cobaltstrike | 01cb180628c71322f92f5042555bd4b3a2064562ff148392b32a95c78077b122

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

58b40fa456dbfa029761314dd8273abb
SHA1

66d5cf52e01537a69a46ca31b83ef4b246d597ab
SHA256

01cb180628c71322f92f5042555bd4b3a2064562ff148392b32a95c78077b122
SHA512

9f3c823bd3caa0f68941fcfd57cf88eb6fc392f7cb3dcd3596a5f9551a34add7cbdbcaab971de93396a5b87a6c5ac8044427f0d950ffca34f5d4e27bfef0363f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUK:T+q56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001226a-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001612f-12.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161f6-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016aa9-75.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-62.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-58.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c62-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016855-38.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658c-37.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-69.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001662e-31.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015e71-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-117.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-176.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-171.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-156.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-136.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-131.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-115.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-102.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1868-0-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x000b00000001226a-3.dat	xmrig
behavioral1/files/0x000800000001612f-12.dat	xmrig
behavioral1/memory/1920-15-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2244-11-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x00080000000161f6-9.dat	xmrig
behavioral1/memory/2196-66-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2724-72-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/1868-73-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0008000000016aa9-75.dat	xmrig
behavioral1/files/0x000600000001706d-81.dat	xmrig
behavioral1/files/0x00060000000173da-62.dat	xmrig
behavioral1/memory/1868-61-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f1-58.dat	xmrig
behavioral1/memory/2752-85-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c62-51.dat	xmrig
behavioral1/memory/2788-50-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0007000000016855-38.dat	xmrig
behavioral1/files/0x000700000001658c-37.dat	xmrig
behavioral1/memory/2572-82-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2688-78-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2244-76-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2552-74-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f4-69.dat	xmrig
behavioral1/memory/2140-57-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2676-43-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x000700000001662e-31.dat	xmrig
behavioral1/memory/2720-29-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0009000000015e71-101.dat	xmrig
behavioral1/memory/2788-110-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0006000000017525-117.dat	xmrig
behavioral1/files/0x00060000000174a2-116.dat	xmrig
behavioral1/files/0x00050000000191ff-180.dat	xmrig
behavioral1/memory/2688-911-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2572-1072-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2752-1092-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1664-1105-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/1868-1110-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2552-752-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019244-191.dat	xmrig
behavioral1/files/0x000500000001922c-186.dat	xmrig
behavioral1/files/0x00050000000191d4-176.dat	xmrig
behavioral1/files/0x00060000000190e0-171.dat	xmrig
behavioral1/files/0x00060000000190ce-166.dat	xmrig
behavioral1/files/0x0006000000018f53-156.dat	xmrig
behavioral1/files/0x000600000001903b-161.dat	xmrig
behavioral1/files/0x0006000000018c26-151.dat	xmrig
behavioral1/files/0x0006000000018c1a-146.dat	xmrig
behavioral1/files/0x0005000000018792-141.dat	xmrig
behavioral1/files/0x0005000000018687-136.dat	xmrig
behavioral1/files/0x000d00000001866e-131.dat	xmrig
behavioral1/files/0x0014000000018663-127.dat	xmrig
behavioral1/files/0x0006000000017472-115.dat	xmrig
behavioral1/files/0x00060000000173fc-90.dat	xmrig
behavioral1/memory/2676-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1664-104-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017487-102.dat	xmrig
behavioral1/memory/2720-93-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1920-3241-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2788-3278-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2676-3277-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2720-3276-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2140-3275-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2244-3274-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2244	ImsGTXB.exe
1920	uvkLpdR.exe
2720	DLtLbUa.exe
2676	AwYwukA.exe
2140	lNovyXW.exe
2788	sMwpWJm.exe
2196	ZusQaaO.exe
2724	ynmdZPo.exe
2552	eMovGuE.exe
2688	SQgBIDb.exe
2572	BWUwzSD.exe
2752	DoMGDyZ.exe
1664	AidkiGS.exe
984	phKGXVg.exe
584	JtSSgjF.exe
1092	dqNaLNX.exe
1292	eoXunNZ.exe
1492	aAaqJmf.exe
1244	mFHeiVG.exe
752	nnqgpwX.exe
2604	WgCHkek.exe
852	cdzgGOt.exe
2968	WVrBSFF.exe
2392	KoVwYvO.exe
2864	UBtBcpo.exe
2376	MRappJP.exe
1152	mOySRBm.exe
2384	OthZtYh.exe
1944	SZXQUVg.exe
1088	TSkyNKh.exe
756	eCmtOgu.exe
1724	yHyhWLa.exe
916	irZfDtU.exe
2496	LLcZzql.exe
1628	RMPLqNm.exe
2808	bJzbUbZ.exe
776	zirkFku.exe
1820	aCfstwK.exe
2116	qnsoKYu.exe
2368	NDyEWUr.exe
3040	Pvozgyz.exe
3020	cejgEnV.exe
2316	qLgBIZm.exe
3044	UsfbZld.exe
2120	OvBcHNU.exe
980	YxPscQQ.exe
2356	AgyUZTY.exe
1512	eNGjNRA.exe
1756	cHquRhy.exe
2240	IfNhDaB.exe
3036	DtQsNtF.exe
1576	vStUmIt.exe
1608	ipneJiw.exe
2248	rNgGnHf.exe
2208	DpGxOXC.exe
2684	TyhiYEE.exe
2776	OBLcjop.exe
1996	HvzbFEo.exe
2660	pkWPADo.exe
2852	vcacNhu.exe
2136	OLxkHvI.exe
536	TOEDUxM.exe
1500	uRSPyIi.exe
1968	kXQwBcy.exe

Loads dropped DLL 64 IoCs

pid	Process
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1868-0-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x000b00000001226a-3.dat	upx
behavioral1/files/0x000800000001612f-12.dat	upx
behavioral1/memory/1920-15-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2244-11-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x00080000000161f6-9.dat	upx
behavioral1/memory/2196-66-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2724-72-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/1868-73-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0008000000016aa9-75.dat	upx
behavioral1/files/0x000600000001706d-81.dat	upx
behavioral1/files/0x00060000000173da-62.dat	upx
behavioral1/files/0x00060000000173f1-58.dat	upx
behavioral1/memory/2752-85-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0008000000016c62-51.dat	upx
behavioral1/memory/2788-50-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0007000000016855-38.dat	upx
behavioral1/files/0x000700000001658c-37.dat	upx
behavioral1/memory/2572-82-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2688-78-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2244-76-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2552-74-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00060000000173f4-69.dat	upx
behavioral1/memory/2140-57-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2676-43-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x000700000001662e-31.dat	upx
behavioral1/memory/2720-29-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0009000000015e71-101.dat	upx
behavioral1/memory/2788-110-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0006000000017525-117.dat	upx
behavioral1/files/0x00060000000174a2-116.dat	upx
behavioral1/files/0x00050000000191ff-180.dat	upx
behavioral1/memory/2688-911-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2572-1072-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2752-1092-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1664-1105-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2552-752-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0005000000019244-191.dat	upx
behavioral1/files/0x000500000001922c-186.dat	upx
behavioral1/files/0x00050000000191d4-176.dat	upx
behavioral1/files/0x00060000000190e0-171.dat	upx
behavioral1/files/0x00060000000190ce-166.dat	upx
behavioral1/files/0x0006000000018f53-156.dat	upx
behavioral1/files/0x000600000001903b-161.dat	upx
behavioral1/files/0x0006000000018c26-151.dat	upx
behavioral1/files/0x0006000000018c1a-146.dat	upx
behavioral1/files/0x0005000000018792-141.dat	upx
behavioral1/files/0x0005000000018687-136.dat	upx
behavioral1/files/0x000d00000001866e-131.dat	upx
behavioral1/files/0x0014000000018663-127.dat	upx
behavioral1/files/0x0006000000017472-115.dat	upx
behavioral1/files/0x00060000000173fc-90.dat	upx
behavioral1/memory/2676-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1664-104-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0006000000017487-102.dat	upx
behavioral1/memory/2720-93-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1920-3241-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2788-3278-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2676-3277-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2720-3276-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2140-3275-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2244-3274-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2688-3288-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2196-3286-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KfOJELE.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykXeDqZ.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvLvaFz.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVaCJUN.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRXraCw.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QleLaht.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxahlUe.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqUWtrk.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUgJbxx.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkbRPcO.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udBASSl.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJcboex.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKXPUYo.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRKKeEJ.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQgBIDb.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUDKApm.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMIqaFi.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnBsGNc.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrddZlt.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqwXQjs.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riUhvsy.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCfgyav.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REfQsJA.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsZgKeX.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmoLHPN.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZmIZGo.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFMhcmC.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhliHuF.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPjPhAm.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQCUvub.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJQcZow.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dobDjGE.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHJNirT.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSzGFpb.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUUOvjg.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wskptdB.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlYSQIG.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VoycXXE.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMNwbpQ.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpaWmYe.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFLTyOB.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMZaKUu.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPBjkHU.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoAWQGV.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvvtVmp.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMZvUTp.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJtPiQL.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJxWQvd.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wJwJWld.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFDozJo.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLtFhFU.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrPqXUg.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQZfOFq.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIsSBlY.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJADUng.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwyKcEL.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEWXoSg.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVkAUYk.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itpBjKn.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HleaQOc.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUaYXCp.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bydavTD.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqUbbpK.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\peSPWXl.exe	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2244	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1868 wrote to memory of 2244	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1868 wrote to memory of 2244	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1868 wrote to memory of 1920	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1868 wrote to memory of 1920	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1868 wrote to memory of 1920	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1868 wrote to memory of 2720	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1868 wrote to memory of 2720	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1868 wrote to memory of 2720	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1868 wrote to memory of 2140	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1868 wrote to memory of 2140	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1868 wrote to memory of 2140	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1868 wrote to memory of 2676	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1868 wrote to memory of 2676	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1868 wrote to memory of 2676	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1868 wrote to memory of 2788	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1868 wrote to memory of 2788	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1868 wrote to memory of 2788	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1868 wrote to memory of 2688	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1868 wrote to memory of 2688	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1868 wrote to memory of 2688	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1868 wrote to memory of 2196	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1868 wrote to memory of 2196	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1868 wrote to memory of 2196	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1868 wrote to memory of 2572	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1868 wrote to memory of 2572	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1868 wrote to memory of 2572	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1868 wrote to memory of 2724	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1868 wrote to memory of 2724	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1868 wrote to memory of 2724	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1868 wrote to memory of 2752	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1868 wrote to memory of 2752	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1868 wrote to memory of 2752	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1868 wrote to memory of 2552	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1868 wrote to memory of 2552	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1868 wrote to memory of 2552	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1868 wrote to memory of 1664	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1868 wrote to memory of 1664	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1868 wrote to memory of 1664	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1868 wrote to memory of 984	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1868 wrote to memory of 984	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1868 wrote to memory of 984	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1868 wrote to memory of 1092	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1868 wrote to memory of 1092	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1868 wrote to memory of 1092	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1868 wrote to memory of 584	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1868 wrote to memory of 584	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1868 wrote to memory of 584	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1868 wrote to memory of 1292	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1868 wrote to memory of 1292	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1868 wrote to memory of 1292	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1868 wrote to memory of 1492	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1868 wrote to memory of 1492	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1868 wrote to memory of 1492	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1868 wrote to memory of 1244	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1868 wrote to memory of 1244	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1868 wrote to memory of 1244	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1868 wrote to memory of 752	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1868 wrote to memory of 752	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1868 wrote to memory of 752	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1868 wrote to memory of 2604	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1868 wrote to memory of 2604	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1868 wrote to memory of 2604	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1868 wrote to memory of 852	1868	2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_58b40fa456dbfa029761314dd8273abb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\System\ImsGTXB.exe
  C:\Windows\System\ImsGTXB.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\uvkLpdR.exe
  C:\Windows\System\uvkLpdR.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\DLtLbUa.exe
  C:\Windows\System\DLtLbUa.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\lNovyXW.exe
  C:\Windows\System\lNovyXW.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\AwYwukA.exe
  C:\Windows\System\AwYwukA.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\sMwpWJm.exe
  C:\Windows\System\sMwpWJm.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\SQgBIDb.exe
  C:\Windows\System\SQgBIDb.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\ZusQaaO.exe
  C:\Windows\System\ZusQaaO.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\BWUwzSD.exe
  C:\Windows\System\BWUwzSD.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\ynmdZPo.exe
  C:\Windows\System\ynmdZPo.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\DoMGDyZ.exe
  C:\Windows\System\DoMGDyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\eMovGuE.exe
  C:\Windows\System\eMovGuE.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\AidkiGS.exe
  C:\Windows\System\AidkiGS.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\phKGXVg.exe
  C:\Windows\System\phKGXVg.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\dqNaLNX.exe
  C:\Windows\System\dqNaLNX.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\JtSSgjF.exe
  C:\Windows\System\JtSSgjF.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\eoXunNZ.exe
  C:\Windows\System\eoXunNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\aAaqJmf.exe
  C:\Windows\System\aAaqJmf.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\mFHeiVG.exe
  C:\Windows\System\mFHeiVG.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\nnqgpwX.exe
  C:\Windows\System\nnqgpwX.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\WgCHkek.exe
  C:\Windows\System\WgCHkek.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\cdzgGOt.exe
  C:\Windows\System\cdzgGOt.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\WVrBSFF.exe
  C:\Windows\System\WVrBSFF.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\KoVwYvO.exe
  C:\Windows\System\KoVwYvO.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\UBtBcpo.exe
  C:\Windows\System\UBtBcpo.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\MRappJP.exe
  C:\Windows\System\MRappJP.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\mOySRBm.exe
  C:\Windows\System\mOySRBm.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\OthZtYh.exe
  C:\Windows\System\OthZtYh.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\SZXQUVg.exe
  C:\Windows\System\SZXQUVg.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\TSkyNKh.exe
  C:\Windows\System\TSkyNKh.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\eCmtOgu.exe
  C:\Windows\System\eCmtOgu.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\yHyhWLa.exe
  C:\Windows\System\yHyhWLa.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\irZfDtU.exe
  C:\Windows\System\irZfDtU.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\LLcZzql.exe
  C:\Windows\System\LLcZzql.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\RMPLqNm.exe
  C:\Windows\System\RMPLqNm.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\bJzbUbZ.exe
  C:\Windows\System\bJzbUbZ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\zirkFku.exe
  C:\Windows\System\zirkFku.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\aCfstwK.exe
  C:\Windows\System\aCfstwK.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\qnsoKYu.exe
  C:\Windows\System\qnsoKYu.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\NDyEWUr.exe
  C:\Windows\System\NDyEWUr.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\Pvozgyz.exe
  C:\Windows\System\Pvozgyz.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\cejgEnV.exe
  C:\Windows\System\cejgEnV.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\qLgBIZm.exe
  C:\Windows\System\qLgBIZm.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\UsfbZld.exe
  C:\Windows\System\UsfbZld.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\OvBcHNU.exe
  C:\Windows\System\OvBcHNU.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\YxPscQQ.exe
  C:\Windows\System\YxPscQQ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\AgyUZTY.exe
  C:\Windows\System\AgyUZTY.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\eNGjNRA.exe
  C:\Windows\System\eNGjNRA.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\cHquRhy.exe
  C:\Windows\System\cHquRhy.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\IfNhDaB.exe
  C:\Windows\System\IfNhDaB.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\DtQsNtF.exe
  C:\Windows\System\DtQsNtF.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\vStUmIt.exe
  C:\Windows\System\vStUmIt.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ipneJiw.exe
  C:\Windows\System\ipneJiw.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\rNgGnHf.exe
  C:\Windows\System\rNgGnHf.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\DpGxOXC.exe
  C:\Windows\System\DpGxOXC.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\TyhiYEE.exe
  C:\Windows\System\TyhiYEE.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\OBLcjop.exe
  C:\Windows\System\OBLcjop.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\HvzbFEo.exe
  C:\Windows\System\HvzbFEo.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\pkWPADo.exe
  C:\Windows\System\pkWPADo.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\vcacNhu.exe
  C:\Windows\System\vcacNhu.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\OLxkHvI.exe
  C:\Windows\System\OLxkHvI.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\TOEDUxM.exe
  C:\Windows\System\TOEDUxM.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\uRSPyIi.exe
  C:\Windows\System\uRSPyIi.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\kXQwBcy.exe
  C:\Windows\System\kXQwBcy.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\mhwcELU.exe
  C:\Windows\System\mhwcELU.exe
  2⤵
  PID:1488
- C:\Windows\System\EBqTFKO.exe
  C:\Windows\System\EBqTFKO.exe
  2⤵
  PID:808
- C:\Windows\System\PGSObfW.exe
  C:\Windows\System\PGSObfW.exe
  2⤵
  PID:1812
- C:\Windows\System\QyYqLwq.exe
  C:\Windows\System\QyYqLwq.exe
  2⤵
  PID:268
- C:\Windows\System\ZbvvnFv.exe
  C:\Windows\System\ZbvvnFv.exe
  2⤵
  PID:2940
- C:\Windows\System\vRMSyYf.exe
  C:\Windows\System\vRMSyYf.exe
  2⤵
  PID:408
- C:\Windows\System\buyUQVg.exe
  C:\Windows\System\buyUQVg.exe
  2⤵
  PID:2400
- C:\Windows\System\nmbjvim.exe
  C:\Windows\System\nmbjvim.exe
  2⤵
  PID:1364
- C:\Windows\System\hasmwwC.exe
  C:\Windows\System\hasmwwC.exe
  2⤵
  PID:1728
- C:\Windows\System\IfLYTKH.exe
  C:\Windows\System\IfLYTKH.exe
  2⤵
  PID:1520
- C:\Windows\System\IfYqIAe.exe
  C:\Windows\System\IfYqIAe.exe
  2⤵
  PID:2180
- C:\Windows\System\vsYpUzP.exe
  C:\Windows\System\vsYpUzP.exe
  2⤵
  PID:2712
- C:\Windows\System\IMqzLia.exe
  C:\Windows\System\IMqzLia.exe
  2⤵
  PID:2112
- C:\Windows\System\uydTuVD.exe
  C:\Windows\System\uydTuVD.exe
  2⤵
  PID:1304
- C:\Windows\System\cAskqHY.exe
  C:\Windows\System\cAskqHY.exe
  2⤵
  PID:2304
- C:\Windows\System\BnBsGNc.exe
  C:\Windows\System\BnBsGNc.exe
  2⤵
  PID:2080
- C:\Windows\System\HkvXdff.exe
  C:\Windows\System\HkvXdff.exe
  2⤵
  PID:2448
- C:\Windows\System\lAjrStc.exe
  C:\Windows\System\lAjrStc.exe
  2⤵
  PID:2072
- C:\Windows\System\HpQUNId.exe
  C:\Windows\System\HpQUNId.exe
  2⤵
  PID:304
- C:\Windows\System\wrliLeP.exe
  C:\Windows\System\wrliLeP.exe
  2⤵
  PID:2908
- C:\Windows\System\Agricpw.exe
  C:\Windows\System\Agricpw.exe
  2⤵
  PID:1712
- C:\Windows\System\zfimzXp.exe
  C:\Windows\System\zfimzXp.exe
  2⤵
  PID:2076
- C:\Windows\System\sWJVdXh.exe
  C:\Windows\System\sWJVdXh.exe
  2⤵
  PID:2108
- C:\Windows\System\CKNRLiW.exe
  C:\Windows\System\CKNRLiW.exe
  2⤵
  PID:2760
- C:\Windows\System\qMeZdSK.exe
  C:\Windows\System\qMeZdSK.exe
  2⤵
  PID:2756
- C:\Windows\System\RwOLBvf.exe
  C:\Windows\System\RwOLBvf.exe
  2⤵
  PID:2896
- C:\Windows\System\mkZsoHe.exe
  C:\Windows\System\mkZsoHe.exe
  2⤵
  PID:2016
- C:\Windows\System\wDagikW.exe
  C:\Windows\System\wDagikW.exe
  2⤵
  PID:320
- C:\Windows\System\IoGTdUp.exe
  C:\Windows\System\IoGTdUp.exe
  2⤵
  PID:1336
- C:\Windows\System\ZmDqXBo.exe
  C:\Windows\System\ZmDqXBo.exe
  2⤵
  PID:2596
- C:\Windows\System\MhBIHMO.exe
  C:\Windows\System\MhBIHMO.exe
  2⤵
  PID:1828
- C:\Windows\System\buaLryZ.exe
  C:\Windows\System\buaLryZ.exe
  2⤵
  PID:3004
- C:\Windows\System\krXkGPe.exe
  C:\Windows\System\krXkGPe.exe
  2⤵
  PID:1616
- C:\Windows\System\enodKWa.exe
  C:\Windows\System\enodKWa.exe
  2⤵
  PID:836
- C:\Windows\System\bKTeNLe.exe
  C:\Windows\System\bKTeNLe.exe
  2⤵
  PID:2028
- C:\Windows\System\DHRRcmP.exe
  C:\Windows\System\DHRRcmP.exe
  2⤵
  PID:1776
- C:\Windows\System\QMcNfTj.exe
  C:\Windows\System\QMcNfTj.exe
  2⤵
  PID:2056
- C:\Windows\System\KMNRrNu.exe
  C:\Windows\System\KMNRrNu.exe
  2⤵
  PID:2976
- C:\Windows\System\CsZgKeX.exe
  C:\Windows\System\CsZgKeX.exe
  2⤵
  PID:992
- C:\Windows\System\EpvsLDD.exe
  C:\Windows\System\EpvsLDD.exe
  2⤵
  PID:2008
- C:\Windows\System\XCwCaMe.exe
  C:\Windows\System\XCwCaMe.exe
  2⤵
  PID:1604
- C:\Windows\System\eplJHXW.exe
  C:\Windows\System\eplJHXW.exe
  2⤵
  PID:2472
- C:\Windows\System\LSMvTke.exe
  C:\Windows\System\LSMvTke.exe
  2⤵
  PID:3008
- C:\Windows\System\NrzqDNU.exe
  C:\Windows\System\NrzqDNU.exe
  2⤵
  PID:2772
- C:\Windows\System\kdpGzkc.exe
  C:\Windows\System\kdpGzkc.exe
  2⤵
  PID:864
- C:\Windows\System\gdmDzgI.exe
  C:\Windows\System\gdmDzgI.exe
  2⤵
  PID:1592
- C:\Windows\System\UPuRenU.exe
  C:\Windows\System\UPuRenU.exe
  2⤵
  PID:2636
- C:\Windows\System\CDtnHjp.exe
  C:\Windows\System\CDtnHjp.exe
  2⤵
  PID:636
- C:\Windows\System\CUsTJRS.exe
  C:\Windows\System\CUsTJRS.exe
  2⤵
  PID:900
- C:\Windows\System\yIQDPAW.exe
  C:\Windows\System\yIQDPAW.exe
  2⤵
  PID:1588
- C:\Windows\System\qHUmGXv.exe
  C:\Windows\System\qHUmGXv.exe
  2⤵
  PID:3088
- C:\Windows\System\RrdWeHY.exe
  C:\Windows\System\RrdWeHY.exe
  2⤵
  PID:3108
- C:\Windows\System\MhNjqSd.exe
  C:\Windows\System\MhNjqSd.exe
  2⤵
  PID:3128
- C:\Windows\System\HUlnTiC.exe
  C:\Windows\System\HUlnTiC.exe
  2⤵
  PID:3144
- C:\Windows\System\AMLjBgb.exe
  C:\Windows\System\AMLjBgb.exe
  2⤵
  PID:3168
- C:\Windows\System\pToXVhQ.exe
  C:\Windows\System\pToXVhQ.exe
  2⤵
  PID:3188
- C:\Windows\System\zOrZXNP.exe
  C:\Windows\System\zOrZXNP.exe
  2⤵
  PID:3208
- C:\Windows\System\kRwCqHi.exe
  C:\Windows\System\kRwCqHi.exe
  2⤵
  PID:3228
- C:\Windows\System\huSHEVt.exe
  C:\Windows\System\huSHEVt.exe
  2⤵
  PID:3248
- C:\Windows\System\lZKJVQo.exe
  C:\Windows\System\lZKJVQo.exe
  2⤵
  PID:3268
- C:\Windows\System\qwzMQUV.exe
  C:\Windows\System\qwzMQUV.exe
  2⤵
  PID:3288
- C:\Windows\System\YNrvGoz.exe
  C:\Windows\System\YNrvGoz.exe
  2⤵
  PID:3308
- C:\Windows\System\hZmIZGo.exe
  C:\Windows\System\hZmIZGo.exe
  2⤵
  PID:3328
- C:\Windows\System\txwVrcf.exe
  C:\Windows\System\txwVrcf.exe
  2⤵
  PID:3348
- C:\Windows\System\JBEgxzl.exe
  C:\Windows\System\JBEgxzl.exe
  2⤵
  PID:3368
- C:\Windows\System\VGJXjsG.exe
  C:\Windows\System\VGJXjsG.exe
  2⤵
  PID:3388
- C:\Windows\System\JqQORjJ.exe
  C:\Windows\System\JqQORjJ.exe
  2⤵
  PID:3408
- C:\Windows\System\hEQAhJq.exe
  C:\Windows\System\hEQAhJq.exe
  2⤵
  PID:3428
- C:\Windows\System\HSJqhFm.exe
  C:\Windows\System\HSJqhFm.exe
  2⤵
  PID:3448
- C:\Windows\System\UEwSVHu.exe
  C:\Windows\System\UEwSVHu.exe
  2⤵
  PID:3468
- C:\Windows\System\nqemwAC.exe
  C:\Windows\System\nqemwAC.exe
  2⤵
  PID:3488
- C:\Windows\System\BSKjnbd.exe
  C:\Windows\System\BSKjnbd.exe
  2⤵
  PID:3508
- C:\Windows\System\sfrbWSl.exe
  C:\Windows\System\sfrbWSl.exe
  2⤵
  PID:3528
- C:\Windows\System\WWFcHGR.exe
  C:\Windows\System\WWFcHGR.exe
  2⤵
  PID:3548
- C:\Windows\System\aVJKcow.exe
  C:\Windows\System\aVJKcow.exe
  2⤵
  PID:3568
- C:\Windows\System\vqXiyDi.exe
  C:\Windows\System\vqXiyDi.exe
  2⤵
  PID:3588
- C:\Windows\System\NctauwW.exe
  C:\Windows\System\NctauwW.exe
  2⤵
  PID:3608
- C:\Windows\System\mhPLGdo.exe
  C:\Windows\System\mhPLGdo.exe
  2⤵
  PID:3628
- C:\Windows\System\xgiwFNj.exe
  C:\Windows\System\xgiwFNj.exe
  2⤵
  PID:3648
- C:\Windows\System\hAcvNsH.exe
  C:\Windows\System\hAcvNsH.exe
  2⤵
  PID:3668
- C:\Windows\System\KqyIEpF.exe
  C:\Windows\System\KqyIEpF.exe
  2⤵
  PID:3688
- C:\Windows\System\BLglFSV.exe
  C:\Windows\System\BLglFSV.exe
  2⤵
  PID:3704
- C:\Windows\System\UYDixBP.exe
  C:\Windows\System\UYDixBP.exe
  2⤵
  PID:3728
- C:\Windows\System\SJWPwqI.exe
  C:\Windows\System\SJWPwqI.exe
  2⤵
  PID:3748
- C:\Windows\System\WTxWCWS.exe
  C:\Windows\System\WTxWCWS.exe
  2⤵
  PID:3768
- C:\Windows\System\bEVWVwm.exe
  C:\Windows\System\bEVWVwm.exe
  2⤵
  PID:3784
- C:\Windows\System\MQOpswr.exe
  C:\Windows\System\MQOpswr.exe
  2⤵
  PID:3808
- C:\Windows\System\BkrWLlW.exe
  C:\Windows\System\BkrWLlW.exe
  2⤵
  PID:3824
- C:\Windows\System\FseXSLF.exe
  C:\Windows\System\FseXSLF.exe
  2⤵
  PID:3848
- C:\Windows\System\WyXBOvX.exe
  C:\Windows\System\WyXBOvX.exe
  2⤵
  PID:3864
- C:\Windows\System\rWxTZah.exe
  C:\Windows\System\rWxTZah.exe
  2⤵
  PID:3888
- C:\Windows\System\BDmXnbZ.exe
  C:\Windows\System\BDmXnbZ.exe
  2⤵
  PID:3908
- C:\Windows\System\zPTEosV.exe
  C:\Windows\System\zPTEosV.exe
  2⤵
  PID:3928
- C:\Windows\System\VnmHtfL.exe
  C:\Windows\System\VnmHtfL.exe
  2⤵
  PID:3948
- C:\Windows\System\RiWJUQf.exe
  C:\Windows\System\RiWJUQf.exe
  2⤵
  PID:3968
- C:\Windows\System\MsHeqiL.exe
  C:\Windows\System\MsHeqiL.exe
  2⤵
  PID:3988
- C:\Windows\System\ZMAnRNB.exe
  C:\Windows\System\ZMAnRNB.exe
  2⤵
  PID:4008
- C:\Windows\System\BWquczl.exe
  C:\Windows\System\BWquczl.exe
  2⤵
  PID:4028
- C:\Windows\System\nfUSuSx.exe
  C:\Windows\System\nfUSuSx.exe
  2⤵
  PID:4048
- C:\Windows\System\pmaHHlL.exe
  C:\Windows\System\pmaHHlL.exe
  2⤵
  PID:4068
- C:\Windows\System\SXZPuzL.exe
  C:\Windows\System\SXZPuzL.exe
  2⤵
  PID:4088
- C:\Windows\System\IAFYxKj.exe
  C:\Windows\System\IAFYxKj.exe
  2⤵
  PID:2256
- C:\Windows\System\FbNeesi.exe
  C:\Windows\System\FbNeesi.exe
  2⤵
  PID:2972
- C:\Windows\System\YDocuzN.exe
  C:\Windows\System\YDocuzN.exe
  2⤵
  PID:2964
- C:\Windows\System\dSfBrGG.exe
  C:\Windows\System\dSfBrGG.exe
  2⤵
  PID:2188
- C:\Windows\System\gAbbAsZ.exe
  C:\Windows\System\gAbbAsZ.exe
  2⤵
  PID:2708
- C:\Windows\System\ElFhfRw.exe
  C:\Windows\System\ElFhfRw.exe
  2⤵
  PID:2984
- C:\Windows\System\IDVgVRE.exe
  C:\Windows\System\IDVgVRE.exe
  2⤵
  PID:1536
- C:\Windows\System\vQGmdZj.exe
  C:\Windows\System\vQGmdZj.exe
  2⤵
  PID:2844
- C:\Windows\System\zLHwCvR.exe
  C:\Windows\System\zLHwCvR.exe
  2⤵
  PID:3116
- C:\Windows\System\WXSdfea.exe
  C:\Windows\System\WXSdfea.exe
  2⤵
  PID:3124
- C:\Windows\System\KMecInl.exe
  C:\Windows\System\KMecInl.exe
  2⤵
  PID:3164
- C:\Windows\System\aSdHqNg.exe
  C:\Windows\System\aSdHqNg.exe
  2⤵
  PID:3176
- C:\Windows\System\vGAVFzW.exe
  C:\Windows\System\vGAVFzW.exe
  2⤵
  PID:3180
- C:\Windows\System\FENhyrJ.exe
  C:\Windows\System\FENhyrJ.exe
  2⤵
  PID:3220
- C:\Windows\System\oJkZpND.exe
  C:\Windows\System\oJkZpND.exe
  2⤵
  PID:2648
- C:\Windows\System\nIYFdQp.exe
  C:\Windows\System\nIYFdQp.exe
  2⤵
  PID:3296
- C:\Windows\System\QleLaht.exe
  C:\Windows\System\QleLaht.exe
  2⤵
  PID:3364
- C:\Windows\System\bykbYZJ.exe
  C:\Windows\System\bykbYZJ.exe
  2⤵
  PID:3360
- C:\Windows\System\PKUAdcY.exe
  C:\Windows\System\PKUAdcY.exe
  2⤵
  PID:3404
- C:\Windows\System\ZNnFwJW.exe
  C:\Windows\System\ZNnFwJW.exe
  2⤵
  PID:3436
- C:\Windows\System\lLiadDr.exe
  C:\Windows\System\lLiadDr.exe
  2⤵
  PID:3420
- C:\Windows\System\KvyMyRt.exe
  C:\Windows\System\KvyMyRt.exe
  2⤵
  PID:3480
- C:\Windows\System\cHJNirT.exe
  C:\Windows\System\cHJNirT.exe
  2⤵
  PID:3524
- C:\Windows\System\vwCduXw.exe
  C:\Windows\System\vwCduXw.exe
  2⤵
  PID:3536
- C:\Windows\System\HleaQOc.exe
  C:\Windows\System\HleaQOc.exe
  2⤵
  PID:3540
- C:\Windows\System\zrudEbk.exe
  C:\Windows\System\zrudEbk.exe
  2⤵
  PID:3604
- C:\Windows\System\SnSSTpa.exe
  C:\Windows\System\SnSSTpa.exe
  2⤵
  PID:3616
- C:\Windows\System\HvymGLe.exe
  C:\Windows\System\HvymGLe.exe
  2⤵
  PID:2748
- C:\Windows\System\iHVockt.exe
  C:\Windows\System\iHVockt.exe
  2⤵
  PID:3660
- C:\Windows\System\upYOuFw.exe
  C:\Windows\System\upYOuFw.exe
  2⤵
  PID:3700
- C:\Windows\System\cgXRzlk.exe
  C:\Windows\System\cgXRzlk.exe
  2⤵
  PID:3792
- C:\Windows\System\IkLCCJE.exe
  C:\Windows\System\IkLCCJE.exe
  2⤵
  PID:3796
- C:\Windows\System\HEylZiq.exe
  C:\Windows\System\HEylZiq.exe
  2⤵
  PID:2580
- C:\Windows\System\YcJugJh.exe
  C:\Windows\System\YcJugJh.exe
  2⤵
  PID:3820
- C:\Windows\System\vWOTKeL.exe
  C:\Windows\System\vWOTKeL.exe
  2⤵
  PID:3860
- C:\Windows\System\dXaHznG.exe
  C:\Windows\System\dXaHznG.exe
  2⤵
  PID:3900
- C:\Windows\System\sdQgWEK.exe
  C:\Windows\System\sdQgWEK.exe
  2⤵
  PID:3940
- C:\Windows\System\TcHPFeU.exe
  C:\Windows\System\TcHPFeU.exe
  2⤵
  PID:4004
- C:\Windows\System\eNlpcTK.exe
  C:\Windows\System\eNlpcTK.exe
  2⤵
  PID:4000
- C:\Windows\System\mRAajns.exe
  C:\Windows\System\mRAajns.exe
  2⤵
  PID:4084
- C:\Windows\System\ryrOhAp.exe
  C:\Windows\System\ryrOhAp.exe
  2⤵
  PID:2328
- C:\Windows\System\YtPwQiX.exe
  C:\Windows\System\YtPwQiX.exe
  2⤵
  PID:4020
- C:\Windows\System\hVNKPIs.exe
  C:\Windows\System\hVNKPIs.exe
  2⤵
  PID:4056
- C:\Windows\System\TxJrjnl.exe
  C:\Windows\System\TxJrjnl.exe
  2⤵
  PID:2804
- C:\Windows\System\waajCod.exe
  C:\Windows\System\waajCod.exe
  2⤵
  PID:1188
- C:\Windows\System\dDzmUsh.exe
  C:\Windows\System\dDzmUsh.exe
  2⤵
  PID:3104
- C:\Windows\System\HonOavO.exe
  C:\Windows\System\HonOavO.exe
  2⤵
  PID:2600
- C:\Windows\System\tCZaGYg.exe
  C:\Windows\System\tCZaGYg.exe
  2⤵
  PID:2840
- C:\Windows\System\aRXWThk.exe
  C:\Windows\System\aRXWThk.exe
  2⤵
  PID:3244
- C:\Windows\System\GhmCHMJ.exe
  C:\Windows\System\GhmCHMJ.exe
  2⤵
  PID:3152
- C:\Windows\System\NGyTqnl.exe
  C:\Windows\System\NGyTqnl.exe
  2⤵
  PID:2696
- C:\Windows\System\bqNJKbF.exe
  C:\Windows\System\bqNJKbF.exe
  2⤵
  PID:3340
- C:\Windows\System\IIVrHwK.exe
  C:\Windows\System\IIVrHwK.exe
  2⤵
  PID:2560
- C:\Windows\System\HXmiALj.exe
  C:\Windows\System\HXmiALj.exe
  2⤵
  PID:2732
- C:\Windows\System\DxtXMZM.exe
  C:\Windows\System\DxtXMZM.exe
  2⤵
  PID:3476
- C:\Windows\System\ethRCaF.exe
  C:\Windows\System\ethRCaF.exe
  2⤵
  PID:3496
- C:\Windows\System\fHbAERQ.exe
  C:\Windows\System\fHbAERQ.exe
  2⤵
  PID:3460
- C:\Windows\System\HMjxFTC.exe
  C:\Windows\System\HMjxFTC.exe
  2⤵
  PID:3580
- C:\Windows\System\xuhNXQV.exe
  C:\Windows\System\xuhNXQV.exe
  2⤵
  PID:3684
- C:\Windows\System\PLgdsyJ.exe
  C:\Windows\System\PLgdsyJ.exe
  2⤵
  PID:3716
- C:\Windows\System\NxtvPSE.exe
  C:\Windows\System\NxtvPSE.exe
  2⤵
  PID:3724
- C:\Windows\System\yQSWFjj.exe
  C:\Windows\System\yQSWFjj.exe
  2⤵
  PID:3760
- C:\Windows\System\NLvrXvX.exe
  C:\Windows\System\NLvrXvX.exe
  2⤵
  PID:3832
- C:\Windows\System\bFQZIpD.exe
  C:\Windows\System\bFQZIpD.exe
  2⤵
  PID:3884
- C:\Windows\System\MJdSquq.exe
  C:\Windows\System\MJdSquq.exe
  2⤵
  PID:3996
- C:\Windows\System\uokEKWt.exe
  C:\Windows\System\uokEKWt.exe
  2⤵
  PID:2996
- C:\Windows\System\AUbxjlb.exe
  C:\Windows\System\AUbxjlb.exe
  2⤵
  PID:3984
- C:\Windows\System\RRxVVHj.exe
  C:\Windows\System\RRxVVHj.exe
  2⤵
  PID:4060
- C:\Windows\System\DvfOknU.exe
  C:\Windows\System\DvfOknU.exe
  2⤵
  PID:1928
- C:\Windows\System\KHkIWzS.exe
  C:\Windows\System\KHkIWzS.exe
  2⤵
  PID:1344
- C:\Windows\System\dJXNfQV.exe
  C:\Windows\System\dJXNfQV.exe
  2⤵
  PID:3136
- C:\Windows\System\uakGNbJ.exe
  C:\Windows\System\uakGNbJ.exe
  2⤵
  PID:3080
- C:\Windows\System\jnQYqWQ.exe
  C:\Windows\System\jnQYqWQ.exe
  2⤵
  PID:3236
- C:\Windows\System\ixhEcag.exe
  C:\Windows\System\ixhEcag.exe
  2⤵
  PID:3284
- C:\Windows\System\ewjSSUI.exe
  C:\Windows\System\ewjSSUI.exe
  2⤵
  PID:3316
- C:\Windows\System\MGVxTUe.exe
  C:\Windows\System\MGVxTUe.exe
  2⤵
  PID:2588
- C:\Windows\System\ZCVnxtG.exe
  C:\Windows\System\ZCVnxtG.exe
  2⤵
  PID:3484
- C:\Windows\System\EdABkES.exe
  C:\Windows\System\EdABkES.exe
  2⤵
  PID:3720
- C:\Windows\System\uOGodTU.exe
  C:\Windows\System\uOGodTU.exe
  2⤵
  PID:3624
- C:\Windows\System\FHEMKjY.exe
  C:\Windows\System\FHEMKjY.exe
  2⤵
  PID:3764
- C:\Windows\System\EAySSbO.exe
  C:\Windows\System\EAySSbO.exe
  2⤵
  PID:3924
- C:\Windows\System\ghoGwOY.exe
  C:\Windows\System\ghoGwOY.exe
  2⤵
  PID:3876
- C:\Windows\System\NiViWgO.exe
  C:\Windows\System\NiViWgO.exe
  2⤵
  PID:2576
- C:\Windows\System\aapnxdn.exe
  C:\Windows\System\aapnxdn.exe
  2⤵
  PID:3980
- C:\Windows\System\qYhfWWY.exe
  C:\Windows\System\qYhfWWY.exe
  2⤵
  PID:1688
- C:\Windows\System\eAMNPbJ.exe
  C:\Windows\System\eAMNPbJ.exe
  2⤵
  PID:1788
- C:\Windows\System\mwUfrmT.exe
  C:\Windows\System\mwUfrmT.exe
  2⤵
  PID:3204
- C:\Windows\System\IwjqjAb.exe
  C:\Windows\System\IwjqjAb.exe
  2⤵
  PID:3240
- C:\Windows\System\svnMToF.exe
  C:\Windows\System\svnMToF.exe
  2⤵
  PID:2988
- C:\Windows\System\mOkcfQt.exe
  C:\Windows\System\mOkcfQt.exe
  2⤵
  PID:3324
- C:\Windows\System\fpEwmYN.exe
  C:\Windows\System\fpEwmYN.exe
  2⤵
  PID:1532
- C:\Windows\System\GzsfLmR.exe
  C:\Windows\System\GzsfLmR.exe
  2⤵
  PID:3816
- C:\Windows\System\IMKOGan.exe
  C:\Windows\System\IMKOGan.exe
  2⤵
  PID:2004
- C:\Windows\System\TDADsNK.exe
  C:\Windows\System\TDADsNK.exe
  2⤵
  PID:2452
- C:\Windows\System\pqtwohU.exe
  C:\Windows\System\pqtwohU.exe
  2⤵
  PID:2372
- C:\Windows\System\KpWvwEd.exe
  C:\Windows\System\KpWvwEd.exe
  2⤵
  PID:2548
- C:\Windows\System\UqXitsv.exe
  C:\Windows\System\UqXitsv.exe
  2⤵
  PID:3184
- C:\Windows\System\svApxDa.exe
  C:\Windows\System\svApxDa.exe
  2⤵
  PID:3840
- C:\Windows\System\RZUcynM.exe
  C:\Windows\System\RZUcynM.exe
  2⤵
  PID:3464
- C:\Windows\System\VcrVpUD.exe
  C:\Windows\System\VcrVpUD.exe
  2⤵
  PID:4112
- C:\Windows\System\rjkNOAP.exe
  C:\Windows\System\rjkNOAP.exe
  2⤵
  PID:4132
- C:\Windows\System\tKJphhX.exe
  C:\Windows\System\tKJphhX.exe
  2⤵
  PID:4152
- C:\Windows\System\qVPbeqI.exe
  C:\Windows\System\qVPbeqI.exe
  2⤵
  PID:4172
- C:\Windows\System\XoRmeIi.exe
  C:\Windows\System\XoRmeIi.exe
  2⤵
  PID:4192
- C:\Windows\System\rRATpLc.exe
  C:\Windows\System\rRATpLc.exe
  2⤵
  PID:4208
- C:\Windows\System\trrFfAh.exe
  C:\Windows\System\trrFfAh.exe
  2⤵
  PID:4228
- C:\Windows\System\CCvqjuR.exe
  C:\Windows\System\CCvqjuR.exe
  2⤵
  PID:4248
- C:\Windows\System\iuCRyce.exe
  C:\Windows\System\iuCRyce.exe
  2⤵
  PID:4276
- C:\Windows\System\AZSZNFg.exe
  C:\Windows\System\AZSZNFg.exe
  2⤵
  PID:4292
- C:\Windows\System\ulwmpMd.exe
  C:\Windows\System\ulwmpMd.exe
  2⤵
  PID:4316
- C:\Windows\System\eafkUvR.exe
  C:\Windows\System\eafkUvR.exe
  2⤵
  PID:4332
- C:\Windows\System\YRNTEMg.exe
  C:\Windows\System\YRNTEMg.exe
  2⤵
  PID:4356
- C:\Windows\System\GppkEJj.exe
  C:\Windows\System\GppkEJj.exe
  2⤵
  PID:4376
- C:\Windows\System\OCNTWBd.exe
  C:\Windows\System\OCNTWBd.exe
  2⤵
  PID:4396
- C:\Windows\System\xDNKPiL.exe
  C:\Windows\System\xDNKPiL.exe
  2⤵
  PID:4416
- C:\Windows\System\CFHRrPF.exe
  C:\Windows\System\CFHRrPF.exe
  2⤵
  PID:4436
- C:\Windows\System\txZWtsd.exe
  C:\Windows\System\txZWtsd.exe
  2⤵
  PID:4456
- C:\Windows\System\IwIZKGs.exe
  C:\Windows\System\IwIZKGs.exe
  2⤵
  PID:4476
- C:\Windows\System\skzzZsh.exe
  C:\Windows\System\skzzZsh.exe
  2⤵
  PID:4496
- C:\Windows\System\ljQqSZL.exe
  C:\Windows\System\ljQqSZL.exe
  2⤵
  PID:4516
- C:\Windows\System\XoofqXT.exe
  C:\Windows\System\XoofqXT.exe
  2⤵
  PID:4536
- C:\Windows\System\wETHWil.exe
  C:\Windows\System\wETHWil.exe
  2⤵
  PID:4556
- C:\Windows\System\eHkRzEN.exe
  C:\Windows\System\eHkRzEN.exe
  2⤵
  PID:4576
- C:\Windows\System\wrntLnS.exe
  C:\Windows\System\wrntLnS.exe
  2⤵
  PID:4596
- C:\Windows\System\EEVFFja.exe
  C:\Windows\System\EEVFFja.exe
  2⤵
  PID:4616
- C:\Windows\System\RoVnWFA.exe
  C:\Windows\System\RoVnWFA.exe
  2⤵
  PID:4636
- C:\Windows\System\nyypXtx.exe
  C:\Windows\System\nyypXtx.exe
  2⤵
  PID:4656
- C:\Windows\System\dKkUTop.exe
  C:\Windows\System\dKkUTop.exe
  2⤵
  PID:4676
- C:\Windows\System\KsgOYaN.exe
  C:\Windows\System\KsgOYaN.exe
  2⤵
  PID:4696
- C:\Windows\System\YuaEfXq.exe
  C:\Windows\System\YuaEfXq.exe
  2⤵
  PID:4716
- C:\Windows\System\IyHCyVb.exe
  C:\Windows\System\IyHCyVb.exe
  2⤵
  PID:4736
- C:\Windows\System\bNylvce.exe
  C:\Windows\System\bNylvce.exe
  2⤵
  PID:4756
- C:\Windows\System\dNvRZTq.exe
  C:\Windows\System\dNvRZTq.exe
  2⤵
  PID:4776
- C:\Windows\System\PUrEHLD.exe
  C:\Windows\System\PUrEHLD.exe
  2⤵
  PID:4796
- C:\Windows\System\kZwgZcr.exe
  C:\Windows\System\kZwgZcr.exe
  2⤵
  PID:4816
- C:\Windows\System\pAzvjLK.exe
  C:\Windows\System\pAzvjLK.exe
  2⤵
  PID:4836
- C:\Windows\System\GkrDOVT.exe
  C:\Windows\System\GkrDOVT.exe
  2⤵
  PID:4856
- C:\Windows\System\louxZEg.exe
  C:\Windows\System\louxZEg.exe
  2⤵
  PID:4876
- C:\Windows\System\XBlITXH.exe
  C:\Windows\System\XBlITXH.exe
  2⤵
  PID:4892
- C:\Windows\System\QYkmZHy.exe
  C:\Windows\System\QYkmZHy.exe
  2⤵
  PID:4916
- C:\Windows\System\WvzCDMo.exe
  C:\Windows\System\WvzCDMo.exe
  2⤵
  PID:4932
- C:\Windows\System\TBLJUTq.exe
  C:\Windows\System\TBLJUTq.exe
  2⤵
  PID:4956
- C:\Windows\System\CgAdZRq.exe
  C:\Windows\System\CgAdZRq.exe
  2⤵
  PID:4976
- C:\Windows\System\EpFXuEC.exe
  C:\Windows\System\EpFXuEC.exe
  2⤵
  PID:4996
- C:\Windows\System\qMEvCpU.exe
  C:\Windows\System\qMEvCpU.exe
  2⤵
  PID:5012
- C:\Windows\System\IZHkDCY.exe
  C:\Windows\System\IZHkDCY.exe
  2⤵
  PID:5036
- C:\Windows\System\vhPpGCP.exe
  C:\Windows\System\vhPpGCP.exe
  2⤵
  PID:5052
- C:\Windows\System\QgTBWFM.exe
  C:\Windows\System\QgTBWFM.exe
  2⤵
  PID:5076
- C:\Windows\System\kWRBZCk.exe
  C:\Windows\System\kWRBZCk.exe
  2⤵
  PID:5092
- C:\Windows\System\nBHvVGA.exe
  C:\Windows\System\nBHvVGA.exe
  2⤵
  PID:5116
- C:\Windows\System\KuRkZwR.exe
  C:\Windows\System\KuRkZwR.exe
  2⤵
  PID:3956
- C:\Windows\System\BcwkmWB.exe
  C:\Windows\System\BcwkmWB.exe
  2⤵
  PID:1032
- C:\Windows\System\LDjklWE.exe
  C:\Windows\System\LDjklWE.exe
  2⤵
  PID:3564
- C:\Windows\System\snuaytf.exe
  C:\Windows\System\snuaytf.exe
  2⤵
  PID:4108
- C:\Windows\System\pWsqGYr.exe
  C:\Windows\System\pWsqGYr.exe
  2⤵
  PID:4180
- C:\Windows\System\gAxTwpN.exe
  C:\Windows\System\gAxTwpN.exe
  2⤵
  PID:4124
- C:\Windows\System\GQoEDxc.exe
  C:\Windows\System\GQoEDxc.exe
  2⤵
  PID:2904
- C:\Windows\System\QCWMEmC.exe
  C:\Windows\System\QCWMEmC.exe
  2⤵
  PID:4268
- C:\Windows\System\UWOOqNg.exe
  C:\Windows\System\UWOOqNg.exe
  2⤵
  PID:4236
- C:\Windows\System\YnikRgJ.exe
  C:\Windows\System\YnikRgJ.exe
  2⤵
  PID:4284
- C:\Windows\System\nWgqtuZ.exe
  C:\Windows\System\nWgqtuZ.exe
  2⤵
  PID:4348
- C:\Windows\System\OoiypUb.exe
  C:\Windows\System\OoiypUb.exe
  2⤵
  PID:4384
- C:\Windows\System\vkuCwOo.exe
  C:\Windows\System\vkuCwOo.exe
  2⤵
  PID:4388
- C:\Windows\System\GTkanRy.exe
  C:\Windows\System\GTkanRy.exe
  2⤵
  PID:4412
- C:\Windows\System\hZpzNdu.exe
  C:\Windows\System\hZpzNdu.exe
  2⤵
  PID:4464
- C:\Windows\System\SjCDbFh.exe
  C:\Windows\System\SjCDbFh.exe
  2⤵
  PID:4468
- C:\Windows\System\QMbDQdS.exe
  C:\Windows\System\QMbDQdS.exe
  2⤵
  PID:4644
- C:\Windows\System\kEzLYfO.exe
  C:\Windows\System\kEzLYfO.exe
  2⤵
  PID:4704
- C:\Windows\System\tdjPkBc.exe
  C:\Windows\System\tdjPkBc.exe
  2⤵
  PID:4708
- C:\Windows\System\pIGmrsT.exe
  C:\Windows\System\pIGmrsT.exe
  2⤵
  PID:4732
- C:\Windows\System\OGaLACp.exe
  C:\Windows\System\OGaLACp.exe
  2⤵
  PID:4824
- C:\Windows\System\TpjhKJN.exe
  C:\Windows\System\TpjhKJN.exe
  2⤵
  PID:4808
- C:\Windows\System\czvNyOe.exe
  C:\Windows\System\czvNyOe.exe
  2⤵
  PID:4844
- C:\Windows\System\ETOGktZ.exe
  C:\Windows\System\ETOGktZ.exe
  2⤵
  PID:4852
- C:\Windows\System\XVCMiqm.exe
  C:\Windows\System\XVCMiqm.exe
  2⤵
  PID:4908
- C:\Windows\System\uzDAcKc.exe
  C:\Windows\System\uzDAcKc.exe
  2⤵
  PID:4940
- C:\Windows\System\hilYmkg.exe
  C:\Windows\System\hilYmkg.exe
  2⤵
  PID:4992
- C:\Windows\System\tyMqqpp.exe
  C:\Windows\System\tyMqqpp.exe
  2⤵
  PID:2312
- C:\Windows\System\SYeMFzw.exe
  C:\Windows\System\SYeMFzw.exe
  2⤵
  PID:5060
- C:\Windows\System\QepfUWY.exe
  C:\Windows\System\QepfUWY.exe
  2⤵
  PID:5008
- C:\Windows\System\ymZGxoi.exe
  C:\Windows\System\ymZGxoi.exe
  2⤵
  PID:5112
- C:\Windows\System\oUEapGA.exe
  C:\Windows\System\oUEapGA.exe
  2⤵
  PID:5084
- C:\Windows\System\nJQRyBr.exe
  C:\Windows\System\nJQRyBr.exe
  2⤵
  PID:3664
- C:\Windows\System\kYUFbWM.exe
  C:\Windows\System\kYUFbWM.exe
  2⤵
  PID:3444
- C:\Windows\System\tuUgdAG.exe
  C:\Windows\System\tuUgdAG.exe
  2⤵
  PID:4260
- C:\Windows\System\PKjgDxm.exe
  C:\Windows\System\PKjgDxm.exe
  2⤵
  PID:4144
- C:\Windows\System\cwoGoBR.exe
  C:\Windows\System\cwoGoBR.exe
  2⤵
  PID:4308
- C:\Windows\System\LleEyot.exe
  C:\Windows\System\LleEyot.exe
  2⤵
  PID:4344
- C:\Windows\System\kuWvlRP.exe
  C:\Windows\System\kuWvlRP.exe
  2⤵
  PID:4424
- C:\Windows\System\FARpSZk.exe
  C:\Windows\System\FARpSZk.exe
  2⤵
  PID:4452
- C:\Windows\System\UOxeDqY.exe
  C:\Windows\System\UOxeDqY.exe
  2⤵
  PID:4368
- C:\Windows\System\XTxfdNj.exe
  C:\Windows\System\XTxfdNj.exe
  2⤵
  PID:4408
- C:\Windows\System\SMutGmK.exe
  C:\Windows\System\SMutGmK.exe
  2⤵
  PID:4504
- C:\Windows\System\deHrLow.exe
  C:\Windows\System\deHrLow.exe
  2⤵
  PID:484
- C:\Windows\System\tCMssSD.exe
  C:\Windows\System\tCMssSD.exe
  2⤵
  PID:2668
- C:\Windows\System\kSSLhgd.exe
  C:\Windows\System\kSSLhgd.exe
  2⤵
  PID:4612
- C:\Windows\System\QnVBltX.exe
  C:\Windows\System\QnVBltX.exe
  2⤵
  PID:1984
- C:\Windows\System\FCotKob.exe
  C:\Windows\System\FCotKob.exe
  2⤵
  PID:2124
- C:\Windows\System\uKkqryq.exe
  C:\Windows\System\uKkqryq.exe
  2⤵
  PID:2872
- C:\Windows\System\gFjggEa.exe
  C:\Windows\System\gFjggEa.exe
  2⤵
  PID:1144
- C:\Windows\System\TvOAFng.exe
  C:\Windows\System\TvOAFng.exe
  2⤵
  PID:2332
- C:\Windows\System\livsnHF.exe
  C:\Windows\System\livsnHF.exe
  2⤵
  PID:4688
- C:\Windows\System\rNtviMc.exe
  C:\Windows\System\rNtviMc.exe
  2⤵
  PID:2892
- C:\Windows\System\vDmCyFX.exe
  C:\Windows\System\vDmCyFX.exe
  2⤵
  PID:4768
- C:\Windows\System\QzWKzgG.exe
  C:\Windows\System\QzWKzgG.exe
  2⤵
  PID:4312
- C:\Windows\System\ndwyCnh.exe
  C:\Windows\System\ndwyCnh.exe
  2⤵
  PID:1720
- C:\Windows\System\ssshdvd.exe
  C:\Windows\System\ssshdvd.exe
  2⤵
  PID:948
- C:\Windows\System\fjnTTOL.exe
  C:\Windows\System\fjnTTOL.exe
  2⤵
  PID:5032
- C:\Windows\System\xmSPiDP.exe
  C:\Windows\System\xmSPiDP.exe
  2⤵
  PID:4864
- C:\Windows\System\dDZsjmV.exe
  C:\Windows\System\dDZsjmV.exe
  2⤵
  PID:4924
- C:\Windows\System\BorgsWs.exe
  C:\Windows\System\BorgsWs.exe
  2⤵
  PID:5004
- C:\Windows\System\REkILUH.exe
  C:\Windows\System\REkILUH.exe
  2⤵
  PID:1692
- C:\Windows\System\taGzXzX.exe
  C:\Windows\System\taGzXzX.exe
  2⤵
  PID:4128
- C:\Windows\System\YtLeubR.exe
  C:\Windows\System\YtLeubR.exe
  2⤵
  PID:308
- C:\Windows\System\oRGrGVf.exe
  C:\Windows\System\oRGrGVf.exe
  2⤵
  PID:4148
- C:\Windows\System\ybTPjWS.exe
  C:\Windows\System\ybTPjWS.exe
  2⤵
  PID:328
- C:\Windows\System\hEPPcTg.exe
  C:\Windows\System\hEPPcTg.exe
  2⤵
  PID:1856
- C:\Windows\System\wCGSayO.exe
  C:\Windows\System\wCGSayO.exe
  2⤵
  PID:2564
- C:\Windows\System\CTBxhWp.exe
  C:\Windows\System\CTBxhWp.exe
  2⤵
  PID:860
- C:\Windows\System\cXhhdsa.exe
  C:\Windows\System\cXhhdsa.exe
  2⤵
  PID:4244
- C:\Windows\System\oMgjeqF.exe
  C:\Windows\System\oMgjeqF.exe
  2⤵
  PID:4692
- C:\Windows\System\mjVenhq.exe
  C:\Windows\System\mjVenhq.exe
  2⤵
  PID:4372
- C:\Windows\System\yfbOYVR.exe
  C:\Windows\System\yfbOYVR.exe
  2⤵
  PID:2664
- C:\Windows\System\dcAiwOc.exe
  C:\Windows\System\dcAiwOc.exe
  2⤵
  PID:2544
- C:\Windows\System\MDrVhfk.exe
  C:\Windows\System\MDrVhfk.exe
  2⤵
  PID:1964
- C:\Windows\System\KOOKaUy.exe
  C:\Windows\System\KOOKaUy.exe
  2⤵
  PID:4672
- C:\Windows\System\xzywVqw.exe
  C:\Windows\System\xzywVqw.exe
  2⤵
  PID:4752
- C:\Windows\System\BLvRtVa.exe
  C:\Windows\System\BLvRtVa.exe
  2⤵
  PID:2440
- C:\Windows\System\QTkRucZ.exe
  C:\Windows\System\QTkRucZ.exe
  2⤵
  PID:4952
- C:\Windows\System\MwPiPwT.exe
  C:\Windows\System\MwPiPwT.exe
  2⤵
  PID:4080
- C:\Windows\System\lsOTuQC.exe
  C:\Windows\System\lsOTuQC.exe
  2⤵
  PID:4224
- C:\Windows\System\JjeRzzO.exe
  C:\Windows\System\JjeRzzO.exe
  2⤵
  PID:2224
- C:\Windows\System\ZLVegfF.exe
  C:\Windows\System\ZLVegfF.exe
  2⤵
  PID:4928
- C:\Windows\System\umBVSlO.exe
  C:\Windows\System\umBVSlO.exe
  2⤵
  PID:3836
- C:\Windows\System\TaqMwUA.exe
  C:\Windows\System\TaqMwUA.exe
  2⤵
  PID:2828
- C:\Windows\System\LRHcZtM.exe
  C:\Windows\System\LRHcZtM.exe
  2⤵
  PID:4204
- C:\Windows\System\rhgdBOr.exe
  C:\Windows\System\rhgdBOr.exe
  2⤵
  PID:4788
- C:\Windows\System\NtZnpNz.exe
  C:\Windows\System\NtZnpNz.exe
  2⤵
  PID:388
- C:\Windows\System\mpcnoST.exe
  C:\Windows\System\mpcnoST.exe
  2⤵
  PID:3028
- C:\Windows\System\tZWSjlH.exe
  C:\Windows\System\tZWSjlH.exe
  2⤵
  PID:2780
- C:\Windows\System\KBAvgkF.exe
  C:\Windows\System\KBAvgkF.exe
  2⤵
  PID:2568
- C:\Windows\System\dnqnKkb.exe
  C:\Windows\System\dnqnKkb.exe
  2⤵
  PID:2936
- C:\Windows\System\SEMAOOo.exe
  C:\Windows\System\SEMAOOo.exe
  2⤵
  PID:3344
- C:\Windows\System\ItVQFlv.exe
  C:\Windows\System\ItVQFlv.exe
  2⤵
  PID:4972
- C:\Windows\System\YrbaPHa.exe
  C:\Windows\System\YrbaPHa.exe
  2⤵
  PID:4944
- C:\Windows\System\NIkzPfv.exe
  C:\Windows\System\NIkzPfv.exe
  2⤵
  PID:1040
- C:\Windows\System\wPweMvG.exe
  C:\Windows\System\wPweMvG.exe
  2⤵
  PID:700
- C:\Windows\System\zJxvHVF.exe
  C:\Windows\System\zJxvHVF.exe
  2⤵
  PID:4684
- C:\Windows\System\SWHsIxq.exe
  C:\Windows\System\SWHsIxq.exe
  2⤵
  PID:4164
- C:\Windows\System\cGFQFXA.exe
  C:\Windows\System\cGFQFXA.exe
  2⤵
  PID:4568
- C:\Windows\System\lJeHYML.exe
  C:\Windows\System\lJeHYML.exe
  2⤵
  PID:4804
- C:\Windows\System\olDuZUd.exe
  C:\Windows\System\olDuZUd.exe
  2⤵
  PID:5128
- C:\Windows\System\kkAbjJH.exe
  C:\Windows\System\kkAbjJH.exe
  2⤵
  PID:5148
- C:\Windows\System\IImHrfo.exe
  C:\Windows\System\IImHrfo.exe
  2⤵
  PID:5168
- C:\Windows\System\OAHKPEg.exe
  C:\Windows\System\OAHKPEg.exe
  2⤵
  PID:5188
- C:\Windows\System\kUPQVjs.exe
  C:\Windows\System\kUPQVjs.exe
  2⤵
  PID:5212
- C:\Windows\System\NXsrkdM.exe
  C:\Windows\System\NXsrkdM.exe
  2⤵
  PID:5228
- C:\Windows\System\kbMQUNb.exe
  C:\Windows\System\kbMQUNb.exe
  2⤵
  PID:5248
- C:\Windows\System\NXjzjhi.exe
  C:\Windows\System\NXjzjhi.exe
  2⤵
  PID:5272
- C:\Windows\System\GVFsHUG.exe
  C:\Windows\System\GVFsHUG.exe
  2⤵
  PID:5300
- C:\Windows\System\mksifZD.exe
  C:\Windows\System\mksifZD.exe
  2⤵
  PID:5316
- C:\Windows\System\PiyqbEW.exe
  C:\Windows\System\PiyqbEW.exe
  2⤵
  PID:5336
- C:\Windows\System\JNzCJti.exe
  C:\Windows\System\JNzCJti.exe
  2⤵
  PID:5356
- C:\Windows\System\DGxaqHW.exe
  C:\Windows\System\DGxaqHW.exe
  2⤵
  PID:5372
- C:\Windows\System\OYIEddN.exe
  C:\Windows\System\OYIEddN.exe
  2⤵
  PID:5392
- C:\Windows\System\EEnfYpb.exe
  C:\Windows\System\EEnfYpb.exe
  2⤵
  PID:5408
- C:\Windows\System\scSKbiV.exe
  C:\Windows\System\scSKbiV.exe
  2⤵
  PID:5428
- C:\Windows\System\nZUcfod.exe
  C:\Windows\System\nZUcfod.exe
  2⤵
  PID:5444
- C:\Windows\System\aDqqlTD.exe
  C:\Windows\System\aDqqlTD.exe
  2⤵
  PID:5472
- C:\Windows\System\fpZjSFH.exe
  C:\Windows\System\fpZjSFH.exe
  2⤵
  PID:5488
- C:\Windows\System\cNUEFct.exe
  C:\Windows\System\cNUEFct.exe
  2⤵
  PID:5516
- C:\Windows\System\OpDrjaI.exe
  C:\Windows\System\OpDrjaI.exe
  2⤵
  PID:5540
- C:\Windows\System\bafNiQL.exe
  C:\Windows\System\bafNiQL.exe
  2⤵
  PID:5556
- C:\Windows\System\ZfOjaxA.exe
  C:\Windows\System\ZfOjaxA.exe
  2⤵
  PID:5572
- C:\Windows\System\kmHIcTI.exe
  C:\Windows\System\kmHIcTI.exe
  2⤵
  PID:5600
- C:\Windows\System\Udsbgnr.exe
  C:\Windows\System\Udsbgnr.exe
  2⤵
  PID:5616
- C:\Windows\System\bfEteqh.exe
  C:\Windows\System\bfEteqh.exe
  2⤵
  PID:5636
- C:\Windows\System\VFMhcmC.exe
  C:\Windows\System\VFMhcmC.exe
  2⤵
  PID:5652
- C:\Windows\System\UyidjvX.exe
  C:\Windows\System\UyidjvX.exe
  2⤵
  PID:5672
- C:\Windows\System\HyXKOPC.exe
  C:\Windows\System\HyXKOPC.exe
  2⤵
  PID:5688
- C:\Windows\System\QDxBLIJ.exe
  C:\Windows\System\QDxBLIJ.exe
  2⤵
  PID:5708
- C:\Windows\System\ameRlqy.exe
  C:\Windows\System\ameRlqy.exe
  2⤵
  PID:5724
- C:\Windows\System\MfPpBmp.exe
  C:\Windows\System\MfPpBmp.exe
  2⤵
  PID:5748
- C:\Windows\System\SjkKbKE.exe
  C:\Windows\System\SjkKbKE.exe
  2⤵
  PID:5776
- C:\Windows\System\yYtKDpw.exe
  C:\Windows\System\yYtKDpw.exe
  2⤵
  PID:5792
- C:\Windows\System\EFBUoyJ.exe
  C:\Windows\System\EFBUoyJ.exe
  2⤵
  PID:5820
- C:\Windows\System\tlGBuAs.exe
  C:\Windows\System\tlGBuAs.exe
  2⤵
  PID:5836
- C:\Windows\System\PArclFS.exe
  C:\Windows\System\PArclFS.exe
  2⤵
  PID:5860
- C:\Windows\System\EuGmlkR.exe
  C:\Windows\System\EuGmlkR.exe
  2⤵
  PID:5884
- C:\Windows\System\wHycCdh.exe
  C:\Windows\System\wHycCdh.exe
  2⤵
  PID:5900
- C:\Windows\System\wFbPTLq.exe
  C:\Windows\System\wFbPTLq.exe
  2⤵
  PID:5920
- C:\Windows\System\fRKrvZv.exe
  C:\Windows\System\fRKrvZv.exe
  2⤵
  PID:5936
- C:\Windows\System\fATcZRP.exe
  C:\Windows\System\fATcZRP.exe
  2⤵
  PID:5956
- C:\Windows\System\ixdpFoE.exe
  C:\Windows\System\ixdpFoE.exe
  2⤵
  PID:5972
- C:\Windows\System\bhpMNiP.exe
  C:\Windows\System\bhpMNiP.exe
  2⤵
  PID:5992
- C:\Windows\System\mKqrldp.exe
  C:\Windows\System\mKqrldp.exe
  2⤵
  PID:6008
- C:\Windows\System\XaKjQhU.exe
  C:\Windows\System\XaKjQhU.exe
  2⤵
  PID:6028
- C:\Windows\System\OtbChBP.exe
  C:\Windows\System\OtbChBP.exe
  2⤵
  PID:6044
- C:\Windows\System\HRTGnru.exe
  C:\Windows\System\HRTGnru.exe
  2⤵
  PID:6064
- C:\Windows\System\QfiGxtM.exe
  C:\Windows\System\QfiGxtM.exe
  2⤵
  PID:6080
- C:\Windows\System\zbbSPnA.exe
  C:\Windows\System\zbbSPnA.exe
  2⤵
  PID:6100
- C:\Windows\System\njthMdN.exe
  C:\Windows\System\njthMdN.exe
  2⤵
  PID:6116
- C:\Windows\System\LjllaVi.exe
  C:\Windows\System\LjllaVi.exe
  2⤵
  PID:6140
- C:\Windows\System\MDiRvmd.exe
  C:\Windows\System\MDiRvmd.exe
  2⤵
  PID:5124
- C:\Windows\System\ZxfxjXs.exe
  C:\Windows\System\ZxfxjXs.exe
  2⤵
  PID:2792
- C:\Windows\System\QZeHdHi.exe
  C:\Windows\System\QZeHdHi.exe
  2⤵
  PID:5164
- C:\Windows\System\ewXgiif.exe
  C:\Windows\System\ewXgiif.exe
  2⤵
  PID:2848
- C:\Windows\System\uNxMrsn.exe
  C:\Windows\System\uNxMrsn.exe
  2⤵
  PID:5204
- C:\Windows\System\aXSfATi.exe
  C:\Windows\System\aXSfATi.exe
  2⤵
  PID:5240
- C:\Windows\System\OQiECbu.exe
  C:\Windows\System\OQiECbu.exe
  2⤵
  PID:3012
- C:\Windows\System\vTopVAy.exe
  C:\Windows\System\vTopVAy.exe
  2⤵
  PID:5280
- C:\Windows\System\eCIXtZx.exe
  C:\Windows\System\eCIXtZx.exe
  2⤵
  PID:5264
- C:\Windows\System\cQlHLuA.exe
  C:\Windows\System\cQlHLuA.exe
  2⤵
  PID:5312
- C:\Windows\System\vTeSqxK.exe
  C:\Windows\System\vTeSqxK.exe
  2⤵
  PID:5400
- C:\Windows\System\DNMZxxZ.exe
  C:\Windows\System\DNMZxxZ.exe
  2⤵
  PID:5480
- C:\Windows\System\PSUOJEd.exe
  C:\Windows\System\PSUOJEd.exe
  2⤵
  PID:5388
- C:\Windows\System\slvKbWW.exe
  C:\Windows\System\slvKbWW.exe
  2⤵
  PID:5456
- C:\Windows\System\wvZOHiW.exe
  C:\Windows\System\wvZOHiW.exe
  2⤵
  PID:5496
- C:\Windows\System\bDIMvZB.exe
  C:\Windows\System\bDIMvZB.exe
  2⤵
  PID:5524
- C:\Windows\System\CpKknQM.exe
  C:\Windows\System\CpKknQM.exe
  2⤵
  PID:5564
- C:\Windows\System\qakEKkP.exe
  C:\Windows\System\qakEKkP.exe
  2⤵
  PID:5644
- C:\Windows\System\hezYRdk.exe
  C:\Windows\System\hezYRdk.exe
  2⤵
  PID:5720
- C:\Windows\System\hTuCFJw.exe
  C:\Windows\System\hTuCFJw.exe
  2⤵
  PID:5760
- C:\Windows\System\LmXreMb.exe
  C:\Windows\System\LmXreMb.exe
  2⤵
  PID:5804
- C:\Windows\System\xiETTvb.exe
  C:\Windows\System\xiETTvb.exe
  2⤵
  PID:5624
- C:\Windows\System\RbNUKEI.exe
  C:\Windows\System\RbNUKEI.exe
  2⤵
  PID:5664
- C:\Windows\System\XpZRsjU.exe
  C:\Windows\System\XpZRsjU.exe
  2⤵
  PID:5732
- C:\Windows\System\qHsBnsM.exe
  C:\Windows\System\qHsBnsM.exe
  2⤵
  PID:5784
- C:\Windows\System\jChGpfk.exe
  C:\Windows\System\jChGpfk.exe
  2⤵
  PID:5832
- C:\Windows\System\UpzsebG.exe
  C:\Windows\System\UpzsebG.exe
  2⤵
  PID:5892
- C:\Windows\System\NQPDeiI.exe
  C:\Windows\System\NQPDeiI.exe
  2⤵
  PID:6000
- C:\Windows\System\mPgdhRs.exe
  C:\Windows\System\mPgdhRs.exe
  2⤵
  PID:6076
- C:\Windows\System\YGgTWaT.exe
  C:\Windows\System\YGgTWaT.exe
  2⤵
  PID:2644
- C:\Windows\System\OYkBEJJ.exe
  C:\Windows\System\OYkBEJJ.exe
  2⤵
  PID:5876
- C:\Windows\System\OEHViha.exe
  C:\Windows\System\OEHViha.exe
  2⤵
  PID:5028
- C:\Windows\System\levwEQU.exe
  C:\Windows\System\levwEQU.exe
  2⤵
  PID:6056
- C:\Windows\System\ETHuKsU.exe
  C:\Windows\System\ETHuKsU.exe
  2⤵
  PID:5220
- C:\Windows\System\OAyRGYD.exe
  C:\Windows\System\OAyRGYD.exe
  2⤵
  PID:6016
- C:\Windows\System\aElUWei.exe
  C:\Windows\System\aElUWei.exe
  2⤵
  PID:5916
- C:\Windows\System\dlLsRls.exe
  C:\Windows\System\dlLsRls.exe
  2⤵
  PID:5980
- C:\Windows\System\xPExMPy.exe
  C:\Windows\System\xPExMPy.exe
  2⤵
  PID:6132
- C:\Windows\System\OYiRtqK.exe
  C:\Windows\System\OYiRtqK.exe
  2⤵
  PID:4256
- C:\Windows\System\WllyBQv.exe
  C:\Windows\System\WllyBQv.exe
  2⤵
  PID:5236
- C:\Windows\System\AdcGrKd.exe
  C:\Windows\System\AdcGrKd.exe
  2⤵
  PID:5308
- C:\Windows\System\eoDNSoL.exe
  C:\Windows\System\eoDNSoL.exe
  2⤵
  PID:1732
- C:\Windows\System\rItnBuU.exe
  C:\Windows\System\rItnBuU.exe
  2⤵
  PID:5440
- C:\Windows\System\KfOJELE.exe
  C:\Windows\System\KfOJELE.exe
  2⤵
  PID:5452
- C:\Windows\System\yxTWwDk.exe
  C:\Windows\System\yxTWwDk.exe
  2⤵
  PID:5508
- C:\Windows\System\szmjSBr.exe
  C:\Windows\System\szmjSBr.exe
  2⤵
  PID:5768
- C:\Windows\System\pyCAmoL.exe
  C:\Windows\System\pyCAmoL.exe
  2⤵
  PID:5772
- C:\Windows\System\fmZLRqD.exe
  C:\Windows\System\fmZLRqD.exe
  2⤵
  PID:5740
- C:\Windows\System\xpCcMuE.exe
  C:\Windows\System\xpCcMuE.exe
  2⤵
  PID:5596
- C:\Windows\System\Cnotltm.exe
  C:\Windows\System\Cnotltm.exe
  2⤵
  PID:5844
- C:\Windows\System\sciaTZu.exe
  C:\Windows\System\sciaTZu.exe
  2⤵
  PID:4900
- C:\Windows\System\GPBjkHU.exe
  C:\Windows\System\GPBjkHU.exe
  2⤵
  PID:5928
- C:\Windows\System\qowUmQV.exe
  C:\Windows\System\qowUmQV.exe
  2⤵
  PID:5160
- C:\Windows\System\lRkjibL.exe
  C:\Windows\System\lRkjibL.exe
  2⤵
  PID:6052
- C:\Windows\System\EZFtWdf.exe
  C:\Windows\System\EZFtWdf.exe
  2⤵
  PID:4628
- C:\Windows\System\EdflbER.exe
  C:\Windows\System\EdflbER.exe
  2⤵
  PID:5288
- C:\Windows\System\DAfCIAL.exe
  C:\Windows\System\DAfCIAL.exe
  2⤵
  PID:5952
- C:\Windows\System\DrDrwzX.exe
  C:\Windows\System\DrDrwzX.exe
  2⤵
  PID:5364
- C:\Windows\System\bLbjdwp.exe
  C:\Windows\System\bLbjdwp.exe
  2⤵
  PID:5344
- C:\Windows\System\oEaYnYf.exe
  C:\Windows\System\oEaYnYf.exe
  2⤵
  PID:5504
- C:\Windows\System\EmAeUJS.exe
  C:\Windows\System\EmAeUJS.exe
  2⤵
  PID:6124
- C:\Windows\System\wMTnLRT.exe
  C:\Windows\System\wMTnLRT.exe
  2⤵
  PID:4812
- C:\Windows\System\ZQafyIi.exe
  C:\Windows\System\ZQafyIi.exe
  2⤵
  PID:5532
- C:\Windows\System\OHBmkXS.exe
  C:\Windows\System\OHBmkXS.exe
  2⤵
  PID:5548
- C:\Windows\System\LcPgOcH.exe
  C:\Windows\System\LcPgOcH.exe
  2⤵
  PID:5296
- C:\Windows\System\eLtFhFU.exe
  C:\Windows\System\eLtFhFU.exe
  2⤵
  PID:5680
- C:\Windows\System\NNKSZGO.exe
  C:\Windows\System\NNKSZGO.exe
  2⤵
  PID:5856
- C:\Windows\System\rkcZLfl.exe
  C:\Windows\System\rkcZLfl.exe
  2⤵
  PID:5912
- C:\Windows\System\SfXOoDB.exe
  C:\Windows\System\SfXOoDB.exe
  2⤵
  PID:5284
- C:\Windows\System\APylCUU.exe
  C:\Windows\System\APylCUU.exe
  2⤵
  PID:5144
- C:\Windows\System\rzgOYwv.exe
  C:\Windows\System\rzgOYwv.exe
  2⤵
  PID:5756
- C:\Windows\System\kFejfhL.exe
  C:\Windows\System\kFejfhL.exe
  2⤵
  PID:6040
- C:\Windows\System\qCfLOTk.exe
  C:\Windows\System\qCfLOTk.exe
  2⤵
  PID:6088
- C:\Windows\System\dPrxiui.exe
  C:\Windows\System\dPrxiui.exe
  2⤵
  PID:5384
- C:\Windows\System\hZzLwDK.exe
  C:\Windows\System\hZzLwDK.exe
  2⤵
  PID:5812
- C:\Windows\System\ZdAgBPO.exe
  C:\Windows\System\ZdAgBPO.exe
  2⤵
  PID:5800
- C:\Windows\System\EFMtxAf.exe
  C:\Windows\System\EFMtxAf.exe
  2⤵
  PID:5948
- C:\Windows\System\kqzjNpQ.exe
  C:\Windows\System\kqzjNpQ.exe
  2⤵
  PID:5332
- C:\Windows\System\kOxKBXo.exe
  C:\Windows\System\kOxKBXo.exe
  2⤵
  PID:5184
- C:\Windows\System\qMYSXNP.exe
  C:\Windows\System\qMYSXNP.exe
  2⤵
  PID:5932
- C:\Windows\System\BpXuAJr.exe
  C:\Windows\System\BpXuAJr.exe
  2⤵
  PID:5908
- C:\Windows\System\oMzrJaf.exe
  C:\Windows\System\oMzrJaf.exe
  2⤵
  PID:6152
- C:\Windows\System\dOaqqEh.exe
  C:\Windows\System\dOaqqEh.exe
  2⤵
  PID:6168
- C:\Windows\System\SKXeBjx.exe
  C:\Windows\System\SKXeBjx.exe
  2⤵
  PID:6188
- C:\Windows\System\ycFlIXq.exe
  C:\Windows\System\ycFlIXq.exe
  2⤵
  PID:6208
- C:\Windows\System\AeSZtKh.exe
  C:\Windows\System\AeSZtKh.exe
  2⤵
  PID:6224
- C:\Windows\System\bnBWELC.exe
  C:\Windows\System\bnBWELC.exe
  2⤵
  PID:6240
- C:\Windows\System\XTGrSUO.exe
  C:\Windows\System\XTGrSUO.exe
  2⤵
  PID:6264
- C:\Windows\System\ejbItGy.exe
  C:\Windows\System\ejbItGy.exe
  2⤵
  PID:6280
- C:\Windows\System\KeBEpYM.exe
  C:\Windows\System\KeBEpYM.exe
  2⤵
  PID:6304
- C:\Windows\System\PzVvrYW.exe
  C:\Windows\System\PzVvrYW.exe
  2⤵
  PID:6324
- C:\Windows\System\GDSbsgb.exe
  C:\Windows\System\GDSbsgb.exe
  2⤵
  PID:6344
- C:\Windows\System\fjYdavc.exe
  C:\Windows\System\fjYdavc.exe
  2⤵
  PID:6360
- C:\Windows\System\KxahlUe.exe
  C:\Windows\System\KxahlUe.exe
  2⤵
  PID:6384
- C:\Windows\System\GfUkkip.exe
  C:\Windows\System\GfUkkip.exe
  2⤵
  PID:6404
- C:\Windows\System\GcRgaNl.exe
  C:\Windows\System\GcRgaNl.exe
  2⤵
  PID:6424
- C:\Windows\System\UrJdYje.exe
  C:\Windows\System\UrJdYje.exe
  2⤵
  PID:6444
- C:\Windows\System\CZXibdG.exe
  C:\Windows\System\CZXibdG.exe
  2⤵
  PID:6468
- C:\Windows\System\KkidmnU.exe
  C:\Windows\System\KkidmnU.exe
  2⤵
  PID:6484
- C:\Windows\System\FxUNzOI.exe
  C:\Windows\System\FxUNzOI.exe
  2⤵
  PID:6504
- C:\Windows\System\BNVkbEO.exe
  C:\Windows\System\BNVkbEO.exe
  2⤵
  PID:6532
- C:\Windows\System\TyMNPGG.exe
  C:\Windows\System\TyMNPGG.exe
  2⤵
  PID:6548
- C:\Windows\System\LLBdggx.exe
  C:\Windows\System\LLBdggx.exe
  2⤵
  PID:6588
- C:\Windows\System\quLBWwN.exe
  C:\Windows\System\quLBWwN.exe
  2⤵
  PID:6616
- C:\Windows\System\WHGOqbI.exe
  C:\Windows\System\WHGOqbI.exe
  2⤵
  PID:6640
- C:\Windows\System\OqwkFwG.exe
  C:\Windows\System\OqwkFwG.exe
  2⤵
  PID:6656
- C:\Windows\System\Zvvrcxi.exe
  C:\Windows\System\Zvvrcxi.exe
  2⤵
  PID:6680
- C:\Windows\System\wzyudmD.exe
  C:\Windows\System\wzyudmD.exe
  2⤵
  PID:6696
- C:\Windows\System\ElMsuFQ.exe
  C:\Windows\System\ElMsuFQ.exe
  2⤵
  PID:6712
- C:\Windows\System\uqtvvvx.exe
  C:\Windows\System\uqtvvvx.exe
  2⤵
  PID:6732
- C:\Windows\System\HvIkTwV.exe
  C:\Windows\System\HvIkTwV.exe
  2⤵
  PID:6748
- C:\Windows\System\TozsnVA.exe
  C:\Windows\System\TozsnVA.exe
  2⤵
  PID:6768
- C:\Windows\System\AYDHthw.exe
  C:\Windows\System\AYDHthw.exe
  2⤵
  PID:6784
- C:\Windows\System\xRdkFhR.exe
  C:\Windows\System\xRdkFhR.exe
  2⤵
  PID:6804
- C:\Windows\System\vUQFwws.exe
  C:\Windows\System\vUQFwws.exe
  2⤵
  PID:6828
- C:\Windows\System\VdovLAQ.exe
  C:\Windows\System\VdovLAQ.exe
  2⤵
  PID:6844
- C:\Windows\System\QVZzoLV.exe
  C:\Windows\System\QVZzoLV.exe
  2⤵
  PID:6868
- C:\Windows\System\wCWrJDX.exe
  C:\Windows\System\wCWrJDX.exe
  2⤵
  PID:6888
- C:\Windows\System\GFFqAkS.exe
  C:\Windows\System\GFFqAkS.exe
  2⤵
  PID:6912
- C:\Windows\System\nCoLKNM.exe
  C:\Windows\System\nCoLKNM.exe
  2⤵
  PID:6936
- C:\Windows\System\VLJauBc.exe
  C:\Windows\System\VLJauBc.exe
  2⤵
  PID:6952
- C:\Windows\System\BOvJkIL.exe
  C:\Windows\System\BOvJkIL.exe
  2⤵
  PID:6972
- C:\Windows\System\juHSRfH.exe
  C:\Windows\System\juHSRfH.exe
  2⤵
  PID:7000
- C:\Windows\System\ZjlHxOU.exe
  C:\Windows\System\ZjlHxOU.exe
  2⤵
  PID:7024
- C:\Windows\System\anxZoQF.exe
  C:\Windows\System\anxZoQF.exe
  2⤵
  PID:7044
- C:\Windows\System\glFVsmS.exe
  C:\Windows\System\glFVsmS.exe
  2⤵
  PID:7064
- C:\Windows\System\jcZKloy.exe
  C:\Windows\System\jcZKloy.exe
  2⤵
  PID:7084
- C:\Windows\System\bohBPJT.exe
  C:\Windows\System\bohBPJT.exe
  2⤵
  PID:7104
- C:\Windows\System\LZhofsj.exe
  C:\Windows\System\LZhofsj.exe
  2⤵
  PID:7128
- C:\Windows\System\qeiQjTA.exe
  C:\Windows\System\qeiQjTA.exe
  2⤵
  PID:7144
- C:\Windows\System\LHBsllD.exe
  C:\Windows\System\LHBsllD.exe
  2⤵
  PID:7164
- C:\Windows\System\sklKivz.exe
  C:\Windows\System\sklKivz.exe
  2⤵
  PID:6200
- C:\Windows\System\drlzZEr.exe
  C:\Windows\System\drlzZEr.exe
  2⤵
  PID:6272
- C:\Windows\System\mefjzTK.exe
  C:\Windows\System\mefjzTK.exe
  2⤵
  PID:6356
- C:\Windows\System\EyQNUWo.exe
  C:\Windows\System\EyQNUWo.exe
  2⤵
  PID:6432
- C:\Windows\System\EcIMwxu.exe
  C:\Windows\System\EcIMwxu.exe
  2⤵
  PID:6512
- C:\Windows\System\ZuIIUSC.exe
  C:\Windows\System\ZuIIUSC.exe
  2⤵
  PID:6288
- C:\Windows\System\skfZtOy.exe
  C:\Windows\System\skfZtOy.exe
  2⤵
  PID:5256
- C:\Windows\System\ceeniUH.exe
  C:\Windows\System\ceeniUH.exe
  2⤵
  PID:6568
- C:\Windows\System\fFtTPWG.exe
  C:\Windows\System\fFtTPWG.exe
  2⤵
  PID:6572
- C:\Windows\System\bNXPAbS.exe
  C:\Windows\System\bNXPAbS.exe
  2⤵
  PID:6096
- C:\Windows\System\xDxwRup.exe
  C:\Windows\System\xDxwRup.exe
  2⤵
  PID:6340
- C:\Windows\System\YhdSZth.exe
  C:\Windows\System\YhdSZth.exe
  2⤵
  PID:5196
- C:\Windows\System\vTMlUtW.exe
  C:\Windows\System\vTMlUtW.exe
  2⤵
  PID:6420
- C:\Windows\System\jsAsiJV.exe
  C:\Windows\System\jsAsiJV.exe
  2⤵
  PID:6456
- C:\Windows\System\dTmkTdI.exe
  C:\Windows\System\dTmkTdI.exe
  2⤵
  PID:6184
- C:\Windows\System\qtwzPcL.exe
  C:\Windows\System\qtwzPcL.exe
  2⤵
  PID:6496
- C:\Windows\System\LyQqLHB.exe
  C:\Windows\System\LyQqLHB.exe
  2⤵
  PID:6544
- C:\Windows\System\ewNinCO.exe
  C:\Windows\System\ewNinCO.exe
  2⤵
  PID:6636
- C:\Windows\System\fvUjGuT.exe
  C:\Windows\System\fvUjGuT.exe
  2⤵
  PID:6668
- C:\Windows\System\xnCNrPK.exe
  C:\Windows\System\xnCNrPK.exe
  2⤵
  PID:6740
- C:\Windows\System\tDPPteC.exe
  C:\Windows\System\tDPPteC.exe
  2⤵
  PID:6812
- C:\Windows\System\dHoAauv.exe
  C:\Windows\System\dHoAauv.exe
  2⤵
  PID:6852
- C:\Windows\System\YPEPZhJ.exe
  C:\Windows\System\YPEPZhJ.exe
  2⤵
  PID:6688
- C:\Windows\System\IDCKFZQ.exe
  C:\Windows\System\IDCKFZQ.exe
  2⤵
  PID:6904
- C:\Windows\System\fxadPjp.exe
  C:\Windows\System\fxadPjp.exe
  2⤵
  PID:6948
- C:\Windows\System\dtXXgol.exe
  C:\Windows\System\dtXXgol.exe
  2⤵
  PID:6876
- C:\Windows\System\wvCfhfw.exe
  C:\Windows\System\wvCfhfw.exe
  2⤵
  PID:6880
- C:\Windows\System\ONNTfth.exe
  C:\Windows\System\ONNTfth.exe
  2⤵
  PID:6924
- C:\Windows\System\xaKvCBw.exe
  C:\Windows\System\xaKvCBw.exe
  2⤵
  PID:6964
- C:\Windows\System\PYYoqwI.exe
  C:\Windows\System\PYYoqwI.exe
  2⤵
  PID:7020
- C:\Windows\System\mGVQLde.exe
  C:\Windows\System\mGVQLde.exe
  2⤵
  PID:7076
- C:\Windows\System\MEkMyNd.exe
  C:\Windows\System\MEkMyNd.exe
  2⤵
  PID:7116
- C:\Windows\System\MzgDxgp.exe
  C:\Windows\System\MzgDxgp.exe
  2⤵
  PID:7160
- C:\Windows\System\KgTWcdt.exe
  C:\Windows\System\KgTWcdt.exe
  2⤵
  PID:6204
- C:\Windows\System\dyKlled.exe
  C:\Windows\System\dyKlled.exe
  2⤵
  PID:5584
- C:\Windows\System\syOelnY.exe
  C:\Windows\System\syOelnY.exe
  2⤵
  PID:6352
- C:\Windows\System\hggvYgE.exe
  C:\Windows\System\hggvYgE.exe
  2⤵
  PID:6524
- C:\Windows\System\DtFHjBN.exe
  C:\Windows\System\DtFHjBN.exe
  2⤵
  PID:5988
- C:\Windows\System\PikNAsP.exe
  C:\Windows\System\PikNAsP.exe
  2⤵
  PID:6564
- C:\Windows\System\ZAweYQO.exe
  C:\Windows\System\ZAweYQO.exe
  2⤵
  PID:6220
- C:\Windows\System\qHbjwDp.exe
  C:\Windows\System\qHbjwDp.exe
  2⤵
  PID:6560
- C:\Windows\System\haxZcea.exe
  C:\Windows\System\haxZcea.exe
  2⤵
  PID:6296
- C:\Windows\System\AZVpCfy.exe
  C:\Windows\System\AZVpCfy.exe
  2⤵
  PID:4216
- C:\Windows\System\hfEYSBl.exe
  C:\Windows\System\hfEYSBl.exe
  2⤵
  PID:6256
- C:\Windows\System\JbzLGWG.exe
  C:\Windows\System\JbzLGWG.exe
  2⤵
  PID:6664
- C:\Windows\System\ugRQBtU.exe
  C:\Windows\System\ugRQBtU.exe
  2⤵
  PID:6708
- C:\Windows\System\jRVFGFE.exe
  C:\Windows\System\jRVFGFE.exe
  2⤵
  PID:6692
- C:\Windows\System\Lthctvn.exe
  C:\Windows\System\Lthctvn.exe
  2⤵
  PID:6984
- C:\Windows\System\EmwYYCM.exe
  C:\Windows\System\EmwYYCM.exe
  2⤵
  PID:6800
- C:\Windows\System\YMVhfmZ.exe
  C:\Windows\System\YMVhfmZ.exe
  2⤵
  PID:6840
- C:\Windows\System\MmBwXMi.exe
  C:\Windows\System\MmBwXMi.exe
  2⤵
  PID:6996
- C:\Windows\System\Adnbxpg.exe
  C:\Windows\System\Adnbxpg.exe
  2⤵
  PID:7008
- C:\Windows\System\cQUdFOg.exe
  C:\Windows\System\cQUdFOg.exe
  2⤵
  PID:7080
- C:\Windows\System\OEBGiMt.exe
  C:\Windows\System\OEBGiMt.exe
  2⤵
  PID:7152
- C:\Windows\System\Omaqtkl.exe
  C:\Windows\System\Omaqtkl.exe
  2⤵
  PID:6236
- C:\Windows\System\hSeftur.exe
  C:\Windows\System\hSeftur.exe
  2⤵
  PID:6128
- C:\Windows\System\ORKbayv.exe
  C:\Windows\System\ORKbayv.exe
  2⤵
  PID:6440
- C:\Windows\System\aeFPobM.exe
  C:\Windows\System\aeFPobM.exe
  2⤵
  PID:6176
- C:\Windows\System\oFLfQEA.exe
  C:\Windows\System\oFLfQEA.exe
  2⤵
  PID:6300
- C:\Windows\System\tJpGvmR.exe
  C:\Windows\System\tJpGvmR.exe
  2⤵
  PID:6652
- C:\Windows\System\TXAqpjR.exe
  C:\Windows\System\TXAqpjR.exe
  2⤵
  PID:6608
- C:\Windows\System\eZYcmOa.exe
  C:\Windows\System\eZYcmOa.exe
  2⤵
  PID:6780
- C:\Windows\System\HkxyuNK.exe
  C:\Windows\System\HkxyuNK.exe
  2⤵
  PID:7012
- C:\Windows\System\QnXsdXC.exe
  C:\Windows\System\QnXsdXC.exe
  2⤵
  PID:7092
- C:\Windows\System\pbjEcoT.exe
  C:\Windows\System\pbjEcoT.exe
  2⤵
  PID:6376
- C:\Windows\System\tcqvnyL.exe
  C:\Windows\System\tcqvnyL.exe
  2⤵
  PID:6720
- C:\Windows\System\MttaewH.exe
  C:\Windows\System\MttaewH.exe
  2⤵
  PID:6796
- C:\Windows\System\ywJJOzM.exe
  C:\Windows\System\ywJJOzM.exe
  2⤵
  PID:7036
- C:\Windows\System\BZonCRx.exe
  C:\Windows\System\BZonCRx.exe
  2⤵
  PID:6600
- C:\Windows\System\haVVYnv.exe
  C:\Windows\System\haVVYnv.exe
  2⤵
  PID:6464
- C:\Windows\System\NPrMUab.exe
  C:\Windows\System\NPrMUab.exe
  2⤵
  PID:6612
- C:\Windows\System\ZAtNgVy.exe
  C:\Windows\System\ZAtNgVy.exe
  2⤵
  PID:6760
- C:\Windows\System\tQnzDIm.exe
  C:\Windows\System\tQnzDIm.exe
  2⤵
  PID:7056
- C:\Windows\System\pTdvAea.exe
  C:\Windows\System\pTdvAea.exe
  2⤵
  PID:7016
- C:\Windows\System\lzLibcG.exe
  C:\Windows\System\lzLibcG.exe
  2⤵
  PID:6632
- C:\Windows\System\AjTfLWl.exe
  C:\Windows\System\AjTfLWl.exe
  2⤵
  PID:6988
- C:\Windows\System\KkuEwZm.exe
  C:\Windows\System\KkuEwZm.exe
  2⤵
  PID:6624
- C:\Windows\System\VIzPqWa.exe
  C:\Windows\System\VIzPqWa.exe
  2⤵
  PID:7096
- C:\Windows\System\cTwhGKq.exe
  C:\Windows\System\cTwhGKq.exe
  2⤵
  PID:7184
- C:\Windows\System\ilMjAHX.exe
  C:\Windows\System\ilMjAHX.exe
  2⤵
  PID:7224
- C:\Windows\System\ExDDPdV.exe
  C:\Windows\System\ExDDPdV.exe
  2⤵
  PID:7240
- C:\Windows\System\FCRxVkf.exe
  C:\Windows\System\FCRxVkf.exe
  2⤵
  PID:7260
- C:\Windows\System\mPLychj.exe
  C:\Windows\System\mPLychj.exe
  2⤵
  PID:7280
- C:\Windows\System\ASIVFUC.exe
  C:\Windows\System\ASIVFUC.exe
  2⤵
  PID:7304
- C:\Windows\System\RQmaYjj.exe
  C:\Windows\System\RQmaYjj.exe
  2⤵
  PID:7320
- C:\Windows\System\RieIpse.exe
  C:\Windows\System\RieIpse.exe
  2⤵
  PID:7340
- C:\Windows\System\zGDeidP.exe
  C:\Windows\System\zGDeidP.exe
  2⤵
  PID:7360
- C:\Windows\System\vMryDmC.exe
  C:\Windows\System\vMryDmC.exe
  2⤵
  PID:7384
- C:\Windows\System\oXTzxAa.exe
  C:\Windows\System\oXTzxAa.exe
  2⤵
  PID:7400
- C:\Windows\System\OpEYyZX.exe
  C:\Windows\System\OpEYyZX.exe
  2⤵
  PID:7420
- C:\Windows\System\XibeoAB.exe
  C:\Windows\System\XibeoAB.exe
  2⤵
  PID:7440
- C:\Windows\System\irDfQSM.exe
  C:\Windows\System\irDfQSM.exe
  2⤵
  PID:7456
- C:\Windows\System\hyGAzYF.exe
  C:\Windows\System\hyGAzYF.exe
  2⤵
  PID:7480
- C:\Windows\System\DIHmyip.exe
  C:\Windows\System\DIHmyip.exe
  2⤵
  PID:7500
- C:\Windows\System\dEfRYdS.exe
  C:\Windows\System\dEfRYdS.exe
  2⤵
  PID:7520
- C:\Windows\System\cOyNbPk.exe
  C:\Windows\System\cOyNbPk.exe
  2⤵
  PID:7540
- C:\Windows\System\uvpxqMJ.exe
  C:\Windows\System\uvpxqMJ.exe
  2⤵
  PID:7560
- C:\Windows\System\qIrveXl.exe
  C:\Windows\System\qIrveXl.exe
  2⤵
  PID:7580
- C:\Windows\System\bhkGRDY.exe
  C:\Windows\System\bhkGRDY.exe
  2⤵
  PID:7600
- C:\Windows\System\yorIkwh.exe
  C:\Windows\System\yorIkwh.exe
  2⤵
  PID:7620
- C:\Windows\System\JsdLWQQ.exe
  C:\Windows\System\JsdLWQQ.exe
  2⤵
  PID:7636
- C:\Windows\System\FahtHly.exe
  C:\Windows\System\FahtHly.exe
  2⤵
  PID:7660
- C:\Windows\System\gvPhsLU.exe
  C:\Windows\System\gvPhsLU.exe
  2⤵
  PID:7680
- C:\Windows\System\wnpDkmH.exe
  C:\Windows\System\wnpDkmH.exe
  2⤵
  PID:7700
- C:\Windows\System\UWaWZha.exe
  C:\Windows\System\UWaWZha.exe
  2⤵
  PID:7720
- C:\Windows\System\HdEpiCg.exe
  C:\Windows\System\HdEpiCg.exe
  2⤵
  PID:7740
- C:\Windows\System\fHnHAAa.exe
  C:\Windows\System\fHnHAAa.exe
  2⤵
  PID:7760
- C:\Windows\System\HbERjwF.exe
  C:\Windows\System\HbERjwF.exe
  2⤵
  PID:7784
- C:\Windows\System\VwPEMEd.exe
  C:\Windows\System\VwPEMEd.exe
  2⤵
  PID:7800
- C:\Windows\System\ZXFBuDL.exe
  C:\Windows\System\ZXFBuDL.exe
  2⤵
  PID:7820
- C:\Windows\System\jOtgjoJ.exe
  C:\Windows\System\jOtgjoJ.exe
  2⤵
  PID:7836
- C:\Windows\System\SEOlHCr.exe
  C:\Windows\System\SEOlHCr.exe
  2⤵
  PID:7860
- C:\Windows\System\jOxpzqj.exe
  C:\Windows\System\jOxpzqj.exe
  2⤵
  PID:7880
- C:\Windows\System\eBZySMn.exe
  C:\Windows\System\eBZySMn.exe
  2⤵
  PID:7904
- C:\Windows\System\faRdyHp.exe
  C:\Windows\System\faRdyHp.exe
  2⤵
  PID:7924
- C:\Windows\System\PMuxvEm.exe
  C:\Windows\System\PMuxvEm.exe
  2⤵
  PID:7944
- C:\Windows\System\TwTpkXV.exe
  C:\Windows\System\TwTpkXV.exe
  2⤵
  PID:7964
- C:\Windows\System\wiJDAMk.exe
  C:\Windows\System\wiJDAMk.exe
  2⤵
  PID:7980
- C:\Windows\System\EIDeNsY.exe
  C:\Windows\System\EIDeNsY.exe
  2⤵
  PID:8000
- C:\Windows\System\RYcTBpA.exe
  C:\Windows\System\RYcTBpA.exe
  2⤵
  PID:8024
- C:\Windows\System\bfzbwAy.exe
  C:\Windows\System\bfzbwAy.exe
  2⤵
  PID:8044
- C:\Windows\System\wqxPspB.exe
  C:\Windows\System\wqxPspB.exe
  2⤵
  PID:8064
- C:\Windows\System\tJWTGfR.exe
  C:\Windows\System\tJWTGfR.exe
  2⤵
  PID:8080
- C:\Windows\System\vppeShY.exe
  C:\Windows\System\vppeShY.exe
  2⤵
  PID:8104
- C:\Windows\System\wcxHkNA.exe
  C:\Windows\System\wcxHkNA.exe
  2⤵
  PID:8120
- C:\Windows\System\NBFqTtB.exe
  C:\Windows\System\NBFqTtB.exe
  2⤵
  PID:8140
- C:\Windows\System\bGdaRXe.exe
  C:\Windows\System\bGdaRXe.exe
  2⤵
  PID:8156
- C:\Windows\System\sshTech.exe
  C:\Windows\System\sshTech.exe
  2⤵
  PID:8176
- C:\Windows\System\FdTTTuX.exe
  C:\Windows\System\FdTTTuX.exe
  2⤵
  PID:7192
- C:\Windows\System\QPuZxDI.exe
  C:\Windows\System\QPuZxDI.exe
  2⤵
  PID:7216
- C:\Windows\System\SEwuXvP.exe
  C:\Windows\System\SEwuXvP.exe
  2⤵
  PID:6580
- C:\Windows\System\biLlesz.exe
  C:\Windows\System\biLlesz.exe
  2⤵
  PID:7252
- C:\Windows\System\RgEJwlq.exe
  C:\Windows\System\RgEJwlq.exe
  2⤵
  PID:7172
- C:\Windows\System\gRgjnSb.exe
  C:\Windows\System\gRgjnSb.exe
  2⤵
  PID:7236
- C:\Windows\System\ATWVctd.exe
  C:\Windows\System\ATWVctd.exe
  2⤵
  PID:7272
- C:\Windows\System\djfOaVV.exe
  C:\Windows\System\djfOaVV.exe
  2⤵
  PID:7336
- C:\Windows\System\vzivpLY.exe
  C:\Windows\System\vzivpLY.exe
  2⤵
  PID:7376
- C:\Windows\System\oDGWQQX.exe
  C:\Windows\System\oDGWQQX.exe
  2⤵
  PID:7392
- C:\Windows\System\JTzcMEm.exe
  C:\Windows\System\JTzcMEm.exe
  2⤵
  PID:7396
- C:\Windows\System\MZuobrw.exe
  C:\Windows\System\MZuobrw.exe
  2⤵
  PID:7488
- C:\Windows\System\PyzEdIU.exe
  C:\Windows\System\PyzEdIU.exe
  2⤵
  PID:7492
- C:\Windows\System\IWnGtdu.exe
  C:\Windows\System\IWnGtdu.exe
  2⤵
  PID:7528
- C:\Windows\System\BtJEwcK.exe
  C:\Windows\System\BtJEwcK.exe
  2⤵
  PID:7568
- C:\Windows\System\LuxCJxw.exe
  C:\Windows\System\LuxCJxw.exe
  2⤵
  PID:7612
- C:\Windows\System\FfbZVsn.exe
  C:\Windows\System\FfbZVsn.exe
  2⤵
  PID:7644
- C:\Windows\System\ydETsmp.exe
  C:\Windows\System\ydETsmp.exe
  2⤵
  PID:7688
- C:\Windows\System\tyUCxoP.exe
  C:\Windows\System\tyUCxoP.exe
  2⤵
  PID:7692
- C:\Windows\System\SZotZEA.exe
  C:\Windows\System\SZotZEA.exe
  2⤵
  PID:7708
- C:\Windows\System\TblrHHc.exe
  C:\Windows\System\TblrHHc.exe
  2⤵
  PID:7752
- C:\Windows\System\xmdierJ.exe
  C:\Windows\System\xmdierJ.exe
  2⤵
  PID:7808
- C:\Windows\System\trgzylj.exe
  C:\Windows\System\trgzylj.exe
  2⤵
  PID:7848
- C:\Windows\System\sHaSBCG.exe
  C:\Windows\System\sHaSBCG.exe
  2⤵
  PID:7888
- C:\Windows\System\ZZaJYui.exe
  C:\Windows\System\ZZaJYui.exe
  2⤵
  PID:7828
- C:\Windows\System\pexYYFr.exe
  C:\Windows\System\pexYYFr.exe
  2⤵
  PID:7912
- C:\Windows\System\dcFlham.exe
  C:\Windows\System\dcFlham.exe
  2⤵
  PID:7936
- C:\Windows\System\LNzgiMN.exe
  C:\Windows\System\LNzgiMN.exe
  2⤵
  PID:7956
- C:\Windows\System\gktjcAj.exe
  C:\Windows\System\gktjcAj.exe
  2⤵
  PID:7992
- C:\Windows\System\SoAWQGV.exe
  C:\Windows\System\SoAWQGV.exe
  2⤵
  PID:8088
- C:\Windows\System\VnbBpEc.exe
  C:\Windows\System\VnbBpEc.exe
  2⤵
  PID:8076
- C:\Windows\System\CmXBvAY.exe
  C:\Windows\System\CmXBvAY.exe
  2⤵
  PID:8132
- C:\Windows\System\eALsBeJ.exe
  C:\Windows\System\eALsBeJ.exe
  2⤵
  PID:8168
- C:\Windows\System\XJHmcEf.exe
  C:\Windows\System\XJHmcEf.exe
  2⤵
  PID:8148
- C:\Windows\System\xrIErfZ.exe
  C:\Windows\System\xrIErfZ.exe
  2⤵
  PID:8184
- C:\Windows\System\DievVny.exe
  C:\Windows\System\DievVny.exe
  2⤵
  PID:6528
- C:\Windows\System\kRIncYV.exe
  C:\Windows\System\kRIncYV.exe
  2⤵
  PID:1572
- C:\Windows\System\DHbrZPG.exe
  C:\Windows\System\DHbrZPG.exe
  2⤵
  PID:7292
- C:\Windows\System\meqgDyv.exe
  C:\Windows\System\meqgDyv.exe
  2⤵
  PID:7332
- C:\Windows\System\lzYssFZ.exe
  C:\Windows\System\lzYssFZ.exe
  2⤵
  PID:7352
- C:\Windows\System\KkCIctp.exe
  C:\Windows\System\KkCIctp.exe
  2⤵
  PID:7512
- C:\Windows\System\EizboHU.exe
  C:\Windows\System\EizboHU.exe
  2⤵
  PID:7448
- C:\Windows\System\JlhJzHB.exe
  C:\Windows\System\JlhJzHB.exe
  2⤵
  PID:7516
- C:\Windows\System\yvSHzoP.exe
  C:\Windows\System\yvSHzoP.exe
  2⤵
  PID:7652
- C:\Windows\System\fPGkvhB.exe
  C:\Windows\System\fPGkvhB.exe
  2⤵
  PID:7852
- C:\Windows\System\vOJGerd.exe
  C:\Windows\System\vOJGerd.exe
  2⤵
  PID:7876
- C:\Windows\System\WdfDToL.exe
  C:\Windows\System\WdfDToL.exe
  2⤵
  PID:8032
- C:\Windows\System\TMhZYIY.exe
  C:\Windows\System\TMhZYIY.exe
  2⤵
  PID:8060
- C:\Windows\System\CPUPIQF.exe
  C:\Windows\System\CPUPIQF.exe
  2⤵
  PID:6932
- C:\Windows\System\uvvtVmp.exe
  C:\Windows\System\uvvtVmp.exe
  2⤵
  PID:7060
- C:\Windows\System\qxOjwgG.exe
  C:\Windows\System\qxOjwgG.exe
  2⤵
  PID:7772
- C:\Windows\System\xXekoku.exe
  C:\Windows\System\xXekoku.exe
  2⤵
  PID:6856
- C:\Windows\System\MuhYTnE.exe
  C:\Windows\System\MuhYTnE.exe
  2⤵
  PID:7368
- C:\Windows\System\WizIcGz.exe
  C:\Windows\System\WizIcGz.exe
  2⤵
  PID:7940
- C:\Windows\System\RXhceAE.exe
  C:\Windows\System\RXhceAE.exe
  2⤵
  PID:8100
- C:\Windows\System\oUZCRzf.exe
  C:\Windows\System\oUZCRzf.exe
  2⤵
  PID:8152
- C:\Windows\System\RpOsVXL.exe
  C:\Windows\System\RpOsVXL.exe
  2⤵
  PID:7296
- C:\Windows\System\cQvWcIM.exe
  C:\Windows\System\cQvWcIM.exe
  2⤵
  PID:7464
- C:\Windows\System\hxDiOgJ.exe
  C:\Windows\System\hxDiOgJ.exe
  2⤵
  PID:7736
- C:\Windows\System\NInHwKF.exe
  C:\Windows\System\NInHwKF.exe
  2⤵
  PID:7472
- C:\Windows\System\YiaxbCl.exe
  C:\Windows\System\YiaxbCl.exe
  2⤵
  PID:8012
- C:\Windows\System\RRyLKuL.exe
  C:\Windows\System\RRyLKuL.exe
  2⤵
  PID:7960
- C:\Windows\System\cDLRzYq.exe
  C:\Windows\System\cDLRzYq.exe
  2⤵
  PID:7892
- C:\Windows\System\hutgiyS.exe
  C:\Windows\System\hutgiyS.exe
  2⤵
  PID:7212
- C:\Windows\System\zvYOVGC.exe
  C:\Windows\System\zvYOVGC.exe
  2⤵
  PID:7676
- C:\Windows\System\oPtujIC.exe
  C:\Windows\System\oPtujIC.exe
  2⤵
  PID:6180
- C:\Windows\System\FOZSiDa.exe
  C:\Windows\System\FOZSiDa.exe
  2⤵
  PID:8020
- C:\Windows\System\RkHedkN.exe
  C:\Windows\System\RkHedkN.exe
  2⤵
  PID:7196
- C:\Windows\System\TATVCwH.exe
  C:\Windows\System\TATVCwH.exe
  2⤵
  PID:7476
- C:\Windows\System\YoUCsTa.exe
  C:\Windows\System\YoUCsTa.exe
  2⤵
  PID:8056
- C:\Windows\System\lFXlPkY.exe
  C:\Windows\System\lFXlPkY.exe
  2⤵
  PID:7748
- C:\Windows\System\ncAxsdJ.exe
  C:\Windows\System\ncAxsdJ.exe
  2⤵
  PID:8116
- C:\Windows\System\tBCAhQu.exe
  C:\Windows\System\tBCAhQu.exe
  2⤵
  PID:7616
- C:\Windows\System\iZTTpOW.exe
  C:\Windows\System\iZTTpOW.exe
  2⤵
  PID:7552
- C:\Windows\System\efwzjuo.exe
  C:\Windows\System\efwzjuo.exe
  2⤵
  PID:7632
- C:\Windows\System\kmeuSPW.exe
  C:\Windows\System\kmeuSPW.exe
  2⤵
  PID:8128
- C:\Windows\System\eJsMSjD.exe
  C:\Windows\System\eJsMSjD.exe
  2⤵
  PID:7872
- C:\Windows\System\ypvauJi.exe
  C:\Windows\System\ypvauJi.exe
  2⤵
  PID:8112
- C:\Windows\System\ABlxvZC.exe
  C:\Windows\System\ABlxvZC.exe
  2⤵
  PID:8164
- C:\Windows\System\DZEXHLO.exe
  C:\Windows\System\DZEXHLO.exe
  2⤵
  PID:7468
- C:\Windows\System\aRoABEJ.exe
  C:\Windows\System\aRoABEJ.exe
  2⤵
  PID:7316
- C:\Windows\System\CemAjgM.exe
  C:\Windows\System\CemAjgM.exe
  2⤵
  PID:7356
- C:\Windows\System\hSiejqW.exe
  C:\Windows\System\hSiejqW.exe
  2⤵
  PID:8220
- C:\Windows\System\BkwSKMW.exe
  C:\Windows\System\BkwSKMW.exe
  2⤵
  PID:8236
- C:\Windows\System\zwjHiLU.exe
  C:\Windows\System\zwjHiLU.exe
  2⤵
  PID:8252
- C:\Windows\System\YEOruQo.exe
  C:\Windows\System\YEOruQo.exe
  2⤵
  PID:8268
- C:\Windows\System\lBZyzxr.exe
  C:\Windows\System\lBZyzxr.exe
  2⤵
  PID:8292
- C:\Windows\System\kAhIXqn.exe
  C:\Windows\System\kAhIXqn.exe
  2⤵
  PID:8312
- C:\Windows\System\ayJwmmR.exe
  C:\Windows\System\ayJwmmR.exe
  2⤵
  PID:8332
- C:\Windows\System\fpWOGFP.exe
  C:\Windows\System\fpWOGFP.exe
  2⤵
  PID:8360
- C:\Windows\System\AdIBVad.exe
  C:\Windows\System\AdIBVad.exe
  2⤵
  PID:8376
- C:\Windows\System\nujhrou.exe
  C:\Windows\System\nujhrou.exe
  2⤵
  PID:8392
- C:\Windows\System\pzUhVvq.exe
  C:\Windows\System\pzUhVvq.exe
  2⤵
  PID:8424
- C:\Windows\System\KPzGkkV.exe
  C:\Windows\System\KPzGkkV.exe
  2⤵
  PID:8448
- C:\Windows\System\YVTbxjj.exe
  C:\Windows\System\YVTbxjj.exe
  2⤵
  PID:8468
- C:\Windows\System\LwnsnNt.exe
  C:\Windows\System\LwnsnNt.exe
  2⤵
  PID:8492
- C:\Windows\System\VoycBBD.exe
  C:\Windows\System\VoycBBD.exe
  2⤵
  PID:8508
- C:\Windows\System\TduUGoN.exe
  C:\Windows\System\TduUGoN.exe
  2⤵
  PID:8524
- C:\Windows\System\YZxLrMO.exe
  C:\Windows\System\YZxLrMO.exe
  2⤵
  PID:8540
- C:\Windows\System\lkeWBXd.exe
  C:\Windows\System\lkeWBXd.exe
  2⤵
  PID:8556
- C:\Windows\System\JonsqvI.exe
  C:\Windows\System\JonsqvI.exe
  2⤵
  PID:8584
- C:\Windows\System\RIdacSZ.exe
  C:\Windows\System\RIdacSZ.exe
  2⤵
  PID:8604
- C:\Windows\System\KHnNDZW.exe
  C:\Windows\System\KHnNDZW.exe
  2⤵
  PID:8624
- C:\Windows\System\kVXqFqk.exe
  C:\Windows\System\kVXqFqk.exe
  2⤵
  PID:8648
- C:\Windows\System\JeasVPp.exe
  C:\Windows\System\JeasVPp.exe
  2⤵
  PID:8668
- C:\Windows\System\rQFgaPl.exe
  C:\Windows\System\rQFgaPl.exe
  2⤵
  PID:8692
- C:\Windows\System\oSUhlvE.exe
  C:\Windows\System\oSUhlvE.exe
  2⤵
  PID:8712
- C:\Windows\System\UCUdIHR.exe
  C:\Windows\System\UCUdIHR.exe
  2⤵
  PID:8736
- C:\Windows\System\cYNPSai.exe
  C:\Windows\System\cYNPSai.exe
  2⤵
  PID:8752
- C:\Windows\System\KEykQUK.exe
  C:\Windows\System\KEykQUK.exe
  2⤵
  PID:8776
- C:\Windows\System\OWxfYqW.exe
  C:\Windows\System\OWxfYqW.exe
  2⤵
  PID:8792
- C:\Windows\System\dOIPCWz.exe
  C:\Windows\System\dOIPCWz.exe
  2⤵
  PID:8816
- C:\Windows\System\ljbuLUe.exe
  C:\Windows\System\ljbuLUe.exe
  2⤵
  PID:8832
- C:\Windows\System\dmhnfUd.exe
  C:\Windows\System\dmhnfUd.exe
  2⤵
  PID:8856
- C:\Windows\System\iIYmnOT.exe
  C:\Windows\System\iIYmnOT.exe
  2⤵
  PID:8872
- C:\Windows\System\IFPTztB.exe
  C:\Windows\System\IFPTztB.exe
  2⤵
  PID:8888
- C:\Windows\System\oBidWHT.exe
  C:\Windows\System\oBidWHT.exe
  2⤵
  PID:8904
- C:\Windows\System\sDSaTWM.exe
  C:\Windows\System\sDSaTWM.exe
  2⤵
  PID:8920
- C:\Windows\System\MEJFuMB.exe
  C:\Windows\System\MEJFuMB.exe
  2⤵
  PID:8944
- C:\Windows\System\QhmwVBq.exe
  C:\Windows\System\QhmwVBq.exe
  2⤵
  PID:8964
- C:\Windows\System\CuaSIMI.exe
  C:\Windows\System\CuaSIMI.exe
  2⤵
  PID:8980
- C:\Windows\System\mQRvARX.exe
  C:\Windows\System\mQRvARX.exe
  2⤵
  PID:9000
- C:\Windows\System\KsNbNDY.exe
  C:\Windows\System\KsNbNDY.exe
  2⤵
  PID:9036
- C:\Windows\System\cHitMte.exe
  C:\Windows\System\cHitMte.exe
  2⤵
  PID:9052
- C:\Windows\System\qySLeyu.exe
  C:\Windows\System\qySLeyu.exe
  2⤵
  PID:9068
- C:\Windows\System\loNeXtP.exe
  C:\Windows\System\loNeXtP.exe
  2⤵
  PID:9092
- C:\Windows\System\MxIXOkH.exe
  C:\Windows\System\MxIXOkH.exe
  2⤵
  PID:9116
- C:\Windows\System\wboQPvb.exe
  C:\Windows\System\wboQPvb.exe
  2⤵
  PID:9136
- C:\Windows\System\UdmqBwU.exe
  C:\Windows\System\UdmqBwU.exe
  2⤵
  PID:9152
- C:\Windows\System\zJoSJNd.exe
  C:\Windows\System\zJoSJNd.exe
  2⤵
  PID:9176
- C:\Windows\System\DMyenho.exe
  C:\Windows\System\DMyenho.exe
  2⤵
  PID:9196
- C:\Windows\System\LRbPNZq.exe
  C:\Windows\System\LRbPNZq.exe
  2⤵
  PID:8196
- C:\Windows\System\vWhIwja.exe
  C:\Windows\System\vWhIwja.exe
  2⤵
  PID:8204
- C:\Windows\System\UbhpzZN.exe
  C:\Windows\System\UbhpzZN.exe
  2⤵
  PID:8264
- C:\Windows\System\MhwMDyx.exe
  C:\Windows\System\MhwMDyx.exe
  2⤵
  PID:8304
- C:\Windows\System\LbwTyBr.exe
  C:\Windows\System\LbwTyBr.exe
  2⤵
  PID:8356
- C:\Windows\System\wzfqgym.exe
  C:\Windows\System\wzfqgym.exe
  2⤵
  PID:8248
- C:\Windows\System\CYaTZMh.exe
  C:\Windows\System\CYaTZMh.exe
  2⤵
  PID:8288
- C:\Windows\System\rGiSzFa.exe
  C:\Windows\System\rGiSzFa.exe
  2⤵
  PID:8324
- C:\Windows\System\NDwRWUw.exe
  C:\Windows\System\NDwRWUw.exe
  2⤵
  PID:8416
- C:\Windows\System\EmIGzKm.exe
  C:\Windows\System\EmIGzKm.exe
  2⤵
  PID:8436
- C:\Windows\System\pDtWhjU.exe
  C:\Windows\System\pDtWhjU.exe
  2⤵
  PID:8464
- C:\Windows\System\mHoFaNg.exe
  C:\Windows\System\mHoFaNg.exe
  2⤵
  PID:8500
- C:\Windows\System\NOuuMdl.exe
  C:\Windows\System\NOuuMdl.exe
  2⤵
  PID:8548
- C:\Windows\System\HLSbXiS.exe
  C:\Windows\System\HLSbXiS.exe
  2⤵
  PID:8564
- C:\Windows\System\nUvLWdp.exe
  C:\Windows\System\nUvLWdp.exe
  2⤵
  PID:8600
- C:\Windows\System\EABzYxM.exe
  C:\Windows\System\EABzYxM.exe
  2⤵
  PID:8636
- C:\Windows\System\gmaDqPb.exe
  C:\Windows\System\gmaDqPb.exe
  2⤵
  PID:8612
- C:\Windows\System\mqUWtrk.exe
  C:\Windows\System\mqUWtrk.exe
  2⤵
  PID:8660
- C:\Windows\System\sHzajeZ.exe
  C:\Windows\System\sHzajeZ.exe
  2⤵
  PID:8704
- C:\Windows\System\uREhAUh.exe
  C:\Windows\System\uREhAUh.exe
  2⤵
  PID:8728
- C:\Windows\System\hefJmmI.exe
  C:\Windows\System\hefJmmI.exe
  2⤵
  PID:8764
- C:\Windows\System\cnqUOgc.exe
  C:\Windows\System\cnqUOgc.exe
  2⤵
  PID:8800
- C:\Windows\System\WZVadJp.exe
  C:\Windows\System\WZVadJp.exe
  2⤵
  PID:8828
- C:\Windows\System\LyQKqYI.exe
  C:\Windows\System\LyQKqYI.exe
  2⤵
  PID:8960
- C:\Windows\System\rvFvmxX.exe
  C:\Windows\System\rvFvmxX.exe
  2⤵
  PID:9048
- C:\Windows\System\MrVeSRG.exe
  C:\Windows\System\MrVeSRG.exe
  2⤵
  PID:8940
- C:\Windows\System\eiKDLUT.exe
  C:\Windows\System\eiKDLUT.exe
  2⤵
  PID:9084
- C:\Windows\System\VMeQGtX.exe
  C:\Windows\System\VMeQGtX.exe
  2⤵
  PID:9016
- C:\Windows\System\BPqVwCw.exe
  C:\Windows\System\BPqVwCw.exe
  2⤵
  PID:9104
- C:\Windows\System\McLkkFV.exe
  C:\Windows\System\McLkkFV.exe
  2⤵
  PID:9160
- C:\Windows\System\BhUNMdB.exe
  C:\Windows\System\BhUNMdB.exe
  2⤵
  PID:9148
- C:\Windows\System\ancGqyO.exe
  C:\Windows\System\ancGqyO.exe
  2⤵
  PID:9184
- C:\Windows\System\CdPROJk.exe
  C:\Windows\System\CdPROJk.exe
  2⤵
  PID:7920
- C:\Windows\System\kVYVQBr.exe
  C:\Windows\System\kVYVQBr.exe
  2⤵
  PID:8352
- C:\Windows\System\XUNCCjL.exe
  C:\Windows\System\XUNCCjL.exe
  2⤵
  PID:8404
- C:\Windows\System\YNsRvrn.exe
  C:\Windows\System\YNsRvrn.exe
  2⤵
  PID:8388
- C:\Windows\System\VJQcZow.exe
  C:\Windows\System\VJQcZow.exe
  2⤵
  PID:8420
- C:\Windows\System\bcgIpun.exe
  C:\Windows\System\bcgIpun.exe
  2⤵
  PID:8208
- C:\Windows\System\bEWvcKr.exe
  C:\Windows\System\bEWvcKr.exe
  2⤵
  PID:8568
- C:\Windows\System\rrddZlt.exe
  C:\Windows\System\rrddZlt.exe
  2⤵
  PID:8664
- C:\Windows\System\jtsIQHW.exe
  C:\Windows\System\jtsIQHW.exe
  2⤵
  PID:8724
- C:\Windows\System\CKOtROI.exe
  C:\Windows\System\CKOtROI.exe
  2⤵
  PID:8768
- C:\Windows\System\tqJvczy.exe
  C:\Windows\System\tqJvczy.exe
  2⤵
  PID:8864
- C:\Windows\System\QwRnZJD.exe
  C:\Windows\System\QwRnZJD.exe
  2⤵
  PID:8912
- C:\Windows\System\ixCkvci.exe
  C:\Windows\System\ixCkvci.exe
  2⤵
  PID:8956
- C:\Windows\System\MOgtNFf.exe
  C:\Windows\System\MOgtNFf.exe
  2⤵
  PID:8996
- C:\Windows\System\ZoVPLNC.exe
  C:\Windows\System\ZoVPLNC.exe
  2⤵
  PID:8976
- C:\Windows\System\ZHgBFye.exe
  C:\Windows\System\ZHgBFye.exe
  2⤵
  PID:9032
- C:\Windows\System\bjBXAZI.exe
  C:\Windows\System\bjBXAZI.exe
  2⤵
  PID:9172
- C:\Windows\System\peTWxLQ.exe
  C:\Windows\System\peTWxLQ.exe
  2⤵
  PID:9212
- C:\Windows\System\GLGNLrp.exe
  C:\Windows\System\GLGNLrp.exe
  2⤵
  PID:8200
- C:\Windows\System\xbIBbPb.exe
  C:\Windows\System\xbIBbPb.exe
  2⤵
  PID:8216
- C:\Windows\System\fMRUlWK.exe
  C:\Windows\System\fMRUlWK.exe
  2⤵
  PID:8284
- C:\Windows\System\ozrgtuI.exe
  C:\Windows\System\ozrgtuI.exe
  2⤵
  PID:8372
- C:\Windows\System\PVCPgPX.exe
  C:\Windows\System\PVCPgPX.exe
  2⤵
  PID:8596
- C:\Windows\System\DfbgZga.exe
  C:\Windows\System\DfbgZga.exe
  2⤵
  PID:8676
- C:\Windows\System\qqSjKRl.exe
  C:\Windows\System\qqSjKRl.exe
  2⤵
  PID:8688
- C:\Windows\System\mzRbhrd.exe
  C:\Windows\System\mzRbhrd.exe
  2⤵
  PID:8808
- C:\Windows\System\JvNJrpP.exe
  C:\Windows\System\JvNJrpP.exe
  2⤵
  PID:8952
- C:\Windows\System\ypFvVtm.exe
  C:\Windows\System\ypFvVtm.exe
  2⤵
  PID:9044
- C:\Windows\System\StXTHre.exe
  C:\Windows\System\StXTHre.exe
  2⤵
  PID:9012
- C:\Windows\System\ZbNqHwJ.exe
  C:\Windows\System\ZbNqHwJ.exe
  2⤵
  PID:9112
- C:\Windows\System\ApJEfBV.exe
  C:\Windows\System\ApJEfBV.exe
  2⤵
  PID:8400
- C:\Windows\System\KCtsfEe.exe
  C:\Windows\System\KCtsfEe.exe
  2⤵
  PID:8620
- C:\Windows\System\QylNskT.exe
  C:\Windows\System\QylNskT.exe
  2⤵
  PID:8880
- C:\Windows\System\ttDODtO.exe
  C:\Windows\System\ttDODtO.exe
  2⤵
  PID:8844
- C:\Windows\System\oVcxYUe.exe
  C:\Windows\System\oVcxYUe.exe
  2⤵
  PID:8644
- C:\Windows\System\GqkhXcO.exe
  C:\Windows\System\GqkhXcO.exe
  2⤵
  PID:8732
- C:\Windows\System\lDDcJga.exe
  C:\Windows\System\lDDcJga.exe
  2⤵
  PID:8848
- C:\Windows\System\LlhosKm.exe
  C:\Windows\System\LlhosKm.exe
  2⤵
  PID:9060
- C:\Windows\System\owpKVpS.exe
  C:\Windows\System\owpKVpS.exe
  2⤵
  PID:8592
- C:\Windows\System\gBpDayj.exe
  C:\Windows\System\gBpDayj.exe
  2⤵
  PID:8488
- C:\Windows\System\uAygZzY.exe
  C:\Windows\System\uAygZzY.exe
  2⤵
  PID:7796
- C:\Windows\System\rNPrkEH.exe
  C:\Windows\System\rNPrkEH.exe
  2⤵
  PID:8788
- C:\Windows\System\EpNktfC.exe
  C:\Windows\System\EpNktfC.exe
  2⤵
  PID:8480
- C:\Windows\System\xKKQFZX.exe
  C:\Windows\System\xKKQFZX.exe
  2⤵
  PID:9108
- C:\Windows\System\VQDRuLx.exe
  C:\Windows\System\VQDRuLx.exe
  2⤵
  PID:9228
- C:\Windows\System\MEJecOe.exe
  C:\Windows\System\MEJecOe.exe
  2⤵
  PID:9256
- C:\Windows\System\isbJVaq.exe
  C:\Windows\System\isbJVaq.exe
  2⤵
  PID:9272
- C:\Windows\System\wrJYzKl.exe
  C:\Windows\System\wrJYzKl.exe
  2⤵
  PID:9292
- C:\Windows\System\uIJdtbL.exe
  C:\Windows\System\uIJdtbL.exe
  2⤵
  PID:9308
- C:\Windows\System\WSQINPl.exe
  C:\Windows\System\WSQINPl.exe
  2⤵
  PID:9332
- C:\Windows\System\tFFpKCF.exe
  C:\Windows\System\tFFpKCF.exe
  2⤵
  PID:9348
- C:\Windows\System\ySvpQLT.exe
  C:\Windows\System\ySvpQLT.exe
  2⤵
  PID:9372
- C:\Windows\System\JKkUgJL.exe
  C:\Windows\System\JKkUgJL.exe
  2⤵
  PID:9392
- C:\Windows\System\tkbNQTJ.exe
  C:\Windows\System\tkbNQTJ.exe
  2⤵
  PID:9412
- C:\Windows\System\IrPqXUg.exe
  C:\Windows\System\IrPqXUg.exe
  2⤵
  PID:9436
- C:\Windows\System\ynmwZna.exe
  C:\Windows\System\ynmwZna.exe
  2⤵
  PID:9452
- C:\Windows\System\wkbRPcO.exe
  C:\Windows\System\wkbRPcO.exe
  2⤵
  PID:9468
- C:\Windows\System\dRWaDTf.exe
  C:\Windows\System\dRWaDTf.exe
  2⤵
  PID:9484
- C:\Windows\System\uhCQLBl.exe
  C:\Windows\System\uhCQLBl.exe
  2⤵
  PID:9512
- C:\Windows\System\IQEnrvQ.exe
  C:\Windows\System\IQEnrvQ.exe
  2⤵
  PID:9532
- C:\Windows\System\mAkdxKj.exe
  C:\Windows\System\mAkdxKj.exe
  2⤵
  PID:9548
- C:\Windows\System\LPctJch.exe
  C:\Windows\System\LPctJch.exe
  2⤵
  PID:9568
- C:\Windows\System\REpVWRS.exe
  C:\Windows\System\REpVWRS.exe
  2⤵
  PID:9588
- C:\Windows\System\JxnxymB.exe
  C:\Windows\System\JxnxymB.exe
  2⤵
  PID:9612
- C:\Windows\System\cCdqyJy.exe
  C:\Windows\System\cCdqyJy.exe
  2⤵
  PID:9632
- C:\Windows\System\hPRMfIg.exe
  C:\Windows\System\hPRMfIg.exe
  2⤵
  PID:9656
- C:\Windows\System\hsWGaJY.exe
  C:\Windows\System\hsWGaJY.exe
  2⤵
  PID:9672
- C:\Windows\System\lNjnLhN.exe
  C:\Windows\System\lNjnLhN.exe
  2⤵
  PID:9692
- C:\Windows\System\gahIxpZ.exe
  C:\Windows\System\gahIxpZ.exe
  2⤵
  PID:9712
- C:\Windows\System\SaPgyyg.exe
  C:\Windows\System\SaPgyyg.exe
  2⤵
  PID:9728
- C:\Windows\System\fdGNvhy.exe
  C:\Windows\System\fdGNvhy.exe
  2⤵
  PID:9748
- C:\Windows\System\yjCRfRm.exe
  C:\Windows\System\yjCRfRm.exe
  2⤵
  PID:9764
- C:\Windows\System\JUJQNAK.exe
  C:\Windows\System\JUJQNAK.exe
  2⤵
  PID:9796
- C:\Windows\System\fVqlwGE.exe
  C:\Windows\System\fVqlwGE.exe
  2⤵
  PID:9812
- C:\Windows\System\gUcfSfR.exe
  C:\Windows\System\gUcfSfR.exe
  2⤵
  PID:9840
- C:\Windows\System\tQtdWHo.exe
  C:\Windows\System\tQtdWHo.exe
  2⤵
  PID:9856
- C:\Windows\System\tDPQBZH.exe
  C:\Windows\System\tDPQBZH.exe
  2⤵
  PID:9880
- C:\Windows\System\AqqpJDm.exe
  C:\Windows\System\AqqpJDm.exe
  2⤵
  PID:9896
- C:\Windows\System\kGtTmiA.exe
  C:\Windows\System\kGtTmiA.exe
  2⤵
  PID:9912
- C:\Windows\System\BxMtJIN.exe
  C:\Windows\System\BxMtJIN.exe
  2⤵
  PID:9928
- C:\Windows\System\GplDDWq.exe
  C:\Windows\System\GplDDWq.exe
  2⤵
  PID:9956
- C:\Windows\System\hBuYFGK.exe
  C:\Windows\System\hBuYFGK.exe
  2⤵
  PID:9972
- C:\Windows\System\szvcWqJ.exe
  C:\Windows\System\szvcWqJ.exe
  2⤵
  PID:9996
- C:\Windows\System\oTabIWy.exe
  C:\Windows\System\oTabIWy.exe
  2⤵
  PID:10016
- C:\Windows\System\vdUeafg.exe
  C:\Windows\System\vdUeafg.exe
  2⤵
  PID:10032
- C:\Windows\System\dzezwXb.exe
  C:\Windows\System\dzezwXb.exe
  2⤵
  PID:10048
- C:\Windows\System\VoSWNUk.exe
  C:\Windows\System\VoSWNUk.exe
  2⤵
  PID:10068
- C:\Windows\System\ERjZLSH.exe
  C:\Windows\System\ERjZLSH.exe
  2⤵
  PID:10084
- C:\Windows\System\Zdfiuvg.exe
  C:\Windows\System\Zdfiuvg.exe
  2⤵
  PID:10108
- C:\Windows\System\MKAOAXB.exe
  C:\Windows\System\MKAOAXB.exe
  2⤵
  PID:10128
- C:\Windows\System\BRacEPq.exe
  C:\Windows\System\BRacEPq.exe
  2⤵
  PID:10148
- C:\Windows\System\KWImNlt.exe
  C:\Windows\System\KWImNlt.exe
  2⤵
  PID:10180
- C:\Windows\System\lMVQQrS.exe
  C:\Windows\System\lMVQQrS.exe
  2⤵
  PID:10196
- C:\Windows\System\rcpDrBR.exe
  C:\Windows\System\rcpDrBR.exe
  2⤵
  PID:10216
- C:\Windows\System\vaqgtMa.exe
  C:\Windows\System\vaqgtMa.exe
  2⤵
  PID:10232
- C:\Windows\System\kzdaYha.exe
  C:\Windows\System\kzdaYha.exe
  2⤵
  PID:9264
- C:\Windows\System\WfLkRIW.exe
  C:\Windows\System\WfLkRIW.exe
  2⤵
  PID:8936
- C:\Windows\System\tmXuZsT.exe
  C:\Windows\System\tmXuZsT.exe
  2⤵
  PID:9244
- C:\Windows\System\tuHNDlv.exe
  C:\Windows\System\tuHNDlv.exe
  2⤵
  PID:9304
- C:\Windows\System\phUtfWo.exe
  C:\Windows\System\phUtfWo.exe
  2⤵
  PID:9320
- C:\Windows\System\tpCTjTq.exe
  C:\Windows\System\tpCTjTq.exe
  2⤵
  PID:9384
- C:\Windows\System\djlDvvR.exe
  C:\Windows\System\djlDvvR.exe
  2⤵
  PID:9424
- C:\Windows\System\QKGnaaQ.exe
  C:\Windows\System\QKGnaaQ.exe
  2⤵
  PID:9444
- C:\Windows\System\pndsrQY.exe
  C:\Windows\System\pndsrQY.exe
  2⤵
  PID:9496
- C:\Windows\System\SAyQCTU.exe
  C:\Windows\System\SAyQCTU.exe
  2⤵
  PID:9544
- C:\Windows\System\BKFmBGp.exe
  C:\Windows\System\BKFmBGp.exe
  2⤵
  PID:9524
- C:\Windows\System\fWptdEn.exe
  C:\Windows\System\fWptdEn.exe
  2⤵
  PID:9556
- C:\Windows\System\bSzGFpb.exe
  C:\Windows\System\bSzGFpb.exe
  2⤵
  PID:9620
- C:\Windows\System\vEolUYq.exe
  C:\Windows\System\vEolUYq.exe
  2⤵
  PID:9640
- C:\Windows\System\KFiDXMd.exe
  C:\Windows\System\KFiDXMd.exe
  2⤵
  PID:9664
- C:\Windows\System\wCDtsnd.exe
  C:\Windows\System\wCDtsnd.exe
  2⤵
  PID:9708
- C:\Windows\System\ApCXkYp.exe
  C:\Windows\System\ApCXkYp.exe
  2⤵
  PID:9688
- C:\Windows\System\xGBExJj.exe
  C:\Windows\System\xGBExJj.exe
  2⤵
  PID:9724
- C:\Windows\System\BXnMIGT.exe
  C:\Windows\System\BXnMIGT.exe
  2⤵
  PID:9780
- C:\Windows\System\FOpEYwh.exe
  C:\Windows\System\FOpEYwh.exe
  2⤵
  PID:9828
- C:\Windows\System\UOJdRqr.exe
  C:\Windows\System\UOJdRqr.exe
  2⤵
  PID:9876
- C:\Windows\System\qncOXcE.exe
  C:\Windows\System\qncOXcE.exe
  2⤵
  PID:9908
- C:\Windows\System\TwWGUAq.exe
  C:\Windows\System\TwWGUAq.exe
  2⤵
  PID:9944
- C:\Windows\System\rblMObc.exe
  C:\Windows\System\rblMObc.exe
  2⤵
  PID:9920
- C:\Windows\System\Bjomzcz.exe
  C:\Windows\System\Bjomzcz.exe
  2⤵
  PID:10056
- C:\Windows\System\hUjkDVs.exe
  C:\Windows\System\hUjkDVs.exe
  2⤵
  PID:9968
- C:\Windows\System\cxKAkpV.exe
  C:\Windows\System\cxKAkpV.exe
  2⤵
  PID:10012
- C:\Windows\System\qnEKybd.exe
  C:\Windows\System\qnEKybd.exe
  2⤵
  PID:10044
- C:\Windows\System\JWxSBlW.exe
  C:\Windows\System\JWxSBlW.exe
  2⤵
  PID:10116
- C:\Windows\System\xKNkeWo.exe
  C:\Windows\System\xKNkeWo.exe
  2⤵
  PID:10160
- C:\Windows\System\nyHiZgl.exe
  C:\Windows\System\nyHiZgl.exe
  2⤵
  PID:10224
- C:\Windows\System\XcFHIsb.exe
  C:\Windows\System\XcFHIsb.exe
  2⤵
  PID:8580
- C:\Windows\System\QuHmdwP.exe
  C:\Windows\System\QuHmdwP.exe
  2⤵
  PID:9300
- C:\Windows\System\qqoPYWT.exe
  C:\Windows\System\qqoPYWT.exe
  2⤵
  PID:9224
- C:\Windows\System\EzBxVOh.exe
  C:\Windows\System\EzBxVOh.exe
  2⤵
  PID:9400
- C:\Windows\System\HILTgdw.exe
  C:\Windows\System\HILTgdw.exe
  2⤵
  PID:9408
- C:\Windows\System\PjmlTjw.exe
  C:\Windows\System\PjmlTjw.exe
  2⤵
  PID:9316
- C:\Windows\System\ZFpSSuH.exe
  C:\Windows\System\ZFpSSuH.exe
  2⤵
  PID:9500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AidkiGS.exe

Filesize
6.0MB

MD5
ee0d9a5d7ca02ee106b864e42198337f

SHA1
62c9f43b8d2494b6655ee77328bb0db8429ec18b

SHA256
51f118ec94d45b545cd7ac5cc7acb351013a041029342d170fd79fd01e71be0a

SHA512
29bd2f11633320fc02d8c20a930c49d6c898c356d98973167cfc40e6f73a92bb4b05b2cef75e7343d3cd50fe20e2e44fb08b7ee0bfcff06c54005d61f0f841de

Download Submit
C:\Windows\system\AwYwukA.exe

Filesize
6.0MB

MD5
17329dfb5fa3eaf0b4d64e0433e928e7

SHA1
b97f27a50398e4584abb0dcc09434f4711316cc7

SHA256
f62f45c28266b0741c9aabb91d8e5542fb1642ca465caf2d7b7b8b8e8924d64f

SHA512
8f7ade8a4f88699a0aaff7ed004106de2f08465a2db8c60577e09dc8872c4ba7032e6012a1af224e872362503951b0880522a9fc4fac262f431795b530721c11

Download Submit
C:\Windows\system\BWUwzSD.exe

Filesize
6.0MB

MD5
1540a2b6432bb55f2801063e0282d9a3

SHA1
bc90c7c1d4c1763ee2cd488414bde3c2f5d84581

SHA256
27c21f195feef6812949534f8090f026f4499ee0e3ed781f62a1be2cf5ef1231

SHA512
7a7f27fe3dc2b69498effaf4f35ed037a4c622bff70f338a18899f4e89836210c40746190ba57b9e0ce1b636e7a1b7136e096a8d9cf7a54515757030975791d6

Download Submit
C:\Windows\system\DLtLbUa.exe

Filesize
6.0MB

MD5
c80382f4bf216c9e214a7f660668b7cb

SHA1
1d152ad1d8bf956027fcae958c634064422f82d1

SHA256
35d0b1bbd43e21e46a39f3910fa53911888607d5641168b8d8921eb71ff1bd0c

SHA512
da590b2f59c7c9ea6f969225593a352f0f60e5bbb30eddcb38dd3cda03ab8e1078c061b8910d1aaaf2e6eb5154c97ecae57eeecac3e2be908031701f5d254250

Download Submit
C:\Windows\system\FzcRXGM.exe

Filesize
8B

MD5
f57d602e9bc509314beb8d317da9d207

SHA1
d8e6f7fde8fd7b44928fbd638ec69fbc2299a6d4

SHA256
345de527950310747e4332a4b582a4add27c62d9370984a08a6204dd7c0f834b

SHA512
557d9ec25aa54e42f15276357fab20fb924a3c64906176506aa1b8cc6b3538edeeacda3d5cac0d3d88cca0c1cf790573e10c1e2f8f82a7d99b7ef9455b37c70b

Download Submit
C:\Windows\system\JtSSgjF.exe

Filesize
6.0MB

MD5
d415b09b25c7c791f2cf47d13537e845

SHA1
a99ec0fd208537f4de38ac26328c9e6614d9933a

SHA256
912c26de42b23fcff727870964de548d2bef8ffaa3a36317db144ce7a342869b

SHA512
b4ac1692f5cd760210ae67fd22dd556d19dc507586a2c7f6c8cdbe930674b865b001c1ec5e54ee8fb48af5d6e277ab420a002104a1593120005d0de90140376b

Download Submit
C:\Windows\system\KoVwYvO.exe

Filesize
6.0MB

MD5
f0283af26380843e680d58a91bc674fe

SHA1
74ceee172198fc5d4d0cf58673114ee67abbc509

SHA256
8331d357a96775513f5882a4fc76f8b8e54c0d4685a714e5f565fb965bba099f

SHA512
d8ff8dc22adf25f4a6f05d7132118568a14e1781234c85080c487c688b7d48306db84a4fd02be873d885abe33b03e595044f6bd1c54f7111168d2a50eda22bd5

Download Submit
C:\Windows\system\MRappJP.exe

Filesize
6.0MB

MD5
a3d1585e7f911e32f66047c04e31e1a1

SHA1
35adb551a88fffccc6082bdfb95358699cc40c0b

SHA256
3859518528cdf992aafcfeb66b0ef58a9c9406f77c710155929367f4f8ee23b8

SHA512
50e23fa4e28ac3f9d39d7840b5f551a768e9ef1a9239999b5a149654fc2a20e66eaeb2c9be1d98a6f2012e474277ca26287000570a3f535fade0afa04a7e1ac0

Download Submit
C:\Windows\system\OthZtYh.exe

Filesize
6.0MB

MD5
3f305e869cdd2ba977ed5a9509279aad

SHA1
629e4cf2155894a8d8a7d22ac71ef4b7146b60c9

SHA256
03ee6777c24d9e599d20c0a5e7acd24158c8791dd603b158ff6090858bb2a885

SHA512
6368888b5bb5918eb0da6f6888418edeb6a5ca21df0d14cba7fa8d1610cf0126ca29db4b0a29d8fcc6aa753cc62fcf358ddfed613207a1cbe33a86960e7ef3ef

Download Submit
C:\Windows\system\SQgBIDb.exe

Filesize
6.0MB

MD5
53021c4231f1a49e38bb663a35370149

SHA1
d6e61509c892aa06f6f3c553795af380126cbb52

SHA256
685b5b3432b8bc17694eb076acd5e264e0096e584b7b872bf728eb02482bba46

SHA512
07bcf3ba199844a79edc0926320d884fca370cbd019d9b9f9fe9de7ce62339f5baa0074ba72b6c691b9f4478c404e25060f0bd48268ff32152057c58df335fd0

Download Submit
C:\Windows\system\SZXQUVg.exe

Filesize
6.0MB

MD5
6f8cd2e4522523016a383fdfe8ff49ed

SHA1
b1da1e163d2b5a3b1f1b563781eaa77146e83d31

SHA256
8f34b9c005a649b2bc3e42d7def47080da46fee577e9e14d8537c208087e743f

SHA512
23cb429d99eb29477bef4d97b25e2c608bee604412fac8540cac1763d5a72a02ebf7ef1647285018d39bd950e4d40ade2bbcd1204b50f5d4f52becbdef6c175e

Download Submit
C:\Windows\system\TSkyNKh.exe

Filesize
6.0MB

MD5
e57b9edb438707fa89dab04dc7563f3b

SHA1
a5c2ca902d37c69412f536181a9285c39055813c

SHA256
995a722c444a34328b97086372c7667b9af7e39e407d5374849f52a24240ed6e

SHA512
1e6e61e669240a5c3a21cae219acc8be7ec632dfb525eb1c3d10d0c64544af206da2ccfad3e0fc1ca2530cc0b70d026a4b672e58933e330905f5622382b94d87

Download Submit
C:\Windows\system\UBtBcpo.exe

Filesize
6.0MB

MD5
c685dd2a185e7f66a73f267a76d9412a

SHA1
fd898d61c20d377cee449f111eb61f324f66fcc7

SHA256
7dbe06790d1a1338284905919ccc3eba4b37a593bd1c9d7180f18ce9e755857c

SHA512
d3daad975c9bd40aeab9480a9d99c5ddeffffc811735ef256a0a33085b91b0556044aee1830a6d51db0bfa38672b88e813a699681c85f4f19bcf03deabf7cde8

Download Submit
C:\Windows\system\WVrBSFF.exe

Filesize
6.0MB

MD5
78a95c8fbb8e1e59263370e4b76aa11c

SHA1
af7a7e547f36ef6f014d033357db2d4adbe084e2

SHA256
e628ed547d35b6bf4fe49a7b38e2284a577997611de41da54a0f1e330c526cce

SHA512
c2bdeda712645b3313b593f11c67bd87dbd21a32537840c9996abd0e6b230d2223eede7f50ee96fafb6ddcafea44642629eb56f96f47fdcc07de221dd8ccf332

Download Submit
C:\Windows\system\WgCHkek.exe

Filesize
6.0MB

MD5
e9177d6c486cbc6f0c11710a91f42f0a

SHA1
b7e0f744dbf304dbf83943c8e8fbc333af78a681

SHA256
8eb5742a4d9ec425ed22cc4ba4596bbcb533ff9955523876a9968a2d789b16f9

SHA512
60ce2414dc3669846700f82949c20abd0f0d1664cdcc910983b0711d54006c0969886bcd53e78c626228508e738ac8c85dffb0613b40a18ab6e6091122aafc13

Download Submit
C:\Windows\system\ZusQaaO.exe

Filesize
6.0MB

MD5
fae38a04d57bb18dc81d2a6906a70896

SHA1
a77adefb5429ca058f24bad34bf8411eb37e7ca0

SHA256
a2028ff1cece5a63245bcff679dcf3a532a63f6ca9ce5eac6e3290c34b514ae1

SHA512
cab3ae02f3ce6d21efa5d50a49bda68feb64816ebc1a65da41e13f7cc276d827b990fc1aec6e9575b023de2a95835515d4e6a4eed87ba359c3158cdd1301a587

Download Submit
C:\Windows\system\cdzgGOt.exe

Filesize
6.0MB

MD5
780aabab8b6b0c9b2b993491e93b48cc

SHA1
0e9d62a18c498dc683b37b92712e2307babfbe71

SHA256
b159cc51488e6334a604e5c01698c3ccf86d4905d8ec9f29f179ca3edcfd6f57

SHA512
cef3ff674fbd116cd8fc47d26b0cbef37e9d19f4bc24c7780bfdaee5cd2cd76fc3b30c2e75462336796692f3ce31d0303bb0dc1b5d2b5daa8434032fa17bab4e

Download Submit
C:\Windows\system\dqNaLNX.exe

Filesize
6.0MB

MD5
8c30ac86330e9744375d570cc765d4fe

SHA1
e6e8758a1330c7171ddb12d350a55b2b5e844384

SHA256
ad6bf6d2e66644f2a5a18386ebc870af72840f01358fb2f61611608b07f4c71e

SHA512
5bcd587daa1d051dec7d3018c30098c63149a61752b326d698d9c7b2f6da72fef3e7c8cf3d07e75de2890dd0e78595a4612c7a27f572fcad605f99aebad39ceb

Download Submit
C:\Windows\system\eCmtOgu.exe

Filesize
6.0MB

MD5
a0dc964d1abac3bb0a06cb3a6de820c8

SHA1
9ce4254c164d422f4f5ea7697f73dc6d9a904281

SHA256
a5ddac7e23fac385bb647db94eb27518b4f0dfd178567c56f213d9d64d7b47e2

SHA512
e1914dcc08478a156637c063a4e0c09b4f6fde01421dfa14f6f27622d302243b867c36acd9c982bfb489d77f87b46ce551dd1ed2ad4dc6243b0b02cd730954a1

Download Submit
C:\Windows\system\eMovGuE.exe

Filesize
6.0MB

MD5
9f49bb318dd13eeb368a8755f439fcf2

SHA1
5675e4d0cc1e088d9fc70e4bfc86b3859351e701

SHA256
c6ea8fdf0cbea2a6b7b8dfa2db5634f6568295ac764638cf16c9df60e889d379

SHA512
a17e7454e16dea93648c388a821b5a58d82da4020cfe77d7b1793fd1870ebbaf1f50a2bca9a76c8c75f90df3fc8a6e30b758c64da7b2bc849c4f5a58249f45ab

Download Submit
C:\Windows\system\eoXunNZ.exe

Filesize
6.0MB

MD5
7dbad5d9c7da4bb94b1de83eedbb6222

SHA1
5c76739a695380cc7ca8750e10c3dcfb564aa575

SHA256
2a021a7a9dbda2a6e465bcbdc88e1fb825ab8b558e9b2db4418f0be976d60d38

SHA512
4a401f1e3a8a21e94e71fcd0a0eca26ffc37e5fd0620270227f2c3564f107b5c656eea05c4976f36ddc79a340d2644621fa4b35fc01911b7ab50222c7e831e05

Download Submit
C:\Windows\system\lNovyXW.exe

Filesize
6.0MB

MD5
2f2a404517e80f41ce323cd236401905

SHA1
f46319fef8f04da25fcc19fd868e3a7e91bb3d3b

SHA256
13878b0b3962ea005694743ffa2cac50b26ab6da64ef9fb6635c1403f2fb24f2

SHA512
4fd1cfa5292b5a73a5aeb253ac6390154a76c9f1f6d08ea3e9d2802cbdd94522451976b698a0a3c05a393ea8cee91205069c0d173d36adaed5cb74127b6575f7

Download Submit
C:\Windows\system\mFHeiVG.exe

Filesize
6.0MB

MD5
f9bbac104c0957c0e97b7232ec1a322c

SHA1
a7bfbf27754f7b1fe15e00e314b877c72c313903

SHA256
13fa948966af546d6c59d6f336b11f037a3d90fbc5a01ac386998c17c5367969

SHA512
cb8feed34c7abbf05c1a711d7e29b0757dfb5d47e5908f82721c8b3206ff3feed9d467468855e6df12ea1ffa823fe8589bdc54484b6772fea66916f87b8b30e0

Download Submit
C:\Windows\system\mOySRBm.exe

Filesize
6.0MB

MD5
24e9344442b7b45c3297e7ce9ee7c50a

SHA1
cfb81e6bd4229e918ca60a02f197975a2d5982e1

SHA256
6c6052625839d1f2a0ef567a4ebbfff039e270c64e358ea4a624cc2831e485f0

SHA512
742717f24dc611fe0fb23dbc90cbf0819a890ac504ac8147b3df0a471f3f6c5af685c072e229ac9b078d76be34421fd43d93a403429175126a91e13ca36c8018

Download Submit
C:\Windows\system\nnqgpwX.exe

Filesize
6.0MB

MD5
181b404b9f4dc10da68974079e87e890

SHA1
ed9790a22c8f127e84711491dd8aee312c4a9f04

SHA256
dd929349eee64317f4ba25402217ba232f68c7649e9b7a992ff6d61d069a68ec

SHA512
f7a85f7d5296b8ff56370ff36ab749d31067eede6881b76a66aefabe7218030e5d2641d2b06a2d02b1acc95a9c607b85af31e0fb13cb619d9a8eef3e3a8b4a2e

Download Submit
C:\Windows\system\phKGXVg.exe

Filesize
6.0MB

MD5
7227820b977db27c38f991981f200be2

SHA1
bb46019dd735d1c3875b95bc98aae756962987b1

SHA256
3d17fd694968cfc47f3195216e09dde18dff7d1383b30de445a97c9f31190da8

SHA512
70e3d91aae9e33fc966b2ec988337262b962677f97a6f6b1259d27cbd6287700fcdaddfaa816d23646e919977f9260a8f63259b87206499d3e907ad66f2afb0f

Download Submit
C:\Windows\system\sMwpWJm.exe

Filesize
6.0MB

MD5
f61e304fc1697b50e8bf1296197d4cb8

SHA1
5fadaf476fe98805e3b1c8f61ba105d5ea2418cb

SHA256
b05e7b64b7c7c8a588ec63bb207871a7e5a09a1fc17a01b4a5e01614c60308ef

SHA512
6318b9f2459fb97d8964dfe28b261b75c00af40ed261aaca5b2fe208bef78097dceed91a8c4cf812df70045e379e7fcbb3735a42469414cf5288cb5579b9d798

Download Submit
C:\Windows\system\uvkLpdR.exe

Filesize
6.0MB

MD5
f12df09c1151c6ce53e83c50b2e6dd60

SHA1
1e8b43fd0b126950a49942d041ec3d1f23f4b91b

SHA256
29e68665ec713d29c16765273a5b491568b2f04836fab249874b8f38caba7b0d

SHA512
73c684d0d14de17f031924db89fc8d233c8768fab122791e3aae84de832a840fb898585e4baed80990360ed49c98f22391f951bda0f15088f01fc7aa78bf641f

Download Submit
C:\Windows\system\yHyhWLa.exe

Filesize
6.0MB

MD5
4e4eb78ef1a2de29ac1052d4494da506

SHA1
96e493711ed3331cce6b126f8815d70225496e69

SHA256
4087f8901a7a84016c245bf224e2614c64c067efed064c12134d9a60b8b7cfc2

SHA512
853e1cf7b0373e9e4a690c8b04b49abb91ab03c0382f29cbbeaf9038f17e45aa6f800c519d5e3d09592e7e57964031331181079e297cc66150512f1efd9a48be

Download Submit
C:\Windows\system\ynmdZPo.exe

Filesize
6.0MB

MD5
efddd942b796ba4932ed18c160194691

SHA1
810a9c396855391a5e7f748cf1bc115aacf14fb9

SHA256
eeac19cbfb4d6e45a4420c8600522ccea1415952486163e8d7143463cf0d370c

SHA512
2985d5aed0671b79a268d96801a6bdbd0035b9d6bf2a614f815673dd82397d37b6c224d46885e3fd2654fd19cfa19c11c0b3899f58248e67c5ab634b1e0ad89b

Download Submit
\Windows\system\DoMGDyZ.exe

Filesize
6.0MB

MD5
9e08673b5e71526f182b47ad7165fe21

SHA1
3116128e611a3eb9f275a218b41f0bd78d4743b9

SHA256
abd9b0ce5ae77bfbc6ac83f34ea9d8ed646a9b56bcca147347481154d15c2dc4

SHA512
68bd6f1c3dd635ae3cb2336068d3c56266a929d31c20ec3117dc1a70f1c33e7b914467c62f2eede8be4de1a09808842c68b1f862a9915b27179884bdae13b6ac

Download Submit
\Windows\system\ImsGTXB.exe

Filesize
6.0MB

MD5
a37fa776e2e83c3b8bc20105e4b4178c

SHA1
a0481c21994d256f62fa181191099db36fae55b6

SHA256
d268f9a9ab1620bd07e68b056c9c0953169293dddbded0a8946fb00a45a07afc

SHA512
c4935ed546e02f37e7e9ded70366bf1abc9460f10b08188fc9b440bfdf0d943f9caaa21fabd88884da618c3f411e98609eead72000ff21c4e8a40a69bbad8e8d

Download Submit
\Windows\system\aAaqJmf.exe

Filesize
6.0MB

MD5
36740fac9df3beb3d00f775da70b12aa

SHA1
73fe63f07f9d502d03362945b0c5af8534a925e6

SHA256
55399da893db2abf0913aa66d9138a00869f1104524fb8c99442215a9a0c7d95

SHA512
42a4fcca0fa536db8a3127d22f71c499a47e583777a1171bd2b75f5b25324dd85cde58dea6767e1682b6e784f3fece61a7c4a2cb5026a081cdd5c4d466eacadb

Download Submit
memory/1664-1105-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-104-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-3324-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-77-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1868-71-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-33-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1868-0-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1868-61-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1868-114-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1868-13-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1868-26-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1868-73-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1868-1094-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-1095-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1868-103-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1868-1110-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1868-108-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-70-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1868-63-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-52-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-39-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/1920-15-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3241-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3275-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-57-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-66-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3286-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2244-76-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-11-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3274-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-752-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3303-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-74-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-82-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3299-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1072-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-43-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3277-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3288-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-78-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-911-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-29-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3276-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2720-93-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3284-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2724-72-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1092-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-85-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3313-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3278-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2788-50-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2788-110-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download