cobaltstrike | 1d4ade9627f49e9c8b9475964c7f9f90d36e6dc5e86ec4aa5aad3b2858abb786

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0038abe8dc0f814fb007b92c31aeb980
SHA1

fb578cca041cbce8d53b4e2a1082054af2390e44
SHA256

1d4ade9627f49e9c8b9475964c7f9f90d36e6dc5e86ec4aa5aad3b2858abb786
SHA512

b9b8432251c2a711cb160284c20bf58d87de738a566466667d15a5981548a0bb9be425084fc5ebbcc958cae979dd752672d9ae2792c4acb45439cd296b235840
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015689-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cb9-19.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156a8-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ccf-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cfd-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0a-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015f4e-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016141-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164de-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c89-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cab-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf0-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-177.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-182.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-167.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d22-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca0-132.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b86-122.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016890-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016689-112.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001660e-107.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016399-97.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000162e4-92.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000160da-80.dat	cobalt_reflective_dll
behavioral1/files/0x003800000001506e-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015fa6-59.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2316-0-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0008000000012117-3.dat	xmrig
behavioral1/memory/2728-9-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015689-13.dat	xmrig
behavioral1/files/0x0007000000015cb9-19.dat	xmrig
behavioral1/files/0x00080000000156a8-18.dat	xmrig
behavioral1/files/0x0007000000015ccf-27.dat	xmrig
behavioral1/files/0x0008000000015cfd-37.dat	xmrig
behavioral1/files/0x0008000000015d0a-41.dat	xmrig
behavioral1/files/0x0007000000015ce4-31.dat	xmrig
behavioral1/files/0x0006000000015f4e-46.dat	xmrig
behavioral1/memory/2316-52-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2684-51-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2740-60-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2316-69-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2864-72-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2596-74-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2200-75-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2668-82-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0006000000016141-85.dat	xmrig
behavioral1/files/0x00060000000164de-102.dat	xmrig
behavioral1/files/0x0006000000016c89-127.dat	xmrig
behavioral1/files/0x0006000000016cab-137.dat	xmrig
behavioral1/files/0x0006000000016cf0-142.dat	xmrig
behavioral1/files/0x0006000000016d4c-152.dat	xmrig
behavioral1/files/0x0006000000016dd9-177.dat	xmrig
behavioral1/memory/2788-1392-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1412-1440-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2316-1962-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2728-2214-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2684-2278-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2316-1399-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2956-1370-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/1224-2883-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2880-2875-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2864-2905-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2888-2898-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2596-2921-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2728-2922-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2740-2915-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2744-2924-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2668-2963-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2684-2964-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2956-2984-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2788-2978-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1412-2971-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2200-2968-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de9-182.dat	xmrig
behavioral1/files/0x0006000000016d73-167.dat	xmrig
behavioral1/files/0x0006000000016dd5-172.dat	xmrig
behavioral1/files/0x0006000000016d68-157.dat	xmrig
behavioral1/files/0x0006000000016d6f-161.dat	xmrig
behavioral1/files/0x0006000000016d22-147.dat	xmrig
behavioral1/files/0x0006000000016ca0-132.dat	xmrig
behavioral1/files/0x0006000000016b86-122.dat	xmrig
behavioral1/files/0x0006000000016890-118.dat	xmrig
behavioral1/files/0x0006000000016689-112.dat	xmrig
behavioral1/files/0x000600000001660e-107.dat	xmrig
behavioral1/files/0x0006000000016399-97.dat	xmrig
behavioral1/files/0x00060000000162e4-92.dat	xmrig
behavioral1/files/0x00060000000160da-80.dat	xmrig
behavioral1/memory/2880-79-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2316-73-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2316-71-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2728	MHbqwDp.exe
2880	bfikVYi.exe
2684	jdPaStP.exe
1224	TfbUSsk.exe
2740	ZDvPsPB.exe
2888	hwfRAGc.exe
2744	MpXdIcY.exe
2864	XrnADrr.exe
2596	orXHZPi.exe
2668	AGqfcLU.exe
2200	DOdhfFF.exe
1412	NncXCdh.exe
2956	YubxOPF.exe
2788	RSENIxI.exe
2776	CUgteyo.exe
1560	WCJHeYC.exe
2756	rXifIQB.exe
2936	aoTXgir.exe
2096	JiiakNc.exe
1612	rZSIoMl.exe
1548	ynIOZxQ.exe
1152	ZcAxEHR.exe
1496	temHIOq.exe
936	BQsxerO.exe
1792	NRpMavr.exe
2108	wVFWKlV.exe
1860	wDjxyde.exe
844	WjNkvBw.exe
2468	Jtgexch.exe
1760	wQzXLph.exe
624	yBcrFAm.exe
2276	PXJoTUZ.exe
2004	oHhBuVj.exe
1036	sQgCCwG.exe
2552	JlKWPJD.exe
828	DqIcEtH.exe
1772	XEwiCqK.exe
1352	ZcIdeyT.exe
1552	LcWpPMc.exe
2260	gHNSqAm.exe
1052	TxUuVQw.exe
740	HBIypZi.exe
2412	hqSZppO.exe
1872	lZWqTny.exe
2284	FANEjWO.exe
2320	DtDasWF.exe
2472	nnHyWTp.exe
2140	IUOLLFz.exe
300	KSomsQc.exe
548	FRPYfFd.exe
1696	azXuDmT.exe
1512	QDAtFWq.exe
872	HKOychg.exe
1740	rfdAIIN.exe
2508	YjxpaNP.exe
1592	NxHKCYX.exe
1604	GVxqbRJ.exe
2804	JiTBXOd.exe
2584	OMwRwlA.exe
2792	wYOnRcl.exe
2632	EXQVUmR.exe
2640	yoqNqJU.exe
640	qPwDfGY.exe
2080	fbfUVuU.exe

Loads dropped DLL 64 IoCs

pid	Process
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2316-0-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0008000000012117-3.dat	upx
behavioral1/memory/2728-9-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x0008000000015689-13.dat	upx
behavioral1/files/0x0007000000015cb9-19.dat	upx
behavioral1/files/0x00080000000156a8-18.dat	upx
behavioral1/files/0x0007000000015ccf-27.dat	upx
behavioral1/files/0x0008000000015cfd-37.dat	upx
behavioral1/files/0x0008000000015d0a-41.dat	upx
behavioral1/files/0x0007000000015ce4-31.dat	upx
behavioral1/files/0x0006000000015f4e-46.dat	upx
behavioral1/memory/2684-51-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2740-60-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2864-72-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2596-74-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2200-75-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2668-82-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0006000000016141-85.dat	upx
behavioral1/files/0x00060000000164de-102.dat	upx
behavioral1/files/0x0006000000016c89-127.dat	upx
behavioral1/files/0x0006000000016cab-137.dat	upx
behavioral1/files/0x0006000000016cf0-142.dat	upx
behavioral1/files/0x0006000000016d4c-152.dat	upx
behavioral1/files/0x0006000000016dd9-177.dat	upx
behavioral1/memory/2788-1392-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1412-1440-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2316-1962-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2728-2214-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2684-2278-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2956-1370-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/1224-2883-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2880-2875-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2864-2905-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2888-2898-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2596-2921-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2728-2922-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2740-2915-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2744-2924-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2668-2963-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2684-2964-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2956-2984-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2788-2978-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1412-2971-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2200-2968-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x0006000000016de9-182.dat	upx
behavioral1/files/0x0006000000016d73-167.dat	upx
behavioral1/files/0x0006000000016dd5-172.dat	upx
behavioral1/files/0x0006000000016d68-157.dat	upx
behavioral1/files/0x0006000000016d6f-161.dat	upx
behavioral1/files/0x0006000000016d22-147.dat	upx
behavioral1/files/0x0006000000016ca0-132.dat	upx
behavioral1/files/0x0006000000016b86-122.dat	upx
behavioral1/files/0x0006000000016890-118.dat	upx
behavioral1/files/0x0006000000016689-112.dat	upx
behavioral1/files/0x000600000001660e-107.dat	upx
behavioral1/files/0x0006000000016399-97.dat	upx
behavioral1/files/0x00060000000162e4-92.dat	upx
behavioral1/files/0x00060000000160da-80.dat	upx
behavioral1/memory/2880-79-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2744-70-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2888-68-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x003800000001506e-61.dat	upx
behavioral1/files/0x0006000000015fa6-59.dat	upx
behavioral1/memory/1224-57-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PFycAzI.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPDggrh.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSBtQZe.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTcdRXF.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmXGRpK.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnIwwuM.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHlfeXv.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvGPaCA.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBEFAsE.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idExzzA.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRKwDye.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaLIWOV.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMoiPvf.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNaerlX.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVgZbUt.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuLQoyY.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYweSzd.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHnJiqU.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgaCMFO.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktloAAX.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGFqcvA.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYthLIv.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTHFugZ.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbfUVuU.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSaGmCP.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQqXyiP.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMxUHTr.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dupvaqB.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMTBbER.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYRqltT.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fthgVDC.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibkpvnG.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnhYTIM.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqFTqnL.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYrkbOr.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyShXoF.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqbYhmI.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZHPxtO.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrEINvv.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfAkFhi.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqqPGcC.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRPmDtX.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNXSije.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUQYSyb.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWocEvE.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chXcIzb.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVJYvHB.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obwwyTR.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYTVhby.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhrNIwF.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jswZgqh.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftjHkTt.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMlFSlJ.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKiLwaR.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqIcEtH.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBomqOi.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxERBTk.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxMZbzX.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BorYumh.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfAaJJh.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJYFNDv.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auYFpJf.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoytXPQ.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEkpChR.exe	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2728	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2316 wrote to memory of 2728	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2316 wrote to memory of 2728	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2316 wrote to memory of 2880	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2316 wrote to memory of 2880	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2316 wrote to memory of 2880	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2316 wrote to memory of 2684	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2316 wrote to memory of 2684	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2316 wrote to memory of 2684	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2316 wrote to memory of 1224	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2316 wrote to memory of 1224	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2316 wrote to memory of 1224	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2316 wrote to memory of 2740	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2316 wrote to memory of 2740	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2316 wrote to memory of 2740	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2316 wrote to memory of 2888	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2316 wrote to memory of 2888	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2316 wrote to memory of 2888	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2316 wrote to memory of 2744	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2316 wrote to memory of 2744	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2316 wrote to memory of 2744	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2316 wrote to memory of 2864	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2316 wrote to memory of 2864	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2316 wrote to memory of 2864	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2316 wrote to memory of 2596	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2316 wrote to memory of 2596	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2316 wrote to memory of 2596	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2316 wrote to memory of 2668	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2316 wrote to memory of 2668	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2316 wrote to memory of 2668	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2316 wrote to memory of 2200	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2316 wrote to memory of 2200	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2316 wrote to memory of 2200	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2316 wrote to memory of 1412	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2316 wrote to memory of 1412	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2316 wrote to memory of 1412	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2316 wrote to memory of 2956	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2316 wrote to memory of 2956	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2316 wrote to memory of 2956	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2316 wrote to memory of 2788	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2316 wrote to memory of 2788	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2316 wrote to memory of 2788	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2316 wrote to memory of 2776	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2316 wrote to memory of 2776	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2316 wrote to memory of 2776	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2316 wrote to memory of 1560	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2316 wrote to memory of 1560	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2316 wrote to memory of 1560	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2316 wrote to memory of 2756	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2316 wrote to memory of 2756	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2316 wrote to memory of 2756	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2316 wrote to memory of 2936	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2316 wrote to memory of 2936	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2316 wrote to memory of 2936	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2316 wrote to memory of 2096	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2316 wrote to memory of 2096	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2316 wrote to memory of 2096	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2316 wrote to memory of 1612	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2316 wrote to memory of 1612	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2316 wrote to memory of 1612	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2316 wrote to memory of 1548	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2316 wrote to memory of 1548	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2316 wrote to memory of 1548	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2316 wrote to memory of 1152	2316	2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_0038abe8dc0f814fb007b92c31aeb980_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\System\MHbqwDp.exe
  C:\Windows\System\MHbqwDp.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\bfikVYi.exe
  C:\Windows\System\bfikVYi.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\jdPaStP.exe
  C:\Windows\System\jdPaStP.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\TfbUSsk.exe
  C:\Windows\System\TfbUSsk.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\ZDvPsPB.exe
  C:\Windows\System\ZDvPsPB.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\hwfRAGc.exe
  C:\Windows\System\hwfRAGc.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\MpXdIcY.exe
  C:\Windows\System\MpXdIcY.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\XrnADrr.exe
  C:\Windows\System\XrnADrr.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\orXHZPi.exe
  C:\Windows\System\orXHZPi.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\AGqfcLU.exe
  C:\Windows\System\AGqfcLU.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\DOdhfFF.exe
  C:\Windows\System\DOdhfFF.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\NncXCdh.exe
  C:\Windows\System\NncXCdh.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\YubxOPF.exe
  C:\Windows\System\YubxOPF.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\RSENIxI.exe
  C:\Windows\System\RSENIxI.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\CUgteyo.exe
  C:\Windows\System\CUgteyo.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\WCJHeYC.exe
  C:\Windows\System\WCJHeYC.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\rXifIQB.exe
  C:\Windows\System\rXifIQB.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\aoTXgir.exe
  C:\Windows\System\aoTXgir.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\JiiakNc.exe
  C:\Windows\System\JiiakNc.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\rZSIoMl.exe
  C:\Windows\System\rZSIoMl.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ynIOZxQ.exe
  C:\Windows\System\ynIOZxQ.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ZcAxEHR.exe
  C:\Windows\System\ZcAxEHR.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\temHIOq.exe
  C:\Windows\System\temHIOq.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\BQsxerO.exe
  C:\Windows\System\BQsxerO.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\NRpMavr.exe
  C:\Windows\System\NRpMavr.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\wVFWKlV.exe
  C:\Windows\System\wVFWKlV.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\wDjxyde.exe
  C:\Windows\System\wDjxyde.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\WjNkvBw.exe
  C:\Windows\System\WjNkvBw.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\Jtgexch.exe
  C:\Windows\System\Jtgexch.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\wQzXLph.exe
  C:\Windows\System\wQzXLph.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\yBcrFAm.exe
  C:\Windows\System\yBcrFAm.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\PXJoTUZ.exe
  C:\Windows\System\PXJoTUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\oHhBuVj.exe
  C:\Windows\System\oHhBuVj.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\sQgCCwG.exe
  C:\Windows\System\sQgCCwG.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\JlKWPJD.exe
  C:\Windows\System\JlKWPJD.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\DqIcEtH.exe
  C:\Windows\System\DqIcEtH.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\XEwiCqK.exe
  C:\Windows\System\XEwiCqK.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\ZcIdeyT.exe
  C:\Windows\System\ZcIdeyT.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\LcWpPMc.exe
  C:\Windows\System\LcWpPMc.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\gHNSqAm.exe
  C:\Windows\System\gHNSqAm.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\TxUuVQw.exe
  C:\Windows\System\TxUuVQw.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\HBIypZi.exe
  C:\Windows\System\HBIypZi.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\hqSZppO.exe
  C:\Windows\System\hqSZppO.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\lZWqTny.exe
  C:\Windows\System\lZWqTny.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\FANEjWO.exe
  C:\Windows\System\FANEjWO.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\DtDasWF.exe
  C:\Windows\System\DtDasWF.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\nnHyWTp.exe
  C:\Windows\System\nnHyWTp.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\IUOLLFz.exe
  C:\Windows\System\IUOLLFz.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\KSomsQc.exe
  C:\Windows\System\KSomsQc.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\FRPYfFd.exe
  C:\Windows\System\FRPYfFd.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\azXuDmT.exe
  C:\Windows\System\azXuDmT.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\QDAtFWq.exe
  C:\Windows\System\QDAtFWq.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\HKOychg.exe
  C:\Windows\System\HKOychg.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\rfdAIIN.exe
  C:\Windows\System\rfdAIIN.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\YjxpaNP.exe
  C:\Windows\System\YjxpaNP.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\NxHKCYX.exe
  C:\Windows\System\NxHKCYX.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\GVxqbRJ.exe
  C:\Windows\System\GVxqbRJ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\JiTBXOd.exe
  C:\Windows\System\JiTBXOd.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\OMwRwlA.exe
  C:\Windows\System\OMwRwlA.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\wYOnRcl.exe
  C:\Windows\System\wYOnRcl.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\EXQVUmR.exe
  C:\Windows\System\EXQVUmR.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\yoqNqJU.exe
  C:\Windows\System\yoqNqJU.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\qPwDfGY.exe
  C:\Windows\System\qPwDfGY.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\fbfUVuU.exe
  C:\Windows\System\fbfUVuU.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\ThMcZfl.exe
  C:\Windows\System\ThMcZfl.exe
  2⤵
  PID:660
- C:\Windows\System\jTyHXrI.exe
  C:\Windows\System\jTyHXrI.exe
  2⤵
  PID:2848
- C:\Windows\System\AOhZzAx.exe
  C:\Windows\System\AOhZzAx.exe
  2⤵
  PID:2940
- C:\Windows\System\HnOdHdO.exe
  C:\Windows\System\HnOdHdO.exe
  2⤵
  PID:2092
- C:\Windows\System\mGMbavw.exe
  C:\Windows\System\mGMbavw.exe
  2⤵
  PID:2400
- C:\Windows\System\QyZgCht.exe
  C:\Windows\System\QyZgCht.exe
  2⤵
  PID:680
- C:\Windows\System\JxRzyWi.exe
  C:\Windows\System\JxRzyWi.exe
  2⤵
  PID:1488
- C:\Windows\System\uIJtCqV.exe
  C:\Windows\System\uIJtCqV.exe
  2⤵
  PID:1868
- C:\Windows\System\OqjRttH.exe
  C:\Windows\System\OqjRttH.exe
  2⤵
  PID:3012
- C:\Windows\System\eAjeITI.exe
  C:\Windows\System\eAjeITI.exe
  2⤵
  PID:2560
- C:\Windows\System\wYDYefc.exe
  C:\Windows\System\wYDYefc.exe
  2⤵
  PID:708
- C:\Windows\System\chFshua.exe
  C:\Windows\System\chFshua.exe
  2⤵
  PID:2172
- C:\Windows\System\bsboRRt.exe
  C:\Windows\System\bsboRRt.exe
  2⤵
  PID:2296
- C:\Windows\System\KXEaAWA.exe
  C:\Windows\System\KXEaAWA.exe
  2⤵
  PID:2404
- C:\Windows\System\tuioSZx.exe
  C:\Windows\System\tuioSZx.exe
  2⤵
  PID:1908
- C:\Windows\System\RdkfdDb.exe
  C:\Windows\System\RdkfdDb.exe
  2⤵
  PID:2136
- C:\Windows\System\iUiSzsa.exe
  C:\Windows\System\iUiSzsa.exe
  2⤵
  PID:748
- C:\Windows\System\sPlXohw.exe
  C:\Windows\System\sPlXohw.exe
  2⤵
  PID:1288
- C:\Windows\System\vBuEozr.exe
  C:\Windows\System\vBuEozr.exe
  2⤵
  PID:892
- C:\Windows\System\KmysVaR.exe
  C:\Windows\System\KmysVaR.exe
  2⤵
  PID:3064
- C:\Windows\System\dYdqUIn.exe
  C:\Windows\System\dYdqUIn.exe
  2⤵
  PID:284
- C:\Windows\System\wJNdQmL.exe
  C:\Windows\System\wJNdQmL.exe
  2⤵
  PID:1228
- C:\Windows\System\vKXPeRO.exe
  C:\Windows\System\vKXPeRO.exe
  2⤵
  PID:2340
- C:\Windows\System\XgjHPDr.exe
  C:\Windows\System\XgjHPDr.exe
  2⤵
  PID:2056
- C:\Windows\System\JUBfqGC.exe
  C:\Windows\System\JUBfqGC.exe
  2⤵
  PID:1444
- C:\Windows\System\HIInsiF.exe
  C:\Windows\System\HIInsiF.exe
  2⤵
  PID:1972
- C:\Windows\System\wZGirMW.exe
  C:\Windows\System\wZGirMW.exe
  2⤵
  PID:1716
- C:\Windows\System\jtCTxrc.exe
  C:\Windows\System\jtCTxrc.exe
  2⤵
  PID:2708
- C:\Windows\System\yKBidah.exe
  C:\Windows\System\yKBidah.exe
  2⤵
  PID:2844
- C:\Windows\System\uhiWbjb.exe
  C:\Windows\System\uhiWbjb.exe
  2⤵
  PID:2748
- C:\Windows\System\hyFSrLX.exe
  C:\Windows\System\hyFSrLX.exe
  2⤵
  PID:2588
- C:\Windows\System\MJgMqHl.exe
  C:\Windows\System\MJgMqHl.exe
  2⤵
  PID:2300
- C:\Windows\System\NONPqXk.exe
  C:\Windows\System\NONPqXk.exe
  2⤵
  PID:2924
- C:\Windows\System\fBZFhxJ.exe
  C:\Windows\System\fBZFhxJ.exe
  2⤵
  PID:1532
- C:\Windows\System\mTPkoni.exe
  C:\Windows\System\mTPkoni.exe
  2⤵
  PID:2304
- C:\Windows\System\eymcsDI.exe
  C:\Windows\System\eymcsDI.exe
  2⤵
  PID:1524
- C:\Windows\System\GFDvmuF.exe
  C:\Windows\System\GFDvmuF.exe
  2⤵
  PID:1160
- C:\Windows\System\eeFbXbg.exe
  C:\Windows\System\eeFbXbg.exe
  2⤵
  PID:2180
- C:\Windows\System\EuUQvJr.exe
  C:\Windows\System\EuUQvJr.exe
  2⤵
  PID:2164
- C:\Windows\System\LtWraJt.exe
  C:\Windows\System\LtWraJt.exe
  2⤵
  PID:948
- C:\Windows\System\eapsfqj.exe
  C:\Windows\System\eapsfqj.exe
  2⤵
  PID:1324
- C:\Windows\System\XLjysVd.exe
  C:\Windows\System\XLjysVd.exe
  2⤵
  PID:2160
- C:\Windows\System\DjamHXw.exe
  C:\Windows\System\DjamHXw.exe
  2⤵
  PID:1080
- C:\Windows\System\KSkUATF.exe
  C:\Windows\System\KSkUATF.exe
  2⤵
  PID:2000
- C:\Windows\System\fnZPrKn.exe
  C:\Windows\System\fnZPrKn.exe
  2⤵
  PID:2372
- C:\Windows\System\JMkcKuc.exe
  C:\Windows\System\JMkcKuc.exe
  2⤵
  PID:688
- C:\Windows\System\ZmZcRDC.exe
  C:\Windows\System\ZmZcRDC.exe
  2⤵
  PID:964
- C:\Windows\System\JKDBpdL.exe
  C:\Windows\System\JKDBpdL.exe
  2⤵
  PID:2660
- C:\Windows\System\sPvgTFi.exe
  C:\Windows\System\sPvgTFi.exe
  2⤵
  PID:2840
- C:\Windows\System\XetMbGo.exe
  C:\Windows\System\XetMbGo.exe
  2⤵
  PID:2656
- C:\Windows\System\AzITLlk.exe
  C:\Windows\System\AzITLlk.exe
  2⤵
  PID:2184
- C:\Windows\System\xxvUVKT.exe
  C:\Windows\System\xxvUVKT.exe
  2⤵
  PID:2784
- C:\Windows\System\faJXpcx.exe
  C:\Windows\System\faJXpcx.exe
  2⤵
  PID:2636
- C:\Windows\System\RsMrolL.exe
  C:\Windows\System\RsMrolL.exe
  2⤵
  PID:2248
- C:\Windows\System\rlrFOol.exe
  C:\Windows\System\rlrFOol.exe
  2⤵
  PID:832
- C:\Windows\System\vuGkUNi.exe
  C:\Windows\System\vuGkUNi.exe
  2⤵
  PID:2060
- C:\Windows\System\WfdmJwG.exe
  C:\Windows\System\WfdmJwG.exe
  2⤵
  PID:1900
- C:\Windows\System\tgoDlcg.exe
  C:\Windows\System\tgoDlcg.exe
  2⤵
  PID:1636
- C:\Windows\System\ktloAAX.exe
  C:\Windows\System\ktloAAX.exe
  2⤵
  PID:1040
- C:\Windows\System\OxIfJVH.exe
  C:\Windows\System\OxIfJVH.exe
  2⤵
  PID:2308
- C:\Windows\System\xChpNHl.exe
  C:\Windows\System\xChpNHl.exe
  2⤵
  PID:1596
- C:\Windows\System\RgjNQyI.exe
  C:\Windows\System\RgjNQyI.exe
  2⤵
  PID:2580
- C:\Windows\System\QMcNlGi.exe
  C:\Windows\System\QMcNlGi.exe
  2⤵
  PID:2388
- C:\Windows\System\KEQSrpr.exe
  C:\Windows\System\KEQSrpr.exe
  2⤵
  PID:1608
- C:\Windows\System\XUcoppe.exe
  C:\Windows\System\XUcoppe.exe
  2⤵
  PID:2980
- C:\Windows\System\ZBDOTbg.exe
  C:\Windows\System\ZBDOTbg.exe
  2⤵
  PID:292
- C:\Windows\System\NienBUZ.exe
  C:\Windows\System\NienBUZ.exe
  2⤵
  PID:3088
- C:\Windows\System\tQjHSIr.exe
  C:\Windows\System\tQjHSIr.exe
  2⤵
  PID:3108
- C:\Windows\System\nvJCGEK.exe
  C:\Windows\System\nvJCGEK.exe
  2⤵
  PID:3128
- C:\Windows\System\zMaZzYD.exe
  C:\Windows\System\zMaZzYD.exe
  2⤵
  PID:3148
- C:\Windows\System\DFwPgLc.exe
  C:\Windows\System\DFwPgLc.exe
  2⤵
  PID:3168
- C:\Windows\System\gvOqPiR.exe
  C:\Windows\System\gvOqPiR.exe
  2⤵
  PID:3184
- C:\Windows\System\KZmwsiE.exe
  C:\Windows\System\KZmwsiE.exe
  2⤵
  PID:3204
- C:\Windows\System\UZsYuIK.exe
  C:\Windows\System\UZsYuIK.exe
  2⤵
  PID:3224
- C:\Windows\System\PPwvWFG.exe
  C:\Windows\System\PPwvWFG.exe
  2⤵
  PID:3244
- C:\Windows\System\NAwrrNs.exe
  C:\Windows\System\NAwrrNs.exe
  2⤵
  PID:3260
- C:\Windows\System\pYnnNDT.exe
  C:\Windows\System\pYnnNDT.exe
  2⤵
  PID:3280
- C:\Windows\System\VYeBfGI.exe
  C:\Windows\System\VYeBfGI.exe
  2⤵
  PID:3300
- C:\Windows\System\BRPthCN.exe
  C:\Windows\System\BRPthCN.exe
  2⤵
  PID:3320
- C:\Windows\System\QuTjSHS.exe
  C:\Windows\System\QuTjSHS.exe
  2⤵
  PID:3336
- C:\Windows\System\OvkXKaY.exe
  C:\Windows\System\OvkXKaY.exe
  2⤵
  PID:3356
- C:\Windows\System\qJHaQJk.exe
  C:\Windows\System\qJHaQJk.exe
  2⤵
  PID:3384
- C:\Windows\System\JujZlpB.exe
  C:\Windows\System\JujZlpB.exe
  2⤵
  PID:3408
- C:\Windows\System\dgDBdLG.exe
  C:\Windows\System\dgDBdLG.exe
  2⤵
  PID:3428
- C:\Windows\System\QAvdXor.exe
  C:\Windows\System\QAvdXor.exe
  2⤵
  PID:3452
- C:\Windows\System\bfbKgUR.exe
  C:\Windows\System\bfbKgUR.exe
  2⤵
  PID:3468
- C:\Windows\System\CveQISW.exe
  C:\Windows\System\CveQISW.exe
  2⤵
  PID:3492
- C:\Windows\System\sbBtFLT.exe
  C:\Windows\System\sbBtFLT.exe
  2⤵
  PID:3508
- C:\Windows\System\GbfcUoJ.exe
  C:\Windows\System\GbfcUoJ.exe
  2⤵
  PID:3532
- C:\Windows\System\kFciMgQ.exe
  C:\Windows\System\kFciMgQ.exe
  2⤵
  PID:3548
- C:\Windows\System\fWZyacQ.exe
  C:\Windows\System\fWZyacQ.exe
  2⤵
  PID:3572
- C:\Windows\System\twNTDzb.exe
  C:\Windows\System\twNTDzb.exe
  2⤵
  PID:3592
- C:\Windows\System\rSKaPkO.exe
  C:\Windows\System\rSKaPkO.exe
  2⤵
  PID:3612
- C:\Windows\System\SzEGajF.exe
  C:\Windows\System\SzEGajF.exe
  2⤵
  PID:3632
- C:\Windows\System\GEYbBAA.exe
  C:\Windows\System\GEYbBAA.exe
  2⤵
  PID:3652
- C:\Windows\System\Nlnjviy.exe
  C:\Windows\System\Nlnjviy.exe
  2⤵
  PID:3672
- C:\Windows\System\fVgCmbM.exe
  C:\Windows\System\fVgCmbM.exe
  2⤵
  PID:3692
- C:\Windows\System\xoCnBLi.exe
  C:\Windows\System\xoCnBLi.exe
  2⤵
  PID:3712
- C:\Windows\System\LIRmrZH.exe
  C:\Windows\System\LIRmrZH.exe
  2⤵
  PID:3732
- C:\Windows\System\KHSKHsa.exe
  C:\Windows\System\KHSKHsa.exe
  2⤵
  PID:3748
- C:\Windows\System\EWewMDa.exe
  C:\Windows\System\EWewMDa.exe
  2⤵
  PID:3768
- C:\Windows\System\cUAqUrV.exe
  C:\Windows\System\cUAqUrV.exe
  2⤵
  PID:3788
- C:\Windows\System\PNBIuaY.exe
  C:\Windows\System\PNBIuaY.exe
  2⤵
  PID:3808
- C:\Windows\System\FyscLMa.exe
  C:\Windows\System\FyscLMa.exe
  2⤵
  PID:3824
- C:\Windows\System\OPtkjfm.exe
  C:\Windows\System\OPtkjfm.exe
  2⤵
  PID:3852
- C:\Windows\System\PXzClSK.exe
  C:\Windows\System\PXzClSK.exe
  2⤵
  PID:3872
- C:\Windows\System\YKVDZBJ.exe
  C:\Windows\System\YKVDZBJ.exe
  2⤵
  PID:3892
- C:\Windows\System\rXdIUaZ.exe
  C:\Windows\System\rXdIUaZ.exe
  2⤵
  PID:3908
- C:\Windows\System\NYlqIre.exe
  C:\Windows\System\NYlqIre.exe
  2⤵
  PID:3932
- C:\Windows\System\UIjrXZa.exe
  C:\Windows\System\UIjrXZa.exe
  2⤵
  PID:3948
- C:\Windows\System\XoJfoae.exe
  C:\Windows\System\XoJfoae.exe
  2⤵
  PID:3972
- C:\Windows\System\JOdKUud.exe
  C:\Windows\System\JOdKUud.exe
  2⤵
  PID:3992
- C:\Windows\System\OuofBUI.exe
  C:\Windows\System\OuofBUI.exe
  2⤵
  PID:4012
- C:\Windows\System\chfPUtU.exe
  C:\Windows\System\chfPUtU.exe
  2⤵
  PID:4032
- C:\Windows\System\SmgohOr.exe
  C:\Windows\System\SmgohOr.exe
  2⤵
  PID:4052
- C:\Windows\System\bnzEtYn.exe
  C:\Windows\System\bnzEtYn.exe
  2⤵
  PID:4072
- C:\Windows\System\TBRAPVV.exe
  C:\Windows\System\TBRAPVV.exe
  2⤵
  PID:4092
- C:\Windows\System\PqCLUwB.exe
  C:\Windows\System\PqCLUwB.exe
  2⤵
  PID:864
- C:\Windows\System\GsbjtsX.exe
  C:\Windows\System\GsbjtsX.exe
  2⤵
  PID:1856
- C:\Windows\System\nbgqmsK.exe
  C:\Windows\System\nbgqmsK.exe
  2⤵
  PID:2600
- C:\Windows\System\AUdAtdX.exe
  C:\Windows\System\AUdAtdX.exe
  2⤵
  PID:1580
- C:\Windows\System\ccihreR.exe
  C:\Windows\System\ccihreR.exe
  2⤵
  PID:3116
- C:\Windows\System\lhamBEw.exe
  C:\Windows\System\lhamBEw.exe
  2⤵
  PID:2912
- C:\Windows\System\QSIcIEQ.exe
  C:\Windows\System\QSIcIEQ.exe
  2⤵
  PID:3160
- C:\Windows\System\tXigbfI.exe
  C:\Windows\System\tXigbfI.exe
  2⤵
  PID:3096
- C:\Windows\System\GYWOZyJ.exe
  C:\Windows\System\GYWOZyJ.exe
  2⤵
  PID:3232
- C:\Windows\System\XCyAnkv.exe
  C:\Windows\System\XCyAnkv.exe
  2⤵
  PID:3140
- C:\Windows\System\UTpYatD.exe
  C:\Windows\System\UTpYatD.exe
  2⤵
  PID:3308
- C:\Windows\System\zEtWsqz.exe
  C:\Windows\System\zEtWsqz.exe
  2⤵
  PID:3220
- C:\Windows\System\vGIkrHn.exe
  C:\Windows\System\vGIkrHn.exe
  2⤵
  PID:3328
- C:\Windows\System\hkIZxFH.exe
  C:\Windows\System\hkIZxFH.exe
  2⤵
  PID:1528
- C:\Windows\System\jpCcdmV.exe
  C:\Windows\System\jpCcdmV.exe
  2⤵
  PID:3332
- C:\Windows\System\iDCdSdy.exe
  C:\Windows\System\iDCdSdy.exe
  2⤵
  PID:3416
- C:\Windows\System\UbMPrcw.exe
  C:\Windows\System\UbMPrcw.exe
  2⤵
  PID:3440
- C:\Windows\System\ayeYVOC.exe
  C:\Windows\System\ayeYVOC.exe
  2⤵
  PID:3488
- C:\Windows\System\tlMvVSb.exe
  C:\Windows\System\tlMvVSb.exe
  2⤵
  PID:3520
- C:\Windows\System\TpqBqux.exe
  C:\Windows\System\TpqBqux.exe
  2⤵
  PID:3560
- C:\Windows\System\wAylRtV.exe
  C:\Windows\System\wAylRtV.exe
  2⤵
  PID:3604
- C:\Windows\System\WmRiXwR.exe
  C:\Windows\System\WmRiXwR.exe
  2⤵
  PID:3648
- C:\Windows\System\Dzikhvd.exe
  C:\Windows\System\Dzikhvd.exe
  2⤵
  PID:3680
- C:\Windows\System\PXnJKeL.exe
  C:\Windows\System\PXnJKeL.exe
  2⤵
  PID:3624
- C:\Windows\System\MrjaVER.exe
  C:\Windows\System\MrjaVER.exe
  2⤵
  PID:3664
- C:\Windows\System\WoKLnud.exe
  C:\Windows\System\WoKLnud.exe
  2⤵
  PID:3704
- C:\Windows\System\mmjGXEj.exe
  C:\Windows\System\mmjGXEj.exe
  2⤵
  PID:1988
- C:\Windows\System\YRoxMrW.exe
  C:\Windows\System\YRoxMrW.exe
  2⤵
  PID:3836
- C:\Windows\System\qydGmVy.exe
  C:\Windows\System\qydGmVy.exe
  2⤵
  PID:3848
- C:\Windows\System\yKTZkop.exe
  C:\Windows\System\yKTZkop.exe
  2⤵
  PID:3888
- C:\Windows\System\ubzYhWD.exe
  C:\Windows\System\ubzYhWD.exe
  2⤵
  PID:3916
- C:\Windows\System\hSYvMJO.exe
  C:\Windows\System\hSYvMJO.exe
  2⤵
  PID:3904
- C:\Windows\System\RlAxXgf.exe
  C:\Windows\System\RlAxXgf.exe
  2⤵
  PID:3940
- C:\Windows\System\fsziFWW.exe
  C:\Windows\System\fsziFWW.exe
  2⤵
  PID:3980
- C:\Windows\System\sdwWcMk.exe
  C:\Windows\System\sdwWcMk.exe
  2⤵
  PID:4044
- C:\Windows\System\AfzqqUI.exe
  C:\Windows\System\AfzqqUI.exe
  2⤵
  PID:4088
- C:\Windows\System\YJXiJuw.exe
  C:\Windows\System\YJXiJuw.exe
  2⤵
  PID:1204
- C:\Windows\System\KpVfRYo.exe
  C:\Windows\System\KpVfRYo.exe
  2⤵
  PID:3044
- C:\Windows\System\wTGdAZP.exe
  C:\Windows\System\wTGdAZP.exe
  2⤵
  PID:1748
- C:\Windows\System\XYTVhby.exe
  C:\Windows\System\XYTVhby.exe
  2⤵
  PID:2696
- C:\Windows\System\ruAMUWg.exe
  C:\Windows\System\ruAMUWg.exe
  2⤵
  PID:1048
- C:\Windows\System\vOtdGfC.exe
  C:\Windows\System\vOtdGfC.exe
  2⤵
  PID:3268
- C:\Windows\System\IfLLROa.exe
  C:\Windows\System\IfLLROa.exe
  2⤵
  PID:3136
- C:\Windows\System\vdAmkJl.exe
  C:\Windows\System\vdAmkJl.exe
  2⤵
  PID:3352
- C:\Windows\System\iCXxSSO.exe
  C:\Windows\System\iCXxSSO.exe
  2⤵
  PID:3288
- C:\Windows\System\ykbzTgu.exe
  C:\Windows\System\ykbzTgu.exe
  2⤵
  PID:3400
- C:\Windows\System\EtUtVLo.exe
  C:\Windows\System\EtUtVLo.exe
  2⤵
  PID:3396
- C:\Windows\System\hBBYjtl.exe
  C:\Windows\System\hBBYjtl.exe
  2⤵
  PID:3464
- C:\Windows\System\LYaEgJS.exe
  C:\Windows\System\LYaEgJS.exe
  2⤵
  PID:3544
- C:\Windows\System\HgEatQk.exe
  C:\Windows\System\HgEatQk.exe
  2⤵
  PID:3564
- C:\Windows\System\xFikNOh.exe
  C:\Windows\System\xFikNOh.exe
  2⤵
  PID:3600
- C:\Windows\System\UauGXCF.exe
  C:\Windows\System\UauGXCF.exe
  2⤵
  PID:3668
- C:\Windows\System\xuaZqcB.exe
  C:\Windows\System\xuaZqcB.exe
  2⤵
  PID:3660
- C:\Windows\System\crcLdpP.exe
  C:\Windows\System\crcLdpP.exe
  2⤵
  PID:3816
- C:\Windows\System\OYweSzd.exe
  C:\Windows\System\OYweSzd.exe
  2⤵
  PID:2676
- C:\Windows\System\iApMJEX.exe
  C:\Windows\System\iApMJEX.exe
  2⤵
  PID:3920
- C:\Windows\System\NBlQbvk.exe
  C:\Windows\System\NBlQbvk.exe
  2⤵
  PID:4004
- C:\Windows\System\vEeYyLL.exe
  C:\Windows\System\vEeYyLL.exe
  2⤵
  PID:3960
- C:\Windows\System\pCyfALV.exe
  C:\Windows\System\pCyfALV.exe
  2⤵
  PID:4040
- C:\Windows\System\GxPAqHW.exe
  C:\Windows\System\GxPAqHW.exe
  2⤵
  PID:1296
- C:\Windows\System\UPxWePP.exe
  C:\Windows\System\UPxWePP.exe
  2⤵
  PID:4068
- C:\Windows\System\eDZJUno.exe
  C:\Windows\System\eDZJUno.exe
  2⤵
  PID:3076
- C:\Windows\System\rSONwdQ.exe
  C:\Windows\System\rSONwdQ.exe
  2⤵
  PID:3344
- C:\Windows\System\CfwcKKa.exe
  C:\Windows\System\CfwcKKa.exe
  2⤵
  PID:3380
- C:\Windows\System\bUyIKGU.exe
  C:\Windows\System\bUyIKGU.exe
  2⤵
  PID:3240
- C:\Windows\System\gjSqLQK.exe
  C:\Windows\System\gjSqLQK.exe
  2⤵
  PID:3436
- C:\Windows\System\LybfSrl.exe
  C:\Windows\System\LybfSrl.exe
  2⤵
  PID:3480
- C:\Windows\System\bvqHBVg.exe
  C:\Windows\System\bvqHBVg.exe
  2⤵
  PID:3516
- C:\Windows\System\qkLubgA.exe
  C:\Windows\System\qkLubgA.exe
  2⤵
  PID:2884
- C:\Windows\System\BQcQvID.exe
  C:\Windows\System\BQcQvID.exe
  2⤵
  PID:3700
- C:\Windows\System\wIeLfCK.exe
  C:\Windows\System\wIeLfCK.exe
  2⤵
  PID:2796
- C:\Windows\System\hfvwOUM.exe
  C:\Windows\System\hfvwOUM.exe
  2⤵
  PID:3964
- C:\Windows\System\vpfAkYa.exe
  C:\Windows\System\vpfAkYa.exe
  2⤵
  PID:3928
- C:\Windows\System\ntyaLVh.exe
  C:\Windows\System\ntyaLVh.exe
  2⤵
  PID:4080
- C:\Windows\System\NRXtHBu.exe
  C:\Windows\System\NRXtHBu.exe
  2⤵
  PID:3200
- C:\Windows\System\GIhaSmg.exe
  C:\Windows\System\GIhaSmg.exe
  2⤵
  PID:3376
- C:\Windows\System\DRpWMgr.exe
  C:\Windows\System\DRpWMgr.exe
  2⤵
  PID:3180
- C:\Windows\System\xFyOdvY.exe
  C:\Windows\System\xFyOdvY.exe
  2⤵
  PID:2052
- C:\Windows\System\nfPiWLv.exe
  C:\Windows\System\nfPiWLv.exe
  2⤵
  PID:3196
- C:\Windows\System\BNrfADl.exe
  C:\Windows\System\BNrfADl.exe
  2⤵
  PID:3744
- C:\Windows\System\arJHCst.exe
  C:\Windows\System\arJHCst.exe
  2⤵
  PID:3484
- C:\Windows\System\CUaSxQI.exe
  C:\Windows\System\CUaSxQI.exe
  2⤵
  PID:3984
- C:\Windows\System\hWKjnwn.exe
  C:\Windows\System\hWKjnwn.exe
  2⤵
  PID:4060
- C:\Windows\System\JqlLTFO.exe
  C:\Windows\System\JqlLTFO.exe
  2⤵
  PID:2144
- C:\Windows\System\oKveIbD.exe
  C:\Windows\System\oKveIbD.exe
  2⤵
  PID:4116
- C:\Windows\System\gDvcmEW.exe
  C:\Windows\System\gDvcmEW.exe
  2⤵
  PID:4144
- C:\Windows\System\zjGaJsH.exe
  C:\Windows\System\zjGaJsH.exe
  2⤵
  PID:4160
- C:\Windows\System\DMbPNZJ.exe
  C:\Windows\System\DMbPNZJ.exe
  2⤵
  PID:4180
- C:\Windows\System\ZChcTld.exe
  C:\Windows\System\ZChcTld.exe
  2⤵
  PID:4200
- C:\Windows\System\ggHSIRO.exe
  C:\Windows\System\ggHSIRO.exe
  2⤵
  PID:4224
- C:\Windows\System\nZeRSau.exe
  C:\Windows\System\nZeRSau.exe
  2⤵
  PID:4244
- C:\Windows\System\ydKRtzc.exe
  C:\Windows\System\ydKRtzc.exe
  2⤵
  PID:4264
- C:\Windows\System\FJkYJTG.exe
  C:\Windows\System\FJkYJTG.exe
  2⤵
  PID:4284
- C:\Windows\System\KkMKTIf.exe
  C:\Windows\System\KkMKTIf.exe
  2⤵
  PID:4304
- C:\Windows\System\gCEYXFQ.exe
  C:\Windows\System\gCEYXFQ.exe
  2⤵
  PID:4320
- C:\Windows\System\WnFuCGe.exe
  C:\Windows\System\WnFuCGe.exe
  2⤵
  PID:4340
- C:\Windows\System\LkbJFLC.exe
  C:\Windows\System\LkbJFLC.exe
  2⤵
  PID:4360
- C:\Windows\System\kxDqhBa.exe
  C:\Windows\System\kxDqhBa.exe
  2⤵
  PID:4380
- C:\Windows\System\PZmUcps.exe
  C:\Windows\System\PZmUcps.exe
  2⤵
  PID:4400
- C:\Windows\System\XoVmQHT.exe
  C:\Windows\System\XoVmQHT.exe
  2⤵
  PID:4420
- C:\Windows\System\UIOdLZa.exe
  C:\Windows\System\UIOdLZa.exe
  2⤵
  PID:4444
- C:\Windows\System\rqMziJS.exe
  C:\Windows\System\rqMziJS.exe
  2⤵
  PID:4464
- C:\Windows\System\hLpJMGP.exe
  C:\Windows\System\hLpJMGP.exe
  2⤵
  PID:4480
- C:\Windows\System\mOgsFDU.exe
  C:\Windows\System\mOgsFDU.exe
  2⤵
  PID:4500
- C:\Windows\System\BxWHdMS.exe
  C:\Windows\System\BxWHdMS.exe
  2⤵
  PID:4520
- C:\Windows\System\CdRmeer.exe
  C:\Windows\System\CdRmeer.exe
  2⤵
  PID:4540
- C:\Windows\System\HRGBoTU.exe
  C:\Windows\System\HRGBoTU.exe
  2⤵
  PID:4564
- C:\Windows\System\cRvMCWq.exe
  C:\Windows\System\cRvMCWq.exe
  2⤵
  PID:4584
- C:\Windows\System\WPQrYpf.exe
  C:\Windows\System\WPQrYpf.exe
  2⤵
  PID:4600
- C:\Windows\System\JmMdIYE.exe
  C:\Windows\System\JmMdIYE.exe
  2⤵
  PID:4624
- C:\Windows\System\KHgeeRS.exe
  C:\Windows\System\KHgeeRS.exe
  2⤵
  PID:4644
- C:\Windows\System\GfBRPnm.exe
  C:\Windows\System\GfBRPnm.exe
  2⤵
  PID:4664
- C:\Windows\System\oAdGrxo.exe
  C:\Windows\System\oAdGrxo.exe
  2⤵
  PID:4680
- C:\Windows\System\ootlfaM.exe
  C:\Windows\System\ootlfaM.exe
  2⤵
  PID:4700
- C:\Windows\System\NnzAMuy.exe
  C:\Windows\System\NnzAMuy.exe
  2⤵
  PID:4720
- C:\Windows\System\CVqBijk.exe
  C:\Windows\System\CVqBijk.exe
  2⤵
  PID:4740
- C:\Windows\System\OzRokCK.exe
  C:\Windows\System\OzRokCK.exe
  2⤵
  PID:4764
- C:\Windows\System\cEsvWhM.exe
  C:\Windows\System\cEsvWhM.exe
  2⤵
  PID:4784
- C:\Windows\System\GPEpErA.exe
  C:\Windows\System\GPEpErA.exe
  2⤵
  PID:4800
- C:\Windows\System\SDNGkOu.exe
  C:\Windows\System\SDNGkOu.exe
  2⤵
  PID:4820
- C:\Windows\System\mOcDCjv.exe
  C:\Windows\System\mOcDCjv.exe
  2⤵
  PID:4836
- C:\Windows\System\bsSGerD.exe
  C:\Windows\System\bsSGerD.exe
  2⤵
  PID:4860
- C:\Windows\System\rcUkNFf.exe
  C:\Windows\System\rcUkNFf.exe
  2⤵
  PID:4880
- C:\Windows\System\PJgXXLM.exe
  C:\Windows\System\PJgXXLM.exe
  2⤵
  PID:4900
- C:\Windows\System\LrcZmfA.exe
  C:\Windows\System\LrcZmfA.exe
  2⤵
  PID:4920
- C:\Windows\System\hrKlZNr.exe
  C:\Windows\System\hrKlZNr.exe
  2⤵
  PID:4944
- C:\Windows\System\PKboKZF.exe
  C:\Windows\System\PKboKZF.exe
  2⤵
  PID:4960
- C:\Windows\System\MHwsyfq.exe
  C:\Windows\System\MHwsyfq.exe
  2⤵
  PID:4980
- C:\Windows\System\YzMkwKC.exe
  C:\Windows\System\YzMkwKC.exe
  2⤵
  PID:4996
- C:\Windows\System\qPObtyA.exe
  C:\Windows\System\qPObtyA.exe
  2⤵
  PID:5020
- C:\Windows\System\FXCIKmG.exe
  C:\Windows\System\FXCIKmG.exe
  2⤵
  PID:5040
- C:\Windows\System\aiBvrXd.exe
  C:\Windows\System\aiBvrXd.exe
  2⤵
  PID:5060
- C:\Windows\System\LaBfTwO.exe
  C:\Windows\System\LaBfTwO.exe
  2⤵
  PID:5080
- C:\Windows\System\kxJayRY.exe
  C:\Windows\System\kxJayRY.exe
  2⤵
  PID:5100
- C:\Windows\System\ZmnIwvQ.exe
  C:\Windows\System\ZmnIwvQ.exe
  2⤵
  PID:3800
- C:\Windows\System\IhImKyf.exe
  C:\Windows\System\IhImKyf.exe
  2⤵
  PID:2024
- C:\Windows\System\qaykTty.exe
  C:\Windows\System\qaykTty.exe
  2⤵
  PID:4024
- C:\Windows\System\kUdlzVe.exe
  C:\Windows\System\kUdlzVe.exe
  2⤵
  PID:3192
- C:\Windows\System\ZyQRYer.exe
  C:\Windows\System\ZyQRYer.exe
  2⤵
  PID:4124
- C:\Windows\System\JxrTAph.exe
  C:\Windows\System\JxrTAph.exe
  2⤵
  PID:2544
- C:\Windows\System\TvbgnGS.exe
  C:\Windows\System\TvbgnGS.exe
  2⤵
  PID:2516
- C:\Windows\System\PtXryMe.exe
  C:\Windows\System\PtXryMe.exe
  2⤵
  PID:4172
- C:\Windows\System\MufRjyJ.exe
  C:\Windows\System\MufRjyJ.exe
  2⤵
  PID:4156
- C:\Windows\System\zKlReyN.exe
  C:\Windows\System\zKlReyN.exe
  2⤵
  PID:4220
- C:\Windows\System\pvrFVCj.exe
  C:\Windows\System\pvrFVCj.exe
  2⤵
  PID:4256
- C:\Windows\System\EmYjRNP.exe
  C:\Windows\System\EmYjRNP.exe
  2⤵
  PID:4296
- C:\Windows\System\tdPHbNp.exe
  C:\Windows\System\tdPHbNp.exe
  2⤵
  PID:4272
- C:\Windows\System\QDqvYGb.exe
  C:\Windows\System\QDqvYGb.exe
  2⤵
  PID:4376
- C:\Windows\System\LDxbFVz.exe
  C:\Windows\System\LDxbFVz.exe
  2⤵
  PID:4416
- C:\Windows\System\teUpBke.exe
  C:\Windows\System\teUpBke.exe
  2⤵
  PID:4452
- C:\Windows\System\TPQKIjJ.exe
  C:\Windows\System\TPQKIjJ.exe
  2⤵
  PID:4432
- C:\Windows\System\OQPRkZV.exe
  C:\Windows\System\OQPRkZV.exe
  2⤵
  PID:2236
- C:\Windows\System\DJCTkhS.exe
  C:\Windows\System\DJCTkhS.exe
  2⤵
  PID:4536
- C:\Windows\System\QhewwWG.exe
  C:\Windows\System\QhewwWG.exe
  2⤵
  PID:4580
- C:\Windows\System\feekGkk.exe
  C:\Windows\System\feekGkk.exe
  2⤵
  PID:4620
- C:\Windows\System\VlSOtxm.exe
  C:\Windows\System\VlSOtxm.exe
  2⤵
  PID:4552
- C:\Windows\System\oSaDlIY.exe
  C:\Windows\System\oSaDlIY.exe
  2⤵
  PID:4656
- C:\Windows\System\RSNSkQD.exe
  C:\Windows\System\RSNSkQD.exe
  2⤵
  PID:4696
- C:\Windows\System\MqcWdll.exe
  C:\Windows\System\MqcWdll.exe
  2⤵
  PID:4728
- C:\Windows\System\prroNoZ.exe
  C:\Windows\System\prroNoZ.exe
  2⤵
  PID:2572
- C:\Windows\System\ynlzLVQ.exe
  C:\Windows\System\ynlzLVQ.exe
  2⤵
  PID:4776
- C:\Windows\System\HEEYICX.exe
  C:\Windows\System\HEEYICX.exe
  2⤵
  PID:4752
- C:\Windows\System\pQJwRfS.exe
  C:\Windows\System\pQJwRfS.exe
  2⤵
  PID:4856
- C:\Windows\System\ghtjwZv.exe
  C:\Windows\System\ghtjwZv.exe
  2⤵
  PID:4896
- C:\Windows\System\npucrVv.exe
  C:\Windows\System\npucrVv.exe
  2⤵
  PID:2964
- C:\Windows\System\MHMSnqS.exe
  C:\Windows\System\MHMSnqS.exe
  2⤵
  PID:4832
- C:\Windows\System\WgjrDqe.exe
  C:\Windows\System\WgjrDqe.exe
  2⤵
  PID:4908
- C:\Windows\System\VhCfeXn.exe
  C:\Windows\System\VhCfeXn.exe
  2⤵
  PID:4952
- C:\Windows\System\FBuMecR.exe
  C:\Windows\System\FBuMecR.exe
  2⤵
  PID:4988
- C:\Windows\System\FdavpHx.exe
  C:\Windows\System\FdavpHx.exe
  2⤵
  PID:5012
- C:\Windows\System\llasgIj.exe
  C:\Windows\System\llasgIj.exe
  2⤵
  PID:5048
- C:\Windows\System\VTAYTeX.exe
  C:\Windows\System\VTAYTeX.exe
  2⤵
  PID:5096
- C:\Windows\System\SqtRnJX.exe
  C:\Windows\System\SqtRnJX.exe
  2⤵
  PID:3832
- C:\Windows\System\bLidewk.exe
  C:\Windows\System\bLidewk.exe
  2⤵
  PID:5112
- C:\Windows\System\drPgGxE.exe
  C:\Windows\System\drPgGxE.exe
  2⤵
  PID:3884
- C:\Windows\System\ZToAofd.exe
  C:\Windows\System\ZToAofd.exe
  2⤵
  PID:3504
- C:\Windows\System\qQPztZl.exe
  C:\Windows\System\qQPztZl.exe
  2⤵
  PID:4176
- C:\Windows\System\WxgjICR.exe
  C:\Windows\System\WxgjICR.exe
  2⤵
  PID:4212
- C:\Windows\System\EntYBaJ.exe
  C:\Windows\System\EntYBaJ.exe
  2⤵
  PID:4192
- C:\Windows\System\CoYCMsk.exe
  C:\Windows\System\CoYCMsk.exe
  2⤵
  PID:4292
- C:\Windows\System\jvJnQxx.exe
  C:\Windows\System\jvJnQxx.exe
  2⤵
  PID:4236
- C:\Windows\System\KLMfUhC.exe
  C:\Windows\System\KLMfUhC.exe
  2⤵
  PID:4348
- C:\Windows\System\HhjKFxA.exe
  C:\Windows\System\HhjKFxA.exe
  2⤵
  PID:4316
- C:\Windows\System\ZMZcEoz.exe
  C:\Windows\System\ZMZcEoz.exe
  2⤵
  PID:4472
- C:\Windows\System\BsysUSO.exe
  C:\Windows\System\BsysUSO.exe
  2⤵
  PID:4436
- C:\Windows\System\JFhnGCU.exe
  C:\Windows\System\JFhnGCU.exe
  2⤵
  PID:2576
- C:\Windows\System\pEJNAHk.exe
  C:\Windows\System\pEJNAHk.exe
  2⤵
  PID:4616
- C:\Windows\System\xJczHTO.exe
  C:\Windows\System\xJczHTO.exe
  2⤵
  PID:4652
- C:\Windows\System\ZeeDqfP.exe
  C:\Windows\System\ZeeDqfP.exe
  2⤵
  PID:4632
- C:\Windows\System\cdzAurM.exe
  C:\Windows\System\cdzAurM.exe
  2⤵
  PID:4780
- C:\Windows\System\VKOlHHr.exe
  C:\Windows\System\VKOlHHr.exe
  2⤵
  PID:4812
- C:\Windows\System\xGDYoNs.exe
  C:\Windows\System\xGDYoNs.exe
  2⤵
  PID:4928
- C:\Windows\System\iDgElBZ.exe
  C:\Windows\System\iDgElBZ.exe
  2⤵
  PID:4916
- C:\Windows\System\lItGiHS.exe
  C:\Windows\System\lItGiHS.exe
  2⤵
  PID:5016
- C:\Windows\System\rLBRcyt.exe
  C:\Windows\System\rLBRcyt.exe
  2⤵
  PID:4976
- C:\Windows\System\TSypVYX.exe
  C:\Windows\System\TSypVYX.exe
  2⤵
  PID:5072
- C:\Windows\System\ruKwtUC.exe
  C:\Windows\System\ruKwtUC.exe
  2⤵
  PID:5108
- C:\Windows\System\DQzwCbj.exe
  C:\Windows\System\DQzwCbj.exe
  2⤵
  PID:2192
- C:\Windows\System\rZZChue.exe
  C:\Windows\System\rZZChue.exe
  2⤵
  PID:4168
- C:\Windows\System\tOhJLJM.exe
  C:\Windows\System\tOhJLJM.exe
  2⤵
  PID:4240
- C:\Windows\System\CYruZIX.exe
  C:\Windows\System\CYruZIX.exe
  2⤵
  PID:4108
- C:\Windows\System\mgypBDM.exe
  C:\Windows\System\mgypBDM.exe
  2⤵
  PID:4328
- C:\Windows\System\JNaSvUa.exe
  C:\Windows\System\JNaSvUa.exe
  2⤵
  PID:4332
- C:\Windows\System\xrjxIKe.exe
  C:\Windows\System\xrjxIKe.exe
  2⤵
  PID:4508
- C:\Windows\System\uMopbES.exe
  C:\Windows\System\uMopbES.exe
  2⤵
  PID:1576
- C:\Windows\System\wTBopvz.exe
  C:\Windows\System\wTBopvz.exe
  2⤵
  PID:4428
- C:\Windows\System\qFUejrb.exe
  C:\Windows\System\qFUejrb.exe
  2⤵
  PID:2212
- C:\Windows\System\gaKbWBn.exe
  C:\Windows\System\gaKbWBn.exe
  2⤵
  PID:4816
- C:\Windows\System\JYQMymQ.exe
  C:\Windows\System\JYQMymQ.exe
  2⤵
  PID:4756
- C:\Windows\System\elwpvwJ.exe
  C:\Windows\System\elwpvwJ.exe
  2⤵
  PID:4888
- C:\Windows\System\TnNeMIO.exe
  C:\Windows\System\TnNeMIO.exe
  2⤵
  PID:4868
- C:\Windows\System\AVVZLNx.exe
  C:\Windows\System\AVVZLNx.exe
  2⤵
  PID:4876
- C:\Windows\System\VmeYYUK.exe
  C:\Windows\System\VmeYYUK.exe
  2⤵
  PID:3780
- C:\Windows\System\VhKfSZM.exe
  C:\Windows\System\VhKfSZM.exe
  2⤵
  PID:2736
- C:\Windows\System\wNwgXtr.exe
  C:\Windows\System\wNwgXtr.exe
  2⤵
  PID:2228
- C:\Windows\System\lDgyRyU.exe
  C:\Windows\System\lDgyRyU.exe
  2⤵
  PID:4152
- C:\Windows\System\aqxofDr.exe
  C:\Windows\System\aqxofDr.exe
  2⤵
  PID:2680
- C:\Windows\System\oCDHYCX.exe
  C:\Windows\System\oCDHYCX.exe
  2⤵
  PID:4476
- C:\Windows\System\WKiSLCX.exe
  C:\Windows\System\WKiSLCX.exe
  2⤵
  PID:4596
- C:\Windows\System\OVdBcaY.exe
  C:\Windows\System\OVdBcaY.exe
  2⤵
  PID:4512
- C:\Windows\System\qXAhOTY.exe
  C:\Windows\System\qXAhOTY.exe
  2⤵
  PID:4796
- C:\Windows\System\DOuBysN.exe
  C:\Windows\System\DOuBysN.exe
  2⤵
  PID:2808
- C:\Windows\System\AWOOJRO.exe
  C:\Windows\System\AWOOJRO.exe
  2⤵
  PID:5088
- C:\Windows\System\IlZttjK.exe
  C:\Windows\System\IlZttjK.exe
  2⤵
  PID:4972
- C:\Windows\System\zfAHPpT.exe
  C:\Windows\System\zfAHPpT.exe
  2⤵
  PID:2216
- C:\Windows\System\HjUEqaT.exe
  C:\Windows\System\HjUEqaT.exe
  2⤵
  PID:4492
- C:\Windows\System\nlgFjdm.exe
  C:\Windows\System\nlgFjdm.exe
  2⤵
  PID:4368
- C:\Windows\System\NPgCDJq.exe
  C:\Windows\System\NPgCDJq.exe
  2⤵
  PID:5004
- C:\Windows\System\llWGHxO.exe
  C:\Windows\System\llWGHxO.exe
  2⤵
  PID:4852
- C:\Windows\System\oRjCmEE.exe
  C:\Windows\System\oRjCmEE.exe
  2⤵
  PID:4956
- C:\Windows\System\pRmKyhL.exe
  C:\Windows\System\pRmKyhL.exe
  2⤵
  PID:2856
- C:\Windows\System\CMTBbER.exe
  C:\Windows\System\CMTBbER.exe
  2⤵
  PID:3688
- C:\Windows\System\pxhDlvo.exe
  C:\Windows\System\pxhDlvo.exe
  2⤵
  PID:4408
- C:\Windows\System\mxivsqP.exe
  C:\Windows\System\mxivsqP.exe
  2⤵
  PID:4440
- C:\Windows\System\CPSqdqR.exe
  C:\Windows\System\CPSqdqR.exe
  2⤵
  PID:4672
- C:\Windows\System\YtvKPkY.exe
  C:\Windows\System\YtvKPkY.exe
  2⤵
  PID:3608
- C:\Windows\System\IwLWjik.exe
  C:\Windows\System\IwLWjik.exe
  2⤵
  PID:4872
- C:\Windows\System\cWEqJJR.exe
  C:\Windows\System\cWEqJJR.exe
  2⤵
  PID:3024
- C:\Windows\System\CqjwCsT.exe
  C:\Windows\System\CqjwCsT.exe
  2⤵
  PID:1292
- C:\Windows\System\MawELCL.exe
  C:\Windows\System\MawELCL.exe
  2⤵
  PID:1568
- C:\Windows\System\ManpCbH.exe
  C:\Windows\System\ManpCbH.exe
  2⤵
  PID:824
- C:\Windows\System\teFeUIN.exe
  C:\Windows\System\teFeUIN.exe
  2⤵
  PID:5136
- C:\Windows\System\CrPjKfj.exe
  C:\Windows\System\CrPjKfj.exe
  2⤵
  PID:5156
- C:\Windows\System\jcYARrT.exe
  C:\Windows\System\jcYARrT.exe
  2⤵
  PID:5172
- C:\Windows\System\mhVBFIa.exe
  C:\Windows\System\mhVBFIa.exe
  2⤵
  PID:5188
- C:\Windows\System\MUTyHXP.exe
  C:\Windows\System\MUTyHXP.exe
  2⤵
  PID:5212
- C:\Windows\System\ptcVVqE.exe
  C:\Windows\System\ptcVVqE.exe
  2⤵
  PID:5228
- C:\Windows\System\nsChijz.exe
  C:\Windows\System\nsChijz.exe
  2⤵
  PID:5244
- C:\Windows\System\kLSedsZ.exe
  C:\Windows\System\kLSedsZ.exe
  2⤵
  PID:5260
- C:\Windows\System\QmhslHF.exe
  C:\Windows\System\QmhslHF.exe
  2⤵
  PID:5312
- C:\Windows\System\KUzRrqm.exe
  C:\Windows\System\KUzRrqm.exe
  2⤵
  PID:5344
- C:\Windows\System\sedldVs.exe
  C:\Windows\System\sedldVs.exe
  2⤵
  PID:5364
- C:\Windows\System\CkhdMAh.exe
  C:\Windows\System\CkhdMAh.exe
  2⤵
  PID:5380
- C:\Windows\System\qqMoNXv.exe
  C:\Windows\System\qqMoNXv.exe
  2⤵
  PID:5396
- C:\Windows\System\QPrjvfU.exe
  C:\Windows\System\QPrjvfU.exe
  2⤵
  PID:5420
- C:\Windows\System\pEPLuYs.exe
  C:\Windows\System\pEPLuYs.exe
  2⤵
  PID:5440
- C:\Windows\System\RIHDlSD.exe
  C:\Windows\System\RIHDlSD.exe
  2⤵
  PID:5456
- C:\Windows\System\ZJWOlSF.exe
  C:\Windows\System\ZJWOlSF.exe
  2⤵
  PID:5480
- C:\Windows\System\EOUNnjW.exe
  C:\Windows\System\EOUNnjW.exe
  2⤵
  PID:5496
- C:\Windows\System\ZGmRycI.exe
  C:\Windows\System\ZGmRycI.exe
  2⤵
  PID:5512
- C:\Windows\System\XSEgAEr.exe
  C:\Windows\System\XSEgAEr.exe
  2⤵
  PID:5528
- C:\Windows\System\EuNNDZU.exe
  C:\Windows\System\EuNNDZU.exe
  2⤵
  PID:5576
- C:\Windows\System\LFOClUE.exe
  C:\Windows\System\LFOClUE.exe
  2⤵
  PID:5596
- C:\Windows\System\WmzXeUX.exe
  C:\Windows\System\WmzXeUX.exe
  2⤵
  PID:5612
- C:\Windows\System\XffyaXk.exe
  C:\Windows\System\XffyaXk.exe
  2⤵
  PID:5628
- C:\Windows\System\xhEHXcG.exe
  C:\Windows\System\xhEHXcG.exe
  2⤵
  PID:5652
- C:\Windows\System\jzoVnKz.exe
  C:\Windows\System\jzoVnKz.exe
  2⤵
  PID:5672
- C:\Windows\System\TlBWEOX.exe
  C:\Windows\System\TlBWEOX.exe
  2⤵
  PID:5688
- C:\Windows\System\wTKyozF.exe
  C:\Windows\System\wTKyozF.exe
  2⤵
  PID:5708
- C:\Windows\System\xQLIdKe.exe
  C:\Windows\System\xQLIdKe.exe
  2⤵
  PID:5728
- C:\Windows\System\JlktiAq.exe
  C:\Windows\System\JlktiAq.exe
  2⤵
  PID:5752
- C:\Windows\System\wQQoLNg.exe
  C:\Windows\System\wQQoLNg.exe
  2⤵
  PID:5788
- C:\Windows\System\XGvZPaS.exe
  C:\Windows\System\XGvZPaS.exe
  2⤵
  PID:5808
- C:\Windows\System\KEzNdqA.exe
  C:\Windows\System\KEzNdqA.exe
  2⤵
  PID:5832
- C:\Windows\System\hzEhfHQ.exe
  C:\Windows\System\hzEhfHQ.exe
  2⤵
  PID:5848
- C:\Windows\System\aPeMeAi.exe
  C:\Windows\System\aPeMeAi.exe
  2⤵
  PID:5864
- C:\Windows\System\eUscTQG.exe
  C:\Windows\System\eUscTQG.exe
  2⤵
  PID:5880
- C:\Windows\System\AJQcvOA.exe
  C:\Windows\System\AJQcvOA.exe
  2⤵
  PID:5896
- C:\Windows\System\nSGXtid.exe
  C:\Windows\System\nSGXtid.exe
  2⤵
  PID:5916
- C:\Windows\System\vMsLzbN.exe
  C:\Windows\System\vMsLzbN.exe
  2⤵
  PID:5932
- C:\Windows\System\aTpTOQM.exe
  C:\Windows\System\aTpTOQM.exe
  2⤵
  PID:5948
- C:\Windows\System\iPyXPEQ.exe
  C:\Windows\System\iPyXPEQ.exe
  2⤵
  PID:5972
- C:\Windows\System\klSYdaV.exe
  C:\Windows\System\klSYdaV.exe
  2⤵
  PID:5988
- C:\Windows\System\AnBKLlC.exe
  C:\Windows\System\AnBKLlC.exe
  2⤵
  PID:6028
- C:\Windows\System\KqPbAGC.exe
  C:\Windows\System\KqPbAGC.exe
  2⤵
  PID:6048
- C:\Windows\System\oUXMBue.exe
  C:\Windows\System\oUXMBue.exe
  2⤵
  PID:6068
- C:\Windows\System\NnWHlLU.exe
  C:\Windows\System\NnWHlLU.exe
  2⤵
  PID:6092
- C:\Windows\System\qqmeGmF.exe
  C:\Windows\System\qqmeGmF.exe
  2⤵
  PID:6116
- C:\Windows\System\MANcvYa.exe
  C:\Windows\System\MANcvYa.exe
  2⤵
  PID:6132
- C:\Windows\System\EWKJLJA.exe
  C:\Windows\System\EWKJLJA.exe
  2⤵
  PID:2624
- C:\Windows\System\nZItbcU.exe
  C:\Windows\System\nZItbcU.exe
  2⤵
  PID:760
- C:\Windows\System\MGZrSge.exe
  C:\Windows\System\MGZrSge.exe
  2⤵
  PID:5168
- C:\Windows\System\CUiQViK.exe
  C:\Windows\System\CUiQViK.exe
  2⤵
  PID:5236
- C:\Windows\System\fLfxijQ.exe
  C:\Windows\System\fLfxijQ.exe
  2⤵
  PID:5272
- C:\Windows\System\JPgifmL.exe
  C:\Windows\System\JPgifmL.exe
  2⤵
  PID:2820
- C:\Windows\System\vVlzuJa.exe
  C:\Windows\System\vVlzuJa.exe
  2⤵
  PID:376
- C:\Windows\System\mWZjQoP.exe
  C:\Windows\System\mWZjQoP.exe
  2⤵
  PID:5288
- C:\Windows\System\ISEgtEJ.exe
  C:\Windows\System\ISEgtEJ.exe
  2⤵
  PID:1336
- C:\Windows\System\KchMMIx.exe
  C:\Windows\System\KchMMIx.exe
  2⤵
  PID:5336
- C:\Windows\System\obkFyeS.exe
  C:\Windows\System\obkFyeS.exe
  2⤵
  PID:5356
- C:\Windows\System\uhZeEbw.exe
  C:\Windows\System\uhZeEbw.exe
  2⤵
  PID:5388
- C:\Windows\System\UAOOVjN.exe
  C:\Windows\System\UAOOVjN.exe
  2⤵
  PID:5376
- C:\Windows\System\ImmGwel.exe
  C:\Windows\System\ImmGwel.exe
  2⤵
  PID:5428
- C:\Windows\System\drEjWmL.exe
  C:\Windows\System\drEjWmL.exe
  2⤵
  PID:5476
- C:\Windows\System\gkoNyTR.exe
  C:\Windows\System\gkoNyTR.exe
  2⤵
  PID:5408
- C:\Windows\System\FDpyPuK.exe
  C:\Windows\System\FDpyPuK.exe
  2⤵
  PID:5568
- C:\Windows\System\vUieRkq.exe
  C:\Windows\System\vUieRkq.exe
  2⤵
  PID:5608
- C:\Windows\System\pViAmUX.exe
  C:\Windows\System\pViAmUX.exe
  2⤵
  PID:5648
- C:\Windows\System\ZThruYV.exe
  C:\Windows\System\ZThruYV.exe
  2⤵
  PID:5680
- C:\Windows\System\BgztnwG.exe
  C:\Windows\System\BgztnwG.exe
  2⤵
  PID:5704
- C:\Windows\System\EZXlVyF.exe
  C:\Windows\System\EZXlVyF.exe
  2⤵
  PID:5664
- C:\Windows\System\AfyVoHN.exe
  C:\Windows\System\AfyVoHN.exe
  2⤵
  PID:5772
- C:\Windows\System\BGwtesQ.exe
  C:\Windows\System\BGwtesQ.exe
  2⤵
  PID:5816
- C:\Windows\System\tQHQgTK.exe
  C:\Windows\System\tQHQgTK.exe
  2⤵
  PID:5796
- C:\Windows\System\SZBQQaP.exe
  C:\Windows\System\SZBQQaP.exe
  2⤵
  PID:5696
- C:\Windows\System\AghxraS.exe
  C:\Windows\System\AghxraS.exe
  2⤵
  PID:5928
- C:\Windows\System\fIbfmZE.exe
  C:\Windows\System\fIbfmZE.exe
  2⤵
  PID:5968
- C:\Windows\System\TypXQyd.exe
  C:\Windows\System\TypXQyd.exe
  2⤵
  PID:5908
- C:\Windows\System\IIukzHJ.exe
  C:\Windows\System\IIukzHJ.exe
  2⤵
  PID:6004
- C:\Windows\System\pMLOuoC.exe
  C:\Windows\System\pMLOuoC.exe
  2⤵
  PID:5984
- C:\Windows\System\hNPPsDC.exe
  C:\Windows\System\hNPPsDC.exe
  2⤵
  PID:2396
- C:\Windows\System\nbUAcgY.exe
  C:\Windows\System\nbUAcgY.exe
  2⤵
  PID:444
- C:\Windows\System\gPjFvJV.exe
  C:\Windows\System\gPjFvJV.exe
  2⤵
  PID:6112
- C:\Windows\System\pfwXyue.exe
  C:\Windows\System\pfwXyue.exe
  2⤵
  PID:5132
- C:\Windows\System\dIeDUZT.exe
  C:\Windows\System\dIeDUZT.exe
  2⤵
  PID:5204
- C:\Windows\System\dPPxasQ.exe
  C:\Windows\System\dPPxasQ.exe
  2⤵
  PID:5224
- C:\Windows\System\jBQPQce.exe
  C:\Windows\System\jBQPQce.exe
  2⤵
  PID:5144
- C:\Windows\System\rIEcBEU.exe
  C:\Windows\System\rIEcBEU.exe
  2⤵
  PID:5296
- C:\Windows\System\BeQjujJ.exe
  C:\Windows\System\BeQjujJ.exe
  2⤵
  PID:5320
- C:\Windows\System\mexvsnQ.exe
  C:\Windows\System\mexvsnQ.exe
  2⤵
  PID:1268
- C:\Windows\System\pfKFEhm.exe
  C:\Windows\System\pfKFEhm.exe
  2⤵
  PID:5332
- C:\Windows\System\RnpYGIQ.exe
  C:\Windows\System\RnpYGIQ.exe
  2⤵
  PID:5492
- C:\Windows\System\tVbjGaG.exe
  C:\Windows\System\tVbjGaG.exe
  2⤵
  PID:2564
- C:\Windows\System\RnuYqWX.exe
  C:\Windows\System\RnuYqWX.exe
  2⤵
  PID:5536
- C:\Windows\System\KGFqcvA.exe
  C:\Windows\System\KGFqcvA.exe
  2⤵
  PID:5644
- C:\Windows\System\jtWZhKr.exe
  C:\Windows\System\jtWZhKr.exe
  2⤵
  PID:5720
- C:\Windows\System\VEYQDfk.exe
  C:\Windows\System\VEYQDfk.exe
  2⤵
  PID:5668
- C:\Windows\System\jsrGVXf.exe
  C:\Windows\System\jsrGVXf.exe
  2⤵
  PID:5828
- C:\Windows\System\SqOMiel.exe
  C:\Windows\System\SqOMiel.exe
  2⤵
  PID:2952
- C:\Windows\System\IKZRkVg.exe
  C:\Windows\System\IKZRkVg.exe
  2⤵
  PID:5944
- C:\Windows\System\btSUTsk.exe
  C:\Windows\System\btSUTsk.exe
  2⤵
  PID:1660
- C:\Windows\System\aNWgqhG.exe
  C:\Windows\System\aNWgqhG.exe
  2⤵
  PID:2860
- C:\Windows\System\TNiQZVD.exe
  C:\Windows\System\TNiQZVD.exe
  2⤵
  PID:5748
- C:\Windows\System\gQNkNBr.exe
  C:\Windows\System\gQNkNBr.exe
  2⤵
  PID:6008
- C:\Windows\System\cMggsfB.exe
  C:\Windows\System\cMggsfB.exe
  2⤵
  PID:6016
- C:\Windows\System\liYikOx.exe
  C:\Windows\System\liYikOx.exe
  2⤵
  PID:5268
- C:\Windows\System\emqpsaw.exe
  C:\Windows\System\emqpsaw.exe
  2⤵
  PID:5256
- C:\Windows\System\fhggIzh.exe
  C:\Windows\System\fhggIzh.exe
  2⤵
  PID:5468
- C:\Windows\System\eLyQHaf.exe
  C:\Windows\System\eLyQHaf.exe
  2⤵
  PID:5604
- C:\Windows\System\xlIDpIk.exe
  C:\Windows\System\xlIDpIk.exe
  2⤵
  PID:340
- C:\Windows\System\AJhmErB.exe
  C:\Windows\System\AJhmErB.exe
  2⤵
  PID:5564
- C:\Windows\System\rCAzsWP.exe
  C:\Windows\System\rCAzsWP.exe
  2⤵
  PID:1656
- C:\Windows\System\fpdzled.exe
  C:\Windows\System\fpdzled.exe
  2⤵
  PID:6000
- C:\Windows\System\qiOnsmF.exe
  C:\Windows\System\qiOnsmF.exe
  2⤵
  PID:5784
- C:\Windows\System\nEzIzUk.exe
  C:\Windows\System\nEzIzUk.exe
  2⤵
  PID:5544
- C:\Windows\System\kpDtjKV.exe
  C:\Windows\System\kpDtjKV.exe
  2⤵
  PID:6040
- C:\Windows\System\aNZaTLZ.exe
  C:\Windows\System\aNZaTLZ.exe
  2⤵
  PID:6076
- C:\Windows\System\tDnDbGX.exe
  C:\Windows\System\tDnDbGX.exe
  2⤵
  PID:888
- C:\Windows\System\WCXtQiP.exe
  C:\Windows\System\WCXtQiP.exe
  2⤵
  PID:6128
- C:\Windows\System\OUSIbvA.exe
  C:\Windows\System\OUSIbvA.exe
  2⤵
  PID:5304
- C:\Windows\System\RQYBeku.exe
  C:\Windows\System\RQYBeku.exe
  2⤵
  PID:1644
- C:\Windows\System\vIgSuRX.exe
  C:\Windows\System\vIgSuRX.exe
  2⤵
  PID:2452
- C:\Windows\System\RoytXPQ.exe
  C:\Windows\System\RoytXPQ.exe
  2⤵
  PID:5488
- C:\Windows\System\hCrmdtX.exe
  C:\Windows\System\hCrmdtX.exe
  2⤵
  PID:5924
- C:\Windows\System\nwaTTpG.exe
  C:\Windows\System\nwaTTpG.exe
  2⤵
  PID:5840
- C:\Windows\System\DFJWzlr.exe
  C:\Windows\System\DFJWzlr.exe
  2⤵
  PID:5592
- C:\Windows\System\fHnJiqU.exe
  C:\Windows\System\fHnJiqU.exe
  2⤵
  PID:2328
- C:\Windows\System\yokFvrM.exe
  C:\Windows\System\yokFvrM.exe
  2⤵
  PID:5560
- C:\Windows\System\ZSpuuaj.exe
  C:\Windows\System\ZSpuuaj.exe
  2⤵
  PID:484
- C:\Windows\System\jeKEJOT.exe
  C:\Windows\System\jeKEJOT.exe
  2⤵
  PID:6104
- C:\Windows\System\kpoEdWA.exe
  C:\Windows\System\kpoEdWA.exe
  2⤵
  PID:5740
- C:\Windows\System\kuLiNpa.exe
  C:\Windows\System\kuLiNpa.exe
  2⤵
  PID:6156
- C:\Windows\System\PfJZhZr.exe
  C:\Windows\System\PfJZhZr.exe
  2⤵
  PID:6176
- C:\Windows\System\JvjrkXb.exe
  C:\Windows\System\JvjrkXb.exe
  2⤵
  PID:6192
- C:\Windows\System\QehafFV.exe
  C:\Windows\System\QehafFV.exe
  2⤵
  PID:6212
- C:\Windows\System\JMjqXrc.exe
  C:\Windows\System\JMjqXrc.exe
  2⤵
  PID:6240
- C:\Windows\System\LWQLtzT.exe
  C:\Windows\System\LWQLtzT.exe
  2⤵
  PID:6268
- C:\Windows\System\eXQpttb.exe
  C:\Windows\System\eXQpttb.exe
  2⤵
  PID:6292
- C:\Windows\System\RmfTeOF.exe
  C:\Windows\System\RmfTeOF.exe
  2⤵
  PID:6312
- C:\Windows\System\uqrKAFx.exe
  C:\Windows\System\uqrKAFx.exe
  2⤵
  PID:6328
- C:\Windows\System\WzWUafS.exe
  C:\Windows\System\WzWUafS.exe
  2⤵
  PID:6356
- C:\Windows\System\TNqdpnA.exe
  C:\Windows\System\TNqdpnA.exe
  2⤵
  PID:6372
- C:\Windows\System\xqXxJtz.exe
  C:\Windows\System\xqXxJtz.exe
  2⤵
  PID:6396
- C:\Windows\System\vLHNLMj.exe
  C:\Windows\System\vLHNLMj.exe
  2⤵
  PID:6412
- C:\Windows\System\uOehSed.exe
  C:\Windows\System\uOehSed.exe
  2⤵
  PID:6436
- C:\Windows\System\mpBzSYD.exe
  C:\Windows\System\mpBzSYD.exe
  2⤵
  PID:6452
- C:\Windows\System\XEjocTi.exe
  C:\Windows\System\XEjocTi.exe
  2⤵
  PID:6476
- C:\Windows\System\RlfuhbQ.exe
  C:\Windows\System\RlfuhbQ.exe
  2⤵
  PID:6492
- C:\Windows\System\fgoDqTh.exe
  C:\Windows\System\fgoDqTh.exe
  2⤵
  PID:6512
- C:\Windows\System\UzJeREJ.exe
  C:\Windows\System\UzJeREJ.exe
  2⤵
  PID:6532
- C:\Windows\System\pmpTOLJ.exe
  C:\Windows\System\pmpTOLJ.exe
  2⤵
  PID:6556
- C:\Windows\System\qlOqqcw.exe
  C:\Windows\System\qlOqqcw.exe
  2⤵
  PID:6572
- C:\Windows\System\UCYGubW.exe
  C:\Windows\System\UCYGubW.exe
  2⤵
  PID:6592
- C:\Windows\System\nEMJodO.exe
  C:\Windows\System\nEMJodO.exe
  2⤵
  PID:6612
- C:\Windows\System\mHMMCUb.exe
  C:\Windows\System\mHMMCUb.exe
  2⤵
  PID:6628
- C:\Windows\System\JjTrUhC.exe
  C:\Windows\System\JjTrUhC.exe
  2⤵
  PID:6644
- C:\Windows\System\GGJfVzl.exe
  C:\Windows\System\GGJfVzl.exe
  2⤵
  PID:6660
- C:\Windows\System\vNQnAfO.exe
  C:\Windows\System\vNQnAfO.exe
  2⤵
  PID:6680
- C:\Windows\System\Lrlomgb.exe
  C:\Windows\System\Lrlomgb.exe
  2⤵
  PID:6696
- C:\Windows\System\mUwRMfw.exe
  C:\Windows\System\mUwRMfw.exe
  2⤵
  PID:6712
- C:\Windows\System\xqDQega.exe
  C:\Windows\System\xqDQega.exe
  2⤵
  PID:6736
- C:\Windows\System\xZqpFGe.exe
  C:\Windows\System\xZqpFGe.exe
  2⤵
  PID:6768
- C:\Windows\System\qAUnGGI.exe
  C:\Windows\System\qAUnGGI.exe
  2⤵
  PID:6784
- C:\Windows\System\gKurdAi.exe
  C:\Windows\System\gKurdAi.exe
  2⤵
  PID:6804
- C:\Windows\System\KkczNlJ.exe
  C:\Windows\System\KkczNlJ.exe
  2⤵
  PID:6820
- C:\Windows\System\QrQQKLq.exe
  C:\Windows\System\QrQQKLq.exe
  2⤵
  PID:6868
- C:\Windows\System\bckbJyq.exe
  C:\Windows\System\bckbJyq.exe
  2⤵
  PID:6884
- C:\Windows\System\MrmAlAI.exe
  C:\Windows\System\MrmAlAI.exe
  2⤵
  PID:6900
- C:\Windows\System\CuSOFhS.exe
  C:\Windows\System\CuSOFhS.exe
  2⤵
  PID:6920
- C:\Windows\System\QxbSBRS.exe
  C:\Windows\System\QxbSBRS.exe
  2⤵
  PID:6940
- C:\Windows\System\aWeWIWq.exe
  C:\Windows\System\aWeWIWq.exe
  2⤵
  PID:6956
- C:\Windows\System\TLVcNAr.exe
  C:\Windows\System\TLVcNAr.exe
  2⤵
  PID:6972
- C:\Windows\System\moslnSh.exe
  C:\Windows\System\moslnSh.exe
  2⤵
  PID:6996
- C:\Windows\System\ddWJvGF.exe
  C:\Windows\System\ddWJvGF.exe
  2⤵
  PID:7016
- C:\Windows\System\MsdGSPH.exe
  C:\Windows\System\MsdGSPH.exe
  2⤵
  PID:7032
- C:\Windows\System\vcqnjGq.exe
  C:\Windows\System\vcqnjGq.exe
  2⤵
  PID:7048
- C:\Windows\System\bHSgTCQ.exe
  C:\Windows\System\bHSgTCQ.exe
  2⤵
  PID:7068
- C:\Windows\System\hnwEvyy.exe
  C:\Windows\System\hnwEvyy.exe
  2⤵
  PID:7084
- C:\Windows\System\BKKwRAn.exe
  C:\Windows\System\BKKwRAn.exe
  2⤵
  PID:7100
- C:\Windows\System\pRENsCZ.exe
  C:\Windows\System\pRENsCZ.exe
  2⤵
  PID:7116
- C:\Windows\System\FJKTTJi.exe
  C:\Windows\System\FJKTTJi.exe
  2⤵
  PID:7144
- C:\Windows\System\aKTRlGr.exe
  C:\Windows\System\aKTRlGr.exe
  2⤵
  PID:7160
- C:\Windows\System\ANlFoID.exe
  C:\Windows\System\ANlFoID.exe
  2⤵
  PID:4112
- C:\Windows\System\VqERIyo.exe
  C:\Windows\System\VqERIyo.exe
  2⤵
  PID:6184
- C:\Windows\System\VqQIfjp.exe
  C:\Windows\System\VqQIfjp.exe
  2⤵
  PID:2612
- C:\Windows\System\riSvRJJ.exe
  C:\Windows\System\riSvRJJ.exe
  2⤵
  PID:6200
- C:\Windows\System\vTGqkrA.exe
  C:\Windows\System\vTGqkrA.exe
  2⤵
  PID:6260
- C:\Windows\System\AudUCYF.exe
  C:\Windows\System\AudUCYF.exe
  2⤵
  PID:6224
- C:\Windows\System\iawTPHO.exe
  C:\Windows\System\iawTPHO.exe
  2⤵
  PID:6276
- C:\Windows\System\yAXFdQf.exe
  C:\Windows\System\yAXFdQf.exe
  2⤵
  PID:6308
- C:\Windows\System\nthiLde.exe
  C:\Windows\System\nthiLde.exe
  2⤵
  PID:6340
- C:\Windows\System\SeMgAts.exe
  C:\Windows\System\SeMgAts.exe
  2⤵
  PID:6388
- C:\Windows\System\rhrNIwF.exe
  C:\Windows\System\rhrNIwF.exe
  2⤵
  PID:6320
- C:\Windows\System\JtOsaAM.exe
  C:\Windows\System\JtOsaAM.exe
  2⤵
  PID:6432
- C:\Windows\System\PcCvOUI.exe
  C:\Windows\System\PcCvOUI.exe
  2⤵
  PID:6552
- C:\Windows\System\UghxTca.exe
  C:\Windows\System\UghxTca.exe
  2⤵
  PID:6524
- C:\Windows\System\wJFSpqC.exe
  C:\Windows\System\wJFSpqC.exe
  2⤵
  PID:6564
- C:\Windows\System\ApntreW.exe
  C:\Windows\System\ApntreW.exe
  2⤵
  PID:6692
- C:\Windows\System\ZPcuMKl.exe
  C:\Windows\System\ZPcuMKl.exe
  2⤵
  PID:6780
- C:\Windows\System\UEwmgsi.exe
  C:\Windows\System\UEwmgsi.exe
  2⤵
  PID:6640
- C:\Windows\System\ymSCMgK.exe
  C:\Windows\System\ymSCMgK.exe
  2⤵
  PID:6812
- C:\Windows\System\IqqcRms.exe
  C:\Windows\System\IqqcRms.exe
  2⤵
  PID:6748
- C:\Windows\System\PxZiBXe.exe
  C:\Windows\System\PxZiBXe.exe
  2⤵
  PID:6704
- C:\Windows\System\IBncRXj.exe
  C:\Windows\System\IBncRXj.exe
  2⤵
  PID:6852
- C:\Windows\System\lBpxLex.exe
  C:\Windows\System\lBpxLex.exe
  2⤵
  PID:6908
- C:\Windows\System\aCoPnrC.exe
  C:\Windows\System\aCoPnrC.exe
  2⤵
  PID:6952
- C:\Windows\System\rdeMjpJ.exe
  C:\Windows\System\rdeMjpJ.exe
  2⤵
  PID:6988
- C:\Windows\System\BsTvpIZ.exe
  C:\Windows\System\BsTvpIZ.exe
  2⤵
  PID:7028
- C:\Windows\System\lceQgPg.exe
  C:\Windows\System\lceQgPg.exe
  2⤵
  PID:7136
- C:\Windows\System\pAFhTXu.exe
  C:\Windows\System\pAFhTXu.exe
  2⤵
  PID:2916
- C:\Windows\System\lKWjqBa.exe
  C:\Windows\System\lKWjqBa.exe
  2⤵
  PID:5892
- C:\Windows\System\CjxLIXl.exe
  C:\Windows\System\CjxLIXl.exe
  2⤵
  PID:6964
- C:\Windows\System\IvKqEKN.exe
  C:\Windows\System\IvKqEKN.exe
  2⤵
  PID:7012
- C:\Windows\System\XFHOaoZ.exe
  C:\Windows\System\XFHOaoZ.exe
  2⤵
  PID:6248
- C:\Windows\System\HIwrQZz.exe
  C:\Windows\System\HIwrQZz.exe
  2⤵
  PID:5372
- C:\Windows\System\wJQjEtt.exe
  C:\Windows\System\wJQjEtt.exe
  2⤵
  PID:6464
- C:\Windows\System\QLVKAhk.exe
  C:\Windows\System\QLVKAhk.exe
  2⤵
  PID:6344
- C:\Windows\System\uqVgwmc.exe
  C:\Windows\System\uqVgwmc.exe
  2⤵
  PID:6448
- C:\Windows\System\yQaPdsr.exe
  C:\Windows\System\yQaPdsr.exe
  2⤵
  PID:6540
- C:\Windows\System\qLkIxpU.exe
  C:\Windows\System\qLkIxpU.exe
  2⤵
  PID:6044
- C:\Windows\System\pVriJLC.exe
  C:\Windows\System\pVriJLC.exe
  2⤵
  PID:6384
- C:\Windows\System\ZuOCHsn.exe
  C:\Windows\System\ZuOCHsn.exe
  2⤵
  PID:6428
- C:\Windows\System\adPzyVa.exe
  C:\Windows\System\adPzyVa.exe
  2⤵
  PID:6600
- C:\Windows\System\bmSRcZG.exe
  C:\Windows\System\bmSRcZG.exe
  2⤵
  PID:6652
- C:\Windows\System\JWIGoLY.exe
  C:\Windows\System\JWIGoLY.exe
  2⤵
  PID:6728
- C:\Windows\System\cKOJUMd.exe
  C:\Windows\System\cKOJUMd.exe
  2⤵
  PID:6668
- C:\Windows\System\NkrJwfF.exe
  C:\Windows\System\NkrJwfF.exe
  2⤵
  PID:6800
- C:\Windows\System\EqibhLk.exe
  C:\Windows\System\EqibhLk.exe
  2⤵
  PID:6744
- C:\Windows\System\JmiqzXM.exe
  C:\Windows\System\JmiqzXM.exe
  2⤵
  PID:6864
- C:\Windows\System\IYmAPPU.exe
  C:\Windows\System\IYmAPPU.exe
  2⤵
  PID:6876
- C:\Windows\System\hABnsrI.exe
  C:\Windows\System\hABnsrI.exe
  2⤵
  PID:7128
- C:\Windows\System\DsLUzDD.exe
  C:\Windows\System\DsLUzDD.exe
  2⤵
  PID:5904
- C:\Windows\System\qNdaGao.exe
  C:\Windows\System\qNdaGao.exe
  2⤵
  PID:6284
- C:\Windows\System\JMNjJUU.exe
  C:\Windows\System\JMNjJUU.exe
  2⤵
  PID:6168
- C:\Windows\System\CICnCbO.exe
  C:\Windows\System\CICnCbO.exe
  2⤵
  PID:7108
- C:\Windows\System\ISECgLm.exe
  C:\Windows\System\ISECgLm.exe
  2⤵
  PID:6408
- C:\Windows\System\AubaBnK.exe
  C:\Windows\System\AubaBnK.exe
  2⤵
  PID:7044
- C:\Windows\System\jDnbBWv.exe
  C:\Windows\System\jDnbBWv.exe
  2⤵
  PID:6264
- C:\Windows\System\pTjgXFd.exe
  C:\Windows\System\pTjgXFd.exe
  2⤵
  PID:6220
- C:\Windows\System\GtcTQvP.exe
  C:\Windows\System\GtcTQvP.exe
  2⤵
  PID:5464
- C:\Windows\System\EeaSglb.exe
  C:\Windows\System\EeaSglb.exe
  2⤵
  PID:6688
- C:\Windows\System\KBMGyxP.exe
  C:\Windows\System\KBMGyxP.exe
  2⤵
  PID:6676
- C:\Windows\System\jeeaUdf.exe
  C:\Windows\System\jeeaUdf.exe
  2⤵
  PID:7024
- C:\Windows\System\LaHeIRl.exe
  C:\Windows\System\LaHeIRl.exe
  2⤵
  PID:6916
- C:\Windows\System\vfeswEO.exe
  C:\Windows\System\vfeswEO.exe
  2⤵
  PID:7156
- C:\Windows\System\XvkXQvi.exe
  C:\Windows\System\XvkXQvi.exe
  2⤵
  PID:6472
- C:\Windows\System\nxxWiBU.exe
  C:\Windows\System\nxxWiBU.exe
  2⤵
  PID:6236
- C:\Windows\System\XTKyadX.exe
  C:\Windows\System\XTKyadX.exe
  2⤵
  PID:6548
- C:\Windows\System\qZjevwF.exe
  C:\Windows\System\qZjevwF.exe
  2⤵
  PID:6608
- C:\Windows\System\UpuVYTk.exe
  C:\Windows\System\UpuVYTk.exe
  2⤵
  PID:6588
- C:\Windows\System\FMSvJfL.exe
  C:\Windows\System\FMSvJfL.exe
  2⤵
  PID:6980
- C:\Windows\System\HiUUOgq.exe
  C:\Windows\System\HiUUOgq.exe
  2⤵
  PID:5964
- C:\Windows\System\ZTqqsnR.exe
  C:\Windows\System\ZTqqsnR.exe
  2⤵
  PID:6500
- C:\Windows\System\bmyYhXm.exe
  C:\Windows\System\bmyYhXm.exe
  2⤵
  PID:6468
- C:\Windows\System\sfqAXXN.exe
  C:\Windows\System\sfqAXXN.exe
  2⤵
  PID:6304
- C:\Windows\System\BQAybXO.exe
  C:\Windows\System\BQAybXO.exe
  2⤵
  PID:6948
- C:\Windows\System\Xtvuaxv.exe
  C:\Windows\System\Xtvuaxv.exe
  2⤵
  PID:6848
- C:\Windows\System\VwPRrdp.exe
  C:\Windows\System\VwPRrdp.exe
  2⤵
  PID:6880
- C:\Windows\System\WVtAgHa.exe
  C:\Windows\System\WVtAgHa.exe
  2⤵
  PID:6760
- C:\Windows\System\VnNOFhC.exe
  C:\Windows\System\VnNOFhC.exe
  2⤵
  PID:7192
- C:\Windows\System\kqhPToA.exe
  C:\Windows\System\kqhPToA.exe
  2⤵
  PID:7208
- C:\Windows\System\uNYnain.exe
  C:\Windows\System\uNYnain.exe
  2⤵
  PID:7236
- C:\Windows\System\opWzdVq.exe
  C:\Windows\System\opWzdVq.exe
  2⤵
  PID:7256
- C:\Windows\System\PHpVOpa.exe
  C:\Windows\System\PHpVOpa.exe
  2⤵
  PID:7272
- C:\Windows\System\WvGSuwu.exe
  C:\Windows\System\WvGSuwu.exe
  2⤵
  PID:7292
- C:\Windows\System\guPolyR.exe
  C:\Windows\System\guPolyR.exe
  2⤵
  PID:7312
- C:\Windows\System\ITIphsR.exe
  C:\Windows\System\ITIphsR.exe
  2⤵
  PID:7328
- C:\Windows\System\IchJUoW.exe
  C:\Windows\System\IchJUoW.exe
  2⤵
  PID:7344
- C:\Windows\System\HpAZhxL.exe
  C:\Windows\System\HpAZhxL.exe
  2⤵
  PID:7372
- C:\Windows\System\kxttiNy.exe
  C:\Windows\System\kxttiNy.exe
  2⤵
  PID:7388
- C:\Windows\System\TsYdAdv.exe
  C:\Windows\System\TsYdAdv.exe
  2⤵
  PID:7408
- C:\Windows\System\yUThwWV.exe
  C:\Windows\System\yUThwWV.exe
  2⤵
  PID:7424
- C:\Windows\System\AjdlgbH.exe
  C:\Windows\System\AjdlgbH.exe
  2⤵
  PID:7444
- C:\Windows\System\igmPPxR.exe
  C:\Windows\System\igmPPxR.exe
  2⤵
  PID:7472
- C:\Windows\System\PUuCWRn.exe
  C:\Windows\System\PUuCWRn.exe
  2⤵
  PID:7512
- C:\Windows\System\lSlhNNX.exe
  C:\Windows\System\lSlhNNX.exe
  2⤵
  PID:7540
- C:\Windows\System\UJshHNI.exe
  C:\Windows\System\UJshHNI.exe
  2⤵
  PID:7556
- C:\Windows\System\xidFwNf.exe
  C:\Windows\System\xidFwNf.exe
  2⤵
  PID:7580
- C:\Windows\System\ridmUxy.exe
  C:\Windows\System\ridmUxy.exe
  2⤵
  PID:7596
- C:\Windows\System\pXSLvHp.exe
  C:\Windows\System\pXSLvHp.exe
  2⤵
  PID:7616
- C:\Windows\System\CUlcyhF.exe
  C:\Windows\System\CUlcyhF.exe
  2⤵
  PID:7636
- C:\Windows\System\ClFheyT.exe
  C:\Windows\System\ClFheyT.exe
  2⤵
  PID:7652
- C:\Windows\System\VxRBZRw.exe
  C:\Windows\System\VxRBZRw.exe
  2⤵
  PID:7692
- C:\Windows\System\MHqzVzB.exe
  C:\Windows\System\MHqzVzB.exe
  2⤵
  PID:7716
- C:\Windows\System\wnpmKpB.exe
  C:\Windows\System\wnpmKpB.exe
  2⤵
  PID:7732
- C:\Windows\System\aVdFntb.exe
  C:\Windows\System\aVdFntb.exe
  2⤵
  PID:7748
- C:\Windows\System\Vvnpuwt.exe
  C:\Windows\System\Vvnpuwt.exe
  2⤵
  PID:7768
- C:\Windows\System\YnppZrs.exe
  C:\Windows\System\YnppZrs.exe
  2⤵
  PID:7788
- C:\Windows\System\vunBNpS.exe
  C:\Windows\System\vunBNpS.exe
  2⤵
  PID:7804
- C:\Windows\System\ggZLqgw.exe
  C:\Windows\System\ggZLqgw.exe
  2⤵
  PID:7820
- C:\Windows\System\rfxaPdM.exe
  C:\Windows\System\rfxaPdM.exe
  2⤵
  PID:7836
- C:\Windows\System\ufcVgXO.exe
  C:\Windows\System\ufcVgXO.exe
  2⤵
  PID:7856
- C:\Windows\System\KSNUXFc.exe
  C:\Windows\System\KSNUXFc.exe
  2⤵
  PID:7872
- C:\Windows\System\UjoQRLk.exe
  C:\Windows\System\UjoQRLk.exe
  2⤵
  PID:7900
- C:\Windows\System\IYPpvGH.exe
  C:\Windows\System\IYPpvGH.exe
  2⤵
  PID:7920
- C:\Windows\System\JsgbxTM.exe
  C:\Windows\System\JsgbxTM.exe
  2⤵
  PID:7940
- C:\Windows\System\bQWPNBl.exe
  C:\Windows\System\bQWPNBl.exe
  2⤵
  PID:7956
- C:\Windows\System\XVVGVBh.exe
  C:\Windows\System\XVVGVBh.exe
  2⤵
  PID:7972
- C:\Windows\System\ZBmfwFo.exe
  C:\Windows\System\ZBmfwFo.exe
  2⤵
  PID:7988
- C:\Windows\System\qiNhzxN.exe
  C:\Windows\System\qiNhzxN.exe
  2⤵
  PID:8016
- C:\Windows\System\pUOCgwd.exe
  C:\Windows\System\pUOCgwd.exe
  2⤵
  PID:8088
- C:\Windows\System\NMhhVSU.exe
  C:\Windows\System\NMhhVSU.exe
  2⤵
  PID:8104
- C:\Windows\System\SakwIpD.exe
  C:\Windows\System\SakwIpD.exe
  2⤵
  PID:8120
- C:\Windows\System\AwHzZVz.exe
  C:\Windows\System\AwHzZVz.exe
  2⤵
  PID:8136
- C:\Windows\System\adUKMau.exe
  C:\Windows\System\adUKMau.exe
  2⤵
  PID:8156
- C:\Windows\System\LLepsOA.exe
  C:\Windows\System\LLepsOA.exe
  2⤵
  PID:8180
- C:\Windows\System\MAtZovK.exe
  C:\Windows\System\MAtZovK.exe
  2⤵
  PID:7200
- C:\Windows\System\iDYeTzx.exe
  C:\Windows\System\iDYeTzx.exe
  2⤵
  PID:7280
- C:\Windows\System\tUqgiQX.exe
  C:\Windows\System\tUqgiQX.exe
  2⤵
  PID:7324
- C:\Windows\System\SLcsZkL.exe
  C:\Windows\System\SLcsZkL.exe
  2⤵
  PID:7188
- C:\Windows\System\TCfxsRN.exe
  C:\Windows\System\TCfxsRN.exe
  2⤵
  PID:7360
- C:\Windows\System\IXIWCJv.exe
  C:\Windows\System\IXIWCJv.exe
  2⤵
  PID:7396
- C:\Windows\System\AUEQqQg.exe
  C:\Windows\System\AUEQqQg.exe
  2⤵
  PID:7184
- C:\Windows\System\vsNIaTq.exe
  C:\Windows\System\vsNIaTq.exe
  2⤵
  PID:7440
- C:\Windows\System\JTKrUkT.exe
  C:\Windows\System\JTKrUkT.exe
  2⤵
  PID:7224
- C:\Windows\System\TPmGOIQ.exe
  C:\Windows\System\TPmGOIQ.exe
  2⤵
  PID:7308
- C:\Windows\System\omEtdyB.exe
  C:\Windows\System\omEtdyB.exe
  2⤵
  PID:7384
- C:\Windows\System\wHsCKry.exe
  C:\Windows\System\wHsCKry.exe
  2⤵
  PID:7452
- C:\Windows\System\GGKVCLg.exe
  C:\Windows\System\GGKVCLg.exe
  2⤵
  PID:7532
- C:\Windows\System\vIIzTKu.exe
  C:\Windows\System\vIIzTKu.exe
  2⤵
  PID:7604
- C:\Windows\System\vdlsLMp.exe
  C:\Windows\System\vdlsLMp.exe
  2⤵
  PID:7632
- C:\Windows\System\FkzQSxW.exe
  C:\Windows\System\FkzQSxW.exe
  2⤵
  PID:7644
- C:\Windows\System\cmQubfq.exe
  C:\Windows\System\cmQubfq.exe
  2⤵
  PID:7704
- C:\Windows\System\gaAFGNC.exe
  C:\Windows\System\gaAFGNC.exe
  2⤵
  PID:7764
- C:\Windows\System\reZLdqg.exe
  C:\Windows\System\reZLdqg.exe
  2⤵
  PID:7828
- C:\Windows\System\XbAQLqD.exe
  C:\Windows\System\XbAQLqD.exe
  2⤵
  PID:7916
- C:\Windows\System\bsVRhsT.exe
  C:\Windows\System\bsVRhsT.exe
  2⤵
  PID:7984
- C:\Windows\System\dImlADd.exe
  C:\Windows\System\dImlADd.exe
  2⤵
  PID:7744
- C:\Windows\System\TFVgjPB.exe
  C:\Windows\System\TFVgjPB.exe
  2⤵
  PID:7888
- C:\Windows\System\EXKCoIr.exe
  C:\Windows\System\EXKCoIr.exe
  2⤵
  PID:7932
- C:\Windows\System\oXujaOH.exe
  C:\Windows\System\oXujaOH.exe
  2⤵
  PID:7812
- C:\Windows\System\NsRDGvx.exe
  C:\Windows\System\NsRDGvx.exe
  2⤵
  PID:7964
- C:\Windows\System\HAHtMhn.exe
  C:\Windows\System\HAHtMhn.exe
  2⤵
  PID:8072
- C:\Windows\System\OMTPaXA.exe
  C:\Windows\System\OMTPaXA.exe
  2⤵
  PID:8112
- C:\Windows\System\LwkQsCN.exe
  C:\Windows\System\LwkQsCN.exe
  2⤵
  PID:8144
- C:\Windows\System\GPPGkoE.exe
  C:\Windows\System\GPPGkoE.exe
  2⤵
  PID:8172
- C:\Windows\System\ZTWMkSv.exe
  C:\Windows\System\ZTWMkSv.exe
  2⤵
  PID:6368
- C:\Windows\System\gJpkzSs.exe
  C:\Windows\System\gJpkzSs.exe
  2⤵
  PID:7216
- C:\Windows\System\zjZASRX.exe
  C:\Windows\System\zjZASRX.exe
  2⤵
  PID:7180
- C:\Windows\System\FlwpGmm.exe
  C:\Windows\System\FlwpGmm.exe
  2⤵
  PID:5764
- C:\Windows\System\LFDnwAU.exe
  C:\Windows\System\LFDnwAU.exe
  2⤵
  PID:7488
- C:\Windows\System\apgMHTD.exe
  C:\Windows\System\apgMHTD.exe
  2⤵
  PID:7220
- C:\Windows\System\gEoenQw.exe
  C:\Windows\System\gEoenQw.exe
  2⤵
  PID:8080
- C:\Windows\System\iLsjPJa.exe
  C:\Windows\System\iLsjPJa.exe
  2⤵
  PID:5436
- C:\Windows\System\Eybvvpr.exe
  C:\Windows\System\Eybvvpr.exe
  2⤵
  PID:7520
- C:\Windows\System\jtizwcR.exe
  C:\Windows\System\jtizwcR.exe
  2⤵
  PID:7676
- C:\Windows\System\LsPTXys.exe
  C:\Windows\System\LsPTXys.exe
  2⤵
  PID:7684
- C:\Windows\System\DtTUdEf.exe
  C:\Windows\System\DtTUdEf.exe
  2⤵
  PID:7756
- C:\Windows\System\dnLVZTD.exe
  C:\Windows\System\dnLVZTD.exe
  2⤵
  PID:7908
- C:\Windows\System\bnswZkI.exe
  C:\Windows\System\bnswZkI.exe
  2⤵
  PID:7776
- C:\Windows\System\KDFAMJY.exe
  C:\Windows\System\KDFAMJY.exe
  2⤵
  PID:8004
- C:\Windows\System\HSPgwGP.exe
  C:\Windows\System\HSPgwGP.exe
  2⤵
  PID:8068
- C:\Windows\System\KHNKeBo.exe
  C:\Windows\System\KHNKeBo.exe
  2⤵
  PID:8032
- C:\Windows\System\Jqujnbv.exe
  C:\Windows\System\Jqujnbv.exe
  2⤵
  PID:7936
- C:\Windows\System\gZsLyfd.exe
  C:\Windows\System\gZsLyfd.exe
  2⤵
  PID:7092
- C:\Windows\System\FBvlbDs.exe
  C:\Windows\System\FBvlbDs.exe
  2⤵
  PID:7172
- C:\Windows\System\fxHvUEn.exe
  C:\Windows\System\fxHvUEn.exe
  2⤵
  PID:7480
- C:\Windows\System\LJHHgwb.exe
  C:\Windows\System\LJHHgwb.exe
  2⤵
  PID:7368
- C:\Windows\System\tZIEELG.exe
  C:\Windows\System\tZIEELG.exe
  2⤵
  PID:7124
- C:\Windows\System\ualOEXD.exe
  C:\Windows\System\ualOEXD.exe
  2⤵
  PID:7552
- C:\Windows\System\cQuGUbb.exe
  C:\Windows\System\cQuGUbb.exe
  2⤵
  PID:7664
- C:\Windows\System\XtjjLYv.exe
  C:\Windows\System\XtjjLYv.exe
  2⤵
  PID:7996
- C:\Windows\System\DRvHUAM.exe
  C:\Windows\System\DRvHUAM.exe
  2⤵
  PID:6828
- C:\Windows\System\BnYKBFH.exe
  C:\Windows\System\BnYKBFH.exe
  2⤵
  PID:8188
- C:\Windows\System\WseiPHq.exe
  C:\Windows\System\WseiPHq.exe
  2⤵
  PID:7176
- C:\Windows\System\OgTqpCn.exe
  C:\Windows\System\OgTqpCn.exe
  2⤵
  PID:7892
- C:\Windows\System\iifNvkB.exe
  C:\Windows\System\iifNvkB.exe
  2⤵
  PID:8028
- C:\Windows\System\KCpaYPJ.exe
  C:\Windows\System\KCpaYPJ.exe
  2⤵
  PID:992
- C:\Windows\System\RtQPvih.exe
  C:\Windows\System\RtQPvih.exe
  2⤵
  PID:8168
- C:\Windows\System\WRritJl.exe
  C:\Windows\System\WRritJl.exe
  2⤵
  PID:7504
- C:\Windows\System\otlHRFG.exe
  C:\Windows\System\otlHRFG.exe
  2⤵
  PID:7612
- C:\Windows\System\qEUeZDx.exe
  C:\Windows\System\qEUeZDx.exe
  2⤵
  PID:7300
- C:\Windows\System\pULIJoa.exe
  C:\Windows\System\pULIJoa.exe
  2⤵
  PID:8000
- C:\Windows\System\pGNNCWG.exe
  C:\Windows\System\pGNNCWG.exe
  2⤵
  PID:6508
- C:\Windows\System\lHwqdnR.exe
  C:\Windows\System\lHwqdnR.exe
  2⤵
  PID:5284
- C:\Windows\System\chqGOSa.exe
  C:\Windows\System\chqGOSa.exe
  2⤵
  PID:7832
- C:\Windows\System\nxDlQfw.exe
  C:\Windows\System\nxDlQfw.exe
  2⤵
  PID:8152
- C:\Windows\System\mYhRrrp.exe
  C:\Windows\System\mYhRrrp.exe
  2⤵
  PID:7848
- C:\Windows\System\livnMua.exe
  C:\Windows\System\livnMua.exe
  2⤵
  PID:7484
- C:\Windows\System\tZxJliq.exe
  C:\Windows\System\tZxJliq.exe
  2⤵
  PID:7816
- C:\Windows\System\dIegEbn.exe
  C:\Windows\System\dIegEbn.exe
  2⤵
  PID:7380
- C:\Windows\System\jCnBoQx.exe
  C:\Windows\System\jCnBoQx.exe
  2⤵
  PID:8220
- C:\Windows\System\pJPakOr.exe
  C:\Windows\System\pJPakOr.exe
  2⤵
  PID:8236
- C:\Windows\System\Undckhh.exe
  C:\Windows\System\Undckhh.exe
  2⤵
  PID:8252
- C:\Windows\System\YKCUvps.exe
  C:\Windows\System\YKCUvps.exe
  2⤵
  PID:8280
- C:\Windows\System\zdddFHD.exe
  C:\Windows\System\zdddFHD.exe
  2⤵
  PID:8296
- C:\Windows\System\RJfzsUk.exe
  C:\Windows\System\RJfzsUk.exe
  2⤵
  PID:8312
- C:\Windows\System\bOtlWQS.exe
  C:\Windows\System\bOtlWQS.exe
  2⤵
  PID:8328
- C:\Windows\System\eAqzAqm.exe
  C:\Windows\System\eAqzAqm.exe
  2⤵
  PID:8348
- C:\Windows\System\HRVRFDA.exe
  C:\Windows\System\HRVRFDA.exe
  2⤵
  PID:8364
- C:\Windows\System\oLfJUcz.exe
  C:\Windows\System\oLfJUcz.exe
  2⤵
  PID:8384
- C:\Windows\System\qojocSN.exe
  C:\Windows\System\qojocSN.exe
  2⤵
  PID:8408
- C:\Windows\System\OrJcPkR.exe
  C:\Windows\System\OrJcPkR.exe
  2⤵
  PID:8440
- C:\Windows\System\CEDNOBV.exe
  C:\Windows\System\CEDNOBV.exe
  2⤵
  PID:8456
- C:\Windows\System\oSBtQZe.exe
  C:\Windows\System\oSBtQZe.exe
  2⤵
  PID:8472
- C:\Windows\System\PJvHQtE.exe
  C:\Windows\System\PJvHQtE.exe
  2⤵
  PID:8488
- C:\Windows\System\LtCtVlh.exe
  C:\Windows\System\LtCtVlh.exe
  2⤵
  PID:8508
- C:\Windows\System\KghYbek.exe
  C:\Windows\System\KghYbek.exe
  2⤵
  PID:8524
- C:\Windows\System\xJNcDjT.exe
  C:\Windows\System\xJNcDjT.exe
  2⤵
  PID:8540
- C:\Windows\System\RtsThyF.exe
  C:\Windows\System\RtsThyF.exe
  2⤵
  PID:8556
- C:\Windows\System\zDhwOvW.exe
  C:\Windows\System\zDhwOvW.exe
  2⤵
  PID:8580
- C:\Windows\System\QyDeRNn.exe
  C:\Windows\System\QyDeRNn.exe
  2⤵
  PID:8596
- C:\Windows\System\LWtmsxN.exe
  C:\Windows\System\LWtmsxN.exe
  2⤵
  PID:8612
- C:\Windows\System\ZNIaJNk.exe
  C:\Windows\System\ZNIaJNk.exe
  2⤵
  PID:8632
- C:\Windows\System\tkNBORy.exe
  C:\Windows\System\tkNBORy.exe
  2⤵
  PID:8652
- C:\Windows\System\GbmfjVd.exe
  C:\Windows\System\GbmfjVd.exe
  2⤵
  PID:8692
- C:\Windows\System\yYyXqFr.exe
  C:\Windows\System\yYyXqFr.exe
  2⤵
  PID:8708
- C:\Windows\System\qDavAkO.exe
  C:\Windows\System\qDavAkO.exe
  2⤵
  PID:8732
- C:\Windows\System\gwrpebo.exe
  C:\Windows\System\gwrpebo.exe
  2⤵
  PID:8764
- C:\Windows\System\JtKDIIY.exe
  C:\Windows\System\JtKDIIY.exe
  2⤵
  PID:8780
- C:\Windows\System\QNOBFAC.exe
  C:\Windows\System\QNOBFAC.exe
  2⤵
  PID:8800
- C:\Windows\System\HfOyHLJ.exe
  C:\Windows\System\HfOyHLJ.exe
  2⤵
  PID:8824
- C:\Windows\System\CuCDcZS.exe
  C:\Windows\System\CuCDcZS.exe
  2⤵
  PID:8840
- C:\Windows\System\msryXzg.exe
  C:\Windows\System\msryXzg.exe
  2⤵
  PID:8856
- C:\Windows\System\gaekihD.exe
  C:\Windows\System\gaekihD.exe
  2⤵
  PID:8872
- C:\Windows\System\ispnPGc.exe
  C:\Windows\System\ispnPGc.exe
  2⤵
  PID:8888
- C:\Windows\System\OIxhVkP.exe
  C:\Windows\System\OIxhVkP.exe
  2⤵
  PID:8904
- C:\Windows\System\ApBJbhz.exe
  C:\Windows\System\ApBJbhz.exe
  2⤵
  PID:8920
- C:\Windows\System\ZxfMvmg.exe
  C:\Windows\System\ZxfMvmg.exe
  2⤵
  PID:8936
- C:\Windows\System\tTNKsxq.exe
  C:\Windows\System\tTNKsxq.exe
  2⤵
  PID:8960
- C:\Windows\System\vnisGXY.exe
  C:\Windows\System\vnisGXY.exe
  2⤵
  PID:8976
- C:\Windows\System\lKpydZv.exe
  C:\Windows\System\lKpydZv.exe
  2⤵
  PID:8992
- C:\Windows\System\iSrRQLw.exe
  C:\Windows\System\iSrRQLw.exe
  2⤵
  PID:9016
- C:\Windows\System\HvqFREx.exe
  C:\Windows\System\HvqFREx.exe
  2⤵
  PID:9068
- C:\Windows\System\DhzbZst.exe
  C:\Windows\System\DhzbZst.exe
  2⤵
  PID:9088
- C:\Windows\System\vbfZgnk.exe
  C:\Windows\System\vbfZgnk.exe
  2⤵
  PID:9104
- C:\Windows\System\EPgHlPH.exe
  C:\Windows\System\EPgHlPH.exe
  2⤵
  PID:9128
- C:\Windows\System\isCRWNn.exe
  C:\Windows\System\isCRWNn.exe
  2⤵
  PID:9144
- C:\Windows\System\BPRecFt.exe
  C:\Windows\System\BPRecFt.exe
  2⤵
  PID:9160
- C:\Windows\System\GKknvrc.exe
  C:\Windows\System\GKknvrc.exe
  2⤵
  PID:9180
- C:\Windows\System\CLgEaOL.exe
  C:\Windows\System\CLgEaOL.exe
  2⤵
  PID:9196
- C:\Windows\System\DvYRUiR.exe
  C:\Windows\System\DvYRUiR.exe
  2⤵
  PID:9212
- C:\Windows\System\dhWyhxN.exe
  C:\Windows\System\dhWyhxN.exe
  2⤵
  PID:8204
- C:\Windows\System\SJphpcH.exe
  C:\Windows\System\SJphpcH.exe
  2⤵
  PID:7912
- C:\Windows\System\jllxTYR.exe
  C:\Windows\System\jllxTYR.exe
  2⤵
  PID:8244
- C:\Windows\System\vXFFipW.exe
  C:\Windows\System\vXFFipW.exe
  2⤵
  PID:8264
- C:\Windows\System\NGjIusc.exe
  C:\Windows\System\NGjIusc.exe
  2⤵
  PID:8376
- C:\Windows\System\SHFihQf.exe
  C:\Windows\System\SHFihQf.exe
  2⤵
  PID:8428
- C:\Windows\System\HguVKIi.exe
  C:\Windows\System\HguVKIi.exe
  2⤵
  PID:8360
- C:\Windows\System\vqRKMfb.exe
  C:\Windows\System\vqRKMfb.exe
  2⤵
  PID:8404
- C:\Windows\System\PdoLagw.exe
  C:\Windows\System\PdoLagw.exe
  2⤵
  PID:8448
- C:\Windows\System\zpkovkT.exe
  C:\Windows\System\zpkovkT.exe
  2⤵
  PID:8500
- C:\Windows\System\IrcmBAn.exe
  C:\Windows\System\IrcmBAn.exe
  2⤵
  PID:8564
- C:\Windows\System\onrurzA.exe
  C:\Windows\System\onrurzA.exe
  2⤵
  PID:8640
- C:\Windows\System\lIRDtoU.exe
  C:\Windows\System\lIRDtoU.exe
  2⤵
  PID:8520
- C:\Windows\System\OAeOHNB.exe
  C:\Windows\System\OAeOHNB.exe
  2⤵
  PID:8480
- C:\Windows\System\atOqiHO.exe
  C:\Windows\System\atOqiHO.exe
  2⤵
  PID:8552
- C:\Windows\System\dMJFell.exe
  C:\Windows\System\dMJFell.exe
  2⤵
  PID:4608
- C:\Windows\System\rsZdSKa.exe
  C:\Windows\System\rsZdSKa.exe
  2⤵
  PID:8684
- C:\Windows\System\mHZjLcl.exe
  C:\Windows\System\mHZjLcl.exe
  2⤵
  PID:8748
- C:\Windows\System\pipkRJF.exe
  C:\Windows\System\pipkRJF.exe
  2⤵
  PID:8720
- C:\Windows\System\cfobdlv.exe
  C:\Windows\System\cfobdlv.exe
  2⤵
  PID:8772
- C:\Windows\System\vRuTlBC.exe
  C:\Windows\System\vRuTlBC.exe
  2⤵
  PID:8792
- C:\Windows\System\TdhRMdo.exe
  C:\Windows\System\TdhRMdo.exe
  2⤵
  PID:8868
- C:\Windows\System\uXjjmEw.exe
  C:\Windows\System\uXjjmEw.exe
  2⤵
  PID:8820
- C:\Windows\System\GqxCRpv.exe
  C:\Windows\System\GqxCRpv.exe
  2⤵
  PID:7576
- C:\Windows\System\pOsOSEB.exe
  C:\Windows\System\pOsOSEB.exe
  2⤵
  PID:9012
- C:\Windows\System\leyLzJa.exe
  C:\Windows\System\leyLzJa.exe
  2⤵
  PID:9028
- C:\Windows\System\iITCzIP.exe
  C:\Windows\System\iITCzIP.exe
  2⤵
  PID:8948
- C:\Windows\System\yuMIFFP.exe
  C:\Windows\System\yuMIFFP.exe
  2⤵
  PID:9052
- C:\Windows\System\nxuASzx.exe
  C:\Windows\System\nxuASzx.exe
  2⤵
  PID:9076
- C:\Windows\System\WYONRhm.exe
  C:\Windows\System\WYONRhm.exe
  2⤵
  PID:9100
- C:\Windows\System\wWhGlGB.exe
  C:\Windows\System\wWhGlGB.exe
  2⤵
  PID:9136
- C:\Windows\System\jJAsktw.exe
  C:\Windows\System\jJAsktw.exe
  2⤵
  PID:9188
- C:\Windows\System\SYvmgzW.exe
  C:\Windows\System\SYvmgzW.exe
  2⤵
  PID:9168
- C:\Windows\System\QDiJraf.exe
  C:\Windows\System\QDiJraf.exe
  2⤵
  PID:9208
- C:\Windows\System\GnhAfSk.exe
  C:\Windows\System\GnhAfSk.exe
  2⤵
  PID:8216
- C:\Windows\System\bmyKYbO.exe
  C:\Windows\System\bmyKYbO.exe
  2⤵
  PID:8268
- C:\Windows\System\KacaVaX.exe
  C:\Windows\System\KacaVaX.exe
  2⤵
  PID:8208
- C:\Windows\System\ZLdlQEV.exe
  C:\Windows\System\ZLdlQEV.exe
  2⤵
  PID:8420
- C:\Windows\System\hMtKEaK.exe
  C:\Windows\System\hMtKEaK.exe
  2⤵
  PID:8572
- C:\Windows\System\RNhCmfY.exe
  C:\Windows\System\RNhCmfY.exe
  2⤵
  PID:8608
- C:\Windows\System\xDlPpvm.exe
  C:\Windows\System\xDlPpvm.exe
  2⤵
  PID:8628
- C:\Windows\System\Eqzgcjj.exe
  C:\Windows\System\Eqzgcjj.exe
  2⤵
  PID:8700
- C:\Windows\System\dyVipDB.exe
  C:\Windows\System\dyVipDB.exe
  2⤵
  PID:8724
- C:\Windows\System\YhjVYJT.exe
  C:\Windows\System\YhjVYJT.exe
  2⤵
  PID:8664
- C:\Windows\System\iQgKZVw.exe
  C:\Windows\System\iQgKZVw.exe
  2⤵
  PID:8760
- C:\Windows\System\gHhnDyV.exe
  C:\Windows\System\gHhnDyV.exe
  2⤵
  PID:8744
- C:\Windows\System\nLsafEK.exe
  C:\Windows\System\nLsafEK.exe
  2⤵
  PID:8928
- C:\Windows\System\IxMCALU.exe
  C:\Windows\System\IxMCALU.exe
  2⤵
  PID:8968
- C:\Windows\System\zOGZwaO.exe
  C:\Windows\System\zOGZwaO.exe
  2⤵
  PID:8952
- C:\Windows\System\HhOIPtq.exe
  C:\Windows\System\HhOIPtq.exe
  2⤵
  PID:9060
- C:\Windows\System\QUGxdhG.exe
  C:\Windows\System\QUGxdhG.exe
  2⤵
  PID:7928
- C:\Windows\System\jWxIZaY.exe
  C:\Windows\System\jWxIZaY.exe
  2⤵
  PID:9084
- C:\Windows\System\CzUOJIo.exe
  C:\Windows\System\CzUOJIo.exe
  2⤵
  PID:8288
- C:\Windows\System\KxwcSrG.exe
  C:\Windows\System\KxwcSrG.exe
  2⤵
  PID:8436
- C:\Windows\System\kloYkyT.exe
  C:\Windows\System\kloYkyT.exe
  2⤵
  PID:8272
- C:\Windows\System\ebbXqeM.exe
  C:\Windows\System\ebbXqeM.exe
  2⤵
  PID:8424
- C:\Windows\System\bKfhKza.exe
  C:\Windows\System\bKfhKza.exe
  2⤵
  PID:8604
- C:\Windows\System\MhxNFoG.exe
  C:\Windows\System\MhxNFoG.exe
  2⤵
  PID:8620
- C:\Windows\System\YQwSrWv.exe
  C:\Windows\System\YQwSrWv.exe
  2⤵
  PID:8776
- C:\Windows\System\vhZRXeG.exe
  C:\Windows\System\vhZRXeG.exe
  2⤵
  PID:8796
- C:\Windows\System\cQwxCpO.exe
  C:\Windows\System\cQwxCpO.exe
  2⤵
  PID:8836
- C:\Windows\System\dTKQOdo.exe
  C:\Windows\System\dTKQOdo.exe
  2⤵
  PID:8668
- C:\Windows\System\nRvFDXl.exe
  C:\Windows\System\nRvFDXl.exe
  2⤵
  PID:8916
- C:\Windows\System\umuAhxD.exe
  C:\Windows\System\umuAhxD.exe
  2⤵
  PID:8056
- C:\Windows\System\byGvPms.exe
  C:\Windows\System\byGvPms.exe
  2⤵
  PID:8812
- C:\Windows\System\GdWqUVI.exe
  C:\Windows\System\GdWqUVI.exe
  2⤵
  PID:7248
- C:\Windows\System\WABqWAG.exe
  C:\Windows\System\WABqWAG.exe
  2⤵
  PID:8496
- C:\Windows\System\aGYFLTa.exe
  C:\Windows\System\aGYFLTa.exe
  2⤵
  PID:8788
- C:\Windows\System\AfgorJg.exe
  C:\Windows\System\AfgorJg.exe
  2⤵
  PID:8912
- C:\Windows\System\LPSWtHv.exe
  C:\Windows\System\LPSWtHv.exe
  2⤵
  PID:8536
- C:\Windows\System\TLuhFzP.exe
  C:\Windows\System\TLuhFzP.exe
  2⤵
  PID:8336
- C:\Windows\System\GZjhHVO.exe
  C:\Windows\System\GZjhHVO.exe
  2⤵
  PID:9156
- C:\Windows\System\QrLGWAw.exe
  C:\Windows\System\QrLGWAw.exe
  2⤵
  PID:9116
- C:\Windows\System\oGcYDhO.exe
  C:\Windows\System\oGcYDhO.exe
  2⤵
  PID:8372
- C:\Windows\System\eKAVLnq.exe
  C:\Windows\System\eKAVLnq.exe
  2⤵
  PID:9124
- C:\Windows\System\wWvgQai.exe
  C:\Windows\System\wWvgQai.exe
  2⤵
  PID:8344
- C:\Windows\System\NrnxGFv.exe
  C:\Windows\System\NrnxGFv.exe
  2⤵
  PID:8308
- C:\Windows\System\AttAXTo.exe
  C:\Windows\System\AttAXTo.exe
  2⤵
  PID:8400
- C:\Windows\System\PCknejy.exe
  C:\Windows\System\PCknejy.exe
  2⤵
  PID:9228
- C:\Windows\System\oAuFtmo.exe
  C:\Windows\System\oAuFtmo.exe
  2⤵
  PID:9248
- C:\Windows\System\riVIwVZ.exe
  C:\Windows\System\riVIwVZ.exe
  2⤵
  PID:9296
- C:\Windows\System\jpXzQYv.exe
  C:\Windows\System\jpXzQYv.exe
  2⤵
  PID:9316
- C:\Windows\System\YidEcKP.exe
  C:\Windows\System\YidEcKP.exe
  2⤵
  PID:9340
- C:\Windows\System\CoVWDtL.exe
  C:\Windows\System\CoVWDtL.exe
  2⤵
  PID:9364
- C:\Windows\System\cZrmvSA.exe
  C:\Windows\System\cZrmvSA.exe
  2⤵
  PID:9400
- C:\Windows\System\CnKhcrG.exe
  C:\Windows\System\CnKhcrG.exe
  2⤵
  PID:9416
- C:\Windows\System\NTdrPWZ.exe
  C:\Windows\System\NTdrPWZ.exe
  2⤵
  PID:9432
- C:\Windows\System\FbqYfVs.exe
  C:\Windows\System\FbqYfVs.exe
  2⤵
  PID:9448
- C:\Windows\System\SaBRROl.exe
  C:\Windows\System\SaBRROl.exe
  2⤵
  PID:9464
- C:\Windows\System\ZoTxvrk.exe
  C:\Windows\System\ZoTxvrk.exe
  2⤵
  PID:9480
- C:\Windows\System\EgGTwkX.exe
  C:\Windows\System\EgGTwkX.exe
  2⤵
  PID:9496
- C:\Windows\System\acCjwcy.exe
  C:\Windows\System\acCjwcy.exe
  2⤵
  PID:9512
- C:\Windows\System\pIxDdYj.exe
  C:\Windows\System\pIxDdYj.exe
  2⤵
  PID:9528
- C:\Windows\System\diRNFie.exe
  C:\Windows\System\diRNFie.exe
  2⤵
  PID:9552
- C:\Windows\System\ckLtScD.exe
  C:\Windows\System\ckLtScD.exe
  2⤵
  PID:9568
- C:\Windows\System\kPZYTdt.exe
  C:\Windows\System\kPZYTdt.exe
  2⤵
  PID:9584
- C:\Windows\System\SlyWFWJ.exe
  C:\Windows\System\SlyWFWJ.exe
  2⤵
  PID:9600
- C:\Windows\System\JxgXkPz.exe
  C:\Windows\System\JxgXkPz.exe
  2⤵
  PID:9616
- C:\Windows\System\YfxtrEK.exe
  C:\Windows\System\YfxtrEK.exe
  2⤵
  PID:9632
- C:\Windows\System\STrPGch.exe
  C:\Windows\System\STrPGch.exe
  2⤵
  PID:9648
- C:\Windows\System\nCXoFDe.exe
  C:\Windows\System\nCXoFDe.exe
  2⤵
  PID:9664
- C:\Windows\System\EvIbvTb.exe
  C:\Windows\System\EvIbvTb.exe
  2⤵
  PID:9680
- C:\Windows\System\xRurhEZ.exe
  C:\Windows\System\xRurhEZ.exe
  2⤵
  PID:9696
- C:\Windows\System\CGvNGEI.exe
  C:\Windows\System\CGvNGEI.exe
  2⤵
  PID:9720
- C:\Windows\System\qLqowqU.exe
  C:\Windows\System\qLqowqU.exe
  2⤵
  PID:9748
- C:\Windows\System\UkvgXZm.exe
  C:\Windows\System\UkvgXZm.exe
  2⤵
  PID:9768
- C:\Windows\System\UwjftOA.exe
  C:\Windows\System\UwjftOA.exe
  2⤵
  PID:9796
- C:\Windows\System\LQiHBmG.exe
  C:\Windows\System\LQiHBmG.exe
  2⤵
  PID:9832
- C:\Windows\System\ZJTsPZM.exe
  C:\Windows\System\ZJTsPZM.exe
  2⤵
  PID:9868
- C:\Windows\System\uFxoLLV.exe
  C:\Windows\System\uFxoLLV.exe
  2⤵
  PID:9896
- C:\Windows\System\DQdODlR.exe
  C:\Windows\System\DQdODlR.exe
  2⤵
  PID:9920
- C:\Windows\System\VsLASYd.exe
  C:\Windows\System\VsLASYd.exe
  2⤵
  PID:9956
- C:\Windows\System\iQuXmCs.exe
  C:\Windows\System\iQuXmCs.exe
  2⤵
  PID:9988
- C:\Windows\System\sCFMFYi.exe
  C:\Windows\System\sCFMFYi.exe
  2⤵
  PID:10008
- C:\Windows\System\bBJBsFV.exe
  C:\Windows\System\bBJBsFV.exe
  2⤵
  PID:10024
- C:\Windows\System\xtzIYFv.exe
  C:\Windows\System\xtzIYFv.exe
  2⤵
  PID:10052
- C:\Windows\System\QWXvxEJ.exe
  C:\Windows\System\QWXvxEJ.exe
  2⤵
  PID:10072
- C:\Windows\System\CbXmRtz.exe
  C:\Windows\System\CbXmRtz.exe
  2⤵
  PID:10088
- C:\Windows\System\gPLETYH.exe
  C:\Windows\System\gPLETYH.exe
  2⤵
  PID:10116
- C:\Windows\System\BZBVBYK.exe
  C:\Windows\System\BZBVBYK.exe
  2⤵
  PID:10136
- C:\Windows\System\tMFBeZg.exe
  C:\Windows\System\tMFBeZg.exe
  2⤵
  PID:10164
- C:\Windows\System\zYdrETg.exe
  C:\Windows\System\zYdrETg.exe
  2⤵
  PID:10180
- C:\Windows\System\vbhJCXm.exe
  C:\Windows\System\vbhJCXm.exe
  2⤵
  PID:10196
- C:\Windows\System\KIreefx.exe
  C:\Windows\System\KIreefx.exe
  2⤵
  PID:10220
- C:\Windows\System\uoEktpt.exe
  C:\Windows\System\uoEktpt.exe
  2⤵
  PID:7244
- C:\Windows\System\wqNkaDB.exe
  C:\Windows\System\wqNkaDB.exe
  2⤵
  PID:9256
- C:\Windows\System\KHMzoWj.exe
  C:\Windows\System\KHMzoWj.exe
  2⤵
  PID:9292
- C:\Windows\System\xslaLRj.exe
  C:\Windows\System\xslaLRj.exe
  2⤵
  PID:9336
- C:\Windows\System\GUBFfuk.exe
  C:\Windows\System\GUBFfuk.exe
  2⤵
  PID:8900
- C:\Windows\System\UpBEKgm.exe
  C:\Windows\System\UpBEKgm.exe
  2⤵
  PID:9244
- C:\Windows\System\bVFrrox.exe
  C:\Windows\System\bVFrrox.exe
  2⤵
  PID:9312
- C:\Windows\System\pNWHyfu.exe
  C:\Windows\System\pNWHyfu.exe
  2⤵
  PID:9424
- C:\Windows\System\SvNLarG.exe
  C:\Windows\System\SvNLarG.exe
  2⤵
  PID:9444
- C:\Windows\System\vGDmebI.exe
  C:\Windows\System\vGDmebI.exe
  2⤵
  PID:9492
- C:\Windows\System\YmZyLlM.exe
  C:\Windows\System\YmZyLlM.exe
  2⤵
  PID:9524
- C:\Windows\System\fPeMHnD.exe
  C:\Windows\System\fPeMHnD.exe
  2⤵
  PID:9576
- C:\Windows\System\TtpgaHQ.exe
  C:\Windows\System\TtpgaHQ.exe
  2⤵
  PID:9624
- C:\Windows\System\HIXGBIt.exe
  C:\Windows\System\HIXGBIt.exe
  2⤵
  PID:9640
- C:\Windows\System\HgNYzXj.exe
  C:\Windows\System\HgNYzXj.exe
  2⤵
  PID:9688
- C:\Windows\System\JxRYMlR.exe
  C:\Windows\System\JxRYMlR.exe
  2⤵
  PID:9708
- C:\Windows\System\nFiqEXo.exe
  C:\Windows\System\nFiqEXo.exe
  2⤵
  PID:9544
- C:\Windows\System\dAApUtR.exe
  C:\Windows\System\dAApUtR.exe
  2⤵
  PID:9784
- C:\Windows\System\qTTBWap.exe
  C:\Windows\System\qTTBWap.exe
  2⤵
  PID:9396
- C:\Windows\System\TyDySjk.exe
  C:\Windows\System\TyDySjk.exe
  2⤵
  PID:9860
- C:\Windows\System\wdMFRKs.exe
  C:\Windows\System\wdMFRKs.exe
  2⤵
  PID:9812
- C:\Windows\System\UAswQyU.exe
  C:\Windows\System\UAswQyU.exe
  2⤵
  PID:9884
- C:\Windows\System\KtgQDxg.exe
  C:\Windows\System\KtgQDxg.exe
  2⤵
  PID:9916
- C:\Windows\System\EGcXQoE.exe
  C:\Windows\System\EGcXQoE.exe
  2⤵
  PID:9976
- C:\Windows\System\cTcdRXF.exe
  C:\Windows\System\cTcdRXF.exe
  2⤵
  PID:9952
- C:\Windows\System\fkHhBmq.exe
  C:\Windows\System\fkHhBmq.exe
  2⤵
  PID:10000
- C:\Windows\System\Nthkjfv.exe
  C:\Windows\System\Nthkjfv.exe
  2⤵
  PID:10068
- C:\Windows\System\jToOrmK.exe
  C:\Windows\System\jToOrmK.exe
  2⤵
  PID:10048
- C:\Windows\System\waAdend.exe
  C:\Windows\System\waAdend.exe
  2⤵
  PID:10080
- C:\Windows\System\uXrGmYS.exe
  C:\Windows\System\uXrGmYS.exe
  2⤵
  PID:10124
- C:\Windows\System\NvxQtVY.exe
  C:\Windows\System\NvxQtVY.exe
  2⤵
  PID:10152
- C:\Windows\System\HXnDPWW.exe
  C:\Windows\System\HXnDPWW.exe
  2⤵
  PID:9828
- C:\Windows\System\idRGcjk.exe
  C:\Windows\System\idRGcjk.exe
  2⤵
  PID:10172
- C:\Windows\System\PTjtBWl.exe
  C:\Windows\System\PTjtBWl.exe
  2⤵
  PID:10208
- C:\Windows\System\lmfeCMG.exe
  C:\Windows\System\lmfeCMG.exe
  2⤵
  PID:9272
- C:\Windows\System\BEyIIqE.exe
  C:\Windows\System\BEyIIqE.exe
  2⤵
  PID:9284
- C:\Windows\System\DLXDVHt.exe
  C:\Windows\System\DLXDVHt.exe
  2⤵
  PID:9380
- C:\Windows\System\gMkFgqS.exe
  C:\Windows\System\gMkFgqS.exe
  2⤵
  PID:9392
- C:\Windows\System\NlGmovP.exe
  C:\Windows\System\NlGmovP.exe
  2⤵
  PID:9440
- C:\Windows\System\HdGxjfT.exe
  C:\Windows\System\HdGxjfT.exe
  2⤵
  PID:9488
- C:\Windows\System\OlqkaCr.exe
  C:\Windows\System\OlqkaCr.exe
  2⤵
  PID:9508
- C:\Windows\System\JxDVGrk.exe
  C:\Windows\System\JxDVGrk.exe
  2⤵
  PID:9596
- C:\Windows\System\DqaGVax.exe
  C:\Windows\System\DqaGVax.exe
  2⤵
  PID:9672
- C:\Windows\System\EJCoioe.exe
  C:\Windows\System\EJCoioe.exe
  2⤵
  PID:9840
- C:\Windows\System\KIMShQG.exe
  C:\Windows\System\KIMShQG.exe
  2⤵
  PID:9656
- C:\Windows\System\eeBYtep.exe
  C:\Windows\System\eeBYtep.exe
  2⤵
  PID:9892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGqfcLU.exe

Filesize
6.0MB

MD5
4d4af50c1a790901b1e7d82412499f4e

SHA1
711c04df8abd4bc3d055b45428d7c97425a81c65

SHA256
886a328862fd9f26259a7f239c6d6b2acd844bc06bd4570b28f765c7b5baf040

SHA512
f7681a635e3e00711e0e657da78240bbc79b83be6a634871a961629ce01d936fec24feca219937415c3ed3709dd14caa5d596db2345f4d11553640a4fec561ef

Download Submit
C:\Windows\system\BQsxerO.exe

Filesize
6.0MB

MD5
bccd1c3f18361c73abaf589ca765a418

SHA1
9e5266686ab0ee6ecdccb908d7b7e969ce9e625a

SHA256
a9002731a30541d1b9dd58ed9ccca99a59b989db67073b6f5bfbf212b89aa000

SHA512
7b963904d7f5212681d80a323069debe4f29d4c50899f807eafdc576f126e76d921d06c52b03ebcab10d8f2a5e6d637a4c1fb5636ef20cbc191ece4a47ec21ac

Download Submit
C:\Windows\system\CUgteyo.exe

Filesize
6.0MB

MD5
8f2fdd9c5a5d19f93a985325d4b95cdf

SHA1
5b3f1f8a83f5784a4c04c6c1280eca9b06d6f64b

SHA256
703fdf6de163ed08982172bf6d2aebee2d8c2bb5e4d5c16516805b2b161bebe9

SHA512
c74b4c749895716c649a5c83c914a38692c84b20ca41daa6aca49e2dac4e706bd369b206440812721deda8baefe6221bdc3eb91051d28b8ef317b2c4da82cabb

Download Submit
C:\Windows\system\JiiakNc.exe

Filesize
6.0MB

MD5
0131999b8bbf3179941301336ab74a7e

SHA1
608e2b4d824f6f4cb254a0fb9a748ec792071690

SHA256
0a8bd8bf48cb9d11319e899f52f23a724f812815d872fa2f4a986af8dc9f382c

SHA512
24fb0331cd3974f4c88994aeca1c627929a00fcc9fa3d0d1346572cc197e0bd9ac9feaf0aabc9bdc529751e3f5204a63d01314a0ddb5b1f1252764bdc0bb75a9

Download Submit
C:\Windows\system\Jtgexch.exe

Filesize
6.0MB

MD5
9947b4822ece882595ed94289d0ee6ec

SHA1
966c8c2fd5780f776403cfc1aa80cf3c494dae94

SHA256
08d23d9e417dacb54e74674e2121cc83b844e8037b223eb8593efe42d7b9fa80

SHA512
63185d595690fdc0b86cc69e73d216edf73b92556f4b7145c9156df5f27769e407957e5fcbf54fdf44199f82f5949b4337833f4878f123f8790eb9a06f05b74e

Download Submit
C:\Windows\system\MpXdIcY.exe

Filesize
6.0MB

MD5
738a694d7dd0e3c7b7bb8d48e36f4e63

SHA1
ff0e217ac7e72d380f7bcae0b67bc19a3f4df3e2

SHA256
52c0f76aa949cb78d477797e93adb76ed293ced7980a4569c6b1994702fbc9c4

SHA512
fae202b854fe90bd8cd0d5c2d0d191f6fa828d3cb89b09489052b8ad6db2db57bda0e14312fe023e8ac980cb636c40f14fdd5f7a06eff28600959dbf873eee61

Download Submit
C:\Windows\system\NRpMavr.exe

Filesize
6.0MB

MD5
cec0daa9790faeb737a9dd3097c564e7

SHA1
beb1f434adf07631cc367d9ca7d3f331591fd699

SHA256
c917adb0bc519c2d607c089b3af321e86c569f824de7bbe7fc3509bd61dedae2

SHA512
549a4885cd6fa7e8fd941c8c65bc4e55a76c3efb33b11200a74f6019efb9d60f4acb368ff3239863c939385ec7bd9d3ea395773b9aa37edf79e1116f72a20c80

Download Submit
C:\Windows\system\NncXCdh.exe

Filesize
6.0MB

MD5
df1e5df7758da639fcb049bcb5873b54

SHA1
4d1adbecf09afb3279addbd6830e603e37849b4c

SHA256
99a68ad89028f1c0cf1d6d6008fbcfa114fe53c45fa0cdae5d2bc21d1ff5af39

SHA512
50798ed3857105a54a3052864d54798f3cebfa6f7db72b6c09f34b67b7daba85d94abf64f69d7c04fcc1f3f0276e63e3c15cbcbc687c4a6ff0449d2f8507aadb

Download Submit
C:\Windows\system\PXJoTUZ.exe

Filesize
6.0MB

MD5
69a9c67b44f8295c3d32eae75c5ed632

SHA1
11584b0c231ea476ea6b15098701271793059664

SHA256
ae058004c7d25eb5523c998cd5668f748f868638f6c3b811a664b14adfca318c

SHA512
977920b53b148fd7d33191969a262bfe0e15b33f044e607c342775ed580e2d1e13a890aec073657202c9b75960afaaf46815fa4bb77274360320da8bddf5e4e6

Download Submit
C:\Windows\system\RSENIxI.exe

Filesize
6.0MB

MD5
3031189c580e91ca9fe49820f536cb86

SHA1
dbae866006569a86f9e310abb4dd66014f58b166

SHA256
27c1cc025721649abc063fbbb3d1151bf8b8ce5e0f8ac73286ac5a3f1ff3c847

SHA512
e079d1bbac67e4673b12e525eb27cff61a6220e7f542e2ae39163d7452088feb6353153c6cbe7367209488bebe87a81312e8cba059911a549176a90e2571c2c1

Download Submit
C:\Windows\system\WCJHeYC.exe

Filesize
6.0MB

MD5
d1e0305cbd370f0feabcecf378a7197e

SHA1
131c71d725d754ef6a4d22c838baa3b3064d34c4

SHA256
38bc4c8dc95326ac74579a315f40e1e4e851249f3a31a5c126fd7990e93f7f5a

SHA512
8dcf3b310a51d5f985f6d3a42e4021272f680e2f392a0861306df71f75acd72dea5ba93b017edb7c0bfbede3da1353e5245b6c5ba21599f7980cee657897bcf3

Download Submit
C:\Windows\system\WjNkvBw.exe

Filesize
6.0MB

MD5
0f2e3c77fa615992681d987d3bf8ce46

SHA1
67a11933ec1535c78ec7d75151c72d4c18dbe235

SHA256
e84a44e21cbe176da3ec109d94cffd55cd29fd129f13c8d56503a073c5b60824

SHA512
b326ee89c8f28358e02eb3a0399f30917e9235bbea5828bc1b93f25ce45ff5c44ebe4519a592ab899d97e18fdfc2be5fa5fa3ffe0af834c25722832e66c69d8e

Download Submit
C:\Windows\system\XrnADrr.exe

Filesize
6.0MB

MD5
909f5e88caa9871515d95d7e9d163754

SHA1
caa1f666064eaa4cfbca4613c33aac0c99d19571

SHA256
02151c89d39678bda25526515cfce00d838c5725501715e378ccdb31bd77d34b

SHA512
fc003a9d375f5a5de0bd6674fc37f67f620754a40c46b089b735e95d183e2add91b8d3b78790a6b7d9ba4bfebdeec8fce487e19ad607a72952406d6146368147

Download Submit
C:\Windows\system\ZDvPsPB.exe

Filesize
6.0MB

MD5
a1ca78c32c7ce65ff427f34fb84c04dc

SHA1
37e8e80c908b8cb4971626e08844c676714fdee4

SHA256
f25c95dc78b7f6c12475547dfe0401fe6c6f0fe0fc4870c2959bf07564a18e8d

SHA512
bd09505023a64290a370b227b05c025b8aebd25da6290c5f2a5a72314132b65e713c6339bb8ab209304a726a2302dc6eac9bc10dd6818c9a361be1c6d0375d9c

Download Submit
C:\Windows\system\ZcAxEHR.exe

Filesize
6.0MB

MD5
aa99c3da47fef67b52d85936d32ac0f7

SHA1
6e3c8e49df1f8097e25a5b205cc17b9e297572be

SHA256
0bab074a26bd62908882be9876110091c378760cb6d896b9892f1edf7fadd679

SHA512
a8a6fb294a23ef4cebeb7e304e38106232c15d59f4ad3a08e9d32e6062f2ac80b363ec69b8affb049c7f33211985679b431a270f4efe8dd2fa6d371bb783479f

Download Submit
C:\Windows\system\aoTXgir.exe

Filesize
6.0MB

MD5
5e9036bab1734b263ec7ed289dd4a382

SHA1
a7122807e4f21c92571d398bef39bc492a6c6318

SHA256
b44057657bfac28789b0e4bec532d40c54ac6a5365f40dff034cbcd95a2131cd

SHA512
d308ed976a244efd1fe987f16367c90d84dd02e842b42d2149f9061c998931c2861ab5f6894bac8acdd7aaba1e7c5fad3594d7dc3052f43fb28ca1f8afd82115

Download Submit
C:\Windows\system\bfikVYi.exe

Filesize
6.0MB

MD5
06a808f398e60899c3d3d37f3cc8d4d1

SHA1
6b25290c1abea0c0a2cbcc385c6cf6992a72587d

SHA256
354b6dcf91801edae9846a2c18767fc7560ec6ac4e02d58657ec4a765ce77421

SHA512
a568959519d06e7e8a63791ae48975e27d1d7e48edfa67e375850f448ab434738ed73d52da2e8ecb6d478ea87f99bab7312c1677f7d708dd62ad6b82482af70b

Download Submit
C:\Windows\system\hwfRAGc.exe

Filesize
6.0MB

MD5
a7405013663276fbe8eda15de420eb1b

SHA1
c6b426ea08d14c466aff2096aeeced2a36010fcc

SHA256
40eb633986f1bd0bc153661f51bdf2a0a7702cf36c2cf70c407125b75b8023f6

SHA512
ae4f7affcb9004efc36d50ea88d4bf5c2dbcdfab1afc63a5989163cb9c6b118b31f3d0041026621c54c8a97854aed0996c4c48335fe41e7a48027b16a9d9e068

Download Submit
C:\Windows\system\jdPaStP.exe

Filesize
6.0MB

MD5
18e1fd10ed9cdfd9412c0f9baf7d182f

SHA1
dfc07ed5208923ee15f06a9c33d27a199775110b

SHA256
c0ffd541f314dab94443a7ac75a2d6f7237c0e2c4288bc42aa47b00a28b3de74

SHA512
791d3441915dc6ebfc051297a9f225e919c9f05339161decdcd654507668576659a7e2f75d4b3a53629594f7e7cca4822fb775b0f283572c2efedfedf8785767

Download Submit
C:\Windows\system\lSTFyGN.exe

Filesize
8B

MD5
338fde68ae7dad6345c4ed67f5eeae08

SHA1
e27075153e543cd3aadd16044aaa8953be280bac

SHA256
eabac93986cc662d95c9ce1e7d66a47d211f822f2107fbf6b0f3254e13aefe02

SHA512
5274b072a8ff1840ef85ea16f6e28edf3b5d70d825dbe9f599c13ba172c7f168366f2095597819fa7d68b30cdecf4e71c6928ae607be7a8a82e62143e0309a4a

Download Submit
C:\Windows\system\orXHZPi.exe

Filesize
6.0MB

MD5
b84ee284b3d6866dc5b0a4dcb285dd45

SHA1
add1b749277bdde7077424ce035835bf960afdd9

SHA256
ac07e451b4e83ed7a3dc12f2e53711bb33194ce07e7fecbb2a11f5bc9ed0c238

SHA512
8111aa69e285c2158ee15650fcab5858247e971ce14263ac4d15a0cd0f689f4a69abd7af51a7270ac8775c0423d26f9fa770aa93b49fb593600991608ab29f84

Download Submit
C:\Windows\system\rXifIQB.exe

Filesize
6.0MB

MD5
a16b4845b52ab93ed01ebc0a46df9566

SHA1
09444675fb66556167a6d3765057d27d7d15bb14

SHA256
0f713ace1e4dd4bbc6da81b7ad14383d68cb10558123c6646250a5075233d15c

SHA512
7fcb30e11115f06d0697fd3418f37659bde2ab1eba6556b39b3b1b57fb9740a850ad62f131f12ca17b2de5f3e72fdc4cb75510210f8aacfd3c5473fe46184d67

Download Submit
C:\Windows\system\rZSIoMl.exe

Filesize
6.0MB

MD5
fc3d7efb9fb43d82af29e79ef9752ae2

SHA1
2f8edf3e6d87f878076a1b822e4b20d7f61f8f82

SHA256
1a9be6c7d0a02dd8e0b5c9dc13580f979724249a80d08e8f40e23e169d7c0413

SHA512
f3a31cad0896b0c3c44fb033c4751631bbfc1e6aa9647ab715ed5d57ebda4a0416705387d32236c951aca48a8e3247f113046b19778b334164ee381fd42c1791

Download Submit
C:\Windows\system\temHIOq.exe

Filesize
6.0MB

MD5
d9ea9f8a0df4baded03cd01ddde4dd27

SHA1
bac9bd64e3b1d335c9dabbb51403aab696506229

SHA256
adb98522fea453323f2dfac794ad8d0a49ced2c160efe550775c79125a965940

SHA512
c446d62b3e6144151fc996d3c5fdeed47e04d16f7e427c146432d846ae02682d9a4b733d15a8401cd308e35b8fddbbcf91e8f2b8dd836d4740e61b215691c7d7

Download Submit
C:\Windows\system\wDjxyde.exe

Filesize
6.0MB

MD5
3e26272c3da989f704b6d54c059e6c44

SHA1
2ebafe16a66e3b16f86066d4dac382226e999600

SHA256
6f386824beb45d9b45c7c3e95e4a974ec219eb64d0f125a860eadbbff13f7b20

SHA512
a39dd45766a1fe3d640019b3561dfdc3b39baba8ff997cb11874249c1123c54c4151facc921dc77744ca7d0826494fb530061121f95fad0c41ad63b661a4fef9

Download Submit
C:\Windows\system\wQzXLph.exe

Filesize
6.0MB

MD5
c0db4bd8968be075b92f5a7c6a6dbeae

SHA1
52142806b0aee9af4c2e9aba92639a1f21b3981b

SHA256
d481c99f9dcfa369987038cc142db0b8e8bb697f84212c69bb251ce8cb60d5be

SHA512
82e0579e5329db989b3512d8b95165e3212d9fe2bbba99abafa659a8e850a11da910fb0d100d296e5bcebd2f93e1991f6b8bebee0e452a64904d56c1ec5d02c5

Download Submit
C:\Windows\system\wVFWKlV.exe

Filesize
6.0MB

MD5
5a7b0c5983700f65f84e09f005d54279

SHA1
92689313600bb48ce99dc024c4c34ea61a432cce

SHA256
9cd8b2cdd8e289acb9e7ec54766f183a8f07fe1782299be861814e7a8fa3bc3d

SHA512
808665a0707649d9779d95e42d8135bf117a269fd848bcd74646dfbd818fd2183d8debfe86b2d50a9cca47d0fa1d762080abffe87d593b2708e8e25c0565f763

Download Submit
C:\Windows\system\yBcrFAm.exe

Filesize
6.0MB

MD5
13b7a7a49f0503271d6e6ddb84339cf4

SHA1
e9b71a16f6d702693456092274761b2c2422eb47

SHA256
44e4d08f7438f19fc3bdd933ff4363407b9242ea377fe3a453f48741ce28b0ef

SHA512
bf95c657d64ab61a4268d740128237ecbd762d015d588f088149f0bb021d5ee09e7a03b804614fe038c990d37b7f2c37fa4010fed6c487c8a632d0ac9e7f1bb6

Download Submit
C:\Windows\system\ynIOZxQ.exe

Filesize
6.0MB

MD5
f699687cf6c036f8be3f99a2be7671d6

SHA1
780030f9fa7775e796f6aeef805204e23d24a04a

SHA256
be925460b8813598b09b4eceae47cb74311d6259749af80799f313bccd3a23c8

SHA512
f36eb280ca130b3c42e2947e9f8b148dca1d83a5b101e2c85759e37c930017bd8bc60e911316dd3cfd81eeeacc4aebc541f70460f39e132e2c08fbd98c825186

Download Submit
\Windows\system\DOdhfFF.exe

Filesize
6.0MB

MD5
79e1cd75e362f6fa4d5f064acfac07e2

SHA1
f1cf718c15567391c310a68b741c4d92912c2a02

SHA256
8e740c002e2ffb4a8bf12773573c028371f5e1d9c598937f52fc867d939d8a3b

SHA512
2ff3112f6313fee8c436152457be168442bde23207c3350557da2892add3f0a8642920ca169360212f377af981c935b57179342099e68a8b38d06222ab8fbda2

Download Submit
\Windows\system\MHbqwDp.exe

Filesize
6.0MB

MD5
d546108819e5c7b350ff9ad1da73cfbe

SHA1
36acea379414f72f140b255bad5d7d6117203949

SHA256
84f62bd35875fbe05d5a4350da4097af6f0071818c1649930b56a425285608fd

SHA512
64036baa0768812a1b5200b7143fd6838e708bd86a7a7c798c7587dc19fc999ef69d321729c227c61aad702bb12532e70d636cba53c0267e0c5c71ba95d1a216

Download Submit
\Windows\system\TfbUSsk.exe

Filesize
6.0MB

MD5
9a6e7fe1f07ec61dcf845c0480f4ad6c

SHA1
9339669883be31f6d7d74943bd5709456eadbe44

SHA256
436307344f98925a2d44e9c3ac271c687ca5ab1a0015e9a0bb3efb9db6eb7893

SHA512
7db432d19111edaaa79f2190bba6563a6b4c5ccb89bce1f99a2721cab435322b572e5200104ceff1dcba7967d154aaba4728d7917b6947b4e4408639f4c28d49

Download Submit
\Windows\system\YubxOPF.exe

Filesize
6.0MB

MD5
50a26030db6a8de9162fca9ba92e1005

SHA1
b9c35eaaa81765b9a3ad4f17618255c4f1f9e37a

SHA256
45ad99ef71ed820e219f9fbcce8a2b696885f5db3644b96c0fb73e51547c73e9

SHA512
9fce1eb891b0ca5a425fad7248507d7b80093e8c08ae3437d47d4f84687a7331f55c8c3e2d0df338b2ad0e29c9b9d4e4ec060006ef4600ee9adb3fed4d906ae7

Download Submit
memory/1224-57-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-2883-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1412-1440-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2971-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-75-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2200-2968-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2316-83-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2316-50-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2283-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2282-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2316-2362-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2462-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2465-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2361-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1399-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1376-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2316-58-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2316-6-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-52-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-67-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2316-71-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-73-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2281-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-49-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-69-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2316-0-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2316-81-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1396-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1446-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2218-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2183-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1962-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2596-2921-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2596-74-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2668-82-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2668-2963-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2684-51-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2964-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2684-2278-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2214-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-9-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2922-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-60-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2915-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2924-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2744-70-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2788-2978-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1392-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2905-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2864-72-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2880-79-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2875-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-68-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2898-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1370-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2984-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download