cobaltstrike | ee5fdaa8c9eb5165b9f3e85cfae7b79af6c92d97633381f01dc1678fea2d2837

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7e173926369b3ec20af2a5d9cf170c24
SHA1

0ac9495bde954630ae82985b9bae76c1332e049d
SHA256

ee5fdaa8c9eb5165b9f3e85cfae7b79af6c92d97633381f01dc1678fea2d2837
SHA512

205f37758ffe866f235b8f61d890e9cf77f0a5193b7c453944642287c73a17fd9903eecb90c6f1e864cc8d0feab010a28a71c897330b0e9d97087e1735cbcbc0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\XsnyXFr.exe	cobalt_reflective_dll
C:\Windows\system\KtwrIhi.exe	cobalt_reflective_dll
C:\Windows\system\hVCazLM.exe	cobalt_reflective_dll
C:\Windows\system\FHvFplf.exe	cobalt_reflective_dll
\Windows\system\HEdQdVN.exe	cobalt_reflective_dll
C:\Windows\system\JSTIHDk.exe	cobalt_reflective_dll
\Windows\system\AeeEXUv.exe	cobalt_reflective_dll
C:\Windows\system\UKfHjcu.exe	cobalt_reflective_dll
\Windows\system\vmFHGfo.exe	cobalt_reflective_dll
C:\Windows\system\MfAcYRa.exe	cobalt_reflective_dll
C:\Windows\system\HoTBpRC.exe	cobalt_reflective_dll
\Windows\system\NJtQuxm.exe	cobalt_reflective_dll
C:\Windows\system\bdasuzw.exe	cobalt_reflective_dll
C:\Windows\system\dnbLNCL.exe	cobalt_reflective_dll
\Windows\system\RvLXeog.exe	cobalt_reflective_dll
C:\Windows\system\PDGdgcs.exe	cobalt_reflective_dll
\Windows\system\FmtNOnb.exe	cobalt_reflective_dll
C:\Windows\system\IhGdEBZ.exe	cobalt_reflective_dll
C:\Windows\system\ONZpcyy.exe	cobalt_reflective_dll
\Windows\system\SaurDTv.exe	cobalt_reflective_dll
C:\Windows\system\BDxyMcz.exe	cobalt_reflective_dll
C:\Windows\system\jRkpCyv.exe	cobalt_reflective_dll
\Windows\system\INKpjvr.exe	cobalt_reflective_dll
C:\Windows\system\fvvwral.exe	cobalt_reflective_dll
C:\Windows\system\ZuYPUIg.exe	cobalt_reflective_dll
C:\Windows\system\aRkduVo.exe	cobalt_reflective_dll
C:\Windows\system\cnTYlQJ.exe	cobalt_reflective_dll
C:\Windows\system\IYurxTE.exe	cobalt_reflective_dll
C:\Windows\system\EEaMcoh.exe	cobalt_reflective_dll
C:\Windows\system\vOjJcpx.exe	cobalt_reflective_dll
C:\Windows\system\nkBqAnb.exe	cobalt_reflective_dll
\Windows\system\IbNXChT.exe	cobalt_reflective_dll
C:\Windows\system\RfWTYId.exe	cobalt_reflective_dll
C:\Windows\system\SoQNPkp.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2368-0-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
\Windows\system\XsnyXFr.exe	xmrig
C:\Windows\system\KtwrIhi.exe	xmrig
behavioral1/memory/1708-26-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
C:\Windows\system\hVCazLM.exe	xmrig
C:\Windows\system\FHvFplf.exe	xmrig
\Windows\system\HEdQdVN.exe	xmrig
C:\Windows\system\JSTIHDk.exe	xmrig
\Windows\system\AeeEXUv.exe	xmrig
behavioral1/memory/2760-794-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2368-1638-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2176-1480-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2672-1311-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2648-795-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2836-657-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/1708-380-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
C:\Windows\system\UKfHjcu.exe	xmrig
\Windows\system\vmFHGfo.exe	xmrig
C:\Windows\system\MfAcYRa.exe	xmrig
C:\Windows\system\HoTBpRC.exe	xmrig
\Windows\system\NJtQuxm.exe	xmrig
C:\Windows\system\bdasuzw.exe	xmrig
C:\Windows\system\dnbLNCL.exe	xmrig
\Windows\system\RvLXeog.exe	xmrig
C:\Windows\system\PDGdgcs.exe	xmrig
\Windows\system\FmtNOnb.exe	xmrig
C:\Windows\system\IhGdEBZ.exe	xmrig
C:\Windows\system\ONZpcyy.exe	xmrig
\Windows\system\SaurDTv.exe	xmrig
behavioral1/memory/2648-79-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
C:\Windows\system\BDxyMcz.exe	xmrig
C:\Windows\system\jRkpCyv.exe	xmrig
behavioral1/memory/2532-43-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
\Windows\system\INKpjvr.exe	xmrig
behavioral1/memory/2408-35-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
C:\Windows\system\fvvwral.exe	xmrig
C:\Windows\system\ZuYPUIg.exe	xmrig
C:\Windows\system\aRkduVo.exe	xmrig
C:\Windows\system\cnTYlQJ.exe	xmrig
C:\Windows\system\IYurxTE.exe	xmrig
behavioral1/memory/2176-109-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
C:\Windows\system\EEaMcoh.exe	xmrig
behavioral1/memory/2672-91-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2368-83-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
C:\Windows\system\vOjJcpx.exe	xmrig
behavioral1/memory/2760-72-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2368-60-0x0000000002280000-0x00000000025D4000-memory.dmp	xmrig
behavioral1/memory/2836-59-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2704-58-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
C:\Windows\system\nkBqAnb.exe	xmrig
\Windows\system\IbNXChT.exe	xmrig
behavioral1/memory/2368-50-0x0000000002280000-0x00000000025D4000-memory.dmp	xmrig
behavioral1/memory/872-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
C:\Windows\system\RfWTYId.exe	xmrig
C:\Windows\system\SoQNPkp.exe	xmrig
behavioral1/memory/1728-8-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2532-3968-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2836-3970-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2704-3977-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2176-3978-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1708-3994-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/872-4055-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2408-3976-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1728-3975-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

XsnyXFr.exeSoQNPkp.exeFHvFplf.exehVCazLM.exeKtwrIhi.exeRfWTYId.exenkBqAnb.exeIbNXChT.exevOjJcpx.exeONZpcyy.exeIhGdEBZ.exeEEaMcoh.exeIYurxTE.execnTYlQJ.exeaRkduVo.exePDGdgcs.exeZuYPUIg.exeINKpjvr.exeHEdQdVN.exednbLNCL.exebdasuzw.exefvvwral.exeSaurDTv.exeHoTBpRC.exeMfAcYRa.exejRkpCyv.exeFmtNOnb.exeUKfHjcu.exeJSTIHDk.exeBDxyMcz.exeRvLXeog.exeNJtQuxm.exevmFHGfo.exedrEWFJL.exeAeeEXUv.exePlcZCrp.exeyqgjeTa.exeKtgamkS.exeLDalbrO.exeWLsXSpl.exeaWKGjSf.exeDRSZsGD.exemKzgWGw.exeXXbgMTn.exeWIfUTpz.exeRiMyXVD.exejmiDQjS.exeaHMduPA.exeqhHvujS.exeiPivyDT.exeXDzlGOl.exezDBSvWw.exenyAIGls.exehSibbuw.exeKwxLHUm.exehmOAlVG.exeWzVozLk.exeEWzChVM.exePGIXHrY.exejXzEzTz.exeZdpKewt.exedxIbzGG.exeiZehXKP.exeiqhjwYJ.exe

pid	process
1728	XsnyXFr.exe
1708	SoQNPkp.exe
2532	FHvFplf.exe
2408	hVCazLM.exe
872	KtwrIhi.exe
2704	RfWTYId.exe
2836	nkBqAnb.exe
2760	IbNXChT.exe
2648	vOjJcpx.exe
2672	ONZpcyy.exe
2176	IhGdEBZ.exe
1540	EEaMcoh.exe
2980	IYurxTE.exe
2688	cnTYlQJ.exe
1620	aRkduVo.exe
2280	PDGdgcs.exe
2276	ZuYPUIg.exe
2812	INKpjvr.exe
2868	HEdQdVN.exe
772	dnbLNCL.exe
2612	bdasuzw.exe
2560	fvvwral.exe
1224	SaurDTv.exe
2028	HoTBpRC.exe
2888	MfAcYRa.exe
1688	jRkpCyv.exe
2896	FmtNOnb.exe
2960	UKfHjcu.exe
1476	JSTIHDk.exe
1532	BDxyMcz.exe
1356	RvLXeog.exe
884	NJtQuxm.exe
1456	vmFHGfo.exe
2580	drEWFJL.exe
2464	AeeEXUv.exe
1632	PlcZCrp.exe
1460	yqgjeTa.exe
952	KtgamkS.exe
2056	LDalbrO.exe
1316	WLsXSpl.exe
1008	aWKGjSf.exe
1400	DRSZsGD.exe
1668	mKzgWGw.exe
2416	XXbgMTn.exe
572	WIfUTpz.exe
2032	RiMyXVD.exe
1860	jmiDQjS.exe
2068	aHMduPA.exe
1424	qhHvujS.exe
1512	iPivyDT.exe
2476	XDzlGOl.exe
2396	zDBSvWw.exe
1840	nyAIGls.exe
2692	hSibbuw.exe
1564	KwxLHUm.exe
2588	hmOAlVG.exe
1996	WzVozLk.exe
2500	EWzChVM.exe
1204	PGIXHrY.exe
1964	jXzEzTz.exe
824	ZdpKewt.exe
1752	dxIbzGG.exe
2220	iZehXKP.exe
2744	iqhjwYJ.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2368-0-0x000000013F620000-0x000000013F974000-memory.dmp	upx
\Windows\system\XsnyXFr.exe	upx
C:\Windows\system\KtwrIhi.exe	upx
behavioral1/memory/1708-26-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
C:\Windows\system\hVCazLM.exe	upx
C:\Windows\system\FHvFplf.exe	upx
\Windows\system\HEdQdVN.exe	upx
C:\Windows\system\JSTIHDk.exe	upx
\Windows\system\AeeEXUv.exe	upx
behavioral1/memory/2760-794-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2176-1480-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2672-1311-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2648-795-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2836-657-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/1708-380-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
C:\Windows\system\UKfHjcu.exe	upx
\Windows\system\vmFHGfo.exe	upx
C:\Windows\system\MfAcYRa.exe	upx
C:\Windows\system\HoTBpRC.exe	upx
\Windows\system\NJtQuxm.exe	upx
C:\Windows\system\bdasuzw.exe	upx
C:\Windows\system\dnbLNCL.exe	upx
\Windows\system\RvLXeog.exe	upx
C:\Windows\system\PDGdgcs.exe	upx
\Windows\system\FmtNOnb.exe	upx
C:\Windows\system\IhGdEBZ.exe	upx
C:\Windows\system\ONZpcyy.exe	upx
\Windows\system\SaurDTv.exe	upx
behavioral1/memory/2648-79-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
C:\Windows\system\BDxyMcz.exe	upx
C:\Windows\system\jRkpCyv.exe	upx
behavioral1/memory/2532-43-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
\Windows\system\INKpjvr.exe	upx
behavioral1/memory/2408-35-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
C:\Windows\system\fvvwral.exe	upx
C:\Windows\system\ZuYPUIg.exe	upx
C:\Windows\system\aRkduVo.exe	upx
C:\Windows\system\cnTYlQJ.exe	upx
C:\Windows\system\IYurxTE.exe	upx
behavioral1/memory/2176-109-0x000000013F040000-0x000000013F394000-memory.dmp	upx
C:\Windows\system\EEaMcoh.exe	upx
behavioral1/memory/2672-91-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2368-83-0x000000013F620000-0x000000013F974000-memory.dmp	upx
C:\Windows\system\vOjJcpx.exe	upx
behavioral1/memory/2760-72-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2836-59-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2704-58-0x000000013F410000-0x000000013F764000-memory.dmp	upx
C:\Windows\system\nkBqAnb.exe	upx
\Windows\system\IbNXChT.exe	upx
behavioral1/memory/872-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
C:\Windows\system\RfWTYId.exe	upx
C:\Windows\system\SoQNPkp.exe	upx
behavioral1/memory/1728-8-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2532-3968-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2836-3970-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2704-3977-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2176-3978-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1708-3994-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/872-4055-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2408-3976-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/1728-3975-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2648-3972-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2672-3971-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2760-3969-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\hMBqNvy.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVxUeHV.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZnhTwT.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBlJmOf.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqYQcLv.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciKFuPG.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRmZQiF.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFHzHUW.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgCbJQI.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvmWTbT.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMhHeqt.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlfCJHD.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOkNuJt.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QoggVoP.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwnVkuu.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJPjZiY.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\falLUhD.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpOTycl.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYdUirk.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDOSCQE.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wokPAGK.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtjbWYh.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlJNTag.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRZFoRC.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikkhJfH.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJFVrGu.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhRmRjl.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJqHIyM.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iexIuPs.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHwYrXI.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmKcNtm.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWODSvq.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfwSPQj.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqhOUEF.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqMlEwl.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRPNdKr.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHGOXsE.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOzoLTP.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSidcgR.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYxlEbz.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzVozLk.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuuyNfp.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLCDUXP.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDsiLqO.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eImNJzr.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvjVYQE.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLPFvHV.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBQotTA.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDxqroG.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDEgYpG.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKYUEJu.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSCCuLo.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kolivsR.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikxMVnT.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAZnaEk.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRSZsGD.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYCHuAz.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVkxGDX.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\illYuzr.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnOOlLY.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEyPRTp.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esKvmih.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjaICcW.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeVFEAO.exe	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2368 wrote to memory of 1728	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	XsnyXFr.exe
PID 2368 wrote to memory of 1728	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	XsnyXFr.exe
PID 2368 wrote to memory of 1728	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	XsnyXFr.exe
PID 2368 wrote to memory of 1708	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	SoQNPkp.exe
PID 2368 wrote to memory of 1708	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	SoQNPkp.exe
PID 2368 wrote to memory of 1708	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	SoQNPkp.exe
PID 2368 wrote to memory of 2532	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	FHvFplf.exe
PID 2368 wrote to memory of 2532	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	FHvFplf.exe
PID 2368 wrote to memory of 2532	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	FHvFplf.exe
PID 2368 wrote to memory of 872	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	KtwrIhi.exe
PID 2368 wrote to memory of 872	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	KtwrIhi.exe
PID 2368 wrote to memory of 872	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	KtwrIhi.exe
PID 2368 wrote to memory of 2408	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	hVCazLM.exe
PID 2368 wrote to memory of 2408	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	hVCazLM.exe
PID 2368 wrote to memory of 2408	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	hVCazLM.exe
PID 2368 wrote to memory of 2280	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	PDGdgcs.exe
PID 2368 wrote to memory of 2280	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	PDGdgcs.exe
PID 2368 wrote to memory of 2280	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	PDGdgcs.exe
PID 2368 wrote to memory of 2704	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	RfWTYId.exe
PID 2368 wrote to memory of 2704	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	RfWTYId.exe
PID 2368 wrote to memory of 2704	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	RfWTYId.exe
PID 2368 wrote to memory of 2812	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	INKpjvr.exe
PID 2368 wrote to memory of 2812	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	INKpjvr.exe
PID 2368 wrote to memory of 2812	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	INKpjvr.exe
PID 2368 wrote to memory of 2836	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	nkBqAnb.exe
PID 2368 wrote to memory of 2836	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	nkBqAnb.exe
PID 2368 wrote to memory of 2836	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	nkBqAnb.exe
PID 2368 wrote to memory of 2868	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	HEdQdVN.exe
PID 2368 wrote to memory of 2868	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	HEdQdVN.exe
PID 2368 wrote to memory of 2868	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	HEdQdVN.exe
PID 2368 wrote to memory of 2760	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IbNXChT.exe
PID 2368 wrote to memory of 2760	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IbNXChT.exe
PID 2368 wrote to memory of 2760	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IbNXChT.exe
PID 2368 wrote to memory of 772	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	dnbLNCL.exe
PID 2368 wrote to memory of 772	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	dnbLNCL.exe
PID 2368 wrote to memory of 772	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	dnbLNCL.exe
PID 2368 wrote to memory of 2648	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	vOjJcpx.exe
PID 2368 wrote to memory of 2648	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	vOjJcpx.exe
PID 2368 wrote to memory of 2648	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	vOjJcpx.exe
PID 2368 wrote to memory of 2612	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	bdasuzw.exe
PID 2368 wrote to memory of 2612	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	bdasuzw.exe
PID 2368 wrote to memory of 2612	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	bdasuzw.exe
PID 2368 wrote to memory of 2672	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	ONZpcyy.exe
PID 2368 wrote to memory of 2672	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	ONZpcyy.exe
PID 2368 wrote to memory of 2672	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	ONZpcyy.exe
PID 2368 wrote to memory of 1224	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	SaurDTv.exe
PID 2368 wrote to memory of 1224	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	SaurDTv.exe
PID 2368 wrote to memory of 1224	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	SaurDTv.exe
PID 2368 wrote to memory of 2176	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IhGdEBZ.exe
PID 2368 wrote to memory of 2176	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IhGdEBZ.exe
PID 2368 wrote to memory of 2176	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IhGdEBZ.exe
PID 2368 wrote to memory of 2028	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	HoTBpRC.exe
PID 2368 wrote to memory of 2028	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	HoTBpRC.exe
PID 2368 wrote to memory of 2028	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	HoTBpRC.exe
PID 2368 wrote to memory of 1540	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	EEaMcoh.exe
PID 2368 wrote to memory of 1540	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	EEaMcoh.exe
PID 2368 wrote to memory of 1540	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	EEaMcoh.exe
PID 2368 wrote to memory of 2888	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	MfAcYRa.exe
PID 2368 wrote to memory of 2888	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	MfAcYRa.exe
PID 2368 wrote to memory of 2888	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	MfAcYRa.exe
PID 2368 wrote to memory of 2980	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IYurxTE.exe
PID 2368 wrote to memory of 2980	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IYurxTE.exe
PID 2368 wrote to memory of 2980	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	IYurxTE.exe
PID 2368 wrote to memory of 2896	2368	2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe	FmtNOnb.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-24_7e173926369b3ec20af2a5d9cf170c24_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\System\XsnyXFr.exe
  C:\Windows\System\XsnyXFr.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\SoQNPkp.exe
  C:\Windows\System\SoQNPkp.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\FHvFplf.exe
  C:\Windows\System\FHvFplf.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\KtwrIhi.exe
  C:\Windows\System\KtwrIhi.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\hVCazLM.exe
  C:\Windows\System\hVCazLM.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\PDGdgcs.exe
  C:\Windows\System\PDGdgcs.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\RfWTYId.exe
  C:\Windows\System\RfWTYId.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\INKpjvr.exe
  C:\Windows\System\INKpjvr.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\nkBqAnb.exe
  C:\Windows\System\nkBqAnb.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\HEdQdVN.exe
  C:\Windows\System\HEdQdVN.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\IbNXChT.exe
  C:\Windows\System\IbNXChT.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\dnbLNCL.exe
  C:\Windows\System\dnbLNCL.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\vOjJcpx.exe
  C:\Windows\System\vOjJcpx.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\bdasuzw.exe
  C:\Windows\System\bdasuzw.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\ONZpcyy.exe
  C:\Windows\System\ONZpcyy.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\SaurDTv.exe
  C:\Windows\System\SaurDTv.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\IhGdEBZ.exe
  C:\Windows\System\IhGdEBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\HoTBpRC.exe
  C:\Windows\System\HoTBpRC.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\EEaMcoh.exe
  C:\Windows\System\EEaMcoh.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\MfAcYRa.exe
  C:\Windows\System\MfAcYRa.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\IYurxTE.exe
  C:\Windows\System\IYurxTE.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\FmtNOnb.exe
  C:\Windows\System\FmtNOnb.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\cnTYlQJ.exe
  C:\Windows\System\cnTYlQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\UKfHjcu.exe
  C:\Windows\System\UKfHjcu.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\aRkduVo.exe
  C:\Windows\System\aRkduVo.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\JSTIHDk.exe
  C:\Windows\System\JSTIHDk.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\ZuYPUIg.exe
  C:\Windows\System\ZuYPUIg.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\RvLXeog.exe
  C:\Windows\System\RvLXeog.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\fvvwral.exe
  C:\Windows\System\fvvwral.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\NJtQuxm.exe
  C:\Windows\System\NJtQuxm.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\jRkpCyv.exe
  C:\Windows\System\jRkpCyv.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\vmFHGfo.exe
  C:\Windows\System\vmFHGfo.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\BDxyMcz.exe
  C:\Windows\System\BDxyMcz.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\AeeEXUv.exe
  C:\Windows\System\AeeEXUv.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\drEWFJL.exe
  C:\Windows\System\drEWFJL.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\PlcZCrp.exe
  C:\Windows\System\PlcZCrp.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\yqgjeTa.exe
  C:\Windows\System\yqgjeTa.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\KtgamkS.exe
  C:\Windows\System\KtgamkS.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\LDalbrO.exe
  C:\Windows\System\LDalbrO.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\WLsXSpl.exe
  C:\Windows\System\WLsXSpl.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\aWKGjSf.exe
  C:\Windows\System\aWKGjSf.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\DRSZsGD.exe
  C:\Windows\System\DRSZsGD.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\mKzgWGw.exe
  C:\Windows\System\mKzgWGw.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\XXbgMTn.exe
  C:\Windows\System\XXbgMTn.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\WIfUTpz.exe
  C:\Windows\System\WIfUTpz.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\RiMyXVD.exe
  C:\Windows\System\RiMyXVD.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\jmiDQjS.exe
  C:\Windows\System\jmiDQjS.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\qhHvujS.exe
  C:\Windows\System\qhHvujS.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\aHMduPA.exe
  C:\Windows\System\aHMduPA.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\XDzlGOl.exe
  C:\Windows\System\XDzlGOl.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\iPivyDT.exe
  C:\Windows\System\iPivyDT.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\zDBSvWw.exe
  C:\Windows\System\zDBSvWw.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\nyAIGls.exe
  C:\Windows\System\nyAIGls.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\EWzChVM.exe
  C:\Windows\System\EWzChVM.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\hSibbuw.exe
  C:\Windows\System\hSibbuw.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\PGIXHrY.exe
  C:\Windows\System\PGIXHrY.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\KwxLHUm.exe
  C:\Windows\System\KwxLHUm.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\jXzEzTz.exe
  C:\Windows\System\jXzEzTz.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\hmOAlVG.exe
  C:\Windows\System\hmOAlVG.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\dxIbzGG.exe
  C:\Windows\System\dxIbzGG.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\WzVozLk.exe
  C:\Windows\System\WzVozLk.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\iZehXKP.exe
  C:\Windows\System\iZehXKP.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\ZdpKewt.exe
  C:\Windows\System\ZdpKewt.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\iqhjwYJ.exe
  C:\Windows\System\iqhjwYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\JIdmAVJ.exe
  C:\Windows\System\JIdmAVJ.exe
  2⤵
  PID:1880
- C:\Windows\System\doZDxPc.exe
  C:\Windows\System\doZDxPc.exe
  2⤵
  PID:2652
- C:\Windows\System\UQDWFVG.exe
  C:\Windows\System\UQDWFVG.exe
  2⤵
  PID:2988
- C:\Windows\System\WElnKWB.exe
  C:\Windows\System\WElnKWB.exe
  2⤵
  PID:1448
- C:\Windows\System\tOuyiGd.exe
  C:\Windows\System\tOuyiGd.exe
  2⤵
  PID:2504
- C:\Windows\System\XUvHKNa.exe
  C:\Windows\System\XUvHKNa.exe
  2⤵
  PID:848
- C:\Windows\System\uNLAkTN.exe
  C:\Windows\System\uNLAkTN.exe
  2⤵
  PID:440
- C:\Windows\System\dYCHuAz.exe
  C:\Windows\System\dYCHuAz.exe
  2⤵
  PID:1228
- C:\Windows\System\ofttSSF.exe
  C:\Windows\System\ofttSSF.exe
  2⤵
  PID:1652
- C:\Windows\System\vvmWTbT.exe
  C:\Windows\System\vvmWTbT.exe
  2⤵
  PID:1212
- C:\Windows\System\OOGzIWi.exe
  C:\Windows\System\OOGzIWi.exe
  2⤵
  PID:1140
- C:\Windows\System\nIHJhRE.exe
  C:\Windows\System\nIHJhRE.exe
  2⤵
  PID:1500
- C:\Windows\System\UfIPItY.exe
  C:\Windows\System\UfIPItY.exe
  2⤵
  PID:2456
- C:\Windows\System\JdEcfOp.exe
  C:\Windows\System\JdEcfOp.exe
  2⤵
  PID:272
- C:\Windows\System\dIOGXal.exe
  C:\Windows\System\dIOGXal.exe
  2⤵
  PID:2244
- C:\Windows\System\eOqHKgJ.exe
  C:\Windows\System\eOqHKgJ.exe
  2⤵
  PID:268
- C:\Windows\System\YYNDtXW.exe
  C:\Windows\System\YYNDtXW.exe
  2⤵
  PID:340
- C:\Windows\System\HyqqXso.exe
  C:\Windows\System\HyqqXso.exe
  2⤵
  PID:1976
- C:\Windows\System\ZlPeqyN.exe
  C:\Windows\System\ZlPeqyN.exe
  2⤵
  PID:1520
- C:\Windows\System\xPeXzqW.exe
  C:\Windows\System\xPeXzqW.exe
  2⤵
  PID:1560
- C:\Windows\System\qxIqjWb.exe
  C:\Windows\System\qxIqjWb.exe
  2⤵
  PID:2932
- C:\Windows\System\rOpVcCh.exe
  C:\Windows\System\rOpVcCh.exe
  2⤵
  PID:1796
- C:\Windows\System\JNsQBqd.exe
  C:\Windows\System\JNsQBqd.exe
  2⤵
  PID:2780
- C:\Windows\System\kLupWCR.exe
  C:\Windows\System\kLupWCR.exe
  2⤵
  PID:2872
- C:\Windows\System\fxzykPh.exe
  C:\Windows\System\fxzykPh.exe
  2⤵
  PID:344
- C:\Windows\System\yLLmCZy.exe
  C:\Windows\System\yLLmCZy.exe
  2⤵
  PID:2716
- C:\Windows\System\QUGQfCH.exe
  C:\Windows\System\QUGQfCH.exe
  2⤵
  PID:1640
- C:\Windows\System\rtfoXik.exe
  C:\Windows\System\rtfoXik.exe
  2⤵
  PID:1344
- C:\Windows\System\vfOynik.exe
  C:\Windows\System\vfOynik.exe
  2⤵
  PID:2908
- C:\Windows\System\AxvKYDE.exe
  C:\Windows\System\AxvKYDE.exe
  2⤵
  PID:2004
- C:\Windows\System\dIPQUXF.exe
  C:\Windows\System\dIPQUXF.exe
  2⤵
  PID:1208
- C:\Windows\System\SiWKMwI.exe
  C:\Windows\System\SiWKMwI.exe
  2⤵
  PID:3084
- C:\Windows\System\eYxnaCQ.exe
  C:\Windows\System\eYxnaCQ.exe
  2⤵
  PID:3100
- C:\Windows\System\dEqkeWX.exe
  C:\Windows\System\dEqkeWX.exe
  2⤵
  PID:3116
- C:\Windows\System\iKPJXLm.exe
  C:\Windows\System\iKPJXLm.exe
  2⤵
  PID:3140
- C:\Windows\System\vwgBRCz.exe
  C:\Windows\System\vwgBRCz.exe
  2⤵
  PID:3164
- C:\Windows\System\dqBjZHR.exe
  C:\Windows\System\dqBjZHR.exe
  2⤵
  PID:3184
- C:\Windows\System\BbsJNiE.exe
  C:\Windows\System\BbsJNiE.exe
  2⤵
  PID:3204
- C:\Windows\System\mIsxuyI.exe
  C:\Windows\System\mIsxuyI.exe
  2⤵
  PID:3224
- C:\Windows\System\nwAoHdR.exe
  C:\Windows\System\nwAoHdR.exe
  2⤵
  PID:3244
- C:\Windows\System\xotskgi.exe
  C:\Windows\System\xotskgi.exe
  2⤵
  PID:3264
- C:\Windows\System\yXkmasb.exe
  C:\Windows\System\yXkmasb.exe
  2⤵
  PID:3284
- C:\Windows\System\XxScQYV.exe
  C:\Windows\System\XxScQYV.exe
  2⤵
  PID:3304
- C:\Windows\System\jPMNTqt.exe
  C:\Windows\System\jPMNTqt.exe
  2⤵
  PID:3324
- C:\Windows\System\ggbcpwH.exe
  C:\Windows\System\ggbcpwH.exe
  2⤵
  PID:3344
- C:\Windows\System\RwDBfES.exe
  C:\Windows\System\RwDBfES.exe
  2⤵
  PID:3364
- C:\Windows\System\WitpLAE.exe
  C:\Windows\System\WitpLAE.exe
  2⤵
  PID:3384
- C:\Windows\System\BsUSmZC.exe
  C:\Windows\System\BsUSmZC.exe
  2⤵
  PID:3404
- C:\Windows\System\SHOksiU.exe
  C:\Windows\System\SHOksiU.exe
  2⤵
  PID:3424
- C:\Windows\System\fnxQtMA.exe
  C:\Windows\System\fnxQtMA.exe
  2⤵
  PID:3444
- C:\Windows\System\MeSLCPH.exe
  C:\Windows\System\MeSLCPH.exe
  2⤵
  PID:3464
- C:\Windows\System\kbZuUUz.exe
  C:\Windows\System\kbZuUUz.exe
  2⤵
  PID:3484
- C:\Windows\System\ZPbDEEd.exe
  C:\Windows\System\ZPbDEEd.exe
  2⤵
  PID:3504
- C:\Windows\System\SLFzrdx.exe
  C:\Windows\System\SLFzrdx.exe
  2⤵
  PID:3520
- C:\Windows\System\YfLKnMh.exe
  C:\Windows\System\YfLKnMh.exe
  2⤵
  PID:3544
- C:\Windows\System\bcOrkUA.exe
  C:\Windows\System\bcOrkUA.exe
  2⤵
  PID:3564
- C:\Windows\System\tbcYYGF.exe
  C:\Windows\System\tbcYYGF.exe
  2⤵
  PID:3584
- C:\Windows\System\SYsuWCb.exe
  C:\Windows\System\SYsuWCb.exe
  2⤵
  PID:3604
- C:\Windows\System\ywEpFQb.exe
  C:\Windows\System\ywEpFQb.exe
  2⤵
  PID:3624
- C:\Windows\System\EhweOEg.exe
  C:\Windows\System\EhweOEg.exe
  2⤵
  PID:3644
- C:\Windows\System\IRPNdKr.exe
  C:\Windows\System\IRPNdKr.exe
  2⤵
  PID:3664
- C:\Windows\System\SzsTwLp.exe
  C:\Windows\System\SzsTwLp.exe
  2⤵
  PID:3684
- C:\Windows\System\LwrKdfy.exe
  C:\Windows\System\LwrKdfy.exe
  2⤵
  PID:3704
- C:\Windows\System\rxcWOhs.exe
  C:\Windows\System\rxcWOhs.exe
  2⤵
  PID:3724
- C:\Windows\System\SKrVbkR.exe
  C:\Windows\System\SKrVbkR.exe
  2⤵
  PID:3744
- C:\Windows\System\DYUAqok.exe
  C:\Windows\System\DYUAqok.exe
  2⤵
  PID:3764
- C:\Windows\System\ekRyNxJ.exe
  C:\Windows\System\ekRyNxJ.exe
  2⤵
  PID:3784
- C:\Windows\System\yPTBGur.exe
  C:\Windows\System\yPTBGur.exe
  2⤵
  PID:3804
- C:\Windows\System\OWxyNuP.exe
  C:\Windows\System\OWxyNuP.exe
  2⤵
  PID:3824
- C:\Windows\System\CvmsWxn.exe
  C:\Windows\System\CvmsWxn.exe
  2⤵
  PID:3844
- C:\Windows\System\LARaaVo.exe
  C:\Windows\System\LARaaVo.exe
  2⤵
  PID:3864
- C:\Windows\System\SiNdFLc.exe
  C:\Windows\System\SiNdFLc.exe
  2⤵
  PID:3884
- C:\Windows\System\RAcmeoJ.exe
  C:\Windows\System\RAcmeoJ.exe
  2⤵
  PID:3904
- C:\Windows\System\hpSntNe.exe
  C:\Windows\System\hpSntNe.exe
  2⤵
  PID:3924
- C:\Windows\System\moqLusK.exe
  C:\Windows\System\moqLusK.exe
  2⤵
  PID:3944
- C:\Windows\System\gLERrHX.exe
  C:\Windows\System\gLERrHX.exe
  2⤵
  PID:3964
- C:\Windows\System\OgcVUyk.exe
  C:\Windows\System\OgcVUyk.exe
  2⤵
  PID:3984
- C:\Windows\System\wKbembC.exe
  C:\Windows\System\wKbembC.exe
  2⤵
  PID:4004
- C:\Windows\System\oQQucJm.exe
  C:\Windows\System\oQQucJm.exe
  2⤵
  PID:4024
- C:\Windows\System\nkNSRWr.exe
  C:\Windows\System\nkNSRWr.exe
  2⤵
  PID:4044
- C:\Windows\System\MNtHTkd.exe
  C:\Windows\System\MNtHTkd.exe
  2⤵
  PID:4064
- C:\Windows\System\jTAEgdM.exe
  C:\Windows\System\jTAEgdM.exe
  2⤵
  PID:4084
- C:\Windows\System\ApaJcpC.exe
  C:\Windows\System\ApaJcpC.exe
  2⤵
  PID:2152
- C:\Windows\System\GAYoxiQ.exe
  C:\Windows\System\GAYoxiQ.exe
  2⤵
  PID:2140
- C:\Windows\System\CKkBpKi.exe
  C:\Windows\System\CKkBpKi.exe
  2⤵
  PID:1396
- C:\Windows\System\lYBvjAZ.exe
  C:\Windows\System\lYBvjAZ.exe
  2⤵
  PID:1528
- C:\Windows\System\KEtxQHs.exe
  C:\Windows\System\KEtxQHs.exe
  2⤵
  PID:1612
- C:\Windows\System\RnUYVNx.exe
  C:\Windows\System\RnUYVNx.exe
  2⤵
  PID:2472
- C:\Windows\System\YaeSgUV.exe
  C:\Windows\System\YaeSgUV.exe
  2⤵
  PID:1852
- C:\Windows\System\EkOcRtx.exe
  C:\Windows\System\EkOcRtx.exe
  2⤵
  PID:2348
- C:\Windows\System\kBlJmOf.exe
  C:\Windows\System\kBlJmOf.exe
  2⤵
  PID:2844
- C:\Windows\System\NEvOxHf.exe
  C:\Windows\System\NEvOxHf.exe
  2⤵
  PID:2020
- C:\Windows\System\RNQMXvH.exe
  C:\Windows\System\RNQMXvH.exe
  2⤵
  PID:2632
- C:\Windows\System\GaJncXk.exe
  C:\Windows\System\GaJncXk.exe
  2⤵
  PID:2156
- C:\Windows\System\LzPhEMR.exe
  C:\Windows\System\LzPhEMR.exe
  2⤵
  PID:1280
- C:\Windows\System\CRvwSxN.exe
  C:\Windows\System\CRvwSxN.exe
  2⤵
  PID:832
- C:\Windows\System\bWxDSPw.exe
  C:\Windows\System\bWxDSPw.exe
  2⤵
  PID:3096
- C:\Windows\System\PxgLtRo.exe
  C:\Windows\System\PxgLtRo.exe
  2⤵
  PID:3132
- C:\Windows\System\QTBjlzS.exe
  C:\Windows\System\QTBjlzS.exe
  2⤵
  PID:3176
- C:\Windows\System\TBQotTA.exe
  C:\Windows\System\TBQotTA.exe
  2⤵
  PID:3220
- C:\Windows\System\dddLbAN.exe
  C:\Windows\System\dddLbAN.exe
  2⤵
  PID:3252
- C:\Windows\System\otFrCEp.exe
  C:\Windows\System\otFrCEp.exe
  2⤵
  PID:3292
- C:\Windows\System\YZOHbgJ.exe
  C:\Windows\System\YZOHbgJ.exe
  2⤵
  PID:3316
- C:\Windows\System\WDSAITr.exe
  C:\Windows\System\WDSAITr.exe
  2⤵
  PID:3336
- C:\Windows\System\kUiQuef.exe
  C:\Windows\System\kUiQuef.exe
  2⤵
  PID:3392
- C:\Windows\System\TpNXoiM.exe
  C:\Windows\System\TpNXoiM.exe
  2⤵
  PID:3420
- C:\Windows\System\FPXAKjr.exe
  C:\Windows\System\FPXAKjr.exe
  2⤵
  PID:3460
- C:\Windows\System\nclsAYZ.exe
  C:\Windows\System\nclsAYZ.exe
  2⤵
  PID:3512
- C:\Windows\System\DuGlGvk.exe
  C:\Windows\System\DuGlGvk.exe
  2⤵
  PID:3552
- C:\Windows\System\JTGatNs.exe
  C:\Windows\System\JTGatNs.exe
  2⤵
  PID:3536
- C:\Windows\System\VnVNAdw.exe
  C:\Windows\System\VnVNAdw.exe
  2⤵
  PID:3600
- C:\Windows\System\JGYehMD.exe
  C:\Windows\System\JGYehMD.exe
  2⤵
  PID:3640
- C:\Windows\System\ygwBLFC.exe
  C:\Windows\System\ygwBLFC.exe
  2⤵
  PID:3660
- C:\Windows\System\cKnMrnT.exe
  C:\Windows\System\cKnMrnT.exe
  2⤵
  PID:3692
- C:\Windows\System\oTxcClp.exe
  C:\Windows\System\oTxcClp.exe
  2⤵
  PID:3716
- C:\Windows\System\INhhOuk.exe
  C:\Windows\System\INhhOuk.exe
  2⤵
  PID:3740
- C:\Windows\System\PTJCpEP.exe
  C:\Windows\System\PTJCpEP.exe
  2⤵
  PID:3792
- C:\Windows\System\UNIOfNc.exe
  C:\Windows\System\UNIOfNc.exe
  2⤵
  PID:3812
- C:\Windows\System\OwMiAFS.exe
  C:\Windows\System\OwMiAFS.exe
  2⤵
  PID:3860
- C:\Windows\System\JqfHdCI.exe
  C:\Windows\System\JqfHdCI.exe
  2⤵
  PID:3892
- C:\Windows\System\QyHDGGC.exe
  C:\Windows\System\QyHDGGC.exe
  2⤵
  PID:3916
- C:\Windows\System\DAZRdew.exe
  C:\Windows\System\DAZRdew.exe
  2⤵
  PID:3960
- C:\Windows\System\hABWjUt.exe
  C:\Windows\System\hABWjUt.exe
  2⤵
  PID:3976
- C:\Windows\System\ojkLzsc.exe
  C:\Windows\System\ojkLzsc.exe
  2⤵
  PID:4040
- C:\Windows\System\qhVdKdX.exe
  C:\Windows\System\qhVdKdX.exe
  2⤵
  PID:4052
- C:\Windows\System\yXvmqbr.exe
  C:\Windows\System\yXvmqbr.exe
  2⤵
  PID:2272
- C:\Windows\System\BJRApWB.exe
  C:\Windows\System\BJRApWB.exe
  2⤵
  PID:752
- C:\Windows\System\WoiksfX.exe
  C:\Windows\System\WoiksfX.exe
  2⤵
  PID:2480
- C:\Windows\System\GclGMzs.exe
  C:\Windows\System\GclGMzs.exe
  2⤵
  PID:2796
- C:\Windows\System\WuSGCJR.exe
  C:\Windows\System\WuSGCJR.exe
  2⤵
  PID:2860
- C:\Windows\System\ZDiHcfe.exe
  C:\Windows\System\ZDiHcfe.exe
  2⤵
  PID:2000
- C:\Windows\System\RYqxjVX.exe
  C:\Windows\System\RYqxjVX.exe
  2⤵
  PID:2964
- C:\Windows\System\ZhyuwEU.exe
  C:\Windows\System\ZhyuwEU.exe
  2⤵
  PID:1868
- C:\Windows\System\ECZSYIj.exe
  C:\Windows\System\ECZSYIj.exe
  2⤵
  PID:3128
- C:\Windows\System\boHHOje.exe
  C:\Windows\System\boHHOje.exe
  2⤵
  PID:3152
- C:\Windows\System\CnfwDvt.exe
  C:\Windows\System\CnfwDvt.exe
  2⤵
  PID:3196
- C:\Windows\System\qWRVrBU.exe
  C:\Windows\System\qWRVrBU.exe
  2⤵
  PID:3276
- C:\Windows\System\gCUIiMZ.exe
  C:\Windows\System\gCUIiMZ.exe
  2⤵
  PID:3340
- C:\Windows\System\fNJPcIm.exe
  C:\Windows\System\fNJPcIm.exe
  2⤵
  PID:3376
- C:\Windows\System\OrynqYM.exe
  C:\Windows\System\OrynqYM.exe
  2⤵
  PID:3472
- C:\Windows\System\StynMkt.exe
  C:\Windows\System\StynMkt.exe
  2⤵
  PID:3528
- C:\Windows\System\GcrXXEF.exe
  C:\Windows\System\GcrXXEF.exe
  2⤵
  PID:3576
- C:\Windows\System\COGXKkO.exe
  C:\Windows\System\COGXKkO.exe
  2⤵
  PID:3592
- C:\Windows\System\rRqiMmr.exe
  C:\Windows\System\rRqiMmr.exe
  2⤵
  PID:3616
- C:\Windows\System\fveNvxm.exe
  C:\Windows\System\fveNvxm.exe
  2⤵
  PID:3712
- C:\Windows\System\OjxBMbv.exe
  C:\Windows\System\OjxBMbv.exe
  2⤵
  PID:3796
- C:\Windows\System\JooUdyH.exe
  C:\Windows\System\JooUdyH.exe
  2⤵
  PID:3876
- C:\Windows\System\DCOwTBF.exe
  C:\Windows\System\DCOwTBF.exe
  2⤵
  PID:3912
- C:\Windows\System\gqvwiqK.exe
  C:\Windows\System\gqvwiqK.exe
  2⤵
  PID:3940
- C:\Windows\System\HraDwVn.exe
  C:\Windows\System\HraDwVn.exe
  2⤵
  PID:4012
- C:\Windows\System\iAakYMO.exe
  C:\Windows\System\iAakYMO.exe
  2⤵
  PID:4104
- C:\Windows\System\ASkerti.exe
  C:\Windows\System\ASkerti.exe
  2⤵
  PID:4124
- C:\Windows\System\tMlLuwU.exe
  C:\Windows\System\tMlLuwU.exe
  2⤵
  PID:4144
- C:\Windows\System\cQgzHyQ.exe
  C:\Windows\System\cQgzHyQ.exe
  2⤵
  PID:4164
- C:\Windows\System\FpkXRKr.exe
  C:\Windows\System\FpkXRKr.exe
  2⤵
  PID:4184
- C:\Windows\System\CRELtLM.exe
  C:\Windows\System\CRELtLM.exe
  2⤵
  PID:4204
- C:\Windows\System\kvRPbtb.exe
  C:\Windows\System\kvRPbtb.exe
  2⤵
  PID:4224
- C:\Windows\System\IxwBprm.exe
  C:\Windows\System\IxwBprm.exe
  2⤵
  PID:4244
- C:\Windows\System\QoggVoP.exe
  C:\Windows\System\QoggVoP.exe
  2⤵
  PID:4264
- C:\Windows\System\gzWfYMG.exe
  C:\Windows\System\gzWfYMG.exe
  2⤵
  PID:4284
- C:\Windows\System\vdytATe.exe
  C:\Windows\System\vdytATe.exe
  2⤵
  PID:4304
- C:\Windows\System\jpufDpx.exe
  C:\Windows\System\jpufDpx.exe
  2⤵
  PID:4324
- C:\Windows\System\QAGHaPT.exe
  C:\Windows\System\QAGHaPT.exe
  2⤵
  PID:4344
- C:\Windows\System\GCJVIQX.exe
  C:\Windows\System\GCJVIQX.exe
  2⤵
  PID:4364
- C:\Windows\System\LcAnGyB.exe
  C:\Windows\System\LcAnGyB.exe
  2⤵
  PID:4384
- C:\Windows\System\HeOXYtQ.exe
  C:\Windows\System\HeOXYtQ.exe
  2⤵
  PID:4404
- C:\Windows\System\OLRXyJQ.exe
  C:\Windows\System\OLRXyJQ.exe
  2⤵
  PID:4424
- C:\Windows\System\GuHsYxM.exe
  C:\Windows\System\GuHsYxM.exe
  2⤵
  PID:4444
- C:\Windows\System\HUGrKKw.exe
  C:\Windows\System\HUGrKKw.exe
  2⤵
  PID:4476
- C:\Windows\System\JWlhpPB.exe
  C:\Windows\System\JWlhpPB.exe
  2⤵
  PID:4496
- C:\Windows\System\pLXQnTu.exe
  C:\Windows\System\pLXQnTu.exe
  2⤵
  PID:4516
- C:\Windows\System\WDHVCZk.exe
  C:\Windows\System\WDHVCZk.exe
  2⤵
  PID:4532
- C:\Windows\System\YkfVknF.exe
  C:\Windows\System\YkfVknF.exe
  2⤵
  PID:4552
- C:\Windows\System\hoehVtc.exe
  C:\Windows\System\hoehVtc.exe
  2⤵
  PID:4568
- C:\Windows\System\PVmcXNo.exe
  C:\Windows\System\PVmcXNo.exe
  2⤵
  PID:4588
- C:\Windows\System\EjjpfYF.exe
  C:\Windows\System\EjjpfYF.exe
  2⤵
  PID:4608
- C:\Windows\System\NjzEIrv.exe
  C:\Windows\System\NjzEIrv.exe
  2⤵
  PID:4628
- C:\Windows\System\HQPgmcw.exe
  C:\Windows\System\HQPgmcw.exe
  2⤵
  PID:4644
- C:\Windows\System\hLWhNMO.exe
  C:\Windows\System\hLWhNMO.exe
  2⤵
  PID:4668
- C:\Windows\System\xUOhiex.exe
  C:\Windows\System\xUOhiex.exe
  2⤵
  PID:4684
- C:\Windows\System\QuBZvZJ.exe
  C:\Windows\System\QuBZvZJ.exe
  2⤵
  PID:4708
- C:\Windows\System\llAfFzi.exe
  C:\Windows\System\llAfFzi.exe
  2⤵
  PID:4724
- C:\Windows\System\MLOBLtM.exe
  C:\Windows\System\MLOBLtM.exe
  2⤵
  PID:4748
- C:\Windows\System\tujMVAd.exe
  C:\Windows\System\tujMVAd.exe
  2⤵
  PID:4764
- C:\Windows\System\rnbrHpu.exe
  C:\Windows\System\rnbrHpu.exe
  2⤵
  PID:4784
- C:\Windows\System\mcMLPPG.exe
  C:\Windows\System\mcMLPPG.exe
  2⤵
  PID:4800
- C:\Windows\System\dEZnedQ.exe
  C:\Windows\System\dEZnedQ.exe
  2⤵
  PID:4824
- C:\Windows\System\vCyHSsT.exe
  C:\Windows\System\vCyHSsT.exe
  2⤵
  PID:4840
- C:\Windows\System\bNJdkiD.exe
  C:\Windows\System\bNJdkiD.exe
  2⤵
  PID:4864
- C:\Windows\System\yomgqyn.exe
  C:\Windows\System\yomgqyn.exe
  2⤵
  PID:4880
- C:\Windows\System\eqYQcLv.exe
  C:\Windows\System\eqYQcLv.exe
  2⤵
  PID:4900
- C:\Windows\System\LWWrBbr.exe
  C:\Windows\System\LWWrBbr.exe
  2⤵
  PID:4916
- C:\Windows\System\SkMMCUW.exe
  C:\Windows\System\SkMMCUW.exe
  2⤵
  PID:4944
- C:\Windows\System\qcPTvIv.exe
  C:\Windows\System\qcPTvIv.exe
  2⤵
  PID:4960
- C:\Windows\System\WByRDjv.exe
  C:\Windows\System\WByRDjv.exe
  2⤵
  PID:4980
- C:\Windows\System\gLlnubC.exe
  C:\Windows\System\gLlnubC.exe
  2⤵
  PID:5000
- C:\Windows\System\KDPyFzH.exe
  C:\Windows\System\KDPyFzH.exe
  2⤵
  PID:5024
- C:\Windows\System\HHoLPme.exe
  C:\Windows\System\HHoLPme.exe
  2⤵
  PID:5044
- C:\Windows\System\npGGTkn.exe
  C:\Windows\System\npGGTkn.exe
  2⤵
  PID:5060
- C:\Windows\System\LgTWtkM.exe
  C:\Windows\System\LgTWtkM.exe
  2⤵
  PID:5076
- C:\Windows\System\XVuqZZi.exe
  C:\Windows\System\XVuqZZi.exe
  2⤵
  PID:5100
- C:\Windows\System\NzAiPtJ.exe
  C:\Windows\System\NzAiPtJ.exe
  2⤵
  PID:5116
- C:\Windows\System\dKSMRov.exe
  C:\Windows\System\dKSMRov.exe
  2⤵
  PID:2700
- C:\Windows\System\ywRvzpJ.exe
  C:\Windows\System\ywRvzpJ.exe
  2⤵
  PID:688
- C:\Windows\System\AIOmzHy.exe
  C:\Windows\System\AIOmzHy.exe
  2⤵
  PID:2168
- C:\Windows\System\HfgNKIS.exe
  C:\Windows\System\HfgNKIS.exe
  2⤵
  PID:1608
- C:\Windows\System\UstvZBB.exe
  C:\Windows\System\UstvZBB.exe
  2⤵
  PID:1848
- C:\Windows\System\kGaJOav.exe
  C:\Windows\System\kGaJOav.exe
  2⤵
  PID:3212
- C:\Windows\System\XqAiZIr.exe
  C:\Windows\System\XqAiZIr.exe
  2⤵
  PID:3312
- C:\Windows\System\ibAfICo.exe
  C:\Windows\System\ibAfICo.exe
  2⤵
  PID:3412
- C:\Windows\System\DSIoyzt.exe
  C:\Windows\System\DSIoyzt.exe
  2⤵
  PID:3436
- C:\Windows\System\veWZwbk.exe
  C:\Windows\System\veWZwbk.exe
  2⤵
  PID:3572
- C:\Windows\System\HddTrUL.exe
  C:\Windows\System\HddTrUL.exe
  2⤵
  PID:3756
- C:\Windows\System\YrYmCRk.exe
  C:\Windows\System\YrYmCRk.exe
  2⤵
  PID:3880
- C:\Windows\System\KexWeHO.exe
  C:\Windows\System\KexWeHO.exe
  2⤵
  PID:3760
- C:\Windows\System\MwrBtbX.exe
  C:\Windows\System\MwrBtbX.exe
  2⤵
  PID:3920
- C:\Windows\System\psVThHJ.exe
  C:\Windows\System\psVThHJ.exe
  2⤵
  PID:4120
- C:\Windows\System\NjEdhoE.exe
  C:\Windows\System\NjEdhoE.exe
  2⤵
  PID:4156
- C:\Windows\System\EUVojgU.exe
  C:\Windows\System\EUVojgU.exe
  2⤵
  PID:4192
- C:\Windows\System\uiadKWU.exe
  C:\Windows\System\uiadKWU.exe
  2⤵
  PID:4240
- C:\Windows\System\hYUFuwL.exe
  C:\Windows\System\hYUFuwL.exe
  2⤵
  PID:4180
- C:\Windows\System\RUgyUpb.exe
  C:\Windows\System\RUgyUpb.exe
  2⤵
  PID:4316
- C:\Windows\System\dShZkXg.exe
  C:\Windows\System\dShZkXg.exe
  2⤵
  PID:4220
- C:\Windows\System\bQPWJUE.exe
  C:\Windows\System\bQPWJUE.exe
  2⤵
  PID:4256
- C:\Windows\System\LRQYfSD.exe
  C:\Windows\System\LRQYfSD.exe
  2⤵
  PID:4440
- C:\Windows\System\wopLtuP.exe
  C:\Windows\System\wopLtuP.exe
  2⤵
  PID:4340
- C:\Windows\System\qwFWTNs.exe
  C:\Windows\System\qwFWTNs.exe
  2⤵
  PID:4484
- C:\Windows\System\tZCtAIt.exe
  C:\Windows\System\tZCtAIt.exe
  2⤵
  PID:4528
- C:\Windows\System\vOCzvRa.exe
  C:\Windows\System\vOCzvRa.exe
  2⤵
  PID:4564
- C:\Windows\System\FDEgYpG.exe
  C:\Windows\System\FDEgYpG.exe
  2⤵
  PID:4680
- C:\Windows\System\IjMVWSu.exe
  C:\Windows\System\IjMVWSu.exe
  2⤵
  PID:4756
- C:\Windows\System\UsPtYRT.exe
  C:\Windows\System\UsPtYRT.exe
  2⤵
  PID:4504
- C:\Windows\System\dOEnomH.exe
  C:\Windows\System\dOEnomH.exe
  2⤵
  PID:4876
- C:\Windows\System\FGvuScf.exe
  C:\Windows\System\FGvuScf.exe
  2⤵
  PID:4576
- C:\Windows\System\zHuhZAF.exe
  C:\Windows\System\zHuhZAF.exe
  2⤵
  PID:4956
- C:\Windows\System\UjydKsS.exe
  C:\Windows\System\UjydKsS.exe
  2⤵
  PID:4620
- C:\Windows\System\XhHmxFi.exe
  C:\Windows\System\XhHmxFi.exe
  2⤵
  PID:4664
- C:\Windows\System\sJrCqlL.exe
  C:\Windows\System\sJrCqlL.exe
  2⤵
  PID:5036
- C:\Windows\System\VozUUIV.exe
  C:\Windows\System\VozUUIV.exe
  2⤵
  PID:4736
- C:\Windows\System\DjsFVJT.exe
  C:\Windows\System\DjsFVJT.exe
  2⤵
  PID:4772
- C:\Windows\System\sKThaoC.exe
  C:\Windows\System\sKThaoC.exe
  2⤵
  PID:4816
- C:\Windows\System\klBvsZl.exe
  C:\Windows\System\klBvsZl.exe
  2⤵
  PID:5108
- C:\Windows\System\IziHwkp.exe
  C:\Windows\System\IziHwkp.exe
  2⤵
  PID:4888
- C:\Windows\System\QMwojmz.exe
  C:\Windows\System\QMwojmz.exe
  2⤵
  PID:4940
- C:\Windows\System\eJEIzUE.exe
  C:\Windows\System\eJEIzUE.exe
  2⤵
  PID:5092
- C:\Windows\System\eBkbQFa.exe
  C:\Windows\System\eBkbQFa.exe
  2⤵
  PID:5088
- C:\Windows\System\CDFVPYC.exe
  C:\Windows\System\CDFVPYC.exe
  2⤵
  PID:4968
- C:\Windows\System\aCxMNYD.exe
  C:\Windows\System\aCxMNYD.exe
  2⤵
  PID:3396
- C:\Windows\System\VJomNwl.exe
  C:\Windows\System\VJomNwl.exe
  2⤵
  PID:3612
- C:\Windows\System\eOpWoKc.exe
  C:\Windows\System\eOpWoKc.exe
  2⤵
  PID:4072
- C:\Windows\System\fPzxYoX.exe
  C:\Windows\System\fPzxYoX.exe
  2⤵
  PID:1876
- C:\Windows\System\ldspOvY.exe
  C:\Windows\System\ldspOvY.exe
  2⤵
  PID:3160
- C:\Windows\System\hbEGxEU.exe
  C:\Windows\System\hbEGxEU.exe
  2⤵
  PID:3832
- C:\Windows\System\hdGUwQN.exe
  C:\Windows\System\hdGUwQN.exe
  2⤵
  PID:4196
- C:\Windows\System\XUXmIgr.exe
  C:\Windows\System\XUXmIgr.exe
  2⤵
  PID:4312
- C:\Windows\System\xPBqSXv.exe
  C:\Windows\System\xPBqSXv.exe
  2⤵
  PID:3216
- C:\Windows\System\WVAZihi.exe
  C:\Windows\System\WVAZihi.exe
  2⤵
  PID:3620
- C:\Windows\System\lFSlbUt.exe
  C:\Windows\System\lFSlbUt.exe
  2⤵
  PID:3992
- C:\Windows\System\wPtiqzo.exe
  C:\Windows\System\wPtiqzo.exe
  2⤵
  PID:4112
- C:\Windows\System\PONnfZn.exe
  C:\Windows\System\PONnfZn.exe
  2⤵
  PID:4492
- C:\Windows\System\pQlGviy.exe
  C:\Windows\System\pQlGviy.exe
  2⤵
  PID:4636
- C:\Windows\System\BNUCnQb.exe
  C:\Windows\System\BNUCnQb.exe
  2⤵
  PID:4392
- C:\Windows\System\aXaYSXO.exe
  C:\Windows\System\aXaYSXO.exe
  2⤵
  PID:4376
- C:\Windows\System\yHyxLjm.exe
  C:\Windows\System\yHyxLjm.exe
  2⤵
  PID:4992
- C:\Windows\System\DCUhStS.exe
  C:\Windows\System\DCUhStS.exe
  2⤵
  PID:5068
- C:\Windows\System\AqozwTF.exe
  C:\Windows\System\AqozwTF.exe
  2⤵
  PID:4356
- C:\Windows\System\WBugGeA.exe
  C:\Windows\System\WBugGeA.exe
  2⤵
  PID:4360
- C:\Windows\System\XOclqwg.exe
  C:\Windows\System\XOclqwg.exe
  2⤵
  PID:4412
- C:\Windows\System\omOcGPB.exe
  C:\Windows\System\omOcGPB.exe
  2⤵
  PID:3172
- C:\Windows\System\MTdxWbG.exe
  C:\Windows\System\MTdxWbG.exe
  2⤵
  PID:2636
- C:\Windows\System\qUxVzhu.exe
  C:\Windows\System\qUxVzhu.exe
  2⤵
  PID:4460
- C:\Windows\System\uVdVQMn.exe
  C:\Windows\System\uVdVQMn.exe
  2⤵
  PID:4512
- C:\Windows\System\ZWiogTO.exe
  C:\Windows\System\ZWiogTO.exe
  2⤵
  PID:3372
- C:\Windows\System\zJexQiB.exe
  C:\Windows\System\zJexQiB.exe
  2⤵
  PID:4136
- C:\Windows\System\DnPfXSE.exe
  C:\Windows\System\DnPfXSE.exe
  2⤵
  PID:4172
- C:\Windows\System\uCOleQi.exe
  C:\Windows\System\uCOleQi.exe
  2⤵
  PID:4400
- C:\Windows\System\IfaSPfJ.exe
  C:\Windows\System\IfaSPfJ.exe
  2⤵
  PID:5136
- C:\Windows\System\hoKqyAs.exe
  C:\Windows\System\hoKqyAs.exe
  2⤵
  PID:5152
- C:\Windows\System\tQDudWM.exe
  C:\Windows\System\tQDudWM.exe
  2⤵
  PID:5176
- C:\Windows\System\StJnTdJ.exe
  C:\Windows\System\StJnTdJ.exe
  2⤵
  PID:5192
- C:\Windows\System\xUqBept.exe
  C:\Windows\System\xUqBept.exe
  2⤵
  PID:5212
- C:\Windows\System\UNfgiqh.exe
  C:\Windows\System\UNfgiqh.exe
  2⤵
  PID:5232
- C:\Windows\System\FfMaJzh.exe
  C:\Windows\System\FfMaJzh.exe
  2⤵
  PID:5252
- C:\Windows\System\DcAyZZf.exe
  C:\Windows\System\DcAyZZf.exe
  2⤵
  PID:5272
- C:\Windows\System\wpeEgVR.exe
  C:\Windows\System\wpeEgVR.exe
  2⤵
  PID:5288
- C:\Windows\System\KsodlHv.exe
  C:\Windows\System\KsodlHv.exe
  2⤵
  PID:5320
- C:\Windows\System\CFHAFZs.exe
  C:\Windows\System\CFHAFZs.exe
  2⤵
  PID:5372
- C:\Windows\System\ANDIWpj.exe
  C:\Windows\System\ANDIWpj.exe
  2⤵
  PID:5388
- C:\Windows\System\PLKWAlL.exe
  C:\Windows\System\PLKWAlL.exe
  2⤵
  PID:5408
- C:\Windows\System\LewLnNV.exe
  C:\Windows\System\LewLnNV.exe
  2⤵
  PID:5424
- C:\Windows\System\lriZEYy.exe
  C:\Windows\System\lriZEYy.exe
  2⤵
  PID:5448
- C:\Windows\System\jFwaxCi.exe
  C:\Windows\System\jFwaxCi.exe
  2⤵
  PID:5468
- C:\Windows\System\wmKvNyw.exe
  C:\Windows\System\wmKvNyw.exe
  2⤵
  PID:5488
- C:\Windows\System\Ktyspku.exe
  C:\Windows\System\Ktyspku.exe
  2⤵
  PID:5508
- C:\Windows\System\pYcpYVW.exe
  C:\Windows\System\pYcpYVW.exe
  2⤵
  PID:5528
- C:\Windows\System\bJFVrGu.exe
  C:\Windows\System\bJFVrGu.exe
  2⤵
  PID:5544
- C:\Windows\System\zRCNrBo.exe
  C:\Windows\System\zRCNrBo.exe
  2⤵
  PID:5572
- C:\Windows\System\uAzkyuS.exe
  C:\Windows\System\uAzkyuS.exe
  2⤵
  PID:5592
- C:\Windows\System\eqnJtyc.exe
  C:\Windows\System\eqnJtyc.exe
  2⤵
  PID:5608
- C:\Windows\System\bDxqroG.exe
  C:\Windows\System\bDxqroG.exe
  2⤵
  PID:5624
- C:\Windows\System\vFWuhQh.exe
  C:\Windows\System\vFWuhQh.exe
  2⤵
  PID:5648
- C:\Windows\System\zkceFXk.exe
  C:\Windows\System\zkceFXk.exe
  2⤵
  PID:5664
- C:\Windows\System\WQhbOyW.exe
  C:\Windows\System\WQhbOyW.exe
  2⤵
  PID:5692
- C:\Windows\System\lKglzfS.exe
  C:\Windows\System\lKglzfS.exe
  2⤵
  PID:5708
- C:\Windows\System\PHndSkJ.exe
  C:\Windows\System\PHndSkJ.exe
  2⤵
  PID:5732
- C:\Windows\System\nNGDNwi.exe
  C:\Windows\System\nNGDNwi.exe
  2⤵
  PID:5748
- C:\Windows\System\FWAciRQ.exe
  C:\Windows\System\FWAciRQ.exe
  2⤵
  PID:5772
- C:\Windows\System\gxGxCMh.exe
  C:\Windows\System\gxGxCMh.exe
  2⤵
  PID:5788
- C:\Windows\System\ZuSQXTM.exe
  C:\Windows\System\ZuSQXTM.exe
  2⤵
  PID:5808
- C:\Windows\System\njEoxKV.exe
  C:\Windows\System\njEoxKV.exe
  2⤵
  PID:5828
- C:\Windows\System\TMwsuCa.exe
  C:\Windows\System\TMwsuCa.exe
  2⤵
  PID:5848
- C:\Windows\System\ZFmBUBB.exe
  C:\Windows\System\ZFmBUBB.exe
  2⤵
  PID:5868
- C:\Windows\System\HcNvwmO.exe
  C:\Windows\System\HcNvwmO.exe
  2⤵
  PID:5892
- C:\Windows\System\wQyMGRr.exe
  C:\Windows\System\wQyMGRr.exe
  2⤵
  PID:5916
- C:\Windows\System\aAgPNTn.exe
  C:\Windows\System\aAgPNTn.exe
  2⤵
  PID:5936
- C:\Windows\System\ryeNwUU.exe
  C:\Windows\System\ryeNwUU.exe
  2⤵
  PID:5952
- C:\Windows\System\YhRmRjl.exe
  C:\Windows\System\YhRmRjl.exe
  2⤵
  PID:5972
- C:\Windows\System\Ikmyrqm.exe
  C:\Windows\System\Ikmyrqm.exe
  2⤵
  PID:5996
- C:\Windows\System\jozvdMj.exe
  C:\Windows\System\jozvdMj.exe
  2⤵
  PID:6012
- C:\Windows\System\trjhrMA.exe
  C:\Windows\System\trjhrMA.exe
  2⤵
  PID:6032
- C:\Windows\System\ijVwolt.exe
  C:\Windows\System\ijVwolt.exe
  2⤵
  PID:6052
- C:\Windows\System\wxIvixr.exe
  C:\Windows\System\wxIvixr.exe
  2⤵
  PID:6072
- C:\Windows\System\QvqPAgi.exe
  C:\Windows\System\QvqPAgi.exe
  2⤵
  PID:6092
- C:\Windows\System\BOVtdBj.exe
  C:\Windows\System\BOVtdBj.exe
  2⤵
  PID:6112
- C:\Windows\System\lNLPcHu.exe
  C:\Windows\System\lNLPcHu.exe
  2⤵
  PID:6132
- C:\Windows\System\WohHmIb.exe
  C:\Windows\System\WohHmIb.exe
  2⤵
  PID:4436
- C:\Windows\System\dCfrOOL.exe
  C:\Windows\System\dCfrOOL.exe
  2⤵
  PID:4456
- C:\Windows\System\iKIjxyy.exe
  C:\Windows\System\iKIjxyy.exe
  2⤵
  PID:4952
- C:\Windows\System\bjWbkbh.exe
  C:\Windows\System\bjWbkbh.exe
  2⤵
  PID:4700
- C:\Windows\System\YRZFoRC.exe
  C:\Windows\System\YRZFoRC.exe
  2⤵
  PID:4808
- C:\Windows\System\cAplzha.exe
  C:\Windows\System\cAplzha.exe
  2⤵
  PID:2428
- C:\Windows\System\vZvKWLB.exe
  C:\Windows\System\vZvKWLB.exe
  2⤵
  PID:5148
- C:\Windows\System\xgMzsUn.exe
  C:\Windows\System\xgMzsUn.exe
  2⤵
  PID:5052
- C:\Windows\System\pQqYAJh.exe
  C:\Windows\System\pQqYAJh.exe
  2⤵
  PID:3540
- C:\Windows\System\HZZYWRW.exe
  C:\Windows\System\HZZYWRW.exe
  2⤵
  PID:3296
- C:\Windows\System\PketanY.exe
  C:\Windows\System\PketanY.exe
  2⤵
  PID:2864
- C:\Windows\System\MAwUFEj.exe
  C:\Windows\System\MAwUFEj.exe
  2⤵
  PID:3980
- C:\Windows\System\DLCDUXP.exe
  C:\Windows\System\DLCDUXP.exe
  2⤵
  PID:5260
- C:\Windows\System\oPZCnKo.exe
  C:\Windows\System\oPZCnKo.exe
  2⤵
  PID:4796
- C:\Windows\System\ZIiDeEr.exe
  C:\Windows\System\ZIiDeEr.exe
  2⤵
  PID:5084
- C:\Windows\System\SsFCrUv.exe
  C:\Windows\System\SsFCrUv.exe
  2⤵
  PID:5168
- C:\Windows\System\tmppgWH.exe
  C:\Windows\System\tmppgWH.exe
  2⤵
  PID:4996
- C:\Windows\System\IEvsuEK.exe
  C:\Windows\System\IEvsuEK.exe
  2⤵
  PID:5208
- C:\Windows\System\iiRiwZn.exe
  C:\Windows\System\iiRiwZn.exe
  2⤵
  PID:4584
- C:\Windows\System\VOchgGs.exe
  C:\Windows\System\VOchgGs.exe
  2⤵
  PID:4836
- C:\Windows\System\lfdnbni.exe
  C:\Windows\System\lfdnbni.exe
  2⤵
  PID:5300
- C:\Windows\System\LAHTqjs.exe
  C:\Windows\System\LAHTqjs.exe
  2⤵
  PID:5380
- C:\Windows\System\jEfNieU.exe
  C:\Windows\System\jEfNieU.exe
  2⤵
  PID:5336
- C:\Windows\System\ZIvmXaW.exe
  C:\Windows\System\ZIvmXaW.exe
  2⤵
  PID:5456
- C:\Windows\System\jOVSnMC.exe
  C:\Windows\System\jOVSnMC.exe
  2⤵
  PID:5360
- C:\Windows\System\GhJuoDX.exe
  C:\Windows\System\GhJuoDX.exe
  2⤵
  PID:5400
- C:\Windows\System\XQqLGny.exe
  C:\Windows\System\XQqLGny.exe
  2⤵
  PID:5444
- C:\Windows\System\aRlCGil.exe
  C:\Windows\System\aRlCGil.exe
  2⤵
  PID:5588
- C:\Windows\System\gAhXocg.exe
  C:\Windows\System\gAhXocg.exe
  2⤵
  PID:5616
- C:\Windows\System\WhTQsgR.exe
  C:\Windows\System\WhTQsgR.exe
  2⤵
  PID:5620
- C:\Windows\System\JSPpQBi.exe
  C:\Windows\System\JSPpQBi.exe
  2⤵
  PID:5560
- C:\Windows\System\HSMkWPK.exe
  C:\Windows\System\HSMkWPK.exe
  2⤵
  PID:5600
- C:\Windows\System\sNRHEOx.exe
  C:\Windows\System\sNRHEOx.exe
  2⤵
  PID:5744
- C:\Windows\System\mylwzzV.exe
  C:\Windows\System\mylwzzV.exe
  2⤵
  PID:5816
- C:\Windows\System\ZJGuvsS.exe
  C:\Windows\System\ZJGuvsS.exe
  2⤵
  PID:5720
- C:\Windows\System\xlUegHt.exe
  C:\Windows\System\xlUegHt.exe
  2⤵
  PID:5728
- C:\Windows\System\ybCWmhx.exe
  C:\Windows\System\ybCWmhx.exe
  2⤵
  PID:5908
- C:\Windows\System\fdfCOSp.exe
  C:\Windows\System\fdfCOSp.exe
  2⤵
  PID:5804
- C:\Windows\System\MxRhuuZ.exe
  C:\Windows\System\MxRhuuZ.exe
  2⤵
  PID:5836
- C:\Windows\System\FcTjusg.exe
  C:\Windows\System\FcTjusg.exe
  2⤵
  PID:5984
- C:\Windows\System\SIygWpZ.exe
  C:\Windows\System\SIygWpZ.exe
  2⤵
  PID:6060
- C:\Windows\System\DxUgyjx.exe
  C:\Windows\System\DxUgyjx.exe
  2⤵
  PID:6064
- C:\Windows\System\IwnVkuu.exe
  C:\Windows\System\IwnVkuu.exe
  2⤵
  PID:6140
- C:\Windows\System\hFsPITx.exe
  C:\Windows\System\hFsPITx.exe
  2⤵
  PID:4912
- C:\Windows\System\XIuXPck.exe
  C:\Windows\System\XIuXPck.exe
  2⤵
  PID:5960
- C:\Windows\System\nTtFMvs.exe
  C:\Windows\System\nTtFMvs.exe
  2⤵
  PID:6040
- C:\Windows\System\vTJsiKp.exe
  C:\Windows\System\vTJsiKp.exe
  2⤵
  PID:6084
- C:\Windows\System\DTmbrUE.exe
  C:\Windows\System\DTmbrUE.exe
  2⤵
  PID:4972
- C:\Windows\System\XCaMrCf.exe
  C:\Windows\System\XCaMrCf.exe
  2⤵
  PID:6120
- C:\Windows\System\EGEVlfA.exe
  C:\Windows\System\EGEVlfA.exe
  2⤵
  PID:4544
- C:\Windows\System\RHGOXsE.exe
  C:\Windows\System\RHGOXsE.exe
  2⤵
  PID:4852
- C:\Windows\System\wljytrm.exe
  C:\Windows\System\wljytrm.exe
  2⤵
  PID:5020
- C:\Windows\System\IxFfHKe.exe
  C:\Windows\System\IxFfHKe.exe
  2⤵
  PID:5248
- C:\Windows\System\QZYcTET.exe
  C:\Windows\System\QZYcTET.exe
  2⤵
  PID:5124
- C:\Windows\System\lpVrslz.exe
  C:\Windows\System\lpVrslz.exe
  2⤵
  PID:1836
- C:\Windows\System\BaBblDc.exe
  C:\Windows\System\BaBblDc.exe
  2⤵
  PID:5096
- C:\Windows\System\ilTSwam.exe
  C:\Windows\System\ilTSwam.exe
  2⤵
  PID:2312
- C:\Windows\System\jksRAzQ.exe
  C:\Windows\System\jksRAzQ.exe
  2⤵
  PID:4152
- C:\Windows\System\ayzIDby.exe
  C:\Windows\System\ayzIDby.exe
  2⤵
  PID:5224
- C:\Windows\System\JyiNzQP.exe
  C:\Windows\System\JyiNzQP.exe
  2⤵
  PID:5432
- C:\Windows\System\ikkhJfH.exe
  C:\Windows\System\ikkhJfH.exe
  2⤵
  PID:5284
- C:\Windows\System\aTVJKTt.exe
  C:\Windows\System\aTVJKTt.exe
  2⤵
  PID:5700
- C:\Windows\System\TkyGNVe.exe
  C:\Windows\System\TkyGNVe.exe
  2⤵
  PID:5504
- C:\Windows\System\OIvLtJf.exe
  C:\Windows\System\OIvLtJf.exe
  2⤵
  PID:5640
- C:\Windows\System\XUzeukJ.exe
  C:\Windows\System\XUzeukJ.exe
  2⤵
  PID:5680
- C:\Windows\System\kfIAVwQ.exe
  C:\Windows\System\kfIAVwQ.exe
  2⤵
  PID:5864
- C:\Windows\System\IMMmiby.exe
  C:\Windows\System\IMMmiby.exe
  2⤵
  PID:5636
- C:\Windows\System\mWZqDlT.exe
  C:\Windows\System\mWZqDlT.exe
  2⤵
  PID:5784
- C:\Windows\System\yqmDshA.exe
  C:\Windows\System\yqmDshA.exe
  2⤵
  PID:5768
- C:\Windows\System\TtOuftd.exe
  C:\Windows\System\TtOuftd.exe
  2⤵
  PID:5904
- C:\Windows\System\rKYUEJu.exe
  C:\Windows\System\rKYUEJu.exe
  2⤵
  PID:6028
- C:\Windows\System\jEAyOGi.exe
  C:\Windows\System\jEAyOGi.exe
  2⤵
  PID:6104
- C:\Windows\System\lTwZLzv.exe
  C:\Windows\System\lTwZLzv.exe
  2⤵
  PID:5992
- C:\Windows\System\oDOSCQE.exe
  C:\Windows\System\oDOSCQE.exe
  2⤵
  PID:5928
- C:\Windows\System\BamlPSy.exe
  C:\Windows\System\BamlPSy.exe
  2⤵
  PID:5968
- C:\Windows\System\iyAjoBH.exe
  C:\Windows\System\iyAjoBH.exe
  2⤵
  PID:4656
- C:\Windows\System\UcaVrCa.exe
  C:\Windows\System\UcaVrCa.exe
  2⤵
  PID:4600
- C:\Windows\System\nHRKPug.exe
  C:\Windows\System\nHRKPug.exe
  2⤵
  PID:4260
- C:\Windows\System\sDDPjHa.exe
  C:\Windows\System\sDDPjHa.exe
  2⤵
  PID:5264
- C:\Windows\System\mAypvxh.exe
  C:\Windows\System\mAypvxh.exe
  2⤵
  PID:5436
- C:\Windows\System\FxlZPgo.exe
  C:\Windows\System\FxlZPgo.exe
  2⤵
  PID:5344
- C:\Windows\System\qgDsIUK.exe
  C:\Windows\System\qgDsIUK.exe
  2⤵
  PID:4080
- C:\Windows\System\TZYVpab.exe
  C:\Windows\System\TZYVpab.exe
  2⤵
  PID:4720
- C:\Windows\System\QNSPUXp.exe
  C:\Windows\System\QNSPUXp.exe
  2⤵
  PID:5160
- C:\Windows\System\ontmYIU.exe
  C:\Windows\System\ontmYIU.exe
  2⤵
  PID:6024
- C:\Windows\System\nsQJjhC.exe
  C:\Windows\System\nsQJjhC.exe
  2⤵
  PID:2912
- C:\Windows\System\mNmCsHM.exe
  C:\Windows\System\mNmCsHM.exe
  2⤵
  PID:5420
- C:\Windows\System\zWCZJVF.exe
  C:\Windows\System\zWCZJVF.exe
  2⤵
  PID:5484
- C:\Windows\System\rNeGfQP.exe
  C:\Windows\System\rNeGfQP.exe
  2⤵
  PID:5552
- C:\Windows\System\COEpUHY.exe
  C:\Windows\System\COEpUHY.exe
  2⤵
  PID:4908
- C:\Windows\System\jHIDGaW.exe
  C:\Windows\System\jHIDGaW.exe
  2⤵
  PID:5604
- C:\Windows\System\RtMVeTm.exe
  C:\Windows\System\RtMVeTm.exe
  2⤵
  PID:6160
- C:\Windows\System\qQtjlJE.exe
  C:\Windows\System\qQtjlJE.exe
  2⤵
  PID:6180
- C:\Windows\System\AKeQsFM.exe
  C:\Windows\System\AKeQsFM.exe
  2⤵
  PID:6204
- C:\Windows\System\DkKHdmH.exe
  C:\Windows\System\DkKHdmH.exe
  2⤵
  PID:6220
- C:\Windows\System\XhKcaWJ.exe
  C:\Windows\System\XhKcaWJ.exe
  2⤵
  PID:6244
- C:\Windows\System\dRhTFjj.exe
  C:\Windows\System\dRhTFjj.exe
  2⤵
  PID:6264
- C:\Windows\System\jdWgEtD.exe
  C:\Windows\System\jdWgEtD.exe
  2⤵
  PID:6284
- C:\Windows\System\zpGLFHS.exe
  C:\Windows\System\zpGLFHS.exe
  2⤵
  PID:6304
- C:\Windows\System\mOQNGQk.exe
  C:\Windows\System\mOQNGQk.exe
  2⤵
  PID:6324
- C:\Windows\System\mcEgeSp.exe
  C:\Windows\System\mcEgeSp.exe
  2⤵
  PID:6340
- C:\Windows\System\xeqfCGu.exe
  C:\Windows\System\xeqfCGu.exe
  2⤵
  PID:6360
- C:\Windows\System\CsiXLLL.exe
  C:\Windows\System\CsiXLLL.exe
  2⤵
  PID:6384
- C:\Windows\System\UCXsRFn.exe
  C:\Windows\System\UCXsRFn.exe
  2⤵
  PID:6400
- C:\Windows\System\odpnguL.exe
  C:\Windows\System\odpnguL.exe
  2⤵
  PID:6424
- C:\Windows\System\AgjPXff.exe
  C:\Windows\System\AgjPXff.exe
  2⤵
  PID:6444
- C:\Windows\System\lqgxFzS.exe
  C:\Windows\System\lqgxFzS.exe
  2⤵
  PID:6464
- C:\Windows\System\bsqKgOt.exe
  C:\Windows\System\bsqKgOt.exe
  2⤵
  PID:6484
- C:\Windows\System\tKZosdX.exe
  C:\Windows\System\tKZosdX.exe
  2⤵
  PID:6500
- C:\Windows\System\fsxHifw.exe
  C:\Windows\System\fsxHifw.exe
  2⤵
  PID:6520
- C:\Windows\System\yTVpsbj.exe
  C:\Windows\System\yTVpsbj.exe
  2⤵
  PID:6536
- C:\Windows\System\ljlfPeh.exe
  C:\Windows\System\ljlfPeh.exe
  2⤵
  PID:6560
- C:\Windows\System\fZfdURo.exe
  C:\Windows\System\fZfdURo.exe
  2⤵
  PID:6584
- C:\Windows\System\MOpcPoK.exe
  C:\Windows\System\MOpcPoK.exe
  2⤵
  PID:6600
- C:\Windows\System\TkIjqLL.exe
  C:\Windows\System\TkIjqLL.exe
  2⤵
  PID:6616
- C:\Windows\System\hyBfIzZ.exe
  C:\Windows\System\hyBfIzZ.exe
  2⤵
  PID:6636
- C:\Windows\System\VtyWPgy.exe
  C:\Windows\System\VtyWPgy.exe
  2⤵
  PID:6660
- C:\Windows\System\GtWGMKQ.exe
  C:\Windows\System\GtWGMKQ.exe
  2⤵
  PID:6676
- C:\Windows\System\nctXxGk.exe
  C:\Windows\System\nctXxGk.exe
  2⤵
  PID:6692
- C:\Windows\System\EOHINoK.exe
  C:\Windows\System\EOHINoK.exe
  2⤵
  PID:6716
- C:\Windows\System\AuVMnWB.exe
  C:\Windows\System\AuVMnWB.exe
  2⤵
  PID:6736
- C:\Windows\System\ailyFVZ.exe
  C:\Windows\System\ailyFVZ.exe
  2⤵
  PID:6760
- C:\Windows\System\JkNLjzk.exe
  C:\Windows\System\JkNLjzk.exe
  2⤵
  PID:6776
- C:\Windows\System\EGYwXqP.exe
  C:\Windows\System\EGYwXqP.exe
  2⤵
  PID:6800
- C:\Windows\System\dSHYkKn.exe
  C:\Windows\System\dSHYkKn.exe
  2⤵
  PID:6816
- C:\Windows\System\xqkSIvd.exe
  C:\Windows\System\xqkSIvd.exe
  2⤵
  PID:6844
- C:\Windows\System\ZiQxTTH.exe
  C:\Windows\System\ZiQxTTH.exe
  2⤵
  PID:6860
- C:\Windows\System\WXFUuoc.exe
  C:\Windows\System\WXFUuoc.exe
  2⤵
  PID:6884
- C:\Windows\System\oFdYfHa.exe
  C:\Windows\System\oFdYfHa.exe
  2⤵
  PID:6904
- C:\Windows\System\CsJgYaG.exe
  C:\Windows\System\CsJgYaG.exe
  2⤵
  PID:6920
- C:\Windows\System\fgDRiQS.exe
  C:\Windows\System\fgDRiQS.exe
  2⤵
  PID:6940
- C:\Windows\System\tBFsdiP.exe
  C:\Windows\System\tBFsdiP.exe
  2⤵
  PID:6960
- C:\Windows\System\OjttDTe.exe
  C:\Windows\System\OjttDTe.exe
  2⤵
  PID:6976
- C:\Windows\System\IyminyI.exe
  C:\Windows\System\IyminyI.exe
  2⤵
  PID:7000
- C:\Windows\System\CrNBjZE.exe
  C:\Windows\System\CrNBjZE.exe
  2⤵
  PID:7016
- C:\Windows\System\vQbNUOm.exe
  C:\Windows\System\vQbNUOm.exe
  2⤵
  PID:7048
- C:\Windows\System\puLjoLr.exe
  C:\Windows\System\puLjoLr.exe
  2⤵
  PID:7068
- C:\Windows\System\ciXSZxd.exe
  C:\Windows\System\ciXSZxd.exe
  2⤵
  PID:7084
- C:\Windows\System\sjURgXp.exe
  C:\Windows\System\sjURgXp.exe
  2⤵
  PID:7100
- C:\Windows\System\jqQUYlS.exe
  C:\Windows\System\jqQUYlS.exe
  2⤵
  PID:7128
- C:\Windows\System\mYzvBpN.exe
  C:\Windows\System\mYzvBpN.exe
  2⤵
  PID:7148
- C:\Windows\System\sJsxaEg.exe
  C:\Windows\System\sJsxaEg.exe
  2⤵
  PID:5220
- C:\Windows\System\TPFduKA.exe
  C:\Windows\System\TPFduKA.exe
  2⤵
  PID:5840
- C:\Windows\System\obfZvDA.exe
  C:\Windows\System\obfZvDA.exe
  2⤵
  PID:4856
- C:\Windows\System\xOdAoAT.exe
  C:\Windows\System\xOdAoAT.exe
  2⤵
  PID:5980
- C:\Windows\System\teEOkIE.exe
  C:\Windows\System\teEOkIE.exe
  2⤵
  PID:5144
- C:\Windows\System\ekGcuYO.exe
  C:\Windows\System\ekGcuYO.exe
  2⤵
  PID:3148
- C:\Windows\System\TMhHeqt.exe
  C:\Windows\System\TMhHeqt.exe
  2⤵
  PID:5632
- C:\Windows\System\IDQxgOC.exe
  C:\Windows\System\IDQxgOC.exe
  2⤵
  PID:5764
- C:\Windows\System\hcbXoPa.exe
  C:\Windows\System\hcbXoPa.exe
  2⤵
  PID:4696
- C:\Windows\System\iyStgKO.exe
  C:\Windows\System\iyStgKO.exe
  2⤵
  PID:4140
- C:\Windows\System\GgwUWtc.exe
  C:\Windows\System\GgwUWtc.exe
  2⤵
  PID:5364
- C:\Windows\System\fYIHokr.exe
  C:\Windows\System\fYIHokr.exe
  2⤵
  PID:2172
- C:\Windows\System\lMwLxbD.exe
  C:\Windows\System\lMwLxbD.exe
  2⤵
  PID:6168
- C:\Windows\System\tNYWWKv.exe
  C:\Windows\System\tNYWWKv.exe
  2⤵
  PID:2840
- C:\Windows\System\wyEhTel.exe
  C:\Windows\System\wyEhTel.exe
  2⤵
  PID:2624
- C:\Windows\System\CMjzKvE.exe
  C:\Windows\System\CMjzKvE.exe
  2⤵
  PID:6188
- C:\Windows\System\caTMXTk.exe
  C:\Windows\System\caTMXTk.exe
  2⤵
  PID:6232
- C:\Windows\System\lPujfSw.exe
  C:\Windows\System\lPujfSw.exe
  2⤵
  PID:6296
- C:\Windows\System\xsWZnhU.exe
  C:\Windows\System\xsWZnhU.exe
  2⤵
  PID:6280
- C:\Windows\System\VHpJHrv.exe
  C:\Windows\System\VHpJHrv.exe
  2⤵
  PID:6376
- C:\Windows\System\rFkriWL.exe
  C:\Windows\System\rFkriWL.exe
  2⤵
  PID:6416
- C:\Windows\System\QrkgMvL.exe
  C:\Windows\System\QrkgMvL.exe
  2⤵
  PID:6460
- C:\Windows\System\jsMRKpJ.exe
  C:\Windows\System\jsMRKpJ.exe
  2⤵
  PID:6348
- C:\Windows\System\hMBqNvy.exe
  C:\Windows\System\hMBqNvy.exe
  2⤵
  PID:6432
- C:\Windows\System\BqnARIn.exe
  C:\Windows\System\BqnARIn.exe
  2⤵
  PID:6580
- C:\Windows\System\HAnLRQT.exe
  C:\Windows\System\HAnLRQT.exe
  2⤵
  PID:6644
- C:\Windows\System\xfRJtTo.exe
  C:\Windows\System\xfRJtTo.exe
  2⤵
  PID:6436
- C:\Windows\System\GTYJkKF.exe
  C:\Windows\System\GTYJkKF.exe
  2⤵
  PID:6688
- C:\Windows\System\gIfUOTT.exe
  C:\Windows\System\gIfUOTT.exe
  2⤵
  PID:6512
- C:\Windows\System\PafyScT.exe
  C:\Windows\System\PafyScT.exe
  2⤵
  PID:6548
- C:\Windows\System\gsUYxzT.exe
  C:\Windows\System\gsUYxzT.exe
  2⤵
  PID:6812
- C:\Windows\System\AMCsYPa.exe
  C:\Windows\System\AMCsYPa.exe
  2⤵
  PID:6628
- C:\Windows\System\hZzFrnN.exe
  C:\Windows\System\hZzFrnN.exe
  2⤵
  PID:6672
- C:\Windows\System\wftQgzQ.exe
  C:\Windows\System\wftQgzQ.exe
  2⤵
  PID:6708
- C:\Windows\System\qqzzylH.exe
  C:\Windows\System\qqzzylH.exe
  2⤵
  PID:6752
- C:\Windows\System\buudFfr.exe
  C:\Windows\System\buudFfr.exe
  2⤵
  PID:6968
- C:\Windows\System\ciKFuPG.exe
  C:\Windows\System\ciKFuPG.exe
  2⤵
  PID:6796
- C:\Windows\System\vctoArH.exe
  C:\Windows\System\vctoArH.exe
  2⤵
  PID:6828
- C:\Windows\System\qsEPNqO.exe
  C:\Windows\System\qsEPNqO.exe
  2⤵
  PID:7064
- C:\Windows\System\gIiFPzH.exe
  C:\Windows\System\gIiFPzH.exe
  2⤵
  PID:7136
- C:\Windows\System\jJPMMBe.exe
  C:\Windows\System\jJPMMBe.exe
  2⤵
  PID:6984
- C:\Windows\System\kQFFbZI.exe
  C:\Windows\System\kQFFbZI.exe
  2⤵
  PID:6068
- C:\Windows\System\ldUVcPS.exe
  C:\Windows\System\ldUVcPS.exe
  2⤵
  PID:2668
- C:\Windows\System\CkHdTVG.exe
  C:\Windows\System\CkHdTVG.exe
  2⤵
  PID:5524
- C:\Windows\System\yBLUoKg.exe
  C:\Windows\System\yBLUoKg.exe
  2⤵
  PID:5684
- C:\Windows\System\uxnSnMz.exe
  C:\Windows\System\uxnSnMz.exe
  2⤵
  PID:7044
- C:\Windows\System\OQGiufV.exe
  C:\Windows\System\OQGiufV.exe
  2⤵
  PID:2920
- C:\Windows\System\aHZiCGj.exe
  C:\Windows\System\aHZiCGj.exe
  2⤵
  PID:7080
- C:\Windows\System\GYFUVnB.exe
  C:\Windows\System\GYFUVnB.exe
  2⤵
  PID:6452
- C:\Windows\System\iiaJGlL.exe
  C:\Windows\System\iiaJGlL.exe
  2⤵
  PID:6396
- C:\Windows\System\ScWdCNB.exe
  C:\Windows\System\ScWdCNB.exe
  2⤵
  PID:6684
- C:\Windows\System\JTjvWRq.exe
  C:\Windows\System\JTjvWRq.exe
  2⤵
  PID:7120
- C:\Windows\System\wDQKWiU.exe
  C:\Windows\System\wDQKWiU.exe
  2⤵
  PID:7156
- C:\Windows\System\gtUcazs.exe
  C:\Windows\System\gtUcazs.exe
  2⤵
  PID:1232
- C:\Windows\System\DWpIIGK.exe
  C:\Windows\System\DWpIIGK.exe
  2⤵
  PID:5824
- C:\Windows\System\vrXTGFx.exe
  C:\Windows\System\vrXTGFx.exe
  2⤵
  PID:6700
- C:\Windows\System\DqlbyYQ.exe
  C:\Windows\System\DqlbyYQ.exe
  2⤵
  PID:5396
- C:\Windows\System\pmKcNtm.exe
  C:\Windows\System\pmKcNtm.exe
  2⤵
  PID:6928
- C:\Windows\System\lXVgJTD.exe
  C:\Windows\System\lXVgJTD.exe
  2⤵
  PID:6936
- C:\Windows\System\FffcbjO.exe
  C:\Windows\System\FffcbjO.exe
  2⤵
  PID:6192
- C:\Windows\System\kqhRYWl.exe
  C:\Windows\System\kqhRYWl.exe
  2⤵
  PID:7008
- C:\Windows\System\lXZecSg.exe
  C:\Windows\System\lXZecSg.exe
  2⤵
  PID:6440
- C:\Windows\System\xGYTqcz.exe
  C:\Windows\System\xGYTqcz.exe
  2⤵
  PID:7012
- C:\Windows\System\SjgiQOA.exe
  C:\Windows\System\SjgiQOA.exe
  2⤵
  PID:6336
- C:\Windows\System\eLaRpLB.exe
  C:\Windows\System\eLaRpLB.exe
  2⤵
  PID:6772
- C:\Windows\System\xsrifwd.exe
  C:\Windows\System\xsrifwd.exe
  2⤵
  PID:6656
- C:\Windows\System\TORZSzA.exe
  C:\Windows\System\TORZSzA.exe
  2⤵
  PID:6372
- C:\Windows\System\AjSpLkS.exe
  C:\Windows\System\AjSpLkS.exe
  2⤵
  PID:5188
- C:\Windows\System\uJdeGYi.exe
  C:\Windows\System\uJdeGYi.exe
  2⤵
  PID:7028
- C:\Windows\System\zRCfCfP.exe
  C:\Windows\System\zRCfCfP.exe
  2⤵
  PID:6356
- C:\Windows\System\qKMGVNr.exe
  C:\Windows\System\qKMGVNr.exe
  2⤵
  PID:7116
- C:\Windows\System\NBxEwKB.exe
  C:\Windows\System\NBxEwKB.exe
  2⤵
  PID:2628
- C:\Windows\System\kLdtcKy.exe
  C:\Windows\System\kLdtcKy.exe
  2⤵
  PID:6200
- C:\Windows\System\dFbmKBf.exe
  C:\Windows\System\dFbmKBf.exe
  2⤵
  PID:7092
- C:\Windows\System\TFkbbuM.exe
  C:\Windows\System\TFkbbuM.exe
  2⤵
  PID:6876
- C:\Windows\System\eRLybad.exe
  C:\Windows\System\eRLybad.exe
  2⤵
  PID:6732
- C:\Windows\System\wokPAGK.exe
  C:\Windows\System\wokPAGK.exe
  2⤵
  PID:6156
- C:\Windows\System\oiHpKgg.exe
  C:\Windows\System\oiHpKgg.exe
  2⤵
  PID:6420
- C:\Windows\System\aQdjPhv.exe
  C:\Windows\System\aQdjPhv.exe
  2⤵
  PID:5244
- C:\Windows\System\crAYiVZ.exe
  C:\Windows\System\crAYiVZ.exe
  2⤵
  PID:6176
- C:\Windows\System\iSIUSfs.exe
  C:\Windows\System\iSIUSfs.exe
  2⤵
  PID:6480
- C:\Windows\System\mPvhjND.exe
  C:\Windows\System\mPvhjND.exe
  2⤵
  PID:6768
- C:\Windows\System\tZsmrCo.exe
  C:\Windows\System\tZsmrCo.exe
  2⤵
  PID:6956
- C:\Windows\System\aWqWjTu.exe
  C:\Windows\System\aWqWjTu.exe
  2⤵
  PID:4780
- C:\Windows\System\WCDsbKO.exe
  C:\Windows\System\WCDsbKO.exe
  2⤵
  PID:6856
- C:\Windows\System\WNNtigQ.exe
  C:\Windows\System\WNNtigQ.exe
  2⤵
  PID:5796
- C:\Windows\System\zPwUoYN.exe
  C:\Windows\System\zPwUoYN.exe
  2⤵
  PID:7096
- C:\Windows\System\ZQcYsqb.exe
  C:\Windows\System\ZQcYsqb.exe
  2⤵
  PID:5304
- C:\Windows\System\nmjdxbS.exe
  C:\Windows\System\nmjdxbS.exe
  2⤵
  PID:6496
- C:\Windows\System\opNJBjS.exe
  C:\Windows\System\opNJBjS.exe
  2⤵
  PID:6596
- C:\Windows\System\MYPOwOM.exe
  C:\Windows\System\MYPOwOM.exe
  2⤵
  PID:7076
- C:\Windows\System\LakVJpZ.exe
  C:\Windows\System\LakVJpZ.exe
  2⤵
  PID:4744
- C:\Windows\System\YUfgPBK.exe
  C:\Windows\System\YUfgPBK.exe
  2⤵
  PID:6932
- C:\Windows\System\zSCCuLo.exe
  C:\Windows\System\zSCCuLo.exe
  2⤵
  PID:7180
- C:\Windows\System\JNTQfks.exe
  C:\Windows\System\JNTQfks.exe
  2⤵
  PID:7196
- C:\Windows\System\xgFZUuS.exe
  C:\Windows\System\xgFZUuS.exe
  2⤵
  PID:7268
- C:\Windows\System\IkUXYJS.exe
  C:\Windows\System\IkUXYJS.exe
  2⤵
  PID:7288
- C:\Windows\System\SpZmuDs.exe
  C:\Windows\System\SpZmuDs.exe
  2⤵
  PID:7308
- C:\Windows\System\csvHhhJ.exe
  C:\Windows\System\csvHhhJ.exe
  2⤵
  PID:7328
- C:\Windows\System\GddbFso.exe
  C:\Windows\System\GddbFso.exe
  2⤵
  PID:7344
- C:\Windows\System\EgvYqWU.exe
  C:\Windows\System\EgvYqWU.exe
  2⤵
  PID:7364
- C:\Windows\System\tEwpeBg.exe
  C:\Windows\System\tEwpeBg.exe
  2⤵
  PID:7380
- C:\Windows\System\uEYMHYm.exe
  C:\Windows\System\uEYMHYm.exe
  2⤵
  PID:7396
- C:\Windows\System\YGhpnvM.exe
  C:\Windows\System\YGhpnvM.exe
  2⤵
  PID:7420
- C:\Windows\System\FHqKkhJ.exe
  C:\Windows\System\FHqKkhJ.exe
  2⤵
  PID:7436
- C:\Windows\System\AafdQDW.exe
  C:\Windows\System\AafdQDW.exe
  2⤵
  PID:7452
- C:\Windows\System\XDsiLqO.exe
  C:\Windows\System\XDsiLqO.exe
  2⤵
  PID:7468
- C:\Windows\System\XEyPRTp.exe
  C:\Windows\System\XEyPRTp.exe
  2⤵
  PID:7508
- C:\Windows\System\xRmZQiF.exe
  C:\Windows\System\xRmZQiF.exe
  2⤵
  PID:7524
- C:\Windows\System\kObyGab.exe
  C:\Windows\System\kObyGab.exe
  2⤵
  PID:7540
- C:\Windows\System\oCFluEz.exe
  C:\Windows\System\oCFluEz.exe
  2⤵
  PID:7556
- C:\Windows\System\srVlUAM.exe
  C:\Windows\System\srVlUAM.exe
  2⤵
  PID:7572
- C:\Windows\System\AogqeVy.exe
  C:\Windows\System\AogqeVy.exe
  2⤵
  PID:7588
- C:\Windows\System\rTdYjux.exe
  C:\Windows\System\rTdYjux.exe
  2⤵
  PID:7604
- C:\Windows\System\hdqBFOY.exe
  C:\Windows\System\hdqBFOY.exe
  2⤵
  PID:7620
- C:\Windows\System\JPnZXWg.exe
  C:\Windows\System\JPnZXWg.exe
  2⤵
  PID:7636
- C:\Windows\System\qfaxBxU.exe
  C:\Windows\System\qfaxBxU.exe
  2⤵
  PID:7652
- C:\Windows\System\HAtzOLR.exe
  C:\Windows\System\HAtzOLR.exe
  2⤵
  PID:7668
- C:\Windows\System\GMWWsRX.exe
  C:\Windows\System\GMWWsRX.exe
  2⤵
  PID:7684
- C:\Windows\System\aeLJxIo.exe
  C:\Windows\System\aeLJxIo.exe
  2⤵
  PID:7700
- C:\Windows\System\IZGhlAk.exe
  C:\Windows\System\IZGhlAk.exe
  2⤵
  PID:7716
- C:\Windows\System\cusZXlq.exe
  C:\Windows\System\cusZXlq.exe
  2⤵
  PID:7732
- C:\Windows\System\hBSLOAE.exe
  C:\Windows\System\hBSLOAE.exe
  2⤵
  PID:7756
- C:\Windows\System\wJDUzez.exe
  C:\Windows\System\wJDUzez.exe
  2⤵
  PID:7772
- C:\Windows\System\grUJinD.exe
  C:\Windows\System\grUJinD.exe
  2⤵
  PID:7788
- C:\Windows\System\srBqExv.exe
  C:\Windows\System\srBqExv.exe
  2⤵
  PID:7804
- C:\Windows\System\OEtwNuL.exe
  C:\Windows\System\OEtwNuL.exe
  2⤵
  PID:7820
- C:\Windows\System\cNrYmvN.exe
  C:\Windows\System\cNrYmvN.exe
  2⤵
  PID:7836
- C:\Windows\System\iDGtQUT.exe
  C:\Windows\System\iDGtQUT.exe
  2⤵
  PID:7856
- C:\Windows\System\fqiUlsM.exe
  C:\Windows\System\fqiUlsM.exe
  2⤵
  PID:7876
- C:\Windows\System\oUzBwzt.exe
  C:\Windows\System\oUzBwzt.exe
  2⤵
  PID:7892
- C:\Windows\System\vabADva.exe
  C:\Windows\System\vabADva.exe
  2⤵
  PID:7908
- C:\Windows\System\wyvoWiV.exe
  C:\Windows\System\wyvoWiV.exe
  2⤵
  PID:7924
- C:\Windows\System\dGdqWXA.exe
  C:\Windows\System\dGdqWXA.exe
  2⤵
  PID:7940
- C:\Windows\System\EcACSbR.exe
  C:\Windows\System\EcACSbR.exe
  2⤵
  PID:7956
- C:\Windows\System\cLVHcSx.exe
  C:\Windows\System\cLVHcSx.exe
  2⤵
  PID:7976
- C:\Windows\System\dtufAfL.exe
  C:\Windows\System\dtufAfL.exe
  2⤵
  PID:7992
- C:\Windows\System\npESlTX.exe
  C:\Windows\System\npESlTX.exe
  2⤵
  PID:8008
- C:\Windows\System\SAMHAEI.exe
  C:\Windows\System\SAMHAEI.exe
  2⤵
  PID:8024
- C:\Windows\System\dPGcEUa.exe
  C:\Windows\System\dPGcEUa.exe
  2⤵
  PID:8040
- C:\Windows\System\nUJkFYy.exe
  C:\Windows\System\nUJkFYy.exe
  2⤵
  PID:8072
- C:\Windows\System\BmopReC.exe
  C:\Windows\System\BmopReC.exe
  2⤵
  PID:8100
- C:\Windows\System\snGMMjU.exe
  C:\Windows\System\snGMMjU.exe
  2⤵
  PID:8120
- C:\Windows\System\vVoweNG.exe
  C:\Windows\System\vVoweNG.exe
  2⤵
  PID:8136
- C:\Windows\System\NsaAhzV.exe
  C:\Windows\System\NsaAhzV.exe
  2⤵
  PID:8152
- C:\Windows\System\GdMlhIp.exe
  C:\Windows\System\GdMlhIp.exe
  2⤵
  PID:8172
- C:\Windows\System\SJxjeYJ.exe
  C:\Windows\System\SJxjeYJ.exe
  2⤵
  PID:8188
- C:\Windows\System\BOwQtyQ.exe
  C:\Windows\System\BOwQtyQ.exe
  2⤵
  PID:3480
- C:\Windows\System\etSjMRn.exe
  C:\Windows\System\etSjMRn.exe
  2⤵
  PID:6996
- C:\Windows\System\RVIvELP.exe
  C:\Windows\System\RVIvELP.exe
  2⤵
  PID:6916
- C:\Windows\System\fQZBHzY.exe
  C:\Windows\System\fQZBHzY.exe
  2⤵
  PID:6992
- C:\Windows\System\aSWTaWd.exe
  C:\Windows\System\aSWTaWd.exe
  2⤵
  PID:6312
- C:\Windows\System\StpurbM.exe
  C:\Windows\System\StpurbM.exe
  2⤵
  PID:6668
- C:\Windows\System\EIYAfeH.exe
  C:\Windows\System\EIYAfeH.exe
  2⤵
  PID:2496
- C:\Windows\System\kHmXzGa.exe
  C:\Windows\System\kHmXzGa.exe
  2⤵
  PID:6256
- C:\Windows\System\YCovgwc.exe
  C:\Windows\System\YCovgwc.exe
  2⤵
  PID:6252
- C:\Windows\System\YagdBPQ.exe
  C:\Windows\System\YagdBPQ.exe
  2⤵
  PID:5356
- C:\Windows\System\QlvbabO.exe
  C:\Windows\System\QlvbabO.exe
  2⤵
  PID:5644
- C:\Windows\System\yTzmobb.exe
  C:\Windows\System\yTzmobb.exe
  2⤵
  PID:2356
- C:\Windows\System\LIcFkOP.exe
  C:\Windows\System\LIcFkOP.exe
  2⤵
  PID:7236
- C:\Windows\System\sCvdJQY.exe
  C:\Windows\System\sCvdJQY.exe
  2⤵
  PID:2728
- C:\Windows\System\AXHNNRf.exe
  C:\Windows\System\AXHNNRf.exe
  2⤵
  PID:7260
- C:\Windows\System\IZGTjGw.exe
  C:\Windows\System\IZGTjGw.exe
  2⤵
  PID:2664
- C:\Windows\System\sEhIukw.exe
  C:\Windows\System\sEhIukw.exe
  2⤵
  PID:2752
- C:\Windows\System\vvyGNsp.exe
  C:\Windows\System\vvyGNsp.exe
  2⤵
  PID:4464
- C:\Windows\System\QmGGAIp.exe
  C:\Windows\System\QmGGAIp.exe
  2⤵
  PID:7296
- C:\Windows\System\SZUEvdw.exe
  C:\Windows\System\SZUEvdw.exe
  2⤵
  PID:7340
- C:\Windows\System\CgiYnMG.exe
  C:\Windows\System\CgiYnMG.exe
  2⤵
  PID:7316
- C:\Windows\System\gcgBcyg.exe
  C:\Windows\System\gcgBcyg.exe
  2⤵
  PID:7284
- C:\Windows\System\FIoUShv.exe
  C:\Windows\System\FIoUShv.exe
  2⤵
  PID:7352
- C:\Windows\System\GczcyTq.exe
  C:\Windows\System\GczcyTq.exe
  2⤵
  PID:7428
- C:\Windows\System\oUuYMoA.exe
  C:\Windows\System\oUuYMoA.exe
  2⤵
  PID:7532
- C:\Windows\System\TOVIhWV.exe
  C:\Windows\System\TOVIhWV.exe
  2⤵
  PID:2788
- C:\Windows\System\cNedZFb.exe
  C:\Windows\System\cNedZFb.exe
  2⤵
  PID:2904
- C:\Windows\System\yKZTEXf.exe
  C:\Windows\System\yKZTEXf.exe
  2⤵
  PID:7580
- C:\Windows\System\gXgTOqi.exe
  C:\Windows\System\gXgTOqi.exe
  2⤵
  PID:7628
- C:\Windows\System\NxyMmAT.exe
  C:\Windows\System\NxyMmAT.exe
  2⤵
  PID:7660
- C:\Windows\System\ExgtKaz.exe
  C:\Windows\System\ExgtKaz.exe
  2⤵
  PID:7692
- C:\Windows\System\NhFzZIn.exe
  C:\Windows\System\NhFzZIn.exe
  2⤵
  PID:7724
- C:\Windows\System\MnbEuKN.exe
  C:\Windows\System\MnbEuKN.exe
  2⤵
  PID:7780
- C:\Windows\System\TIyLtsT.exe
  C:\Windows\System\TIyLtsT.exe
  2⤵
  PID:7744
- C:\Windows\System\UKzXyQo.exe
  C:\Windows\System\UKzXyQo.exe
  2⤵
  PID:2768
- C:\Windows\System\fDXuenv.exe
  C:\Windows\System\fDXuenv.exe
  2⤵
  PID:7848
- C:\Windows\System\mgmEwZU.exe
  C:\Windows\System\mgmEwZU.exe
  2⤵
  PID:7800
- C:\Windows\System\OAJSMkK.exe
  C:\Windows\System\OAJSMkK.exe
  2⤵
  PID:7920
- C:\Windows\System\eXLQETJ.exe
  C:\Windows\System\eXLQETJ.exe
  2⤵
  PID:7868
- C:\Windows\System\qSdqefq.exe
  C:\Windows\System\qSdqefq.exe
  2⤵
  PID:7988
- C:\Windows\System\LMUddHL.exe
  C:\Windows\System\LMUddHL.exe
  2⤵
  PID:7936
- C:\Windows\System\cJPjZiY.exe
  C:\Windows\System\cJPjZiY.exe
  2⤵
  PID:2012
- C:\Windows\System\MdjXwVA.exe
  C:\Windows\System\MdjXwVA.exe
  2⤵
  PID:1028
- C:\Windows\System\CrfnKjy.exe
  C:\Windows\System\CrfnKjy.exe
  2⤵
  PID:8032
- C:\Windows\System\jikDXWO.exe
  C:\Windows\System\jikDXWO.exe
  2⤵
  PID:1440
- C:\Windows\System\HXlBzxu.exe
  C:\Windows\System\HXlBzxu.exe
  2⤵
  PID:8052
- C:\Windows\System\sBWVdUC.exe
  C:\Windows\System\sBWVdUC.exe
  2⤵
  PID:8068
- C:\Windows\System\bEjhOBa.exe
  C:\Windows\System\bEjhOBa.exe
  2⤵
  PID:1136
- C:\Windows\System\GiqtJRO.exe
  C:\Windows\System\GiqtJRO.exe
  2⤵
  PID:8116
- C:\Windows\System\xvGFffI.exe
  C:\Windows\System\xvGFffI.exe
  2⤵
  PID:600
- C:\Windows\System\hGKNRwN.exe
  C:\Windows\System\hGKNRwN.exe
  2⤵
  PID:292
- C:\Windows\System\lDddVgk.exe
  C:\Windows\System\lDddVgk.exe
  2⤵
  PID:7176
- C:\Windows\System\poAXvIB.exe
  C:\Windows\System\poAXvIB.exe
  2⤵
  PID:7032
- C:\Windows\System\DmNyYpA.exe
  C:\Windows\System\DmNyYpA.exe
  2⤵
  PID:1704
- C:\Windows\System\ZSmTCAS.exe
  C:\Windows\System\ZSmTCAS.exe
  2⤵
  PID:6892
- C:\Windows\System\zXVqFzd.exe
  C:\Windows\System\zXVqFzd.exe
  2⤵
  PID:7244
- C:\Windows\System\AjaICcW.exe
  C:\Windows\System\AjaICcW.exe
  2⤵
  PID:7248
- C:\Windows\System\ZWKEoEu.exe
  C:\Windows\System\ZWKEoEu.exe
  2⤵
  PID:6576
- C:\Windows\System\IZEcnuB.exe
  C:\Windows\System\IZEcnuB.exe
  2⤵
  PID:5520
- C:\Windows\System\NrQDKsz.exe
  C:\Windows\System\NrQDKsz.exe
  2⤵
  PID:7336
- C:\Windows\System\sqOVxTk.exe
  C:\Windows\System\sqOVxTk.exe
  2⤵
  PID:7448
- C:\Windows\System\qKkYHZT.exe
  C:\Windows\System\qKkYHZT.exe
  2⤵
  PID:2748
- C:\Windows\System\XDarIOG.exe
  C:\Windows\System\XDarIOG.exe
  2⤵
  PID:7460
- C:\Windows\System\FRxUhre.exe
  C:\Windows\System\FRxUhre.exe
  2⤵
  PID:7376
- C:\Windows\System\pLiZkPM.exe
  C:\Windows\System\pLiZkPM.exe
  2⤵
  PID:7480
- C:\Windows\System\ZgiMYXX.exe
  C:\Windows\System\ZgiMYXX.exe
  2⤵
  PID:7616
- C:\Windows\System\iFeQZal.exe
  C:\Windows\System\iFeQZal.exe
  2⤵
  PID:7712
- C:\Windows\System\jNPZIVp.exe
  C:\Windows\System\jNPZIVp.exe
  2⤵
  PID:7784
- C:\Windows\System\eImNJzr.exe
  C:\Windows\System\eImNJzr.exe
  2⤵
  PID:7644
- C:\Windows\System\XGmMiIU.exe
  C:\Windows\System\XGmMiIU.exe
  2⤵
  PID:7900
- C:\Windows\System\oHfrecv.exe
  C:\Windows\System\oHfrecv.exe
  2⤵
  PID:7952
- C:\Windows\System\eelJVkM.exe
  C:\Windows\System\eelJVkM.exe
  2⤵
  PID:8000
- C:\Windows\System\VcFIlNB.exe
  C:\Windows\System\VcFIlNB.exe
  2⤵
  PID:8036
- C:\Windows\System\zValdzY.exe
  C:\Windows\System\zValdzY.exe
  2⤵
  PID:8048
- C:\Windows\System\QvOjWwZ.exe
  C:\Windows\System\QvOjWwZ.exe
  2⤵
  PID:308
- C:\Windows\System\ibLqhqF.exe
  C:\Windows\System\ibLqhqF.exe
  2⤵
  PID:1444
- C:\Windows\System\YHtGPEg.exe
  C:\Windows\System\YHtGPEg.exe
  2⤵
  PID:8112
- C:\Windows\System\nnirZcz.exe
  C:\Windows\System\nnirZcz.exe
  2⤵
  PID:6988
- C:\Windows\System\BjpndOY.exe
  C:\Windows\System\BjpndOY.exe
  2⤵
  PID:8168
- C:\Windows\System\hZPjJdf.exe
  C:\Windows\System\hZPjJdf.exe
  2⤵
  PID:3060
- C:\Windows\System\vUBCMor.exe
  C:\Windows\System\vUBCMor.exe
  2⤵
  PID:5200
- C:\Windows\System\ymFBAkR.exe
  C:\Windows\System\ymFBAkR.exe
  2⤵
  PID:7256
- C:\Windows\System\EgnslMD.exe
  C:\Windows\System\EgnslMD.exe
  2⤵
  PID:6608
- C:\Windows\System\WXteIGN.exe
  C:\Windows\System\WXteIGN.exe
  2⤵
  PID:7408
- C:\Windows\System\esKvmih.exe
  C:\Windows\System\esKvmih.exe
  2⤵
  PID:7680
- C:\Windows\System\OxtXoIf.exe
  C:\Windows\System\OxtXoIf.exe
  2⤵
  PID:7812
- C:\Windows\System\RMKBypX.exe
  C:\Windows\System\RMKBypX.exe
  2⤵
  PID:7932
- C:\Windows\System\oFIxIAY.exe
  C:\Windows\System\oFIxIAY.exe
  2⤵
  PID:7388
- C:\Windows\System\dKyrSQJ.exe
  C:\Windows\System\dKyrSQJ.exe
  2⤵
  PID:8108
- C:\Windows\System\VQZJhUg.exe
  C:\Windows\System\VQZJhUg.exe
  2⤵
  PID:7552
- C:\Windows\System\GgnNPFg.exe
  C:\Windows\System\GgnNPFg.exe
  2⤵
  PID:7968
- C:\Windows\System\fXRfriB.exe
  C:\Windows\System\fXRfriB.exe
  2⤵
  PID:8144
- C:\Windows\System\WiqCbOE.exe
  C:\Windows\System\WiqCbOE.exe
  2⤵
  PID:6592
- C:\Windows\System\SIPyLFx.exe
  C:\Windows\System\SIPyLFx.exe
  2⤵
  PID:6948
- C:\Windows\System\MMQAmmS.exe
  C:\Windows\System\MMQAmmS.exe
  2⤵
  PID:2876
- C:\Windows\System\rUackIC.exe
  C:\Windows\System\rUackIC.exe
  2⤵
  PID:7548
- C:\Windows\System\YhnCyNx.exe
  C:\Windows\System\YhnCyNx.exe
  2⤵
  PID:7444
- C:\Windows\System\wKKzQyY.exe
  C:\Windows\System\wKKzQyY.exe
  2⤵
  PID:4468
- C:\Windows\System\KTtityr.exe
  C:\Windows\System\KTtityr.exe
  2⤵
  PID:7888
- C:\Windows\System\NLZMyQW.exe
  C:\Windows\System\NLZMyQW.exe
  2⤵
  PID:6612
- C:\Windows\System\glYGaGR.exe
  C:\Windows\System\glYGaGR.exe
  2⤵
  PID:8088
- C:\Windows\System\JRkXiGP.exe
  C:\Windows\System\JRkXiGP.exe
  2⤵
  PID:2764
- C:\Windows\System\ANPNWwG.exe
  C:\Windows\System\ANPNWwG.exe
  2⤵
  PID:8196
- C:\Windows\System\FbqWLHg.exe
  C:\Windows\System\FbqWLHg.exe
  2⤵
  PID:8212
- C:\Windows\System\FcVAwUl.exe
  C:\Windows\System\FcVAwUl.exe
  2⤵
  PID:8228
- C:\Windows\System\LhncGMr.exe
  C:\Windows\System\LhncGMr.exe
  2⤵
  PID:8244
- C:\Windows\System\mSUUbbF.exe
  C:\Windows\System\mSUUbbF.exe
  2⤵
  PID:8260
- C:\Windows\System\mTxItAr.exe
  C:\Windows\System\mTxItAr.exe
  2⤵
  PID:8276
- C:\Windows\System\oeVCUSD.exe
  C:\Windows\System\oeVCUSD.exe
  2⤵
  PID:8292
- C:\Windows\System\fqqdhvx.exe
  C:\Windows\System\fqqdhvx.exe
  2⤵
  PID:8308
- C:\Windows\System\pWODSvq.exe
  C:\Windows\System\pWODSvq.exe
  2⤵
  PID:8324
- C:\Windows\System\XcWFsMo.exe
  C:\Windows\System\XcWFsMo.exe
  2⤵
  PID:8340
- C:\Windows\System\oLotkyI.exe
  C:\Windows\System\oLotkyI.exe
  2⤵
  PID:8356
- C:\Windows\System\yJdPpgx.exe
  C:\Windows\System\yJdPpgx.exe
  2⤵
  PID:8372
- C:\Windows\System\GuCJceI.exe
  C:\Windows\System\GuCJceI.exe
  2⤵
  PID:8388
- C:\Windows\System\PvaSpsj.exe
  C:\Windows\System\PvaSpsj.exe
  2⤵
  PID:8404
- C:\Windows\System\YcJumHm.exe
  C:\Windows\System\YcJumHm.exe
  2⤵
  PID:8420
- C:\Windows\System\UyzIXgq.exe
  C:\Windows\System\UyzIXgq.exe
  2⤵
  PID:8436
- C:\Windows\System\bZxvMkX.exe
  C:\Windows\System\bZxvMkX.exe
  2⤵
  PID:8452
- C:\Windows\System\ZxmZhLC.exe
  C:\Windows\System\ZxmZhLC.exe
  2⤵
  PID:8468
- C:\Windows\System\LLviiUs.exe
  C:\Windows\System\LLviiUs.exe
  2⤵
  PID:8484
- C:\Windows\System\nREvERg.exe
  C:\Windows\System\nREvERg.exe
  2⤵
  PID:8500
- C:\Windows\System\lrWUJvE.exe
  C:\Windows\System\lrWUJvE.exe
  2⤵
  PID:8516
- C:\Windows\System\yMLrOAl.exe
  C:\Windows\System\yMLrOAl.exe
  2⤵
  PID:8532
- C:\Windows\System\KOPaUdD.exe
  C:\Windows\System\KOPaUdD.exe
  2⤵
  PID:8548
- C:\Windows\System\xzIgJEF.exe
  C:\Windows\System\xzIgJEF.exe
  2⤵
  PID:8568
- C:\Windows\System\zjQrJzJ.exe
  C:\Windows\System\zjQrJzJ.exe
  2⤵
  PID:8584
- C:\Windows\System\KcvNgrg.exe
  C:\Windows\System\KcvNgrg.exe
  2⤵
  PID:8600
- C:\Windows\System\UhpEJUD.exe
  C:\Windows\System\UhpEJUD.exe
  2⤵
  PID:8616
- C:\Windows\System\nliHZAK.exe
  C:\Windows\System\nliHZAK.exe
  2⤵
  PID:8632
- C:\Windows\System\BcblKfB.exe
  C:\Windows\System\BcblKfB.exe
  2⤵
  PID:8652
- C:\Windows\System\echKvtN.exe
  C:\Windows\System\echKvtN.exe
  2⤵
  PID:9016
- C:\Windows\System\WFdkqxG.exe
  C:\Windows\System\WFdkqxG.exe
  2⤵
  PID:9032
- C:\Windows\System\xzmFEKE.exe
  C:\Windows\System\xzmFEKE.exe
  2⤵
  PID:9056
- C:\Windows\System\wcLHvRG.exe
  C:\Windows\System\wcLHvRG.exe
  2⤵
  PID:9072
- C:\Windows\System\OIWWXSb.exe
  C:\Windows\System\OIWWXSb.exe
  2⤵
  PID:9100
- C:\Windows\System\dHjibpF.exe
  C:\Windows\System\dHjibpF.exe
  2⤵
  PID:9116
- C:\Windows\System\yBQWfzn.exe
  C:\Windows\System\yBQWfzn.exe
  2⤵
  PID:9132
- C:\Windows\System\MIxkJqc.exe
  C:\Windows\System\MIxkJqc.exe
  2⤵
  PID:9160
- C:\Windows\System\iTvFtMt.exe
  C:\Windows\System\iTvFtMt.exe
  2⤵
  PID:9184
- C:\Windows\System\SpwDGWK.exe
  C:\Windows\System\SpwDGWK.exe
  2⤵
  PID:9200
- C:\Windows\System\TIuFdpz.exe
  C:\Windows\System\TIuFdpz.exe
  2⤵
  PID:7600
- C:\Windows\System\ysnWwvs.exe
  C:\Windows\System\ysnWwvs.exe
  2⤵
  PID:2528
- C:\Windows\System\AVzTXUP.exe
  C:\Windows\System\AVzTXUP.exe
  2⤵
  PID:8268
- C:\Windows\System\VuuyNfp.exe
  C:\Windows\System\VuuyNfp.exe
  2⤵
  PID:8332
- C:\Windows\System\ITcnGIv.exe
  C:\Windows\System\ITcnGIv.exe
  2⤵
  PID:2800
- C:\Windows\System\vAatyRi.exe
  C:\Windows\System\vAatyRi.exe
  2⤵
  PID:2952
- C:\Windows\System\JCXtDFl.exe
  C:\Windows\System\JCXtDFl.exe
  2⤵
  PID:8224
- C:\Windows\System\rYdvYqY.exe
  C:\Windows\System\rYdvYqY.exe
  2⤵
  PID:8288
- C:\Windows\System\FtIlHnb.exe
  C:\Windows\System\FtIlHnb.exe
  2⤵
  PID:8352
- C:\Windows\System\shFHzRR.exe
  C:\Windows\System\shFHzRR.exe
  2⤵
  PID:8384
- C:\Windows\System\zBnbynx.exe
  C:\Windows\System\zBnbynx.exe
  2⤵
  PID:8432
- C:\Windows\System\BhDAMLM.exe
  C:\Windows\System\BhDAMLM.exe
  2⤵
  PID:8448
- C:\Windows\System\rDFMuqm.exe
  C:\Windows\System\rDFMuqm.exe
  2⤵
  PID:8480
- C:\Windows\System\FajVBix.exe
  C:\Windows\System\FajVBix.exe
  2⤵
  PID:8508
- C:\Windows\System\sAaZMgb.exe
  C:\Windows\System\sAaZMgb.exe
  2⤵
  PID:8560
- C:\Windows\System\xLaVcrw.exe
  C:\Windows\System\xLaVcrw.exe
  2⤵
  PID:7392
- C:\Windows\System\qayMCOL.exe
  C:\Windows\System\qayMCOL.exe
  2⤵
  PID:1872
- C:\Windows\System\kolivsR.exe
  C:\Windows\System\kolivsR.exe
  2⤵
  PID:1780
- C:\Windows\System\qraBWVK.exe
  C:\Windows\System\qraBWVK.exe
  2⤵
  PID:8624
- C:\Windows\System\OfwSPQj.exe
  C:\Windows\System\OfwSPQj.exe
  2⤵
  PID:1120
- C:\Windows\System\ABTSoCx.exe
  C:\Windows\System\ABTSoCx.exe
  2⤵
  PID:8680
- C:\Windows\System\VUVyYBv.exe
  C:\Windows\System\VUVyYBv.exe
  2⤵
  PID:8696
- C:\Windows\System\eAoVjQX.exe
  C:\Windows\System\eAoVjQX.exe
  2⤵
  PID:8712
- C:\Windows\System\cigJDFO.exe
  C:\Windows\System\cigJDFO.exe
  2⤵
  PID:8728
- C:\Windows\System\XeVFEAO.exe
  C:\Windows\System\XeVFEAO.exe
  2⤵
  PID:8748
- C:\Windows\System\lIzQBhe.exe
  C:\Windows\System\lIzQBhe.exe
  2⤵
  PID:8764
- C:\Windows\System\darJqBz.exe
  C:\Windows\System\darJqBz.exe
  2⤵
  PID:8788
- C:\Windows\System\wRftSgn.exe
  C:\Windows\System\wRftSgn.exe
  2⤵
  PID:8932
- C:\Windows\System\tewHslB.exe
  C:\Windows\System\tewHslB.exe
  2⤵
  PID:9040
- C:\Windows\System\qrQIixO.exe
  C:\Windows\System\qrQIixO.exe
  2⤵
  PID:1492
- C:\Windows\System\ikxMVnT.exe
  C:\Windows\System\ikxMVnT.exe
  2⤵
  PID:8284
- C:\Windows\System\nWbJFPh.exe
  C:\Windows\System\nWbJFPh.exe
  2⤵
  PID:9168
- C:\Windows\System\vZOWKrR.exe
  C:\Windows\System\vZOWKrR.exe
  2⤵
  PID:8208
- C:\Windows\System\WLrsSZB.exe
  C:\Windows\System\WLrsSZB.exe
  2⤵
  PID:9092
- C:\Windows\System\BjzhuMS.exe
  C:\Windows\System\BjzhuMS.exe
  2⤵
  PID:9172
- C:\Windows\System\KBcOZGN.exe
  C:\Windows\System\KBcOZGN.exe
  2⤵
  PID:1292
- C:\Windows\System\qVxUeHV.exe
  C:\Windows\System\qVxUeHV.exe
  2⤵
  PID:2236
- C:\Windows\System\NsVZPuf.exe
  C:\Windows\System\NsVZPuf.exe
  2⤵
  PID:664
- C:\Windows\System\EVElGDM.exe
  C:\Windows\System\EVElGDM.exe
  2⤵
  PID:8608
- C:\Windows\System\QDVehPr.exe
  C:\Windows\System\QDVehPr.exe
  2⤵
  PID:300
- C:\Windows\System\JtMzGQE.exe
  C:\Windows\System\JtMzGQE.exe
  2⤵
  PID:1980
- C:\Windows\System\ksQpovu.exe
  C:\Windows\System\ksQpovu.exe
  2⤵
  PID:640
- C:\Windows\System\tfBZwBh.exe
  C:\Windows\System\tfBZwBh.exe
  2⤵
  PID:8756
- C:\Windows\System\ZQgGUnV.exe
  C:\Windows\System\ZQgGUnV.exe
  2⤵
  PID:8828
- C:\Windows\System\BtjbWYh.exe
  C:\Windows\System\BtjbWYh.exe
  2⤵
  PID:8852
- C:\Windows\System\zRQIPUr.exe
  C:\Windows\System\zRQIPUr.exe
  2⤵
  PID:8872
- C:\Windows\System\DLqmUIC.exe
  C:\Windows\System\DLqmUIC.exe
  2⤵
  PID:8892
- C:\Windows\System\aFHzHUW.exe
  C:\Windows\System\aFHzHUW.exe
  2⤵
  PID:8904
- C:\Windows\System\pzjYWQY.exe
  C:\Windows\System\pzjYWQY.exe
  2⤵
  PID:8912
- C:\Windows\System\SwnBsSO.exe
  C:\Windows\System\SwnBsSO.exe
  2⤵
  PID:8948
- C:\Windows\System\EmZvmxu.exe
  C:\Windows\System\EmZvmxu.exe
  2⤵
  PID:8956
- C:\Windows\System\XItRQsM.exe
  C:\Windows\System\XItRQsM.exe
  2⤵
  PID:8972
- C:\Windows\System\KrHUgMI.exe
  C:\Windows\System\KrHUgMI.exe
  2⤵
  PID:8992
- C:\Windows\System\yCCPGtN.exe
  C:\Windows\System\yCCPGtN.exe
  2⤵
  PID:9048
- C:\Windows\System\dUUVzRo.exe
  C:\Windows\System\dUUVzRo.exe
  2⤵
  PID:9068
- C:\Windows\System\pdSSwBC.exe
  C:\Windows\System\pdSSwBC.exe
  2⤵
  PID:9140
- C:\Windows\System\CPMDmdh.exe
  C:\Windows\System\CPMDmdh.exe
  2⤵
  PID:9156
- C:\Windows\System\rFzdBRr.exe
  C:\Windows\System\rFzdBRr.exe
  2⤵
  PID:9088
- C:\Windows\System\vZZcxCa.exe
  C:\Windows\System\vZZcxCa.exe
  2⤵
  PID:8380
- C:\Windows\System\BylTPBL.exe
  C:\Windows\System\BylTPBL.exe
  2⤵
  PID:1552
- C:\Windows\System\IuXquSg.exe
  C:\Windows\System\IuXquSg.exe
  2⤵
  PID:8512
- C:\Windows\System\fQuVoJI.exe
  C:\Windows\System\fQuVoJI.exe
  2⤵
  PID:8348
- C:\Windows\System\uplRWpR.exe
  C:\Windows\System\uplRWpR.exe
  2⤵
  PID:8540
- C:\Windows\System\BKioheJ.exe
  C:\Windows\System\BKioheJ.exe
  2⤵
  PID:8648
- C:\Windows\System\UEejojT.exe
  C:\Windows\System\UEejojT.exe
  2⤵
  PID:8740
- C:\Windows\System\CuisMbW.exe
  C:\Windows\System\CuisMbW.exe
  2⤵
  PID:8724
- C:\Windows\System\lkiQQts.exe
  C:\Windows\System\lkiQQts.exe
  2⤵
  PID:8672
- C:\Windows\System\qcAZbcJ.exe
  C:\Windows\System\qcAZbcJ.exe
  2⤵
  PID:8800
- C:\Windows\System\GpxvNQF.exe
  C:\Windows\System\GpxvNQF.exe
  2⤵
  PID:8816
- C:\Windows\System\KsYPyPl.exe
  C:\Windows\System\KsYPyPl.exe
  2⤵
  PID:8920
- C:\Windows\System\wqlvrkP.exe
  C:\Windows\System\wqlvrkP.exe
  2⤵
  PID:8968
- C:\Windows\System\uHuzHqQ.exe
  C:\Windows\System\uHuzHqQ.exe
  2⤵
  PID:9052
- C:\Windows\System\hoiEZUw.exe
  C:\Windows\System\hoiEZUw.exe
  2⤵
  PID:8984
- C:\Windows\System\TrhwikC.exe
  C:\Windows\System\TrhwikC.exe
  2⤵
  PID:8304
- C:\Windows\System\rrOskTs.exe
  C:\Windows\System\rrOskTs.exe
  2⤵
  PID:8236
- C:\Windows\System\VBpblqS.exe
  C:\Windows\System\VBpblqS.exe
  2⤵
  PID:8460
- C:\Windows\System\gYuCULq.exe
  C:\Windows\System\gYuCULq.exe
  2⤵
  PID:8524
- C:\Windows\System\yHxhndn.exe
  C:\Windows\System\yHxhndn.exe
  2⤵
  PID:9176
- C:\Windows\System\UXzBmFf.exe
  C:\Windows\System\UXzBmFf.exe
  2⤵
  PID:8416
- C:\Windows\System\GQpYJFb.exe
  C:\Windows\System\GQpYJFb.exe
  2⤵
  PID:8576
- C:\Windows\System\rAlHGAf.exe
  C:\Windows\System\rAlHGAf.exe
  2⤵
  PID:8580
- C:\Windows\System\TGuFnCm.exe
  C:\Windows\System\TGuFnCm.exe
  2⤵
  PID:8704
- C:\Windows\System\PccqYzH.exe
  C:\Windows\System\PccqYzH.exe
  2⤵
  PID:8660
- C:\Windows\System\hPigjdb.exe
  C:\Windows\System\hPigjdb.exe
  2⤵
  PID:8556
- C:\Windows\System\QmkCVqf.exe
  C:\Windows\System\QmkCVqf.exe
  2⤵
  PID:8840
- C:\Windows\System\bzzpiuf.exe
  C:\Windows\System\bzzpiuf.exe
  2⤵
  PID:8860
- C:\Windows\System\vvjvqMn.exe
  C:\Windows\System\vvjvqMn.exe
  2⤵
  PID:9080
- C:\Windows\System\ZpboYxw.exe
  C:\Windows\System\ZpboYxw.exe
  2⤵
  PID:8880
- C:\Windows\System\qtEqScp.exe
  C:\Windows\System\qtEqScp.exe
  2⤵
  PID:9064
- C:\Windows\System\esLmHUp.exe
  C:\Windows\System\esLmHUp.exe
  2⤵
  PID:9084
- C:\Windows\System\zMGNWvL.exe
  C:\Windows\System\zMGNWvL.exe
  2⤵
  PID:2984
- C:\Windows\System\xraBcQP.exe
  C:\Windows\System\xraBcQP.exe
  2⤵
  PID:8884
- C:\Windows\System\HbBEsOa.exe
  C:\Windows\System\HbBEsOa.exe
  2⤵
  PID:8780
- C:\Windows\System\bLONdJk.exe
  C:\Windows\System\bLONdJk.exe
  2⤵
  PID:2948
- C:\Windows\System\tiYNjmO.exe
  C:\Windows\System\tiYNjmO.exe
  2⤵
  PID:8820
- C:\Windows\System\PpVUZGI.exe
  C:\Windows\System\PpVUZGI.exe
  2⤵
  PID:9144
- C:\Windows\System\SqhOUEF.exe
  C:\Windows\System\SqhOUEF.exe
  2⤵
  PID:8980
- C:\Windows\System\mitriTf.exe
  C:\Windows\System\mitriTf.exe
  2⤵
  PID:9024
- C:\Windows\System\AirCfBJ.exe
  C:\Windows\System\AirCfBJ.exe
  2⤵
  PID:8916
- C:\Windows\System\LgUSUeM.exe
  C:\Windows\System\LgUSUeM.exe
  2⤵
  PID:9220
- C:\Windows\System\upavgOP.exe
  C:\Windows\System\upavgOP.exe
  2⤵
  PID:9236
- C:\Windows\System\OdqoNLe.exe
  C:\Windows\System\OdqoNLe.exe
  2⤵
  PID:9256
- C:\Windows\System\MsyKeFr.exe
  C:\Windows\System\MsyKeFr.exe
  2⤵
  PID:9284
- C:\Windows\System\KikCzoq.exe
  C:\Windows\System\KikCzoq.exe
  2⤵
  PID:9304
- C:\Windows\System\hcHVcZA.exe
  C:\Windows\System\hcHVcZA.exe
  2⤵
  PID:9420
- C:\Windows\System\lRMpaGg.exe
  C:\Windows\System\lRMpaGg.exe
  2⤵
  PID:9440
- C:\Windows\System\OnaVgbr.exe
  C:\Windows\System\OnaVgbr.exe
  2⤵
  PID:9472
- C:\Windows\System\ybmsrpY.exe
  C:\Windows\System\ybmsrpY.exe
  2⤵
  PID:9496
- C:\Windows\System\WWzJteY.exe
  C:\Windows\System\WWzJteY.exe
  2⤵
  PID:9512
- C:\Windows\System\OtzANYI.exe
  C:\Windows\System\OtzANYI.exe
  2⤵
  PID:9528
- C:\Windows\System\jyWHjyl.exe
  C:\Windows\System\jyWHjyl.exe
  2⤵
  PID:9544
- C:\Windows\System\YgxwxxK.exe
  C:\Windows\System\YgxwxxK.exe
  2⤵
  PID:9560
- C:\Windows\System\rCkpUxb.exe
  C:\Windows\System\rCkpUxb.exe
  2⤵
  PID:9576
- C:\Windows\System\pKTGsZj.exe
  C:\Windows\System\pKTGsZj.exe
  2⤵
  PID:9592
- C:\Windows\System\YCAMcjp.exe
  C:\Windows\System\YCAMcjp.exe
  2⤵
  PID:9608
- C:\Windows\System\lxJIgXQ.exe
  C:\Windows\System\lxJIgXQ.exe
  2⤵
  PID:9624
- C:\Windows\System\bOhLAAs.exe
  C:\Windows\System\bOhLAAs.exe
  2⤵
  PID:9644
- C:\Windows\System\srwZLEe.exe
  C:\Windows\System\srwZLEe.exe
  2⤵
  PID:9660
- C:\Windows\System\ftgzNoF.exe
  C:\Windows\System\ftgzNoF.exe
  2⤵
  PID:9676
- C:\Windows\System\xkvVRdu.exe
  C:\Windows\System\xkvVRdu.exe
  2⤵
  PID:9692
- C:\Windows\System\fztcrFa.exe
  C:\Windows\System\fztcrFa.exe
  2⤵
  PID:9716
- C:\Windows\System\aYEaZIX.exe
  C:\Windows\System\aYEaZIX.exe
  2⤵
  PID:9736
- C:\Windows\System\SpwKCrC.exe
  C:\Windows\System\SpwKCrC.exe
  2⤵
  PID:9760
- C:\Windows\System\krwVFcM.exe
  C:\Windows\System\krwVFcM.exe
  2⤵
  PID:9780
- C:\Windows\System\aliAjlA.exe
  C:\Windows\System\aliAjlA.exe
  2⤵
  PID:9800
- C:\Windows\System\fPZyaFw.exe
  C:\Windows\System\fPZyaFw.exe
  2⤵
  PID:9816
- C:\Windows\System\RoTwBCa.exe
  C:\Windows\System\RoTwBCa.exe
  2⤵
  PID:9836
- C:\Windows\System\uaXlvPM.exe
  C:\Windows\System\uaXlvPM.exe
  2⤵
  PID:9900
- C:\Windows\System\EnISQeD.exe
  C:\Windows\System\EnISQeD.exe
  2⤵
  PID:9916
- C:\Windows\System\WBugRFL.exe
  C:\Windows\System\WBugRFL.exe
  2⤵
  PID:9932
- C:\Windows\System\rdnAdOx.exe
  C:\Windows\System\rdnAdOx.exe
  2⤵
  PID:9948
- C:\Windows\System\kEmhyhA.exe
  C:\Windows\System\kEmhyhA.exe
  2⤵
  PID:9964
- C:\Windows\System\YRZpGuY.exe
  C:\Windows\System\YRZpGuY.exe
  2⤵
  PID:9984
- C:\Windows\System\orFlXCF.exe
  C:\Windows\System\orFlXCF.exe
  2⤵
  PID:10000
- C:\Windows\System\KjYTGWo.exe
  C:\Windows\System\KjYTGWo.exe
  2⤵
  PID:10032
- C:\Windows\System\TUSjZMM.exe
  C:\Windows\System\TUSjZMM.exe
  2⤵
  PID:10048
- C:\Windows\System\riLTPim.exe
  C:\Windows\System\riLTPim.exe
  2⤵
  PID:10064
- C:\Windows\System\OWxPeKS.exe
  C:\Windows\System\OWxPeKS.exe
  2⤵
  PID:10084
- C:\Windows\System\eNaONML.exe
  C:\Windows\System\eNaONML.exe
  2⤵
  PID:10100
- C:\Windows\System\oOzoLTP.exe
  C:\Windows\System\oOzoLTP.exe
  2⤵
  PID:10120
- C:\Windows\System\VCktIDl.exe
  C:\Windows\System\VCktIDl.exe
  2⤵
  PID:10136
- C:\Windows\System\IrGBAgq.exe
  C:\Windows\System\IrGBAgq.exe
  2⤵
  PID:10156
- C:\Windows\System\JkNjKtd.exe
  C:\Windows\System\JkNjKtd.exe
  2⤵
  PID:10172
- C:\Windows\System\AgCbJQI.exe
  C:\Windows\System\AgCbJQI.exe
  2⤵
  PID:10188
- C:\Windows\System\dAthRcW.exe
  C:\Windows\System\dAthRcW.exe
  2⤵
  PID:10204
- C:\Windows\System\ewsHYGl.exe
  C:\Windows\System\ewsHYGl.exe
  2⤵
  PID:10224
- C:\Windows\System\yFlMOmJ.exe
  C:\Windows\System\yFlMOmJ.exe
  2⤵
  PID:8804
- C:\Windows\System\bQFgAaL.exe
  C:\Windows\System\bQFgAaL.exe
  2⤵
  PID:9008
- C:\Windows\System\crKwUhM.exe
  C:\Windows\System\crKwUhM.exe
  2⤵
  PID:9248
- C:\Windows\System\WmIJAbw.exe
  C:\Windows\System\WmIJAbw.exe
  2⤵
  PID:9292
- C:\Windows\System\TevEPbm.exe
  C:\Windows\System\TevEPbm.exe
  2⤵
  PID:9312
- C:\Windows\System\ccFbFWT.exe
  C:\Windows\System\ccFbFWT.exe
  2⤵
  PID:9332
- C:\Windows\System\aULUbVo.exe
  C:\Windows\System\aULUbVo.exe
  2⤵
  PID:9348
- C:\Windows\System\XuNBurG.exe
  C:\Windows\System\XuNBurG.exe
  2⤵
  PID:9364
- C:\Windows\System\nWPJZuj.exe
  C:\Windows\System\nWPJZuj.exe
  2⤵
  PID:9376
- C:\Windows\System\DCVLxSd.exe
  C:\Windows\System\DCVLxSd.exe
  2⤵
  PID:9392
- C:\Windows\System\havTqey.exe
  C:\Windows\System\havTqey.exe
  2⤵
  PID:9412
- C:\Windows\System\yyTvfCn.exe
  C:\Windows\System\yyTvfCn.exe
  2⤵
  PID:9432
- C:\Windows\System\YiItvcj.exe
  C:\Windows\System\YiItvcj.exe
  2⤵
  PID:9468
- C:\Windows\System\JSJLyZI.exe
  C:\Windows\System\JSJLyZI.exe
  2⤵
  PID:9520
- C:\Windows\System\aeGjgqC.exe
  C:\Windows\System\aeGjgqC.exe
  2⤵
  PID:9652
- C:\Windows\System\SafIJPn.exe
  C:\Windows\System\SafIJPn.exe
  2⤵
  PID:9724
- C:\Windows\System\RvaCAwF.exe
  C:\Windows\System\RvaCAwF.exe
  2⤵
  PID:9856
- C:\Windows\System\kgUAokX.exe
  C:\Windows\System\kgUAokX.exe
  2⤵
  PID:9868
- C:\Windows\System\tnXgnEo.exe
  C:\Windows\System\tnXgnEo.exe
  2⤵
  PID:9600
- C:\Windows\System\QSiIHcS.exe
  C:\Windows\System\QSiIHcS.exe
  2⤵
  PID:9540
- C:\Windows\System\BLBhbrF.exe
  C:\Windows\System\BLBhbrF.exe
  2⤵
  PID:9632
- C:\Windows\System\lXBOFiE.exe
  C:\Windows\System\lXBOFiE.exe
  2⤵
  PID:9672
- C:\Windows\System\illYuzr.exe
  C:\Windows\System\illYuzr.exe
  2⤵
  PID:9756
- C:\Windows\System\SGwXifl.exe
  C:\Windows\System\SGwXifl.exe
  2⤵
  PID:9924
- C:\Windows\System\BCidfrP.exe
  C:\Windows\System\BCidfrP.exe
  2⤵
  PID:9960
- C:\Windows\System\krMsgOT.exe
  C:\Windows\System\krMsgOT.exe
  2⤵
  PID:9996
- C:\Windows\System\GUTCCwG.exe
  C:\Windows\System\GUTCCwG.exe
  2⤵
  PID:9976
- C:\Windows\System\UBuYyMl.exe
  C:\Windows\System\UBuYyMl.exe
  2⤵
  PID:10076
- C:\Windows\System\TniSUAH.exe
  C:\Windows\System\TniSUAH.exe
  2⤵
  PID:10196
- C:\Windows\System\HlCBvSn.exe
  C:\Windows\System\HlCBvSn.exe
  2⤵
  PID:10200
- C:\Windows\System\mMcJEPk.exe
  C:\Windows\System\mMcJEPk.exe
  2⤵
  PID:8596
- C:\Windows\System\MtHMOQe.exe
  C:\Windows\System\MtHMOQe.exe
  2⤵
  PID:10184
- C:\Windows\System\mfmCmLd.exe
  C:\Windows\System\mfmCmLd.exe
  2⤵
  PID:8316
- C:\Windows\System\LCGdiWX.exe
  C:\Windows\System\LCGdiWX.exe
  2⤵
  PID:10148
- C:\Windows\System\NafNqrW.exe
  C:\Windows\System\NafNqrW.exe
  2⤵
  PID:9328
- C:\Windows\System\swsXOYz.exe
  C:\Windows\System\swsXOYz.exe
  2⤵
  PID:9280
- C:\Windows\System\dvwrwTp.exe
  C:\Windows\System\dvwrwTp.exe
  2⤵
  PID:9340
- C:\Windows\System\XaiQZnH.exe
  C:\Windows\System\XaiQZnH.exe
  2⤵
  PID:9812
- C:\Windows\System\bhVCcvc.exe
  C:\Windows\System\bhVCcvc.exe
  2⤵
  PID:9616
- C:\Windows\System\BMOMTmh.exe
  C:\Windows\System\BMOMTmh.exe
  2⤵
  PID:9776
- C:\Windows\System\SMELTJL.exe
  C:\Windows\System\SMELTJL.exe
  2⤵
  PID:9768
- C:\Windows\System\AxEiAuY.exe
  C:\Windows\System\AxEiAuY.exe
  2⤵
  PID:8928
- C:\Windows\System\QoLAlev.exe
  C:\Windows\System\QoLAlev.exe
  2⤵
  PID:9268
- C:\Windows\System\hyTDAfR.exe
  C:\Windows\System\hyTDAfR.exe
  2⤵
  PID:9360
- C:\Windows\System\UkxYFhb.exe
  C:\Windows\System\UkxYFhb.exe
  2⤵
  PID:9872
- C:\Windows\System\xWTSxlM.exe
  C:\Windows\System\xWTSxlM.exe
  2⤵
  PID:9864
- C:\Windows\System\Mhgsuml.exe
  C:\Windows\System\Mhgsuml.exe
  2⤵
  PID:8180
- C:\Windows\System\qujegTT.exe
  C:\Windows\System\qujegTT.exe
  2⤵
  PID:9584
- C:\Windows\System\XSThOVb.exe
  C:\Windows\System\XSThOVb.exe
  2⤵
  PID:9508
- C:\Windows\System\BVdEDRJ.exe
  C:\Windows\System\BVdEDRJ.exe
  2⤵
  PID:9640
- C:\Windows\System\qVbhEne.exe
  C:\Windows\System\qVbhEne.exe
  2⤵
  PID:9824
- C:\Windows\System\jtwniGm.exe
  C:\Windows\System\jtwniGm.exe
  2⤵
  PID:9944
- C:\Windows\System\wlfCJHD.exe
  C:\Windows\System\wlfCJHD.exe
  2⤵
  PID:9980
- C:\Windows\System\BtpHSzy.exe
  C:\Windows\System\BtpHSzy.exe
  2⤵
  PID:9892
- C:\Windows\System\DvGmFEQ.exe
  C:\Windows\System\DvGmFEQ.exe
  2⤵
  PID:10092
- C:\Windows\System\sCicYzw.exe
  C:\Windows\System\sCicYzw.exe
  2⤵
  PID:10056
- C:\Windows\System\lSmEdHj.exe
  C:\Windows\System\lSmEdHj.exe
  2⤵
  PID:10128
- C:\Windows\System\EYxLKcf.exe
  C:\Windows\System\EYxLKcf.exe
  2⤵
  PID:10108
- C:\Windows\System\CgWvuau.exe
  C:\Windows\System\CgWvuau.exe
  2⤵
  PID:10144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BDxyMcz.exe

Filesize
6.0MB

MD5
9094b95aac185408661cf91831003356

SHA1
e2b03d5fcde3b2b7f741cb7805bfa58a6b723701

SHA256
735bb90012862389137fe350ac85c7a15f6cf2594eb82ae4f405709039a15227

SHA512
1d1f2013e6a942c860f06442b9087b1d90d96bed24d757b1d78ffd701f6de31c88dc1c6f0dfdbf9b58c754261de2602d5c2cd8baec078ae45b5e683cadcab472

Download Submit
C:\Windows\system\EEaMcoh.exe

Filesize
6.0MB

MD5
268bbf44e6ac66b8eb2ddb8f4bc09667

SHA1
cee8d16603b47ed7235254241387287eeda20271

SHA256
6b46107f07fc56629b22ab7e92bef382c897d2a6bfcf68521e3ea958f8acaae8

SHA512
94b5570b6a60caf2316e7788c3c50fc7f70217848b10b6dd3640fd0d0f3b8b219c80e9478020bc3070d683a18bf05be85db6fbacecf85777691154968d5de40c

Download Submit
C:\Windows\system\FHvFplf.exe

Filesize
6.0MB

MD5
4bb590d421869748b66d8a012616b652

SHA1
c552303875bfb42e28709dfedfa1b6dde699d21e

SHA256
7b859f6d777d8347136cf61560879ddace98acd91362c6599855e61f3afd357b

SHA512
1481fee1f762a30f9a339fefb40264f42913150985fc06ba15b4e47cb64a3dee396d17082fcd4a4ce8a141bdeb07be6940ac87c278ce44c98c63c465d2b6c0ff

Download Submit
C:\Windows\system\HoTBpRC.exe

Filesize
6.0MB

MD5
a466d78423e654cdf2e7939abb2725c5

SHA1
5a683d656e527978a483fe0884a5571121590787

SHA256
8246f689782faef5e4577a5b09e163a3c8e51c66e0b22471060843038352595e

SHA512
61731c0e9c5f22a92b8661b24ed1a2e11f9a2d9f8a930fadf62e640ab260d181a8e45dc301017196a6cf1c2f9a46250f634d6d2d3b0261953a244900efe1c188

Download Submit
C:\Windows\system\IYurxTE.exe

Filesize
6.0MB

MD5
8518406f2249eaa9c08693453b725a63

SHA1
6c9573c17ba6498d26d24fa8b0de3429570ebc8c

SHA256
fafa77cf241c8ceabf173b98f11c65534b10818f024d880f6bc032b0bd4a97e3

SHA512
ee18e9c3cd8473ae6becc15e3b00fe354c229b1f23fb4ed9c65641122231f2df8d8737c5cf0df8ece76a24f45432b43b48756356bd8c0642f546c96d7c0dec87

Download Submit
C:\Windows\system\IhGdEBZ.exe

Filesize
6.0MB

MD5
b1e88e594d833536c91c7479d360f5a4

SHA1
4db403811d043e0787cff1b52d19b74cdab2f6b3

SHA256
3c942bcff67ea7b90708735358648a45a0db79a15e8140f1c9827610e9e79d5a

SHA512
37d765f8aea56aa54e16a27e602e7316772c694e9335489c794a896906fe317040496b1c95e59ad5d042559678bc6b5c75c8b6b8c068106fe1b8007e3a5e7457

Download Submit
C:\Windows\system\JSTIHDk.exe

Filesize
6.0MB

MD5
3c991ca998a2417b312f0c676ca122dd

SHA1
6c8365378f023227e820cac4c10f6251732cbef9

SHA256
a9429aced02bf4c650a675569376ce0aa7f36dfb175f1f009a2d04a7e3b9389b

SHA512
1ab0c40a3829d93e585c17bdf78445835877e2b599cb7a095edc5d0f01eca517737703dca0b220e9ddabf1c0e3f68fced9119cef32b285f165cc75352ae37565

Download Submit
C:\Windows\system\KtwrIhi.exe

Filesize
6.0MB

MD5
b184e8e7afa9f58ef9d1e229880a53bf

SHA1
da4451a6ce136a31264e3adcd49d970585bb8ab0

SHA256
7d10162534994987fd89796f056b1d681301bd881aa8849d1a952ca7ef2e3d06

SHA512
aaad8b28244916fa5b5c87a32b0856dc5f5d6348fd72040e6e2867438d5510c27966730784c34b2dd8f18bc39a7b9e798028999d205747ab04c34ec5fef5de0a

Download Submit
C:\Windows\system\MfAcYRa.exe

Filesize
6.0MB

MD5
dcfb5a11dd6d26042a731f3cf2666585

SHA1
2ffc6a677d4129ba79944d39ddcd5bad0946cbbd

SHA256
6e6e03c8ad3fc5a268e32a5f7708fffce60f04ec4da98b9ed04118e3425c64af

SHA512
5ccd2f62d9fc1aed0f67f1b580147cc20d45522ac9a3cb8eb8e9827bc48e0842e94751b8415004e4d72a3a687a23a90dd54959b19716d4e98789d8def5aff89e

Download Submit
C:\Windows\system\ONZpcyy.exe

Filesize
6.0MB

MD5
e44f197f4288f402c5f7f4f380bbed29

SHA1
64963eea45bdb4129df9f6f5f13c2119e5271857

SHA256
f57635a5e9f7f174db8efdad4a52da8809db62b56a1f65e208acded61837f000

SHA512
5507a2a91429904edb32455dab8e31c73c49adbabd554e89393ac44688a53a9af6a2fb0d208be2aeb07e35de55ec0f22a1a468ac64d7405f4408ec2283c1c26a

Download Submit
C:\Windows\system\PDGdgcs.exe

Filesize
6.0MB

MD5
1728211705e698c64096c22472b58f65

SHA1
26ddab4d2cc30cdffce166407666e16f24305672

SHA256
8ca4a7752285eed0edcc351226ad596b27e5b5c09dd740db1e19e59ebaad75cc

SHA512
26f40bf26b11570fa83bf194f476571a5d71a81f9a3368f59b619711600d27b43a02b8fd455b15d3222610a2539f2995c34a9f9b3a789d70ead415b4cf4330da

Download Submit
C:\Windows\system\RfWTYId.exe

Filesize
6.0MB

MD5
2f6c43e895e2787e85f57cfad918b6af

SHA1
7fc37ce0c20cda04127b431d8cfcfb13f56fcbe6

SHA256
9ca3fd311bb4eeeb46f0045484c8a61f00b0f80dd4389aefeb07d5dcb7f502be

SHA512
3cf7925b5588136f9351266ff692e54019e6b5066633d53588834c1607e5ae2e133515e3633023f409be4c94b314187b726f8c1db188e08f06dc88ffb6c95f83

Download Submit
C:\Windows\system\SoQNPkp.exe

Filesize
6.0MB

MD5
741292adb7606d468ed1b5b2b0507ade

SHA1
1014b8c4d55bf17bfa02d3173f281b1221db4d63

SHA256
ab38e3ffefe66423d35203bab3be795c42cf6f8ace9f500fff32c4596e836184

SHA512
47aad41c01a790f02bdc3676a4211bb1ae6e2ee5ae98acb4968d3e299a8079799ffd3782582b0518e8966b7fbafab859397ce839680c67dab835479ab543e516

Download Submit
C:\Windows\system\UKfHjcu.exe

Filesize
6.0MB

MD5
93dbac99f750f9293c2a18fd5ff354fa

SHA1
714cea2eab79cbf390a92555db8adc595dfa7615

SHA256
24c5635b862fc7528b691d2afdeaec07ff02b1d7ed1f86c847f7a90b63c7b6f8

SHA512
1f8359b4dbe3de32dd5069cb9502c7bd5800c236e1a79810ecbda37ddb43700d47eb51564922c11642efbfb0e8dc5b04f490084c4bf6995373136e71f7915ed9

Download Submit
C:\Windows\system\ZuYPUIg.exe

Filesize
6.0MB

MD5
94397c11c40e7799435e97d7822fb42b

SHA1
f020e27a10c039c2548a5698ac50ce13624704b2

SHA256
809bb8f73893d85157f7192d471be0d84f544cfafdcdcdfa5bd978c17988b036

SHA512
0426f17a11669efcf31c3fe7127019122bcc3aa4dea5845e4e0f4fb362e82af2d324117dfb04f717b711535f887351c497fc45b6eabc1f09e3ed1d9484ac46e0

Download Submit
C:\Windows\system\aRkduVo.exe

Filesize
6.0MB

MD5
3e56f65241743fc3dbaa2b4ec63e9cc6

SHA1
0aff20bde916d73b9b568049a63c75bdf896c970

SHA256
5c2d788b204ed5bf398ea67985ad6370d37bc99c516405a61afb21adef3db8e1

SHA512
86bdddc957056197ce935e5b963dd376a53ba9ba5a597c627cecb3a838fd44072ae63484b15bd36010ea107ad1a7b2b89cc6c1845d8be1b47421cee24f4eb4ce

Download Submit
C:\Windows\system\bdasuzw.exe

Filesize
6.0MB

MD5
528fa17f41619c9b4f6f29ffd626d63c

SHA1
e561057400d4c00c1dda5c03089a15de89247036

SHA256
889a75fc9b430c9ee3eaa8325cb8c826ded12b4b7e97b4536c9a2cffaee17275

SHA512
5e5a81cce5a262188055b64343f804fadf0fbd63c69620fab71056bc37db49fe598ab28bad32356a3e356932a4ea7cbb6b101eb7e373d1eb58786f0ec10294a8

Download Submit
C:\Windows\system\cnTYlQJ.exe

Filesize
6.0MB

MD5
a4f8b6d71fb6752e8d086939c2971645

SHA1
fb614638a98079210969b7fb6f8cebac3d12bc94

SHA256
62f92f99470201b3c72346f081da2cc89df2294973b34e3c20c183807db3eddd

SHA512
e08a002a3df3161b9d25a7d4e5273f31041870ebd5ad43427c47bcc31b1f6bdc4a16713ccdea5d63653bde9dd268bc5fde40654831ee870211b9dba7028a1ef5

Download Submit
C:\Windows\system\dnbLNCL.exe

Filesize
6.0MB

MD5
249f65d566e7116ea3696c65060223ad

SHA1
5260ce01e727d988c403dd323fadbd8998a6c6c9

SHA256
a82e1c7bd9ff5f8c1119fe23c53b463db9a8790b36f558c27cc9d8c2fce4c7bf

SHA512
3e648c074ff27b2a67e22f95e0b0f1e6d184282efb626a3d35617b23c3ceb91eb977dda0a4a9bc43bcf1078ba302d8551de4c4e82d4abc177e094453188c71b6

Download Submit
C:\Windows\system\fvvwral.exe

Filesize
6.0MB

MD5
0a521d3e707e2d291ae5404dda41c5f8

SHA1
7e7ebf759f760674c73ea194244483042ce45630

SHA256
356520e63f442afd3d2e2e5902ef3ee287f4911ff4e822c1bcfe20ab66631a1a

SHA512
df1ea143ce7aa0f93e82cebd61cdf9409b6c9565aaadab28ceebd9fa308fcdde2d2928de62513964d1e78cc0ccd7feddc941b0a584136d04ce437fe39a83b431

Download Submit
C:\Windows\system\hVCazLM.exe

Filesize
6.0MB

MD5
1bd386c0f006f299630b014ae8d077aa

SHA1
cdea1b0ca2d44be219ec417e1901655981bc0634

SHA256
bfd487535208b6b3f08103b414569fefc0fbc44ba5153f9fc4fed3e6a0a1e42a

SHA512
ac707e015a9d07ee912c11c628249afe66a13764e42e0bf8f8307e7c976226562945c803cc8574c42206be0c188cc961b8cbd60f86160b649f0fe056a2686cef

Download Submit
C:\Windows\system\jRkpCyv.exe

Filesize
6.0MB

MD5
5ec7dd004f8247a2950231ca34aaf98e

SHA1
0199ee2c6d217afd0716919a4ff2406f0ab37008

SHA256
60ad2a784708899a95d74703714a5f0f8ead6a58e6c6f270bcb96764c65f4bd6

SHA512
fff5a96a4395644d8b2a13a9f4b1c6fddf82f2d5bfb9d2760dcbbaf68fa297fb06ca253d42093dffc7a281a718e336877317002f8ea905cbaed8d82f45a05461

Download Submit
C:\Windows\system\nkBqAnb.exe

Filesize
6.0MB

MD5
d81270636a0a61958fd2ad63e10bf989

SHA1
9a7eb0b68d4c45b03de39bdf69e01331894128d7

SHA256
cd2c4cec6391feaa03601e7ef8111b2829292d76d8c2f7e94bc5ec042e2e02a9

SHA512
c317520c8f75af25c86cbecc9057eb2eafde922c689a1cd7cd68b92d3ae175cc653a1b304b7def997ba2bb7c294e6d7396200ed4c3cfb709ab3ede3375aea813

Download Submit
C:\Windows\system\vOjJcpx.exe

Filesize
6.0MB

MD5
1d8c663db9157b7b83afd4b05a1b2c21

SHA1
1816ce4c3d4253d9052fd2406d6d13db5bf9964c

SHA256
ffaf7e04b3cf704d1baeba967d2ba55087825b8f9dcd1446c27acb7c0e18fa39

SHA512
b6d59de98419c061ddfe58fd3e4f7fbe6716e71ce367114ca32669d2aae7d4cf8d5fcabc927e5278441bfab78110386cd16d7e634f1ad7c749d2de70f309d4ec

Download Submit
\Windows\system\AeeEXUv.exe

Filesize
6.0MB

MD5
a764e3ed05d22f8506cbc64a2ea7ea82

SHA1
df296612c3a324a3dda3ae245d2de425b506c771

SHA256
898c4b7cec48738b478d927113632162bd979f5ef79f8e892ef6bf23a60e46f4

SHA512
b595baa4bdeb70b120d67675e611cf66d27deeb20ea86fca0ee6d1e983d20438220150db51860e4516891e2ef4bbee9a4f9dc15ff3ce1cef926ac230cf5b095c

Download Submit
\Windows\system\FmtNOnb.exe

Filesize
6.0MB

MD5
a4413f1f90ebf96afab34d5bf473f40a

SHA1
07e924b04d3ba5817681ef86095399e6219f4201

SHA256
dbcd1ad11e58d87af7922f7ba7e5ed42943969bf66c8158ae1a910bfc5c1c38c

SHA512
c7fd84c73749bfe4d807f1bb1f32085f39bfd2657b37a857e440bd7dd9191bd0d7c2ca83639f0f8ce7db937dc3787afed0245b56bae3388d2eefcc33dd659c58

Download Submit
\Windows\system\HEdQdVN.exe

Filesize
6.0MB

MD5
009c7575654e90c4851e1590316f16ab

SHA1
a18d7627f319d59764514269e82c287c28b83d53

SHA256
fba31f3abd6953078fdb594ac3d90e190f22daf0280a71a36e9581dbbe522c8c

SHA512
f5a063f9a7dbe5c26541109ddc3f67e906debb4345b9949720d5cdffd10b432ff59fcd473491964485e9f5876308553d17cb5a0e769d3d9ef4132361274ea198

Download Submit
\Windows\system\INKpjvr.exe

Filesize
6.0MB

MD5
2caee60fa00b0651444d3122bbc3f63d

SHA1
b99f7dc3d80a1a0901ae4294331c64bf4fa45935

SHA256
9e41a3bbbc6ee5ab8ab88ab75a415dc8ae8387089e9f07f417dbbddf60180631

SHA512
46676447f4232a99139ac1468d1c9654f865da727ddc1c5b255af5fee51c4823d34d07972995e3deedd0d02a3e65c4feef363b515393efdab14168ab58b0972c

Download Submit
\Windows\system\IbNXChT.exe

Filesize
6.0MB

MD5
4d134062019209633df52447d7d22397

SHA1
dfc547088bbfab5a4c1d16023392ac3b4d83265c

SHA256
c79cfb986519e771c0b82426e6e8b5c8e5a1de076cf86d6fd138deb4e1364bab

SHA512
b4d970e5d7693b865af7a7a84b709e79804c9d19643fb0c5fb1a102915d91eb7ef469bbc5e815b31ca7a80b2b8bb627616f06b016c16fa3f14bc988781c214ac

Download Submit
\Windows\system\NJtQuxm.exe

Filesize
6.0MB

MD5
b04f67850e02aeddf96abfaf424083c6

SHA1
216896dd9e2d959e45a7aa4225af829329806705

SHA256
3e2bc56e66347fa08ad4c98ebd09054392a6d39c21cdd75644b848fed989fd42

SHA512
cc6b208cf009ee0b903374a3257faa76169867cc00713d30f559833cbacbbd8cb82ebbfa5c944242b45c254f01de3a45cc713df31dd0b47213331b3b1c13a3e6

Download Submit
\Windows\system\RvLXeog.exe

Filesize
6.0MB

MD5
df05ccf7ed5c2bf73ccafa6f9652bdad

SHA1
28f570411456ab2c238050bf28841a4bdf4273b3

SHA256
bdbc5a6fa3dbd4d8d03e32d3111ffb115045345e3f5545185c44926c5d5f210c

SHA512
6c6399f6f6af04c75fa7fd32a4ef2180aa1d3c275037538213e75183e7d68d0fb52a90dabe5657d34fe7a99cf4083d054c8caa9bae6cca9d494d02d76252ddb2

Download Submit
\Windows\system\SaurDTv.exe

Filesize
6.0MB

MD5
6a76b1d65b527fd07bc88f5ff3c965f5

SHA1
3819d5facd2951dfd321e2eae3310b58a1fa233d

SHA256
b5402ea29930861db4309f584b91c2679ec1887354f05c249b9c270127c69889

SHA512
9ce96b6b0fa3a23bec87ab8392aae023b7cb038d056431dd58088f9d9f2a6ed83844947e819f72d69da385461abaebccb8fc504242b1305a550354e244a8571c

Download Submit
\Windows\system\XsnyXFr.exe

Filesize
6.0MB

MD5
c911e25925d6a787423c28421c73d112

SHA1
528dc7e8d5269e3e72aa36ab9ee60af48a6cd7e9

SHA256
b3ec4d07ba35b3a986a788490fe570b679383c3dda93f2de63c733a4972fd1a3

SHA512
5da8730a67f38b182cd602f4c6a0361af2260370fb276b7094393d8b99c50a77283342c207b23aceac33edbb26d90c193545a10afdfc047cb3b727270affe81a

Download Submit
\Windows\system\vmFHGfo.exe

Filesize
6.0MB

MD5
967a1f4e7066abc0b04251e5237be978

SHA1
ea6de1f3c0b8e44b103af542b7037b62acc8419f

SHA256
bd676e19476904255cf11c4498f361a66f1175b162ea8cdb7bea460689afc2fd

SHA512
a0daeec91bfe932ab4cd6fbbac6111a0f4034b621ce279ff2e2ee8e958091afeb45bda7eeafb7595acb7b19d0334570612455db267329ffad8849ef7448f37b6

Download Submit
memory/872-4055-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/872-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1708-3994-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-380-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1708-26-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3975-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1728-8-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2176-109-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3978-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2176-1480-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2368-63-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-68-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2368-118-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2368-102-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2368-0-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2368-379-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2368-108-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2368-656-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-793-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-83-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2368-75-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2368-74-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1638-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2368-15-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-64-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-96-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2368-62-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-60-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2368-39-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2368-29-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-50-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-35-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3976-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-43-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3968-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2648-795-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3972-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2648-79-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3971-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2672-91-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1311-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2704-58-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3977-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3969-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2760-72-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2760-794-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2836-59-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-657-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3970-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download