cobaltstrike | c87069f6d801aa466c2ed95488f7f4de04b28e3e317413387aac92aba9f707fe

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2195976871818f4c5afad5410e0d69e4
SHA1

8206be22c854eeb2d7b46373901b48c573a28694
SHA256

c87069f6d801aa466c2ed95488f7f4de04b28e3e317413387aac92aba9f707fe
SHA512

b551d9990ad24369ebb0417fece4af761db85e288a3b42b54456a659de4c1e83c29bb79a76d948b943f8def71528793c03432e8dfaf5ad4c5f5ea4a67d206d66
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUu:eOl56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\FbHEIoC.exe	cobalt_reflective_dll
\Windows\system\EmUQODx.exe	cobalt_reflective_dll
C:\Windows\system\SfdpFkb.exe	cobalt_reflective_dll
\Windows\system\ulOaXYi.exe	cobalt_reflective_dll
\Windows\system\QVFsRuF.exe	cobalt_reflective_dll
\Windows\system\rMTdAuK.exe	cobalt_reflective_dll
C:\Windows\system\PfAUYlh.exe	cobalt_reflective_dll
C:\Windows\system\aRKpIAl.exe	cobalt_reflective_dll
\Windows\system\YeNWBMG.exe	cobalt_reflective_dll
\Windows\system\hHcIUQA.exe	cobalt_reflective_dll
C:\Windows\system\dtkPDli.exe	cobalt_reflective_dll
C:\Windows\system\gbXYusc.exe	cobalt_reflective_dll
C:\Windows\system\ilwqMVc.exe	cobalt_reflective_dll
\Windows\system\cytyDEm.exe	cobalt_reflective_dll
\Windows\system\sBasIoM.exe	cobalt_reflective_dll
\Windows\system\tHDCybH.exe	cobalt_reflective_dll
\Windows\system\UBTBmVS.exe	cobalt_reflective_dll
\Windows\system\IcPGPFD.exe	cobalt_reflective_dll
C:\Windows\system\eSQkVjf.exe	cobalt_reflective_dll
C:\Windows\system\AiGNktm.exe	cobalt_reflective_dll
C:\Windows\system\kbAOZgV.exe	cobalt_reflective_dll
\Windows\system\YOJjIoV.exe	cobalt_reflective_dll
C:\Windows\system\BIuxdap.exe	cobalt_reflective_dll
C:\Windows\system\AwpnGYn.exe	cobalt_reflective_dll
C:\Windows\system\aOTzeSP.exe	cobalt_reflective_dll
C:\Windows\system\tmVZbYu.exe	cobalt_reflective_dll
C:\Windows\system\UqDtnxb.exe	cobalt_reflective_dll
C:\Windows\system\rdupfKS.exe	cobalt_reflective_dll
C:\Windows\system\qViaEdR.exe	cobalt_reflective_dll
C:\Windows\system\VrWFCAI.exe	cobalt_reflective_dll
C:\Windows\system\zQaIQZY.exe	cobalt_reflective_dll
C:\Windows\system\fOvhtaF.exe	cobalt_reflective_dll
C:\Windows\system\WGRzkZI.exe	cobalt_reflective_dll
\Windows\system\cAVeUri.exe	cobalt_reflective_dll
C:\Windows\system\ntowffY.exe	cobalt_reflective_dll
C:\Windows\system\MEQtnOh.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1928-0-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
C:\Windows\system\FbHEIoC.exe	xmrig
\Windows\system\EmUQODx.exe	xmrig
C:\Windows\system\SfdpFkb.exe	xmrig
\Windows\system\ulOaXYi.exe	xmrig
\Windows\system\QVFsRuF.exe	xmrig
behavioral1/memory/3028-177-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
\Windows\system\rMTdAuK.exe	xmrig
behavioral1/memory/1928-1151-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
C:\Windows\system\PfAUYlh.exe	xmrig
C:\Windows\system\aRKpIAl.exe	xmrig
\Windows\system\YeNWBMG.exe	xmrig
\Windows\system\hHcIUQA.exe	xmrig
behavioral1/memory/488-166-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2264-164-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
C:\Windows\system\dtkPDli.exe	xmrig
C:\Windows\system\gbXYusc.exe	xmrig
C:\Windows\system\ilwqMVc.exe	xmrig
\Windows\system\cytyDEm.exe	xmrig
\Windows\system\sBasIoM.exe	xmrig
\Windows\system\tHDCybH.exe	xmrig
behavioral1/memory/1284-138-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
\Windows\system\UBTBmVS.exe	xmrig
\Windows\system\IcPGPFD.exe	xmrig
C:\Windows\system\eSQkVjf.exe	xmrig
C:\Windows\system\AiGNktm.exe	xmrig
behavioral1/memory/2644-94-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
C:\Windows\system\kbAOZgV.exe	xmrig
\Windows\system\YOJjIoV.exe	xmrig
C:\Windows\system\BIuxdap.exe	xmrig
C:\Windows\system\AwpnGYn.exe	xmrig
behavioral1/memory/2060-172-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
C:\Windows\system\aOTzeSP.exe	xmrig
behavioral1/memory/1928-129-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2408-128-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
C:\Windows\system\tmVZbYu.exe	xmrig
C:\Windows\system\UqDtnxb.exe	xmrig
C:\Windows\system\rdupfKS.exe	xmrig
behavioral1/memory/2848-124-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
C:\Windows\system\qViaEdR.exe	xmrig
C:\Windows\system\VrWFCAI.exe	xmrig
behavioral1/memory/2836-71-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/1928-67-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
C:\Windows\system\zQaIQZY.exe	xmrig
C:\Windows\system\fOvhtaF.exe	xmrig
C:\Windows\system\WGRzkZI.exe	xmrig
behavioral1/memory/1892-49-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1692-64-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1476-27-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
\Windows\system\cAVeUri.exe	xmrig
behavioral1/memory/1928-41-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
C:\Windows\system\ntowffY.exe	xmrig
C:\Windows\system\MEQtnOh.exe	xmrig
behavioral1/memory/2464-29-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2408-4018-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1476-4020-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2264-4024-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2836-4023-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/488-4027-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/3028-4029-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2060-4030-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2848-4028-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2644-4026-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/1692-4025-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

FbHEIoC.exeEmUQODx.exeSfdpFkb.exeMEQtnOh.exentowffY.execAVeUri.exeWGRzkZI.exeQVFsRuF.exefOvhtaF.exezQaIQZY.exeulOaXYi.exeVrWFCAI.exekbAOZgV.exeAiGNktm.exeeSQkVjf.exeqViaEdR.exerdupfKS.exeUqDtnxb.exetmVZbYu.exeaOTzeSP.exeilwqMVc.exegbXYusc.exedtkPDli.exeAwpnGYn.exeBIuxdap.exeYOJjIoV.exeaRKpIAl.exePfAUYlh.exeWVnaBMw.exeIcPGPFD.exerMTdAuK.exeUBTBmVS.exeRBOnFwn.exetHDCybH.exesBasIoM.execytyDEm.exereqmVjJ.exehHcIUQA.exeYeNWBMG.exevmewaJn.exefEPOyFY.exeHxKojEM.exeQTHQiHp.exeokfTgWm.exezEhAgSz.exeuyXMuwA.exelCHjgvN.exerzagEii.exeFmwwbtb.exeKsGJAip.exejAJbxed.exeSYWwmiM.exexHzpXQQ.exenswqYFX.exeJwrCyfr.exeUUjOybe.exesQwXGFR.exeHehlxqO.exeaHjElck.exegNOTVFp.exejyCLlbx.exeWpuvisW.exeFHmSHIQ.exeopsVCKl.exe

pid	process
2408	FbHEIoC.exe
1476	EmUQODx.exe
2464	SfdpFkb.exe
1284	MEQtnOh.exe
1892	ntowffY.exe
1692	cAVeUri.exe
2264	WGRzkZI.exe
2836	QVFsRuF.exe
488	fOvhtaF.exe
2644	zQaIQZY.exe
2060	ulOaXYi.exe
3028	VrWFCAI.exe
2848	kbAOZgV.exe
2612	AiGNktm.exe
2272	eSQkVjf.exe
1696	qViaEdR.exe
2968	rdupfKS.exe
2792	UqDtnxb.exe
1724	tmVZbYu.exe
2516	aOTzeSP.exe
2320	ilwqMVc.exe
1664	gbXYusc.exe
2164	dtkPDli.exe
1100	AwpnGYn.exe
1332	BIuxdap.exe
2680	YOJjIoV.exe
2244	aRKpIAl.exe
1916	PfAUYlh.exe
1940	WVnaBMw.exe
2704	IcPGPFD.exe
2984	rMTdAuK.exe
2336	UBTBmVS.exe
964	RBOnFwn.exe
2052	tHDCybH.exe
2528	sBasIoM.exe
1012	cytyDEm.exe
2304	reqmVjJ.exe
356	hHcIUQA.exe
988	YeNWBMG.exe
1048	vmewaJn.exe
1292	fEPOyFY.exe
596	HxKojEM.exe
1764	QTHQiHp.exe
2592	okfTgWm.exe
2388	zEhAgSz.exe
2216	uyXMuwA.exe
892	lCHjgvN.exe
1644	rzagEii.exe
1516	Fmwwbtb.exe
1564	KsGJAip.exe
2552	jAJbxed.exe
540	SYWwmiM.exe
1600	xHzpXQQ.exe
2488	nswqYFX.exe
2760	JwrCyfr.exe
2892	UUjOybe.exe
2308	sQwXGFR.exe
2864	HehlxqO.exe
2728	aHjElck.exe
2668	gNOTVFp.exe
2616	jyCLlbx.exe
2944	WpuvisW.exe
2560	FHmSHIQ.exe
2144	opsVCKl.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1928-0-0x000000013F230000-0x000000013F584000-memory.dmp	upx
C:\Windows\system\FbHEIoC.exe	upx
\Windows\system\EmUQODx.exe	upx
C:\Windows\system\SfdpFkb.exe	upx
\Windows\system\ulOaXYi.exe	upx
\Windows\system\QVFsRuF.exe	upx
behavioral1/memory/3028-177-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
\Windows\system\rMTdAuK.exe	upx
behavioral1/memory/1928-1151-0x000000013F230000-0x000000013F584000-memory.dmp	upx
C:\Windows\system\PfAUYlh.exe	upx
C:\Windows\system\aRKpIAl.exe	upx
\Windows\system\YeNWBMG.exe	upx
\Windows\system\hHcIUQA.exe	upx
behavioral1/memory/488-166-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2264-164-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
C:\Windows\system\dtkPDli.exe	upx
C:\Windows\system\gbXYusc.exe	upx
C:\Windows\system\ilwqMVc.exe	upx
\Windows\system\cytyDEm.exe	upx
\Windows\system\sBasIoM.exe	upx
\Windows\system\tHDCybH.exe	upx
behavioral1/memory/1284-138-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
\Windows\system\UBTBmVS.exe	upx
\Windows\system\IcPGPFD.exe	upx
C:\Windows\system\eSQkVjf.exe	upx
C:\Windows\system\AiGNktm.exe	upx
behavioral1/memory/2644-94-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
C:\Windows\system\kbAOZgV.exe	upx
\Windows\system\YOJjIoV.exe	upx
C:\Windows\system\BIuxdap.exe	upx
C:\Windows\system\AwpnGYn.exe	upx
behavioral1/memory/2060-172-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
C:\Windows\system\aOTzeSP.exe	upx
behavioral1/memory/2408-128-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
C:\Windows\system\tmVZbYu.exe	upx
C:\Windows\system\UqDtnxb.exe	upx
C:\Windows\system\rdupfKS.exe	upx
behavioral1/memory/2848-124-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
C:\Windows\system\qViaEdR.exe	upx
C:\Windows\system\VrWFCAI.exe	upx
behavioral1/memory/2836-71-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
C:\Windows\system\zQaIQZY.exe	upx
C:\Windows\system\fOvhtaF.exe	upx
C:\Windows\system\WGRzkZI.exe	upx
behavioral1/memory/1892-49-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1692-64-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1476-27-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
\Windows\system\cAVeUri.exe	upx
C:\Windows\system\ntowffY.exe	upx
C:\Windows\system\MEQtnOh.exe	upx
behavioral1/memory/2464-29-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2408-4018-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1476-4020-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2264-4024-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2836-4023-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/488-4027-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/3028-4029-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2060-4030-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2848-4028-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2644-4026-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/1692-4025-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1892-4022-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1284-4021-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2464-4019-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\QVFsRuF.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQrPpMp.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDLwmeY.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvRiHdr.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERCvJWP.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSggWpF.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAbcwAB.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJpzQIC.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXSiMuf.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIyDgvg.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pneawIg.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDmLHRl.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCfpsdW.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPCTMZz.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syGIkLO.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmwffGz.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqAnfdp.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWNWcen.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFARSAs.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzADeWj.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHAVRvz.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVnaBMw.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSkEiUw.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWzoouf.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnnXMte.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bADUDOJ.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkFSpYO.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOGWday.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwdfBCb.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzsUUXI.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqKGmxk.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWTtOJT.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEtsyiN.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpJqoba.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYkGxsG.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkNPxgK.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDFbuSi.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLhSZMl.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmYhRdk.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFxeGlR.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahePdGU.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qViaEdR.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hybTNen.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlGwdQc.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRxuTBX.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxiQiLg.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtXIzbx.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYNqFTX.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJTFbpN.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhPWAxo.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpdKwKd.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxWaZgQ.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHDCybH.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhyggen.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqSVoRV.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWJqLjn.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEZvRpz.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GklJcSE.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxFSQBB.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNTJfgG.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KekdOHi.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzZHAim.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIRnLBN.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfmeNhf.exe	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1928 wrote to memory of 2408	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	FbHEIoC.exe
PID 1928 wrote to memory of 2408	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	FbHEIoC.exe
PID 1928 wrote to memory of 2408	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	FbHEIoC.exe
PID 1928 wrote to memory of 1476	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	EmUQODx.exe
PID 1928 wrote to memory of 1476	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	EmUQODx.exe
PID 1928 wrote to memory of 1476	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	EmUQODx.exe
PID 1928 wrote to memory of 2464	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	SfdpFkb.exe
PID 1928 wrote to memory of 2464	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	SfdpFkb.exe
PID 1928 wrote to memory of 2464	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	SfdpFkb.exe
PID 1928 wrote to memory of 1892	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	ntowffY.exe
PID 1928 wrote to memory of 1892	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	ntowffY.exe
PID 1928 wrote to memory of 1892	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	ntowffY.exe
PID 1928 wrote to memory of 1284	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	MEQtnOh.exe
PID 1928 wrote to memory of 1284	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	MEQtnOh.exe
PID 1928 wrote to memory of 1284	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	MEQtnOh.exe
PID 1928 wrote to memory of 1692	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	cAVeUri.exe
PID 1928 wrote to memory of 1692	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	cAVeUri.exe
PID 1928 wrote to memory of 1692	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	cAVeUri.exe
PID 1928 wrote to memory of 2264	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	WGRzkZI.exe
PID 1928 wrote to memory of 2264	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	WGRzkZI.exe
PID 1928 wrote to memory of 2264	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	WGRzkZI.exe
PID 1928 wrote to memory of 2060	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	ulOaXYi.exe
PID 1928 wrote to memory of 2060	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	ulOaXYi.exe
PID 1928 wrote to memory of 2060	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	ulOaXYi.exe
PID 1928 wrote to memory of 2836	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	QVFsRuF.exe
PID 1928 wrote to memory of 2836	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	QVFsRuF.exe
PID 1928 wrote to memory of 2836	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	QVFsRuF.exe
PID 1928 wrote to memory of 3028	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	VrWFCAI.exe
PID 1928 wrote to memory of 3028	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	VrWFCAI.exe
PID 1928 wrote to memory of 3028	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	VrWFCAI.exe
PID 1928 wrote to memory of 488	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	fOvhtaF.exe
PID 1928 wrote to memory of 488	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	fOvhtaF.exe
PID 1928 wrote to memory of 488	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	fOvhtaF.exe
PID 1928 wrote to memory of 2848	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	kbAOZgV.exe
PID 1928 wrote to memory of 2848	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	kbAOZgV.exe
PID 1928 wrote to memory of 2848	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	kbAOZgV.exe
PID 1928 wrote to memory of 2644	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	zQaIQZY.exe
PID 1928 wrote to memory of 2644	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	zQaIQZY.exe
PID 1928 wrote to memory of 2644	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	zQaIQZY.exe
PID 1928 wrote to memory of 2516	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	aOTzeSP.exe
PID 1928 wrote to memory of 2516	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	aOTzeSP.exe
PID 1928 wrote to memory of 2516	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	aOTzeSP.exe
PID 1928 wrote to memory of 2612	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	AiGNktm.exe
PID 1928 wrote to memory of 2612	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	AiGNktm.exe
PID 1928 wrote to memory of 2612	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	AiGNktm.exe
PID 1928 wrote to memory of 2680	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	YOJjIoV.exe
PID 1928 wrote to memory of 2680	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	YOJjIoV.exe
PID 1928 wrote to memory of 2680	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	YOJjIoV.exe
PID 1928 wrote to memory of 2272	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	eSQkVjf.exe
PID 1928 wrote to memory of 2272	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	eSQkVjf.exe
PID 1928 wrote to memory of 2272	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	eSQkVjf.exe
PID 1928 wrote to memory of 2244	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	aRKpIAl.exe
PID 1928 wrote to memory of 2244	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	aRKpIAl.exe
PID 1928 wrote to memory of 2244	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	aRKpIAl.exe
PID 1928 wrote to memory of 1696	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	qViaEdR.exe
PID 1928 wrote to memory of 1696	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	qViaEdR.exe
PID 1928 wrote to memory of 1696	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	qViaEdR.exe
PID 1928 wrote to memory of 1916	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	PfAUYlh.exe
PID 1928 wrote to memory of 1916	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	PfAUYlh.exe
PID 1928 wrote to memory of 1916	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	PfAUYlh.exe
PID 1928 wrote to memory of 2968	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	rdupfKS.exe
PID 1928 wrote to memory of 2968	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	rdupfKS.exe
PID 1928 wrote to memory of 2968	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	rdupfKS.exe
PID 1928 wrote to memory of 2704	1928	2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe	IcPGPFD.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_2195976871818f4c5afad5410e0d69e4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\System\FbHEIoC.exe
  C:\Windows\System\FbHEIoC.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\EmUQODx.exe
  C:\Windows\System\EmUQODx.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\SfdpFkb.exe
  C:\Windows\System\SfdpFkb.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\ntowffY.exe
  C:\Windows\System\ntowffY.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\MEQtnOh.exe
  C:\Windows\System\MEQtnOh.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\cAVeUri.exe
  C:\Windows\System\cAVeUri.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\WGRzkZI.exe
  C:\Windows\System\WGRzkZI.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ulOaXYi.exe
  C:\Windows\System\ulOaXYi.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\QVFsRuF.exe
  C:\Windows\System\QVFsRuF.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\VrWFCAI.exe
  C:\Windows\System\VrWFCAI.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\fOvhtaF.exe
  C:\Windows\System\fOvhtaF.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\kbAOZgV.exe
  C:\Windows\System\kbAOZgV.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\zQaIQZY.exe
  C:\Windows\System\zQaIQZY.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\aOTzeSP.exe
  C:\Windows\System\aOTzeSP.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\AiGNktm.exe
  C:\Windows\System\AiGNktm.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\YOJjIoV.exe
  C:\Windows\System\YOJjIoV.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\eSQkVjf.exe
  C:\Windows\System\eSQkVjf.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\aRKpIAl.exe
  C:\Windows\System\aRKpIAl.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\qViaEdR.exe
  C:\Windows\System\qViaEdR.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\PfAUYlh.exe
  C:\Windows\System\PfAUYlh.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\rdupfKS.exe
  C:\Windows\System\rdupfKS.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\IcPGPFD.exe
  C:\Windows\System\IcPGPFD.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\UqDtnxb.exe
  C:\Windows\System\UqDtnxb.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\rMTdAuK.exe
  C:\Windows\System\rMTdAuK.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\tmVZbYu.exe
  C:\Windows\System\tmVZbYu.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\UBTBmVS.exe
  C:\Windows\System\UBTBmVS.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ilwqMVc.exe
  C:\Windows\System\ilwqMVc.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\tHDCybH.exe
  C:\Windows\System\tHDCybH.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\gbXYusc.exe
  C:\Windows\System\gbXYusc.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\sBasIoM.exe
  C:\Windows\System\sBasIoM.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\dtkPDli.exe
  C:\Windows\System\dtkPDli.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\cytyDEm.exe
  C:\Windows\System\cytyDEm.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\AwpnGYn.exe
  C:\Windows\System\AwpnGYn.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\hHcIUQA.exe
  C:\Windows\System\hHcIUQA.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\BIuxdap.exe
  C:\Windows\System\BIuxdap.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\YeNWBMG.exe
  C:\Windows\System\YeNWBMG.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\WVnaBMw.exe
  C:\Windows\System\WVnaBMw.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\vmewaJn.exe
  C:\Windows\System\vmewaJn.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\RBOnFwn.exe
  C:\Windows\System\RBOnFwn.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\QTHQiHp.exe
  C:\Windows\System\QTHQiHp.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\reqmVjJ.exe
  C:\Windows\System\reqmVjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\okfTgWm.exe
  C:\Windows\System\okfTgWm.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\fEPOyFY.exe
  C:\Windows\System\fEPOyFY.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\zEhAgSz.exe
  C:\Windows\System\zEhAgSz.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\HxKojEM.exe
  C:\Windows\System\HxKojEM.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\uyXMuwA.exe
  C:\Windows\System\uyXMuwA.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\lCHjgvN.exe
  C:\Windows\System\lCHjgvN.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\rzagEii.exe
  C:\Windows\System\rzagEii.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\Fmwwbtb.exe
  C:\Windows\System\Fmwwbtb.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\jAJbxed.exe
  C:\Windows\System\jAJbxed.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\KsGJAip.exe
  C:\Windows\System\KsGJAip.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\xHzpXQQ.exe
  C:\Windows\System\xHzpXQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\SYWwmiM.exe
  C:\Windows\System\SYWwmiM.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\nswqYFX.exe
  C:\Windows\System\nswqYFX.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\JwrCyfr.exe
  C:\Windows\System\JwrCyfr.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\UUjOybe.exe
  C:\Windows\System\UUjOybe.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\sQwXGFR.exe
  C:\Windows\System\sQwXGFR.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\HehlxqO.exe
  C:\Windows\System\HehlxqO.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\aHjElck.exe
  C:\Windows\System\aHjElck.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\gNOTVFp.exe
  C:\Windows\System\gNOTVFp.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\jyCLlbx.exe
  C:\Windows\System\jyCLlbx.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\WpuvisW.exe
  C:\Windows\System\WpuvisW.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\FHmSHIQ.exe
  C:\Windows\System\FHmSHIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\opsVCKl.exe
  C:\Windows\System\opsVCKl.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\XQDVRtw.exe
  C:\Windows\System\XQDVRtw.exe
  2⤵
  PID:1580
- C:\Windows\System\HAjieUf.exe
  C:\Windows\System\HAjieUf.exe
  2⤵
  PID:904
- C:\Windows\System\RkNPxgK.exe
  C:\Windows\System\RkNPxgK.exe
  2⤵
  PID:1588
- C:\Windows\System\EFthTFV.exe
  C:\Windows\System\EFthTFV.exe
  2⤵
  PID:3032
- C:\Windows\System\HWghSpx.exe
  C:\Windows\System\HWghSpx.exe
  2⤵
  PID:3056
- C:\Windows\System\TaJHTXM.exe
  C:\Windows\System\TaJHTXM.exe
  2⤵
  PID:2120
- C:\Windows\System\IpYNtzk.exe
  C:\Windows\System\IpYNtzk.exe
  2⤵
  PID:2956
- C:\Windows\System\TwhzUbO.exe
  C:\Windows\System\TwhzUbO.exe
  2⤵
  PID:2332
- C:\Windows\System\GljVtyc.exe
  C:\Windows\System\GljVtyc.exe
  2⤵
  PID:1240
- C:\Windows\System\bDywdnl.exe
  C:\Windows\System\bDywdnl.exe
  2⤵
  PID:912
- C:\Windows\System\KthpqPJ.exe
  C:\Windows\System\KthpqPJ.exe
  2⤵
  PID:920
- C:\Windows\System\JSkEiUw.exe
  C:\Windows\System\JSkEiUw.exe
  2⤵
  PID:108
- C:\Windows\System\GTgfTRk.exe
  C:\Windows\System\GTgfTRk.exe
  2⤵
  PID:884
- C:\Windows\System\HWAXvAZ.exe
  C:\Windows\System\HWAXvAZ.exe
  2⤵
  PID:1532
- C:\Windows\System\TyoCOnx.exe
  C:\Windows\System\TyoCOnx.exe
  2⤵
  PID:700
- C:\Windows\System\AhcEHrr.exe
  C:\Windows\System\AhcEHrr.exe
  2⤵
  PID:1288
- C:\Windows\System\JCkeDKw.exe
  C:\Windows\System\JCkeDKw.exe
  2⤵
  PID:2148
- C:\Windows\System\OVyqoJH.exe
  C:\Windows\System\OVyqoJH.exe
  2⤵
  PID:2440
- C:\Windows\System\jJwVTnz.exe
  C:\Windows\System\jJwVTnz.exe
  2⤵
  PID:3016
- C:\Windows\System\LQWRIOA.exe
  C:\Windows\System\LQWRIOA.exe
  2⤵
  PID:2416
- C:\Windows\System\KjizCZS.exe
  C:\Windows\System\KjizCZS.exe
  2⤵
  PID:2720
- C:\Windows\System\TkuEXet.exe
  C:\Windows\System\TkuEXet.exe
  2⤵
  PID:2384
- C:\Windows\System\vUGdCSs.exe
  C:\Windows\System\vUGdCSs.exe
  2⤵
  PID:2764
- C:\Windows\System\xdiyVWu.exe
  C:\Windows\System\xdiyVWu.exe
  2⤵
  PID:2780
- C:\Windows\System\EWUgpyZ.exe
  C:\Windows\System\EWUgpyZ.exe
  2⤵
  PID:548
- C:\Windows\System\IjclbFs.exe
  C:\Windows\System\IjclbFs.exe
  2⤵
  PID:1720
- C:\Windows\System\PmTOnqJ.exe
  C:\Windows\System\PmTOnqJ.exe
  2⤵
  PID:1032
- C:\Windows\System\AutVtxH.exe
  C:\Windows\System\AutVtxH.exe
  2⤵
  PID:1900
- C:\Windows\System\IjBLSsg.exe
  C:\Windows\System\IjBLSsg.exe
  2⤵
  PID:832
- C:\Windows\System\eFIKqgr.exe
  C:\Windows\System\eFIKqgr.exe
  2⤵
  PID:2736
- C:\Windows\System\pfigGwt.exe
  C:\Windows\System\pfigGwt.exe
  2⤵
  PID:2432
- C:\Windows\System\MKEJzaw.exe
  C:\Windows\System\MKEJzaw.exe
  2⤵
  PID:2220
- C:\Windows\System\KBXznfv.exe
  C:\Windows\System\KBXznfv.exe
  2⤵
  PID:1368
- C:\Windows\System\gCuLEPd.exe
  C:\Windows\System\gCuLEPd.exe
  2⤵
  PID:1608
- C:\Windows\System\wtbMaoT.exe
  C:\Windows\System\wtbMaoT.exe
  2⤵
  PID:3088
- C:\Windows\System\veLgaWe.exe
  C:\Windows\System\veLgaWe.exe
  2⤵
  PID:3116
- C:\Windows\System\juvFzzt.exe
  C:\Windows\System\juvFzzt.exe
  2⤵
  PID:3140
- C:\Windows\System\dznNIlE.exe
  C:\Windows\System\dznNIlE.exe
  2⤵
  PID:3160
- C:\Windows\System\YVzzMdb.exe
  C:\Windows\System\YVzzMdb.exe
  2⤵
  PID:3176
- C:\Windows\System\tDFLbME.exe
  C:\Windows\System\tDFLbME.exe
  2⤵
  PID:3192
- C:\Windows\System\tfkNDKn.exe
  C:\Windows\System\tfkNDKn.exe
  2⤵
  PID:3208
- C:\Windows\System\MzQJSQo.exe
  C:\Windows\System\MzQJSQo.exe
  2⤵
  PID:3224
- C:\Windows\System\EqdYKqN.exe
  C:\Windows\System\EqdYKqN.exe
  2⤵
  PID:3252
- C:\Windows\System\OttvLoD.exe
  C:\Windows\System\OttvLoD.exe
  2⤵
  PID:3272
- C:\Windows\System\GBdpDBj.exe
  C:\Windows\System\GBdpDBj.exe
  2⤵
  PID:3292
- C:\Windows\System\wUgHdou.exe
  C:\Windows\System\wUgHdou.exe
  2⤵
  PID:3308
- C:\Windows\System\CVTLOiq.exe
  C:\Windows\System\CVTLOiq.exe
  2⤵
  PID:3328
- C:\Windows\System\RtynaYp.exe
  C:\Windows\System\RtynaYp.exe
  2⤵
  PID:3348
- C:\Windows\System\HlpORZn.exe
  C:\Windows\System\HlpORZn.exe
  2⤵
  PID:3372
- C:\Windows\System\jgTaGYf.exe
  C:\Windows\System\jgTaGYf.exe
  2⤵
  PID:3392
- C:\Windows\System\XpuGxde.exe
  C:\Windows\System\XpuGxde.exe
  2⤵
  PID:3412
- C:\Windows\System\PQOSyNu.exe
  C:\Windows\System\PQOSyNu.exe
  2⤵
  PID:3444
- C:\Windows\System\HtNuYsJ.exe
  C:\Windows\System\HtNuYsJ.exe
  2⤵
  PID:3476
- C:\Windows\System\pRscrGc.exe
  C:\Windows\System\pRscrGc.exe
  2⤵
  PID:3496
- C:\Windows\System\SEdUHWh.exe
  C:\Windows\System\SEdUHWh.exe
  2⤵
  PID:3516
- C:\Windows\System\GNwIxni.exe
  C:\Windows\System\GNwIxni.exe
  2⤵
  PID:3532
- C:\Windows\System\DFaAuCJ.exe
  C:\Windows\System\DFaAuCJ.exe
  2⤵
  PID:3552
- C:\Windows\System\xoSYdhS.exe
  C:\Windows\System\xoSYdhS.exe
  2⤵
  PID:3568
- C:\Windows\System\JzyzXlC.exe
  C:\Windows\System\JzyzXlC.exe
  2⤵
  PID:3592
- C:\Windows\System\UljUaCt.exe
  C:\Windows\System\UljUaCt.exe
  2⤵
  PID:3616
- C:\Windows\System\zGeEecB.exe
  C:\Windows\System\zGeEecB.exe
  2⤵
  PID:3636
- C:\Windows\System\ZqAAWbu.exe
  C:\Windows\System\ZqAAWbu.exe
  2⤵
  PID:3656
- C:\Windows\System\PJBHFFF.exe
  C:\Windows\System\PJBHFFF.exe
  2⤵
  PID:3680
- C:\Windows\System\OnXjgXU.exe
  C:\Windows\System\OnXjgXU.exe
  2⤵
  PID:3696
- C:\Windows\System\EkFSpYO.exe
  C:\Windows\System\EkFSpYO.exe
  2⤵
  PID:3716
- C:\Windows\System\aALrHlD.exe
  C:\Windows\System\aALrHlD.exe
  2⤵
  PID:3736
- C:\Windows\System\juNTXmI.exe
  C:\Windows\System\juNTXmI.exe
  2⤵
  PID:3756
- C:\Windows\System\eZwTwLG.exe
  C:\Windows\System\eZwTwLG.exe
  2⤵
  PID:3780
- C:\Windows\System\OdNPLkk.exe
  C:\Windows\System\OdNPLkk.exe
  2⤵
  PID:3796
- C:\Windows\System\UvHEFYu.exe
  C:\Windows\System\UvHEFYu.exe
  2⤵
  PID:3820
- C:\Windows\System\bGULtGk.exe
  C:\Windows\System\bGULtGk.exe
  2⤵
  PID:3840
- C:\Windows\System\cFZjxxw.exe
  C:\Windows\System\cFZjxxw.exe
  2⤵
  PID:3856
- C:\Windows\System\NYNqFTX.exe
  C:\Windows\System\NYNqFTX.exe
  2⤵
  PID:3876
- C:\Windows\System\JFueNlQ.exe
  C:\Windows\System\JFueNlQ.exe
  2⤵
  PID:3896
- C:\Windows\System\JJAuVjT.exe
  C:\Windows\System\JJAuVjT.exe
  2⤵
  PID:3912
- C:\Windows\System\QYMtHkY.exe
  C:\Windows\System\QYMtHkY.exe
  2⤵
  PID:3928
- C:\Windows\System\JzKhAAu.exe
  C:\Windows\System\JzKhAAu.exe
  2⤵
  PID:3944
- C:\Windows\System\GBgvbeP.exe
  C:\Windows\System\GBgvbeP.exe
  2⤵
  PID:3980
- C:\Windows\System\bhGiIDM.exe
  C:\Windows\System\bhGiIDM.exe
  2⤵
  PID:3996
- C:\Windows\System\viIjLko.exe
  C:\Windows\System\viIjLko.exe
  2⤵
  PID:4016
- C:\Windows\System\uhyggen.exe
  C:\Windows\System\uhyggen.exe
  2⤵
  PID:4036
- C:\Windows\System\mVtSLhQ.exe
  C:\Windows\System\mVtSLhQ.exe
  2⤵
  PID:4052
- C:\Windows\System\QquDhcL.exe
  C:\Windows\System\QquDhcL.exe
  2⤵
  PID:4072
- C:\Windows\System\cwLOfoM.exe
  C:\Windows\System\cwLOfoM.exe
  2⤵
  PID:4092
- C:\Windows\System\lrWcbuc.exe
  C:\Windows\System\lrWcbuc.exe
  2⤵
  PID:1312
- C:\Windows\System\VwIGWow.exe
  C:\Windows\System\VwIGWow.exe
  2⤵
  PID:1640
- C:\Windows\System\UOoZELu.exe
  C:\Windows\System\UOoZELu.exe
  2⤵
  PID:3068
- C:\Windows\System\DqiBwkd.exe
  C:\Windows\System\DqiBwkd.exe
  2⤵
  PID:2504
- C:\Windows\System\hNeTuZC.exe
  C:\Windows\System\hNeTuZC.exe
  2⤵
  PID:2180
- C:\Windows\System\AnKYSod.exe
  C:\Windows\System\AnKYSod.exe
  2⤵
  PID:2772
- C:\Windows\System\YNCgojh.exe
  C:\Windows\System\YNCgojh.exe
  2⤵
  PID:3128
- C:\Windows\System\MUptYMc.exe
  C:\Windows\System\MUptYMc.exe
  2⤵
  PID:2524
- C:\Windows\System\UgnRgCX.exe
  C:\Windows\System\UgnRgCX.exe
  2⤵
  PID:2328
- C:\Windows\System\rclEtAv.exe
  C:\Windows\System\rclEtAv.exe
  2⤵
  PID:2664
- C:\Windows\System\NhzaRVt.exe
  C:\Windows\System\NhzaRVt.exe
  2⤵
  PID:3204
- C:\Windows\System\sDrzImw.exe
  C:\Windows\System\sDrzImw.exe
  2⤵
  PID:3232
- C:\Windows\System\pwnggic.exe
  C:\Windows\System\pwnggic.exe
  2⤵
  PID:2056
- C:\Windows\System\zOMMmRY.exe
  C:\Windows\System\zOMMmRY.exe
  2⤵
  PID:3280
- C:\Windows\System\SsOFsYw.exe
  C:\Windows\System\SsOFsYw.exe
  2⤵
  PID:3288
- C:\Windows\System\FxkGuhO.exe
  C:\Windows\System\FxkGuhO.exe
  2⤵
  PID:3316
- C:\Windows\System\gkEuiSl.exe
  C:\Windows\System\gkEuiSl.exe
  2⤵
  PID:3364
- C:\Windows\System\hAWqOrR.exe
  C:\Windows\System\hAWqOrR.exe
  2⤵
  PID:3188
- C:\Windows\System\tBbTCbQ.exe
  C:\Windows\System\tBbTCbQ.exe
  2⤵
  PID:3260
- C:\Windows\System\OojYKsu.exe
  C:\Windows\System\OojYKsu.exe
  2⤵
  PID:3388
- C:\Windows\System\dMhoglr.exe
  C:\Windows\System\dMhoglr.exe
  2⤵
  PID:3300
- C:\Windows\System\kEhWJCQ.exe
  C:\Windows\System\kEhWJCQ.exe
  2⤵
  PID:3456
- C:\Windows\System\VcUFDCQ.exe
  C:\Windows\System\VcUFDCQ.exe
  2⤵
  PID:3504
- C:\Windows\System\SEcnuTv.exe
  C:\Windows\System\SEcnuTv.exe
  2⤵
  PID:3488
- C:\Windows\System\ApWINBB.exe
  C:\Windows\System\ApWINBB.exe
  2⤵
  PID:3580
- C:\Windows\System\slTNzxh.exe
  C:\Windows\System\slTNzxh.exe
  2⤵
  PID:3524
- C:\Windows\System\qIFDLmn.exe
  C:\Windows\System\qIFDLmn.exe
  2⤵
  PID:3628
- C:\Windows\System\qgDdmZQ.exe
  C:\Windows\System\qgDdmZQ.exe
  2⤵
  PID:3560
- C:\Windows\System\usNjWts.exe
  C:\Windows\System\usNjWts.exe
  2⤵
  PID:3668
- C:\Windows\System\fttnKSf.exe
  C:\Windows\System\fttnKSf.exe
  2⤵
  PID:3744
- C:\Windows\System\MjzdXTW.exe
  C:\Windows\System\MjzdXTW.exe
  2⤵
  PID:3648
- C:\Windows\System\XQAnNAQ.exe
  C:\Windows\System\XQAnNAQ.exe
  2⤵
  PID:3788
- C:\Windows\System\wLihEkg.exe
  C:\Windows\System\wLihEkg.exe
  2⤵
  PID:3804
- C:\Windows\System\tgLGqhp.exe
  C:\Windows\System\tgLGqhp.exe
  2⤵
  PID:3904
- C:\Windows\System\jXqmPyD.exe
  C:\Windows\System\jXqmPyD.exe
  2⤵
  PID:3812
- C:\Windows\System\EsnFFbk.exe
  C:\Windows\System\EsnFFbk.exe
  2⤵
  PID:3892
- C:\Windows\System\NqLxuwx.exe
  C:\Windows\System\NqLxuwx.exe
  2⤵
  PID:3956
- C:\Windows\System\uaYlSgU.exe
  C:\Windows\System\uaYlSgU.exe
  2⤵
  PID:4032
- C:\Windows\System\QoyovFc.exe
  C:\Windows\System\QoyovFc.exe
  2⤵
  PID:2904
- C:\Windows\System\ttauLzj.exe
  C:\Windows\System\ttauLzj.exe
  2⤵
  PID:3976
- C:\Windows\System\TcyqtEH.exe
  C:\Windows\System\TcyqtEH.exe
  2⤵
  PID:4044
- C:\Windows\System\aTvQWSe.exe
  C:\Windows\System\aTvQWSe.exe
  2⤵
  PID:2940
- C:\Windows\System\jzcUQCT.exe
  C:\Windows\System\jzcUQCT.exe
  2⤵
  PID:2080
- C:\Windows\System\syGIkLO.exe
  C:\Windows\System\syGIkLO.exe
  2⤵
  PID:1652
- C:\Windows\System\lbvqWMB.exe
  C:\Windows\System\lbvqWMB.exe
  2⤵
  PID:3084
- C:\Windows\System\EMQZNIm.exe
  C:\Windows\System\EMQZNIm.exe
  2⤵
  PID:3080
- C:\Windows\System\EqKGmxk.exe
  C:\Windows\System\EqKGmxk.exe
  2⤵
  PID:3244
- C:\Windows\System\jjepUjw.exe
  C:\Windows\System\jjepUjw.exe
  2⤵
  PID:2684
- C:\Windows\System\tCyXFNt.exe
  C:\Windows\System\tCyXFNt.exe
  2⤵
  PID:2920
- C:\Windows\System\GnAdvmy.exe
  C:\Windows\System\GnAdvmy.exe
  2⤵
  PID:1656
- C:\Windows\System\cPERlDV.exe
  C:\Windows\System\cPERlDV.exe
  2⤵
  PID:3408
- C:\Windows\System\pyGJFLF.exe
  C:\Windows\System\pyGJFLF.exe
  2⤵
  PID:3424
- C:\Windows\System\auIHJxf.exe
  C:\Windows\System\auIHJxf.exe
  2⤵
  PID:3576
- C:\Windows\System\HcTOTGy.exe
  C:\Windows\System\HcTOTGy.exe
  2⤵
  PID:3368
- C:\Windows\System\DTXRxCI.exe
  C:\Windows\System\DTXRxCI.exe
  2⤵
  PID:3336
- C:\Windows\System\ptqvMSw.exe
  C:\Windows\System\ptqvMSw.exe
  2⤵
  PID:3672
- C:\Windows\System\XQRuKCb.exe
  C:\Windows\System\XQRuKCb.exe
  2⤵
  PID:3764
- C:\Windows\System\akOEvVe.exe
  C:\Windows\System\akOEvVe.exe
  2⤵
  PID:3776
- C:\Windows\System\BriyZgE.exe
  C:\Windows\System\BriyZgE.exe
  2⤵
  PID:3712
- C:\Windows\System\HjNQJNw.exe
  C:\Windows\System\HjNQJNw.exe
  2⤵
  PID:3732
- C:\Windows\System\gurRxrO.exe
  C:\Windows\System\gurRxrO.exe
  2⤵
  PID:3584
- C:\Windows\System\ZHOwXsU.exe
  C:\Windows\System\ZHOwXsU.exe
  2⤵
  PID:3936
- C:\Windows\System\BJpzQIC.exe
  C:\Windows\System\BJpzQIC.exe
  2⤵
  PID:3964
- C:\Windows\System\vXHvmfI.exe
  C:\Windows\System\vXHvmfI.exe
  2⤵
  PID:4068
- C:\Windows\System\gMmGqPd.exe
  C:\Windows\System\gMmGqPd.exe
  2⤵
  PID:3852
- C:\Windows\System\PLwsxMv.exe
  C:\Windows\System\PLwsxMv.exe
  2⤵
  PID:1708
- C:\Windows\System\rvcxmeA.exe
  C:\Windows\System\rvcxmeA.exe
  2⤵
  PID:2100
- C:\Windows\System\EVHvVhj.exe
  C:\Windows\System\EVHvVhj.exe
  2⤵
  PID:2208
- C:\Windows\System\PXSiMuf.exe
  C:\Windows\System\PXSiMuf.exe
  2⤵
  PID:2344
- C:\Windows\System\AUxgqyt.exe
  C:\Windows\System\AUxgqyt.exe
  2⤵
  PID:2604
- C:\Windows\System\cgOMrzX.exe
  C:\Windows\System\cgOMrzX.exe
  2⤵
  PID:3320
- C:\Windows\System\XVzwXAm.exe
  C:\Windows\System\XVzwXAm.exe
  2⤵
  PID:3464
- C:\Windows\System\PvuIwMt.exe
  C:\Windows\System\PvuIwMt.exe
  2⤵
  PID:3268
- C:\Windows\System\EmwffGz.exe
  C:\Windows\System\EmwffGz.exe
  2⤵
  PID:3384
- C:\Windows\System\cOvbvMR.exe
  C:\Windows\System\cOvbvMR.exe
  2⤵
  PID:3644
- C:\Windows\System\PpHunJP.exe
  C:\Windows\System\PpHunJP.exe
  2⤵
  PID:3604
- C:\Windows\System\xPdtISN.exe
  C:\Windows\System\xPdtISN.exe
  2⤵
  PID:3492
- C:\Windows\System\hPLMZWD.exe
  C:\Windows\System\hPLMZWD.exe
  2⤵
  PID:3728
- C:\Windows\System\nQtEJsI.exe
  C:\Windows\System\nQtEJsI.exe
  2⤵
  PID:3692
- C:\Windows\System\gHbEZWG.exe
  C:\Windows\System\gHbEZWG.exe
  2⤵
  PID:4012
- C:\Windows\System\lPaJHXY.exe
  C:\Windows\System\lPaJHXY.exe
  2⤵
  PID:4084
- C:\Windows\System\GQEMspS.exe
  C:\Windows\System\GQEMspS.exe
  2⤵
  PID:2600
- C:\Windows\System\SHiDISp.exe
  C:\Windows\System\SHiDISp.exe
  2⤵
  PID:4100
- C:\Windows\System\uTCvyDe.exe
  C:\Windows\System\uTCvyDe.exe
  2⤵
  PID:4116
- C:\Windows\System\XUAPyCb.exe
  C:\Windows\System\XUAPyCb.exe
  2⤵
  PID:4136
- C:\Windows\System\zFydqrw.exe
  C:\Windows\System\zFydqrw.exe
  2⤵
  PID:4156
- C:\Windows\System\JkHPToy.exe
  C:\Windows\System\JkHPToy.exe
  2⤵
  PID:4172
- C:\Windows\System\znRyZIs.exe
  C:\Windows\System\znRyZIs.exe
  2⤵
  PID:4192
- C:\Windows\System\mPjFYNR.exe
  C:\Windows\System\mPjFYNR.exe
  2⤵
  PID:4216
- C:\Windows\System\lNBYtjs.exe
  C:\Windows\System\lNBYtjs.exe
  2⤵
  PID:4236
- C:\Windows\System\ySnkYIy.exe
  C:\Windows\System\ySnkYIy.exe
  2⤵
  PID:4256
- C:\Windows\System\QwEmjlU.exe
  C:\Windows\System\QwEmjlU.exe
  2⤵
  PID:4276
- C:\Windows\System\zpflPLR.exe
  C:\Windows\System\zpflPLR.exe
  2⤵
  PID:4296
- C:\Windows\System\SHsxTjy.exe
  C:\Windows\System\SHsxTjy.exe
  2⤵
  PID:4316
- C:\Windows\System\EeoantM.exe
  C:\Windows\System\EeoantM.exe
  2⤵
  PID:4340
- C:\Windows\System\sfJAkQu.exe
  C:\Windows\System\sfJAkQu.exe
  2⤵
  PID:4360
- C:\Windows\System\IinvZhn.exe
  C:\Windows\System\IinvZhn.exe
  2⤵
  PID:4376
- C:\Windows\System\PrJppJP.exe
  C:\Windows\System\PrJppJP.exe
  2⤵
  PID:4400
- C:\Windows\System\LeJxKnp.exe
  C:\Windows\System\LeJxKnp.exe
  2⤵
  PID:4420
- C:\Windows\System\ZbeAyiF.exe
  C:\Windows\System\ZbeAyiF.exe
  2⤵
  PID:4436
- C:\Windows\System\EpfGtra.exe
  C:\Windows\System\EpfGtra.exe
  2⤵
  PID:4456
- C:\Windows\System\QabomBZ.exe
  C:\Windows\System\QabomBZ.exe
  2⤵
  PID:4476
- C:\Windows\System\qGnvNRr.exe
  C:\Windows\System\qGnvNRr.exe
  2⤵
  PID:4492
- C:\Windows\System\sPUovpx.exe
  C:\Windows\System\sPUovpx.exe
  2⤵
  PID:4516
- C:\Windows\System\GzYDVEE.exe
  C:\Windows\System\GzYDVEE.exe
  2⤵
  PID:4536
- C:\Windows\System\liFRSCi.exe
  C:\Windows\System\liFRSCi.exe
  2⤵
  PID:4556
- C:\Windows\System\kvxyWBC.exe
  C:\Windows\System\kvxyWBC.exe
  2⤵
  PID:4572
- C:\Windows\System\hybTNen.exe
  C:\Windows\System\hybTNen.exe
  2⤵
  PID:4588
- C:\Windows\System\lhKDdBp.exe
  C:\Windows\System\lhKDdBp.exe
  2⤵
  PID:4612
- C:\Windows\System\eOBxifr.exe
  C:\Windows\System\eOBxifr.exe
  2⤵
  PID:4632
- C:\Windows\System\SGzanWz.exe
  C:\Windows\System\SGzanWz.exe
  2⤵
  PID:4648
- C:\Windows\System\NNvzHAn.exe
  C:\Windows\System\NNvzHAn.exe
  2⤵
  PID:4664
- C:\Windows\System\vnYNtSB.exe
  C:\Windows\System\vnYNtSB.exe
  2⤵
  PID:4680
- C:\Windows\System\iyryYNy.exe
  C:\Windows\System\iyryYNy.exe
  2⤵
  PID:4696
- C:\Windows\System\DEioNUP.exe
  C:\Windows\System\DEioNUP.exe
  2⤵
  PID:4712
- C:\Windows\System\ZpLmRAo.exe
  C:\Windows\System\ZpLmRAo.exe
  2⤵
  PID:4728
- C:\Windows\System\gojggVL.exe
  C:\Windows\System\gojggVL.exe
  2⤵
  PID:4744
- C:\Windows\System\YMlMnzu.exe
  C:\Windows\System\YMlMnzu.exe
  2⤵
  PID:4776
- C:\Windows\System\BZqTbkb.exe
  C:\Windows\System\BZqTbkb.exe
  2⤵
  PID:4800
- C:\Windows\System\IuWZgNK.exe
  C:\Windows\System\IuWZgNK.exe
  2⤵
  PID:4816
- C:\Windows\System\JmYoWbz.exe
  C:\Windows\System\JmYoWbz.exe
  2⤵
  PID:4840
- C:\Windows\System\cJLIriG.exe
  C:\Windows\System\cJLIriG.exe
  2⤵
  PID:4856
- C:\Windows\System\pIcjyuc.exe
  C:\Windows\System\pIcjyuc.exe
  2⤵
  PID:4900
- C:\Windows\System\mSfjptu.exe
  C:\Windows\System\mSfjptu.exe
  2⤵
  PID:4916
- C:\Windows\System\sfzDeFC.exe
  C:\Windows\System\sfzDeFC.exe
  2⤵
  PID:4932
- C:\Windows\System\wWHMxza.exe
  C:\Windows\System\wWHMxza.exe
  2⤵
  PID:4956
- C:\Windows\System\ZxspQLD.exe
  C:\Windows\System\ZxspQLD.exe
  2⤵
  PID:4980
- C:\Windows\System\XeNkAjl.exe
  C:\Windows\System\XeNkAjl.exe
  2⤵
  PID:5000
- C:\Windows\System\mZLXqWp.exe
  C:\Windows\System\mZLXqWp.exe
  2⤵
  PID:5016
- C:\Windows\System\YCjfLoX.exe
  C:\Windows\System\YCjfLoX.exe
  2⤵
  PID:5036
- C:\Windows\System\jzPRASn.exe
  C:\Windows\System\jzPRASn.exe
  2⤵
  PID:5060
- C:\Windows\System\yNEHveD.exe
  C:\Windows\System\yNEHveD.exe
  2⤵
  PID:5080
- C:\Windows\System\TkBBVbk.exe
  C:\Windows\System\TkBBVbk.exe
  2⤵
  PID:5100
- C:\Windows\System\TjoOgfr.exe
  C:\Windows\System\TjoOgfr.exe
  2⤵
  PID:2732
- C:\Windows\System\IRLiIyQ.exe
  C:\Windows\System\IRLiIyQ.exe
  2⤵
  PID:3216
- C:\Windows\System\qdxwtRU.exe
  C:\Windows\System\qdxwtRU.exe
  2⤵
  PID:3748
- C:\Windows\System\aqaWpod.exe
  C:\Windows\System\aqaWpod.exe
  2⤵
  PID:3108
- C:\Windows\System\wnpJoVA.exe
  C:\Windows\System\wnpJoVA.exe
  2⤵
  PID:3148
- C:\Windows\System\kGFBMbm.exe
  C:\Windows\System\kGFBMbm.exe
  2⤵
  PID:3772
- C:\Windows\System\iUAsbIF.exe
  C:\Windows\System\iUAsbIF.exe
  2⤵
  PID:2724
- C:\Windows\System\cJeebUH.exe
  C:\Windows\System\cJeebUH.exe
  2⤵
  PID:3132
- C:\Windows\System\fxWpOzP.exe
  C:\Windows\System\fxWpOzP.exe
  2⤵
  PID:3992
- C:\Windows\System\EdFCezq.exe
  C:\Windows\System\EdFCezq.exe
  2⤵
  PID:4132
- C:\Windows\System\NwtCxXL.exe
  C:\Windows\System\NwtCxXL.exe
  2⤵
  PID:4108
- C:\Windows\System\BfhHOTB.exe
  C:\Windows\System\BfhHOTB.exe
  2⤵
  PID:4212
- C:\Windows\System\RHpplpw.exe
  C:\Windows\System\RHpplpw.exe
  2⤵
  PID:4252
- C:\Windows\System\atnnZmv.exe
  C:\Windows\System\atnnZmv.exe
  2⤵
  PID:4188
- C:\Windows\System\WmdVgdp.exe
  C:\Windows\System\WmdVgdp.exe
  2⤵
  PID:4324
- C:\Windows\System\mrSCGYY.exe
  C:\Windows\System\mrSCGYY.exe
  2⤵
  PID:4408
- C:\Windows\System\KncuVmO.exe
  C:\Windows\System\KncuVmO.exe
  2⤵
  PID:4444
- C:\Windows\System\NRfAfOb.exe
  C:\Windows\System\NRfAfOb.exe
  2⤵
  PID:4484
- C:\Windows\System\ClNOjZh.exe
  C:\Windows\System\ClNOjZh.exe
  2⤵
  PID:4564
- C:\Windows\System\cqZRMvE.exe
  C:\Windows\System\cqZRMvE.exe
  2⤵
  PID:4640
- C:\Windows\System\gMRSeSg.exe
  C:\Windows\System\gMRSeSg.exe
  2⤵
  PID:4268
- C:\Windows\System\ljLMBaB.exe
  C:\Windows\System\ljLMBaB.exe
  2⤵
  PID:4312
- C:\Windows\System\MlGwdQc.exe
  C:\Windows\System\MlGwdQc.exe
  2⤵
  PID:4384
- C:\Windows\System\mGUzvqv.exe
  C:\Windows\System\mGUzvqv.exe
  2⤵
  PID:4428
- C:\Windows\System\oLYqxzn.exe
  C:\Windows\System\oLYqxzn.exe
  2⤵
  PID:4788
- C:\Windows\System\cqSVoRV.exe
  C:\Windows\System\cqSVoRV.exe
  2⤵
  PID:4836
- C:\Windows\System\LxxJSkO.exe
  C:\Windows\System\LxxJSkO.exe
  2⤵
  PID:4508
- C:\Windows\System\EqEDpow.exe
  C:\Windows\System\EqEDpow.exe
  2⤵
  PID:4548
- C:\Windows\System\KoqnXuR.exe
  C:\Windows\System\KoqnXuR.exe
  2⤵
  PID:2380
- C:\Windows\System\MjTvqaQ.exe
  C:\Windows\System\MjTvqaQ.exe
  2⤵
  PID:4768
- C:\Windows\System\eINQVQB.exe
  C:\Windows\System\eINQVQB.exe
  2⤵
  PID:4872
- C:\Windows\System\QIyDgvg.exe
  C:\Windows\System\QIyDgvg.exe
  2⤵
  PID:4888
- C:\Windows\System\FbWybOc.exe
  C:\Windows\System\FbWybOc.exe
  2⤵
  PID:4756
- C:\Windows\System\cRMIAkq.exe
  C:\Windows\System\cRMIAkq.exe
  2⤵
  PID:4688
- C:\Windows\System\tRxuTBX.exe
  C:\Windows\System\tRxuTBX.exe
  2⤵
  PID:4972
- C:\Windows\System\IYZGIaI.exe
  C:\Windows\System\IYZGIaI.exe
  2⤵
  PID:5044
- C:\Windows\System\xNyZlrE.exe
  C:\Windows\System\xNyZlrE.exe
  2⤵
  PID:3624
- C:\Windows\System\TjUfTtx.exe
  C:\Windows\System\TjUfTtx.exe
  2⤵
  PID:4908
- C:\Windows\System\FMDLUMe.exe
  C:\Windows\System\FMDLUMe.exe
  2⤵
  PID:4208
- C:\Windows\System\GWVcRTx.exe
  C:\Windows\System\GWVcRTx.exe
  2⤵
  PID:4184
- C:\Windows\System\QEaUXhP.exe
  C:\Windows\System\QEaUXhP.exe
  2⤵
  PID:4988
- C:\Windows\System\HwFVKGB.exe
  C:\Windows\System\HwFVKGB.exe
  2⤵
  PID:4596
- C:\Windows\System\ICGZGuG.exe
  C:\Windows\System\ICGZGuG.exe
  2⤵
  PID:4308
- C:\Windows\System\dGHeKOo.exe
  C:\Windows\System\dGHeKOo.exe
  2⤵
  PID:4828
- C:\Windows\System\MtRoppu.exe
  C:\Windows\System\MtRoppu.exe
  2⤵
  PID:5068
- C:\Windows\System\nTDuALO.exe
  C:\Windows\System\nTDuALO.exe
  2⤵
  PID:4624
- C:\Windows\System\ZtAgsHS.exe
  C:\Windows\System\ZtAgsHS.exe
  2⤵
  PID:5112
- C:\Windows\System\AkgtSpQ.exe
  C:\Windows\System\AkgtSpQ.exe
  2⤵
  PID:3848
- C:\Windows\System\ZdwAAii.exe
  C:\Windows\System\ZdwAAii.exe
  2⤵
  PID:4764
- C:\Windows\System\HQXOPyG.exe
  C:\Windows\System\HQXOPyG.exe
  2⤵
  PID:4884
- C:\Windows\System\IBdSctL.exe
  C:\Windows\System\IBdSctL.exe
  2⤵
  PID:776
- C:\Windows\System\fGgoXrh.exe
  C:\Windows\System\fGgoXrh.exe
  2⤵
  PID:4244
- C:\Windows\System\smKhWEv.exe
  C:\Windows\System\smKhWEv.exe
  2⤵
  PID:4224
- C:\Windows\System\udmEmRy.exe
  C:\Windows\System\udmEmRy.exe
  2⤵
  PID:4532
- C:\Windows\System\UeZYXMq.exe
  C:\Windows\System\UeZYXMq.exe
  2⤵
  PID:4968
- C:\Windows\System\dMllrkm.exe
  C:\Windows\System\dMllrkm.exe
  2⤵
  PID:2252
- C:\Windows\System\LqheUEy.exe
  C:\Windows\System\LqheUEy.exe
  2⤵
  PID:4584
- C:\Windows\System\BBQxyts.exe
  C:\Windows\System\BBQxyts.exe
  2⤵
  PID:4924
- C:\Windows\System\lbNRqEb.exe
  C:\Windows\System\lbNRqEb.exe
  2⤵
  PID:4812
- C:\Windows\System\csRCEBn.exe
  C:\Windows\System\csRCEBn.exe
  2⤵
  PID:4792
- C:\Windows\System\yPxthWo.exe
  C:\Windows\System\yPxthWo.exe
  2⤵
  PID:1676
- C:\Windows\System\FuMOVXS.exe
  C:\Windows\System\FuMOVXS.exe
  2⤵
  PID:3356
- C:\Windows\System\KnCdLVq.exe
  C:\Windows\System\KnCdLVq.exe
  2⤵
  PID:4948
- C:\Windows\System\MoDMtqv.exe
  C:\Windows\System\MoDMtqv.exe
  2⤵
  PID:4996
- C:\Windows\System\lKrfUHE.exe
  C:\Windows\System\lKrfUHE.exe
  2⤵
  PID:4368
- C:\Windows\System\cSdSOlM.exe
  C:\Windows\System\cSdSOlM.exe
  2⤵
  PID:4396
- C:\Windows\System\kIkwDrj.exe
  C:\Windows\System\kIkwDrj.exe
  2⤵
  PID:4512
- C:\Windows\System\pneawIg.exe
  C:\Windows\System\pneawIg.exe
  2⤵
  PID:3172
- C:\Windows\System\BYpklhC.exe
  C:\Windows\System\BYpklhC.exe
  2⤵
  PID:5024
- C:\Windows\System\SNSiuPf.exe
  C:\Windows\System\SNSiuPf.exe
  2⤵
  PID:3972
- C:\Windows\System\wEBwFmN.exe
  C:\Windows\System\wEBwFmN.exe
  2⤵
  PID:4152
- C:\Windows\System\nmWbXGm.exe
  C:\Windows\System\nmWbXGm.exe
  2⤵
  PID:4724
- C:\Windows\System\EYKVpeL.exe
  C:\Windows\System\EYKVpeL.exe
  2⤵
  PID:4124
- C:\Windows\System\hXlOSQz.exe
  C:\Windows\System\hXlOSQz.exe
  2⤵
  PID:4328
- C:\Windows\System\jpRAQOF.exe
  C:\Windows\System\jpRAQOF.exe
  2⤵
  PID:3404
- C:\Windows\System\ooomKrt.exe
  C:\Windows\System\ooomKrt.exe
  2⤵
  PID:4448
- C:\Windows\System\Ghsnmuv.exe
  C:\Windows\System\Ghsnmuv.exe
  2⤵
  PID:4580
- C:\Windows\System\HOzsqrC.exe
  C:\Windows\System\HOzsqrC.exe
  2⤵
  PID:4304
- C:\Windows\System\uetQLyi.exe
  C:\Windows\System\uetQLyi.exe
  2⤵
  PID:2536
- C:\Windows\System\nJylffV.exe
  C:\Windows\System\nJylffV.exe
  2⤵
  PID:1568
- C:\Windows\System\lrHZJpm.exe
  C:\Windows\System\lrHZJpm.exe
  2⤵
  PID:3484
- C:\Windows\System\MnAWGPH.exe
  C:\Windows\System\MnAWGPH.exe
  2⤵
  PID:1524
- C:\Windows\System\DqDyMTj.exe
  C:\Windows\System\DqDyMTj.exe
  2⤵
  PID:2456
- C:\Windows\System\iCbCfRx.exe
  C:\Windows\System\iCbCfRx.exe
  2⤵
  PID:4896
- C:\Windows\System\YugFbGN.exe
  C:\Windows\System\YugFbGN.exe
  2⤵
  PID:1152
- C:\Windows\System\Jetxdeg.exe
  C:\Windows\System\Jetxdeg.exe
  2⤵
  PID:4852
- C:\Windows\System\NrMkizW.exe
  C:\Windows\System\NrMkizW.exe
  2⤵
  PID:5136
- C:\Windows\System\aZrRkae.exe
  C:\Windows\System\aZrRkae.exe
  2⤵
  PID:5156
- C:\Windows\System\TvcqlSv.exe
  C:\Windows\System\TvcqlSv.exe
  2⤵
  PID:5176
- C:\Windows\System\cnoSvhk.exe
  C:\Windows\System\cnoSvhk.exe
  2⤵
  PID:5192
- C:\Windows\System\wiLycqZ.exe
  C:\Windows\System\wiLycqZ.exe
  2⤵
  PID:5208
- C:\Windows\System\wkehhCv.exe
  C:\Windows\System\wkehhCv.exe
  2⤵
  PID:5224
- C:\Windows\System\fRFClwc.exe
  C:\Windows\System\fRFClwc.exe
  2⤵
  PID:5240
- C:\Windows\System\egsOdZk.exe
  C:\Windows\System\egsOdZk.exe
  2⤵
  PID:5256
- C:\Windows\System\vylreJf.exe
  C:\Windows\System\vylreJf.exe
  2⤵
  PID:5272
- C:\Windows\System\WGDoyZT.exe
  C:\Windows\System\WGDoyZT.exe
  2⤵
  PID:5288
- C:\Windows\System\FAWipma.exe
  C:\Windows\System\FAWipma.exe
  2⤵
  PID:5304
- C:\Windows\System\VVivRVj.exe
  C:\Windows\System\VVivRVj.exe
  2⤵
  PID:5324
- C:\Windows\System\XeUknSW.exe
  C:\Windows\System\XeUknSW.exe
  2⤵
  PID:5344
- C:\Windows\System\PloPHHu.exe
  C:\Windows\System\PloPHHu.exe
  2⤵
  PID:5364
- C:\Windows\System\PzaSYKi.exe
  C:\Windows\System\PzaSYKi.exe
  2⤵
  PID:5388
- C:\Windows\System\UmPhcCA.exe
  C:\Windows\System\UmPhcCA.exe
  2⤵
  PID:5412
- C:\Windows\System\uXZiJhv.exe
  C:\Windows\System\uXZiJhv.exe
  2⤵
  PID:5440
- C:\Windows\System\AfuhsiK.exe
  C:\Windows\System\AfuhsiK.exe
  2⤵
  PID:5456
- C:\Windows\System\pAVIDCS.exe
  C:\Windows\System\pAVIDCS.exe
  2⤵
  PID:5480
- C:\Windows\System\vqQVimh.exe
  C:\Windows\System\vqQVimh.exe
  2⤵
  PID:5500
- C:\Windows\System\OOUDRlm.exe
  C:\Windows\System\OOUDRlm.exe
  2⤵
  PID:5536
- C:\Windows\System\HdecWNd.exe
  C:\Windows\System\HdecWNd.exe
  2⤵
  PID:5552
- C:\Windows\System\fiyNWPA.exe
  C:\Windows\System\fiyNWPA.exe
  2⤵
  PID:5568
- C:\Windows\System\CdihbfZ.exe
  C:\Windows\System\CdihbfZ.exe
  2⤵
  PID:5584
- C:\Windows\System\MWzoouf.exe
  C:\Windows\System\MWzoouf.exe
  2⤵
  PID:5604
- C:\Windows\System\uQgqVrm.exe
  C:\Windows\System\uQgqVrm.exe
  2⤵
  PID:5628
- C:\Windows\System\VPzuHNn.exe
  C:\Windows\System\VPzuHNn.exe
  2⤵
  PID:5644
- C:\Windows\System\UBHUsuW.exe
  C:\Windows\System\UBHUsuW.exe
  2⤵
  PID:5668
- C:\Windows\System\hQzcQyS.exe
  C:\Windows\System\hQzcQyS.exe
  2⤵
  PID:5684
- C:\Windows\System\MStLaeq.exe
  C:\Windows\System\MStLaeq.exe
  2⤵
  PID:5704
- C:\Windows\System\hlhSRuU.exe
  C:\Windows\System\hlhSRuU.exe
  2⤵
  PID:5728
- C:\Windows\System\NUKgCBD.exe
  C:\Windows\System\NUKgCBD.exe
  2⤵
  PID:5748
- C:\Windows\System\yrPoyWW.exe
  C:\Windows\System\yrPoyWW.exe
  2⤵
  PID:5764
- C:\Windows\System\tTyXzJr.exe
  C:\Windows\System\tTyXzJr.exe
  2⤵
  PID:5784
- C:\Windows\System\VvXONxS.exe
  C:\Windows\System\VvXONxS.exe
  2⤵
  PID:5804
- C:\Windows\System\lDFbuSi.exe
  C:\Windows\System\lDFbuSi.exe
  2⤵
  PID:5824
- C:\Windows\System\hstycvx.exe
  C:\Windows\System\hstycvx.exe
  2⤵
  PID:5844
- C:\Windows\System\RYYPQTg.exe
  C:\Windows\System\RYYPQTg.exe
  2⤵
  PID:5888
- C:\Windows\System\eDBoOpa.exe
  C:\Windows\System\eDBoOpa.exe
  2⤵
  PID:5940
- C:\Windows\System\woUCSNa.exe
  C:\Windows\System\woUCSNa.exe
  2⤵
  PID:5956
- C:\Windows\System\rZgdlkr.exe
  C:\Windows\System\rZgdlkr.exe
  2⤵
  PID:5976
- C:\Windows\System\HEUkBGh.exe
  C:\Windows\System\HEUkBGh.exe
  2⤵
  PID:5992
- C:\Windows\System\QOHeaWj.exe
  C:\Windows\System\QOHeaWj.exe
  2⤵
  PID:6016
- C:\Windows\System\rNPQpCW.exe
  C:\Windows\System\rNPQpCW.exe
  2⤵
  PID:6032
- C:\Windows\System\TKbEIiK.exe
  C:\Windows\System\TKbEIiK.exe
  2⤵
  PID:6060
- C:\Windows\System\btrgpXB.exe
  C:\Windows\System\btrgpXB.exe
  2⤵
  PID:6080
- C:\Windows\System\PHoTeKc.exe
  C:\Windows\System\PHoTeKc.exe
  2⤵
  PID:6100
- C:\Windows\System\tMiUnJx.exe
  C:\Windows\System\tMiUnJx.exe
  2⤵
  PID:6116
- C:\Windows\System\ydrKAKI.exe
  C:\Windows\System\ydrKAKI.exe
  2⤵
  PID:6136
- C:\Windows\System\NWlchGt.exe
  C:\Windows\System\NWlchGt.exe
  2⤵
  PID:4600
- C:\Windows\System\pQrPpMp.exe
  C:\Windows\System\pQrPpMp.exe
  2⤵
  PID:2076
- C:\Windows\System\KCuTndW.exe
  C:\Windows\System\KCuTndW.exe
  2⤵
  PID:4796
- C:\Windows\System\PsAKiFf.exe
  C:\Windows\System\PsAKiFf.exe
  2⤵
  PID:5152
- C:\Windows\System\kmzkEdA.exe
  C:\Windows\System\kmzkEdA.exe
  2⤵
  PID:4352
- C:\Windows\System\gySAGAX.exe
  C:\Windows\System\gySAGAX.exe
  2⤵
  PID:2484
- C:\Windows\System\iCWgPOp.exe
  C:\Windows\System\iCWgPOp.exe
  2⤵
  PID:5284
- C:\Windows\System\tceRQjm.exe
  C:\Windows\System\tceRQjm.exe
  2⤵
  PID:5356
- C:\Windows\System\ZCBxTXn.exe
  C:\Windows\System\ZCBxTXn.exe
  2⤵
  PID:5408
- C:\Windows\System\HoreXcV.exe
  C:\Windows\System\HoreXcV.exe
  2⤵
  PID:5452
- C:\Windows\System\TiFHebh.exe
  C:\Windows\System\TiFHebh.exe
  2⤵
  PID:4736
- C:\Windows\System\iudWCDS.exe
  C:\Windows\System\iudWCDS.exe
  2⤵
  PID:5576
- C:\Windows\System\LPeazGJ.exe
  C:\Windows\System\LPeazGJ.exe
  2⤵
  PID:5580
- C:\Windows\System\uwRcEIi.exe
  C:\Windows\System\uwRcEIi.exe
  2⤵
  PID:4200
- C:\Windows\System\veLuZfM.exe
  C:\Windows\System\veLuZfM.exe
  2⤵
  PID:5168
- C:\Windows\System\dnnXMte.exe
  C:\Windows\System\dnnXMte.exe
  2⤵
  PID:5300
- C:\Windows\System\MIpwTHx.exe
  C:\Windows\System\MIpwTHx.exe
  2⤵
  PID:5376
- C:\Windows\System\phgjjES.exe
  C:\Windows\System\phgjjES.exe
  2⤵
  PID:1248
- C:\Windows\System\nqrNPkC.exe
  C:\Windows\System\nqrNPkC.exe
  2⤵
  PID:5420
- C:\Windows\System\XCEYGlO.exe
  C:\Windows\System\XCEYGlO.exe
  2⤵
  PID:5740
- C:\Windows\System\reVBMgt.exe
  C:\Windows\System\reVBMgt.exe
  2⤵
  PID:5812
- C:\Windows\System\SxiQiLg.exe
  C:\Windows\System\SxiQiLg.exe
  2⤵
  PID:5472
- C:\Windows\System\fjHkvSN.exe
  C:\Windows\System\fjHkvSN.exe
  2⤵
  PID:5516
- C:\Windows\System\fZmAMVD.exe
  C:\Windows\System\fZmAMVD.exe
  2⤵
  PID:5532
- C:\Windows\System\yfyuAry.exe
  C:\Windows\System\yfyuAry.exe
  2⤵
  PID:5600
- C:\Windows\System\FbHvVtH.exe
  C:\Windows\System\FbHvVtH.exe
  2⤵
  PID:5640
- C:\Windows\System\qGYsHeP.exe
  C:\Windows\System\qGYsHeP.exe
  2⤵
  PID:5716
- C:\Windows\System\DuGeWQe.exe
  C:\Windows\System\DuGeWQe.exe
  2⤵
  PID:5760
- C:\Windows\System\RPrugsL.exe
  C:\Windows\System\RPrugsL.exe
  2⤵
  PID:5832
- C:\Windows\System\GQorHOI.exe
  C:\Windows\System\GQorHOI.exe
  2⤵
  PID:5904
- C:\Windows\System\erfnJQh.exe
  C:\Windows\System\erfnJQh.exe
  2⤵
  PID:5928
- C:\Windows\System\amrfzag.exe
  C:\Windows\System\amrfzag.exe
  2⤵
  PID:5948
- C:\Windows\System\dSaTbHb.exe
  C:\Windows\System\dSaTbHb.exe
  2⤵
  PID:6024
- C:\Windows\System\KFkTgKf.exe
  C:\Windows\System\KFkTgKf.exe
  2⤵
  PID:6076
- C:\Windows\System\wavIswz.exe
  C:\Windows\System\wavIswz.exe
  2⤵
  PID:5972
- C:\Windows\System\QJcxfmX.exe
  C:\Windows\System\QJcxfmX.exe
  2⤵
  PID:4848
- C:\Windows\System\kSGlGfh.exe
  C:\Windows\System\kSGlGfh.exe
  2⤵
  PID:5220
- C:\Windows\System\kvdzCFN.exe
  C:\Windows\System\kvdzCFN.exe
  2⤵
  PID:6012
- C:\Windows\System\NjUPSUk.exe
  C:\Windows\System\NjUPSUk.exe
  2⤵
  PID:6056
- C:\Windows\System\UYqTmEr.exe
  C:\Windows\System\UYqTmEr.exe
  2⤵
  PID:5404
- C:\Windows\System\BDqwWNE.exe
  C:\Windows\System\BDqwWNE.exe
  2⤵
  PID:2708
- C:\Windows\System\FOnSomA.exe
  C:\Windows\System\FOnSomA.exe
  2⤵
  PID:4784
- C:\Windows\System\lqZQLGq.exe
  C:\Windows\System\lqZQLGq.exe
  2⤵
  PID:3952
- C:\Windows\System\IVgjDsR.exe
  C:\Windows\System\IVgjDsR.exe
  2⤵
  PID:5448
- C:\Windows\System\VYyLHQR.exe
  C:\Windows\System\VYyLHQR.exe
  2⤵
  PID:5204
- C:\Windows\System\MIZrUip.exe
  C:\Windows\System\MIZrUip.exe
  2⤵
  PID:5664
- C:\Windows\System\aTslmSC.exe
  C:\Windows\System\aTslmSC.exe
  2⤵
  PID:5372
- C:\Windows\System\oBzNTrY.exe
  C:\Windows\System\oBzNTrY.exe
  2⤵
  PID:5700
- C:\Windows\System\RJZCWjp.exe
  C:\Windows\System\RJZCWjp.exe
  2⤵
  PID:5544
- C:\Windows\System\btHUnlo.exe
  C:\Windows\System\btHUnlo.exe
  2⤵
  PID:5296
- C:\Windows\System\sWGEnWw.exe
  C:\Windows\System\sWGEnWw.exe
  2⤵
  PID:5464
- C:\Windows\System\agTjRuk.exe
  C:\Windows\System\agTjRuk.exe
  2⤵
  PID:5428
- C:\Windows\System\SVbWxIb.exe
  C:\Windows\System\SVbWxIb.exe
  2⤵
  PID:5432
- C:\Windows\System\DDQXMwc.exe
  C:\Windows\System\DDQXMwc.exe
  2⤵
  PID:5796
- C:\Windows\System\BpjLSgj.exe
  C:\Windows\System\BpjLSgj.exe
  2⤵
  PID:5756
- C:\Windows\System\HUHjMKr.exe
  C:\Windows\System\HUHjMKr.exe
  2⤵
  PID:5908
- C:\Windows\System\MKvrxTV.exe
  C:\Windows\System\MKvrxTV.exe
  2⤵
  PID:5964
- C:\Windows\System\WAMrFVG.exe
  C:\Windows\System\WAMrFVG.exe
  2⤵
  PID:2740
- C:\Windows\System\OhGoHqP.exe
  C:\Windows\System\OhGoHqP.exe
  2⤵
  PID:5528
- C:\Windows\System\oIEQFfW.exe
  C:\Windows\System\oIEQFfW.exe
  2⤵
  PID:2372
- C:\Windows\System\VMIArih.exe
  C:\Windows\System\VMIArih.exe
  2⤵
  PID:692
- C:\Windows\System\IyCqbof.exe
  C:\Windows\System\IyCqbof.exe
  2⤵
  PID:3472
- C:\Windows\System\elISvTs.exe
  C:\Windows\System\elISvTs.exe
  2⤵
  PID:6096
- C:\Windows\System\MfFGyKa.exe
  C:\Windows\System\MfFGyKa.exe
  2⤵
  PID:6000
- C:\Windows\System\cliFQPt.exe
  C:\Windows\System\cliFQPt.exe
  2⤵
  PID:5128
- C:\Windows\System\aSgyjam.exe
  C:\Windows\System\aSgyjam.exe
  2⤵
  PID:5148
- C:\Windows\System\myDXeiE.exe
  C:\Windows\System\myDXeiE.exe
  2⤵
  PID:2876
- C:\Windows\System\dfGRIau.exe
  C:\Windows\System\dfGRIau.exe
  2⤵
  PID:5616
- C:\Windows\System\vuUrAPZ.exe
  C:\Windows\System\vuUrAPZ.exe
  2⤵
  PID:5352
- C:\Windows\System\LuPeujT.exe
  C:\Windows\System\LuPeujT.exe
  2⤵
  PID:5320
- C:\Windows\System\PJTFbpN.exe
  C:\Windows\System\PJTFbpN.exe
  2⤵
  PID:5680
- C:\Windows\System\IHntnXh.exe
  C:\Windows\System\IHntnXh.exe
  2⤵
  PID:2912
- C:\Windows\System\BeXMrJK.exe
  C:\Windows\System\BeXMrJK.exe
  2⤵
  PID:2356
- C:\Windows\System\BWTtOJT.exe
  C:\Windows\System\BWTtOJT.exe
  2⤵
  PID:5988
- C:\Windows\System\yObysjt.exe
  C:\Windows\System\yObysjt.exe
  2⤵
  PID:5636
- C:\Windows\System\GZwqDwh.exe
  C:\Windows\System\GZwqDwh.exe
  2⤵
  PID:1976
- C:\Windows\System\UiyvsOM.exe
  C:\Windows\System\UiyvsOM.exe
  2⤵
  PID:2016
- C:\Windows\System\igRPASk.exe
  C:\Windows\System\igRPASk.exe
  2⤵
  PID:5396
- C:\Windows\System\mUWDZwx.exe
  C:\Windows\System\mUWDZwx.exe
  2⤵
  PID:5896
- C:\Windows\System\ksDDXta.exe
  C:\Windows\System\ksDDXta.exe
  2⤵
  PID:2348
- C:\Windows\System\EaeGrdh.exe
  C:\Windows\System\EaeGrdh.exe
  2⤵
  PID:5200
- C:\Windows\System\aPmaeur.exe
  C:\Windows\System\aPmaeur.exe
  2⤵
  PID:5492
- C:\Windows\System\qFfzSyD.exe
  C:\Windows\System\qFfzSyD.exe
  2⤵
  PID:1148
- C:\Windows\System\fVntrBP.exe
  C:\Windows\System\fVntrBP.exe
  2⤵
  PID:5132
- C:\Windows\System\iKFPsMa.exe
  C:\Windows\System\iKFPsMa.exe
  2⤵
  PID:4468
- C:\Windows\System\OcKjbkY.exe
  C:\Windows\System\OcKjbkY.exe
  2⤵
  PID:5864
- C:\Windows\System\gSVXKIC.exe
  C:\Windows\System\gSVXKIC.exe
  2⤵
  PID:5724
- C:\Windows\System\HhIIAFL.exe
  C:\Windows\System\HhIIAFL.exe
  2⤵
  PID:5336
- C:\Windows\System\sbxbaHO.exe
  C:\Windows\System\sbxbaHO.exe
  2⤵
  PID:6164
- C:\Windows\System\pYYfHDv.exe
  C:\Windows\System\pYYfHDv.exe
  2⤵
  PID:6180
- C:\Windows\System\TFXsgSd.exe
  C:\Windows\System\TFXsgSd.exe
  2⤵
  PID:6196
- C:\Windows\System\tdGIZzD.exe
  C:\Windows\System\tdGIZzD.exe
  2⤵
  PID:6212
- C:\Windows\System\qbPnnwm.exe
  C:\Windows\System\qbPnnwm.exe
  2⤵
  PID:6228
- C:\Windows\System\TthMpqH.exe
  C:\Windows\System\TthMpqH.exe
  2⤵
  PID:6248
- C:\Windows\System\qgftune.exe
  C:\Windows\System\qgftune.exe
  2⤵
  PID:6264
- C:\Windows\System\RTearxX.exe
  C:\Windows\System\RTearxX.exe
  2⤵
  PID:6284
- C:\Windows\System\XxswNQd.exe
  C:\Windows\System\XxswNQd.exe
  2⤵
  PID:6360
- C:\Windows\System\erbknRz.exe
  C:\Windows\System\erbknRz.exe
  2⤵
  PID:6376
- C:\Windows\System\nTDBESR.exe
  C:\Windows\System\nTDBESR.exe
  2⤵
  PID:6396
- C:\Windows\System\ZrTolPs.exe
  C:\Windows\System\ZrTolPs.exe
  2⤵
  PID:6412
- C:\Windows\System\ZwzvFFv.exe
  C:\Windows\System\ZwzvFFv.exe
  2⤵
  PID:6440
- C:\Windows\System\OfPluxg.exe
  C:\Windows\System\OfPluxg.exe
  2⤵
  PID:6456
- C:\Windows\System\yjYGsmo.exe
  C:\Windows\System\yjYGsmo.exe
  2⤵
  PID:6472
- C:\Windows\System\qEtsyiN.exe
  C:\Windows\System\qEtsyiN.exe
  2⤵
  PID:6488
- C:\Windows\System\yUfykhP.exe
  C:\Windows\System\yUfykhP.exe
  2⤵
  PID:6508
- C:\Windows\System\RCvIyHv.exe
  C:\Windows\System\RCvIyHv.exe
  2⤵
  PID:6528
- C:\Windows\System\qhPWAxo.exe
  C:\Windows\System\qhPWAxo.exe
  2⤵
  PID:6544
- C:\Windows\System\hezFlrM.exe
  C:\Windows\System\hezFlrM.exe
  2⤵
  PID:6564
- C:\Windows\System\WDwyBCf.exe
  C:\Windows\System\WDwyBCf.exe
  2⤵
  PID:6580
- C:\Windows\System\USJUuDw.exe
  C:\Windows\System\USJUuDw.exe
  2⤵
  PID:6600
- C:\Windows\System\chdGJBR.exe
  C:\Windows\System\chdGJBR.exe
  2⤵
  PID:6616
- C:\Windows\System\WIrtFTU.exe
  C:\Windows\System\WIrtFTU.exe
  2⤵
  PID:6636
- C:\Windows\System\kzzIhlj.exe
  C:\Windows\System\kzzIhlj.exe
  2⤵
  PID:6652
- C:\Windows\System\IEiBMgg.exe
  C:\Windows\System\IEiBMgg.exe
  2⤵
  PID:6668
- C:\Windows\System\LSAGaGg.exe
  C:\Windows\System\LSAGaGg.exe
  2⤵
  PID:6688
- C:\Windows\System\lLcxCTn.exe
  C:\Windows\System\lLcxCTn.exe
  2⤵
  PID:6704
- C:\Windows\System\zcrbYMV.exe
  C:\Windows\System\zcrbYMV.exe
  2⤵
  PID:6724
- C:\Windows\System\SNZmNxK.exe
  C:\Windows\System\SNZmNxK.exe
  2⤵
  PID:6740
- C:\Windows\System\UCYcqtN.exe
  C:\Windows\System\UCYcqtN.exe
  2⤵
  PID:6756
- C:\Windows\System\WxPHxfS.exe
  C:\Windows\System\WxPHxfS.exe
  2⤵
  PID:6776
- C:\Windows\System\SUgnxpF.exe
  C:\Windows\System\SUgnxpF.exe
  2⤵
  PID:6792
- C:\Windows\System\HOGWday.exe
  C:\Windows\System\HOGWday.exe
  2⤵
  PID:6808
- C:\Windows\System\lqlrCqL.exe
  C:\Windows\System\lqlrCqL.exe
  2⤵
  PID:6828
- C:\Windows\System\qkURaov.exe
  C:\Windows\System\qkURaov.exe
  2⤵
  PID:6848
- C:\Windows\System\WUuWOHc.exe
  C:\Windows\System\WUuWOHc.exe
  2⤵
  PID:6864
- C:\Windows\System\aIGJjEa.exe
  C:\Windows\System\aIGJjEa.exe
  2⤵
  PID:6884
- C:\Windows\System\NCdUQzX.exe
  C:\Windows\System\NCdUQzX.exe
  2⤵
  PID:6900
- C:\Windows\System\Zvxgwem.exe
  C:\Windows\System\Zvxgwem.exe
  2⤵
  PID:6916
- C:\Windows\System\RnpnGJJ.exe
  C:\Windows\System\RnpnGJJ.exe
  2⤵
  PID:6932
- C:\Windows\System\WMWIDzl.exe
  C:\Windows\System\WMWIDzl.exe
  2⤵
  PID:6952
- C:\Windows\System\lMVliBV.exe
  C:\Windows\System\lMVliBV.exe
  2⤵
  PID:6972
- C:\Windows\System\YtaPaMu.exe
  C:\Windows\System\YtaPaMu.exe
  2⤵
  PID:6988
- C:\Windows\System\uOoltYx.exe
  C:\Windows\System\uOoltYx.exe
  2⤵
  PID:7008
- C:\Windows\System\FaWIyvk.exe
  C:\Windows\System\FaWIyvk.exe
  2⤵
  PID:7024
- C:\Windows\System\VzfSrqu.exe
  C:\Windows\System\VzfSrqu.exe
  2⤵
  PID:7044
- C:\Windows\System\rrZHjJi.exe
  C:\Windows\System\rrZHjJi.exe
  2⤵
  PID:7060
- C:\Windows\System\zOfMWvd.exe
  C:\Windows\System\zOfMWvd.exe
  2⤵
  PID:7076
- C:\Windows\System\asTLTtz.exe
  C:\Windows\System\asTLTtz.exe
  2⤵
  PID:7096
- C:\Windows\System\VDmLHRl.exe
  C:\Windows\System\VDmLHRl.exe
  2⤵
  PID:7120
- C:\Windows\System\rADvvSt.exe
  C:\Windows\System\rADvvSt.exe
  2⤵
  PID:7148
- C:\Windows\System\gVSDndy.exe
  C:\Windows\System\gVSDndy.exe
  2⤵
  PID:7164
- C:\Windows\System\LIMGkaH.exe
  C:\Windows\System\LIMGkaH.exe
  2⤵
  PID:6068
- C:\Windows\System\MVtAwgC.exe
  C:\Windows\System\MVtAwgC.exe
  2⤵
  PID:5968
- C:\Windows\System\klLGpRI.exe
  C:\Windows\System\klLGpRI.exe
  2⤵
  PID:6052
- C:\Windows\System\lfpMmQu.exe
  C:\Windows\System\lfpMmQu.exe
  2⤵
  PID:5108
- C:\Windows\System\gDEkzyr.exe
  C:\Windows\System\gDEkzyr.exe
  2⤵
  PID:6204
- C:\Windows\System\xajStPa.exe
  C:\Windows\System\xajStPa.exe
  2⤵
  PID:6272
- C:\Windows\System\wgNHfLt.exe
  C:\Windows\System\wgNHfLt.exe
  2⤵
  PID:2128
- C:\Windows\System\JjdjFYu.exe
  C:\Windows\System\JjdjFYu.exe
  2⤵
  PID:4356
- C:\Windows\System\nKJWoBR.exe
  C:\Windows\System\nKJWoBR.exe
  2⤵
  PID:5772
- C:\Windows\System\scmOjHv.exe
  C:\Windows\System\scmOjHv.exe
  2⤵
  PID:6160
- C:\Windows\System\OyCVeDB.exe
  C:\Windows\System\OyCVeDB.exe
  2⤵
  PID:6224
- C:\Windows\System\rixBfLW.exe
  C:\Windows\System\rixBfLW.exe
  2⤵
  PID:6304
- C:\Windows\System\pxCtjAN.exe
  C:\Windows\System\pxCtjAN.exe
  2⤵
  PID:6320
- C:\Windows\System\XBLaRWC.exe
  C:\Windows\System\XBLaRWC.exe
  2⤵
  PID:6336
- C:\Windows\System\wPliDnI.exe
  C:\Windows\System\wPliDnI.exe
  2⤵
  PID:6352
- C:\Windows\System\MozKcnA.exe
  C:\Windows\System\MozKcnA.exe
  2⤵
  PID:6388
- C:\Windows\System\OksFDML.exe
  C:\Windows\System\OksFDML.exe
  2⤵
  PID:6420
- C:\Windows\System\XppPmDL.exe
  C:\Windows\System\XppPmDL.exe
  2⤵
  PID:6432
- C:\Windows\System\cRVQtMs.exe
  C:\Windows\System\cRVQtMs.exe
  2⤵
  PID:6520
- C:\Windows\System\WXdCbro.exe
  C:\Windows\System\WXdCbro.exe
  2⤵
  PID:6592
- C:\Windows\System\yaDHnvq.exe
  C:\Windows\System\yaDHnvq.exe
  2⤵
  PID:6660
- C:\Windows\System\LBvcdHh.exe
  C:\Windows\System\LBvcdHh.exe
  2⤵
  PID:6736
- C:\Windows\System\nYhnrSu.exe
  C:\Windows\System\nYhnrSu.exe
  2⤵
  PID:6800
- C:\Windows\System\BLMkBtt.exe
  C:\Windows\System\BLMkBtt.exe
  2⤵
  PID:6876
- C:\Windows\System\rmcfSqf.exe
  C:\Windows\System\rmcfSqf.exe
  2⤵
  PID:6940
- C:\Windows\System\xLcRGxR.exe
  C:\Windows\System\xLcRGxR.exe
  2⤵
  PID:6984
- C:\Windows\System\xoiSjOx.exe
  C:\Windows\System\xoiSjOx.exe
  2⤵
  PID:7084
- C:\Windows\System\ERCvJWP.exe
  C:\Windows\System\ERCvJWP.exe
  2⤵
  PID:7144
- C:\Windows\System\EcIlSLx.exe
  C:\Windows\System\EcIlSLx.exe
  2⤵
  PID:7132
- C:\Windows\System\OZyyenA.exe
  C:\Windows\System\OZyyenA.exe
  2⤵
  PID:1252
- C:\Windows\System\ESEnEEg.exe
  C:\Windows\System\ESEnEEg.exe
  2⤵
  PID:6124
- C:\Windows\System\Cbzzpzw.exe
  C:\Windows\System\Cbzzpzw.exe
  2⤵
  PID:2816
- C:\Windows\System\fwTRbeb.exe
  C:\Windows\System\fwTRbeb.exe
  2⤵
  PID:6392
- C:\Windows\System\chhIgIp.exe
  C:\Windows\System\chhIgIp.exe
  2⤵
  PID:6500
- C:\Windows\System\PsbjFHo.exe
  C:\Windows\System\PsbjFHo.exe
  2⤵
  PID:6572
- C:\Windows\System\gvAfMlu.exe
  C:\Windows\System\gvAfMlu.exe
  2⤵
  PID:6632
- C:\Windows\System\ZZyzdmo.exe
  C:\Windows\System\ZZyzdmo.exe
  2⤵
  PID:6684
- C:\Windows\System\pIbHbEy.exe
  C:\Windows\System\pIbHbEy.exe
  2⤵
  PID:6748
- C:\Windows\System\RVPTvNn.exe
  C:\Windows\System\RVPTvNn.exe
  2⤵
  PID:6816
- C:\Windows\System\nfvjozS.exe
  C:\Windows\System\nfvjozS.exe
  2⤵
  PID:6860
- C:\Windows\System\mzylNjN.exe
  C:\Windows\System\mzylNjN.exe
  2⤵
  PID:6928
- C:\Windows\System\UVcZiOr.exe
  C:\Windows\System\UVcZiOr.exe
  2⤵
  PID:6996
- C:\Windows\System\yvABYTr.exe
  C:\Windows\System\yvABYTr.exe
  2⤵
  PID:6452
- C:\Windows\System\mpEncRy.exe
  C:\Windows\System\mpEncRy.exe
  2⤵
  PID:7056
- C:\Windows\System\ROIXvve.exe
  C:\Windows\System\ROIXvve.exe
  2⤵
  PID:2460
- C:\Windows\System\vIZAORF.exe
  C:\Windows\System\vIZAORF.exe
  2⤵
  PID:6176
- C:\Windows\System\SkCtSLB.exe
  C:\Windows\System\SkCtSLB.exe
  2⤵
  PID:2832
- C:\Windows\System\DdlrMPJ.exe
  C:\Windows\System\DdlrMPJ.exe
  2⤵
  PID:7036
- C:\Windows\System\Nxtlmcu.exe
  C:\Windows\System\Nxtlmcu.exe
  2⤵
  PID:7072
- C:\Windows\System\ZhIWckT.exe
  C:\Windows\System\ZhIWckT.exe
  2⤵
  PID:7156
- C:\Windows\System\yDwJVEB.exe
  C:\Windows\System\yDwJVEB.exe
  2⤵
  PID:588
- C:\Windows\System\DVAoAku.exe
  C:\Windows\System\DVAoAku.exe
  2⤵
  PID:5712
- C:\Windows\System\SQMQArH.exe
  C:\Windows\System\SQMQArH.exe
  2⤵
  PID:4464
- C:\Windows\System\tuEKwrA.exe
  C:\Windows\System\tuEKwrA.exe
  2⤵
  PID:1492
- C:\Windows\System\dpJqoba.exe
  C:\Windows\System\dpJqoba.exe
  2⤵
  PID:6236
- C:\Windows\System\UIuBUIb.exe
  C:\Windows\System\UIuBUIb.exe
  2⤵
  PID:6156
- C:\Windows\System\QIYauth.exe
  C:\Windows\System\QIYauth.exe
  2⤵
  PID:6384
- C:\Windows\System\wMyPDkf.exe
  C:\Windows\System\wMyPDkf.exe
  2⤵
  PID:6480
- C:\Windows\System\lkLLBDS.exe
  C:\Windows\System\lkLLBDS.exe
  2⤵
  PID:6628
- C:\Windows\System\SUmIZTZ.exe
  C:\Windows\System\SUmIZTZ.exe
  2⤵
  PID:6948
- C:\Windows\System\rdZTiRm.exe
  C:\Windows\System\rdZTiRm.exe
  2⤵
  PID:2672
- C:\Windows\System\bmZqYji.exe
  C:\Windows\System\bmZqYji.exe
  2⤵
  PID:6312
- C:\Windows\System\nhwzDNi.exe
  C:\Windows\System\nhwzDNi.exe
  2⤵
  PID:6648
- C:\Windows\System\IZzlobm.exe
  C:\Windows\System\IZzlobm.exe
  2⤵
  PID:6788
- C:\Windows\System\umWOgPq.exe
  C:\Windows\System\umWOgPq.exe
  2⤵
  PID:6408
- C:\Windows\System\mSOpvEg.exe
  C:\Windows\System\mSOpvEg.exe
  2⤵
  PID:7092
- C:\Windows\System\aYUTXso.exe
  C:\Windows\System\aYUTXso.exe
  2⤵
  PID:2256
- C:\Windows\System\EbTDBpT.exe
  C:\Windows\System\EbTDBpT.exe
  2⤵
  PID:680
- C:\Windows\System\UYKLaqy.exe
  C:\Windows\System\UYKLaqy.exe
  2⤵
  PID:7068
- C:\Windows\System\XEUszvc.exe
  C:\Windows\System\XEUszvc.exe
  2⤵
  PID:6720
- C:\Windows\System\wqtYsBf.exe
  C:\Windows\System\wqtYsBf.exe
  2⤵
  PID:6300
- C:\Windows\System\HVOGcDA.exe
  C:\Windows\System\HVOGcDA.exe
  2⤵
  PID:6964
- C:\Windows\System\bQPNYEr.exe
  C:\Windows\System\bQPNYEr.exe
  2⤵
  PID:6172
- C:\Windows\System\RpNBVzq.exe
  C:\Windows\System\RpNBVzq.exe
  2⤵
  PID:7108
- C:\Windows\System\NwJwZVl.exe
  C:\Windows\System\NwJwZVl.exe
  2⤵
  PID:2044
- C:\Windows\System\QYtLUxn.exe
  C:\Windows\System\QYtLUxn.exe
  2⤵
  PID:5512
- C:\Windows\System\QzIRQsZ.exe
  C:\Windows\System\QzIRQsZ.exe
  2⤵
  PID:6428
- C:\Windows\System\bNDVBcZ.exe
  C:\Windows\System\bNDVBcZ.exe
  2⤵
  PID:2692
- C:\Windows\System\IwTFtki.exe
  C:\Windows\System\IwTFtki.exe
  2⤵
  PID:6980
- C:\Windows\System\BSggWpF.exe
  C:\Windows\System\BSggWpF.exe
  2⤵
  PID:6840
- C:\Windows\System\eSOjIvn.exe
  C:\Windows\System\eSOjIvn.exe
  2⤵
  PID:1624
- C:\Windows\System\usOCRFl.exe
  C:\Windows\System\usOCRFl.exe
  2⤵
  PID:6316
- C:\Windows\System\PcdPsac.exe
  C:\Windows\System\PcdPsac.exe
  2⤵
  PID:6296
- C:\Windows\System\zwdfBCb.exe
  C:\Windows\System\zwdfBCb.exe
  2⤵
  PID:7032
- C:\Windows\System\WSsQxpb.exe
  C:\Windows\System\WSsQxpb.exe
  2⤵
  PID:6700
- C:\Windows\System\WYglgrs.exe
  C:\Windows\System\WYglgrs.exe
  2⤵
  PID:1704
- C:\Windows\System\vtllwph.exe
  C:\Windows\System\vtllwph.exe
  2⤵
  PID:1308
- C:\Windows\System\ZEmfWdA.exe
  C:\Windows\System\ZEmfWdA.exe
  2⤵
  PID:6292
- C:\Windows\System\wEPRhQr.exe
  C:\Windows\System\wEPRhQr.exe
  2⤵
  PID:2284
- C:\Windows\System\WKhwLyv.exe
  C:\Windows\System\WKhwLyv.exe
  2⤵
  PID:3008
- C:\Windows\System\nZOvtdF.exe
  C:\Windows\System\nZOvtdF.exe
  2⤵
  PID:6872
- C:\Windows\System\JKJdmkv.exe
  C:\Windows\System\JKJdmkv.exe
  2⤵
  PID:6536
- C:\Windows\System\reuUzeR.exe
  C:\Windows\System\reuUzeR.exe
  2⤵
  PID:1784
- C:\Windows\System\aKtweQD.exe
  C:\Windows\System\aKtweQD.exe
  2⤵
  PID:2928
- C:\Windows\System\QFxeGlR.exe
  C:\Windows\System\QFxeGlR.exe
  2⤵
  PID:6152
- C:\Windows\System\iQuWnGX.exe
  C:\Windows\System\iQuWnGX.exe
  2⤵
  PID:2340
- C:\Windows\System\GwIDRpu.exe
  C:\Windows\System\GwIDRpu.exe
  2⤵
  PID:6836
- C:\Windows\System\GKfRPNl.exe
  C:\Windows\System\GKfRPNl.exe
  2⤵
  PID:6908
- C:\Windows\System\fqAnfdp.exe
  C:\Windows\System\fqAnfdp.exe
  2⤵
  PID:6280
- C:\Windows\System\VjrlPKW.exe
  C:\Windows\System\VjrlPKW.exe
  2⤵
  PID:6772
- C:\Windows\System\iKvIpDO.exe
  C:\Windows\System\iKvIpDO.exe
  2⤵
  PID:788
- C:\Windows\System\TyyexGk.exe
  C:\Windows\System\TyyexGk.exe
  2⤵
  PID:2988
- C:\Windows\System\zOBoTkI.exe
  C:\Windows\System\zOBoTkI.exe
  2⤵
  PID:7004
- C:\Windows\System\zHAoOWu.exe
  C:\Windows\System\zHAoOWu.exe
  2⤵
  PID:2624
- C:\Windows\System\tscktPd.exe
  C:\Windows\System\tscktPd.exe
  2⤵
  PID:1680
- C:\Windows\System\egWexxZ.exe
  C:\Windows\System\egWexxZ.exe
  2⤵
  PID:2276
- C:\Windows\System\xWNWcen.exe
  C:\Windows\System\xWNWcen.exe
  2⤵
  PID:6924
- C:\Windows\System\cZvXHVr.exe
  C:\Windows\System\cZvXHVr.exe
  2⤵
  PID:7184
- C:\Windows\System\tTvmvbU.exe
  C:\Windows\System\tTvmvbU.exe
  2⤵
  PID:7200
- C:\Windows\System\kgpGJvK.exe
  C:\Windows\System\kgpGJvK.exe
  2⤵
  PID:7220
- C:\Windows\System\DHjiKDv.exe
  C:\Windows\System\DHjiKDv.exe
  2⤵
  PID:7240
- C:\Windows\System\EAtxjLN.exe
  C:\Windows\System\EAtxjLN.exe
  2⤵
  PID:7264
- C:\Windows\System\SliIeGn.exe
  C:\Windows\System\SliIeGn.exe
  2⤵
  PID:7284
- C:\Windows\System\PgCNTqX.exe
  C:\Windows\System\PgCNTqX.exe
  2⤵
  PID:7304
- C:\Windows\System\DJpvPFe.exe
  C:\Windows\System\DJpvPFe.exe
  2⤵
  PID:7324
- C:\Windows\System\nhdWdZU.exe
  C:\Windows\System\nhdWdZU.exe
  2⤵
  PID:7344
- C:\Windows\System\atvvjmb.exe
  C:\Windows\System\atvvjmb.exe
  2⤵
  PID:7360
- C:\Windows\System\gCEsoBK.exe
  C:\Windows\System\gCEsoBK.exe
  2⤵
  PID:7424
- C:\Windows\System\IFnZNHH.exe
  C:\Windows\System\IFnZNHH.exe
  2⤵
  PID:7444
- C:\Windows\System\izYrczQ.exe
  C:\Windows\System\izYrczQ.exe
  2⤵
  PID:7464
- C:\Windows\System\UmAEdPT.exe
  C:\Windows\System\UmAEdPT.exe
  2⤵
  PID:7480
- C:\Windows\System\qBLgSvN.exe
  C:\Windows\System\qBLgSvN.exe
  2⤵
  PID:7496
- C:\Windows\System\buTBUQh.exe
  C:\Windows\System\buTBUQh.exe
  2⤵
  PID:7516
- C:\Windows\System\TizIMTd.exe
  C:\Windows\System\TizIMTd.exe
  2⤵
  PID:7532
- C:\Windows\System\ASroafc.exe
  C:\Windows\System\ASroafc.exe
  2⤵
  PID:7548
- C:\Windows\System\MhgcfLH.exe
  C:\Windows\System\MhgcfLH.exe
  2⤵
  PID:7572
- C:\Windows\System\QqjUDlL.exe
  C:\Windows\System\QqjUDlL.exe
  2⤵
  PID:7588
- C:\Windows\System\UfAxmYA.exe
  C:\Windows\System\UfAxmYA.exe
  2⤵
  PID:7604
- C:\Windows\System\zYCNjUC.exe
  C:\Windows\System\zYCNjUC.exe
  2⤵
  PID:7620
- C:\Windows\System\iBiXhxb.exe
  C:\Windows\System\iBiXhxb.exe
  2⤵
  PID:7636
- C:\Windows\System\pMdeAOX.exe
  C:\Windows\System\pMdeAOX.exe
  2⤵
  PID:7656
- C:\Windows\System\gvkubSx.exe
  C:\Windows\System\gvkubSx.exe
  2⤵
  PID:7680
- C:\Windows\System\pOSFSVb.exe
  C:\Windows\System\pOSFSVb.exe
  2⤵
  PID:7700
- C:\Windows\System\VXSEaOp.exe
  C:\Windows\System\VXSEaOp.exe
  2⤵
  PID:7720
- C:\Windows\System\lixCEYW.exe
  C:\Windows\System\lixCEYW.exe
  2⤵
  PID:7736
- C:\Windows\System\xUDSVNk.exe
  C:\Windows\System\xUDSVNk.exe
  2⤵
  PID:7752
- C:\Windows\System\oAbcwAB.exe
  C:\Windows\System\oAbcwAB.exe
  2⤵
  PID:7768
- C:\Windows\System\oinwSAF.exe
  C:\Windows\System\oinwSAF.exe
  2⤵
  PID:7788
- C:\Windows\System\gncumqV.exe
  C:\Windows\System\gncumqV.exe
  2⤵
  PID:7804
- C:\Windows\System\qmXVwAZ.exe
  C:\Windows\System\qmXVwAZ.exe
  2⤵
  PID:7820
- C:\Windows\System\arXoWgF.exe
  C:\Windows\System\arXoWgF.exe
  2⤵
  PID:7872
- C:\Windows\System\bHQrGRz.exe
  C:\Windows\System\bHQrGRz.exe
  2⤵
  PID:7888
- C:\Windows\System\fJHTzfo.exe
  C:\Windows\System\fJHTzfo.exe
  2⤵
  PID:7904
- C:\Windows\System\NIiziOg.exe
  C:\Windows\System\NIiziOg.exe
  2⤵
  PID:7920
- C:\Windows\System\okLMerw.exe
  C:\Windows\System\okLMerw.exe
  2⤵
  PID:7936
- C:\Windows\System\bGVARHQ.exe
  C:\Windows\System\bGVARHQ.exe
  2⤵
  PID:7952
- C:\Windows\System\ZBixdiX.exe
  C:\Windows\System\ZBixdiX.exe
  2⤵
  PID:7968
- C:\Windows\System\yIbJqXT.exe
  C:\Windows\System\yIbJqXT.exe
  2⤵
  PID:7984
- C:\Windows\System\hPBsJRf.exe
  C:\Windows\System\hPBsJRf.exe
  2⤵
  PID:8012
- C:\Windows\System\RwCdISh.exe
  C:\Windows\System\RwCdISh.exe
  2⤵
  PID:8036
- C:\Windows\System\UoIwxWo.exe
  C:\Windows\System\UoIwxWo.exe
  2⤵
  PID:8060
- C:\Windows\System\JVIcisf.exe
  C:\Windows\System\JVIcisf.exe
  2⤵
  PID:8076
- C:\Windows\System\olgrsLr.exe
  C:\Windows\System\olgrsLr.exe
  2⤵
  PID:8092
- C:\Windows\System\QsyDwzp.exe
  C:\Windows\System\QsyDwzp.exe
  2⤵
  PID:8148
- C:\Windows\System\EgAamEa.exe
  C:\Windows\System\EgAamEa.exe
  2⤵
  PID:8164
- C:\Windows\System\KhxXeEA.exe
  C:\Windows\System\KhxXeEA.exe
  2⤵
  PID:8184
- C:\Windows\System\yCYIKoc.exe
  C:\Windows\System\yCYIKoc.exe
  2⤵
  PID:6436
- C:\Windows\System\FMNYDoZ.exe
  C:\Windows\System\FMNYDoZ.exe
  2⤵
  PID:7136
- C:\Windows\System\GnIsDYr.exe
  C:\Windows\System\GnIsDYr.exe
  2⤵
  PID:6496
- C:\Windows\System\hqqrOdV.exe
  C:\Windows\System\hqqrOdV.exe
  2⤵
  PID:7236
- C:\Windows\System\AvLIihG.exe
  C:\Windows\System\AvLIihG.exe
  2⤵
  PID:5236
- C:\Windows\System\dZwuxLa.exe
  C:\Windows\System\dZwuxLa.exe
  2⤵
  PID:7320
- C:\Windows\System\EoulODq.exe
  C:\Windows\System\EoulODq.exe
  2⤵
  PID:7356
- C:\Windows\System\UOxAJcy.exe
  C:\Windows\System\UOxAJcy.exe
  2⤵
  PID:7216
- C:\Windows\System\axNHaPi.exe
  C:\Windows\System\axNHaPi.exe
  2⤵
  PID:288
- C:\Windows\System\RmqKRbk.exe
  C:\Windows\System\RmqKRbk.exe
  2⤵
  PID:7212
- C:\Windows\System\LOdyPIZ.exe
  C:\Windows\System\LOdyPIZ.exe
  2⤵
  PID:7300
- C:\Windows\System\zxWgiPk.exe
  C:\Windows\System\zxWgiPk.exe
  2⤵
  PID:7372
- C:\Windows\System\tEmbdDu.exe
  C:\Windows\System\tEmbdDu.exe
  2⤵
  PID:7388
- C:\Windows\System\SSHDoFU.exe
  C:\Windows\System\SSHDoFU.exe
  2⤵
  PID:7404
- C:\Windows\System\LyKUVUS.exe
  C:\Windows\System\LyKUVUS.exe
  2⤵
  PID:7420
- C:\Windows\System\vYtHtGl.exe
  C:\Windows\System\vYtHtGl.exe
  2⤵
  PID:7440
- C:\Windows\System\ahePdGU.exe
  C:\Windows\System\ahePdGU.exe
  2⤵
  PID:7504
- C:\Windows\System\eYnrowO.exe
  C:\Windows\System\eYnrowO.exe
  2⤵
  PID:7580
- C:\Windows\System\XVjqRAt.exe
  C:\Windows\System\XVjqRAt.exe
  2⤵
  PID:7644
- C:\Windows\System\cXgefVA.exe
  C:\Windows\System\cXgefVA.exe
  2⤵
  PID:7560
- C:\Windows\System\NoSkskk.exe
  C:\Windows\System\NoSkskk.exe
  2⤵
  PID:7596
- C:\Windows\System\PCLbWhQ.exe
  C:\Windows\System\PCLbWhQ.exe
  2⤵
  PID:7564
- C:\Windows\System\vsmYjGL.exe
  C:\Windows\System\vsmYjGL.exe
  2⤵
  PID:7632
- C:\Windows\System\pJEsKWS.exe
  C:\Windows\System\pJEsKWS.exe
  2⤵
  PID:7708
- C:\Windows\System\BPzzHgP.exe
  C:\Windows\System\BPzzHgP.exe
  2⤵
  PID:7784
- C:\Windows\System\STEAhJH.exe
  C:\Windows\System\STEAhJH.exe
  2⤵
  PID:7800
- C:\Windows\System\khHUitQ.exe
  C:\Windows\System\khHUitQ.exe
  2⤵
  PID:7844
- C:\Windows\System\TqrjamM.exe
  C:\Windows\System\TqrjamM.exe
  2⤵
  PID:7860
- C:\Windows\System\nbXeDPa.exe
  C:\Windows\System\nbXeDPa.exe
  2⤵
  PID:7928
- C:\Windows\System\FsfllXv.exe
  C:\Windows\System\FsfllXv.exe
  2⤵
  PID:7960
- C:\Windows\System\sRGhRgy.exe
  C:\Windows\System\sRGhRgy.exe
  2⤵
  PID:8004
- C:\Windows\System\qDbYeZu.exe
  C:\Windows\System\qDbYeZu.exe
  2⤵
  PID:8044
- C:\Windows\System\xYBskJs.exe
  C:\Windows\System\xYBskJs.exe
  2⤵
  PID:8084
- C:\Windows\System\dWpnLna.exe
  C:\Windows\System\dWpnLna.exe
  2⤵
  PID:7912
- C:\Windows\System\mVWMyax.exe
  C:\Windows\System\mVWMyax.exe
  2⤵
  PID:8024
- C:\Windows\System\rqODOxF.exe
  C:\Windows\System\rqODOxF.exe
  2⤵
  PID:8108
- C:\Windows\System\hlYNaHL.exe
  C:\Windows\System\hlYNaHL.exe
  2⤵
  PID:8124
- C:\Windows\System\MEwwvHi.exe
  C:\Windows\System\MEwwvHi.exe
  2⤵
  PID:8140
- C:\Windows\System\vxjjyUB.exe
  C:\Windows\System\vxjjyUB.exe
  2⤵
  PID:6328
- C:\Windows\System\KpfJNND.exe
  C:\Windows\System\KpfJNND.exe
  2⤵
  PID:7352
- C:\Windows\System\hxexsrr.exe
  C:\Windows\System\hxexsrr.exe
  2⤵
  PID:7260
- C:\Windows\System\GfsODNM.exe
  C:\Windows\System\GfsODNM.exe
  2⤵
  PID:7412
- C:\Windows\System\rujEvBm.exe
  C:\Windows\System\rujEvBm.exe
  2⤵
  PID:2768
- C:\Windows\System\GklJcSE.exe
  C:\Windows\System\GklJcSE.exe
  2⤵
  PID:7492
- C:\Windows\System\nYNggVE.exe
  C:\Windows\System\nYNggVE.exe
  2⤵
  PID:7716
- C:\Windows\System\cFvDbac.exe
  C:\Windows\System\cFvDbac.exe
  2⤵
  PID:7832
- C:\Windows\System\KoUpxtu.exe
  C:\Windows\System\KoUpxtu.exe
  2⤵
  PID:7900
- C:\Windows\System\iWgrMET.exe
  C:\Windows\System\iWgrMET.exe
  2⤵
  PID:8052
- C:\Windows\System\xvDUTqn.exe
  C:\Windows\System\xvDUTqn.exe
  2⤵
  PID:8020
- C:\Windows\System\eyFHQKY.exe
  C:\Windows\System\eyFHQKY.exe
  2⤵
  PID:8228
- C:\Windows\System\vcWacav.exe
  C:\Windows\System\vcWacav.exe
  2⤵
  PID:8244
- C:\Windows\System\JNUlPCW.exe
  C:\Windows\System\JNUlPCW.exe
  2⤵
  PID:8260
- C:\Windows\System\olCquJq.exe
  C:\Windows\System\olCquJq.exe
  2⤵
  PID:8280
- C:\Windows\System\eEjyArz.exe
  C:\Windows\System\eEjyArz.exe
  2⤵
  PID:8300
- C:\Windows\System\LKbEkeJ.exe
  C:\Windows\System\LKbEkeJ.exe
  2⤵
  PID:8316
- C:\Windows\System\PvATDxI.exe
  C:\Windows\System\PvATDxI.exe
  2⤵
  PID:8332
- C:\Windows\System\wKrFmtS.exe
  C:\Windows\System\wKrFmtS.exe
  2⤵
  PID:8348
- C:\Windows\System\fSsODAF.exe
  C:\Windows\System\fSsODAF.exe
  2⤵
  PID:8372
- C:\Windows\System\vzNDSIA.exe
  C:\Windows\System\vzNDSIA.exe
  2⤵
  PID:8392
- C:\Windows\System\AngDrRo.exe
  C:\Windows\System\AngDrRo.exe
  2⤵
  PID:8408
- C:\Windows\System\huVmmnw.exe
  C:\Windows\System\huVmmnw.exe
  2⤵
  PID:8424
- C:\Windows\System\UBVSReU.exe
  C:\Windows\System\UBVSReU.exe
  2⤵
  PID:8444
- C:\Windows\System\mgmAcpr.exe
  C:\Windows\System\mgmAcpr.exe
  2⤵
  PID:8460
- C:\Windows\System\WjtJKAB.exe
  C:\Windows\System\WjtJKAB.exe
  2⤵
  PID:8508
- C:\Windows\System\wrzbfCB.exe
  C:\Windows\System\wrzbfCB.exe
  2⤵
  PID:8524
- C:\Windows\System\ATSLKsa.exe
  C:\Windows\System\ATSLKsa.exe
  2⤵
  PID:8544
- C:\Windows\System\xUxztIV.exe
  C:\Windows\System\xUxztIV.exe
  2⤵
  PID:8560
- C:\Windows\System\AKGefrd.exe
  C:\Windows\System\AKGefrd.exe
  2⤵
  PID:8576
- C:\Windows\System\jWJqLjn.exe
  C:\Windows\System\jWJqLjn.exe
  2⤵
  PID:8596
- C:\Windows\System\tLkszWf.exe
  C:\Windows\System\tLkszWf.exe
  2⤵
  PID:8616
- C:\Windows\System\IsdRrQh.exe
  C:\Windows\System\IsdRrQh.exe
  2⤵
  PID:8632
- C:\Windows\System\xMObnkW.exe
  C:\Windows\System\xMObnkW.exe
  2⤵
  PID:8652
- C:\Windows\System\CoTclTB.exe
  C:\Windows\System\CoTclTB.exe
  2⤵
  PID:8668
- C:\Windows\System\GCLVjrS.exe
  C:\Windows\System\GCLVjrS.exe
  2⤵
  PID:8688
- C:\Windows\System\ESwgCZH.exe
  C:\Windows\System\ESwgCZH.exe
  2⤵
  PID:8704
- C:\Windows\System\qUshDQc.exe
  C:\Windows\System\qUshDQc.exe
  2⤵
  PID:8720
- C:\Windows\System\uDKeoon.exe
  C:\Windows\System\uDKeoon.exe
  2⤵
  PID:8740
- C:\Windows\System\vDLwmeY.exe
  C:\Windows\System\vDLwmeY.exe
  2⤵
  PID:8756
- C:\Windows\System\xTgdxKb.exe
  C:\Windows\System\xTgdxKb.exe
  2⤵
  PID:8772
- C:\Windows\System\EKtHnhD.exe
  C:\Windows\System\EKtHnhD.exe
  2⤵
  PID:8788
- C:\Windows\System\qUWfYkn.exe
  C:\Windows\System\qUWfYkn.exe
  2⤵
  PID:8804
- C:\Windows\System\LGcmqUw.exe
  C:\Windows\System\LGcmqUw.exe
  2⤵
  PID:8820
- C:\Windows\System\vuVvECd.exe
  C:\Windows\System\vuVvECd.exe
  2⤵
  PID:8836
- C:\Windows\System\AQBBiTt.exe
  C:\Windows\System\AQBBiTt.exe
  2⤵
  PID:8852
- C:\Windows\System\lWlrHsO.exe
  C:\Windows\System\lWlrHsO.exe
  2⤵
  PID:8868
- C:\Windows\System\QvuKlFS.exe
  C:\Windows\System\QvuKlFS.exe
  2⤵
  PID:8888
- C:\Windows\System\bsbjMZJ.exe
  C:\Windows\System\bsbjMZJ.exe
  2⤵
  PID:8904
- C:\Windows\System\EzaqXRp.exe
  C:\Windows\System\EzaqXRp.exe
  2⤵
  PID:8920
- C:\Windows\System\ASHpVhI.exe
  C:\Windows\System\ASHpVhI.exe
  2⤵
  PID:8936
- C:\Windows\System\EdwvERG.exe
  C:\Windows\System\EdwvERG.exe
  2⤵
  PID:8952
- C:\Windows\System\VnOPKHa.exe
  C:\Windows\System\VnOPKHa.exe
  2⤵
  PID:8968
- C:\Windows\System\MIaRCbW.exe
  C:\Windows\System\MIaRCbW.exe
  2⤵
  PID:8984
- C:\Windows\System\WrFpRDJ.exe
  C:\Windows\System\WrFpRDJ.exe
  2⤵
  PID:9000
- C:\Windows\System\VfljbEG.exe
  C:\Windows\System\VfljbEG.exe
  2⤵
  PID:9016
- C:\Windows\System\JBrjkDu.exe
  C:\Windows\System\JBrjkDu.exe
  2⤵
  PID:9032
- C:\Windows\System\qWOocMQ.exe
  C:\Windows\System\qWOocMQ.exe
  2⤵
  PID:9052
- C:\Windows\System\hbEGgCX.exe
  C:\Windows\System\hbEGgCX.exe
  2⤵
  PID:9068
- C:\Windows\System\ywqgxmA.exe
  C:\Windows\System\ywqgxmA.exe
  2⤵
  PID:9192
- C:\Windows\System\XcLlOUb.exe
  C:\Windows\System\XcLlOUb.exe
  2⤵
  PID:9212
- C:\Windows\System\yaJjcwF.exe
  C:\Windows\System\yaJjcwF.exe
  2⤵
  PID:7544
- C:\Windows\System\lpeMcAo.exe
  C:\Windows\System\lpeMcAo.exe
  2⤵
  PID:7616
- C:\Windows\System\cOhKxTm.exe
  C:\Windows\System\cOhKxTm.exe
  2⤵
  PID:7232
- C:\Windows\System\xQKOicB.exe
  C:\Windows\System\xQKOicB.exe
  2⤵
  PID:7176
- C:\Windows\System\mjxoylL.exe
  C:\Windows\System\mjxoylL.exe
  2⤵
  PID:7368
- C:\Windows\System\BCyrEsl.exe
  C:\Windows\System\BCyrEsl.exe
  2⤵
  PID:8180
- C:\Windows\System\UYDiJSC.exe
  C:\Windows\System\UYDiJSC.exe
  2⤵
  PID:7488
- C:\Windows\System\vBHeDjS.exe
  C:\Windows\System\vBHeDjS.exe
  2⤵
  PID:7676
- C:\Windows\System\zBHCUmd.exe
  C:\Windows\System\zBHCUmd.exe
  2⤵
  PID:7760
- C:\Windows\System\jHTXHbD.exe
  C:\Windows\System\jHTXHbD.exe
  2⤵
  PID:8032
- C:\Windows\System\evaHPed.exe
  C:\Windows\System\evaHPed.exe
  2⤵
  PID:8136
- C:\Windows\System\QuobBAD.exe
  C:\Windows\System\QuobBAD.exe
  2⤵
  PID:7296
- C:\Windows\System\sCfpsdW.exe
  C:\Windows\System\sCfpsdW.exe
  2⤵
  PID:7748
- C:\Windows\System\GNHvRwv.exe
  C:\Windows\System\GNHvRwv.exe
  2⤵
  PID:8240
- C:\Windows\System\ZigZpac.exe
  C:\Windows\System\ZigZpac.exe
  2⤵
  PID:8272
- C:\Windows\System\kXwNlvK.exe
  C:\Windows\System\kXwNlvK.exe
  2⤵
  PID:7460
- C:\Windows\System\ZaTJCJe.exe
  C:\Windows\System\ZaTJCJe.exe
  2⤵
  PID:7512
- C:\Windows\System\BJMYXrU.exe
  C:\Windows\System\BJMYXrU.exe
  2⤵
  PID:7688
- C:\Windows\System\pYghyEb.exe
  C:\Windows\System\pYghyEb.exe
  2⤵
  PID:8416
- C:\Windows\System\tpdKwKd.exe
  C:\Windows\System\tpdKwKd.exe
  2⤵
  PID:8420
- C:\Windows\System\VqXVvAR.exe
  C:\Windows\System\VqXVvAR.exe
  2⤵
  PID:8216
- C:\Windows\System\HeyRBcf.exe
  C:\Windows\System\HeyRBcf.exe
  2⤵
  PID:8360
- C:\Windows\System\lcnaKRH.exe
  C:\Windows\System\lcnaKRH.exe
  2⤵
  PID:8252
- C:\Windows\System\rxJCqHw.exe
  C:\Windows\System\rxJCqHw.exe
  2⤵
  PID:8516
- C:\Windows\System\DnLxJOT.exe
  C:\Windows\System\DnLxJOT.exe
  2⤵
  PID:8356
- C:\Windows\System\bNUUMga.exe
  C:\Windows\System\bNUUMga.exe
  2⤵
  PID:8404
- C:\Windows\System\NmrWBdj.exe
  C:\Windows\System\NmrWBdj.exe
  2⤵
  PID:8480
- C:\Windows\System\WtJDbOq.exe
  C:\Windows\System\WtJDbOq.exe
  2⤵
  PID:8588
- C:\Windows\System\fJrIOFX.exe
  C:\Windows\System\fJrIOFX.exe
  2⤵
  PID:8628
- C:\Windows\System\GFiMKye.exe
  C:\Windows\System\GFiMKye.exe
  2⤵
  PID:8500
- C:\Windows\System\bADUDOJ.exe
  C:\Windows\System\bADUDOJ.exe
  2⤵
  PID:8728
- C:\Windows\System\SxWaZgQ.exe
  C:\Windows\System\SxWaZgQ.exe
  2⤵
  PID:8784
- C:\Windows\System\DavLVcF.exe
  C:\Windows\System\DavLVcF.exe
  2⤵
  PID:8764
- C:\Windows\System\jvekbWk.exe
  C:\Windows\System\jvekbWk.exe
  2⤵
  PID:8828
- C:\Windows\System\EMCKtOy.exe
  C:\Windows\System\EMCKtOy.exe
  2⤵
  PID:8536
- C:\Windows\System\PhcLucT.exe
  C:\Windows\System\PhcLucT.exe
  2⤵
  PID:8608
- C:\Windows\System\sNJessY.exe
  C:\Windows\System\sNJessY.exe
  2⤵
  PID:8644
- C:\Windows\System\plCXtdX.exe
  C:\Windows\System\plCXtdX.exe
  2⤵
  PID:8992
- C:\Windows\System\XEYvCyf.exe
  C:\Windows\System\XEYvCyf.exe
  2⤵
  PID:9028
- C:\Windows\System\LomCNHy.exe
  C:\Windows\System\LomCNHy.exe
  2⤵
  PID:9012
- C:\Windows\System\dgjhqMX.exe
  C:\Windows\System\dgjhqMX.exe
  2⤵
  PID:9064
- C:\Windows\System\NiVSjjh.exe
  C:\Windows\System\NiVSjjh.exe
  2⤵
  PID:9088
- C:\Windows\System\aLhSZMl.exe
  C:\Windows\System\aLhSZMl.exe
  2⤵
  PID:9112
- C:\Windows\System\fFHcyaf.exe
  C:\Windows\System\fFHcyaf.exe
  2⤵
  PID:9136
- C:\Windows\System\SzQPAlb.exe
  C:\Windows\System\SzQPAlb.exe
  2⤵
  PID:9156
- C:\Windows\System\CBbUBhJ.exe
  C:\Windows\System\CBbUBhJ.exe
  2⤵
  PID:9180
- C:\Windows\System\fwPnJXE.exe
  C:\Windows\System\fwPnJXE.exe
  2⤵
  PID:9208
- C:\Windows\System\COuwzlI.exe
  C:\Windows\System\COuwzlI.exe
  2⤵
  PID:6824
- C:\Windows\System\YmyueQt.exe
  C:\Windows\System\YmyueQt.exe
  2⤵
  PID:7668
- C:\Windows\System\vQmTZVx.exe
  C:\Windows\System\vQmTZVx.exe
  2⤵
  PID:1956
- C:\Windows\System\bvYQrPs.exe
  C:\Windows\System\bvYQrPs.exe
  2⤵
  PID:7728
- C:\Windows\System\qRJrrUD.exe
  C:\Windows\System\qRJrrUD.exe
  2⤵
  PID:8132
- C:\Windows\System\pJLQXYZ.exe
  C:\Windows\System\pJLQXYZ.exe
  2⤵
  PID:7456
- C:\Windows\System\OKoSNZV.exe
  C:\Windows\System\OKoSNZV.exe
  2⤵
  PID:7948
- C:\Windows\System\uMCfFss.exe
  C:\Windows\System\uMCfFss.exe
  2⤵
  PID:8384
- C:\Windows\System\VQzyKvJ.exe
  C:\Windows\System\VQzyKvJ.exe
  2⤵
  PID:8340
- C:\Windows\System\tmmCDIH.exe
  C:\Windows\System\tmmCDIH.exe
  2⤵
  PID:8196
- C:\Windows\System\UeBXHht.exe
  C:\Windows\System\UeBXHht.exe
  2⤵
  PID:8200
- C:\Windows\System\MdqQpKa.exe
  C:\Windows\System\MdqQpKa.exe
  2⤵
  PID:8288
- C:\Windows\System\mfQvYuY.exe
  C:\Windows\System\mfQvYuY.exe
  2⤵
  PID:8368
- C:\Windows\System\gaIApsb.exe
  C:\Windows\System\gaIApsb.exe
  2⤵
  PID:8328
- C:\Windows\System\UcAOVOh.exe
  C:\Windows\System\UcAOVOh.exe
  2⤵
  PID:8624
- C:\Windows\System\HbjAIks.exe
  C:\Windows\System\HbjAIks.exe
  2⤵
  PID:8496
- C:\Windows\System\kyWSoAO.exe
  C:\Windows\System\kyWSoAO.exe
  2⤵
  PID:8472
- C:\Windows\System\wzJynjE.exe
  C:\Windows\System\wzJynjE.exe
  2⤵
  PID:8800
- C:\Windows\System\SAdYGBh.exe
  C:\Windows\System\SAdYGBh.exe
  2⤵
  PID:8680
- C:\Windows\System\RbNjCIL.exe
  C:\Windows\System\RbNjCIL.exe
  2⤵
  PID:8716
- C:\Windows\System\eLykbDU.exe
  C:\Windows\System\eLykbDU.exe
  2⤵
  PID:8880
- C:\Windows\System\jzZHAim.exe
  C:\Windows\System\jzZHAim.exe
  2⤵
  PID:8884
- C:\Windows\System\QnXzJQa.exe
  C:\Windows\System\QnXzJQa.exe
  2⤵
  PID:8912
- C:\Windows\System\sHyUZDK.exe
  C:\Windows\System\sHyUZDK.exe
  2⤵
  PID:9024
- C:\Windows\System\NfSYCWP.exe
  C:\Windows\System\NfSYCWP.exe
  2⤵
  PID:9084
- C:\Windows\System\sInUeVu.exe
  C:\Windows\System\sInUeVu.exe
  2⤵
  PID:8948
- C:\Windows\System\ZUvPRWr.exe
  C:\Windows\System\ZUvPRWr.exe
  2⤵
  PID:9152
- C:\Windows\System\GdEqTGN.exe
  C:\Windows\System\GdEqTGN.exe
  2⤵
  PID:9164
- C:\Windows\System\mMenvbi.exe
  C:\Windows\System\mMenvbi.exe
  2⤵
  PID:8732
- C:\Windows\System\ndxEcsa.exe
  C:\Windows\System\ndxEcsa.exe
  2⤵
  PID:7796
- C:\Windows\System\QMkHAEy.exe
  C:\Windows\System\QMkHAEy.exe
  2⤵
  PID:7400
- C:\Windows\System\vQatfka.exe
  C:\Windows\System\vQatfka.exe
  2⤵
  PID:7280
- C:\Windows\System\YNoIOVj.exe
  C:\Windows\System\YNoIOVj.exe
  2⤵
  PID:7868
- C:\Windows\System\YgTvLUB.exe
  C:\Windows\System\YgTvLUB.exe
  2⤵
  PID:7612
- C:\Windows\System\kAlhrff.exe
  C:\Windows\System\kAlhrff.exe
  2⤵
  PID:8556
- C:\Windows\System\XkbMEeE.exe
  C:\Windows\System\XkbMEeE.exe
  2⤵
  PID:8812
- C:\Windows\System\OMUyFkj.exe
  C:\Windows\System\OMUyFkj.exe
  2⤵
  PID:8604
- C:\Windows\System\IHSnXET.exe
  C:\Windows\System\IHSnXET.exe
  2⤵
  PID:5264
- C:\Windows\System\dahiaeT.exe
  C:\Windows\System\dahiaeT.exe
  2⤵
  PID:8980
- C:\Windows\System\bUPoQWs.exe
  C:\Windows\System\bUPoQWs.exe
  2⤵
  PID:8488
- C:\Windows\System\iyAOmHJ.exe
  C:\Windows\System\iyAOmHJ.exe
  2⤵
  PID:8696
- C:\Windows\System\mEkUhHh.exe
  C:\Windows\System\mEkUhHh.exe
  2⤵
  PID:9188
- C:\Windows\System\gINDGbc.exe
  C:\Windows\System\gINDGbc.exe
  2⤵
  PID:7652
- C:\Windows\System\UFzNRWn.exe
  C:\Windows\System\UFzNRWn.exe
  2⤵
  PID:7600
- C:\Windows\System\XbQMwaA.exe
  C:\Windows\System\XbQMwaA.exe
  2⤵
  PID:5852
- C:\Windows\System\BRESJci.exe
  C:\Windows\System\BRESJci.exe
  2⤵
  PID:6464
- C:\Windows\System\UceMmWI.exe
  C:\Windows\System\UceMmWI.exe
  2⤵
  PID:8156
- C:\Windows\System\lJRCZke.exe
  C:\Windows\System\lJRCZke.exe
  2⤵
  PID:9228
- C:\Windows\System\dIMZaPv.exe
  C:\Windows\System\dIMZaPv.exe
  2⤵
  PID:9248
- C:\Windows\System\VgJzKUK.exe
  C:\Windows\System\VgJzKUK.exe
  2⤵
  PID:9264
- C:\Windows\System\CklejJb.exe
  C:\Windows\System\CklejJb.exe
  2⤵
  PID:9288
- C:\Windows\System\ABDzKvk.exe
  C:\Windows\System\ABDzKvk.exe
  2⤵
  PID:9308
- C:\Windows\System\WvHcKXn.exe
  C:\Windows\System\WvHcKXn.exe
  2⤵
  PID:9328
- C:\Windows\System\MtKxVpW.exe
  C:\Windows\System\MtKxVpW.exe
  2⤵
  PID:9344
- C:\Windows\System\hnJcTXs.exe
  C:\Windows\System\hnJcTXs.exe
  2⤵
  PID:9364
- C:\Windows\System\HDWiOcT.exe
  C:\Windows\System\HDWiOcT.exe
  2⤵
  PID:9440
- C:\Windows\System\YuvZwjV.exe
  C:\Windows\System\YuvZwjV.exe
  2⤵
  PID:9456
- C:\Windows\System\wlKvrep.exe
  C:\Windows\System\wlKvrep.exe
  2⤵
  PID:9472
- C:\Windows\System\iHuiePn.exe
  C:\Windows\System\iHuiePn.exe
  2⤵
  PID:9492
- C:\Windows\System\CuKTmbe.exe
  C:\Windows\System\CuKTmbe.exe
  2⤵
  PID:9520
- C:\Windows\System\wcXxwWF.exe
  C:\Windows\System\wcXxwWF.exe
  2⤵
  PID:9540
- C:\Windows\System\CjREyKf.exe
  C:\Windows\System\CjREyKf.exe
  2⤵
  PID:9560
- C:\Windows\System\pugErei.exe
  C:\Windows\System\pugErei.exe
  2⤵
  PID:9576
- C:\Windows\System\IwefOCE.exe
  C:\Windows\System\IwefOCE.exe
  2⤵
  PID:9596
- C:\Windows\System\eaVFidF.exe
  C:\Windows\System\eaVFidF.exe
  2⤵
  PID:9612
- C:\Windows\System\LpUBfkT.exe
  C:\Windows\System\LpUBfkT.exe
  2⤵
  PID:9628
- C:\Windows\System\Pgeffbw.exe
  C:\Windows\System\Pgeffbw.exe
  2⤵
  PID:9644
- C:\Windows\System\frBXpBD.exe
  C:\Windows\System\frBXpBD.exe
  2⤵
  PID:9660
- C:\Windows\System\lLwaneX.exe
  C:\Windows\System\lLwaneX.exe
  2⤵
  PID:9676
- C:\Windows\System\PeLyLRt.exe
  C:\Windows\System\PeLyLRt.exe
  2⤵
  PID:9692
- C:\Windows\System\obGZDNw.exe
  C:\Windows\System\obGZDNw.exe
  2⤵
  PID:9708
- C:\Windows\System\wcDqDSQ.exe
  C:\Windows\System\wcDqDSQ.exe
  2⤵
  PID:9724
- C:\Windows\System\iNPdpAw.exe
  C:\Windows\System\iNPdpAw.exe
  2⤵
  PID:9740
- C:\Windows\System\uVjUOPW.exe
  C:\Windows\System\uVjUOPW.exe
  2⤵
  PID:9756
- C:\Windows\System\jYkGxsG.exe
  C:\Windows\System\jYkGxsG.exe
  2⤵
  PID:9772
- C:\Windows\System\zCKKnRe.exe
  C:\Windows\System\zCKKnRe.exe
  2⤵
  PID:9788
- C:\Windows\System\ClpiHrR.exe
  C:\Windows\System\ClpiHrR.exe
  2⤵
  PID:9804
- C:\Windows\System\PgUtOtq.exe
  C:\Windows\System\PgUtOtq.exe
  2⤵
  PID:9820
- C:\Windows\System\EuppQZd.exe
  C:\Windows\System\EuppQZd.exe
  2⤵
  PID:9836
- C:\Windows\System\THOiRdr.exe
  C:\Windows\System\THOiRdr.exe
  2⤵
  PID:9852
- C:\Windows\System\MXMPnoi.exe
  C:\Windows\System\MXMPnoi.exe
  2⤵
  PID:9868
- C:\Windows\System\qxFSQBB.exe
  C:\Windows\System\qxFSQBB.exe
  2⤵
  PID:9892
- C:\Windows\System\NzsUUXI.exe
  C:\Windows\System\NzsUUXI.exe
  2⤵
  PID:9920
- C:\Windows\System\kjHFHpY.exe
  C:\Windows\System\kjHFHpY.exe
  2⤵
  PID:9952
- C:\Windows\System\PTJTaSW.exe
  C:\Windows\System\PTJTaSW.exe
  2⤵
  PID:9968
- C:\Windows\System\KTAqAkv.exe
  C:\Windows\System\KTAqAkv.exe
  2⤵
  PID:9984
- C:\Windows\System\HOhNvnu.exe
  C:\Windows\System\HOhNvnu.exe
  2⤵
  PID:10000
- C:\Windows\System\RWegCbW.exe
  C:\Windows\System\RWegCbW.exe
  2⤵
  PID:10024
- C:\Windows\System\ctAPgyA.exe
  C:\Windows\System\ctAPgyA.exe
  2⤵
  PID:10040
- C:\Windows\System\YfCmBQV.exe
  C:\Windows\System\YfCmBQV.exe
  2⤵
  PID:10116
- C:\Windows\System\EZdmkyI.exe
  C:\Windows\System\EZdmkyI.exe
  2⤵
  PID:10144
- C:\Windows\System\DWwuXAD.exe
  C:\Windows\System\DWwuXAD.exe
  2⤵
  PID:10160
- C:\Windows\System\bgXlWwA.exe
  C:\Windows\System\bgXlWwA.exe
  2⤵
  PID:10176
- C:\Windows\System\sPqqfzC.exe
  C:\Windows\System\sPqqfzC.exe
  2⤵
  PID:10208
- C:\Windows\System\BgWmZkw.exe
  C:\Windows\System\BgWmZkw.exe
  2⤵
  PID:10224
- C:\Windows\System\peiMuiO.exe
  C:\Windows\System\peiMuiO.exe
  2⤵
  PID:8976
- C:\Windows\System\cBXrqfL.exe
  C:\Windows\System\cBXrqfL.exe
  2⤵
  PID:9280
- C:\Windows\System\XEjzxNf.exe
  C:\Windows\System\XEjzxNf.exe
  2⤵
  PID:9324
- C:\Windows\System\FeobCzH.exe
  C:\Windows\System\FeobCzH.exe
  2⤵
  PID:8584
- C:\Windows\System\GPRbatp.exe
  C:\Windows\System\GPRbatp.exe
  2⤵
  PID:8476
- C:\Windows\System\fpzUJtR.exe
  C:\Windows\System\fpzUJtR.exe
  2⤵
  PID:8876
- C:\Windows\System\qUeRHiS.exe
  C:\Windows\System\qUeRHiS.exe
  2⤵
  PID:8492
- C:\Windows\System\XINWovZ.exe
  C:\Windows\System\XINWovZ.exe
  2⤵
  PID:9300
- C:\Windows\System\IhrDjlA.exe
  C:\Windows\System\IhrDjlA.exe
  2⤵
  PID:9372
- C:\Windows\System\JShJdQr.exe
  C:\Windows\System\JShJdQr.exe
  2⤵
  PID:8256
- C:\Windows\System\AeNuDyC.exe
  C:\Windows\System\AeNuDyC.exe
  2⤵
  PID:8848
- C:\Windows\System\WCaJjCr.exe
  C:\Windows\System\WCaJjCr.exe
  2⤵
  PID:8932
- C:\Windows\System\NTWpAoY.exe
  C:\Windows\System\NTWpAoY.exe
  2⤵
  PID:9376
- C:\Windows\System\fagwXNg.exe
  C:\Windows\System\fagwXNg.exe
  2⤵
  PID:8120
- C:\Windows\System\GtHRcYB.exe
  C:\Windows\System\GtHRcYB.exe
  2⤵
  PID:9400
- C:\Windows\System\pNTJfgG.exe
  C:\Windows\System\pNTJfgG.exe
  2⤵
  PID:9256
- C:\Windows\System\HMwDVYb.exe
  C:\Windows\System\HMwDVYb.exe
  2⤵
  PID:9480
- C:\Windows\System\tbmgiin.exe
  C:\Windows\System\tbmgiin.exe
  2⤵
  PID:9416
- C:\Windows\System\PPnMDkz.exe
  C:\Windows\System\PPnMDkz.exe
  2⤵
  PID:9464
- C:\Windows\System\VsrwueZ.exe
  C:\Windows\System\VsrwueZ.exe
  2⤵
  PID:9528
- C:\Windows\System\hJPlmiY.exe
  C:\Windows\System\hJPlmiY.exe
  2⤵
  PID:9568
- C:\Windows\System\xyUubpa.exe
  C:\Windows\System\xyUubpa.exe
  2⤵
  PID:9604
- C:\Windows\System\pJbhCYA.exe
  C:\Windows\System\pJbhCYA.exe
  2⤵
  PID:9672
- C:\Windows\System\fzdjaUr.exe
  C:\Windows\System\fzdjaUr.exe
  2⤵
  PID:9736
- C:\Windows\System\YnoHBGO.exe
  C:\Windows\System\YnoHBGO.exe
  2⤵
  PID:9796
- C:\Windows\System\CHiLevx.exe
  C:\Windows\System\CHiLevx.exe
  2⤵
  PID:9864
- C:\Windows\System\uzefRcq.exe
  C:\Windows\System\uzefRcq.exe
  2⤵
  PID:9960
- C:\Windows\System\wAitYgW.exe
  C:\Windows\System\wAitYgW.exe
  2⤵
  PID:9996
- C:\Windows\System\QguZkLw.exe
  C:\Windows\System\QguZkLw.exe
  2⤵
  PID:9948
- C:\Windows\System\JBnMpZy.exe
  C:\Windows\System\JBnMpZy.exe
  2⤵
  PID:9652
- C:\Windows\System\UPpsucb.exe
  C:\Windows\System\UPpsucb.exe
  2⤵
  PID:9716
- C:\Windows\System\ABqCHpl.exe
  C:\Windows\System\ABqCHpl.exe
  2⤵
  PID:9784
- C:\Windows\System\zNSwknK.exe
  C:\Windows\System\zNSwknK.exe
  2⤵
  PID:9876
- C:\Windows\System\sonOUzK.exe
  C:\Windows\System\sonOUzK.exe
  2⤵
  PID:9932
- C:\Windows\System\upzueXA.exe
  C:\Windows\System\upzueXA.exe
  2⤵
  PID:9976
- C:\Windows\System\AwEDMzU.exe
  C:\Windows\System\AwEDMzU.exe
  2⤵
  PID:10016
- C:\Windows\System\NVwGfJH.exe
  C:\Windows\System\NVwGfJH.exe
  2⤵
  PID:10084
- C:\Windows\System\gScrqLx.exe
  C:\Windows\System\gScrqLx.exe
  2⤵
  PID:10096
- C:\Windows\System\bHRYzLa.exe
  C:\Windows\System\bHRYzLa.exe
  2⤵
  PID:10088
- C:\Windows\System\KGcqmTa.exe
  C:\Windows\System\KGcqmTa.exe
  2⤵
  PID:10136
- C:\Windows\System\pRGbjzT.exe
  C:\Windows\System\pRGbjzT.exe
  2⤵
  PID:10132
- C:\Windows\System\swaBFBY.exe
  C:\Windows\System\swaBFBY.exe
  2⤵
  PID:9272
- C:\Windows\System\KxIZLeR.exe
  C:\Windows\System\KxIZLeR.exe
  2⤵
  PID:9356
- C:\Windows\System\wleBKYT.exe
  C:\Windows\System\wleBKYT.exe
  2⤵
  PID:8640
- C:\Windows\System\RWoLwCT.exe
  C:\Windows\System\RWoLwCT.exe
  2⤵
  PID:8324
- C:\Windows\System\qloTmIJ.exe
  C:\Windows\System\qloTmIJ.exe
  2⤵
  PID:9132
- C:\Windows\System\sJGxHEx.exe
  C:\Windows\System\sJGxHEx.exe
  2⤵
  PID:8520
- C:\Windows\System\yZyNIbM.exe
  C:\Windows\System\yZyNIbM.exe
  2⤵
  PID:9100
- C:\Windows\System\DgMacpt.exe
  C:\Windows\System\DgMacpt.exe
  2⤵
  PID:9408
- C:\Windows\System\FQpwYKm.exe
  C:\Windows\System\FQpwYKm.exe
  2⤵
  PID:9380
- C:\Windows\System\scJlnuQ.exe
  C:\Windows\System\scJlnuQ.exe
  2⤵
  PID:9076
- C:\Windows\System\qoZIhzv.exe
  C:\Windows\System\qoZIhzv.exe
  2⤵
  PID:9428
- C:\Windows\System\MWojcEx.exe
  C:\Windows\System\MWojcEx.exe
  2⤵
  PID:9500
- C:\Windows\System\MxahyUi.exe
  C:\Windows\System\MxahyUi.exe
  2⤵
  PID:9572
- C:\Windows\System\SqexVnb.exe
  C:\Windows\System\SqexVnb.exe
  2⤵
  PID:9832
- C:\Windows\System\uWPaAxl.exe
  C:\Windows\System\uWPaAxl.exe
  2⤵
  PID:9752
- C:\Windows\System\RffrKGb.exe
  C:\Windows\System\RffrKGb.exe
  2⤵
  PID:9552
- C:\Windows\System\VtsFqHX.exe
  C:\Windows\System\VtsFqHX.exe
  2⤵
  PID:10128
- C:\Windows\System\EATJGFf.exe
  C:\Windows\System\EATJGFf.exe
  2⤵
  PID:9588
- C:\Windows\System\NFzqmPd.exe
  C:\Windows\System\NFzqmPd.exe
  2⤵
  PID:9904
- C:\Windows\System\KCPheLp.exe
  C:\Windows\System\KCPheLp.exe
  2⤵
  PID:10036
- C:\Windows\System\ElKFXwo.exe
  C:\Windows\System\ElKFXwo.exe
  2⤵
  PID:9916
- C:\Windows\System\OgZptMi.exe
  C:\Windows\System\OgZptMi.exe
  2⤵
  PID:9844
- C:\Windows\System\KVQXQbQ.exe
  C:\Windows\System\KVQXQbQ.exe
  2⤵
  PID:10184
- C:\Windows\System\bJmYfXm.exe
  C:\Windows\System\bJmYfXm.exe
  2⤵
  PID:9536
- C:\Windows\System\DlAaSjh.exe
  C:\Windows\System\DlAaSjh.exe
  2⤵
  PID:9240
- C:\Windows\System\KUIZRab.exe
  C:\Windows\System\KUIZRab.exe
  2⤵
  PID:7556
- C:\Windows\System\TPCJGtn.exe
  C:\Windows\System\TPCJGtn.exe
  2⤵
  PID:9148
- C:\Windows\System\fNBaUFj.exe
  C:\Windows\System\fNBaUFj.exe
  2⤵
  PID:8896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AiGNktm.exe

Filesize
6.0MB

MD5
cc7ed914b4125b94cff7263fdba34cdd

SHA1
aeb123932c7722a5aa24caac583807258c530615

SHA256
519cbaf66f1bf749ada45307ea87b32516dd43ab3336b0d6a341b9e1ea4e5ea7

SHA512
3d23ee3098f0923bf669b52078ff44f27de850cc91928a41979ab673ed69ef9cdd15c1591ef6180bb213ce2bf44c2c0ce4f6c133e77f34e3c27c28b278dc54d5

Download Submit
C:\Windows\system\AwpnGYn.exe

Filesize
6.0MB

MD5
09748130ffb520d658d90caf70e5607d

SHA1
57fb788bdf5ccb27dfa5b242b228bb388b85bdde

SHA256
53988af9a1203b25d17d45729bf542288690462833a8c3519ec453d7b0565c54

SHA512
2522c7f73266d19022b5a1268822d0c6efd151db58514dd840ff792bb74755f2f530aa0adb62fa1c7ea9f505299c0678303f2da2960d8b969b2a68a42b39b233

Download Submit
C:\Windows\system\BIuxdap.exe

Filesize
6.0MB

MD5
72c34d82eeb571cca923b3a405674edb

SHA1
b6c8534f8e24d62b481badf7a55dbb39f044a087

SHA256
5eca034ce1a9737c2a96b6b2977996bbfac2ee6de2966ff39f2a5985d98f2d6d

SHA512
17ea154aea1f7c66dbf49b6fd71a4e9d0da03df777676c9daae11f02289b8afadfcf273dc99e5a1a109e60dd9910b1212eb9b0057f00d597cfe91196b6449c2d

Download Submit
C:\Windows\system\FbHEIoC.exe

Filesize
6.0MB

MD5
7c4b15294bfa099b5803ee0b3453ae99

SHA1
020b0a22c02f14756ae3a01483a403fcba56f606

SHA256
57286d374dd426d136760ab76201aa24c93b8d830840e7f86938650879d622ce

SHA512
09d56d4f314dd574cc0736112a37d97aeb70144f5c215f38d246b4f16a4855c7f1b58ca4f7979c8e584b1b54bf4dc2be73c1f1d7f94b23d07c96b3ccb35e256c

Download Submit
C:\Windows\system\MEQtnOh.exe

Filesize
6.0MB

MD5
a621502b2b84ea29cc1007f690febff7

SHA1
c6d8e1027de20431049acc27069eaf7980a18e4d

SHA256
f57aec28194fdbfc574032b2ad7a7172659817c96e7017086f9c6e6d9cea93f9

SHA512
75929d3b635efdc3359bfb6d908abedd77ba38fd5c04485ad77c25d3f2d428d0f9e143937e0f151eb50d79c5b7ccd03c2c212a8be84c80bf9b8fb0c6d0da9536

Download Submit
C:\Windows\system\PfAUYlh.exe

Filesize
6.0MB

MD5
db3443bf31fb3f3f7f3665a6c3651864

SHA1
6ab1650b6e618b5f290f6906694670e08ad6d129

SHA256
b042b6dc7dff739f7469ebfb93dedffc1900283b6dfcf19c5f6b47ffd4dbc20b

SHA512
fdac498965777144cdadd7054bd6c763d46b19173b5c117297b56e158bdc6335112da658f1ad78b8275c22b12f01e93bea09e47efed7641128550a128c87c59e

Download Submit
C:\Windows\system\SfdpFkb.exe

Filesize
6.0MB

MD5
9e547049b612b88772d7224b3596bde7

SHA1
1ff1a5280a665b3790c8c949af35025fc356dcb0

SHA256
f77a3ea0c2a1a434093fd354b9c14476c54a61f92fe7dc02943a740cc2c603a5

SHA512
da071d4048ea595605f688c7f0af8ee0c0a3238cf6930b642b4c430df6ebb195e30c459fb8c1680621c2d50c87f82f2e30d40e41e54cf777bf27d7923fad8804

Download Submit
C:\Windows\system\UqDtnxb.exe

Filesize
6.0MB

MD5
ae87951cca8b3d369892e8ea6d5e3fc0

SHA1
05bc8182079632c234fc549c294835c357b59c95

SHA256
084372a821856baaf478173f87cce9f69eba6656ed373813f8889c495db349c4

SHA512
c80db8ceb8111c90d30fb454b652f0a9a0e1b6a45bf3411b965e8e298bb7d32811dd2c36ace7bfcf57037d37766a592bfc993e7778ab0d202d40f649faa543b4

Download Submit
C:\Windows\system\VrWFCAI.exe

Filesize
6.0MB

MD5
b3f3e0aacd92abc63d36b270773a3c4e

SHA1
30e92e922df393a6d17464e9051c5aad7560e0b3

SHA256
a97821ae3561ceae8c2f2ccea8c3a27ee77a35a3644173e5ae27485723bb4c0d

SHA512
7224c58c8c36392d3f6b9a8e5466620c4f3c63689785b492a73708d86d423ad224137076cb087dc238c07cf6ad1e60052d55dc859f0b3ae08c2580d989a1ec37

Download Submit
C:\Windows\system\WGRzkZI.exe

Filesize
6.0MB

MD5
13e8b493dc5145c0efbb3fb0b6c4bd8b

SHA1
2d285b2ee95bfd75112ea5fe4eee923a3c93bb4d

SHA256
9aa9e21e3e759c16123463a28acac635adb1db95c84ebc96a70d0a3235144844

SHA512
4e07d42af108e8bf975d5408f6b5ab90a68d039e21bc9613d803de4a0d74e3e9630cf292b89144d45187aca923018c1d10de0e9ab032f95ed9c8dab94d04903c

Download Submit
C:\Windows\system\aOTzeSP.exe

Filesize
6.0MB

MD5
c99a11fdee99e1911dbc9013d925130c

SHA1
2ba37b7e9c7eb481c2696f10c80cc5a66d48d517

SHA256
ee49883a6d03a852711f3384f33dd629eeca26c8ea0894e74c4cd588824df2d1

SHA512
3334e0d67339a7b7ddbc3ce08e7e6c5387db2a73b5a0f47eccf7676b0645a9984c5b43cf8eba3f67ab0c14b5020b3cbc66087e27722293672a65d82727e3e854

Download Submit
C:\Windows\system\aRKpIAl.exe

Filesize
6.0MB

MD5
8d801e2a02ef94cf4740b64eae3895b1

SHA1
1e1f7a935f3ee1d7471e31f580a72562c6fc9975

SHA256
bbebe6c2432b03d77b54e84568659f9c70d7f1356048d1fc9fae09cd56c3a005

SHA512
d60fa95d0e15640dd707012ccf57390bf977aef14753918fdff467e166175d6ee11e0d37bacfac066fd6d7f7ff9dd8341e2d81e2f80df6dbadb4d87a14d09daf

Download Submit
C:\Windows\system\dtkPDli.exe

Filesize
6.0MB

MD5
d13a706e488250f123a2d478218c79ce

SHA1
e1eec283433c25e30620fec84860e23a7eb9419d

SHA256
df8c79b02ed5e8b7da8a666075cc0775341dddf92cd5be571ef4a3e77b38c7e6

SHA512
1c240cd4a307ff542ef438c0123af79e4d2fa2494e0f02751729473ff61f5585599899464e04ade091602b9cbdfb0ffffc1d2da3d6bb41c0690e3783611e1511

Download Submit
C:\Windows\system\eSQkVjf.exe

Filesize
6.0MB

MD5
fed6d22d0be602cb16ab361c9bb4449d

SHA1
3ed48a131de7821f73caf00564bebf546a32ec67

SHA256
0e92a5c188b8b44cbbf5c3c1169b80c03f979accf9be6e91edf022ebf15a02aa

SHA512
e227c5b3b9380b7334bf8ab311a81ac9469afa7f137ff796813f527eb7458b5d3a512ae6a9721002343748a406d792a0160cd376f785019ac007582cebc2aa7a

Download Submit
C:\Windows\system\fOvhtaF.exe

Filesize
6.0MB

MD5
d3ec5f5e84ec05fdb7fd7e76de5a05c9

SHA1
c85c5599ce47cd8f94abdd6dab32bc8842442880

SHA256
2fd2e1cfa283bcaeab68df6548831e9d16f1cccca6b4a30ef067e2742fcba31e

SHA512
b95ff74499383bde96ffbaab665d0e171f64e21fd37628e1368b407014001268855cf79ea77aecb7cc725f055d9b7a6e8cb8490a9921d887acf0805109abaa41

Download Submit
C:\Windows\system\gbXYusc.exe

Filesize
6.0MB

MD5
7e7248702d8cfefb877c895b33a3ceae

SHA1
6834f721ce1c52b505ad0e50931e60d6fb8a6f53

SHA256
1daa092788ac941b3f5c0bb48c70a8a496bb61099f245f7f9dc406d12eae6943

SHA512
fabb6ed06a6c4f788fca3145aa71d5b292f4cc4aad4131cdcd42b7d452ab31b78870b375b72694206aa32f930101ad70e1ef8a5014ccfc3a0e9132799078134b

Download Submit
C:\Windows\system\ilwqMVc.exe

Filesize
6.0MB

MD5
d82bf1cdc7543b1ef9591b96e380104e

SHA1
069c12074f491973f7da78795dfce73a4afa4a70

SHA256
6ac08b5764c9ae5c9dafe9d164233ceed430d8b5e488b1f0cc77c5b044dc43e8

SHA512
49901d8c5d9f1eacfbca87ae9a08c0b69f1b49440b031c79d238dae84b5dc0bb96522e0cdcaa1bae85fce4ca91fd36964590022cd7fef58ce341bf3ec907b36a

Download Submit
C:\Windows\system\kbAOZgV.exe

Filesize
6.0MB

MD5
a9106d9a85bc18ed8d929682533eb514

SHA1
aaa01385667d545d3d1cf3e0f4ffdb6b54e53023

SHA256
03b6a145af14f9e0d439c6bef1a526290f6d06b9430c633b7830475eaed699d5

SHA512
fa398ee4dfb8b8cfafca750fc825bcd842e4b1c2a52b1268ec54fdfe9149adf4fc4fb5ac7f1205dd638d6dde98e66f0cf808822d4fe7e83406f414d63530cf43

Download Submit
C:\Windows\system\ntowffY.exe

Filesize
6.0MB

MD5
ece6a59d3bf5ba50f0eadbbe63a30a58

SHA1
73838e886b8ca0ba1f78c295695102e649e9ef32

SHA256
fb05f6bc5b2975e2fac4de9d84228db77931db544e9edd457f477c0539914fc3

SHA512
afc74f9b6e4cd0454660992a8300fa537c53df7bdba58f0ab827549f8ebea07350d2869d421879e69776b964fc5548754daf88ee85c7e1b8466464c77cacc928

Download Submit
C:\Windows\system\qViaEdR.exe

Filesize
6.0MB

MD5
3009eef514f3c1d071c0c4ec41d71c43

SHA1
1409fcd31c0a12776a2b430c54947316805a4e16

SHA256
f1295ad07ed6774ade902f7692d1d6e8f36cacbc26a13240756f5a7f665f5481

SHA512
9261b3f8896dd73838186bb42693588c0896a5be861653970099febd25fbcc46c8d8d7d8eab3082db3dc933128d72d5a2404807e368ebddaae9b954718644b57

Download Submit
C:\Windows\system\rdupfKS.exe

Filesize
6.0MB

MD5
1e0f61aa4d6d0a1724ce4fadce4f3e05

SHA1
914ee1a8ff5a0995d5a37a723676d8df3aaa97d8

SHA256
77ac0d45db8362c1b1405e4a28f3e70e1465ae10f28e3761e57819f9ae5383bb

SHA512
61a6c1faea7000f46b26513bca9b7e58b9243da536aa1de1756043ab05fd2f64bfb20bbac0e1e4bbe916d04b128fdc7fd714eee63773e42464b36b80a93f18f6

Download Submit
C:\Windows\system\tmVZbYu.exe

Filesize
6.0MB

MD5
4d334175376ce750a999a61d0d970446

SHA1
70f940102006a28639575406f47b71f41a75efcb

SHA256
7ef2065078ae17b382df4b83051e7ab9d5f7b8fc0db973cc561318342933cfb3

SHA512
527da4579b7ee69a0ef05546fe368643e00c5b486bb80670a20b8953f12554ad65c1b9de0142854f8ff8c2a759339c19790603be706d4eafb2b3301c550728f6

Download Submit
C:\Windows\system\zQaIQZY.exe

Filesize
6.0MB

MD5
dffc7454edf396633e446cba5dd0b209

SHA1
0e1d6546371cbe33806a24ac8f5e63a86cbea89f

SHA256
f2da720a94269dc642a58cb7c67012192b139ff9a869c3d82568de2f7e7a17f0

SHA512
37fbd18bcbe53c5ffd0d4d92f1c5bcb9fe26a44de7fb4a384e012b884f1860b3103da61438909400137e034a884e5fcddf57bb30c87117ecc83c79b2b9d04afc

Download Submit
\Windows\system\EmUQODx.exe

Filesize
6.0MB

MD5
8c9d77343b498357a22725b02f2721c8

SHA1
17b2b02ef072f1af49e77f27e831f9801dc95e46

SHA256
ac7132ccb60e185916baef76be3256cca815fb27206ffda6f5ced30c709423f6

SHA512
df23096198169e73782b34549f91ddc10fe195c7879e0b772298ab85626fdf3847f220fe6e5570bbd95db6cf0d566c6cb45c1215d1a819720b74fc099f71d238

Download Submit
\Windows\system\IcPGPFD.exe

Filesize
6.0MB

MD5
b7e374cd6b8976e2963d3385542bf055

SHA1
1e7625f4ffe2c978f2c462d2fafa6ac8333e59dd

SHA256
641e9eb0dd9a0591b9e6fa5bd319541d90d6285d015fae5dbc59af864e9ea43d

SHA512
f318f085e33ffb4694d5666645d2f7802fd251be8ad9b0bbf2279f419de7d89e45f68b0436a167aa0a93d37f839a715f6b3a7dfcc14a0dc53dbe0b516fd8afd8

Download Submit
\Windows\system\QVFsRuF.exe

Filesize
6.0MB

MD5
e6c8b6f7b0790e296dd490ae6de5693a

SHA1
f1e2f1c4e2e2e558b1d59766bcd9db5fd353dc45

SHA256
8de0224db10370b54bd22c546fa49867a2284b183828925f187c4d3861504e90

SHA512
8960b9ec3e20b35b2c0d4a7dfc4be876fdee15da42548233af51f418179cfc16288a0209f67ba694ea4d704c45ddc7e7d7c78243a07eb3bf04afd835fc4f880a

Download Submit
\Windows\system\UBTBmVS.exe

Filesize
6.0MB

MD5
737a74cc1ea72a7de2825b780fd8671c

SHA1
3cc5e3528f6b3ddf64ab18cad8eceb1d5662d56d

SHA256
dbc706bc97e5e12da0fab02da7d4ca95449c1cb6538d3c5c4c788bf0e24f61d7

SHA512
ec5286892c3a4741b48cb78191a07db82845552d905ff85b26be012b289a390271b52a7407afede43123ab6dcf2fdcfe8ce171e68a3016e492192a991a8b5fca

Download Submit
\Windows\system\YOJjIoV.exe

Filesize
6.0MB

MD5
c017d3e50ffa2b9f451995c82340152a

SHA1
372cf1e1430c6b5c9eb9d86961103257a00c5e53

SHA256
cca3d4778eada35a1fa318130ad0eb527fea0a0c3396cbfd3a36783714da9d01

SHA512
d18962a7ea4e222a2cfdbf6c03a5b450e54d315b44ecb0f263e333d68e6aada31a0f31e3f1169773a46037d4ff94b4a3a03aec128cf962804cbd97e5e3e05d84

Download Submit
\Windows\system\YeNWBMG.exe

Filesize
6.0MB

MD5
e586e911e659354850028de5c47e1cce

SHA1
edef976945bb987949b41afe1ba375fa10484771

SHA256
a74e918a9f309290f3856863dbc6fd6d28c4a7709e46f3ef5b47b3f4552c11e0

SHA512
d479acd202296cb127186c83dfe6a5c0c548dc0d5e65d0386bcb3be7e207cbf8e802c8489c23a3831efade465920444375b4a49b965f38dc03125cf418b0de72

Download Submit
\Windows\system\cAVeUri.exe

Filesize
6.0MB

MD5
304733b3bf6a52479d7e346b22b67f58

SHA1
7c96b818498b90da0f10a5477647a3ee933bdb61

SHA256
595384c2b3015a5279fba4dfdfe1541a4a6bc36fc7c9542ac124a99df8e5c529

SHA512
6b0ccd8e1dc08616e91dcaed9e48651a991b250ac14e958e67f5ba2cdebaaabfa6e730349d43828aadd64e68c59d9d89cd44f9cac8bb41e25d4a7c3a9c74c29a

Download Submit
\Windows\system\cytyDEm.exe

Filesize
6.0MB

MD5
8912585375a7444d170c9cf225ae46e4

SHA1
2a3362baa2e765ec43dec1ccb67556392fb97268

SHA256
47d34df941c91b29f4ca3e533e6d1da90f1da404c5da4233345e0eb58744b005

SHA512
430fe97679b4d1c190da09bc4274d2eccf735f8b510bbd38311b50472d72dd6e623614b0e1726e390cbb1f0ebc26a3fed74da0d0aacb9fea050b76935e8dfa0f

Download Submit
\Windows\system\hHcIUQA.exe

Filesize
6.0MB

MD5
4cdf46e18d752a7d383a397ef45f829c

SHA1
d2d1143b4c89ec91144c5a5e5996e39f05a21b38

SHA256
c894abf1d70950efac7e05afde2fa96ec34f401eb2ffb8af4fe415ce096a54e1

SHA512
4321f0d714d2835005021352600a64dbcacccc889bab04a002c231a95f60abde748474d5a79ffcd149bf25f7afbc6ec007c75699b15d1de0ad795017d9bc05b1

Download Submit
\Windows\system\rMTdAuK.exe

Filesize
6.0MB

MD5
adb9965294c6f9a8dded16d7073fb106

SHA1
310aa978025661070d2fc001191ac282063713f8

SHA256
fa0d6e0c8fe96ab78d88b87a0fe970d43475a877804bc06bbe3b1a57b2f440d3

SHA512
a5d652470aeb038e748886f6b3d0cc3e7249b519f115eec4855caae78ff4968edf84bb2f6e2f8be3d13f74d359432f920406bf011df4d6b112f36f040921a525

Download Submit
\Windows\system\sBasIoM.exe

Filesize
6.0MB

MD5
7050ed58c64814c82f950f206cc23add

SHA1
caa9d1065516407d26d4dcb785f2a82de91fb036

SHA256
b05b2b901897c4cb5d9914a0f7d6b1025323eb2a60fb7d0164e1b2ee5a803260

SHA512
28322f9aad58a4a38160e2dac6722f28c6982bbaf0804538309274d7db4a4ca2cd9b415af69c7e402218dea7c59827bcdcc15288224bb502c4d7858d4a500ef2

Download Submit
\Windows\system\tHDCybH.exe

Filesize
6.0MB

MD5
e73d5c7cc2ef7c89df7243b6fdcad7e9

SHA1
0caf20f063377ecd7125ff3c7a860b3397efc6ff

SHA256
8dbe5f851ecb6a4402cba0443428ede58696ef0ee745ce96d0359d5fbe7df707

SHA512
48f6f375e3912b6f178e7da0df54261eceeda4943f6c501263b623ab1b695fa2d46747f232e2dae5037c1c846e2052d4db8d776a3fbe342b5b8f6a6b14a55ce8

Download Submit
\Windows\system\ulOaXYi.exe

Filesize
6.0MB

MD5
0c8b2642995d4e59ba6d643cabf5706e

SHA1
2eb54237cda78109ba01c6e01d8ba221cbb9efba

SHA256
8db932071613070449277cab5150929acadc2f5592f1d5f518e01133f1c2843c

SHA512
fceaca5b891e0f9a1154015be4d408ceef692fd66809b337fc075f88010f718df9ee3c78830c6ead8ac148fdaf30b8e2e48da44d76484da2123ce5ee078a81cf

Download Submit
memory/488-4027-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/488-166-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1284-138-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1284-4021-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-4020-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1476-27-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1692-4025-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1692-64-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1892-4022-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1892-49-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1308-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1928-150-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1928-129-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1928-111-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1385-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1387-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1386-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1928-165-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1928-123-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1309-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1928-90-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-74-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1153-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1928-0-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1928-67-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1151-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1928-142-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/1928-60-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1928-133-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-10-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1928-178-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1152-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1928-41-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2060-172-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2060-4030-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2264-4024-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2264-164-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2408-4018-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2408-128-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2464-4019-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-29-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4026-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2644-94-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2836-71-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4023-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4028-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-124-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-4029-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/3028-177-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download