cobaltstrike | 16498f7ffa94d8ebc3818599a7c4a11a437844b6ba28b186c7c85bfeb3b7a202

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0036e072f2ffc015756abad1bd5437b9
SHA1

baa61a09e9808afd6fa6d2610fd92829a762426b
SHA256

16498f7ffa94d8ebc3818599a7c4a11a437844b6ba28b186c7c85bfeb3b7a202
SHA512

c2007b9d45a2c494bece753ed3b9ecf50b20df08fe4e5a6df43621bc3433436e4293ec158b962ff3c17d371c7d8d937ef90c3680636cf22c2665c53ff8766bdc
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\BVBZAwe.exe	cobalt_reflective_dll
C:\Windows\system\ANczCrs.exe	cobalt_reflective_dll
C:\Windows\system\TobeiEJ.exe	cobalt_reflective_dll
C:\Windows\system\tTeuMiK.exe	cobalt_reflective_dll
\Windows\system\raSznwm.exe	cobalt_reflective_dll
C:\Windows\system\ixDsqQr.exe	cobalt_reflective_dll
\Windows\system\crqVNqg.exe	cobalt_reflective_dll
C:\Windows\system\sWzpcLJ.exe	cobalt_reflective_dll
C:\Windows\system\JiMeywm.exe	cobalt_reflective_dll
C:\Windows\system\ekWDFeh.exe	cobalt_reflective_dll
\Windows\system\XfKmVcf.exe	cobalt_reflective_dll
C:\Windows\system\VEoWcgD.exe	cobalt_reflective_dll
\Windows\system\qeCGWLg.exe	cobalt_reflective_dll
C:\Windows\system\TZtvtgC.exe	cobalt_reflective_dll
C:\Windows\system\wxeeADi.exe	cobalt_reflective_dll
C:\Windows\system\HoGSZgz.exe	cobalt_reflective_dll
C:\Windows\system\BRvPrud.exe	cobalt_reflective_dll
C:\Windows\system\sRFutDT.exe	cobalt_reflective_dll
C:\Windows\system\gCYsGsY.exe	cobalt_reflective_dll
C:\Windows\system\zocyRjl.exe	cobalt_reflective_dll
C:\Windows\system\gpXRIEw.exe	cobalt_reflective_dll
C:\Windows\system\XWVZGWY.exe	cobalt_reflective_dll
C:\Windows\system\tzeRLRm.exe	cobalt_reflective_dll
C:\Windows\system\OMZRoiy.exe	cobalt_reflective_dll
C:\Windows\system\AFnIbgz.exe	cobalt_reflective_dll
C:\Windows\system\OthoQsR.exe	cobalt_reflective_dll
C:\Windows\system\bikSxfV.exe	cobalt_reflective_dll
C:\Windows\system\cIQxKNp.exe	cobalt_reflective_dll
C:\Windows\system\GhlCWjq.exe	cobalt_reflective_dll
C:\Windows\system\qgQUfVy.exe	cobalt_reflective_dll
C:\Windows\system\gZUJLXh.exe	cobalt_reflective_dll
C:\Windows\system\xCSqiRa.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1968-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
\Windows\system\BVBZAwe.exe	xmrig
C:\Windows\system\ANczCrs.exe	xmrig
behavioral1/memory/2060-10-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
C:\Windows\system\TobeiEJ.exe	xmrig
behavioral1/memory/1620-23-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
C:\Windows\system\tTeuMiK.exe	xmrig
behavioral1/memory/2536-27-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/484-21-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
\Windows\system\raSznwm.exe	xmrig
behavioral1/memory/2848-42-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2712-35-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
C:\Windows\system\ixDsqQr.exe	xmrig
behavioral1/memory/1968-41-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2060-44-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
\Windows\system\crqVNqg.exe	xmrig
C:\Windows\system\sWzpcLJ.exe	xmrig
behavioral1/memory/1620-53-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2772-68-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
C:\Windows\system\JiMeywm.exe	xmrig
behavioral1/memory/1968-65-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2764-64-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/3004-63-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2536-62-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
C:\Windows\system\ekWDFeh.exe	xmrig
behavioral1/memory/2560-74-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1968-71-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2712-70-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
\Windows\system\XfKmVcf.exe	xmrig
behavioral1/memory/2860-88-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2632-81-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
C:\Windows\system\VEoWcgD.exe	xmrig
behavioral1/memory/1132-96-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
\Windows\system\qeCGWLg.exe	xmrig
C:\Windows\system\TZtvtgC.exe	xmrig
C:\Windows\system\wxeeADi.exe	xmrig
C:\Windows\system\HoGSZgz.exe	xmrig
behavioral1/memory/2560-241-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2860-661-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1268-1044-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1132-831-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/1968-560-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2632-452-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
C:\Windows\system\BRvPrud.exe	xmrig
C:\Windows\system\sRFutDT.exe	xmrig
C:\Windows\system\gCYsGsY.exe	xmrig
C:\Windows\system\zocyRjl.exe	xmrig
C:\Windows\system\gpXRIEw.exe	xmrig
C:\Windows\system\XWVZGWY.exe	xmrig
C:\Windows\system\tzeRLRm.exe	xmrig
C:\Windows\system\OMZRoiy.exe	xmrig
C:\Windows\system\AFnIbgz.exe	xmrig
C:\Windows\system\OthoQsR.exe	xmrig
C:\Windows\system\bikSxfV.exe	xmrig
C:\Windows\system\cIQxKNp.exe	xmrig
C:\Windows\system\GhlCWjq.exe	xmrig
C:\Windows\system\qgQUfVy.exe	xmrig
behavioral1/memory/2764-95-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
C:\Windows\system\gZUJLXh.exe	xmrig
behavioral1/memory/1968-92-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
C:\Windows\system\xCSqiRa.exe	xmrig
behavioral1/memory/2848-78-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/484-3612-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2536-3617-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

BVBZAwe.exeANczCrs.exeTobeiEJ.exetTeuMiK.exeixDsqQr.exeraSznwm.exesWzpcLJ.execrqVNqg.exeJiMeywm.exeekWDFeh.exeXfKmVcf.exexCSqiRa.exegZUJLXh.exeVEoWcgD.exeqeCGWLg.exeqgQUfVy.exeGhlCWjq.execIQxKNp.exebikSxfV.exeTZtvtgC.exeOthoQsR.exewxeeADi.exeAFnIbgz.exeOMZRoiy.exetzeRLRm.exeXWVZGWY.exegpXRIEw.exeHoGSZgz.exezocyRjl.exegCYsGsY.exesRFutDT.exeBRvPrud.exeIbuITgi.exepGOSZiX.exejuqSLwq.exetUgszBI.exePpLBEXp.exeGZKZuIX.exenYcSlgg.exeDXIwWcM.exeraBoiaI.exewPHKRRA.exerGALOwq.exeZUcpgus.exesnjUwqU.exeWmogTTy.exeWvFwOQY.exepqeCuMY.exeJWkSiJl.exewUtKNUk.exegaipotR.exeejLuBJP.exebkbtymk.exeqVloyoV.exeiyfkMxl.exeEQhurRv.exegMkgpMB.exeMKzHuPL.exeKGOFUeq.exekbNplFp.exeKzVvCPY.exeYrSQaip.exeifHwZJt.exeoZPAWrU.exe

pid	process
2060	BVBZAwe.exe
484	ANczCrs.exe
1620	TobeiEJ.exe
2536	tTeuMiK.exe
2712	ixDsqQr.exe
2848	raSznwm.exe
3004	sWzpcLJ.exe
2764	crqVNqg.exe
2772	JiMeywm.exe
2560	ekWDFeh.exe
2632	XfKmVcf.exe
2860	xCSqiRa.exe
1132	gZUJLXh.exe
1268	VEoWcgD.exe
2792	qeCGWLg.exe
1708	qgQUfVy.exe
2100	GhlCWjq.exe
1516	cIQxKNp.exe
2628	bikSxfV.exe
1852	TZtvtgC.exe
1988	OthoQsR.exe
1884	wxeeADi.exe
2976	AFnIbgz.exe
2908	OMZRoiy.exe
2384	tzeRLRm.exe
968	XWVZGWY.exe
2140	gpXRIEw.exe
1732	HoGSZgz.exe
448	zocyRjl.exe
2664	gCYsGsY.exe
1604	sRFutDT.exe
1004	BRvPrud.exe
1672	IbuITgi.exe
1752	pGOSZiX.exe
1964	juqSLwq.exe
892	tUgszBI.exe
1960	PpLBEXp.exe
804	GZKZuIX.exe
1692	nYcSlgg.exe
1984	DXIwWcM.exe
1680	raBoiaI.exe
2196	wPHKRRA.exe
3000	rGALOwq.exe
2424	ZUcpgus.exe
2204	snjUwqU.exe
2256	WmogTTy.exe
2160	WvFwOQY.exe
2144	pqeCuMY.exe
1484	JWkSiJl.exe
1860	wUtKNUk.exe
2132	gaipotR.exe
1932	ejLuBJP.exe
1500	bkbtymk.exe
1644	qVloyoV.exe
2460	iyfkMxl.exe
2020	EQhurRv.exe
2672	gMkgpMB.exe
2856	MKzHuPL.exe
2872	KGOFUeq.exe
1592	kbNplFp.exe
2720	KzVvCPY.exe
1928	YrSQaip.exe
2700	ifHwZJt.exe
2360	oZPAWrU.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1968-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
\Windows\system\BVBZAwe.exe	upx
C:\Windows\system\ANczCrs.exe	upx
behavioral1/memory/2060-10-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
C:\Windows\system\TobeiEJ.exe	upx
behavioral1/memory/1620-23-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
C:\Windows\system\tTeuMiK.exe	upx
behavioral1/memory/2536-27-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/484-21-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
\Windows\system\raSznwm.exe	upx
behavioral1/memory/2848-42-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2712-35-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
C:\Windows\system\ixDsqQr.exe	upx
behavioral1/memory/1968-41-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2060-44-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
\Windows\system\crqVNqg.exe	upx
C:\Windows\system\sWzpcLJ.exe	upx
behavioral1/memory/1620-53-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2772-68-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
C:\Windows\system\JiMeywm.exe	upx
behavioral1/memory/2764-64-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/3004-63-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2536-62-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
C:\Windows\system\ekWDFeh.exe	upx
behavioral1/memory/2560-74-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2712-70-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
\Windows\system\XfKmVcf.exe	upx
behavioral1/memory/2860-88-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2632-81-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
C:\Windows\system\VEoWcgD.exe	upx
behavioral1/memory/1132-96-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
\Windows\system\qeCGWLg.exe	upx
C:\Windows\system\TZtvtgC.exe	upx
C:\Windows\system\wxeeADi.exe	upx
C:\Windows\system\HoGSZgz.exe	upx
behavioral1/memory/2560-241-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2860-661-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1268-1044-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1132-831-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2632-452-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
C:\Windows\system\BRvPrud.exe	upx
C:\Windows\system\sRFutDT.exe	upx
C:\Windows\system\gCYsGsY.exe	upx
C:\Windows\system\zocyRjl.exe	upx
C:\Windows\system\gpXRIEw.exe	upx
C:\Windows\system\XWVZGWY.exe	upx
C:\Windows\system\tzeRLRm.exe	upx
C:\Windows\system\OMZRoiy.exe	upx
C:\Windows\system\AFnIbgz.exe	upx
C:\Windows\system\OthoQsR.exe	upx
C:\Windows\system\bikSxfV.exe	upx
C:\Windows\system\cIQxKNp.exe	upx
C:\Windows\system\GhlCWjq.exe	upx
C:\Windows\system\qgQUfVy.exe	upx
behavioral1/memory/2764-95-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
C:\Windows\system\gZUJLXh.exe	upx
C:\Windows\system\xCSqiRa.exe	upx
behavioral1/memory/2848-78-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/484-3612-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2536-3617-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/1620-3616-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2060-3618-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2712-3732-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2848-3781-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\aLYaKOQ.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\triKkDw.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQhbRpE.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIsVLeg.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfBsvTC.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiBRmeD.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfwPcnL.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IClwGKw.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvwbTyO.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvcYdwt.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgtUGfW.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwrNcEy.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDfPUXG.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXjLoPQ.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euwnbpn.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJSwakV.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxlRQWR.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geOADCc.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYviyNA.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMfqaxT.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEmCVww.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfMkxZW.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcrakwn.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltAVNGP.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRxhapC.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPObqjI.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUmCtHa.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpQNOKE.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMdWrqP.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYKlBEe.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keowwpc.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuPEFxw.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTcSkMo.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNpZndk.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UelZTGk.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raBoiaI.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTWvoRz.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCwSttm.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YruuRmT.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqmnfwY.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYotmNy.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GljUzXa.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzVpPlI.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjzPJyx.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCEPnVU.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbOkUBC.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dipfKsp.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmbqqbD.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAbJvyu.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyFvDlB.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGPRYMh.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTVdVeV.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCZKsOU.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqFmwul.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxBqTLv.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doGQIhN.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTmJbna.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwaTMOf.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bypiASU.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEhmJxH.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKnFUZu.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVNIzTk.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyYnKZa.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLlYytP.exe	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1968 wrote to memory of 2060	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	BVBZAwe.exe
PID 1968 wrote to memory of 2060	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	BVBZAwe.exe
PID 1968 wrote to memory of 2060	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	BVBZAwe.exe
PID 1968 wrote to memory of 484	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ANczCrs.exe
PID 1968 wrote to memory of 484	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ANczCrs.exe
PID 1968 wrote to memory of 484	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ANczCrs.exe
PID 1968 wrote to memory of 1620	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	TobeiEJ.exe
PID 1968 wrote to memory of 1620	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	TobeiEJ.exe
PID 1968 wrote to memory of 1620	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	TobeiEJ.exe
PID 1968 wrote to memory of 2536	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	tTeuMiK.exe
PID 1968 wrote to memory of 2536	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	tTeuMiK.exe
PID 1968 wrote to memory of 2536	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	tTeuMiK.exe
PID 1968 wrote to memory of 2712	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ixDsqQr.exe
PID 1968 wrote to memory of 2712	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ixDsqQr.exe
PID 1968 wrote to memory of 2712	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ixDsqQr.exe
PID 1968 wrote to memory of 2848	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	raSznwm.exe
PID 1968 wrote to memory of 2848	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	raSznwm.exe
PID 1968 wrote to memory of 2848	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	raSznwm.exe
PID 1968 wrote to memory of 3004	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	sWzpcLJ.exe
PID 1968 wrote to memory of 3004	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	sWzpcLJ.exe
PID 1968 wrote to memory of 3004	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	sWzpcLJ.exe
PID 1968 wrote to memory of 2764	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	crqVNqg.exe
PID 1968 wrote to memory of 2764	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	crqVNqg.exe
PID 1968 wrote to memory of 2764	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	crqVNqg.exe
PID 1968 wrote to memory of 2772	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	JiMeywm.exe
PID 1968 wrote to memory of 2772	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	JiMeywm.exe
PID 1968 wrote to memory of 2772	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	JiMeywm.exe
PID 1968 wrote to memory of 2560	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ekWDFeh.exe
PID 1968 wrote to memory of 2560	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ekWDFeh.exe
PID 1968 wrote to memory of 2560	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	ekWDFeh.exe
PID 1968 wrote to memory of 2632	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	XfKmVcf.exe
PID 1968 wrote to memory of 2632	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	XfKmVcf.exe
PID 1968 wrote to memory of 2632	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	XfKmVcf.exe
PID 1968 wrote to memory of 2860	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	xCSqiRa.exe
PID 1968 wrote to memory of 2860	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	xCSqiRa.exe
PID 1968 wrote to memory of 2860	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	xCSqiRa.exe
PID 1968 wrote to memory of 1132	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	gZUJLXh.exe
PID 1968 wrote to memory of 1132	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	gZUJLXh.exe
PID 1968 wrote to memory of 1132	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	gZUJLXh.exe
PID 1968 wrote to memory of 1268	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	VEoWcgD.exe
PID 1968 wrote to memory of 1268	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	VEoWcgD.exe
PID 1968 wrote to memory of 1268	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	VEoWcgD.exe
PID 1968 wrote to memory of 2792	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	qeCGWLg.exe
PID 1968 wrote to memory of 2792	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	qeCGWLg.exe
PID 1968 wrote to memory of 2792	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	qeCGWLg.exe
PID 1968 wrote to memory of 1708	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	qgQUfVy.exe
PID 1968 wrote to memory of 1708	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	qgQUfVy.exe
PID 1968 wrote to memory of 1708	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	qgQUfVy.exe
PID 1968 wrote to memory of 2100	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	GhlCWjq.exe
PID 1968 wrote to memory of 2100	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	GhlCWjq.exe
PID 1968 wrote to memory of 2100	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	GhlCWjq.exe
PID 1968 wrote to memory of 1516	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	cIQxKNp.exe
PID 1968 wrote to memory of 1516	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	cIQxKNp.exe
PID 1968 wrote to memory of 1516	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	cIQxKNp.exe
PID 1968 wrote to memory of 2628	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	bikSxfV.exe
PID 1968 wrote to memory of 2628	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	bikSxfV.exe
PID 1968 wrote to memory of 2628	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	bikSxfV.exe
PID 1968 wrote to memory of 1852	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	TZtvtgC.exe
PID 1968 wrote to memory of 1852	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	TZtvtgC.exe
PID 1968 wrote to memory of 1852	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	TZtvtgC.exe
PID 1968 wrote to memory of 1988	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	OthoQsR.exe
PID 1968 wrote to memory of 1988	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	OthoQsR.exe
PID 1968 wrote to memory of 1988	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	OthoQsR.exe
PID 1968 wrote to memory of 1884	1968	2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe	wxeeADi.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_0036e072f2ffc015756abad1bd5437b9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\System\BVBZAwe.exe
  C:\Windows\System\BVBZAwe.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ANczCrs.exe
  C:\Windows\System\ANczCrs.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\TobeiEJ.exe
  C:\Windows\System\TobeiEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\tTeuMiK.exe
  C:\Windows\System\tTeuMiK.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ixDsqQr.exe
  C:\Windows\System\ixDsqQr.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\raSznwm.exe
  C:\Windows\System\raSznwm.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\sWzpcLJ.exe
  C:\Windows\System\sWzpcLJ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\crqVNqg.exe
  C:\Windows\System\crqVNqg.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\JiMeywm.exe
  C:\Windows\System\JiMeywm.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ekWDFeh.exe
  C:\Windows\System\ekWDFeh.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\XfKmVcf.exe
  C:\Windows\System\XfKmVcf.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\xCSqiRa.exe
  C:\Windows\System\xCSqiRa.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\gZUJLXh.exe
  C:\Windows\System\gZUJLXh.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\VEoWcgD.exe
  C:\Windows\System\VEoWcgD.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\qeCGWLg.exe
  C:\Windows\System\qeCGWLg.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\qgQUfVy.exe
  C:\Windows\System\qgQUfVy.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\GhlCWjq.exe
  C:\Windows\System\GhlCWjq.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\cIQxKNp.exe
  C:\Windows\System\cIQxKNp.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\bikSxfV.exe
  C:\Windows\System\bikSxfV.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\TZtvtgC.exe
  C:\Windows\System\TZtvtgC.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\OthoQsR.exe
  C:\Windows\System\OthoQsR.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\wxeeADi.exe
  C:\Windows\System\wxeeADi.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\AFnIbgz.exe
  C:\Windows\System\AFnIbgz.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\OMZRoiy.exe
  C:\Windows\System\OMZRoiy.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\tzeRLRm.exe
  C:\Windows\System\tzeRLRm.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\XWVZGWY.exe
  C:\Windows\System\XWVZGWY.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\gpXRIEw.exe
  C:\Windows\System\gpXRIEw.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\HoGSZgz.exe
  C:\Windows\System\HoGSZgz.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\zocyRjl.exe
  C:\Windows\System\zocyRjl.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\gCYsGsY.exe
  C:\Windows\System\gCYsGsY.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\sRFutDT.exe
  C:\Windows\System\sRFutDT.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\BRvPrud.exe
  C:\Windows\System\BRvPrud.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\IbuITgi.exe
  C:\Windows\System\IbuITgi.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\pGOSZiX.exe
  C:\Windows\System\pGOSZiX.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\juqSLwq.exe
  C:\Windows\System\juqSLwq.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\tUgszBI.exe
  C:\Windows\System\tUgszBI.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\PpLBEXp.exe
  C:\Windows\System\PpLBEXp.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\GZKZuIX.exe
  C:\Windows\System\GZKZuIX.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\nYcSlgg.exe
  C:\Windows\System\nYcSlgg.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\DXIwWcM.exe
  C:\Windows\System\DXIwWcM.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\raBoiaI.exe
  C:\Windows\System\raBoiaI.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\wPHKRRA.exe
  C:\Windows\System\wPHKRRA.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\rGALOwq.exe
  C:\Windows\System\rGALOwq.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\ZUcpgus.exe
  C:\Windows\System\ZUcpgus.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\snjUwqU.exe
  C:\Windows\System\snjUwqU.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\WmogTTy.exe
  C:\Windows\System\WmogTTy.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\WvFwOQY.exe
  C:\Windows\System\WvFwOQY.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\pqeCuMY.exe
  C:\Windows\System\pqeCuMY.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\wUtKNUk.exe
  C:\Windows\System\wUtKNUk.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\JWkSiJl.exe
  C:\Windows\System\JWkSiJl.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\gaipotR.exe
  C:\Windows\System\gaipotR.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\ejLuBJP.exe
  C:\Windows\System\ejLuBJP.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\bkbtymk.exe
  C:\Windows\System\bkbtymk.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\qVloyoV.exe
  C:\Windows\System\qVloyoV.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\iyfkMxl.exe
  C:\Windows\System\iyfkMxl.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\EQhurRv.exe
  C:\Windows\System\EQhurRv.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\gMkgpMB.exe
  C:\Windows\System\gMkgpMB.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\MKzHuPL.exe
  C:\Windows\System\MKzHuPL.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\KGOFUeq.exe
  C:\Windows\System\KGOFUeq.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\kbNplFp.exe
  C:\Windows\System\kbNplFp.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\KzVvCPY.exe
  C:\Windows\System\KzVvCPY.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\YrSQaip.exe
  C:\Windows\System\YrSQaip.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\ifHwZJt.exe
  C:\Windows\System\ifHwZJt.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\oZPAWrU.exe
  C:\Windows\System\oZPAWrU.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\WfyxmLW.exe
  C:\Windows\System\WfyxmLW.exe
  2⤵
  PID:2408
- C:\Windows\System\zWarPdl.exe
  C:\Windows\System\zWarPdl.exe
  2⤵
  PID:2732
- C:\Windows\System\crOvrTj.exe
  C:\Windows\System\crOvrTj.exe
  2⤵
  PID:1896
- C:\Windows\System\uSxIKiz.exe
  C:\Windows\System\uSxIKiz.exe
  2⤵
  PID:1944
- C:\Windows\System\VmMrgMW.exe
  C:\Windows\System\VmMrgMW.exe
  2⤵
  PID:1880
- C:\Windows\System\fitzFrp.exe
  C:\Windows\System\fitzFrp.exe
  2⤵
  PID:2884
- C:\Windows\System\TmjfFeL.exe
  C:\Windows\System\TmjfFeL.exe
  2⤵
  PID:1840
- C:\Windows\System\IOlykol.exe
  C:\Windows\System\IOlykol.exe
  2⤵
  PID:1352
- C:\Windows\System\cRUggzd.exe
  C:\Windows\System\cRUggzd.exe
  2⤵
  PID:2968
- C:\Windows\System\npyPKBw.exe
  C:\Windows\System\npyPKBw.exe
  2⤵
  PID:2328
- C:\Windows\System\SUzNxuu.exe
  C:\Windows\System\SUzNxuu.exe
  2⤵
  PID:776
- C:\Windows\System\rqYrWUx.exe
  C:\Windows\System\rqYrWUx.exe
  2⤵
  PID:408
- C:\Windows\System\EHzFrlZ.exe
  C:\Windows\System\EHzFrlZ.exe
  2⤵
  PID:1972
- C:\Windows\System\mTyUwOD.exe
  C:\Windows\System\mTyUwOD.exe
  2⤵
  PID:1548
- C:\Windows\System\ZEYVYRm.exe
  C:\Windows\System\ZEYVYRm.exe
  2⤵
  PID:2416
- C:\Windows\System\SDrtUjn.exe
  C:\Windows\System\SDrtUjn.exe
  2⤵
  PID:2784
- C:\Windows\System\WThlGJR.exe
  C:\Windows\System\WThlGJR.exe
  2⤵
  PID:396
- C:\Windows\System\EQkHrnu.exe
  C:\Windows\System\EQkHrnu.exe
  2⤵
  PID:1476
- C:\Windows\System\krXoQIN.exe
  C:\Windows\System\krXoQIN.exe
  2⤵
  PID:3008
- C:\Windows\System\xVVxuOj.exe
  C:\Windows\System\xVVxuOj.exe
  2⤵
  PID:908
- C:\Windows\System\CJzRhDX.exe
  C:\Windows\System\CJzRhDX.exe
  2⤵
  PID:2232
- C:\Windows\System\kQdMgJe.exe
  C:\Windows\System\kQdMgJe.exe
  2⤵
  PID:1220
- C:\Windows\System\UBTymgY.exe
  C:\Windows\System\UBTymgY.exe
  2⤵
  PID:320
- C:\Windows\System\nuBdYAU.exe
  C:\Windows\System\nuBdYAU.exe
  2⤵
  PID:2496
- C:\Windows\System\kOazjNk.exe
  C:\Windows\System\kOazjNk.exe
  2⤵
  PID:2400
- C:\Windows\System\bXhtUqg.exe
  C:\Windows\System\bXhtUqg.exe
  2⤵
  PID:2452
- C:\Windows\System\iCDzNLR.exe
  C:\Windows\System\iCDzNLR.exe
  2⤵
  PID:2332
- C:\Windows\System\JEACPjA.exe
  C:\Windows\System\JEACPjA.exe
  2⤵
  PID:1340
- C:\Windows\System\xKgtBst.exe
  C:\Windows\System\xKgtBst.exe
  2⤵
  PID:2744
- C:\Windows\System\pOaEVqX.exe
  C:\Windows\System\pOaEVqX.exe
  2⤵
  PID:2836
- C:\Windows\System\pTWvoRz.exe
  C:\Windows\System\pTWvoRz.exe
  2⤵
  PID:2088
- C:\Windows\System\pavBLjl.exe
  C:\Windows\System\pavBLjl.exe
  2⤵
  PID:2164
- C:\Windows\System\aucrikI.exe
  C:\Windows\System\aucrikI.exe
  2⤵
  PID:2636
- C:\Windows\System\hnGpwSb.exe
  C:\Windows\System\hnGpwSb.exe
  2⤵
  PID:2852
- C:\Windows\System\ieDOqVL.exe
  C:\Windows\System\ieDOqVL.exe
  2⤵
  PID:1924
- C:\Windows\System\luTECDW.exe
  C:\Windows\System\luTECDW.exe
  2⤵
  PID:1956
- C:\Windows\System\iZQGabi.exe
  C:\Windows\System\iZQGabi.exe
  2⤵
  PID:2620
- C:\Windows\System\yxuLNUX.exe
  C:\Windows\System\yxuLNUX.exe
  2⤵
  PID:2888
- C:\Windows\System\RaTxFmJ.exe
  C:\Windows\System\RaTxFmJ.exe
  2⤵
  PID:2044
- C:\Windows\System\fmEAIIo.exe
  C:\Windows\System\fmEAIIo.exe
  2⤵
  PID:2172
- C:\Windows\System\kazjikr.exe
  C:\Windows\System\kazjikr.exe
  2⤵
  PID:1180
- C:\Windows\System\kHHOqYU.exe
  C:\Windows\System\kHHOqYU.exe
  2⤵
  PID:1664
- C:\Windows\System\VedHPKK.exe
  C:\Windows\System\VedHPKK.exe
  2⤵
  PID:744
- C:\Windows\System\teMGfYa.exe
  C:\Windows\System\teMGfYa.exe
  2⤵
  PID:3024
- C:\Windows\System\ZKfDSyu.exe
  C:\Windows\System\ZKfDSyu.exe
  2⤵
  PID:2960
- C:\Windows\System\RHQqyMa.exe
  C:\Windows\System\RHQqyMa.exe
  2⤵
  PID:3052
- C:\Windows\System\IdvxwXg.exe
  C:\Windows\System\IdvxwXg.exe
  2⤵
  PID:680
- C:\Windows\System\cAdcLuW.exe
  C:\Windows\System\cAdcLuW.exe
  2⤵
  PID:3040
- C:\Windows\System\wOSPGPc.exe
  C:\Windows\System\wOSPGPc.exe
  2⤵
  PID:1800
- C:\Windows\System\zCuzZdx.exe
  C:\Windows\System\zCuzZdx.exe
  2⤵
  PID:2444
- C:\Windows\System\qEWrFwr.exe
  C:\Windows\System\qEWrFwr.exe
  2⤵
  PID:2828
- C:\Windows\System\IPrPzMd.exe
  C:\Windows\System\IPrPzMd.exe
  2⤵
  PID:2096
- C:\Windows\System\uWEPbxj.exe
  C:\Windows\System\uWEPbxj.exe
  2⤵
  PID:2696
- C:\Windows\System\BoEtzDj.exe
  C:\Windows\System\BoEtzDj.exe
  2⤵
  PID:2624
- C:\Windows\System\soWiCjx.exe
  C:\Windows\System\soWiCjx.exe
  2⤵
  PID:2376
- C:\Windows\System\SDnRNpw.exe
  C:\Windows\System\SDnRNpw.exe
  2⤵
  PID:2796
- C:\Windows\System\tVjukjr.exe
  C:\Windows\System\tVjukjr.exe
  2⤵
  PID:2248
- C:\Windows\System\LqSTUew.exe
  C:\Windows\System\LqSTUew.exe
  2⤵
  PID:632
- C:\Windows\System\reqdWgo.exe
  C:\Windows\System\reqdWgo.exe
  2⤵
  PID:940
- C:\Windows\System\IlJyCQO.exe
  C:\Windows\System\IlJyCQO.exe
  2⤵
  PID:2192
- C:\Windows\System\NxmZNOX.exe
  C:\Windows\System\NxmZNOX.exe
  2⤵
  PID:2152
- C:\Windows\System\vlehnwM.exe
  C:\Windows\System\vlehnwM.exe
  2⤵
  PID:3084
- C:\Windows\System\rIontbO.exe
  C:\Windows\System\rIontbO.exe
  2⤵
  PID:3104
- C:\Windows\System\rJSwakV.exe
  C:\Windows\System\rJSwakV.exe
  2⤵
  PID:3124
- C:\Windows\System\rqcrPbm.exe
  C:\Windows\System\rqcrPbm.exe
  2⤵
  PID:3144
- C:\Windows\System\ogfNADk.exe
  C:\Windows\System\ogfNADk.exe
  2⤵
  PID:3164
- C:\Windows\System\gskbMue.exe
  C:\Windows\System\gskbMue.exe
  2⤵
  PID:3184
- C:\Windows\System\XJMKeZC.exe
  C:\Windows\System\XJMKeZC.exe
  2⤵
  PID:3204
- C:\Windows\System\ihIxCgH.exe
  C:\Windows\System\ihIxCgH.exe
  2⤵
  PID:3224
- C:\Windows\System\kSRQtIr.exe
  C:\Windows\System\kSRQtIr.exe
  2⤵
  PID:3244
- C:\Windows\System\HiMCEfb.exe
  C:\Windows\System\HiMCEfb.exe
  2⤵
  PID:3264
- C:\Windows\System\lHmaEBs.exe
  C:\Windows\System\lHmaEBs.exe
  2⤵
  PID:3284
- C:\Windows\System\zHRXXob.exe
  C:\Windows\System\zHRXXob.exe
  2⤵
  PID:3304
- C:\Windows\System\rsWhzfg.exe
  C:\Windows\System\rsWhzfg.exe
  2⤵
  PID:3324
- C:\Windows\System\XmbqqbD.exe
  C:\Windows\System\XmbqqbD.exe
  2⤵
  PID:3344
- C:\Windows\System\APiJoZv.exe
  C:\Windows\System\APiJoZv.exe
  2⤵
  PID:3364
- C:\Windows\System\nvgTEeS.exe
  C:\Windows\System\nvgTEeS.exe
  2⤵
  PID:3384
- C:\Windows\System\SyACyOP.exe
  C:\Windows\System\SyACyOP.exe
  2⤵
  PID:3404
- C:\Windows\System\smycnNc.exe
  C:\Windows\System\smycnNc.exe
  2⤵
  PID:3424
- C:\Windows\System\YAdVxhV.exe
  C:\Windows\System\YAdVxhV.exe
  2⤵
  PID:3444
- C:\Windows\System\HsykBpO.exe
  C:\Windows\System\HsykBpO.exe
  2⤵
  PID:3464
- C:\Windows\System\rtnzEFU.exe
  C:\Windows\System\rtnzEFU.exe
  2⤵
  PID:3484
- C:\Windows\System\mFddLpH.exe
  C:\Windows\System\mFddLpH.exe
  2⤵
  PID:3504
- C:\Windows\System\XlCYWiW.exe
  C:\Windows\System\XlCYWiW.exe
  2⤵
  PID:3524
- C:\Windows\System\QyQFuuH.exe
  C:\Windows\System\QyQFuuH.exe
  2⤵
  PID:3544
- C:\Windows\System\PfMkxZW.exe
  C:\Windows\System\PfMkxZW.exe
  2⤵
  PID:3564
- C:\Windows\System\DJJocOH.exe
  C:\Windows\System\DJJocOH.exe
  2⤵
  PID:3584
- C:\Windows\System\OKhDUJH.exe
  C:\Windows\System\OKhDUJH.exe
  2⤵
  PID:3604
- C:\Windows\System\icMhISt.exe
  C:\Windows\System\icMhISt.exe
  2⤵
  PID:3624
- C:\Windows\System\yOXuCpJ.exe
  C:\Windows\System\yOXuCpJ.exe
  2⤵
  PID:3648
- C:\Windows\System\yJOwGJP.exe
  C:\Windows\System\yJOwGJP.exe
  2⤵
  PID:3668
- C:\Windows\System\mduDPsV.exe
  C:\Windows\System\mduDPsV.exe
  2⤵
  PID:3688
- C:\Windows\System\QFbeKhu.exe
  C:\Windows\System\QFbeKhu.exe
  2⤵
  PID:3708
- C:\Windows\System\iMIxNnV.exe
  C:\Windows\System\iMIxNnV.exe
  2⤵
  PID:3728
- C:\Windows\System\DssUeAa.exe
  C:\Windows\System\DssUeAa.exe
  2⤵
  PID:3748
- C:\Windows\System\opeebgz.exe
  C:\Windows\System\opeebgz.exe
  2⤵
  PID:3768
- C:\Windows\System\zsKzENV.exe
  C:\Windows\System\zsKzENV.exe
  2⤵
  PID:3788
- C:\Windows\System\wCZKsOU.exe
  C:\Windows\System\wCZKsOU.exe
  2⤵
  PID:3808
- C:\Windows\System\KUDJhiJ.exe
  C:\Windows\System\KUDJhiJ.exe
  2⤵
  PID:3828
- C:\Windows\System\mdUhquL.exe
  C:\Windows\System\mdUhquL.exe
  2⤵
  PID:3848
- C:\Windows\System\uSHxxrD.exe
  C:\Windows\System\uSHxxrD.exe
  2⤵
  PID:3868
- C:\Windows\System\LwXzeJf.exe
  C:\Windows\System\LwXzeJf.exe
  2⤵
  PID:3888
- C:\Windows\System\mDqwfiB.exe
  C:\Windows\System\mDqwfiB.exe
  2⤵
  PID:3908
- C:\Windows\System\mkEMOnB.exe
  C:\Windows\System\mkEMOnB.exe
  2⤵
  PID:3928
- C:\Windows\System\czvGRfB.exe
  C:\Windows\System\czvGRfB.exe
  2⤵
  PID:3948
- C:\Windows\System\zAfavCA.exe
  C:\Windows\System\zAfavCA.exe
  2⤵
  PID:3968
- C:\Windows\System\tkZiLfr.exe
  C:\Windows\System\tkZiLfr.exe
  2⤵
  PID:3988
- C:\Windows\System\RwNJkbA.exe
  C:\Windows\System\RwNJkbA.exe
  2⤵
  PID:4008
- C:\Windows\System\drOlFlq.exe
  C:\Windows\System\drOlFlq.exe
  2⤵
  PID:4028
- C:\Windows\System\jgFgjTR.exe
  C:\Windows\System\jgFgjTR.exe
  2⤵
  PID:4048
- C:\Windows\System\fzCKZzz.exe
  C:\Windows\System\fzCKZzz.exe
  2⤵
  PID:4068
- C:\Windows\System\JzmkowE.exe
  C:\Windows\System\JzmkowE.exe
  2⤵
  PID:4088
- C:\Windows\System\dvXNKzX.exe
  C:\Windows\System\dvXNKzX.exe
  2⤵
  PID:1792
- C:\Windows\System\GBivkJa.exe
  C:\Windows\System\GBivkJa.exe
  2⤵
  PID:2380
- C:\Windows\System\ebymaPj.exe
  C:\Windows\System\ebymaPj.exe
  2⤵
  PID:2340
- C:\Windows\System\CKdIzhu.exe
  C:\Windows\System\CKdIzhu.exe
  2⤵
  PID:2832
- C:\Windows\System\bCtINsc.exe
  C:\Windows\System\bCtINsc.exe
  2⤵
  PID:2800
- C:\Windows\System\BSYmioY.exe
  C:\Windows\System\BSYmioY.exe
  2⤵
  PID:1952
- C:\Windows\System\KJSBDQs.exe
  C:\Windows\System\KJSBDQs.exe
  2⤵
  PID:848
- C:\Windows\System\ykkbPYx.exe
  C:\Windows\System\ykkbPYx.exe
  2⤵
  PID:1348
- C:\Windows\System\JxDdcDX.exe
  C:\Windows\System\JxDdcDX.exe
  2⤵
  PID:3080
- C:\Windows\System\oEoSiuZ.exe
  C:\Windows\System\oEoSiuZ.exe
  2⤵
  PID:2748
- C:\Windows\System\WIIvrOe.exe
  C:\Windows\System\WIIvrOe.exe
  2⤵
  PID:3136
- C:\Windows\System\YvrHVja.exe
  C:\Windows\System\YvrHVja.exe
  2⤵
  PID:3180
- C:\Windows\System\OZXybdz.exe
  C:\Windows\System\OZXybdz.exe
  2⤵
  PID:3200
- C:\Windows\System\yVYyznK.exe
  C:\Windows\System\yVYyznK.exe
  2⤵
  PID:3216
- C:\Windows\System\ZFyeXjD.exe
  C:\Windows\System\ZFyeXjD.exe
  2⤵
  PID:3272
- C:\Windows\System\geRKqlL.exe
  C:\Windows\System\geRKqlL.exe
  2⤵
  PID:3300
- C:\Windows\System\hLXICRt.exe
  C:\Windows\System\hLXICRt.exe
  2⤵
  PID:3332
- C:\Windows\System\IHPpqcL.exe
  C:\Windows\System\IHPpqcL.exe
  2⤵
  PID:3372
- C:\Windows\System\tmyFZJn.exe
  C:\Windows\System\tmyFZJn.exe
  2⤵
  PID:3420
- C:\Windows\System\QfRCfxB.exe
  C:\Windows\System\QfRCfxB.exe
  2⤵
  PID:2844
- C:\Windows\System\JpTCxkN.exe
  C:\Windows\System\JpTCxkN.exe
  2⤵
  PID:3440
- C:\Windows\System\kZjWIio.exe
  C:\Windows\System\kZjWIio.exe
  2⤵
  PID:3472
- C:\Windows\System\TRSOxuP.exe
  C:\Windows\System\TRSOxuP.exe
  2⤵
  PID:3520
- C:\Windows\System\hhLtIHw.exe
  C:\Windows\System\hhLtIHw.exe
  2⤵
  PID:3580
- C:\Windows\System\xVsLUaM.exe
  C:\Windows\System\xVsLUaM.exe
  2⤵
  PID:3592
- C:\Windows\System\lMRSMtF.exe
  C:\Windows\System\lMRSMtF.exe
  2⤵
  PID:3596
- C:\Windows\System\XzXCKcx.exe
  C:\Windows\System\XzXCKcx.exe
  2⤵
  PID:3656
- C:\Windows\System\mHGkHbE.exe
  C:\Windows\System\mHGkHbE.exe
  2⤵
  PID:3680
- C:\Windows\System\nRgNMPh.exe
  C:\Windows\System\nRgNMPh.exe
  2⤵
  PID:3724
- C:\Windows\System\bpEYSsx.exe
  C:\Windows\System\bpEYSsx.exe
  2⤵
  PID:3760
- C:\Windows\System\XECHhWg.exe
  C:\Windows\System\XECHhWg.exe
  2⤵
  PID:3780
- C:\Windows\System\jOyLrWw.exe
  C:\Windows\System\jOyLrWw.exe
  2⤵
  PID:3820
- C:\Windows\System\bRIUhaX.exe
  C:\Windows\System\bRIUhaX.exe
  2⤵
  PID:3840
- C:\Windows\System\EFFzhOQ.exe
  C:\Windows\System\EFFzhOQ.exe
  2⤵
  PID:3896
- C:\Windows\System\ndWAGmN.exe
  C:\Windows\System\ndWAGmN.exe
  2⤵
  PID:3936
- C:\Windows\System\pgQPDwt.exe
  C:\Windows\System\pgQPDwt.exe
  2⤵
  PID:3984
- C:\Windows\System\UxsTHxY.exe
  C:\Windows\System\UxsTHxY.exe
  2⤵
  PID:3996
- C:\Windows\System\rVVYNPV.exe
  C:\Windows\System\rVVYNPV.exe
  2⤵
  PID:4020
- C:\Windows\System\zszXXNC.exe
  C:\Windows\System\zszXXNC.exe
  2⤵
  PID:4040
- C:\Windows\System\PgEMwab.exe
  C:\Windows\System\PgEMwab.exe
  2⤵
  PID:4076
- C:\Windows\System\taSYQRN.exe
  C:\Windows\System\taSYQRN.exe
  2⤵
  PID:1580
- C:\Windows\System\qPBvcQs.exe
  C:\Windows\System\qPBvcQs.exe
  2⤵
  PID:1524
- C:\Windows\System\vuQgMPO.exe
  C:\Windows\System\vuQgMPO.exe
  2⤵
  PID:2972
- C:\Windows\System\MVqVRyx.exe
  C:\Windows\System\MVqVRyx.exe
  2⤵
  PID:1796
- C:\Windows\System\aehSmeB.exe
  C:\Windows\System\aehSmeB.exe
  2⤵
  PID:2428
- C:\Windows\System\TPwDAtO.exe
  C:\Windows\System\TPwDAtO.exe
  2⤵
  PID:3140
- C:\Windows\System\NcLKBZY.exe
  C:\Windows\System\NcLKBZY.exe
  2⤵
  PID:3160
- C:\Windows\System\sVvivop.exe
  C:\Windows\System\sVvivop.exe
  2⤵
  PID:3260
- C:\Windows\System\hVdjUsl.exe
  C:\Windows\System\hVdjUsl.exe
  2⤵
  PID:3292
- C:\Windows\System\sbDaLFZ.exe
  C:\Windows\System\sbDaLFZ.exe
  2⤵
  PID:3320
- C:\Windows\System\oXhjEbg.exe
  C:\Windows\System\oXhjEbg.exe
  2⤵
  PID:3352
- C:\Windows\System\oXpjxDo.exe
  C:\Windows\System\oXpjxDo.exe
  2⤵
  PID:3400
- C:\Windows\System\geyDPrx.exe
  C:\Windows\System\geyDPrx.exe
  2⤵
  PID:3500
- C:\Windows\System\EMNnacd.exe
  C:\Windows\System\EMNnacd.exe
  2⤵
  PID:3572
- C:\Windows\System\EFbcHIh.exe
  C:\Windows\System\EFbcHIh.exe
  2⤵
  PID:3620
- C:\Windows\System\vvuRUTr.exe
  C:\Windows\System\vvuRUTr.exe
  2⤵
  PID:3616
- C:\Windows\System\dDIitFK.exe
  C:\Windows\System\dDIitFK.exe
  2⤵
  PID:3676
- C:\Windows\System\wnFEUYq.exe
  C:\Windows\System\wnFEUYq.exe
  2⤵
  PID:3756
- C:\Windows\System\cnATIod.exe
  C:\Windows\System\cnATIod.exe
  2⤵
  PID:3844
- C:\Windows\System\hyskrgk.exe
  C:\Windows\System\hyskrgk.exe
  2⤵
  PID:2676
- C:\Windows\System\GlAufPn.exe
  C:\Windows\System\GlAufPn.exe
  2⤵
  PID:3944
- C:\Windows\System\ecbPGfz.exe
  C:\Windows\System\ecbPGfz.exe
  2⤵
  PID:3980
- C:\Windows\System\SdykURN.exe
  C:\Windows\System\SdykURN.exe
  2⤵
  PID:4064
- C:\Windows\System\DgPotlo.exe
  C:\Windows\System\DgPotlo.exe
  2⤵
  PID:2840
- C:\Windows\System\WPanLld.exe
  C:\Windows\System\WPanLld.exe
  2⤵
  PID:2996
- C:\Windows\System\wxKiAQs.exe
  C:\Windows\System\wxKiAQs.exe
  2⤵
  PID:2892
- C:\Windows\System\APIJTJl.exe
  C:\Windows\System\APIJTJl.exe
  2⤵
  PID:1700
- C:\Windows\System\YlXKtTu.exe
  C:\Windows\System\YlXKtTu.exe
  2⤵
  PID:3092
- C:\Windows\System\WEZYeyx.exe
  C:\Windows\System\WEZYeyx.exe
  2⤵
  PID:3172
- C:\Windows\System\ZoFQTOA.exe
  C:\Windows\System\ZoFQTOA.exe
  2⤵
  PID:3252
- C:\Windows\System\HGnMGqe.exe
  C:\Windows\System\HGnMGqe.exe
  2⤵
  PID:3316
- C:\Windows\System\pCsnlPY.exe
  C:\Windows\System\pCsnlPY.exe
  2⤵
  PID:3456
- C:\Windows\System\WNcIHkv.exe
  C:\Windows\System\WNcIHkv.exe
  2⤵
  PID:3492
- C:\Windows\System\vDKssgR.exe
  C:\Windows\System\vDKssgR.exe
  2⤵
  PID:3532
- C:\Windows\System\nriolkW.exe
  C:\Windows\System\nriolkW.exe
  2⤵
  PID:3684
- C:\Windows\System\ktFdPtF.exe
  C:\Windows\System\ktFdPtF.exe
  2⤵
  PID:3800
- C:\Windows\System\xvutSsQ.exe
  C:\Windows\System\xvutSsQ.exe
  2⤵
  PID:3900
- C:\Windows\System\FKiEUEf.exe
  C:\Windows\System\FKiEUEf.exe
  2⤵
  PID:3976
- C:\Windows\System\ztCizxH.exe
  C:\Windows\System\ztCizxH.exe
  2⤵
  PID:3924
- C:\Windows\System\DOWLnlC.exe
  C:\Windows\System\DOWLnlC.exe
  2⤵
  PID:4016
- C:\Windows\System\PxTTzBe.exe
  C:\Windows\System\PxTTzBe.exe
  2⤵
  PID:1728
- C:\Windows\System\BhrBLJb.exe
  C:\Windows\System\BhrBLJb.exe
  2⤵
  PID:2200
- C:\Windows\System\UmWavLk.exe
  C:\Windows\System\UmWavLk.exe
  2⤵
  PID:3280
- C:\Windows\System\ZZLVXPD.exe
  C:\Windows\System\ZZLVXPD.exe
  2⤵
  PID:3452
- C:\Windows\System\fbFhvHA.exe
  C:\Windows\System\fbFhvHA.exe
  2⤵
  PID:3392
- C:\Windows\System\JAdMMeM.exe
  C:\Windows\System\JAdMMeM.exe
  2⤵
  PID:3536
- C:\Windows\System\jhRqkvG.exe
  C:\Windows\System\jhRqkvG.exe
  2⤵
  PID:4112
- C:\Windows\System\nZEWdbB.exe
  C:\Windows\System\nZEWdbB.exe
  2⤵
  PID:4132
- C:\Windows\System\IPDjQiJ.exe
  C:\Windows\System\IPDjQiJ.exe
  2⤵
  PID:4152
- C:\Windows\System\RODRJPH.exe
  C:\Windows\System\RODRJPH.exe
  2⤵
  PID:4172
- C:\Windows\System\AVNITVM.exe
  C:\Windows\System\AVNITVM.exe
  2⤵
  PID:4192
- C:\Windows\System\QujrhyU.exe
  C:\Windows\System\QujrhyU.exe
  2⤵
  PID:4208
- C:\Windows\System\yIwZhnY.exe
  C:\Windows\System\yIwZhnY.exe
  2⤵
  PID:4232
- C:\Windows\System\trNLsjv.exe
  C:\Windows\System\trNLsjv.exe
  2⤵
  PID:4252
- C:\Windows\System\StXgxZw.exe
  C:\Windows\System\StXgxZw.exe
  2⤵
  PID:4272
- C:\Windows\System\NmKbwMw.exe
  C:\Windows\System\NmKbwMw.exe
  2⤵
  PID:4292
- C:\Windows\System\sdMhQNK.exe
  C:\Windows\System\sdMhQNK.exe
  2⤵
  PID:4312
- C:\Windows\System\fNWBzDt.exe
  C:\Windows\System\fNWBzDt.exe
  2⤵
  PID:4332
- C:\Windows\System\GCyZiqh.exe
  C:\Windows\System\GCyZiqh.exe
  2⤵
  PID:4352
- C:\Windows\System\bTPXSfL.exe
  C:\Windows\System\bTPXSfL.exe
  2⤵
  PID:4372
- C:\Windows\System\OxnsZrP.exe
  C:\Windows\System\OxnsZrP.exe
  2⤵
  PID:4392
- C:\Windows\System\vDWAAOq.exe
  C:\Windows\System\vDWAAOq.exe
  2⤵
  PID:4412
- C:\Windows\System\rnHTxeP.exe
  C:\Windows\System\rnHTxeP.exe
  2⤵
  PID:4436
- C:\Windows\System\PfKQtnM.exe
  C:\Windows\System\PfKQtnM.exe
  2⤵
  PID:4456
- C:\Windows\System\sUacidA.exe
  C:\Windows\System\sUacidA.exe
  2⤵
  PID:4476
- C:\Windows\System\IZSSjvr.exe
  C:\Windows\System\IZSSjvr.exe
  2⤵
  PID:4496
- C:\Windows\System\MoiSiMG.exe
  C:\Windows\System\MoiSiMG.exe
  2⤵
  PID:4516
- C:\Windows\System\WUfbizE.exe
  C:\Windows\System\WUfbizE.exe
  2⤵
  PID:4536
- C:\Windows\System\ysSgPaA.exe
  C:\Windows\System\ysSgPaA.exe
  2⤵
  PID:4556
- C:\Windows\System\wttxYxf.exe
  C:\Windows\System\wttxYxf.exe
  2⤵
  PID:4576
- C:\Windows\System\DoHoOzK.exe
  C:\Windows\System\DoHoOzK.exe
  2⤵
  PID:4596
- C:\Windows\System\yUtgscJ.exe
  C:\Windows\System\yUtgscJ.exe
  2⤵
  PID:4616
- C:\Windows\System\CHCYGQx.exe
  C:\Windows\System\CHCYGQx.exe
  2⤵
  PID:4636
- C:\Windows\System\ShwBjYQ.exe
  C:\Windows\System\ShwBjYQ.exe
  2⤵
  PID:4656
- C:\Windows\System\pUEjAnk.exe
  C:\Windows\System\pUEjAnk.exe
  2⤵
  PID:4676
- C:\Windows\System\phHVGaP.exe
  C:\Windows\System\phHVGaP.exe
  2⤵
  PID:4696
- C:\Windows\System\ZmMkyOt.exe
  C:\Windows\System\ZmMkyOt.exe
  2⤵
  PID:4716
- C:\Windows\System\lvAHPZj.exe
  C:\Windows\System\lvAHPZj.exe
  2⤵
  PID:4736
- C:\Windows\System\qRBRRTn.exe
  C:\Windows\System\qRBRRTn.exe
  2⤵
  PID:4756
- C:\Windows\System\OHwCyVH.exe
  C:\Windows\System\OHwCyVH.exe
  2⤵
  PID:4776
- C:\Windows\System\KOOHoLy.exe
  C:\Windows\System\KOOHoLy.exe
  2⤵
  PID:4796
- C:\Windows\System\jILxyGV.exe
  C:\Windows\System\jILxyGV.exe
  2⤵
  PID:4816
- C:\Windows\System\gAOLgMo.exe
  C:\Windows\System\gAOLgMo.exe
  2⤵
  PID:4836
- C:\Windows\System\RvfLcac.exe
  C:\Windows\System\RvfLcac.exe
  2⤵
  PID:4856
- C:\Windows\System\GFhFmqc.exe
  C:\Windows\System\GFhFmqc.exe
  2⤵
  PID:4876
- C:\Windows\System\uIuybCh.exe
  C:\Windows\System\uIuybCh.exe
  2⤵
  PID:4896
- C:\Windows\System\hCwSttm.exe
  C:\Windows\System\hCwSttm.exe
  2⤵
  PID:4916
- C:\Windows\System\YTPajit.exe
  C:\Windows\System\YTPajit.exe
  2⤵
  PID:4936
- C:\Windows\System\CjKGDNu.exe
  C:\Windows\System\CjKGDNu.exe
  2⤵
  PID:4956
- C:\Windows\System\YKsfXbr.exe
  C:\Windows\System\YKsfXbr.exe
  2⤵
  PID:4976
- C:\Windows\System\oRiCdwr.exe
  C:\Windows\System\oRiCdwr.exe
  2⤵
  PID:4996
- C:\Windows\System\eUnAmke.exe
  C:\Windows\System\eUnAmke.exe
  2⤵
  PID:5016
- C:\Windows\System\XzfeEIM.exe
  C:\Windows\System\XzfeEIM.exe
  2⤵
  PID:5036
- C:\Windows\System\puLXGCL.exe
  C:\Windows\System\puLXGCL.exe
  2⤵
  PID:5056
- C:\Windows\System\djKAuSX.exe
  C:\Windows\System\djKAuSX.exe
  2⤵
  PID:5076
- C:\Windows\System\tyMmnCD.exe
  C:\Windows\System\tyMmnCD.exe
  2⤵
  PID:5096
- C:\Windows\System\rcKkhvS.exe
  C:\Windows\System\rcKkhvS.exe
  2⤵
  PID:5116
- C:\Windows\System\FkSkTvR.exe
  C:\Windows\System\FkSkTvR.exe
  2⤵
  PID:3736
- C:\Windows\System\utLPrZq.exe
  C:\Windows\System\utLPrZq.exe
  2⤵
  PID:3796
- C:\Windows\System\kCxoKcs.exe
  C:\Windows\System\kCxoKcs.exe
  2⤵
  PID:4024
- C:\Windows\System\OiVfZOy.exe
  C:\Windows\System\OiVfZOy.exe
  2⤵
  PID:1200
- C:\Windows\System\keSyYiX.exe
  C:\Windows\System\keSyYiX.exe
  2⤵
  PID:3096
- C:\Windows\System\axWzKgt.exe
  C:\Windows\System\axWzKgt.exe
  2⤵
  PID:3480
- C:\Windows\System\hLPDThm.exe
  C:\Windows\System\hLPDThm.exe
  2⤵
  PID:4104
- C:\Windows\System\IGcqKyH.exe
  C:\Windows\System\IGcqKyH.exe
  2⤵
  PID:4120
- C:\Windows\System\woxfpuV.exe
  C:\Windows\System\woxfpuV.exe
  2⤵
  PID:4168
- C:\Windows\System\OYuWcFT.exe
  C:\Windows\System\OYuWcFT.exe
  2⤵
  PID:4216
- C:\Windows\System\DaWOZHg.exe
  C:\Windows\System\DaWOZHg.exe
  2⤵
  PID:4204
- C:\Windows\System\KXDTiic.exe
  C:\Windows\System\KXDTiic.exe
  2⤵
  PID:4268
- C:\Windows\System\KbsDjzf.exe
  C:\Windows\System\KbsDjzf.exe
  2⤵
  PID:4304
- C:\Windows\System\STqrOxE.exe
  C:\Windows\System\STqrOxE.exe
  2⤵
  PID:4320
- C:\Windows\System\zizRlsX.exe
  C:\Windows\System\zizRlsX.exe
  2⤵
  PID:4368
- C:\Windows\System\fsYwFEN.exe
  C:\Windows\System\fsYwFEN.exe
  2⤵
  PID:4420
- C:\Windows\System\jRgTaMn.exe
  C:\Windows\System\jRgTaMn.exe
  2⤵
  PID:4424
- C:\Windows\System\IADqkBc.exe
  C:\Windows\System\IADqkBc.exe
  2⤵
  PID:4468
- C:\Windows\System\aSAvdUv.exe
  C:\Windows\System\aSAvdUv.exe
  2⤵
  PID:4488
- C:\Windows\System\KcinWrw.exe
  C:\Windows\System\KcinWrw.exe
  2⤵
  PID:4524
- C:\Windows\System\ClfvgkY.exe
  C:\Windows\System\ClfvgkY.exe
  2⤵
  PID:4548
- C:\Windows\System\lCdEDWy.exe
  C:\Windows\System\lCdEDWy.exe
  2⤵
  PID:4584
- C:\Windows\System\VHVbiwO.exe
  C:\Windows\System\VHVbiwO.exe
  2⤵
  PID:4604
- C:\Windows\System\FlsuMRJ.exe
  C:\Windows\System\FlsuMRJ.exe
  2⤵
  PID:4652
- C:\Windows\System\IAqNtXj.exe
  C:\Windows\System\IAqNtXj.exe
  2⤵
  PID:4684
- C:\Windows\System\sJBuBqG.exe
  C:\Windows\System\sJBuBqG.exe
  2⤵
  PID:4688
- C:\Windows\System\dFTkYob.exe
  C:\Windows\System\dFTkYob.exe
  2⤵
  PID:4752
- C:\Windows\System\qYxQGZi.exe
  C:\Windows\System\qYxQGZi.exe
  2⤵
  PID:4792
- C:\Windows\System\TdtdgfH.exe
  C:\Windows\System\TdtdgfH.exe
  2⤵
  PID:4832
- C:\Windows\System\PmUbJNc.exe
  C:\Windows\System\PmUbJNc.exe
  2⤵
  PID:4864
- C:\Windows\System\kcPOVHu.exe
  C:\Windows\System\kcPOVHu.exe
  2⤵
  PID:4884
- C:\Windows\System\vprwijP.exe
  C:\Windows\System\vprwijP.exe
  2⤵
  PID:4908
- C:\Windows\System\thakZBY.exe
  C:\Windows\System\thakZBY.exe
  2⤵
  PID:4932
- C:\Windows\System\KEOfYJv.exe
  C:\Windows\System\KEOfYJv.exe
  2⤵
  PID:4972
- C:\Windows\System\MbxCwQe.exe
  C:\Windows\System\MbxCwQe.exe
  2⤵
  PID:5032
- C:\Windows\System\ognyYmx.exe
  C:\Windows\System\ognyYmx.exe
  2⤵
  PID:5008
- C:\Windows\System\lXwgneD.exe
  C:\Windows\System\lXwgneD.exe
  2⤵
  PID:5052
- C:\Windows\System\CIcjKnG.exe
  C:\Windows\System\CIcjKnG.exe
  2⤵
  PID:5108
- C:\Windows\System\XbFFAEN.exe
  C:\Windows\System\XbFFAEN.exe
  2⤵
  PID:3784
- C:\Windows\System\EoIBWyD.exe
  C:\Windows\System\EoIBWyD.exe
  2⤵
  PID:1676
- C:\Windows\System\PRsKyuF.exe
  C:\Windows\System\PRsKyuF.exe
  2⤵
  PID:2604
- C:\Windows\System\QSRiTfh.exe
  C:\Windows\System\QSRiTfh.exe
  2⤵
  PID:3132
- C:\Windows\System\ayPYFaC.exe
  C:\Windows\System\ayPYFaC.exe
  2⤵
  PID:4108
- C:\Windows\System\ghJrcUV.exe
  C:\Windows\System\ghJrcUV.exe
  2⤵
  PID:4180
- C:\Windows\System\yNsdDzM.exe
  C:\Windows\System\yNsdDzM.exe
  2⤵
  PID:4228
- C:\Windows\System\YmQKKwZ.exe
  C:\Windows\System\YmQKKwZ.exe
  2⤵
  PID:4248
- C:\Windows\System\XqJdZsP.exe
  C:\Windows\System\XqJdZsP.exe
  2⤵
  PID:4284
- C:\Windows\System\XdRsEYx.exe
  C:\Windows\System\XdRsEYx.exe
  2⤵
  PID:4360
- C:\Windows\System\IuHkPDR.exe
  C:\Windows\System\IuHkPDR.exe
  2⤵
  PID:4408
- C:\Windows\System\LOAFRgh.exe
  C:\Windows\System\LOAFRgh.exe
  2⤵
  PID:4472
- C:\Windows\System\tEPffrn.exe
  C:\Windows\System\tEPffrn.exe
  2⤵
  PID:4492
- C:\Windows\System\HOZzxbb.exe
  C:\Windows\System\HOZzxbb.exe
  2⤵
  PID:4532
- C:\Windows\System\VALmrld.exe
  C:\Windows\System\VALmrld.exe
  2⤵
  PID:4608
- C:\Windows\System\BaOmATC.exe
  C:\Windows\System\BaOmATC.exe
  2⤵
  PID:4664
- C:\Windows\System\YruuRmT.exe
  C:\Windows\System\YruuRmT.exe
  2⤵
  PID:4708
- C:\Windows\System\nzjaYez.exe
  C:\Windows\System\nzjaYez.exe
  2⤵
  PID:4812
- C:\Windows\System\iGePTxH.exe
  C:\Windows\System\iGePTxH.exe
  2⤵
  PID:4788
- C:\Windows\System\mxHhalK.exe
  C:\Windows\System\mxHhalK.exe
  2⤵
  PID:4912
- C:\Windows\System\ZOcLMBM.exe
  C:\Windows\System\ZOcLMBM.exe
  2⤵
  PID:1788
- C:\Windows\System\mwlzJdo.exe
  C:\Windows\System\mwlzJdo.exe
  2⤵
  PID:4984
- C:\Windows\System\dAbuEQy.exe
  C:\Windows\System\dAbuEQy.exe
  2⤵
  PID:4992
- C:\Windows\System\bPRolPD.exe
  C:\Windows\System\bPRolPD.exe
  2⤵
  PID:3876
- C:\Windows\System\ggmcKMo.exe
  C:\Windows\System\ggmcKMo.exe
  2⤵
  PID:2608
- C:\Windows\System\MzNYoog.exe
  C:\Windows\System\MzNYoog.exe
  2⤵
  PID:576
- C:\Windows\System\cLGjFdS.exe
  C:\Windows\System\cLGjFdS.exe
  2⤵
  PID:4148
- C:\Windows\System\DvXqcac.exe
  C:\Windows\System\DvXqcac.exe
  2⤵
  PID:4188
- C:\Windows\System\MPFfQwB.exe
  C:\Windows\System\MPFfQwB.exe
  2⤵
  PID:4244
- C:\Windows\System\prLQcHB.exe
  C:\Windows\System\prLQcHB.exe
  2⤵
  PID:4300
- C:\Windows\System\rZjOuPW.exe
  C:\Windows\System\rZjOuPW.exe
  2⤵
  PID:2964
- C:\Windows\System\ApMQets.exe
  C:\Windows\System\ApMQets.exe
  2⤵
  PID:4484
- C:\Windows\System\FdyBgUL.exe
  C:\Windows\System\FdyBgUL.exe
  2⤵
  PID:4612
- C:\Windows\System\WHaqbJA.exe
  C:\Windows\System\WHaqbJA.exe
  2⤵
  PID:4644
- C:\Windows\System\mIHnTqA.exe
  C:\Windows\System\mIHnTqA.exe
  2⤵
  PID:4772
- C:\Windows\System\KzYUqjm.exe
  C:\Windows\System\KzYUqjm.exe
  2⤵
  PID:4744
- C:\Windows\System\cXazdgl.exe
  C:\Windows\System\cXazdgl.exe
  2⤵
  PID:4924
- C:\Windows\System\IwjMAsp.exe
  C:\Windows\System\IwjMAsp.exe
  2⤵
  PID:4988
- C:\Windows\System\ThJzkKl.exe
  C:\Windows\System\ThJzkKl.exe
  2⤵
  PID:5044
- C:\Windows\System\bNbldJV.exe
  C:\Windows\System\bNbldJV.exe
  2⤵
  PID:1552
- C:\Windows\System\lplgFsO.exe
  C:\Windows\System\lplgFsO.exe
  2⤵
  PID:3460
- C:\Windows\System\blRiJzX.exe
  C:\Windows\System\blRiJzX.exe
  2⤵
  PID:4160
- C:\Windows\System\XGJMElg.exe
  C:\Windows\System\XGJMElg.exe
  2⤵
  PID:4564
- C:\Windows\System\aFYmhNR.exe
  C:\Windows\System\aFYmhNR.exe
  2⤵
  PID:4588
- C:\Windows\System\hYzPsjm.exe
  C:\Windows\System\hYzPsjm.exe
  2⤵
  PID:4732
- C:\Windows\System\tCgYfTK.exe
  C:\Windows\System\tCgYfTK.exe
  2⤵
  PID:4692
- C:\Windows\System\XWavaOM.exe
  C:\Windows\System\XWavaOM.exe
  2⤵
  PID:4952
- C:\Windows\System\kbwifMg.exe
  C:\Windows\System\kbwifMg.exe
  2⤵
  PID:5136
- C:\Windows\System\LGQtwpc.exe
  C:\Windows\System\LGQtwpc.exe
  2⤵
  PID:5156
- C:\Windows\System\CtKYfYP.exe
  C:\Windows\System\CtKYfYP.exe
  2⤵
  PID:5176
- C:\Windows\System\PQJBawm.exe
  C:\Windows\System\PQJBawm.exe
  2⤵
  PID:5196
- C:\Windows\System\vKYlZVg.exe
  C:\Windows\System\vKYlZVg.exe
  2⤵
  PID:5216
- C:\Windows\System\ITZxonL.exe
  C:\Windows\System\ITZxonL.exe
  2⤵
  PID:5236
- C:\Windows\System\sDXakeG.exe
  C:\Windows\System\sDXakeG.exe
  2⤵
  PID:5256
- C:\Windows\System\nuVfKiz.exe
  C:\Windows\System\nuVfKiz.exe
  2⤵
  PID:5276
- C:\Windows\System\HQhcjps.exe
  C:\Windows\System\HQhcjps.exe
  2⤵
  PID:5296
- C:\Windows\System\UyvPJLl.exe
  C:\Windows\System\UyvPJLl.exe
  2⤵
  PID:5316
- C:\Windows\System\fmRIljo.exe
  C:\Windows\System\fmRIljo.exe
  2⤵
  PID:5336
- C:\Windows\System\weVokDm.exe
  C:\Windows\System\weVokDm.exe
  2⤵
  PID:5356
- C:\Windows\System\WGWLRKW.exe
  C:\Windows\System\WGWLRKW.exe
  2⤵
  PID:5376
- C:\Windows\System\HSduxAn.exe
  C:\Windows\System\HSduxAn.exe
  2⤵
  PID:5396
- C:\Windows\System\NSKulmP.exe
  C:\Windows\System\NSKulmP.exe
  2⤵
  PID:5416
- C:\Windows\System\DsDgIVx.exe
  C:\Windows\System\DsDgIVx.exe
  2⤵
  PID:5436
- C:\Windows\System\QjaLTlK.exe
  C:\Windows\System\QjaLTlK.exe
  2⤵
  PID:5456
- C:\Windows\System\KRUNlTP.exe
  C:\Windows\System\KRUNlTP.exe
  2⤵
  PID:5476
- C:\Windows\System\SgyjAGp.exe
  C:\Windows\System\SgyjAGp.exe
  2⤵
  PID:5496
- C:\Windows\System\imbKKsu.exe
  C:\Windows\System\imbKKsu.exe
  2⤵
  PID:5516
- C:\Windows\System\IqlMHaj.exe
  C:\Windows\System\IqlMHaj.exe
  2⤵
  PID:5536
- C:\Windows\System\oHYjOoE.exe
  C:\Windows\System\oHYjOoE.exe
  2⤵
  PID:5556
- C:\Windows\System\QppRzeH.exe
  C:\Windows\System\QppRzeH.exe
  2⤵
  PID:5576
- C:\Windows\System\LvVWlfH.exe
  C:\Windows\System\LvVWlfH.exe
  2⤵
  PID:5596
- C:\Windows\System\GmEkFja.exe
  C:\Windows\System\GmEkFja.exe
  2⤵
  PID:5616
- C:\Windows\System\ONBSTdF.exe
  C:\Windows\System\ONBSTdF.exe
  2⤵
  PID:5636
- C:\Windows\System\pMdWrqP.exe
  C:\Windows\System\pMdWrqP.exe
  2⤵
  PID:5656
- C:\Windows\System\XWLGVky.exe
  C:\Windows\System\XWLGVky.exe
  2⤵
  PID:5676
- C:\Windows\System\IicTePX.exe
  C:\Windows\System\IicTePX.exe
  2⤵
  PID:5696
- C:\Windows\System\xRdsMFF.exe
  C:\Windows\System\xRdsMFF.exe
  2⤵
  PID:5716
- C:\Windows\System\rxwboRb.exe
  C:\Windows\System\rxwboRb.exe
  2⤵
  PID:5736
- C:\Windows\System\ErUXgDl.exe
  C:\Windows\System\ErUXgDl.exe
  2⤵
  PID:5756
- C:\Windows\System\YXuVFKN.exe
  C:\Windows\System\YXuVFKN.exe
  2⤵
  PID:5776
- C:\Windows\System\xxsSaPa.exe
  C:\Windows\System\xxsSaPa.exe
  2⤵
  PID:5796
- C:\Windows\System\EDRysFq.exe
  C:\Windows\System\EDRysFq.exe
  2⤵
  PID:5816
- C:\Windows\System\SKjynbN.exe
  C:\Windows\System\SKjynbN.exe
  2⤵
  PID:5836
- C:\Windows\System\Svrgkvj.exe
  C:\Windows\System\Svrgkvj.exe
  2⤵
  PID:5856
- C:\Windows\System\HkuvBlm.exe
  C:\Windows\System\HkuvBlm.exe
  2⤵
  PID:5876
- C:\Windows\System\kGurPql.exe
  C:\Windows\System\kGurPql.exe
  2⤵
  PID:5896
- C:\Windows\System\xxHSzbw.exe
  C:\Windows\System\xxHSzbw.exe
  2⤵
  PID:5916
- C:\Windows\System\SfZpLaz.exe
  C:\Windows\System\SfZpLaz.exe
  2⤵
  PID:5936
- C:\Windows\System\FDMggWa.exe
  C:\Windows\System\FDMggWa.exe
  2⤵
  PID:5956
- C:\Windows\System\WyyVVDd.exe
  C:\Windows\System\WyyVVDd.exe
  2⤵
  PID:5976
- C:\Windows\System\KnsZMTM.exe
  C:\Windows\System\KnsZMTM.exe
  2⤵
  PID:5996
- C:\Windows\System\OYSOmSv.exe
  C:\Windows\System\OYSOmSv.exe
  2⤵
  PID:6016
- C:\Windows\System\AkvLsbG.exe
  C:\Windows\System\AkvLsbG.exe
  2⤵
  PID:6036
- C:\Windows\System\LpQHrVC.exe
  C:\Windows\System\LpQHrVC.exe
  2⤵
  PID:6056
- C:\Windows\System\jIcalUI.exe
  C:\Windows\System\jIcalUI.exe
  2⤵
  PID:6076
- C:\Windows\System\uczihjR.exe
  C:\Windows\System\uczihjR.exe
  2⤵
  PID:6096
- C:\Windows\System\uyhyNbS.exe
  C:\Windows\System\uyhyNbS.exe
  2⤵
  PID:6116
- C:\Windows\System\sDRiepD.exe
  C:\Windows\System\sDRiepD.exe
  2⤵
  PID:6136
- C:\Windows\System\WbwedmH.exe
  C:\Windows\System\WbwedmH.exe
  2⤵
  PID:5092
- C:\Windows\System\sgexTAb.exe
  C:\Windows\System\sgexTAb.exe
  2⤵
  PID:3716
- C:\Windows\System\mYrxgiI.exe
  C:\Windows\System\mYrxgiI.exe
  2⤵
  PID:4464
- C:\Windows\System\wTrXzSn.exe
  C:\Windows\System\wTrXzSn.exe
  2⤵
  PID:4552
- C:\Windows\System\UjzjnPf.exe
  C:\Windows\System\UjzjnPf.exe
  2⤵
  PID:4512
- C:\Windows\System\LruPPeq.exe
  C:\Windows\System\LruPPeq.exe
  2⤵
  PID:5028
- C:\Windows\System\tarpewa.exe
  C:\Windows\System\tarpewa.exe
  2⤵
  PID:5172
- C:\Windows\System\muUMHsV.exe
  C:\Windows\System\muUMHsV.exe
  2⤵
  PID:5184
- C:\Windows\System\xtYbKyZ.exe
  C:\Windows\System\xtYbKyZ.exe
  2⤵
  PID:5188
- C:\Windows\System\pEAUKAH.exe
  C:\Windows\System\pEAUKAH.exe
  2⤵
  PID:5252
- C:\Windows\System\PrAFIQX.exe
  C:\Windows\System\PrAFIQX.exe
  2⤵
  PID:5284
- C:\Windows\System\qepUAqA.exe
  C:\Windows\System\qepUAqA.exe
  2⤵
  PID:5304
- C:\Windows\System\lzqkPKP.exe
  C:\Windows\System\lzqkPKP.exe
  2⤵
  PID:5308
- C:\Windows\System\wvcYdwt.exe
  C:\Windows\System\wvcYdwt.exe
  2⤵
  PID:5352
- C:\Windows\System\YDCpRBQ.exe
  C:\Windows\System\YDCpRBQ.exe
  2⤵
  PID:5404
- C:\Windows\System\TEYnQrA.exe
  C:\Windows\System\TEYnQrA.exe
  2⤵
  PID:5424
- C:\Windows\System\kpMXIze.exe
  C:\Windows\System\kpMXIze.exe
  2⤵
  PID:5448
- C:\Windows\System\wkuKtFf.exe
  C:\Windows\System\wkuKtFf.exe
  2⤵
  PID:5492
- C:\Windows\System\fdbPNDv.exe
  C:\Windows\System\fdbPNDv.exe
  2⤵
  PID:5508
- C:\Windows\System\xBrrybQ.exe
  C:\Windows\System\xBrrybQ.exe
  2⤵
  PID:5544
- C:\Windows\System\jLatrWX.exe
  C:\Windows\System\jLatrWX.exe
  2⤵
  PID:5584
- C:\Windows\System\LSYNEnP.exe
  C:\Windows\System\LSYNEnP.exe
  2⤵
  PID:5608
- C:\Windows\System\imSHyzu.exe
  C:\Windows\System\imSHyzu.exe
  2⤵
  PID:5644
- C:\Windows\System\uWIOxEJ.exe
  C:\Windows\System\uWIOxEJ.exe
  2⤵
  PID:5672
- C:\Windows\System\oOnDyYd.exe
  C:\Windows\System\oOnDyYd.exe
  2⤵
  PID:5732
- C:\Windows\System\sxlRQWR.exe
  C:\Windows\System\sxlRQWR.exe
  2⤵
  PID:5772
- C:\Windows\System\BgxuUVv.exe
  C:\Windows\System\BgxuUVv.exe
  2⤵
  PID:3120
- C:\Windows\System\HJZkSdq.exe
  C:\Windows\System\HJZkSdq.exe
  2⤵
  PID:5812
- C:\Windows\System\ENrorBv.exe
  C:\Windows\System\ENrorBv.exe
  2⤵
  PID:5832
- C:\Windows\System\LqmnfwY.exe
  C:\Windows\System\LqmnfwY.exe
  2⤵
  PID:5864
- C:\Windows\System\TkOPaCm.exe
  C:\Windows\System\TkOPaCm.exe
  2⤵
  PID:5888
- C:\Windows\System\UUmCtHa.exe
  C:\Windows\System\UUmCtHa.exe
  2⤵
  PID:5908
- C:\Windows\System\ehJRKWs.exe
  C:\Windows\System\ehJRKWs.exe
  2⤵
  PID:5952
- C:\Windows\System\bgIkvti.exe
  C:\Windows\System\bgIkvti.exe
  2⤵
  PID:6004
- C:\Windows\System\pDJvyLJ.exe
  C:\Windows\System\pDJvyLJ.exe
  2⤵
  PID:6032
- C:\Windows\System\vfROKsS.exe
  C:\Windows\System\vfROKsS.exe
  2⤵
  PID:6092
- C:\Windows\System\oJXJVBi.exe
  C:\Windows\System\oJXJVBi.exe
  2⤵
  PID:6104
- C:\Windows\System\cyOPRni.exe
  C:\Windows\System\cyOPRni.exe
  2⤵
  PID:6108
- C:\Windows\System\vrQXaHo.exe
  C:\Windows\System\vrQXaHo.exe
  2⤵
  PID:2024
- C:\Windows\System\eyuFwaZ.exe
  C:\Windows\System\eyuFwaZ.exe
  2⤵
  PID:1256
- C:\Windows\System\MHObCgo.exe
  C:\Windows\System\MHObCgo.exe
  2⤵
  PID:4240
- C:\Windows\System\XIUmzXN.exe
  C:\Windows\System\XIUmzXN.exe
  2⤵
  PID:5124
- C:\Windows\System\WlAtvUS.exe
  C:\Windows\System\WlAtvUS.exe
  2⤵
  PID:5152
- C:\Windows\System\ZKHHTqV.exe
  C:\Windows\System\ZKHHTqV.exe
  2⤵
  PID:5144
- C:\Windows\System\UuTsXqH.exe
  C:\Windows\System\UuTsXqH.exe
  2⤵
  PID:5232
- C:\Windows\System\AfuqAGY.exe
  C:\Windows\System\AfuqAGY.exe
  2⤵
  PID:5248
- C:\Windows\System\AMBPECG.exe
  C:\Windows\System\AMBPECG.exe
  2⤵
  PID:2648
- C:\Windows\System\BeAfamx.exe
  C:\Windows\System\BeAfamx.exe
  2⤵
  PID:5384
- C:\Windows\System\VRjbTdQ.exe
  C:\Windows\System\VRjbTdQ.exe
  2⤵
  PID:2600
- C:\Windows\System\NCLMSER.exe
  C:\Windows\System\NCLMSER.exe
  2⤵
  PID:3636
- C:\Windows\System\CKlnwpC.exe
  C:\Windows\System\CKlnwpC.exe
  2⤵
  PID:1908
- C:\Windows\System\zqehNzr.exe
  C:\Windows\System\zqehNzr.exe
  2⤵
  PID:5532
- C:\Windows\System\BdlHRQk.exe
  C:\Windows\System\BdlHRQk.exe
  2⤵
  PID:5504
- C:\Windows\System\ALHTeTO.exe
  C:\Windows\System\ALHTeTO.exe
  2⤵
  PID:2924
- C:\Windows\System\LEhjzvh.exe
  C:\Windows\System\LEhjzvh.exe
  2⤵
  PID:5664
- C:\Windows\System\DsLXJDl.exe
  C:\Windows\System\DsLXJDl.exe
  2⤵
  PID:2188
- C:\Windows\System\mVCFfQg.exe
  C:\Windows\System\mVCFfQg.exe
  2⤵
  PID:5724
- C:\Windows\System\kKZmtWf.exe
  C:\Windows\System\kKZmtWf.exe
  2⤵
  PID:832
- C:\Windows\System\RkybqPG.exe
  C:\Windows\System\RkybqPG.exe
  2⤵
  PID:1892
- C:\Windows\System\uxhJiyX.exe
  C:\Windows\System\uxhJiyX.exe
  2⤵
  PID:5752
- C:\Windows\System\CbLWYQO.exe
  C:\Windows\System\CbLWYQO.exe
  2⤵
  PID:2036
- C:\Windows\System\pDbZanh.exe
  C:\Windows\System\pDbZanh.exe
  2⤵
  PID:5828
- C:\Windows\System\SPDhKmd.exe
  C:\Windows\System\SPDhKmd.exe
  2⤵
  PID:5824
- C:\Windows\System\eDGHEnh.exe
  C:\Windows\System\eDGHEnh.exe
  2⤵
  PID:5808
- C:\Windows\System\gqDQzRg.exe
  C:\Windows\System\gqDQzRg.exe
  2⤵
  PID:5948
- C:\Windows\System\kXPJVpZ.exe
  C:\Windows\System\kXPJVpZ.exe
  2⤵
  PID:5988
- C:\Windows\System\zxynQTr.exe
  C:\Windows\System\zxynQTr.exe
  2⤵
  PID:1284
- C:\Windows\System\aYqFOMC.exe
  C:\Windows\System\aYqFOMC.exe
  2⤵
  PID:2348
- C:\Windows\System\qxaokdj.exe
  C:\Windows\System\qxaokdj.exe
  2⤵
  PID:6132
- C:\Windows\System\fZmSrZd.exe
  C:\Windows\System\fZmSrZd.exe
  2⤵
  PID:4348
- C:\Windows\System\cInAnnL.exe
  C:\Windows\System\cInAnnL.exe
  2⤵
  PID:5212
- C:\Windows\System\ZewPLiy.exe
  C:\Windows\System\ZewPLiy.exe
  2⤵
  PID:4948
- C:\Windows\System\NVOVfqc.exe
  C:\Windows\System\NVOVfqc.exe
  2⤵
  PID:5228
- C:\Windows\System\QNLNPzu.exe
  C:\Windows\System\QNLNPzu.exe
  2⤵
  PID:5084
- C:\Windows\System\RJdGeGI.exe
  C:\Windows\System\RJdGeGI.exe
  2⤵
  PID:5072
- C:\Windows\System\NQhbRpE.exe
  C:\Windows\System\NQhbRpE.exe
  2⤵
  PID:5272
- C:\Windows\System\yczaVkt.exe
  C:\Windows\System\yczaVkt.exe
  2⤵
  PID:5484
- C:\Windows\System\PitPSRJ.exe
  C:\Windows\System\PitPSRJ.exe
  2⤵
  PID:5512
- C:\Windows\System\CZqQjol.exe
  C:\Windows\System\CZqQjol.exe
  2⤵
  PID:5572
- C:\Windows\System\sLcyLxw.exe
  C:\Windows\System\sLcyLxw.exe
  2⤵
  PID:5488
- C:\Windows\System\kJSjyPz.exe
  C:\Windows\System\kJSjyPz.exe
  2⤵
  PID:2440
- C:\Windows\System\swWmgLv.exe
  C:\Windows\System\swWmgLv.exe
  2⤵
  PID:5804
- C:\Windows\System\FiPmJpZ.exe
  C:\Windows\System\FiPmJpZ.exe
  2⤵
  PID:5892
- C:\Windows\System\fcrakwn.exe
  C:\Windows\System\fcrakwn.exe
  2⤵
  PID:2296
- C:\Windows\System\zvwURHR.exe
  C:\Windows\System\zvwURHR.exe
  2⤵
  PID:1000
- C:\Windows\System\UvlXqim.exe
  C:\Windows\System\UvlXqim.exe
  2⤵
  PID:6008
- C:\Windows\System\KIsVLeg.exe
  C:\Windows\System\KIsVLeg.exe
  2⤵
  PID:684
- C:\Windows\System\JjQUYrR.exe
  C:\Windows\System\JjQUYrR.exe
  2⤵
  PID:4144
- C:\Windows\System\TmEEpRt.exe
  C:\Windows\System\TmEEpRt.exe
  2⤵
  PID:5192
- C:\Windows\System\BWXqqiS.exe
  C:\Windows\System\BWXqqiS.exe
  2⤵
  PID:2820
- C:\Windows\System\vibfVkT.exe
  C:\Windows\System\vibfVkT.exe
  2⤵
  PID:5388
- C:\Windows\System\oCbVjgi.exe
  C:\Windows\System\oCbVjgi.exe
  2⤵
  PID:5692
- C:\Windows\System\SaBBkfk.exe
  C:\Windows\System\SaBBkfk.exe
  2⤵
  PID:2880
- C:\Windows\System\pNKINBi.exe
  C:\Windows\System\pNKINBi.exe
  2⤵
  PID:5408
- C:\Windows\System\NsMIDAa.exe
  C:\Windows\System\NsMIDAa.exe
  2⤵
  PID:2304
- C:\Windows\System\LAbJvyu.exe
  C:\Windows\System\LAbJvyu.exe
  2⤵
  PID:5932
- C:\Windows\System\Buneqnc.exe
  C:\Windows\System\Buneqnc.exe
  2⤵
  PID:5744
- C:\Windows\System\sDXTDkX.exe
  C:\Windows\System\sDXTDkX.exe
  2⤵
  PID:2108
- C:\Windows\System\fokYLQN.exe
  C:\Windows\System\fokYLQN.exe
  2⤵
  PID:6044
- C:\Windows\System\ESPNZSy.exe
  C:\Windows\System\ESPNZSy.exe
  2⤵
  PID:5944
- C:\Windows\System\hKbwbgh.exe
  C:\Windows\System\hKbwbgh.exe
  2⤵
  PID:5428
- C:\Windows\System\XlYKMBN.exe
  C:\Windows\System\XlYKMBN.exe
  2⤵
  PID:2752
- C:\Windows\System\DiGKJcw.exe
  C:\Windows\System\DiGKJcw.exe
  2⤵
  PID:5688
- C:\Windows\System\IkNwLzR.exe
  C:\Windows\System\IkNwLzR.exe
  2⤵
  PID:1396
- C:\Windows\System\UTcSkMo.exe
  C:\Windows\System\UTcSkMo.exe
  2⤵
  PID:5612
- C:\Windows\System\ULKVYGt.exe
  C:\Windows\System\ULKVYGt.exe
  2⤵
  PID:5968
- C:\Windows\System\qBnPlJO.exe
  C:\Windows\System\qBnPlJO.exe
  2⤵
  PID:6048
- C:\Windows\System\lgIcGDb.exe
  C:\Windows\System\lgIcGDb.exe
  2⤵
  PID:2788
- C:\Windows\System\jxjiNmd.exe
  C:\Windows\System\jxjiNmd.exe
  2⤵
  PID:6152
- C:\Windows\System\rWELqpa.exe
  C:\Windows\System\rWELqpa.exe
  2⤵
  PID:6180
- C:\Windows\System\GdtMeGz.exe
  C:\Windows\System\GdtMeGz.exe
  2⤵
  PID:6196
- C:\Windows\System\jJEEyYe.exe
  C:\Windows\System\jJEEyYe.exe
  2⤵
  PID:6212
- C:\Windows\System\NljLXar.exe
  C:\Windows\System\NljLXar.exe
  2⤵
  PID:6228
- C:\Windows\System\ZGNscUf.exe
  C:\Windows\System\ZGNscUf.exe
  2⤵
  PID:6248
- C:\Windows\System\tHRQxEu.exe
  C:\Windows\System\tHRQxEu.exe
  2⤵
  PID:6292
- C:\Windows\System\JUtKfQO.exe
  C:\Windows\System\JUtKfQO.exe
  2⤵
  PID:6312
- C:\Windows\System\udAoMHo.exe
  C:\Windows\System\udAoMHo.exe
  2⤵
  PID:6328
- C:\Windows\System\mOaOfND.exe
  C:\Windows\System\mOaOfND.exe
  2⤵
  PID:6344
- C:\Windows\System\wKZpmIx.exe
  C:\Windows\System\wKZpmIx.exe
  2⤵
  PID:6360
- C:\Windows\System\hqqNmJw.exe
  C:\Windows\System\hqqNmJw.exe
  2⤵
  PID:6380
- C:\Windows\System\IRrkplF.exe
  C:\Windows\System\IRrkplF.exe
  2⤵
  PID:6400
- C:\Windows\System\geOADCc.exe
  C:\Windows\System\geOADCc.exe
  2⤵
  PID:6416
- C:\Windows\System\dQeZGgZ.exe
  C:\Windows\System\dQeZGgZ.exe
  2⤵
  PID:6432
- C:\Windows\System\MnABJaq.exe
  C:\Windows\System\MnABJaq.exe
  2⤵
  PID:6452
- C:\Windows\System\CSMPMZq.exe
  C:\Windows\System\CSMPMZq.exe
  2⤵
  PID:6472
- C:\Windows\System\khkYdpc.exe
  C:\Windows\System\khkYdpc.exe
  2⤵
  PID:6496
- C:\Windows\System\gHUrDQe.exe
  C:\Windows\System\gHUrDQe.exe
  2⤵
  PID:6516
- C:\Windows\System\NHnZgjT.exe
  C:\Windows\System\NHnZgjT.exe
  2⤵
  PID:6532
- C:\Windows\System\UYKlBEe.exe
  C:\Windows\System\UYKlBEe.exe
  2⤵
  PID:6572
- C:\Windows\System\aPvXTSE.exe
  C:\Windows\System\aPvXTSE.exe
  2⤵
  PID:6596
- C:\Windows\System\hFpWXlc.exe
  C:\Windows\System\hFpWXlc.exe
  2⤵
  PID:6612
- C:\Windows\System\eisKFtT.exe
  C:\Windows\System\eisKFtT.exe
  2⤵
  PID:6628
- C:\Windows\System\vmGFfZf.exe
  C:\Windows\System\vmGFfZf.exe
  2⤵
  PID:6644
- C:\Windows\System\EeDuFWA.exe
  C:\Windows\System\EeDuFWA.exe
  2⤵
  PID:6660
- C:\Windows\System\gADfIiq.exe
  C:\Windows\System\gADfIiq.exe
  2⤵
  PID:6676
- C:\Windows\System\JmZOlrW.exe
  C:\Windows\System\JmZOlrW.exe
  2⤵
  PID:6700
- C:\Windows\System\ATgaNuY.exe
  C:\Windows\System\ATgaNuY.exe
  2⤵
  PID:6716
- C:\Windows\System\krVZIiD.exe
  C:\Windows\System\krVZIiD.exe
  2⤵
  PID:6732
- C:\Windows\System\MzvdbKA.exe
  C:\Windows\System\MzvdbKA.exe
  2⤵
  PID:6748
- C:\Windows\System\eLccOjB.exe
  C:\Windows\System\eLccOjB.exe
  2⤵
  PID:6768
- C:\Windows\System\YhiQmEj.exe
  C:\Windows\System\YhiQmEj.exe
  2⤵
  PID:6796
- C:\Windows\System\TWjysQp.exe
  C:\Windows\System\TWjysQp.exe
  2⤵
  PID:6816
- C:\Windows\System\nVymdLG.exe
  C:\Windows\System\nVymdLG.exe
  2⤵
  PID:6836
- C:\Windows\System\tGpqwgT.exe
  C:\Windows\System\tGpqwgT.exe
  2⤵
  PID:6856
- C:\Windows\System\leGeouF.exe
  C:\Windows\System\leGeouF.exe
  2⤵
  PID:6884
- C:\Windows\System\lBGdEGZ.exe
  C:\Windows\System\lBGdEGZ.exe
  2⤵
  PID:6904
- C:\Windows\System\sjcxDcm.exe
  C:\Windows\System\sjcxDcm.exe
  2⤵
  PID:6920
- C:\Windows\System\MYuISEm.exe
  C:\Windows\System\MYuISEm.exe
  2⤵
  PID:6936
- C:\Windows\System\czfweTL.exe
  C:\Windows\System\czfweTL.exe
  2⤵
  PID:6952
- C:\Windows\System\UUSSGnP.exe
  C:\Windows\System\UUSSGnP.exe
  2⤵
  PID:6968
- C:\Windows\System\srWqcpm.exe
  C:\Windows\System\srWqcpm.exe
  2⤵
  PID:6984
- C:\Windows\System\JeRWEng.exe
  C:\Windows\System\JeRWEng.exe
  2⤵
  PID:7000
- C:\Windows\System\gxBlgaa.exe
  C:\Windows\System\gxBlgaa.exe
  2⤵
  PID:7016
- C:\Windows\System\QgkZQmn.exe
  C:\Windows\System\QgkZQmn.exe
  2⤵
  PID:7032
- C:\Windows\System\WshQkQp.exe
  C:\Windows\System\WshQkQp.exe
  2⤵
  PID:7088
- C:\Windows\System\OYwNsWn.exe
  C:\Windows\System\OYwNsWn.exe
  2⤵
  PID:7112
- C:\Windows\System\POEKTfs.exe
  C:\Windows\System\POEKTfs.exe
  2⤵
  PID:7136
- C:\Windows\System\AzERdnn.exe
  C:\Windows\System\AzERdnn.exe
  2⤵
  PID:7156
- C:\Windows\System\LLJrwqf.exe
  C:\Windows\System\LLJrwqf.exe
  2⤵
  PID:5712
- C:\Windows\System\ZoGRQmJ.exe
  C:\Windows\System\ZoGRQmJ.exe
  2⤵
  PID:2000
- C:\Windows\System\CMDpKwI.exe
  C:\Windows\System\CMDpKwI.exe
  2⤵
  PID:5368
- C:\Windows\System\EkVMHCE.exe
  C:\Windows\System\EkVMHCE.exe
  2⤵
  PID:6236
- C:\Windows\System\hDEpTvo.exe
  C:\Windows\System\hDEpTvo.exe
  2⤵
  PID:1856
- C:\Windows\System\sTZzYrP.exe
  C:\Windows\System\sTZzYrP.exe
  2⤵
  PID:1720
- C:\Windows\System\LXzozhm.exe
  C:\Windows\System\LXzozhm.exe
  2⤵
  PID:6220
- C:\Windows\System\JQMmJQD.exe
  C:\Windows\System\JQMmJQD.exe
  2⤵
  PID:6268
- C:\Windows\System\kbzLEFZ.exe
  C:\Windows\System\kbzLEFZ.exe
  2⤵
  PID:6260
- C:\Windows\System\tCMvYet.exe
  C:\Windows\System\tCMvYet.exe
  2⤵
  PID:6408
- C:\Windows\System\KHqwucI.exe
  C:\Windows\System\KHqwucI.exe
  2⤵
  PID:6412
- C:\Windows\System\DcUiOQG.exe
  C:\Windows\System\DcUiOQG.exe
  2⤵
  PID:6444
- C:\Windows\System\zxIagYB.exe
  C:\Windows\System\zxIagYB.exe
  2⤵
  PID:6320
- C:\Windows\System\jwBxuHu.exe
  C:\Windows\System\jwBxuHu.exe
  2⤵
  PID:6528
- C:\Windows\System\TnIRZgi.exe
  C:\Windows\System\TnIRZgi.exe
  2⤵
  PID:6396
- C:\Windows\System\PNvshxa.exe
  C:\Windows\System\PNvshxa.exe
  2⤵
  PID:6556
- C:\Windows\System\BwFbtli.exe
  C:\Windows\System\BwFbtli.exe
  2⤵
  PID:6504
- C:\Windows\System\sPyGEIP.exe
  C:\Windows\System\sPyGEIP.exe
  2⤵
  PID:6568
- C:\Windows\System\UDFhLTg.exe
  C:\Windows\System\UDFhLTg.exe
  2⤵
  PID:6740
- C:\Windows\System\olSOGYT.exe
  C:\Windows\System\olSOGYT.exe
  2⤵
  PID:6696
- C:\Windows\System\UrrBgsx.exe
  C:\Windows\System\UrrBgsx.exe
  2⤵
  PID:6636
- C:\Windows\System\QHQhlgr.exe
  C:\Windows\System\QHQhlgr.exe
  2⤵
  PID:6804
- C:\Windows\System\ahMeiPT.exe
  C:\Windows\System\ahMeiPT.exe
  2⤵
  PID:6848
- C:\Windows\System\BNpZndk.exe
  C:\Windows\System\BNpZndk.exe
  2⤵
  PID:6896
- C:\Windows\System\sWElBxr.exe
  C:\Windows\System\sWElBxr.exe
  2⤵
  PID:6964
- C:\Windows\System\icacGIP.exe
  C:\Windows\System\icacGIP.exe
  2⤵
  PID:7028
- C:\Windows\System\EGniYFu.exe
  C:\Windows\System\EGniYFu.exe
  2⤵
  PID:7008
- C:\Windows\System\FrDpdWL.exe
  C:\Windows\System\FrDpdWL.exe
  2⤵
  PID:6792
- C:\Windows\System\KnEWgzv.exe
  C:\Windows\System\KnEWgzv.exe
  2⤵
  PID:6976
- C:\Windows\System\PSCsdvG.exe
  C:\Windows\System\PSCsdvG.exe
  2⤵
  PID:6912
- C:\Windows\System\qMVNOva.exe
  C:\Windows\System\qMVNOva.exe
  2⤵
  PID:7056
- C:\Windows\System\qrOoegP.exe
  C:\Windows\System\qrOoegP.exe
  2⤵
  PID:7080
- C:\Windows\System\kQFMIeb.exe
  C:\Windows\System\kQFMIeb.exe
  2⤵
  PID:7128
- C:\Windows\System\juKLNcb.exe
  C:\Windows\System\juKLNcb.exe
  2⤵
  PID:7152
- C:\Windows\System\qfBsvTC.exe
  C:\Windows\System\qfBsvTC.exe
  2⤵
  PID:1508
- C:\Windows\System\SwrkBKA.exe
  C:\Windows\System\SwrkBKA.exe
  2⤵
  PID:5344
- C:\Windows\System\vEeubEt.exe
  C:\Windows\System\vEeubEt.exe
  2⤵
  PID:6176
- C:\Windows\System\IWxNsGR.exe
  C:\Windows\System\IWxNsGR.exe
  2⤵
  PID:6256
- C:\Windows\System\lCjHESe.exe
  C:\Windows\System\lCjHESe.exe
  2⤵
  PID:6372
- C:\Windows\System\sTJSFMB.exe
  C:\Windows\System\sTJSFMB.exe
  2⤵
  PID:6336
- C:\Windows\System\XSevppB.exe
  C:\Windows\System\XSevppB.exe
  2⤵
  PID:6524
- C:\Windows\System\dZvHdwS.exe
  C:\Windows\System\dZvHdwS.exe
  2⤵
  PID:6484
- C:\Windows\System\JHVpjCR.exe
  C:\Windows\System\JHVpjCR.exe
  2⤵
  PID:6540
- C:\Windows\System\GrfTScI.exe
  C:\Windows\System\GrfTScI.exe
  2⤵
  PID:6684
- C:\Windows\System\bgHrdHn.exe
  C:\Windows\System\bgHrdHn.exe
  2⤵
  PID:6584
- C:\Windows\System\twPDUuT.exe
  C:\Windows\System\twPDUuT.exe
  2⤵
  PID:6592
- C:\Windows\System\OxlDRVr.exe
  C:\Windows\System\OxlDRVr.exe
  2⤵
  PID:6656
- C:\Windows\System\jJvyxFf.exe
  C:\Windows\System\jJvyxFf.exe
  2⤵
  PID:6900
- C:\Windows\System\tGxrgyd.exe
  C:\Windows\System\tGxrgyd.exe
  2⤵
  PID:6868
- C:\Windows\System\vcXWHNq.exe
  C:\Windows\System\vcXWHNq.exe
  2⤵
  PID:6916
- C:\Windows\System\dkmAjwZ.exe
  C:\Windows\System\dkmAjwZ.exe
  2⤵
  PID:6948
- C:\Windows\System\dpdfJAv.exe
  C:\Windows\System\dpdfJAv.exe
  2⤵
  PID:6780
- C:\Windows\System\fkWdrBH.exe
  C:\Windows\System\fkWdrBH.exe
  2⤵
  PID:6828
- C:\Windows\System\KOUZEwb.exe
  C:\Windows\System\KOUZEwb.exe
  2⤵
  PID:7108
- C:\Windows\System\pjEYRIj.exe
  C:\Windows\System\pjEYRIj.exe
  2⤵
  PID:6264
- C:\Windows\System\ltAVNGP.exe
  C:\Windows\System\ltAVNGP.exe
  2⤵
  PID:6512
- C:\Windows\System\QsruFkC.exe
  C:\Windows\System\QsruFkC.exe
  2⤵
  PID:7148
- C:\Windows\System\xWwSveO.exe
  C:\Windows\System\xWwSveO.exe
  2⤵
  PID:6188
- C:\Windows\System\Tpsfrvl.exe
  C:\Windows\System\Tpsfrvl.exe
  2⤵
  PID:6620
- C:\Windows\System\sNcvKNu.exe
  C:\Windows\System\sNcvKNu.exe
  2⤵
  PID:6464
- C:\Windows\System\dVFjFSb.exe
  C:\Windows\System\dVFjFSb.exe
  2⤵
  PID:6652
- C:\Windows\System\zlozeQZ.exe
  C:\Windows\System\zlozeQZ.exe
  2⤵
  PID:6668
- C:\Windows\System\NODwAtw.exe
  C:\Windows\System\NODwAtw.exe
  2⤵
  PID:6996
- C:\Windows\System\jtPXHnT.exe
  C:\Windows\System\jtPXHnT.exe
  2⤵
  PID:6844
- C:\Windows\System\uvkCiIq.exe
  C:\Windows\System\uvkCiIq.exe
  2⤵
  PID:7068
- C:\Windows\System\vjNSjAn.exe
  C:\Windows\System\vjNSjAn.exe
  2⤵
  PID:7044
- C:\Windows\System\KMjkXpu.exe
  C:\Windows\System\KMjkXpu.exe
  2⤵
  PID:4728
- C:\Windows\System\VbVZPon.exe
  C:\Windows\System\VbVZPon.exe
  2⤵
  PID:6172
- C:\Windows\System\vvOHIEa.exe
  C:\Windows\System\vvOHIEa.exe
  2⤵
  PID:6204
- C:\Windows\System\BWlrPUN.exe
  C:\Windows\System\BWlrPUN.exe
  2⤵
  PID:5328
- C:\Windows\System\wgtUGfW.exe
  C:\Windows\System\wgtUGfW.exe
  2⤵
  PID:6604
- C:\Windows\System\MfwqoJA.exe
  C:\Windows\System\MfwqoJA.exe
  2⤵
  PID:6776
- C:\Windows\System\UZsrDVX.exe
  C:\Windows\System\UZsrDVX.exe
  2⤵
  PID:6864
- C:\Windows\System\fbhMwaE.exe
  C:\Windows\System\fbhMwaE.exe
  2⤵
  PID:6960
- C:\Windows\System\NamMQvm.exe
  C:\Windows\System\NamMQvm.exe
  2⤵
  PID:6440
- C:\Windows\System\UelZTGk.exe
  C:\Windows\System\UelZTGk.exe
  2⤵
  PID:6756
- C:\Windows\System\ssSRmIU.exe
  C:\Windows\System\ssSRmIU.exe
  2⤵
  PID:7192
- C:\Windows\System\UaZstDX.exe
  C:\Windows\System\UaZstDX.exe
  2⤵
  PID:7208
- C:\Windows\System\vpqUHEm.exe
  C:\Windows\System\vpqUHEm.exe
  2⤵
  PID:7224
- C:\Windows\System\bULvjKy.exe
  C:\Windows\System\bULvjKy.exe
  2⤵
  PID:7240
- C:\Windows\System\Lwsxrzt.exe
  C:\Windows\System\Lwsxrzt.exe
  2⤵
  PID:7256
- C:\Windows\System\iRsJFeH.exe
  C:\Windows\System\iRsJFeH.exe
  2⤵
  PID:7284
- C:\Windows\System\BGbebfy.exe
  C:\Windows\System\BGbebfy.exe
  2⤵
  PID:7304
- C:\Windows\System\pFHjUAk.exe
  C:\Windows\System\pFHjUAk.exe
  2⤵
  PID:7336
- C:\Windows\System\jIRbFif.exe
  C:\Windows\System\jIRbFif.exe
  2⤵
  PID:7356
- C:\Windows\System\yUFbrDI.exe
  C:\Windows\System\yUFbrDI.exe
  2⤵
  PID:7376
- C:\Windows\System\XRxhapC.exe
  C:\Windows\System\XRxhapC.exe
  2⤵
  PID:7396
- C:\Windows\System\rAuwlKg.exe
  C:\Windows\System\rAuwlKg.exe
  2⤵
  PID:7412
- C:\Windows\System\doGQIhN.exe
  C:\Windows\System\doGQIhN.exe
  2⤵
  PID:7428
- C:\Windows\System\QVnosJZ.exe
  C:\Windows\System\QVnosJZ.exe
  2⤵
  PID:7452
- C:\Windows\System\ypeiIqV.exe
  C:\Windows\System\ypeiIqV.exe
  2⤵
  PID:7472
- C:\Windows\System\NODYYlW.exe
  C:\Windows\System\NODYYlW.exe
  2⤵
  PID:7500
- C:\Windows\System\HiONokc.exe
  C:\Windows\System\HiONokc.exe
  2⤵
  PID:7516
- C:\Windows\System\JjImYfn.exe
  C:\Windows\System\JjImYfn.exe
  2⤵
  PID:7536
- C:\Windows\System\axDbKnR.exe
  C:\Windows\System\axDbKnR.exe
  2⤵
  PID:7556
- C:\Windows\System\NZKwthd.exe
  C:\Windows\System\NZKwthd.exe
  2⤵
  PID:7572
- C:\Windows\System\nrsEFgy.exe
  C:\Windows\System\nrsEFgy.exe
  2⤵
  PID:7588
- C:\Windows\System\KFuKZXz.exe
  C:\Windows\System\KFuKZXz.exe
  2⤵
  PID:7608
- C:\Windows\System\mIWKpiu.exe
  C:\Windows\System\mIWKpiu.exe
  2⤵
  PID:7624
- C:\Windows\System\YwVzghK.exe
  C:\Windows\System\YwVzghK.exe
  2⤵
  PID:7640
- C:\Windows\System\xfMamVR.exe
  C:\Windows\System\xfMamVR.exe
  2⤵
  PID:7672
- C:\Windows\System\xrZKEXz.exe
  C:\Windows\System\xrZKEXz.exe
  2⤵
  PID:7696
- C:\Windows\System\mnRyASY.exe
  C:\Windows\System\mnRyASY.exe
  2⤵
  PID:7712
- C:\Windows\System\FfIPLYu.exe
  C:\Windows\System\FfIPLYu.exe
  2⤵
  PID:7736
- C:\Windows\System\wRknSLW.exe
  C:\Windows\System\wRknSLW.exe
  2⤵
  PID:7752
- C:\Windows\System\IEeLEAs.exe
  C:\Windows\System\IEeLEAs.exe
  2⤵
  PID:7768
- C:\Windows\System\HgdWltP.exe
  C:\Windows\System\HgdWltP.exe
  2⤵
  PID:7784
- C:\Windows\System\eAHwbqX.exe
  C:\Windows\System\eAHwbqX.exe
  2⤵
  PID:7804
- C:\Windows\System\iJXvyjd.exe
  C:\Windows\System\iJXvyjd.exe
  2⤵
  PID:7828
- C:\Windows\System\LKoOtLW.exe
  C:\Windows\System\LKoOtLW.exe
  2⤵
  PID:7844
- C:\Windows\System\EAefirz.exe
  C:\Windows\System\EAefirz.exe
  2⤵
  PID:7876
- C:\Windows\System\bTMrPTg.exe
  C:\Windows\System\bTMrPTg.exe
  2⤵
  PID:7900
- C:\Windows\System\uVEaqxy.exe
  C:\Windows\System\uVEaqxy.exe
  2⤵
  PID:7916
- C:\Windows\System\AqeXJPD.exe
  C:\Windows\System\AqeXJPD.exe
  2⤵
  PID:7932
- C:\Windows\System\fUdgVbt.exe
  C:\Windows\System\fUdgVbt.exe
  2⤵
  PID:7948
- C:\Windows\System\DRTfNtL.exe
  C:\Windows\System\DRTfNtL.exe
  2⤵
  PID:7964
- C:\Windows\System\KQtRuYy.exe
  C:\Windows\System\KQtRuYy.exe
  2⤵
  PID:7980
- C:\Windows\System\XOhBLrF.exe
  C:\Windows\System\XOhBLrF.exe
  2⤵
  PID:8000
- C:\Windows\System\JiBRmeD.exe
  C:\Windows\System\JiBRmeD.exe
  2⤵
  PID:8020
- C:\Windows\System\ldgtSyj.exe
  C:\Windows\System\ldgtSyj.exe
  2⤵
  PID:8036
- C:\Windows\System\GfCEKqL.exe
  C:\Windows\System\GfCEKqL.exe
  2⤵
  PID:8052
- C:\Windows\System\IFniQJr.exe
  C:\Windows\System\IFniQJr.exe
  2⤵
  PID:8068
- C:\Windows\System\ZezRaTM.exe
  C:\Windows\System\ZezRaTM.exe
  2⤵
  PID:8108
- C:\Windows\System\Xurgtoy.exe
  C:\Windows\System\Xurgtoy.exe
  2⤵
  PID:8124
- C:\Windows\System\gaOdAlE.exe
  C:\Windows\System\gaOdAlE.exe
  2⤵
  PID:8156
- C:\Windows\System\eCngreh.exe
  C:\Windows\System\eCngreh.exe
  2⤵
  PID:8172
- C:\Windows\System\fCkvscu.exe
  C:\Windows\System\fCkvscu.exe
  2⤵
  PID:8188
- C:\Windows\System\aXvyrRz.exe
  C:\Windows\System\aXvyrRz.exe
  2⤵
  PID:6488
- C:\Windows\System\XEfafth.exe
  C:\Windows\System\XEfafth.exe
  2⤵
  PID:7100
- C:\Windows\System\eZdLssk.exe
  C:\Windows\System\eZdLssk.exe
  2⤵
  PID:7096
- C:\Windows\System\HCSxPFd.exe
  C:\Windows\System\HCSxPFd.exe
  2⤵
  PID:5748
- C:\Windows\System\knNfHiP.exe
  C:\Windows\System\knNfHiP.exe
  2⤵
  PID:7268
- C:\Windows\System\leQmYWg.exe
  C:\Windows\System\leQmYWg.exe
  2⤵
  PID:7280
- C:\Windows\System\smJOOMc.exe
  C:\Windows\System\smJOOMc.exe
  2⤵
  PID:7320
- C:\Windows\System\GcwtmPa.exe
  C:\Windows\System\GcwtmPa.exe
  2⤵
  PID:7324
- C:\Windows\System\nBmXSQY.exe
  C:\Windows\System\nBmXSQY.exe
  2⤵
  PID:7368
- C:\Windows\System\aNvGyWC.exe
  C:\Windows\System\aNvGyWC.exe
  2⤵
  PID:7348
- C:\Windows\System\VknRJca.exe
  C:\Windows\System\VknRJca.exe
  2⤵
  PID:7444
- C:\Windows\System\bSlXqSZ.exe
  C:\Windows\System\bSlXqSZ.exe
  2⤵
  PID:7420
- C:\Windows\System\wfBwhwM.exe
  C:\Windows\System\wfBwhwM.exe
  2⤵
  PID:7496
- C:\Windows\System\FTShmCZ.exe
  C:\Windows\System\FTShmCZ.exe
  2⤵
  PID:7544
- C:\Windows\System\qhUJZjB.exe
  C:\Windows\System\qhUJZjB.exe
  2⤵
  PID:7568
- C:\Windows\System\zidAPWl.exe
  C:\Windows\System\zidAPWl.exe
  2⤵
  PID:7548
- C:\Windows\System\vrUGylh.exe
  C:\Windows\System\vrUGylh.exe
  2⤵
  PID:7652
- C:\Windows\System\ziZxJyu.exe
  C:\Windows\System\ziZxJyu.exe
  2⤵
  PID:7584
- C:\Windows\System\XSkArtK.exe
  C:\Windows\System\XSkArtK.exe
  2⤵
  PID:7688
- C:\Windows\System\bXPqknW.exe
  C:\Windows\System\bXPqknW.exe
  2⤵
  PID:7728
- C:\Windows\System\sifujIa.exe
  C:\Windows\System\sifujIa.exe
  2⤵
  PID:7792
- C:\Windows\System\KQJmRFE.exe
  C:\Windows\System\KQJmRFE.exe
  2⤵
  PID:7836
- C:\Windows\System\CnqwSHf.exe
  C:\Windows\System\CnqwSHf.exe
  2⤵
  PID:7812
- C:\Windows\System\YcXwYoP.exe
  C:\Windows\System\YcXwYoP.exe
  2⤵
  PID:7748
- C:\Windows\System\eahIMFv.exe
  C:\Windows\System\eahIMFv.exe
  2⤵
  PID:7860
- C:\Windows\System\cAgpXhh.exe
  C:\Windows\System\cAgpXhh.exe
  2⤵
  PID:7896
- C:\Windows\System\qtJMwDN.exe
  C:\Windows\System\qtJMwDN.exe
  2⤵
  PID:7928
- C:\Windows\System\DpQNLBp.exe
  C:\Windows\System\DpQNLBp.exe
  2⤵
  PID:8064
- C:\Windows\System\viZeejH.exe
  C:\Windows\System\viZeejH.exe
  2⤵
  PID:7992
- C:\Windows\System\cBKwGyp.exe
  C:\Windows\System\cBKwGyp.exe
  2⤵
  PID:7940
- C:\Windows\System\pqFmwul.exe
  C:\Windows\System\pqFmwul.exe
  2⤵
  PID:8012
- C:\Windows\System\KzryttH.exe
  C:\Windows\System\KzryttH.exe
  2⤵
  PID:8120
- C:\Windows\System\sGaxyEB.exe
  C:\Windows\System\sGaxyEB.exe
  2⤵
  PID:8080
- C:\Windows\System\XHHyvhu.exe
  C:\Windows\System\XHHyvhu.exe
  2⤵
  PID:8184
- C:\Windows\System\IgntTAK.exe
  C:\Windows\System\IgntTAK.exe
  2⤵
  PID:6708
- C:\Windows\System\IyuakIf.exe
  C:\Windows\System\IyuakIf.exe
  2⤵
  PID:8168
- C:\Windows\System\tBjxqxM.exe
  C:\Windows\System\tBjxqxM.exe
  2⤵
  PID:7176
- C:\Windows\System\jmbrfsA.exe
  C:\Windows\System\jmbrfsA.exe
  2⤵
  PID:7364
- C:\Windows\System\POBTrzr.exe
  C:\Windows\System\POBTrzr.exe
  2⤵
  PID:7252
- C:\Windows\System\gjBBBOx.exe
  C:\Windows\System\gjBBBOx.exe
  2⤵
  PID:7460
- C:\Windows\System\SjFIUaO.exe
  C:\Windows\System\SjFIUaO.exe
  2⤵
  PID:7528
- C:\Windows\System\TeNFbBQ.exe
  C:\Windows\System\TeNFbBQ.exe
  2⤵
  PID:7388
- C:\Windows\System\QXDNklS.exe
  C:\Windows\System\QXDNklS.exe
  2⤵
  PID:7604
- C:\Windows\System\UfwPcnL.exe
  C:\Windows\System\UfwPcnL.exe
  2⤵
  PID:7780
- C:\Windows\System\BLjAJkb.exe
  C:\Windows\System\BLjAJkb.exe
  2⤵
  PID:7912
- C:\Windows\System\dFprBze.exe
  C:\Windows\System\dFprBze.exe
  2⤵
  PID:8092
- C:\Windows\System\SWQzHBX.exe
  C:\Windows\System\SWQzHBX.exe
  2⤵
  PID:8076
- C:\Windows\System\uTwjdzl.exe
  C:\Windows\System\uTwjdzl.exe
  2⤵
  PID:7144
- C:\Windows\System\DuZAsbd.exe
  C:\Windows\System\DuZAsbd.exe
  2⤵
  PID:7172
- C:\Windows\System\NShPhjP.exe
  C:\Windows\System\NShPhjP.exe
  2⤵
  PID:7888
- C:\Windows\System\aXOhcnY.exe
  C:\Windows\System\aXOhcnY.exe
  2⤵
  PID:7708
- C:\Windows\System\TucrMZn.exe
  C:\Windows\System\TucrMZn.exe
  2⤵
  PID:7744
- C:\Windows\System\zYFZJbX.exe
  C:\Windows\System\zYFZJbX.exe
  2⤵
  PID:7976
- C:\Windows\System\dTlayQt.exe
  C:\Windows\System\dTlayQt.exe
  2⤵
  PID:8100
- C:\Windows\System\KklDtac.exe
  C:\Windows\System\KklDtac.exe
  2⤵
  PID:7184
- C:\Windows\System\OBgupum.exe
  C:\Windows\System\OBgupum.exe
  2⤵
  PID:7296
- C:\Windows\System\iFcuNEa.exe
  C:\Windows\System\iFcuNEa.exe
  2⤵
  PID:7480
- C:\Windows\System\jnlNrkC.exe
  C:\Windows\System\jnlNrkC.exe
  2⤵
  PID:7856
- C:\Windows\System\QvMCDnD.exe
  C:\Windows\System\QvMCDnD.exe
  2⤵
  PID:7300
- C:\Windows\System\MVJVhiN.exe
  C:\Windows\System\MVJVhiN.exe
  2⤵
  PID:7620
- C:\Windows\System\cyWrIfD.exe
  C:\Windows\System\cyWrIfD.exe
  2⤵
  PID:7720
- C:\Windows\System\HqodWPI.exe
  C:\Windows\System\HqodWPI.exe
  2⤵
  PID:7636
- C:\Windows\System\LqFkZHl.exe
  C:\Windows\System\LqFkZHl.exe
  2⤵
  PID:6192
- C:\Windows\System\VxqWiQb.exe
  C:\Windows\System\VxqWiQb.exe
  2⤵
  PID:7764
- C:\Windows\System\FMQdmoh.exe
  C:\Windows\System\FMQdmoh.exe
  2⤵
  PID:8132
- C:\Windows\System\fbBecmu.exe
  C:\Windows\System\fbBecmu.exe
  2⤵
  PID:7464
- C:\Windows\System\RAbdPdp.exe
  C:\Windows\System\RAbdPdp.exe
  2⤵
  PID:8044
- C:\Windows\System\SBEFQVV.exe
  C:\Windows\System\SBEFQVV.exe
  2⤵
  PID:7632
- C:\Windows\System\iNopALw.exe
  C:\Windows\System\iNopALw.exe
  2⤵
  PID:7232
- C:\Windows\System\oFjVupc.exe
  C:\Windows\System\oFjVupc.exe
  2⤵
  PID:7488
- C:\Windows\System\SAMQeEF.exe
  C:\Windows\System\SAMQeEF.exe
  2⤵
  PID:7800
- C:\Windows\System\AEYfZoI.exe
  C:\Windows\System\AEYfZoI.exe
  2⤵
  PID:7684
- C:\Windows\System\yzxdVEY.exe
  C:\Windows\System\yzxdVEY.exe
  2⤵
  PID:8140
- C:\Windows\System\ebqABhr.exe
  C:\Windows\System\ebqABhr.exe
  2⤵
  PID:6812
- C:\Windows\System\zlKHhsj.exe
  C:\Windows\System\zlKHhsj.exe
  2⤵
  PID:7820
- C:\Windows\System\jbcNtRp.exe
  C:\Windows\System\jbcNtRp.exe
  2⤵
  PID:7276
- C:\Windows\System\xscpbhs.exe
  C:\Windows\System\xscpbhs.exe
  2⤵
  PID:7664
- C:\Windows\System\ihqCUyS.exe
  C:\Windows\System\ihqCUyS.exe
  2⤵
  PID:7924
- C:\Windows\System\riCOoWM.exe
  C:\Windows\System\riCOoWM.exe
  2⤵
  PID:8008
- C:\Windows\System\rbCMdFT.exe
  C:\Windows\System\rbCMdFT.exe
  2⤵
  PID:8200
- C:\Windows\System\ndXJAqn.exe
  C:\Windows\System\ndXJAqn.exe
  2⤵
  PID:8228
- C:\Windows\System\hCKwsMA.exe
  C:\Windows\System\hCKwsMA.exe
  2⤵
  PID:8244
- C:\Windows\System\BklkECU.exe
  C:\Windows\System\BklkECU.exe
  2⤵
  PID:8260
- C:\Windows\System\wqnoAHu.exe
  C:\Windows\System\wqnoAHu.exe
  2⤵
  PID:8280
- C:\Windows\System\VmFYtfS.exe
  C:\Windows\System\VmFYtfS.exe
  2⤵
  PID:8296
- C:\Windows\System\tvptOix.exe
  C:\Windows\System\tvptOix.exe
  2⤵
  PID:8312
- C:\Windows\System\QfCIAmq.exe
  C:\Windows\System\QfCIAmq.exe
  2⤵
  PID:8332
- C:\Windows\System\BzmMwVn.exe
  C:\Windows\System\BzmMwVn.exe
  2⤵
  PID:8348
- C:\Windows\System\Bgoxqay.exe
  C:\Windows\System\Bgoxqay.exe
  2⤵
  PID:8364
- C:\Windows\System\OtgpmNy.exe
  C:\Windows\System\OtgpmNy.exe
  2⤵
  PID:8400
- C:\Windows\System\QiERWoB.exe
  C:\Windows\System\QiERWoB.exe
  2⤵
  PID:8428
- C:\Windows\System\ljpiipv.exe
  C:\Windows\System\ljpiipv.exe
  2⤵
  PID:8452
- C:\Windows\System\DILjxSw.exe
  C:\Windows\System\DILjxSw.exe
  2⤵
  PID:8472
- C:\Windows\System\BLqMPeQ.exe
  C:\Windows\System\BLqMPeQ.exe
  2⤵
  PID:8488
- C:\Windows\System\DexlQJg.exe
  C:\Windows\System\DexlQJg.exe
  2⤵
  PID:8504
- C:\Windows\System\SYviyNA.exe
  C:\Windows\System\SYviyNA.exe
  2⤵
  PID:8520
- C:\Windows\System\PPEviQJ.exe
  C:\Windows\System\PPEviQJ.exe
  2⤵
  PID:8536
- C:\Windows\System\iJQusKD.exe
  C:\Windows\System\iJQusKD.exe
  2⤵
  PID:8580
- C:\Windows\System\DSxmvak.exe
  C:\Windows\System\DSxmvak.exe
  2⤵
  PID:8596
- C:\Windows\System\VieFalu.exe
  C:\Windows\System\VieFalu.exe
  2⤵
  PID:8612
- C:\Windows\System\sXnShMk.exe
  C:\Windows\System\sXnShMk.exe
  2⤵
  PID:8644
- C:\Windows\System\GxDkyFW.exe
  C:\Windows\System\GxDkyFW.exe
  2⤵
  PID:8664
- C:\Windows\System\oPfOvHE.exe
  C:\Windows\System\oPfOvHE.exe
  2⤵
  PID:8680
- C:\Windows\System\SbJVZJR.exe
  C:\Windows\System\SbJVZJR.exe
  2⤵
  PID:8700
- C:\Windows\System\zDiKutB.exe
  C:\Windows\System\zDiKutB.exe
  2⤵
  PID:8732
- C:\Windows\System\EIBakmv.exe
  C:\Windows\System\EIBakmv.exe
  2⤵
  PID:8748
- C:\Windows\System\MtkTfja.exe
  C:\Windows\System\MtkTfja.exe
  2⤵
  PID:8764
- C:\Windows\System\brCSmmP.exe
  C:\Windows\System\brCSmmP.exe
  2⤵
  PID:8780
- C:\Windows\System\hDSWuRw.exe
  C:\Windows\System\hDSWuRw.exe
  2⤵
  PID:8796
- C:\Windows\System\kyogyKy.exe
  C:\Windows\System\kyogyKy.exe
  2⤵
  PID:8812
- C:\Windows\System\UYsyFmc.exe
  C:\Windows\System\UYsyFmc.exe
  2⤵
  PID:8828
- C:\Windows\System\QODsOBX.exe
  C:\Windows\System\QODsOBX.exe
  2⤵
  PID:8844
- C:\Windows\System\bksmvhB.exe
  C:\Windows\System\bksmvhB.exe
  2⤵
  PID:8860
- C:\Windows\System\GZZwDsR.exe
  C:\Windows\System\GZZwDsR.exe
  2⤵
  PID:8876
- C:\Windows\System\IcYTOAc.exe
  C:\Windows\System\IcYTOAc.exe
  2⤵
  PID:8928
- C:\Windows\System\BJhJGmq.exe
  C:\Windows\System\BJhJGmq.exe
  2⤵
  PID:8944
- C:\Windows\System\pcxvywd.exe
  C:\Windows\System\pcxvywd.exe
  2⤵
  PID:8960
- C:\Windows\System\FPOYRmj.exe
  C:\Windows\System\FPOYRmj.exe
  2⤵
  PID:8976
- C:\Windows\System\DfgvMpl.exe
  C:\Windows\System\DfgvMpl.exe
  2⤵
  PID:8992
- C:\Windows\System\rsogOsw.exe
  C:\Windows\System\rsogOsw.exe
  2⤵
  PID:9008
- C:\Windows\System\rdSTmcg.exe
  C:\Windows\System\rdSTmcg.exe
  2⤵
  PID:9024
- C:\Windows\System\RZTwAhl.exe
  C:\Windows\System\RZTwAhl.exe
  2⤵
  PID:9044
- C:\Windows\System\xVWjcOL.exe
  C:\Windows\System\xVWjcOL.exe
  2⤵
  PID:9072
- C:\Windows\System\OGmwNBH.exe
  C:\Windows\System\OGmwNBH.exe
  2⤵
  PID:9112
- C:\Windows\System\cvDxaxS.exe
  C:\Windows\System\cvDxaxS.exe
  2⤵
  PID:9128
- C:\Windows\System\WXbBxtX.exe
  C:\Windows\System\WXbBxtX.exe
  2⤵
  PID:9148
- C:\Windows\System\WnLqvMv.exe
  C:\Windows\System\WnLqvMv.exe
  2⤵
  PID:9164
- C:\Windows\System\kMWuVLY.exe
  C:\Windows\System\kMWuVLY.exe
  2⤵
  PID:9184
- C:\Windows\System\ohSdWNL.exe
  C:\Windows\System\ohSdWNL.exe
  2⤵
  PID:9204
- C:\Windows\System\sIXoCbv.exe
  C:\Windows\System\sIXoCbv.exe
  2⤵
  PID:8196
- C:\Windows\System\oumzUsw.exe
  C:\Windows\System\oumzUsw.exe
  2⤵
  PID:8224
- C:\Windows\System\IadbQQu.exe
  C:\Windows\System\IadbQQu.exe
  2⤵
  PID:8304
- C:\Windows\System\mwrNcEy.exe
  C:\Windows\System\mwrNcEy.exe
  2⤵
  PID:8288
- C:\Windows\System\CLQJOXQ.exe
  C:\Windows\System\CLQJOXQ.exe
  2⤵
  PID:8340
- C:\Windows\System\VnSQCUG.exe
  C:\Windows\System\VnSQCUG.exe
  2⤵
  PID:8380
- C:\Windows\System\SvBRysi.exe
  C:\Windows\System\SvBRysi.exe
  2⤵
  PID:8420
- C:\Windows\System\pgRjveq.exe
  C:\Windows\System\pgRjveq.exe
  2⤵
  PID:8412
- C:\Windows\System\keowwpc.exe
  C:\Windows\System\keowwpc.exe
  2⤵
  PID:8448
- C:\Windows\System\NtytGqP.exe
  C:\Windows\System\NtytGqP.exe
  2⤵
  PID:8484
- C:\Windows\System\NbSZDzW.exe
  C:\Windows\System\NbSZDzW.exe
  2⤵
  PID:8548
- C:\Windows\System\RYTowaF.exe
  C:\Windows\System\RYTowaF.exe
  2⤵
  PID:8564
- C:\Windows\System\nDfPUXG.exe
  C:\Windows\System\nDfPUXG.exe
  2⤵
  PID:8604
- C:\Windows\System\FgHYINo.exe
  C:\Windows\System\FgHYINo.exe
  2⤵
  PID:8628
- C:\Windows\System\EsnFpNV.exe
  C:\Windows\System\EsnFpNV.exe
  2⤵
  PID:8656
- C:\Windows\System\TeGJEoB.exe
  C:\Windows\System\TeGJEoB.exe
  2⤵
  PID:8692
- C:\Windows\System\RDCymdX.exe
  C:\Windows\System\RDCymdX.exe
  2⤵
  PID:8740
- C:\Windows\System\fAjhaAi.exe
  C:\Windows\System\fAjhaAi.exe
  2⤵
  PID:8788
- C:\Windows\System\LWmhdyr.exe
  C:\Windows\System\LWmhdyr.exe
  2⤵
  PID:8804
- C:\Windows\System\kKnFUZu.exe
  C:\Windows\System\kKnFUZu.exe
  2⤵
  PID:8840
- C:\Windows\System\ByDxmtE.exe
  C:\Windows\System\ByDxmtE.exe
  2⤵
  PID:8896
- C:\Windows\System\sRAlDor.exe
  C:\Windows\System\sRAlDor.exe
  2⤵
  PID:8868
- C:\Windows\System\aVucqEv.exe
  C:\Windows\System\aVucqEv.exe
  2⤵
  PID:8956
- C:\Windows\System\IJETOsn.exe
  C:\Windows\System\IJETOsn.exe
  2⤵
  PID:9004
- C:\Windows\System\tvIYCgz.exe
  C:\Windows\System\tvIYCgz.exe
  2⤵
  PID:9056
- C:\Windows\System\eOhGKdU.exe
  C:\Windows\System\eOhGKdU.exe
  2⤵
  PID:9064
- C:\Windows\System\GniOqIx.exe
  C:\Windows\System\GniOqIx.exe
  2⤵
  PID:9080
- C:\Windows\System\JkEasYj.exe
  C:\Windows\System\JkEasYj.exe
  2⤵
  PID:9100
- C:\Windows\System\eJcoRsr.exe
  C:\Windows\System\eJcoRsr.exe
  2⤵
  PID:9120
- C:\Windows\System\gksSPsg.exe
  C:\Windows\System\gksSPsg.exe
  2⤵
  PID:9172
- C:\Windows\System\ycdGwOc.exe
  C:\Windows\System\ycdGwOc.exe
  2⤵
  PID:9180
- C:\Windows\System\TEuhLWo.exe
  C:\Windows\System\TEuhLWo.exe
  2⤵
  PID:9212
- C:\Windows\System\mIlGimq.exe
  C:\Windows\System\mIlGimq.exe
  2⤵
  PID:7236
- C:\Windows\System\yDoyBJZ.exe
  C:\Windows\System\yDoyBJZ.exe
  2⤵
  PID:8320
- C:\Windows\System\UoUOBXG.exe
  C:\Windows\System\UoUOBXG.exe
  2⤵
  PID:8388
- C:\Windows\System\kcfhTOw.exe
  C:\Windows\System\kcfhTOw.exe
  2⤵
  PID:8464
- C:\Windows\System\sDYWDLT.exe
  C:\Windows\System\sDYWDLT.exe
  2⤵
  PID:8460
- C:\Windows\System\fRhPSyW.exe
  C:\Windows\System\fRhPSyW.exe
  2⤵
  PID:8560
- C:\Windows\System\oyjyjtU.exe
  C:\Windows\System\oyjyjtU.exe
  2⤵
  PID:8576
- C:\Windows\System\QadVHhf.exe
  C:\Windows\System\QadVHhf.exe
  2⤵
  PID:8676
- C:\Windows\System\TYttOcL.exe
  C:\Windows\System\TYttOcL.exe
  2⤵
  PID:8716
- C:\Windows\System\NDXBwMe.exe
  C:\Windows\System\NDXBwMe.exe
  2⤵
  PID:8792
- C:\Windows\System\YxbAFQt.exe
  C:\Windows\System\YxbAFQt.exe
  2⤵
  PID:8872
- C:\Windows\System\sOcvgSC.exe
  C:\Windows\System\sOcvgSC.exe
  2⤵
  PID:8892
- C:\Windows\System\jxAqhql.exe
  C:\Windows\System\jxAqhql.exe
  2⤵
  PID:8936
- C:\Windows\System\fzTcHej.exe
  C:\Windows\System\fzTcHej.exe
  2⤵
  PID:9020
- C:\Windows\System\ipXdexk.exe
  C:\Windows\System\ipXdexk.exe
  2⤵
  PID:9060
- C:\Windows\System\sZEAsgv.exe
  C:\Windows\System\sZEAsgv.exe
  2⤵
  PID:9156
- C:\Windows\System\RhxrGiZ.exe
  C:\Windows\System\RhxrGiZ.exe
  2⤵
  PID:8208
- C:\Windows\System\ylCKeAP.exe
  C:\Windows\System\ylCKeAP.exe
  2⤵
  PID:7180
- C:\Windows\System\BulBxrq.exe
  C:\Windows\System\BulBxrq.exe
  2⤵
  PID:8292
- C:\Windows\System\uJdPvkU.exe
  C:\Windows\System\uJdPvkU.exe
  2⤵
  PID:8268
- C:\Windows\System\MadSFpk.exe
  C:\Windows\System\MadSFpk.exe
  2⤵
  PID:8396
- C:\Windows\System\HrGqqXK.exe
  C:\Windows\System\HrGqqXK.exe
  2⤵
  PID:8416
- C:\Windows\System\YSxnpER.exe
  C:\Windows\System\YSxnpER.exe
  2⤵
  PID:8480
- C:\Windows\System\EUJJdpl.exe
  C:\Windows\System\EUJJdpl.exe
  2⤵
  PID:8588
- C:\Windows\System\CUZmeOt.exe
  C:\Windows\System\CUZmeOt.exe
  2⤵
  PID:8756
- C:\Windows\System\ZTdRDat.exe
  C:\Windows\System\ZTdRDat.exe
  2⤵
  PID:8888
- C:\Windows\System\pZKxwwi.exe
  C:\Windows\System\pZKxwwi.exe
  2⤵
  PID:9036
- C:\Windows\System\FxMJNOJ.exe
  C:\Windows\System\FxMJNOJ.exe
  2⤵
  PID:8528
- C:\Windows\System\lyINPyJ.exe
  C:\Windows\System\lyINPyJ.exe
  2⤵
  PID:9096
- C:\Windows\System\ExzPhde.exe
  C:\Windows\System\ExzPhde.exe
  2⤵
  PID:8256
- C:\Windows\System\GGWWbfw.exe
  C:\Windows\System\GGWWbfw.exe
  2⤵
  PID:8444
- C:\Windows\System\LBRaFwL.exe
  C:\Windows\System\LBRaFwL.exe
  2⤵
  PID:8688
- C:\Windows\System\wijYkXK.exe
  C:\Windows\System\wijYkXK.exe
  2⤵
  PID:8544
- C:\Windows\System\nbJCfxD.exe
  C:\Windows\System\nbJCfxD.exe
  2⤵
  PID:8728
- C:\Windows\System\wUlYZMk.exe
  C:\Windows\System\wUlYZMk.exe
  2⤵
  PID:9092
- C:\Windows\System\rZsrtgN.exe
  C:\Windows\System\rZsrtgN.exe
  2⤵
  PID:9176
- C:\Windows\System\olapwFD.exe
  C:\Windows\System\olapwFD.exe
  2⤵
  PID:9108
- C:\Windows\System\XoPDhXN.exe
  C:\Windows\System\XoPDhXN.exe
  2⤵
  PID:8904
- C:\Windows\System\YWzQtNH.exe
  C:\Windows\System\YWzQtNH.exe
  2⤵
  PID:9144
- C:\Windows\System\MRGeyCY.exe
  C:\Windows\System\MRGeyCY.exe
  2⤵
  PID:8924
- C:\Windows\System\MDpOozf.exe
  C:\Windows\System\MDpOozf.exe
  2⤵
  PID:8252
- C:\Windows\System\XFLUChX.exe
  C:\Windows\System\XFLUChX.exe
  2⤵
  PID:8356
- C:\Windows\System\dAbsqok.exe
  C:\Windows\System\dAbsqok.exe
  2⤵
  PID:9000
- C:\Windows\System\zVYmGHE.exe
  C:\Windows\System\zVYmGHE.exe
  2⤵
  PID:8372
- C:\Windows\System\sdWZmyZ.exe
  C:\Windows\System\sdWZmyZ.exe
  2⤵
  PID:9236
- C:\Windows\System\KgzKETp.exe
  C:\Windows\System\KgzKETp.exe
  2⤵
  PID:9268
- C:\Windows\System\kgOjMwR.exe
  C:\Windows\System\kgOjMwR.exe
  2⤵
  PID:9292
- C:\Windows\System\IYvSHZV.exe
  C:\Windows\System\IYvSHZV.exe
  2⤵
  PID:9316
- C:\Windows\System\vmlaFiL.exe
  C:\Windows\System\vmlaFiL.exe
  2⤵
  PID:9332
- C:\Windows\System\hdSifMe.exe
  C:\Windows\System\hdSifMe.exe
  2⤵
  PID:9352
- C:\Windows\System\JYotmNy.exe
  C:\Windows\System\JYotmNy.exe
  2⤵
  PID:9372
- C:\Windows\System\pNUImog.exe
  C:\Windows\System\pNUImog.exe
  2⤵
  PID:9388
- C:\Windows\System\MlGyUpn.exe
  C:\Windows\System\MlGyUpn.exe
  2⤵
  PID:9404
- C:\Windows\System\PpSmyOB.exe
  C:\Windows\System\PpSmyOB.exe
  2⤵
  PID:9420
- C:\Windows\System\HvsJHoa.exe
  C:\Windows\System\HvsJHoa.exe
  2⤵
  PID:9440
- C:\Windows\System\bmqtdoA.exe
  C:\Windows\System\bmqtdoA.exe
  2⤵
  PID:9460
- C:\Windows\System\TkOJtbe.exe
  C:\Windows\System\TkOJtbe.exe
  2⤵
  PID:9476
- C:\Windows\System\QCyYAJW.exe
  C:\Windows\System\QCyYAJW.exe
  2⤵
  PID:9492
- C:\Windows\System\VESBdrU.exe
  C:\Windows\System\VESBdrU.exe
  2⤵
  PID:9512
- C:\Windows\System\uaBYTNf.exe
  C:\Windows\System\uaBYTNf.exe
  2⤵
  PID:9532
- C:\Windows\System\juTFePd.exe
  C:\Windows\System\juTFePd.exe
  2⤵
  PID:9552
- C:\Windows\System\ufuPYWB.exe
  C:\Windows\System\ufuPYWB.exe
  2⤵
  PID:9568
- C:\Windows\System\PUoHNZX.exe
  C:\Windows\System\PUoHNZX.exe
  2⤵
  PID:9588
- C:\Windows\System\asWEbRn.exe
  C:\Windows\System\asWEbRn.exe
  2⤵
  PID:9612
- C:\Windows\System\NyFTYOd.exe
  C:\Windows\System\NyFTYOd.exe
  2⤵
  PID:9632
- C:\Windows\System\tZlsOrN.exe
  C:\Windows\System\tZlsOrN.exe
  2⤵
  PID:9648
- C:\Windows\System\QDGbwHm.exe
  C:\Windows\System\QDGbwHm.exe
  2⤵
  PID:9672
- C:\Windows\System\baiXixe.exe
  C:\Windows\System\baiXixe.exe
  2⤵
  PID:9712
- C:\Windows\System\XJKpmLD.exe
  C:\Windows\System\XJKpmLD.exe
  2⤵
  PID:9732
- C:\Windows\System\rduYGKy.exe
  C:\Windows\System\rduYGKy.exe
  2⤵
  PID:9748
- C:\Windows\System\SFunrvD.exe
  C:\Windows\System\SFunrvD.exe
  2⤵
  PID:9764
- C:\Windows\System\BZVAJwp.exe
  C:\Windows\System\BZVAJwp.exe
  2⤵
  PID:9788
- C:\Windows\System\waLbXkY.exe
  C:\Windows\System\waLbXkY.exe
  2⤵
  PID:9808
- C:\Windows\System\NxbAaBx.exe
  C:\Windows\System\NxbAaBx.exe
  2⤵
  PID:9824
- C:\Windows\System\YFkEHZv.exe
  C:\Windows\System\YFkEHZv.exe
  2⤵
  PID:9852
- C:\Windows\System\ZxJruuh.exe
  C:\Windows\System\ZxJruuh.exe
  2⤵
  PID:9868
- C:\Windows\System\aVNIzTk.exe
  C:\Windows\System\aVNIzTk.exe
  2⤵
  PID:9888
- C:\Windows\System\pYZdlzi.exe
  C:\Windows\System\pYZdlzi.exe
  2⤵
  PID:9912
- C:\Windows\System\hzALPCg.exe
  C:\Windows\System\hzALPCg.exe
  2⤵
  PID:9932
- C:\Windows\System\AyFvDlB.exe
  C:\Windows\System\AyFvDlB.exe
  2⤵
  PID:9948
- C:\Windows\System\DGLAhjJ.exe
  C:\Windows\System\DGLAhjJ.exe
  2⤵
  PID:9968
- C:\Windows\System\kZiOYdN.exe
  C:\Windows\System\kZiOYdN.exe
  2⤵
  PID:10000
- C:\Windows\System\rlVQYUb.exe
  C:\Windows\System\rlVQYUb.exe
  2⤵
  PID:10016
- C:\Windows\System\opXFvUY.exe
  C:\Windows\System\opXFvUY.exe
  2⤵
  PID:10032
- C:\Windows\System\URUJcOo.exe
  C:\Windows\System\URUJcOo.exe
  2⤵
  PID:10048
- C:\Windows\System\sWMUZFl.exe
  C:\Windows\System\sWMUZFl.exe
  2⤵
  PID:10072
- C:\Windows\System\dQjODRN.exe
  C:\Windows\System\dQjODRN.exe
  2⤵
  PID:10100
- C:\Windows\System\ZLRvWQN.exe
  C:\Windows\System\ZLRvWQN.exe
  2⤵
  PID:10116
- C:\Windows\System\JVNrEbX.exe
  C:\Windows\System\JVNrEbX.exe
  2⤵
  PID:10132
- C:\Windows\System\BVlntFH.exe
  C:\Windows\System\BVlntFH.exe
  2⤵
  PID:10160
- C:\Windows\System\DRptgvF.exe
  C:\Windows\System\DRptgvF.exe
  2⤵
  PID:10180
- C:\Windows\System\wGPRYMh.exe
  C:\Windows\System\wGPRYMh.exe
  2⤵
  PID:10200
- C:\Windows\System\tGFmLIm.exe
  C:\Windows\System\tGFmLIm.exe
  2⤵
  PID:10216
- C:\Windows\System\byjiDpe.exe
  C:\Windows\System\byjiDpe.exe
  2⤵
  PID:10232
- C:\Windows\System\wUXADsf.exe
  C:\Windows\System\wUXADsf.exe
  2⤵
  PID:8884
- C:\Windows\System\LJmbyYH.exe
  C:\Windows\System\LJmbyYH.exe
  2⤵
  PID:9260
- C:\Windows\System\CuKjODi.exe
  C:\Windows\System\CuKjODi.exe
  2⤵
  PID:9300
- C:\Windows\System\ecKGtzZ.exe
  C:\Windows\System\ecKGtzZ.exe
  2⤵
  PID:9308
- C:\Windows\System\lckzeGU.exe
  C:\Windows\System\lckzeGU.exe
  2⤵
  PID:9328
- C:\Windows\System\vkQgOAS.exe
  C:\Windows\System\vkQgOAS.exe
  2⤵
  PID:9416
- C:\Windows\System\HWdCxqh.exe
  C:\Windows\System\HWdCxqh.exe
  2⤵
  PID:9484
- C:\Windows\System\bTUdpKt.exe
  C:\Windows\System\bTUdpKt.exe
  2⤵
  PID:9528
- C:\Windows\System\uBKzWfn.exe
  C:\Windows\System\uBKzWfn.exe
  2⤵
  PID:9604
- C:\Windows\System\risiQjJ.exe
  C:\Windows\System\risiQjJ.exe
  2⤵
  PID:9684
- C:\Windows\System\ztFsoun.exe
  C:\Windows\System\ztFsoun.exe
  2⤵
  PID:9696
- C:\Windows\System\SIFTEJZ.exe
  C:\Windows\System\SIFTEJZ.exe
  2⤵
  PID:9704
- C:\Windows\System\EOreROz.exe
  C:\Windows\System\EOreROz.exe
  2⤵
  PID:9428
- C:\Windows\System\zXVngfw.exe
  C:\Windows\System\zXVngfw.exe
  2⤵
  PID:9504
- C:\Windows\System\SyaPGif.exe
  C:\Windows\System\SyaPGif.exe
  2⤵
  PID:9548
- C:\Windows\System\pSjepJj.exe
  C:\Windows\System\pSjepJj.exe
  2⤵
  PID:9740
- C:\Windows\System\EstpoER.exe
  C:\Windows\System\EstpoER.exe
  2⤵
  PID:9784
- C:\Windows\System\stIIDuF.exe
  C:\Windows\System\stIIDuF.exe
  2⤵
  PID:9664
- C:\Windows\System\UKzFUvE.exe
  C:\Windows\System\UKzFUvE.exe
  2⤵
  PID:9804
- C:\Windows\System\LhKEeWi.exe
  C:\Windows\System\LhKEeWi.exe
  2⤵
  PID:9844
- C:\Windows\System\cHJXDER.exe
  C:\Windows\System\cHJXDER.exe
  2⤵
  PID:8376
- C:\Windows\System\dRtCFeq.exe
  C:\Windows\System\dRtCFeq.exe
  2⤵
  PID:9904
- C:\Windows\System\cwiLrfd.exe
  C:\Windows\System\cwiLrfd.exe
  2⤵
  PID:9944
- C:\Windows\System\LWzphEM.exe
  C:\Windows\System\LWzphEM.exe
  2⤵
  PID:9976
- C:\Windows\System\UNGzVuD.exe
  C:\Windows\System\UNGzVuD.exe
  2⤵
  PID:10008
- C:\Windows\System\vjYkVuf.exe
  C:\Windows\System\vjYkVuf.exe
  2⤵
  PID:10040
- C:\Windows\System\nZctFJa.exe
  C:\Windows\System\nZctFJa.exe
  2⤵
  PID:10068
- C:\Windows\System\XNxTdqo.exe
  C:\Windows\System\XNxTdqo.exe
  2⤵
  PID:10112
- C:\Windows\System\BHkytlF.exe
  C:\Windows\System\BHkytlF.exe
  2⤵
  PID:10156
- C:\Windows\System\MZQQeiY.exe
  C:\Windows\System\MZQQeiY.exe
  2⤵
  PID:10168
- C:\Windows\System\twTmxkd.exe
  C:\Windows\System\twTmxkd.exe
  2⤵
  PID:10196
- C:\Windows\System\awDFkMk.exe
  C:\Windows\System\awDFkMk.exe
  2⤵
  PID:9256
- C:\Windows\System\DAUEQVW.exe
  C:\Windows\System\DAUEQVW.exe
  2⤵
  PID:9244
- C:\Windows\System\OkPoRqY.exe
  C:\Windows\System\OkPoRqY.exe
  2⤵
  PID:9232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFnIbgz.exe

Filesize
6.0MB

MD5
1d3232e8d3f16fe28f1b66758462b02a

SHA1
60ad6c8143c6c32b2d24091e662bc49fe9b2d997

SHA256
00881c73b7f549b1d4a1bc8efa300616e530e2ecdd9aee6c7bf9fbcd5b0d939a

SHA512
d5eea6bf9e07ceaf1e683d85d947c68e1a77c1c7c0beeb93c21bc7c014c58410e1d156d830225422d1b5eda23fe30d25093dace2d1b7d05f36cf19ad807e4d15

Download Submit
C:\Windows\system\ANczCrs.exe

Filesize
6.0MB

MD5
fea0134275628d29d9381b59b2703061

SHA1
00a3d672b056cffed9bfc320f9b78bf234a24933

SHA256
8758aa011c3959df612614c70159742282ad514adce809c7ef253566ed927bc2

SHA512
5b1e6665cd6c0485825d81e315e242340b0e90b6b710f8341bbd562fab8c449d984b8e6c2cd69c6eef8f5e6ff2bd18392813fc4f8e17c204e2b1c4dba0016205

Download Submit
C:\Windows\system\BRvPrud.exe

Filesize
6.0MB

MD5
aa88cfeee081c440311c319b146532a6

SHA1
98c4989d66194f396f9d3dbf5b48b8d5127c1970

SHA256
5c5f889ad7f3f254f66c1d1809ff97030973ae16b107b3c798e8927ea4e6adb7

SHA512
00fdbe755c3086ff053f4c4016409e8329f2dfea1f17783f512852159ab19f34c0c2e48f4a121bdfc5de044f4b2aa4f763d977218e7ba3e1d740e22a36e74dba

Download Submit
C:\Windows\system\GhlCWjq.exe

Filesize
6.0MB

MD5
de9182470c3f47793337e3880f3ac2d6

SHA1
d9947572e571fd6ab5a5f4a8954030c3a68cff9b

SHA256
12c349394525ce1d23eeefff937af6b059eea853d9eae9eee5d44f1179c851c6

SHA512
5db0e0987edb699e6e05740a982e3f2acfbb9d6202ddf9450eaf05626cc32fc232486d780ccda77d001fdbfdcd150d8ad5f89781de90905b7961ee52a8399019

Download Submit
C:\Windows\system\HoGSZgz.exe

Filesize
6.0MB

MD5
b0f6c8a392aa68de868d7aead46e6326

SHA1
e6384c10b5ffbd6079d7256821f90b743d89eb60

SHA256
cdee4992c23ac6f54edeab66007543cde70a96c08993aa2d0628eac8e3fda070

SHA512
7791ac5830fed2fe49d734fc0481e0b40ef1e095bb3d5f2816d7072cebd9982bd9c0d5ae31a9f308837f89c1e1189b4177ad9dc617769b5acb53e391525ceab0

Download Submit
C:\Windows\system\JiMeywm.exe

Filesize
6.0MB

MD5
b923dbfc13fc421e4f12dcfed222f94a

SHA1
2f08b46621707e4a7606efb8b28d070d11f3d30e

SHA256
256c18df70b26eca7191c787ec60c332d1523caa5cca95d9a0e862648396307f

SHA512
0e12aaefd476db4d5118b8297b322da23a0d3b4f67ffcc0e51b868aa7df06048288ee5f0c8682f2f5ffe3766e96be58a524a35092d81843ec6058442bad9d2ac

Download Submit
C:\Windows\system\OMZRoiy.exe

Filesize
6.0MB

MD5
94c670d6b83398423d97de949b25e7f0

SHA1
83684f0fc04c8cb3c43b2474a1de074dfec3d962

SHA256
6920846b182fdaf08e8c45a7483d2db582fd90ed9a32364968590be68259cebe

SHA512
2f7a1ab5b6bdbad06b5e2d7258494a3b563a556a582aace3973a8c7d12b0c0d3bbaf80df16c84bb73f459a9ce3a4cfbb306d7368407bb752c361414e69ab2b9e

Download Submit
C:\Windows\system\OthoQsR.exe

Filesize
6.0MB

MD5
5c49f358ced76bc1e2359ae335d37698

SHA1
3a4dcf5094fb49e5458866ff5459b9aaf2a08810

SHA256
c7a97a95259f4bc4678d8f305d4096ed2eabc812cc363e9bc865ac968459a2f3

SHA512
a2dd92b7bbce5b2bcf119f6e04c9bfe15a66e420829a00a33d7d22b7ddc8783588000bab2300445d802054b3aa6655e134d1dbb47762fc7af82f92376a648df7

Download Submit
C:\Windows\system\TZtvtgC.exe

Filesize
6.0MB

MD5
59bf26a77f856535fa4a523781e949d2

SHA1
134bc3b8b854c23e266187b69367d306a8be967d

SHA256
dc739a3a4791a3ac3a0f016f267a3bbc8a8db9a5b8fe2036ea897f0e2bb0920c

SHA512
7130dee7deb71dd4bbaef9be552755bf95674b10ff530c2b3fbfd41843268f58e6039a467801a6c970f5838fa80a8f6cf95317788879b8f05352a7c43cfe8bde

Download Submit
C:\Windows\system\TobeiEJ.exe

Filesize
6.0MB

MD5
83e7cd0985008202967ae96df8bc5cce

SHA1
3547841028ce893eb4be056180c108840abf62cc

SHA256
9c778eed790fc3646e85e5a42f616d0a1dc05a9d516060b08f4c56c9fee2314b

SHA512
c95031603e0190eeed35ea2395aec1ff3425976484ac6a7e8280779c7eeab6b1cfb8b2298044086ef809a3715e72562b22782785c7375994a239f8c99faa78af

Download Submit
C:\Windows\system\VEoWcgD.exe

Filesize
6.0MB

MD5
005f56e191b3b2a77a878d991f49937f

SHA1
84d6e3b0e4aa12ca872a98ffebf7e6df4279f905

SHA256
0fadfbf433ec4780066a3b796b0c148bd0da4f970124e513f0ee82e81cf29abe

SHA512
864f712b2bf7c703d31ad84f065be752836bbc4d930b63999410e35aad678992dbab82d900775400206af4293af3f044f7aa236bebfe27934befdbe66baeabaa

Download Submit
C:\Windows\system\XWVZGWY.exe

Filesize
6.0MB

MD5
4f0af2d5b3b56b6e5017bd0528e12852

SHA1
68310e67484dcd23666c6684b29fe9b1a8e0143c

SHA256
349a847a1eea49e7977e23d3686a3934859cb8f3cd41c1ce0186c87ad3730f63

SHA512
6ec6916beecc03a66eb1ddff9fb6ed23083a74c73bfc1857af375717ae4e5782155adf6ca436e47fb0d9d3b41c60484653100526eb3fe7e3c9f896174ae54808

Download Submit
C:\Windows\system\bikSxfV.exe

Filesize
6.0MB

MD5
7121079ab4e232656ded0996c753e70e

SHA1
8cdaa1dcdc8cc6d2fb4998c243a989f8d642738e

SHA256
a144f2669cf9efea227b9e5a71ff56ccb0189d9990e0eec0a0925f0118a8d0e6

SHA512
1aea3ee53a5b636eff643803fe14c50a7dd0ee7ebd7b9f89cf2417165f582820a9d888f5a27a1bd4441c6314543858584874d182495af28fbbadb22183f146f5

Download Submit
C:\Windows\system\cIQxKNp.exe

Filesize
6.0MB

MD5
e5413670bf63f5af36f4795771b13d2a

SHA1
e823752e67d60a529bc728bab4ae656f31fb028e

SHA256
e87b661a22bbca76206d6d0d8f3432376090215c904b32eef07aa918185d2c68

SHA512
dcc9d03dfc91f48a52803c8733117001142c6ceac381244f6805df61e5bf40232664d2992d4e61c73baba4b13632d097dd4f1d40171f7e7775059e8170df09ae

Download Submit
C:\Windows\system\ekWDFeh.exe

Filesize
6.0MB

MD5
ccb439f9e084505a5e3060f3aabc9c1f

SHA1
53be06575231fe8db4b130b722eef51125d0bdba

SHA256
0ad26d96f6363b999ae703430da97ea833ffb97e3e369edbb869f42421a17e00

SHA512
3a6539f0bf644814d703946eb0b42a1fb62b6fdb4b30d712f95207fbfa306e51168461dbfc8bd488ad1f53df62ea548cdd8034bc178263a1398257c21193ad99

Download Submit
C:\Windows\system\gCYsGsY.exe

Filesize
6.0MB

MD5
5dff8fe128df3035a7d2ed14a9f3bddb

SHA1
6c58e0dbc767a4d2ef28da675545a36bd9185bdd

SHA256
140a6a88ef9ad109af8bd8ee2db739255af83c77f34a3acfd011beb79cba7c81

SHA512
99058a196799e04c25eba6c93202931b0091893f763ee686ec19497aaf2394db0d9c021567bd9f93b14bc1adeb924c3e5cb1851479a3a374f364b52ee4935ee3

Download Submit
C:\Windows\system\gZUJLXh.exe

Filesize
6.0MB

MD5
dd868fec7b08c9dc0a2106192d8848cf

SHA1
2c99d296cb2438bdcecabb870ff97264a38276b9

SHA256
999a81f4f75b2305b4ceaab5da67e9b2b63185d3b241c80930322da8eb426e7a

SHA512
8294ffea840fc56c0d98e93779576830b4666a72f08b61bbc98266aa32428d0e125646149e334467639467baed20bf46afe430163b63565960deb0fd38e17d6f

Download Submit
C:\Windows\system\gpXRIEw.exe

Filesize
6.0MB

MD5
a8f80d2743c643ce8d2f0c557cfb359d

SHA1
f9b9310c64052dcab8d8c910c3955553be105555

SHA256
972c106fd7cedb4b5e4ae553a4c0bc00cfbd3f8a51444ec7c6ad33fa8b13e086

SHA512
14ad700582dc599069d72d84be853ca08fcfe23bfb6f79078df8e634440d883ba9f9bb866304f3a1478025fbb627672cf98e8f3d3f22e459bc81253c5de95ce2

Download Submit
C:\Windows\system\ixDsqQr.exe

Filesize
6.0MB

MD5
8fce9a46cfb48202972233a61480e315

SHA1
8d2cd176fc57f30bd56c5c8dc5986a22f5d1de30

SHA256
4fe4f248bcffc4b92b8cf5bc2de5fc7a14e88327d90eb5494ef81bae2f600b24

SHA512
df2e18bedafa77ddacbca22817e7796dc910e36dddbdf4dd4614912578a9eeee7a1c60c1b7b9b73e083c66518473d18e127a990b08b0162faf19270eb4967296

Download Submit
C:\Windows\system\qgQUfVy.exe

Filesize
6.0MB

MD5
169f085eabd1e6cd89401a5739afacd9

SHA1
4b91ca3d8e04bf2bb1cb9cd61d3022cf201ed9d2

SHA256
43ab2f2c735aac687d568cf652873bc8f9056f9926d2d539618c04462cb6a9e5

SHA512
8007471a50a1b0534a6944d6da22572590434fa22b840162e2dfad0d52e0206bf2569ce1a4831535c7c6628520c938d4cd5a65917386c0eb37d6f9011204e55d

Download Submit
C:\Windows\system\sRFutDT.exe

Filesize
6.0MB

MD5
4f4357686597b1f43c6f41ef4ec6e0e1

SHA1
3e814501b4d946333a75d121902910d6e67530aa

SHA256
656c703bf0aae385ff64cb5cd8efbacee76a594e21543726785d447201d51a8a

SHA512
e01a36ccd09d8747922457859106c2d45a4173cba3686b875e942469d058be3e9353b89686fc98e92c843ab8be18a8bbfa42887b150b03138d94babe38a0771a

Download Submit
C:\Windows\system\sWzpcLJ.exe

Filesize
6.0MB

MD5
79b76d8dabf91654e78967e973214f24

SHA1
bc101017541827873db4496cd466d27f9920cfc6

SHA256
5e48e25b950c63b554b90050a8ca54f3380b75578dba4dadc72e75d52203fe0b

SHA512
283fe0a78f7ad0496c509a42363f5c91d9fc52057fa82acd3aed0ee0e0a2ad59f0a0acd9eae8fa546ee30777bc0164bd45e9f28ce2365905c17db5d102e218c4

Download Submit
C:\Windows\system\tTeuMiK.exe

Filesize
6.0MB

MD5
6a143876bad639af27c1dd975d9bb4a5

SHA1
317f3ef38f3782d82ed4e29deef0f6e899a91a23

SHA256
11b0d3c374d9dca250ab2d8fa7cca3df55502afca541e22d8d22996699583a23

SHA512
7dca95212325be9512aba2b8b7630f8cbaf1910b56036a8d905fcf245847f72ed2a7218e01934b5820a72643668a3ce69f4a42b388a21dffca31a991986d1fc6

Download Submit
C:\Windows\system\tzeRLRm.exe

Filesize
6.0MB

MD5
cd7e9d899ca78e6da1ef9efdee00fb22

SHA1
5699e157c56766ccc12d1a982f01aaf7770e625b

SHA256
f2af1c7ea45988f0ae6d956dc9cc80277ddb8e1018a677bb0c8250e1a32e1246

SHA512
55b4f24fedcd9c62d4c1d71d86856f42f985cf5c66ec6bf96b29abd746752709eab27c2c721a19bf04e4f4683f685db220eb55a23a31c69a973fe096b6b5a73d

Download Submit
C:\Windows\system\wxeeADi.exe

Filesize
6.0MB

MD5
d2b158e0b96b0698ffb7b51240a1a616

SHA1
00bc2c15af2bc46185a955905c884f773f12d0dc

SHA256
b9f4166807961c02cb2c327b5a33ed186493189f25e3716ac788718335e7e10f

SHA512
6543e79088465bf65a0308baa57de86ff34b5563e6e94a55047199825582a4b07ca2abe13204419468d3f71f519db814900ee7f71fb77557f274691a38072e64

Download Submit
C:\Windows\system\xCSqiRa.exe

Filesize
6.0MB

MD5
7c2c405fb3664155a3b468116d543c5d

SHA1
db79411a46978ed5bf8f216b6370fb3e257c9bf4

SHA256
cfc18bfb8d4c1c8b8617e7239eb95905549f9760a97f24697cfaedd58e189ad0

SHA512
e73d40cbf4aa1dafce07ec15b532631f0edbfa775fb36cb6731e2a3e7a7af07e3444ca31421615f644a25ccbed8cd87dc35111143c0b9df23cd44ed8117cbd08

Download Submit
C:\Windows\system\zocyRjl.exe

Filesize
6.0MB

MD5
5fda2e459d328802a51b4b6dc2f53552

SHA1
e603f00d4508397333310ba4fe78a024ca232492

SHA256
9d2b51dbbf5076fc406dd78e5dec2521846772218152498cc5fdd294e8494016

SHA512
b1e8c4caeec4d1a2d9b54daed6573d77a21658bcca37507b6cde94ab92b3577f23fb26af1887c404d80bfe4096a7344981a23a284cc5a5717a57762b643e371e

Download Submit
\Windows\system\BVBZAwe.exe

Filesize
6.0MB

MD5
d16479f8fcf9913e04147de8ef2d16b2

SHA1
858dda269f669a3b212337b108030a0a5303943b

SHA256
0bfbf211435036a260a84e6ba410b5e650d103e41c6b62636167f989691fa1d8

SHA512
9bc4f7c5b8c23f25e8ab7c7a837d3c24697a6210e1ec82bae4a7a5ae793308d449209b56d5c98d1ca6fbe0c784a56b772fc86b447a471bde5f75398f3d18e2c3

Download Submit
\Windows\system\XfKmVcf.exe

Filesize
6.0MB

MD5
2378d6eb78d2744024fddc4d17a41981

SHA1
31c3d6ec51b70b43c7bb07404cddfa37995ed477

SHA256
2d14938098edc513364a7ba7044ae68f3e0ff5308dcba831cc33127b871e3e2b

SHA512
49bba64355a2abf9e5d9bc094f208f562a54f2dceb04a4ad2c792d8594c72284c07bab27a42cc84d3740d08ea5f09186180d3773ce7100f02bc2eac09eddc29a

Download Submit
\Windows\system\crqVNqg.exe

Filesize
6.0MB

MD5
5479ca123689bc4ebd6ade4f989cd863

SHA1
83f669c2c351a2e27338a7aaf5ffb8b0bab032d4

SHA256
58c00d46e2f40f7cf811822346ba14892b0aa9ad10c7cee2d1b791cb15b48bc5

SHA512
e985bc5aff412527b6d8c00b87721056f87a00e053709b2ba0188a2fa9ba4b0587918802eb54625557d5715c3965eb328ef5689bba6ea2eb54bf9e241c8e3d0c

Download Submit
\Windows\system\qeCGWLg.exe

Filesize
6.0MB

MD5
ee6fe53e7146359ed4780a823b6943b3

SHA1
d509a5a9f1baf512c8c31f60eb23e389e7a3273e

SHA256
7924799e57b525ce40620374c28525f500f2250bbf4c3035fccccacc99de7666

SHA512
4ce9d38f61b5a4d226c270d80de33833b51bce0998a458b8d6b45b25a33e51b29d3fb2d288dead4ee6ec28e2e96631c342d3a0c6e3752e46c2c03ff1312825d4

Download Submit
\Windows\system\raSznwm.exe

Filesize
6.0MB

MD5
8a195e9a3c6347cbb34ebecdcd3fe3de

SHA1
3fbd34b7ae84891478e65bdcca2803dd60745c83

SHA256
99e801af02b8bbe9579656277c839a7070e15e55fe1b1c3e5f93cb1fa49ef02c

SHA512
8c1933b9891c9a97502e0de803aa1fc7eda5bf88ae7290de34cb528c824e3f8362ead7a1500d20f2b0705de8772835347d4074be8a70a996c8d84d3f61662cb1

Download Submit
memory/484-3612-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/484-21-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1132-831-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1132-3917-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1132-96-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1268-1044-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-3918-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-23-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3616-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-53-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-107-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1968-100-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1968-31-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1968-41-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-20-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1155-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1968-71-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1968-940-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-16-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-726-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1968-560-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1968-87-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-92-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1968-19-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-65-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-106-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1968-51-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1968-56-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-39-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/1968-46-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-44-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3618-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2060-10-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3617-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-62-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-27-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3888-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2560-241-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2560-74-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2632-81-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3897-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2632-452-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2712-70-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2712-35-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3732-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2764-64-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-95-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3867-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-5044-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-68-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-78-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3781-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-42-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3912-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-88-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-661-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3864-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-63-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download