cobaltstrike | 6ecc8168b8b14aef014f4a3af43dc212c7f610543f62ab42f600c8592f08907e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

375eb4030729c4dd5e5b42e32af1b443
SHA1

d60171c27702bbb6aaef7ba961daec96bb0d9cfe
SHA256

6ecc8168b8b14aef014f4a3af43dc212c7f610543f62ab42f600c8592f08907e
SHA512

87aca1c22bd71e4cb6f2e1544c5eb0a7408b13bfa9c3666ccf0f01bd44c71f05306a8524d6a1134e53054cf3a76cde13f2187d98151f6b6f22b06c63b6f77fb1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001924c-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001926b-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019271-23.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a354-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-61.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193c4-51.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967d-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019389-48.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019382-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019277-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000012117-12.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x000700000001924c-6.dat	xmrig
behavioral1/files/0x000700000001926b-17.dat	xmrig
behavioral1/memory/2204-22-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2904-20-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/memory/2528-16-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0007000000019271-23.dat	xmrig
behavioral1/memory/2420-29-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2468-35-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a354-191.dat	xmrig
behavioral1/files/0x0005000000019639-166.dat	xmrig
behavioral1/memory/2420-258-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2904-1055-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/memory/3064-590-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2468-349-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c63-190.dat	xmrig
behavioral1/files/0x000500000001a311-186.dat	xmrig
behavioral1/files/0x0005000000019c48-180.dat	xmrig
behavioral1/files/0x000500000001998a-178.dat	xmrig
behavioral1/files/0x000500000001a08b-174.dat	xmrig
behavioral1/files/0x0005000000019fc9-162.dat	xmrig
behavioral1/files/0x0005000000019623-152.dat	xmrig
behavioral1/files/0x0005000000019620-151.dat	xmrig
behavioral1/files/0x0005000000019dc1-149.dat	xmrig
behavioral1/files/0x0005000000019d54-137.dat	xmrig
behavioral1/files/0x00050000000196f6-115.dat	xmrig
behavioral1/memory/2644-114-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2732-105-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x00050000000196be-92.dat	xmrig
behavioral1/files/0x0005000000019627-77.dat	xmrig
behavioral1/files/0x000500000001961f-61.dat	xmrig
behavioral1/memory/2888-54-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x00080000000193c4-51.dat	xmrig
behavioral1/files/0x000500000001a0b3-183.dat	xmrig
behavioral1/files/0x000500000001a078-170.dat	xmrig
behavioral1/files/0x0005000000019faf-157.dat	xmrig
behavioral1/files/0x0005000000019db5-144.dat	xmrig
behavioral1/memory/2904-41-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/3064-40-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2204-134-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2628-132-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d2d-131.dat	xmrig
behavioral1/files/0x0005000000019c4a-129.dat	xmrig
behavioral1/files/0x0005000000019c43-118.dat	xmrig
behavioral1/files/0x000500000001967d-100.dat	xmrig
behavioral1/files/0x0005000000019629-98.dat	xmrig
behavioral1/files/0x0005000000019625-76.dat	xmrig
behavioral1/files/0x0005000000019621-75.dat	xmrig
behavioral1/memory/2904-50-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019389-48.dat	xmrig
behavioral1/files/0x0006000000019382-38.dat	xmrig
behavioral1/files/0x0006000000019277-33.dat	xmrig
behavioral1/memory/1692-14-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-12.dat	xmrig
behavioral1/memory/2528-3583-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1692-3579-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/3064-3624-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2628-3633-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2644-3664-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2732-3662-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2888-3661-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2204-3689-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2468-3678-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2420-3711-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1692	RezjTab.exe
2528	OTDDwsO.exe
2204	xakYPKB.exe
2420	cwTTvHW.exe
2468	zqMADVc.exe
3064	nRQwvct.exe
2888	PGvKiqa.exe
2732	YbKhHft.exe
2628	ounelxB.exe
2644	MNKIWbW.exe
1796	dlWUqsc.exe
1036	Enarbhg.exe
844	tTlODOL.exe
2792	IZkbtgi.exe
2848	TcvUeZt.exe
1380	XiDrpuV.exe
808	LMOvtEz.exe
2608	ILgDcER.exe
2724	ckqGUwK.exe
1568	IUyIYiH.exe
2152	OGWGiFb.exe
2620	LerOAxM.exe
264	IsaxoHx.exe
444	FytylKX.exe
2004	FgTjVDN.exe
1652	Nkxgkxq.exe
2504	dAYhqqM.exe
1240	RxvbwQC.exe
2960	jqFpJAk.exe
2932	SwFTqoA.exe
1708	bIRxWev.exe
1348	TiqZTfx.exe
2236	aAkMQhZ.exe
2348	bFNoEGF.exe
1144	ibMmBuY.exe
1088	PuWSiFt.exe
1040	vQofEHv.exe
2664	wTtpmWv.exe
1680	IAxvnzp.exe
2560	wxobSnU.exe
2072	DpIpoAc.exe
1792	YEJevZT.exe
812	KxeyGQr.exe
1776	QwplqAV.exe
2308	VkpBCph.exe
2460	JBJQRnq.exe
2572	QCAzKju.exe
1508	qekInYL.exe
772	QWPqaSb.exe
908	GlzDuuC.exe
1588	aBSSZTI.exe
1732	FsUrcCB.exe
1556	NMiwhQt.exe
1684	AvlGgZm.exe
2404	nrwnLUN.exe
1700	zSgAucJ.exe
2080	CRLBwHW.exe
2788	grrOCnI.exe
2880	uMieuuR.exe
2600	sMXHQYp.exe
2624	uMXUWjP.exe
1484	PfUSpwt.exe
544	OtZzsak.exe
856	zIeGfjJ.exe

Loads dropped DLL 64 IoCs

pid	Process
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x000700000001924c-6.dat	upx
behavioral1/files/0x000700000001926b-17.dat	upx
behavioral1/memory/2204-22-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2528-16-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0007000000019271-23.dat	upx
behavioral1/memory/2420-29-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2468-35-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x000500000001a354-191.dat	upx
behavioral1/files/0x0005000000019639-166.dat	upx
behavioral1/memory/2420-258-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/3064-590-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2468-349-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0005000000019c63-190.dat	upx
behavioral1/files/0x000500000001a311-186.dat	upx
behavioral1/files/0x0005000000019c48-180.dat	upx
behavioral1/files/0x000500000001998a-178.dat	upx
behavioral1/files/0x000500000001a08b-174.dat	upx
behavioral1/files/0x0005000000019fc9-162.dat	upx
behavioral1/files/0x0005000000019623-152.dat	upx
behavioral1/files/0x0005000000019620-151.dat	upx
behavioral1/files/0x0005000000019dc1-149.dat	upx
behavioral1/files/0x0005000000019d54-137.dat	upx
behavioral1/files/0x00050000000196f6-115.dat	upx
behavioral1/memory/2644-114-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2732-105-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00050000000196be-92.dat	upx
behavioral1/files/0x0005000000019627-77.dat	upx
behavioral1/files/0x000500000001961f-61.dat	upx
behavioral1/memory/2888-54-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x00080000000193c4-51.dat	upx
behavioral1/files/0x000500000001a0b3-183.dat	upx
behavioral1/files/0x000500000001a078-170.dat	upx
behavioral1/files/0x0005000000019faf-157.dat	upx
behavioral1/files/0x0005000000019db5-144.dat	upx
behavioral1/memory/2904-41-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/3064-40-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2204-134-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2628-132-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0005000000019d2d-131.dat	upx
behavioral1/files/0x0005000000019c4a-129.dat	upx
behavioral1/files/0x0005000000019c43-118.dat	upx
behavioral1/files/0x000500000001967d-100.dat	upx
behavioral1/files/0x0005000000019629-98.dat	upx
behavioral1/files/0x0005000000019625-76.dat	upx
behavioral1/files/0x0005000000019621-75.dat	upx
behavioral1/files/0x0006000000019389-48.dat	upx
behavioral1/files/0x0006000000019382-38.dat	upx
behavioral1/files/0x0006000000019277-33.dat	upx
behavioral1/memory/1692-14-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0007000000012117-12.dat	upx
behavioral1/memory/2528-3583-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1692-3579-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/3064-3624-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2628-3633-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2644-3664-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2732-3662-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2888-3661-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2204-3689-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2468-3678-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2420-3711-0x000000013F840000-0x000000013FB94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VJuIEeA.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSDLozd.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\havEwQL.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFKIKra.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpTPZdJ.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkyFtJX.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csAbRDK.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYCfTKx.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhsBMZi.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EedVEdm.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBLrCDn.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IaJhfDf.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulYsfWK.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkpwqVj.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDhJvPX.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RklnMde.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TowxvzP.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPUAGGE.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgnRMOf.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcYqpjy.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNmHsHs.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWMWIRO.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZwakVL.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYEUHRO.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDdYwzR.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrFNSfF.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgoeZXs.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkqrwzh.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFKaKJu.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrOmtVK.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAZCeTp.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQOVcTa.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEMUQYp.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDEBuYF.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jgpkmll.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaJHVgH.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urNdNpG.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJjVuJY.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLBLZMX.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eblTyEW.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDxrEFR.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjGphBQ.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KftrCQz.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcTrHho.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLdQKpT.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzvNrVR.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOUzsbF.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDetwUH.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySrXDRT.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFtiYtI.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJxnlLf.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgMDpKP.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpWtMvH.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhYjNcd.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdUxkOL.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNJHLeR.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwfLNwF.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQTBlQT.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnrflsg.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnFVarL.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMOqevX.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOJUUIP.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvlGgZm.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVzwXCB.exe	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2528	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 2528	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 2528	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 1692	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 1692	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 1692	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 2204	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2204	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2204	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2420	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 2420	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 2420	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 2468	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 2468	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 2468	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 3064	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 3064	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 3064	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 2888	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2888	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2888	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2608	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2608	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2608	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2732	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2732	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2732	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2724	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2724	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2724	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2628	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 2628	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 2628	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 1568	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 1568	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 1568	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 2644	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2644	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2644	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2620	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 2620	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 2620	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 1796	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 1796	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 1796	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 264	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 264	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 264	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 1036	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 1036	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 1036	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 2004	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 2004	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 2004	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 844	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 844	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 844	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 1652	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2904 wrote to memory of 1652	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2904 wrote to memory of 1652	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2904 wrote to memory of 2792	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2904 wrote to memory of 2792	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2904 wrote to memory of 2792	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2904 wrote to memory of 2504	2904	2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_375eb4030729c4dd5e5b42e32af1b443_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\System\OTDDwsO.exe
  C:\Windows\System\OTDDwsO.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\RezjTab.exe
  C:\Windows\System\RezjTab.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\xakYPKB.exe
  C:\Windows\System\xakYPKB.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\cwTTvHW.exe
  C:\Windows\System\cwTTvHW.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\zqMADVc.exe
  C:\Windows\System\zqMADVc.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\nRQwvct.exe
  C:\Windows\System\nRQwvct.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\PGvKiqa.exe
  C:\Windows\System\PGvKiqa.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ILgDcER.exe
  C:\Windows\System\ILgDcER.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\YbKhHft.exe
  C:\Windows\System\YbKhHft.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ckqGUwK.exe
  C:\Windows\System\ckqGUwK.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ounelxB.exe
  C:\Windows\System\ounelxB.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\IUyIYiH.exe
  C:\Windows\System\IUyIYiH.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\MNKIWbW.exe
  C:\Windows\System\MNKIWbW.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\LerOAxM.exe
  C:\Windows\System\LerOAxM.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\dlWUqsc.exe
  C:\Windows\System\dlWUqsc.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\IsaxoHx.exe
  C:\Windows\System\IsaxoHx.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\Enarbhg.exe
  C:\Windows\System\Enarbhg.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\FgTjVDN.exe
  C:\Windows\System\FgTjVDN.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\tTlODOL.exe
  C:\Windows\System\tTlODOL.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\Nkxgkxq.exe
  C:\Windows\System\Nkxgkxq.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\IZkbtgi.exe
  C:\Windows\System\IZkbtgi.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\dAYhqqM.exe
  C:\Windows\System\dAYhqqM.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\TcvUeZt.exe
  C:\Windows\System\TcvUeZt.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\jqFpJAk.exe
  C:\Windows\System\jqFpJAk.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\XiDrpuV.exe
  C:\Windows\System\XiDrpuV.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\bIRxWev.exe
  C:\Windows\System\bIRxWev.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\LMOvtEz.exe
  C:\Windows\System\LMOvtEz.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\aAkMQhZ.exe
  C:\Windows\System\aAkMQhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\OGWGiFb.exe
  C:\Windows\System\OGWGiFb.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\bFNoEGF.exe
  C:\Windows\System\bFNoEGF.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\FytylKX.exe
  C:\Windows\System\FytylKX.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\ibMmBuY.exe
  C:\Windows\System\ibMmBuY.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\RxvbwQC.exe
  C:\Windows\System\RxvbwQC.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\vQofEHv.exe
  C:\Windows\System\vQofEHv.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\SwFTqoA.exe
  C:\Windows\System\SwFTqoA.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\IAxvnzp.exe
  C:\Windows\System\IAxvnzp.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\TiqZTfx.exe
  C:\Windows\System\TiqZTfx.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\QwplqAV.exe
  C:\Windows\System\QwplqAV.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\PuWSiFt.exe
  C:\Windows\System\PuWSiFt.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\VkpBCph.exe
  C:\Windows\System\VkpBCph.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\wTtpmWv.exe
  C:\Windows\System\wTtpmWv.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\JBJQRnq.exe
  C:\Windows\System\JBJQRnq.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\wxobSnU.exe
  C:\Windows\System\wxobSnU.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\QCAzKju.exe
  C:\Windows\System\QCAzKju.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\DpIpoAc.exe
  C:\Windows\System\DpIpoAc.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\qekInYL.exe
  C:\Windows\System\qekInYL.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\YEJevZT.exe
  C:\Windows\System\YEJevZT.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\QWPqaSb.exe
  C:\Windows\System\QWPqaSb.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\KxeyGQr.exe
  C:\Windows\System\KxeyGQr.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\GlzDuuC.exe
  C:\Windows\System\GlzDuuC.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\aBSSZTI.exe
  C:\Windows\System\aBSSZTI.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\FsUrcCB.exe
  C:\Windows\System\FsUrcCB.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\NMiwhQt.exe
  C:\Windows\System\NMiwhQt.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\AvlGgZm.exe
  C:\Windows\System\AvlGgZm.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\nrwnLUN.exe
  C:\Windows\System\nrwnLUN.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\zSgAucJ.exe
  C:\Windows\System\zSgAucJ.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\CRLBwHW.exe
  C:\Windows\System\CRLBwHW.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\grrOCnI.exe
  C:\Windows\System\grrOCnI.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\uMieuuR.exe
  C:\Windows\System\uMieuuR.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\uMXUWjP.exe
  C:\Windows\System\uMXUWjP.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\sMXHQYp.exe
  C:\Windows\System\sMXHQYp.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\PfUSpwt.exe
  C:\Windows\System\PfUSpwt.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\OtZzsak.exe
  C:\Windows\System\OtZzsak.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\eNmHsHs.exe
  C:\Windows\System\eNmHsHs.exe
  2⤵
  PID:1336
- C:\Windows\System\zIeGfjJ.exe
  C:\Windows\System\zIeGfjJ.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\hpDIhCq.exe
  C:\Windows\System\hpDIhCq.exe
  2⤵
  PID:1164
- C:\Windows\System\COBzIPu.exe
  C:\Windows\System\COBzIPu.exe
  2⤵
  PID:2028
- C:\Windows\System\HccBtLu.exe
  C:\Windows\System\HccBtLu.exe
  2⤵
  PID:2336
- C:\Windows\System\NxNuEqD.exe
  C:\Windows\System\NxNuEqD.exe
  2⤵
  PID:1604
- C:\Windows\System\LsPuFXn.exe
  C:\Windows\System\LsPuFXn.exe
  2⤵
  PID:2208
- C:\Windows\System\MRRAQXS.exe
  C:\Windows\System\MRRAQXS.exe
  2⤵
  PID:924
- C:\Windows\System\iXCgGCG.exe
  C:\Windows\System\iXCgGCG.exe
  2⤵
  PID:2364
- C:\Windows\System\gAzCVGY.exe
  C:\Windows\System\gAzCVGY.exe
  2⤵
  PID:564
- C:\Windows\System\uKniqWs.exe
  C:\Windows\System\uKniqWs.exe
  2⤵
  PID:2876
- C:\Windows\System\CSaYahO.exe
  C:\Windows\System\CSaYahO.exe
  2⤵
  PID:2776
- C:\Windows\System\WQTwLGx.exe
  C:\Windows\System\WQTwLGx.exe
  2⤵
  PID:2476
- C:\Windows\System\ZDUwKek.exe
  C:\Windows\System\ZDUwKek.exe
  2⤵
  PID:1752
- C:\Windows\System\wFDRXXB.exe
  C:\Windows\System\wFDRXXB.exe
  2⤵
  PID:2952
- C:\Windows\System\GOMhUby.exe
  C:\Windows\System\GOMhUby.exe
  2⤵
  PID:2000
- C:\Windows\System\cxQyojI.exe
  C:\Windows\System\cxQyojI.exe
  2⤵
  PID:3012
- C:\Windows\System\tyjnWMC.exe
  C:\Windows\System\tyjnWMC.exe
  2⤵
  PID:1304
- C:\Windows\System\prbqgRc.exe
  C:\Windows\System\prbqgRc.exe
  2⤵
  PID:336
- C:\Windows\System\QtASWIG.exe
  C:\Windows\System\QtASWIG.exe
  2⤵
  PID:1756
- C:\Windows\System\VjDkNkP.exe
  C:\Windows\System\VjDkNkP.exe
  2⤵
  PID:1672
- C:\Windows\System\FQXDlrX.exe
  C:\Windows\System\FQXDlrX.exe
  2⤵
  PID:1748
- C:\Windows\System\YRZkUlZ.exe
  C:\Windows\System\YRZkUlZ.exe
  2⤵
  PID:1584
- C:\Windows\System\ERROYDJ.exe
  C:\Windows\System\ERROYDJ.exe
  2⤵
  PID:1520
- C:\Windows\System\KyypLiA.exe
  C:\Windows\System\KyypLiA.exe
  2⤵
  PID:716
- C:\Windows\System\zrrpcqE.exe
  C:\Windows\System\zrrpcqE.exe
  2⤵
  PID:1048
- C:\Windows\System\voywBJC.exe
  C:\Windows\System\voywBJC.exe
  2⤵
  PID:272
- C:\Windows\System\ZlOkXUx.exe
  C:\Windows\System\ZlOkXUx.exe
  2⤵
  PID:1696
- C:\Windows\System\FSpFfCX.exe
  C:\Windows\System\FSpFfCX.exe
  2⤵
  PID:2388
- C:\Windows\System\egHEzXk.exe
  C:\Windows\System\egHEzXk.exe
  2⤵
  PID:2900
- C:\Windows\System\JfFlIlG.exe
  C:\Windows\System\JfFlIlG.exe
  2⤵
  PID:2160
- C:\Windows\System\JhODypM.exe
  C:\Windows\System\JhODypM.exe
  2⤵
  PID:2140
- C:\Windows\System\FsQRlEJ.exe
  C:\Windows\System\FsQRlEJ.exe
  2⤵
  PID:2944
- C:\Windows\System\rQCNJZV.exe
  C:\Windows\System\rQCNJZV.exe
  2⤵
  PID:2428
- C:\Windows\System\JZxrmSo.exe
  C:\Windows\System\JZxrmSo.exe
  2⤵
  PID:3024
- C:\Windows\System\FHbxFJm.exe
  C:\Windows\System\FHbxFJm.exe
  2⤵
  PID:1268
- C:\Windows\System\rJynDyG.exe
  C:\Windows\System\rJynDyG.exe
  2⤵
  PID:784
- C:\Windows\System\paJYVSS.exe
  C:\Windows\System\paJYVSS.exe
  2⤵
  PID:2808
- C:\Windows\System\BpLyKZz.exe
  C:\Windows\System\BpLyKZz.exe
  2⤵
  PID:2680
- C:\Windows\System\uIRoPbf.exe
  C:\Windows\System\uIRoPbf.exe
  2⤵
  PID:2480
- C:\Windows\System\ZenWXAn.exe
  C:\Windows\System\ZenWXAn.exe
  2⤵
  PID:2032
- C:\Windows\System\DgLHkpo.exe
  C:\Windows\System\DgLHkpo.exe
  2⤵
  PID:404
- C:\Windows\System\MMVhvDr.exe
  C:\Windows\System\MMVhvDr.exe
  2⤵
  PID:3080
- C:\Windows\System\OxaFYFN.exe
  C:\Windows\System\OxaFYFN.exe
  2⤵
  PID:3100
- C:\Windows\System\dmvfRXS.exe
  C:\Windows\System\dmvfRXS.exe
  2⤵
  PID:3116
- C:\Windows\System\mNKsQea.exe
  C:\Windows\System\mNKsQea.exe
  2⤵
  PID:3132
- C:\Windows\System\uBtzCKH.exe
  C:\Windows\System\uBtzCKH.exe
  2⤵
  PID:3148
- C:\Windows\System\lrvaiCF.exe
  C:\Windows\System\lrvaiCF.exe
  2⤵
  PID:3164
- C:\Windows\System\VoLlWDh.exe
  C:\Windows\System\VoLlWDh.exe
  2⤵
  PID:3180
- C:\Windows\System\EivQDmx.exe
  C:\Windows\System\EivQDmx.exe
  2⤵
  PID:3196
- C:\Windows\System\kbsNgEr.exe
  C:\Windows\System\kbsNgEr.exe
  2⤵
  PID:3212
- C:\Windows\System\PeepYNg.exe
  C:\Windows\System\PeepYNg.exe
  2⤵
  PID:3228
- C:\Windows\System\mdOyeLq.exe
  C:\Windows\System\mdOyeLq.exe
  2⤵
  PID:3244
- C:\Windows\System\tHUQuRt.exe
  C:\Windows\System\tHUQuRt.exe
  2⤵
  PID:3260
- C:\Windows\System\lmObIOQ.exe
  C:\Windows\System\lmObIOQ.exe
  2⤵
  PID:3276
- C:\Windows\System\PgoeZXs.exe
  C:\Windows\System\PgoeZXs.exe
  2⤵
  PID:3292
- C:\Windows\System\nhaznZC.exe
  C:\Windows\System\nhaznZC.exe
  2⤵
  PID:3308
- C:\Windows\System\lFxIHYv.exe
  C:\Windows\System\lFxIHYv.exe
  2⤵
  PID:3324
- C:\Windows\System\wrWLOnO.exe
  C:\Windows\System\wrWLOnO.exe
  2⤵
  PID:3340
- C:\Windows\System\giMohkO.exe
  C:\Windows\System\giMohkO.exe
  2⤵
  PID:3356
- C:\Windows\System\ImphdRT.exe
  C:\Windows\System\ImphdRT.exe
  2⤵
  PID:3372
- C:\Windows\System\eZsEIyI.exe
  C:\Windows\System\eZsEIyI.exe
  2⤵
  PID:3388
- C:\Windows\System\UMJqNwM.exe
  C:\Windows\System\UMJqNwM.exe
  2⤵
  PID:3404
- C:\Windows\System\HOBOsvS.exe
  C:\Windows\System\HOBOsvS.exe
  2⤵
  PID:3420
- C:\Windows\System\CeoIYCR.exe
  C:\Windows\System\CeoIYCR.exe
  2⤵
  PID:3436
- C:\Windows\System\OgvuKfs.exe
  C:\Windows\System\OgvuKfs.exe
  2⤵
  PID:3452
- C:\Windows\System\JpJXmUc.exe
  C:\Windows\System\JpJXmUc.exe
  2⤵
  PID:3468
- C:\Windows\System\jDEBuYF.exe
  C:\Windows\System\jDEBuYF.exe
  2⤵
  PID:3484
- C:\Windows\System\PDdUvVX.exe
  C:\Windows\System\PDdUvVX.exe
  2⤵
  PID:3500
- C:\Windows\System\rlbWjrs.exe
  C:\Windows\System\rlbWjrs.exe
  2⤵
  PID:3516
- C:\Windows\System\pnhdSbG.exe
  C:\Windows\System\pnhdSbG.exe
  2⤵
  PID:3532
- C:\Windows\System\evqmQBC.exe
  C:\Windows\System\evqmQBC.exe
  2⤵
  PID:3548
- C:\Windows\System\VkRXFYJ.exe
  C:\Windows\System\VkRXFYJ.exe
  2⤵
  PID:3564
- C:\Windows\System\JJakHBX.exe
  C:\Windows\System\JJakHBX.exe
  2⤵
  PID:3580
- C:\Windows\System\ZGpchIx.exe
  C:\Windows\System\ZGpchIx.exe
  2⤵
  PID:3596
- C:\Windows\System\XvbQNBt.exe
  C:\Windows\System\XvbQNBt.exe
  2⤵
  PID:3612
- C:\Windows\System\evXEdHo.exe
  C:\Windows\System\evXEdHo.exe
  2⤵
  PID:3628
- C:\Windows\System\lqSVMAY.exe
  C:\Windows\System\lqSVMAY.exe
  2⤵
  PID:3644
- C:\Windows\System\njKROVf.exe
  C:\Windows\System\njKROVf.exe
  2⤵
  PID:3660
- C:\Windows\System\pHNbWbB.exe
  C:\Windows\System\pHNbWbB.exe
  2⤵
  PID:3676
- C:\Windows\System\pjSeROd.exe
  C:\Windows\System\pjSeROd.exe
  2⤵
  PID:3692
- C:\Windows\System\XUPfBgU.exe
  C:\Windows\System\XUPfBgU.exe
  2⤵
  PID:3708
- C:\Windows\System\lgYQdSu.exe
  C:\Windows\System\lgYQdSu.exe
  2⤵
  PID:3724
- C:\Windows\System\jpLcHuL.exe
  C:\Windows\System\jpLcHuL.exe
  2⤵
  PID:3740
- C:\Windows\System\ziUhQgp.exe
  C:\Windows\System\ziUhQgp.exe
  2⤵
  PID:3756
- C:\Windows\System\xzLQIJX.exe
  C:\Windows\System\xzLQIJX.exe
  2⤵
  PID:3772
- C:\Windows\System\lehrNhC.exe
  C:\Windows\System\lehrNhC.exe
  2⤵
  PID:3788
- C:\Windows\System\GuZhZDF.exe
  C:\Windows\System\GuZhZDF.exe
  2⤵
  PID:3804
- C:\Windows\System\kPMnLPn.exe
  C:\Windows\System\kPMnLPn.exe
  2⤵
  PID:3820
- C:\Windows\System\tLfUrvT.exe
  C:\Windows\System\tLfUrvT.exe
  2⤵
  PID:3836
- C:\Windows\System\SRESSOv.exe
  C:\Windows\System\SRESSOv.exe
  2⤵
  PID:3852
- C:\Windows\System\nnGHMby.exe
  C:\Windows\System\nnGHMby.exe
  2⤵
  PID:3868
- C:\Windows\System\uoApWcy.exe
  C:\Windows\System\uoApWcy.exe
  2⤵
  PID:3884
- C:\Windows\System\zzZESAM.exe
  C:\Windows\System\zzZESAM.exe
  2⤵
  PID:3900
- C:\Windows\System\oYHJYxk.exe
  C:\Windows\System\oYHJYxk.exe
  2⤵
  PID:3916
- C:\Windows\System\boCxkJu.exe
  C:\Windows\System\boCxkJu.exe
  2⤵
  PID:3932
- C:\Windows\System\NyhXiYW.exe
  C:\Windows\System\NyhXiYW.exe
  2⤵
  PID:3948
- C:\Windows\System\HGqfGkQ.exe
  C:\Windows\System\HGqfGkQ.exe
  2⤵
  PID:3964
- C:\Windows\System\LQTBlQT.exe
  C:\Windows\System\LQTBlQT.exe
  2⤵
  PID:3980
- C:\Windows\System\cLKmXhz.exe
  C:\Windows\System\cLKmXhz.exe
  2⤵
  PID:3996
- C:\Windows\System\AmhsTLz.exe
  C:\Windows\System\AmhsTLz.exe
  2⤵
  PID:4016
- C:\Windows\System\ybhRMkf.exe
  C:\Windows\System\ybhRMkf.exe
  2⤵
  PID:4032
- C:\Windows\System\zFkndzu.exe
  C:\Windows\System\zFkndzu.exe
  2⤵
  PID:4048
- C:\Windows\System\XqUqEeK.exe
  C:\Windows\System\XqUqEeK.exe
  2⤵
  PID:4064
- C:\Windows\System\JeqYAhE.exe
  C:\Windows\System\JeqYAhE.exe
  2⤵
  PID:4080
- C:\Windows\System\nhIxRim.exe
  C:\Windows\System\nhIxRim.exe
  2⤵
  PID:2984
- C:\Windows\System\yVhFfvP.exe
  C:\Windows\System\yVhFfvP.exe
  2⤵
  PID:2148
- C:\Windows\System\PCNqIWQ.exe
  C:\Windows\System\PCNqIWQ.exe
  2⤵
  PID:2184
- C:\Windows\System\slkiLUn.exe
  C:\Windows\System\slkiLUn.exe
  2⤵
  PID:1360
- C:\Windows\System\AuocEYA.exe
  C:\Windows\System\AuocEYA.exe
  2⤵
  PID:1932
- C:\Windows\System\EvtnFJP.exe
  C:\Windows\System\EvtnFJP.exe
  2⤵
  PID:2408
- C:\Windows\System\tJjVuJY.exe
  C:\Windows\System\tJjVuJY.exe
  2⤵
  PID:2756
- C:\Windows\System\hjsytvl.exe
  C:\Windows\System\hjsytvl.exe
  2⤵
  PID:2212
- C:\Windows\System\DxPiMEL.exe
  C:\Windows\System\DxPiMEL.exe
  2⤵
  PID:2812
- C:\Windows\System\yWMWIRO.exe
  C:\Windows\System\yWMWIRO.exe
  2⤵
  PID:928
- C:\Windows\System\AxlODGT.exe
  C:\Windows\System\AxlODGT.exe
  2⤵
  PID:2708
- C:\Windows\System\YeKAkZF.exe
  C:\Windows\System\YeKAkZF.exe
  2⤵
  PID:1976
- C:\Windows\System\BnWXhxo.exe
  C:\Windows\System\BnWXhxo.exe
  2⤵
  PID:3112
- C:\Windows\System\igdMntN.exe
  C:\Windows\System\igdMntN.exe
  2⤵
  PID:3176
- C:\Windows\System\phpJSfC.exe
  C:\Windows\System\phpJSfC.exe
  2⤵
  PID:3092
- C:\Windows\System\XFIkCiH.exe
  C:\Windows\System\XFIkCiH.exe
  2⤵
  PID:3224
- C:\Windows\System\hMxadRl.exe
  C:\Windows\System\hMxadRl.exe
  2⤵
  PID:3300
- C:\Windows\System\HpfRgKD.exe
  C:\Windows\System\HpfRgKD.exe
  2⤵
  PID:3288
- C:\Windows\System\OcvxTNt.exe
  C:\Windows\System\OcvxTNt.exe
  2⤵
  PID:3256
- C:\Windows\System\jIGCIkw.exe
  C:\Windows\System\jIGCIkw.exe
  2⤵
  PID:3400
- C:\Windows\System\VuabVil.exe
  C:\Windows\System\VuabVil.exe
  2⤵
  PID:3320
- C:\Windows\System\iFJXRYQ.exe
  C:\Windows\System\iFJXRYQ.exe
  2⤵
  PID:3444
- C:\Windows\System\GakWzyM.exe
  C:\Windows\System\GakWzyM.exe
  2⤵
  PID:3496
- C:\Windows\System\RQzCycw.exe
  C:\Windows\System\RQzCycw.exe
  2⤵
  PID:3476
- C:\Windows\System\WEbShAP.exe
  C:\Windows\System\WEbShAP.exe
  2⤵
  PID:3528
- C:\Windows\System\YqfcMSV.exe
  C:\Windows\System\YqfcMSV.exe
  2⤵
  PID:3592
- C:\Windows\System\gyDwqwU.exe
  C:\Windows\System\gyDwqwU.exe
  2⤵
  PID:3624
- C:\Windows\System\klUiNAR.exe
  C:\Windows\System\klUiNAR.exe
  2⤵
  PID:3576
- C:\Windows\System\QXJQLKk.exe
  C:\Windows\System\QXJQLKk.exe
  2⤵
  PID:3636
- C:\Windows\System\EpBsjYR.exe
  C:\Windows\System\EpBsjYR.exe
  2⤵
  PID:3672
- C:\Windows\System\ekKcJQj.exe
  C:\Windows\System\ekKcJQj.exe
  2⤵
  PID:3704
- C:\Windows\System\qOcdmer.exe
  C:\Windows\System\qOcdmer.exe
  2⤵
  PID:3752
- C:\Windows\System\kKpusSf.exe
  C:\Windows\System\kKpusSf.exe
  2⤵
  PID:3812
- C:\Windows\System\rTEoGwp.exe
  C:\Windows\System\rTEoGwp.exe
  2⤵
  PID:3800
- C:\Windows\System\EYAidIg.exe
  C:\Windows\System\EYAidIg.exe
  2⤵
  PID:3832
- C:\Windows\System\ESlLjdD.exe
  C:\Windows\System\ESlLjdD.exe
  2⤵
  PID:3908
- C:\Windows\System\NuRxYpz.exe
  C:\Windows\System\NuRxYpz.exe
  2⤵
  PID:3896
- C:\Windows\System\gAzwtBC.exe
  C:\Windows\System\gAzwtBC.exe
  2⤵
  PID:3944
- C:\Windows\System\hXMdrEg.exe
  C:\Windows\System\hXMdrEg.exe
  2⤵
  PID:3976
- C:\Windows\System\ZnVIRfR.exe
  C:\Windows\System\ZnVIRfR.exe
  2⤵
  PID:3992
- C:\Windows\System\bROfrmT.exe
  C:\Windows\System\bROfrmT.exe
  2⤵
  PID:4044
- C:\Windows\System\YRhnAXr.exe
  C:\Windows\System\YRhnAXr.exe
  2⤵
  PID:1592
- C:\Windows\System\KqQotPP.exe
  C:\Windows\System\KqQotPP.exe
  2⤵
  PID:2540
- C:\Windows\System\qgQFAhI.exe
  C:\Windows\System\qgQFAhI.exe
  2⤵
  PID:1860
- C:\Windows\System\NEzgHPp.exe
  C:\Windows\System\NEzgHPp.exe
  2⤵
  PID:2316
- C:\Windows\System\sdEqmKt.exe
  C:\Windows\System\sdEqmKt.exe
  2⤵
  PID:652
- C:\Windows\System\GlgYDXy.exe
  C:\Windows\System\GlgYDXy.exe
  2⤵
  PID:2884
- C:\Windows\System\OWijkjB.exe
  C:\Windows\System\OWijkjB.exe
  2⤵
  PID:3088
- C:\Windows\System\UJJXJxI.exe
  C:\Windows\System\UJJXJxI.exe
  2⤵
  PID:3144
- C:\Windows\System\FnvNkef.exe
  C:\Windows\System\FnvNkef.exe
  2⤵
  PID:3128
- C:\Windows\System\ZefBmeN.exe
  C:\Windows\System\ZefBmeN.exe
  2⤵
  PID:3252
- C:\Windows\System\UhvKVDe.exe
  C:\Windows\System\UhvKVDe.exe
  2⤵
  PID:3368
- C:\Windows\System\nTDWSYW.exe
  C:\Windows\System\nTDWSYW.exe
  2⤵
  PID:3480
- C:\Windows\System\RNMCQKi.exe
  C:\Windows\System\RNMCQKi.exe
  2⤵
  PID:3620
- C:\Windows\System\HdkHVDI.exe
  C:\Windows\System\HdkHVDI.exe
  2⤵
  PID:3380
- C:\Windows\System\LQaCsoc.exe
  C:\Windows\System\LQaCsoc.exe
  2⤵
  PID:3588
- C:\Windows\System\UvWdezw.exe
  C:\Windows\System\UvWdezw.exe
  2⤵
  PID:3652
- C:\Windows\System\AvttuhK.exe
  C:\Windows\System\AvttuhK.exe
  2⤵
  PID:3764
- C:\Windows\System\LkpwqVj.exe
  C:\Windows\System\LkpwqVj.exe
  2⤵
  PID:4108
- C:\Windows\System\DiMUikF.exe
  C:\Windows\System\DiMUikF.exe
  2⤵
  PID:4124
- C:\Windows\System\fhGgFZi.exe
  C:\Windows\System\fhGgFZi.exe
  2⤵
  PID:4140
- C:\Windows\System\PtMEELe.exe
  C:\Windows\System\PtMEELe.exe
  2⤵
  PID:4156
- C:\Windows\System\SiEsENR.exe
  C:\Windows\System\SiEsENR.exe
  2⤵
  PID:4172
- C:\Windows\System\FbuFcer.exe
  C:\Windows\System\FbuFcer.exe
  2⤵
  PID:4188
- C:\Windows\System\IUACuvg.exe
  C:\Windows\System\IUACuvg.exe
  2⤵
  PID:4204
- C:\Windows\System\gyqOxlq.exe
  C:\Windows\System\gyqOxlq.exe
  2⤵
  PID:4220
- C:\Windows\System\ftgVpeC.exe
  C:\Windows\System\ftgVpeC.exe
  2⤵
  PID:4236
- C:\Windows\System\VrUCkPp.exe
  C:\Windows\System\VrUCkPp.exe
  2⤵
  PID:4252
- C:\Windows\System\KokPHFA.exe
  C:\Windows\System\KokPHFA.exe
  2⤵
  PID:4268
- C:\Windows\System\zEAaMxD.exe
  C:\Windows\System\zEAaMxD.exe
  2⤵
  PID:4284
- C:\Windows\System\CjmFhow.exe
  C:\Windows\System\CjmFhow.exe
  2⤵
  PID:4300
- C:\Windows\System\VzCxZaJ.exe
  C:\Windows\System\VzCxZaJ.exe
  2⤵
  PID:4316
- C:\Windows\System\rMtkMAi.exe
  C:\Windows\System\rMtkMAi.exe
  2⤵
  PID:4332
- C:\Windows\System\zOaZZRs.exe
  C:\Windows\System\zOaZZRs.exe
  2⤵
  PID:4348
- C:\Windows\System\ksmtdvM.exe
  C:\Windows\System\ksmtdvM.exe
  2⤵
  PID:4364
- C:\Windows\System\kppPNZA.exe
  C:\Windows\System\kppPNZA.exe
  2⤵
  PID:4380
- C:\Windows\System\ZhcXCQO.exe
  C:\Windows\System\ZhcXCQO.exe
  2⤵
  PID:4396
- C:\Windows\System\ahTFldU.exe
  C:\Windows\System\ahTFldU.exe
  2⤵
  PID:4412
- C:\Windows\System\QMSEHEa.exe
  C:\Windows\System\QMSEHEa.exe
  2⤵
  PID:4428
- C:\Windows\System\feDEadd.exe
  C:\Windows\System\feDEadd.exe
  2⤵
  PID:4444
- C:\Windows\System\gPFtvIn.exe
  C:\Windows\System\gPFtvIn.exe
  2⤵
  PID:4460
- C:\Windows\System\eYQSrEW.exe
  C:\Windows\System\eYQSrEW.exe
  2⤵
  PID:4476
- C:\Windows\System\cUunJFM.exe
  C:\Windows\System\cUunJFM.exe
  2⤵
  PID:4492
- C:\Windows\System\glqbCnm.exe
  C:\Windows\System\glqbCnm.exe
  2⤵
  PID:4508
- C:\Windows\System\TdAlMSl.exe
  C:\Windows\System\TdAlMSl.exe
  2⤵
  PID:4524
- C:\Windows\System\ycvnEKV.exe
  C:\Windows\System\ycvnEKV.exe
  2⤵
  PID:4540
- C:\Windows\System\GRJWqaG.exe
  C:\Windows\System\GRJWqaG.exe
  2⤵
  PID:4556
- C:\Windows\System\kTnzRtu.exe
  C:\Windows\System\kTnzRtu.exe
  2⤵
  PID:4572
- C:\Windows\System\QiiyTOk.exe
  C:\Windows\System\QiiyTOk.exe
  2⤵
  PID:4588
- C:\Windows\System\rYCfTKx.exe
  C:\Windows\System\rYCfTKx.exe
  2⤵
  PID:4604
- C:\Windows\System\sNqOsQB.exe
  C:\Windows\System\sNqOsQB.exe
  2⤵
  PID:4624
- C:\Windows\System\QnFVarL.exe
  C:\Windows\System\QnFVarL.exe
  2⤵
  PID:4640
- C:\Windows\System\QhowNtO.exe
  C:\Windows\System\QhowNtO.exe
  2⤵
  PID:4656
- C:\Windows\System\FJwjDNE.exe
  C:\Windows\System\FJwjDNE.exe
  2⤵
  PID:4672
- C:\Windows\System\PAciJlk.exe
  C:\Windows\System\PAciJlk.exe
  2⤵
  PID:4688
- C:\Windows\System\IFgFIaE.exe
  C:\Windows\System\IFgFIaE.exe
  2⤵
  PID:4704
- C:\Windows\System\wtGbJYA.exe
  C:\Windows\System\wtGbJYA.exe
  2⤵
  PID:4720
- C:\Windows\System\txfukAj.exe
  C:\Windows\System\txfukAj.exe
  2⤵
  PID:4736
- C:\Windows\System\hLZyYax.exe
  C:\Windows\System\hLZyYax.exe
  2⤵
  PID:4752
- C:\Windows\System\DfbvwwX.exe
  C:\Windows\System\DfbvwwX.exe
  2⤵
  PID:4768
- C:\Windows\System\luoypCI.exe
  C:\Windows\System\luoypCI.exe
  2⤵
  PID:4784
- C:\Windows\System\yVzwXCB.exe
  C:\Windows\System\yVzwXCB.exe
  2⤵
  PID:4800
- C:\Windows\System\nNDrkeQ.exe
  C:\Windows\System\nNDrkeQ.exe
  2⤵
  PID:4816
- C:\Windows\System\snhFWkc.exe
  C:\Windows\System\snhFWkc.exe
  2⤵
  PID:4832
- C:\Windows\System\YysLFYq.exe
  C:\Windows\System\YysLFYq.exe
  2⤵
  PID:4848
- C:\Windows\System\rPTpIyu.exe
  C:\Windows\System\rPTpIyu.exe
  2⤵
  PID:4864
- C:\Windows\System\EjIOhHW.exe
  C:\Windows\System\EjIOhHW.exe
  2⤵
  PID:4880
- C:\Windows\System\flimnLj.exe
  C:\Windows\System\flimnLj.exe
  2⤵
  PID:4896
- C:\Windows\System\JeIhlzu.exe
  C:\Windows\System\JeIhlzu.exe
  2⤵
  PID:4912
- C:\Windows\System\EoKdekT.exe
  C:\Windows\System\EoKdekT.exe
  2⤵
  PID:4928
- C:\Windows\System\AAugMdc.exe
  C:\Windows\System\AAugMdc.exe
  2⤵
  PID:4944
- C:\Windows\System\nlFdzil.exe
  C:\Windows\System\nlFdzil.exe
  2⤵
  PID:4960
- C:\Windows\System\pPFqrlk.exe
  C:\Windows\System\pPFqrlk.exe
  2⤵
  PID:4976
- C:\Windows\System\sbaPsSm.exe
  C:\Windows\System\sbaPsSm.exe
  2⤵
  PID:4992
- C:\Windows\System\fylclze.exe
  C:\Windows\System\fylclze.exe
  2⤵
  PID:5008
- C:\Windows\System\UaHLDUG.exe
  C:\Windows\System\UaHLDUG.exe
  2⤵
  PID:5024
- C:\Windows\System\XUVeEfz.exe
  C:\Windows\System\XUVeEfz.exe
  2⤵
  PID:5040
- C:\Windows\System\IgXjjQR.exe
  C:\Windows\System\IgXjjQR.exe
  2⤵
  PID:5056
- C:\Windows\System\AKlNSdD.exe
  C:\Windows\System\AKlNSdD.exe
  2⤵
  PID:5072
- C:\Windows\System\KQEsxPC.exe
  C:\Windows\System\KQEsxPC.exe
  2⤵
  PID:5088
- C:\Windows\System\HnsTKol.exe
  C:\Windows\System\HnsTKol.exe
  2⤵
  PID:5104
- C:\Windows\System\hcYrkJi.exe
  C:\Windows\System\hcYrkJi.exe
  2⤵
  PID:3848
- C:\Windows\System\diddSol.exe
  C:\Windows\System\diddSol.exe
  2⤵
  PID:3972
- C:\Windows\System\fEAlJmH.exe
  C:\Windows\System\fEAlJmH.exe
  2⤵
  PID:4008
- C:\Windows\System\jsnBAZU.exe
  C:\Windows\System\jsnBAZU.exe
  2⤵
  PID:4028
- C:\Windows\System\RbuJmXV.exe
  C:\Windows\System\RbuJmXV.exe
  2⤵
  PID:4076
- C:\Windows\System\iSoGUCp.exe
  C:\Windows\System\iSoGUCp.exe
  2⤵
  PID:1576
- C:\Windows\System\YAOMNqp.exe
  C:\Windows\System\YAOMNqp.exe
  2⤵
  PID:2352
- C:\Windows\System\TnKgzKv.exe
  C:\Windows\System\TnKgzKv.exe
  2⤵
  PID:3172
- C:\Windows\System\KhzNkST.exe
  C:\Windows\System\KhzNkST.exe
  2⤵
  PID:1152
- C:\Windows\System\YMfzsyK.exe
  C:\Windows\System\YMfzsyK.exe
  2⤵
  PID:3432
- C:\Windows\System\rMOqevX.exe
  C:\Windows\System\rMOqevX.exe
  2⤵
  PID:3684
- C:\Windows\System\MwDXnJL.exe
  C:\Windows\System\MwDXnJL.exe
  2⤵
  PID:3412
- C:\Windows\System\EAZCeTp.exe
  C:\Windows\System\EAZCeTp.exe
  2⤵
  PID:3560
- C:\Windows\System\NPDxTdM.exe
  C:\Windows\System\NPDxTdM.exe
  2⤵
  PID:4136
- C:\Windows\System\YocvXdv.exe
  C:\Windows\System\YocvXdv.exe
  2⤵
  PID:4120
- C:\Windows\System\ReGToNq.exe
  C:\Windows\System\ReGToNq.exe
  2⤵
  PID:4180
- C:\Windows\System\IHEKcYs.exe
  C:\Windows\System\IHEKcYs.exe
  2⤵
  PID:4184
- C:\Windows\System\skTyQiM.exe
  C:\Windows\System\skTyQiM.exe
  2⤵
  PID:4244
- C:\Windows\System\qgGeqyj.exe
  C:\Windows\System\qgGeqyj.exe
  2⤵
  PID:4248
- C:\Windows\System\JbnSUaW.exe
  C:\Windows\System\JbnSUaW.exe
  2⤵
  PID:4308
- C:\Windows\System\LZwakVL.exe
  C:\Windows\System\LZwakVL.exe
  2⤵
  PID:4340
- C:\Windows\System\YDNrsOW.exe
  C:\Windows\System\YDNrsOW.exe
  2⤵
  PID:4372
- C:\Windows\System\CsmBrEv.exe
  C:\Windows\System\CsmBrEv.exe
  2⤵
  PID:4420
- C:\Windows\System\DYKwogm.exe
  C:\Windows\System\DYKwogm.exe
  2⤵
  PID:4408
- C:\Windows\System\YANlINQ.exe
  C:\Windows\System\YANlINQ.exe
  2⤵
  PID:4440
- C:\Windows\System\BxecuYF.exe
  C:\Windows\System\BxecuYF.exe
  2⤵
  PID:4500
- C:\Windows\System\bwskwEl.exe
  C:\Windows\System\bwskwEl.exe
  2⤵
  PID:4552
- C:\Windows\System\sxXAhwP.exe
  C:\Windows\System\sxXAhwP.exe
  2⤵
  PID:4536
- C:\Windows\System\XXsknIf.exe
  C:\Windows\System\XXsknIf.exe
  2⤵
  PID:4612
- C:\Windows\System\UbeGUry.exe
  C:\Windows\System\UbeGUry.exe
  2⤵
  PID:4632
- C:\Windows\System\igraalT.exe
  C:\Windows\System\igraalT.exe
  2⤵
  PID:4680
- C:\Windows\System\YszPpZY.exe
  C:\Windows\System\YszPpZY.exe
  2⤵
  PID:4728
- C:\Windows\System\qERFISb.exe
  C:\Windows\System\qERFISb.exe
  2⤵
  PID:4748
- C:\Windows\System\QKPBAuU.exe
  C:\Windows\System\QKPBAuU.exe
  2⤵
  PID:4780
- C:\Windows\System\VnhUrMN.exe
  C:\Windows\System\VnhUrMN.exe
  2⤵
  PID:4792
- C:\Windows\System\NxDbpPH.exe
  C:\Windows\System\NxDbpPH.exe
  2⤵
  PID:4828
- C:\Windows\System\HRVCbVR.exe
  C:\Windows\System\HRVCbVR.exe
  2⤵
  PID:4876
- C:\Windows\System\GodUguK.exe
  C:\Windows\System\GodUguK.exe
  2⤵
  PID:4920
- C:\Windows\System\hJdustX.exe
  C:\Windows\System\hJdustX.exe
  2⤵
  PID:4924
- C:\Windows\System\mDFpVDZ.exe
  C:\Windows\System\mDFpVDZ.exe
  2⤵
  PID:5000
- C:\Windows\System\GFabZrv.exe
  C:\Windows\System\GFabZrv.exe
  2⤵
  PID:4952
- C:\Windows\System\JsvMcDI.exe
  C:\Windows\System\JsvMcDI.exe
  2⤵
  PID:5020
- C:\Windows\System\wMWgFEY.exe
  C:\Windows\System\wMWgFEY.exe
  2⤵
  PID:5068
- C:\Windows\System\lFtiYtI.exe
  C:\Windows\System\lFtiYtI.exe
  2⤵
  PID:5084
- C:\Windows\System\WJGohkY.exe
  C:\Windows\System\WJGohkY.exe
  2⤵
  PID:3924
- C:\Windows\System\TjzxYdc.exe
  C:\Windows\System\TjzxYdc.exe
  2⤵
  PID:3876
- C:\Windows\System\YNdXwop.exe
  C:\Windows\System\YNdXwop.exe
  2⤵
  PID:3960
- C:\Windows\System\vdkbPIu.exe
  C:\Windows\System\vdkbPIu.exe
  2⤵
  PID:3940
- C:\Windows\System\GjGphBQ.exe
  C:\Windows\System\GjGphBQ.exe
  2⤵
  PID:1160
- C:\Windows\System\OvemrCv.exe
  C:\Windows\System\OvemrCv.exe
  2⤵
  PID:3492
- C:\Windows\System\pxffOiz.exe
  C:\Windows\System\pxffOiz.exe
  2⤵
  PID:4100
- C:\Windows\System\staVYXS.exe
  C:\Windows\System\staVYXS.exe
  2⤵
  PID:4152
- C:\Windows\System\aqqwyMb.exe
  C:\Windows\System\aqqwyMb.exe
  2⤵
  PID:4280
- C:\Windows\System\MCSrUIi.exe
  C:\Windows\System\MCSrUIi.exe
  2⤵
  PID:4344
- C:\Windows\System\kKxGTsI.exe
  C:\Windows\System\kKxGTsI.exe
  2⤵
  PID:4292
- C:\Windows\System\HhsBMZi.exe
  C:\Windows\System\HhsBMZi.exe
  2⤵
  PID:4452
- C:\Windows\System\aHqHilL.exe
  C:\Windows\System\aHqHilL.exe
  2⤵
  PID:4532
- C:\Windows\System\UgvOXQv.exe
  C:\Windows\System\UgvOXQv.exe
  2⤵
  PID:4712
- C:\Windows\System\JdvVhxn.exe
  C:\Windows\System\JdvVhxn.exe
  2⤵
  PID:4456
- C:\Windows\System\OWFdLVj.exe
  C:\Windows\System\OWFdLVj.exe
  2⤵
  PID:4548
- C:\Windows\System\MWisWfd.exe
  C:\Windows\System\MWisWfd.exe
  2⤵
  PID:5132
- C:\Windows\System\PpAvmBT.exe
  C:\Windows\System\PpAvmBT.exe
  2⤵
  PID:5148
- C:\Windows\System\oFnkrcB.exe
  C:\Windows\System\oFnkrcB.exe
  2⤵
  PID:5164
- C:\Windows\System\fuJtWpe.exe
  C:\Windows\System\fuJtWpe.exe
  2⤵
  PID:5180
- C:\Windows\System\iGkAABy.exe
  C:\Windows\System\iGkAABy.exe
  2⤵
  PID:5196
- C:\Windows\System\iFCngee.exe
  C:\Windows\System\iFCngee.exe
  2⤵
  PID:5212
- C:\Windows\System\hmAukKW.exe
  C:\Windows\System\hmAukKW.exe
  2⤵
  PID:5228
- C:\Windows\System\kEEhoVs.exe
  C:\Windows\System\kEEhoVs.exe
  2⤵
  PID:5244
- C:\Windows\System\IdLqERm.exe
  C:\Windows\System\IdLqERm.exe
  2⤵
  PID:5260
- C:\Windows\System\QxiwTsx.exe
  C:\Windows\System\QxiwTsx.exe
  2⤵
  PID:5276
- C:\Windows\System\rXjpstp.exe
  C:\Windows\System\rXjpstp.exe
  2⤵
  PID:5292
- C:\Windows\System\YVbTHhD.exe
  C:\Windows\System\YVbTHhD.exe
  2⤵
  PID:5308
- C:\Windows\System\nJxnlLf.exe
  C:\Windows\System\nJxnlLf.exe
  2⤵
  PID:5324
- C:\Windows\System\QdkaNsh.exe
  C:\Windows\System\QdkaNsh.exe
  2⤵
  PID:5340
- C:\Windows\System\XYzznku.exe
  C:\Windows\System\XYzznku.exe
  2⤵
  PID:5356
- C:\Windows\System\tFoGNIE.exe
  C:\Windows\System\tFoGNIE.exe
  2⤵
  PID:5372
- C:\Windows\System\HHJSrtj.exe
  C:\Windows\System\HHJSrtj.exe
  2⤵
  PID:5388
- C:\Windows\System\ZanRKjl.exe
  C:\Windows\System\ZanRKjl.exe
  2⤵
  PID:5404
- C:\Windows\System\XKauKrT.exe
  C:\Windows\System\XKauKrT.exe
  2⤵
  PID:5420
- C:\Windows\System\BDhJvPX.exe
  C:\Windows\System\BDhJvPX.exe
  2⤵
  PID:5436
- C:\Windows\System\wxPFAKv.exe
  C:\Windows\System\wxPFAKv.exe
  2⤵
  PID:5452
- C:\Windows\System\EedVEdm.exe
  C:\Windows\System\EedVEdm.exe
  2⤵
  PID:5468
- C:\Windows\System\pantjvv.exe
  C:\Windows\System\pantjvv.exe
  2⤵
  PID:5492
- C:\Windows\System\orPjITV.exe
  C:\Windows\System\orPjITV.exe
  2⤵
  PID:5508
- C:\Windows\System\ydInpTL.exe
  C:\Windows\System\ydInpTL.exe
  2⤵
  PID:5524
- C:\Windows\System\fErDpRG.exe
  C:\Windows\System\fErDpRG.exe
  2⤵
  PID:5540
- C:\Windows\System\hXOYOWv.exe
  C:\Windows\System\hXOYOWv.exe
  2⤵
  PID:5556
- C:\Windows\System\MBDPaFK.exe
  C:\Windows\System\MBDPaFK.exe
  2⤵
  PID:5572
- C:\Windows\System\WZfeuxR.exe
  C:\Windows\System\WZfeuxR.exe
  2⤵
  PID:5588
- C:\Windows\System\yXvLYrM.exe
  C:\Windows\System\yXvLYrM.exe
  2⤵
  PID:5604
- C:\Windows\System\XvlJeLc.exe
  C:\Windows\System\XvlJeLc.exe
  2⤵
  PID:5620
- C:\Windows\System\NqLZTeA.exe
  C:\Windows\System\NqLZTeA.exe
  2⤵
  PID:5636
- C:\Windows\System\HFMdyYd.exe
  C:\Windows\System\HFMdyYd.exe
  2⤵
  PID:5652
- C:\Windows\System\cwMWyVS.exe
  C:\Windows\System\cwMWyVS.exe
  2⤵
  PID:5668
- C:\Windows\System\ohMPdAu.exe
  C:\Windows\System\ohMPdAu.exe
  2⤵
  PID:5684
- C:\Windows\System\ZZMXydm.exe
  C:\Windows\System\ZZMXydm.exe
  2⤵
  PID:5700
- C:\Windows\System\UsJMrtT.exe
  C:\Windows\System\UsJMrtT.exe
  2⤵
  PID:5716
- C:\Windows\System\csAbRDK.exe
  C:\Windows\System\csAbRDK.exe
  2⤵
  PID:5732
- C:\Windows\System\srczQuh.exe
  C:\Windows\System\srczQuh.exe
  2⤵
  PID:5748
- C:\Windows\System\gOTfqkC.exe
  C:\Windows\System\gOTfqkC.exe
  2⤵
  PID:5764
- C:\Windows\System\LVxRfhm.exe
  C:\Windows\System\LVxRfhm.exe
  2⤵
  PID:5780
- C:\Windows\System\jmILElB.exe
  C:\Windows\System\jmILElB.exe
  2⤵
  PID:5796
- C:\Windows\System\yfeiecN.exe
  C:\Windows\System\yfeiecN.exe
  2⤵
  PID:5812
- C:\Windows\System\qZrQFUf.exe
  C:\Windows\System\qZrQFUf.exe
  2⤵
  PID:5828
- C:\Windows\System\nVLFWdr.exe
  C:\Windows\System\nVLFWdr.exe
  2⤵
  PID:5844
- C:\Windows\System\UNicZDX.exe
  C:\Windows\System\UNicZDX.exe
  2⤵
  PID:5860
- C:\Windows\System\PLFcSWZ.exe
  C:\Windows\System\PLFcSWZ.exe
  2⤵
  PID:5876
- C:\Windows\System\gwqQJwT.exe
  C:\Windows\System\gwqQJwT.exe
  2⤵
  PID:5892
- C:\Windows\System\QLXIiTw.exe
  C:\Windows\System\QLXIiTw.exe
  2⤵
  PID:5908
- C:\Windows\System\wMXXwaB.exe
  C:\Windows\System\wMXXwaB.exe
  2⤵
  PID:5924
- C:\Windows\System\PcWfgkF.exe
  C:\Windows\System\PcWfgkF.exe
  2⤵
  PID:5940
- C:\Windows\System\sAikMUv.exe
  C:\Windows\System\sAikMUv.exe
  2⤵
  PID:5956
- C:\Windows\System\EcBPcfY.exe
  C:\Windows\System\EcBPcfY.exe
  2⤵
  PID:5972
- C:\Windows\System\rPYAXsj.exe
  C:\Windows\System\rPYAXsj.exe
  2⤵
  PID:5988
- C:\Windows\System\VJuIEeA.exe
  C:\Windows\System\VJuIEeA.exe
  2⤵
  PID:6004
- C:\Windows\System\DpsfQCI.exe
  C:\Windows\System\DpsfQCI.exe
  2⤵
  PID:6020
- C:\Windows\System\KftrCQz.exe
  C:\Windows\System\KftrCQz.exe
  2⤵
  PID:6036
- C:\Windows\System\FQlmRXx.exe
  C:\Windows\System\FQlmRXx.exe
  2⤵
  PID:6052
- C:\Windows\System\lDFIhhl.exe
  C:\Windows\System\lDFIhhl.exe
  2⤵
  PID:6068
- C:\Windows\System\nVCoVew.exe
  C:\Windows\System\nVCoVew.exe
  2⤵
  PID:6084
- C:\Windows\System\YBORBbj.exe
  C:\Windows\System\YBORBbj.exe
  2⤵
  PID:6100
- C:\Windows\System\gCCuKgq.exe
  C:\Windows\System\gCCuKgq.exe
  2⤵
  PID:6116
- C:\Windows\System\YEhCfEU.exe
  C:\Windows\System\YEhCfEU.exe
  2⤵
  PID:4824
- C:\Windows\System\FOlhIDG.exe
  C:\Windows\System\FOlhIDG.exe
  2⤵
  PID:4968
- C:\Windows\System\GQOVcTa.exe
  C:\Windows\System\GQOVcTa.exe
  2⤵
  PID:4668
- C:\Windows\System\kACZaJn.exe
  C:\Windows\System\kACZaJn.exe
  2⤵
  PID:4652
- C:\Windows\System\mvWGedg.exe
  C:\Windows\System\mvWGedg.exe
  2⤵
  PID:3768
- C:\Windows\System\pMIkxQY.exe
  C:\Windows\System\pMIkxQY.exe
  2⤵
  PID:4856
- C:\Windows\System\qhMOGvU.exe
  C:\Windows\System\qhMOGvU.exe
  2⤵
  PID:888
- C:\Windows\System\AmzIwDB.exe
  C:\Windows\System\AmzIwDB.exe
  2⤵
  PID:3736
- C:\Windows\System\cgyvKmW.exe
  C:\Windows\System\cgyvKmW.exe
  2⤵
  PID:4200
- C:\Windows\System\LuDiCjT.exe
  C:\Windows\System\LuDiCjT.exe
  2⤵
  PID:3864
- C:\Windows\System\lRyPFoX.exe
  C:\Windows\System\lRyPFoX.exe
  2⤵
  PID:4596
- C:\Windows\System\UjvrqfO.exe
  C:\Windows\System\UjvrqfO.exe
  2⤵
  PID:5140
- C:\Windows\System\tzRcBDV.exe
  C:\Windows\System\tzRcBDV.exe
  2⤵
  PID:1852
- C:\Windows\System\XCKVnuX.exe
  C:\Windows\System\XCKVnuX.exe
  2⤵
  PID:3572
- C:\Windows\System\ISgWImS.exe
  C:\Windows\System\ISgWImS.exe
  2⤵
  PID:4264
- C:\Windows\System\LXdjzOy.exe
  C:\Windows\System\LXdjzOy.exe
  2⤵
  PID:5204
- C:\Windows\System\gLvznGB.exe
  C:\Windows\System\gLvznGB.exe
  2⤵
  PID:5268
- C:\Windows\System\qylLdyE.exe
  C:\Windows\System\qylLdyE.exe
  2⤵
  PID:5304
- C:\Windows\System\Hdzytpl.exe
  C:\Windows\System\Hdzytpl.exe
  2⤵
  PID:5368
- C:\Windows\System\PxaVLWG.exe
  C:\Windows\System\PxaVLWG.exe
  2⤵
  PID:5128
- C:\Windows\System\GlqHTbG.exe
  C:\Windows\System\GlqHTbG.exe
  2⤵
  PID:5192
- C:\Windows\System\XnrfGeH.exe
  C:\Windows\System\XnrfGeH.exe
  2⤵
  PID:5256
- C:\Windows\System\sUzuiTl.exe
  C:\Windows\System\sUzuiTl.exe
  2⤵
  PID:5320
- C:\Windows\System\TFvLXrg.exe
  C:\Windows\System\TFvLXrg.exe
  2⤵
  PID:5380
- C:\Windows\System\ibJojyM.exe
  C:\Windows\System\ibJojyM.exe
  2⤵
  PID:5432
- C:\Windows\System\yHMOdbL.exe
  C:\Windows\System\yHMOdbL.exe
  2⤵
  PID:5504
- C:\Windows\System\WfysLGf.exe
  C:\Windows\System\WfysLGf.exe
  2⤵
  PID:5548
- C:\Windows\System\zlfepWs.exe
  C:\Windows\System\zlfepWs.exe
  2⤵
  PID:5488
- C:\Windows\System\rHPuzfC.exe
  C:\Windows\System\rHPuzfC.exe
  2⤵
  PID:5564
- C:\Windows\System\TBGbmjW.exe
  C:\Windows\System\TBGbmjW.exe
  2⤵
  PID:5580
- C:\Windows\System\ErmRWhw.exe
  C:\Windows\System\ErmRWhw.exe
  2⤵
  PID:5660
- C:\Windows\System\zGEsckP.exe
  C:\Windows\System\zGEsckP.exe
  2⤵
  PID:5724
- C:\Windows\System\dlsPQaD.exe
  C:\Windows\System\dlsPQaD.exe
  2⤵
  PID:5680
- C:\Windows\System\mAXNbTM.exe
  C:\Windows\System\mAXNbTM.exe
  2⤵
  PID:5616
- C:\Windows\System\rOuagNc.exe
  C:\Windows\System\rOuagNc.exe
  2⤵
  PID:5756
- C:\Windows\System\SxySgJK.exe
  C:\Windows\System\SxySgJK.exe
  2⤵
  PID:5792
- C:\Windows\System\SkZutXc.exe
  C:\Windows\System\SkZutXc.exe
  2⤵
  PID:5856
- C:\Windows\System\MVijTXs.exe
  C:\Windows\System\MVijTXs.exe
  2⤵
  PID:5772
- C:\Windows\System\qmGWEvn.exe
  C:\Windows\System\qmGWEvn.exe
  2⤵
  PID:5840
- C:\Windows\System\HbtjLYz.exe
  C:\Windows\System\HbtjLYz.exe
  2⤵
  PID:5904
- C:\Windows\System\kliqAaV.exe
  C:\Windows\System\kliqAaV.exe
  2⤵
  PID:5948
- C:\Windows\System\YwUGNgB.exe
  C:\Windows\System\YwUGNgB.exe
  2⤵
  PID:5968
- C:\Windows\System\JjYRHCn.exe
  C:\Windows\System\JjYRHCn.exe
  2⤵
  PID:6016
- C:\Windows\System\BnWJrgx.exe
  C:\Windows\System\BnWJrgx.exe
  2⤵
  PID:6092
- C:\Windows\System\OtoMNGx.exe
  C:\Windows\System\OtoMNGx.exe
  2⤵
  PID:6032
- C:\Windows\System\vZkmBhq.exe
  C:\Windows\System\vZkmBhq.exe
  2⤵
  PID:6096
- C:\Windows\System\QTcmaOE.exe
  C:\Windows\System\QTcmaOE.exe
  2⤵
  PID:4908
- C:\Windows\System\gnRHgGo.exe
  C:\Windows\System\gnRHgGo.exe
  2⤵
  PID:4636
- C:\Windows\System\fyKsKQT.exe
  C:\Windows\System\fyKsKQT.exe
  2⤵
  PID:5116
- C:\Windows\System\HQDYLtk.exe
  C:\Windows\System\HQDYLtk.exe
  2⤵
  PID:3352
- C:\Windows\System\vhXIznJ.exe
  C:\Windows\System\vhXIznJ.exe
  2⤵
  PID:1620
- C:\Windows\System\LgtdUzD.exe
  C:\Windows\System\LgtdUzD.exe
  2⤵
  PID:4312
- C:\Windows\System\JkMaeas.exe
  C:\Windows\System\JkMaeas.exe
  2⤵
  PID:3784
- C:\Windows\System\iNEYBaM.exe
  C:\Windows\System\iNEYBaM.exe
  2⤵
  PID:4404
- C:\Windows\System\eixIBbX.exe
  C:\Windows\System\eixIBbX.exe
  2⤵
  PID:5240
- C:\Windows\System\MEzVUhB.exe
  C:\Windows\System\MEzVUhB.exe
  2⤵
  PID:5224
- C:\Windows\System\znQZiAx.exe
  C:\Windows\System\znQZiAx.exe
  2⤵
  PID:2228
- C:\Windows\System\lGvnaDB.exe
  C:\Windows\System\lGvnaDB.exe
  2⤵
  PID:5288
- C:\Windows\System\vbSTFak.exe
  C:\Windows\System\vbSTFak.exe
  2⤵
  PID:5464
- C:\Windows\System\EIvmwkF.exe
  C:\Windows\System\EIvmwkF.exe
  2⤵
  PID:5520
- C:\Windows\System\VKmVRaR.exe
  C:\Windows\System\VKmVRaR.exe
  2⤵
  PID:5448
- C:\Windows\System\RcnPeRC.exe
  C:\Windows\System\RcnPeRC.exe
  2⤵
  PID:5696
- C:\Windows\System\iQjBSAW.exe
  C:\Windows\System\iQjBSAW.exe
  2⤵
  PID:5612
- C:\Windows\System\BuxAKjv.exe
  C:\Windows\System\BuxAKjv.exe
  2⤵
  PID:5740
- C:\Windows\System\JxGrEUy.exe
  C:\Windows\System\JxGrEUy.exe
  2⤵
  PID:5888
- C:\Windows\System\MzNcbLr.exe
  C:\Windows\System\MzNcbLr.exe
  2⤵
  PID:5804
- C:\Windows\System\yJCumlb.exe
  C:\Windows\System\yJCumlb.exe
  2⤵
  PID:5900
- C:\Windows\System\uufLtPk.exe
  C:\Windows\System\uufLtPk.exe
  2⤵
  PID:5984
- C:\Windows\System\nPOiDll.exe
  C:\Windows\System\nPOiDll.exe
  2⤵
  PID:6152
- C:\Windows\System\leaisEC.exe
  C:\Windows\System\leaisEC.exe
  2⤵
  PID:6168
- C:\Windows\System\ihhTdlM.exe
  C:\Windows\System\ihhTdlM.exe
  2⤵
  PID:6184
- C:\Windows\System\JfpbabL.exe
  C:\Windows\System\JfpbabL.exe
  2⤵
  PID:6200
- C:\Windows\System\GUzkMEK.exe
  C:\Windows\System\GUzkMEK.exe
  2⤵
  PID:6216
- C:\Windows\System\bsGKmBo.exe
  C:\Windows\System\bsGKmBo.exe
  2⤵
  PID:6232
- C:\Windows\System\oVctTQl.exe
  C:\Windows\System\oVctTQl.exe
  2⤵
  PID:6248
- C:\Windows\System\ZEWlZIA.exe
  C:\Windows\System\ZEWlZIA.exe
  2⤵
  PID:6264
- C:\Windows\System\LsjxTYK.exe
  C:\Windows\System\LsjxTYK.exe
  2⤵
  PID:6280
- C:\Windows\System\rCwjXoX.exe
  C:\Windows\System\rCwjXoX.exe
  2⤵
  PID:6296
- C:\Windows\System\IkXgUNX.exe
  C:\Windows\System\IkXgUNX.exe
  2⤵
  PID:6312
- C:\Windows\System\uuDHHnn.exe
  C:\Windows\System\uuDHHnn.exe
  2⤵
  PID:6328
- C:\Windows\System\HBNjzZG.exe
  C:\Windows\System\HBNjzZG.exe
  2⤵
  PID:6344
- C:\Windows\System\eBLrCDn.exe
  C:\Windows\System\eBLrCDn.exe
  2⤵
  PID:6360
- C:\Windows\System\droSaZA.exe
  C:\Windows\System\droSaZA.exe
  2⤵
  PID:6376
- C:\Windows\System\brDaxeI.exe
  C:\Windows\System\brDaxeI.exe
  2⤵
  PID:6392
- C:\Windows\System\QSSfZzU.exe
  C:\Windows\System\QSSfZzU.exe
  2⤵
  PID:6408
- C:\Windows\System\aOECdXJ.exe
  C:\Windows\System\aOECdXJ.exe
  2⤵
  PID:6424
- C:\Windows\System\otPlCcl.exe
  C:\Windows\System\otPlCcl.exe
  2⤵
  PID:6440
- C:\Windows\System\aweGiUv.exe
  C:\Windows\System\aweGiUv.exe
  2⤵
  PID:6456
- C:\Windows\System\RHfjTGu.exe
  C:\Windows\System\RHfjTGu.exe
  2⤵
  PID:6472
- C:\Windows\System\ElVbIrv.exe
  C:\Windows\System\ElVbIrv.exe
  2⤵
  PID:6488
- C:\Windows\System\opySwas.exe
  C:\Windows\System\opySwas.exe
  2⤵
  PID:6504
- C:\Windows\System\MtWGUHN.exe
  C:\Windows\System\MtWGUHN.exe
  2⤵
  PID:6520
- C:\Windows\System\tJYueLb.exe
  C:\Windows\System\tJYueLb.exe
  2⤵
  PID:6536
- C:\Windows\System\oLwuPuv.exe
  C:\Windows\System\oLwuPuv.exe
  2⤵
  PID:6552
- C:\Windows\System\eLRCgze.exe
  C:\Windows\System\eLRCgze.exe
  2⤵
  PID:6568
- C:\Windows\System\POejpZr.exe
  C:\Windows\System\POejpZr.exe
  2⤵
  PID:6584
- C:\Windows\System\cfSgRCQ.exe
  C:\Windows\System\cfSgRCQ.exe
  2⤵
  PID:6600
- C:\Windows\System\vXsDYPG.exe
  C:\Windows\System\vXsDYPG.exe
  2⤵
  PID:6616
- C:\Windows\System\ynvISLn.exe
  C:\Windows\System\ynvISLn.exe
  2⤵
  PID:6632
- C:\Windows\System\VIGDFhU.exe
  C:\Windows\System\VIGDFhU.exe
  2⤵
  PID:6648
- C:\Windows\System\rcTrHho.exe
  C:\Windows\System\rcTrHho.exe
  2⤵
  PID:6664
- C:\Windows\System\MgwIkBj.exe
  C:\Windows\System\MgwIkBj.exe
  2⤵
  PID:6680
- C:\Windows\System\okbKyId.exe
  C:\Windows\System\okbKyId.exe
  2⤵
  PID:6696
- C:\Windows\System\qvzdfkz.exe
  C:\Windows\System\qvzdfkz.exe
  2⤵
  PID:6712
- C:\Windows\System\WvONnmR.exe
  C:\Windows\System\WvONnmR.exe
  2⤵
  PID:6728
- C:\Windows\System\vrJyJPW.exe
  C:\Windows\System\vrJyJPW.exe
  2⤵
  PID:6744
- C:\Windows\System\sgxQaIh.exe
  C:\Windows\System\sgxQaIh.exe
  2⤵
  PID:6760
- C:\Windows\System\xcPEVdp.exe
  C:\Windows\System\xcPEVdp.exe
  2⤵
  PID:6776
- C:\Windows\System\ChytWOo.exe
  C:\Windows\System\ChytWOo.exe
  2⤵
  PID:6792
- C:\Windows\System\KZbsgDl.exe
  C:\Windows\System\KZbsgDl.exe
  2⤵
  PID:6808
- C:\Windows\System\wRJpTvl.exe
  C:\Windows\System\wRJpTvl.exe
  2⤵
  PID:6824
- C:\Windows\System\TLBLZMX.exe
  C:\Windows\System\TLBLZMX.exe
  2⤵
  PID:6840
- C:\Windows\System\FsFhmsd.exe
  C:\Windows\System\FsFhmsd.exe
  2⤵
  PID:6856
- C:\Windows\System\FGxWvag.exe
  C:\Windows\System\FGxWvag.exe
  2⤵
  PID:6872
- C:\Windows\System\MOJUUIP.exe
  C:\Windows\System\MOJUUIP.exe
  2⤵
  PID:6888
- C:\Windows\System\zYSwXqd.exe
  C:\Windows\System\zYSwXqd.exe
  2⤵
  PID:6904
- C:\Windows\System\LBqvBnp.exe
  C:\Windows\System\LBqvBnp.exe
  2⤵
  PID:6920
- C:\Windows\System\GCstWpy.exe
  C:\Windows\System\GCstWpy.exe
  2⤵
  PID:6936
- C:\Windows\System\LBlyQnI.exe
  C:\Windows\System\LBlyQnI.exe
  2⤵
  PID:6952
- C:\Windows\System\lmujauO.exe
  C:\Windows\System\lmujauO.exe
  2⤵
  PID:6968
- C:\Windows\System\OlFesKz.exe
  C:\Windows\System\OlFesKz.exe
  2⤵
  PID:6984
- C:\Windows\System\LceOmQV.exe
  C:\Windows\System\LceOmQV.exe
  2⤵
  PID:7000
- C:\Windows\System\WWmKsER.exe
  C:\Windows\System\WWmKsER.exe
  2⤵
  PID:7016
- C:\Windows\System\QrXBsDV.exe
  C:\Windows\System\QrXBsDV.exe
  2⤵
  PID:7032
- C:\Windows\System\lSEEiZQ.exe
  C:\Windows\System\lSEEiZQ.exe
  2⤵
  PID:7048
- C:\Windows\System\ozSHSte.exe
  C:\Windows\System\ozSHSte.exe
  2⤵
  PID:7064
- C:\Windows\System\zshsUon.exe
  C:\Windows\System\zshsUon.exe
  2⤵
  PID:7080
- C:\Windows\System\JziwgBj.exe
  C:\Windows\System\JziwgBj.exe
  2⤵
  PID:7096
- C:\Windows\System\XGtxtts.exe
  C:\Windows\System\XGtxtts.exe
  2⤵
  PID:7112
- C:\Windows\System\OsHNfLC.exe
  C:\Windows\System\OsHNfLC.exe
  2⤵
  PID:7128
- C:\Windows\System\HEELUkY.exe
  C:\Windows\System\HEELUkY.exe
  2⤵
  PID:7144
- C:\Windows\System\ObaWQmd.exe
  C:\Windows\System\ObaWQmd.exe
  2⤵
  PID:7160
- C:\Windows\System\MXiUGtR.exe
  C:\Windows\System\MXiUGtR.exe
  2⤵
  PID:2740
- C:\Windows\System\OrnNWlJ.exe
  C:\Windows\System\OrnNWlJ.exe
  2⤵
  PID:5032
- C:\Windows\System\RvPySxE.exe
  C:\Windows\System\RvPySxE.exe
  2⤵
  PID:3284
- C:\Windows\System\RCDVJyo.exe
  C:\Windows\System\RCDVJyo.exe
  2⤵
  PID:2448
- C:\Windows\System\gPeyevH.exe
  C:\Windows\System\gPeyevH.exe
  2⤵
  PID:5172
- C:\Windows\System\GUpzvOR.exe
  C:\Windows\System\GUpzvOR.exe
  2⤵
  PID:4376
- C:\Windows\System\MQVWwRQ.exe
  C:\Windows\System\MQVWwRQ.exe
  2⤵
  PID:5188
- C:\Windows\System\TYEUHRO.exe
  C:\Windows\System\TYEUHRO.exe
  2⤵
  PID:5536
- C:\Windows\System\JLdQKpT.exe
  C:\Windows\System\JLdQKpT.exe
  2⤵
  PID:5692
- C:\Windows\System\dpthCfp.exe
  C:\Windows\System\dpthCfp.exe
  2⤵
  PID:2092
- C:\Windows\System\QXnomrn.exe
  C:\Windows\System\QXnomrn.exe
  2⤵
  PID:7072
- C:\Windows\System\dOJQVmN.exe
  C:\Windows\System\dOJQVmN.exe
  2⤵
  PID:6140
- C:\Windows\System\IPuMDxS.exe
  C:\Windows\System\IPuMDxS.exe
  2⤵
  PID:7140
- C:\Windows\System\ipFcMLs.exe
  C:\Windows\System\ipFcMLs.exe
  2⤵
  PID:5124
- C:\Windows\System\NgszyDU.exe
  C:\Windows\System\NgszyDU.exe
  2⤵
  PID:3208
- C:\Windows\System\ccIayDX.exe
  C:\Windows\System\ccIayDX.exe
  2⤵
  PID:5964
- C:\Windows\System\mUetFeR.exe
  C:\Windows\System\mUetFeR.exe
  2⤵
  PID:6048
- C:\Windows\System\zdThHsn.exe
  C:\Windows\System\zdThHsn.exe
  2⤵
  PID:600
- C:\Windows\System\LOvKfHg.exe
  C:\Windows\System\LOvKfHg.exe
  2⤵
  PID:6012
- C:\Windows\System\BZSEIkC.exe
  C:\Windows\System\BZSEIkC.exe
  2⤵
  PID:6180
- C:\Windows\System\dqfTKTs.exe
  C:\Windows\System\dqfTKTs.exe
  2⤵
  PID:6208
- C:\Windows\System\ucjypdq.exe
  C:\Windows\System\ucjypdq.exe
  2⤵
  PID:6244
- C:\Windows\System\UKyjxAm.exe
  C:\Windows\System\UKyjxAm.exe
  2⤵
  PID:6272
- C:\Windows\System\LMcNXmY.exe
  C:\Windows\System\LMcNXmY.exe
  2⤵
  PID:6324
- C:\Windows\System\jrCvayf.exe
  C:\Windows\System\jrCvayf.exe
  2⤵
  PID:6308
- C:\Windows\System\OmAhXSl.exe
  C:\Windows\System\OmAhXSl.exe
  2⤵
  PID:6388
- C:\Windows\System\rPyWTVe.exe
  C:\Windows\System\rPyWTVe.exe
  2⤵
  PID:6420
- C:\Windows\System\egYkkgL.exe
  C:\Windows\System\egYkkgL.exe
  2⤵
  PID:6452
- C:\Windows\System\ZHnuBMA.exe
  C:\Windows\System\ZHnuBMA.exe
  2⤵
  PID:6484
- C:\Windows\System\Ljiqnib.exe
  C:\Windows\System\Ljiqnib.exe
  2⤵
  PID:6532
- C:\Windows\System\KCGVfGz.exe
  C:\Windows\System\KCGVfGz.exe
  2⤵
  PID:6500
- C:\Windows\System\JntPKbx.exe
  C:\Windows\System\JntPKbx.exe
  2⤵
  PID:6560
- C:\Windows\System\IESCrhP.exe
  C:\Windows\System\IESCrhP.exe
  2⤵
  PID:6608
- C:\Windows\System\GiDxshC.exe
  C:\Windows\System\GiDxshC.exe
  2⤵
  PID:6640
- C:\Windows\System\Jgpkmll.exe
  C:\Windows\System\Jgpkmll.exe
  2⤵
  PID:6672
- C:\Windows\System\UEGdlyl.exe
  C:\Windows\System\UEGdlyl.exe
  2⤵
  PID:6736
- C:\Windows\System\tssJPHP.exe
  C:\Windows\System\tssJPHP.exe
  2⤵
  PID:6800
- C:\Windows\System\uzvNrVR.exe
  C:\Windows\System\uzvNrVR.exe
  2⤵
  PID:6692
- C:\Windows\System\pZJsEsA.exe
  C:\Windows\System\pZJsEsA.exe
  2⤵
  PID:1928
- C:\Windows\System\nMiLbXB.exe
  C:\Windows\System\nMiLbXB.exe
  2⤵
  PID:6816
- C:\Windows\System\tWBvwSa.exe
  C:\Windows\System\tWBvwSa.exe
  2⤵
  PID:6864
- C:\Windows\System\DshvffU.exe
  C:\Windows\System\DshvffU.exe
  2⤵
  PID:6928
- C:\Windows\System\cxLGqWc.exe
  C:\Windows\System\cxLGqWc.exe
  2⤵
  PID:6992
- C:\Windows\System\xbSGDyB.exe
  C:\Windows\System\xbSGDyB.exe
  2⤵
  PID:7056
- C:\Windows\System\sdslGNk.exe
  C:\Windows\System\sdslGNk.exe
  2⤵
  PID:7124
- C:\Windows\System\HcsfBCb.exe
  C:\Windows\System\HcsfBCb.exe
  2⤵
  PID:6060
- C:\Windows\System\eGyVILl.exe
  C:\Windows\System\eGyVILl.exe
  2⤵
  PID:5048
- C:\Windows\System\VKtSGSs.exe
  C:\Windows\System\VKtSGSs.exe
  2⤵
  PID:6848
- C:\Windows\System\JPVeyUF.exe
  C:\Windows\System\JPVeyUF.exe
  2⤵
  PID:2700
- C:\Windows\System\TCuSWFp.exe
  C:\Windows\System\TCuSWFp.exe
  2⤵
  PID:6944
- C:\Windows\System\cBSCwmV.exe
  C:\Windows\System\cBSCwmV.exe
  2⤵
  PID:6980
- C:\Windows\System\FyKEXlm.exe
  C:\Windows\System\FyKEXlm.exe
  2⤵
  PID:5552
- C:\Windows\System\XFMUBup.exe
  C:\Windows\System\XFMUBup.exe
  2⤵
  PID:2836
- C:\Windows\System\dsuaAFn.exe
  C:\Windows\System\dsuaAFn.exe
  2⤵
  PID:2156
- C:\Windows\System\SYluPUL.exe
  C:\Windows\System\SYluPUL.exe
  2⤵
  PID:3004
- C:\Windows\System\qKyNjaG.exe
  C:\Windows\System\qKyNjaG.exe
  2⤵
  PID:2688
- C:\Windows\System\IbKlhwR.exe
  C:\Windows\System\IbKlhwR.exe
  2⤵
  PID:2496
- C:\Windows\System\dYbCmuh.exe
  C:\Windows\System\dYbCmuh.exe
  2⤵
  PID:6164
- C:\Windows\System\EJXcErH.exe
  C:\Windows\System\EJXcErH.exe
  2⤵
  PID:6260
- C:\Windows\System\oJauMCW.exe
  C:\Windows\System\oJauMCW.exe
  2⤵
  PID:6368
- C:\Windows\System\XaHPBjw.exe
  C:\Windows\System\XaHPBjw.exe
  2⤵
  PID:6516
- C:\Windows\System\ArFIZyM.exe
  C:\Windows\System\ArFIZyM.exe
  2⤵
  PID:6576
- C:\Windows\System\CXxdBPf.exe
  C:\Windows\System\CXxdBPf.exe
  2⤵
  PID:6128
- C:\Windows\System\TDkgvis.exe
  C:\Windows\System\TDkgvis.exe
  2⤵
  PID:6660
- C:\Windows\System\hortKnr.exe
  C:\Windows\System\hortKnr.exe
  2⤵
  PID:2712
- C:\Windows\System\xOSsksJ.exe
  C:\Windows\System\xOSsksJ.exe
  2⤵
  PID:7024
- C:\Windows\System\MtNjlNB.exe
  C:\Windows\System\MtNjlNB.exe
  2⤵
  PID:7104
- C:\Windows\System\GunQBgc.exe
  C:\Windows\System\GunQBgc.exe
  2⤵
  PID:6836
- C:\Windows\System\ZCQHTXo.exe
  C:\Windows\System\ZCQHTXo.exe
  2⤵
  PID:6768
- C:\Windows\System\sxKzWqP.exe
  C:\Windows\System\sxKzWqP.exe
  2⤵
  PID:7340
- C:\Windows\System\WioIYHD.exe
  C:\Windows\System\WioIYHD.exe
  2⤵
  PID:7364
- C:\Windows\System\czgbNgJ.exe
  C:\Windows\System\czgbNgJ.exe
  2⤵
  PID:7380
- C:\Windows\System\zqNNwEe.exe
  C:\Windows\System\zqNNwEe.exe
  2⤵
  PID:7396
- C:\Windows\System\wUAoNLn.exe
  C:\Windows\System\wUAoNLn.exe
  2⤵
  PID:7412
- C:\Windows\System\ETHyOUF.exe
  C:\Windows\System\ETHyOUF.exe
  2⤵
  PID:7432
- C:\Windows\System\oTYgUVL.exe
  C:\Windows\System\oTYgUVL.exe
  2⤵
  PID:7448
- C:\Windows\System\SMGJyTo.exe
  C:\Windows\System\SMGJyTo.exe
  2⤵
  PID:7464
- C:\Windows\System\aeQPZfA.exe
  C:\Windows\System\aeQPZfA.exe
  2⤵
  PID:7480
- C:\Windows\System\SDDLyaR.exe
  C:\Windows\System\SDDLyaR.exe
  2⤵
  PID:7496
- C:\Windows\System\voKDHma.exe
  C:\Windows\System\voKDHma.exe
  2⤵
  PID:7512
- C:\Windows\System\UKLlDQE.exe
  C:\Windows\System\UKLlDQE.exe
  2⤵
  PID:7528
- C:\Windows\System\dutoxzK.exe
  C:\Windows\System\dutoxzK.exe
  2⤵
  PID:7544
- C:\Windows\System\uZlGmaO.exe
  C:\Windows\System\uZlGmaO.exe
  2⤵
  PID:7560
- C:\Windows\System\TMKIvHD.exe
  C:\Windows\System\TMKIvHD.exe
  2⤵
  PID:7576
- C:\Windows\System\uAyCJmW.exe
  C:\Windows\System\uAyCJmW.exe
  2⤵
  PID:7592
- C:\Windows\System\AspkXHD.exe
  C:\Windows\System\AspkXHD.exe
  2⤵
  PID:7608
- C:\Windows\System\xRDJxKM.exe
  C:\Windows\System\xRDJxKM.exe
  2⤵
  PID:7624
- C:\Windows\System\wyEJaWz.exe
  C:\Windows\System\wyEJaWz.exe
  2⤵
  PID:7640
- C:\Windows\System\ETgPAgm.exe
  C:\Windows\System\ETgPAgm.exe
  2⤵
  PID:7656
- C:\Windows\System\izLxDID.exe
  C:\Windows\System\izLxDID.exe
  2⤵
  PID:7672
- C:\Windows\System\TdqfcSF.exe
  C:\Windows\System\TdqfcSF.exe
  2⤵
  PID:7688
- C:\Windows\System\OSDLozd.exe
  C:\Windows\System\OSDLozd.exe
  2⤵
  PID:7704
- C:\Windows\System\sOujWrG.exe
  C:\Windows\System\sOujWrG.exe
  2⤵
  PID:7720
- C:\Windows\System\CRIskZi.exe
  C:\Windows\System\CRIskZi.exe
  2⤵
  PID:7736
- C:\Windows\System\wBQqsfo.exe
  C:\Windows\System\wBQqsfo.exe
  2⤵
  PID:7752
- C:\Windows\System\PwmkbhY.exe
  C:\Windows\System\PwmkbhY.exe
  2⤵
  PID:7768
- C:\Windows\System\sjxEMxR.exe
  C:\Windows\System\sjxEMxR.exe
  2⤵
  PID:7784
- C:\Windows\System\SDamgCe.exe
  C:\Windows\System\SDamgCe.exe
  2⤵
  PID:7804
- C:\Windows\System\uVzUPsI.exe
  C:\Windows\System\uVzUPsI.exe
  2⤵
  PID:7820
- C:\Windows\System\WTlktUx.exe
  C:\Windows\System\WTlktUx.exe
  2⤵
  PID:7836
- C:\Windows\System\GsaoaGw.exe
  C:\Windows\System\GsaoaGw.exe
  2⤵
  PID:7852
- C:\Windows\System\QBVWLPn.exe
  C:\Windows\System\QBVWLPn.exe
  2⤵
  PID:7868
- C:\Windows\System\kgAjHdw.exe
  C:\Windows\System\kgAjHdw.exe
  2⤵
  PID:7884
- C:\Windows\System\KfAxdqL.exe
  C:\Windows\System\KfAxdqL.exe
  2⤵
  PID:7900
- C:\Windows\System\RklnMde.exe
  C:\Windows\System\RklnMde.exe
  2⤵
  PID:7916
- C:\Windows\System\tqaRuAF.exe
  C:\Windows\System\tqaRuAF.exe
  2⤵
  PID:7932
- C:\Windows\System\IqKtCVG.exe
  C:\Windows\System\IqKtCVG.exe
  2⤵
  PID:7948
- C:\Windows\System\gRnrfmS.exe
  C:\Windows\System\gRnrfmS.exe
  2⤵
  PID:7964
- C:\Windows\System\CuBuBfk.exe
  C:\Windows\System\CuBuBfk.exe
  2⤵
  PID:7980
- C:\Windows\System\tIThwFg.exe
  C:\Windows\System\tIThwFg.exe
  2⤵
  PID:7996
- C:\Windows\System\aKWloqc.exe
  C:\Windows\System\aKWloqc.exe
  2⤵
  PID:8012
- C:\Windows\System\FwTVcHk.exe
  C:\Windows\System\FwTVcHk.exe
  2⤵
  PID:8028
- C:\Windows\System\eaJHVgH.exe
  C:\Windows\System\eaJHVgH.exe
  2⤵
  PID:8044
- C:\Windows\System\jhveOmA.exe
  C:\Windows\System\jhveOmA.exe
  2⤵
  PID:8120
- C:\Windows\System\BeUxqBE.exe
  C:\Windows\System\BeUxqBE.exe
  2⤵
  PID:8136
- C:\Windows\System\ZXSzBUc.exe
  C:\Windows\System\ZXSzBUc.exe
  2⤵
  PID:8152
- C:\Windows\System\KRedyDA.exe
  C:\Windows\System\KRedyDA.exe
  2⤵
  PID:8168
- C:\Windows\System\uNbkfsY.exe
  C:\Windows\System\uNbkfsY.exe
  2⤵
  PID:8184
- C:\Windows\System\AOeCFRu.exe
  C:\Windows\System\AOeCFRu.exe
  2⤵
  PID:5916
- C:\Windows\System\Wjsxuib.exe
  C:\Windows\System\Wjsxuib.exe
  2⤵
  PID:2064
- C:\Windows\System\fCVcumZ.exe
  C:\Windows\System\fCVcumZ.exe
  2⤵
  PID:6704
- C:\Windows\System\kZfeFUC.exe
  C:\Windows\System\kZfeFUC.exe
  2⤵
  PID:6960
- C:\Windows\System\AXObKFd.exe
  C:\Windows\System\AXObKFd.exe
  2⤵
  PID:6592
- C:\Windows\System\HEUPtTQ.exe
  C:\Windows\System\HEUPtTQ.exe
  2⤵
  PID:6528
- C:\Windows\System\wlLAWiH.exe
  C:\Windows\System\wlLAWiH.exe
  2⤵
  PID:6400
- C:\Windows\System\FLPNVgV.exe
  C:\Windows\System\FLPNVgV.exe
  2⤵
  PID:6256
- C:\Windows\System\LdgOKUm.exe
  C:\Windows\System\LdgOKUm.exe
  2⤵
  PID:5952
- C:\Windows\System\eblTyEW.exe
  C:\Windows\System\eblTyEW.exe
  2⤵
  PID:7212
- C:\Windows\System\FDxrEFR.exe
  C:\Windows\System\FDxrEFR.exe
  2⤵
  PID:7232
- C:\Windows\System\llofmvq.exe
  C:\Windows\System\llofmvq.exe
  2⤵
  PID:7248
- C:\Windows\System\TFgGhgi.exe
  C:\Windows\System\TFgGhgi.exe
  2⤵
  PID:7272
- C:\Windows\System\JvWdoOq.exe
  C:\Windows\System\JvWdoOq.exe
  2⤵
  PID:4716
- C:\Windows\System\fjZxIMP.exe
  C:\Windows\System\fjZxIMP.exe
  2⤵
  PID:6108
- C:\Windows\System\Kfupzpt.exe
  C:\Windows\System\Kfupzpt.exe
  2⤵
  PID:7376
- C:\Windows\System\xviuwCP.exe
  C:\Windows\System\xviuwCP.exe
  2⤵
  PID:3096
- C:\Windows\System\WegSPXV.exe
  C:\Windows\System\WegSPXV.exe
  2⤵
  PID:7424
- C:\Windows\System\IaJhfDf.exe
  C:\Windows\System\IaJhfDf.exe
  2⤵
  PID:3020
- C:\Windows\System\RtWvbYG.exe
  C:\Windows\System\RtWvbYG.exe
  2⤵
  PID:7864
- C:\Windows\System\zJoerMC.exe
  C:\Windows\System\zJoerMC.exe
  2⤵
  PID:6352
- C:\Windows\System\GhXOhIH.exe
  C:\Windows\System\GhXOhIH.exe
  2⤵
  PID:6384
- C:\Windows\System\iDcqxti.exe
  C:\Windows\System\iDcqxti.exe
  2⤵
  PID:5400
- C:\Windows\System\CRgVvqv.exe
  C:\Windows\System\CRgVvqv.exe
  2⤵
  PID:6916
- C:\Windows\System\VycAejq.exe
  C:\Windows\System\VycAejq.exe
  2⤵
  PID:2272
- C:\Windows\System\jzPQfFq.exe
  C:\Windows\System\jzPQfFq.exe
  2⤵
  PID:7188
- C:\Windows\System\BGZnzyW.exe
  C:\Windows\System\BGZnzyW.exe
  2⤵
  PID:7204
- C:\Windows\System\JvZGjqS.exe
  C:\Windows\System\JvZGjqS.exe
  2⤵
  PID:7244
- C:\Windows\System\dBDrfrS.exe
  C:\Windows\System\dBDrfrS.exe
  2⤵
  PID:7292
- C:\Windows\System\oHPCsxC.exe
  C:\Windows\System\oHPCsxC.exe
  2⤵
  PID:7308
- C:\Windows\System\CtLuAtO.exe
  C:\Windows\System\CtLuAtO.exe
  2⤵
  PID:7324
- C:\Windows\System\NRwnvsv.exe
  C:\Windows\System\NRwnvsv.exe
  2⤵
  PID:7336
- C:\Windows\System\kgMDpKP.exe
  C:\Windows\System\kgMDpKP.exe
  2⤵
  PID:2616
- C:\Windows\System\TbbVpLn.exe
  C:\Windows\System\TbbVpLn.exe
  2⤵
  PID:2552
- C:\Windows\System\pYEBnNP.exe
  C:\Windows\System\pYEBnNP.exe
  2⤵
  PID:7428
- C:\Windows\System\rfBlKCq.exe
  C:\Windows\System\rfBlKCq.exe
  2⤵
  PID:2696
- C:\Windows\System\rozvmGH.exe
  C:\Windows\System\rozvmGH.exe
  2⤵
  PID:2596
- C:\Windows\System\tGHlDxK.exe
  C:\Windows\System\tGHlDxK.exe
  2⤵
  PID:1260
- C:\Windows\System\QZoVRCA.exe
  C:\Windows\System\QZoVRCA.exe
  2⤵
  PID:2200
- C:\Windows\System\ynDwmCJ.exe
  C:\Windows\System\ynDwmCJ.exe
  2⤵
  PID:7600
- C:\Windows\System\TiBwNIN.exe
  C:\Windows\System\TiBwNIN.exe
  2⤵
  PID:2312
- C:\Windows\System\fxWFjpb.exe
  C:\Windows\System\fxWFjpb.exe
  2⤵
  PID:7636
- C:\Windows\System\IKFjfoa.exe
  C:\Windows\System\IKFjfoa.exe
  2⤵
  PID:7700
- C:\Windows\System\PMDHrcL.exe
  C:\Windows\System\PMDHrcL.exe
  2⤵
  PID:7732
- C:\Windows\System\KLKSufK.exe
  C:\Windows\System\KLKSufK.exe
  2⤵
  PID:7652
- C:\Windows\System\wmlMeVx.exe
  C:\Windows\System\wmlMeVx.exe
  2⤵
  PID:7792
- C:\Windows\System\xLeEUlf.exe
  C:\Windows\System\xLeEUlf.exe
  2⤵
  PID:7780
- C:\Windows\System\uXwVYfc.exe
  C:\Windows\System\uXwVYfc.exe
  2⤵
  PID:7744
- C:\Windows\System\ovlHcvM.exe
  C:\Windows\System\ovlHcvM.exe
  2⤵
  PID:7492
- C:\Windows\System\PdEFviY.exe
  C:\Windows\System\PdEFviY.exe
  2⤵
  PID:6548
- C:\Windows\System\fbJaqEN.exe
  C:\Windows\System\fbJaqEN.exe
  2⤵
  PID:6564
- C:\Windows\System\hHtMwJq.exe
  C:\Windows\System\hHtMwJq.exe
  2⤵
  PID:5236
- C:\Windows\System\bICaseq.exe
  C:\Windows\System\bICaseq.exe
  2⤵
  PID:4104
- C:\Windows\System\SYlOpuF.exe
  C:\Windows\System\SYlOpuF.exe
  2⤵
  PID:7880
- C:\Windows\System\QBMrcaU.exe
  C:\Windows\System\QBMrcaU.exe
  2⤵
  PID:7912
- C:\Windows\System\SVzyRgM.exe
  C:\Windows\System\SVzyRgM.exe
  2⤵
  PID:7940
- C:\Windows\System\AkcqcLn.exe
  C:\Windows\System\AkcqcLn.exe
  2⤵
  PID:7972
- C:\Windows\System\CAcUmZw.exe
  C:\Windows\System\CAcUmZw.exe
  2⤵
  PID:8020
- C:\Windows\System\zPNCxCs.exe
  C:\Windows\System\zPNCxCs.exe
  2⤵
  PID:8036
- C:\Windows\System\LUfEdUo.exe
  C:\Windows\System\LUfEdUo.exe
  2⤵
  PID:8128
- C:\Windows\System\llKmZqp.exe
  C:\Windows\System\llKmZqp.exe
  2⤵
  PID:7320
- C:\Windows\System\VQLMMaV.exe
  C:\Windows\System\VQLMMaV.exe
  2⤵
  PID:7356
- C:\Windows\System\WgnvrVc.exe
  C:\Windows\System\WgnvrVc.exe
  2⤵
  PID:588
- C:\Windows\System\bSUxPef.exe
  C:\Windows\System\bSUxPef.exe
  2⤵
  PID:1332
- C:\Windows\System\IeeFrPZ.exe
  C:\Windows\System\IeeFrPZ.exe
  2⤵
  PID:5744
- C:\Windows\System\PgEhwod.exe
  C:\Windows\System\PgEhwod.exe
  2⤵
  PID:1112
- C:\Windows\System\KVMZsvE.exe
  C:\Windows\System\KVMZsvE.exe
  2⤵
  PID:2972
- C:\Windows\System\EZCKMDL.exe
  C:\Windows\System\EZCKMDL.exe
  2⤵
  PID:7504
- C:\Windows\System\gyOQRju.exe
  C:\Windows\System\gyOQRju.exe
  2⤵
  PID:2844
- C:\Windows\System\asSpQyQ.exe
  C:\Windows\System\asSpQyQ.exe
  2⤵
  PID:5156
- C:\Windows\System\cLXCdrQ.exe
  C:\Windows\System\cLXCdrQ.exe
  2⤵
  PID:8176
- C:\Windows\System\zYOgCNZ.exe
  C:\Windows\System\zYOgCNZ.exe
  2⤵
  PID:7408
- C:\Windows\System\lfKYiWZ.exe
  C:\Windows\System\lfKYiWZ.exe
  2⤵
  PID:5596
- C:\Windows\System\rJIqEua.exe
  C:\Windows\System\rJIqEua.exe
  2⤵
  PID:2612
- C:\Windows\System\lbbcsho.exe
  C:\Windows\System\lbbcsho.exe
  2⤵
  PID:2284
- C:\Windows\System\kPEuHEy.exe
  C:\Windows\System\kPEuHEy.exe
  2⤵
  PID:2816
- C:\Windows\System\xhfDneh.exe
  C:\Windows\System\xhfDneh.exe
  2⤵
  PID:1996
- C:\Windows\System\BBnRInW.exe
  C:\Windows\System\BBnRInW.exe
  2⤵
  PID:7696
- C:\Windows\System\WYkasSx.exe
  C:\Windows\System\WYkasSx.exe
  2⤵
  PID:7620
- C:\Windows\System\gagBJrN.exe
  C:\Windows\System\gagBJrN.exe
  2⤵
  PID:7812
- C:\Windows\System\GAWUcGj.exe
  C:\Windows\System\GAWUcGj.exe
  2⤵
  PID:2784
- C:\Windows\System\SXZRcEt.exe
  C:\Windows\System\SXZRcEt.exe
  2⤵
  PID:1344
- C:\Windows\System\EMZnTIg.exe
  C:\Windows\System\EMZnTIg.exe
  2⤵
  PID:7240
- C:\Windows\System\AaDqBvZ.exe
  C:\Windows\System\AaDqBvZ.exe
  2⤵
  PID:7684
- C:\Windows\System\CLaQRfq.exe
  C:\Windows\System\CLaQRfq.exe
  2⤵
  PID:7552
- C:\Windows\System\HJTOXtm.exe
  C:\Windows\System\HJTOXtm.exe
  2⤵
  PID:7632
- C:\Windows\System\UeFvwRg.exe
  C:\Windows\System\UeFvwRg.exe
  2⤵
  PID:7748
- C:\Windows\System\hQcIOTY.exe
  C:\Windows\System\hQcIOTY.exe
  2⤵
  PID:7908
- C:\Windows\System\WwjYBYr.exe
  C:\Windows\System\WwjYBYr.exe
  2⤵
  PID:1552
- C:\Windows\System\FpvYLqX.exe
  C:\Windows\System\FpvYLqX.exe
  2⤵
  PID:8024
- C:\Windows\System\eTsXIaO.exe
  C:\Windows\System\eTsXIaO.exe
  2⤵
  PID:6624
- C:\Windows\System\mvJisvG.exe
  C:\Windows\System\mvJisvG.exe
  2⤵
  PID:2360
- C:\Windows\System\LyZDFEd.exe
  C:\Windows\System\LyZDFEd.exe
  2⤵
  PID:7280
- C:\Windows\System\mXguGHx.exe
  C:\Windows\System\mXguGHx.exe
  2⤵
  PID:7420
- C:\Windows\System\HenpGae.exe
  C:\Windows\System\HenpGae.exe
  2⤵
  PID:7508
- C:\Windows\System\CwwdEwq.exe
  C:\Windows\System\CwwdEwq.exe
  2⤵
  PID:1780
- C:\Windows\System\QbrFdKf.exe
  C:\Windows\System\QbrFdKf.exe
  2⤵
  PID:6340
- C:\Windows\System\DTstrFr.exe
  C:\Windows\System\DTstrFr.exe
  2⤵
  PID:2800
- C:\Windows\System\eSvNYaj.exe
  C:\Windows\System\eSvNYaj.exe
  2⤵
  PID:2652
- C:\Windows\System\SCBhJip.exe
  C:\Windows\System\SCBhJip.exe
  2⤵
  PID:7520
- C:\Windows\System\fHdNjpb.exe
  C:\Windows\System\fHdNjpb.exe
  2⤵
  PID:1744
- C:\Windows\System\PejEeGx.exe
  C:\Windows\System\PejEeGx.exe
  2⤵
  PID:7176
- C:\Windows\System\OKITBTL.exe
  C:\Windows\System\OKITBTL.exe
  2⤵
  PID:7588
- C:\Windows\System\pHuKqvt.exe
  C:\Windows\System\pHuKqvt.exe
  2⤵
  PID:7156
- C:\Windows\System\wXkCyLb.exe
  C:\Windows\System\wXkCyLb.exe
  2⤵
  PID:7260
- C:\Windows\System\VRAezmb.exe
  C:\Windows\System\VRAezmb.exe
  2⤵
  PID:7392
- C:\Windows\System\caOpzHZ.exe
  C:\Windows\System\caOpzHZ.exe
  2⤵
  PID:7404
- C:\Windows\System\mbfsePA.exe
  C:\Windows\System\mbfsePA.exe
  2⤵
  PID:2940
- C:\Windows\System\inSirsf.exe
  C:\Windows\System\inSirsf.exe
  2⤵
  PID:2764
- C:\Windows\System\hPerleW.exe
  C:\Windows\System\hPerleW.exe
  2⤵
  PID:340
- C:\Windows\System\KyokrKu.exe
  C:\Windows\System\KyokrKu.exe
  2⤵
  PID:2016
- C:\Windows\System\IDoSvjX.exe
  C:\Windows\System\IDoSvjX.exe
  2⤵
  PID:1972
- C:\Windows\System\WZBDmqA.exe
  C:\Windows\System\WZBDmqA.exe
  2⤵
  PID:1924
- C:\Windows\System\havEwQL.exe
  C:\Windows\System\havEwQL.exe
  2⤵
  PID:2344
- C:\Windows\System\CDWLexn.exe
  C:\Windows\System\CDWLexn.exe
  2⤵
  PID:6772
- C:\Windows\System\CvXnWgj.exe
  C:\Windows\System\CvXnWgj.exe
  2⤵
  PID:7076
- C:\Windows\System\STGxHHJ.exe
  C:\Windows\System\STGxHHJ.exe
  2⤵
  PID:7540
- C:\Windows\System\DIjLsxb.exe
  C:\Windows\System\DIjLsxb.exe
  2⤵
  PID:7200
- C:\Windows\System\hDeAGuJ.exe
  C:\Windows\System\hDeAGuJ.exe
  2⤵
  PID:6628
- C:\Windows\System\HzwEvlC.exe
  C:\Windows\System\HzwEvlC.exe
  2⤵
  PID:1480
- C:\Windows\System\XOpjPFP.exe
  C:\Windows\System\XOpjPFP.exe
  2⤵
  PID:7288
- C:\Windows\System\VQHeckR.exe
  C:\Windows\System\VQHeckR.exe
  2⤵
  PID:7988
- C:\Windows\System\kQmfbgc.exe
  C:\Windows\System\kQmfbgc.exe
  2⤵
  PID:2660
- C:\Windows\System\CROBgvA.exe
  C:\Windows\System\CROBgvA.exe
  2⤵
  PID:1812
- C:\Windows\System\FERUeut.exe
  C:\Windows\System\FERUeut.exe
  2⤵
  PID:2736
- C:\Windows\System\oDpHpLR.exe
  C:\Windows\System\oDpHpLR.exe
  2⤵
  PID:2716
- C:\Windows\System\QCapzYg.exe
  C:\Windows\System\QCapzYg.exe
  2⤵
  PID:8224
- C:\Windows\System\kNGIagZ.exe
  C:\Windows\System\kNGIagZ.exe
  2⤵
  PID:8240
- C:\Windows\System\hisJArN.exe
  C:\Windows\System\hisJArN.exe
  2⤵
  PID:8256
- C:\Windows\System\iwLpquM.exe
  C:\Windows\System\iwLpquM.exe
  2⤵
  PID:8272
- C:\Windows\System\UxpgovF.exe
  C:\Windows\System\UxpgovF.exe
  2⤵
  PID:8292
- C:\Windows\System\SEgyPfl.exe
  C:\Windows\System\SEgyPfl.exe
  2⤵
  PID:8312
- C:\Windows\System\AreuqTy.exe
  C:\Windows\System\AreuqTy.exe
  2⤵
  PID:8328
- C:\Windows\System\IBwexFe.exe
  C:\Windows\System\IBwexFe.exe
  2⤵
  PID:8344
- C:\Windows\System\EYcExkB.exe
  C:\Windows\System\EYcExkB.exe
  2⤵
  PID:8364
- C:\Windows\System\vXqpUVT.exe
  C:\Windows\System\vXqpUVT.exe
  2⤵
  PID:8380
- C:\Windows\System\oPbWrJl.exe
  C:\Windows\System\oPbWrJl.exe
  2⤵
  PID:8396
- C:\Windows\System\ZOGNVty.exe
  C:\Windows\System\ZOGNVty.exe
  2⤵
  PID:8416
- C:\Windows\System\doqXBpn.exe
  C:\Windows\System\doqXBpn.exe
  2⤵
  PID:8440
- C:\Windows\System\XQTdohM.exe
  C:\Windows\System\XQTdohM.exe
  2⤵
  PID:8460
- C:\Windows\System\jrzTuEL.exe
  C:\Windows\System\jrzTuEL.exe
  2⤵
  PID:8476
- C:\Windows\System\AwsadeN.exe
  C:\Windows\System\AwsadeN.exe
  2⤵
  PID:8492
- C:\Windows\System\TYmMwmB.exe
  C:\Windows\System\TYmMwmB.exe
  2⤵
  PID:8508
- C:\Windows\System\COWIgwE.exe
  C:\Windows\System\COWIgwE.exe
  2⤵
  PID:8524
- C:\Windows\System\NXhGDYk.exe
  C:\Windows\System\NXhGDYk.exe
  2⤵
  PID:8540
- C:\Windows\System\PAiQRCG.exe
  C:\Windows\System\PAiQRCG.exe
  2⤵
  PID:8556
- C:\Windows\System\MLfWVpP.exe
  C:\Windows\System\MLfWVpP.exe
  2⤵
  PID:8576
- C:\Windows\System\UueBHKd.exe
  C:\Windows\System\UueBHKd.exe
  2⤵
  PID:8592
- C:\Windows\System\ZPhJSew.exe
  C:\Windows\System\ZPhJSew.exe
  2⤵
  PID:8680
- C:\Windows\System\JSgwLlL.exe
  C:\Windows\System\JSgwLlL.exe
  2⤵
  PID:8700
- C:\Windows\System\LAIomFg.exe
  C:\Windows\System\LAIomFg.exe
  2⤵
  PID:8720
- C:\Windows\System\rRhKzwH.exe
  C:\Windows\System\rRhKzwH.exe
  2⤵
  PID:8736
- C:\Windows\System\oRRhcaG.exe
  C:\Windows\System\oRRhcaG.exe
  2⤵
  PID:8752
- C:\Windows\System\FqGRqIk.exe
  C:\Windows\System\FqGRqIk.exe
  2⤵
  PID:8768
- C:\Windows\System\WFPxGeR.exe
  C:\Windows\System\WFPxGeR.exe
  2⤵
  PID:8784
- C:\Windows\System\GCGJVNX.exe
  C:\Windows\System\GCGJVNX.exe
  2⤵
  PID:8800
- C:\Windows\System\RIMhNcy.exe
  C:\Windows\System\RIMhNcy.exe
  2⤵
  PID:8816
- C:\Windows\System\HFKIKra.exe
  C:\Windows\System\HFKIKra.exe
  2⤵
  PID:8832
- C:\Windows\System\ZOlxkHe.exe
  C:\Windows\System\ZOlxkHe.exe
  2⤵
  PID:8848
- C:\Windows\System\aPsdMLn.exe
  C:\Windows\System\aPsdMLn.exe
  2⤵
  PID:8872
- C:\Windows\System\mIxvEUf.exe
  C:\Windows\System\mIxvEUf.exe
  2⤵
  PID:8888
- C:\Windows\System\svUuVks.exe
  C:\Windows\System\svUuVks.exe
  2⤵
  PID:8912
- C:\Windows\System\ulYsfWK.exe
  C:\Windows\System\ulYsfWK.exe
  2⤵
  PID:8936
- C:\Windows\System\fhQhzfZ.exe
  C:\Windows\System\fhQhzfZ.exe
  2⤵
  PID:8952
- C:\Windows\System\HwgtgHG.exe
  C:\Windows\System\HwgtgHG.exe
  2⤵
  PID:8968
- C:\Windows\System\xIQmcij.exe
  C:\Windows\System\xIQmcij.exe
  2⤵
  PID:8984
- C:\Windows\System\CvzhgVK.exe
  C:\Windows\System\CvzhgVK.exe
  2⤵
  PID:9000
- C:\Windows\System\jcGHAuB.exe
  C:\Windows\System\jcGHAuB.exe
  2⤵
  PID:9024
- C:\Windows\System\aXeYxmt.exe
  C:\Windows\System\aXeYxmt.exe
  2⤵
  PID:9040
- C:\Windows\System\cUJnncv.exe
  C:\Windows\System\cUJnncv.exe
  2⤵
  PID:9056
- C:\Windows\System\HbHJOwa.exe
  C:\Windows\System\HbHJOwa.exe
  2⤵
  PID:9072
- C:\Windows\System\zCtZhXq.exe
  C:\Windows\System\zCtZhXq.exe
  2⤵
  PID:9088
- C:\Windows\System\eDLBJNi.exe
  C:\Windows\System\eDLBJNi.exe
  2⤵
  PID:9116
- C:\Windows\System\eYPLJFD.exe
  C:\Windows\System\eYPLJFD.exe
  2⤵
  PID:9132
- C:\Windows\System\ULNQlgC.exe
  C:\Windows\System\ULNQlgC.exe
  2⤵
  PID:9148
- C:\Windows\System\VDFmwmp.exe
  C:\Windows\System\VDFmwmp.exe
  2⤵
  PID:9164
- C:\Windows\System\myELHiG.exe
  C:\Windows\System\myELHiG.exe
  2⤵
  PID:9188
- C:\Windows\System\yyNXcKW.exe
  C:\Windows\System\yyNXcKW.exe
  2⤵
  PID:7992
- C:\Windows\System\oMLiDtL.exe
  C:\Windows\System\oMLiDtL.exe
  2⤵
  PID:6240
- C:\Windows\System\ZmgqnxB.exe
  C:\Windows\System\ZmgqnxB.exe
  2⤵
  PID:6900
- C:\Windows\System\EXufVnX.exe
  C:\Windows\System\EXufVnX.exe
  2⤵
  PID:8216
- C:\Windows\System\YBiaJrI.exe
  C:\Windows\System\YBiaJrI.exe
  2⤵
  PID:8280
- C:\Windows\System\XhvpYTb.exe
  C:\Windows\System\XhvpYTb.exe
  2⤵
  PID:8324
- C:\Windows\System\DKVNPRP.exe
  C:\Windows\System\DKVNPRP.exe
  2⤵
  PID:8388
- C:\Windows\System\kmAUSoA.exe
  C:\Windows\System\kmAUSoA.exe
  2⤵
  PID:8232
- C:\Windows\System\JzlWikP.exe
  C:\Windows\System\JzlWikP.exe
  2⤵
  PID:8436
- C:\Windows\System\IDDOSpe.exe
  C:\Windows\System\IDDOSpe.exe
  2⤵
  PID:8532
- C:\Windows\System\qtTejcx.exe
  C:\Windows\System\qtTejcx.exe
  2⤵
  PID:8336
- C:\Windows\System\xZsFRio.exe
  C:\Windows\System\xZsFRio.exe
  2⤵
  PID:8404
- C:\Windows\System\HvwIkvr.exe
  C:\Windows\System\HvwIkvr.exe
  2⤵
  PID:8456
- C:\Windows\System\jcwjTox.exe
  C:\Windows\System\jcwjTox.exe
  2⤵
  PID:8520
- C:\Windows\System\YxFEWgq.exe
  C:\Windows\System\YxFEWgq.exe
  2⤵
  PID:8564
- C:\Windows\System\wRhatvJ.exe
  C:\Windows\System\wRhatvJ.exe
  2⤵
  PID:8616
- C:\Windows\System\SHwWsuP.exe
  C:\Windows\System\SHwWsuP.exe
  2⤵
  PID:8636
- C:\Windows\System\ODRtBWZ.exe
  C:\Windows\System\ODRtBWZ.exe
  2⤵
  PID:8764
- C:\Windows\System\RWsSpMD.exe
  C:\Windows\System\RWsSpMD.exe
  2⤵
  PID:8828
- C:\Windows\System\rwvfNng.exe
  C:\Windows\System\rwvfNng.exe
  2⤵
  PID:8808
- C:\Windows\System\usMNLak.exe
  C:\Windows\System\usMNLak.exe
  2⤵
  PID:8844
- C:\Windows\System\jwhfAzr.exe
  C:\Windows\System\jwhfAzr.exe
  2⤵
  PID:8920
- C:\Windows\System\UmSsNso.exe
  C:\Windows\System\UmSsNso.exe
  2⤵
  PID:8960
- C:\Windows\System\KmSsWte.exe
  C:\Windows\System\KmSsWte.exe
  2⤵
  PID:8992
- C:\Windows\System\BfDYPea.exe
  C:\Windows\System\BfDYPea.exe
  2⤵
  PID:8900
- C:\Windows\System\QmOngsY.exe
  C:\Windows\System\QmOngsY.exe
  2⤵
  PID:8948
- C:\Windows\System\BphkBoO.exe
  C:\Windows\System\BphkBoO.exe
  2⤵
  PID:9016
- C:\Windows\System\QSUUrMD.exe
  C:\Windows\System\QSUUrMD.exe
  2⤵
  PID:9032
- C:\Windows\System\PsBaZdr.exe
  C:\Windows\System\PsBaZdr.exe
  2⤵
  PID:9080
- C:\Windows\System\afzGweN.exe
  C:\Windows\System\afzGweN.exe
  2⤵
  PID:9128
- C:\Windows\System\HLFQWcR.exe
  C:\Windows\System\HLFQWcR.exe
  2⤵
  PID:9184
- C:\Windows\System\RyDgWnN.exe
  C:\Windows\System\RyDgWnN.exe
  2⤵
  PID:9208
- C:\Windows\System\OUVsaBn.exe
  C:\Windows\System\OUVsaBn.exe
  2⤵
  PID:7440
- C:\Windows\System\EvwcBdk.exe
  C:\Windows\System\EvwcBdk.exe
  2⤵
  PID:8208
- C:\Windows\System\Chkkwvt.exe
  C:\Windows\System\Chkkwvt.exe
  2⤵
  PID:2996
- C:\Windows\System\PMsngPR.exe
  C:\Windows\System\PMsngPR.exe
  2⤵
  PID:7960
- C:\Windows\System\WHOtFVz.exe
  C:\Windows\System\WHOtFVz.exe
  2⤵
  PID:8320
- C:\Windows\System\MpWtMvH.exe
  C:\Windows\System\MpWtMvH.exe
  2⤵
  PID:8500
- C:\Windows\System\yKLSWAy.exe
  C:\Windows\System\yKLSWAy.exe
  2⤵
  PID:8552
- C:\Windows\System\stuGnCp.exe
  C:\Windows\System\stuGnCp.exe
  2⤵
  PID:8536
- C:\Windows\System\mvnvGLS.exe
  C:\Windows\System\mvnvGLS.exe
  2⤵
  PID:8180
- C:\Windows\System\GxCWHkH.exe
  C:\Windows\System\GxCWHkH.exe
  2⤵
  PID:8676
- C:\Windows\System\SQTQKEk.exe
  C:\Windows\System\SQTQKEk.exe
  2⤵
  PID:5708
- C:\Windows\System\GfkByYG.exe
  C:\Windows\System\GfkByYG.exe
  2⤵
  PID:8572
- C:\Windows\System\HDdYwzR.exe
  C:\Windows\System\HDdYwzR.exe
  2⤵
  PID:8252
- C:\Windows\System\SYOFeKP.exe
  C:\Windows\System\SYOFeKP.exe
  2⤵
  PID:8236
- C:\Windows\System\OwBrIZX.exe
  C:\Windows\System\OwBrIZX.exe
  2⤵
  PID:8600
- C:\Windows\System\uYhdXfr.exe
  C:\Windows\System\uYhdXfr.exe
  2⤵
  PID:8760
- C:\Windows\System\IZrGuwC.exe
  C:\Windows\System\IZrGuwC.exe
  2⤵
  PID:8712
- C:\Windows\System\qJJgfAr.exe
  C:\Windows\System\qJJgfAr.exe
  2⤵
  PID:8780
- C:\Windows\System\BTdVeJi.exe
  C:\Windows\System\BTdVeJi.exe
  2⤵
  PID:8996
- C:\Windows\System\ievPsQY.exe
  C:\Windows\System\ievPsQY.exe
  2⤵
  PID:8928
- C:\Windows\System\XXmSrpU.exe
  C:\Windows\System\XXmSrpU.exe
  2⤵
  PID:8728
- C:\Windows\System\ffZcHwG.exe
  C:\Windows\System\ffZcHwG.exe
  2⤵
  PID:9096
- C:\Windows\System\dNftHdb.exe
  C:\Windows\System\dNftHdb.exe
  2⤵
  PID:1396
- C:\Windows\System\uuGONLE.exe
  C:\Windows\System\uuGONLE.exe
  2⤵
  PID:8584
- C:\Windows\System\JXtgGvE.exe
  C:\Windows\System\JXtgGvE.exe
  2⤵
  PID:8484
- C:\Windows\System\mqxXVsa.exe
  C:\Windows\System\mqxXVsa.exe
  2⤵
  PID:8640
- C:\Windows\System\tsqGAQR.exe
  C:\Windows\System\tsqGAQR.exe
  2⤵
  PID:8164
- C:\Windows\System\JpcNNpb.exe
  C:\Windows\System\JpcNNpb.exe
  2⤵
  PID:8308
- C:\Windows\System\aXRGzPm.exe
  C:\Windows\System\aXRGzPm.exe
  2⤵
  PID:8748
- C:\Windows\System\zcZcSnG.exe
  C:\Windows\System\zcZcSnG.exe
  2⤵
  PID:8868
- C:\Windows\System\WhqzOoe.exe
  C:\Windows\System\WhqzOoe.exe
  2⤵
  PID:9036
- C:\Windows\System\nGNMsXA.exe
  C:\Windows\System\nGNMsXA.exe
  2⤵
  PID:9144
- C:\Windows\System\bVxGBWC.exe
  C:\Windows\System\bVxGBWC.exe
  2⤵
  PID:9176
- C:\Windows\System\mDCmxxa.exe
  C:\Windows\System\mDCmxxa.exe
  2⤵
  PID:9204
- C:\Windows\System\yVbNVOw.exe
  C:\Windows\System\yVbNVOw.exe
  2⤵
  PID:7372
- C:\Windows\System\OVgGTSj.exe
  C:\Windows\System\OVgGTSj.exe
  2⤵
  PID:8196
- C:\Windows\System\ZvycbkD.exe
  C:\Windows\System\ZvycbkD.exe
  2⤵
  PID:9160
- C:\Windows\System\eiubqOt.exe
  C:\Windows\System\eiubqOt.exe
  2⤵
  PID:8372
- C:\Windows\System\fOfMxZf.exe
  C:\Windows\System\fOfMxZf.exe
  2⤵
  PID:8792
- C:\Windows\System\rqTJMUZ.exe
  C:\Windows\System\rqTJMUZ.exe
  2⤵
  PID:8376
- C:\Windows\System\ERVZneV.exe
  C:\Windows\System\ERVZneV.exe
  2⤵
  PID:8980
- C:\Windows\System\QndwPST.exe
  C:\Windows\System\QndwPST.exe
  2⤵
  PID:8452
- C:\Windows\System\fpGrpOH.exe
  C:\Windows\System\fpGrpOH.exe
  2⤵
  PID:9104
- C:\Windows\System\MLIgBpp.exe
  C:\Windows\System\MLIgBpp.exe
  2⤵
  PID:1564
- C:\Windows\System\hgHUBKo.exe
  C:\Windows\System\hgHUBKo.exe
  2⤵
  PID:9244
- C:\Windows\System\YstpGdK.exe
  C:\Windows\System\YstpGdK.exe
  2⤵
  PID:9260
- C:\Windows\System\kacbDgh.exe
  C:\Windows\System\kacbDgh.exe
  2⤵
  PID:9280
- C:\Windows\System\kfpKisC.exe
  C:\Windows\System\kfpKisC.exe
  2⤵
  PID:9296
- C:\Windows\System\oxQmtDP.exe
  C:\Windows\System\oxQmtDP.exe
  2⤵
  PID:9312
- C:\Windows\System\EWntQws.exe
  C:\Windows\System\EWntQws.exe
  2⤵
  PID:9328
- C:\Windows\System\WbHObbW.exe
  C:\Windows\System\WbHObbW.exe
  2⤵
  PID:9344
- C:\Windows\System\mHETheV.exe
  C:\Windows\System\mHETheV.exe
  2⤵
  PID:9360
- C:\Windows\System\kPHlbTX.exe
  C:\Windows\System\kPHlbTX.exe
  2⤵
  PID:9376
- C:\Windows\System\LYMNyCV.exe
  C:\Windows\System\LYMNyCV.exe
  2⤵
  PID:9392
- C:\Windows\System\ImXmDOT.exe
  C:\Windows\System\ImXmDOT.exe
  2⤵
  PID:9408
- C:\Windows\System\BJUiWDn.exe
  C:\Windows\System\BJUiWDn.exe
  2⤵
  PID:9428
- C:\Windows\System\jPCbsso.exe
  C:\Windows\System\jPCbsso.exe
  2⤵
  PID:9444
- C:\Windows\System\zdeahCD.exe
  C:\Windows\System\zdeahCD.exe
  2⤵
  PID:9460
- C:\Windows\System\gslkZYN.exe
  C:\Windows\System\gslkZYN.exe
  2⤵
  PID:9476
- C:\Windows\System\lWVoqgy.exe
  C:\Windows\System\lWVoqgy.exe
  2⤵
  PID:9492
- C:\Windows\System\NWfcFrk.exe
  C:\Windows\System\NWfcFrk.exe
  2⤵
  PID:9508
- C:\Windows\System\XZGMDUZ.exe
  C:\Windows\System\XZGMDUZ.exe
  2⤵
  PID:9524
- C:\Windows\System\XhYjNcd.exe
  C:\Windows\System\XhYjNcd.exe
  2⤵
  PID:9540
- C:\Windows\System\LbcONik.exe
  C:\Windows\System\LbcONik.exe
  2⤵
  PID:9556
- C:\Windows\System\WnrbCJC.exe
  C:\Windows\System\WnrbCJC.exe
  2⤵
  PID:9592
- C:\Windows\System\UkzoPcQ.exe
  C:\Windows\System\UkzoPcQ.exe
  2⤵
  PID:9624
- C:\Windows\System\RjkLdxW.exe
  C:\Windows\System\RjkLdxW.exe
  2⤵
  PID:9640
- C:\Windows\System\NersbYV.exe
  C:\Windows\System\NersbYV.exe
  2⤵
  PID:9700
- C:\Windows\System\KOUzsbF.exe
  C:\Windows\System\KOUzsbF.exe
  2⤵
  PID:9728
- C:\Windows\System\CmvSuOo.exe
  C:\Windows\System\CmvSuOo.exe
  2⤵
  PID:9748
- C:\Windows\System\QldoXgr.exe
  C:\Windows\System\QldoXgr.exe
  2⤵
  PID:9764
- C:\Windows\System\Jlujdmg.exe
  C:\Windows\System\Jlujdmg.exe
  2⤵
  PID:9780
- C:\Windows\System\hOnsgTU.exe
  C:\Windows\System\hOnsgTU.exe
  2⤵
  PID:9796
- C:\Windows\System\qtfABaH.exe
  C:\Windows\System\qtfABaH.exe
  2⤵
  PID:9812
- C:\Windows\System\VtKYuEm.exe
  C:\Windows\System\VtKYuEm.exe
  2⤵
  PID:9828
- C:\Windows\System\TwxzpCN.exe
  C:\Windows\System\TwxzpCN.exe
  2⤵
  PID:9844
- C:\Windows\System\UnMLnCv.exe
  C:\Windows\System\UnMLnCv.exe
  2⤵
  PID:9860
- C:\Windows\System\fSaxTud.exe
  C:\Windows\System\fSaxTud.exe
  2⤵
  PID:9876
- C:\Windows\System\OJGrDmK.exe
  C:\Windows\System\OJGrDmK.exe
  2⤵
  PID:9892
- C:\Windows\System\zsdYlnh.exe
  C:\Windows\System\zsdYlnh.exe
  2⤵
  PID:9908
- C:\Windows\System\QHQaDKU.exe
  C:\Windows\System\QHQaDKU.exe
  2⤵
  PID:9924
- C:\Windows\System\BOOHlKj.exe
  C:\Windows\System\BOOHlKj.exe
  2⤵
  PID:9940
- C:\Windows\System\pbRFrcj.exe
  C:\Windows\System\pbRFrcj.exe
  2⤵
  PID:9956
- C:\Windows\System\JiDbhBM.exe
  C:\Windows\System\JiDbhBM.exe
  2⤵
  PID:9972
- C:\Windows\System\BPMEAYX.exe
  C:\Windows\System\BPMEAYX.exe
  2⤵
  PID:10016
- C:\Windows\System\SmSqhFv.exe
  C:\Windows\System\SmSqhFv.exe
  2⤵
  PID:10060
- C:\Windows\System\LxsGMfE.exe
  C:\Windows\System\LxsGMfE.exe
  2⤵
  PID:10080
- C:\Windows\System\AIFcUNs.exe
  C:\Windows\System\AIFcUNs.exe
  2⤵
  PID:10096
- C:\Windows\System\jUYVwsl.exe
  C:\Windows\System\jUYVwsl.exe
  2⤵
  PID:10112
- C:\Windows\System\lqsTncZ.exe
  C:\Windows\System\lqsTncZ.exe
  2⤵
  PID:10132
- C:\Windows\System\RtaMCPI.exe
  C:\Windows\System\RtaMCPI.exe
  2⤵
  PID:10148
- C:\Windows\System\Yfpsakk.exe
  C:\Windows\System\Yfpsakk.exe
  2⤵
  PID:10168
- C:\Windows\System\jPsLvJg.exe
  C:\Windows\System\jPsLvJg.exe
  2⤵
  PID:10188
- C:\Windows\System\QvUgnTH.exe
  C:\Windows\System\QvUgnTH.exe
  2⤵
  PID:10208
- C:\Windows\System\rArrGll.exe
  C:\Windows\System\rArrGll.exe
  2⤵
  PID:10224
- C:\Windows\System\OZUwIBS.exe
  C:\Windows\System\OZUwIBS.exe
  2⤵
  PID:8776
- C:\Windows\System\vIQexau.exe
  C:\Windows\System\vIQexau.exe
  2⤵
  PID:8672
- C:\Windows\System\jOsqOcb.exe
  C:\Windows\System\jOsqOcb.exe
  2⤵
  PID:8472
- C:\Windows\System\gSYkJMo.exe
  C:\Windows\System\gSYkJMo.exe
  2⤵
  PID:9012
- C:\Windows\System\MHeUEMy.exe
  C:\Windows\System\MHeUEMy.exe
  2⤵
  PID:9220
- C:\Windows\System\RLOnHEZ.exe
  C:\Windows\System\RLOnHEZ.exe
  2⤵
  PID:9236
- C:\Windows\System\HVtcnBI.exe
  C:\Windows\System\HVtcnBI.exe
  2⤵
  PID:9288
- C:\Windows\System\LLBVMgh.exe
  C:\Windows\System\LLBVMgh.exe
  2⤵
  PID:9384
- C:\Windows\System\ThTeqBP.exe
  C:\Windows\System\ThTeqBP.exe
  2⤵
  PID:9276
- C:\Windows\System\neoMTtn.exe
  C:\Windows\System\neoMTtn.exe
  2⤵
  PID:9368
- C:\Windows\System\ckIjCNu.exe
  C:\Windows\System\ckIjCNu.exe
  2⤵
  PID:9488
- C:\Windows\System\nIhhHAl.exe
  C:\Windows\System\nIhhHAl.exe
  2⤵
  PID:9456
- C:\Windows\System\vGJevnx.exe
  C:\Windows\System\vGJevnx.exe
  2⤵
  PID:9532
- C:\Windows\System\jLGJnlb.exe
  C:\Windows\System\jLGJnlb.exe
  2⤵
  PID:9564
- C:\Windows\System\PnAPxMA.exe
  C:\Windows\System\PnAPxMA.exe
  2⤵
  PID:9580
- C:\Windows\System\TowxvzP.exe
  C:\Windows\System\TowxvzP.exe
  2⤵
  PID:9612
- C:\Windows\System\ygwyWXk.exe
  C:\Windows\System\ygwyWXk.exe
  2⤵
  PID:8908
- C:\Windows\System\QTDbeds.exe
  C:\Windows\System\QTDbeds.exe
  2⤵
  PID:9660
- C:\Windows\System\ZWxKFyB.exe
  C:\Windows\System\ZWxKFyB.exe
  2⤵
  PID:9688
- C:\Windows\System\VUoWxbq.exe
  C:\Windows\System\VUoWxbq.exe
  2⤵
  PID:9712
- C:\Windows\System\NHiMPAt.exe
  C:\Windows\System\NHiMPAt.exe
  2⤵
  PID:9736
- C:\Windows\System\RMoEBDW.exe
  C:\Windows\System\RMoEBDW.exe
  2⤵
  PID:9804
- C:\Windows\System\cKCTEHY.exe
  C:\Windows\System\cKCTEHY.exe
  2⤵
  PID:9872
- C:\Windows\System\XoJhDAh.exe
  C:\Windows\System\XoJhDAh.exe
  2⤵
  PID:9964
- C:\Windows\System\tnMYddN.exe
  C:\Windows\System\tnMYddN.exe
  2⤵
  PID:9948
- C:\Windows\System\mCDGorV.exe
  C:\Windows\System\mCDGorV.exe
  2⤵
  PID:9820
- C:\Windows\System\tJzgzbN.exe
  C:\Windows\System\tJzgzbN.exe
  2⤵
  PID:9992
- C:\Windows\System\IKEfRNp.exe
  C:\Windows\System\IKEfRNp.exe
  2⤵
  PID:10004
- C:\Windows\System\CbjhGWQ.exe
  C:\Windows\System\CbjhGWQ.exe
  2⤵
  PID:10024
- C:\Windows\System\fgewowb.exe
  C:\Windows\System\fgewowb.exe
  2⤵
  PID:10160
- C:\Windows\System\tuHWaCX.exe
  C:\Windows\System\tuHWaCX.exe
  2⤵
  PID:7152
- C:\Windows\System\IFwTpvT.exe
  C:\Windows\System\IFwTpvT.exe
  2⤵
  PID:9140
- C:\Windows\System\voTdHrn.exe
  C:\Windows\System\voTdHrn.exe
  2⤵
  PID:10200
- C:\Windows\System\QlvbyOU.exe
  C:\Windows\System\QlvbyOU.exe
  2⤵
  PID:9416
- C:\Windows\System\juyienj.exe
  C:\Windows\System\juyienj.exe
  2⤵
  PID:9400
- C:\Windows\System\WALmdsA.exe
  C:\Windows\System\WALmdsA.exe
  2⤵
  PID:9504
- C:\Windows\System\CNHjVIn.exe
  C:\Windows\System\CNHjVIn.exe
  2⤵
  PID:9484
- C:\Windows\System\Gqekplr.exe
  C:\Windows\System\Gqekplr.exe
  2⤵
  PID:9620
- C:\Windows\System\KNLcPOp.exe
  C:\Windows\System\KNLcPOp.exe
  2⤵
  PID:10144
- C:\Windows\System\hNwYZyj.exe
  C:\Windows\System\hNwYZyj.exe
  2⤵
  PID:9536
- C:\Windows\System\kHEsfoE.exe
  C:\Windows\System\kHEsfoE.exe
  2⤵
  PID:1840
- C:\Windows\System\WVpxnYf.exe
  C:\Windows\System\WVpxnYf.exe
  2⤵
  PID:9352
- C:\Windows\System\xTMlEDa.exe
  C:\Windows\System\xTMlEDa.exe
  2⤵
  PID:9340
- C:\Windows\System\NVnDWKd.exe
  C:\Windows\System\NVnDWKd.exe
  2⤵
  PID:9840
- C:\Windows\System\AlmgSfG.exe
  C:\Windows\System\AlmgSfG.exe
  2⤵
  PID:9980
- C:\Windows\System\cEEfwss.exe
  C:\Windows\System\cEEfwss.exe
  2⤵
  PID:9888
- C:\Windows\System\PHZGcXQ.exe
  C:\Windows\System\PHZGcXQ.exe
  2⤵
  PID:9656
- C:\Windows\System\dUcJDfX.exe
  C:\Windows\System\dUcJDfX.exe
  2⤵
  PID:9664
- C:\Windows\System\iimezYD.exe
  C:\Windows\System\iimezYD.exe
  2⤵
  PID:9932
- C:\Windows\System\fAEbkAz.exe
  C:\Windows\System\fAEbkAz.exe
  2⤵
  PID:9920
- C:\Windows\System\MQdDIrR.exe
  C:\Windows\System\MQdDIrR.exe
  2⤵
  PID:10044
- C:\Windows\System\HzwVZIF.exe
  C:\Windows\System\HzwVZIF.exe
  2⤵
  PID:10056
- C:\Windows\System\XajdDsr.exe
  C:\Windows\System\XajdDsr.exe
  2⤵
  PID:10124
- C:\Windows\System\yNbUipd.exe
  C:\Windows\System\yNbUipd.exe
  2⤵
  PID:9588
- C:\Windows\System\mAdRvKo.exe
  C:\Windows\System\mAdRvKo.exe
  2⤵
  PID:9472
- C:\Windows\System\RVSAfwb.exe
  C:\Windows\System\RVSAfwb.exe
  2⤵
  PID:9572
- C:\Windows\System\YdjGLwE.exe
  C:\Windows\System\YdjGLwE.exe
  2⤵
  PID:9576
- C:\Windows\System\nJVCLhE.exe
  C:\Windows\System\nJVCLhE.exe
  2⤵
  PID:9436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Enarbhg.exe

Filesize
6.0MB

MD5
bfbbd11e38c8d07daa8d5e34b1d52dd1

SHA1
8f6ac1cec33a2aa8b659d14f9a4feea233928c93

SHA256
177937adb7bdcf45214de9927f2dd0a2aa540db6bf20125112f3918621c55c79

SHA512
c9cc2c07d58333c33b55477d8ca6786bc761fdfe0f7e5a3481bbb804139c6efc836b317081d8b99f7c27485bc55c3e21e85bf7979d361c4e4fa2f5d4cdfa60ac

Download Submit
C:\Windows\system\FytylKX.exe

Filesize
6.0MB

MD5
b6317678852248fbfd4fee2538e28bab

SHA1
39250f6aca714137a89c5b29e0a101ed061cc4bc

SHA256
e4bd24bdd9c4b9dc5ed98b0a83939883f31c50324d411110968dc013b1458b1a

SHA512
6347033b7ad8e94aa2f0659611679b2e9ed5d75903c29b4c75db5abdaab21fdfe4b1bed6bb1677a2c01895d2f2cb8197975a627dbc9ffeed96d93aec1822ed99

Download Submit
C:\Windows\system\IUyIYiH.exe

Filesize
6.0MB

MD5
91401927727f07edfcb776985e7ce9f7

SHA1
ba783ad289e791a3cafcecd44143578c586c0902

SHA256
e68a14da16ada44393f0af22762848658e138c3c603811d63a3574b896640f5d

SHA512
abd4dfab97136cd482f8c3e9716939ac36276981bf57e73c712b20ab510c22479e0115f9385c1e2d0a06cf0e947a4ad3ef20adfbbe5038e6884e48b47c2de36f

Download Submit
C:\Windows\system\IZkbtgi.exe

Filesize
6.0MB

MD5
8894b6c674da338643077ec59a461bb9

SHA1
b58b220db40b98c8fa7bfd1ef0027c97e9dbf2e6

SHA256
c124f8400f0ba4a17e8b39dcf12d840f215fef0b09debde27182a85cf665bab3

SHA512
cad21f0d5691452cb1156adda6dc8a6a501d7561257c04c487f5aaba42451149ed92b79651d1302db0f91221c426af6c5cf82ba65d54e9217741823fa9d119f4

Download Submit
C:\Windows\system\IsaxoHx.exe

Filesize
6.0MB

MD5
84ffd7586c3acea5dee506acb7b5f35d

SHA1
f06b6d83f80ea9bad8f13abfb335b8eec9561345

SHA256
927275cc2af03d3315d25299c6f494e2e0e161ebbe448db61cf73b13e11588ce

SHA512
b74f06eab3941d7cf85570541918c72357135915b42425dc742384dbe13c3c53024610f29ab572cb2816aa05b9967ca4b907a15ba1c1b15936a343bd8e2e76fc

Download Submit
C:\Windows\system\LMOvtEz.exe

Filesize
6.0MB

MD5
750f10ff856f0e9a19345cca7b50af59

SHA1
f7c438b337e4b7c5947d6ecec3795f634f99580f

SHA256
8f316fa113273ff3ec6724d9e1556084832c9087231184f907026fac91dfcf71

SHA512
6e59a53358f44efecc93e88872a989f47391c6562cbe474ff89039af15880e09a53471f897919454f87c16cedf5b6b6c3deaedf7a5be5b8ff36c49610d5d4260

Download Submit
C:\Windows\system\MNKIWbW.exe

Filesize
6.0MB

MD5
4247d1f2e2c36fdd1e9fb0c9b2c62da9

SHA1
d0d3ebaa8e15fa4f56b78e4ecab25038521ac7b7

SHA256
34dab1fdcfe0ef336d311346db86fdc6e8640806d5f282666ef9c5b014ee6cde

SHA512
f71251b307e3cd66501291bbb329236c91a7fd8256b9c7096d940adaa94ca0538aa6cebb20cf60471208b50f26f8d406924428ee29ce9457b47e713f9c8aedac

Download Submit
C:\Windows\system\Nkxgkxq.exe

Filesize
6.0MB

MD5
77c01692ebd24363f8eb3eac509578b4

SHA1
c3d5835b388b83dbfe04531d5e041b520a8e7cbb

SHA256
a1943ae670606bd7d3a9a1f31025bc4927165c1b8e4203708fcf6330507e5237

SHA512
cdb27a51672391a54a500e5915e5dcd27a7795389ee27ad2a2c9fcaf4cd19f8beb842c35656ed500ee13b76f2a1a0092bf8545b74958895703483efb1dd6a2cb

Download Submit
C:\Windows\system\OGWGiFb.exe

Filesize
6.0MB

MD5
3e0b58f9491acc8e166dcecbbbd14d58

SHA1
386b01c41497902296e5b969ff9ce1544fbe8d21

SHA256
2faa214066bec48f4e12827de3070e61e702e75816dbc6c607e48a8644299fd2

SHA512
010dde41775afcffef8476d591148879c1055a5e6a7cb15f17443af1e6d4da07ede3880429d212ed83ec3fb54dae03a10b175fd09f269ffe655496b595d17e10

Download Submit
C:\Windows\system\OTDDwsO.exe

Filesize
6.0MB

MD5
2e3ad9d3cf111079ca95ddeaa09e0aef

SHA1
29493af48970c53aece43c096bdfa26481444126

SHA256
da150c3c8bc32790080e987ce9a7291a8e15476d4d848ccd311731bcc9774ad3

SHA512
f6fc3c51aaab4e43ac465195e6dbe23ec5eb9be06e638bde0d9aa54b40c80aea3b534e48c525d880da04e2c61a2a274ace3d9f7e76ba96f3016f95a093adb8e6

Download Submit
C:\Windows\system\PGvKiqa.exe

Filesize
6.0MB

MD5
48b055e39d23ede883ee54e3ac79d3e4

SHA1
8117e8be6f9ce41028549eacc53f336d4a397708

SHA256
f9aedaf0acb99ea28a854ea033f790680e309416c33f5af72bee6ae530c9478a

SHA512
3c5c80219ba10e64ed63022c7f1bee32d87db0cc342db1460735d96e0fe63fe42f11f5b9fe52f5117bcb47183ec946923d47bfb411c3b5cf13221928e62ba5c0

Download Submit
C:\Windows\system\RxvbwQC.exe

Filesize
6.0MB

MD5
a4c89b2cf95d3dcddd928a66c89f3602

SHA1
54fe522113f601b9c0dadf67206e5b0ec1ec7020

SHA256
3732d052f52cfded5e1e9d56a5152087b70bda769c6d19685be11744699da4e8

SHA512
6f04d02ae1256d25a5e43e9fc7fa9275907833885476987b8d6028d49e1d16f352d0db965e6c58ee4782065c5eb9546dd99b9ea9190f3bedfd7ff7705b01cca2

Download Submit
C:\Windows\system\TcvUeZt.exe

Filesize
6.0MB

MD5
d7cfe9fa8f2551f3835d0f9f602731f4

SHA1
b4e01dbdc9d23898bb39247e2d196ebff9ed0a3a

SHA256
7fee6fcbc453402de9ababb767bdd960c80df0d2015e68ba08c9f7d2632f72dd

SHA512
a9a8533f1740ea2255dc9b970d878b4a320eb9c5605f50905d21eff07fba0623576ac905de71e12fc41036bd7ac54fc90e3900f5f9255cbb3a2a81c8089892d3

Download Submit
C:\Windows\system\XiDrpuV.exe

Filesize
6.0MB

MD5
86ba785c53a6884afa623d6e2698290e

SHA1
3d96e75b856dbc53e772e2576a6d59baf3981e35

SHA256
66dc89623e114647fb42b7d73bb2bcc569625084e9f57b730043645f6738f97f

SHA512
509aa49134a2bbe7e930455ae65b9ad099e95a50608ba2dfd8c268827fde88efbcc5e065adb0e42e8793ac4dae56c0a2aad7b348d9a1db2ed769063be5f2594e

Download Submit
C:\Windows\system\YbKhHft.exe

Filesize
6.0MB

MD5
a6ba969ae582e0f4bc02d591cf467dad

SHA1
33f0fa30cadb32fe960c1abe7779c242501fb032

SHA256
4bb94544d0de44c6c1e123e4618ac7f0917d55e7e5e433ed0b7ab4a3f0947736

SHA512
137351959f2bde96c042d8fd636d6e5387843d6b9dfb7539710faa5760ae9565a5d43795c3b7cc3e1c5f3b7afeb6ef98607cd9593c1714a20f6f1ed5ae7a9498

Download Submit
C:\Windows\system\ckqGUwK.exe

Filesize
6.0MB

MD5
d29250af0bcc7ee58c9124b61854dd3b

SHA1
509e6faf4d8605ec705630d2332be4d18fa3a739

SHA256
16aec5ce85181daa9e50a2743b6303285d3f5ed2532531f5712730113671ddf5

SHA512
08422d79684e8c8b8e035ba5833f57cf3bf17e88bc0c4dda04863d4dbc491e49b62eb33fb027c5b6822e1e9c8f1f8cacd1ea68fe6d26e10aec8a1aed5c7d2bdb

Download Submit
C:\Windows\system\dAYhqqM.exe

Filesize
6.0MB

MD5
bbe00ffafff61e182bd24be57c145621

SHA1
90190de5000061a2bc3e314f614d31c925145d88

SHA256
94deb764df831a6f6c1b61ecc6908244ad5a782b6020dadc3f8fdbd398571204

SHA512
547ca67d14628087b08fc2e321935953a7f310f25eddf3efc449c3aac1461e31ffd272e9f5ab0c3ab1daa5808a87d47e8fe2d58ba872caf8a278cd6f01304371

Download Submit
C:\Windows\system\dlWUqsc.exe

Filesize
6.0MB

MD5
360068766b87ad7debba4811dd5b71df

SHA1
298b8a83976f11c1b0712d7e2c3910e16e83744b

SHA256
2aa580695159501d2a8274079d44d0d657cd00e956b05f0893a1659f39df9ef1

SHA512
a0d9f47cda117ab5362b9af76f99bb81b9f8f6ea4fa4dc2a8cf379e1400154a232657fd1bca9f909fcc87e0ebfd7e970c7b2e0afee9a3c01ddd8b09fa949764b

Download Submit
C:\Windows\system\jqFpJAk.exe

Filesize
6.0MB

MD5
2e85a633af4e005635a1e3dd999d53ef

SHA1
a85fe15a2d7d748082594fadc4ce27ab7a7c611b

SHA256
de07cd90833f5dd387b028fb15291ce7aa555674c4d2acb3633db3fe78186c1f

SHA512
f4a4d6a06d0d73eddf0a5f35be618d095c2b7d7e36f6cd64cc28d00c3e0c30fecc1e06c9b85a3751fed3cea39a46cf7d256ef996a26b3985e77d9fe2cb80267a

Download Submit
C:\Windows\system\nRQwvct.exe

Filesize
6.0MB

MD5
c6efc53b25e900b3a0603e8a0652099f

SHA1
50e23bbe764611f961a12f4967e6d9d90efc5f2a

SHA256
27d9b143df65c4b3b913e97df8e73e5f86258d44c4c3e62de84a78e68c328298

SHA512
ebadbe4d695cb8fe1bd310638a5e5493df84918570d0651eb1a21558bbcfbc0ecc4b650f9cff779a81ddb091426ba7798f0ebf3cf010d490e93d28aadacaf3ea

Download Submit
C:\Windows\system\ounelxB.exe

Filesize
6.0MB

MD5
27966f553e52242692e1b0dd299715fa

SHA1
3aaf76db4eb8c48d0b7d7da47d10849c1540fd43

SHA256
8182cc1fd09f4db711938e1a2a4f000d72e1c0d3fe545cd4a29d1e6449ed8c43

SHA512
f5957561e37369a55201db0ede51f50409bc3ee92d711ed8b09763e95e54a338da33ce4ecc9d78faeee4c5cd962724556572c8353933f80efacd6194ffbb3110

Download Submit
C:\Windows\system\tTlODOL.exe

Filesize
6.0MB

MD5
bff6ddef9b83edff70f36984a78205c6

SHA1
b41ffd606c36ed372456f6d9886762a82cededdc

SHA256
cf6c1b7be4c4137f9a4d4a39d2debb85db4de3802968ca614e03c56be94ead2a

SHA512
5d5a2aa13f450e7f839b3a3c7bf0243d92c95abf85eb509102c14c71f1420b0d5611ad54bf53075ac90b550d8bd9f0ef1b616119fa2517e6e41a4908c47231a9

Download Submit
C:\Windows\system\zqMADVc.exe

Filesize
6.0MB

MD5
5a2bf870514af344d6dc3b4acbfd6556

SHA1
b3126081776fa1af2cfd87b73b8ff336458d56c5

SHA256
f145d5def79030b3f56c2c98aba5c32264b8264682196b776bb24dc5c7ce57b5

SHA512
016b26f6b94737d0b076e4f1710c1c450743fd6f9e073344aaf571de253f8d70a9d7870e506eac277f971fadba18f3a9e7b2b42bded1ccdaa395f0bdd172ad7e

Download Submit
\Windows\system\FgTjVDN.exe

Filesize
6.0MB

MD5
4384139817842626b4ff1907631377f3

SHA1
bd1237d164999de291e1402b2a3b3e2edfcdca8f

SHA256
d555774b7544e187b8ceb863cd72383da2ce97d110d3d6375d25a1f3e87cb2f0

SHA512
c32c1001532fd25a839c6e6641c0714cd94e5c94b9b14c3a146ddac9e12ffc872646feb16a5fc9d596663796c0e07064c9616348ef70f399afe7034cee7783f8

Download Submit
\Windows\system\ILgDcER.exe

Filesize
6.0MB

MD5
e05c2de25381bae10c19513a1c2e1efa

SHA1
931069473778f91e8004e068fab50ba7ef8c9bfa

SHA256
fb734dcbd8e932d2ad19a099487238f0249690fca3395c1bd7181b7f7bcd0363

SHA512
9be2fec22d903ca5cef6622d5b7a702e338cb0811958d74be16ec270b08644829c31f33b347fe1e7f6a9ddddcbde87ddf7565eaf29c0396a75a1d7eb4989f6ec

Download Submit
\Windows\system\LerOAxM.exe

Filesize
6.0MB

MD5
d2dd9de646b0c16473c0f7f9f14347f4

SHA1
dc9ba0e606468a7b2a6db2985ad53dac2e02c69e

SHA256
ddf597fb91c75aa6720bf7033796322bc6e7fa87b52e9aebca9e2293b1c6c4bc

SHA512
ee12df3d535216f08f26568d96cc0aaeeec4532e9e83e80663fe857d3f0cc4130dd99b6466495104e95b4227a21c74eedc30b017a8d3c1b24b6444421d87b6cb

Download Submit
\Windows\system\RezjTab.exe

Filesize
6.0MB

MD5
ac1675c39f297ab354b696cd5621768d

SHA1
858e40ec6e6f50f3d819167e8d5a165e5bbaad04

SHA256
79f85eb2764df613f86d55d467dea0fd945d13af35c9211ea2691dbc8730d4b7

SHA512
bb2e966befa35c0d2b5014e383e938d5ea48710a7ee9d52162a6c17fe186079e983e35d87108cafc6c9847e0e9374404cda83812b20138ddb873127ab36abed8

Download Submit
\Windows\system\SwFTqoA.exe

Filesize
6.0MB

MD5
f69fdf2fd842fdbce6b82c9f1c5dab55

SHA1
f5128cce27b7b0912cd58866c8788e3a33d75f47

SHA256
8db178a8b6b08cb8eb166364f171064e85c63b627c3fda75c2f103e7e832dc79

SHA512
c2ca9462f471f87184c46a60600a3fba9c0fe921b358a92da4185d2023228ed906cc4b753123f65bf6571d29ab28e2b56f2cfbacdffb958f3ec2a712d2d5dd0b

Download Submit
\Windows\system\aAkMQhZ.exe

Filesize
6.0MB

MD5
8ae25d7ef27186161fff25bd7de4b196

SHA1
b0f1ea2af53a923a36dd5b3114af2e6c1d410280

SHA256
c605ec17b2c379f400f6969a0129e3e3d7247c111efb1bbd0345d98e7b5ea392

SHA512
4e7a12b2bfa0c32d5b4293b20eb6568c94ad43d3bae5af32b5fd81fbda60f618e54117147424875c7b5d170775d5f1596aef6e18e2c0ded4537bb0873b6117f6

Download Submit
\Windows\system\bFNoEGF.exe

Filesize
6.0MB

MD5
d3a55d23da9b36aacda6e049e76512b8

SHA1
a6f6f91b01afdc564010c4f3d34f9cc3d4ebd7e2

SHA256
99e4b1045fbc5b888ec82aae0d6530d193261b5ad81c6ffbc4a2b96ecbc8f7b7

SHA512
14f1d73ddfba528a2ff26f97c618608b78d2d5b5a8bfab28e0596db5a63e336ec9905dc0e44149b7a009bf487701dd336501923baaf8387973437ea41121e660

Download Submit
\Windows\system\bIRxWev.exe

Filesize
6.0MB

MD5
cc74bcf736e78693a4ef759fe1f66cf7

SHA1
1f0ba6cfd9bbb288d272189a41c28f513d92379b

SHA256
92b65935a5da401a0b575b3ca7f2d79182f5754c04e8d5654a921d0ebf6783b9

SHA512
9fd4739be99d6117983d82d23cce164632854be33dfbd67c8138b669015d57a438f6b0df9735fa17c53bd25cb8a401841806a2f7f99bf04d94659462c8144f65

Download Submit
\Windows\system\cwTTvHW.exe

Filesize
6.0MB

MD5
e2f965589a7874608fb45e04318aa608

SHA1
262ea65d994637d9be6d466f886f0d4903cba700

SHA256
9aeed7c67f700c70db57049808113f204a5d2d84373e34b2d7b84d6bce19176d

SHA512
802042d6cef35d2b2922d40950a0a6a86f530c220ca628789b8571ea9a566e3232272681495b791435f9572e6ba372232ce48cae3673832205d4967c0eeac730

Download Submit
\Windows\system\ibMmBuY.exe

Filesize
6.0MB

MD5
601e5b4453685e177e776921aba5110c

SHA1
83a2f696a3c0cd6d6baa5a3beb573c049d9e3509

SHA256
4d1e932ebf5e81cfa23531f4ed7c1f772e00cd169ff3b944d09acd0853c1c523

SHA512
e1a1f0126dacd6866532f28efae07f271d1ac45201e80a838daf5255263197ec2bf6773b20290e457303e3c9d7aee1f16e6f86298a1837760a875e9fbe416352

Download Submit
\Windows\system\vQofEHv.exe

Filesize
6.0MB

MD5
b2b6c976e3f14322d373e01075ba8d30

SHA1
0e859faab261d812c83a50a817151f054539a67f

SHA256
ff93a568a0a9a8b2ba0683dc07146efcf2f13e24693ac1b5593e82305ea02767

SHA512
a6a2d2ddf70d3202c99cf5b754fcf22d03a8751e786f3548588d30b7793a2c9b4841c2b262e63f65b8968b725daea6da6e16adbcf1ea1b0ba8ca7bb595d61754

Download Submit
\Windows\system\xakYPKB.exe

Filesize
6.0MB

MD5
c1d34f8655b9b2399d4219a222152e83

SHA1
1adce6cb598422ea3b077e41de598d514d444d6a

SHA256
142dc582497e337ec7a64579968446e15abcc66a4e3c1f162ec24e0ab5f6bd21

SHA512
77b7a54deba28a930e72d1057278010ac98290c5bdea15bd2e19f3c952f8a608f4ee2f67897f04932e9a0895fa847243611e3b36fdccb9dbe8bdd478fcc822dd

Download Submit
memory/1692-3579-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1692-14-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3689-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2204-22-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2204-134-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2420-29-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3711-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2420-258-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2468-35-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3678-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-349-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-3583-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2528-16-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2628-132-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3633-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2644-114-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3664-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2732-105-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3662-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2888-54-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3661-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2904-964-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-10-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2904-135-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-39-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2904-128-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2904-779-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-41-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2904-136-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2904-91-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2904-20-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1055-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-74-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2904-65-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-50-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1054-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-133-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-34-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-28-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-966-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-15-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2904-965-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2904-0-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2904-81-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-782-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-106-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-883-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2904-124-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2904-882-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3624-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/3064-40-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/3064-590-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download