cobaltstrike | 99697bb4c58476b2538780f58773b18c9e774fb5e4379f2cd96ff1bf923c33a3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

dea965429925882a5fe08b1c356f2eb7
SHA1

01310248f7a128537bacfa8f9c0338c4f4455248
SHA256

99697bb4c58476b2538780f58773b18c9e774fb5e4379f2cd96ff1bf923c33a3
SHA512

ac73855ae67900a998e705e364513bbd86e024367d270949586246818089833af0b941abf452ce8d687fa851cf616f1a04ec691c1b31bf0ecc4e64bd38932d96
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d79-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d89-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d43-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-131.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-110.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-50.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001610d-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2656-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0009000000012117-6.dat	xmrig
behavioral1/files/0x0007000000015d79-11.dat	xmrig
behavioral1/files/0x0007000000015d89-16.dat	xmrig
behavioral1/files/0x0008000000015d81-15.dat	xmrig
behavioral1/files/0x0007000000015ec4-26.dat	xmrig
behavioral1/files/0x0007000000015f25-30.dat	xmrig
behavioral1/files/0x0008000000016d43-45.dat	xmrig
behavioral1/files/0x0006000000016d67-60.dat	xmrig
behavioral1/files/0x0006000000016d77-75.dat	xmrig
behavioral1/files/0x0006000000016d9f-80.dat	xmrig
behavioral1/files/0x0006000000016de8-86.dat	xmrig
behavioral1/files/0x0006000000016df3-95.dat	xmrig
behavioral1/files/0x0006000000016ecf-100.dat	xmrig
behavioral1/files/0x00050000000186ed-134.dat	xmrig
behavioral1/files/0x0005000000018704-147.dat	xmrig
behavioral1/memory/1884-1839-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018744-161.dat	xmrig
behavioral1/files/0x0005000000018739-155.dat	xmrig
behavioral1/files/0x00050000000186f1-140.dat	xmrig
behavioral1/files/0x00050000000186f4-144.dat	xmrig
behavioral1/files/0x00050000000186e7-131.dat	xmrig
behavioral1/files/0x000600000001755b-120.dat	xmrig
behavioral1/files/0x0005000000018686-126.dat	xmrig
behavioral1/files/0x0006000000017497-110.dat	xmrig
behavioral1/files/0x000600000001749c-115.dat	xmrig
behavioral1/files/0x0006000000017049-105.dat	xmrig
behavioral1/files/0x0006000000016dea-90.dat	xmrig
behavioral1/files/0x0006000000016d6f-70.dat	xmrig
behavioral1/files/0x0006000000016d6b-65.dat	xmrig
behavioral1/files/0x0006000000016d54-55.dat	xmrig
behavioral1/files/0x0006000000016d4b-50.dat	xmrig
behavioral1/files/0x000800000001610d-41.dat	xmrig
behavioral1/files/0x0007000000015f7b-36.dat	xmrig
behavioral1/memory/2308-2061-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2692-1973-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2872-1862-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2656-1861-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/3016-1860-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2860-1858-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2700-1856-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2952-1854-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2968-1852-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2656-1851-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2900-1850-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2656-1849-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2464-1848-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2656-1847-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2252-1846-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2656-1845-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2296-1844-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2192-1842-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2252-2743-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2860-2749-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2952-2748-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1884-2752-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2296-2755-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2464-2764-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2308-2817-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2692-2823-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/3016-2793-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2968-2783-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2700-2756-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2872-2747-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1884	fernZpr.exe
2308	dLquJsk.exe
2192	JRiJlBp.exe
2296	KlXegjr.exe
2252	dfNDxLF.exe
2464	fuLqJMU.exe
2900	pjHvUBX.exe
2968	DGqUYCJ.exe
2952	eNGGSNc.exe
2700	elgtVSP.exe
2860	QXjmsNt.exe
3016	WOWCNPs.exe
2872	OJOHtrE.exe
2692	YhIiuuA.exe
2240	ABBVDCa.exe
2756	LQawCUW.exe
2888	umsUDHu.exe
3012	QFNClys.exe
2040	BkIxDiN.exe
3040	fGukKiW.exe
3036	xuFtObv.exe
444	RJFHwuK.exe
3028	repQnWo.exe
2544	MjUwNHp.exe
1236	MiPTjpS.exe
2024	RubCQSc.exe
2516	SQNPCtb.exe
2520	QvHSJwP.exe
2376	iqEzBgj.exe
1240	IiyQPfW.exe
2160	LIROcjQ.exe
3008	JsDGfVY.exe
700	eGUGOGI.exe
1192	lRQvRsQ.exe
2176	WZJxsGv.exe
832	xRPRtUI.exe
2044	qwbevBu.exe
1320	DnJZUNj.exe
1928	ykadCCV.exe
2576	lBQXpTK.exe
1904	hKdCanC.exe
2268	ZUcFrmJ.exe
1900	PiZFhvn.exe
1256	JRtOoKs.exe
1592	trEhCpt.exe
2836	mRZXJfy.exe
1128	UzQLZXH.exe
2148	qWhduyY.exe
2492	jrEoSLQ.exe
1220	CchxKiw.exe
1676	mgZKnPg.exe
2352	lFuOOXa.exe
2356	tNaXgKN.exe
2604	iCilpBD.exe
1440	tiyhxGy.exe
884	rVjfsSO.exe
2380	ZQSgpIm.exe
848	KRBUlmS.exe
1844	hbZsGPh.exe
2460	ZnaauMA.exe
2224	wiIAoHT.exe
2892	FZbdoyq.exe
2928	KONPGYA.exe
2840	JaBCYFc.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2656-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0009000000012117-6.dat	upx
behavioral1/files/0x0007000000015d79-11.dat	upx
behavioral1/files/0x0007000000015d89-16.dat	upx
behavioral1/files/0x0008000000015d81-15.dat	upx
behavioral1/files/0x0007000000015ec4-26.dat	upx
behavioral1/files/0x0007000000015f25-30.dat	upx
behavioral1/files/0x0008000000016d43-45.dat	upx
behavioral1/files/0x0006000000016d67-60.dat	upx
behavioral1/files/0x0006000000016d77-75.dat	upx
behavioral1/files/0x0006000000016d9f-80.dat	upx
behavioral1/files/0x0006000000016de8-86.dat	upx
behavioral1/files/0x0006000000016df3-95.dat	upx
behavioral1/files/0x0006000000016ecf-100.dat	upx
behavioral1/files/0x00050000000186ed-134.dat	upx
behavioral1/files/0x0005000000018704-147.dat	upx
behavioral1/memory/1884-1839-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0005000000018744-161.dat	upx
behavioral1/files/0x0005000000018739-155.dat	upx
behavioral1/files/0x00050000000186f1-140.dat	upx
behavioral1/files/0x00050000000186f4-144.dat	upx
behavioral1/files/0x00050000000186e7-131.dat	upx
behavioral1/files/0x000600000001755b-120.dat	upx
behavioral1/files/0x0005000000018686-126.dat	upx
behavioral1/files/0x0006000000017497-110.dat	upx
behavioral1/files/0x000600000001749c-115.dat	upx
behavioral1/files/0x0006000000017049-105.dat	upx
behavioral1/files/0x0006000000016dea-90.dat	upx
behavioral1/files/0x0006000000016d6f-70.dat	upx
behavioral1/files/0x0006000000016d6b-65.dat	upx
behavioral1/files/0x0006000000016d54-55.dat	upx
behavioral1/files/0x0006000000016d4b-50.dat	upx
behavioral1/files/0x000800000001610d-41.dat	upx
behavioral1/files/0x0007000000015f7b-36.dat	upx
behavioral1/memory/2308-2061-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2692-1973-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2872-1862-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/3016-1860-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2860-1858-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2700-1856-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2952-1854-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2968-1852-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2900-1850-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2464-1848-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2252-1846-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2296-1844-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2192-1842-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2252-2743-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2860-2749-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2952-2748-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/1884-2752-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2296-2755-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2464-2764-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2308-2817-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2692-2823-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/3016-2793-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2968-2783-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2700-2756-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2872-2747-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2192-2746-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2900-2745-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2656-5527-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uKgVmnM.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOcRqmX.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlndXgu.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfNtSIS.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thlQcWC.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BArMWho.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWgtrnz.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wncCeYM.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIYXtVi.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVxTfdL.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOwCFQv.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhhCHBp.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAHhXxA.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwfwNMA.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvHSJwP.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiMhzfu.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayvXsVu.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMABsjQ.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWOROOR.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgTLlmY.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRgRlwo.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxGrZtC.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpPTBPS.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJZXsul.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BveOLSE.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMuahHf.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMtDJpH.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsKhWPq.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdqhLIu.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOoLyiC.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byPmfGO.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtvxLUe.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHNlKxe.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdGpjYq.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXPWNgZ.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfhgZrb.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFywhkl.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttBNCDP.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlXegjr.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLKHjqi.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgfpoIz.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUsUcej.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAWrNEA.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkLecUm.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQcaieK.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOIJqlk.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVlPfsF.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sycudbI.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgPUyOT.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aoWVPgL.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjWoJyj.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsaZLYm.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTqtUxT.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PklIarM.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACYDntR.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWxJXfu.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erpIHUU.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUCcloe.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjMeeBV.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiZFhvn.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNrQJen.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nznkxMF.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYKnlws.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgFILSt.exe	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 1884	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 1884	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 1884	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2656 wrote to memory of 2308	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2308	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2308	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2656 wrote to memory of 2192	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2192	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2192	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2656 wrote to memory of 2296	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2296	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2296	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2656 wrote to memory of 2252	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2252	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2252	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2656 wrote to memory of 2464	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2464	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2464	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2656 wrote to memory of 2900	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2900	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2900	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2656 wrote to memory of 2968	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2968	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2968	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2656 wrote to memory of 2952	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2952	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2952	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2656 wrote to memory of 2700	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 2700	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 2700	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2656 wrote to memory of 2860	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 2860	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 2860	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2656 wrote to memory of 3016	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 3016	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 3016	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2656 wrote to memory of 2872	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2872	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2872	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2656 wrote to memory of 2692	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2692	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2692	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2656 wrote to memory of 2240	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 2240	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 2240	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2656 wrote to memory of 2756	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 2756	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 2756	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2656 wrote to memory of 2888	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 2888	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 2888	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2656 wrote to memory of 3012	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 3012	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 3012	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2656 wrote to memory of 2040	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 2040	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 2040	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2656 wrote to memory of 3040	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 3040	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 3040	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2656 wrote to memory of 3036	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 3036	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 3036	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2656 wrote to memory of 444	2656	2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_dea965429925882a5fe08b1c356f2eb7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\System\fernZpr.exe
  C:\Windows\System\fernZpr.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\dLquJsk.exe
  C:\Windows\System\dLquJsk.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\JRiJlBp.exe
  C:\Windows\System\JRiJlBp.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\KlXegjr.exe
  C:\Windows\System\KlXegjr.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\dfNDxLF.exe
  C:\Windows\System\dfNDxLF.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\fuLqJMU.exe
  C:\Windows\System\fuLqJMU.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\pjHvUBX.exe
  C:\Windows\System\pjHvUBX.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\DGqUYCJ.exe
  C:\Windows\System\DGqUYCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\eNGGSNc.exe
  C:\Windows\System\eNGGSNc.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\elgtVSP.exe
  C:\Windows\System\elgtVSP.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\QXjmsNt.exe
  C:\Windows\System\QXjmsNt.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\WOWCNPs.exe
  C:\Windows\System\WOWCNPs.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\OJOHtrE.exe
  C:\Windows\System\OJOHtrE.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\YhIiuuA.exe
  C:\Windows\System\YhIiuuA.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ABBVDCa.exe
  C:\Windows\System\ABBVDCa.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\LQawCUW.exe
  C:\Windows\System\LQawCUW.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\umsUDHu.exe
  C:\Windows\System\umsUDHu.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\QFNClys.exe
  C:\Windows\System\QFNClys.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\BkIxDiN.exe
  C:\Windows\System\BkIxDiN.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\fGukKiW.exe
  C:\Windows\System\fGukKiW.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\xuFtObv.exe
  C:\Windows\System\xuFtObv.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\RJFHwuK.exe
  C:\Windows\System\RJFHwuK.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\repQnWo.exe
  C:\Windows\System\repQnWo.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\MjUwNHp.exe
  C:\Windows\System\MjUwNHp.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\MiPTjpS.exe
  C:\Windows\System\MiPTjpS.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\RubCQSc.exe
  C:\Windows\System\RubCQSc.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\SQNPCtb.exe
  C:\Windows\System\SQNPCtb.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\QvHSJwP.exe
  C:\Windows\System\QvHSJwP.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\iqEzBgj.exe
  C:\Windows\System\iqEzBgj.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\IiyQPfW.exe
  C:\Windows\System\IiyQPfW.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\LIROcjQ.exe
  C:\Windows\System\LIROcjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\JsDGfVY.exe
  C:\Windows\System\JsDGfVY.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\eGUGOGI.exe
  C:\Windows\System\eGUGOGI.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\lRQvRsQ.exe
  C:\Windows\System\lRQvRsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\WZJxsGv.exe
  C:\Windows\System\WZJxsGv.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\xRPRtUI.exe
  C:\Windows\System\xRPRtUI.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\qwbevBu.exe
  C:\Windows\System\qwbevBu.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\DnJZUNj.exe
  C:\Windows\System\DnJZUNj.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\ykadCCV.exe
  C:\Windows\System\ykadCCV.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\lBQXpTK.exe
  C:\Windows\System\lBQXpTK.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\hKdCanC.exe
  C:\Windows\System\hKdCanC.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ZUcFrmJ.exe
  C:\Windows\System\ZUcFrmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\PiZFhvn.exe
  C:\Windows\System\PiZFhvn.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\JRtOoKs.exe
  C:\Windows\System\JRtOoKs.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\trEhCpt.exe
  C:\Windows\System\trEhCpt.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\mRZXJfy.exe
  C:\Windows\System\mRZXJfy.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\UzQLZXH.exe
  C:\Windows\System\UzQLZXH.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\jrEoSLQ.exe
  C:\Windows\System\jrEoSLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\qWhduyY.exe
  C:\Windows\System\qWhduyY.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\mgZKnPg.exe
  C:\Windows\System\mgZKnPg.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\CchxKiw.exe
  C:\Windows\System\CchxKiw.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\lFuOOXa.exe
  C:\Windows\System\lFuOOXa.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\tNaXgKN.exe
  C:\Windows\System\tNaXgKN.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\iCilpBD.exe
  C:\Windows\System\iCilpBD.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\tiyhxGy.exe
  C:\Windows\System\tiyhxGy.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\rVjfsSO.exe
  C:\Windows\System\rVjfsSO.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\ZQSgpIm.exe
  C:\Windows\System\ZQSgpIm.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\KRBUlmS.exe
  C:\Windows\System\KRBUlmS.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\hbZsGPh.exe
  C:\Windows\System\hbZsGPh.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\ZnaauMA.exe
  C:\Windows\System\ZnaauMA.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\wiIAoHT.exe
  C:\Windows\System\wiIAoHT.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\KONPGYA.exe
  C:\Windows\System\KONPGYA.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\FZbdoyq.exe
  C:\Windows\System\FZbdoyq.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\NLIwuZD.exe
  C:\Windows\System\NLIwuZD.exe
  2⤵
  PID:2956
- C:\Windows\System\JaBCYFc.exe
  C:\Windows\System\JaBCYFc.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\uULLCcA.exe
  C:\Windows\System\uULLCcA.exe
  2⤵
  PID:2472
- C:\Windows\System\ZcAddLy.exe
  C:\Windows\System\ZcAddLy.exe
  2⤵
  PID:1044
- C:\Windows\System\EKCmbvx.exe
  C:\Windows\System\EKCmbvx.exe
  2⤵
  PID:2548
- C:\Windows\System\TqkZlSG.exe
  C:\Windows\System\TqkZlSG.exe
  2⤵
  PID:2120
- C:\Windows\System\HsaZLYm.exe
  C:\Windows\System\HsaZLYm.exe
  2⤵
  PID:3060
- C:\Windows\System\wioKgDC.exe
  C:\Windows\System\wioKgDC.exe
  2⤵
  PID:2984
- C:\Windows\System\hsoAFea.exe
  C:\Windows\System\hsoAFea.exe
  2⤵
  PID:2880
- C:\Windows\System\RhFFbbg.exe
  C:\Windows\System\RhFFbbg.exe
  2⤵
  PID:2796
- C:\Windows\System\RspLwDZ.exe
  C:\Windows\System\RspLwDZ.exe
  2⤵
  PID:1048
- C:\Windows\System\PBmzbdo.exe
  C:\Windows\System\PBmzbdo.exe
  2⤵
  PID:1808
- C:\Windows\System\byPmfGO.exe
  C:\Windows\System\byPmfGO.exe
  2⤵
  PID:2524
- C:\Windows\System\OSlqojL.exe
  C:\Windows\System\OSlqojL.exe
  2⤵
  PID:2412
- C:\Windows\System\NqbmKzV.exe
  C:\Windows\System\NqbmKzV.exe
  2⤵
  PID:1852
- C:\Windows\System\bVaLKuu.exe
  C:\Windows\System\bVaLKuu.exe
  2⤵
  PID:2052
- C:\Windows\System\VbTMADh.exe
  C:\Windows\System\VbTMADh.exe
  2⤵
  PID:912
- C:\Windows\System\VmvJcQw.exe
  C:\Windows\System\VmvJcQw.exe
  2⤵
  PID:2672
- C:\Windows\System\nnvHkuO.exe
  C:\Windows\System\nnvHkuO.exe
  2⤵
  PID:1792
- C:\Windows\System\yrhrXHp.exe
  C:\Windows\System\yrhrXHp.exe
  2⤵
  PID:1544
- C:\Windows\System\ZJcXhPr.exe
  C:\Windows\System\ZJcXhPr.exe
  2⤵
  PID:1748
- C:\Windows\System\zDBCYCh.exe
  C:\Windows\System\zDBCYCh.exe
  2⤵
  PID:1876
- C:\Windows\System\KXwpMUp.exe
  C:\Windows\System\KXwpMUp.exe
  2⤵
  PID:2436
- C:\Windows\System\dSkLdQJ.exe
  C:\Windows\System\dSkLdQJ.exe
  2⤵
  PID:836
- C:\Windows\System\rYvFAAA.exe
  C:\Windows\System\rYvFAAA.exe
  2⤵
  PID:1716
- C:\Windows\System\GvApXKw.exe
  C:\Windows\System\GvApXKw.exe
  2⤵
  PID:1996
- C:\Windows\System\SoCeudM.exe
  C:\Windows\System\SoCeudM.exe
  2⤵
  PID:1616
- C:\Windows\System\ZBuhJyV.exe
  C:\Windows\System\ZBuhJyV.exe
  2⤵
  PID:556
- C:\Windows\System\PEdlOWT.exe
  C:\Windows\System\PEdlOWT.exe
  2⤵
  PID:1444
- C:\Windows\System\MNBOWof.exe
  C:\Windows\System\MNBOWof.exe
  2⤵
  PID:2640
- C:\Windows\System\cXPWNgZ.exe
  C:\Windows\System\cXPWNgZ.exe
  2⤵
  PID:2428
- C:\Windows\System\DViGZRd.exe
  C:\Windows\System\DViGZRd.exe
  2⤵
  PID:1536
- C:\Windows\System\FwMNLYj.exe
  C:\Windows\System\FwMNLYj.exe
  2⤵
  PID:1860
- C:\Windows\System\kUuuHUN.exe
  C:\Windows\System\kUuuHUN.exe
  2⤵
  PID:2844
- C:\Windows\System\QkVOknZ.exe
  C:\Windows\System\QkVOknZ.exe
  2⤵
  PID:2484
- C:\Windows\System\dvfAHsN.exe
  C:\Windows\System\dvfAHsN.exe
  2⤵
  PID:2964
- C:\Windows\System\sHdvuXy.exe
  C:\Windows\System\sHdvuXy.exe
  2⤵
  PID:1416
- C:\Windows\System\PJFCwCS.exe
  C:\Windows\System\PJFCwCS.exe
  2⤵
  PID:2864
- C:\Windows\System\sPbjkMN.exe
  C:\Windows\System\sPbjkMN.exe
  2⤵
  PID:2704
- C:\Windows\System\sWdUxpm.exe
  C:\Windows\System\sWdUxpm.exe
  2⤵
  PID:1420
- C:\Windows\System\sGnbBut.exe
  C:\Windows\System\sGnbBut.exe
  2⤵
  PID:3048
- C:\Windows\System\KtaCOSw.exe
  C:\Windows\System\KtaCOSw.exe
  2⤵
  PID:1804
- C:\Windows\System\kXDVKli.exe
  C:\Windows\System\kXDVKli.exe
  2⤵
  PID:2284
- C:\Windows\System\DEKbNhF.exe
  C:\Windows\System\DEKbNhF.exe
  2⤵
  PID:2676
- C:\Windows\System\UlPStFQ.exe
  C:\Windows\System\UlPStFQ.exe
  2⤵
  PID:2200
- C:\Windows\System\jmjDnJJ.exe
  C:\Windows\System\jmjDnJJ.exe
  2⤵
  PID:768
- C:\Windows\System\CaRecaB.exe
  C:\Windows\System\CaRecaB.exe
  2⤵
  PID:1264
- C:\Windows\System\odsHedz.exe
  C:\Windows\System\odsHedz.exe
  2⤵
  PID:308
- C:\Windows\System\mqDUJkC.exe
  C:\Windows\System\mqDUJkC.exe
  2⤵
  PID:868
- C:\Windows\System\qjzrgam.exe
  C:\Windows\System\qjzrgam.exe
  2⤵
  PID:2636
- C:\Windows\System\nRoaQHP.exe
  C:\Windows\System\nRoaQHP.exe
  2⤵
  PID:2584
- C:\Windows\System\YybbkCB.exe
  C:\Windows\System\YybbkCB.exe
  2⤵
  PID:1980
- C:\Windows\System\DVjsuqH.exe
  C:\Windows\System\DVjsuqH.exe
  2⤵
  PID:1212
- C:\Windows\System\vfgWOju.exe
  C:\Windows\System\vfgWOju.exe
  2⤵
  PID:1532
- C:\Windows\System\FadpraK.exe
  C:\Windows\System\FadpraK.exe
  2⤵
  PID:2924
- C:\Windows\System\KlrMPUJ.exe
  C:\Windows\System\KlrMPUJ.exe
  2⤵
  PID:2188
- C:\Windows\System\swLTOuC.exe
  C:\Windows\System\swLTOuC.exe
  2⤵
  PID:948
- C:\Windows\System\FMwzsBK.exe
  C:\Windows\System\FMwzsBK.exe
  2⤵
  PID:3000
- C:\Windows\System\fEudHXW.exe
  C:\Windows\System\fEudHXW.exe
  2⤵
  PID:2512
- C:\Windows\System\TNMjaKL.exe
  C:\Windows\System\TNMjaKL.exe
  2⤵
  PID:1232
- C:\Windows\System\LgKNPGv.exe
  C:\Windows\System\LgKNPGv.exe
  2⤵
  PID:2652
- C:\Windows\System\jYkWcbp.exe
  C:\Windows\System\jYkWcbp.exe
  2⤵
  PID:1472
- C:\Windows\System\QrPlEVd.exe
  C:\Windows\System\QrPlEVd.exe
  2⤵
  PID:3076
- C:\Windows\System\lzcwLCL.exe
  C:\Windows\System\lzcwLCL.exe
  2⤵
  PID:3096
- C:\Windows\System\UUsobOi.exe
  C:\Windows\System\UUsobOi.exe
  2⤵
  PID:3116
- C:\Windows\System\clSUHpe.exe
  C:\Windows\System\clSUHpe.exe
  2⤵
  PID:3136
- C:\Windows\System\nFAVTKr.exe
  C:\Windows\System\nFAVTKr.exe
  2⤵
  PID:3156
- C:\Windows\System\VsuDmAB.exe
  C:\Windows\System\VsuDmAB.exe
  2⤵
  PID:3176
- C:\Windows\System\kuTptUX.exe
  C:\Windows\System\kuTptUX.exe
  2⤵
  PID:3196
- C:\Windows\System\EfgxTEp.exe
  C:\Windows\System\EfgxTEp.exe
  2⤵
  PID:3216
- C:\Windows\System\NlzRNBt.exe
  C:\Windows\System\NlzRNBt.exe
  2⤵
  PID:3236
- C:\Windows\System\dYoWvLZ.exe
  C:\Windows\System\dYoWvLZ.exe
  2⤵
  PID:3256
- C:\Windows\System\LTMrQlf.exe
  C:\Windows\System\LTMrQlf.exe
  2⤵
  PID:3276
- C:\Windows\System\RMrwoud.exe
  C:\Windows\System\RMrwoud.exe
  2⤵
  PID:3296
- C:\Windows\System\AhmgzzV.exe
  C:\Windows\System\AhmgzzV.exe
  2⤵
  PID:3316
- C:\Windows\System\rzBaEHi.exe
  C:\Windows\System\rzBaEHi.exe
  2⤵
  PID:3336
- C:\Windows\System\GhbugBN.exe
  C:\Windows\System\GhbugBN.exe
  2⤵
  PID:3356
- C:\Windows\System\dYVfUeo.exe
  C:\Windows\System\dYVfUeo.exe
  2⤵
  PID:3376
- C:\Windows\System\AWsxYiy.exe
  C:\Windows\System\AWsxYiy.exe
  2⤵
  PID:3396
- C:\Windows\System\DZZutfm.exe
  C:\Windows\System\DZZutfm.exe
  2⤵
  PID:3416
- C:\Windows\System\cXtqIue.exe
  C:\Windows\System\cXtqIue.exe
  2⤵
  PID:3436
- C:\Windows\System\xlEdobG.exe
  C:\Windows\System\xlEdobG.exe
  2⤵
  PID:3456
- C:\Windows\System\irOespj.exe
  C:\Windows\System\irOespj.exe
  2⤵
  PID:3476
- C:\Windows\System\aAiAJTU.exe
  C:\Windows\System\aAiAJTU.exe
  2⤵
  PID:3496
- C:\Windows\System\cisHHwR.exe
  C:\Windows\System\cisHHwR.exe
  2⤵
  PID:3516
- C:\Windows\System\FldOjUc.exe
  C:\Windows\System\FldOjUc.exe
  2⤵
  PID:3536
- C:\Windows\System\edefYLt.exe
  C:\Windows\System\edefYLt.exe
  2⤵
  PID:3556
- C:\Windows\System\staWnjC.exe
  C:\Windows\System\staWnjC.exe
  2⤵
  PID:3576
- C:\Windows\System\OaLwakm.exe
  C:\Windows\System\OaLwakm.exe
  2⤵
  PID:3596
- C:\Windows\System\APLYiJP.exe
  C:\Windows\System\APLYiJP.exe
  2⤵
  PID:3616
- C:\Windows\System\IfhgZrb.exe
  C:\Windows\System\IfhgZrb.exe
  2⤵
  PID:3636
- C:\Windows\System\TfriRLa.exe
  C:\Windows\System\TfriRLa.exe
  2⤵
  PID:3656
- C:\Windows\System\BArMWho.exe
  C:\Windows\System\BArMWho.exe
  2⤵
  PID:3676
- C:\Windows\System\diuzJEe.exe
  C:\Windows\System\diuzJEe.exe
  2⤵
  PID:3696
- C:\Windows\System\ZcxdPbI.exe
  C:\Windows\System\ZcxdPbI.exe
  2⤵
  PID:3716
- C:\Windows\System\hsuHmMG.exe
  C:\Windows\System\hsuHmMG.exe
  2⤵
  PID:3736
- C:\Windows\System\QdOKYDl.exe
  C:\Windows\System\QdOKYDl.exe
  2⤵
  PID:3756
- C:\Windows\System\IxVDrrP.exe
  C:\Windows\System\IxVDrrP.exe
  2⤵
  PID:3776
- C:\Windows\System\jnbsEZp.exe
  C:\Windows\System\jnbsEZp.exe
  2⤵
  PID:3796
- C:\Windows\System\LGdVeNt.exe
  C:\Windows\System\LGdVeNt.exe
  2⤵
  PID:3816
- C:\Windows\System\xVxFBep.exe
  C:\Windows\System\xVxFBep.exe
  2⤵
  PID:3836
- C:\Windows\System\kuznbqE.exe
  C:\Windows\System\kuznbqE.exe
  2⤵
  PID:3856
- C:\Windows\System\nCDlUjM.exe
  C:\Windows\System\nCDlUjM.exe
  2⤵
  PID:3876
- C:\Windows\System\AMaYMSX.exe
  C:\Windows\System\AMaYMSX.exe
  2⤵
  PID:3896
- C:\Windows\System\IYSomJD.exe
  C:\Windows\System\IYSomJD.exe
  2⤵
  PID:3916
- C:\Windows\System\ybNFLVT.exe
  C:\Windows\System\ybNFLVT.exe
  2⤵
  PID:3936
- C:\Windows\System\GIWXXne.exe
  C:\Windows\System\GIWXXne.exe
  2⤵
  PID:3956
- C:\Windows\System\GLbTrRz.exe
  C:\Windows\System\GLbTrRz.exe
  2⤵
  PID:3976
- C:\Windows\System\WDQCCRu.exe
  C:\Windows\System\WDQCCRu.exe
  2⤵
  PID:3996
- C:\Windows\System\MzniGQY.exe
  C:\Windows\System\MzniGQY.exe
  2⤵
  PID:4016
- C:\Windows\System\PBkKTZE.exe
  C:\Windows\System\PBkKTZE.exe
  2⤵
  PID:4036
- C:\Windows\System\hizkaMY.exe
  C:\Windows\System\hizkaMY.exe
  2⤵
  PID:4056
- C:\Windows\System\EicXWBr.exe
  C:\Windows\System\EicXWBr.exe
  2⤵
  PID:4076
- C:\Windows\System\jYvOHHR.exe
  C:\Windows\System\jYvOHHR.exe
  2⤵
  PID:2396
- C:\Windows\System\kvPgbFV.exe
  C:\Windows\System\kvPgbFV.exe
  2⤵
  PID:2624
- C:\Windows\System\mtAehtl.exe
  C:\Windows\System\mtAehtl.exe
  2⤵
  PID:2292
- C:\Windows\System\fZGqiKd.exe
  C:\Windows\System\fZGqiKd.exe
  2⤵
  PID:2008
- C:\Windows\System\xVDKWrN.exe
  C:\Windows\System\xVDKWrN.exe
  2⤵
  PID:2508
- C:\Windows\System\NEyQFIK.exe
  C:\Windows\System\NEyQFIK.exe
  2⤵
  PID:2228
- C:\Windows\System\IAWrNEA.exe
  C:\Windows\System\IAWrNEA.exe
  2⤵
  PID:712
- C:\Windows\System\hsgUGeu.exe
  C:\Windows\System\hsgUGeu.exe
  2⤵
  PID:1624
- C:\Windows\System\bLZNQcM.exe
  C:\Windows\System\bLZNQcM.exe
  2⤵
  PID:2164
- C:\Windows\System\EQztzPg.exe
  C:\Windows\System\EQztzPg.exe
  2⤵
  PID:2020
- C:\Windows\System\FrvVuZD.exe
  C:\Windows\System\FrvVuZD.exe
  2⤵
  PID:3112
- C:\Windows\System\HLlQjun.exe
  C:\Windows\System\HLlQjun.exe
  2⤵
  PID:3152
- C:\Windows\System\eraqZLt.exe
  C:\Windows\System\eraqZLt.exe
  2⤵
  PID:3168
- C:\Windows\System\QzbsRsK.exe
  C:\Windows\System\QzbsRsK.exe
  2⤵
  PID:3212
- C:\Windows\System\MALrJEV.exe
  C:\Windows\System\MALrJEV.exe
  2⤵
  PID:3244
- C:\Windows\System\oCQHyiX.exe
  C:\Windows\System\oCQHyiX.exe
  2⤵
  PID:3268
- C:\Windows\System\hrFfBeI.exe
  C:\Windows\System\hrFfBeI.exe
  2⤵
  PID:3308
- C:\Windows\System\XTfWPXE.exe
  C:\Windows\System\XTfWPXE.exe
  2⤵
  PID:3328
- C:\Windows\System\NBBzZhO.exe
  C:\Windows\System\NBBzZhO.exe
  2⤵
  PID:3368
- C:\Windows\System\qCLZXOu.exe
  C:\Windows\System\qCLZXOu.exe
  2⤵
  PID:3412
- C:\Windows\System\FJBrLKD.exe
  C:\Windows\System\FJBrLKD.exe
  2⤵
  PID:3444
- C:\Windows\System\ZmrNLLk.exe
  C:\Windows\System\ZmrNLLk.exe
  2⤵
  PID:3468
- C:\Windows\System\DmDiNkx.exe
  C:\Windows\System\DmDiNkx.exe
  2⤵
  PID:3488
- C:\Windows\System\EIHLIry.exe
  C:\Windows\System\EIHLIry.exe
  2⤵
  PID:3544
- C:\Windows\System\TWfEkHP.exe
  C:\Windows\System\TWfEkHP.exe
  2⤵
  PID:3568
- C:\Windows\System\GmTelLQ.exe
  C:\Windows\System\GmTelLQ.exe
  2⤵
  PID:3612
- C:\Windows\System\WvRHCBL.exe
  C:\Windows\System\WvRHCBL.exe
  2⤵
  PID:3664
- C:\Windows\System\WDJGhqZ.exe
  C:\Windows\System\WDJGhqZ.exe
  2⤵
  PID:3668
- C:\Windows\System\YfidSVU.exe
  C:\Windows\System\YfidSVU.exe
  2⤵
  PID:3712
- C:\Windows\System\gdApHmj.exe
  C:\Windows\System\gdApHmj.exe
  2⤵
  PID:3752
- C:\Windows\System\hoDNvgz.exe
  C:\Windows\System\hoDNvgz.exe
  2⤵
  PID:3772
- C:\Windows\System\OAgxqwy.exe
  C:\Windows\System\OAgxqwy.exe
  2⤵
  PID:3824
- C:\Windows\System\zYsCwie.exe
  C:\Windows\System\zYsCwie.exe
  2⤵
  PID:3844
- C:\Windows\System\YrKvWHO.exe
  C:\Windows\System\YrKvWHO.exe
  2⤵
  PID:3868
- C:\Windows\System\hdoOAuV.exe
  C:\Windows\System\hdoOAuV.exe
  2⤵
  PID:3908
- C:\Windows\System\tvaDJLv.exe
  C:\Windows\System\tvaDJLv.exe
  2⤵
  PID:3952
- C:\Windows\System\vAKwkib.exe
  C:\Windows\System\vAKwkib.exe
  2⤵
  PID:3984
- C:\Windows\System\vxjZYQh.exe
  C:\Windows\System\vxjZYQh.exe
  2⤵
  PID:4032
- C:\Windows\System\hPaJcjA.exe
  C:\Windows\System\hPaJcjA.exe
  2⤵
  PID:4052
- C:\Windows\System\ZlIxcPG.exe
  C:\Windows\System\ZlIxcPG.exe
  2⤵
  PID:4084
- C:\Windows\System\pdxClAn.exe
  C:\Windows\System\pdxClAn.exe
  2⤵
  PID:932
- C:\Windows\System\JUJgqxN.exe
  C:\Windows\System\JUJgqxN.exe
  2⤵
  PID:1740
- C:\Windows\System\xCpNyPF.exe
  C:\Windows\System\xCpNyPF.exe
  2⤵
  PID:1464
- C:\Windows\System\PzLvOVG.exe
  C:\Windows\System\PzLvOVG.exe
  2⤵
  PID:320
- C:\Windows\System\eDUvZvr.exe
  C:\Windows\System\eDUvZvr.exe
  2⤵
  PID:1488
- C:\Windows\System\HsDrcSv.exe
  C:\Windows\System\HsDrcSv.exe
  2⤵
  PID:3092
- C:\Windows\System\AXkQmox.exe
  C:\Windows\System\AXkQmox.exe
  2⤵
  PID:3124
- C:\Windows\System\vPZOQES.exe
  C:\Windows\System\vPZOQES.exe
  2⤵
  PID:3188
- C:\Windows\System\uRUAczp.exe
  C:\Windows\System\uRUAczp.exe
  2⤵
  PID:3264
- C:\Windows\System\VsSszZk.exe
  C:\Windows\System\VsSszZk.exe
  2⤵
  PID:3288
- C:\Windows\System\QRoQQVA.exe
  C:\Windows\System\QRoQQVA.exe
  2⤵
  PID:3392
- C:\Windows\System\zVBLlHY.exe
  C:\Windows\System\zVBLlHY.exe
  2⤵
  PID:3424
- C:\Windows\System\ZEGqPZd.exe
  C:\Windows\System\ZEGqPZd.exe
  2⤵
  PID:3464
- C:\Windows\System\LgqOjEM.exe
  C:\Windows\System\LgqOjEM.exe
  2⤵
  PID:3532
- C:\Windows\System\RljMGPJ.exe
  C:\Windows\System\RljMGPJ.exe
  2⤵
  PID:3592
- C:\Windows\System\CnqLOvf.exe
  C:\Windows\System\CnqLOvf.exe
  2⤵
  PID:3632
- C:\Windows\System\XNmVmGr.exe
  C:\Windows\System\XNmVmGr.exe
  2⤵
  PID:3724
- C:\Windows\System\kmaqNUA.exe
  C:\Windows\System\kmaqNUA.exe
  2⤵
  PID:3748
- C:\Windows\System\dXhWSED.exe
  C:\Windows\System\dXhWSED.exe
  2⤵
  PID:3788
- C:\Windows\System\FJsCHeg.exe
  C:\Windows\System\FJsCHeg.exe
  2⤵
  PID:3852
- C:\Windows\System\RtQwHhF.exe
  C:\Windows\System\RtQwHhF.exe
  2⤵
  PID:3944
- C:\Windows\System\OYFOxqw.exe
  C:\Windows\System\OYFOxqw.exe
  2⤵
  PID:3988
- C:\Windows\System\waYZGEd.exe
  C:\Windows\System\waYZGEd.exe
  2⤵
  PID:4068
- C:\Windows\System\yMdglIS.exe
  C:\Windows\System\yMdglIS.exe
  2⤵
  PID:4088
- C:\Windows\System\WQzxRpR.exe
  C:\Windows\System\WQzxRpR.exe
  2⤵
  PID:2300
- C:\Windows\System\MjCEsLF.exe
  C:\Windows\System\MjCEsLF.exe
  2⤵
  PID:1552
- C:\Windows\System\fVrYHcA.exe
  C:\Windows\System\fVrYHcA.exe
  2⤵
  PID:960
- C:\Windows\System\lbYUivD.exe
  C:\Windows\System\lbYUivD.exe
  2⤵
  PID:3172
- C:\Windows\System\zBeZIOD.exe
  C:\Windows\System\zBeZIOD.exe
  2⤵
  PID:3272
- C:\Windows\System\jqikWDr.exe
  C:\Windows\System\jqikWDr.exe
  2⤵
  PID:3332
- C:\Windows\System\LpPqOVt.exe
  C:\Windows\System\LpPqOVt.exe
  2⤵
  PID:3524
- C:\Windows\System\eSxAAMb.exe
  C:\Windows\System\eSxAAMb.exe
  2⤵
  PID:3504
- C:\Windows\System\SlQEuJi.exe
  C:\Windows\System\SlQEuJi.exe
  2⤵
  PID:3628
- C:\Windows\System\htNqVxZ.exe
  C:\Windows\System\htNqVxZ.exe
  2⤵
  PID:4112
- C:\Windows\System\bOPtFeh.exe
  C:\Windows\System\bOPtFeh.exe
  2⤵
  PID:4132
- C:\Windows\System\dSGwLOL.exe
  C:\Windows\System\dSGwLOL.exe
  2⤵
  PID:4152
- C:\Windows\System\lrEZZJQ.exe
  C:\Windows\System\lrEZZJQ.exe
  2⤵
  PID:4172
- C:\Windows\System\BHGjXMQ.exe
  C:\Windows\System\BHGjXMQ.exe
  2⤵
  PID:4192
- C:\Windows\System\oUNtzGI.exe
  C:\Windows\System\oUNtzGI.exe
  2⤵
  PID:4212
- C:\Windows\System\DxxXyxb.exe
  C:\Windows\System\DxxXyxb.exe
  2⤵
  PID:4232
- C:\Windows\System\LBDaLtX.exe
  C:\Windows\System\LBDaLtX.exe
  2⤵
  PID:4252
- C:\Windows\System\DbphYgI.exe
  C:\Windows\System\DbphYgI.exe
  2⤵
  PID:4272
- C:\Windows\System\cDcxdcv.exe
  C:\Windows\System\cDcxdcv.exe
  2⤵
  PID:4292
- C:\Windows\System\BkqVMNO.exe
  C:\Windows\System\BkqVMNO.exe
  2⤵
  PID:4312
- C:\Windows\System\VkeEIrn.exe
  C:\Windows\System\VkeEIrn.exe
  2⤵
  PID:4332
- C:\Windows\System\CuJVRiU.exe
  C:\Windows\System\CuJVRiU.exe
  2⤵
  PID:4352
- C:\Windows\System\TCJazCZ.exe
  C:\Windows\System\TCJazCZ.exe
  2⤵
  PID:4372
- C:\Windows\System\IeMVyMb.exe
  C:\Windows\System\IeMVyMb.exe
  2⤵
  PID:4392
- C:\Windows\System\LHinDsx.exe
  C:\Windows\System\LHinDsx.exe
  2⤵
  PID:4412
- C:\Windows\System\rMJXouG.exe
  C:\Windows\System\rMJXouG.exe
  2⤵
  PID:4432
- C:\Windows\System\UzVfWme.exe
  C:\Windows\System\UzVfWme.exe
  2⤵
  PID:4452
- C:\Windows\System\gRyrZDN.exe
  C:\Windows\System\gRyrZDN.exe
  2⤵
  PID:4472
- C:\Windows\System\fwHiuuu.exe
  C:\Windows\System\fwHiuuu.exe
  2⤵
  PID:4492
- C:\Windows\System\uvnhVbZ.exe
  C:\Windows\System\uvnhVbZ.exe
  2⤵
  PID:4512
- C:\Windows\System\deXktnt.exe
  C:\Windows\System\deXktnt.exe
  2⤵
  PID:4532
- C:\Windows\System\gSvDCVA.exe
  C:\Windows\System\gSvDCVA.exe
  2⤵
  PID:4552
- C:\Windows\System\LFzPAji.exe
  C:\Windows\System\LFzPAji.exe
  2⤵
  PID:4572
- C:\Windows\System\KNyPdQI.exe
  C:\Windows\System\KNyPdQI.exe
  2⤵
  PID:4592
- C:\Windows\System\RQLrhgp.exe
  C:\Windows\System\RQLrhgp.exe
  2⤵
  PID:4612
- C:\Windows\System\ToznemZ.exe
  C:\Windows\System\ToznemZ.exe
  2⤵
  PID:4632
- C:\Windows\System\RcPkDWM.exe
  C:\Windows\System\RcPkDWM.exe
  2⤵
  PID:4652
- C:\Windows\System\KkOPnle.exe
  C:\Windows\System\KkOPnle.exe
  2⤵
  PID:4672
- C:\Windows\System\boZktNC.exe
  C:\Windows\System\boZktNC.exe
  2⤵
  PID:4696
- C:\Windows\System\Ihactxt.exe
  C:\Windows\System\Ihactxt.exe
  2⤵
  PID:4716
- C:\Windows\System\rTqtUxT.exe
  C:\Windows\System\rTqtUxT.exe
  2⤵
  PID:4736
- C:\Windows\System\xqRyoJp.exe
  C:\Windows\System\xqRyoJp.exe
  2⤵
  PID:4756
- C:\Windows\System\fmPKmeb.exe
  C:\Windows\System\fmPKmeb.exe
  2⤵
  PID:4776
- C:\Windows\System\kRGKpOp.exe
  C:\Windows\System\kRGKpOp.exe
  2⤵
  PID:4796
- C:\Windows\System\bGWMItI.exe
  C:\Windows\System\bGWMItI.exe
  2⤵
  PID:4816
- C:\Windows\System\rvXWZao.exe
  C:\Windows\System\rvXWZao.exe
  2⤵
  PID:4836
- C:\Windows\System\xdysiJr.exe
  C:\Windows\System\xdysiJr.exe
  2⤵
  PID:4856
- C:\Windows\System\qCtnUNR.exe
  C:\Windows\System\qCtnUNR.exe
  2⤵
  PID:4876
- C:\Windows\System\BoptnMw.exe
  C:\Windows\System\BoptnMw.exe
  2⤵
  PID:4896
- C:\Windows\System\nbdyuFt.exe
  C:\Windows\System\nbdyuFt.exe
  2⤵
  PID:4916
- C:\Windows\System\tiMhzfu.exe
  C:\Windows\System\tiMhzfu.exe
  2⤵
  PID:4936
- C:\Windows\System\zBKJkxQ.exe
  C:\Windows\System\zBKJkxQ.exe
  2⤵
  PID:4956
- C:\Windows\System\JwiItvJ.exe
  C:\Windows\System\JwiItvJ.exe
  2⤵
  PID:4976
- C:\Windows\System\eGsRbKo.exe
  C:\Windows\System\eGsRbKo.exe
  2⤵
  PID:4996
- C:\Windows\System\EpNZcWY.exe
  C:\Windows\System\EpNZcWY.exe
  2⤵
  PID:5016
- C:\Windows\System\pMbhzIS.exe
  C:\Windows\System\pMbhzIS.exe
  2⤵
  PID:5036
- C:\Windows\System\dqDMCsU.exe
  C:\Windows\System\dqDMCsU.exe
  2⤵
  PID:5056
- C:\Windows\System\FFywhkl.exe
  C:\Windows\System\FFywhkl.exe
  2⤵
  PID:5076
- C:\Windows\System\vkwfOfR.exe
  C:\Windows\System\vkwfOfR.exe
  2⤵
  PID:5096
- C:\Windows\System\ayvXsVu.exe
  C:\Windows\System\ayvXsVu.exe
  2⤵
  PID:5116
- C:\Windows\System\VEeUOOV.exe
  C:\Windows\System\VEeUOOV.exe
  2⤵
  PID:3648
- C:\Windows\System\fidCXzg.exe
  C:\Windows\System\fidCXzg.exe
  2⤵
  PID:3804
- C:\Windows\System\UKYiGKL.exe
  C:\Windows\System\UKYiGKL.exe
  2⤵
  PID:3924
- C:\Windows\System\IrKnpTM.exe
  C:\Windows\System\IrKnpTM.exe
  2⤵
  PID:4008
- C:\Windows\System\nfJsrEV.exe
  C:\Windows\System\nfJsrEV.exe
  2⤵
  PID:1788
- C:\Windows\System\LjvLqAM.exe
  C:\Windows\System\LjvLqAM.exe
  2⤵
  PID:2220
- C:\Windows\System\ZOuHOiB.exe
  C:\Windows\System\ZOuHOiB.exe
  2⤵
  PID:3144
- C:\Windows\System\UREGhVO.exe
  C:\Windows\System\UREGhVO.exe
  2⤵
  PID:3192
- C:\Windows\System\AqCakkb.exe
  C:\Windows\System\AqCakkb.exe
  2⤵
  PID:3428
- C:\Windows\System\vjQkTfg.exe
  C:\Windows\System\vjQkTfg.exe
  2⤵
  PID:3588
- C:\Windows\System\BmopDjt.exe
  C:\Windows\System\BmopDjt.exe
  2⤵
  PID:4140
- C:\Windows\System\CgzbzaY.exe
  C:\Windows\System\CgzbzaY.exe
  2⤵
  PID:4180
- C:\Windows\System\PTKWNiY.exe
  C:\Windows\System\PTKWNiY.exe
  2⤵
  PID:4184
- C:\Windows\System\azAJYLN.exe
  C:\Windows\System\azAJYLN.exe
  2⤵
  PID:4228
- C:\Windows\System\ATkERaP.exe
  C:\Windows\System\ATkERaP.exe
  2⤵
  PID:4260
- C:\Windows\System\gkqLuoM.exe
  C:\Windows\System\gkqLuoM.exe
  2⤵
  PID:4300
- C:\Windows\System\fADxGLi.exe
  C:\Windows\System\fADxGLi.exe
  2⤵
  PID:4328
- C:\Windows\System\whvKXBL.exe
  C:\Windows\System\whvKXBL.exe
  2⤵
  PID:4360
- C:\Windows\System\KoWoxCL.exe
  C:\Windows\System\KoWoxCL.exe
  2⤵
  PID:4384
- C:\Windows\System\lkLecUm.exe
  C:\Windows\System\lkLecUm.exe
  2⤵
  PID:4428
- C:\Windows\System\zuPldlW.exe
  C:\Windows\System\zuPldlW.exe
  2⤵
  PID:4464
- C:\Windows\System\Xztmqbr.exe
  C:\Windows\System\Xztmqbr.exe
  2⤵
  PID:4488
- C:\Windows\System\HLAdTDK.exe
  C:\Windows\System\HLAdTDK.exe
  2⤵
  PID:4528
- C:\Windows\System\tZbOZau.exe
  C:\Windows\System\tZbOZau.exe
  2⤵
  PID:4560
- C:\Windows\System\RMUmHeW.exe
  C:\Windows\System\RMUmHeW.exe
  2⤵
  PID:4588
- C:\Windows\System\RQfhiXA.exe
  C:\Windows\System\RQfhiXA.exe
  2⤵
  PID:4624
- C:\Windows\System\VZtHFdG.exe
  C:\Windows\System\VZtHFdG.exe
  2⤵
  PID:4648
- C:\Windows\System\cFNqmRP.exe
  C:\Windows\System\cFNqmRP.exe
  2⤵
  PID:4684
- C:\Windows\System\FIMzXrU.exe
  C:\Windows\System\FIMzXrU.exe
  2⤵
  PID:4732
- C:\Windows\System\dooaEju.exe
  C:\Windows\System\dooaEju.exe
  2⤵
  PID:4764
- C:\Windows\System\ideJfvQ.exe
  C:\Windows\System\ideJfvQ.exe
  2⤵
  PID:4768
- C:\Windows\System\cueXWOC.exe
  C:\Windows\System\cueXWOC.exe
  2⤵
  PID:4832
- C:\Windows\System\lZhpLWU.exe
  C:\Windows\System\lZhpLWU.exe
  2⤵
  PID:4848
- C:\Windows\System\NpwdLqc.exe
  C:\Windows\System\NpwdLqc.exe
  2⤵
  PID:4904
- C:\Windows\System\KbyPeLP.exe
  C:\Windows\System\KbyPeLP.exe
  2⤵
  PID:1576
- C:\Windows\System\tNHsvxC.exe
  C:\Windows\System\tNHsvxC.exe
  2⤵
  PID:4948
- C:\Windows\System\AxkQEJa.exe
  C:\Windows\System\AxkQEJa.exe
  2⤵
  PID:4992
- C:\Windows\System\gUOAKdU.exe
  C:\Windows\System\gUOAKdU.exe
  2⤵
  PID:5008
- C:\Windows\System\bsKFjtw.exe
  C:\Windows\System\bsKFjtw.exe
  2⤵
  PID:5064
- C:\Windows\System\vDncfjB.exe
  C:\Windows\System\vDncfjB.exe
  2⤵
  PID:5092
- C:\Windows\System\uKaOHSQ.exe
  C:\Windows\System\uKaOHSQ.exe
  2⤵
  PID:3692
- C:\Windows\System\CvcluAo.exe
  C:\Windows\System\CvcluAo.exe
  2⤵
  PID:3764
- C:\Windows\System\jMfQyXi.exe
  C:\Windows\System\jMfQyXi.exe
  2⤵
  PID:4024
- C:\Windows\System\quUxnmD.exe
  C:\Windows\System\quUxnmD.exe
  2⤵
  PID:2808
- C:\Windows\System\PklIarM.exe
  C:\Windows\System\PklIarM.exe
  2⤵
  PID:1364
- C:\Windows\System\GZaDYwU.exe
  C:\Windows\System\GZaDYwU.exe
  2⤵
  PID:3472
- C:\Windows\System\gfCJekE.exe
  C:\Windows\System\gfCJekE.exe
  2⤵
  PID:4120
- C:\Windows\System\aLDisgY.exe
  C:\Windows\System\aLDisgY.exe
  2⤵
  PID:4188
- C:\Windows\System\vChozDj.exe
  C:\Windows\System\vChozDj.exe
  2⤵
  PID:4208
- C:\Windows\System\lFKlysJ.exe
  C:\Windows\System\lFKlysJ.exe
  2⤵
  PID:4288
- C:\Windows\System\TdJVhQX.exe
  C:\Windows\System\TdJVhQX.exe
  2⤵
  PID:4320
- C:\Windows\System\cTgrHRb.exe
  C:\Windows\System\cTgrHRb.exe
  2⤵
  PID:4408
- C:\Windows\System\GiFeXqI.exe
  C:\Windows\System\GiFeXqI.exe
  2⤵
  PID:4468
- C:\Windows\System\IaFuANh.exe
  C:\Windows\System\IaFuANh.exe
  2⤵
  PID:4508
- C:\Windows\System\KwZQUOe.exe
  C:\Windows\System\KwZQUOe.exe
  2⤵
  PID:4524
- C:\Windows\System\QEHHjko.exe
  C:\Windows\System\QEHHjko.exe
  2⤵
  PID:4608
- C:\Windows\System\BNWzpwY.exe
  C:\Windows\System\BNWzpwY.exe
  2⤵
  PID:4664
- C:\Windows\System\pmJHGNJ.exe
  C:\Windows\System\pmJHGNJ.exe
  2⤵
  PID:4724
- C:\Windows\System\BsPdeFX.exe
  C:\Windows\System\BsPdeFX.exe
  2⤵
  PID:4812
- C:\Windows\System\fVoBFQv.exe
  C:\Windows\System\fVoBFQv.exe
  2⤵
  PID:4864
- C:\Windows\System\pOdQhPN.exe
  C:\Windows\System\pOdQhPN.exe
  2⤵
  PID:4884
- C:\Windows\System\GNDQyzp.exe
  C:\Windows\System\GNDQyzp.exe
  2⤵
  PID:4952
- C:\Windows\System\xzvdQlL.exe
  C:\Windows\System\xzvdQlL.exe
  2⤵
  PID:5012
- C:\Windows\System\xvYfoAW.exe
  C:\Windows\System\xvYfoAW.exe
  2⤵
  PID:5052
- C:\Windows\System\uEYCqKj.exe
  C:\Windows\System\uEYCqKj.exe
  2⤵
  PID:5108
- C:\Windows\System\BDHytup.exe
  C:\Windows\System\BDHytup.exe
  2⤵
  PID:3932
- C:\Windows\System\GlmvBom.exe
  C:\Windows\System\GlmvBom.exe
  2⤵
  PID:4028
- C:\Windows\System\ZiQUTYp.exe
  C:\Windows\System\ZiQUTYp.exe
  2⤵
  PID:2664
- C:\Windows\System\VVFfIpe.exe
  C:\Windows\System\VVFfIpe.exe
  2⤵
  PID:3372
- C:\Windows\System\DtAXuvy.exe
  C:\Windows\System\DtAXuvy.exe
  2⤵
  PID:4244
- C:\Windows\System\hcdVLLF.exe
  C:\Windows\System\hcdVLLF.exe
  2⤵
  PID:4284
- C:\Windows\System\ZiboIAe.exe
  C:\Windows\System\ZiboIAe.exe
  2⤵
  PID:4380
- C:\Windows\System\pwWxJVG.exe
  C:\Windows\System\pwWxJVG.exe
  2⤵
  PID:4460
- C:\Windows\System\kzlhIgS.exe
  C:\Windows\System\kzlhIgS.exe
  2⤵
  PID:4580
- C:\Windows\System\AOTonCP.exe
  C:\Windows\System\AOTonCP.exe
  2⤵
  PID:4744
- C:\Windows\System\ScdLwfL.exe
  C:\Windows\System\ScdLwfL.exe
  2⤵
  PID:5128
- C:\Windows\System\mQDxDgI.exe
  C:\Windows\System\mQDxDgI.exe
  2⤵
  PID:5148
- C:\Windows\System\ayjPtUP.exe
  C:\Windows\System\ayjPtUP.exe
  2⤵
  PID:5168
- C:\Windows\System\Nlmwnaz.exe
  C:\Windows\System\Nlmwnaz.exe
  2⤵
  PID:5192
- C:\Windows\System\VtJrFaV.exe
  C:\Windows\System\VtJrFaV.exe
  2⤵
  PID:5212
- C:\Windows\System\pPeMsAq.exe
  C:\Windows\System\pPeMsAq.exe
  2⤵
  PID:5232
- C:\Windows\System\tTwBIHq.exe
  C:\Windows\System\tTwBIHq.exe
  2⤵
  PID:5252
- C:\Windows\System\JuNMmjv.exe
  C:\Windows\System\JuNMmjv.exe
  2⤵
  PID:5272
- C:\Windows\System\LqFiTNn.exe
  C:\Windows\System\LqFiTNn.exe
  2⤵
  PID:5292
- C:\Windows\System\QNaYuRu.exe
  C:\Windows\System\QNaYuRu.exe
  2⤵
  PID:5312
- C:\Windows\System\aRJBDGI.exe
  C:\Windows\System\aRJBDGI.exe
  2⤵
  PID:5332
- C:\Windows\System\WjFLmEr.exe
  C:\Windows\System\WjFLmEr.exe
  2⤵
  PID:5352
- C:\Windows\System\YSSSybj.exe
  C:\Windows\System\YSSSybj.exe
  2⤵
  PID:5372
- C:\Windows\System\panfbZI.exe
  C:\Windows\System\panfbZI.exe
  2⤵
  PID:5392
- C:\Windows\System\WiatqEF.exe
  C:\Windows\System\WiatqEF.exe
  2⤵
  PID:5412
- C:\Windows\System\MYrfWOg.exe
  C:\Windows\System\MYrfWOg.exe
  2⤵
  PID:5432
- C:\Windows\System\wxiZDEq.exe
  C:\Windows\System\wxiZDEq.exe
  2⤵
  PID:5452
- C:\Windows\System\UTArCSb.exe
  C:\Windows\System\UTArCSb.exe
  2⤵
  PID:5472
- C:\Windows\System\yBYTKkF.exe
  C:\Windows\System\yBYTKkF.exe
  2⤵
  PID:5492
- C:\Windows\System\coXgOix.exe
  C:\Windows\System\coXgOix.exe
  2⤵
  PID:5512
- C:\Windows\System\NZYwmuE.exe
  C:\Windows\System\NZYwmuE.exe
  2⤵
  PID:5532
- C:\Windows\System\bAvfiin.exe
  C:\Windows\System\bAvfiin.exe
  2⤵
  PID:5552
- C:\Windows\System\ahAtohX.exe
  C:\Windows\System\ahAtohX.exe
  2⤵
  PID:5572
- C:\Windows\System\cTIuPlC.exe
  C:\Windows\System\cTIuPlC.exe
  2⤵
  PID:5592
- C:\Windows\System\yODyqEB.exe
  C:\Windows\System\yODyqEB.exe
  2⤵
  PID:5612
- C:\Windows\System\rRkZPws.exe
  C:\Windows\System\rRkZPws.exe
  2⤵
  PID:5632
- C:\Windows\System\FQIkRAn.exe
  C:\Windows\System\FQIkRAn.exe
  2⤵
  PID:5652
- C:\Windows\System\KUiubSd.exe
  C:\Windows\System\KUiubSd.exe
  2⤵
  PID:5672
- C:\Windows\System\JRlQrRl.exe
  C:\Windows\System\JRlQrRl.exe
  2⤵
  PID:5692
- C:\Windows\System\WkMeNdC.exe
  C:\Windows\System\WkMeNdC.exe
  2⤵
  PID:5712
- C:\Windows\System\YVcrxYK.exe
  C:\Windows\System\YVcrxYK.exe
  2⤵
  PID:5732
- C:\Windows\System\dnXrWrZ.exe
  C:\Windows\System\dnXrWrZ.exe
  2⤵
  PID:5752
- C:\Windows\System\wAjEHTA.exe
  C:\Windows\System\wAjEHTA.exe
  2⤵
  PID:5772
- C:\Windows\System\YBnLEKK.exe
  C:\Windows\System\YBnLEKK.exe
  2⤵
  PID:5792
- C:\Windows\System\dkMuiHW.exe
  C:\Windows\System\dkMuiHW.exe
  2⤵
  PID:5812
- C:\Windows\System\UpOnJZn.exe
  C:\Windows\System\UpOnJZn.exe
  2⤵
  PID:5836
- C:\Windows\System\mnnlvrI.exe
  C:\Windows\System\mnnlvrI.exe
  2⤵
  PID:5856
- C:\Windows\System\vjdxtno.exe
  C:\Windows\System\vjdxtno.exe
  2⤵
  PID:5876
- C:\Windows\System\gfIIyai.exe
  C:\Windows\System\gfIIyai.exe
  2⤵
  PID:5896
- C:\Windows\System\vpEzcPP.exe
  C:\Windows\System\vpEzcPP.exe
  2⤵
  PID:5916
- C:\Windows\System\ydlIrsz.exe
  C:\Windows\System\ydlIrsz.exe
  2⤵
  PID:5936
- C:\Windows\System\EvwzCiV.exe
  C:\Windows\System\EvwzCiV.exe
  2⤵
  PID:5956
- C:\Windows\System\tGhMLzc.exe
  C:\Windows\System\tGhMLzc.exe
  2⤵
  PID:5976
- C:\Windows\System\zbumSnB.exe
  C:\Windows\System\zbumSnB.exe
  2⤵
  PID:5996
- C:\Windows\System\fHCCaMx.exe
  C:\Windows\System\fHCCaMx.exe
  2⤵
  PID:6016
- C:\Windows\System\BDbxWxt.exe
  C:\Windows\System\BDbxWxt.exe
  2⤵
  PID:6036
- C:\Windows\System\LZMdExa.exe
  C:\Windows\System\LZMdExa.exe
  2⤵
  PID:6056
- C:\Windows\System\DOzdreb.exe
  C:\Windows\System\DOzdreb.exe
  2⤵
  PID:6076
- C:\Windows\System\QMuahHf.exe
  C:\Windows\System\QMuahHf.exe
  2⤵
  PID:6096
- C:\Windows\System\zFPEQAP.exe
  C:\Windows\System\zFPEQAP.exe
  2⤵
  PID:6116
- C:\Windows\System\HCJrVGj.exe
  C:\Windows\System\HCJrVGj.exe
  2⤵
  PID:6136
- C:\Windows\System\DyzKguT.exe
  C:\Windows\System\DyzKguT.exe
  2⤵
  PID:4808
- C:\Windows\System\dezgTpS.exe
  C:\Windows\System\dezgTpS.exe
  2⤵
  PID:4928
- C:\Windows\System\NFrPIRs.exe
  C:\Windows\System\NFrPIRs.exe
  2⤵
  PID:5024
- C:\Windows\System\lPISCqj.exe
  C:\Windows\System\lPISCqj.exe
  2⤵
  PID:5112
- C:\Windows\System\VCIkMkV.exe
  C:\Windows\System\VCIkMkV.exe
  2⤵
  PID:3948
- C:\Windows\System\qvnwrVU.exe
  C:\Windows\System\qvnwrVU.exe
  2⤵
  PID:3364
- C:\Windows\System\sycudbI.exe
  C:\Windows\System\sycudbI.exe
  2⤵
  PID:4204
- C:\Windows\System\eLlmXHq.exe
  C:\Windows\System\eLlmXHq.exe
  2⤵
  PID:4264
- C:\Windows\System\SMpJmfo.exe
  C:\Windows\System\SMpJmfo.exe
  2⤵
  PID:4480
- C:\Windows\System\MGFvmtS.exe
  C:\Windows\System\MGFvmtS.exe
  2⤵
  PID:4660
- C:\Windows\System\VHTvgFc.exe
  C:\Windows\System\VHTvgFc.exe
  2⤵
  PID:5136
- C:\Windows\System\OrFBBWV.exe
  C:\Windows\System\OrFBBWV.exe
  2⤵
  PID:5140
- C:\Windows\System\IFFIDyF.exe
  C:\Windows\System\IFFIDyF.exe
  2⤵
  PID:5208
- C:\Windows\System\aJwxTrJ.exe
  C:\Windows\System\aJwxTrJ.exe
  2⤵
  PID:5224
- C:\Windows\System\GreYdMg.exe
  C:\Windows\System\GreYdMg.exe
  2⤵
  PID:5288
- C:\Windows\System\xznTjBs.exe
  C:\Windows\System\xznTjBs.exe
  2⤵
  PID:5328
- C:\Windows\System\uQsCeQt.exe
  C:\Windows\System\uQsCeQt.exe
  2⤵
  PID:5348
- C:\Windows\System\rdamzGz.exe
  C:\Windows\System\rdamzGz.exe
  2⤵
  PID:5400
- C:\Windows\System\nuCtEIx.exe
  C:\Windows\System\nuCtEIx.exe
  2⤵
  PID:5404
- C:\Windows\System\zgaooGy.exe
  C:\Windows\System\zgaooGy.exe
  2⤵
  PID:5448
- C:\Windows\System\GsLjbRP.exe
  C:\Windows\System\GsLjbRP.exe
  2⤵
  PID:5468
- C:\Windows\System\xsAdwab.exe
  C:\Windows\System\xsAdwab.exe
  2⤵
  PID:5528
- C:\Windows\System\AYUTPrn.exe
  C:\Windows\System\AYUTPrn.exe
  2⤵
  PID:5540
- C:\Windows\System\xYyqhkw.exe
  C:\Windows\System\xYyqhkw.exe
  2⤵
  PID:5580
- C:\Windows\System\EJCoMdr.exe
  C:\Windows\System\EJCoMdr.exe
  2⤵
  PID:5604
- C:\Windows\System\UmRCyCs.exe
  C:\Windows\System\UmRCyCs.exe
  2⤵
  PID:5648
- C:\Windows\System\lUSWKrx.exe
  C:\Windows\System\lUSWKrx.exe
  2⤵
  PID:5668
- C:\Windows\System\UbBWvHX.exe
  C:\Windows\System\UbBWvHX.exe
  2⤵
  PID:5728
- C:\Windows\System\RGVAjTi.exe
  C:\Windows\System\RGVAjTi.exe
  2⤵
  PID:5748
- C:\Windows\System\QOsSCfP.exe
  C:\Windows\System\QOsSCfP.exe
  2⤵
  PID:5780
- C:\Windows\System\UOzzgDr.exe
  C:\Windows\System\UOzzgDr.exe
  2⤵
  PID:5804
- C:\Windows\System\WKcWmcb.exe
  C:\Windows\System\WKcWmcb.exe
  2⤵
  PID:5824
- C:\Windows\System\qcSKTkI.exe
  C:\Windows\System\qcSKTkI.exe
  2⤵
  PID:5884
- C:\Windows\System\cgNUlDO.exe
  C:\Windows\System\cgNUlDO.exe
  2⤵
  PID:5912
- C:\Windows\System\lUiivpu.exe
  C:\Windows\System\lUiivpu.exe
  2⤵
  PID:5952
- C:\Windows\System\pNSNtVv.exe
  C:\Windows\System\pNSNtVv.exe
  2⤵
  PID:5984
- C:\Windows\System\JTBRcvm.exe
  C:\Windows\System\JTBRcvm.exe
  2⤵
  PID:5988
- C:\Windows\System\rPsamrU.exe
  C:\Windows\System\rPsamrU.exe
  2⤵
  PID:6028
- C:\Windows\System\AEyiqUm.exe
  C:\Windows\System\AEyiqUm.exe
  2⤵
  PID:6084
- C:\Windows\System\FFpedbt.exe
  C:\Windows\System\FFpedbt.exe
  2⤵
  PID:6108
- C:\Windows\System\sSbdZFZ.exe
  C:\Windows\System\sSbdZFZ.exe
  2⤵
  PID:4924
- C:\Windows\System\pHOMQkV.exe
  C:\Windows\System\pHOMQkV.exe
  2⤵
  PID:4868
- C:\Windows\System\HIMIdqz.exe
  C:\Windows\System\HIMIdqz.exe
  2⤵
  PID:5028
- C:\Windows\System\PKPaPUh.exe
  C:\Windows\System\PKPaPUh.exe
  2⤵
  PID:3792
- C:\Windows\System\ReeCKDC.exe
  C:\Windows\System\ReeCKDC.exe
  2⤵
  PID:4348
- C:\Windows\System\pPGBEmj.exe
  C:\Windows\System\pPGBEmj.exe
  2⤵
  PID:4584
- C:\Windows\System\YYwGlGE.exe
  C:\Windows\System\YYwGlGE.exe
  2⤵
  PID:5164
- C:\Windows\System\pCWWNNy.exe
  C:\Windows\System\pCWWNNy.exe
  2⤵
  PID:5188
- C:\Windows\System\xsaKtZV.exe
  C:\Windows\System\xsaKtZV.exe
  2⤵
  PID:5220
- C:\Windows\System\vjiZeAQ.exe
  C:\Windows\System\vjiZeAQ.exe
  2⤵
  PID:5320
- C:\Windows\System\iFVdECU.exe
  C:\Windows\System\iFVdECU.exe
  2⤵
  PID:5340
- C:\Windows\System\VzovSGc.exe
  C:\Windows\System\VzovSGc.exe
  2⤵
  PID:5424
- C:\Windows\System\JVdwTgs.exe
  C:\Windows\System\JVdwTgs.exe
  2⤵
  PID:5460
- C:\Windows\System\UHywFWS.exe
  C:\Windows\System\UHywFWS.exe
  2⤵
  PID:5504
- C:\Windows\System\cgJsFiW.exe
  C:\Windows\System\cgJsFiW.exe
  2⤵
  PID:5568
- C:\Windows\System\KEzQkQd.exe
  C:\Windows\System\KEzQkQd.exe
  2⤵
  PID:5624
- C:\Windows\System\jkztSDy.exe
  C:\Windows\System\jkztSDy.exe
  2⤵
  PID:5700
- C:\Windows\System\QkIMoxD.exe
  C:\Windows\System\QkIMoxD.exe
  2⤵
  PID:5724
- C:\Windows\System\YeNhpxE.exe
  C:\Windows\System\YeNhpxE.exe
  2⤵
  PID:5808
- C:\Windows\System\qUtkCGw.exe
  C:\Windows\System\qUtkCGw.exe
  2⤵
  PID:5864
- C:\Windows\System\qTtGMAA.exe
  C:\Windows\System\qTtGMAA.exe
  2⤵
  PID:5964
- C:\Windows\System\GDxynJG.exe
  C:\Windows\System\GDxynJG.exe
  2⤵
  PID:5944
- C:\Windows\System\LDTgSBZ.exe
  C:\Windows\System\LDTgSBZ.exe
  2⤵
  PID:6044
- C:\Windows\System\fNcDmPA.exe
  C:\Windows\System\fNcDmPA.exe
  2⤵
  PID:6068
- C:\Windows\System\kXbheeJ.exe
  C:\Windows\System\kXbheeJ.exe
  2⤵
  PID:4792
- C:\Windows\System\GQVdDyG.exe
  C:\Windows\System\GQVdDyG.exe
  2⤵
  PID:3304
- C:\Windows\System\VYaFbMA.exe
  C:\Windows\System\VYaFbMA.exe
  2⤵
  PID:5084
- C:\Windows\System\OOMOrLF.exe
  C:\Windows\System\OOMOrLF.exe
  2⤵
  PID:4144
- C:\Windows\System\vbHhzFx.exe
  C:\Windows\System\vbHhzFx.exe
  2⤵
  PID:5160
- C:\Windows\System\ehOlglF.exe
  C:\Windows\System\ehOlglF.exe
  2⤵
  PID:5268
- C:\Windows\System\iCWJhdC.exe
  C:\Windows\System\iCWJhdC.exe
  2⤵
  PID:5344
- C:\Windows\System\cHgHiJp.exe
  C:\Windows\System\cHgHiJp.exe
  2⤵
  PID:5388
- C:\Windows\System\mIaHbeB.exe
  C:\Windows\System\mIaHbeB.exe
  2⤵
  PID:5520
- C:\Windows\System\EBNFAyn.exe
  C:\Windows\System\EBNFAyn.exe
  2⤵
  PID:5600
- C:\Windows\System\GnJeooQ.exe
  C:\Windows\System\GnJeooQ.exe
  2⤵
  PID:5684
- C:\Windows\System\nNDqRKE.exe
  C:\Windows\System\nNDqRKE.exe
  2⤵
  PID:5784
- C:\Windows\System\qnJjbrw.exe
  C:\Windows\System\qnJjbrw.exe
  2⤵
  PID:5972
- C:\Windows\System\dLslnWh.exe
  C:\Windows\System\dLslnWh.exe
  2⤵
  PID:6004
- C:\Windows\System\gyYPaFo.exe
  C:\Windows\System\gyYPaFo.exe
  2⤵
  PID:6064
- C:\Windows\System\sFUxXQk.exe
  C:\Windows\System\sFUxXQk.exe
  2⤵
  PID:4752
- C:\Windows\System\eLKHjqi.exe
  C:\Windows\System\eLKHjqi.exe
  2⤵
  PID:6152
- C:\Windows\System\ogOmufa.exe
  C:\Windows\System\ogOmufa.exe
  2⤵
  PID:6172
- C:\Windows\System\oPKTSLW.exe
  C:\Windows\System\oPKTSLW.exe
  2⤵
  PID:6192
- C:\Windows\System\rAsHojm.exe
  C:\Windows\System\rAsHojm.exe
  2⤵
  PID:6212
- C:\Windows\System\tYTGroE.exe
  C:\Windows\System\tYTGroE.exe
  2⤵
  PID:6232
- C:\Windows\System\qbkGqxJ.exe
  C:\Windows\System\qbkGqxJ.exe
  2⤵
  PID:6252
- C:\Windows\System\tKVaDqM.exe
  C:\Windows\System\tKVaDqM.exe
  2⤵
  PID:6272
- C:\Windows\System\LszuwNn.exe
  C:\Windows\System\LszuwNn.exe
  2⤵
  PID:6292
- C:\Windows\System\KcUmThC.exe
  C:\Windows\System\KcUmThC.exe
  2⤵
  PID:6312
- C:\Windows\System\ZFKTumi.exe
  C:\Windows\System\ZFKTumi.exe
  2⤵
  PID:6332
- C:\Windows\System\gYWyNZQ.exe
  C:\Windows\System\gYWyNZQ.exe
  2⤵
  PID:6352
- C:\Windows\System\IfOWLul.exe
  C:\Windows\System\IfOWLul.exe
  2⤵
  PID:6372
- C:\Windows\System\XfpQcat.exe
  C:\Windows\System\XfpQcat.exe
  2⤵
  PID:6392
- C:\Windows\System\zALZDtv.exe
  C:\Windows\System\zALZDtv.exe
  2⤵
  PID:6412
- C:\Windows\System\HfgDmFs.exe
  C:\Windows\System\HfgDmFs.exe
  2⤵
  PID:6432
- C:\Windows\System\TFREEvf.exe
  C:\Windows\System\TFREEvf.exe
  2⤵
  PID:6452
- C:\Windows\System\PaUydiK.exe
  C:\Windows\System\PaUydiK.exe
  2⤵
  PID:6472
- C:\Windows\System\wOthQqh.exe
  C:\Windows\System\wOthQqh.exe
  2⤵
  PID:6492
- C:\Windows\System\OBGXBGP.exe
  C:\Windows\System\OBGXBGP.exe
  2⤵
  PID:6512
- C:\Windows\System\VsPxGzU.exe
  C:\Windows\System\VsPxGzU.exe
  2⤵
  PID:6532
- C:\Windows\System\XRgUUOO.exe
  C:\Windows\System\XRgUUOO.exe
  2⤵
  PID:6556
- C:\Windows\System\PeStAcV.exe
  C:\Windows\System\PeStAcV.exe
  2⤵
  PID:6576
- C:\Windows\System\eBrwkmo.exe
  C:\Windows\System\eBrwkmo.exe
  2⤵
  PID:6596
- C:\Windows\System\moMtnZh.exe
  C:\Windows\System\moMtnZh.exe
  2⤵
  PID:6616
- C:\Windows\System\yCsagYf.exe
  C:\Windows\System\yCsagYf.exe
  2⤵
  PID:6636
- C:\Windows\System\BHGNDoO.exe
  C:\Windows\System\BHGNDoO.exe
  2⤵
  PID:6656
- C:\Windows\System\WJExqrD.exe
  C:\Windows\System\WJExqrD.exe
  2⤵
  PID:6676
- C:\Windows\System\ledkBOx.exe
  C:\Windows\System\ledkBOx.exe
  2⤵
  PID:6696
- C:\Windows\System\FkomeZb.exe
  C:\Windows\System\FkomeZb.exe
  2⤵
  PID:6716
- C:\Windows\System\SsKtrVI.exe
  C:\Windows\System\SsKtrVI.exe
  2⤵
  PID:6736
- C:\Windows\System\AuvdezT.exe
  C:\Windows\System\AuvdezT.exe
  2⤵
  PID:6756
- C:\Windows\System\kUhhWqp.exe
  C:\Windows\System\kUhhWqp.exe
  2⤵
  PID:6776
- C:\Windows\System\ZljAXQB.exe
  C:\Windows\System\ZljAXQB.exe
  2⤵
  PID:6796
- C:\Windows\System\qFLNURd.exe
  C:\Windows\System\qFLNURd.exe
  2⤵
  PID:6816
- C:\Windows\System\pAiDUpr.exe
  C:\Windows\System\pAiDUpr.exe
  2⤵
  PID:6836
- C:\Windows\System\wveTxPL.exe
  C:\Windows\System\wveTxPL.exe
  2⤵
  PID:6856
- C:\Windows\System\RHRJZKJ.exe
  C:\Windows\System\RHRJZKJ.exe
  2⤵
  PID:6876
- C:\Windows\System\NzoacXY.exe
  C:\Windows\System\NzoacXY.exe
  2⤵
  PID:6896
- C:\Windows\System\ukkujoL.exe
  C:\Windows\System\ukkujoL.exe
  2⤵
  PID:6916
- C:\Windows\System\CWQbCZF.exe
  C:\Windows\System\CWQbCZF.exe
  2⤵
  PID:6936
- C:\Windows\System\TVCnoTC.exe
  C:\Windows\System\TVCnoTC.exe
  2⤵
  PID:6956
- C:\Windows\System\qQIrpUx.exe
  C:\Windows\System\qQIrpUx.exe
  2⤵
  PID:6976
- C:\Windows\System\ryfjarq.exe
  C:\Windows\System\ryfjarq.exe
  2⤵
  PID:6996
- C:\Windows\System\OueqgMj.exe
  C:\Windows\System\OueqgMj.exe
  2⤵
  PID:7016
- C:\Windows\System\gYDvEjh.exe
  C:\Windows\System\gYDvEjh.exe
  2⤵
  PID:7036
- C:\Windows\System\XUsEmfT.exe
  C:\Windows\System\XUsEmfT.exe
  2⤵
  PID:7056
- C:\Windows\System\ogewQfY.exe
  C:\Windows\System\ogewQfY.exe
  2⤵
  PID:7076
- C:\Windows\System\fITZoAM.exe
  C:\Windows\System\fITZoAM.exe
  2⤵
  PID:7096
- C:\Windows\System\FlYaRJC.exe
  C:\Windows\System\FlYaRJC.exe
  2⤵
  PID:7116
- C:\Windows\System\eWytChj.exe
  C:\Windows\System\eWytChj.exe
  2⤵
  PID:7136
- C:\Windows\System\ovyVoxy.exe
  C:\Windows\System\ovyVoxy.exe
  2⤵
  PID:7156
- C:\Windows\System\tdDyvRQ.exe
  C:\Windows\System\tdDyvRQ.exe
  2⤵
  PID:4128
- C:\Windows\System\tLGzhXx.exe
  C:\Windows\System\tLGzhXx.exe
  2⤵
  PID:4504
- C:\Windows\System\OtClvAO.exe
  C:\Windows\System\OtClvAO.exe
  2⤵
  PID:5368
- C:\Windows\System\BdelOFR.exe
  C:\Windows\System\BdelOFR.exe
  2⤵
  PID:5440
- C:\Windows\System\qkSiXiH.exe
  C:\Windows\System\qkSiXiH.exe
  2⤵
  PID:5660
- C:\Windows\System\leIzZAV.exe
  C:\Windows\System\leIzZAV.exe
  2⤵
  PID:5680
- C:\Windows\System\uzwgyRo.exe
  C:\Windows\System\uzwgyRo.exe
  2⤵
  PID:5924
- C:\Windows\System\dNcEWbD.exe
  C:\Windows\System\dNcEWbD.exe
  2⤵
  PID:4844
- C:\Windows\System\lzkOAOY.exe
  C:\Windows\System\lzkOAOY.exe
  2⤵
  PID:3828
- C:\Windows\System\yEYjrun.exe
  C:\Windows\System\yEYjrun.exe
  2⤵
  PID:6188
- C:\Windows\System\YOYMkcY.exe
  C:\Windows\System\YOYMkcY.exe
  2⤵
  PID:6220
- C:\Windows\System\YcAqnCZ.exe
  C:\Windows\System\YcAqnCZ.exe
  2⤵
  PID:6244
- C:\Windows\System\TDVkhOC.exe
  C:\Windows\System\TDVkhOC.exe
  2⤵
  PID:6288
- C:\Windows\System\iNpdxbS.exe
  C:\Windows\System\iNpdxbS.exe
  2⤵
  PID:6320
- C:\Windows\System\lvEKHpF.exe
  C:\Windows\System\lvEKHpF.exe
  2⤵
  PID:6344
- C:\Windows\System\ptTAKZS.exe
  C:\Windows\System\ptTAKZS.exe
  2⤵
  PID:6388
- C:\Windows\System\EfkKvoj.exe
  C:\Windows\System\EfkKvoj.exe
  2⤵
  PID:6420
- C:\Windows\System\ZYSWbMu.exe
  C:\Windows\System\ZYSWbMu.exe
  2⤵
  PID:6444
- C:\Windows\System\zoIBzkW.exe
  C:\Windows\System\zoIBzkW.exe
  2⤵
  PID:6488
- C:\Windows\System\PYACvSS.exe
  C:\Windows\System\PYACvSS.exe
  2⤵
  PID:6528
- C:\Windows\System\mtZfFlE.exe
  C:\Windows\System\mtZfFlE.exe
  2⤵
  PID:6564
- C:\Windows\System\IkLDTkz.exe
  C:\Windows\System\IkLDTkz.exe
  2⤵
  PID:6592
- C:\Windows\System\svtbajN.exe
  C:\Windows\System\svtbajN.exe
  2⤵
  PID:6624
- C:\Windows\System\KIXWTVZ.exe
  C:\Windows\System\KIXWTVZ.exe
  2⤵
  PID:6648
- C:\Windows\System\ZXJjarw.exe
  C:\Windows\System\ZXJjarw.exe
  2⤵
  PID:6692
- C:\Windows\System\wTPFUhg.exe
  C:\Windows\System\wTPFUhg.exe
  2⤵
  PID:6708
- C:\Windows\System\dzvahiS.exe
  C:\Windows\System\dzvahiS.exe
  2⤵
  PID:6752
- C:\Windows\System\aksnEYF.exe
  C:\Windows\System\aksnEYF.exe
  2⤵
  PID:6804
- C:\Windows\System\iliPbJq.exe
  C:\Windows\System\iliPbJq.exe
  2⤵
  PID:6824
- C:\Windows\System\oooxRyO.exe
  C:\Windows\System\oooxRyO.exe
  2⤵
  PID:6848
- C:\Windows\System\yDjaXNB.exe
  C:\Windows\System\yDjaXNB.exe
  2⤵
  PID:6892
- C:\Windows\System\rbmXhfW.exe
  C:\Windows\System\rbmXhfW.exe
  2⤵
  PID:6908
- C:\Windows\System\bFDNOiV.exe
  C:\Windows\System\bFDNOiV.exe
  2⤵
  PID:6952
- C:\Windows\System\mPxMEfb.exe
  C:\Windows\System\mPxMEfb.exe
  2⤵
  PID:7012
- C:\Windows\System\veQFMFN.exe
  C:\Windows\System\veQFMFN.exe
  2⤵
  PID:7092
- C:\Windows\System\aCvFmUT.exe
  C:\Windows\System\aCvFmUT.exe
  2⤵
  PID:6088
- C:\Windows\System\WrbfDBM.exe
  C:\Windows\System\WrbfDBM.exe
  2⤵
  PID:6180
- C:\Windows\System\DGylNWU.exe
  C:\Windows\System\DGylNWU.exe
  2⤵
  PID:6268
- C:\Windows\System\YPMCLVg.exe
  C:\Windows\System\YPMCLVg.exe
  2⤵
  PID:6304
- C:\Windows\System\OrczVLV.exe
  C:\Windows\System\OrczVLV.exe
  2⤵
  PID:6308
- C:\Windows\System\LRtTKat.exe
  C:\Windows\System\LRtTKat.exe
  2⤵
  PID:6364
- C:\Windows\System\oMEeJkF.exe
  C:\Windows\System\oMEeJkF.exe
  2⤵
  PID:6424
- C:\Windows\System\HxvvTrw.exe
  C:\Windows\System\HxvvTrw.exe
  2⤵
  PID:6548
- C:\Windows\System\zQRYbmj.exe
  C:\Windows\System\zQRYbmj.exe
  2⤵
  PID:876
- C:\Windows\System\zLYWMuy.exe
  C:\Windows\System\zLYWMuy.exe
  2⤵
  PID:6612
- C:\Windows\System\sitwqzR.exe
  C:\Windows\System\sitwqzR.exe
  2⤵
  PID:6652
- C:\Windows\System\OPTpNoP.exe
  C:\Windows\System\OPTpNoP.exe
  2⤵
  PID:6764
- C:\Windows\System\sRPfvnY.exe
  C:\Windows\System\sRPfvnY.exe
  2⤵
  PID:6788
- C:\Windows\System\kmMeBlr.exe
  C:\Windows\System\kmMeBlr.exe
  2⤵
  PID:6868
- C:\Windows\System\yMPnnUn.exe
  C:\Windows\System\yMPnnUn.exe
  2⤵
  PID:6852
- C:\Windows\System\aYKnlws.exe
  C:\Windows\System\aYKnlws.exe
  2⤵
  PID:6968
- C:\Windows\System\ZmvjNfS.exe
  C:\Windows\System\ZmvjNfS.exe
  2⤵
  PID:2476
- C:\Windows\System\GSXDOkc.exe
  C:\Windows\System\GSXDOkc.exe
  2⤵
  PID:6844
- C:\Windows\System\CUNGDdt.exe
  C:\Windows\System\CUNGDdt.exe
  2⤵
  PID:2124
- C:\Windows\System\CEbtzvY.exe
  C:\Windows\System\CEbtzvY.exe
  2⤵
  PID:2920
- C:\Windows\System\RHabARL.exe
  C:\Windows\System\RHabARL.exe
  2⤵
  PID:2824
- C:\Windows\System\QntFVEO.exe
  C:\Windows\System\QntFVEO.exe
  2⤵
  PID:2320
- C:\Windows\System\DPvzAUP.exe
  C:\Windows\System\DPvzAUP.exe
  2⤵
  PID:2708
- C:\Windows\System\TWgtrnz.exe
  C:\Windows\System\TWgtrnz.exe
  2⤵
  PID:1588
- C:\Windows\System\ywjVOzA.exe
  C:\Windows\System\ywjVOzA.exe
  2⤵
  PID:588
- C:\Windows\System\PZeSYEi.exe
  C:\Windows\System\PZeSYEi.exe
  2⤵
  PID:2080
- C:\Windows\System\Oguuynu.exe
  C:\Windows\System\Oguuynu.exe
  2⤵
  PID:776
- C:\Windows\System\fCCiglN.exe
  C:\Windows\System\fCCiglN.exe
  2⤵
  PID:6248
- C:\Windows\System\ygrovdP.exe
  C:\Windows\System\ygrovdP.exe
  2⤵
  PID:6672
- C:\Windows\System\SycHzds.exe
  C:\Windows\System\SycHzds.exe
  2⤵
  PID:6944
- C:\Windows\System\qLbEzaq.exe
  C:\Windows\System\qLbEzaq.exe
  2⤵
  PID:6400
- C:\Windows\System\GJvOfid.exe
  C:\Windows\System\GJvOfid.exe
  2⤵
  PID:2996
- C:\Windows\System\OQlwqec.exe
  C:\Windows\System\OQlwqec.exe
  2⤵
  PID:6784
- C:\Windows\System\suKzxCT.exe
  C:\Windows\System\suKzxCT.exe
  2⤵
  PID:6704
- C:\Windows\System\IxilstX.exe
  C:\Windows\System\IxilstX.exe
  2⤵
  PID:6724
- C:\Windows\System\BISezZS.exe
  C:\Windows\System\BISezZS.exe
  2⤵
  PID:6884
- C:\Windows\System\xXazyZZ.exe
  C:\Windows\System\xXazyZZ.exe
  2⤵
  PID:3052
- C:\Windows\System\ozIPzos.exe
  C:\Windows\System\ozIPzos.exe
  2⤵
  PID:2936
- C:\Windows\System\PklbKpv.exe
  C:\Windows\System\PklbKpv.exe
  2⤵
  PID:2896
- C:\Windows\System\muBRIxC.exe
  C:\Windows\System\muBRIxC.exe
  2⤵
  PID:6460
- C:\Windows\System\VVrSTFX.exe
  C:\Windows\System\VVrSTFX.exe
  2⤵
  PID:6264
- C:\Windows\System\CvHzooa.exe
  C:\Windows\System\CvHzooa.exe
  2⤵
  PID:6504
- C:\Windows\System\hThiVTR.exe
  C:\Windows\System\hThiVTR.exe
  2⤵
  PID:7028
- C:\Windows\System\ZwSeFkF.exe
  C:\Windows\System\ZwSeFkF.exe
  2⤵
  PID:6524
- C:\Windows\System\KgFILSt.exe
  C:\Windows\System\KgFILSt.exe
  2⤵
  PID:6584
- C:\Windows\System\XqueiDN.exe
  C:\Windows\System\XqueiDN.exe
  2⤵
  PID:2832
- C:\Windows\System\THoBzyU.exe
  C:\Windows\System\THoBzyU.exe
  2⤵
  PID:2720
- C:\Windows\System\ghEiNya.exe
  C:\Windows\System\ghEiNya.exe
  2⤵
  PID:7052
- C:\Windows\System\LoNlvEx.exe
  C:\Windows\System\LoNlvEx.exe
  2⤵
  PID:6224
- C:\Windows\System\vwEjksU.exe
  C:\Windows\System\vwEjksU.exe
  2⤵
  PID:6128
- C:\Windows\System\txmCpaL.exe
  C:\Windows\System\txmCpaL.exe
  2⤵
  PID:2144
- C:\Windows\System\FIoUNFg.exe
  C:\Windows\System\FIoUNFg.exe
  2⤵
  PID:7184
- C:\Windows\System\guMTOsh.exe
  C:\Windows\System\guMTOsh.exe
  2⤵
  PID:7200
- C:\Windows\System\sJXwxto.exe
  C:\Windows\System\sJXwxto.exe
  2⤵
  PID:7216
- C:\Windows\System\JSlGgSV.exe
  C:\Windows\System\JSlGgSV.exe
  2⤵
  PID:7236
- C:\Windows\System\IAvBNSj.exe
  C:\Windows\System\IAvBNSj.exe
  2⤵
  PID:7256
- C:\Windows\System\QkfkyIn.exe
  C:\Windows\System\QkfkyIn.exe
  2⤵
  PID:7276
- C:\Windows\System\mHcVzjP.exe
  C:\Windows\System\mHcVzjP.exe
  2⤵
  PID:7292
- C:\Windows\System\gnQNTCi.exe
  C:\Windows\System\gnQNTCi.exe
  2⤵
  PID:7312
- C:\Windows\System\OrknFNB.exe
  C:\Windows\System\OrknFNB.exe
  2⤵
  PID:7328
- C:\Windows\System\HWTpOTx.exe
  C:\Windows\System\HWTpOTx.exe
  2⤵
  PID:7348
- C:\Windows\System\GvhCiCH.exe
  C:\Windows\System\GvhCiCH.exe
  2⤵
  PID:7364
- C:\Windows\System\IbarkhM.exe
  C:\Windows\System\IbarkhM.exe
  2⤵
  PID:7384
- C:\Windows\System\zSDQZVP.exe
  C:\Windows\System\zSDQZVP.exe
  2⤵
  PID:7404
- C:\Windows\System\widrgUT.exe
  C:\Windows\System\widrgUT.exe
  2⤵
  PID:7420
- C:\Windows\System\GUvvIJN.exe
  C:\Windows\System\GUvvIJN.exe
  2⤵
  PID:7440
- C:\Windows\System\QjgrHvQ.exe
  C:\Windows\System\QjgrHvQ.exe
  2⤵
  PID:7460
- C:\Windows\System\AGFKePT.exe
  C:\Windows\System\AGFKePT.exe
  2⤵
  PID:7552
- C:\Windows\System\JWCwdTK.exe
  C:\Windows\System\JWCwdTK.exe
  2⤵
  PID:7588
- C:\Windows\System\UjsiXWi.exe
  C:\Windows\System\UjsiXWi.exe
  2⤵
  PID:7604
- C:\Windows\System\IsHqYoj.exe
  C:\Windows\System\IsHqYoj.exe
  2⤵
  PID:7620
- C:\Windows\System\jcACCTH.exe
  C:\Windows\System\jcACCTH.exe
  2⤵
  PID:7636
- C:\Windows\System\CVxTfdL.exe
  C:\Windows\System\CVxTfdL.exe
  2⤵
  PID:7652
- C:\Windows\System\lEABcxG.exe
  C:\Windows\System\lEABcxG.exe
  2⤵
  PID:7668
- C:\Windows\System\kdHZXIi.exe
  C:\Windows\System\kdHZXIi.exe
  2⤵
  PID:7684
- C:\Windows\System\AMpNiDt.exe
  C:\Windows\System\AMpNiDt.exe
  2⤵
  PID:7700
- C:\Windows\System\medRqok.exe
  C:\Windows\System\medRqok.exe
  2⤵
  PID:7716
- C:\Windows\System\OzgWToz.exe
  C:\Windows\System\OzgWToz.exe
  2⤵
  PID:7732
- C:\Windows\System\EFcJcwK.exe
  C:\Windows\System\EFcJcwK.exe
  2⤵
  PID:7748
- C:\Windows\System\iWGtIDP.exe
  C:\Windows\System\iWGtIDP.exe
  2⤵
  PID:7764
- C:\Windows\System\iUUhiuV.exe
  C:\Windows\System\iUUhiuV.exe
  2⤵
  PID:7780
- C:\Windows\System\RjyyrzV.exe
  C:\Windows\System\RjyyrzV.exe
  2⤵
  PID:7796
- C:\Windows\System\FbcwAPu.exe
  C:\Windows\System\FbcwAPu.exe
  2⤵
  PID:7812
- C:\Windows\System\IKksUgM.exe
  C:\Windows\System\IKksUgM.exe
  2⤵
  PID:7828
- C:\Windows\System\TxtZcKn.exe
  C:\Windows\System\TxtZcKn.exe
  2⤵
  PID:7844
- C:\Windows\System\gbegWUa.exe
  C:\Windows\System\gbegWUa.exe
  2⤵
  PID:7860
- C:\Windows\System\XOtIQJB.exe
  C:\Windows\System\XOtIQJB.exe
  2⤵
  PID:7876
- C:\Windows\System\zZobGbS.exe
  C:\Windows\System\zZobGbS.exe
  2⤵
  PID:7892
- C:\Windows\System\nYTlTwI.exe
  C:\Windows\System\nYTlTwI.exe
  2⤵
  PID:7908
- C:\Windows\System\eHrAJve.exe
  C:\Windows\System\eHrAJve.exe
  2⤵
  PID:7924
- C:\Windows\System\OElHQYx.exe
  C:\Windows\System\OElHQYx.exe
  2⤵
  PID:7944
- C:\Windows\System\lCoUSqb.exe
  C:\Windows\System\lCoUSqb.exe
  2⤵
  PID:7960
- C:\Windows\System\FSYNjlv.exe
  C:\Windows\System\FSYNjlv.exe
  2⤵
  PID:7976
- C:\Windows\System\sjnfHVo.exe
  C:\Windows\System\sjnfHVo.exe
  2⤵
  PID:7996
- C:\Windows\System\kBWGEqk.exe
  C:\Windows\System\kBWGEqk.exe
  2⤵
  PID:8016
- C:\Windows\System\ZOwCFQv.exe
  C:\Windows\System\ZOwCFQv.exe
  2⤵
  PID:8032
- C:\Windows\System\UePolsc.exe
  C:\Windows\System\UePolsc.exe
  2⤵
  PID:8048
- C:\Windows\System\SVSmxeu.exe
  C:\Windows\System\SVSmxeu.exe
  2⤵
  PID:8068
- C:\Windows\System\rpQyyac.exe
  C:\Windows\System\rpQyyac.exe
  2⤵
  PID:8084
- C:\Windows\System\qlKFsOd.exe
  C:\Windows\System\qlKFsOd.exe
  2⤵
  PID:8100
- C:\Windows\System\sjeVDdV.exe
  C:\Windows\System\sjeVDdV.exe
  2⤵
  PID:8116
- C:\Windows\System\mXSoCbB.exe
  C:\Windows\System\mXSoCbB.exe
  2⤵
  PID:8132
- C:\Windows\System\qUqHACM.exe
  C:\Windows\System\qUqHACM.exe
  2⤵
  PID:8148
- C:\Windows\System\UTfUhSq.exe
  C:\Windows\System\UTfUhSq.exe
  2⤵
  PID:8164
- C:\Windows\System\YOlpXVF.exe
  C:\Windows\System\YOlpXVF.exe
  2⤵
  PID:8180
- C:\Windows\System\sAxLJJm.exe
  C:\Windows\System\sAxLJJm.exe
  2⤵
  PID:6632
- C:\Windows\System\cymtLSG.exe
  C:\Windows\System\cymtLSG.exe
  2⤵
  PID:2748
- C:\Windows\System\CFdOKJG.exe
  C:\Windows\System\CFdOKJG.exe
  2⤵
  PID:2736
- C:\Windows\System\agQtury.exe
  C:\Windows\System\agQtury.exe
  2⤵
  PID:7224
- C:\Windows\System\QPUFZOA.exe
  C:\Windows\System\QPUFZOA.exe
  2⤵
  PID:2688
- C:\Windows\System\WVoNmoL.exe
  C:\Windows\System\WVoNmoL.exe
  2⤵
  PID:2456
- C:\Windows\System\IwWWAjc.exe
  C:\Windows\System\IwWWAjc.exe
  2⤵
  PID:7304
- C:\Windows\System\pjedqOo.exe
  C:\Windows\System\pjedqOo.exe
  2⤵
  PID:7172
- C:\Windows\System\tHbEUSr.exe
  C:\Windows\System\tHbEUSr.exe
  2⤵
  PID:6964
- C:\Windows\System\WrmCNTq.exe
  C:\Windows\System\WrmCNTq.exe
  2⤵
  PID:580
- C:\Windows\System\TIllbUk.exe
  C:\Windows\System\TIllbUk.exe
  2⤵
  PID:7372
- C:\Windows\System\qFJGaHg.exe
  C:\Windows\System\qFJGaHg.exe
  2⤵
  PID:7248
- C:\Windows\System\JzsJsMM.exe
  C:\Windows\System\JzsJsMM.exe
  2⤵
  PID:7412
- C:\Windows\System\VMQjgMN.exe
  C:\Windows\System\VMQjgMN.exe
  2⤵
  PID:7416
- C:\Windows\System\WlPaClT.exe
  C:\Windows\System\WlPaClT.exe
  2⤵
  PID:7452
- C:\Windows\System\bvkojKO.exe
  C:\Windows\System\bvkojKO.exe
  2⤵
  PID:7432
- C:\Windows\System\BVqBibT.exe
  C:\Windows\System\BVqBibT.exe
  2⤵
  PID:7504
- C:\Windows\System\YwtbyFv.exe
  C:\Windows\System\YwtbyFv.exe
  2⤵
  PID:7108
- C:\Windows\System\kfDgjTN.exe
  C:\Windows\System\kfDgjTN.exe
  2⤵
  PID:4680
- C:\Windows\System\neVYiDu.exe
  C:\Windows\System\neVYiDu.exe
  2⤵
  PID:5180
- C:\Windows\System\Ljybmni.exe
  C:\Windows\System\Ljybmni.exe
  2⤵
  PID:5888
- C:\Windows\System\nrNzrLO.exe
  C:\Windows\System\nrNzrLO.exe
  2⤵
  PID:5764
- C:\Windows\System\OMWNQHQ.exe
  C:\Windows\System\OMWNQHQ.exe
  2⤵
  PID:2496
- C:\Windows\System\Deuhtkn.exe
  C:\Windows\System\Deuhtkn.exe
  2⤵
  PID:6912
- C:\Windows\System\hVnWDIl.exe
  C:\Windows\System\hVnWDIl.exe
  2⤵
  PID:2644
- C:\Windows\System\xaHOPji.exe
  C:\Windows\System\xaHOPji.exe
  2⤵
  PID:2152
- C:\Windows\System\ychXsHu.exe
  C:\Windows\System\ychXsHu.exe
  2⤵
  PID:1628
- C:\Windows\System\ceojXdB.exe
  C:\Windows\System\ceojXdB.exe
  2⤵
  PID:2432
- C:\Windows\System\uIulcDv.exe
  C:\Windows\System\uIulcDv.exe
  2⤵
  PID:1916
- C:\Windows\System\qXlKWFW.exe
  C:\Windows\System\qXlKWFW.exe
  2⤵
  PID:7548
- C:\Windows\System\HQOYGTl.exe
  C:\Windows\System\HQOYGTl.exe
  2⤵
  PID:7572
- C:\Windows\System\slsDzyT.exe
  C:\Windows\System\slsDzyT.exe
  2⤵
  PID:7600
- C:\Windows\System\PJBPGrt.exe
  C:\Windows\System\PJBPGrt.exe
  2⤵
  PID:7664
- C:\Windows\System\iRGNOZf.exe
  C:\Windows\System\iRGNOZf.exe
  2⤵
  PID:7644
- C:\Windows\System\oACFXsQ.exe
  C:\Windows\System\oACFXsQ.exe
  2⤵
  PID:7708
- C:\Windows\System\oFMeIHb.exe
  C:\Windows\System\oFMeIHb.exe
  2⤵
  PID:7772
- C:\Windows\System\ucKdyhz.exe
  C:\Windows\System\ucKdyhz.exe
  2⤵
  PID:7728
- C:\Windows\System\lckSOZp.exe
  C:\Windows\System\lckSOZp.exe
  2⤵
  PID:7692
- C:\Windows\System\WiRNkuh.exe
  C:\Windows\System\WiRNkuh.exe
  2⤵
  PID:7788
- C:\Windows\System\EFPvHrs.exe
  C:\Windows\System\EFPvHrs.exe
  2⤵
  PID:7808
- C:\Windows\System\VhhCHBp.exe
  C:\Windows\System\VhhCHBp.exe
  2⤵
  PID:7872
- C:\Windows\System\DIsMvUW.exe
  C:\Windows\System\DIsMvUW.exe
  2⤵
  PID:7920
- C:\Windows\System\zggHIWA.exe
  C:\Windows\System\zggHIWA.exe
  2⤵
  PID:8028
- C:\Windows\System\hBVdZqh.exe
  C:\Windows\System\hBVdZqh.exe
  2⤵
  PID:8056
- C:\Windows\System\eeOzzCK.exe
  C:\Windows\System\eeOzzCK.exe
  2⤵
  PID:7940
- C:\Windows\System\qoSVzPM.exe
  C:\Windows\System\qoSVzPM.exe
  2⤵
  PID:8096
- C:\Windows\System\zhNneGz.exe
  C:\Windows\System\zhNneGz.exe
  2⤵
  PID:8040
- C:\Windows\System\tCCagKh.exe
  C:\Windows\System\tCCagKh.exe
  2⤵
  PID:8128
- C:\Windows\System\ZlHZNxu.exe
  C:\Windows\System\ZlHZNxu.exe
  2⤵
  PID:8156
- C:\Windows\System\qVkqARG.exe
  C:\Windows\System\qVkqARG.exe
  2⤵
  PID:8188
- C:\Windows\System\ddZZgkS.exe
  C:\Windows\System\ddZZgkS.exe
  2⤵
  PID:6668
- C:\Windows\System\ahywtox.exe
  C:\Windows\System\ahywtox.exe
  2⤵
  PID:7308
- C:\Windows\System\MzRIuLR.exe
  C:\Windows\System\MzRIuLR.exe
  2⤵
  PID:7180
- C:\Windows\System\kqIolgr.exe
  C:\Windows\System\kqIolgr.exe
  2⤵
  PID:6240
- C:\Windows\System\MpGEpkn.exe
  C:\Windows\System\MpGEpkn.exe
  2⤵
  PID:7252
- C:\Windows\System\IyvUIoh.exe
  C:\Windows\System\IyvUIoh.exe
  2⤵
  PID:7448
- C:\Windows\System\PJnbzZf.exe
  C:\Windows\System\PJnbzZf.exe
  2⤵
  PID:7360
- C:\Windows\System\OiggRiw.exe
  C:\Windows\System\OiggRiw.exe
  2⤵
  PID:5640
- C:\Windows\System\dYZQsMY.exe
  C:\Windows\System\dYZQsMY.exe
  2⤵
  PID:7468
- C:\Windows\System\CgWpuZI.exe
  C:\Windows\System\CgWpuZI.exe
  2⤵
  PID:5564
- C:\Windows\System\tGHRhTr.exe
  C:\Windows\System\tGHRhTr.exe
  2⤵
  PID:2032
- C:\Windows\System\vCIravt.exe
  C:\Windows\System\vCIravt.exe
  2⤵
  PID:1448
- C:\Windows\System\WOJpAph.exe
  C:\Windows\System\WOJpAph.exe
  2⤵
  PID:108
- C:\Windows\System\QhJJriN.exe
  C:\Windows\System\QhJJriN.exe
  2⤵
  PID:7568
- C:\Windows\System\CyARwgQ.exe
  C:\Windows\System\CyARwgQ.exe
  2⤵
  PID:7680
- C:\Windows\System\frfqLAN.exe
  C:\Windows\System\frfqLAN.exe
  2⤵
  PID:7776
- C:\Windows\System\MwgejmL.exe
  C:\Windows\System\MwgejmL.exe
  2⤵
  PID:7544
- C:\Windows\System\ClXMOqO.exe
  C:\Windows\System\ClXMOqO.exe
  2⤵
  PID:7840
- C:\Windows\System\mMctbjD.exe
  C:\Windows\System\mMctbjD.exe
  2⤵
  PID:7884
- C:\Windows\System\vCHhtIX.exe
  C:\Windows\System\vCHhtIX.exe
  2⤵
  PID:7744
- C:\Windows\System\UsAblDN.exe
  C:\Windows\System\UsAblDN.exe
  2⤵
  PID:7916
- C:\Windows\System\UeoRJOQ.exe
  C:\Windows\System\UeoRJOQ.exe
  2⤵
  PID:7968
- C:\Windows\System\mcPAOok.exe
  C:\Windows\System\mcPAOok.exe
  2⤵
  PID:8092
- C:\Windows\System\OeHaGkX.exe
  C:\Windows\System\OeHaGkX.exe
  2⤵
  PID:8112
- C:\Windows\System\wncCeYM.exe
  C:\Windows\System\wncCeYM.exe
  2⤵
  PID:8108
- C:\Windows\System\cdwbhJS.exe
  C:\Windows\System\cdwbhJS.exe
  2⤵
  PID:8176
- C:\Windows\System\XvwSLhV.exe
  C:\Windows\System\XvwSLhV.exe
  2⤵
  PID:7288
- C:\Windows\System\mdfYXfL.exe
  C:\Windows\System\mdfYXfL.exe
  2⤵
  PID:5228
- C:\Windows\System\vYdeFIF.exe
  C:\Windows\System\vYdeFIF.exe
  2⤵
  PID:2104
- C:\Windows\System\MJsZfMF.exe
  C:\Windows\System\MJsZfMF.exe
  2⤵
  PID:7396
- C:\Windows\System\wcuKWzm.exe
  C:\Windows\System\wcuKWzm.exe
  2⤵
  PID:7564
- C:\Windows\System\TmGkLfI.exe
  C:\Windows\System\TmGkLfI.exe
  2⤵
  PID:7616
- C:\Windows\System\nBFtxWH.exe
  C:\Windows\System\nBFtxWH.exe
  2⤵
  PID:7992
- C:\Windows\System\vUfimZZ.exe
  C:\Windows\System\vUfimZZ.exe
  2⤵
  PID:6104
- C:\Windows\System\SKuXhZF.exe
  C:\Windows\System\SKuXhZF.exe
  2⤵
  PID:7868
- C:\Windows\System\fWaPOnF.exe
  C:\Windows\System\fWaPOnF.exe
  2⤵
  PID:8064
- C:\Windows\System\lATkUFP.exe
  C:\Windows\System\lATkUFP.exe
  2⤵
  PID:7660
- C:\Windows\System\zsKyGCt.exe
  C:\Windows\System\zsKyGCt.exe
  2⤵
  PID:7540
- C:\Windows\System\owsKHnw.exe
  C:\Windows\System\owsKHnw.exe
  2⤵
  PID:6812
- C:\Windows\System\xNrQJen.exe
  C:\Windows\System\xNrQJen.exe
  2⤵
  PID:7340
- C:\Windows\System\CZDojQd.exe
  C:\Windows\System\CZDojQd.exe
  2⤵
  PID:8008
- C:\Windows\System\aXKcLuc.exe
  C:\Windows\System\aXKcLuc.exe
  2⤵
  PID:7824
- C:\Windows\System\yhWQEel.exe
  C:\Windows\System\yhWQEel.exe
  2⤵
  PID:7888
- C:\Windows\System\eNxWUMx.exe
  C:\Windows\System\eNxWUMx.exe
  2⤵
  PID:7072
- C:\Windows\System\qtUwrnd.exe
  C:\Windows\System\qtUwrnd.exe
  2⤵
  PID:7068
- C:\Windows\System\jwVmbzJ.exe
  C:\Windows\System\jwVmbzJ.exe
  2⤵
  PID:8124
- C:\Windows\System\JAGSaha.exe
  C:\Windows\System\JAGSaha.exe
  2⤵
  PID:7852
- C:\Windows\System\VWdDGVa.exe
  C:\Windows\System\VWdDGVa.exe
  2⤵
  PID:2216
- C:\Windows\System\mAGKkun.exe
  C:\Windows\System\mAGKkun.exe
  2⤵
  PID:8212
- C:\Windows\System\yUzADXo.exe
  C:\Windows\System\yUzADXo.exe
  2⤵
  PID:8232
- C:\Windows\System\nswxImZ.exe
  C:\Windows\System\nswxImZ.exe
  2⤵
  PID:8252
- C:\Windows\System\yDygqsB.exe
  C:\Windows\System\yDygqsB.exe
  2⤵
  PID:8268
- C:\Windows\System\qqqQyIV.exe
  C:\Windows\System\qqqQyIV.exe
  2⤵
  PID:8284
- C:\Windows\System\QRtkAto.exe
  C:\Windows\System\QRtkAto.exe
  2⤵
  PID:8300
- C:\Windows\System\fcpFnen.exe
  C:\Windows\System\fcpFnen.exe
  2⤵
  PID:8316
- C:\Windows\System\COpCjMZ.exe
  C:\Windows\System\COpCjMZ.exe
  2⤵
  PID:8332
- C:\Windows\System\gdTeQcB.exe
  C:\Windows\System\gdTeQcB.exe
  2⤵
  PID:8352
- C:\Windows\System\OtSEAqi.exe
  C:\Windows\System\OtSEAqi.exe
  2⤵
  PID:8376
- C:\Windows\System\VwpKDdb.exe
  C:\Windows\System\VwpKDdb.exe
  2⤵
  PID:8392
- C:\Windows\System\OhiqSvc.exe
  C:\Windows\System\OhiqSvc.exe
  2⤵
  PID:8408
- C:\Windows\System\SmDqwDD.exe
  C:\Windows\System\SmDqwDD.exe
  2⤵
  PID:8424
- C:\Windows\System\IsHmFlW.exe
  C:\Windows\System\IsHmFlW.exe
  2⤵
  PID:8440
- C:\Windows\System\gxtwRSc.exe
  C:\Windows\System\gxtwRSc.exe
  2⤵
  PID:8460
- C:\Windows\System\xXPUuEB.exe
  C:\Windows\System\xXPUuEB.exe
  2⤵
  PID:8476
- C:\Windows\System\PPoOlrS.exe
  C:\Windows\System\PPoOlrS.exe
  2⤵
  PID:8492
- C:\Windows\System\MFglteq.exe
  C:\Windows\System\MFglteq.exe
  2⤵
  PID:8508
- C:\Windows\System\tFiFJVG.exe
  C:\Windows\System\tFiFJVG.exe
  2⤵
  PID:8524
- C:\Windows\System\ZvhWaSC.exe
  C:\Windows\System\ZvhWaSC.exe
  2⤵
  PID:8540
- C:\Windows\System\bFosyIy.exe
  C:\Windows\System\bFosyIy.exe
  2⤵
  PID:8556
- C:\Windows\System\hqaUbQO.exe
  C:\Windows\System\hqaUbQO.exe
  2⤵
  PID:8572
- C:\Windows\System\Ljgfivw.exe
  C:\Windows\System\Ljgfivw.exe
  2⤵
  PID:8588
- C:\Windows\System\wAcFxcq.exe
  C:\Windows\System\wAcFxcq.exe
  2⤵
  PID:8604
- C:\Windows\System\ZXajUfM.exe
  C:\Windows\System\ZXajUfM.exe
  2⤵
  PID:8624
- C:\Windows\System\oWHnukB.exe
  C:\Windows\System\oWHnukB.exe
  2⤵
  PID:8644
- C:\Windows\System\hMOabwB.exe
  C:\Windows\System\hMOabwB.exe
  2⤵
  PID:8664
- C:\Windows\System\FMSPYav.exe
  C:\Windows\System\FMSPYav.exe
  2⤵
  PID:8680
- C:\Windows\System\fVYoMUK.exe
  C:\Windows\System\fVYoMUK.exe
  2⤵
  PID:8696
- C:\Windows\System\eEocDVg.exe
  C:\Windows\System\eEocDVg.exe
  2⤵
  PID:8712
- C:\Windows\System\XOUlIHd.exe
  C:\Windows\System\XOUlIHd.exe
  2⤵
  PID:8728
- C:\Windows\System\hEpBcOs.exe
  C:\Windows\System\hEpBcOs.exe
  2⤵
  PID:8744
- C:\Windows\System\sjpPXFx.exe
  C:\Windows\System\sjpPXFx.exe
  2⤵
  PID:8760
- C:\Windows\System\prKKgJc.exe
  C:\Windows\System\prKKgJc.exe
  2⤵
  PID:8776
- C:\Windows\System\GLyhxpq.exe
  C:\Windows\System\GLyhxpq.exe
  2⤵
  PID:8792
- C:\Windows\System\WncNYVT.exe
  C:\Windows\System\WncNYVT.exe
  2⤵
  PID:8808
- C:\Windows\System\sNqTAXJ.exe
  C:\Windows\System\sNqTAXJ.exe
  2⤵
  PID:8824
- C:\Windows\System\FjuVUiF.exe
  C:\Windows\System\FjuVUiF.exe
  2⤵
  PID:8840
- C:\Windows\System\WRsKucr.exe
  C:\Windows\System\WRsKucr.exe
  2⤵
  PID:8860
- C:\Windows\System\qbkTtrv.exe
  C:\Windows\System\qbkTtrv.exe
  2⤵
  PID:8880
- C:\Windows\System\RqCPkGx.exe
  C:\Windows\System\RqCPkGx.exe
  2⤵
  PID:8896
- C:\Windows\System\BePfhZe.exe
  C:\Windows\System\BePfhZe.exe
  2⤵
  PID:8912
- C:\Windows\System\zLObRKG.exe
  C:\Windows\System\zLObRKG.exe
  2⤵
  PID:8928
- C:\Windows\System\BSUVubR.exe
  C:\Windows\System\BSUVubR.exe
  2⤵
  PID:8944
- C:\Windows\System\FojLipP.exe
  C:\Windows\System\FojLipP.exe
  2⤵
  PID:8960
- C:\Windows\System\SbbuUAh.exe
  C:\Windows\System\SbbuUAh.exe
  2⤵
  PID:8976
- C:\Windows\System\eFeSHyT.exe
  C:\Windows\System\eFeSHyT.exe
  2⤵
  PID:8992
- C:\Windows\System\jNgrFEH.exe
  C:\Windows\System\jNgrFEH.exe
  2⤵
  PID:9008
- C:\Windows\System\LzufCiJ.exe
  C:\Windows\System\LzufCiJ.exe
  2⤵
  PID:9024
- C:\Windows\System\uqyuJGv.exe
  C:\Windows\System\uqyuJGv.exe
  2⤵
  PID:9040
- C:\Windows\System\SUIcboV.exe
  C:\Windows\System\SUIcboV.exe
  2⤵
  PID:9060
- C:\Windows\System\ZsiXosE.exe
  C:\Windows\System\ZsiXosE.exe
  2⤵
  PID:9076
- C:\Windows\System\rgXNniq.exe
  C:\Windows\System\rgXNniq.exe
  2⤵
  PID:9092
- C:\Windows\System\CBQEaNm.exe
  C:\Windows\System\CBQEaNm.exe
  2⤵
  PID:9120
- C:\Windows\System\KkGRFom.exe
  C:\Windows\System\KkGRFom.exe
  2⤵
  PID:9136
- C:\Windows\System\VSzXZAX.exe
  C:\Windows\System\VSzXZAX.exe
  2⤵
  PID:9152
- C:\Windows\System\XlouRBm.exe
  C:\Windows\System\XlouRBm.exe
  2⤵
  PID:8240
- C:\Windows\System\kiJPQjc.exe
  C:\Windows\System\kiJPQjc.exe
  2⤵
  PID:7272
- C:\Windows\System\zcVLcdT.exe
  C:\Windows\System\zcVLcdT.exe
  2⤵
  PID:8368
- C:\Windows\System\bPwCCPx.exe
  C:\Windows\System\bPwCCPx.exe
  2⤵
  PID:8360
- C:\Windows\System\ZDnOWhk.exe
  C:\Windows\System\ZDnOWhk.exe
  2⤵
  PID:8404
- C:\Windows\System\wGyuOGv.exe
  C:\Windows\System\wGyuOGv.exe
  2⤵
  PID:8436
- C:\Windows\System\CMgrzxi.exe
  C:\Windows\System\CMgrzxi.exe
  2⤵
  PID:8500
- C:\Windows\System\PspcEYX.exe
  C:\Windows\System\PspcEYX.exe
  2⤵
  PID:8548
- C:\Windows\System\lOoqsRz.exe
  C:\Windows\System\lOoqsRz.exe
  2⤵
  PID:8584
- C:\Windows\System\DRbhIxk.exe
  C:\Windows\System\DRbhIxk.exe
  2⤵
  PID:8620
- C:\Windows\System\GcftCkr.exe
  C:\Windows\System\GcftCkr.exe
  2⤵
  PID:8688
- C:\Windows\System\OFbafnl.exe
  C:\Windows\System\OFbafnl.exe
  2⤵
  PID:8752
- C:\Windows\System\Vcbweck.exe
  C:\Windows\System\Vcbweck.exe
  2⤵
  PID:8568
- C:\Windows\System\qEaDVJd.exe
  C:\Windows\System\qEaDVJd.exe
  2⤵
  PID:8852
- C:\Windows\System\ScCCaOU.exe
  C:\Windows\System\ScCCaOU.exe
  2⤵
  PID:8768
- C:\Windows\System\LpPTBPS.exe
  C:\Windows\System\LpPTBPS.exe
  2⤵
  PID:8888
- C:\Windows\System\LRxVghy.exe
  C:\Windows\System\LRxVghy.exe
  2⤵
  PID:8952
- C:\Windows\System\nznkxMF.exe
  C:\Windows\System\nznkxMF.exe
  2⤵
  PID:8676
- C:\Windows\System\hBChjVB.exe
  C:\Windows\System\hBChjVB.exe
  2⤵
  PID:8740
- C:\Windows\System\jRsIFsI.exe
  C:\Windows\System\jRsIFsI.exe
  2⤵
  PID:8868
- C:\Windows\System\mVBunQl.exe
  C:\Windows\System\mVBunQl.exe
  2⤵
  PID:8908
- C:\Windows\System\SdrXFhA.exe
  C:\Windows\System\SdrXFhA.exe
  2⤵
  PID:8972
- C:\Windows\System\iLfxYSU.exe
  C:\Windows\System\iLfxYSU.exe
  2⤵
  PID:9016
- C:\Windows\System\EfPAVLY.exe
  C:\Windows\System\EfPAVLY.exe
  2⤵
  PID:9036
- C:\Windows\System\PoCMasG.exe
  C:\Windows\System\PoCMasG.exe
  2⤵
  PID:8988
- C:\Windows\System\NOPUKLl.exe
  C:\Windows\System\NOPUKLl.exe
  2⤵
  PID:9112
- C:\Windows\System\hHWyUxc.exe
  C:\Windows\System\hHWyUxc.exe
  2⤵
  PID:9128
- C:\Windows\System\ovVMuCN.exe
  C:\Windows\System\ovVMuCN.exe
  2⤵
  PID:9148
- C:\Windows\System\xZcyhen.exe
  C:\Windows\System\xZcyhen.exe
  2⤵
  PID:9172
- C:\Windows\System\VVfwdCs.exe
  C:\Windows\System\VVfwdCs.exe
  2⤵
  PID:9200
- C:\Windows\System\AdWYbje.exe
  C:\Windows\System\AdWYbje.exe
  2⤵
  PID:9196
- C:\Windows\System\KjcwnWP.exe
  C:\Windows\System\KjcwnWP.exe
  2⤵
  PID:9116
- C:\Windows\System\TRLDUvt.exe
  C:\Windows\System\TRLDUvt.exe
  2⤵
  PID:8208
- C:\Windows\System\eJZXsul.exe
  C:\Windows\System\eJZXsul.exe
  2⤵
  PID:8296
- C:\Windows\System\vJQrtqA.exe
  C:\Windows\System\vJQrtqA.exe
  2⤵
  PID:7324
- C:\Windows\System\xFifGCp.exe
  C:\Windows\System\xFifGCp.exe
  2⤵
  PID:6132
- C:\Windows\System\sCTlyuy.exe
  C:\Windows\System\sCTlyuy.exe
  2⤵
  PID:7904
- C:\Windows\System\lpqQCIw.exe
  C:\Windows\System\lpqQCIw.exe
  2⤵
  PID:8292
- C:\Windows\System\AGwEixo.exe
  C:\Windows\System\AGwEixo.exe
  2⤵
  PID:8452
- C:\Windows\System\fHzneeN.exe
  C:\Windows\System\fHzneeN.exe
  2⤵
  PID:8432
- C:\Windows\System\KNtTjQH.exe
  C:\Windows\System\KNtTjQH.exe
  2⤵
  PID:8472
- C:\Windows\System\ASbJnra.exe
  C:\Windows\System\ASbJnra.exe
  2⤵
  PID:8724
- C:\Windows\System\UCvVmoO.exe
  C:\Windows\System\UCvVmoO.exe
  2⤵
  PID:8788
- C:\Windows\System\uKgVmnM.exe
  C:\Windows\System\uKgVmnM.exe
  2⤵
  PID:8596
- C:\Windows\System\DLqtgtX.exe
  C:\Windows\System\DLqtgtX.exe
  2⤵
  PID:8920
- C:\Windows\System\EUaVCQq.exe
  C:\Windows\System\EUaVCQq.exe
  2⤵
  PID:8708
- C:\Windows\System\iARuHsO.exe
  C:\Windows\System\iARuHsO.exe
  2⤵
  PID:9068
- C:\Windows\System\mgtymqO.exe
  C:\Windows\System\mgtymqO.exe
  2⤵
  PID:9000
- C:\Windows\System\pzrVlwT.exe
  C:\Windows\System\pzrVlwT.exe
  2⤵
  PID:8276
- C:\Windows\System\GwqRGRs.exe
  C:\Windows\System\GwqRGRs.exe
  2⤵
  PID:8672
- C:\Windows\System\MGzcmEI.exe
  C:\Windows\System\MGzcmEI.exe
  2⤵
  PID:8872
- C:\Windows\System\NJIyIdX.exe
  C:\Windows\System\NJIyIdX.exe
  2⤵
  PID:8600
- C:\Windows\System\VhtnMma.exe
  C:\Windows\System\VhtnMma.exe
  2⤵
  PID:7512
- C:\Windows\System\CnYqQkV.exe
  C:\Windows\System\CnYqQkV.exe
  2⤵
  PID:9192
- C:\Windows\System\wjGIHIH.exe
  C:\Windows\System\wjGIHIH.exe
  2⤵
  PID:8204
- C:\Windows\System\VlmvlpY.exe
  C:\Windows\System\VlmvlpY.exe
  2⤵
  PID:9168
- C:\Windows\System\FAZojeL.exe
  C:\Windows\System\FAZojeL.exe
  2⤵
  PID:8200
- C:\Windows\System\tatJljk.exe
  C:\Windows\System\tatJljk.exe
  2⤵
  PID:7508
- C:\Windows\System\gyJRWgN.exe
  C:\Windows\System\gyJRWgN.exe
  2⤵
  PID:2948
- C:\Windows\System\ByJbjjk.exe
  C:\Windows\System\ByJbjjk.exe
  2⤵
  PID:9164
- C:\Windows\System\JldMGHm.exe
  C:\Windows\System\JldMGHm.exe
  2⤵
  PID:8388
- C:\Windows\System\mKJOXBQ.exe
  C:\Windows\System\mKJOXBQ.exe
  2⤵
  PID:8616
- C:\Windows\System\UJYhJhG.exe
  C:\Windows\System\UJYhJhG.exe
  2⤵
  PID:8804
- C:\Windows\System\tUgNaet.exe
  C:\Windows\System\tUgNaet.exe
  2⤵
  PID:8228
- C:\Windows\System\JBvfakS.exe
  C:\Windows\System\JBvfakS.exe
  2⤵
  PID:8832
- C:\Windows\System\elFEHjI.exe
  C:\Windows\System\elFEHjI.exe
  2⤵
  PID:8580
- C:\Windows\System\uLyOUGj.exe
  C:\Windows\System\uLyOUGj.exe
  2⤵
  PID:9084
- C:\Windows\System\JLBrTwC.exe
  C:\Windows\System\JLBrTwC.exe
  2⤵
  PID:9104
- C:\Windows\System\cSzjnqZ.exe
  C:\Windows\System\cSzjnqZ.exe
  2⤵
  PID:9224
- C:\Windows\System\ajRWBiB.exe
  C:\Windows\System\ajRWBiB.exe
  2⤵
  PID:9240
- C:\Windows\System\DNHTNpZ.exe
  C:\Windows\System\DNHTNpZ.exe
  2⤵
  PID:9256
- C:\Windows\System\ZceWTec.exe
  C:\Windows\System\ZceWTec.exe
  2⤵
  PID:9276
- C:\Windows\System\hMpTwqE.exe
  C:\Windows\System\hMpTwqE.exe
  2⤵
  PID:9296
- C:\Windows\System\kXgAKme.exe
  C:\Windows\System\kXgAKme.exe
  2⤵
  PID:9324
- C:\Windows\System\miCBbwp.exe
  C:\Windows\System\miCBbwp.exe
  2⤵
  PID:9340
- C:\Windows\System\nmOwTHS.exe
  C:\Windows\System\nmOwTHS.exe
  2⤵
  PID:9360
- C:\Windows\System\ACYDntR.exe
  C:\Windows\System\ACYDntR.exe
  2⤵
  PID:9376
- C:\Windows\System\VjellBD.exe
  C:\Windows\System\VjellBD.exe
  2⤵
  PID:9396
- C:\Windows\System\EdUOqqQ.exe
  C:\Windows\System\EdUOqqQ.exe
  2⤵
  PID:9412
- C:\Windows\System\VRhZklm.exe
  C:\Windows\System\VRhZklm.exe
  2⤵
  PID:9460
- C:\Windows\System\nAJRcWc.exe
  C:\Windows\System\nAJRcWc.exe
  2⤵
  PID:9532
- C:\Windows\System\IeRPMVT.exe
  C:\Windows\System\IeRPMVT.exe
  2⤵
  PID:9548
- C:\Windows\System\Eifwius.exe
  C:\Windows\System\Eifwius.exe
  2⤵
  PID:9568
- C:\Windows\System\mQpdDCd.exe
  C:\Windows\System\mQpdDCd.exe
  2⤵
  PID:9588
- C:\Windows\System\cgwFtVK.exe
  C:\Windows\System\cgwFtVK.exe
  2⤵
  PID:9608
- C:\Windows\System\AtSYgmr.exe
  C:\Windows\System\AtSYgmr.exe
  2⤵
  PID:9632
- C:\Windows\System\EhaYkCI.exe
  C:\Windows\System\EhaYkCI.exe
  2⤵
  PID:9668
- C:\Windows\System\jHkmyts.exe
  C:\Windows\System\jHkmyts.exe
  2⤵
  PID:9700
- C:\Windows\System\QVTtTtn.exe
  C:\Windows\System\QVTtTtn.exe
  2⤵
  PID:9716
- C:\Windows\System\SQvVtjA.exe
  C:\Windows\System\SQvVtjA.exe
  2⤵
  PID:9732
- C:\Windows\System\BwAHGKn.exe
  C:\Windows\System\BwAHGKn.exe
  2⤵
  PID:9748
- C:\Windows\System\cBbCifK.exe
  C:\Windows\System\cBbCifK.exe
  2⤵
  PID:9764
- C:\Windows\System\XDPvmkn.exe
  C:\Windows\System\XDPvmkn.exe
  2⤵
  PID:9780
- C:\Windows\System\xfEIXYP.exe
  C:\Windows\System\xfEIXYP.exe
  2⤵
  PID:9796
- C:\Windows\System\sxNAmgM.exe
  C:\Windows\System\sxNAmgM.exe
  2⤵
  PID:9812
- C:\Windows\System\TUZMfXy.exe
  C:\Windows\System\TUZMfXy.exe
  2⤵
  PID:9828
- C:\Windows\System\aqhKHEy.exe
  C:\Windows\System\aqhKHEy.exe
  2⤵
  PID:9844
- C:\Windows\System\gtPZAUs.exe
  C:\Windows\System\gtPZAUs.exe
  2⤵
  PID:9860
- C:\Windows\System\zhthOVc.exe
  C:\Windows\System\zhthOVc.exe
  2⤵
  PID:9884
- C:\Windows\System\jpJwvLI.exe
  C:\Windows\System\jpJwvLI.exe
  2⤵
  PID:9900
- C:\Windows\System\lsLcxbN.exe
  C:\Windows\System\lsLcxbN.exe
  2⤵
  PID:9996
- C:\Windows\System\PueUoZl.exe
  C:\Windows\System\PueUoZl.exe
  2⤵
  PID:10020
- C:\Windows\System\VgldVjO.exe
  C:\Windows\System\VgldVjO.exe
  2⤵
  PID:10036
- C:\Windows\System\BveOLSE.exe
  C:\Windows\System\BveOLSE.exe
  2⤵
  PID:10052
- C:\Windows\System\ymvoCpG.exe
  C:\Windows\System\ymvoCpG.exe
  2⤵
  PID:10068
- C:\Windows\System\XDAzBIJ.exe
  C:\Windows\System\XDAzBIJ.exe
  2⤵
  PID:10088
- C:\Windows\System\XEbdvwT.exe
  C:\Windows\System\XEbdvwT.exe
  2⤵
  PID:10108
- C:\Windows\System\odnhYWt.exe
  C:\Windows\System\odnhYWt.exe
  2⤵
  PID:10124
- C:\Windows\System\CuOgybE.exe
  C:\Windows\System\CuOgybE.exe
  2⤵
  PID:10140
- C:\Windows\System\sgddQTI.exe
  C:\Windows\System\sgddQTI.exe
  2⤵
  PID:10156
- C:\Windows\System\KcLgeDb.exe
  C:\Windows\System\KcLgeDb.exe
  2⤵
  PID:10172
- C:\Windows\System\NrQfkQP.exe
  C:\Windows\System\NrQfkQP.exe
  2⤵
  PID:10188
- C:\Windows\System\xsWyXsi.exe
  C:\Windows\System\xsWyXsi.exe
  2⤵
  PID:8848
- C:\Windows\System\qQHcloe.exe
  C:\Windows\System\qQHcloe.exe
  2⤵
  PID:9676
- C:\Windows\System\wwayQUL.exe
  C:\Windows\System\wwayQUL.exe
  2⤵
  PID:9520
- C:\Windows\System\zAWsmTD.exe
  C:\Windows\System\zAWsmTD.exe
  2⤵
  PID:9600
- C:\Windows\System\yXxBsNZ.exe
  C:\Windows\System\yXxBsNZ.exe
  2⤵
  PID:9728
- C:\Windows\System\UXYDvuO.exe
  C:\Windows\System\UXYDvuO.exe
  2⤵
  PID:9820
- C:\Windows\System\xtvxLUe.exe
  C:\Windows\System\xtvxLUe.exe
  2⤵
  PID:9776
- C:\Windows\System\YGuyDIY.exe
  C:\Windows\System\YGuyDIY.exe
  2⤵
  PID:9876
- C:\Windows\System\FfvqfZe.exe
  C:\Windows\System\FfvqfZe.exe
  2⤵
  PID:9928
- C:\Windows\System\oPNBeHw.exe
  C:\Windows\System\oPNBeHw.exe
  2⤵
  PID:9952
- C:\Windows\System\cfUXAiO.exe
  C:\Windows\System\cfUXAiO.exe
  2⤵
  PID:9984
- C:\Windows\System\yCyPUWB.exe
  C:\Windows\System\yCyPUWB.exe
  2⤵
  PID:10016
- C:\Windows\System\DAnOYuW.exe
  C:\Windows\System\DAnOYuW.exe
  2⤵
  PID:10116
- C:\Windows\System\zOcRqmX.exe
  C:\Windows\System\zOcRqmX.exe
  2⤵
  PID:9584
- C:\Windows\System\uLbImMg.exe
  C:\Windows\System\uLbImMg.exe
  2⤵
  PID:9628
- C:\Windows\System\ETdRoWu.exe
  C:\Windows\System\ETdRoWu.exe
  2⤵
  PID:9596
- C:\Windows\System\erpIHUU.exe
  C:\Windows\System\erpIHUU.exe
  2⤵
  PID:9808
- C:\Windows\System\bONDomG.exe
  C:\Windows\System\bONDomG.exe
  2⤵
  PID:9560
- C:\Windows\System\utumXYn.exe
  C:\Windows\System\utumXYn.exe
  2⤵
  PID:9760
- C:\Windows\System\qrRfEtg.exe
  C:\Windows\System\qrRfEtg.exe
  2⤵
  PID:9696
- C:\Windows\System\TrMNhzl.exe
  C:\Windows\System\TrMNhzl.exe
  2⤵
  PID:9948
- C:\Windows\System\urWaXLZ.exe
  C:\Windows\System\urWaXLZ.exe
  2⤵
  PID:10048
- C:\Windows\System\PbqZRLq.exe
  C:\Windows\System\PbqZRLq.exe
  2⤵
  PID:10136
- C:\Windows\System\KMwqEDj.exe
  C:\Windows\System\KMwqEDj.exe
  2⤵
  PID:10184
- C:\Windows\System\kQVPzXN.exe
  C:\Windows\System\kQVPzXN.exe
  2⤵
  PID:9556
- C:\Windows\System\lONouzf.exe
  C:\Windows\System\lONouzf.exe
  2⤵
  PID:9436
- C:\Windows\System\kgvZcxg.exe
  C:\Windows\System\kgvZcxg.exe
  2⤵
  PID:9688
- C:\Windows\System\aSwjulQ.exe
  C:\Windows\System\aSwjulQ.exe
  2⤵
  PID:9516
- C:\Windows\System\rGegCQB.exe
  C:\Windows\System\rGegCQB.exe
  2⤵
  PID:9660
- C:\Windows\System\aEcjUzd.exe
  C:\Windows\System\aEcjUzd.exe
  2⤵
  PID:9896
- C:\Windows\System\mcyPgEO.exe
  C:\Windows\System\mcyPgEO.exe
  2⤵
  PID:9772
- C:\Windows\System\yePRFuY.exe
  C:\Windows\System\yePRFuY.exe
  2⤵
  PID:10012
- C:\Windows\System\RvbMDMT.exe
  C:\Windows\System\RvbMDMT.exe
  2⤵
  PID:9440
- C:\Windows\System\cyocnGU.exe
  C:\Windows\System\cyocnGU.exe
  2⤵
  PID:10096
- C:\Windows\System\otRMeUD.exe
  C:\Windows\System\otRMeUD.exe
  2⤵
  PID:9792
- C:\Windows\System\PydPNNj.exe
  C:\Windows\System\PydPNNj.exe
  2⤵
  PID:10164
- C:\Windows\System\KlLKXoy.exe
  C:\Windows\System\KlLKXoy.exe
  2⤵
  PID:10132
- C:\Windows\System\JgfpoIz.exe
  C:\Windows\System\JgfpoIz.exe
  2⤵
  PID:9508
- C:\Windows\System\NcButMR.exe
  C:\Windows\System\NcButMR.exe
  2⤵
  PID:9468
- C:\Windows\System\FxGqsqk.exe
  C:\Windows\System\FxGqsqk.exe
  2⤵
  PID:9496
- C:\Windows\System\qsCrvEp.exe
  C:\Windows\System\qsCrvEp.exe
  2⤵
  PID:9924
- C:\Windows\System\GXMchmI.exe
  C:\Windows\System\GXMchmI.exe
  2⤵
  PID:9976
- C:\Windows\System\ARFgQci.exe
  C:\Windows\System\ARFgQci.exe
  2⤵
  PID:9580
- C:\Windows\System\vbcUiEe.exe
  C:\Windows\System\vbcUiEe.exe
  2⤵
  PID:10004
- C:\Windows\System\dqwpQVi.exe
  C:\Windows\System\dqwpQVi.exe
  2⤵
  PID:10220
- C:\Windows\System\oVCwdAm.exe
  C:\Windows\System\oVCwdAm.exe
  2⤵
  PID:10232
- C:\Windows\System\XOUaiXn.exe
  C:\Windows\System\XOUaiXn.exe
  2⤵
  PID:9144
- C:\Windows\System\UVLTVXw.exe
  C:\Windows\System\UVLTVXw.exe
  2⤵
  PID:9184
- C:\Windows\System\HWTKSLY.exe
  C:\Windows\System\HWTKSLY.exe
  2⤵
  PID:4968
- C:\Windows\System\JehmtUl.exe
  C:\Windows\System\JehmtUl.exe
  2⤵
  PID:9252
- C:\Windows\System\kFACfOc.exe
  C:\Windows\System\kFACfOc.exe
  2⤵
  PID:9288
- C:\Windows\System\CoKUgKI.exe
  C:\Windows\System\CoKUgKI.exe
  2⤵
  PID:9268
- C:\Windows\System\lnkKePO.exe
  C:\Windows\System\lnkKePO.exe
  2⤵
  PID:9316
- C:\Windows\System\KeBArWf.exe
  C:\Windows\System\KeBArWf.exe
  2⤵
  PID:9352
- C:\Windows\System\FuzQCPu.exe
  C:\Windows\System\FuzQCPu.exe
  2⤵
  PID:9392
- C:\Windows\System\qsagope.exe
  C:\Windows\System\qsagope.exe
  2⤵
  PID:9368
- C:\Windows\System\DCQJanK.exe
  C:\Windows\System\DCQJanK.exe
  2⤵
  PID:9492
- C:\Windows\System\xJRLboU.exe
  C:\Windows\System\xJRLboU.exe
  2⤵
  PID:9504
- C:\Windows\System\MtCtIup.exe
  C:\Windows\System\MtCtIup.exe
  2⤵
  PID:9972
- C:\Windows\System\kWFRVGD.exe
  C:\Windows\System\kWFRVGD.exe
  2⤵
  PID:10064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ABBVDCa.exe

Filesize
6.0MB

MD5
9e0d0c861e2a166a929b79c04b1f5a7e

SHA1
01798818526379697860b9e18b26cf0432078f58

SHA256
02b43c7f483cd0d54921372ae58ce9938179d6813773838a4527bb8f95449044

SHA512
e198b48676a9944f3619e1548d3538806ed43daef667b0db96e7a836d75e5c0e61de757964e9be26d16e1aafaf3a25cfc6b4a6b8a410d01d24c561c44b15908d

Download Submit
C:\Windows\system\BkIxDiN.exe

Filesize
6.0MB

MD5
aadf9a0625a081ebdd7a21d76a3d0ceb

SHA1
4c585fb1c10797008890eb58c01e2fc11acefc39

SHA256
a56977d471ee3d7e5609feeb104f17273700e1513f734ddb0fa3ec81817ae2de

SHA512
869aff4f23b221cf82f4a5f817dedadc4b4de0828d815c5190e896ad3debff93d1c49aacd70979833462bf87aad8441ae39c3d3fb5ee003ebd784b57e35c3418

Download Submit
C:\Windows\system\DGqUYCJ.exe

Filesize
6.0MB

MD5
fa50c22b086b556484d331c364ff30ab

SHA1
5cbd8a21d4a10673c6522ba0fd741fa6de26ad15

SHA256
7da46048f71b11b52f7b1d14f4f23e1ecc29cd6798a77db978ed5e40651b688c

SHA512
172ea4498f7682ae02f593e37d3a5ac386feca761b0b2e9b459c0bfe6e0dba871770dc8baf927d21651e7a6a0125d154cf5867f6eb851b092f552d8ff909c744

Download Submit
C:\Windows\system\JRiJlBp.exe

Filesize
6.0MB

MD5
26ece1883ff28e8566bae5db8b2c5fcc

SHA1
a6fce8ba8dca53bd16df7e03cd837b95516388a7

SHA256
3df7635985e6e63ad73c5726eab161517767904c6defe203ddb011312ec01c62

SHA512
2b400bb764d77fce2ab6ec7ad962074763dc06a03a27307b3b195321b6110567b7a23cef547231b43f57744dfe054eafb34f73f23b1046bf19caaf3aeb0b96ed

Download Submit
C:\Windows\system\JsDGfVY.exe

Filesize
6.0MB

MD5
88d0bef6e2b266d899659b99e0de612e

SHA1
3895128ffe6df51960823116fdc3ca10f4c68998

SHA256
995eb781bc5c5372a20dcf86baebd579edff58cd6b82464431909fa8c7f16012

SHA512
d2b5346119db9bd717a2db6a2252214440a056f5482fc028a362f21393812ef90390f25a48f15b93b60b7b44dcc51fc61affa856d496e9849054d6ae0f115b46

Download Submit
C:\Windows\system\LIROcjQ.exe

Filesize
6.0MB

MD5
a4351ce0808ca1f50aab2dcc6a579cb5

SHA1
02710d5e80aef13f641e6a38de580db9c9ba0b11

SHA256
0465f29ba28c3ceaf9c6a6b84325b91c499cc257e5616d2fbe9e7ef8cc0df86b

SHA512
ad2f3bd4cae781b7ba8dcde65b5d2c23351e018918b08ce44b12aaed7c93f69bb29d5b53c555ab98384ae8200761060db4d2cc9bfef24d6a3e62ed5c46bc94a6

Download Submit
C:\Windows\system\LQawCUW.exe

Filesize
6.0MB

MD5
a3d34cf8ae47cf94f17ce41f32b23900

SHA1
a846fa607e57fd5fd0800fe02a7298af4cb7ccdc

SHA256
a425def901ff87dffdb09ac7200c766448ff159adefd18e0310872f59c369cfd

SHA512
a67597cea02f2940607b2d67034fa8c42caa2022e348e9a697ead53901e9c923ae7125ae18d5ebc59d502568bc6b7bfa35dcdf242114faa001735057670cc795

Download Submit
C:\Windows\system\MiPTjpS.exe

Filesize
6.0MB

MD5
8499ec680a28e20fe6c0e306e696bec0

SHA1
3e71b4b9f44e33b84541081dd7a1a43dcccbf857

SHA256
113c918975146ad39acd7431562b4777decc437999846c0f8ff2685b418fc13e

SHA512
1af79aa052a9a082f558b2e1a9b14504044406bcb72f2b1a9c162c237892631f814e6e0244a20a3be72dd8bef82f6c74c89cedfe6af1175c1d6b5674a0a4ba7e

Download Submit
C:\Windows\system\MjUwNHp.exe

Filesize
6.0MB

MD5
dee5e851a8b959ddc5de3931ba73a1f3

SHA1
bbffd85f1a09023f175f875a6e38274507ed1eb4

SHA256
400eb857a0a39bc7e186210eede59239f181f77ba8234a823af70bfcd5b9a937

SHA512
11b91f16637dac3fa4890b12404481537d5682fa8b5dceecd753986ad3ec494e00c4c5bd7b5e8c85a872dc1e9d9c2b19bd126ee81882d2703288a3e92d6377c2

Download Submit
C:\Windows\system\OJOHtrE.exe

Filesize
6.0MB

MD5
62f6f671704aa355a2ed68600fd7cb59

SHA1
9bfbfaaa9d571d56bab33a3a002ed5474f5babd9

SHA256
c4980ee07a6580dc2404446818e5de683ea402fb39cac58e6a10e5b2f2dfc55d

SHA512
49f5026a39cdcf064cc5945c2c86f20d5f07690b66d2f96a3f32ee2c0d6a375f18cd3e9b94ff51c6a3b7474e9b714fb2c6476f88b783eb13fb3ac588d23abf60

Download Submit
C:\Windows\system\QFNClys.exe

Filesize
6.0MB

MD5
3243a0bae8d5f9dfeff1fb2b0200ad38

SHA1
e4cdb8367443e2ea1e4ee1306453c3619128ddb2

SHA256
0b289e5a44f28366e126588973eab57bb73eb83e09e15a3cb0e08976011313d2

SHA512
de0ce819fd034a87853836938022359780d020c3209ec21284b55841be3c79d35a96d0ee2be635d5da2fe17697182a93b66e9d4c93e5dbf1cc3dfe94020ac061

Download Submit
C:\Windows\system\QXjmsNt.exe

Filesize
6.0MB

MD5
5553d75364c4c5a992c03ccf28790bf4

SHA1
84657c8f4c34d666887d440e430e7d8ce61a2390

SHA256
314138f0652e642d89e6dd23975d0d5d12d4242ec7a9db03951bb5398a367744

SHA512
b1d733face89f494ee3d11a4e339926aa2683548ef841c677266cc7ce85bbf589f4709f3316e62937e47582a7de41f5ba3b79640c8af4498e58775b9e696ee47

Download Submit
C:\Windows\system\QvHSJwP.exe

Filesize
6.0MB

MD5
a48c1daa15dc65f9944b0872534f3a1c

SHA1
4fd9ea16c2e816df771c77c821acdab2aee3336a

SHA256
76c74c94df16bbb365cc5a6a3ae9acc011cdfe9b53ad22b97b64f4c4a231a159

SHA512
42ebba689eae5dcf3b5d6bc11728c4c6c971a2d4a2a383a05789d8664ba5474f2de9cb95f971a5d6d9707e3f0a35da8ef114eb53b9041b494814e6345ffb66f4

Download Submit
C:\Windows\system\RJFHwuK.exe

Filesize
6.0MB

MD5
ebd31a97e4a5183c40bc577301d31e51

SHA1
3eb62ad19be80d5b623b1a4de0cd7dd1a1c96e79

SHA256
6a54fb677e94e575362fbe864a9f4e187cbe4c5b97d2d139088a6dbddcaef7b2

SHA512
b07bd543efb6dbe4085d806331920b65b68af7e89c271783caab98a415b125e0f34a0af1c60a1b73b11be968dc99aa1fae4139c0645bc4c989d8e3e96e310dec

Download Submit
C:\Windows\system\RubCQSc.exe

Filesize
6.0MB

MD5
c3c4580cdbdc31d2b72dbc79b2a26851

SHA1
b596cecf34bcf4a2c96b4c2c9dc45cf1865b2769

SHA256
8cf18f379b0fbc2a0d3caaa1ecee4fd84eecb983c43166987f2503cea6c2e618

SHA512
1c3d4d6f357d848e893fe20fd74ec865786e49c0707aeefeb0cf53b922d5b437377ad100e7b12bb14f0ffb0e47f45f65f10678b132348ec761bee1a9cc81849b

Download Submit
C:\Windows\system\SQNPCtb.exe

Filesize
6.0MB

MD5
1e5dc74d9b836e7504d399ce653de159

SHA1
e81860044407ada51174b502f1199573d0ed6b77

SHA256
334d9df220fc0f3211b262ad3c61228e6c0f38b8fd2508cbcaee3b643a63b9cc

SHA512
5e703e78dcd4ec8b43399947edf889f34b25bea7636df597786d9a137d2837de167b1bf52848e76569cb5c405aaee4ca1b8ce4f7000c035599e4900a8fc3d43d

Download Submit
C:\Windows\system\WOWCNPs.exe

Filesize
6.0MB

MD5
3bd9d3e2ae2bbc5a13cef6e50e54b054

SHA1
c1d2692eb16fc10fc65b84be68f02567d280417b

SHA256
42e61c3a9491f0388db396c47ca72ea78e8294f7e7b0af96aa1bab45f68823e1

SHA512
ba0a0696f57b6f84ec8b825c4307366891416f41485ef68d52874268509d2122a93e7cfa71e84be2232170b1da512ac923e4a239bebf7ac286cff91ca81805c3

Download Submit
C:\Windows\system\YhIiuuA.exe

Filesize
6.0MB

MD5
94510388eb68e4e4b544672c8e34e61b

SHA1
36e7203b5eaaae0448b68655f2376a58cd69a9a2

SHA256
fca74bc1d453df259167c9ae648b7433eaf74c8d1054d304d5bf5201780f956c

SHA512
def41ada50b9c0defc71e2abe8dc623d0a68ed417e46945ebcf74891c81dc7a2ae1092df4bd7e0aa62b27221698422f11b9ec7bf5a32e6feb656f9e60f44a194

Download Submit
C:\Windows\system\dLquJsk.exe

Filesize
6.0MB

MD5
67f3bb916d812aefac9708aa68bf07cc

SHA1
de2e0403da62a8367cca3619d9176f6c831d070e

SHA256
0776cad8b68025a15fa8b213c656c2900fd9bfe79f60afbd242e9e0ef100eb2c

SHA512
60567955a969ba8dbe9eff50160eb6f2dd35405dd02f85c047508b5e17a609e588a3c3c12cbc7254dae5f4e9539d70ca65499e7e9a1c7c910d2b08b52d941ad5

Download Submit
C:\Windows\system\dfNDxLF.exe

Filesize
6.0MB

MD5
5fce6ce9e5b00b1c5cd3fc56a007eb0a

SHA1
ee782ed11588eea8a5cf2cb6b0d1d7319777fefb

SHA256
d15b2c78d358d9a71f3c0d85898d9aa03746b126c1fac9729a17f25b19f1781f

SHA512
4ff21c3982f6c6d572ded8847cee1d0a37d25342749afab5013c92250698c279bc3c171248815b3965f4dbc564b0e0fb0367060604d7ae0e15718aed2edb1af4

Download Submit
C:\Windows\system\eNGGSNc.exe

Filesize
6.0MB

MD5
fcb1e6ea4d59f7f394e2c4d8fb8d2e23

SHA1
61e5f8022594a1331d7d6bc3aa0879ea30cad75a

SHA256
141d453ede91edd2d49b5f0d522cbfdedf1831ef79f594ff542a32e34b492a3d

SHA512
f0874f7a817445142c4c4eee872d242f5b75e447c14b84d0ddb8ee2e2858a623f219abbfd83e2745c74156c67c76359006f7d8c9c207be9f5c3183f89e7a8b2e

Download Submit
C:\Windows\system\elgtVSP.exe

Filesize
6.0MB

MD5
7eb212c940f17430d1c2e5715de2f344

SHA1
5fab303d4ac121068213e6cd7b265ec46397f35b

SHA256
3de0593590f90444b47ccd0dfd9a6de80ea4343caeeca0d1ce4751cffdad2440

SHA512
5bf9541b6f8bf8506cb8b864209f3060991544340b70b950213dc17fe00293d33f465ffc96a9e5022229d9b423e5d6304cebb22b7d6afd728f4e58e3cf55c23d

Download Submit
C:\Windows\system\fGukKiW.exe

Filesize
6.0MB

MD5
c086cf2e46af2060ed36b6e121b9b304

SHA1
0d652732319f59afce751e710789d322dad85140

SHA256
190301ac8973e7812e1364465e182f67a06cf9e599b3942f58852b809dc9f76f

SHA512
6eb9757374e24861122361ae22ca80dc6cfaefda3bfe6cbb8ec96d91f202a0a16c46b214bc64bf776c39ae029f063309b30f04b4eb2ac3b0b3b0f94001efa612

Download Submit
C:\Windows\system\fernZpr.exe

Filesize
6.0MB

MD5
b1608016dcb66af6c631c8ee4798834d

SHA1
b255a34ab1ee14996e75a42f7bd174b889a1b83b

SHA256
7b8691f70db5a443ca4efd45d153ff4c5e09c3922ab36ebb7475f799c8f6902e

SHA512
70caef217c246cdc518a203447251c3b590e382ae3056da493e9661dc4d74c0b45e1aaf511af558c7d70e1b96c0a119fe185726dd341e61167766db2bedd5125

Download Submit
C:\Windows\system\fuLqJMU.exe

Filesize
6.0MB

MD5
193d167ed1794dc13b149a3910e07a9e

SHA1
1e2e6d0699918aae4455c5773bfad84894ab2d20

SHA256
8e0a654713e1612936c8c76df01cf34e4ff8b9b81af8fd7f366a200f8ac1948f

SHA512
0b04217fe0b7252c188dc87289d9e2a4a201c46bf12ff239fd1a3d9fa66422f8036c12c92f96906d9d4a02b9e1dc6364795c66dbfed5ce83de0708c244bcb478

Download Submit
C:\Windows\system\iqEzBgj.exe

Filesize
6.0MB

MD5
a9fda7bd47aeb8c7d267fc6e1ed8faf7

SHA1
8cb02d11cd85d42961c045f5307ff5d88dd999da

SHA256
5626dd265c9752a0261019b62c594b0d764cb8d91611fccf1a19d48606b6c818

SHA512
dbd2777a69109ab4b924a47ce8ee581754c62d0b65b9b277296b145d77d35773199836b997d59e374865e2e2e9cf4e8ce73f6575368281308be282f9ccd33745

Download Submit
C:\Windows\system\pjHvUBX.exe

Filesize
6.0MB

MD5
b77e8dc9a9fccf6bac8468dc86740502

SHA1
950551ef9ade8549f57efc51670d9978e51fb621

SHA256
64c79a1f74892383393ba949d14fb1069202ef6360ec6d1eff4b5b2a2b302f4d

SHA512
894252af193e3ca697706bb3de3ba4116e173f36ad1b373c4594be0a3a10fca5a754a3c0af866bb086f01cb507710fd09dd6e6217e88004010a0ed6fe73359d5

Download Submit
C:\Windows\system\repQnWo.exe

Filesize
6.0MB

MD5
ad89d956af546c0c9c8b15151786f9f3

SHA1
44ccd76c4ce3b1635a0b186bb9c82b794e93e515

SHA256
8627ceb35279a203a3321345fd8b627402e4a9ea4bc158dd40f7b41289c37663

SHA512
ddd82f295f6f65e206f2f879d575a026c7a493bdf46e89d76d620be14b420c539eebf1c83cff7b84911cd7320dbff24f0ef3345f754b4c47a8122b159b8731ca

Download Submit
C:\Windows\system\umsUDHu.exe

Filesize
6.0MB

MD5
ce0560af17391f0c9c9b1331090026c7

SHA1
ea883e7a9d89eb7697b44922d80e0299ecaee207

SHA256
477e74aa7dc32a6308816a88bafd4cb93babc546ea2280a42f99afe375d8395d

SHA512
554e67f2772aa2d13251231c40fd6cc63899cde0699b41dc81d1cd61a0380e47ab5194083da52675ea13b65d895e56b345b723fddb4fb39a88c16b0e261da617

Download Submit
C:\Windows\system\xuFtObv.exe

Filesize
6.0MB

MD5
aad91df82532e73b71809b8f442134db

SHA1
e06677a13ed9e7d3b060bd4b425b4660fb9dfe90

SHA256
58e233e61b4f5cb5a82dc75af0a64bde3b51dc70050366a8d4c99d436d777809

SHA512
93fc7cb0b51f43fe71c123f95ac52eb3fa2222e8748d5ab43cd102cec5aed360210470f6398254c91269ad6ed41999a2c93ce34b3883bb18c5d18e2bd9f99e15

Download Submit
\Windows\system\IiyQPfW.exe

Filesize
6.0MB

MD5
97c4b49c84df1b85ca24d6a46a64c7af

SHA1
be16cf6008236ba99e507dbaf790e4924958ccc1

SHA256
62269940ae44700692821a9a20b727c9588ccf8e1f2e13806d84d21b3ae1e049

SHA512
f88c0d40a8abdccdbb94ff1cc2ecc6efbea26e4cc6260dcd41f80b4d7a965321b47af245ab0de616c75b2aa54ae6faee14a01c7a1121f1ff94e13736daaf2a11

Download Submit
\Windows\system\KlXegjr.exe

Filesize
6.0MB

MD5
8a581143f7b1a3f67bb218284d8dea5d

SHA1
73c69ca7b3024fee5e80cf3b38f11fd1857c2c47

SHA256
e459f4799c49fc7aad038303b82a74fa60dd4780fa79d3d5b8e9797dc959d570

SHA512
7689325e95ac1e091aaf5ba55a32a89c3e59934fb735cde7ee5d746c288fa0bd0bf94dee5937712f80575426303a7c7ae6f1d850a0c7b3fbad74c6d967f49966

Download Submit
memory/1884-2752-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-1839-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2746-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2192-1842-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2252-2743-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2252-1846-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2755-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1844-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2061-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2308-2817-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2464-1848-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2764-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1845-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1840-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1855-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2656-5527-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1853-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2656-1851-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1975-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1849-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1857-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1847-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1863-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2656-0-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1859-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1843-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1861-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1841-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1973-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2823-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2756-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2700-1856-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2749-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1858-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1862-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-2747-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1850-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2745-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2952-2748-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1854-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2783-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2968-1852-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2793-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1860-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download