cobaltstrike | 57496b0d6ffe956744963cc4688f6a0f895b7f41b14b191b7299eb0f13ce4e06

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7d28d9eae272dd91273c2d23fc3d4d13
SHA1

a97171ac3438178f1cbd117b92ae97e898cff525
SHA256

57496b0d6ffe956744963cc4688f6a0f895b7f41b14b191b7299eb0f13ce4e06
SHA512

8e488c7750f9b236c1d9fc610f1e239bf108be776e95d628185d4fbec989807726192247d3de718dd4289b575e1c2cbdc4db21ba3a784977016ca70fa82d366f
SSDEEP

98304:MLCNtIimedfE0pZXJ56utgpPFotBER/mQ32lUB:aEIiH56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001226a-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001612f-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161f6-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016855-36.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001662e-34.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016aa9-48.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658c-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c62-56.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-78.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-77.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015e71-74.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-93.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-88.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-108.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-150.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-195.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-180.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-170.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-160.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-165.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-145.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-130.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-125.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1392-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000b00000001226a-6.dat	xmrig
behavioral1/memory/1992-8-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x000800000001612f-9.dat	xmrig
behavioral1/memory/2216-14-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x00080000000161f6-15.dat	xmrig
behavioral1/memory/3048-24-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0007000000016855-36.dat	xmrig
behavioral1/memory/1392-37-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2732-41-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2680-35-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x000700000001662e-34.dat	xmrig
behavioral1/memory/2912-50-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0008000000016aa9-48.dat	xmrig
behavioral1/memory/1392-45-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2140-32-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/1392-28-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000700000001658c-26.dat	xmrig
behavioral1/memory/1392-39-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/1392-19-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2216-53-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/3048-54-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2140-55-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c62-56.dat	xmrig
behavioral1/memory/1392-65-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f1-78.dat	xmrig
behavioral1/memory/2608-84-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2556-83-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2756-80-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x000600000001706d-77.dat	xmrig
behavioral1/files/0x0009000000015e71-74.dat	xmrig
behavioral1/memory/2992-95-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2912-94-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x00060000000173da-93.dat	xmrig
behavioral1/memory/1392-92-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1392-91-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/1392-89-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f4-88.dat	xmrig
behavioral1/memory/2732-87-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/1392-86-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2352-85-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1392-72-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2680-59-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x00060000000173fc-100.dat	xmrig
behavioral1/files/0x0006000000017487-108.dat	xmrig
behavioral1/memory/1092-118-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x000d00000001866e-135.dat	xmrig
behavioral1/files/0x0005000000018687-138.dat	xmrig
behavioral1/files/0x0006000000018c1a-150.dat	xmrig
behavioral1/files/0x00060000000190e0-175.dat	xmrig
behavioral1/memory/1108-738-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2992-585-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/1392-370-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/1392-222-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001922c-190.dat	xmrig
behavioral1/files/0x0005000000019244-195.dat	xmrig
behavioral1/files/0x00050000000191ff-184.dat	xmrig
behavioral1/files/0x00050000000191d4-180.dat	xmrig
behavioral1/files/0x00060000000190ce-170.dat	xmrig
behavioral1/files/0x0006000000018f53-160.dat	xmrig
behavioral1/files/0x000600000001903b-165.dat	xmrig
behavioral1/files/0x0006000000018c26-155.dat	xmrig
behavioral1/files/0x0005000000018792-145.dat	xmrig
behavioral1/files/0x0014000000018663-130.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1992	WJLmKqs.exe
2216	FmQMQNL.exe
3048	XBzTmws.exe
2140	jaJbfvl.exe
2680	IEaEciQ.exe
2732	TJWOfnw.exe
2912	Nolujto.exe
2756	TydhqFP.exe
2556	EpzuqLp.exe
2608	DhjBAyT.exe
2352	QtcAcVx.exe
2992	jtTAAYp.exe
1108	JhMZiMP.exe
1092	MwnbWmD.exe
2280	mWpcdjG.exe
584	seqbBeF.exe
2164	AzDpCfI.exe
2444	ratpQTN.exe
284	MMvekZj.exe
752	KTBfDeb.exe
2604	xTHAbQP.exe
852	RRlCftZ.exe
2968	qOUOKzQ.exe
2392	YWgvCVE.exe
2864	vRTjzGv.exe
2376	OzHXdev.exe
1152	qiLfgEJ.exe
2384	BarBStr.exe
1944	XiXGXmu.exe
1088	eeRGYEh.exe
756	XVNOYcH.exe
1724	BDoKnOE.exe
916	funyWKG.exe
2496	pAFCBdW.exe
1628	QcNjows.exe
2808	skwuSdb.exe
776	dfvfxBt.exe
1820	QKVqzfw.exe
2116	vOWAyMV.exe
2368	doOBxGo.exe
1900	MoUhPEh.exe
1760	dMmadrv.exe
1808	tYjPSbZ.exe
2972	WMMkPuN.exe
688	jljDxOk.exe
2468	iSpSauT.exe
1752	wYfutAl.exe
1844	JdIwaRb.exe
2256	rerAtnq.exe
2908	ndnZQwi.exe
1600	WIHpQeR.exe
1604	KhVuvYG.exe
2248	opHZcnq.exe
2108	YUVYnEO.exe
2196	dnYIrig.exe
2788	hzrcnnu.exe
2672	hlKbZVo.exe
2472	qFrItjA.exe
2744	RHgDJjG.exe
2768	KqgBZMX.exe
2200	lSUCElQ.exe
2692	UTHgXdI.exe
2572	pyzwbyA.exe
2532	xoaPEoo.exe

Loads dropped DLL 64 IoCs

pid	Process
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1392-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000b00000001226a-6.dat	upx
behavioral1/memory/1992-8-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x000800000001612f-9.dat	upx
behavioral1/memory/2216-14-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x00080000000161f6-15.dat	upx
behavioral1/memory/3048-24-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0007000000016855-36.dat	upx
behavioral1/memory/1392-37-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2732-41-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2680-35-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x000700000001662e-34.dat	upx
behavioral1/memory/2912-50-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0008000000016aa9-48.dat	upx
behavioral1/memory/2140-32-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x000700000001658c-26.dat	upx
behavioral1/memory/2216-53-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/3048-54-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2140-55-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0008000000016c62-56.dat	upx
behavioral1/files/0x00060000000173f1-78.dat	upx
behavioral1/memory/2608-84-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2556-83-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2756-80-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x000600000001706d-77.dat	upx
behavioral1/files/0x0009000000015e71-74.dat	upx
behavioral1/memory/2992-95-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2912-94-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x00060000000173da-93.dat	upx
behavioral1/memory/1392-92-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00060000000173f4-88.dat	upx
behavioral1/memory/2732-87-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2352-85-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2680-59-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x00060000000173fc-100.dat	upx
behavioral1/files/0x0006000000017487-108.dat	upx
behavioral1/memory/1092-118-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x000d00000001866e-135.dat	upx
behavioral1/files/0x0005000000018687-138.dat	upx
behavioral1/files/0x0006000000018c1a-150.dat	upx
behavioral1/files/0x00060000000190e0-175.dat	upx
behavioral1/memory/1108-738-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2992-585-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x000500000001922c-190.dat	upx
behavioral1/files/0x0005000000019244-195.dat	upx
behavioral1/files/0x00050000000191ff-184.dat	upx
behavioral1/files/0x00050000000191d4-180.dat	upx
behavioral1/files/0x00060000000190ce-170.dat	upx
behavioral1/files/0x0006000000018f53-160.dat	upx
behavioral1/files/0x000600000001903b-165.dat	upx
behavioral1/files/0x0006000000018c26-155.dat	upx
behavioral1/files/0x0005000000018792-145.dat	upx
behavioral1/files/0x0014000000018663-130.dat	upx
behavioral1/files/0x00060000000174a2-120.dat	upx
behavioral1/files/0x0006000000017472-119.dat	upx
behavioral1/files/0x0006000000017525-125.dat	upx
behavioral1/memory/1108-105-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2140-2834-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2216-2831-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/1992-2827-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/3048-2843-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2732-2845-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2680-2848-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2912-2849-0x000000013F600000-0x000000013F954000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pRJJPVR.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKKwcpu.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUJerPr.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWSYDWG.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXrDmSc.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDXXDBG.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNITYHY.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSmjPyi.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELCvoUp.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuaOslO.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNmBexp.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofAbLTK.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDSTmIV.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEGcSxg.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiatYKr.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSKhwpO.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpEFDGU.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nPsDYKs.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElcJaZI.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvKkpGW.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmjcOhW.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLntihl.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVLzsyS.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHaFFiM.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzPoRmH.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMfAiBk.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcIGTmD.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXsVnvq.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMSqQNu.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkNLtIB.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZFBSpv.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eueYNCu.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wyuwold.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPDGYVy.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqMvekH.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKQMrbG.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALXyVRE.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsrLWBN.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVHDsWM.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QObndnG.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVEFKMr.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTqJjOp.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsDbaJf.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjqGSvq.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXvVCVU.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyfUoGp.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsBHbKe.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjbBlbR.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUzTWAH.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvNhsYn.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtriYIx.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdYYFWU.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDXTVDX.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXubYAO.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwZbtwb.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvGFvkp.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVFbmyo.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psYvyMY.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQjwAEP.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngqZPJa.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzHXdev.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rubesmb.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCRECgC.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiJHFMJ.exe	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 1992	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1392 wrote to memory of 1992	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1392 wrote to memory of 1992	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1392 wrote to memory of 2216	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1392 wrote to memory of 2216	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1392 wrote to memory of 2216	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1392 wrote to memory of 3048	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1392 wrote to memory of 3048	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1392 wrote to memory of 3048	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1392 wrote to memory of 2140	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1392 wrote to memory of 2140	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1392 wrote to memory of 2140	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1392 wrote to memory of 2680	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1392 wrote to memory of 2680	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1392 wrote to memory of 2680	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1392 wrote to memory of 2732	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1392 wrote to memory of 2732	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1392 wrote to memory of 2732	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1392 wrote to memory of 2912	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1392 wrote to memory of 2912	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1392 wrote to memory of 2912	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1392 wrote to memory of 2756	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1392 wrote to memory of 2756	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1392 wrote to memory of 2756	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1392 wrote to memory of 2556	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1392 wrote to memory of 2556	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1392 wrote to memory of 2556	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1392 wrote to memory of 2608	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1392 wrote to memory of 2608	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1392 wrote to memory of 2608	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1392 wrote to memory of 2992	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1392 wrote to memory of 2992	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1392 wrote to memory of 2992	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1392 wrote to memory of 2352	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1392 wrote to memory of 2352	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1392 wrote to memory of 2352	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1392 wrote to memory of 1108	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1392 wrote to memory of 1108	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1392 wrote to memory of 1108	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1392 wrote to memory of 1092	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1392 wrote to memory of 1092	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1392 wrote to memory of 1092	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1392 wrote to memory of 584	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1392 wrote to memory of 584	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1392 wrote to memory of 584	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1392 wrote to memory of 2280	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1392 wrote to memory of 2280	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1392 wrote to memory of 2280	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1392 wrote to memory of 2164	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1392 wrote to memory of 2164	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1392 wrote to memory of 2164	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1392 wrote to memory of 2444	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1392 wrote to memory of 2444	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1392 wrote to memory of 2444	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1392 wrote to memory of 284	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1392 wrote to memory of 284	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1392 wrote to memory of 284	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1392 wrote to memory of 752	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1392 wrote to memory of 752	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1392 wrote to memory of 752	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1392 wrote to memory of 2604	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1392 wrote to memory of 2604	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1392 wrote to memory of 2604	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1392 wrote to memory of 852	1392	2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_7d28d9eae272dd91273c2d23fc3d4d13_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\System\WJLmKqs.exe
  C:\Windows\System\WJLmKqs.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\FmQMQNL.exe
  C:\Windows\System\FmQMQNL.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\XBzTmws.exe
  C:\Windows\System\XBzTmws.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\jaJbfvl.exe
  C:\Windows\System\jaJbfvl.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\IEaEciQ.exe
  C:\Windows\System\IEaEciQ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\TJWOfnw.exe
  C:\Windows\System\TJWOfnw.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\Nolujto.exe
  C:\Windows\System\Nolujto.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\TydhqFP.exe
  C:\Windows\System\TydhqFP.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\EpzuqLp.exe
  C:\Windows\System\EpzuqLp.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\DhjBAyT.exe
  C:\Windows\System\DhjBAyT.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\jtTAAYp.exe
  C:\Windows\System\jtTAAYp.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\QtcAcVx.exe
  C:\Windows\System\QtcAcVx.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\JhMZiMP.exe
  C:\Windows\System\JhMZiMP.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\MwnbWmD.exe
  C:\Windows\System\MwnbWmD.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\seqbBeF.exe
  C:\Windows\System\seqbBeF.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\mWpcdjG.exe
  C:\Windows\System\mWpcdjG.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\AzDpCfI.exe
  C:\Windows\System\AzDpCfI.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ratpQTN.exe
  C:\Windows\System\ratpQTN.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\MMvekZj.exe
  C:\Windows\System\MMvekZj.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\KTBfDeb.exe
  C:\Windows\System\KTBfDeb.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\xTHAbQP.exe
  C:\Windows\System\xTHAbQP.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\RRlCftZ.exe
  C:\Windows\System\RRlCftZ.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\qOUOKzQ.exe
  C:\Windows\System\qOUOKzQ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\YWgvCVE.exe
  C:\Windows\System\YWgvCVE.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\vRTjzGv.exe
  C:\Windows\System\vRTjzGv.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\OzHXdev.exe
  C:\Windows\System\OzHXdev.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\qiLfgEJ.exe
  C:\Windows\System\qiLfgEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\BarBStr.exe
  C:\Windows\System\BarBStr.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\XiXGXmu.exe
  C:\Windows\System\XiXGXmu.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\eeRGYEh.exe
  C:\Windows\System\eeRGYEh.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\XVNOYcH.exe
  C:\Windows\System\XVNOYcH.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\BDoKnOE.exe
  C:\Windows\System\BDoKnOE.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\funyWKG.exe
  C:\Windows\System\funyWKG.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\pAFCBdW.exe
  C:\Windows\System\pAFCBdW.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\QcNjows.exe
  C:\Windows\System\QcNjows.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\skwuSdb.exe
  C:\Windows\System\skwuSdb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\dfvfxBt.exe
  C:\Windows\System\dfvfxBt.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\QKVqzfw.exe
  C:\Windows\System\QKVqzfw.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\vOWAyMV.exe
  C:\Windows\System\vOWAyMV.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\doOBxGo.exe
  C:\Windows\System\doOBxGo.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\MoUhPEh.exe
  C:\Windows\System\MoUhPEh.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\dMmadrv.exe
  C:\Windows\System\dMmadrv.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\tYjPSbZ.exe
  C:\Windows\System\tYjPSbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\WMMkPuN.exe
  C:\Windows\System\WMMkPuN.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\jljDxOk.exe
  C:\Windows\System\jljDxOk.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\iSpSauT.exe
  C:\Windows\System\iSpSauT.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\wYfutAl.exe
  C:\Windows\System\wYfutAl.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\JdIwaRb.exe
  C:\Windows\System\JdIwaRb.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\rerAtnq.exe
  C:\Windows\System\rerAtnq.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ndnZQwi.exe
  C:\Windows\System\ndnZQwi.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\WIHpQeR.exe
  C:\Windows\System\WIHpQeR.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\KhVuvYG.exe
  C:\Windows\System\KhVuvYG.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\opHZcnq.exe
  C:\Windows\System\opHZcnq.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\YUVYnEO.exe
  C:\Windows\System\YUVYnEO.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\dnYIrig.exe
  C:\Windows\System\dnYIrig.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\hzrcnnu.exe
  C:\Windows\System\hzrcnnu.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\hlKbZVo.exe
  C:\Windows\System\hlKbZVo.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\qFrItjA.exe
  C:\Windows\System\qFrItjA.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\RHgDJjG.exe
  C:\Windows\System\RHgDJjG.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\KqgBZMX.exe
  C:\Windows\System\KqgBZMX.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\lSUCElQ.exe
  C:\Windows\System\lSUCElQ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\UTHgXdI.exe
  C:\Windows\System\UTHgXdI.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\pyzwbyA.exe
  C:\Windows\System\pyzwbyA.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\xoaPEoo.exe
  C:\Windows\System\xoaPEoo.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\oYxMHOe.exe
  C:\Windows\System\oYxMHOe.exe
  2⤵
  PID:2996
- C:\Windows\System\jPVIXcR.exe
  C:\Windows\System\jPVIXcR.exe
  2⤵
  PID:2588
- C:\Windows\System\PENTnrf.exe
  C:\Windows\System\PENTnrf.exe
  2⤵
  PID:2012
- C:\Windows\System\CNVYavX.exe
  C:\Windows\System\CNVYavX.exe
  2⤵
  PID:1700
- C:\Windows\System\DpeqnaU.exe
  C:\Windows\System\DpeqnaU.exe
  2⤵
  PID:552
- C:\Windows\System\mcOEogz.exe
  C:\Windows\System\mcOEogz.exe
  2⤵
  PID:2840
- C:\Windows\System\ZJJrFjv.exe
  C:\Windows\System\ZJJrFjv.exe
  2⤵
  PID:2868
- C:\Windows\System\pQEnggG.exe
  C:\Windows\System\pQEnggG.exe
  2⤵
  PID:808
- C:\Windows\System\dltPQGo.exe
  C:\Windows\System\dltPQGo.exe
  2⤵
  PID:1660
- C:\Windows\System\eVodAtC.exe
  C:\Windows\System\eVodAtC.exe
  2⤵
  PID:2624
- C:\Windows\System\DyMHehu.exe
  C:\Windows\System\DyMHehu.exe
  2⤵
  PID:2716
- C:\Windows\System\HJlAKzB.exe
  C:\Windows\System\HJlAKzB.exe
  2⤵
  PID:1316
- C:\Windows\System\GXVRpiI.exe
  C:\Windows\System\GXVRpiI.exe
  2⤵
  PID:1484
- C:\Windows\System\SbfDEEW.exe
  C:\Windows\System\SbfDEEW.exe
  2⤵
  PID:1620
- C:\Windows\System\SfcmvRi.exe
  C:\Windows\System\SfcmvRi.exe
  2⤵
  PID:1956
- C:\Windows\System\JwcZOKx.exe
  C:\Windows\System\JwcZOKx.exe
  2⤵
  PID:1520
- C:\Windows\System\odMDkdB.exe
  C:\Windows\System\odMDkdB.exe
  2⤵
  PID:1332
- C:\Windows\System\fNpYTOX.exe
  C:\Windows\System\fNpYTOX.exe
  2⤵
  PID:2944
- C:\Windows\System\kufadhP.exe
  C:\Windows\System\kufadhP.exe
  2⤵
  PID:1776
- C:\Windows\System\FvVdaBG.exe
  C:\Windows\System\FvVdaBG.exe
  2⤵
  PID:2220
- C:\Windows\System\VgeLMXu.exe
  C:\Windows\System\VgeLMXu.exe
  2⤵
  PID:996
- C:\Windows\System\xrJjWPA.exe
  C:\Windows\System\xrJjWPA.exe
  2⤵
  PID:2072
- C:\Windows\System\xjjsnkL.exe
  C:\Windows\System\xjjsnkL.exe
  2⤵
  PID:2980
- C:\Windows\System\cFHayLb.exe
  C:\Windows\System\cFHayLb.exe
  2⤵
  PID:3044
- C:\Windows\System\rtNlEvK.exe
  C:\Windows\System\rtNlEvK.exe
  2⤵
  PID:1512
- C:\Windows\System\hCRJReL.exe
  C:\Windows\System\hCRJReL.exe
  2⤵
  PID:2956
- C:\Windows\System\xdEFumH.exe
  C:\Windows\System\xdEFumH.exe
  2⤵
  PID:2148
- C:\Windows\System\cOAFLCf.exe
  C:\Windows\System\cOAFLCf.exe
  2⤵
  PID:1800
- C:\Windows\System\KJswlEf.exe
  C:\Windows\System\KJswlEf.exe
  2⤵
  PID:2772
- C:\Windows\System\uxRPVRR.exe
  C:\Windows\System\uxRPVRR.exe
  2⤵
  PID:2728
- C:\Windows\System\vMSAUdk.exe
  C:\Windows\System\vMSAUdk.exe
  2⤵
  PID:2676
- C:\Windows\System\ROWAydF.exe
  C:\Windows\System\ROWAydF.exe
  2⤵
  PID:2764
- C:\Windows\System\CAthgHl.exe
  C:\Windows\System\CAthgHl.exe
  2⤵
  PID:2816
- C:\Windows\System\uTXwAvL.exe
  C:\Windows\System\uTXwAvL.exe
  2⤵
  PID:1028
- C:\Windows\System\rEsdEtE.exe
  C:\Windows\System\rEsdEtE.exe
  2⤵
  PID:3028
- C:\Windows\System\EcMAnCh.exe
  C:\Windows\System\EcMAnCh.exe
  2⤵
  PID:2512
- C:\Windows\System\gqXFBRM.exe
  C:\Windows\System\gqXFBRM.exe
  2⤵
  PID:1968
- C:\Windows\System\RxSoSxg.exe
  C:\Windows\System\RxSoSxg.exe
  2⤵
  PID:2464
- C:\Windows\System\PxoowOz.exe
  C:\Windows\System\PxoowOz.exe
  2⤵
  PID:1492
- C:\Windows\System\tvPrajo.exe
  C:\Windows\System\tvPrajo.exe
  2⤵
  PID:1644
- C:\Windows\System\NOVVKWa.exe
  C:\Windows\System\NOVVKWa.exe
  2⤵
  PID:2984
- C:\Windows\System\qrChWXq.exe
  C:\Windows\System\qrChWXq.exe
  2⤵
  PID:268
- C:\Windows\System\NkOmadS.exe
  C:\Windows\System\NkOmadS.exe
  2⤵
  PID:984
- C:\Windows\System\tKvCNzv.exe
  C:\Windows\System\tKvCNzv.exe
  2⤵
  PID:2024
- C:\Windows\System\WMCgjGv.exe
  C:\Windows\System\WMCgjGv.exe
  2⤵
  PID:912
- C:\Windows\System\LXjowbV.exe
  C:\Windows\System\LXjowbV.exe
  2⤵
  PID:900
- C:\Windows\System\SZZaRAI.exe
  C:\Windows\System\SZZaRAI.exe
  2⤵
  PID:2112
- C:\Windows\System\AaXQEcG.exe
  C:\Windows\System\AaXQEcG.exe
  2⤵
  PID:1588
- C:\Windows\System\cYcaKKZ.exe
  C:\Windows\System\cYcaKKZ.exe
  2⤵
  PID:1304
- C:\Windows\System\StcFSOm.exe
  C:\Windows\System\StcFSOm.exe
  2⤵
  PID:2516
- C:\Windows\System\dPfDZFv.exe
  C:\Windows\System\dPfDZFv.exe
  2⤵
  PID:1940
- C:\Windows\System\uaBhEJa.exe
  C:\Windows\System\uaBhEJa.exe
  2⤵
  PID:2188
- C:\Windows\System\UlpnGWF.exe
  C:\Windows\System\UlpnGWF.exe
  2⤵
  PID:1712
- C:\Windows\System\dyBhscq.exe
  C:\Windows\System\dyBhscq.exe
  2⤵
  PID:2100
- C:\Windows\System\eueYNCu.exe
  C:\Windows\System\eueYNCu.exe
  2⤵
  PID:2684
- C:\Windows\System\DsyNfve.exe
  C:\Windows\System\DsyNfve.exe
  2⤵
  PID:2920
- C:\Windows\System\kHCULNa.exe
  C:\Windows\System\kHCULNa.exe
  2⤵
  PID:616
- C:\Windows\System\hKkNiYo.exe
  C:\Windows\System\hKkNiYo.exe
  2⤵
  PID:2320
- C:\Windows\System\cdYYFWU.exe
  C:\Windows\System\cdYYFWU.exe
  2⤵
  PID:2300
- C:\Windows\System\Exnkasq.exe
  C:\Windows\System\Exnkasq.exe
  2⤵
  PID:1592
- C:\Windows\System\miypFJT.exe
  C:\Windows\System\miypFJT.exe
  2⤵
  PID:668
- C:\Windows\System\MEErUJH.exe
  C:\Windows\System\MEErUJH.exe
  2⤵
  PID:1400
- C:\Windows\System\tZTrmwy.exe
  C:\Windows\System\tZTrmwy.exe
  2⤵
  PID:408
- C:\Windows\System\KSDJNnJ.exe
  C:\Windows\System\KSDJNnJ.exe
  2⤵
  PID:1540
- C:\Windows\System\IDXXDBG.exe
  C:\Windows\System\IDXXDBG.exe
  2⤵
  PID:1580
- C:\Windows\System\uPHkGoT.exe
  C:\Windows\System\uPHkGoT.exe
  2⤵
  PID:3020
- C:\Windows\System\MgObqmt.exe
  C:\Windows\System\MgObqmt.exe
  2⤵
  PID:884
- C:\Windows\System\LcMehhW.exe
  C:\Windows\System\LcMehhW.exe
  2⤵
  PID:2952
- C:\Windows\System\WXJIwGr.exe
  C:\Windows\System\WXJIwGr.exe
  2⤵
  PID:2136
- C:\Windows\System\EXjypWk.exe
  C:\Windows\System\EXjypWk.exe
  2⤵
  PID:2740
- C:\Windows\System\wywWMEw.exe
  C:\Windows\System\wywWMEw.exe
  2⤵
  PID:484
- C:\Windows\System\ncFvUGs.exe
  C:\Windows\System\ncFvUGs.exe
  2⤵
  PID:772
- C:\Windows\System\hRDCGrQ.exe
  C:\Windows\System\hRDCGrQ.exe
  2⤵
  PID:864
- C:\Windows\System\HrcnfdV.exe
  C:\Windows\System\HrcnfdV.exe
  2⤵
  PID:2844
- C:\Windows\System\QtSQnfL.exe
  C:\Windows\System\QtSQnfL.exe
  2⤵
  PID:1016
- C:\Windows\System\ahOJUPa.exe
  C:\Windows\System\ahOJUPa.exe
  2⤵
  PID:1688
- C:\Windows\System\zGwYfMJ.exe
  C:\Windows\System\zGwYfMJ.exe
  2⤵
  PID:932
- C:\Windows\System\yuKAOAr.exe
  C:\Windows\System\yuKAOAr.exe
  2⤵
  PID:2660
- C:\Windows\System\KTFeuGF.exe
  C:\Windows\System\KTFeuGF.exe
  2⤵
  PID:3088
- C:\Windows\System\ZsluOav.exe
  C:\Windows\System\ZsluOav.exe
  2⤵
  PID:3112
- C:\Windows\System\CnkdfpM.exe
  C:\Windows\System\CnkdfpM.exe
  2⤵
  PID:3132
- C:\Windows\System\YPLdgmO.exe
  C:\Windows\System\YPLdgmO.exe
  2⤵
  PID:3152
- C:\Windows\System\yXcqdaA.exe
  C:\Windows\System\yXcqdaA.exe
  2⤵
  PID:3172
- C:\Windows\System\uUhMdze.exe
  C:\Windows\System\uUhMdze.exe
  2⤵
  PID:3188
- C:\Windows\System\OATunNo.exe
  C:\Windows\System\OATunNo.exe
  2⤵
  PID:3212
- C:\Windows\System\ctIhCPA.exe
  C:\Windows\System\ctIhCPA.exe
  2⤵
  PID:3232
- C:\Windows\System\yMfDFjc.exe
  C:\Windows\System\yMfDFjc.exe
  2⤵
  PID:3252
- C:\Windows\System\UPogVmp.exe
  C:\Windows\System\UPogVmp.exe
  2⤵
  PID:3268
- C:\Windows\System\Gyncazj.exe
  C:\Windows\System\Gyncazj.exe
  2⤵
  PID:3292
- C:\Windows\System\NaoOTbH.exe
  C:\Windows\System\NaoOTbH.exe
  2⤵
  PID:3312
- C:\Windows\System\ZWntqBN.exe
  C:\Windows\System\ZWntqBN.exe
  2⤵
  PID:3332
- C:\Windows\System\NyliQwM.exe
  C:\Windows\System\NyliQwM.exe
  2⤵
  PID:3352
- C:\Windows\System\aOncWmn.exe
  C:\Windows\System\aOncWmn.exe
  2⤵
  PID:3372
- C:\Windows\System\RElwPMW.exe
  C:\Windows\System\RElwPMW.exe
  2⤵
  PID:3388
- C:\Windows\System\wkqoUvG.exe
  C:\Windows\System\wkqoUvG.exe
  2⤵
  PID:3412
- C:\Windows\System\qKZloHH.exe
  C:\Windows\System\qKZloHH.exe
  2⤵
  PID:3432
- C:\Windows\System\IjXQrnS.exe
  C:\Windows\System\IjXQrnS.exe
  2⤵
  PID:3456
- C:\Windows\System\rkWdGVf.exe
  C:\Windows\System\rkWdGVf.exe
  2⤵
  PID:3476
- C:\Windows\System\DVFmSdR.exe
  C:\Windows\System\DVFmSdR.exe
  2⤵
  PID:3496
- C:\Windows\System\XDjrshN.exe
  C:\Windows\System\XDjrshN.exe
  2⤵
  PID:3516
- C:\Windows\System\sQQGgAs.exe
  C:\Windows\System\sQQGgAs.exe
  2⤵
  PID:3540
- C:\Windows\System\ncebSla.exe
  C:\Windows\System\ncebSla.exe
  2⤵
  PID:3560
- C:\Windows\System\UkVtnRr.exe
  C:\Windows\System\UkVtnRr.exe
  2⤵
  PID:3580
- C:\Windows\System\lgNlynY.exe
  C:\Windows\System\lgNlynY.exe
  2⤵
  PID:3596
- C:\Windows\System\sYEeVFt.exe
  C:\Windows\System\sYEeVFt.exe
  2⤵
  PID:3620
- C:\Windows\System\GgQDyah.exe
  C:\Windows\System\GgQDyah.exe
  2⤵
  PID:3640
- C:\Windows\System\yBrfsvS.exe
  C:\Windows\System\yBrfsvS.exe
  2⤵
  PID:3660
- C:\Windows\System\nQamEXL.exe
  C:\Windows\System\nQamEXL.exe
  2⤵
  PID:3680
- C:\Windows\System\ahKEZmC.exe
  C:\Windows\System\ahKEZmC.exe
  2⤵
  PID:3700
- C:\Windows\System\WlswvHw.exe
  C:\Windows\System\WlswvHw.exe
  2⤵
  PID:3720
- C:\Windows\System\oBmCKuA.exe
  C:\Windows\System\oBmCKuA.exe
  2⤵
  PID:3740
- C:\Windows\System\YxKVqwo.exe
  C:\Windows\System\YxKVqwo.exe
  2⤵
  PID:3760
- C:\Windows\System\XihVTqx.exe
  C:\Windows\System\XihVTqx.exe
  2⤵
  PID:3780
- C:\Windows\System\dbrAOIm.exe
  C:\Windows\System\dbrAOIm.exe
  2⤵
  PID:3796
- C:\Windows\System\loCsEoG.exe
  C:\Windows\System\loCsEoG.exe
  2⤵
  PID:3820
- C:\Windows\System\ceZBZsP.exe
  C:\Windows\System\ceZBZsP.exe
  2⤵
  PID:3840
- C:\Windows\System\RXwxjFT.exe
  C:\Windows\System\RXwxjFT.exe
  2⤵
  PID:3860
- C:\Windows\System\SFUUalz.exe
  C:\Windows\System\SFUUalz.exe
  2⤵
  PID:3876
- C:\Windows\System\DFfWnNu.exe
  C:\Windows\System\DFfWnNu.exe
  2⤵
  PID:3896
- C:\Windows\System\KmbAZwu.exe
  C:\Windows\System\KmbAZwu.exe
  2⤵
  PID:3920
- C:\Windows\System\nhpldEO.exe
  C:\Windows\System\nhpldEO.exe
  2⤵
  PID:3940
- C:\Windows\System\VKGOCIg.exe
  C:\Windows\System\VKGOCIg.exe
  2⤵
  PID:3960
- C:\Windows\System\wtNgSpp.exe
  C:\Windows\System\wtNgSpp.exe
  2⤵
  PID:3980
- C:\Windows\System\AjuQMWS.exe
  C:\Windows\System\AjuQMWS.exe
  2⤵
  PID:4000
- C:\Windows\System\YtJjeph.exe
  C:\Windows\System\YtJjeph.exe
  2⤵
  PID:4020
- C:\Windows\System\CmOWeDu.exe
  C:\Windows\System\CmOWeDu.exe
  2⤵
  PID:4040
- C:\Windows\System\cszPhYV.exe
  C:\Windows\System\cszPhYV.exe
  2⤵
  PID:4060
- C:\Windows\System\HqtpXOS.exe
  C:\Windows\System\HqtpXOS.exe
  2⤵
  PID:4076
- C:\Windows\System\MSMUxVY.exe
  C:\Windows\System\MSMUxVY.exe
  2⤵
  PID:2752
- C:\Windows\System\xJkzHsd.exe
  C:\Windows\System\xJkzHsd.exe
  2⤵
  PID:2476
- C:\Windows\System\ezXiMwv.exe
  C:\Windows\System\ezXiMwv.exe
  2⤵
  PID:636
- C:\Windows\System\bonlJar.exe
  C:\Windows\System\bonlJar.exe
  2⤵
  PID:2976
- C:\Windows\System\CcNFFpC.exe
  C:\Windows\System\CcNFFpC.exe
  2⤵
  PID:376
- C:\Windows\System\UiTuAPX.exe
  C:\Windows\System\UiTuAPX.exe
  2⤵
  PID:3120
- C:\Windows\System\dMPibie.exe
  C:\Windows\System\dMPibie.exe
  2⤵
  PID:1532
- C:\Windows\System\zTsPbdR.exe
  C:\Windows\System\zTsPbdR.exe
  2⤵
  PID:3164
- C:\Windows\System\wOBelWq.exe
  C:\Windows\System\wOBelWq.exe
  2⤵
  PID:3204
- C:\Windows\System\EjYAAYs.exe
  C:\Windows\System\EjYAAYs.exe
  2⤵
  PID:3240
- C:\Windows\System\hiOtmNI.exe
  C:\Windows\System\hiOtmNI.exe
  2⤵
  PID:3288
- C:\Windows\System\LpubPxZ.exe
  C:\Windows\System\LpubPxZ.exe
  2⤵
  PID:3228
- C:\Windows\System\hUFCAWx.exe
  C:\Windows\System\hUFCAWx.exe
  2⤵
  PID:2600
- C:\Windows\System\oWtSxnp.exe
  C:\Windows\System\oWtSxnp.exe
  2⤵
  PID:3368
- C:\Windows\System\xHejNdC.exe
  C:\Windows\System\xHejNdC.exe
  2⤵
  PID:3396
- C:\Windows\System\KfzxMqJ.exe
  C:\Windows\System\KfzxMqJ.exe
  2⤵
  PID:3408
- C:\Windows\System\jVdZOjh.exe
  C:\Windows\System\jVdZOjh.exe
  2⤵
  PID:3448
- C:\Windows\System\Rubesmb.exe
  C:\Windows\System\Rubesmb.exe
  2⤵
  PID:2348
- C:\Windows\System\oxskjbc.exe
  C:\Windows\System\oxskjbc.exe
  2⤵
  PID:3468
- C:\Windows\System\tcFJpDx.exe
  C:\Windows\System\tcFJpDx.exe
  2⤵
  PID:3508
- C:\Windows\System\LFJTFIG.exe
  C:\Windows\System\LFJTFIG.exe
  2⤵
  PID:3548
- C:\Windows\System\ikHsyOS.exe
  C:\Windows\System\ikHsyOS.exe
  2⤵
  PID:3612
- C:\Windows\System\aNFnLYH.exe
  C:\Windows\System\aNFnLYH.exe
  2⤵
  PID:3608
- C:\Windows\System\KfylfQa.exe
  C:\Windows\System\KfylfQa.exe
  2⤵
  PID:3632
- C:\Windows\System\rKcwcEh.exe
  C:\Windows\System\rKcwcEh.exe
  2⤵
  PID:3668
- C:\Windows\System\FhdSYTX.exe
  C:\Windows\System\FhdSYTX.exe
  2⤵
  PID:3732
- C:\Windows\System\RivtlcG.exe
  C:\Windows\System\RivtlcG.exe
  2⤵
  PID:3708
- C:\Windows\System\FXtcStX.exe
  C:\Windows\System\FXtcStX.exe
  2⤵
  PID:3756
- C:\Windows\System\amLwxEo.exe
  C:\Windows\System\amLwxEo.exe
  2⤵
  PID:3848
- C:\Windows\System\uIwildk.exe
  C:\Windows\System\uIwildk.exe
  2⤵
  PID:3852
- C:\Windows\System\xbWsCMy.exe
  C:\Windows\System\xbWsCMy.exe
  2⤵
  PID:3892
- C:\Windows\System\gRSCAKM.exe
  C:\Windows\System\gRSCAKM.exe
  2⤵
  PID:3932
- C:\Windows\System\omgBzgk.exe
  C:\Windows\System\omgBzgk.exe
  2⤵
  PID:3912
- C:\Windows\System\cKzhGDz.exe
  C:\Windows\System\cKzhGDz.exe
  2⤵
  PID:4016
- C:\Windows\System\XhsfceV.exe
  C:\Windows\System\XhsfceV.exe
  2⤵
  PID:4012
- C:\Windows\System\YjRCOHv.exe
  C:\Windows\System\YjRCOHv.exe
  2⤵
  PID:4036
- C:\Windows\System\YUzTWAH.exe
  C:\Windows\System\YUzTWAH.exe
  2⤵
  PID:4088
- C:\Windows\System\xvRnire.exe
  C:\Windows\System\xvRnire.exe
  2⤵
  PID:2668
- C:\Windows\System\FYyTLzc.exe
  C:\Windows\System\FYyTLzc.exe
  2⤵
  PID:2904
- C:\Windows\System\TEYzoss.exe
  C:\Windows\System\TEYzoss.exe
  2⤵
  PID:1564
- C:\Windows\System\SKgUQTm.exe
  C:\Windows\System\SKgUQTm.exe
  2⤵
  PID:3084
- C:\Windows\System\AgMoFyf.exe
  C:\Windows\System\AgMoFyf.exe
  2⤵
  PID:3108
- C:\Windows\System\kxisZhz.exe
  C:\Windows\System\kxisZhz.exe
  2⤵
  PID:3276
- C:\Windows\System\bLUqjIA.exe
  C:\Windows\System\bLUqjIA.exe
  2⤵
  PID:3328
- C:\Windows\System\uIDEBmA.exe
  C:\Windows\System\uIDEBmA.exe
  2⤵
  PID:3340
- C:\Windows\System\MudISIB.exe
  C:\Windows\System\MudISIB.exe
  2⤵
  PID:3308
- C:\Windows\System\AePQPyp.exe
  C:\Windows\System\AePQPyp.exe
  2⤵
  PID:3404
- C:\Windows\System\dWgQmoW.exe
  C:\Windows\System\dWgQmoW.exe
  2⤵
  PID:3444
- C:\Windows\System\ZoxlFVe.exe
  C:\Windows\System\ZoxlFVe.exe
  2⤵
  PID:3568
- C:\Windows\System\srvahyO.exe
  C:\Windows\System\srvahyO.exe
  2⤵
  PID:3556
- C:\Windows\System\GAuEuzo.exe
  C:\Windows\System\GAuEuzo.exe
  2⤵
  PID:888
- C:\Windows\System\VzxGXYa.exe
  C:\Windows\System\VzxGXYa.exe
  2⤵
  PID:3656
- C:\Windows\System\GYeaCwR.exe
  C:\Windows\System\GYeaCwR.exe
  2⤵
  PID:3776
- C:\Windows\System\hfqExtm.exe
  C:\Windows\System\hfqExtm.exe
  2⤵
  PID:3808
- C:\Windows\System\aUPMyVo.exe
  C:\Windows\System\aUPMyVo.exe
  2⤵
  PID:3884
- C:\Windows\System\GDSTmIV.exe
  C:\Windows\System\GDSTmIV.exe
  2⤵
  PID:3908
- C:\Windows\System\jMRoMwj.exe
  C:\Windows\System\jMRoMwj.exe
  2⤵
  PID:3936
- C:\Windows\System\mwyegVz.exe
  C:\Windows\System\mwyegVz.exe
  2⤵
  PID:3956
- C:\Windows\System\JkAEXET.exe
  C:\Windows\System\JkAEXET.exe
  2⤵
  PID:3992
- C:\Windows\System\DpEFDGU.exe
  C:\Windows\System\DpEFDGU.exe
  2⤵
  PID:2748
- C:\Windows\System\DxSEQBb.exe
  C:\Windows\System\DxSEQBb.exe
  2⤵
  PID:4068
- C:\Windows\System\mfTPoPU.exe
  C:\Windows\System\mfTPoPU.exe
  2⤵
  PID:2356
- C:\Windows\System\iQfwIZi.exe
  C:\Windows\System\iQfwIZi.exe
  2⤵
  PID:3144
- C:\Windows\System\dMJtdtf.exe
  C:\Windows\System\dMJtdtf.exe
  2⤵
  PID:3224
- C:\Windows\System\RFNVHfX.exe
  C:\Windows\System\RFNVHfX.exe
  2⤵
  PID:3264
- C:\Windows\System\pJpdDAD.exe
  C:\Windows\System\pJpdDAD.exe
  2⤵
  PID:3424
- C:\Windows\System\xwbYdvB.exe
  C:\Windows\System\xwbYdvB.exe
  2⤵
  PID:3492
- C:\Windows\System\eohmlod.exe
  C:\Windows\System\eohmlod.exe
  2⤵
  PID:3504
- C:\Windows\System\WjGVflV.exe
  C:\Windows\System\WjGVflV.exe
  2⤵
  PID:3628
- C:\Windows\System\XeWbeKH.exe
  C:\Windows\System\XeWbeKH.exe
  2⤵
  PID:3768
- C:\Windows\System\YlpbbHC.exe
  C:\Windows\System\YlpbbHC.exe
  2⤵
  PID:3828
- C:\Windows\System\KHAhNUf.exe
  C:\Windows\System\KHAhNUf.exe
  2⤵
  PID:3952
- C:\Windows\System\JueatnW.exe
  C:\Windows\System\JueatnW.exe
  2⤵
  PID:4008
- C:\Windows\System\OKvdAAq.exe
  C:\Windows\System\OKvdAAq.exe
  2⤵
  PID:3096
- C:\Windows\System\bJvSYzk.exe
  C:\Windows\System\bJvSYzk.exe
  2⤵
  PID:3140
- C:\Windows\System\LiGnnux.exe
  C:\Windows\System\LiGnnux.exe
  2⤵
  PID:3148
- C:\Windows\System\gUwXwUl.exe
  C:\Windows\System\gUwXwUl.exe
  2⤵
  PID:3220
- C:\Windows\System\OlMKhTl.exe
  C:\Windows\System\OlMKhTl.exe
  2⤵
  PID:3484
- C:\Windows\System\mADxcSp.exe
  C:\Windows\System\mADxcSp.exe
  2⤵
  PID:3604
- C:\Windows\System\TTUwpau.exe
  C:\Windows\System\TTUwpau.exe
  2⤵
  PID:3676
- C:\Windows\System\qnlyXjA.exe
  C:\Windows\System\qnlyXjA.exe
  2⤵
  PID:4112
- C:\Windows\System\LbkZaeJ.exe
  C:\Windows\System\LbkZaeJ.exe
  2⤵
  PID:4132
- C:\Windows\System\CxJqhQw.exe
  C:\Windows\System\CxJqhQw.exe
  2⤵
  PID:4152
- C:\Windows\System\AFknZpA.exe
  C:\Windows\System\AFknZpA.exe
  2⤵
  PID:4172
- C:\Windows\System\cgtkyvs.exe
  C:\Windows\System\cgtkyvs.exe
  2⤵
  PID:4192
- C:\Windows\System\uCVUjqC.exe
  C:\Windows\System\uCVUjqC.exe
  2⤵
  PID:4212
- C:\Windows\System\gLMUKbA.exe
  C:\Windows\System\gLMUKbA.exe
  2⤵
  PID:4232
- C:\Windows\System\zJhqnLP.exe
  C:\Windows\System\zJhqnLP.exe
  2⤵
  PID:4252
- C:\Windows\System\LGKBrYB.exe
  C:\Windows\System\LGKBrYB.exe
  2⤵
  PID:4272
- C:\Windows\System\WikFwUi.exe
  C:\Windows\System\WikFwUi.exe
  2⤵
  PID:4292
- C:\Windows\System\OvBsLLH.exe
  C:\Windows\System\OvBsLLH.exe
  2⤵
  PID:4312
- C:\Windows\System\zzVopgg.exe
  C:\Windows\System\zzVopgg.exe
  2⤵
  PID:4332
- C:\Windows\System\DnZvXOP.exe
  C:\Windows\System\DnZvXOP.exe
  2⤵
  PID:4352
- C:\Windows\System\KIWWwkU.exe
  C:\Windows\System\KIWWwkU.exe
  2⤵
  PID:4372
- C:\Windows\System\wXqmMzQ.exe
  C:\Windows\System\wXqmMzQ.exe
  2⤵
  PID:4392
- C:\Windows\System\emttLJE.exe
  C:\Windows\System\emttLJE.exe
  2⤵
  PID:4412
- C:\Windows\System\TyprnXQ.exe
  C:\Windows\System\TyprnXQ.exe
  2⤵
  PID:4432
- C:\Windows\System\yjmViRG.exe
  C:\Windows\System\yjmViRG.exe
  2⤵
  PID:4452
- C:\Windows\System\YTYaTfF.exe
  C:\Windows\System\YTYaTfF.exe
  2⤵
  PID:4472
- C:\Windows\System\ArHbZKS.exe
  C:\Windows\System\ArHbZKS.exe
  2⤵
  PID:4492
- C:\Windows\System\pqnyaUt.exe
  C:\Windows\System\pqnyaUt.exe
  2⤵
  PID:4512
- C:\Windows\System\xaFBMzr.exe
  C:\Windows\System\xaFBMzr.exe
  2⤵
  PID:4532
- C:\Windows\System\kbibPbP.exe
  C:\Windows\System\kbibPbP.exe
  2⤵
  PID:4552
- C:\Windows\System\FBtHpkb.exe
  C:\Windows\System\FBtHpkb.exe
  2⤵
  PID:4572
- C:\Windows\System\zVTcErs.exe
  C:\Windows\System\zVTcErs.exe
  2⤵
  PID:4592
- C:\Windows\System\CNlouSV.exe
  C:\Windows\System\CNlouSV.exe
  2⤵
  PID:4612
- C:\Windows\System\GbqDIIu.exe
  C:\Windows\System\GbqDIIu.exe
  2⤵
  PID:4632
- C:\Windows\System\qlqwfjv.exe
  C:\Windows\System\qlqwfjv.exe
  2⤵
  PID:4652
- C:\Windows\System\TVLzsyS.exe
  C:\Windows\System\TVLzsyS.exe
  2⤵
  PID:4672
- C:\Windows\System\hYSaesM.exe
  C:\Windows\System\hYSaesM.exe
  2⤵
  PID:4692
- C:\Windows\System\yibDVpp.exe
  C:\Windows\System\yibDVpp.exe
  2⤵
  PID:4712
- C:\Windows\System\yKrWoEn.exe
  C:\Windows\System\yKrWoEn.exe
  2⤵
  PID:4728
- C:\Windows\System\KicXjqB.exe
  C:\Windows\System\KicXjqB.exe
  2⤵
  PID:4752
- C:\Windows\System\VmZrrMN.exe
  C:\Windows\System\VmZrrMN.exe
  2⤵
  PID:4772
- C:\Windows\System\SSEbjmt.exe
  C:\Windows\System\SSEbjmt.exe
  2⤵
  PID:4792
- C:\Windows\System\pIwYyzL.exe
  C:\Windows\System\pIwYyzL.exe
  2⤵
  PID:4812
- C:\Windows\System\QPkHQLi.exe
  C:\Windows\System\QPkHQLi.exe
  2⤵
  PID:4832
- C:\Windows\System\rtZoAGH.exe
  C:\Windows\System\rtZoAGH.exe
  2⤵
  PID:4852
- C:\Windows\System\IonQdnL.exe
  C:\Windows\System\IonQdnL.exe
  2⤵
  PID:4876
- C:\Windows\System\CSPBmdw.exe
  C:\Windows\System\CSPBmdw.exe
  2⤵
  PID:4896
- C:\Windows\System\TyULvrB.exe
  C:\Windows\System\TyULvrB.exe
  2⤵
  PID:4916
- C:\Windows\System\LIbZlyi.exe
  C:\Windows\System\LIbZlyi.exe
  2⤵
  PID:4940
- C:\Windows\System\GwxKibj.exe
  C:\Windows\System\GwxKibj.exe
  2⤵
  PID:4960
- C:\Windows\System\hQhrKgw.exe
  C:\Windows\System\hQhrKgw.exe
  2⤵
  PID:4980
- C:\Windows\System\mYFYOpJ.exe
  C:\Windows\System\mYFYOpJ.exe
  2⤵
  PID:5000
- C:\Windows\System\qxfWrRb.exe
  C:\Windows\System\qxfWrRb.exe
  2⤵
  PID:5020
- C:\Windows\System\aITuYlt.exe
  C:\Windows\System\aITuYlt.exe
  2⤵
  PID:5040
- C:\Windows\System\DwyVJQj.exe
  C:\Windows\System\DwyVJQj.exe
  2⤵
  PID:5060
- C:\Windows\System\mMioJMH.exe
  C:\Windows\System\mMioJMH.exe
  2⤵
  PID:5080
- C:\Windows\System\JbJCWow.exe
  C:\Windows\System\JbJCWow.exe
  2⤵
  PID:5100
- C:\Windows\System\YjoNgmH.exe
  C:\Windows\System\YjoNgmH.exe
  2⤵
  PID:3752
- C:\Windows\System\PQfPKcV.exe
  C:\Windows\System\PQfPKcV.exe
  2⤵
  PID:4084
- C:\Windows\System\AIlEFlv.exe
  C:\Windows\System\AIlEFlv.exe
  2⤵
  PID:4056
- C:\Windows\System\odZtmIl.exe
  C:\Windows\System\odZtmIl.exe
  2⤵
  PID:3168
- C:\Windows\System\jeYhLuE.exe
  C:\Windows\System\jeYhLuE.exe
  2⤵
  PID:3184
- C:\Windows\System\nGezJuU.exe
  C:\Windows\System\nGezJuU.exe
  2⤵
  PID:3572
- C:\Windows\System\xTHsaeH.exe
  C:\Windows\System\xTHsaeH.exe
  2⤵
  PID:4100
- C:\Windows\System\ECucbss.exe
  C:\Windows\System\ECucbss.exe
  2⤵
  PID:4140
- C:\Windows\System\deyxdav.exe
  C:\Windows\System\deyxdav.exe
  2⤵
  PID:4168
- C:\Windows\System\Veerjcn.exe
  C:\Windows\System\Veerjcn.exe
  2⤵
  PID:4200
- C:\Windows\System\cqIbuPR.exe
  C:\Windows\System\cqIbuPR.exe
  2⤵
  PID:4228
- C:\Windows\System\yZWeFKi.exe
  C:\Windows\System\yZWeFKi.exe
  2⤵
  PID:4268
- C:\Windows\System\qVPZpCZ.exe
  C:\Windows\System\qVPZpCZ.exe
  2⤵
  PID:4284
- C:\Windows\System\IWamdSA.exe
  C:\Windows\System\IWamdSA.exe
  2⤵
  PID:4340
- C:\Windows\System\MxAsjto.exe
  C:\Windows\System\MxAsjto.exe
  2⤵
  PID:4380
- C:\Windows\System\uPjUvCu.exe
  C:\Windows\System\uPjUvCu.exe
  2⤵
  PID:4384
- C:\Windows\System\eIHXEpv.exe
  C:\Windows\System\eIHXEpv.exe
  2⤵
  PID:4428
- C:\Windows\System\QintORW.exe
  C:\Windows\System\QintORW.exe
  2⤵
  PID:4448
- C:\Windows\System\fWvvNml.exe
  C:\Windows\System\fWvvNml.exe
  2⤵
  PID:4508
- C:\Windows\System\ZhsFVxD.exe
  C:\Windows\System\ZhsFVxD.exe
  2⤵
  PID:4548
- C:\Windows\System\hAaPCJq.exe
  C:\Windows\System\hAaPCJq.exe
  2⤵
  PID:4560
- C:\Windows\System\OhfJKCU.exe
  C:\Windows\System\OhfJKCU.exe
  2⤵
  PID:4584
- C:\Windows\System\WbyHvtf.exe
  C:\Windows\System\WbyHvtf.exe
  2⤵
  PID:4628
- C:\Windows\System\oFUwuRd.exe
  C:\Windows\System\oFUwuRd.exe
  2⤵
  PID:4648
- C:\Windows\System\gjQifHg.exe
  C:\Windows\System\gjQifHg.exe
  2⤵
  PID:4688
- C:\Windows\System\wAJtdBu.exe
  C:\Windows\System\wAJtdBu.exe
  2⤵
  PID:4720
- C:\Windows\System\NzdNoVz.exe
  C:\Windows\System\NzdNoVz.exe
  2⤵
  PID:4740
- C:\Windows\System\pXVPTty.exe
  C:\Windows\System\pXVPTty.exe
  2⤵
  PID:4764
- C:\Windows\System\pbxICkc.exe
  C:\Windows\System\pbxICkc.exe
  2⤵
  PID:4820
- C:\Windows\System\pttMkoU.exe
  C:\Windows\System\pttMkoU.exe
  2⤵
  PID:4844
- C:\Windows\System\dRtfsVx.exe
  C:\Windows\System\dRtfsVx.exe
  2⤵
  PID:4892
- C:\Windows\System\tGePrzd.exe
  C:\Windows\System\tGePrzd.exe
  2⤵
  PID:4924
- C:\Windows\System\NQapKoY.exe
  C:\Windows\System\NQapKoY.exe
  2⤵
  PID:4988
- C:\Windows\System\TvNhsYn.exe
  C:\Windows\System\TvNhsYn.exe
  2⤵
  PID:4972
- C:\Windows\System\qulRJUH.exe
  C:\Windows\System\qulRJUH.exe
  2⤵
  PID:5012
- C:\Windows\System\EKofVlG.exe
  C:\Windows\System\EKofVlG.exe
  2⤵
  PID:5052
- C:\Windows\System\enGPgxj.exe
  C:\Windows\System\enGPgxj.exe
  2⤵
  PID:5116
- C:\Windows\System\vhkaNZG.exe
  C:\Windows\System\vhkaNZG.exe
  2⤵
  PID:3868
- C:\Windows\System\OndElOA.exe
  C:\Windows\System\OndElOA.exe
  2⤵
  PID:3260
- C:\Windows\System\kZIzyKj.exe
  C:\Windows\System\kZIzyKj.exe
  2⤵
  PID:1664
- C:\Windows\System\xkgqiWe.exe
  C:\Windows\System\xkgqiWe.exe
  2⤵
  PID:3672
- C:\Windows\System\rILHcpc.exe
  C:\Windows\System\rILHcpc.exe
  2⤵
  PID:4120
- C:\Windows\System\dIgcVun.exe
  C:\Windows\System\dIgcVun.exe
  2⤵
  PID:4220
- C:\Windows\System\UiWVqOg.exe
  C:\Windows\System\UiWVqOg.exe
  2⤵
  PID:4288
- C:\Windows\System\MbwrUNt.exe
  C:\Windows\System\MbwrUNt.exe
  2⤵
  PID:4304
- C:\Windows\System\oHgYpIo.exe
  C:\Windows\System\oHgYpIo.exe
  2⤵
  PID:4344
- C:\Windows\System\VYcdPiW.exe
  C:\Windows\System\VYcdPiW.exe
  2⤵
  PID:4092
- C:\Windows\System\qWBMcyI.exe
  C:\Windows\System\qWBMcyI.exe
  2⤵
  PID:4440
- C:\Windows\System\EFneuJq.exe
  C:\Windows\System\EFneuJq.exe
  2⤵
  PID:4484
- C:\Windows\System\jljzqFJ.exe
  C:\Windows\System\jljzqFJ.exe
  2⤵
  PID:4564
- C:\Windows\System\jvxGcij.exe
  C:\Windows\System\jvxGcij.exe
  2⤵
  PID:4608
- C:\Windows\System\PUaaQSx.exe
  C:\Windows\System\PUaaQSx.exe
  2⤵
  PID:4680
- C:\Windows\System\MPfhlME.exe
  C:\Windows\System\MPfhlME.exe
  2⤵
  PID:4704
- C:\Windows\System\zrhKkuH.exe
  C:\Windows\System\zrhKkuH.exe
  2⤵
  PID:4804
- C:\Windows\System\pBGsLjO.exe
  C:\Windows\System\pBGsLjO.exe
  2⤵
  PID:4824
- C:\Windows\System\JiTHYbp.exe
  C:\Windows\System\JiTHYbp.exe
  2⤵
  PID:4904
- C:\Windows\System\AzXgIao.exe
  C:\Windows\System\AzXgIao.exe
  2⤵
  PID:4956
- C:\Windows\System\VzXOyEt.exe
  C:\Windows\System\VzXOyEt.exe
  2⤵
  PID:5016
- C:\Windows\System\ONJwCeC.exe
  C:\Windows\System\ONJwCeC.exe
  2⤵
  PID:5108
- C:\Windows\System\AzDNrBD.exe
  C:\Windows\System\AzDNrBD.exe
  2⤵
  PID:2208
- C:\Windows\System\hUmlRTB.exe
  C:\Windows\System\hUmlRTB.exe
  2⤵
  PID:1292
- C:\Windows\System\aqdvorj.exe
  C:\Windows\System\aqdvorj.exe
  2⤵
  PID:3284
- C:\Windows\System\tEqIFfm.exe
  C:\Windows\System\tEqIFfm.exe
  2⤵
  PID:4188
- C:\Windows\System\CLWmXYJ.exe
  C:\Windows\System\CLWmXYJ.exe
  2⤵
  PID:4280
- C:\Windows\System\QxXhqpM.exe
  C:\Windows\System\QxXhqpM.exe
  2⤵
  PID:4404
- C:\Windows\System\bMVyAzL.exe
  C:\Windows\System\bMVyAzL.exe
  2⤵
  PID:4460
- C:\Windows\System\JYGWdyB.exe
  C:\Windows\System\JYGWdyB.exe
  2⤵
  PID:4540
- C:\Windows\System\IFAESLx.exe
  C:\Windows\System\IFAESLx.exe
  2⤵
  PID:4620
- C:\Windows\System\MMxEsbb.exe
  C:\Windows\System\MMxEsbb.exe
  2⤵
  PID:4660
- C:\Windows\System\ASKwIlg.exe
  C:\Windows\System\ASKwIlg.exe
  2⤵
  PID:4800
- C:\Windows\System\YnHEHfB.exe
  C:\Windows\System\YnHEHfB.exe
  2⤵
  PID:4912
- C:\Windows\System\vxorIcp.exe
  C:\Windows\System\vxorIcp.exe
  2⤵
  PID:5088
- C:\Windows\System\cRnzwor.exe
  C:\Windows\System\cRnzwor.exe
  2⤵
  PID:5048
- C:\Windows\System\CPdRAdi.exe
  C:\Windows\System\CPdRAdi.exe
  2⤵
  PID:3696
- C:\Windows\System\kTmCeNY.exe
  C:\Windows\System\kTmCeNY.exe
  2⤵
  PID:4128
- C:\Windows\System\sFowefB.exe
  C:\Windows\System\sFowefB.exe
  2⤵
  PID:4244
- C:\Windows\System\YBTpKDH.exe
  C:\Windows\System\YBTpKDH.exe
  2⤵
  PID:2404
- C:\Windows\System\Hqxfwec.exe
  C:\Windows\System\Hqxfwec.exe
  2⤵
  PID:4520
- C:\Windows\System\BgzrRVp.exe
  C:\Windows\System\BgzrRVp.exe
  2⤵
  PID:4668
- C:\Windows\System\RcQujLf.exe
  C:\Windows\System\RcQujLf.exe
  2⤵
  PID:5140
- C:\Windows\System\ydHHXiK.exe
  C:\Windows\System\ydHHXiK.exe
  2⤵
  PID:5160
- C:\Windows\System\Mfqpwvh.exe
  C:\Windows\System\Mfqpwvh.exe
  2⤵
  PID:5180
- C:\Windows\System\eauuXWW.exe
  C:\Windows\System\eauuXWW.exe
  2⤵
  PID:5200
- C:\Windows\System\nrlcXKy.exe
  C:\Windows\System\nrlcXKy.exe
  2⤵
  PID:5220
- C:\Windows\System\hugqqoV.exe
  C:\Windows\System\hugqqoV.exe
  2⤵
  PID:5240
- C:\Windows\System\BzqUYtR.exe
  C:\Windows\System\BzqUYtR.exe
  2⤵
  PID:5260
- C:\Windows\System\XYvXzVi.exe
  C:\Windows\System\XYvXzVi.exe
  2⤵
  PID:5280
- C:\Windows\System\iGCVrCT.exe
  C:\Windows\System\iGCVrCT.exe
  2⤵
  PID:5300
- C:\Windows\System\GVFbmyo.exe
  C:\Windows\System\GVFbmyo.exe
  2⤵
  PID:5324
- C:\Windows\System\YZAqVAO.exe
  C:\Windows\System\YZAqVAO.exe
  2⤵
  PID:5344
- C:\Windows\System\bBWaHfy.exe
  C:\Windows\System\bBWaHfy.exe
  2⤵
  PID:5364
- C:\Windows\System\WbywPdK.exe
  C:\Windows\System\WbywPdK.exe
  2⤵
  PID:5384
- C:\Windows\System\VaQMFXd.exe
  C:\Windows\System\VaQMFXd.exe
  2⤵
  PID:5404
- C:\Windows\System\sSrmgAg.exe
  C:\Windows\System\sSrmgAg.exe
  2⤵
  PID:5424
- C:\Windows\System\lJJLeBY.exe
  C:\Windows\System\lJJLeBY.exe
  2⤵
  PID:5444
- C:\Windows\System\BUsZIVg.exe
  C:\Windows\System\BUsZIVg.exe
  2⤵
  PID:5464
- C:\Windows\System\zGmPvtP.exe
  C:\Windows\System\zGmPvtP.exe
  2⤵
  PID:5484
- C:\Windows\System\sDDNoXF.exe
  C:\Windows\System\sDDNoXF.exe
  2⤵
  PID:5504
- C:\Windows\System\opFeyZZ.exe
  C:\Windows\System\opFeyZZ.exe
  2⤵
  PID:5524
- C:\Windows\System\FKaHcpO.exe
  C:\Windows\System\FKaHcpO.exe
  2⤵
  PID:5544
- C:\Windows\System\KKqdtRd.exe
  C:\Windows\System\KKqdtRd.exe
  2⤵
  PID:5564
- C:\Windows\System\DuYInik.exe
  C:\Windows\System\DuYInik.exe
  2⤵
  PID:5580
- C:\Windows\System\wmMGGyK.exe
  C:\Windows\System\wmMGGyK.exe
  2⤵
  PID:5604
- C:\Windows\System\IKQBEqU.exe
  C:\Windows\System\IKQBEqU.exe
  2⤵
  PID:5624
- C:\Windows\System\UekQXYd.exe
  C:\Windows\System\UekQXYd.exe
  2⤵
  PID:5644
- C:\Windows\System\ILQfhlW.exe
  C:\Windows\System\ILQfhlW.exe
  2⤵
  PID:5664
- C:\Windows\System\QBGBlDk.exe
  C:\Windows\System\QBGBlDk.exe
  2⤵
  PID:5684
- C:\Windows\System\CcuZgmO.exe
  C:\Windows\System\CcuZgmO.exe
  2⤵
  PID:5704
- C:\Windows\System\MYTgbcQ.exe
  C:\Windows\System\MYTgbcQ.exe
  2⤵
  PID:5724
- C:\Windows\System\HTCYRch.exe
  C:\Windows\System\HTCYRch.exe
  2⤵
  PID:5744
- C:\Windows\System\XnvhyXB.exe
  C:\Windows\System\XnvhyXB.exe
  2⤵
  PID:5764
- C:\Windows\System\DZebjYK.exe
  C:\Windows\System\DZebjYK.exe
  2⤵
  PID:5784
- C:\Windows\System\CPAnIEn.exe
  C:\Windows\System\CPAnIEn.exe
  2⤵
  PID:5804
- C:\Windows\System\AqRgSkV.exe
  C:\Windows\System\AqRgSkV.exe
  2⤵
  PID:5824
- C:\Windows\System\SCDBYFI.exe
  C:\Windows\System\SCDBYFI.exe
  2⤵
  PID:5844
- C:\Windows\System\qPwNlgo.exe
  C:\Windows\System\qPwNlgo.exe
  2⤵
  PID:5868
- C:\Windows\System\TPPTFrC.exe
  C:\Windows\System\TPPTFrC.exe
  2⤵
  PID:5888
- C:\Windows\System\oPJvxDm.exe
  C:\Windows\System\oPJvxDm.exe
  2⤵
  PID:5908
- C:\Windows\System\VkUCvSY.exe
  C:\Windows\System\VkUCvSY.exe
  2⤵
  PID:5928
- C:\Windows\System\vifgKYH.exe
  C:\Windows\System\vifgKYH.exe
  2⤵
  PID:5948
- C:\Windows\System\TsfRMuE.exe
  C:\Windows\System\TsfRMuE.exe
  2⤵
  PID:5968
- C:\Windows\System\cZcmKer.exe
  C:\Windows\System\cZcmKer.exe
  2⤵
  PID:5988
- C:\Windows\System\rrHWYiv.exe
  C:\Windows\System\rrHWYiv.exe
  2⤵
  PID:6008
- C:\Windows\System\QlHVzQR.exe
  C:\Windows\System\QlHVzQR.exe
  2⤵
  PID:6052
- C:\Windows\System\KTAZfUX.exe
  C:\Windows\System\KTAZfUX.exe
  2⤵
  PID:6076
- C:\Windows\System\yKWUJKr.exe
  C:\Windows\System\yKWUJKr.exe
  2⤵
  PID:6096
- C:\Windows\System\ebqhYQR.exe
  C:\Windows\System\ebqhYQR.exe
  2⤵
  PID:6112
- C:\Windows\System\sVxJKFl.exe
  C:\Windows\System\sVxJKFl.exe
  2⤵
  PID:6128
- C:\Windows\System\gUrtipN.exe
  C:\Windows\System\gUrtipN.exe
  2⤵
  PID:4724
- C:\Windows\System\ZAKyqsa.exe
  C:\Windows\System\ZAKyqsa.exe
  2⤵
  PID:4868
- C:\Windows\System\sllPUyT.exe
  C:\Windows\System\sllPUyT.exe
  2⤵
  PID:5072
- C:\Windows\System\ikWMHkW.exe
  C:\Windows\System\ikWMHkW.exe
  2⤵
  PID:5092
- C:\Windows\System\bWrMWmk.exe
  C:\Windows\System\bWrMWmk.exe
  2⤵
  PID:4224
- C:\Windows\System\BNXAVAl.exe
  C:\Windows\System\BNXAVAl.exe
  2⤵
  PID:4320
- C:\Windows\System\BMnAoym.exe
  C:\Windows\System\BMnAoym.exe
  2⤵
  PID:4700
- C:\Windows\System\yiPhcsu.exe
  C:\Windows\System\yiPhcsu.exe
  2⤵
  PID:5136
- C:\Windows\System\gSxRmHK.exe
  C:\Windows\System\gSxRmHK.exe
  2⤵
  PID:5188
- C:\Windows\System\psYvyMY.exe
  C:\Windows\System\psYvyMY.exe
  2⤵
  PID:5208
- C:\Windows\System\RdRJiAv.exe
  C:\Windows\System\RdRJiAv.exe
  2⤵
  PID:5236
- C:\Windows\System\JJOKjqm.exe
  C:\Windows\System\JJOKjqm.exe
  2⤵
  PID:5308
- C:\Windows\System\ayfLvXm.exe
  C:\Windows\System\ayfLvXm.exe
  2⤵
  PID:5332
- C:\Windows\System\aZOzNrF.exe
  C:\Windows\System\aZOzNrF.exe
  2⤵
  PID:5356
- C:\Windows\System\ceOffTB.exe
  C:\Windows\System\ceOffTB.exe
  2⤵
  PID:5380
- C:\Windows\System\dICrqnb.exe
  C:\Windows\System\dICrqnb.exe
  2⤵
  PID:5440
- C:\Windows\System\qEhiUfN.exe
  C:\Windows\System\qEhiUfN.exe
  2⤵
  PID:5436
- C:\Windows\System\uUEOrrZ.exe
  C:\Windows\System\uUEOrrZ.exe
  2⤵
  PID:5480
- C:\Windows\System\VUnUTti.exe
  C:\Windows\System\VUnUTti.exe
  2⤵
  PID:5476
- C:\Windows\System\nevPuRf.exe
  C:\Windows\System\nevPuRf.exe
  2⤵
  PID:5496
- C:\Windows\System\frNDvyL.exe
  C:\Windows\System\frNDvyL.exe
  2⤵
  PID:5536
- C:\Windows\System\pLqmwQF.exe
  C:\Windows\System\pLqmwQF.exe
  2⤵
  PID:5600
- C:\Windows\System\DMTDMbH.exe
  C:\Windows\System\DMTDMbH.exe
  2⤵
  PID:5592
- C:\Windows\System\AKmWeLN.exe
  C:\Windows\System\AKmWeLN.exe
  2⤵
  PID:5616
- C:\Windows\System\FJgEomY.exe
  C:\Windows\System\FJgEomY.exe
  2⤵
  PID:5660
- C:\Windows\System\ChbtKyI.exe
  C:\Windows\System\ChbtKyI.exe
  2⤵
  PID:5676
- C:\Windows\System\eRdGJSh.exe
  C:\Windows\System\eRdGJSh.exe
  2⤵
  PID:5696
- C:\Windows\System\CTQTkWT.exe
  C:\Windows\System\CTQTkWT.exe
  2⤵
  PID:5732
- C:\Windows\System\cWLxhUY.exe
  C:\Windows\System\cWLxhUY.exe
  2⤵
  PID:5772
- C:\Windows\System\gainbrD.exe
  C:\Windows\System\gainbrD.exe
  2⤵
  PID:5776
- C:\Windows\System\MANwcPV.exe
  C:\Windows\System\MANwcPV.exe
  2⤵
  PID:5840
- C:\Windows\System\tvIufAa.exe
  C:\Windows\System\tvIufAa.exe
  2⤵
  PID:5836
- C:\Windows\System\aqjMbbh.exe
  C:\Windows\System\aqjMbbh.exe
  2⤵
  PID:5876
- C:\Windows\System\rTQdFRJ.exe
  C:\Windows\System\rTQdFRJ.exe
  2⤵
  PID:1732
- C:\Windows\System\XZebOlm.exe
  C:\Windows\System\XZebOlm.exe
  2⤵
  PID:5916
- C:\Windows\System\BppUHUc.exe
  C:\Windows\System\BppUHUc.exe
  2⤵
  PID:544
- C:\Windows\System\pSZETfF.exe
  C:\Windows\System\pSZETfF.exe
  2⤵
  PID:5956
- C:\Windows\System\XqKOQMy.exe
  C:\Windows\System\XqKOQMy.exe
  2⤵
  PID:2848
- C:\Windows\System\ElJlMkR.exe
  C:\Windows\System\ElJlMkR.exe
  2⤵
  PID:2876
- C:\Windows\System\jyefdal.exe
  C:\Windows\System\jyefdal.exe
  2⤵
  PID:6000
- C:\Windows\System\suJJODA.exe
  C:\Windows\System\suJJODA.exe
  2⤵
  PID:1648
- C:\Windows\System\nuZMjvi.exe
  C:\Windows\System\nuZMjvi.exe
  2⤵
  PID:6044
- C:\Windows\System\bZidIXZ.exe
  C:\Windows\System\bZidIXZ.exe
  2⤵
  PID:6060
- C:\Windows\System\SeZztEN.exe
  C:\Windows\System\SeZztEN.exe
  2⤵
  PID:6104
- C:\Windows\System\aRbebhs.exe
  C:\Windows\System\aRbebhs.exe
  2⤵
  PID:4864
- C:\Windows\System\uxSIrFF.exe
  C:\Windows\System\uxSIrFF.exe
  2⤵
  PID:4580
- C:\Windows\System\oaBRrit.exe
  C:\Windows\System\oaBRrit.exe
  2⤵
  PID:6092
- C:\Windows\System\KCRmYLE.exe
  C:\Windows\System\KCRmYLE.exe
  2⤵
  PID:4748
- C:\Windows\System\drbUoTY.exe
  C:\Windows\System\drbUoTY.exe
  2⤵
  PID:3712
- C:\Windows\System\jLfVqBO.exe
  C:\Windows\System\jLfVqBO.exe
  2⤵
  PID:5256
- C:\Windows\System\eTWqtFA.exe
  C:\Windows\System\eTWqtFA.exe
  2⤵
  PID:5316
- C:\Windows\System\vxdRSUO.exe
  C:\Windows\System\vxdRSUO.exe
  2⤵
  PID:2780
- C:\Windows\System\EfWGXDS.exe
  C:\Windows\System\EfWGXDS.exe
  2⤵
  PID:5392
- C:\Windows\System\KEyeQck.exe
  C:\Windows\System\KEyeQck.exe
  2⤵
  PID:5396
- C:\Windows\System\sGylxPX.exe
  C:\Windows\System\sGylxPX.exe
  2⤵
  PID:2096
- C:\Windows\System\WkKknFN.exe
  C:\Windows\System\WkKknFN.exe
  2⤵
  PID:5552
- C:\Windows\System\ebhcXqH.exe
  C:\Windows\System\ebhcXqH.exe
  2⤵
  PID:5756
- C:\Windows\System\hAlArOs.exe
  C:\Windows\System\hAlArOs.exe
  2⤵
  PID:5832
- C:\Windows\System\wgTwqTr.exe
  C:\Windows\System\wgTwqTr.exe
  2⤵
  PID:5864
- C:\Windows\System\jPWXEwp.exe
  C:\Windows\System\jPWXEwp.exe
  2⤵
  PID:5936
- C:\Windows\System\XnLDBej.exe
  C:\Windows\System\XnLDBej.exe
  2⤵
  PID:2088
- C:\Windows\System\vdopZCG.exe
  C:\Windows\System\vdopZCG.exe
  2⤵
  PID:6020
- C:\Windows\System\zfyHFnn.exe
  C:\Windows\System\zfyHFnn.exe
  2⤵
  PID:5656
- C:\Windows\System\KdRfFtx.exe
  C:\Windows\System\KdRfFtx.exe
  2⤵
  PID:2792
- C:\Windows\System\FhtzVkt.exe
  C:\Windows\System\FhtzVkt.exe
  2⤵
  PID:1972
- C:\Windows\System\qQTzhrv.exe
  C:\Windows\System\qQTzhrv.exe
  2⤵
  PID:5820
- C:\Windows\System\bwRzReA.exe
  C:\Windows\System\bwRzReA.exe
  2⤵
  PID:1548
- C:\Windows\System\oExGIYp.exe
  C:\Windows\System\oExGIYp.exe
  2⤵
  PID:5940
- C:\Windows\System\aPgZBMX.exe
  C:\Windows\System\aPgZBMX.exe
  2⤵
  PID:5172
- C:\Windows\System\PeerdoR.exe
  C:\Windows\System\PeerdoR.exe
  2⤵
  PID:4808
- C:\Windows\System\plDhXUM.exe
  C:\Windows\System\plDhXUM.exe
  2⤵
  PID:4248
- C:\Windows\System\LZYeyEH.exe
  C:\Windows\System\LZYeyEH.exe
  2⤵
  PID:4884
- C:\Windows\System\EulRfRc.exe
  C:\Windows\System\EulRfRc.exe
  2⤵
  PID:5520
- C:\Windows\System\spDrcBi.exe
  C:\Windows\System\spDrcBi.exe
  2⤵
  PID:2124
- C:\Windows\System\ahSCESF.exe
  C:\Windows\System\ahSCESF.exe
  2⤵
  PID:5360
- C:\Windows\System\FtnmSHU.exe
  C:\Windows\System\FtnmSHU.exe
  2⤵
  PID:5700
- C:\Windows\System\tkuBelH.exe
  C:\Windows\System\tkuBelH.exe
  2⤵
  PID:5420
- C:\Windows\System\dKtykzh.exe
  C:\Windows\System\dKtykzh.exe
  2⤵
  PID:5472
- C:\Windows\System\iZIkmYK.exe
  C:\Windows\System\iZIkmYK.exe
  2⤵
  PID:328
- C:\Windows\System\lOmfPUP.exe
  C:\Windows\System\lOmfPUP.exe
  2⤵
  PID:5680
- C:\Windows\System\HRAJspX.exe
  C:\Windows\System\HRAJspX.exe
  2⤵
  PID:5780
- C:\Windows\System\XxuEiCo.exe
  C:\Windows\System\XxuEiCo.exe
  2⤵
  PID:5896
- C:\Windows\System\NgJyGMe.exe
  C:\Windows\System\NgJyGMe.exe
  2⤵
  PID:1140
- C:\Windows\System\SdDAdaR.exe
  C:\Windows\System\SdDAdaR.exe
  2⤵
  PID:2364
- C:\Windows\System\QNiQNKm.exe
  C:\Windows\System\QNiQNKm.exe
  2⤵
  PID:5292
- C:\Windows\System\tSwXurB.exe
  C:\Windows\System\tSwXurB.exe
  2⤵
  PID:1320
- C:\Windows\System\BxylpzN.exe
  C:\Windows\System\BxylpzN.exe
  2⤵
  PID:5800
- C:\Windows\System\wDjSBJf.exe
  C:\Windows\System\wDjSBJf.exe
  2⤵
  PID:5860
- C:\Windows\System\lDdXclf.exe
  C:\Windows\System\lDdXclf.exe
  2⤵
  PID:5492
- C:\Windows\System\XaldPZz.exe
  C:\Windows\System\XaldPZz.exe
  2⤵
  PID:2892
- C:\Windows\System\hTthexD.exe
  C:\Windows\System\hTthexD.exe
  2⤵
  PID:5880
- C:\Windows\System\ETFvZux.exe
  C:\Windows\System\ETFvZux.exe
  2⤵
  PID:860
- C:\Windows\System\eTRrZck.exe
  C:\Windows\System\eTRrZck.exe
  2⤵
  PID:5272
- C:\Windows\System\JngnAqq.exe
  C:\Windows\System\JngnAqq.exe
  2⤵
  PID:5716
- C:\Windows\System\qIAjjXr.exe
  C:\Windows\System\qIAjjXr.exe
  2⤵
  PID:5176
- C:\Windows\System\BQZWQmU.exe
  C:\Windows\System\BQZWQmU.exe
  2⤵
  PID:5192
- C:\Windows\System\hByMZEk.exe
  C:\Windows\System\hByMZEk.exe
  2⤵
  PID:6148
- C:\Windows\System\WbgiOZf.exe
  C:\Windows\System\WbgiOZf.exe
  2⤵
  PID:6168
- C:\Windows\System\iPJzNOL.exe
  C:\Windows\System\iPJzNOL.exe
  2⤵
  PID:6192
- C:\Windows\System\PBCeCso.exe
  C:\Windows\System\PBCeCso.exe
  2⤵
  PID:6212
- C:\Windows\System\KKQgigO.exe
  C:\Windows\System\KKQgigO.exe
  2⤵
  PID:6228
- C:\Windows\System\nUaXzZg.exe
  C:\Windows\System\nUaXzZg.exe
  2⤵
  PID:6252
- C:\Windows\System\UQThPZS.exe
  C:\Windows\System\UQThPZS.exe
  2⤵
  PID:6268
- C:\Windows\System\QwyvtTB.exe
  C:\Windows\System\QwyvtTB.exe
  2⤵
  PID:6284
- C:\Windows\System\dFjFIyq.exe
  C:\Windows\System\dFjFIyq.exe
  2⤵
  PID:6300
- C:\Windows\System\gVCLdXk.exe
  C:\Windows\System\gVCLdXk.exe
  2⤵
  PID:6316
- C:\Windows\System\qyIEhwB.exe
  C:\Windows\System\qyIEhwB.exe
  2⤵
  PID:6344
- C:\Windows\System\lYYxQES.exe
  C:\Windows\System\lYYxQES.exe
  2⤵
  PID:6360
- C:\Windows\System\LKiBbYW.exe
  C:\Windows\System\LKiBbYW.exe
  2⤵
  PID:6380
- C:\Windows\System\yJTPYhN.exe
  C:\Windows\System\yJTPYhN.exe
  2⤵
  PID:6396
- C:\Windows\System\PokDccz.exe
  C:\Windows\System\PokDccz.exe
  2⤵
  PID:6412
- C:\Windows\System\AFKftVm.exe
  C:\Windows\System\AFKftVm.exe
  2⤵
  PID:6428
- C:\Windows\System\ppvYnXE.exe
  C:\Windows\System\ppvYnXE.exe
  2⤵
  PID:6444
- C:\Windows\System\VQckMdV.exe
  C:\Windows\System\VQckMdV.exe
  2⤵
  PID:6460
- C:\Windows\System\XGofOYQ.exe
  C:\Windows\System\XGofOYQ.exe
  2⤵
  PID:6476
- C:\Windows\System\EAyzEal.exe
  C:\Windows\System\EAyzEal.exe
  2⤵
  PID:6500
- C:\Windows\System\VfJqFuk.exe
  C:\Windows\System\VfJqFuk.exe
  2⤵
  PID:6520
- C:\Windows\System\tkdwCyZ.exe
  C:\Windows\System\tkdwCyZ.exe
  2⤵
  PID:6544
- C:\Windows\System\SZXiyCw.exe
  C:\Windows\System\SZXiyCw.exe
  2⤵
  PID:6560
- C:\Windows\System\mFWbruu.exe
  C:\Windows\System\mFWbruu.exe
  2⤵
  PID:6576
- C:\Windows\System\mYILxtH.exe
  C:\Windows\System\mYILxtH.exe
  2⤵
  PID:6592
- C:\Windows\System\RTZKxFO.exe
  C:\Windows\System\RTZKxFO.exe
  2⤵
  PID:6608
- C:\Windows\System\azQNiAT.exe
  C:\Windows\System\azQNiAT.exe
  2⤵
  PID:6624
- C:\Windows\System\ZRBdKnn.exe
  C:\Windows\System\ZRBdKnn.exe
  2⤵
  PID:6640
- C:\Windows\System\JUJdrac.exe
  C:\Windows\System\JUJdrac.exe
  2⤵
  PID:6656
- C:\Windows\System\gtsEsNd.exe
  C:\Windows\System\gtsEsNd.exe
  2⤵
  PID:6712
- C:\Windows\System\qvxmCkm.exe
  C:\Windows\System\qvxmCkm.exe
  2⤵
  PID:6768
- C:\Windows\System\VgbBmeZ.exe
  C:\Windows\System\VgbBmeZ.exe
  2⤵
  PID:6784
- C:\Windows\System\fRdJPIV.exe
  C:\Windows\System\fRdJPIV.exe
  2⤵
  PID:6800
- C:\Windows\System\yQPpEkV.exe
  C:\Windows\System\yQPpEkV.exe
  2⤵
  PID:6816
- C:\Windows\System\qyWvlLR.exe
  C:\Windows\System\qyWvlLR.exe
  2⤵
  PID:6836
- C:\Windows\System\UUyMimR.exe
  C:\Windows\System\UUyMimR.exe
  2⤵
  PID:6852
- C:\Windows\System\TdVQIXf.exe
  C:\Windows\System\TdVQIXf.exe
  2⤵
  PID:6868
- C:\Windows\System\aNOhgHg.exe
  C:\Windows\System\aNOhgHg.exe
  2⤵
  PID:6884
- C:\Windows\System\cuysmrv.exe
  C:\Windows\System\cuysmrv.exe
  2⤵
  PID:6900
- C:\Windows\System\jqnKvhA.exe
  C:\Windows\System\jqnKvhA.exe
  2⤵
  PID:6924
- C:\Windows\System\FYzRygi.exe
  C:\Windows\System\FYzRygi.exe
  2⤵
  PID:6940
- C:\Windows\System\gmpYnYT.exe
  C:\Windows\System\gmpYnYT.exe
  2⤵
  PID:6960
- C:\Windows\System\UINjUtH.exe
  C:\Windows\System\UINjUtH.exe
  2⤵
  PID:6980
- C:\Windows\System\LVwHsOM.exe
  C:\Windows\System\LVwHsOM.exe
  2⤵
  PID:6996
- C:\Windows\System\EJVlAZJ.exe
  C:\Windows\System\EJVlAZJ.exe
  2⤵
  PID:7012
- C:\Windows\System\JdllPcJ.exe
  C:\Windows\System\JdllPcJ.exe
  2⤵
  PID:7028
- C:\Windows\System\TsDjdPs.exe
  C:\Windows\System\TsDjdPs.exe
  2⤵
  PID:7048
- C:\Windows\System\bSjyGMG.exe
  C:\Windows\System\bSjyGMG.exe
  2⤵
  PID:7068
- C:\Windows\System\dcOSKqF.exe
  C:\Windows\System\dcOSKqF.exe
  2⤵
  PID:7104
- C:\Windows\System\SfDAVKD.exe
  C:\Windows\System\SfDAVKD.exe
  2⤵
  PID:7128
- C:\Windows\System\aeBKAYi.exe
  C:\Windows\System\aeBKAYi.exe
  2⤵
  PID:7160
- C:\Windows\System\gYoeVNd.exe
  C:\Windows\System\gYoeVNd.exe
  2⤵
  PID:6188
- C:\Windows\System\XLTPDsK.exe
  C:\Windows\System\XLTPDsK.exe
  2⤵
  PID:5692
- C:\Windows\System\mCETMvs.exe
  C:\Windows\System\mCETMvs.exe
  2⤵
  PID:6220
- C:\Windows\System\nmCUYxB.exe
  C:\Windows\System\nmCUYxB.exe
  2⤵
  PID:6292
- C:\Windows\System\QHaFFiM.exe
  C:\Windows\System\QHaFFiM.exe
  2⤵
  PID:6328
- C:\Windows\System\xDGCntu.exe
  C:\Windows\System\xDGCntu.exe
  2⤵
  PID:6372
- C:\Windows\System\ecfzRqo.exe
  C:\Windows\System\ecfzRqo.exe
  2⤵
  PID:6440
- C:\Windows\System\ZHfEBLF.exe
  C:\Windows\System\ZHfEBLF.exe
  2⤵
  PID:6472
- C:\Windows\System\hPSZTcG.exe
  C:\Windows\System\hPSZTcG.exe
  2⤵
  PID:5612
- C:\Windows\System\yLrSupS.exe
  C:\Windows\System\yLrSupS.exe
  2⤵
  PID:1704
- C:\Windows\System\WzCGMaN.exe
  C:\Windows\System\WzCGMaN.exe
  2⤵
  PID:6556
- C:\Windows\System\CsDbaJf.exe
  C:\Windows\System\CsDbaJf.exe
  2⤵
  PID:6236
- C:\Windows\System\bkQFBFR.exe
  C:\Windows\System\bkQFBFR.exe
  2⤵
  PID:6276
- C:\Windows\System\FayPqWZ.exe
  C:\Windows\System\FayPqWZ.exe
  2⤵
  PID:6600
- C:\Windows\System\XXNpwnu.exe
  C:\Windows\System\XXNpwnu.exe
  2⤵
  PID:6540
- C:\Windows\System\ioZuCuk.exe
  C:\Windows\System\ioZuCuk.exe
  2⤵
  PID:6680
- C:\Windows\System\gNIVbPt.exe
  C:\Windows\System\gNIVbPt.exe
  2⤵
  PID:6308
- C:\Windows\System\SymVduh.exe
  C:\Windows\System\SymVduh.exe
  2⤵
  PID:6668
- C:\Windows\System\kYrbdyF.exe
  C:\Windows\System\kYrbdyF.exe
  2⤵
  PID:6200
- C:\Windows\System\tXMqWoE.exe
  C:\Windows\System\tXMqWoE.exe
  2⤵
  PID:6392
- C:\Windows\System\tMrXQfq.exe
  C:\Windows\System\tMrXQfq.exe
  2⤵
  PID:6728
- C:\Windows\System\eOgZdkQ.exe
  C:\Windows\System\eOgZdkQ.exe
  2⤵
  PID:6756
- C:\Windows\System\swyiVRb.exe
  C:\Windows\System\swyiVRb.exe
  2⤵
  PID:6780
- C:\Windows\System\TasuJlt.exe
  C:\Windows\System\TasuJlt.exe
  2⤵
  PID:6860
- C:\Windows\System\PGPcTSJ.exe
  C:\Windows\System\PGPcTSJ.exe
  2⤵
  PID:6932
- C:\Windows\System\fjVKphZ.exe
  C:\Windows\System\fjVKphZ.exe
  2⤵
  PID:7008
- C:\Windows\System\zHXFweg.exe
  C:\Windows\System\zHXFweg.exe
  2⤵
  PID:6912
- C:\Windows\System\lXRKpEu.exe
  C:\Windows\System\lXRKpEu.exe
  2⤵
  PID:6956
- C:\Windows\System\UeQgnYz.exe
  C:\Windows\System\UeQgnYz.exe
  2⤵
  PID:7024
- C:\Windows\System\BltLVyv.exe
  C:\Windows\System\BltLVyv.exe
  2⤵
  PID:7044
- C:\Windows\System\muqcmqG.exe
  C:\Windows\System\muqcmqG.exe
  2⤵
  PID:7096
- C:\Windows\System\EjvTxYM.exe
  C:\Windows\System\EjvTxYM.exe
  2⤵
  PID:7148
- C:\Windows\System\inqNmSm.exe
  C:\Windows\System\inqNmSm.exe
  2⤵
  PID:5276
- C:\Windows\System\jvzzvXA.exe
  C:\Windows\System\jvzzvXA.exe
  2⤵
  PID:6264
- C:\Windows\System\YJiWffK.exe
  C:\Windows\System\YJiWffK.exe
  2⤵
  PID:6468
- C:\Windows\System\fZdftDb.exe
  C:\Windows\System\fZdftDb.exe
  2⤵
  PID:1248
- C:\Windows\System\qAwSVof.exe
  C:\Windows\System\qAwSVof.exe
  2⤵
  PID:7112
- C:\Windows\System\unVKNBO.exe
  C:\Windows\System\unVKNBO.exe
  2⤵
  PID:1252
- C:\Windows\System\AXNanmV.exe
  C:\Windows\System\AXNanmV.exe
  2⤵
  PID:6120
- C:\Windows\System\sJHBsUj.exe
  C:\Windows\System\sJHBsUj.exe
  2⤵
  PID:6160
- C:\Windows\System\ZXUposS.exe
  C:\Windows\System\ZXUposS.exe
  2⤵
  PID:6648
- C:\Windows\System\Tgmprxf.exe
  C:\Windows\System\Tgmprxf.exe
  2⤵
  PID:6664
- C:\Windows\System\BQandBn.exe
  C:\Windows\System\BQandBn.exe
  2⤵
  PID:6688
- C:\Windows\System\nPkKkTP.exe
  C:\Windows\System\nPkKkTP.exe
  2⤵
  PID:5740
- C:\Windows\System\hFjVRvA.exe
  C:\Windows\System\hFjVRvA.exe
  2⤵
  PID:6488
- C:\Windows\System\pTaGTDd.exe
  C:\Windows\System\pTaGTDd.exe
  2⤵
  PID:6452
- C:\Windows\System\kVsopzd.exe
  C:\Windows\System\kVsopzd.exe
  2⤵
  PID:6740
- C:\Windows\System\niSuwMR.exe
  C:\Windows\System\niSuwMR.exe
  2⤵
  PID:6736
- C:\Windows\System\qwbgUxL.exe
  C:\Windows\System\qwbgUxL.exe
  2⤵
  PID:6828
- C:\Windows\System\eHdrXlt.exe
  C:\Windows\System\eHdrXlt.exe
  2⤵
  PID:6972
- C:\Windows\System\emUfGqv.exe
  C:\Windows\System\emUfGqv.exe
  2⤵
  PID:6920
- C:\Windows\System\hLZPldV.exe
  C:\Windows\System\hLZPldV.exe
  2⤵
  PID:6844
- C:\Windows\System\ZBzKblX.exe
  C:\Windows\System\ZBzKblX.exe
  2⤵
  PID:6848
- C:\Windows\System\bLCYkbw.exe
  C:\Windows\System\bLCYkbw.exe
  2⤵
  PID:7144
- C:\Windows\System\ELDCCRJ.exe
  C:\Windows\System\ELDCCRJ.exe
  2⤵
  PID:6368
- C:\Windows\System\iJZDTEt.exe
  C:\Windows\System\iJZDTEt.exe
  2⤵
  PID:6408
- C:\Windows\System\NmpRIPV.exe
  C:\Windows\System\NmpRIPV.exe
  2⤵
  PID:6208
- C:\Windows\System\pagqsDG.exe
  C:\Windows\System\pagqsDG.exe
  2⤵
  PID:1300
- C:\Windows\System\OSPyEwY.exe
  C:\Windows\System\OSPyEwY.exe
  2⤵
  PID:6244
- C:\Windows\System\WzsmNjc.exe
  C:\Windows\System\WzsmNjc.exe
  2⤵
  PID:6616
- C:\Windows\System\gQOxANJ.exe
  C:\Windows\System\gQOxANJ.exe
  2⤵
  PID:6696
- C:\Windows\System\DlQOToX.exe
  C:\Windows\System\DlQOToX.exe
  2⤵
  PID:6456
- C:\Windows\System\sEkQeNF.exe
  C:\Windows\System\sEkQeNF.exe
  2⤵
  PID:6876
- C:\Windows\System\DaPZIsx.exe
  C:\Windows\System\DaPZIsx.exe
  2⤵
  PID:7140
- C:\Windows\System\MLsdGaa.exe
  C:\Windows\System\MLsdGaa.exe
  2⤵
  PID:7036
- C:\Windows\System\ZtHniAA.exe
  C:\Windows\System\ZtHniAA.exe
  2⤵
  PID:5288
- C:\Windows\System\YBCeQyT.exe
  C:\Windows\System\YBCeQyT.exe
  2⤵
  PID:5540
- C:\Windows\System\CMgYOJz.exe
  C:\Windows\System\CMgYOJz.exe
  2⤵
  PID:6632
- C:\Windows\System\MoWjNoN.exe
  C:\Windows\System\MoWjNoN.exe
  2⤵
  PID:6532
- C:\Windows\System\yJufNxN.exe
  C:\Windows\System\yJufNxN.exe
  2⤵
  PID:6492
- C:\Windows\System\AlpZgGm.exe
  C:\Windows\System\AlpZgGm.exe
  2⤵
  PID:6512
- C:\Windows\System\yFXpram.exe
  C:\Windows\System\yFXpram.exe
  2⤵
  PID:6892
- C:\Windows\System\dQWrOLA.exe
  C:\Windows\System\dQWrOLA.exe
  2⤵
  PID:6332
- C:\Windows\System\EzMWUhe.exe
  C:\Windows\System\EzMWUhe.exe
  2⤵
  PID:2936
- C:\Windows\System\EQHsnWL.exe
  C:\Windows\System\EQHsnWL.exe
  2⤵
  PID:7056
- C:\Windows\System\VMGDedl.exe
  C:\Windows\System\VMGDedl.exe
  2⤵
  PID:7092
- C:\Windows\System\heQPkcK.exe
  C:\Windows\System\heQPkcK.exe
  2⤵
  PID:6568
- C:\Windows\System\eokZaUn.exe
  C:\Windows\System\eokZaUn.exe
  2⤵
  PID:6420
- C:\Windows\System\DsdByLX.exe
  C:\Windows\System\DsdByLX.exe
  2⤵
  PID:6976
- C:\Windows\System\bvHhmvE.exe
  C:\Windows\System\bvHhmvE.exe
  2⤵
  PID:7040
- C:\Windows\System\YNNBbsc.exe
  C:\Windows\System\YNNBbsc.exe
  2⤵
  PID:6588
- C:\Windows\System\NGgHZLC.exe
  C:\Windows\System\NGgHZLC.exe
  2⤵
  PID:2288
- C:\Windows\System\uPWWKsC.exe
  C:\Windows\System\uPWWKsC.exe
  2⤵
  PID:6724
- C:\Windows\System\aOhkaEw.exe
  C:\Windows\System\aOhkaEw.exe
  2⤵
  PID:7172
- C:\Windows\System\DbKatox.exe
  C:\Windows\System\DbKatox.exe
  2⤵
  PID:7188
- C:\Windows\System\sRmvYzG.exe
  C:\Windows\System\sRmvYzG.exe
  2⤵
  PID:7204
- C:\Windows\System\DLhnAhE.exe
  C:\Windows\System\DLhnAhE.exe
  2⤵
  PID:7220
- C:\Windows\System\LUdgXac.exe
  C:\Windows\System\LUdgXac.exe
  2⤵
  PID:7252
- C:\Windows\System\YQdxfeR.exe
  C:\Windows\System\YQdxfeR.exe
  2⤵
  PID:7272
- C:\Windows\System\hpnHWka.exe
  C:\Windows\System\hpnHWka.exe
  2⤵
  PID:7292
- C:\Windows\System\ozzCyPw.exe
  C:\Windows\System\ozzCyPw.exe
  2⤵
  PID:7308
- C:\Windows\System\WeTGLaj.exe
  C:\Windows\System\WeTGLaj.exe
  2⤵
  PID:7328
- C:\Windows\System\sdIgpLQ.exe
  C:\Windows\System\sdIgpLQ.exe
  2⤵
  PID:7348
- C:\Windows\System\VQsddOz.exe
  C:\Windows\System\VQsddOz.exe
  2⤵
  PID:7364
- C:\Windows\System\FHKxwqo.exe
  C:\Windows\System\FHKxwqo.exe
  2⤵
  PID:7380
- C:\Windows\System\JXPueQf.exe
  C:\Windows\System\JXPueQf.exe
  2⤵
  PID:7396
- C:\Windows\System\cmaklVI.exe
  C:\Windows\System\cmaklVI.exe
  2⤵
  PID:7412
- C:\Windows\System\pLtSiXh.exe
  C:\Windows\System\pLtSiXh.exe
  2⤵
  PID:7456
- C:\Windows\System\EtUXyon.exe
  C:\Windows\System\EtUXyon.exe
  2⤵
  PID:7476
- C:\Windows\System\OMRJofk.exe
  C:\Windows\System\OMRJofk.exe
  2⤵
  PID:7492
- C:\Windows\System\TAbLthU.exe
  C:\Windows\System\TAbLthU.exe
  2⤵
  PID:7512
- C:\Windows\System\zZbHwZs.exe
  C:\Windows\System\zZbHwZs.exe
  2⤵
  PID:7528
- C:\Windows\System\SeoDGon.exe
  C:\Windows\System\SeoDGon.exe
  2⤵
  PID:7548
- C:\Windows\System\bMnoxVm.exe
  C:\Windows\System\bMnoxVm.exe
  2⤵
  PID:7564
- C:\Windows\System\waOevHn.exe
  C:\Windows\System\waOevHn.exe
  2⤵
  PID:7584
- C:\Windows\System\jcoKvCb.exe
  C:\Windows\System\jcoKvCb.exe
  2⤵
  PID:7600
- C:\Windows\System\vsthdxh.exe
  C:\Windows\System\vsthdxh.exe
  2⤵
  PID:7616
- C:\Windows\System\TLqHSER.exe
  C:\Windows\System\TLqHSER.exe
  2⤵
  PID:7632
- C:\Windows\System\tLktLkb.exe
  C:\Windows\System\tLktLkb.exe
  2⤵
  PID:7652
- C:\Windows\System\EPdlWTY.exe
  C:\Windows\System\EPdlWTY.exe
  2⤵
  PID:7668
- C:\Windows\System\VdzsFsP.exe
  C:\Windows\System\VdzsFsP.exe
  2⤵
  PID:7684
- C:\Windows\System\rkPPtsJ.exe
  C:\Windows\System\rkPPtsJ.exe
  2⤵
  PID:7700
- C:\Windows\System\bwQNYXv.exe
  C:\Windows\System\bwQNYXv.exe
  2⤵
  PID:7716
- C:\Windows\System\UKBIgNw.exe
  C:\Windows\System\UKBIgNw.exe
  2⤵
  PID:7732
- C:\Windows\System\OhEnhay.exe
  C:\Windows\System\OhEnhay.exe
  2⤵
  PID:7748
- C:\Windows\System\QdQUpVj.exe
  C:\Windows\System\QdQUpVj.exe
  2⤵
  PID:7764
- C:\Windows\System\vyYsxKz.exe
  C:\Windows\System\vyYsxKz.exe
  2⤵
  PID:7780
- C:\Windows\System\ZRjqxuZ.exe
  C:\Windows\System\ZRjqxuZ.exe
  2⤵
  PID:7796
- C:\Windows\System\WUwZSkE.exe
  C:\Windows\System\WUwZSkE.exe
  2⤵
  PID:7828
- C:\Windows\System\GgzdRTq.exe
  C:\Windows\System\GgzdRTq.exe
  2⤵
  PID:7872
- C:\Windows\System\EqVkwzs.exe
  C:\Windows\System\EqVkwzs.exe
  2⤵
  PID:7916
- C:\Windows\System\gYacgrg.exe
  C:\Windows\System\gYacgrg.exe
  2⤵
  PID:7936
- C:\Windows\System\nmLnjhX.exe
  C:\Windows\System\nmLnjhX.exe
  2⤵
  PID:7952
- C:\Windows\System\gOBzNqm.exe
  C:\Windows\System\gOBzNqm.exe
  2⤵
  PID:7972
- C:\Windows\System\fVbuhCU.exe
  C:\Windows\System\fVbuhCU.exe
  2⤵
  PID:7988
- C:\Windows\System\bdIOPtY.exe
  C:\Windows\System\bdIOPtY.exe
  2⤵
  PID:8004
- C:\Windows\System\RWViumM.exe
  C:\Windows\System\RWViumM.exe
  2⤵
  PID:8020
- C:\Windows\System\VZmsjUs.exe
  C:\Windows\System\VZmsjUs.exe
  2⤵
  PID:8036
- C:\Windows\System\bqUpHeG.exe
  C:\Windows\System\bqUpHeG.exe
  2⤵
  PID:8056
- C:\Windows\System\GELgdqw.exe
  C:\Windows\System\GELgdqw.exe
  2⤵
  PID:8072
- C:\Windows\System\OqJwfCO.exe
  C:\Windows\System\OqJwfCO.exe
  2⤵
  PID:8092
- C:\Windows\System\xNrhiMC.exe
  C:\Windows\System\xNrhiMC.exe
  2⤵
  PID:8112
- C:\Windows\System\CAhYGlB.exe
  C:\Windows\System\CAhYGlB.exe
  2⤵
  PID:8128
- C:\Windows\System\XmXYNpv.exe
  C:\Windows\System\XmXYNpv.exe
  2⤵
  PID:8164
- C:\Windows\System\VavsTgy.exe
  C:\Windows\System\VavsTgy.exe
  2⤵
  PID:6260
- C:\Windows\System\XFUaHKg.exe
  C:\Windows\System\XFUaHKg.exe
  2⤵
  PID:7240
- C:\Windows\System\nwuiVRf.exe
  C:\Windows\System\nwuiVRf.exe
  2⤵
  PID:7232
- C:\Windows\System\GMVAuDH.exe
  C:\Windows\System\GMVAuDH.exe
  2⤵
  PID:7268
- C:\Windows\System\boJBYid.exe
  C:\Windows\System\boJBYid.exe
  2⤵
  PID:7316
- C:\Windows\System\qMExvIo.exe
  C:\Windows\System\qMExvIo.exe
  2⤵
  PID:7388
- C:\Windows\System\bxqolWf.exe
  C:\Windows\System\bxqolWf.exe
  2⤵
  PID:7300
- C:\Windows\System\XFUuUVU.exe
  C:\Windows\System\XFUuUVU.exe
  2⤵
  PID:7340
- C:\Windows\System\dRcNhml.exe
  C:\Windows\System\dRcNhml.exe
  2⤵
  PID:7376
- C:\Windows\System\METqwQo.exe
  C:\Windows\System\METqwQo.exe
  2⤵
  PID:7448
- C:\Windows\System\DuCflDU.exe
  C:\Windows\System\DuCflDU.exe
  2⤵
  PID:7520
- C:\Windows\System\LiGyGeA.exe
  C:\Windows\System\LiGyGeA.exe
  2⤵
  PID:7464
- C:\Windows\System\griUVZb.exe
  C:\Windows\System\griUVZb.exe
  2⤵
  PID:7540
- C:\Windows\System\VmhnHvq.exe
  C:\Windows\System\VmhnHvq.exe
  2⤵
  PID:7624
- C:\Windows\System\drqIkAR.exe
  C:\Windows\System\drqIkAR.exe
  2⤵
  PID:7788
- C:\Windows\System\GxGVurD.exe
  C:\Windows\System\GxGVurD.exe
  2⤵
  PID:7612
- C:\Windows\System\wzcgdDO.exe
  C:\Windows\System\wzcgdDO.exe
  2⤵
  PID:7608
- C:\Windows\System\JYPoNTL.exe
  C:\Windows\System\JYPoNTL.exe
  2⤵
  PID:7680
- C:\Windows\System\DfnfzJH.exe
  C:\Windows\System\DfnfzJH.exe
  2⤵
  PID:7744
- C:\Windows\System\OmBuFBF.exe
  C:\Windows\System\OmBuFBF.exe
  2⤵
  PID:7824
- C:\Windows\System\VKqavIO.exe
  C:\Windows\System\VKqavIO.exe
  2⤵
  PID:7848
- C:\Windows\System\ldsoOia.exe
  C:\Windows\System\ldsoOia.exe
  2⤵
  PID:7884
- C:\Windows\System\FXWblqN.exe
  C:\Windows\System\FXWblqN.exe
  2⤵
  PID:7896
- C:\Windows\System\rsFSEqe.exe
  C:\Windows\System\rsFSEqe.exe
  2⤵
  PID:7928
- C:\Windows\System\rdrbwYI.exe
  C:\Windows\System\rdrbwYI.exe
  2⤵
  PID:7996
- C:\Windows\System\cQlkyUC.exe
  C:\Windows\System\cQlkyUC.exe
  2⤵
  PID:8068
- C:\Windows\System\EeeZtZI.exe
  C:\Windows\System\EeeZtZI.exe
  2⤵
  PID:8136
- C:\Windows\System\hLrtCob.exe
  C:\Windows\System\hLrtCob.exe
  2⤵
  PID:8048
- C:\Windows\System\JTkXUiI.exe
  C:\Windows\System\JTkXUiI.exe
  2⤵
  PID:7912
- C:\Windows\System\jzNlYoy.exe
  C:\Windows\System\jzNlYoy.exe
  2⤵
  PID:7948
- C:\Windows\System\wjkAgTo.exe
  C:\Windows\System\wjkAgTo.exe
  2⤵
  PID:8156
- C:\Windows\System\hQfrZxi.exe
  C:\Windows\System\hQfrZxi.exe
  2⤵
  PID:8184
- C:\Windows\System\KhwtKxa.exe
  C:\Windows\System\KhwtKxa.exe
  2⤵
  PID:7196
- C:\Windows\System\fxNylLR.exe
  C:\Windows\System\fxNylLR.exe
  2⤵
  PID:7248
- C:\Windows\System\ycAUfYp.exe
  C:\Windows\System\ycAUfYp.exe
  2⤵
  PID:7264
- C:\Windows\System\tBgYbQV.exe
  C:\Windows\System\tBgYbQV.exe
  2⤵
  PID:7356
- C:\Windows\System\WTOCQJX.exe
  C:\Windows\System\WTOCQJX.exe
  2⤵
  PID:7372
- C:\Windows\System\OvASBwp.exe
  C:\Windows\System\OvASBwp.exe
  2⤵
  PID:7556
- C:\Windows\System\WYnkINW.exe
  C:\Windows\System\WYnkINW.exe
  2⤵
  PID:7408
- C:\Windows\System\zxKgUDT.exe
  C:\Windows\System\zxKgUDT.exe
  2⤵
  PID:7504
- C:\Windows\System\xujZfsm.exe
  C:\Windows\System\xujZfsm.exe
  2⤵
  PID:7724
- C:\Windows\System\lgZsBRR.exe
  C:\Windows\System\lgZsBRR.exe
  2⤵
  PID:7536
- C:\Windows\System\jJRvPHM.exe
  C:\Windows\System\jJRvPHM.exe
  2⤵
  PID:7812
- C:\Windows\System\xcsSwGR.exe
  C:\Windows\System\xcsSwGR.exe
  2⤵
  PID:7844
- C:\Windows\System\OfFPUmQ.exe
  C:\Windows\System\OfFPUmQ.exe
  2⤵
  PID:7804
- C:\Windows\System\XuCqaPY.exe
  C:\Windows\System\XuCqaPY.exe
  2⤵
  PID:7860
- C:\Windows\System\mpYRuTy.exe
  C:\Windows\System\mpYRuTy.exe
  2⤵
  PID:8084
- C:\Windows\System\cldXkBf.exe
  C:\Windows\System\cldXkBf.exe
  2⤵
  PID:8144
- C:\Windows\System\CqtlvKK.exe
  C:\Windows\System\CqtlvKK.exe
  2⤵
  PID:7984
- C:\Windows\System\RVqcqyX.exe
  C:\Windows\System\RVqcqyX.exe
  2⤵
  PID:8176
- C:\Windows\System\zTgFEsd.exe
  C:\Windows\System\zTgFEsd.exe
  2⤵
  PID:7236
- C:\Windows\System\rtEohmD.exe
  C:\Windows\System\rtEohmD.exe
  2⤵
  PID:7336
- C:\Windows\System\Jzkjxai.exe
  C:\Windows\System\Jzkjxai.exe
  2⤵
  PID:7712
- C:\Windows\System\QdGZaLW.exe
  C:\Windows\System\QdGZaLW.exe
  2⤵
  PID:8124
- C:\Windows\System\GHpnlPn.exe
  C:\Windows\System\GHpnlPn.exe
  2⤵
  PID:8160
- C:\Windows\System\uqeBljE.exe
  C:\Windows\System\uqeBljE.exe
  2⤵
  PID:7440
- C:\Windows\System\gUtQYxx.exe
  C:\Windows\System\gUtQYxx.exe
  2⤵
  PID:7864
- C:\Windows\System\MdPiQMv.exe
  C:\Windows\System\MdPiQMv.exe
  2⤵
  PID:7760
- C:\Windows\System\QpvWtzm.exe
  C:\Windows\System\QpvWtzm.exe
  2⤵
  PID:7288
- C:\Windows\System\amaGhzK.exe
  C:\Windows\System\amaGhzK.exe
  2⤵
  PID:7776
- C:\Windows\System\BxZuEWU.exe
  C:\Windows\System\BxZuEWU.exe
  2⤵
  PID:8104
- C:\Windows\System\mPxXeAb.exe
  C:\Windows\System\mPxXeAb.exe
  2⤵
  PID:7500
- C:\Windows\System\gyAczbh.exe
  C:\Windows\System\gyAczbh.exe
  2⤵
  PID:8080
- C:\Windows\System\NoKAQNZ.exe
  C:\Windows\System\NoKAQNZ.exe
  2⤵
  PID:7964
- C:\Windows\System\EQQJrII.exe
  C:\Windows\System\EQQJrII.exe
  2⤵
  PID:7880
- C:\Windows\System\VAnOaVY.exe
  C:\Windows\System\VAnOaVY.exe
  2⤵
  PID:7260
- C:\Windows\System\wxGzdag.exe
  C:\Windows\System\wxGzdag.exe
  2⤵
  PID:7580
- C:\Windows\System\GcmeFHC.exe
  C:\Windows\System\GcmeFHC.exe
  2⤵
  PID:7428
- C:\Windows\System\iCgikeC.exe
  C:\Windows\System\iCgikeC.exe
  2⤵
  PID:8108
- C:\Windows\System\qkeoUcV.exe
  C:\Windows\System\qkeoUcV.exe
  2⤵
  PID:7228
- C:\Windows\System\CzClpKL.exe
  C:\Windows\System\CzClpKL.exe
  2⤵
  PID:7420
- C:\Windows\System\FoBbRPw.exe
  C:\Windows\System\FoBbRPw.exe
  2⤵
  PID:7320
- C:\Windows\System\CFLzFud.exe
  C:\Windows\System\CFLzFud.exe
  2⤵
  PID:7488
- C:\Windows\System\SrkiiVY.exe
  C:\Windows\System\SrkiiVY.exe
  2⤵
  PID:7648
- C:\Windows\System\caaJnIq.exe
  C:\Windows\System\caaJnIq.exe
  2⤵
  PID:8188
- C:\Windows\System\LPDLbjo.exe
  C:\Windows\System\LPDLbjo.exe
  2⤵
  PID:8204
- C:\Windows\System\XBclrfn.exe
  C:\Windows\System\XBclrfn.exe
  2⤵
  PID:8228
- C:\Windows\System\OhBYEgt.exe
  C:\Windows\System\OhBYEgt.exe
  2⤵
  PID:8244
- C:\Windows\System\ElcJaZI.exe
  C:\Windows\System\ElcJaZI.exe
  2⤵
  PID:8260
- C:\Windows\System\JJDJaio.exe
  C:\Windows\System\JJDJaio.exe
  2⤵
  PID:8276
- C:\Windows\System\IGzrSUq.exe
  C:\Windows\System\IGzrSUq.exe
  2⤵
  PID:8296
- C:\Windows\System\LWkQskS.exe
  C:\Windows\System\LWkQskS.exe
  2⤵
  PID:8312
- C:\Windows\System\ASReweL.exe
  C:\Windows\System\ASReweL.exe
  2⤵
  PID:8336
- C:\Windows\System\KIuGwNN.exe
  C:\Windows\System\KIuGwNN.exe
  2⤵
  PID:8352
- C:\Windows\System\kCWZGFZ.exe
  C:\Windows\System\kCWZGFZ.exe
  2⤵
  PID:8376
- C:\Windows\System\vJxCSIK.exe
  C:\Windows\System\vJxCSIK.exe
  2⤵
  PID:8392
- C:\Windows\System\SClGAlx.exe
  C:\Windows\System\SClGAlx.exe
  2⤵
  PID:8408
- C:\Windows\System\xzoGpSw.exe
  C:\Windows\System\xzoGpSw.exe
  2⤵
  PID:8456
- C:\Windows\System\IDXWvwu.exe
  C:\Windows\System\IDXWvwu.exe
  2⤵
  PID:8472
- C:\Windows\System\fMVldYY.exe
  C:\Windows\System\fMVldYY.exe
  2⤵
  PID:8488
- C:\Windows\System\ztxvNQl.exe
  C:\Windows\System\ztxvNQl.exe
  2⤵
  PID:8520
- C:\Windows\System\EUcCSvX.exe
  C:\Windows\System\EUcCSvX.exe
  2⤵
  PID:8536
- C:\Windows\System\mzJKZME.exe
  C:\Windows\System\mzJKZME.exe
  2⤵
  PID:8556
- C:\Windows\System\gfRakcW.exe
  C:\Windows\System\gfRakcW.exe
  2⤵
  PID:8572
- C:\Windows\System\LEGcSxg.exe
  C:\Windows\System\LEGcSxg.exe
  2⤵
  PID:8588
- C:\Windows\System\feZfJWU.exe
  C:\Windows\System\feZfJWU.exe
  2⤵
  PID:8620
- C:\Windows\System\IdKgece.exe
  C:\Windows\System\IdKgece.exe
  2⤵
  PID:8636
- C:\Windows\System\TNZsHAU.exe
  C:\Windows\System\TNZsHAU.exe
  2⤵
  PID:8660
- C:\Windows\System\GLtPfTJ.exe
  C:\Windows\System\GLtPfTJ.exe
  2⤵
  PID:8676
- C:\Windows\System\Tetzglh.exe
  C:\Windows\System\Tetzglh.exe
  2⤵
  PID:8696
- C:\Windows\System\GcoSFts.exe
  C:\Windows\System\GcoSFts.exe
  2⤵
  PID:8712
- C:\Windows\System\fziFZtb.exe
  C:\Windows\System\fziFZtb.exe
  2⤵
  PID:8728
- C:\Windows\System\AHHugKs.exe
  C:\Windows\System\AHHugKs.exe
  2⤵
  PID:8744
- C:\Windows\System\nZoSArV.exe
  C:\Windows\System\nZoSArV.exe
  2⤵
  PID:8760
- C:\Windows\System\zDSoNxf.exe
  C:\Windows\System\zDSoNxf.exe
  2⤵
  PID:8780
- C:\Windows\System\rqpQves.exe
  C:\Windows\System\rqpQves.exe
  2⤵
  PID:8804
- C:\Windows\System\lpNSAyv.exe
  C:\Windows\System\lpNSAyv.exe
  2⤵
  PID:8824
- C:\Windows\System\AOjxaaI.exe
  C:\Windows\System\AOjxaaI.exe
  2⤵
  PID:8840
- C:\Windows\System\kukqtKK.exe
  C:\Windows\System\kukqtKK.exe
  2⤵
  PID:8864
- C:\Windows\System\YoIhAvK.exe
  C:\Windows\System\YoIhAvK.exe
  2⤵
  PID:8892
- C:\Windows\System\dHNCRsd.exe
  C:\Windows\System\dHNCRsd.exe
  2⤵
  PID:8912
- C:\Windows\System\bPaDicT.exe
  C:\Windows\System\bPaDicT.exe
  2⤵
  PID:8932
- C:\Windows\System\GIWjMdF.exe
  C:\Windows\System\GIWjMdF.exe
  2⤵
  PID:8952
- C:\Windows\System\uYzllGU.exe
  C:\Windows\System\uYzllGU.exe
  2⤵
  PID:8972
- C:\Windows\System\bHUiCQI.exe
  C:\Windows\System\bHUiCQI.exe
  2⤵
  PID:8992
- C:\Windows\System\cHZwGCU.exe
  C:\Windows\System\cHZwGCU.exe
  2⤵
  PID:9024
- C:\Windows\System\wfzOOzw.exe
  C:\Windows\System\wfzOOzw.exe
  2⤵
  PID:9044
- C:\Windows\System\LwLIMCH.exe
  C:\Windows\System\LwLIMCH.exe
  2⤵
  PID:9064
- C:\Windows\System\NshbXcB.exe
  C:\Windows\System\NshbXcB.exe
  2⤵
  PID:9080
- C:\Windows\System\CyGnOZJ.exe
  C:\Windows\System\CyGnOZJ.exe
  2⤵
  PID:9096
- C:\Windows\System\eKhQGWL.exe
  C:\Windows\System\eKhQGWL.exe
  2⤵
  PID:9112
- C:\Windows\System\PkKuxcF.exe
  C:\Windows\System\PkKuxcF.exe
  2⤵
  PID:9128
- C:\Windows\System\oNTEwzB.exe
  C:\Windows\System\oNTEwzB.exe
  2⤵
  PID:9152
- C:\Windows\System\sIpxGlN.exe
  C:\Windows\System\sIpxGlN.exe
  2⤵
  PID:9172
- C:\Windows\System\UasGApe.exe
  C:\Windows\System\UasGApe.exe
  2⤵
  PID:9192
- C:\Windows\System\hALqufG.exe
  C:\Windows\System\hALqufG.exe
  2⤵
  PID:8196
- C:\Windows\System\GmmwSJJ.exe
  C:\Windows\System\GmmwSJJ.exe
  2⤵
  PID:8304
- C:\Windows\System\vNnzhSD.exe
  C:\Windows\System\vNnzhSD.exe
  2⤵
  PID:8344
- C:\Windows\System\iVMDbiH.exe
  C:\Windows\System\iVMDbiH.exe
  2⤵
  PID:8384
- C:\Windows\System\QhPpkcV.exe
  C:\Windows\System\QhPpkcV.exe
  2⤵
  PID:8328
- C:\Windows\System\kiZhpAD.exe
  C:\Windows\System\kiZhpAD.exe
  2⤵
  PID:8404
- C:\Windows\System\wVeuJhe.exe
  C:\Windows\System\wVeuJhe.exe
  2⤵
  PID:8220
- C:\Windows\System\iimaGGQ.exe
  C:\Windows\System\iimaGGQ.exe
  2⤵
  PID:8424
- C:\Windows\System\FMflSzz.exe
  C:\Windows\System\FMflSzz.exe
  2⤵
  PID:8440
- C:\Windows\System\uHPgYRj.exe
  C:\Windows\System\uHPgYRj.exe
  2⤵
  PID:8468
- C:\Windows\System\XGUfsNB.exe
  C:\Windows\System\XGUfsNB.exe
  2⤵
  PID:8508
- C:\Windows\System\liiGJVL.exe
  C:\Windows\System\liiGJVL.exe
  2⤵
  PID:8532
- C:\Windows\System\gcHaFuX.exe
  C:\Windows\System\gcHaFuX.exe
  2⤵
  PID:8604
- C:\Windows\System\HDClGXO.exe
  C:\Windows\System\HDClGXO.exe
  2⤵
  PID:8552
- C:\Windows\System\NXQYNWl.exe
  C:\Windows\System\NXQYNWl.exe
  2⤵
  PID:8644
- C:\Windows\System\HeUFndn.exe
  C:\Windows\System\HeUFndn.exe
  2⤵
  PID:8684
- C:\Windows\System\nhZxCMS.exe
  C:\Windows\System\nhZxCMS.exe
  2⤵
  PID:8724
- C:\Windows\System\AmAlPOq.exe
  C:\Windows\System\AmAlPOq.exe
  2⤵
  PID:8672
- C:\Windows\System\ZyiRRVg.exe
  C:\Windows\System\ZyiRRVg.exe
  2⤵
  PID:8872
- C:\Windows\System\vuKTPGw.exe
  C:\Windows\System\vuKTPGw.exe
  2⤵
  PID:8812
- C:\Windows\System\uOSWrec.exe
  C:\Windows\System\uOSWrec.exe
  2⤵
  PID:8668
- C:\Windows\System\YAeGOgc.exe
  C:\Windows\System\YAeGOgc.exe
  2⤵
  PID:8820
- C:\Windows\System\IKcfbSP.exe
  C:\Windows\System\IKcfbSP.exe
  2⤵
  PID:8848
- C:\Windows\System\PdUEtSP.exe
  C:\Windows\System\PdUEtSP.exe
  2⤵
  PID:8900
- C:\Windows\System\DohBask.exe
  C:\Windows\System\DohBask.exe
  2⤵
  PID:8944
- C:\Windows\System\scNvpAx.exe
  C:\Windows\System\scNvpAx.exe
  2⤵
  PID:9000
- C:\Windows\System\XowiFGS.exe
  C:\Windows\System\XowiFGS.exe
  2⤵
  PID:9020
- C:\Windows\System\PgnioqJ.exe
  C:\Windows\System\PgnioqJ.exe
  2⤵
  PID:9092
- C:\Windows\System\CxuBvgq.exe
  C:\Windows\System\CxuBvgq.exe
  2⤵
  PID:9160
- C:\Windows\System\AtAmWZc.exe
  C:\Windows\System\AtAmWZc.exe
  2⤵
  PID:9072
- C:\Windows\System\lsloXdJ.exe
  C:\Windows\System\lsloXdJ.exe
  2⤵
  PID:9140
- C:\Windows\System\ABVsUKH.exe
  C:\Windows\System\ABVsUKH.exe
  2⤵
  PID:9200
- C:\Windows\System\rGxABuD.exe
  C:\Windows\System\rGxABuD.exe
  2⤵
  PID:8240
- C:\Windows\System\NTGfzbA.exe
  C:\Windows\System\NTGfzbA.exe
  2⤵
  PID:8064
- C:\Windows\System\aOExEaF.exe
  C:\Windows\System\aOExEaF.exe
  2⤵
  PID:8212
- C:\Windows\System\uBNALhs.exe
  C:\Windows\System\uBNALhs.exe
  2⤵
  PID:8288
- C:\Windows\System\snGkpZW.exe
  C:\Windows\System\snGkpZW.exe
  2⤵
  PID:8368
- C:\Windows\System\xaKjvgf.exe
  C:\Windows\System\xaKjvgf.exe
  2⤵
  PID:8448
- C:\Windows\System\XOtDucO.exe
  C:\Windows\System\XOtDucO.exe
  2⤵
  PID:8500
- C:\Windows\System\WwolJtB.exe
  C:\Windows\System\WwolJtB.exe
  2⤵
  PID:8528
- C:\Windows\System\fMDmplK.exe
  C:\Windows\System\fMDmplK.exe
  2⤵
  PID:8628
- C:\Windows\System\OAmbmXV.exe
  C:\Windows\System\OAmbmXV.exe
  2⤵
  PID:8720
- C:\Windows\System\YjfQeHb.exe
  C:\Windows\System\YjfQeHb.exe
  2⤵
  PID:8788
- C:\Windows\System\IAszLNi.exe
  C:\Windows\System\IAszLNi.exe
  2⤵
  PID:8928
- C:\Windows\System\miLbYjH.exe
  C:\Windows\System\miLbYjH.exe
  2⤵
  PID:8736
- C:\Windows\System\KKhGVuE.exe
  C:\Windows\System\KKhGVuE.exe
  2⤵
  PID:8960
- C:\Windows\System\mlOxowg.exe
  C:\Windows\System\mlOxowg.exe
  2⤵
  PID:8856
- C:\Windows\System\WcFHtOw.exe
  C:\Windows\System\WcFHtOw.exe
  2⤵
  PID:8512
- C:\Windows\System\rJBNmBa.exe
  C:\Windows\System\rJBNmBa.exe
  2⤵
  PID:9052
- C:\Windows\System\dLvusNQ.exe
  C:\Windows\System\dLvusNQ.exe
  2⤵
  PID:9164
- C:\Windows\System\jozTSco.exe
  C:\Windows\System\jozTSco.exe
  2⤵
  PID:9104
- C:\Windows\System\wpqxizF.exe
  C:\Windows\System\wpqxizF.exe
  2⤵
  PID:8416
- C:\Windows\System\zNSFSdc.exe
  C:\Windows\System\zNSFSdc.exe
  2⤵
  PID:8436
- C:\Windows\System\jgLsUyY.exe
  C:\Windows\System\jgLsUyY.exe
  2⤵
  PID:8544
- C:\Windows\System\rtWaMRz.exe
  C:\Windows\System\rtWaMRz.exe
  2⤵
  PID:8332
- C:\Windows\System\fMMAWxy.exe
  C:\Windows\System\fMMAWxy.exe
  2⤵
  PID:6552
- C:\Windows\System\JUXoHcR.exe
  C:\Windows\System\JUXoHcR.exe
  2⤵
  PID:8496
- C:\Windows\System\OqGCMxu.exe
  C:\Windows\System\OqGCMxu.exe
  2⤵
  PID:8652
- C:\Windows\System\LMLwVgJ.exe
  C:\Windows\System\LMLwVgJ.exe
  2⤵
  PID:8704
- C:\Windows\System\yXQhdZH.exe
  C:\Windows\System\yXQhdZH.exe
  2⤵
  PID:9036
- C:\Windows\System\DhOSDIv.exe
  C:\Windows\System\DhOSDIv.exe
  2⤵
  PID:9108
- C:\Windows\System\HgxbLBd.exe
  C:\Windows\System\HgxbLBd.exe
  2⤵
  PID:7596
- C:\Windows\System\QTkObaB.exe
  C:\Windows\System\QTkObaB.exe
  2⤵
  PID:8596
- C:\Windows\System\YlAGWBo.exe
  C:\Windows\System\YlAGWBo.exe
  2⤵
  PID:8616
- C:\Windows\System\gmsHTYm.exe
  C:\Windows\System\gmsHTYm.exe
  2⤵
  PID:8320
- C:\Windows\System\twdWQHU.exe
  C:\Windows\System\twdWQHU.exe
  2⤵
  PID:8880
- C:\Windows\System\rIJBZqw.exe
  C:\Windows\System\rIJBZqw.exe
  2⤵
  PID:8860
- C:\Windows\System\DDQNwqk.exe
  C:\Windows\System\DDQNwqk.exe
  2⤵
  PID:9012
- C:\Windows\System\TTWblIV.exe
  C:\Windows\System\TTWblIV.exe
  2⤵
  PID:8372
- C:\Windows\System\OfEbOMH.exe
  C:\Windows\System\OfEbOMH.exe
  2⤵
  PID:8268
- C:\Windows\System\aKKThdp.exe
  C:\Windows\System\aKKThdp.exe
  2⤵
  PID:9184
- C:\Windows\System\mQBNjSc.exe
  C:\Windows\System\mQBNjSc.exe
  2⤵
  PID:8772
- C:\Windows\System\qdESZww.exe
  C:\Windows\System\qdESZww.exe
  2⤵
  PID:8984
- C:\Windows\System\niaXhYL.exe
  C:\Windows\System\niaXhYL.exe
  2⤵
  PID:9212
- C:\Windows\System\CBJJSst.exe
  C:\Windows\System\CBJJSst.exe
  2⤵
  PID:9120
- C:\Windows\System\zDRradX.exe
  C:\Windows\System\zDRradX.exe
  2⤵
  PID:9060
- C:\Windows\System\TXAVMvK.exe
  C:\Windows\System\TXAVMvK.exe
  2⤵
  PID:8432
- C:\Windows\System\ujKtZhk.exe
  C:\Windows\System\ujKtZhk.exe
  2⤵
  PID:8236
- C:\Windows\System\vYNzvzw.exe
  C:\Windows\System\vYNzvzw.exe
  2⤵
  PID:8884
- C:\Windows\System\zNhNnfS.exe
  C:\Windows\System\zNhNnfS.exe
  2⤵
  PID:8792
- C:\Windows\System\eVMcMpR.exe
  C:\Windows\System\eVMcMpR.exe
  2⤵
  PID:9224
- C:\Windows\System\UJmAPHF.exe
  C:\Windows\System\UJmAPHF.exe
  2⤵
  PID:9244
- C:\Windows\System\aNmknJx.exe
  C:\Windows\System\aNmknJx.exe
  2⤵
  PID:9260
- C:\Windows\System\ouEgSnk.exe
  C:\Windows\System\ouEgSnk.exe
  2⤵
  PID:9276
- C:\Windows\System\xcpYMnK.exe
  C:\Windows\System\xcpYMnK.exe
  2⤵
  PID:9292
- C:\Windows\System\nnTvElH.exe
  C:\Windows\System\nnTvElH.exe
  2⤵
  PID:9308
- C:\Windows\System\lMYpQWL.exe
  C:\Windows\System\lMYpQWL.exe
  2⤵
  PID:9328
- C:\Windows\System\uljFVjM.exe
  C:\Windows\System\uljFVjM.exe
  2⤵
  PID:9344
- C:\Windows\System\ObtSvKf.exe
  C:\Windows\System\ObtSvKf.exe
  2⤵
  PID:9360
- C:\Windows\System\rjUXmwF.exe
  C:\Windows\System\rjUXmwF.exe
  2⤵
  PID:9404
- C:\Windows\System\DWmEUyE.exe
  C:\Windows\System\DWmEUyE.exe
  2⤵
  PID:9428
- C:\Windows\System\pLWUZyO.exe
  C:\Windows\System\pLWUZyO.exe
  2⤵
  PID:9444
- C:\Windows\System\zVtNLoE.exe
  C:\Windows\System\zVtNLoE.exe
  2⤵
  PID:9460
- C:\Windows\System\AEaCHAR.exe
  C:\Windows\System\AEaCHAR.exe
  2⤵
  PID:9476
- C:\Windows\System\xJJXJwR.exe
  C:\Windows\System\xJJXJwR.exe
  2⤵
  PID:9500
- C:\Windows\System\eRBJScr.exe
  C:\Windows\System\eRBJScr.exe
  2⤵
  PID:9516
- C:\Windows\System\IWcDGVC.exe
  C:\Windows\System\IWcDGVC.exe
  2⤵
  PID:9532
- C:\Windows\System\htoZeBf.exe
  C:\Windows\System\htoZeBf.exe
  2⤵
  PID:9548
- C:\Windows\System\iPFrdyD.exe
  C:\Windows\System\iPFrdyD.exe
  2⤵
  PID:9584
- C:\Windows\System\VhTmIlQ.exe
  C:\Windows\System\VhTmIlQ.exe
  2⤵
  PID:9600
- C:\Windows\System\yDZgcLQ.exe
  C:\Windows\System\yDZgcLQ.exe
  2⤵
  PID:9616
- C:\Windows\System\rpzVlMe.exe
  C:\Windows\System\rpzVlMe.exe
  2⤵
  PID:9632
- C:\Windows\System\ZPttViV.exe
  C:\Windows\System\ZPttViV.exe
  2⤵
  PID:9652
- C:\Windows\System\rtaczBF.exe
  C:\Windows\System\rtaczBF.exe
  2⤵
  PID:9668
- C:\Windows\System\awMcSPP.exe
  C:\Windows\System\awMcSPP.exe
  2⤵
  PID:9684
- C:\Windows\System\xIpUzkH.exe
  C:\Windows\System\xIpUzkH.exe
  2⤵
  PID:9708
- C:\Windows\System\KHpwofV.exe
  C:\Windows\System\KHpwofV.exe
  2⤵
  PID:9744
- C:\Windows\System\UFXoOWS.exe
  C:\Windows\System\UFXoOWS.exe
  2⤵
  PID:9760
- C:\Windows\System\JMSqQNu.exe
  C:\Windows\System\JMSqQNu.exe
  2⤵
  PID:9780
- C:\Windows\System\WPkvPQG.exe
  C:\Windows\System\WPkvPQG.exe
  2⤵
  PID:9800
- C:\Windows\System\fkNibRG.exe
  C:\Windows\System\fkNibRG.exe
  2⤵
  PID:9816
- C:\Windows\System\IkPosuZ.exe
  C:\Windows\System\IkPosuZ.exe
  2⤵
  PID:9836
- C:\Windows\System\iLmWhuf.exe
  C:\Windows\System\iLmWhuf.exe
  2⤵
  PID:9852
- C:\Windows\System\uwXtEOu.exe
  C:\Windows\System\uwXtEOu.exe
  2⤵
  PID:9892
- C:\Windows\System\UyTFhTP.exe
  C:\Windows\System\UyTFhTP.exe
  2⤵
  PID:9912
- C:\Windows\System\MHaBJLP.exe
  C:\Windows\System\MHaBJLP.exe
  2⤵
  PID:9932
- C:\Windows\System\FUTYXVQ.exe
  C:\Windows\System\FUTYXVQ.exe
  2⤵
  PID:9948
- C:\Windows\System\lJlgKyh.exe
  C:\Windows\System\lJlgKyh.exe
  2⤵
  PID:9968
- C:\Windows\System\tbfkDhX.exe
  C:\Windows\System\tbfkDhX.exe
  2⤵
  PID:9988
- C:\Windows\System\TMeNECr.exe
  C:\Windows\System\TMeNECr.exe
  2⤵
  PID:10008
- C:\Windows\System\pbzFKTa.exe
  C:\Windows\System\pbzFKTa.exe
  2⤵
  PID:10028
- C:\Windows\System\LjxEPzs.exe
  C:\Windows\System\LjxEPzs.exe
  2⤵
  PID:10048
- C:\Windows\System\NQeMfyg.exe
  C:\Windows\System\NQeMfyg.exe
  2⤵
  PID:10068
- C:\Windows\System\emoPwCh.exe
  C:\Windows\System\emoPwCh.exe
  2⤵
  PID:10088
- C:\Windows\System\czklRgM.exe
  C:\Windows\System\czklRgM.exe
  2⤵
  PID:10108
- C:\Windows\System\cQQQvhO.exe
  C:\Windows\System\cQQQvhO.exe
  2⤵
  PID:10128
- C:\Windows\System\jOqTptI.exe
  C:\Windows\System\jOqTptI.exe
  2⤵
  PID:10144
- C:\Windows\System\NatFDyd.exe
  C:\Windows\System\NatFDyd.exe
  2⤵
  PID:10160
- C:\Windows\System\QcBQxrz.exe
  C:\Windows\System\QcBQxrz.exe
  2⤵
  PID:10176
- C:\Windows\System\RUtspZb.exe
  C:\Windows\System\RUtspZb.exe
  2⤵
  PID:10200
- C:\Windows\System\bBhigft.exe
  C:\Windows\System\bBhigft.exe
  2⤵
  PID:10220
- C:\Windows\System\SVEFKMr.exe
  C:\Windows\System\SVEFKMr.exe
  2⤵
  PID:9252
- C:\Windows\System\bEJATXB.exe
  C:\Windows\System\bEJATXB.exe
  2⤵
  PID:9316
- C:\Windows\System\PsrXMzl.exe
  C:\Windows\System\PsrXMzl.exe
  2⤵
  PID:9356
- C:\Windows\System\RzxZpHg.exe
  C:\Windows\System\RzxZpHg.exe
  2⤵
  PID:9304
- C:\Windows\System\zNJKjuh.exe
  C:\Windows\System\zNJKjuh.exe
  2⤵
  PID:9368
- C:\Windows\System\exFcIfh.exe
  C:\Windows\System\exFcIfh.exe
  2⤵
  PID:9388
- C:\Windows\System\ImjZdvG.exe
  C:\Windows\System\ImjZdvG.exe
  2⤵
  PID:9412
- C:\Windows\System\aOHXTuo.exe
  C:\Windows\System\aOHXTuo.exe
  2⤵
  PID:9452
- C:\Windows\System\AQDsAoU.exe
  C:\Windows\System\AQDsAoU.exe
  2⤵
  PID:9496
- C:\Windows\System\PpuKBtY.exe
  C:\Windows\System\PpuKBtY.exe
  2⤵
  PID:9556
- C:\Windows\System\TwZbtwb.exe
  C:\Windows\System\TwZbtwb.exe
  2⤵
  PID:9508
- C:\Windows\System\PddPCKZ.exe
  C:\Windows\System\PddPCKZ.exe
  2⤵
  PID:9544
- C:\Windows\System\sFUbkxZ.exe
  C:\Windows\System\sFUbkxZ.exe
  2⤵
  PID:8836
- C:\Windows\System\zVLwrQF.exe
  C:\Windows\System\zVLwrQF.exe
  2⤵
  PID:9728
- C:\Windows\System\ZhBHRob.exe
  C:\Windows\System\ZhBHRob.exe
  2⤵
  PID:9624
- C:\Windows\System\jHUyPoM.exe
  C:\Windows\System\jHUyPoM.exe
  2⤵
  PID:9700
- C:\Windows\System\cKqPQSx.exe
  C:\Windows\System\cKqPQSx.exe
  2⤵
  PID:9772
- C:\Windows\System\VhOpjBs.exe
  C:\Windows\System\VhOpjBs.exe
  2⤵
  PID:9828
- C:\Windows\System\dqjFvYH.exe
  C:\Windows\System\dqjFvYH.exe
  2⤵
  PID:9752
- C:\Windows\System\BCNMtUs.exe
  C:\Windows\System\BCNMtUs.exe
  2⤵
  PID:9888
- C:\Windows\System\yUoShtm.exe
  C:\Windows\System\yUoShtm.exe
  2⤵
  PID:9900
- C:\Windows\System\MrFYUfZ.exe
  C:\Windows\System\MrFYUfZ.exe
  2⤵
  PID:9928
- C:\Windows\System\SNITYHY.exe
  C:\Windows\System\SNITYHY.exe
  2⤵
  PID:9964
- C:\Windows\System\GjqGSvq.exe
  C:\Windows\System\GjqGSvq.exe
  2⤵
  PID:10056
- C:\Windows\System\xpxHjkY.exe
  C:\Windows\System\xpxHjkY.exe
  2⤵
  PID:10000
- C:\Windows\System\zDqPpMF.exe
  C:\Windows\System\zDqPpMF.exe
  2⤵
  PID:10084
- C:\Windows\System\OUVLqNo.exe
  C:\Windows\System\OUVLqNo.exe
  2⤵
  PID:10104
- C:\Windows\System\EGKXDaa.exe
  C:\Windows\System\EGKXDaa.exe
  2⤵
  PID:10168
- C:\Windows\System\ZMEBWia.exe
  C:\Windows\System\ZMEBWia.exe
  2⤵
  PID:10216
- C:\Windows\System\AyHrJzO.exe
  C:\Windows\System\AyHrJzO.exe
  2⤵
  PID:10196
- C:\Windows\System\NsUuUTK.exe
  C:\Windows\System\NsUuUTK.exe
  2⤵
  PID:9284
- C:\Windows\System\SvAkVvr.exe
  C:\Windows\System\SvAkVvr.exe
  2⤵
  PID:9232
- C:\Windows\System\QwwIOad.exe
  C:\Windows\System\QwwIOad.exe
  2⤵
  PID:9352
- C:\Windows\System\QhaHeNK.exe
  C:\Windows\System\QhaHeNK.exe
  2⤵
  PID:9380
- C:\Windows\System\HULnztj.exe
  C:\Windows\System\HULnztj.exe
  2⤵
  PID:9340
- C:\Windows\System\iIgHchi.exe
  C:\Windows\System\iIgHchi.exe
  2⤵
  PID:9540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AzDpCfI.exe

Filesize
6.0MB

MD5
d10fcd2af3e8dd8ac4b6880b3b261b5f

SHA1
7f7d570270110d4cf6b0ffede5ef9e029a7e55fd

SHA256
e5bb06c993f59da83abdfd0491d4f3f1196e5600fd9cf4b486df77c70308fc45

SHA512
57bfecb7ce8a6ad706324801fab2b5a500859ab08123a88ff1e5a07448d8a1b3af8a2c1f03c1626b096a258d7567dd73da3ec357c8d52adfc49b66eba08fd0f2

Download Submit
C:\Windows\system\BDoKnOE.exe

Filesize
6.0MB

MD5
b7fa9c66938f3a2c0d53819d2de58e60

SHA1
b3980efdc82e5fa93b94da0f0e4f4d452d599a01

SHA256
93e25c7b9b9c46a8193bc847118a607c7094bbbb32bd396b44eee967fda1bca5

SHA512
fcc04cb6cd85c72aed9372a35c6c64261265ecf54e89e5b5a24a24e0cc9c03d106474d6f75ec8d7cab1f58ac3b67f18cb411c15e8dbd9b333bdd746ca4f40479

Download Submit
C:\Windows\system\BarBStr.exe

Filesize
6.0MB

MD5
758918de65b11240904562f41140ec54

SHA1
9bcb2652d681cd48e9db304580c6700b58977dff

SHA256
5391bc66caf52cceb2f92cb25660041bd6bc0ae05ad9e043ac97af48de044c5f

SHA512
6273d6b97e630fc1f18f8c1abc7bc045ce891d99f1987584a3333dcd64ce695dcc91f77790230a9a76b90a691a96e6e661de0847ddbd2d6f8a99499f7c422b0b

Download Submit
C:\Windows\system\DhjBAyT.exe

Filesize
6.0MB

MD5
986110df69c3f9b2727c9250df551f0c

SHA1
e42ce823ad43443b6db635a7cf1db6432215b031

SHA256
c4a90d6f69938c4a171f33b50c3685c4bb1e08fed36407a7e035a491b35ff7f4

SHA512
55f718422996cfe3eac76744c97865d607946a32dee66e9bba19c2afbd5ec11f45c712e1ad0a8926b3088bc5a98d923da613ee85b7bc5190a951fcf598d06d54

Download Submit
C:\Windows\system\EpzuqLp.exe

Filesize
6.0MB

MD5
26f773d2b685d43388eedad5dcb2191d

SHA1
d7c4ace5d8b43947b54737fe8031ae406e34a92f

SHA256
1871b6e6f32e664838cbfae84b45b30fe9796a7816ff68448430ee3519da9fbd

SHA512
42393e25ad82a890f1ba4e2cfbb7f8fd5d662b4fd2aacb4c6e129f46339f49e04af4ab00dc9468bf6625f9d21e8b78e26d55049bf712f089f3425fe94e14ba0d

Download Submit
C:\Windows\system\IEaEciQ.exe

Filesize
6.0MB

MD5
995ab63763c3365bae51dfdcfb42f260

SHA1
3c4a26580473bee9fe2cc2c31a48a024c4cfda9c

SHA256
9bb421f0e8be0561072ea37fa29a199d83b431942b4816985919d52c95dda705

SHA512
92e3a672c716bbbe59aaa8a18b017e23cadb0df832f26d2c64452383733b14459ab209df6acf6be99d8a53f65111cd59d0b2759e7b7120d0b2319d4a739cabc3

Download Submit
C:\Windows\system\KTBfDeb.exe

Filesize
6.0MB

MD5
07c6b48255f1c4de1a2ae5cda89c075a

SHA1
992bb500389aabb9f121d4c887454920e10c9d56

SHA256
3adc107c7bf715e9e86666524219d58c84a78e18cb760d1e02746e0cfb938da4

SHA512
3073c5e10763077491359ee8f40ee210e5e642430516750b1abb2d5a70d0c2ed29f04d6acb647043ffcca88b2fccfaf5c4e362196735a6d948d534c9814b5c92

Download Submit
C:\Windows\system\MMvekZj.exe

Filesize
6.0MB

MD5
cae94e5ef1c5a64c2759d2df8be93e2e

SHA1
724df4000f7d2f44fc5280ed9e017c47177c8325

SHA256
d2e25880c3c9030cae0a6ba108e109cafccc97be4d7953839770dd36f9e15d64

SHA512
c34d6cfc221a023ad9f82b9d1ddd6e2afcc9c3149f948d803e550234cbea2981f012bd9c22c93e7be93437cb302ad3417edb1f27db695baec7fcd661f461f351

Download Submit
C:\Windows\system\Nolujto.exe

Filesize
6.0MB

MD5
917fb57ac219bf7382acaa765c2026f4

SHA1
4c950e32cb33f539cad62f5138535f36d45c0860

SHA256
1a404871cb8cbc6bd2e4f03d223961c0040091e840f64a0f64121c961f9e045f

SHA512
7956426d48454d859b4e881ed95b6856c1c898bb726fc232f293e0d2bb804a2a0d5bfe58d8dab18261c10039ae2525a7c38a34f0430cf47f539ff87e747ac82d

Download Submit
C:\Windows\system\OzHXdev.exe

Filesize
6.0MB

MD5
db274f5100f03d6f7423d46975eef1bb

SHA1
74e63af3ed78560758a2ee3e6c7674857a1dc84e

SHA256
385b03758076a68c49788e2810a8b2b3705e81c90d5e820274f26089b9571dba

SHA512
de401065c80bf7f390b2a1019e9f4c6560dea773caab5f5b0e71f7810297e49ba2f8be7afabc6caba316f50f14c0fc1edd974553747257a11c40de9118bdfa83

Download Submit
C:\Windows\system\QtcAcVx.exe

Filesize
6.0MB

MD5
88ab6453eb4843b58bf6fc9b6a0aec5f

SHA1
a8f17822cae8e67466ba55c725b300396b4c85b8

SHA256
a8c5dbe8c3fb11dd77d2741ac2a9545720324b1a889a4e491cbb5a23cc24a7ea

SHA512
9c0c20a12593a9ec4c964772edd429d0412872f10355ea0dc41fe5d627c5a3302163d332e633b0a4593068ad51f1d5361461e5fe617961786d66680cb5201030

Download Submit
C:\Windows\system\RRlCftZ.exe

Filesize
6.0MB

MD5
11bb21054d8baf7f439bda3b9b9af36b

SHA1
d43f3a5bdddcb713e3ed99970ed32a36a03e31b7

SHA256
bb790a18e5620ca0c6b2ec6dd7ce5f17e25378ff4ebaf1b401a18ef1c19798d6

SHA512
257441c1b144fbabb3041ec77e2448b61b8444060de6db25c2733264213fe1831583c58b772e51f8559b1e2b67800965a7e58b831ccae858097f588c167327f3

Download Submit
C:\Windows\system\WJLmKqs.exe

Filesize
6.0MB

MD5
2bfd4d6a4f0e61d22138beb5c1300e4b

SHA1
b0fa1b227dd04d865c9fd5d8126310a7d8c97c36

SHA256
45d41c2ef701abb83edfdfb47e00d3f3c123eb3a707d93ebb8191b78735e708e

SHA512
638ce793284ab4e4e5a08601e192a91c4a3851f92c80418f39d499f828dc8449c518d28031a5f907d93aebc724e8ca43fd048a26ef896f72bc241c4bb6cfbef4

Download Submit
C:\Windows\system\XVNOYcH.exe

Filesize
6.0MB

MD5
e5f9e8c04a33d9ab42a4d2a2b42968f2

SHA1
792a76e2dd4db4f0af978329a1472e178f0317d3

SHA256
74c31a0a08f839b7fa9cff279a1926f410fc2dc1f91e9999eb643451d4cc5448

SHA512
c506dea534cef03cdb1b607fc0671be45ab9bfc3cfe7d9641ecdc02060213aa774c7eab66b80c7e7ea9f7cdfda096c623b5a2d30e35fdb8ac5ce031c43a6fd11

Download Submit
C:\Windows\system\XiXGXmu.exe

Filesize
6.0MB

MD5
90f66a1e1e136b3f2f5f9f86ac1f2302

SHA1
dbd622411502feeb9801991ae77c448da16faebe

SHA256
0b73bbfe99fff5ec113f005c58559183448be45c3a6b788b6b164eb05d75fc44

SHA512
76fc25a7f99e6b08c9762d4d552e13b85cc04bbf715685126da89dffb6ba3d58439d9c6b8a048f2742918f1fb64b073caf59453087830b89fe19af93da73dc9b

Download Submit
C:\Windows\system\YWgvCVE.exe

Filesize
6.0MB

MD5
85bf6760040b5e8f38697b44d2f60127

SHA1
5cd91003b1ebf75e4b711b0c10a04b45e10c96ca

SHA256
b5c5c0c95355d468aba662ab61c53842e686a718ec16196e3b49a5c1ad7ea5dc

SHA512
ad281b7504d8903e55a2953e0b0fbdf9f1a2c2480f3e5b7194ef7288ea4c1ff8194bbda0503b2eb3c290e4d594d85132c4b51faef8fb357ecfb02463375e9e5c

Download Submit
C:\Windows\system\eeRGYEh.exe

Filesize
6.0MB

MD5
ad1f17b7780c9932bc7d8a8c6a72dc46

SHA1
c246468c00213398555045602c9e7187faeec154

SHA256
50d7ec897bd38592df71af84c4aecce66514e634c043284fd4e79b74ca78cb64

SHA512
9779170c07d7220a4b61d780ba65e71630e6c9d3760d91a94017381cf7f81f11279dd34598799eef30a62ae589e5c4338213a9d2ace12a9b3a253953263f0af8

Download Submit
C:\Windows\system\jaJbfvl.exe

Filesize
6.0MB

MD5
fe4c855f87074343ff8816999c79fa4c

SHA1
2cc6db8f3e5486c715d6150aa06bc6a1bcf90969

SHA256
edeb5044ef32d841c235edee7ab327ccc3b2b5d4d35193f6f586be04f425a3e4

SHA512
ce404b0d57f89780ab3c4d6917b3d964bf9f9dac6b8666b0403cb16d3ac1f80b587d21644fa85ba31bc0961387dee79bd063cc5ae43b7950a75486a929c7c2aa

Download Submit
C:\Windows\system\jtTAAYp.exe

Filesize
6.0MB

MD5
0e6116ea9a1e9f36eae4a4cae1478e21

SHA1
349a7d0d0f42b6413ba67fdc24a84c837c53ae56

SHA256
3348ab67df37f3f6796741208229d3adec16ab2b91e337e055ab35c1d582c1de

SHA512
6c604157bd0730958ed2a387846e0ed2bbe438d805743726a377cc10409ffa0d466bd5515255e1eaa81f20eef86d67469c7bdc83a11ce48d2adfd221c058c501

Download Submit
C:\Windows\system\jydriQj.exe

Filesize
8B

MD5
a41e087e300095db39499fddbece5284

SHA1
32c98dff557cfdfb2e140baeb424f37b0c25287c

SHA256
2dccc70e022fa8b1047d633571018845dbe9661a2da68309beb37566f727f189

SHA512
4c3db4355e51273f05eca7574cba9496aac712c8abc16f15693870ab3a9d8a8eaa56a7f31cb91fdfe717ec11bfa6944a0af58d8d4f724f3d6f3d13a5305e8d01

Download Submit
C:\Windows\system\qOUOKzQ.exe

Filesize
6.0MB

MD5
4b1a09ec64f89de4c0d5fe4ab54bd789

SHA1
6fd6743fd0a0b94387979e3fcdcdd82957daf68a

SHA256
9441d4282822011d41b953fe6bb0b748099a37417d3426ca27a8ee90a5d91403

SHA512
45de19cd78119b61bf9320764c55f37360656e5eaf59622c65289bdc657d8eb0049747661d7e619047c24459ab35beb068f16bcfa4e5c51703ef724933d250f5

Download Submit
C:\Windows\system\qiLfgEJ.exe

Filesize
6.0MB

MD5
f62e418894b0292e1f4b7510051b0896

SHA1
e91a08a03c8cbf71c960e55699060432f4b1298f

SHA256
6e7aed87052f5ed9c73728a658cca2ea660f1ba844eadcdc780bd722346366cf

SHA512
a12b618ccd43585ca1a9f6ac502f62517021c3833ccaf46b6cc59c454d729b8b69a4376547e690018addb33eb73ad919ff5e50bc726ce5121cf995d5eb3f6dc5

Download Submit
C:\Windows\system\ratpQTN.exe

Filesize
6.0MB

MD5
4fa925589a03806a391baab786192d7f

SHA1
300aec87aeec3009c9bcfaa82ccfcd492b2c343e

SHA256
9102997df731d9f185642f8c983773925cb5c2ea86f9d11e1ec04810ffc17e60

SHA512
0f734799fb973df9e99752f3af1619a0823829dbba80aba9509919c81c06bab8e61b7c2a25eff3138441fc1d40b313dcae8ed9e060a1ab6241f8cbbd9f8b7fb4

Download Submit
C:\Windows\system\seqbBeF.exe

Filesize
6.0MB

MD5
c1374432b270bcb7e3a0196794c099af

SHA1
0a1b8a9f9d02cc1c7fc94c4b0917974c138a80ea

SHA256
d2cced3a0c01bb8c69a6b4b7c9deca9c57f2f9a7e6e74ad00b93eff1c25363f1

SHA512
881311faf2364e5504ff800302a0679abf87bb6b24f709dc2fd16e584e3545c91908013811ef998572d95efe79465b25f1db61f9f8d88cfde6893987f90169a9

Download Submit
C:\Windows\system\vRTjzGv.exe

Filesize
6.0MB

MD5
535a2238450b1b04e61d1a942b0e202b

SHA1
dc6b04baf7f3d9c848d8324d8f65bee0679f2f60

SHA256
2d80e4cfd8c6ca8b10b3f4a5347412e9dde64131a4c804ea6b8675ce7942e54b

SHA512
74e71350e766ba78d0ee9dc2b66800075a6e32261b4b0e8d0d185ba637377daaa3a141560f3404460bc600b8a68d15855ed99170611dcbab44e9398ccd79a356

Download Submit
\Windows\system\FmQMQNL.exe

Filesize
6.0MB

MD5
bf9dbae4ca80efe6b30da98d56bbd9cd

SHA1
d57d9c7d59434320599199d94bda1b1d66a1bc75

SHA256
4eb1e581e122184bef19c64e59b3f545f6588a53999a94735b751459084e5258

SHA512
ff9d3e3a57f03762421b3b1376a95cf2ba2428cbba65f77ed003ec3cc291183955a5f8fac8ac0403cd018c9b490756e201ba7a962997cb275966174eafd74bfd

Download Submit
\Windows\system\JhMZiMP.exe

Filesize
6.0MB

MD5
c2fdf13408ffa6f3c875daaf10415164

SHA1
54c6770dbbe166b48c502ff8d8c2147abc0e6fd7

SHA256
0c64d52ab35ec91a60782846266574840b6db7c81f5cd16ac08c492b32418ee5

SHA512
3f760cb50723267456e1c96e43957da1f00f5ab3a5cef926f3be0c50d9a8ecd9c6b6135d854fc89c24fe4da1de0620ea04b3132491c9a070c20aac9577ab34cf

Download Submit
\Windows\system\MwnbWmD.exe

Filesize
6.0MB

MD5
712a020486f01b18476009df3008beca

SHA1
d5e2d1bbd186c04d72c7de08287a8dbdea0b28eb

SHA256
26061950d99b05a3ef63f2892489095e047d53caffcea6151b0ccb2b89267857

SHA512
a877d9cc9e9f9a4444a4cf8f69a0f6a1f21cd0fc1c6c92b642fe042fb4314aa0fd895af1a2517826998b3c1550f47e0d4193949fce964cf349629539af06b9c1

Download Submit
\Windows\system\TJWOfnw.exe

Filesize
6.0MB

MD5
378949370a299f7b808ea3aa1c3db627

SHA1
fa8b15cbbf1d3b7cd2bba78c3edded07c7b57487

SHA256
a5a2b52838e0479d78718f34805c09dc2ea62bf8b0083ff39b1cda553efe0d1d

SHA512
3f4fbe7c57281d1a002a48c705a3997eb743d7632a97e52a6407a9320f922740e3f9e1b29ff44f249cbaf5a861a409dc7a0bd0bc145b61377c325d1c8fddfe2f

Download Submit
\Windows\system\TydhqFP.exe

Filesize
6.0MB

MD5
d10ad4bf3286f9cfa0a9cb0f0809abf5

SHA1
ac72df34414afdd35dd94fb5c66362f607ecbafb

SHA256
b7737b8e9588f1aa9b38be3ba77851a9dc6f2b6ee95cc7de4fd6b068863b1e47

SHA512
69c1b788bc57942b9b396a79408fab176dd270c59c795ff2f56e40dc4c4e52f06441f6d9916ed4819b52ce2bbd196cce173b4d411103fdfc471a749fe46a0d52

Download Submit
\Windows\system\XBzTmws.exe

Filesize
6.0MB

MD5
1b800b2ea86a60957c13d3c1bec2176f

SHA1
b9d552ac23a4968bb3d7e8178fe31d77e3e6917c

SHA256
9c6ebaf0f6eb1cf0ede0f9fbdf1fef8d22cfdfb59a0be2ca5c8768ad843db4d6

SHA512
9b423239b1e64c45750d3109a495ca6a9112e70236a909488d266fd9294968fb628959d31829124fc037c90ac1e1caa4eb9ee9c07955a465d5a0a87603fd5517

Download Submit
\Windows\system\mWpcdjG.exe

Filesize
6.0MB

MD5
a63b5d2384da954bb4a37f9e8207e831

SHA1
ddd2468cb6e40719b85408a2b0c4f80cfb9a2cbb

SHA256
757553e29f745fa542e0ad354f981011eb0b6f7215facf3da031fb5610180983

SHA512
0c03eda5d2351a38d0fc53251053579c311bcf81e3f8780cb9fa562b8932b658357cf4e7b92367dc324fd7c98ca29c89ad283b45d1efdfceba8972c9fe8c8506

Download Submit
\Windows\system\xTHAbQP.exe

Filesize
6.0MB

MD5
c5f0a638c468c17c44eb67dded881532

SHA1
b99f42f8cd66b8ae8c6a224c2a126cbf43bfc176

SHA256
045374a0e8a2b7a7b954120857d963e30b9dd233df0beeb98787ad9f44d593c7

SHA512
5e554a3fafe8b801120fb2aeb65225492f525c1255af4044f3db8cff2598c5bf80ca8d624c5d6cc4e1fb5748a1e291b31019a2eb8c5635fdc75acb57b2537e0b

Download Submit
memory/1092-118-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1092-3370-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1108-738-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1108-105-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1108-3388-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1392-39-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1392-33-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1392-90-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1392-89-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-92-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1392-1-0x0000000000090000-0x00000000000A0000-memory.dmp

Filesize
64KB

Download
memory/1392-86-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1392-72-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1392-12-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-19-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1392-91-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-222-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-37-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1392-49-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-65-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1392-297-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1392-907-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-45-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1392-28-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1392-455-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1392-370-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-2827-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-8-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-55-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2140-2834-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2140-32-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2831-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-53-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-14-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-85-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3182-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2556-83-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3183-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2608-84-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3184-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2848-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2680-59-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2680-35-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2732-41-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2732-87-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2845-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3181-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2756-80-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2912-50-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2912-94-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2849-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2992-95-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3216-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-585-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-24-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/3048-54-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2843-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download