cobaltstrike | 36fca1ee7efdb2dfad4d87e18f04ec62892df9e23ce4ef2565df2a4c7e4e3a83

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0efbfe4ab5e5fc25774979ae12d46fbc
SHA1

b03be1e445224afad67826a3da0a965b025be57a
SHA256

36fca1ee7efdb2dfad4d87e18f04ec62892df9e23ce4ef2565df2a4c7e4e3a83
SHA512

41baf9fd5c33f47dab2cb246915f9c0c8e19c88a66ce49fdf9f2e678048cde29a9c568778800d807583f4498ddce86b56b21eb07be4b46abdeddd2a3f897ed99
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226a-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191f3-13.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191f7-9.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019234-28.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019229-25.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001924c-37.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001926b-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018690-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019271-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-73.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2536-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226a-3.dat	xmrig
behavioral1/files/0x00070000000191f3-13.dat	xmrig
behavioral1/memory/1848-15-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2088-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000191f7-9.dat	xmrig
behavioral1/memory/916-22-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019234-28.dat	xmrig
behavioral1/files/0x0006000000019229-25.dat	xmrig
behavioral1/files/0x000600000001924c-37.dat	xmrig
behavioral1/memory/2708-41-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2868-44-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/1808-34-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000800000001926b-45.dat	xmrig
behavioral1/memory/2684-52-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018690-53.dat	xmrig
behavioral1/memory/2432-58-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2536-51-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/1848-60-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0007000000019271-64.dat	xmrig
behavioral1/files/0x0005000000019539-68.dat	xmrig
behavioral1/files/0x000500000001961b-78.dat	xmrig
behavioral1/files/0x000500000001961d-81.dat	xmrig
behavioral1/files/0x000500000001961f-88.dat	xmrig
behavioral1/files/0x0005000000019625-109.dat	xmrig
behavioral1/files/0x0005000000019627-114.dat	xmrig
behavioral1/files/0x0005000000019db5-177.dat	xmrig
behavioral1/memory/2576-890-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2796-973-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2708-1212-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2536-2185-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2536-2377-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2536-2389-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2432-1988-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1808-976-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/916-975-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2536-958-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2628-957-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1264-942-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2536-921-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2392-920-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2680-899-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d54-173.dat	xmrig
behavioral1/files/0x0005000000019c63-163.dat	xmrig
behavioral1/files/0x0005000000019d2d-168.dat	xmrig
behavioral1/files/0x0005000000019c4a-158.dat	xmrig
behavioral1/files/0x0005000000019c48-154.dat	xmrig
behavioral1/files/0x0005000000019c43-148.dat	xmrig
behavioral1/files/0x000500000001998a-143.dat	xmrig
behavioral1/files/0x00050000000196f6-138.dat	xmrig
behavioral1/files/0x00050000000196be-133.dat	xmrig
behavioral1/files/0x0005000000019639-123.dat	xmrig
behavioral1/files/0x000500000001967d-128.dat	xmrig
behavioral1/files/0x0005000000019629-118.dat	xmrig
behavioral1/files/0x0005000000019623-103.dat	xmrig
behavioral1/files/0x0005000000019621-99.dat	xmrig
behavioral1/files/0x0005000000019620-94.dat	xmrig
behavioral1/files/0x00050000000195e4-73.dat	xmrig
behavioral1/memory/1848-3726-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1808-3759-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2868-3756-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2432-3794-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/916-3785-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2708-3765-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2088	udNtTih.exe
1848	lEtbRHr.exe
916	AwgThbb.exe
1808	OMxIRWh.exe
2708	NdklYVg.exe
2868	OHSQQhs.exe
2684	mXAaeWm.exe
2432	qonnVey.exe
2576	RXysKdx.exe
2680	sCpzSaj.exe
2392	lqQUDib.exe
1264	TuJxozD.exe
2628	YMGnElH.exe
2796	ASBHBcB.exe
324	xYZSsof.exe
788	hUKRbVM.exe
1704	wScmhEN.exe
1820	iPGazTc.exe
568	DdHhFto.exe
1680	bIBvvwx.exe
1508	BFKXiEE.exe
1912	STSmLIx.exe
2908	GQfxzzx.exe
2920	gGpDuIf.exe
3068	ozJGEYA.exe
2380	aOVmncl.exe
1312	RamyYqL.exe
2388	WaArXgh.exe
280	ijRRcgp.exe
1144	uPnCDhp.exe
2992	WmrNOhv.exe
1924	cBqVwhY.exe
1348	BRDBkUK.exe
952	xFtLMGr.exe
2512	LWCAZtB.exe
2116	pKxfLHi.exe
1740	OQTyvhT.exe
920	flLNKEn.exe
2364	kkkAptO.exe
1776	VTcMKSo.exe
2008	hMwfxbm.exe
1528	nDpVoZL.exe
1188	maYiGUA.exe
2172	LnXuVFt.exe
2152	jCKrqcx.exe
2244	XOEjrsN.exe
560	tJzSkJR.exe
2056	XBoTkWZ.exe
1788	ZCpiEvo.exe
2516	choIZmt.exe
676	BRAhJMw.exe
2464	KYKTprF.exe
544	xQQFxsF.exe
2248	BDrMTYP.exe
1556	dHJlcja.exe
1588	etPiujB.exe
1988	ugkszdL.exe
2652	cqPoMKX.exe
2700	RQYEaHR.exe
2164	QrquHtm.exe
2884	cOfDlfw.exe
2600	yxgqmSl.exe
3052	MAIRFnz.exe
2956	miEoBmi.exe

Loads dropped DLL 64 IoCs

pid	Process
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2536-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x000c00000001226a-3.dat	upx
behavioral1/files/0x00070000000191f3-13.dat	upx
behavioral1/memory/1848-15-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2088-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2536-10-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x00070000000191f7-9.dat	upx
behavioral1/memory/916-22-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0006000000019234-28.dat	upx
behavioral1/files/0x0006000000019229-25.dat	upx
behavioral1/files/0x000600000001924c-37.dat	upx
behavioral1/memory/2708-41-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2868-44-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/1808-34-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000800000001926b-45.dat	upx
behavioral1/memory/2684-52-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0008000000018690-53.dat	upx
behavioral1/memory/2432-58-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2536-51-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/1848-60-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0007000000019271-64.dat	upx
behavioral1/files/0x0005000000019539-68.dat	upx
behavioral1/files/0x000500000001961b-78.dat	upx
behavioral1/files/0x000500000001961d-81.dat	upx
behavioral1/files/0x000500000001961f-88.dat	upx
behavioral1/files/0x0005000000019625-109.dat	upx
behavioral1/files/0x0005000000019627-114.dat	upx
behavioral1/files/0x0005000000019db5-177.dat	upx
behavioral1/memory/2576-890-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2796-973-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2708-1212-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2432-1988-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1808-976-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/916-975-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2628-957-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1264-942-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2392-920-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2680-899-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000019d54-173.dat	upx
behavioral1/files/0x0005000000019c63-163.dat	upx
behavioral1/files/0x0005000000019d2d-168.dat	upx
behavioral1/files/0x0005000000019c4a-158.dat	upx
behavioral1/files/0x0005000000019c48-154.dat	upx
behavioral1/files/0x0005000000019c43-148.dat	upx
behavioral1/files/0x000500000001998a-143.dat	upx
behavioral1/files/0x00050000000196f6-138.dat	upx
behavioral1/files/0x00050000000196be-133.dat	upx
behavioral1/files/0x0005000000019639-123.dat	upx
behavioral1/files/0x000500000001967d-128.dat	upx
behavioral1/files/0x0005000000019629-118.dat	upx
behavioral1/files/0x0005000000019623-103.dat	upx
behavioral1/files/0x0005000000019621-99.dat	upx
behavioral1/files/0x0005000000019620-94.dat	upx
behavioral1/files/0x00050000000195e4-73.dat	upx
behavioral1/memory/1848-3726-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/1808-3759-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2868-3756-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2432-3794-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/916-3785-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2708-3765-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2088-3817-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2684-3840-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1264-3853-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2796-3856-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GaBaSBj.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PutQbrq.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbeCEIt.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcDXThM.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFbdAIb.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMOTgnz.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmdWZAK.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmDAfet.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHLIgzV.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQinMOG.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwIZSeb.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBxUbcB.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swTauoq.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rozYutT.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkLxAoW.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqvWJyc.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsAdtrv.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYSczQq.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWIatXr.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwunFxB.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZYEhDq.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkVxRXG.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLzxGLS.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiCHRdb.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIAoJiW.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAkxlQB.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqzdLrP.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbUxUXl.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmMdUvD.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVaDcKo.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNknMuK.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBaRbzh.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxsZLSJ.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaPUzWZ.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNFEkQI.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZUvCOq.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVSuURQ.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZvjdUO.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNzJIIm.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHpZptT.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuHGehb.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrYgYul.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAppxfE.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjwxUee.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYSAGLy.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQsXzxu.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIeXefu.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohYrJjM.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZekuQl.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeMJkjk.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgEdLpw.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQYEaHR.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOFLSBu.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjbBXaK.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtoYxKE.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpZXbxs.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRxRkpe.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trHZrOi.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRrQjdb.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcFKpIG.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOriHiu.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQyxmhm.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsmsOvr.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdTqTvk.exe	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2088	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 2088	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 2088	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 1848	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 1848	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 1848	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 916	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 916	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 916	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 1808	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 1808	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 1808	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 2708	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 2708	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 2708	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 2868	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 2868	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 2868	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 2684	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 2684	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 2684	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 2432	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 2432	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 2432	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 2576	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 2576	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 2576	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 2680	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 2680	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 2680	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 2392	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 2392	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 2392	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 1264	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 1264	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 1264	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 2628	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 2628	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 2628	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 2796	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 2796	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 2796	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 324	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 324	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 324	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 788	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 788	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 788	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 1704	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 1704	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 1704	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 1820	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 1820	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 1820	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 568	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 568	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 568	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 1680	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2536 wrote to memory of 1680	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2536 wrote to memory of 1680	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2536 wrote to memory of 1508	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2536 wrote to memory of 1508	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2536 wrote to memory of 1508	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2536 wrote to memory of 1912	2536	2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_0efbfe4ab5e5fc25774979ae12d46fbc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\System\udNtTih.exe
  C:\Windows\System\udNtTih.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\lEtbRHr.exe
  C:\Windows\System\lEtbRHr.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\AwgThbb.exe
  C:\Windows\System\AwgThbb.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\OMxIRWh.exe
  C:\Windows\System\OMxIRWh.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\NdklYVg.exe
  C:\Windows\System\NdklYVg.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\OHSQQhs.exe
  C:\Windows\System\OHSQQhs.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\mXAaeWm.exe
  C:\Windows\System\mXAaeWm.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\qonnVey.exe
  C:\Windows\System\qonnVey.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\RXysKdx.exe
  C:\Windows\System\RXysKdx.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\sCpzSaj.exe
  C:\Windows\System\sCpzSaj.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\lqQUDib.exe
  C:\Windows\System\lqQUDib.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\TuJxozD.exe
  C:\Windows\System\TuJxozD.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\YMGnElH.exe
  C:\Windows\System\YMGnElH.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ASBHBcB.exe
  C:\Windows\System\ASBHBcB.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\xYZSsof.exe
  C:\Windows\System\xYZSsof.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\hUKRbVM.exe
  C:\Windows\System\hUKRbVM.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\wScmhEN.exe
  C:\Windows\System\wScmhEN.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\iPGazTc.exe
  C:\Windows\System\iPGazTc.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\DdHhFto.exe
  C:\Windows\System\DdHhFto.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\bIBvvwx.exe
  C:\Windows\System\bIBvvwx.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\BFKXiEE.exe
  C:\Windows\System\BFKXiEE.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\STSmLIx.exe
  C:\Windows\System\STSmLIx.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\GQfxzzx.exe
  C:\Windows\System\GQfxzzx.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\gGpDuIf.exe
  C:\Windows\System\gGpDuIf.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ozJGEYA.exe
  C:\Windows\System\ozJGEYA.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\aOVmncl.exe
  C:\Windows\System\aOVmncl.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\RamyYqL.exe
  C:\Windows\System\RamyYqL.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\WaArXgh.exe
  C:\Windows\System\WaArXgh.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\ijRRcgp.exe
  C:\Windows\System\ijRRcgp.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\uPnCDhp.exe
  C:\Windows\System\uPnCDhp.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\WmrNOhv.exe
  C:\Windows\System\WmrNOhv.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\cBqVwhY.exe
  C:\Windows\System\cBqVwhY.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\BRDBkUK.exe
  C:\Windows\System\BRDBkUK.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\xFtLMGr.exe
  C:\Windows\System\xFtLMGr.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\LWCAZtB.exe
  C:\Windows\System\LWCAZtB.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\pKxfLHi.exe
  C:\Windows\System\pKxfLHi.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\OQTyvhT.exe
  C:\Windows\System\OQTyvhT.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\flLNKEn.exe
  C:\Windows\System\flLNKEn.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\kkkAptO.exe
  C:\Windows\System\kkkAptO.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\VTcMKSo.exe
  C:\Windows\System\VTcMKSo.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\hMwfxbm.exe
  C:\Windows\System\hMwfxbm.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\nDpVoZL.exe
  C:\Windows\System\nDpVoZL.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\maYiGUA.exe
  C:\Windows\System\maYiGUA.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\LnXuVFt.exe
  C:\Windows\System\LnXuVFt.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\jCKrqcx.exe
  C:\Windows\System\jCKrqcx.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\XOEjrsN.exe
  C:\Windows\System\XOEjrsN.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\tJzSkJR.exe
  C:\Windows\System\tJzSkJR.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\XBoTkWZ.exe
  C:\Windows\System\XBoTkWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\ZCpiEvo.exe
  C:\Windows\System\ZCpiEvo.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\choIZmt.exe
  C:\Windows\System\choIZmt.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\BRAhJMw.exe
  C:\Windows\System\BRAhJMw.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\KYKTprF.exe
  C:\Windows\System\KYKTprF.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\xQQFxsF.exe
  C:\Windows\System\xQQFxsF.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\BDrMTYP.exe
  C:\Windows\System\BDrMTYP.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\dHJlcja.exe
  C:\Windows\System\dHJlcja.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\etPiujB.exe
  C:\Windows\System\etPiujB.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\ugkszdL.exe
  C:\Windows\System\ugkszdL.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\cqPoMKX.exe
  C:\Windows\System\cqPoMKX.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\RQYEaHR.exe
  C:\Windows\System\RQYEaHR.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\QrquHtm.exe
  C:\Windows\System\QrquHtm.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\cOfDlfw.exe
  C:\Windows\System\cOfDlfw.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\yxgqmSl.exe
  C:\Windows\System\yxgqmSl.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\MAIRFnz.exe
  C:\Windows\System\MAIRFnz.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\miEoBmi.exe
  C:\Windows\System\miEoBmi.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\tfKDLcJ.exe
  C:\Windows\System\tfKDLcJ.exe
  2⤵
  PID:1060
- C:\Windows\System\jsqMmDU.exe
  C:\Windows\System\jsqMmDU.exe
  2⤵
  PID:1560
- C:\Windows\System\UnGSLEK.exe
  C:\Windows\System\UnGSLEK.exe
  2⤵
  PID:1276
- C:\Windows\System\KjFkHrY.exe
  C:\Windows\System\KjFkHrY.exe
  2⤵
  PID:1404
- C:\Windows\System\zwOLDYP.exe
  C:\Windows\System\zwOLDYP.exe
  2⤵
  PID:2548
- C:\Windows\System\GfUUqbo.exe
  C:\Windows\System\GfUUqbo.exe
  2⤵
  PID:1516
- C:\Windows\System\CfbAqRj.exe
  C:\Windows\System\CfbAqRj.exe
  2⤵
  PID:2916
- C:\Windows\System\wybfIIN.exe
  C:\Windows\System\wybfIIN.exe
  2⤵
  PID:2660
- C:\Windows\System\LLsFrxR.exe
  C:\Windows\System\LLsFrxR.exe
  2⤵
  PID:2944
- C:\Windows\System\BTKBmTm.exe
  C:\Windows\System\BTKBmTm.exe
  2⤵
  PID:2224
- C:\Windows\System\guYDSbB.exe
  C:\Windows\System\guYDSbB.exe
  2⤵
  PID:1684
- C:\Windows\System\HXIAOhD.exe
  C:\Windows\System\HXIAOhD.exe
  2⤵
  PID:2984
- C:\Windows\System\YeQLKzx.exe
  C:\Windows\System\YeQLKzx.exe
  2⤵
  PID:376
- C:\Windows\System\pHEikGn.exe
  C:\Windows\System\pHEikGn.exe
  2⤵
  PID:936
- C:\Windows\System\FkrtkGO.exe
  C:\Windows\System\FkrtkGO.exe
  2⤵
  PID:1052
- C:\Windows\System\NtVmQVE.exe
  C:\Windows\System\NtVmQVE.exe
  2⤵
  PID:1936
- C:\Windows\System\aMOjzxT.exe
  C:\Windows\System\aMOjzxT.exe
  2⤵
  PID:908
- C:\Windows\System\LjZZbkR.exe
  C:\Windows\System\LjZZbkR.exe
  2⤵
  PID:588
- C:\Windows\System\DhpblyI.exe
  C:\Windows\System\DhpblyI.exe
  2⤵
  PID:2532
- C:\Windows\System\cWdAumA.exe
  C:\Windows\System\cWdAumA.exe
  2⤵
  PID:1068
- C:\Windows\System\RihZXJu.exe
  C:\Windows\System\RihZXJu.exe
  2⤵
  PID:596
- C:\Windows\System\wwjtkFn.exe
  C:\Windows\System\wwjtkFn.exe
  2⤵
  PID:1760
- C:\Windows\System\KGkjwmZ.exe
  C:\Windows\System\KGkjwmZ.exe
  2⤵
  PID:1004
- C:\Windows\System\ZvLMQMk.exe
  C:\Windows\System\ZvLMQMk.exe
  2⤵
  PID:2508
- C:\Windows\System\lZyrCzL.exe
  C:\Windows\System\lZyrCzL.exe
  2⤵
  PID:2972
- C:\Windows\System\rspCDsF.exe
  C:\Windows\System\rspCDsF.exe
  2⤵
  PID:3020
- C:\Windows\System\XCoLryK.exe
  C:\Windows\System\XCoLryK.exe
  2⤵
  PID:2964
- C:\Windows\System\MVKZZGl.exe
  C:\Windows\System\MVKZZGl.exe
  2⤵
  PID:1584
- C:\Windows\System\CdVneUq.exe
  C:\Windows\System\CdVneUq.exe
  2⤵
  PID:2864
- C:\Windows\System\rulIyUm.exe
  C:\Windows\System\rulIyUm.exe
  2⤵
  PID:2268
- C:\Windows\System\oTOPijk.exe
  C:\Windows\System\oTOPijk.exe
  2⤵
  PID:2640
- C:\Windows\System\OQinMOG.exe
  C:\Windows\System\OQinMOG.exe
  2⤵
  PID:2612
- C:\Windows\System\rehzHHB.exe
  C:\Windows\System\rehzHHB.exe
  2⤵
  PID:1444
- C:\Windows\System\vdcWuII.exe
  C:\Windows\System\vdcWuII.exe
  2⤵
  PID:536
- C:\Windows\System\yyrsAcb.exe
  C:\Windows\System\yyrsAcb.exe
  2⤵
  PID:808
- C:\Windows\System\kZqfZtT.exe
  C:\Windows\System\kZqfZtT.exe
  2⤵
  PID:236
- C:\Windows\System\OpuSRcg.exe
  C:\Windows\System\OpuSRcg.exe
  2⤵
  PID:1672
- C:\Windows\System\eYjVcvt.exe
  C:\Windows\System\eYjVcvt.exe
  2⤵
  PID:2368
- C:\Windows\System\ptFswzA.exe
  C:\Windows\System\ptFswzA.exe
  2⤵
  PID:1064
- C:\Windows\System\CpqcKqe.exe
  C:\Windows\System\CpqcKqe.exe
  2⤵
  PID:2776
- C:\Windows\System\nmarUtm.exe
  C:\Windows\System\nmarUtm.exe
  2⤵
  PID:2948
- C:\Windows\System\djdmjCQ.exe
  C:\Windows\System\djdmjCQ.exe
  2⤵
  PID:1536
- C:\Windows\System\ronrLNE.exe
  C:\Windows\System\ronrLNE.exe
  2⤵
  PID:1716
- C:\Windows\System\DBtedCx.exe
  C:\Windows\System\DBtedCx.exe
  2⤵
  PID:2420
- C:\Windows\System\YZbQlkX.exe
  C:\Windows\System\YZbQlkX.exe
  2⤵
  PID:2148
- C:\Windows\System\BYOnggj.exe
  C:\Windows\System\BYOnggj.exe
  2⤵
  PID:1676
- C:\Windows\System\ApSthcX.exe
  C:\Windows\System\ApSthcX.exe
  2⤵
  PID:1980
- C:\Windows\System\ZgoLUau.exe
  C:\Windows\System\ZgoLUau.exe
  2⤵
  PID:1720
- C:\Windows\System\OdFoCFl.exe
  C:\Windows\System\OdFoCFl.exe
  2⤵
  PID:2308
- C:\Windows\System\VRZYqyU.exe
  C:\Windows\System\VRZYqyU.exe
  2⤵
  PID:2664
- C:\Windows\System\FdxEmmn.exe
  C:\Windows\System\FdxEmmn.exe
  2⤵
  PID:2860
- C:\Windows\System\RuSEsqW.exe
  C:\Windows\System\RuSEsqW.exe
  2⤵
  PID:2568
- C:\Windows\System\rcseJcI.exe
  C:\Windows\System\rcseJcI.exe
  2⤵
  PID:2564
- C:\Windows\System\yPVbgKD.exe
  C:\Windows\System\yPVbgKD.exe
  2⤵
  PID:2096
- C:\Windows\System\BSJJidr.exe
  C:\Windows\System\BSJJidr.exe
  2⤵
  PID:2324
- C:\Windows\System\aHAkdNe.exe
  C:\Windows\System\aHAkdNe.exe
  2⤵
  PID:2320
- C:\Windows\System\QsMAqjO.exe
  C:\Windows\System\QsMAqjO.exe
  2⤵
  PID:844
- C:\Windows\System\SjvUDdf.exe
  C:\Windows\System\SjvUDdf.exe
  2⤵
  PID:1856
- C:\Windows\System\ZbbgMXR.exe
  C:\Windows\System\ZbbgMXR.exe
  2⤵
  PID:652
- C:\Windows\System\gnnfmeN.exe
  C:\Windows\System\gnnfmeN.exe
  2⤵
  PID:1752
- C:\Windows\System\fxXtDVQ.exe
  C:\Windows\System\fxXtDVQ.exe
  2⤵
  PID:3032
- C:\Windows\System\MFtOOHD.exe
  C:\Windows\System\MFtOOHD.exe
  2⤵
  PID:2144
- C:\Windows\System\JdJzsVa.exe
  C:\Windows\System\JdJzsVa.exe
  2⤵
  PID:2472
- C:\Windows\System\anpxwmG.exe
  C:\Windows\System\anpxwmG.exe
  2⤵
  PID:2768
- C:\Windows\System\usRdusm.exe
  C:\Windows\System\usRdusm.exe
  2⤵
  PID:3056
- C:\Windows\System\dFzQBql.exe
  C:\Windows\System\dFzQBql.exe
  2⤵
  PID:2876
- C:\Windows\System\WTpTDYn.exe
  C:\Windows\System\WTpTDYn.exe
  2⤵
  PID:1240
- C:\Windows\System\oakUNdH.exe
  C:\Windows\System\oakUNdH.exe
  2⤵
  PID:2808
- C:\Windows\System\hgleYHW.exe
  C:\Windows\System\hgleYHW.exe
  2⤵
  PID:1700
- C:\Windows\System\jqhkwKY.exe
  C:\Windows\System\jqhkwKY.exe
  2⤵
  PID:2376
- C:\Windows\System\siHOaal.exe
  C:\Windows\System\siHOaal.exe
  2⤵
  PID:1732
- C:\Windows\System\tVgEZyj.exe
  C:\Windows\System\tVgEZyj.exe
  2⤵
  PID:2712
- C:\Windows\System\miFjJVR.exe
  C:\Windows\System\miFjJVR.exe
  2⤵
  PID:316
- C:\Windows\System\NiTlPSZ.exe
  C:\Windows\System\NiTlPSZ.exe
  2⤵
  PID:804
- C:\Windows\System\bXIIufW.exe
  C:\Windows\System\bXIIufW.exe
  2⤵
  PID:3084
- C:\Windows\System\gDiyMAL.exe
  C:\Windows\System\gDiyMAL.exe
  2⤵
  PID:3104
- C:\Windows\System\pSglixu.exe
  C:\Windows\System\pSglixu.exe
  2⤵
  PID:3124
- C:\Windows\System\DjOgLiu.exe
  C:\Windows\System\DjOgLiu.exe
  2⤵
  PID:3148
- C:\Windows\System\XwnNxeC.exe
  C:\Windows\System\XwnNxeC.exe
  2⤵
  PID:3168
- C:\Windows\System\gzJSHhn.exe
  C:\Windows\System\gzJSHhn.exe
  2⤵
  PID:3188
- C:\Windows\System\GufpBQW.exe
  C:\Windows\System\GufpBQW.exe
  2⤵
  PID:3208
- C:\Windows\System\kPNuJJA.exe
  C:\Windows\System\kPNuJJA.exe
  2⤵
  PID:3228
- C:\Windows\System\juUzHma.exe
  C:\Windows\System\juUzHma.exe
  2⤵
  PID:3248
- C:\Windows\System\mbDVtyT.exe
  C:\Windows\System\mbDVtyT.exe
  2⤵
  PID:3268
- C:\Windows\System\cYNViMG.exe
  C:\Windows\System\cYNViMG.exe
  2⤵
  PID:3288
- C:\Windows\System\MLVoUol.exe
  C:\Windows\System\MLVoUol.exe
  2⤵
  PID:3304
- C:\Windows\System\HPAtQzL.exe
  C:\Windows\System\HPAtQzL.exe
  2⤵
  PID:3328
- C:\Windows\System\ytefQLg.exe
  C:\Windows\System\ytefQLg.exe
  2⤵
  PID:3348
- C:\Windows\System\seuFjIy.exe
  C:\Windows\System\seuFjIy.exe
  2⤵
  PID:3368
- C:\Windows\System\jLlFpOH.exe
  C:\Windows\System\jLlFpOH.exe
  2⤵
  PID:3388
- C:\Windows\System\WrTmcey.exe
  C:\Windows\System\WrTmcey.exe
  2⤵
  PID:3408
- C:\Windows\System\pjWYOVE.exe
  C:\Windows\System\pjWYOVE.exe
  2⤵
  PID:3428
- C:\Windows\System\FEPXdIu.exe
  C:\Windows\System\FEPXdIu.exe
  2⤵
  PID:3448
- C:\Windows\System\xLZSgDY.exe
  C:\Windows\System\xLZSgDY.exe
  2⤵
  PID:3464
- C:\Windows\System\YzQiJGG.exe
  C:\Windows\System\YzQiJGG.exe
  2⤵
  PID:3484
- C:\Windows\System\zYcfpuP.exe
  C:\Windows\System\zYcfpuP.exe
  2⤵
  PID:3504
- C:\Windows\System\XvaGafI.exe
  C:\Windows\System\XvaGafI.exe
  2⤵
  PID:3528
- C:\Windows\System\tHAnatH.exe
  C:\Windows\System\tHAnatH.exe
  2⤵
  PID:3548
- C:\Windows\System\deEeZSM.exe
  C:\Windows\System\deEeZSM.exe
  2⤵
  PID:3568
- C:\Windows\System\VeWzmPE.exe
  C:\Windows\System\VeWzmPE.exe
  2⤵
  PID:3584
- C:\Windows\System\lQpNYis.exe
  C:\Windows\System\lQpNYis.exe
  2⤵
  PID:3604
- C:\Windows\System\mXZFRLU.exe
  C:\Windows\System\mXZFRLU.exe
  2⤵
  PID:3628
- C:\Windows\System\DyVwaeC.exe
  C:\Windows\System\DyVwaeC.exe
  2⤵
  PID:3648
- C:\Windows\System\wlZjwJr.exe
  C:\Windows\System\wlZjwJr.exe
  2⤵
  PID:3668
- C:\Windows\System\bHiKEZX.exe
  C:\Windows\System\bHiKEZX.exe
  2⤵
  PID:3688
- C:\Windows\System\TlfxLNc.exe
  C:\Windows\System\TlfxLNc.exe
  2⤵
  PID:3708
- C:\Windows\System\sHUDGxO.exe
  C:\Windows\System\sHUDGxO.exe
  2⤵
  PID:3728
- C:\Windows\System\ZLavMDi.exe
  C:\Windows\System\ZLavMDi.exe
  2⤵
  PID:3748
- C:\Windows\System\kNVbxfT.exe
  C:\Windows\System\kNVbxfT.exe
  2⤵
  PID:3768
- C:\Windows\System\QSbgYyz.exe
  C:\Windows\System\QSbgYyz.exe
  2⤵
  PID:3788
- C:\Windows\System\hIEkloN.exe
  C:\Windows\System\hIEkloN.exe
  2⤵
  PID:3808
- C:\Windows\System\esoCdZz.exe
  C:\Windows\System\esoCdZz.exe
  2⤵
  PID:3828
- C:\Windows\System\kejFsgq.exe
  C:\Windows\System\kejFsgq.exe
  2⤵
  PID:3848
- C:\Windows\System\iCXKRIq.exe
  C:\Windows\System\iCXKRIq.exe
  2⤵
  PID:3864
- C:\Windows\System\FXKpUMU.exe
  C:\Windows\System\FXKpUMU.exe
  2⤵
  PID:3884
- C:\Windows\System\unyhqGc.exe
  C:\Windows\System\unyhqGc.exe
  2⤵
  PID:3908
- C:\Windows\System\oYJxDni.exe
  C:\Windows\System\oYJxDni.exe
  2⤵
  PID:3928
- C:\Windows\System\JyNeUNn.exe
  C:\Windows\System\JyNeUNn.exe
  2⤵
  PID:3948
- C:\Windows\System\nlkhUYk.exe
  C:\Windows\System\nlkhUYk.exe
  2⤵
  PID:3968
- C:\Windows\System\fuJoWFd.exe
  C:\Windows\System\fuJoWFd.exe
  2⤵
  PID:3988
- C:\Windows\System\PeDDFve.exe
  C:\Windows\System\PeDDFve.exe
  2⤵
  PID:4008
- C:\Windows\System\QcztMTH.exe
  C:\Windows\System\QcztMTH.exe
  2⤵
  PID:4028
- C:\Windows\System\Njaazuf.exe
  C:\Windows\System\Njaazuf.exe
  2⤵
  PID:4048
- C:\Windows\System\BfLAWUa.exe
  C:\Windows\System\BfLAWUa.exe
  2⤵
  PID:4064
- C:\Windows\System\qMzaTqj.exe
  C:\Windows\System\qMzaTqj.exe
  2⤵
  PID:4084
- C:\Windows\System\uUNTfVy.exe
  C:\Windows\System\uUNTfVy.exe
  2⤵
  PID:852
- C:\Windows\System\AdoebhH.exe
  C:\Windows\System\AdoebhH.exe
  2⤵
  PID:2196
- C:\Windows\System\BCKpzas.exe
  C:\Windows\System\BCKpzas.exe
  2⤵
  PID:2028
- C:\Windows\System\ldLoBEH.exe
  C:\Windows\System\ldLoBEH.exe
  2⤵
  PID:2688
- C:\Windows\System\XENaNME.exe
  C:\Windows\System\XENaNME.exe
  2⤵
  PID:3016
- C:\Windows\System\tcQRJsP.exe
  C:\Windows\System\tcQRJsP.exe
  2⤵
  PID:3100
- C:\Windows\System\LrdYioD.exe
  C:\Windows\System\LrdYioD.exe
  2⤵
  PID:3140
- C:\Windows\System\CZZDaZj.exe
  C:\Windows\System\CZZDaZj.exe
  2⤵
  PID:3204
- C:\Windows\System\GvpANqF.exe
  C:\Windows\System\GvpANqF.exe
  2⤵
  PID:3200
- C:\Windows\System\XtTwyzY.exe
  C:\Windows\System\XtTwyzY.exe
  2⤵
  PID:3224
- C:\Windows\System\SRtAfaD.exe
  C:\Windows\System\SRtAfaD.exe
  2⤵
  PID:3264
- C:\Windows\System\LINtNfm.exe
  C:\Windows\System\LINtNfm.exe
  2⤵
  PID:3300
- C:\Windows\System\NOFLSBu.exe
  C:\Windows\System\NOFLSBu.exe
  2⤵
  PID:3364
- C:\Windows\System\ltMbobS.exe
  C:\Windows\System\ltMbobS.exe
  2⤵
  PID:3396
- C:\Windows\System\fWCVlMR.exe
  C:\Windows\System\fWCVlMR.exe
  2⤵
  PID:3444
- C:\Windows\System\lDkKHqC.exe
  C:\Windows\System\lDkKHqC.exe
  2⤵
  PID:3416
- C:\Windows\System\XSGelSC.exe
  C:\Windows\System\XSGelSC.exe
  2⤵
  PID:3512
- C:\Windows\System\myGwpqb.exe
  C:\Windows\System\myGwpqb.exe
  2⤵
  PID:2828
- C:\Windows\System\DGuoHDx.exe
  C:\Windows\System\DGuoHDx.exe
  2⤵
  PID:3564
- C:\Windows\System\zfzKfsl.exe
  C:\Windows\System\zfzKfsl.exe
  2⤵
  PID:3592
- C:\Windows\System\IxxlpNF.exe
  C:\Windows\System\IxxlpNF.exe
  2⤵
  PID:3580
- C:\Windows\System\SYTmidL.exe
  C:\Windows\System\SYTmidL.exe
  2⤵
  PID:3620
- C:\Windows\System\WQUSnWP.exe
  C:\Windows\System\WQUSnWP.exe
  2⤵
  PID:3680
- C:\Windows\System\zDeHrPg.exe
  C:\Windows\System\zDeHrPg.exe
  2⤵
  PID:3724
- C:\Windows\System\qWPIwTE.exe
  C:\Windows\System\qWPIwTE.exe
  2⤵
  PID:3764
- C:\Windows\System\ejyLzgU.exe
  C:\Windows\System\ejyLzgU.exe
  2⤵
  PID:3776
- C:\Windows\System\GIldiNv.exe
  C:\Windows\System\GIldiNv.exe
  2⤵
  PID:3780
- C:\Windows\System\IGELYfK.exe
  C:\Windows\System\IGELYfK.exe
  2⤵
  PID:3824
- C:\Windows\System\DriqosD.exe
  C:\Windows\System\DriqosD.exe
  2⤵
  PID:3892
- C:\Windows\System\sRjUiIW.exe
  C:\Windows\System\sRjUiIW.exe
  2⤵
  PID:3924
- C:\Windows\System\zQBXQGt.exe
  C:\Windows\System\zQBXQGt.exe
  2⤵
  PID:1040
- C:\Windows\System\kAppxfE.exe
  C:\Windows\System\kAppxfE.exe
  2⤵
  PID:3944
- C:\Windows\System\gYgsaEH.exe
  C:\Windows\System\gYgsaEH.exe
  2⤵
  PID:3976
- C:\Windows\System\GuRsgCI.exe
  C:\Windows\System\GuRsgCI.exe
  2⤵
  PID:3980
- C:\Windows\System\rlBxXmG.exe
  C:\Windows\System\rlBxXmG.exe
  2⤵
  PID:4080
- C:\Windows\System\omNUlIf.exe
  C:\Windows\System\omNUlIf.exe
  2⤵
  PID:2312
- C:\Windows\System\mawFLEJ.exe
  C:\Windows\System\mawFLEJ.exe
  2⤵
  PID:1780
- C:\Windows\System\HkRGPHI.exe
  C:\Windows\System\HkRGPHI.exe
  2⤵
  PID:3112
- C:\Windows\System\zXMHwvT.exe
  C:\Windows\System\zXMHwvT.exe
  2⤵
  PID:3136
- C:\Windows\System\APBtBHG.exe
  C:\Windows\System\APBtBHG.exe
  2⤵
  PID:2840
- C:\Windows\System\ckyCCzH.exe
  C:\Windows\System\ckyCCzH.exe
  2⤵
  PID:3240
- C:\Windows\System\jagdnFh.exe
  C:\Windows\System\jagdnFh.exe
  2⤵
  PID:3156
- C:\Windows\System\lCwYHHy.exe
  C:\Windows\System\lCwYHHy.exe
  2⤵
  PID:3344
- C:\Windows\System\lzxGKVQ.exe
  C:\Windows\System\lzxGKVQ.exe
  2⤵
  PID:3380
- C:\Windows\System\NvduBHe.exe
  C:\Windows\System\NvduBHe.exe
  2⤵
  PID:3440
- C:\Windows\System\QkNNakD.exe
  C:\Windows\System\QkNNakD.exe
  2⤵
  PID:3456
- C:\Windows\System\BrtMbOQ.exe
  C:\Windows\System\BrtMbOQ.exe
  2⤵
  PID:3420
- C:\Windows\System\bPTJXae.exe
  C:\Windows\System\bPTJXae.exe
  2⤵
  PID:3540
- C:\Windows\System\NOfowab.exe
  C:\Windows\System\NOfowab.exe
  2⤵
  PID:3624
- C:\Windows\System\zSQkJlg.exe
  C:\Windows\System\zSQkJlg.exe
  2⤵
  PID:3656
- C:\Windows\System\OmVPkvO.exe
  C:\Windows\System\OmVPkvO.exe
  2⤵
  PID:3736
- C:\Windows\System\kakHNQT.exe
  C:\Windows\System\kakHNQT.exe
  2⤵
  PID:3744
- C:\Windows\System\LcuTWJn.exe
  C:\Windows\System\LcuTWJn.exe
  2⤵
  PID:3844
- C:\Windows\System\oKfZkFB.exe
  C:\Windows\System\oKfZkFB.exe
  2⤵
  PID:3916
- C:\Windows\System\BOEeEPq.exe
  C:\Windows\System\BOEeEPq.exe
  2⤵
  PID:3936
- C:\Windows\System\RyGyOBW.exe
  C:\Windows\System\RyGyOBW.exe
  2⤵
  PID:1792
- C:\Windows\System\ewwRsZJ.exe
  C:\Windows\System\ewwRsZJ.exe
  2⤵
  PID:4000
- C:\Windows\System\TTtpFIK.exe
  C:\Windows\System\TTtpFIK.exe
  2⤵
  PID:2272
- C:\Windows\System\vyayRlP.exe
  C:\Windows\System\vyayRlP.exe
  2⤵
  PID:4056
- C:\Windows\System\gstvPYX.exe
  C:\Windows\System\gstvPYX.exe
  2⤵
  PID:3196
- C:\Windows\System\yfNNCUN.exe
  C:\Windows\System\yfNNCUN.exe
  2⤵
  PID:3160
- C:\Windows\System\JUSjYYk.exe
  C:\Windows\System\JUSjYYk.exe
  2⤵
  PID:3256
- C:\Windows\System\oRhZgLe.exe
  C:\Windows\System\oRhZgLe.exe
  2⤵
  PID:3180
- C:\Windows\System\JZvVYyV.exe
  C:\Windows\System\JZvVYyV.exe
  2⤵
  PID:3340
- C:\Windows\System\LPzHvRZ.exe
  C:\Windows\System\LPzHvRZ.exe
  2⤵
  PID:3472
- C:\Windows\System\VMydKhb.exe
  C:\Windows\System\VMydKhb.exe
  2⤵
  PID:3476
- C:\Windows\System\jSkOpxd.exe
  C:\Windows\System\jSkOpxd.exe
  2⤵
  PID:3740
- C:\Windows\System\hUAbjiN.exe
  C:\Windows\System\hUAbjiN.exe
  2⤵
  PID:3676
- C:\Windows\System\sjYWjlx.exe
  C:\Windows\System\sjYWjlx.exe
  2⤵
  PID:3860
- C:\Windows\System\HWMDQKu.exe
  C:\Windows\System\HWMDQKu.exe
  2⤵
  PID:2572
- C:\Windows\System\IkcUvRE.exe
  C:\Windows\System\IkcUvRE.exe
  2⤵
  PID:1392
- C:\Windows\System\rPFDCuz.exe
  C:\Windows\System\rPFDCuz.exe
  2⤵
  PID:4040
- C:\Windows\System\HcYFOje.exe
  C:\Windows\System\HcYFOje.exe
  2⤵
  PID:956
- C:\Windows\System\AmlGZRf.exe
  C:\Windows\System\AmlGZRf.exe
  2⤵
  PID:2764
- C:\Windows\System\LKbGbqp.exe
  C:\Windows\System\LKbGbqp.exe
  2⤵
  PID:3216
- C:\Windows\System\BWjnCaM.exe
  C:\Windows\System\BWjnCaM.exe
  2⤵
  PID:3296
- C:\Windows\System\QrTnjzR.exe
  C:\Windows\System\QrTnjzR.exe
  2⤵
  PID:3460
- C:\Windows\System\XgtAPyp.exe
  C:\Windows\System\XgtAPyp.exe
  2⤵
  PID:3636
- C:\Windows\System\ToRoaZL.exe
  C:\Windows\System\ToRoaZL.exe
  2⤵
  PID:4044
- C:\Windows\System\ctoMqGs.exe
  C:\Windows\System\ctoMqGs.exe
  2⤵
  PID:3800
- C:\Windows\System\tQhFToe.exe
  C:\Windows\System\tQhFToe.exe
  2⤵
  PID:3836
- C:\Windows\System\XYMcosU.exe
  C:\Windows\System\XYMcosU.exe
  2⤵
  PID:1608
- C:\Windows\System\JeDYhhl.exe
  C:\Windows\System\JeDYhhl.exe
  2⤵
  PID:2844
- C:\Windows\System\ebRkMVB.exe
  C:\Windows\System\ebRkMVB.exe
  2⤵
  PID:3616
- C:\Windows\System\lkhPHQB.exe
  C:\Windows\System\lkhPHQB.exe
  2⤵
  PID:860
- C:\Windows\System\hsnyKjC.exe
  C:\Windows\System\hsnyKjC.exe
  2⤵
  PID:4092
- C:\Windows\System\nvTjtkA.exe
  C:\Windows\System\nvTjtkA.exe
  2⤵
  PID:3424
- C:\Windows\System\yUgfhFy.exe
  C:\Windows\System\yUgfhFy.exe
  2⤵
  PID:4108
- C:\Windows\System\xYXbAUQ.exe
  C:\Windows\System\xYXbAUQ.exe
  2⤵
  PID:4124
- C:\Windows\System\OPWWfbX.exe
  C:\Windows\System\OPWWfbX.exe
  2⤵
  PID:4156
- C:\Windows\System\RhJEVOx.exe
  C:\Windows\System\RhJEVOx.exe
  2⤵
  PID:4172
- C:\Windows\System\JVddcyX.exe
  C:\Windows\System\JVddcyX.exe
  2⤵
  PID:4192
- C:\Windows\System\ekDEpMP.exe
  C:\Windows\System\ekDEpMP.exe
  2⤵
  PID:4212
- C:\Windows\System\OljHlRo.exe
  C:\Windows\System\OljHlRo.exe
  2⤵
  PID:4232
- C:\Windows\System\jPGKcDu.exe
  C:\Windows\System\jPGKcDu.exe
  2⤵
  PID:4252
- C:\Windows\System\yCQpIIN.exe
  C:\Windows\System\yCQpIIN.exe
  2⤵
  PID:4280
- C:\Windows\System\xEWPoyz.exe
  C:\Windows\System\xEWPoyz.exe
  2⤵
  PID:4304
- C:\Windows\System\RdgHmXg.exe
  C:\Windows\System\RdgHmXg.exe
  2⤵
  PID:4324
- C:\Windows\System\owQOwMQ.exe
  C:\Windows\System\owQOwMQ.exe
  2⤵
  PID:4344
- C:\Windows\System\cVPHDKT.exe
  C:\Windows\System\cVPHDKT.exe
  2⤵
  PID:4372
- C:\Windows\System\HbBOOni.exe
  C:\Windows\System\HbBOOni.exe
  2⤵
  PID:4392
- C:\Windows\System\pDfkYPW.exe
  C:\Windows\System\pDfkYPW.exe
  2⤵
  PID:4412
- C:\Windows\System\fAhHBMS.exe
  C:\Windows\System\fAhHBMS.exe
  2⤵
  PID:4428
- C:\Windows\System\jImgYUT.exe
  C:\Windows\System\jImgYUT.exe
  2⤵
  PID:4448
- C:\Windows\System\MxuePlH.exe
  C:\Windows\System\MxuePlH.exe
  2⤵
  PID:4484
- C:\Windows\System\pthNoup.exe
  C:\Windows\System\pthNoup.exe
  2⤵
  PID:4504
- C:\Windows\System\VXxOMQI.exe
  C:\Windows\System\VXxOMQI.exe
  2⤵
  PID:4520
- C:\Windows\System\giuipvi.exe
  C:\Windows\System\giuipvi.exe
  2⤵
  PID:4548
- C:\Windows\System\CXkmgVH.exe
  C:\Windows\System\CXkmgVH.exe
  2⤵
  PID:4572
- C:\Windows\System\zuWZdHP.exe
  C:\Windows\System\zuWZdHP.exe
  2⤵
  PID:4592
- C:\Windows\System\OHINdlq.exe
  C:\Windows\System\OHINdlq.exe
  2⤵
  PID:4608
- C:\Windows\System\DFCwfjA.exe
  C:\Windows\System\DFCwfjA.exe
  2⤵
  PID:4632
- C:\Windows\System\YeJZoqz.exe
  C:\Windows\System\YeJZoqz.exe
  2⤵
  PID:4648
- C:\Windows\System\vDHYMsf.exe
  C:\Windows\System\vDHYMsf.exe
  2⤵
  PID:4668
- C:\Windows\System\PtTmFwc.exe
  C:\Windows\System\PtTmFwc.exe
  2⤵
  PID:4688
- C:\Windows\System\emQxWBK.exe
  C:\Windows\System\emQxWBK.exe
  2⤵
  PID:4708
- C:\Windows\System\DIttMOD.exe
  C:\Windows\System\DIttMOD.exe
  2⤵
  PID:4732
- C:\Windows\System\zeiqNxf.exe
  C:\Windows\System\zeiqNxf.exe
  2⤵
  PID:4752
- C:\Windows\System\dNpUWBh.exe
  C:\Windows\System\dNpUWBh.exe
  2⤵
  PID:4772
- C:\Windows\System\KxYdbaU.exe
  C:\Windows\System\KxYdbaU.exe
  2⤵
  PID:4792
- C:\Windows\System\wdRhjmz.exe
  C:\Windows\System\wdRhjmz.exe
  2⤵
  PID:4808
- C:\Windows\System\YXxOnFB.exe
  C:\Windows\System\YXxOnFB.exe
  2⤵
  PID:4832
- C:\Windows\System\OfFfVgw.exe
  C:\Windows\System\OfFfVgw.exe
  2⤵
  PID:4852
- C:\Windows\System\PhVQqlY.exe
  C:\Windows\System\PhVQqlY.exe
  2⤵
  PID:4872
- C:\Windows\System\HbejeNt.exe
  C:\Windows\System\HbejeNt.exe
  2⤵
  PID:4888
- C:\Windows\System\BKHRadP.exe
  C:\Windows\System\BKHRadP.exe
  2⤵
  PID:4908
- C:\Windows\System\ZjaKnHg.exe
  C:\Windows\System\ZjaKnHg.exe
  2⤵
  PID:4928
- C:\Windows\System\rfgarGV.exe
  C:\Windows\System\rfgarGV.exe
  2⤵
  PID:4948
- C:\Windows\System\FcgwPxt.exe
  C:\Windows\System\FcgwPxt.exe
  2⤵
  PID:4968
- C:\Windows\System\nObfQfl.exe
  C:\Windows\System\nObfQfl.exe
  2⤵
  PID:4988
- C:\Windows\System\hznVoXg.exe
  C:\Windows\System\hznVoXg.exe
  2⤵
  PID:5008
- C:\Windows\System\LOruFYr.exe
  C:\Windows\System\LOruFYr.exe
  2⤵
  PID:5032
- C:\Windows\System\dwPPnmZ.exe
  C:\Windows\System\dwPPnmZ.exe
  2⤵
  PID:5052
- C:\Windows\System\xeMSJIg.exe
  C:\Windows\System\xeMSJIg.exe
  2⤵
  PID:5072
- C:\Windows\System\nvrEQSZ.exe
  C:\Windows\System\nvrEQSZ.exe
  2⤵
  PID:5092
- C:\Windows\System\XmKYsyx.exe
  C:\Windows\System\XmKYsyx.exe
  2⤵
  PID:5112
- C:\Windows\System\ORBpeWo.exe
  C:\Windows\System\ORBpeWo.exe
  2⤵
  PID:2952
- C:\Windows\System\THJpEFn.exe
  C:\Windows\System\THJpEFn.exe
  2⤵
  PID:4100
- C:\Windows\System\fNlulFj.exe
  C:\Windows\System\fNlulFj.exe
  2⤵
  PID:4148
- C:\Windows\System\FicRKGi.exe
  C:\Windows\System\FicRKGi.exe
  2⤵
  PID:3276
- C:\Windows\System\rJimVMc.exe
  C:\Windows\System\rJimVMc.exe
  2⤵
  PID:4184
- C:\Windows\System\ckvvEfm.exe
  C:\Windows\System\ckvvEfm.exe
  2⤵
  PID:4120
- C:\Windows\System\ZZaXenV.exe
  C:\Windows\System\ZZaXenV.exe
  2⤵
  PID:4204
- C:\Windows\System\bISRqxl.exe
  C:\Windows\System\bISRqxl.exe
  2⤵
  PID:4292
- C:\Windows\System\htDfQfr.exe
  C:\Windows\System\htDfQfr.exe
  2⤵
  PID:4300
- C:\Windows\System\CJwYzXx.exe
  C:\Windows\System\CJwYzXx.exe
  2⤵
  PID:4356
- C:\Windows\System\vftuUCk.exe
  C:\Windows\System\vftuUCk.exe
  2⤵
  PID:4408
- C:\Windows\System\uzaGdjG.exe
  C:\Windows\System\uzaGdjG.exe
  2⤵
  PID:4440
- C:\Windows\System\owXauPk.exe
  C:\Windows\System\owXauPk.exe
  2⤵
  PID:4456
- C:\Windows\System\cxcJhdw.exe
  C:\Windows\System\cxcJhdw.exe
  2⤵
  PID:4500
- C:\Windows\System\yJZIXyZ.exe
  C:\Windows\System\yJZIXyZ.exe
  2⤵
  PID:4540
- C:\Windows\System\MRKNNZu.exe
  C:\Windows\System\MRKNNZu.exe
  2⤵
  PID:4516
- C:\Windows\System\uFqSfhI.exe
  C:\Windows\System\uFqSfhI.exe
  2⤵
  PID:4556
- C:\Windows\System\ctmopba.exe
  C:\Windows\System\ctmopba.exe
  2⤵
  PID:4600
- C:\Windows\System\ZfumqrR.exe
  C:\Windows\System\ZfumqrR.exe
  2⤵
  PID:4640
- C:\Windows\System\VrEfImt.exe
  C:\Windows\System\VrEfImt.exe
  2⤵
  PID:4680
- C:\Windows\System\xnyZkcV.exe
  C:\Windows\System\xnyZkcV.exe
  2⤵
  PID:4728
- C:\Windows\System\bZMhLOB.exe
  C:\Windows\System\bZMhLOB.exe
  2⤵
  PID:4768
- C:\Windows\System\NDrVces.exe
  C:\Windows\System\NDrVces.exe
  2⤵
  PID:4784
- C:\Windows\System\UQvrbVU.exe
  C:\Windows\System\UQvrbVU.exe
  2⤵
  PID:4860
- C:\Windows\System\ArWiOlH.exe
  C:\Windows\System\ArWiOlH.exe
  2⤵
  PID:4840
- C:\Windows\System\OueyIRP.exe
  C:\Windows\System\OueyIRP.exe
  2⤵
  PID:4936
- C:\Windows\System\czXwaCh.exe
  C:\Windows\System\czXwaCh.exe
  2⤵
  PID:4916
- C:\Windows\System\xDzCxZU.exe
  C:\Windows\System\xDzCxZU.exe
  2⤵
  PID:4980
- C:\Windows\System\AgyhKBi.exe
  C:\Windows\System\AgyhKBi.exe
  2⤵
  PID:5020
- C:\Windows\System\aryIRev.exe
  C:\Windows\System\aryIRev.exe
  2⤵
  PID:5064
- C:\Windows\System\MHtTNeZ.exe
  C:\Windows\System\MHtTNeZ.exe
  2⤵
  PID:5100
- C:\Windows\System\dlnVcEf.exe
  C:\Windows\System\dlnVcEf.exe
  2⤵
  PID:5104
- C:\Windows\System\NQMuTYv.exe
  C:\Windows\System\NQMuTYv.exe
  2⤵
  PID:4144
- C:\Windows\System\NbJyhBd.exe
  C:\Windows\System\NbJyhBd.exe
  2⤵
  PID:3436
- C:\Windows\System\ZmpjWUx.exe
  C:\Windows\System\ZmpjWUx.exe
  2⤵
  PID:2852
- C:\Windows\System\hcynbBt.exe
  C:\Windows\System\hcynbBt.exe
  2⤵
  PID:4180
- C:\Windows\System\jHDvZhn.exe
  C:\Windows\System\jHDvZhn.exe
  2⤵
  PID:4320
- C:\Windows\System\yMcIoMF.exe
  C:\Windows\System\yMcIoMF.exe
  2⤵
  PID:4164
- C:\Windows\System\lKouEiN.exe
  C:\Windows\System\lKouEiN.exe
  2⤵
  PID:4436
- C:\Windows\System\CZeKgkw.exe
  C:\Windows\System\CZeKgkw.exe
  2⤵
  PID:4588
- C:\Windows\System\MlulDzJ.exe
  C:\Windows\System\MlulDzJ.exe
  2⤵
  PID:4336
- C:\Windows\System\QYUfzfT.exe
  C:\Windows\System\QYUfzfT.exe
  2⤵
  PID:4628
- C:\Windows\System\vwtbjpE.exe
  C:\Windows\System\vwtbjpE.exe
  2⤵
  PID:4704
- C:\Windows\System\tRyrnAh.exe
  C:\Windows\System\tRyrnAh.exe
  2⤵
  PID:4664
- C:\Windows\System\GkYSsKJ.exe
  C:\Windows\System\GkYSsKJ.exe
  2⤵
  PID:4744
- C:\Windows\System\JXtGJot.exe
  C:\Windows\System\JXtGJot.exe
  2⤵
  PID:4676
- C:\Windows\System\ffoxQcR.exe
  C:\Windows\System\ffoxQcR.exe
  2⤵
  PID:4800
- C:\Windows\System\KVyKGfC.exe
  C:\Windows\System\KVyKGfC.exe
  2⤵
  PID:4900
- C:\Windows\System\jKBAKxh.exe
  C:\Windows\System\jKBAKxh.exe
  2⤵
  PID:4884
- C:\Windows\System\TvgqLUw.exe
  C:\Windows\System\TvgqLUw.exe
  2⤵
  PID:4880
- C:\Windows\System\dRkFPqj.exe
  C:\Windows\System\dRkFPqj.exe
  2⤵
  PID:5044
- C:\Windows\System\bZQwsIC.exe
  C:\Windows\System\bZQwsIC.exe
  2⤵
  PID:3120
- C:\Windows\System\wUNfzQF.exe
  C:\Windows\System\wUNfzQF.exe
  2⤵
  PID:2588
- C:\Windows\System\gJgaKFh.exe
  C:\Windows\System\gJgaKFh.exe
  2⤵
  PID:1804
- C:\Windows\System\XHBDtMa.exe
  C:\Windows\System\XHBDtMa.exe
  2⤵
  PID:4200
- C:\Windows\System\dOWywwA.exe
  C:\Windows\System\dOWywwA.exe
  2⤵
  PID:4244
- C:\Windows\System\oFMViLB.exe
  C:\Windows\System\oFMViLB.exe
  2⤵
  PID:4384
- C:\Windows\System\HzGqaiD.exe
  C:\Windows\System\HzGqaiD.exe
  2⤵
  PID:4584
- C:\Windows\System\vRavFYa.exe
  C:\Windows\System\vRavFYa.exe
  2⤵
  PID:4444
- C:\Windows\System\TYhBewS.exe
  C:\Windows\System\TYhBewS.exe
  2⤵
  PID:2524
- C:\Windows\System\FSrsAVk.exe
  C:\Windows\System\FSrsAVk.exe
  2⤵
  PID:4700
- C:\Windows\System\WelfMZw.exe
  C:\Windows\System\WelfMZw.exe
  2⤵
  PID:2824
- C:\Windows\System\LSQdQlf.exe
  C:\Windows\System\LSQdQlf.exe
  2⤵
  PID:5068
- C:\Windows\System\PeUkbNG.exe
  C:\Windows\System\PeUkbNG.exe
  2⤵
  PID:4984
- C:\Windows\System\SggKKFP.exe
  C:\Windows\System\SggKKFP.exe
  2⤵
  PID:5084
- C:\Windows\System\jbtAfuH.exe
  C:\Windows\System\jbtAfuH.exe
  2⤵
  PID:5000
- C:\Windows\System\PQpooKr.exe
  C:\Windows\System\PQpooKr.exe
  2⤵
  PID:1296
- C:\Windows\System\nGHbGgB.exe
  C:\Windows\System\nGHbGgB.exe
  2⤵
  PID:3612
- C:\Windows\System\GdyqYgA.exe
  C:\Windows\System\GdyqYgA.exe
  2⤵
  PID:4656
- C:\Windows\System\xqBIywB.exe
  C:\Windows\System\xqBIywB.exe
  2⤵
  PID:4352
- C:\Windows\System\BaSeCDU.exe
  C:\Windows\System\BaSeCDU.exe
  2⤵
  PID:2880
- C:\Windows\System\uoMwMks.exe
  C:\Windows\System\uoMwMks.exe
  2⤵
  PID:2996
- C:\Windows\System\SaTWVHJ.exe
  C:\Windows\System\SaTWVHJ.exe
  2⤵
  PID:4544
- C:\Windows\System\aRLnSLo.exe
  C:\Windows\System\aRLnSLo.exe
  2⤵
  PID:2468
- C:\Windows\System\hBXSaSu.exe
  C:\Windows\System\hBXSaSu.exe
  2⤵
  PID:2104
- C:\Windows\System\IFtElKb.exe
  C:\Windows\System\IFtElKb.exe
  2⤵
  PID:5024
- C:\Windows\System\ohNQqoR.exe
  C:\Windows\System\ohNQqoR.exe
  2⤵
  PID:4924
- C:\Windows\System\WidSldx.exe
  C:\Windows\System\WidSldx.exe
  2⤵
  PID:2360
- C:\Windows\System\zzaikif.exe
  C:\Windows\System\zzaikif.exe
  2⤵
  PID:4116
- C:\Windows\System\Skllrxc.exe
  C:\Windows\System\Skllrxc.exe
  2⤵
  PID:1964
- C:\Windows\System\YlbyWEh.exe
  C:\Windows\System\YlbyWEh.exe
  2⤵
  PID:2656
- C:\Windows\System\sKMXowp.exe
  C:\Windows\System\sKMXowp.exe
  2⤵
  PID:4820
- C:\Windows\System\AFrdlqv.exe
  C:\Windows\System\AFrdlqv.exe
  2⤵
  PID:1996
- C:\Windows\System\OVPFwgn.exe
  C:\Windows\System\OVPFwgn.exe
  2⤵
  PID:4896
- C:\Windows\System\YCYloDh.exe
  C:\Windows\System\YCYloDh.exe
  2⤵
  PID:3496
- C:\Windows\System\sHCZxiM.exe
  C:\Windows\System\sHCZxiM.exe
  2⤵
  PID:2928
- C:\Windows\System\odJMoKS.exe
  C:\Windows\System\odJMoKS.exe
  2⤵
  PID:4788
- C:\Windows\System\CLnHxqG.exe
  C:\Windows\System\CLnHxqG.exe
  2⤵
  PID:4964
- C:\Windows\System\lNpRziM.exe
  C:\Windows\System\lNpRziM.exe
  2⤵
  PID:4136
- C:\Windows\System\NHDJaJc.exe
  C:\Windows\System\NHDJaJc.exe
  2⤵
  PID:4568
- C:\Windows\System\jwaFFXU.exe
  C:\Windows\System\jwaFFXU.exe
  2⤵
  PID:2040
- C:\Windows\System\fsLNeVV.exe
  C:\Windows\System\fsLNeVV.exe
  2⤵
  PID:2256
- C:\Windows\System\AOAuFWE.exe
  C:\Windows\System\AOAuFWE.exe
  2⤵
  PID:1464
- C:\Windows\System\wcFKpIG.exe
  C:\Windows\System\wcFKpIG.exe
  2⤵
  PID:4828
- C:\Windows\System\jZDIdZN.exe
  C:\Windows\System\jZDIdZN.exe
  2⤵
  PID:5016
- C:\Windows\System\zMtXCGR.exe
  C:\Windows\System\zMtXCGR.exe
  2⤵
  PID:4724
- C:\Windows\System\EHhPfYY.exe
  C:\Windows\System\EHhPfYY.exe
  2⤵
  PID:1660
- C:\Windows\System\CxcOyIi.exe
  C:\Windows\System\CxcOyIi.exe
  2⤵
  PID:4420
- C:\Windows\System\tOvTebM.exe
  C:\Windows\System\tOvTebM.exe
  2⤵
  PID:2624
- C:\Windows\System\zlZHgdA.exe
  C:\Windows\System\zlZHgdA.exe
  2⤵
  PID:5128
- C:\Windows\System\khfbrBh.exe
  C:\Windows\System\khfbrBh.exe
  2⤵
  PID:5144
- C:\Windows\System\tATcSUK.exe
  C:\Windows\System\tATcSUK.exe
  2⤵
  PID:5160
- C:\Windows\System\BMUjFks.exe
  C:\Windows\System\BMUjFks.exe
  2⤵
  PID:5184
- C:\Windows\System\QqqSrML.exe
  C:\Windows\System\QqqSrML.exe
  2⤵
  PID:5200
- C:\Windows\System\CXqamWn.exe
  C:\Windows\System\CXqamWn.exe
  2⤵
  PID:5216
- C:\Windows\System\njtbaUb.exe
  C:\Windows\System\njtbaUb.exe
  2⤵
  PID:5236
- C:\Windows\System\ONbyjwX.exe
  C:\Windows\System\ONbyjwX.exe
  2⤵
  PID:5260
- C:\Windows\System\aDvlzEM.exe
  C:\Windows\System\aDvlzEM.exe
  2⤵
  PID:5276
- C:\Windows\System\pygQVpy.exe
  C:\Windows\System\pygQVpy.exe
  2⤵
  PID:5292
- C:\Windows\System\LKMsdGp.exe
  C:\Windows\System\LKMsdGp.exe
  2⤵
  PID:5316
- C:\Windows\System\WwunFxB.exe
  C:\Windows\System\WwunFxB.exe
  2⤵
  PID:5340
- C:\Windows\System\GyRSqGJ.exe
  C:\Windows\System\GyRSqGJ.exe
  2⤵
  PID:5376
- C:\Windows\System\hOIwhkc.exe
  C:\Windows\System\hOIwhkc.exe
  2⤵
  PID:5400
- C:\Windows\System\cihrgjQ.exe
  C:\Windows\System\cihrgjQ.exe
  2⤵
  PID:5416
- C:\Windows\System\cEryujJ.exe
  C:\Windows\System\cEryujJ.exe
  2⤵
  PID:5432
- C:\Windows\System\VMhMdIc.exe
  C:\Windows\System\VMhMdIc.exe
  2⤵
  PID:5468
- C:\Windows\System\QKQVSzq.exe
  C:\Windows\System\QKQVSzq.exe
  2⤵
  PID:5488
- C:\Windows\System\XpOlkMG.exe
  C:\Windows\System\XpOlkMG.exe
  2⤵
  PID:5508
- C:\Windows\System\DfXEfOw.exe
  C:\Windows\System\DfXEfOw.exe
  2⤵
  PID:5536
- C:\Windows\System\eOQLySl.exe
  C:\Windows\System\eOQLySl.exe
  2⤵
  PID:5556
- C:\Windows\System\tZSppiC.exe
  C:\Windows\System\tZSppiC.exe
  2⤵
  PID:5572
- C:\Windows\System\wjwxUee.exe
  C:\Windows\System\wjwxUee.exe
  2⤵
  PID:5616
- C:\Windows\System\FcanrVK.exe
  C:\Windows\System\FcanrVK.exe
  2⤵
  PID:5632
- C:\Windows\System\ctJckpC.exe
  C:\Windows\System\ctJckpC.exe
  2⤵
  PID:5652
- C:\Windows\System\ptvmnsl.exe
  C:\Windows\System\ptvmnsl.exe
  2⤵
  PID:5672
- C:\Windows\System\HEnOAlm.exe
  C:\Windows\System\HEnOAlm.exe
  2⤵
  PID:5700
- C:\Windows\System\ZcwlIoh.exe
  C:\Windows\System\ZcwlIoh.exe
  2⤵
  PID:5716
- C:\Windows\System\vESSfnt.exe
  C:\Windows\System\vESSfnt.exe
  2⤵
  PID:5732
- C:\Windows\System\vyTClWz.exe
  C:\Windows\System\vyTClWz.exe
  2⤵
  PID:5748
- C:\Windows\System\ZJDetrM.exe
  C:\Windows\System\ZJDetrM.exe
  2⤵
  PID:5772
- C:\Windows\System\TZYEhDq.exe
  C:\Windows\System\TZYEhDq.exe
  2⤵
  PID:5788
- C:\Windows\System\aBNClaN.exe
  C:\Windows\System\aBNClaN.exe
  2⤵
  PID:5808
- C:\Windows\System\MdWBOwA.exe
  C:\Windows\System\MdWBOwA.exe
  2⤵
  PID:5824
- C:\Windows\System\ScwsmEk.exe
  C:\Windows\System\ScwsmEk.exe
  2⤵
  PID:5840
- C:\Windows\System\GJpOyLo.exe
  C:\Windows\System\GJpOyLo.exe
  2⤵
  PID:5856
- C:\Windows\System\QqiRAFu.exe
  C:\Windows\System\QqiRAFu.exe
  2⤵
  PID:5896
- C:\Windows\System\IVahaIX.exe
  C:\Windows\System\IVahaIX.exe
  2⤵
  PID:5916
- C:\Windows\System\QgZnxUy.exe
  C:\Windows\System\QgZnxUy.exe
  2⤵
  PID:5932
- C:\Windows\System\uxCAQpi.exe
  C:\Windows\System\uxCAQpi.exe
  2⤵
  PID:5948
- C:\Windows\System\IenqVSF.exe
  C:\Windows\System\IenqVSF.exe
  2⤵
  PID:5968
- C:\Windows\System\bszbBIu.exe
  C:\Windows\System\bszbBIu.exe
  2⤵
  PID:5988
- C:\Windows\System\sBblGFM.exe
  C:\Windows\System\sBblGFM.exe
  2⤵
  PID:6004
- C:\Windows\System\xsZnhzO.exe
  C:\Windows\System\xsZnhzO.exe
  2⤵
  PID:6020
- C:\Windows\System\sMgQWBR.exe
  C:\Windows\System\sMgQWBR.exe
  2⤵
  PID:6036
- C:\Windows\System\EsTlIgj.exe
  C:\Windows\System\EsTlIgj.exe
  2⤵
  PID:6052
- C:\Windows\System\hbEyCKJ.exe
  C:\Windows\System\hbEyCKJ.exe
  2⤵
  PID:6068
- C:\Windows\System\ShlPNpF.exe
  C:\Windows\System\ShlPNpF.exe
  2⤵
  PID:6092
- C:\Windows\System\ARrUrWl.exe
  C:\Windows\System\ARrUrWl.exe
  2⤵
  PID:6108
- C:\Windows\System\aPYCeZo.exe
  C:\Windows\System\aPYCeZo.exe
  2⤵
  PID:840
- C:\Windows\System\MygDGNi.exe
  C:\Windows\System\MygDGNi.exe
  2⤵
  PID:5192
- C:\Windows\System\ECnLcCt.exe
  C:\Windows\System\ECnLcCt.exe
  2⤵
  PID:5232
- C:\Windows\System\HwUGkdn.exe
  C:\Windows\System\HwUGkdn.exe
  2⤵
  PID:5268
- C:\Windows\System\rnfDgbV.exe
  C:\Windows\System\rnfDgbV.exe
  2⤵
  PID:4368
- C:\Windows\System\VPGsLlJ.exe
  C:\Windows\System\VPGsLlJ.exe
  2⤵
  PID:2816
- C:\Windows\System\vBSIjuO.exe
  C:\Windows\System\vBSIjuO.exe
  2⤵
  PID:4360
- C:\Windows\System\rZMIPnz.exe
  C:\Windows\System\rZMIPnz.exe
  2⤵
  PID:5136
- C:\Windows\System\UubSYTt.exe
  C:\Windows\System\UubSYTt.exe
  2⤵
  PID:5252
- C:\Windows\System\AGpPeGo.exe
  C:\Windows\System\AGpPeGo.exe
  2⤵
  PID:5256
- C:\Windows\System\crMkpZC.exe
  C:\Windows\System\crMkpZC.exe
  2⤵
  PID:5328
- C:\Windows\System\scbUiUa.exe
  C:\Windows\System\scbUiUa.exe
  2⤵
  PID:5140
- C:\Windows\System\IZhsyOu.exe
  C:\Windows\System\IZhsyOu.exe
  2⤵
  PID:5460
- C:\Windows\System\klNnqkj.exe
  C:\Windows\System\klNnqkj.exe
  2⤵
  PID:5504
- C:\Windows\System\hTJMIGu.exe
  C:\Windows\System\hTJMIGu.exe
  2⤵
  PID:5484
- C:\Windows\System\rFanVGE.exe
  C:\Windows\System\rFanVGE.exe
  2⤵
  PID:5548
- C:\Windows\System\ccUpkUK.exe
  C:\Windows\System\ccUpkUK.exe
  2⤵
  PID:5588
- C:\Windows\System\oZSjRce.exe
  C:\Windows\System\oZSjRce.exe
  2⤵
  PID:5564
- C:\Windows\System\HRCFHfY.exe
  C:\Windows\System\HRCFHfY.exe
  2⤵
  PID:3696
- C:\Windows\System\mcTgTTE.exe
  C:\Windows\System\mcTgTTE.exe
  2⤵
  PID:5660
- C:\Windows\System\RIknVGJ.exe
  C:\Windows\System\RIknVGJ.exe
  2⤵
  PID:5684
- C:\Windows\System\IiLPcVx.exe
  C:\Windows\System\IiLPcVx.exe
  2⤵
  PID:5708
- C:\Windows\System\ZTbLxHs.exe
  C:\Windows\System\ZTbLxHs.exe
  2⤵
  PID:5756
- C:\Windows\System\FISnfYA.exe
  C:\Windows\System\FISnfYA.exe
  2⤵
  PID:5796
- C:\Windows\System\kdxRtXF.exe
  C:\Windows\System\kdxRtXF.exe
  2⤵
  PID:5848
- C:\Windows\System\NtYEsfg.exe
  C:\Windows\System\NtYEsfg.exe
  2⤵
  PID:5884
- C:\Windows\System\vtXcBea.exe
  C:\Windows\System\vtXcBea.exe
  2⤵
  PID:5784
- C:\Windows\System\VQxHUJE.exe
  C:\Windows\System\VQxHUJE.exe
  2⤵
  PID:5904
- C:\Windows\System\wsVrrNA.exe
  C:\Windows\System\wsVrrNA.exe
  2⤵
  PID:5964
- C:\Windows\System\yNtcbkh.exe
  C:\Windows\System\yNtcbkh.exe
  2⤵
  PID:5976
- C:\Windows\System\qVwRnEe.exe
  C:\Windows\System\qVwRnEe.exe
  2⤵
  PID:6060
- C:\Windows\System\wOxpytz.exe
  C:\Windows\System\wOxpytz.exe
  2⤵
  PID:5980
- C:\Windows\System\EFcKbMj.exe
  C:\Windows\System\EFcKbMj.exe
  2⤵
  PID:6136
- C:\Windows\System\tCsmfjF.exe
  C:\Windows\System\tCsmfjF.exe
  2⤵
  PID:6016
- C:\Windows\System\MOYtQuf.exe
  C:\Windows\System\MOYtQuf.exe
  2⤵
  PID:6116
- C:\Windows\System\PHbXaLZ.exe
  C:\Windows\System\PHbXaLZ.exe
  2⤵
  PID:2544
- C:\Windows\System\QUXGXWM.exe
  C:\Windows\System\QUXGXWM.exe
  2⤵
  PID:5156
- C:\Windows\System\LWpcFXB.exe
  C:\Windows\System\LWpcFXB.exe
  2⤵
  PID:2068
- C:\Windows\System\OkbQLcG.exe
  C:\Windows\System\OkbQLcG.exe
  2⤵
  PID:4312
- C:\Windows\System\PUAzgrW.exe
  C:\Windows\System\PUAzgrW.exe
  2⤵
  PID:5336
- C:\Windows\System\thYWoyN.exe
  C:\Windows\System\thYWoyN.exe
  2⤵
  PID:5244
- C:\Windows\System\wOlsaEc.exe
  C:\Windows\System\wOlsaEc.exe
  2⤵
  PID:5324
- C:\Windows\System\kJCGgVk.exe
  C:\Windows\System\kJCGgVk.exe
  2⤵
  PID:5452
- C:\Windows\System\GaBaSBj.exe
  C:\Windows\System\GaBaSBj.exe
  2⤵
  PID:5392
- C:\Windows\System\vkULlEH.exe
  C:\Windows\System\vkULlEH.exe
  2⤵
  PID:5428
- C:\Windows\System\gjLxfSy.exe
  C:\Windows\System\gjLxfSy.exe
  2⤵
  PID:5552
- C:\Windows\System\CedyjLb.exe
  C:\Windows\System\CedyjLb.exe
  2⤵
  PID:5628
- C:\Windows\System\fzqYshx.exe
  C:\Windows\System\fzqYshx.exe
  2⤵
  PID:5760
- C:\Windows\System\CbfylOe.exe
  C:\Windows\System\CbfylOe.exe
  2⤵
  PID:5740
- C:\Windows\System\SEAZgYN.exe
  C:\Windows\System\SEAZgYN.exe
  2⤵
  PID:5832
- C:\Windows\System\ZAChRxY.exe
  C:\Windows\System\ZAChRxY.exe
  2⤵
  PID:5880
- C:\Windows\System\qoNcpWb.exe
  C:\Windows\System\qoNcpWb.exe
  2⤵
  PID:6028
- C:\Windows\System\dAIQPem.exe
  C:\Windows\System\dAIQPem.exe
  2⤵
  PID:5956
- C:\Windows\System\PutQbrq.exe
  C:\Windows\System\PutQbrq.exe
  2⤵
  PID:6000
- C:\Windows\System\jJOAlrZ.exe
  C:\Windows\System\jJOAlrZ.exe
  2⤵
  PID:6088
- C:\Windows\System\tfowdbj.exe
  C:\Windows\System\tfowdbj.exe
  2⤵
  PID:4272
- C:\Windows\System\GXXtFkE.exe
  C:\Windows\System\GXXtFkE.exe
  2⤵
  PID:4468
- C:\Windows\System\CdFCagm.exe
  C:\Windows\System\CdFCagm.exe
  2⤵
  PID:1796
- C:\Windows\System\FIzlGtF.exe
  C:\Windows\System\FIzlGtF.exe
  2⤵
  PID:2792
- C:\Windows\System\dEgIOHJ.exe
  C:\Windows\System\dEgIOHJ.exe
  2⤵
  PID:5412
- C:\Windows\System\yqBVapx.exe
  C:\Windows\System\yqBVapx.exe
  2⤵
  PID:5284
- C:\Windows\System\gbTxQle.exe
  C:\Windows\System\gbTxQle.exe
  2⤵
  PID:4188
- C:\Windows\System\gyfjvDp.exe
  C:\Windows\System\gyfjvDp.exe
  2⤵
  PID:5696
- C:\Windows\System\VZXCmml.exe
  C:\Windows\System\VZXCmml.exe
  2⤵
  PID:5940
- C:\Windows\System\UJwFdDO.exe
  C:\Windows\System\UJwFdDO.exe
  2⤵
  PID:6104
- C:\Windows\System\Zabvwab.exe
  C:\Windows\System\Zabvwab.exe
  2⤵
  PID:5608
- C:\Windows\System\vvjTDUg.exe
  C:\Windows\System\vvjTDUg.exe
  2⤵
  PID:6128
- C:\Windows\System\MadidjH.exe
  C:\Windows\System\MadidjH.exe
  2⤵
  PID:5124
- C:\Windows\System\yXjvkWH.exe
  C:\Windows\System\yXjvkWH.exe
  2⤵
  PID:5892
- C:\Windows\System\fKQfILL.exe
  C:\Windows\System\fKQfILL.exe
  2⤵
  PID:5604
- C:\Windows\System\asjpdNK.exe
  C:\Windows\System\asjpdNK.exe
  2⤵
  PID:5680
- C:\Windows\System\lolggFi.exe
  C:\Windows\System\lolggFi.exe
  2⤵
  PID:6076
- C:\Windows\System\UbfPqyo.exe
  C:\Windows\System\UbfPqyo.exe
  2⤵
  PID:5180
- C:\Windows\System\FBWSUqd.exe
  C:\Windows\System\FBWSUqd.exe
  2⤵
  PID:5448
- C:\Windows\System\iPAZoPL.exe
  C:\Windows\System\iPAZoPL.exe
  2⤵
  PID:5424
- C:\Windows\System\FNfADJG.exe
  C:\Windows\System\FNfADJG.exe
  2⤵
  PID:5312
- C:\Windows\System\rOjQZAQ.exe
  C:\Windows\System\rOjQZAQ.exe
  2⤵
  PID:5876
- C:\Windows\System\xNhghGR.exe
  C:\Windows\System\xNhghGR.exe
  2⤵
  PID:6132
- C:\Windows\System\YOwbfQn.exe
  C:\Windows\System\YOwbfQn.exe
  2⤵
  PID:5996
- C:\Windows\System\BpWgmYM.exe
  C:\Windows\System\BpWgmYM.exe
  2⤵
  PID:5444
- C:\Windows\System\wkJMFaR.exe
  C:\Windows\System\wkJMFaR.exe
  2⤵
  PID:5688
- C:\Windows\System\ikOXdjY.exe
  C:\Windows\System\ikOXdjY.exe
  2⤵
  PID:6048
- C:\Windows\System\byeqsAV.exe
  C:\Windows\System\byeqsAV.exe
  2⤵
  PID:5532
- C:\Windows\System\QvkEBFs.exe
  C:\Windows\System\QvkEBFs.exe
  2⤵
  PID:5664
- C:\Windows\System\yMZEjus.exe
  C:\Windows\System\yMZEjus.exe
  2⤵
  PID:5644
- C:\Windows\System\WfxcucD.exe
  C:\Windows\System\WfxcucD.exe
  2⤵
  PID:6160
- C:\Windows\System\wXnHYNR.exe
  C:\Windows\System\wXnHYNR.exe
  2⤵
  PID:6176
- C:\Windows\System\JMsdzWF.exe
  C:\Windows\System\JMsdzWF.exe
  2⤵
  PID:6200
- C:\Windows\System\LBLkdEn.exe
  C:\Windows\System\LBLkdEn.exe
  2⤵
  PID:6220
- C:\Windows\System\iSFKkjB.exe
  C:\Windows\System\iSFKkjB.exe
  2⤵
  PID:6252
- C:\Windows\System\WkCaGFs.exe
  C:\Windows\System\WkCaGFs.exe
  2⤵
  PID:6272
- C:\Windows\System\QoFDcXJ.exe
  C:\Windows\System\QoFDcXJ.exe
  2⤵
  PID:6296
- C:\Windows\System\AKZHROx.exe
  C:\Windows\System\AKZHROx.exe
  2⤵
  PID:6316
- C:\Windows\System\xSXdXmW.exe
  C:\Windows\System\xSXdXmW.exe
  2⤵
  PID:6332
- C:\Windows\System\gelRWnN.exe
  C:\Windows\System\gelRWnN.exe
  2⤵
  PID:6364
- C:\Windows\System\prUlHUK.exe
  C:\Windows\System\prUlHUK.exe
  2⤵
  PID:6380
- C:\Windows\System\gmkwNNO.exe
  C:\Windows\System\gmkwNNO.exe
  2⤵
  PID:6400
- C:\Windows\System\LtjBgYb.exe
  C:\Windows\System\LtjBgYb.exe
  2⤵
  PID:6416
- C:\Windows\System\PUTzdqH.exe
  C:\Windows\System\PUTzdqH.exe
  2⤵
  PID:6432
- C:\Windows\System\cRrgEjo.exe
  C:\Windows\System\cRrgEjo.exe
  2⤵
  PID:6448
- C:\Windows\System\dGCkNji.exe
  C:\Windows\System\dGCkNji.exe
  2⤵
  PID:6464
- C:\Windows\System\gRcIqRV.exe
  C:\Windows\System\gRcIqRV.exe
  2⤵
  PID:6488
- C:\Windows\System\iikIxzz.exe
  C:\Windows\System\iikIxzz.exe
  2⤵
  PID:6508
- C:\Windows\System\srGydyb.exe
  C:\Windows\System\srGydyb.exe
  2⤵
  PID:6524
- C:\Windows\System\ZTecCnA.exe
  C:\Windows\System\ZTecCnA.exe
  2⤵
  PID:6544
- C:\Windows\System\AWcUNKo.exe
  C:\Windows\System\AWcUNKo.exe
  2⤵
  PID:6588
- C:\Windows\System\Nhbjzro.exe
  C:\Windows\System\Nhbjzro.exe
  2⤵
  PID:6604
- C:\Windows\System\FOsgClU.exe
  C:\Windows\System\FOsgClU.exe
  2⤵
  PID:6624
- C:\Windows\System\spfEYLz.exe
  C:\Windows\System\spfEYLz.exe
  2⤵
  PID:6644
- C:\Windows\System\aFSIRaY.exe
  C:\Windows\System\aFSIRaY.exe
  2⤵
  PID:6664
- C:\Windows\System\RNKfDXH.exe
  C:\Windows\System\RNKfDXH.exe
  2⤵
  PID:6684
- C:\Windows\System\JMhTTeq.exe
  C:\Windows\System\JMhTTeq.exe
  2⤵
  PID:6700
- C:\Windows\System\ghRNBcz.exe
  C:\Windows\System\ghRNBcz.exe
  2⤵
  PID:6720
- C:\Windows\System\aFopUqE.exe
  C:\Windows\System\aFopUqE.exe
  2⤵
  PID:6736
- C:\Windows\System\aCyQcYB.exe
  C:\Windows\System\aCyQcYB.exe
  2⤵
  PID:6752
- C:\Windows\System\AoBlYqr.exe
  C:\Windows\System\AoBlYqr.exe
  2⤵
  PID:6768
- C:\Windows\System\KyoXzql.exe
  C:\Windows\System\KyoXzql.exe
  2⤵
  PID:6784
- C:\Windows\System\QfIQcaG.exe
  C:\Windows\System\QfIQcaG.exe
  2⤵
  PID:6828
- C:\Windows\System\oDGLHsb.exe
  C:\Windows\System\oDGLHsb.exe
  2⤵
  PID:6848
- C:\Windows\System\kjrjIqK.exe
  C:\Windows\System\kjrjIqK.exe
  2⤵
  PID:6868
- C:\Windows\System\cDuhyje.exe
  C:\Windows\System\cDuhyje.exe
  2⤵
  PID:6884
- C:\Windows\System\bCkBuqf.exe
  C:\Windows\System\bCkBuqf.exe
  2⤵
  PID:6900
- C:\Windows\System\iPsrCFZ.exe
  C:\Windows\System\iPsrCFZ.exe
  2⤵
  PID:6916
- C:\Windows\System\yKNnxkU.exe
  C:\Windows\System\yKNnxkU.exe
  2⤵
  PID:6940
- C:\Windows\System\SEPJkYw.exe
  C:\Windows\System\SEPJkYw.exe
  2⤵
  PID:6964
- C:\Windows\System\FKxcNls.exe
  C:\Windows\System\FKxcNls.exe
  2⤵
  PID:6980
- C:\Windows\System\CMbFnsr.exe
  C:\Windows\System\CMbFnsr.exe
  2⤵
  PID:6996
- C:\Windows\System\DoxpxLN.exe
  C:\Windows\System\DoxpxLN.exe
  2⤵
  PID:7020
- C:\Windows\System\JIVjaLm.exe
  C:\Windows\System\JIVjaLm.exe
  2⤵
  PID:7044
- C:\Windows\System\MbGtcAu.exe
  C:\Windows\System\MbGtcAu.exe
  2⤵
  PID:7068
- C:\Windows\System\HSxuOEI.exe
  C:\Windows\System\HSxuOEI.exe
  2⤵
  PID:7084
- C:\Windows\System\QZvJXNJ.exe
  C:\Windows\System\QZvJXNJ.exe
  2⤵
  PID:7100
- C:\Windows\System\gjxawtG.exe
  C:\Windows\System\gjxawtG.exe
  2⤵
  PID:7124
- C:\Windows\System\qIkWxSJ.exe
  C:\Windows\System\qIkWxSJ.exe
  2⤵
  PID:7140
- C:\Windows\System\wANUqAZ.exe
  C:\Windows\System\wANUqAZ.exe
  2⤵
  PID:7156
- C:\Windows\System\QekrENd.exe
  C:\Windows\System\QekrENd.exe
  2⤵
  PID:5228
- C:\Windows\System\vZXjpMW.exe
  C:\Windows\System\vZXjpMW.exe
  2⤵
  PID:6156
- C:\Windows\System\tqvWJyc.exe
  C:\Windows\System\tqvWJyc.exe
  2⤵
  PID:5600
- C:\Windows\System\OjWWHFp.exe
  C:\Windows\System\OjWWHFp.exe
  2⤵
  PID:6244
- C:\Windows\System\OMGBWJA.exe
  C:\Windows\System\OMGBWJA.exe
  2⤵
  PID:5624
- C:\Windows\System\CDIdIIL.exe
  C:\Windows\System\CDIdIIL.exe
  2⤵
  PID:6260
- C:\Windows\System\HLnRxkE.exe
  C:\Windows\System\HLnRxkE.exe
  2⤵
  PID:6288
- C:\Windows\System\SNzJIIm.exe
  C:\Windows\System\SNzJIIm.exe
  2⤵
  PID:6264
- C:\Windows\System\QUxxjDp.exe
  C:\Windows\System\QUxxjDp.exe
  2⤵
  PID:6356
- C:\Windows\System\ztXCFrP.exe
  C:\Windows\System\ztXCFrP.exe
  2⤵
  PID:6412
- C:\Windows\System\YrziHJd.exe
  C:\Windows\System\YrziHJd.exe
  2⤵
  PID:6568
- C:\Windows\System\kJmkZZG.exe
  C:\Windows\System\kJmkZZG.exe
  2⤵
  PID:6428
- C:\Windows\System\qvbrBvj.exe
  C:\Windows\System\qvbrBvj.exe
  2⤵
  PID:6576
- C:\Windows\System\FsIJBkM.exe
  C:\Windows\System\FsIJBkM.exe
  2⤵
  PID:6560
- C:\Windows\System\SwdoHwF.exe
  C:\Windows\System\SwdoHwF.exe
  2⤵
  PID:6596
- C:\Windows\System\HbQsdCz.exe
  C:\Windows\System\HbQsdCz.exe
  2⤵
  PID:6600
- C:\Windows\System\rvtACBO.exe
  C:\Windows\System\rvtACBO.exe
  2⤵
  PID:6632
- C:\Windows\System\hutlYkA.exe
  C:\Windows\System\hutlYkA.exe
  2⤵
  PID:6728
- C:\Windows\System\fHSvBvN.exe
  C:\Windows\System\fHSvBvN.exe
  2⤵
  PID:6792
- C:\Windows\System\OvEEKle.exe
  C:\Windows\System\OvEEKle.exe
  2⤵
  PID:6672
- C:\Windows\System\bkGFxrh.exe
  C:\Windows\System\bkGFxrh.exe
  2⤵
  PID:6780
- C:\Windows\System\ernnLpa.exe
  C:\Windows\System\ernnLpa.exe
  2⤵
  PID:6712
- C:\Windows\System\DWFWqNU.exe
  C:\Windows\System\DWFWqNU.exe
  2⤵
  PID:6856
- C:\Windows\System\aJCBuez.exe
  C:\Windows\System\aJCBuez.exe
  2⤵
  PID:6924
- C:\Windows\System\gXxOTrP.exe
  C:\Windows\System\gXxOTrP.exe
  2⤵
  PID:6844
- C:\Windows\System\krdZxFE.exe
  C:\Windows\System\krdZxFE.exe
  2⤵
  PID:6876
- C:\Windows\System\VsDHLhH.exe
  C:\Windows\System\VsDHLhH.exe
  2⤵
  PID:7012
- C:\Windows\System\gRZBiMs.exe
  C:\Windows\System\gRZBiMs.exe
  2⤵
  PID:7064
- C:\Windows\System\ZNDoHWV.exe
  C:\Windows\System\ZNDoHWV.exe
  2⤵
  PID:7132
- C:\Windows\System\DPQNbJZ.exe
  C:\Windows\System\DPQNbJZ.exe
  2⤵
  PID:6196
- C:\Windows\System\KCVTiUC.exe
  C:\Windows\System\KCVTiUC.exe
  2⤵
  PID:6284
- C:\Windows\System\HYWaAkk.exe
  C:\Windows\System\HYWaAkk.exe
  2⤵
  PID:6348
- C:\Windows\System\ihiChbh.exe
  C:\Windows\System\ihiChbh.exe
  2⤵
  PID:7108
- C:\Windows\System\cFYJqvZ.exe
  C:\Windows\System\cFYJqvZ.exe
  2⤵
  PID:7116
- C:\Windows\System\ErIGyne.exe
  C:\Windows\System\ErIGyne.exe
  2⤵
  PID:6324
- C:\Windows\System\UBanqek.exe
  C:\Windows\System\UBanqek.exe
  2⤵
  PID:6240
- C:\Windows\System\gDsRzxM.exe
  C:\Windows\System\gDsRzxM.exe
  2⤵
  PID:5648
- C:\Windows\System\qIddifA.exe
  C:\Windows\System\qIddifA.exe
  2⤵
  PID:6520
- C:\Windows\System\gNwLeAb.exe
  C:\Windows\System\gNwLeAb.exe
  2⤵
  PID:6460
- C:\Windows\System\EtfxhFJ.exe
  C:\Windows\System\EtfxhFJ.exe
  2⤵
  PID:6396
- C:\Windows\System\NEXJlkL.exe
  C:\Windows\System\NEXJlkL.exe
  2⤵
  PID:6584
- C:\Windows\System\htHWchy.exe
  C:\Windows\System\htHWchy.exe
  2⤵
  PID:6760
- C:\Windows\System\GSZLxXu.exe
  C:\Windows\System\GSZLxXu.exe
  2⤵
  PID:6816
- C:\Windows\System\IfdIagz.exe
  C:\Windows\System\IfdIagz.exe
  2⤵
  PID:6652
- C:\Windows\System\ZsRkRgd.exe
  C:\Windows\System\ZsRkRgd.exe
  2⤵
  PID:6696
- C:\Windows\System\WWCfWiR.exe
  C:\Windows\System\WWCfWiR.exe
  2⤵
  PID:6976
- C:\Windows\System\DTRcqfz.exe
  C:\Windows\System\DTRcqfz.exe
  2⤵
  PID:6708
- C:\Windows\System\oeHXvJH.exe
  C:\Windows\System\oeHXvJH.exe
  2⤵
  PID:7004
- C:\Windows\System\lJJBDFG.exe
  C:\Windows\System\lJJBDFG.exe
  2⤵
  PID:6956
- C:\Windows\System\GVHXyxx.exe
  C:\Windows\System\GVHXyxx.exe
  2⤵
  PID:7016
- C:\Windows\System\wpsjpLO.exe
  C:\Windows\System\wpsjpLO.exe
  2⤵
  PID:6208
- C:\Windows\System\hpbhBlO.exe
  C:\Windows\System\hpbhBlO.exe
  2⤵
  PID:6172
- C:\Windows\System\iVGwNVZ.exe
  C:\Windows\System\iVGwNVZ.exe
  2⤵
  PID:6376
- C:\Windows\System\HUStyfH.exe
  C:\Windows\System\HUStyfH.exe
  2⤵
  PID:7152
- C:\Windows\System\nsmPGvO.exe
  C:\Windows\System\nsmPGvO.exe
  2⤵
  PID:6536
- C:\Windows\System\YwOJsgw.exe
  C:\Windows\System\YwOJsgw.exe
  2⤵
  PID:6580
- C:\Windows\System\KexUDxR.exe
  C:\Windows\System\KexUDxR.exe
  2⤵
  PID:6880
- C:\Windows\System\fcOGtjh.exe
  C:\Windows\System\fcOGtjh.exe
  2⤵
  PID:6484
- C:\Windows\System\IRaetoc.exe
  C:\Windows\System\IRaetoc.exe
  2⤵
  PID:6824
- C:\Windows\System\EhTaQIR.exe
  C:\Windows\System\EhTaQIR.exe
  2⤵
  PID:7096
- C:\Windows\System\JFGOfxR.exe
  C:\Windows\System\JFGOfxR.exe
  2⤵
  PID:6932
- C:\Windows\System\TJPhjmh.exe
  C:\Windows\System\TJPhjmh.exe
  2⤵
  PID:7056
- C:\Windows\System\oNbeNFo.exe
  C:\Windows\System\oNbeNFo.exe
  2⤵
  PID:6796
- C:\Windows\System\OVTBcZP.exe
  C:\Windows\System\OVTBcZP.exe
  2⤵
  PID:6192
- C:\Windows\System\ZQdTsaR.exe
  C:\Windows\System\ZQdTsaR.exe
  2⤵
  PID:6232
- C:\Windows\System\SQrkNGW.exe
  C:\Windows\System\SQrkNGW.exe
  2⤵
  PID:7148
- C:\Windows\System\QbBxzdG.exe
  C:\Windows\System\QbBxzdG.exe
  2⤵
  PID:6620
- C:\Windows\System\AqvTSJE.exe
  C:\Windows\System\AqvTSJE.exe
  2⤵
  PID:1552
- C:\Windows\System\DfXwKtw.exe
  C:\Windows\System\DfXwKtw.exe
  2⤵
  PID:7076
- C:\Windows\System\IyDOiIP.exe
  C:\Windows\System\IyDOiIP.exe
  2⤵
  PID:6840
- C:\Windows\System\iZpmIUH.exe
  C:\Windows\System\iZpmIUH.exe
  2⤵
  PID:7008
- C:\Windows\System\hyHMmcI.exe
  C:\Windows\System\hyHMmcI.exe
  2⤵
  PID:6936
- C:\Windows\System\ZZuNrLr.exe
  C:\Windows\System\ZZuNrLr.exe
  2⤵
  PID:7176
- C:\Windows\System\qsxjWwA.exe
  C:\Windows\System\qsxjWwA.exe
  2⤵
  PID:7196
- C:\Windows\System\BbEzfOF.exe
  C:\Windows\System\BbEzfOF.exe
  2⤵
  PID:7240
- C:\Windows\System\LQoNhMc.exe
  C:\Windows\System\LQoNhMc.exe
  2⤵
  PID:7256
- C:\Windows\System\PglXmXo.exe
  C:\Windows\System\PglXmXo.exe
  2⤵
  PID:7272
- C:\Windows\System\dOqPvPU.exe
  C:\Windows\System\dOqPvPU.exe
  2⤵
  PID:7296
- C:\Windows\System\joMUoKk.exe
  C:\Windows\System\joMUoKk.exe
  2⤵
  PID:7316
- C:\Windows\System\xgJoIKh.exe
  C:\Windows\System\xgJoIKh.exe
  2⤵
  PID:7336
- C:\Windows\System\qikSVJh.exe
  C:\Windows\System\qikSVJh.exe
  2⤵
  PID:7352
- C:\Windows\System\LYUQEsr.exe
  C:\Windows\System\LYUQEsr.exe
  2⤵
  PID:7368
- C:\Windows\System\ISwRdub.exe
  C:\Windows\System\ISwRdub.exe
  2⤵
  PID:7388
- C:\Windows\System\YYoGZmd.exe
  C:\Windows\System\YYoGZmd.exe
  2⤵
  PID:7408
- C:\Windows\System\tWEEgfb.exe
  C:\Windows\System\tWEEgfb.exe
  2⤵
  PID:7424
- C:\Windows\System\GnErsFg.exe
  C:\Windows\System\GnErsFg.exe
  2⤵
  PID:7440
- C:\Windows\System\eqojNZC.exe
  C:\Windows\System\eqojNZC.exe
  2⤵
  PID:7460
- C:\Windows\System\PJQCoHo.exe
  C:\Windows\System\PJQCoHo.exe
  2⤵
  PID:7480
- C:\Windows\System\AvVfrkA.exe
  C:\Windows\System\AvVfrkA.exe
  2⤵
  PID:7536
- C:\Windows\System\aOPXKUU.exe
  C:\Windows\System\aOPXKUU.exe
  2⤵
  PID:7552
- C:\Windows\System\mJHODRL.exe
  C:\Windows\System\mJHODRL.exe
  2⤵
  PID:7568
- C:\Windows\System\PuuSWnF.exe
  C:\Windows\System\PuuSWnF.exe
  2⤵
  PID:7592
- C:\Windows\System\BBgeIgR.exe
  C:\Windows\System\BBgeIgR.exe
  2⤵
  PID:7612
- C:\Windows\System\PrZmlkR.exe
  C:\Windows\System\PrZmlkR.exe
  2⤵
  PID:7632
- C:\Windows\System\efeCihn.exe
  C:\Windows\System\efeCihn.exe
  2⤵
  PID:7652
- C:\Windows\System\rcwflRv.exe
  C:\Windows\System\rcwflRv.exe
  2⤵
  PID:7672
- C:\Windows\System\ePxJpwT.exe
  C:\Windows\System\ePxJpwT.exe
  2⤵
  PID:7688
- C:\Windows\System\CIvsPuV.exe
  C:\Windows\System\CIvsPuV.exe
  2⤵
  PID:7704
- C:\Windows\System\DRIdtQY.exe
  C:\Windows\System\DRIdtQY.exe
  2⤵
  PID:7724
- C:\Windows\System\wjgcseF.exe
  C:\Windows\System\wjgcseF.exe
  2⤵
  PID:7748
- C:\Windows\System\eNxDqUG.exe
  C:\Windows\System\eNxDqUG.exe
  2⤵
  PID:7772
- C:\Windows\System\evCaAIO.exe
  C:\Windows\System\evCaAIO.exe
  2⤵
  PID:7792
- C:\Windows\System\FYRjeyz.exe
  C:\Windows\System\FYRjeyz.exe
  2⤵
  PID:7812
- C:\Windows\System\KCWeIaC.exe
  C:\Windows\System\KCWeIaC.exe
  2⤵
  PID:7828
- C:\Windows\System\nXTITSZ.exe
  C:\Windows\System\nXTITSZ.exe
  2⤵
  PID:7856
- C:\Windows\System\eSetgsY.exe
  C:\Windows\System\eSetgsY.exe
  2⤵
  PID:7872
- C:\Windows\System\dJLDfEn.exe
  C:\Windows\System\dJLDfEn.exe
  2⤵
  PID:7888
- C:\Windows\System\ffWgVRZ.exe
  C:\Windows\System\ffWgVRZ.exe
  2⤵
  PID:7908
- C:\Windows\System\aqqSzml.exe
  C:\Windows\System\aqqSzml.exe
  2⤵
  PID:7936
- C:\Windows\System\vDQaeIG.exe
  C:\Windows\System\vDQaeIG.exe
  2⤵
  PID:7952
- C:\Windows\System\TXBdnAw.exe
  C:\Windows\System\TXBdnAw.exe
  2⤵
  PID:7972
- C:\Windows\System\omxOMcN.exe
  C:\Windows\System\omxOMcN.exe
  2⤵
  PID:7988
- C:\Windows\System\nzSMSay.exe
  C:\Windows\System\nzSMSay.exe
  2⤵
  PID:8004
- C:\Windows\System\rsILyuc.exe
  C:\Windows\System\rsILyuc.exe
  2⤵
  PID:8020
- C:\Windows\System\oQgONPg.exe
  C:\Windows\System\oQgONPg.exe
  2⤵
  PID:8036
- C:\Windows\System\mWZrhKX.exe
  C:\Windows\System\mWZrhKX.exe
  2⤵
  PID:8052
- C:\Windows\System\CKEbioc.exe
  C:\Windows\System\CKEbioc.exe
  2⤵
  PID:8068
- C:\Windows\System\VAlFTzv.exe
  C:\Windows\System\VAlFTzv.exe
  2⤵
  PID:8084
- C:\Windows\System\fVdOPml.exe
  C:\Windows\System\fVdOPml.exe
  2⤵
  PID:8100
- C:\Windows\System\BsHrDHk.exe
  C:\Windows\System\BsHrDHk.exe
  2⤵
  PID:8116
- C:\Windows\System\vrULZgq.exe
  C:\Windows\System\vrULZgq.exe
  2⤵
  PID:8132
- C:\Windows\System\jtUINpP.exe
  C:\Windows\System\jtUINpP.exe
  2⤵
  PID:8148
- C:\Windows\System\ngvQwPM.exe
  C:\Windows\System\ngvQwPM.exe
  2⤵
  PID:6556
- C:\Windows\System\XjGOuJH.exe
  C:\Windows\System\XjGOuJH.exe
  2⤵
  PID:6992
- C:\Windows\System\MeFdtlZ.exe
  C:\Windows\System\MeFdtlZ.exe
  2⤵
  PID:7120
- C:\Windows\System\bLzYDQF.exe
  C:\Windows\System\bLzYDQF.exe
  2⤵
  PID:6660
- C:\Windows\System\ydNxNiT.exe
  C:\Windows\System\ydNxNiT.exe
  2⤵
  PID:7204
- C:\Windows\System\YceEMBU.exe
  C:\Windows\System\YceEMBU.exe
  2⤵
  PID:7228
- C:\Windows\System\ERCOnge.exe
  C:\Windows\System\ERCOnge.exe
  2⤵
  PID:7268
- C:\Windows\System\tMcwoLG.exe
  C:\Windows\System\tMcwoLG.exe
  2⤵
  PID:7304
- C:\Windows\System\siUuWTb.exe
  C:\Windows\System\siUuWTb.exe
  2⤵
  PID:7348
- C:\Windows\System\jsHEwmb.exe
  C:\Windows\System\jsHEwmb.exe
  2⤵
  PID:7380
- C:\Windows\System\vEkugHU.exe
  C:\Windows\System\vEkugHU.exe
  2⤵
  PID:7504
- C:\Windows\System\jIpEceP.exe
  C:\Windows\System\jIpEceP.exe
  2⤵
  PID:7508
- C:\Windows\System\nagMWVr.exe
  C:\Windows\System\nagMWVr.exe
  2⤵
  PID:7360
- C:\Windows\System\vjrSbDd.exe
  C:\Windows\System\vjrSbDd.exe
  2⤵
  PID:7432
- C:\Windows\System\MumaKNl.exe
  C:\Windows\System\MumaKNl.exe
  2⤵
  PID:7476
- C:\Windows\System\dXAlZzv.exe
  C:\Windows\System\dXAlZzv.exe
  2⤵
  PID:7564
- C:\Windows\System\ypWGdqX.exe
  C:\Windows\System\ypWGdqX.exe
  2⤵
  PID:7580
- C:\Windows\System\MpYTJbD.exe
  C:\Windows\System\MpYTJbD.exe
  2⤵
  PID:7588
- C:\Windows\System\IuxltKg.exe
  C:\Windows\System\IuxltKg.exe
  2⤵
  PID:7660
- C:\Windows\System\DIPAgLJ.exe
  C:\Windows\System\DIPAgLJ.exe
  2⤵
  PID:7700
- C:\Windows\System\DHBBNUw.exe
  C:\Windows\System\DHBBNUw.exe
  2⤵
  PID:7716
- C:\Windows\System\ybneQJB.exe
  C:\Windows\System\ybneQJB.exe
  2⤵
  PID:7744
- C:\Windows\System\jvGRXrj.exe
  C:\Windows\System\jvGRXrj.exe
  2⤵
  PID:7768
- C:\Windows\System\wgvddWJ.exe
  C:\Windows\System\wgvddWJ.exe
  2⤵
  PID:7800
- C:\Windows\System\IGfyeLx.exe
  C:\Windows\System\IGfyeLx.exe
  2⤵
  PID:7820
- C:\Windows\System\UlAEYwE.exe
  C:\Windows\System\UlAEYwE.exe
  2⤵
  PID:7864
- C:\Windows\System\rBmCIbg.exe
  C:\Windows\System\rBmCIbg.exe
  2⤵
  PID:7896
- C:\Windows\System\IfEDRyG.exe
  C:\Windows\System\IfEDRyG.exe
  2⤵
  PID:7920
- C:\Windows\System\mdvgoix.exe
  C:\Windows\System\mdvgoix.exe
  2⤵
  PID:7932
- C:\Windows\System\YpXVAAX.exe
  C:\Windows\System\YpXVAAX.exe
  2⤵
  PID:7980
- C:\Windows\System\ierQnFt.exe
  C:\Windows\System\ierQnFt.exe
  2⤵
  PID:8060
- C:\Windows\System\dxhwdqb.exe
  C:\Windows\System\dxhwdqb.exe
  2⤵
  PID:8096
- C:\Windows\System\rvoYJPA.exe
  C:\Windows\System\rvoYJPA.exe
  2⤵
  PID:8140
- C:\Windows\System\nNhIOTz.exe
  C:\Windows\System\nNhIOTz.exe
  2⤵
  PID:6692
- C:\Windows\System\gnNCChI.exe
  C:\Windows\System\gnNCChI.exe
  2⤵
  PID:6304
- C:\Windows\System\cyUkqxJ.exe
  C:\Windows\System\cyUkqxJ.exe
  2⤵
  PID:7236
- C:\Windows\System\MPhmial.exe
  C:\Windows\System\MPhmial.exe
  2⤵
  PID:7344
- C:\Windows\System\uZTZstN.exe
  C:\Windows\System\uZTZstN.exe
  2⤵
  PID:7328
- C:\Windows\System\jTTporq.exe
  C:\Windows\System\jTTporq.exe
  2⤵
  PID:7280
- C:\Windows\System\hVbFWQk.exe
  C:\Windows\System\hVbFWQk.exe
  2⤵
  PID:7520
- C:\Windows\System\atRMRHM.exe
  C:\Windows\System\atRMRHM.exe
  2⤵
  PID:7492
- C:\Windows\System\udpWmEe.exe
  C:\Windows\System\udpWmEe.exe
  2⤵
  PID:7648
- C:\Windows\System\cMuInqu.exe
  C:\Windows\System\cMuInqu.exe
  2⤵
  PID:7804
- C:\Windows\System\MdeXCyh.exe
  C:\Windows\System\MdeXCyh.exe
  2⤵
  PID:7560
- C:\Windows\System\PLIWXtX.exe
  C:\Windows\System\PLIWXtX.exe
  2⤵
  PID:7732
- C:\Windows\System\QAoZVvm.exe
  C:\Windows\System\QAoZVvm.exe
  2⤵
  PID:7780
- C:\Windows\System\GiLPtiE.exe
  C:\Windows\System\GiLPtiE.exe
  2⤵
  PID:7844
- C:\Windows\System\HgBeNDN.exe
  C:\Windows\System\HgBeNDN.exe
  2⤵
  PID:7884
- C:\Windows\System\kOBlXYD.exe
  C:\Windows\System\kOBlXYD.exe
  2⤵
  PID:7968
- C:\Windows\System\FCSUCzQ.exe
  C:\Windows\System\FCSUCzQ.exe
  2⤵
  PID:8000
- C:\Windows\System\ntoRbLc.exe
  C:\Windows\System\ntoRbLc.exe
  2⤵
  PID:8172
- C:\Windows\System\Suoppub.exe
  C:\Windows\System\Suoppub.exe
  2⤵
  PID:8048
- C:\Windows\System\hJolTrm.exe
  C:\Windows\System\hJolTrm.exe
  2⤵
  PID:7188
- C:\Windows\System\fDjLTPD.exe
  C:\Windows\System\fDjLTPD.exe
  2⤵
  PID:7312
- C:\Windows\System\bBhrQoX.exe
  C:\Windows\System\bBhrQoX.exe
  2⤵
  PID:7292
- C:\Windows\System\BAWilyp.exe
  C:\Windows\System\BAWilyp.exe
  2⤵
  PID:7452
- C:\Windows\System\UcNQHCx.exe
  C:\Windows\System\UcNQHCx.exe
  2⤵
  PID:7576
- C:\Windows\System\tOphEBI.exe
  C:\Windows\System\tOphEBI.exe
  2⤵
  PID:7756
- C:\Windows\System\SLqUyLv.exe
  C:\Windows\System\SLqUyLv.exe
  2⤵
  PID:7516
- C:\Windows\System\xXeSPdQ.exe
  C:\Windows\System\xXeSPdQ.exe
  2⤵
  PID:7624
- C:\Windows\System\sxmijZI.exe
  C:\Windows\System\sxmijZI.exe
  2⤵
  PID:7848
- C:\Windows\System\JZMsLef.exe
  C:\Windows\System\JZMsLef.exe
  2⤵
  PID:7928
- C:\Windows\System\ifSmGIY.exe
  C:\Windows\System\ifSmGIY.exe
  2⤵
  PID:7528
- C:\Windows\System\IDiwjLj.exe
  C:\Windows\System\IDiwjLj.exe
  2⤵
  PID:7996
- C:\Windows\System\SRMhRGX.exe
  C:\Windows\System\SRMhRGX.exe
  2⤵
  PID:8184
- C:\Windows\System\IMhuwMR.exe
  C:\Windows\System\IMhuwMR.exe
  2⤵
  PID:8044
- C:\Windows\System\gkRyUEj.exe
  C:\Windows\System\gkRyUEj.exe
  2⤵
  PID:7248
- C:\Windows\System\xQmsNDh.exe
  C:\Windows\System\xQmsNDh.exe
  2⤵
  PID:7808
- C:\Windows\System\zoVdRwU.exe
  C:\Windows\System\zoVdRwU.exe
  2⤵
  PID:7696
- C:\Windows\System\ZHpZptT.exe
  C:\Windows\System\ZHpZptT.exe
  2⤵
  PID:8012
- C:\Windows\System\kBNqSXj.exe
  C:\Windows\System\kBNqSXj.exe
  2⤵
  PID:6340
- C:\Windows\System\jlSaHTo.exe
  C:\Windows\System\jlSaHTo.exe
  2⤵
  PID:6812
- C:\Windows\System\XCnVfka.exe
  C:\Windows\System\XCnVfka.exe
  2⤵
  PID:8168
- C:\Windows\System\sxNNikL.exe
  C:\Windows\System\sxNNikL.exe
  2⤵
  PID:8196
- C:\Windows\System\GhFJoIC.exe
  C:\Windows\System\GhFJoIC.exe
  2⤵
  PID:8216
- C:\Windows\System\nWCNKpY.exe
  C:\Windows\System\nWCNKpY.exe
  2⤵
  PID:8232
- C:\Windows\System\auzNEfL.exe
  C:\Windows\System\auzNEfL.exe
  2⤵
  PID:8260
- C:\Windows\System\MuFGYdQ.exe
  C:\Windows\System\MuFGYdQ.exe
  2⤵
  PID:8288
- C:\Windows\System\gmdDuPs.exe
  C:\Windows\System\gmdDuPs.exe
  2⤵
  PID:8304
- C:\Windows\System\HowdBap.exe
  C:\Windows\System\HowdBap.exe
  2⤵
  PID:8320
- C:\Windows\System\ykALchb.exe
  C:\Windows\System\ykALchb.exe
  2⤵
  PID:8344
- C:\Windows\System\uGnxRca.exe
  C:\Windows\System\uGnxRca.exe
  2⤵
  PID:8380
- C:\Windows\System\EalWudL.exe
  C:\Windows\System\EalWudL.exe
  2⤵
  PID:8396
- C:\Windows\System\XsCSstb.exe
  C:\Windows\System\XsCSstb.exe
  2⤵
  PID:8420
- C:\Windows\System\vpNSdfw.exe
  C:\Windows\System\vpNSdfw.exe
  2⤵
  PID:8444
- C:\Windows\System\rCpydTr.exe
  C:\Windows\System\rCpydTr.exe
  2⤵
  PID:8476
- C:\Windows\System\ysbEddG.exe
  C:\Windows\System\ysbEddG.exe
  2⤵
  PID:8492
- C:\Windows\System\lsfRRgd.exe
  C:\Windows\System\lsfRRgd.exe
  2⤵
  PID:8512
- C:\Windows\System\MHecwYU.exe
  C:\Windows\System\MHecwYU.exe
  2⤵
  PID:8528
- C:\Windows\System\hRBSrvg.exe
  C:\Windows\System\hRBSrvg.exe
  2⤵
  PID:8560
- C:\Windows\System\sRVTahw.exe
  C:\Windows\System\sRVTahw.exe
  2⤵
  PID:8580
- C:\Windows\System\jxfcdgR.exe
  C:\Windows\System\jxfcdgR.exe
  2⤵
  PID:8596
- C:\Windows\System\UvQWSgJ.exe
  C:\Windows\System\UvQWSgJ.exe
  2⤵
  PID:8616
- C:\Windows\System\gEWSZYg.exe
  C:\Windows\System\gEWSZYg.exe
  2⤵
  PID:8640
- C:\Windows\System\SvZVeEP.exe
  C:\Windows\System\SvZVeEP.exe
  2⤵
  PID:8668
- C:\Windows\System\nqgruwY.exe
  C:\Windows\System\nqgruwY.exe
  2⤵
  PID:8688
- C:\Windows\System\jyOrxKJ.exe
  C:\Windows\System\jyOrxKJ.exe
  2⤵
  PID:8704
- C:\Windows\System\kwXihMZ.exe
  C:\Windows\System\kwXihMZ.exe
  2⤵
  PID:8724
- C:\Windows\System\HWQMKRl.exe
  C:\Windows\System\HWQMKRl.exe
  2⤵
  PID:8740
- C:\Windows\System\jdGpGeS.exe
  C:\Windows\System\jdGpGeS.exe
  2⤵
  PID:8760
- C:\Windows\System\nCeKJFX.exe
  C:\Windows\System\nCeKJFX.exe
  2⤵
  PID:8792
- C:\Windows\System\drPNgoJ.exe
  C:\Windows\System\drPNgoJ.exe
  2⤵
  PID:8808
- C:\Windows\System\mmrlXCR.exe
  C:\Windows\System\mmrlXCR.exe
  2⤵
  PID:8824
- C:\Windows\System\znvLXet.exe
  C:\Windows\System\znvLXet.exe
  2⤵
  PID:8844
- C:\Windows\System\tBOMXmu.exe
  C:\Windows\System\tBOMXmu.exe
  2⤵
  PID:8872
- C:\Windows\System\KdFTAyl.exe
  C:\Windows\System\KdFTAyl.exe
  2⤵
  PID:8888
- C:\Windows\System\JEkeSfy.exe
  C:\Windows\System\JEkeSfy.exe
  2⤵
  PID:8908
- C:\Windows\System\MqYZHCA.exe
  C:\Windows\System\MqYZHCA.exe
  2⤵
  PID:8932
- C:\Windows\System\GMZxTaY.exe
  C:\Windows\System\GMZxTaY.exe
  2⤵
  PID:8948
- C:\Windows\System\hEUCoXF.exe
  C:\Windows\System\hEUCoXF.exe
  2⤵
  PID:8964
- C:\Windows\System\bzAiObf.exe
  C:\Windows\System\bzAiObf.exe
  2⤵
  PID:8984
- C:\Windows\System\XXlCMZo.exe
  C:\Windows\System\XXlCMZo.exe
  2⤵
  PID:9008
- C:\Windows\System\mjcNRud.exe
  C:\Windows\System\mjcNRud.exe
  2⤵
  PID:9028
- C:\Windows\System\wccYMiw.exe
  C:\Windows\System\wccYMiw.exe
  2⤵
  PID:9052
- C:\Windows\System\DBeDYgq.exe
  C:\Windows\System\DBeDYgq.exe
  2⤵
  PID:9076
- C:\Windows\System\GAetHqp.exe
  C:\Windows\System\GAetHqp.exe
  2⤵
  PID:9092
- C:\Windows\System\VPJqHfp.exe
  C:\Windows\System\VPJqHfp.exe
  2⤵
  PID:9108
- C:\Windows\System\GdCyztv.exe
  C:\Windows\System\GdCyztv.exe
  2⤵
  PID:9124
- C:\Windows\System\EhTlqjN.exe
  C:\Windows\System\EhTlqjN.exe
  2⤵
  PID:9148
- C:\Windows\System\BdwOpBt.exe
  C:\Windows\System\BdwOpBt.exe
  2⤵
  PID:9168
- C:\Windows\System\sqjzilE.exe
  C:\Windows\System\sqjzilE.exe
  2⤵
  PID:9188
- C:\Windows\System\hWsfqpb.exe
  C:\Windows\System\hWsfqpb.exe
  2⤵
  PID:8204
- C:\Windows\System\dxxDDpc.exe
  C:\Windows\System\dxxDDpc.exe
  2⤵
  PID:8244
- C:\Windows\System\TlGWLUZ.exe
  C:\Windows\System\TlGWLUZ.exe
  2⤵
  PID:8164
- C:\Windows\System\TtrxjOA.exe
  C:\Windows\System\TtrxjOA.exe
  2⤵
  PID:8156
- C:\Windows\System\uEmapbI.exe
  C:\Windows\System\uEmapbI.exe
  2⤵
  PID:7668
- C:\Windows\System\GjbBXaK.exe
  C:\Windows\System\GjbBXaK.exe
  2⤵
  PID:8328
- C:\Windows\System\YPiumwy.exe
  C:\Windows\System\YPiumwy.exe
  2⤵
  PID:7840
- C:\Windows\System\suOffnx.exe
  C:\Windows\System\suOffnx.exe
  2⤵
  PID:7964
- C:\Windows\System\rEealLr.exe
  C:\Windows\System\rEealLr.exe
  2⤵
  PID:6860
- C:\Windows\System\Prpxhab.exe
  C:\Windows\System\Prpxhab.exe
  2⤵
  PID:8272
- C:\Windows\System\xIjcUvK.exe
  C:\Windows\System\xIjcUvK.exe
  2⤵
  PID:8316
- C:\Windows\System\BfAhYsA.exe
  C:\Windows\System\BfAhYsA.exe
  2⤵
  PID:8388
- C:\Windows\System\SEhBgzU.exe
  C:\Windows\System\SEhBgzU.exe
  2⤵
  PID:8412
- C:\Windows\System\qYieFXQ.exe
  C:\Windows\System\qYieFXQ.exe
  2⤵
  PID:8452
- C:\Windows\System\wXtmRGc.exe
  C:\Windows\System\wXtmRGc.exe
  2⤵
  PID:8468
- C:\Windows\System\JmePiUs.exe
  C:\Windows\System\JmePiUs.exe
  2⤵
  PID:8536
- C:\Windows\System\GhdjQrk.exe
  C:\Windows\System\GhdjQrk.exe
  2⤵
  PID:8544
- C:\Windows\System\xkIHRBy.exe
  C:\Windows\System\xkIHRBy.exe
  2⤵
  PID:8556
- C:\Windows\System\ireSPhN.exe
  C:\Windows\System\ireSPhN.exe
  2⤵
  PID:8608
- C:\Windows\System\rtgzqqJ.exe
  C:\Windows\System\rtgzqqJ.exe
  2⤵
  PID:8628
- C:\Windows\System\SGqAwbd.exe
  C:\Windows\System\SGqAwbd.exe
  2⤵
  PID:8656
- C:\Windows\System\VZOcpLc.exe
  C:\Windows\System\VZOcpLc.exe
  2⤵
  PID:8680
- C:\Windows\System\NesYPHG.exe
  C:\Windows\System\NesYPHG.exe
  2⤵
  PID:8752
- C:\Windows\System\LPjukrP.exe
  C:\Windows\System\LPjukrP.exe
  2⤵
  PID:8748
- C:\Windows\System\OWBrsOe.exe
  C:\Windows\System\OWBrsOe.exe
  2⤵
  PID:8576
- C:\Windows\System\ErVtUbM.exe
  C:\Windows\System\ErVtUbM.exe
  2⤵
  PID:8880
- C:\Windows\System\wgojFbV.exe
  C:\Windows\System\wgojFbV.exe
  2⤵
  PID:8900
- C:\Windows\System\WrbntcR.exe
  C:\Windows\System\WrbntcR.exe
  2⤵
  PID:8928
- C:\Windows\System\ojoAxFR.exe
  C:\Windows\System\ojoAxFR.exe
  2⤵
  PID:8960
- C:\Windows\System\GoervJO.exe
  C:\Windows\System\GoervJO.exe
  2⤵
  PID:8996
- C:\Windows\System\GaYOaFw.exe
  C:\Windows\System\GaYOaFw.exe
  2⤵
  PID:9044
- C:\Windows\System\TZqZgkj.exe
  C:\Windows\System\TZqZgkj.exe
  2⤵
  PID:9064
- C:\Windows\System\UISEpjN.exe
  C:\Windows\System\UISEpjN.exe
  2⤵
  PID:9084
- C:\Windows\System\CWQBuGG.exe
  C:\Windows\System\CWQBuGG.exe
  2⤵
  PID:9140
- C:\Windows\System\vCEcRYx.exe
  C:\Windows\System\vCEcRYx.exe
  2⤵
  PID:9116
- C:\Windows\System\ojvYHLF.exe
  C:\Windows\System\ojvYHLF.exe
  2⤵
  PID:9196
- C:\Windows\System\lfqeEfx.exe
  C:\Windows\System\lfqeEfx.exe
  2⤵
  PID:8240
- C:\Windows\System\bsQiZou.exe
  C:\Windows\System\bsQiZou.exe
  2⤵
  PID:8980
- C:\Windows\System\NkTAkQN.exe
  C:\Windows\System\NkTAkQN.exe
  2⤵
  PID:7456
- C:\Windows\System\wKAJSrQ.exe
  C:\Windows\System\wKAJSrQ.exe
  2⤵
  PID:8268
- C:\Windows\System\MpPssSo.exe
  C:\Windows\System\MpPssSo.exe
  2⤵
  PID:8432
- C:\Windows\System\ypOBIhF.exe
  C:\Windows\System\ypOBIhF.exe
  2⤵
  PID:8368
- C:\Windows\System\kfbbaxj.exe
  C:\Windows\System\kfbbaxj.exe
  2⤵
  PID:8676
- C:\Windows\System\AoueEZr.exe
  C:\Windows\System\AoueEZr.exe
  2⤵
  PID:8732
- C:\Windows\System\wCDcOWM.exe
  C:\Windows\System\wCDcOWM.exe
  2⤵
  PID:8312
- C:\Windows\System\flSBBvp.exe
  C:\Windows\System\flSBBvp.exe
  2⤵
  PID:8540
- C:\Windows\System\cqktxeB.exe
  C:\Windows\System\cqktxeB.exe
  2⤵
  PID:8652
- C:\Windows\System\biISXAH.exe
  C:\Windows\System\biISXAH.exe
  2⤵
  PID:8768
- C:\Windows\System\PRbYlCj.exe
  C:\Windows\System\PRbYlCj.exe
  2⤵
  PID:8756
- C:\Windows\System\iBPjOLE.exe
  C:\Windows\System\iBPjOLE.exe
  2⤵
  PID:8840
- C:\Windows\System\RPEWkaE.exe
  C:\Windows\System\RPEWkaE.exe
  2⤵
  PID:8896
- C:\Windows\System\UNaxOER.exe
  C:\Windows\System\UNaxOER.exe
  2⤵
  PID:8904
- C:\Windows\System\CAspwta.exe
  C:\Windows\System\CAspwta.exe
  2⤵
  PID:8992
- C:\Windows\System\CotGuKf.exe
  C:\Windows\System\CotGuKf.exe
  2⤵
  PID:9040
- C:\Windows\System\uPerlXS.exe
  C:\Windows\System\uPerlXS.exe
  2⤵
  PID:9132
- C:\Windows\System\clrbtEJ.exe
  C:\Windows\System\clrbtEJ.exe
  2⤵
  PID:9208
- C:\Windows\System\NymUVzA.exe
  C:\Windows\System\NymUVzA.exe
  2⤵
  PID:9200
- C:\Windows\System\naJDTjT.exe
  C:\Windows\System\naJDTjT.exe
  2⤵
  PID:6236
- C:\Windows\System\wFkpNHE.exe
  C:\Windows\System\wFkpNHE.exe
  2⤵
  PID:7712
- C:\Windows\System\mMhbvIU.exe
  C:\Windows\System\mMhbvIU.exe
  2⤵
  PID:8520
- C:\Windows\System\hZhfOOB.exe
  C:\Windows\System\hZhfOOB.exe
  2⤵
  PID:8632
- C:\Windows\System\fwQYDTH.exe
  C:\Windows\System\fwQYDTH.exe
  2⤵
  PID:8284
- C:\Windows\System\uLbVvXf.exe
  C:\Windows\System\uLbVvXf.exe
  2⤵
  PID:8504
- C:\Windows\System\XxhlLSm.exe
  C:\Windows\System\XxhlLSm.exe
  2⤵
  PID:8816
- C:\Windows\System\eQaqAie.exe
  C:\Windows\System\eQaqAie.exe
  2⤵
  PID:8636
- C:\Windows\System\sZpERuL.exe
  C:\Windows\System\sZpERuL.exe
  2⤵
  PID:8856
- C:\Windows\System\POMHLYb.exe
  C:\Windows\System\POMHLYb.exe
  2⤵
  PID:8956
- C:\Windows\System\UPOVDQd.exe
  C:\Windows\System\UPOVDQd.exe
  2⤵
  PID:9036
- C:\Windows\System\JMcPdkH.exe
  C:\Windows\System\JMcPdkH.exe
  2⤵
  PID:9136
- C:\Windows\System\cZmMIkO.exe
  C:\Windows\System\cZmMIkO.exe
  2⤵
  PID:9156
- C:\Windows\System\zLFisIA.exe
  C:\Windows\System\zLFisIA.exe
  2⤵
  PID:8300
- C:\Windows\System\mBxUbcB.exe
  C:\Windows\System\mBxUbcB.exe
  2⤵
  PID:8484
- C:\Windows\System\HrOyqEL.exe
  C:\Windows\System\HrOyqEL.exe
  2⤵
  PID:8716
- C:\Windows\System\iIeijTu.exe
  C:\Windows\System\iIeijTu.exe
  2⤵
  PID:8464
- C:\Windows\System\TLLHKUw.exe
  C:\Windows\System\TLLHKUw.exe
  2⤵
  PID:8860
- C:\Windows\System\YZGNCwS.exe
  C:\Windows\System\YZGNCwS.exe
  2⤵
  PID:9184
- C:\Windows\System\TNifdJU.exe
  C:\Windows\System\TNifdJU.exe
  2⤵
  PID:9068
- C:\Windows\System\FmSyzRT.exe
  C:\Windows\System\FmSyzRT.exe
  2⤵
  PID:8360
- C:\Windows\System\WjMMAwP.exe
  C:\Windows\System\WjMMAwP.exe
  2⤵
  PID:8460
- C:\Windows\System\nVDWaUg.exe
  C:\Windows\System\nVDWaUg.exe
  2⤵
  PID:8972
- C:\Windows\System\ixJUVDZ.exe
  C:\Windows\System\ixJUVDZ.exe
  2⤵
  PID:9024
- C:\Windows\System\YEyXYdi.exe
  C:\Windows\System\YEyXYdi.exe
  2⤵
  PID:8488
- C:\Windows\System\JmUAoOf.exe
  C:\Windows\System\JmUAoOf.exe
  2⤵
  PID:8508
- C:\Windows\System\hrDgfSe.exe
  C:\Windows\System\hrDgfSe.exe
  2⤵
  PID:9016
- C:\Windows\System\uHpYFPS.exe
  C:\Windows\System\uHpYFPS.exe
  2⤵
  PID:8296
- C:\Windows\System\hAdCnAw.exe
  C:\Windows\System\hAdCnAw.exe
  2⤵
  PID:9176
- C:\Windows\System\jkhcnQR.exe
  C:\Windows\System\jkhcnQR.exe
  2⤵
  PID:8784
- C:\Windows\System\LgzEPlp.exe
  C:\Windows\System\LgzEPlp.exe
  2⤵
  PID:8256
- C:\Windows\System\IlGavVC.exe
  C:\Windows\System\IlGavVC.exe
  2⤵
  PID:9240
- C:\Windows\System\vgiSIIQ.exe
  C:\Windows\System\vgiSIIQ.exe
  2⤵
  PID:9260
- C:\Windows\System\LPxhljQ.exe
  C:\Windows\System\LPxhljQ.exe
  2⤵
  PID:9276
- C:\Windows\System\CflsRZP.exe
  C:\Windows\System\CflsRZP.exe
  2⤵
  PID:9300
- C:\Windows\System\JxEMeVN.exe
  C:\Windows\System\JxEMeVN.exe
  2⤵
  PID:9324
- C:\Windows\System\ISAegFf.exe
  C:\Windows\System\ISAegFf.exe
  2⤵
  PID:9344
- C:\Windows\System\CtZmAxS.exe
  C:\Windows\System\CtZmAxS.exe
  2⤵
  PID:9360
- C:\Windows\System\CRDICTk.exe
  C:\Windows\System\CRDICTk.exe
  2⤵
  PID:9380
- C:\Windows\System\ICBjHsS.exe
  C:\Windows\System\ICBjHsS.exe
  2⤵
  PID:9400
- C:\Windows\System\mkcFHTr.exe
  C:\Windows\System\mkcFHTr.exe
  2⤵
  PID:9424
- C:\Windows\System\uPDxVYV.exe
  C:\Windows\System\uPDxVYV.exe
  2⤵
  PID:9440
- C:\Windows\System\WEeJtMa.exe
  C:\Windows\System\WEeJtMa.exe
  2⤵
  PID:9460
- C:\Windows\System\ULbYglo.exe
  C:\Windows\System\ULbYglo.exe
  2⤵
  PID:9480
- C:\Windows\System\KITPrtp.exe
  C:\Windows\System\KITPrtp.exe
  2⤵
  PID:9500
- C:\Windows\System\rrDXkAj.exe
  C:\Windows\System\rrDXkAj.exe
  2⤵
  PID:9520
- C:\Windows\System\vPrdQfd.exe
  C:\Windows\System\vPrdQfd.exe
  2⤵
  PID:9544
- C:\Windows\System\oSibHVI.exe
  C:\Windows\System\oSibHVI.exe
  2⤵
  PID:9564
- C:\Windows\System\VeqfDUL.exe
  C:\Windows\System\VeqfDUL.exe
  2⤵
  PID:9584
- C:\Windows\System\mbCBiRR.exe
  C:\Windows\System\mbCBiRR.exe
  2⤵
  PID:9604
- C:\Windows\System\eJFOXaK.exe
  C:\Windows\System\eJFOXaK.exe
  2⤵
  PID:9620
- C:\Windows\System\bCsNFYK.exe
  C:\Windows\System\bCsNFYK.exe
  2⤵
  PID:9636
- C:\Windows\System\hOnNQNS.exe
  C:\Windows\System\hOnNQNS.exe
  2⤵
  PID:9660
- C:\Windows\System\leBwtqn.exe
  C:\Windows\System\leBwtqn.exe
  2⤵
  PID:9680
- C:\Windows\System\pBXGoBj.exe
  C:\Windows\System\pBXGoBj.exe
  2⤵
  PID:9700
- C:\Windows\System\moveKuj.exe
  C:\Windows\System\moveKuj.exe
  2⤵
  PID:9716
- C:\Windows\System\XkuGsuk.exe
  C:\Windows\System\XkuGsuk.exe
  2⤵
  PID:9740
- C:\Windows\System\rOPQpcY.exe
  C:\Windows\System\rOPQpcY.exe
  2⤵
  PID:9756
- C:\Windows\System\GhFRqGP.exe
  C:\Windows\System\GhFRqGP.exe
  2⤵
  PID:9784
- C:\Windows\System\bGZqCLF.exe
  C:\Windows\System\bGZqCLF.exe
  2⤵
  PID:9800
- C:\Windows\System\WAodPVX.exe
  C:\Windows\System\WAodPVX.exe
  2⤵
  PID:9824
- C:\Windows\System\SBjDHDW.exe
  C:\Windows\System\SBjDHDW.exe
  2⤵
  PID:9840
- C:\Windows\System\eNTkuNt.exe
  C:\Windows\System\eNTkuNt.exe
  2⤵
  PID:9860
- C:\Windows\System\XXdANIp.exe
  C:\Windows\System\XXdANIp.exe
  2⤵
  PID:9880
- C:\Windows\System\eJlVcpC.exe
  C:\Windows\System\eJlVcpC.exe
  2⤵
  PID:9900
- C:\Windows\System\ISvBLVn.exe
  C:\Windows\System\ISvBLVn.exe
  2⤵
  PID:9920
- C:\Windows\System\lYHUjrw.exe
  C:\Windows\System\lYHUjrw.exe
  2⤵
  PID:9940
- C:\Windows\System\oZFSpqX.exe
  C:\Windows\System\oZFSpqX.exe
  2⤵
  PID:9964
- C:\Windows\System\orbkNge.exe
  C:\Windows\System\orbkNge.exe
  2⤵
  PID:9980
- C:\Windows\System\yWLSatI.exe
  C:\Windows\System\yWLSatI.exe
  2⤵
  PID:10004
- C:\Windows\System\GtEJmrW.exe
  C:\Windows\System\GtEJmrW.exe
  2⤵
  PID:10028
- C:\Windows\System\pmmYmot.exe
  C:\Windows\System\pmmYmot.exe
  2⤵
  PID:10044
- C:\Windows\System\rylAxGl.exe
  C:\Windows\System\rylAxGl.exe
  2⤵
  PID:10064
- C:\Windows\System\IepLvhy.exe
  C:\Windows\System\IepLvhy.exe
  2⤵
  PID:10088
- C:\Windows\System\GVzRWHW.exe
  C:\Windows\System\GVzRWHW.exe
  2⤵
  PID:10104
- C:\Windows\System\ptPhmrS.exe
  C:\Windows\System\ptPhmrS.exe
  2⤵
  PID:10124
- C:\Windows\System\EzXPIUZ.exe
  C:\Windows\System\EzXPIUZ.exe
  2⤵
  PID:10148
- C:\Windows\System\TxGYerg.exe
  C:\Windows\System\TxGYerg.exe
  2⤵
  PID:10164
- C:\Windows\System\oxkzJYA.exe
  C:\Windows\System\oxkzJYA.exe
  2⤵
  PID:10180
- C:\Windows\System\RyIefer.exe
  C:\Windows\System\RyIefer.exe
  2⤵
  PID:10196
- C:\Windows\System\QtQWXzQ.exe
  C:\Windows\System\QtQWXzQ.exe
  2⤵
  PID:10216
- C:\Windows\System\CyRLYLe.exe
  C:\Windows\System\CyRLYLe.exe
  2⤵
  PID:10236
- C:\Windows\System\VBmdRKI.exe
  C:\Windows\System\VBmdRKI.exe
  2⤵
  PID:9236
- C:\Windows\System\PUvqfWP.exe
  C:\Windows\System\PUvqfWP.exe
  2⤵
  PID:9252
- C:\Windows\System\SnVGVLO.exe
  C:\Windows\System\SnVGVLO.exe
  2⤵
  PID:9320
- C:\Windows\System\HzwUFpJ.exe
  C:\Windows\System\HzwUFpJ.exe
  2⤵
  PID:9352
- C:\Windows\System\psQLAOP.exe
  C:\Windows\System\psQLAOP.exe
  2⤵
  PID:9392
- C:\Windows\System\sTPmJAC.exe
  C:\Windows\System\sTPmJAC.exe
  2⤵
  PID:9416
- C:\Windows\System\blyFZUD.exe
  C:\Windows\System\blyFZUD.exe
  2⤵
  PID:9436
- C:\Windows\System\ftoyAoi.exe
  C:\Windows\System\ftoyAoi.exe
  2⤵
  PID:9472
- C:\Windows\System\cphGQQB.exe
  C:\Windows\System\cphGQQB.exe
  2⤵
  PID:9512
- C:\Windows\System\DBkrwDl.exe
  C:\Windows\System\DBkrwDl.exe
  2⤵
  PID:9536
- C:\Windows\System\SlQzJSx.exe
  C:\Windows\System\SlQzJSx.exe
  2⤵
  PID:9572
- C:\Windows\System\wkfHQYe.exe
  C:\Windows\System\wkfHQYe.exe
  2⤵
  PID:9600
- C:\Windows\System\GCfHfGh.exe
  C:\Windows\System\GCfHfGh.exe
  2⤵
  PID:9648
- C:\Windows\System\bzJglpb.exe
  C:\Windows\System\bzJglpb.exe
  2⤵
  PID:9672
- C:\Windows\System\LHIReoW.exe
  C:\Windows\System\LHIReoW.exe
  2⤵
  PID:9692
- C:\Windows\System\LRoLsvw.exe
  C:\Windows\System\LRoLsvw.exe
  2⤵
  PID:9708
- C:\Windows\System\frcpggN.exe
  C:\Windows\System\frcpggN.exe
  2⤵
  PID:9752
- C:\Windows\System\JQheMRX.exe
  C:\Windows\System\JQheMRX.exe
  2⤵
  PID:9780
- C:\Windows\System\XwMNpbQ.exe
  C:\Windows\System\XwMNpbQ.exe
  2⤵
  PID:9808
- C:\Windows\System\CRbgkQe.exe
  C:\Windows\System\CRbgkQe.exe
  2⤵
  PID:9832
- C:\Windows\System\ZpwlKKw.exe
  C:\Windows\System\ZpwlKKw.exe
  2⤵
  PID:9872
- C:\Windows\System\WcOqlHo.exe
  C:\Windows\System\WcOqlHo.exe
  2⤵
  PID:9960
- C:\Windows\System\HDFIqvT.exe
  C:\Windows\System\HDFIqvT.exe
  2⤵
  PID:9988
- C:\Windows\System\ZrlqUiy.exe
  C:\Windows\System\ZrlqUiy.exe
  2⤵
  PID:10016
- C:\Windows\System\NLvDSWg.exe
  C:\Windows\System\NLvDSWg.exe
  2⤵
  PID:10052
- C:\Windows\System\MckEemJ.exe
  C:\Windows\System\MckEemJ.exe
  2⤵
  PID:10076
- C:\Windows\System\WAMFWLx.exe
  C:\Windows\System\WAMFWLx.exe
  2⤵
  PID:10120
- C:\Windows\System\QAUhqSh.exe
  C:\Windows\System\QAUhqSh.exe
  2⤵
  PID:10144
- C:\Windows\System\HtPTdqO.exe
  C:\Windows\System\HtPTdqO.exe
  2⤵
  PID:10156
- C:\Windows\System\TuIRNGk.exe
  C:\Windows\System\TuIRNGk.exe
  2⤵
  PID:10212
- C:\Windows\System\nVaDcKo.exe
  C:\Windows\System\nVaDcKo.exe
  2⤵
  PID:10188
- C:\Windows\System\KHMjWqc.exe
  C:\Windows\System\KHMjWqc.exe
  2⤵
  PID:9288
- C:\Windows\System\SxbSpIH.exe
  C:\Windows\System\SxbSpIH.exe
  2⤵
  PID:9340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ASBHBcB.exe

Filesize
6.0MB

MD5
8514139cf73a2ad976143eabcd47bb2d

SHA1
c202c250e4d5b5ab4acd12b350ae29bf1c12f2d1

SHA256
5aa6b95f016e4fa98e7c4bca2af79ad80b85a85db325573176117de4b084a58c

SHA512
1ef38c544af423e60a4d4b22174e2b2e58fc610ba4d88896f25e4cbfe7f01d92612fe6f15923f9d71601523d318f5258bb0b80c14cfff18b9e355e4cd1da3f46

Download Submit
C:\Windows\system\AwgThbb.exe

Filesize
6.0MB

MD5
97e1936f0ebaeb120dd734db0e2f737a

SHA1
e953a9e5cbb2fab0129c2f011485dda33eb4e8b0

SHA256
685bbe1ffd11f728bf103fe6e4aab19fb6e398c10028ea91113af92909bd49aa

SHA512
0a19b6aa0cc51a633bab8622c89dd27d6d2a4768ba10571723ffe5b365547647153f6aa8b1e61eb773d0e6829696ef78fef0b4b28437bdeedde1026b13c66982

Download Submit
C:\Windows\system\BFKXiEE.exe

Filesize
6.0MB

MD5
dc5cc9671941514fba1426ca8c69b355

SHA1
f91590b874780a1c562f55882dd75d3a83632818

SHA256
285e8365015ea5cab8063099913c63ae860e869cbb063a52c1c046cc3b485cc1

SHA512
1d23373c83badee5a12f4dee3cf2510d1b109311dbcf76327eda0020349d3833b328d7ed8e14f11ddae9e99ccc917f217ae253a9bb48321bbe382c4af74c9aea

Download Submit
C:\Windows\system\DdHhFto.exe

Filesize
6.0MB

MD5
cbeef6002d2c480321905b6dfd57817c

SHA1
d8e7b082f9463b94d158676409bdcb627573a598

SHA256
381be21e58ad7a70cd5b9fe447bc1de1ab944f81b518ec04246a1e699b11f0ee

SHA512
905b31c8f3f273187643036cc8f58eb4f4c480a53ab167546a1b1be9e412621e3bd10ceca31a7fef41e4cc3e660cb480553e65d2325693020c0f08cae068083d

Download Submit
C:\Windows\system\GQfxzzx.exe

Filesize
6.0MB

MD5
90d1722652a6a9c2e01704425d6ac787

SHA1
352a1178b494be8e744568fc87b0e966eea6ec70

SHA256
d103f9ec6e2736d49ac74df8da2b26296ecb9d5f110e9bed287ae7b21040b71f

SHA512
c9eed15a38e1513d780830396742a184ca95ca6309972d50b4a0f58ae50b52b13e999b27698baaaa13ed4013f06450749e9aaf71b9730a976980dfd67959b0cf

Download Submit
C:\Windows\system\LkHsbvz.exe

Filesize
8B

MD5
a5ce0e1cd1d3917f12b2586698d6dcc3

SHA1
2f4215182cfc776d7694eb4ff7274612b0593eeb

SHA256
48b3f31c2ddcc55f74d70a7833a2b09f6b374689bbf4cb6de601d6a621a2abbc

SHA512
f349489705218d3925cc06581c9fd70709fc5a0bb4f86496e55ebbbc637c745339459701ffd3b7a8c11bbfdd4f5b738df89620bf4327ebc87ea6731f85a01281

Download Submit
C:\Windows\system\OHSQQhs.exe

Filesize
6.0MB

MD5
68c9881e2456175c84ce1131fc02a4da

SHA1
144c9f90049ec43f5232345f450e0ff6bed34112

SHA256
3c4db242ee2ab7dd4255765f2a55938f66ea84ef922061a98f47a77de9b22d13

SHA512
98f0f21fb6b5aa90bdd7682573d150645f67e27352038c1e7a1284b430e4312c4f1d8cc8256ed72e00109b5e9a807cc143a24e327bfe235e698c4997ae37eef2

Download Submit
C:\Windows\system\OMxIRWh.exe

Filesize
6.0MB

MD5
dce9ce89fc61ebd1dfff1beb1705e175

SHA1
0502bfee35eca10777db34b00dcff875563fc50b

SHA256
abb0aa84e25d91bd54a97aaefc042fed6597a00794bd89558785f7b0874d77dc

SHA512
2f353a443d37fa78c290044ab9ef63f1a7e2522f9689966bb2848cca3ec5c58e6b0a8aa246e70dc6fa35b7f5f422bb17182a125a15ecfb2e8f99860872b8373d

Download Submit
C:\Windows\system\RXysKdx.exe

Filesize
6.0MB

MD5
cf1f18238d822527ae7b391aeb5eadb4

SHA1
c631e24c28d953e7aca67a8d2d896af78bfab46e

SHA256
ed92c32634adaa1c0b1d1ef161505ba3a9cffbf2b1c5f8118b4948c11c082ba3

SHA512
7ee6229f73ab8836a02d72c2a59031666dc0e4d68bfba15307867475bb40e04dbc250a0c1c9cc5f7b5bf7ade6d47f2feb2fe707bc57824675421e20c974b39bc

Download Submit
C:\Windows\system\RamyYqL.exe

Filesize
6.0MB

MD5
fd80c9acef91eb7590392c894f431aed

SHA1
04a15f2ba7bcc3ef01947c1ea7cb521559f3d09e

SHA256
b16d73f41380549d176481e092818bc8a6fda0ba8afc41dbdb3aa613bdb25237

SHA512
eb8613c71688bf5059847d6cbfbdac328820f46cae439fbf49bf2354a77285201976aff2a63cdc6eff4b9cc644a945cd9c199e315799512ad6c786fa67aa0526

Download Submit
C:\Windows\system\STSmLIx.exe

Filesize
6.0MB

MD5
3751866a4f286766a67ca969e6a2f52e

SHA1
7c58dea90165fad56a7fd3878101b2c38dac2b34

SHA256
0c12e848b1e7c9e0150c866554798f9c8aa27789e1edfe305328bba47ad257e4

SHA512
10848ab2889f1ab769b543964ec8223ae2767db5b6ff5a3d2dbdbefa100f84122fd04359c6f885e7397e94f14dd049d5fd25a2e668784f1e436c122c57f6b287

Download Submit
C:\Windows\system\TuJxozD.exe

Filesize
6.0MB

MD5
7f7c8e5a5f12a5c379f3373fcd4b2c60

SHA1
4eafbff749657525fb03a30b759528a807efb2ad

SHA256
bcc701d699dba42c2b12101a094198de39dc930ccb0c9d399dafd06a02fe5394

SHA512
793919781bacdb74fa4eddfe99f841a5a37ada2a82a2cf73a4c3a547fb7122d8f00c1802b30bb6f1fbd32f10c7b38e6dc73f57e4583e28e828d1a24528f11f19

Download Submit
C:\Windows\system\WaArXgh.exe

Filesize
6.0MB

MD5
1f42608b391d00f5dff2a25e4500cf03

SHA1
a1a7be9dabf98e28c155cc8219f57133ca243d4c

SHA256
1b319eb8ae7a6fea179d0f95a6074933b66a9c5084f29bf833e103e3f312c53d

SHA512
8f18baf5bfefd51598240f7c1bf1ff4258558224ed3b50f48e100d2656c1f03061dede7991eb6315fb52e9cd01fb694596c43e7442fac23051bd95135e4580f6

Download Submit
C:\Windows\system\WmrNOhv.exe

Filesize
6.0MB

MD5
99d4d282547c6801bdffcb4b8eafb22d

SHA1
5a9d8e921746e2e6e40fea6812b8b019af6b25a0

SHA256
b2b8787cbd1c230e84172b6cacb13f0bfc4c31ad9dde5d4664775beb3b0c8db0

SHA512
03c1a799769c61ee72e592e4bf947f4e6c345aa6e5159095a820f02cbc0c2fe3923248edd4b91c59a6fc6fd1839005410b2aa9e5b9165847f95461d2663f841f

Download Submit
C:\Windows\system\aOVmncl.exe

Filesize
6.0MB

MD5
c50ec94d372aa557bc57e9c522890f2e

SHA1
552c8d0b6d6b83b1b0d512d58233c4c2defddb03

SHA256
a047cbddaa2ae92a73949e76955a7bb57657b7015b15f58936527db0c74d4877

SHA512
88031875b3283d2164d1bfc46bc999f68664da9bbc0cfbe78d9b7836b74f87fa7712659db8164786d1a98b864f4ef3d661bfadf663acac2d0a29f2186d1c37e3

Download Submit
C:\Windows\system\bIBvvwx.exe

Filesize
6.0MB

MD5
fbeca1d2798c87847fd5ee5a6ff76912

SHA1
cff51aa8ffaeed67b0568f11d1685d342dcf07ae

SHA256
328e61343ad69c1833b5e96ae69d4fb293aa688515e5149f7665f2bb024d68f2

SHA512
0c27a26670f6eaf58072df99759fd4753e2773fc2938d6ae663b5453c906d7f0412cb463b6aeb97cbbe28dba114e5917855c13c1a0a5afcf3bd6cbaa7dd1a27f

Download Submit
C:\Windows\system\cBqVwhY.exe

Filesize
6.0MB

MD5
659b786a16b15dc5ef05ffb66a152968

SHA1
3ed6d82a9f6e78988310cc0f3d49bfd045aa5c28

SHA256
7e2c1785f126bc20cca94ab3380b4a15bb03c6409a00e6ed0092e4aca80fd2a4

SHA512
6fdc22b5a08fe6a30109f11b66ace126184b2fc936d85047ba8da7e1e596f58d38b14be3fd15f5be8bb62034c487583b87d9a577b1327af280c63c65cc6d3506

Download Submit
C:\Windows\system\gGpDuIf.exe

Filesize
6.0MB

MD5
6397b82669a2941423e96a45a91643a8

SHA1
5d60f6b8c28b75029d32468a6691a181e4f1478c

SHA256
c8aec4ab01ce87d157295c5ca93d47eedbc958df0a62f630da15c7979c150bfb

SHA512
d5f304ef0041077c790517f4d9fbe94462823492f06634f420d30e88c35615ec19d4ab7a2c9f296e4620bb5f28d7516c286092b761b18e70e051e57b0885a4f4

Download Submit
C:\Windows\system\hUKRbVM.exe

Filesize
6.0MB

MD5
4c48965fb1172e7add3e13279c4f65b6

SHA1
be97fc66b3aaebefe16c7738f5299286bf839314

SHA256
504e210077b0925366e09fdb01f02d3943e8fb4eda4afbb0645c42c4db463658

SHA512
39eb1638e4a56015a99cd1d95876ec294f57cc458b6ec00bce8cdef6553b5a3b7322b38f4342db8bd5c247bf215c14fb009dd5846e9ca3c6bce0d98b5dbaf97f

Download Submit
C:\Windows\system\iPGazTc.exe

Filesize
6.0MB

MD5
7f1b16b26e49b448171b4216316689af

SHA1
953a71df130cb476e6a540bdc1adacb4eee36841

SHA256
7249eee210133752c92f0b37e13e1098464fd42bca08fe1cb95c8e3b0a88c131

SHA512
14338e7baa30a8e83a28cc41ff66ba7f18341c1d34da0a6a327239f2691d6e8f9c6012be95702875168453eacd193e5f439ad3e356a48fad9b7e9ebac06a735e

Download Submit
C:\Windows\system\ijRRcgp.exe

Filesize
6.0MB

MD5
11736c64efced844053c99399fe70406

SHA1
71090b60a9db7e0b733cb4072593a970c001cc64

SHA256
a664272852f602a84649646e34b590915eb1caceeed1d6d5acac9c487225801b

SHA512
78bf0a72da1943e1184c7518ec4160ec0b752744b109a96d5524a303729ef4357b7720eb72974452622c813b9f72a379af339e77b2a2f5aa5587bb61a420f9f4

Download Submit
C:\Windows\system\lEtbRHr.exe

Filesize
6.0MB

MD5
128a480e6881f2fb653c9d3ba95fa0d5

SHA1
561881f658ef3870cb1042d5e64818ad9437c3e0

SHA256
78ce45395b7d4b66a81d78d3d425291a8a88c7530097746f02ad6fb5bd5f25b3

SHA512
2bc29130e14e097ee0dad5fdac7ab9791d1682c96d2c4b5fdd31f5ea0c8e2dae12eeb8f0316fbcb8f3bd5010412e13fd5457ec0e15b7d95f4f9679f2b897eb39

Download Submit
C:\Windows\system\lqQUDib.exe

Filesize
6.0MB

MD5
af11eebb692c668e7b4b9f2d1d92fb58

SHA1
963fcb3ab87315c8e7d2c6409960a2329d128053

SHA256
253007bdcb9c254178a869375a9c4b481816db633f7936a295b694644c37a871

SHA512
afcb7e25bbe063fa4d519729737314b020d01e556690a09b242789756401887bb6ac77cb2e1120f20a490e883bca38bdc39da976cec5dbf5be83f8d840ae3f02

Download Submit
C:\Windows\system\ozJGEYA.exe

Filesize
6.0MB

MD5
f5e3e35922a6c5a2ee17edd1adae36a4

SHA1
cb3bc83ef4740d469d0e06135b2c8792159703b4

SHA256
3a7e03d3edcb7e28e527784f43e4dbc00524aab34c504de57bba08a86d4a7f79

SHA512
5eb0d08ba2f116195885cf4a06c13fa5ced1557261ba37b0cc7ce56ff7f59a14c601ce5820a2130a1fd035dc843ca58164994a3a09477f7294dbe7d71f6b7c6f

Download Submit
C:\Windows\system\sCpzSaj.exe

Filesize
6.0MB

MD5
e16431f583c8a69569af435aaeca7c86

SHA1
2cb8049bca78b27505bbc8601f3e7f5fc46eed08

SHA256
f81c5df6a49f37f15cfa65659a25acd4ee08a5598bf0790d7e0843054c7f47a5

SHA512
fa67288e7c46f58537cc38fde71a77cd52ae022f2c55c75fcb83965576e10b57a92493d65210c5fa1a34f4c1e011334efa2c16a35ece8f7672cb0c4203686757

Download Submit
C:\Windows\system\uPnCDhp.exe

Filesize
6.0MB

MD5
ffcdaf7ff38b80b75c6ceeb3dd85d252

SHA1
5dec7f686caa369df1f7a467c18c541786021c13

SHA256
d52be23f5305addbf11d3e3d5b6af2577c579205ffa5d1de859224f6328dead4

SHA512
652352fc9115135a00d9c0621577c5e7b0fc245833ed0ca862d45ab0c9d73d76fa10be8922cd04c914a4078f9d4493a353487b631dfab412901cb9c93ad59185

Download Submit
C:\Windows\system\wScmhEN.exe

Filesize
6.0MB

MD5
d08779f33bb5f6b3d4bfffcc052f6d05

SHA1
4f5abdb55cb30eb3538b987101269392b2492ac4

SHA256
68f2a649b5f2cba7167ba3c3e83f869281a133925e270ec92eb9f389fb3a842a

SHA512
14eaef3b56bd3d3e0e4c1c52fd95b3413727e835f37d7bfa67a73fea1f5b42ee069099cdf0ebbcad90a593d1ee71ab1aad989188432d41ab58d4aea27e43f835

Download Submit
C:\Windows\system\xYZSsof.exe

Filesize
6.0MB

MD5
5a6aeee6671ff3f54df7f5e29f45b94a

SHA1
d1ddab6679f5fbf72b6632a5198f138ba6197f9a

SHA256
fc882909bfa472964a04a92135fb29970003744dd4bc58016c4e3b233ee91d93

SHA512
6af2e9b1892ca5310049702540e6ff83821ac77c907649e8df3f3e93fbe744dfbf018931be361b09e5c30c66aff3f2debffe7102068ecc879fd2a490ad618887

Download Submit
\Windows\system\NdklYVg.exe

Filesize
6.0MB

MD5
335b505ebc08f0f4a226c8d782675a45

SHA1
1d7510273d3a4b07444264e256b613004da0f68a

SHA256
c5eb9c327ed552fa0265a3ecdc4d6c8463b6c85a27d4d2be81135bde69548a9d

SHA512
0f3d2f2cad197eab384a0719532e60c14ca9cfed64fdcc25b29d2d1537ce559e999ebe7cee7a34343e8d1499d97d2174884ce90f14fd2a9c03920adacabb5740

Download Submit
\Windows\system\YMGnElH.exe

Filesize
6.0MB

MD5
0a5cf51591ca7b7adfe60053e8fbf3f3

SHA1
71a7843174aceccbe3c9e9028e86991d842f8fed

SHA256
a195c5d93fffcf694e45442a9e62e29e4f1f52c505bd83eb076998c2c6c7e6c7

SHA512
428a30529ff146bffb21279037c245ae45852f616aff51a7deb61194db0ca83f8486eecfea7941ded1fe66f769a5e8b305c5e253cf055b5585599cabfe41a54b

Download Submit
\Windows\system\mXAaeWm.exe

Filesize
6.0MB

MD5
ac137469e24355f08baacdb2fa35a971

SHA1
dda62bb013198ab71edba1225e4f20a7a9e70788

SHA256
b327c827cde1b5497eb672708edcc95efff8ada0b19fa2c02920a49a3b37c73a

SHA512
0a6c21458597bc0b4c64236ae1ab80351ed0e91ad03f655380d4e7fe82bf835911c4d0a99d6592a36e5357dc8bfb026a7c2d85241488a09b6d02e8c6f5ba66dd

Download Submit
\Windows\system\qonnVey.exe

Filesize
6.0MB

MD5
83b236a82b6c09178b688526c4dbec48

SHA1
184781ce5a58c7213d03509e040c3d5fb4521adf

SHA256
149d1171df6f8243ae28c262bb59d7570f92bb9396fb2d8266c60b5da0ba7487

SHA512
4888df2ef420a6989f0660f3bf26a66fb307bddea96ee7995b241f43908ec7c8f1e1dc540bfdd7761013126b265ca391a0e563a6dd3dc1b70c19e63160a1ea87

Download Submit
\Windows\system\udNtTih.exe

Filesize
6.0MB

MD5
8f7a7d93d4dad2b22d78c671427f9639

SHA1
50a863512958b61e8de17c2c64db0631817d2be9

SHA256
07d19226ea366cdf194693448ab7fe6e99d893df98291d57aa46314fd0adc86f

SHA512
1615e2a25d4480da20937294d410c5dcbc6637b83d60258c95e46205c8fdf00186db73f420b1cdb3d58cc3ca5666901eb0f1917c797387fdedcbae82f1177cb1

Download Submit
memory/916-975-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/916-22-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/916-3785-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1264-3853-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1264-942-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1808-34-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-976-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-3759-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-3726-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1848-15-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1848-60-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3817-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3897-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2392-920-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2432-58-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-1988-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3794-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2393-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1798-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-974-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2536-50-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/2536-958-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2536-943-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2396-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2536-921-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2422-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/2536-902-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2536-880-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2377-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2382-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2185-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2536-51-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-10-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1092-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2536-19-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-2389-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-12-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2536-978-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1440-0x0000000002500000-0x0000000002854000-memory.dmp

Filesize
3.3MB

Download
memory/2536-56-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-0-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-43-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2536-31-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-38-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3899-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2576-890-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2628-957-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3898-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3883-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-899-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3840-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-52-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3765-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1212-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2708-41-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3856-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-973-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3756-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2868-44-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download