cobaltstrike | 6209aae452ce04e5f96713e1e77aabf7a13431fc7b865d48adf3727103eee921

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

38f17e5297f564fbfd386a6ff14e0037
SHA1

4d70ab942b1c812a71d98dc9924c4bd1e1005ae4
SHA256

6209aae452ce04e5f96713e1e77aabf7a13431fc7b865d48adf3727103eee921
SHA512

3b5fa54a639b4c2b8f02f145d550bc60abf256210333f6a21cdd1cfdebc81d742be9bdab95d0e341d2ba3b6d8b796471663963633d886fcc47b6504fc3375d20
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000120dc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019214-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019219-9.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001921d-27.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019329-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195c2-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a483-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a485-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a481-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47f-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47c-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a472-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a470-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-89.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000191d1-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019369-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019232-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3044-1-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x000b0000000120dc-3.dat	xmrig
behavioral1/files/0x0007000000019214-10.dat	xmrig
behavioral1/memory/2364-15-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1800-14-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019219-9.dat	xmrig
behavioral1/memory/2456-21-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2332-28-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000600000001921d-27.dat	xmrig
behavioral1/files/0x0006000000019329-38.dat	xmrig
behavioral1/files/0x00060000000195c2-53.dat	xmrig
behavioral1/memory/2456-57-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2676-58-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2888-75-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2936-90-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a423-125.dat	xmrig
behavioral1/files/0x000500000001a483-190.dat	xmrig
behavioral1/memory/2600-1176-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2720-939-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2548-704-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2608-481-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2888-263-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a485-196.dat	xmrig
behavioral1/files/0x000500000001a487-200.dat	xmrig
behavioral1/files/0x000500000001a481-186.dat	xmrig
behavioral1/files/0x000500000001a47f-180.dat	xmrig
behavioral1/files/0x000500000001a47c-176.dat	xmrig
behavioral1/files/0x000500000001a478-170.dat	xmrig
behavioral1/files/0x000500000001a472-165.dat	xmrig
behavioral1/files/0x000500000001a470-161.dat	xmrig
behavioral1/files/0x000500000001a46d-155.dat	xmrig
behavioral1/files/0x000500000001a463-150.dat	xmrig
behavioral1/files/0x000500000001a454-145.dat	xmrig
behavioral1/files/0x000500000001a452-140.dat	xmrig
behavioral1/files/0x000500000001a447-135.dat	xmrig
behavioral1/files/0x000500000001a445-131.dat	xmrig
behavioral1/files/0x000500000001a3ed-120.dat	xmrig
behavioral1/files/0x000500000001a3ea-115.dat	xmrig
behavioral1/memory/2600-109-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2712-108-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e8-107.dat	xmrig
behavioral1/memory/2720-99-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2676-98-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e6-97.dat	xmrig
behavioral1/memory/2548-91-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e4-89.dat	xmrig
behavioral1/memory/2608-82-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2708-81-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00080000000191d1-80.dat	xmrig
behavioral1/memory/2168-74-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2fc-73.dat	xmrig
behavioral1/memory/2712-66-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2332-65-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2b9-64.dat	xmrig
behavioral1/memory/2936-51-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019369-50.dat	xmrig
behavioral1/memory/2708-43-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2168-36-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/3044-35-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/files/0x0006000000019232-34.dat	xmrig
behavioral1/memory/1800-42-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/1800-3320-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2332-3330-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2364-3327-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1800	oepMzGd.exe
2364	vwdEXic.exe
2456	FRydpkF.exe
2332	Xtkxmyu.exe
2168	qtJlJqd.exe
2708	TmJyuHa.exe
2936	SOoXpVc.exe
2676	uUggjSA.exe
2712	ZXIRZIb.exe
2888	qiChFfI.exe
2608	yWRvdow.exe
2548	QKFFTLt.exe
2720	rvYgBho.exe
2600	lqqLcUv.exe
372	alSxwyy.exe
2512	ZtvjFeH.exe
1876	OFIASGS.exe
1816	rzSSncz.exe
1732	sxVXuFX.exe
1916	peGyiMX.exe
2856	izBcOkr.exe
2880	fkkzmaQ.exe
2892	wTZxZKS.exe
2228	BDRsURu.exe
2128	bYEwcSe.exe
3020	ptTNtWR.exe
860	enyOwcE.exe
404	rzTVktp.exe
2088	GHkyFYU.exe
684	eksiZqJ.exe
948	kIKZqPD.exe
1828	RUuAMkK.exe
1332	bGnvRpr.exe
1736	CYszkNQ.exe
1700	HEhUOWC.exe
1220	MWqHwcR.exe
1340	EOaiQsW.exe
1632	ZaFLQMA.exe
1128	FuDduvL.exe
1328	GNhzqpI.exe
2380	egoaPlh.exe
292	UCscZQd.exe
1172	ByVVFae.exe
2208	uvDoSmi.exe
1652	NEyouIz.exe
1028	ENvnuVz.exe
1516	gJNGzdO.exe
2284	GwGOnGM.exe
2468	kftzYCV.exe
1584	tGVhlyX.exe
1612	QfZzQgG.exe
2500	UQTEKoD.exe
2836	piOaZjw.exe
2780	jrGQdUn.exe
2352	hFnVsLy.exe
2120	NOODDwv.exe
2840	odhVaBP.exe
2604	jsYcfgd.exe
2016	JlxdjqZ.exe
1324	yAfsGyU.exe
2036	JiKKRmU.exe
1288	qZlotnb.exe
2540	DMguSfw.exe
2732	HeBRaJw.exe

Loads dropped DLL 64 IoCs

pid	Process
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3044-1-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x000b0000000120dc-3.dat	upx
behavioral1/files/0x0007000000019214-10.dat	upx
behavioral1/memory/2364-15-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/1800-14-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0006000000019219-9.dat	upx
behavioral1/memory/2456-21-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2332-28-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000600000001921d-27.dat	upx
behavioral1/files/0x0006000000019329-38.dat	upx
behavioral1/files/0x00060000000195c2-53.dat	upx
behavioral1/memory/2456-57-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2676-58-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2888-75-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2936-90-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x000500000001a423-125.dat	upx
behavioral1/files/0x000500000001a483-190.dat	upx
behavioral1/memory/2600-1176-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2720-939-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2548-704-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2608-481-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2888-263-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x000500000001a485-196.dat	upx
behavioral1/files/0x000500000001a487-200.dat	upx
behavioral1/files/0x000500000001a481-186.dat	upx
behavioral1/files/0x000500000001a47f-180.dat	upx
behavioral1/files/0x000500000001a47c-176.dat	upx
behavioral1/files/0x000500000001a478-170.dat	upx
behavioral1/files/0x000500000001a472-165.dat	upx
behavioral1/files/0x000500000001a470-161.dat	upx
behavioral1/files/0x000500000001a46d-155.dat	upx
behavioral1/files/0x000500000001a463-150.dat	upx
behavioral1/files/0x000500000001a454-145.dat	upx
behavioral1/files/0x000500000001a452-140.dat	upx
behavioral1/files/0x000500000001a447-135.dat	upx
behavioral1/files/0x000500000001a445-131.dat	upx
behavioral1/files/0x000500000001a3ed-120.dat	upx
behavioral1/files/0x000500000001a3ea-115.dat	upx
behavioral1/memory/2600-109-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2712-108-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000500000001a3e8-107.dat	upx
behavioral1/memory/2720-99-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2676-98-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x000500000001a3e6-97.dat	upx
behavioral1/memory/2548-91-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x000500000001a3e4-89.dat	upx
behavioral1/memory/2608-82-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2708-81-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00080000000191d1-80.dat	upx
behavioral1/memory/2168-74-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000500000001a2fc-73.dat	upx
behavioral1/memory/2712-66-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2332-65-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000500000001a2b9-64.dat	upx
behavioral1/memory/2936-51-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0007000000019369-50.dat	upx
behavioral1/memory/2708-43-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2168-36-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/3044-35-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0006000000019232-34.dat	upx
behavioral1/memory/1800-42-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/1800-3320-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2332-3330-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2364-3327-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YaaUNNN.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coPAuHp.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGPYQds.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrDZLzo.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XyGjFYO.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZYXVOT.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZWcnHw.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCyaNml.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUYYTew.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgQsyDC.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogmLvIZ.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZEUgir.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKPrRfM.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbDvSyA.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjTAqcU.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHEoMfu.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsJNcJO.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THmTGlr.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\womIojH.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKybPuT.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPliubb.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZbkYeS.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCldOxc.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFZoOBM.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZMLPbv.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKLCsqs.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USuZhgt.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvrDVkY.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opDVheX.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSYQPDv.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjyEQQV.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BslIScw.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqBsXwZ.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZVzrLNk.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHppram.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCZWVkV.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRgTqAP.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFoyqnT.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUUWrtu.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeQoUvf.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpaufGV.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtzqgMh.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAZiezI.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjUeDcW.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPgAilV.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQBQqXt.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNnnzUA.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eFHcMQj.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiUuWJI.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFTLxOR.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoCGoMd.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXYGhDP.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfqrUmE.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQtuLDH.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuAuyyW.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHSLThu.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzTRYOi.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFqwyMr.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrGQdUn.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omxekBc.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgcdjJJ.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYVBNpr.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMpPxUU.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPlyumC.exe	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2364	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3044 wrote to memory of 2364	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3044 wrote to memory of 2364	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3044 wrote to memory of 1800	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3044 wrote to memory of 1800	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3044 wrote to memory of 1800	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3044 wrote to memory of 2456	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3044 wrote to memory of 2456	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3044 wrote to memory of 2456	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3044 wrote to memory of 2332	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3044 wrote to memory of 2332	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3044 wrote to memory of 2332	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3044 wrote to memory of 2168	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3044 wrote to memory of 2168	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3044 wrote to memory of 2168	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3044 wrote to memory of 2708	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3044 wrote to memory of 2708	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3044 wrote to memory of 2708	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3044 wrote to memory of 2936	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3044 wrote to memory of 2936	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3044 wrote to memory of 2936	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3044 wrote to memory of 2676	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3044 wrote to memory of 2676	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3044 wrote to memory of 2676	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3044 wrote to memory of 2712	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3044 wrote to memory of 2712	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3044 wrote to memory of 2712	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3044 wrote to memory of 2888	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3044 wrote to memory of 2888	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3044 wrote to memory of 2888	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3044 wrote to memory of 2608	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3044 wrote to memory of 2608	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3044 wrote to memory of 2608	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3044 wrote to memory of 2548	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3044 wrote to memory of 2548	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3044 wrote to memory of 2548	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3044 wrote to memory of 2720	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3044 wrote to memory of 2720	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3044 wrote to memory of 2720	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3044 wrote to memory of 2600	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3044 wrote to memory of 2600	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3044 wrote to memory of 2600	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3044 wrote to memory of 372	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3044 wrote to memory of 372	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3044 wrote to memory of 372	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3044 wrote to memory of 2512	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3044 wrote to memory of 2512	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3044 wrote to memory of 2512	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3044 wrote to memory of 1876	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3044 wrote to memory of 1876	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3044 wrote to memory of 1876	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3044 wrote to memory of 1816	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3044 wrote to memory of 1816	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3044 wrote to memory of 1816	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3044 wrote to memory of 1732	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3044 wrote to memory of 1732	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3044 wrote to memory of 1732	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3044 wrote to memory of 1916	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3044 wrote to memory of 1916	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3044 wrote to memory of 1916	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3044 wrote to memory of 2856	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3044 wrote to memory of 2856	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3044 wrote to memory of 2856	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3044 wrote to memory of 2880	3044	2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_38f17e5297f564fbfd386a6ff14e0037_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\System\vwdEXic.exe
  C:\Windows\System\vwdEXic.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\oepMzGd.exe
  C:\Windows\System\oepMzGd.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\FRydpkF.exe
  C:\Windows\System\FRydpkF.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\Xtkxmyu.exe
  C:\Windows\System\Xtkxmyu.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\qtJlJqd.exe
  C:\Windows\System\qtJlJqd.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\TmJyuHa.exe
  C:\Windows\System\TmJyuHa.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\SOoXpVc.exe
  C:\Windows\System\SOoXpVc.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\uUggjSA.exe
  C:\Windows\System\uUggjSA.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ZXIRZIb.exe
  C:\Windows\System\ZXIRZIb.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\qiChFfI.exe
  C:\Windows\System\qiChFfI.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\yWRvdow.exe
  C:\Windows\System\yWRvdow.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\QKFFTLt.exe
  C:\Windows\System\QKFFTLt.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\rvYgBho.exe
  C:\Windows\System\rvYgBho.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\lqqLcUv.exe
  C:\Windows\System\lqqLcUv.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\alSxwyy.exe
  C:\Windows\System\alSxwyy.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\ZtvjFeH.exe
  C:\Windows\System\ZtvjFeH.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\OFIASGS.exe
  C:\Windows\System\OFIASGS.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\rzSSncz.exe
  C:\Windows\System\rzSSncz.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\sxVXuFX.exe
  C:\Windows\System\sxVXuFX.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\peGyiMX.exe
  C:\Windows\System\peGyiMX.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\izBcOkr.exe
  C:\Windows\System\izBcOkr.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\fkkzmaQ.exe
  C:\Windows\System\fkkzmaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\wTZxZKS.exe
  C:\Windows\System\wTZxZKS.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\BDRsURu.exe
  C:\Windows\System\BDRsURu.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\bYEwcSe.exe
  C:\Windows\System\bYEwcSe.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ptTNtWR.exe
  C:\Windows\System\ptTNtWR.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\enyOwcE.exe
  C:\Windows\System\enyOwcE.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\rzTVktp.exe
  C:\Windows\System\rzTVktp.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\GHkyFYU.exe
  C:\Windows\System\GHkyFYU.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\eksiZqJ.exe
  C:\Windows\System\eksiZqJ.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\kIKZqPD.exe
  C:\Windows\System\kIKZqPD.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\RUuAMkK.exe
  C:\Windows\System\RUuAMkK.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\bGnvRpr.exe
  C:\Windows\System\bGnvRpr.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\CYszkNQ.exe
  C:\Windows\System\CYszkNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\HEhUOWC.exe
  C:\Windows\System\HEhUOWC.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\MWqHwcR.exe
  C:\Windows\System\MWqHwcR.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\EOaiQsW.exe
  C:\Windows\System\EOaiQsW.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\ZaFLQMA.exe
  C:\Windows\System\ZaFLQMA.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\FuDduvL.exe
  C:\Windows\System\FuDduvL.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\GNhzqpI.exe
  C:\Windows\System\GNhzqpI.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\egoaPlh.exe
  C:\Windows\System\egoaPlh.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\UCscZQd.exe
  C:\Windows\System\UCscZQd.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\ByVVFae.exe
  C:\Windows\System\ByVVFae.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\uvDoSmi.exe
  C:\Windows\System\uvDoSmi.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\NEyouIz.exe
  C:\Windows\System\NEyouIz.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ENvnuVz.exe
  C:\Windows\System\ENvnuVz.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\gJNGzdO.exe
  C:\Windows\System\gJNGzdO.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\GwGOnGM.exe
  C:\Windows\System\GwGOnGM.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\kftzYCV.exe
  C:\Windows\System\kftzYCV.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\tGVhlyX.exe
  C:\Windows\System\tGVhlyX.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\QfZzQgG.exe
  C:\Windows\System\QfZzQgG.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\UQTEKoD.exe
  C:\Windows\System\UQTEKoD.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\piOaZjw.exe
  C:\Windows\System\piOaZjw.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\jrGQdUn.exe
  C:\Windows\System\jrGQdUn.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\hFnVsLy.exe
  C:\Windows\System\hFnVsLy.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\NOODDwv.exe
  C:\Windows\System\NOODDwv.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\odhVaBP.exe
  C:\Windows\System\odhVaBP.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\jsYcfgd.exe
  C:\Windows\System\jsYcfgd.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\JlxdjqZ.exe
  C:\Windows\System\JlxdjqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\yAfsGyU.exe
  C:\Windows\System\yAfsGyU.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\JiKKRmU.exe
  C:\Windows\System\JiKKRmU.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\qZlotnb.exe
  C:\Windows\System\qZlotnb.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\DMguSfw.exe
  C:\Windows\System\DMguSfw.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\HeBRaJw.exe
  C:\Windows\System\HeBRaJw.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ggDTdPD.exe
  C:\Windows\System\ggDTdPD.exe
  2⤵
  PID:2404
- C:\Windows\System\ChlfPgu.exe
  C:\Windows\System\ChlfPgu.exe
  2⤵
  PID:2448
- C:\Windows\System\XzhcUwr.exe
  C:\Windows\System\XzhcUwr.exe
  2⤵
  PID:2132
- C:\Windows\System\xLWyVmB.exe
  C:\Windows\System\xLWyVmB.exe
  2⤵
  PID:2100
- C:\Windows\System\QhQysxI.exe
  C:\Windows\System\QhQysxI.exe
  2⤵
  PID:2640
- C:\Windows\System\wxbARQb.exe
  C:\Windows\System\wxbARQb.exe
  2⤵
  PID:2300
- C:\Windows\System\XkMylHf.exe
  C:\Windows\System\XkMylHf.exe
  2⤵
  PID:2240
- C:\Windows\System\KkKANad.exe
  C:\Windows\System\KkKANad.exe
  2⤵
  PID:300
- C:\Windows\System\kpIsJbx.exe
  C:\Windows\System\kpIsJbx.exe
  2⤵
  PID:744
- C:\Windows\System\mgQsyDC.exe
  C:\Windows\System\mgQsyDC.exe
  2⤵
  PID:2264
- C:\Windows\System\FRKnxMq.exe
  C:\Windows\System\FRKnxMq.exe
  2⤵
  PID:2288
- C:\Windows\System\wqkCnvL.exe
  C:\Windows\System\wqkCnvL.exe
  2⤵
  PID:2424
- C:\Windows\System\yFdxbOV.exe
  C:\Windows\System\yFdxbOV.exe
  2⤵
  PID:832
- C:\Windows\System\MUQJUXO.exe
  C:\Windows\System\MUQJUXO.exe
  2⤵
  PID:572
- C:\Windows\System\YfxJwBS.exe
  C:\Windows\System\YfxJwBS.exe
  2⤵
  PID:2416
- C:\Windows\System\QUMrZgZ.exe
  C:\Windows\System\QUMrZgZ.exe
  2⤵
  PID:884
- C:\Windows\System\QiSNUjP.exe
  C:\Windows\System\QiSNUjP.exe
  2⤵
  PID:1944
- C:\Windows\System\JPTDCrR.exe
  C:\Windows\System\JPTDCrR.exe
  2⤵
  PID:2060
- C:\Windows\System\ZmMmGpI.exe
  C:\Windows\System\ZmMmGpI.exe
  2⤵
  PID:2772
- C:\Windows\System\meFZHGS.exe
  C:\Windows\System\meFZHGS.exe
  2⤵
  PID:2668
- C:\Windows\System\vOiyOnm.exe
  C:\Windows\System\vOiyOnm.exe
  2⤵
  PID:2812
- C:\Windows\System\tXJctAA.exe
  C:\Windows\System\tXJctAA.exe
  2⤵
  PID:3008
- C:\Windows\System\bDRyyRU.exe
  C:\Windows\System\bDRyyRU.exe
  2⤵
  PID:1988
- C:\Windows\System\dQRXwnr.exe
  C:\Windows\System\dQRXwnr.exe
  2⤵
  PID:1724
- C:\Windows\System\gXYGhDP.exe
  C:\Windows\System\gXYGhDP.exe
  2⤵
  PID:2848
- C:\Windows\System\eRxmhcA.exe
  C:\Windows\System\eRxmhcA.exe
  2⤵
  PID:2436
- C:\Windows\System\nTKmnVT.exe
  C:\Windows\System\nTKmnVT.exe
  2⤵
  PID:3092
- C:\Windows\System\KAiohru.exe
  C:\Windows\System\KAiohru.exe
  2⤵
  PID:3112
- C:\Windows\System\UvGpVKa.exe
  C:\Windows\System\UvGpVKa.exe
  2⤵
  PID:3132
- C:\Windows\System\Okgiyig.exe
  C:\Windows\System\Okgiyig.exe
  2⤵
  PID:3152
- C:\Windows\System\XqNDhSm.exe
  C:\Windows\System\XqNDhSm.exe
  2⤵
  PID:3172
- C:\Windows\System\HHpJpZo.exe
  C:\Windows\System\HHpJpZo.exe
  2⤵
  PID:3196
- C:\Windows\System\FFyQUNn.exe
  C:\Windows\System\FFyQUNn.exe
  2⤵
  PID:3216
- C:\Windows\System\WeKzCId.exe
  C:\Windows\System\WeKzCId.exe
  2⤵
  PID:3236
- C:\Windows\System\jlxZUDg.exe
  C:\Windows\System\jlxZUDg.exe
  2⤵
  PID:3256
- C:\Windows\System\LLhApTe.exe
  C:\Windows\System\LLhApTe.exe
  2⤵
  PID:3276
- C:\Windows\System\CSyWHBS.exe
  C:\Windows\System\CSyWHBS.exe
  2⤵
  PID:3296
- C:\Windows\System\vTYWFsw.exe
  C:\Windows\System\vTYWFsw.exe
  2⤵
  PID:3316
- C:\Windows\System\ARmeGaT.exe
  C:\Windows\System\ARmeGaT.exe
  2⤵
  PID:3336
- C:\Windows\System\fpxFbiI.exe
  C:\Windows\System\fpxFbiI.exe
  2⤵
  PID:3356
- C:\Windows\System\gOHMmSa.exe
  C:\Windows\System\gOHMmSa.exe
  2⤵
  PID:3376
- C:\Windows\System\YpqqyeL.exe
  C:\Windows\System\YpqqyeL.exe
  2⤵
  PID:3396
- C:\Windows\System\USuZhgt.exe
  C:\Windows\System\USuZhgt.exe
  2⤵
  PID:3416
- C:\Windows\System\BslIScw.exe
  C:\Windows\System\BslIScw.exe
  2⤵
  PID:3436
- C:\Windows\System\BepGOJw.exe
  C:\Windows\System\BepGOJw.exe
  2⤵
  PID:3456
- C:\Windows\System\JsdjNpX.exe
  C:\Windows\System\JsdjNpX.exe
  2⤵
  PID:3476
- C:\Windows\System\qxWfdPp.exe
  C:\Windows\System\qxWfdPp.exe
  2⤵
  PID:3496
- C:\Windows\System\dYYOAeH.exe
  C:\Windows\System\dYYOAeH.exe
  2⤵
  PID:3516
- C:\Windows\System\GasdoOg.exe
  C:\Windows\System\GasdoOg.exe
  2⤵
  PID:3536
- C:\Windows\System\BhljqFl.exe
  C:\Windows\System\BhljqFl.exe
  2⤵
  PID:3556
- C:\Windows\System\uPZsiMW.exe
  C:\Windows\System\uPZsiMW.exe
  2⤵
  PID:3576
- C:\Windows\System\TqoMIiw.exe
  C:\Windows\System\TqoMIiw.exe
  2⤵
  PID:3596
- C:\Windows\System\qKTbdsc.exe
  C:\Windows\System\qKTbdsc.exe
  2⤵
  PID:3616
- C:\Windows\System\CNdNNJt.exe
  C:\Windows\System\CNdNNJt.exe
  2⤵
  PID:3636
- C:\Windows\System\ventpUt.exe
  C:\Windows\System\ventpUt.exe
  2⤵
  PID:3656
- C:\Windows\System\DzMbqHX.exe
  C:\Windows\System\DzMbqHX.exe
  2⤵
  PID:3676
- C:\Windows\System\AclSikL.exe
  C:\Windows\System\AclSikL.exe
  2⤵
  PID:3696
- C:\Windows\System\DoZVQnt.exe
  C:\Windows\System\DoZVQnt.exe
  2⤵
  PID:3716
- C:\Windows\System\pSZkWeS.exe
  C:\Windows\System\pSZkWeS.exe
  2⤵
  PID:3736
- C:\Windows\System\DNBaXhl.exe
  C:\Windows\System\DNBaXhl.exe
  2⤵
  PID:3756
- C:\Windows\System\YpyGQwR.exe
  C:\Windows\System\YpyGQwR.exe
  2⤵
  PID:3780
- C:\Windows\System\BNLvRsR.exe
  C:\Windows\System\BNLvRsR.exe
  2⤵
  PID:3800
- C:\Windows\System\PccUTFw.exe
  C:\Windows\System\PccUTFw.exe
  2⤵
  PID:3820
- C:\Windows\System\BbcFYhr.exe
  C:\Windows\System\BbcFYhr.exe
  2⤵
  PID:3840
- C:\Windows\System\eurcaaJ.exe
  C:\Windows\System\eurcaaJ.exe
  2⤵
  PID:3860
- C:\Windows\System\YectUbm.exe
  C:\Windows\System\YectUbm.exe
  2⤵
  PID:3880
- C:\Windows\System\ZHHyhCE.exe
  C:\Windows\System\ZHHyhCE.exe
  2⤵
  PID:3900
- C:\Windows\System\tFWTQQo.exe
  C:\Windows\System\tFWTQQo.exe
  2⤵
  PID:3924
- C:\Windows\System\meXKPZK.exe
  C:\Windows\System\meXKPZK.exe
  2⤵
  PID:3944
- C:\Windows\System\qJrBHrx.exe
  C:\Windows\System\qJrBHrx.exe
  2⤵
  PID:3964
- C:\Windows\System\pESCQnf.exe
  C:\Windows\System\pESCQnf.exe
  2⤵
  PID:3984
- C:\Windows\System\NEUdogk.exe
  C:\Windows\System\NEUdogk.exe
  2⤵
  PID:4004
- C:\Windows\System\ozmRjCS.exe
  C:\Windows\System\ozmRjCS.exe
  2⤵
  PID:4024
- C:\Windows\System\pYChYSa.exe
  C:\Windows\System\pYChYSa.exe
  2⤵
  PID:4044
- C:\Windows\System\dGObqIK.exe
  C:\Windows\System\dGObqIK.exe
  2⤵
  PID:4064
- C:\Windows\System\enhhvnp.exe
  C:\Windows\System\enhhvnp.exe
  2⤵
  PID:4084
- C:\Windows\System\wjSNWUd.exe
  C:\Windows\System\wjSNWUd.exe
  2⤵
  PID:2080
- C:\Windows\System\TIRMagq.exe
  C:\Windows\System\TIRMagq.exe
  2⤵
  PID:584
- C:\Windows\System\rdnPriS.exe
  C:\Windows\System\rdnPriS.exe
  2⤵
  PID:1660
- C:\Windows\System\nOefueS.exe
  C:\Windows\System\nOefueS.exe
  2⤵
  PID:2376
- C:\Windows\System\vjeApnY.exe
  C:\Windows\System\vjeApnY.exe
  2⤵
  PID:632
- C:\Windows\System\CZhnViy.exe
  C:\Windows\System\CZhnViy.exe
  2⤵
  PID:856
- C:\Windows\System\ENqpmtP.exe
  C:\Windows\System\ENqpmtP.exe
  2⤵
  PID:1244
- C:\Windows\System\hHrWXwm.exe
  C:\Windows\System\hHrWXwm.exe
  2⤵
  PID:396
- C:\Windows\System\MXWnXff.exe
  C:\Windows\System\MXWnXff.exe
  2⤵
  PID:2432
- C:\Windows\System\tXhJmvM.exe
  C:\Windows\System\tXhJmvM.exe
  2⤵
  PID:348
- C:\Windows\System\AAMBKnv.exe
  C:\Windows\System\AAMBKnv.exe
  2⤵
  PID:1712
- C:\Windows\System\IgFdtef.exe
  C:\Windows\System\IgFdtef.exe
  2⤵
  PID:2580
- C:\Windows\System\aqvxUXA.exe
  C:\Windows\System\aqvxUXA.exe
  2⤵
  PID:1808
- C:\Windows\System\uvqTTSN.exe
  C:\Windows\System\uvqTTSN.exe
  2⤵
  PID:2632
- C:\Windows\System\zKmYTPB.exe
  C:\Windows\System\zKmYTPB.exe
  2⤵
  PID:2156
- C:\Windows\System\qywFBgW.exe
  C:\Windows\System\qywFBgW.exe
  2⤵
  PID:3100
- C:\Windows\System\ONJbqNi.exe
  C:\Windows\System\ONJbqNi.exe
  2⤵
  PID:3124
- C:\Windows\System\IppHBRH.exe
  C:\Windows\System\IppHBRH.exe
  2⤵
  PID:3144
- C:\Windows\System\LRiGoYg.exe
  C:\Windows\System\LRiGoYg.exe
  2⤵
  PID:3192
- C:\Windows\System\YBEVfMw.exe
  C:\Windows\System\YBEVfMw.exe
  2⤵
  PID:3232
- C:\Windows\System\jZzGnHA.exe
  C:\Windows\System\jZzGnHA.exe
  2⤵
  PID:3284
- C:\Windows\System\ROUriOP.exe
  C:\Windows\System\ROUriOP.exe
  2⤵
  PID:3312
- C:\Windows\System\itSNbFL.exe
  C:\Windows\System\itSNbFL.exe
  2⤵
  PID:3344
- C:\Windows\System\HHavFJw.exe
  C:\Windows\System\HHavFJw.exe
  2⤵
  PID:3368
- C:\Windows\System\XNherDk.exe
  C:\Windows\System\XNherDk.exe
  2⤵
  PID:3408
- C:\Windows\System\xNRkNys.exe
  C:\Windows\System\xNRkNys.exe
  2⤵
  PID:3444
- C:\Windows\System\BNDRZXf.exe
  C:\Windows\System\BNDRZXf.exe
  2⤵
  PID:3468
- C:\Windows\System\IApTkgm.exe
  C:\Windows\System\IApTkgm.exe
  2⤵
  PID:3508
- C:\Windows\System\CwMPASE.exe
  C:\Windows\System\CwMPASE.exe
  2⤵
  PID:3552
- C:\Windows\System\GvNvIwY.exe
  C:\Windows\System\GvNvIwY.exe
  2⤵
  PID:3584
- C:\Windows\System\PpDJvma.exe
  C:\Windows\System\PpDJvma.exe
  2⤵
  PID:3608
- C:\Windows\System\qtJddUO.exe
  C:\Windows\System\qtJddUO.exe
  2⤵
  PID:3648
- C:\Windows\System\tLHNUPf.exe
  C:\Windows\System\tLHNUPf.exe
  2⤵
  PID:3692
- C:\Windows\System\yspBLUL.exe
  C:\Windows\System\yspBLUL.exe
  2⤵
  PID:3708
- C:\Windows\System\ZyoBZvv.exe
  C:\Windows\System\ZyoBZvv.exe
  2⤵
  PID:3752
- C:\Windows\System\QLiBmDZ.exe
  C:\Windows\System\QLiBmDZ.exe
  2⤵
  PID:3796
- C:\Windows\System\SOJROVP.exe
  C:\Windows\System\SOJROVP.exe
  2⤵
  PID:3828
- C:\Windows\System\cOBRvWw.exe
  C:\Windows\System\cOBRvWw.exe
  2⤵
  PID:3852
- C:\Windows\System\fBGBtNt.exe
  C:\Windows\System\fBGBtNt.exe
  2⤵
  PID:3888
- C:\Windows\System\qJiyyba.exe
  C:\Windows\System\qJiyyba.exe
  2⤵
  PID:3932
- C:\Windows\System\Wxncbjy.exe
  C:\Windows\System\Wxncbjy.exe
  2⤵
  PID:3960
- C:\Windows\System\uzyMBUX.exe
  C:\Windows\System\uzyMBUX.exe
  2⤵
  PID:4000
- C:\Windows\System\WCozAPL.exe
  C:\Windows\System\WCozAPL.exe
  2⤵
  PID:4032
- C:\Windows\System\suuzJyW.exe
  C:\Windows\System\suuzJyW.exe
  2⤵
  PID:4056
- C:\Windows\System\xnafpJI.exe
  C:\Windows\System\xnafpJI.exe
  2⤵
  PID:2908
- C:\Windows\System\HQDxCwc.exe
  C:\Windows\System\HQDxCwc.exe
  2⤵
  PID:1076
- C:\Windows\System\UjlzfOA.exe
  C:\Windows\System\UjlzfOA.exe
  2⤵
  PID:1556
- C:\Windows\System\lwOSrgC.exe
  C:\Windows\System\lwOSrgC.exe
  2⤵
  PID:1548
- C:\Windows\System\kGLrUPJ.exe
  C:\Windows\System\kGLrUPJ.exe
  2⤵
  PID:536
- C:\Windows\System\JmwHosw.exe
  C:\Windows\System\JmwHosw.exe
  2⤵
  PID:3056
- C:\Windows\System\vMWIIrR.exe
  C:\Windows\System\vMWIIrR.exe
  2⤵
  PID:2916
- C:\Windows\System\eNEuDyU.exe
  C:\Windows\System\eNEuDyU.exe
  2⤵
  PID:2704
- C:\Windows\System\wQCbbYQ.exe
  C:\Windows\System\wQCbbYQ.exe
  2⤵
  PID:1264
- C:\Windows\System\YGgDWSw.exe
  C:\Windows\System\YGgDWSw.exe
  2⤵
  PID:3088
- C:\Windows\System\mHehaYC.exe
  C:\Windows\System\mHehaYC.exe
  2⤵
  PID:3204
- C:\Windows\System\CJsPBiU.exe
  C:\Windows\System\CJsPBiU.exe
  2⤵
  PID:3208
- C:\Windows\System\yffughW.exe
  C:\Windows\System\yffughW.exe
  2⤵
  PID:3264
- C:\Windows\System\ttuXNBc.exe
  C:\Windows\System\ttuXNBc.exe
  2⤵
  PID:3328
- C:\Windows\System\VgyQLen.exe
  C:\Windows\System\VgyQLen.exe
  2⤵
  PID:3388
- C:\Windows\System\cOBFrCp.exe
  C:\Windows\System\cOBFrCp.exe
  2⤵
  PID:3432
- C:\Windows\System\eqiLtPI.exe
  C:\Windows\System\eqiLtPI.exe
  2⤵
  PID:3512
- C:\Windows\System\vvBXnHA.exe
  C:\Windows\System\vvBXnHA.exe
  2⤵
  PID:3568
- C:\Windows\System\ryLnMYI.exe
  C:\Windows\System\ryLnMYI.exe
  2⤵
  PID:3632
- C:\Windows\System\JNwNFwm.exe
  C:\Windows\System\JNwNFwm.exe
  2⤵
  PID:4116
- C:\Windows\System\lfuJyuA.exe
  C:\Windows\System\lfuJyuA.exe
  2⤵
  PID:4136
- C:\Windows\System\zwIMQsS.exe
  C:\Windows\System\zwIMQsS.exe
  2⤵
  PID:4160
- C:\Windows\System\WEiqhWz.exe
  C:\Windows\System\WEiqhWz.exe
  2⤵
  PID:4180
- C:\Windows\System\omxekBc.exe
  C:\Windows\System\omxekBc.exe
  2⤵
  PID:4200
- C:\Windows\System\bNYcpZF.exe
  C:\Windows\System\bNYcpZF.exe
  2⤵
  PID:4220
- C:\Windows\System\ClLCJDI.exe
  C:\Windows\System\ClLCJDI.exe
  2⤵
  PID:4240
- C:\Windows\System\nrFDAnw.exe
  C:\Windows\System\nrFDAnw.exe
  2⤵
  PID:4260
- C:\Windows\System\tcKJyYd.exe
  C:\Windows\System\tcKJyYd.exe
  2⤵
  PID:4280
- C:\Windows\System\HzPQhzG.exe
  C:\Windows\System\HzPQhzG.exe
  2⤵
  PID:4300
- C:\Windows\System\FUrJUaI.exe
  C:\Windows\System\FUrJUaI.exe
  2⤵
  PID:4320
- C:\Windows\System\aNhNSIu.exe
  C:\Windows\System\aNhNSIu.exe
  2⤵
  PID:4340
- C:\Windows\System\mncLXdk.exe
  C:\Windows\System\mncLXdk.exe
  2⤵
  PID:4360
- C:\Windows\System\WiIpbBJ.exe
  C:\Windows\System\WiIpbBJ.exe
  2⤵
  PID:4380
- C:\Windows\System\ljgvFdZ.exe
  C:\Windows\System\ljgvFdZ.exe
  2⤵
  PID:4400
- C:\Windows\System\WMmPRCB.exe
  C:\Windows\System\WMmPRCB.exe
  2⤵
  PID:4420
- C:\Windows\System\eFHcMQj.exe
  C:\Windows\System\eFHcMQj.exe
  2⤵
  PID:4444
- C:\Windows\System\KZEttEp.exe
  C:\Windows\System\KZEttEp.exe
  2⤵
  PID:4464
- C:\Windows\System\CSICIqC.exe
  C:\Windows\System\CSICIqC.exe
  2⤵
  PID:4484
- C:\Windows\System\cMhjWNf.exe
  C:\Windows\System\cMhjWNf.exe
  2⤵
  PID:4504
- C:\Windows\System\tJbVqve.exe
  C:\Windows\System\tJbVqve.exe
  2⤵
  PID:4524
- C:\Windows\System\yBrxVkW.exe
  C:\Windows\System\yBrxVkW.exe
  2⤵
  PID:4544
- C:\Windows\System\XearXmM.exe
  C:\Windows\System\XearXmM.exe
  2⤵
  PID:4564
- C:\Windows\System\xYHpHLd.exe
  C:\Windows\System\xYHpHLd.exe
  2⤵
  PID:4584
- C:\Windows\System\lJNnEOB.exe
  C:\Windows\System\lJNnEOB.exe
  2⤵
  PID:4604
- C:\Windows\System\XbZiZiV.exe
  C:\Windows\System\XbZiZiV.exe
  2⤵
  PID:4624
- C:\Windows\System\pslDUbI.exe
  C:\Windows\System\pslDUbI.exe
  2⤵
  PID:4644
- C:\Windows\System\LRqOXHH.exe
  C:\Windows\System\LRqOXHH.exe
  2⤵
  PID:4664
- C:\Windows\System\MNJRSui.exe
  C:\Windows\System\MNJRSui.exe
  2⤵
  PID:4684
- C:\Windows\System\qfnMyIG.exe
  C:\Windows\System\qfnMyIG.exe
  2⤵
  PID:4704
- C:\Windows\System\gnwZUfb.exe
  C:\Windows\System\gnwZUfb.exe
  2⤵
  PID:4724
- C:\Windows\System\NWcsRSR.exe
  C:\Windows\System\NWcsRSR.exe
  2⤵
  PID:4744
- C:\Windows\System\DeDIPHn.exe
  C:\Windows\System\DeDIPHn.exe
  2⤵
  PID:4764
- C:\Windows\System\TKWLSFs.exe
  C:\Windows\System\TKWLSFs.exe
  2⤵
  PID:4788
- C:\Windows\System\tlLhtRj.exe
  C:\Windows\System\tlLhtRj.exe
  2⤵
  PID:4808
- C:\Windows\System\iLFetXe.exe
  C:\Windows\System\iLFetXe.exe
  2⤵
  PID:4828
- C:\Windows\System\lFJcoIU.exe
  C:\Windows\System\lFJcoIU.exe
  2⤵
  PID:4848
- C:\Windows\System\jWINIrq.exe
  C:\Windows\System\jWINIrq.exe
  2⤵
  PID:4868
- C:\Windows\System\eehzyem.exe
  C:\Windows\System\eehzyem.exe
  2⤵
  PID:4888
- C:\Windows\System\MKTdSaF.exe
  C:\Windows\System\MKTdSaF.exe
  2⤵
  PID:4912
- C:\Windows\System\HdjiveM.exe
  C:\Windows\System\HdjiveM.exe
  2⤵
  PID:4932
- C:\Windows\System\tuQBphm.exe
  C:\Windows\System\tuQBphm.exe
  2⤵
  PID:4952
- C:\Windows\System\nypMDed.exe
  C:\Windows\System\nypMDed.exe
  2⤵
  PID:4972
- C:\Windows\System\fUUWrtu.exe
  C:\Windows\System\fUUWrtu.exe
  2⤵
  PID:4992
- C:\Windows\System\AMsDiJW.exe
  C:\Windows\System\AMsDiJW.exe
  2⤵
  PID:5012
- C:\Windows\System\LTODXph.exe
  C:\Windows\System\LTODXph.exe
  2⤵
  PID:5032
- C:\Windows\System\ZhFtUNY.exe
  C:\Windows\System\ZhFtUNY.exe
  2⤵
  PID:5052
- C:\Windows\System\nhVBdcB.exe
  C:\Windows\System\nhVBdcB.exe
  2⤵
  PID:5072
- C:\Windows\System\hPwXxxH.exe
  C:\Windows\System\hPwXxxH.exe
  2⤵
  PID:5092
- C:\Windows\System\meAzJrf.exe
  C:\Windows\System\meAzJrf.exe
  2⤵
  PID:5112
- C:\Windows\System\TwaNiHP.exe
  C:\Windows\System\TwaNiHP.exe
  2⤵
  PID:3668
- C:\Windows\System\JWTWjrK.exe
  C:\Windows\System\JWTWjrK.exe
  2⤵
  PID:3712
- C:\Windows\System\OTPtnfv.exe
  C:\Windows\System\OTPtnfv.exe
  2⤵
  PID:3628
- C:\Windows\System\MqvXqow.exe
  C:\Windows\System\MqvXqow.exe
  2⤵
  PID:3848
- C:\Windows\System\YREwFCg.exe
  C:\Windows\System\YREwFCg.exe
  2⤵
  PID:3872
- C:\Windows\System\nwhnFKv.exe
  C:\Windows\System\nwhnFKv.exe
  2⤵
  PID:3972
- C:\Windows\System\IQEQdOc.exe
  C:\Windows\System\IQEQdOc.exe
  2⤵
  PID:4012
- C:\Windows\System\OKfiamn.exe
  C:\Windows\System\OKfiamn.exe
  2⤵
  PID:4060
- C:\Windows\System\NObPJVy.exe
  C:\Windows\System\NObPJVy.exe
  2⤵
  PID:2172
- C:\Windows\System\BhIwYbr.exe
  C:\Windows\System\BhIwYbr.exe
  2⤵
  PID:1032
- C:\Windows\System\WGPYQds.exe
  C:\Windows\System\WGPYQds.exe
  2⤵
  PID:2292
- C:\Windows\System\gpEjeuu.exe
  C:\Windows\System\gpEjeuu.exe
  2⤵
  PID:1924
- C:\Windows\System\NYoEHAA.exe
  C:\Windows\System\NYoEHAA.exe
  2⤵
  PID:2556
- C:\Windows\System\MQVCbOp.exe
  C:\Windows\System\MQVCbOp.exe
  2⤵
  PID:3104
- C:\Windows\System\YzxTDRk.exe
  C:\Windows\System\YzxTDRk.exe
  2⤵
  PID:3224
- C:\Windows\System\xlHNjNY.exe
  C:\Windows\System\xlHNjNY.exe
  2⤵
  PID:3288
- C:\Windows\System\lZJWBiW.exe
  C:\Windows\System\lZJWBiW.exe
  2⤵
  PID:3424
- C:\Windows\System\nDIjGVU.exe
  C:\Windows\System\nDIjGVU.exe
  2⤵
  PID:3532
- C:\Windows\System\ZtbQvYF.exe
  C:\Windows\System\ZtbQvYF.exe
  2⤵
  PID:3612
- C:\Windows\System\QEUWQjS.exe
  C:\Windows\System\QEUWQjS.exe
  2⤵
  PID:4124
- C:\Windows\System\uQhifkt.exe
  C:\Windows\System\uQhifkt.exe
  2⤵
  PID:4168
- C:\Windows\System\NgoxvEH.exe
  C:\Windows\System\NgoxvEH.exe
  2⤵
  PID:4196
- C:\Windows\System\bOIpwSJ.exe
  C:\Windows\System\bOIpwSJ.exe
  2⤵
  PID:4228
- C:\Windows\System\mmjgQMb.exe
  C:\Windows\System\mmjgQMb.exe
  2⤵
  PID:4268
- C:\Windows\System\OlLeknF.exe
  C:\Windows\System\OlLeknF.exe
  2⤵
  PID:4292
- C:\Windows\System\xzrLsjl.exe
  C:\Windows\System\xzrLsjl.exe
  2⤵
  PID:4316
- C:\Windows\System\YMlYadA.exe
  C:\Windows\System\YMlYadA.exe
  2⤵
  PID:4356
- C:\Windows\System\TbmoFPt.exe
  C:\Windows\System\TbmoFPt.exe
  2⤵
  PID:4408
- C:\Windows\System\jeGHsUa.exe
  C:\Windows\System\jeGHsUa.exe
  2⤵
  PID:4452
- C:\Windows\System\YQGtDyb.exe
  C:\Windows\System\YQGtDyb.exe
  2⤵
  PID:4480
- C:\Windows\System\RMNYzGI.exe
  C:\Windows\System\RMNYzGI.exe
  2⤵
  PID:4532
- C:\Windows\System\uQbjcUa.exe
  C:\Windows\System\uQbjcUa.exe
  2⤵
  PID:4536
- C:\Windows\System\mIKPWnB.exe
  C:\Windows\System\mIKPWnB.exe
  2⤵
  PID:4580
- C:\Windows\System\OHjBrUa.exe
  C:\Windows\System\OHjBrUa.exe
  2⤵
  PID:4600
- C:\Windows\System\gkehTnv.exe
  C:\Windows\System\gkehTnv.exe
  2⤵
  PID:4640
- C:\Windows\System\baFqigD.exe
  C:\Windows\System\baFqigD.exe
  2⤵
  PID:4672
- C:\Windows\System\YvMKcuz.exe
  C:\Windows\System\YvMKcuz.exe
  2⤵
  PID:4696
- C:\Windows\System\HtExEuZ.exe
  C:\Windows\System\HtExEuZ.exe
  2⤵
  PID:4716
- C:\Windows\System\fbKlaFv.exe
  C:\Windows\System\fbKlaFv.exe
  2⤵
  PID:4756
- C:\Windows\System\zbFhjtE.exe
  C:\Windows\System\zbFhjtE.exe
  2⤵
  PID:4816
- C:\Windows\System\mvffFvY.exe
  C:\Windows\System\mvffFvY.exe
  2⤵
  PID:4836
- C:\Windows\System\eSAtcCP.exe
  C:\Windows\System\eSAtcCP.exe
  2⤵
  PID:4876
- C:\Windows\System\ARxeCyc.exe
  C:\Windows\System\ARxeCyc.exe
  2⤵
  PID:4900
- C:\Windows\System\LvJjGtk.exe
  C:\Windows\System\LvJjGtk.exe
  2⤵
  PID:4948
- C:\Windows\System\tCiCQOk.exe
  C:\Windows\System\tCiCQOk.exe
  2⤵
  PID:4968
- C:\Windows\System\pltTFpr.exe
  C:\Windows\System\pltTFpr.exe
  2⤵
  PID:5000
- C:\Windows\System\hZwBUhm.exe
  C:\Windows\System\hZwBUhm.exe
  2⤵
  PID:5060
- C:\Windows\System\hcFkmoD.exe
  C:\Windows\System\hcFkmoD.exe
  2⤵
  PID:5080
- C:\Windows\System\OiPuBlD.exe
  C:\Windows\System\OiPuBlD.exe
  2⤵
  PID:5104
- C:\Windows\System\fRMTEUx.exe
  C:\Windows\System\fRMTEUx.exe
  2⤵
  PID:3684
- C:\Windows\System\VmfHoue.exe
  C:\Windows\System\VmfHoue.exe
  2⤵
  PID:3768
- C:\Windows\System\MbdoUMx.exe
  C:\Windows\System\MbdoUMx.exe
  2⤵
  PID:3916
- C:\Windows\System\zQBQqXt.exe
  C:\Windows\System\zQBQqXt.exe
  2⤵
  PID:4020
- C:\Windows\System\LmIAHcL.exe
  C:\Windows\System\LmIAHcL.exe
  2⤵
  PID:4040
- C:\Windows\System\VlqvqkB.exe
  C:\Windows\System\VlqvqkB.exe
  2⤵
  PID:768
- C:\Windows\System\HmltJVw.exe
  C:\Windows\System\HmltJVw.exe
  2⤵
  PID:532
- C:\Windows\System\hJKWdSH.exe
  C:\Windows\System\hJKWdSH.exe
  2⤵
  PID:3084
- C:\Windows\System\MuSLJph.exe
  C:\Windows\System\MuSLJph.exe
  2⤵
  PID:3148
- C:\Windows\System\PYOSoRx.exe
  C:\Windows\System\PYOSoRx.exe
  2⤵
  PID:3392
- C:\Windows\System\GAIkcrO.exe
  C:\Windows\System\GAIkcrO.exe
  2⤵
  PID:3564
- C:\Windows\System\bmTxMKf.exe
  C:\Windows\System\bmTxMKf.exe
  2⤵
  PID:3528
- C:\Windows\System\tjZnPdg.exe
  C:\Windows\System\tjZnPdg.exe
  2⤵
  PID:4152
- C:\Windows\System\aWFqTYE.exe
  C:\Windows\System\aWFqTYE.exe
  2⤵
  PID:4252
- C:\Windows\System\PQtuLDH.exe
  C:\Windows\System\PQtuLDH.exe
  2⤵
  PID:4312
- C:\Windows\System\dunQbtq.exe
  C:\Windows\System\dunQbtq.exe
  2⤵
  PID:4372
- C:\Windows\System\cgRNuNa.exe
  C:\Windows\System\cgRNuNa.exe
  2⤵
  PID:4456
- C:\Windows\System\xXmpMNs.exe
  C:\Windows\System\xXmpMNs.exe
  2⤵
  PID:4492
- C:\Windows\System\BheJIDb.exe
  C:\Windows\System\BheJIDb.exe
  2⤵
  PID:4520
- C:\Windows\System\jGkJJGO.exe
  C:\Windows\System\jGkJJGO.exe
  2⤵
  PID:4592
- C:\Windows\System\GtAEJNa.exe
  C:\Windows\System\GtAEJNa.exe
  2⤵
  PID:4656
- C:\Windows\System\vxyWFsQ.exe
  C:\Windows\System\vxyWFsQ.exe
  2⤵
  PID:4700
- C:\Windows\System\NPqdBQH.exe
  C:\Windows\System\NPqdBQH.exe
  2⤵
  PID:4772
- C:\Windows\System\mkxkFAE.exe
  C:\Windows\System\mkxkFAE.exe
  2⤵
  PID:4804
- C:\Windows\System\XSlRZYX.exe
  C:\Windows\System\XSlRZYX.exe
  2⤵
  PID:4904
- C:\Windows\System\CBBPqQN.exe
  C:\Windows\System\CBBPqQN.exe
  2⤵
  PID:4924
- C:\Windows\System\PZpFSog.exe
  C:\Windows\System\PZpFSog.exe
  2⤵
  PID:5136
- C:\Windows\System\JdrZcqC.exe
  C:\Windows\System\JdrZcqC.exe
  2⤵
  PID:5156
- C:\Windows\System\pRKxTQn.exe
  C:\Windows\System\pRKxTQn.exe
  2⤵
  PID:5176
- C:\Windows\System\FpkyEED.exe
  C:\Windows\System\FpkyEED.exe
  2⤵
  PID:5196
- C:\Windows\System\YGsQSQe.exe
  C:\Windows\System\YGsQSQe.exe
  2⤵
  PID:5216
- C:\Windows\System\IaJapTa.exe
  C:\Windows\System\IaJapTa.exe
  2⤵
  PID:5236
- C:\Windows\System\VAYOfGJ.exe
  C:\Windows\System\VAYOfGJ.exe
  2⤵
  PID:5256
- C:\Windows\System\trBLflA.exe
  C:\Windows\System\trBLflA.exe
  2⤵
  PID:5276
- C:\Windows\System\PrrtmSY.exe
  C:\Windows\System\PrrtmSY.exe
  2⤵
  PID:5296
- C:\Windows\System\MWflVNz.exe
  C:\Windows\System\MWflVNz.exe
  2⤵
  PID:5316
- C:\Windows\System\eXrfrPx.exe
  C:\Windows\System\eXrfrPx.exe
  2⤵
  PID:5336
- C:\Windows\System\ZNYXOTN.exe
  C:\Windows\System\ZNYXOTN.exe
  2⤵
  PID:5356
- C:\Windows\System\MfckACC.exe
  C:\Windows\System\MfckACC.exe
  2⤵
  PID:5376
- C:\Windows\System\lrSRfXx.exe
  C:\Windows\System\lrSRfXx.exe
  2⤵
  PID:5396
- C:\Windows\System\NqEvyVk.exe
  C:\Windows\System\NqEvyVk.exe
  2⤵
  PID:5416
- C:\Windows\System\UQJFzWe.exe
  C:\Windows\System\UQJFzWe.exe
  2⤵
  PID:5436
- C:\Windows\System\MwXASyH.exe
  C:\Windows\System\MwXASyH.exe
  2⤵
  PID:5456
- C:\Windows\System\UksjREq.exe
  C:\Windows\System\UksjREq.exe
  2⤵
  PID:5476
- C:\Windows\System\tiqHeWP.exe
  C:\Windows\System\tiqHeWP.exe
  2⤵
  PID:5496
- C:\Windows\System\oUpqYvx.exe
  C:\Windows\System\oUpqYvx.exe
  2⤵
  PID:5516
- C:\Windows\System\ZaWUhUV.exe
  C:\Windows\System\ZaWUhUV.exe
  2⤵
  PID:5536
- C:\Windows\System\HfmFbpA.exe
  C:\Windows\System\HfmFbpA.exe
  2⤵
  PID:5556
- C:\Windows\System\eQuRHuw.exe
  C:\Windows\System\eQuRHuw.exe
  2⤵
  PID:5576
- C:\Windows\System\jtusFDR.exe
  C:\Windows\System\jtusFDR.exe
  2⤵
  PID:5596
- C:\Windows\System\soRxSCY.exe
  C:\Windows\System\soRxSCY.exe
  2⤵
  PID:5616
- C:\Windows\System\cQWNbrt.exe
  C:\Windows\System\cQWNbrt.exe
  2⤵
  PID:5636
- C:\Windows\System\kBFwChX.exe
  C:\Windows\System\kBFwChX.exe
  2⤵
  PID:5656
- C:\Windows\System\TWtovfF.exe
  C:\Windows\System\TWtovfF.exe
  2⤵
  PID:5680
- C:\Windows\System\tWEkbBZ.exe
  C:\Windows\System\tWEkbBZ.exe
  2⤵
  PID:5700
- C:\Windows\System\jHedaJF.exe
  C:\Windows\System\jHedaJF.exe
  2⤵
  PID:5720
- C:\Windows\System\HAjNIcT.exe
  C:\Windows\System\HAjNIcT.exe
  2⤵
  PID:5740
- C:\Windows\System\CLFXWhc.exe
  C:\Windows\System\CLFXWhc.exe
  2⤵
  PID:5760
- C:\Windows\System\lncDCcO.exe
  C:\Windows\System\lncDCcO.exe
  2⤵
  PID:5784
- C:\Windows\System\BIRCmnI.exe
  C:\Windows\System\BIRCmnI.exe
  2⤵
  PID:5804
- C:\Windows\System\esmidOm.exe
  C:\Windows\System\esmidOm.exe
  2⤵
  PID:5828
- C:\Windows\System\NESDBCo.exe
  C:\Windows\System\NESDBCo.exe
  2⤵
  PID:5848
- C:\Windows\System\pUEdbsp.exe
  C:\Windows\System\pUEdbsp.exe
  2⤵
  PID:5868
- C:\Windows\System\PrNsdTr.exe
  C:\Windows\System\PrNsdTr.exe
  2⤵
  PID:5888
- C:\Windows\System\OzdfWpA.exe
  C:\Windows\System\OzdfWpA.exe
  2⤵
  PID:5908
- C:\Windows\System\xFNlFpu.exe
  C:\Windows\System\xFNlFpu.exe
  2⤵
  PID:5928
- C:\Windows\System\vlFQIDF.exe
  C:\Windows\System\vlFQIDF.exe
  2⤵
  PID:5948
- C:\Windows\System\btVNAVf.exe
  C:\Windows\System\btVNAVf.exe
  2⤵
  PID:5968
- C:\Windows\System\OldIOfc.exe
  C:\Windows\System\OldIOfc.exe
  2⤵
  PID:5988
- C:\Windows\System\jmiuBkn.exe
  C:\Windows\System\jmiuBkn.exe
  2⤵
  PID:6008
- C:\Windows\System\YFSZadh.exe
  C:\Windows\System\YFSZadh.exe
  2⤵
  PID:6028
- C:\Windows\System\Aleqaxm.exe
  C:\Windows\System\Aleqaxm.exe
  2⤵
  PID:6048
- C:\Windows\System\jhalGko.exe
  C:\Windows\System\jhalGko.exe
  2⤵
  PID:6068
- C:\Windows\System\xXYVjqW.exe
  C:\Windows\System\xXYVjqW.exe
  2⤵
  PID:6088
- C:\Windows\System\OeMPREn.exe
  C:\Windows\System\OeMPREn.exe
  2⤵
  PID:6108
- C:\Windows\System\XZVlxpX.exe
  C:\Windows\System\XZVlxpX.exe
  2⤵
  PID:6128
- C:\Windows\System\NnKYrsh.exe
  C:\Windows\System\NnKYrsh.exe
  2⤵
  PID:4988
- C:\Windows\System\HewzRuJ.exe
  C:\Windows\System\HewzRuJ.exe
  2⤵
  PID:5044
- C:\Windows\System\YuuBioQ.exe
  C:\Windows\System\YuuBioQ.exe
  2⤵
  PID:5084
- C:\Windows\System\ZZWFwNN.exe
  C:\Windows\System\ZZWFwNN.exe
  2⤵
  PID:3704
- C:\Windows\System\IDKecez.exe
  C:\Windows\System\IDKecez.exe
  2⤵
  PID:3912
- C:\Windows\System\TyiQaYc.exe
  C:\Windows\System\TyiQaYc.exe
  2⤵
  PID:3980
- C:\Windows\System\sZHhqtG.exe
  C:\Windows\System\sZHhqtG.exe
  2⤵
  PID:4080
- C:\Windows\System\NdleHbb.exe
  C:\Windows\System\NdleHbb.exe
  2⤵
  PID:2560
- C:\Windows\System\kgzmlZP.exe
  C:\Windows\System\kgzmlZP.exe
  2⤵
  PID:3304
- C:\Windows\System\beXKgVM.exe
  C:\Windows\System\beXKgVM.exe
  2⤵
  PID:3324
- C:\Windows\System\zvyIVuB.exe
  C:\Windows\System\zvyIVuB.exe
  2⤵
  PID:4172
- C:\Windows\System\NKybPuT.exe
  C:\Windows\System\NKybPuT.exe
  2⤵
  PID:4272
- C:\Windows\System\CoXUpOz.exe
  C:\Windows\System\CoXUpOz.exe
  2⤵
  PID:4432
- C:\Windows\System\SDoalAV.exe
  C:\Windows\System\SDoalAV.exe
  2⤵
  PID:4460
- C:\Windows\System\AKfUmZC.exe
  C:\Windows\System\AKfUmZC.exe
  2⤵
  PID:4560
- C:\Windows\System\pbKRnIa.exe
  C:\Windows\System\pbKRnIa.exe
  2⤵
  PID:4652
- C:\Windows\System\sBPXAKo.exe
  C:\Windows\System\sBPXAKo.exe
  2⤵
  PID:4692
- C:\Windows\System\bRqgsqN.exe
  C:\Windows\System\bRqgsqN.exe
  2⤵
  PID:4796
- C:\Windows\System\eWZTpQj.exe
  C:\Windows\System\eWZTpQj.exe
  2⤵
  PID:5132
- C:\Windows\System\ToekhTC.exe
  C:\Windows\System\ToekhTC.exe
  2⤵
  PID:5152
- C:\Windows\System\JgGKeCy.exe
  C:\Windows\System\JgGKeCy.exe
  2⤵
  PID:5188
- C:\Windows\System\kzkdFmF.exe
  C:\Windows\System\kzkdFmF.exe
  2⤵
  PID:5224
- C:\Windows\System\OrzubhF.exe
  C:\Windows\System\OrzubhF.exe
  2⤵
  PID:5248
- C:\Windows\System\emenxIE.exe
  C:\Windows\System\emenxIE.exe
  2⤵
  PID:5292
- C:\Windows\System\rYOwklZ.exe
  C:\Windows\System\rYOwklZ.exe
  2⤵
  PID:5324
- C:\Windows\System\kAWHufN.exe
  C:\Windows\System\kAWHufN.exe
  2⤵
  PID:5352
- C:\Windows\System\dLJIKJo.exe
  C:\Windows\System\dLJIKJo.exe
  2⤵
  PID:5392
- C:\Windows\System\BJGRZla.exe
  C:\Windows\System\BJGRZla.exe
  2⤵
  PID:5424
- C:\Windows\System\qdXcvRH.exe
  C:\Windows\System\qdXcvRH.exe
  2⤵
  PID:5448
- C:\Windows\System\EuFicvG.exe
  C:\Windows\System\EuFicvG.exe
  2⤵
  PID:5492
- C:\Windows\System\nKiRKBA.exe
  C:\Windows\System\nKiRKBA.exe
  2⤵
  PID:5532
- C:\Windows\System\dpKOWAs.exe
  C:\Windows\System\dpKOWAs.exe
  2⤵
  PID:5564
- C:\Windows\System\pQjQfXV.exe
  C:\Windows\System\pQjQfXV.exe
  2⤵
  PID:5588
- C:\Windows\System\EJTuNqX.exe
  C:\Windows\System\EJTuNqX.exe
  2⤵
  PID:5632
- C:\Windows\System\TbtpHly.exe
  C:\Windows\System\TbtpHly.exe
  2⤵
  PID:5668
- C:\Windows\System\Jqkpzff.exe
  C:\Windows\System\Jqkpzff.exe
  2⤵
  PID:5692
- C:\Windows\System\CBcXTPT.exe
  C:\Windows\System\CBcXTPT.exe
  2⤵
  PID:5732
- C:\Windows\System\RtdHgsJ.exe
  C:\Windows\System\RtdHgsJ.exe
  2⤵
  PID:5756
- C:\Windows\System\LazyRPO.exe
  C:\Windows\System\LazyRPO.exe
  2⤵
  PID:5812
- C:\Windows\System\IPUvfYM.exe
  C:\Windows\System\IPUvfYM.exe
  2⤵
  PID:5844
- C:\Windows\System\YjmHaRL.exe
  C:\Windows\System\YjmHaRL.exe
  2⤵
  PID:5896
- C:\Windows\System\DBndnHf.exe
  C:\Windows\System\DBndnHf.exe
  2⤵
  PID:5900
- C:\Windows\System\vLEfzOM.exe
  C:\Windows\System\vLEfzOM.exe
  2⤵
  PID:5920
- C:\Windows\System\mIYVHeV.exe
  C:\Windows\System\mIYVHeV.exe
  2⤵
  PID:5960
- C:\Windows\System\YeZOIwP.exe
  C:\Windows\System\YeZOIwP.exe
  2⤵
  PID:6004
- C:\Windows\System\gYJQoKP.exe
  C:\Windows\System\gYJQoKP.exe
  2⤵
  PID:6000
- C:\Windows\System\gcChVCo.exe
  C:\Windows\System\gcChVCo.exe
  2⤵
  PID:6064
- C:\Windows\System\oIwWpbh.exe
  C:\Windows\System\oIwWpbh.exe
  2⤵
  PID:6084
- C:\Windows\System\VZIcbGI.exe
  C:\Windows\System\VZIcbGI.exe
  2⤵
  PID:6136
- C:\Windows\System\FwXHcVC.exe
  C:\Windows\System\FwXHcVC.exe
  2⤵
  PID:5068
- C:\Windows\System\hrsGpMk.exe
  C:\Windows\System\hrsGpMk.exe
  2⤵
  PID:3652
- C:\Windows\System\xKKwEEj.exe
  C:\Windows\System\xKKwEEj.exe
  2⤵
  PID:3728
- C:\Windows\System\mTkwLcr.exe
  C:\Windows\System\mTkwLcr.exe
  2⤵
  PID:1520
- C:\Windows\System\PGYbbgI.exe
  C:\Windows\System\PGYbbgI.exe
  2⤵
  PID:2224
- C:\Windows\System\bXaCHYk.exe
  C:\Windows\System\bXaCHYk.exe
  2⤵
  PID:3428
- C:\Windows\System\qlRhWsn.exe
  C:\Windows\System\qlRhWsn.exe
  2⤵
  PID:4216
- C:\Windows\System\QuGTWuD.exe
  C:\Windows\System\QuGTWuD.exe
  2⤵
  PID:4328
- C:\Windows\System\XHhiMwZ.exe
  C:\Windows\System\XHhiMwZ.exe
  2⤵
  PID:4144
- C:\Windows\System\lOvlsZL.exe
  C:\Windows\System\lOvlsZL.exe
  2⤵
  PID:4824
- C:\Windows\System\YGTDabA.exe
  C:\Windows\System\YGTDabA.exe
  2⤵
  PID:4860
- C:\Windows\System\aNkhLqA.exe
  C:\Windows\System\aNkhLqA.exe
  2⤵
  PID:5168
- C:\Windows\System\GdfgfEB.exe
  C:\Windows\System\GdfgfEB.exe
  2⤵
  PID:5208
- C:\Windows\System\cgSPkoE.exe
  C:\Windows\System\cgSPkoE.exe
  2⤵
  PID:5272
- C:\Windows\System\nTToAPm.exe
  C:\Windows\System\nTToAPm.exe
  2⤵
  PID:5312
- C:\Windows\System\tqKFNHN.exe
  C:\Windows\System\tqKFNHN.exe
  2⤵
  PID:5364
- C:\Windows\System\iPZuBja.exe
  C:\Windows\System\iPZuBja.exe
  2⤵
  PID:5428
- C:\Windows\System\vRzIDFd.exe
  C:\Windows\System\vRzIDFd.exe
  2⤵
  PID:5472
- C:\Windows\System\tZDMrzp.exe
  C:\Windows\System\tZDMrzp.exe
  2⤵
  PID:5548
- C:\Windows\System\xyIZRic.exe
  C:\Windows\System\xyIZRic.exe
  2⤵
  PID:5612
- C:\Windows\System\pXVvxjN.exe
  C:\Windows\System\pXVvxjN.exe
  2⤵
  PID:5652
- C:\Windows\System\DSWGTly.exe
  C:\Windows\System\DSWGTly.exe
  2⤵
  PID:5736
- C:\Windows\System\uYhKhBB.exe
  C:\Windows\System\uYhKhBB.exe
  2⤵
  PID:5772
- C:\Windows\System\CKCyXeT.exe
  C:\Windows\System\CKCyXeT.exe
  2⤵
  PID:5552
- C:\Windows\System\cTREydw.exe
  C:\Windows\System\cTREydw.exe
  2⤵
  PID:5884
- C:\Windows\System\oeWOehB.exe
  C:\Windows\System\oeWOehB.exe
  2⤵
  PID:5936
- C:\Windows\System\AptYNCN.exe
  C:\Windows\System\AptYNCN.exe
  2⤵
  PID:5996
- C:\Windows\System\ijoEskT.exe
  C:\Windows\System\ijoEskT.exe
  2⤵
  PID:6024
- C:\Windows\System\hvKAaVS.exe
  C:\Windows\System\hvKAaVS.exe
  2⤵
  PID:6096
- C:\Windows\System\qDIkEsg.exe
  C:\Windows\System\qDIkEsg.exe
  2⤵
  PID:5004
- C:\Windows\System\LhZdenM.exe
  C:\Windows\System\LhZdenM.exe
  2⤵
  PID:6156
- C:\Windows\System\LTZpneG.exe
  C:\Windows\System\LTZpneG.exe
  2⤵
  PID:6176
- C:\Windows\System\aBNuDOb.exe
  C:\Windows\System\aBNuDOb.exe
  2⤵
  PID:6196
- C:\Windows\System\zJjCKlR.exe
  C:\Windows\System\zJjCKlR.exe
  2⤵
  PID:6216
- C:\Windows\System\EbpnHqG.exe
  C:\Windows\System\EbpnHqG.exe
  2⤵
  PID:6236
- C:\Windows\System\dyycZkf.exe
  C:\Windows\System\dyycZkf.exe
  2⤵
  PID:6256
- C:\Windows\System\iWmasvg.exe
  C:\Windows\System\iWmasvg.exe
  2⤵
  PID:6276
- C:\Windows\System\PkmZgSL.exe
  C:\Windows\System\PkmZgSL.exe
  2⤵
  PID:6296
- C:\Windows\System\vFIpeuz.exe
  C:\Windows\System\vFIpeuz.exe
  2⤵
  PID:6316
- C:\Windows\System\CNJoyZC.exe
  C:\Windows\System\CNJoyZC.exe
  2⤵
  PID:6336
- C:\Windows\System\FwyguuN.exe
  C:\Windows\System\FwyguuN.exe
  2⤵
  PID:6356
- C:\Windows\System\xVCvoDY.exe
  C:\Windows\System\xVCvoDY.exe
  2⤵
  PID:6376
- C:\Windows\System\qARbLuu.exe
  C:\Windows\System\qARbLuu.exe
  2⤵
  PID:6396
- C:\Windows\System\YkprKcy.exe
  C:\Windows\System\YkprKcy.exe
  2⤵
  PID:6416
- C:\Windows\System\PbRqjJs.exe
  C:\Windows\System\PbRqjJs.exe
  2⤵
  PID:6436
- C:\Windows\System\rEjkViB.exe
  C:\Windows\System\rEjkViB.exe
  2⤵
  PID:6456
- C:\Windows\System\EgQphqs.exe
  C:\Windows\System\EgQphqs.exe
  2⤵
  PID:6476
- C:\Windows\System\pILBtMF.exe
  C:\Windows\System\pILBtMF.exe
  2⤵
  PID:6496
- C:\Windows\System\CKjDVQE.exe
  C:\Windows\System\CKjDVQE.exe
  2⤵
  PID:6520
- C:\Windows\System\cuEyqvZ.exe
  C:\Windows\System\cuEyqvZ.exe
  2⤵
  PID:6540
- C:\Windows\System\dKcGObj.exe
  C:\Windows\System\dKcGObj.exe
  2⤵
  PID:6560
- C:\Windows\System\gKTCVeS.exe
  C:\Windows\System\gKTCVeS.exe
  2⤵
  PID:6580
- C:\Windows\System\SnpuYiQ.exe
  C:\Windows\System\SnpuYiQ.exe
  2⤵
  PID:6600
- C:\Windows\System\HBPQXXP.exe
  C:\Windows\System\HBPQXXP.exe
  2⤵
  PID:6620
- C:\Windows\System\aBDCEuR.exe
  C:\Windows\System\aBDCEuR.exe
  2⤵
  PID:6640
- C:\Windows\System\Tgraeqe.exe
  C:\Windows\System\Tgraeqe.exe
  2⤵
  PID:6660
- C:\Windows\System\NZukHPZ.exe
  C:\Windows\System\NZukHPZ.exe
  2⤵
  PID:6680
- C:\Windows\System\gQEFJbh.exe
  C:\Windows\System\gQEFJbh.exe
  2⤵
  PID:6700
- C:\Windows\System\WRoCyeS.exe
  C:\Windows\System\WRoCyeS.exe
  2⤵
  PID:6720
- C:\Windows\System\bZkyqOz.exe
  C:\Windows\System\bZkyqOz.exe
  2⤵
  PID:6740
- C:\Windows\System\QseMfLn.exe
  C:\Windows\System\QseMfLn.exe
  2⤵
  PID:6760
- C:\Windows\System\xiBRPDb.exe
  C:\Windows\System\xiBRPDb.exe
  2⤵
  PID:6780
- C:\Windows\System\CPUiZNU.exe
  C:\Windows\System\CPUiZNU.exe
  2⤵
  PID:6800
- C:\Windows\System\rZlSOwg.exe
  C:\Windows\System\rZlSOwg.exe
  2⤵
  PID:6820
- C:\Windows\System\nkZxziI.exe
  C:\Windows\System\nkZxziI.exe
  2⤵
  PID:6840
- C:\Windows\System\QJrPcxm.exe
  C:\Windows\System\QJrPcxm.exe
  2⤵
  PID:6860
- C:\Windows\System\RlUKKUc.exe
  C:\Windows\System\RlUKKUc.exe
  2⤵
  PID:6880
- C:\Windows\System\ryhDvSm.exe
  C:\Windows\System\ryhDvSm.exe
  2⤵
  PID:6900
- C:\Windows\System\lfTMyMo.exe
  C:\Windows\System\lfTMyMo.exe
  2⤵
  PID:6920
- C:\Windows\System\xaKitlA.exe
  C:\Windows\System\xaKitlA.exe
  2⤵
  PID:6940
- C:\Windows\System\dnSpNXJ.exe
  C:\Windows\System\dnSpNXJ.exe
  2⤵
  PID:6960
- C:\Windows\System\xurFbic.exe
  C:\Windows\System\xurFbic.exe
  2⤵
  PID:6980
- C:\Windows\System\pxbJFNg.exe
  C:\Windows\System\pxbJFNg.exe
  2⤵
  PID:7000
- C:\Windows\System\ohQknfI.exe
  C:\Windows\System\ohQknfI.exe
  2⤵
  PID:7020
- C:\Windows\System\VzDuhXX.exe
  C:\Windows\System\VzDuhXX.exe
  2⤵
  PID:7040
- C:\Windows\System\rRcTGfD.exe
  C:\Windows\System\rRcTGfD.exe
  2⤵
  PID:7060
- C:\Windows\System\DdpGcGK.exe
  C:\Windows\System\DdpGcGK.exe
  2⤵
  PID:7080
- C:\Windows\System\SjOVPmq.exe
  C:\Windows\System\SjOVPmq.exe
  2⤵
  PID:7104
- C:\Windows\System\GHFTTXn.exe
  C:\Windows\System\GHFTTXn.exe
  2⤵
  PID:7124
- C:\Windows\System\sjbSHnK.exe
  C:\Windows\System\sjbSHnK.exe
  2⤵
  PID:7144
- C:\Windows\System\etoycWo.exe
  C:\Windows\System\etoycWo.exe
  2⤵
  PID:7164
- C:\Windows\System\yAFqcvD.exe
  C:\Windows\System\yAFqcvD.exe
  2⤵
  PID:3992
- C:\Windows\System\LduImJo.exe
  C:\Windows\System\LduImJo.exe
  2⤵
  PID:2460
- C:\Windows\System\zONdxFS.exe
  C:\Windows\System\zONdxFS.exe
  2⤵
  PID:4296
- C:\Windows\System\ZrxJOnl.exe
  C:\Windows\System\ZrxJOnl.exe
  2⤵
  PID:4428
- C:\Windows\System\orDhfgt.exe
  C:\Windows\System\orDhfgt.exe
  2⤵
  PID:4572
- C:\Windows\System\qdSipcB.exe
  C:\Windows\System\qdSipcB.exe
  2⤵
  PID:4884
- C:\Windows\System\vGNvrDo.exe
  C:\Windows\System\vGNvrDo.exe
  2⤵
  PID:5148
- C:\Windows\System\vyGMjEg.exe
  C:\Windows\System\vyGMjEg.exe
  2⤵
  PID:5344
- C:\Windows\System\lMWEgkP.exe
  C:\Windows\System\lMWEgkP.exe
  2⤵
  PID:5444
- C:\Windows\System\lUmKKVA.exe
  C:\Windows\System\lUmKKVA.exe
  2⤵
  PID:5508
- C:\Windows\System\HuXOqIL.exe
  C:\Windows\System\HuXOqIL.exe
  2⤵
  PID:5644
- C:\Windows\System\UWtbTqa.exe
  C:\Windows\System\UWtbTqa.exe
  2⤵
  PID:5676
- C:\Windows\System\pRifpCn.exe
  C:\Windows\System\pRifpCn.exe
  2⤵
  PID:5860
- C:\Windows\System\JpYlXnd.exe
  C:\Windows\System\JpYlXnd.exe
  2⤵
  PID:5820
- C:\Windows\System\lEuPeCn.exe
  C:\Windows\System\lEuPeCn.exe
  2⤵
  PID:5964
- C:\Windows\System\vFbHNtC.exe
  C:\Windows\System\vFbHNtC.exe
  2⤵
  PID:6076
- C:\Windows\System\kukwMae.exe
  C:\Windows\System\kukwMae.exe
  2⤵
  PID:6140
- C:\Windows\System\GKDDVvr.exe
  C:\Windows\System\GKDDVvr.exe
  2⤵
  PID:6168
- C:\Windows\System\XgJwHNI.exe
  C:\Windows\System\XgJwHNI.exe
  2⤵
  PID:6212
- C:\Windows\System\UQNAsRV.exe
  C:\Windows\System\UQNAsRV.exe
  2⤵
  PID:6228
- C:\Windows\System\lZOtohg.exe
  C:\Windows\System\lZOtohg.exe
  2⤵
  PID:6272
- C:\Windows\System\vTHvUms.exe
  C:\Windows\System\vTHvUms.exe
  2⤵
  PID:6324
- C:\Windows\System\EYZNShW.exe
  C:\Windows\System\EYZNShW.exe
  2⤵
  PID:6328
- C:\Windows\System\HIwTdvV.exe
  C:\Windows\System\HIwTdvV.exe
  2⤵
  PID:6348
- C:\Windows\System\UePKMXJ.exe
  C:\Windows\System\UePKMXJ.exe
  2⤵
  PID:6404
- C:\Windows\System\oQZLniL.exe
  C:\Windows\System\oQZLniL.exe
  2⤵
  PID:6428
- C:\Windows\System\TxwsJeO.exe
  C:\Windows\System\TxwsJeO.exe
  2⤵
  PID:6484
- C:\Windows\System\lDCuuDc.exe
  C:\Windows\System\lDCuuDc.exe
  2⤵
  PID:6504
- C:\Windows\System\cLfVvCz.exe
  C:\Windows\System\cLfVvCz.exe
  2⤵
  PID:6532
- C:\Windows\System\nSiIZbu.exe
  C:\Windows\System\nSiIZbu.exe
  2⤵
  PID:6576
- C:\Windows\System\omoRTaL.exe
  C:\Windows\System\omoRTaL.exe
  2⤵
  PID:6596
- C:\Windows\System\gsteARW.exe
  C:\Windows\System\gsteARW.exe
  2⤵
  PID:6632
- C:\Windows\System\EjkOCiG.exe
  C:\Windows\System\EjkOCiG.exe
  2⤵
  PID:6676
- C:\Windows\System\VmOdkdG.exe
  C:\Windows\System\VmOdkdG.exe
  2⤵
  PID:6692
- C:\Windows\System\rAdrDjy.exe
  C:\Windows\System\rAdrDjy.exe
  2⤵
  PID:6732
- C:\Windows\System\eRtEFot.exe
  C:\Windows\System\eRtEFot.exe
  2⤵
  PID:6752
- C:\Windows\System\kwVDFVl.exe
  C:\Windows\System\kwVDFVl.exe
  2⤵
  PID:6792
- C:\Windows\System\UBJTjdJ.exe
  C:\Windows\System\UBJTjdJ.exe
  2⤵
  PID:6836
- C:\Windows\System\tgNMAXS.exe
  C:\Windows\System\tgNMAXS.exe
  2⤵
  PID:6876
- C:\Windows\System\AeYAaQY.exe
  C:\Windows\System\AeYAaQY.exe
  2⤵
  PID:6908
- C:\Windows\System\QylvwMI.exe
  C:\Windows\System\QylvwMI.exe
  2⤵
  PID:6936
- C:\Windows\System\gzmxAUD.exe
  C:\Windows\System\gzmxAUD.exe
  2⤵
  PID:6972
- C:\Windows\System\atezwYg.exe
  C:\Windows\System\atezwYg.exe
  2⤵
  PID:6992
- C:\Windows\System\USyMrkG.exe
  C:\Windows\System\USyMrkG.exe
  2⤵
  PID:7032
- C:\Windows\System\iUDWMKF.exe
  C:\Windows\System\iUDWMKF.exe
  2⤵
  PID:7076
- C:\Windows\System\QYXSmzq.exe
  C:\Windows\System\QYXSmzq.exe
  2⤵
  PID:7140
- C:\Windows\System\grDwKCy.exe
  C:\Windows\System\grDwKCy.exe
  2⤵
  PID:7160
- C:\Windows\System\OteMcTr.exe
  C:\Windows\System\OteMcTr.exe
  2⤵
  PID:4112
- C:\Windows\System\GWKrdjW.exe
  C:\Windows\System\GWKrdjW.exe
  2⤵
  PID:3212
- C:\Windows\System\RIdeHmQ.exe
  C:\Windows\System\RIdeHmQ.exe
  2⤵
  PID:4396
- C:\Windows\System\NzFzvOl.exe
  C:\Windows\System\NzFzvOl.exe
  2⤵
  PID:5192
- C:\Windows\System\KhydngG.exe
  C:\Windows\System\KhydngG.exe
  2⤵
  PID:5412
- C:\Windows\System\bGofLzI.exe
  C:\Windows\System\bGofLzI.exe
  2⤵
  PID:5484
- C:\Windows\System\ioudCHZ.exe
  C:\Windows\System\ioudCHZ.exe
  2⤵
  PID:5468
- C:\Windows\System\lYtPtrD.exe
  C:\Windows\System\lYtPtrD.exe
  2⤵
  PID:5608
- C:\Windows\System\zIKUZyu.exe
  C:\Windows\System\zIKUZyu.exe
  2⤵
  PID:5836
- C:\Windows\System\TYFfbtb.exe
  C:\Windows\System\TYFfbtb.exe
  2⤵
  PID:6056
- C:\Windows\System\EJkyHWS.exe
  C:\Windows\System\EJkyHWS.exe
  2⤵
  PID:6152
- C:\Windows\System\lBTqYNn.exe
  C:\Windows\System\lBTqYNn.exe
  2⤵
  PID:6192
- C:\Windows\System\eQoLWJh.exe
  C:\Windows\System\eQoLWJh.exe
  2⤵
  PID:5024
- C:\Windows\System\WCkcBjn.exe
  C:\Windows\System\WCkcBjn.exe
  2⤵
  PID:6288
- C:\Windows\System\pObhfLG.exe
  C:\Windows\System\pObhfLG.exe
  2⤵
  PID:6388
- C:\Windows\System\nHnHKzN.exe
  C:\Windows\System\nHnHKzN.exe
  2⤵
  PID:6432
- C:\Windows\System\HXVnzMB.exe
  C:\Windows\System\HXVnzMB.exe
  2⤵
  PID:6468
- C:\Windows\System\IlGcvyv.exe
  C:\Windows\System\IlGcvyv.exe
  2⤵
  PID:6536
- C:\Windows\System\uCbaMZQ.exe
  C:\Windows\System\uCbaMZQ.exe
  2⤵
  PID:6568
- C:\Windows\System\qCgPkOb.exe
  C:\Windows\System\qCgPkOb.exe
  2⤵
  PID:6668
- C:\Windows\System\BNZDUUD.exe
  C:\Windows\System\BNZDUUD.exe
  2⤵
  PID:6712
- C:\Windows\System\BduOyCp.exe
  C:\Windows\System\BduOyCp.exe
  2⤵
  PID:6756
- C:\Windows\System\ZYGCuqk.exe
  C:\Windows\System\ZYGCuqk.exe
  2⤵
  PID:6768
- C:\Windows\System\PxBbHQT.exe
  C:\Windows\System\PxBbHQT.exe
  2⤵
  PID:6852
- C:\Windows\System\qxRBfRo.exe
  C:\Windows\System\qxRBfRo.exe
  2⤵
  PID:6892
- C:\Windows\System\YILCsII.exe
  C:\Windows\System\YILCsII.exe
  2⤵
  PID:6996
- C:\Windows\System\jchOSbj.exe
  C:\Windows\System\jchOSbj.exe
  2⤵
  PID:7056
- C:\Windows\System\FufqgKE.exe
  C:\Windows\System\FufqgKE.exe
  2⤵
  PID:7116
- C:\Windows\System\dUzIawo.exe
  C:\Windows\System\dUzIawo.exe
  2⤵
  PID:7136
- C:\Windows\System\Bonzqbt.exe
  C:\Windows\System\Bonzqbt.exe
  2⤵
  PID:3792
- C:\Windows\System\mEUwMjE.exe
  C:\Windows\System\mEUwMjE.exe
  2⤵
  PID:4388
- C:\Windows\System\ukwkfee.exe
  C:\Windows\System\ukwkfee.exe
  2⤵
  PID:5252
- C:\Windows\System\IPHlyPA.exe
  C:\Windows\System\IPHlyPA.exe
  2⤵
  PID:2360
- C:\Windows\System\ntumvwV.exe
  C:\Windows\System\ntumvwV.exe
  2⤵
  PID:5776
- C:\Windows\System\iCjWpKP.exe
  C:\Windows\System\iCjWpKP.exe
  2⤵
  PID:5956
- C:\Windows\System\pPppsFF.exe
  C:\Windows\System\pPppsFF.exe
  2⤵
  PID:7188
- C:\Windows\System\EYIFcAk.exe
  C:\Windows\System\EYIFcAk.exe
  2⤵
  PID:7208
- C:\Windows\System\LfRLOra.exe
  C:\Windows\System\LfRLOra.exe
  2⤵
  PID:7228
- C:\Windows\System\KvtxTmP.exe
  C:\Windows\System\KvtxTmP.exe
  2⤵
  PID:7252
- C:\Windows\System\qqclWGI.exe
  C:\Windows\System\qqclWGI.exe
  2⤵
  PID:7272
- C:\Windows\System\dJMUjGy.exe
  C:\Windows\System\dJMUjGy.exe
  2⤵
  PID:7292
- C:\Windows\System\OKFtJbd.exe
  C:\Windows\System\OKFtJbd.exe
  2⤵
  PID:7312
- C:\Windows\System\XAsIvYc.exe
  C:\Windows\System\XAsIvYc.exe
  2⤵
  PID:7332
- C:\Windows\System\IehyPCB.exe
  C:\Windows\System\IehyPCB.exe
  2⤵
  PID:7352
- C:\Windows\System\apuaTSW.exe
  C:\Windows\System\apuaTSW.exe
  2⤵
  PID:7372
- C:\Windows\System\jHkXIAc.exe
  C:\Windows\System\jHkXIAc.exe
  2⤵
  PID:7392
- C:\Windows\System\MmBuCyq.exe
  C:\Windows\System\MmBuCyq.exe
  2⤵
  PID:7412
- C:\Windows\System\BIxezRw.exe
  C:\Windows\System\BIxezRw.exe
  2⤵
  PID:7432
- C:\Windows\System\AqBmqEn.exe
  C:\Windows\System\AqBmqEn.exe
  2⤵
  PID:7452
- C:\Windows\System\sMXdPNu.exe
  C:\Windows\System\sMXdPNu.exe
  2⤵
  PID:7472
- C:\Windows\System\CTyeRPm.exe
  C:\Windows\System\CTyeRPm.exe
  2⤵
  PID:7492
- C:\Windows\System\CDhajgZ.exe
  C:\Windows\System\CDhajgZ.exe
  2⤵
  PID:7512
- C:\Windows\System\hdRuDjj.exe
  C:\Windows\System\hdRuDjj.exe
  2⤵
  PID:7532
- C:\Windows\System\iAeJxCn.exe
  C:\Windows\System\iAeJxCn.exe
  2⤵
  PID:7552
- C:\Windows\System\FkYZeMf.exe
  C:\Windows\System\FkYZeMf.exe
  2⤵
  PID:7572
- C:\Windows\System\zyuybZw.exe
  C:\Windows\System\zyuybZw.exe
  2⤵
  PID:7592
- C:\Windows\System\EDUWXVO.exe
  C:\Windows\System\EDUWXVO.exe
  2⤵
  PID:7612
- C:\Windows\System\jUhkkni.exe
  C:\Windows\System\jUhkkni.exe
  2⤵
  PID:7632
- C:\Windows\System\eJrmKJE.exe
  C:\Windows\System\eJrmKJE.exe
  2⤵
  PID:7652
- C:\Windows\System\zpCBdcU.exe
  C:\Windows\System\zpCBdcU.exe
  2⤵
  PID:7672
- C:\Windows\System\zzXPkuL.exe
  C:\Windows\System\zzXPkuL.exe
  2⤵
  PID:7692
- C:\Windows\System\hvDhAEU.exe
  C:\Windows\System\hvDhAEU.exe
  2⤵
  PID:7712
- C:\Windows\System\wojhtRe.exe
  C:\Windows\System\wojhtRe.exe
  2⤵
  PID:7732
- C:\Windows\System\pElNLtS.exe
  C:\Windows\System\pElNLtS.exe
  2⤵
  PID:7752
- C:\Windows\System\CCdJxKK.exe
  C:\Windows\System\CCdJxKK.exe
  2⤵
  PID:7772
- C:\Windows\System\vxWPahU.exe
  C:\Windows\System\vxWPahU.exe
  2⤵
  PID:7792
- C:\Windows\System\TFgrfbl.exe
  C:\Windows\System\TFgrfbl.exe
  2⤵
  PID:7812
- C:\Windows\System\QQipVdA.exe
  C:\Windows\System\QQipVdA.exe
  2⤵
  PID:7832
- C:\Windows\System\ibEqwNn.exe
  C:\Windows\System\ibEqwNn.exe
  2⤵
  PID:7856
- C:\Windows\System\yqIJTtE.exe
  C:\Windows\System\yqIJTtE.exe
  2⤵
  PID:7876
- C:\Windows\System\vwPwAzH.exe
  C:\Windows\System\vwPwAzH.exe
  2⤵
  PID:7896
- C:\Windows\System\IFqVIIA.exe
  C:\Windows\System\IFqVIIA.exe
  2⤵
  PID:7916
- C:\Windows\System\qTzKpNs.exe
  C:\Windows\System\qTzKpNs.exe
  2⤵
  PID:7936
- C:\Windows\System\xlChtXo.exe
  C:\Windows\System\xlChtXo.exe
  2⤵
  PID:7956
- C:\Windows\System\Ykccsbx.exe
  C:\Windows\System\Ykccsbx.exe
  2⤵
  PID:7976
- C:\Windows\System\Izrbere.exe
  C:\Windows\System\Izrbere.exe
  2⤵
  PID:7996
- C:\Windows\System\pSSlpAT.exe
  C:\Windows\System\pSSlpAT.exe
  2⤵
  PID:8016
- C:\Windows\System\nKxaSDJ.exe
  C:\Windows\System\nKxaSDJ.exe
  2⤵
  PID:8036
- C:\Windows\System\KMOjZQg.exe
  C:\Windows\System\KMOjZQg.exe
  2⤵
  PID:8056
- C:\Windows\System\gVcrjQz.exe
  C:\Windows\System\gVcrjQz.exe
  2⤵
  PID:8076
- C:\Windows\System\OpFTMZr.exe
  C:\Windows\System\OpFTMZr.exe
  2⤵
  PID:8096
- C:\Windows\System\pckSOVK.exe
  C:\Windows\System\pckSOVK.exe
  2⤵
  PID:8116
- C:\Windows\System\OXjVlLU.exe
  C:\Windows\System\OXjVlLU.exe
  2⤵
  PID:8136
- C:\Windows\System\XfJWuZk.exe
  C:\Windows\System\XfJWuZk.exe
  2⤵
  PID:8160
- C:\Windows\System\LnpEOBr.exe
  C:\Windows\System\LnpEOBr.exe
  2⤵
  PID:8180
- C:\Windows\System\onEQoeV.exe
  C:\Windows\System\onEQoeV.exe
  2⤵
  PID:6116
- C:\Windows\System\obfRwSZ.exe
  C:\Windows\System\obfRwSZ.exe
  2⤵
  PID:6248
- C:\Windows\System\BDAXEvB.exe
  C:\Windows\System\BDAXEvB.exe
  2⤵
  PID:6312
- C:\Windows\System\LcWcGkR.exe
  C:\Windows\System\LcWcGkR.exe
  2⤵
  PID:6392
- C:\Windows\System\HKjLRhm.exe
  C:\Windows\System\HKjLRhm.exe
  2⤵
  PID:6492
- C:\Windows\System\KBfDtzm.exe
  C:\Windows\System\KBfDtzm.exe
  2⤵
  PID:6552
- C:\Windows\System\YaaLgsJ.exe
  C:\Windows\System\YaaLgsJ.exe
  2⤵
  PID:2736
- C:\Windows\System\hwyFpjE.exe
  C:\Windows\System\hwyFpjE.exe
  2⤵
  PID:6856
- C:\Windows\System\yTSYSSM.exe
  C:\Windows\System\yTSYSSM.exe
  2⤵
  PID:6896
- C:\Windows\System\KNnnzUA.exe
  C:\Windows\System\KNnnzUA.exe
  2⤵
  PID:6912
- C:\Windows\System\iuilVbz.exe
  C:\Windows\System\iuilVbz.exe
  2⤵
  PID:7068
- C:\Windows\System\PMVdWTz.exe
  C:\Windows\System\PMVdWTz.exe
  2⤵
  PID:7112
- C:\Windows\System\aPTkXeG.exe
  C:\Windows\System\aPTkXeG.exe
  2⤵
  PID:6952
- C:\Windows\System\WDRdtoM.exe
  C:\Windows\System\WDRdtoM.exe
  2⤵
  PID:5512
- C:\Windows\System\FeQoUvf.exe
  C:\Windows\System\FeQoUvf.exe
  2⤵
  PID:5592
- C:\Windows\System\UrTJSfd.exe
  C:\Windows\System\UrTJSfd.exe
  2⤵
  PID:7184
- C:\Windows\System\LmaioIc.exe
  C:\Windows\System\LmaioIc.exe
  2⤵
  PID:7216
- C:\Windows\System\EGUqbzV.exe
  C:\Windows\System\EGUqbzV.exe
  2⤵
  PID:7248
- C:\Windows\System\jSUoAsY.exe
  C:\Windows\System\jSUoAsY.exe
  2⤵
  PID:7300
- C:\Windows\System\dnHmcRe.exe
  C:\Windows\System\dnHmcRe.exe
  2⤵
  PID:7340
- C:\Windows\System\fUOnngD.exe
  C:\Windows\System\fUOnngD.exe
  2⤵
  PID:7324
- C:\Windows\System\rxtbWVt.exe
  C:\Windows\System\rxtbWVt.exe
  2⤵
  PID:7388
- C:\Windows\System\dkVGJph.exe
  C:\Windows\System\dkVGJph.exe
  2⤵
  PID:7420
- C:\Windows\System\KCnVhaX.exe
  C:\Windows\System\KCnVhaX.exe
  2⤵
  PID:7444
- C:\Windows\System\ObnDpJu.exe
  C:\Windows\System\ObnDpJu.exe
  2⤵
  PID:7480
- C:\Windows\System\ppXgwlw.exe
  C:\Windows\System\ppXgwlw.exe
  2⤵
  PID:7504
- C:\Windows\System\OYqhYwj.exe
  C:\Windows\System\OYqhYwj.exe
  2⤵
  PID:7524
- C:\Windows\System\RpYMnGt.exe
  C:\Windows\System\RpYMnGt.exe
  2⤵
  PID:7568
- C:\Windows\System\WjzRFAf.exe
  C:\Windows\System\WjzRFAf.exe
  2⤵
  PID:7608
- C:\Windows\System\FpNQeTZ.exe
  C:\Windows\System\FpNQeTZ.exe
  2⤵
  PID:7648
- C:\Windows\System\nTLOHHp.exe
  C:\Windows\System\nTLOHHp.exe
  2⤵
  PID:7680
- C:\Windows\System\ErJvKXQ.exe
  C:\Windows\System\ErJvKXQ.exe
  2⤵
  PID:7704
- C:\Windows\System\GxgENCl.exe
  C:\Windows\System\GxgENCl.exe
  2⤵
  PID:7748
- C:\Windows\System\tVfyHUT.exe
  C:\Windows\System\tVfyHUT.exe
  2⤵
  PID:7768
- C:\Windows\System\nzcoPYx.exe
  C:\Windows\System\nzcoPYx.exe
  2⤵
  PID:7820
- C:\Windows\System\dZSuYQY.exe
  C:\Windows\System\dZSuYQY.exe
  2⤵
  PID:7852
- C:\Windows\System\lwBaJGd.exe
  C:\Windows\System\lwBaJGd.exe
  2⤵
  PID:7884
- C:\Windows\System\yEBkPth.exe
  C:\Windows\System\yEBkPth.exe
  2⤵
  PID:7908
- C:\Windows\System\FOwpFCF.exe
  C:\Windows\System\FOwpFCF.exe
  2⤵
  PID:7948
- C:\Windows\System\JTUCylu.exe
  C:\Windows\System\JTUCylu.exe
  2⤵
  PID:7972
- C:\Windows\System\kPltjxy.exe
  C:\Windows\System\kPltjxy.exe
  2⤵
  PID:2768
- C:\Windows\System\QjuPkwQ.exe
  C:\Windows\System\QjuPkwQ.exe
  2⤵
  PID:8028
- C:\Windows\System\tXDtiYc.exe
  C:\Windows\System\tXDtiYc.exe
  2⤵
  PID:8072
- C:\Windows\System\jZSQFXo.exe
  C:\Windows\System\jZSQFXo.exe
  2⤵
  PID:8088
- C:\Windows\System\AKaatAs.exe
  C:\Windows\System\AKaatAs.exe
  2⤵
  PID:8148
- C:\Windows\System\ONRmOLy.exe
  C:\Windows\System\ONRmOLy.exe
  2⤵
  PID:8188
- C:\Windows\System\oxqJXrM.exe
  C:\Windows\System\oxqJXrM.exe
  2⤵
  PID:6268
- C:\Windows\System\proCTnl.exe
  C:\Windows\System\proCTnl.exe
  2⤵
  PID:6308
- C:\Windows\System\jnqymZg.exe
  C:\Windows\System\jnqymZg.exe
  2⤵
  PID:6424
- C:\Windows\System\GqgPOEb.exe
  C:\Windows\System\GqgPOEb.exe
  2⤵
  PID:6656
- C:\Windows\System\WogKoeD.exe
  C:\Windows\System\WogKoeD.exe
  2⤵
  PID:6696
- C:\Windows\System\XrzBLOb.exe
  C:\Windows\System\XrzBLOb.exe
  2⤵
  PID:6928
- C:\Windows\System\uVUvDOb.exe
  C:\Windows\System\uVUvDOb.exe
  2⤵
  PID:7028
- C:\Windows\System\kveApPA.exe
  C:\Windows\System\kveApPA.exe
  2⤵
  PID:4192
- C:\Windows\System\QBuOrTy.exe
  C:\Windows\System\QBuOrTy.exe
  2⤵
  PID:5328
- C:\Windows\System\KWFqmoS.exe
  C:\Windows\System\KWFqmoS.exe
  2⤵
  PID:7204
- C:\Windows\System\tvbweZf.exe
  C:\Windows\System\tvbweZf.exe
  2⤵
  PID:7280
- C:\Windows\System\SsBYIFf.exe
  C:\Windows\System\SsBYIFf.exe
  2⤵
  PID:7320
- C:\Windows\System\gfFuYmv.exe
  C:\Windows\System\gfFuYmv.exe
  2⤵
  PID:7328
- C:\Windows\System\BJOMpAp.exe
  C:\Windows\System\BJOMpAp.exe
  2⤵
  PID:7368
- C:\Windows\System\xzGjHVq.exe
  C:\Windows\System\xzGjHVq.exe
  2⤵
  PID:7440
- C:\Windows\System\bpsCVNj.exe
  C:\Windows\System\bpsCVNj.exe
  2⤵
  PID:7540
- C:\Windows\System\ARkHnsa.exe
  C:\Windows\System\ARkHnsa.exe
  2⤵
  PID:7588
- C:\Windows\System\JSZGWzt.exe
  C:\Windows\System\JSZGWzt.exe
  2⤵
  PID:7584
- C:\Windows\System\wyPEhZR.exe
  C:\Windows\System\wyPEhZR.exe
  2⤵
  PID:7624
- C:\Windows\System\lIsYzWs.exe
  C:\Windows\System\lIsYzWs.exe
  2⤵
  PID:7728
- C:\Windows\System\ozMSXmJ.exe
  C:\Windows\System\ozMSXmJ.exe
  2⤵
  PID:2684
- C:\Windows\System\tYpwRTl.exe
  C:\Windows\System\tYpwRTl.exe
  2⤵
  PID:2680
- C:\Windows\System\FAgAKOD.exe
  C:\Windows\System\FAgAKOD.exe
  2⤵
  PID:7848
- C:\Windows\System\CKWqfSd.exe
  C:\Windows\System\CKWqfSd.exe
  2⤵
  PID:2924
- C:\Windows\System\JnMuMgy.exe
  C:\Windows\System\JnMuMgy.exe
  2⤵
  PID:7932
- C:\Windows\System\BvlOGiu.exe
  C:\Windows\System\BvlOGiu.exe
  2⤵
  PID:7992
- C:\Windows\System\krvPJoj.exe
  C:\Windows\System\krvPJoj.exe
  2⤵
  PID:6224
- C:\Windows\System\NxXKDOn.exe
  C:\Windows\System\NxXKDOn.exe
  2⤵
  PID:6408
- C:\Windows\System\JLMOHJz.exe
  C:\Windows\System\JLMOHJz.exe
  2⤵
  PID:6352
- C:\Windows\System\yPlyumC.exe
  C:\Windows\System\yPlyumC.exe
  2⤵
  PID:2744
- C:\Windows\System\kMJFkhN.exe
  C:\Windows\System\kMJFkhN.exe
  2⤵
  PID:7008
- C:\Windows\System\LQNHwRV.exe
  C:\Windows\System\LQNHwRV.exe
  2⤵
  PID:3120
- C:\Windows\System\OecAjos.exe
  C:\Windows\System\OecAjos.exe
  2⤵
  PID:7176
- C:\Windows\System\SAaNuDV.exe
  C:\Windows\System\SAaNuDV.exe
  2⤵
  PID:2056
- C:\Windows\System\FJhQNcC.exe
  C:\Windows\System\FJhQNcC.exe
  2⤵
  PID:2696
- C:\Windows\System\FUbvhUM.exe
  C:\Windows\System\FUbvhUM.exe
  2⤵
  PID:7400
- C:\Windows\System\PhzAnOj.exe
  C:\Windows\System\PhzAnOj.exe
  2⤵
  PID:7464
- C:\Windows\System\WFTugWD.exe
  C:\Windows\System\WFTugWD.exe
  2⤵
  PID:7560
- C:\Windows\System\IVAhWeP.exe
  C:\Windows\System\IVAhWeP.exe
  2⤵
  PID:7700
- C:\Windows\System\cmcfcwe.exe
  C:\Windows\System\cmcfcwe.exe
  2⤵
  PID:7780
- C:\Windows\System\AenTBqB.exe
  C:\Windows\System\AenTBqB.exe
  2⤵
  PID:2824
- C:\Windows\System\pKIIkaB.exe
  C:\Windows\System\pKIIkaB.exe
  2⤵
  PID:7888
- C:\Windows\System\jMhdFYc.exe
  C:\Windows\System\jMhdFYc.exe
  2⤵
  PID:6148
- C:\Windows\System\JridrNd.exe
  C:\Windows\System\JridrNd.exe
  2⤵
  PID:2572
- C:\Windows\System\eOndHMb.exe
  C:\Windows\System\eOndHMb.exe
  2⤵
  PID:1136
- C:\Windows\System\XNEAXfL.exe
  C:\Windows\System\XNEAXfL.exe
  2⤵
  PID:2308
- C:\Windows\System\covsRBX.exe
  C:\Windows\System\covsRBX.exe
  2⤵
  PID:1488
- C:\Windows\System\hnFgGBZ.exe
  C:\Windows\System\hnFgGBZ.exe
  2⤵
  PID:4256
- C:\Windows\System\GLwcWow.exe
  C:\Windows\System\GLwcWow.exe
  2⤵
  PID:6508
- C:\Windows\System\JwFEvHQ.exe
  C:\Windows\System\JwFEvHQ.exe
  2⤵
  PID:6188
- C:\Windows\System\qOJIMAb.exe
  C:\Windows\System\qOJIMAb.exe
  2⤵
  PID:2992
- C:\Windows\System\weCCYRd.exe
  C:\Windows\System\weCCYRd.exe
  2⤵
  PID:7100
- C:\Windows\System\rHWpAXk.exe
  C:\Windows\System\rHWpAXk.exe
  2⤵
  PID:7304
- C:\Windows\System\MjGvkVr.exe
  C:\Windows\System\MjGvkVr.exe
  2⤵
  PID:7268
- C:\Windows\System\SCeusxX.exe
  C:\Windows\System\SCeusxX.exe
  2⤵
  PID:2764
- C:\Windows\System\yYWsifm.exe
  C:\Windows\System\yYWsifm.exe
  2⤵
  PID:2644
- C:\Windows\System\IDFTMgK.exe
  C:\Windows\System\IDFTMgK.exe
  2⤵
  PID:1440
- C:\Windows\System\ipdVlJz.exe
  C:\Windows\System\ipdVlJz.exe
  2⤵
  PID:7872
- C:\Windows\System\NPhXKIV.exe
  C:\Windows\System\NPhXKIV.exe
  2⤵
  PID:7988
- C:\Windows\System\mwyeZUI.exe
  C:\Windows\System\mwyeZUI.exe
  2⤵
  PID:3004
- C:\Windows\System\vZxqRpQ.exe
  C:\Windows\System\vZxqRpQ.exe
  2⤵
  PID:6796
- C:\Windows\System\NbZkMnv.exe
  C:\Windows\System\NbZkMnv.exe
  2⤵
  PID:8152
- C:\Windows\System\naGpIXe.exe
  C:\Windows\System\naGpIXe.exe
  2⤵
  PID:4076
- C:\Windows\System\KnMmZdz.exe
  C:\Windows\System\KnMmZdz.exe
  2⤵
  PID:6364
- C:\Windows\System\msnKIXT.exe
  C:\Windows\System\msnKIXT.exe
  2⤵
  PID:8204
- C:\Windows\System\LuTuzZq.exe
  C:\Windows\System\LuTuzZq.exe
  2⤵
  PID:8228
- C:\Windows\System\lEisdIc.exe
  C:\Windows\System\lEisdIc.exe
  2⤵
  PID:8244
- C:\Windows\System\VXFhmKC.exe
  C:\Windows\System\VXFhmKC.exe
  2⤵
  PID:8268
- C:\Windows\System\sHqclcc.exe
  C:\Windows\System\sHqclcc.exe
  2⤵
  PID:8284
- C:\Windows\System\AgIRJLW.exe
  C:\Windows\System\AgIRJLW.exe
  2⤵
  PID:8308
- C:\Windows\System\iPdFvyE.exe
  C:\Windows\System\iPdFvyE.exe
  2⤵
  PID:8328
- C:\Windows\System\ezidMaz.exe
  C:\Windows\System\ezidMaz.exe
  2⤵
  PID:8348
- C:\Windows\System\RfHyHeK.exe
  C:\Windows\System\RfHyHeK.exe
  2⤵
  PID:8380
- C:\Windows\System\flcmPtA.exe
  C:\Windows\System\flcmPtA.exe
  2⤵
  PID:8400
- C:\Windows\System\YcgNJKF.exe
  C:\Windows\System\YcgNJKF.exe
  2⤵
  PID:8416
- C:\Windows\System\ifPyAHp.exe
  C:\Windows\System\ifPyAHp.exe
  2⤵
  PID:8440
- C:\Windows\System\oGGtPEJ.exe
  C:\Windows\System\oGGtPEJ.exe
  2⤵
  PID:8464
- C:\Windows\System\KNaCVGP.exe
  C:\Windows\System\KNaCVGP.exe
  2⤵
  PID:8484
- C:\Windows\System\orzYRed.exe
  C:\Windows\System\orzYRed.exe
  2⤵
  PID:8508
- C:\Windows\System\iYUdYcP.exe
  C:\Windows\System\iYUdYcP.exe
  2⤵
  PID:8528
- C:\Windows\System\PEBechv.exe
  C:\Windows\System\PEBechv.exe
  2⤵
  PID:8548
- C:\Windows\System\eVRGLhl.exe
  C:\Windows\System\eVRGLhl.exe
  2⤵
  PID:8568
- C:\Windows\System\FJdZNGp.exe
  C:\Windows\System\FJdZNGp.exe
  2⤵
  PID:8588
- C:\Windows\System\GTFObbJ.exe
  C:\Windows\System\GTFObbJ.exe
  2⤵
  PID:8608
- C:\Windows\System\xiQBaJf.exe
  C:\Windows\System\xiQBaJf.exe
  2⤵
  PID:8624
- C:\Windows\System\TlOmmgW.exe
  C:\Windows\System\TlOmmgW.exe
  2⤵
  PID:8640
- C:\Windows\System\xYwFNQq.exe
  C:\Windows\System\xYwFNQq.exe
  2⤵
  PID:8656
- C:\Windows\System\fconQfM.exe
  C:\Windows\System\fconQfM.exe
  2⤵
  PID:8672
- C:\Windows\System\CRnDmKW.exe
  C:\Windows\System\CRnDmKW.exe
  2⤵
  PID:8688
- C:\Windows\System\INQXEeO.exe
  C:\Windows\System\INQXEeO.exe
  2⤵
  PID:8704
- C:\Windows\System\bfLALZW.exe
  C:\Windows\System\bfLALZW.exe
  2⤵
  PID:8720
- C:\Windows\System\InnQcks.exe
  C:\Windows\System\InnQcks.exe
  2⤵
  PID:8736
- C:\Windows\System\zeaeDDU.exe
  C:\Windows\System\zeaeDDU.exe
  2⤵
  PID:8752
- C:\Windows\System\TuLhVHl.exe
  C:\Windows\System\TuLhVHl.exe
  2⤵
  PID:8776
- C:\Windows\System\tozGmhq.exe
  C:\Windows\System\tozGmhq.exe
  2⤵
  PID:8792
- C:\Windows\System\manWWRO.exe
  C:\Windows\System\manWWRO.exe
  2⤵
  PID:8808
- C:\Windows\System\cunyNUS.exe
  C:\Windows\System\cunyNUS.exe
  2⤵
  PID:8836
- C:\Windows\System\scJhCkz.exe
  C:\Windows\System\scJhCkz.exe
  2⤵
  PID:8868
- C:\Windows\System\nNvutiE.exe
  C:\Windows\System\nNvutiE.exe
  2⤵
  PID:8888
- C:\Windows\System\KoCzPei.exe
  C:\Windows\System\KoCzPei.exe
  2⤵
  PID:8904
- C:\Windows\System\CmzSvIv.exe
  C:\Windows\System\CmzSvIv.exe
  2⤵
  PID:8920
- C:\Windows\System\ZgSzDxE.exe
  C:\Windows\System\ZgSzDxE.exe
  2⤵
  PID:8936
- C:\Windows\System\oJhquoe.exe
  C:\Windows\System\oJhquoe.exe
  2⤵
  PID:8956
- C:\Windows\System\DENmxqv.exe
  C:\Windows\System\DENmxqv.exe
  2⤵
  PID:8972
- C:\Windows\System\IBuSkbR.exe
  C:\Windows\System\IBuSkbR.exe
  2⤵
  PID:8992
- C:\Windows\System\UIRGQHq.exe
  C:\Windows\System\UIRGQHq.exe
  2⤵
  PID:9008
- C:\Windows\System\guFwTHa.exe
  C:\Windows\System\guFwTHa.exe
  2⤵
  PID:9028
- C:\Windows\System\MzRCItf.exe
  C:\Windows\System\MzRCItf.exe
  2⤵
  PID:9044
- C:\Windows\System\FjYoqRm.exe
  C:\Windows\System\FjYoqRm.exe
  2⤵
  PID:9120
- C:\Windows\System\CFnyTqN.exe
  C:\Windows\System\CFnyTqN.exe
  2⤵
  PID:9136
- C:\Windows\System\hYLLZSo.exe
  C:\Windows\System\hYLLZSo.exe
  2⤵
  PID:9152
- C:\Windows\System\SqoqwiZ.exe
  C:\Windows\System\SqoqwiZ.exe
  2⤵
  PID:9168
- C:\Windows\System\JQycQBc.exe
  C:\Windows\System\JQycQBc.exe
  2⤵
  PID:9184
- C:\Windows\System\SAhpsnR.exe
  C:\Windows\System\SAhpsnR.exe
  2⤵
  PID:9200
- C:\Windows\System\UAMSyVJ.exe
  C:\Windows\System\UAMSyVJ.exe
  2⤵
  PID:6848
- C:\Windows\System\WMxDjKF.exe
  C:\Windows\System\WMxDjKF.exe
  2⤵
  PID:7724
- C:\Windows\System\KVLGmLN.exe
  C:\Windows\System\KVLGmLN.exe
  2⤵
  PID:7808
- C:\Windows\System\jiUuPOW.exe
  C:\Windows\System\jiUuPOW.exe
  2⤵
  PID:8004
- C:\Windows\System\vMHzveP.exe
  C:\Windows\System\vMHzveP.exe
  2⤵
  PID:7640
- C:\Windows\System\sIgiJrb.exe
  C:\Windows\System\sIgiJrb.exe
  2⤵
  PID:880
- C:\Windows\System\EBPOOnD.exe
  C:\Windows\System\EBPOOnD.exe
  2⤵
  PID:7344
- C:\Windows\System\SGugOhu.exe
  C:\Windows\System\SGugOhu.exe
  2⤵
  PID:8212
- C:\Windows\System\HoDTHeA.exe
  C:\Windows\System\HoDTHeA.exe
  2⤵
  PID:8196
- C:\Windows\System\EIaUqlS.exe
  C:\Windows\System\EIaUqlS.exe
  2⤵
  PID:8264
- C:\Windows\System\xWzGCdT.exe
  C:\Windows\System\xWzGCdT.exe
  2⤵
  PID:2104
- C:\Windows\System\dveZfCa.exe
  C:\Windows\System\dveZfCa.exe
  2⤵
  PID:8340
- C:\Windows\System\axOfVLu.exe
  C:\Windows\System\axOfVLu.exe
  2⤵
  PID:8372
- C:\Windows\System\vBdYGmY.exe
  C:\Windows\System\vBdYGmY.exe
  2⤵
  PID:8360
- C:\Windows\System\kanFHej.exe
  C:\Windows\System\kanFHej.exe
  2⤵
  PID:8428
- C:\Windows\System\ZDWCIkU.exe
  C:\Windows\System\ZDWCIkU.exe
  2⤵
  PID:8448
- C:\Windows\System\HWkPvxc.exe
  C:\Windows\System\HWkPvxc.exe
  2⤵
  PID:8480
- C:\Windows\System\jHWDPwb.exe
  C:\Windows\System\jHWDPwb.exe
  2⤵
  PID:8536
- C:\Windows\System\YAMAIbE.exe
  C:\Windows\System\YAMAIbE.exe
  2⤵
  PID:8580
- C:\Windows\System\jdIjmiV.exe
  C:\Windows\System\jdIjmiV.exe
  2⤵
  PID:8620
- C:\Windows\System\ZATKraf.exe
  C:\Windows\System\ZATKraf.exe
  2⤵
  PID:8700
- C:\Windows\System\BzUIXUO.exe
  C:\Windows\System\BzUIXUO.exe
  2⤵
  PID:8764
- C:\Windows\System\YOyMiMO.exe
  C:\Windows\System\YOyMiMO.exe
  2⤵
  PID:8712
- C:\Windows\System\TmDbGCA.exe
  C:\Windows\System\TmDbGCA.exe
  2⤵
  PID:8748
- C:\Windows\System\EiXnPeD.exe
  C:\Windows\System\EiXnPeD.exe
  2⤵
  PID:8848
- C:\Windows\System\cROjwiQ.exe
  C:\Windows\System\cROjwiQ.exe
  2⤵
  PID:8896
- C:\Windows\System\HFPorTV.exe
  C:\Windows\System\HFPorTV.exe
  2⤵
  PID:8832
- C:\Windows\System\TlECkOh.exe
  C:\Windows\System\TlECkOh.exe
  2⤵
  PID:8932
- C:\Windows\System\KThgYjm.exe
  C:\Windows\System\KThgYjm.exe
  2⤵
  PID:8944
- C:\Windows\System\dPliubb.exe
  C:\Windows\System\dPliubb.exe
  2⤵
  PID:8948
- C:\Windows\System\LnVCwYB.exe
  C:\Windows\System\LnVCwYB.exe
  2⤵
  PID:8984
- C:\Windows\System\TmhnNxf.exe
  C:\Windows\System\TmhnNxf.exe
  2⤵
  PID:9036
- C:\Windows\System\neFQFjW.exe
  C:\Windows\System\neFQFjW.exe
  2⤵
  PID:9064
- C:\Windows\System\qZSkkhs.exe
  C:\Windows\System\qZSkkhs.exe
  2⤵
  PID:9080
- C:\Windows\System\FIArzBL.exe
  C:\Windows\System\FIArzBL.exe
  2⤵
  PID:9096
- C:\Windows\System\bXFuXLf.exe
  C:\Windows\System\bXFuXLf.exe
  2⤵
  PID:9112
- C:\Windows\System\FqVZJay.exe
  C:\Windows\System\FqVZJay.exe
  2⤵
  PID:9164
- C:\Windows\System\VHLxxXT.exe
  C:\Windows\System\VHLxxXT.exe
  2⤵
  PID:9196
- C:\Windows\System\xwwNIrk.exe
  C:\Windows\System\xwwNIrk.exe
  2⤵
  PID:7528
- C:\Windows\System\FNbPbiU.exe
  C:\Windows\System\FNbPbiU.exe
  2⤵
  PID:7448
- C:\Windows\System\wYEnwgB.exe
  C:\Windows\System\wYEnwgB.exe
  2⤵
  PID:2748
- C:\Windows\System\ZBfNXLn.exe
  C:\Windows\System\ZBfNXLn.exe
  2⤵
  PID:8260
- C:\Windows\System\BdEVxSA.exe
  C:\Windows\System\BdEVxSA.exe
  2⤵
  PID:8292
- C:\Windows\System\tWjRucY.exe
  C:\Windows\System\tWjRucY.exe
  2⤵
  PID:8296
- C:\Windows\System\xmhaFCC.exe
  C:\Windows\System\xmhaFCC.exe
  2⤵
  PID:8320
- C:\Windows\System\iUrLHHb.exe
  C:\Windows\System\iUrLHHb.exe
  2⤵
  PID:2252
- C:\Windows\System\nQsSqaU.exe
  C:\Windows\System\nQsSqaU.exe
  2⤵
  PID:2928
- C:\Windows\System\NztwHJT.exe
  C:\Windows\System\NztwHJT.exe
  2⤵
  PID:8500
- C:\Windows\System\WByPpTr.exe
  C:\Windows\System\WByPpTr.exe
  2⤵
  PID:8544
- C:\Windows\System\hbdXDRh.exe
  C:\Windows\System\hbdXDRh.exe
  2⤵
  PID:8596
- C:\Windows\System\AePNosG.exe
  C:\Windows\System\AePNosG.exe
  2⤵
  PID:2408
- C:\Windows\System\kYDGtoE.exe
  C:\Windows\System\kYDGtoE.exe
  2⤵
  PID:2568
- C:\Windows\System\ujDzfiu.exe
  C:\Windows\System\ujDzfiu.exe
  2⤵
  PID:1728
- C:\Windows\System\uXgVqDl.exe
  C:\Windows\System\uXgVqDl.exe
  2⤵
  PID:8800
- C:\Windows\System\JAAzvJN.exe
  C:\Windows\System\JAAzvJN.exe
  2⤵
  PID:2248
- C:\Windows\System\FFiYSBd.exe
  C:\Windows\System\FFiYSBd.exe
  2⤵
  PID:1696
- C:\Windows\System\XMbVZrs.exe
  C:\Windows\System\XMbVZrs.exe
  2⤵
  PID:2788
- C:\Windows\System\SywPRCY.exe
  C:\Windows\System\SywPRCY.exe
  2⤵
  PID:8916
- C:\Windows\System\AzFPeyj.exe
  C:\Windows\System\AzFPeyj.exe
  2⤵
  PID:2144
- C:\Windows\System\qGMYFUz.exe
  C:\Windows\System\qGMYFUz.exe
  2⤵
  PID:2084
- C:\Windows\System\FXTpHzQ.exe
  C:\Windows\System\FXTpHzQ.exe
  2⤵
  PID:9020
- C:\Windows\System\wWIlaKh.exe
  C:\Windows\System\wWIlaKh.exe
  2⤵
  PID:1396
- C:\Windows\System\BpeJWMY.exe
  C:\Windows\System\BpeJWMY.exe
  2⤵
  PID:9068
- C:\Windows\System\leKtzBg.exe
  C:\Windows\System\leKtzBg.exe
  2⤵
  PID:9104
- C:\Windows\System\GvEGbQP.exe
  C:\Windows\System\GvEGbQP.exe
  2⤵
  PID:9132
- C:\Windows\System\EakKTPz.exe
  C:\Windows\System\EakKTPz.exe
  2⤵
  PID:1568
- C:\Windows\System\DqxmiAk.exe
  C:\Windows\System\DqxmiAk.exe
  2⤵
  PID:1092
- C:\Windows\System\MCZWVkV.exe
  C:\Windows\System\MCZWVkV.exe
  2⤵
  PID:8668
- C:\Windows\System\GjMjkSp.exe
  C:\Windows\System\GjMjkSp.exe
  2⤵
  PID:2044
- C:\Windows\System\PxxhzPo.exe
  C:\Windows\System\PxxhzPo.exe
  2⤵
  PID:9176
- C:\Windows\System\hYrgkyg.exe
  C:\Windows\System\hYrgkyg.exe
  2⤵
  PID:2388
- C:\Windows\System\xVPJbBI.exe
  C:\Windows\System\xVPJbBI.exe
  2⤵
  PID:2828
- C:\Windows\System\WdQkIjH.exe
  C:\Windows\System\WdQkIjH.exe
  2⤵
  PID:2200
- C:\Windows\System\daWpdSG.exe
  C:\Windows\System\daWpdSG.exe
  2⤵
  PID:8220
- C:\Windows\System\qSpZMnL.exe
  C:\Windows\System\qSpZMnL.exe
  2⤵
  PID:6776
- C:\Windows\System\tvKdose.exe
  C:\Windows\System\tvKdose.exe
  2⤵
  PID:8344
- C:\Windows\System\zXqmHol.exe
  C:\Windows\System\zXqmHol.exe
  2⤵
  PID:8520
- C:\Windows\System\RIwvzZx.exe
  C:\Windows\System\RIwvzZx.exe
  2⤵
  PID:8636
- C:\Windows\System\MexxaQD.exe
  C:\Windows\System\MexxaQD.exe
  2⤵
  PID:8496
- C:\Windows\System\BXZRijx.exe
  C:\Windows\System\BXZRijx.exe
  2⤵
  PID:1056
- C:\Windows\System\DBUtjhw.exe
  C:\Windows\System\DBUtjhw.exe
  2⤵
  PID:8928
- C:\Windows\System\gtfNWvd.exe
  C:\Windows\System\gtfNWvd.exe
  2⤵
  PID:2348
- C:\Windows\System\ETmYPHN.exe
  C:\Windows\System\ETmYPHN.exe
  2⤵
  PID:8912
- C:\Windows\System\XziHybb.exe
  C:\Windows\System\XziHybb.exe
  2⤵
  PID:8760
- C:\Windows\System\LTVTZzd.exe
  C:\Windows\System\LTVTZzd.exe
  2⤵
  PID:8784
- C:\Windows\System\VgdtJcy.exe
  C:\Windows\System\VgdtJcy.exe
  2⤵
  PID:1124
- C:\Windows\System\fCnrUsW.exe
  C:\Windows\System\fCnrUsW.exe
  2⤵
  PID:1444
- C:\Windows\System\qOuPWgm.exe
  C:\Windows\System\qOuPWgm.exe
  2⤵
  PID:2052
- C:\Windows\System\xNAmxYx.exe
  C:\Windows\System\xNAmxYx.exe
  2⤵
  PID:1484
- C:\Windows\System\SlVLXBa.exe
  C:\Windows\System\SlVLXBa.exe
  2⤵
  PID:1176
- C:\Windows\System\AqFjcOD.exe
  C:\Windows\System\AqFjcOD.exe
  2⤵
  PID:1376
- C:\Windows\System\SCwsqVD.exe
  C:\Windows\System\SCwsqVD.exe
  2⤵
  PID:7364
- C:\Windows\System\ERMkodN.exe
  C:\Windows\System\ERMkodN.exe
  2⤵
  PID:2092
- C:\Windows\System\KLxQgQM.exe
  C:\Windows\System\KLxQgQM.exe
  2⤵
  PID:2648
- C:\Windows\System\ICeUuTP.exe
  C:\Windows\System\ICeUuTP.exe
  2⤵
  PID:8240
- C:\Windows\System\uduvhAw.exe
  C:\Windows\System\uduvhAw.exe
  2⤵
  PID:8316
- C:\Windows\System\invlrNO.exe
  C:\Windows\System\invlrNO.exe
  2⤵
  PID:8696
- C:\Windows\System\QSfynvl.exe
  C:\Windows\System\QSfynvl.exe
  2⤵
  PID:8576
- C:\Windows\System\JckyFCt.exe
  C:\Windows\System\JckyFCt.exe
  2⤵
  PID:8788
- C:\Windows\System\ZVzrLNk.exe
  C:\Windows\System\ZVzrLNk.exe
  2⤵
  PID:8860
- C:\Windows\System\tnKomKx.exe
  C:\Windows\System\tnKomKx.exe
  2⤵
  PID:2616
- C:\Windows\System\ZGZJlWj.exe
  C:\Windows\System\ZGZJlWj.exe
  2⤵
  PID:2808
- C:\Windows\System\JncNdDZ.exe
  C:\Windows\System\JncNdDZ.exe
  2⤵
  PID:2844
- C:\Windows\System\CgybvTl.exe
  C:\Windows\System\CgybvTl.exe
  2⤵
  PID:9160
- C:\Windows\System\JaPbEaU.exe
  C:\Windows\System\JaPbEaU.exe
  2⤵
  PID:8300
- C:\Windows\System\GQnbemp.exe
  C:\Windows\System\GQnbemp.exe
  2⤵
  PID:4820
- C:\Windows\System\ltDlvWt.exe
  C:\Windows\System\ltDlvWt.exe
  2⤵
  PID:8396
- C:\Windows\System\IqGsHer.exe
  C:\Windows\System\IqGsHer.exe
  2⤵
  PID:8820
- C:\Windows\System\QbriWXf.exe
  C:\Windows\System\QbriWXf.exe
  2⤵
  PID:8728
- C:\Windows\System\ybdZPMM.exe
  C:\Windows\System\ybdZPMM.exe
  2⤵
  PID:9016
- C:\Windows\System\fFbXTbS.exe
  C:\Windows\System\fFbXTbS.exe
  2⤵
  PID:8564
- C:\Windows\System\xYsDGnI.exe
  C:\Windows\System\xYsDGnI.exe
  2⤵
  PID:7684
- C:\Windows\System\DejBrOJ.exe
  C:\Windows\System\DejBrOJ.exe
  2⤵
  PID:9192
- C:\Windows\System\IUReYEr.exe
  C:\Windows\System\IUReYEr.exe
  2⤵
  PID:8852
- C:\Windows\System\ZNXjSYC.exe
  C:\Windows\System\ZNXjSYC.exe
  2⤵
  PID:9084
- C:\Windows\System\ogmLvIZ.exe
  C:\Windows\System\ogmLvIZ.exe
  2⤵
  PID:1000
- C:\Windows\System\MYhMxOc.exe
  C:\Windows\System\MYhMxOc.exe
  2⤵
  PID:1872
- C:\Windows\System\XvizNey.exe
  C:\Windows\System\XvizNey.exe
  2⤵
  PID:8980
- C:\Windows\System\LINdxfl.exe
  C:\Windows\System\LINdxfl.exe
  2⤵
  PID:9060
- C:\Windows\System\WkcikPO.exe
  C:\Windows\System\WkcikPO.exe
  2⤵
  PID:7264
- C:\Windows\System\PTjvmnW.exe
  C:\Windows\System\PTjvmnW.exe
  2⤵
  PID:9000
- C:\Windows\System\YfDPMfb.exe
  C:\Windows\System\YfDPMfb.exe
  2⤵
  PID:6232
- C:\Windows\System\JxGdgoq.exe
  C:\Windows\System\JxGdgoq.exe
  2⤵
  PID:9224
- C:\Windows\System\HzvNrkt.exe
  C:\Windows\System\HzvNrkt.exe
  2⤵
  PID:9248
- C:\Windows\System\ExbPKZe.exe
  C:\Windows\System\ExbPKZe.exe
  2⤵
  PID:9268
- C:\Windows\System\jqHunJS.exe
  C:\Windows\System\jqHunJS.exe
  2⤵
  PID:9292
- C:\Windows\System\TvFbylw.exe
  C:\Windows\System\TvFbylw.exe
  2⤵
  PID:9312
- C:\Windows\System\UnGRrjW.exe
  C:\Windows\System\UnGRrjW.exe
  2⤵
  PID:9332
- C:\Windows\System\qePIrOm.exe
  C:\Windows\System\qePIrOm.exe
  2⤵
  PID:9352
- C:\Windows\System\wOUakiL.exe
  C:\Windows\System\wOUakiL.exe
  2⤵
  PID:9372
- C:\Windows\System\MBEGmVB.exe
  C:\Windows\System\MBEGmVB.exe
  2⤵
  PID:9392
- C:\Windows\System\SmnsnuI.exe
  C:\Windows\System\SmnsnuI.exe
  2⤵
  PID:9412
- C:\Windows\System\dKNqFEZ.exe
  C:\Windows\System\dKNqFEZ.exe
  2⤵
  PID:9432
- C:\Windows\System\fKgyUVG.exe
  C:\Windows\System\fKgyUVG.exe
  2⤵
  PID:9448
- C:\Windows\System\svWWUHR.exe
  C:\Windows\System\svWWUHR.exe
  2⤵
  PID:9472
- C:\Windows\System\oHcXajz.exe
  C:\Windows\System\oHcXajz.exe
  2⤵
  PID:9492
- C:\Windows\System\arevcur.exe
  C:\Windows\System\arevcur.exe
  2⤵
  PID:9508
- C:\Windows\System\pPGGFPY.exe
  C:\Windows\System\pPGGFPY.exe
  2⤵
  PID:9524
- C:\Windows\System\WAQkvEC.exe
  C:\Windows\System\WAQkvEC.exe
  2⤵
  PID:9540
- C:\Windows\System\HHXykcB.exe
  C:\Windows\System\HHXykcB.exe
  2⤵
  PID:9564
- C:\Windows\System\cHyrKxJ.exe
  C:\Windows\System\cHyrKxJ.exe
  2⤵
  PID:9584
- C:\Windows\System\dPKlfrK.exe
  C:\Windows\System\dPKlfrK.exe
  2⤵
  PID:9612
- C:\Windows\System\hWRcQgb.exe
  C:\Windows\System\hWRcQgb.exe
  2⤵
  PID:9628
- C:\Windows\System\xChwlIM.exe
  C:\Windows\System\xChwlIM.exe
  2⤵
  PID:9644
- C:\Windows\System\MMnfjEN.exe
  C:\Windows\System\MMnfjEN.exe
  2⤵
  PID:9660
- C:\Windows\System\hRNHNnS.exe
  C:\Windows\System\hRNHNnS.exe
  2⤵
  PID:9688
- C:\Windows\System\jFEUYLp.exe
  C:\Windows\System\jFEUYLp.exe
  2⤵
  PID:9708
- C:\Windows\System\ICOJhbj.exe
  C:\Windows\System\ICOJhbj.exe
  2⤵
  PID:9724
- C:\Windows\System\piHbsRo.exe
  C:\Windows\System\piHbsRo.exe
  2⤵
  PID:9740
- C:\Windows\System\XqbXWuJ.exe
  C:\Windows\System\XqbXWuJ.exe
  2⤵
  PID:9760
- C:\Windows\System\gXyMxnW.exe
  C:\Windows\System\gXyMxnW.exe
  2⤵
  PID:9784
- C:\Windows\System\RxOyTyW.exe
  C:\Windows\System\RxOyTyW.exe
  2⤵
  PID:9800
- C:\Windows\System\IoDYxJH.exe
  C:\Windows\System\IoDYxJH.exe
  2⤵
  PID:9832
- C:\Windows\System\PogzCJO.exe
  C:\Windows\System\PogzCJO.exe
  2⤵
  PID:9852
- C:\Windows\System\VlOlmKj.exe
  C:\Windows\System\VlOlmKj.exe
  2⤵
  PID:9872
- C:\Windows\System\OkKPvvd.exe
  C:\Windows\System\OkKPvvd.exe
  2⤵
  PID:9892
- C:\Windows\System\sWesWIG.exe
  C:\Windows\System\sWesWIG.exe
  2⤵
  PID:9912
- C:\Windows\System\vvrDVkY.exe
  C:\Windows\System\vvrDVkY.exe
  2⤵
  PID:9928
- C:\Windows\System\GveXovl.exe
  C:\Windows\System\GveXovl.exe
  2⤵
  PID:9944
- C:\Windows\System\wcSzZde.exe
  C:\Windows\System\wcSzZde.exe
  2⤵
  PID:9964
- C:\Windows\System\iwvvZTb.exe
  C:\Windows\System\iwvvZTb.exe
  2⤵
  PID:9980
- C:\Windows\System\PpZbXRF.exe
  C:\Windows\System\PpZbXRF.exe
  2⤵
  PID:9996
- C:\Windows\System\neonIIN.exe
  C:\Windows\System\neonIIN.exe
  2⤵
  PID:10028
- C:\Windows\System\jjyGyGV.exe
  C:\Windows\System\jjyGyGV.exe
  2⤵
  PID:10052
- C:\Windows\System\XXDgQlO.exe
  C:\Windows\System\XXDgQlO.exe
  2⤵
  PID:10068
- C:\Windows\System\FWZLPvK.exe
  C:\Windows\System\FWZLPvK.exe
  2⤵
  PID:10084
- C:\Windows\System\SqCHlhi.exe
  C:\Windows\System\SqCHlhi.exe
  2⤵
  PID:10100
- C:\Windows\System\CleWYdb.exe
  C:\Windows\System\CleWYdb.exe
  2⤵
  PID:10116
- C:\Windows\System\YwVMjuD.exe
  C:\Windows\System\YwVMjuD.exe
  2⤵
  PID:10132
- C:\Windows\System\NbvwvSs.exe
  C:\Windows\System\NbvwvSs.exe
  2⤵
  PID:10148
- C:\Windows\System\ZZRwKGF.exe
  C:\Windows\System\ZZRwKGF.exe
  2⤵
  PID:10168
- C:\Windows\System\YDObDQz.exe
  C:\Windows\System\YDObDQz.exe
  2⤵
  PID:10188
- C:\Windows\System\XKGqLEv.exe
  C:\Windows\System\XKGqLEv.exe
  2⤵
  PID:10204
- C:\Windows\System\YbuVfju.exe
  C:\Windows\System\YbuVfju.exe
  2⤵
  PID:9240
- C:\Windows\System\cwQyjDs.exe
  C:\Windows\System\cwQyjDs.exe
  2⤵
  PID:9256
- C:\Windows\System\sIQWqlt.exe
  C:\Windows\System\sIQWqlt.exe
  2⤵
  PID:9280
- C:\Windows\System\MgXlsAs.exe
  C:\Windows\System\MgXlsAs.exe
  2⤵
  PID:9324
- C:\Windows\System\yIIShQz.exe
  C:\Windows\System\yIIShQz.exe
  2⤵
  PID:9364
- C:\Windows\System\RTAdBYd.exe
  C:\Windows\System\RTAdBYd.exe
  2⤵
  PID:9400
- C:\Windows\System\mBTNIYf.exe
  C:\Windows\System\mBTNIYf.exe
  2⤵
  PID:9440
- C:\Windows\System\xYnsFyd.exe
  C:\Windows\System\xYnsFyd.exe
  2⤵
  PID:9456
- C:\Windows\System\lvlyTwY.exe
  C:\Windows\System\lvlyTwY.exe
  2⤵
  PID:9488
- C:\Windows\System\SRjdlnC.exe
  C:\Windows\System\SRjdlnC.exe
  2⤵
  PID:9560
- C:\Windows\System\KCtfouV.exe
  C:\Windows\System\KCtfouV.exe
  2⤵
  PID:9500
- C:\Windows\System\YHZQyBI.exe
  C:\Windows\System\YHZQyBI.exe
  2⤵
  PID:9600
- C:\Windows\System\MfqrUmE.exe
  C:\Windows\System\MfqrUmE.exe
  2⤵
  PID:9624
- C:\Windows\System\OmQjDKI.exe
  C:\Windows\System\OmQjDKI.exe
  2⤵
  PID:9680
- C:\Windows\System\mVMXszY.exe
  C:\Windows\System\mVMXszY.exe
  2⤵
  PID:9700
- C:\Windows\System\qtUkZob.exe
  C:\Windows\System\qtUkZob.exe
  2⤵
  PID:9756
- C:\Windows\System\LHUsnma.exe
  C:\Windows\System\LHUsnma.exe
  2⤵
  PID:9768
- C:\Windows\System\JxKEpdc.exe
  C:\Windows\System\JxKEpdc.exe
  2⤵
  PID:9780
- C:\Windows\System\KTbYQJp.exe
  C:\Windows\System\KTbYQJp.exe
  2⤵
  PID:9824
- C:\Windows\System\PVJbSHo.exe
  C:\Windows\System\PVJbSHo.exe
  2⤵
  PID:9844
- C:\Windows\System\IIrdupG.exe
  C:\Windows\System\IIrdupG.exe
  2⤵
  PID:9868
- C:\Windows\System\tDaywCM.exe
  C:\Windows\System\tDaywCM.exe
  2⤵
  PID:9908
- C:\Windows\System\YrUMPmb.exe
  C:\Windows\System\YrUMPmb.exe
  2⤵
  PID:9952
- C:\Windows\System\zTeVImf.exe
  C:\Windows\System\zTeVImf.exe
  2⤵
  PID:9992
- C:\Windows\System\UVNIZtM.exe
  C:\Windows\System\UVNIZtM.exe
  2⤵
  PID:10048
- C:\Windows\System\LrHbonn.exe
  C:\Windows\System\LrHbonn.exe
  2⤵
  PID:10012
- C:\Windows\System\ZAqcyNh.exe
  C:\Windows\System\ZAqcyNh.exe
  2⤵
  PID:10140
- C:\Windows\System\XRDrvHG.exe
  C:\Windows\System\XRDrvHG.exe
  2⤵
  PID:10176
- C:\Windows\System\pryXCeF.exe
  C:\Windows\System\pryXCeF.exe
  2⤵
  PID:10196
- C:\Windows\System\GgCXynP.exe
  C:\Windows\System\GgCXynP.exe
  2⤵
  PID:10124
- C:\Windows\System\RNfIsec.exe
  C:\Windows\System\RNfIsec.exe
  2⤵
  PID:10212
- C:\Windows\System\oVORizo.exe
  C:\Windows\System\oVORizo.exe
  2⤵
  PID:8376
- C:\Windows\System\dDlcqMb.exe
  C:\Windows\System\dDlcqMb.exe
  2⤵
  PID:9288
- C:\Windows\System\iTcfePX.exe
  C:\Windows\System\iTcfePX.exe
  2⤵
  PID:9320
- C:\Windows\System\TTNOpYt.exe
  C:\Windows\System\TTNOpYt.exe
  2⤵
  PID:9388
- C:\Windows\System\XwEAiFp.exe
  C:\Windows\System\XwEAiFp.exe
  2⤵
  PID:9460
- C:\Windows\System\oVyMlfN.exe
  C:\Windows\System\oVyMlfN.exe
  2⤵
  PID:9484
- C:\Windows\System\puCsqMv.exe
  C:\Windows\System\puCsqMv.exe
  2⤵
  PID:9556
- C:\Windows\System\apMQjKO.exe
  C:\Windows\System\apMQjKO.exe
  2⤵
  PID:9608
- C:\Windows\System\ROlvUTG.exe
  C:\Windows\System\ROlvUTG.exe
  2⤵
  PID:9620
- C:\Windows\System\NEcbuwp.exe
  C:\Windows\System\NEcbuwp.exe
  2⤵
  PID:9776
- C:\Windows\System\SIPvxYP.exe
  C:\Windows\System\SIPvxYP.exe
  2⤵
  PID:9864
- C:\Windows\System\mHxJtJQ.exe
  C:\Windows\System\mHxJtJQ.exe
  2⤵
  PID:10020
- C:\Windows\System\DrgjRIx.exe
  C:\Windows\System\DrgjRIx.exe
  2⤵
  PID:9716
- C:\Windows\System\PtAXiBs.exe
  C:\Windows\System\PtAXiBs.exe
  2⤵
  PID:10112
- C:\Windows\System\VQgbxzp.exe
  C:\Windows\System\VQgbxzp.exe
  2⤵
  PID:10004
- C:\Windows\System\nnqhQXE.exe
  C:\Windows\System\nnqhQXE.exe
  2⤵
  PID:10220
- C:\Windows\System\MRkLoTp.exe
  C:\Windows\System\MRkLoTp.exe
  2⤵
  PID:10060
- C:\Windows\System\mArggic.exe
  C:\Windows\System\mArggic.exe
  2⤵
  PID:9940
- C:\Windows\System\FcoFprr.exe
  C:\Windows\System\FcoFprr.exe
  2⤵
  PID:10232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BDRsURu.exe

Filesize
6.0MB

MD5
8f1b0dcd05210a74388e4743a71e6bf7

SHA1
396348544e10949f6268575605f143082dcc6c5b

SHA256
7e7f2b1c90864d708a0369a8aa6de646868ec1609903b4f8a1f971cb532a4f0b

SHA512
f810f1a1990bfda834b529440dabe2844a0ccb1f187ad4ee238fa1ea356a0f0a7d642a8efce188aa406822dda9036aef8a1ded184091869b6dc90de3a8c47af3

Download Submit
C:\Windows\system\FRydpkF.exe

Filesize
6.0MB

MD5
faca090069f7ac0ffa228e720474e017

SHA1
b4f3ac4694b494fdfed8638095aa073899e19e0f

SHA256
48a87798992d5dc2769d31412669f0a4ae0ea22ac3b084666244a9404f5e99f6

SHA512
3575cd22aacfb65a8f80b5adf1f3769781171cc2fc02ab717b9c6d7dd49706b220217d2fea8a072cfc9bacb27a2a773fe42dfd729d3f17a80cd7a525bd26f4e5

Download Submit
C:\Windows\system\GHkyFYU.exe

Filesize
6.0MB

MD5
3afdddabec01816250671855b784404b

SHA1
b4b80cddda0fdf22aef67223a8558e12eeb49ab7

SHA256
3ae726e3070dfb13d0ce8dfe1384f853787ffa8f320b774960b4e3255fdda3fd

SHA512
4217f229e95626ba624b59abd97be0653d609ac46fe79adde15d5912817a1e6a5f0b96cf012b19fb3135e69ad76d788c19d69ef51ca2822c412a8e9028c0cde7

Download Submit
C:\Windows\system\OFIASGS.exe

Filesize
6.0MB

MD5
4f1e12472ef4339f472400b40e9e401b

SHA1
1a142c4f2b041f23ca77a475f7e0cfa7af055f18

SHA256
2346326e32f6fc74486b590de54a83b9b28b7ade8778781eb1dbc5ec49b74e74

SHA512
42039cd9553c45beb9f3b15d953145d8dfc40bf1e3f6359103cd641254e11dc4bc7f36e0ef1b8c39d5efaf4c4495e8a16792b3e8269b70ad7928c5ac78f72887

Download Submit
C:\Windows\system\QKFFTLt.exe

Filesize
6.0MB

MD5
0023ee14a0b33070d1570a569ad490c1

SHA1
bd6731cdae31e61755374364f789fddf5152d0ea

SHA256
b843b29670a19165ef4102c406dde58f6b58281d6c15e4a8ddc3ca032254f798

SHA512
6a9e3c6ee2d54d91178c530fd0a49743f11fa9e1e2cc02ca7eb95b746a60efc978fff39e312c59e33f0a0121c6702075d59b7e4331510873c766fcc00dae5754

Download Submit
C:\Windows\system\RUuAMkK.exe

Filesize
6.0MB

MD5
0c1959c53037a4cb0812ced145f7f8ab

SHA1
da80656b3d04d1de8b210603bc2cd547b04044ab

SHA256
a88f3d350b56d40e7caf5b75724c2828e0b7d6a0f07c98fca94b7fc1a103d428

SHA512
78f9fa75a1a68e92c2d17a3c4bcb96c198cc69042ca30b4d6da3d1f2da5d421e06c681f29d428c79426349f7e62e18467a8e1f472202ebe24ee32e72efe68255

Download Submit
C:\Windows\system\SOoXpVc.exe

Filesize
6.0MB

MD5
ae8e378809e3233f4f7b727e88a1d1c4

SHA1
40f28d0cb2b2fc7ec0381172860fa080de40eff1

SHA256
c865222e3a23021ed7a9bafef15128174d6ea842e5b66e8a915d8f6e5a216841

SHA512
44d087330933e2c5c4b96dc6bfa6618c1b625b6e29b9a7bee4de18fe27ab11e7730272dea150be44f7f215a83652ab5c9e0df8b681028c50c921891d6fe7d4a1

Download Submit
C:\Windows\system\Xtkxmyu.exe

Filesize
6.0MB

MD5
8f6f14acb1dd247ba42e23c63731b3dc

SHA1
be2d5e66c5abe3ea232a4276d3547dde17c8fe17

SHA256
662520269e75dfe34ebcacd2df5770a9d7fcade91860d52b3bfdad0eb9e6fc1b

SHA512
03b11922f5a36cae6483de401a287f98601d58f4591cdc4b730a7aa030d167627f77ae4882ba5f72ad25469b46f9459832f52384fa41a2670b291ab81f06ad3d

Download Submit
C:\Windows\system\ZXIRZIb.exe

Filesize
6.0MB

MD5
9929c0aa7fc235f365498b50ed9f7869

SHA1
b0d7d485278940d4db2e03cd7dfaa42c050fe337

SHA256
03ba73a4a57c118d602780f6da2fd2e6950566254975945a325f6a9c10c082f7

SHA512
8127fce9ab7e83bef6afb45d23bcd5e0767e8e9eba0c522c48a4cb1be0e7c1ccd44e3e9d70a00e89349149b9f11f3996a184a419f7acd94f8f8702e7638a1eaf

Download Submit
C:\Windows\system\ZtvjFeH.exe

Filesize
6.0MB

MD5
4ee3d686d476bc0277a31731583bd7a9

SHA1
0ac066859c016eb994eb74f867c279de631e39f1

SHA256
9600d92ce034bfb8ee545cdea95ec2f3966b6bfcaaf3b37d8e842fbc2ac51284

SHA512
52f8661f4e498e18afabe197462431d1475640a54bb5beb8d5e53fa7b33c7e31aa80d660b0436283d6f102e6a102f4ca8df121706f1bc32a64a4990d821bd596

Download Submit
C:\Windows\system\alSxwyy.exe

Filesize
6.0MB

MD5
9074f1c0d1645aa0819f9767a4e96fa3

SHA1
c8c0ebc5b14fe8905f79cbf8f0f9d6db710779f5

SHA256
fe11d56f737bd83f033eea7d1b6615022237e37bd58d1d0c4c9af82c498f5c12

SHA512
40f215109cfdb42f40500c074942e1d63387aab36fe2627a4355ef776f49603e506548af47c25ebbe4664aec471cdb14c623a9c0e059e893898fe5283cebd7d7

Download Submit
C:\Windows\system\bYEwcSe.exe

Filesize
6.0MB

MD5
d4b23ee16ea7643b1172d6299b675a12

SHA1
76be0ca8fb03782acfadbd21ab2ebb95bf35c5a5

SHA256
f26b8a1c36ed2c3f147f4818b4d8b5d4e78d624ccc23df9bebfbd340625d86d1

SHA512
6d9a0252893abcaeb21f34885532faeedb03cbd1f5618f2165fa35b533b463927bce0db00248112b444eb42101557952ce81dea7a921a16dd168f8b1bc9fc299

Download Submit
C:\Windows\system\eksiZqJ.exe

Filesize
6.0MB

MD5
dbeea034a4ec4b2688cbc3d68bfded8e

SHA1
7478bb2918168785c10adea21b65bfd02a13de31

SHA256
d4c62e2fe248c42575315564617226b1ea607add85894dc0f667b3ca1a0a2417

SHA512
022f8e877298642b25d22b22b211d65807c4e83068860a68d765cbc2e6c95499a77a0e40f54b603f2b4f5059d2a0201900669b5bd26f093432364e8ad208f788

Download Submit
C:\Windows\system\enyOwcE.exe

Filesize
6.0MB

MD5
86511e41264a169662008abbbf35f5c4

SHA1
69e6e692411c75360d042587163bf59f17b4eac1

SHA256
ad2ae1d5d5c97b2d7927e503c66a320e15a47f91cd073384137e14942b93cf5a

SHA512
707cc72136e11ed466ffddb41bab9e088025b2135970dd66a8f8e2a6066161c3308e98bfe3aacb0e83f0c614fc8a03ae5abe5c5d851cd27e692ad56c71a5534e

Download Submit
C:\Windows\system\fkkzmaQ.exe

Filesize
6.0MB

MD5
91eee2c9b69fd4678394b436c0798085

SHA1
b6072efeac1c27516c9db2bc27b4e6ad3a30960e

SHA256
03f5700db6e6df7f62109016a8c2429a456f8a2d8c283879f30f095b867dcdad

SHA512
43c8b768dd8db3fb36ac079dfd9442b7aaba5cfb4502b17c01d456fb465ebd8c6357891f29e025c5be7bda4d9b56878dad714237e2f649c8d5134f1e401ec916

Download Submit
C:\Windows\system\izBcOkr.exe

Filesize
6.0MB

MD5
b588bf4374ef1e817180ea6c206a41a7

SHA1
fb1ba3a77f10bee43d84619d4fbc636d3386d631

SHA256
efb987f7670bbb508da8e9298646fe1a185a0414cc198d841f83afe67221c230

SHA512
73a5c4474e49c282b05db329148835c3fbfb1339d6c5a6d7111cea4ef55c0c808b50efe2ec08e65d9d9f96578b9c8bb68029fa587487a8e0821f136975098ae7

Download Submit
C:\Windows\system\kIKZqPD.exe

Filesize
6.0MB

MD5
3184750a84aa6fcd272a58cffe029a5d

SHA1
17172e1c9209a677b09057b5ee5c01b6fdba9f3b

SHA256
7f17be43b70e6ea7b82afbda26c2f84bc7b7a1966d0a861c56a0a3a74bc72e13

SHA512
24663afab937b28c548a38059bd701b69b4eefe3b1a3a7d5ef9a61b893423d867ade6afc95c252001ade94cfe0227c6b8b34d966a8a070c3ec2a43d2d1327fa1

Download Submit
C:\Windows\system\ksuFsfg.exe

Filesize
8B

MD5
3b74540ceddaf65d9f1f1ca304033726

SHA1
e02d3226df24817ff566397f78b1e3b263a843c5

SHA256
87ebeeb1e15130e5fa10b59fab928b6742dff4c2376d4eca4af81ce67d292540

SHA512
be11076ea38fe41b08db48b2cd5dccaa57cfb6e72481c93ca731be2f9699ed65afb9ee6394837842188840ee577bba7602ca63b9ccfbeb0a878cb7ae3b4a8f69

Download Submit
C:\Windows\system\lqqLcUv.exe

Filesize
6.0MB

MD5
2cf7afefba8c0cf15c020d41bb07a1d4

SHA1
0320487d8b82d545ea39559ae210efb251169454

SHA256
dcaa6933e2ec97dd1a36b67b1ee1f877e79a9ecd81025176089532c364627c9e

SHA512
3994cd46d31a31952720a004e54dd50b24e83c9f3ebc317306c190043b2e6367713c9a952e04cdcdc15c52009415b8858509e460951c612c8f972198f0c088d6

Download Submit
C:\Windows\system\oepMzGd.exe

Filesize
6.0MB

MD5
746da9e4aaa2394807ac5dfa72dbe2b1

SHA1
045a9287536a21a722b5d17c8e68708f188c1081

SHA256
3bed91e822a7ca63cf81a2e126e9664f987959a6aeabfabca1da1faa50bda2eb

SHA512
941e44f5b255e374dd3e47f7ac490aa42a36cfe2d38c24a7429530c9194d2b482681bb2f8e98fe4856a41fd367bff9ebec8ee19d2a787e0ed263a531f07c44f4

Download Submit
C:\Windows\system\peGyiMX.exe

Filesize
6.0MB

MD5
496b79b4487621d72264654de2ae11ba

SHA1
c40f5ba9c11800e6b2cc8a07d9e168bfd49a21c6

SHA256
510ca9a077b4a32a168253d49d0d4872bef848a1062ee6dbae306680f5eedb33

SHA512
daa6d0ab4544d8ef89392ac4056f38913416ad5eb20c89179941effa5cb6a3740c11bbfdd71c26fd97a4a7c0b0a2568627dcb9c754e20770571e0a3fd1e1e9c4

Download Submit
C:\Windows\system\ptTNtWR.exe

Filesize
6.0MB

MD5
8e7e32ed8a807673b03601da4ef54661

SHA1
9cbbef597f89163537beb593ecb3f1dadb0ffdec

SHA256
b99bb80dd3d398d1cf2593999b7e7b05b4e60ab239e34985888fe7c566773a02

SHA512
54cd09d25b433146f01710297e33b49545b40152740ca7880f2999988d97bc837a954ee58c5a6f7775d28ff5cfc62f249abe9bb2cc615735915433481acbd051

Download Submit
C:\Windows\system\qiChFfI.exe

Filesize
6.0MB

MD5
d459093e78bc3cadf57923a4fa27df30

SHA1
ea3f78fcbdc65fdbcd79c57589ff5fccf24fafb4

SHA256
a0dba3d1dee42612b6867ac42526a8ae2f67ef87209d065a46c0da6945b04f5c

SHA512
5ef81e9fb2b01ffcff74f891046fff27b4fec7c79fd9af682b956b8e6e4bd353d90ba6e890440d1b33018879e7d0a79441c289d1dfd572f750d629aefca6d2b4

Download Submit
C:\Windows\system\qtJlJqd.exe

Filesize
6.0MB

MD5
92ba8354df1fe13f0658c778b743372e

SHA1
bd2ddab6cb26c249f06612a33837f7dfa640a85c

SHA256
6967d22ea2346b15f2285e8a7344162b6b36202638de7a40dbb0baaa92f03403

SHA512
a2a81960f42fe9394f175f51e8bfcad556775105c7dd042e1b0cd2453bb63ae50e1dc6e3d75f48756e86b99b3964a75d1e5d3dabf266b3240892ee8c93d33ea1

Download Submit
C:\Windows\system\rvYgBho.exe

Filesize
6.0MB

MD5
15ae033da842ae626d9c5c28725f75bd

SHA1
85cbcf21b8c5bc2116719db5c99cd037476a6ed1

SHA256
29516729c0fa67b0b8df976044da231846d54493bb64bdd9e33d00146f128f47

SHA512
9763e5f815012d337b796061ca21fcb784b0d4171d10bfdebd96a7769c33d0219b18e1c6060eadc7ae3c1056a0ab722b015e6820179949b7a21747d9fb3cdb16

Download Submit
C:\Windows\system\rzSSncz.exe

Filesize
6.0MB

MD5
f18e848ba73a7dc6c4d24ac3a5a3541e

SHA1
a690df247f05d62e3e677fe08f77e73aa0be6ae7

SHA256
3a3decec3c1956548191fa5f7edb1737822d45841b3bfa8bc58a0dad6c05cb2c

SHA512
72682ec23651999d76ad7d4ec06d01f454d35f59983e847c3f5428d7d5bd9f6f3f1f228ed3b170bd5fdbd48e008c84950df5c771cd49abca47df58f1facbdb32

Download Submit
C:\Windows\system\rzTVktp.exe

Filesize
6.0MB

MD5
2bf7b11aa0ff11b522d5c4ed569200e9

SHA1
8bf6778029786afa5b5e4cf787f89f5cdb4b687d

SHA256
d971f94e0fa69174dd6e2bcf985c2353332c02dfe74e835e096dd7467b5d027e

SHA512
c03bbf4de715b99dfbad93c77d533ab6f410c51c1f8919a160b328ee7cc8cd40875d3e8030bf6b1018e9f8e806d609426e3015567d2e5d405f6b1578b1b36002

Download Submit
C:\Windows\system\sxVXuFX.exe

Filesize
6.0MB

MD5
7ab561ca549ade80a515e190902d921f

SHA1
4c4abf848659b52f788daab9188a3b12d9b61160

SHA256
a1b298ee008a128fe2d682cab331fdbea4f9acbec98005144d7a5c3b1e108fe2

SHA512
434939896d56c6c0a13bca6940b50042357e522c867316eacb328fc5d450076c5a968a3145cd800b138c6b7fb8d8f14e589aa1be2741a84b9b98e6b9d3161a64

Download Submit
C:\Windows\system\wTZxZKS.exe

Filesize
6.0MB

MD5
2ca10c02e81847f4d6638984a09f6d81

SHA1
1b336ebe496a3e5af92fd74b2eb30fb6245e4d09

SHA256
4aac6ebf22b549ed459fbc07852ccb389a90ebdc91fa26fe486436c4cb1b206a

SHA512
a4542908b5d43b817e7bf5b92476d81fa10fb347f412d798ded380665d578e5e6b18486c108d5a60a2fa28064803ab2d144d0ef578e277c0eb92f40710902690

Download Submit
C:\Windows\system\yWRvdow.exe

Filesize
6.0MB

MD5
ac26e46b2c8ba9595c79cf92040fea49

SHA1
fea2f7236c8c7301cd4eeabf65e827da1b576bfa

SHA256
531074ede42a4d629b66b58615325ae4369fa5ec1204463bcaed8168052f2c06

SHA512
1eacc2ae19cf95fe831bb7a790f3ee68c9fadbb46eb74fb5490606f9c20f1432291bfee3ac7f5a627eeede51691029aaaff1c9b8aea02ec583273bacb192be9f

Download Submit
\Windows\system\TmJyuHa.exe

Filesize
6.0MB

MD5
624205dd03e2b46a726a3b24e211a23a

SHA1
15f41c5720bcb11121ca0675288cfec4a6c2590d

SHA256
7a95ab41ff3ea127233adb134ad7f5258701fa796277336283200fe6ac159bfb

SHA512
4441b4b15fd083fb3d604569fe957d0921237bf8aea1431df339944df4691f773db3fb0c76b3927e83ae2f476a4900ee0f3e00ef179b94d0ef60615e64ec6f19

Download Submit
\Windows\system\uUggjSA.exe

Filesize
6.0MB

MD5
efba3cd3e68851e68ec4eef25b4d9bef

SHA1
2f9f6e232591a02173a30def23e9433766587e5a

SHA256
708f0d4200ba866a81ef2d470f5e6c5117ff105738a5666d055ef0374766f325

SHA512
a709eb49e824455112bc2356ebe11c47f53c79232af828c38324209ff6e06868bb4424c2f4fca6e927cc31055b61325ae1cf08119625bbf86809b3b207b43c59

Download Submit
\Windows\system\vwdEXic.exe

Filesize
6.0MB

MD5
90417cdb602e356d14127c01391e7e0e

SHA1
995e0b64402f91066cc923202e1be01d1c03bc2e

SHA256
b877fc3f739420b3314f64359b1b63e80bd03c80de670a52d232b7be34f161fb

SHA512
ee9d79efee3b53b023bf63c7ba05bbc0aa9d530ee5fb77facf36836b4b5d9fbbf6fe2f56b964c1159eb832e91b7aa5097470321b504156eaf9a6507038a685f7

Download Submit
memory/1800-3320-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-14-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-42-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-3349-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2168-74-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2168-36-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2332-65-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3330-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2332-28-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2364-15-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3327-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-57-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-3361-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-21-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-91-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3367-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2548-704-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2600-109-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1176-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3359-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3368-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2608-82-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2608-481-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2676-98-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3351-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-58-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3344-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2708-43-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2708-81-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2712-66-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-108-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3365-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2720-99-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2720-939-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3369-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2888-263-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2888-75-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3363-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2936-90-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3364-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-51-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-1057-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-47-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-54-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-62-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-70-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-35-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/3044-78-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/3044-31-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/3044-86-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-39-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/3044-94-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-95-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/3044-103-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-104-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-112-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-113-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/3044-368-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/3044-587-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-815-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/3044-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3044-1291-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/3044-17-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-24-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3044-6-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-1-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download