cobaltstrike | 4e98e68a7ff78a8e2d444c44bb6fa2fe2ca593ffeda72d5a618bfe01faa12b18

Analysis

max time kernel
150s
max time network
130s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

33f3d0077e7d105f2b140330b0905213
SHA1

d863e74c17bafb93e174369139b5625f9b47d291
SHA256

4e98e68a7ff78a8e2d444c44bb6fa2fe2ca593ffeda72d5a618bfe01faa12b18
SHA512

64434d457d7fc4233831ee5a26e7438ddabeef0c2d5f387a58503d19ce3f5ea8c3160fec307c1ef6fb2eeaccb37b3025488052135428a3538fe6f4e49d63c690
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\GUEOUOZ.exe	cobalt_reflective_dll
\Windows\system\JiDmwAt.exe	cobalt_reflective_dll
C:\Windows\system\cHUiVVb.exe	cobalt_reflective_dll
C:\Windows\system\JzExTzi.exe	cobalt_reflective_dll
C:\Windows\system\KYaJmeA.exe	cobalt_reflective_dll
\Windows\system\tQZoPEX.exe	cobalt_reflective_dll
C:\Windows\system\vuVXJYX.exe	cobalt_reflective_dll
\Windows\system\llOuqae.exe	cobalt_reflective_dll
\Windows\system\SLfDZFy.exe	cobalt_reflective_dll
C:\Windows\system\VzPkgSF.exe	cobalt_reflective_dll
\Windows\system\znZPmZK.exe	cobalt_reflective_dll
C:\Windows\system\oejZdEP.exe	cobalt_reflective_dll
C:\Windows\system\acknamd.exe	cobalt_reflective_dll
\Windows\system\stTdsoZ.exe	cobalt_reflective_dll
C:\Windows\system\zdlFDPk.exe	cobalt_reflective_dll
C:\Windows\system\UvqHTcb.exe	cobalt_reflective_dll
C:\Windows\system\INlyyGf.exe	cobalt_reflective_dll
C:\Windows\system\jMPUQaa.exe	cobalt_reflective_dll
C:\Windows\system\GUqNwls.exe	cobalt_reflective_dll
C:\Windows\system\HbDGOJB.exe	cobalt_reflective_dll
C:\Windows\system\YawASCV.exe	cobalt_reflective_dll
C:\Windows\system\PWFZynV.exe	cobalt_reflective_dll
C:\Windows\system\yOkmrVK.exe	cobalt_reflective_dll
C:\Windows\system\CeoldeN.exe	cobalt_reflective_dll
C:\Windows\system\joeNxLe.exe	cobalt_reflective_dll
C:\Windows\system\alwFiNY.exe	cobalt_reflective_dll
C:\Windows\system\sohqAYm.exe	cobalt_reflective_dll
C:\Windows\system\mKmHxUV.exe	cobalt_reflective_dll
C:\Windows\system\eqZhfnx.exe	cobalt_reflective_dll
\Windows\system\fvFQIfC.exe	cobalt_reflective_dll
\Windows\system\uAEKRvS.exe	cobalt_reflective_dll
C:\Windows\system\GeQfiUO.exe	cobalt_reflective_dll
C:\Windows\system\BCpRUqU.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2024-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
C:\Windows\system\GUEOUOZ.exe	xmrig
\Windows\system\JiDmwAt.exe	xmrig
C:\Windows\system\cHUiVVb.exe	xmrig
C:\Windows\system\JzExTzi.exe	xmrig
behavioral1/memory/2700-56-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
C:\Windows\system\KYaJmeA.exe	xmrig
\Windows\system\tQZoPEX.exe	xmrig
C:\Windows\system\vuVXJYX.exe	xmrig
\Windows\system\llOuqae.exe	xmrig
\Windows\system\SLfDZFy.exe	xmrig
behavioral1/memory/2716-371-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/1560-2025-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2824-2047-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2768-2571-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2848-2570-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2880-2567-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2700-2569-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2716-2568-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2372-2566-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2056-2028-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2944-475-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2372-474-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2768-427-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2848-320-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2736-319-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2864-318-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2700-317-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2436-264-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
C:\Windows\system\VzPkgSF.exe	xmrig
\Windows\system\znZPmZK.exe	xmrig
C:\Windows\system\oejZdEP.exe	xmrig
C:\Windows\system\acknamd.exe	xmrig
\Windows\system\stTdsoZ.exe	xmrig
C:\Windows\system\zdlFDPk.exe	xmrig
C:\Windows\system\UvqHTcb.exe	xmrig
C:\Windows\system\INlyyGf.exe	xmrig
C:\Windows\system\jMPUQaa.exe	xmrig
C:\Windows\system\GUqNwls.exe	xmrig
C:\Windows\system\HbDGOJB.exe	xmrig
C:\Windows\system\YawASCV.exe	xmrig
C:\Windows\system\PWFZynV.exe	xmrig
C:\Windows\system\yOkmrVK.exe	xmrig
C:\Windows\system\CeoldeN.exe	xmrig
C:\Windows\system\joeNxLe.exe	xmrig
behavioral1/memory/2024-112-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2768-66-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2944-89-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2372-88-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
C:\Windows\system\alwFiNY.exe	xmrig
C:\Windows\system\sohqAYm.exe	xmrig
behavioral1/memory/2716-77-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
C:\Windows\system\mKmHxUV.exe	xmrig
C:\Windows\system\eqZhfnx.exe	xmrig
behavioral1/memory/2848-63-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2736-62-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2864-61-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2024-60-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2436-48-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2824-44-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
\Windows\system\fvFQIfC.exe	xmrig
behavioral1/memory/1560-33-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
\Windows\system\uAEKRvS.exe	xmrig
behavioral1/memory/2024-24-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

GUEOUOZ.exeJiDmwAt.execHUiVVb.exeBCpRUqU.exeJzExTzi.exeKYaJmeA.exeGeQfiUO.exeuAEKRvS.exefvFQIfC.exeeqZhfnx.exemKmHxUV.exesohqAYm.exealwFiNY.exetQZoPEX.exeCeoldeN.exeyOkmrVK.exejoeNxLe.exejMPUQaa.exePWFZynV.exeINlyyGf.exeYawASCV.exeHbDGOJB.exeGUqNwls.exestTdsoZ.exeUvqHTcb.exezdlFDPk.exevuVXJYX.exeVzPkgSF.exeacknamd.exellOuqae.exeoejZdEP.exebbPauli.exeznZPmZK.exeJcwgCIM.exeSLfDZFy.exesyrpsso.exewUUUcfh.exexHJYiUp.exeTJOkWJL.exeQhWoPNt.exesNfZMTe.exeIeRaUmW.exeJITUaqw.exeROpfDTj.exeSyjoUYw.exeRObJkgG.exeBIhKKEN.exebVXvOQx.exeLyceEmz.exedMarFWm.exeebkWwwT.exeQnoQUsU.exeaaVBrPH.exeRschcui.exeTPdFlGR.exevRLZhvd.exewQugewE.exeWXlUKbE.exeDrVCYFw.exetImCwzK.exeeXLeduW.exebgKMpat.exePZbzxug.exeSBllkYL.exe

pid	process
1560	GUEOUOZ.exe
2880	JiDmwAt.exe
2056	cHUiVVb.exe
2824	BCpRUqU.exe
2436	JzExTzi.exe
2700	KYaJmeA.exe
2864	GeQfiUO.exe
2736	uAEKRvS.exe
2848	fvFQIfC.exe
2768	eqZhfnx.exe
2716	mKmHxUV.exe
2372	sohqAYm.exe
2944	alwFiNY.exe
2256	tQZoPEX.exe
1244	CeoldeN.exe
2784	yOkmrVK.exe
2908	joeNxLe.exe
792	jMPUQaa.exe
1508	PWFZynV.exe
852	INlyyGf.exe
832	YawASCV.exe
1900	HbDGOJB.exe
2304	GUqNwls.exe
1908	stTdsoZ.exe
1980	UvqHTcb.exe
3048	zdlFDPk.exe
2044	vuVXJYX.exe
2000	VzPkgSF.exe
1392	acknamd.exe
2292	llOuqae.exe
988	oejZdEP.exe
1744	bbPauli.exe
1308	znZPmZK.exe
1904	JcwgCIM.exe
996	SLfDZFy.exe
1720	syrpsso.exe
1528	wUUUcfh.exe
1808	xHJYiUp.exe
1008	TJOkWJL.exe
1092	QhWoPNt.exe
2444	sNfZMTe.exe
1712	IeRaUmW.exe
1532	JITUaqw.exe
2456	ROpfDTj.exe
1464	SyjoUYw.exe
2428	RObJkgG.exe
2252	BIhKKEN.exe
2412	bVXvOQx.exe
1740	LyceEmz.exe
880	dMarFWm.exe
2180	ebkWwwT.exe
1764	QnoQUsU.exe
2536	aaVBrPH.exe
1972	Rschcui.exe
2300	TPdFlGR.exe
2364	vRLZhvd.exe
2712	wQugewE.exe
2812	WXlUKbE.exe
2236	DrVCYFw.exe
2272	tImCwzK.exe
2604	eXLeduW.exe
2772	bgKMpat.exe
896	PZbzxug.exe
2940	SBllkYL.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2024-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
C:\Windows\system\GUEOUOZ.exe	upx
\Windows\system\JiDmwAt.exe	upx
C:\Windows\system\cHUiVVb.exe	upx
C:\Windows\system\JzExTzi.exe	upx
behavioral1/memory/2700-56-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
C:\Windows\system\KYaJmeA.exe	upx
\Windows\system\tQZoPEX.exe	upx
C:\Windows\system\vuVXJYX.exe	upx
\Windows\system\llOuqae.exe	upx
\Windows\system\SLfDZFy.exe	upx
behavioral1/memory/2716-371-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/1560-2025-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2824-2047-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2768-2571-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2848-2570-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2880-2567-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2700-2569-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2716-2568-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2372-2566-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2056-2028-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2944-475-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2372-474-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2768-427-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2848-320-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2736-319-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2864-318-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2700-317-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2436-264-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
C:\Windows\system\VzPkgSF.exe	upx
\Windows\system\znZPmZK.exe	upx
C:\Windows\system\oejZdEP.exe	upx
C:\Windows\system\acknamd.exe	upx
\Windows\system\stTdsoZ.exe	upx
C:\Windows\system\zdlFDPk.exe	upx
C:\Windows\system\UvqHTcb.exe	upx
C:\Windows\system\INlyyGf.exe	upx
C:\Windows\system\jMPUQaa.exe	upx
C:\Windows\system\GUqNwls.exe	upx
C:\Windows\system\HbDGOJB.exe	upx
C:\Windows\system\YawASCV.exe	upx
C:\Windows\system\PWFZynV.exe	upx
C:\Windows\system\yOkmrVK.exe	upx
C:\Windows\system\CeoldeN.exe	upx
C:\Windows\system\joeNxLe.exe	upx
behavioral1/memory/2024-112-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2768-66-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2944-89-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2372-88-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
C:\Windows\system\alwFiNY.exe	upx
C:\Windows\system\sohqAYm.exe	upx
behavioral1/memory/2716-77-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
C:\Windows\system\mKmHxUV.exe	upx
C:\Windows\system\eqZhfnx.exe	upx
behavioral1/memory/2848-63-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2736-62-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2864-61-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2436-48-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2824-44-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
\Windows\system\fvFQIfC.exe	upx
behavioral1/memory/1560-33-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
\Windows\system\uAEKRvS.exe	upx
behavioral1/memory/2880-21-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
C:\Windows\system\GeQfiUO.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\AmdluPw.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YceOsso.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUwguYf.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJSubfn.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkFfRxp.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXpjuBE.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZwWkbk.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMuzcKq.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsgOsYB.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJBaTyb.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYrUeca.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnUuOYn.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxzxDfn.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMAVQUr.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHBRlqB.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFGPvYP.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRlYqUm.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvPAqkP.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbgXjzf.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qncpSTU.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wJDgXNE.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmyvXLk.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnPEmDe.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpbucfK.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqPOaPS.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvCHyaC.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyiXFqi.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIYFakY.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arXiQii.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzPWqpv.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuLlhlR.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHpuDKM.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSQjmVC.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPNJFSG.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyWyveC.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBXIvxD.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WONKZjC.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKLVJeQ.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcORlHW.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfcPJlL.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTtSoqA.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RELJPPE.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlSFgsQ.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDBvQuv.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCBZBBW.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPcNTAY.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwBACJp.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbTYrRz.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PYpcsHv.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvksyWG.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMBjwlz.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emzQZvH.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvRtblf.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiQjeMp.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXfEORM.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZIpGSt.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAohewV.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsoEkcJ.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiLzhJf.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJQHQWq.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSeEbeZ.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcPnhGe.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITQjwYC.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLUCJdj.exe	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2024 wrote to memory of 1560	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	GUEOUOZ.exe
PID 2024 wrote to memory of 1560	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	GUEOUOZ.exe
PID 2024 wrote to memory of 1560	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	GUEOUOZ.exe
PID 2024 wrote to memory of 2880	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	JiDmwAt.exe
PID 2024 wrote to memory of 2880	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	JiDmwAt.exe
PID 2024 wrote to memory of 2880	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	JiDmwAt.exe
PID 2024 wrote to memory of 2056	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	cHUiVVb.exe
PID 2024 wrote to memory of 2056	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	cHUiVVb.exe
PID 2024 wrote to memory of 2056	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	cHUiVVb.exe
PID 2024 wrote to memory of 2700	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	KYaJmeA.exe
PID 2024 wrote to memory of 2700	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	KYaJmeA.exe
PID 2024 wrote to memory of 2700	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	KYaJmeA.exe
PID 2024 wrote to memory of 2824	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	BCpRUqU.exe
PID 2024 wrote to memory of 2824	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	BCpRUqU.exe
PID 2024 wrote to memory of 2824	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	BCpRUqU.exe
PID 2024 wrote to memory of 2736	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	uAEKRvS.exe
PID 2024 wrote to memory of 2736	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	uAEKRvS.exe
PID 2024 wrote to memory of 2736	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	uAEKRvS.exe
PID 2024 wrote to memory of 2436	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	JzExTzi.exe
PID 2024 wrote to memory of 2436	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	JzExTzi.exe
PID 2024 wrote to memory of 2436	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	JzExTzi.exe
PID 2024 wrote to memory of 2848	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	fvFQIfC.exe
PID 2024 wrote to memory of 2848	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	fvFQIfC.exe
PID 2024 wrote to memory of 2848	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	fvFQIfC.exe
PID 2024 wrote to memory of 2864	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	GeQfiUO.exe
PID 2024 wrote to memory of 2864	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	GeQfiUO.exe
PID 2024 wrote to memory of 2864	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	GeQfiUO.exe
PID 2024 wrote to memory of 2768	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	eqZhfnx.exe
PID 2024 wrote to memory of 2768	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	eqZhfnx.exe
PID 2024 wrote to memory of 2768	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	eqZhfnx.exe
PID 2024 wrote to memory of 2716	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	mKmHxUV.exe
PID 2024 wrote to memory of 2716	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	mKmHxUV.exe
PID 2024 wrote to memory of 2716	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	mKmHxUV.exe
PID 2024 wrote to memory of 2256	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	tQZoPEX.exe
PID 2024 wrote to memory of 2256	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	tQZoPEX.exe
PID 2024 wrote to memory of 2256	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	tQZoPEX.exe
PID 2024 wrote to memory of 2372	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	sohqAYm.exe
PID 2024 wrote to memory of 2372	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	sohqAYm.exe
PID 2024 wrote to memory of 2372	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	sohqAYm.exe
PID 2024 wrote to memory of 1244	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	CeoldeN.exe
PID 2024 wrote to memory of 1244	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	CeoldeN.exe
PID 2024 wrote to memory of 1244	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	CeoldeN.exe
PID 2024 wrote to memory of 2944	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	alwFiNY.exe
PID 2024 wrote to memory of 2944	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	alwFiNY.exe
PID 2024 wrote to memory of 2944	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	alwFiNY.exe
PID 2024 wrote to memory of 2784	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	yOkmrVK.exe
PID 2024 wrote to memory of 2784	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	yOkmrVK.exe
PID 2024 wrote to memory of 2784	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	yOkmrVK.exe
PID 2024 wrote to memory of 2908	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	joeNxLe.exe
PID 2024 wrote to memory of 2908	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	joeNxLe.exe
PID 2024 wrote to memory of 2908	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	joeNxLe.exe
PID 2024 wrote to memory of 792	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	jMPUQaa.exe
PID 2024 wrote to memory of 792	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	jMPUQaa.exe
PID 2024 wrote to memory of 792	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	jMPUQaa.exe
PID 2024 wrote to memory of 1508	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	PWFZynV.exe
PID 2024 wrote to memory of 1508	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	PWFZynV.exe
PID 2024 wrote to memory of 1508	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	PWFZynV.exe
PID 2024 wrote to memory of 852	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	INlyyGf.exe
PID 2024 wrote to memory of 852	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	INlyyGf.exe
PID 2024 wrote to memory of 852	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	INlyyGf.exe
PID 2024 wrote to memory of 832	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	YawASCV.exe
PID 2024 wrote to memory of 832	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	YawASCV.exe
PID 2024 wrote to memory of 832	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	YawASCV.exe
PID 2024 wrote to memory of 1908	2024	2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe	stTdsoZ.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_33f3d0077e7d105f2b140330b0905213_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\System\GUEOUOZ.exe
  C:\Windows\System\GUEOUOZ.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\JiDmwAt.exe
  C:\Windows\System\JiDmwAt.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\cHUiVVb.exe
  C:\Windows\System\cHUiVVb.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\KYaJmeA.exe
  C:\Windows\System\KYaJmeA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\BCpRUqU.exe
  C:\Windows\System\BCpRUqU.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\uAEKRvS.exe
  C:\Windows\System\uAEKRvS.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\JzExTzi.exe
  C:\Windows\System\JzExTzi.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\fvFQIfC.exe
  C:\Windows\System\fvFQIfC.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GeQfiUO.exe
  C:\Windows\System\GeQfiUO.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\eqZhfnx.exe
  C:\Windows\System\eqZhfnx.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\mKmHxUV.exe
  C:\Windows\System\mKmHxUV.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\tQZoPEX.exe
  C:\Windows\System\tQZoPEX.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\sohqAYm.exe
  C:\Windows\System\sohqAYm.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\CeoldeN.exe
  C:\Windows\System\CeoldeN.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\alwFiNY.exe
  C:\Windows\System\alwFiNY.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\yOkmrVK.exe
  C:\Windows\System\yOkmrVK.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\joeNxLe.exe
  C:\Windows\System\joeNxLe.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\jMPUQaa.exe
  C:\Windows\System\jMPUQaa.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\PWFZynV.exe
  C:\Windows\System\PWFZynV.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\INlyyGf.exe
  C:\Windows\System\INlyyGf.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\YawASCV.exe
  C:\Windows\System\YawASCV.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\stTdsoZ.exe
  C:\Windows\System\stTdsoZ.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\HbDGOJB.exe
  C:\Windows\System\HbDGOJB.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\vuVXJYX.exe
  C:\Windows\System\vuVXJYX.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\GUqNwls.exe
  C:\Windows\System\GUqNwls.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\VzPkgSF.exe
  C:\Windows\System\VzPkgSF.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\UvqHTcb.exe
  C:\Windows\System\UvqHTcb.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\llOuqae.exe
  C:\Windows\System\llOuqae.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\zdlFDPk.exe
  C:\Windows\System\zdlFDPk.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\znZPmZK.exe
  C:\Windows\System\znZPmZK.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\acknamd.exe
  C:\Windows\System\acknamd.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\SLfDZFy.exe
  C:\Windows\System\SLfDZFy.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\oejZdEP.exe
  C:\Windows\System\oejZdEP.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\syrpsso.exe
  C:\Windows\System\syrpsso.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\bbPauli.exe
  C:\Windows\System\bbPauli.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\wUUUcfh.exe
  C:\Windows\System\wUUUcfh.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\JcwgCIM.exe
  C:\Windows\System\JcwgCIM.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\xHJYiUp.exe
  C:\Windows\System\xHJYiUp.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\TJOkWJL.exe
  C:\Windows\System\TJOkWJL.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\IeRaUmW.exe
  C:\Windows\System\IeRaUmW.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\QhWoPNt.exe
  C:\Windows\System\QhWoPNt.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\JITUaqw.exe
  C:\Windows\System\JITUaqw.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\sNfZMTe.exe
  C:\Windows\System\sNfZMTe.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\RObJkgG.exe
  C:\Windows\System\RObJkgG.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ROpfDTj.exe
  C:\Windows\System\ROpfDTj.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BIhKKEN.exe
  C:\Windows\System\BIhKKEN.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\SyjoUYw.exe
  C:\Windows\System\SyjoUYw.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\bVXvOQx.exe
  C:\Windows\System\bVXvOQx.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\LyceEmz.exe
  C:\Windows\System\LyceEmz.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\dMarFWm.exe
  C:\Windows\System\dMarFWm.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\ebkWwwT.exe
  C:\Windows\System\ebkWwwT.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\QnoQUsU.exe
  C:\Windows\System\QnoQUsU.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\aaVBrPH.exe
  C:\Windows\System\aaVBrPH.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\Rschcui.exe
  C:\Windows\System\Rschcui.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\TPdFlGR.exe
  C:\Windows\System\TPdFlGR.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\vRLZhvd.exe
  C:\Windows\System\vRLZhvd.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\wQugewE.exe
  C:\Windows\System\wQugewE.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\WXlUKbE.exe
  C:\Windows\System\WXlUKbE.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\DrVCYFw.exe
  C:\Windows\System\DrVCYFw.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\tImCwzK.exe
  C:\Windows\System\tImCwzK.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\eXLeduW.exe
  C:\Windows\System\eXLeduW.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\bgKMpat.exe
  C:\Windows\System\bgKMpat.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\PZbzxug.exe
  C:\Windows\System\PZbzxug.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\FgwBTuG.exe
  C:\Windows\System\FgwBTuG.exe
  2⤵
  PID:2920
- C:\Windows\System\SBllkYL.exe
  C:\Windows\System\SBllkYL.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\SrFFFur.exe
  C:\Windows\System\SrFFFur.exe
  2⤵
  PID:2008
- C:\Windows\System\dQBXwHj.exe
  C:\Windows\System\dQBXwHj.exe
  2⤵
  PID:1652
- C:\Windows\System\GSJTAWQ.exe
  C:\Windows\System\GSJTAWQ.exe
  2⤵
  PID:1200
- C:\Windows\System\ebYncwJ.exe
  C:\Windows\System\ebYncwJ.exe
  2⤵
  PID:1360
- C:\Windows\System\svnvdGj.exe
  C:\Windows\System\svnvdGj.exe
  2⤵
  PID:1924
- C:\Windows\System\LCuXjIB.exe
  C:\Windows\System\LCuXjIB.exe
  2⤵
  PID:2404
- C:\Windows\System\CBFTOpx.exe
  C:\Windows\System\CBFTOpx.exe
  2⤵
  PID:2208
- C:\Windows\System\Dvdmrmb.exe
  C:\Windows\System\Dvdmrmb.exe
  2⤵
  PID:940
- C:\Windows\System\zmfBDxZ.exe
  C:\Windows\System\zmfBDxZ.exe
  2⤵
  PID:1484
- C:\Windows\System\QlKbGvH.exe
  C:\Windows\System\QlKbGvH.exe
  2⤵
  PID:1932
- C:\Windows\System\MsBjeNH.exe
  C:\Windows\System\MsBjeNH.exe
  2⤵
  PID:1792
- C:\Windows\System\ddiepIo.exe
  C:\Windows\System\ddiepIo.exe
  2⤵
  PID:3032
- C:\Windows\System\fAqkexI.exe
  C:\Windows\System\fAqkexI.exe
  2⤵
  PID:2276
- C:\Windows\System\bGFRJEF.exe
  C:\Windows\System\bGFRJEF.exe
  2⤵
  PID:2384
- C:\Windows\System\IPZOmuF.exe
  C:\Windows\System\IPZOmuF.exe
  2⤵
  PID:1156
- C:\Windows\System\ovAxYQg.exe
  C:\Windows\System\ovAxYQg.exe
  2⤵
  PID:1984
- C:\Windows\System\rEVFTnB.exe
  C:\Windows\System\rEVFTnB.exe
  2⤵
  PID:2320
- C:\Windows\System\lwXipiQ.exe
  C:\Windows\System\lwXipiQ.exe
  2⤵
  PID:1696
- C:\Windows\System\SIIkhSl.exe
  C:\Windows\System\SIIkhSl.exe
  2⤵
  PID:276
- C:\Windows\System\nASzSff.exe
  C:\Windows\System\nASzSff.exe
  2⤵
  PID:1592
- C:\Windows\System\DCnHIvw.exe
  C:\Windows\System\DCnHIvw.exe
  2⤵
  PID:2688
- C:\Windows\System\vqIiOWo.exe
  C:\Windows\System\vqIiOWo.exe
  2⤵
  PID:2872
- C:\Windows\System\Riwhlln.exe
  C:\Windows\System\Riwhlln.exe
  2⤵
  PID:1820
- C:\Windows\System\scJKSLW.exe
  C:\Windows\System\scJKSLW.exe
  2⤵
  PID:1688
- C:\Windows\System\LEBHfVL.exe
  C:\Windows\System\LEBHfVL.exe
  2⤵
  PID:2696
- C:\Windows\System\iiOqaoz.exe
  C:\Windows\System\iiOqaoz.exe
  2⤵
  PID:1624
- C:\Windows\System\hhTwhrS.exe
  C:\Windows\System\hhTwhrS.exe
  2⤵
  PID:2204
- C:\Windows\System\CxNjSZs.exe
  C:\Windows\System\CxNjSZs.exe
  2⤵
  PID:1468
- C:\Windows\System\psVJSQd.exe
  C:\Windows\System\psVJSQd.exe
  2⤵
  PID:2004
- C:\Windows\System\XrCUPUZ.exe
  C:\Windows\System\XrCUPUZ.exe
  2⤵
  PID:2092
- C:\Windows\System\RGuocJW.exe
  C:\Windows\System\RGuocJW.exe
  2⤵
  PID:2040
- C:\Windows\System\ciPJRue.exe
  C:\Windows\System\ciPJRue.exe
  2⤵
  PID:564
- C:\Windows\System\heaxrTa.exe
  C:\Windows\System\heaxrTa.exe
  2⤵
  PID:3088
- C:\Windows\System\RoRlmTg.exe
  C:\Windows\System\RoRlmTg.exe
  2⤵
  PID:3104
- C:\Windows\System\fqrLiXe.exe
  C:\Windows\System\fqrLiXe.exe
  2⤵
  PID:3128
- C:\Windows\System\ESdqVdl.exe
  C:\Windows\System\ESdqVdl.exe
  2⤵
  PID:3144
- C:\Windows\System\floOyPS.exe
  C:\Windows\System\floOyPS.exe
  2⤵
  PID:3160
- C:\Windows\System\qhSZsPw.exe
  C:\Windows\System\qhSZsPw.exe
  2⤵
  PID:3188
- C:\Windows\System\vXtTEQC.exe
  C:\Windows\System\vXtTEQC.exe
  2⤵
  PID:3212
- C:\Windows\System\WLNlqJR.exe
  C:\Windows\System\WLNlqJR.exe
  2⤵
  PID:3236
- C:\Windows\System\xHfpxcL.exe
  C:\Windows\System\xHfpxcL.exe
  2⤵
  PID:3252
- C:\Windows\System\tZyJkVM.exe
  C:\Windows\System\tZyJkVM.exe
  2⤵
  PID:3272
- C:\Windows\System\dXRogHM.exe
  C:\Windows\System\dXRogHM.exe
  2⤵
  PID:3296
- C:\Windows\System\KXWlBfz.exe
  C:\Windows\System\KXWlBfz.exe
  2⤵
  PID:3316
- C:\Windows\System\Deoltty.exe
  C:\Windows\System\Deoltty.exe
  2⤵
  PID:3340
- C:\Windows\System\RmwIiPR.exe
  C:\Windows\System\RmwIiPR.exe
  2⤵
  PID:3356
- C:\Windows\System\XgWTrcr.exe
  C:\Windows\System\XgWTrcr.exe
  2⤵
  PID:3380
- C:\Windows\System\ncFfAHt.exe
  C:\Windows\System\ncFfAHt.exe
  2⤵
  PID:3396
- C:\Windows\System\EbAycMb.exe
  C:\Windows\System\EbAycMb.exe
  2⤵
  PID:3416
- C:\Windows\System\ZlSFgsQ.exe
  C:\Windows\System\ZlSFgsQ.exe
  2⤵
  PID:3436
- C:\Windows\System\hJGeHYe.exe
  C:\Windows\System\hJGeHYe.exe
  2⤵
  PID:3480
- C:\Windows\System\PGdITnU.exe
  C:\Windows\System\PGdITnU.exe
  2⤵
  PID:3500
- C:\Windows\System\aUQdYQa.exe
  C:\Windows\System\aUQdYQa.exe
  2⤵
  PID:3516
- C:\Windows\System\UXfBiwH.exe
  C:\Windows\System\UXfBiwH.exe
  2⤵
  PID:3540
- C:\Windows\System\ZBvNaVD.exe
  C:\Windows\System\ZBvNaVD.exe
  2⤵
  PID:3560
- C:\Windows\System\fJzUKrJ.exe
  C:\Windows\System\fJzUKrJ.exe
  2⤵
  PID:3576
- C:\Windows\System\BNKDrgq.exe
  C:\Windows\System\BNKDrgq.exe
  2⤵
  PID:3600
- C:\Windows\System\sYXZyzB.exe
  C:\Windows\System\sYXZyzB.exe
  2⤵
  PID:3628
- C:\Windows\System\LkFzdyx.exe
  C:\Windows\System\LkFzdyx.exe
  2⤵
  PID:3648
- C:\Windows\System\uTsitiI.exe
  C:\Windows\System\uTsitiI.exe
  2⤵
  PID:3668
- C:\Windows\System\WeneErG.exe
  C:\Windows\System\WeneErG.exe
  2⤵
  PID:3688
- C:\Windows\System\LPcNTAY.exe
  C:\Windows\System\LPcNTAY.exe
  2⤵
  PID:3708
- C:\Windows\System\DsJbtVW.exe
  C:\Windows\System\DsJbtVW.exe
  2⤵
  PID:3728
- C:\Windows\System\JkKWICH.exe
  C:\Windows\System\JkKWICH.exe
  2⤵
  PID:3748
- C:\Windows\System\iDBvQuv.exe
  C:\Windows\System\iDBvQuv.exe
  2⤵
  PID:3768
- C:\Windows\System\zZPwRqG.exe
  C:\Windows\System\zZPwRqG.exe
  2⤵
  PID:3788
- C:\Windows\System\wSQjmVC.exe
  C:\Windows\System\wSQjmVC.exe
  2⤵
  PID:3808
- C:\Windows\System\uTcVGsJ.exe
  C:\Windows\System\uTcVGsJ.exe
  2⤵
  PID:3828
- C:\Windows\System\hwpTauU.exe
  C:\Windows\System\hwpTauU.exe
  2⤵
  PID:3848
- C:\Windows\System\ETNzuMB.exe
  C:\Windows\System\ETNzuMB.exe
  2⤵
  PID:3868
- C:\Windows\System\sSGCbYr.exe
  C:\Windows\System\sSGCbYr.exe
  2⤵
  PID:3884
- C:\Windows\System\deKnxMe.exe
  C:\Windows\System\deKnxMe.exe
  2⤵
  PID:3908
- C:\Windows\System\FOOCRKo.exe
  C:\Windows\System\FOOCRKo.exe
  2⤵
  PID:3928
- C:\Windows\System\bzLTVAt.exe
  C:\Windows\System\bzLTVAt.exe
  2⤵
  PID:3944
- C:\Windows\System\xyXEIOb.exe
  C:\Windows\System\xyXEIOb.exe
  2⤵
  PID:3968
- C:\Windows\System\FeMqkZO.exe
  C:\Windows\System\FeMqkZO.exe
  2⤵
  PID:3988
- C:\Windows\System\XLPyjTT.exe
  C:\Windows\System\XLPyjTT.exe
  2⤵
  PID:4004
- C:\Windows\System\tFBrEqq.exe
  C:\Windows\System\tFBrEqq.exe
  2⤵
  PID:4024
- C:\Windows\System\dcenfhb.exe
  C:\Windows\System\dcenfhb.exe
  2⤵
  PID:4040
- C:\Windows\System\jEpkjNz.exe
  C:\Windows\System\jEpkjNz.exe
  2⤵
  PID:4056
- C:\Windows\System\OvcKACH.exe
  C:\Windows\System\OvcKACH.exe
  2⤵
  PID:4072
- C:\Windows\System\sSSLayP.exe
  C:\Windows\System\sSSLayP.exe
  2⤵
  PID:4088
- C:\Windows\System\SpGYRmQ.exe
  C:\Windows\System\SpGYRmQ.exe
  2⤵
  PID:1612
- C:\Windows\System\CuIeViU.exe
  C:\Windows\System\CuIeViU.exe
  2⤵
  PID:3024
- C:\Windows\System\MBexIpl.exe
  C:\Windows\System\MBexIpl.exe
  2⤵
  PID:2484
- C:\Windows\System\FKEdtWs.exe
  C:\Windows\System\FKEdtWs.exe
  2⤵
  PID:2088
- C:\Windows\System\XKwGwoT.exe
  C:\Windows\System\XKwGwoT.exe
  2⤵
  PID:1888
- C:\Windows\System\JHbuPZp.exe
  C:\Windows\System\JHbuPZp.exe
  2⤵
  PID:2808
- C:\Windows\System\hsobndx.exe
  C:\Windows\System\hsobndx.exe
  2⤵
  PID:2496
- C:\Windows\System\FlnOYGk.exe
  C:\Windows\System\FlnOYGk.exe
  2⤵
  PID:2064
- C:\Windows\System\cmzMfAn.exe
  C:\Windows\System\cmzMfAn.exe
  2⤵
  PID:1956
- C:\Windows\System\WJutiiH.exe
  C:\Windows\System\WJutiiH.exe
  2⤵
  PID:3084
- C:\Windows\System\izMabXZ.exe
  C:\Windows\System\izMabXZ.exe
  2⤵
  PID:3116
- C:\Windows\System\yITEhFx.exe
  C:\Windows\System\yITEhFx.exe
  2⤵
  PID:3204
- C:\Windows\System\FgyiWqJ.exe
  C:\Windows\System\FgyiWqJ.exe
  2⤵
  PID:3284
- C:\Windows\System\qnPEmDe.exe
  C:\Windows\System\qnPEmDe.exe
  2⤵
  PID:3040
- C:\Windows\System\BpmGfbg.exe
  C:\Windows\System\BpmGfbg.exe
  2⤵
  PID:584
- C:\Windows\System\zdvMtfw.exe
  C:\Windows\System\zdvMtfw.exe
  2⤵
  PID:3364
- C:\Windows\System\wliJBiM.exe
  C:\Windows\System\wliJBiM.exe
  2⤵
  PID:536
- C:\Windows\System\CkUsqAM.exe
  C:\Windows\System\CkUsqAM.exe
  2⤵
  PID:836
- C:\Windows\System\mQxbPmg.exe
  C:\Windows\System\mQxbPmg.exe
  2⤵
  PID:3140
- C:\Windows\System\kqGxtFj.exe
  C:\Windows\System\kqGxtFj.exe
  2⤵
  PID:3220
- C:\Windows\System\eMGZFoa.exe
  C:\Windows\System\eMGZFoa.exe
  2⤵
  PID:3268
- C:\Windows\System\VzPWqpv.exe
  C:\Windows\System\VzPWqpv.exe
  2⤵
  PID:3456
- C:\Windows\System\pRBJGne.exe
  C:\Windows\System\pRBJGne.exe
  2⤵
  PID:3348
- C:\Windows\System\uORaSdB.exe
  C:\Windows\System\uORaSdB.exe
  2⤵
  PID:3468
- C:\Windows\System\UtNhBCH.exe
  C:\Windows\System\UtNhBCH.exe
  2⤵
  PID:3508
- C:\Windows\System\eTNwlth.exe
  C:\Windows\System\eTNwlth.exe
  2⤵
  PID:3524
- C:\Windows\System\HnjusZY.exe
  C:\Windows\System\HnjusZY.exe
  2⤵
  PID:3584
- C:\Windows\System\zoEUVRj.exe
  C:\Windows\System\zoEUVRj.exe
  2⤵
  PID:3636
- C:\Windows\System\TCGtPmt.exe
  C:\Windows\System\TCGtPmt.exe
  2⤵
  PID:3684
- C:\Windows\System\BsSUHnZ.exe
  C:\Windows\System\BsSUHnZ.exe
  2⤵
  PID:3716
- C:\Windows\System\wKMtmEy.exe
  C:\Windows\System\wKMtmEy.exe
  2⤵
  PID:3660
- C:\Windows\System\kDqcOVV.exe
  C:\Windows\System\kDqcOVV.exe
  2⤵
  PID:3744
- C:\Windows\System\gwbkyMi.exe
  C:\Windows\System\gwbkyMi.exe
  2⤵
  PID:3796
- C:\Windows\System\zeSfpEl.exe
  C:\Windows\System\zeSfpEl.exe
  2⤵
  PID:3840
- C:\Windows\System\KlyfTGL.exe
  C:\Windows\System\KlyfTGL.exe
  2⤵
  PID:3780
- C:\Windows\System\HIVfIeF.exe
  C:\Windows\System\HIVfIeF.exe
  2⤵
  PID:3824
- C:\Windows\System\rgjdOpM.exe
  C:\Windows\System\rgjdOpM.exe
  2⤵
  PID:3964
- C:\Windows\System\EkebyHz.exe
  C:\Windows\System\EkebyHz.exe
  2⤵
  PID:4000
- C:\Windows\System\NDMbKQv.exe
  C:\Windows\System\NDMbKQv.exe
  2⤵
  PID:3900
- C:\Windows\System\xkvJrss.exe
  C:\Windows\System\xkvJrss.exe
  2⤵
  PID:3976
- C:\Windows\System\qivvRVk.exe
  C:\Windows\System\qivvRVk.exe
  2⤵
  PID:1748
- C:\Windows\System\erVvqDg.exe
  C:\Windows\System\erVvqDg.exe
  2⤵
  PID:4016
- C:\Windows\System\ktPObrQ.exe
  C:\Windows\System\ktPObrQ.exe
  2⤵
  PID:4052
- C:\Windows\System\RLNSVhN.exe
  C:\Windows\System\RLNSVhN.exe
  2⤵
  PID:1572
- C:\Windows\System\QJohSps.exe
  C:\Windows\System\QJohSps.exe
  2⤵
  PID:1160
- C:\Windows\System\WAhqpHk.exe
  C:\Windows\System\WAhqpHk.exe
  2⤵
  PID:288
- C:\Windows\System\niZvaHe.exe
  C:\Windows\System\niZvaHe.exe
  2⤵
  PID:1500
- C:\Windows\System\NaCWgOk.exe
  C:\Windows\System\NaCWgOk.exe
  2⤵
  PID:876
- C:\Windows\System\cIPzlId.exe
  C:\Windows\System\cIPzlId.exe
  2⤵
  PID:3120
- C:\Windows\System\TTBEKSI.exe
  C:\Windows\System\TTBEKSI.exe
  2⤵
  PID:3200
- C:\Windows\System\DyCtLNa.exe
  C:\Windows\System\DyCtLNa.exe
  2⤵
  PID:3292
- C:\Windows\System\nSiOyEm.exe
  C:\Windows\System\nSiOyEm.exe
  2⤵
  PID:3372
- C:\Windows\System\bizWGtc.exe
  C:\Windows\System\bizWGtc.exe
  2⤵
  PID:2704
- C:\Windows\System\SmpmSpT.exe
  C:\Windows\System\SmpmSpT.exe
  2⤵
  PID:3100
- C:\Windows\System\riajhnW.exe
  C:\Windows\System\riajhnW.exe
  2⤵
  PID:3172
- C:\Windows\System\uZkImnN.exe
  C:\Windows\System\uZkImnN.exe
  2⤵
  PID:3312
- C:\Windows\System\olVcbrZ.exe
  C:\Windows\System\olVcbrZ.exe
  2⤵
  PID:3464
- C:\Windows\System\KDHzKoy.exe
  C:\Windows\System\KDHzKoy.exe
  2⤵
  PID:2152
- C:\Windows\System\QwYjMyk.exe
  C:\Windows\System\QwYjMyk.exe
  2⤵
  PID:3496
- C:\Windows\System\SiQjeMp.exe
  C:\Windows\System\SiQjeMp.exe
  2⤵
  PID:3596
- C:\Windows\System\fcBECmY.exe
  C:\Windows\System\fcBECmY.exe
  2⤵
  PID:3680
- C:\Windows\System\YLJqbtH.exe
  C:\Windows\System\YLJqbtH.exe
  2⤵
  PID:3756
- C:\Windows\System\iBgPjvo.exe
  C:\Windows\System\iBgPjvo.exe
  2⤵
  PID:3880
- C:\Windows\System\jnqhkIN.exe
  C:\Windows\System\jnqhkIN.exe
  2⤵
  PID:3856
- C:\Windows\System\ovHXYSY.exe
  C:\Windows\System\ovHXYSY.exe
  2⤵
  PID:3960
- C:\Windows\System\UwEqGKQ.exe
  C:\Windows\System\UwEqGKQ.exe
  2⤵
  PID:3860
- C:\Windows\System\XdcErbu.exe
  C:\Windows\System\XdcErbu.exe
  2⤵
  PID:4068
- C:\Windows\System\tIajNei.exe
  C:\Windows\System\tIajNei.exe
  2⤵
  PID:4108
- C:\Windows\System\FpJJoYm.exe
  C:\Windows\System\FpJJoYm.exe
  2⤵
  PID:4128
- C:\Windows\System\zyoktaS.exe
  C:\Windows\System\zyoktaS.exe
  2⤵
  PID:4148
- C:\Windows\System\vkhQhEK.exe
  C:\Windows\System\vkhQhEK.exe
  2⤵
  PID:4168
- C:\Windows\System\AbpqIhb.exe
  C:\Windows\System\AbpqIhb.exe
  2⤵
  PID:4188
- C:\Windows\System\poDrrxJ.exe
  C:\Windows\System\poDrrxJ.exe
  2⤵
  PID:4208
- C:\Windows\System\tAFZVgx.exe
  C:\Windows\System\tAFZVgx.exe
  2⤵
  PID:4228
- C:\Windows\System\RsauJxK.exe
  C:\Windows\System\RsauJxK.exe
  2⤵
  PID:4248
- C:\Windows\System\LLPebuj.exe
  C:\Windows\System\LLPebuj.exe
  2⤵
  PID:4268
- C:\Windows\System\JOTtVFn.exe
  C:\Windows\System\JOTtVFn.exe
  2⤵
  PID:4288
- C:\Windows\System\xDehCwf.exe
  C:\Windows\System\xDehCwf.exe
  2⤵
  PID:4308
- C:\Windows\System\mdPctad.exe
  C:\Windows\System\mdPctad.exe
  2⤵
  PID:4324
- C:\Windows\System\RBaMdwk.exe
  C:\Windows\System\RBaMdwk.exe
  2⤵
  PID:4348
- C:\Windows\System\vRXhbss.exe
  C:\Windows\System\vRXhbss.exe
  2⤵
  PID:4372
- C:\Windows\System\NWkPKNT.exe
  C:\Windows\System\NWkPKNT.exe
  2⤵
  PID:4392
- C:\Windows\System\YRazIFn.exe
  C:\Windows\System\YRazIFn.exe
  2⤵
  PID:4412
- C:\Windows\System\ExUHrvm.exe
  C:\Windows\System\ExUHrvm.exe
  2⤵
  PID:4432
- C:\Windows\System\pIJPhGo.exe
  C:\Windows\System\pIJPhGo.exe
  2⤵
  PID:4452
- C:\Windows\System\fckEOke.exe
  C:\Windows\System\fckEOke.exe
  2⤵
  PID:4472
- C:\Windows\System\xqHTRDX.exe
  C:\Windows\System\xqHTRDX.exe
  2⤵
  PID:4492
- C:\Windows\System\fWBbSaV.exe
  C:\Windows\System\fWBbSaV.exe
  2⤵
  PID:4512
- C:\Windows\System\clEYaMg.exe
  C:\Windows\System\clEYaMg.exe
  2⤵
  PID:4532
- C:\Windows\System\TQkkTVf.exe
  C:\Windows\System\TQkkTVf.exe
  2⤵
  PID:4552
- C:\Windows\System\qAJGTxD.exe
  C:\Windows\System\qAJGTxD.exe
  2⤵
  PID:4572
- C:\Windows\System\vrThITe.exe
  C:\Windows\System\vrThITe.exe
  2⤵
  PID:4588
- C:\Windows\System\DIbKNmu.exe
  C:\Windows\System\DIbKNmu.exe
  2⤵
  PID:4612
- C:\Windows\System\xSWfXDN.exe
  C:\Windows\System\xSWfXDN.exe
  2⤵
  PID:4632
- C:\Windows\System\wcsReul.exe
  C:\Windows\System\wcsReul.exe
  2⤵
  PID:4652
- C:\Windows\System\HEipygw.exe
  C:\Windows\System\HEipygw.exe
  2⤵
  PID:4672
- C:\Windows\System\uRQkpcr.exe
  C:\Windows\System\uRQkpcr.exe
  2⤵
  PID:4692
- C:\Windows\System\gBgzkfQ.exe
  C:\Windows\System\gBgzkfQ.exe
  2⤵
  PID:4712
- C:\Windows\System\QlfUfMC.exe
  C:\Windows\System\QlfUfMC.exe
  2⤵
  PID:4736
- C:\Windows\System\UGxwdUt.exe
  C:\Windows\System\UGxwdUt.exe
  2⤵
  PID:4756
- C:\Windows\System\holSzOB.exe
  C:\Windows\System\holSzOB.exe
  2⤵
  PID:4776
- C:\Windows\System\oRZlpia.exe
  C:\Windows\System\oRZlpia.exe
  2⤵
  PID:4796
- C:\Windows\System\ppvQwlE.exe
  C:\Windows\System\ppvQwlE.exe
  2⤵
  PID:4816
- C:\Windows\System\qkHRaRb.exe
  C:\Windows\System\qkHRaRb.exe
  2⤵
  PID:4836
- C:\Windows\System\wlUxLfF.exe
  C:\Windows\System\wlUxLfF.exe
  2⤵
  PID:4856
- C:\Windows\System\duopeec.exe
  C:\Windows\System\duopeec.exe
  2⤵
  PID:4876
- C:\Windows\System\cbPJvLY.exe
  C:\Windows\System\cbPJvLY.exe
  2⤵
  PID:4896
- C:\Windows\System\RJBaTyb.exe
  C:\Windows\System\RJBaTyb.exe
  2⤵
  PID:4916
- C:\Windows\System\SZjsMHa.exe
  C:\Windows\System\SZjsMHa.exe
  2⤵
  PID:4936
- C:\Windows\System\tyEdZkd.exe
  C:\Windows\System\tyEdZkd.exe
  2⤵
  PID:4956
- C:\Windows\System\bZbXRKl.exe
  C:\Windows\System\bZbXRKl.exe
  2⤵
  PID:4976
- C:\Windows\System\XeqYGpJ.exe
  C:\Windows\System\XeqYGpJ.exe
  2⤵
  PID:4996
- C:\Windows\System\akYcHnd.exe
  C:\Windows\System\akYcHnd.exe
  2⤵
  PID:5016
- C:\Windows\System\geMDtBa.exe
  C:\Windows\System\geMDtBa.exe
  2⤵
  PID:5036
- C:\Windows\System\MiiqAgu.exe
  C:\Windows\System\MiiqAgu.exe
  2⤵
  PID:5056
- C:\Windows\System\niyEBvI.exe
  C:\Windows\System\niyEBvI.exe
  2⤵
  PID:5076
- C:\Windows\System\CKSjrDM.exe
  C:\Windows\System\CKSjrDM.exe
  2⤵
  PID:5096
- C:\Windows\System\hYUwouw.exe
  C:\Windows\System\hYUwouw.exe
  2⤵
  PID:452
- C:\Windows\System\VSbFrPb.exe
  C:\Windows\System\VSbFrPb.exe
  2⤵
  PID:1552
- C:\Windows\System\sPTCSnU.exe
  C:\Windows\System\sPTCSnU.exe
  2⤵
  PID:2976
- C:\Windows\System\aWiLSjM.exe
  C:\Windows\System\aWiLSjM.exe
  2⤵
  PID:2424
- C:\Windows\System\LDsxlgd.exe
  C:\Windows\System\LDsxlgd.exe
  2⤵
  PID:3076
- C:\Windows\System\cbznJYS.exe
  C:\Windows\System\cbznJYS.exe
  2⤵
  PID:3156
- C:\Windows\System\pQfmJiQ.exe
  C:\Windows\System\pQfmJiQ.exe
  2⤵
  PID:556
- C:\Windows\System\hAFXHkR.exe
  C:\Windows\System\hAFXHkR.exe
  2⤵
  PID:3336
- C:\Windows\System\AnMuiVs.exe
  C:\Windows\System\AnMuiVs.exe
  2⤵
  PID:2724
- C:\Windows\System\CrxpoxN.exe
  C:\Windows\System\CrxpoxN.exe
  2⤵
  PID:3304
- C:\Windows\System\uknLJQK.exe
  C:\Windows\System\uknLJQK.exe
  2⤵
  PID:3532
- C:\Windows\System\xrfgHay.exe
  C:\Windows\System\xrfgHay.exe
  2⤵
  PID:3640
- C:\Windows\System\EJEnxcH.exe
  C:\Windows\System\EJEnxcH.exe
  2⤵
  PID:3700
- C:\Windows\System\IANjztJ.exe
  C:\Windows\System\IANjztJ.exe
  2⤵
  PID:3764
- C:\Windows\System\XTFDxNs.exe
  C:\Windows\System\XTFDxNs.exe
  2⤵
  PID:3776
- C:\Windows\System\HMbcPWg.exe
  C:\Windows\System\HMbcPWg.exe
  2⤵
  PID:3996
- C:\Windows\System\jAlhTHj.exe
  C:\Windows\System\jAlhTHj.exe
  2⤵
  PID:3940
- C:\Windows\System\BLSROkO.exe
  C:\Windows\System\BLSROkO.exe
  2⤵
  PID:4136
- C:\Windows\System\XhpnxSZ.exe
  C:\Windows\System\XhpnxSZ.exe
  2⤵
  PID:4176
- C:\Windows\System\MNypOpQ.exe
  C:\Windows\System\MNypOpQ.exe
  2⤵
  PID:4200
- C:\Windows\System\pLEwGwe.exe
  C:\Windows\System\pLEwGwe.exe
  2⤵
  PID:4244
- C:\Windows\System\qerMufw.exe
  C:\Windows\System\qerMufw.exe
  2⤵
  PID:4276
- C:\Windows\System\nAmfZva.exe
  C:\Windows\System\nAmfZva.exe
  2⤵
  PID:4304
- C:\Windows\System\xEFQrqg.exe
  C:\Windows\System\xEFQrqg.exe
  2⤵
  PID:4356
- C:\Windows\System\HTFpjpi.exe
  C:\Windows\System\HTFpjpi.exe
  2⤵
  PID:4380
- C:\Windows\System\DIamCBl.exe
  C:\Windows\System\DIamCBl.exe
  2⤵
  PID:4404
- C:\Windows\System\jdPNXsj.exe
  C:\Windows\System\jdPNXsj.exe
  2⤵
  PID:4424
- C:\Windows\System\oXEcJbw.exe
  C:\Windows\System\oXEcJbw.exe
  2⤵
  PID:4464
- C:\Windows\System\crVbfTB.exe
  C:\Windows\System\crVbfTB.exe
  2⤵
  PID:4508
- C:\Windows\System\zXGJpgn.exe
  C:\Windows\System\zXGJpgn.exe
  2⤵
  PID:4560
- C:\Windows\System\GWCElQL.exe
  C:\Windows\System\GWCElQL.exe
  2⤵
  PID:4596
- C:\Windows\System\kYsGchi.exe
  C:\Windows\System\kYsGchi.exe
  2⤵
  PID:4584
- C:\Windows\System\bmpWCDB.exe
  C:\Windows\System\bmpWCDB.exe
  2⤵
  PID:4644
- C:\Windows\System\ZADliWY.exe
  C:\Windows\System\ZADliWY.exe
  2⤵
  PID:4664
- C:\Windows\System\fufhJuU.exe
  C:\Windows\System\fufhJuU.exe
  2⤵
  PID:4728
- C:\Windows\System\nffusap.exe
  C:\Windows\System\nffusap.exe
  2⤵
  PID:4744
- C:\Windows\System\woRUcaI.exe
  C:\Windows\System\woRUcaI.exe
  2⤵
  PID:4768
- C:\Windows\System\ioylSxw.exe
  C:\Windows\System\ioylSxw.exe
  2⤵
  PID:4808
- C:\Windows\System\gkFOPkS.exe
  C:\Windows\System\gkFOPkS.exe
  2⤵
  PID:4828
- C:\Windows\System\aKtZpvS.exe
  C:\Windows\System\aKtZpvS.exe
  2⤵
  PID:4888
- C:\Windows\System\YBZMufr.exe
  C:\Windows\System\YBZMufr.exe
  2⤵
  PID:4924
- C:\Windows\System\MWGdYhn.exe
  C:\Windows\System\MWGdYhn.exe
  2⤵
  PID:4968
- C:\Windows\System\KhgVYND.exe
  C:\Windows\System\KhgVYND.exe
  2⤵
  PID:4984
- C:\Windows\System\qUnzJfd.exe
  C:\Windows\System\qUnzJfd.exe
  2⤵
  PID:5008
- C:\Windows\System\CwAQWoD.exe
  C:\Windows\System\CwAQWoD.exe
  2⤵
  PID:5084
- C:\Windows\System\teEQHVN.exe
  C:\Windows\System\teEQHVN.exe
  2⤵
  PID:4048
- C:\Windows\System\HLBYXZT.exe
  C:\Windows\System\HLBYXZT.exe
  2⤵
  PID:5116
- C:\Windows\System\fDLDPUw.exe
  C:\Windows\System\fDLDPUw.exe
  2⤵
  PID:4084
- C:\Windows\System\RfPNxxe.exe
  C:\Windows\System\RfPNxxe.exe
  2⤵
  PID:3124
- C:\Windows\System\peTBLoL.exe
  C:\Windows\System\peTBLoL.exe
  2⤵
  PID:2136
- C:\Windows\System\jUVSPhx.exe
  C:\Windows\System\jUVSPhx.exe
  2⤵
  PID:1676
- C:\Windows\System\tqgKMlP.exe
  C:\Windows\System\tqgKMlP.exe
  2⤵
  PID:3444
- C:\Windows\System\pRdHoez.exe
  C:\Windows\System\pRdHoez.exe
  2⤵
  PID:3452
- C:\Windows\System\fauuCHR.exe
  C:\Windows\System\fauuCHR.exe
  2⤵
  PID:3736
- C:\Windows\System\goHcVqf.exe
  C:\Windows\System\goHcVqf.exe
  2⤵
  PID:3920
- C:\Windows\System\QcUAdyK.exe
  C:\Windows\System\QcUAdyK.exe
  2⤵
  PID:3864
- C:\Windows\System\uGpiyoo.exe
  C:\Windows\System\uGpiyoo.exe
  2⤵
  PID:4104
- C:\Windows\System\EkevrTy.exe
  C:\Windows\System\EkevrTy.exe
  2⤵
  PID:4184
- C:\Windows\System\GGDDdJm.exe
  C:\Windows\System\GGDDdJm.exe
  2⤵
  PID:4220
- C:\Windows\System\WFwlhdq.exe
  C:\Windows\System\WFwlhdq.exe
  2⤵
  PID:4296
- C:\Windows\System\mljDBHT.exe
  C:\Windows\System\mljDBHT.exe
  2⤵
  PID:4360
- C:\Windows\System\mPNJFSG.exe
  C:\Windows\System\mPNJFSG.exe
  2⤵
  PID:4468
- C:\Windows\System\uTJohGQ.exe
  C:\Windows\System\uTJohGQ.exe
  2⤵
  PID:4524
- C:\Windows\System\uaWZeXf.exe
  C:\Windows\System\uaWZeXf.exe
  2⤵
  PID:4504
- C:\Windows\System\ybGByLC.exe
  C:\Windows\System\ybGByLC.exe
  2⤵
  PID:4604
- C:\Windows\System\LFGPvYP.exe
  C:\Windows\System\LFGPvYP.exe
  2⤵
  PID:4660
- C:\Windows\System\vBXIvxD.exe
  C:\Windows\System\vBXIvxD.exe
  2⤵
  PID:4720
- C:\Windows\System\WEalezI.exe
  C:\Windows\System\WEalezI.exe
  2⤵
  PID:4752
- C:\Windows\System\sWpvfOc.exe
  C:\Windows\System\sWpvfOc.exe
  2⤵
  PID:4852
- C:\Windows\System\iDlBPht.exe
  C:\Windows\System\iDlBPht.exe
  2⤵
  PID:4892
- C:\Windows\System\unwgkjR.exe
  C:\Windows\System\unwgkjR.exe
  2⤵
  PID:4868
- C:\Windows\System\DLJxScM.exe
  C:\Windows\System\DLJxScM.exe
  2⤵
  PID:4972
- C:\Windows\System\tNDROIe.exe
  C:\Windows\System\tNDROIe.exe
  2⤵
  PID:2328
- C:\Windows\System\iJLIjdU.exe
  C:\Windows\System\iJLIjdU.exe
  2⤵
  PID:2852
- C:\Windows\System\WZyPYmH.exe
  C:\Windows\System\WZyPYmH.exe
  2⤵
  PID:1132
- C:\Windows\System\QMOoTBU.exe
  C:\Windows\System\QMOoTBU.exe
  2⤵
  PID:3016
- C:\Windows\System\TSWsafV.exe
  C:\Windows\System\TSWsafV.exe
  2⤵
  PID:3704
- C:\Windows\System\LvJMDet.exe
  C:\Windows\System\LvJMDet.exe
  2⤵
  PID:3388
- C:\Windows\System\YceOsso.exe
  C:\Windows\System\YceOsso.exe
  2⤵
  PID:3980
- C:\Windows\System\NfeLzxZ.exe
  C:\Windows\System\NfeLzxZ.exe
  2⤵
  PID:4140
- C:\Windows\System\mjhBlge.exe
  C:\Windows\System\mjhBlge.exe
  2⤵
  PID:5136
- C:\Windows\System\Hipmoxt.exe
  C:\Windows\System\Hipmoxt.exe
  2⤵
  PID:5156
- C:\Windows\System\aqZEeIG.exe
  C:\Windows\System\aqZEeIG.exe
  2⤵
  PID:5172
- C:\Windows\System\RqfBlEE.exe
  C:\Windows\System\RqfBlEE.exe
  2⤵
  PID:5196
- C:\Windows\System\pCBZBBW.exe
  C:\Windows\System\pCBZBBW.exe
  2⤵
  PID:5216
- C:\Windows\System\amjtLQT.exe
  C:\Windows\System\amjtLQT.exe
  2⤵
  PID:5236
- C:\Windows\System\IuoOrrm.exe
  C:\Windows\System\IuoOrrm.exe
  2⤵
  PID:5256
- C:\Windows\System\hSUwyoB.exe
  C:\Windows\System\hSUwyoB.exe
  2⤵
  PID:5276
- C:\Windows\System\XiCovlV.exe
  C:\Windows\System\XiCovlV.exe
  2⤵
  PID:5296
- C:\Windows\System\ADlFdjQ.exe
  C:\Windows\System\ADlFdjQ.exe
  2⤵
  PID:5316
- C:\Windows\System\ahhGIkd.exe
  C:\Windows\System\ahhGIkd.exe
  2⤵
  PID:5336
- C:\Windows\System\bnsCwJe.exe
  C:\Windows\System\bnsCwJe.exe
  2⤵
  PID:5356
- C:\Windows\System\osbbrnK.exe
  C:\Windows\System\osbbrnK.exe
  2⤵
  PID:5380
- C:\Windows\System\RwRmKSc.exe
  C:\Windows\System\RwRmKSc.exe
  2⤵
  PID:5400
- C:\Windows\System\SRTsfRJ.exe
  C:\Windows\System\SRTsfRJ.exe
  2⤵
  PID:5420
- C:\Windows\System\HAFKYGH.exe
  C:\Windows\System\HAFKYGH.exe
  2⤵
  PID:5440
- C:\Windows\System\RHUOqWG.exe
  C:\Windows\System\RHUOqWG.exe
  2⤵
  PID:5464
- C:\Windows\System\dgEAROs.exe
  C:\Windows\System\dgEAROs.exe
  2⤵
  PID:5484
- C:\Windows\System\lRNglaC.exe
  C:\Windows\System\lRNglaC.exe
  2⤵
  PID:5500
- C:\Windows\System\PWwTRkA.exe
  C:\Windows\System\PWwTRkA.exe
  2⤵
  PID:5524
- C:\Windows\System\hXfEORM.exe
  C:\Windows\System\hXfEORM.exe
  2⤵
  PID:5540
- C:\Windows\System\RVKSiQy.exe
  C:\Windows\System\RVKSiQy.exe
  2⤵
  PID:5564
- C:\Windows\System\UyOhOpw.exe
  C:\Windows\System\UyOhOpw.exe
  2⤵
  PID:5584
- C:\Windows\System\KblIEmx.exe
  C:\Windows\System\KblIEmx.exe
  2⤵
  PID:5604
- C:\Windows\System\sOThmua.exe
  C:\Windows\System\sOThmua.exe
  2⤵
  PID:5624
- C:\Windows\System\QQBKMWY.exe
  C:\Windows\System\QQBKMWY.exe
  2⤵
  PID:5644
- C:\Windows\System\VpLfgbJ.exe
  C:\Windows\System\VpLfgbJ.exe
  2⤵
  PID:5664
- C:\Windows\System\TYucUCg.exe
  C:\Windows\System\TYucUCg.exe
  2⤵
  PID:5680
- C:\Windows\System\vvIaWyB.exe
  C:\Windows\System\vvIaWyB.exe
  2⤵
  PID:5704
- C:\Windows\System\TkEjoym.exe
  C:\Windows\System\TkEjoym.exe
  2⤵
  PID:5724
- C:\Windows\System\xEUOVaF.exe
  C:\Windows\System\xEUOVaF.exe
  2⤵
  PID:5740
- C:\Windows\System\NBTVFsf.exe
  C:\Windows\System\NBTVFsf.exe
  2⤵
  PID:5768
- C:\Windows\System\JDRgBnv.exe
  C:\Windows\System\JDRgBnv.exe
  2⤵
  PID:5788
- C:\Windows\System\eLYnJQy.exe
  C:\Windows\System\eLYnJQy.exe
  2⤵
  PID:5808
- C:\Windows\System\wvksyWG.exe
  C:\Windows\System\wvksyWG.exe
  2⤵
  PID:5828
- C:\Windows\System\zNbttre.exe
  C:\Windows\System\zNbttre.exe
  2⤵
  PID:5848
- C:\Windows\System\BreSUJg.exe
  C:\Windows\System\BreSUJg.exe
  2⤵
  PID:5868
- C:\Windows\System\PSAyhGj.exe
  C:\Windows\System\PSAyhGj.exe
  2⤵
  PID:5888
- C:\Windows\System\YZpdDCw.exe
  C:\Windows\System\YZpdDCw.exe
  2⤵
  PID:5908
- C:\Windows\System\iMegfse.exe
  C:\Windows\System\iMegfse.exe
  2⤵
  PID:5928
- C:\Windows\System\xvSmrEZ.exe
  C:\Windows\System\xvSmrEZ.exe
  2⤵
  PID:5944
- C:\Windows\System\xbGdHVr.exe
  C:\Windows\System\xbGdHVr.exe
  2⤵
  PID:5972
- C:\Windows\System\EtNvDLJ.exe
  C:\Windows\System\EtNvDLJ.exe
  2⤵
  PID:5992
- C:\Windows\System\ADocIec.exe
  C:\Windows\System\ADocIec.exe
  2⤵
  PID:6012
- C:\Windows\System\HgkQYZA.exe
  C:\Windows\System\HgkQYZA.exe
  2⤵
  PID:6028
- C:\Windows\System\fSEDuMA.exe
  C:\Windows\System\fSEDuMA.exe
  2⤵
  PID:6048
- C:\Windows\System\ffErlpQ.exe
  C:\Windows\System\ffErlpQ.exe
  2⤵
  PID:6072
- C:\Windows\System\tebLsBa.exe
  C:\Windows\System\tebLsBa.exe
  2⤵
  PID:6092
- C:\Windows\System\NhzZYzS.exe
  C:\Windows\System\NhzZYzS.exe
  2⤵
  PID:6112
- C:\Windows\System\mDNzRvv.exe
  C:\Windows\System\mDNzRvv.exe
  2⤵
  PID:6132
- C:\Windows\System\HelbPRF.exe
  C:\Windows\System\HelbPRF.exe
  2⤵
  PID:4388
- C:\Windows\System\XodhNeR.exe
  C:\Windows\System\XodhNeR.exe
  2⤵
  PID:4236
- C:\Windows\System\RKHiqOV.exe
  C:\Windows\System\RKHiqOV.exe
  2⤵
  PID:4540
- C:\Windows\System\dFXVwOd.exe
  C:\Windows\System\dFXVwOd.exe
  2⤵
  PID:4520
- C:\Windows\System\NdtBUgf.exe
  C:\Windows\System\NdtBUgf.exe
  2⤵
  PID:4668
- C:\Windows\System\piodPer.exe
  C:\Windows\System\piodPer.exe
  2⤵
  PID:4724
- C:\Windows\System\xpFjuPS.exe
  C:\Windows\System\xpFjuPS.exe
  2⤵
  PID:4864
- C:\Windows\System\COjPUDH.exe
  C:\Windows\System\COjPUDH.exe
  2⤵
  PID:5044
- C:\Windows\System\tZNqxRi.exe
  C:\Windows\System\tZNqxRi.exe
  2⤵
  PID:2052
- C:\Windows\System\tvUrSzM.exe
  C:\Windows\System\tvUrSzM.exe
  2⤵
  PID:5088
- C:\Windows\System\SfNypoO.exe
  C:\Windows\System\SfNypoO.exe
  2⤵
  PID:5068
- C:\Windows\System\sZcsEzO.exe
  C:\Windows\System\sZcsEzO.exe
  2⤵
  PID:3244
- C:\Windows\System\TTCvQWB.exe
  C:\Windows\System\TTCvQWB.exe
  2⤵
  PID:4164
- C:\Windows\System\kVvnmGx.exe
  C:\Windows\System\kVvnmGx.exe
  2⤵
  PID:5124
- C:\Windows\System\qHPnfEq.exe
  C:\Windows\System\qHPnfEq.exe
  2⤵
  PID:5180
- C:\Windows\System\BQgMZsT.exe
  C:\Windows\System\BQgMZsT.exe
  2⤵
  PID:5184
- C:\Windows\System\dzmqIgv.exe
  C:\Windows\System\dzmqIgv.exe
  2⤵
  PID:5212
- C:\Windows\System\FWovAwm.exe
  C:\Windows\System\FWovAwm.exe
  2⤵
  PID:5252
- C:\Windows\System\xQrKKUi.exe
  C:\Windows\System\xQrKKUi.exe
  2⤵
  PID:5304
- C:\Windows\System\HPHkVdk.exe
  C:\Windows\System\HPHkVdk.exe
  2⤵
  PID:5328
- C:\Windows\System\gNyIBbH.exe
  C:\Windows\System\gNyIBbH.exe
  2⤵
  PID:5388
- C:\Windows\System\RbUdcsE.exe
  C:\Windows\System\RbUdcsE.exe
  2⤵
  PID:5428
- C:\Windows\System\WKuNkhC.exe
  C:\Windows\System\WKuNkhC.exe
  2⤵
  PID:5412
- C:\Windows\System\ZFKdlCj.exe
  C:\Windows\System\ZFKdlCj.exe
  2⤵
  PID:5452
- C:\Windows\System\ksQUDjC.exe
  C:\Windows\System\ksQUDjC.exe
  2⤵
  PID:5512
- C:\Windows\System\EpnqGmd.exe
  C:\Windows\System\EpnqGmd.exe
  2⤵
  PID:5560
- C:\Windows\System\fUaIoNK.exe
  C:\Windows\System\fUaIoNK.exe
  2⤵
  PID:5592
- C:\Windows\System\BOfJDUK.exe
  C:\Windows\System\BOfJDUK.exe
  2⤵
  PID:5460
- C:\Windows\System\sBHGNOY.exe
  C:\Windows\System\sBHGNOY.exe
  2⤵
  PID:5612
- C:\Windows\System\XnePGgb.exe
  C:\Windows\System\XnePGgb.exe
  2⤵
  PID:5652
- C:\Windows\System\FRbxyUc.exe
  C:\Windows\System\FRbxyUc.exe
  2⤵
  PID:5692
- C:\Windows\System\JFCrCbr.exe
  C:\Windows\System\JFCrCbr.exe
  2⤵
  PID:5748
- C:\Windows\System\GMBjwlz.exe
  C:\Windows\System\GMBjwlz.exe
  2⤵
  PID:5804
- C:\Windows\System\mvVqmBM.exe
  C:\Windows\System\mvVqmBM.exe
  2⤵
  PID:5784
- C:\Windows\System\miWFjpb.exe
  C:\Windows\System\miWFjpb.exe
  2⤵
  PID:5820
- C:\Windows\System\Sshmpfc.exe
  C:\Windows\System\Sshmpfc.exe
  2⤵
  PID:5860
- C:\Windows\System\jyiXFqi.exe
  C:\Windows\System\jyiXFqi.exe
  2⤵
  PID:5920
- C:\Windows\System\HkxEAaz.exe
  C:\Windows\System\HkxEAaz.exe
  2⤵
  PID:5960
- C:\Windows\System\bAobiVO.exe
  C:\Windows\System\bAobiVO.exe
  2⤵
  PID:6000
- C:\Windows\System\wllknog.exe
  C:\Windows\System\wllknog.exe
  2⤵
  PID:5988
- C:\Windows\System\FFvRyLm.exe
  C:\Windows\System\FFvRyLm.exe
  2⤵
  PID:6020
- C:\Windows\System\zKcUIcI.exe
  C:\Windows\System\zKcUIcI.exe
  2⤵
  PID:6068
- C:\Windows\System\wJdItGB.exe
  C:\Windows\System\wJdItGB.exe
  2⤵
  PID:6120
- C:\Windows\System\vhucMbT.exe
  C:\Windows\System\vhucMbT.exe
  2⤵
  PID:4408
- C:\Windows\System\VYVTHGg.exe
  C:\Windows\System\VYVTHGg.exe
  2⤵
  PID:4332
- C:\Windows\System\ITMXAyN.exe
  C:\Windows\System\ITMXAyN.exe
  2⤵
  PID:4340
- C:\Windows\System\qAJdFNC.exe
  C:\Windows\System\qAJdFNC.exe
  2⤵
  PID:2876
- C:\Windows\System\uDOGpGA.exe
  C:\Windows\System\uDOGpGA.exe
  2⤵
  PID:4792
- C:\Windows\System\FuADDdW.exe
  C:\Windows\System\FuADDdW.exe
  2⤵
  PID:4988
- C:\Windows\System\PtujDkG.exe
  C:\Windows\System\PtujDkG.exe
  2⤵
  PID:5092
- C:\Windows\System\RFAJfYp.exe
  C:\Windows\System\RFAJfYp.exe
  2⤵
  PID:3800
- C:\Windows\System\lgklRlu.exe
  C:\Windows\System\lgklRlu.exe
  2⤵
  PID:4204
- C:\Windows\System\nvmEpSd.exe
  C:\Windows\System\nvmEpSd.exe
  2⤵
  PID:5152
- C:\Windows\System\MDkRMCR.exe
  C:\Windows\System\MDkRMCR.exe
  2⤵
  PID:5244
- C:\Windows\System\WaeVwYC.exe
  C:\Windows\System\WaeVwYC.exe
  2⤵
  PID:5148
- C:\Windows\System\PNkeBhX.exe
  C:\Windows\System\PNkeBhX.exe
  2⤵
  PID:5352
- C:\Windows\System\SUoLHmY.exe
  C:\Windows\System\SUoLHmY.exe
  2⤵
  PID:5396
- C:\Windows\System\McuNzks.exe
  C:\Windows\System\McuNzks.exe
  2⤵
  PID:5480
- C:\Windows\System\oWSFopT.exe
  C:\Windows\System\oWSFopT.exe
  2⤵
  PID:5548
- C:\Windows\System\mzJYbRn.exe
  C:\Windows\System\mzJYbRn.exe
  2⤵
  PID:5572
- C:\Windows\System\fcORlHW.exe
  C:\Windows\System\fcORlHW.exe
  2⤵
  PID:5636
- C:\Windows\System\JVuBTMI.exe
  C:\Windows\System\JVuBTMI.exe
  2⤵
  PID:5696
- C:\Windows\System\ufjPCTW.exe
  C:\Windows\System\ufjPCTW.exe
  2⤵
  PID:5712
- C:\Windows\System\wKSGBzB.exe
  C:\Windows\System\wKSGBzB.exe
  2⤵
  PID:5796
- C:\Windows\System\mzPHFqm.exe
  C:\Windows\System\mzPHFqm.exe
  2⤵
  PID:5824
- C:\Windows\System\HGzTBNz.exe
  C:\Windows\System\HGzTBNz.exe
  2⤵
  PID:5924
- C:\Windows\System\mpbucfK.exe
  C:\Windows\System\mpbucfK.exe
  2⤵
  PID:5916
- C:\Windows\System\XdgZirX.exe
  C:\Windows\System\XdgZirX.exe
  2⤵
  PID:5940
- C:\Windows\System\KLNUzYy.exe
  C:\Windows\System\KLNUzYy.exe
  2⤵
  PID:6044
- C:\Windows\System\vVvtXlN.exe
  C:\Windows\System\vVvtXlN.exe
  2⤵
  PID:6108
- C:\Windows\System\jyVnyCe.exe
  C:\Windows\System\jyVnyCe.exe
  2⤵
  PID:4116
- C:\Windows\System\ajfjMqw.exe
  C:\Windows\System\ajfjMqw.exe
  2⤵
  PID:4564
- C:\Windows\System\hBCrxFV.exe
  C:\Windows\System\hBCrxFV.exe
  2⤵
  PID:4704
- C:\Windows\System\vYuYiCE.exe
  C:\Windows\System\vYuYiCE.exe
  2⤵
  PID:5012
- C:\Windows\System\ZLRgyXO.exe
  C:\Windows\System\ZLRgyXO.exe
  2⤵
  PID:5104
- C:\Windows\System\cAuuMbA.exe
  C:\Windows\System\cAuuMbA.exe
  2⤵
  PID:6156
- C:\Windows\System\LTubBxL.exe
  C:\Windows\System\LTubBxL.exe
  2⤵
  PID:6176
- C:\Windows\System\yTowDZJ.exe
  C:\Windows\System\yTowDZJ.exe
  2⤵
  PID:6196
- C:\Windows\System\xRlopkz.exe
  C:\Windows\System\xRlopkz.exe
  2⤵
  PID:6216
- C:\Windows\System\YPRbopw.exe
  C:\Windows\System\YPRbopw.exe
  2⤵
  PID:6236
- C:\Windows\System\goxxAaP.exe
  C:\Windows\System\goxxAaP.exe
  2⤵
  PID:6256
- C:\Windows\System\yjMJYXI.exe
  C:\Windows\System\yjMJYXI.exe
  2⤵
  PID:6280
- C:\Windows\System\euakdNA.exe
  C:\Windows\System\euakdNA.exe
  2⤵
  PID:6300
- C:\Windows\System\uiVWCGZ.exe
  C:\Windows\System\uiVWCGZ.exe
  2⤵
  PID:6316
- C:\Windows\System\hrPVQiq.exe
  C:\Windows\System\hrPVQiq.exe
  2⤵
  PID:6340
- C:\Windows\System\xrmWkav.exe
  C:\Windows\System\xrmWkav.exe
  2⤵
  PID:6360
- C:\Windows\System\GzeNJlo.exe
  C:\Windows\System\GzeNJlo.exe
  2⤵
  PID:6380
- C:\Windows\System\uvEZQbg.exe
  C:\Windows\System\uvEZQbg.exe
  2⤵
  PID:6400
- C:\Windows\System\rbgXjzf.exe
  C:\Windows\System\rbgXjzf.exe
  2⤵
  PID:6420
- C:\Windows\System\AQZhdrx.exe
  C:\Windows\System\AQZhdrx.exe
  2⤵
  PID:6440
- C:\Windows\System\PAKqEAd.exe
  C:\Windows\System\PAKqEAd.exe
  2⤵
  PID:6460
- C:\Windows\System\HVUrZhq.exe
  C:\Windows\System\HVUrZhq.exe
  2⤵
  PID:6480
- C:\Windows\System\oPXbjGw.exe
  C:\Windows\System\oPXbjGw.exe
  2⤵
  PID:6500
- C:\Windows\System\OKFcvsi.exe
  C:\Windows\System\OKFcvsi.exe
  2⤵
  PID:6516
- C:\Windows\System\sQAKaGk.exe
  C:\Windows\System\sQAKaGk.exe
  2⤵
  PID:6536
- C:\Windows\System\ydtPquV.exe
  C:\Windows\System\ydtPquV.exe
  2⤵
  PID:6560
- C:\Windows\System\DGuXhlU.exe
  C:\Windows\System\DGuXhlU.exe
  2⤵
  PID:6580
- C:\Windows\System\TWZwwOg.exe
  C:\Windows\System\TWZwwOg.exe
  2⤵
  PID:6600
- C:\Windows\System\XJOryrq.exe
  C:\Windows\System\XJOryrq.exe
  2⤵
  PID:6620
- C:\Windows\System\ZQLNlSw.exe
  C:\Windows\System\ZQLNlSw.exe
  2⤵
  PID:6640
- C:\Windows\System\XIJnBmW.exe
  C:\Windows\System\XIJnBmW.exe
  2⤵
  PID:6660
- C:\Windows\System\HBHYnQk.exe
  C:\Windows\System\HBHYnQk.exe
  2⤵
  PID:6684
- C:\Windows\System\AEMJOHf.exe
  C:\Windows\System\AEMJOHf.exe
  2⤵
  PID:6704
- C:\Windows\System\YiOqfZL.exe
  C:\Windows\System\YiOqfZL.exe
  2⤵
  PID:6724
- C:\Windows\System\kRlYqUm.exe
  C:\Windows\System\kRlYqUm.exe
  2⤵
  PID:6740
- C:\Windows\System\hldGgTx.exe
  C:\Windows\System\hldGgTx.exe
  2⤵
  PID:6764
- C:\Windows\System\SPYelUl.exe
  C:\Windows\System\SPYelUl.exe
  2⤵
  PID:6784
- C:\Windows\System\iGQDUTy.exe
  C:\Windows\System\iGQDUTy.exe
  2⤵
  PID:6804
- C:\Windows\System\qdyiJiN.exe
  C:\Windows\System\qdyiJiN.exe
  2⤵
  PID:6824
- C:\Windows\System\axSzSKK.exe
  C:\Windows\System\axSzSKK.exe
  2⤵
  PID:6844
- C:\Windows\System\CPAiirZ.exe
  C:\Windows\System\CPAiirZ.exe
  2⤵
  PID:6864
- C:\Windows\System\znOtDtc.exe
  C:\Windows\System\znOtDtc.exe
  2⤵
  PID:6884
- C:\Windows\System\asNmONx.exe
  C:\Windows\System\asNmONx.exe
  2⤵
  PID:6904
- C:\Windows\System\mnYYwJf.exe
  C:\Windows\System\mnYYwJf.exe
  2⤵
  PID:6924
- C:\Windows\System\uPMRLaC.exe
  C:\Windows\System\uPMRLaC.exe
  2⤵
  PID:6944
- C:\Windows\System\yItaVPi.exe
  C:\Windows\System\yItaVPi.exe
  2⤵
  PID:6964
- C:\Windows\System\kDKuEVY.exe
  C:\Windows\System\kDKuEVY.exe
  2⤵
  PID:6984
- C:\Windows\System\vZAHHDv.exe
  C:\Windows\System\vZAHHDv.exe
  2⤵
  PID:7004
- C:\Windows\System\ZOBuNTA.exe
  C:\Windows\System\ZOBuNTA.exe
  2⤵
  PID:7024
- C:\Windows\System\EjapdjK.exe
  C:\Windows\System\EjapdjK.exe
  2⤵
  PID:7044
- C:\Windows\System\VHVkRvC.exe
  C:\Windows\System\VHVkRvC.exe
  2⤵
  PID:7064
- C:\Windows\System\TNEdCpI.exe
  C:\Windows\System\TNEdCpI.exe
  2⤵
  PID:7084
- C:\Windows\System\qwwHfje.exe
  C:\Windows\System\qwwHfje.exe
  2⤵
  PID:7104
- C:\Windows\System\DJWzlWD.exe
  C:\Windows\System\DJWzlWD.exe
  2⤵
  PID:7124
- C:\Windows\System\oGWNJFk.exe
  C:\Windows\System\oGWNJFk.exe
  2⤵
  PID:7148
- C:\Windows\System\Iohxhdc.exe
  C:\Windows\System\Iohxhdc.exe
  2⤵
  PID:5192
- C:\Windows\System\KwCspjo.exe
  C:\Windows\System\KwCspjo.exe
  2⤵
  PID:5168
- C:\Windows\System\nHQzMJf.exe
  C:\Windows\System\nHQzMJf.exe
  2⤵
  PID:5228
- C:\Windows\System\VzWboNu.exe
  C:\Windows\System\VzWboNu.exe
  2⤵
  PID:5392
- C:\Windows\System\VGxZEQn.exe
  C:\Windows\System\VGxZEQn.exe
  2⤵
  PID:5532
- C:\Windows\System\HHQOgWG.exe
  C:\Windows\System\HHQOgWG.exe
  2⤵
  PID:5600
- C:\Windows\System\PSgjfvl.exe
  C:\Windows\System\PSgjfvl.exe
  2⤵
  PID:5672
- C:\Windows\System\NsMpKUO.exe
  C:\Windows\System\NsMpKUO.exe
  2⤵
  PID:5800
- C:\Windows\System\akXlwuy.exe
  C:\Windows\System\akXlwuy.exe
  2⤵
  PID:5816
- C:\Windows\System\XRZuOsI.exe
  C:\Windows\System\XRZuOsI.exe
  2⤵
  PID:5900
- C:\Windows\System\SYBwhbh.exe
  C:\Windows\System\SYBwhbh.exe
  2⤵
  PID:6080
- C:\Windows\System\MJEQmkC.exe
  C:\Windows\System\MJEQmkC.exe
  2⤵
  PID:6104
- C:\Windows\System\teKEKzy.exe
  C:\Windows\System\teKEKzy.exe
  2⤵
  PID:4300
- C:\Windows\System\xraPRfW.exe
  C:\Windows\System\xraPRfW.exe
  2⤵
  PID:4684
- C:\Windows\System\dYorBbg.exe
  C:\Windows\System\dYorBbg.exe
  2⤵
  PID:3664
- C:\Windows\System\OpMOBeC.exe
  C:\Windows\System\OpMOBeC.exe
  2⤵
  PID:6276
- C:\Windows\System\ZxfuSlX.exe
  C:\Windows\System\ZxfuSlX.exe
  2⤵
  PID:6188
- C:\Windows\System\aBCXHTN.exe
  C:\Windows\System\aBCXHTN.exe
  2⤵
  PID:6228
- C:\Windows\System\qVLHdnk.exe
  C:\Windows\System\qVLHdnk.exe
  2⤵
  PID:6272
- C:\Windows\System\HwBACJp.exe
  C:\Windows\System\HwBACJp.exe
  2⤵
  PID:6308
- C:\Windows\System\KGgVfZg.exe
  C:\Windows\System\KGgVfZg.exe
  2⤵
  PID:6324
- C:\Windows\System\WTiKLra.exe
  C:\Windows\System\WTiKLra.exe
  2⤵
  PID:6376
- C:\Windows\System\QTbykyU.exe
  C:\Windows\System\QTbykyU.exe
  2⤵
  PID:6416
- C:\Windows\System\ZaCwepN.exe
  C:\Windows\System\ZaCwepN.exe
  2⤵
  PID:6432
- C:\Windows\System\VkUgGJQ.exe
  C:\Windows\System\VkUgGJQ.exe
  2⤵
  PID:6452
- C:\Windows\System\EzdDyQH.exe
  C:\Windows\System\EzdDyQH.exe
  2⤵
  PID:6496
- C:\Windows\System\PsualNV.exe
  C:\Windows\System\PsualNV.exe
  2⤵
  PID:6532
- C:\Windows\System\dNxqSRS.exe
  C:\Windows\System\dNxqSRS.exe
  2⤵
  PID:6524
- C:\Windows\System\JRvPgAS.exe
  C:\Windows\System\JRvPgAS.exe
  2⤵
  PID:6576
- C:\Windows\System\SUwguYf.exe
  C:\Windows\System\SUwguYf.exe
  2⤵
  PID:6680
- C:\Windows\System\zWYwCeS.exe
  C:\Windows\System\zWYwCeS.exe
  2⤵
  PID:6648
- C:\Windows\System\yupmNVC.exe
  C:\Windows\System\yupmNVC.exe
  2⤵
  PID:6692
- C:\Windows\System\SFBpRat.exe
  C:\Windows\System\SFBpRat.exe
  2⤵
  PID:6716
- C:\Windows\System\YidyuPw.exe
  C:\Windows\System\YidyuPw.exe
  2⤵
  PID:6752
- C:\Windows\System\qNBcDXm.exe
  C:\Windows\System\qNBcDXm.exe
  2⤵
  PID:6780
- C:\Windows\System\kIojcyX.exe
  C:\Windows\System\kIojcyX.exe
  2⤵
  PID:6840
- C:\Windows\System\GeAVZXu.exe
  C:\Windows\System\GeAVZXu.exe
  2⤵
  PID:6852
- C:\Windows\System\lnwifzn.exe
  C:\Windows\System\lnwifzn.exe
  2⤵
  PID:6912
- C:\Windows\System\KWJmdoV.exe
  C:\Windows\System\KWJmdoV.exe
  2⤵
  PID:6896
- C:\Windows\System\xjcOguD.exe
  C:\Windows\System\xjcOguD.exe
  2⤵
  PID:6960
- C:\Windows\System\DxmxXcF.exe
  C:\Windows\System\DxmxXcF.exe
  2⤵
  PID:7000
- C:\Windows\System\TSgpGRJ.exe
  C:\Windows\System\TSgpGRJ.exe
  2⤵
  PID:7040
- C:\Windows\System\YiIBeuy.exe
  C:\Windows\System\YiIBeuy.exe
  2⤵
  PID:7072
- C:\Windows\System\kJPrpTB.exe
  C:\Windows\System\kJPrpTB.exe
  2⤵
  PID:7092
- C:\Windows\System\xWhAsEr.exe
  C:\Windows\System\xWhAsEr.exe
  2⤵
  PID:7100
- C:\Windows\System\rVImzno.exe
  C:\Windows\System\rVImzno.exe
  2⤵
  PID:7140
- C:\Windows\System\WONKZjC.exe
  C:\Windows\System\WONKZjC.exe
  2⤵
  PID:1408
- C:\Windows\System\uwvsPiO.exe
  C:\Windows\System\uwvsPiO.exe
  2⤵
  PID:5324
- C:\Windows\System\dTiaXfa.exe
  C:\Windows\System\dTiaXfa.exe
  2⤵
  PID:5416
- C:\Windows\System\UYrUeca.exe
  C:\Windows\System\UYrUeca.exe
  2⤵
  PID:5968
- C:\Windows\System\TjGZfvE.exe
  C:\Windows\System\TjGZfvE.exe
  2⤵
  PID:5884
- C:\Windows\System\gWnRQLj.exe
  C:\Windows\System\gWnRQLj.exe
  2⤵
  PID:3036
- C:\Windows\System\GTcjOpJ.exe
  C:\Windows\System\GTcjOpJ.exe
  2⤵
  PID:5736
- C:\Windows\System\WQkSFth.exe
  C:\Windows\System\WQkSFth.exe
  2⤵
  PID:2956
- C:\Windows\System\BuQSUVr.exe
  C:\Windows\System\BuQSUVr.exe
  2⤵
  PID:6124
- C:\Windows\System\vVmTGgg.exe
  C:\Windows\System\vVmTGgg.exe
  2⤵
  PID:2016
- C:\Windows\System\hrqVIhd.exe
  C:\Windows\System\hrqVIhd.exe
  2⤵
  PID:6152
- C:\Windows\System\LQMCKGE.exe
  C:\Windows\System\LQMCKGE.exe
  2⤵
  PID:1716
- C:\Windows\System\VwdMHKI.exe
  C:\Windows\System\VwdMHKI.exe
  2⤵
  PID:6252
- C:\Windows\System\YBXVFdn.exe
  C:\Windows\System\YBXVFdn.exe
  2⤵
  PID:6312
- C:\Windows\System\khpgRZe.exe
  C:\Windows\System\khpgRZe.exe
  2⤵
  PID:6352
- C:\Windows\System\bJExUnI.exe
  C:\Windows\System\bJExUnI.exe
  2⤵
  PID:6396
- C:\Windows\System\WxGJiPo.exe
  C:\Windows\System\WxGJiPo.exe
  2⤵
  PID:6428
- C:\Windows\System\fqqzSPk.exe
  C:\Windows\System\fqqzSPk.exe
  2⤵
  PID:6488
- C:\Windows\System\sueRwMg.exe
  C:\Windows\System\sueRwMg.exe
  2⤵
  PID:6568
- C:\Windows\System\bmhDHqb.exe
  C:\Windows\System\bmhDHqb.exe
  2⤵
  PID:6548
- C:\Windows\System\NdGTZkD.exe
  C:\Windows\System\NdGTZkD.exe
  2⤵
  PID:6608
- C:\Windows\System\RfDcmNd.exe
  C:\Windows\System\RfDcmNd.exe
  2⤵
  PID:6696
- C:\Windows\System\yHVxQmj.exe
  C:\Windows\System\yHVxQmj.exe
  2⤵
  PID:6760
- C:\Windows\System\gSGPuaR.exe
  C:\Windows\System\gSGPuaR.exe
  2⤵
  PID:6832
- C:\Windows\System\uVrTxbI.exe
  C:\Windows\System\uVrTxbI.exe
  2⤵
  PID:6856
- C:\Windows\System\baWueMb.exe
  C:\Windows\System\baWueMb.exe
  2⤵
  PID:6992
- C:\Windows\System\IKgbEZi.exe
  C:\Windows\System\IKgbEZi.exe
  2⤵
  PID:2612
- C:\Windows\System\dGYryuD.exe
  C:\Windows\System\dGYryuD.exe
  2⤵
  PID:1068
- C:\Windows\System\TsHJtWR.exe
  C:\Windows\System\TsHJtWR.exe
  2⤵
  PID:7052
- C:\Windows\System\swTqygj.exe
  C:\Windows\System\swTqygj.exe
  2⤵
  PID:7116
- C:\Windows\System\ISOySNJ.exe
  C:\Windows\System\ISOySNJ.exe
  2⤵
  PID:7132
- C:\Windows\System\RaUzXdh.exe
  C:\Windows\System\RaUzXdh.exe
  2⤵
  PID:5364
- C:\Windows\System\BvpLNzQ.exe
  C:\Windows\System\BvpLNzQ.exe
  2⤵
  PID:5496
- C:\Windows\System\jtOUZku.exe
  C:\Windows\System\jtOUZku.exe
  2⤵
  PID:5688
- C:\Windows\System\ImbIrzZ.exe
  C:\Windows\System\ImbIrzZ.exe
  2⤵
  PID:5776
- C:\Windows\System\JDfxqmw.exe
  C:\Windows\System\JDfxqmw.exe
  2⤵
  PID:5840
- C:\Windows\System\xeqXkbo.exe
  C:\Windows\System\xeqXkbo.exe
  2⤵
  PID:4748
- C:\Windows\System\ngykjGD.exe
  C:\Windows\System\ngykjGD.exe
  2⤵
  PID:6148
- C:\Windows\System\MGSnnIV.exe
  C:\Windows\System\MGSnnIV.exe
  2⤵
  PID:2620
- C:\Windows\System\yNHNezn.exe
  C:\Windows\System\yNHNezn.exe
  2⤵
  PID:6356
- C:\Windows\System\QRgmumo.exe
  C:\Windows\System\QRgmumo.exe
  2⤵
  PID:6392
- C:\Windows\System\ziBmBAS.exe
  C:\Windows\System\ziBmBAS.exe
  2⤵
  PID:6508
- C:\Windows\System\aosyaOF.exe
  C:\Windows\System\aosyaOF.exe
  2⤵
  PID:6632
- C:\Windows\System\poGYDTr.exe
  C:\Windows\System\poGYDTr.exe
  2⤵
  PID:6592
- C:\Windows\System\BNCjhhQ.exe
  C:\Windows\System\BNCjhhQ.exe
  2⤵
  PID:6756
- C:\Windows\System\wnLeDwt.exe
  C:\Windows\System\wnLeDwt.exe
  2⤵
  PID:6920
- C:\Windows\System\BLTzXRU.exe
  C:\Windows\System\BLTzXRU.exe
  2⤵
  PID:6952
- C:\Windows\System\KzSfyfl.exe
  C:\Windows\System\KzSfyfl.exe
  2⤵
  PID:7036
- C:\Windows\System\FNUPQGA.exe
  C:\Windows\System\FNUPQGA.exe
  2⤵
  PID:7060
- C:\Windows\System\jnKwnRc.exe
  C:\Windows\System\jnKwnRc.exe
  2⤵
  PID:7076
- C:\Windows\System\SrqbilS.exe
  C:\Windows\System\SrqbilS.exe
  2⤵
  PID:5472
- C:\Windows\System\bMVpHsZ.exe
  C:\Windows\System\bMVpHsZ.exe
  2⤵
  PID:7184
- C:\Windows\System\HYjBfdf.exe
  C:\Windows\System\HYjBfdf.exe
  2⤵
  PID:7204
- C:\Windows\System\SePBxWG.exe
  C:\Windows\System\SePBxWG.exe
  2⤵
  PID:7224
- C:\Windows\System\AMGMrDl.exe
  C:\Windows\System\AMGMrDl.exe
  2⤵
  PID:7244
- C:\Windows\System\OFStiEk.exe
  C:\Windows\System\OFStiEk.exe
  2⤵
  PID:7260
- C:\Windows\System\aORyBOz.exe
  C:\Windows\System\aORyBOz.exe
  2⤵
  PID:7280
- C:\Windows\System\icFoEqA.exe
  C:\Windows\System\icFoEqA.exe
  2⤵
  PID:7304
- C:\Windows\System\oNyTWdU.exe
  C:\Windows\System\oNyTWdU.exe
  2⤵
  PID:7324
- C:\Windows\System\INqUivB.exe
  C:\Windows\System\INqUivB.exe
  2⤵
  PID:7344
- C:\Windows\System\FeLJCaf.exe
  C:\Windows\System\FeLJCaf.exe
  2⤵
  PID:7364
- C:\Windows\System\goHHxMv.exe
  C:\Windows\System\goHHxMv.exe
  2⤵
  PID:7384
- C:\Windows\System\gFYvsmH.exe
  C:\Windows\System\gFYvsmH.exe
  2⤵
  PID:7404
- C:\Windows\System\RatiksT.exe
  C:\Windows\System\RatiksT.exe
  2⤵
  PID:7424
- C:\Windows\System\BHGfFnH.exe
  C:\Windows\System\BHGfFnH.exe
  2⤵
  PID:7448
- C:\Windows\System\MYylaFp.exe
  C:\Windows\System\MYylaFp.exe
  2⤵
  PID:7468
- C:\Windows\System\UUifleJ.exe
  C:\Windows\System\UUifleJ.exe
  2⤵
  PID:7488
- C:\Windows\System\QGpifdQ.exe
  C:\Windows\System\QGpifdQ.exe
  2⤵
  PID:7508
- C:\Windows\System\wGMNJlg.exe
  C:\Windows\System\wGMNJlg.exe
  2⤵
  PID:7528
- C:\Windows\System\JIjiwjZ.exe
  C:\Windows\System\JIjiwjZ.exe
  2⤵
  PID:7548
- C:\Windows\System\NcoFwJU.exe
  C:\Windows\System\NcoFwJU.exe
  2⤵
  PID:7568
- C:\Windows\System\HxCHGar.exe
  C:\Windows\System\HxCHGar.exe
  2⤵
  PID:7588
- C:\Windows\System\lRKZEzC.exe
  C:\Windows\System\lRKZEzC.exe
  2⤵
  PID:7604
- C:\Windows\System\coAyBKt.exe
  C:\Windows\System\coAyBKt.exe
  2⤵
  PID:7624
- C:\Windows\System\IZAwABl.exe
  C:\Windows\System\IZAwABl.exe
  2⤵
  PID:7644
- C:\Windows\System\WodUDNQ.exe
  C:\Windows\System\WodUDNQ.exe
  2⤵
  PID:7668
- C:\Windows\System\LZCUXGZ.exe
  C:\Windows\System\LZCUXGZ.exe
  2⤵
  PID:7696
- C:\Windows\System\fbdnnlb.exe
  C:\Windows\System\fbdnnlb.exe
  2⤵
  PID:7716
- C:\Windows\System\qKhmQaN.exe
  C:\Windows\System\qKhmQaN.exe
  2⤵
  PID:7736
- C:\Windows\System\VWysXMt.exe
  C:\Windows\System\VWysXMt.exe
  2⤵
  PID:7752
- C:\Windows\System\UOVikUK.exe
  C:\Windows\System\UOVikUK.exe
  2⤵
  PID:7768
- C:\Windows\System\pctxSYN.exe
  C:\Windows\System\pctxSYN.exe
  2⤵
  PID:7796
- C:\Windows\System\osjZOgn.exe
  C:\Windows\System\osjZOgn.exe
  2⤵
  PID:7820
- C:\Windows\System\LdyhKVz.exe
  C:\Windows\System\LdyhKVz.exe
  2⤵
  PID:7840
- C:\Windows\System\IqaVnWH.exe
  C:\Windows\System\IqaVnWH.exe
  2⤵
  PID:7860
- C:\Windows\System\wHJdLLz.exe
  C:\Windows\System\wHJdLLz.exe
  2⤵
  PID:7876
- C:\Windows\System\ohNDoYN.exe
  C:\Windows\System\ohNDoYN.exe
  2⤵
  PID:7900
- C:\Windows\System\qvBMCwf.exe
  C:\Windows\System\qvBMCwf.exe
  2⤵
  PID:7924
- C:\Windows\System\iRNmvrR.exe
  C:\Windows\System\iRNmvrR.exe
  2⤵
  PID:7944
- C:\Windows\System\GWndmAi.exe
  C:\Windows\System\GWndmAi.exe
  2⤵
  PID:7964
- C:\Windows\System\jDzlChp.exe
  C:\Windows\System\jDzlChp.exe
  2⤵
  PID:7984
- C:\Windows\System\FEGTrkz.exe
  C:\Windows\System\FEGTrkz.exe
  2⤵
  PID:8004
- C:\Windows\System\ngXnHSo.exe
  C:\Windows\System\ngXnHSo.exe
  2⤵
  PID:8024
- C:\Windows\System\oDfIHZv.exe
  C:\Windows\System\oDfIHZv.exe
  2⤵
  PID:8044
- C:\Windows\System\tMVnmOl.exe
  C:\Windows\System\tMVnmOl.exe
  2⤵
  PID:8064
- C:\Windows\System\hxULHFm.exe
  C:\Windows\System\hxULHFm.exe
  2⤵
  PID:8084
- C:\Windows\System\rzMJaKO.exe
  C:\Windows\System\rzMJaKO.exe
  2⤵
  PID:8104
- C:\Windows\System\GyfsWRv.exe
  C:\Windows\System\GyfsWRv.exe
  2⤵
  PID:8124
- C:\Windows\System\CjYzfnm.exe
  C:\Windows\System\CjYzfnm.exe
  2⤵
  PID:8144
- C:\Windows\System\CyKGQxY.exe
  C:\Windows\System\CyKGQxY.exe
  2⤵
  PID:8164
- C:\Windows\System\kTvsKFn.exe
  C:\Windows\System\kTvsKFn.exe
  2⤵
  PID:8180
- C:\Windows\System\bfPVGUk.exe
  C:\Windows\System\bfPVGUk.exe
  2⤵
  PID:5616
- C:\Windows\System\HInQHuX.exe
  C:\Windows\System\HInQHuX.exe
  2⤵
  PID:5984
- C:\Windows\System\LBVBglW.exe
  C:\Windows\System\LBVBglW.exe
  2⤵
  PID:6168
- C:\Windows\System\KFzPENJ.exe
  C:\Windows\System\KFzPENJ.exe
  2⤵
  PID:6408
- C:\Windows\System\HwzfHyL.exe
  C:\Windows\System\HwzfHyL.exe
  2⤵
  PID:6512
- C:\Windows\System\zThJNtF.exe
  C:\Windows\System\zThJNtF.exe
  2⤵
  PID:6288
- C:\Windows\System\XSfkhJo.exe
  C:\Windows\System\XSfkhJo.exe
  2⤵
  PID:6652
- C:\Windows\System\CKsRuab.exe
  C:\Windows\System\CKsRuab.exe
  2⤵
  PID:6776
- C:\Windows\System\ThCqvJu.exe
  C:\Windows\System\ThCqvJu.exe
  2⤵
  PID:6980
- C:\Windows\System\zDfVOdj.exe
  C:\Windows\System\zDfVOdj.exe
  2⤵
  PID:7016
- C:\Windows\System\uGaGIvl.exe
  C:\Windows\System\uGaGIvl.exe
  2⤵
  PID:5456
- C:\Windows\System\mhiBafT.exe
  C:\Windows\System\mhiBafT.exe
  2⤵
  PID:7176
- C:\Windows\System\CKjpKUk.exe
  C:\Windows\System\CKjpKUk.exe
  2⤵
  PID:7220
- C:\Windows\System\ipdSxWH.exe
  C:\Windows\System\ipdSxWH.exe
  2⤵
  PID:7268
- C:\Windows\System\fxESrxY.exe
  C:\Windows\System\fxESrxY.exe
  2⤵
  PID:7312
- C:\Windows\System\gjtDZtW.exe
  C:\Windows\System\gjtDZtW.exe
  2⤵
  PID:7288
- C:\Windows\System\QUHmovc.exe
  C:\Windows\System\QUHmovc.exe
  2⤵
  PID:7340
- C:\Windows\System\vDbCdny.exe
  C:\Windows\System\vDbCdny.exe
  2⤵
  PID:7380
- C:\Windows\System\EfKJXPz.exe
  C:\Windows\System\EfKJXPz.exe
  2⤵
  PID:7440
- C:\Windows\System\HHBgtve.exe
  C:\Windows\System\HHBgtve.exe
  2⤵
  PID:7476
- C:\Windows\System\svSowRD.exe
  C:\Windows\System\svSowRD.exe
  2⤵
  PID:7516
- C:\Windows\System\pYPFTcX.exe
  C:\Windows\System\pYPFTcX.exe
  2⤵
  PID:7496
- C:\Windows\System\PWcFHkp.exe
  C:\Windows\System\PWcFHkp.exe
  2⤵
  PID:7560
- C:\Windows\System\ZKAtVbg.exe
  C:\Windows\System\ZKAtVbg.exe
  2⤵
  PID:7596
- C:\Windows\System\AiTwkqt.exe
  C:\Windows\System\AiTwkqt.exe
  2⤵
  PID:7584
- C:\Windows\System\ctPucbj.exe
  C:\Windows\System\ctPucbj.exe
  2⤵
  PID:7676
- C:\Windows\System\LbOSLOA.exe
  C:\Windows\System\LbOSLOA.exe
  2⤵
  PID:7656
- C:\Windows\System\KKlCOOl.exe
  C:\Windows\System\KKlCOOl.exe
  2⤵
  PID:7724
- C:\Windows\System\ZWgYIMl.exe
  C:\Windows\System\ZWgYIMl.exe
  2⤵
  PID:7708
- C:\Windows\System\nMksJqH.exe
  C:\Windows\System\nMksJqH.exe
  2⤵
  PID:7748
- C:\Windows\System\LGmKnWy.exe
  C:\Windows\System\LGmKnWy.exe
  2⤵
  PID:7788
- C:\Windows\System\xRLSCaS.exe
  C:\Windows\System\xRLSCaS.exe
  2⤵
  PID:7828
- C:\Windows\System\fBvrdsF.exe
  C:\Windows\System\fBvrdsF.exe
  2⤵
  PID:7884
- C:\Windows\System\qjPxSph.exe
  C:\Windows\System\qjPxSph.exe
  2⤵
  PID:7908
- C:\Windows\System\PVldZoZ.exe
  C:\Windows\System\PVldZoZ.exe
  2⤵
  PID:7936
- C:\Windows\System\AVYeEUB.exe
  C:\Windows\System\AVYeEUB.exe
  2⤵
  PID:7956
- C:\Windows\System\jBSwEUr.exe
  C:\Windows\System\jBSwEUr.exe
  2⤵
  PID:7992
- C:\Windows\System\iafHtCR.exe
  C:\Windows\System\iafHtCR.exe
  2⤵
  PID:8060
- C:\Windows\System\wCFdhrG.exe
  C:\Windows\System\wCFdhrG.exe
  2⤵
  PID:8072
- C:\Windows\System\AJkIpde.exe
  C:\Windows\System\AJkIpde.exe
  2⤵
  PID:8096
- C:\Windows\System\addSbXy.exe
  C:\Windows\System\addSbXy.exe
  2⤵
  PID:8140
- C:\Windows\System\vFMirKw.exe
  C:\Windows\System\vFMirKw.exe
  2⤵
  PID:8176
- C:\Windows\System\PbsspbN.exe
  C:\Windows\System\PbsspbN.exe
  2⤵
  PID:2408
- C:\Windows\System\jlbxyIO.exe
  C:\Windows\System\jlbxyIO.exe
  2⤵
  PID:2616
- C:\Windows\System\looJTNz.exe
  C:\Windows\System\looJTNz.exe
  2⤵
  PID:6264
- C:\Windows\System\AhOeqVt.exe
  C:\Windows\System\AhOeqVt.exe
  2⤵
  PID:6224
- C:\Windows\System\AbPewfA.exe
  C:\Windows\System\AbPewfA.exe
  2⤵
  PID:6700
- C:\Windows\System\zTTXccC.exe
  C:\Windows\System\zTTXccC.exe
  2⤵
  PID:6936
- C:\Windows\System\AOXrJnM.exe
  C:\Windows\System\AOXrJnM.exe
  2⤵
  PID:7192
- C:\Windows\System\cFQgQyE.exe
  C:\Windows\System\cFQgQyE.exe
  2⤵
  PID:5556
- C:\Windows\System\gtRiYwg.exe
  C:\Windows\System\gtRiYwg.exe
  2⤵
  PID:2448
- C:\Windows\System\ggSAxGT.exe
  C:\Windows\System\ggSAxGT.exe
  2⤵
  PID:7240
- C:\Windows\System\wLfiyDV.exe
  C:\Windows\System\wLfiyDV.exe
  2⤵
  PID:7352
- C:\Windows\System\ShPXZTf.exe
  C:\Windows\System\ShPXZTf.exe
  2⤵
  PID:7392
- C:\Windows\System\LvQKrlo.exe
  C:\Windows\System\LvQKrlo.exe
  2⤵
  PID:7400
- C:\Windows\System\EAwiPgq.exe
  C:\Windows\System\EAwiPgq.exe
  2⤵
  PID:6972
- C:\Windows\System\oNMfbsO.exe
  C:\Windows\System\oNMfbsO.exe
  2⤵
  PID:7460
- C:\Windows\System\ADDLeTW.exe
  C:\Windows\System\ADDLeTW.exe
  2⤵
  PID:7544
- C:\Windows\System\BAMoMGj.exe
  C:\Windows\System\BAMoMGj.exe
  2⤵
  PID:7612
- C:\Windows\System\rULiTtg.exe
  C:\Windows\System\rULiTtg.exe
  2⤵
  PID:1940
- C:\Windows\System\TtPuuqe.exe
  C:\Windows\System\TtPuuqe.exe
  2⤵
  PID:7684
- C:\Windows\System\FzOSsEW.exe
  C:\Windows\System\FzOSsEW.exe
  2⤵
  PID:7744
- C:\Windows\System\hKklrDW.exe
  C:\Windows\System\hKklrDW.exe
  2⤵
  PID:7780
- C:\Windows\System\rcolhEp.exe
  C:\Windows\System\rcolhEp.exe
  2⤵
  PID:7892
- C:\Windows\System\iWraiQM.exe
  C:\Windows\System\iWraiQM.exe
  2⤵
  PID:7972
- C:\Windows\System\xEQQnTK.exe
  C:\Windows\System\xEQQnTK.exe
  2⤵
  PID:7916
- C:\Windows\System\gGlRggK.exe
  C:\Windows\System\gGlRggK.exe
  2⤵
  PID:8100
- C:\Windows\System\aeewOsf.exe
  C:\Windows\System\aeewOsf.exe
  2⤵
  PID:8040
- C:\Windows\System\ucoSCga.exe
  C:\Windows\System\ucoSCga.exe
  2⤵
  PID:8160
- C:\Windows\System\zyDttFY.exe
  C:\Windows\System\zyDttFY.exe
  2⤵
  PID:2572
- C:\Windows\System\cqPOaPS.exe
  C:\Windows\System\cqPOaPS.exe
  2⤵
  PID:6436
- C:\Windows\System\IryUpqN.exe
  C:\Windows\System\IryUpqN.exe
  2⤵
  PID:6184
- C:\Windows\System\yWrXosf.exe
  C:\Windows\System\yWrXosf.exe
  2⤵
  PID:6596
- C:\Windows\System\HspXFUc.exe
  C:\Windows\System\HspXFUc.exe
  2⤵
  PID:6668
- C:\Windows\System\KtXqwwl.exe
  C:\Windows\System\KtXqwwl.exe
  2⤵
  PID:7216
- C:\Windows\System\QTYyMXD.exe
  C:\Windows\System\QTYyMXD.exe
  2⤵
  PID:2228
- C:\Windows\System\CyzAEqs.exe
  C:\Windows\System\CyzAEqs.exe
  2⤵
  PID:7300
- C:\Windows\System\aGUqGNf.exe
  C:\Windows\System\aGUqGNf.exe
  2⤵
  PID:7480
- C:\Windows\System\WnyyENw.exe
  C:\Windows\System\WnyyENw.exe
  2⤵
  PID:7500
- C:\Windows\System\NCNyVvN.exe
  C:\Windows\System\NCNyVvN.exe
  2⤵
  PID:7576
- C:\Windows\System\GhtJpZx.exe
  C:\Windows\System\GhtJpZx.exe
  2⤵
  PID:7688
- C:\Windows\System\scnuvqr.exe
  C:\Windows\System\scnuvqr.exe
  2⤵
  PID:2640
- C:\Windows\System\mkyxeMq.exe
  C:\Windows\System\mkyxeMq.exe
  2⤵
  PID:7852
- C:\Windows\System\vqUKdgP.exe
  C:\Windows\System\vqUKdgP.exe
  2⤵
  PID:7888
- C:\Windows\System\pPefgIf.exe
  C:\Windows\System\pPefgIf.exe
  2⤵
  PID:8020
- C:\Windows\System\hApwexl.exe
  C:\Windows\System\hApwexl.exe
  2⤵
  PID:576
- C:\Windows\System\sEdlrVL.exe
  C:\Windows\System\sEdlrVL.exe
  2⤵
  PID:2816
- C:\Windows\System\WZxiaxL.exe
  C:\Windows\System\WZxiaxL.exe
  2⤵
  PID:3476
- C:\Windows\System\kktlVCW.exe
  C:\Windows\System\kktlVCW.exe
  2⤵
  PID:8212
- C:\Windows\System\yXYvoTR.exe
  C:\Windows\System\yXYvoTR.exe
  2⤵
  PID:8232
- C:\Windows\System\VLaETmt.exe
  C:\Windows\System\VLaETmt.exe
  2⤵
  PID:8248
- C:\Windows\System\RKDwbMw.exe
  C:\Windows\System\RKDwbMw.exe
  2⤵
  PID:8272
- C:\Windows\System\PeOuTuu.exe
  C:\Windows\System\PeOuTuu.exe
  2⤵
  PID:8292
- C:\Windows\System\mROFsIx.exe
  C:\Windows\System\mROFsIx.exe
  2⤵
  PID:8316
- C:\Windows\System\LHSYoSe.exe
  C:\Windows\System\LHSYoSe.exe
  2⤵
  PID:8336
- C:\Windows\System\CHnMAQD.exe
  C:\Windows\System\CHnMAQD.exe
  2⤵
  PID:8356
- C:\Windows\System\NWNYhbB.exe
  C:\Windows\System\NWNYhbB.exe
  2⤵
  PID:8376
- C:\Windows\System\xLVZEsm.exe
  C:\Windows\System\xLVZEsm.exe
  2⤵
  PID:8396
- C:\Windows\System\EmJYCMp.exe
  C:\Windows\System\EmJYCMp.exe
  2⤵
  PID:8416
- C:\Windows\System\BMIWpNu.exe
  C:\Windows\System\BMIWpNu.exe
  2⤵
  PID:8436
- C:\Windows\System\UIaVjOz.exe
  C:\Windows\System\UIaVjOz.exe
  2⤵
  PID:8456
- C:\Windows\System\BfcPJlL.exe
  C:\Windows\System\BfcPJlL.exe
  2⤵
  PID:8476
- C:\Windows\System\cIFJCtV.exe
  C:\Windows\System\cIFJCtV.exe
  2⤵
  PID:8496
- C:\Windows\System\aSOlqxh.exe
  C:\Windows\System\aSOlqxh.exe
  2⤵
  PID:8516
- C:\Windows\System\JyCdhCF.exe
  C:\Windows\System\JyCdhCF.exe
  2⤵
  PID:8536
- C:\Windows\System\eZehKtp.exe
  C:\Windows\System\eZehKtp.exe
  2⤵
  PID:8556
- C:\Windows\System\JgfRcXo.exe
  C:\Windows\System\JgfRcXo.exe
  2⤵
  PID:8576
- C:\Windows\System\RqUDUnu.exe
  C:\Windows\System\RqUDUnu.exe
  2⤵
  PID:8596
- C:\Windows\System\axVLPFL.exe
  C:\Windows\System\axVLPFL.exe
  2⤵
  PID:8616
- C:\Windows\System\MPSskFL.exe
  C:\Windows\System\MPSskFL.exe
  2⤵
  PID:8636
- C:\Windows\System\EerJPhu.exe
  C:\Windows\System\EerJPhu.exe
  2⤵
  PID:8656
- C:\Windows\System\KXCWXhN.exe
  C:\Windows\System\KXCWXhN.exe
  2⤵
  PID:8676
- C:\Windows\System\wRruxEZ.exe
  C:\Windows\System\wRruxEZ.exe
  2⤵
  PID:8696
- C:\Windows\System\PfGkkLg.exe
  C:\Windows\System\PfGkkLg.exe
  2⤵
  PID:8716
- C:\Windows\System\SaGJdSJ.exe
  C:\Windows\System\SaGJdSJ.exe
  2⤵
  PID:8740
- C:\Windows\System\tzWJUFO.exe
  C:\Windows\System\tzWJUFO.exe
  2⤵
  PID:8760
- C:\Windows\System\AyrGiFS.exe
  C:\Windows\System\AyrGiFS.exe
  2⤵
  PID:8776
- C:\Windows\System\gxDGXWM.exe
  C:\Windows\System\gxDGXWM.exe
  2⤵
  PID:8800
- C:\Windows\System\jJQHQWq.exe
  C:\Windows\System\jJQHQWq.exe
  2⤵
  PID:8816
- C:\Windows\System\JzylRLs.exe
  C:\Windows\System\JzylRLs.exe
  2⤵
  PID:8840
- C:\Windows\System\wPmiFlY.exe
  C:\Windows\System\wPmiFlY.exe
  2⤵
  PID:8860
- C:\Windows\System\aUUdDnI.exe
  C:\Windows\System\aUUdDnI.exe
  2⤵
  PID:8880
- C:\Windows\System\RiupARz.exe
  C:\Windows\System\RiupARz.exe
  2⤵
  PID:8900
- C:\Windows\System\lrxyssQ.exe
  C:\Windows\System\lrxyssQ.exe
  2⤵
  PID:8916
- C:\Windows\System\DSeEbeZ.exe
  C:\Windows\System\DSeEbeZ.exe
  2⤵
  PID:8932
- C:\Windows\System\xktGcDt.exe
  C:\Windows\System\xktGcDt.exe
  2⤵
  PID:8948
- C:\Windows\System\vNarWBE.exe
  C:\Windows\System\vNarWBE.exe
  2⤵
  PID:8964
- C:\Windows\System\GYHjjBx.exe
  C:\Windows\System\GYHjjBx.exe
  2⤵
  PID:8980
- C:\Windows\System\KBHMRqo.exe
  C:\Windows\System\KBHMRqo.exe
  2⤵
  PID:8996
- C:\Windows\System\dVsfjsG.exe
  C:\Windows\System\dVsfjsG.exe
  2⤵
  PID:9016
- C:\Windows\System\BSZeChE.exe
  C:\Windows\System\BSZeChE.exe
  2⤵
  PID:9032
- C:\Windows\System\YdpnADa.exe
  C:\Windows\System\YdpnADa.exe
  2⤵
  PID:9048
- C:\Windows\System\ixoQBuO.exe
  C:\Windows\System\ixoQBuO.exe
  2⤵
  PID:9072
- C:\Windows\System\AZaZYzC.exe
  C:\Windows\System\AZaZYzC.exe
  2⤵
  PID:9096
- C:\Windows\System\zEDDsha.exe
  C:\Windows\System\zEDDsha.exe
  2⤵
  PID:9116
- C:\Windows\System\OLhzPay.exe
  C:\Windows\System\OLhzPay.exe
  2⤵
  PID:9132
- C:\Windows\System\hXgVLQb.exe
  C:\Windows\System\hXgVLQb.exe
  2⤵
  PID:9156
- C:\Windows\System\pQLbBMF.exe
  C:\Windows\System\pQLbBMF.exe
  2⤵
  PID:9172
- C:\Windows\System\SfZTzck.exe
  C:\Windows\System\SfZTzck.exe
  2⤵
  PID:9196
- C:\Windows\System\dfNlSqg.exe
  C:\Windows\System\dfNlSqg.exe
  2⤵
  PID:9212
- C:\Windows\System\FMuybRu.exe
  C:\Windows\System\FMuybRu.exe
  2⤵
  PID:5204
- C:\Windows\System\WzMyFtF.exe
  C:\Windows\System\WzMyFtF.exe
  2⤵
  PID:7196
- C:\Windows\System\HPIFhto.exe
  C:\Windows\System\HPIFhto.exe
  2⤵
  PID:7332
- C:\Windows\System\aAqdLiG.exe
  C:\Windows\System\aAqdLiG.exe
  2⤵
  PID:7396
- C:\Windows\System\kBnolld.exe
  C:\Windows\System\kBnolld.exe
  2⤵
  PID:7444
- C:\Windows\System\AzjmBpt.exe
  C:\Windows\System\AzjmBpt.exe
  2⤵
  PID:7564
- C:\Windows\System\btYiUGM.exe
  C:\Windows\System\btYiUGM.exe
  2⤵
  PID:7712
- C:\Windows\System\YXSJpJQ.exe
  C:\Windows\System\YXSJpJQ.exe
  2⤵
  PID:7808
- C:\Windows\System\MdBYgaB.exe
  C:\Windows\System\MdBYgaB.exe
  2⤵
  PID:8036
- C:\Windows\System\WyJzXbK.exe
  C:\Windows\System\WyJzXbK.exe
  2⤵
  PID:7996
- C:\Windows\System\QhFIsqZ.exe
  C:\Windows\System\QhFIsqZ.exe
  2⤵
  PID:8136
- C:\Windows\System\zwErxtq.exe
  C:\Windows\System\zwErxtq.exe
  2⤵
  PID:8244
- C:\Windows\System\AGEfcgZ.exe
  C:\Windows\System\AGEfcgZ.exe
  2⤵
  PID:8284
- C:\Windows\System\TnNXBHo.exe
  C:\Windows\System\TnNXBHo.exe
  2⤵
  PID:8572
- C:\Windows\System\bPCBWYA.exe
  C:\Windows\System\bPCBWYA.exe
  2⤵
  PID:8608
- C:\Windows\System\yYxtYTs.exe
  C:\Windows\System\yYxtYTs.exe
  2⤵
  PID:8664
- C:\Windows\System\XzevGJQ.exe
  C:\Windows\System\XzevGJQ.exe
  2⤵
  PID:8668
- C:\Windows\System\xoewUca.exe
  C:\Windows\System\xoewUca.exe
  2⤵
  PID:8708
- C:\Windows\System\ViJtpav.exe
  C:\Windows\System\ViJtpav.exe
  2⤵
  PID:8728
- C:\Windows\System\XacepHo.exe
  C:\Windows\System\XacepHo.exe
  2⤵
  PID:8784
- C:\Windows\System\XDUWjEw.exe
  C:\Windows\System\XDUWjEw.exe
  2⤵
  PID:8768
- C:\Windows\System\KJHqePh.exe
  C:\Windows\System\KJHqePh.exe
  2⤵
  PID:8836
- C:\Windows\System\RlGXlKJ.exe
  C:\Windows\System\RlGXlKJ.exe
  2⤵
  PID:8872
- C:\Windows\System\hUcsViH.exe
  C:\Windows\System\hUcsViH.exe
  2⤵
  PID:8956
- C:\Windows\System\TsWICvr.exe
  C:\Windows\System\TsWICvr.exe
  2⤵
  PID:8992
- C:\Windows\System\IERYGKh.exe
  C:\Windows\System\IERYGKh.exe
  2⤵
  PID:9044
- C:\Windows\System\ehYXwbN.exe
  C:\Windows\System\ehYXwbN.exe
  2⤵
  PID:9088
- C:\Windows\System\sSijNiA.exe
  C:\Windows\System\sSijNiA.exe
  2⤵
  PID:9124
- C:\Windows\System\ETllqXy.exe
  C:\Windows\System\ETllqXy.exe
  2⤵
  PID:9112
- C:\Windows\System\LXIKqcA.exe
  C:\Windows\System\LXIKqcA.exe
  2⤵
  PID:9152
- C:\Windows\System\DIkulRb.exe
  C:\Windows\System\DIkulRb.exe
  2⤵
  PID:9188
- C:\Windows\System\sMtLujY.exe
  C:\Windows\System\sMtLujY.exe
  2⤵
  PID:6628
- C:\Windows\System\aLtVwRX.exe
  C:\Windows\System\aLtVwRX.exe
  2⤵
  PID:2636
- C:\Windows\System\MTvLYqD.exe
  C:\Windows\System\MTvLYqD.exe
  2⤵
  PID:7356
- C:\Windows\System\CWZTyHC.exe
  C:\Windows\System\CWZTyHC.exe
  2⤵
  PID:3620
- C:\Windows\System\dDBWUfm.exe
  C:\Windows\System\dDBWUfm.exe
  2⤵
  PID:7692
- C:\Windows\System\ETYhIDN.exe
  C:\Windows\System\ETYhIDN.exe
  2⤵
  PID:7896
- C:\Windows\System\MDLjYYJ.exe
  C:\Windows\System\MDLjYYJ.exe
  2⤵
  PID:2924
- C:\Windows\System\fXNMrZo.exe
  C:\Windows\System\fXNMrZo.exe
  2⤵
  PID:2820
- C:\Windows\System\sRuAenq.exe
  C:\Windows\System\sRuAenq.exe
  2⤵
  PID:8260
- C:\Windows\System\izVhebI.exe
  C:\Windows\System\izVhebI.exe
  2⤵
  PID:1640
- C:\Windows\System\zyhaYfp.exe
  C:\Windows\System\zyhaYfp.exe
  2⤵
  PID:3556
- C:\Windows\System\KQsDwKZ.exe
  C:\Windows\System\KQsDwKZ.exe
  2⤵
  PID:2084
- C:\Windows\System\ZFaFBQQ.exe
  C:\Windows\System\ZFaFBQQ.exe
  2⤵
  PID:1152
- C:\Windows\System\odqWJPp.exe
  C:\Windows\System\odqWJPp.exe
  2⤵
  PID:3228
- C:\Windows\System\KaciLLg.exe
  C:\Windows\System\KaciLLg.exe
  2⤵
  PID:8364
- C:\Windows\System\VkpsGdH.exe
  C:\Windows\System\VkpsGdH.exe
  2⤵
  PID:8352
- C:\Windows\System\VcOcZiF.exe
  C:\Windows\System\VcOcZiF.exe
  2⤵
  PID:8424
- C:\Windows\System\kYYPAyC.exe
  C:\Windows\System\kYYPAyC.exe
  2⤵
  PID:1832
- C:\Windows\System\QfpTFTz.exe
  C:\Windows\System\QfpTFTz.exe
  2⤵
  PID:972
- C:\Windows\System\KRWbFjA.exe
  C:\Windows\System\KRWbFjA.exe
  2⤵
  PID:8408
- C:\Windows\System\hYCGiLS.exe
  C:\Windows\System\hYCGiLS.exe
  2⤵
  PID:2684
- C:\Windows\System\OYYjKte.exe
  C:\Windows\System\OYYjKte.exe
  2⤵
  PID:460
- C:\Windows\System\sgSIXFL.exe
  C:\Windows\System\sgSIXFL.exe
  2⤵
  PID:3056
- C:\Windows\System\VBjLKrd.exe
  C:\Windows\System\VBjLKrd.exe
  2⤵
  PID:1472
- C:\Windows\System\MyGBvua.exe
  C:\Windows\System\MyGBvua.exe
  2⤵
  PID:1672
- C:\Windows\System\IxgIojf.exe
  C:\Windows\System\IxgIojf.exe
  2⤵
  PID:8592
- C:\Windows\System\RQGeUGr.exe
  C:\Windows\System\RQGeUGr.exe
  2⤵
  PID:8612
- C:\Windows\System\ozBLCqy.exe
  C:\Windows\System\ozBLCqy.exe
  2⤵
  PID:8756
- C:\Windows\System\wuifPxz.exe
  C:\Windows\System\wuifPxz.exe
  2⤵
  PID:8648
- C:\Windows\System\NgvPFCu.exe
  C:\Windows\System\NgvPFCu.exe
  2⤵
  PID:8796
- C:\Windows\System\tZwWkbk.exe
  C:\Windows\System\tZwWkbk.exe
  2⤵
  PID:2188
- C:\Windows\System\yBEgXYG.exe
  C:\Windows\System\yBEgXYG.exe
  2⤵
  PID:8896
- C:\Windows\System\sEoHMte.exe
  C:\Windows\System\sEoHMte.exe
  2⤵
  PID:8908
- C:\Windows\System\aPEbayN.exe
  C:\Windows\System\aPEbayN.exe
  2⤵
  PID:2980
- C:\Windows\System\KQGPqzv.exe
  C:\Windows\System\KQGPqzv.exe
  2⤵
  PID:9012
- C:\Windows\System\GAcqOMi.exe
  C:\Windows\System\GAcqOMi.exe
  2⤵
  PID:9008
- C:\Windows\System\POotLTr.exe
  C:\Windows\System\POotLTr.exe
  2⤵
  PID:9104
- C:\Windows\System\CKrLCLU.exe
  C:\Windows\System\CKrLCLU.exe
  2⤵
  PID:8808
- C:\Windows\System\KvhbsgB.exe
  C:\Windows\System\KvhbsgB.exe
  2⤵
  PID:9092
- C:\Windows\System\FmnIHuN.exe
  C:\Windows\System\FmnIHuN.exe
  2⤵
  PID:6100
- C:\Windows\System\MZPEqRj.exe
  C:\Windows\System\MZPEqRj.exe
  2⤵
  PID:7360
- C:\Windows\System\ZUfcYwX.exe
  C:\Windows\System\ZUfcYwX.exe
  2⤵
  PID:2648
- C:\Windows\System\TlZbibK.exe
  C:\Windows\System\TlZbibK.exe
  2⤵
  PID:8196
- C:\Windows\System\BSEhtCJ.exe
  C:\Windows\System\BSEhtCJ.exe
  2⤵
  PID:7832
- C:\Windows\System\sLEFTPk.exe
  C:\Windows\System\sLEFTPk.exe
  2⤵
  PID:1568
- C:\Windows\System\cwoxdzU.exe
  C:\Windows\System\cwoxdzU.exe
  2⤵
  PID:2576
- C:\Windows\System\qElNxbk.exe
  C:\Windows\System\qElNxbk.exe
  2⤵
  PID:8304
- C:\Windows\System\ZXbEwnH.exe
  C:\Windows\System\ZXbEwnH.exe
  2⤵
  PID:8404
- C:\Windows\System\WgGxNJm.exe
  C:\Windows\System\WgGxNJm.exe
  2⤵
  PID:7640
- C:\Windows\System\mGOqFOH.exe
  C:\Windows\System\mGOqFOH.exe
  2⤵
  PID:928
- C:\Windows\System\sobvbNt.exe
  C:\Windows\System\sobvbNt.exe
  2⤵
  PID:2060
- C:\Windows\System\iPnpite.exe
  C:\Windows\System\iPnpite.exe
  2⤵
  PID:1096
- C:\Windows\System\ULCVAxr.exe
  C:\Windows\System\ULCVAxr.exe
  2⤵
  PID:1180
- C:\Windows\System\RHstLqC.exe
  C:\Windows\System\RHstLqC.exe
  2⤵
  PID:8724
- C:\Windows\System\tpPzEWl.exe
  C:\Windows\System\tpPzEWl.exe
  2⤵
  PID:2452
- C:\Windows\System\CJYzupk.exe
  C:\Windows\System\CJYzupk.exe
  2⤵
  PID:8732
- C:\Windows\System\uxfJVCq.exe
  C:\Windows\System\uxfJVCq.exe
  2⤵
  PID:8944
- C:\Windows\System\ZaRRhwh.exe
  C:\Windows\System\ZaRRhwh.exe
  2⤵
  PID:8528
- C:\Windows\System\XUgxycy.exe
  C:\Windows\System\XUgxycy.exe
  2⤵
  PID:8812
- C:\Windows\System\mzyYyUW.exe
  C:\Windows\System\mzyYyUW.exe
  2⤵
  PID:8564
- C:\Windows\System\yhDJheS.exe
  C:\Windows\System\yhDJheS.exe
  2⤵
  PID:9040
- C:\Windows\System\zfYmACb.exe
  C:\Windows\System\zfYmACb.exe
  2⤵
  PID:9060
- C:\Windows\System\XvgSxfj.exe
  C:\Windows\System\XvgSxfj.exe
  2⤵
  PID:7848
- C:\Windows\System\SDJbBho.exe
  C:\Windows\System\SDJbBho.exe
  2⤵
  PID:872
- C:\Windows\System\KEwWIez.exe
  C:\Windows\System\KEwWIez.exe
  2⤵
  PID:6872
- C:\Windows\System\golMxxp.exe
  C:\Windows\System\golMxxp.exe
  2⤵
  PID:7652
- C:\Windows\System\UsZiqxq.exe
  C:\Windows\System\UsZiqxq.exe
  2⤵
  PID:7912
- C:\Windows\System\mIkLdcW.exe
  C:\Windows\System\mIkLdcW.exe
  2⤵
  PID:8224
- C:\Windows\System\kPeKMrm.exe
  C:\Windows\System\kPeKMrm.exe
  2⤵
  PID:2560
- C:\Windows\System\YtCJcEX.exe
  C:\Windows\System\YtCJcEX.exe
  2⤵
  PID:8532
- C:\Windows\System\CwzcEAn.exe
  C:\Windows\System\CwzcEAn.exe
  2⤵
  PID:2224
- C:\Windows\System\mvYMMpn.exe
  C:\Windows\System\mvYMMpn.exe
  2⤵
  PID:2832
- C:\Windows\System\lMwRIav.exe
  C:\Windows\System\lMwRIav.exe
  2⤵
  PID:8584
- C:\Windows\System\uBjzCdq.exe
  C:\Windows\System\uBjzCdq.exe
  2⤵
  PID:1128
- C:\Windows\System\OSUmCWV.exe
  C:\Windows\System\OSUmCWV.exe
  2⤵
  PID:8712
- C:\Windows\System\igCmtGJ.exe
  C:\Windows\System\igCmtGJ.exe
  2⤵
  PID:1920
- C:\Windows\System\awKRHXb.exe
  C:\Windows\System\awKRHXb.exe
  2⤵
  PID:9004
- C:\Windows\System\RKCPTfO.exe
  C:\Windows\System\RKCPTfO.exe
  2⤵
  PID:9108
- C:\Windows\System\sebKMvI.exe
  C:\Windows\System\sebKMvI.exe
  2⤵
  PID:8228
- C:\Windows\System\pJlqasZ.exe
  C:\Windows\System\pJlqasZ.exe
  2⤵
  PID:8208
- C:\Windows\System\EvTUKAj.exe
  C:\Windows\System\EvTUKAj.exe
  2⤵
  PID:8332
- C:\Windows\System\kbxyByn.exe
  C:\Windows\System\kbxyByn.exe
  2⤵
  PID:1100
- C:\Windows\System\jbjUhJo.exe
  C:\Windows\System\jbjUhJo.exe
  2⤵
  PID:1632
- C:\Windows\System\ASurokt.exe
  C:\Windows\System\ASurokt.exe
  2⤵
  PID:2680
- C:\Windows\System\EozZILp.exe
  C:\Windows\System\EozZILp.exe
  2⤵
  PID:8268
- C:\Windows\System\TSvuCqc.exe
  C:\Windows\System\TSvuCqc.exe
  2⤵
  PID:1108
- C:\Windows\System\MlkXspq.exe
  C:\Windows\System\MlkXspq.exe
  2⤵
  PID:9144
- C:\Windows\System\TweNwvd.exe
  C:\Windows\System\TweNwvd.exe
  2⤵
  PID:936
- C:\Windows\System\qdmlFAs.exe
  C:\Windows\System\qdmlFAs.exe
  2⤵
  PID:9080
- C:\Windows\System\ppWDMvZ.exe
  C:\Windows\System\ppWDMvZ.exe
  2⤵
  PID:8204
- C:\Windows\System\GqjEfXE.exe
  C:\Windows\System\GqjEfXE.exe
  2⤵
  PID:9192
- C:\Windows\System\zwmZoTc.exe
  C:\Windows\System\zwmZoTc.exe
  2⤵
  PID:8328
- C:\Windows\System\qqjUYpi.exe
  C:\Windows\System\qqjUYpi.exe
  2⤵
  PID:9164
- C:\Windows\System\gMjmtNs.exe
  C:\Windows\System\gMjmtNs.exe
  2⤵
  PID:2312
- C:\Windows\System\MTsDwNI.exe
  C:\Windows\System\MTsDwNI.exe
  2⤵
  PID:8692
- C:\Windows\System\qGMCmTj.exe
  C:\Windows\System\qGMCmTj.exe
  2⤵
  PID:8792
- C:\Windows\System\gzHLagG.exe
  C:\Windows\System\gzHLagG.exe
  2⤵
  PID:2548
- C:\Windows\System\VJxWlsV.exe
  C:\Windows\System\VJxWlsV.exe
  2⤵
  PID:9220
- C:\Windows\System\DApYlfU.exe
  C:\Windows\System\DApYlfU.exe
  2⤵
  PID:9240
- C:\Windows\System\LnMSXDK.exe
  C:\Windows\System\LnMSXDK.exe
  2⤵
  PID:9264
- C:\Windows\System\kHLlCCD.exe
  C:\Windows\System\kHLlCCD.exe
  2⤵
  PID:9280
- C:\Windows\System\YqXsOSO.exe
  C:\Windows\System\YqXsOSO.exe
  2⤵
  PID:9296
- C:\Windows\System\eFvQSWq.exe
  C:\Windows\System\eFvQSWq.exe
  2⤵
  PID:9320
- C:\Windows\System\YqHqlbi.exe
  C:\Windows\System\YqHqlbi.exe
  2⤵
  PID:9340
- C:\Windows\System\ixnhmtj.exe
  C:\Windows\System\ixnhmtj.exe
  2⤵
  PID:9356
- C:\Windows\System\oBIDwiu.exe
  C:\Windows\System\oBIDwiu.exe
  2⤵
  PID:9372
- C:\Windows\System\tzXYnQN.exe
  C:\Windows\System\tzXYnQN.exe
  2⤵
  PID:9388
- C:\Windows\System\lqytyiS.exe
  C:\Windows\System\lqytyiS.exe
  2⤵
  PID:9404
- C:\Windows\System\lhVsqrV.exe
  C:\Windows\System\lhVsqrV.exe
  2⤵
  PID:9420
- C:\Windows\System\llBkEkq.exe
  C:\Windows\System\llBkEkq.exe
  2⤵
  PID:9436
- C:\Windows\System\fHfWuPh.exe
  C:\Windows\System\fHfWuPh.exe
  2⤵
  PID:9452
- C:\Windows\System\EriLvwZ.exe
  C:\Windows\System\EriLvwZ.exe
  2⤵
  PID:9468
- C:\Windows\System\rppXXCF.exe
  C:\Windows\System\rppXXCF.exe
  2⤵
  PID:9488
- C:\Windows\System\ifpcMYP.exe
  C:\Windows\System\ifpcMYP.exe
  2⤵
  PID:9504
- C:\Windows\System\wDVSEAs.exe
  C:\Windows\System\wDVSEAs.exe
  2⤵
  PID:9520
- C:\Windows\System\tGgETUR.exe
  C:\Windows\System\tGgETUR.exe
  2⤵
  PID:9536
- C:\Windows\System\lpNVUUK.exe
  C:\Windows\System\lpNVUUK.exe
  2⤵
  PID:9552
- C:\Windows\System\jTVhBqb.exe
  C:\Windows\System\jTVhBqb.exe
  2⤵
  PID:9568
- C:\Windows\System\nHemfwK.exe
  C:\Windows\System\nHemfwK.exe
  2⤵
  PID:9584
- C:\Windows\System\fcPnhGe.exe
  C:\Windows\System\fcPnhGe.exe
  2⤵
  PID:9600
- C:\Windows\System\NUZxSKK.exe
  C:\Windows\System\NUZxSKK.exe
  2⤵
  PID:9616
- C:\Windows\System\ZaLWANU.exe
  C:\Windows\System\ZaLWANU.exe
  2⤵
  PID:9632
- C:\Windows\System\zIwXYcq.exe
  C:\Windows\System\zIwXYcq.exe
  2⤵
  PID:9660
- C:\Windows\System\IfbTfFU.exe
  C:\Windows\System\IfbTfFU.exe
  2⤵
  PID:9680
- C:\Windows\System\YQyUUnf.exe
  C:\Windows\System\YQyUUnf.exe
  2⤵
  PID:9700
- C:\Windows\System\PHEDlue.exe
  C:\Windows\System\PHEDlue.exe
  2⤵
  PID:9716
- C:\Windows\System\YkAMdpj.exe
  C:\Windows\System\YkAMdpj.exe
  2⤵
  PID:9732
- C:\Windows\System\smcxHeh.exe
  C:\Windows\System\smcxHeh.exe
  2⤵
  PID:9748
- C:\Windows\System\amvgeon.exe
  C:\Windows\System\amvgeon.exe
  2⤵
  PID:9764
- C:\Windows\System\xmEnuET.exe
  C:\Windows\System\xmEnuET.exe
  2⤵
  PID:9780
- C:\Windows\System\ZwUmfVZ.exe
  C:\Windows\System\ZwUmfVZ.exe
  2⤵
  PID:9800
- C:\Windows\System\ZMtGgxg.exe
  C:\Windows\System\ZMtGgxg.exe
  2⤵
  PID:9816
- C:\Windows\System\QyziZwu.exe
  C:\Windows\System\QyziZwu.exe
  2⤵
  PID:9832
- C:\Windows\System\cXqWrqV.exe
  C:\Windows\System\cXqWrqV.exe
  2⤵
  PID:9848
- C:\Windows\System\bXqXpQa.exe
  C:\Windows\System\bXqXpQa.exe
  2⤵
  PID:9872
- C:\Windows\System\sPhdqDR.exe
  C:\Windows\System\sPhdqDR.exe
  2⤵
  PID:9892
- C:\Windows\System\ccWiPzx.exe
  C:\Windows\System\ccWiPzx.exe
  2⤵
  PID:9908
- C:\Windows\System\oVsLmXG.exe
  C:\Windows\System\oVsLmXG.exe
  2⤵
  PID:9924
- C:\Windows\System\qyQLmeb.exe
  C:\Windows\System\qyQLmeb.exe
  2⤵
  PID:9940
- C:\Windows\System\RTQDiKz.exe
  C:\Windows\System\RTQDiKz.exe
  2⤵
  PID:9956
- C:\Windows\System\gavqDXu.exe
  C:\Windows\System\gavqDXu.exe
  2⤵
  PID:9976
- C:\Windows\System\dnEBnVV.exe
  C:\Windows\System\dnEBnVV.exe
  2⤵
  PID:9992
- C:\Windows\System\rARwcaS.exe
  C:\Windows\System\rARwcaS.exe
  2⤵
  PID:10012
- C:\Windows\System\KbiCdnK.exe
  C:\Windows\System\KbiCdnK.exe
  2⤵
  PID:10028
- C:\Windows\System\EHaAzFe.exe
  C:\Windows\System\EHaAzFe.exe
  2⤵
  PID:10044
- C:\Windows\System\RJabmtS.exe
  C:\Windows\System\RJabmtS.exe
  2⤵
  PID:10068
- C:\Windows\System\TKlKXxt.exe
  C:\Windows\System\TKlKXxt.exe
  2⤵
  PID:10084
- C:\Windows\System\UhFcHlT.exe
  C:\Windows\System\UhFcHlT.exe
  2⤵
  PID:10100
- C:\Windows\System\gbRlstr.exe
  C:\Windows\System\gbRlstr.exe
  2⤵
  PID:10116
- C:\Windows\System\bnCZbhA.exe
  C:\Windows\System\bnCZbhA.exe
  2⤵
  PID:10132
- C:\Windows\System\eTtOcZt.exe
  C:\Windows\System\eTtOcZt.exe
  2⤵
  PID:10148
- C:\Windows\System\szqEctN.exe
  C:\Windows\System\szqEctN.exe
  2⤵
  PID:10164
- C:\Windows\System\PhqYIhm.exe
  C:\Windows\System\PhqYIhm.exe
  2⤵
  PID:10180
- C:\Windows\System\szgNzEw.exe
  C:\Windows\System\szgNzEw.exe
  2⤵
  PID:10196
- C:\Windows\System\MXSesSn.exe
  C:\Windows\System\MXSesSn.exe
  2⤵
  PID:10212
- C:\Windows\System\JjvqVUz.exe
  C:\Windows\System\JjvqVUz.exe
  2⤵
  PID:10228
- C:\Windows\System\EROJcjg.exe
  C:\Windows\System\EROJcjg.exe
  2⤵
  PID:2144
- C:\Windows\System\MEsKGqG.exe
  C:\Windows\System\MEsKGqG.exe
  2⤵
  PID:8548
- C:\Windows\System\oHvHwzZ.exe
  C:\Windows\System\oHvHwzZ.exe
  2⤵
  PID:9228
- C:\Windows\System\LbdpjXz.exe
  C:\Windows\System\LbdpjXz.exe
  2⤵
  PID:9232
- C:\Windows\System\vXCiImS.exe
  C:\Windows\System\vXCiImS.exe
  2⤵
  PID:9292
- C:\Windows\System\LrxUMBW.exe
  C:\Windows\System\LrxUMBW.exe
  2⤵
  PID:9304
- C:\Windows\System\ngomPIJ.exe
  C:\Windows\System\ngomPIJ.exe
  2⤵
  PID:9312
- C:\Windows\System\jQqUomy.exe
  C:\Windows\System\jQqUomy.exe
  2⤵
  PID:9348
- C:\Windows\System\OAraemK.exe
  C:\Windows\System\OAraemK.exe
  2⤵
  PID:9428
- C:\Windows\System\GJdJkfA.exe
  C:\Windows\System\GJdJkfA.exe
  2⤵
  PID:1400
- C:\Windows\System\cBkLREA.exe
  C:\Windows\System\cBkLREA.exe
  2⤵
  PID:2960
- C:\Windows\System\CisVNKN.exe
  C:\Windows\System\CisVNKN.exe
  2⤵
  PID:9460
- C:\Windows\System\uyeQnFn.exe
  C:\Windows\System\uyeQnFn.exe
  2⤵
  PID:9476
- C:\Windows\System\JsldQnX.exe
  C:\Windows\System\JsldQnX.exe
  2⤵
  PID:9528
- C:\Windows\System\aAhFzvT.exe
  C:\Windows\System\aAhFzvT.exe
  2⤵
  PID:9624
- C:\Windows\System\nLkPbtU.exe
  C:\Windows\System\nLkPbtU.exe
  2⤵
  PID:9516
- C:\Windows\System\ufTnjAK.exe
  C:\Windows\System\ufTnjAK.exe
  2⤵
  PID:9580
- C:\Windows\System\mKToZvj.exe
  C:\Windows\System\mKToZvj.exe
  2⤵
  PID:9640
- C:\Windows\System\istxDmj.exe
  C:\Windows\System\istxDmj.exe
  2⤵
  PID:9672
- C:\Windows\System\WBVDgmW.exe
  C:\Windows\System\WBVDgmW.exe
  2⤵
  PID:9712
- C:\Windows\System\PIsPEcE.exe
  C:\Windows\System\PIsPEcE.exe
  2⤵
  PID:9676
- C:\Windows\System\htDEzht.exe
  C:\Windows\System\htDEzht.exe
  2⤵
  PID:9728
- C:\Windows\System\fekaXAa.exe
  C:\Windows\System\fekaXAa.exe
  2⤵
  PID:9812
- C:\Windows\System\lSlJIra.exe
  C:\Windows\System\lSlJIra.exe
  2⤵
  PID:9844
- C:\Windows\System\fCCFvwA.exe
  C:\Windows\System\fCCFvwA.exe
  2⤵
  PID:9824
- C:\Windows\System\mSvlWTb.exe
  C:\Windows\System\mSvlWTb.exe
  2⤵
  PID:9880
- C:\Windows\System\GCBHJmk.exe
  C:\Windows\System\GCBHJmk.exe
  2⤵
  PID:9932
- C:\Windows\System\ATEcmMX.exe
  C:\Windows\System\ATEcmMX.exe
  2⤵
  PID:9936
- C:\Windows\System\fBqXnev.exe
  C:\Windows\System\fBqXnev.exe
  2⤵
  PID:9916
- C:\Windows\System\aLENcRT.exe
  C:\Windows\System\aLENcRT.exe
  2⤵
  PID:9972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BCpRUqU.exe

Filesize
6.0MB

MD5
12401a522ef8c530661eb6f910d6e94e

SHA1
6b26a984d4651f653c1d4e3339c2972a3108aa8e

SHA256
cf08e619fb8384014cb7993686140338f9d70b2478a3242399bc7fb759efdfe0

SHA512
327a2923440b6d6eef79f5669d84ccf6f34d64437dcbd9d6d6022451e4f378960b95424d360e5303c77d48fe072666ac67ce000ca34daa85c54155ddff50100e

Download Submit
C:\Windows\system\CeoldeN.exe

Filesize
6.0MB

MD5
bfaae5f0a61d30b6cf5f9a472391e1b5

SHA1
13c873ddf502d8d4a384d2fffc41c7138216af5c

SHA256
476fc674a8146ea739990dbc495c59109e66d7913291b469408a668df5e4c425

SHA512
e661269b12b375de79b250cf4b9b80b837eb9ae0dd85575b9323708afbbb4b9664867a200bff9780f6c7fc2be76358d7dea5695152434a289a63ae4497074db4

Download Submit
C:\Windows\system\GUEOUOZ.exe

Filesize
6.0MB

MD5
2e208fb4a658f9b662490e1962c4bceb

SHA1
241a1f9350d0f70099df7828f43e236907d13e9b

SHA256
326938fcdeccb9a86d15423b36455518595bce2e5f8c408975c2b11eaa6f8ed7

SHA512
48794501ef87debeea403629aceee39fc8e31a91bf9b4423b316cf3a95d9a616a11e0c8be22a25540a3268708904b5bce8d4b0def43dd11b4433f5ad458c5abf

Download Submit
C:\Windows\system\GUqNwls.exe

Filesize
6.0MB

MD5
35715d13428c8bcf32faa8d9e5b800d8

SHA1
31154516fe17185a6265f3830e34ef2069649213

SHA256
009dc34ddbf0d8c504b09fbb3bb7acb57c45dc3542159527dad9560c456f1a31

SHA512
040f72efb4ded5ad6edd06c537a1679baed57a157820985103c9df09c49381526c8cd68e6efea74b6089edd4d5e0b53000755eee18edfa1aa18dcce0dcac0187

Download Submit
C:\Windows\system\GeQfiUO.exe

Filesize
6.0MB

MD5
3e588ae470625f60f111eb40bc1e06d6

SHA1
be8422b46df632467b2bf7de1cc4c78fad974259

SHA256
446a2e169614f731a3b500bb025d54b1d167b5adcfe76f52f20dc25f8d9c8f2d

SHA512
e41496be826727026dba3b610f1e4bb669401ea200e1a5acbb60b97bb700d90151aa169d818ca1297e942d61c62055f311825bb4f6a9661cfa977b088213a3ce

Download Submit
C:\Windows\system\HbDGOJB.exe

Filesize
6.0MB

MD5
5a37fbdeeba2e403b4e2fb0e2ecaf4c2

SHA1
e7cc180d9b13a25eb5231cf544d2d124a9c25230

SHA256
5ffb555ba857b07023a930f3b91398d9e4d22202470969ad2428abc593f6ab0d

SHA512
629e25d245f63cc9e2bdc928a1a762708051515a8b4e2cba64d2532ee5c3a368c25865a51ccee633cee23984bbb65999590a47fada923868efbb33e540a2f9fa

Download Submit
C:\Windows\system\INlyyGf.exe

Filesize
6.0MB

MD5
b0f5fc60ae596643937541cf9d5ae70a

SHA1
70b2db2510b2c03bab3e7a8a5ae7aa42057cf4ff

SHA256
6c2e5302ee497631598014eff9f4d2d9765f19824bcdac68718def7da5fc5395

SHA512
c7bed65c1bc8fc49dcdbd2ed9878bf3699096d07f0ba44a620bdf84a350b507040d6924118518d4d58c8dd6393ba1edd32554d23b139824d4de651ed23763550

Download Submit
C:\Windows\system\JzExTzi.exe

Filesize
6.0MB

MD5
aeff5a7a8dca3c1f69442ce0d9d2890a

SHA1
ccf6f53e545310d8095abc6ae305f752661add48

SHA256
9c3cc268d99461880a8e7ed32d3e22bff8b7d673a966a5d27d8c327a0c119a0a

SHA512
c2a254215cab5f2dfef9e9b554d8ecbfef416d00d2e4a55b73a403a5b9b3330a8baa599a3e1f8301de794147c5d2e781399d6d749dc693db24f949cf681e29ce

Download Submit
C:\Windows\system\KYaJmeA.exe

Filesize
6.0MB

MD5
903ec133c4b27b8decc1cc5d0805dbdb

SHA1
29050cedb750ec755f7c41d4422fa9039949155f

SHA256
28f747a859620d71b7edba95bf465b6c755b092bd7e27ccd2e8903274267384b

SHA512
5e7df00621d5c5bdf51898d7be6d29a778bbf8c45488edf82e093a70eb7299adff06d861ddd1ee209c30b4ca6238a25fef6bb2e5bbce9e32fb68681c0478fd73

Download Submit
C:\Windows\system\PWFZynV.exe

Filesize
6.0MB

MD5
301c9b9a05bb1cbb2206e347d6a212d4

SHA1
6fc809a726aefc0055e63239792a4f39060fede2

SHA256
842bd8aec80237c6ef5110eb2fac9361467b42341140b120b6610adce8d61b73

SHA512
3b0debff21bef86d9cbae941a62641e2b3e512f47121d4ba37d9bd2b462750014a8015001fd595e535ca83fb79e93370d542d3cf13c4b5fcc3838323c4d10d15

Download Submit
C:\Windows\system\UvqHTcb.exe

Filesize
6.0MB

MD5
e4f6f8e88f4f0f38811095955839fa0b

SHA1
f56bd8eb6c8c55fe45caea984717870311aec83c

SHA256
43e56b9ae026adf0abdbe3e60f7b103f7c2fe94886c921f97b92546b7ae592e9

SHA512
6fb3cbaa3cb6c8b8c582949496c778bdd71997756509a037452167c1f740c5fc694f9b89e8878084ad544ef342ad4d9d1fd4249387047b78e6073689e7d05b48

Download Submit
C:\Windows\system\VzPkgSF.exe

Filesize
6.0MB

MD5
dda04abc88b208724d54a1f2ebfd0b4b

SHA1
8b6cdd513b8d2950092abc3870285c38f87e4dc6

SHA256
85099e61e842477eb98f31ed773bc918f2c382ac8ccd5977934e1551955a86e6

SHA512
69697634a0b93574abe9360c3bcc89bd3c623ee21b61f0e95c0adb7cb4937350b8dfa3a8c44abc8f9239fbb2da47fe0c04e41ee6490895806813ca4bbac7bd96

Download Submit
C:\Windows\system\YawASCV.exe

Filesize
6.0MB

MD5
0f24e18399484ee5d49ec7f251315601

SHA1
cef0d2e93e17f9c218d58bf2dc2f1875262314df

SHA256
a7aaff64dd4dd0f6ae89057fb4165384425e224cf41368b1ebd55a6c78099de7

SHA512
b1c8890f706327d7c05df1a96c4c614a0cf051a405acbbed9e94decd46f44a1ce5357f8570e8dd9c9b428b1b260cd987efb62fd1d032b0802111ae1cdef5cdcd

Download Submit
C:\Windows\system\acknamd.exe

Filesize
6.0MB

MD5
203495ee4f6c29d999df32d10ab3494c

SHA1
3d5de8b8a9fa3dfb0f25e0ced1cb11c97400ba20

SHA256
67f917c9866fb68fcb7ee3d49a3ffae4e2b32a40bdcce4d6da6975d871ee6006

SHA512
7e7c0d177038859ef166189c046d40e58fe724ca046014be43479b7b679c6ea51bb92c3872fe9874ba81d9216ff67991fd09bd6acc56b0bc35bc3d653e4eee50

Download Submit
C:\Windows\system\alwFiNY.exe

Filesize
6.0MB

MD5
ab1295484c873aaf4fc6c9b9d1c4be06

SHA1
2f0f9f84cbec08ea329fabeead4ca7772e88001a

SHA256
fb5250e5ed8fc0bb15b20dfb1ac9fe510a773bbd6e810b2731d38264aca74ac6

SHA512
62aab0d9aba8128baa3c455b8e657d754b8f5592845c85b9413d5d1ce2f1aeb666e4f7551006dc09bea8426fa4a89a43500619ec353e5ee3418c205f615e3a98

Download Submit
C:\Windows\system\cHUiVVb.exe

Filesize
6.0MB

MD5
b795377e0830ab27d532aa8be6365262

SHA1
af46ab3a7930f2be1d5789bf8c3b2fe1d1a72b8a

SHA256
f012e27d0bb7eec58576641fb5813517bbb3137e6f4f40728d81943708aec0f8

SHA512
ff7c5530df2ca3963b795e841171ffdf9368c7a09c27398aa1ca3b97f0e5a278e4bd4706733b1044bacad117b1533d56c230ccc391d4d40ef110d1e0100630da

Download Submit
C:\Windows\system\eqZhfnx.exe

Filesize
6.0MB

MD5
0953a038e0331b798ade4dc3208fa9b0

SHA1
50f5d5e80d5c96218dda3475f768eb4030029b44

SHA256
3b1434abc23ccd20ab13eeec46a311b1f50ec5a8554013b209e3e11012c11630

SHA512
1f782aa32586e960fc183072aa58f2eb82767073439115070c428f992cf3166de087dbbf1b5444f9543100309fa0aaacfe677c6cb8d3cd5673f410b5d0a1302a

Download Submit
C:\Windows\system\jMPUQaa.exe

Filesize
6.0MB

MD5
76c59de18c2eddb013c7b4e14b73b5e9

SHA1
f91d8c088f263d433c7edd1b58828bf9c677d34b

SHA256
0fcae2953be3f10ff93088327ec179ced021378cfc2feb1c6b8f193f2c53d7e3

SHA512
c21338b4aa2079811be833ae84c74702c6d849e5675e534aeafea1bb6d76d23c4b23c909654648fdc65ae16adf90f98b4a842388c088aeeaeedf2b9354093ce4

Download Submit
C:\Windows\system\joeNxLe.exe

Filesize
6.0MB

MD5
a935ad3c87338ae8bb2bd37891a508bf

SHA1
e801176b905cace11da64aea6bde37b7c6045505

SHA256
9de761b4ceb038180c5aed2c33db4e51799a5f8e7c23e494906a11e5e85c60d0

SHA512
965ede2b1c5c460fb65a214c3a48cead2628d749473a55461a69cad8ffb365ee1b9ace65a72af7826baf4bea1ff6c0191aa8ec4f56f0d76a22044fbc090c9249

Download Submit
C:\Windows\system\mKmHxUV.exe

Filesize
6.0MB

MD5
0b7162c66e9ea1715afc2bf5c16cae7f

SHA1
ca723de557cbe9192655ed344ac9c8f919c283ea

SHA256
94cff05de7c77ad094c5b02ddabca254ab498d6dcf6f4e6634eae63a98e58ea7

SHA512
b0284862b7f7df15616c8e80af42d06e70b13970b652c9f6a617bc77c5aa459a8121f170dd898ca1ec3175467c5f5e8bff7191387a6b8ec1b0e9c94100492a28

Download Submit
C:\Windows\system\oejZdEP.exe

Filesize
6.0MB

MD5
c08b31295b932578fa413cfd3915129a

SHA1
7705debc66b330e82dd9bcb022b606a20cb0b114

SHA256
c9fe4fa8cf18dba156367bca4092c6edd817e0cfbaf4faf1c3f872b80dfe7d00

SHA512
193cfe24c0e506f34f71eeb559056030c18b0670f4e47e693b501408c2cbe4e1562bda7300b10ec1e9672b462e0cd8e5af34145aa7b3ab643cad70f9de2c2c1c

Download Submit
C:\Windows\system\sohqAYm.exe

Filesize
6.0MB

MD5
369468f252c141e20e8c163e323c83e2

SHA1
ab55714cab706065c7713fbf95df9d42d3f138f9

SHA256
2e3aeaee845296268ad4dcd2cc4d86455005b4e82f81b901485ea65729096319

SHA512
fc4a4a089a082e29f321c37522711aaad1e4ec8e4a5cea9f5551a391b97f5b0b21c3788dd8515ce1cbd0b5c5f1467ce5f6ad41c7a4fd25e834ffc16ea61ba088

Download Submit
C:\Windows\system\vuVXJYX.exe

Filesize
6.0MB

MD5
27f6f5e3b86ea4a785f1c2adef9244dd

SHA1
acb906d8b071055c141a5d7e492c85f44c62e528

SHA256
04decc5f27abcc50e658ca70f70898888426f131a5aaa06bde9a74ca67caa7f6

SHA512
7dce183e2d28fee1264054e73b47d773bc0b2a2c8342bdecec87a262c1a941239e840218eb4549dddf76cbbc7ddd481038868cb872f260eb98e2e68018315256

Download Submit
C:\Windows\system\yOkmrVK.exe

Filesize
6.0MB

MD5
9b3fc7edd6f78b138aa79d219cf5c56e

SHA1
9ceb2b44486ab4f8c42f49b3149b7a02a5cdf7b6

SHA256
66c5157ea4b98f01c1f447bf7412881e9bb666db7c8e981fecf6318d9dc80896

SHA512
4f9622af479c93af73f2bd29a2a17a3b2bf71a233e1f3e194a11d9c3e23e9556a4a1e695c01e72255c1cbfa3d80109b88c4d6f1acf3902328f41cd41f1ca048f

Download Submit
C:\Windows\system\zdlFDPk.exe

Filesize
6.0MB

MD5
e65e2e061f4bd5298d9db4cccef3343a

SHA1
42bb160625ccaeeb678aad1f9bd09fb33c60f8ca

SHA256
208797c029cd117bd8cdb4a8d9f81ce6ca1d0d25de1cdb23b01d8f80f42c6a8c

SHA512
e8b27c64d40367efaaf52269d61377e313fbfe60c0fe9f7076e1b66a77600b8594ac9406219cf3dfb5e4def10cf481006b11cb9a59a436eba9ae662580fa67f5

Download Submit
\Windows\system\JiDmwAt.exe

Filesize
6.0MB

MD5
d4f6051f501d7b9181a4ea331b113966

SHA1
e3aab2536c0188eb09db19cf267dea9277125781

SHA256
c2ab95de16c2f2865e8343c676faa7de9d7acd12731af77d42b0bc6626f1dc93

SHA512
5bc172414873eb5c81773422a76f5f61cfb2adf4ec15a2fb25e8aea56151155ced362a7f9b40fc4b9f226a095e125f48b218b6a68f96c9383562dc68ec0e6e2d

Download Submit
\Windows\system\SLfDZFy.exe

Filesize
6.0MB

MD5
d2607c9b46d4d5785da68a4d8cbbb578

SHA1
cc4f2934916de4490464e928f1e66bfaf47ce691

SHA256
b7c365b5331958f1c0671ee81eeb42cc6b1de060fd11a5dd5b086420e6dd20d4

SHA512
680d9ce34b09c861a0eb1d94a761665423a7ec86a7e814560129a7d69396547ea21b242a54b9daa7c1909cb2990956f3cb539b848e9d75d8e23efa1ddd9f372b

Download Submit
\Windows\system\fvFQIfC.exe

Filesize
6.0MB

MD5
1dcc8d71cf175d2e35818514eba91ed0

SHA1
c37971d396601563b386ad8c2a600a880d465c82

SHA256
d5c9821b35081ce2eda5fbe0ee8436ae69b9b386169eddbd8bb239924aec9bc1

SHA512
be4b2163488dac400875abdcbaf1511bd2806e0cacacf4a1568eb8c6bebfaa5b8bc58b733cde75bcd690fb8ea58076bb7670ed038ad0131095cef0363ac8c189

Download Submit
\Windows\system\llOuqae.exe

Filesize
6.0MB

MD5
a26fb9361821b3ebddd9d16fc0001b6a

SHA1
3675bc7687d219ab77a7ab4e0399f95f3f95fc57

SHA256
833f1911ac4833f9d59e661ae43bc1c3c93cc6c73153aea3fb5b8855e3e7db1f

SHA512
cd332da1969a3a7126a82ca6b178f45b61ce1f24c59bb73a76ba7290cfe0531d9c83da219c1af078708ccce6c0282fb050efdf8bdac43b177ebd883da0e25491

Download Submit
\Windows\system\stTdsoZ.exe

Filesize
6.0MB

MD5
e8b9c2c3574c53b3d61386e0530471b4

SHA1
cdb2b20602a05b96bc01dcb98632f8acef59d838

SHA256
9f899d4dba463ea015b7fa3c0c554b86f851bb26a0127b53bf0f66cbb71b1377

SHA512
dec05f2ca3e92499674161b6d42fa23b04b7cb14dae510463b93de827038f862af917962bd8655b39a85d7a14f1dc0fc304fbfb3a276f43315b2dfa2c53857cb

Download Submit
\Windows\system\tQZoPEX.exe

Filesize
6.0MB

MD5
79f640887742b9f91e61927be33a703a

SHA1
02033e4a706de530c279ed8d3dbf33adb0804e1b

SHA256
4e2fd2421bb9fe8f42078fff33fa82ac46208fa48c3f438cb5ce54c6a7ddc1bf

SHA512
9dda02f0fff14fd6e2ef8334515cab43c81b3480843f2804092f12ef3f59d27943801c8f79ec6375f82072fcd801c82fdce3521467fd3db869ba4a454354674c

Download Submit
\Windows\system\uAEKRvS.exe

Filesize
6.0MB

MD5
defe629b2d72bd191df0da4367693d62

SHA1
14ffb50b0cb35f8f3d58ca6172bcec18983c2c8f

SHA256
4af8af08e236f070e4b1f8e08305b8d34f0dd492776064540f00348a0f4aca25

SHA512
fcb6c8fc13580b2d053751bbb66141372617076414dc4eb91a61f0425a456d7486447f13babcc040a990bf272a7f9ccba332dfbb50e6932a5a873728bc7d9099

Download Submit
\Windows\system\znZPmZK.exe

Filesize
6.0MB

MD5
5eb44b06422d9e556d590c1d8131ea6d

SHA1
bcf73b80216b38a0fabfbfa767a73a20a3785f69

SHA256
99e4881216abedfc3b27d0129e97c42b9e28ff65b6fcb297568a5f5bdd5cfecc

SHA512
2a9557d6074829d1b245c4211082199d4da6ec5c9a1a0b0138f430dbafde178fe8eb98655c8206afba88fa83bb07a72f9024e9adb1f3ad5cb0ca0cb5d9686f38

Download Submit
memory/1560-33-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1560-2025-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-201-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-64-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-60-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-47-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-370-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-46-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2024-428-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-451-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-452-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-45-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2024-42-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-606-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2024-24-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2024-37-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-19-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-87-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-115-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-82-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-91-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2024-112-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2024-18-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2024-90-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2056-2028-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2056-29-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2372-474-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-2566-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-88-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-48-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-2573-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-264-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-56-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2700-317-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2569-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2716-77-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2568-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2716-371-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2736-62-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2595-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2736-319-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2768-427-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2768-66-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2571-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2824-44-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2824-2047-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2570-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2848-63-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2848-320-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2864-61-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-318-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2572-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-21-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2880-2567-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2944-89-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2944-475-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2944-2574-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download