cobaltstrike | 6873d1a6679a85b62f9c4304a368fed386b8082d18b9f36d0acc4cf94744d739

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e63f228aa856beaabe93e642733a4506
SHA1

e989cc9eb87695bbd65aef1ac8850e5bd6b67726
SHA256

6873d1a6679a85b62f9c4304a368fed386b8082d18b9f36d0acc4cf94744d739
SHA512

6e4514d59fbc831645f03c3c5b296b3cd28c9ede1272a30e274e68cfe67b14f1ce64a339b25644464a6e481d1dcec2768c8e3a453078d3c378eb5aa9404dc376
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\qIVlcKe.exe	cobalt_reflective_dll
\Windows\system\ofUwMAE.exe	cobalt_reflective_dll
\Windows\system\WCnAGlh.exe	cobalt_reflective_dll
C:\Windows\system\ptNTANM.exe	cobalt_reflective_dll
\Windows\system\ioWQwpA.exe	cobalt_reflective_dll
C:\Windows\system\AizltLv.exe	cobalt_reflective_dll
\Windows\system\xnLhVxY.exe	cobalt_reflective_dll
\Windows\system\dKHYSez.exe	cobalt_reflective_dll
C:\Windows\system\BJGxLsz.exe	cobalt_reflective_dll
C:\Windows\system\SpTWAdX.exe	cobalt_reflective_dll
\Windows\system\UqaMiKo.exe	cobalt_reflective_dll
C:\Windows\system\Dmtrtwb.exe	cobalt_reflective_dll
C:\Windows\system\wDPvuMj.exe	cobalt_reflective_dll
\Windows\system\DWjJZrT.exe	cobalt_reflective_dll
C:\Windows\system\JLSpFYk.exe	cobalt_reflective_dll
\Windows\system\DGlhKif.exe	cobalt_reflective_dll
C:\Windows\system\AAHPCfI.exe	cobalt_reflective_dll
C:\Windows\system\ohMWpNs.exe	cobalt_reflective_dll
C:\Windows\system\NQjbvqP.exe	cobalt_reflective_dll
\Windows\system\ExABlwK.exe	cobalt_reflective_dll
C:\Windows\system\xfZbKNJ.exe	cobalt_reflective_dll
C:\Windows\system\UcwhOHS.exe	cobalt_reflective_dll
C:\Windows\system\FrkqhnH.exe	cobalt_reflective_dll
\Windows\system\nyleGEI.exe	cobalt_reflective_dll
C:\Windows\system\LQZmwrY.exe	cobalt_reflective_dll
C:\Windows\system\HFXhRva.exe	cobalt_reflective_dll
C:\Windows\system\gZaqYWA.exe	cobalt_reflective_dll
C:\Windows\system\wiGAHye.exe	cobalt_reflective_dll
C:\Windows\system\nOWNKmz.exe	cobalt_reflective_dll
C:\Windows\system\DSYSoxS.exe	cobalt_reflective_dll
C:\Windows\system\OhxGyAj.exe	cobalt_reflective_dll
C:\Windows\system\agLDLQn.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1928-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
\Windows\system\qIVlcKe.exe	xmrig
\Windows\system\ofUwMAE.exe	xmrig
\Windows\system\WCnAGlh.exe	xmrig
C:\Windows\system\ptNTANM.exe	xmrig
behavioral1/memory/2744-48-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
\Windows\system\ioWQwpA.exe	xmrig
behavioral1/memory/1800-55-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/1040-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
C:\Windows\system\AizltLv.exe	xmrig
behavioral1/memory/2064-53-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2564-66-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
\Windows\system\xnLhVxY.exe	xmrig
behavioral1/memory/2664-64-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1928-27-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
\Windows\system\dKHYSez.exe	xmrig
behavioral1/memory/2740-62-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2700-59-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2196-49-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1928-44-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
C:\Windows\system\BJGxLsz.exe	xmrig
C:\Windows\system\SpTWAdX.exe	xmrig
behavioral1/memory/1928-40-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1040-23-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2904-14-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1928-6-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2744-72-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1928-73-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2700-74-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
\Windows\system\UqaMiKo.exe	xmrig
C:\Windows\system\Dmtrtwb.exe	xmrig
C:\Windows\system\wDPvuMj.exe	xmrig
behavioral1/memory/1720-126-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
\Windows\system\DWjJZrT.exe	xmrig
C:\Windows\system\JLSpFYk.exe	xmrig
behavioral1/memory/2740-78-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
\Windows\system\DGlhKif.exe	xmrig
C:\Windows\system\AAHPCfI.exe	xmrig
C:\Windows\system\ohMWpNs.exe	xmrig
C:\Windows\system\NQjbvqP.exe	xmrig
\Windows\system\ExABlwK.exe	xmrig
behavioral1/memory/2564-103-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
C:\Windows\system\xfZbKNJ.exe	xmrig
C:\Windows\system\UcwhOHS.exe	xmrig
behavioral1/memory/2664-84-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2016-120-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
C:\Windows\system\FrkqhnH.exe	xmrig
behavioral1/memory/536-108-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1928-146-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
\Windows\system\nyleGEI.exe	xmrig
C:\Windows\system\LQZmwrY.exe	xmrig
C:\Windows\system\HFXhRva.exe	xmrig
C:\Windows\system\gZaqYWA.exe	xmrig
C:\Windows\system\wiGAHye.exe	xmrig
C:\Windows\system\nOWNKmz.exe	xmrig
C:\Windows\system\DSYSoxS.exe	xmrig
C:\Windows\system\OhxGyAj.exe	xmrig
C:\Windows\system\agLDLQn.exe	xmrig
behavioral1/memory/1800-2893-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2064-2895-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/1040-2897-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2744-2900-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2564-2899-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2700-2898-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

qIVlcKe.exeofUwMAE.exeWCnAGlh.exeSpTWAdX.exeBJGxLsz.exeptNTANM.exeioWQwpA.exedKHYSez.exexnLhVxY.exeAizltLv.exeUcwhOHS.exeDmtrtwb.exexfZbKNJ.exewDPvuMj.exeFrkqhnH.exeUqaMiKo.exeJLSpFYk.exeDWjJZrT.exeNQjbvqP.exeohMWpNs.exeDGlhKif.exeAAHPCfI.exeExABlwK.exenyleGEI.exeHFXhRva.exeLQZmwrY.exeagLDLQn.exegZaqYWA.exeOhxGyAj.exewiGAHye.exenOWNKmz.exeDSYSoxS.exeTHoJyHa.exetfyAaee.exewAyOvpv.exeTcNXqiA.exeecsxIWV.exeJClWXgJ.exexemIilC.exeKZXrgeB.exeqCDZTWX.exeDVYaGQz.exetmlEqJb.exegwPcSRP.exebKhWMrG.exePuwaEPP.exeMiHzZOv.exeVeUbhCg.exelwwtdDP.exebQYamfA.exeFqtVaEc.exePfzUtBc.exeGjDEyIY.exeDfGNPrz.exexqfprno.exeojGgUtr.exeDAPexqV.exeITfBISW.exejJMyIkz.exeEqoBQdD.exeVwchkPE.exeBsRlAEK.exeOUOdeai.exewfClZhc.exe

pid	process
1800	qIVlcKe.exe
2904	ofUwMAE.exe
1040	WCnAGlh.exe
2064	SpTWAdX.exe
2744	BJGxLsz.exe
2196	ptNTANM.exe
2700	ioWQwpA.exe
2740	dKHYSez.exe
2664	xnLhVxY.exe
2564	AizltLv.exe
536	UcwhOHS.exe
1720	Dmtrtwb.exe
2016	xfZbKNJ.exe
388	wDPvuMj.exe
864	FrkqhnH.exe
1528	UqaMiKo.exe
2024	JLSpFYk.exe
1408	DWjJZrT.exe
1968	NQjbvqP.exe
2312	ohMWpNs.exe
1492	DGlhKif.exe
2524	AAHPCfI.exe
896	ExABlwK.exe
2376	nyleGEI.exe
1316	HFXhRva.exe
408	LQZmwrY.exe
1944	agLDLQn.exe
2060	gZaqYWA.exe
756	OhxGyAj.exe
1736	wiGAHye.exe
2836	nOWNKmz.exe
836	DSYSoxS.exe
2808	THoJyHa.exe
776	tfyAaee.exe
1820	wAyOvpv.exe
2116	TcNXqiA.exe
780	ecsxIWV.exe
3040	JClWXgJ.exe
3016	xemIilC.exe
2056	KZXrgeB.exe
3044	qCDZTWX.exe
2228	DVYaGQz.exe
980	tmlEqJb.exe
2072	gwPcSRP.exe
992	bKhWMrG.exe
1144	PuwaEPP.exe
304	MiHzZOv.exe
2908	VeUbhCg.exe
1600	lwwtdDP.exe
1992	bQYamfA.exe
1532	FqtVaEc.exe
2720	PfzUtBc.exe
2732	GjDEyIY.exe
2804	DfGNPrz.exe
2728	xqfprno.exe
2672	ojGgUtr.exe
2996	DAPexqV.exe
2688	ITfBISW.exe
2708	jJMyIkz.exe
2600	EqoBQdD.exe
2200	VwchkPE.exe
2100	BsRlAEK.exe
2388	OUOdeai.exe
2536	wfClZhc.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1928-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
\Windows\system\qIVlcKe.exe	upx
\Windows\system\ofUwMAE.exe	upx
\Windows\system\WCnAGlh.exe	upx
C:\Windows\system\ptNTANM.exe	upx
behavioral1/memory/2744-48-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
\Windows\system\ioWQwpA.exe	upx
behavioral1/memory/1800-55-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/1040-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
C:\Windows\system\AizltLv.exe	upx
behavioral1/memory/2064-53-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2564-66-0x000000013F030000-0x000000013F384000-memory.dmp	upx
\Windows\system\xnLhVxY.exe	upx
behavioral1/memory/2664-64-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
\Windows\system\dKHYSez.exe	upx
behavioral1/memory/2740-62-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2700-59-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2196-49-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
C:\Windows\system\BJGxLsz.exe	upx
C:\Windows\system\SpTWAdX.exe	upx
behavioral1/memory/1928-40-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/1040-23-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2904-14-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1928-6-0x0000000002430000-0x0000000002784000-memory.dmp	upx
behavioral1/memory/2744-72-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2700-74-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
\Windows\system\UqaMiKo.exe	upx
C:\Windows\system\Dmtrtwb.exe	upx
C:\Windows\system\wDPvuMj.exe	upx
behavioral1/memory/1720-126-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
\Windows\system\DWjJZrT.exe	upx
C:\Windows\system\JLSpFYk.exe	upx
behavioral1/memory/2740-78-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
\Windows\system\DGlhKif.exe	upx
C:\Windows\system\AAHPCfI.exe	upx
C:\Windows\system\ohMWpNs.exe	upx
C:\Windows\system\NQjbvqP.exe	upx
\Windows\system\ExABlwK.exe	upx
behavioral1/memory/2564-103-0x000000013F030000-0x000000013F384000-memory.dmp	upx
C:\Windows\system\xfZbKNJ.exe	upx
C:\Windows\system\UcwhOHS.exe	upx
behavioral1/memory/2664-84-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2016-120-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
C:\Windows\system\FrkqhnH.exe	upx
behavioral1/memory/536-108-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/1928-146-0x0000000002430000-0x0000000002784000-memory.dmp	upx
\Windows\system\nyleGEI.exe	upx
C:\Windows\system\LQZmwrY.exe	upx
C:\Windows\system\HFXhRva.exe	upx
C:\Windows\system\gZaqYWA.exe	upx
C:\Windows\system\wiGAHye.exe	upx
C:\Windows\system\nOWNKmz.exe	upx
C:\Windows\system\DSYSoxS.exe	upx
C:\Windows\system\OhxGyAj.exe	upx
C:\Windows\system\agLDLQn.exe	upx
behavioral1/memory/1800-2893-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2064-2895-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/1040-2897-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2744-2900-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2564-2899-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2700-2898-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2740-2908-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2664-2956-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/536-3249-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\koZhxRG.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVwyiPZ.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqEPDZE.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWYxyTg.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICqFGFN.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NxWoWAL.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpESzKe.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZoSFms.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCfDzqn.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABCmEQx.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kISaxTP.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iERaRja.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mazopOg.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKeQBFU.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhyKHCh.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qklVjib.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdaOeOD.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cydLuvJ.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKbczju.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpMSXuB.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKvhYFY.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BliGfGH.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJjOHep.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSLxoVc.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksVuacl.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovZmYYp.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGiPPCI.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFrKKLT.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrhkawe.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kThTsfy.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXGTGOa.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eukIjlx.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvaWcGg.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjHNHCt.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hArBPVt.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UyuiKPO.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBqaKKd.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXHnndd.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CacDriL.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmZLVlk.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCnbgkk.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJnvDqp.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSUocNp.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhSCNfA.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlxnhns.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osDbVyU.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLGvaOg.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYMzfZT.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQUMUDJ.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqoBQdD.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAGdsjn.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsxgCUn.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjFORaD.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqkMRsA.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtMgtWy.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTwoeBB.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LadefjN.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYTHFLO.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EathMsg.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRJVEtJ.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwmpuZU.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQZmwrY.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LptmLRP.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\libTxXe.exe	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1928 wrote to memory of 1800	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	qIVlcKe.exe
PID 1928 wrote to memory of 1800	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	qIVlcKe.exe
PID 1928 wrote to memory of 1800	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	qIVlcKe.exe
PID 1928 wrote to memory of 2904	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ofUwMAE.exe
PID 1928 wrote to memory of 2904	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ofUwMAE.exe
PID 1928 wrote to memory of 2904	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ofUwMAE.exe
PID 1928 wrote to memory of 1040	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	WCnAGlh.exe
PID 1928 wrote to memory of 1040	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	WCnAGlh.exe
PID 1928 wrote to memory of 1040	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	WCnAGlh.exe
PID 1928 wrote to memory of 2064	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	SpTWAdX.exe
PID 1928 wrote to memory of 2064	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	SpTWAdX.exe
PID 1928 wrote to memory of 2064	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	SpTWAdX.exe
PID 1928 wrote to memory of 2740	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	dKHYSez.exe
PID 1928 wrote to memory of 2740	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	dKHYSez.exe
PID 1928 wrote to memory of 2740	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	dKHYSez.exe
PID 1928 wrote to memory of 2744	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	BJGxLsz.exe
PID 1928 wrote to memory of 2744	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	BJGxLsz.exe
PID 1928 wrote to memory of 2744	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	BJGxLsz.exe
PID 1928 wrote to memory of 2664	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	xnLhVxY.exe
PID 1928 wrote to memory of 2664	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	xnLhVxY.exe
PID 1928 wrote to memory of 2664	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	xnLhVxY.exe
PID 1928 wrote to memory of 2196	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ptNTANM.exe
PID 1928 wrote to memory of 2196	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ptNTANM.exe
PID 1928 wrote to memory of 2196	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ptNTANM.exe
PID 1928 wrote to memory of 2564	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	AizltLv.exe
PID 1928 wrote to memory of 2564	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	AizltLv.exe
PID 1928 wrote to memory of 2564	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	AizltLv.exe
PID 1928 wrote to memory of 2700	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ioWQwpA.exe
PID 1928 wrote to memory of 2700	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ioWQwpA.exe
PID 1928 wrote to memory of 2700	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ioWQwpA.exe
PID 1928 wrote to memory of 1528	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	UqaMiKo.exe
PID 1928 wrote to memory of 1528	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	UqaMiKo.exe
PID 1928 wrote to memory of 1528	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	UqaMiKo.exe
PID 1928 wrote to memory of 536	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	UcwhOHS.exe
PID 1928 wrote to memory of 536	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	UcwhOHS.exe
PID 1928 wrote to memory of 536	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	UcwhOHS.exe
PID 1928 wrote to memory of 2024	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	JLSpFYk.exe
PID 1928 wrote to memory of 2024	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	JLSpFYk.exe
PID 1928 wrote to memory of 2024	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	JLSpFYk.exe
PID 1928 wrote to memory of 1720	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	Dmtrtwb.exe
PID 1928 wrote to memory of 1720	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	Dmtrtwb.exe
PID 1928 wrote to memory of 1720	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	Dmtrtwb.exe
PID 1928 wrote to memory of 1968	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	NQjbvqP.exe
PID 1928 wrote to memory of 1968	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	NQjbvqP.exe
PID 1928 wrote to memory of 1968	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	NQjbvqP.exe
PID 1928 wrote to memory of 2016	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	xfZbKNJ.exe
PID 1928 wrote to memory of 2016	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	xfZbKNJ.exe
PID 1928 wrote to memory of 2016	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	xfZbKNJ.exe
PID 1928 wrote to memory of 2312	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ohMWpNs.exe
PID 1928 wrote to memory of 2312	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ohMWpNs.exe
PID 1928 wrote to memory of 2312	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	ohMWpNs.exe
PID 1928 wrote to memory of 388	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	wDPvuMj.exe
PID 1928 wrote to memory of 388	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	wDPvuMj.exe
PID 1928 wrote to memory of 388	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	wDPvuMj.exe
PID 1928 wrote to memory of 1492	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	DGlhKif.exe
PID 1928 wrote to memory of 1492	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	DGlhKif.exe
PID 1928 wrote to memory of 1492	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	DGlhKif.exe
PID 1928 wrote to memory of 864	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	FrkqhnH.exe
PID 1928 wrote to memory of 864	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	FrkqhnH.exe
PID 1928 wrote to memory of 864	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	FrkqhnH.exe
PID 1928 wrote to memory of 2524	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	AAHPCfI.exe
PID 1928 wrote to memory of 2524	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	AAHPCfI.exe
PID 1928 wrote to memory of 2524	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	AAHPCfI.exe
PID 1928 wrote to memory of 1408	1928	2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe	DWjJZrT.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_e63f228aa856beaabe93e642733a4506_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\System\qIVlcKe.exe
  C:\Windows\System\qIVlcKe.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\ofUwMAE.exe
  C:\Windows\System\ofUwMAE.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\WCnAGlh.exe
  C:\Windows\System\WCnAGlh.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\SpTWAdX.exe
  C:\Windows\System\SpTWAdX.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\dKHYSez.exe
  C:\Windows\System\dKHYSez.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\BJGxLsz.exe
  C:\Windows\System\BJGxLsz.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\xnLhVxY.exe
  C:\Windows\System\xnLhVxY.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ptNTANM.exe
  C:\Windows\System\ptNTANM.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\AizltLv.exe
  C:\Windows\System\AizltLv.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ioWQwpA.exe
  C:\Windows\System\ioWQwpA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\UqaMiKo.exe
  C:\Windows\System\UqaMiKo.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\UcwhOHS.exe
  C:\Windows\System\UcwhOHS.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\JLSpFYk.exe
  C:\Windows\System\JLSpFYk.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\Dmtrtwb.exe
  C:\Windows\System\Dmtrtwb.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\NQjbvqP.exe
  C:\Windows\System\NQjbvqP.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\xfZbKNJ.exe
  C:\Windows\System\xfZbKNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ohMWpNs.exe
  C:\Windows\System\ohMWpNs.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\wDPvuMj.exe
  C:\Windows\System\wDPvuMj.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\DGlhKif.exe
  C:\Windows\System\DGlhKif.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\FrkqhnH.exe
  C:\Windows\System\FrkqhnH.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\AAHPCfI.exe
  C:\Windows\System\AAHPCfI.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\DWjJZrT.exe
  C:\Windows\System\DWjJZrT.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\ExABlwK.exe
  C:\Windows\System\ExABlwK.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\nyleGEI.exe
  C:\Windows\System\nyleGEI.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\LQZmwrY.exe
  C:\Windows\System\LQZmwrY.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\HFXhRva.exe
  C:\Windows\System\HFXhRva.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\agLDLQn.exe
  C:\Windows\System\agLDLQn.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\gZaqYWA.exe
  C:\Windows\System\gZaqYWA.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\OhxGyAj.exe
  C:\Windows\System\OhxGyAj.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\wiGAHye.exe
  C:\Windows\System\wiGAHye.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\nOWNKmz.exe
  C:\Windows\System\nOWNKmz.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\DSYSoxS.exe
  C:\Windows\System\DSYSoxS.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\THoJyHa.exe
  C:\Windows\System\THoJyHa.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\tfyAaee.exe
  C:\Windows\System\tfyAaee.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\wAyOvpv.exe
  C:\Windows\System\wAyOvpv.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\TcNXqiA.exe
  C:\Windows\System\TcNXqiA.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\ecsxIWV.exe
  C:\Windows\System\ecsxIWV.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\JClWXgJ.exe
  C:\Windows\System\JClWXgJ.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\xemIilC.exe
  C:\Windows\System\xemIilC.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\KZXrgeB.exe
  C:\Windows\System\KZXrgeB.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\qCDZTWX.exe
  C:\Windows\System\qCDZTWX.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\DVYaGQz.exe
  C:\Windows\System\DVYaGQz.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\tmlEqJb.exe
  C:\Windows\System\tmlEqJb.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\gwPcSRP.exe
  C:\Windows\System\gwPcSRP.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\bKhWMrG.exe
  C:\Windows\System\bKhWMrG.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\PuwaEPP.exe
  C:\Windows\System\PuwaEPP.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\MiHzZOv.exe
  C:\Windows\System\MiHzZOv.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\VeUbhCg.exe
  C:\Windows\System\VeUbhCg.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\lwwtdDP.exe
  C:\Windows\System\lwwtdDP.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\bQYamfA.exe
  C:\Windows\System\bQYamfA.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\FqtVaEc.exe
  C:\Windows\System\FqtVaEc.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\PfzUtBc.exe
  C:\Windows\System\PfzUtBc.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\GjDEyIY.exe
  C:\Windows\System\GjDEyIY.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\DfGNPrz.exe
  C:\Windows\System\DfGNPrz.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\xqfprno.exe
  C:\Windows\System\xqfprno.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\ojGgUtr.exe
  C:\Windows\System\ojGgUtr.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\DAPexqV.exe
  C:\Windows\System\DAPexqV.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ITfBISW.exe
  C:\Windows\System\ITfBISW.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\jJMyIkz.exe
  C:\Windows\System\jJMyIkz.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\EqoBQdD.exe
  C:\Windows\System\EqoBQdD.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\VwchkPE.exe
  C:\Windows\System\VwchkPE.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\BsRlAEK.exe
  C:\Windows\System\BsRlAEK.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\OUOdeai.exe
  C:\Windows\System\OUOdeai.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\wfClZhc.exe
  C:\Windows\System\wfClZhc.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\JHGdUKV.exe
  C:\Windows\System\JHGdUKV.exe
  2⤵
  PID:2764
- C:\Windows\System\HsrWqzi.exe
  C:\Windows\System\HsrWqzi.exe
  2⤵
  PID:1716
- C:\Windows\System\HwRfeDS.exe
  C:\Windows\System\HwRfeDS.exe
  2⤵
  PID:860
- C:\Windows\System\hoBFfsJ.exe
  C:\Windows\System\hoBFfsJ.exe
  2⤵
  PID:1856
- C:\Windows\System\aVPufmk.exe
  C:\Windows\System\aVPufmk.exe
  2⤵
  PID:1764
- C:\Windows\System\GoNXbFK.exe
  C:\Windows\System\GoNXbFK.exe
  2⤵
  PID:2512
- C:\Windows\System\txkdqdr.exe
  C:\Windows\System\txkdqdr.exe
  2⤵
  PID:1336
- C:\Windows\System\gNStrTB.exe
  C:\Windows\System\gNStrTB.exe
  2⤵
  PID:2596
- C:\Windows\System\aMxKubT.exe
  C:\Windows\System\aMxKubT.exe
  2⤵
  PID:2632
- C:\Windows\System\ARuGPNF.exe
  C:\Windows\System\ARuGPNF.exe
  2⤵
  PID:1392
- C:\Windows\System\FCfDzqn.exe
  C:\Windows\System\FCfDzqn.exe
  2⤵
  PID:544
- C:\Windows\System\FsXipUH.exe
  C:\Windows\System\FsXipUH.exe
  2⤵
  PID:1668
- C:\Windows\System\ZvcntRz.exe
  C:\Windows\System\ZvcntRz.exe
  2⤵
  PID:2288
- C:\Windows\System\psBigFB.exe
  C:\Windows\System\psBigFB.exe
  2⤵
  PID:284
- C:\Windows\System\ObyWRpE.exe
  C:\Windows\System\ObyWRpE.exe
  2⤵
  PID:852
- C:\Windows\System\VnDkvrb.exe
  C:\Windows\System\VnDkvrb.exe
  2⤵
  PID:2000
- C:\Windows\System\BKnnyQM.exe
  C:\Windows\System\BKnnyQM.exe
  2⤵
  PID:2624
- C:\Windows\System\czEDbGx.exe
  C:\Windows\System\czEDbGx.exe
  2⤵
  PID:1188
- C:\Windows\System\TlNTjdh.exe
  C:\Windows\System\TlNTjdh.exe
  2⤵
  PID:2636
- C:\Windows\System\cpiYfiz.exe
  C:\Windows\System\cpiYfiz.exe
  2⤵
  PID:1300
- C:\Windows\System\EsPiBsY.exe
  C:\Windows\System\EsPiBsY.exe
  2⤵
  PID:1620
- C:\Windows\System\GiVsWfi.exe
  C:\Windows\System\GiVsWfi.exe
  2⤵
  PID:1616
- C:\Windows\System\QtIPXkT.exe
  C:\Windows\System\QtIPXkT.exe
  2⤵
  PID:1032
- C:\Windows\System\upTCnlp.exe
  C:\Windows\System\upTCnlp.exe
  2⤵
  PID:2944
- C:\Windows\System\TBqaKKd.exe
  C:\Windows\System\TBqaKKd.exe
  2⤵
  PID:1772
- C:\Windows\System\sihJUas.exe
  C:\Windows\System\sihJUas.exe
  2⤵
  PID:1588
- C:\Windows\System\FodCsMv.exe
  C:\Windows\System\FodCsMv.exe
  2⤵
  PID:2328
- C:\Windows\System\ZUoxgvP.exe
  C:\Windows\System\ZUoxgvP.exe
  2⤵
  PID:2308
- C:\Windows\System\mOMyGjt.exe
  C:\Windows\System\mOMyGjt.exe
  2⤵
  PID:2408
- C:\Windows\System\WqZFwmV.exe
  C:\Windows\System\WqZFwmV.exe
  2⤵
  PID:2452
- C:\Windows\System\qDEilLJ.exe
  C:\Windows\System\qDEilLJ.exe
  2⤵
  PID:2192
- C:\Windows\System\DwmQEBv.exe
  C:\Windows\System\DwmQEBv.exe
  2⤵
  PID:1096
- C:\Windows\System\rDsdKmR.exe
  C:\Windows\System\rDsdKmR.exe
  2⤵
  PID:2964
- C:\Windows\System\nHBMIxV.exe
  C:\Windows\System\nHBMIxV.exe
  2⤵
  PID:1712
- C:\Windows\System\hhfuTHs.exe
  C:\Windows\System\hhfuTHs.exe
  2⤵
  PID:2216
- C:\Windows\System\ABCmEQx.exe
  C:\Windows\System\ABCmEQx.exe
  2⤵
  PID:2920
- C:\Windows\System\ETZnTDp.exe
  C:\Windows\System\ETZnTDp.exe
  2⤵
  PID:2896
- C:\Windows\System\EHbBisL.exe
  C:\Windows\System\EHbBisL.exe
  2⤵
  PID:2612
- C:\Windows\System\azLaYmz.exe
  C:\Windows\System\azLaYmz.exe
  2⤵
  PID:2828
- C:\Windows\System\wFrKKLT.exe
  C:\Windows\System\wFrKKLT.exe
  2⤵
  PID:2668
- C:\Windows\System\cAZAFvU.exe
  C:\Windows\System\cAZAFvU.exe
  2⤵
  PID:2676
- C:\Windows\System\nXZHsZL.exe
  C:\Windows\System\nXZHsZL.exe
  2⤵
  PID:2816
- C:\Windows\System\PDvfRoV.exe
  C:\Windows\System\PDvfRoV.exe
  2⤵
  PID:1028
- C:\Windows\System\moLYSbG.exe
  C:\Windows\System\moLYSbG.exe
  2⤵
  PID:1400
- C:\Windows\System\mEDiJwa.exe
  C:\Windows\System\mEDiJwa.exe
  2⤵
  PID:752
- C:\Windows\System\GXozIlj.exe
  C:\Windows\System\GXozIlj.exe
  2⤵
  PID:984
- C:\Windows\System\rnxXTvQ.exe
  C:\Windows\System\rnxXTvQ.exe
  2⤵
  PID:1964
- C:\Windows\System\CrkDwyR.exe
  C:\Windows\System\CrkDwyR.exe
  2⤵
  PID:2848
- C:\Windows\System\YuNyxEL.exe
  C:\Windows\System\YuNyxEL.exe
  2⤵
  PID:1052
- C:\Windows\System\GWFnzlO.exe
  C:\Windows\System\GWFnzlO.exe
  2⤵
  PID:2840
- C:\Windows\System\XrkMfLX.exe
  C:\Windows\System\XrkMfLX.exe
  2⤵
  PID:1488
- C:\Windows\System\ZXFqavw.exe
  C:\Windows\System\ZXFqavw.exe
  2⤵
  PID:2440
- C:\Windows\System\sgUWbfW.exe
  C:\Windows\System\sgUWbfW.exe
  2⤵
  PID:944
- C:\Windows\System\ItDpeCy.exe
  C:\Windows\System\ItDpeCy.exe
  2⤵
  PID:2800
- C:\Windows\System\UOniPku.exe
  C:\Windows\System\UOniPku.exe
  2⤵
  PID:1536
- C:\Windows\System\jZAYNKI.exe
  C:\Windows\System\jZAYNKI.exe
  2⤵
  PID:916
- C:\Windows\System\bFpMdPw.exe
  C:\Windows\System\bFpMdPw.exe
  2⤵
  PID:2712
- C:\Windows\System\GUKZmzP.exe
  C:\Windows\System\GUKZmzP.exe
  2⤵
  PID:1572
- C:\Windows\System\vJYkLWi.exe
  C:\Windows\System\vJYkLWi.exe
  2⤵
  PID:2516
- C:\Windows\System\ZRaLhqY.exe
  C:\Windows\System\ZRaLhqY.exe
  2⤵
  PID:3032
- C:\Windows\System\owjmgLP.exe
  C:\Windows\System\owjmgLP.exe
  2⤵
  PID:1496
- C:\Windows\System\vgNhyhv.exe
  C:\Windows\System\vgNhyhv.exe
  2⤵
  PID:2960
- C:\Windows\System\HjHmElk.exe
  C:\Windows\System\HjHmElk.exe
  2⤵
  PID:1612
- C:\Windows\System\JRSWPGj.exe
  C:\Windows\System\JRSWPGj.exe
  2⤵
  PID:2952
- C:\Windows\System\bVYNbIQ.exe
  C:\Windows\System\bVYNbIQ.exe
  2⤵
  PID:2140
- C:\Windows\System\LHWOIqK.exe
  C:\Windows\System\LHWOIqK.exe
  2⤵
  PID:1304
- C:\Windows\System\iEZpnJE.exe
  C:\Windows\System\iEZpnJE.exe
  2⤵
  PID:2776
- C:\Windows\System\BTdExRe.exe
  C:\Windows\System\BTdExRe.exe
  2⤵
  PID:616
- C:\Windows\System\xuiwoNz.exe
  C:\Windows\System\xuiwoNz.exe
  2⤵
  PID:2756
- C:\Windows\System\TeGqlxT.exe
  C:\Windows\System\TeGqlxT.exe
  2⤵
  PID:1108
- C:\Windows\System\OhyiNXe.exe
  C:\Windows\System\OhyiNXe.exe
  2⤵
  PID:2880
- C:\Windows\System\xIXNSUE.exe
  C:\Windows\System\xIXNSUE.exe
  2⤵
  PID:1828
- C:\Windows\System\nKUANFm.exe
  C:\Windows\System\nKUANFm.exe
  2⤵
  PID:1252
- C:\Windows\System\NsJCDoY.exe
  C:\Windows\System\NsJCDoY.exe
  2⤵
  PID:584
- C:\Windows\System\kcnaoKg.exe
  C:\Windows\System\kcnaoKg.exe
  2⤵
  PID:316
- C:\Windows\System\vMrQKCk.exe
  C:\Windows\System\vMrQKCk.exe
  2⤵
  PID:2096
- C:\Windows\System\vfSRWxb.exe
  C:\Windows\System\vfSRWxb.exe
  2⤵
  PID:1956
- C:\Windows\System\ExVapDV.exe
  C:\Windows\System\ExVapDV.exe
  2⤵
  PID:1380
- C:\Windows\System\vmzieFp.exe
  C:\Windows\System\vmzieFp.exe
  2⤵
  PID:2256
- C:\Windows\System\AlJIEEm.exe
  C:\Windows\System\AlJIEEm.exe
  2⤵
  PID:688
- C:\Windows\System\GCXQZwo.exe
  C:\Windows\System\GCXQZwo.exe
  2⤵
  PID:2244
- C:\Windows\System\dgzpwrI.exe
  C:\Windows\System\dgzpwrI.exe
  2⤵
  PID:2212
- C:\Windows\System\BhZAYsp.exe
  C:\Windows\System\BhZAYsp.exe
  2⤵
  PID:2336
- C:\Windows\System\AkmiDYu.exe
  C:\Windows\System\AkmiDYu.exe
  2⤵
  PID:2752
- C:\Windows\System\DaKkoSw.exe
  C:\Windows\System\DaKkoSw.exe
  2⤵
  PID:1500
- C:\Windows\System\lXkpARo.exe
  C:\Windows\System\lXkpARo.exe
  2⤵
  PID:552
- C:\Windows\System\LptmLRP.exe
  C:\Windows\System\LptmLRP.exe
  2⤵
  PID:2892
- C:\Windows\System\QmpkhpK.exe
  C:\Windows\System\QmpkhpK.exe
  2⤵
  PID:2320
- C:\Windows\System\YSoiqcu.exe
  C:\Windows\System\YSoiqcu.exe
  2⤵
  PID:1804
- C:\Windows\System\eMqwQRX.exe
  C:\Windows\System\eMqwQRX.exe
  2⤵
  PID:2940
- C:\Windows\System\NBTnpcE.exe
  C:\Windows\System\NBTnpcE.exe
  2⤵
  PID:1952
- C:\Windows\System\KDHSXwx.exe
  C:\Windows\System\KDHSXwx.exe
  2⤵
  PID:636
- C:\Windows\System\oerByWp.exe
  C:\Windows\System\oerByWp.exe
  2⤵
  PID:1940
- C:\Windows\System\keBjjwU.exe
  C:\Windows\System\keBjjwU.exe
  2⤵
  PID:1752
- C:\Windows\System\VTrTahn.exe
  C:\Windows\System\VTrTahn.exe
  2⤵
  PID:2084
- C:\Windows\System\lTggfIs.exe
  C:\Windows\System\lTggfIs.exe
  2⤵
  PID:2552
- C:\Windows\System\IbEeQrr.exe
  C:\Windows\System\IbEeQrr.exe
  2⤵
  PID:268
- C:\Windows\System\TgstPUl.exe
  C:\Windows\System\TgstPUl.exe
  2⤵
  PID:1932
- C:\Windows\System\LQPQYFv.exe
  C:\Windows\System\LQPQYFv.exe
  2⤵
  PID:772
- C:\Windows\System\CdEGJAG.exe
  C:\Windows\System\CdEGJAG.exe
  2⤵
  PID:2852
- C:\Windows\System\hteEKgu.exe
  C:\Windows\System\hteEKgu.exe
  2⤵
  PID:1812
- C:\Windows\System\HbPszyA.exe
  C:\Windows\System\HbPszyA.exe
  2⤵
  PID:1520
- C:\Windows\System\eYCdcpv.exe
  C:\Windows\System\eYCdcpv.exe
  2⤵
  PID:1864
- C:\Windows\System\EiLjZxx.exe
  C:\Windows\System\EiLjZxx.exe
  2⤵
  PID:3092
- C:\Windows\System\BehEJuY.exe
  C:\Windows\System\BehEJuY.exe
  2⤵
  PID:3108
- C:\Windows\System\YDmatak.exe
  C:\Windows\System\YDmatak.exe
  2⤵
  PID:3128
- C:\Windows\System\ztZJQZp.exe
  C:\Windows\System\ztZJQZp.exe
  2⤵
  PID:3144
- C:\Windows\System\IwbYomc.exe
  C:\Windows\System\IwbYomc.exe
  2⤵
  PID:3164
- C:\Windows\System\bANcGsX.exe
  C:\Windows\System\bANcGsX.exe
  2⤵
  PID:3180
- C:\Windows\System\doVJiwx.exe
  C:\Windows\System\doVJiwx.exe
  2⤵
  PID:3196
- C:\Windows\System\jnxfzuw.exe
  C:\Windows\System\jnxfzuw.exe
  2⤵
  PID:3212
- C:\Windows\System\aeAeMtX.exe
  C:\Windows\System\aeAeMtX.exe
  2⤵
  PID:3232
- C:\Windows\System\XMYYPvO.exe
  C:\Windows\System\XMYYPvO.exe
  2⤵
  PID:3248
- C:\Windows\System\GygKdyt.exe
  C:\Windows\System\GygKdyt.exe
  2⤵
  PID:3272
- C:\Windows\System\BDfTFOP.exe
  C:\Windows\System\BDfTFOP.exe
  2⤵
  PID:3288
- C:\Windows\System\eUDJVnT.exe
  C:\Windows\System\eUDJVnT.exe
  2⤵
  PID:3304
- C:\Windows\System\kKMnQHR.exe
  C:\Windows\System\kKMnQHR.exe
  2⤵
  PID:3348
- C:\Windows\System\Vjgmwvg.exe
  C:\Windows\System\Vjgmwvg.exe
  2⤵
  PID:3364
- C:\Windows\System\QaNXkqA.exe
  C:\Windows\System\QaNXkqA.exe
  2⤵
  PID:3388
- C:\Windows\System\MQFUvnT.exe
  C:\Windows\System\MQFUvnT.exe
  2⤵
  PID:3424
- C:\Windows\System\oeDWWRu.exe
  C:\Windows\System\oeDWWRu.exe
  2⤵
  PID:3440
- C:\Windows\System\Rrlfzkg.exe
  C:\Windows\System\Rrlfzkg.exe
  2⤵
  PID:3460
- C:\Windows\System\IzrQSYS.exe
  C:\Windows\System\IzrQSYS.exe
  2⤵
  PID:3492
- C:\Windows\System\FbqKFRw.exe
  C:\Windows\System\FbqKFRw.exe
  2⤵
  PID:3508
- C:\Windows\System\ivVSsdX.exe
  C:\Windows\System\ivVSsdX.exe
  2⤵
  PID:3528
- C:\Windows\System\hIxpefb.exe
  C:\Windows\System\hIxpefb.exe
  2⤵
  PID:3548
- C:\Windows\System\hBNTEmx.exe
  C:\Windows\System\hBNTEmx.exe
  2⤵
  PID:3564
- C:\Windows\System\oVFdYvL.exe
  C:\Windows\System\oVFdYvL.exe
  2⤵
  PID:3580
- C:\Windows\System\mrTTkvS.exe
  C:\Windows\System\mrTTkvS.exe
  2⤵
  PID:3596
- C:\Windows\System\KbRJjAu.exe
  C:\Windows\System\KbRJjAu.exe
  2⤵
  PID:3616
- C:\Windows\System\YmodPHg.exe
  C:\Windows\System\YmodPHg.exe
  2⤵
  PID:3636
- C:\Windows\System\NBdwkYy.exe
  C:\Windows\System\NBdwkYy.exe
  2⤵
  PID:3664
- C:\Windows\System\XYYLtAe.exe
  C:\Windows\System\XYYLtAe.exe
  2⤵
  PID:3688
- C:\Windows\System\kwAStKQ.exe
  C:\Windows\System\kwAStKQ.exe
  2⤵
  PID:3704
- C:\Windows\System\vipbpLH.exe
  C:\Windows\System\vipbpLH.exe
  2⤵
  PID:3720
- C:\Windows\System\QAmAgSz.exe
  C:\Windows\System\QAmAgSz.exe
  2⤵
  PID:3736
- C:\Windows\System\ZoQiKkk.exe
  C:\Windows\System\ZoQiKkk.exe
  2⤵
  PID:3760
- C:\Windows\System\QkXYCGI.exe
  C:\Windows\System\QkXYCGI.exe
  2⤵
  PID:3796
- C:\Windows\System\hjmLxdm.exe
  C:\Windows\System\hjmLxdm.exe
  2⤵
  PID:3812
- C:\Windows\System\trXPlWb.exe
  C:\Windows\System\trXPlWb.exe
  2⤵
  PID:3828
- C:\Windows\System\zaLALQQ.exe
  C:\Windows\System\zaLALQQ.exe
  2⤵
  PID:3844
- C:\Windows\System\DJDmMPt.exe
  C:\Windows\System\DJDmMPt.exe
  2⤵
  PID:3860
- C:\Windows\System\tMtnJig.exe
  C:\Windows\System\tMtnJig.exe
  2⤵
  PID:3876
- C:\Windows\System\FlPCCJO.exe
  C:\Windows\System\FlPCCJO.exe
  2⤵
  PID:3900
- C:\Windows\System\fGQbLWu.exe
  C:\Windows\System\fGQbLWu.exe
  2⤵
  PID:3920
- C:\Windows\System\FrmqRZX.exe
  C:\Windows\System\FrmqRZX.exe
  2⤵
  PID:3948
- C:\Windows\System\hbrwZDx.exe
  C:\Windows\System\hbrwZDx.exe
  2⤵
  PID:3964
- C:\Windows\System\UGzWBzR.exe
  C:\Windows\System\UGzWBzR.exe
  2⤵
  PID:3980
- C:\Windows\System\wxEgXeC.exe
  C:\Windows\System\wxEgXeC.exe
  2⤵
  PID:3996
- C:\Windows\System\FqgtlkS.exe
  C:\Windows\System\FqgtlkS.exe
  2⤵
  PID:4020
- C:\Windows\System\vkHBqhm.exe
  C:\Windows\System\vkHBqhm.exe
  2⤵
  PID:4048
- C:\Windows\System\LEBoTuN.exe
  C:\Windows\System\LEBoTuN.exe
  2⤵
  PID:4076
- C:\Windows\System\UiPGpXV.exe
  C:\Windows\System\UiPGpXV.exe
  2⤵
  PID:1728
- C:\Windows\System\TAGdsjn.exe
  C:\Windows\System\TAGdsjn.exe
  2⤵
  PID:2496
- C:\Windows\System\UTUbevL.exe
  C:\Windows\System\UTUbevL.exe
  2⤵
  PID:3100
- C:\Windows\System\jGDfvMP.exe
  C:\Windows\System\jGDfvMP.exe
  2⤵
  PID:3172
- C:\Windows\System\hrdDqxp.exe
  C:\Windows\System\hrdDqxp.exe
  2⤵
  PID:3240
- C:\Windows\System\ihyBvfO.exe
  C:\Windows\System\ihyBvfO.exe
  2⤵
  PID:2560
- C:\Windows\System\FPgUqpL.exe
  C:\Windows\System\FPgUqpL.exe
  2⤵
  PID:1140
- C:\Windows\System\RkdGyzT.exe
  C:\Windows\System\RkdGyzT.exe
  2⤵
  PID:3324
- C:\Windows\System\xzyDQZQ.exe
  C:\Windows\System\xzyDQZQ.exe
  2⤵
  PID:3344
- C:\Windows\System\BcNehuK.exe
  C:\Windows\System\BcNehuK.exe
  2⤵
  PID:1844
- C:\Windows\System\wxWaMLn.exe
  C:\Windows\System\wxWaMLn.exe
  2⤵
  PID:3380
- C:\Windows\System\cVPGztl.exe
  C:\Windows\System\cVPGztl.exe
  2⤵
  PID:3080
- C:\Windows\System\PjuftJw.exe
  C:\Windows\System\PjuftJw.exe
  2⤵
  PID:3268
- C:\Windows\System\maXoeeU.exe
  C:\Windows\System\maXoeeU.exe
  2⤵
  PID:3192
- C:\Windows\System\jIZsmaW.exe
  C:\Windows\System\jIZsmaW.exe
  2⤵
  PID:3120
- C:\Windows\System\ydXnsCq.exe
  C:\Windows\System\ydXnsCq.exe
  2⤵
  PID:3384
- C:\Windows\System\TjdJHCE.exe
  C:\Windows\System\TjdJHCE.exe
  2⤵
  PID:3404
- C:\Windows\System\VwGALmT.exe
  C:\Windows\System\VwGALmT.exe
  2⤵
  PID:3420
- C:\Windows\System\ZdpRjGB.exe
  C:\Windows\System\ZdpRjGB.exe
  2⤵
  PID:3488
- C:\Windows\System\qLcZYXx.exe
  C:\Windows\System\qLcZYXx.exe
  2⤵
  PID:3520
- C:\Windows\System\atZdjfQ.exe
  C:\Windows\System\atZdjfQ.exe
  2⤵
  PID:3592
- C:\Windows\System\ocboStf.exe
  C:\Windows\System\ocboStf.exe
  2⤵
  PID:3456
- C:\Windows\System\KrVclKL.exe
  C:\Windows\System\KrVclKL.exe
  2⤵
  PID:3608
- C:\Windows\System\YuqTnQK.exe
  C:\Windows\System\YuqTnQK.exe
  2⤵
  PID:3684
- C:\Windows\System\iaMDsEk.exe
  C:\Windows\System\iaMDsEk.exe
  2⤵
  PID:3748
- C:\Windows\System\hcOQmLW.exe
  C:\Windows\System\hcOQmLW.exe
  2⤵
  PID:3804
- C:\Windows\System\MfVwycY.exe
  C:\Windows\System\MfVwycY.exe
  2⤵
  PID:3912
- C:\Windows\System\IQegzFF.exe
  C:\Windows\System\IQegzFF.exe
  2⤵
  PID:3824
- C:\Windows\System\aDkrFxq.exe
  C:\Windows\System\aDkrFxq.exe
  2⤵
  PID:3888
- C:\Windows\System\LxLDAtW.exe
  C:\Windows\System\LxLDAtW.exe
  2⤵
  PID:3928
- C:\Windows\System\YNIIgKh.exe
  C:\Windows\System\YNIIgKh.exe
  2⤵
  PID:3992
- C:\Windows\System\empRpLq.exe
  C:\Windows\System\empRpLq.exe
  2⤵
  PID:4040
- C:\Windows\System\VqPRmhj.exe
  C:\Windows\System\VqPRmhj.exe
  2⤵
  PID:3728
- C:\Windows\System\vQmvlYf.exe
  C:\Windows\System\vQmvlYf.exe
  2⤵
  PID:3780
- C:\Windows\System\wCezFBj.exe
  C:\Windows\System\wCezFBj.exe
  2⤵
  PID:4012
- C:\Windows\System\HeLpPlW.exe
  C:\Windows\System\HeLpPlW.exe
  2⤵
  PID:2420
- C:\Windows\System\JKCdUog.exe
  C:\Windows\System\JKCdUog.exe
  2⤵
  PID:948
- C:\Windows\System\jnLZAvP.exe
  C:\Windows\System\jnLZAvP.exe
  2⤵
  PID:3340
- C:\Windows\System\KTAdTFJ.exe
  C:\Windows\System\KTAdTFJ.exe
  2⤵
  PID:2028
- C:\Windows\System\lbgbWUw.exe
  C:\Windows\System\lbgbWUw.exe
  2⤵
  PID:3284
- C:\Windows\System\BYHInFe.exe
  C:\Windows\System\BYHInFe.exe
  2⤵
  PID:3224
- C:\Windows\System\chuTBKM.exe
  C:\Windows\System\chuTBKM.exe
  2⤵
  PID:3296
- C:\Windows\System\ERvoLpc.exe
  C:\Windows\System\ERvoLpc.exe
  2⤵
  PID:4068
- C:\Windows\System\cXHJaMp.exe
  C:\Windows\System\cXHJaMp.exe
  2⤵
  PID:3152
- C:\Windows\System\aACauzn.exe
  C:\Windows\System\aACauzn.exe
  2⤵
  PID:1688
- C:\Windows\System\tGHXrUU.exe
  C:\Windows\System\tGHXrUU.exe
  2⤵
  PID:3476
- C:\Windows\System\DKmJxIQ.exe
  C:\Windows\System\DKmJxIQ.exe
  2⤵
  PID:3588
- C:\Windows\System\iFdaDvQ.exe
  C:\Windows\System\iFdaDvQ.exe
  2⤵
  PID:3544
- C:\Windows\System\zllRdqB.exe
  C:\Windows\System\zllRdqB.exe
  2⤵
  PID:3516
- C:\Windows\System\VCFieUR.exe
  C:\Windows\System\VCFieUR.exe
  2⤵
  PID:3004
- C:\Windows\System\UIsDecu.exe
  C:\Windows\System\UIsDecu.exe
  2⤵
  PID:3872
- C:\Windows\System\fTeXiES.exe
  C:\Windows\System\fTeXiES.exe
  2⤵
  PID:3680
- C:\Windows\System\xufLAof.exe
  C:\Windows\System\xufLAof.exe
  2⤵
  PID:3908
- C:\Windows\System\mZmbtER.exe
  C:\Windows\System\mZmbtER.exe
  2⤵
  PID:3820
- C:\Windows\System\SqwISyX.exe
  C:\Windows\System\SqwISyX.exe
  2⤵
  PID:3936
- C:\Windows\System\LGfaMKs.exe
  C:\Windows\System\LGfaMKs.exe
  2⤵
  PID:3792
- C:\Windows\System\UxTCCug.exe
  C:\Windows\System\UxTCCug.exe
  2⤵
  PID:4008
- C:\Windows\System\KYwJvRE.exe
  C:\Windows\System\KYwJvRE.exe
  2⤵
  PID:3772
- C:\Windows\System\AfkmjxP.exe
  C:\Windows\System\AfkmjxP.exe
  2⤵
  PID:4032
- C:\Windows\System\AQhBdfX.exe
  C:\Windows\System\AQhBdfX.exe
  2⤵
  PID:4036
- C:\Windows\System\cydLuvJ.exe
  C:\Windows\System\cydLuvJ.exe
  2⤵
  PID:3160
- C:\Windows\System\cWtjoNL.exe
  C:\Windows\System\cWtjoNL.exe
  2⤵
  PID:3356
- C:\Windows\System\XXXhyZU.exe
  C:\Windows\System\XXXhyZU.exe
  2⤵
  PID:3228
- C:\Windows\System\lgwflhl.exe
  C:\Windows\System\lgwflhl.exe
  2⤵
  PID:4064
- C:\Windows\System\lKQAVTk.exe
  C:\Windows\System\lKQAVTk.exe
  2⤵
  PID:3468
- C:\Windows\System\ZlhpfOY.exe
  C:\Windows\System\ZlhpfOY.exe
  2⤵
  PID:3412
- C:\Windows\System\RHYRDye.exe
  C:\Windows\System\RHYRDye.exe
  2⤵
  PID:3744
- C:\Windows\System\sUswGRX.exe
  C:\Windows\System\sUswGRX.exe
  2⤵
  PID:3652
- C:\Windows\System\jRBvavD.exe
  C:\Windows\System\jRBvavD.exe
  2⤵
  PID:3696
- C:\Windows\System\gMAMukP.exe
  C:\Windows\System\gMAMukP.exe
  2⤵
  PID:4092
- C:\Windows\System\EnRvofG.exe
  C:\Windows\System\EnRvofG.exe
  2⤵
  PID:3332
- C:\Windows\System\omdEaez.exe
  C:\Windows\System\omdEaez.exe
  2⤵
  PID:3320
- C:\Windows\System\WOFamho.exe
  C:\Windows\System\WOFamho.exe
  2⤵
  PID:3988
- C:\Windows\System\pdaZYUE.exe
  C:\Windows\System\pdaZYUE.exe
  2⤵
  PID:3632
- C:\Windows\System\zvUagwn.exe
  C:\Windows\System\zvUagwn.exe
  2⤵
  PID:4108
- C:\Windows\System\CBHXsgs.exe
  C:\Windows\System\CBHXsgs.exe
  2⤵
  PID:4172
- C:\Windows\System\gAEUAGn.exe
  C:\Windows\System\gAEUAGn.exe
  2⤵
  PID:4192
- C:\Windows\System\deVVoHs.exe
  C:\Windows\System\deVVoHs.exe
  2⤵
  PID:4208
- C:\Windows\System\ooKseIg.exe
  C:\Windows\System\ooKseIg.exe
  2⤵
  PID:4224
- C:\Windows\System\mZxCTjH.exe
  C:\Windows\System\mZxCTjH.exe
  2⤵
  PID:4240
- C:\Windows\System\NgLrPQO.exe
  C:\Windows\System\NgLrPQO.exe
  2⤵
  PID:4260
- C:\Windows\System\rjpBZGu.exe
  C:\Windows\System\rjpBZGu.exe
  2⤵
  PID:4288
- C:\Windows\System\iXhoibf.exe
  C:\Windows\System\iXhoibf.exe
  2⤵
  PID:4304
- C:\Windows\System\wmXfmNR.exe
  C:\Windows\System\wmXfmNR.exe
  2⤵
  PID:4324
- C:\Windows\System\bEZlYao.exe
  C:\Windows\System\bEZlYao.exe
  2⤵
  PID:4340
- C:\Windows\System\XIrbxbj.exe
  C:\Windows\System\XIrbxbj.exe
  2⤵
  PID:4356
- C:\Windows\System\efHxRcN.exe
  C:\Windows\System\efHxRcN.exe
  2⤵
  PID:4372
- C:\Windows\System\AoUjDPO.exe
  C:\Windows\System\AoUjDPO.exe
  2⤵
  PID:4392
- C:\Windows\System\JPtWLjV.exe
  C:\Windows\System\JPtWLjV.exe
  2⤵
  PID:4412
- C:\Windows\System\CzkFoMD.exe
  C:\Windows\System\CzkFoMD.exe
  2⤵
  PID:4428
- C:\Windows\System\JGagbGC.exe
  C:\Windows\System\JGagbGC.exe
  2⤵
  PID:4444
- C:\Windows\System\qbXoilS.exe
  C:\Windows\System\qbXoilS.exe
  2⤵
  PID:4464
- C:\Windows\System\qhXNyQj.exe
  C:\Windows\System\qhXNyQj.exe
  2⤵
  PID:4484
- C:\Windows\System\wWLtCcq.exe
  C:\Windows\System\wWLtCcq.exe
  2⤵
  PID:4500
- C:\Windows\System\YfQnxXB.exe
  C:\Windows\System\YfQnxXB.exe
  2⤵
  PID:4516
- C:\Windows\System\nUMOjGa.exe
  C:\Windows\System\nUMOjGa.exe
  2⤵
  PID:4532
- C:\Windows\System\SWIxTiI.exe
  C:\Windows\System\SWIxTiI.exe
  2⤵
  PID:4552
- C:\Windows\System\iCPPjMP.exe
  C:\Windows\System\iCPPjMP.exe
  2⤵
  PID:4576
- C:\Windows\System\GPXlYOh.exe
  C:\Windows\System\GPXlYOh.exe
  2⤵
  PID:4628
- C:\Windows\System\YHhJOrQ.exe
  C:\Windows\System\YHhJOrQ.exe
  2⤵
  PID:4652
- C:\Windows\System\bUbHcOK.exe
  C:\Windows\System\bUbHcOK.exe
  2⤵
  PID:4668
- C:\Windows\System\JuqWLhV.exe
  C:\Windows\System\JuqWLhV.exe
  2⤵
  PID:4696
- C:\Windows\System\UwQIwiI.exe
  C:\Windows\System\UwQIwiI.exe
  2⤵
  PID:4720
- C:\Windows\System\tOpMTsb.exe
  C:\Windows\System\tOpMTsb.exe
  2⤵
  PID:4740
- C:\Windows\System\wxcHAYG.exe
  C:\Windows\System\wxcHAYG.exe
  2⤵
  PID:4760
- C:\Windows\System\fFCLcgC.exe
  C:\Windows\System\fFCLcgC.exe
  2⤵
  PID:4780
- C:\Windows\System\CiRVsCV.exe
  C:\Windows\System\CiRVsCV.exe
  2⤵
  PID:4796
- C:\Windows\System\EkmGCuv.exe
  C:\Windows\System\EkmGCuv.exe
  2⤵
  PID:4816
- C:\Windows\System\MhOLjpM.exe
  C:\Windows\System\MhOLjpM.exe
  2⤵
  PID:4832
- C:\Windows\System\fPXUYMP.exe
  C:\Windows\System\fPXUYMP.exe
  2⤵
  PID:4860
- C:\Windows\System\oefLifH.exe
  C:\Windows\System\oefLifH.exe
  2⤵
  PID:4876
- C:\Windows\System\Bdzquza.exe
  C:\Windows\System\Bdzquza.exe
  2⤵
  PID:4892
- C:\Windows\System\hCfZGEF.exe
  C:\Windows\System\hCfZGEF.exe
  2⤵
  PID:4912
- C:\Windows\System\NqZpWer.exe
  C:\Windows\System\NqZpWer.exe
  2⤵
  PID:4928
- C:\Windows\System\KuRFTTi.exe
  C:\Windows\System\KuRFTTi.exe
  2⤵
  PID:4948
- C:\Windows\System\mVlDFfk.exe
  C:\Windows\System\mVlDFfk.exe
  2⤵
  PID:4968
- C:\Windows\System\tUqEFvL.exe
  C:\Windows\System\tUqEFvL.exe
  2⤵
  PID:4984
- C:\Windows\System\StSUZwj.exe
  C:\Windows\System\StSUZwj.exe
  2⤵
  PID:5004
- C:\Windows\System\AfVxduN.exe
  C:\Windows\System\AfVxduN.exe
  2⤵
  PID:5020
- C:\Windows\System\wEWpFCf.exe
  C:\Windows\System\wEWpFCf.exe
  2⤵
  PID:5036
- C:\Windows\System\BMvBsDo.exe
  C:\Windows\System\BMvBsDo.exe
  2⤵
  PID:5060
- C:\Windows\System\WKuPhSy.exe
  C:\Windows\System\WKuPhSy.exe
  2⤵
  PID:5076
- C:\Windows\System\QQZjcvZ.exe
  C:\Windows\System\QQZjcvZ.exe
  2⤵
  PID:5092
- C:\Windows\System\waoWUhU.exe
  C:\Windows\System\waoWUhU.exe
  2⤵
  PID:5112
- C:\Windows\System\lJBhyDR.exe
  C:\Windows\System\lJBhyDR.exe
  2⤵
  PID:3156
- C:\Windows\System\nJIRFTf.exe
  C:\Windows\System\nJIRFTf.exe
  2⤵
  PID:3536
- C:\Windows\System\jmkGFky.exe
  C:\Windows\System\jmkGFky.exe
  2⤵
  PID:3372
- C:\Windows\System\tOHBfNO.exe
  C:\Windows\System\tOHBfNO.exe
  2⤵
  PID:3716
- C:\Windows\System\uOlpMVe.exe
  C:\Windows\System\uOlpMVe.exe
  2⤵
  PID:2364
- C:\Windows\System\uEYQrTT.exe
  C:\Windows\System\uEYQrTT.exe
  2⤵
  PID:4100
- C:\Windows\System\wBzKUNn.exe
  C:\Windows\System\wBzKUNn.exe
  2⤵
  PID:4120
- C:\Windows\System\JFjWvrP.exe
  C:\Windows\System\JFjWvrP.exe
  2⤵
  PID:3556
- C:\Windows\System\kCpxChy.exe
  C:\Windows\System\kCpxChy.exe
  2⤵
  PID:3360
- C:\Windows\System\ynHInzH.exe
  C:\Windows\System\ynHInzH.exe
  2⤵
  PID:4184
- C:\Windows\System\cibVTSp.exe
  C:\Windows\System\cibVTSp.exe
  2⤵
  PID:4132
- C:\Windows\System\sGowasU.exe
  C:\Windows\System\sGowasU.exe
  2⤵
  PID:4148
- C:\Windows\System\oZFYGPM.exe
  C:\Windows\System\oZFYGPM.exe
  2⤵
  PID:4164
- C:\Windows\System\gHCmqdz.exe
  C:\Windows\System\gHCmqdz.exe
  2⤵
  PID:4236
- C:\Windows\System\czJFZRF.exe
  C:\Windows\System\czJFZRF.exe
  2⤵
  PID:4252
- C:\Windows\System\QxNtrJl.exe
  C:\Windows\System\QxNtrJl.exe
  2⤵
  PID:4272
- C:\Windows\System\jWrxcyX.exe
  C:\Windows\System\jWrxcyX.exe
  2⤵
  PID:4336
- C:\Windows\System\ptTWPGH.exe
  C:\Windows\System\ptTWPGH.exe
  2⤵
  PID:4404
- C:\Windows\System\dzwRMnt.exe
  C:\Windows\System\dzwRMnt.exe
  2⤵
  PID:4280
- C:\Windows\System\NfOMWfZ.exe
  C:\Windows\System\NfOMWfZ.exe
  2⤵
  PID:4472
- C:\Windows\System\XVSVCzI.exe
  C:\Windows\System\XVSVCzI.exe
  2⤵
  PID:4508
- C:\Windows\System\rjfIPJj.exe
  C:\Windows\System\rjfIPJj.exe
  2⤵
  PID:4544
- C:\Windows\System\omQmWYi.exe
  C:\Windows\System\omQmWYi.exe
  2⤵
  PID:4600
- C:\Windows\System\PNjJXNp.exe
  C:\Windows\System\PNjJXNp.exe
  2⤵
  PID:4616
- C:\Windows\System\mxLwxpA.exe
  C:\Windows\System\mxLwxpA.exe
  2⤵
  PID:4316
- C:\Windows\System\SkQGpLP.exe
  C:\Windows\System\SkQGpLP.exe
  2⤵
  PID:4420
- C:\Windows\System\mSSYjYG.exe
  C:\Windows\System\mSSYjYG.exe
  2⤵
  PID:4460
- C:\Windows\System\iDFmDNn.exe
  C:\Windows\System\iDFmDNn.exe
  2⤵
  PID:4528
- C:\Windows\System\AYTuPHS.exe
  C:\Windows\System\AYTuPHS.exe
  2⤵
  PID:4572
- C:\Windows\System\sMtIJMK.exe
  C:\Windows\System\sMtIJMK.exe
  2⤵
  PID:4648
- C:\Windows\System\VeiedkR.exe
  C:\Windows\System\VeiedkR.exe
  2⤵
  PID:4664
- C:\Windows\System\EfAlbCD.exe
  C:\Windows\System\EfAlbCD.exe
  2⤵
  PID:4716
- C:\Windows\System\QINmcCe.exe
  C:\Windows\System\QINmcCe.exe
  2⤵
  PID:4732
- C:\Windows\System\unEzaOd.exe
  C:\Windows\System\unEzaOd.exe
  2⤵
  PID:4788
- C:\Windows\System\IulKZaY.exe
  C:\Windows\System\IulKZaY.exe
  2⤵
  PID:4828
- C:\Windows\System\mxqhJOk.exe
  C:\Windows\System\mxqhJOk.exe
  2⤵
  PID:4856
- C:\Windows\System\XdiBTtr.exe
  C:\Windows\System\XdiBTtr.exe
  2⤵
  PID:4812
- C:\Windows\System\ICDEVjo.exe
  C:\Windows\System\ICDEVjo.exe
  2⤵
  PID:4900
- C:\Windows\System\GmgSDqY.exe
  C:\Windows\System\GmgSDqY.exe
  2⤵
  PID:4940
- C:\Windows\System\RBgFcSW.exe
  C:\Windows\System\RBgFcSW.exe
  2⤵
  PID:4920
- C:\Windows\System\rfyLkMG.exe
  C:\Windows\System\rfyLkMG.exe
  2⤵
  PID:5016
- C:\Windows\System\wsxgCUn.exe
  C:\Windows\System\wsxgCUn.exe
  2⤵
  PID:4964
- C:\Windows\System\WBJDOgW.exe
  C:\Windows\System\WBJDOgW.exe
  2⤵
  PID:4440
- C:\Windows\System\uPazdoe.exe
  C:\Windows\System\uPazdoe.exe
  2⤵
  PID:4592
- C:\Windows\System\cyvCIUd.exe
  C:\Windows\System\cyvCIUd.exe
  2⤵
  PID:4352
- C:\Windows\System\QuOqzlm.exe
  C:\Windows\System\QuOqzlm.exe
  2⤵
  PID:4320
- C:\Windows\System\KBSREOY.exe
  C:\Windows\System\KBSREOY.exe
  2⤵
  PID:4612
- C:\Windows\System\UWpUgJg.exe
  C:\Windows\System\UWpUgJg.exe
  2⤵
  PID:4728
- C:\Windows\System\kISaxTP.exe
  C:\Windows\System\kISaxTP.exe
  2⤵
  PID:4804
- C:\Windows\System\Mvxxaqm.exe
  C:\Windows\System\Mvxxaqm.exe
  2⤵
  PID:4772
- C:\Windows\System\FlVSJsS.exe
  C:\Windows\System\FlVSJsS.exe
  2⤵
  PID:4496
- C:\Windows\System\SubFtLx.exe
  C:\Windows\System\SubFtLx.exe
  2⤵
  PID:4976
- C:\Windows\System\fObleRk.exe
  C:\Windows\System\fObleRk.exe
  2⤵
  PID:4980
- C:\Windows\System\yrhkawe.exe
  C:\Windows\System\yrhkawe.exe
  2⤵
  PID:5032
- C:\Windows\System\VmOCJCf.exe
  C:\Windows\System\VmOCJCf.exe
  2⤵
  PID:5088
- C:\Windows\System\MghnvIx.exe
  C:\Windows\System\MghnvIx.exe
  2⤵
  PID:3896
- C:\Windows\System\jLIwzpD.exe
  C:\Windows\System\jLIwzpD.exe
  2⤵
  PID:3612
- C:\Windows\System\RhHuuwQ.exe
  C:\Windows\System\RhHuuwQ.exe
  2⤵
  PID:5108
- C:\Windows\System\iEaIbpa.exe
  C:\Windows\System\iEaIbpa.exe
  2⤵
  PID:2860
- C:\Windows\System\HpBTbWu.exe
  C:\Windows\System\HpBTbWu.exe
  2⤵
  PID:4128
- C:\Windows\System\ieXpEyU.exe
  C:\Windows\System\ieXpEyU.exe
  2⤵
  PID:4144
- C:\Windows\System\wBOTeqp.exe
  C:\Windows\System\wBOTeqp.exe
  2⤵
  PID:4364
- C:\Windows\System\HvQLGNR.exe
  C:\Windows\System\HvQLGNR.exe
  2⤵
  PID:4436
- C:\Windows\System\AzgTEVA.exe
  C:\Windows\System\AzgTEVA.exe
  2⤵
  PID:4596
- C:\Windows\System\sGZNZrW.exe
  C:\Windows\System\sGZNZrW.exe
  2⤵
  PID:4388
- C:\Windows\System\HbwMsgq.exe
  C:\Windows\System\HbwMsgq.exe
  2⤵
  PID:4752
- C:\Windows\System\HEFXese.exe
  C:\Windows\System\HEFXese.exe
  2⤵
  PID:4776
- C:\Windows\System\XtRGJIU.exe
  C:\Windows\System\XtRGJIU.exe
  2⤵
  PID:4904
- C:\Windows\System\XdQMtpH.exe
  C:\Windows\System\XdQMtpH.exe
  2⤵
  PID:4872
- C:\Windows\System\ZtlhLFu.exe
  C:\Windows\System\ZtlhLFu.exe
  2⤵
  PID:4956
- C:\Windows\System\FZlqBvg.exe
  C:\Windows\System\FZlqBvg.exe
  2⤵
  PID:5084
- C:\Windows\System\nDiFegp.exe
  C:\Windows\System\nDiFegp.exe
  2⤵
  PID:2356
- C:\Windows\System\vzIzPuS.exe
  C:\Windows\System\vzIzPuS.exe
  2⤵
  PID:4004
- C:\Windows\System\pdsUaDy.exe
  C:\Windows\System\pdsUaDy.exe
  2⤵
  PID:3400
- C:\Windows\System\YhTVtrr.exe
  C:\Windows\System\YhTVtrr.exe
  2⤵
  PID:4188
- C:\Windows\System\Hgfqyqy.exe
  C:\Windows\System\Hgfqyqy.exe
  2⤵
  PID:3648
- C:\Windows\System\ZMGwlaT.exe
  C:\Windows\System\ZMGwlaT.exe
  2⤵
  PID:4332
- C:\Windows\System\AjBidan.exe
  C:\Windows\System\AjBidan.exe
  2⤵
  PID:4676
- C:\Windows\System\XcyuiVh.exe
  C:\Windows\System\XcyuiVh.exe
  2⤵
  PID:4924
- C:\Windows\System\KcLrorW.exe
  C:\Windows\System\KcLrorW.exe
  2⤵
  PID:5100
- C:\Windows\System\ceQoDtd.exe
  C:\Windows\System\ceQoDtd.exe
  2⤵
  PID:5124
- C:\Windows\System\tbTYxrg.exe
  C:\Windows\System\tbTYxrg.exe
  2⤵
  PID:5140
- C:\Windows\System\iTLXApu.exe
  C:\Windows\System\iTLXApu.exe
  2⤵
  PID:5156
- C:\Windows\System\Sjfwhnp.exe
  C:\Windows\System\Sjfwhnp.exe
  2⤵
  PID:5172
- C:\Windows\System\hpmvCpZ.exe
  C:\Windows\System\hpmvCpZ.exe
  2⤵
  PID:5192
- C:\Windows\System\aNQqBVh.exe
  C:\Windows\System\aNQqBVh.exe
  2⤵
  PID:5216
- C:\Windows\System\RvKehQW.exe
  C:\Windows\System\RvKehQW.exe
  2⤵
  PID:5236
- C:\Windows\System\FnwMmjr.exe
  C:\Windows\System\FnwMmjr.exe
  2⤵
  PID:5252
- C:\Windows\System\AXppyTR.exe
  C:\Windows\System\AXppyTR.exe
  2⤵
  PID:5272
- C:\Windows\System\ibdnUMG.exe
  C:\Windows\System\ibdnUMG.exe
  2⤵
  PID:5292
- C:\Windows\System\VNWWoRj.exe
  C:\Windows\System\VNWWoRj.exe
  2⤵
  PID:5308
- C:\Windows\System\iVljHyR.exe
  C:\Windows\System\iVljHyR.exe
  2⤵
  PID:5328
- C:\Windows\System\EcPDWIN.exe
  C:\Windows\System\EcPDWIN.exe
  2⤵
  PID:5348
- C:\Windows\System\daJKzAd.exe
  C:\Windows\System\daJKzAd.exe
  2⤵
  PID:5364
- C:\Windows\System\eYtDzRl.exe
  C:\Windows\System\eYtDzRl.exe
  2⤵
  PID:5416
- C:\Windows\System\OWvanoX.exe
  C:\Windows\System\OWvanoX.exe
  2⤵
  PID:5440
- C:\Windows\System\lBpSWXu.exe
  C:\Windows\System\lBpSWXu.exe
  2⤵
  PID:5456
- C:\Windows\System\nbGvMRM.exe
  C:\Windows\System\nbGvMRM.exe
  2⤵
  PID:5472
- C:\Windows\System\YskNnjG.exe
  C:\Windows\System\YskNnjG.exe
  2⤵
  PID:5492
- C:\Windows\System\LjbXnxT.exe
  C:\Windows\System\LjbXnxT.exe
  2⤵
  PID:5512
- C:\Windows\System\ogKihiG.exe
  C:\Windows\System\ogKihiG.exe
  2⤵
  PID:5544
- C:\Windows\System\Akytnfm.exe
  C:\Windows\System\Akytnfm.exe
  2⤵
  PID:5560
- C:\Windows\System\oWQlTiw.exe
  C:\Windows\System\oWQlTiw.exe
  2⤵
  PID:5584
- C:\Windows\System\rawSBnW.exe
  C:\Windows\System\rawSBnW.exe
  2⤵
  PID:5600
- C:\Windows\System\pzBBBtf.exe
  C:\Windows\System\pzBBBtf.exe
  2⤵
  PID:5616
- C:\Windows\System\yqKXChn.exe
  C:\Windows\System\yqKXChn.exe
  2⤵
  PID:5632
- C:\Windows\System\genzLsj.exe
  C:\Windows\System\genzLsj.exe
  2⤵
  PID:5652
- C:\Windows\System\iiqZDwT.exe
  C:\Windows\System\iiqZDwT.exe
  2⤵
  PID:5668
- C:\Windows\System\DmaGRyA.exe
  C:\Windows\System\DmaGRyA.exe
  2⤵
  PID:5684
- C:\Windows\System\kxEMyen.exe
  C:\Windows\System\kxEMyen.exe
  2⤵
  PID:5700
- C:\Windows\System\QBSvBPA.exe
  C:\Windows\System\QBSvBPA.exe
  2⤵
  PID:5716
- C:\Windows\System\JXqeoyg.exe
  C:\Windows\System\JXqeoyg.exe
  2⤵
  PID:5732
- C:\Windows\System\qYIxLFv.exe
  C:\Windows\System\qYIxLFv.exe
  2⤵
  PID:5748
- C:\Windows\System\ekPPzRP.exe
  C:\Windows\System\ekPPzRP.exe
  2⤵
  PID:5764
- C:\Windows\System\TwpCOmo.exe
  C:\Windows\System\TwpCOmo.exe
  2⤵
  PID:5780
- C:\Windows\System\OgPKUzp.exe
  C:\Windows\System\OgPKUzp.exe
  2⤵
  PID:5796
- C:\Windows\System\FuHWTHu.exe
  C:\Windows\System\FuHWTHu.exe
  2⤵
  PID:5812
- C:\Windows\System\mCMVCxu.exe
  C:\Windows\System\mCMVCxu.exe
  2⤵
  PID:5828
- C:\Windows\System\nIpqOYi.exe
  C:\Windows\System\nIpqOYi.exe
  2⤵
  PID:5848
- C:\Windows\System\CaexjeR.exe
  C:\Windows\System\CaexjeR.exe
  2⤵
  PID:5876
- C:\Windows\System\IoSqord.exe
  C:\Windows\System\IoSqord.exe
  2⤵
  PID:5892
- C:\Windows\System\kEqMaHx.exe
  C:\Windows\System\kEqMaHx.exe
  2⤵
  PID:5908
- C:\Windows\System\cForWNy.exe
  C:\Windows\System\cForWNy.exe
  2⤵
  PID:5932
- C:\Windows\System\NrLUhaD.exe
  C:\Windows\System\NrLUhaD.exe
  2⤵
  PID:5952
- C:\Windows\System\sBtWeGz.exe
  C:\Windows\System\sBtWeGz.exe
  2⤵
  PID:5976
- C:\Windows\System\knJLUSW.exe
  C:\Windows\System\knJLUSW.exe
  2⤵
  PID:5996
- C:\Windows\System\XUDxcKO.exe
  C:\Windows\System\XUDxcKO.exe
  2⤵
  PID:6020
- C:\Windows\System\sQhkTHP.exe
  C:\Windows\System\sQhkTHP.exe
  2⤵
  PID:6036
- C:\Windows\System\aIHklmo.exe
  C:\Windows\System\aIHklmo.exe
  2⤵
  PID:6056
- C:\Windows\System\ryYTtlY.exe
  C:\Windows\System\ryYTtlY.exe
  2⤵
  PID:6072
- C:\Windows\System\nCUJlVm.exe
  C:\Windows\System\nCUJlVm.exe
  2⤵
  PID:6088
- C:\Windows\System\DqxZDPY.exe
  C:\Windows\System\DqxZDPY.exe
  2⤵
  PID:6104
- C:\Windows\System\lQcncbv.exe
  C:\Windows\System\lQcncbv.exe
  2⤵
  PID:6124
- C:\Windows\System\yXqtnmv.exe
  C:\Windows\System\yXqtnmv.exe
  2⤵
  PID:6140
- C:\Windows\System\YurAvRr.exe
  C:\Windows\System\YurAvRr.exe
  2⤵
  PID:4848
- C:\Windows\System\cwrxzSb.exe
  C:\Windows\System\cwrxzSb.exe
  2⤵
  PID:5148
- C:\Windows\System\wnjHnnP.exe
  C:\Windows\System\wnjHnnP.exe
  2⤵
  PID:5188
- C:\Windows\System\LXtZEcw.exe
  C:\Windows\System\LXtZEcw.exe
  2⤵
  PID:5232
- C:\Windows\System\oIshdKA.exe
  C:\Windows\System\oIshdKA.exe
  2⤵
  PID:5304
- C:\Windows\System\XnQruPd.exe
  C:\Windows\System\XnQruPd.exe
  2⤵
  PID:5344
- C:\Windows\System\OaQMBbt.exe
  C:\Windows\System\OaQMBbt.exe
  2⤵
  PID:4480
- C:\Windows\System\HRjFAXp.exe
  C:\Windows\System\HRjFAXp.exe
  2⤵
  PID:3480
- C:\Windows\System\YnhaeOd.exe
  C:\Windows\System\YnhaeOd.exe
  2⤵
  PID:4608
- C:\Windows\System\AWDWYPe.exe
  C:\Windows\System\AWDWYPe.exe
  2⤵
  PID:5200
- C:\Windows\System\HrsNLRr.exe
  C:\Windows\System\HrsNLRr.exe
  2⤵
  PID:5208
- C:\Windows\System\kNcflNl.exe
  C:\Windows\System\kNcflNl.exe
  2⤵
  PID:5284
- C:\Windows\System\TNfFHwh.exe
  C:\Windows\System\TNfFHwh.exe
  2⤵
  PID:5168
- C:\Windows\System\cYWvErd.exe
  C:\Windows\System\cYWvErd.exe
  2⤵
  PID:4704
- C:\Windows\System\XdjrlgR.exe
  C:\Windows\System\XdjrlgR.exe
  2⤵
  PID:5388
- C:\Windows\System\ahUeLsn.exe
  C:\Windows\System\ahUeLsn.exe
  2⤵
  PID:5408
- C:\Windows\System\TlbVNkb.exe
  C:\Windows\System\TlbVNkb.exe
  2⤵
  PID:5484
- C:\Windows\System\cZawqad.exe
  C:\Windows\System\cZawqad.exe
  2⤵
  PID:5428
- C:\Windows\System\HLaYANA.exe
  C:\Windows\System\HLaYANA.exe
  2⤵
  PID:5468
- C:\Windows\System\RmcvtXA.exe
  C:\Windows\System\RmcvtXA.exe
  2⤵
  PID:5508
- C:\Windows\System\ZHLSCcm.exe
  C:\Windows\System\ZHLSCcm.exe
  2⤵
  PID:5540
- C:\Windows\System\ojZTLcZ.exe
  C:\Windows\System\ojZTLcZ.exe
  2⤵
  PID:5568
- C:\Windows\System\LYPAbsg.exe
  C:\Windows\System\LYPAbsg.exe
  2⤵
  PID:5608
- C:\Windows\System\gXEKJYS.exe
  C:\Windows\System\gXEKJYS.exe
  2⤵
  PID:5648
- C:\Windows\System\uXruRWX.exe
  C:\Windows\System\uXruRWX.exe
  2⤵
  PID:5596
- C:\Windows\System\hoDAVAx.exe
  C:\Windows\System\hoDAVAx.exe
  2⤵
  PID:5712
- C:\Windows\System\LEmcDAC.exe
  C:\Windows\System\LEmcDAC.exe
  2⤵
  PID:5724
- C:\Windows\System\FvxWotK.exe
  C:\Windows\System\FvxWotK.exe
  2⤵
  PID:5824
- C:\Windows\System\AyPRHef.exe
  C:\Windows\System\AyPRHef.exe
  2⤵
  PID:5744
- C:\Windows\System\vrHnlbP.exe
  C:\Windows\System\vrHnlbP.exe
  2⤵
  PID:5844
- C:\Windows\System\tbWTlEv.exe
  C:\Windows\System\tbWTlEv.exe
  2⤵
  PID:5888
- C:\Windows\System\qbsstRt.exe
  C:\Windows\System\qbsstRt.exe
  2⤵
  PID:5868
- C:\Windows\System\woPSeOB.exe
  C:\Windows\System\woPSeOB.exe
  2⤵
  PID:5920
- C:\Windows\System\AfZQjKJ.exe
  C:\Windows\System\AfZQjKJ.exe
  2⤵
  PID:5968
- C:\Windows\System\FSijtyw.exe
  C:\Windows\System\FSijtyw.exe
  2⤵
  PID:5988
- C:\Windows\System\JoduMIn.exe
  C:\Windows\System\JoduMIn.exe
  2⤵
  PID:6008
- C:\Windows\System\yDSUCNE.exe
  C:\Windows\System\yDSUCNE.exe
  2⤵
  PID:6080
- C:\Windows\System\cmFhpjY.exe
  C:\Windows\System\cmFhpjY.exe
  2⤵
  PID:6120
- C:\Windows\System\HCLCpyt.exe
  C:\Windows\System\HCLCpyt.exe
  2⤵
  PID:4312
- C:\Windows\System\tqeMBuN.exe
  C:\Windows\System\tqeMBuN.exe
  2⤵
  PID:5300
- C:\Windows\System\sbFtSGI.exe
  C:\Windows\System\sbFtSGI.exe
  2⤵
  PID:4456
- C:\Windows\System\ZrFFahw.exe
  C:\Windows\System\ZrFFahw.exe
  2⤵
  PID:5048
- C:\Windows\System\iPGWASQ.exe
  C:\Windows\System\iPGWASQ.exe
  2⤵
  PID:4756
- C:\Windows\System\ggHCuCf.exe
  C:\Windows\System\ggHCuCf.exe
  2⤵
  PID:5396
- C:\Windows\System\kraaqOt.exe
  C:\Windows\System\kraaqOt.exe
  2⤵
  PID:5360
- C:\Windows\System\cwzCoHy.exe
  C:\Windows\System\cwzCoHy.exe
  2⤵
  PID:5448
- C:\Windows\System\rSBADDI.exe
  C:\Windows\System\rSBADDI.exe
  2⤵
  PID:5536
- C:\Windows\System\fzadvdw.exe
  C:\Windows\System\fzadvdw.exe
  2⤵
  PID:5504
- C:\Windows\System\ibgogpO.exe
  C:\Windows\System\ibgogpO.exe
  2⤵
  PID:5572
- C:\Windows\System\lzJiUjw.exe
  C:\Windows\System\lzJiUjw.exe
  2⤵
  PID:5696
- C:\Windows\System\LvyTSBY.exe
  C:\Windows\System\LvyTSBY.exe
  2⤵
  PID:5628
- C:\Windows\System\AuhIwbA.exe
  C:\Windows\System\AuhIwbA.exe
  2⤵
  PID:5860
- C:\Windows\System\WpUiwPB.exe
  C:\Windows\System\WpUiwPB.exe
  2⤵
  PID:5904
- C:\Windows\System\AOvLXNt.exe
  C:\Windows\System\AOvLXNt.exe
  2⤵
  PID:6068
- C:\Windows\System\luksaQG.exe
  C:\Windows\System\luksaQG.exe
  2⤵
  PID:5760
- C:\Windows\System\qaokuhf.exe
  C:\Windows\System\qaokuhf.exe
  2⤵
  PID:5756
- C:\Windows\System\eiFSevI.exe
  C:\Windows\System\eiFSevI.exe
  2⤵
  PID:6012
- C:\Windows\System\QsoyceF.exe
  C:\Windows\System\QsoyceF.exe
  2⤵
  PID:4588
- C:\Windows\System\BflWJZs.exe
  C:\Windows\System\BflWJZs.exe
  2⤵
  PID:5436
- C:\Windows\System\zoKzxNB.exe
  C:\Windows\System\zoKzxNB.exe
  2⤵
  PID:6136
- C:\Windows\System\jrMHikJ.exe
  C:\Windows\System\jrMHikJ.exe
  2⤵
  PID:5212
- C:\Windows\System\alVGVlo.exe
  C:\Windows\System\alVGVlo.exe
  2⤵
  PID:5132
- C:\Windows\System\mGszFWy.exe
  C:\Windows\System\mGszFWy.exe
  2⤵
  PID:3856
- C:\Windows\System\BPqbouh.exe
  C:\Windows\System\BPqbouh.exe
  2⤵
  PID:5404
- C:\Windows\System\VMbJdSD.exe
  C:\Windows\System\VMbJdSD.exe
  2⤵
  PID:5808
- C:\Windows\System\acllXpQ.exe
  C:\Windows\System\acllXpQ.exe
  2⤵
  PID:5900
- C:\Windows\System\TQQxAYK.exe
  C:\Windows\System\TQQxAYK.exe
  2⤵
  PID:5788
- C:\Windows\System\GhYKLox.exe
  C:\Windows\System\GhYKLox.exe
  2⤵
  PID:6064
- C:\Windows\System\EyuWfmA.exe
  C:\Windows\System\EyuWfmA.exe
  2⤵
  PID:6112
- C:\Windows\System\CEBvOwp.exe
  C:\Windows\System\CEBvOwp.exe
  2⤵
  PID:4220
- C:\Windows\System\MjzUsKV.exe
  C:\Windows\System\MjzUsKV.exe
  2⤵
  PID:6052
- C:\Windows\System\IIpnXrs.exe
  C:\Windows\System\IIpnXrs.exe
  2⤵
  PID:5184
- C:\Windows\System\bskMvda.exe
  C:\Windows\System\bskMvda.exe
  2⤵
  PID:5280
- C:\Windows\System\zZMBVoF.exe
  C:\Windows\System\zZMBVoF.exe
  2⤵
  PID:5640
- C:\Windows\System\MujuHEj.exe
  C:\Windows\System\MujuHEj.exe
  2⤵
  PID:5884
- C:\Windows\System\UvaGrdV.exe
  C:\Windows\System\UvaGrdV.exe
  2⤵
  PID:5972
- C:\Windows\System\NMMHUBo.exe
  C:\Windows\System\NMMHUBo.exe
  2⤵
  PID:6048
- C:\Windows\System\dLhkTiP.exe
  C:\Windows\System\dLhkTiP.exe
  2⤵
  PID:5244
- C:\Windows\System\NUxnlMA.exe
  C:\Windows\System\NUxnlMA.exe
  2⤵
  PID:4124
- C:\Windows\System\tysFlqY.exe
  C:\Windows\System\tysFlqY.exe
  2⤵
  PID:3868
- C:\Windows\System\QBYPsjV.exe
  C:\Windows\System\QBYPsjV.exe
  2⤵
  PID:5804
- C:\Windows\System\qSpABfJ.exe
  C:\Windows\System\qSpABfJ.exe
  2⤵
  PID:6004
- C:\Windows\System\tYyLCHr.exe
  C:\Windows\System\tYyLCHr.exe
  2⤵
  PID:5288
- C:\Windows\System\JxQxYsd.exe
  C:\Windows\System\JxQxYsd.exe
  2⤵
  PID:6164
- C:\Windows\System\aRJezRx.exe
  C:\Windows\System\aRJezRx.exe
  2⤵
  PID:6180
- C:\Windows\System\EAzdvRl.exe
  C:\Windows\System\EAzdvRl.exe
  2⤵
  PID:6196
- C:\Windows\System\vEFGXpJ.exe
  C:\Windows\System\vEFGXpJ.exe
  2⤵
  PID:6212
- C:\Windows\System\iUmJbDE.exe
  C:\Windows\System\iUmJbDE.exe
  2⤵
  PID:6236
- C:\Windows\System\wkJRXnq.exe
  C:\Windows\System\wkJRXnq.exe
  2⤵
  PID:6260
- C:\Windows\System\zKEDJCb.exe
  C:\Windows\System\zKEDJCb.exe
  2⤵
  PID:6280
- C:\Windows\System\MhNRxhI.exe
  C:\Windows\System\MhNRxhI.exe
  2⤵
  PID:6296
- C:\Windows\System\LTyvnge.exe
  C:\Windows\System\LTyvnge.exe
  2⤵
  PID:6320
- C:\Windows\System\xLYCxSH.exe
  C:\Windows\System\xLYCxSH.exe
  2⤵
  PID:6356
- C:\Windows\System\QgjKMFA.exe
  C:\Windows\System\QgjKMFA.exe
  2⤵
  PID:6372
- C:\Windows\System\bWfuUIo.exe
  C:\Windows\System\bWfuUIo.exe
  2⤵
  PID:6408
- C:\Windows\System\bomGDMx.exe
  C:\Windows\System\bomGDMx.exe
  2⤵
  PID:6432
- C:\Windows\System\LjtiGSQ.exe
  C:\Windows\System\LjtiGSQ.exe
  2⤵
  PID:6448
- C:\Windows\System\SDDiXSw.exe
  C:\Windows\System\SDDiXSw.exe
  2⤵
  PID:6464
- C:\Windows\System\nBTziaT.exe
  C:\Windows\System\nBTziaT.exe
  2⤵
  PID:6480
- C:\Windows\System\neYtcwq.exe
  C:\Windows\System\neYtcwq.exe
  2⤵
  PID:6496
- C:\Windows\System\UvnxQMD.exe
  C:\Windows\System\UvnxQMD.exe
  2⤵
  PID:6512
- C:\Windows\System\vTzoUWz.exe
  C:\Windows\System\vTzoUWz.exe
  2⤵
  PID:6532
- C:\Windows\System\GuZjbva.exe
  C:\Windows\System\GuZjbva.exe
  2⤵
  PID:6548
- C:\Windows\System\JwDnAug.exe
  C:\Windows\System\JwDnAug.exe
  2⤵
  PID:6564
- C:\Windows\System\CGnMnOC.exe
  C:\Windows\System\CGnMnOC.exe
  2⤵
  PID:6580
- C:\Windows\System\JbYhDNC.exe
  C:\Windows\System\JbYhDNC.exe
  2⤵
  PID:6596
- C:\Windows\System\sOzxWPb.exe
  C:\Windows\System\sOzxWPb.exe
  2⤵
  PID:6612
- C:\Windows\System\mTLCHlv.exe
  C:\Windows\System\mTLCHlv.exe
  2⤵
  PID:6628
- C:\Windows\System\JVwvQHF.exe
  C:\Windows\System\JVwvQHF.exe
  2⤵
  PID:6644
- C:\Windows\System\YWtNvSY.exe
  C:\Windows\System\YWtNvSY.exe
  2⤵
  PID:6672
- C:\Windows\System\uJUOoYE.exe
  C:\Windows\System\uJUOoYE.exe
  2⤵
  PID:6688
- C:\Windows\System\jFvvTSW.exe
  C:\Windows\System\jFvvTSW.exe
  2⤵
  PID:6712
- C:\Windows\System\QQqlOSO.exe
  C:\Windows\System\QQqlOSO.exe
  2⤵
  PID:6728
- C:\Windows\System\stZxcky.exe
  C:\Windows\System\stZxcky.exe
  2⤵
  PID:6744
- C:\Windows\System\HvGfrbI.exe
  C:\Windows\System\HvGfrbI.exe
  2⤵
  PID:6760
- C:\Windows\System\kFqMQEr.exe
  C:\Windows\System\kFqMQEr.exe
  2⤵
  PID:6776
- C:\Windows\System\YtxXzKL.exe
  C:\Windows\System\YtxXzKL.exe
  2⤵
  PID:6792
- C:\Windows\System\RbzRaYZ.exe
  C:\Windows\System\RbzRaYZ.exe
  2⤵
  PID:6808
- C:\Windows\System\TYYmEcX.exe
  C:\Windows\System\TYYmEcX.exe
  2⤵
  PID:6824
- C:\Windows\System\DCBhhYZ.exe
  C:\Windows\System\DCBhhYZ.exe
  2⤵
  PID:6840
- C:\Windows\System\XWmmIPn.exe
  C:\Windows\System\XWmmIPn.exe
  2⤵
  PID:6864
- C:\Windows\System\lofhrur.exe
  C:\Windows\System\lofhrur.exe
  2⤵
  PID:6880
- C:\Windows\System\bgWyNEQ.exe
  C:\Windows\System\bgWyNEQ.exe
  2⤵
  PID:6896
- C:\Windows\System\rNJwSiJ.exe
  C:\Windows\System\rNJwSiJ.exe
  2⤵
  PID:6912
- C:\Windows\System\YsNORJX.exe
  C:\Windows\System\YsNORJX.exe
  2⤵
  PID:6928
- C:\Windows\System\CtsHMPe.exe
  C:\Windows\System\CtsHMPe.exe
  2⤵
  PID:6944
- C:\Windows\System\blnjoGV.exe
  C:\Windows\System\blnjoGV.exe
  2⤵
  PID:6960
- C:\Windows\System\HRAcAmT.exe
  C:\Windows\System\HRAcAmT.exe
  2⤵
  PID:6976
- C:\Windows\System\ZoDtSMM.exe
  C:\Windows\System\ZoDtSMM.exe
  2⤵
  PID:6992
- C:\Windows\System\QMQJIyU.exe
  C:\Windows\System\QMQJIyU.exe
  2⤵
  PID:7008
- C:\Windows\System\AHQLUsF.exe
  C:\Windows\System\AHQLUsF.exe
  2⤵
  PID:7024
- C:\Windows\System\deIooBG.exe
  C:\Windows\System\deIooBG.exe
  2⤵
  PID:7044
- C:\Windows\System\MEVjLgD.exe
  C:\Windows\System\MEVjLgD.exe
  2⤵
  PID:7072
- C:\Windows\System\PXkBiJL.exe
  C:\Windows\System\PXkBiJL.exe
  2⤵
  PID:7088
- C:\Windows\System\CNAVdCF.exe
  C:\Windows\System\CNAVdCF.exe
  2⤵
  PID:7104
- C:\Windows\System\qRZXyDv.exe
  C:\Windows\System\qRZXyDv.exe
  2⤵
  PID:7120
- C:\Windows\System\ByOdkFR.exe
  C:\Windows\System\ByOdkFR.exe
  2⤵
  PID:7140
- C:\Windows\System\lClhEfX.exe
  C:\Windows\System\lClhEfX.exe
  2⤵
  PID:7156
- C:\Windows\System\XXqYPac.exe
  C:\Windows\System\XXqYPac.exe
  2⤵
  PID:6172
- C:\Windows\System\oQJOvms.exe
  C:\Windows\System\oQJOvms.exe
  2⤵
  PID:5924
- C:\Windows\System\KKfCmvK.exe
  C:\Windows\System\KKfCmvK.exe
  2⤵
  PID:6220
- C:\Windows\System\wwPUPNa.exe
  C:\Windows\System\wwPUPNa.exe
  2⤵
  PID:6228
- C:\Windows\System\EbknsKG.exe
  C:\Windows\System\EbknsKG.exe
  2⤵
  PID:6248
- C:\Windows\System\mJXzsUp.exe
  C:\Windows\System\mJXzsUp.exe
  2⤵
  PID:6292
- C:\Windows\System\rnjHAeJ.exe
  C:\Windows\System\rnjHAeJ.exe
  2⤵
  PID:6328
- C:\Windows\System\pLpNOCZ.exe
  C:\Windows\System\pLpNOCZ.exe
  2⤵
  PID:6344
- C:\Windows\System\dgJfnYg.exe
  C:\Windows\System\dgJfnYg.exe
  2⤵
  PID:6380
- C:\Windows\System\ZLlnFzO.exe
  C:\Windows\System\ZLlnFzO.exe
  2⤵
  PID:6420
- C:\Windows\System\uLgyNfv.exe
  C:\Windows\System\uLgyNfv.exe
  2⤵
  PID:6456
- C:\Windows\System\bCACzhb.exe
  C:\Windows\System\bCACzhb.exe
  2⤵
  PID:6524
- C:\Windows\System\aDDEojG.exe
  C:\Windows\System\aDDEojG.exe
  2⤵
  PID:6492
- C:\Windows\System\Rcbbyer.exe
  C:\Windows\System\Rcbbyer.exe
  2⤵
  PID:6624
- C:\Windows\System\YfZVZbh.exe
  C:\Windows\System\YfZVZbh.exe
  2⤵
  PID:6404
- C:\Windows\System\WweGrmg.exe
  C:\Windows\System\WweGrmg.exe
  2⤵
  PID:6476
- C:\Windows\System\jHbxLmT.exe
  C:\Windows\System\jHbxLmT.exe
  2⤵
  PID:6604
- C:\Windows\System\FKbczju.exe
  C:\Windows\System\FKbczju.exe
  2⤵
  PID:6540
- C:\Windows\System\JwloZHP.exe
  C:\Windows\System\JwloZHP.exe
  2⤵
  PID:6668
- C:\Windows\System\ADmwOrW.exe
  C:\Windows\System\ADmwOrW.exe
  2⤵
  PID:6708
- C:\Windows\System\ErOYstQ.exe
  C:\Windows\System\ErOYstQ.exe
  2⤵
  PID:6772
- C:\Windows\System\piammqH.exe
  C:\Windows\System\piammqH.exe
  2⤵
  PID:6836
- C:\Windows\System\bUeRyIU.exe
  C:\Windows\System\bUeRyIU.exe
  2⤵
  PID:6720
- C:\Windows\System\wbPlukZ.exe
  C:\Windows\System\wbPlukZ.exe
  2⤵
  PID:6816
- C:\Windows\System\rPjpnLL.exe
  C:\Windows\System\rPjpnLL.exe
  2⤵
  PID:6876
- C:\Windows\System\ivcOneI.exe
  C:\Windows\System\ivcOneI.exe
  2⤵
  PID:6940
- C:\Windows\System\qGQyDle.exe
  C:\Windows\System\qGQyDle.exe
  2⤵
  PID:7004
- C:\Windows\System\JvsCmYn.exe
  C:\Windows\System\JvsCmYn.exe
  2⤵
  PID:6984
- C:\Windows\System\KZsYWSR.exe
  C:\Windows\System\KZsYWSR.exe
  2⤵
  PID:7056
- C:\Windows\System\bsbUfOZ.exe
  C:\Windows\System\bsbUfOZ.exe
  2⤵
  PID:6888
- C:\Windows\System\PDIfkxN.exe
  C:\Windows\System\PDIfkxN.exe
  2⤵
  PID:6952
- C:\Windows\System\mTEJNjU.exe
  C:\Windows\System\mTEJNjU.exe
  2⤵
  PID:7112
- C:\Windows\System\AYPLATG.exe
  C:\Windows\System\AYPLATG.exe
  2⤵
  PID:5820
- C:\Windows\System\cbheCVm.exe
  C:\Windows\System\cbheCVm.exe
  2⤵
  PID:5664
- C:\Windows\System\XrfRkKd.exe
  C:\Windows\System\XrfRkKd.exe
  2⤵
  PID:6044
- C:\Windows\System\itSiPMD.exe
  C:\Windows\System\itSiPMD.exe
  2⤵
  PID:5356
- C:\Windows\System\gIgdwjQ.exe
  C:\Windows\System\gIgdwjQ.exe
  2⤵
  PID:6188
- C:\Windows\System\RxPofuS.exe
  C:\Windows\System\RxPofuS.exe
  2⤵
  PID:6288
- C:\Windows\System\webdXHo.exe
  C:\Windows\System\webdXHo.exe
  2⤵
  PID:6368
- C:\Windows\System\japwacD.exe
  C:\Windows\System\japwacD.exe
  2⤵
  PID:6340
- C:\Windows\System\mVFBFoq.exe
  C:\Windows\System\mVFBFoq.exe
  2⤵
  PID:6520
- C:\Windows\System\ETLAuLZ.exe
  C:\Windows\System\ETLAuLZ.exe
  2⤵
  PID:6508
- C:\Windows\System\mQDcBzd.exe
  C:\Windows\System\mQDcBzd.exe
  2⤵
  PID:6740
- C:\Windows\System\JeCJgSh.exe
  C:\Windows\System\JeCJgSh.exe
  2⤵
  PID:6872
- C:\Windows\System\ZdeFphv.exe
  C:\Windows\System\ZdeFphv.exe
  2⤵
  PID:6544
- C:\Windows\System\FpCgvDh.exe
  C:\Windows\System\FpCgvDh.exe
  2⤵
  PID:6972
- C:\Windows\System\ynGUiLs.exe
  C:\Windows\System\ynGUiLs.exe
  2⤵
  PID:6936
- C:\Windows\System\WDYJchH.exe
  C:\Windows\System\WDYJchH.exe
  2⤵
  PID:7100
- C:\Windows\System\DHZFBGi.exe
  C:\Windows\System\DHZFBGi.exe
  2⤵
  PID:6204
- C:\Windows\System\rWFpGAB.exe
  C:\Windows\System\rWFpGAB.exe
  2⤵
  PID:7096
- C:\Windows\System\IBMOasw.exe
  C:\Windows\System\IBMOasw.exe
  2⤵
  PID:6160
- C:\Windows\System\JTaWqtk.exe
  C:\Windows\System\JTaWqtk.exe
  2⤵
  PID:6352
- C:\Windows\System\BWKUWNG.exe
  C:\Windows\System\BWKUWNG.exe
  2⤵
  PID:6388
- C:\Windows\System\mAGsVmH.exe
  C:\Windows\System\mAGsVmH.exe
  2⤵
  PID:6620
- C:\Windows\System\qKWXggG.exe
  C:\Windows\System\qKWXggG.exe
  2⤵
  PID:6684
- C:\Windows\System\WYIfQdP.exe
  C:\Windows\System\WYIfQdP.exe
  2⤵
  PID:7000
- C:\Windows\System\QjUDRMG.exe
  C:\Windows\System\QjUDRMG.exe
  2⤵
  PID:7148
- C:\Windows\System\kThTsfy.exe
  C:\Windows\System\kThTsfy.exe
  2⤵
  PID:6920
- C:\Windows\System\hphxCjZ.exe
  C:\Windows\System\hphxCjZ.exe
  2⤵
  PID:6208
- C:\Windows\System\eXHnndd.exe
  C:\Windows\System\eXHnndd.exe
  2⤵
  PID:6268
- C:\Windows\System\XSBDYIZ.exe
  C:\Windows\System\XSBDYIZ.exe
  2⤵
  PID:6560
- C:\Windows\System\DYJmiPU.exe
  C:\Windows\System\DYJmiPU.exe
  2⤵
  PID:6444
- C:\Windows\System\YmXZiUM.exe
  C:\Windows\System\YmXZiUM.exe
  2⤵
  PID:6956
- C:\Windows\System\soUWKox.exe
  C:\Windows\System\soUWKox.exe
  2⤵
  PID:6752
- C:\Windows\System\UNAWrIi.exe
  C:\Windows\System\UNAWrIi.exe
  2⤵
  PID:7052
- C:\Windows\System\cuyuNSH.exe
  C:\Windows\System\cuyuNSH.exe
  2⤵
  PID:6572
- C:\Windows\System\cTWSfzy.exe
  C:\Windows\System\cTWSfzy.exe
  2⤵
  PID:6832
- C:\Windows\System\lOEnzUK.exe
  C:\Windows\System\lOEnzUK.exe
  2⤵
  PID:7136
- C:\Windows\System\PmFMhuP.exe
  C:\Windows\System\PmFMhuP.exe
  2⤵
  PID:6152
- C:\Windows\System\tywjSWv.exe
  C:\Windows\System\tywjSWv.exe
  2⤵
  PID:6400
- C:\Windows\System\EWOuEZt.exe
  C:\Windows\System\EWOuEZt.exe
  2⤵
  PID:7176
- C:\Windows\System\UomSNqU.exe
  C:\Windows\System\UomSNqU.exe
  2⤵
  PID:7216
- C:\Windows\System\nQgzBBK.exe
  C:\Windows\System\nQgzBBK.exe
  2⤵
  PID:7232
- C:\Windows\System\VIoSorJ.exe
  C:\Windows\System\VIoSorJ.exe
  2⤵
  PID:7248
- C:\Windows\System\GhxfqXs.exe
  C:\Windows\System\GhxfqXs.exe
  2⤵
  PID:7280
- C:\Windows\System\bpBSMRG.exe
  C:\Windows\System\bpBSMRG.exe
  2⤵
  PID:7372
- C:\Windows\System\qaPDDvu.exe
  C:\Windows\System\qaPDDvu.exe
  2⤵
  PID:7388
- C:\Windows\System\vpbvsIf.exe
  C:\Windows\System\vpbvsIf.exe
  2⤵
  PID:7404
- C:\Windows\System\CPBlDDC.exe
  C:\Windows\System\CPBlDDC.exe
  2⤵
  PID:7420
- C:\Windows\System\wWlODXk.exe
  C:\Windows\System\wWlODXk.exe
  2⤵
  PID:7440
- C:\Windows\System\oixztqg.exe
  C:\Windows\System\oixztqg.exe
  2⤵
  PID:7464
- C:\Windows\System\HFqpKpl.exe
  C:\Windows\System\HFqpKpl.exe
  2⤵
  PID:7480
- C:\Windows\System\aEMikPe.exe
  C:\Windows\System\aEMikPe.exe
  2⤵
  PID:7500
- C:\Windows\System\tIrABcp.exe
  C:\Windows\System\tIrABcp.exe
  2⤵
  PID:7516
- C:\Windows\System\ulageJf.exe
  C:\Windows\System\ulageJf.exe
  2⤵
  PID:7536
- C:\Windows\System\SyRphvF.exe
  C:\Windows\System\SyRphvF.exe
  2⤵
  PID:7552
- C:\Windows\System\qbKPWzk.exe
  C:\Windows\System\qbKPWzk.exe
  2⤵
  PID:7568
- C:\Windows\System\ujfhmsq.exe
  C:\Windows\System\ujfhmsq.exe
  2⤵
  PID:7584
- C:\Windows\System\uGCDciE.exe
  C:\Windows\System\uGCDciE.exe
  2⤵
  PID:7600
- C:\Windows\System\tXujspi.exe
  C:\Windows\System\tXujspi.exe
  2⤵
  PID:7616
- C:\Windows\System\EJfdgfs.exe
  C:\Windows\System\EJfdgfs.exe
  2⤵
  PID:7632
- C:\Windows\System\WoBLIrI.exe
  C:\Windows\System\WoBLIrI.exe
  2⤵
  PID:7648
- C:\Windows\System\WoIKUXk.exe
  C:\Windows\System\WoIKUXk.exe
  2⤵
  PID:7664
- C:\Windows\System\PtuYeZy.exe
  C:\Windows\System\PtuYeZy.exe
  2⤵
  PID:7680
- C:\Windows\System\lyFApsx.exe
  C:\Windows\System\lyFApsx.exe
  2⤵
  PID:7696
- C:\Windows\System\zmyCufZ.exe
  C:\Windows\System\zmyCufZ.exe
  2⤵
  PID:7716
- C:\Windows\System\ffLQjLz.exe
  C:\Windows\System\ffLQjLz.exe
  2⤵
  PID:7732
- C:\Windows\System\idwLXfn.exe
  C:\Windows\System\idwLXfn.exe
  2⤵
  PID:7748
- C:\Windows\System\YMjvpjn.exe
  C:\Windows\System\YMjvpjn.exe
  2⤵
  PID:7764
- C:\Windows\System\OanKTXY.exe
  C:\Windows\System\OanKTXY.exe
  2⤵
  PID:7780
- C:\Windows\System\zexhKjH.exe
  C:\Windows\System\zexhKjH.exe
  2⤵
  PID:7796
- C:\Windows\System\dimgsVT.exe
  C:\Windows\System\dimgsVT.exe
  2⤵
  PID:7816
- C:\Windows\System\minvJYb.exe
  C:\Windows\System\minvJYb.exe
  2⤵
  PID:7832
- C:\Windows\System\iWfMfNI.exe
  C:\Windows\System\iWfMfNI.exe
  2⤵
  PID:7848
- C:\Windows\System\zJGWbko.exe
  C:\Windows\System\zJGWbko.exe
  2⤵
  PID:7864
- C:\Windows\System\UUGxmgC.exe
  C:\Windows\System\UUGxmgC.exe
  2⤵
  PID:7892
- C:\Windows\System\ZcydZaR.exe
  C:\Windows\System\ZcydZaR.exe
  2⤵
  PID:7908
- C:\Windows\System\rPYIKQm.exe
  C:\Windows\System\rPYIKQm.exe
  2⤵
  PID:7924
- C:\Windows\System\HuMMLUD.exe
  C:\Windows\System\HuMMLUD.exe
  2⤵
  PID:7988
- C:\Windows\System\iIOGBtO.exe
  C:\Windows\System\iIOGBtO.exe
  2⤵
  PID:8008
- C:\Windows\System\jnRQoXF.exe
  C:\Windows\System\jnRQoXF.exe
  2⤵
  PID:8024
- C:\Windows\System\uzqpfdP.exe
  C:\Windows\System\uzqpfdP.exe
  2⤵
  PID:8040
- C:\Windows\System\lMkOVcd.exe
  C:\Windows\System\lMkOVcd.exe
  2⤵
  PID:8056
- C:\Windows\System\PPWHHxA.exe
  C:\Windows\System\PPWHHxA.exe
  2⤵
  PID:8072
- C:\Windows\System\xWDCSkw.exe
  C:\Windows\System\xWDCSkw.exe
  2⤵
  PID:8088
- C:\Windows\System\BWUrtuE.exe
  C:\Windows\System\BWUrtuE.exe
  2⤵
  PID:8104
- C:\Windows\System\LoSypZD.exe
  C:\Windows\System\LoSypZD.exe
  2⤵
  PID:8120
- C:\Windows\System\wNDSheR.exe
  C:\Windows\System\wNDSheR.exe
  2⤵
  PID:8136
- C:\Windows\System\uWIAiJe.exe
  C:\Windows\System\uWIAiJe.exe
  2⤵
  PID:8152
- C:\Windows\System\koZhxRG.exe
  C:\Windows\System\koZhxRG.exe
  2⤵
  PID:8168
- C:\Windows\System\NJWRuEz.exe
  C:\Windows\System\NJWRuEz.exe
  2⤵
  PID:8184
- C:\Windows\System\jQbKSUQ.exe
  C:\Windows\System\jQbKSUQ.exe
  2⤵
  PID:7020
- C:\Windows\System\lOmAKwm.exe
  C:\Windows\System\lOmAKwm.exe
  2⤵
  PID:7192
- C:\Windows\System\kdBiDZx.exe
  C:\Windows\System\kdBiDZx.exe
  2⤵
  PID:7200
- C:\Windows\System\laoypjf.exe
  C:\Windows\System\laoypjf.exe
  2⤵
  PID:7240
- C:\Windows\System\OMoHRmC.exe
  C:\Windows\System\OMoHRmC.exe
  2⤵
  PID:7172
- C:\Windows\System\CHrIXuB.exe
  C:\Windows\System\CHrIXuB.exe
  2⤵
  PID:6416
- C:\Windows\System\rpwzmTR.exe
  C:\Windows\System\rpwzmTR.exe
  2⤵
  PID:7272
- C:\Windows\System\UpMSXuB.exe
  C:\Windows\System\UpMSXuB.exe
  2⤵
  PID:7300
- C:\Windows\System\ZGjvFCs.exe
  C:\Windows\System\ZGjvFCs.exe
  2⤵
  PID:7316
- C:\Windows\System\xlzTCwi.exe
  C:\Windows\System\xlzTCwi.exe
  2⤵
  PID:7332
- C:\Windows\System\QuogCqn.exe
  C:\Windows\System\QuogCqn.exe
  2⤵
  PID:7348
- C:\Windows\System\lsGScvc.exe
  C:\Windows\System\lsGScvc.exe
  2⤵
  PID:7364
- C:\Windows\System\iERaRja.exe
  C:\Windows\System\iERaRja.exe
  2⤵
  PID:7396
- C:\Windows\System\jjjsMLj.exe
  C:\Windows\System\jjjsMLj.exe
  2⤵
  PID:7448
- C:\Windows\System\HoRtuEi.exe
  C:\Windows\System\HoRtuEi.exe
  2⤵
  PID:7472
- C:\Windows\System\jvpdbCJ.exe
  C:\Windows\System\jvpdbCJ.exe
  2⤵
  PID:7508
- C:\Windows\System\lOnhBYH.exe
  C:\Windows\System\lOnhBYH.exe
  2⤵
  PID:7524
- C:\Windows\System\fOCZFoQ.exe
  C:\Windows\System\fOCZFoQ.exe
  2⤵
  PID:7576
- C:\Windows\System\ufpswJS.exe
  C:\Windows\System\ufpswJS.exe
  2⤵
  PID:7640
- C:\Windows\System\eMQjxxZ.exe
  C:\Windows\System\eMQjxxZ.exe
  2⤵
  PID:7688
- C:\Windows\System\iIfmCWF.exe
  C:\Windows\System\iIfmCWF.exe
  2⤵
  PID:7624
- C:\Windows\System\KlszFXg.exe
  C:\Windows\System\KlszFXg.exe
  2⤵
  PID:7704
- C:\Windows\System\zjFORaD.exe
  C:\Windows\System\zjFORaD.exe
  2⤵
  PID:7728
- C:\Windows\System\XYJYMCt.exe
  C:\Windows\System\XYJYMCt.exe
  2⤵
  PID:7792
- C:\Windows\System\yEyYzYY.exe
  C:\Windows\System\yEyYzYY.exe
  2⤵
  PID:7772
- C:\Windows\System\DdIoYYX.exe
  C:\Windows\System\DdIoYYX.exe
  2⤵
  PID:7844
- C:\Windows\System\ZaQTAJV.exe
  C:\Windows\System\ZaQTAJV.exe
  2⤵
  PID:7860
- C:\Windows\System\HSDMjRW.exe
  C:\Windows\System\HSDMjRW.exe
  2⤵
  PID:7884
- C:\Windows\System\QEMnnpp.exe
  C:\Windows\System\QEMnnpp.exe
  2⤵
  PID:7920
- C:\Windows\System\uHKvyFq.exe
  C:\Windows\System\uHKvyFq.exe
  2⤵
  PID:7944
- C:\Windows\System\IuhhVRO.exe
  C:\Windows\System\IuhhVRO.exe
  2⤵
  PID:7968
- C:\Windows\System\OrUmxSz.exe
  C:\Windows\System\OrUmxSz.exe
  2⤵
  PID:7980
- C:\Windows\System\EgIoDuO.exe
  C:\Windows\System\EgIoDuO.exe
  2⤵
  PID:8000
- C:\Windows\System\Xofssrd.exe
  C:\Windows\System\Xofssrd.exe
  2⤵
  PID:8064
- C:\Windows\System\cvktPUf.exe
  C:\Windows\System\cvktPUf.exe
  2⤵
  PID:8084
- C:\Windows\System\qmFxAZm.exe
  C:\Windows\System\qmFxAZm.exe
  2⤵
  PID:8100
- C:\Windows\System\txxfmMp.exe
  C:\Windows\System\txxfmMp.exe
  2⤵
  PID:8128
- C:\Windows\System\SusMzCL.exe
  C:\Windows\System\SusMzCL.exe
  2⤵
  PID:8180
- C:\Windows\System\wVgIpwl.exe
  C:\Windows\System\wVgIpwl.exe
  2⤵
  PID:6724
- C:\Windows\System\EgNTRDc.exe
  C:\Windows\System\EgNTRDc.exe
  2⤵
  PID:7208
- C:\Windows\System\IEEMPDQ.exe
  C:\Windows\System\IEEMPDQ.exe
  2⤵
  PID:6852
- C:\Windows\System\qRYGSGV.exe
  C:\Windows\System\qRYGSGV.exe
  2⤵
  PID:7312
- C:\Windows\System\YJWgORO.exe
  C:\Windows\System\YJWgORO.exe
  2⤵
  PID:7340
- C:\Windows\System\CQzVqll.exe
  C:\Windows\System\CQzVqll.exe
  2⤵
  PID:7416
- C:\Windows\System\rZBmJMt.exe
  C:\Windows\System\rZBmJMt.exe
  2⤵
  PID:7488
- C:\Windows\System\XIecgcM.exe
  C:\Windows\System\XIecgcM.exe
  2⤵
  PID:7492
- C:\Windows\System\lqagBHs.exe
  C:\Windows\System\lqagBHs.exe
  2⤵
  PID:7612
- C:\Windows\System\amvpFlv.exe
  C:\Windows\System\amvpFlv.exe
  2⤵
  PID:7660
- C:\Windows\System\kVCHtrS.exe
  C:\Windows\System\kVCHtrS.exe
  2⤵
  PID:7760
- C:\Windows\System\bCKnjWJ.exe
  C:\Windows\System\bCKnjWJ.exe
  2⤵
  PID:7840
- C:\Windows\System\CdmCpKd.exe
  C:\Windows\System\CdmCpKd.exe
  2⤵
  PID:7740
- C:\Windows\System\BSUocNp.exe
  C:\Windows\System\BSUocNp.exe
  2⤵
  PID:7904
- C:\Windows\System\AudWUHU.exe
  C:\Windows\System\AudWUHU.exe
  2⤵
  PID:7952
- C:\Windows\System\WPQUiag.exe
  C:\Windows\System\WPQUiag.exe
  2⤵
  PID:7976
- C:\Windows\System\LGxeAyi.exe
  C:\Windows\System\LGxeAyi.exe
  2⤵
  PID:8032
- C:\Windows\System\FWfChWB.exe
  C:\Windows\System\FWfChWB.exe
  2⤵
  PID:8132
- C:\Windows\System\PjZuvDF.exe
  C:\Windows\System\PjZuvDF.exe
  2⤵
  PID:8160
- C:\Windows\System\qqQzvef.exe
  C:\Windows\System\qqQzvef.exe
  2⤵
  PID:7256
- C:\Windows\System\oDMwEzd.exe
  C:\Windows\System\oDMwEzd.exe
  2⤵
  PID:7324
- C:\Windows\System\UBTMXuj.exe
  C:\Windows\System\UBTMXuj.exe
  2⤵
  PID:7380
- C:\Windows\System\DfQjWdT.exe
  C:\Windows\System\DfQjWdT.exe
  2⤵
  PID:7436
- C:\Windows\System\QHRfNdq.exe
  C:\Windows\System\QHRfNdq.exe
  2⤵
  PID:7608
- C:\Windows\System\GnrXFnD.exe
  C:\Windows\System\GnrXFnD.exe
  2⤵
  PID:7496
- C:\Windows\System\RsAqHHy.exe
  C:\Windows\System\RsAqHHy.exe
  2⤵
  PID:7880
- C:\Windows\System\WAWOGaa.exe
  C:\Windows\System\WAWOGaa.exe
  2⤵
  PID:7888
- C:\Windows\System\iTdbxDf.exe
  C:\Windows\System\iTdbxDf.exe
  2⤵
  PID:8080
- C:\Windows\System\rRGUspy.exe
  C:\Windows\System\rRGUspy.exe
  2⤵
  PID:8164
- C:\Windows\System\gTwhsQc.exe
  C:\Windows\System\gTwhsQc.exe
  2⤵
  PID:7384
- C:\Windows\System\YWVvBFR.exe
  C:\Windows\System\YWVvBFR.exe
  2⤵
  PID:7956
- C:\Windows\System\KqmdMAr.exe
  C:\Windows\System\KqmdMAr.exe
  2⤵
  PID:8004
- C:\Windows\System\GSSNwGR.exe
  C:\Windows\System\GSSNwGR.exe
  2⤵
  PID:7824
- C:\Windows\System\uPIVYIt.exe
  C:\Windows\System\uPIVYIt.exe
  2⤵
  PID:8052
- C:\Windows\System\lXKBbdl.exe
  C:\Windows\System\lXKBbdl.exe
  2⤵
  PID:7456
- C:\Windows\System\bqxgLze.exe
  C:\Windows\System\bqxgLze.exe
  2⤵
  PID:7776
- C:\Windows\System\qbvEiEt.exe
  C:\Windows\System\qbvEiEt.exe
  2⤵
  PID:8228
- C:\Windows\System\YGpxxyz.exe
  C:\Windows\System\YGpxxyz.exe
  2⤵
  PID:8248
- C:\Windows\System\JMlgIAT.exe
  C:\Windows\System\JMlgIAT.exe
  2⤵
  PID:8272
- C:\Windows\System\NugwwlO.exe
  C:\Windows\System\NugwwlO.exe
  2⤵
  PID:8288
- C:\Windows\System\qconuvg.exe
  C:\Windows\System\qconuvg.exe
  2⤵
  PID:8316
- C:\Windows\System\VjKOhuF.exe
  C:\Windows\System\VjKOhuF.exe
  2⤵
  PID:8332
- C:\Windows\System\JzXJhgl.exe
  C:\Windows\System\JzXJhgl.exe
  2⤵
  PID:8348
- C:\Windows\System\DKFUrDH.exe
  C:\Windows\System\DKFUrDH.exe
  2⤵
  PID:8364
- C:\Windows\System\nBIBVFP.exe
  C:\Windows\System\nBIBVFP.exe
  2⤵
  PID:8380
- C:\Windows\System\OXmjhFv.exe
  C:\Windows\System\OXmjhFv.exe
  2⤵
  PID:8396
- C:\Windows\System\EceUVEj.exe
  C:\Windows\System\EceUVEj.exe
  2⤵
  PID:8412
- C:\Windows\System\wleQAyL.exe
  C:\Windows\System\wleQAyL.exe
  2⤵
  PID:8428
- C:\Windows\System\Ovfztuu.exe
  C:\Windows\System\Ovfztuu.exe
  2⤵
  PID:8444
- C:\Windows\System\ILRnqlf.exe
  C:\Windows\System\ILRnqlf.exe
  2⤵
  PID:8460
- C:\Windows\System\kynaaVR.exe
  C:\Windows\System\kynaaVR.exe
  2⤵
  PID:8476
- C:\Windows\System\LIFPziU.exe
  C:\Windows\System\LIFPziU.exe
  2⤵
  PID:8492
- C:\Windows\System\nCkBDSj.exe
  C:\Windows\System\nCkBDSj.exe
  2⤵
  PID:8508
- C:\Windows\System\BfAkOUT.exe
  C:\Windows\System\BfAkOUT.exe
  2⤵
  PID:8524
- C:\Windows\System\RXGTGOa.exe
  C:\Windows\System\RXGTGOa.exe
  2⤵
  PID:8540
- C:\Windows\System\pVwyiPZ.exe
  C:\Windows\System\pVwyiPZ.exe
  2⤵
  PID:8556
- C:\Windows\System\WhUiKwh.exe
  C:\Windows\System\WhUiKwh.exe
  2⤵
  PID:8572
- C:\Windows\System\xtKtCZa.exe
  C:\Windows\System\xtKtCZa.exe
  2⤵
  PID:8588
- C:\Windows\System\vEEmzdZ.exe
  C:\Windows\System\vEEmzdZ.exe
  2⤵
  PID:8604
- C:\Windows\System\aDgnqsd.exe
  C:\Windows\System\aDgnqsd.exe
  2⤵
  PID:8620
- C:\Windows\System\YbnDWOy.exe
  C:\Windows\System\YbnDWOy.exe
  2⤵
  PID:8636
- C:\Windows\System\GoMNztH.exe
  C:\Windows\System\GoMNztH.exe
  2⤵
  PID:8652
- C:\Windows\System\WRSEOjc.exe
  C:\Windows\System\WRSEOjc.exe
  2⤵
  PID:8668
- C:\Windows\System\xAPSwMx.exe
  C:\Windows\System\xAPSwMx.exe
  2⤵
  PID:8684
- C:\Windows\System\NcoeWrA.exe
  C:\Windows\System\NcoeWrA.exe
  2⤵
  PID:8700
- C:\Windows\System\WeHWneT.exe
  C:\Windows\System\WeHWneT.exe
  2⤵
  PID:8720
- C:\Windows\System\PGVmQEJ.exe
  C:\Windows\System\PGVmQEJ.exe
  2⤵
  PID:8740
- C:\Windows\System\wymFMlp.exe
  C:\Windows\System\wymFMlp.exe
  2⤵
  PID:8756
- C:\Windows\System\FVFySOs.exe
  C:\Windows\System\FVFySOs.exe
  2⤵
  PID:8772
- C:\Windows\System\VOyOZVC.exe
  C:\Windows\System\VOyOZVC.exe
  2⤵
  PID:8788
- C:\Windows\System\XOqHOXY.exe
  C:\Windows\System\XOqHOXY.exe
  2⤵
  PID:8804
- C:\Windows\System\JMZnasF.exe
  C:\Windows\System\JMZnasF.exe
  2⤵
  PID:8820
- C:\Windows\System\IyahpMe.exe
  C:\Windows\System\IyahpMe.exe
  2⤵
  PID:8836
- C:\Windows\System\HpUjvhQ.exe
  C:\Windows\System\HpUjvhQ.exe
  2⤵
  PID:8852
- C:\Windows\System\IyztxvV.exe
  C:\Windows\System\IyztxvV.exe
  2⤵
  PID:8868
- C:\Windows\System\eFnOzYQ.exe
  C:\Windows\System\eFnOzYQ.exe
  2⤵
  PID:8892
- C:\Windows\System\AsCGYzY.exe
  C:\Windows\System\AsCGYzY.exe
  2⤵
  PID:8924
- C:\Windows\System\XeMobfL.exe
  C:\Windows\System\XeMobfL.exe
  2⤵
  PID:8948
- C:\Windows\System\hFHtmAz.exe
  C:\Windows\System\hFHtmAz.exe
  2⤵
  PID:8972
- C:\Windows\System\cSteFtP.exe
  C:\Windows\System\cSteFtP.exe
  2⤵
  PID:9004
- C:\Windows\System\MYlTkdI.exe
  C:\Windows\System\MYlTkdI.exe
  2⤵
  PID:9032
- C:\Windows\System\HeQpSXO.exe
  C:\Windows\System\HeQpSXO.exe
  2⤵
  PID:9052
- C:\Windows\System\wPAxNiG.exe
  C:\Windows\System\wPAxNiG.exe
  2⤵
  PID:9072
- C:\Windows\System\jpxVPJm.exe
  C:\Windows\System\jpxVPJm.exe
  2⤵
  PID:9092
- C:\Windows\System\VyoOHTn.exe
  C:\Windows\System\VyoOHTn.exe
  2⤵
  PID:9120
- C:\Windows\System\WNyzzxe.exe
  C:\Windows\System\WNyzzxe.exe
  2⤵
  PID:9168
- C:\Windows\System\tHjeDTW.exe
  C:\Windows\System\tHjeDTW.exe
  2⤵
  PID:9196
- C:\Windows\System\PyVKfUQ.exe
  C:\Windows\System\PyVKfUQ.exe
  2⤵
  PID:9212
- C:\Windows\System\MtPKLbD.exe
  C:\Windows\System\MtPKLbD.exe
  2⤵
  PID:8584
- C:\Windows\System\jutyAyu.exe
  C:\Windows\System\jutyAyu.exe
  2⤵
  PID:8692
- C:\Windows\System\lnGSkRH.exe
  C:\Windows\System\lnGSkRH.exe
  2⤵
  PID:8736
- C:\Windows\System\qvkjSXO.exe
  C:\Windows\System\qvkjSXO.exe
  2⤵
  PID:8800
- C:\Windows\System\gqrJZoU.exe
  C:\Windows\System\gqrJZoU.exe
  2⤵
  PID:8828
- C:\Windows\System\CKBhdHN.exe
  C:\Windows\System\CKBhdHN.exe
  2⤵
  PID:8932
- C:\Windows\System\nWiGAPa.exe
  C:\Windows\System\nWiGAPa.exe
  2⤵
  PID:8988
- C:\Windows\System\kXMMqmu.exe
  C:\Windows\System\kXMMqmu.exe
  2⤵
  PID:8968
- C:\Windows\System\laAXfwU.exe
  C:\Windows\System\laAXfwU.exe
  2⤵
  PID:8916
- C:\Windows\System\BGPqUVu.exe
  C:\Windows\System\BGPqUVu.exe
  2⤵
  PID:9080
- C:\Windows\System\ymyrUFc.exe
  C:\Windows\System\ymyrUFc.exe
  2⤵
  PID:9100
- C:\Windows\System\leIGjUs.exe
  C:\Windows\System\leIGjUs.exe
  2⤵
  PID:9136
- C:\Windows\System\xWFmytg.exe
  C:\Windows\System\xWFmytg.exe
  2⤵
  PID:9152
- C:\Windows\System\DYxoJfy.exe
  C:\Windows\System\DYxoJfy.exe
  2⤵
  PID:9180
- C:\Windows\System\eukIjlx.exe
  C:\Windows\System\eukIjlx.exe
  2⤵
  PID:7276
- C:\Windows\System\IKgOpTd.exe
  C:\Windows\System\IKgOpTd.exe
  2⤵
  PID:8216
- C:\Windows\System\ygBrbgA.exe
  C:\Windows\System\ygBrbgA.exe
  2⤵
  PID:8220
- C:\Windows\System\BkBVoWO.exe
  C:\Windows\System\BkBVoWO.exe
  2⤵
  PID:8404
- C:\Windows\System\hXFeCYK.exe
  C:\Windows\System\hXFeCYK.exe
  2⤵
  PID:8420
- C:\Windows\System\kyFjKEi.exe
  C:\Windows\System\kyFjKEi.exe
  2⤵
  PID:8516
- C:\Windows\System\eamlqox.exe
  C:\Windows\System\eamlqox.exe
  2⤵
  PID:8452
- C:\Windows\System\jkpYWWB.exe
  C:\Windows\System\jkpYWWB.exe
  2⤵
  PID:8312
- C:\Windows\System\gaTwkdS.exe
  C:\Windows\System\gaTwkdS.exe
  2⤵
  PID:8468
- C:\Windows\System\lKnHOVE.exe
  C:\Windows\System\lKnHOVE.exe
  2⤵
  PID:8552
- C:\Windows\System\FwSNAAH.exe
  C:\Windows\System\FwSNAAH.exe
  2⤵
  PID:8884
- C:\Windows\System\rDEhZoj.exe
  C:\Windows\System\rDEhZoj.exe
  2⤵
  PID:8676
- C:\Windows\System\vYNuPjZ.exe
  C:\Windows\System\vYNuPjZ.exe
  2⤵
  PID:8628
- C:\Windows\System\ggHzYWQ.exe
  C:\Windows\System\ggHzYWQ.exe
  2⤵
  PID:8732
- C:\Windows\System\XrrZueV.exe
  C:\Windows\System\XrrZueV.exe
  2⤵
  PID:8816
- C:\Windows\System\XcQdWMn.exe
  C:\Windows\System\XcQdWMn.exe
  2⤵
  PID:8880
- C:\Windows\System\QsfWByw.exe
  C:\Windows\System\QsfWByw.exe
  2⤵
  PID:8940
- C:\Windows\System\aNqbndK.exe
  C:\Windows\System\aNqbndK.exe
  2⤵
  PID:9040
- C:\Windows\System\gnAMRNH.exe
  C:\Windows\System\gnAMRNH.exe
  2⤵
  PID:9048
- C:\Windows\System\qZKSXXS.exe
  C:\Windows\System\qZKSXXS.exe
  2⤵
  PID:8960
- C:\Windows\System\rnxFzZE.exe
  C:\Windows\System\rnxFzZE.exe
  2⤵
  PID:8964
- C:\Windows\System\kdWIpXQ.exe
  C:\Windows\System\kdWIpXQ.exe
  2⤵
  PID:7876
- C:\Windows\System\HhNzkrr.exe
  C:\Windows\System\HhNzkrr.exe
  2⤵
  PID:9148
- C:\Windows\System\CGnpfuv.exe
  C:\Windows\System\CGnpfuv.exe
  2⤵
  PID:8244
- C:\Windows\System\MsbodJl.exe
  C:\Windows\System\MsbodJl.exe
  2⤵
  PID:7596
- C:\Windows\System\eLZzKCR.exe
  C:\Windows\System\eLZzKCR.exe
  2⤵
  PID:8204
- C:\Windows\System\yaxtRzf.exe
  C:\Windows\System\yaxtRzf.exe
  2⤵
  PID:8356
- C:\Windows\System\zaDSuRf.exe
  C:\Windows\System\zaDSuRf.exe
  2⤵
  PID:8196
- C:\Windows\System\JoTtUHM.exe
  C:\Windows\System\JoTtUHM.exe
  2⤵
  PID:7296
- C:\Windows\System\OimBovV.exe
  C:\Windows\System\OimBovV.exe
  2⤵
  PID:8260
- C:\Windows\System\HzjVWHU.exe
  C:\Windows\System\HzjVWHU.exe
  2⤵
  PID:8484
- C:\Windows\System\InSDhvH.exe
  C:\Windows\System\InSDhvH.exe
  2⤵
  PID:8392
- C:\Windows\System\qEryzuQ.exe
  C:\Windows\System\qEryzuQ.exe
  2⤵
  PID:8564
- C:\Windows\System\GROBYXD.exe
  C:\Windows\System\GROBYXD.exe
  2⤵
  PID:8708
- C:\Windows\System\nGorsVs.exe
  C:\Windows\System\nGorsVs.exe
  2⤵
  PID:8752
- C:\Windows\System\vZTASQq.exe
  C:\Windows\System\vZTASQq.exe
  2⤵
  PID:8876
- C:\Windows\System\IPVMoUj.exe
  C:\Windows\System\IPVMoUj.exe
  2⤵
  PID:8904
- C:\Windows\System\dDxJSQO.exe
  C:\Windows\System\dDxJSQO.exe
  2⤵
  PID:8764
- C:\Windows\System\IuWFXYp.exe
  C:\Windows\System\IuWFXYp.exe
  2⤵
  PID:9060
- C:\Windows\System\FyWqkrw.exe
  C:\Windows\System\FyWqkrw.exe
  2⤵
  PID:9064
- C:\Windows\System\gmpWNWz.exe
  C:\Windows\System\gmpWNWz.exe
  2⤵
  PID:9184
- C:\Windows\System\XJeekws.exe
  C:\Windows\System\XJeekws.exe
  2⤵
  PID:6848
- C:\Windows\System\BOGZBGB.exe
  C:\Windows\System\BOGZBGB.exe
  2⤵
  PID:8328
- C:\Windows\System\YzEiOgQ.exe
  C:\Windows\System\YzEiOgQ.exe
  2⤵
  PID:8224
- C:\Windows\System\BjVpdLO.exe
  C:\Windows\System\BjVpdLO.exe
  2⤵
  PID:8376
- C:\Windows\System\AQArRKc.exe
  C:\Windows\System\AQArRKc.exe
  2⤵
  PID:8388
- C:\Windows\System\gumUeXC.exe
  C:\Windows\System\gumUeXC.exe
  2⤵
  PID:8504
- C:\Windows\System\geirhaM.exe
  C:\Windows\System\geirhaM.exe
  2⤵
  PID:8520
- C:\Windows\System\hVVcImn.exe
  C:\Windows\System\hVVcImn.exe
  2⤵
  PID:8600
- C:\Windows\System\VGwiNgL.exe
  C:\Windows\System\VGwiNgL.exe
  2⤵
  PID:9044
- C:\Windows\System\CsvyHcD.exe
  C:\Windows\System\CsvyHcD.exe
  2⤵
  PID:8900
- C:\Windows\System\rENYGxz.exe
  C:\Windows\System\rENYGxz.exe
  2⤵
  PID:9160
- C:\Windows\System\MfQPsCP.exe
  C:\Windows\System\MfQPsCP.exe
  2⤵
  PID:8372
- C:\Windows\System\zfFsNxJ.exe
  C:\Windows\System\zfFsNxJ.exe
  2⤵
  PID:8500
- C:\Windows\System\AIOFBLT.exe
  C:\Windows\System\AIOFBLT.exe
  2⤵
  PID:8728
- C:\Windows\System\YmHxgXR.exe
  C:\Windows\System\YmHxgXR.exe
  2⤵
  PID:9068
- C:\Windows\System\gjmHEtn.exe
  C:\Windows\System\gjmHEtn.exe
  2⤵
  PID:9024
- C:\Windows\System\wBNLLQG.exe
  C:\Windows\System\wBNLLQG.exe
  2⤵
  PID:9132
- C:\Windows\System\wWPPuHZ.exe
  C:\Windows\System\wWPPuHZ.exe
  2⤵
  PID:8308
- C:\Windows\System\rHqaxBt.exe
  C:\Windows\System\rHqaxBt.exe
  2⤵
  PID:8304
- C:\Windows\System\GOCmjuT.exe
  C:\Windows\System\GOCmjuT.exe
  2⤵
  PID:8284
- C:\Windows\System\TSwoYKF.exe
  C:\Windows\System\TSwoYKF.exe
  2⤵
  PID:8996
- C:\Windows\System\bHfnrKl.exe
  C:\Windows\System\bHfnrKl.exe
  2⤵
  PID:9108
- C:\Windows\System\OBGvOVA.exe
  C:\Windows\System\OBGvOVA.exe
  2⤵
  PID:8408
- C:\Windows\System\uFWzCZD.exe
  C:\Windows\System\uFWzCZD.exe
  2⤵
  PID:8680
- C:\Windows\System\GszMBEu.exe
  C:\Windows\System\GszMBEu.exe
  2⤵
  PID:8780
- C:\Windows\System\lDXzLTr.exe
  C:\Windows\System\lDXzLTr.exe
  2⤵
  PID:9220
- C:\Windows\System\gLQTGFo.exe
  C:\Windows\System\gLQTGFo.exe
  2⤵
  PID:9244
- C:\Windows\System\RIwTqzK.exe
  C:\Windows\System\RIwTqzK.exe
  2⤵
  PID:9264
- C:\Windows\System\RqayjHf.exe
  C:\Windows\System\RqayjHf.exe
  2⤵
  PID:9280
- C:\Windows\System\jEDPXfx.exe
  C:\Windows\System\jEDPXfx.exe
  2⤵
  PID:9300
- C:\Windows\System\niGdOsp.exe
  C:\Windows\System\niGdOsp.exe
  2⤵
  PID:9320
- C:\Windows\System\ahIXbWH.exe
  C:\Windows\System\ahIXbWH.exe
  2⤵
  PID:9336
- C:\Windows\System\PdfVFXx.exe
  C:\Windows\System\PdfVFXx.exe
  2⤵
  PID:9360
- C:\Windows\System\AcJTxgs.exe
  C:\Windows\System\AcJTxgs.exe
  2⤵
  PID:9380
- C:\Windows\System\xZKOvWM.exe
  C:\Windows\System\xZKOvWM.exe
  2⤵
  PID:9396
- C:\Windows\System\JxkWWbN.exe
  C:\Windows\System\JxkWWbN.exe
  2⤵
  PID:9416
- C:\Windows\System\eXjUjQf.exe
  C:\Windows\System\eXjUjQf.exe
  2⤵
  PID:9432
- C:\Windows\System\ZmFkdOl.exe
  C:\Windows\System\ZmFkdOl.exe
  2⤵
  PID:9460
- C:\Windows\System\VYMHlhD.exe
  C:\Windows\System\VYMHlhD.exe
  2⤵
  PID:9480
- C:\Windows\System\hmbvMmH.exe
  C:\Windows\System\hmbvMmH.exe
  2⤵
  PID:9512
- C:\Windows\System\FiHTLqX.exe
  C:\Windows\System\FiHTLqX.exe
  2⤵
  PID:9536
- C:\Windows\System\Hyhiyzc.exe
  C:\Windows\System\Hyhiyzc.exe
  2⤵
  PID:9556
- C:\Windows\System\FvOaNOA.exe
  C:\Windows\System\FvOaNOA.exe
  2⤵
  PID:9576
- C:\Windows\System\KCLtcTO.exe
  C:\Windows\System\KCLtcTO.exe
  2⤵
  PID:9596
- C:\Windows\System\HHxorom.exe
  C:\Windows\System\HHxorom.exe
  2⤵
  PID:9612
- C:\Windows\System\AMuOzDY.exe
  C:\Windows\System\AMuOzDY.exe
  2⤵
  PID:9632
- C:\Windows\System\LfwtFJu.exe
  C:\Windows\System\LfwtFJu.exe
  2⤵
  PID:9648
- C:\Windows\System\EIKyxvr.exe
  C:\Windows\System\EIKyxvr.exe
  2⤵
  PID:9664
- C:\Windows\System\RVmnDzt.exe
  C:\Windows\System\RVmnDzt.exe
  2⤵
  PID:9680
- C:\Windows\System\zUTkihM.exe
  C:\Windows\System\zUTkihM.exe
  2⤵
  PID:9700
- C:\Windows\System\mMvZAvY.exe
  C:\Windows\System\mMvZAvY.exe
  2⤵
  PID:9716
- C:\Windows\System\cFDclTm.exe
  C:\Windows\System\cFDclTm.exe
  2⤵
  PID:9764
- C:\Windows\System\MyqeaWA.exe
  C:\Windows\System\MyqeaWA.exe
  2⤵
  PID:9780
- C:\Windows\System\QbIojMN.exe
  C:\Windows\System\QbIojMN.exe
  2⤵
  PID:9796
- C:\Windows\System\XwExHWq.exe
  C:\Windows\System\XwExHWq.exe
  2⤵
  PID:9816
- C:\Windows\System\GgTEwgi.exe
  C:\Windows\System\GgTEwgi.exe
  2⤵
  PID:9832
- C:\Windows\System\IPTaLSz.exe
  C:\Windows\System\IPTaLSz.exe
  2⤵
  PID:9864
- C:\Windows\System\LlOJJhp.exe
  C:\Windows\System\LlOJJhp.exe
  2⤵
  PID:9880
- C:\Windows\System\YHJLgMt.exe
  C:\Windows\System\YHJLgMt.exe
  2⤵
  PID:9900
- C:\Windows\System\xXhwoEx.exe
  C:\Windows\System\xXhwoEx.exe
  2⤵
  PID:9920
- C:\Windows\System\oAVZmBf.exe
  C:\Windows\System\oAVZmBf.exe
  2⤵
  PID:9936
- C:\Windows\System\SBEmqUf.exe
  C:\Windows\System\SBEmqUf.exe
  2⤵
  PID:9956
- C:\Windows\System\AltjbNk.exe
  C:\Windows\System\AltjbNk.exe
  2⤵
  PID:9980
- C:\Windows\System\RwRPgCA.exe
  C:\Windows\System\RwRPgCA.exe
  2⤵
  PID:10008
- C:\Windows\System\NDSyiyq.exe
  C:\Windows\System\NDSyiyq.exe
  2⤵
  PID:10024
- C:\Windows\System\PQIEhVt.exe
  C:\Windows\System\PQIEhVt.exe
  2⤵
  PID:10044
- C:\Windows\System\KOwanML.exe
  C:\Windows\System\KOwanML.exe
  2⤵
  PID:10060
- C:\Windows\System\NSShQmp.exe
  C:\Windows\System\NSShQmp.exe
  2⤵
  PID:10076
- C:\Windows\System\pbUOdJc.exe
  C:\Windows\System\pbUOdJc.exe
  2⤵
  PID:10092
- C:\Windows\System\VYcYqLD.exe
  C:\Windows\System\VYcYqLD.exe
  2⤵
  PID:10108
- C:\Windows\System\LqOPtxF.exe
  C:\Windows\System\LqOPtxF.exe
  2⤵
  PID:10124
- C:\Windows\System\jszdhIM.exe
  C:\Windows\System\jszdhIM.exe
  2⤵
  PID:10144
- C:\Windows\System\aEGiEqC.exe
  C:\Windows\System\aEGiEqC.exe
  2⤵
  PID:10164
- C:\Windows\System\ZepraPi.exe
  C:\Windows\System\ZepraPi.exe
  2⤵
  PID:10180
- C:\Windows\System\xNYdTTF.exe
  C:\Windows\System\xNYdTTF.exe
  2⤵
  PID:10200
- C:\Windows\System\kirdetL.exe
  C:\Windows\System\kirdetL.exe
  2⤵
  PID:10224
- C:\Windows\System\QzzJagX.exe
  C:\Windows\System\QzzJagX.exe
  2⤵
  PID:9232
- C:\Windows\System\WlAXWBr.exe
  C:\Windows\System\WlAXWBr.exe
  2⤵
  PID:9240
- C:\Windows\System\jdaKyFj.exe
  C:\Windows\System\jdaKyFj.exe
  2⤵
  PID:9272
- C:\Windows\System\AGifQnO.exe
  C:\Windows\System\AGifQnO.exe
  2⤵
  PID:9288
- C:\Windows\System\GNyjVdr.exe
  C:\Windows\System\GNyjVdr.exe
  2⤵
  PID:9452
- C:\Windows\System\faYCWUK.exe
  C:\Windows\System\faYCWUK.exe
  2⤵
  PID:9376
- C:\Windows\System\HpLhhWY.exe
  C:\Windows\System\HpLhhWY.exe
  2⤵
  PID:9468
- C:\Windows\System\jpcCzJp.exe
  C:\Windows\System\jpcCzJp.exe
  2⤵
  PID:9492
- C:\Windows\System\WuBXnSm.exe
  C:\Windows\System\WuBXnSm.exe
  2⤵
  PID:9524
- C:\Windows\System\fZTjDbe.exe
  C:\Windows\System\fZTjDbe.exe
  2⤵
  PID:9528
- C:\Windows\System\ZCAgxdF.exe
  C:\Windows\System\ZCAgxdF.exe
  2⤵
  PID:9584
- C:\Windows\System\rRIwBRj.exe
  C:\Windows\System\rRIwBRj.exe
  2⤵
  PID:9644
- C:\Windows\System\FjdESFF.exe
  C:\Windows\System\FjdESFF.exe
  2⤵
  PID:9624
- C:\Windows\System\JKqHNLe.exe
  C:\Windows\System\JKqHNLe.exe
  2⤵
  PID:9736
- C:\Windows\System\gwOUwMw.exe
  C:\Windows\System\gwOUwMw.exe
  2⤵
  PID:9696
- C:\Windows\System\CoMBkTh.exe
  C:\Windows\System\CoMBkTh.exe
  2⤵
  PID:9748
- C:\Windows\System\maEjHiw.exe
  C:\Windows\System\maEjHiw.exe
  2⤵
  PID:9776
- C:\Windows\System\mEncAtp.exe
  C:\Windows\System\mEncAtp.exe
  2⤵
  PID:9840
- C:\Windows\System\IHXAQVZ.exe
  C:\Windows\System\IHXAQVZ.exe
  2⤵
  PID:9852
- C:\Windows\System\eSgtWrF.exe
  C:\Windows\System\eSgtWrF.exe
  2⤵
  PID:9872
- C:\Windows\System\odWVwts.exe
  C:\Windows\System\odWVwts.exe
  2⤵
  PID:9916
- C:\Windows\System\APGyTds.exe
  C:\Windows\System\APGyTds.exe
  2⤵
  PID:9964
- C:\Windows\System\oNvBaFy.exe
  C:\Windows\System\oNvBaFy.exe
  2⤵
  PID:9976
- C:\Windows\System\sqEPDZE.exe
  C:\Windows\System\sqEPDZE.exe
  2⤵
  PID:9760
- C:\Windows\System\fujNwrG.exe
  C:\Windows\System\fujNwrG.exe
  2⤵
  PID:10036
- C:\Windows\System\ZnThouW.exe
  C:\Windows\System\ZnThouW.exe
  2⤵
  PID:10088
- C:\Windows\System\cLleuZe.exe
  C:\Windows\System\cLleuZe.exe
  2⤵
  PID:10120
- C:\Windows\System\smyXIun.exe
  C:\Windows\System\smyXIun.exe
  2⤵
  PID:10136
- C:\Windows\System\bNfywWh.exe
  C:\Windows\System\bNfywWh.exe
  2⤵
  PID:10236
- C:\Windows\System\NbHwBCR.exe
  C:\Windows\System\NbHwBCR.exe
  2⤵
  PID:9260
- C:\Windows\System\OqJQmEj.exe
  C:\Windows\System\OqJQmEj.exe
  2⤵
  PID:9308
- C:\Windows\System\OtyNHfm.exe
  C:\Windows\System\OtyNHfm.exe
  2⤵
  PID:10220
- C:\Windows\System\mIBSPWf.exe
  C:\Windows\System\mIBSPWf.exe
  2⤵
  PID:9348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AAHPCfI.exe

Filesize
6.0MB

MD5
e21422b0009f82c2c6be1ac345da2940

SHA1
bd093e5d5373ea46dcd330065dc8c579262ad133

SHA256
2af8a87530fd919bdd29cc97e83cb7fbf3d2c10cd53c24d38c110164f8e02ae3

SHA512
40a109a3bc73d50be44c515b518362763c72e86014b0b43ef6c2ba550fc4ab8fefdf30e25a93b324f3392a8e6f8f3ff808ae601640977c17ac612a58b56333e6

Download Submit
C:\Windows\system\AizltLv.exe

Filesize
6.0MB

MD5
94a9ad954fa9cd9caba4c89b6cd3e236

SHA1
03f2c6073e7cfd5a9fa4ed736029fddd8763be53

SHA256
c6dc8cb9ae405dd456a3976e577232f789b09356f332ef30b33796f64067129a

SHA512
a545d5d40c6b903faa8d2f8f454cf54ef42521e74a4ab6a2274a6ff8b9285a3d50fb2de8595c5ab4026a5e457d6c1abedef592e59ba03d343d76f1b55d9b6295

Download Submit
C:\Windows\system\BJGxLsz.exe

Filesize
6.0MB

MD5
d1893e2c2a69cb0b2e25b20e385268a0

SHA1
a75b61017785b10bbea2900e5b50103fb4b86f3c

SHA256
34ff6163044aff4d33061bb443cae419498a00d7bd39c00d50792bfedb5bbf93

SHA512
5edcd1f17260daa3115432c989795cf867fa61658b3c186ecb851e57ab8c1e022c3856d7496fbf2c9a76845f9fa969009f231cfda51aa7e1ba68e2956a94523d

Download Submit
C:\Windows\system\DSYSoxS.exe

Filesize
6.0MB

MD5
d2e4b9845e04e4c409c90db02f85fc8a

SHA1
f2fe4ee01229251adce905892e3eaae706b7e5a9

SHA256
f1badd38e99ceff13678a030a1f1e9f18ede536cd75eb1106c36ff60119b1629

SHA512
df02ed80b02bc5b85670ef49e678594cddcc7f8a366d9f3f5924c668cbb2d3615eecab8681d2b5cc1545d479bd9b7637a74275d447e811403d6d32f94c1e8c73

Download Submit
C:\Windows\system\Dmtrtwb.exe

Filesize
6.0MB

MD5
29cddd454817c1e9f2f0fd0310a9ef92

SHA1
993a2e6b65101fd7f6160dc0a4814be40f1dc119

SHA256
af886b0916912b944c32b4d54f13900eae323714314b0399fdb699ca71fbcc43

SHA512
4cbf394ef5e3706f1fd8ea91f8b6572b0177ad3b81d85dfa74e1c3fa5f7d3756ce2db25c172ca7f977b18486d94e1ddc9abdd3478284f091aea135e592be6186

Download Submit
C:\Windows\system\FrkqhnH.exe

Filesize
6.0MB

MD5
022d0a62e31d3649c165c8ae495768c3

SHA1
74a3d5cf162c7fac81490eb3b168f4b0ab7b9b1a

SHA256
d656330ae7b4d0a431a40a20c13ca152d6f17b8e7b95d3b7fd36597171cb106f

SHA512
90c47c8dd967d9fbf0e44412df5b3b18fa1e2fb16fc98038427e45dccc460c688398f5d6c383c8ff85d48eaee89c6939931f40780024c22f26350145861fb450

Download Submit
C:\Windows\system\HFXhRva.exe

Filesize
6.0MB

MD5
be349e58cb396553487787e0ee14c8cc

SHA1
6448c38fd788c877db0ef2e7a9f57fb323b398da

SHA256
425119505000164be9aa9aa155c748409c1cea0d8fca7d84809d18289d2c530a

SHA512
d1821795a1d7c2238d2de5496977d19c502f1dbf389cbddf0853d19b70a4f37498458c204456413e871f502cd69cd8717936870cdce3d9a2ce20017065285a99

Download Submit
C:\Windows\system\JLSpFYk.exe

Filesize
6.0MB

MD5
55a427aa4928794e89c2ab5d20971b78

SHA1
a6578b06098f228b501ed24bb28162a89fc4ec7b

SHA256
40b16b56d2734573bfe68a50e49a90a80d0595d44c9beb1fd9cb3d3ad92fb22a

SHA512
6a9adc8453147f23d5ce3f541f6ea8826f2961cba84263d4db829bfd6615a63e019d927927398c6c760f7c5ad4c05510c32ee1b66c0ea30d0a7f445d54df2a70

Download Submit
C:\Windows\system\LQZmwrY.exe

Filesize
6.0MB

MD5
fd9920cd1d25abb865173a6670e8bb6e

SHA1
564967f3b2cd9e243fcd21872e1e5d725ae6f21a

SHA256
ffc438881951e15450c02e590f4e5355cdb8d6b4b61f95203a6080476924dfda

SHA512
42ec72fdde5261813f991a4ea50f856e9e28bafb292e85e5d5467238795fbb74dafe2ef08646fcd1ef306e13f028aeb3265a30059e635fb7a29f0ca0ae27af8f

Download Submit
C:\Windows\system\NQjbvqP.exe

Filesize
6.0MB

MD5
4aa4497d18ca560d33b5c0d3081e978e

SHA1
917d60ac5ef836cd250ed83581a56a002caf2728

SHA256
e0750bcdb04cf92d3c426f78fa23042cb39ea2cb5399a2790ecc7d20d4d120d3

SHA512
d1a5b128db27656d4a9b708724e23a6ac41e5d9e8d439861df09140489eb15f485145e8f51d89c737eb2b797cec8b8fe30b23c5a1d28f5c67db1fc242bb08bda

Download Submit
C:\Windows\system\OhxGyAj.exe

Filesize
6.0MB

MD5
d5d7bf5b1b03daf49cf9c32af506318e

SHA1
3261c1ce7d5a7cdc55fb11c93fe34c0edd1db5b3

SHA256
bb705137f3d3b9f76d4a501eee918dcbacd632a6c98fc9cba4fce62008601d42

SHA512
a0dfe7914f4b9ce8a6fbe6dee87b87cd4780642b8cd8ec6d644211ec58565b9ce9644c3968154517354c42b967065f11e2565db0b9deed0ed1a635d8eeed893e

Download Submit
C:\Windows\system\SpTWAdX.exe

Filesize
6.0MB

MD5
d7eea6792f46a37d7ce082ba79ad473d

SHA1
5e8ace1056cdc0c69a8e6afe3880e1872811f3d9

SHA256
175d9b26c561d96ec52c8aa256cbc62e0234857b45c611b5be62a54e98cc51c4

SHA512
ae0e70d98822f8e1bf5a354500d097dacb6f6f5287c7d898e1496fe852acd9bbac1e90981d9d5ae50c4fadea3a1da2ba0549528a2016910250bdf90d08aff895

Download Submit
C:\Windows\system\UcwhOHS.exe

Filesize
6.0MB

MD5
e4a4a9aca6a5cad8b6cd8ef2340e5d22

SHA1
e2b1745d1a4717ddf2177013ddaedf2066f452cd

SHA256
b4d36332d5b2cde0bc71e35e908d4355a9f35e952e4ef82d3a39359b3e94bd4e

SHA512
63b58247d69748d29ca8411798d43526ae51cc1a6845ee0bd975be6a91c77e68c27f9e2162676d5600fb379c90f3604612805051eb1fe4875a82627e41eaba0b

Download Submit
C:\Windows\system\agLDLQn.exe

Filesize
6.0MB

MD5
32483aa1e29d37ccd2454c7dfc27bd9c

SHA1
960a952947e410b7746e6db7ce0aa0cfd0d29d10

SHA256
9b6ee13d7e7e0a97633cbd26ee0c09429fb9b86f49d223e9f13a15f59203498a

SHA512
e5b81401abf3aa9afefcf75edd211b55e0ef423252c918ccc0c1b60cf61e4d67f875e7362717d4755cb2c9846b239e78eaffb6b99f1f665765e73131a026b48b

Download Submit
C:\Windows\system\gZaqYWA.exe

Filesize
6.0MB

MD5
44fbc04ef01308d4a4e0f24446f73069

SHA1
909f0f27f5f5e78df17df3ce1cb87fcb06efad58

SHA256
ab8d016c498b3f626a370e3fd7e3f398a719f5eb0c9fff19ab61dd35c0a76123

SHA512
4ec79fc6f21f0795b7542aaa4142ee996ba22bcfd8fbf3fd0485bd585ac9d91ce0e3c7f0770166fb3d19c0c1d2cfa8c2cd266f585acdd0b927e27d7236157f12

Download Submit
C:\Windows\system\krNcYJO.exe

Filesize
8B

MD5
baf7953f8a3761f81190967135bb6041

SHA1
8ed4c65aaab224ea970ecf55d020389b7d187c6a

SHA256
36c33032abcf891f98ed1f99c3559680e0ad954a58c15b1a429787b866c16255

SHA512
f0a5cffd07e633d013eccd763502c3756428887cce860a06eecacdb52efc9bc4ad6f1c7c20990b42b6eec7e2bbb435800a619c33fd546337dc91f0b4bc253d55

Download Submit
C:\Windows\system\nOWNKmz.exe

Filesize
6.0MB

MD5
68e00de3ce7dea3d80f0344f405b111d

SHA1
6bc54f9e10de33b2e0c5866f4d648f7e15eab7cc

SHA256
0bdfd8e6ef58dbf2520d3dda9f85b6cfd91ce24a34d20f0f7559b02348880737

SHA512
426b5994e31cb523a934391f7398c13c1c25a5b371f4d145c665dee8c9ab0bdfb5c6d5567bee81bc649c63e1fbfabf66ae41e782b4412b2fb427b0164d04a4f9

Download Submit
C:\Windows\system\ohMWpNs.exe

Filesize
6.0MB

MD5
27ae49fd680e69833c9254d3f34e5974

SHA1
1f96942042bae4eb7ceb44178088bb81de17306a

SHA256
2a53b30f08501e5740f2b9557a38f2b1f50ddd86c96e0e5e18d7c34a947d6ede

SHA512
1b59591673a6c10fce174d7c80a29630f7ab7fee38bd2052b2d24ac6a10b3041d9636d745bde49ebac5e50d6b7ff494cc7299e8d8ecb8cf593bebe91b7c71719

Download Submit
C:\Windows\system\ptNTANM.exe

Filesize
6.0MB

MD5
9190b7f5938fd83e8df3e4630781269a

SHA1
917408383882a693c5705fe9d1f10b01d5fc4bcc

SHA256
78538f5f61c8e5d804a5c4fcd35f7fe7753bb3b2ae12997bbbdcf0cc2a7ad9fd

SHA512
9e35817512c43f9de57464690de29c4cbcea4b3bff778ec998f4aae02213452b53cf0b4464078f871773e524fd591ca673518d2231174d750e1b3260a17414c2

Download Submit
C:\Windows\system\wDPvuMj.exe

Filesize
6.0MB

MD5
80a17fe721904ae252f401303599f072

SHA1
dae8fdcd9e9b9581f20453b702d83b4d9845cf27

SHA256
2001da34dcb1dbc75560bf6165369be5655ef86c0cfd928676c5e0d7944c06e4

SHA512
8aa20f529dd073757ee3f35b1403e5e96a7aa34d240c7bc64c19d3314a09451f2bfc8d4869ccffd22c33bc4607d76b76df47ca0aac221b6f3410db5471538db6

Download Submit
C:\Windows\system\wiGAHye.exe

Filesize
6.0MB

MD5
a7800e7d321e21711b3c20a477195387

SHA1
25d6dacbbfd62afc9e8112c10548dc15454877aa

SHA256
47c9fa3439c6cf0c46ad70942abe93bff6aa7ac8e381c94d2c3319c69cb82af3

SHA512
aaa867289688f57fb0387804c17c8f4090ee848111db24e2550d2a881e589a930eddab266458e3f63efafaeb65d9bc18ff416487de15b9271ee30f7821f42187

Download Submit
C:\Windows\system\xfZbKNJ.exe

Filesize
6.0MB

MD5
88f82539fc3fc499305913a1c7e1938b

SHA1
81c91df4323af610c053796644244306e594c3f3

SHA256
f6dac14ba3916952fa6650d5c5a4a9f6412bee272064aad10430231401d19711

SHA512
0ab2855b14bcae1ab5392009ded1413b0d915e7bc22b338b08f242615253d51c43d1db2efa9bc710ca89c902ad1117cba443802a30cb6773dc022976fbd75285

Download Submit
\Windows\system\DGlhKif.exe

Filesize
6.0MB

MD5
147cd1aef568095abf7876bda873aa69

SHA1
c2ead75fa762f2546d4dc941d901846baf5e6f1d

SHA256
174ff954275fb4fff694a7a5bb95babb5d229523340803f9f359d8f44fa7f6d7

SHA512
83b2f7ebf47083874cb9c568503a1cbd48f94e3ee0b2029ddd5c474bed7d986280adeece89247c29240cc98c9e9de15c4ff09e6174866ea8aa73054b65308915

Download Submit
\Windows\system\DWjJZrT.exe

Filesize
6.0MB

MD5
aec2187ef0686d296dc7f1c75f92b0fc

SHA1
2bff04f9ae4b6dbbbccdbbb66b7e173b4d4508cc

SHA256
a596c5076e950f4cbba03157bc047be03be37ff84738c7a5c2d977a30502ab3a

SHA512
da844c950a3a864f5fb969dea1995f36830fe984596a0f0d27c86519b66753d2298a42c73882971cc1f16b867b8e7a878cbfae9951ccde48b955c2f2eed8688a

Download Submit
\Windows\system\ExABlwK.exe

Filesize
6.0MB

MD5
def9bf4147cf8c46b2d33b607a942f7a

SHA1
7db539403cfdc930b5dcd611e180f58a5ba3daf2

SHA256
8f47ec147e76af33b9bffaa103e82ef348a3df139aac1de3dae1fbed4457a7e7

SHA512
9011776bb8d8606ba02b4b5bf6728cd3aca3a6a3d7f2b2a2aca4535ee9c196e01cac3ba4c58905bbd3df6744161bd8fffb1c3036d1793fec1497c1e38786f155

Download Submit
\Windows\system\UqaMiKo.exe

Filesize
6.0MB

MD5
8b96f5fa4243d5784bae56aa82c16b0c

SHA1
7c034dd444308a80ebaceb763a02cebdca49d928

SHA256
59075666368390be0113613259c2a419f1a46eb56ec765dfd97bf85e2a2c109a

SHA512
169b4d3381bee050869ed5e709012c234428a2cbea6d3fe584bb1720976f613df29dd3e639d1632c576327338e20ac64828be793d2b03d01af1078e492c7dc07

Download Submit
\Windows\system\WCnAGlh.exe

Filesize
6.0MB

MD5
6e2213e94dde7fbd1528098bcac08d78

SHA1
fd3aa41377f2c8d78494ed1f511825437f154620

SHA256
ce3639b1864dddce663cce6cdabd61bd3c6352eeaefb9f30cb956673003ec0e9

SHA512
29140f8d1c2491202808a8126ef0bc80cff6e0efd9dee5f572033a1e9f2481d7db6168bdfc39de876cbfef8b7285744d81224315449fac5b3a147d191dfd2898

Download Submit
\Windows\system\dKHYSez.exe

Filesize
6.0MB

MD5
fd424eeb850647f5c1972eab1a757b4d

SHA1
589ed96f466202e76c547fd3f9c1d6b6a11468ee

SHA256
095095c2f2ff7522e54d817e78b161984de29c14e87820532b94aaa2d9c42751

SHA512
e3b60c048a875c7385f03fea1248f6615e536e99c01115f27f95fec7c9cdc20977f9dcb487c097f10ed6d24ddcd83c7b691d81d081ad0fd5eed0631fb2b1bffe

Download Submit
\Windows\system\ioWQwpA.exe

Filesize
6.0MB

MD5
65bf5670c0cf19eaeb5084cf3140976b

SHA1
d98bed7ac2c01c7bbd01122e5cf06164e90ad9de

SHA256
1cb8362103db4bfb06c557487eeed1c1ed5e39b18bbaf2801af6a2b21df8aad2

SHA512
f636389722e7bb4f601a1f7b5b3fdb325216e98027e2460284203113b6c13e4511819c9c3f3b898a14578b41fe6bc70b7fed67c41860aab98fb718a08b838535

Download Submit
\Windows\system\nyleGEI.exe

Filesize
6.0MB

MD5
d548ad9e72ab905d7ed8a2fd35092fbb

SHA1
b854efa2328b38a2586dc82a08f9328e353180c5

SHA256
a23a63716d45584e8c88288f6021869a635a587e70ceea41bb9b77346b75c52c

SHA512
ff62b246563aa51a494e9a9d62fc02d8f3ba5ab839b6138f1c41d40b5ce9b5a1f4e4292fa5237f664d6d47df4de069f9906e2ec05a6aa61eb49e5309a21ac5e7

Download Submit
\Windows\system\ofUwMAE.exe

Filesize
6.0MB

MD5
76d5b1d0108f569a0895c4fffb55a797

SHA1
16cae2c604fbbee01737617fc3ce3a7bc5b03fac

SHA256
50a98139a6a153d701799d7070eeb33d2cabd2a370501cc8d619986729988788

SHA512
90a1d11b89aabb12106bc76171769abb4f01254e73614a0e9aabf70fc137357760839f1c8d9a4936b5ad9e168639454ad47ed0d0567a08818ecb1bcc5f3eb6b6

Download Submit
\Windows\system\qIVlcKe.exe

Filesize
6.0MB

MD5
1fe80fdee00f92cad9bb3ac0ec79ec52

SHA1
2b72c58a9c27bb18e9b834c23aab30ff18194657

SHA256
612a6e020ea3268de5423b88142d2aa3d2dd9952fe07fec093e974afad663775

SHA512
79ebfd59bcac884c2db258e6010f8656ca15af46a61949d59e8de7d77d1b7d802da8a0f2f5ae303fedb93d44e8e7eed4178d9c382d7ec186aa6326fdff429d5a

Download Submit
\Windows\system\xnLhVxY.exe

Filesize
6.0MB

MD5
9a5a9a5f2b49b3734186b01dfec3ed47

SHA1
b5ed9ee2b4b1167c28ddbca783a80df740bcc21a

SHA256
eb05acbf6d659e92d9e03cead89908211671fdd94b261e7041883eac630cd638

SHA512
ad4b1188a57e472d6bdae3299fccfc22ccabfad0506c5a9eac0f86a9877c521151bc97ccf50e6e9b2df08a5ca7db7262685020cde1f66f6a9751348bb1b90b3e

Download Submit
memory/536-3249-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/536-108-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1040-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1040-2897-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1040-23-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/1720-126-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-3255-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-2893-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-55-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-98-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-124-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1928-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1928-73-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1928-27-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-71-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1928-93-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1928-44-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1928-40-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-18-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-31-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1928-6-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1928-116-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-34-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1928-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-146-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2016-120-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3252-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2064-2895-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-53-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-49-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2564-66-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2564-103-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2564-2899-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2664-64-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2664-84-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2664-2956-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2700-59-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2700-74-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2898-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2740-62-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-78-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2908-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-72-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2900-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2744-48-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2904-14-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download