cobaltstrike | 093120bc3a659db44c8fccab9a97be08963e2784a541d6b203ec67f7bba00240

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

82a50b7da1d060dfc2d092e81afea70f
SHA1

cdc84105b713c016e18681d945cad60f606827aa
SHA256

093120bc3a659db44c8fccab9a97be08963e2784a541d6b203ec67f7bba00240
SHA512

9f40a9ad0df3cc052391a6102a55b92201e66e9195b21797e2e261b7c9c3924bedd520003d0cdd39e330db0935bbe2202085802f37041b2db59a1ae7d3922e38
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e00000001537c-3.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191fd-7.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019220-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019240-36.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cc-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c8-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c4-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ca-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c6-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c0-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ce-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-56.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194bd-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019238-35.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925d-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019217-9.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1764-0-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x000e00000001537c-3.dat	xmrig
behavioral1/files/0x00060000000191fd-7.dat	xmrig
behavioral1/files/0x0006000000019220-26.dat	xmrig
behavioral1/files/0x0008000000019240-36.dat	xmrig
behavioral1/files/0x000500000001a07b-61.dat	xmrig
behavioral1/files/0x000500000001a0a1-66.dat	xmrig
behavioral1/files/0x000500000001a42f-91.dat	xmrig
behavioral1/files/0x000500000001a48c-112.dat	xmrig
behavioral1/files/0x000500000001a49c-126.dat	xmrig
behavioral1/memory/2564-337-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2800-351-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2752-1208-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2356-1207-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/1764-801-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2484-347-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2924-345-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2584-343-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2540-341-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2716-339-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2764-335-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2660-333-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4cc-162.dat	xmrig
behavioral1/files/0x000500000001a4c8-156.dat	xmrig
behavioral1/files/0x000500000001a4c4-150.dat	xmrig
behavioral1/files/0x000500000001a4b7-146.dat	xmrig
behavioral1/memory/2856-144-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bb-141.dat	xmrig
behavioral1/files/0x000500000001a4b5-134.dat	xmrig
behavioral1/files/0x000500000001a48e-116.dat	xmrig
behavioral1/files/0x000500000001a4ca-170.dat	xmrig
behavioral1/files/0x000500000001a4c6-169.dat	xmrig
behavioral1/files/0x000500000001a4c0-168.dat	xmrig
behavioral1/files/0x000500000001a4ce-166.dat	xmrig
behavioral1/files/0x000500000001a4aa-131.dat	xmrig
behavioral1/files/0x000500000001a49a-121.dat	xmrig
behavioral1/files/0x000500000001a46a-106.dat	xmrig
behavioral1/files/0x000500000001a434-101.dat	xmrig
behavioral1/files/0x000500000001a431-96.dat	xmrig
behavioral1/files/0x000500000001a42d-87.dat	xmrig
behavioral1/files/0x000500000001a42b-81.dat	xmrig
behavioral1/files/0x000500000001a345-76.dat	xmrig
behavioral1/files/0x000500000001a301-71.dat	xmrig
behavioral1/files/0x000500000001a067-56.dat	xmrig
behavioral1/files/0x00070000000194bd-47.dat	xmrig
behavioral1/files/0x0005000000019fb9-50.dat	xmrig
behavioral1/files/0x0006000000019238-35.dat	xmrig
behavioral1/memory/2752-34-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x000700000001925d-40.dat	xmrig
behavioral1/memory/2356-22-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2628-15-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2840-14-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0006000000019217-9.dat	xmrig
behavioral1/memory/2628-4037-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2856-4044-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2584-4048-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2764-4047-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2484-4046-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2716-4045-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2924-4043-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2540-4042-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2564-4041-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2800-4040-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2660-4039-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2628	XMAPYVA.exe
2840	TUJHLWH.exe
2356	PURKCAH.exe
2752	pWsXIOl.exe
2800	eIPuNWD.exe
2856	emqhahE.exe
2660	JaGvOVw.exe
2764	dRSNCKv.exe
2564	IgqNJwl.exe
2716	qVYWRIV.exe
2540	OHPfuEf.exe
2584	inJBfBq.exe
2924	RziPeeh.exe
2484	zdkynSV.exe
1008	OhWZwcZ.exe
1816	tGpyUeL.exe
2736	czhbepD.exe
1656	KHyAhiU.exe
2364	XYZIsPN.exe
1040	fDvtuIu.exe
640	xfcReCr.exe
1612	HMnPiWd.exe
2280	IyiIJhI.exe
2456	dJExrvO.exe
1956	MrftiHt.exe
1808	YifoRjx.exe
1128	dyOlehI.exe
1800	pgqObda.exe
1312	vgstwyE.exe
544	XAimoCC.exe
684	ctHWLPo.exe
1812	GKEeanx.exe
2220	RtYdqXg.exe
1756	pejuaop.exe
2216	OyaAWxB.exe
1028	IZDAaSj.exe
2268	vntQLcL.exe
2104	xGKincQ.exe
868	FcRuIih.exe
300	KHyTMhe.exe
1980	gXNhEmd.exe
2132	QSrDNNn.exe
2992	zDNThSN.exe
2576	zofHKgv.exe
2644	KKBJTcF.exe
2560	aLLiWmJ.exe
1648	TwLcjig.exe
852	QDlabYk.exe
320	MdqDDEB.exe
2512	mpJpUOy.exe
1384	WxiqwnK.exe
1524	MzCexiq.exe
3084	fbqFBqp.exe
3128	oaOHmmS.exe
3160	teALOdd.exe
3192	QHTgyaG.exe
3224	AXECgYD.exe
3256	svXYILW.exe
3288	BRvBdZT.exe
3320	TBrGQsQ.exe
3360	jhcnVmZ.exe
3392	snwSClg.exe
2880	EyOGnOe.exe
2092	IAJHqzQ.exe

Loads dropped DLL 64 IoCs

pid	Process
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1764-0-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x000e00000001537c-3.dat	upx
behavioral1/files/0x00060000000191fd-7.dat	upx
behavioral1/files/0x0006000000019220-26.dat	upx
behavioral1/files/0x0008000000019240-36.dat	upx
behavioral1/files/0x000500000001a07b-61.dat	upx
behavioral1/files/0x000500000001a0a1-66.dat	upx
behavioral1/files/0x000500000001a42f-91.dat	upx
behavioral1/files/0x000500000001a48c-112.dat	upx
behavioral1/files/0x000500000001a49c-126.dat	upx
behavioral1/memory/2564-337-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2800-351-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2752-1208-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2356-1207-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/1764-801-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2484-347-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2924-345-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2584-343-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2540-341-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2716-339-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2764-335-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2660-333-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x000500000001a4cc-162.dat	upx
behavioral1/files/0x000500000001a4c8-156.dat	upx
behavioral1/files/0x000500000001a4c4-150.dat	upx
behavioral1/files/0x000500000001a4b7-146.dat	upx
behavioral1/memory/2856-144-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000500000001a4bb-141.dat	upx
behavioral1/files/0x000500000001a4b5-134.dat	upx
behavioral1/files/0x000500000001a48e-116.dat	upx
behavioral1/files/0x000500000001a4ca-170.dat	upx
behavioral1/files/0x000500000001a4c6-169.dat	upx
behavioral1/files/0x000500000001a4c0-168.dat	upx
behavioral1/files/0x000500000001a4ce-166.dat	upx
behavioral1/files/0x000500000001a4aa-131.dat	upx
behavioral1/files/0x000500000001a49a-121.dat	upx
behavioral1/files/0x000500000001a46a-106.dat	upx
behavioral1/files/0x000500000001a434-101.dat	upx
behavioral1/files/0x000500000001a431-96.dat	upx
behavioral1/files/0x000500000001a42d-87.dat	upx
behavioral1/files/0x000500000001a42b-81.dat	upx
behavioral1/files/0x000500000001a345-76.dat	upx
behavioral1/files/0x000500000001a301-71.dat	upx
behavioral1/files/0x000500000001a067-56.dat	upx
behavioral1/files/0x00070000000194bd-47.dat	upx
behavioral1/files/0x0005000000019fb9-50.dat	upx
behavioral1/files/0x0006000000019238-35.dat	upx
behavioral1/memory/2752-34-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x000700000001925d-40.dat	upx
behavioral1/memory/2356-22-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2628-15-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2840-14-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0006000000019217-9.dat	upx
behavioral1/memory/2628-4037-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2856-4044-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2584-4048-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2764-4047-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2484-4046-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2716-4045-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2924-4043-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2540-4042-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2564-4041-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2800-4040-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2660-4039-0x000000013F340000-0x000000013F694000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zofHKgv.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKiGyEd.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtPFogV.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnorjRM.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VefqkJX.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAnNdPu.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNLyGgg.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KydaYKV.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzHHZcG.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAJuvWW.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWINWsp.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhcnVmZ.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWErnEO.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEuJpgU.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysAZYiv.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLNmNMh.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrRCtyc.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEbGpHJ.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHZrXXj.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjbomLd.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmALyop.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoxcgjN.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeLWDNg.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBkDNAv.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CECbDgk.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSPFEJC.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQEPGow.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqUXUeO.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYOEUiJ.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEdpNNI.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFtEXnO.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CldZagB.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDkWNZG.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aITiixT.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\noCMcqJ.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFiqlfo.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGMUJAv.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIEyAaA.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLpGCTP.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ziUeMOb.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLvHlvn.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmGKdQN.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoCZkJo.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbpdtzE.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfEPBTV.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcRaZNG.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUhoEcN.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XofiJeZ.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrmAhwA.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgqObda.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNMrjYS.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIYnYfI.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiIfgMm.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRLdjyO.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaUYLHl.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnzGxAM.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUxzbVt.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQQbCFb.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdIGowH.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfolCCO.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StPdimv.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgJoFNI.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpTKVUj.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQcUPZU.exe	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 2628	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1764 wrote to memory of 2628	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1764 wrote to memory of 2628	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1764 wrote to memory of 2840	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1764 wrote to memory of 2840	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1764 wrote to memory of 2840	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1764 wrote to memory of 2356	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1764 wrote to memory of 2356	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1764 wrote to memory of 2356	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1764 wrote to memory of 2752	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1764 wrote to memory of 2752	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1764 wrote to memory of 2752	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1764 wrote to memory of 2800	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1764 wrote to memory of 2800	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1764 wrote to memory of 2800	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1764 wrote to memory of 2856	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1764 wrote to memory of 2856	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1764 wrote to memory of 2856	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1764 wrote to memory of 2660	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1764 wrote to memory of 2660	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1764 wrote to memory of 2660	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1764 wrote to memory of 2764	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1764 wrote to memory of 2764	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1764 wrote to memory of 2764	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1764 wrote to memory of 2564	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1764 wrote to memory of 2564	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1764 wrote to memory of 2564	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1764 wrote to memory of 2716	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1764 wrote to memory of 2716	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1764 wrote to memory of 2716	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1764 wrote to memory of 2540	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1764 wrote to memory of 2540	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1764 wrote to memory of 2540	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1764 wrote to memory of 2584	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1764 wrote to memory of 2584	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1764 wrote to memory of 2584	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1764 wrote to memory of 2924	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1764 wrote to memory of 2924	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1764 wrote to memory of 2924	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1764 wrote to memory of 2484	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1764 wrote to memory of 2484	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1764 wrote to memory of 2484	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1764 wrote to memory of 1008	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1764 wrote to memory of 1008	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1764 wrote to memory of 1008	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1764 wrote to memory of 1816	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1764 wrote to memory of 1816	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1764 wrote to memory of 1816	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1764 wrote to memory of 2736	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1764 wrote to memory of 2736	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1764 wrote to memory of 2736	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1764 wrote to memory of 1656	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1764 wrote to memory of 1656	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1764 wrote to memory of 1656	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1764 wrote to memory of 2364	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1764 wrote to memory of 2364	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1764 wrote to memory of 2364	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1764 wrote to memory of 1040	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1764 wrote to memory of 1040	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1764 wrote to memory of 1040	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1764 wrote to memory of 640	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1764 wrote to memory of 640	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1764 wrote to memory of 640	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1764 wrote to memory of 1612	1764	2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_82a50b7da1d060dfc2d092e81afea70f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\System\XMAPYVA.exe
  C:\Windows\System\XMAPYVA.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\TUJHLWH.exe
  C:\Windows\System\TUJHLWH.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\PURKCAH.exe
  C:\Windows\System\PURKCAH.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\pWsXIOl.exe
  C:\Windows\System\pWsXIOl.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\eIPuNWD.exe
  C:\Windows\System\eIPuNWD.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\emqhahE.exe
  C:\Windows\System\emqhahE.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\JaGvOVw.exe
  C:\Windows\System\JaGvOVw.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\dRSNCKv.exe
  C:\Windows\System\dRSNCKv.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\IgqNJwl.exe
  C:\Windows\System\IgqNJwl.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\qVYWRIV.exe
  C:\Windows\System\qVYWRIV.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\OHPfuEf.exe
  C:\Windows\System\OHPfuEf.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\inJBfBq.exe
  C:\Windows\System\inJBfBq.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\RziPeeh.exe
  C:\Windows\System\RziPeeh.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\zdkynSV.exe
  C:\Windows\System\zdkynSV.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\OhWZwcZ.exe
  C:\Windows\System\OhWZwcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\tGpyUeL.exe
  C:\Windows\System\tGpyUeL.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\czhbepD.exe
  C:\Windows\System\czhbepD.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\KHyAhiU.exe
  C:\Windows\System\KHyAhiU.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\XYZIsPN.exe
  C:\Windows\System\XYZIsPN.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\fDvtuIu.exe
  C:\Windows\System\fDvtuIu.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\xfcReCr.exe
  C:\Windows\System\xfcReCr.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\HMnPiWd.exe
  C:\Windows\System\HMnPiWd.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\IyiIJhI.exe
  C:\Windows\System\IyiIJhI.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\dJExrvO.exe
  C:\Windows\System\dJExrvO.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\MrftiHt.exe
  C:\Windows\System\MrftiHt.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\EyOGnOe.exe
  C:\Windows\System\EyOGnOe.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\YifoRjx.exe
  C:\Windows\System\YifoRjx.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\IAJHqzQ.exe
  C:\Windows\System\IAJHqzQ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\dyOlehI.exe
  C:\Windows\System\dyOlehI.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\viDkeZK.exe
  C:\Windows\System\viDkeZK.exe
  2⤵
  PID:2884
- C:\Windows\System\pgqObda.exe
  C:\Windows\System\pgqObda.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\OdLNaca.exe
  C:\Windows\System\OdLNaca.exe
  2⤵
  PID:816
- C:\Windows\System\vgstwyE.exe
  C:\Windows\System\vgstwyE.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\myNppMq.exe
  C:\Windows\System\myNppMq.exe
  2⤵
  PID:596
- C:\Windows\System\XAimoCC.exe
  C:\Windows\System\XAimoCC.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\HFIfTRh.exe
  C:\Windows\System\HFIfTRh.exe
  2⤵
  PID:1644
- C:\Windows\System\ctHWLPo.exe
  C:\Windows\System\ctHWLPo.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\KmFphCj.exe
  C:\Windows\System\KmFphCj.exe
  2⤵
  PID:1288
- C:\Windows\System\GKEeanx.exe
  C:\Windows\System\GKEeanx.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\CaUYLHl.exe
  C:\Windows\System\CaUYLHl.exe
  2⤵
  PID:2148
- C:\Windows\System\RtYdqXg.exe
  C:\Windows\System\RtYdqXg.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\SMHOXiP.exe
  C:\Windows\System\SMHOXiP.exe
  2⤵
  PID:1552
- C:\Windows\System\pejuaop.exe
  C:\Windows\System\pejuaop.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\mNRzVxN.exe
  C:\Windows\System\mNRzVxN.exe
  2⤵
  PID:1304
- C:\Windows\System\OyaAWxB.exe
  C:\Windows\System\OyaAWxB.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\kmpCNxO.exe
  C:\Windows\System\kmpCNxO.exe
  2⤵
  PID:1580
- C:\Windows\System\IZDAaSj.exe
  C:\Windows\System\IZDAaSj.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\BIPWPGZ.exe
  C:\Windows\System\BIPWPGZ.exe
  2⤵
  PID:708
- C:\Windows\System\vntQLcL.exe
  C:\Windows\System\vntQLcL.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\WmVfaLj.exe
  C:\Windows\System\WmVfaLj.exe
  2⤵
  PID:2488
- C:\Windows\System\xGKincQ.exe
  C:\Windows\System\xGKincQ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\pvDlryb.exe
  C:\Windows\System\pvDlryb.exe
  2⤵
  PID:1020
- C:\Windows\System\FcRuIih.exe
  C:\Windows\System\FcRuIih.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\CNCJCVs.exe
  C:\Windows\System\CNCJCVs.exe
  2⤵
  PID:1872
- C:\Windows\System\KHyTMhe.exe
  C:\Windows\System\KHyTMhe.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\DvhuTSX.exe
  C:\Windows\System\DvhuTSX.exe
  2⤵
  PID:1152
- C:\Windows\System\gXNhEmd.exe
  C:\Windows\System\gXNhEmd.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\BROHRtQ.exe
  C:\Windows\System\BROHRtQ.exe
  2⤵
  PID:1604
- C:\Windows\System\QSrDNNn.exe
  C:\Windows\System\QSrDNNn.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\LISWpbb.exe
  C:\Windows\System\LISWpbb.exe
  2⤵
  PID:2128
- C:\Windows\System\zDNThSN.exe
  C:\Windows\System\zDNThSN.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\hYjDfdg.exe
  C:\Windows\System\hYjDfdg.exe
  2⤵
  PID:2692
- C:\Windows\System\zofHKgv.exe
  C:\Windows\System\zofHKgv.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\AomlCnF.exe
  C:\Windows\System\AomlCnF.exe
  2⤵
  PID:2676
- C:\Windows\System\KKBJTcF.exe
  C:\Windows\System\KKBJTcF.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\MDBPycd.exe
  C:\Windows\System\MDBPycd.exe
  2⤵
  PID:2568
- C:\Windows\System\aLLiWmJ.exe
  C:\Windows\System\aLLiWmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\olfCJdB.exe
  C:\Windows\System\olfCJdB.exe
  2⤵
  PID:2936
- C:\Windows\System\TwLcjig.exe
  C:\Windows\System\TwLcjig.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\IIsafYr.exe
  C:\Windows\System\IIsafYr.exe
  2⤵
  PID:268
- C:\Windows\System\QDlabYk.exe
  C:\Windows\System\QDlabYk.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\bMbxMPV.exe
  C:\Windows\System\bMbxMPV.exe
  2⤵
  PID:2016
- C:\Windows\System\MdqDDEB.exe
  C:\Windows\System\MdqDDEB.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\SAfcpMH.exe
  C:\Windows\System\SAfcpMH.exe
  2⤵
  PID:2872
- C:\Windows\System\mpJpUOy.exe
  C:\Windows\System\mpJpUOy.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\DYgmFcv.exe
  C:\Windows\System\DYgmFcv.exe
  2⤵
  PID:340
- C:\Windows\System\WxiqwnK.exe
  C:\Windows\System\WxiqwnK.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\IVgFCdL.exe
  C:\Windows\System\IVgFCdL.exe
  2⤵
  PID:2296
- C:\Windows\System\MzCexiq.exe
  C:\Windows\System\MzCexiq.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\MLFmeWc.exe
  C:\Windows\System\MLFmeWc.exe
  2⤵
  PID:1496
- C:\Windows\System\fbqFBqp.exe
  C:\Windows\System\fbqFBqp.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\LDTgUoI.exe
  C:\Windows\System\LDTgUoI.exe
  2⤵
  PID:3112
- C:\Windows\System\oaOHmmS.exe
  C:\Windows\System\oaOHmmS.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\wawdJOJ.exe
  C:\Windows\System\wawdJOJ.exe
  2⤵
  PID:3144
- C:\Windows\System\teALOdd.exe
  C:\Windows\System\teALOdd.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\MRdbnyx.exe
  C:\Windows\System\MRdbnyx.exe
  2⤵
  PID:3176
- C:\Windows\System\QHTgyaG.exe
  C:\Windows\System\QHTgyaG.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\yEGmSsd.exe
  C:\Windows\System\yEGmSsd.exe
  2⤵
  PID:3208
- C:\Windows\System\AXECgYD.exe
  C:\Windows\System\AXECgYD.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\VjcCZOK.exe
  C:\Windows\System\VjcCZOK.exe
  2⤵
  PID:3240
- C:\Windows\System\svXYILW.exe
  C:\Windows\System\svXYILW.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\BkeEkcf.exe
  C:\Windows\System\BkeEkcf.exe
  2⤵
  PID:3272
- C:\Windows\System\BRvBdZT.exe
  C:\Windows\System\BRvBdZT.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\cSNbGVi.exe
  C:\Windows\System\cSNbGVi.exe
  2⤵
  PID:3304
- C:\Windows\System\TBrGQsQ.exe
  C:\Windows\System\TBrGQsQ.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\EiDxUDg.exe
  C:\Windows\System\EiDxUDg.exe
  2⤵
  PID:3344
- C:\Windows\System\jhcnVmZ.exe
  C:\Windows\System\jhcnVmZ.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\FZRtGTZ.exe
  C:\Windows\System\FZRtGTZ.exe
  2⤵
  PID:3376
- C:\Windows\System\snwSClg.exe
  C:\Windows\System\snwSClg.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\CSReSYp.exe
  C:\Windows\System\CSReSYp.exe
  2⤵
  PID:3408
- C:\Windows\System\dOJisHo.exe
  C:\Windows\System\dOJisHo.exe
  2⤵
  PID:3728
- C:\Windows\System\sYWOceX.exe
  C:\Windows\System\sYWOceX.exe
  2⤵
  PID:3748
- C:\Windows\System\URYzlNS.exe
  C:\Windows\System\URYzlNS.exe
  2⤵
  PID:3768
- C:\Windows\System\lZtsDRz.exe
  C:\Windows\System\lZtsDRz.exe
  2⤵
  PID:3788
- C:\Windows\System\zPoErNj.exe
  C:\Windows\System\zPoErNj.exe
  2⤵
  PID:3804
- C:\Windows\System\RyAvflA.exe
  C:\Windows\System\RyAvflA.exe
  2⤵
  PID:3824
- C:\Windows\System\APXfMaW.exe
  C:\Windows\System\APXfMaW.exe
  2⤵
  PID:3840
- C:\Windows\System\NXBKKSs.exe
  C:\Windows\System\NXBKKSs.exe
  2⤵
  PID:3856
- C:\Windows\System\olRPbbf.exe
  C:\Windows\System\olRPbbf.exe
  2⤵
  PID:3872
- C:\Windows\System\TvOLrup.exe
  C:\Windows\System\TvOLrup.exe
  2⤵
  PID:3888
- C:\Windows\System\HuqEsoA.exe
  C:\Windows\System\HuqEsoA.exe
  2⤵
  PID:3904
- C:\Windows\System\omAEKqo.exe
  C:\Windows\System\omAEKqo.exe
  2⤵
  PID:3920
- C:\Windows\System\SDllvNN.exe
  C:\Windows\System\SDllvNN.exe
  2⤵
  PID:3936
- C:\Windows\System\pGiILCL.exe
  C:\Windows\System\pGiILCL.exe
  2⤵
  PID:3956
- C:\Windows\System\zYHSPxC.exe
  C:\Windows\System\zYHSPxC.exe
  2⤵
  PID:3984
- C:\Windows\System\mdDsLMe.exe
  C:\Windows\System\mdDsLMe.exe
  2⤵
  PID:4008
- C:\Windows\System\VqDyxcC.exe
  C:\Windows\System\VqDyxcC.exe
  2⤵
  PID:4028
- C:\Windows\System\bxDtgio.exe
  C:\Windows\System\bxDtgio.exe
  2⤵
  PID:4048
- C:\Windows\System\ghDXENW.exe
  C:\Windows\System\ghDXENW.exe
  2⤵
  PID:4068
- C:\Windows\System\JynXoMX.exe
  C:\Windows\System\JynXoMX.exe
  2⤵
  PID:4092
- C:\Windows\System\CYnsyit.exe
  C:\Windows\System\CYnsyit.exe
  2⤵
  PID:2788
- C:\Windows\System\tYERipP.exe
  C:\Windows\System\tYERipP.exe
  2⤵
  PID:2324
- C:\Windows\System\bllhEAj.exe
  C:\Windows\System\bllhEAj.exe
  2⤵
  PID:1996
- C:\Windows\System\GuvNXmE.exe
  C:\Windows\System\GuvNXmE.exe
  2⤵
  PID:1160
- C:\Windows\System\USOgKUU.exe
  C:\Windows\System\USOgKUU.exe
  2⤵
  PID:2960
- C:\Windows\System\FRFYaEO.exe
  C:\Windows\System\FRFYaEO.exe
  2⤵
  PID:784
- C:\Windows\System\EwimIfd.exe
  C:\Windows\System\EwimIfd.exe
  2⤵
  PID:3108
- C:\Windows\System\KmoUIUN.exe
  C:\Windows\System\KmoUIUN.exe
  2⤵
  PID:2052
- C:\Windows\System\KejjtLd.exe
  C:\Windows\System\KejjtLd.exe
  2⤵
  PID:3200
- C:\Windows\System\ITRTqhp.exe
  C:\Windows\System\ITRTqhp.exe
  2⤵
  PID:3300
- C:\Windows\System\gOcquyg.exe
  C:\Windows\System\gOcquyg.exe
  2⤵
  PID:3368
- C:\Windows\System\TdzTWcV.exe
  C:\Windows\System\TdzTWcV.exe
  2⤵
  PID:2596
- C:\Windows\System\TMOnhNr.exe
  C:\Windows\System\TMOnhNr.exe
  2⤵
  PID:2912
- C:\Windows\System\WNMrjYS.exe
  C:\Windows\System\WNMrjYS.exe
  2⤵
  PID:824
- C:\Windows\System\FfNJGIM.exe
  C:\Windows\System\FfNJGIM.exe
  2⤵
  PID:936
- C:\Windows\System\HncOjrw.exe
  C:\Windows\System\HncOjrw.exe
  2⤵
  PID:1964
- C:\Windows\System\JcDUXnB.exe
  C:\Windows\System\JcDUXnB.exe
  2⤵
  PID:2908
- C:\Windows\System\gAOndmS.exe
  C:\Windows\System\gAOndmS.exe
  2⤵
  PID:2572
- C:\Windows\System\XQboCnK.exe
  C:\Windows\System\XQboCnK.exe
  2⤵
  PID:1992
- C:\Windows\System\FblHxHU.exe
  C:\Windows\System\FblHxHU.exe
  2⤵
  PID:3216
- C:\Windows\System\hEsRwlJ.exe
  C:\Windows\System\hEsRwlJ.exe
  2⤵
  PID:3280
- C:\Windows\System\GsRIUbk.exe
  C:\Windows\System\GsRIUbk.exe
  2⤵
  PID:3352
- C:\Windows\System\mkTecYD.exe
  C:\Windows\System\mkTecYD.exe
  2⤵
  PID:3424
- C:\Windows\System\PHRDpty.exe
  C:\Windows\System\PHRDpty.exe
  2⤵
  PID:3120
- C:\Windows\System\umVpiae.exe
  C:\Windows\System\umVpiae.exe
  2⤵
  PID:1944
- C:\Windows\System\fDjGIIJ.exe
  C:\Windows\System\fDjGIIJ.exe
  2⤵
  PID:2588
- C:\Windows\System\rcyfdcE.exe
  C:\Windows\System\rcyfdcE.exe
  2⤵
  PID:2696
- C:\Windows\System\onnzKow.exe
  C:\Windows\System\onnzKow.exe
  2⤵
  PID:1432
- C:\Windows\System\gOrrgeI.exe
  C:\Windows\System\gOrrgeI.exe
  2⤵
  PID:876
- C:\Windows\System\OAaOGDh.exe
  C:\Windows\System\OAaOGDh.exe
  2⤵
  PID:2108
- C:\Windows\System\kCpumwT.exe
  C:\Windows\System\kCpumwT.exe
  2⤵
  PID:2068
- C:\Windows\System\ekwJJTi.exe
  C:\Windows\System\ekwJJTi.exe
  2⤵
  PID:1148
- C:\Windows\System\xCrfFKx.exe
  C:\Windows\System\xCrfFKx.exe
  2⤵
  PID:3564
- C:\Windows\System\sJsQyJk.exe
  C:\Windows\System\sJsQyJk.exe
  2⤵
  PID:3776
- C:\Windows\System\GYnMsUp.exe
  C:\Windows\System\GYnMsUp.exe
  2⤵
  PID:3816
- C:\Windows\System\OSVAZth.exe
  C:\Windows\System\OSVAZth.exe
  2⤵
  PID:3580
- C:\Windows\System\wRCmIrn.exe
  C:\Windows\System\wRCmIrn.exe
  2⤵
  PID:3596
- C:\Windows\System\KYoCwWF.exe
  C:\Windows\System\KYoCwWF.exe
  2⤵
  PID:3612
- C:\Windows\System\AItArbO.exe
  C:\Windows\System\AItArbO.exe
  2⤵
  PID:3632
- C:\Windows\System\ZeDeKkb.exe
  C:\Windows\System\ZeDeKkb.exe
  2⤵
  PID:3880
- C:\Windows\System\YQdMklu.exe
  C:\Windows\System\YQdMklu.exe
  2⤵
  PID:3884
- C:\Windows\System\SAYWINa.exe
  C:\Windows\System\SAYWINa.exe
  2⤵
  PID:3680
- C:\Windows\System\XGFvZOM.exe
  C:\Windows\System\XGFvZOM.exe
  2⤵
  PID:3700
- C:\Windows\System\SplvcAJ.exe
  C:\Windows\System\SplvcAJ.exe
  2⤵
  PID:3712
- C:\Windows\System\osmzbIR.exe
  C:\Windows\System\osmzbIR.exe
  2⤵
  PID:4000
- C:\Windows\System\qkxuhhV.exe
  C:\Windows\System\qkxuhhV.exe
  2⤵
  PID:3796
- C:\Windows\System\ThZPsGY.exe
  C:\Windows\System\ThZPsGY.exe
  2⤵
  PID:3836
- C:\Windows\System\CEeOcdk.exe
  C:\Windows\System\CEeOcdk.exe
  2⤵
  PID:4076
- C:\Windows\System\CrSeHDI.exe
  C:\Windows\System\CrSeHDI.exe
  2⤵
  PID:2724
- C:\Windows\System\LHlUQmq.exe
  C:\Windows\System\LHlUQmq.exe
  2⤵
  PID:1672
- C:\Windows\System\hoGQDmV.exe
  C:\Windows\System\hoGQDmV.exe
  2⤵
  PID:3172
- C:\Windows\System\ZbzQNrm.exe
  C:\Windows\System\ZbzQNrm.exe
  2⤵
  PID:3236
- C:\Windows\System\RLQoASf.exe
  C:\Windows\System\RLQoASf.exe
  2⤵
  PID:3900
- C:\Windows\System\DDlQsqU.exe
  C:\Windows\System\DDlQsqU.exe
  2⤵
  PID:4020
- C:\Windows\System\mtqLVSg.exe
  C:\Windows\System\mtqLVSg.exe
  2⤵
  PID:4064
- C:\Windows\System\BBartjW.exe
  C:\Windows\System\BBartjW.exe
  2⤵
  PID:3964
- C:\Windows\System\GJOFutW.exe
  C:\Windows\System\GJOFutW.exe
  2⤵
  PID:2124
- C:\Windows\System\ieenpTp.exe
  C:\Windows\System\ieenpTp.exe
  2⤵
  PID:3404
- C:\Windows\System\IObHUrt.exe
  C:\Windows\System\IObHUrt.exe
  2⤵
  PID:1912
- C:\Windows\System\rMleeyx.exe
  C:\Windows\System\rMleeyx.exe
  2⤵
  PID:2720
- C:\Windows\System\bwwcyEY.exe
  C:\Windows\System\bwwcyEY.exe
  2⤵
  PID:1232
- C:\Windows\System\pPSktCk.exe
  C:\Windows\System\pPSktCk.exe
  2⤵
  PID:1368
- C:\Windows\System\TFCvvRJ.exe
  C:\Windows\System\TFCvvRJ.exe
  2⤵
  PID:1372
- C:\Windows\System\iCNCVwt.exe
  C:\Windows\System\iCNCVwt.exe
  2⤵
  PID:1600
- C:\Windows\System\tcGGyRp.exe
  C:\Windows\System\tcGGyRp.exe
  2⤵
  PID:2504
- C:\Windows\System\wQnhUqY.exe
  C:\Windows\System\wQnhUqY.exe
  2⤵
  PID:3416
- C:\Windows\System\dAWtUYs.exe
  C:\Windows\System\dAWtUYs.exe
  2⤵
  PID:332
- C:\Windows\System\aprKnRY.exe
  C:\Windows\System\aprKnRY.exe
  2⤵
  PID:288
- C:\Windows\System\ACFGsXp.exe
  C:\Windows\System\ACFGsXp.exe
  2⤵
  PID:2244
- C:\Windows\System\ZYxccDj.exe
  C:\Windows\System\ZYxccDj.exe
  2⤵
  PID:3568
- C:\Windows\System\TOfAxai.exe
  C:\Windows\System\TOfAxai.exe
  2⤵
  PID:2708
- C:\Windows\System\GhRgGMr.exe
  C:\Windows\System\GhRgGMr.exe
  2⤵
  PID:3676
- C:\Windows\System\jkXspnG.exe
  C:\Windows\System\jkXspnG.exe
  2⤵
  PID:3916
- C:\Windows\System\Dmkhmnj.exe
  C:\Windows\System\Dmkhmnj.exe
  2⤵
  PID:1724
- C:\Windows\System\wJhYzko.exe
  C:\Windows\System\wJhYzko.exe
  2⤵
  PID:3760
- C:\Windows\System\IntEMjR.exe
  C:\Windows\System\IntEMjR.exe
  2⤵
  PID:3168
- C:\Windows\System\WgVnPtz.exe
  C:\Windows\System\WgVnPtz.exe
  2⤵
  PID:3628
- C:\Windows\System\JYBrWHR.exe
  C:\Windows\System\JYBrWHR.exe
  2⤵
  PID:3692
- C:\Windows\System\CcMbnkH.exe
  C:\Windows\System\CcMbnkH.exe
  2⤵
  PID:3932
- C:\Windows\System\KiNQOgu.exe
  C:\Windows\System\KiNQOgu.exe
  2⤵
  PID:3812
- C:\Windows\System\WhCcGzN.exe
  C:\Windows\System\WhCcGzN.exe
  2⤵
  PID:3944
- C:\Windows\System\xkZDiWj.exe
  C:\Windows\System\xkZDiWj.exe
  2⤵
  PID:3996
- C:\Windows\System\UnRzRCL.exe
  C:\Windows\System\UnRzRCL.exe
  2⤵
  PID:3896
- C:\Windows\System\rIEyAaA.exe
  C:\Windows\System\rIEyAaA.exe
  2⤵
  PID:1520
- C:\Windows\System\DXXuQqF.exe
  C:\Windows\System\DXXuQqF.exe
  2⤵
  PID:3140
- C:\Windows\System\YRYyMat.exe
  C:\Windows\System\YRYyMat.exe
  2⤵
  PID:4036
- C:\Windows\System\uCyceOr.exe
  C:\Windows\System\uCyceOr.exe
  2⤵
  PID:2028
- C:\Windows\System\XAIxtJm.exe
  C:\Windows\System\XAIxtJm.exe
  2⤵
  PID:3316
- C:\Windows\System\ajlFWik.exe
  C:\Windows\System\ajlFWik.exe
  2⤵
  PID:3340
- C:\Windows\System\VonZoWs.exe
  C:\Windows\System\VonZoWs.exe
  2⤵
  PID:1188
- C:\Windows\System\BOiYkzc.exe
  C:\Windows\System\BOiYkzc.exe
  2⤵
  PID:3388
- C:\Windows\System\aKoBTGD.exe
  C:\Windows\System\aKoBTGD.exe
  2⤵
  PID:3744
- C:\Windows\System\OCxDhKh.exe
  C:\Windows\System\OCxDhKh.exe
  2⤵
  PID:3848
- C:\Windows\System\cxXFtHd.exe
  C:\Windows\System\cxXFtHd.exe
  2⤵
  PID:2420
- C:\Windows\System\qjcDISk.exe
  C:\Windows\System\qjcDISk.exe
  2⤵
  PID:1876
- C:\Windows\System\VglUMYh.exe
  C:\Windows\System\VglUMYh.exe
  2⤵
  PID:1888
- C:\Windows\System\OnHPRgH.exe
  C:\Windows\System\OnHPRgH.exe
  2⤵
  PID:1668
- C:\Windows\System\KKdGoBj.exe
  C:\Windows\System\KKdGoBj.exe
  2⤵
  PID:3624
- C:\Windows\System\zdrrkMQ.exe
  C:\Windows\System\zdrrkMQ.exe
  2⤵
  PID:3980
- C:\Windows\System\xrFzpqo.exe
  C:\Windows\System\xrFzpqo.exe
  2⤵
  PID:2684
- C:\Windows\System\GdGgQnp.exe
  C:\Windows\System\GdGgQnp.exe
  2⤵
  PID:3588
- C:\Windows\System\FQArRHb.exe
  C:\Windows\System\FQArRHb.exe
  2⤵
  PID:2816
- C:\Windows\System\PlQuhqb.exe
  C:\Windows\System\PlQuhqb.exe
  2⤵
  PID:3296
- C:\Windows\System\RPeklPH.exe
  C:\Windows\System\RPeklPH.exe
  2⤵
  PID:3104
- C:\Windows\System\ZJwRuMW.exe
  C:\Windows\System\ZJwRuMW.exe
  2⤵
  PID:3312
- C:\Windows\System\iMXYvkU.exe
  C:\Windows\System\iMXYvkU.exe
  2⤵
  PID:2516
- C:\Windows\System\oFNygBB.exe
  C:\Windows\System\oFNygBB.exe
  2⤵
  PID:3668
- C:\Windows\System\vXirEzB.exe
  C:\Windows\System\vXirEzB.exe
  2⤵
  PID:2868
- C:\Windows\System\CKiGyEd.exe
  C:\Windows\System\CKiGyEd.exe
  2⤵
  PID:3640
- C:\Windows\System\yVRdxlA.exe
  C:\Windows\System\yVRdxlA.exe
  2⤵
  PID:3912
- C:\Windows\System\SvgXxAx.exe
  C:\Windows\System\SvgXxAx.exe
  2⤵
  PID:3688
- C:\Windows\System\KnSseQm.exe
  C:\Windows\System\KnSseQm.exe
  2⤵
  PID:3976
- C:\Windows\System\tlekhki.exe
  C:\Windows\System\tlekhki.exe
  2⤵
  PID:3724
- C:\Windows\System\IFRPRNi.exe
  C:\Windows\System\IFRPRNi.exe
  2⤵
  PID:4088
- C:\Windows\System\hxOCqsp.exe
  C:\Windows\System\hxOCqsp.exe
  2⤵
  PID:4108
- C:\Windows\System\mtPFogV.exe
  C:\Windows\System\mtPFogV.exe
  2⤵
  PID:4124
- C:\Windows\System\QeupScg.exe
  C:\Windows\System\QeupScg.exe
  2⤵
  PID:4152
- C:\Windows\System\kNJXArz.exe
  C:\Windows\System\kNJXArz.exe
  2⤵
  PID:4172
- C:\Windows\System\mzsNgIs.exe
  C:\Windows\System\mzsNgIs.exe
  2⤵
  PID:4192
- C:\Windows\System\xAbAxLZ.exe
  C:\Windows\System\xAbAxLZ.exe
  2⤵
  PID:4208
- C:\Windows\System\OclAfif.exe
  C:\Windows\System\OclAfif.exe
  2⤵
  PID:4224
- C:\Windows\System\ZzqWEOR.exe
  C:\Windows\System\ZzqWEOR.exe
  2⤵
  PID:4248
- C:\Windows\System\vZukBsW.exe
  C:\Windows\System\vZukBsW.exe
  2⤵
  PID:4268
- C:\Windows\System\dWwzkxX.exe
  C:\Windows\System\dWwzkxX.exe
  2⤵
  PID:4288
- C:\Windows\System\cKwHYLr.exe
  C:\Windows\System\cKwHYLr.exe
  2⤵
  PID:4308
- C:\Windows\System\zbuORTL.exe
  C:\Windows\System\zbuORTL.exe
  2⤵
  PID:4328
- C:\Windows\System\TnzGxAM.exe
  C:\Windows\System\TnzGxAM.exe
  2⤵
  PID:4352
- C:\Windows\System\OOiCTyk.exe
  C:\Windows\System\OOiCTyk.exe
  2⤵
  PID:4376
- C:\Windows\System\tyHoZZo.exe
  C:\Windows\System\tyHoZZo.exe
  2⤵
  PID:4392
- C:\Windows\System\ZYpyHqO.exe
  C:\Windows\System\ZYpyHqO.exe
  2⤵
  PID:4408
- C:\Windows\System\xXUxVnT.exe
  C:\Windows\System\xXUxVnT.exe
  2⤵
  PID:4424
- C:\Windows\System\nLPTaks.exe
  C:\Windows\System\nLPTaks.exe
  2⤵
  PID:4448
- C:\Windows\System\PlQgSUz.exe
  C:\Windows\System\PlQgSUz.exe
  2⤵
  PID:4468
- C:\Windows\System\aNOfcyD.exe
  C:\Windows\System\aNOfcyD.exe
  2⤵
  PID:4492
- C:\Windows\System\VuJFkKj.exe
  C:\Windows\System\VuJFkKj.exe
  2⤵
  PID:4508
- C:\Windows\System\tYCUCyX.exe
  C:\Windows\System\tYCUCyX.exe
  2⤵
  PID:4524
- C:\Windows\System\hAcLoCa.exe
  C:\Windows\System\hAcLoCa.exe
  2⤵
  PID:4540
- C:\Windows\System\IODsLoW.exe
  C:\Windows\System\IODsLoW.exe
  2⤵
  PID:4560
- C:\Windows\System\ntuvgML.exe
  C:\Windows\System\ntuvgML.exe
  2⤵
  PID:4580
- C:\Windows\System\VsZIuTw.exe
  C:\Windows\System\VsZIuTw.exe
  2⤵
  PID:4604
- C:\Windows\System\UgzsKUR.exe
  C:\Windows\System\UgzsKUR.exe
  2⤵
  PID:4640
- C:\Windows\System\oRkhPHH.exe
  C:\Windows\System\oRkhPHH.exe
  2⤵
  PID:4660
- C:\Windows\System\DnnvvUl.exe
  C:\Windows\System\DnnvvUl.exe
  2⤵
  PID:4676
- C:\Windows\System\PlZLKgU.exe
  C:\Windows\System\PlZLKgU.exe
  2⤵
  PID:4700
- C:\Windows\System\fsurIrg.exe
  C:\Windows\System\fsurIrg.exe
  2⤵
  PID:4716
- C:\Windows\System\BLzAgoa.exe
  C:\Windows\System\BLzAgoa.exe
  2⤵
  PID:4736
- C:\Windows\System\nuKABPm.exe
  C:\Windows\System\nuKABPm.exe
  2⤵
  PID:4752
- C:\Windows\System\aLUdtVE.exe
  C:\Windows\System\aLUdtVE.exe
  2⤵
  PID:4768
- C:\Windows\System\kVtwwBr.exe
  C:\Windows\System\kVtwwBr.exe
  2⤵
  PID:4784
- C:\Windows\System\fUxzbVt.exe
  C:\Windows\System\fUxzbVt.exe
  2⤵
  PID:4800
- C:\Windows\System\yHrObEX.exe
  C:\Windows\System\yHrObEX.exe
  2⤵
  PID:4816
- C:\Windows\System\fdrYJcM.exe
  C:\Windows\System\fdrYJcM.exe
  2⤵
  PID:4832
- C:\Windows\System\rKvztzI.exe
  C:\Windows\System\rKvztzI.exe
  2⤵
  PID:4848
- C:\Windows\System\mEbGpHJ.exe
  C:\Windows\System\mEbGpHJ.exe
  2⤵
  PID:4864
- C:\Windows\System\mVZnPBy.exe
  C:\Windows\System\mVZnPBy.exe
  2⤵
  PID:4896
- C:\Windows\System\sLWOSNh.exe
  C:\Windows\System\sLWOSNh.exe
  2⤵
  PID:4912
- C:\Windows\System\mmowkff.exe
  C:\Windows\System\mmowkff.exe
  2⤵
  PID:4932
- C:\Windows\System\CNLyGgg.exe
  C:\Windows\System\CNLyGgg.exe
  2⤵
  PID:4948
- C:\Windows\System\zKWIBwx.exe
  C:\Windows\System\zKWIBwx.exe
  2⤵
  PID:4964
- C:\Windows\System\idKoQnV.exe
  C:\Windows\System\idKoQnV.exe
  2⤵
  PID:4984
- C:\Windows\System\kSlBrxM.exe
  C:\Windows\System\kSlBrxM.exe
  2⤵
  PID:5008
- C:\Windows\System\mcVWnYE.exe
  C:\Windows\System\mcVWnYE.exe
  2⤵
  PID:5028
- C:\Windows\System\zeeWhle.exe
  C:\Windows\System\zeeWhle.exe
  2⤵
  PID:5076
- C:\Windows\System\YtCGjPa.exe
  C:\Windows\System\YtCGjPa.exe
  2⤵
  PID:5096
- C:\Windows\System\ioVjZRU.exe
  C:\Windows\System\ioVjZRU.exe
  2⤵
  PID:5112
- C:\Windows\System\MffktsO.exe
  C:\Windows\System\MffktsO.exe
  2⤵
  PID:3124
- C:\Windows\System\aQCyJZo.exe
  C:\Windows\System\aQCyJZo.exe
  2⤵
  PID:1712
- C:\Windows\System\jUhoEcN.exe
  C:\Windows\System\jUhoEcN.exe
  2⤵
  PID:3604
- C:\Windows\System\vNsQaAy.exe
  C:\Windows\System\vNsQaAy.exe
  2⤵
  PID:2116
- C:\Windows\System\lfyEieY.exe
  C:\Windows\System\lfyEieY.exe
  2⤵
  PID:4116
- C:\Windows\System\xkqVcGw.exe
  C:\Windows\System\xkqVcGw.exe
  2⤵
  PID:4200
- C:\Windows\System\ISMPmyw.exe
  C:\Windows\System\ISMPmyw.exe
  2⤵
  PID:1480
- C:\Windows\System\XofiJeZ.exe
  C:\Windows\System\XofiJeZ.exe
  2⤵
  PID:3764
- C:\Windows\System\JJHLMJe.exe
  C:\Windows\System\JJHLMJe.exe
  2⤵
  PID:4316
- C:\Windows\System\eMtpkSB.exe
  C:\Windows\System\eMtpkSB.exe
  2⤵
  PID:4368
- C:\Windows\System\xWaYkkJ.exe
  C:\Windows\System\xWaYkkJ.exe
  2⤵
  PID:4400
- C:\Windows\System\RmDkeaX.exe
  C:\Windows\System\RmDkeaX.exe
  2⤵
  PID:4132
- C:\Windows\System\jHZrXXj.exe
  C:\Windows\System\jHZrXXj.exe
  2⤵
  PID:4436
- C:\Windows\System\vKBauon.exe
  C:\Windows\System\vKBauon.exe
  2⤵
  PID:4180
- C:\Windows\System\fNcBYdr.exe
  C:\Windows\System\fNcBYdr.exe
  2⤵
  PID:4220
- C:\Windows\System\qBkDNAv.exe
  C:\Windows\System\qBkDNAv.exe
  2⤵
  PID:4300
- C:\Windows\System\xNqpmMh.exe
  C:\Windows\System\xNqpmMh.exe
  2⤵
  PID:4348
- C:\Windows\System\qmcjWGI.exe
  C:\Windows\System\qmcjWGI.exe
  2⤵
  PID:4556
- C:\Windows\System\oLrFWMh.exe
  C:\Windows\System\oLrFWMh.exe
  2⤵
  PID:4648
- C:\Windows\System\TmmKbuY.exe
  C:\Windows\System\TmmKbuY.exe
  2⤵
  PID:4688
- C:\Windows\System\sYWLXQK.exe
  C:\Windows\System\sYWLXQK.exe
  2⤵
  PID:4728
- C:\Windows\System\dHernCQ.exe
  C:\Windows\System\dHernCQ.exe
  2⤵
  PID:4796
- C:\Windows\System\zLtIQbp.exe
  C:\Windows\System\zLtIQbp.exe
  2⤵
  PID:4860
- C:\Windows\System\MMkLjPZ.exe
  C:\Windows\System\MMkLjPZ.exe
  2⤵
  PID:4908
- C:\Windows\System\CWErnEO.exe
  C:\Windows\System\CWErnEO.exe
  2⤵
  PID:4576
- C:\Windows\System\XDRMRsi.exe
  C:\Windows\System\XDRMRsi.exe
  2⤵
  PID:4536
- C:\Windows\System\JrbTpOe.exe
  C:\Windows\System\JrbTpOe.exe
  2⤵
  PID:4616
- C:\Windows\System\pqOALtz.exe
  C:\Windows\System\pqOALtz.exe
  2⤵
  PID:4708
- C:\Windows\System\lIjoaoW.exe
  C:\Windows\System\lIjoaoW.exe
  2⤵
  PID:4980
- C:\Windows\System\FCBjybD.exe
  C:\Windows\System\FCBjybD.exe
  2⤵
  PID:4880
- C:\Windows\System\UaSbLHY.exe
  C:\Windows\System\UaSbLHY.exe
  2⤵
  PID:4992
- C:\Windows\System\xJTUlLQ.exe
  C:\Windows\System\xJTUlLQ.exe
  2⤵
  PID:4956
- C:\Windows\System\vdRtHZL.exe
  C:\Windows\System\vdRtHZL.exe
  2⤵
  PID:4844
- C:\Windows\System\VMBJCJA.exe
  C:\Windows\System\VMBJCJA.exe
  2⤵
  PID:4776
- C:\Windows\System\bfyGFzP.exe
  C:\Windows\System\bfyGFzP.exe
  2⤵
  PID:5040
- C:\Windows\System\nTLeWGB.exe
  C:\Windows\System\nTLeWGB.exe
  2⤵
  PID:5056
- C:\Windows\System\UJVAwbf.exe
  C:\Windows\System\UJVAwbf.exe
  2⤵
  PID:5072
- C:\Windows\System\VkOkSuC.exe
  C:\Windows\System\VkOkSuC.exe
  2⤵
  PID:3708
- C:\Windows\System\eXXniCP.exe
  C:\Windows\System\eXXniCP.exe
  2⤵
  PID:4060
- C:\Windows\System\swlGyBF.exe
  C:\Windows\System\swlGyBF.exe
  2⤵
  PID:4240
- C:\Windows\System\VUtPTDJ.exe
  C:\Windows\System\VUtPTDJ.exe
  2⤵
  PID:4372
- C:\Windows\System\mpBvqcI.exe
  C:\Windows\System\mpBvqcI.exe
  2⤵
  PID:3620
- C:\Windows\System\INlfHJF.exe
  C:\Windows\System\INlfHJF.exe
  2⤵
  PID:4168
- C:\Windows\System\iGklgHm.exe
  C:\Windows\System\iGklgHm.exe
  2⤵
  PID:4144
- C:\Windows\System\kThbOJG.exe
  C:\Windows\System\kThbOJG.exe
  2⤵
  PID:3592
- C:\Windows\System\RVjSdGD.exe
  C:\Windows\System\RVjSdGD.exe
  2⤵
  PID:4360
- C:\Windows\System\xwubREI.exe
  C:\Windows\System\xwubREI.exe
  2⤵
  PID:4264
- C:\Windows\System\ToDHJSj.exe
  C:\Windows\System\ToDHJSj.exe
  2⤵
  PID:4596
- C:\Windows\System\iNorMwm.exe
  C:\Windows\System\iNorMwm.exe
  2⤵
  PID:4732
- C:\Windows\System\CJKPCOL.exe
  C:\Windows\System\CJKPCOL.exe
  2⤵
  PID:4828
- C:\Windows\System\hepQKwQ.exe
  C:\Windows\System\hepQKwQ.exe
  2⤵
  PID:4568
- C:\Windows\System\cSLhiDt.exe
  C:\Windows\System\cSLhiDt.exe
  2⤵
  PID:4504
- C:\Windows\System\SlrLfhb.exe
  C:\Windows\System\SlrLfhb.exe
  2⤵
  PID:4976
- C:\Windows\System\JjEqnlF.exe
  C:\Windows\System\JjEqnlF.exe
  2⤵
  PID:4552
- C:\Windows\System\vmmOAHr.exe
  C:\Windows\System\vmmOAHr.exe
  2⤵
  PID:4652
- C:\Windows\System\JeGLPnH.exe
  C:\Windows\System\JeGLPnH.exe
  2⤵
  PID:4920
- C:\Windows\System\GiELxln.exe
  C:\Windows\System\GiELxln.exe
  2⤵
  PID:4632
- C:\Windows\System\eTJIAed.exe
  C:\Windows\System\eTJIAed.exe
  2⤵
  PID:5092
- C:\Windows\System\GpTKVUj.exe
  C:\Windows\System\GpTKVUj.exe
  2⤵
  PID:5068
- C:\Windows\System\jTpfYLg.exe
  C:\Windows\System\jTpfYLg.exe
  2⤵
  PID:1572
- C:\Windows\System\amUCflD.exe
  C:\Windows\System\amUCflD.exe
  2⤵
  PID:4164
- C:\Windows\System\SzkSzhd.exe
  C:\Windows\System\SzkSzhd.exe
  2⤵
  PID:4484
- C:\Windows\System\XKaHjAn.exe
  C:\Windows\System\XKaHjAn.exe
  2⤵
  PID:4724
- C:\Windows\System\BQErKiN.exe
  C:\Windows\System\BQErKiN.exe
  2⤵
  PID:5128
- C:\Windows\System\rTuIbps.exe
  C:\Windows\System\rTuIbps.exe
  2⤵
  PID:5144
- C:\Windows\System\KNNiklA.exe
  C:\Windows\System\KNNiklA.exe
  2⤵
  PID:5168
- C:\Windows\System\sRDgszd.exe
  C:\Windows\System\sRDgszd.exe
  2⤵
  PID:5188
- C:\Windows\System\tmGKdQN.exe
  C:\Windows\System\tmGKdQN.exe
  2⤵
  PID:5212
- C:\Windows\System\SPIQGuO.exe
  C:\Windows\System\SPIQGuO.exe
  2⤵
  PID:5244
- C:\Windows\System\YMaeQRZ.exe
  C:\Windows\System\YMaeQRZ.exe
  2⤵
  PID:5280
- C:\Windows\System\mUxagmn.exe
  C:\Windows\System\mUxagmn.exe
  2⤵
  PID:5296
- C:\Windows\System\fuPOtKs.exe
  C:\Windows\System\fuPOtKs.exe
  2⤵
  PID:5312
- C:\Windows\System\KfCVRFU.exe
  C:\Windows\System\KfCVRFU.exe
  2⤵
  PID:5328
- C:\Windows\System\vPbCKkZ.exe
  C:\Windows\System\vPbCKkZ.exe
  2⤵
  PID:5356
- C:\Windows\System\vVRxPDv.exe
  C:\Windows\System\vVRxPDv.exe
  2⤵
  PID:5376
- C:\Windows\System\mEagZsr.exe
  C:\Windows\System\mEagZsr.exe
  2⤵
  PID:5392
- C:\Windows\System\hZFYGmS.exe
  C:\Windows\System\hZFYGmS.exe
  2⤵
  PID:5408
- C:\Windows\System\EMPWraL.exe
  C:\Windows\System\EMPWraL.exe
  2⤵
  PID:5428
- C:\Windows\System\kvnNQmU.exe
  C:\Windows\System\kvnNQmU.exe
  2⤵
  PID:5452
- C:\Windows\System\HYazpij.exe
  C:\Windows\System\HYazpij.exe
  2⤵
  PID:5468
- C:\Windows\System\vfGXfdP.exe
  C:\Windows\System\vfGXfdP.exe
  2⤵
  PID:5492
- C:\Windows\System\fQJMzpk.exe
  C:\Windows\System\fQJMzpk.exe
  2⤵
  PID:5512
- C:\Windows\System\WKkAbwv.exe
  C:\Windows\System\WKkAbwv.exe
  2⤵
  PID:5528
- C:\Windows\System\VKNvebo.exe
  C:\Windows\System\VKNvebo.exe
  2⤵
  PID:5548
- C:\Windows\System\cglpPHJ.exe
  C:\Windows\System\cglpPHJ.exe
  2⤵
  PID:5576
- C:\Windows\System\OqwTFbk.exe
  C:\Windows\System\OqwTFbk.exe
  2⤵
  PID:5616
- C:\Windows\System\aBMzbKv.exe
  C:\Windows\System\aBMzbKv.exe
  2⤵
  PID:5636
- C:\Windows\System\OaQsmGv.exe
  C:\Windows\System\OaQsmGv.exe
  2⤵
  PID:5652
- C:\Windows\System\GOgncBh.exe
  C:\Windows\System\GOgncBh.exe
  2⤵
  PID:5676
- C:\Windows\System\UdtWHxl.exe
  C:\Windows\System\UdtWHxl.exe
  2⤵
  PID:5692
- C:\Windows\System\ObHNUUw.exe
  C:\Windows\System\ObHNUUw.exe
  2⤵
  PID:5712
- C:\Windows\System\uMSHPlp.exe
  C:\Windows\System\uMSHPlp.exe
  2⤵
  PID:5728
- C:\Windows\System\wwwwOIb.exe
  C:\Windows\System\wwwwOIb.exe
  2⤵
  PID:5744
- C:\Windows\System\KydaYKV.exe
  C:\Windows\System\KydaYKV.exe
  2⤵
  PID:5764
- C:\Windows\System\OsGWHWo.exe
  C:\Windows\System\OsGWHWo.exe
  2⤵
  PID:5784
- C:\Windows\System\RlmdRpJ.exe
  C:\Windows\System\RlmdRpJ.exe
  2⤵
  PID:5804
- C:\Windows\System\xSevQcD.exe
  C:\Windows\System\xSevQcD.exe
  2⤵
  PID:5820
- C:\Windows\System\xQXRyMg.exe
  C:\Windows\System\xQXRyMg.exe
  2⤵
  PID:5836
- C:\Windows\System\DuaZCpG.exe
  C:\Windows\System\DuaZCpG.exe
  2⤵
  PID:5852
- C:\Windows\System\xLgQied.exe
  C:\Windows\System\xLgQied.exe
  2⤵
  PID:5868
- C:\Windows\System\TRjRuoN.exe
  C:\Windows\System\TRjRuoN.exe
  2⤵
  PID:5884
- C:\Windows\System\JEutxmk.exe
  C:\Windows\System\JEutxmk.exe
  2⤵
  PID:5900
- C:\Windows\System\hXuecaS.exe
  C:\Windows\System\hXuecaS.exe
  2⤵
  PID:5956
- C:\Windows\System\zoXWvgy.exe
  C:\Windows\System\zoXWvgy.exe
  2⤵
  PID:5972
- C:\Windows\System\FpHkqPT.exe
  C:\Windows\System\FpHkqPT.exe
  2⤵
  PID:5992
- C:\Windows\System\ZxIKwEW.exe
  C:\Windows\System\ZxIKwEW.exe
  2⤵
  PID:6012
- C:\Windows\System\GAkJAVf.exe
  C:\Windows\System\GAkJAVf.exe
  2⤵
  PID:6028
- C:\Windows\System\FNECbrB.exe
  C:\Windows\System\FNECbrB.exe
  2⤵
  PID:6044
- C:\Windows\System\hTCWlPg.exe
  C:\Windows\System\hTCWlPg.exe
  2⤵
  PID:6068
- C:\Windows\System\lBbJXQu.exe
  C:\Windows\System\lBbJXQu.exe
  2⤵
  PID:6088
- C:\Windows\System\trKsoAH.exe
  C:\Windows\System\trKsoAH.exe
  2⤵
  PID:6104
- C:\Windows\System\JnorjRM.exe
  C:\Windows\System\JnorjRM.exe
  2⤵
  PID:6120
- C:\Windows\System\ukUWYoF.exe
  C:\Windows\System\ukUWYoF.exe
  2⤵
  PID:6136
- C:\Windows\System\AKeggJW.exe
  C:\Windows\System\AKeggJW.exe
  2⤵
  PID:4628
- C:\Windows\System\KLLFMbF.exe
  C:\Windows\System\KLLFMbF.exe
  2⤵
  PID:3660
- C:\Windows\System\iCMuGgZ.exe
  C:\Windows\System\iCMuGgZ.exe
  2⤵
  PID:5000
- C:\Windows\System\ACGhdOf.exe
  C:\Windows\System\ACGhdOf.exe
  2⤵
  PID:4808
- C:\Windows\System\PePfoeS.exe
  C:\Windows\System\PePfoeS.exe
  2⤵
  PID:3332
- C:\Windows\System\SHLRweB.exe
  C:\Windows\System\SHLRweB.exe
  2⤵
  PID:5184
- C:\Windows\System\OzzeikR.exe
  C:\Windows\System\OzzeikR.exe
  2⤵
  PID:4104
- C:\Windows\System\GmiXvCN.exe
  C:\Windows\System\GmiXvCN.exe
  2⤵
  PID:4140
- C:\Windows\System\hyNiOUd.exe
  C:\Windows\System\hyNiOUd.exe
  2⤵
  PID:4296
- C:\Windows\System\gJTVeLO.exe
  C:\Windows\System\gJTVeLO.exe
  2⤵
  PID:5236
- C:\Windows\System\SOiQrhl.exe
  C:\Windows\System\SOiQrhl.exe
  2⤵
  PID:5292
- C:\Windows\System\nYfsboT.exe
  C:\Windows\System\nYfsboT.exe
  2⤵
  PID:5372
- C:\Windows\System\PFzfJva.exe
  C:\Windows\System\PFzfJva.exe
  2⤵
  PID:3016
- C:\Windows\System\IVvAbWt.exe
  C:\Windows\System\IVvAbWt.exe
  2⤵
  PID:4872
- C:\Windows\System\KoCZkJo.exe
  C:\Windows\System\KoCZkJo.exe
  2⤵
  PID:5164
- C:\Windows\System\gqUXUeO.exe
  C:\Windows\System\gqUXUeO.exe
  2⤵
  PID:5108
- C:\Windows\System\KwZFSsg.exe
  C:\Windows\System\KwZFSsg.exe
  2⤵
  PID:5024
- C:\Windows\System\ruhexsn.exe
  C:\Windows\System\ruhexsn.exe
  2⤵
  PID:4888
- C:\Windows\System\AaWAKLw.exe
  C:\Windows\System\AaWAKLw.exe
  2⤵
  PID:4824
- C:\Windows\System\ebmuOMp.exe
  C:\Windows\System\ebmuOMp.exe
  2⤵
  PID:5440
- C:\Windows\System\FolIJuP.exe
  C:\Windows\System\FolIJuP.exe
  2⤵
  PID:5480
- C:\Windows\System\lYOEUiJ.exe
  C:\Windows\System\lYOEUiJ.exe
  2⤵
  PID:5204
- C:\Windows\System\ZtqIiQQ.exe
  C:\Windows\System\ZtqIiQQ.exe
  2⤵
  PID:5264
- C:\Windows\System\fIXplhh.exe
  C:\Windows\System\fIXplhh.exe
  2⤵
  PID:5276
- C:\Windows\System\cYXLrzl.exe
  C:\Windows\System\cYXLrzl.exe
  2⤵
  PID:5556
- C:\Windows\System\DBxbGEu.exe
  C:\Windows\System\DBxbGEu.exe
  2⤵
  PID:5660
- C:\Windows\System\bxXfLuL.exe
  C:\Windows\System\bxXfLuL.exe
  2⤵
  PID:5700
- C:\Windows\System\VLQuhwj.exe
  C:\Windows\System\VLQuhwj.exe
  2⤵
  PID:5536
- C:\Windows\System\EtGIAnA.exe
  C:\Windows\System\EtGIAnA.exe
  2⤵
  PID:5772
- C:\Windows\System\XAzDysl.exe
  C:\Windows\System\XAzDysl.exe
  2⤵
  PID:5812
- C:\Windows\System\GzzMNOF.exe
  C:\Windows\System\GzzMNOF.exe
  2⤵
  PID:5504
- C:\Windows\System\hjbomLd.exe
  C:\Windows\System\hjbomLd.exe
  2⤵
  PID:5424
- C:\Windows\System\IsUbSjn.exe
  C:\Windows\System\IsUbSjn.exe
  2⤵
  PID:5588
- C:\Windows\System\CZnMBGn.exe
  C:\Windows\System\CZnMBGn.exe
  2⤵
  PID:5848
- C:\Windows\System\bslEHkk.exe
  C:\Windows\System\bslEHkk.exe
  2⤵
  PID:5792
- C:\Windows\System\YlgoANa.exe
  C:\Windows\System\YlgoANa.exe
  2⤵
  PID:5828
- C:\Windows\System\tgzIZGa.exe
  C:\Windows\System\tgzIZGa.exe
  2⤵
  PID:5952
- C:\Windows\System\aZMOtIp.exe
  C:\Windows\System\aZMOtIp.exe
  2⤵
  PID:5912
- C:\Windows\System\CAsKaeU.exe
  C:\Windows\System\CAsKaeU.exe
  2⤵
  PID:6020
- C:\Windows\System\yheCrOv.exe
  C:\Windows\System\yheCrOv.exe
  2⤵
  PID:6064
- C:\Windows\System\tqueFdO.exe
  C:\Windows\System\tqueFdO.exe
  2⤵
  PID:2864
- C:\Windows\System\pLPIEpA.exe
  C:\Windows\System\pLPIEpA.exe
  2⤵
  PID:4748
- C:\Windows\System\HQgqKpr.exe
  C:\Windows\System\HQgqKpr.exe
  2⤵
  PID:4812
- C:\Windows\System\xoloWCy.exe
  C:\Windows\System\xoloWCy.exe
  2⤵
  PID:6116
- C:\Windows\System\TFJqGDN.exe
  C:\Windows\System\TFJqGDN.exe
  2⤵
  PID:6008
- C:\Windows\System\ssUteCn.exe
  C:\Windows\System\ssUteCn.exe
  2⤵
  PID:344
- C:\Windows\System\wpYLxhl.exe
  C:\Windows\System\wpYLxhl.exe
  2⤵
  PID:2828
- C:\Windows\System\nmETUwL.exe
  C:\Windows\System\nmETUwL.exe
  2⤵
  PID:4260
- C:\Windows\System\eKePFUw.exe
  C:\Windows\System\eKePFUw.exe
  2⤵
  PID:2556
- C:\Windows\System\JdCVrpC.exe
  C:\Windows\System\JdCVrpC.exe
  2⤵
  PID:6076
- C:\Windows\System\lynuJNz.exe
  C:\Windows\System\lynuJNz.exe
  2⤵
  PID:2060
- C:\Windows\System\sllnpzh.exe
  C:\Windows\System\sllnpzh.exe
  2⤵
  PID:4668
- C:\Windows\System\oPdnQBz.exe
  C:\Windows\System\oPdnQBz.exe
  2⤵
  PID:2600
- C:\Windows\System\faLXKBw.exe
  C:\Windows\System\faLXKBw.exe
  2⤵
  PID:5444
- C:\Windows\System\YMYacNV.exe
  C:\Windows\System\YMYacNV.exe
  2⤵
  PID:5564
- C:\Windows\System\LciYjnE.exe
  C:\Windows\System\LciYjnE.exe
  2⤵
  PID:1692
- C:\Windows\System\cbBUIwb.exe
  C:\Windows\System\cbBUIwb.exe
  2⤵
  PID:5624
- C:\Windows\System\crbbGLP.exe
  C:\Windows\System\crbbGLP.exe
  2⤵
  PID:5708
- C:\Windows\System\oDCqsPz.exe
  C:\Windows\System\oDCqsPz.exe
  2⤵
  PID:2652
- C:\Windows\System\FgffhAP.exe
  C:\Windows\System\FgffhAP.exe
  2⤵
  PID:4100
- C:\Windows\System\kArqwLS.exe
  C:\Windows\System\kArqwLS.exe
  2⤵
  PID:5600
- C:\Windows\System\KlPAdLS.exe
  C:\Windows\System\KlPAdLS.exe
  2⤵
  PID:5160
- C:\Windows\System\NGBVuyn.exe
  C:\Windows\System\NGBVuyn.exe
  2⤵
  PID:5272
- C:\Windows\System\PVGQnTd.exe
  C:\Windows\System\PVGQnTd.exe
  2⤵
  PID:5344
- C:\Windows\System\dlMTpvx.exe
  C:\Windows\System\dlMTpvx.exe
  2⤵
  PID:5672
- C:\Windows\System\FMJMaAT.exe
  C:\Windows\System\FMJMaAT.exe
  2⤵
  PID:5816
- C:\Windows\System\gjPmkhx.exe
  C:\Windows\System\gjPmkhx.exe
  2⤵
  PID:5880
- C:\Windows\System\JjoFoIY.exe
  C:\Windows\System\JjoFoIY.exe
  2⤵
  PID:2552
- C:\Windows\System\IZlUWqk.exe
  C:\Windows\System\IZlUWqk.exe
  2⤵
  PID:5932
- C:\Windows\System\mDbrnVO.exe
  C:\Windows\System\mDbrnVO.exe
  2⤵
  PID:5724
- C:\Windows\System\yztTzEQ.exe
  C:\Windows\System\yztTzEQ.exe
  2⤵
  PID:3476
- C:\Windows\System\SsGCEHD.exe
  C:\Windows\System\SsGCEHD.exe
  2⤵
  PID:3488
- C:\Windows\System\JkrYbvo.exe
  C:\Windows\System\JkrYbvo.exe
  2⤵
  PID:3484
- C:\Windows\System\lWPUgVT.exe
  C:\Windows\System\lWPUgVT.exe
  2⤵
  PID:6052
- C:\Windows\System\hfJoVwp.exe
  C:\Windows\System\hfJoVwp.exe
  2⤵
  PID:6056
- C:\Windows\System\cmeXwiB.exe
  C:\Windows\System\cmeXwiB.exe
  2⤵
  PID:6132
- C:\Windows\System\maxWMvV.exe
  C:\Windows\System\maxWMvV.exe
  2⤵
  PID:6084
- C:\Windows\System\EexARDa.exe
  C:\Windows\System\EexARDa.exe
  2⤵
  PID:3456
- C:\Windows\System\WQcUPZU.exe
  C:\Windows\System\WQcUPZU.exe
  2⤵
  PID:5964
- C:\Windows\System\QvjtfUL.exe
  C:\Windows\System\QvjtfUL.exe
  2⤵
  PID:1624
- C:\Windows\System\fWzXSsQ.exe
  C:\Windows\System\fWzXSsQ.exe
  2⤵
  PID:1476
- C:\Windows\System\tUGkTcG.exe
  C:\Windows\System\tUGkTcG.exe
  2⤵
  PID:4244
- C:\Windows\System\bgfdLvb.exe
  C:\Windows\System\bgfdLvb.exe
  2⤵
  PID:5232
- C:\Windows\System\hTcRjtG.exe
  C:\Windows\System\hTcRjtG.exe
  2⤵
  PID:5156
- C:\Windows\System\qboDfKv.exe
  C:\Windows\System\qboDfKv.exe
  2⤵
  PID:4340
- C:\Windows\System\gySxmZj.exe
  C:\Windows\System\gySxmZj.exe
  2⤵
  PID:4420
- C:\Windows\System\JzBjIsS.exe
  C:\Windows\System\JzBjIsS.exe
  2⤵
  PID:5200
- C:\Windows\System\pSdlnZG.exe
  C:\Windows\System\pSdlnZG.exe
  2⤵
  PID:3004
- C:\Windows\System\ubZDShR.exe
  C:\Windows\System\ubZDShR.exe
  2⤵
  PID:2004
- C:\Windows\System\hcjKLDO.exe
  C:\Windows\System\hcjKLDO.exe
  2⤵
  PID:5488
- C:\Windows\System\hchZEkT.exe
  C:\Windows\System\hchZEkT.exe
  2⤵
  PID:5584
- C:\Windows\System\kJDhZEp.exe
  C:\Windows\System\kJDhZEp.exe
  2⤵
  PID:5756
- C:\Windows\System\SfMDSNv.exe
  C:\Windows\System\SfMDSNv.exe
  2⤵
  PID:3444
- C:\Windows\System\authqhq.exe
  C:\Windows\System\authqhq.exe
  2⤵
  PID:5944
- C:\Windows\System\jCkWiZJ.exe
  C:\Windows\System\jCkWiZJ.exe
  2⤵
  PID:3512
- C:\Windows\System\ENtzcQu.exe
  C:\Windows\System\ENtzcQu.exe
  2⤵
  PID:5668
- C:\Windows\System\zWBWwOB.exe
  C:\Windows\System\zWBWwOB.exe
  2⤵
  PID:2608
- C:\Windows\System\RRDZDax.exe
  C:\Windows\System\RRDZDax.exe
  2⤵
  PID:5088
- C:\Windows\System\RBqPDtw.exe
  C:\Windows\System\RBqPDtw.exe
  2⤵
  PID:2808
- C:\Windows\System\yizoZxQ.exe
  C:\Windows\System\yizoZxQ.exe
  2⤵
  PID:5400
- C:\Windows\System\TfxGUzF.exe
  C:\Windows\System\TfxGUzF.exe
  2⤵
  PID:976
- C:\Windows\System\GoKghfG.exe
  C:\Windows\System\GoKghfG.exe
  2⤵
  PID:532
- C:\Windows\System\uDHJLRu.exe
  C:\Windows\System\uDHJLRu.exe
  2⤵
  PID:2472
- C:\Windows\System\HOZttXV.exe
  C:\Windows\System\HOZttXV.exe
  2⤵
  PID:5988
- C:\Windows\System\LEdpNNI.exe
  C:\Windows\System\LEdpNNI.exe
  2⤵
  PID:6036
- C:\Windows\System\YgfJQjK.exe
  C:\Windows\System\YgfJQjK.exe
  2⤵
  PID:5776
- C:\Windows\System\NecYzJd.exe
  C:\Windows\System\NecYzJd.exe
  2⤵
  PID:2620
- C:\Windows\System\xAOhfin.exe
  C:\Windows\System\xAOhfin.exe
  2⤵
  PID:680
- C:\Windows\System\iFpjBmm.exe
  C:\Windows\System\iFpjBmm.exe
  2⤵
  PID:4236
- C:\Windows\System\winWjdF.exe
  C:\Windows\System\winWjdF.exe
  2⤵
  PID:5908
- C:\Windows\System\dmqKmXG.exe
  C:\Windows\System\dmqKmXG.exe
  2⤵
  PID:4684
- C:\Windows\System\vAQffzW.exe
  C:\Windows\System\vAQffzW.exe
  2⤵
  PID:2360
- C:\Windows\System\nbvxrXg.exe
  C:\Windows\System\nbvxrXg.exe
  2⤵
  PID:5648
- C:\Windows\System\bJKXEEM.exe
  C:\Windows\System\bJKXEEM.exe
  2⤵
  PID:2288
- C:\Windows\System\cDTSbZq.exe
  C:\Windows\System\cDTSbZq.exe
  2⤵
  PID:5916
- C:\Windows\System\IhzPJdb.exe
  C:\Windows\System\IhzPJdb.exe
  2⤵
  PID:3468
- C:\Windows\System\KjEDMms.exe
  C:\Windows\System\KjEDMms.exe
  2⤵
  PID:5460
- C:\Windows\System\bbBExFe.exe
  C:\Windows\System\bbBExFe.exe
  2⤵
  PID:2404
- C:\Windows\System\UdtExBW.exe
  C:\Windows\System\UdtExBW.exe
  2⤵
  PID:4764
- C:\Windows\System\ZBoQrvx.exe
  C:\Windows\System\ZBoQrvx.exe
  2⤵
  PID:3000
- C:\Windows\System\EvXyaFJ.exe
  C:\Windows\System\EvXyaFJ.exe
  2⤵
  PID:1820
- C:\Windows\System\cTuDQTU.exe
  C:\Windows\System\cTuDQTU.exe
  2⤵
  PID:5544
- C:\Windows\System\dnFuMHh.exe
  C:\Windows\System\dnFuMHh.exe
  2⤵
  PID:2228
- C:\Windows\System\fEnpFnE.exe
  C:\Windows\System\fEnpFnE.exe
  2⤵
  PID:2812
- C:\Windows\System\esvHvNT.exe
  C:\Windows\System\esvHvNT.exe
  2⤵
  PID:5928
- C:\Windows\System\LMVjtDp.exe
  C:\Windows\System\LMVjtDp.exe
  2⤵
  PID:2780
- C:\Windows\System\gSiztaX.exe
  C:\Windows\System\gSiztaX.exe
  2⤵
  PID:3448
- C:\Windows\System\gwxStKo.exe
  C:\Windows\System\gwxStKo.exe
  2⤵
  PID:5896
- C:\Windows\System\gqLBUmn.exe
  C:\Windows\System\gqLBUmn.exe
  2⤵
  PID:2824
- C:\Windows\System\fimXxvE.exe
  C:\Windows\System\fimXxvE.exe
  2⤵
  PID:5136
- C:\Windows\System\TqXtKqc.exe
  C:\Windows\System\TqXtKqc.exe
  2⤵
  PID:2432
- C:\Windows\System\gwXhgNT.exe
  C:\Windows\System\gwXhgNT.exe
  2⤵
  PID:1156
- C:\Windows\System\bnvfEMc.exe
  C:\Windows\System\bnvfEMc.exe
  2⤵
  PID:2272
- C:\Windows\System\bcvYcEn.exe
  C:\Windows\System\bcvYcEn.exe
  2⤵
  PID:2876
- C:\Windows\System\dsiNMip.exe
  C:\Windows\System\dsiNMip.exe
  2⤵
  PID:6000
- C:\Windows\System\vXwMrUR.exe
  C:\Windows\System\vXwMrUR.exe
  2⤵
  PID:4480
- C:\Windows\System\Vnbxexw.exe
  C:\Windows\System\Vnbxexw.exe
  2⤵
  PID:5308
- C:\Windows\System\JCDpjYm.exe
  C:\Windows\System\JCDpjYm.exe
  2⤵
  PID:1632
- C:\Windows\System\ySlIWqc.exe
  C:\Windows\System\ySlIWqc.exe
  2⤵
  PID:5288
- C:\Windows\System\TJxPBhg.exe
  C:\Windows\System\TJxPBhg.exe
  2⤵
  PID:4940
- C:\Windows\System\pgCeXRJ.exe
  C:\Windows\System\pgCeXRJ.exe
  2⤵
  PID:1360
- C:\Windows\System\ORtnlFu.exe
  C:\Windows\System\ORtnlFu.exe
  2⤵
  PID:3452
- C:\Windows\System\JFFfqUO.exe
  C:\Windows\System\JFFfqUO.exe
  2⤵
  PID:2184
- C:\Windows\System\amcmxtw.exe
  C:\Windows\System\amcmxtw.exe
  2⤵
  PID:1344
- C:\Windows\System\dtrYdjQ.exe
  C:\Windows\System\dtrYdjQ.exe
  2⤵
  PID:5084
- C:\Windows\System\WxwIxFG.exe
  C:\Windows\System\WxwIxFG.exe
  2⤵
  PID:1164
- C:\Windows\System\snGNRYN.exe
  C:\Windows\System\snGNRYN.exe
  2⤵
  PID:6152
- C:\Windows\System\CbpdtzE.exe
  C:\Windows\System\CbpdtzE.exe
  2⤵
  PID:6172
- C:\Windows\System\hDDvZMp.exe
  C:\Windows\System\hDDvZMp.exe
  2⤵
  PID:6192
- C:\Windows\System\IindrRV.exe
  C:\Windows\System\IindrRV.exe
  2⤵
  PID:6208
- C:\Windows\System\hygreTd.exe
  C:\Windows\System\hygreTd.exe
  2⤵
  PID:6224
- C:\Windows\System\Tyaowlv.exe
  C:\Windows\System\Tyaowlv.exe
  2⤵
  PID:6240
- C:\Windows\System\kgQSITM.exe
  C:\Windows\System\kgQSITM.exe
  2⤵
  PID:6260
- C:\Windows\System\OIOmvUA.exe
  C:\Windows\System\OIOmvUA.exe
  2⤵
  PID:6280
- C:\Windows\System\ftFysPf.exe
  C:\Windows\System\ftFysPf.exe
  2⤵
  PID:6296
- C:\Windows\System\ecJJilN.exe
  C:\Windows\System\ecJJilN.exe
  2⤵
  PID:6316
- C:\Windows\System\LIRTNiX.exe
  C:\Windows\System\LIRTNiX.exe
  2⤵
  PID:6336
- C:\Windows\System\tPcqSbD.exe
  C:\Windows\System\tPcqSbD.exe
  2⤵
  PID:6352
- C:\Windows\System\QVwVvdi.exe
  C:\Windows\System\QVwVvdi.exe
  2⤵
  PID:6376
- C:\Windows\System\QKRWBCD.exe
  C:\Windows\System\QKRWBCD.exe
  2⤵
  PID:6392
- C:\Windows\System\FqLYhsc.exe
  C:\Windows\System\FqLYhsc.exe
  2⤵
  PID:6412
- C:\Windows\System\CECbDgk.exe
  C:\Windows\System\CECbDgk.exe
  2⤵
  PID:6432
- C:\Windows\System\xfiSRCb.exe
  C:\Windows\System\xfiSRCb.exe
  2⤵
  PID:6448
- C:\Windows\System\fflJzWs.exe
  C:\Windows\System\fflJzWs.exe
  2⤵
  PID:6464
- C:\Windows\System\gqbOxeW.exe
  C:\Windows\System\gqbOxeW.exe
  2⤵
  PID:6480
- C:\Windows\System\zQypkey.exe
  C:\Windows\System\zQypkey.exe
  2⤵
  PID:6496
- C:\Windows\System\MZBqAGm.exe
  C:\Windows\System\MZBqAGm.exe
  2⤵
  PID:6516
- C:\Windows\System\UpNGqMn.exe
  C:\Windows\System\UpNGqMn.exe
  2⤵
  PID:6532
- C:\Windows\System\qdSQAWN.exe
  C:\Windows\System\qdSQAWN.exe
  2⤵
  PID:6552
- C:\Windows\System\wNWWxkS.exe
  C:\Windows\System\wNWWxkS.exe
  2⤵
  PID:6568
- C:\Windows\System\szFEvKD.exe
  C:\Windows\System\szFEvKD.exe
  2⤵
  PID:6584
- C:\Windows\System\XFWchdF.exe
  C:\Windows\System\XFWchdF.exe
  2⤵
  PID:6600
- C:\Windows\System\rYdVNzN.exe
  C:\Windows\System\rYdVNzN.exe
  2⤵
  PID:6616
- C:\Windows\System\bmEPblY.exe
  C:\Windows\System\bmEPblY.exe
  2⤵
  PID:6636
- C:\Windows\System\hSffMmM.exe
  C:\Windows\System\hSffMmM.exe
  2⤵
  PID:6660
- C:\Windows\System\LQmCcHt.exe
  C:\Windows\System\LQmCcHt.exe
  2⤵
  PID:6680
- C:\Windows\System\lVOyXvf.exe
  C:\Windows\System\lVOyXvf.exe
  2⤵
  PID:6700
- C:\Windows\System\TYxZXBY.exe
  C:\Windows\System\TYxZXBY.exe
  2⤵
  PID:6720
- C:\Windows\System\tmEBHys.exe
  C:\Windows\System\tmEBHys.exe
  2⤵
  PID:6736
- C:\Windows\System\uJAflsG.exe
  C:\Windows\System\uJAflsG.exe
  2⤵
  PID:6752
- C:\Windows\System\GzHHZcG.exe
  C:\Windows\System\GzHHZcG.exe
  2⤵
  PID:6772
- C:\Windows\System\DTpzwtM.exe
  C:\Windows\System\DTpzwtM.exe
  2⤵
  PID:6788
- C:\Windows\System\vimuIyM.exe
  C:\Windows\System\vimuIyM.exe
  2⤵
  PID:6804
- C:\Windows\System\nlfuBgB.exe
  C:\Windows\System\nlfuBgB.exe
  2⤵
  PID:6820
- C:\Windows\System\ZlrqExK.exe
  C:\Windows\System\ZlrqExK.exe
  2⤵
  PID:6872
- C:\Windows\System\SPgEchL.exe
  C:\Windows\System\SPgEchL.exe
  2⤵
  PID:6888
- C:\Windows\System\RFtEXnO.exe
  C:\Windows\System\RFtEXnO.exe
  2⤵
  PID:6920
- C:\Windows\System\UwoPSAj.exe
  C:\Windows\System\UwoPSAj.exe
  2⤵
  PID:6948
- C:\Windows\System\qoqGhdP.exe
  C:\Windows\System\qoqGhdP.exe
  2⤵
  PID:6964
- C:\Windows\System\hmSBAWT.exe
  C:\Windows\System\hmSBAWT.exe
  2⤵
  PID:6984
- C:\Windows\System\KJqjsXJ.exe
  C:\Windows\System\KJqjsXJ.exe
  2⤵
  PID:7004
- C:\Windows\System\CuuaIqG.exe
  C:\Windows\System\CuuaIqG.exe
  2⤵
  PID:7024
- C:\Windows\System\fpYjqdm.exe
  C:\Windows\System\fpYjqdm.exe
  2⤵
  PID:7044
- C:\Windows\System\QnXsUwd.exe
  C:\Windows\System\QnXsUwd.exe
  2⤵
  PID:7064
- C:\Windows\System\zwxjFrr.exe
  C:\Windows\System\zwxjFrr.exe
  2⤵
  PID:7084
- C:\Windows\System\alBXkgU.exe
  C:\Windows\System\alBXkgU.exe
  2⤵
  PID:7104
- C:\Windows\System\JOAXrxu.exe
  C:\Windows\System\JOAXrxu.exe
  2⤵
  PID:7164
- C:\Windows\System\QoipAzH.exe
  C:\Windows\System\QoipAzH.exe
  2⤵
  PID:6148
- C:\Windows\System\eImUZmU.exe
  C:\Windows\System\eImUZmU.exe
  2⤵
  PID:6188
- C:\Windows\System\xloBiWS.exe
  C:\Windows\System\xloBiWS.exe
  2⤵
  PID:6256
- C:\Windows\System\uxJhsIi.exe
  C:\Windows\System\uxJhsIi.exe
  2⤵
  PID:6324
- C:\Windows\System\HnSzGGW.exe
  C:\Windows\System\HnSzGGW.exe
  2⤵
  PID:6372
- C:\Windows\System\zwnuNsc.exe
  C:\Windows\System\zwnuNsc.exe
  2⤵
  PID:6368
- C:\Windows\System\NbvEnid.exe
  C:\Windows\System\NbvEnid.exe
  2⤵
  PID:6612
- C:\Windows\System\KykurJS.exe
  C:\Windows\System\KykurJS.exe
  2⤵
  PID:6688
- C:\Windows\System\sePlpnS.exe
  C:\Windows\System\sePlpnS.exe
  2⤵
  PID:1220
- C:\Windows\System\WNXoiBh.exe
  C:\Windows\System\WNXoiBh.exe
  2⤵
  PID:6768
- C:\Windows\System\wnWqxjw.exe
  C:\Windows\System\wnWqxjw.exe
  2⤵
  PID:6836
- C:\Windows\System\bHwNnLH.exe
  C:\Windows\System\bHwNnLH.exe
  2⤵
  PID:6852
- C:\Windows\System\ZfkBXhl.exe
  C:\Windows\System\ZfkBXhl.exe
  2⤵
  PID:6864
- C:\Windows\System\gdOoHcf.exe
  C:\Windows\System\gdOoHcf.exe
  2⤵
  PID:6900
- C:\Windows\System\RzSmLXY.exe
  C:\Windows\System\RzSmLXY.exe
  2⤵
  PID:6916
- C:\Windows\System\uLOUQPs.exe
  C:\Windows\System\uLOUQPs.exe
  2⤵
  PID:7080
- C:\Windows\System\ogSUXJC.exe
  C:\Windows\System\ogSUXJC.exe
  2⤵
  PID:448
- C:\Windows\System\awLlQXC.exe
  C:\Windows\System\awLlQXC.exe
  2⤵
  PID:2240
- C:\Windows\System\OZQeYif.exe
  C:\Windows\System\OZQeYif.exe
  2⤵
  PID:6164
- C:\Windows\System\jzZIVWC.exe
  C:\Windows\System\jzZIVWC.exe
  2⤵
  PID:7148
- C:\Windows\System\qksHJnA.exe
  C:\Windows\System\qksHJnA.exe
  2⤵
  PID:6180
- C:\Windows\System\zkCueVG.exe
  C:\Windows\System\zkCueVG.exe
  2⤵
  PID:6252
- C:\Windows\System\WWPbPtT.exe
  C:\Windows\System\WWPbPtT.exe
  2⤵
  PID:6236
- C:\Windows\System\ziuMYJF.exe
  C:\Windows\System\ziuMYJF.exe
  2⤵
  PID:6304
- C:\Windows\System\uWWNrxT.exe
  C:\Windows\System\uWWNrxT.exe
  2⤵
  PID:6348
- C:\Windows\System\rdIZpsZ.exe
  C:\Windows\System\rdIZpsZ.exe
  2⤵
  PID:6424
- C:\Windows\System\gsvMwPL.exe
  C:\Windows\System\gsvMwPL.exe
  2⤵
  PID:6488
- C:\Windows\System\dIHxAjF.exe
  C:\Windows\System\dIHxAjF.exe
  2⤵
  PID:6564
- C:\Windows\System\ikRSmAV.exe
  C:\Windows\System\ikRSmAV.exe
  2⤵
  PID:6628
- C:\Windows\System\lQqceba.exe
  C:\Windows\System\lQqceba.exe
  2⤵
  PID:6676
- C:\Windows\System\eVaLOqO.exe
  C:\Windows\System\eVaLOqO.exe
  2⤵
  PID:6748
- C:\Windows\System\HBgWukl.exe
  C:\Windows\System\HBgWukl.exe
  2⤵
  PID:6816
- C:\Windows\System\lrfxGpa.exe
  C:\Windows\System\lrfxGpa.exe
  2⤵
  PID:6932
- C:\Windows\System\IQQbCFb.exe
  C:\Windows\System\IQQbCFb.exe
  2⤵
  PID:6980
- C:\Windows\System\GWzfOCo.exe
  C:\Windows\System\GWzfOCo.exe
  2⤵
  PID:7060
- C:\Windows\System\xQEGpat.exe
  C:\Windows\System\xQEGpat.exe
  2⤵
  PID:3464
- C:\Windows\System\AahtnPf.exe
  C:\Windows\System\AahtnPf.exe
  2⤵
  PID:6440
- C:\Windows\System\rBcsaek.exe
  C:\Windows\System\rBcsaek.exe
  2⤵
  PID:6508
- C:\Windows\System\QFOAjlB.exe
  C:\Windows\System\QFOAjlB.exe
  2⤵
  PID:6576
- C:\Windows\System\rwwduLx.exe
  C:\Windows\System\rwwduLx.exe
  2⤵
  PID:6648
- C:\Windows\System\ExfCuNq.exe
  C:\Windows\System\ExfCuNq.exe
  2⤵
  PID:6764
- C:\Windows\System\oiswShx.exe
  C:\Windows\System\oiswShx.exe
  2⤵
  PID:6868
- C:\Windows\System\fWpnIyz.exe
  C:\Windows\System\fWpnIyz.exe
  2⤵
  PID:6960
- C:\Windows\System\wyaaSTW.exe
  C:\Windows\System\wyaaSTW.exe
  2⤵
  PID:7036
- C:\Windows\System\lsThOLF.exe
  C:\Windows\System\lsThOLF.exe
  2⤵
  PID:6860
- C:\Windows\System\qrocSaK.exe
  C:\Windows\System\qrocSaK.exe
  2⤵
  PID:6912
- C:\Windows\System\LVERhBX.exe
  C:\Windows\System\LVERhBX.exe
  2⤵
  PID:7120
- C:\Windows\System\FXBJSFW.exe
  C:\Windows\System\FXBJSFW.exe
  2⤵
  PID:6200
- C:\Windows\System\swmeFht.exe
  C:\Windows\System\swmeFht.exe
  2⤵
  PID:7132
- C:\Windows\System\AOWKHKE.exe
  C:\Windows\System\AOWKHKE.exe
  2⤵
  PID:6388
- C:\Windows\System\jmALyop.exe
  C:\Windows\System\jmALyop.exe
  2⤵
  PID:6672
- C:\Windows\System\PNBiMeG.exe
  C:\Windows\System\PNBiMeG.exe
  2⤵
  PID:6972
- C:\Windows\System\nfuiTSn.exe
  C:\Windows\System\nfuiTSn.exe
  2⤵
  PID:6940
- C:\Windows\System\nBjqkYr.exe
  C:\Windows\System\nBjqkYr.exe
  2⤵
  PID:6456
- C:\Windows\System\kxfzAPr.exe
  C:\Windows\System\kxfzAPr.exe
  2⤵
  PID:6312
- C:\Windows\System\VjldtWs.exe
  C:\Windows\System\VjldtWs.exe
  2⤵
  PID:6716
- C:\Windows\System\cWEXdul.exe
  C:\Windows\System\cWEXdul.exe
  2⤵
  PID:7020
- C:\Windows\System\mFWQtDx.exe
  C:\Windows\System\mFWQtDx.exe
  2⤵
  PID:6332
- C:\Windows\System\tNhezqt.exe
  C:\Windows\System\tNhezqt.exe
  2⤵
  PID:6992
- C:\Windows\System\vTLjvUT.exe
  C:\Windows\System\vTLjvUT.exe
  2⤵
  PID:1900
- C:\Windows\System\TVQekYV.exe
  C:\Windows\System\TVQekYV.exe
  2⤵
  PID:6560
- C:\Windows\System\zLhkAxu.exe
  C:\Windows\System\zLhkAxu.exe
  2⤵
  PID:6476
- C:\Windows\System\HWiaFhe.exe
  C:\Windows\System\HWiaFhe.exe
  2⤵
  PID:2380
- C:\Windows\System\lKOwejZ.exe
  C:\Windows\System\lKOwejZ.exe
  2⤵
  PID:6544
- C:\Windows\System\CyqQreb.exe
  C:\Windows\System\CyqQreb.exe
  2⤵
  PID:6460
- C:\Windows\System\OBasLws.exe
  C:\Windows\System\OBasLws.exe
  2⤵
  PID:6364
- C:\Windows\System\EupVCvP.exe
  C:\Windows\System\EupVCvP.exe
  2⤵
  PID:6996
- C:\Windows\System\LNotBid.exe
  C:\Windows\System\LNotBid.exe
  2⤵
  PID:6472
- C:\Windows\System\IolXuCk.exe
  C:\Windows\System\IolXuCk.exe
  2⤵
  PID:6928
- C:\Windows\System\UPXkvbu.exe
  C:\Windows\System\UPXkvbu.exe
  2⤵
  PID:7188
- C:\Windows\System\luNfSqY.exe
  C:\Windows\System\luNfSqY.exe
  2⤵
  PID:7204
- C:\Windows\System\lUBwEwm.exe
  C:\Windows\System\lUBwEwm.exe
  2⤵
  PID:7224
- C:\Windows\System\fZvufIu.exe
  C:\Windows\System\fZvufIu.exe
  2⤵
  PID:7244
- C:\Windows\System\miAqOkf.exe
  C:\Windows\System\miAqOkf.exe
  2⤵
  PID:7260
- C:\Windows\System\bGSKVNZ.exe
  C:\Windows\System\bGSKVNZ.exe
  2⤵
  PID:7276
- C:\Windows\System\aHLAfLd.exe
  C:\Windows\System\aHLAfLd.exe
  2⤵
  PID:7292
- C:\Windows\System\XgZPaDU.exe
  C:\Windows\System\XgZPaDU.exe
  2⤵
  PID:7308
- C:\Windows\System\CWZaXoU.exe
  C:\Windows\System\CWZaXoU.exe
  2⤵
  PID:7328
- C:\Windows\System\gMGUGGy.exe
  C:\Windows\System\gMGUGGy.exe
  2⤵
  PID:7376
- C:\Windows\System\SfYmbtV.exe
  C:\Windows\System\SfYmbtV.exe
  2⤵
  PID:7392
- C:\Windows\System\hZSmaWT.exe
  C:\Windows\System\hZSmaWT.exe
  2⤵
  PID:7408
- C:\Windows\System\bfNHcKJ.exe
  C:\Windows\System\bfNHcKJ.exe
  2⤵
  PID:7424
- C:\Windows\System\ievrLOr.exe
  C:\Windows\System\ievrLOr.exe
  2⤵
  PID:7444
- C:\Windows\System\rkkRQNF.exe
  C:\Windows\System\rkkRQNF.exe
  2⤵
  PID:7464
- C:\Windows\System\pAtmztF.exe
  C:\Windows\System\pAtmztF.exe
  2⤵
  PID:7484
- C:\Windows\System\CldZagB.exe
  C:\Windows\System\CldZagB.exe
  2⤵
  PID:7500
- C:\Windows\System\BpptFjK.exe
  C:\Windows\System\BpptFjK.exe
  2⤵
  PID:7516
- C:\Windows\System\poXSwSN.exe
  C:\Windows\System\poXSwSN.exe
  2⤵
  PID:7536
- C:\Windows\System\HjMAcHm.exe
  C:\Windows\System\HjMAcHm.exe
  2⤵
  PID:7552
- C:\Windows\System\YwIKIou.exe
  C:\Windows\System\YwIKIou.exe
  2⤵
  PID:7596
- C:\Windows\System\FBHSOBj.exe
  C:\Windows\System\FBHSOBj.exe
  2⤵
  PID:7616
- C:\Windows\System\FVYJKiH.exe
  C:\Windows\System\FVYJKiH.exe
  2⤵
  PID:7632
- C:\Windows\System\cLHfXLL.exe
  C:\Windows\System\cLHfXLL.exe
  2⤵
  PID:7648
- C:\Windows\System\RCJZeAs.exe
  C:\Windows\System\RCJZeAs.exe
  2⤵
  PID:7664
- C:\Windows\System\AqkLFxJ.exe
  C:\Windows\System\AqkLFxJ.exe
  2⤵
  PID:7696
- C:\Windows\System\ZoxcgjN.exe
  C:\Windows\System\ZoxcgjN.exe
  2⤵
  PID:7716
- C:\Windows\System\bwCkyIW.exe
  C:\Windows\System\bwCkyIW.exe
  2⤵
  PID:7732
- C:\Windows\System\XLWCUmK.exe
  C:\Windows\System\XLWCUmK.exe
  2⤵
  PID:7748
- C:\Windows\System\ZdfzMXp.exe
  C:\Windows\System\ZdfzMXp.exe
  2⤵
  PID:7768
- C:\Windows\System\lFwTJDh.exe
  C:\Windows\System\lFwTJDh.exe
  2⤵
  PID:7784
- C:\Windows\System\yvEZhEe.exe
  C:\Windows\System\yvEZhEe.exe
  2⤵
  PID:7812
- C:\Windows\System\HCYvvbQ.exe
  C:\Windows\System\HCYvvbQ.exe
  2⤵
  PID:7828
- C:\Windows\System\veSheYX.exe
  C:\Windows\System\veSheYX.exe
  2⤵
  PID:7844
- C:\Windows\System\OgmJTED.exe
  C:\Windows\System\OgmJTED.exe
  2⤵
  PID:7860
- C:\Windows\System\VlDdXdr.exe
  C:\Windows\System\VlDdXdr.exe
  2⤵
  PID:7876
- C:\Windows\System\FjJrMRj.exe
  C:\Windows\System\FjJrMRj.exe
  2⤵
  PID:7892
- C:\Windows\System\wOaAXSx.exe
  C:\Windows\System\wOaAXSx.exe
  2⤵
  PID:7908
- C:\Windows\System\PNoRbLI.exe
  C:\Windows\System\PNoRbLI.exe
  2⤵
  PID:7928
- C:\Windows\System\LEuJpgU.exe
  C:\Windows\System\LEuJpgU.exe
  2⤵
  PID:7956
- C:\Windows\System\kOZKTiX.exe
  C:\Windows\System\kOZKTiX.exe
  2⤵
  PID:7976
- C:\Windows\System\PCgvDNt.exe
  C:\Windows\System\PCgvDNt.exe
  2⤵
  PID:7996
- C:\Windows\System\qgXIQIQ.exe
  C:\Windows\System\qgXIQIQ.exe
  2⤵
  PID:8016
- C:\Windows\System\hvyEhyC.exe
  C:\Windows\System\hvyEhyC.exe
  2⤵
  PID:8036
- C:\Windows\System\YDyPqXR.exe
  C:\Windows\System\YDyPqXR.exe
  2⤵
  PID:8052
- C:\Windows\System\fSqwGtt.exe
  C:\Windows\System\fSqwGtt.exe
  2⤵
  PID:8072
- C:\Windows\System\dEMQmrK.exe
  C:\Windows\System\dEMQmrK.exe
  2⤵
  PID:8088
- C:\Windows\System\nHXxkMq.exe
  C:\Windows\System\nHXxkMq.exe
  2⤵
  PID:8108
- C:\Windows\System\JznfkRD.exe
  C:\Windows\System\JznfkRD.exe
  2⤵
  PID:8124
- C:\Windows\System\OtLhOkF.exe
  C:\Windows\System\OtLhOkF.exe
  2⤵
  PID:8176
- C:\Windows\System\rnUCNim.exe
  C:\Windows\System\rnUCNim.exe
  2⤵
  PID:5340
- C:\Windows\System\LgIDpab.exe
  C:\Windows\System\LgIDpab.exe
  2⤵
  PID:6444
- C:\Windows\System\xMWpeUi.exe
  C:\Windows\System\xMWpeUi.exe
  2⤵
  PID:7140
- C:\Windows\System\gXBIciT.exe
  C:\Windows\System\gXBIciT.exe
  2⤵
  PID:4432
- C:\Windows\System\zennWnV.exe
  C:\Windows\System\zennWnV.exe
  2⤵
  PID:6908
- C:\Windows\System\tfgdhlu.exe
  C:\Windows\System\tfgdhlu.exe
  2⤵
  PID:7184
- C:\Windows\System\cBKJByI.exe
  C:\Windows\System\cBKJByI.exe
  2⤵
  PID:7256
- C:\Windows\System\aofmOgO.exe
  C:\Windows\System\aofmOgO.exe
  2⤵
  PID:7324
- C:\Windows\System\gVyuWAC.exe
  C:\Windows\System\gVyuWAC.exe
  2⤵
  PID:2852
- C:\Windows\System\xybzZxL.exe
  C:\Windows\System\xybzZxL.exe
  2⤵
  PID:7240
- C:\Windows\System\FuypeUW.exe
  C:\Windows\System\FuypeUW.exe
  2⤵
  PID:7348
- C:\Windows\System\PsrJJdI.exe
  C:\Windows\System\PsrJJdI.exe
  2⤵
  PID:7416
- C:\Windows\System\GvQfAtH.exe
  C:\Windows\System\GvQfAtH.exe
  2⤵
  PID:7460
- C:\Windows\System\HZfTHgc.exe
  C:\Windows\System\HZfTHgc.exe
  2⤵
  PID:7528
- C:\Windows\System\rFskcKx.exe
  C:\Windows\System\rFskcKx.exe
  2⤵
  PID:7404
- C:\Windows\System\AFmWNod.exe
  C:\Windows\System\AFmWNod.exe
  2⤵
  PID:7440
- C:\Windows\System\rKFPtYj.exe
  C:\Windows\System\rKFPtYj.exe
  2⤵
  PID:7512
- C:\Windows\System\WzMfHOV.exe
  C:\Windows\System\WzMfHOV.exe
  2⤵
  PID:7588
- C:\Windows\System\dyUlkep.exe
  C:\Windows\System\dyUlkep.exe
  2⤵
  PID:7612
- C:\Windows\System\Cngcjzo.exe
  C:\Windows\System\Cngcjzo.exe
  2⤵
  PID:7640
- C:\Windows\System\iRQvmHr.exe
  C:\Windows\System\iRQvmHr.exe
  2⤵
  PID:7684
- C:\Windows\System\welXqze.exe
  C:\Windows\System\welXqze.exe
  2⤵
  PID:7656
- C:\Windows\System\koorOAu.exe
  C:\Windows\System\koorOAu.exe
  2⤵
  PID:7792
- C:\Windows\System\psqfinB.exe
  C:\Windows\System\psqfinB.exe
  2⤵
  PID:7728
- C:\Windows\System\RkhegBb.exe
  C:\Windows\System\RkhegBb.exe
  2⤵
  PID:7776
- C:\Windows\System\HzMwTmc.exe
  C:\Windows\System\HzMwTmc.exe
  2⤵
  PID:7856
- C:\Windows\System\WayDDTp.exe
  C:\Windows\System\WayDDTp.exe
  2⤵
  PID:7920
- C:\Windows\System\eQEvLjK.exe
  C:\Windows\System\eQEvLjK.exe
  2⤵
  PID:7972
- C:\Windows\System\rwAdCkr.exe
  C:\Windows\System\rwAdCkr.exe
  2⤵
  PID:8048
- C:\Windows\System\yozKuwk.exe
  C:\Windows\System\yozKuwk.exe
  2⤵
  PID:7900
- C:\Windows\System\HcyYqin.exe
  C:\Windows\System\HcyYqin.exe
  2⤵
  PID:8032
- C:\Windows\System\fzWJDEu.exe
  C:\Windows\System\fzWJDEu.exe
  2⤵
  PID:8100
- C:\Windows\System\qSPFEJC.exe
  C:\Windows\System\qSPFEJC.exe
  2⤵
  PID:8068
- C:\Windows\System\AqBXTNC.exe
  C:\Windows\System\AqBXTNC.exe
  2⤵
  PID:7872
- C:\Windows\System\tkIdLLc.exe
  C:\Windows\System\tkIdLLc.exe
  2⤵
  PID:7952
- C:\Windows\System\nkkianX.exe
  C:\Windows\System\nkkianX.exe
  2⤵
  PID:8140
- C:\Windows\System\envNnxI.exe
  C:\Windows\System\envNnxI.exe
  2⤵
  PID:7124
- C:\Windows\System\GXtQsHP.exe
  C:\Windows\System\GXtQsHP.exe
  2⤵
  PID:8164
- C:\Windows\System\HLxRUai.exe
  C:\Windows\System\HLxRUai.exe
  2⤵
  PID:6760
- C:\Windows\System\NYpzFpO.exe
  C:\Windows\System\NYpzFpO.exe
  2⤵
  PID:7096
- C:\Windows\System\JvyDWFP.exe
  C:\Windows\System\JvyDWFP.exe
  2⤵
  PID:6692
- C:\Windows\System\qjqCQUG.exe
  C:\Windows\System\qjqCQUG.exe
  2⤵
  PID:6828
- C:\Windows\System\VefqkJX.exe
  C:\Windows\System\VefqkJX.exe
  2⤵
  PID:7288
- C:\Windows\System\taliYhp.exe
  C:\Windows\System\taliYhp.exe
  2⤵
  PID:7388
- C:\Windows\System\FEVbXYB.exe
  C:\Windows\System\FEVbXYB.exe
  2⤵
  PID:7560
- C:\Windows\System\TUKmQTS.exe
  C:\Windows\System\TUKmQTS.exe
  2⤵
  PID:7400
- C:\Windows\System\gVDGXoo.exe
  C:\Windows\System\gVDGXoo.exe
  2⤵
  PID:6276
- C:\Windows\System\qSdXClC.exe
  C:\Windows\System\qSdXClC.exe
  2⤵
  PID:7572
- C:\Windows\System\YARvgYP.exe
  C:\Windows\System\YARvgYP.exe
  2⤵
  PID:7544
- C:\Windows\System\qIJHDFZ.exe
  C:\Windows\System\qIJHDFZ.exe
  2⤵
  PID:7744
- C:\Windows\System\tERqova.exe
  C:\Windows\System\tERqova.exe
  2⤵
  PID:7808
- C:\Windows\System\ysAZYiv.exe
  C:\Windows\System\ysAZYiv.exe
  2⤵
  PID:8044
- C:\Windows\System\rGQbDjW.exe
  C:\Windows\System\rGQbDjW.exe
  2⤵
  PID:8028
- C:\Windows\System\fDjjRzY.exe
  C:\Windows\System\fDjjRzY.exe
  2⤵
  PID:7904
- C:\Windows\System\ODHHXPg.exe
  C:\Windows\System\ODHHXPg.exe
  2⤵
  PID:6800
- C:\Windows\System\FuovQPV.exe
  C:\Windows\System\FuovQPV.exe
  2⤵
  PID:7584
- C:\Windows\System\aQMYqxD.exe
  C:\Windows\System\aQMYqxD.exe
  2⤵
  PID:7480
- C:\Windows\System\TxmlzGy.exe
  C:\Windows\System\TxmlzGy.exe
  2⤵
  PID:7624
- C:\Windows\System\uoZVjLI.exe
  C:\Windows\System\uoZVjLI.exe
  2⤵
  PID:7796
- C:\Windows\System\PYmoktk.exe
  C:\Windows\System\PYmoktk.exe
  2⤵
  PID:7660
- C:\Windows\System\rwliAUy.exe
  C:\Windows\System\rwliAUy.exe
  2⤵
  PID:7360
- C:\Windows\System\uXMtlZd.exe
  C:\Windows\System\uXMtlZd.exe
  2⤵
  PID:7824
- C:\Windows\System\IwRrXRs.exe
  C:\Windows\System\IwRrXRs.exe
  2⤵
  PID:7176
- C:\Windows\System\LOmrgTx.exe
  C:\Windows\System\LOmrgTx.exe
  2⤵
  PID:7868
- C:\Windows\System\njaQiRm.exe
  C:\Windows\System\njaQiRm.exe
  2⤵
  PID:8160
- C:\Windows\System\zURzviI.exe
  C:\Windows\System\zURzviI.exe
  2⤵
  PID:8012
- C:\Windows\System\LwJkvkp.exe
  C:\Windows\System\LwJkvkp.exe
  2⤵
  PID:7524
- C:\Windows\System\wTXqICU.exe
  C:\Windows\System\wTXqICU.exe
  2⤵
  PID:7940
- C:\Windows\System\ooBuMeC.exe
  C:\Windows\System\ooBuMeC.exe
  2⤵
  PID:7196
- C:\Windows\System\mJAxaxR.exe
  C:\Windows\System\mJAxaxR.exe
  2⤵
  PID:7372
- C:\Windows\System\pFVZYcK.exe
  C:\Windows\System\pFVZYcK.exe
  2⤵
  PID:7804
- C:\Windows\System\olMfAWs.exe
  C:\Windows\System\olMfAWs.exe
  2⤵
  PID:7456
- C:\Windows\System\CsvdzmJ.exe
  C:\Windows\System\CsvdzmJ.exe
  2⤵
  PID:6844
- C:\Windows\System\AcSJdMK.exe
  C:\Windows\System\AcSJdMK.exe
  2⤵
  PID:7820
- C:\Windows\System\mblAZGp.exe
  C:\Windows\System\mblAZGp.exe
  2⤵
  PID:7496
- C:\Windows\System\KYYLzro.exe
  C:\Windows\System\KYYLzro.exe
  2⤵
  PID:7304
- C:\Windows\System\srbpaAZ.exe
  C:\Windows\System\srbpaAZ.exe
  2⤵
  PID:7708
- C:\Windows\System\VqhEMwx.exe
  C:\Windows\System\VqhEMwx.exe
  2⤵
  PID:7368
- C:\Windows\System\uRDgfIv.exe
  C:\Windows\System\uRDgfIv.exe
  2⤵
  PID:8120
- C:\Windows\System\pHjWVTr.exe
  C:\Windows\System\pHjWVTr.exe
  2⤵
  PID:8096
- C:\Windows\System\AQxIvvh.exe
  C:\Windows\System\AQxIvvh.exe
  2⤵
  PID:7672
- C:\Windows\System\mnuqGpk.exe
  C:\Windows\System\mnuqGpk.exe
  2⤵
  PID:7356
- C:\Windows\System\SDkWNZG.exe
  C:\Windows\System\SDkWNZG.exe
  2⤵
  PID:7272
- C:\Windows\System\GeLWDNg.exe
  C:\Windows\System\GeLWDNg.exe
  2⤵
  PID:7452
- C:\Windows\System\aVywbbl.exe
  C:\Windows\System\aVywbbl.exe
  2⤵
  PID:7692
- C:\Windows\System\DQBXXJl.exe
  C:\Windows\System\DQBXXJl.exe
  2⤵
  PID:7680
- C:\Windows\System\bsasLdq.exe
  C:\Windows\System\bsasLdq.exe
  2⤵
  PID:7948
- C:\Windows\System\xNuUCGK.exe
  C:\Windows\System\xNuUCGK.exe
  2⤵
  PID:8208
- C:\Windows\System\OsPmkHn.exe
  C:\Windows\System\OsPmkHn.exe
  2⤵
  PID:8228
- C:\Windows\System\RYAwuuU.exe
  C:\Windows\System\RYAwuuU.exe
  2⤵
  PID:8248
- C:\Windows\System\MRnrANL.exe
  C:\Windows\System\MRnrANL.exe
  2⤵
  PID:8280
- C:\Windows\System\DBXGLQu.exe
  C:\Windows\System\DBXGLQu.exe
  2⤵
  PID:8296
- C:\Windows\System\URpYTzc.exe
  C:\Windows\System\URpYTzc.exe
  2⤵
  PID:8316
- C:\Windows\System\askqxKd.exe
  C:\Windows\System\askqxKd.exe
  2⤵
  PID:8332
- C:\Windows\System\AlYBPFl.exe
  C:\Windows\System\AlYBPFl.exe
  2⤵
  PID:8352
- C:\Windows\System\vWHeuiF.exe
  C:\Windows\System\vWHeuiF.exe
  2⤵
  PID:8372
- C:\Windows\System\tkjquyV.exe
  C:\Windows\System\tkjquyV.exe
  2⤵
  PID:8388
- C:\Windows\System\uTXEJTt.exe
  C:\Windows\System\uTXEJTt.exe
  2⤵
  PID:8404
- C:\Windows\System\sAyonQw.exe
  C:\Windows\System\sAyonQw.exe
  2⤵
  PID:8424
- C:\Windows\System\JdGtSJi.exe
  C:\Windows\System\JdGtSJi.exe
  2⤵
  PID:8448
- C:\Windows\System\fMATqxd.exe
  C:\Windows\System\fMATqxd.exe
  2⤵
  PID:8468
- C:\Windows\System\izbPlKM.exe
  C:\Windows\System\izbPlKM.exe
  2⤵
  PID:8484
- C:\Windows\System\UWnEtTM.exe
  C:\Windows\System\UWnEtTM.exe
  2⤵
  PID:8512
- C:\Windows\System\odFhtzY.exe
  C:\Windows\System\odFhtzY.exe
  2⤵
  PID:8532
- C:\Windows\System\QfCiVwq.exe
  C:\Windows\System\QfCiVwq.exe
  2⤵
  PID:8560
- C:\Windows\System\lcQzanl.exe
  C:\Windows\System\lcQzanl.exe
  2⤵
  PID:8576
- C:\Windows\System\ONkLnfh.exe
  C:\Windows\System\ONkLnfh.exe
  2⤵
  PID:8592
- C:\Windows\System\NywELjZ.exe
  C:\Windows\System\NywELjZ.exe
  2⤵
  PID:8608
- C:\Windows\System\uhVqlZt.exe
  C:\Windows\System\uhVqlZt.exe
  2⤵
  PID:8648
- C:\Windows\System\GJEQzQQ.exe
  C:\Windows\System\GJEQzQQ.exe
  2⤵
  PID:8664
- C:\Windows\System\xWaHBAA.exe
  C:\Windows\System\xWaHBAA.exe
  2⤵
  PID:8680
- C:\Windows\System\DPQymkP.exe
  C:\Windows\System\DPQymkP.exe
  2⤵
  PID:8708
- C:\Windows\System\AITeGpd.exe
  C:\Windows\System\AITeGpd.exe
  2⤵
  PID:8724
- C:\Windows\System\pcggtxl.exe
  C:\Windows\System\pcggtxl.exe
  2⤵
  PID:8740
- C:\Windows\System\IVVDkXT.exe
  C:\Windows\System\IVVDkXT.exe
  2⤵
  PID:8756
- C:\Windows\System\ENZQwas.exe
  C:\Windows\System\ENZQwas.exe
  2⤵
  PID:8772
- C:\Windows\System\XFpQyEY.exe
  C:\Windows\System\XFpQyEY.exe
  2⤵
  PID:8788
- C:\Windows\System\NPFqmwS.exe
  C:\Windows\System\NPFqmwS.exe
  2⤵
  PID:8804
- C:\Windows\System\ZjXiGPF.exe
  C:\Windows\System\ZjXiGPF.exe
  2⤵
  PID:8820
- C:\Windows\System\iPQULDb.exe
  C:\Windows\System\iPQULDb.exe
  2⤵
  PID:8836
- C:\Windows\System\VsxdlIM.exe
  C:\Windows\System\VsxdlIM.exe
  2⤵
  PID:8852
- C:\Windows\System\mNhVMbi.exe
  C:\Windows\System\mNhVMbi.exe
  2⤵
  PID:8868
- C:\Windows\System\PlolbNt.exe
  C:\Windows\System\PlolbNt.exe
  2⤵
  PID:8884
- C:\Windows\System\kEXHJuf.exe
  C:\Windows\System\kEXHJuf.exe
  2⤵
  PID:8900
- C:\Windows\System\uHsXXRZ.exe
  C:\Windows\System\uHsXXRZ.exe
  2⤵
  PID:8916
- C:\Windows\System\vLpGCTP.exe
  C:\Windows\System\vLpGCTP.exe
  2⤵
  PID:8936
- C:\Windows\System\ziUeMOb.exe
  C:\Windows\System\ziUeMOb.exe
  2⤵
  PID:8956
- C:\Windows\System\PzhWsJu.exe
  C:\Windows\System\PzhWsJu.exe
  2⤵
  PID:8976
- C:\Windows\System\BMkbXFU.exe
  C:\Windows\System\BMkbXFU.exe
  2⤵
  PID:8992
- C:\Windows\System\PewmEzE.exe
  C:\Windows\System\PewmEzE.exe
  2⤵
  PID:9008
- C:\Windows\System\HIkZZmC.exe
  C:\Windows\System\HIkZZmC.exe
  2⤵
  PID:9024
- C:\Windows\System\tJWDnCt.exe
  C:\Windows\System\tJWDnCt.exe
  2⤵
  PID:9040
- C:\Windows\System\eDYkwtq.exe
  C:\Windows\System\eDYkwtq.exe
  2⤵
  PID:9056
- C:\Windows\System\FrjasSp.exe
  C:\Windows\System\FrjasSp.exe
  2⤵
  PID:9072
- C:\Windows\System\kXujPZb.exe
  C:\Windows\System\kXujPZb.exe
  2⤵
  PID:9088
- C:\Windows\System\hngFnpP.exe
  C:\Windows\System\hngFnpP.exe
  2⤵
  PID:9104
- C:\Windows\System\OoDWkvl.exe
  C:\Windows\System\OoDWkvl.exe
  2⤵
  PID:9120
- C:\Windows\System\LMjqzUN.exe
  C:\Windows\System\LMjqzUN.exe
  2⤵
  PID:9136
- C:\Windows\System\WMMXBXq.exe
  C:\Windows\System\WMMXBXq.exe
  2⤵
  PID:9152
- C:\Windows\System\LXKxglI.exe
  C:\Windows\System\LXKxglI.exe
  2⤵
  PID:9168
- C:\Windows\System\ABDhHDq.exe
  C:\Windows\System\ABDhHDq.exe
  2⤵
  PID:9184
- C:\Windows\System\iAnTWSU.exe
  C:\Windows\System\iAnTWSU.exe
  2⤵
  PID:9200
- C:\Windows\System\pfEPBTV.exe
  C:\Windows\System\pfEPBTV.exe
  2⤵
  PID:8340
- C:\Windows\System\KCAUFxi.exe
  C:\Windows\System\KCAUFxi.exe
  2⤵
  PID:8360
- C:\Windows\System\bSZBmEt.exe
  C:\Windows\System\bSZBmEt.exe
  2⤵
  PID:8384
- C:\Windows\System\TUvNQXn.exe
  C:\Windows\System\TUvNQXn.exe
  2⤵
  PID:8460
- C:\Windows\System\aIYnYfI.exe
  C:\Windows\System\aIYnYfI.exe
  2⤵
  PID:8504
- C:\Windows\System\DgIXqDD.exe
  C:\Windows\System\DgIXqDD.exe
  2⤵
  PID:8492
- C:\Windows\System\SnalPYH.exe
  C:\Windows\System\SnalPYH.exe
  2⤵
  PID:8520
- C:\Windows\System\VioYsFq.exe
  C:\Windows\System\VioYsFq.exe
  2⤵
  PID:7944
- C:\Windows\System\urBfDiD.exe
  C:\Windows\System\urBfDiD.exe
  2⤵
  PID:8616
- C:\Windows\System\zhllDXp.exe
  C:\Windows\System\zhllDXp.exe
  2⤵
  PID:8556
- C:\Windows\System\KRMYqEB.exe
  C:\Windows\System\KRMYqEB.exe
  2⤵
  PID:8632
- C:\Windows\System\EjBoxnk.exe
  C:\Windows\System\EjBoxnk.exe
  2⤵
  PID:7320
- C:\Windows\System\gQgFpim.exe
  C:\Windows\System\gQgFpim.exe
  2⤵
  PID:8672
- C:\Windows\System\UsfpFRQ.exe
  C:\Windows\System\UsfpFRQ.exe
  2⤵
  PID:8696
- C:\Windows\System\ulBjGmV.exe
  C:\Windows\System\ulBjGmV.exe
  2⤵
  PID:8720
- C:\Windows\System\oYMkJtr.exe
  C:\Windows\System\oYMkJtr.exe
  2⤵
  PID:8876
- C:\Windows\System\tdIGowH.exe
  C:\Windows\System\tdIGowH.exe
  2⤵
  PID:8896
- C:\Windows\System\eFTYyPp.exe
  C:\Windows\System\eFTYyPp.exe
  2⤵
  PID:8816
- C:\Windows\System\jWXPPJi.exe
  C:\Windows\System\jWXPPJi.exe
  2⤵
  PID:8812
- C:\Windows\System\hiPAxRj.exe
  C:\Windows\System\hiPAxRj.exe
  2⤵
  PID:8944
- C:\Windows\System\xsRtnnB.exe
  C:\Windows\System\xsRtnnB.exe
  2⤵
  PID:8988
- C:\Windows\System\UcjcLvB.exe
  C:\Windows\System\UcjcLvB.exe
  2⤵
  PID:9080
- C:\Windows\System\lKGNHkd.exe
  C:\Windows\System\lKGNHkd.exe
  2⤵
  PID:9164
- C:\Windows\System\AfMXcPI.exe
  C:\Windows\System\AfMXcPI.exe
  2⤵
  PID:9148
- C:\Windows\System\Lveuthd.exe
  C:\Windows\System\Lveuthd.exe
  2⤵
  PID:9004
- C:\Windows\System\irlwmII.exe
  C:\Windows\System\irlwmII.exe
  2⤵
  PID:9068
- C:\Windows\System\yeinASv.exe
  C:\Windows\System\yeinASv.exe
  2⤵
  PID:9196
- C:\Windows\System\egYkSrU.exe
  C:\Windows\System\egYkSrU.exe
  2⤵
  PID:8024
- C:\Windows\System\NQNdQyN.exe
  C:\Windows\System\NQNdQyN.exe
  2⤵
  PID:8224
- C:\Windows\System\lPllFhd.exe
  C:\Windows\System\lPllFhd.exe
  2⤵
  PID:8268
- C:\Windows\System\wkVQoqg.exe
  C:\Windows\System\wkVQoqg.exe
  2⤵
  PID:7916
- C:\Windows\System\sKZjXDs.exe
  C:\Windows\System\sKZjXDs.exe
  2⤵
  PID:8348
- C:\Windows\System\fBwTfdY.exe
  C:\Windows\System\fBwTfdY.exe
  2⤵
  PID:8364
- C:\Windows\System\CQuyDZl.exe
  C:\Windows\System\CQuyDZl.exe
  2⤵
  PID:8444
- C:\Windows\System\vBAORtc.exe
  C:\Windows\System\vBAORtc.exe
  2⤵
  PID:8620
- C:\Windows\System\UHtkiWe.exe
  C:\Windows\System\UHtkiWe.exe
  2⤵
  PID:8640
- C:\Windows\System\xCMpZmq.exe
  C:\Windows\System\xCMpZmq.exe
  2⤵
  PID:8584
- C:\Windows\System\nUeyWCR.exe
  C:\Windows\System\nUeyWCR.exe
  2⤵
  PID:8528
- C:\Windows\System\kHncjMl.exe
  C:\Windows\System\kHncjMl.exe
  2⤵
  PID:8780
- C:\Windows\System\ecOqLoq.exe
  C:\Windows\System\ecOqLoq.exe
  2⤵
  PID:8832
- C:\Windows\System\BopijUR.exe
  C:\Windows\System\BopijUR.exe
  2⤵
  PID:9064
- C:\Windows\System\aITiixT.exe
  C:\Windows\System\aITiixT.exe
  2⤵
  PID:9036
- C:\Windows\System\mBOXRiq.exe
  C:\Windows\System\mBOXRiq.exe
  2⤵
  PID:8864
- C:\Windows\System\dWlFgHy.exe
  C:\Windows\System\dWlFgHy.exe
  2⤵
  PID:9128
- C:\Windows\System\fTnxhBL.exe
  C:\Windows\System\fTnxhBL.exe
  2⤵
  PID:8952
- C:\Windows\System\OuLdgju.exe
  C:\Windows\System\OuLdgju.exe
  2⤵
  PID:8480
- C:\Windows\System\ycUfaqk.exe
  C:\Windows\System\ycUfaqk.exe
  2⤵
  PID:9132
- C:\Windows\System\yjpYkoq.exe
  C:\Windows\System\yjpYkoq.exe
  2⤵
  PID:8796
- C:\Windows\System\rHhEsHD.exe
  C:\Windows\System\rHhEsHD.exe
  2⤵
  PID:8568
- C:\Windows\System\xAfbUIp.exe
  C:\Windows\System\xAfbUIp.exe
  2⤵
  PID:8244
- C:\Windows\System\bAZTJbA.exe
  C:\Windows\System\bAZTJbA.exe
  2⤵
  PID:8420
- C:\Windows\System\MGQcQjZ.exe
  C:\Windows\System\MGQcQjZ.exe
  2⤵
  PID:8416
- C:\Windows\System\mwyqkWo.exe
  C:\Windows\System\mwyqkWo.exe
  2⤵
  PID:9052
- C:\Windows\System\eVTDAqm.exe
  C:\Windows\System\eVTDAqm.exe
  2⤵
  PID:8908
- C:\Windows\System\QVdxnZi.exe
  C:\Windows\System\QVdxnZi.exe
  2⤵
  PID:8892
- C:\Windows\System\TpCgneT.exe
  C:\Windows\System\TpCgneT.exe
  2⤵
  PID:8716
- C:\Windows\System\yrIVUHZ.exe
  C:\Windows\System\yrIVUHZ.exe
  2⤵
  PID:8216
- C:\Windows\System\whQJizb.exe
  C:\Windows\System\whQJizb.exe
  2⤵
  PID:8784
- C:\Windows\System\ZHCzSGj.exe
  C:\Windows\System\ZHCzSGj.exe
  2⤵
  PID:8432
- C:\Windows\System\ErSiREQ.exe
  C:\Windows\System\ErSiREQ.exe
  2⤵
  PID:9176
- C:\Windows\System\oKnguCp.exe
  C:\Windows\System\oKnguCp.exe
  2⤵
  PID:8972
- C:\Windows\System\gbVCrvr.exe
  C:\Windows\System\gbVCrvr.exe
  2⤵
  PID:9100
- C:\Windows\System\MJIdOuD.exe
  C:\Windows\System\MJIdOuD.exe
  2⤵
  PID:9224
- C:\Windows\System\ppQTsqw.exe
  C:\Windows\System\ppQTsqw.exe
  2⤵
  PID:9240
- C:\Windows\System\FXGFayW.exe
  C:\Windows\System\FXGFayW.exe
  2⤵
  PID:9256
- C:\Windows\System\MtULHVn.exe
  C:\Windows\System\MtULHVn.exe
  2⤵
  PID:9272
- C:\Windows\System\dIMrdiT.exe
  C:\Windows\System\dIMrdiT.exe
  2⤵
  PID:9316
- C:\Windows\System\ggheIpp.exe
  C:\Windows\System\ggheIpp.exe
  2⤵
  PID:9332
- C:\Windows\System\hxDSfOb.exe
  C:\Windows\System\hxDSfOb.exe
  2⤵
  PID:9352
- C:\Windows\System\gEPLENu.exe
  C:\Windows\System\gEPLENu.exe
  2⤵
  PID:9368
- C:\Windows\System\YrcBOkc.exe
  C:\Windows\System\YrcBOkc.exe
  2⤵
  PID:9384
- C:\Windows\System\lkbvtME.exe
  C:\Windows\System\lkbvtME.exe
  2⤵
  PID:9400
- C:\Windows\System\KXdCJnH.exe
  C:\Windows\System\KXdCJnH.exe
  2⤵
  PID:9416
- C:\Windows\System\UKokYOl.exe
  C:\Windows\System\UKokYOl.exe
  2⤵
  PID:9432
- C:\Windows\System\NxYbEyA.exe
  C:\Windows\System\NxYbEyA.exe
  2⤵
  PID:9452
- C:\Windows\System\MQEPGow.exe
  C:\Windows\System\MQEPGow.exe
  2⤵
  PID:9564
- C:\Windows\System\UsVEXuP.exe
  C:\Windows\System\UsVEXuP.exe
  2⤵
  PID:9580
- C:\Windows\System\eeliWib.exe
  C:\Windows\System\eeliWib.exe
  2⤵
  PID:9600
- C:\Windows\System\AbuMvFO.exe
  C:\Windows\System\AbuMvFO.exe
  2⤵
  PID:9624
- C:\Windows\System\lBwHdnv.exe
  C:\Windows\System\lBwHdnv.exe
  2⤵
  PID:9648
- C:\Windows\System\gPayHjY.exe
  C:\Windows\System\gPayHjY.exe
  2⤵
  PID:9664
- C:\Windows\System\DQEfiZX.exe
  C:\Windows\System\DQEfiZX.exe
  2⤵
  PID:9680
- C:\Windows\System\EZaqGLM.exe
  C:\Windows\System\EZaqGLM.exe
  2⤵
  PID:9696
- C:\Windows\System\cvsoIEJ.exe
  C:\Windows\System\cvsoIEJ.exe
  2⤵
  PID:9712
- C:\Windows\System\hMzfoUE.exe
  C:\Windows\System\hMzfoUE.exe
  2⤵
  PID:9728
- C:\Windows\System\jhtGcyU.exe
  C:\Windows\System\jhtGcyU.exe
  2⤵
  PID:9744
- C:\Windows\System\DnquwcV.exe
  C:\Windows\System\DnquwcV.exe
  2⤵
  PID:9760
- C:\Windows\System\FfxvyJU.exe
  C:\Windows\System\FfxvyJU.exe
  2⤵
  PID:9792
- C:\Windows\System\iyjgrLu.exe
  C:\Windows\System\iyjgrLu.exe
  2⤵
  PID:9808
- C:\Windows\System\bVpUAqi.exe
  C:\Windows\System\bVpUAqi.exe
  2⤵
  PID:9824
- C:\Windows\System\SadadWO.exe
  C:\Windows\System\SadadWO.exe
  2⤵
  PID:9840
- C:\Windows\System\qtFjgmC.exe
  C:\Windows\System\qtFjgmC.exe
  2⤵
  PID:9860
- C:\Windows\System\TAuogAe.exe
  C:\Windows\System\TAuogAe.exe
  2⤵
  PID:9880
- C:\Windows\System\qzjaSbk.exe
  C:\Windows\System\qzjaSbk.exe
  2⤵
  PID:9900
- C:\Windows\System\jNstnzH.exe
  C:\Windows\System\jNstnzH.exe
  2⤵
  PID:9932
- C:\Windows\System\xEWDkoN.exe
  C:\Windows\System\xEWDkoN.exe
  2⤵
  PID:9948
- C:\Windows\System\BKPjyHz.exe
  C:\Windows\System\BKPjyHz.exe
  2⤵
  PID:9964
- C:\Windows\System\cCknUUx.exe
  C:\Windows\System\cCknUUx.exe
  2⤵
  PID:9980
- C:\Windows\System\YNJXVvk.exe
  C:\Windows\System\YNJXVvk.exe
  2⤵
  PID:10000
- C:\Windows\System\zoEDSeq.exe
  C:\Windows\System\zoEDSeq.exe
  2⤵
  PID:10016
- C:\Windows\System\xTkIGTH.exe
  C:\Windows\System\xTkIGTH.exe
  2⤵
  PID:10036
- C:\Windows\System\TMKMbbR.exe
  C:\Windows\System\TMKMbbR.exe
  2⤵
  PID:10052
- C:\Windows\System\SaYMvEq.exe
  C:\Windows\System\SaYMvEq.exe
  2⤵
  PID:10068
- C:\Windows\System\KEHTWxn.exe
  C:\Windows\System\KEHTWxn.exe
  2⤵
  PID:10084
- C:\Windows\System\dsxwXRZ.exe
  C:\Windows\System\dsxwXRZ.exe
  2⤵
  PID:10100
- C:\Windows\System\YNWWeFM.exe
  C:\Windows\System\YNWWeFM.exe
  2⤵
  PID:10156
- C:\Windows\System\OmGbSdu.exe
  C:\Windows\System\OmGbSdu.exe
  2⤵
  PID:10176
- C:\Windows\System\BeXjiEx.exe
  C:\Windows\System\BeXjiEx.exe
  2⤵
  PID:10196
- C:\Windows\System\mkyGXcP.exe
  C:\Windows\System\mkyGXcP.exe
  2⤵
  PID:10216
- C:\Windows\System\pibCCMM.exe
  C:\Windows\System\pibCCMM.exe
  2⤵
  PID:10232
- C:\Windows\System\bvOSrbr.exe
  C:\Windows\System\bvOSrbr.exe
  2⤵
  PID:8436
- C:\Windows\System\pMVgvrP.exe
  C:\Windows\System\pMVgvrP.exe
  2⤵
  PID:8604
- C:\Windows\System\gtPOaUO.exe
  C:\Windows\System\gtPOaUO.exe
  2⤵
  PID:9020
- C:\Windows\System\ipFkUyu.exe
  C:\Windows\System\ipFkUyu.exe
  2⤵
  PID:8912
- C:\Windows\System\nVKYoEp.exe
  C:\Windows\System\nVKYoEp.exe
  2⤵
  PID:9220
- C:\Windows\System\aVmhSwd.exe
  C:\Windows\System\aVmhSwd.exe
  2⤵
  PID:9292
- C:\Windows\System\TwokoMI.exe
  C:\Windows\System\TwokoMI.exe
  2⤵
  PID:9340
- C:\Windows\System\IASPzSe.exe
  C:\Windows\System\IASPzSe.exe
  2⤵
  PID:9408
- C:\Windows\System\bVYuRIq.exe
  C:\Windows\System\bVYuRIq.exe
  2⤵
  PID:9444
- C:\Windows\System\XfxEicf.exe
  C:\Windows\System\XfxEicf.exe
  2⤵
  PID:9264
- C:\Windows\System\KxQmflt.exe
  C:\Windows\System\KxQmflt.exe
  2⤵
  PID:8412
- C:\Windows\System\SfolCCO.exe
  C:\Windows\System\SfolCCO.exe
  2⤵
  PID:9464
- C:\Windows\System\brWqEPP.exe
  C:\Windows\System\brWqEPP.exe
  2⤵
  PID:9396
- C:\Windows\System\RbahFLC.exe
  C:\Windows\System\RbahFLC.exe
  2⤵
  PID:9468
- C:\Windows\System\prpKfmZ.exe
  C:\Windows\System\prpKfmZ.exe
  2⤵
  PID:9484
- C:\Windows\System\xuiZZBL.exe
  C:\Windows\System\xuiZZBL.exe
  2⤵
  PID:9496
- C:\Windows\System\FwbcLOX.exe
  C:\Windows\System\FwbcLOX.exe
  2⤵
  PID:9516
- C:\Windows\System\PzBcTNj.exe
  C:\Windows\System\PzBcTNj.exe
  2⤵
  PID:9532
- C:\Windows\System\aBWWVmj.exe
  C:\Windows\System\aBWWVmj.exe
  2⤵
  PID:9552
- C:\Windows\System\ulofgcu.exe
  C:\Windows\System\ulofgcu.exe
  2⤵
  PID:8932
- C:\Windows\System\WPrnhPL.exe
  C:\Windows\System\WPrnhPL.exe
  2⤵
  PID:9608
- C:\Windows\System\qmAjLQf.exe
  C:\Windows\System\qmAjLQf.exe
  2⤵
  PID:9616
- C:\Windows\System\KiGdCcR.exe
  C:\Windows\System\KiGdCcR.exe
  2⤵
  PID:9688
- C:\Windows\System\aBzaoDk.exe
  C:\Windows\System\aBzaoDk.exe
  2⤵
  PID:9640
- C:\Windows\System\iivcPhl.exe
  C:\Windows\System\iivcPhl.exe
  2⤵
  PID:9704
- C:\Windows\System\IyyTosZ.exe
  C:\Windows\System\IyyTosZ.exe
  2⤵
  PID:9772
- C:\Windows\System\vuXoHoa.exe
  C:\Windows\System\vuXoHoa.exe
  2⤵
  PID:9756
- C:\Windows\System\vDHYDnH.exe
  C:\Windows\System\vDHYDnH.exe
  2⤵
  PID:9836
- C:\Windows\System\WKkDCzt.exe
  C:\Windows\System\WKkDCzt.exe
  2⤵
  PID:9784
- C:\Windows\System\cHJRRIv.exe
  C:\Windows\System\cHJRRIv.exe
  2⤵
  PID:9924
- C:\Windows\System\xzBMJDW.exe
  C:\Windows\System\xzBMJDW.exe
  2⤵
  PID:9888
- C:\Windows\System\pFVzRTZ.exe
  C:\Windows\System\pFVzRTZ.exe
  2⤵
  PID:9848
- C:\Windows\System\jXstYQH.exe
  C:\Windows\System\jXstYQH.exe
  2⤵
  PID:10120
- C:\Windows\System\plwLDDt.exe
  C:\Windows\System\plwLDDt.exe
  2⤵
  PID:9048
- C:\Windows\System\vuJQhDN.exe
  C:\Windows\System\vuJQhDN.exe
  2⤵
  PID:7992
- C:\Windows\System\zkDXLWm.exe
  C:\Windows\System\zkDXLWm.exe
  2⤵
  PID:8732
- C:\Windows\System\XLtyJOA.exe
  C:\Windows\System\XLtyJOA.exe
  2⤵
  PID:10184
- C:\Windows\System\MPrGWyP.exe
  C:\Windows\System\MPrGWyP.exe
  2⤵
  PID:9232
- C:\Windows\System\MkVqWnJ.exe
  C:\Windows\System\MkVqWnJ.exe
  2⤵
  PID:9252
- C:\Windows\System\ncoLHAG.exe
  C:\Windows\System\ncoLHAG.exe
  2⤵
  PID:9344
- C:\Windows\System\KKIlnHt.exe
  C:\Windows\System\KKIlnHt.exe
  2⤵
  PID:9460
- C:\Windows\System\tYNxGiz.exe
  C:\Windows\System\tYNxGiz.exe
  2⤵
  PID:9476
- C:\Windows\System\WbGEUpb.exe
  C:\Windows\System\WbGEUpb.exe
  2⤵
  PID:9572
- C:\Windows\System\yPFlqLJ.exe
  C:\Windows\System\yPFlqLJ.exe
  2⤵
  PID:9656
- C:\Windows\System\NuMJRwi.exe
  C:\Windows\System\NuMJRwi.exe
  2⤵
  PID:9720
- C:\Windows\System\kFwqNmY.exe
  C:\Windows\System\kFwqNmY.exe
  2⤵
  PID:9768
- C:\Windows\System\HjCsKcl.exe
  C:\Windows\System\HjCsKcl.exe
  2⤵
  PID:9916
- C:\Windows\System\YtrZNlX.exe
  C:\Windows\System\YtrZNlX.exe
  2⤵
  PID:9920
- C:\Windows\System\qBEiQpF.exe
  C:\Windows\System\qBEiQpF.exe
  2⤵
  PID:9596
- C:\Windows\System\gtXoxAI.exe
  C:\Windows\System\gtXoxAI.exe
  2⤵
  PID:10048
- C:\Windows\System\gtHOtka.exe
  C:\Windows\System\gtHOtka.exe
  2⤵
  PID:10028
- C:\Windows\System\prmuGVv.exe
  C:\Windows\System\prmuGVv.exe
  2⤵
  PID:10064
- C:\Windows\System\cCKNZPX.exe
  C:\Windows\System\cCKNZPX.exe
  2⤵
  PID:10164
- C:\Windows\System\PTxWQzu.exe
  C:\Windows\System\PTxWQzu.exe
  2⤵
  PID:10212
- C:\Windows\System\noCMcqJ.exe
  C:\Windows\System\noCMcqJ.exe
  2⤵
  PID:10096
- C:\Windows\System\DTrIbzN.exe
  C:\Windows\System\DTrIbzN.exe
  2⤵
  PID:10204
- C:\Windows\System\gfyyWND.exe
  C:\Windows\System\gfyyWND.exe
  2⤵
  PID:9312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HMnPiWd.exe

Filesize
6.0MB

MD5
4f317b20293db56ee7f850854d0cd917

SHA1
e3601e71b93027de119b2047d3265b4a7ca2adb6

SHA256
5d767a9b9aec8ba0f1231b37bc1924fbd2dc4b512b645c031eaad0c087ba6be4

SHA512
7bdaa5d55df810a66dc75582d8ebe4a9cbe7005bd617379c1c5e6f0fd188a8c379766ba4eb855aaf14bac89f55ac95e2705529312c74829f8bbf41ca4656acff

Download Submit
C:\Windows\system\IgqNJwl.exe

Filesize
6.0MB

MD5
f195c6e35cdadac4c0635d7489023280

SHA1
fd4d11026f874154ad6470506cdb36270debe247

SHA256
49cb342023a0fa5add7015ca47c318f49237c4a6b324fb70b3c2d172b20a166f

SHA512
eed4d9cff8b280e6e61974a3f65778852888824dd91ef6253f66bcad686ed19df565d13e0eb9ea62b494bbe9938fe86ab5f873a203648d3cdafbcce5c678185e

Download Submit
C:\Windows\system\IyiIJhI.exe

Filesize
6.0MB

MD5
034e4fdd097896823f29f9783d638386

SHA1
d7d3d22799915dfaba1834b4da82fe62786ee0f2

SHA256
c29a9c8e4541b81858aadd8c6a71e7476a3e41eb9e7c1953c69e83bc0c9ee5f2

SHA512
8a2f34d186143b5e734a35ecf9cc2e3aee93ab1458833e1212078b484846ea10f886378e5fe7c4fe3d31d99cdd50a8c8e3a1cbbaa0d3dea5503939bf9a3d7cfb

Download Submit
C:\Windows\system\JaGvOVw.exe

Filesize
6.0MB

MD5
41df244a5d644b8172f2527fa23234a0

SHA1
2efcafef555a4e8e8b304475e56c35b8bcd2a3b1

SHA256
8f54508d178e187c39ad33669cccf24996e981f0255c69a0bb5d9f0cae572942

SHA512
99c93b972db3a5409765b6e31b70b98b968ba9c3a9bb1f2a920ee9e8573a241223d4e83754a11849675006657bcbb3f5fba4ce4414a19cbc01f5d7cbf58e2328

Download Submit
C:\Windows\system\KHyAhiU.exe

Filesize
6.0MB

MD5
d9062b1262f70f27bc75cb198aca0ab5

SHA1
78762d15e82ed4f75ad74751c568ced9bf7cf543

SHA256
d5786f094576e20da5ccbdb8fe40cca9ab988d124ddc07b6713c6b5727cc8979

SHA512
4ae26148a3ba96a5c2f11b043dbdcda97ca9de13783e427df479cac54221e8cdf2c7f98980ed4560a89b550df6b23c7e93961c9626d617384b66e9edebf4314e

Download Submit
C:\Windows\system\MrftiHt.exe

Filesize
6.0MB

MD5
cfffdeb1bd198b0af96d384d438bf782

SHA1
cc1348008c382a4e50eb2ed26e79e5d009bd321a

SHA256
80df8fd420693f4a3adafae7a0312589ec5c3fbbcb2d09221c00b296c0c0fb80

SHA512
69de316c32efbc3c23c4cd88525021e679315fcc2ff145fd52555a84f065c63a7ada08262bcafd8e467bef1dbe489e2d936e8d963f56eeb608af585107c73878

Download Submit
C:\Windows\system\OHPfuEf.exe

Filesize
6.0MB

MD5
9827fbb9db002cc05629688ae296094d

SHA1
b9cdedf6c9ce688530ee6795f9f31a29d14c706f

SHA256
4aa2d3c8a55868e01b56361729072e0604e410ffe7a0ac219f5e1745032e4b23

SHA512
95c3b2b014079f11853c2e726f2f937021fbce712e7894e4e424dc8b1e38613de1f17edd4dbcb3a7d5b056dec117c5d54e6cbba4d99a3a75c62a9c07d413aa97

Download Submit
C:\Windows\system\OhWZwcZ.exe

Filesize
6.0MB

MD5
4248eff101056c92e2118e8d462dc0b2

SHA1
5b7625616d00871dd2d545296676ca656962067d

SHA256
096f4a7269bbb6385d344c7920e16a90b1984b116982061483090aa14d6c044d

SHA512
2d4d5af924bb9b80c38890ccf916cf9e0f9f637f2465eba02c4fc7fabf3c390089e6161e1af5fc4afd5a06f0ec576ef91a8d6ec206e2de503580051cd9d2ddec

Download Submit
C:\Windows\system\PURKCAH.exe

Filesize
6.0MB

MD5
de7dab081ed633b08e7bd045f95606ed

SHA1
bfa47b298089dc500e7491bd04dc84fe8d8bbb3a

SHA256
ff6914cbd08bbecadad2b1d94e14ff014dc314a72138ad814c1e5a0721a641cb

SHA512
9137d5df510487a13a26eef4954170b668e049a7ae8a994879c8315d1a91ef795b70370d22c9b33d42c90f02cc52604ce68a35eb61a038c6498824589b7a125a

Download Submit
C:\Windows\system\RziPeeh.exe

Filesize
6.0MB

MD5
9ae47d257ab776b00b9cb6b2e77254c8

SHA1
8b7e1dddf5d7f98f40a6aed697425f15e0b7f9c3

SHA256
fc328e3b2f79c7a9f9e0df01e50ab2ac1841aee4c105c1953b9df6e4ad8ee3ef

SHA512
afa7d25ca7554efb9f7c0409c20287c64659da89bd1d9d41171e47e614abd95f195228b70590024a85259602fc360e04c0adebe7fb76da619c73292c1e8b354a

Download Submit
C:\Windows\system\XYZIsPN.exe

Filesize
6.0MB

MD5
103ed5dd2db28d2bfe50cbba453949e9

SHA1
82a65aebc988e57f76ba533d9a8b8d07d3d7ac5d

SHA256
8700581df7d1fa18e78052f89c1a735fdb5c40560529a70a9aad49fafc122278

SHA512
f2268d8c96a9a18ea02d689897a1602d4c0a930369e55bd8f016d08cc3db8bf5982a24f90000b7537e45d97deb010fe5af2208f832af6861f59ae771d20ca36e

Download Submit
C:\Windows\system\YifoRjx.exe

Filesize
6.0MB

MD5
07396316e1ba3943a537223a57864ba4

SHA1
407938693343cdd0d9ffe4ee98ca1c8638bfff35

SHA256
fbdf25cd830b3cba2d5936e9e26ab1ab200086cb27563e8a4edcad5d575cc9d4

SHA512
ce82cc067c2a6274ea437331c5675b4a02e153931530d3605a44ab7be7c6b9466c6f4f5e78b5ac26f25e2a718a39b6230e2420923f221ad85307c8d242ea7da8

Download Submit
C:\Windows\system\czhbepD.exe

Filesize
6.0MB

MD5
ab14ae971e00f684a08d80565ddfeb74

SHA1
588dcbb576aa1c8ceed6b50d4d0d3d1ddc5ed93a

SHA256
610b7379120b35c178978b082e9fbcaac5aff5b622b7c30eab186ad911354526

SHA512
287867e5f831b72eca548a19a956b29b7d682a5d500fdb20036550bf19e4948dea1e3c7bc89e10fffed64d92815d1beb020282ad391f2cf9d6b3942da0c5eb5c

Download Submit
C:\Windows\system\dJExrvO.exe

Filesize
6.0MB

MD5
3f635613871dddf54d6c06ced95bdac8

SHA1
9b6c6130fa8ffab875994e691c37987c7f80a954

SHA256
2d0204c3c82909883637f88503cbebaef7097c203a0b97004abb066fe8ee6a07

SHA512
f8e07150cbfff1afbff312b6f647ea5867fbf8b2baf0914ace1e02a3193050611fd3f2a5ed32667eba205780d2893fe2795fc46267a86ac9a5cea686d09eadb2

Download Submit
C:\Windows\system\dRSNCKv.exe

Filesize
6.0MB

MD5
daa3965c283b3841f858b87cd4994fba

SHA1
01bd3ae56ee915ded170338a9df12dae3d55ad53

SHA256
c919af29b924f1416cb9eaffdb5c2a87228a8d57b108bcdde681e1b979c22109

SHA512
31063ffe56ec013a28e96307055248ee1ae1976a04ff76f3a55f097e0cd82cc75090ce16199c19c59d90aab0bf7ee2d52bc469ef2a69db83dc5fcf2ca7f40e7c

Download Submit
C:\Windows\system\dyOlehI.exe

Filesize
6.0MB

MD5
fd6932b11fc139a20f2c453364378602

SHA1
010aa3f252d2c2348f7df50ea33e4dc90afe35f0

SHA256
fe6b6caea5c4a39c955dbf6b02a313458f4a08f3f7f15baa0d3cde9bb61a6708

SHA512
6a3eb9f5d040e12c0452a591a03c16bdc9705ef854e7bc3cca0474b566b6bf57a839f2fba92702f443628e41b71217cb2cd9f2532da0dc08f0c7593fdbc47032

Download Submit
C:\Windows\system\eIPuNWD.exe

Filesize
6.0MB

MD5
fa14b0e39e997eb305a3e982e0aa10b3

SHA1
1929ad7e0bd585f0b6e53052cdc05c9d69eb631c

SHA256
101516310aef03235009aee11661dbbc2ebbd1e4e263ddb1e464fb75968f03d1

SHA512
2b42e40be4bf761c7701167fe9545621be9aab3721cb7d3d365184d712f06a63bf3a207bc428b6e1280dcba9df315b0915255fbf1ca165a703c7397a56876bd4

Download Submit
C:\Windows\system\emqhahE.exe

Filesize
6.0MB

MD5
5d8fd8315649e963025b85e7ec066aed

SHA1
926ffaca3a96d5b3948b718c5ee7926eba498a7c

SHA256
01b973f9a23d032bfc2d9ad95ed50fde52c7008d2616d31eace98bd0b91925c4

SHA512
e40b899cc358f1180f8a3f4fc74b5c86748c63961bc3b4abb18fbd611394b89476965aca7b7ea68beb800009160cfd840960437a924597655c9657b6926ce1c1

Download Submit
C:\Windows\system\fDvtuIu.exe

Filesize
6.0MB

MD5
a1f43cfcf4d8e1824bf6f4deb32f4e0b

SHA1
5408ca3deb2a9c2f0b8ed233a4998d2abef19b41

SHA256
c677a7d6b708c92985819fe93f2fc7d75cd5e100c49cb230e5f990d24cc814a6

SHA512
6cd0ecd2ce7dd422fd1bfd63939d53fabee3bdb76cb50cfbb0fd49e9ccd6b088828dfceb105089b9adf5960dbbf7f9be44e3a53e947c9f7cb777a79fa3ae0fbf

Download Submit
C:\Windows\system\inJBfBq.exe

Filesize
6.0MB

MD5
dc432c9f791cdca3cb619f9ac5d42b52

SHA1
7fbd78604f82a48c35e3018f8f9a7072768ac012

SHA256
89fec30656c30392c04433903b22d491ab394ff05028f7a087c176cc98cbc536

SHA512
94c3a32f6dfe8c1099e4148f4c6a3612e4478e4c7d8108bdbe82cac7a7b6347dec5c4e9216aa31e507b514717c5266d69dd16db460f022dc286c6deabd5c4056

Download Submit
C:\Windows\system\pWsXIOl.exe

Filesize
6.0MB

MD5
8e97b9fca13c76cf2e0c35f24c6d0e6d

SHA1
318870399d26807ef989c90b7f7889653a477ed2

SHA256
ac105e7c02abf3f9a71c41cd3d273308117afb6bfc1c13e0aa2e0c2ad5243456

SHA512
b25c4bbe21715b35153d0c26e4be8b14ae357e642a0f5ff2625d5a5c530bfc2ba5556fa1660d59a07ffdee5d5df1751cf56f8ae35774f669af2097a8a6e65796

Download Submit
C:\Windows\system\pgqObda.exe

Filesize
6.0MB

MD5
df90690aa17ee698defffa65d2a72876

SHA1
165473c6a4a460be58714ac0a9a640696857821b

SHA256
e66235cf2c79303c792bd248d95887dc2a0b43b9d6cb4654ccca2922adecf196

SHA512
c6b8c436609bb1a616a02fb6822ee4d7ba6cee5ffbcebf91fff613998b88a7aff99b94bc6344ce7fafb78b7740144c91150443823bc6fae0a13bc93412f7bc07

Download Submit
C:\Windows\system\qVYWRIV.exe

Filesize
6.0MB

MD5
a52681f8431ce83b2871d3b588c00dd0

SHA1
56a94ba540610618f676eb3c31c58165e84e677a

SHA256
538c0ce4200c5b7154afa8dccf9c27ad5160462789c977fb25f1bba19ba757dd

SHA512
3678f62b826a356dd9370bc21efa54f2ae5d2fc3ef06e443464741e8cf4dbd44c138755326b0d9bd6110552e7ee8712355b4a62c5a806957ad3621348aa9e3e1

Download Submit
C:\Windows\system\tGpyUeL.exe

Filesize
6.0MB

MD5
0e489ea92aafd7c306576ec0a2e5d47c

SHA1
10a01802b8601fa91f14d5fcf87cb8f506fab40b

SHA256
a858055d6513b627fa90f1cba24c2453a7783a5270aa1111c674b11dd16f164d

SHA512
6a002e23c440f2fe5749b4a3de33b2d0c46fba222b070ac22c2cd7c7d36a72da8956d9f6af5f7f997218e9cfa0ddd1d88ac7a68bc9ba90bcbeb54801c355cc2d

Download Submit
C:\Windows\system\vgstwyE.exe

Filesize
6.0MB

MD5
f78c506de1ac8dcef71577ff2bb81661

SHA1
68af939b4c25d898aabe6da134bad6eadfce1311

SHA256
1c05527cfc3620fa7c1785a3d0be28c03ee4cf9183e73276f3d82e7bd6f9f4fb

SHA512
087921ea5ca52f7a2ac0a392abb555284845fac40d7692228010e99abdd1340e6aa860292d34a5d7845882d6a9b98e073c23a16abb44bd9b358a958a95d197cb

Download Submit
C:\Windows\system\xfcReCr.exe

Filesize
6.0MB

MD5
317302c72e6e9f8e220b9223454a55ef

SHA1
4a1a10a08ef3b2c7f59fde19061ea1edd558a099

SHA256
c6a36376d5c9ab79c672fe538ed75f03898b04ada4d8f1359906cb8d73899af1

SHA512
93fd64faf9eafcdea1889bc217f95cb3ff448328920a623afabf40a41d18f5a40482e8d684cbc7b06ec7da8ba86be35ae95eff6d17f07607f5bcec82b1bbb1e5

Download Submit
C:\Windows\system\zdkynSV.exe

Filesize
6.0MB

MD5
05e17c57a4cfc53395fbd40494a237c5

SHA1
ea58ec5783d098ef7b50fe99e43396aec554a014

SHA256
c05007b9ebc239944a1f77a459f098983a73e02cc28bebe19dff32dab0dd9015

SHA512
47d41c398cdd9128e5544bcae769859530903c706c0955e6ee2249df668267b0b51dd77ff5cb57d93d5ac1e62e19c00170a33f1f588b7ab0c7629c35eb263b70

Download Submit
\Windows\system\EyOGnOe.exe

Filesize
6.0MB

MD5
6371ed827701117358e17f1c7c975402

SHA1
ab74daa89c849a0b34e2a4fbb2e36cc02353f8af

SHA256
2bcbb577e28bc428ac2e527c1e2c6189cd24cf6703cff746ba94660804b47a54

SHA512
bf7aee1e9d6c6d54d9cb515d61cdc80b2beb339ad42783ef7d8e2e8c26000d6b3c437826cfc81d2659777eded3a57d40498c2ec878afa70bdd95ac50cf0a6311

Download Submit
\Windows\system\IAJHqzQ.exe

Filesize
6.0MB

MD5
32d90d10a948993633cb8205dbb420db

SHA1
0481f8b7ed155bfb9996bb4071fc7e8f73a1a892

SHA256
ef711c12a4c034f427bdc4a02e5b29a21626bd6344c550f5de39a26b9075b509

SHA512
5a9d244418bf7d121b08007bad5d19d97b17278140c69acf6a1549d2f14eb0f1cefec0ec671039ea613c97c9ccbc13fd52549e86f14aab34978c60d9b80e78dc

Download Submit
\Windows\system\OdLNaca.exe

Filesize
6.0MB

MD5
013f1be8d786695e4b59a00238714df8

SHA1
111843c66c755e1d6b66732ca9a84befd2027d68

SHA256
c0a3ba489be4c7a6e5f4fe19236bb9ee320cf206db816a8c690b82f307b81935

SHA512
ecb35aec75d21c1b36b004f84773beef1af7a507b4e576b7c00e46e9860b353623cb8d62f295f87fd0cf60f3d7a0d5e2bba613f3e6c5cfd9a149cea12f2f7895

Download Submit
\Windows\system\TUJHLWH.exe

Filesize
6.0MB

MD5
754deba4630fa4cdae622546e1785b80

SHA1
2cc6648d6145f9318d55f5178ff1c16c5c32f918

SHA256
efdfdeaa283700d0ce729784e172fd5fabf2b76d9c96ffa1172c435cc993215b

SHA512
fae31930c227e83bf12192e223cb8f903d6843c3bae972d307b03c3a44311ffd8d7c5d4a7ec20dac54a3ec2598c1f4e83f6cea781bf7ef663002a463fca3219a

Download Submit
\Windows\system\XAimoCC.exe

Filesize
6.0MB

MD5
f2cad35ec4ed56255152e2c8319a2d14

SHA1
64974a37aa28eafb196774a75951b1bbaf56e581

SHA256
1880b18d95a46bda39d0e8a01819d5dc77a9ba42d30a836ec7fd43f202a4aa94

SHA512
57cf56daa6a1847ff6268fadebe7ee0ce9e7db4806ba1724aa5346249272807bccf61bc7a0b942f0e4c1438e418e1d271b411e0556a1710211c80c58e6443cd2

Download Submit
\Windows\system\XMAPYVA.exe

Filesize
6.0MB

MD5
93d011a663c8267d5ec2df659a2a95cd

SHA1
abf20010d7a0b45f2707abc85bf85aef9fe21daa

SHA256
06f35d01debb9aabd0f533ca4dc617d2e38b3d421f65622614c095c1ade47f82

SHA512
9265b697cd8bcc1d86b691a34f9e11b807b84c5ccd57e844f2fa73e4e0bf1698bf9681a657bf6e7104101ed2de76012b490ed81a021308c1415f8289bb80c9bb

Download Submit
\Windows\system\myNppMq.exe

Filesize
6.0MB

MD5
e0ac7d130dd7dc48599cc0fd62358916

SHA1
2ce11e79e0eca990ec8b682ec014ccc629043258

SHA256
af83fb5d68fae5c930389c25bb03648bfc536eebb0a04222e0310b25d8f28e19

SHA512
1e7a208f98eec9d2ce844483f1cdbb4e422c762a7aab60f7d7fe65dddf2753082b3f0ec156ecd5e69146f7181973773041a12f51d1a31485a8a0698560790a3e

Download Submit
\Windows\system\viDkeZK.exe

Filesize
6.0MB

MD5
bfa8e4090806113223c51d5414a80d9c

SHA1
4fdc5db001920b05ad8fc653e88d1d7e9c17fc25

SHA256
4d7ea9bc2e62025a33c7ce39596d3d7601a43a7f0ba35e59d2dd300b4b345327

SHA512
185fcb70e888d4fbc74970f33b08eb89b7bd6b8987b5e8c20f616876de7610c2c473b65eaddf96e60fac9445ca49e0cd6d100c0fa34a3b675cfdb71ef594ff86

Download Submit
memory/1764-1441-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-338-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1426-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-13-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1435-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-336-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1764-334-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-20-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-342-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1764-0-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1764-30-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-348-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-145-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1764-346-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-349-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1764-801-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1467-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1468-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1206-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-350-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-344-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1434-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1439-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1440-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-340-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1437-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1764-1438-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2356-4038-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1207-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-22-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-347-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-4046-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-4042-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2540-341-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2564-4041-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-337-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4048-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2584-343-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2628-15-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4037-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2660-333-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4039-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4045-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-339-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-34-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1208-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4049-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4047-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2764-335-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2800-351-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2800-4040-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4036-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2840-14-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4044-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-144-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-4043-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2924-345-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download