cobaltstrike | e771405bba437ccdb8223c6be58eb89058093634363813c850b7b3779313774c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-12-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d33db689d367407c2f029c2a9e8bfd14
SHA1

2fa6f514fd525f6dda84849c264f5243e852e7af
SHA256

e771405bba437ccdb8223c6be58eb89058093634363813c850b7b3779313774c
SHA512

2507a60149a1c6c66e6bf439d254d195f55ff9174e1e8f8e96c7894e6da6c1df283a587d8ba2bd8ec1504fcde3b78cac2103d528e778871bc0880ad6087b2fa2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012282-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f4-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017472-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017487-23.dat	cobalt_reflective_dll
behavioral1/files/0x003600000001706d-32.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a2-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017525-49.dat	cobalt_reflective_dll
behavioral1/files/0x0017000000018663-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-197.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-82.dat	cobalt_reflective_dll
behavioral1/files/0x000f00000001866e-77.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2364-0-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000b000000012282-3.dat	xmrig
behavioral1/memory/2704-8-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x00080000000173f4-9.dat	xmrig
behavioral1/memory/2788-15-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0007000000017472-11.dat	xmrig
behavioral1/memory/2560-21-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017487-23.dat	xmrig
behavioral1/memory/2880-28-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2720-34-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2364-33-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x003600000001706d-32.dat	xmrig
behavioral1/memory/2704-38-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x00070000000174a2-40.dat	xmrig
behavioral1/memory/2788-46-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2584-48-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2364-44-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017525-49.dat	xmrig
behavioral1/memory/2560-54-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/3004-55-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0017000000018663-56.dat	xmrig
behavioral1/memory/2880-60-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0005000000019259-66.dat	xmrig
behavioral1/files/0x0005000000019263-69.dat	xmrig
behavioral1/memory/2720-84-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2396-90-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2652-87-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2644-86-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0005000000019356-117.dat	xmrig
behavioral1/files/0x000500000001936b-122.dat	xmrig
behavioral1/files/0x0005000000019426-147.dat	xmrig
behavioral1/memory/2364-1004-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2592-937-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/1796-758-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2396-566-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194df-197.dat	xmrig
behavioral1/files/0x00050000000194c9-192.dat	xmrig
behavioral1/files/0x00050000000194ae-187.dat	xmrig
behavioral1/files/0x000500000001946e-182.dat	xmrig
behavioral1/files/0x000500000001946b-177.dat	xmrig
behavioral1/files/0x000500000001945c-172.dat	xmrig
behavioral1/files/0x0005000000019458-167.dat	xmrig
behavioral1/files/0x000500000001944d-162.dat	xmrig
behavioral1/files/0x0005000000019442-157.dat	xmrig
behavioral1/files/0x0005000000019438-152.dat	xmrig
behavioral1/files/0x0005000000019423-142.dat	xmrig
behavioral1/files/0x00050000000193a5-137.dat	xmrig
behavioral1/files/0x0005000000019397-132.dat	xmrig
behavioral1/files/0x000500000001937b-127.dat	xmrig
behavioral1/files/0x0005000000019353-112.dat	xmrig
behavioral1/memory/2184-109-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2592-104-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x000500000001928c-103.dat	xmrig
behavioral1/memory/1796-97-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2584-95-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0005000000019284-94.dat	xmrig
behavioral1/files/0x0005000000019266-82.dat	xmrig
behavioral1/memory/2120-80-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x000f00000001866e-77.dat	xmrig
behavioral1/memory/2184-65-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2704-3464-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2788-3465-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2560-3553-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2880-3602-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2704	QZsSGDu.exe
2788	jzrQGpE.exe
2560	VWNpRYI.exe
2880	PpSLZGv.exe
2720	HbuKNQu.exe
2584	yQYumaE.exe
3004	tdFfNXB.exe
2184	sQlFONK.exe
2120	yCleVBH.exe
2644	SjwsAXg.exe
2652	sueRdPC.exe
2396	poeKDbW.exe
1796	bUWavsq.exe
2592	OCjbAOB.exe
592	gwddLUj.exe
2860	eNuMAES.exe
1924	VmfEOyL.exe
1920	Yoxkpdl.exe
380	ycmbJFH.exe
768	XmBOIuy.exe
2124	VFduEpN.exe
2348	RtXTnPs.exe
632	EtHVluH.exe
2904	TSIintW.exe
1716	UeUwEKW.exe
880	gakQdiq.exe
1512	PCmMegj.exe
2980	AnihBBz.exe
1988	bxOJPwu.exe
696	LfaQSik.exe
2104	BVlilKo.exe
848	pywAUXU.exe
940	vbhsLeJ.exe
1140	HFgQUAq.exe
1640	vrckAlm.exe
1336	HPmijNZ.exe
1092	xSpHsQa.exe
3000	Ewdpxkb.exe
1960	fIENitK.exe
1264	mCpIEaP.exe
3068	Yekqrzm.exe
2112	yImpvtn.exe
2116	kExnbUP.exe
1984	ZhpFENr.exe
2892	GswWAdw.exe
772	CudmvYl.exe
2920	oalxJMX.exe
2268	BvLZZpK.exe
908	joBTscT.exe
1044	KbHYJkw.exe
2308	OhUsPrs.exe
1676	CrOqQwi.exe
1572	NhCbETc.exe
1912	eJRLvDo.exe
2912	GJOsVPl.exe
2680	AWZqctZ.exe
2740	xwuCIaf.exe
1236	hcvKFAt.exe
2916	uyXfBTS.exe
2092	DOSEFAb.exe
2708	bbOmABG.exe
1056	DJoksac.exe
2564	DgCrDAB.exe
668	OCUdVLT.exe

Loads dropped DLL 64 IoCs

pid	Process
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000b000000012282-3.dat	upx
behavioral1/memory/2704-8-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x00080000000173f4-9.dat	upx
behavioral1/memory/2788-15-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0007000000017472-11.dat	upx
behavioral1/memory/2560-21-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0007000000017487-23.dat	upx
behavioral1/memory/2880-28-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2720-34-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2364-33-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x003600000001706d-32.dat	upx
behavioral1/memory/2704-38-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x00070000000174a2-40.dat	upx
behavioral1/memory/2788-46-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2584-48-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0007000000017525-49.dat	upx
behavioral1/memory/2560-54-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/3004-55-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0017000000018663-56.dat	upx
behavioral1/memory/2880-60-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0005000000019259-66.dat	upx
behavioral1/files/0x0005000000019263-69.dat	upx
behavioral1/memory/2720-84-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2396-90-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2652-87-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2644-86-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0005000000019356-117.dat	upx
behavioral1/files/0x000500000001936b-122.dat	upx
behavioral1/files/0x0005000000019426-147.dat	upx
behavioral1/memory/2592-937-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/1796-758-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2396-566-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x00050000000194df-197.dat	upx
behavioral1/files/0x00050000000194c9-192.dat	upx
behavioral1/files/0x00050000000194ae-187.dat	upx
behavioral1/files/0x000500000001946e-182.dat	upx
behavioral1/files/0x000500000001946b-177.dat	upx
behavioral1/files/0x000500000001945c-172.dat	upx
behavioral1/files/0x0005000000019458-167.dat	upx
behavioral1/files/0x000500000001944d-162.dat	upx
behavioral1/files/0x0005000000019442-157.dat	upx
behavioral1/files/0x0005000000019438-152.dat	upx
behavioral1/files/0x0005000000019423-142.dat	upx
behavioral1/files/0x00050000000193a5-137.dat	upx
behavioral1/files/0x0005000000019397-132.dat	upx
behavioral1/files/0x000500000001937b-127.dat	upx
behavioral1/files/0x0005000000019353-112.dat	upx
behavioral1/memory/2184-109-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2592-104-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x000500000001928c-103.dat	upx
behavioral1/memory/1796-97-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2584-95-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0005000000019284-94.dat	upx
behavioral1/files/0x0005000000019266-82.dat	upx
behavioral1/memory/2120-80-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x000f00000001866e-77.dat	upx
behavioral1/memory/2184-65-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2704-3464-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2788-3465-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2560-3553-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2880-3602-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2720-3607-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2584-3786-0x000000013F140000-0x000000013F494000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tpTXeQC.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDrhkXB.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDgHqQc.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXeJIGv.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIqLfZR.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldBAIxD.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUOaKyJ.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFzyEwf.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfZvpwU.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdwPlnk.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAVxNYn.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAWgzOQ.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkOlyCZ.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCgkQLK.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rotEoWh.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWBTytG.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znaLKBU.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jifkCyl.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPhexsQ.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCNWPlM.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMxaLuS.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXYiIpS.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHTWxHO.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEFRnTC.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akChFnm.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDRbXhR.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZHQGKN.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfuNJmw.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPEclVk.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrZoKTz.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTjZzaX.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVtOlnm.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwmwPei.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzUHapN.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvfpCsG.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMHDWaY.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQVqNFq.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGPGQDs.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DboFpIZ.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWSBnWe.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhpMmxy.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IieYMFV.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpkYKRb.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsXUcii.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdMEfNv.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPgVfTo.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTcYNqu.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdjVhBf.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZHXUnf.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqQzfKM.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjQUYMX.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laUrRxc.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkmTWhx.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RcaVRNp.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmJRghP.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGWOyLo.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrOqQwi.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhajGrR.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PTCmQSw.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoMFqBY.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sakiafo.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxSkEnq.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrckAlm.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CudmvYl.exe	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2704	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2364 wrote to memory of 2704	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2364 wrote to memory of 2704	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2364 wrote to memory of 2788	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2788	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2788	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2364 wrote to memory of 2560	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 2560	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 2560	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2364 wrote to memory of 2880	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 2880	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 2880	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2364 wrote to memory of 2720	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 2720	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 2720	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2364 wrote to memory of 2584	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 2584	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 2584	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2364 wrote to memory of 3004	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 3004	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 3004	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2364 wrote to memory of 2184	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 2184	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 2184	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2364 wrote to memory of 2644	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 2644	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 2644	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2364 wrote to memory of 2120	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 2120	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 2120	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2364 wrote to memory of 2396	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 2396	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 2396	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2364 wrote to memory of 2652	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 2652	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 2652	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2364 wrote to memory of 1796	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 1796	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 1796	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2364 wrote to memory of 2592	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 2592	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 2592	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2364 wrote to memory of 592	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 592	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 592	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2364 wrote to memory of 2860	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 2860	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 2860	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2364 wrote to memory of 1924	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 1924	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 1924	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2364 wrote to memory of 1920	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 1920	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 1920	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2364 wrote to memory of 380	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 380	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 380	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2364 wrote to memory of 768	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 768	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 768	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2364 wrote to memory of 2124	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 2124	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 2124	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2364 wrote to memory of 2348	2364	2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-14_d33db689d367407c2f029c2a9e8bfd14_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\System\QZsSGDu.exe
  C:\Windows\System\QZsSGDu.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\jzrQGpE.exe
  C:\Windows\System\jzrQGpE.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\VWNpRYI.exe
  C:\Windows\System\VWNpRYI.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\PpSLZGv.exe
  C:\Windows\System\PpSLZGv.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\HbuKNQu.exe
  C:\Windows\System\HbuKNQu.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\yQYumaE.exe
  C:\Windows\System\yQYumaE.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\tdFfNXB.exe
  C:\Windows\System\tdFfNXB.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\sQlFONK.exe
  C:\Windows\System\sQlFONK.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\SjwsAXg.exe
  C:\Windows\System\SjwsAXg.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\yCleVBH.exe
  C:\Windows\System\yCleVBH.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\poeKDbW.exe
  C:\Windows\System\poeKDbW.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\sueRdPC.exe
  C:\Windows\System\sueRdPC.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\bUWavsq.exe
  C:\Windows\System\bUWavsq.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\OCjbAOB.exe
  C:\Windows\System\OCjbAOB.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\gwddLUj.exe
  C:\Windows\System\gwddLUj.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\eNuMAES.exe
  C:\Windows\System\eNuMAES.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\VmfEOyL.exe
  C:\Windows\System\VmfEOyL.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\Yoxkpdl.exe
  C:\Windows\System\Yoxkpdl.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\ycmbJFH.exe
  C:\Windows\System\ycmbJFH.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\XmBOIuy.exe
  C:\Windows\System\XmBOIuy.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\VFduEpN.exe
  C:\Windows\System\VFduEpN.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\RtXTnPs.exe
  C:\Windows\System\RtXTnPs.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\EtHVluH.exe
  C:\Windows\System\EtHVluH.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\TSIintW.exe
  C:\Windows\System\TSIintW.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\UeUwEKW.exe
  C:\Windows\System\UeUwEKW.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\gakQdiq.exe
  C:\Windows\System\gakQdiq.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\PCmMegj.exe
  C:\Windows\System\PCmMegj.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\AnihBBz.exe
  C:\Windows\System\AnihBBz.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\bxOJPwu.exe
  C:\Windows\System\bxOJPwu.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\LfaQSik.exe
  C:\Windows\System\LfaQSik.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\BVlilKo.exe
  C:\Windows\System\BVlilKo.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\pywAUXU.exe
  C:\Windows\System\pywAUXU.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\vbhsLeJ.exe
  C:\Windows\System\vbhsLeJ.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\HFgQUAq.exe
  C:\Windows\System\HFgQUAq.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\vrckAlm.exe
  C:\Windows\System\vrckAlm.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\HPmijNZ.exe
  C:\Windows\System\HPmijNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\xSpHsQa.exe
  C:\Windows\System\xSpHsQa.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\Ewdpxkb.exe
  C:\Windows\System\Ewdpxkb.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\fIENitK.exe
  C:\Windows\System\fIENitK.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\mCpIEaP.exe
  C:\Windows\System\mCpIEaP.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\Yekqrzm.exe
  C:\Windows\System\Yekqrzm.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\yImpvtn.exe
  C:\Windows\System\yImpvtn.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\kExnbUP.exe
  C:\Windows\System\kExnbUP.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\ZhpFENr.exe
  C:\Windows\System\ZhpFENr.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\GswWAdw.exe
  C:\Windows\System\GswWAdw.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\CudmvYl.exe
  C:\Windows\System\CudmvYl.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\oalxJMX.exe
  C:\Windows\System\oalxJMX.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\BvLZZpK.exe
  C:\Windows\System\BvLZZpK.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\joBTscT.exe
  C:\Windows\System\joBTscT.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\KbHYJkw.exe
  C:\Windows\System\KbHYJkw.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\OhUsPrs.exe
  C:\Windows\System\OhUsPrs.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\CrOqQwi.exe
  C:\Windows\System\CrOqQwi.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\NhCbETc.exe
  C:\Windows\System\NhCbETc.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\eJRLvDo.exe
  C:\Windows\System\eJRLvDo.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\GJOsVPl.exe
  C:\Windows\System\GJOsVPl.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\AWZqctZ.exe
  C:\Windows\System\AWZqctZ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\xwuCIaf.exe
  C:\Windows\System\xwuCIaf.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\hcvKFAt.exe
  C:\Windows\System\hcvKFAt.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\uyXfBTS.exe
  C:\Windows\System\uyXfBTS.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\DOSEFAb.exe
  C:\Windows\System\DOSEFAb.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\bbOmABG.exe
  C:\Windows\System\bbOmABG.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\DJoksac.exe
  C:\Windows\System\DJoksac.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\DgCrDAB.exe
  C:\Windows\System\DgCrDAB.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\OCUdVLT.exe
  C:\Windows\System\OCUdVLT.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\XnBZSvb.exe
  C:\Windows\System\XnBZSvb.exe
  2⤵
  PID:1812
- C:\Windows\System\aUdYIEV.exe
  C:\Windows\System\aUdYIEV.exe
  2⤵
  PID:2412
- C:\Windows\System\vaLONLt.exe
  C:\Windows\System\vaLONLt.exe
  2⤵
  PID:1752
- C:\Windows\System\ABQbwqu.exe
  C:\Windows\System\ABQbwqu.exe
  2⤵
  PID:2392
- C:\Windows\System\NFCZaKN.exe
  C:\Windows\System\NFCZaKN.exe
  2⤵
  PID:2432
- C:\Windows\System\wHtvfLS.exe
  C:\Windows\System\wHtvfLS.exe
  2⤵
  PID:2272
- C:\Windows\System\xMZIULG.exe
  C:\Windows\System\xMZIULG.exe
  2⤵
  PID:2132
- C:\Windows\System\vsioOIf.exe
  C:\Windows\System\vsioOIf.exe
  2⤵
  PID:2024
- C:\Windows\System\FJVZqVF.exe
  C:\Windows\System\FJVZqVF.exe
  2⤵
  PID:1756
- C:\Windows\System\ksvbsyB.exe
  C:\Windows\System\ksvbsyB.exe
  2⤵
  PID:2388
- C:\Windows\System\ggnEEMO.exe
  C:\Windows\System\ggnEEMO.exe
  2⤵
  PID:3060
- C:\Windows\System\DRSOcjb.exe
  C:\Windows\System\DRSOcjb.exe
  2⤵
  PID:2464
- C:\Windows\System\wNWoRqK.exe
  C:\Windows\System\wNWoRqK.exe
  2⤵
  PID:3044
- C:\Windows\System\wncZCwW.exe
  C:\Windows\System\wncZCwW.exe
  2⤵
  PID:944
- C:\Windows\System\fJbCeLw.exe
  C:\Windows\System\fJbCeLw.exe
  2⤵
  PID:1080
- C:\Windows\System\zYoJVnX.exe
  C:\Windows\System\zYoJVnX.exe
  2⤵
  PID:1696
- C:\Windows\System\sczHhBA.exe
  C:\Windows\System\sczHhBA.exe
  2⤵
  PID:2284
- C:\Windows\System\ribbaFe.exe
  C:\Windows\System\ribbaFe.exe
  2⤵
  PID:1520
- C:\Windows\System\elLhaQz.exe
  C:\Windows\System\elLhaQz.exe
  2⤵
  PID:1700
- C:\Windows\System\ZEkIQWL.exe
  C:\Windows\System\ZEkIQWL.exe
  2⤵
  PID:340
- C:\Windows\System\NjsPHOM.exe
  C:\Windows\System\NjsPHOM.exe
  2⤵
  PID:2356
- C:\Windows\System\rTIsbPm.exe
  C:\Windows\System\rTIsbPm.exe
  2⤵
  PID:2212
- C:\Windows\System\oiYrkKm.exe
  C:\Windows\System\oiYrkKm.exe
  2⤵
  PID:2416
- C:\Windows\System\sIyEjNk.exe
  C:\Windows\System\sIyEjNk.exe
  2⤵
  PID:2312
- C:\Windows\System\LhajGrR.exe
  C:\Windows\System\LhajGrR.exe
  2⤵
  PID:1000
- C:\Windows\System\TbcVYxa.exe
  C:\Windows\System\TbcVYxa.exe
  2⤵
  PID:1608
- C:\Windows\System\pawNQvR.exe
  C:\Windows\System\pawNQvR.exe
  2⤵
  PID:1836
- C:\Windows\System\qEmLjZG.exe
  C:\Windows\System\qEmLjZG.exe
  2⤵
  PID:1320
- C:\Windows\System\QQjrJoL.exe
  C:\Windows\System\QQjrJoL.exe
  2⤵
  PID:1576
- C:\Windows\System\keoSUjP.exe
  C:\Windows\System\keoSUjP.exe
  2⤵
  PID:2760
- C:\Windows\System\ienvjQp.exe
  C:\Windows\System\ienvjQp.exe
  2⤵
  PID:2756
- C:\Windows\System\DmOHreR.exe
  C:\Windows\System\DmOHreR.exe
  2⤵
  PID:2816
- C:\Windows\System\GPLiHSU.exe
  C:\Windows\System\GPLiHSU.exe
  2⤵
  PID:2828
- C:\Windows\System\gIofXYv.exe
  C:\Windows\System\gIofXYv.exe
  2⤵
  PID:2796
- C:\Windows\System\qmJRghP.exe
  C:\Windows\System\qmJRghP.exe
  2⤵
  PID:2568
- C:\Windows\System\zhxQyoj.exe
  C:\Windows\System\zhxQyoj.exe
  2⤵
  PID:2456
- C:\Windows\System\ikVMRXe.exe
  C:\Windows\System\ikVMRXe.exe
  2⤵
  PID:2440
- C:\Windows\System\qZAYiAo.exe
  C:\Windows\System\qZAYiAo.exe
  2⤵
  PID:2840
- C:\Windows\System\RbDOrOZ.exe
  C:\Windows\System\RbDOrOZ.exe
  2⤵
  PID:2852
- C:\Windows\System\IVxzJBk.exe
  C:\Windows\System\IVxzJBk.exe
  2⤵
  PID:2140
- C:\Windows\System\dwZQYpl.exe
  C:\Windows\System\dwZQYpl.exe
  2⤵
  PID:840
- C:\Windows\System\qeoIkwP.exe
  C:\Windows\System\qeoIkwP.exe
  2⤵
  PID:2732
- C:\Windows\System\pGPGQDs.exe
  C:\Windows\System\pGPGQDs.exe
  2⤵
  PID:2508
- C:\Windows\System\qINGpuN.exe
  C:\Windows\System\qINGpuN.exe
  2⤵
  PID:2940
- C:\Windows\System\YQkxgrk.exe
  C:\Windows\System\YQkxgrk.exe
  2⤵
  PID:624
- C:\Windows\System\pAWgzOQ.exe
  C:\Windows\System\pAWgzOQ.exe
  2⤵
  PID:1524
- C:\Windows\System\NVyxUyO.exe
  C:\Windows\System\NVyxUyO.exe
  2⤵
  PID:604
- C:\Windows\System\gjNYgWp.exe
  C:\Windows\System\gjNYgWp.exe
  2⤵
  PID:2232
- C:\Windows\System\oxDNnaj.exe
  C:\Windows\System\oxDNnaj.exe
  2⤵
  PID:1428
- C:\Windows\System\NBgKcge.exe
  C:\Windows\System\NBgKcge.exe
  2⤵
  PID:1732
- C:\Windows\System\ywACZSf.exe
  C:\Windows\System\ywACZSf.exe
  2⤵
  PID:1688
- C:\Windows\System\bTTLwfe.exe
  C:\Windows\System\bTTLwfe.exe
  2⤵
  PID:2004
- C:\Windows\System\UIBWHmM.exe
  C:\Windows\System\UIBWHmM.exe
  2⤵
  PID:2752
- C:\Windows\System\rmsuYyd.exe
  C:\Windows\System\rmsuYyd.exe
  2⤵
  PID:2792
- C:\Windows\System\waKnqQo.exe
  C:\Windows\System\waKnqQo.exe
  2⤵
  PID:2812
- C:\Windows\System\iAKTlpO.exe
  C:\Windows\System\iAKTlpO.exe
  2⤵
  PID:1776
- C:\Windows\System\SPQuhki.exe
  C:\Windows\System\SPQuhki.exe
  2⤵
  PID:2280
- C:\Windows\System\auvRrCO.exe
  C:\Windows\System\auvRrCO.exe
  2⤵
  PID:2984
- C:\Windows\System\IMqqSUZ.exe
  C:\Windows\System\IMqqSUZ.exe
  2⤵
  PID:2960
- C:\Windows\System\LOCHeha.exe
  C:\Windows\System\LOCHeha.exe
  2⤵
  PID:1804
- C:\Windows\System\YlJznQm.exe
  C:\Windows\System\YlJznQm.exe
  2⤵
  PID:1784
- C:\Windows\System\WgirJws.exe
  C:\Windows\System\WgirJws.exe
  2⤵
  PID:2084
- C:\Windows\System\bgLPNBU.exe
  C:\Windows\System\bgLPNBU.exe
  2⤵
  PID:2016
- C:\Windows\System\yLKKHUu.exe
  C:\Windows\System\yLKKHUu.exe
  2⤵
  PID:2824
- C:\Windows\System\uOlOXWp.exe
  C:\Windows\System\uOlOXWp.exe
  2⤵
  PID:328
- C:\Windows\System\vCDcgvh.exe
  C:\Windows\System\vCDcgvh.exe
  2⤵
  PID:2700
- C:\Windows\System\HAjSqit.exe
  C:\Windows\System\HAjSqit.exe
  2⤵
  PID:1684
- C:\Windows\System\QFVgzcD.exe
  C:\Windows\System\QFVgzcD.exe
  2⤵
  PID:1484
- C:\Windows\System\QIOPhPH.exe
  C:\Windows\System\QIOPhPH.exe
  2⤵
  PID:2628
- C:\Windows\System\GmGUcqh.exe
  C:\Windows\System\GmGUcqh.exe
  2⤵
  PID:2260
- C:\Windows\System\kEMfwyN.exe
  C:\Windows\System\kEMfwyN.exe
  2⤵
  PID:1404
- C:\Windows\System\imlGhoS.exe
  C:\Windows\System\imlGhoS.exe
  2⤵
  PID:2492
- C:\Windows\System\MHtgpAh.exe
  C:\Windows\System\MHtgpAh.exe
  2⤵
  PID:2128
- C:\Windows\System\LHPPwLa.exe
  C:\Windows\System\LHPPwLa.exe
  2⤵
  PID:3092
- C:\Windows\System\LHxVEpp.exe
  C:\Windows\System\LHxVEpp.exe
  2⤵
  PID:3112
- C:\Windows\System\RRpwXRi.exe
  C:\Windows\System\RRpwXRi.exe
  2⤵
  PID:3132
- C:\Windows\System\ugICCFy.exe
  C:\Windows\System\ugICCFy.exe
  2⤵
  PID:3152
- C:\Windows\System\lZMbELh.exe
  C:\Windows\System\lZMbELh.exe
  2⤵
  PID:3168
- C:\Windows\System\krVImtO.exe
  C:\Windows\System\krVImtO.exe
  2⤵
  PID:3196
- C:\Windows\System\EpzGXqb.exe
  C:\Windows\System\EpzGXqb.exe
  2⤵
  PID:3216
- C:\Windows\System\UmrAJTr.exe
  C:\Windows\System\UmrAJTr.exe
  2⤵
  PID:3236
- C:\Windows\System\TjKJCFL.exe
  C:\Windows\System\TjKJCFL.exe
  2⤵
  PID:3256
- C:\Windows\System\KkKaROG.exe
  C:\Windows\System\KkKaROG.exe
  2⤵
  PID:3276
- C:\Windows\System\pHfbEgG.exe
  C:\Windows\System\pHfbEgG.exe
  2⤵
  PID:3296
- C:\Windows\System\nAkHuMu.exe
  C:\Windows\System\nAkHuMu.exe
  2⤵
  PID:3316
- C:\Windows\System\vuVBgtJ.exe
  C:\Windows\System\vuVBgtJ.exe
  2⤵
  PID:3332
- C:\Windows\System\qPErDUf.exe
  C:\Windows\System\qPErDUf.exe
  2⤵
  PID:3352
- C:\Windows\System\fRuhttc.exe
  C:\Windows\System\fRuhttc.exe
  2⤵
  PID:3376
- C:\Windows\System\NgUbxiS.exe
  C:\Windows\System\NgUbxiS.exe
  2⤵
  PID:3396
- C:\Windows\System\qxpdxJJ.exe
  C:\Windows\System\qxpdxJJ.exe
  2⤵
  PID:3412
- C:\Windows\System\pwoyMqq.exe
  C:\Windows\System\pwoyMqq.exe
  2⤵
  PID:3440
- C:\Windows\System\zYWDHjn.exe
  C:\Windows\System\zYWDHjn.exe
  2⤵
  PID:3460
- C:\Windows\System\hKpMlnY.exe
  C:\Windows\System\hKpMlnY.exe
  2⤵
  PID:3480
- C:\Windows\System\xdFefmQ.exe
  C:\Windows\System\xdFefmQ.exe
  2⤵
  PID:3496
- C:\Windows\System\qYVmysH.exe
  C:\Windows\System\qYVmysH.exe
  2⤵
  PID:3520
- C:\Windows\System\PlJKdll.exe
  C:\Windows\System\PlJKdll.exe
  2⤵
  PID:3540
- C:\Windows\System\bXFBggF.exe
  C:\Windows\System\bXFBggF.exe
  2⤵
  PID:3560
- C:\Windows\System\glGCkXj.exe
  C:\Windows\System\glGCkXj.exe
  2⤵
  PID:3580
- C:\Windows\System\CDgNXAf.exe
  C:\Windows\System\CDgNXAf.exe
  2⤵
  PID:3600
- C:\Windows\System\SrTfeRO.exe
  C:\Windows\System\SrTfeRO.exe
  2⤵
  PID:3620
- C:\Windows\System\gkecMqK.exe
  C:\Windows\System\gkecMqK.exe
  2⤵
  PID:3640
- C:\Windows\System\vuuQYGS.exe
  C:\Windows\System\vuuQYGS.exe
  2⤵
  PID:3660
- C:\Windows\System\dfuNJmw.exe
  C:\Windows\System\dfuNJmw.exe
  2⤵
  PID:3680
- C:\Windows\System\QardZEz.exe
  C:\Windows\System\QardZEz.exe
  2⤵
  PID:3700
- C:\Windows\System\tOGnhCh.exe
  C:\Windows\System\tOGnhCh.exe
  2⤵
  PID:3720
- C:\Windows\System\LehmQvS.exe
  C:\Windows\System\LehmQvS.exe
  2⤵
  PID:3736
- C:\Windows\System\mpatvqp.exe
  C:\Windows\System\mpatvqp.exe
  2⤵
  PID:3756
- C:\Windows\System\AkXNKpB.exe
  C:\Windows\System\AkXNKpB.exe
  2⤵
  PID:3780
- C:\Windows\System\KaRGKKg.exe
  C:\Windows\System\KaRGKKg.exe
  2⤵
  PID:3800
- C:\Windows\System\HqiywXU.exe
  C:\Windows\System\HqiywXU.exe
  2⤵
  PID:3820
- C:\Windows\System\GhepErz.exe
  C:\Windows\System\GhepErz.exe
  2⤵
  PID:3840
- C:\Windows\System\TFKjWDn.exe
  C:\Windows\System\TFKjWDn.exe
  2⤵
  PID:3860
- C:\Windows\System\UxENriI.exe
  C:\Windows\System\UxENriI.exe
  2⤵
  PID:3880
- C:\Windows\System\RZGvNED.exe
  C:\Windows\System\RZGvNED.exe
  2⤵
  PID:3896
- C:\Windows\System\vWdaaQv.exe
  C:\Windows\System\vWdaaQv.exe
  2⤵
  PID:3920
- C:\Windows\System\LPEclVk.exe
  C:\Windows\System\LPEclVk.exe
  2⤵
  PID:3940
- C:\Windows\System\gSWDcyA.exe
  C:\Windows\System\gSWDcyA.exe
  2⤵
  PID:3960
- C:\Windows\System\nvnusfj.exe
  C:\Windows\System\nvnusfj.exe
  2⤵
  PID:3980
- C:\Windows\System\rPerEvC.exe
  C:\Windows\System\rPerEvC.exe
  2⤵
  PID:4004
- C:\Windows\System\lsQcAGn.exe
  C:\Windows\System\lsQcAGn.exe
  2⤵
  PID:4020
- C:\Windows\System\FCNWPlM.exe
  C:\Windows\System\FCNWPlM.exe
  2⤵
  PID:4040
- C:\Windows\System\rehiEHj.exe
  C:\Windows\System\rehiEHj.exe
  2⤵
  PID:4064
- C:\Windows\System\xzjMaFg.exe
  C:\Windows\System\xzjMaFg.exe
  2⤵
  PID:4084
- C:\Windows\System\lLKrnjs.exe
  C:\Windows\System\lLKrnjs.exe
  2⤵
  PID:1968
- C:\Windows\System\GezEUAH.exe
  C:\Windows\System\GezEUAH.exe
  2⤵
  PID:1820
- C:\Windows\System\ELXjKUa.exe
  C:\Windows\System\ELXjKUa.exe
  2⤵
  PID:556
- C:\Windows\System\ifOQscZ.exe
  C:\Windows\System\ifOQscZ.exe
  2⤵
  PID:2716
- C:\Windows\System\MCyGQtg.exe
  C:\Windows\System\MCyGQtg.exe
  2⤵
  PID:2784
- C:\Windows\System\ugkcErR.exe
  C:\Windows\System\ugkcErR.exe
  2⤵
  PID:2188
- C:\Windows\System\kWsCnGN.exe
  C:\Windows\System\kWsCnGN.exe
  2⤵
  PID:3084
- C:\Windows\System\nMxaLuS.exe
  C:\Windows\System\nMxaLuS.exe
  2⤵
  PID:3128
- C:\Windows\System\yJBCLrp.exe
  C:\Windows\System\yJBCLrp.exe
  2⤵
  PID:3160
- C:\Windows\System\MFhpEht.exe
  C:\Windows\System\MFhpEht.exe
  2⤵
  PID:2604
- C:\Windows\System\yRGfWoG.exe
  C:\Windows\System\yRGfWoG.exe
  2⤵
  PID:3204
- C:\Windows\System\SELOgya.exe
  C:\Windows\System\SELOgya.exe
  2⤵
  PID:3268
- C:\Windows\System\uGibKri.exe
  C:\Windows\System\uGibKri.exe
  2⤵
  PID:3312
- C:\Windows\System\UZOTMmp.exe
  C:\Windows\System\UZOTMmp.exe
  2⤵
  PID:3340
- C:\Windows\System\TUEbAtf.exe
  C:\Windows\System\TUEbAtf.exe
  2⤵
  PID:3388
- C:\Windows\System\XcdhzmA.exe
  C:\Windows\System\XcdhzmA.exe
  2⤵
  PID:3420
- C:\Windows\System\wdMEfNv.exe
  C:\Windows\System\wdMEfNv.exe
  2⤵
  PID:3432
- C:\Windows\System\MxkHRLi.exe
  C:\Windows\System\MxkHRLi.exe
  2⤵
  PID:3468
- C:\Windows\System\IXYiIpS.exe
  C:\Windows\System\IXYiIpS.exe
  2⤵
  PID:3456
- C:\Windows\System\nsDIqYC.exe
  C:\Windows\System\nsDIqYC.exe
  2⤵
  PID:3492
- C:\Windows\System\tfhuNlw.exe
  C:\Windows\System\tfhuNlw.exe
  2⤵
  PID:3552
- C:\Windows\System\UZzSxeH.exe
  C:\Windows\System\UZzSxeH.exe
  2⤵
  PID:3576
- C:\Windows\System\bmXGgtw.exe
  C:\Windows\System\bmXGgtw.exe
  2⤵
  PID:3608
- C:\Windows\System\vgSunAJ.exe
  C:\Windows\System\vgSunAJ.exe
  2⤵
  PID:3612
- C:\Windows\System\xhxDiIv.exe
  C:\Windows\System\xhxDiIv.exe
  2⤵
  PID:3676
- C:\Windows\System\QfOuDhM.exe
  C:\Windows\System\QfOuDhM.exe
  2⤵
  PID:3688
- C:\Windows\System\ipNEBRb.exe
  C:\Windows\System\ipNEBRb.exe
  2⤵
  PID:3748
- C:\Windows\System\bLwkvgV.exe
  C:\Windows\System\bLwkvgV.exe
  2⤵
  PID:3788
- C:\Windows\System\WYzlOKZ.exe
  C:\Windows\System\WYzlOKZ.exe
  2⤵
  PID:3792
- C:\Windows\System\dLdIxwg.exe
  C:\Windows\System\dLdIxwg.exe
  2⤵
  PID:3816
- C:\Windows\System\lCQcpAQ.exe
  C:\Windows\System\lCQcpAQ.exe
  2⤵
  PID:3872
- C:\Windows\System\dIySfZH.exe
  C:\Windows\System\dIySfZH.exe
  2⤵
  PID:3908
- C:\Windows\System\TRazLCt.exe
  C:\Windows\System\TRazLCt.exe
  2⤵
  PID:3956
- C:\Windows\System\fdCokGc.exe
  C:\Windows\System\fdCokGc.exe
  2⤵
  PID:3996
- C:\Windows\System\sDeLWXa.exe
  C:\Windows\System\sDeLWXa.exe
  2⤵
  PID:4036
- C:\Windows\System\wtPGtuP.exe
  C:\Windows\System\wtPGtuP.exe
  2⤵
  PID:4016
- C:\Windows\System\GlRkBYm.exe
  C:\Windows\System\GlRkBYm.exe
  2⤵
  PID:4076
- C:\Windows\System\jwSxasg.exe
  C:\Windows\System\jwSxasg.exe
  2⤵
  PID:2240
- C:\Windows\System\CdJIoCu.exe
  C:\Windows\System\CdJIoCu.exe
  2⤵
  PID:2692
- C:\Windows\System\mntoNXI.exe
  C:\Windows\System\mntoNXI.exe
  2⤵
  PID:484
- C:\Windows\System\MSKvKrr.exe
  C:\Windows\System\MSKvKrr.exe
  2⤵
  PID:2164
- C:\Windows\System\SfZnxuW.exe
  C:\Windows\System\SfZnxuW.exe
  2⤵
  PID:3104
- C:\Windows\System\HbIlmTS.exe
  C:\Windows\System\HbIlmTS.exe
  2⤵
  PID:3148
- C:\Windows\System\wLlJnri.exe
  C:\Windows\System\wLlJnri.exe
  2⤵
  PID:3264
- C:\Windows\System\QmWmYYz.exe
  C:\Windows\System\QmWmYYz.exe
  2⤵
  PID:3284
- C:\Windows\System\LMqUDZS.exe
  C:\Windows\System\LMqUDZS.exe
  2⤵
  PID:3344
- C:\Windows\System\plbDDvF.exe
  C:\Windows\System\plbDDvF.exe
  2⤵
  PID:3384
- C:\Windows\System\RzfSUJC.exe
  C:\Windows\System\RzfSUJC.exe
  2⤵
  PID:3508
- C:\Windows\System\xXeJIGv.exe
  C:\Windows\System\xXeJIGv.exe
  2⤵
  PID:3472
- C:\Windows\System\JJXfTIL.exe
  C:\Windows\System\JJXfTIL.exe
  2⤵
  PID:3528
- C:\Windows\System\IUKaCBF.exe
  C:\Windows\System\IUKaCBF.exe
  2⤵
  PID:3556
- C:\Windows\System\phlnxJG.exe
  C:\Windows\System\phlnxJG.exe
  2⤵
  PID:744
- C:\Windows\System\vBwszEZ.exe
  C:\Windows\System\vBwszEZ.exe
  2⤵
  PID:3668
- C:\Windows\System\LdeJYtn.exe
  C:\Windows\System\LdeJYtn.exe
  2⤵
  PID:3768
- C:\Windows\System\WPRcZBz.exe
  C:\Windows\System\WPRcZBz.exe
  2⤵
  PID:3836
- C:\Windows\System\IeIuZPG.exe
  C:\Windows\System\IeIuZPG.exe
  2⤵
  PID:3796
- C:\Windows\System\CIcjykw.exe
  C:\Windows\System\CIcjykw.exe
  2⤵
  PID:3856
- C:\Windows\System\QmJQxiw.exe
  C:\Windows\System\QmJQxiw.exe
  2⤵
  PID:3932
- C:\Windows\System\lMVTiqL.exe
  C:\Windows\System\lMVTiqL.exe
  2⤵
  PID:2868
- C:\Windows\System\uUGpCcB.exe
  C:\Windows\System\uUGpCcB.exe
  2⤵
  PID:4048
- C:\Windows\System\cSsAbyT.exe
  C:\Windows\System\cSsAbyT.exe
  2⤵
  PID:4072
- C:\Windows\System\XmyIBvj.exe
  C:\Windows\System\XmyIBvj.exe
  2⤵
  PID:2080
- C:\Windows\System\RwlXfho.exe
  C:\Windows\System\RwlXfho.exe
  2⤵
  PID:2556
- C:\Windows\System\sgRSkiz.exe
  C:\Windows\System\sgRSkiz.exe
  2⤵
  PID:3120
- C:\Windows\System\GjOotwO.exe
  C:\Windows\System\GjOotwO.exe
  2⤵
  PID:3208
- C:\Windows\System\UIGPpHb.exe
  C:\Windows\System\UIGPpHb.exe
  2⤵
  PID:3288
- C:\Windows\System\IiAAsOx.exe
  C:\Windows\System\IiAAsOx.exe
  2⤵
  PID:2724
- C:\Windows\System\UvmusRA.exe
  C:\Windows\System\UvmusRA.exe
  2⤵
  PID:3512
- C:\Windows\System\qcLmLuq.exe
  C:\Windows\System\qcLmLuq.exe
  2⤵
  PID:3424
- C:\Windows\System\WCrWGyr.exe
  C:\Windows\System\WCrWGyr.exe
  2⤵
  PID:3712
- C:\Windows\System\mpavwmo.exe
  C:\Windows\System\mpavwmo.exe
  2⤵
  PID:752
- C:\Windows\System\gWUkeBB.exe
  C:\Windows\System\gWUkeBB.exe
  2⤵
  PID:3772
- C:\Windows\System\nSFRfJR.exe
  C:\Windows\System\nSFRfJR.exe
  2⤵
  PID:3928
- C:\Windows\System\QRNBNKC.exe
  C:\Windows\System\QRNBNKC.exe
  2⤵
  PID:3936
- C:\Windows\System\lUqStMg.exe
  C:\Windows\System\lUqStMg.exe
  2⤵
  PID:3892
- C:\Windows\System\Kwqfkhw.exe
  C:\Windows\System\Kwqfkhw.exe
  2⤵
  PID:2468
- C:\Windows\System\OZsYKid.exe
  C:\Windows\System\OZsYKid.exe
  2⤵
  PID:1316
- C:\Windows\System\gDSUNGw.exe
  C:\Windows\System\gDSUNGw.exe
  2⤵
  PID:3124
- C:\Windows\System\zUPtCek.exe
  C:\Windows\System\zUPtCek.exe
  2⤵
  PID:3252
- C:\Windows\System\jDfgUwL.exe
  C:\Windows\System\jDfgUwL.exe
  2⤵
  PID:3392
- C:\Windows\System\LoKELMh.exe
  C:\Windows\System\LoKELMh.exe
  2⤵
  PID:3532
- C:\Windows\System\TECAndp.exe
  C:\Windows\System\TECAndp.exe
  2⤵
  PID:3652
- C:\Windows\System\uNMLsYl.exe
  C:\Windows\System\uNMLsYl.exe
  2⤵
  PID:2072
- C:\Windows\System\miwsnyj.exe
  C:\Windows\System\miwsnyj.exe
  2⤵
  PID:3752
- C:\Windows\System\voXpNEw.exe
  C:\Windows\System\voXpNEw.exe
  2⤵
  PID:1568
- C:\Windows\System\uHClinV.exe
  C:\Windows\System\uHClinV.exe
  2⤵
  PID:3188
- C:\Windows\System\YbhyhWo.exe
  C:\Windows\System\YbhyhWo.exe
  2⤵
  PID:3304
- C:\Windows\System\NzHWIXI.exe
  C:\Windows\System\NzHWIXI.exe
  2⤵
  PID:4104
- C:\Windows\System\CXTwXjl.exe
  C:\Windows\System\CXTwXjl.exe
  2⤵
  PID:4124
- C:\Windows\System\HYZhSLB.exe
  C:\Windows\System\HYZhSLB.exe
  2⤵
  PID:4144
- C:\Windows\System\DxpQjvN.exe
  C:\Windows\System\DxpQjvN.exe
  2⤵
  PID:4168
- C:\Windows\System\PgICkXl.exe
  C:\Windows\System\PgICkXl.exe
  2⤵
  PID:4188
- C:\Windows\System\ldRAemZ.exe
  C:\Windows\System\ldRAemZ.exe
  2⤵
  PID:4208
- C:\Windows\System\BqqqVXY.exe
  C:\Windows\System\BqqqVXY.exe
  2⤵
  PID:4228
- C:\Windows\System\tpIuowX.exe
  C:\Windows\System\tpIuowX.exe
  2⤵
  PID:4248
- C:\Windows\System\CjdNhVw.exe
  C:\Windows\System\CjdNhVw.exe
  2⤵
  PID:4268
- C:\Windows\System\paptvIt.exe
  C:\Windows\System\paptvIt.exe
  2⤵
  PID:4288
- C:\Windows\System\xfbSmqs.exe
  C:\Windows\System\xfbSmqs.exe
  2⤵
  PID:4308
- C:\Windows\System\hSrgGau.exe
  C:\Windows\System\hSrgGau.exe
  2⤵
  PID:4324
- C:\Windows\System\lvASRCd.exe
  C:\Windows\System\lvASRCd.exe
  2⤵
  PID:4344
- C:\Windows\System\HDQVEYx.exe
  C:\Windows\System\HDQVEYx.exe
  2⤵
  PID:4368
- C:\Windows\System\mcvfEWI.exe
  C:\Windows\System\mcvfEWI.exe
  2⤵
  PID:4388
- C:\Windows\System\MmWNbZe.exe
  C:\Windows\System\MmWNbZe.exe
  2⤵
  PID:4404
- C:\Windows\System\PsTmVnP.exe
  C:\Windows\System\PsTmVnP.exe
  2⤵
  PID:4428
- C:\Windows\System\gsEhHsi.exe
  C:\Windows\System\gsEhHsi.exe
  2⤵
  PID:4444
- C:\Windows\System\ovWRauN.exe
  C:\Windows\System\ovWRauN.exe
  2⤵
  PID:4464
- C:\Windows\System\BwGjZOb.exe
  C:\Windows\System\BwGjZOb.exe
  2⤵
  PID:4484
- C:\Windows\System\FfAHWLV.exe
  C:\Windows\System\FfAHWLV.exe
  2⤵
  PID:4508
- C:\Windows\System\lHTWxHO.exe
  C:\Windows\System\lHTWxHO.exe
  2⤵
  PID:4532
- C:\Windows\System\vuddlqS.exe
  C:\Windows\System\vuddlqS.exe
  2⤵
  PID:4552
- C:\Windows\System\fZTfwDj.exe
  C:\Windows\System\fZTfwDj.exe
  2⤵
  PID:4572
- C:\Windows\System\zXCnFRn.exe
  C:\Windows\System\zXCnFRn.exe
  2⤵
  PID:4592
- C:\Windows\System\VvsCHWK.exe
  C:\Windows\System\VvsCHWK.exe
  2⤵
  PID:4620
- C:\Windows\System\QgHWWzK.exe
  C:\Windows\System\QgHWWzK.exe
  2⤵
  PID:4640
- C:\Windows\System\juqfMyI.exe
  C:\Windows\System\juqfMyI.exe
  2⤵
  PID:4660
- C:\Windows\System\icUyOqK.exe
  C:\Windows\System\icUyOqK.exe
  2⤵
  PID:4680
- C:\Windows\System\bGjBPKT.exe
  C:\Windows\System\bGjBPKT.exe
  2⤵
  PID:4700
- C:\Windows\System\cSvHRuA.exe
  C:\Windows\System\cSvHRuA.exe
  2⤵
  PID:4720
- C:\Windows\System\jPuoLpv.exe
  C:\Windows\System\jPuoLpv.exe
  2⤵
  PID:4740
- C:\Windows\System\rAoBfNE.exe
  C:\Windows\System\rAoBfNE.exe
  2⤵
  PID:4760
- C:\Windows\System\TwAPQBF.exe
  C:\Windows\System\TwAPQBF.exe
  2⤵
  PID:4780
- C:\Windows\System\NIJEAlH.exe
  C:\Windows\System\NIJEAlH.exe
  2⤵
  PID:4800
- C:\Windows\System\CaCyIjx.exe
  C:\Windows\System\CaCyIjx.exe
  2⤵
  PID:4820
- C:\Windows\System\rZBXBcN.exe
  C:\Windows\System\rZBXBcN.exe
  2⤵
  PID:4840
- C:\Windows\System\MmWKQCP.exe
  C:\Windows\System\MmWKQCP.exe
  2⤵
  PID:4860
- C:\Windows\System\LxDSvwf.exe
  C:\Windows\System\LxDSvwf.exe
  2⤵
  PID:4880
- C:\Windows\System\jIuzliY.exe
  C:\Windows\System\jIuzliY.exe
  2⤵
  PID:4900
- C:\Windows\System\LcBuJst.exe
  C:\Windows\System\LcBuJst.exe
  2⤵
  PID:4920
- C:\Windows\System\uEpCIjr.exe
  C:\Windows\System\uEpCIjr.exe
  2⤵
  PID:4940
- C:\Windows\System\eliWkLH.exe
  C:\Windows\System\eliWkLH.exe
  2⤵
  PID:4960
- C:\Windows\System\ndAPGLJ.exe
  C:\Windows\System\ndAPGLJ.exe
  2⤵
  PID:4976
- C:\Windows\System\IbRikAt.exe
  C:\Windows\System\IbRikAt.exe
  2⤵
  PID:5000
- C:\Windows\System\drqsVIY.exe
  C:\Windows\System\drqsVIY.exe
  2⤵
  PID:5020
- C:\Windows\System\sliqAna.exe
  C:\Windows\System\sliqAna.exe
  2⤵
  PID:5044
- C:\Windows\System\UJRYMRb.exe
  C:\Windows\System\UJRYMRb.exe
  2⤵
  PID:5064
- C:\Windows\System\FbJSvhF.exe
  C:\Windows\System\FbJSvhF.exe
  2⤵
  PID:5084
- C:\Windows\System\TWFdZZz.exe
  C:\Windows\System\TWFdZZz.exe
  2⤵
  PID:5104
- C:\Windows\System\FeCJYUH.exe
  C:\Windows\System\FeCJYUH.exe
  2⤵
  PID:3232
- C:\Windows\System\SXhzUdB.exe
  C:\Windows\System\SXhzUdB.exe
  2⤵
  PID:992
- C:\Windows\System\BUUVpSg.exe
  C:\Windows\System\BUUVpSg.exe
  2⤵
  PID:3912
- C:\Windows\System\LxAANeA.exe
  C:\Windows\System\LxAANeA.exe
  2⤵
  PID:2096
- C:\Windows\System\aaxyBAU.exe
  C:\Windows\System\aaxyBAU.exe
  2⤵
  PID:2624
- C:\Windows\System\nBknScY.exe
  C:\Windows\System\nBknScY.exe
  2⤵
  PID:3328
- C:\Windows\System\hUyGoZh.exe
  C:\Windows\System\hUyGoZh.exe
  2⤵
  PID:2540
- C:\Windows\System\wsoesoF.exe
  C:\Windows\System\wsoesoF.exe
  2⤵
  PID:4140
- C:\Windows\System\vRBHEcT.exe
  C:\Windows\System\vRBHEcT.exe
  2⤵
  PID:4184
- C:\Windows\System\GLTwcqF.exe
  C:\Windows\System\GLTwcqF.exe
  2⤵
  PID:4204
- C:\Windows\System\PklOVGa.exe
  C:\Windows\System\PklOVGa.exe
  2⤵
  PID:4244
- C:\Windows\System\GjQUYMX.exe
  C:\Windows\System\GjQUYMX.exe
  2⤵
  PID:4276
- C:\Windows\System\OWJSILI.exe
  C:\Windows\System\OWJSILI.exe
  2⤵
  PID:4280
- C:\Windows\System\uChFJiY.exe
  C:\Windows\System\uChFJiY.exe
  2⤵
  PID:4376
- C:\Windows\System\scPYHiT.exe
  C:\Windows\System\scPYHiT.exe
  2⤵
  PID:4320
- C:\Windows\System\mKJbWbd.exe
  C:\Windows\System\mKJbWbd.exe
  2⤵
  PID:4424
- C:\Windows\System\ezuyghS.exe
  C:\Windows\System\ezuyghS.exe
  2⤵
  PID:4460
- C:\Windows\System\vQUhFLe.exe
  C:\Windows\System\vQUhFLe.exe
  2⤵
  PID:4496
- C:\Windows\System\WWThKnm.exe
  C:\Windows\System\WWThKnm.exe
  2⤵
  PID:4480
- C:\Windows\System\FoyfYbZ.exe
  C:\Windows\System\FoyfYbZ.exe
  2⤵
  PID:4548
- C:\Windows\System\eNWtaZN.exe
  C:\Windows\System\eNWtaZN.exe
  2⤵
  PID:4564
- C:\Windows\System\CKmABMV.exe
  C:\Windows\System\CKmABMV.exe
  2⤵
  PID:2216
- C:\Windows\System\bTGXdQk.exe
  C:\Windows\System\bTGXdQk.exe
  2⤵
  PID:4632
- C:\Windows\System\evksAQi.exe
  C:\Windows\System\evksAQi.exe
  2⤵
  PID:4676
- C:\Windows\System\kGHVaVo.exe
  C:\Windows\System\kGHVaVo.exe
  2⤵
  PID:4692
- C:\Windows\System\NdnjHPn.exe
  C:\Windows\System\NdnjHPn.exe
  2⤵
  PID:4748
- C:\Windows\System\pBtMiIM.exe
  C:\Windows\System\pBtMiIM.exe
  2⤵
  PID:4768
- C:\Windows\System\ogTBpzJ.exe
  C:\Windows\System\ogTBpzJ.exe
  2⤵
  PID:4772
- C:\Windows\System\HxoZjiy.exe
  C:\Windows\System\HxoZjiy.exe
  2⤵
  PID:4836
- C:\Windows\System\uyEZUxR.exe
  C:\Windows\System\uyEZUxR.exe
  2⤵
  PID:4868
- C:\Windows\System\NgzvkHj.exe
  C:\Windows\System\NgzvkHj.exe
  2⤵
  PID:4888
- C:\Windows\System\XTpscPK.exe
  C:\Windows\System\XTpscPK.exe
  2⤵
  PID:4948
- C:\Windows\System\TORyBGc.exe
  C:\Windows\System\TORyBGc.exe
  2⤵
  PID:4984
- C:\Windows\System\SOcihvq.exe
  C:\Windows\System\SOcihvq.exe
  2⤵
  PID:4992
- C:\Windows\System\dTStyVO.exe
  C:\Windows\System\dTStyVO.exe
  2⤵
  PID:5036
- C:\Windows\System\mrWBJXU.exe
  C:\Windows\System\mrWBJXU.exe
  2⤵
  PID:5060
- C:\Windows\System\PVFbNpL.exe
  C:\Windows\System\PVFbNpL.exe
  2⤵
  PID:5092
- C:\Windows\System\qUEagah.exe
  C:\Windows\System\qUEagah.exe
  2⤵
  PID:3868
- C:\Windows\System\DpCvokT.exe
  C:\Windows\System\DpCvokT.exe
  2⤵
  PID:580
- C:\Windows\System\QrKkeTX.exe
  C:\Windows\System\QrKkeTX.exe
  2⤵
  PID:1288
- C:\Windows\System\EkRpEJt.exe
  C:\Windows\System\EkRpEJt.exe
  2⤵
  PID:4152
- C:\Windows\System\YQNOjNF.exe
  C:\Windows\System\YQNOjNF.exe
  2⤵
  PID:2848
- C:\Windows\System\vgfXQRH.exe
  C:\Windows\System\vgfXQRH.exe
  2⤵
  PID:1624
- C:\Windows\System\YbRFBXc.exe
  C:\Windows\System\YbRFBXc.exe
  2⤵
  PID:4220
- C:\Windows\System\keHanMG.exe
  C:\Windows\System\keHanMG.exe
  2⤵
  PID:4300
- C:\Windows\System\EhprwWH.exe
  C:\Windows\System\EhprwWH.exe
  2⤵
  PID:4316
- C:\Windows\System\xobfcUL.exe
  C:\Windows\System\xobfcUL.exe
  2⤵
  PID:4400
- C:\Windows\System\mlLMzhv.exe
  C:\Windows\System\mlLMzhv.exe
  2⤵
  PID:4500
- C:\Windows\System\mBrvxpa.exe
  C:\Windows\System\mBrvxpa.exe
  2⤵
  PID:5040
- C:\Windows\System\xPgVfTo.exe
  C:\Windows\System\xPgVfTo.exe
  2⤵
  PID:4540
- C:\Windows\System\LSkrtVr.exe
  C:\Windows\System\LSkrtVr.exe
  2⤵
  PID:4604
- C:\Windows\System\wwxULDu.exe
  C:\Windows\System\wwxULDu.exe
  2⤵
  PID:4652
- C:\Windows\System\uETKjyC.exe
  C:\Windows\System\uETKjyC.exe
  2⤵
  PID:4732
- C:\Windows\System\eiZWuQQ.exe
  C:\Windows\System\eiZWuQQ.exe
  2⤵
  PID:4728
- C:\Windows\System\WtvGBdv.exe
  C:\Windows\System\WtvGBdv.exe
  2⤵
  PID:4776
- C:\Windows\System\QlHNQcJ.exe
  C:\Windows\System\QlHNQcJ.exe
  2⤵
  PID:4852
- C:\Windows\System\VABPlOH.exe
  C:\Windows\System\VABPlOH.exe
  2⤵
  PID:4932
- C:\Windows\System\swIeZBU.exe
  C:\Windows\System\swIeZBU.exe
  2⤵
  PID:5016
- C:\Windows\System\nTUapqX.exe
  C:\Windows\System\nTUapqX.exe
  2⤵
  PID:5056
- C:\Windows\System\sxDuilV.exe
  C:\Windows\System\sxDuilV.exe
  2⤵
  PID:5112
- C:\Windows\System\kAhUTKG.exe
  C:\Windows\System\kAhUTKG.exe
  2⤵
  PID:1940
- C:\Windows\System\LYrTfJO.exe
  C:\Windows\System\LYrTfJO.exe
  2⤵
  PID:3992
- C:\Windows\System\nKcCDZI.exe
  C:\Windows\System\nKcCDZI.exe
  2⤵
  PID:3656
- C:\Windows\System\JLVqGDW.exe
  C:\Windows\System\JLVqGDW.exe
  2⤵
  PID:4116
- C:\Windows\System\jGqAOCs.exe
  C:\Windows\System\jGqAOCs.exe
  2⤵
  PID:4216
- C:\Windows\System\qnFpYdy.exe
  C:\Windows\System\qnFpYdy.exe
  2⤵
  PID:4452
- C:\Windows\System\GgCHzNK.exe
  C:\Windows\System\GgCHzNK.exe
  2⤵
  PID:4472
- C:\Windows\System\ZUyyKmi.exe
  C:\Windows\System\ZUyyKmi.exe
  2⤵
  PID:4412
- C:\Windows\System\igYpPZy.exe
  C:\Windows\System\igYpPZy.exe
  2⤵
  PID:4656
- C:\Windows\System\wlyEZmA.exe
  C:\Windows\System\wlyEZmA.exe
  2⤵
  PID:4568
- C:\Windows\System\SbbEuDn.exe
  C:\Windows\System\SbbEuDn.exe
  2⤵
  PID:4816
- C:\Windows\System\IEWQCrP.exe
  C:\Windows\System\IEWQCrP.exe
  2⤵
  PID:4952
- C:\Windows\System\sEFRnTC.exe
  C:\Windows\System\sEFRnTC.exe
  2⤵
  PID:4912
- C:\Windows\System\JdGTlmS.exe
  C:\Windows\System\JdGTlmS.exe
  2⤵
  PID:4972
- C:\Windows\System\COOtTwi.exe
  C:\Windows\System\COOtTwi.exe
  2⤵
  PID:5072
- C:\Windows\System\akChFnm.exe
  C:\Windows\System\akChFnm.exe
  2⤵
  PID:2328
- C:\Windows\System\OEDfmlJ.exe
  C:\Windows\System\OEDfmlJ.exe
  2⤵
  PID:4284
- C:\Windows\System\wfbgHjM.exe
  C:\Windows\System\wfbgHjM.exe
  2⤵
  PID:4196
- C:\Windows\System\DboFpIZ.exe
  C:\Windows\System\DboFpIZ.exe
  2⤵
  PID:4352
- C:\Windows\System\hVnioCT.exe
  C:\Windows\System\hVnioCT.exe
  2⤵
  PID:4584
- C:\Windows\System\mtljZfO.exe
  C:\Windows\System\mtljZfO.exe
  2⤵
  PID:4608
- C:\Windows\System\mbsrMes.exe
  C:\Windows\System\mbsrMes.exe
  2⤵
  PID:4736
- C:\Windows\System\zTeJcmB.exe
  C:\Windows\System\zTeJcmB.exe
  2⤵
  PID:4752
- C:\Windows\System\WxsIdwk.exe
  C:\Windows\System\WxsIdwk.exe
  2⤵
  PID:3568
- C:\Windows\System\fRGFIVZ.exe
  C:\Windows\System\fRGFIVZ.exe
  2⤵
  PID:5136
- C:\Windows\System\jmSQBAf.exe
  C:\Windows\System\jmSQBAf.exe
  2⤵
  PID:5156
- C:\Windows\System\BKUUIgw.exe
  C:\Windows\System\BKUUIgw.exe
  2⤵
  PID:5176
- C:\Windows\System\hMHQGDV.exe
  C:\Windows\System\hMHQGDV.exe
  2⤵
  PID:5196
- C:\Windows\System\LIouxlf.exe
  C:\Windows\System\LIouxlf.exe
  2⤵
  PID:5216
- C:\Windows\System\wlrrcfy.exe
  C:\Windows\System\wlrrcfy.exe
  2⤵
  PID:5236
- C:\Windows\System\bDRbXhR.exe
  C:\Windows\System\bDRbXhR.exe
  2⤵
  PID:5256
- C:\Windows\System\JLtIxKo.exe
  C:\Windows\System\JLtIxKo.exe
  2⤵
  PID:5276
- C:\Windows\System\rhYZSEC.exe
  C:\Windows\System\rhYZSEC.exe
  2⤵
  PID:5296
- C:\Windows\System\VMYEEFb.exe
  C:\Windows\System\VMYEEFb.exe
  2⤵
  PID:5316
- C:\Windows\System\HBQvuPK.exe
  C:\Windows\System\HBQvuPK.exe
  2⤵
  PID:5336
- C:\Windows\System\JejfbVs.exe
  C:\Windows\System\JejfbVs.exe
  2⤵
  PID:5356
- C:\Windows\System\jvdiWSm.exe
  C:\Windows\System\jvdiWSm.exe
  2⤵
  PID:5376
- C:\Windows\System\JbtPJui.exe
  C:\Windows\System\JbtPJui.exe
  2⤵
  PID:5396
- C:\Windows\System\cTfwuhs.exe
  C:\Windows\System\cTfwuhs.exe
  2⤵
  PID:5416
- C:\Windows\System\UkjzwiK.exe
  C:\Windows\System\UkjzwiK.exe
  2⤵
  PID:5436
- C:\Windows\System\lrQTUjB.exe
  C:\Windows\System\lrQTUjB.exe
  2⤵
  PID:5456
- C:\Windows\System\KBzAOeX.exe
  C:\Windows\System\KBzAOeX.exe
  2⤵
  PID:5476
- C:\Windows\System\zdEKlwv.exe
  C:\Windows\System\zdEKlwv.exe
  2⤵
  PID:5496
- C:\Windows\System\JbXbWTl.exe
  C:\Windows\System\JbXbWTl.exe
  2⤵
  PID:5516
- C:\Windows\System\BCBnwcz.exe
  C:\Windows\System\BCBnwcz.exe
  2⤵
  PID:5536
- C:\Windows\System\FeHxHeg.exe
  C:\Windows\System\FeHxHeg.exe
  2⤵
  PID:5556
- C:\Windows\System\dgtwCyD.exe
  C:\Windows\System\dgtwCyD.exe
  2⤵
  PID:5576
- C:\Windows\System\qlroxMZ.exe
  C:\Windows\System\qlroxMZ.exe
  2⤵
  PID:5596
- C:\Windows\System\nTPaKNu.exe
  C:\Windows\System\nTPaKNu.exe
  2⤵
  PID:5616
- C:\Windows\System\TpCgHKu.exe
  C:\Windows\System\TpCgHKu.exe
  2⤵
  PID:5636
- C:\Windows\System\ZOuwPfJ.exe
  C:\Windows\System\ZOuwPfJ.exe
  2⤵
  PID:5656
- C:\Windows\System\QibmCLI.exe
  C:\Windows\System\QibmCLI.exe
  2⤵
  PID:5676
- C:\Windows\System\QrPFxJo.exe
  C:\Windows\System\QrPFxJo.exe
  2⤵
  PID:5696
- C:\Windows\System\nBsGyAR.exe
  C:\Windows\System\nBsGyAR.exe
  2⤵
  PID:5716
- C:\Windows\System\pXLbdFz.exe
  C:\Windows\System\pXLbdFz.exe
  2⤵
  PID:5736
- C:\Windows\System\aAamqcF.exe
  C:\Windows\System\aAamqcF.exe
  2⤵
  PID:5756
- C:\Windows\System\oIXbGTS.exe
  C:\Windows\System\oIXbGTS.exe
  2⤵
  PID:5776
- C:\Windows\System\OqVsdSE.exe
  C:\Windows\System\OqVsdSE.exe
  2⤵
  PID:5796
- C:\Windows\System\nxuVrLV.exe
  C:\Windows\System\nxuVrLV.exe
  2⤵
  PID:5816
- C:\Windows\System\ZqaKYTx.exe
  C:\Windows\System\ZqaKYTx.exe
  2⤵
  PID:5836
- C:\Windows\System\xolAeqa.exe
  C:\Windows\System\xolAeqa.exe
  2⤵
  PID:5856
- C:\Windows\System\UXAfZxb.exe
  C:\Windows\System\UXAfZxb.exe
  2⤵
  PID:5876
- C:\Windows\System\tLKcfxr.exe
  C:\Windows\System\tLKcfxr.exe
  2⤵
  PID:5896
- C:\Windows\System\YVlbNrO.exe
  C:\Windows\System\YVlbNrO.exe
  2⤵
  PID:5916
- C:\Windows\System\HWLyXwV.exe
  C:\Windows\System\HWLyXwV.exe
  2⤵
  PID:5936
- C:\Windows\System\OhimMQY.exe
  C:\Windows\System\OhimMQY.exe
  2⤵
  PID:5956
- C:\Windows\System\xeQymJv.exe
  C:\Windows\System\xeQymJv.exe
  2⤵
  PID:5976
- C:\Windows\System\aUEIxkK.exe
  C:\Windows\System\aUEIxkK.exe
  2⤵
  PID:5996
- C:\Windows\System\JkCKPck.exe
  C:\Windows\System\JkCKPck.exe
  2⤵
  PID:6016
- C:\Windows\System\pCgkQLK.exe
  C:\Windows\System\pCgkQLK.exe
  2⤵
  PID:6032
- C:\Windows\System\qZHQGKN.exe
  C:\Windows\System\qZHQGKN.exe
  2⤵
  PID:6052
- C:\Windows\System\vpJYWFM.exe
  C:\Windows\System\vpJYWFM.exe
  2⤵
  PID:6072
- C:\Windows\System\SfTRtbN.exe
  C:\Windows\System\SfTRtbN.exe
  2⤵
  PID:6092
- C:\Windows\System\SHCkPUz.exe
  C:\Windows\System\SHCkPUz.exe
  2⤵
  PID:6108
- C:\Windows\System\FwCIDch.exe
  C:\Windows\System\FwCIDch.exe
  2⤵
  PID:6128
- C:\Windows\System\fAHwMYC.exe
  C:\Windows\System\fAHwMYC.exe
  2⤵
  PID:1260
- C:\Windows\System\laUrRxc.exe
  C:\Windows\System\laUrRxc.exe
  2⤵
  PID:4012
- C:\Windows\System\rTRnfMm.exe
  C:\Windows\System\rTRnfMm.exe
  2⤵
  PID:2844
- C:\Windows\System\kgeNSgB.exe
  C:\Windows\System\kgeNSgB.exe
  2⤵
  PID:2400
- C:\Windows\System\mMpyhTJ.exe
  C:\Windows\System\mMpyhTJ.exe
  2⤵
  PID:4848
- C:\Windows\System\zrhWRVw.exe
  C:\Windows\System\zrhWRVw.exe
  2⤵
  PID:5052
- C:\Windows\System\OrGFYcX.exe
  C:\Windows\System\OrGFYcX.exe
  2⤵
  PID:5152
- C:\Windows\System\TpqGlzq.exe
  C:\Windows\System\TpqGlzq.exe
  2⤵
  PID:5168
- C:\Windows\System\zUznwPm.exe
  C:\Windows\System\zUznwPm.exe
  2⤵
  PID:5188
- C:\Windows\System\mIVeFRr.exe
  C:\Windows\System\mIVeFRr.exe
  2⤵
  PID:5232
- C:\Windows\System\PTCmQSw.exe
  C:\Windows\System\PTCmQSw.exe
  2⤵
  PID:5248
- C:\Windows\System\HQECSCS.exe
  C:\Windows\System\HQECSCS.exe
  2⤵
  PID:1132
- C:\Windows\System\LMPRBgT.exe
  C:\Windows\System\LMPRBgT.exe
  2⤵
  PID:5312
- C:\Windows\System\ydqnOHV.exe
  C:\Windows\System\ydqnOHV.exe
  2⤵
  PID:5328
- C:\Windows\System\xPjkDgs.exe
  C:\Windows\System\xPjkDgs.exe
  2⤵
  PID:1908
- C:\Windows\System\HrZoKTz.exe
  C:\Windows\System\HrZoKTz.exe
  2⤵
  PID:5408
- C:\Windows\System\vNFFpTa.exe
  C:\Windows\System\vNFFpTa.exe
  2⤵
  PID:5452
- C:\Windows\System\IEDKjJa.exe
  C:\Windows\System\IEDKjJa.exe
  2⤵
  PID:640
- C:\Windows\System\pAStKNj.exe
  C:\Windows\System\pAStKNj.exe
  2⤵
  PID:5488
- C:\Windows\System\EVdolDs.exe
  C:\Windows\System\EVdolDs.exe
  2⤵
  PID:5504
- C:\Windows\System\vjkmUOW.exe
  C:\Windows\System\vjkmUOW.exe
  2⤵
  PID:5528
- C:\Windows\System\mGYGSlD.exe
  C:\Windows\System\mGYGSlD.exe
  2⤵
  PID:5552
- C:\Windows\System\tcqqXsx.exe
  C:\Windows\System\tcqqXsx.exe
  2⤵
  PID:5584
- C:\Windows\System\KNfXmLA.exe
  C:\Windows\System\KNfXmLA.exe
  2⤵
  PID:2944
- C:\Windows\System\ZJUANoU.exe
  C:\Windows\System\ZJUANoU.exe
  2⤵
  PID:2616
- C:\Windows\System\wWiiSmw.exe
  C:\Windows\System\wWiiSmw.exe
  2⤵
  PID:5664
- C:\Windows\System\rxVgmvs.exe
  C:\Windows\System\rxVgmvs.exe
  2⤵
  PID:3916
- C:\Windows\System\RAxJrTo.exe
  C:\Windows\System\RAxJrTo.exe
  2⤵
  PID:5688
- C:\Windows\System\ikpdBac.exe
  C:\Windows\System\ikpdBac.exe
  2⤵
  PID:5712
- C:\Windows\System\VuisVuJ.exe
  C:\Windows\System\VuisVuJ.exe
  2⤵
  PID:5768
- C:\Windows\System\CQQugaA.exe
  C:\Windows\System\CQQugaA.exe
  2⤵
  PID:5804
- C:\Windows\System\gILEGMq.exe
  C:\Windows\System\gILEGMq.exe
  2⤵
  PID:5788
- C:\Windows\System\VXRLTFZ.exe
  C:\Windows\System\VXRLTFZ.exe
  2⤵
  PID:5844
- C:\Windows\System\SXuQgPR.exe
  C:\Windows\System\SXuQgPR.exe
  2⤵
  PID:5864
- C:\Windows\System\AgiVXdw.exe
  C:\Windows\System\AgiVXdw.exe
  2⤵
  PID:2320
- C:\Windows\System\bkLSdxA.exe
  C:\Windows\System\bkLSdxA.exe
  2⤵
  PID:5932
- C:\Windows\System\BpsaVaq.exe
  C:\Windows\System\BpsaVaq.exe
  2⤵
  PID:5908
- C:\Windows\System\EIDLVYI.exe
  C:\Windows\System\EIDLVYI.exe
  2⤵
  PID:5952
- C:\Windows\System\ScAKufh.exe
  C:\Windows\System\ScAKufh.exe
  2⤵
  PID:5968
- C:\Windows\System\BTcYNqu.exe
  C:\Windows\System\BTcYNqu.exe
  2⤵
  PID:1552
- C:\Windows\System\NTNZiCq.exe
  C:\Windows\System\NTNZiCq.exe
  2⤵
  PID:3028
- C:\Windows\System\njcSQSu.exe
  C:\Windows\System\njcSQSu.exe
  2⤵
  PID:6048
- C:\Windows\System\ECtoKUw.exe
  C:\Windows\System\ECtoKUw.exe
  2⤵
  PID:6088
- C:\Windows\System\yRpZiCx.exe
  C:\Windows\System\yRpZiCx.exe
  2⤵
  PID:6120
- C:\Windows\System\reoOyBw.exe
  C:\Windows\System\reoOyBw.exe
  2⤵
  PID:4416
- C:\Windows\System\wbnRnCX.exe
  C:\Windows\System\wbnRnCX.exe
  2⤵
  PID:4528
- C:\Windows\System\Gpbtnoj.exe
  C:\Windows\System\Gpbtnoj.exe
  2⤵
  PID:3596
- C:\Windows\System\LTzCchq.exe
  C:\Windows\System\LTzCchq.exe
  2⤵
  PID:5128
- C:\Windows\System\gLkQMhW.exe
  C:\Windows\System\gLkQMhW.exe
  2⤵
  PID:2204
- C:\Windows\System\qjKoYGA.exe
  C:\Windows\System\qjKoYGA.exe
  2⤵
  PID:948
- C:\Windows\System\nvnBlwZ.exe
  C:\Windows\System\nvnBlwZ.exe
  2⤵
  PID:5224
- C:\Windows\System\VDgPRfw.exe
  C:\Windows\System\VDgPRfw.exe
  2⤵
  PID:5352
- C:\Windows\System\kvtiDcq.exe
  C:\Windows\System\kvtiDcq.exe
  2⤵
  PID:5272
- C:\Windows\System\RNgpfPl.exe
  C:\Windows\System\RNgpfPl.exe
  2⤵
  PID:5332
- C:\Windows\System\GYekgYe.exe
  C:\Windows\System\GYekgYe.exe
  2⤵
  PID:5412
- C:\Windows\System\pBWZgxp.exe
  C:\Windows\System\pBWZgxp.exe
  2⤵
  PID:5604
- C:\Windows\System\pdWcASR.exe
  C:\Windows\System\pdWcASR.exe
  2⤵
  PID:5492
- C:\Windows\System\oEhLzHk.exe
  C:\Windows\System\oEhLzHk.exe
  2⤵
  PID:2976
- C:\Windows\System\SCSEFED.exe
  C:\Windows\System\SCSEFED.exe
  2⤵
  PID:5628
- C:\Windows\System\NlgxVNO.exe
  C:\Windows\System\NlgxVNO.exe
  2⤵
  PID:2968
- C:\Windows\System\CsOJdlK.exe
  C:\Windows\System\CsOJdlK.exe
  2⤵
  PID:5744
- C:\Windows\System\MppPTEa.exe
  C:\Windows\System\MppPTEa.exe
  2⤵
  PID:2528
- C:\Windows\System\xfPPYGu.exe
  C:\Windows\System\xfPPYGu.exe
  2⤵
  PID:5784
- C:\Windows\System\wUCgOKG.exe
  C:\Windows\System\wUCgOKG.exe
  2⤵
  PID:5892
- C:\Windows\System\EokBvGX.exe
  C:\Windows\System\EokBvGX.exe
  2⤵
  PID:5904
- C:\Windows\System\WpwLtUF.exe
  C:\Windows\System\WpwLtUF.exe
  2⤵
  PID:2176
- C:\Windows\System\DiDUaIf.exe
  C:\Windows\System\DiDUaIf.exe
  2⤵
  PID:2964
- C:\Windows\System\laCyhqc.exe
  C:\Windows\System\laCyhqc.exe
  2⤵
  PID:1368
- C:\Windows\System\mBTJMSv.exe
  C:\Windows\System\mBTJMSv.exe
  2⤵
  PID:1980
- C:\Windows\System\wWKtlDx.exe
  C:\Windows\System\wWKtlDx.exe
  2⤵
  PID:6028
- C:\Windows\System\aoTyoVC.exe
  C:\Windows\System\aoTyoVC.exe
  2⤵
  PID:4828
- C:\Windows\System\TAnudOg.exe
  C:\Windows\System\TAnudOg.exe
  2⤵
  PID:6104
- C:\Windows\System\XbwIIeT.exe
  C:\Windows\System\XbwIIeT.exe
  2⤵
  PID:4696
- C:\Windows\System\zFzpPLG.exe
  C:\Windows\System\zFzpPLG.exe
  2⤵
  PID:5172
- C:\Windows\System\rThvwZt.exe
  C:\Windows\System\rThvwZt.exe
  2⤵
  PID:5288
- C:\Windows\System\hiedRpo.exe
  C:\Windows\System\hiedRpo.exe
  2⤵
  PID:5368
- C:\Windows\System\FCNZjBZ.exe
  C:\Windows\System\FCNZjBZ.exe
  2⤵
  PID:5144
- C:\Windows\System\fkFddvg.exe
  C:\Windows\System\fkFddvg.exe
  2⤵
  PID:5524
- C:\Windows\System\YHujQwx.exe
  C:\Windows\System\YHujQwx.exe
  2⤵
  PID:5464
- C:\Windows\System\fyqkeDC.exe
  C:\Windows\System\fyqkeDC.exe
  2⤵
  PID:5484
- C:\Windows\System\EKPXUJA.exe
  C:\Windows\System\EKPXUJA.exe
  2⤵
  PID:5372
- C:\Windows\System\wmTSjVd.exe
  C:\Windows\System\wmTSjVd.exe
  2⤵
  PID:5732
- C:\Windows\System\NwxbJod.exe
  C:\Windows\System\NwxbJod.exe
  2⤵
  PID:988
- C:\Windows\System\jkdpwgo.exe
  C:\Windows\System\jkdpwgo.exe
  2⤵
  PID:5884
- C:\Windows\System\eWNUZCB.exe
  C:\Windows\System\eWNUZCB.exe
  2⤵
  PID:5988
- C:\Windows\System\jXUoTPO.exe
  C:\Windows\System\jXUoTPO.exe
  2⤵
  PID:6100
- C:\Windows\System\SqqsIsb.exe
  C:\Windows\System\SqqsIsb.exe
  2⤵
  PID:5124
- C:\Windows\System\ZvQdtDD.exe
  C:\Windows\System\ZvQdtDD.exe
  2⤵
  PID:5392
- C:\Windows\System\oUIqBhF.exe
  C:\Windows\System\oUIqBhF.exe
  2⤵
  PID:5608
- C:\Windows\System\NfawpeC.exe
  C:\Windows\System\NfawpeC.exe
  2⤵
  PID:5228
- C:\Windows\System\jHKDrKc.exe
  C:\Windows\System\jHKDrKc.exe
  2⤵
  PID:5284
- C:\Windows\System\JsanIYa.exe
  C:\Windows\System\JsanIYa.exe
  2⤵
  PID:5992
- C:\Windows\System\hWYJByC.exe
  C:\Windows\System\hWYJByC.exe
  2⤵
  PID:536
- C:\Windows\System\Fhkmqkr.exe
  C:\Windows\System\Fhkmqkr.exe
  2⤵
  PID:5848
- C:\Windows\System\bZmerbZ.exe
  C:\Windows\System\bZmerbZ.exe
  2⤵
  PID:3436
- C:\Windows\System\NcYdVHZ.exe
  C:\Windows\System\NcYdVHZ.exe
  2⤵
  PID:5116
- C:\Windows\System\PfdRoRX.exe
  C:\Windows\System\PfdRoRX.exe
  2⤵
  PID:5324
- C:\Windows\System\cZlwpKe.exe
  C:\Windows\System\cZlwpKe.exe
  2⤵
  PID:5944
- C:\Windows\System\mzMnwiW.exe
  C:\Windows\System\mzMnwiW.exe
  2⤵
  PID:5692
- C:\Windows\System\rVtOlnm.exe
  C:\Windows\System\rVtOlnm.exe
  2⤵
  PID:4520
- C:\Windows\System\QAyrKQe.exe
  C:\Windows\System\QAyrKQe.exe
  2⤵
  PID:5404
- C:\Windows\System\EdjVhBf.exe
  C:\Windows\System\EdjVhBf.exe
  2⤵
  PID:5772
- C:\Windows\System\eUACrkA.exe
  C:\Windows\System\eUACrkA.exe
  2⤵
  PID:5428
- C:\Windows\System\JJHfFdv.exe
  C:\Windows\System\JJHfFdv.exe
  2⤵
  PID:5912
- C:\Windows\System\ZkcdrAd.exe
  C:\Windows\System\ZkcdrAd.exe
  2⤵
  PID:6008
- C:\Windows\System\aqCjFeE.exe
  C:\Windows\System\aqCjFeE.exe
  2⤵
  PID:6024
- C:\Windows\System\LcFTOWA.exe
  C:\Windows\System\LcFTOWA.exe
  2⤵
  PID:6152
- C:\Windows\System\CKDwAyY.exe
  C:\Windows\System\CKDwAyY.exe
  2⤵
  PID:6168
- C:\Windows\System\ePEtmuL.exe
  C:\Windows\System\ePEtmuL.exe
  2⤵
  PID:6184
- C:\Windows\System\nveYsza.exe
  C:\Windows\System\nveYsza.exe
  2⤵
  PID:6200
- C:\Windows\System\TJPZfHu.exe
  C:\Windows\System\TJPZfHu.exe
  2⤵
  PID:6216
- C:\Windows\System\xLqnorz.exe
  C:\Windows\System\xLqnorz.exe
  2⤵
  PID:6232
- C:\Windows\System\fJNCOsR.exe
  C:\Windows\System\fJNCOsR.exe
  2⤵
  PID:6248
- C:\Windows\System\bIhLuqf.exe
  C:\Windows\System\bIhLuqf.exe
  2⤵
  PID:6264
- C:\Windows\System\sWqHWxw.exe
  C:\Windows\System\sWqHWxw.exe
  2⤵
  PID:6280
- C:\Windows\System\nzxvsfT.exe
  C:\Windows\System\nzxvsfT.exe
  2⤵
  PID:6296
- C:\Windows\System\izCtAqW.exe
  C:\Windows\System\izCtAqW.exe
  2⤵
  PID:6316
- C:\Windows\System\KAyWkxy.exe
  C:\Windows\System\KAyWkxy.exe
  2⤵
  PID:6340
- C:\Windows\System\TlsNSog.exe
  C:\Windows\System\TlsNSog.exe
  2⤵
  PID:6360
- C:\Windows\System\YOlbMRM.exe
  C:\Windows\System\YOlbMRM.exe
  2⤵
  PID:6400
- C:\Windows\System\AyZcYaF.exe
  C:\Windows\System\AyZcYaF.exe
  2⤵
  PID:6420
- C:\Windows\System\LulnlJH.exe
  C:\Windows\System\LulnlJH.exe
  2⤵
  PID:6456
- C:\Windows\System\eGYZvKx.exe
  C:\Windows\System\eGYZvKx.exe
  2⤵
  PID:6472
- C:\Windows\System\eyNXkKs.exe
  C:\Windows\System\eyNXkKs.exe
  2⤵
  PID:6492
- C:\Windows\System\hFYlmFH.exe
  C:\Windows\System\hFYlmFH.exe
  2⤵
  PID:6508
- C:\Windows\System\AcHRfaE.exe
  C:\Windows\System\AcHRfaE.exe
  2⤵
  PID:6524
- C:\Windows\System\ElCZTwV.exe
  C:\Windows\System\ElCZTwV.exe
  2⤵
  PID:6544
- C:\Windows\System\wFsDlAP.exe
  C:\Windows\System\wFsDlAP.exe
  2⤵
  PID:6564
- C:\Windows\System\vpsnyDx.exe
  C:\Windows\System\vpsnyDx.exe
  2⤵
  PID:6588
- C:\Windows\System\trVXkQH.exe
  C:\Windows\System\trVXkQH.exe
  2⤵
  PID:6612
- C:\Windows\System\yElGJHJ.exe
  C:\Windows\System\yElGJHJ.exe
  2⤵
  PID:6636
- C:\Windows\System\AMJMhjy.exe
  C:\Windows\System\AMJMhjy.exe
  2⤵
  PID:6656
- C:\Windows\System\ARqUNWF.exe
  C:\Windows\System\ARqUNWF.exe
  2⤵
  PID:6672
- C:\Windows\System\rxgudDX.exe
  C:\Windows\System\rxgudDX.exe
  2⤵
  PID:6688
- C:\Windows\System\OIiWqOE.exe
  C:\Windows\System\OIiWqOE.exe
  2⤵
  PID:6704
- C:\Windows\System\AqQpeit.exe
  C:\Windows\System\AqQpeit.exe
  2⤵
  PID:6720
- C:\Windows\System\uqUzhbp.exe
  C:\Windows\System\uqUzhbp.exe
  2⤵
  PID:6740
- C:\Windows\System\lxarcSa.exe
  C:\Windows\System\lxarcSa.exe
  2⤵
  PID:6756
- C:\Windows\System\qnTwRGU.exe
  C:\Windows\System\qnTwRGU.exe
  2⤵
  PID:6780
- C:\Windows\System\SHEQFGU.exe
  C:\Windows\System\SHEQFGU.exe
  2⤵
  PID:6796
- C:\Windows\System\UJDDAKM.exe
  C:\Windows\System\UJDDAKM.exe
  2⤵
  PID:6816
- C:\Windows\System\TAcJsRk.exe
  C:\Windows\System\TAcJsRk.exe
  2⤵
  PID:6864
- C:\Windows\System\DwvdYoe.exe
  C:\Windows\System\DwvdYoe.exe
  2⤵
  PID:6880
- C:\Windows\System\SLimhjJ.exe
  C:\Windows\System\SLimhjJ.exe
  2⤵
  PID:6900
- C:\Windows\System\AjYmTiM.exe
  C:\Windows\System\AjYmTiM.exe
  2⤵
  PID:6924
- C:\Windows\System\qadMuVj.exe
  C:\Windows\System\qadMuVj.exe
  2⤵
  PID:6940
- C:\Windows\System\IXYaAyR.exe
  C:\Windows\System\IXYaAyR.exe
  2⤵
  PID:6960
- C:\Windows\System\BuYnvji.exe
  C:\Windows\System\BuYnvji.exe
  2⤵
  PID:6976
- C:\Windows\System\azDAtiP.exe
  C:\Windows\System\azDAtiP.exe
  2⤵
  PID:6992
- C:\Windows\System\awXzcAq.exe
  C:\Windows\System\awXzcAq.exe
  2⤵
  PID:7008
- C:\Windows\System\vybcwQs.exe
  C:\Windows\System\vybcwQs.exe
  2⤵
  PID:7024
- C:\Windows\System\GnSvWfI.exe
  C:\Windows\System\GnSvWfI.exe
  2⤵
  PID:7044
- C:\Windows\System\JDYaFBc.exe
  C:\Windows\System\JDYaFBc.exe
  2⤵
  PID:7076
- C:\Windows\System\rujWyDv.exe
  C:\Windows\System\rujWyDv.exe
  2⤵
  PID:7100
- C:\Windows\System\XEZnFTK.exe
  C:\Windows\System\XEZnFTK.exe
  2⤵
  PID:7120
- C:\Windows\System\oFqNKyR.exe
  C:\Windows\System\oFqNKyR.exe
  2⤵
  PID:7140
- C:\Windows\System\haSxbmX.exe
  C:\Windows\System\haSxbmX.exe
  2⤵
  PID:7160
- C:\Windows\System\vQqxfLi.exe
  C:\Windows\System\vQqxfLi.exe
  2⤵
  PID:5828
- C:\Windows\System\oUSKiPq.exe
  C:\Windows\System\oUSKiPq.exe
  2⤵
  PID:6180
- C:\Windows\System\XLftWbL.exe
  C:\Windows\System\XLftWbL.exe
  2⤵
  PID:6224
- C:\Windows\System\Ygavyfq.exe
  C:\Windows\System\Ygavyfq.exe
  2⤵
  PID:6288
- C:\Windows\System\fSFYWJP.exe
  C:\Windows\System\fSFYWJP.exe
  2⤵
  PID:6332
- C:\Windows\System\OCBiFOB.exe
  C:\Windows\System\OCBiFOB.exe
  2⤵
  PID:6376
- C:\Windows\System\KRaTNuD.exe
  C:\Windows\System\KRaTNuD.exe
  2⤵
  PID:6212
- C:\Windows\System\DwmwPei.exe
  C:\Windows\System\DwmwPei.exe
  2⤵
  PID:6428
- C:\Windows\System\KeWBlAc.exe
  C:\Windows\System\KeWBlAc.exe
  2⤵
  PID:6440
- C:\Windows\System\evFhSlO.exe
  C:\Windows\System\evFhSlO.exe
  2⤵
  PID:6516
- C:\Windows\System\XKrOMcs.exe
  C:\Windows\System\XKrOMcs.exe
  2⤵
  PID:6464
- C:\Windows\System\DFiLANb.exe
  C:\Windows\System\DFiLANb.exe
  2⤵
  PID:6556
- C:\Windows\System\yHDWxmB.exe
  C:\Windows\System\yHDWxmB.exe
  2⤵
  PID:6412
- C:\Windows\System\ZaBbkpm.exe
  C:\Windows\System\ZaBbkpm.exe
  2⤵
  PID:6584
- C:\Windows\System\MEwkqgY.exe
  C:\Windows\System\MEwkqgY.exe
  2⤵
  PID:6608
- C:\Windows\System\dtWYEDd.exe
  C:\Windows\System\dtWYEDd.exe
  2⤵
  PID:6648
- C:\Windows\System\wTIgyzD.exe
  C:\Windows\System\wTIgyzD.exe
  2⤵
  PID:6716
- C:\Windows\System\xoMFqBY.exe
  C:\Windows\System\xoMFqBY.exe
  2⤵
  PID:6628
- C:\Windows\System\bBuoGNU.exe
  C:\Windows\System\bBuoGNU.exe
  2⤵
  PID:6696
- C:\Windows\System\LKTeoSe.exe
  C:\Windows\System\LKTeoSe.exe
  2⤵
  PID:6764
- C:\Windows\System\hkOlyCZ.exe
  C:\Windows\System\hkOlyCZ.exe
  2⤵
  PID:6808
- C:\Windows\System\EuMXwcd.exe
  C:\Windows\System\EuMXwcd.exe
  2⤵
  PID:6836
- C:\Windows\System\NECcUBo.exe
  C:\Windows\System\NECcUBo.exe
  2⤵
  PID:6892
- C:\Windows\System\bJqgLUi.exe
  C:\Windows\System\bJqgLUi.exe
  2⤵
  PID:6916
- C:\Windows\System\pHTDKFK.exe
  C:\Windows\System\pHTDKFK.exe
  2⤵
  PID:7004
- C:\Windows\System\NYghMsB.exe
  C:\Windows\System\NYghMsB.exe
  2⤵
  PID:6984
- C:\Windows\System\xdaVrJR.exe
  C:\Windows\System\xdaVrJR.exe
  2⤵
  PID:6956
- C:\Windows\System\ALHqABm.exe
  C:\Windows\System\ALHqABm.exe
  2⤵
  PID:7092
- C:\Windows\System\PenydXz.exe
  C:\Windows\System\PenydXz.exe
  2⤵
  PID:7128
- C:\Windows\System\NuyElmF.exe
  C:\Windows\System\NuyElmF.exe
  2⤵
  PID:7064
- C:\Windows\System\ampiZmJ.exe
  C:\Windows\System\ampiZmJ.exe
  2⤵
  PID:7108
- C:\Windows\System\tMQpZOI.exe
  C:\Windows\System\tMQpZOI.exe
  2⤵
  PID:6196
- C:\Windows\System\HnRAXXJ.exe
  C:\Windows\System\HnRAXXJ.exe
  2⤵
  PID:6272
- C:\Windows\System\kNjmcTk.exe
  C:\Windows\System\kNjmcTk.exe
  2⤵
  PID:7156
- C:\Windows\System\khAhZyj.exe
  C:\Windows\System\khAhZyj.exe
  2⤵
  PID:6396
- C:\Windows\System\elhOqHV.exe
  C:\Windows\System\elhOqHV.exe
  2⤵
  PID:6312
- C:\Windows\System\sakiafo.exe
  C:\Windows\System\sakiafo.exe
  2⤵
  PID:6484
- C:\Windows\System\wnSKofV.exe
  C:\Windows\System\wnSKofV.exe
  2⤵
  PID:6408
- C:\Windows\System\CTMLalx.exe
  C:\Windows\System\CTMLalx.exe
  2⤵
  PID:6596
- C:\Windows\System\CCayReb.exe
  C:\Windows\System\CCayReb.exe
  2⤵
  PID:6668
- C:\Windows\System\NApwlJu.exe
  C:\Windows\System\NApwlJu.exe
  2⤵
  PID:6848
- C:\Windows\System\yimEvvS.exe
  C:\Windows\System\yimEvvS.exe
  2⤵
  PID:6732
- C:\Windows\System\WhUXPJZ.exe
  C:\Windows\System\WhUXPJZ.exe
  2⤵
  PID:6860
- C:\Windows\System\nZIXHyR.exe
  C:\Windows\System\nZIXHyR.exe
  2⤵
  PID:6504
- C:\Windows\System\DXDQfwl.exe
  C:\Windows\System\DXDQfwl.exe
  2⤵
  PID:6580
- C:\Windows\System\HzUHapN.exe
  C:\Windows\System\HzUHapN.exe
  2⤵
  PID:6888
- C:\Windows\System\tpNxCBh.exe
  C:\Windows\System\tpNxCBh.exe
  2⤵
  PID:7020
- C:\Windows\System\XvIRfcS.exe
  C:\Windows\System\XvIRfcS.exe
  2⤵
  PID:6932
- C:\Windows\System\qoLSIhF.exe
  C:\Windows\System\qoLSIhF.exe
  2⤵
  PID:7056
- C:\Windows\System\nktqaxS.exe
  C:\Windows\System\nktqaxS.exe
  2⤵
  PID:7084
- C:\Windows\System\HuyoqrT.exe
  C:\Windows\System\HuyoqrT.exe
  2⤵
  PID:7116
- C:\Windows\System\yppKnUt.exe
  C:\Windows\System\yppKnUt.exe
  2⤵
  PID:6988
- C:\Windows\System\sZhmLZU.exe
  C:\Windows\System\sZhmLZU.exe
  2⤵
  PID:6532
- C:\Windows\System\VrSTQyb.exe
  C:\Windows\System\VrSTQyb.exe
  2⤵
  PID:6844
- C:\Windows\System\SUrHjAJ.exe
  C:\Windows\System\SUrHjAJ.exe
  2⤵
  PID:6684
- C:\Windows\System\CnHgrqk.exe
  C:\Windows\System\CnHgrqk.exe
  2⤵
  PID:6856
- C:\Windows\System\damjCXk.exe
  C:\Windows\System\damjCXk.exe
  2⤵
  PID:7060
- C:\Windows\System\ZchsGNl.exe
  C:\Windows\System\ZchsGNl.exe
  2⤵
  PID:6908
- C:\Windows\System\qRCQuDy.exe
  C:\Windows\System\qRCQuDy.exe
  2⤵
  PID:6872
- C:\Windows\System\Jqsqpzg.exe
  C:\Windows\System\Jqsqpzg.exe
  2⤵
  PID:6832
- C:\Windows\System\dvhzSPM.exe
  C:\Windows\System\dvhzSPM.exe
  2⤵
  PID:6176
- C:\Windows\System\ICBcwXp.exe
  C:\Windows\System\ICBcwXp.exe
  2⤵
  PID:6244
- C:\Windows\System\JyeptiW.exe
  C:\Windows\System\JyeptiW.exe
  2⤵
  PID:6804
- C:\Windows\System\iNkckTA.exe
  C:\Windows\System\iNkckTA.exe
  2⤵
  PID:6776
- C:\Windows\System\PrQxNNn.exe
  C:\Windows\System\PrQxNNn.exe
  2⤵
  PID:6952
- C:\Windows\System\qBkxHri.exe
  C:\Windows\System\qBkxHri.exe
  2⤵
  PID:6664
- C:\Windows\System\SvfpCsG.exe
  C:\Windows\System\SvfpCsG.exe
  2⤵
  PID:6852
- C:\Windows\System\UkhTcbv.exe
  C:\Windows\System\UkhTcbv.exe
  2⤵
  PID:6328
- C:\Windows\System\WhHaFcg.exe
  C:\Windows\System\WhHaFcg.exe
  2⤵
  PID:7112
- C:\Windows\System\BUDiXny.exe
  C:\Windows\System\BUDiXny.exe
  2⤵
  PID:6540
- C:\Windows\System\DGTZuod.exe
  C:\Windows\System\DGTZuod.exe
  2⤵
  PID:7180
- C:\Windows\System\fjjHOod.exe
  C:\Windows\System\fjjHOod.exe
  2⤵
  PID:7232
- C:\Windows\System\XIAZiWW.exe
  C:\Windows\System\XIAZiWW.exe
  2⤵
  PID:7256
- C:\Windows\System\XEIgsiw.exe
  C:\Windows\System\XEIgsiw.exe
  2⤵
  PID:7272
- C:\Windows\System\VZCguEE.exe
  C:\Windows\System\VZCguEE.exe
  2⤵
  PID:7288
- C:\Windows\System\cyzRNzh.exe
  C:\Windows\System\cyzRNzh.exe
  2⤵
  PID:7304
- C:\Windows\System\bmpRsHu.exe
  C:\Windows\System\bmpRsHu.exe
  2⤵
  PID:7320
- C:\Windows\System\dIEAFvV.exe
  C:\Windows\System\dIEAFvV.exe
  2⤵
  PID:7340
- C:\Windows\System\dGBihof.exe
  C:\Windows\System\dGBihof.exe
  2⤵
  PID:7360
- C:\Windows\System\katlhoW.exe
  C:\Windows\System\katlhoW.exe
  2⤵
  PID:7376
- C:\Windows\System\hXXCIku.exe
  C:\Windows\System\hXXCIku.exe
  2⤵
  PID:7400
- C:\Windows\System\DZHXUnf.exe
  C:\Windows\System\DZHXUnf.exe
  2⤵
  PID:7428
- C:\Windows\System\upsjnrU.exe
  C:\Windows\System\upsjnrU.exe
  2⤵
  PID:7456
- C:\Windows\System\HMHDWaY.exe
  C:\Windows\System\HMHDWaY.exe
  2⤵
  PID:7476
- C:\Windows\System\XVJepqS.exe
  C:\Windows\System\XVJepqS.exe
  2⤵
  PID:7492
- C:\Windows\System\nKHIqZn.exe
  C:\Windows\System\nKHIqZn.exe
  2⤵
  PID:7512
- C:\Windows\System\VIfGgZC.exe
  C:\Windows\System\VIfGgZC.exe
  2⤵
  PID:7528
- C:\Windows\System\adedtCR.exe
  C:\Windows\System\adedtCR.exe
  2⤵
  PID:7544
- C:\Windows\System\jTbyUvm.exe
  C:\Windows\System\jTbyUvm.exe
  2⤵
  PID:7572
- C:\Windows\System\TeOITJa.exe
  C:\Windows\System\TeOITJa.exe
  2⤵
  PID:7588
- C:\Windows\System\yHZZYpb.exe
  C:\Windows\System\yHZZYpb.exe
  2⤵
  PID:7604
- C:\Windows\System\sEsxdKm.exe
  C:\Windows\System\sEsxdKm.exe
  2⤵
  PID:7620
- C:\Windows\System\khqNtSN.exe
  C:\Windows\System\khqNtSN.exe
  2⤵
  PID:7640
- C:\Windows\System\majHIVX.exe
  C:\Windows\System\majHIVX.exe
  2⤵
  PID:7656
- C:\Windows\System\JPBfWTS.exe
  C:\Windows\System\JPBfWTS.exe
  2⤵
  PID:7700
- C:\Windows\System\OZabYeZ.exe
  C:\Windows\System\OZabYeZ.exe
  2⤵
  PID:7716
- C:\Windows\System\VWSBnWe.exe
  C:\Windows\System\VWSBnWe.exe
  2⤵
  PID:7736
- C:\Windows\System\kgJONtG.exe
  C:\Windows\System\kgJONtG.exe
  2⤵
  PID:7760
- C:\Windows\System\JzheRUv.exe
  C:\Windows\System\JzheRUv.exe
  2⤵
  PID:7776
- C:\Windows\System\XqMCzcD.exe
  C:\Windows\System\XqMCzcD.exe
  2⤵
  PID:7792
- C:\Windows\System\HUNwjeI.exe
  C:\Windows\System\HUNwjeI.exe
  2⤵
  PID:7808
- C:\Windows\System\cqvKxGb.exe
  C:\Windows\System\cqvKxGb.exe
  2⤵
  PID:7828
- C:\Windows\System\vqnDPmC.exe
  C:\Windows\System\vqnDPmC.exe
  2⤵
  PID:7852
- C:\Windows\System\EqQzfKM.exe
  C:\Windows\System\EqQzfKM.exe
  2⤵
  PID:7872
- C:\Windows\System\VkRvLqs.exe
  C:\Windows\System\VkRvLqs.exe
  2⤵
  PID:7888
- C:\Windows\System\jOkqiwg.exe
  C:\Windows\System\jOkqiwg.exe
  2⤵
  PID:7904
- C:\Windows\System\wndcyMa.exe
  C:\Windows\System\wndcyMa.exe
  2⤵
  PID:7944
- C:\Windows\System\jEkZtjP.exe
  C:\Windows\System\jEkZtjP.exe
  2⤵
  PID:7960
- C:\Windows\System\CbCgBvQ.exe
  C:\Windows\System\CbCgBvQ.exe
  2⤵
  PID:7976
- C:\Windows\System\zvRndmz.exe
  C:\Windows\System\zvRndmz.exe
  2⤵
  PID:7992
- C:\Windows\System\gHijXeZ.exe
  C:\Windows\System\gHijXeZ.exe
  2⤵
  PID:8008
- C:\Windows\System\LnaPBpn.exe
  C:\Windows\System\LnaPBpn.exe
  2⤵
  PID:8024
- C:\Windows\System\cMtMVsM.exe
  C:\Windows\System\cMtMVsM.exe
  2⤵
  PID:8056
- C:\Windows\System\cucaHtq.exe
  C:\Windows\System\cucaHtq.exe
  2⤵
  PID:8076
- C:\Windows\System\wLllmvd.exe
  C:\Windows\System\wLllmvd.exe
  2⤵
  PID:8092
- C:\Windows\System\OqGwYxs.exe
  C:\Windows\System\OqGwYxs.exe
  2⤵
  PID:8108
- C:\Windows\System\LJCPbiu.exe
  C:\Windows\System\LJCPbiu.exe
  2⤵
  PID:8124
- C:\Windows\System\tjIUoIS.exe
  C:\Windows\System\tjIUoIS.exe
  2⤵
  PID:8144
- C:\Windows\System\JHisnnu.exe
  C:\Windows\System\JHisnnu.exe
  2⤵
  PID:8164
- C:\Windows\System\XowHguZ.exe
  C:\Windows\System\XowHguZ.exe
  2⤵
  PID:8188
- C:\Windows\System\WzcExQs.exe
  C:\Windows\System\WzcExQs.exe
  2⤵
  PID:6384
- C:\Windows\System\jMZvHRy.exe
  C:\Windows\System\jMZvHRy.exe
  2⤵
  PID:7188
- C:\Windows\System\cSzAdsz.exe
  C:\Windows\System\cSzAdsz.exe
  2⤵
  PID:7244
- C:\Windows\System\cJjDeSq.exe
  C:\Windows\System\cJjDeSq.exe
  2⤵
  PID:7136
- C:\Windows\System\MjpLNIZ.exe
  C:\Windows\System\MjpLNIZ.exe
  2⤵
  PID:6352
- C:\Windows\System\VpgSPgZ.exe
  C:\Windows\System\VpgSPgZ.exe
  2⤵
  PID:7280
- C:\Windows\System\FbaeYVx.exe
  C:\Windows\System\FbaeYVx.exe
  2⤵
  PID:7352
- C:\Windows\System\vFFCMTM.exe
  C:\Windows\System\vFFCMTM.exe
  2⤵
  PID:7336
- C:\Windows\System\SOJCUxe.exe
  C:\Windows\System\SOJCUxe.exe
  2⤵
  PID:7388
- C:\Windows\System\JJbzqgy.exe
  C:\Windows\System\JJbzqgy.exe
  2⤵
  PID:7436
- C:\Windows\System\JexPNcP.exe
  C:\Windows\System\JexPNcP.exe
  2⤵
  PID:7416
- C:\Windows\System\eRFgHZu.exe
  C:\Windows\System\eRFgHZu.exe
  2⤵
  PID:7464
- C:\Windows\System\yKjIjEI.exe
  C:\Windows\System\yKjIjEI.exe
  2⤵
  PID:7488
- C:\Windows\System\iLHTCHB.exe
  C:\Windows\System\iLHTCHB.exe
  2⤵
  PID:7500
- C:\Windows\System\ryUcEjU.exe
  C:\Windows\System\ryUcEjU.exe
  2⤵
  PID:7564
- C:\Windows\System\YsiSkag.exe
  C:\Windows\System\YsiSkag.exe
  2⤵
  PID:7540
- C:\Windows\System\nhjfgBi.exe
  C:\Windows\System\nhjfgBi.exe
  2⤵
  PID:7680
- C:\Windows\System\cTxRtUq.exe
  C:\Windows\System\cTxRtUq.exe
  2⤵
  PID:7696
- C:\Windows\System\vFuIOnx.exe
  C:\Windows\System\vFuIOnx.exe
  2⤵
  PID:7612
- C:\Windows\System\vvpBATq.exe
  C:\Windows\System\vvpBATq.exe
  2⤵
  PID:7712
- C:\Windows\System\QToPJYq.exe
  C:\Windows\System\QToPJYq.exe
  2⤵
  PID:7772
- C:\Windows\System\EGnnAUu.exe
  C:\Windows\System\EGnnAUu.exe
  2⤵
  PID:7848
- C:\Windows\System\FUyUcyX.exe
  C:\Windows\System\FUyUcyX.exe
  2⤵
  PID:7748
- C:\Windows\System\ohaGsGU.exe
  C:\Windows\System\ohaGsGU.exe
  2⤵
  PID:7900
- C:\Windows\System\HvlUXoe.exe
  C:\Windows\System\HvlUXoe.exe
  2⤵
  PID:7924
- C:\Windows\System\KQwdseI.exe
  C:\Windows\System\KQwdseI.exe
  2⤵
  PID:7920
- C:\Windows\System\ZUDRyxP.exe
  C:\Windows\System\ZUDRyxP.exe
  2⤵
  PID:7968
- C:\Windows\System\EhAZOzs.exe
  C:\Windows\System\EhAZOzs.exe
  2⤵
  PID:8036
- C:\Windows\System\yZtnGHj.exe
  C:\Windows\System\yZtnGHj.exe
  2⤵
  PID:8044
- C:\Windows\System\waUbcEv.exe
  C:\Windows\System\waUbcEv.exe
  2⤵
  PID:8088
- C:\Windows\System\ThIdRjS.exe
  C:\Windows\System\ThIdRjS.exe
  2⤵
  PID:8156
- C:\Windows\System\FLtltME.exe
  C:\Windows\System\FLtltME.exe
  2⤵
  PID:8068
- C:\Windows\System\jqMuTfd.exe
  C:\Windows\System\jqMuTfd.exe
  2⤵
  PID:8140
- C:\Windows\System\ZlpzOVS.exe
  C:\Windows\System\ZlpzOVS.exe
  2⤵
  PID:8184
- C:\Windows\System\IGptkyX.exe
  C:\Windows\System\IGptkyX.exe
  2⤵
  PID:6276
- C:\Windows\System\SuhVmNL.exe
  C:\Windows\System\SuhVmNL.exe
  2⤵
  PID:7220
- C:\Windows\System\pBPWXRc.exe
  C:\Windows\System\pBPWXRc.exe
  2⤵
  PID:7200
- C:\Windows\System\uSYYEyD.exe
  C:\Windows\System\uSYYEyD.exe
  2⤵
  PID:7240
- C:\Windows\System\qENszXe.exe
  C:\Windows\System\qENszXe.exe
  2⤵
  PID:7312
- C:\Windows\System\gMZQxWx.exe
  C:\Windows\System\gMZQxWx.exe
  2⤵
  PID:7264
- C:\Windows\System\mRvfMfe.exe
  C:\Windows\System\mRvfMfe.exe
  2⤵
  PID:7296
- C:\Windows\System\tQpSUwr.exe
  C:\Windows\System\tQpSUwr.exe
  2⤵
  PID:7396
- C:\Windows\System\iPsqvSb.exe
  C:\Windows\System\iPsqvSb.exe
  2⤵
  PID:7484
- C:\Windows\System\meIghrS.exe
  C:\Windows\System\meIghrS.exe
  2⤵
  PID:7524
- C:\Windows\System\LUsxiuM.exe
  C:\Windows\System\LUsxiuM.exe
  2⤵
  PID:7508
- C:\Windows\System\LxQrSCz.exe
  C:\Windows\System\LxQrSCz.exe
  2⤵
  PID:7636
- C:\Windows\System\GkZltsg.exe
  C:\Windows\System\GkZltsg.exe
  2⤵
  PID:7732
- C:\Windows\System\fEMjozp.exe
  C:\Windows\System\fEMjozp.exe
  2⤵
  PID:7692
- C:\Windows\System\YrFzhwi.exe
  C:\Windows\System\YrFzhwi.exe
  2⤵
  PID:7860
- C:\Windows\System\hwzAwlR.exe
  C:\Windows\System\hwzAwlR.exe
  2⤵
  PID:7988
- C:\Windows\System\rbcgXch.exe
  C:\Windows\System\rbcgXch.exe
  2⤵
  PID:7036
- C:\Windows\System\mkbrDLu.exe
  C:\Windows\System\mkbrDLu.exe
  2⤵
  PID:7252
- C:\Windows\System\VxXEllq.exe
  C:\Windows\System\VxXEllq.exe
  2⤵
  PID:7412
- C:\Windows\System\NvSAPFD.exe
  C:\Windows\System\NvSAPFD.exe
  2⤵
  PID:7836
- C:\Windows\System\AFqSVFJ.exe
  C:\Windows\System\AFqSVFJ.exe
  2⤵
  PID:6920
- C:\Windows\System\sxWHSus.exe
  C:\Windows\System\sxWHSus.exe
  2⤵
  PID:7384
- C:\Windows\System\AMLXaAR.exe
  C:\Windows\System\AMLXaAR.exe
  2⤵
  PID:7868
- C:\Windows\System\FyilDGF.exe
  C:\Windows\System\FyilDGF.exe
  2⤵
  PID:7440
- C:\Windows\System\qfdYNIH.exe
  C:\Windows\System\qfdYNIH.exe
  2⤵
  PID:7216
- C:\Windows\System\RcarmEh.exe
  C:\Windows\System\RcarmEh.exe
  2⤵
  PID:8064
- C:\Windows\System\mUVnKmH.exe
  C:\Windows\System\mUVnKmH.exe
  2⤵
  PID:7676
- C:\Windows\System\IPCLegT.exe
  C:\Windows\System\IPCLegT.exe
  2⤵
  PID:7648
- C:\Windows\System\PyINIZB.exe
  C:\Windows\System\PyINIZB.exe
  2⤵
  PID:7816
- C:\Windows\System\sPMFQWS.exe
  C:\Windows\System\sPMFQWS.exe
  2⤵
  PID:8152
- C:\Windows\System\aQmHQvB.exe
  C:\Windows\System\aQmHQvB.exe
  2⤵
  PID:7756
- C:\Windows\System\GLvVDBq.exe
  C:\Windows\System\GLvVDBq.exe
  2⤵
  PID:7152
- C:\Windows\System\moTnOws.exe
  C:\Windows\System\moTnOws.exe
  2⤵
  PID:8000
- C:\Windows\System\ZxWmswq.exe
  C:\Windows\System\ZxWmswq.exe
  2⤵
  PID:7652
- C:\Windows\System\cYbaCIV.exe
  C:\Windows\System\cYbaCIV.exe
  2⤵
  PID:8120
- C:\Windows\System\EfHxXcA.exe
  C:\Windows\System\EfHxXcA.exe
  2⤵
  PID:8104
- C:\Windows\System\IwqRget.exe
  C:\Windows\System\IwqRget.exe
  2⤵
  PID:7884
- C:\Windows\System\sLfzuIQ.exe
  C:\Windows\System\sLfzuIQ.exe
  2⤵
  PID:6164
- C:\Windows\System\AxSkEnq.exe
  C:\Windows\System\AxSkEnq.exe
  2⤵
  PID:7916
- C:\Windows\System\AOEAZdx.exe
  C:\Windows\System\AOEAZdx.exe
  2⤵
  PID:8176
- C:\Windows\System\hvJxWct.exe
  C:\Windows\System\hvJxWct.exe
  2⤵
  PID:7368
- C:\Windows\System\fmAWPiq.exe
  C:\Windows\System\fmAWPiq.exe
  2⤵
  PID:7580
- C:\Windows\System\DJMtLDk.exe
  C:\Windows\System\DJMtLDk.exe
  2⤵
  PID:7072
- C:\Windows\System\WuINBNx.exe
  C:\Windows\System\WuINBNx.exe
  2⤵
  PID:6876
- C:\Windows\System\FHwIChJ.exe
  C:\Windows\System\FHwIChJ.exe
  2⤵
  PID:8020
- C:\Windows\System\KvznoUn.exe
  C:\Windows\System\KvznoUn.exe
  2⤵
  PID:7208
- C:\Windows\System\ZjBhabA.exe
  C:\Windows\System\ZjBhabA.exe
  2⤵
  PID:8032
- C:\Windows\System\yUPeYhL.exe
  C:\Windows\System\yUPeYhL.exe
  2⤵
  PID:8180
- C:\Windows\System\OoPIJbY.exe
  C:\Windows\System\OoPIJbY.exe
  2⤵
  PID:8208
- C:\Windows\System\RtZCfSM.exe
  C:\Windows\System\RtZCfSM.exe
  2⤵
  PID:8228
- C:\Windows\System\SSRQlUu.exe
  C:\Windows\System\SSRQlUu.exe
  2⤵
  PID:8260
- C:\Windows\System\WEuefKJ.exe
  C:\Windows\System\WEuefKJ.exe
  2⤵
  PID:8284
- C:\Windows\System\TSvjofQ.exe
  C:\Windows\System\TSvjofQ.exe
  2⤵
  PID:8304
- C:\Windows\System\pOlCebw.exe
  C:\Windows\System\pOlCebw.exe
  2⤵
  PID:8320
- C:\Windows\System\dQSorlT.exe
  C:\Windows\System\dQSorlT.exe
  2⤵
  PID:8340
- C:\Windows\System\Npuyntu.exe
  C:\Windows\System\Npuyntu.exe
  2⤵
  PID:8360
- C:\Windows\System\xckzwrL.exe
  C:\Windows\System\xckzwrL.exe
  2⤵
  PID:8376
- C:\Windows\System\RvkkdLq.exe
  C:\Windows\System\RvkkdLq.exe
  2⤵
  PID:8400
- C:\Windows\System\mmaKGrY.exe
  C:\Windows\System\mmaKGrY.exe
  2⤵
  PID:8416
- C:\Windows\System\oyaKglN.exe
  C:\Windows\System\oyaKglN.exe
  2⤵
  PID:8444
- C:\Windows\System\NWUVCzs.exe
  C:\Windows\System\NWUVCzs.exe
  2⤵
  PID:8460
- C:\Windows\System\UcdRsXT.exe
  C:\Windows\System\UcdRsXT.exe
  2⤵
  PID:8488
- C:\Windows\System\OmDvalp.exe
  C:\Windows\System\OmDvalp.exe
  2⤵
  PID:8512
- C:\Windows\System\NbxInhi.exe
  C:\Windows\System\NbxInhi.exe
  2⤵
  PID:8528
- C:\Windows\System\WkrjHnM.exe
  C:\Windows\System\WkrjHnM.exe
  2⤵
  PID:8544
- C:\Windows\System\qbeCEil.exe
  C:\Windows\System\qbeCEil.exe
  2⤵
  PID:8580
- C:\Windows\System\DEenTHi.exe
  C:\Windows\System\DEenTHi.exe
  2⤵
  PID:8600
- C:\Windows\System\ECtWoIs.exe
  C:\Windows\System\ECtWoIs.exe
  2⤵
  PID:8616
- C:\Windows\System\OFwLWNb.exe
  C:\Windows\System\OFwLWNb.exe
  2⤵
  PID:8632
- C:\Windows\System\aWeRZLl.exe
  C:\Windows\System\aWeRZLl.exe
  2⤵
  PID:8652
- C:\Windows\System\ZRwyKKX.exe
  C:\Windows\System\ZRwyKKX.exe
  2⤵
  PID:8672
- C:\Windows\System\rTDNBmh.exe
  C:\Windows\System\rTDNBmh.exe
  2⤵
  PID:8692
- C:\Windows\System\oRgRwpy.exe
  C:\Windows\System\oRgRwpy.exe
  2⤵
  PID:8708
- C:\Windows\System\BrrOLpP.exe
  C:\Windows\System\BrrOLpP.exe
  2⤵
  PID:8732
- C:\Windows\System\YfMaHpo.exe
  C:\Windows\System\YfMaHpo.exe
  2⤵
  PID:8748
- C:\Windows\System\VcIyXdk.exe
  C:\Windows\System\VcIyXdk.exe
  2⤵
  PID:8764
- C:\Windows\System\ovjwIpw.exe
  C:\Windows\System\ovjwIpw.exe
  2⤵
  PID:8784
- C:\Windows\System\PgCSYPu.exe
  C:\Windows\System\PgCSYPu.exe
  2⤵
  PID:8804
- C:\Windows\System\ujJpDFz.exe
  C:\Windows\System\ujJpDFz.exe
  2⤵
  PID:8820
- C:\Windows\System\wUkwJHO.exe
  C:\Windows\System\wUkwJHO.exe
  2⤵
  PID:8840
- C:\Windows\System\GxgQoDR.exe
  C:\Windows\System\GxgQoDR.exe
  2⤵
  PID:8860
- C:\Windows\System\XrBOvAv.exe
  C:\Windows\System\XrBOvAv.exe
  2⤵
  PID:8880
- C:\Windows\System\xBdCZYE.exe
  C:\Windows\System\xBdCZYE.exe
  2⤵
  PID:8900
- C:\Windows\System\qfXmjed.exe
  C:\Windows\System\qfXmjed.exe
  2⤵
  PID:8920
- C:\Windows\System\QrHivnE.exe
  C:\Windows\System\QrHivnE.exe
  2⤵
  PID:8944
- C:\Windows\System\JVjWBoZ.exe
  C:\Windows\System\JVjWBoZ.exe
  2⤵
  PID:8968
- C:\Windows\System\GBgHszk.exe
  C:\Windows\System\GBgHszk.exe
  2⤵
  PID:8984
- C:\Windows\System\HQxYZLh.exe
  C:\Windows\System\HQxYZLh.exe
  2⤵
  PID:9008
- C:\Windows\System\gkXEbMA.exe
  C:\Windows\System\gkXEbMA.exe
  2⤵
  PID:9028
- C:\Windows\System\TyGqwBD.exe
  C:\Windows\System\TyGqwBD.exe
  2⤵
  PID:9052
- C:\Windows\System\KINWznD.exe
  C:\Windows\System\KINWznD.exe
  2⤵
  PID:9076
- C:\Windows\System\hvbfDjh.exe
  C:\Windows\System\hvbfDjh.exe
  2⤵
  PID:9100
- C:\Windows\System\ElKwGMp.exe
  C:\Windows\System\ElKwGMp.exe
  2⤵
  PID:9116
- C:\Windows\System\qFEOmyH.exe
  C:\Windows\System\qFEOmyH.exe
  2⤵
  PID:9132
- C:\Windows\System\sKEfbow.exe
  C:\Windows\System\sKEfbow.exe
  2⤵
  PID:9164
- C:\Windows\System\WMDOxOa.exe
  C:\Windows\System\WMDOxOa.exe
  2⤵
  PID:9180
- C:\Windows\System\IxXdCRo.exe
  C:\Windows\System\IxXdCRo.exe
  2⤵
  PID:9196
- C:\Windows\System\dBFyrcb.exe
  C:\Windows\System\dBFyrcb.exe
  2⤵
  PID:7584
- C:\Windows\System\IYjYSRF.exe
  C:\Windows\System\IYjYSRF.exe
  2⤵
  PID:8236
- C:\Windows\System\elxlTaQ.exe
  C:\Windows\System\elxlTaQ.exe
  2⤵
  PID:8240
- C:\Windows\System\ldBAIxD.exe
  C:\Windows\System\ldBAIxD.exe
  2⤵
  PID:7408
- C:\Windows\System\jgDzroM.exe
  C:\Windows\System\jgDzroM.exe
  2⤵
  PID:8272
- C:\Windows\System\EEmwsTA.exe
  C:\Windows\System\EEmwsTA.exe
  2⤵
  PID:8316
- C:\Windows\System\cmiwKdV.exe
  C:\Windows\System\cmiwKdV.exe
  2⤵
  PID:8352
- C:\Windows\System\FmuSOdK.exe
  C:\Windows\System\FmuSOdK.exe
  2⤵
  PID:8392
- C:\Windows\System\PDTtTEX.exe
  C:\Windows\System\PDTtTEX.exe
  2⤵
  PID:8436
- C:\Windows\System\MWPsSjY.exe
  C:\Windows\System\MWPsSjY.exe
  2⤵
  PID:8468
- C:\Windows\System\lJwUZQb.exe
  C:\Windows\System\lJwUZQb.exe
  2⤵
  PID:8484
- C:\Windows\System\rwglFBw.exe
  C:\Windows\System\rwglFBw.exe
  2⤵
  PID:8536
- C:\Windows\System\EIdwPnd.exe
  C:\Windows\System\EIdwPnd.exe
  2⤵
  PID:8564
- C:\Windows\System\uYmxdbv.exe
  C:\Windows\System\uYmxdbv.exe
  2⤵
  PID:8592
- C:\Windows\System\hTbyeDs.exe
  C:\Windows\System\hTbyeDs.exe
  2⤵
  PID:8608
- C:\Windows\System\aqOnjWj.exe
  C:\Windows\System\aqOnjWj.exe
  2⤵
  PID:8700
- C:\Windows\System\WzisTmE.exe
  C:\Windows\System\WzisTmE.exe
  2⤵
  PID:8740
- C:\Windows\System\cfwsgpK.exe
  C:\Windows\System\cfwsgpK.exe
  2⤵
  PID:8680
- C:\Windows\System\engTLCp.exe
  C:\Windows\System\engTLCp.exe
  2⤵
  PID:8888
- C:\Windows\System\YsWgFNb.exe
  C:\Windows\System\YsWgFNb.exe
  2⤵
  PID:8936
- C:\Windows\System\zdhpvFp.exe
  C:\Windows\System\zdhpvFp.exe
  2⤵
  PID:8796
- C:\Windows\System\pgQULlj.exe
  C:\Windows\System\pgQULlj.exe
  2⤵
  PID:8832
- C:\Windows\System\tcyeZXT.exe
  C:\Windows\System\tcyeZXT.exe
  2⤵
  PID:8720
- C:\Windows\System\WTrTpyG.exe
  C:\Windows\System\WTrTpyG.exe
  2⤵
  PID:9016
- C:\Windows\System\MVwlGmp.exe
  C:\Windows\System\MVwlGmp.exe
  2⤵
  PID:8952
- C:\Windows\System\SSeBtgx.exe
  C:\Windows\System\SSeBtgx.exe
  2⤵
  PID:8992
- C:\Windows\System\SSTTkhs.exe
  C:\Windows\System\SSTTkhs.exe
  2⤵
  PID:9004
- C:\Windows\System\krjjMuz.exe
  C:\Windows\System\krjjMuz.exe
  2⤵
  PID:9064
- C:\Windows\System\lyCbipV.exe
  C:\Windows\System\lyCbipV.exe
  2⤵
  PID:9088
- C:\Windows\System\oNnhjZz.exe
  C:\Windows\System\oNnhjZz.exe
  2⤵
  PID:9112
- C:\Windows\System\pmghGKm.exe
  C:\Windows\System\pmghGKm.exe
  2⤵
  PID:9188
- C:\Windows\System\pffxsTc.exe
  C:\Windows\System\pffxsTc.exe
  2⤵
  PID:9204
- C:\Windows\System\CleYrJt.exe
  C:\Windows\System\CleYrJt.exe
  2⤵
  PID:8252
- C:\Windows\System\qhqCyWv.exe
  C:\Windows\System\qhqCyWv.exe
  2⤵
  PID:8224
- C:\Windows\System\JDNMxVP.exe
  C:\Windows\System\JDNMxVP.exe
  2⤵
  PID:8356
- C:\Windows\System\oWLLABB.exe
  C:\Windows\System\oWLLABB.exe
  2⤵
  PID:8332
- C:\Windows\System\YNJZzsU.exe
  C:\Windows\System\YNJZzsU.exe
  2⤵
  PID:8424
- C:\Windows\System\isUSVTK.exe
  C:\Windows\System\isUSVTK.exe
  2⤵
  PID:8452
- C:\Windows\System\JUKiOVZ.exe
  C:\Windows\System\JUKiOVZ.exe
  2⤵
  PID:8500
- C:\Windows\System\jJmjnTZ.exe
  C:\Windows\System\jJmjnTZ.exe
  2⤵
  PID:8772
- C:\Windows\System\tERWhEW.exe
  C:\Windows\System\tERWhEW.exe
  2⤵
  PID:8892
- C:\Windows\System\NnNFjZX.exe
  C:\Windows\System\NnNFjZX.exe
  2⤵
  PID:8660
- C:\Windows\System\RnMmhiO.exe
  C:\Windows\System\RnMmhiO.exe
  2⤵
  PID:8856
- C:\Windows\System\VaxTjYB.exe
  C:\Windows\System\VaxTjYB.exe
  2⤵
  PID:8716
- C:\Windows\System\cmRVyTi.exe
  C:\Windows\System\cmRVyTi.exe
  2⤵
  PID:8728
- C:\Windows\System\GvQPnIZ.exe
  C:\Windows\System\GvQPnIZ.exe
  2⤵
  PID:9024
- C:\Windows\System\XCrvMIX.exe
  C:\Windows\System\XCrvMIX.exe
  2⤵
  PID:8916
- C:\Windows\System\aRKmvnI.exe
  C:\Windows\System\aRKmvnI.exe
  2⤵
  PID:9060
- C:\Windows\System\brkPbIS.exe
  C:\Windows\System\brkPbIS.exe
  2⤵
  PID:9044
- C:\Windows\System\SbAMjXd.exe
  C:\Windows\System\SbAMjXd.exe
  2⤵
  PID:9172
- C:\Windows\System\GAfxDWw.exe
  C:\Windows\System\GAfxDWw.exe
  2⤵
  PID:9212
- C:\Windows\System\itaLCeY.exe
  C:\Windows\System\itaLCeY.exe
  2⤵
  PID:8384
- C:\Windows\System\HLSNnmZ.exe
  C:\Windows\System\HLSNnmZ.exe
  2⤵
  PID:8408
- C:\Windows\System\gFlQzcs.exe
  C:\Windows\System\gFlQzcs.exe
  2⤵
  PID:8276
- C:\Windows\System\BRqNyHT.exe
  C:\Windows\System\BRqNyHT.exe
  2⤵
  PID:8504
- C:\Windows\System\PkmebZd.exe
  C:\Windows\System\PkmebZd.exe
  2⤵
  PID:8556
- C:\Windows\System\EkpTLET.exe
  C:\Windows\System\EkpTLET.exe
  2⤵
  PID:8560
- C:\Windows\System\CPrUvEg.exe
  C:\Windows\System\CPrUvEg.exe
  2⤵
  PID:8640
- C:\Windows\System\FXIwOjG.exe
  C:\Windows\System\FXIwOjG.exe
  2⤵
  PID:8756
- C:\Windows\System\rsksQBX.exe
  C:\Windows\System\rsksQBX.exe
  2⤵
  PID:9068
- C:\Windows\System\lNvuwfH.exe
  C:\Windows\System\lNvuwfH.exe
  2⤵
  PID:8480
- C:\Windows\System\hwBDoDF.exe
  C:\Windows\System\hwBDoDF.exe
  2⤵
  PID:9000
- C:\Windows\System\mDIyuyq.exe
  C:\Windows\System\mDIyuyq.exe
  2⤵
  PID:7932
- C:\Windows\System\Anyqdqw.exe
  C:\Windows\System\Anyqdqw.exe
  2⤵
  PID:8412
- C:\Windows\System\YIDeSTm.exe
  C:\Windows\System\YIDeSTm.exe
  2⤵
  PID:8812
- C:\Windows\System\VSUSZmx.exe
  C:\Windows\System\VSUSZmx.exe
  2⤵
  PID:8928
- C:\Windows\System\KMfTtmx.exe
  C:\Windows\System\KMfTtmx.exe
  2⤵
  PID:8980
- C:\Windows\System\MaLMuiC.exe
  C:\Windows\System\MaLMuiC.exe
  2⤵
  PID:8964
- C:\Windows\System\mPgevZD.exe
  C:\Windows\System\mPgevZD.exe
  2⤵
  PID:9160
- C:\Windows\System\fcSsVWY.exe
  C:\Windows\System\fcSsVWY.exe
  2⤵
  PID:8280
- C:\Windows\System\ZMiLliL.exe
  C:\Windows\System\ZMiLliL.exe
  2⤵
  PID:8524
- C:\Windows\System\qMBGRFT.exe
  C:\Windows\System\qMBGRFT.exe
  2⤵
  PID:8912
- C:\Windows\System\FEFVUxr.exe
  C:\Windows\System\FEFVUxr.exe
  2⤵
  PID:9108
- C:\Windows\System\xxXzELH.exe
  C:\Windows\System\xxXzELH.exe
  2⤵
  PID:8776
- C:\Windows\System\PFkIxqu.exe
  C:\Windows\System\PFkIxqu.exe
  2⤵
  PID:9156
- C:\Windows\System\OBbnZPw.exe
  C:\Windows\System\OBbnZPw.exe
  2⤵
  PID:8220
- C:\Windows\System\zLRoxdn.exe
  C:\Windows\System\zLRoxdn.exe
  2⤵
  PID:8872
- C:\Windows\System\GSTiBUo.exe
  C:\Windows\System\GSTiBUo.exe
  2⤵
  PID:7952
- C:\Windows\System\QsQBPss.exe
  C:\Windows\System\QsQBPss.exe
  2⤵
  PID:8960
- C:\Windows\System\fRPxjii.exe
  C:\Windows\System\fRPxjii.exe
  2⤵
  PID:9232
- C:\Windows\System\NIqLfZR.exe
  C:\Windows\System\NIqLfZR.exe
  2⤵
  PID:9256
- C:\Windows\System\bOJPVmO.exe
  C:\Windows\System\bOJPVmO.exe
  2⤵
  PID:9272
- C:\Windows\System\pVqUnVX.exe
  C:\Windows\System\pVqUnVX.exe
  2⤵
  PID:9296
- C:\Windows\System\nWemuiU.exe
  C:\Windows\System\nWemuiU.exe
  2⤵
  PID:9316
- C:\Windows\System\FaPfGHN.exe
  C:\Windows\System\FaPfGHN.exe
  2⤵
  PID:9340
- C:\Windows\System\jVJSEzv.exe
  C:\Windows\System\jVJSEzv.exe
  2⤵
  PID:9360
- C:\Windows\System\KJXlVaP.exe
  C:\Windows\System\KJXlVaP.exe
  2⤵
  PID:9376
- C:\Windows\System\TDfbMYE.exe
  C:\Windows\System\TDfbMYE.exe
  2⤵
  PID:9392
- C:\Windows\System\yHjmrWi.exe
  C:\Windows\System\yHjmrWi.exe
  2⤵
  PID:9416
- C:\Windows\System\rAineBB.exe
  C:\Windows\System\rAineBB.exe
  2⤵
  PID:9432
- C:\Windows\System\bOXYdyp.exe
  C:\Windows\System\bOXYdyp.exe
  2⤵
  PID:9460
- C:\Windows\System\rUHJXTf.exe
  C:\Windows\System\rUHJXTf.exe
  2⤵
  PID:9476
- C:\Windows\System\ufCNaof.exe
  C:\Windows\System\ufCNaof.exe
  2⤵
  PID:9496
- C:\Windows\System\cRSsrXK.exe
  C:\Windows\System\cRSsrXK.exe
  2⤵
  PID:9512
- C:\Windows\System\lQTFFTZ.exe
  C:\Windows\System\lQTFFTZ.exe
  2⤵
  PID:9532
- C:\Windows\System\thImYkA.exe
  C:\Windows\System\thImYkA.exe
  2⤵
  PID:9556
- C:\Windows\System\MDTMXyr.exe
  C:\Windows\System\MDTMXyr.exe
  2⤵
  PID:9576
- C:\Windows\System\FjYpMpx.exe
  C:\Windows\System\FjYpMpx.exe
  2⤵
  PID:9592
- C:\Windows\System\xnJweEH.exe
  C:\Windows\System\xnJweEH.exe
  2⤵
  PID:9612
- C:\Windows\System\tkWMsbp.exe
  C:\Windows\System\tkWMsbp.exe
  2⤵
  PID:9636
- C:\Windows\System\PbRwwcn.exe
  C:\Windows\System\PbRwwcn.exe
  2⤵
  PID:9656
- C:\Windows\System\PYYjonC.exe
  C:\Windows\System\PYYjonC.exe
  2⤵
  PID:9676
- C:\Windows\System\MGXbcwK.exe
  C:\Windows\System\MGXbcwK.exe
  2⤵
  PID:9696
- C:\Windows\System\jTmppOv.exe
  C:\Windows\System\jTmppOv.exe
  2⤵
  PID:9712
- C:\Windows\System\hhgmsCC.exe
  C:\Windows\System\hhgmsCC.exe
  2⤵
  PID:9732
- C:\Windows\System\nhpMmxy.exe
  C:\Windows\System\nhpMmxy.exe
  2⤵
  PID:9756
- C:\Windows\System\jerfUND.exe
  C:\Windows\System\jerfUND.exe
  2⤵
  PID:9776
- C:\Windows\System\ghSoDJB.exe
  C:\Windows\System\ghSoDJB.exe
  2⤵
  PID:9792
- C:\Windows\System\pWhyrYt.exe
  C:\Windows\System\pWhyrYt.exe
  2⤵
  PID:9812
- C:\Windows\System\dGLrTtl.exe
  C:\Windows\System\dGLrTtl.exe
  2⤵
  PID:9836
- C:\Windows\System\qmHCGGX.exe
  C:\Windows\System\qmHCGGX.exe
  2⤵
  PID:9856
- C:\Windows\System\HAeIcDb.exe
  C:\Windows\System\HAeIcDb.exe
  2⤵
  PID:9876
- C:\Windows\System\OTCgTyu.exe
  C:\Windows\System\OTCgTyu.exe
  2⤵
  PID:9892
- C:\Windows\System\jomsrGv.exe
  C:\Windows\System\jomsrGv.exe
  2⤵
  PID:9920
- C:\Windows\System\AQbNDDE.exe
  C:\Windows\System\AQbNDDE.exe
  2⤵
  PID:9936
- C:\Windows\System\HIahiMh.exe
  C:\Windows\System\HIahiMh.exe
  2⤵
  PID:9960
- C:\Windows\System\JPzqgcZ.exe
  C:\Windows\System\JPzqgcZ.exe
  2⤵
  PID:9976
- C:\Windows\System\IWazSSC.exe
  C:\Windows\System\IWazSSC.exe
  2⤵
  PID:9996
- C:\Windows\System\IzkKmEO.exe
  C:\Windows\System\IzkKmEO.exe
  2⤵
  PID:10016
- C:\Windows\System\KKovFZx.exe
  C:\Windows\System\KKovFZx.exe
  2⤵
  PID:10032
- C:\Windows\System\fepNeat.exe
  C:\Windows\System\fepNeat.exe
  2⤵
  PID:10048
- C:\Windows\System\IUPNhMA.exe
  C:\Windows\System\IUPNhMA.exe
  2⤵
  PID:10072
- C:\Windows\System\PDYmNCr.exe
  C:\Windows\System\PDYmNCr.exe
  2⤵
  PID:10104
- C:\Windows\System\xHJajtv.exe
  C:\Windows\System\xHJajtv.exe
  2⤵
  PID:10120
- C:\Windows\System\kKrlfby.exe
  C:\Windows\System\kKrlfby.exe
  2⤵
  PID:10140
- C:\Windows\System\sCeRJtr.exe
  C:\Windows\System\sCeRJtr.exe
  2⤵
  PID:10160
- C:\Windows\System\TDTtqzN.exe
  C:\Windows\System\TDTtqzN.exe
  2⤵
  PID:10184
- C:\Windows\System\kgKPiPU.exe
  C:\Windows\System\kgKPiPU.exe
  2⤵
  PID:10204
- C:\Windows\System\pAxomDH.exe
  C:\Windows\System\pAxomDH.exe
  2⤵
  PID:10220
- C:\Windows\System\nGWOyLo.exe
  C:\Windows\System\nGWOyLo.exe
  2⤵
  PID:8348
- C:\Windows\System\JGJBmQY.exe
  C:\Windows\System\JGJBmQY.exe
  2⤵
  PID:9252
- C:\Windows\System\rvaqHxj.exe
  C:\Windows\System\rvaqHxj.exe
  2⤵
  PID:9280
- C:\Windows\System\ZDDFtKm.exe
  C:\Windows\System\ZDDFtKm.exe
  2⤵
  PID:9324
- C:\Windows\System\tUOaKyJ.exe
  C:\Windows\System\tUOaKyJ.exe
  2⤵
  PID:9352
- C:\Windows\System\KgEerTu.exe
  C:\Windows\System\KgEerTu.exe
  2⤵
  PID:9388
- C:\Windows\System\AHtZian.exe
  C:\Windows\System\AHtZian.exe
  2⤵
  PID:9404
- C:\Windows\System\ihkiyAI.exe
  C:\Windows\System\ihkiyAI.exe
  2⤵
  PID:9444
- C:\Windows\System\cHqKobu.exe
  C:\Windows\System\cHqKobu.exe
  2⤵
  PID:9472
- C:\Windows\System\bQzOSfr.exe
  C:\Windows\System\bQzOSfr.exe
  2⤵
  PID:9508
- C:\Windows\System\VaGPJXu.exe
  C:\Windows\System\VaGPJXu.exe
  2⤵
  PID:9548
- C:\Windows\System\OEqjNQt.exe
  C:\Windows\System\OEqjNQt.exe
  2⤵
  PID:9568
- C:\Windows\System\QcUoJgj.exe
  C:\Windows\System\QcUoJgj.exe
  2⤵
  PID:9628
- C:\Windows\System\osAzSuY.exe
  C:\Windows\System\osAzSuY.exe
  2⤵
  PID:9644
- C:\Windows\System\wGSaamF.exe
  C:\Windows\System\wGSaamF.exe
  2⤵
  PID:9692
- C:\Windows\System\LOGPMyM.exe
  C:\Windows\System\LOGPMyM.exe
  2⤵
  PID:9720
- C:\Windows\System\PkXFtvF.exe
  C:\Windows\System\PkXFtvF.exe
  2⤵
  PID:9748
- C:\Windows\System\DUQXUdj.exe
  C:\Windows\System\DUQXUdj.exe
  2⤵
  PID:9772
- C:\Windows\System\lVJtIQD.exe
  C:\Windows\System\lVJtIQD.exe
  2⤵
  PID:9824
- C:\Windows\System\IieYMFV.exe
  C:\Windows\System\IieYMFV.exe
  2⤵
  PID:9852
- C:\Windows\System\FhZVFji.exe
  C:\Windows\System\FhZVFji.exe
  2⤵
  PID:9884
- C:\Windows\System\jpjnYar.exe
  C:\Windows\System\jpjnYar.exe
  2⤵
  PID:9904
- C:\Windows\System\hShqyzb.exe
  C:\Windows\System\hShqyzb.exe
  2⤵
  PID:9952
- C:\Windows\System\iZOpNkg.exe
  C:\Windows\System\iZOpNkg.exe
  2⤵
  PID:9992
- C:\Windows\System\cMtzOmc.exe
  C:\Windows\System\cMtzOmc.exe
  2⤵
  PID:10056
- C:\Windows\System\nnEXWWk.exe
  C:\Windows\System\nnEXWWk.exe
  2⤵
  PID:10044
- C:\Windows\System\Itytixm.exe
  C:\Windows\System\Itytixm.exe
  2⤵
  PID:10092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AnihBBz.exe

Filesize
6.0MB

MD5
5da5e7432faf57d099de554ddee0ce24

SHA1
36a7c33bf954db491e19e8433575258a27a5279a

SHA256
c4c39d0d863638bef4070ecbb310dc27ee15551289102b0c54aed4932f4717d3

SHA512
9528fd1b56afd2aacd895697c7bd7103e58e9625ded9053ce6f238c4228a4c0cac9de1b4d39bd6241cf5e369affc7383da89cf0a9f2f2efb901aeeea2b2d1c9e

Download Submit
C:\Windows\system\BVlilKo.exe

Filesize
6.0MB

MD5
2d9b663f3468140c7aff023557a78a43

SHA1
13695877d9efd4164fd520b000a953bc2f0770ca

SHA256
edfc0ce20dc8bd67fb30846ae6269e84809ecb0c47387796c0d48ea0113c30e1

SHA512
45ba75ade02b8d41c657b396cc39904f117b6ed9d5553e812f6bc2eea46476e0c498bef88628bc5b44cbf0a1e038f330daab411028a8335b82c86190951b3c8e

Download Submit
C:\Windows\system\EtHVluH.exe

Filesize
6.0MB

MD5
7e03b73fd769c4fc7de554491ec39068

SHA1
1e310bc93aaa6b29b7e62e99874f4fea8a214d09

SHA256
e6e18654e2bf2908840850e64aece0e6f556a3fcbcbe9cbd1280cf2ddd6b90ce

SHA512
ac371c596fda26a16cbead480f11f7eb9b2b90697872f6207053a91a81a844d915b4d5e5bef065168bbb1aded8fd6c9e93c669d751460764fc8338a2685c6ab0

Download Submit
C:\Windows\system\HbuKNQu.exe

Filesize
6.0MB

MD5
12ad9483ec5f8d3a74f7435be0f5e7d7

SHA1
2ad70bfa580d1dec609f8238c2820280070ea6e3

SHA256
fbbbab114ad66f79504e328ca9ed8fc82586d52c76938758fe86f2d41c7951ee

SHA512
6208338c54c6180bd4ca5aebb450178869f748bc08d357d722b86fd69a1127ed2a79a48a2761604b959482d9c6f8323666091364792e925d42381e09beb351ad

Download Submit
C:\Windows\system\LfaQSik.exe

Filesize
6.0MB

MD5
cfe2217aa9c75d5f6139ac0ef3a723f8

SHA1
9fb6afc3387faef99b163119423afe50c1851acf

SHA256
42dc0426b7db3b3a35dab95b1e09917e8cd16b9b212306b3e35d44fa511b2230

SHA512
883f7a318f3d13dd3b8c93ee8dd1cfb6d2d19b957b4e481c0765babefcb223245b483813667db4bcd13f4dd36447d87e2a2539f52fed86e78868973451e29486

Download Submit
C:\Windows\system\OCjbAOB.exe

Filesize
6.0MB

MD5
298a4daabb933239a84aa1129ada71d1

SHA1
f8ddc226bc4a13972d49ec5c2f9b53a73c95a639

SHA256
cc02ca9d2b8c9439ef4f2b29012d49f40fbf9e008b40ed47ecfa73eddc699132

SHA512
f6c3df38410b0fcd3f964f2f5362f15df0e737da499411ec2949083f553745b820b627930d98d9792466e7ba98a722bfe6178c15ce8db61982c9ac6ce4fbbe74

Download Submit
C:\Windows\system\PCmMegj.exe

Filesize
6.0MB

MD5
e274751741f58651136e27cd98f20d63

SHA1
4ddfd589266169728eaae2633db3dac3c13473b8

SHA256
3e9ba9d44b61eae6d20ee239c304c9e1680968f881914c97596aade57cb7d2e1

SHA512
777f3df52a4f82d51d39f7d29fa5745c2b6a7af8688252b9be0f0cc66479c077f919f41516501d704a34edfcf172eb63aec8d285db1fcc1bb1ae9b31855f7ed1

Download Submit
C:\Windows\system\RtXTnPs.exe

Filesize
6.0MB

MD5
2c6faf4bd827075da219385708d683de

SHA1
cb3039c9fb099f75610c6e706ea440d959bbc0c2

SHA256
31ac8324babd79ba1ebd1c1b170972e5685b68fb0eb24672475a5522b49f5d5c

SHA512
e05745ad4b544d74f9f0da9bf7289827f3800bf4f5d8a9f7d2b18b0e7936c6942af0e84b1b3bd2b9ac4b135abbb8962d9ac61518f3ee0636f0c3dbcfe94c46a6

Download Submit
C:\Windows\system\SjwsAXg.exe

Filesize
6.0MB

MD5
e7ff9c96aa18b21a80083f53afc7ad76

SHA1
0a97b1a3965b77f848daf7c5ac1c2cb2fe1f5418

SHA256
c4edee774906209712ebb092d275a6f8c6d57e60205d1a8e9c87f8e893c68ccc

SHA512
d3220dbe576076cbffa3eb4848b994107ac9df172a38b4e63444e7edbe3151a6f8ccd84bf7c1cce808c6ee1bff700e8085e1018c136049b7eeb1ba2ff9edceb3

Download Submit
C:\Windows\system\TSIintW.exe

Filesize
6.0MB

MD5
8331d98dda40516dc8679442ee9f5630

SHA1
5cdc0890a2a6b035382f3fd6fbf93ff327490ee9

SHA256
2e4c2aa3cf49d0b751a89143e12b896193013a7d113d1fcf73fe229c20d96ab4

SHA512
b0168e1e6eae78069fe71a4e5d501ebc199b36610238f57e96465d59376c3e644d3b6c8ebd19491396a243a4cf75fe5391f7f1595a4cf7f1cb59943db5a9b3cf

Download Submit
C:\Windows\system\UeUwEKW.exe

Filesize
6.0MB

MD5
19755677e01ad901423997ded8c0f34b

SHA1
e0bfbbb309e4a35f4469fd304f2e29e5c7e32801

SHA256
5ef041a5d80eb09569c81de157238c36b7d7127f2844533f3cb8dc7a083e626f

SHA512
17d2251b3ee05bcee3d726aec6728dd0b860fc601ff62ba42b9c0462ca817777fd7f2390a8f4aad95fc0814f90ba3726f0efbb81e0a8093e4241c3e7ed29ea49

Download Submit
C:\Windows\system\VFduEpN.exe

Filesize
6.0MB

MD5
ec3d066e1e1e5c07699686d18a428a46

SHA1
d3e60795200554431eda38a8ac18d2cfa6246635

SHA256
689ac077c785602807dfc4fa57cdaafe97df639f72fa16c3e80382bacdea5e03

SHA512
24d5030aa2761692641c19ba2ded462738d138059122130a69d4081951fedf6bbdf47e448b195d5af081bfd5d928c87ab8e27036df152bd21add471320dcb0a8

Download Submit
C:\Windows\system\VWNpRYI.exe

Filesize
6.0MB

MD5
cd58f43c52b00759f8ccb9bc15e263e3

SHA1
0e57ecfbeb4a1c8a97b3d0ac0ca0e29952cfe84d

SHA256
875fcb70364c5133b280c7a54cfdef4df59ba08a6bbb4b679b7b93cabb634948

SHA512
6a4b9d8db34d65929283d5c3b9e24e54cd0e21feb2b5b0ec9139167abf282ac6f51cef4bdda30bd8a200b361995b7c0fb0449fb5c1aee7a744da4b0e822207c4

Download Submit
C:\Windows\system\VmfEOyL.exe

Filesize
6.0MB

MD5
c3b26ce0ca0b8e47c547f711a5fe3a07

SHA1
5287fdb72b490ad4d8c03df60cce6995f7a62f3d

SHA256
d8d563ca9ad9f5d5380826815efef8077599e356ac32d6ae398cf22a574ef918

SHA512
a042125ef2fe3cc398ebf5efa73ca543a0810407c9d80c8b73db929a0961c10d011a3b9354c171d047c0f25ba9ef4d9057cc2f8e6dededdb85b235afe85ba29f

Download Submit
C:\Windows\system\XmBOIuy.exe

Filesize
6.0MB

MD5
fcc79aa77b8050748ae23753b87679ae

SHA1
2d49e6efe3f14f36195dc00ff09e4aa1f1940e0e

SHA256
685830292628c2a48e62d5ef4f63160341bcbdce5155e7b314584b3602548589

SHA512
5fd8ad25bd69219f91f6a00a10949e464642f5c27822d1d948e4f88b3b6145482ae62f7fa46a13f02900b47b6c463b126c91037da1e96ae67366eb754fbeefc5

Download Submit
C:\Windows\system\Yoxkpdl.exe

Filesize
6.0MB

MD5
d4f9829548ae390f2a4cd08ed2d02aa4

SHA1
6cab9a3ff6b8af315ed2b7288e9ce559946eab0a

SHA256
315573ee95fc87d375a138ab05fb347aada86774a6db4e1e42b2af242fa2588d

SHA512
cf11bf4e9e918e655eefc6f2a8db7a14a827b9298c01752a3f8b3dd74ccfea442d045dd591333e0f90c82ae1b4be127f60318989e4245bf5be199c05f2774d0f

Download Submit
C:\Windows\system\bUWavsq.exe

Filesize
6.0MB

MD5
106b6e4818a964bff84fe79de20c91e2

SHA1
10b9789e1da0a0e9536aac1bcc9ed016f9118378

SHA256
183c74cea142724011ebfc8327b3ffd63cd851512f399a44cde128f49dd24c35

SHA512
2eecc204db1db424308d1e2940c2dd6f2649b6b1cef2975f1751526c014871968657967e64276ed513a176c2873b11e8838522a3d43151a25b0636cb9889b3c3

Download Submit
C:\Windows\system\bxOJPwu.exe

Filesize
6.0MB

MD5
bf8838247f06748bcd868549dc97a585

SHA1
03c562e5407d4e1e458e382f446af459c8e58569

SHA256
ac3afdd382c83043bd0fde23b15e2a8598dc47d871aa1c929fcaf51420f60f72

SHA512
a9f441348da413e87ce950317d6a7e003dc35077e320a3c36395a51f4655f9e87ec2522cdc2093559987f87c32e20067fc388ec71e0edce3cea7527632aea2e3

Download Submit
C:\Windows\system\eNuMAES.exe

Filesize
6.0MB

MD5
1fb4ff56735b3720a796349861346cfb

SHA1
dcde8d9cf93bd8cd864baa012686bf2cf2f5e0dd

SHA256
372309b142576bed1349347edaa4217d6d4c0c05e6fa124ba120ef26a91a4ae2

SHA512
7582f5ff8426cd1c034751c1957f2ed043f92b694ae24a39c9ab1794aa43ac17e0c990f2e325f873bff79280af12db8e48261f5068c56fec45807966574e4e09

Download Submit
C:\Windows\system\gakQdiq.exe

Filesize
6.0MB

MD5
4fa58170e31fe688f64ab5778c374998

SHA1
c0ffcb1cef16f0fbab0b4787afc13c9a2dbddc32

SHA256
24c2ab57f6137457287357eb8261b579b6e38ae6cfd89afdc3223eddea505fd4

SHA512
67a5e6de405929abe4f1f8ec0a6153ddf229c068e0c16047c6ce21c7ac1c2bbdbe4afeca85dd3561c3fe3c4f2fd44e712d4cc31c0f72bf35764de48365bf6898

Download Submit
C:\Windows\system\gwddLUj.exe

Filesize
6.0MB

MD5
9cd66a4616493e0c4351e17efa05032e

SHA1
129999b9fc960267a605c630933aa110fdb625c7

SHA256
36570125638cbe8596d76284c70e11b5aeca22686b2e4db6320071dc0ea828d3

SHA512
14b9721210af39f904be889be048f925c0e228bcea8b5f894f7c35abb01c14cf304c5efbcb59d6f318219e3a9591a635ef04d104c8f0621b2ebb555f2d62ca69

Download Submit
C:\Windows\system\pywAUXU.exe

Filesize
6.0MB

MD5
873e21f958034991f79d242eddb55eb2

SHA1
926c9ffa283370aadbcfd4eaf6742a3c320ceda1

SHA256
486064b1a38ec3850ce310a3acd3beef35732e003b91fa7a700b941520d12b7a

SHA512
f82d7c4d51e113242032902b72213232b0b1503831b0a863e95ad8a0ee8a458788e763a856ca4676dbea122d5e9bde32ca2873806acd7cc86a2fb5de00e6dafb

Download Submit
C:\Windows\system\sueRdPC.exe

Filesize
6.0MB

MD5
64309245e5fbe1da29fb20356017a10b

SHA1
d02619cc76cbf03ce63ab06a4a02b1f0e6734f61

SHA256
8980207016969334419630e75369001be1406624916f31904e5998e3f5d54a2c

SHA512
aad27b2e10bcaf12127f3f05ba84bcbf7dabd0944069583c10c1669e2ee26bdd6639bd55bac0b4a2d1ad4468eda248771dc2cce0f5bc701ce2927fcf36128fd2

Download Submit
C:\Windows\system\ycmbJFH.exe

Filesize
6.0MB

MD5
e1ed76e03dc721e79ce7cc4e73bde01e

SHA1
3a42d5933b8cbf837f5c84006c0d8b0a018df5ec

SHA256
a4bb873ce20c3da2fe93f40ae970bb93fe067d9411bb8c5ee2d240c1dbc78e1a

SHA512
b39f41a9ee9d007a9a72d89ae800cdd1e6141b4f7ff0e1fabbaddebacc0225fbeca614bb4ee7b1303306f94aaddeccce324af69dcad7e4a461772a9e0dc5ac17

Download Submit
\Windows\system\PpSLZGv.exe

Filesize
6.0MB

MD5
e40ce75386540692c9f12a1a8007b166

SHA1
06f17a90bc14f72a0321853240664ab2b75db375

SHA256
78d72bc0cdf238eedad7bd45d502ebcf05e7b89985e3a33133ca1c060e9e6813

SHA512
a46b91cf2abdd9527689629b1d14fd43003ac36d6df40844fd32de686f050c3bf68f255a792b6e6cbe44eb2c9ada7f37a1d561d5fae4325d31c3ce3c4a2596e6

Download Submit
\Windows\system\QZsSGDu.exe

Filesize
6.0MB

MD5
8651e5288e0a341e2fe3c6752965fea4

SHA1
0ddfff450d123b527f677548b2c0114b9625d08a

SHA256
31e3989d121e0c5f23228e0db2a8e8061c7e7499a1a74e9dedc14f5f9111ef1c

SHA512
f9963919aed4a0b7b7eb1dfd3a92dec5ae4636f859c5d970fa76ac0dd33bef1cca42cf25e5d4a0a01733d922c9ec3d75b28d1b56169b60dc0099401294c5d858

Download Submit
\Windows\system\jzrQGpE.exe

Filesize
6.0MB

MD5
563aeb0434dc7fbf6a8075f0dde14e47

SHA1
f12fae5658eb57d849628971a103113ede3a9269

SHA256
b40433ea97211a78422c7ce98fcf34abfca5af93e22effc067cf2bd70dbbe1f7

SHA512
5685c251a7a4b7d7d01a2b69f03957f9560f5d59d70869747e6f949eb2c53aee70b8c7da186ce22fcd3cdb75679a8cb70cce6fca7ee9cef168ef69b3988735ab

Download Submit
\Windows\system\poeKDbW.exe

Filesize
6.0MB

MD5
c7a11102698bdae3491b094fc45684a3

SHA1
971c5e1be96612b963f204875251f43a9c8f1aed

SHA256
8c641b0a43287ee11493c9218a9a2dbc572f71e967c6f91e4a6eac478e8424ae

SHA512
21139e202e2727ed9a854eed2dc5740ecbd071c1c10d06d4facaf178b15dd519d6129bbfaf758c6a54e492e48c18ad3963b3067a3846815fe3e3c9e59b4391e2

Download Submit
\Windows\system\sQlFONK.exe

Filesize
6.0MB

MD5
3c82f3e09f64f87fc9cd6ae5c9c16ece

SHA1
379f99be45247ceb2f1ef6e20361427b3fa8f783

SHA256
aeddd3a52aa93d1642337e7fbd6910e43578384a0ddaf71f9a2efc19b45060cd

SHA512
82e8f258192122562ae8bfa0b62076bf74247761204b482b633f88bccf978148d5b7e14a79bdb8002856695e54e4dfe948de98772babe02fda3f30a133b073ea

Download Submit
\Windows\system\tdFfNXB.exe

Filesize
6.0MB

MD5
11fb8e4c132624d389a3ec021a3b9057

SHA1
6bcadebcf9970f6a1ff51f89e85dc337b741f4a6

SHA256
7e40841d0092be2fd70570b7ac4d1972ade81b1c54280f08619d7e4cb0baa462

SHA512
c7aa7407529dab0d8d293c70c2e034e653f482a50d2437185acafab9754bfd86bbf58a97e98115005d4f1abf2a9e72ca89fd8a33b00ceef5a775c0fa22b68447

Download Submit
\Windows\system\yCleVBH.exe

Filesize
6.0MB

MD5
4c7bd11d9f2388e429e21320ee6c074a

SHA1
d3a4bc6c1e6faedc74ee5cf03f67413e8a01de04

SHA256
579b76e1b53ce05292e59ba9631571c0107ccb049526647cfbd27aa58a896054

SHA512
f5a9ea7d57268d525e837dbd5090c54dc5a5faceb464e318c6ec66f84c020bb149ff1239bf982bda413713f5bfb96bb273cb5b4afeb9873d1de9bf4639580795

Download Submit
\Windows\system\yQYumaE.exe

Filesize
6.0MB

MD5
224d45d6a384f5b7857cee528070d73c

SHA1
55de9fec7c91400c881f073d1bcb19ce1e5b8982

SHA256
34b3d235f6f03fc1f2f361ebd85f84f1755a4e293f1e01976fc8b7a302d71672

SHA512
e2112cdd5b43d99d35b15d99ac444b4397aa0319760876d984efdc75f74c4e0d6074e787aa0b4a7de49cc58b17291b52c5007ec719ed5911f351d675e61505a3

Download Submit
memory/1796-97-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-758-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-3941-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3878-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-80-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-109-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2184-3872-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2184-65-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2364-43-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2364-24-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-12-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2364-224-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1004-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2364-83-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-76-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2364-19-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-81-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2364-92-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-96-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-101-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2364-0-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2364-44-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-33-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2364-108-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2364-30-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-37-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2364-110-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3933-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-566-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-90-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3553-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-21-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-54-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3786-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2584-95-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2584-48-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2592-937-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2592-104-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3910-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3932-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2644-86-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3892-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2652-87-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2704-38-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3464-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-8-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2720-34-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3607-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-84-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-15-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3465-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2788-46-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3602-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2880-28-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2880-60-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3832-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-55-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download