq.exe
  C:\Windows\System\zBETDLq.exe
  2⤵
  PID:8000
- C:\Windows\System\vdRmxEZ.exe
  C:\Windows\System\vdRmxEZ.exe
  2⤵
  PID:7260
- C:\Windows\System\etjUpVm.exe
  C:\Windows\System\etjUpVm.exe
  2⤵
  PID:7384
- C:\Windows\System\tOWnpMH.exe
  C:\Windows\System\tOWnpMH.exe
  2⤵
  PID:7984
- C:\Windows\System\FRukgYT.exe
  C:\Windows\System\FRukgYT.exe
  2⤵
  PID:7688
- C:\Windows\System\jYMWGYL.exe
  C:\Windows\System\jYMWGYL.exe
  2⤵
  PID:7628
- C:\Windows\System\zgkYCfd.exe
  C:\Windows\System\zgkYCfd.exe
  2⤵
  PID:7320
- C:\Windows\System\FdBKyPj.exe
  C:\Windows\System\FdBKyPj.exe
  2⤵
  PID:8008
- C:\Windows\System\dwckAWk.exe
  C:\Windows\System\dwckAWk.exe
  2⤵
  PID:8060
- C:\Windows\System\pUfPkpj.exe
  C:\Windows\System\pUfPkpj.exe
  2⤵
  PID:8180
- C:\Windows\System\sIzXHVT.exe
  C:\Windows\System\sIzXHVT.exe
  2⤵
  PID:8184
- C:\Windows\System\CfpeZBY.exe
  C:\Windows\System\CfpeZBY.exe
  2⤵
  PID:7636
- C:\Windows\System\uKqfPVn.exe
  C:\Windows\System\uKqfPVn.exe
  2⤵
  PID:7872
- C:\Windows\System\acrkWLy.exe
  C:\Windows\System\acrkWLy.exe
  2⤵
  PID:7596
- C:\Windows\System\wpbWAHt.exe
  C:\Windows\System\wpbWAHt.exe
  2⤵
  PID:8200
- C:\Windows\System\MucxtUj.exe
  C:\Windows\System\MucxtUj.exe
  2⤵
  PID:8224
- C:\Windows\System\aQzRLwW.exe
  C:\Windows\System\aQzRLwW.exe
  2⤵
  PID:8244
- C:\Windows\System\iSvgorE.exe
  C:\Windows\System\iSvgorE.exe
  2⤵
  PID:8260
- C:\Windows\System\aElMXfM.exe
  C:\Windows\System\aElMXfM.exe
  2⤵
  PID:8280
- C:\Windows\System\RxrdqDB.exe
  C:\Windows\System\RxrdqDB.exe
  2⤵
  PID:8300
- C:\Windows\System\FAozvVi.exe
  C:\Windows\System\FAozvVi.exe
  2⤵
  PID:8320
- C:\Windows\System\naChmUQ.exe
  C:\Windows\System\naChmUQ.exe
  2⤵
  PID:8340
- C:\Windows\System\FLGYdhM.exe
  C:\Windows\System\FLGYdhM.exe
  2⤵
  PID:8360
- C:\Windows\System\lVDITQz.exe
  C:\Windows\System\lVDITQz.exe
  2⤵
  PID:8384
- C:\Windows\System\yfWTVVq.exe
  C:\Windows\System\yfWTVVq.exe
  2⤵
  PID:8404
- C:\Windows\System\axXAwWW.exe
  C:\Windows\System\axXAwWW.exe
  2⤵
  PID:8420
- C:\Windows\System\tJCOdfy.exe
  C:\Windows\System\tJCOdfy.exe
  2⤵
  PID:8436
- C:\Windows\System\DhLwkSV.exe
  C:\Windows\System\DhLwkSV.exe
  2⤵
  PID:8456
- C:\Windows\System\QwLZRaI.exe
  C:\Windows\System\QwLZRaI.exe
  2⤵
  PID:8476
- C:\Windows\System\SzzUBse.exe
  C:\Windows\System\SzzUBse.exe
  2⤵
  PID:8504
- C:\Windows\System\seoKeqG.exe
  C:\Windows\System\seoKeqG.exe
  2⤵
  PID:8520
- C:\Windows\System\ueVsIds.exe
  C:\Windows\System\ueVsIds.exe
  2⤵
  PID:8536
- C:\Windows\System\nowonZi.exe
  C:\Windows\System\nowonZi.exe
  2⤵
  PID:8564
- C:\Windows\System\kvTIWFS.exe
  C:\Windows\System\kvTIWFS.exe
  2⤵
  PID:8580
- C:\Windows\System\FgcbDfH.exe
  C:\Windows\System\FgcbDfH.exe
  2⤵
  PID:8600
- C:\Windows\System\oYFXmce.exe
  C:\Windows\System\oYFXmce.exe
  2⤵
  PID:8640
- C:\Windows\System\gyVlfyz.exe
  C:\Windows\System\gyVlfyz.exe
  2⤵
  PID:8656
- C:\Windows\System\SQMNbaU.exe
  C:\Windows\System\SQMNbaU.exe
  2⤵
  PID:8672
- C:\Windows\System\IvbAzom.exe
  C:\Windows\System\IvbAzom.exe
  2⤵
  PID:8688
- C:\Windows\System\xFhMxmE.exe
  C:\Windows\System\xFhMxmE.exe
  2⤵
  PID:8720
- C:\Windows\System\xgEPkar.exe
  C:\Windows\System\xgEPkar.exe
  2⤵
  PID:8736
- C:\Windows\System\qcTYbVA.exe
  C:\Windows\System\qcTYbVA.exe
  2⤵
  PID:8756
- C:\Windows\System\PtFtKqv.exe
  C:\Windows\System\PtFtKqv.exe
  2⤵
  PID:8772
- C:\Windows\System\fqOuaiw.exe
  C:\Windows\System\fqOuaiw.exe
  2⤵
  PID:8788
- C:\Windows\System\NMebdUh.exe
  C:\Windows\System\NMebdUh.exe
  2⤵
  PID:8808
- C:\Windows\System\XwTPYBg.exe
  C:\Windows\System\XwTPYBg.exe
  2⤵
  PID:8824
- C:\Windows\System\dKrnSYm.exe
  C:\Windows\System\dKrnSYm.exe
  2⤵
  PID:8840
- C:\Windows\System\QCWbojw.exe
  C:\Windows\System\QCWbojw.exe
  2⤵
  PID:8860
- C:\Windows\System\QTGbZUD.exe
  C:\Windows\System\QTGbZUD.exe
  2⤵
  PID:8876
- C:\Windows\System\EtMdfQC.exe
  C:\Windows\System\EtMdfQC.exe
  2⤵
  PID:8908
- C:\Windows\System\QOAnsom.exe
  C:\Windows\System\QOAnsom.exe
  2⤵
  PID:8924
- C:\Windows\System\sbIDsVl.exe
  C:\Windows\System\sbIDsVl.exe
  2⤵
  PID:8944
- C:\Windows\System\VIsjylx.exe
  C:\Windows\System\VIsjylx.exe
  2⤵
  PID:8960
- C:\Windows\System\IeAFsOB.exe
  C:\Windows\System\IeAFsOB.exe
  2⤵
  PID:8988
- C:\Windows\System\wrMEjyK.exe
  C:\Windows\System\wrMEjyK.exe
  2⤵
  PID:9008
- C:\Windows\System\gHwtIFE.exe
  C:\Windows\System\gHwtIFE.exe
  2⤵
  PID:9028
- C:\Windows\System\GpgkmkZ.exe
  C:\Windows\System\GpgkmkZ.exe
  2⤵
  PID:9048
- C:\Windows\System\idTAqZX.exe
  C:\Windows\System\idTAqZX.exe
  2⤵
  PID:9068
- C:\Windows\System\pkpFkqc.exe
  C:\Windows\System\pkpFkqc.exe
  2⤵
  PID:9092
- C:\Windows\System\khmlyQe.exe
  C:\Windows\System\khmlyQe.exe
  2⤵
  PID:9108
- C:\Windows\System\cnoaJWx.exe
  C:\Windows\System\cnoaJWx.exe
  2⤵
  PID:9124
- C:\Windows\System\PgcWtmb.exe
  C:\Windows\System\PgcWtmb.exe
  2⤵
  PID:9148
- C:\Windows\System\hBnRdRP.exe
  C:\Windows\System\hBnRdRP.exe
  2⤵
  PID:9172
- C:\Windows\System\eZciPev.exe
  C:\Windows\System\eZciPev.exe
  2⤵
  PID:9200
- C:\Windows\System\wHERPtx.exe
  C:\Windows\System\wHERPtx.exe
  2⤵
  PID:8196
- C:\Windows\System\PhmIeBY.exe
  C:\Windows\System\PhmIeBY.exe
  2⤵
  PID:8212
- C:\Windows\System\xcFSuyh.exe
  C:\Windows\System\xcFSuyh.exe
  2⤵
  PID:8288
- C:\Windows\System\NrBElnL.exe
  C:\Windows\System\NrBElnL.exe
  2⤵
  PID:8236
- C:\Windows\System\xhSqwlt.exe
  C:\Windows\System\xhSqwlt.exe
  2⤵
  PID:8336
- C:\Windows\System\MXuhTGr.exe
  C:\Windows\System\MXuhTGr.exe
  2⤵
  PID:8380
- C:\Windows\System\XyyfCwU.exe
  C:\Windows\System\XyyfCwU.exe
  2⤵
  PID:8448
- C:\Windows\System\qeVqlRd.exe
  C:\Windows\System\qeVqlRd.exe
  2⤵
  PID:8492
- C:\Windows\System\mrNgrwn.exe
  C:\Windows\System\mrNgrwn.exe
  2⤵
  PID:8488
- C:\Windows\System\guCurCG.exe
  C:\Windows\System\guCurCG.exe
  2⤵
  PID:8516
- C:\Windows\System\nKvDklL.exe
  C:\Windows\System\nKvDklL.exe
  2⤵
  PID:8552
- C:\Windows\System\CtUNimG.exe
  C:\Windows\System\CtUNimG.exe
  2⤵
  PID:8608
- C:\Windows\System\ymUgfce.exe
  C:\Windows\System\ymUgfce.exe
  2⤵
  PID:7788
- C:\Windows\System\decBQbH.exe
  C:\Windows\System\decBQbH.exe
  2⤵
  PID:8648
- C:\Windows\System\CPrCtDr.exe
  C:\Windows\System\CPrCtDr.exe
  2⤵
  PID:8700
- C:\Windows\System\apKaJjC.exe
  C:\Windows\System\apKaJjC.exe
  2⤵
  PID:8716
- C:\Windows\System\RSnomom.exe
  C:\Windows\System\RSnomom.exe
  2⤵
  PID:8744
- C:\Windows\System\GpTaOaL.exe
  C:\Windows\System\GpTaOaL.exe
  2⤵
  PID:8784
- C:\Windows\System\dPeggGD.exe
  C:\Windows\System\dPeggGD.exe
  2⤵
  PID:8884
- C:\Windows\System\vjcWOUT.exe
  C:\Windows\System\vjcWOUT.exe
  2⤵
  PID:8892
- C:\Windows\System\IQbqCAT.exe
  C:\Windows\System\IQbqCAT.exe
  2⤵
  PID:8836
- C:\Windows\System\MaQUEqp.exe
  C:\Windows\System\MaQUEqp.exe
  2⤵
  PID:8764
- C:\Windows\System\iBYNVQW.exe
  C:\Windows\System\iBYNVQW.exe
  2⤵
  PID:8936
- C:\Windows\System\FsQoJns.exe
  C:\Windows\System\FsQoJns.exe
  2⤵
  PID:8920
- C:\Windows\System\pCtBzyg.exe
  C:\Windows\System\pCtBzyg.exe
  2⤵
  PID:8996
- C:\Windows\System\MkhcnwJ.exe
  C:\Windows\System\MkhcnwJ.exe
  2⤵
  PID:9036
- C:\Windows\System\nqQIuhM.exe
  C:\Windows\System\nqQIuhM.exe
  2⤵
  PID:9084
- C:\Windows\System\OkVrpkW.exe
  C:\Windows\System\OkVrpkW.exe
  2⤵
  PID:9120
- C:\Windows\System\UMNcdhe.exe
  C:\Windows\System\UMNcdhe.exe
  2⤵
  PID:9160
- C:\Windows\System\EdPMgnT.exe
  C:\Windows\System\EdPMgnT.exe
  2⤵
  PID:9192
- C:\Windows\System\tCLajCb.exe
  C:\Windows\System\tCLajCb.exe
  2⤵
  PID:9212
- C:\Windows\System\ngymviK.exe
  C:\Windows\System\ngymviK.exe
  2⤵
  PID:8268
- C:\Windows\System\CgnIFip.exe
  C:\Windows\System\CgnIFip.exe
  2⤵
  PID:8232
- C:\Windows\System\zrdiTLz.exe
  C:\Windows\System\zrdiTLz.exe
  2⤵
  PID:8412
- C:\Windows\System\qlycioA.exe
  C:\Windows\System\qlycioA.exe
  2⤵
  PID:8312
- C:\Windows\System\fZmwvnM.exe
  C:\Windows\System\fZmwvnM.exe
  2⤵
  PID:8468
- C:\Windows\System\IPEoPFZ.exe
  C:\Windows\System\IPEoPFZ.exe
  2⤵
  PID:8572
- C:\Windows\System\TwsVxaM.exe
  C:\Windows\System\TwsVxaM.exe
  2⤵
  PID:8612
- C:\Windows\System\zVjoWmz.exe
  C:\Windows\System\zVjoWmz.exe
  2⤵
  PID:8620
- C:\Windows\System\IQGzngM.exe
  C:\Windows\System\IQGzngM.exe
  2⤵
  PID:8752
- C:\Windows\System\sajOTRM.exe
  C:\Windows\System\sajOTRM.exe
  2⤵
  PID:8696
- C:\Windows\System\uWtmdIf.exe
  C:\Windows\System\uWtmdIf.exe
  2⤵
  PID:8804
- C:\Windows\System\yTgiYHO.exe
  C:\Windows\System\yTgiYHO.exe
  2⤵
  PID:8852
- C:\Windows\System\TcgHZKS.exe
  C:\Windows\System\TcgHZKS.exe
  2⤵
  PID:8732
- C:\Windows\System\XCdTcjl.exe
  C:\Windows\System\XCdTcjl.exe
  2⤵
  PID:8904
- C:\Windows\System\vlELONn.exe
  C:\Windows\System\vlELONn.exe
  2⤵
  PID:8952
- C:\Windows\System\fKeplXg.exe
  C:\Windows\System\fKeplXg.exe
  2⤵
  PID:9040
- C:\Windows\System\aqfRlde.exe
  C:\Windows\System\aqfRlde.exe
  2⤵
  PID:9144
- C:\Windows\System\kKtBFzD.exe
  C:\Windows\System\kKtBFzD.exe
  2⤵
  PID:8220
- C:\Windows\System\zMugBLE.exe
  C:\Windows\System\zMugBLE.exe
  2⤵
  PID:8256
- C:\Windows\System\AzyqkrD.exe
  C:\Windows\System\AzyqkrD.exe
  2⤵
  PID:8592
- C:\Windows\System\OhCoTgR.exe
  C:\Windows\System\OhCoTgR.exe
  2⤵
  PID:8712
- C:\Windows\System\LEBIShd.exe
  C:\Windows\System\LEBIShd.exe
  2⤵
  PID:8728
- C:\Windows\System\dHsVLRN.exe
  C:\Windows\System\dHsVLRN.exe
  2⤵
  PID:9140
- C:\Windows\System\QkwBvRb.exe
  C:\Windows\System\QkwBvRb.exe
  2⤵
  PID:8560
- C:\Windows\System\BNOFYIe.exe
  C:\Windows\System\BNOFYIe.exe
  2⤵
  PID:8832
- C:\Windows\System\DccCsOV.exe
  C:\Windows\System\DccCsOV.exe
  2⤵
  PID:9004
- C:\Windows\System\FVsOHZF.exe
  C:\Windows\System\FVsOHZF.exe
  2⤵
  PID:8984
- C:\Windows\System\PSNMWQO.exe
  C:\Windows\System\PSNMWQO.exe
  2⤵
  PID:8900
- C:\Windows\System\IGsydRX.exe
  C:\Windows\System\IGsydRX.exe
  2⤵
  PID:8708
- C:\Windows\System\hWeJUQk.exe
  C:\Windows\System\hWeJUQk.exe
  2⤵
  PID:8472
- C:\Windows\System\fJxgfpF.exe
  C:\Windows\System\fJxgfpF.exe
  2⤵
  PID:8976
- C:\Windows\System\jzgTgjw.exe
  C:\Windows\System\jzgTgjw.exe
  2⤵
  PID:8216
- C:\Windows\System\fEfNIpw.exe
  C:\Windows\System\fEfNIpw.exe
  2⤵
  PID:9184
- C:\Windows\System\gUmjDYl.exe
  C:\Windows\System\gUmjDYl.exe
  2⤵
  PID:9188
- C:\Windows\System\QhpqfbA.exe
  C:\Windows\System\QhpqfbA.exe
  2⤵
  PID:9196
- C:\Windows\System\IvPhQts.exe
  C:\Windows\System\IvPhQts.exe
  2⤵
  PID:8496
- C:\Windows\System\CDvfWqT.exe
  C:\Windows\System\CDvfWqT.exe
  2⤵
  PID:8980
- C:\Windows\System\wrbWJFn.exe
  C:\Windows\System\wrbWJFn.exe
  2⤵
  PID:8872
- C:\Windows\System\cnkStPq.exe
  C:\Windows\System\cnkStPq.exe
  2⤵
  PID:8376
- C:\Windows\System\VwUnVmT.exe
  C:\Windows\System\VwUnVmT.exe
  2⤵
  PID:9088
- C:\Windows\System\LUKEWvT.exe
  C:\Windows\System\LUKEWvT.exe
  2⤵
  PID:8780
- C:\Windows\System\nNFDyvL.exe
  C:\Windows\System\nNFDyvL.exe
  2⤵
  PID:8276
- C:\Windows\System\MWcSnEZ.exe
  C:\Windows\System\MWcSnEZ.exe
  2⤵
  PID:8484
- C:\Windows\System\uVfRznZ.exe
  C:\Windows\System\uVfRznZ.exe
  2⤵
  PID:9116
- C:\Windows\System\nxitvpU.exe
  C:\Windows\System\nxitvpU.exe
  2⤵
  PID:9232
- C:\Windows\System\CufrIvP.exe
  C:\Windows\System\CufrIvP.exe
  2⤵
  PID:9256
- C:\Windows\System\SpZAtTD.exe
  C:\Windows\System\SpZAtTD.exe
  2⤵
  PID:9272
- C:\Windows\System\pkKKyAZ.exe
  C:\Windows\System\pkKKyAZ.exe
  2⤵
  PID:9288
- C:\Windows\System\LdpZDec.exe
  C:\Windows\System\LdpZDec.exe
  2⤵
  PID:9308
- C:\Windows\System\OTBYgOj.exe
  C:\Windows\System\OTBYgOj.exe
  2⤵
  PID:9328
- C:\Windows\System\oAvpkVP.exe
  C:\Windows\System\oAvpkVP.exe
  2⤵
  PID:9344
- C:\Windows\System\DfTKPNJ.exe
  C:\Windows\System\DfTKPNJ.exe
  2⤵
  PID:9368
- C:\Windows\System\fMEztXe.exe
  C:\Windows\System\fMEztXe.exe
  2⤵
  PID:9392
- C:\Windows\System\asqUquL.exe
  C:\Windows\System\asqUquL.exe
  2⤵
  PID:9412
- C:\Windows\System\BjHNXXE.exe
  C:\Windows\System\BjHNXXE.exe
  2⤵
  PID:9428
- C:\Windows\System\RdJVVXi.exe
  C:\Windows\System\RdJVVXi.exe
  2⤵
  PID:9452
- C:\Windows\System\zESHwib.exe
  C:\Windows\System\zESHwib.exe
  2⤵
  PID:9468
- C:\Windows\System\NZiohNq.exe
  C:\Windows\System\NZiohNq.exe
  2⤵
  PID:9488
- C:\Windows\System\cypbTOA.exe
  C:\Windows\System\cypbTOA.exe
  2⤵
  PID:9504
- C:\Windows\System\toXogdN.exe
  C:\Windows\System\toXogdN.exe
  2⤵
  PID:9524
- C:\Windows\System\PmuDBvb.exe
  C:\Windows\System\PmuDBvb.exe
  2⤵
  PID:9552
- C:\Windows\System\TNbtTur.exe
  C:\Windows\System\TNbtTur.exe
  2⤵
  PID:9568
- C:\Windows\System\WQQGBhP.exe
  C:\Windows\System\WQQGBhP.exe
  2⤵
  PID:9600
- C:\Windows\System\UEMCssg.exe
  C:\Windows\System\UEMCssg.exe
  2⤵
  PID:9624
- C:\Windows\System\HXfqwHK.exe
  C:\Windows\System\HXfqwHK.exe
  2⤵
  PID:9640
- C:\Windows\System\aHwnLXl.exe
  C:\Windows\System\aHwnLXl.exe
  2⤵
  PID:9660
- C:\Windows\System\rWqIcaJ.exe
  C:\Windows\System\rWqIcaJ.exe
  2⤵
  PID:9676
- C:\Windows\System\mDRykPM.exe
  C:\Windows\System\mDRykPM.exe
  2⤵
  PID:9692
- C:\Windows\System\zEVTbrj.exe
  C:\Windows\System\zEVTbrj.exe
  2⤵
  PID:9708
- C:\Windows\System\LlzZBTq.exe
  C:\Windows\System\LlzZBTq.exe
  2⤵
  PID:9728
- C:\Windows\System\vgNQIBl.exe
  C:\Windows\System\vgNQIBl.exe
  2⤵
  PID:9748
- C:\Windows\System\sOGLdso.exe
  C:\Windows\System\sOGLdso.exe
  2⤵
  PID:9764
- C:\Windows\System\rlncfWu.exe
  C:\Windows\System\rlncfWu.exe
  2⤵
  PID:9780
- C:\Windows\System\kDIeiMb.exe
  C:\Windows\System\kDIeiMb.exe
  2⤵
  PID:9796
- C:\Windows\System\XgCHKBw.exe
  C:\Windows\System\XgCHKBw.exe
  2⤵
  PID:9844
- C:\Windows\System\RPqOAOM.exe
  C:\Windows\System\RPqOAOM.exe
  2⤵
  PID:9864
- C:\Windows\System\RqxtDnM.exe
  C:\Windows\System\RqxtDnM.exe
  2⤵
  PID:9884
- C:\Windows\System\guMwshP.exe
  C:\Windows\System\guMwshP.exe
  2⤵
  PID:9904
- C:\Windows\System\fWaRxQw.exe
  C:\Windows\System\fWaRxQw.exe
  2⤵
  PID:9928
- C:\Windows\System\AQMQfWH.exe
  C:\Windows\System\AQMQfWH.exe
  2⤵
  PID:9944
- C:\Windows\System\nGVlMdP.exe
  C:\Windows\System\nGVlMdP.exe
  2⤵
  PID:9964
- C:\Windows\System\aFjXFHw.exe
  C:\Windows\System\aFjXFHw.exe
  2⤵
  PID:9988
- C:\Windows\System\omebCfe.exe
  C:\Windows\System\omebCfe.exe
  2⤵
  PID:10008
- C:\Windows\System\BOMIuJq.exe
  C:\Windows\System\BOMIuJq.exe
  2⤵
  PID:10024
- C:\Windows\System\sRbiCvS.exe
  C:\Windows\System\sRbiCvS.exe
  2⤵
  PID:10044
- C:\Windows\System\BNqrTpE.exe
  C:\Windows\System\BNqrTpE.exe
  2⤵
  PID:10064
- C:\Windows\System\qJdjsQv.exe
  C:\Windows\System\qJdjsQv.exe
  2⤵
  PID:10080
- C:\Windows\System\ZvSNnJo.exe
  C:\Windows\System\ZvSNnJo.exe
  2⤵
  PID:10100
- C:\Windows\System\FvRKbKC.exe
  C:\Windows\System\FvRKbKC.exe
  2⤵
  PID:10124
- C:\Windows\System\KLDJeRW.exe
  C:\Windows\System\KLDJeRW.exe
  2⤵
  PID:10140
- C:\Windows\System\ltkoRCk.exe
  C:\Windows\System\ltkoRCk.exe
  2⤵
  PID:10160
- C:\Windows\System\tBSAteG.exe
  C:\Windows\System\tBSAteG.exe
  2⤵
  PID:10176
- C:\Windows\System\KtbAXPE.exe
  C:\Windows\System\KtbAXPE.exe
  2⤵
  PID:10196
- C:\Windows\System\GRcJohK.exe
  C:\Windows\System\GRcJohK.exe
  2⤵
  PID:10212
- C:\Windows\System\vHKxXzm.exe
  C:\Windows\System\vHKxXzm.exe
  2⤵
  PID:10228
- C:\Windows\System\nLpJKze.exe
  C:\Windows\System\nLpJKze.exe
  2⤵
  PID:9224
- C:\Windows\System\jfPGKbo.exe
  C:\Windows\System\jfPGKbo.exe
  2⤵
  PID:9304
- C:\Windows\System\BMCNHAt.exe
  C:\Windows\System\BMCNHAt.exe
  2⤵
  PID:9380
- C:\Windows\System\LQbkTfU.exe
  C:\Windows\System\LQbkTfU.exe
  2⤵
  PID:9280
- C:\Windows\System\OcTnNco.exe
  C:\Windows\System\OcTnNco.exe
  2⤵
  PID:9500
- C:\Windows\System\RKYdmPw.exe
  C:\Windows\System\RKYdmPw.exe
  2⤵
  PID:9548
- C:\Windows\System\nZdhIZa.exe
  C:\Windows\System\nZdhIZa.exe
  2⤵
  PID:9352
- C:\Windows\System\MMHyRIn.exe
  C:\Windows\System\MMHyRIn.exe
  2⤵
  PID:9588
- C:\Windows\System\VkYSEhT.exe
  C:\Windows\System\VkYSEhT.exe
  2⤵
  PID:9436
- C:\Windows\System\rvoAVou.exe
  C:\Windows\System\rvoAVou.exe
  2⤵
  PID:9476
- C:\Windows\System\DukTgAw.exe
  C:\Windows\System\DukTgAw.exe
  2⤵
  PID:9516
- C:\Windows\System\OlMOWri.exe
  C:\Windows\System\OlMOWri.exe
  2⤵
  PID:9608
- C:\Windows\System\cJxlUte.exe
  C:\Windows\System\cJxlUte.exe
  2⤵
  PID:9672
- C:\Windows\System\OAWcXln.exe
  C:\Windows\System\OAWcXln.exe
  2⤵
  PID:9648
- C:\Windows\System\pcXjTVD.exe
  C:\Windows\System\pcXjTVD.exe
  2⤵
  PID:9652
- C:\Windows\System\gdcCTda.exe
  C:\Windows\System\gdcCTda.exe
  2⤵
  PID:9724
- C:\Windows\System\aIXWiiw.exe
  C:\Windows\System\aIXWiiw.exe
  2⤵
  PID:9804
- C:\Windows\System\QWZuDUQ.exe
  C:\Windows\System\QWZuDUQ.exe
  2⤵
  PID:9820
- C:\Windows\System\MbCklgg.exe
  C:\Windows\System\MbCklgg.exe
  2⤵
  PID:9836
- C:\Windows\System\wZwglKD.exe
  C:\Windows\System\wZwglKD.exe
  2⤵
  PID:9900
- C:\Windows\System\tQKScru.exe
  C:\Windows\System\tQKScru.exe
  2⤵
  PID:9916
- C:\Windows\System\xYWIsbd.exe
  C:\Windows\System\xYWIsbd.exe
  2⤵
  PID:9956
- C:\Windows\System\cuigNTF.exe
  C:\Windows\System\cuigNTF.exe
  2⤵
  PID:9980
- C:\Windows\System\auOEtQi.exe
  C:\Windows\System\auOEtQi.exe
  2⤵
  PID:10016
- C:\Windows\System\JspyVUm.exe
  C:\Windows\System\JspyVUm.exe
  2⤵
  PID:10040
- C:\Windows\System\GeRnpHs.exe
  C:\Windows\System\GeRnpHs.exe
  2⤵
  PID:10096
- C:\Windows\System\nKPiGMh.exe
  C:\Windows\System\nKPiGMh.exe
  2⤵
  PID:10116
- C:\Windows\System\ZEkHeGP.exe
  C:\Windows\System\ZEkHeGP.exe
  2⤵
  PID:10168
- C:\Windows\System\LAeZwYF.exe
  C:\Windows\System\LAeZwYF.exe
  2⤵
  PID:10188
- C:\Windows\System\JjNuSjZ.exe
  C:\Windows\System\JjNuSjZ.exe
  2⤵
  PID:9264
- C:\Windows\System\GvKEjzf.exe
  C:\Windows\System\GvKEjzf.exe
  2⤵
  PID:9220
- C:\Windows\System\zIWmLHp.exe
  C:\Windows\System\zIWmLHp.exe
  2⤵
  PID:9336
- C:\Windows\System\ESfjcma.exe
  C:\Windows\System\ESfjcma.exe
  2⤵
  PID:9384
- C:\Windows\System\LrFtjnB.exe
  C:\Windows\System\LrFtjnB.exe
  2⤵
  PID:9248
- C:\Windows\System\sVsXoqy.exe
  C:\Windows\System\sVsXoqy.exe
  2⤵
  PID:9496
- C:\Windows\System\FNNmoiY.exe
  C:\Windows\System\FNNmoiY.exe
  2⤵
  PID:9324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADidApW.exe

Filesize
6.0MB

MD5
f3cb1f10bfa570601648a9916e541358

SHA1
411752c6b66398cef65d5790a7f57c74a9109e88

SHA256
157217373bd5fe7725ce95f7e6e449981e7e58b223a17c3b8815c224aa7e1d95

SHA512
25a17c3614f4026e742bee361239dd0145e250564ea98adaed88eaab4a71537cec6a7ffb02f5879dd41178f377ece36de435aa7cf8e338cdb1fe1fa08a616a34

Download Submit
C:\Windows\system\CtSbVEL.exe

Filesize
6.0MB

MD5
9b4d97457cf75907e827008933810927

SHA1
f2ae8cae5e08457079acd2ddfde453de610fa6da

SHA256
b64c89805ee9788f5447223a44234f765a60b4dc088497491b7c2bf3356db537

SHA512
054049aee6195ae77223eca773f2aee10d82e1d24c95431a5b7f5346affcbf6ab094607ba1d1b4caa52844efc73433620621f40ae3f76b7e81d98ce8592706ea

Download Submit
C:\Windows\system\IrqTpgU.exe

Filesize
6.0MB

MD5
01208d96ee2d4c56f1c5e670c6cc6c8b

SHA1
7c2c2784452fe0cd4ee212ba9583e2643b15fa67

SHA256
9d24b8412ec57162f040bfa9a8586d2ee6927555bdd9395c3290ea7ab4263c18

SHA512
a9c84f72607cbf9044bc91177ee745b2f74882064d293254a36abfc22559a53e7c759fe5abd06cac40ee0ead8422c98a3fbb35337d44f6696a4168bc17540754

Download Submit
C:\Windows\system\LXVDRyb.exe

Filesize
6.0MB

MD5
e9e37ed3a9714386f0b6aff4516b181b

SHA1
2b49172a112b2ae1b6018c7314417e84af9ed003

SHA256
39fd77c2494eaee4cb3ad63253aedde5232a973f1086f21dd2646a2bebcfc272

SHA512
8ec4e3a8d2b14970750f529414a06b8d53e10c7a0d3c3e70813e48cb6ffed9d7b2f5915b2c28977462fe0cc2d010db87f57ef869054159954de0cbea42fad2c0

Download Submit
C:\Windows\system\MTCwtKp.exe

Filesize
6.0MB

MD5
61e2ea8145e714109b4766d4943b2c1a

SHA1
5cf8f0df0893ac93c5bee05b7a9a319a52186651

SHA256
44d12ac001032dbecc5384a20fb8576c0bfd5c109e47ebe489cd22c71ddd4c91

SHA512
f1409bda27380500afa1fb780422932ba74162bad34a9f33f57cf677b021450c69aba981732443e97429529e3fe50903078bb7b67e6dd5a9ef3b5003ddc4b4f8

Download Submit
C:\Windows\system\RKbiCdw.exe

Filesize
6.0MB

MD5
5cde085cad6f8b2283a4caeccde287fc

SHA1
fd46db56e3605f227825f8ab14a51e425e42411b

SHA256
f5e185a4f0964e8f922a9263bf1117620a51873d4114427d3e32ce0cfd9a3098

SHA512
6cdce1d0267b785003cd40d41bc83e9cd4a3419086a3f74706538d3dab598431873cfbbf830b180ea998b7d2e82c5b9a541b6a346b8d9386d3d4aa21220201df

Download Submit
C:\Windows\system\TDspWeO.exe

Filesize
6.0MB

MD5
8c325b86718ae3deb40ca38e27c319d1

SHA1
3123fb97e3938f30d1f096a60c30196f48332725

SHA256
516a6f365382776f0a7a656eae4a63d761dd8831420238e3c8aff74f0a67b8bc

SHA512
60e2e171ed75409707d5b999009a46868d6900c8c8a89d4916f699373f1896d67e915bf7c204b28739fe04d20add307dd42619570ff7b5c7563ddedf34a6e926

Download Submit
C:\Windows\system\WgmYzEl.exe

Filesize
6.0MB

MD5
a0827c9cf924af7677c2e75f3843423a

SHA1
c07e3002b6345563771fa50c9e1aa9c138fdeb4e

SHA256
42e7f2ca376cde39d92159f1a4bcde6c22d1ea0d38d0ea5e323ff7bae7fd19e2

SHA512
011a73a054cf8c58dce134406f42f3543d7b01fb1570101768884b3d4f5a65080a65a10ace572c7219a27fb2e6b5f04121c18de034e4a1602dac4246eb65c760

Download Submit
C:\Windows\system\YspoTwy.exe

Filesize
6.0MB

MD5
14f9abf4a2c552699c50e76a80351510

SHA1
a8be24ff7472d389d4cc709903ad807a3f8c7634

SHA256
ff4b5ee9880faf64205f9202c0d83c9fe8f23a49ddb1a039982c8a34652c3533

SHA512
73bea64913c76e0d4554ffd5ef4d5659e369a3fea48f7069ab065b9cff5e80076795318f99fe94086b21a822fb6b3a7161e190fc2dfc2424dcaa974baab6a214

Download Submit
C:\Windows\system\ZAXWWUq.exe

Filesize
6.0MB

MD5
a956f38d87adee8703805e0a7a4077c1

SHA1
0f8f2cb3924d06c5e0c0f3afedc2e8c9c39e5579

SHA256
702596719a38a003f86df0e3daa0f600f9bfac7ec1a7af633af52bb1b1bb399c

SHA512
6666e77c4905c798af4e476f536b54c7f61866c19091591d341bd1c349fa099093d2d670098a52559b8676b8173e8006f0634e40e0172795d10e6e7208040119

Download Submit
C:\Windows\system\aGOiEXD.exe

Filesize
6.0MB

MD5
f9cce49395fed0cd2d7c702dae8feec8

SHA1
beb17a31b068f90fe6c194a3d8646b2c5e636a36

SHA256
a24fb2f31619e66af06efc362d0b0bbb5ab158558097c09d3f402c4ac3f07d39

SHA512
0d992e7bea1f32766e1280f9d0d5f5da10d861ee52eae8fe857dda3c0414a3f8b8954721335f2f9279ab11a3db5badf53dd14f48894057f9ad8d34796cc95dbd

Download Submit
C:\Windows\system\awarVrn.exe

Filesize
6.0MB

MD5
4ae9da6b5c9cee45d044480e6c235819

SHA1
2f940b36aac68c6cf150a9c010a339030a56df13

SHA256
8c1fa4eb659c5ea76b14a26422f7cf3923ee3880e1c12bc1b9079533684ab925

SHA512
130d00b9174a24a1fbc5f85476ec26bc3110234a109494fc00aeedc37620081180b65cd89f5a284225c77534ca3db5e8ab3417e8268de21e839e5e5fc8a3eed0

Download Submit
C:\Windows\system\bKSmowW.exe

Filesize
6.0MB

MD5
019b4a863fe2392831983e0596ba513c

SHA1
ca04f8554df80cdb3eac8ecd8cf54c4d6fcc2a49

SHA256
82e5b03feb5969c7a4af83b9d73be0e6aa628e2d392f1f6864c46b1368bf10fa

SHA512
3212b6257d48d33981da90a59548b8e3d9023b2bc61569e958cc73d568d2a1084255c5bc1475312b58a6e13820548c948f6e6df13f901c8a5a0823e50358152a

Download Submit
C:\Windows\system\cRMOVSW.exe

Filesize
6.0MB

MD5
0296543b437a105bf5ff4052f33c8579

SHA1
260b6a9af5ffd0c6e5c992f0b99f4c35b4702bb7

SHA256
52e890e0b40c5642f09334ae2e813ac84647e4849af00c5742bb6fabc7628620

SHA512
86542d8a9874b3455f356fc048dc0dfe40823af8d1af7510f7ce20528426aa9f8ab5cd7930d548b64e3aca6f47c1aa26267d63aafe1f69842ce8cbe92a9ed62c

Download Submit
C:\Windows\system\gQwScXY.exe

Filesize
6.0MB

MD5
57d0245bf3b5db3e7eb7a78dcaecdf80

SHA1
e401255afd42752e1d4471e2b710c512db608eff

SHA256
ac72f2365dcb600b6c6d6a1c6d525cf070bfb28cf4e2cc75ec1f6efdc809974b

SHA512
d771aa12440bc9569a6bebd52e2f610f15fe78d327567f7e6517013fbb9416bd98a1cb07df66c2738b71dcfdea7201066c912557db2b6b791e3af7a2c7eca7f3

Download Submit
C:\Windows\system\gpiWDhr.exe

Filesize
6.0MB

MD5
f35339f0bd0cde521cdda120a4b54fd1

SHA1
d2fbed66aec65f0c7447b417d3eedfce49b7178f

SHA256
6b304b0663acb1577dbfbc8044942b51827cc866914ce309889b4f4dd6bafb79

SHA512
8ee6dd1e8e1584cb507b0c0a144218bce4e0eb677e7b7fb422ebab5345fb0b018d0362f380869941b8131262ba2a6b54e20ab1735d01b5e114f4f26b9b8fa8f8

Download Submit
C:\Windows\system\hDckcFb.exe

Filesize
6.0MB

MD5
d651c632a71a55c81636f70943e89917

SHA1
746f1498aeb4f1415065375966c7e5387d79e84c

SHA256
8ed83d0d70456df5805a54d727fc2ab8d9fbe8c0e95506906d87ea68e1f84d0f

SHA512
e9c3754809480b2c278355db42f809ddd5d066d2e12f2ba44bfe7245eefb5e0622ec446de52c818940fef46c0cce531f9e94c6b4f24e7f20c09033ae484949bd

Download Submit
C:\Windows\system\jqOCRRL.exe

Filesize
6.0MB

MD5
1cddccace70cb6001d12cf39aaa9dd3a

SHA1
3771fdb85791ebc993073d5e6a164fb0a5723582

SHA256
4a8f418e27a6c6e42a6343319db8f9d28ca3911d6aedf79ceb9f0dff5978e206

SHA512
594bd0ff95f9bc325018216fec4c3851b92ac709d1799eb8944bf0d377fa4a665968ec7199c6e9f12e7d92fab1d2b271dc3268c95cca71625db48d3d109d5d87

Download Submit
C:\Windows\system\kOyQlyU.exe

Filesize
6.0MB

MD5
3fd3541ff097505691716fd3054a5a35

SHA1
c05d6444ff7a88d9e8a4702ba62a780c8be96c0b

SHA256
1c9661bfc053b820a2ed20a3e8a68926ba835ca753b788ec8a1dcea9af724f2f

SHA512
c608cf410b6f2b26eb87807a2e3b95c14402ea8911eac7f421461aafbe4183bede9f40a84103156349ffddaff67432469c37defb3e92795b067ff167e9609046

Download Submit
C:\Windows\system\lNfbBSD.exe

Filesize
6.0MB

MD5
956e1587969395283c0781bde169d361

SHA1
12aebcd9f0ae71254b884c855e1dda3f29b67d24

SHA256
91abe159dbfed39ddb5ab53ea78d354ca4c0842c34d01bdf04e8cd74e195d1dc

SHA512
18dfe5c3d64307d6cb3d6369cc48e8de73b6812c8d7ad261a3fa64b61985ae254362d111bcf71909ac0a9116453c72b6d0cc41819a24fd4dbe3309335512e750

Download Submit
C:\Windows\system\qDrJsDH.exe

Filesize
6.0MB

MD5
6bf7ed1e35edb190e7415f0eb4eb4cb5

SHA1
ee3866dfeb30a4609cff372ddea5e0622996cc72

SHA256
89f10b86873e6ede9bac7022caa99b1251585e432fece42d332751323a23a4dc

SHA512
3e21e1b25c298f3d98b47d98c251dccd0001d50ba34bdc7225febe8bcf490c85bb9dadb5aea8ca31ad3ca5a59c73e7815190844cc8f1d7d70808e38f0b50b906

Download Submit
C:\Windows\system\qWvOEmg.exe

Filesize
6.0MB

MD5
a6cf890ff1f115f36dca27657983743e

SHA1
9ce7573a86cead605b0646141fae354941a495bf

SHA256
6ad9e22b8a50f9fb447f44887a4b69195388f50a077a6654b0ac09b64cf705c4

SHA512
82deda2561d72c2749efa58b8a8fdb40e084347d3ec2c3cf6ec4fe5c3f9df0ad0a82f2c43384ca5b643510289a4b047b62e7dcc7e5eaf02264de867eb23d5aea

Download Submit
C:\Windows\system\qymKYro.exe

Filesize
6.0MB

MD5
b67d186ea0f8760094d654c8d4812189

SHA1
1438e5d1b54d7660b058007de7bebe8f4609f701

SHA256
b58858af0016318209004624bfe19975ea0f6f030559be7850a9e69973b25328

SHA512
f531b93f378dec6549a2a6e745d83e1388cd43c94bc9d0f255a17238631531fdd61b0630945e4c2abfdc616cc98bdf9ff5bde169e2ff4564a00be0d198a2748c

Download Submit
C:\Windows\system\svzoFxV.exe

Filesize
6.0MB

MD5
72607c687b92eaa0e079d1b16a326067

SHA1
7e0c2e376163048bcd75d1f0351cedc600740cfc

SHA256
772780b00c9d1127465d4695681a49753d4c095e6c753abf343355c2194a585a

SHA512
425064b6287f4fe7685e9eba49d4f551f76672155befaa3ddef2e448d76474172addadaa63b2fa91898abc35fc73e7f48057a604d6c25d1389ce31b57116b78b

Download Submit
C:\Windows\system\teERgvt.exe

Filesize
6.0MB

MD5
b80197c1c19e6a69e8fe267efa96b412

SHA1
dc986bffef0135695341257d678cd0661fbb553d

SHA256
68206db84fd606d422be725b2630f0ac53754e3edeed7068e0dc93051b66a711

SHA512
306ae59350cf82481a0074d577c1a586bd613b82981932a73a0eaeddc2beca847ca4e8d9a4b18a49d526353ce670fd81ad47bddd8888e82c166f0b623a5b1793

Download Submit
C:\Windows\system\vswZOpq.exe

Filesize
6.0MB

MD5
d0bde677298e033e7dfcba176904c728

SHA1
a41d802dec6cedee0255b436231df88b541ad88d

SHA256
d95598e4cfba504355f434cfa63a054151cf9e8e6b2b42232c18667d66cb1945

SHA512
fec9680b5afae6a480691d17f5681aabfe229028b0c06df9817cecd391e3b0adebf54623f77a431bc87d89cb018c8bef632e886169094d776c06462b28b394f3

Download Submit
C:\Windows\system\xGWpiML.exe

Filesize
6.0MB

MD5
ee7ad9cc45a28b3e21bd23de1e8c37ec

SHA1
e756a3375bb2e06c6e7d0eefe67b00196a102bb9

SHA256
9e7e6772164cd9d11eea9742a4cc6d1d7e0a0bf13c8ccbcef09d5069f5bb6da4

SHA512
2b98047c418661be8e6cfcdbb379fa82b9cd4c38d87bd6582c6cea819be6c87b9559596a8c6d5a6bd2c51a8ef008b1974833a7fde548a3f5fab6b778fb0167ce

Download Submit
\Windows\system\EBUeXNr.exe

Filesize
6.0MB

MD5
252036527490ac4c13c04d11d9dbdc5f

SHA1
b9f9ba0b3dc7f69d9e44dafce412dddb2cd6caf7

SHA256
6ef4ce11ba7eaba76f15e40e03cbae43af06971f19371f2011e9bdc6809adeee

SHA512
3d336843764ce9a0c38c84c1c2fa1636c4f9a9db7c23d548e6d07c0e0915a08816fba80e251e7a042d43d78c04e49f22266db3efe32cb429d0f6c43b345da882

Download Submit
\Windows\system\KldQtCo.exe

Filesize
6.0MB

MD5
280f50edb54d634824ed8cacf5159e47

SHA1
4359927006606ec770520e68d0997736e772da78

SHA256
4ba37877f02bd328f6aa7f89c8369e3dfebe97f4ee3689f2fa0011ce40f36616

SHA512
c81f7bc9edbc4e65be2a5175362a27ab70397dab43f22829eb51d2bf9d2d226b4ae619b0e8ec3e5ff48702110cd8f2aa7f80da3831352a77c9d8312b6e11b209

Download Submit
\Windows\system\LQndVWA.exe

Filesize
6.0MB

MD5
030c10e35705a5e675b25fd9cbb1e8aa

SHA1
ca58e5d11f82ecdbeef391d7a1ff2921787c4c75

SHA256
b39ac95e14b323305ed64872173f95bc9f524c64c4f0a74450a6d61d7c11eb59

SHA512
d89e4a1a619d6ddbc15b974c98d46f7bb768f00de5a727e3f36d1ffd0b350480834dde54a8611cfe194209c3d1e77e96966a7302013d6c1deddbdc3e6a2faf96

Download Submit
\Windows\system\aIFMyas.exe

Filesize
6.0MB

MD5
5afda28190b0e1da769610a441608552

SHA1
b48668b686ca099aa5fce4a1bfc9438ae65c22d3

SHA256
9d1a581f676429fb8b0bdddcf5a968ead494ffa5e83237089f77dddfe993a11e

SHA512
12764313a0af8ae4f967158a9b2503dd9d39502b4c9f4ffbf613e8578410f81145b38e53dd7be1f5e42a9d6d77ae259e928b123720d7c4f0977b76ad8142f5d8

Download Submit
\Windows\system\rfhZUeY.exe

Filesize
6.0MB

MD5
e0443cb826ca65469747e4195a4a3694

SHA1
d7a2242d1d77577ce686a640c755b436df8bdf9a

SHA256
fac8dddb40ef55ba4a6868d9acc3e670b208990b3663155d5146a5afea037102

SHA512
0fc039084e80d03fca1ea9433ae5b76fb4e724edcf6958bb5ece280ea0bd0fd784f52e9a6e223d969902d8c3b4f0aacea178faae1da9851bb99e003c20dbda9e

Download Submit
memory/540-96-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/540-4038-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/540-869-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1952-4029-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1952-28-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1952-84-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2044-11-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-51-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-4039-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2312-103-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1023-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2384-56-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2384-1134-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-109-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-108-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2384-107-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-47-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-917-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2384-32-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-93-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-40-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-42-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-21-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2384-77-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2384-88-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-85-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-539-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-22-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2384-70-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2384-68-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-66-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2568-75-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4035-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-37-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4031-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-89-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-73-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4033-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4034-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2716-74-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2740-43-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4030-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4032-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2844-100-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2844-60-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2908-18-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2908-52-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2924-80-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2924-4036-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2924-434-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2936-4037-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-647-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-67-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/3016-20-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download