cobaltstrike | ff2031e6c3ccb11c74d79dc84cdcde5d044c7ab3e966c4d98fbb045d7c46a52b

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d692921b30640c9044ba3b2cb29f386c
SHA1

ecede0442d3178da60d1d18268a49185856d0f82
SHA256

ff2031e6c3ccb11c74d79dc84cdcde5d044c7ab3e966c4d98fbb045d7c46a52b
SHA512

376f2740865b0280dcdb00210a529e523d6b68ddea8b8797a0f218f01cc9bb2cb4be90040ca94b82cf8fccc28ce946c1069cbd4c7b83303ac8ac6361d1548b3b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUi:T+q56utgpPF8u/7i

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000b0000000122cf-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193e8-9.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001933b-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194c4-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194cd-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019524-56.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194d2-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-198.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-73.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2388-0-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122cf-3.dat	xmrig
behavioral1/memory/2520-8-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x00070000000193e8-9.dat	xmrig
behavioral1/files/0x000600000001949e-11.dat	xmrig
behavioral1/memory/2052-13-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x000800000001933b-19.dat	xmrig
behavioral1/memory/2152-35-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x00060000000194c4-33.dat	xmrig
behavioral1/memory/2852-32-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2388-28-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2748-27-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2388-37-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x00060000000194cd-40.dat	xmrig
behavioral1/memory/2884-44-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2520-42-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2052-53-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019524-56.dat	xmrig
behavioral1/memory/3000-51-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2772-60-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x00080000000194d2-49.dat	xmrig
behavioral1/memory/340-74-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2620-66-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-84.dat	xmrig
behavioral1/memory/2308-82-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-100.dat	xmrig
behavioral1/memory/3016-106-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b1-146.dat	xmrig
behavioral1/files/0x000500000001a4b9-169.dat	xmrig
behavioral1/files/0x000500000001a4bf-183.dat	xmrig
behavioral1/files/0x000500000001a4c3-194.dat	xmrig
behavioral1/memory/3016-824-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1796-669-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1100-505-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2308-375-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/340-236-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c5-198.dat	xmrig
behavioral1/files/0x000500000001a4c1-189.dat	xmrig
behavioral1/files/0x000500000001a4bb-173.dat	xmrig
behavioral1/files/0x000500000001a4bd-179.dat	xmrig
behavioral1/files/0x000500000001a4b7-163.dat	xmrig
behavioral1/files/0x000500000001a4b5-159.dat	xmrig
behavioral1/files/0x000500000001a4b3-153.dat	xmrig
behavioral1/files/0x000500000001a4af-143.dat	xmrig
behavioral1/files/0x000500000001a4a9-138.dat	xmrig
behavioral1/files/0x000500000001a49a-133.dat	xmrig
behavioral1/files/0x000500000001a499-129.dat	xmrig
behavioral1/files/0x000500000001a48d-123.dat	xmrig
behavioral1/files/0x000500000001a48b-118.dat	xmrig
behavioral1/files/0x000500000001a46f-113.dat	xmrig
behavioral1/memory/2388-110-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1796-97-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2620-105-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x000500000001a427-96.dat	xmrig
behavioral1/memory/1100-89-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2884-81-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-80.dat	xmrig
behavioral1/memory/3000-88-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2852-65-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a359-64.dat	xmrig
behavioral1/files/0x000500000001a41b-73.dat	xmrig
behavioral1/memory/2152-70-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2520-2790-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2052-2852-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

UwAUDTS.exeQoghMKf.exeLBMCEOY.exeIkkyTte.exeEIhnvHq.exexakEZoN.exevDFTSuQ.exelTtQmFk.exeGJHMTwK.exeCcIkuUK.exekQIlxrY.exeOiVZeZB.exeGMmUwkp.exeXpvFtsh.exeqtSsDaK.exeVQSlZSV.exeMUizaJX.exeAmLjGCy.exenezsxup.exePFhVxLa.exetloCwCd.exeOHqnWZm.exeRyaqTbo.exeLlStvMp.exeBAKSngR.exeBMQMitT.exeKJSgqDp.exeWHJjNGL.exeQqAOJhL.exeiNrcbNh.exepcMUHpp.exeZpGZeVp.exeaHGlKBb.exeKpwvYbl.exegdcEaqI.exerZjePwI.exeSbTVQyT.exeXnqwjrF.exeSbnNnFK.exeVIwLPkB.exeeItpMmz.exeCiXwvkx.exeJIITsKO.exevXIzCcL.exeqGaqrlx.exekocksNQ.exepkKtuTu.exeWTnlMwB.exeBJcpGRn.exeHZSVYZm.exeiZumzRY.exePpBWuEl.exebKhJqUi.exeYakAQeB.exePiMwouF.exeJMYHihs.exefiCZYtn.exeXQVEMrq.exeCjTldUj.exepiyjNjY.exeeSHzHop.exeqPEuPSw.exeMQjHsnL.exeKLhuOfm.exe

pid	Process
2520	UwAUDTS.exe
2052	QoghMKf.exe
2748	LBMCEOY.exe
2852	IkkyTte.exe
2152	EIhnvHq.exe
2884	xakEZoN.exe
3000	vDFTSuQ.exe
2772	lTtQmFk.exe
2620	GJHMTwK.exe
340	CcIkuUK.exe
2308	kQIlxrY.exe
1100	OiVZeZB.exe
1796	GMmUwkp.exe
3016	XpvFtsh.exe
2940	qtSsDaK.exe
2908	VQSlZSV.exe
2592	MUizaJX.exe
1060	AmLjGCy.exe
464	nezsxup.exe
2988	PFhVxLa.exe
1156	tloCwCd.exe
3052	OHqnWZm.exe
2000	RyaqTbo.exe
2700	LlStvMp.exe
2164	BAKSngR.exe
2128	BMQMitT.exe
2416	KJSgqDp.exe
480	WHJjNGL.exe
1976	QqAOJhL.exe
1332	iNrcbNh.exe
1720	pcMUHpp.exe
836	ZpGZeVp.exe
1680	aHGlKBb.exe
2124	KpwvYbl.exe
856	gdcEaqI.exe
1628	rZjePwI.exe
1944	SbTVQyT.exe
1652	XnqwjrF.exe
2180	SbnNnFK.exe
1444	VIwLPkB.exe
2364	eItpMmz.exe
2340	CiXwvkx.exe
2268	JIITsKO.exe
2332	vXIzCcL.exe
1660	qGaqrlx.exe
2344	kocksNQ.exe
1640	pkKtuTu.exe
1756	WTnlMwB.exe
2468	BJcpGRn.exe
780	HZSVYZm.exe
2036	iZumzRY.exe
1700	PpBWuEl.exe
1440	bKhJqUi.exe
2436	YakAQeB.exe
2764	PiMwouF.exe
2880	JMYHihs.exe
2188	fiCZYtn.exe
2640	XQVEMrq.exe
2632	CjTldUj.exe
2252	piyjNjY.exe
2324	eSHzHop.exe
816	qPEuPSw.exe
2820	MQjHsnL.exe
2928	KLhuOfm.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2388-0-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000b0000000122cf-3.dat	upx
behavioral1/memory/2520-8-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x00070000000193e8-9.dat	upx
behavioral1/files/0x000600000001949e-11.dat	upx
behavioral1/memory/2052-13-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x000800000001933b-19.dat	upx
behavioral1/memory/2152-35-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x00060000000194c4-33.dat	upx
behavioral1/memory/2852-32-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2748-27-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2388-37-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x00060000000194cd-40.dat	upx
behavioral1/memory/2884-44-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2520-42-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2052-53-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0006000000019524-56.dat	upx
behavioral1/memory/3000-51-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2772-60-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x00080000000194d2-49.dat	upx
behavioral1/memory/340-74-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2620-66-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-84.dat	upx
behavioral1/memory/2308-82-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x000500000001a42d-100.dat	upx
behavioral1/memory/3016-106-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b1-146.dat	upx
behavioral1/files/0x000500000001a4b9-169.dat	upx
behavioral1/files/0x000500000001a4bf-183.dat	upx
behavioral1/files/0x000500000001a4c3-194.dat	upx
behavioral1/memory/3016-824-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1796-669-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1100-505-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2308-375-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/340-236-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x000500000001a4c5-198.dat	upx
behavioral1/files/0x000500000001a4c1-189.dat	upx
behavioral1/files/0x000500000001a4bb-173.dat	upx
behavioral1/files/0x000500000001a4bd-179.dat	upx
behavioral1/files/0x000500000001a4b7-163.dat	upx
behavioral1/files/0x000500000001a4b5-159.dat	upx
behavioral1/files/0x000500000001a4b3-153.dat	upx
behavioral1/files/0x000500000001a4af-143.dat	upx
behavioral1/files/0x000500000001a4a9-138.dat	upx
behavioral1/files/0x000500000001a49a-133.dat	upx
behavioral1/files/0x000500000001a499-129.dat	upx
behavioral1/files/0x000500000001a48d-123.dat	upx
behavioral1/files/0x000500000001a48b-118.dat	upx
behavioral1/files/0x000500000001a46f-113.dat	upx
behavioral1/memory/1796-97-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2620-105-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x000500000001a427-96.dat	upx
behavioral1/memory/1100-89-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2884-81-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-80.dat	upx
behavioral1/memory/3000-88-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2852-65-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x000500000001a359-64.dat	upx
behavioral1/files/0x000500000001a41b-73.dat	upx
behavioral1/memory/2152-70-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2520-2790-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2052-2852-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2852-2855-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2748-2860-0x000000013F600000-0x000000013F954000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\WiuXmlS.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxgOgxS.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkiiqPk.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXmoxjH.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVcLTNS.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOhyzih.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMSeWab.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbIDjVj.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YupLLec.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdBJiFd.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXszWYP.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYqPlBT.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQQMqoG.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGwwVvF.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdjiqWY.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgNCROT.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuDiSpM.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coauKyr.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJhVjyv.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krLDDCd.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQkGgku.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqzdJEC.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COejcwc.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilOTjdM.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdhcMIA.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOCSPIX.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeeNjke.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJzwXRS.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTnMBKy.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InEhlbD.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkssbpG.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSvospz.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmRGDMl.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZJLCcu.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDJkVik.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIBnXAc.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCampgm.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xovgIFf.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTpxwze.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iprSeoR.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMHYNgU.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUbfLpG.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsVWLfe.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWkeYEd.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQlGuKi.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdiODTw.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAizaeo.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrumwOY.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKofvAX.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcGdNsc.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYrSqfT.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOcULCC.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTebmHe.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVdBRrA.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaNbzUc.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaBqJUj.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDduqQk.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhTpVJR.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfHLZOb.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyhpZcU.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXQaeKg.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKzrCFw.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZlosTh.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtxSaTQ.exe	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2388 wrote to memory of 2520	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 2520	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 2520	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 2052	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 2052	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 2052	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 2748	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 2748	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 2748	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 2852	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 2852	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 2852	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 2152	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2152	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2152	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2884	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 2884	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 2884	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 3000	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 3000	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 3000	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 2772	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2772	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2772	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2620	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 2620	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 2620	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 340	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 340	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 340	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 2308	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 2308	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 2308	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 1100	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 1100	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 1100	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 1796	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 1796	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 1796	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 3016	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 3016	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 3016	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 2940	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2940	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2940	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2908	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2908	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2908	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2592	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 2592	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 2592	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 1060	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 1060	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 1060	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 464	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 464	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 464	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 2988	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 2988	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 2988	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 1156	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2388 wrote to memory of 1156	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2388 wrote to memory of 1156	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2388 wrote to memory of 3052	2388	2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_d692921b30640c9044ba3b2cb29f386c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\System\UwAUDTS.exe
  C:\Windows\System\UwAUDTS.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\QoghMKf.exe
  C:\Windows\System\QoghMKf.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\LBMCEOY.exe
  C:\Windows\System\LBMCEOY.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\IkkyTte.exe
  C:\Windows\System\IkkyTte.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\EIhnvHq.exe
  C:\Windows\System\EIhnvHq.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\xakEZoN.exe
  C:\Windows\System\xakEZoN.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\vDFTSuQ.exe
  C:\Windows\System\vDFTSuQ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\lTtQmFk.exe
  C:\Windows\System\lTtQmFk.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\GJHMTwK.exe
  C:\Windows\System\GJHMTwK.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\CcIkuUK.exe
  C:\Windows\System\CcIkuUK.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\kQIlxrY.exe
  C:\Windows\System\kQIlxrY.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\OiVZeZB.exe
  C:\Windows\System\OiVZeZB.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\GMmUwkp.exe
  C:\Windows\System\GMmUwkp.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\XpvFtsh.exe
  C:\Windows\System\XpvFtsh.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\qtSsDaK.exe
  C:\Windows\System\qtSsDaK.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\VQSlZSV.exe
  C:\Windows\System\VQSlZSV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MUizaJX.exe
  C:\Windows\System\MUizaJX.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\AmLjGCy.exe
  C:\Windows\System\AmLjGCy.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\nezsxup.exe
  C:\Windows\System\nezsxup.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\PFhVxLa.exe
  C:\Windows\System\PFhVxLa.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\tloCwCd.exe
  C:\Windows\System\tloCwCd.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\OHqnWZm.exe
  C:\Windows\System\OHqnWZm.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\RyaqTbo.exe
  C:\Windows\System\RyaqTbo.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\LlStvMp.exe
  C:\Windows\System\LlStvMp.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\BAKSngR.exe
  C:\Windows\System\BAKSngR.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\BMQMitT.exe
  C:\Windows\System\BMQMitT.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\KJSgqDp.exe
  C:\Windows\System\KJSgqDp.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\WHJjNGL.exe
  C:\Windows\System\WHJjNGL.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\QqAOJhL.exe
  C:\Windows\System\QqAOJhL.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\iNrcbNh.exe
  C:\Windows\System\iNrcbNh.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\pcMUHpp.exe
  C:\Windows\System\pcMUHpp.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\ZpGZeVp.exe
  C:\Windows\System\ZpGZeVp.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\aHGlKBb.exe
  C:\Windows\System\aHGlKBb.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\KpwvYbl.exe
  C:\Windows\System\KpwvYbl.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\gdcEaqI.exe
  C:\Windows\System\gdcEaqI.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\rZjePwI.exe
  C:\Windows\System\rZjePwI.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\SbTVQyT.exe
  C:\Windows\System\SbTVQyT.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\XnqwjrF.exe
  C:\Windows\System\XnqwjrF.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\SbnNnFK.exe
  C:\Windows\System\SbnNnFK.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\VIwLPkB.exe
  C:\Windows\System\VIwLPkB.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\eItpMmz.exe
  C:\Windows\System\eItpMmz.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\CiXwvkx.exe
  C:\Windows\System\CiXwvkx.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\JIITsKO.exe
  C:\Windows\System\JIITsKO.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\vXIzCcL.exe
  C:\Windows\System\vXIzCcL.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\qGaqrlx.exe
  C:\Windows\System\qGaqrlx.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\kocksNQ.exe
  C:\Windows\System\kocksNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\pkKtuTu.exe
  C:\Windows\System\pkKtuTu.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\WTnlMwB.exe
  C:\Windows\System\WTnlMwB.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\BJcpGRn.exe
  C:\Windows\System\BJcpGRn.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\HZSVYZm.exe
  C:\Windows\System\HZSVYZm.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\iZumzRY.exe
  C:\Windows\System\iZumzRY.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\PpBWuEl.exe
  C:\Windows\System\PpBWuEl.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\bKhJqUi.exe
  C:\Windows\System\bKhJqUi.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\YakAQeB.exe
  C:\Windows\System\YakAQeB.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\PiMwouF.exe
  C:\Windows\System\PiMwouF.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\JMYHihs.exe
  C:\Windows\System\JMYHihs.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\fiCZYtn.exe
  C:\Windows\System\fiCZYtn.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\XQVEMrq.exe
  C:\Windows\System\XQVEMrq.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\CjTldUj.exe
  C:\Windows\System\CjTldUj.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\piyjNjY.exe
  C:\Windows\System\piyjNjY.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\eSHzHop.exe
  C:\Windows\System\eSHzHop.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\qPEuPSw.exe
  C:\Windows\System\qPEuPSw.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\MQjHsnL.exe
  C:\Windows\System\MQjHsnL.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\KLhuOfm.exe
  C:\Windows\System\KLhuOfm.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\YKwVJcT.exe
  C:\Windows\System\YKwVJcT.exe
  2⤵
  PID:2348
- C:\Windows\System\jYblNxw.exe
  C:\Windows\System\jYblNxw.exe
  2⤵
  PID:1808
- C:\Windows\System\UMiiWgG.exe
  C:\Windows\System\UMiiWgG.exe
  2⤵
  PID:2504
- C:\Windows\System\aXnkKQa.exe
  C:\Windows\System\aXnkKQa.exe
  2⤵
  PID:1412
- C:\Windows\System\ScLlFlz.exe
  C:\Windows\System\ScLlFlz.exe
  2⤵
  PID:3012
- C:\Windows\System\Okgwkzg.exe
  C:\Windows\System\Okgwkzg.exe
  2⤵
  PID:2376
- C:\Windows\System\rWVakbS.exe
  C:\Windows\System\rWVakbS.exe
  2⤵
  PID:956
- C:\Windows\System\GsIEfXG.exe
  C:\Windows\System\GsIEfXG.exe
  2⤵
  PID:2984
- C:\Windows\System\cwQHsuz.exe
  C:\Windows\System\cwQHsuz.exe
  2⤵
  PID:908
- C:\Windows\System\VlOefRr.exe
  C:\Windows\System\VlOefRr.exe
  2⤵
  PID:952
- C:\Windows\System\MjOYikU.exe
  C:\Windows\System\MjOYikU.exe
  2⤵
  PID:2320
- C:\Windows\System\ikHTgnw.exe
  C:\Windows\System\ikHTgnw.exe
  2⤵
  PID:2300
- C:\Windows\System\yaqswDT.exe
  C:\Windows\System\yaqswDT.exe
  2⤵
  PID:832
- C:\Windows\System\lwnfGLX.exe
  C:\Windows\System\lwnfGLX.exe
  2⤵
  PID:652
- C:\Windows\System\OoQkyKe.exe
  C:\Windows\System\OoQkyKe.exe
  2⤵
  PID:2576
- C:\Windows\System\PmztEJX.exe
  C:\Windows\System\PmztEJX.exe
  2⤵
  PID:2532
- C:\Windows\System\dncwXAk.exe
  C:\Windows\System\dncwXAk.exe
  2⤵
  PID:1520
- C:\Windows\System\CHmIIzy.exe
  C:\Windows\System\CHmIIzy.exe
  2⤵
  PID:552
- C:\Windows\System\CBHKzcb.exe
  C:\Windows\System\CBHKzcb.exe
  2⤵
  PID:2476
- C:\Windows\System\AfXBdAM.exe
  C:\Windows\System\AfXBdAM.exe
  2⤵
  PID:1068
- C:\Windows\System\lZdYDAO.exe
  C:\Windows\System\lZdYDAO.exe
  2⤵
  PID:1928
- C:\Windows\System\QTorTxl.exe
  C:\Windows\System\QTorTxl.exe
  2⤵
  PID:2296
- C:\Windows\System\zTrfRPC.exe
  C:\Windows\System\zTrfRPC.exe
  2⤵
  PID:1704
- C:\Windows\System\IUNJWoF.exe
  C:\Windows\System\IUNJWoF.exe
  2⤵
  PID:2360
- C:\Windows\System\JGZjNNX.exe
  C:\Windows\System\JGZjNNX.exe
  2⤵
  PID:2120
- C:\Windows\System\IoEPixG.exe
  C:\Windows\System\IoEPixG.exe
  2⤵
  PID:2868
- C:\Windows\System\aOkUfXY.exe
  C:\Windows\System\aOkUfXY.exe
  2⤵
  PID:2612
- C:\Windows\System\cuiGvSI.exe
  C:\Windows\System\cuiGvSI.exe
  2⤵
  PID:2752
- C:\Windows\System\cdDSEnT.exe
  C:\Windows\System\cdDSEnT.exe
  2⤵
  PID:2936
- C:\Windows\System\aNFTYnA.exe
  C:\Windows\System\aNFTYnA.exe
  2⤵
  PID:608
- C:\Windows\System\aHbtaGw.exe
  C:\Windows\System\aHbtaGw.exe
  2⤵
  PID:2900
- C:\Windows\System\tMWxfRw.exe
  C:\Windows\System\tMWxfRw.exe
  2⤵
  PID:1184
- C:\Windows\System\CevsNDx.exe
  C:\Windows\System\CevsNDx.exe
  2⤵
  PID:2028
- C:\Windows\System\KyVvHkV.exe
  C:\Windows\System\KyVvHkV.exe
  2⤵
  PID:1984
- C:\Windows\System\nNwDyCY.exe
  C:\Windows\System\nNwDyCY.exe
  2⤵
  PID:1696
- C:\Windows\System\ZsmCnwq.exe
  C:\Windows\System\ZsmCnwq.exe
  2⤵
  PID:1136
- C:\Windows\System\wZgpSng.exe
  C:\Windows\System\wZgpSng.exe
  2⤵
  PID:812
- C:\Windows\System\UtvHWKq.exe
  C:\Windows\System\UtvHWKq.exe
  2⤵
  PID:1644
- C:\Windows\System\QUtdjhc.exe
  C:\Windows\System\QUtdjhc.exe
  2⤵
  PID:2572
- C:\Windows\System\AXlCqYO.exe
  C:\Windows\System\AXlCqYO.exe
  2⤵
  PID:1532
- C:\Windows\System\XeYhAQT.exe
  C:\Windows\System\XeYhAQT.exe
  2⤵
  PID:976
- C:\Windows\System\EyFENNm.exe
  C:\Windows\System\EyFENNm.exe
  2⤵
  PID:2548
- C:\Windows\System\AFFLhLm.exe
  C:\Windows\System\AFFLhLm.exe
  2⤵
  PID:2484
- C:\Windows\System\tPlOLhm.exe
  C:\Windows\System\tPlOLhm.exe
  2⤵
  PID:1948
- C:\Windows\System\wFkGPLh.exe
  C:\Windows\System\wFkGPLh.exe
  2⤵
  PID:1980
- C:\Windows\System\IMKOoeO.exe
  C:\Windows\System\IMKOoeO.exe
  2⤵
  PID:1904
- C:\Windows\System\tuRYmwL.exe
  C:\Windows\System\tuRYmwL.exe
  2⤵
  PID:576
- C:\Windows\System\Lwjybvv.exe
  C:\Windows\System\Lwjybvv.exe
  2⤵
  PID:2220
- C:\Windows\System\mQGYIBx.exe
  C:\Windows\System\mQGYIBx.exe
  2⤵
  PID:3028
- C:\Windows\System\vEKxUwl.exe
  C:\Windows\System\vEKxUwl.exe
  2⤵
  PID:2968
- C:\Windows\System\OMMgiRR.exe
  C:\Windows\System\OMMgiRR.exe
  2⤵
  PID:3068
- C:\Windows\System\EjAtvjY.exe
  C:\Windows\System\EjAtvjY.exe
  2⤵
  PID:852
- C:\Windows\System\rFUEBet.exe
  C:\Windows\System\rFUEBet.exe
  2⤵
  PID:2184
- C:\Windows\System\SZufjvK.exe
  C:\Windows\System\SZufjvK.exe
  2⤵
  PID:2136
- C:\Windows\System\PpEFBpv.exe
  C:\Windows\System\PpEFBpv.exe
  2⤵
  PID:1816
- C:\Windows\System\LclXvrS.exe
  C:\Windows\System\LclXvrS.exe
  2⤵
  PID:1084
- C:\Windows\System\qBLOsBM.exe
  C:\Windows\System\qBLOsBM.exe
  2⤵
  PID:1908
- C:\Windows\System\abkZYfL.exe
  C:\Windows\System\abkZYfL.exe
  2⤵
  PID:2196
- C:\Windows\System\iiNvOoj.exe
  C:\Windows\System\iiNvOoj.exe
  2⤵
  PID:2732
- C:\Windows\System\lDimqSP.exe
  C:\Windows\System\lDimqSP.exe
  2⤵
  PID:2952
- C:\Windows\System\DyonkAs.exe
  C:\Windows\System\DyonkAs.exe
  2⤵
  PID:3008
- C:\Windows\System\dGNyvrK.exe
  C:\Windows\System\dGNyvrK.exe
  2⤵
  PID:1528
- C:\Windows\System\tebqUmY.exe
  C:\Windows\System\tebqUmY.exe
  2⤵
  PID:2200
- C:\Windows\System\uVsXLbq.exe
  C:\Windows\System\uVsXLbq.exe
  2⤵
  PID:612
- C:\Windows\System\AJqSYPL.exe
  C:\Windows\System\AJqSYPL.exe
  2⤵
  PID:3092
- C:\Windows\System\UqVRSUj.exe
  C:\Windows\System\UqVRSUj.exe
  2⤵
  PID:3112
- C:\Windows\System\LZcgHmc.exe
  C:\Windows\System\LZcgHmc.exe
  2⤵
  PID:3132
- C:\Windows\System\wRyvmMR.exe
  C:\Windows\System\wRyvmMR.exe
  2⤵
  PID:3152
- C:\Windows\System\LJXqHaI.exe
  C:\Windows\System\LJXqHaI.exe
  2⤵
  PID:3172
- C:\Windows\System\fapFkrn.exe
  C:\Windows\System\fapFkrn.exe
  2⤵
  PID:3188
- C:\Windows\System\zhGeYCr.exe
  C:\Windows\System\zhGeYCr.exe
  2⤵
  PID:3216
- C:\Windows\System\qnzGgwx.exe
  C:\Windows\System\qnzGgwx.exe
  2⤵
  PID:3236
- C:\Windows\System\qMaIrir.exe
  C:\Windows\System\qMaIrir.exe
  2⤵
  PID:3256
- C:\Windows\System\OEsihyo.exe
  C:\Windows\System\OEsihyo.exe
  2⤵
  PID:3276
- C:\Windows\System\OrWsYlB.exe
  C:\Windows\System\OrWsYlB.exe
  2⤵
  PID:3300
- C:\Windows\System\qFHarmG.exe
  C:\Windows\System\qFHarmG.exe
  2⤵
  PID:3320
- C:\Windows\System\AVUHeXp.exe
  C:\Windows\System\AVUHeXp.exe
  2⤵
  PID:3340
- C:\Windows\System\oaXqRzQ.exe
  C:\Windows\System\oaXqRzQ.exe
  2⤵
  PID:3360
- C:\Windows\System\HFIBHMI.exe
  C:\Windows\System\HFIBHMI.exe
  2⤵
  PID:3380
- C:\Windows\System\HCSUwQS.exe
  C:\Windows\System\HCSUwQS.exe
  2⤵
  PID:3396
- C:\Windows\System\Garueor.exe
  C:\Windows\System\Garueor.exe
  2⤵
  PID:3416
- C:\Windows\System\fDrMXUP.exe
  C:\Windows\System\fDrMXUP.exe
  2⤵
  PID:3440
- C:\Windows\System\LCerEhe.exe
  C:\Windows\System\LCerEhe.exe
  2⤵
  PID:3460
- C:\Windows\System\qEWtLQl.exe
  C:\Windows\System\qEWtLQl.exe
  2⤵
  PID:3480
- C:\Windows\System\AfocWmF.exe
  C:\Windows\System\AfocWmF.exe
  2⤵
  PID:3500
- C:\Windows\System\yGHALLs.exe
  C:\Windows\System\yGHALLs.exe
  2⤵
  PID:3520
- C:\Windows\System\tMHYNgU.exe
  C:\Windows\System\tMHYNgU.exe
  2⤵
  PID:3540
- C:\Windows\System\XQXouLO.exe
  C:\Windows\System\XQXouLO.exe
  2⤵
  PID:3556
- C:\Windows\System\BIZcVof.exe
  C:\Windows\System\BIZcVof.exe
  2⤵
  PID:3576
- C:\Windows\System\hhqaXlv.exe
  C:\Windows\System\hhqaXlv.exe
  2⤵
  PID:3600
- C:\Windows\System\xclmDDM.exe
  C:\Windows\System\xclmDDM.exe
  2⤵
  PID:3620
- C:\Windows\System\yJbizLD.exe
  C:\Windows\System\yJbizLD.exe
  2⤵
  PID:3640
- C:\Windows\System\WqapTcs.exe
  C:\Windows\System\WqapTcs.exe
  2⤵
  PID:3660
- C:\Windows\System\bFsrAKW.exe
  C:\Windows\System\bFsrAKW.exe
  2⤵
  PID:3680
- C:\Windows\System\Emkuvyq.exe
  C:\Windows\System\Emkuvyq.exe
  2⤵
  PID:3700
- C:\Windows\System\VcoPjdR.exe
  C:\Windows\System\VcoPjdR.exe
  2⤵
  PID:3720
- C:\Windows\System\CMxIOjr.exe
  C:\Windows\System\CMxIOjr.exe
  2⤵
  PID:3744
- C:\Windows\System\EVwSuxy.exe
  C:\Windows\System\EVwSuxy.exe
  2⤵
  PID:3764
- C:\Windows\System\nrrUyai.exe
  C:\Windows\System\nrrUyai.exe
  2⤵
  PID:3784
- C:\Windows\System\XWLCoUH.exe
  C:\Windows\System\XWLCoUH.exe
  2⤵
  PID:3804
- C:\Windows\System\vVcDQce.exe
  C:\Windows\System\vVcDQce.exe
  2⤵
  PID:3824
- C:\Windows\System\mLJqwcS.exe
  C:\Windows\System\mLJqwcS.exe
  2⤵
  PID:3844
- C:\Windows\System\KplWvKo.exe
  C:\Windows\System\KplWvKo.exe
  2⤵
  PID:3864
- C:\Windows\System\cWZkpvv.exe
  C:\Windows\System\cWZkpvv.exe
  2⤵
  PID:3884
- C:\Windows\System\HXtKevm.exe
  C:\Windows\System\HXtKevm.exe
  2⤵
  PID:3904
- C:\Windows\System\TEfiDVQ.exe
  C:\Windows\System\TEfiDVQ.exe
  2⤵
  PID:3928
- C:\Windows\System\qYxVrcE.exe
  C:\Windows\System\qYxVrcE.exe
  2⤵
  PID:3948
- C:\Windows\System\LeDFtOE.exe
  C:\Windows\System\LeDFtOE.exe
  2⤵
  PID:3968
- C:\Windows\System\fNITygL.exe
  C:\Windows\System\fNITygL.exe
  2⤵
  PID:3988
- C:\Windows\System\coauKyr.exe
  C:\Windows\System\coauKyr.exe
  2⤵
  PID:4008
- C:\Windows\System\yfxbRTf.exe
  C:\Windows\System\yfxbRTf.exe
  2⤵
  PID:4028
- C:\Windows\System\DqeOvGj.exe
  C:\Windows\System\DqeOvGj.exe
  2⤵
  PID:4048
- C:\Windows\System\UjiMxGK.exe
  C:\Windows\System\UjiMxGK.exe
  2⤵
  PID:4068
- C:\Windows\System\kkZBdLw.exe
  C:\Windows\System\kkZBdLw.exe
  2⤵
  PID:4088
- C:\Windows\System\YGtcKtb.exe
  C:\Windows\System\YGtcKtb.exe
  2⤵
  PID:1752
- C:\Windows\System\lgjzqfr.exe
  C:\Windows\System\lgjzqfr.exe
  2⤵
  PID:2600
- C:\Windows\System\VOfyQwg.exe
  C:\Windows\System\VOfyQwg.exe
  2⤵
  PID:3056
- C:\Windows\System\IsuboJW.exe
  C:\Windows\System\IsuboJW.exe
  2⤵
  PID:2848
- C:\Windows\System\bPmLxkg.exe
  C:\Windows\System\bPmLxkg.exe
  2⤵
  PID:3076
- C:\Windows\System\LhZhxUW.exe
  C:\Windows\System\LhZhxUW.exe
  2⤵
  PID:2192
- C:\Windows\System\gFOEnOQ.exe
  C:\Windows\System\gFOEnOQ.exe
  2⤵
  PID:3120
- C:\Windows\System\KnKVtGo.exe
  C:\Windows\System\KnKVtGo.exe
  2⤵
  PID:3160
- C:\Windows\System\wkiSDkI.exe
  C:\Windows\System\wkiSDkI.exe
  2⤵
  PID:3144
- C:\Windows\System\BwqWZai.exe
  C:\Windows\System\BwqWZai.exe
  2⤵
  PID:3180
- C:\Windows\System\acgVFnY.exe
  C:\Windows\System\acgVFnY.exe
  2⤵
  PID:3252
- C:\Windows\System\nwTaSAg.exe
  C:\Windows\System\nwTaSAg.exe
  2⤵
  PID:3288
- C:\Windows\System\uBkVuKP.exe
  C:\Windows\System\uBkVuKP.exe
  2⤵
  PID:3336
- C:\Windows\System\gYizQuD.exe
  C:\Windows\System\gYizQuD.exe
  2⤵
  PID:3348
- C:\Windows\System\wTRpnfW.exe
  C:\Windows\System\wTRpnfW.exe
  2⤵
  PID:3352
- C:\Windows\System\nxenrnO.exe
  C:\Windows\System\nxenrnO.exe
  2⤵
  PID:3428
- C:\Windows\System\xUctRrQ.exe
  C:\Windows\System\xUctRrQ.exe
  2⤵
  PID:3456
- C:\Windows\System\PrvqRaE.exe
  C:\Windows\System\PrvqRaE.exe
  2⤵
  PID:3476
- C:\Windows\System\RYLadOj.exe
  C:\Windows\System\RYLadOj.exe
  2⤵
  PID:3508
- C:\Windows\System\IMQbKFV.exe
  C:\Windows\System\IMQbKFV.exe
  2⤵
  PID:3292
- C:\Windows\System\vjPjeOH.exe
  C:\Windows\System\vjPjeOH.exe
  2⤵
  PID:3584
- C:\Windows\System\nAUneNA.exe
  C:\Windows\System\nAUneNA.exe
  2⤵
  PID:3596
- C:\Windows\System\tXVdVwl.exe
  C:\Windows\System\tXVdVwl.exe
  2⤵
  PID:3628
- C:\Windows\System\BxxuLur.exe
  C:\Windows\System\BxxuLur.exe
  2⤵
  PID:3668
- C:\Windows\System\vkeYyKQ.exe
  C:\Windows\System\vkeYyKQ.exe
  2⤵
  PID:3672
- C:\Windows\System\jqHBVWo.exe
  C:\Windows\System\jqHBVWo.exe
  2⤵
  PID:3712
- C:\Windows\System\FOOsPBW.exe
  C:\Windows\System\FOOsPBW.exe
  2⤵
  PID:3780
- C:\Windows\System\yQFleCV.exe
  C:\Windows\System\yQFleCV.exe
  2⤵
  PID:3792
- C:\Windows\System\PnozzcC.exe
  C:\Windows\System\PnozzcC.exe
  2⤵
  PID:3836
- C:\Windows\System\ecdRYSO.exe
  C:\Windows\System\ecdRYSO.exe
  2⤵
  PID:3880
- C:\Windows\System\XlPQsCW.exe
  C:\Windows\System\XlPQsCW.exe
  2⤵
  PID:3936
- C:\Windows\System\KTYPScV.exe
  C:\Windows\System\KTYPScV.exe
  2⤵
  PID:3916
- C:\Windows\System\hcUjKHO.exe
  C:\Windows\System\hcUjKHO.exe
  2⤵
  PID:3980
- C:\Windows\System\TeimHlJ.exe
  C:\Windows\System\TeimHlJ.exe
  2⤵
  PID:4000
- C:\Windows\System\ZqSoRwV.exe
  C:\Windows\System\ZqSoRwV.exe
  2⤵
  PID:4044
- C:\Windows\System\ccjOFqh.exe
  C:\Windows\System\ccjOFqh.exe
  2⤵
  PID:3040
- C:\Windows\System\nwPasSl.exe
  C:\Windows\System\nwPasSl.exe
  2⤵
  PID:1728
- C:\Windows\System\kqhpJmQ.exe
  C:\Windows\System\kqhpJmQ.exe
  2⤵
  PID:1052
- C:\Windows\System\GlDWHoj.exe
  C:\Windows\System\GlDWHoj.exe
  2⤵
  PID:1360
- C:\Windows\System\AlcWEsh.exe
  C:\Windows\System\AlcWEsh.exe
  2⤵
  PID:2248
- C:\Windows\System\WoOPEXC.exe
  C:\Windows\System\WoOPEXC.exe
  2⤵
  PID:3148
- C:\Windows\System\gImPKqJ.exe
  C:\Windows\System\gImPKqJ.exe
  2⤵
  PID:3200
- C:\Windows\System\uEzTaAr.exe
  C:\Windows\System\uEzTaAr.exe
  2⤵
  PID:3232
- C:\Windows\System\HlgoFPE.exe
  C:\Windows\System\HlgoFPE.exe
  2⤵
  PID:3228
- C:\Windows\System\tklAKPY.exe
  C:\Windows\System\tklAKPY.exe
  2⤵
  PID:3356
- C:\Windows\System\KWRokEK.exe
  C:\Windows\System\KWRokEK.exe
  2⤵
  PID:3452
- C:\Windows\System\eNMolsY.exe
  C:\Windows\System\eNMolsY.exe
  2⤵
  PID:3492
- C:\Windows\System\JhroxOo.exe
  C:\Windows\System\JhroxOo.exe
  2⤵
  PID:3432
- C:\Windows\System\lehdpJI.exe
  C:\Windows\System\lehdpJI.exe
  2⤵
  PID:3532
- C:\Windows\System\CgoAwLL.exe
  C:\Windows\System\CgoAwLL.exe
  2⤵
  PID:3612
- C:\Windows\System\lrcMCkl.exe
  C:\Windows\System\lrcMCkl.exe
  2⤵
  PID:3692
- C:\Windows\System\PFAGkKO.exe
  C:\Windows\System\PFAGkKO.exe
  2⤵
  PID:3740
- C:\Windows\System\URNvYhf.exe
  C:\Windows\System\URNvYhf.exe
  2⤵
  PID:3796
- C:\Windows\System\rIoEJKB.exe
  C:\Windows\System\rIoEJKB.exe
  2⤵
  PID:3832
- C:\Windows\System\IkjHHzV.exe
  C:\Windows\System\IkjHHzV.exe
  2⤵
  PID:3872
- C:\Windows\System\dofGcBz.exe
  C:\Windows\System\dofGcBz.exe
  2⤵
  PID:3984
- C:\Windows\System\VQUCBIX.exe
  C:\Windows\System\VQUCBIX.exe
  2⤵
  PID:4004
- C:\Windows\System\NNDkiOF.exe
  C:\Windows\System\NNDkiOF.exe
  2⤵
  PID:1568
- C:\Windows\System\RrXsRYB.exe
  C:\Windows\System\RrXsRYB.exe
  2⤵
  PID:4064
- C:\Windows\System\hMmNyvX.exe
  C:\Windows\System\hMmNyvX.exe
  2⤵
  PID:2712
- C:\Windows\System\mUZneru.exe
  C:\Windows\System\mUZneru.exe
  2⤵
  PID:2160
- C:\Windows\System\FboUvUo.exe
  C:\Windows\System\FboUvUo.exe
  2⤵
  PID:3212
- C:\Windows\System\pGOlncj.exe
  C:\Windows\System\pGOlncj.exe
  2⤵
  PID:3108
- C:\Windows\System\kxILeph.exe
  C:\Windows\System\kxILeph.exe
  2⤵
  PID:3412
- C:\Windows\System\EUlTeIF.exe
  C:\Windows\System\EUlTeIF.exe
  2⤵
  PID:3572
- C:\Windows\System\DVsfEBx.exe
  C:\Windows\System\DVsfEBx.exe
  2⤵
  PID:3676
- C:\Windows\System\JotOvZZ.exe
  C:\Windows\System\JotOvZZ.exe
  2⤵
  PID:3760
- C:\Windows\System\zmWHPtZ.exe
  C:\Windows\System\zmWHPtZ.exe
  2⤵
  PID:3652
- C:\Windows\System\YpBpjSh.exe
  C:\Windows\System\YpBpjSh.exe
  2⤵
  PID:3900
- C:\Windows\System\dQMFGhH.exe
  C:\Windows\System\dQMFGhH.exe
  2⤵
  PID:3656
- C:\Windows\System\bYqPlBT.exe
  C:\Windows\System\bYqPlBT.exe
  2⤵
  PID:2660
- C:\Windows\System\IibHaJy.exe
  C:\Windows\System\IibHaJy.exe
  2⤵
  PID:4112
- C:\Windows\System\IqClUUC.exe
  C:\Windows\System\IqClUUC.exe
  2⤵
  PID:4136
- C:\Windows\System\ZtQPWsE.exe
  C:\Windows\System\ZtQPWsE.exe
  2⤵
  PID:4156
- C:\Windows\System\fbrSiJZ.exe
  C:\Windows\System\fbrSiJZ.exe
  2⤵
  PID:4176
- C:\Windows\System\WluriYR.exe
  C:\Windows\System\WluriYR.exe
  2⤵
  PID:4196
- C:\Windows\System\YzilCoi.exe
  C:\Windows\System\YzilCoi.exe
  2⤵
  PID:4216
- C:\Windows\System\dNHBAqt.exe
  C:\Windows\System\dNHBAqt.exe
  2⤵
  PID:4236
- C:\Windows\System\EMgPLJU.exe
  C:\Windows\System\EMgPLJU.exe
  2⤵
  PID:4256
- C:\Windows\System\xavoQJX.exe
  C:\Windows\System\xavoQJX.exe
  2⤵
  PID:4276
- C:\Windows\System\ogoYDUh.exe
  C:\Windows\System\ogoYDUh.exe
  2⤵
  PID:4304
- C:\Windows\System\JFFFdht.exe
  C:\Windows\System\JFFFdht.exe
  2⤵
  PID:4324
- C:\Windows\System\GNWIzqn.exe
  C:\Windows\System\GNWIzqn.exe
  2⤵
  PID:4344
- C:\Windows\System\OBcdnEC.exe
  C:\Windows\System\OBcdnEC.exe
  2⤵
  PID:4364
- C:\Windows\System\LhKofkq.exe
  C:\Windows\System\LhKofkq.exe
  2⤵
  PID:4384
- C:\Windows\System\LGVqTGZ.exe
  C:\Windows\System\LGVqTGZ.exe
  2⤵
  PID:4404
- C:\Windows\System\TaBqJUj.exe
  C:\Windows\System\TaBqJUj.exe
  2⤵
  PID:4424
- C:\Windows\System\CctHsCy.exe
  C:\Windows\System\CctHsCy.exe
  2⤵
  PID:4444
- C:\Windows\System\RYJuwaD.exe
  C:\Windows\System\RYJuwaD.exe
  2⤵
  PID:4464
- C:\Windows\System\DWhNFVd.exe
  C:\Windows\System\DWhNFVd.exe
  2⤵
  PID:4484
- C:\Windows\System\LknzwUP.exe
  C:\Windows\System\LknzwUP.exe
  2⤵
  PID:4504
- C:\Windows\System\RFVlxKY.exe
  C:\Windows\System\RFVlxKY.exe
  2⤵
  PID:4524
- C:\Windows\System\fMFZlBH.exe
  C:\Windows\System\fMFZlBH.exe
  2⤵
  PID:4544
- C:\Windows\System\DjPRzEA.exe
  C:\Windows\System\DjPRzEA.exe
  2⤵
  PID:4564
- C:\Windows\System\JAEzolk.exe
  C:\Windows\System\JAEzolk.exe
  2⤵
  PID:4584
- C:\Windows\System\rGotlpA.exe
  C:\Windows\System\rGotlpA.exe
  2⤵
  PID:4604
- C:\Windows\System\iUCpkAo.exe
  C:\Windows\System\iUCpkAo.exe
  2⤵
  PID:4624
- C:\Windows\System\tiwsZgd.exe
  C:\Windows\System\tiwsZgd.exe
  2⤵
  PID:4644
- C:\Windows\System\FbYFgVm.exe
  C:\Windows\System\FbYFgVm.exe
  2⤵
  PID:4664
- C:\Windows\System\PuQdmPG.exe
  C:\Windows\System\PuQdmPG.exe
  2⤵
  PID:4684
- C:\Windows\System\xzkMlDV.exe
  C:\Windows\System\xzkMlDV.exe
  2⤵
  PID:4704
- C:\Windows\System\UCtpthb.exe
  C:\Windows\System\UCtpthb.exe
  2⤵
  PID:4724
- C:\Windows\System\yFlhXet.exe
  C:\Windows\System\yFlhXet.exe
  2⤵
  PID:4744
- C:\Windows\System\iCIOQjo.exe
  C:\Windows\System\iCIOQjo.exe
  2⤵
  PID:4764
- C:\Windows\System\RadTWCR.exe
  C:\Windows\System\RadTWCR.exe
  2⤵
  PID:4784
- C:\Windows\System\rzfgyHv.exe
  C:\Windows\System\rzfgyHv.exe
  2⤵
  PID:4804
- C:\Windows\System\soYXVJi.exe
  C:\Windows\System\soYXVJi.exe
  2⤵
  PID:4824
- C:\Windows\System\EsyFRxM.exe
  C:\Windows\System\EsyFRxM.exe
  2⤵
  PID:4844
- C:\Windows\System\zyUSoGI.exe
  C:\Windows\System\zyUSoGI.exe
  2⤵
  PID:4864
- C:\Windows\System\FiSYdDp.exe
  C:\Windows\System\FiSYdDp.exe
  2⤵
  PID:4884
- C:\Windows\System\GnptLrY.exe
  C:\Windows\System\GnptLrY.exe
  2⤵
  PID:4904
- C:\Windows\System\vbhcQqH.exe
  C:\Windows\System\vbhcQqH.exe
  2⤵
  PID:4924
- C:\Windows\System\Snqwhkc.exe
  C:\Windows\System\Snqwhkc.exe
  2⤵
  PID:4944
- C:\Windows\System\RSjmKHq.exe
  C:\Windows\System\RSjmKHq.exe
  2⤵
  PID:4964
- C:\Windows\System\Amubkkl.exe
  C:\Windows\System\Amubkkl.exe
  2⤵
  PID:4984
- C:\Windows\System\ZawrhXk.exe
  C:\Windows\System\ZawrhXk.exe
  2⤵
  PID:5004
- C:\Windows\System\KYPwPGu.exe
  C:\Windows\System\KYPwPGu.exe
  2⤵
  PID:5024
- C:\Windows\System\ILCqcth.exe
  C:\Windows\System\ILCqcth.exe
  2⤵
  PID:5044
- C:\Windows\System\cpiJyuC.exe
  C:\Windows\System\cpiJyuC.exe
  2⤵
  PID:5064
- C:\Windows\System\VdKVmlo.exe
  C:\Windows\System\VdKVmlo.exe
  2⤵
  PID:5084
- C:\Windows\System\WOTRPsr.exe
  C:\Windows\System\WOTRPsr.exe
  2⤵
  PID:5104
- C:\Windows\System\UHDYpfi.exe
  C:\Windows\System\UHDYpfi.exe
  2⤵
  PID:3956
- C:\Windows\System\JiCHMgt.exe
  C:\Windows\System\JiCHMgt.exe
  2⤵
  PID:3088
- C:\Windows\System\ePsyYOC.exe
  C:\Windows\System\ePsyYOC.exe
  2⤵
  PID:3308
- C:\Windows\System\rpbgcJc.exe
  C:\Windows\System\rpbgcJc.exe
  2⤵
  PID:3312
- C:\Windows\System\pNaamuW.exe
  C:\Windows\System\pNaamuW.exe
  2⤵
  PID:3208
- C:\Windows\System\KsgysFr.exe
  C:\Windows\System\KsgysFr.exe
  2⤵
  PID:3632
- C:\Windows\System\uFlkLDy.exe
  C:\Windows\System\uFlkLDy.exe
  2⤵
  PID:3876
- C:\Windows\System\OpoxNrB.exe
  C:\Windows\System\OpoxNrB.exe
  2⤵
  PID:2688
- C:\Windows\System\sWebTJa.exe
  C:\Windows\System\sWebTJa.exe
  2⤵
  PID:4120
- C:\Windows\System\EAmVmam.exe
  C:\Windows\System\EAmVmam.exe
  2⤵
  PID:4108
- C:\Windows\System\hMwoZHX.exe
  C:\Windows\System\hMwoZHX.exe
  2⤵
  PID:4164
- C:\Windows\System\wntkXFQ.exe
  C:\Windows\System\wntkXFQ.exe
  2⤵
  PID:4188
- C:\Windows\System\xcKlkKh.exe
  C:\Windows\System\xcKlkKh.exe
  2⤵
  PID:4232
- C:\Windows\System\BqnmsCx.exe
  C:\Windows\System\BqnmsCx.exe
  2⤵
  PID:4264
- C:\Windows\System\RVbAnEO.exe
  C:\Windows\System\RVbAnEO.exe
  2⤵
  PID:4288
- C:\Windows\System\yvFWdja.exe
  C:\Windows\System\yvFWdja.exe
  2⤵
  PID:4320
- C:\Windows\System\ZFTAlzh.exe
  C:\Windows\System\ZFTAlzh.exe
  2⤵
  PID:4356
- C:\Windows\System\CziuIXb.exe
  C:\Windows\System\CziuIXb.exe
  2⤵
  PID:4392
- C:\Windows\System\NKuJBFp.exe
  C:\Windows\System\NKuJBFp.exe
  2⤵
  PID:2068
- C:\Windows\System\VNKewbw.exe
  C:\Windows\System\VNKewbw.exe
  2⤵
  PID:4436
- C:\Windows\System\jbLmhgU.exe
  C:\Windows\System\jbLmhgU.exe
  2⤵
  PID:4480
- C:\Windows\System\xxWDZpa.exe
  C:\Windows\System\xxWDZpa.exe
  2⤵
  PID:4512
- C:\Windows\System\ABeTlfl.exe
  C:\Windows\System\ABeTlfl.exe
  2⤵
  PID:4536
- C:\Windows\System\uqjDthk.exe
  C:\Windows\System\uqjDthk.exe
  2⤵
  PID:4556
- C:\Windows\System\AHopYWW.exe
  C:\Windows\System\AHopYWW.exe
  2⤵
  PID:4612
- C:\Windows\System\xbYJhaE.exe
  C:\Windows\System\xbYJhaE.exe
  2⤵
  PID:4632
- C:\Windows\System\LCZsaFu.exe
  C:\Windows\System\LCZsaFu.exe
  2⤵
  PID:4656
- C:\Windows\System\ESbjRHA.exe
  C:\Windows\System\ESbjRHA.exe
  2⤵
  PID:4700
- C:\Windows\System\laxUJjw.exe
  C:\Windows\System\laxUJjw.exe
  2⤵
  PID:4740
- C:\Windows\System\qUvsuRs.exe
  C:\Windows\System\qUvsuRs.exe
  2⤵
  PID:4772
- C:\Windows\System\hsgEeun.exe
  C:\Windows\System\hsgEeun.exe
  2⤵
  PID:4792
- C:\Windows\System\dlvTeiA.exe
  C:\Windows\System\dlvTeiA.exe
  2⤵
  PID:4832
- C:\Windows\System\nrEqXNB.exe
  C:\Windows\System\nrEqXNB.exe
  2⤵
  PID:4856
- C:\Windows\System\gwnyqad.exe
  C:\Windows\System\gwnyqad.exe
  2⤵
  PID:4876
- C:\Windows\System\siRaXrf.exe
  C:\Windows\System\siRaXrf.exe
  2⤵
  PID:4940
- C:\Windows\System\oUUMpYG.exe
  C:\Windows\System\oUUMpYG.exe
  2⤵
  PID:4980
- C:\Windows\System\uAQTjKi.exe
  C:\Windows\System\uAQTjKi.exe
  2⤵
  PID:5012
- C:\Windows\System\SKiyNyC.exe
  C:\Windows\System\SKiyNyC.exe
  2⤵
  PID:5032
- C:\Windows\System\yCHJlEs.exe
  C:\Windows\System\yCHJlEs.exe
  2⤵
  PID:5056
- C:\Windows\System\VZCiOZO.exe
  C:\Windows\System\VZCiOZO.exe
  2⤵
  PID:5100
- C:\Windows\System\iHyLBUf.exe
  C:\Windows\System\iHyLBUf.exe
  2⤵
  PID:5116
- C:\Windows\System\eeBGHxs.exe
  C:\Windows\System\eeBGHxs.exe
  2⤵
  PID:3388
- C:\Windows\System\FseUAmO.exe
  C:\Windows\System\FseUAmO.exe
  2⤵
  PID:3328
- C:\Windows\System\sHSYIwI.exe
  C:\Windows\System\sHSYIwI.exe
  2⤵
  PID:2792
- C:\Windows\System\xvtskrv.exe
  C:\Windows\System\xvtskrv.exe
  2⤵
  PID:3552
- C:\Windows\System\rWRcOlv.exe
  C:\Windows\System\rWRcOlv.exe
  2⤵
  PID:4104
- C:\Windows\System\tIgIJtQ.exe
  C:\Windows\System\tIgIJtQ.exe
  2⤵
  PID:4148
- C:\Windows\System\aBEWjdx.exe
  C:\Windows\System\aBEWjdx.exe
  2⤵
  PID:4224
- C:\Windows\System\ZdcVABP.exe
  C:\Windows\System\ZdcVABP.exe
  2⤵
  PID:4300
- C:\Windows\System\hZQeVpj.exe
  C:\Windows\System\hZQeVpj.exe
  2⤵
  PID:4336
- C:\Windows\System\dHITvdb.exe
  C:\Windows\System\dHITvdb.exe
  2⤵
  PID:4380
- C:\Windows\System\kwotLOU.exe
  C:\Windows\System\kwotLOU.exe
  2⤵
  PID:4452
- C:\Windows\System\qbiiiqA.exe
  C:\Windows\System\qbiiiqA.exe
  2⤵
  PID:4496
- C:\Windows\System\ngGTmDj.exe
  C:\Windows\System\ngGTmDj.exe
  2⤵
  PID:4580
- C:\Windows\System\cXGvzFE.exe
  C:\Windows\System\cXGvzFE.exe
  2⤵
  PID:3752
- C:\Windows\System\gKaZNnJ.exe
  C:\Windows\System\gKaZNnJ.exe
  2⤵
  PID:2472
- C:\Windows\System\zvOkGpB.exe
  C:\Windows\System\zvOkGpB.exe
  2⤵
  PID:4692
- C:\Windows\System\uPjtGsD.exe
  C:\Windows\System\uPjtGsD.exe
  2⤵
  PID:2916
- C:\Windows\System\meGEFZq.exe
  C:\Windows\System\meGEFZq.exe
  2⤵
  PID:4776
- C:\Windows\System\ZjOfMgE.exe
  C:\Windows\System\ZjOfMgE.exe
  2⤵
  PID:4836
- C:\Windows\System\HUkfUjS.exe
  C:\Windows\System\HUkfUjS.exe
  2⤵
  PID:4852
- C:\Windows\System\RVeYvyr.exe
  C:\Windows\System\RVeYvyr.exe
  2⤵
  PID:4936
- C:\Windows\System\AEtPYId.exe
  C:\Windows\System\AEtPYId.exe
  2⤵
  PID:4956
- C:\Windows\System\yWQvKII.exe
  C:\Windows\System\yWQvKII.exe
  2⤵
  PID:5020
- C:\Windows\System\uFRVeiV.exe
  C:\Windows\System\uFRVeiV.exe
  2⤵
  PID:5092
- C:\Windows\System\eDPckEy.exe
  C:\Windows\System\eDPckEy.exe
  2⤵
  PID:5112
- C:\Windows\System\nivPpeA.exe
  C:\Windows\System\nivPpeA.exe
  2⤵
  PID:3564
- C:\Windows\System\baPRNNC.exe
  C:\Windows\System\baPRNNC.exe
  2⤵
  PID:3708
- C:\Windows\System\eEmVaDN.exe
  C:\Windows\System\eEmVaDN.exe
  2⤵
  PID:4020
- C:\Windows\System\IajUDmx.exe
  C:\Windows\System\IajUDmx.exe
  2⤵
  PID:4212
- C:\Windows\System\DWWvtlp.exe
  C:\Windows\System\DWWvtlp.exe
  2⤵
  PID:4268
- C:\Windows\System\iHeNRNy.exe
  C:\Windows\System\iHeNRNy.exe
  2⤵
  PID:5132
- C:\Windows\System\quRYAqS.exe
  C:\Windows\System\quRYAqS.exe
  2⤵
  PID:5152
- C:\Windows\System\kFbfWTZ.exe
  C:\Windows\System\kFbfWTZ.exe
  2⤵
  PID:5172
- C:\Windows\System\ASuRwPt.exe
  C:\Windows\System\ASuRwPt.exe
  2⤵
  PID:5192
- C:\Windows\System\QYCHgZb.exe
  C:\Windows\System\QYCHgZb.exe
  2⤵
  PID:5212
- C:\Windows\System\YDTWWGH.exe
  C:\Windows\System\YDTWWGH.exe
  2⤵
  PID:5232
- C:\Windows\System\IMmlloP.exe
  C:\Windows\System\IMmlloP.exe
  2⤵
  PID:5252
- C:\Windows\System\wbfjQOC.exe
  C:\Windows\System\wbfjQOC.exe
  2⤵
  PID:5272
- C:\Windows\System\WJLqyZu.exe
  C:\Windows\System\WJLqyZu.exe
  2⤵
  PID:5292
- C:\Windows\System\adafTcV.exe
  C:\Windows\System\adafTcV.exe
  2⤵
  PID:5312
- C:\Windows\System\cKDAtpW.exe
  C:\Windows\System\cKDAtpW.exe
  2⤵
  PID:5332
- C:\Windows\System\knXjGAw.exe
  C:\Windows\System\knXjGAw.exe
  2⤵
  PID:5352
- C:\Windows\System\bKSPtNG.exe
  C:\Windows\System\bKSPtNG.exe
  2⤵
  PID:5372
- C:\Windows\System\TDGdKvV.exe
  C:\Windows\System\TDGdKvV.exe
  2⤵
  PID:5392
- C:\Windows\System\RuUPhuq.exe
  C:\Windows\System\RuUPhuq.exe
  2⤵
  PID:5412
- C:\Windows\System\uxMBmkU.exe
  C:\Windows\System\uxMBmkU.exe
  2⤵
  PID:5432
- C:\Windows\System\NSxLvVf.exe
  C:\Windows\System\NSxLvVf.exe
  2⤵
  PID:5452
- C:\Windows\System\DUJShke.exe
  C:\Windows\System\DUJShke.exe
  2⤵
  PID:5472
- C:\Windows\System\tvFczKu.exe
  C:\Windows\System\tvFczKu.exe
  2⤵
  PID:5492
- C:\Windows\System\NzHfnQp.exe
  C:\Windows\System\NzHfnQp.exe
  2⤵
  PID:5512
- C:\Windows\System\QvURFQZ.exe
  C:\Windows\System\QvURFQZ.exe
  2⤵
  PID:5532
- C:\Windows\System\pYIxvbn.exe
  C:\Windows\System\pYIxvbn.exe
  2⤵
  PID:5552
- C:\Windows\System\BalLmMp.exe
  C:\Windows\System\BalLmMp.exe
  2⤵
  PID:5572
- C:\Windows\System\qGyHsZF.exe
  C:\Windows\System\qGyHsZF.exe
  2⤵
  PID:5592
- C:\Windows\System\YHkSpul.exe
  C:\Windows\System\YHkSpul.exe
  2⤵
  PID:5612
- C:\Windows\System\YKoDTGz.exe
  C:\Windows\System\YKoDTGz.exe
  2⤵
  PID:5632
- C:\Windows\System\HCiLfAA.exe
  C:\Windows\System\HCiLfAA.exe
  2⤵
  PID:5652
- C:\Windows\System\nPKAWrZ.exe
  C:\Windows\System\nPKAWrZ.exe
  2⤵
  PID:5672
- C:\Windows\System\dRYPngl.exe
  C:\Windows\System\dRYPngl.exe
  2⤵
  PID:5692
- C:\Windows\System\LeAcjLm.exe
  C:\Windows\System\LeAcjLm.exe
  2⤵
  PID:5712
- C:\Windows\System\YbKrVRi.exe
  C:\Windows\System\YbKrVRi.exe
  2⤵
  PID:5736
- C:\Windows\System\TsqYood.exe
  C:\Windows\System\TsqYood.exe
  2⤵
  PID:5756
- C:\Windows\System\zMqKwFO.exe
  C:\Windows\System\zMqKwFO.exe
  2⤵
  PID:5776
- C:\Windows\System\obWaoSF.exe
  C:\Windows\System\obWaoSF.exe
  2⤵
  PID:5796
- C:\Windows\System\dycVuCY.exe
  C:\Windows\System\dycVuCY.exe
  2⤵
  PID:5816
- C:\Windows\System\QxZTwKB.exe
  C:\Windows\System\QxZTwKB.exe
  2⤵
  PID:5836
- C:\Windows\System\SOGTdkG.exe
  C:\Windows\System\SOGTdkG.exe
  2⤵
  PID:5856
- C:\Windows\System\dSwNodh.exe
  C:\Windows\System\dSwNodh.exe
  2⤵
  PID:5876
- C:\Windows\System\ElOcyPk.exe
  C:\Windows\System\ElOcyPk.exe
  2⤵
  PID:5896
- C:\Windows\System\zAnNLXR.exe
  C:\Windows\System\zAnNLXR.exe
  2⤵
  PID:5916
- C:\Windows\System\VCivMrG.exe
  C:\Windows\System\VCivMrG.exe
  2⤵
  PID:5936
- C:\Windows\System\QiuwZVX.exe
  C:\Windows\System\QiuwZVX.exe
  2⤵
  PID:5956
- C:\Windows\System\zVPMhgo.exe
  C:\Windows\System\zVPMhgo.exe
  2⤵
  PID:5976
- C:\Windows\System\uKcJzvK.exe
  C:\Windows\System\uKcJzvK.exe
  2⤵
  PID:5996
- C:\Windows\System\mJxttQK.exe
  C:\Windows\System\mJxttQK.exe
  2⤵
  PID:6016
- C:\Windows\System\KOtDvMF.exe
  C:\Windows\System\KOtDvMF.exe
  2⤵
  PID:6036
- C:\Windows\System\IIxKvdd.exe
  C:\Windows\System\IIxKvdd.exe
  2⤵
  PID:6056
- C:\Windows\System\XEmEuZp.exe
  C:\Windows\System\XEmEuZp.exe
  2⤵
  PID:6076
- C:\Windows\System\BiWxtxT.exe
  C:\Windows\System\BiWxtxT.exe
  2⤵
  PID:6096
- C:\Windows\System\ysbTcsO.exe
  C:\Windows\System\ysbTcsO.exe
  2⤵
  PID:6116
- C:\Windows\System\WWoGtLp.exe
  C:\Windows\System\WWoGtLp.exe
  2⤵
  PID:6136
- C:\Windows\System\ULsifcj.exe
  C:\Windows\System\ULsifcj.exe
  2⤵
  PID:4420
- C:\Windows\System\XGtCksh.exe
  C:\Windows\System\XGtCksh.exe
  2⤵
  PID:4472
- C:\Windows\System\ouIjINz.exe
  C:\Windows\System\ouIjINz.exe
  2⤵
  PID:4620
- C:\Windows\System\ewnfFjG.exe
  C:\Windows\System\ewnfFjG.exe
  2⤵
  PID:4636
- C:\Windows\System\klXEbzH.exe
  C:\Windows\System\klXEbzH.exe
  2⤵
  PID:4736
- C:\Windows\System\EvxUUkL.exe
  C:\Windows\System\EvxUUkL.exe
  2⤵
  PID:1124
- C:\Windows\System\VvLzpao.exe
  C:\Windows\System\VvLzpao.exe
  2⤵
  PID:4892
- C:\Windows\System\uqcJUoo.exe
  C:\Windows\System\uqcJUoo.exe
  2⤵
  PID:5016
- C:\Windows\System\ElfhDMt.exe
  C:\Windows\System\ElfhDMt.exe
  2⤵
  PID:1072
- C:\Windows\System\MuDLEWm.exe
  C:\Windows\System\MuDLEWm.exe
  2⤵
  PID:4056
- C:\Windows\System\LumwXJR.exe
  C:\Windows\System\LumwXJR.exe
  2⤵
  PID:3488
- C:\Windows\System\WDnageD.exe
  C:\Windows\System\WDnageD.exe
  2⤵
  PID:3648
- C:\Windows\System\pIKlKGJ.exe
  C:\Windows\System\pIKlKGJ.exe
  2⤵
  PID:4248
- C:\Windows\System\IjfUCXR.exe
  C:\Windows\System\IjfUCXR.exe
  2⤵
  PID:2664
- C:\Windows\System\UOBdMNJ.exe
  C:\Windows\System\UOBdMNJ.exe
  2⤵
  PID:2912
- C:\Windows\System\aEWPlTl.exe
  C:\Windows\System\aEWPlTl.exe
  2⤵
  PID:5228
- C:\Windows\System\jzKrpQd.exe
  C:\Windows\System\jzKrpQd.exe
  2⤵
  PID:5288
- C:\Windows\System\xFwAFYU.exe
  C:\Windows\System\xFwAFYU.exe
  2⤵
  PID:5328
- C:\Windows\System\gOrLUiM.exe
  C:\Windows\System\gOrLUiM.exe
  2⤵
  PID:5368
- C:\Windows\System\XKtuRof.exe
  C:\Windows\System\XKtuRof.exe
  2⤵
  PID:5388
- C:\Windows\System\YuRhJoM.exe
  C:\Windows\System\YuRhJoM.exe
  2⤵
  PID:5404
- C:\Windows\System\wJsAAcQ.exe
  C:\Windows\System\wJsAAcQ.exe
  2⤵
  PID:5460
- C:\Windows\System\fVrRqvZ.exe
  C:\Windows\System\fVrRqvZ.exe
  2⤵
  PID:5464
- C:\Windows\System\fqApHyi.exe
  C:\Windows\System\fqApHyi.exe
  2⤵
  PID:5508
- C:\Windows\System\LwdWtFG.exe
  C:\Windows\System\LwdWtFG.exe
  2⤵
  PID:5540
- C:\Windows\System\VHkNjLK.exe
  C:\Windows\System\VHkNjLK.exe
  2⤵
  PID:5564
- C:\Windows\System\SNtXkZu.exe
  C:\Windows\System\SNtXkZu.exe
  2⤵
  PID:5608
- C:\Windows\System\WqLDAtO.exe
  C:\Windows\System\WqLDAtO.exe
  2⤵
  PID:5640
- C:\Windows\System\OrumwOY.exe
  C:\Windows\System\OrumwOY.exe
  2⤵
  PID:5644
- C:\Windows\System\bTqvRyP.exe
  C:\Windows\System\bTqvRyP.exe
  2⤵
  PID:5688
- C:\Windows\System\mYSkYBl.exe
  C:\Windows\System\mYSkYBl.exe
  2⤵
  PID:5732
- C:\Windows\System\AIlWitd.exe
  C:\Windows\System\AIlWitd.exe
  2⤵
  PID:2976
- C:\Windows\System\HrOIelX.exe
  C:\Windows\System\HrOIelX.exe
  2⤵
  PID:5784
- C:\Windows\System\lcOMMLm.exe
  C:\Windows\System\lcOMMLm.exe
  2⤵
  PID:5808
- C:\Windows\System\TPSQluf.exe
  C:\Windows\System\TPSQluf.exe
  2⤵
  PID:5848
- C:\Windows\System\IolXYIQ.exe
  C:\Windows\System\IolXYIQ.exe
  2⤵
  PID:5872
- C:\Windows\System\ZtjxHcI.exe
  C:\Windows\System\ZtjxHcI.exe
  2⤵
  PID:5888
- C:\Windows\System\hLIwTJk.exe
  C:\Windows\System\hLIwTJk.exe
  2⤵
  PID:5928
- C:\Windows\System\RKuVVdu.exe
  C:\Windows\System\RKuVVdu.exe
  2⤵
  PID:5952
- C:\Windows\System\IKdKBRR.exe
  C:\Windows\System\IKdKBRR.exe
  2⤵
  PID:6012
- C:\Windows\System\SnxmsUi.exe
  C:\Windows\System\SnxmsUi.exe
  2⤵
  PID:6044
- C:\Windows\System\OVYEryc.exe
  C:\Windows\System\OVYEryc.exe
  2⤵
  PID:6064
- C:\Windows\System\KfzosQv.exe
  C:\Windows\System\KfzosQv.exe
  2⤵
  PID:6092
- C:\Windows\System\dpabrBZ.exe
  C:\Windows\System\dpabrBZ.exe
  2⤵
  PID:4432
- C:\Windows\System\PHvhbTA.exe
  C:\Windows\System\PHvhbTA.exe
  2⤵
  PID:1092
- C:\Windows\System\OMhsGhD.exe
  C:\Windows\System\OMhsGhD.exe
  2⤵
  PID:4540
- C:\Windows\System\yCCRYKS.exe
  C:\Windows\System\yCCRYKS.exe
  2⤵
  PID:4732
- C:\Windows\System\jIzHOKs.exe
  C:\Windows\System\jIzHOKs.exe
  2⤵
  PID:4760
- C:\Windows\System\PGuEbwP.exe
  C:\Windows\System\PGuEbwP.exe
  2⤵
  PID:2676
- C:\Windows\System\xovgIFf.exe
  C:\Windows\System\xovgIFf.exe
  2⤵
  PID:5036
- C:\Windows\System\iLetsDL.exe
  C:\Windows\System\iLetsDL.exe
  2⤵
  PID:5076
- C:\Windows\System\ZJERRFY.exe
  C:\Windows\System\ZJERRFY.exe
  2⤵
  PID:4192
- C:\Windows\System\vGpMkpX.exe
  C:\Windows\System\vGpMkpX.exe
  2⤵
  PID:5128
- C:\Windows\System\KdjiqWY.exe
  C:\Windows\System\KdjiqWY.exe
  2⤵
  PID:2872
- C:\Windows\System\DIirnWW.exe
  C:\Windows\System\DIirnWW.exe
  2⤵
  PID:5208
- C:\Windows\System\EVZEkMH.exe
  C:\Windows\System\EVZEkMH.exe
  2⤵
  PID:3204
- C:\Windows\System\LIBwVmg.exe
  C:\Windows\System\LIBwVmg.exe
  2⤵
  PID:2680
- C:\Windows\System\IanxwnA.exe
  C:\Windows\System\IanxwnA.exe
  2⤵
  PID:1488
- C:\Windows\System\YXjWUeb.exe
  C:\Windows\System\YXjWUeb.exe
  2⤵
  PID:1220
- C:\Windows\System\cZpBPlq.exe
  C:\Windows\System\cZpBPlq.exe
  2⤵
  PID:1152
- C:\Windows\System\ATBAiAo.exe
  C:\Windows\System\ATBAiAo.exe
  2⤵
  PID:3060
- C:\Windows\System\AsIcBby.exe
  C:\Windows\System\AsIcBby.exe
  2⤵
  PID:2584
- C:\Windows\System\FNhzcdD.exe
  C:\Windows\System\FNhzcdD.exe
  2⤵
  PID:264
- C:\Windows\System\kuMFfCV.exe
  C:\Windows\System\kuMFfCV.exe
  2⤵
  PID:2556
- C:\Windows\System\qDwMLVD.exe
  C:\Windows\System\qDwMLVD.exe
  2⤵
  PID:1616
- C:\Windows\System\CxaZeZp.exe
  C:\Windows\System\CxaZeZp.exe
  2⤵
  PID:308
- C:\Windows\System\TWUaIrK.exe
  C:\Windows\System\TWUaIrK.exe
  2⤵
  PID:5264
- C:\Windows\System\HkhLHSp.exe
  C:\Windows\System\HkhLHSp.exe
  2⤵
  PID:5380
- C:\Windows\System\qfHLZOb.exe
  C:\Windows\System\qfHLZOb.exe
  2⤵
  PID:5400
- C:\Windows\System\oiRjKbq.exe
  C:\Windows\System\oiRjKbq.exe
  2⤵
  PID:5424
- C:\Windows\System\MsrpmIF.exe
  C:\Windows\System\MsrpmIF.exe
  2⤵
  PID:5544
- C:\Windows\System\cacwPPb.exe
  C:\Windows\System\cacwPPb.exe
  2⤵
  PID:5660
- C:\Windows\System\lrwzkgq.exe
  C:\Windows\System\lrwzkgq.exe
  2⤵
  PID:5524
- C:\Windows\System\BtkJyVC.exe
  C:\Windows\System\BtkJyVC.exe
  2⤵
  PID:5504
- C:\Windows\System\FRRZHVa.exe
  C:\Windows\System\FRRZHVa.exe
  2⤵
  PID:5648
- C:\Windows\System\bokZvTA.exe
  C:\Windows\System\bokZvTA.exe
  2⤵
  PID:5768
- C:\Windows\System\pItOMre.exe
  C:\Windows\System\pItOMre.exe
  2⤵
  PID:5828
- C:\Windows\System\QMPJups.exe
  C:\Windows\System\QMPJups.exe
  2⤵
  PID:5908
- C:\Windows\System\yVqXalT.exe
  C:\Windows\System\yVqXalT.exe
  2⤵
  PID:5964
- C:\Windows\System\HtRSNjS.exe
  C:\Windows\System\HtRSNjS.exe
  2⤵
  PID:6104
- C:\Windows\System\xUfaJCd.exe
  C:\Windows\System\xUfaJCd.exe
  2⤵
  PID:5728
- C:\Windows\System\qxbIbUt.exe
  C:\Windows\System\qxbIbUt.exe
  2⤵
  PID:5892
- C:\Windows\System\TsXaCZx.exe
  C:\Windows\System\TsXaCZx.exe
  2⤵
  PID:4560
- C:\Windows\System\mrpHeqz.exe
  C:\Windows\System\mrpHeqz.exe
  2⤵
  PID:4992
- C:\Windows\System\HanWqCH.exe
  C:\Windows\System\HanWqCH.exe
  2⤵
  PID:1560
- C:\Windows\System\QiBBROu.exe
  C:\Windows\System\QiBBROu.exe
  2⤵
  PID:3840
- C:\Windows\System\DgNAEXn.exe
  C:\Windows\System\DgNAEXn.exe
  2⤵
  PID:2824
- C:\Windows\System\JrXBFkY.exe
  C:\Windows\System\JrXBFkY.exe
  2⤵
  PID:5160
- C:\Windows\System\SEwFuPv.exe
  C:\Windows\System\SEwFuPv.exe
  2⤵
  PID:5200
- C:\Windows\System\nQKwgUx.exe
  C:\Windows\System\nQKwgUx.exe
  2⤵
  PID:4640
- C:\Windows\System\HYjQxGh.exe
  C:\Windows\System\HYjQxGh.exe
  2⤵
  PID:628
- C:\Windows\System\fCPFIGF.exe
  C:\Windows\System\fCPFIGF.exe
  2⤵
  PID:2084
- C:\Windows\System\AbnRVqR.exe
  C:\Windows\System\AbnRVqR.exe
  2⤵
  PID:2784
- C:\Windows\System\XOmFDxV.exe
  C:\Windows\System\XOmFDxV.exe
  2⤵
  PID:1600
- C:\Windows\System\BFMCOWb.exe
  C:\Windows\System\BFMCOWb.exe
  2⤵
  PID:1824
- C:\Windows\System\ObYvcsB.exe
  C:\Windows\System\ObYvcsB.exe
  2⤵
  PID:2460
- C:\Windows\System\BHqcnHJ.exe
  C:\Windows\System\BHqcnHJ.exe
  2⤵
  PID:5348
- C:\Windows\System\eQGwNLO.exe
  C:\Windows\System\eQGwNLO.exe
  2⤵
  PID:2776
- C:\Windows\System\jvTCnmx.exe
  C:\Windows\System\jvTCnmx.exe
  2⤵
  PID:5444
- C:\Windows\System\XRWjwKi.exe
  C:\Windows\System\XRWjwKi.exe
  2⤵
  PID:5620
- C:\Windows\System\nunhZyg.exe
  C:\Windows\System\nunhZyg.exe
  2⤵
  PID:5772
- C:\Windows\System\ARzNyIY.exe
  C:\Windows\System\ARzNyIY.exe
  2⤵
  PID:5600
- C:\Windows\System\uxcbdav.exe
  C:\Windows\System\uxcbdav.exe
  2⤵
  PID:5812
- C:\Windows\System\vLiAvmH.exe
  C:\Windows\System\vLiAvmH.exe
  2⤵
  PID:6028
- C:\Windows\System\pDggHee.exe
  C:\Windows\System\pDggHee.exe
  2⤵
  PID:6128
- C:\Windows\System\XsuAhGB.exe
  C:\Windows\System\XsuAhGB.exe
  2⤵
  PID:5884
- C:\Windows\System\bAavINg.exe
  C:\Windows\System\bAavINg.exe
  2⤵
  PID:6084
- C:\Windows\System\jyoFfTQ.exe
  C:\Windows\System\jyoFfTQ.exe
  2⤵
  PID:1956
- C:\Windows\System\EQHhjJD.exe
  C:\Windows\System\EQHhjJD.exe
  2⤵
  PID:4312
- C:\Windows\System\rvbwpgk.exe
  C:\Windows\System\rvbwpgk.exe
  2⤵
  PID:4860
- C:\Windows\System\MSAZjPx.exe
  C:\Windows\System\MSAZjPx.exe
  2⤵
  PID:4972
- C:\Windows\System\LvVzhhe.exe
  C:\Windows\System\LvVzhhe.exe
  2⤵
  PID:2580
- C:\Windows\System\yvThkbg.exe
  C:\Windows\System\yvThkbg.exe
  2⤵
  PID:2024
- C:\Windows\System\zfYNFcb.exe
  C:\Windows\System\zfYNFcb.exe
  2⤵
  PID:1920
- C:\Windows\System\GJHfkgj.exe
  C:\Windows\System\GJHfkgj.exe
  2⤵
  PID:1292
- C:\Windows\System\eQzKtSQ.exe
  C:\Windows\System\eQzKtSQ.exe
  2⤵
  PID:1548
- C:\Windows\System\lqqydmj.exe
  C:\Windows\System\lqqydmj.exe
  2⤵
  PID:5704
- C:\Windows\System\OpnlLHz.exe
  C:\Windows\System\OpnlLHz.exe
  2⤵
  PID:5720
- C:\Windows\System\NVqysGk.exe
  C:\Windows\System\NVqysGk.exe
  2⤵
  PID:6004
- C:\Windows\System\SESrQOT.exe
  C:\Windows\System\SESrQOT.exe
  2⤵
  PID:5988
- C:\Windows\System\garwFHY.exe
  C:\Windows\System\garwFHY.exe
  2⤵
  PID:2960
- C:\Windows\System\WaKqiIh.exe
  C:\Windows\System\WaKqiIh.exe
  2⤵
  PID:3032
- C:\Windows\System\PlkUmbL.exe
  C:\Windows\System\PlkUmbL.exe
  2⤵
  PID:6132
- C:\Windows\System\JoKkJPW.exe
  C:\Windows\System\JoKkJPW.exe
  2⤵
  PID:2096
- C:\Windows\System\jrvfqaQ.exe
  C:\Windows\System\jrvfqaQ.exe
  2⤵
  PID:5280
- C:\Windows\System\FkupmoS.exe
  C:\Windows\System\FkupmoS.exe
  2⤵
  PID:5584
- C:\Windows\System\cVMfyUq.exe
  C:\Windows\System\cVMfyUq.exe
  2⤵
  PID:5664
- C:\Windows\System\YMXPmtq.exe
  C:\Windows\System\YMXPmtq.exe
  2⤵
  PID:5788
- C:\Windows\System\giVHNIZ.exe
  C:\Windows\System\giVHNIZ.exe
  2⤵
  PID:6024
- C:\Windows\System\pHYqBww.exe
  C:\Windows\System\pHYqBww.exe
  2⤵
  PID:2444
- C:\Windows\System\ozbLcoC.exe
  C:\Windows\System\ozbLcoC.exe
  2⤵
  PID:4352
- C:\Windows\System\grcrqbL.exe
  C:\Windows\System\grcrqbL.exe
  2⤵
  PID:3196
- C:\Windows\System\TzXsvYg.exe
  C:\Windows\System\TzXsvYg.exe
  2⤵
  PID:5304
- C:\Windows\System\ubDFVFL.exe
  C:\Windows\System\ubDFVFL.exe
  2⤵
  PID:5488
- C:\Windows\System\qpEotPq.exe
  C:\Windows\System\qpEotPq.exe
  2⤵
  PID:4796
- C:\Windows\System\tsfpjKD.exe
  C:\Windows\System\tsfpjKD.exe
  2⤵
  PID:5560
- C:\Windows\System\SFCWexG.exe
  C:\Windows\System\SFCWexG.exe
  2⤵
  PID:6156
- C:\Windows\System\CtPMteh.exe
  C:\Windows\System\CtPMteh.exe
  2⤵
  PID:6176
- C:\Windows\System\pJHpjSt.exe
  C:\Windows\System\pJHpjSt.exe
  2⤵
  PID:6204
- C:\Windows\System\FNShsOg.exe
  C:\Windows\System\FNShsOg.exe
  2⤵
  PID:6220
- C:\Windows\System\gSjNVfs.exe
  C:\Windows\System\gSjNVfs.exe
  2⤵
  PID:6236
- C:\Windows\System\jnTtuHk.exe
  C:\Windows\System\jnTtuHk.exe
  2⤵
  PID:6256
- C:\Windows\System\AUIRdHR.exe
  C:\Windows\System\AUIRdHR.exe
  2⤵
  PID:6272
- C:\Windows\System\uTWsQCU.exe
  C:\Windows\System\uTWsQCU.exe
  2⤵
  PID:6288
- C:\Windows\System\cwVlzao.exe
  C:\Windows\System\cwVlzao.exe
  2⤵
  PID:6312
- C:\Windows\System\eljKzJt.exe
  C:\Windows\System\eljKzJt.exe
  2⤵
  PID:6340
- C:\Windows\System\gzxAYwr.exe
  C:\Windows\System\gzxAYwr.exe
  2⤵
  PID:6372
- C:\Windows\System\xEjsihK.exe
  C:\Windows\System\xEjsihK.exe
  2⤵
  PID:6396
- C:\Windows\System\UJTtQfH.exe
  C:\Windows\System\UJTtQfH.exe
  2⤵
  PID:6412
- C:\Windows\System\fRMBHTK.exe
  C:\Windows\System\fRMBHTK.exe
  2⤵
  PID:6428
- C:\Windows\System\krBAYRl.exe
  C:\Windows\System\krBAYRl.exe
  2⤵
  PID:6448
- C:\Windows\System\pDmbnoW.exe
  C:\Windows\System\pDmbnoW.exe
  2⤵
  PID:6464
- C:\Windows\System\tXRZuKQ.exe
  C:\Windows\System\tXRZuKQ.exe
  2⤵
  PID:6480
- C:\Windows\System\psKTPeA.exe
  C:\Windows\System\psKTPeA.exe
  2⤵
  PID:6496
- C:\Windows\System\GBjHqYR.exe
  C:\Windows\System\GBjHqYR.exe
  2⤵
  PID:6516
- C:\Windows\System\sGBbXon.exe
  C:\Windows\System\sGBbXon.exe
  2⤵
  PID:6532
- C:\Windows\System\UcnrrzY.exe
  C:\Windows\System\UcnrrzY.exe
  2⤵
  PID:6552
- C:\Windows\System\lCdOBAw.exe
  C:\Windows\System\lCdOBAw.exe
  2⤵
  PID:6572
- C:\Windows\System\sBgodqM.exe
  C:\Windows\System\sBgodqM.exe
  2⤵
  PID:6592
- C:\Windows\System\VkfOjKj.exe
  C:\Windows\System\VkfOjKj.exe
  2⤵
  PID:6620
- C:\Windows\System\PeHiWWl.exe
  C:\Windows\System\PeHiWWl.exe
  2⤵
  PID:6636
- C:\Windows\System\eIqtolg.exe
  C:\Windows\System\eIqtolg.exe
  2⤵
  PID:6656
- C:\Windows\System\aOjWJBT.exe
  C:\Windows\System\aOjWJBT.exe
  2⤵
  PID:6676
- C:\Windows\System\KCoUXac.exe
  C:\Windows\System\KCoUXac.exe
  2⤵
  PID:6700
- C:\Windows\System\ytPcgYe.exe
  C:\Windows\System\ytPcgYe.exe
  2⤵
  PID:6724
- C:\Windows\System\hoVwAax.exe
  C:\Windows\System\hoVwAax.exe
  2⤵
  PID:6740
- C:\Windows\System\OcXCTMP.exe
  C:\Windows\System\OcXCTMP.exe
  2⤵
  PID:6760
- C:\Windows\System\ZtWlZmq.exe
  C:\Windows\System\ZtWlZmq.exe
  2⤵
  PID:6776
- C:\Windows\System\Ibpvdqt.exe
  C:\Windows\System\Ibpvdqt.exe
  2⤵
  PID:6792
- C:\Windows\System\InhitUF.exe
  C:\Windows\System\InhitUF.exe
  2⤵
  PID:6816
- C:\Windows\System\LgrYIZP.exe
  C:\Windows\System\LgrYIZP.exe
  2⤵
  PID:6848
- C:\Windows\System\dObXmDu.exe
  C:\Windows\System\dObXmDu.exe
  2⤵
  PID:6864
- C:\Windows\System\grfTXIc.exe
  C:\Windows\System\grfTXIc.exe
  2⤵
  PID:6884
- C:\Windows\System\rScgzUP.exe
  C:\Windows\System\rScgzUP.exe
  2⤵
  PID:6900
- C:\Windows\System\SEfCsGM.exe
  C:\Windows\System\SEfCsGM.exe
  2⤵
  PID:6936
- C:\Windows\System\YgfelVh.exe
  C:\Windows\System\YgfelVh.exe
  2⤵
  PID:6952
- C:\Windows\System\xDKWuwc.exe
  C:\Windows\System\xDKWuwc.exe
  2⤵
  PID:6972
- C:\Windows\System\egDXFoz.exe
  C:\Windows\System\egDXFoz.exe
  2⤵
  PID:6988
- C:\Windows\System\gdjwwVM.exe
  C:\Windows\System\gdjwwVM.exe
  2⤵
  PID:7004
- C:\Windows\System\jLDgooy.exe
  C:\Windows\System\jLDgooy.exe
  2⤵
  PID:7024
- C:\Windows\System\FXiHfDM.exe
  C:\Windows\System\FXiHfDM.exe
  2⤵
  PID:7044
- C:\Windows\System\jeCKxpn.exe
  C:\Windows\System\jeCKxpn.exe
  2⤵
  PID:7068
- C:\Windows\System\MJcqjaR.exe
  C:\Windows\System\MJcqjaR.exe
  2⤵
  PID:7096
- C:\Windows\System\rgrpoxQ.exe
  C:\Windows\System\rgrpoxQ.exe
  2⤵
  PID:7112
- C:\Windows\System\dUaVrVE.exe
  C:\Windows\System\dUaVrVE.exe
  2⤵
  PID:7136
- C:\Windows\System\cyCEuny.exe
  C:\Windows\System\cyCEuny.exe
  2⤵
  PID:7156
- C:\Windows\System\pNYpjof.exe
  C:\Windows\System\pNYpjof.exe
  2⤵
  PID:2616
- C:\Windows\System\GEMMEGG.exe
  C:\Windows\System\GEMMEGG.exe
  2⤵
  PID:4880
- C:\Windows\System\wxJgBEZ.exe
  C:\Windows\System\wxJgBEZ.exe
  2⤵
  PID:5220
- C:\Windows\System\cNXpOpz.exe
  C:\Windows\System\cNXpOpz.exe
  2⤵
  PID:6248
- C:\Windows\System\zJMVOIt.exe
  C:\Windows\System\zJMVOIt.exe
  2⤵
  PID:5992
- C:\Windows\System\TYJIhjA.exe
  C:\Windows\System\TYJIhjA.exe
  2⤵
  PID:6268
- C:\Windows\System\OdHDmNI.exe
  C:\Windows\System\OdHDmNI.exe
  2⤵
  PID:5852
- C:\Windows\System\bdouXle.exe
  C:\Windows\System\bdouXle.exe
  2⤵
  PID:6228
- C:\Windows\System\AvZDQFH.exe
  C:\Windows\System\AvZDQFH.exe
  2⤵
  PID:6380
- C:\Windows\System\deZIbGY.exe
  C:\Windows\System\deZIbGY.exe
  2⤵
  PID:6352
- C:\Windows\System\GsaJSia.exe
  C:\Windows\System\GsaJSia.exe
  2⤵
  PID:6420
- C:\Windows\System\mNBqgkI.exe
  C:\Windows\System\mNBqgkI.exe
  2⤵
  PID:6492
- C:\Windows\System\BZmfDly.exe
  C:\Windows\System\BZmfDly.exe
  2⤵
  PID:6564
- C:\Windows\System\rTJZLAR.exe
  C:\Windows\System\rTJZLAR.exe
  2⤵
  PID:6408
- C:\Windows\System\vutpLIk.exe
  C:\Windows\System\vutpLIk.exe
  2⤵
  PID:6608
- C:\Windows\System\HgmIiIz.exe
  C:\Windows\System\HgmIiIz.exe
  2⤵
  PID:6688
- C:\Windows\System\ADsDcGM.exe
  C:\Windows\System\ADsDcGM.exe
  2⤵
  PID:6584
- C:\Windows\System\LxeCsio.exe
  C:\Windows\System\LxeCsio.exe
  2⤵
  PID:6508
- C:\Windows\System\VekjbHL.exe
  C:\Windows\System\VekjbHL.exe
  2⤵
  PID:6664
- C:\Windows\System\boNcbTO.exe
  C:\Windows\System\boNcbTO.exe
  2⤵
  PID:6720
- C:\Windows\System\PHUQXzN.exe
  C:\Windows\System\PHUQXzN.exe
  2⤵
  PID:6772
- C:\Windows\System\vrPUMdH.exe
  C:\Windows\System\vrPUMdH.exe
  2⤵
  PID:6808
- C:\Windows\System\UMANLMq.exe
  C:\Windows\System\UMANLMq.exe
  2⤵
  PID:6892
- C:\Windows\System\fVtcyog.exe
  C:\Windows\System\fVtcyog.exe
  2⤵
  PID:6824
- C:\Windows\System\PDDwiXS.exe
  C:\Windows\System\PDDwiXS.exe
  2⤵
  PID:6752
- C:\Windows\System\xtiuAaI.exe
  C:\Windows\System\xtiuAaI.exe
  2⤵
  PID:6908
- C:\Windows\System\kszTdog.exe
  C:\Windows\System\kszTdog.exe
  2⤵
  PID:6928
- C:\Windows\System\TRHbBsX.exe
  C:\Windows\System\TRHbBsX.exe
  2⤵
  PID:7020
- C:\Windows\System\hptdSVF.exe
  C:\Windows\System\hptdSVF.exe
  2⤵
  PID:7000
- C:\Windows\System\SwcsxcS.exe
  C:\Windows\System\SwcsxcS.exe
  2⤵
  PID:7052
- C:\Windows\System\NzKOnIf.exe
  C:\Windows\System\NzKOnIf.exe
  2⤵
  PID:7088
- C:\Windows\System\rUHfUVC.exe
  C:\Windows\System\rUHfUVC.exe
  2⤵
  PID:7120
- C:\Windows\System\LETRslN.exe
  C:\Windows\System\LETRslN.exe
  2⤵
  PID:6172
- C:\Windows\System\VxQhQcI.exe
  C:\Windows\System\VxQhQcI.exe
  2⤵
  PID:5792
- C:\Windows\System\KXmoxjH.exe
  C:\Windows\System\KXmoxjH.exe
  2⤵
  PID:6244
- C:\Windows\System\dYjlorE.exe
  C:\Windows\System\dYjlorE.exe
  2⤵
  PID:6196
- C:\Windows\System\LANMSHw.exe
  C:\Windows\System\LANMSHw.exe
  2⤵
  PID:6324
- C:\Windows\System\KaEkSAp.exe
  C:\Windows\System\KaEkSAp.exe
  2⤵
  PID:6360
- C:\Windows\System\ldqcAQJ.exe
  C:\Windows\System\ldqcAQJ.exe
  2⤵
  PID:6460
- C:\Windows\System\rsMGFNi.exe
  C:\Windows\System\rsMGFNi.exe
  2⤵
  PID:6152
- C:\Windows\System\uKThznf.exe
  C:\Windows\System\uKThznf.exe
  2⤵
  PID:6444
- C:\Windows\System\SizZrfB.exe
  C:\Windows\System\SizZrfB.exe
  2⤵
  PID:6604
- C:\Windows\System\ANuiCiI.exe
  C:\Windows\System\ANuiCiI.exe
  2⤵
  PID:6732
- C:\Windows\System\MpDODtg.exe
  C:\Windows\System\MpDODtg.exe
  2⤵
  PID:6544
- C:\Windows\System\gmYOsQz.exe
  C:\Windows\System\gmYOsQz.exe
  2⤵
  PID:6712
- C:\Windows\System\ExGRXLx.exe
  C:\Windows\System\ExGRXLx.exe
  2⤵
  PID:6756
- C:\Windows\System\EGHDZAP.exe
  C:\Windows\System\EGHDZAP.exe
  2⤵
  PID:6832
- C:\Windows\System\dCxIEnZ.exe
  C:\Windows\System\dCxIEnZ.exe
  2⤵
  PID:6844
- C:\Windows\System\oRwLdlE.exe
  C:\Windows\System\oRwLdlE.exe
  2⤵
  PID:6932
- C:\Windows\System\LqfaOIG.exe
  C:\Windows\System\LqfaOIG.exe
  2⤵
  PID:6984
- C:\Windows\System\SfmZzeO.exe
  C:\Windows\System\SfmZzeO.exe
  2⤵
  PID:6960
- C:\Windows\System\NsQSWGk.exe
  C:\Windows\System\NsQSWGk.exe
  2⤵
  PID:7108
- C:\Windows\System\lzHkTib.exe
  C:\Windows\System\lzHkTib.exe
  2⤵
  PID:7084
- C:\Windows\System\YjfLVwM.exe
  C:\Windows\System\YjfLVwM.exe
  2⤵
  PID:7152
- C:\Windows\System\gjNYrfU.exe
  C:\Windows\System\gjNYrfU.exe
  2⤵
  PID:6320
- C:\Windows\System\RibNCep.exe
  C:\Windows\System\RibNCep.exe
  2⤵
  PID:6304
- C:\Windows\System\QyaslCu.exe
  C:\Windows\System\QyaslCu.exe
  2⤵
  PID:6652
- C:\Windows\System\tBUbNsL.exe
  C:\Windows\System\tBUbNsL.exe
  2⤵
  PID:6684
- C:\Windows\System\wCuOYwt.exe
  C:\Windows\System\wCuOYwt.exe
  2⤵
  PID:6504
- C:\Windows\System\PCohfKd.exe
  C:\Windows\System\PCohfKd.exe
  2⤵
  PID:6672
- C:\Windows\System\bSTzExZ.exe
  C:\Windows\System\bSTzExZ.exe
  2⤵
  PID:6748
- C:\Windows\System\aSCNgbe.exe
  C:\Windows\System\aSCNgbe.exe
  2⤵
  PID:6980
- C:\Windows\System\TZKSABE.exe
  C:\Windows\System\TZKSABE.exe
  2⤵
  PID:7124
- C:\Windows\System\WCoGYgl.exe
  C:\Windows\System\WCoGYgl.exe
  2⤵
  PID:7128
- C:\Windows\System\JqActxQ.exe
  C:\Windows\System\JqActxQ.exe
  2⤵
  PID:6880
- C:\Windows\System\XLzVCuc.exe
  C:\Windows\System\XLzVCuc.exe
  2⤵
  PID:6284
- C:\Windows\System\TNJkJWT.exe
  C:\Windows\System\TNJkJWT.exe
  2⤵
  PID:6392
- C:\Windows\System\RIXoHeB.exe
  C:\Windows\System\RIXoHeB.exe
  2⤵
  PID:6616
- C:\Windows\System\fgNCROT.exe
  C:\Windows\System\fgNCROT.exe
  2⤵
  PID:6800
- C:\Windows\System\PVyLbFn.exe
  C:\Windows\System\PVyLbFn.exe
  2⤵
  PID:6788
- C:\Windows\System\AIiHUPB.exe
  C:\Windows\System\AIiHUPB.exe
  2⤵
  PID:6280
- C:\Windows\System\mCQQvwU.exe
  C:\Windows\System\mCQQvwU.exe
  2⤵
  PID:6876
- C:\Windows\System\tvypZFe.exe
  C:\Windows\System\tvypZFe.exe
  2⤵
  PID:6348
- C:\Windows\System\XUWCrON.exe
  C:\Windows\System\XUWCrON.exe
  2⤵
  PID:6148
- C:\Windows\System\yIdQhsB.exe
  C:\Windows\System\yIdQhsB.exe
  2⤵
  PID:6860
- C:\Windows\System\UNeVTxb.exe
  C:\Windows\System\UNeVTxb.exe
  2⤵
  PID:6300
- C:\Windows\System\RdtrmzZ.exe
  C:\Windows\System\RdtrmzZ.exe
  2⤵
  PID:7064
- C:\Windows\System\YEOwAuP.exe
  C:\Windows\System\YEOwAuP.exe
  2⤵
  PID:6588
- C:\Windows\System\lzKBGRi.exe
  C:\Windows\System\lzKBGRi.exe
  2⤵
  PID:6996
- C:\Windows\System\NKfoGMc.exe
  C:\Windows\System\NKfoGMc.exe
  2⤵
  PID:7180
- C:\Windows\System\cLEgIJx.exe
  C:\Windows\System\cLEgIJx.exe
  2⤵
  PID:7200
- C:\Windows\System\BFmnJYq.exe
  C:\Windows\System\BFmnJYq.exe
  2⤵
  PID:7220
- C:\Windows\System\XPowpvI.exe
  C:\Windows\System\XPowpvI.exe
  2⤵
  PID:7244
- C:\Windows\System\KCndTER.exe
  C:\Windows\System\KCndTER.exe
  2⤵
  PID:7276
- C:\Windows\System\FRQUvoV.exe
  C:\Windows\System\FRQUvoV.exe
  2⤵
  PID:7292
- C:\Windows\System\SMjrIoQ.exe
  C:\Windows\System\SMjrIoQ.exe
  2⤵
  PID:7308
- C:\Windows\System\vUxhVoL.exe
  C:\Windows\System\vUxhVoL.exe
  2⤵
  PID:7324
- C:\Windows\System\IkHuypG.exe
  C:\Windows\System\IkHuypG.exe
  2⤵
  PID:7344
- C:\Windows\System\IxwvVpv.exe
  C:\Windows\System\IxwvVpv.exe
  2⤵
  PID:7368
- C:\Windows\System\QBWVQxZ.exe
  C:\Windows\System\QBWVQxZ.exe
  2⤵
  PID:7392
- C:\Windows\System\NCuoXYu.exe
  C:\Windows\System\NCuoXYu.exe
  2⤵
  PID:7408
- C:\Windows\System\eMtcDNp.exe
  C:\Windows\System\eMtcDNp.exe
  2⤵
  PID:7424
- C:\Windows\System\bDOqKud.exe
  C:\Windows\System\bDOqKud.exe
  2⤵
  PID:7440
- C:\Windows\System\qiZfjoT.exe
  C:\Windows\System\qiZfjoT.exe
  2⤵
  PID:7456
- C:\Windows\System\AexvWvm.exe
  C:\Windows\System\AexvWvm.exe
  2⤵
  PID:7472
- C:\Windows\System\CDNbXuf.exe
  C:\Windows\System\CDNbXuf.exe
  2⤵
  PID:7512
- C:\Windows\System\qcuyVVz.exe
  C:\Windows\System\qcuyVVz.exe
  2⤵
  PID:7528
- C:\Windows\System\ysbUXpg.exe
  C:\Windows\System\ysbUXpg.exe
  2⤵
  PID:7544
- C:\Windows\System\bXcrPSw.exe
  C:\Windows\System\bXcrPSw.exe
  2⤵
  PID:7568
- C:\Windows\System\fMdXPmh.exe
  C:\Windows\System\fMdXPmh.exe
  2⤵
  PID:7584
- C:\Windows\System\ngXMeBA.exe
  C:\Windows\System\ngXMeBA.exe
  2⤵
  PID:7600
- C:\Windows\System\yWtUtqp.exe
  C:\Windows\System\yWtUtqp.exe
  2⤵
  PID:7624
- C:\Windows\System\nYGuTGw.exe
  C:\Windows\System\nYGuTGw.exe
  2⤵
  PID:7640
- C:\Windows\System\hHDIwuz.exe
  C:\Windows\System\hHDIwuz.exe
  2⤵
  PID:7656
- C:\Windows\System\RUtDCWU.exe
  C:\Windows\System\RUtDCWU.exe
  2⤵
  PID:7688
- C:\Windows\System\dazDOWQ.exe
  C:\Windows\System\dazDOWQ.exe
  2⤵
  PID:7704
- C:\Windows\System\QHjyxfL.exe
  C:\Windows\System\QHjyxfL.exe
  2⤵
  PID:7728
- C:\Windows\System\xMoPKWz.exe
  C:\Windows\System\xMoPKWz.exe
  2⤵
  PID:7752
- C:\Windows\System\BsOWCqJ.exe
  C:\Windows\System\BsOWCqJ.exe
  2⤵
  PID:7768
- C:\Windows\System\arBjlOj.exe
  C:\Windows\System\arBjlOj.exe
  2⤵
  PID:7796
- C:\Windows\System\rlOIDDd.exe
  C:\Windows\System\rlOIDDd.exe
  2⤵
  PID:7812
- C:\Windows\System\iQTekbj.exe
  C:\Windows\System\iQTekbj.exe
  2⤵
  PID:7836
- C:\Windows\System\wboZuIJ.exe
  C:\Windows\System\wboZuIJ.exe
  2⤵
  PID:7852
- C:\Windows\System\yWcZNHK.exe
  C:\Windows\System\yWcZNHK.exe
  2⤵
  PID:7868
- C:\Windows\System\upUcfLR.exe
  C:\Windows\System\upUcfLR.exe
  2⤵
  PID:7884
- C:\Windows\System\ATzywJl.exe
  C:\Windows\System\ATzywJl.exe
  2⤵
  PID:7900
- C:\Windows\System\nJQOUAY.exe
  C:\Windows\System\nJQOUAY.exe
  2⤵
  PID:7916
- C:\Windows\System\aLenxiV.exe
  C:\Windows\System\aLenxiV.exe
  2⤵
  PID:7948
- C:\Windows\System\UTebmHe.exe
  C:\Windows\System\UTebmHe.exe
  2⤵
  PID:7964
- C:\Windows\System\wPdUmlj.exe
  C:\Windows\System\wPdUmlj.exe
  2⤵
  PID:7984
- C:\Windows\System\mhMWhmN.exe
  C:\Windows\System\mhMWhmN.exe
  2⤵
  PID:8000
- C:\Windows\System\WfvOYVc.exe
  C:\Windows\System\WfvOYVc.exe
  2⤵
  PID:8016
- C:\Windows\System\YqUoeYo.exe
  C:\Windows\System\YqUoeYo.exe
  2⤵
  PID:8036
- C:\Windows\System\FjufVGk.exe
  C:\Windows\System\FjufVGk.exe
  2⤵
  PID:8056
- C:\Windows\System\HdzdrVp.exe
  C:\Windows\System\HdzdrVp.exe
  2⤵
  PID:8080
- C:\Windows\System\LVhftpW.exe
  C:\Windows\System\LVhftpW.exe
  2⤵
  PID:8100
- C:\Windows\System\MFLrHXS.exe
  C:\Windows\System\MFLrHXS.exe
  2⤵
  PID:8116
- C:\Windows\System\ltucYyj.exe
  C:\Windows\System\ltucYyj.exe
  2⤵
  PID:8140
- C:\Windows\System\UBiOepT.exe
  C:\Windows\System\UBiOepT.exe
  2⤵
  PID:8156
- C:\Windows\System\hycPOdy.exe
  C:\Windows\System\hycPOdy.exe
  2⤵
  PID:8180
- C:\Windows\System\duZOJzq.exe
  C:\Windows\System\duZOJzq.exe
  2⤵
  PID:6184
- C:\Windows\System\oYipUKt.exe
  C:\Windows\System\oYipUKt.exe
  2⤵
  PID:6488
- C:\Windows\System\mDoYeRQ.exe
  C:\Windows\System\mDoYeRQ.exe
  2⤵
  PID:6540
- C:\Windows\System\WryVTmn.exe
  C:\Windows\System\WryVTmn.exe
  2⤵
  PID:7228
- C:\Windows\System\ujWYJut.exe
  C:\Windows\System\ujWYJut.exe
  2⤵
  PID:7272
- C:\Windows\System\eHZqeDg.exe
  C:\Windows\System\eHZqeDg.exe
  2⤵
  PID:1000
- C:\Windows\System\pOWWlVR.exe
  C:\Windows\System\pOWWlVR.exe
  2⤵
  PID:7352
- C:\Windows\System\geVwokI.exe
  C:\Windows\System\geVwokI.exe
  2⤵
  PID:7316
- C:\Windows\System\ZcKxLhl.exe
  C:\Windows\System\ZcKxLhl.exe
  2⤵
  PID:7376
- C:\Windows\System\wyLfSrz.exe
  C:\Windows\System\wyLfSrz.exe
  2⤵
  PID:7436
- C:\Windows\System\MtivgcP.exe
  C:\Windows\System\MtivgcP.exe
  2⤵
  PID:7492
- C:\Windows\System\WnbNUQX.exe
  C:\Windows\System\WnbNUQX.exe
  2⤵
  PID:7500
- C:\Windows\System\WQrqbDj.exe
  C:\Windows\System\WQrqbDj.exe
  2⤵
  PID:7508
- C:\Windows\System\qNdVktM.exe
  C:\Windows\System\qNdVktM.exe
  2⤵
  PID:7592
- C:\Windows\System\rBDgBYz.exe
  C:\Windows\System\rBDgBYz.exe
  2⤵
  PID:7576
- C:\Windows\System\oZcQVcP.exe
  C:\Windows\System\oZcQVcP.exe
  2⤵
  PID:7612
- C:\Windows\System\sBgbnGx.exe
  C:\Windows\System\sBgbnGx.exe
  2⤵
  PID:7648
- C:\Windows\System\XqMdsAI.exe
  C:\Windows\System\XqMdsAI.exe
  2⤵
  PID:7680
- C:\Windows\System\DbOViXc.exe
  C:\Windows\System\DbOViXc.exe
  2⤵
  PID:7776
- C:\Windows\System\DgGlMiR.exe
  C:\Windows\System\DgGlMiR.exe
  2⤵
  PID:7720
- C:\Windows\System\yAuKRZr.exe
  C:\Windows\System\yAuKRZr.exe
  2⤵
  PID:7764
- C:\Windows\System\iHfOVzU.exe
  C:\Windows\System\iHfOVzU.exe
  2⤵
  PID:7808
- C:\Windows\System\jpMhrTx.exe
  C:\Windows\System\jpMhrTx.exe
  2⤵
  PID:7932
- C:\Windows\System\YxHlSNx.exe
  C:\Windows\System\YxHlSNx.exe
  2⤵
  PID:7940
- C:\Windows\System\oFQzxIa.exe
  C:\Windows\System\oFQzxIa.exe
  2⤵
  PID:8044
- C:\Windows\System\XHiPRWE.exe
  C:\Windows\System\XHiPRWE.exe
  2⤵
  PID:8088
- C:\Windows\System\slBwEVM.exe
  C:\Windows\System\slBwEVM.exe
  2⤵
  PID:8128
- C:\Windows\System\FyhpZcU.exe
  C:\Windows\System\FyhpZcU.exe
  2⤵
  PID:8172
- C:\Windows\System\UIFpYXo.exe
  C:\Windows\System\UIFpYXo.exe
  2⤵
  PID:7252
- C:\Windows\System\QbwBEBb.exe
  C:\Windows\System\QbwBEBb.exe
  2⤵
  PID:8028
- C:\Windows\System\jRUBDNq.exe
  C:\Windows\System\jRUBDNq.exe
  2⤵
  PID:7288
- C:\Windows\System\XTgsQAf.exe
  C:\Windows\System\XTgsQAf.exe
  2⤵
  PID:7496
- C:\Windows\System\lxhVNGO.exe
  C:\Windows\System\lxhVNGO.exe
  2⤵
  PID:7552
- C:\Windows\System\sNZHdEX.exe
  C:\Windows\System\sNZHdEX.exe
  2⤵
  PID:7700
- C:\Windows\System\ySysMyD.exe
  C:\Windows\System\ySysMyD.exe
  2⤵
  PID:7804
- C:\Windows\System\XMpAEni.exe
  C:\Windows\System\XMpAEni.exe
  2⤵
  PID:7956
- C:\Windows\System\qKSKdPq.exe
  C:\Windows\System\qKSKdPq.exe
  2⤵
  PID:7824
- C:\Windows\System\GaveJtD.exe
  C:\Windows\System\GaveJtD.exe
  2⤵
  PID:7268
- C:\Windows\System\WXHXInO.exe
  C:\Windows\System\WXHXInO.exe
  2⤵
  PID:7936
- C:\Windows\System\xeUiyXb.exe
  C:\Windows\System\xeUiyXb.exe
  2⤵
  PID:8064
- C:\Windows\System\KrEJMEs.exe
  C:\Windows\System\KrEJMEs.exe
  2⤵
  PID:8108
- C:\Windows\System\xADylsX.exe
  C:\Windows\System\xADylsX.exe
  2⤵
  PID:7216
- C:\Windows\System\GNdnjJj.exe
  C:\Windows\System\GNdnjJj.exe
  2⤵
  PID:7540
- C:\Windows\System\RLDkcux.exe
  C:\Windows\System\RLDkcux.exe
  2⤵
  PID:7908
- C:\Windows\System\bHaJHgB.exe
  C:\Windows\System\bHaJHgB.exe
  2⤵
  PID:7784
- C:\Windows\System\UTBGveB.exe
  C:\Windows\System\UTBGveB.exe
  2⤵
  PID:7832
- C:\Windows\System\tvHiKHX.exe
  C:\Windows\System\tvHiKHX.exe
  2⤵
  PID:7980
- C:\Windows\System\QymVxId.exe
  C:\Windows\System\QymVxId.exe
  2⤵
  PID:8096
- C:\Windows\System\IYpvLwp.exe
  C:\Windows\System\IYpvLwp.exe
  2⤵
  PID:8136
- C:\Windows\System\CsySrfH.exe
  C:\Windows\System\CsySrfH.exe
  2⤵
  PID:7636
- C:\Windows\System\CHWFQMU.exe
  C:\Windows\System\CHWFQMU.exe
  2⤵
  PID:7780
- C:\Windows\System\HNZyNsv.exe
  C:\Windows\System\HNZyNsv.exe
  2⤵
  PID:7400
- C:\Windows\System\TmAfMtM.exe
  C:\Windows\System\TmAfMtM.exe
  2⤵
  PID:7336
- C:\Windows\System\YIDgjrM.exe
  C:\Windows\System\YIDgjrM.exe
  2⤵
  PID:7820
- C:\Windows\System\WiuXmlS.exe
  C:\Windows\System\WiuXmlS.exe
  2⤵
  PID:7356
- C:\Windows\System\QBSmJkk.exe
  C:\Windows\System\QBSmJkk.exe
  2⤵
  PID:8148
- C:\Windows\System\igStckQ.exe
  C:\Windows\System\igStckQ.exe
  2⤵
  PID:7876
- C:\Windows\System\lGaonHT.exe
  C:\Windows\System\lGaonHT.exe
  2⤵
  PID:7332
- C:\Windows\System\GhoDZGb.exe
  C:\Windows\System\GhoDZGb.exe
  2⤵
  PID:7488
- C:\Windows\System\qmehlOW.exe
  C:\Windows\System\qmehlOW.exe
  2⤵
  PID:7864
- C:\Windows\System\yiKVrzP.exe
  C:\Windows\System\yiKVrzP.exe
  2⤵
  PID:7176
- C:\Windows\System\bwqQvdF.exe
  C:\Windows\System\bwqQvdF.exe
  2⤵
  PID:7676
- C:\Windows\System\YeYzINS.exe
  C:\Windows\System\YeYzINS.exe
  2⤵
  PID:7304
- C:\Windows\System\CwxxZEv.exe
  C:\Windows\System\CwxxZEv.exe
  2⤵
  PID:7520
- C:\Windows\System\sNUzRZT.exe
  C:\Windows\System\sNUzRZT.exe
  2⤵
  PID:7912
- C:\Windows\System\SSYhkCy.exe
  C:\Windows\System\SSYhkCy.exe
  2⤵
  PID:7744
- C:\Windows\System\GqDXEbk.exe
  C:\Windows\System\GqDXEbk.exe
  2⤵
  PID:7240
- C:\Windows\System\TcdJKjh.exe
  C:\Windows\System\TcdJKjh.exe
  2⤵
  PID:6528
- C:\Windows\System\NJLSgUZ.exe
  C:\Windows\System\NJLSgUZ.exe
  2⤵
  PID:7740
- C:\Windows\System\dMUhGpE.exe
  C:\Windows\System\dMUhGpE.exe
  2⤵
  PID:7924
- C:\Windows\System\PSlSmxa.exe
  C:\Windows\System\PSlSmxa.exe
  2⤵
  PID:8052
- C:\Windows\System\WbxnEPW.exe
  C:\Windows\System\WbxnEPW.exe
  2⤵
  PID:7092
- C:\Windows\System\SjmxCKK.exe
  C:\Windows\System\SjmxCKK.exe
  2⤵
  PID:7264
- C:\Windows\System\vFujdQI.exe
  C:\Windows\System\vFujdQI.exe
  2⤵
  PID:7848
- C:\Windows\System\nQrJkmJ.exe
  C:\Windows\System\nQrJkmJ.exe
  2⤵
  PID:8196
- C:\Windows\System\nzyBQBY.exe
  C:\Windows\System\nzyBQBY.exe
  2⤵
  PID:8212
- C:\Windows\System\IgSQnXX.exe
  C:\Windows\System\IgSQnXX.exe
  2⤵
  PID:8232
- C:\Windows\System\kKofvAX.exe
  C:\Windows\System\kKofvAX.exe
  2⤵
  PID:8260
- C:\Windows\System\MgyGWDS.exe
  C:\Windows\System\MgyGWDS.exe
  2⤵
  PID:8276
- C:\Windows\System\OUCnblY.exe
  C:\Windows\System\OUCnblY.exe
  2⤵
  PID:8304
- C:\Windows\System\bOytVNk.exe
  C:\Windows\System\bOytVNk.exe
  2⤵
  PID:8320
- C:\Windows\System\qbwYJcR.exe
  C:\Windows\System\qbwYJcR.exe
  2⤵
  PID:8336
- C:\Windows\System\SJpyGPu.exe
  C:\Windows\System\SJpyGPu.exe
  2⤵
  PID:8364
- C:\Windows\System\uUMhQMY.exe
  C:\Windows\System\uUMhQMY.exe
  2⤵
  PID:8380
- C:\Windows\System\iiRIXwa.exe
  C:\Windows\System\iiRIXwa.exe
  2⤵
  PID:8408
- C:\Windows\System\HOouerA.exe
  C:\Windows\System\HOouerA.exe
  2⤵
  PID:8424
- C:\Windows\System\YLHhydU.exe
  C:\Windows\System\YLHhydU.exe
  2⤵
  PID:8444
- C:\Windows\System\HcJlCOk.exe
  C:\Windows\System\HcJlCOk.exe
  2⤵
  PID:8460
- C:\Windows\System\yiadDgq.exe
  C:\Windows\System\yiadDgq.exe
  2⤵
  PID:8488
- C:\Windows\System\atmZjWd.exe
  C:\Windows\System\atmZjWd.exe
  2⤵
  PID:8504
- C:\Windows\System\NSdatpO.exe
  C:\Windows\System\NSdatpO.exe
  2⤵
  PID:8524
- C:\Windows\System\psIOovP.exe
  C:\Windows\System\psIOovP.exe
  2⤵
  PID:8544
- C:\Windows\System\kSaMUFE.exe
  C:\Windows\System\kSaMUFE.exe
  2⤵
  PID:8560
- C:\Windows\System\nNsaHae.exe
  C:\Windows\System\nNsaHae.exe
  2⤵
  PID:8576
- C:\Windows\System\mJlTBtj.exe
  C:\Windows\System\mJlTBtj.exe
  2⤵
  PID:8592
- C:\Windows\System\VtKdQBd.exe
  C:\Windows\System\VtKdQBd.exe
  2⤵
  PID:8612
- C:\Windows\System\alZtroh.exe
  C:\Windows\System\alZtroh.exe
  2⤵
  PID:8632
- C:\Windows\System\KElrUCK.exe
  C:\Windows\System\KElrUCK.exe
  2⤵
  PID:8652
- C:\Windows\System\iVqKwoQ.exe
  C:\Windows\System\iVqKwoQ.exe
  2⤵
  PID:8676
- C:\Windows\System\jHYhHAg.exe
  C:\Windows\System\jHYhHAg.exe
  2⤵
  PID:8692
- C:\Windows\System\EAYqVJz.exe
  C:\Windows\System\EAYqVJz.exe
  2⤵
  PID:8708
- C:\Windows\System\LcUdAxG.exe
  C:\Windows\System\LcUdAxG.exe
  2⤵
  PID:8744
- C:\Windows\System\hkQynJV.exe
  C:\Windows\System\hkQynJV.exe
  2⤵
  PID:8764
- C:\Windows\System\AqHdFJV.exe
  C:\Windows\System\AqHdFJV.exe
  2⤵
  PID:8780
- C:\Windows\System\uckybti.exe
  C:\Windows\System\uckybti.exe
  2⤵
  PID:8796
- C:\Windows\System\GyWYgJJ.exe
  C:\Windows\System\GyWYgJJ.exe
  2⤵
  PID:8812
- C:\Windows\System\fndxiGE.exe
  C:\Windows\System\fndxiGE.exe
  2⤵
  PID:8832
- C:\Windows\System\bwwbGpA.exe
  C:\Windows\System\bwwbGpA.exe
  2⤵
  PID:8872
- C:\Windows\System\LFDTqXB.exe
  C:\Windows\System\LFDTqXB.exe
  2⤵
  PID:8888
- C:\Windows\System\SoNRolq.exe
  C:\Windows\System\SoNRolq.exe
  2⤵
  PID:8904
- C:\Windows\System\JZkqvyj.exe
  C:\Windows\System\JZkqvyj.exe
  2⤵
  PID:8936
- C:\Windows\System\mBVFUGk.exe
  C:\Windows\System\mBVFUGk.exe
  2⤵
  PID:8956
- C:\Windows\System\cSVsfRK.exe
  C:\Windows\System\cSVsfRK.exe
  2⤵
  PID:8972
- C:\Windows\System\myrPuEH.exe
  C:\Windows\System\myrPuEH.exe
  2⤵
  PID:8996
- C:\Windows\System\cwCwhJs.exe
  C:\Windows\System\cwCwhJs.exe
  2⤵
  PID:9012
- C:\Windows\System\RtPQNuX.exe
  C:\Windows\System\RtPQNuX.exe
  2⤵
  PID:9032
- C:\Windows\System\XdIXzxV.exe
  C:\Windows\System\XdIXzxV.exe
  2⤵
  PID:9048
- C:\Windows\System\TcSYHKo.exe
  C:\Windows\System\TcSYHKo.exe
  2⤵
  PID:9068
- C:\Windows\System\hADvHtX.exe
  C:\Windows\System\hADvHtX.exe
  2⤵
  PID:9092
- C:\Windows\System\KeTeVAy.exe
  C:\Windows\System\KeTeVAy.exe
  2⤵
  PID:9112
- C:\Windows\System\PLXwafN.exe
  C:\Windows\System\PLXwafN.exe
  2⤵
  PID:9128
- C:\Windows\System\nCKbpSU.exe
  C:\Windows\System\nCKbpSU.exe
  2⤵
  PID:9148
- C:\Windows\System\akOSYet.exe
  C:\Windows\System\akOSYet.exe
  2⤵
  PID:9172
- C:\Windows\System\sUTRCbc.exe
  C:\Windows\System\sUTRCbc.exe
  2⤵
  PID:9188
- C:\Windows\System\kyRAygY.exe
  C:\Windows\System\kyRAygY.exe
  2⤵
  PID:9212
- C:\Windows\System\GvbknLp.exe
  C:\Windows\System\GvbknLp.exe
  2⤵
  PID:8228
- C:\Windows\System\CAJmutr.exe
  C:\Windows\System\CAJmutr.exe
  2⤵
  PID:8072
- C:\Windows\System\cikTdKf.exe
  C:\Windows\System\cikTdKf.exe
  2⤵
  PID:8268
- C:\Windows\System\WCmrSJE.exe
  C:\Windows\System\WCmrSJE.exe
  2⤵
  PID:8168
- C:\Windows\System\FmxwZKn.exe
  C:\Windows\System\FmxwZKn.exe
  2⤵
  PID:8348
- C:\Windows\System\ygQDJBD.exe
  C:\Windows\System\ygQDJBD.exe
  2⤵
  PID:8360
- C:\Windows\System\FCwMxgf.exe
  C:\Windows\System\FCwMxgf.exe
  2⤵
  PID:8396
- C:\Windows\System\fmpUEvb.exe
  C:\Windows\System\fmpUEvb.exe
  2⤵
  PID:8440
- C:\Windows\System\gsQMgIX.exe
  C:\Windows\System\gsQMgIX.exe
  2⤵
  PID:8392
- C:\Windows\System\DsIYvMf.exe
  C:\Windows\System\DsIYvMf.exe
  2⤵
  PID:8516
- C:\Windows\System\gtmXCks.exe
  C:\Windows\System\gtmXCks.exe
  2⤵
  PID:8536
- C:\Windows\System\mLWsBiw.exe
  C:\Windows\System\mLWsBiw.exe
  2⤵
  PID:8572
- C:\Windows\System\PSISglK.exe
  C:\Windows\System\PSISglK.exe
  2⤵
  PID:8648
- C:\Windows\System\HjmjSut.exe
  C:\Windows\System\HjmjSut.exe
  2⤵
  PID:8720
- C:\Windows\System\qJNYlOi.exe
  C:\Windows\System\qJNYlOi.exe
  2⤵
  PID:8660
- C:\Windows\System\aUuSggf.exe
  C:\Windows\System\aUuSggf.exe
  2⤵
  PID:8732
- C:\Windows\System\xsspBNB.exe
  C:\Windows\System\xsspBNB.exe
  2⤵
  PID:8756
- C:\Windows\System\zIHnTae.exe
  C:\Windows\System\zIHnTae.exe
  2⤵
  PID:8760
- C:\Windows\System\RbqRWwk.exe
  C:\Windows\System\RbqRWwk.exe
  2⤵
  PID:8840
- C:\Windows\System\RMIJwEI.exe
  C:\Windows\System\RMIJwEI.exe
  2⤵
  PID:8856
- C:\Windows\System\bXPBaIv.exe
  C:\Windows\System\bXPBaIv.exe
  2⤵
  PID:8900
- C:\Windows\System\FedzsRn.exe
  C:\Windows\System\FedzsRn.exe
  2⤵
  PID:8924
- C:\Windows\System\jrFfNWs.exe
  C:\Windows\System\jrFfNWs.exe
  2⤵
  PID:8980
- C:\Windows\System\VtdrHAk.exe
  C:\Windows\System\VtdrHAk.exe
  2⤵
  PID:8984
- C:\Windows\System\YQyuRhg.exe
  C:\Windows\System\YQyuRhg.exe
  2⤵
  PID:9024
- C:\Windows\System\sOlcwaL.exe
  C:\Windows\System\sOlcwaL.exe
  2⤵
  PID:9040
- C:\Windows\System\PrUpBOD.exe
  C:\Windows\System\PrUpBOD.exe
  2⤵
  PID:9144
- C:\Windows\System\GgeWtjQ.exe
  C:\Windows\System\GgeWtjQ.exe
  2⤵
  PID:9184
- C:\Windows\System\DkxSxxi.exe
  C:\Windows\System\DkxSxxi.exe
  2⤵
  PID:8208
- C:\Windows\System\zzKpfQz.exe
  C:\Windows\System\zzKpfQz.exe
  2⤵
  PID:9120
- C:\Windows\System\TXPhKCc.exe
  C:\Windows\System\TXPhKCc.exe
  2⤵
  PID:9208
- C:\Windows\System\vwYHqts.exe
  C:\Windows\System\vwYHqts.exe
  2⤵
  PID:9168
- C:\Windows\System\toSdRIc.exe
  C:\Windows\System\toSdRIc.exe
  2⤵
  PID:8292
- C:\Windows\System\guCgLkc.exe
  C:\Windows\System\guCgLkc.exe
  2⤵
  PID:8288
- C:\Windows\System\WbBalLb.exe
  C:\Windows\System\WbBalLb.exe
  2⤵
  PID:8436
- C:\Windows\System\AGZYhHd.exe
  C:\Windows\System\AGZYhHd.exe
  2⤵
  PID:8468
- C:\Windows\System\DtIIjji.exe
  C:\Windows\System\DtIIjji.exe
  2⤵
  PID:8608
- C:\Windows\System\uDXXabF.exe
  C:\Windows\System\uDXXabF.exe
  2⤵
  PID:8928
- C:\Windows\System\pUOeXQL.exe
  C:\Windows\System\pUOeXQL.exe
  2⤵
  PID:8724
- C:\Windows\System\npjabBv.exe
  C:\Windows\System\npjabBv.exe
  2⤵
  PID:8668
- C:\Windows\System\dPXtWDl.exe
  C:\Windows\System\dPXtWDl.exe
  2⤵
  PID:8776
- C:\Windows\System\OSAAKCB.exe
  C:\Windows\System\OSAAKCB.exe
  2⤵
  PID:8828
- C:\Windows\System\EhipWsn.exe
  C:\Windows\System\EhipWsn.exe
  2⤵
  PID:8880
- C:\Windows\System\YHrDSNR.exe
  C:\Windows\System\YHrDSNR.exe
  2⤵
  PID:8912
- C:\Windows\System\WtAYsNI.exe
  C:\Windows\System\WtAYsNI.exe
  2⤵
  PID:8988
- C:\Windows\System\NnaPjls.exe
  C:\Windows\System\NnaPjls.exe
  2⤵
  PID:9108
- C:\Windows\System\bfktxcU.exe
  C:\Windows\System\bfktxcU.exe
  2⤵
  PID:9104
- C:\Windows\System\vHKVazA.exe
  C:\Windows\System\vHKVazA.exe
  2⤵
  PID:9160
- C:\Windows\System\TtpObjO.exe
  C:\Windows\System\TtpObjO.exe
  2⤵
  PID:9164
- C:\Windows\System\ntOEwUj.exe
  C:\Windows\System\ntOEwUj.exe
  2⤵
  PID:8220
- C:\Windows\System\hDqblpV.exe
  C:\Windows\System\hDqblpV.exe
  2⤵
  PID:8272
- C:\Windows\System\uAMcfpU.exe
  C:\Windows\System\uAMcfpU.exe
  2⤵
  PID:8404
- C:\Windows\System\xKgUJmT.exe
  C:\Windows\System\xKgUJmT.exe
  2⤵
  PID:8532
- C:\Windows\System\TZqkgMi.exe
  C:\Windows\System\TZqkgMi.exe
  2⤵
  PID:8808
- C:\Windows\System\pyfYmXf.exe
  C:\Windows\System\pyfYmXf.exe
  2⤵
  PID:8948
- C:\Windows\System\yzoXkap.exe
  C:\Windows\System\yzoXkap.exe
  2⤵
  PID:9060
- C:\Windows\System\rozdtGj.exe
  C:\Windows\System\rozdtGj.exe
  2⤵
  PID:8824
- C:\Windows\System\tsOtrgF.exe
  C:\Windows\System\tsOtrgF.exe
  2⤵
  PID:9156
- C:\Windows\System\AHVXmbU.exe
  C:\Windows\System\AHVXmbU.exe
  2⤵
  PID:9204
- C:\Windows\System\uRnekeD.exe
  C:\Windows\System\uRnekeD.exe
  2⤵
  PID:8332
- C:\Windows\System\fglGTKK.exe
  C:\Windows\System\fglGTKK.exe
  2⤵
  PID:8496
- C:\Windows\System\BXmlKDq.exe
  C:\Windows\System\BXmlKDq.exe
  2⤵
  PID:8624
- C:\Windows\System\zxTbCMD.exe
  C:\Windows\System\zxTbCMD.exe
  2⤵
  PID:8740
- C:\Windows\System\qVuAvKz.exe
  C:\Windows\System\qVuAvKz.exe
  2⤵
  PID:8944
- C:\Windows\System\FpZZFaZ.exe
  C:\Windows\System\FpZZFaZ.exe
  2⤵
  PID:8752
- C:\Windows\System\fQhQgYN.exe
  C:\Windows\System\fQhQgYN.exe
  2⤵
  PID:8456
- C:\Windows\System\JUbfLpG.exe
  C:\Windows\System\JUbfLpG.exe
  2⤵
  PID:7652
- C:\Windows\System\WYDxWSH.exe
  C:\Windows\System\WYDxWSH.exe
  2⤵
  PID:8704
- C:\Windows\System\fYuVSli.exe
  C:\Windows\System\fYuVSli.exe
  2⤵
  PID:8568
- C:\Windows\System\yeyHEqO.exe
  C:\Windows\System\yeyHEqO.exe
  2⤵
  PID:9004
- C:\Windows\System\ymhiEUP.exe
  C:\Windows\System\ymhiEUP.exe
  2⤵
  PID:8472
- C:\Windows\System\KQlXTXd.exe
  C:\Windows\System\KQlXTXd.exe
  2⤵
  PID:8896
- C:\Windows\System\wENkdFx.exe
  C:\Windows\System\wENkdFx.exe
  2⤵
  PID:8868
- C:\Windows\System\tTpxwze.exe
  C:\Windows\System\tTpxwze.exe
  2⤵
  PID:8968
- C:\Windows\System\KtQjKWJ.exe
  C:\Windows\System\KtQjKWJ.exe
  2⤵
  PID:8952
- C:\Windows\System\LQJKsuI.exe
  C:\Windows\System\LQJKsuI.exe
  2⤵
  PID:8344
- C:\Windows\System\OMqQPdp.exe
  C:\Windows\System\OMqQPdp.exe
  2⤵
  PID:9228
- C:\Windows\System\aqZpWrk.exe
  C:\Windows\System\aqZpWrk.exe
  2⤵
  PID:9252
- C:\Windows\System\zletheV.exe
  C:\Windows\System\zletheV.exe
  2⤵
  PID:9272
- C:\Windows\System\ILLwTTV.exe
  C:\Windows\System\ILLwTTV.exe
  2⤵
  PID:9296
- C:\Windows\System\LRlwZTr.exe
  C:\Windows\System\LRlwZTr.exe
  2⤵
  PID:9312
- C:\Windows\System\AWYSAwr.exe
  C:\Windows\System\AWYSAwr.exe
  2⤵
  PID:9332
- C:\Windows\System\fivtQZn.exe
  C:\Windows\System\fivtQZn.exe
  2⤵
  PID:9352
- C:\Windows\System\EvlcCmY.exe
  C:\Windows\System\EvlcCmY.exe
  2⤵
  PID:9380
- C:\Windows\System\uTttrnD.exe
  C:\Windows\System\uTttrnD.exe
  2⤵
  PID:9400
- C:\Windows\System\QPWeJZD.exe
  C:\Windows\System\QPWeJZD.exe
  2⤵
  PID:9420
- C:\Windows\System\rrCBlrc.exe
  C:\Windows\System\rrCBlrc.exe
  2⤵
  PID:9440
- C:\Windows\System\FvpGaya.exe
  C:\Windows\System\FvpGaya.exe
  2⤵
  PID:9468
- C:\Windows\System\aZJLCcu.exe
  C:\Windows\System\aZJLCcu.exe
  2⤵
  PID:9484
- C:\Windows\System\xLyKXjd.exe
  C:\Windows\System\xLyKXjd.exe
  2⤵
  PID:9508
- C:\Windows\System\LSJbRrY.exe
  C:\Windows\System\LSJbRrY.exe
  2⤵
  PID:9524
- C:\Windows\System\sQNhXyz.exe
  C:\Windows\System\sQNhXyz.exe
  2⤵
  PID:9540
- C:\Windows\System\PFQyvxF.exe
  C:\Windows\System\PFQyvxF.exe
  2⤵
  PID:9568
- C:\Windows\System\YrDBIjU.exe
  C:\Windows\System\YrDBIjU.exe
  2⤵
  PID:9584
- C:\Windows\System\QckDlwh.exe
  C:\Windows\System\QckDlwh.exe
  2⤵
  PID:9608
- C:\Windows\System\zCfbmfE.exe
  C:\Windows\System\zCfbmfE.exe
  2⤵
  PID:9624
- C:\Windows\System\cWkoNkR.exe
  C:\Windows\System\cWkoNkR.exe
  2⤵
  PID:9644
- C:\Windows\System\DplTlzi.exe
  C:\Windows\System\DplTlzi.exe
  2⤵
  PID:9668
- C:\Windows\System\oImrgDg.exe
  C:\Windows\System\oImrgDg.exe
  2⤵
  PID:9696
- C:\Windows\System\BhrGQtq.exe
  C:\Windows\System\BhrGQtq.exe
  2⤵
  PID:9716
- C:\Windows\System\qzilrAs.exe
  C:\Windows\System\qzilrAs.exe
  2⤵
  PID:9736
- C:\Windows\System\yVlaOcR.exe
  C:\Windows\System\yVlaOcR.exe
  2⤵
  PID:9752
- C:\Windows\System\FqrlqoT.exe
  C:\Windows\System\FqrlqoT.exe
  2⤵
  PID:9768
- C:\Windows\System\iSbDbeq.exe
  C:\Windows\System\iSbDbeq.exe
  2⤵
  PID:9788
- C:\Windows\System\GImtZzi.exe
  C:\Windows\System\GImtZzi.exe
  2⤵
  PID:9804
- C:\Windows\System\ZyvYIbW.exe
  C:\Windows\System\ZyvYIbW.exe
  2⤵
  PID:9824
- C:\Windows\System\kvPNFqP.exe
  C:\Windows\System\kvPNFqP.exe
  2⤵
  PID:9852
- C:\Windows\System\xbCpNJF.exe
  C:\Windows\System\xbCpNJF.exe
  2⤵
  PID:9868
- C:\Windows\System\czSbHRg.exe
  C:\Windows\System\czSbHRg.exe
  2⤵
  PID:9912
- C:\Windows\System\XkoNCdf.exe
  C:\Windows\System\XkoNCdf.exe
  2⤵
  PID:9928
- C:\Windows\System\hrnFDiK.exe
  C:\Windows\System\hrnFDiK.exe
  2⤵
  PID:9952
- C:\Windows\System\HglEElm.exe
  C:\Windows\System\HglEElm.exe
  2⤵
  PID:9976
- C:\Windows\System\dGnTsqZ.exe
  C:\Windows\System\dGnTsqZ.exe
  2⤵
  PID:9992
- C:\Windows\System\zyuRaaF.exe
  C:\Windows\System\zyuRaaF.exe
  2⤵
  PID:10008
- C:\Windows\System\sirEYLt.exe
  C:\Windows\System\sirEYLt.exe
  2⤵
  PID:10024
- C:\Windows\System\SRjGwFA.exe
  C:\Windows\System\SRjGwFA.exe
  2⤵
  PID:10056
- C:\Windows\System\pTIPEvF.exe
  C:\Windows\System\pTIPEvF.exe
  2⤵
  PID:10072
- C:\Windows\System\aGQpqRU.exe
  C:\Windows\System\aGQpqRU.exe
  2⤵
  PID:10088
- C:\Windows\System\oFPiGsw.exe
  C:\Windows\System\oFPiGsw.exe
  2⤵
  PID:10108
- C:\Windows\System\eRpFclU.exe
  C:\Windows\System\eRpFclU.exe
  2⤵
  PID:10136
- C:\Windows\System\uAROewR.exe
  C:\Windows\System\uAROewR.exe
  2⤵
  PID:10156
- C:\Windows\System\EiBOcGp.exe
  C:\Windows\System\EiBOcGp.exe
  2⤵
  PID:10176
- C:\Windows\System\GEwNmWW.exe
  C:\Windows\System\GEwNmWW.exe
  2⤵
  PID:10192
- C:\Windows\System\PbWKCxz.exe
  C:\Windows\System\PbWKCxz.exe
  2⤵
  PID:10208
- C:\Windows\System\hLjWWpB.exe
  C:\Windows\System\hLjWWpB.exe
  2⤵
  PID:10224
- C:\Windows\System\VhKhphK.exe
  C:\Windows\System\VhKhphK.exe
  2⤵
  PID:9224
- C:\Windows\System\RCKBrIm.exe
  C:\Windows\System\RCKBrIm.exe
  2⤵
  PID:9248
- C:\Windows\System\MdIAOmS.exe
  C:\Windows\System\MdIAOmS.exe
  2⤵
  PID:9288
- C:\Windows\System\oXQaeKg.exe
  C:\Windows\System\oXQaeKg.exe
  2⤵
  PID:9344
- C:\Windows\System\BFgsTTA.exe
  C:\Windows\System\BFgsTTA.exe
  2⤵
  PID:9388
- C:\Windows\System\jdwLEKU.exe
  C:\Windows\System\jdwLEKU.exe
  2⤵
  PID:9412
- C:\Windows\System\vLrifNC.exe
  C:\Windows\System\vLrifNC.exe
  2⤵
  PID:9448
- C:\Windows\System\TXpdYMW.exe
  C:\Windows\System\TXpdYMW.exe
  2⤵
  PID:9476
- C:\Windows\System\mLlkasr.exe
  C:\Windows\System\mLlkasr.exe
  2⤵
  PID:9496
- C:\Windows\System\xvCmUIf.exe
  C:\Windows\System\xvCmUIf.exe
  2⤵
  PID:9536
- C:\Windows\System\RRiPQCm.exe
  C:\Windows\System\RRiPQCm.exe
  2⤵
  PID:9560
- C:\Windows\System\QPzRXwC.exe
  C:\Windows\System\QPzRXwC.exe
  2⤵
  PID:9592
- C:\Windows\System\NMyQtRy.exe
  C:\Windows\System\NMyQtRy.exe
  2⤵
  PID:9264
- C:\Windows\System\MGvQknt.exe
  C:\Windows\System\MGvQknt.exe
  2⤵
  PID:9664
- C:\Windows\System\uTOSMCE.exe
  C:\Windows\System\uTOSMCE.exe
  2⤵
  PID:9688
- C:\Windows\System\fYjFrRm.exe
  C:\Windows\System\fYjFrRm.exe
  2⤵
  PID:9760
- C:\Windows\System\qEOEAqH.exe
  C:\Windows\System\qEOEAqH.exe
  2⤵
  PID:9840
- C:\Windows\System\qmrFWqt.exe
  C:\Windows\System\qmrFWqt.exe
  2⤵
  PID:9748
- C:\Windows\System\SWNIhkG.exe
  C:\Windows\System\SWNIhkG.exe
  2⤵
  PID:9880
- C:\Windows\System\RyvHAzg.exe
  C:\Windows\System\RyvHAzg.exe
  2⤵
  PID:9820
- C:\Windows\System\jSsgRSB.exe
  C:\Windows\System\jSsgRSB.exe
  2⤵
  PID:9888
- C:\Windows\System\mMxNhvt.exe
  C:\Windows\System\mMxNhvt.exe
  2⤵
  PID:9948
- C:\Windows\System\FUlClAC.exe
  C:\Windows\System\FUlClAC.exe
  2⤵
  PID:9660
- C:\Windows\System\EWLPwpX.exe
  C:\Windows\System\EWLPwpX.exe
  2⤵
  PID:10016
- C:\Windows\System\zvoVITO.exe
  C:\Windows\System\zvoVITO.exe
  2⤵
  PID:10096
- C:\Windows\System\sEFxGAP.exe
  C:\Windows\System\sEFxGAP.exe
  2⤵
  PID:10084
- C:\Windows\System\FxXlrez.exe
  C:\Windows\System\FxXlrez.exe
  2⤵
  PID:10216
- C:\Windows\System\IDRdRtM.exe
  C:\Windows\System\IDRdRtM.exe
  2⤵
  PID:9244
- C:\Windows\System\xtrOajD.exe
  C:\Windows\System\xtrOajD.exe
  2⤵
  PID:10000
- C:\Windows\System\HsutAxh.exe
  C:\Windows\System\HsutAxh.exe
  2⤵
  PID:10132
- C:\Windows\System\MigqCIv.exe
  C:\Windows\System\MigqCIv.exe
  2⤵
  PID:9308
- C:\Windows\System\EDVcCnU.exe
  C:\Windows\System\EDVcCnU.exe
  2⤵
  PID:10080
- C:\Windows\System\iTLBypH.exe
  C:\Windows\System\iTLBypH.exe
  2⤵
  PID:9460
- C:\Windows\System\CLZUkCD.exe
  C:\Windows\System\CLZUkCD.exe
  2⤵
  PID:10200
- C:\Windows\System\kHzXUGi.exe
  C:\Windows\System\kHzXUGi.exe
  2⤵
  PID:9268
- C:\Windows\System\LLALKZq.exe
  C:\Windows\System\LLALKZq.exe
  2⤵
  PID:9436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AmLjGCy.exe

Filesize
6.0MB

MD5
01b71ce02db3320804b1f7aaeab7ba32

SHA1
cd22672acc0788a9ed5d456c3cd7c1360aa7fa1b

SHA256
eb091e809ee1dc0888d1fe81b6601180e39fc831d7a16061fd1351550b4c6814

SHA512
5cf36cf9bbb50ee506f2fee5187ab8c954863079a750a522ee7bda5eb638a9e9b90845c9d7c5d1c785995c5f03412dd30db53677c4c9289dee2a9e7609313efd

Download Submit
C:\Windows\system\BAKSngR.exe

Filesize
6.0MB

MD5
a4c5a0f13b315341680f46b2c0bfa5fe

SHA1
505997fb77ab38c5fea6fe2babd3656ce5f84569

SHA256
21730b104a95d779cacbc83667ae7d1d1c055f6cc1bb2d6fbabe9dadfa1d032f

SHA512
272c76845d4f4d5c188092664e527650d7ee33a39a697ffffb487173a5b6c85791bd296b0a513d6e6b9100164ff946920621264031c2d3492b80eebbdf6dc03f

Download Submit
C:\Windows\system\BMQMitT.exe

Filesize
6.0MB

MD5
5c12caf8d2dc80ec9a38771f914f43c2

SHA1
41d8a9724093c3f0abdb309ebdf78832758a66b1

SHA256
0489cd4b1dc94427576b6bb0a57a13e13c1f39ec829b51d84a49f95b86646b05

SHA512
7de955673c568223d424ac9e40185f9825c7d580288b9b3031dfee13ff48d29a8af18214cacff5db1bce4d9eea6dcb38df3be0212d6cd5f8c84a2554c504e1a7

Download Submit
C:\Windows\system\CcIkuUK.exe

Filesize
6.0MB

MD5
4e2c35dbc354d954a3568f213d1c47e4

SHA1
9419bd63b312c2ede74c33cf8aa39b716955488e

SHA256
965adce6223b02ce31b45d0fdf5b999bd9645791b5278ba6a6ad0965a6ba2389

SHA512
e1ee9050768f92b4d3904f4cbc1f6b53bae78604c96e03029ad6da3b957c890266837bc8498291c5d62f9e01d995086d8d000d85ad9853f664800ce21af767ba

Download Submit
C:\Windows\system\EIhnvHq.exe

Filesize
6.0MB

MD5
f6df138840edc0c4c553afd73bf442f9

SHA1
f4320a37e6457d3636097ad3b472a112f96c2bea

SHA256
5c073a14d078ae1cc73bcfc14e4907d667561ed47da327d6bc6e09c9b118fd88

SHA512
4ba4dc8ef1cac6b292e12211c02b8ae8110e565fff5b9163ff5f2b5ef3d831a6931ca78935bba884ee8e7fc805173f4896a060d7cee4b1dccc26f99e3e777b45

Download Submit
C:\Windows\system\GJHMTwK.exe

Filesize
6.0MB

MD5
dfd8477ebc5e7fb1e3d7d73e6f795433

SHA1
d1a948c8165f5e5a8c5e3d4384dc625eef24ca8a

SHA256
ecac2088247eb57634ec7790eb5eba2c22a1da7777041045aa4992cce9253a8a

SHA512
f838db23639a16e36c98659e9a9e0fe0f99cb134719bf47d3614aa0aef639eb2356b2dc679d65631548cbc7d25d5d9a4e3e81a2618ae86fc370b4b274678bf32

Download Submit
C:\Windows\system\GMmUwkp.exe

Filesize
6.0MB

MD5
c68bad7c0b6ea2cbe58f7f6c4273a65e

SHA1
a7f3bfe909b600dce9e2929d03be6d6a5a41e113

SHA256
c767d68c383138de238ebfea5019217cdf9dbee158cc8cb4bf997f2b30c2b890

SHA512
a4a4761391d429e404af03de767535d0ec6ad29e87c7680390d8d9cefa3894f9682c58b702e69fa253f777b807ab7fd994961cc50c14694a2d402440af917bbe

Download Submit
C:\Windows\system\KJSgqDp.exe

Filesize
6.0MB

MD5
78aa1f4c5fcc07f321b052aa30f15341

SHA1
56f3ab8ba562aef9564ccc9e97aec2149f237675

SHA256
8e555019c36af0c6d42a8b52f51a15553fcae96dfa175c0615f5a63d48c1fe0a

SHA512
6f69972aebf04e46843bb080d89f91f397b6551b08a2aac2ac249886307a4de3f5f16a7f272a09ee461b16e32988d473801a8f192133a74efeb897f4786618e8

Download Submit
C:\Windows\system\LBMCEOY.exe

Filesize
6.0MB

MD5
9788bcdd48f1eca7fd6fe8353b7cd902

SHA1
10e615a5a986da71c5c0e1de6052c52bcc950b51

SHA256
0fb807db8444cc373b8021bd1a1aa860f9d498bf51bdaa7b38964aa61cba176b

SHA512
102430c8904c5e6de47e53be73488b5c589be0b77efcf4f20845a8e1172ce7bc40a0a912b3806157acf74782c297c871703879ce1d07684d8228a796483c6314

Download Submit
C:\Windows\system\LlStvMp.exe

Filesize
6.0MB

MD5
f06e429c75d3c51b57af8e277ed8c8ad

SHA1
458eca9701d9c055db946f23fd13930a0b2d25bc

SHA256
56906dc60e036a7153407b0617fedb3684fe30e950727bc9db0b393c69dc4fd1

SHA512
4a237642c66f6822c7ce5e6b5c8341697a4dcc10504e916d89f5aafb72778a8f2eed117d1a496d15bbf5c191b16c6d5e8df6160a38d434a89a9996bcb04224df

Download Submit
C:\Windows\system\MUizaJX.exe

Filesize
6.0MB

MD5
f3c1042f1d932fdf8493937ce5c39b3f

SHA1
ea1ebea30f95b00a766637169716218f0d0c69b1

SHA256
d4f888e8429c14d4c1cc062d04df25724526fc5b795635f608a2af51e04d4e13

SHA512
f808a06910cd0d8d6e098b664ece6f0ba6758e04e95543eb4ddc9ae3e6d4e7f8db17e8fd21a6b60592205bb74c778dcdae44ca40869d6b613e0ed43a40c17af3

Download Submit
C:\Windows\system\PFhVxLa.exe

Filesize
6.0MB

MD5
bfccfeabd43ae00066d3d7953e2a7a8e

SHA1
43a476b2e0fca4861b67a9d2ecf22166c1d601c0

SHA256
b7ebed195101154b149ef4755adfda6e41d556868c60f2422382ea91631aed9a

SHA512
f938a28a7b89f270105270a50b2391d4c07fdb2637b70781df330f49d36406ef938e7aec79918a35f654f4aa8b2f8835b1988b63fa0cd4558884929694e5ecaa

Download Submit
C:\Windows\system\QqAOJhL.exe

Filesize
6.0MB

MD5
8b70710069491d6a8747fb1eb85f3762

SHA1
18d1c83224898415d7a4aaf3d9dffc2effd6261f

SHA256
c4a19a443309a45dc6b2c95f633ad021314d5abda01a912e479ce8a1d313ec73

SHA512
2ffdddccc30c4b823e41dab96c15d597b584188b83f38b8f5e445a0644e1ed725079690e5fa6d3d1e56e6f409d7d7199c12565d81893d8b2779d6bf8183c8d1f

Download Submit
C:\Windows\system\RyaqTbo.exe

Filesize
6.0MB

MD5
f32e7c8c3fe7660ebdd32580e1f7b52f

SHA1
185dd34e21576d74bb66165ce872dcb795da76b0

SHA256
35f10b4c9350b5a6856075922c7ffdc2954b36f02263202a518640983d2572c2

SHA512
73a5897f25bf77f58a9ec88b9a15c062155d9cb7a342c8f786c7b1e18fa9276901576944620f84f6177747093cf4170e6a5e9a8be785f5bdadf3cd703ce32e95

Download Submit
C:\Windows\system\VQSlZSV.exe

Filesize
6.0MB

MD5
2c0d781475b77b5165f05bd244788e3e

SHA1
6025934742834e45a6e5e9acad5a0a286f3b7b6f

SHA256
4d1b91f5be2823cef5ddefbff204ca08acda509ee30c85f3408f3c5a907c72ac

SHA512
8de5d746aea9b773b27f337fd0c92b649d90f3ba3fadd065935afe97cab338d4bbd46cad70363999e13c5fcb83c2792ff46663615ab0eff03cb87611dde17866

Download Submit
C:\Windows\system\WHJjNGL.exe

Filesize
6.0MB

MD5
d321a7cf04b1859b85779b02d5484d7b

SHA1
6cc3c2a22e879c4722aba5e66ffeb873f47e806e

SHA256
ea9498031a2c402b37c47987618442177acb2c176e3d467289dcae3f3c7de6f2

SHA512
b74b7d21cfbec2aa57fcc25ef57343fbf12392a80542eb07e58d06ca46b4465ef8ce3fdc487fe5d1ebdc58e1885015a56f19ce7ba019483bc6a88e63ae359da1

Download Submit
C:\Windows\system\ZpGZeVp.exe

Filesize
6.0MB

MD5
fd084bbc715fa061fe9d1eaaa242aaac

SHA1
c72d7230ed64e3163e787e82c77c4b47b8c0c715

SHA256
ff096b0390ead362ec63d6dae67755cb77cc69f7d9b8851d20a668316b335ed2

SHA512
9e208f9ae0f7958e9e968a198ba2ad3f59e66bc591e5a6c1c7f63dba4e5aeb7514d8f7be79c81317ce243e73f9f0234c6b4289c38b90c16ac81c38c686c02903

Download Submit
C:\Windows\system\iNrcbNh.exe

Filesize
6.0MB

MD5
ca2b8f318d010c6537aebf881994a99b

SHA1
113cf6c2fed76349cba9cb0e11a359d7d4c6a2a7

SHA256
388f511740c76a771878a6a7f832a4ba35d5d4d2998391312031e82743e459a4

SHA512
45cf97d05444a144b2df4748809d0cc56d5bc31e3ebf208828df1eda820740c9cd8e62701469a11caf75f22eaf72dac1e34c981c2b5e7df625e72dc40b7813d5

Download Submit
C:\Windows\system\kQIlxrY.exe

Filesize
6.0MB

MD5
2bfb4fa8119f89b0f5475ed18e7d577a

SHA1
86a0f69b7b776e80aac95c4f77874729d1cd3dbc

SHA256
d2b5f51237f40f0c3bbf81575237509e4dd77310b20cdaeac662e8c4a6f02ba3

SHA512
ccfee6c6f9139c8f84e1dad28e250a9b58921236da394874faa922791ca611e7bc5c34ecaa7f3a57a7ac0aeddb631bf72b1c4bd365d4688ec809efb59f9590bd

Download Submit
C:\Windows\system\lTtQmFk.exe

Filesize
6.0MB

MD5
65b696ae2fa93a5c2154179a6296daeb

SHA1
a700bc79c25dec4c20d009d25f6481e242c4416d

SHA256
dc1fb98c13b34410e94e76d45ea1c0aeb27d565a81767d149d4599ee40f21eed

SHA512
873522697e95d02857e6d94678d2499663e7d36b2ce329daa29a91b0799b5fc33a827e3d836c8aa9f46b9e46e09f9a2c3414f6cee399906a21a68a3b04c9a699

Download Submit
C:\Windows\system\nezsxup.exe

Filesize
6.0MB

MD5
703d437fd53baa1623c8d2acc4876149

SHA1
afd9895f08cb3e3cabd9871dff06df3495ffb81e

SHA256
f876c2de58ccf47678465aafb5ed500eac920e515ae78f480721d3e08821c480

SHA512
7ab85c1e34ab329f040098732658d4a5233393799817bda6dd6ee5c545819b112d4cdb0b7ec587a93fc4d8e6c3ea1fa42c9ff8dc5d19ff9c16e85e00ca87eaa0

Download Submit
C:\Windows\system\pcMUHpp.exe

Filesize
6.0MB

MD5
ed3929610867b3507f9856aaf023c58d

SHA1
8abbce56bf520b0b3fa74b73bc75f13c9bf8a770

SHA256
bb70425fe4bc7fb51b6605ed8f0e45130b4a13a4669d0ca9b4bdd1e69526a6ff

SHA512
6365f3c0bb38aedea6bead64f4150b5bf6cb889a9671c1e50bc86e52dfeab9d1bf648ec239ab0e1e3952cbf5322202c41659db1719687bf9d2bd78c13ba7bcde

Download Submit
C:\Windows\system\qtSsDaK.exe

Filesize
6.0MB

MD5
d97e541ae7a137d324d3d689832d744d

SHA1
9ba4c63a367a81fce5fc6eb68c41fa57afc7f04d

SHA256
d578066eb7013703a6ea67a010a67d57995fc0de5c2ca490b029b049e3c80e32

SHA512
1898e0fc2911da0a02d6e326fae2fb9fda818aacb7b354aece53374270ff517a5da49d68340df05e237da8868b21ff7ed7289c018bccecc2ccccccbc7b683536

Download Submit
C:\Windows\system\tbgvsOi.exe

Filesize
8B

MD5
e26af5bba182f5ae21d866e95be58acb

SHA1
6355a57a0c4463303343211568c68a84accc98b8

SHA256
8755d9aa995ba16c91281f5d5c77aa24eb9328ec2db29558f5b185dd7569df87

SHA512
000df3331366617a9c113ff257282ac5d38068c7c0edf7028bb88f90bfad6565c7c2573bc180daf566072dcf621ee1775afdd2f8619d5ac74de7c34712a1eeb7

Download Submit
C:\Windows\system\tloCwCd.exe

Filesize
6.0MB

MD5
58b2759c02d5b3690fd4cb59f5b5e219

SHA1
8d9893720d8d97d399029db400445d22d5f84b47

SHA256
f0d0b0b1731d73696e3ec82db7225d92a034f85b66ef548c3c1a99668419ebec

SHA512
9499545a81725c3653d3850210054636b23976813e2094cf083b431236dee09859f78131a55a80d5e817d260333be8c42438e3bf565fb0540b32c585197cbde0

Download Submit
C:\Windows\system\vDFTSuQ.exe

Filesize
6.0MB

MD5
fed4d10d580fe598f9805dbc89a8c59c

SHA1
4b13008158dd269f02a2b0d6756a4355fd68c77c

SHA256
8de7d2fd33a1de1678f16c0bebf9ce91e2902a01bf60ee0742e54fea883bb677

SHA512
596103cb7eb4aaf5ea597e67880a0674a4b851ee32c7f3a62ccf2459a120e3b1cf7ffc02f5b002f1482a1a60dd455f85f1d328f6fbadba31f17b89e4743300c2

Download Submit
C:\Windows\system\xakEZoN.exe

Filesize
6.0MB

MD5
f01b93519a26965f2b616e0b94690dc5

SHA1
458ee3f9429685710efdddf9271c296475e6067d

SHA256
009c923d242860d9f67448c6fb8d239dff654148595e0e0cdd2fd6eb419cbe94

SHA512
fed03babab1d24902c2b738c4deb15ab5ea87297c7e45ec4b3444bd38d706c7381066367c134f02cea539b77cb504a946f66fbbc95f81194c86717e00dfe2f1f

Download Submit
\Windows\system\IkkyTte.exe

Filesize
6.0MB

MD5
395c16e4eda7fd156bff93369d497535

SHA1
33f639c72965038ba35ba2a0ecd55c285de1d951

SHA256
94872bfb848642c0b203b2a0efcda6a65d70c7a83db5917fd9f421a582ac4604

SHA512
82e06e1362e83b1d50c1a8530188389dc54139fadeb6f7b5c345cea9ef8885f97f6f6db060d2dedf256f64aae71eaaa6457655de4a556046ac1a7a5affc1f4e3

Download Submit
\Windows\system\OHqnWZm.exe

Filesize
6.0MB

MD5
4208f977910d91bb60bf50f6530679fc

SHA1
bb8a8523ded26fa19e510c48b5d98e10b864fe8d

SHA256
c6050cd1d47adcdac6462787b7cd75baa192080871055028597dd018fdbd7070

SHA512
cfb7d8d1057bb19dcbd71c9cede8b5ea4a5e397c1b90d88b5a91a3e9a98f2746541c8a1a5ae37b8524e526646fcf8bf1b8c55fd1789a4dbe48f830dc98828e93

Download Submit
\Windows\system\OiVZeZB.exe

Filesize
6.0MB

MD5
32e5a58598d1ef7b66fb4f0bfaf6bde7

SHA1
659b52e706ba283f74686e035bb82a91c8fb797c

SHA256
ec723c3c0a75249bf30ec30631661cd8682f587101b42aa4b9043074ef158919

SHA512
e2c237aed3fa74ae38a51394747f46fa3d03827eee59517056dbeb3c72f8a540fb68f3b79d4f5f21a7a6c3f0b1e51ca8715571937cecd22816f9ef01d0714e3e

Download Submit
\Windows\system\QoghMKf.exe

Filesize
6.0MB

MD5
a66278d1f8004f77647223dafd2fa729

SHA1
81d4c3a143a9a10e2183b7853924416141c06615

SHA256
5983868858bf6c5d5c7a353983a6d16bf96a727a77b930451b18fb38aac36f5c

SHA512
2d981de8cbd57cf11d4521d6ad4a460dd610076891e73fa707fda4eb5ca9af5dab1c2bae89f7c4a9782783dc3f6f6d89bc9681c9ba144cc7a064a3e9c1559f49

Download Submit
\Windows\system\UwAUDTS.exe

Filesize
6.0MB

MD5
137daa94cf0f4bc2c5b9aca4d3c70628

SHA1
913a657a4c6ebe58769c071d8507565c945f39d8

SHA256
0c0ef1ae28d25bc6a5bdcdf15b41bc5157d029ee05a6c71b8dd385e6e9d6d81f

SHA512
55f4742fe6f20f7eb9ea365347a4b9420175db3a4f31bdc860fcc5f9a84209b32bcb3893c67894e9467c825f024cc8595eb1d2cf61287dc30d5f8c512f3b5f22

Download Submit
\Windows\system\XpvFtsh.exe

Filesize
6.0MB

MD5
1d64db0e5ea8eeaab89c77728ef4514d

SHA1
80fc79f040ef1f9d710af1d00fcfed55939582a5

SHA256
10348133ea179e7bd89d5452eb3c6aef300b42bfa54c3e165df3da461af55f5c

SHA512
62f1e09f27db41b16f5211c83dbf3af11902ffead706a6044d23766c09be6d175b1e629840b2c11006aadf6125f39e12538111344db8578651978b8e2357c50e

Download Submit
memory/340-236-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/340-74-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/340-3004-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1100-89-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1100-3021-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1100-505-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1796-97-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-3029-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-669-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-13-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-53-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-2852-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2856-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2152-35-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2152-70-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2308-3018-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2308-375-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2308-82-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2388-50-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-748-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2388-445-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-38-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-885-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-587-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-37-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2388-26-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-71-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2388-28-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-111-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-110-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2388-59-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2388-62-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-30-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-94-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-93-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2388-102-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-101-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-0-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2388-46-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2388-85-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2520-42-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2520-8-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2790-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2620-66-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3001-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2620-105-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2748-27-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2860-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2772-2948-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2772-60-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2852-65-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-32-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-2855-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2925-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2884-81-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2884-44-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2950-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3000-88-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3000-51-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/3016-824-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-106-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3044-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download