cobaltstrike | 31aa99b81e31731184e81d2cf0ed64041d74c171fdcfabe7803724bce132c5e7

Analysis

max time kernel
138s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ff41dac2c931f81aa518207739018314
SHA1

46a76512c9ffb36f7bdf167452d3c7fe58dcfe33
SHA256

31aa99b81e31731184e81d2cf0ed64041d74c171fdcfabe7803724bce132c5e7
SHA512

32c30c40977de6557b69df6f0bfc9a89c8fe14e926c0ac3173897fd0017ef54b8ddc498837c4c67b15ddcd8eda355c6391972caa213f2a890f64394f9be7c7ca
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e8f-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ef6-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015fdb-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016239-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016307-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016599-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019242-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925b-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938a-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939c-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941b-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019429-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-81.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000015d33-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-59.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160db-29.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f4f-20.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 54 IoCs

miner

resource	yara_rule
behavioral1/memory/2372-0-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202c-6.dat	xmrig
behavioral1/files/0x0008000000015e8f-11.dat	xmrig
behavioral1/files/0x0008000000015ef6-15.dat	xmrig
behavioral1/files/0x0007000000015fdb-25.dat	xmrig
behavioral1/files/0x0007000000016239-35.dat	xmrig
behavioral1/files/0x0007000000016307-40.dat	xmrig
behavioral1/files/0x0008000000016599-44.dat	xmrig
behavioral1/files/0x0005000000019242-49.dat	xmrig
behavioral1/files/0x000500000001925b-54.dat	xmrig
behavioral1/files/0x000500000001932a-74.dat	xmrig
behavioral1/memory/2892-78-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x000500000001938a-85.dat	xmrig
behavioral1/files/0x000500000001939c-95.dat	xmrig
behavioral1/files/0x000500000001946b-108.dat	xmrig
behavioral1/files/0x000500000001955c-157.dat	xmrig
behavioral1/files/0x00050000000194e6-150.dat	xmrig
behavioral1/files/0x0005000000019581-160.dat	xmrig
behavioral1/files/0x0005000000019551-154.dat	xmrig
behavioral1/files/0x00050000000194da-141.dat	xmrig
behavioral1/files/0x00050000000194e4-145.dat	xmrig
behavioral1/files/0x00050000000194c6-128.dat	xmrig
behavioral1/files/0x00050000000194d0-133.dat	xmrig
behavioral1/files/0x0005000000019490-120.dat	xmrig
behavioral1/files/0x000500000001949d-124.dat	xmrig
behavioral1/files/0x000500000001941b-101.dat	xmrig
behavioral1/files/0x0005000000019481-114.dat	xmrig
behavioral1/files/0x0005000000019429-104.dat	xmrig
behavioral1/files/0x000500000001938e-90.dat	xmrig
behavioral1/files/0x0005000000019377-81.dat	xmrig
behavioral1/files/0x0032000000015d33-69.dat	xmrig
behavioral1/files/0x000500000001930d-65.dat	xmrig
behavioral1/files/0x000500000001925d-59.dat	xmrig
behavioral1/files/0x00070000000160db-29.dat	xmrig
behavioral1/files/0x0008000000015f4f-20.dat	xmrig
behavioral1/memory/2372-2096-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2844-2216-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/876-2258-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2972-2310-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2892-2798-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1908-2825-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2608-2824-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1232-2823-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/1428-2826-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2740-2858-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2256-2865-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2784-2872-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/716-2873-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2776-2846-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2672-2837-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2972-2797-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/876-2795-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2844-2794-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2372-4994-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2892	YgRYRQJ.exe
2740	DGtrije.exe
2844	LHRYTIO.exe
876	zmczNjY.exe
2972	QuxFadT.exe
2776	JWoNKNG.exe
2608	zlYzQTt.exe
2672	YKNBMMX.exe
1232	yUHReLB.exe
2784	qjnSeeN.exe
1908	QQdProd.exe
716	WoPCWWn.exe
1428	mpOPDdy.exe
2256	iEFsFHz.exe
2144	VzivSzs.exe
1872	wLmCbKP.exe
2916	GjVJTYR.exe
2940	rmrhQGe.exe
1744	sYIlQUR.exe
2596	CxnLsDo.exe
2280	QFTFmXT.exe
2120	CHZwenh.exe
2516	SfzrImR.exe
1544	WfZZikX.exe
1584	WGfnYky.exe
1996	fAuHvsG.exe
3024	npOsWcR.exe
2176	hYMJMaN.exe
2568	PMkgggW.exe
2500	wLhvLDA.exe
2480	zmmcMHf.exe
1412	XNuVIzV.exe
1104	ETQmFSF.exe
852	ruXyIlR.exe
444	amGverS.exe
2072	DLWbiDP.exe
1604	vyMZdKy.exe
2128	pfSscEX.exe
1860	jXwwxgV.exe
1656	acXCkYl.exe
1688	yYslqGM.exe
1568	tlMzEpD.exe
1548	iJVDnyK.exe
1892	QKStPYe.exe
1876	rFmHRTU.exe
620	RJhnhju.exe
700	xvxigbW.exe
3048	yUEVODF.exe
1904	lDgMSex.exe
1680	wVxjeuw.exe
2148	caOowaM.exe
2520	jqGJyuU.exe
288	JYCKrrk.exe
2008	ClYyxVv.exe
1440	ZQjvbaT.exe
2692	tMIhxkz.exe
2832	ncNFHyn.exe
1640	kIMkMwl.exe
2836	pOVyKhr.exe
2572	CSRHEoO.exe
2992	eztOwEd.exe
2828	CwyWWPN.exe
2624	Xgvtjqd.exe
2488	cOQQZcT.exe

Loads dropped DLL 64 IoCs

pid	Process
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2372-0-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-6.dat	upx
behavioral1/files/0x0008000000015e8f-11.dat	upx
behavioral1/files/0x0008000000015ef6-15.dat	upx
behavioral1/files/0x0007000000015fdb-25.dat	upx
behavioral1/files/0x0007000000016239-35.dat	upx
behavioral1/files/0x0007000000016307-40.dat	upx
behavioral1/files/0x0008000000016599-44.dat	upx
behavioral1/files/0x0005000000019242-49.dat	upx
behavioral1/files/0x000500000001925b-54.dat	upx
behavioral1/files/0x000500000001932a-74.dat	upx
behavioral1/memory/2892-78-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x000500000001938a-85.dat	upx
behavioral1/files/0x000500000001939c-95.dat	upx
behavioral1/files/0x000500000001946b-108.dat	upx
behavioral1/files/0x000500000001955c-157.dat	upx
behavioral1/files/0x00050000000194e6-150.dat	upx
behavioral1/files/0x0005000000019581-160.dat	upx
behavioral1/files/0x0005000000019551-154.dat	upx
behavioral1/files/0x00050000000194da-141.dat	upx
behavioral1/files/0x00050000000194e4-145.dat	upx
behavioral1/files/0x00050000000194c6-128.dat	upx
behavioral1/files/0x00050000000194d0-133.dat	upx
behavioral1/files/0x0005000000019490-120.dat	upx
behavioral1/files/0x000500000001949d-124.dat	upx
behavioral1/files/0x000500000001941b-101.dat	upx
behavioral1/files/0x0005000000019481-114.dat	upx
behavioral1/files/0x0005000000019429-104.dat	upx
behavioral1/files/0x000500000001938e-90.dat	upx
behavioral1/files/0x0005000000019377-81.dat	upx
behavioral1/files/0x0032000000015d33-69.dat	upx
behavioral1/files/0x000500000001930d-65.dat	upx
behavioral1/files/0x000500000001925d-59.dat	upx
behavioral1/files/0x00070000000160db-29.dat	upx
behavioral1/files/0x0008000000015f4f-20.dat	upx
behavioral1/memory/2844-2216-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/876-2258-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2972-2310-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2892-2798-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/1908-2825-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2608-2824-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1232-2823-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/1428-2826-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2740-2858-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2256-2865-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2784-2872-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/716-2873-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2776-2846-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2672-2837-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2972-2797-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/876-2795-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2844-2794-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2372-4994-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hbQOknr.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpcDsUN.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCivmxT.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptzlSbC.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbMELcM.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKTPLYr.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeuYqkm.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETQmFSF.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvINVPP.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVYJnDe.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHVRuNd.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qeraiPl.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XttIywq.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdjeOjm.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYOOCpt.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGMScit.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdfPSkW.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQTwFOt.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVsXuAb.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZKozWC.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSxerhF.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyRCGUC.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXGYVbC.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuatEbW.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hudJmXG.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmczNjY.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cujpOMm.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEqFzUW.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUqAAVE.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmPhSdT.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HltTBSc.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbXVtzv.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuMUjQn.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAJAUKE.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DALBTHC.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqwNwWW.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtkTYfv.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJjcXke.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIENwnJ.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vAoYpUM.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRktPkf.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzMDwtk.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhqTbkR.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TglCbOr.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdwaIqh.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZmlffE.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyTWrBd.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWZhaqH.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrfwlpP.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcvcvjL.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duWHTEn.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YktvOlk.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVyIpEk.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHXmbIa.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzbkDtS.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlVEvvF.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtxxWiz.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGyEunI.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkCtkcB.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzZYgtQ.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNlWPNE.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXSTFYx.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWUysbJ.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShghPcg.exe	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2892	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 2892	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 2892	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 2740	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 2740	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 2740	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 2844	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 2844	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 2844	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 876	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 876	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 876	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 2972	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2972	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2972	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2776	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 2776	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 2776	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 2608	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 2608	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 2608	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 2672	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 2672	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 2672	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 1232	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 1232	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 1232	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 2784	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 2784	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 2784	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 1908	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 1908	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 1908	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 716	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 716	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 716	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 1428	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 1428	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 1428	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 2256	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 2256	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 2256	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 2144	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 2144	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 2144	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 1872	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 1872	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 1872	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 2916	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 2916	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 2916	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 2940	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 2940	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 2940	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 1744	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 1744	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 1744	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 2596	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 2596	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 2596	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 2280	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 2280	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 2280	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 2120	2372	2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_ff41dac2c931f81aa518207739018314_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\System\YgRYRQJ.exe
  C:\Windows\System\YgRYRQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\DGtrije.exe
  C:\Windows\System\DGtrije.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\LHRYTIO.exe
  C:\Windows\System\LHRYTIO.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\zmczNjY.exe
  C:\Windows\System\zmczNjY.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\QuxFadT.exe
  C:\Windows\System\QuxFadT.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\JWoNKNG.exe
  C:\Windows\System\JWoNKNG.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\zlYzQTt.exe
  C:\Windows\System\zlYzQTt.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\YKNBMMX.exe
  C:\Windows\System\YKNBMMX.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\yUHReLB.exe
  C:\Windows\System\yUHReLB.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\qjnSeeN.exe
  C:\Windows\System\qjnSeeN.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\QQdProd.exe
  C:\Windows\System\QQdProd.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\WoPCWWn.exe
  C:\Windows\System\WoPCWWn.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\mpOPDdy.exe
  C:\Windows\System\mpOPDdy.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\iEFsFHz.exe
  C:\Windows\System\iEFsFHz.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\VzivSzs.exe
  C:\Windows\System\VzivSzs.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\wLmCbKP.exe
  C:\Windows\System\wLmCbKP.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\GjVJTYR.exe
  C:\Windows\System\GjVJTYR.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\rmrhQGe.exe
  C:\Windows\System\rmrhQGe.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\sYIlQUR.exe
  C:\Windows\System\sYIlQUR.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\CxnLsDo.exe
  C:\Windows\System\CxnLsDo.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\QFTFmXT.exe
  C:\Windows\System\QFTFmXT.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\CHZwenh.exe
  C:\Windows\System\CHZwenh.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\SfzrImR.exe
  C:\Windows\System\SfzrImR.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\WfZZikX.exe
  C:\Windows\System\WfZZikX.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\WGfnYky.exe
  C:\Windows\System\WGfnYky.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\npOsWcR.exe
  C:\Windows\System\npOsWcR.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\fAuHvsG.exe
  C:\Windows\System\fAuHvsG.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\hYMJMaN.exe
  C:\Windows\System\hYMJMaN.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\PMkgggW.exe
  C:\Windows\System\PMkgggW.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\wLhvLDA.exe
  C:\Windows\System\wLhvLDA.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\zmmcMHf.exe
  C:\Windows\System\zmmcMHf.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ETQmFSF.exe
  C:\Windows\System\ETQmFSF.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\XNuVIzV.exe
  C:\Windows\System\XNuVIzV.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\ruXyIlR.exe
  C:\Windows\System\ruXyIlR.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\amGverS.exe
  C:\Windows\System\amGverS.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\vyMZdKy.exe
  C:\Windows\System\vyMZdKy.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\DLWbiDP.exe
  C:\Windows\System\DLWbiDP.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\pfSscEX.exe
  C:\Windows\System\pfSscEX.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\jXwwxgV.exe
  C:\Windows\System\jXwwxgV.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\yYslqGM.exe
  C:\Windows\System\yYslqGM.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\acXCkYl.exe
  C:\Windows\System\acXCkYl.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\iJVDnyK.exe
  C:\Windows\System\iJVDnyK.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\tlMzEpD.exe
  C:\Windows\System\tlMzEpD.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\rFmHRTU.exe
  C:\Windows\System\rFmHRTU.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\QKStPYe.exe
  C:\Windows\System\QKStPYe.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\RJhnhju.exe
  C:\Windows\System\RJhnhju.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\xvxigbW.exe
  C:\Windows\System\xvxigbW.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\yUEVODF.exe
  C:\Windows\System\yUEVODF.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\lDgMSex.exe
  C:\Windows\System\lDgMSex.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\wVxjeuw.exe
  C:\Windows\System\wVxjeuw.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\caOowaM.exe
  C:\Windows\System\caOowaM.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\jqGJyuU.exe
  C:\Windows\System\jqGJyuU.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\JYCKrrk.exe
  C:\Windows\System\JYCKrrk.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\ClYyxVv.exe
  C:\Windows\System\ClYyxVv.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\ZQjvbaT.exe
  C:\Windows\System\ZQjvbaT.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\tMIhxkz.exe
  C:\Windows\System\tMIhxkz.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ncNFHyn.exe
  C:\Windows\System\ncNFHyn.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\kIMkMwl.exe
  C:\Windows\System\kIMkMwl.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\pOVyKhr.exe
  C:\Windows\System\pOVyKhr.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\CSRHEoO.exe
  C:\Windows\System\CSRHEoO.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\eztOwEd.exe
  C:\Windows\System\eztOwEd.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\CwyWWPN.exe
  C:\Windows\System\CwyWWPN.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\Xgvtjqd.exe
  C:\Windows\System\Xgvtjqd.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\cOQQZcT.exe
  C:\Windows\System\cOQQZcT.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\rRxoIGF.exe
  C:\Windows\System\rRxoIGF.exe
  2⤵
  PID:596
- C:\Windows\System\ddmZXMi.exe
  C:\Windows\System\ddmZXMi.exe
  2⤵
  PID:1064
- C:\Windows\System\eDrbCvi.exe
  C:\Windows\System\eDrbCvi.exe
  2⤵
  PID:2420
- C:\Windows\System\VSkprQS.exe
  C:\Windows\System\VSkprQS.exe
  2⤵
  PID:2676
- C:\Windows\System\StAoWVc.exe
  C:\Windows\System\StAoWVc.exe
  2⤵
  PID:2856
- C:\Windows\System\GdwaIqh.exe
  C:\Windows\System\GdwaIqh.exe
  2⤵
  PID:2956
- C:\Windows\System\DgbCCaJ.exe
  C:\Windows\System\DgbCCaJ.exe
  2⤵
  PID:2084
- C:\Windows\System\kHWkIfW.exe
  C:\Windows\System\kHWkIfW.exe
  2⤵
  PID:1588
- C:\Windows\System\QRbaCoX.exe
  C:\Windows\System\QRbaCoX.exe
  2⤵
  PID:988
- C:\Windows\System\JmquXvJ.exe
  C:\Windows\System\JmquXvJ.exe
  2⤵
  PID:396
- C:\Windows\System\IHSzciy.exe
  C:\Windows\System\IHSzciy.exe
  2⤵
  PID:3036
- C:\Windows\System\wwIppGB.exe
  C:\Windows\System\wwIppGB.exe
  2⤵
  PID:1924
- C:\Windows\System\wioIsPD.exe
  C:\Windows\System\wioIsPD.exe
  2⤵
  PID:1100
- C:\Windows\System\KXvpjyz.exe
  C:\Windows\System\KXvpjyz.exe
  2⤵
  PID:1088
- C:\Windows\System\wULqWrs.exe
  C:\Windows\System\wULqWrs.exe
  2⤵
  PID:864
- C:\Windows\System\HUxyLSO.exe
  C:\Windows\System\HUxyLSO.exe
  2⤵
  PID:956
- C:\Windows\System\rgLMZVg.exe
  C:\Windows\System\rgLMZVg.exe
  2⤵
  PID:1812
- C:\Windows\System\RBmUotC.exe
  C:\Windows\System\RBmUotC.exe
  2⤵
  PID:684
- C:\Windows\System\jRjrZzq.exe
  C:\Windows\System\jRjrZzq.exe
  2⤵
  PID:1472
- C:\Windows\System\QEzKLiW.exe
  C:\Windows\System\QEzKLiW.exe
  2⤵
  PID:1976
- C:\Windows\System\cinJIZW.exe
  C:\Windows\System\cinJIZW.exe
  2⤵
  PID:908
- C:\Windows\System\mwmMHDj.exe
  C:\Windows\System\mwmMHDj.exe
  2⤵
  PID:2016
- C:\Windows\System\CftyyVE.exe
  C:\Windows\System\CftyyVE.exe
  2⤵
  PID:1476
- C:\Windows\System\pmJdyBx.exe
  C:\Windows\System\pmJdyBx.exe
  2⤵
  PID:2164
- C:\Windows\System\AtmkLec.exe
  C:\Windows\System\AtmkLec.exe
  2⤵
  PID:2528
- C:\Windows\System\GgnrMjZ.exe
  C:\Windows\System\GgnrMjZ.exe
  2⤵
  PID:3004
- C:\Windows\System\rUyGcYL.exe
  C:\Windows\System\rUyGcYL.exe
  2⤵
  PID:1208
- C:\Windows\System\KGQpLiV.exe
  C:\Windows\System\KGQpLiV.exe
  2⤵
  PID:2352
- C:\Windows\System\srIakjz.exe
  C:\Windows\System\srIakjz.exe
  2⤵
  PID:892
- C:\Windows\System\QrCVlvr.exe
  C:\Windows\System\QrCVlvr.exe
  2⤵
  PID:2764
- C:\Windows\System\oTJBMuh.exe
  C:\Windows\System\oTJBMuh.exe
  2⤵
  PID:2768
- C:\Windows\System\WCkijyy.exe
  C:\Windows\System\WCkijyy.exe
  2⤵
  PID:528
- C:\Windows\System\gxEVDGL.exe
  C:\Windows\System\gxEVDGL.exe
  2⤵
  PID:2192
- C:\Windows\System\GeGltcx.exe
  C:\Windows\System\GeGltcx.exe
  2⤵
  PID:2800
- C:\Windows\System\AXSTFYx.exe
  C:\Windows\System\AXSTFYx.exe
  2⤵
  PID:1736
- C:\Windows\System\jihrLkL.exe
  C:\Windows\System\jihrLkL.exe
  2⤵
  PID:1972
- C:\Windows\System\nUuFJji.exe
  C:\Windows\System\nUuFJji.exe
  2⤵
  PID:1564
- C:\Windows\System\RKXpCJh.exe
  C:\Windows\System\RKXpCJh.exe
  2⤵
  PID:1660
- C:\Windows\System\AbyRdpo.exe
  C:\Windows\System\AbyRdpo.exe
  2⤵
  PID:1572
- C:\Windows\System\KdYNjbj.exe
  C:\Windows\System\KdYNjbj.exe
  2⤵
  PID:2168
- C:\Windows\System\ZeudSks.exe
  C:\Windows\System\ZeudSks.exe
  2⤵
  PID:2288
- C:\Windows\System\biUrfRE.exe
  C:\Windows\System\biUrfRE.exe
  2⤵
  PID:2496
- C:\Windows\System\ADhTICe.exe
  C:\Windows\System\ADhTICe.exe
  2⤵
  PID:2432
- C:\Windows\System\mKuVDGa.exe
  C:\Windows\System\mKuVDGa.exe
  2⤵
  PID:3056
- C:\Windows\System\qvazdbb.exe
  C:\Windows\System\qvazdbb.exe
  2⤵
  PID:2416
- C:\Windows\System\WBbLEgD.exe
  C:\Windows\System\WBbLEgD.exe
  2⤵
  PID:2044
- C:\Windows\System\nHkRsbY.exe
  C:\Windows\System\nHkRsbY.exe
  2⤵
  PID:1616
- C:\Windows\System\rDzDIaG.exe
  C:\Windows\System\rDzDIaG.exe
  2⤵
  PID:2404
- C:\Windows\System\oIQLYYu.exe
  C:\Windows\System\oIQLYYu.exe
  2⤵
  PID:1708
- C:\Windows\System\msKXXjb.exe
  C:\Windows\System\msKXXjb.exe
  2⤵
  PID:276
- C:\Windows\System\fgSLiDk.exe
  C:\Windows\System\fgSLiDk.exe
  2⤵
  PID:2540
- C:\Windows\System\EAfwVZI.exe
  C:\Windows\System\EAfwVZI.exe
  2⤵
  PID:1020
- C:\Windows\System\zDTtoEM.exe
  C:\Windows\System\zDTtoEM.exe
  2⤵
  PID:1968
- C:\Windows\System\JYLuGSH.exe
  C:\Windows\System\JYLuGSH.exe
  2⤵
  PID:1676
- C:\Windows\System\eqYIjbW.exe
  C:\Windows\System\eqYIjbW.exe
  2⤵
  PID:1792
- C:\Windows\System\DoeyVHI.exe
  C:\Windows\System\DoeyVHI.exe
  2⤵
  PID:2932
- C:\Windows\System\itqMAHp.exe
  C:\Windows\System\itqMAHp.exe
  2⤵
  PID:2228
- C:\Windows\System\gJWmoyu.exe
  C:\Windows\System\gJWmoyu.exe
  2⤵
  PID:1264
- C:\Windows\System\McKUyRS.exe
  C:\Windows\System\McKUyRS.exe
  2⤵
  PID:1628
- C:\Windows\System\pilVJLP.exe
  C:\Windows\System\pilVJLP.exe
  2⤵
  PID:3088
- C:\Windows\System\vIWZpBR.exe
  C:\Windows\System\vIWZpBR.exe
  2⤵
  PID:3104
- C:\Windows\System\yyapZsN.exe
  C:\Windows\System\yyapZsN.exe
  2⤵
  PID:3124
- C:\Windows\System\jZrmypB.exe
  C:\Windows\System\jZrmypB.exe
  2⤵
  PID:3140
- C:\Windows\System\cIMbqwl.exe
  C:\Windows\System\cIMbqwl.exe
  2⤵
  PID:3160
- C:\Windows\System\XJEIoNy.exe
  C:\Windows\System\XJEIoNy.exe
  2⤵
  PID:3184
- C:\Windows\System\UdLddJZ.exe
  C:\Windows\System\UdLddJZ.exe
  2⤵
  PID:3204
- C:\Windows\System\JZSHviN.exe
  C:\Windows\System\JZSHviN.exe
  2⤵
  PID:3224
- C:\Windows\System\PmvAFaZ.exe
  C:\Windows\System\PmvAFaZ.exe
  2⤵
  PID:3248
- C:\Windows\System\kIHCUxY.exe
  C:\Windows\System\kIHCUxY.exe
  2⤵
  PID:3264
- C:\Windows\System\ZQyXqzN.exe
  C:\Windows\System\ZQyXqzN.exe
  2⤵
  PID:3280
- C:\Windows\System\SVVtwBZ.exe
  C:\Windows\System\SVVtwBZ.exe
  2⤵
  PID:3300
- C:\Windows\System\QkspuOk.exe
  C:\Windows\System\QkspuOk.exe
  2⤵
  PID:3316
- C:\Windows\System\VRCDRTW.exe
  C:\Windows\System\VRCDRTW.exe
  2⤵
  PID:3332
- C:\Windows\System\sdpBKuw.exe
  C:\Windows\System\sdpBKuw.exe
  2⤵
  PID:3356
- C:\Windows\System\cQgGujX.exe
  C:\Windows\System\cQgGujX.exe
  2⤵
  PID:3372
- C:\Windows\System\EvINVPP.exe
  C:\Windows\System\EvINVPP.exe
  2⤵
  PID:3392
- C:\Windows\System\rjqefDU.exe
  C:\Windows\System\rjqefDU.exe
  2⤵
  PID:3408
- C:\Windows\System\EwMrsCE.exe
  C:\Windows\System\EwMrsCE.exe
  2⤵
  PID:3428
- C:\Windows\System\kYfgOTz.exe
  C:\Windows\System\kYfgOTz.exe
  2⤵
  PID:3444
- C:\Windows\System\KSYThls.exe
  C:\Windows\System\KSYThls.exe
  2⤵
  PID:3468
- C:\Windows\System\elfbPAj.exe
  C:\Windows\System\elfbPAj.exe
  2⤵
  PID:3500
- C:\Windows\System\igZdOMT.exe
  C:\Windows\System\igZdOMT.exe
  2⤵
  PID:3520
- C:\Windows\System\bINnrtx.exe
  C:\Windows\System\bINnrtx.exe
  2⤵
  PID:3540
- C:\Windows\System\veCiiVx.exe
  C:\Windows\System\veCiiVx.exe
  2⤵
  PID:3560
- C:\Windows\System\kzMDwtk.exe
  C:\Windows\System\kzMDwtk.exe
  2⤵
  PID:3576
- C:\Windows\System\zrykUwh.exe
  C:\Windows\System\zrykUwh.exe
  2⤵
  PID:3596
- C:\Windows\System\YudxHdf.exe
  C:\Windows\System\YudxHdf.exe
  2⤵
  PID:3612
- C:\Windows\System\HLJsfRF.exe
  C:\Windows\System\HLJsfRF.exe
  2⤵
  PID:3628
- C:\Windows\System\AnPheFm.exe
  C:\Windows\System\AnPheFm.exe
  2⤵
  PID:3648
- C:\Windows\System\QzWUHZs.exe
  C:\Windows\System\QzWUHZs.exe
  2⤵
  PID:3664
- C:\Windows\System\jgLnvQv.exe
  C:\Windows\System\jgLnvQv.exe
  2⤵
  PID:3704
- C:\Windows\System\Onzobge.exe
  C:\Windows\System\Onzobge.exe
  2⤵
  PID:3728
- C:\Windows\System\SwoiqxG.exe
  C:\Windows\System\SwoiqxG.exe
  2⤵
  PID:3752
- C:\Windows\System\lTlKqPI.exe
  C:\Windows\System\lTlKqPI.exe
  2⤵
  PID:3776
- C:\Windows\System\zfuyiLf.exe
  C:\Windows\System\zfuyiLf.exe
  2⤵
  PID:3796
- C:\Windows\System\jTIYzGZ.exe
  C:\Windows\System\jTIYzGZ.exe
  2⤵
  PID:3816
- C:\Windows\System\HNgliCT.exe
  C:\Windows\System\HNgliCT.exe
  2⤵
  PID:3836
- C:\Windows\System\QmeJsLH.exe
  C:\Windows\System\QmeJsLH.exe
  2⤵
  PID:3856
- C:\Windows\System\DZPljEH.exe
  C:\Windows\System\DZPljEH.exe
  2⤵
  PID:3876
- C:\Windows\System\NNaOdzw.exe
  C:\Windows\System\NNaOdzw.exe
  2⤵
  PID:3892
- C:\Windows\System\yeGGBeP.exe
  C:\Windows\System\yeGGBeP.exe
  2⤵
  PID:3916
- C:\Windows\System\zUCjQIz.exe
  C:\Windows\System\zUCjQIz.exe
  2⤵
  PID:3932
- C:\Windows\System\vWUysbJ.exe
  C:\Windows\System\vWUysbJ.exe
  2⤵
  PID:3952
- C:\Windows\System\VnkMJzY.exe
  C:\Windows\System\VnkMJzY.exe
  2⤵
  PID:3976
- C:\Windows\System\GYcgPBf.exe
  C:\Windows\System\GYcgPBf.exe
  2⤵
  PID:3996
- C:\Windows\System\UYfAtQE.exe
  C:\Windows\System\UYfAtQE.exe
  2⤵
  PID:4016
- C:\Windows\System\qGgQabc.exe
  C:\Windows\System\qGgQabc.exe
  2⤵
  PID:4032
- C:\Windows\System\vfCCARU.exe
  C:\Windows\System\vfCCARU.exe
  2⤵
  PID:4052
- C:\Windows\System\hhCLERT.exe
  C:\Windows\System\hhCLERT.exe
  2⤵
  PID:4072
- C:\Windows\System\lULuzbI.exe
  C:\Windows\System\lULuzbI.exe
  2⤵
  PID:4092
- C:\Windows\System\eysfDIq.exe
  C:\Windows\System\eysfDIq.exe
  2⤵
  PID:780
- C:\Windows\System\gsTMtlN.exe
  C:\Windows\System\gsTMtlN.exe
  2⤵
  PID:1384
- C:\Windows\System\CoJemXY.exe
  C:\Windows\System\CoJemXY.exe
  2⤵
  PID:2536
- C:\Windows\System\bkwuGLo.exe
  C:\Windows\System\bkwuGLo.exe
  2⤵
  PID:1540
- C:\Windows\System\GzbFJff.exe
  C:\Windows\System\GzbFJff.exe
  2⤵
  PID:2156
- C:\Windows\System\SCPArlS.exe
  C:\Windows\System\SCPArlS.exe
  2⤵
  PID:2240
- C:\Windows\System\MfkOTMX.exe
  C:\Windows\System\MfkOTMX.exe
  2⤵
  PID:3080
- C:\Windows\System\pvgCanj.exe
  C:\Windows\System\pvgCanj.exe
  2⤵
  PID:2308
- C:\Windows\System\gfIhCye.exe
  C:\Windows\System\gfIhCye.exe
  2⤵
  PID:1844
- C:\Windows\System\RJpqTAc.exe
  C:\Windows\System\RJpqTAc.exe
  2⤵
  PID:3152
- C:\Windows\System\OoTTRgX.exe
  C:\Windows\System\OoTTRgX.exe
  2⤵
  PID:3236
- C:\Windows\System\pbVxOkr.exe
  C:\Windows\System\pbVxOkr.exe
  2⤵
  PID:3308
- C:\Windows\System\xHjEcUv.exe
  C:\Windows\System\xHjEcUv.exe
  2⤵
  PID:3352
- C:\Windows\System\REPOPvk.exe
  C:\Windows\System\REPOPvk.exe
  2⤵
  PID:2204
- C:\Windows\System\wdpSQdj.exe
  C:\Windows\System\wdpSQdj.exe
  2⤵
  PID:3172
- C:\Windows\System\QLItIzS.exe
  C:\Windows\System\QLItIzS.exe
  2⤵
  PID:3416
- C:\Windows\System\QNlwNal.exe
  C:\Windows\System\QNlwNal.exe
  2⤵
  PID:3464
- C:\Windows\System\rzhsNnK.exe
  C:\Windows\System\rzhsNnK.exe
  2⤵
  PID:3512
- C:\Windows\System\FQpYGlQ.exe
  C:\Windows\System\FQpYGlQ.exe
  2⤵
  PID:3328
- C:\Windows\System\GOBPhdD.exe
  C:\Windows\System\GOBPhdD.exe
  2⤵
  PID:3256
- C:\Windows\System\HbtCNEW.exe
  C:\Windows\System\HbtCNEW.exe
  2⤵
  PID:3556
- C:\Windows\System\DNRKTRU.exe
  C:\Windows\System\DNRKTRU.exe
  2⤵
  PID:3400
- C:\Windows\System\VZIGzoH.exe
  C:\Windows\System\VZIGzoH.exe
  2⤵
  PID:3496
- C:\Windows\System\KhDAUSm.exe
  C:\Windows\System\KhDAUSm.exe
  2⤵
  PID:3604
- C:\Windows\System\SKqEhup.exe
  C:\Windows\System\SKqEhup.exe
  2⤵
  PID:3532
- C:\Windows\System\fefxJfg.exe
  C:\Windows\System\fefxJfg.exe
  2⤵
  PID:3660
- C:\Windows\System\aknoUue.exe
  C:\Windows\System\aknoUue.exe
  2⤵
  PID:3608
- C:\Windows\System\uCsFisu.exe
  C:\Windows\System\uCsFisu.exe
  2⤵
  PID:3684
- C:\Windows\System\UdjeOjm.exe
  C:\Windows\System\UdjeOjm.exe
  2⤵
  PID:3696
- C:\Windows\System\iiPIYhp.exe
  C:\Windows\System\iiPIYhp.exe
  2⤵
  PID:3768
- C:\Windows\System\RWILfbf.exe
  C:\Windows\System\RWILfbf.exe
  2⤵
  PID:3808
- C:\Windows\System\kZTQlXa.exe
  C:\Windows\System\kZTQlXa.exe
  2⤵
  PID:3828
- C:\Windows\System\eiBOZZA.exe
  C:\Windows\System\eiBOZZA.exe
  2⤵
  PID:3864
- C:\Windows\System\ZhESQmw.exe
  C:\Windows\System\ZhESQmw.exe
  2⤵
  PID:3960
- C:\Windows\System\qJmipHj.exe
  C:\Windows\System\qJmipHj.exe
  2⤵
  PID:3964
- C:\Windows\System\QgBxJNs.exe
  C:\Windows\System\QgBxJNs.exe
  2⤵
  PID:3948
- C:\Windows\System\GnNNHjH.exe
  C:\Windows\System\GnNNHjH.exe
  2⤵
  PID:3992
- C:\Windows\System\oAfuEyV.exe
  C:\Windows\System\oAfuEyV.exe
  2⤵
  PID:4080
- C:\Windows\System\bSiTmQo.exe
  C:\Windows\System\bSiTmQo.exe
  2⤵
  PID:4060
- C:\Windows\System\OtAAUns.exe
  C:\Windows\System\OtAAUns.exe
  2⤵
  PID:2140
- C:\Windows\System\nZooEen.exe
  C:\Windows\System\nZooEen.exe
  2⤵
  PID:2748
- C:\Windows\System\xwuRehJ.exe
  C:\Windows\System\xwuRehJ.exe
  2⤵
  PID:2160
- C:\Windows\System\FciHJRx.exe
  C:\Windows\System\FciHJRx.exe
  2⤵
  PID:3112
- C:\Windows\System\uQMDjKK.exe
  C:\Windows\System\uQMDjKK.exe
  2⤵
  PID:3156
- C:\Windows\System\DuxrMGB.exe
  C:\Windows\System\DuxrMGB.exe
  2⤵
  PID:3076
- C:\Windows\System\DfUMKCI.exe
  C:\Windows\System\DfUMKCI.exe
  2⤵
  PID:2080
- C:\Windows\System\KGhIajE.exe
  C:\Windows\System\KGhIajE.exe
  2⤵
  PID:3380
- C:\Windows\System\shHEWBI.exe
  C:\Windows\System\shHEWBI.exe
  2⤵
  PID:3508
- C:\Windows\System\HfaTdgt.exe
  C:\Windows\System\HfaTdgt.exe
  2⤵
  PID:3196
- C:\Windows\System\vcloFgL.exe
  C:\Windows\System\vcloFgL.exe
  2⤵
  PID:3260
- C:\Windows\System\IDrFNnD.exe
  C:\Windows\System\IDrFNnD.exe
  2⤵
  PID:3536
- C:\Windows\System\iIqQxQB.exe
  C:\Windows\System\iIqQxQB.exe
  2⤵
  PID:3420
- C:\Windows\System\VYgMqob.exe
  C:\Windows\System\VYgMqob.exe
  2⤵
  PID:3368
- C:\Windows\System\koctKGy.exe
  C:\Windows\System\koctKGy.exe
  2⤵
  PID:3676
- C:\Windows\System\lqqRzZL.exe
  C:\Windows\System\lqqRzZL.exe
  2⤵
  PID:3736
- C:\Windows\System\WeoIBrq.exe
  C:\Windows\System\WeoIBrq.exe
  2⤵
  PID:3692
- C:\Windows\System\gsTHXWC.exe
  C:\Windows\System\gsTHXWC.exe
  2⤵
  PID:3720
- C:\Windows\System\cFZghKY.exe
  C:\Windows\System\cFZghKY.exe
  2⤵
  PID:3748
- C:\Windows\System\BQYTQfr.exe
  C:\Windows\System\BQYTQfr.exe
  2⤵
  PID:3812
- C:\Windows\System\APPDsyf.exe
  C:\Windows\System\APPDsyf.exe
  2⤵
  PID:3888
- C:\Windows\System\HJKspyU.exe
  C:\Windows\System\HJKspyU.exe
  2⤵
  PID:3912
- C:\Windows\System\SvIEdqr.exe
  C:\Windows\System\SvIEdqr.exe
  2⤵
  PID:4040
- C:\Windows\System\asHwlOd.exe
  C:\Windows\System\asHwlOd.exe
  2⤵
  PID:3984
- C:\Windows\System\dqNSRbS.exe
  C:\Windows\System\dqNSRbS.exe
  2⤵
  PID:2180
- C:\Windows\System\KwchDnd.exe
  C:\Windows\System\KwchDnd.exe
  2⤵
  PID:3120
- C:\Windows\System\hdLqvqO.exe
  C:\Windows\System\hdLqvqO.exe
  2⤵
  PID:3272
- C:\Windows\System\NLGlQzy.exe
  C:\Windows\System\NLGlQzy.exe
  2⤵
  PID:2400
- C:\Windows\System\wJuKqys.exe
  C:\Windows\System\wJuKqys.exe
  2⤵
  PID:924
- C:\Windows\System\tEdkRCU.exe
  C:\Windows\System\tEdkRCU.exe
  2⤵
  PID:3096
- C:\Windows\System\FLWYhLX.exe
  C:\Windows\System\FLWYhLX.exe
  2⤵
  PID:3492
- C:\Windows\System\FpSuwbp.exe
  C:\Windows\System\FpSuwbp.exe
  2⤵
  PID:3592
- C:\Windows\System\nNPCumx.exe
  C:\Windows\System\nNPCumx.exe
  2⤵
  PID:3456
- C:\Windows\System\YryaFVG.exe
  C:\Windows\System\YryaFVG.exe
  2⤵
  PID:3688
- C:\Windows\System\XvcEDFr.exe
  C:\Windows\System\XvcEDFr.exe
  2⤵
  PID:3792
- C:\Windows\System\wuurGfe.exe
  C:\Windows\System\wuurGfe.exe
  2⤵
  PID:4008
- C:\Windows\System\xHMrehO.exe
  C:\Windows\System\xHMrehO.exe
  2⤵
  PID:4104
- C:\Windows\System\zvFLXKL.exe
  C:\Windows\System\zvFLXKL.exe
  2⤵
  PID:4120
- C:\Windows\System\bmbErQH.exe
  C:\Windows\System\bmbErQH.exe
  2⤵
  PID:4140
- C:\Windows\System\FTURxAw.exe
  C:\Windows\System\FTURxAw.exe
  2⤵
  PID:4164
- C:\Windows\System\EryUWsD.exe
  C:\Windows\System\EryUWsD.exe
  2⤵
  PID:4192
- C:\Windows\System\PYiBToO.exe
  C:\Windows\System\PYiBToO.exe
  2⤵
  PID:4208
- C:\Windows\System\BnyvuFl.exe
  C:\Windows\System\BnyvuFl.exe
  2⤵
  PID:4224
- C:\Windows\System\gupoZar.exe
  C:\Windows\System\gupoZar.exe
  2⤵
  PID:4240
- C:\Windows\System\QUcDvwk.exe
  C:\Windows\System\QUcDvwk.exe
  2⤵
  PID:4280
- C:\Windows\System\UPNrBwm.exe
  C:\Windows\System\UPNrBwm.exe
  2⤵
  PID:4296
- C:\Windows\System\hOppAaU.exe
  C:\Windows\System\hOppAaU.exe
  2⤵
  PID:4316
- C:\Windows\System\eHhEINc.exe
  C:\Windows\System\eHhEINc.exe
  2⤵
  PID:4336
- C:\Windows\System\cmeKdCo.exe
  C:\Windows\System\cmeKdCo.exe
  2⤵
  PID:4356
- C:\Windows\System\fqZzWMC.exe
  C:\Windows\System\fqZzWMC.exe
  2⤵
  PID:4376
- C:\Windows\System\FNqSOMs.exe
  C:\Windows\System\FNqSOMs.exe
  2⤵
  PID:4400
- C:\Windows\System\euDhiPO.exe
  C:\Windows\System\euDhiPO.exe
  2⤵
  PID:4416
- C:\Windows\System\gkBjESX.exe
  C:\Windows\System\gkBjESX.exe
  2⤵
  PID:4440
- C:\Windows\System\nfqhsuz.exe
  C:\Windows\System\nfqhsuz.exe
  2⤵
  PID:4460
- C:\Windows\System\NfMUvcd.exe
  C:\Windows\System\NfMUvcd.exe
  2⤵
  PID:4480
- C:\Windows\System\yVLSxiF.exe
  C:\Windows\System\yVLSxiF.exe
  2⤵
  PID:4500
- C:\Windows\System\txNiJWk.exe
  C:\Windows\System\txNiJWk.exe
  2⤵
  PID:4520
- C:\Windows\System\WgBVkpx.exe
  C:\Windows\System\WgBVkpx.exe
  2⤵
  PID:4536
- C:\Windows\System\rlVcZLP.exe
  C:\Windows\System\rlVcZLP.exe
  2⤵
  PID:4556
- C:\Windows\System\IMkRmIo.exe
  C:\Windows\System\IMkRmIo.exe
  2⤵
  PID:4576
- C:\Windows\System\QSemOOT.exe
  C:\Windows\System\QSemOOT.exe
  2⤵
  PID:4600
- C:\Windows\System\scFFYrY.exe
  C:\Windows\System\scFFYrY.exe
  2⤵
  PID:4620
- C:\Windows\System\KUzGqUp.exe
  C:\Windows\System\KUzGqUp.exe
  2⤵
  PID:4640
- C:\Windows\System\OLMlJXz.exe
  C:\Windows\System\OLMlJXz.exe
  2⤵
  PID:4660
- C:\Windows\System\TTxVoKE.exe
  C:\Windows\System\TTxVoKE.exe
  2⤵
  PID:4680
- C:\Windows\System\wiWPRQH.exe
  C:\Windows\System\wiWPRQH.exe
  2⤵
  PID:4696
- C:\Windows\System\rnDsuXm.exe
  C:\Windows\System\rnDsuXm.exe
  2⤵
  PID:4712
- C:\Windows\System\UAJAUKE.exe
  C:\Windows\System\UAJAUKE.exe
  2⤵
  PID:4732
- C:\Windows\System\ACUcizm.exe
  C:\Windows\System\ACUcizm.exe
  2⤵
  PID:4756
- C:\Windows\System\SMXsawX.exe
  C:\Windows\System\SMXsawX.exe
  2⤵
  PID:4776
- C:\Windows\System\eeIHUur.exe
  C:\Windows\System\eeIHUur.exe
  2⤵
  PID:4796
- C:\Windows\System\TZmlffE.exe
  C:\Windows\System\TZmlffE.exe
  2⤵
  PID:4816
- C:\Windows\System\lzcaLYm.exe
  C:\Windows\System\lzcaLYm.exe
  2⤵
  PID:4840
- C:\Windows\System\FWcZvGZ.exe
  C:\Windows\System\FWcZvGZ.exe
  2⤵
  PID:4856
- C:\Windows\System\gvfuwaD.exe
  C:\Windows\System\gvfuwaD.exe
  2⤵
  PID:4876
- C:\Windows\System\ShghPcg.exe
  C:\Windows\System\ShghPcg.exe
  2⤵
  PID:4900
- C:\Windows\System\zHnxDNY.exe
  C:\Windows\System\zHnxDNY.exe
  2⤵
  PID:4920
- C:\Windows\System\GcLOzGH.exe
  C:\Windows\System\GcLOzGH.exe
  2⤵
  PID:4940
- C:\Windows\System\opSQnkg.exe
  C:\Windows\System\opSQnkg.exe
  2⤵
  PID:4960
- C:\Windows\System\QGDqrOG.exe
  C:\Windows\System\QGDqrOG.exe
  2⤵
  PID:4980
- C:\Windows\System\LyRCGUC.exe
  C:\Windows\System\LyRCGUC.exe
  2⤵
  PID:5000
- C:\Windows\System\riqsiOX.exe
  C:\Windows\System\riqsiOX.exe
  2⤵
  PID:5016
- C:\Windows\System\zhzXTMD.exe
  C:\Windows\System\zhzXTMD.exe
  2⤵
  PID:5040
- C:\Windows\System\JQLTUWz.exe
  C:\Windows\System\JQLTUWz.exe
  2⤵
  PID:5060
- C:\Windows\System\vDUxgQB.exe
  C:\Windows\System\vDUxgQB.exe
  2⤵
  PID:5080
- C:\Windows\System\oqiWpNX.exe
  C:\Windows\System\oqiWpNX.exe
  2⤵
  PID:5096
- C:\Windows\System\yuclJkn.exe
  C:\Windows\System\yuclJkn.exe
  2⤵
  PID:5116
- C:\Windows\System\QVZkILy.exe
  C:\Windows\System\QVZkILy.exe
  2⤵
  PID:4088
- C:\Windows\System\TIGSsEE.exe
  C:\Windows\System\TIGSsEE.exe
  2⤵
  PID:4044
- C:\Windows\System\VuKMWfQ.exe
  C:\Windows\System\VuKMWfQ.exe
  2⤵
  PID:4084
- C:\Windows\System\NQQfzOS.exe
  C:\Windows\System\NQQfzOS.exe
  2⤵
  PID:836
- C:\Windows\System\WSxYJtJ.exe
  C:\Windows\System\WSxYJtJ.exe
  2⤵
  PID:3292
- C:\Windows\System\orRhbNm.exe
  C:\Windows\System\orRhbNm.exe
  2⤵
  PID:3132
- C:\Windows\System\HtgNfwU.exe
  C:\Windows\System\HtgNfwU.exe
  2⤵
  PID:3488
- C:\Windows\System\SzbkDtS.exe
  C:\Windows\System\SzbkDtS.exe
  2⤵
  PID:3548
- C:\Windows\System\uMIHmpF.exe
  C:\Windows\System\uMIHmpF.exe
  2⤵
  PID:4100
- C:\Windows\System\WKifKWb.exe
  C:\Windows\System\WKifKWb.exe
  2⤵
  PID:3832
- C:\Windows\System\yyDzYqz.exe
  C:\Windows\System\yyDzYqz.exe
  2⤵
  PID:4180
- C:\Windows\System\QCYckqM.exe
  C:\Windows\System\QCYckqM.exe
  2⤵
  PID:4152
- C:\Windows\System\QIcWumq.exe
  C:\Windows\System\QIcWumq.exe
  2⤵
  PID:4200
- C:\Windows\System\MXQQnJP.exe
  C:\Windows\System\MXQQnJP.exe
  2⤵
  PID:4268
- C:\Windows\System\cpcDsUN.exe
  C:\Windows\System\cpcDsUN.exe
  2⤵
  PID:4288
- C:\Windows\System\HrCSkvZ.exe
  C:\Windows\System\HrCSkvZ.exe
  2⤵
  PID:4344
- C:\Windows\System\hDMXvqY.exe
  C:\Windows\System\hDMXvqY.exe
  2⤵
  PID:4332
- C:\Windows\System\yGKcQBd.exe
  C:\Windows\System\yGKcQBd.exe
  2⤵
  PID:4388
- C:\Windows\System\wPiLZnM.exe
  C:\Windows\System\wPiLZnM.exe
  2⤵
  PID:4408
- C:\Windows\System\TMMsMqv.exe
  C:\Windows\System\TMMsMqv.exe
  2⤵
  PID:4472
- C:\Windows\System\VnUoXpi.exe
  C:\Windows\System\VnUoXpi.exe
  2⤵
  PID:4452
- C:\Windows\System\FcPBaqD.exe
  C:\Windows\System\FcPBaqD.exe
  2⤵
  PID:4552
- C:\Windows\System\arJGLcF.exe
  C:\Windows\System\arJGLcF.exe
  2⤵
  PID:4588
- C:\Windows\System\ZvEMwDh.exe
  C:\Windows\System\ZvEMwDh.exe
  2⤵
  PID:4564
- C:\Windows\System\fqykzmw.exe
  C:\Windows\System\fqykzmw.exe
  2⤵
  PID:4636
- C:\Windows\System\ICczGbG.exe
  C:\Windows\System\ICczGbG.exe
  2⤵
  PID:4704
- C:\Windows\System\KdzyjnE.exe
  C:\Windows\System\KdzyjnE.exe
  2⤵
  PID:4752
- C:\Windows\System\MGSicUJ.exe
  C:\Windows\System\MGSicUJ.exe
  2⤵
  PID:4656
- C:\Windows\System\TfZfdZD.exe
  C:\Windows\System\TfZfdZD.exe
  2⤵
  PID:4728
- C:\Windows\System\OyewkPO.exe
  C:\Windows\System\OyewkPO.exe
  2⤵
  PID:4832
- C:\Windows\System\yzKqAoj.exe
  C:\Windows\System\yzKqAoj.exe
  2⤵
  PID:4828
- C:\Windows\System\uLoUBNd.exe
  C:\Windows\System\uLoUBNd.exe
  2⤵
  PID:4804
- C:\Windows\System\HCjHVgt.exe
  C:\Windows\System\HCjHVgt.exe
  2⤵
  PID:4884
- C:\Windows\System\cYmABhf.exe
  C:\Windows\System\cYmABhf.exe
  2⤵
  PID:4916
- C:\Windows\System\vdVzLlj.exe
  C:\Windows\System\vdVzLlj.exe
  2⤵
  PID:4988
- C:\Windows\System\ePGrPfQ.exe
  C:\Windows\System\ePGrPfQ.exe
  2⤵
  PID:4968
- C:\Windows\System\PiVADat.exe
  C:\Windows\System\PiVADat.exe
  2⤵
  PID:5024
- C:\Windows\System\sZnSFqt.exe
  C:\Windows\System\sZnSFqt.exe
  2⤵
  PID:5048
- C:\Windows\System\ayxcznH.exe
  C:\Windows\System\ayxcznH.exe
  2⤵
  PID:5012
- C:\Windows\System\mIySsPy.exe
  C:\Windows\System\mIySsPy.exe
  2⤵
  PID:3788
- C:\Windows\System\YYOOCpt.exe
  C:\Windows\System\YYOOCpt.exe
  2⤵
  PID:2276
- C:\Windows\System\dvZJQWQ.exe
  C:\Windows\System\dvZJQWQ.exe
  2⤵
  PID:3784
- C:\Windows\System\TTKzqDI.exe
  C:\Windows\System\TTKzqDI.exe
  2⤵
  PID:3588
- C:\Windows\System\AHtFYZb.exe
  C:\Windows\System\AHtFYZb.exe
  2⤵
  PID:3640
- C:\Windows\System\QnqJWQs.exe
  C:\Windows\System\QnqJWQs.exe
  2⤵
  PID:3656
- C:\Windows\System\SRkPWqF.exe
  C:\Windows\System\SRkPWqF.exe
  2⤵
  PID:3724
- C:\Windows\System\JYuUaxq.exe
  C:\Windows\System\JYuUaxq.exe
  2⤵
  PID:4148
- C:\Windows\System\iEjHiru.exe
  C:\Windows\System\iEjHiru.exe
  2⤵
  PID:4264
- C:\Windows\System\vJwTebH.exe
  C:\Windows\System\vJwTebH.exe
  2⤵
  PID:4248
- C:\Windows\System\PsnQLPg.exe
  C:\Windows\System\PsnQLPg.exe
  2⤵
  PID:4384
- C:\Windows\System\dIRLcuQ.exe
  C:\Windows\System\dIRLcuQ.exe
  2⤵
  PID:4432
- C:\Windows\System\gaeqRXu.exe
  C:\Windows\System\gaeqRXu.exe
  2⤵
  PID:4424
- C:\Windows\System\imNZlzJ.exe
  C:\Windows\System\imNZlzJ.exe
  2⤵
  PID:4456
- C:\Windows\System\FTEVvEf.exe
  C:\Windows\System\FTEVvEf.exe
  2⤵
  PID:4528
- C:\Windows\System\bFtedIN.exe
  C:\Windows\System\bFtedIN.exe
  2⤵
  PID:4676
- C:\Windows\System\bJejXmj.exe
  C:\Windows\System\bJejXmj.exe
  2⤵
  PID:4748
- C:\Windows\System\aUBZUin.exe
  C:\Windows\System\aUBZUin.exe
  2⤵
  PID:4872
- C:\Windows\System\eVQfrly.exe
  C:\Windows\System\eVQfrly.exe
  2⤵
  PID:4612
- C:\Windows\System\XGvKgYC.exe
  C:\Windows\System\XGvKgYC.exe
  2⤵
  PID:4724
- C:\Windows\System\NHNMyqs.exe
  C:\Windows\System\NHNMyqs.exe
  2⤵
  PID:4932
- C:\Windows\System\zfpmwvI.exe
  C:\Windows\System\zfpmwvI.exe
  2⤵
  PID:4812
- C:\Windows\System\DFxtjAe.exe
  C:\Windows\System\DFxtjAe.exe
  2⤵
  PID:5028
- C:\Windows\System\dNCyMeI.exe
  C:\Windows\System\dNCyMeI.exe
  2⤵
  PID:5072
- C:\Windows\System\UskHuPL.exe
  C:\Windows\System\UskHuPL.exe
  2⤵
  PID:2820
- C:\Windows\System\lOzesKi.exe
  C:\Windows\System\lOzesKi.exe
  2⤵
  PID:3276
- C:\Windows\System\bcClRGo.exe
  C:\Windows\System\bcClRGo.exe
  2⤵
  PID:3384
- C:\Windows\System\pPCGInQ.exe
  C:\Windows\System\pPCGInQ.exe
  2⤵
  PID:3388
- C:\Windows\System\doGKUaJ.exe
  C:\Windows\System\doGKUaJ.exe
  2⤵
  PID:616
- C:\Windows\System\wzHndDs.exe
  C:\Windows\System\wzHndDs.exe
  2⤵
  PID:4176
- C:\Windows\System\cjklDGP.exe
  C:\Windows\System\cjklDGP.exe
  2⤵
  PID:4260
- C:\Windows\System\lfiRrpO.exe
  C:\Windows\System\lfiRrpO.exe
  2⤵
  PID:1764
- C:\Windows\System\JLPYkIJ.exe
  C:\Windows\System\JLPYkIJ.exe
  2⤵
  PID:4436
- C:\Windows\System\SfTTSyY.exe
  C:\Windows\System\SfTTSyY.exe
  2⤵
  PID:4740
- C:\Windows\System\DWzouzR.exe
  C:\Windows\System\DWzouzR.exe
  2⤵
  PID:4868
- C:\Windows\System\iEzVybA.exe
  C:\Windows\System\iEzVybA.exe
  2⤵
  PID:4572
- C:\Windows\System\CmMzHlM.exe
  C:\Windows\System\CmMzHlM.exe
  2⤵
  PID:5132
- C:\Windows\System\hloiGnC.exe
  C:\Windows\System\hloiGnC.exe
  2⤵
  PID:5152
- C:\Windows\System\QtEuiQT.exe
  C:\Windows\System\QtEuiQT.exe
  2⤵
  PID:5172
- C:\Windows\System\RDLuXMm.exe
  C:\Windows\System\RDLuXMm.exe
  2⤵
  PID:5192
- C:\Windows\System\oyULUiJ.exe
  C:\Windows\System\oyULUiJ.exe
  2⤵
  PID:5208
- C:\Windows\System\xQcGerS.exe
  C:\Windows\System\xQcGerS.exe
  2⤵
  PID:5228
- C:\Windows\System\pAccSPD.exe
  C:\Windows\System\pAccSPD.exe
  2⤵
  PID:5256
- C:\Windows\System\GIYkWvK.exe
  C:\Windows\System\GIYkWvK.exe
  2⤵
  PID:5276
- C:\Windows\System\Fqzbsbf.exe
  C:\Windows\System\Fqzbsbf.exe
  2⤵
  PID:5296
- C:\Windows\System\MwuMQMV.exe
  C:\Windows\System\MwuMQMV.exe
  2⤵
  PID:5312
- C:\Windows\System\CALRqzI.exe
  C:\Windows\System\CALRqzI.exe
  2⤵
  PID:5336
- C:\Windows\System\LBiregm.exe
  C:\Windows\System\LBiregm.exe
  2⤵
  PID:5356
- C:\Windows\System\GLxngyS.exe
  C:\Windows\System\GLxngyS.exe
  2⤵
  PID:5376
- C:\Windows\System\fiMuHGf.exe
  C:\Windows\System\fiMuHGf.exe
  2⤵
  PID:5396
- C:\Windows\System\axJJWeA.exe
  C:\Windows\System\axJJWeA.exe
  2⤵
  PID:5416
- C:\Windows\System\TvXOfLb.exe
  C:\Windows\System\TvXOfLb.exe
  2⤵
  PID:5436
- C:\Windows\System\iXPgALS.exe
  C:\Windows\System\iXPgALS.exe
  2⤵
  PID:5456
- C:\Windows\System\uAasfEw.exe
  C:\Windows\System\uAasfEw.exe
  2⤵
  PID:5476
- C:\Windows\System\rCvPVrI.exe
  C:\Windows\System\rCvPVrI.exe
  2⤵
  PID:5496
- C:\Windows\System\FHaFlZy.exe
  C:\Windows\System\FHaFlZy.exe
  2⤵
  PID:5512
- C:\Windows\System\RPjjLzV.exe
  C:\Windows\System\RPjjLzV.exe
  2⤵
  PID:5532
- C:\Windows\System\IsACqpN.exe
  C:\Windows\System\IsACqpN.exe
  2⤵
  PID:5552
- C:\Windows\System\EKVKlyC.exe
  C:\Windows\System\EKVKlyC.exe
  2⤵
  PID:5568
- C:\Windows\System\OuryZiZ.exe
  C:\Windows\System\OuryZiZ.exe
  2⤵
  PID:5584
- C:\Windows\System\PJYVEic.exe
  C:\Windows\System\PJYVEic.exe
  2⤵
  PID:5604
- C:\Windows\System\ITULYhD.exe
  C:\Windows\System\ITULYhD.exe
  2⤵
  PID:5624
- C:\Windows\System\sNRohFN.exe
  C:\Windows\System\sNRohFN.exe
  2⤵
  PID:5652
- C:\Windows\System\QBHVfaN.exe
  C:\Windows\System\QBHVfaN.exe
  2⤵
  PID:5668
- C:\Windows\System\QDPiNzb.exe
  C:\Windows\System\QDPiNzb.exe
  2⤵
  PID:5692
- C:\Windows\System\OWyZlhB.exe
  C:\Windows\System\OWyZlhB.exe
  2⤵
  PID:5708
- C:\Windows\System\RnbCXoJ.exe
  C:\Windows\System\RnbCXoJ.exe
  2⤵
  PID:5724
- C:\Windows\System\DblWCzO.exe
  C:\Windows\System\DblWCzO.exe
  2⤵
  PID:5744
- C:\Windows\System\BocFMye.exe
  C:\Windows\System\BocFMye.exe
  2⤵
  PID:5768
- C:\Windows\System\CFirgXd.exe
  C:\Windows\System\CFirgXd.exe
  2⤵
  PID:5796
- C:\Windows\System\veBYHhu.exe
  C:\Windows\System\veBYHhu.exe
  2⤵
  PID:5816
- C:\Windows\System\nVGdvNt.exe
  C:\Windows\System\nVGdvNt.exe
  2⤵
  PID:5832
- C:\Windows\System\UeAvwxG.exe
  C:\Windows\System\UeAvwxG.exe
  2⤵
  PID:5856
- C:\Windows\System\jPrMnuN.exe
  C:\Windows\System\jPrMnuN.exe
  2⤵
  PID:5876
- C:\Windows\System\zYBeuki.exe
  C:\Windows\System\zYBeuki.exe
  2⤵
  PID:5896
- C:\Windows\System\mQUUSzN.exe
  C:\Windows\System\mQUUSzN.exe
  2⤵
  PID:5912
- C:\Windows\System\rTRczPU.exe
  C:\Windows\System\rTRczPU.exe
  2⤵
  PID:5936
- C:\Windows\System\jOTBWEj.exe
  C:\Windows\System\jOTBWEj.exe
  2⤵
  PID:5956
- C:\Windows\System\hYuGwPs.exe
  C:\Windows\System\hYuGwPs.exe
  2⤵
  PID:5976
- C:\Windows\System\kDBllMt.exe
  C:\Windows\System\kDBllMt.exe
  2⤵
  PID:5996
- C:\Windows\System\HxVijJu.exe
  C:\Windows\System\HxVijJu.exe
  2⤵
  PID:6016
- C:\Windows\System\USkGDWX.exe
  C:\Windows\System\USkGDWX.exe
  2⤵
  PID:6032
- C:\Windows\System\uEOdDgT.exe
  C:\Windows\System\uEOdDgT.exe
  2⤵
  PID:6056
- C:\Windows\System\kSTDaac.exe
  C:\Windows\System\kSTDaac.exe
  2⤵
  PID:6076
- C:\Windows\System\rdMqjbI.exe
  C:\Windows\System\rdMqjbI.exe
  2⤵
  PID:6096
- C:\Windows\System\vtZWktG.exe
  C:\Windows\System\vtZWktG.exe
  2⤵
  PID:6112
- C:\Windows\System\SLXjnzZ.exe
  C:\Windows\System\SLXjnzZ.exe
  2⤵
  PID:6136
- C:\Windows\System\yYPcbfM.exe
  C:\Windows\System\yYPcbfM.exe
  2⤵
  PID:4848
- C:\Windows\System\XFpFtfM.exe
  C:\Windows\System\XFpFtfM.exe
  2⤵
  PID:4692
- C:\Windows\System\JtijeFF.exe
  C:\Windows\System\JtijeFF.exe
  2⤵
  PID:4232
- C:\Windows\System\woJJTlH.exe
  C:\Windows\System\woJJTlH.exe
  2⤵
  PID:4236
- C:\Windows\System\amxJmZN.exe
  C:\Windows\System\amxJmZN.exe
  2⤵
  PID:4992
- C:\Windows\System\ctomXFK.exe
  C:\Windows\System\ctomXFK.exe
  2⤵
  PID:4160
- C:\Windows\System\cIXfyKM.exe
  C:\Windows\System\cIXfyKM.exe
  2⤵
  PID:5104
- C:\Windows\System\YbxoMjT.exe
  C:\Windows\System\YbxoMjT.exe
  2⤵
  PID:4652
- C:\Windows\System\XvCnIOT.exe
  C:\Windows\System\XvCnIOT.exe
  2⤵
  PID:4312
- C:\Windows\System\ZlBsNll.exe
  C:\Windows\System\ZlBsNll.exe
  2⤵
  PID:4596
- C:\Windows\System\ucfsjCR.exe
  C:\Windows\System\ucfsjCR.exe
  2⤵
  PID:5168
- C:\Windows\System\CWSINBs.exe
  C:\Windows\System\CWSINBs.exe
  2⤵
  PID:5140
- C:\Windows\System\TWNuoWG.exe
  C:\Windows\System\TWNuoWG.exe
  2⤵
  PID:5216
- C:\Windows\System\WEpzrTy.exe
  C:\Windows\System\WEpzrTy.exe
  2⤵
  PID:5224
- C:\Windows\System\cJbdGRb.exe
  C:\Windows\System\cJbdGRb.exe
  2⤵
  PID:5284
- C:\Windows\System\zohOKKO.exe
  C:\Windows\System\zohOKKO.exe
  2⤵
  PID:5324
- C:\Windows\System\FXnuLIK.exe
  C:\Windows\System\FXnuLIK.exe
  2⤵
  PID:5308
- C:\Windows\System\rNFpMuJ.exe
  C:\Windows\System\rNFpMuJ.exe
  2⤵
  PID:5348
- C:\Windows\System\BWFUscD.exe
  C:\Windows\System\BWFUscD.exe
  2⤵
  PID:5408
- C:\Windows\System\FuRYDLu.exe
  C:\Windows\System\FuRYDLu.exe
  2⤵
  PID:5388
- C:\Windows\System\CdxOnIF.exe
  C:\Windows\System\CdxOnIF.exe
  2⤵
  PID:5484
- C:\Windows\System\SxaFtuu.exe
  C:\Windows\System\SxaFtuu.exe
  2⤵
  PID:5488
- C:\Windows\System\wLCUSlC.exe
  C:\Windows\System\wLCUSlC.exe
  2⤵
  PID:5560
- C:\Windows\System\Pijndgd.exe
  C:\Windows\System\Pijndgd.exe
  2⤵
  PID:5504
- C:\Windows\System\DUoajCW.exe
  C:\Windows\System\DUoajCW.exe
  2⤵
  PID:5576
- C:\Windows\System\hGpTgOY.exe
  C:\Windows\System\hGpTgOY.exe
  2⤵
  PID:5644
- C:\Windows\System\fDLOplk.exe
  C:\Windows\System\fDLOplk.exe
  2⤵
  PID:5676
- C:\Windows\System\VTQDOdw.exe
  C:\Windows\System\VTQDOdw.exe
  2⤵
  PID:5720
- C:\Windows\System\KwGBPMu.exe
  C:\Windows\System\KwGBPMu.exe
  2⤵
  PID:5704
- C:\Windows\System\zaMsyxp.exe
  C:\Windows\System\zaMsyxp.exe
  2⤵
  PID:5764
- C:\Windows\System\ivWSwcK.exe
  C:\Windows\System\ivWSwcK.exe
  2⤵
  PID:5788
- C:\Windows\System\wHJkgiQ.exe
  C:\Windows\System\wHJkgiQ.exe
  2⤵
  PID:5808
- C:\Windows\System\PNDzgFr.exe
  C:\Windows\System\PNDzgFr.exe
  2⤵
  PID:5844
- C:\Windows\System\hiIfthu.exe
  C:\Windows\System\hiIfthu.exe
  2⤵
  PID:5872
- C:\Windows\System\RgBvspy.exe
  C:\Windows\System\RgBvspy.exe
  2⤵
  PID:5928
- C:\Windows\System\eLHYIsH.exe
  C:\Windows\System\eLHYIsH.exe
  2⤵
  PID:5944
- C:\Windows\System\SVnFjBE.exe
  C:\Windows\System\SVnFjBE.exe
  2⤵
  PID:6004
- C:\Windows\System\oxvBdNX.exe
  C:\Windows\System\oxvBdNX.exe
  2⤵
  PID:6024
- C:\Windows\System\TzpzQVB.exe
  C:\Windows\System\TzpzQVB.exe
  2⤵
  PID:6084
- C:\Windows\System\IyvIPXA.exe
  C:\Windows\System\IyvIPXA.exe
  2⤵
  PID:6120
- C:\Windows\System\WxRjRUd.exe
  C:\Windows\System\WxRjRUd.exe
  2⤵
  PID:4788
- C:\Windows\System\bBimawF.exe
  C:\Windows\System\bBimawF.exe
  2⤵
  PID:3968
- C:\Windows\System\IuaRlVE.exe
  C:\Windows\System\IuaRlVE.exe
  2⤵
  PID:3716
- C:\Windows\System\jOobizL.exe
  C:\Windows\System\jOobizL.exe
  2⤵
  PID:3232
- C:\Windows\System\VqTKxQc.exe
  C:\Windows\System\VqTKxQc.exe
  2⤵
  PID:3016
- C:\Windows\System\lyHudds.exe
  C:\Windows\System\lyHudds.exe
  2⤵
  PID:2052
- C:\Windows\System\aTYVxEa.exe
  C:\Windows\System\aTYVxEa.exe
  2⤵
  PID:5204
- C:\Windows\System\vbCQvDm.exe
  C:\Windows\System\vbCQvDm.exe
  2⤵
  PID:5128
- C:\Windows\System\VfGtSsO.exe
  C:\Windows\System\VfGtSsO.exe
  2⤵
  PID:5320
- C:\Windows\System\EyQDiAO.exe
  C:\Windows\System\EyQDiAO.exe
  2⤵
  PID:5368
- C:\Windows\System\qhCbRgR.exe
  C:\Windows\System\qhCbRgR.exe
  2⤵
  PID:5468
- C:\Windows\System\gDBwtOK.exe
  C:\Windows\System\gDBwtOK.exe
  2⤵
  PID:5188
- C:\Windows\System\RxnmrIC.exe
  C:\Windows\System\RxnmrIC.exe
  2⤵
  PID:5252
- C:\Windows\System\SVUFUGR.exe
  C:\Windows\System\SVUFUGR.exe
  2⤵
  PID:5640
- C:\Windows\System\rlJyfRB.exe
  C:\Windows\System\rlJyfRB.exe
  2⤵
  PID:5404
- C:\Windows\System\OCxlUlz.exe
  C:\Windows\System\OCxlUlz.exe
  2⤵
  PID:5392
- C:\Windows\System\YXRJjsk.exe
  C:\Windows\System\YXRJjsk.exe
  2⤵
  PID:5760
- C:\Windows\System\UwGdfpz.exe
  C:\Windows\System\UwGdfpz.exe
  2⤵
  PID:5544
- C:\Windows\System\amzJQpd.exe
  C:\Windows\System\amzJQpd.exe
  2⤵
  PID:5540
- C:\Windows\System\UdTHvgx.exe
  C:\Windows\System\UdTHvgx.exe
  2⤵
  PID:5732
- C:\Windows\System\bFhRQes.exe
  C:\Windows\System\bFhRQes.exe
  2⤵
  PID:5784
- C:\Windows\System\sMLfuuK.exe
  C:\Windows\System\sMLfuuK.exe
  2⤵
  PID:5920
- C:\Windows\System\MyEmrrd.exe
  C:\Windows\System\MyEmrrd.exe
  2⤵
  PID:5948
- C:\Windows\System\cbqKlea.exe
  C:\Windows\System\cbqKlea.exe
  2⤵
  PID:5988
- C:\Windows\System\KYIlxPz.exe
  C:\Windows\System\KYIlxPz.exe
  2⤵
  PID:6068
- C:\Windows\System\cpOXxph.exe
  C:\Windows\System\cpOXxph.exe
  2⤵
  PID:6108
- C:\Windows\System\CRhBVjG.exe
  C:\Windows\System\CRhBVjG.exe
  2⤵
  PID:5088
- C:\Windows\System\rfmaYVI.exe
  C:\Windows\System\rfmaYVI.exe
  2⤵
  PID:4024
- C:\Windows\System\JJzoQgS.exe
  C:\Windows\System\JJzoQgS.exe
  2⤵
  PID:4972
- C:\Windows\System\DALBTHC.exe
  C:\Windows\System\DALBTHC.exe
  2⤵
  PID:5124
- C:\Windows\System\VMqWazJ.exe
  C:\Windows\System\VMqWazJ.exe
  2⤵
  PID:5328
- C:\Windows\System\HpJximR.exe
  C:\Windows\System\HpJximR.exe
  2⤵
  PID:5148
- C:\Windows\System\wwejHRb.exe
  C:\Windows\System\wwejHRb.exe
  2⤵
  PID:2772
- C:\Windows\System\HaKYyjt.exe
  C:\Windows\System\HaKYyjt.exe
  2⤵
  PID:5304
- C:\Windows\System\tHjYuit.exe
  C:\Windows\System\tHjYuit.exe
  2⤵
  PID:5740
- C:\Windows\System\fowZwYs.exe
  C:\Windows\System\fowZwYs.exe
  2⤵
  PID:5524
- C:\Windows\System\RqGsCSt.exe
  C:\Windows\System\RqGsCSt.exe
  2⤵
  PID:5864
- C:\Windows\System\jmDtFpb.exe
  C:\Windows\System\jmDtFpb.exe
  2⤵
  PID:5780
- C:\Windows\System\tcARNsp.exe
  C:\Windows\System\tcARNsp.exe
  2⤵
  PID:5904
- C:\Windows\System\VgPhowX.exe
  C:\Windows\System\VgPhowX.exe
  2⤵
  PID:6040
- C:\Windows\System\lzLZFCA.exe
  C:\Windows\System\lzLZFCA.exe
  2⤵
  PID:6160
- C:\Windows\System\rIILTYh.exe
  C:\Windows\System\rIILTYh.exe
  2⤵
  PID:6184
- C:\Windows\System\AxeErXP.exe
  C:\Windows\System\AxeErXP.exe
  2⤵
  PID:6204
- C:\Windows\System\YyxQAPq.exe
  C:\Windows\System\YyxQAPq.exe
  2⤵
  PID:6224
- C:\Windows\System\IklMIvU.exe
  C:\Windows\System\IklMIvU.exe
  2⤵
  PID:6244
- C:\Windows\System\HCGMwVU.exe
  C:\Windows\System\HCGMwVU.exe
  2⤵
  PID:6264
- C:\Windows\System\KuEBOXu.exe
  C:\Windows\System\KuEBOXu.exe
  2⤵
  PID:6284
- C:\Windows\System\XNgMhvw.exe
  C:\Windows\System\XNgMhvw.exe
  2⤵
  PID:6304
- C:\Windows\System\LALAFPE.exe
  C:\Windows\System\LALAFPE.exe
  2⤵
  PID:6324
- C:\Windows\System\RVYGIna.exe
  C:\Windows\System\RVYGIna.exe
  2⤵
  PID:6344
- C:\Windows\System\SuOQwQX.exe
  C:\Windows\System\SuOQwQX.exe
  2⤵
  PID:6364
- C:\Windows\System\SYWZWuM.exe
  C:\Windows\System\SYWZWuM.exe
  2⤵
  PID:6384
- C:\Windows\System\ecPpaKS.exe
  C:\Windows\System\ecPpaKS.exe
  2⤵
  PID:6404
- C:\Windows\System\lWuqKWz.exe
  C:\Windows\System\lWuqKWz.exe
  2⤵
  PID:6424
- C:\Windows\System\ICIQdZZ.exe
  C:\Windows\System\ICIQdZZ.exe
  2⤵
  PID:6444
- C:\Windows\System\cSgTYkj.exe
  C:\Windows\System\cSgTYkj.exe
  2⤵
  PID:6464
- C:\Windows\System\JkVKsVH.exe
  C:\Windows\System\JkVKsVH.exe
  2⤵
  PID:6484
- C:\Windows\System\TgoLGRM.exe
  C:\Windows\System\TgoLGRM.exe
  2⤵
  PID:6504
- C:\Windows\System\VkGfBVz.exe
  C:\Windows\System\VkGfBVz.exe
  2⤵
  PID:6524
- C:\Windows\System\qXLGTLb.exe
  C:\Windows\System\qXLGTLb.exe
  2⤵
  PID:6544
- C:\Windows\System\wPWcpgw.exe
  C:\Windows\System\wPWcpgw.exe
  2⤵
  PID:6564
- C:\Windows\System\VWOrtys.exe
  C:\Windows\System\VWOrtys.exe
  2⤵
  PID:6584
- C:\Windows\System\XHqaEGQ.exe
  C:\Windows\System\XHqaEGQ.exe
  2⤵
  PID:6604
- C:\Windows\System\bgrOKsu.exe
  C:\Windows\System\bgrOKsu.exe
  2⤵
  PID:6624
- C:\Windows\System\vjjkxNt.exe
  C:\Windows\System\vjjkxNt.exe
  2⤵
  PID:6644
- C:\Windows\System\wqpSeeo.exe
  C:\Windows\System\wqpSeeo.exe
  2⤵
  PID:6664
- C:\Windows\System\daaAnEN.exe
  C:\Windows\System\daaAnEN.exe
  2⤵
  PID:6684
- C:\Windows\System\mQTwFOt.exe
  C:\Windows\System\mQTwFOt.exe
  2⤵
  PID:6704
- C:\Windows\System\gEfJRXH.exe
  C:\Windows\System\gEfJRXH.exe
  2⤵
  PID:6728
- C:\Windows\System\OxbRQxI.exe
  C:\Windows\System\OxbRQxI.exe
  2⤵
  PID:6748
- C:\Windows\System\QrpXihY.exe
  C:\Windows\System\QrpXihY.exe
  2⤵
  PID:6768
- C:\Windows\System\ESQJHwx.exe
  C:\Windows\System\ESQJHwx.exe
  2⤵
  PID:6788
- C:\Windows\System\LrXDbOF.exe
  C:\Windows\System\LrXDbOF.exe
  2⤵
  PID:6808
- C:\Windows\System\duWHTEn.exe
  C:\Windows\System\duWHTEn.exe
  2⤵
  PID:6832
- C:\Windows\System\ZBGsdds.exe
  C:\Windows\System\ZBGsdds.exe
  2⤵
  PID:6852
- C:\Windows\System\PRcuQiu.exe
  C:\Windows\System\PRcuQiu.exe
  2⤵
  PID:6872
- C:\Windows\System\NQXsjHM.exe
  C:\Windows\System\NQXsjHM.exe
  2⤵
  PID:6892
- C:\Windows\System\NYdHFwH.exe
  C:\Windows\System\NYdHFwH.exe
  2⤵
  PID:6912
- C:\Windows\System\frpCoXx.exe
  C:\Windows\System\frpCoXx.exe
  2⤵
  PID:6932
- C:\Windows\System\SagnkWq.exe
  C:\Windows\System\SagnkWq.exe
  2⤵
  PID:6952
- C:\Windows\System\oDuzWXe.exe
  C:\Windows\System\oDuzWXe.exe
  2⤵
  PID:6972
- C:\Windows\System\QpipCTX.exe
  C:\Windows\System\QpipCTX.exe
  2⤵
  PID:6992
- C:\Windows\System\TzaHWSK.exe
  C:\Windows\System\TzaHWSK.exe
  2⤵
  PID:7012
- C:\Windows\System\AqyZqdf.exe
  C:\Windows\System\AqyZqdf.exe
  2⤵
  PID:7032
- C:\Windows\System\sueKtzI.exe
  C:\Windows\System\sueKtzI.exe
  2⤵
  PID:7052
- C:\Windows\System\NlfyeVv.exe
  C:\Windows\System\NlfyeVv.exe
  2⤵
  PID:7072
- C:\Windows\System\SnZFCDQ.exe
  C:\Windows\System\SnZFCDQ.exe
  2⤵
  PID:7096
- C:\Windows\System\XYhFggf.exe
  C:\Windows\System\XYhFggf.exe
  2⤵
  PID:7116
- C:\Windows\System\tKePgKE.exe
  C:\Windows\System\tKePgKE.exe
  2⤵
  PID:7132
- C:\Windows\System\HNppwbD.exe
  C:\Windows\System\HNppwbD.exe
  2⤵
  PID:7152
- C:\Windows\System\addNnQN.exe
  C:\Windows\System\addNnQN.exe
  2⤵
  PID:6088
- C:\Windows\System\AVWytLF.exe
  C:\Windows\System\AVWytLF.exe
  2⤵
  PID:4952
- C:\Windows\System\yHkTeJY.exe
  C:\Windows\System\yHkTeJY.exe
  2⤵
  PID:4492
- C:\Windows\System\unDLNnF.exe
  C:\Windows\System\unDLNnF.exe
  2⤵
  PID:5372
- C:\Windows\System\xnoyVlq.exe
  C:\Windows\System\xnoyVlq.exe
  2⤵
  PID:5160
- C:\Windows\System\SvDYutu.exe
  C:\Windows\System\SvDYutu.exe
  2⤵
  PID:5600
- C:\Windows\System\tCzlwcG.exe
  C:\Windows\System\tCzlwcG.exe
  2⤵
  PID:5432
- C:\Windows\System\rPuMWKC.exe
  C:\Windows\System\rPuMWKC.exe
  2⤵
  PID:5736
- C:\Windows\System\QqISrYY.exe
  C:\Windows\System\QqISrYY.exe
  2⤵
  PID:5992
- C:\Windows\System\ZWhOCtI.exe
  C:\Windows\System\ZWhOCtI.exe
  2⤵
  PID:6148
- C:\Windows\System\qOGuXDA.exe
  C:\Windows\System\qOGuXDA.exe
  2⤵
  PID:6172
- C:\Windows\System\uSdOBJj.exe
  C:\Windows\System\uSdOBJj.exe
  2⤵
  PID:6220
- C:\Windows\System\zGxJgkz.exe
  C:\Windows\System\zGxJgkz.exe
  2⤵
  PID:6240
- C:\Windows\System\PxpdAwD.exe
  C:\Windows\System\PxpdAwD.exe
  2⤵
  PID:6276
- C:\Windows\System\QBFyNEV.exe
  C:\Windows\System\QBFyNEV.exe
  2⤵
  PID:6312
- C:\Windows\System\xVuOSDv.exe
  C:\Windows\System\xVuOSDv.exe
  2⤵
  PID:6316
- C:\Windows\System\StkCHmN.exe
  C:\Windows\System\StkCHmN.exe
  2⤵
  PID:6380
- C:\Windows\System\EWbhVly.exe
  C:\Windows\System\EWbhVly.exe
  2⤵
  PID:6420
- C:\Windows\System\XPHqAqA.exe
  C:\Windows\System\XPHqAqA.exe
  2⤵
  PID:6452
- C:\Windows\System\ELDqwXM.exe
  C:\Windows\System\ELDqwXM.exe
  2⤵
  PID:6492
- C:\Windows\System\yomCXOU.exe
  C:\Windows\System\yomCXOU.exe
  2⤵
  PID:6496
- C:\Windows\System\rNqOuyp.exe
  C:\Windows\System\rNqOuyp.exe
  2⤵
  PID:6532
- C:\Windows\System\LtCXVMR.exe
  C:\Windows\System\LtCXVMR.exe
  2⤵
  PID:6580
- C:\Windows\System\LihtTBh.exe
  C:\Windows\System\LihtTBh.exe
  2⤵
  PID:6592
- C:\Windows\System\pByhhlS.exe
  C:\Windows\System\pByhhlS.exe
  2⤵
  PID:6616
- C:\Windows\System\IwaThbo.exe
  C:\Windows\System\IwaThbo.exe
  2⤵
  PID:2484
- C:\Windows\System\HwoxJZW.exe
  C:\Windows\System\HwoxJZW.exe
  2⤵
  PID:6692
- C:\Windows\System\tzYiffz.exe
  C:\Windows\System\tzYiffz.exe
  2⤵
  PID:2628
- C:\Windows\System\jwpmmEI.exe
  C:\Windows\System\jwpmmEI.exe
  2⤵
  PID:6744
- C:\Windows\System\IpwsbdJ.exe
  C:\Windows\System\IpwsbdJ.exe
  2⤵
  PID:6784
- C:\Windows\System\eMEkmkm.exe
  C:\Windows\System\eMEkmkm.exe
  2⤵
  PID:6820
- C:\Windows\System\LJSAbqH.exe
  C:\Windows\System\LJSAbqH.exe
  2⤵
  PID:6848
- C:\Windows\System\wlVEvvF.exe
  C:\Windows\System\wlVEvvF.exe
  2⤵
  PID:6844
- C:\Windows\System\sfCRxzd.exe
  C:\Windows\System\sfCRxzd.exe
  2⤵
  PID:6888
- C:\Windows\System\cRITipE.exe
  C:\Windows\System\cRITipE.exe
  2⤵
  PID:6948
- C:\Windows\System\ujpzabA.exe
  C:\Windows\System\ujpzabA.exe
  2⤵
  PID:6924
- C:\Windows\System\pNByDYc.exe
  C:\Windows\System\pNByDYc.exe
  2⤵
  PID:7020
- C:\Windows\System\aPaKzVC.exe
  C:\Windows\System\aPaKzVC.exe
  2⤵
  PID:7000
- C:\Windows\System\vBmTrSC.exe
  C:\Windows\System\vBmTrSC.exe
  2⤵
  PID:7104
- C:\Windows\System\mCivmxT.exe
  C:\Windows\System\mCivmxT.exe
  2⤵
  PID:7092
- C:\Windows\System\mErJWmx.exe
  C:\Windows\System\mErJWmx.exe
  2⤵
  PID:7148
- C:\Windows\System\TJmVvTb.exe
  C:\Windows\System\TJmVvTb.exe
  2⤵
  PID:7124
- C:\Windows\System\xZSBwnP.exe
  C:\Windows\System\xZSBwnP.exe
  2⤵
  PID:6072
- C:\Windows\System\NtkTYfv.exe
  C:\Windows\System\NtkTYfv.exe
  2⤵
  PID:4220
- C:\Windows\System\eTglCYi.exe
  C:\Windows\System\eTglCYi.exe
  2⤵
  PID:5268
- C:\Windows\System\YVLZSYy.exe
  C:\Windows\System\YVLZSYy.exe
  2⤵
  PID:5528
- C:\Windows\System\BDobdYo.exe
  C:\Windows\System\BDobdYo.exe
  2⤵
  PID:5868
- C:\Windows\System\whPPYxN.exe
  C:\Windows\System\whPPYxN.exe
  2⤵
  PID:2616
- C:\Windows\System\gxOHWSa.exe
  C:\Windows\System\gxOHWSa.exe
  2⤵
  PID:6196
- C:\Windows\System\cmOAiKu.exe
  C:\Windows\System\cmOAiKu.exe
  2⤵
  PID:6256
- C:\Windows\System\nKbCHfO.exe
  C:\Windows\System\nKbCHfO.exe
  2⤵
  PID:6340
- C:\Windows\System\ksyMVZV.exe
  C:\Windows\System\ksyMVZV.exe
  2⤵
  PID:1420
- C:\Windows\System\awzPkbw.exe
  C:\Windows\System\awzPkbw.exe
  2⤵
  PID:6360
- C:\Windows\System\SKUfHCP.exe
  C:\Windows\System\SKUfHCP.exe
  2⤵
  PID:6436
- C:\Windows\System\QVDgXNC.exe
  C:\Windows\System\QVDgXNC.exe
  2⤵
  PID:6520
- C:\Windows\System\cOVwFqZ.exe
  C:\Windows\System\cOVwFqZ.exe
  2⤵
  PID:6556
- C:\Windows\System\gZPeiDi.exe
  C:\Windows\System\gZPeiDi.exe
  2⤵
  PID:2744
- C:\Windows\System\hKwXlXm.exe
  C:\Windows\System\hKwXlXm.exe
  2⤵
  PID:6600
- C:\Windows\System\PvRoCZt.exe
  C:\Windows\System\PvRoCZt.exe
  2⤵
  PID:2604
- C:\Windows\System\OWQIwPX.exe
  C:\Windows\System\OWQIwPX.exe
  2⤵
  PID:6760
- C:\Windows\System\DWONEwr.exe
  C:\Windows\System\DWONEwr.exe
  2⤵
  PID:6800
- C:\Windows\System\RuxxtBi.exe
  C:\Windows\System\RuxxtBi.exe
  2⤵
  PID:2652
- C:\Windows\System\FMtwppM.exe
  C:\Windows\System\FMtwppM.exe
  2⤵
  PID:6908
- C:\Windows\System\THbrajO.exe
  C:\Windows\System\THbrajO.exe
  2⤵
  PID:6920
- C:\Windows\System\xXKYdYz.exe
  C:\Windows\System\xXKYdYz.exe
  2⤵
  PID:7060
- C:\Windows\System\KCQypdv.exe
  C:\Windows\System\KCQypdv.exe
  2⤵
  PID:7004
- C:\Windows\System\lIrOjWD.exe
  C:\Windows\System\lIrOjWD.exe
  2⤵
  PID:6064
- C:\Windows\System\xbPOpwW.exe
  C:\Windows\System\xbPOpwW.exe
  2⤵
  PID:5236
- C:\Windows\System\BNQaZwY.exe
  C:\Windows\System\BNQaZwY.exe
  2⤵
  PID:5164
- C:\Windows\System\dftOMHO.exe
  C:\Windows\System\dftOMHO.exe
  2⤵
  PID:4372
- C:\Windows\System\WtxxWiz.exe
  C:\Windows\System\WtxxWiz.exe
  2⤵
  PID:5412
- C:\Windows\System\IXQJieo.exe
  C:\Windows\System\IXQJieo.exe
  2⤵
  PID:2724
- C:\Windows\System\TapKFid.exe
  C:\Windows\System\TapKFid.exe
  2⤵
  PID:6212
- C:\Windows\System\gmRAYut.exe
  C:\Windows\System\gmRAYut.exe
  2⤵
  PID:2632
- C:\Windows\System\HNAIrJg.exe
  C:\Windows\System\HNAIrJg.exe
  2⤵
  PID:6412
- C:\Windows\System\KnkJqdV.exe
  C:\Windows\System\KnkJqdV.exe
  2⤵
  PID:6432
- C:\Windows\System\bvXxaFW.exe
  C:\Windows\System\bvXxaFW.exe
  2⤵
  PID:6516
- C:\Windows\System\pPQkFMe.exe
  C:\Windows\System\pPQkFMe.exe
  2⤵
  PID:6552
- C:\Windows\System\ocGZWpx.exe
  C:\Windows\System\ocGZWpx.exe
  2⤵
  PID:6724
- C:\Windows\System\BJKgobB.exe
  C:\Windows\System\BJKgobB.exe
  2⤵
  PID:6720
- C:\Windows\System\RWLGlgG.exe
  C:\Windows\System\RWLGlgG.exe
  2⤵
  PID:2712
- C:\Windows\System\RdIRZgr.exe
  C:\Windows\System\RdIRZgr.exe
  2⤵
  PID:760
- C:\Windows\System\EtsMknh.exe
  C:\Windows\System\EtsMknh.exe
  2⤵
  PID:2260
- C:\Windows\System\MeUKzHb.exe
  C:\Windows\System\MeUKzHb.exe
  2⤵
  PID:7024
- C:\Windows\System\LwpubGq.exe
  C:\Windows\System\LwpubGq.exe
  2⤵
  PID:2152
- C:\Windows\System\uSAnioW.exe
  C:\Windows\System\uSAnioW.exe
  2⤵
  PID:6132
- C:\Windows\System\CjZZfnh.exe
  C:\Windows\System\CjZZfnh.exe
  2⤵
  PID:2264
- C:\Windows\System\LSxNekB.exe
  C:\Windows\System\LSxNekB.exe
  2⤵
  PID:7160
- C:\Windows\System\ganTsVj.exe
  C:\Windows\System\ganTsVj.exe
  2⤵
  PID:5812
- C:\Windows\System\cktZcyp.exe
  C:\Windows\System\cktZcyp.exe
  2⤵
  PID:6400
- C:\Windows\System\rmThwGH.exe
  C:\Windows\System\rmThwGH.exe
  2⤵
  PID:6296
- C:\Windows\System\mBnklyC.exe
  C:\Windows\System\mBnklyC.exe
  2⤵
  PID:6456
- C:\Windows\System\oxQICfQ.exe
  C:\Windows\System\oxQICfQ.exe
  2⤵
  PID:6476
- C:\Windows\System\QtQHWqN.exe
  C:\Windows\System\QtQHWqN.exe
  2⤵
  PID:6672
- C:\Windows\System\QBmHpBH.exe
  C:\Windows\System\QBmHpBH.exe
  2⤵
  PID:6816
- C:\Windows\System\YJjcXke.exe
  C:\Windows\System\YJjcXke.exe
  2⤵
  PID:6736
- C:\Windows\System\AwcoWxf.exe
  C:\Windows\System\AwcoWxf.exe
  2⤵
  PID:6980
- C:\Windows\System\GawPvkv.exe
  C:\Windows\System\GawPvkv.exe
  2⤵
  PID:1580
- C:\Windows\System\xWBSHHl.exe
  C:\Windows\System\xWBSHHl.exe
  2⤵
  PID:5632
- C:\Windows\System\SOWiIKr.exe
  C:\Windows\System\SOWiIKr.exe
  2⤵
  PID:7044
- C:\Windows\System\BjiqSXI.exe
  C:\Windows\System\BjiqSXI.exe
  2⤵
  PID:784
- C:\Windows\System\cnHIqcF.exe
  C:\Windows\System\cnHIqcF.exe
  2⤵
  PID:2860
- C:\Windows\System\MdSompP.exe
  C:\Windows\System\MdSompP.exe
  2⤵
  PID:2196
- C:\Windows\System\WJlHmCn.exe
  C:\Windows\System\WJlHmCn.exe
  2⤵
  PID:2900
- C:\Windows\System\LHRsTEQ.exe
  C:\Windows\System\LHRsTEQ.exe
  2⤵
  PID:6680
- C:\Windows\System\VRWCNFT.exe
  C:\Windows\System\VRWCNFT.exe
  2⤵
  PID:2984
- C:\Windows\System\oxwViTT.exe
  C:\Windows\System\oxwViTT.exe
  2⤵
  PID:840
- C:\Windows\System\pzNTqAl.exe
  C:\Windows\System\pzNTqAl.exe
  2⤵
  PID:6200
- C:\Windows\System\fyyXPch.exe
  C:\Windows\System\fyyXPch.exe
  2⤵
  PID:6232
- C:\Windows\System\fqObiHi.exe
  C:\Windows\System\fqObiHi.exe
  2⤵
  PID:5892
- C:\Windows\System\msjhtkZ.exe
  C:\Windows\System\msjhtkZ.exe
  2⤵
  PID:6636
- C:\Windows\System\xibowDv.exe
  C:\Windows\System\xibowDv.exe
  2⤵
  PID:1752
- C:\Windows\System\WLrApZS.exe
  C:\Windows\System\WLrApZS.exe
  2⤵
  PID:7048
- C:\Windows\System\OWSvEfP.exe
  C:\Windows\System\OWSvEfP.exe
  2⤵
  PID:6124
- C:\Windows\System\ncltXsd.exe
  C:\Windows\System\ncltXsd.exe
  2⤵
  PID:2876
- C:\Windows\System\qWzLaSJ.exe
  C:\Windows\System\qWzLaSJ.exe
  2⤵
  PID:1932
- C:\Windows\System\SRIIkwh.exe
  C:\Windows\System\SRIIkwh.exe
  2⤵
  PID:7068
- C:\Windows\System\JYtMbWu.exe
  C:\Windows\System\JYtMbWu.exe
  2⤵
  PID:2100
- C:\Windows\System\bMxbtCh.exe
  C:\Windows\System\bMxbtCh.exe
  2⤵
  PID:7180
- C:\Windows\System\nemwMGj.exe
  C:\Windows\System\nemwMGj.exe
  2⤵
  PID:7200
- C:\Windows\System\cUMcDDo.exe
  C:\Windows\System\cUMcDDo.exe
  2⤵
  PID:7248
- C:\Windows\System\wNQNwvi.exe
  C:\Windows\System\wNQNwvi.exe
  2⤵
  PID:7264
- C:\Windows\System\PAXuSIe.exe
  C:\Windows\System\PAXuSIe.exe
  2⤵
  PID:7280
- C:\Windows\System\WhqTbkR.exe
  C:\Windows\System\WhqTbkR.exe
  2⤵
  PID:7308
- C:\Windows\System\ZdEGXSf.exe
  C:\Windows\System\ZdEGXSf.exe
  2⤵
  PID:7324
- C:\Windows\System\GBRzvNP.exe
  C:\Windows\System\GBRzvNP.exe
  2⤵
  PID:7344
- C:\Windows\System\rYYuPaH.exe
  C:\Windows\System\rYYuPaH.exe
  2⤵
  PID:7360
- C:\Windows\System\hZDeJfR.exe
  C:\Windows\System\hZDeJfR.exe
  2⤵
  PID:7376
- C:\Windows\System\EmDxCbQ.exe
  C:\Windows\System\EmDxCbQ.exe
  2⤵
  PID:7392
- C:\Windows\System\CipnZFd.exe
  C:\Windows\System\CipnZFd.exe
  2⤵
  PID:7416
- C:\Windows\System\llFuHQi.exe
  C:\Windows\System\llFuHQi.exe
  2⤵
  PID:7432
- C:\Windows\System\GZXLznS.exe
  C:\Windows\System\GZXLznS.exe
  2⤵
  PID:7448
- C:\Windows\System\AyfWjov.exe
  C:\Windows\System\AyfWjov.exe
  2⤵
  PID:7464
- C:\Windows\System\LUgJwkk.exe
  C:\Windows\System\LUgJwkk.exe
  2⤵
  PID:7484
- C:\Windows\System\ydHnqza.exe
  C:\Windows\System\ydHnqza.exe
  2⤵
  PID:7528
- C:\Windows\System\XaRKCjS.exe
  C:\Windows\System\XaRKCjS.exe
  2⤵
  PID:7544
- C:\Windows\System\xMXshfR.exe
  C:\Windows\System\xMXshfR.exe
  2⤵
  PID:7560
- C:\Windows\System\pmPhSdT.exe
  C:\Windows\System\pmPhSdT.exe
  2⤵
  PID:7576
- C:\Windows\System\XbRKgNQ.exe
  C:\Windows\System\XbRKgNQ.exe
  2⤵
  PID:7592
- C:\Windows\System\ZFEmZkG.exe
  C:\Windows\System\ZFEmZkG.exe
  2⤵
  PID:7608
- C:\Windows\System\YflVQHl.exe
  C:\Windows\System\YflVQHl.exe
  2⤵
  PID:7624
- C:\Windows\System\GGIVUKz.exe
  C:\Windows\System\GGIVUKz.exe
  2⤵
  PID:7640
- C:\Windows\System\vgZzBNL.exe
  C:\Windows\System\vgZzBNL.exe
  2⤵
  PID:7656
- C:\Windows\System\exBCjUD.exe
  C:\Windows\System\exBCjUD.exe
  2⤵
  PID:7672
- C:\Windows\System\zYHcxFC.exe
  C:\Windows\System\zYHcxFC.exe
  2⤵
  PID:7688
- C:\Windows\System\QzUCZEM.exe
  C:\Windows\System\QzUCZEM.exe
  2⤵
  PID:7704
- C:\Windows\System\DCnbQIS.exe
  C:\Windows\System\DCnbQIS.exe
  2⤵
  PID:7720
- C:\Windows\System\AGyEunI.exe
  C:\Windows\System\AGyEunI.exe
  2⤵
  PID:7740
- C:\Windows\System\aogTHbZ.exe
  C:\Windows\System\aogTHbZ.exe
  2⤵
  PID:7756
- C:\Windows\System\RwrifJs.exe
  C:\Windows\System\RwrifJs.exe
  2⤵
  PID:7772
- C:\Windows\System\pbhBKif.exe
  C:\Windows\System\pbhBKif.exe
  2⤵
  PID:7788
- C:\Windows\System\wyIFUNe.exe
  C:\Windows\System\wyIFUNe.exe
  2⤵
  PID:7804
- C:\Windows\System\KwYsMNi.exe
  C:\Windows\System\KwYsMNi.exe
  2⤵
  PID:7820
- C:\Windows\System\SSvbOyr.exe
  C:\Windows\System\SSvbOyr.exe
  2⤵
  PID:7836
- C:\Windows\System\oYAlabd.exe
  C:\Windows\System\oYAlabd.exe
  2⤵
  PID:7852
- C:\Windows\System\WJXEORQ.exe
  C:\Windows\System\WJXEORQ.exe
  2⤵
  PID:7868
- C:\Windows\System\TpOWawF.exe
  C:\Windows\System\TpOWawF.exe
  2⤵
  PID:7908
- C:\Windows\System\PbBdQpc.exe
  C:\Windows\System\PbBdQpc.exe
  2⤵
  PID:7932
- C:\Windows\System\cgqVjaD.exe
  C:\Windows\System\cgqVjaD.exe
  2⤵
  PID:7952
- C:\Windows\System\fYDlTYt.exe
  C:\Windows\System\fYDlTYt.exe
  2⤵
  PID:7972
- C:\Windows\System\vXLSIaT.exe
  C:\Windows\System\vXLSIaT.exe
  2⤵
  PID:7988
- C:\Windows\System\PfwiVat.exe
  C:\Windows\System\PfwiVat.exe
  2⤵
  PID:8004
- C:\Windows\System\Epspwmu.exe
  C:\Windows\System\Epspwmu.exe
  2⤵
  PID:8020
- C:\Windows\System\GzriRdI.exe
  C:\Windows\System\GzriRdI.exe
  2⤵
  PID:8036
- C:\Windows\System\qcyCBYF.exe
  C:\Windows\System\qcyCBYF.exe
  2⤵
  PID:8052
- C:\Windows\System\KlkAGXC.exe
  C:\Windows\System\KlkAGXC.exe
  2⤵
  PID:8076
- C:\Windows\System\UJmYuvB.exe
  C:\Windows\System\UJmYuvB.exe
  2⤵
  PID:8096
- C:\Windows\System\skMIVsE.exe
  C:\Windows\System\skMIVsE.exe
  2⤵
  PID:8116
- C:\Windows\System\rzXeiAJ.exe
  C:\Windows\System\rzXeiAJ.exe
  2⤵
  PID:8132
- C:\Windows\System\ltGoyoP.exe
  C:\Windows\System\ltGoyoP.exe
  2⤵
  PID:8152
- C:\Windows\System\sFMdkpg.exe
  C:\Windows\System\sFMdkpg.exe
  2⤵
  PID:8172
- C:\Windows\System\EpjNyUt.exe
  C:\Windows\System\EpjNyUt.exe
  2⤵
  PID:8188
- C:\Windows\System\FYfpnsN.exe
  C:\Windows\System\FYfpnsN.exe
  2⤵
  PID:5472
- C:\Windows\System\PkWncFZ.exe
  C:\Windows\System\PkWncFZ.exe
  2⤵
  PID:7108
- C:\Windows\System\CHRdXkA.exe
  C:\Windows\System\CHRdXkA.exe
  2⤵
  PID:7192
- C:\Windows\System\PQZkELS.exe
  C:\Windows\System\PQZkELS.exe
  2⤵
  PID:2092
- C:\Windows\System\QChvWoR.exe
  C:\Windows\System\QChvWoR.exe
  2⤵
  PID:2184
- C:\Windows\System\uiRVeeV.exe
  C:\Windows\System\uiRVeeV.exe
  2⤵
  PID:2492
- C:\Windows\System\IsuTqTV.exe
  C:\Windows\System\IsuTqTV.exe
  2⤵
  PID:2408
- C:\Windows\System\vQVIUNw.exe
  C:\Windows\System\vQVIUNw.exe
  2⤵
  PID:7236
- C:\Windows\System\LIkBQlS.exe
  C:\Windows\System\LIkBQlS.exe
  2⤵
  PID:7232
- C:\Windows\System\IzqQxoo.exe
  C:\Windows\System\IzqQxoo.exe
  2⤵
  PID:7300
- C:\Windows\System\qwPLJPn.exe
  C:\Windows\System\qwPLJPn.exe
  2⤵
  PID:7316
- C:\Windows\System\LOywOCx.exe
  C:\Windows\System\LOywOCx.exe
  2⤵
  PID:7428
- C:\Windows\System\MxVIaXh.exe
  C:\Windows\System\MxVIaXh.exe
  2⤵
  PID:7404
- C:\Windows\System\oHrcmju.exe
  C:\Windows\System\oHrcmju.exe
  2⤵
  PID:7480
- C:\Windows\System\hvoMTkk.exe
  C:\Windows\System\hvoMTkk.exe
  2⤵
  PID:7712
- C:\Windows\System\mZYcQci.exe
  C:\Windows\System\mZYcQci.exe
  2⤵
  PID:7540
- C:\Windows\System\YTGmYVk.exe
  C:\Windows\System\YTGmYVk.exe
  2⤵
  PID:7728
- C:\Windows\System\ThyoXQs.exe
  C:\Windows\System\ThyoXQs.exe
  2⤵
  PID:7768
- C:\Windows\System\uFsfDeQ.exe
  C:\Windows\System\uFsfDeQ.exe
  2⤵
  PID:7832
- C:\Windows\System\lqSkTJq.exe
  C:\Windows\System\lqSkTJq.exe
  2⤵
  PID:7652
- C:\Windows\System\DzdHopg.exe
  C:\Windows\System\DzdHopg.exe
  2⤵
  PID:7620
- C:\Windows\System\HdhXsms.exe
  C:\Windows\System\HdhXsms.exe
  2⤵
  PID:7556
- C:\Windows\System\aMhpsEC.exe
  C:\Windows\System\aMhpsEC.exe
  2⤵
  PID:7904
- C:\Windows\System\YktvOlk.exe
  C:\Windows\System\YktvOlk.exe
  2⤵
  PID:7928
- C:\Windows\System\UrECeRa.exe
  C:\Windows\System\UrECeRa.exe
  2⤵
  PID:8044
- C:\Windows\System\RuPmxFN.exe
  C:\Windows\System\RuPmxFN.exe
  2⤵
  PID:7984
- C:\Windows\System\hypjjnw.exe
  C:\Windows\System\hypjjnw.exe
  2⤵
  PID:8160
- C:\Windows\System\MkpHJZN.exe
  C:\Windows\System\MkpHJZN.exe
  2⤵
  PID:6756
- C:\Windows\System\ruqlqnQ.exe
  C:\Windows\System\ruqlqnQ.exe
  2⤵
  PID:2108
- C:\Windows\System\gVbebYF.exe
  C:\Windows\System\gVbebYF.exe
  2⤵
  PID:7968
- C:\Windows\System\QQUoYhJ.exe
  C:\Windows\System\QQUoYhJ.exe
  2⤵
  PID:8032
- C:\Windows\System\gwkxtOe.exe
  C:\Windows\System\gwkxtOe.exe
  2⤵
  PID:8104
- C:\Windows\System\TLpFOnF.exe
  C:\Windows\System\TLpFOnF.exe
  2⤵
  PID:8148
- C:\Windows\System\HPgcxQH.exe
  C:\Windows\System\HPgcxQH.exe
  2⤵
  PID:6716
- C:\Windows\System\NBYixoY.exe
  C:\Windows\System\NBYixoY.exe
  2⤵
  PID:1600
- C:\Windows\System\xjvxsCC.exe
  C:\Windows\System\xjvxsCC.exe
  2⤵
  PID:7256
- C:\Windows\System\RozJTNM.exe
  C:\Windows\System\RozJTNM.exe
  2⤵
  PID:7228
- C:\Windows\System\poWyABa.exe
  C:\Windows\System\poWyABa.exe
  2⤵
  PID:7352
- C:\Windows\System\vGJZvzk.exe
  C:\Windows\System\vGJZvzk.exe
  2⤵
  PID:7496
- C:\Windows\System\wfpkczB.exe
  C:\Windows\System\wfpkczB.exe
  2⤵
  PID:7368
- C:\Windows\System\CUxYmWQ.exe
  C:\Windows\System\CUxYmWQ.exe
  2⤵
  PID:7444
- C:\Windows\System\gHmfBxS.exe
  C:\Windows\System\gHmfBxS.exe
  2⤵
  PID:7748
- C:\Windows\System\IjOPvoU.exe
  C:\Windows\System\IjOPvoU.exe
  2⤵
  PID:7844
- C:\Windows\System\LpZluqD.exe
  C:\Windows\System\LpZluqD.exe
  2⤵
  PID:7524
- C:\Windows\System\srivSUF.exe
  C:\Windows\System\srivSUF.exe
  2⤵
  PID:7600
- C:\Windows\System\FQDmYXy.exe
  C:\Windows\System\FQDmYXy.exe
  2⤵
  PID:7736
- C:\Windows\System\mBMdEST.exe
  C:\Windows\System\mBMdEST.exe
  2⤵
  PID:7632
- C:\Windows\System\qFLbcDY.exe
  C:\Windows\System\qFLbcDY.exe
  2⤵
  PID:7700
- C:\Windows\System\gNXQSKi.exe
  C:\Windows\System\gNXQSKi.exe
  2⤵
  PID:7552
- C:\Windows\System\SKGAGsi.exe
  C:\Windows\System\SKGAGsi.exe
  2⤵
  PID:7372
- C:\Windows\System\pvShdOt.exe
  C:\Windows\System\pvShdOt.exe
  2⤵
  PID:8012
- C:\Windows\System\rflVzkq.exe
  C:\Windows\System\rflVzkq.exe
  2⤵
  PID:7176
- C:\Windows\System\pUTKvCO.exe
  C:\Windows\System\pUTKvCO.exe
  2⤵
  PID:8184
- C:\Windows\System\xULUONd.exe
  C:\Windows\System\xULUONd.exe
  2⤵
  PID:7980
- C:\Windows\System\kIdFUqQ.exe
  C:\Windows\System\kIdFUqQ.exe
  2⤵
  PID:8064
- C:\Windows\System\FYltOXc.exe
  C:\Windows\System\FYltOXc.exe
  2⤵
  PID:2068
- C:\Windows\System\lzpWLSu.exe
  C:\Windows\System\lzpWLSu.exe
  2⤵
  PID:7492
- C:\Windows\System\QrSngZu.exe
  C:\Windows\System\QrSngZu.exe
  2⤵
  PID:7816
- C:\Windows\System\HDQVpZn.exe
  C:\Windows\System\HDQVpZn.exe
  2⤵
  PID:7240
- C:\Windows\System\TlNNIKx.exe
  C:\Windows\System\TlNNIKx.exe
  2⤵
  PID:7400
- C:\Windows\System\nAStqMh.exe
  C:\Windows\System\nAStqMh.exe
  2⤵
  PID:7512
- C:\Windows\System\bzEdnBX.exe
  C:\Windows\System\bzEdnBX.exe
  2⤵
  PID:7604
- C:\Windows\System\GnHqqwN.exe
  C:\Windows\System\GnHqqwN.exe
  2⤵
  PID:7476
- C:\Windows\System\GVixXMg.exe
  C:\Windows\System\GVixXMg.exe
  2⤵
  PID:7960
- C:\Windows\System\FdWrCfF.exe
  C:\Windows\System\FdWrCfF.exe
  2⤵
  PID:6900
- C:\Windows\System\lvmpbny.exe
  C:\Windows\System\lvmpbny.exe
  2⤵
  PID:7588
- C:\Windows\System\XLBYKbW.exe
  C:\Windows\System\XLBYKbW.exe
  2⤵
  PID:680
- C:\Windows\System\bkCtkcB.exe
  C:\Windows\System\bkCtkcB.exe
  2⤵
  PID:2412
- C:\Windows\System\NmDJwVH.exe
  C:\Windows\System\NmDJwVH.exe
  2⤵
  PID:7320
- C:\Windows\System\ARbwrmA.exe
  C:\Windows\System\ARbwrmA.exe
  2⤵
  PID:7864
- C:\Windows\System\nsJlRSl.exe
  C:\Windows\System\nsJlRSl.exe
  2⤵
  PID:7572
- C:\Windows\System\xwkXNYK.exe
  C:\Windows\System\xwkXNYK.exe
  2⤵
  PID:8208
- C:\Windows\System\LXPSfAI.exe
  C:\Windows\System\LXPSfAI.exe
  2⤵
  PID:8224
- C:\Windows\System\CHkOwux.exe
  C:\Windows\System\CHkOwux.exe
  2⤵
  PID:8240
- C:\Windows\System\olLynSf.exe
  C:\Windows\System\olLynSf.exe
  2⤵
  PID:8256
- C:\Windows\System\ZcFjopV.exe
  C:\Windows\System\ZcFjopV.exe
  2⤵
  PID:8272
- C:\Windows\System\wyTWrBd.exe
  C:\Windows\System\wyTWrBd.exe
  2⤵
  PID:8288
- C:\Windows\System\jRVGYRX.exe
  C:\Windows\System\jRVGYRX.exe
  2⤵
  PID:8304
- C:\Windows\System\YlkXWpq.exe
  C:\Windows\System\YlkXWpq.exe
  2⤵
  PID:8320
- C:\Windows\System\Zmagzse.exe
  C:\Windows\System\Zmagzse.exe
  2⤵
  PID:8336
- C:\Windows\System\hDGeeua.exe
  C:\Windows\System\hDGeeua.exe
  2⤵
  PID:8352
- C:\Windows\System\AekORGm.exe
  C:\Windows\System\AekORGm.exe
  2⤵
  PID:8368
- C:\Windows\System\UfBOpGs.exe
  C:\Windows\System\UfBOpGs.exe
  2⤵
  PID:8384
- C:\Windows\System\eygDgYq.exe
  C:\Windows\System\eygDgYq.exe
  2⤵
  PID:8400
- C:\Windows\System\ZoHkkTq.exe
  C:\Windows\System\ZoHkkTq.exe
  2⤵
  PID:8416
- C:\Windows\System\ikDosIQ.exe
  C:\Windows\System\ikDosIQ.exe
  2⤵
  PID:8432
- C:\Windows\System\ySsQANG.exe
  C:\Windows\System\ySsQANG.exe
  2⤵
  PID:8448
- C:\Windows\System\pHzIeje.exe
  C:\Windows\System\pHzIeje.exe
  2⤵
  PID:8464
- C:\Windows\System\GCAGEfq.exe
  C:\Windows\System\GCAGEfq.exe
  2⤵
  PID:8480
- C:\Windows\System\ixDmkUA.exe
  C:\Windows\System\ixDmkUA.exe
  2⤵
  PID:8496
- C:\Windows\System\ldRuuKh.exe
  C:\Windows\System\ldRuuKh.exe
  2⤵
  PID:8516
- C:\Windows\System\WNPXLUU.exe
  C:\Windows\System\WNPXLUU.exe
  2⤵
  PID:8532
- C:\Windows\System\lCZXKuF.exe
  C:\Windows\System\lCZXKuF.exe
  2⤵
  PID:8548
- C:\Windows\System\dLLokdg.exe
  C:\Windows\System\dLLokdg.exe
  2⤵
  PID:8564
- C:\Windows\System\rQXCXTD.exe
  C:\Windows\System\rQXCXTD.exe
  2⤵
  PID:8580
- C:\Windows\System\OUxiXDE.exe
  C:\Windows\System\OUxiXDE.exe
  2⤵
  PID:8596
- C:\Windows\System\sxYqbjG.exe
  C:\Windows\System\sxYqbjG.exe
  2⤵
  PID:8620
- C:\Windows\System\oIdhntK.exe
  C:\Windows\System\oIdhntK.exe
  2⤵
  PID:8636
- C:\Windows\System\bXUvXLX.exe
  C:\Windows\System\bXUvXLX.exe
  2⤵
  PID:8652
- C:\Windows\System\Olrgytq.exe
  C:\Windows\System\Olrgytq.exe
  2⤵
  PID:8668
- C:\Windows\System\KQrvGgJ.exe
  C:\Windows\System\KQrvGgJ.exe
  2⤵
  PID:8684
- C:\Windows\System\AgjbHPB.exe
  C:\Windows\System\AgjbHPB.exe
  2⤵
  PID:8700
- C:\Windows\System\ZRKwmHH.exe
  C:\Windows\System\ZRKwmHH.exe
  2⤵
  PID:8716
- C:\Windows\System\PdQOTtn.exe
  C:\Windows\System\PdQOTtn.exe
  2⤵
  PID:8732
- C:\Windows\System\AilyJlU.exe
  C:\Windows\System\AilyJlU.exe
  2⤵
  PID:8748
- C:\Windows\System\OIKiJkq.exe
  C:\Windows\System\OIKiJkq.exe
  2⤵
  PID:8764
- C:\Windows\System\CtQPhRQ.exe
  C:\Windows\System\CtQPhRQ.exe
  2⤵
  PID:8780
- C:\Windows\System\gzZYgtQ.exe
  C:\Windows\System\gzZYgtQ.exe
  2⤵
  PID:8796
- C:\Windows\System\JjpcqKO.exe
  C:\Windows\System\JjpcqKO.exe
  2⤵
  PID:8812
- C:\Windows\System\SFGlGpV.exe
  C:\Windows\System\SFGlGpV.exe
  2⤵
  PID:8828
- C:\Windows\System\mhbhFii.exe
  C:\Windows\System\mhbhFii.exe
  2⤵
  PID:8844
- C:\Windows\System\RGcAHPP.exe
  C:\Windows\System\RGcAHPP.exe
  2⤵
  PID:8860
- C:\Windows\System\KjOjZFY.exe
  C:\Windows\System\KjOjZFY.exe
  2⤵
  PID:8876
- C:\Windows\System\hWkOTym.exe
  C:\Windows\System\hWkOTym.exe
  2⤵
  PID:8892
- C:\Windows\System\NUfXStr.exe
  C:\Windows\System\NUfXStr.exe
  2⤵
  PID:8908
- C:\Windows\System\FEKCief.exe
  C:\Windows\System\FEKCief.exe
  2⤵
  PID:8924
- C:\Windows\System\XeAcjFz.exe
  C:\Windows\System\XeAcjFz.exe
  2⤵
  PID:8940
- C:\Windows\System\NwVvLuN.exe
  C:\Windows\System\NwVvLuN.exe
  2⤵
  PID:8956
- C:\Windows\System\fqCIMLv.exe
  C:\Windows\System\fqCIMLv.exe
  2⤵
  PID:8976
- C:\Windows\System\cujpOMm.exe
  C:\Windows\System\cujpOMm.exe
  2⤵
  PID:8992
- C:\Windows\System\SuPCJQV.exe
  C:\Windows\System\SuPCJQV.exe
  2⤵
  PID:9008
- C:\Windows\System\NnoQfyZ.exe
  C:\Windows\System\NnoQfyZ.exe
  2⤵
  PID:9024
- C:\Windows\System\CuVpJWX.exe
  C:\Windows\System\CuVpJWX.exe
  2⤵
  PID:9040
- C:\Windows\System\gWQaDan.exe
  C:\Windows\System\gWQaDan.exe
  2⤵
  PID:9056
- C:\Windows\System\mTmHcCH.exe
  C:\Windows\System\mTmHcCH.exe
  2⤵
  PID:9072
- C:\Windows\System\SdwrQug.exe
  C:\Windows\System\SdwrQug.exe
  2⤵
  PID:9088
- C:\Windows\System\SRMOAlv.exe
  C:\Windows\System\SRMOAlv.exe
  2⤵
  PID:9104
- C:\Windows\System\oKNTiHu.exe
  C:\Windows\System\oKNTiHu.exe
  2⤵
  PID:9120
- C:\Windows\System\OpseJOa.exe
  C:\Windows\System\OpseJOa.exe
  2⤵
  PID:9136
- C:\Windows\System\MDXBEjy.exe
  C:\Windows\System\MDXBEjy.exe
  2⤵
  PID:9152
- C:\Windows\System\efpMHZT.exe
  C:\Windows\System\efpMHZT.exe
  2⤵
  PID:9168
- C:\Windows\System\EbKNjRZ.exe
  C:\Windows\System\EbKNjRZ.exe
  2⤵
  PID:9184
- C:\Windows\System\eTeEkez.exe
  C:\Windows\System\eTeEkez.exe
  2⤵
  PID:9200
- C:\Windows\System\TOjTkqn.exe
  C:\Windows\System\TOjTkqn.exe
  2⤵
  PID:8092
- C:\Windows\System\ArXgoDS.exe
  C:\Windows\System\ArXgoDS.exe
  2⤵
  PID:7296
- C:\Windows\System\WUTQbGS.exe
  C:\Windows\System\WUTQbGS.exe
  2⤵
  PID:8248
- C:\Windows\System\ABcLCkW.exe
  C:\Windows\System\ABcLCkW.exe
  2⤵
  PID:8312
- C:\Windows\System\kcaTVmE.exe
  C:\Windows\System\kcaTVmE.exe
  2⤵
  PID:8408
- C:\Windows\System\KvGnCJO.exe
  C:\Windows\System\KvGnCJO.exe
  2⤵
  PID:8476
- C:\Windows\System\gRCLBQt.exe
  C:\Windows\System\gRCLBQt.exe
  2⤵
  PID:8540
- C:\Windows\System\PdqKaWj.exe
  C:\Windows\System\PdqKaWj.exe
  2⤵
  PID:8604
- C:\Windows\System\mVVNOTM.exe
  C:\Windows\System\mVVNOTM.exe
  2⤵
  PID:8168
- C:\Windows\System\xjuFqwu.exe
  C:\Windows\System\xjuFqwu.exe
  2⤵
  PID:8144
- C:\Windows\System\YcVKwSo.exe
  C:\Windows\System\YcVKwSo.exe
  2⤵
  PID:8236
- C:\Windows\System\gftvvrs.exe
  C:\Windows\System\gftvvrs.exe
  2⤵
  PID:8300
- C:\Windows\System\UNabEfQ.exe
  C:\Windows\System\UNabEfQ.exe
  2⤵
  PID:8392
- C:\Windows\System\iyOnwNO.exe
  C:\Windows\System\iyOnwNO.exe
  2⤵
  PID:8456
- C:\Windows\System\xBUulkb.exe
  C:\Windows\System\xBUulkb.exe
  2⤵
  PID:8524
- C:\Windows\System\zSiXJvv.exe
  C:\Windows\System\zSiXJvv.exe
  2⤵
  PID:8588
- C:\Windows\System\DNkxCDk.exe
  C:\Windows\System\DNkxCDk.exe
  2⤵
  PID:7696
- C:\Windows\System\fouIzjT.exe
  C:\Windows\System\fouIzjT.exe
  2⤵
  PID:8648
- C:\Windows\System\WgBcBvV.exe
  C:\Windows\System\WgBcBvV.exe
  2⤵
  PID:8696
- C:\Windows\System\pNfqKai.exe
  C:\Windows\System\pNfqKai.exe
  2⤵
  PID:8680
- C:\Windows\System\XOQgkuu.exe
  C:\Windows\System\XOQgkuu.exe
  2⤵
  PID:8808
- C:\Windows\System\kwxqvYl.exe
  C:\Windows\System\kwxqvYl.exe
  2⤵
  PID:8824
- C:\Windows\System\SVoleNs.exe
  C:\Windows\System\SVoleNs.exe
  2⤵
  PID:8852
- C:\Windows\System\OfxImsB.exe
  C:\Windows\System\OfxImsB.exe
  2⤵
  PID:8916
- C:\Windows\System\vMdKUvE.exe
  C:\Windows\System\vMdKUvE.exe
  2⤵
  PID:8964
- C:\Windows\System\fTflHuB.exe
  C:\Windows\System\fTflHuB.exe
  2⤵
  PID:8840
- C:\Windows\System\oeedHXJ.exe
  C:\Windows\System\oeedHXJ.exe
  2⤵
  PID:8788
- C:\Windows\System\KjdmElf.exe
  C:\Windows\System\KjdmElf.exe
  2⤵
  PID:8512
- C:\Windows\System\sjiYnFb.exe
  C:\Windows\System\sjiYnFb.exe
  2⤵
  PID:9020
- C:\Windows\System\hXEfrYp.exe
  C:\Windows\System\hXEfrYp.exe
  2⤵
  PID:9032
- C:\Windows\System\wmGWXxj.exe
  C:\Windows\System\wmGWXxj.exe
  2⤵
  PID:9036
- C:\Windows\System\TWlIbHA.exe
  C:\Windows\System\TWlIbHA.exe
  2⤵
  PID:9080
- C:\Windows\System\MDnIafE.exe
  C:\Windows\System\MDnIafE.exe
  2⤵
  PID:9132
- C:\Windows\System\QEZWMQK.exe
  C:\Windows\System\QEZWMQK.exe
  2⤵
  PID:9208
- C:\Windows\System\dpHuIGJ.exe
  C:\Windows\System\dpHuIGJ.exe
  2⤵
  PID:8344
- C:\Windows\System\MTfTMKF.exe
  C:\Windows\System\MTfTMKF.exe
  2⤵
  PID:9196
- C:\Windows\System\YCTwDqB.exe
  C:\Windows\System\YCTwDqB.exe
  2⤵
  PID:8280
- C:\Windows\System\AQKlVxK.exe
  C:\Windows\System\AQKlVxK.exe
  2⤵
  PID:8968
- C:\Windows\System\WczdFNm.exe
  C:\Windows\System\WczdFNm.exe
  2⤵
  PID:7924
- C:\Windows\System\GkAnvrl.exe
  C:\Windows\System\GkAnvrl.exe
  2⤵
  PID:8728
- C:\Windows\System\IlUXMIw.exe
  C:\Windows\System\IlUXMIw.exe
  2⤵
  PID:8204
- C:\Windows\System\wkEynrq.exe
  C:\Windows\System\wkEynrq.exe
  2⤵
  PID:8712
- C:\Windows\System\MZeKkfc.exe
  C:\Windows\System\MZeKkfc.exe
  2⤵
  PID:8948
- C:\Windows\System\JsAFwRm.exe
  C:\Windows\System\JsAFwRm.exe
  2⤵
  PID:8904
- C:\Windows\System\DXaBlbF.exe
  C:\Windows\System\DXaBlbF.exe
  2⤵
  PID:9112
- C:\Windows\System\EVZvUMG.exe
  C:\Windows\System\EVZvUMG.exe
  2⤵
  PID:8872
- C:\Windows\System\dRKLBMg.exe
  C:\Windows\System\dRKLBMg.exe
  2⤵
  PID:9160
- C:\Windows\System\xpygFHI.exe
  C:\Windows\System\xpygFHI.exe
  2⤵
  PID:7784
- C:\Windows\System\bnRywQl.exe
  C:\Windows\System\bnRywQl.exe
  2⤵
  PID:8616
- C:\Windows\System\CMkAbGK.exe
  C:\Windows\System\CMkAbGK.exe
  2⤵
  PID:9064
- C:\Windows\System\zimIjgv.exe
  C:\Windows\System\zimIjgv.exe
  2⤵
  PID:8836
- C:\Windows\System\kFDiGoX.exe
  C:\Windows\System\kFDiGoX.exe
  2⤵
  PID:8776
- C:\Windows\System\CQjGhSz.exe
  C:\Windows\System\CQjGhSz.exe
  2⤵
  PID:9084
- C:\Windows\System\NWHSSmO.exe
  C:\Windows\System\NWHSSmO.exe
  2⤵
  PID:9180
- C:\Windows\System\PqWnxXd.exe
  C:\Windows\System\PqWnxXd.exe
  2⤵
  PID:8560
- C:\Windows\System\dyaWIsl.exe
  C:\Windows\System\dyaWIsl.exe
  2⤵
  PID:8444
- C:\Windows\System\fdcYIxS.exe
  C:\Windows\System\fdcYIxS.exe
  2⤵
  PID:8200
- C:\Windows\System\HGEKVqy.exe
  C:\Windows\System\HGEKVqy.exe
  2⤵
  PID:9116
- C:\Windows\System\iwoznUy.exe
  C:\Windows\System\iwoznUy.exe
  2⤵
  PID:8216
- C:\Windows\System\WkVwkes.exe
  C:\Windows\System\WkVwkes.exe
  2⤵
  PID:8380
- C:\Windows\System\SwBrfLI.exe
  C:\Windows\System\SwBrfLI.exe
  2⤵
  PID:8888
- C:\Windows\System\adlrCWe.exe
  C:\Windows\System\adlrCWe.exe
  2⤵
  PID:9096
- C:\Windows\System\HxUSmwO.exe
  C:\Windows\System\HxUSmwO.exe
  2⤵
  PID:9224
- C:\Windows\System\vxCqVap.exe
  C:\Windows\System\vxCqVap.exe
  2⤵
  PID:9240
- C:\Windows\System\wbGmtge.exe
  C:\Windows\System\wbGmtge.exe
  2⤵
  PID:9256
- C:\Windows\System\aVsXuAb.exe
  C:\Windows\System\aVsXuAb.exe
  2⤵
  PID:9272
- C:\Windows\System\uaccOns.exe
  C:\Windows\System\uaccOns.exe
  2⤵
  PID:9288
- C:\Windows\System\GuopIeB.exe
  C:\Windows\System\GuopIeB.exe
  2⤵
  PID:9312
- C:\Windows\System\uulFnmS.exe
  C:\Windows\System\uulFnmS.exe
  2⤵
  PID:9328
- C:\Windows\System\cTznPSj.exe
  C:\Windows\System\cTznPSj.exe
  2⤵
  PID:9344
- C:\Windows\System\FuCAKoR.exe
  C:\Windows\System\FuCAKoR.exe
  2⤵
  PID:9360
- C:\Windows\System\iMaQeLw.exe
  C:\Windows\System\iMaQeLw.exe
  2⤵
  PID:9376
- C:\Windows\System\gxQkzjW.exe
  C:\Windows\System\gxQkzjW.exe
  2⤵
  PID:9392
- C:\Windows\System\MXGYVbC.exe
  C:\Windows\System\MXGYVbC.exe
  2⤵
  PID:9408
- C:\Windows\System\nTtCNgY.exe
  C:\Windows\System\nTtCNgY.exe
  2⤵
  PID:9424
- C:\Windows\System\xCmjXev.exe
  C:\Windows\System\xCmjXev.exe
  2⤵
  PID:9440
- C:\Windows\System\IUNWdYc.exe
  C:\Windows\System\IUNWdYc.exe
  2⤵
  PID:9456
- C:\Windows\System\bmPKBiT.exe
  C:\Windows\System\bmPKBiT.exe
  2⤵
  PID:9472
- C:\Windows\System\dbzByxd.exe
  C:\Windows\System\dbzByxd.exe
  2⤵
  PID:9488
- C:\Windows\System\xuatEbW.exe
  C:\Windows\System\xuatEbW.exe
  2⤵
  PID:9508
- C:\Windows\System\RyPOxfF.exe
  C:\Windows\System\RyPOxfF.exe
  2⤵
  PID:9524
- C:\Windows\System\pBiwCpd.exe
  C:\Windows\System\pBiwCpd.exe
  2⤵
  PID:9544
- C:\Windows\System\HzwexzM.exe
  C:\Windows\System\HzwexzM.exe
  2⤵
  PID:9560
- C:\Windows\System\yadmfXc.exe
  C:\Windows\System\yadmfXc.exe
  2⤵
  PID:9580
- C:\Windows\System\YXBgmgb.exe
  C:\Windows\System\YXBgmgb.exe
  2⤵
  PID:9596
- C:\Windows\System\iZldFOv.exe
  C:\Windows\System\iZldFOv.exe
  2⤵
  PID:9612
- C:\Windows\System\boHaIWR.exe
  C:\Windows\System\boHaIWR.exe
  2⤵
  PID:9628
- C:\Windows\System\jhuSpun.exe
  C:\Windows\System\jhuSpun.exe
  2⤵
  PID:9644
- C:\Windows\System\HltTBSc.exe
  C:\Windows\System\HltTBSc.exe
  2⤵
  PID:9696
- C:\Windows\System\NpzjOpw.exe
  C:\Windows\System\NpzjOpw.exe
  2⤵
  PID:9720
- C:\Windows\System\CYwSAuY.exe
  C:\Windows\System\CYwSAuY.exe
  2⤵
  PID:9736
- C:\Windows\System\qgxLBYl.exe
  C:\Windows\System\qgxLBYl.exe
  2⤵
  PID:9752
- C:\Windows\System\IjEqgpr.exe
  C:\Windows\System\IjEqgpr.exe
  2⤵
  PID:9776
- C:\Windows\System\eXdJQJG.exe
  C:\Windows\System\eXdJQJG.exe
  2⤵
  PID:9792
- C:\Windows\System\ceEdrjc.exe
  C:\Windows\System\ceEdrjc.exe
  2⤵
  PID:9808
- C:\Windows\System\PZXyhIy.exe
  C:\Windows\System\PZXyhIy.exe
  2⤵
  PID:9844
- C:\Windows\System\NWtVkLo.exe
  C:\Windows\System\NWtVkLo.exe
  2⤵
  PID:9872
- C:\Windows\System\ptzlSbC.exe
  C:\Windows\System\ptzlSbC.exe
  2⤵
  PID:9900
- C:\Windows\System\chsQyTV.exe
  C:\Windows\System\chsQyTV.exe
  2⤵
  PID:9916
- C:\Windows\System\hYQYaoe.exe
  C:\Windows\System\hYQYaoe.exe
  2⤵
  PID:9980
- C:\Windows\System\OcUTmjm.exe
  C:\Windows\System\OcUTmjm.exe
  2⤵
  PID:10004
- C:\Windows\System\aYdJroL.exe
  C:\Windows\System\aYdJroL.exe
  2⤵
  PID:10024
- C:\Windows\System\yQZJGyx.exe
  C:\Windows\System\yQZJGyx.exe
  2⤵
  PID:10084
- C:\Windows\System\nCkomTL.exe
  C:\Windows\System\nCkomTL.exe
  2⤵
  PID:10108
- C:\Windows\System\EggSxVp.exe
  C:\Windows\System\EggSxVp.exe
  2⤵
  PID:10124
- C:\Windows\System\gKMeztW.exe
  C:\Windows\System\gKMeztW.exe
  2⤵
  PID:10140
- C:\Windows\System\eZsjvrg.exe
  C:\Windows\System\eZsjvrg.exe
  2⤵
  PID:10156
- C:\Windows\System\nlJICWV.exe
  C:\Windows\System\nlJICWV.exe
  2⤵
  PID:10172
- C:\Windows\System\hdSzhre.exe
  C:\Windows\System\hdSzhre.exe
  2⤵
  PID:10188
- C:\Windows\System\TMvNUhl.exe
  C:\Windows\System\TMvNUhl.exe
  2⤵
  PID:10204
- C:\Windows\System\mlIQEsu.exe
  C:\Windows\System\mlIQEsu.exe
  2⤵
  PID:10220
- C:\Windows\System\jtIaFUC.exe
  C:\Windows\System\jtIaFUC.exe
  2⤵
  PID:8268
- C:\Windows\System\edYtECy.exe
  C:\Windows\System\edYtECy.exe
  2⤵
  PID:8804
- C:\Windows\System\cAyYapq.exe
  C:\Windows\System\cAyYapq.exe
  2⤵
  PID:9220
- C:\Windows\System\NvlRCbn.exe
  C:\Windows\System\NvlRCbn.exe
  2⤵
  PID:9300
- C:\Windows\System\POBLEpr.exe
  C:\Windows\System\POBLEpr.exe
  2⤵
  PID:8932
- C:\Windows\System\GSenbtf.exe
  C:\Windows\System\GSenbtf.exe
  2⤵
  PID:9264
- C:\Windows\System\IHWKFhw.exe
  C:\Windows\System\IHWKFhw.exe
  2⤵
  PID:9336
- C:\Windows\System\LlTEaVU.exe
  C:\Windows\System\LlTEaVU.exe
  2⤵
  PID:9400
- C:\Windows\System\wrrQNFc.exe
  C:\Windows\System\wrrQNFc.exe
  2⤵
  PID:9448
- C:\Windows\System\ahhiksV.exe
  C:\Windows\System\ahhiksV.exe
  2⤵
  PID:9572
- C:\Windows\System\yeHDREd.exe
  C:\Windows\System\yeHDREd.exe
  2⤵
  PID:9820
- C:\Windows\System\krNWJZc.exe
  C:\Windows\System\krNWJZc.exe
  2⤵
  PID:10120
- C:\Windows\System\iKUfSDK.exe
  C:\Windows\System\iKUfSDK.exe
  2⤵
  PID:8488
- C:\Windows\System\oLLULeN.exe
  C:\Windows\System\oLLULeN.exe
  2⤵
  PID:9416
- C:\Windows\System\lFeoWeU.exe
  C:\Windows\System\lFeoWeU.exe
  2⤵
  PID:9368
- C:\Windows\System\ETNrUIT.exe
  C:\Windows\System\ETNrUIT.exe
  2⤵
  PID:9016
- C:\Windows\System\IVyKFBX.exe
  C:\Windows\System\IVyKFBX.exe
  2⤵
  PID:9516
- C:\Windows\System\zbXVtzv.exe
  C:\Windows\System\zbXVtzv.exe
  2⤵
  PID:9232
- C:\Windows\System\dSXKQbi.exe
  C:\Windows\System\dSXKQbi.exe
  2⤵
  PID:9652
- C:\Windows\System\SVYJnDe.exe
  C:\Windows\System\SVYJnDe.exe
  2⤵
  PID:9532
- C:\Windows\System\KeKyKEo.exe
  C:\Windows\System\KeKyKEo.exe
  2⤵
  PID:9608
- C:\Windows\System\AlJRYpz.exe
  C:\Windows\System\AlJRYpz.exe
  2⤵
  PID:9748
- C:\Windows\System\VPokSPn.exe
  C:\Windows\System\VPokSPn.exe
  2⤵
  PID:9732
- C:\Windows\System\QiQcbtG.exe
  C:\Windows\System\QiQcbtG.exe
  2⤵
  PID:9784
- C:\Windows\System\JxOIzzD.exe
  C:\Windows\System\JxOIzzD.exe
  2⤵
  PID:9828
- C:\Windows\System\HHZWosp.exe
  C:\Windows\System\HHZWosp.exe
  2⤵
  PID:9856
- C:\Windows\System\YTOuXkC.exe
  C:\Windows\System\YTOuXkC.exe
  2⤵
  PID:9884
- C:\Windows\System\mDygpMI.exe
  C:\Windows\System\mDygpMI.exe
  2⤵
  PID:9924
- C:\Windows\System\btWsQdG.exe
  C:\Windows\System\btWsQdG.exe
  2⤵
  PID:9944
- C:\Windows\System\UBYvcLf.exe
  C:\Windows\System\UBYvcLf.exe
  2⤵
  PID:9960
- C:\Windows\System\QcGMUPT.exe
  C:\Windows\System\QcGMUPT.exe
  2⤵
  PID:9976
- C:\Windows\System\vlcMKYQ.exe
  C:\Windows\System\vlcMKYQ.exe
  2⤵
  PID:10016
- C:\Windows\System\CnXgMmQ.exe
  C:\Windows\System\CnXgMmQ.exe
  2⤵
  PID:10048
- C:\Windows\System\ZiRnPVy.exe
  C:\Windows\System\ZiRnPVy.exe
  2⤵
  PID:10100
- C:\Windows\System\qxJEVOz.exe
  C:\Windows\System\qxJEVOz.exe
  2⤵
  PID:10228
- C:\Windows\System\PiAaSCF.exe
  C:\Windows\System\PiAaSCF.exe
  2⤵
  PID:10168
- C:\Windows\System\sPBnUgt.exe
  C:\Windows\System\sPBnUgt.exe
  2⤵
  PID:10236
- C:\Windows\System\ghXyhZa.exe
  C:\Windows\System\ghXyhZa.exe
  2⤵
  PID:9324
- C:\Windows\System\JWXCxiI.exe
  C:\Windows\System\JWXCxiI.exe
  2⤵
  PID:9624
- C:\Windows\System\SPNnNRq.exe
  C:\Windows\System\SPNnNRq.exe
  2⤵
  PID:9712
- C:\Windows\System\bgvjNSE.exe
  C:\Windows\System\bgvjNSE.exe
  2⤵
  PID:9864
- C:\Windows\System\MIENwnJ.exe
  C:\Windows\System\MIENwnJ.exe
  2⤵
  PID:9940
- C:\Windows\System\FTUWwSM.exe
  C:\Windows\System\FTUWwSM.exe
  2⤵
  PID:10244
- C:\Windows\System\zkLOvZe.exe
  C:\Windows\System\zkLOvZe.exe
  2⤵
  PID:10260
- C:\Windows\System\vAoYpUM.exe
  C:\Windows\System\vAoYpUM.exe
  2⤵
  PID:10276
- C:\Windows\System\wkLVrTh.exe
  C:\Windows\System\wkLVrTh.exe
  2⤵
  PID:10292
- C:\Windows\System\rpqNvJt.exe
  C:\Windows\System\rpqNvJt.exe
  2⤵
  PID:10308
- C:\Windows\System\OxwoMhZ.exe
  C:\Windows\System\OxwoMhZ.exe
  2⤵
  PID:10324
- C:\Windows\System\cFxPdJr.exe
  C:\Windows\System\cFxPdJr.exe
  2⤵
  PID:10340
- C:\Windows\System\lPaiCxF.exe
  C:\Windows\System\lPaiCxF.exe
  2⤵
  PID:10356
- C:\Windows\System\HCDsUmu.exe
  C:\Windows\System\HCDsUmu.exe
  2⤵
  PID:10372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CxnLsDo.exe

Filesize
6.0MB

MD5
fadbf61b3df21e39b6560108784a833c

SHA1
28ab3dcf30ef78e6fcad35126d3c9084e959d264

SHA256
42a226773d20b2f9e7d9f993fc247f8ad07ae41b47301989b0b82e7093989927

SHA512
a0453a705452a410360b7a58aa9b1745b235d831a7e393b2edd585c086125bedf8a79a7907145c19c1ec5a3d8019fa19dd6913e38904873cccb4142cb6a3367b

Download Submit
C:\Windows\system\DGtrije.exe

Filesize
6.0MB

MD5
e7b499ba669d969ba344f7e5ef91ec49

SHA1
69f7ffdf67332ba342011a161a7ab02cedda180d

SHA256
a7a928965f5610d43dcdd8ad104b6f539f6e8a6c7726d130dc09c51162fc1211

SHA512
b7fe4396be49fa9e788eebb5a9e7d3c111b341fba3981b58dfe3b429961f4074229557a050843842e326abdd9cd2fba4e625de41c55ad14369d7a5f30d0d48c7

Download Submit
C:\Windows\system\GjVJTYR.exe

Filesize
6.0MB

MD5
068eb9562972397bb3a35ecde5668d3f

SHA1
3b8ae0df4dbd682fa46bd52df931d38a6ecc3fce

SHA256
e0e303fc2bd3da9a00dbb406a5875d75aa20ff1b6c447524d85b160835a36c7f

SHA512
8c4c092f2ee4b7d8ad7d71bdaca6ced97efb1f49d2b39c3748d6e1404233fdd60a6ca4eb1acd5bcb8c098ce5f9b89e37ac1d292cec26ccbae495f8b2dc1e5844

Download Submit
C:\Windows\system\JWoNKNG.exe

Filesize
6.0MB

MD5
cde50aed65425d0b029761d6f2a6a9e8

SHA1
a422864302c289ed6bda983803d925d7993bd6cb

SHA256
385338c2a09fe659a528606d1d8421e02bfb0475759d46d960d73491836146f6

SHA512
0bddd92d23604cf489745d2bab9767390d052a609d42577ee577d957b988780a7d15e280be60f49f5881a06bbeca507cf0a741016bfc2d459cadee6d90e1432f

Download Submit
C:\Windows\system\LHRYTIO.exe

Filesize
6.0MB

MD5
4bb160705bd9d3e805e4da951ea0750c

SHA1
8a54f4f7ab9e3592ab1dd85af2c9a8d8279526ef

SHA256
2f68a9eb1159f759f9de994429bce6295e0a3483cb887f6d2faf421a641d5c07

SHA512
2633d4416e6e6dcbb5be2e4f1679f5db899b5f1182c9acf2e18485eb1c222693f4e1fcd61643e147f09dd680f95748249137d3346de014491b8348d125b7a3d8

Download Submit
C:\Windows\system\PMkgggW.exe

Filesize
6.0MB

MD5
e44955451956d9a15f23c70cf984ad37

SHA1
dbedff896d66696160acf07558b2e90240e318d4

SHA256
dc8cdf209ce16511dff3bfdcc150c4bd4a77643c95aee5b748902fda0fd1f4ae

SHA512
4f994c2a271bdf935035b07fba8da3cbea6fe8f2efb2befe79e34ebb1a230c883d2de53e83cbbad5f443dca5c9b03b3fa01127a425877ed292af8d72e420a4c5

Download Submit
C:\Windows\system\QFTFmXT.exe

Filesize
6.0MB

MD5
6adb355838a0de882fe106c98086baae

SHA1
9427a35bac2a93ae39e46c6739960a97d2f04a80

SHA256
e91550f91fa8ddc45e206af562b21310774d91ab3a6daad3e31d880d780ed024

SHA512
3233a547cac82cbecd78212938716119cff7222e63b14af7f247050bdc912939253d11b680ac03651a37bdea07ed01a9abad622fa34ab36e5df054586d2b7ede

Download Submit
C:\Windows\system\QQdProd.exe

Filesize
6.0MB

MD5
c5bfd5009a9270c9d83518b50b4768dc

SHA1
fe37ddfa9e9aa54e6ad569fe8b96cd018e03b6d2

SHA256
d97c048ee06d3576f5533cd1bfd2c90990f570c30774be40b5cda01ce50fd0f1

SHA512
7efe68a351efe783df1d0ce69827b4e81546a30067e6d755a4c5449dc862e557d9dc3248b39d0c3871ab06079f7b65227cedf49638cecb980fc110ef5aa25dc5

Download Submit
C:\Windows\system\QuxFadT.exe

Filesize
6.0MB

MD5
76b7760aba0f0563f0e59a1d47e01765

SHA1
5ffc0b63339c7c6a895f7b647140ac6d1ff9730d

SHA256
8473a93ca5a4785e9cf3a41d3ff53e5262f3de870a911f3b53105bd63a9bf2b2

SHA512
c56826e5c0eaf00f786a9ad2bd1aafdf06ffc607ce5f971b9cc91c42a850056b4dd2b8c67abc8db0f6915405e47cc9b6f57fc803f0a25258fd7ebaec21d75da6

Download Submit
C:\Windows\system\SfzrImR.exe

Filesize
6.0MB

MD5
3458801b1928f48082c7e25b454280c0

SHA1
87a3ee0f60094a6454cf691ba315a02dde03f750

SHA256
9ef825143374a35f8a013f29769a9128c36803e1408051201ae56dc0277a053a

SHA512
28daed992c69628ea78c940a1a26eb862dd646d70268af49281cbafa9ed9ec06a8bbd32a949b2cfb293cd14cf68023aafe5b149a2ae1b7135f12a7d7bc2c0dc2

Download Submit
C:\Windows\system\VzivSzs.exe

Filesize
6.0MB

MD5
edb29e4543e901f2f84971017cdfd5db

SHA1
04199c5aad85bdacb47f902bacbb7c2a2647d893

SHA256
64379cc440a4c8b9a3701699563f7ea3eb6770fee968cbfd65b37401854cbdb3

SHA512
def96600888375f258230d73cb300c82b6876c0e469c0020b0491c82de42384bb35202e936869cf8abc1ee3d498ec459c3c6e07a345e5f52e3fc4a96cf85bdb3

Download Submit
C:\Windows\system\WGfnYky.exe

Filesize
6.0MB

MD5
9eb38133b5dd5d0195470c3a0fe0df0c

SHA1
911017fbb4bb1c477688cbea1e49287f071591df

SHA256
f9f10cc9f6ba9882bb21e63dd31bb42c03f4aa0ff9d80b45e23730cb5aad3747

SHA512
dd76c866d2f96ac554f7d6cd77659d03296bc76b2cdc9fc668c8b40609d07e788ca96f7af138845abd2e1b3e7d1d1e42406c81232f7f29f2b93e0d22aacfaf1e

Download Submit
C:\Windows\system\WfZZikX.exe

Filesize
6.0MB

MD5
045b997a8a00e747a4733e06d3ce03d7

SHA1
001957d5a52b5818c687b0e6c6ca9c7e7f0b4c8b

SHA256
85931c069ddd74d92361355314dbbc895984842b211e4fbc9f8937732e7fda51

SHA512
53125342fd07c049e390474d06a121d54818af9c4bd2e4e816d5f15b627cbbafb84632c13100e5ac3623aff91b1f6b881e0b80459af1d55efd1e9d1d4175becc

Download Submit
C:\Windows\system\WoPCWWn.exe

Filesize
6.0MB

MD5
bdcaf1c1d61232e674882b5baa48e37a

SHA1
baf446dae3fd3d279570f975b6c91502d87a6165

SHA256
fed4dde5f782356d33d8b70ab8c886b773e9bbb50e0038b061bea2171b85de79

SHA512
60b82941b26ee5046db057d5d70059e4a897d6b0203b459581f9e95f73ba52139304ffcfbbf35f91edccc844365def1e96e3ebb3ca34edae6b2c295408d4aa1e

Download Submit
C:\Windows\system\YKNBMMX.exe

Filesize
6.0MB

MD5
a903a7825b3eba1773e932763ed16a81

SHA1
53e5ddb710a7bbf806e2c2fe7046972f65d21f5c

SHA256
0b1242f5ff63f6252f047b03b0c3d03afd7f7b6b5104d0a53897f833dc5b0951

SHA512
491dcc37e5f091ec877c51afd2806f55094d25c4e6aa06c16216811eabdec7d68c3fb02e51f4f650305621b8cb370a5162a74e02cc739f46757cd84d044dc79a

Download Submit
C:\Windows\system\YgRYRQJ.exe

Filesize
6.0MB

MD5
aae82261820706f5ad3ac11f3277b934

SHA1
29eed6f741f30f8b418cbe047a71a7c535c402dd

SHA256
7f00d057bd499134d9e5d53a9cca2ccf69cd50d022daba961135be9ba421ebcb

SHA512
ee5a21a462e38112e7990c15102e54e1c1bee00b847858067cb3277ff4ac1fc75c9f3b5b6c1a1b49b1cc93c3fd4edb3cb9b0d8898056f882b8b55484769d0a5c

Download Submit
C:\Windows\system\fAuHvsG.exe

Filesize
6.0MB

MD5
d47ac39acf1668530c271fed46758db1

SHA1
722cd859d9da0070a2ffc576eb36febc561effec

SHA256
9c62881ebbc683688b388241df1a9eedaf1b1bde99305ca13de9e887d8977511

SHA512
9d863c7267de1d629ca675d2e8763b09a6a60cacd77419d269218f5f736f9aed1a21522249e7af7163b77dd9f4b0afc0f19d1ed501701bf7f65ef6d8f0b7f04f

Download Submit
C:\Windows\system\hYMJMaN.exe

Filesize
6.0MB

MD5
74d2f7161a162917279ff00da922a283

SHA1
def1a9a47feab3177ae1ebfe120777aeaf4aab70

SHA256
c90d86bd67d5799ce07c22078cb4dc707a70dbc60e2c258eb1c250e2f7b0f25a

SHA512
b1f26424016c093b4f57abd96401c7506d81fe1e566302e607734386f2934ff3166a4cdb8964abf1ed04af8d2e1bec75591b3d69a91a40be408a5ec86f547c95

Download Submit
C:\Windows\system\iEFsFHz.exe

Filesize
6.0MB

MD5
c44c5ec13a657cce29d21e914de7c7af

SHA1
a15c77338e86870082f072fd49c56b01cd92cc1b

SHA256
1bbad9cc879830c878a2337b64e026427fdf4b50c20b8175c2785b99974455fa

SHA512
c6274a042932bff9fe9dba0bef3f4116b73a7e71ea0aec6b4ca528a195385b887eebd0e8587fce043fd5980b90ef5954578f4ad36dea485067a835159546a092

Download Submit
C:\Windows\system\mpOPDdy.exe

Filesize
6.0MB

MD5
0a0701a8222eeda8b92f0655b47b3e13

SHA1
043dfc2636b71344b2dac15760cfe938ab8a1941

SHA256
5b48877127324b7977c78263bc16d3ac043e8d739b8ce5999e8df0f145404bb0

SHA512
9c9ca496ae5ca40ad7ac183741eb2bc4e93f103a376e1c8743ba44ceda03868247028fc66038cb4d776e00ffd53b2bd24621315bc58d50e8d87660bc03ef1048

Download Submit
C:\Windows\system\qjnSeeN.exe

Filesize
6.0MB

MD5
00f03c3243997e97198217b9fe528039

SHA1
a9740854ddef2f1177b365df2781e65661a77e84

SHA256
95aaebc822d228ba6cac0f3b154fdf91e9127575d0e79c4a5e8dd8a94c3d3c4c

SHA512
4ab958e1aa05d844f980aef0b18a1a207fa62b80394a4a0aa8031cade9942435c521a679a6d45e6944965cf967049831bcba2efc1aa746e2af99b4a6e7d433db

Download Submit
C:\Windows\system\rmrhQGe.exe

Filesize
6.0MB

MD5
b4a8b4304b9d61287406b51f9f8751a9

SHA1
458c75575d7a7f4a429487d9a541c7f4707859b9

SHA256
6df7dd513aa0ab8fe58b957477e39fdc276cc9d89b95ee30a480a57d825fe519

SHA512
1fdaea19e683b577556da9a4fa4ec27f88af564360afbe9332e50001489988a60cc6eae6f74ae47f873f4a36ddd1c925ed447c9beb3205499c8404e25d234a68

Download Submit
C:\Windows\system\sYIlQUR.exe

Filesize
6.0MB

MD5
3da5543d8cad02f3513fdfcbb2d8b3f3

SHA1
d3fae6335c35314b00202b209770e7db01d2b8fb

SHA256
84f36873617210ef2e9fa04643fc23b1e454dab470bf827f3adc5d7cede77808

SHA512
36fd226b84f8b6b433b0bdd09015568f57bd4b7a31b853eeb97d11da8ae584cccccb26e52ba718139b2f614a9281cdfccc3d4fc724a40e75f9d00be0e6738b9a

Download Submit
C:\Windows\system\wLhvLDA.exe

Filesize
6.0MB

MD5
cf539b9f488d882edd764eff06d891b4

SHA1
06779ff5dd5022137ec121c1f703fc3e60b108aa

SHA256
ba80cec5726ce7e4261cd3c5304bad914ba8631646f9bc533cecb7690353025d

SHA512
aaf8f9d6b98511c2fdc904a6cd157f05f65fb1eba94d1045ee60836614b1e3e4b220adc91e351232f193241946710e1c829aa307b94210f51f4b4c8663551722

Download Submit
C:\Windows\system\wLmCbKP.exe

Filesize
6.0MB

MD5
bd2226aef5620f5e22fa3518cc255888

SHA1
84c4fa16b632047ea7e4ba7009742a95189f2fc7

SHA256
d146e065cab8ff2c52f16e12ce2ddc48c6616a451e35037465ce793c811c977d

SHA512
b8c6aa2781b7240bf61250211701bf790891849dfe14e908e6468b67fbc191ed6138309cdcad6ff1a793eff602cfa9f8890378625174be0e005d0792b7d7e5db

Download Submit
C:\Windows\system\yUHReLB.exe

Filesize
6.0MB

MD5
40600bcae5afd5135b4fed3f6feb8ecc

SHA1
8201f9d25afc34416ac3b5cb5413195f96f39f1e

SHA256
abcf0ebe330340028ca6d4a96fff290f5076786931c19974f8a04bebafaf3cbb

SHA512
954cb250102fd48ed7e3bdddcbda7bb162b4a725f8e8b72c215843b9e7db04cca498f549db94eb155cc3e31f372c62c1dd41e500b5b9a504a858ab48725bf8a3

Download Submit
C:\Windows\system\zlYzQTt.exe

Filesize
6.0MB

MD5
5da2078a0856f35413bde4314a50f162

SHA1
f30e39555e2e32d79b60216670ac33b501df3a4a

SHA256
c9223fa1a41ea3b2758152acacfecb94b38d00628f94061298b470069a1a8eaa

SHA512
92afbd33ddb94061abe242557aefad9bedefe4ea319b454891e8b739390f4ffc088670e714c3767f6ec1485fcfc3631d78fccc1af08482247dee04e4ca5d62db

Download Submit
C:\Windows\system\zmczNjY.exe

Filesize
6.0MB

MD5
cfec5b3ae16c17b25a525c2368e12894

SHA1
9745296cba64ea13fd9ba19d4d4c10e96e980235

SHA256
be5881d682b72d496490d712b91fe2a95359d47c9fa3e2be7f2524706b2f4b78

SHA512
3ac0cec963db3caded89dd3e8e65f384d1aa4dedb721dbe9e238ad670b720d52d332f285f825852c5a67716f268899c6e2b8792aca0aa0834777358a17509595

Download Submit
C:\Windows\system\zmmcMHf.exe

Filesize
6.0MB

MD5
2817ef09760dd16cf31f7d4c80178a4d

SHA1
2cbf48efc596a8c9aeee2b6936e1018e0da2552d

SHA256
0737e55d6cb0a1ffcf80a2930cf28b3b626b3558b748303184716364b3fb4c46

SHA512
f898a6bf08fbdc76544ee27959016842ed757c3d0aa9be561eea9694f5e83a3f7535f4503e98e63c56c61668038c8ea67582f55a2187c68ac7006f66c8b96f6f

Download Submit
\Windows\system\CHZwenh.exe

Filesize
6.0MB

MD5
d50a2cdb5763ea397f1c1359a2b54117

SHA1
9ef8d6cbe641639cde47b0d2174ac042a7f85781

SHA256
4491b1d60dab3052a40bfe2ae35029bcfec2c6a8cbaf2eec2a66f431594c2abe

SHA512
81e38892e559fd81559c5df4119e801170b01a6f26514f3473850b6a825aa2904c49d057c55a373cf3d151811df5736669d4abdd837877b3e94eccf4cdc1d944

Download Submit
\Windows\system\ETQmFSF.exe

Filesize
6.0MB

MD5
37cddcb8625db65c99822b01e15fa188

SHA1
89f35cd3c9feb471122e5ef390577bd782cbdabe

SHA256
4221933dd63705eda465cac0397c606bf027e5bcd34e8e12f515d913e1aec4d0

SHA512
eea85f496ee9a95b17e5ba699fda8c1766264bafd31ca821c62a7384d44f2ae980435768896bcd7c1da652165f7cf8487f0685284b17d688102df474290a65b5

Download Submit
\Windows\system\XNuVIzV.exe

Filesize
6.0MB

MD5
9d73db7be73fc728f0d012d855918e30

SHA1
8a83954b4dfe7c6e31c800f1c6d57e3ea7cc2aea

SHA256
e873b708ed99e9b2dc914cf8324a3ee92c2ab88b070971db29ed030aea915236

SHA512
8b9c30d44a7b9abd5eab820074ffc2619d576f1c79810e303da15b0dc1b585f60de44e04be97e2f8d24b989f482ebfb4604081cfe6a99a645aa53ac353f7ee25

Download Submit
\Windows\system\npOsWcR.exe

Filesize
6.0MB

MD5
1bb7404234fbce00970015016a317a3c

SHA1
dba8360b477e59041294415cd83de96b747c4b85

SHA256
daee98f21985b6505e665c94689cf7762cea90f295434bb096e9f8222480b889

SHA512
711ebb09b38dd92a0f887588d0a5254dfb4050f32ffd779cb9441585758d982c07d37d8d977c25116f8920ce8d258939a792f5f9257b07e7c1a0cf71ed81c99e

Download Submit
memory/716-2873-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/876-2258-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/876-2795-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1232-2823-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1428-2826-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2825-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2865-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2857-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3033-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2372-4994-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3036-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3056-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3065-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2220-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2096-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3074-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2372-3083-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3088-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1666-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3045-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2259-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3035-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2372-0-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2824-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2837-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2858-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2846-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2872-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2794-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2844-2216-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2892-78-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2798-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2797-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2310-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download