cobaltstrike | 7ada9454ad995a90216330d288ff1954cd3db9595c83c751644d753036b138e2

Analysis

max time kernel
77s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e2834e431526039ea1ee10479b00584b
SHA1

05e3f7ce6fd3aa07e277ab33d21f8ac97cf81c5d
SHA256

7ada9454ad995a90216330d288ff1954cd3db9595c83c751644d753036b138e2
SHA512

aefc0f31b789c1b947960311b33ee7bb62fba3ccc68425c881312b01a21dcd3c1e719b86d0a9e57c0902a1f5dc956113fc912d46874ee7763ef0e05397006bf4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b86-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c89-23.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca0-43.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-54.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-90.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4c-66.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d68-70.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2204-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/2292-7-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0008000000016890-9.dat	xmrig
behavioral1/files/0x0008000000016b86-11.dat	xmrig
behavioral1/memory/2008-14-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2300-20-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c89-23.dat	xmrig
behavioral1/memory/2948-29-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2204-24-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2008-40-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ca0-43.dat	xmrig
behavioral1/memory/1748-45-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2204-41-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2420-38-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x00080000000164de-36.dat	xmrig
behavioral1/memory/2204-35-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2292-32-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2300-46-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d22-54.dat	xmrig
behavioral1/memory/2340-59-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2420-57-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/3056-53-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1748-67-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x000d000000018683-74.dat	xmrig
behavioral1/files/0x0005000000018697-78.dat	xmrig
behavioral1/files/0x0005000000018706-82.dat	xmrig
behavioral1/files/0x000500000001870c-86.dat	xmrig
behavioral1/files/0x0006000000018d83-106.dat	xmrig
behavioral1/files/0x0006000000019056-114.dat	xmrig
behavioral1/files/0x0005000000019237-122.dat	xmrig
behavioral1/files/0x0005000000019354-150.dat	xmrig
behavioral1/files/0x000500000001938e-158.dat	xmrig
behavioral1/memory/2440-390-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2968-388-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2104-386-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2172-384-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2344-382-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2700-381-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/3056-423-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2340-425-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0005000000019358-154.dat	xmrig
behavioral1/files/0x00050000000192a1-146.dat	xmrig
behavioral1/files/0x0005000000019299-142.dat	xmrig
behavioral1/files/0x000500000001927a-138.dat	xmrig
behavioral1/files/0x0005000000019274-134.dat	xmrig
behavioral1/memory/2204-431-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2968-603-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019261-130.dat	xmrig
behavioral1/files/0x000500000001924f-126.dat	xmrig
behavioral1/files/0x0005000000019203-118.dat	xmrig
behavioral1/files/0x0006000000018fdf-110.dat	xmrig
behavioral1/files/0x0006000000018d7b-102.dat	xmrig
behavioral1/files/0x0006000000018be7-98.dat	xmrig
behavioral1/files/0x0005000000018745-94.dat	xmrig
behavioral1/files/0x000500000001871c-90.dat	xmrig
behavioral1/files/0x0007000000016d4c-66.dat	xmrig
behavioral1/memory/2204-61-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d68-70.dat	xmrig
behavioral1/memory/2948-52-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf0-51.dat	xmrig
behavioral1/memory/2292-2081-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2300-2129-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2008-2135-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2292	OCjCnoy.exe
2008	rzKGRbO.exe
2300	NoERmEn.exe
2948	qiJpVod.exe
2420	UIWlhYo.exe
1748	rmEoXQr.exe
3056	rLJUuRM.exe
2340	IrxOEBe.exe
2700	vwPTJDK.exe
2344	uOLWYkQ.exe
2172	wKfzdkW.exe
2104	uJfTUvw.exe
2968	kztPOlp.exe
2440	mNOyDPA.exe
860	EblrkhO.exe
2496	wKncxWd.exe
2540	tFYnYPR.exe
2424	uXqNznD.exe
2980	zZxGSLd.exe
3004	iwaPUlm.exe
2316	ziHabZm.exe
1316	ZPGQwXN.exe
1624	PtINHPS.exe
2320	hVlqUPX.exe
1076	nfilrYt.exe
1252	lLeVhfC.exe
1620	zIesnEh.exe
1676	PiTtopG.exe
1940	ZgVuazK.exe
308	MtPsmim.exe
2016	kljHjNw.exe
2824	vdIAXxs.exe
2772	MqQuluI.exe
2764	gNJQxkd.exe
484	gMoxETa.exe
2876	hZdTSBN.exe
2596	lWdbHIT.exe
612	eKaZWUF.exe
2988	dMulEDW.exe
2864	gGlZcSn.exe
2088	BNIgUYi.exe
2760	fkLVCgk.exe
1872	ViFZluj.exe
2152	LNPUHjy.exe
2132	eRhswmM.exe
1064	QwvRxgf.exe
1700	IDMDQhQ.exe
956	URVzEDd.exe
936	kJhRtRv.exe
1716	diUYPlM.exe
864	dPlPUYb.exe
2060	vsCUVwi.exe
1516	DdZFUQf.exe
3060	VbLCBsh.exe
1212	LolyPVv.exe
1692	ssvFEpf.exe
876	gxhZeeG.exe
568	HevhGxy.exe
1540	lJBGZzy.exe
1324	jKxkJnu.exe
2256	maUCAAj.exe
2196	YmQToeg.exe
1256	JAidhak.exe
1768	deIMlAV.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/2292-7-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0008000000016890-9.dat	upx
behavioral1/files/0x0008000000016b86-11.dat	upx
behavioral1/memory/2008-14-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2300-20-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0008000000016c89-23.dat	upx
behavioral1/memory/2948-29-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2204-24-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2008-40-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0008000000016ca0-43.dat	upx
behavioral1/memory/1748-45-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2420-38-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x00080000000164de-36.dat	upx
behavioral1/memory/2292-32-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2300-46-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d22-54.dat	upx
behavioral1/memory/2340-59-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2420-57-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/3056-53-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1748-67-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x000d000000018683-74.dat	upx
behavioral1/files/0x0005000000018697-78.dat	upx
behavioral1/files/0x0005000000018706-82.dat	upx
behavioral1/files/0x000500000001870c-86.dat	upx
behavioral1/files/0x0006000000018d83-106.dat	upx
behavioral1/files/0x0006000000019056-114.dat	upx
behavioral1/files/0x0005000000019237-122.dat	upx
behavioral1/files/0x0005000000019354-150.dat	upx
behavioral1/files/0x000500000001938e-158.dat	upx
behavioral1/memory/2440-390-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2968-388-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2104-386-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2172-384-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2344-382-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2700-381-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/3056-423-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2340-425-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0005000000019358-154.dat	upx
behavioral1/files/0x00050000000192a1-146.dat	upx
behavioral1/files/0x0005000000019299-142.dat	upx
behavioral1/files/0x000500000001927a-138.dat	upx
behavioral1/files/0x0005000000019274-134.dat	upx
behavioral1/memory/2968-603-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0005000000019261-130.dat	upx
behavioral1/files/0x000500000001924f-126.dat	upx
behavioral1/files/0x0005000000019203-118.dat	upx
behavioral1/files/0x0006000000018fdf-110.dat	upx
behavioral1/files/0x0006000000018d7b-102.dat	upx
behavioral1/files/0x0006000000018be7-98.dat	upx
behavioral1/files/0x0005000000018745-94.dat	upx
behavioral1/files/0x000500000001871c-90.dat	upx
behavioral1/files/0x0007000000016d4c-66.dat	upx
behavioral1/files/0x0009000000016d68-70.dat	upx
behavioral1/memory/2948-52-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000016cf0-51.dat	upx
behavioral1/memory/2292-2081-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2300-2129-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2008-2135-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2948-2356-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1748-2601-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2340-2603-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2104-2795-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\umMvbMa.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOGVmzs.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTjlRgh.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxkfeFJ.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKQMgTU.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVQzDJz.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Agohbqo.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRgMxJN.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUSQssc.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMltrCp.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCsgBld.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjcfpXt.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAaFAGm.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIAjLDy.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBBMPJA.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNhSjNV.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFnLftZ.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRFfNsk.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLinhCi.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsGHiLs.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwdgnQT.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqPszUN.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUFuzOG.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJWxglG.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVRhOIi.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sczNKlI.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMPULgL.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSPSXnG.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvwmAmG.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhUbFdg.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwaqPrG.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPDQEdW.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTueNjD.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvQqEMX.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdLSogl.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiQQgEz.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEEnYIU.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQfacMk.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNPcHZV.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqcZcqD.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlOfRgL.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMoxETa.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWAqcxv.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MljOwTi.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKePINs.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiJNakH.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVTIpan.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUzUHrZ.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMCFYAV.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFpmLno.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoIoSgi.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIIqAwU.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YKhviDG.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLOsgGB.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldwnLUH.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFuuWGO.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lldgoQU.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKwTPsE.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icbflVQ.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CISired.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXgxTMy.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDWBBox.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGqNurM.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOeBGHT.exe	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2292	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2204 wrote to memory of 2292	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2204 wrote to memory of 2292	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2204 wrote to memory of 2008	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2204 wrote to memory of 2008	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2204 wrote to memory of 2008	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2204 wrote to memory of 2300	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2300	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2300	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2948	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2948	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2948	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2420	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2420	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2420	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 1748	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 1748	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 1748	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 3056	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 3056	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 3056	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2340	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2340	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2340	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2700	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2700	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2700	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2344	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2344	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2344	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2172	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2172	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2172	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2104	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2104	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2104	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2968	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2968	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2968	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2440	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 2440	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 2440	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 860	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 860	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 860	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 2496	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2496	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2496	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2540	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2540	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2540	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2424	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2424	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2424	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2980	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 2980	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 2980	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 3004	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 3004	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 3004	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 2316	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 2316	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 2316	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 1316	2204	2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_e2834e431526039ea1ee10479b00584b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\System\OCjCnoy.exe
  C:\Windows\System\OCjCnoy.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\rzKGRbO.exe
  C:\Windows\System\rzKGRbO.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\NoERmEn.exe
  C:\Windows\System\NoERmEn.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\qiJpVod.exe
  C:\Windows\System\qiJpVod.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\UIWlhYo.exe
  C:\Windows\System\UIWlhYo.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\rmEoXQr.exe
  C:\Windows\System\rmEoXQr.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\rLJUuRM.exe
  C:\Windows\System\rLJUuRM.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\IrxOEBe.exe
  C:\Windows\System\IrxOEBe.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\vwPTJDK.exe
  C:\Windows\System\vwPTJDK.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\uOLWYkQ.exe
  C:\Windows\System\uOLWYkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\wKfzdkW.exe
  C:\Windows\System\wKfzdkW.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\uJfTUvw.exe
  C:\Windows\System\uJfTUvw.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\kztPOlp.exe
  C:\Windows\System\kztPOlp.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\mNOyDPA.exe
  C:\Windows\System\mNOyDPA.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\EblrkhO.exe
  C:\Windows\System\EblrkhO.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\wKncxWd.exe
  C:\Windows\System\wKncxWd.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\tFYnYPR.exe
  C:\Windows\System\tFYnYPR.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\uXqNznD.exe
  C:\Windows\System\uXqNznD.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\zZxGSLd.exe
  C:\Windows\System\zZxGSLd.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\iwaPUlm.exe
  C:\Windows\System\iwaPUlm.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\ziHabZm.exe
  C:\Windows\System\ziHabZm.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ZPGQwXN.exe
  C:\Windows\System\ZPGQwXN.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\PtINHPS.exe
  C:\Windows\System\PtINHPS.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\hVlqUPX.exe
  C:\Windows\System\hVlqUPX.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\nfilrYt.exe
  C:\Windows\System\nfilrYt.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\lLeVhfC.exe
  C:\Windows\System\lLeVhfC.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\zIesnEh.exe
  C:\Windows\System\zIesnEh.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\PiTtopG.exe
  C:\Windows\System\PiTtopG.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\ZgVuazK.exe
  C:\Windows\System\ZgVuazK.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\MtPsmim.exe
  C:\Windows\System\MtPsmim.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\kljHjNw.exe
  C:\Windows\System\kljHjNw.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\vdIAXxs.exe
  C:\Windows\System\vdIAXxs.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\MqQuluI.exe
  C:\Windows\System\MqQuluI.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\gNJQxkd.exe
  C:\Windows\System\gNJQxkd.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\gMoxETa.exe
  C:\Windows\System\gMoxETa.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\hZdTSBN.exe
  C:\Windows\System\hZdTSBN.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\lWdbHIT.exe
  C:\Windows\System\lWdbHIT.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\eKaZWUF.exe
  C:\Windows\System\eKaZWUF.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\dMulEDW.exe
  C:\Windows\System\dMulEDW.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\gGlZcSn.exe
  C:\Windows\System\gGlZcSn.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\BNIgUYi.exe
  C:\Windows\System\BNIgUYi.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\fkLVCgk.exe
  C:\Windows\System\fkLVCgk.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ViFZluj.exe
  C:\Windows\System\ViFZluj.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\LNPUHjy.exe
  C:\Windows\System\LNPUHjy.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\eRhswmM.exe
  C:\Windows\System\eRhswmM.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\QwvRxgf.exe
  C:\Windows\System\QwvRxgf.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\IDMDQhQ.exe
  C:\Windows\System\IDMDQhQ.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\URVzEDd.exe
  C:\Windows\System\URVzEDd.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\kJhRtRv.exe
  C:\Windows\System\kJhRtRv.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\diUYPlM.exe
  C:\Windows\System\diUYPlM.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\dPlPUYb.exe
  C:\Windows\System\dPlPUYb.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\vsCUVwi.exe
  C:\Windows\System\vsCUVwi.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\DdZFUQf.exe
  C:\Windows\System\DdZFUQf.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\VbLCBsh.exe
  C:\Windows\System\VbLCBsh.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\LolyPVv.exe
  C:\Windows\System\LolyPVv.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\ssvFEpf.exe
  C:\Windows\System\ssvFEpf.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\gxhZeeG.exe
  C:\Windows\System\gxhZeeG.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\HevhGxy.exe
  C:\Windows\System\HevhGxy.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\lJBGZzy.exe
  C:\Windows\System\lJBGZzy.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\jKxkJnu.exe
  C:\Windows\System\jKxkJnu.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\maUCAAj.exe
  C:\Windows\System\maUCAAj.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\YmQToeg.exe
  C:\Windows\System\YmQToeg.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\JAidhak.exe
  C:\Windows\System\JAidhak.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\deIMlAV.exe
  C:\Windows\System\deIMlAV.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\RnteOxx.exe
  C:\Windows\System\RnteOxx.exe
  2⤵
  PID:1792
- C:\Windows\System\LuqARwl.exe
  C:\Windows\System\LuqARwl.exe
  2⤵
  PID:708
- C:\Windows\System\EDDNCPO.exe
  C:\Windows\System\EDDNCPO.exe
  2⤵
  PID:1744
- C:\Windows\System\TpwlYQN.exe
  C:\Windows\System\TpwlYQN.exe
  2⤵
  PID:2480
- C:\Windows\System\DIlFMuB.exe
  C:\Windows\System\DIlFMuB.exe
  2⤵
  PID:2064
- C:\Windows\System\NXYqjal.exe
  C:\Windows\System\NXYqjal.exe
  2⤵
  PID:2080
- C:\Windows\System\iUaZeDm.exe
  C:\Windows\System\iUaZeDm.exe
  2⤵
  PID:1784
- C:\Windows\System\cggXwTQ.exe
  C:\Windows\System\cggXwTQ.exe
  2⤵
  PID:1600
- C:\Windows\System\LphHmdl.exe
  C:\Windows\System\LphHmdl.exe
  2⤵
  PID:2280
- C:\Windows\System\rQCaTtF.exe
  C:\Windows\System\rQCaTtF.exe
  2⤵
  PID:2272
- C:\Windows\System\vLlPzpv.exe
  C:\Windows\System\vLlPzpv.exe
  2⤵
  PID:2940
- C:\Windows\System\HuKEIRq.exe
  C:\Windows\System\HuKEIRq.exe
  2⤵
  PID:2244
- C:\Windows\System\DsLlepI.exe
  C:\Windows\System\DsLlepI.exe
  2⤵
  PID:3024
- C:\Windows\System\CpJOjIY.exe
  C:\Windows\System\CpJOjIY.exe
  2⤵
  PID:2180
- C:\Windows\System\FaRukeJ.exe
  C:\Windows\System\FaRukeJ.exe
  2⤵
  PID:1608
- C:\Windows\System\XbOfBoD.exe
  C:\Windows\System\XbOfBoD.exe
  2⤵
  PID:2580
- C:\Windows\System\kQjFqYg.exe
  C:\Windows\System\kQjFqYg.exe
  2⤵
  PID:1528
- C:\Windows\System\RUxSBXT.exe
  C:\Windows\System\RUxSBXT.exe
  2⤵
  PID:2200
- C:\Windows\System\zRCSdIP.exe
  C:\Windows\System\zRCSdIP.exe
  2⤵
  PID:2644
- C:\Windows\System\JrLXtWH.exe
  C:\Windows\System\JrLXtWH.exe
  2⤵
  PID:3028
- C:\Windows\System\dAZeWWV.exe
  C:\Windows\System\dAZeWWV.exe
  2⤵
  PID:2628
- C:\Windows\System\bjfrHkm.exe
  C:\Windows\System\bjfrHkm.exe
  2⤵
  PID:2364
- C:\Windows\System\UdnhTFg.exe
  C:\Windows\System\UdnhTFg.exe
  2⤵
  PID:2784
- C:\Windows\System\AxTxdAv.exe
  C:\Windows\System\AxTxdAv.exe
  2⤵
  PID:2880
- C:\Windows\System\UfOUPGo.exe
  C:\Windows\System\UfOUPGo.exe
  2⤵
  PID:2932
- C:\Windows\System\qSRcCdS.exe
  C:\Windows\System\qSRcCdS.exe
  2⤵
  PID:2568
- C:\Windows\System\WtUSYSd.exe
  C:\Windows\System\WtUSYSd.exe
  2⤵
  PID:1648
- C:\Windows\System\hdfVovm.exe
  C:\Windows\System\hdfVovm.exe
  2⤵
  PID:1380
- C:\Windows\System\nsuBgdX.exe
  C:\Windows\System\nsuBgdX.exe
  2⤵
  PID:1368
- C:\Windows\System\eMUCubK.exe
  C:\Windows\System\eMUCubK.exe
  2⤵
  PID:1436
- C:\Windows\System\dCgUdcK.exe
  C:\Windows\System\dCgUdcK.exe
  2⤵
  PID:628
- C:\Windows\System\EANMrtL.exe
  C:\Windows\System\EANMrtL.exe
  2⤵
  PID:2032
- C:\Windows\System\CyqEUvQ.exe
  C:\Windows\System\CyqEUvQ.exe
  2⤵
  PID:2836
- C:\Windows\System\LYxFyVV.exe
  C:\Windows\System\LYxFyVV.exe
  2⤵
  PID:692
- C:\Windows\System\OHAXUfu.exe
  C:\Windows\System\OHAXUfu.exe
  2⤵
  PID:2844
- C:\Windows\System\pKbkFta.exe
  C:\Windows\System\pKbkFta.exe
  2⤵
  PID:2268
- C:\Windows\System\icbflVQ.exe
  C:\Windows\System\icbflVQ.exe
  2⤵
  PID:596
- C:\Windows\System\vaqvGyb.exe
  C:\Windows\System\vaqvGyb.exe
  2⤵
  PID:448
- C:\Windows\System\lttFSzK.exe
  C:\Windows\System\lttFSzK.exe
  2⤵
  PID:1800
- C:\Windows\System\QbMAlxX.exe
  C:\Windows\System\QbMAlxX.exe
  2⤵
  PID:2852
- C:\Windows\System\NXUPewL.exe
  C:\Windows\System\NXUPewL.exe
  2⤵
  PID:2436
- C:\Windows\System\KAtGwQM.exe
  C:\Windows\System\KAtGwQM.exe
  2⤵
  PID:1556
- C:\Windows\System\ateBxmb.exe
  C:\Windows\System\ateBxmb.exe
  2⤵
  PID:2404
- C:\Windows\System\xuwIVDo.exe
  C:\Windows\System\xuwIVDo.exe
  2⤵
  PID:2904
- C:\Windows\System\xCbjAKt.exe
  C:\Windows\System\xCbjAKt.exe
  2⤵
  PID:2288
- C:\Windows\System\BkEcUPd.exe
  C:\Windows\System\BkEcUPd.exe
  2⤵
  PID:2252
- C:\Windows\System\QoEHjCf.exe
  C:\Windows\System\QoEHjCf.exe
  2⤵
  PID:1976
- C:\Windows\System\hMzOrAv.exe
  C:\Windows\System\hMzOrAv.exe
  2⤵
  PID:2000
- C:\Windows\System\vvfUzyW.exe
  C:\Windows\System\vvfUzyW.exe
  2⤵
  PID:1808
- C:\Windows\System\cXLnatS.exe
  C:\Windows\System\cXLnatS.exe
  2⤵
  PID:2840
- C:\Windows\System\NrTBQNf.exe
  C:\Windows\System\NrTBQNf.exe
  2⤵
  PID:2416
- C:\Windows\System\NOTlVMY.exe
  C:\Windows\System\NOTlVMY.exe
  2⤵
  PID:804
- C:\Windows\System\aRRuuMF.exe
  C:\Windows\System\aRRuuMF.exe
  2⤵
  PID:3016
- C:\Windows\System\iWAqcxv.exe
  C:\Windows\System\iWAqcxv.exe
  2⤵
  PID:560
- C:\Windows\System\VpaClVr.exe
  C:\Windows\System\VpaClVr.exe
  2⤵
  PID:2128
- C:\Windows\System\PllzPrI.exe
  C:\Windows\System\PllzPrI.exe
  2⤵
  PID:1708
- C:\Windows\System\eCiPIKD.exe
  C:\Windows\System\eCiPIKD.exe
  2⤵
  PID:1868
- C:\Windows\System\qqhsyFN.exe
  C:\Windows\System\qqhsyFN.exe
  2⤵
  PID:2384
- C:\Windows\System\eMCFYAV.exe
  C:\Windows\System\eMCFYAV.exe
  2⤵
  PID:1568
- C:\Windows\System\eDbXLyE.exe
  C:\Windows\System\eDbXLyE.exe
  2⤵
  PID:2652
- C:\Windows\System\QSJYqnZ.exe
  C:\Windows\System\QSJYqnZ.exe
  2⤵
  PID:2960
- C:\Windows\System\DqLxyFy.exe
  C:\Windows\System\DqLxyFy.exe
  2⤵
  PID:1844
- C:\Windows\System\CVKjntO.exe
  C:\Windows\System\CVKjntO.exe
  2⤵
  PID:1100
- C:\Windows\System\kLsUdjM.exe
  C:\Windows\System\kLsUdjM.exe
  2⤵
  PID:908
- C:\Windows\System\zqWhdHt.exe
  C:\Windows\System\zqWhdHt.exe
  2⤵
  PID:2804
- C:\Windows\System\KAnTMOm.exe
  C:\Windows\System\KAnTMOm.exe
  2⤵
  PID:2732
- C:\Windows\System\uqIuUIA.exe
  C:\Windows\System\uqIuUIA.exe
  2⤵
  PID:1760
- C:\Windows\System\qJqIYXG.exe
  C:\Windows\System\qJqIYXG.exe
  2⤵
  PID:2560
- C:\Windows\System\zQGpxOS.exe
  C:\Windows\System\zQGpxOS.exe
  2⤵
  PID:2812
- C:\Windows\System\wCTFzAL.exe
  C:\Windows\System\wCTFzAL.exe
  2⤵
  PID:2512
- C:\Windows\System\zPrNipU.exe
  C:\Windows\System\zPrNipU.exe
  2⤵
  PID:2984
- C:\Windows\System\AWgNOaB.exe
  C:\Windows\System\AWgNOaB.exe
  2⤵
  PID:1144
- C:\Windows\System\AnTWuOp.exe
  C:\Windows\System\AnTWuOp.exe
  2⤵
  PID:536
- C:\Windows\System\IvKfQjt.exe
  C:\Windows\System\IvKfQjt.exe
  2⤵
  PID:2748
- C:\Windows\System\inNPbgv.exe
  C:\Windows\System\inNPbgv.exe
  2⤵
  PID:1384
- C:\Windows\System\lfIocaO.exe
  C:\Windows\System\lfIocaO.exe
  2⤵
  PID:2676
- C:\Windows\System\WFGHcdO.exe
  C:\Windows\System\WFGHcdO.exe
  2⤵
  PID:2036
- C:\Windows\System\ZrPcrFF.exe
  C:\Windows\System\ZrPcrFF.exe
  2⤵
  PID:1576
- C:\Windows\System\gesjzGV.exe
  C:\Windows\System\gesjzGV.exe
  2⤵
  PID:2248
- C:\Windows\System\SgjWfzQ.exe
  C:\Windows\System\SgjWfzQ.exe
  2⤵
  PID:1124
- C:\Windows\System\mBBusEE.exe
  C:\Windows\System\mBBusEE.exe
  2⤵
  PID:1172
- C:\Windows\System\vxxjlIX.exe
  C:\Windows\System\vxxjlIX.exe
  2⤵
  PID:1432
- C:\Windows\System\vVwjWCh.exe
  C:\Windows\System\vVwjWCh.exe
  2⤵
  PID:2964
- C:\Windows\System\rIxelXd.exe
  C:\Windows\System\rIxelXd.exe
  2⤵
  PID:2716
- C:\Windows\System\umMvbMa.exe
  C:\Windows\System\umMvbMa.exe
  2⤵
  PID:2504
- C:\Windows\System\Pkyhetg.exe
  C:\Windows\System\Pkyhetg.exe
  2⤵
  PID:3012
- C:\Windows\System\XnKgLLP.exe
  C:\Windows\System\XnKgLLP.exe
  2⤵
  PID:2600
- C:\Windows\System\oiKRRXa.exe
  C:\Windows\System\oiKRRXa.exe
  2⤵
  PID:2656
- C:\Windows\System\nFpmLno.exe
  C:\Windows\System\nFpmLno.exe
  2⤵
  PID:1208
- C:\Windows\System\XMGoODV.exe
  C:\Windows\System\XMGoODV.exe
  2⤵
  PID:1816
- C:\Windows\System\xZMeedQ.exe
  C:\Windows\System\xZMeedQ.exe
  2⤵
  PID:3008
- C:\Windows\System\tyXbAYG.exe
  C:\Windows\System\tyXbAYG.exe
  2⤵
  PID:2780
- C:\Windows\System\SQEWXdG.exe
  C:\Windows\System\SQEWXdG.exe
  2⤵
  PID:2472
- C:\Windows\System\WdQnaMU.exe
  C:\Windows\System\WdQnaMU.exe
  2⤵
  PID:1952
- C:\Windows\System\tNMvYDh.exe
  C:\Windows\System\tNMvYDh.exe
  2⤵
  PID:1596
- C:\Windows\System\tbFceDF.exe
  C:\Windows\System\tbFceDF.exe
  2⤵
  PID:3068
- C:\Windows\System\yvjQnEd.exe
  C:\Windows\System\yvjQnEd.exe
  2⤵
  PID:2372
- C:\Windows\System\TKjCmMA.exe
  C:\Windows\System\TKjCmMA.exe
  2⤵
  PID:2688
- C:\Windows\System\pOxqjYq.exe
  C:\Windows\System\pOxqjYq.exe
  2⤵
  PID:2692
- C:\Windows\System\rNFEMEn.exe
  C:\Windows\System\rNFEMEn.exe
  2⤵
  PID:2492
- C:\Windows\System\oWqbgQI.exe
  C:\Windows\System\oWqbgQI.exe
  2⤵
  PID:1396
- C:\Windows\System\ZoIoSgi.exe
  C:\Windows\System\ZoIoSgi.exe
  2⤵
  PID:2868
- C:\Windows\System\kFcJEnw.exe
  C:\Windows\System\kFcJEnw.exe
  2⤵
  PID:2232
- C:\Windows\System\QQtYBpS.exe
  C:\Windows\System\QQtYBpS.exe
  2⤵
  PID:2020
- C:\Windows\System\wKGFFox.exe
  C:\Windows\System\wKGFFox.exe
  2⤵
  PID:2604
- C:\Windows\System\tMDjEdM.exe
  C:\Windows\System\tMDjEdM.exe
  2⤵
  PID:1948
- C:\Windows\System\XvQqEMX.exe
  C:\Windows\System\XvQqEMX.exe
  2⤵
  PID:1812
- C:\Windows\System\YxrDzye.exe
  C:\Windows\System\YxrDzye.exe
  2⤵
  PID:2796
- C:\Windows\System\ZyTorTg.exe
  C:\Windows\System\ZyTorTg.exe
  2⤵
  PID:3020
- C:\Windows\System\NTUeCOo.exe
  C:\Windows\System\NTUeCOo.exe
  2⤵
  PID:2012
- C:\Windows\System\ycKujug.exe
  C:\Windows\System\ycKujug.exe
  2⤵
  PID:2620
- C:\Windows\System\uXKVcSI.exe
  C:\Windows\System\uXKVcSI.exe
  2⤵
  PID:2284
- C:\Windows\System\sGoSZCy.exe
  C:\Windows\System\sGoSZCy.exe
  2⤵
  PID:788
- C:\Windows\System\XUEeXUW.exe
  C:\Windows\System\XUEeXUW.exe
  2⤵
  PID:2920
- C:\Windows\System\silZrou.exe
  C:\Windows\System\silZrou.exe
  2⤵
  PID:2756
- C:\Windows\System\eOgJNNT.exe
  C:\Windows\System\eOgJNNT.exe
  2⤵
  PID:3096
- C:\Windows\System\ylPLutG.exe
  C:\Windows\System\ylPLutG.exe
  2⤵
  PID:3112
- C:\Windows\System\amnxnJt.exe
  C:\Windows\System\amnxnJt.exe
  2⤵
  PID:3128
- C:\Windows\System\NseMMAl.exe
  C:\Windows\System\NseMMAl.exe
  2⤵
  PID:3152
- C:\Windows\System\eMltrCp.exe
  C:\Windows\System\eMltrCp.exe
  2⤵
  PID:3172
- C:\Windows\System\OJvAPtK.exe
  C:\Windows\System\OJvAPtK.exe
  2⤵
  PID:3192
- C:\Windows\System\ZvcZZnk.exe
  C:\Windows\System\ZvcZZnk.exe
  2⤵
  PID:3212
- C:\Windows\System\cuJpFKY.exe
  C:\Windows\System\cuJpFKY.exe
  2⤵
  PID:3232
- C:\Windows\System\nJYtJhH.exe
  C:\Windows\System\nJYtJhH.exe
  2⤵
  PID:3248
- C:\Windows\System\vdkHfEG.exe
  C:\Windows\System\vdkHfEG.exe
  2⤵
  PID:3264
- C:\Windows\System\oowVcHm.exe
  C:\Windows\System\oowVcHm.exe
  2⤵
  PID:3280
- C:\Windows\System\gmZMKoy.exe
  C:\Windows\System\gmZMKoy.exe
  2⤵
  PID:3316
- C:\Windows\System\bnSYHYy.exe
  C:\Windows\System\bnSYHYy.exe
  2⤵
  PID:3336
- C:\Windows\System\yefbUwr.exe
  C:\Windows\System\yefbUwr.exe
  2⤵
  PID:3356
- C:\Windows\System\iKNzZhT.exe
  C:\Windows\System\iKNzZhT.exe
  2⤵
  PID:3376
- C:\Windows\System\xwdYknV.exe
  C:\Windows\System\xwdYknV.exe
  2⤵
  PID:3396
- C:\Windows\System\zfIdLmg.exe
  C:\Windows\System\zfIdLmg.exe
  2⤵
  PID:3416
- C:\Windows\System\OYUFMPG.exe
  C:\Windows\System\OYUFMPG.exe
  2⤵
  PID:3432
- C:\Windows\System\qTVMnFP.exe
  C:\Windows\System\qTVMnFP.exe
  2⤵
  PID:3448
- C:\Windows\System\vbnQHqU.exe
  C:\Windows\System\vbnQHqU.exe
  2⤵
  PID:3464
- C:\Windows\System\ECFzGPZ.exe
  C:\Windows\System\ECFzGPZ.exe
  2⤵
  PID:3480
- C:\Windows\System\MnjbyMV.exe
  C:\Windows\System\MnjbyMV.exe
  2⤵
  PID:3500
- C:\Windows\System\mZowXvl.exe
  C:\Windows\System\mZowXvl.exe
  2⤵
  PID:3516
- C:\Windows\System\GLdkBRC.exe
  C:\Windows\System\GLdkBRC.exe
  2⤵
  PID:3532
- C:\Windows\System\CbBCEvf.exe
  C:\Windows\System\CbBCEvf.exe
  2⤵
  PID:3548
- C:\Windows\System\GduykYr.exe
  C:\Windows\System\GduykYr.exe
  2⤵
  PID:3572
- C:\Windows\System\SGpJANX.exe
  C:\Windows\System\SGpJANX.exe
  2⤵
  PID:3588
- C:\Windows\System\aUaMfpn.exe
  C:\Windows\System\aUaMfpn.exe
  2⤵
  PID:3612
- C:\Windows\System\xwdKbUd.exe
  C:\Windows\System\xwdKbUd.exe
  2⤵
  PID:3628
- C:\Windows\System\iDyRPMU.exe
  C:\Windows\System\iDyRPMU.exe
  2⤵
  PID:3644
- C:\Windows\System\KirlDTx.exe
  C:\Windows\System\KirlDTx.exe
  2⤵
  PID:3664
- C:\Windows\System\icrZaOW.exe
  C:\Windows\System\icrZaOW.exe
  2⤵
  PID:3688
- C:\Windows\System\CDxnSvt.exe
  C:\Windows\System\CDxnSvt.exe
  2⤵
  PID:3732
- C:\Windows\System\AbdNjsj.exe
  C:\Windows\System\AbdNjsj.exe
  2⤵
  PID:3748
- C:\Windows\System\hDuZlNb.exe
  C:\Windows\System\hDuZlNb.exe
  2⤵
  PID:3780
- C:\Windows\System\TjkFDFz.exe
  C:\Windows\System\TjkFDFz.exe
  2⤵
  PID:3796
- C:\Windows\System\TlCOCMY.exe
  C:\Windows\System\TlCOCMY.exe
  2⤵
  PID:3812
- C:\Windows\System\AdLSogl.exe
  C:\Windows\System\AdLSogl.exe
  2⤵
  PID:3832
- C:\Windows\System\oivBfgD.exe
  C:\Windows\System\oivBfgD.exe
  2⤵
  PID:3848
- C:\Windows\System\VVJKPmW.exe
  C:\Windows\System\VVJKPmW.exe
  2⤵
  PID:3864
- C:\Windows\System\rlKQpRv.exe
  C:\Windows\System\rlKQpRv.exe
  2⤵
  PID:3880
- C:\Windows\System\cTDLhnB.exe
  C:\Windows\System\cTDLhnB.exe
  2⤵
  PID:3904
- C:\Windows\System\QorbXYO.exe
  C:\Windows\System\QorbXYO.exe
  2⤵
  PID:3920
- C:\Windows\System\zdKVeSu.exe
  C:\Windows\System\zdKVeSu.exe
  2⤵
  PID:3940
- C:\Windows\System\CVVBnSy.exe
  C:\Windows\System\CVVBnSy.exe
  2⤵
  PID:3980
- C:\Windows\System\JemjCxr.exe
  C:\Windows\System\JemjCxr.exe
  2⤵
  PID:3996
- C:\Windows\System\HolwMFW.exe
  C:\Windows\System\HolwMFW.exe
  2⤵
  PID:4012
- C:\Windows\System\wIIqAwU.exe
  C:\Windows\System\wIIqAwU.exe
  2⤵
  PID:4040
- C:\Windows\System\ziiLYLS.exe
  C:\Windows\System\ziiLYLS.exe
  2⤵
  PID:4060
- C:\Windows\System\yzbgDcr.exe
  C:\Windows\System\yzbgDcr.exe
  2⤵
  PID:4076
- C:\Windows\System\ynmwuhG.exe
  C:\Windows\System\ynmwuhG.exe
  2⤵
  PID:4092
- C:\Windows\System\YKhviDG.exe
  C:\Windows\System\YKhviDG.exe
  2⤵
  PID:2624
- C:\Windows\System\sZediHc.exe
  C:\Windows\System\sZediHc.exe
  2⤵
  PID:2744
- C:\Windows\System\cvYSfbF.exe
  C:\Windows\System\cvYSfbF.exe
  2⤵
  PID:2536
- C:\Windows\System\FMPULgL.exe
  C:\Windows\System\FMPULgL.exe
  2⤵
  PID:3092
- C:\Windows\System\BlTPtHN.exe
  C:\Windows\System\BlTPtHN.exe
  2⤵
  PID:3184
- C:\Windows\System\qJWRWkq.exe
  C:\Windows\System\qJWRWkq.exe
  2⤵
  PID:3200
- C:\Windows\System\wOTJsnb.exe
  C:\Windows\System\wOTJsnb.exe
  2⤵
  PID:3208
- C:\Windows\System\XbPCcgR.exe
  C:\Windows\System\XbPCcgR.exe
  2⤵
  PID:3256
- C:\Windows\System\TREgClW.exe
  C:\Windows\System\TREgClW.exe
  2⤵
  PID:3296
- C:\Windows\System\LZzBDmM.exe
  C:\Windows\System\LZzBDmM.exe
  2⤵
  PID:3348
- C:\Windows\System\vcFbcyL.exe
  C:\Windows\System\vcFbcyL.exe
  2⤵
  PID:3328
- C:\Windows\System\eYurqca.exe
  C:\Windows\System\eYurqca.exe
  2⤵
  PID:3364
- C:\Windows\System\chQRXxg.exe
  C:\Windows\System\chQRXxg.exe
  2⤵
  PID:3392
- C:\Windows\System\VbPDilD.exe
  C:\Windows\System\VbPDilD.exe
  2⤵
  PID:3460
- C:\Windows\System\aYqZFfi.exe
  C:\Windows\System\aYqZFfi.exe
  2⤵
  PID:3564
- C:\Windows\System\DnSXCNA.exe
  C:\Windows\System\DnSXCNA.exe
  2⤵
  PID:3636
- C:\Windows\System\nIaQWwM.exe
  C:\Windows\System\nIaQWwM.exe
  2⤵
  PID:3508
- C:\Windows\System\KQOgugR.exe
  C:\Windows\System\KQOgugR.exe
  2⤵
  PID:3584
- C:\Windows\System\ktnThsl.exe
  C:\Windows\System\ktnThsl.exe
  2⤵
  PID:3696
- C:\Windows\System\wqgZRWm.exe
  C:\Windows\System\wqgZRWm.exe
  2⤵
  PID:3708
- C:\Windows\System\FTAhhZF.exe
  C:\Windows\System\FTAhhZF.exe
  2⤵
  PID:3656
- C:\Windows\System\bAoRnPX.exe
  C:\Windows\System\bAoRnPX.exe
  2⤵
  PID:3704
- C:\Windows\System\hszuljT.exe
  C:\Windows\System\hszuljT.exe
  2⤵
  PID:3772
- C:\Windows\System\nkVcaaH.exe
  C:\Windows\System\nkVcaaH.exe
  2⤵
  PID:3764
- C:\Windows\System\eeHbhGc.exe
  C:\Windows\System\eeHbhGc.exe
  2⤵
  PID:3820
- C:\Windows\System\eEtCGaX.exe
  C:\Windows\System\eEtCGaX.exe
  2⤵
  PID:3860
- C:\Windows\System\AHesvwB.exe
  C:\Windows\System\AHesvwB.exe
  2⤵
  PID:3900
- C:\Windows\System\GvgzTaK.exe
  C:\Windows\System\GvgzTaK.exe
  2⤵
  PID:3948
- C:\Windows\System\kWYeSvZ.exe
  C:\Windows\System\kWYeSvZ.exe
  2⤵
  PID:3808
- C:\Windows\System\bnURDZv.exe
  C:\Windows\System\bnURDZv.exe
  2⤵
  PID:3876
- C:\Windows\System\qnvyFix.exe
  C:\Windows\System\qnvyFix.exe
  2⤵
  PID:3988
- C:\Windows\System\uxHZjOs.exe
  C:\Windows\System\uxHZjOs.exe
  2⤵
  PID:3968
- C:\Windows\System\sVuRvoh.exe
  C:\Windows\System\sVuRvoh.exe
  2⤵
  PID:3964
- C:\Windows\System\ATDugmF.exe
  C:\Windows\System\ATDugmF.exe
  2⤵
  PID:4072
- C:\Windows\System\BNjnnof.exe
  C:\Windows\System\BNjnnof.exe
  2⤵
  PID:3088
- C:\Windows\System\rPunkdv.exe
  C:\Windows\System\rPunkdv.exe
  2⤵
  PID:3228
- C:\Windows\System\hDnVxHo.exe
  C:\Windows\System\hDnVxHo.exe
  2⤵
  PID:3260
- C:\Windows\System\NshHkbV.exe
  C:\Windows\System\NshHkbV.exe
  2⤵
  PID:3976
- C:\Windows\System\BdHxWQf.exe
  C:\Windows\System\BdHxWQf.exe
  2⤵
  PID:3272
- C:\Windows\System\VzNBYRy.exe
  C:\Windows\System\VzNBYRy.exe
  2⤵
  PID:3676
- C:\Windows\System\ZszPCZd.exe
  C:\Windows\System\ZszPCZd.exe
  2⤵
  PID:3896
- C:\Windows\System\kVYOpfF.exe
  C:\Windows\System\kVYOpfF.exe
  2⤵
  PID:3956
- C:\Windows\System\ksSPdnG.exe
  C:\Windows\System\ksSPdnG.exe
  2⤵
  PID:3544
- C:\Windows\System\RbpzwwP.exe
  C:\Windows\System\RbpzwwP.exe
  2⤵
  PID:3476
- C:\Windows\System\KTnHvAm.exe
  C:\Windows\System\KTnHvAm.exe
  2⤵
  PID:3740
- C:\Windows\System\QXkKeCB.exe
  C:\Windows\System\QXkKeCB.exe
  2⤵
  PID:2808
- C:\Windows\System\usGvFqf.exe
  C:\Windows\System\usGvFqf.exe
  2⤵
  PID:4068
- C:\Windows\System\OPkjkVD.exe
  C:\Windows\System\OPkjkVD.exe
  2⤵
  PID:3188
- C:\Windows\System\rMQFcKY.exe
  C:\Windows\System\rMQFcKY.exe
  2⤵
  PID:3352
- C:\Windows\System\CJcfKuq.exe
  C:\Windows\System\CJcfKuq.exe
  2⤵
  PID:3292
- C:\Windows\System\XWNIARf.exe
  C:\Windows\System\XWNIARf.exe
  2⤵
  PID:4008
- C:\Windows\System\tImaPuk.exe
  C:\Windows\System\tImaPuk.exe
  2⤵
  PID:3080
- C:\Windows\System\RMLGlEz.exe
  C:\Windows\System\RMLGlEz.exe
  2⤵
  PID:2544
- C:\Windows\System\XCsgBld.exe
  C:\Windows\System\XCsgBld.exe
  2⤵
  PID:3560
- C:\Windows\System\TBQIgDL.exe
  C:\Windows\System\TBQIgDL.exe
  2⤵
  PID:4084
- C:\Windows\System\RoKRTUJ.exe
  C:\Windows\System\RoKRTUJ.exe
  2⤵
  PID:3652
- C:\Windows\System\LfEaFAA.exe
  C:\Windows\System\LfEaFAA.exe
  2⤵
  PID:3792
- C:\Windows\System\fnGjCnD.exe
  C:\Windows\System\fnGjCnD.exe
  2⤵
  PID:3788
- C:\Windows\System\CuZZmmS.exe
  C:\Windows\System\CuZZmmS.exe
  2⤵
  PID:1004
- C:\Windows\System\PphDbjX.exe
  C:\Windows\System\PphDbjX.exe
  2⤵
  PID:3168
- C:\Windows\System\DGjbEBa.exe
  C:\Windows\System\DGjbEBa.exe
  2⤵
  PID:3496
- C:\Windows\System\dxOsApW.exe
  C:\Windows\System\dxOsApW.exe
  2⤵
  PID:4056
- C:\Windows\System\QopJzOK.exe
  C:\Windows\System\QopJzOK.exe
  2⤵
  PID:3308
- C:\Windows\System\tojHfKY.exe
  C:\Windows\System\tojHfKY.exe
  2⤵
  PID:3368
- C:\Windows\System\HgGkBGq.exe
  C:\Windows\System\HgGkBGq.exe
  2⤵
  PID:3724
- C:\Windows\System\ZBZLVKt.exe
  C:\Windows\System\ZBZLVKt.exe
  2⤵
  PID:3444
- C:\Windows\System\XhiRONd.exe
  C:\Windows\System\XhiRONd.exe
  2⤵
  PID:4024
- C:\Windows\System\sgcPHpV.exe
  C:\Windows\System\sgcPHpV.exe
  2⤵
  PID:3136
- C:\Windows\System\vGUYBQX.exe
  C:\Windows\System\vGUYBQX.exe
  2⤵
  PID:3556
- C:\Windows\System\Wnjtsjy.exe
  C:\Windows\System\Wnjtsjy.exe
  2⤵
  PID:3580
- C:\Windows\System\geRjUUg.exe
  C:\Windows\System\geRjUUg.exe
  2⤵
  PID:3684
- C:\Windows\System\nRtJfOX.exe
  C:\Windows\System\nRtJfOX.exe
  2⤵
  PID:3912
- C:\Windows\System\VrYkGMV.exe
  C:\Windows\System\VrYkGMV.exe
  2⤵
  PID:3404
- C:\Windows\System\ITQGFnj.exe
  C:\Windows\System\ITQGFnj.exe
  2⤵
  PID:3600
- C:\Windows\System\ULpGKZe.exe
  C:\Windows\System\ULpGKZe.exe
  2⤵
  PID:3952
- C:\Windows\System\RRgXMFK.exe
  C:\Windows\System\RRgXMFK.exe
  2⤵
  PID:1000
- C:\Windows\System\gsFhSXu.exe
  C:\Windows\System\gsFhSXu.exe
  2⤵
  PID:4104
- C:\Windows\System\BiSkbYM.exe
  C:\Windows\System\BiSkbYM.exe
  2⤵
  PID:4120
- C:\Windows\System\tHuousp.exe
  C:\Windows\System\tHuousp.exe
  2⤵
  PID:4136
- C:\Windows\System\GPcPSBV.exe
  C:\Windows\System\GPcPSBV.exe
  2⤵
  PID:4156
- C:\Windows\System\rKQMgTU.exe
  C:\Windows\System\rKQMgTU.exe
  2⤵
  PID:4188
- C:\Windows\System\JXUoPGM.exe
  C:\Windows\System\JXUoPGM.exe
  2⤵
  PID:4204
- C:\Windows\System\NvChAPO.exe
  C:\Windows\System\NvChAPO.exe
  2⤵
  PID:4224
- C:\Windows\System\LiFvcrS.exe
  C:\Windows\System\LiFvcrS.exe
  2⤵
  PID:4244
- C:\Windows\System\PtlqXHa.exe
  C:\Windows\System\PtlqXHa.exe
  2⤵
  PID:4268
- C:\Windows\System\MugkOuc.exe
  C:\Windows\System\MugkOuc.exe
  2⤵
  PID:4284
- C:\Windows\System\MLgKWbu.exe
  C:\Windows\System\MLgKWbu.exe
  2⤵
  PID:4300
- C:\Windows\System\BRBKpDl.exe
  C:\Windows\System\BRBKpDl.exe
  2⤵
  PID:4316
- C:\Windows\System\JfFZPIu.exe
  C:\Windows\System\JfFZPIu.exe
  2⤵
  PID:4336
- C:\Windows\System\FIhsgqf.exe
  C:\Windows\System\FIhsgqf.exe
  2⤵
  PID:4352
- C:\Windows\System\jrJrmtV.exe
  C:\Windows\System\jrJrmtV.exe
  2⤵
  PID:4368
- C:\Windows\System\ucAAAFl.exe
  C:\Windows\System\ucAAAFl.exe
  2⤵
  PID:4388
- C:\Windows\System\PvsRutY.exe
  C:\Windows\System\PvsRutY.exe
  2⤵
  PID:4424
- C:\Windows\System\EsUASkX.exe
  C:\Windows\System\EsUASkX.exe
  2⤵
  PID:4440
- C:\Windows\System\eiPQUjv.exe
  C:\Windows\System\eiPQUjv.exe
  2⤵
  PID:4468
- C:\Windows\System\sAvpEbW.exe
  C:\Windows\System\sAvpEbW.exe
  2⤵
  PID:4484
- C:\Windows\System\IUgxgwv.exe
  C:\Windows\System\IUgxgwv.exe
  2⤵
  PID:4500
- C:\Windows\System\lPjeJWH.exe
  C:\Windows\System\lPjeJWH.exe
  2⤵
  PID:4516
- C:\Windows\System\tgdlwdD.exe
  C:\Windows\System\tgdlwdD.exe
  2⤵
  PID:4536
- C:\Windows\System\wYOxHMh.exe
  C:\Windows\System\wYOxHMh.exe
  2⤵
  PID:4552
- C:\Windows\System\Zaysfaa.exe
  C:\Windows\System\Zaysfaa.exe
  2⤵
  PID:4580
- C:\Windows\System\WjcfpXt.exe
  C:\Windows\System\WjcfpXt.exe
  2⤵
  PID:4596
- C:\Windows\System\ZsJdyOq.exe
  C:\Windows\System\ZsJdyOq.exe
  2⤵
  PID:4612
- C:\Windows\System\VlxrZJX.exe
  C:\Windows\System\VlxrZJX.exe
  2⤵
  PID:4644
- C:\Windows\System\TWQkOUl.exe
  C:\Windows\System\TWQkOUl.exe
  2⤵
  PID:4660
- C:\Windows\System\vEkXybr.exe
  C:\Windows\System\vEkXybr.exe
  2⤵
  PID:4680
- C:\Windows\System\NxJwLTh.exe
  C:\Windows\System\NxJwLTh.exe
  2⤵
  PID:4696
- C:\Windows\System\QvoiKyL.exe
  C:\Windows\System\QvoiKyL.exe
  2⤵
  PID:4716
- C:\Windows\System\KNMCrfR.exe
  C:\Windows\System\KNMCrfR.exe
  2⤵
  PID:4736
- C:\Windows\System\oMCYzqf.exe
  C:\Windows\System\oMCYzqf.exe
  2⤵
  PID:4752
- C:\Windows\System\MJhWQpe.exe
  C:\Windows\System\MJhWQpe.exe
  2⤵
  PID:4768
- C:\Windows\System\wpNtvsI.exe
  C:\Windows\System\wpNtvsI.exe
  2⤵
  PID:4788
- C:\Windows\System\YvMMQiy.exe
  C:\Windows\System\YvMMQiy.exe
  2⤵
  PID:4812
- C:\Windows\System\GAaFAGm.exe
  C:\Windows\System\GAaFAGm.exe
  2⤵
  PID:4832
- C:\Windows\System\gEVVxKH.exe
  C:\Windows\System\gEVVxKH.exe
  2⤵
  PID:4848
- C:\Windows\System\rtSIFSE.exe
  C:\Windows\System\rtSIFSE.exe
  2⤵
  PID:4884
- C:\Windows\System\AkSfiQX.exe
  C:\Windows\System\AkSfiQX.exe
  2⤵
  PID:4900
- C:\Windows\System\esVWVFF.exe
  C:\Windows\System\esVWVFF.exe
  2⤵
  PID:4916
- C:\Windows\System\hgtKeUI.exe
  C:\Windows\System\hgtKeUI.exe
  2⤵
  PID:4936
- C:\Windows\System\nSLWocC.exe
  C:\Windows\System\nSLWocC.exe
  2⤵
  PID:4952
- C:\Windows\System\OzJdkOS.exe
  C:\Windows\System\OzJdkOS.exe
  2⤵
  PID:4988
- C:\Windows\System\ApUJKKy.exe
  C:\Windows\System\ApUJKKy.exe
  2⤵
  PID:5004
- C:\Windows\System\MlXlteu.exe
  C:\Windows\System\MlXlteu.exe
  2⤵
  PID:5024
- C:\Windows\System\LGumdeM.exe
  C:\Windows\System\LGumdeM.exe
  2⤵
  PID:5040
- C:\Windows\System\eLsclTn.exe
  C:\Windows\System\eLsclTn.exe
  2⤵
  PID:5060
- C:\Windows\System\aRBQTQH.exe
  C:\Windows\System\aRBQTQH.exe
  2⤵
  PID:5076
- C:\Windows\System\OYUfNyI.exe
  C:\Windows\System\OYUfNyI.exe
  2⤵
  PID:5092
- C:\Windows\System\eeDwbeC.exe
  C:\Windows\System\eeDwbeC.exe
  2⤵
  PID:5112
- C:\Windows\System\QlKDQIy.exe
  C:\Windows\System\QlKDQIy.exe
  2⤵
  PID:3388
- C:\Windows\System\FJVtLjN.exe
  C:\Windows\System\FJVtLjN.exe
  2⤵
  PID:4128
- C:\Windows\System\kumPQXr.exe
  C:\Windows\System\kumPQXr.exe
  2⤵
  PID:4144
- C:\Windows\System\LvLKJPe.exe
  C:\Windows\System\LvLKJPe.exe
  2⤵
  PID:4180
- C:\Windows\System\gnRbSKg.exe
  C:\Windows\System\gnRbSKg.exe
  2⤵
  PID:2720
- C:\Windows\System\sDskDxA.exe
  C:\Windows\System\sDskDxA.exe
  2⤵
  PID:4196
- C:\Windows\System\IZXxdax.exe
  C:\Windows\System\IZXxdax.exe
  2⤵
  PID:4264
- C:\Windows\System\NUKPFjy.exe
  C:\Windows\System\NUKPFjy.exe
  2⤵
  PID:4328
- C:\Windows\System\GXoPObt.exe
  C:\Windows\System\GXoPObt.exe
  2⤵
  PID:4400
- C:\Windows\System\xdzLYqx.exe
  C:\Windows\System\xdzLYqx.exe
  2⤵
  PID:4344
- C:\Windows\System\bHgMRoV.exe
  C:\Windows\System\bHgMRoV.exe
  2⤵
  PID:4376
- C:\Windows\System\EQdJHME.exe
  C:\Windows\System\EQdJHME.exe
  2⤵
  PID:4448
- C:\Windows\System\sOLjHny.exe
  C:\Windows\System\sOLjHny.exe
  2⤵
  PID:4452
- C:\Windows\System\kGssDTe.exe
  C:\Windows\System\kGssDTe.exe
  2⤵
  PID:4496
- C:\Windows\System\tdzvhuU.exe
  C:\Windows\System\tdzvhuU.exe
  2⤵
  PID:4564
- C:\Windows\System\gXNBhAz.exe
  C:\Windows\System\gXNBhAz.exe
  2⤵
  PID:4572
- C:\Windows\System\FCSObdR.exe
  C:\Windows\System\FCSObdR.exe
  2⤵
  PID:4592
- C:\Windows\System\lGXEmLt.exe
  C:\Windows\System\lGXEmLt.exe
  2⤵
  PID:4632
- C:\Windows\System\neHKfBY.exe
  C:\Windows\System\neHKfBY.exe
  2⤵
  PID:4624
- C:\Windows\System\fpglduO.exe
  C:\Windows\System\fpglduO.exe
  2⤵
  PID:4692
- C:\Windows\System\NyKPbOW.exe
  C:\Windows\System\NyKPbOW.exe
  2⤵
  PID:4668
- C:\Windows\System\MljOwTi.exe
  C:\Windows\System\MljOwTi.exe
  2⤵
  PID:4676
- C:\Windows\System\rVSixNh.exe
  C:\Windows\System\rVSixNh.exe
  2⤵
  PID:4868
- C:\Windows\System\gQgakZQ.exe
  C:\Windows\System\gQgakZQ.exe
  2⤵
  PID:4828
- C:\Windows\System\iZuyaal.exe
  C:\Windows\System\iZuyaal.exe
  2⤵
  PID:4864
- C:\Windows\System\IPeacfG.exe
  C:\Windows\System\IPeacfG.exe
  2⤵
  PID:4892
- C:\Windows\System\VYWkeZe.exe
  C:\Windows\System\VYWkeZe.exe
  2⤵
  PID:4960
- C:\Windows\System\fFRJfef.exe
  C:\Windows\System\fFRJfef.exe
  2⤵
  PID:4944
- C:\Windows\System\iEhAgQy.exe
  C:\Windows\System\iEhAgQy.exe
  2⤵
  PID:4184
- C:\Windows\System\zjXdOmF.exe
  C:\Windows\System\zjXdOmF.exe
  2⤵
  PID:5056
- C:\Windows\System\OEpGpyQ.exe
  C:\Windows\System\OEpGpyQ.exe
  2⤵
  PID:5032
- C:\Windows\System\QFvPEHt.exe
  C:\Windows\System\QFvPEHt.exe
  2⤵
  PID:3412
- C:\Windows\System\eRSMMZv.exe
  C:\Windows\System\eRSMMZv.exe
  2⤵
  PID:5072
- C:\Windows\System\dXPSvYt.exe
  C:\Windows\System\dXPSvYt.exe
  2⤵
  PID:4172
- C:\Windows\System\nFPbEtf.exe
  C:\Windows\System\nFPbEtf.exe
  2⤵
  PID:4216
- C:\Windows\System\GpHJJhx.exe
  C:\Windows\System\GpHJJhx.exe
  2⤵
  PID:4116
- C:\Windows\System\xduuEEO.exe
  C:\Windows\System\xduuEEO.exe
  2⤵
  PID:4360
- C:\Windows\System\VzzxxPF.exe
  C:\Windows\System\VzzxxPF.exe
  2⤵
  PID:4396
- C:\Windows\System\hcoKcpF.exe
  C:\Windows\System\hcoKcpF.exe
  2⤵
  PID:4436
- C:\Windows\System\VaEYxhY.exe
  C:\Windows\System\VaEYxhY.exe
  2⤵
  PID:4604
- C:\Windows\System\jtLwWmJ.exe
  C:\Windows\System\jtLwWmJ.exe
  2⤵
  PID:4728
- C:\Windows\System\fkhtclx.exe
  C:\Windows\System\fkhtclx.exe
  2⤵
  PID:4732
- C:\Windows\System\LdYzmFR.exe
  C:\Windows\System\LdYzmFR.exe
  2⤵
  PID:4656
- C:\Windows\System\EapGTun.exe
  C:\Windows\System\EapGTun.exe
  2⤵
  PID:4548
- C:\Windows\System\abKOtoD.exe
  C:\Windows\System\abKOtoD.exe
  2⤵
  PID:4416
- C:\Windows\System\uIQdEJy.exe
  C:\Windows\System\uIQdEJy.exe
  2⤵
  PID:4840
- C:\Windows\System\mVYeeGY.exe
  C:\Windows\System\mVYeeGY.exe
  2⤵
  PID:4464
- C:\Windows\System\pFeBXXa.exe
  C:\Windows\System\pFeBXXa.exe
  2⤵
  PID:4876
- C:\Windows\System\TXPJhjC.exe
  C:\Windows\System\TXPJhjC.exe
  2⤵
  PID:4908
- C:\Windows\System\JaOcofO.exe
  C:\Windows\System\JaOcofO.exe
  2⤵
  PID:4948
- C:\Windows\System\IJFxSWH.exe
  C:\Windows\System\IJFxSWH.exe
  2⤵
  PID:4996
- C:\Windows\System\QCLmlLM.exe
  C:\Windows\System\QCLmlLM.exe
  2⤵
  PID:5104
- C:\Windows\System\wmSlRKi.exe
  C:\Windows\System\wmSlRKi.exe
  2⤵
  PID:5084
- C:\Windows\System\qstLehy.exe
  C:\Windows\System\qstLehy.exe
  2⤵
  PID:4112
- C:\Windows\System\MuoJino.exe
  C:\Windows\System\MuoJino.exe
  2⤵
  PID:4220
- C:\Windows\System\gOoixno.exe
  C:\Windows\System\gOoixno.exe
  2⤵
  PID:4280
- C:\Windows\System\SBGvXgS.exe
  C:\Windows\System\SBGvXgS.exe
  2⤵
  PID:4312
- C:\Windows\System\OKYYaOZ.exe
  C:\Windows\System\OKYYaOZ.exe
  2⤵
  PID:4508
- C:\Windows\System\lcpApRM.exe
  C:\Windows\System\lcpApRM.exe
  2⤵
  PID:4476
- C:\Windows\System\giYOmcr.exe
  C:\Windows\System\giYOmcr.exe
  2⤵
  PID:4800
- C:\Windows\System\pohZwLn.exe
  C:\Windows\System\pohZwLn.exe
  2⤵
  PID:4712
- C:\Windows\System\YzAyTlZ.exe
  C:\Windows\System\YzAyTlZ.exe
  2⤵
  PID:4980
- C:\Windows\System\gpzadLF.exe
  C:\Windows\System\gpzadLF.exe
  2⤵
  PID:4872
- C:\Windows\System\lCzfXaC.exe
  C:\Windows\System\lCzfXaC.exe
  2⤵
  PID:5016
- C:\Windows\System\HXkFSOc.exe
  C:\Windows\System\HXkFSOc.exe
  2⤵
  PID:4164
- C:\Windows\System\icyLamE.exe
  C:\Windows\System\icyLamE.exe
  2⤵
  PID:4292
- C:\Windows\System\XzhInpi.exe
  C:\Windows\System\XzhInpi.exe
  2⤵
  PID:1148
- C:\Windows\System\PeCpyze.exe
  C:\Windows\System\PeCpyze.exe
  2⤵
  PID:4640
- C:\Windows\System\aInWlSQ.exe
  C:\Windows\System\aInWlSQ.exe
  2⤵
  PID:4512
- C:\Windows\System\UIIiRiP.exe
  C:\Windows\System\UIIiRiP.exe
  2⤵
  PID:1068
- C:\Windows\System\UcDckyN.exe
  C:\Windows\System\UcDckyN.exe
  2⤵
  PID:2740
- C:\Windows\System\lVzvkhS.exe
  C:\Windows\System\lVzvkhS.exe
  2⤵
  PID:4748
- C:\Windows\System\JtbRWGq.exe
  C:\Windows\System\JtbRWGq.exe
  2⤵
  PID:5020
- C:\Windows\System\birFWHf.exe
  C:\Windows\System\birFWHf.exe
  2⤵
  PID:4704
- C:\Windows\System\ZRaBrby.exe
  C:\Windows\System\ZRaBrby.exe
  2⤵
  PID:5128
- C:\Windows\System\jwmjpVt.exe
  C:\Windows\System\jwmjpVt.exe
  2⤵
  PID:5172
- C:\Windows\System\BkaQWNm.exe
  C:\Windows\System\BkaQWNm.exe
  2⤵
  PID:5196
- C:\Windows\System\eptuoui.exe
  C:\Windows\System\eptuoui.exe
  2⤵
  PID:5216
- C:\Windows\System\GvhvVBZ.exe
  C:\Windows\System\GvhvVBZ.exe
  2⤵
  PID:5232
- C:\Windows\System\MedrZfm.exe
  C:\Windows\System\MedrZfm.exe
  2⤵
  PID:5252
- C:\Windows\System\yruSunz.exe
  C:\Windows\System\yruSunz.exe
  2⤵
  PID:5268
- C:\Windows\System\cEPlnFD.exe
  C:\Windows\System\cEPlnFD.exe
  2⤵
  PID:5284
- C:\Windows\System\rHZBeHL.exe
  C:\Windows\System\rHZBeHL.exe
  2⤵
  PID:5304
- C:\Windows\System\DPfYIOx.exe
  C:\Windows\System\DPfYIOx.exe
  2⤵
  PID:5324
- C:\Windows\System\DiVxJWQ.exe
  C:\Windows\System\DiVxJWQ.exe
  2⤵
  PID:5356
- C:\Windows\System\VVEinpd.exe
  C:\Windows\System\VVEinpd.exe
  2⤵
  PID:5372
- C:\Windows\System\GDdsSZy.exe
  C:\Windows\System\GDdsSZy.exe
  2⤵
  PID:5396
- C:\Windows\System\uUSJLSM.exe
  C:\Windows\System\uUSJLSM.exe
  2⤵
  PID:5416
- C:\Windows\System\NiBlpvu.exe
  C:\Windows\System\NiBlpvu.exe
  2⤵
  PID:5432
- C:\Windows\System\AmodGig.exe
  C:\Windows\System\AmodGig.exe
  2⤵
  PID:5448
- C:\Windows\System\ZyrZCUY.exe
  C:\Windows\System\ZyrZCUY.exe
  2⤵
  PID:5468
- C:\Windows\System\PFcjksE.exe
  C:\Windows\System\PFcjksE.exe
  2⤵
  PID:5484
- C:\Windows\System\BVXcBlI.exe
  C:\Windows\System\BVXcBlI.exe
  2⤵
  PID:5500
- C:\Windows\System\hTVBCDr.exe
  C:\Windows\System\hTVBCDr.exe
  2⤵
  PID:5516
- C:\Windows\System\OWTxJWF.exe
  C:\Windows\System\OWTxJWF.exe
  2⤵
  PID:5556
- C:\Windows\System\uYWoprR.exe
  C:\Windows\System\uYWoprR.exe
  2⤵
  PID:5576
- C:\Windows\System\KUChJVX.exe
  C:\Windows\System\KUChJVX.exe
  2⤵
  PID:5592
- C:\Windows\System\SKEXEEW.exe
  C:\Windows\System\SKEXEEW.exe
  2⤵
  PID:5612
- C:\Windows\System\HAorpxg.exe
  C:\Windows\System\HAorpxg.exe
  2⤵
  PID:5636
- C:\Windows\System\nVoZhEh.exe
  C:\Windows\System\nVoZhEh.exe
  2⤵
  PID:5652
- C:\Windows\System\JPfSuzO.exe
  C:\Windows\System\JPfSuzO.exe
  2⤵
  PID:5672
- C:\Windows\System\yhQieKO.exe
  C:\Windows\System\yhQieKO.exe
  2⤵
  PID:5688
- C:\Windows\System\xyZENqi.exe
  C:\Windows\System\xyZENqi.exe
  2⤵
  PID:5704
- C:\Windows\System\WfacmEv.exe
  C:\Windows\System\WfacmEv.exe
  2⤵
  PID:5724
- C:\Windows\System\xRSbCxf.exe
  C:\Windows\System\xRSbCxf.exe
  2⤵
  PID:5744
- C:\Windows\System\CDYDxkC.exe
  C:\Windows\System\CDYDxkC.exe
  2⤵
  PID:5760
- C:\Windows\System\ACdFJsP.exe
  C:\Windows\System\ACdFJsP.exe
  2⤵
  PID:5780
- C:\Windows\System\bNLKxAO.exe
  C:\Windows\System\bNLKxAO.exe
  2⤵
  PID:5796
- C:\Windows\System\PlOeFeg.exe
  C:\Windows\System\PlOeFeg.exe
  2⤵
  PID:5812
- C:\Windows\System\StJFxji.exe
  C:\Windows\System\StJFxji.exe
  2⤵
  PID:5828
- C:\Windows\System\EFRqyUx.exe
  C:\Windows\System\EFRqyUx.exe
  2⤵
  PID:5864
- C:\Windows\System\kyFXGOi.exe
  C:\Windows\System\kyFXGOi.exe
  2⤵
  PID:5884
- C:\Windows\System\BZGFWLb.exe
  C:\Windows\System\BZGFWLb.exe
  2⤵
  PID:5920
- C:\Windows\System\dwTXGGs.exe
  C:\Windows\System\dwTXGGs.exe
  2⤵
  PID:5936
- C:\Windows\System\FPbwDxt.exe
  C:\Windows\System\FPbwDxt.exe
  2⤵
  PID:5956
- C:\Windows\System\SqJCHiq.exe
  C:\Windows\System\SqJCHiq.exe
  2⤵
  PID:5972
- C:\Windows\System\AxbEyOk.exe
  C:\Windows\System\AxbEyOk.exe
  2⤵
  PID:5988
- C:\Windows\System\ldwnLUH.exe
  C:\Windows\System\ldwnLUH.exe
  2⤵
  PID:6004
- C:\Windows\System\jfDZszE.exe
  C:\Windows\System\jfDZszE.exe
  2⤵
  PID:6020
- C:\Windows\System\zrQwVOC.exe
  C:\Windows\System\zrQwVOC.exe
  2⤵
  PID:6036
- C:\Windows\System\EIpnypX.exe
  C:\Windows\System\EIpnypX.exe
  2⤵
  PID:6052
- C:\Windows\System\bHtHrUv.exe
  C:\Windows\System\bHtHrUv.exe
  2⤵
  PID:6072
- C:\Windows\System\QKteNFy.exe
  C:\Windows\System\QKteNFy.exe
  2⤵
  PID:6088
- C:\Windows\System\wqfSIrS.exe
  C:\Windows\System\wqfSIrS.exe
  2⤵
  PID:6112
- C:\Windows\System\kcIsidK.exe
  C:\Windows\System\kcIsidK.exe
  2⤵
  PID:6132
- C:\Windows\System\dmxUbXQ.exe
  C:\Windows\System\dmxUbXQ.exe
  2⤵
  PID:4932
- C:\Windows\System\qgNBgeQ.exe
  C:\Windows\System\qgNBgeQ.exe
  2⤵
  PID:4804
- C:\Windows\System\PgFecFu.exe
  C:\Windows\System\PgFecFu.exe
  2⤵
  PID:5140
- C:\Windows\System\kiyRxkP.exe
  C:\Windows\System\kiyRxkP.exe
  2⤵
  PID:4324
- C:\Windows\System\DrAioyH.exe
  C:\Windows\System\DrAioyH.exe
  2⤵
  PID:5160
- C:\Windows\System\wLzDiji.exe
  C:\Windows\System\wLzDiji.exe
  2⤵
  PID:5224
- C:\Windows\System\nAKyVoq.exe
  C:\Windows\System\nAKyVoq.exe
  2⤵
  PID:5260
- C:\Windows\System\BwHtDEX.exe
  C:\Windows\System\BwHtDEX.exe
  2⤵
  PID:5248
- C:\Windows\System\WLzCAjn.exe
  C:\Windows\System\WLzCAjn.exe
  2⤵
  PID:5316
- C:\Windows\System\wGEwaoU.exe
  C:\Windows\System\wGEwaoU.exe
  2⤵
  PID:5280
- C:\Windows\System\zkCeDdv.exe
  C:\Windows\System\zkCeDdv.exe
  2⤵
  PID:5392
- C:\Windows\System\SRBpCoI.exe
  C:\Windows\System\SRBpCoI.exe
  2⤵
  PID:5412
- C:\Windows\System\oDgESBv.exe
  C:\Windows\System\oDgESBv.exe
  2⤵
  PID:5460
- C:\Windows\System\ABnIGhQ.exe
  C:\Windows\System\ABnIGhQ.exe
  2⤵
  PID:5532
- C:\Windows\System\fbARcPi.exe
  C:\Windows\System\fbARcPi.exe
  2⤵
  PID:5548
- C:\Windows\System\xiCrnUx.exe
  C:\Windows\System\xiCrnUx.exe
  2⤵
  PID:5508
- C:\Windows\System\VcKLtYa.exe
  C:\Windows\System\VcKLtYa.exe
  2⤵
  PID:5568
- C:\Windows\System\ChIbZDi.exe
  C:\Windows\System\ChIbZDi.exe
  2⤵
  PID:5660
- C:\Windows\System\JqQnoRK.exe
  C:\Windows\System\JqQnoRK.exe
  2⤵
  PID:5700
- C:\Windows\System\EKeRJde.exe
  C:\Windows\System\EKeRJde.exe
  2⤵
  PID:5808
- C:\Windows\System\AWdKuZb.exe
  C:\Windows\System\AWdKuZb.exe
  2⤵
  PID:5844
- C:\Windows\System\SqNPRUk.exe
  C:\Windows\System\SqNPRUk.exe
  2⤵
  PID:5860
- C:\Windows\System\eWIzWor.exe
  C:\Windows\System\eWIzWor.exe
  2⤵
  PID:5752
- C:\Windows\System\hWZYBYS.exe
  C:\Windows\System\hWZYBYS.exe
  2⤵
  PID:5824
- C:\Windows\System\pPVFyuZ.exe
  C:\Windows\System\pPVFyuZ.exe
  2⤵
  PID:5680
- C:\Windows\System\ZUWhdWT.exe
  C:\Windows\System\ZUWhdWT.exe
  2⤵
  PID:5892
- C:\Windows\System\iCATdPO.exe
  C:\Windows\System\iCATdPO.exe
  2⤵
  PID:5928
- C:\Windows\System\rHkPlsj.exe
  C:\Windows\System\rHkPlsj.exe
  2⤵
  PID:5952
- C:\Windows\System\LVzxHbZ.exe
  C:\Windows\System\LVzxHbZ.exe
  2⤵
  PID:6016
- C:\Windows\System\zzHPRXb.exe
  C:\Windows\System\zzHPRXb.exe
  2⤵
  PID:6124
- C:\Windows\System\ENYSggZ.exe
  C:\Windows\System\ENYSggZ.exe
  2⤵
  PID:5124
- C:\Windows\System\hOzxkoN.exe
  C:\Windows\System\hOzxkoN.exe
  2⤵
  PID:4764
- C:\Windows\System\RKqXaIT.exe
  C:\Windows\System\RKqXaIT.exe
  2⤵
  PID:5964
- C:\Windows\System\HMXVDXM.exe
  C:\Windows\System\HMXVDXM.exe
  2⤵
  PID:5180
- C:\Windows\System\qBMMNWW.exe
  C:\Windows\System\qBMMNWW.exe
  2⤵
  PID:5048
- C:\Windows\System\scCFulk.exe
  C:\Windows\System\scCFulk.exe
  2⤵
  PID:6100
- C:\Windows\System\rNHxTpe.exe
  C:\Windows\System\rNHxTpe.exe
  2⤵
  PID:5340
- C:\Windows\System\NAYRasj.exe
  C:\Windows\System\NAYRasj.exe
  2⤵
  PID:6000
- C:\Windows\System\dqvJiEk.exe
  C:\Windows\System\dqvJiEk.exe
  2⤵
  PID:5336
- C:\Windows\System\xdVyfzR.exe
  C:\Windows\System\xdVyfzR.exe
  2⤵
  PID:5240
- C:\Windows\System\FNhSjNV.exe
  C:\Windows\System\FNhSjNV.exe
  2⤵
  PID:5496
- C:\Windows\System\NJmRAlj.exe
  C:\Windows\System\NJmRAlj.exe
  2⤵
  PID:5588
- C:\Windows\System\VnberuG.exe
  C:\Windows\System\VnberuG.exe
  2⤵
  PID:5632
- C:\Windows\System\RHvpKnm.exe
  C:\Windows\System\RHvpKnm.exe
  2⤵
  PID:5540
- C:\Windows\System\qZDychq.exe
  C:\Windows\System\qZDychq.exe
  2⤵
  PID:5528
- C:\Windows\System\CISired.exe
  C:\Windows\System\CISired.exe
  2⤵
  PID:5572
- C:\Windows\System\DsGHiLs.exe
  C:\Windows\System\DsGHiLs.exe
  2⤵
  PID:5788
- C:\Windows\System\PayLDeY.exe
  C:\Windows\System\PayLDeY.exe
  2⤵
  PID:5604
- C:\Windows\System\ZzQbOdv.exe
  C:\Windows\System\ZzQbOdv.exe
  2⤵
  PID:6120
- C:\Windows\System\awHjccd.exe
  C:\Windows\System\awHjccd.exe
  2⤵
  PID:5600
- C:\Windows\System\NpotqkC.exe
  C:\Windows\System\NpotqkC.exe
  2⤵
  PID:5908
- C:\Windows\System\MJfkbWk.exe
  C:\Windows\System\MJfkbWk.exe
  2⤵
  PID:5792
- C:\Windows\System\lKFKbGi.exe
  C:\Windows\System\lKFKbGi.exe
  2⤵
  PID:6012
- C:\Windows\System\hiFhkwA.exe
  C:\Windows\System\hiFhkwA.exe
  2⤵
  PID:4708
- C:\Windows\System\UGQRrvg.exe
  C:\Windows\System\UGQRrvg.exe
  2⤵
  PID:5168
- C:\Windows\System\hzufVHK.exe
  C:\Windows\System\hzufVHK.exe
  2⤵
  PID:5296
- C:\Windows\System\mwzVgPK.exe
  C:\Windows\System\mwzVgPK.exe
  2⤵
  PID:5480
- C:\Windows\System\iJQlAVG.exe
  C:\Windows\System\iJQlAVG.exe
  2⤵
  PID:4776
- C:\Windows\System\QqXxqgW.exe
  C:\Windows\System\QqXxqgW.exe
  2⤵
  PID:6108
- C:\Windows\System\RkXyxWx.exe
  C:\Windows\System\RkXyxWx.exe
  2⤵
  PID:5736
- C:\Windows\System\ZojnqTI.exe
  C:\Windows\System\ZojnqTI.exe
  2⤵
  PID:5624
- C:\Windows\System\ipMaEYm.exe
  C:\Windows\System\ipMaEYm.exe
  2⤵
  PID:5804
- C:\Windows\System\RCvPsjw.exe
  C:\Windows\System\RCvPsjw.exe
  2⤵
  PID:5856
- C:\Windows\System\TVAnqJA.exe
  C:\Windows\System\TVAnqJA.exe
  2⤵
  PID:6080
- C:\Windows\System\QbiLXMQ.exe
  C:\Windows\System\QbiLXMQ.exe
  2⤵
  PID:5896
- C:\Windows\System\YgrtpGc.exe
  C:\Windows\System\YgrtpGc.exe
  2⤵
  PID:4628
- C:\Windows\System\SPHOJxM.exe
  C:\Windows\System\SPHOJxM.exe
  2⤵
  PID:6064
- C:\Windows\System\vTIMkKn.exe
  C:\Windows\System\vTIMkKn.exe
  2⤵
  PID:5404
- C:\Windows\System\vuraYIg.exe
  C:\Windows\System\vuraYIg.exe
  2⤵
  PID:5696
- C:\Windows\System\jAddlUr.exe
  C:\Windows\System\jAddlUr.exe
  2⤵
  PID:5428
- C:\Windows\System\XKEDBbs.exe
  C:\Windows\System\XKEDBbs.exe
  2⤵
  PID:5944
- C:\Windows\System\DIgmzYa.exe
  C:\Windows\System\DIgmzYa.exe
  2⤵
  PID:5772
- C:\Windows\System\qvWxDwA.exe
  C:\Windows\System\qvWxDwA.exe
  2⤵
  PID:5720
- C:\Windows\System\QVqUyUr.exe
  C:\Windows\System\QVqUyUr.exe
  2⤵
  PID:5156
- C:\Windows\System\Qwlkeql.exe
  C:\Windows\System\Qwlkeql.exe
  2⤵
  PID:5444
- C:\Windows\System\xuXXjls.exe
  C:\Windows\System\xuXXjls.exe
  2⤵
  PID:5968
- C:\Windows\System\qHWjfRj.exe
  C:\Windows\System\qHWjfRj.exe
  2⤵
  PID:5408
- C:\Windows\System\GbzOFXb.exe
  C:\Windows\System\GbzOFXb.exe
  2⤵
  PID:5712
- C:\Windows\System\GGLkObB.exe
  C:\Windows\System\GGLkObB.exe
  2⤵
  PID:5876
- C:\Windows\System\JvrqaVL.exe
  C:\Windows\System\JvrqaVL.exe
  2⤵
  PID:5852
- C:\Windows\System\Kmdqjqk.exe
  C:\Windows\System\Kmdqjqk.exe
  2⤵
  PID:5332
- C:\Windows\System\GqpEmCS.exe
  C:\Windows\System\GqpEmCS.exe
  2⤵
  PID:5492
- C:\Windows\System\VIaZkHH.exe
  C:\Windows\System\VIaZkHH.exe
  2⤵
  PID:5300
- C:\Windows\System\hfRHMCS.exe
  C:\Windows\System\hfRHMCS.exe
  2⤵
  PID:5352
- C:\Windows\System\EcLIUSm.exe
  C:\Windows\System\EcLIUSm.exe
  2⤵
  PID:6160
- C:\Windows\System\vfkvAZZ.exe
  C:\Windows\System\vfkvAZZ.exe
  2⤵
  PID:6176
- C:\Windows\System\qgKjlnJ.exe
  C:\Windows\System\qgKjlnJ.exe
  2⤵
  PID:6196
- C:\Windows\System\byisHIf.exe
  C:\Windows\System\byisHIf.exe
  2⤵
  PID:6216
- C:\Windows\System\XXBbNOD.exe
  C:\Windows\System\XXBbNOD.exe
  2⤵
  PID:6240
- C:\Windows\System\YFXcSpD.exe
  C:\Windows\System\YFXcSpD.exe
  2⤵
  PID:6256
- C:\Windows\System\QWYHFPY.exe
  C:\Windows\System\QWYHFPY.exe
  2⤵
  PID:6284
- C:\Windows\System\TbiPUxu.exe
  C:\Windows\System\TbiPUxu.exe
  2⤵
  PID:6308
- C:\Windows\System\DzzNBRK.exe
  C:\Windows\System\DzzNBRK.exe
  2⤵
  PID:6324
- C:\Windows\System\LIqppmL.exe
  C:\Windows\System\LIqppmL.exe
  2⤵
  PID:6340
- C:\Windows\System\ohgBhpo.exe
  C:\Windows\System\ohgBhpo.exe
  2⤵
  PID:6356
- C:\Windows\System\gyniswI.exe
  C:\Windows\System\gyniswI.exe
  2⤵
  PID:6388
- C:\Windows\System\ztiYnFk.exe
  C:\Windows\System\ztiYnFk.exe
  2⤵
  PID:6404
- C:\Windows\System\LZspqvT.exe
  C:\Windows\System\LZspqvT.exe
  2⤵
  PID:6420
- C:\Windows\System\ZrVyahN.exe
  C:\Windows\System\ZrVyahN.exe
  2⤵
  PID:6440
- C:\Windows\System\wawgjMH.exe
  C:\Windows\System\wawgjMH.exe
  2⤵
  PID:6456
- C:\Windows\System\gfPzrwR.exe
  C:\Windows\System\gfPzrwR.exe
  2⤵
  PID:6476
- C:\Windows\System\dSPSXnG.exe
  C:\Windows\System\dSPSXnG.exe
  2⤵
  PID:6492
- C:\Windows\System\zpvuKai.exe
  C:\Windows\System\zpvuKai.exe
  2⤵
  PID:6512
- C:\Windows\System\JzIiaZb.exe
  C:\Windows\System\JzIiaZb.exe
  2⤵
  PID:6548
- C:\Windows\System\GWBwgUB.exe
  C:\Windows\System\GWBwgUB.exe
  2⤵
  PID:6564
- C:\Windows\System\lzNsUJL.exe
  C:\Windows\System\lzNsUJL.exe
  2⤵
  PID:6580
- C:\Windows\System\LwfvkYf.exe
  C:\Windows\System\LwfvkYf.exe
  2⤵
  PID:6596
- C:\Windows\System\PXgxTMy.exe
  C:\Windows\System\PXgxTMy.exe
  2⤵
  PID:6624
- C:\Windows\System\BoYmVAu.exe
  C:\Windows\System\BoYmVAu.exe
  2⤵
  PID:6644
- C:\Windows\System\fEKRiMF.exe
  C:\Windows\System\fEKRiMF.exe
  2⤵
  PID:6668
- C:\Windows\System\iDaZRcR.exe
  C:\Windows\System\iDaZRcR.exe
  2⤵
  PID:6684
- C:\Windows\System\gHUYQko.exe
  C:\Windows\System\gHUYQko.exe
  2⤵
  PID:6704
- C:\Windows\System\ZkXMbjx.exe
  C:\Windows\System\ZkXMbjx.exe
  2⤵
  PID:6720
- C:\Windows\System\VDWMNyJ.exe
  C:\Windows\System\VDWMNyJ.exe
  2⤵
  PID:6736
- C:\Windows\System\LSiVOyA.exe
  C:\Windows\System\LSiVOyA.exe
  2⤵
  PID:6752
- C:\Windows\System\eqzpYlL.exe
  C:\Windows\System\eqzpYlL.exe
  2⤵
  PID:6768
- C:\Windows\System\ZIcXNBr.exe
  C:\Windows\System\ZIcXNBr.exe
  2⤵
  PID:6792
- C:\Windows\System\rjmBhDg.exe
  C:\Windows\System\rjmBhDg.exe
  2⤵
  PID:6816
- C:\Windows\System\mqFWGZp.exe
  C:\Windows\System\mqFWGZp.exe
  2⤵
  PID:6840
- C:\Windows\System\ZMZvGBz.exe
  C:\Windows\System\ZMZvGBz.exe
  2⤵
  PID:6856
- C:\Windows\System\xFkeJJG.exe
  C:\Windows\System\xFkeJJG.exe
  2⤵
  PID:6872
- C:\Windows\System\VlGCzxQ.exe
  C:\Windows\System\VlGCzxQ.exe
  2⤵
  PID:6900
- C:\Windows\System\fLdQgDT.exe
  C:\Windows\System\fLdQgDT.exe
  2⤵
  PID:6916
- C:\Windows\System\Yrxohqp.exe
  C:\Windows\System\Yrxohqp.exe
  2⤵
  PID:6932
- C:\Windows\System\rANcENo.exe
  C:\Windows\System\rANcENo.exe
  2⤵
  PID:6952
- C:\Windows\System\FlXxEGj.exe
  C:\Windows\System\FlXxEGj.exe
  2⤵
  PID:6980
- C:\Windows\System\CekheNx.exe
  C:\Windows\System\CekheNx.exe
  2⤵
  PID:7000
- C:\Windows\System\fxtanSp.exe
  C:\Windows\System\fxtanSp.exe
  2⤵
  PID:7016
- C:\Windows\System\BxliENS.exe
  C:\Windows\System\BxliENS.exe
  2⤵
  PID:7036
- C:\Windows\System\fzuifIu.exe
  C:\Windows\System\fzuifIu.exe
  2⤵
  PID:7060
- C:\Windows\System\robSGjX.exe
  C:\Windows\System\robSGjX.exe
  2⤵
  PID:7076
- C:\Windows\System\oOIaHLo.exe
  C:\Windows\System\oOIaHLo.exe
  2⤵
  PID:7092
- C:\Windows\System\BtrnuUB.exe
  C:\Windows\System\BtrnuUB.exe
  2⤵
  PID:7116
- C:\Windows\System\YKqdlxp.exe
  C:\Windows\System\YKqdlxp.exe
  2⤵
  PID:7132
- C:\Windows\System\jMWgksu.exe
  C:\Windows\System\jMWgksu.exe
  2⤵
  PID:7160
- C:\Windows\System\tHmTAhH.exe
  C:\Windows\System\tHmTAhH.exe
  2⤵
  PID:6168
- C:\Windows\System\xJLHykH.exe
  C:\Windows\System\xJLHykH.exe
  2⤵
  PID:6212
- C:\Windows\System\kitBflw.exe
  C:\Windows\System\kitBflw.exe
  2⤵
  PID:6252
- C:\Windows\System\mGDolqA.exe
  C:\Windows\System\mGDolqA.exe
  2⤵
  PID:6296
- C:\Windows\System\iojtTnM.exe
  C:\Windows\System\iojtTnM.exe
  2⤵
  PID:6336
- C:\Windows\System\MntrPHK.exe
  C:\Windows\System\MntrPHK.exe
  2⤵
  PID:6276
- C:\Windows\System\WiqPAoL.exe
  C:\Windows\System\WiqPAoL.exe
  2⤵
  PID:6352
- C:\Windows\System\SwAAGZs.exe
  C:\Windows\System\SwAAGZs.exe
  2⤵
  PID:6376
- C:\Windows\System\ubBukHM.exe
  C:\Windows\System\ubBukHM.exe
  2⤵
  PID:6416
- C:\Windows\System\uZPIEcG.exe
  C:\Windows\System\uZPIEcG.exe
  2⤵
  PID:6524
- C:\Windows\System\TjiWpaN.exe
  C:\Windows\System\TjiWpaN.exe
  2⤵
  PID:6464
- C:\Windows\System\nXYzENJ.exe
  C:\Windows\System\nXYzENJ.exe
  2⤵
  PID:6532
- C:\Windows\System\wtrQzzQ.exe
  C:\Windows\System\wtrQzzQ.exe
  2⤵
  PID:6572
- C:\Windows\System\oFnLftZ.exe
  C:\Windows\System\oFnLftZ.exe
  2⤵
  PID:6612
- C:\Windows\System\tRfiDiX.exe
  C:\Windows\System\tRfiDiX.exe
  2⤵
  PID:6616
- C:\Windows\System\aFBwKcR.exe
  C:\Windows\System\aFBwKcR.exe
  2⤵
  PID:6632
- C:\Windows\System\desQnic.exe
  C:\Windows\System\desQnic.exe
  2⤵
  PID:6696
- C:\Windows\System\fFQDUbB.exe
  C:\Windows\System\fFQDUbB.exe
  2⤵
  PID:6732
- C:\Windows\System\fKRTZVS.exe
  C:\Windows\System\fKRTZVS.exe
  2⤵
  PID:6808
- C:\Windows\System\IHsiojE.exe
  C:\Windows\System\IHsiojE.exe
  2⤵
  PID:6776
- C:\Windows\System\YcUGrRO.exe
  C:\Windows\System\YcUGrRO.exe
  2⤵
  PID:6744
- C:\Windows\System\rZFSeFq.exe
  C:\Windows\System\rZFSeFq.exe
  2⤵
  PID:6848
- C:\Windows\System\qwItZst.exe
  C:\Windows\System\qwItZst.exe
  2⤵
  PID:6888
- C:\Windows\System\VoalcwD.exe
  C:\Windows\System\VoalcwD.exe
  2⤵
  PID:6828
- C:\Windows\System\QdFsLWD.exe
  C:\Windows\System\QdFsLWD.exe
  2⤵
  PID:6864
- C:\Windows\System\XnJwPqC.exe
  C:\Windows\System\XnJwPqC.exe
  2⤵
  PID:6960
- C:\Windows\System\naSqkoJ.exe
  C:\Windows\System\naSqkoJ.exe
  2⤵
  PID:7028
- C:\Windows\System\CjZjvAA.exe
  C:\Windows\System\CjZjvAA.exe
  2⤵
  PID:7072
- C:\Windows\System\KyqNobr.exe
  C:\Windows\System\KyqNobr.exe
  2⤵
  PID:7128
- C:\Windows\System\ReYGugQ.exe
  C:\Windows\System\ReYGugQ.exe
  2⤵
  PID:6148
- C:\Windows\System\HZVihJv.exe
  C:\Windows\System\HZVihJv.exe
  2⤵
  PID:6332
- C:\Windows\System\BlNoslz.exe
  C:\Windows\System\BlNoslz.exe
  2⤵
  PID:7144
- C:\Windows\System\eVNXvVI.exe
  C:\Windows\System\eVNXvVI.exe
  2⤵
  PID:6348
- C:\Windows\System\WlMhFmq.exe
  C:\Windows\System\WlMhFmq.exe
  2⤵
  PID:6292
- C:\Windows\System\tIAjLDy.exe
  C:\Windows\System\tIAjLDy.exe
  2⤵
  PID:6368
- C:\Windows\System\ajbepuh.exe
  C:\Windows\System\ajbepuh.exe
  2⤵
  PID:6500
- C:\Windows\System\nVQzDJz.exe
  C:\Windows\System\nVQzDJz.exe
  2⤵
  PID:6608
- C:\Windows\System\xGWKoco.exe
  C:\Windows\System\xGWKoco.exe
  2⤵
  PID:6692
- C:\Windows\System\yaJPZNZ.exe
  C:\Windows\System\yaJPZNZ.exe
  2⤵
  PID:6436
- C:\Windows\System\SFDPWmd.exe
  C:\Windows\System\SFDPWmd.exe
  2⤵
  PID:6636
- C:\Windows\System\QQrOGHL.exe
  C:\Windows\System\QQrOGHL.exe
  2⤵
  PID:6804
- C:\Windows\System\sRFfNsk.exe
  C:\Windows\System\sRFfNsk.exe
  2⤵
  PID:6800
- C:\Windows\System\sqiyrRb.exe
  C:\Windows\System\sqiyrRb.exe
  2⤵
  PID:6928
- C:\Windows\System\JUfXyAf.exe
  C:\Windows\System\JUfXyAf.exe
  2⤵
  PID:6964
- C:\Windows\System\KdrotEP.exe
  C:\Windows\System\KdrotEP.exe
  2⤵
  PID:7044
- C:\Windows\System\BpssSIv.exe
  C:\Windows\System\BpssSIv.exe
  2⤵
  PID:7088
- C:\Windows\System\TSaPKOx.exe
  C:\Windows\System\TSaPKOx.exe
  2⤵
  PID:6992
- C:\Windows\System\wZiXSZB.exe
  C:\Windows\System\wZiXSZB.exe
  2⤵
  PID:7124
- C:\Windows\System\dOiPeNO.exe
  C:\Windows\System\dOiPeNO.exe
  2⤵
  PID:6192
- C:\Windows\System\iXRFKng.exe
  C:\Windows\System\iXRFKng.exe
  2⤵
  PID:6412
- C:\Windows\System\RGJrHac.exe
  C:\Windows\System\RGJrHac.exe
  2⤵
  PID:7156
- C:\Windows\System\wJCWZoS.exe
  C:\Windows\System\wJCWZoS.exe
  2⤵
  PID:6400
- C:\Windows\System\FLOsgGB.exe
  C:\Windows\System\FLOsgGB.exe
  2⤵
  PID:6544
- C:\Windows\System\UEWpTPj.exe
  C:\Windows\System\UEWpTPj.exe
  2⤵
  PID:6488
- C:\Windows\System\GElmxYN.exe
  C:\Windows\System\GElmxYN.exe
  2⤵
  PID:6272
- C:\Windows\System\GlKDPpZ.exe
  C:\Windows\System\GlKDPpZ.exe
  2⤵
  PID:6924
- C:\Windows\System\DsXOLUO.exe
  C:\Windows\System\DsXOLUO.exe
  2⤵
  PID:6944
- C:\Windows\System\UuYfsBg.exe
  C:\Windows\System\UuYfsBg.exe
  2⤵
  PID:6996
- C:\Windows\System\ZWqjIsP.exe
  C:\Windows\System\ZWqjIsP.exe
  2⤵
  PID:7148
- C:\Windows\System\fDDEbuv.exe
  C:\Windows\System\fDDEbuv.exe
  2⤵
  PID:6320
- C:\Windows\System\ruTHbsT.exe
  C:\Windows\System\ruTHbsT.exe
  2⤵
  PID:6188
- C:\Windows\System\iTRoCZN.exe
  C:\Windows\System\iTRoCZN.exe
  2⤵
  PID:6208
- C:\Windows\System\zCKcQlc.exe
  C:\Windows\System\zCKcQlc.exe
  2⤵
  PID:6896
- C:\Windows\System\LFuuWGO.exe
  C:\Windows\System\LFuuWGO.exe
  2⤵
  PID:6884
- C:\Windows\System\HrVYsjY.exe
  C:\Windows\System\HrVYsjY.exe
  2⤵
  PID:7068
- C:\Windows\System\SZPfFIW.exe
  C:\Windows\System\SZPfFIW.exe
  2⤵
  PID:6660
- C:\Windows\System\wsyvXzI.exe
  C:\Windows\System\wsyvXzI.exe
  2⤵
  PID:6716
- C:\Windows\System\PiseZOh.exe
  C:\Windows\System\PiseZOh.exe
  2⤵
  PID:6664
- C:\Windows\System\WprhggS.exe
  C:\Windows\System\WprhggS.exe
  2⤵
  PID:7012
- C:\Windows\System\aLCzJSM.exe
  C:\Windows\System\aLCzJSM.exe
  2⤵
  PID:6472
- C:\Windows\System\gqNWHdY.exe
  C:\Windows\System\gqNWHdY.exe
  2⤵
  PID:6748
- C:\Windows\System\qiqZsIa.exe
  C:\Windows\System\qiqZsIa.exe
  2⤵
  PID:6556
- C:\Windows\System\zIkifrM.exe
  C:\Windows\System\zIkifrM.exe
  2⤵
  PID:6452
- C:\Windows\System\jlttpNe.exe
  C:\Windows\System\jlttpNe.exe
  2⤵
  PID:6948
- C:\Windows\System\DwdgnQT.exe
  C:\Windows\System\DwdgnQT.exe
  2⤵
  PID:7176
- C:\Windows\System\fUwuknc.exe
  C:\Windows\System\fUwuknc.exe
  2⤵
  PID:7196
- C:\Windows\System\AQwPuse.exe
  C:\Windows\System\AQwPuse.exe
  2⤵
  PID:7224
- C:\Windows\System\UWbmZqm.exe
  C:\Windows\System\UWbmZqm.exe
  2⤵
  PID:7244
- C:\Windows\System\eEsEiaD.exe
  C:\Windows\System\eEsEiaD.exe
  2⤵
  PID:7260
- C:\Windows\System\KCJxubI.exe
  C:\Windows\System\KCJxubI.exe
  2⤵
  PID:7276
- C:\Windows\System\wZTUuNP.exe
  C:\Windows\System\wZTUuNP.exe
  2⤵
  PID:7292
- C:\Windows\System\RUymLrB.exe
  C:\Windows\System\RUymLrB.exe
  2⤵
  PID:7308
- C:\Windows\System\qyRCXnB.exe
  C:\Windows\System\qyRCXnB.exe
  2⤵
  PID:7332
- C:\Windows\System\auzjHfF.exe
  C:\Windows\System\auzjHfF.exe
  2⤵
  PID:7352
- C:\Windows\System\oHUofRb.exe
  C:\Windows\System\oHUofRb.exe
  2⤵
  PID:7368
- C:\Windows\System\PLMIUfY.exe
  C:\Windows\System\PLMIUfY.exe
  2⤵
  PID:7384
- C:\Windows\System\mlRomqf.exe
  C:\Windows\System\mlRomqf.exe
  2⤵
  PID:7400
- C:\Windows\System\eXdieZw.exe
  C:\Windows\System\eXdieZw.exe
  2⤵
  PID:7452
- C:\Windows\System\QFHSgNR.exe
  C:\Windows\System\QFHSgNR.exe
  2⤵
  PID:7476
- C:\Windows\System\pSDKfep.exe
  C:\Windows\System\pSDKfep.exe
  2⤵
  PID:7496
- C:\Windows\System\kSZMwiV.exe
  C:\Windows\System\kSZMwiV.exe
  2⤵
  PID:7512
- C:\Windows\System\QQZqUCN.exe
  C:\Windows\System\QQZqUCN.exe
  2⤵
  PID:7532
- C:\Windows\System\zXDUOFI.exe
  C:\Windows\System\zXDUOFI.exe
  2⤵
  PID:7552
- C:\Windows\System\ODSVYyB.exe
  C:\Windows\System\ODSVYyB.exe
  2⤵
  PID:7568
- C:\Windows\System\AOPAOMN.exe
  C:\Windows\System\AOPAOMN.exe
  2⤵
  PID:7600
- C:\Windows\System\vwnPAez.exe
  C:\Windows\System\vwnPAez.exe
  2⤵
  PID:7616
- C:\Windows\System\yGqNurM.exe
  C:\Windows\System\yGqNurM.exe
  2⤵
  PID:7636
- C:\Windows\System\QJKQCsg.exe
  C:\Windows\System\QJKQCsg.exe
  2⤵
  PID:7652
- C:\Windows\System\ehVXwqk.exe
  C:\Windows\System\ehVXwqk.exe
  2⤵
  PID:7668
- C:\Windows\System\wbpErMI.exe
  C:\Windows\System\wbpErMI.exe
  2⤵
  PID:7688
- C:\Windows\System\akXBcKZ.exe
  C:\Windows\System\akXBcKZ.exe
  2⤵
  PID:7716
- C:\Windows\System\VfhPVqq.exe
  C:\Windows\System\VfhPVqq.exe
  2⤵
  PID:7732
- C:\Windows\System\vSrrFSj.exe
  C:\Windows\System\vSrrFSj.exe
  2⤵
  PID:7756
- C:\Windows\System\mXtilaR.exe
  C:\Windows\System\mXtilaR.exe
  2⤵
  PID:7772
- C:\Windows\System\VwXxHcM.exe
  C:\Windows\System\VwXxHcM.exe
  2⤵
  PID:7788
- C:\Windows\System\IBjheRF.exe
  C:\Windows\System\IBjheRF.exe
  2⤵
  PID:7804
- C:\Windows\System\CNbVwiZ.exe
  C:\Windows\System\CNbVwiZ.exe
  2⤵
  PID:7824
- C:\Windows\System\AsPIelL.exe
  C:\Windows\System\AsPIelL.exe
  2⤵
  PID:7848
- C:\Windows\System\ceOTDvQ.exe
  C:\Windows\System\ceOTDvQ.exe
  2⤵
  PID:7864
- C:\Windows\System\JOhxEeK.exe
  C:\Windows\System\JOhxEeK.exe
  2⤵
  PID:7892
- C:\Windows\System\RbtAokv.exe
  C:\Windows\System\RbtAokv.exe
  2⤵
  PID:7916
- C:\Windows\System\SkxUxeM.exe
  C:\Windows\System\SkxUxeM.exe
  2⤵
  PID:7932
- C:\Windows\System\KrcEbDB.exe
  C:\Windows\System\KrcEbDB.exe
  2⤵
  PID:7952
- C:\Windows\System\xLNgXpC.exe
  C:\Windows\System\xLNgXpC.exe
  2⤵
  PID:7968
- C:\Windows\System\YGhBRpM.exe
  C:\Windows\System\YGhBRpM.exe
  2⤵
  PID:7988
- C:\Windows\System\LAmnKed.exe
  C:\Windows\System\LAmnKed.exe
  2⤵
  PID:8008
- C:\Windows\System\MAmjwab.exe
  C:\Windows\System\MAmjwab.exe
  2⤵
  PID:8028
- C:\Windows\System\ebLjtgN.exe
  C:\Windows\System\ebLjtgN.exe
  2⤵
  PID:8060
- C:\Windows\System\yANaxGg.exe
  C:\Windows\System\yANaxGg.exe
  2⤵
  PID:8076
- C:\Windows\System\PbKOSzk.exe
  C:\Windows\System\PbKOSzk.exe
  2⤵
  PID:8096
- C:\Windows\System\ffKvRJp.exe
  C:\Windows\System\ffKvRJp.exe
  2⤵
  PID:8112
- C:\Windows\System\VcSrdZk.exe
  C:\Windows\System\VcSrdZk.exe
  2⤵
  PID:8132
- C:\Windows\System\Agohbqo.exe
  C:\Windows\System\Agohbqo.exe
  2⤵
  PID:8156
- C:\Windows\System\RbiFwoY.exe
  C:\Windows\System\RbiFwoY.exe
  2⤵
  PID:8172
- C:\Windows\System\toSSOMy.exe
  C:\Windows\System\toSSOMy.exe
  2⤵
  PID:6972
- C:\Windows\System\PQTKEYY.exe
  C:\Windows\System\PQTKEYY.exe
  2⤵
  PID:7216
- C:\Windows\System\lAsujRx.exe
  C:\Windows\System\lAsujRx.exe
  2⤵
  PID:7284
- C:\Windows\System\HWjxxyy.exe
  C:\Windows\System\HWjxxyy.exe
  2⤵
  PID:7328
- C:\Windows\System\mJpGSQL.exe
  C:\Windows\System\mJpGSQL.exe
  2⤵
  PID:7272
- C:\Windows\System\waPthMj.exe
  C:\Windows\System\waPthMj.exe
  2⤵
  PID:7340
- C:\Windows\System\NtrJVoo.exe
  C:\Windows\System\NtrJVoo.exe
  2⤵
  PID:7408
- C:\Windows\System\SDgkMZe.exe
  C:\Windows\System\SDgkMZe.exe
  2⤵
  PID:7380
- C:\Windows\System\jzVHMoJ.exe
  C:\Windows\System\jzVHMoJ.exe
  2⤵
  PID:7440
- C:\Windows\System\EGDsaKh.exe
  C:\Windows\System\EGDsaKh.exe
  2⤵
  PID:7460
- C:\Windows\System\IhWTmWW.exe
  C:\Windows\System\IhWTmWW.exe
  2⤵
  PID:7492
- C:\Windows\System\CDQuUxP.exe
  C:\Windows\System\CDQuUxP.exe
  2⤵
  PID:7548
- C:\Windows\System\vsRfJBz.exe
  C:\Windows\System\vsRfJBz.exe
  2⤵
  PID:7528
- C:\Windows\System\TwmAviP.exe
  C:\Windows\System\TwmAviP.exe
  2⤵
  PID:7580
- C:\Windows\System\McZHmwE.exe
  C:\Windows\System\McZHmwE.exe
  2⤵
  PID:7632
- C:\Windows\System\CbIlIMZ.exe
  C:\Windows\System\CbIlIMZ.exe
  2⤵
  PID:7696
- C:\Windows\System\cygZyMy.exe
  C:\Windows\System\cygZyMy.exe
  2⤵
  PID:7644
- C:\Windows\System\RzBqEUH.exe
  C:\Windows\System\RzBqEUH.exe
  2⤵
  PID:7752
- C:\Windows\System\FRVsWKA.exe
  C:\Windows\System\FRVsWKA.exe
  2⤵
  PID:7812
- C:\Windows\System\XbmrUbj.exe
  C:\Windows\System\XbmrUbj.exe
  2⤵
  PID:7796
- C:\Windows\System\TrgSapF.exe
  C:\Windows\System\TrgSapF.exe
  2⤵
  PID:7908
- C:\Windows\System\tloruqa.exe
  C:\Windows\System\tloruqa.exe
  2⤵
  PID:7880
- C:\Windows\System\aCGbrPS.exe
  C:\Windows\System\aCGbrPS.exe
  2⤵
  PID:7944
- C:\Windows\System\WrILaub.exe
  C:\Windows\System\WrILaub.exe
  2⤵
  PID:7960
- C:\Windows\System\yLTgzwR.exe
  C:\Windows\System\yLTgzwR.exe
  2⤵
  PID:7980
- C:\Windows\System\fwDWZmO.exe
  C:\Windows\System\fwDWZmO.exe
  2⤵
  PID:8016
- C:\Windows\System\hchJysf.exe
  C:\Windows\System\hchJysf.exe
  2⤵
  PID:8052
- C:\Windows\System\vBBjOrd.exe
  C:\Windows\System\vBBjOrd.exe
  2⤵
  PID:8104
- C:\Windows\System\bYPRTju.exe
  C:\Windows\System\bYPRTju.exe
  2⤵
  PID:8152
- C:\Windows\System\dPVvcqh.exe
  C:\Windows\System\dPVvcqh.exe
  2⤵
  PID:8188
- C:\Windows\System\FyBSWSJ.exe
  C:\Windows\System\FyBSWSJ.exe
  2⤵
  PID:7204
- C:\Windows\System\VTTYNAW.exe
  C:\Windows\System\VTTYNAW.exe
  2⤵
  PID:7208
- C:\Windows\System\hKbzHji.exe
  C:\Windows\System\hKbzHji.exe
  2⤵
  PID:7104
- C:\Windows\System\oJNJfuF.exe
  C:\Windows\System\oJNJfuF.exe
  2⤵
  PID:7192
- C:\Windows\System\LFDxEKE.exe
  C:\Windows\System\LFDxEKE.exe
  2⤵
  PID:7392
- C:\Windows\System\umrWjtL.exe
  C:\Windows\System\umrWjtL.exe
  2⤵
  PID:7596
- C:\Windows\System\TiBwTCr.exe
  C:\Windows\System\TiBwTCr.exe
  2⤵
  PID:7628
- C:\Windows\System\HYTyIRb.exe
  C:\Windows\System\HYTyIRb.exe
  2⤵
  PID:7660
- C:\Windows\System\KqPszUN.exe
  C:\Windows\System\KqPszUN.exe
  2⤵
  PID:7704
- C:\Windows\System\gJzJsVU.exe
  C:\Windows\System\gJzJsVU.exe
  2⤵
  PID:7780
- C:\Windows\System\qJptFuF.exe
  C:\Windows\System\qJptFuF.exe
  2⤵
  PID:7832
- C:\Windows\System\hMdQMCC.exe
  C:\Windows\System\hMdQMCC.exe
  2⤵
  PID:7904
- C:\Windows\System\WvwmAmG.exe
  C:\Windows\System\WvwmAmG.exe
  2⤵
  PID:7844
- C:\Windows\System\eIEhWYv.exe
  C:\Windows\System\eIEhWYv.exe
  2⤵
  PID:7840
- C:\Windows\System\CUQwNzh.exe
  C:\Windows\System\CUQwNzh.exe
  2⤵
  PID:7912
- C:\Windows\System\fmLawOu.exe
  C:\Windows\System\fmLawOu.exe
  2⤵
  PID:7984
- C:\Windows\System\pXCEyVi.exe
  C:\Windows\System\pXCEyVi.exe
  2⤵
  PID:8044
- C:\Windows\System\ZBKQCCM.exe
  C:\Windows\System\ZBKQCCM.exe
  2⤵
  PID:8140
- C:\Windows\System\kUogUVz.exe
  C:\Windows\System\kUogUVz.exe
  2⤵
  PID:8128
- C:\Windows\System\qSoUJVx.exe
  C:\Windows\System\qSoUJVx.exe
  2⤵
  PID:8068
- C:\Windows\System\xVvIRKW.exe
  C:\Windows\System\xVvIRKW.exe
  2⤵
  PID:8184
- C:\Windows\System\cDtneFC.exe
  C:\Windows\System\cDtneFC.exe
  2⤵
  PID:7420
- C:\Windows\System\WfLmjHD.exe
  C:\Windows\System\WfLmjHD.exe
  2⤵
  PID:7520
- C:\Windows\System\aVccEWx.exe
  C:\Windows\System\aVccEWx.exe
  2⤵
  PID:7364
- C:\Windows\System\ESDoiib.exe
  C:\Windows\System\ESDoiib.exe
  2⤵
  PID:7448
- C:\Windows\System\QWxSMjF.exe
  C:\Windows\System\QWxSMjF.exe
  2⤵
  PID:7564
- C:\Windows\System\VnNNfFx.exe
  C:\Windows\System\VnNNfFx.exe
  2⤵
  PID:7728
- C:\Windows\System\hKxGtOz.exe
  C:\Windows\System\hKxGtOz.exe
  2⤵
  PID:8036
- C:\Windows\System\fJBBREY.exe
  C:\Windows\System\fJBBREY.exe
  2⤵
  PID:8088
- C:\Windows\System\UuHiXmP.exe
  C:\Windows\System\UuHiXmP.exe
  2⤵
  PID:7504
- C:\Windows\System\KOGVmzs.exe
  C:\Windows\System\KOGVmzs.exe
  2⤵
  PID:7540
- C:\Windows\System\RTjlRgh.exe
  C:\Windows\System\RTjlRgh.exe
  2⤵
  PID:7768
- C:\Windows\System\HKbfpML.exe
  C:\Windows\System\HKbfpML.exe
  2⤵
  PID:8168
- C:\Windows\System\ptkENmf.exe
  C:\Windows\System\ptkENmf.exe
  2⤵
  PID:8040
- C:\Windows\System\IIDPNsj.exe
  C:\Windows\System\IIDPNsj.exe
  2⤵
  PID:8180
- C:\Windows\System\EGzAkgW.exe
  C:\Windows\System\EGzAkgW.exe
  2⤵
  PID:7800
- C:\Windows\System\BEHGLxG.exe
  C:\Windows\System\BEHGLxG.exe
  2⤵
  PID:8004
- C:\Windows\System\jKBsuXF.exe
  C:\Windows\System\jKBsuXF.exe
  2⤵
  PID:7676
- C:\Windows\System\VAWdHFG.exe
  C:\Windows\System\VAWdHFG.exe
  2⤵
  PID:7876
- C:\Windows\System\NZyPoTs.exe
  C:\Windows\System\NZyPoTs.exe
  2⤵
  PID:7416
- C:\Windows\System\ZVuUSCn.exe
  C:\Windows\System\ZVuUSCn.exe
  2⤵
  PID:7468
- C:\Windows\System\zuTUnAR.exe
  C:\Windows\System\zuTUnAR.exe
  2⤵
  PID:7236
- C:\Windows\System\HyPlJsZ.exe
  C:\Windows\System\HyPlJsZ.exe
  2⤵
  PID:8216
- C:\Windows\System\WVuSkdB.exe
  C:\Windows\System\WVuSkdB.exe
  2⤵
  PID:8232
- C:\Windows\System\OxbsqKC.exe
  C:\Windows\System\OxbsqKC.exe
  2⤵
  PID:8248
- C:\Windows\System\SBYHrjb.exe
  C:\Windows\System\SBYHrjb.exe
  2⤵
  PID:8272
- C:\Windows\System\cXvBQYC.exe
  C:\Windows\System\cXvBQYC.exe
  2⤵
  PID:8296
- C:\Windows\System\JTKGoql.exe
  C:\Windows\System\JTKGoql.exe
  2⤵
  PID:8324
- C:\Windows\System\dAKrkpV.exe
  C:\Windows\System\dAKrkpV.exe
  2⤵
  PID:8340
- C:\Windows\System\ubjqIYz.exe
  C:\Windows\System\ubjqIYz.exe
  2⤵
  PID:8356
- C:\Windows\System\pRkJFIL.exe
  C:\Windows\System\pRkJFIL.exe
  2⤵
  PID:8384
- C:\Windows\System\djQuSAT.exe
  C:\Windows\System\djQuSAT.exe
  2⤵
  PID:8400
- C:\Windows\System\nglHuGG.exe
  C:\Windows\System\nglHuGG.exe
  2⤵
  PID:8416
- C:\Windows\System\LTliEpp.exe
  C:\Windows\System\LTliEpp.exe
  2⤵
  PID:8436
- C:\Windows\System\xmhUNYv.exe
  C:\Windows\System\xmhUNYv.exe
  2⤵
  PID:8452
- C:\Windows\System\cPofyJo.exe
  C:\Windows\System\cPofyJo.exe
  2⤵
  PID:8476
- C:\Windows\System\OiQQgEz.exe
  C:\Windows\System\OiQQgEz.exe
  2⤵
  PID:8516
- C:\Windows\System\tpVmSdq.exe
  C:\Windows\System\tpVmSdq.exe
  2⤵
  PID:8532
- C:\Windows\System\zNCbyQs.exe
  C:\Windows\System\zNCbyQs.exe
  2⤵
  PID:8548
- C:\Windows\System\TtUBIvD.exe
  C:\Windows\System\TtUBIvD.exe
  2⤵
  PID:8564
- C:\Windows\System\CgxVals.exe
  C:\Windows\System\CgxVals.exe
  2⤵
  PID:8580
- C:\Windows\System\oAytgHJ.exe
  C:\Windows\System\oAytgHJ.exe
  2⤵
  PID:8616
- C:\Windows\System\baQRVZD.exe
  C:\Windows\System\baQRVZD.exe
  2⤵
  PID:8632
- C:\Windows\System\cJNLNdT.exe
  C:\Windows\System\cJNLNdT.exe
  2⤵
  PID:8648
- C:\Windows\System\muSsWEx.exe
  C:\Windows\System\muSsWEx.exe
  2⤵
  PID:8668
- C:\Windows\System\wQxpDyt.exe
  C:\Windows\System\wQxpDyt.exe
  2⤵
  PID:8692
- C:\Windows\System\GmSUxJZ.exe
  C:\Windows\System\GmSUxJZ.exe
  2⤵
  PID:8708
- C:\Windows\System\FOtGEDp.exe
  C:\Windows\System\FOtGEDp.exe
  2⤵
  PID:8724
- C:\Windows\System\XdDJpnA.exe
  C:\Windows\System\XdDJpnA.exe
  2⤵
  PID:8752
- C:\Windows\System\YFLJjVV.exe
  C:\Windows\System\YFLJjVV.exe
  2⤵
  PID:8776
- C:\Windows\System\cCNfSPd.exe
  C:\Windows\System\cCNfSPd.exe
  2⤵
  PID:8796
- C:\Windows\System\pDTLJav.exe
  C:\Windows\System\pDTLJav.exe
  2⤵
  PID:8816
- C:\Windows\System\XTvNdqF.exe
  C:\Windows\System\XTvNdqF.exe
  2⤵
  PID:8832
- C:\Windows\System\OlEkKKB.exe
  C:\Windows\System\OlEkKKB.exe
  2⤵
  PID:8848
- C:\Windows\System\xTPPtmV.exe
  C:\Windows\System\xTPPtmV.exe
  2⤵
  PID:8872
- C:\Windows\System\uReGmba.exe
  C:\Windows\System\uReGmba.exe
  2⤵
  PID:8900
- C:\Windows\System\XmkMjmG.exe
  C:\Windows\System\XmkMjmG.exe
  2⤵
  PID:8916
- C:\Windows\System\eldtyHJ.exe
  C:\Windows\System\eldtyHJ.exe
  2⤵
  PID:8940
- C:\Windows\System\jHCcenh.exe
  C:\Windows\System\jHCcenh.exe
  2⤵
  PID:8956
- C:\Windows\System\ERGxNSl.exe
  C:\Windows\System\ERGxNSl.exe
  2⤵
  PID:8976
- C:\Windows\System\AMVQXZl.exe
  C:\Windows\System\AMVQXZl.exe
  2⤵
  PID:8996
- C:\Windows\System\ZUFuzOG.exe
  C:\Windows\System\ZUFuzOG.exe
  2⤵
  PID:9012
- C:\Windows\System\eAxvyOW.exe
  C:\Windows\System\eAxvyOW.exe
  2⤵
  PID:9028
- C:\Windows\System\OWzOYWG.exe
  C:\Windows\System\OWzOYWG.exe
  2⤵
  PID:9044
- C:\Windows\System\zQpCrrX.exe
  C:\Windows\System\zQpCrrX.exe
  2⤵
  PID:9060
- C:\Windows\System\HxOJlmr.exe
  C:\Windows\System\HxOJlmr.exe
  2⤵
  PID:9080
- C:\Windows\System\TvPEVcp.exe
  C:\Windows\System\TvPEVcp.exe
  2⤵
  PID:9108
- C:\Windows\System\OkyAuLW.exe
  C:\Windows\System\OkyAuLW.exe
  2⤵
  PID:9128
- C:\Windows\System\nRVnZMx.exe
  C:\Windows\System\nRVnZMx.exe
  2⤵
  PID:9164
- C:\Windows\System\oFQUVbr.exe
  C:\Windows\System\oFQUVbr.exe
  2⤵
  PID:9180
- C:\Windows\System\MIvdfop.exe
  C:\Windows\System\MIvdfop.exe
  2⤵
  PID:9196
- C:\Windows\System\vNBBbpD.exe
  C:\Windows\System\vNBBbpD.exe
  2⤵
  PID:9212
- C:\Windows\System\HswiedF.exe
  C:\Windows\System\HswiedF.exe
  2⤵
  PID:7748
- C:\Windows\System\KbUWleQ.exe
  C:\Windows\System\KbUWleQ.exe
  2⤵
  PID:8224
- C:\Windows\System\qQoHQKW.exe
  C:\Windows\System\qQoHQKW.exe
  2⤵
  PID:8264
- C:\Windows\System\OUPyyQr.exe
  C:\Windows\System\OUPyyQr.exe
  2⤵
  PID:8288
- C:\Windows\System\mnLusVS.exe
  C:\Windows\System\mnLusVS.exe
  2⤵
  PID:8368
- C:\Windows\System\HgJqyrm.exe
  C:\Windows\System\HgJqyrm.exe
  2⤵
  PID:8408
- C:\Windows\System\ONAotzc.exe
  C:\Windows\System\ONAotzc.exe
  2⤵
  PID:8444
- C:\Windows\System\CWwfnnz.exe
  C:\Windows\System\CWwfnnz.exe
  2⤵
  PID:8460
- C:\Windows\System\ChAFTgZ.exe
  C:\Windows\System\ChAFTgZ.exe
  2⤵
  PID:8492
- C:\Windows\System\smEkpuT.exe
  C:\Windows\System\smEkpuT.exe
  2⤵
  PID:8524
- C:\Windows\System\gyUsxxU.exe
  C:\Windows\System\gyUsxxU.exe
  2⤵
  PID:8500
- C:\Windows\System\oCgnbuf.exe
  C:\Windows\System\oCgnbuf.exe
  2⤵
  PID:8508
- C:\Windows\System\uKePINs.exe
  C:\Windows\System\uKePINs.exe
  2⤵
  PID:8624
- C:\Windows\System\KKNKDyh.exe
  C:\Windows\System\KKNKDyh.exe
  2⤵
  PID:8640
- C:\Windows\System\tMwcSIu.exe
  C:\Windows\System\tMwcSIu.exe
  2⤵
  PID:8676
- C:\Windows\System\kgZEVlh.exe
  C:\Windows\System\kgZEVlh.exe
  2⤵
  PID:8736
- C:\Windows\System\GOTXVyW.exe
  C:\Windows\System\GOTXVyW.exe
  2⤵
  PID:8784
- C:\Windows\System\CxlSHXO.exe
  C:\Windows\System\CxlSHXO.exe
  2⤵
  PID:8772
- C:\Windows\System\GDZDetv.exe
  C:\Windows\System\GDZDetv.exe
  2⤵
  PID:8828
- C:\Windows\System\NJxvCCZ.exe
  C:\Windows\System\NJxvCCZ.exe
  2⤵
  PID:8856
- C:\Windows\System\uEEnYIU.exe
  C:\Windows\System\uEEnYIU.exe
  2⤵
  PID:8844
- C:\Windows\System\tpZipMR.exe
  C:\Windows\System\tpZipMR.exe
  2⤵
  PID:8888
- C:\Windows\System\AOCgNMt.exe
  C:\Windows\System\AOCgNMt.exe
  2⤵
  PID:8932
- C:\Windows\System\iDccuaC.exe
  C:\Windows\System\iDccuaC.exe
  2⤵
  PID:8972
- C:\Windows\System\WZMdJtN.exe
  C:\Windows\System\WZMdJtN.exe
  2⤵
  PID:9020
- C:\Windows\System\zTERuBy.exe
  C:\Windows\System\zTERuBy.exe
  2⤵
  PID:9088
- C:\Windows\System\oAgWuoc.exe
  C:\Windows\System\oAgWuoc.exe
  2⤵
  PID:9008
- C:\Windows\System\cXEydQz.exe
  C:\Windows\System\cXEydQz.exe
  2⤵
  PID:9068
- C:\Windows\System\RJnpYrW.exe
  C:\Windows\System\RJnpYrW.exe
  2⤵
  PID:9116
- C:\Windows\System\hZxnuzK.exe
  C:\Windows\System\hZxnuzK.exe
  2⤵
  PID:9152
- C:\Windows\System\dJzcOyc.exe
  C:\Windows\System\dJzcOyc.exe
  2⤵
  PID:9176
- C:\Windows\System\oOmRlxP.exe
  C:\Windows\System\oOmRlxP.exe
  2⤵
  PID:8228
- C:\Windows\System\cuEobWu.exe
  C:\Windows\System\cuEobWu.exe
  2⤵
  PID:9208
- C:\Windows\System\lldgoQU.exe
  C:\Windows\System\lldgoQU.exe
  2⤵
  PID:8312
- C:\Windows\System\IcKKYai.exe
  C:\Windows\System\IcKKYai.exe
  2⤵
  PID:8380
- C:\Windows\System\odtJxIR.exe
  C:\Windows\System\odtJxIR.exe
  2⤵
  PID:8372
- C:\Windows\System\TxoAVUv.exe
  C:\Windows\System\TxoAVUv.exe
  2⤵
  PID:8472
- C:\Windows\System\tOFskHR.exe
  C:\Windows\System\tOFskHR.exe
  2⤵
  PID:8504
- C:\Windows\System\tBBneHN.exe
  C:\Windows\System\tBBneHN.exe
  2⤵
  PID:8588
- C:\Windows\System\HbTXUaM.exe
  C:\Windows\System\HbTXUaM.exe
  2⤵
  PID:8352
- C:\Windows\System\SbyrHIF.exe
  C:\Windows\System\SbyrHIF.exe
  2⤵
  PID:8664
- C:\Windows\System\iPpWijD.exe
  C:\Windows\System\iPpWijD.exe
  2⤵
  PID:8704
- C:\Windows\System\UapebdP.exe
  C:\Windows\System\UapebdP.exe
  2⤵
  PID:8764
- C:\Windows\System\RdbqTDB.exe
  C:\Windows\System\RdbqTDB.exe
  2⤵
  PID:8812
- C:\Windows\System\cPnGEbZ.exe
  C:\Windows\System\cPnGEbZ.exe
  2⤵
  PID:8896
- C:\Windows\System\qabebKE.exe
  C:\Windows\System\qabebKE.exe
  2⤵
  PID:9136
- C:\Windows\System\yzXkyuj.exe
  C:\Windows\System\yzXkyuj.exe
  2⤵
  PID:9160
- C:\Windows\System\SRIxhON.exe
  C:\Windows\System\SRIxhON.exe
  2⤵
  PID:8984
- C:\Windows\System\TCnsjiH.exe
  C:\Windows\System\TCnsjiH.exe
  2⤵
  PID:8260
- C:\Windows\System\zeSGHcK.exe
  C:\Windows\System\zeSGHcK.exe
  2⤵
  PID:7252
- C:\Windows\System\EmZhxhQ.exe
  C:\Windows\System\EmZhxhQ.exe
  2⤵
  PID:8280
- C:\Windows\System\zlBvbGJ.exe
  C:\Windows\System\zlBvbGJ.exe
  2⤵
  PID:8484
- C:\Windows\System\HSqFazk.exe
  C:\Windows\System\HSqFazk.exe
  2⤵
  PID:8424
- C:\Windows\System\CVubDKt.exe
  C:\Windows\System\CVubDKt.exe
  2⤵
  PID:8656
- C:\Windows\System\SyBCvQX.exe
  C:\Windows\System\SyBCvQX.exe
  2⤵
  PID:8748
- C:\Windows\System\XmsCZki.exe
  C:\Windows\System\XmsCZki.exe
  2⤵
  PID:8840
- C:\Windows\System\rGNXNEU.exe
  C:\Windows\System\rGNXNEU.exe
  2⤵
  PID:8992
- C:\Windows\System\dLkVagA.exe
  C:\Windows\System\dLkVagA.exe
  2⤵
  PID:8284
- C:\Windows\System\cHEPBHx.exe
  C:\Windows\System\cHEPBHx.exe
  2⤵
  PID:8716
- C:\Windows\System\vQfacMk.exe
  C:\Windows\System\vQfacMk.exe
  2⤵
  PID:8592
- C:\Windows\System\XgpnuHa.exe
  C:\Windows\System\XgpnuHa.exe
  2⤵
  PID:8512
- C:\Windows\System\JBupjou.exe
  C:\Windows\System\JBupjou.exe
  2⤵
  PID:8912
- C:\Windows\System\JncIDLq.exe
  C:\Windows\System\JncIDLq.exe
  2⤵
  PID:8824
- C:\Windows\System\RfFFzDr.exe
  C:\Windows\System\RfFFzDr.exe
  2⤵
  PID:9040
- C:\Windows\System\VBvGeZw.exe
  C:\Windows\System\VBvGeZw.exe
  2⤵
  PID:9144
- C:\Windows\System\HRDjjBF.exe
  C:\Windows\System\HRDjjBF.exe
  2⤵
  PID:8988
- C:\Windows\System\LiCFAHv.exe
  C:\Windows\System\LiCFAHv.exe
  2⤵
  PID:8660
- C:\Windows\System\uzLlzWC.exe
  C:\Windows\System\uzLlzWC.exe
  2⤵
  PID:9056
- C:\Windows\System\RNXKJPo.exe
  C:\Windows\System\RNXKJPo.exe
  2⤵
  PID:8864
- C:\Windows\System\DlNbYAH.exe
  C:\Windows\System\DlNbYAH.exe
  2⤵
  PID:8212
- C:\Windows\System\OIgndrX.exe
  C:\Windows\System\OIgndrX.exe
  2⤵
  PID:9092
- C:\Windows\System\YPCvvmv.exe
  C:\Windows\System\YPCvvmv.exe
  2⤵
  PID:9240
- C:\Windows\System\uQIPvft.exe
  C:\Windows\System\uQIPvft.exe
  2⤵
  PID:9264
- C:\Windows\System\wWlxLDl.exe
  C:\Windows\System\wWlxLDl.exe
  2⤵
  PID:9284
- C:\Windows\System\ekAEBGp.exe
  C:\Windows\System\ekAEBGp.exe
  2⤵
  PID:9300
- C:\Windows\System\BscBzdn.exe
  C:\Windows\System\BscBzdn.exe
  2⤵
  PID:9316
- C:\Windows\System\jayTwuN.exe
  C:\Windows\System\jayTwuN.exe
  2⤵
  PID:9332
- C:\Windows\System\rUmIjhu.exe
  C:\Windows\System\rUmIjhu.exe
  2⤵
  PID:9348
- C:\Windows\System\hKwTPsE.exe
  C:\Windows\System\hKwTPsE.exe
  2⤵
  PID:9364
- C:\Windows\System\DWanLPL.exe
  C:\Windows\System\DWanLPL.exe
  2⤵
  PID:9380
- C:\Windows\System\FVaoFSo.exe
  C:\Windows\System\FVaoFSo.exe
  2⤵
  PID:9396
- C:\Windows\System\DOwpSpg.exe
  C:\Windows\System\DOwpSpg.exe
  2⤵
  PID:9412
- C:\Windows\System\vStmqcM.exe
  C:\Windows\System\vStmqcM.exe
  2⤵
  PID:9428
- C:\Windows\System\rEHaEaB.exe
  C:\Windows\System\rEHaEaB.exe
  2⤵
  PID:9444
- C:\Windows\System\nHvsaFf.exe
  C:\Windows\System\nHvsaFf.exe
  2⤵
  PID:9464
- C:\Windows\System\tMeQZsJ.exe
  C:\Windows\System\tMeQZsJ.exe
  2⤵
  PID:9480
- C:\Windows\System\NQwhNPg.exe
  C:\Windows\System\NQwhNPg.exe
  2⤵
  PID:9496
- C:\Windows\System\qaqNIBM.exe
  C:\Windows\System\qaqNIBM.exe
  2⤵
  PID:9532
- C:\Windows\System\jDWBBox.exe
  C:\Windows\System\jDWBBox.exe
  2⤵
  PID:9552
- C:\Windows\System\ULxZqGC.exe
  C:\Windows\System\ULxZqGC.exe
  2⤵
  PID:9568
- C:\Windows\System\rVcVptk.exe
  C:\Windows\System\rVcVptk.exe
  2⤵
  PID:9588
- C:\Windows\System\DsXnxzP.exe
  C:\Windows\System\DsXnxzP.exe
  2⤵
  PID:9608
- C:\Windows\System\JXnfCER.exe
  C:\Windows\System\JXnfCER.exe
  2⤵
  PID:9628
- C:\Windows\System\YelftBv.exe
  C:\Windows\System\YelftBv.exe
  2⤵
  PID:9648
- C:\Windows\System\VysESpS.exe
  C:\Windows\System\VysESpS.exe
  2⤵
  PID:9664
- C:\Windows\System\YGdxsBq.exe
  C:\Windows\System\YGdxsBq.exe
  2⤵
  PID:9688
- C:\Windows\System\FSlBsTl.exe
  C:\Windows\System\FSlBsTl.exe
  2⤵
  PID:9708
- C:\Windows\System\nDYHaja.exe
  C:\Windows\System\nDYHaja.exe
  2⤵
  PID:9724
- C:\Windows\System\cWZPFUY.exe
  C:\Windows\System\cWZPFUY.exe
  2⤵
  PID:9748
- C:\Windows\System\vSAKiHR.exe
  C:\Windows\System\vSAKiHR.exe
  2⤵
  PID:9772
- C:\Windows\System\YgcMFdw.exe
  C:\Windows\System\YgcMFdw.exe
  2⤵
  PID:9792
- C:\Windows\System\ImNaaPD.exe
  C:\Windows\System\ImNaaPD.exe
  2⤵
  PID:9808
- C:\Windows\System\OEmacYe.exe
  C:\Windows\System\OEmacYe.exe
  2⤵
  PID:9832
- C:\Windows\System\sDxZVTa.exe
  C:\Windows\System\sDxZVTa.exe
  2⤵
  PID:9848
- C:\Windows\System\XjfMltc.exe
  C:\Windows\System\XjfMltc.exe
  2⤵
  PID:9872
- C:\Windows\System\pwEjSDk.exe
  C:\Windows\System\pwEjSDk.exe
  2⤵
  PID:9888
- C:\Windows\System\SCIXbpb.exe
  C:\Windows\System\SCIXbpb.exe
  2⤵
  PID:9904
- C:\Windows\System\gUFAADv.exe
  C:\Windows\System\gUFAADv.exe
  2⤵
  PID:9928
- C:\Windows\System\lughNpr.exe
  C:\Windows\System\lughNpr.exe
  2⤵
  PID:9948
- C:\Windows\System\cZOLNKz.exe
  C:\Windows\System\cZOLNKz.exe
  2⤵
  PID:9972
- C:\Windows\System\lNPcHZV.exe
  C:\Windows\System\lNPcHZV.exe
  2⤵
  PID:9988
- C:\Windows\System\HSMMPTH.exe
  C:\Windows\System\HSMMPTH.exe
  2⤵
  PID:10012
- C:\Windows\System\wImXHWJ.exe
  C:\Windows\System\wImXHWJ.exe
  2⤵
  PID:10036
- C:\Windows\System\LCxHfKG.exe
  C:\Windows\System\LCxHfKG.exe
  2⤵
  PID:10052
- C:\Windows\System\hJCaagH.exe
  C:\Windows\System\hJCaagH.exe
  2⤵
  PID:10072
- C:\Windows\System\wTGnlmm.exe
  C:\Windows\System\wTGnlmm.exe
  2⤵
  PID:10088
- C:\Windows\System\yLsaPmH.exe
  C:\Windows\System\yLsaPmH.exe
  2⤵
  PID:10104
- C:\Windows\System\qDPnkOl.exe
  C:\Windows\System\qDPnkOl.exe
  2⤵
  PID:10120
- C:\Windows\System\NhUbFdg.exe
  C:\Windows\System\NhUbFdg.exe
  2⤵
  PID:10136
- C:\Windows\System\UFaWEYO.exe
  C:\Windows\System\UFaWEYO.exe
  2⤵
  PID:10156
- C:\Windows\System\iRZWLpv.exe
  C:\Windows\System\iRZWLpv.exe
  2⤵
  PID:10176
- C:\Windows\System\oMnVRAr.exe
  C:\Windows\System\oMnVRAr.exe
  2⤵
  PID:10196
- C:\Windows\System\pWbCrLA.exe
  C:\Windows\System\pWbCrLA.exe
  2⤵
  PID:10212
- C:\Windows\System\vfDuZgi.exe
  C:\Windows\System\vfDuZgi.exe
  2⤵
  PID:9100
- C:\Windows\System\nTBLphy.exe
  C:\Windows\System\nTBLphy.exe
  2⤵
  PID:8868
- C:\Windows\System\tYCMpIm.exe
  C:\Windows\System\tYCMpIm.exe
  2⤵
  PID:9228
- C:\Windows\System\ZfsKLFw.exe
  C:\Windows\System\ZfsKLFw.exe
  2⤵
  PID:9232
- C:\Windows\System\QJPBFiC.exe
  C:\Windows\System\QJPBFiC.exe
  2⤵
  PID:9236
- C:\Windows\System\JrUVbun.exe
  C:\Windows\System\JrUVbun.exe
  2⤵
  PID:9312
- C:\Windows\System\YmPgKlY.exe
  C:\Windows\System\YmPgKlY.exe
  2⤵
  PID:9392
- C:\Windows\System\nQqVruv.exe
  C:\Windows\System\nQqVruv.exe
  2⤵
  PID:9372
- C:\Windows\System\HvVfARK.exe
  C:\Windows\System\HvVfARK.exe
  2⤵
  PID:9424
- C:\Windows\System\YRqulvt.exe
  C:\Windows\System\YRqulvt.exe
  2⤵
  PID:9460
- C:\Windows\System\JkNiqJB.exe
  C:\Windows\System\JkNiqJB.exe
  2⤵
  PID:9476
- C:\Windows\System\IxPkZKL.exe
  C:\Windows\System\IxPkZKL.exe
  2⤵
  PID:9512
- C:\Windows\System\lPpvmYX.exe
  C:\Windows\System\lPpvmYX.exe
  2⤵
  PID:9544
- C:\Windows\System\kEgHzlq.exe
  C:\Windows\System\kEgHzlq.exe
  2⤵
  PID:9584
- C:\Windows\System\NdGSPGN.exe
  C:\Windows\System\NdGSPGN.exe
  2⤵
  PID:9596
- C:\Windows\System\CVEtoBJ.exe
  C:\Windows\System\CVEtoBJ.exe
  2⤵
  PID:9656
- C:\Windows\System\IQFjjXQ.exe
  C:\Windows\System\IQFjjXQ.exe
  2⤵
  PID:9672
- C:\Windows\System\ExUQnRe.exe
  C:\Windows\System\ExUQnRe.exe
  2⤵
  PID:9676
- C:\Windows\System\iMDYLaQ.exe
  C:\Windows\System\iMDYLaQ.exe
  2⤵
  PID:9896
- C:\Windows\System\HLLUcLf.exe
  C:\Windows\System\HLLUcLf.exe
  2⤵
  PID:9884
- C:\Windows\System\JAgvYul.exe
  C:\Windows\System\JAgvYul.exe
  2⤵
  PID:9960
- C:\Windows\System\lSwFpZL.exe
  C:\Windows\System\lSwFpZL.exe
  2⤵
  PID:10032
- C:\Windows\System\fGHEnQe.exe
  C:\Windows\System\fGHEnQe.exe
  2⤵
  PID:10044
- C:\Windows\System\UECtQkI.exe
  C:\Windows\System\UECtQkI.exe
  2⤵
  PID:10080
- C:\Windows\System\vFYkKFq.exe
  C:\Windows\System\vFYkKFq.exe
  2⤵
  PID:10112
- C:\Windows\System\sVgqynw.exe
  C:\Windows\System\sVgqynw.exe
  2⤵
  PID:10148
- C:\Windows\System\MVupOYe.exe
  C:\Windows\System\MVupOYe.exe
  2⤵
  PID:10204
- C:\Windows\System\VsJKZSY.exe
  C:\Windows\System\VsJKZSY.exe
  2⤵
  PID:8924
- C:\Windows\System\fRgMxJN.exe
  C:\Windows\System\fRgMxJN.exe
  2⤵
  PID:10188
- C:\Windows\System\fbfgNKm.exe
  C:\Windows\System\fbfgNKm.exe
  2⤵
  PID:9276
- C:\Windows\System\xKelAZx.exe
  C:\Windows\System\xKelAZx.exe
  2⤵
  PID:9436
- C:\Windows\System\OiJNakH.exe
  C:\Windows\System\OiJNakH.exe
  2⤵
  PID:9404
- C:\Windows\System\IoZrFBd.exe
  C:\Windows\System\IoZrFBd.exe
  2⤵
  PID:9508
- C:\Windows\System\VqcuSOL.exe
  C:\Windows\System\VqcuSOL.exe
  2⤵
  PID:9600
- C:\Windows\System\FZTphDR.exe
  C:\Windows\System\FZTphDR.exe
  2⤵
  PID:9620
- C:\Windows\System\oFsDbPZ.exe
  C:\Windows\System\oFsDbPZ.exe
  2⤵
  PID:9660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EblrkhO.exe

Filesize
6.0MB

MD5
37ff9430873ab726f9a8ee742d1d115d

SHA1
0fbb8b99b6f3309ea82343f5ef9df274f01c8231

SHA256
b02e39896bcd32231f31f2002fd8eeb5ab3c89543fa473a1bb404440d66730d3

SHA512
0a0caf4f6d9e70777d49a8f98f4a768f51a6e5c13d5d039c0f9ce7a17f158a37997d50f82aea55b30513062687c6876674e0872167d80ae90d80797ea4a353cc

Download Submit
C:\Windows\system\MtPsmim.exe

Filesize
6.0MB

MD5
2a2c74fca0ef843d6e4224c7cb447e27

SHA1
4d3b50a6910cce9df56cdd76b5eb213bd6d651d8

SHA256
b9f4fc04578b27ba2b27095cb3956499bb0b9b695f40c3d6834e6740da0760ca

SHA512
cf056614295d83ef7afeae24d95c39d98d26667c4ca1edba45f95c92fff78951bd5baf23e60b93897fe6147fd9acc1741dbd34e27ee968a3775ed583e45f8eac

Download Submit
C:\Windows\system\NoERmEn.exe

Filesize
6.0MB

MD5
ca283f88db2401271560e42bd901c083

SHA1
d8b75a8284a95b8c4cc6ba074d57daf27d2bc9e6

SHA256
bd120de264cfa0782b4d6d375c427fe167a04f5a4a4af84bad79c3cc9f575626

SHA512
32f0c51643171b2fbe2e34dabda5b99f62f7f7b2739b5a4e58d10c37fecd4b52fc4768890d31380f6fd9c5563894b2d16477b99f72b3deb5997dfabc10114247

Download Submit
C:\Windows\system\PiTtopG.exe

Filesize
6.0MB

MD5
9ed7d44215ab4a3ca80b4d875e3956f1

SHA1
2fbfb68483aab3beddbb70ff17be363ccf6f1e9d

SHA256
ac5095cb22073c8c59d44588affc18f21d7528c45565508bd1afd4ef5659c376

SHA512
058ecbd1f2cca4b2b02a65b6a24fa76d7cf8c79a7f3a3d257d20c4d818b9dbfb9f9a51d1a4f486d42d5bf09bb9b6175f36184a044088b724f357abb1b3469589

Download Submit
C:\Windows\system\PtINHPS.exe

Filesize
6.0MB

MD5
bfc73a5e67a769830157ea172fe68121

SHA1
27e7bdef6b768fc8c8d6a201990fae47e97295cd

SHA256
0f3a95d92caff000ad7e0def8405fcfa6c8ad23b13424e839e0414a90d2f0df4

SHA512
f5595c345fbf1721d0ad7b5edb82f989f23ae8aedc5f5747c7cffc082d7db1de638be65c847e869276e296f6822225539426af4e90223dca069e6e7931554e80

Download Submit
C:\Windows\system\UIWlhYo.exe

Filesize
6.0MB

MD5
7fcb277eca10bca49b3d3992d1d20761

SHA1
1acdaf92145f2f31ad21016c24693ea4a72fd89d

SHA256
aa0d792eeb8b78c0c47f7d345c40392a0d6a90fc35f48cfaba6bfa19450b99c0

SHA512
8de57a8bd30549c30bdfbc400e702cb7766f7c390567b4d2f598e160b35ff18fb4bbd5a48631f4bf8468df063fbf926ecd9ecd15c79fe5fa878468ef2b795009

Download Submit
C:\Windows\system\ZPGQwXN.exe

Filesize
6.0MB

MD5
ef2beb468f5729aa6490689c9b708126

SHA1
743ae048dbbd5bff80efa1c0867d225c9f9877f2

SHA256
701308a9b3be99bc52707152fdf438cc2bd724807fa77a0fdef044ae671d93fb

SHA512
27855a8d5571bd18604524948e2ecc9a165c1963ca7c740ac511f9a99b9619c2511f855215f4100b560f59e975c94da366a55d04f07015adea66b10c9de639b3

Download Submit
C:\Windows\system\ZgVuazK.exe

Filesize
6.0MB

MD5
e5bfe6242ea2d849920db9816072d678

SHA1
68174d9ab0e9542652ad6081cf1ff3b9ca360e3d

SHA256
2444f9b9c17f6fee7a7f4d5418e2442e147ffbaf7b8a5a158d5562541aed73ec

SHA512
3241247af8093a9dbe9758f8b7d8d61917fc81720a28679e7524185634dd48248ae5b017c91d44a26cc68f17e14b92bd8a6c3269d8d651028e22fd3cccf7643e

Download Submit
C:\Windows\system\hVlqUPX.exe

Filesize
6.0MB

MD5
897201c31f0ffa626a93fd14f7094a00

SHA1
6636ac8401787c549edd1119eae6ddcaf1349d27

SHA256
8118765797d9a7284b92a235b95bca26e756aa9fd2996511ee2d60cfb9fb2ad9

SHA512
4e2fc7804931d8f320581bc1a8aabe88425aff4283da77e2a7b6a162f54bf2f97374b7cb2e29478d3063928c08720dcd653c4013b3dedba111cabb3feccbacad

Download Submit
C:\Windows\system\iwaPUlm.exe

Filesize
6.0MB

MD5
baf6884ee9eb3407b839a7b73e293b6e

SHA1
94fa7aba05e16ffff12ec3e6766d1fad90260f1f

SHA256
5808c8f78d3eb84802497532b75cfb96f50faeb6fefd387d14db263fb025b3c1

SHA512
bfd3bfb38d902a955b39401c1fbf4d67d72462e0253b2319189247963fb138d6b07965b65177f48feba81a0aa267bbb59cd66a118e5984e539e12dda4919e417

Download Submit
C:\Windows\system\kljHjNw.exe

Filesize
6.0MB

MD5
98bffe6e5f96ab129333285bed032bf3

SHA1
c2b6004b7fbdb53b93937ef741d7e815974278fb

SHA256
a665f28bcc5a1b94da28b8ae01feb98107a932cf899f6699abc6a92f8666a353

SHA512
414921c41845b43969cf95cd540e12e035abb75891f482f405e93dcc950d47ff85085cfb9045e56028763fe90728579213e00803218578a462985ba9ce11a999

Download Submit
C:\Windows\system\kztPOlp.exe

Filesize
6.0MB

MD5
6279663f1bdc302b094a9b200adcfe38

SHA1
8efd268d639d9e12cadb86ac34c5d17f54e4c134

SHA256
613efa88712e3aff74a4fcc567030c8dbf0d9dec3faad25bf0ce3826c9af23b9

SHA512
d60d7c3fd1b6abafaba206f8a9b03eea4cda3d091bebb511fe8c065a65b334e69a14c1793d4571c697f6ae273ab703e78386e7633d902090d10ac6344a3a98e3

Download Submit
C:\Windows\system\lLeVhfC.exe

Filesize
6.0MB

MD5
0d6cb86f69cc111129ff0bd5164458bc

SHA1
1bc821adbd0d2f0dc048bc8562f0443080876887

SHA256
f256f50c01aeb4508e7142f850339ddabc4f4d71e960b7a1c8533d8d26cd17a6

SHA512
a98d4890dc1df55e835baaa8cf113c0c21679c53d4337d5d4e9524b57d4642cd5d79c155436a7474da2a499124460007e18af2d89d06b5f060d46c4b5d73e7a4

Download Submit
C:\Windows\system\mNOyDPA.exe

Filesize
6.0MB

MD5
b12c17d7d527ea940dc5f7cfaff2871a

SHA1
d01138b863be8c74cf97013cedf07bf2ac445df1

SHA256
8dead525c87c2b0d85b116693a1953507c71d0cac140d53e3c0fe85de26e194f

SHA512
4e3037cd38c337d731d8cbf0af8a8953126973407242a0a06908914e1221c692a53510d518a6bd0f189196c3ef5aa05aa888cc12d773f90d2fdbc73e1c59b1dc

Download Submit
C:\Windows\system\nfilrYt.exe

Filesize
6.0MB

MD5
84c2ca9ad32927fc9b6a7bc12c129c15

SHA1
d52391776eb83e4da46e27b1e4f196c626931b94

SHA256
038926bb21098acbbb8566ef755938a51cd4cae50ad7fe79aecf97a1fb8ada4e

SHA512
6935234271a42b18d830b89df9fae289073442e3143faaca8ff712b3e2b0cfca2028f1dc0471ad5126acf6f558644cdb0a3ce04ce3c6d2c0dd2686ac0b7e00a4

Download Submit
C:\Windows\system\rLJUuRM.exe

Filesize
6.0MB

MD5
493ec777acf72223dc11a2f528d37c25

SHA1
1514284aa83c17b52b56ba8bd57ef6439728dd65

SHA256
53b5a93fd0ffe06e984893585f42d0b473f32820206eb8a6e65497718d9fcb21

SHA512
3fe2173097063c8842178a0c35ba1d7cd6f17b5b3efd077d962571d3da70150087d42bf9317cc73cb223dec7915d1b2e8bed2a9e62c2a7499672e3ab114794e3

Download Submit
C:\Windows\system\rmEoXQr.exe

Filesize
6.0MB

MD5
cc62a7173faf165237d1400d6f7bdd2c

SHA1
2a74c0d3b63eabdf1a146a3d239c07f5bf53c93c

SHA256
3c106dd33ad1a78d1523e95a63a4951366399b74326666fbf301a9a2baff37cc

SHA512
fcbaf2b399a6b9ee1f837cd26ab19b1435fb99a4b04bdff451df1c62bd75c59287e18185ee572b6b390015dafb9a35763e6900bd989ef04e1d61348ef20129d7

Download Submit
C:\Windows\system\tFYnYPR.exe

Filesize
6.0MB

MD5
d2d1d7ef6b1dd0e4438ad8f4cdd93c74

SHA1
24a384858f0658eb70f6668763c907fb2dc20d72

SHA256
60f63cc0ef923b99fe262aa6882f5412bb6ac7ac084cc6336cd8b8b7e499f1a1

SHA512
2f0294171681f1465553e9798c67c6050f8b2a7415e89c21997d3510b0672ebcf5642ba7394c529e381a50d67442155fde6bb5981d6f4e4afa72fbff804acf64

Download Submit
C:\Windows\system\uJfTUvw.exe

Filesize
6.0MB

MD5
9109d3759a1c7fde5903343ab50f2db8

SHA1
1af4edc2dce7e838b9651ded8ca280fabdf24c4c

SHA256
602cf8a4214ffcdcc8b453a7330a64124420a9184bf9806b9ec181daf02d8c68

SHA512
683e60068c6ffcfd381ef2c9d8738859b95ae4a193f103434dd7f5aab9bff81bf3e98407191d087125047c1b082fb9f196c7736394165275420334986f9d326a

Download Submit
C:\Windows\system\uOLWYkQ.exe

Filesize
6.0MB

MD5
36049c33dc278ab7f2c09adf272217da

SHA1
2be26348e6770625904bff9b89460c59323c419a

SHA256
6634ffec1481395a315e57cff5a9f4b9e4cf752b0cd3fe977f8603404ff0d591

SHA512
18a2256b45c19dbe12a26b58d7d0d504a322cd5f565e7457821f9a3316e6314536bfb13f86cd83205153a9e8a974867a4c7b7ffb71eee9600a6804957b815df6

Download Submit
C:\Windows\system\uXqNznD.exe

Filesize
6.0MB

MD5
fb1fcdd385491779273ae5cc0bf66b36

SHA1
fba165acba3569012448dcb59f057fe9a388ea2f

SHA256
044028dd487dd810d9ce63d771792b8e583b6fc1c971f7130b048c7b7fa743da

SHA512
a7ba726a9d92e0085520eaa9ebd8a8c3dfe09a081c1da9657bb1c1ec1452cfbd55ba80be4b998fb1c233ac9bf8cd453260a065a9d970ba8a0b39d414f5953bb9

Download Submit
C:\Windows\system\vdIAXxs.exe

Filesize
6.0MB

MD5
840fc186b51cca174fc73ec2a704a659

SHA1
22f264bc2cedadc12373a8e37aa64cf55d15a10b

SHA256
a4583cc67bdb7d064193183ecb139fffdbf937719577b370bd38eee8b4097429

SHA512
666e1b317dfeb6fe23cd516d00eae180acf2001acc2e82a66fc82515f33fa77983ed3a0688101f2fd4854b828f0772c4ad9ce2d31315294178078d8ab1c16269

Download Submit
C:\Windows\system\vwPTJDK.exe

Filesize
6.0MB

MD5
a0fac1b82a4c2d0fd61c78b061a84e6f

SHA1
819ba7bb37d3073907f3cb868c447a731b59f505

SHA256
f22fe3801f7b7aed2c4222a38972fdfad3e010ec9f10720349e6bf7f22f6e800

SHA512
3b15369bcf7cb2ce23835b521791cd17010ea17e138f4eb583243588c7293f2f29b24489e1fc29e6b8b47f981298c2efa931ada085b88446aa9b1a1d260cdaa6

Download Submit
C:\Windows\system\wKfzdkW.exe

Filesize
6.0MB

MD5
9f65470af11660a6b1bf1a0c9bea7b0e

SHA1
9a42f893469f51a57cd7170568c8a93d9637b5f3

SHA256
31b57f17885e14c24061e05b90aa9205b5b274724a4ee3445331000f168ee620

SHA512
32032e354281af4c1be6ce10909ff9dded488c9a706ee081f73b9d4214b04d09b775f06925003d63e0e87f77acb6fa3db4ac080f5e8c85e358b135928b25557f

Download Submit
C:\Windows\system\wKncxWd.exe

Filesize
6.0MB

MD5
5ebf7433a9d79621d1dcf79332b59038

SHA1
9dbc41a23099a7510ddd188b523f6237d448d532

SHA256
6efc1056ba9d9cb6f714a84b9ca09dc062e6dc8527ce2b1ed84b8bfb16c98585

SHA512
e829d01f2e7fe2678792e6a05664d2e77c550f3f4cdfb956643f37abae03e41e7ccf3f66edbb015ee97fd7a2a51920615599e141ee361a63c1f225893ddda607

Download Submit
C:\Windows\system\zIesnEh.exe

Filesize
6.0MB

MD5
1c6d74934bedfca43b2eaf518d0f2455

SHA1
75ad29cf6526d3741261ead3496d28b4492f21ee

SHA256
1a31a0a2be581a4e76d705bc541326d0c2d5f9b790967382e67ea24c9a9be491

SHA512
4d940cd8a78c8ff059616b7dd4a454e498dc721191cd522132d1f4f8d27d75d64833d55e628607037a10a3bec287f2badef451b5ca838f8b2bc20e0bf01e933a

Download Submit
C:\Windows\system\zZxGSLd.exe

Filesize
6.0MB

MD5
cf35232a2c47e42da13f16f7eaee64bb

SHA1
0ed8c16097348581d91fe7ac49e13ea27ab5b3c7

SHA256
5891ccf5c637fed117e3e0f41bb5f7896e59704c1956997877ca974e355fea6a

SHA512
40bb62de01283a5eb899c63cdad2e09dfbe5f6e3df97f8d6dfe4bea80f3faf6b2cc07dcccd67d132dd4ff2c055fffab73799c31a9626f7924701d4545bc87cbd

Download Submit
C:\Windows\system\ziHabZm.exe

Filesize
6.0MB

MD5
401c1e7fe4633ecb012d787e5e3f7d29

SHA1
01dbc6b7e3169cb15545178373b6f585b4a7366f

SHA256
506b8f78b499dbd57781ba2df2ce87b7f34c0ffcb317eca465f18ad3486dd34b

SHA512
63b12d541a10a558fa29bb654bf5d49a9a5373dd2cb24fe17db915562232084047d6c5e8033dec9324c7c9d0d216211b3b395a3e17ffdeccb216f6c0a88f625d

Download Submit
\Windows\system\IrxOEBe.exe

Filesize
6.0MB

MD5
3bca9cf67bf871cbf2fa213f03f3f5e7

SHA1
0a01afc758f909836c365c01590458370997ba40

SHA256
ec0e7b3f53f831819b44140b977c5aa20edf9cfa544fbba5dd4225f8bfb0defa

SHA512
d2dfe8b6509bf8652340a96053014992ec807f630c67b1505839676315fa68117b7b18b2bef00db10371797facfd14dc2c9c0562543dc829862b5b6759d87e34

Download Submit
\Windows\system\OCjCnoy.exe

Filesize
6.0MB

MD5
03c1ade03985538b931f748e965b9087

SHA1
6ce80f258a25e115b508aae811abaecc3bc303c2

SHA256
5015ea1e8c02bf0d11629a00c6829798e11e1abb21d608b190af91f7b4b0a7b0

SHA512
20f4904d7a9c3a3e34296bc81b219db96e75d0f158633169d3260efad8444a47722ba57e9fc01015418b7783ad04ffdd347d73694695f9d0872a0eb6dd597a14

Download Submit
\Windows\system\qiJpVod.exe

Filesize
6.0MB

MD5
384ceb8de66baf7e7f6620d47cd342b1

SHA1
79af8635defbd56da86cb648d4d2ad4184bd3517

SHA256
912b3439e8758ca0b63abb4d3dcc9421cca8bc9e66faa56f4ef46bff433de74b

SHA512
bca697e96c6854783c3e8e2337fccc3f63b175937b3ac1d178a840955c0f6fff0a533127546574a09e58111283133ca5a3e6640a7a9bad36893c8e8d41926beb

Download Submit
\Windows\system\rzKGRbO.exe

Filesize
6.0MB

MD5
74e52ce55452af6b1b7a7de76166d479

SHA1
ff6cb520b12ce5c1f9bb6877dfb6de9c8e24256b

SHA256
96024e6f9c355ba99b3516005648e8a8ccc2072431e1cd8b8e5ab3dced1312f7

SHA512
f89f3691aefde251565d41b3e928c57b66c8b38ce9a202715a103b3675f3af8101e1d46e6680bc373c8af828f5e2954df5b361279d1c0891a712957ba0f5d401

Download Submit
memory/1748-67-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2601-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1748-45-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2135-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2008-14-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2008-40-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2104-2795-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2104-386-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2811-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2172-384-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2204-385-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-61-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2204-0-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2204-389-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2204-383-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-35-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-12-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-422-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-387-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-424-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2204-41-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-391-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-392-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2204-17-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-37-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-65-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-431-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-585-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-606-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2204-717-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2204-608-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-28-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-600-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-597-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-24-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2292-2081-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2292-32-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2292-7-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2129-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-46-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-20-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-425-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2340-59-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2340-2603-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2344-2801-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2344-382-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2420-38-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2420-57-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2420-2802-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2440-390-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2798-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2700-381-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2816-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-52-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2948-29-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2356-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3664-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2968-388-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2968-603-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/3056-53-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2819-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3056-423-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download