cobaltstrike | 9ae523a95619dcbcedbd1361ff11ee94dacb1aa894fd64d6d6c1277ccedefcc8

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

524a98d7ebd024ccda8f706e31f34570
SHA1

a9d79fa6c0f4f8f3ac61fffe8234ef991ae98d7d
SHA256

9ae523a95619dcbcedbd1361ff11ee94dacb1aa894fd64d6d6c1277ccedefcc8
SHA512

b294add9185a7587f18a430371c8a7a2b41bf7517d1bc37845c184e3e9898c26d2d5e8031a7fe3740512ea50138a924bf6deb34f44ee9cce3ea232fa0c2dd25c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019261-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001927a-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019299-20.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000192a1-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019358-35.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939f-39.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-44.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197e4-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a85-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b16-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c79-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c8f-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07f-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a077-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f77-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d98-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b4-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f62-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cc8-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c91-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b18-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019650-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964f-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019645-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a8-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019354-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2676-0-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-6.dat	xmrig
behavioral1/files/0x0007000000019261-11.dat	xmrig
behavioral1/files/0x000700000001927a-12.dat	xmrig
behavioral1/files/0x0006000000019299-20.dat	xmrig
behavioral1/files/0x00060000000192a1-25.dat	xmrig
behavioral1/files/0x0006000000019358-35.dat	xmrig
behavioral1/files/0x000700000001939f-39.dat	xmrig
behavioral1/files/0x0005000000019518-44.dat	xmrig
behavioral1/files/0x000500000001952b-54.dat	xmrig
behavioral1/files/0x0005000000019543-69.dat	xmrig
behavioral1/files/0x0005000000019647-84.dat	xmrig
behavioral1/files/0x00050000000197e4-99.dat	xmrig
behavioral1/files/0x0005000000019a85-104.dat	xmrig
behavioral1/files/0x0005000000019b16-109.dat	xmrig
behavioral1/files/0x0005000000019c79-119.dat	xmrig
behavioral1/files/0x0005000000019c8f-124.dat	xmrig
behavioral1/files/0x000500000001a07f-154.dat	xmrig
behavioral1/memory/2716-272-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2832-375-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2676-1173-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2716-1378-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/1020-4041-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2016-4059-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2716-4098-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2656-4037-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2644-4025-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2956-4023-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/408-4012-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2624-4009-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2728-4007-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2772-4006-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2840-4004-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2832-4001-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2824-4000-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2584-3991-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2956-373-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2016-371-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/408-369-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/1020-367-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2772-365-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2644-363-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2584-361-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2624-359-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2824-357-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2656-355-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2728-353-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2840-352-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x000500000001a077-157.dat	xmrig
behavioral1/files/0x0005000000019f77-149.dat	xmrig
behavioral1/files/0x0005000000019d98-140.dat	xmrig
behavioral1/files/0x000500000001a0b4-158.dat	xmrig
behavioral1/files/0x0005000000019f62-143.dat	xmrig
behavioral1/files/0x0005000000019cc8-134.dat	xmrig
behavioral1/files/0x0005000000019c91-129.dat	xmrig
behavioral1/files/0x0005000000019b18-114.dat	xmrig
behavioral1/files/0x0005000000019650-94.dat	xmrig
behavioral1/files/0x000500000001964f-89.dat	xmrig
behavioral1/files/0x0005000000019645-80.dat	xmrig
behavioral1/files/0x00050000000195a8-74.dat	xmrig
behavioral1/files/0x0005000000019535-64.dat	xmrig
behavioral1/files/0x000500000001952e-59.dat	xmrig
behavioral1/files/0x0005000000019520-49.dat	xmrig
behavioral1/files/0x0006000000019354-29.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2832	wgHUOpn.exe
2716	SkwMLSw.exe
2840	bkUNbVi.exe
2728	KpvxZcj.exe
2656	eOgbtJm.exe
2824	zljIfxC.exe
2624	CfxFawX.exe
2584	gRhxelc.exe
2644	abuUdAj.exe
2772	AfxFqHp.exe
1020	qagfVTD.exe
408	NMZjoJC.exe
2016	WdSdkEy.exe
2956	SAdNKbX.exe
2504	sokgTZz.exe
2432	ISiUlAO.exe
1692	DAXOXUJ.exe
532	SWuqWcX.exe
1100	YCENysZ.exe
1708	IpMZFoE.exe
1932	FPzsuIV.exe
1944	uueGVHL.exe
2224	wHheOsI.exe
2132	uzKhrCt.exe
1284	lOMTCVu.exe
1364	aadyoTG.exe
1700	hAphNkm.exe
1892	ocmOaud.exe
1980	qvhNBeM.exe
2352	PFWMtbh.exe
1168	vEkpPgU.exe
1896	ANWijsi.exe
476	yobnEAq.exe
2460	KSgkwrh.exe
1484	jsMcXte.exe
768	uCUypmL.exe
1400	IyVrpqr.exe
1292	GIKjTMO.exe
1308	pRQlGja.exe
2476	RJzibKy.exe
2000	wghrOIs.exe
1912	PNdBqlA.exe
600	aOPXNtM.exe
912	Nbjawku.exe
1228	FfDKAEi.exe
1808	TrkZMlo.exe
1788	NjlAuqS.exe
1312	rzRsPoO.exe
616	khZFirJ.exe
2200	RGSbZOM.exe
2488	zlCEPam.exe
2272	CJriXES.exe
2420	PEWtxkh.exe
1516	srmWJZx.exe
2976	zqeMoQw.exe
1720	ZZIszVo.exe
2360	OIYdgNO.exe
3032	ikDjyye.exe
2640	ZHLrQZo.exe
2056	UghjSdB.exe
2552	fBcprAb.exe
852	GTQwAxS.exe
592	IsUTLCJ.exe
1316	omAHFWY.exe

Loads dropped DLL 64 IoCs

pid	Process
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2676-0-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-6.dat	upx
behavioral1/files/0x0007000000019261-11.dat	upx
behavioral1/files/0x000700000001927a-12.dat	upx
behavioral1/files/0x0006000000019299-20.dat	upx
behavioral1/files/0x00060000000192a1-25.dat	upx
behavioral1/files/0x0006000000019358-35.dat	upx
behavioral1/files/0x000700000001939f-39.dat	upx
behavioral1/files/0x0005000000019518-44.dat	upx
behavioral1/files/0x000500000001952b-54.dat	upx
behavioral1/files/0x0005000000019543-69.dat	upx
behavioral1/files/0x0005000000019647-84.dat	upx
behavioral1/files/0x00050000000197e4-99.dat	upx
behavioral1/files/0x0005000000019a85-104.dat	upx
behavioral1/files/0x0005000000019b16-109.dat	upx
behavioral1/files/0x0005000000019c79-119.dat	upx
behavioral1/files/0x0005000000019c8f-124.dat	upx
behavioral1/files/0x000500000001a07f-154.dat	upx
behavioral1/memory/2716-272-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2832-375-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2676-1173-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2716-1378-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/1020-4041-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2016-4059-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2716-4098-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2656-4037-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2644-4025-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2956-4023-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/408-4012-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2624-4009-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2728-4007-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2772-4006-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2840-4004-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2832-4001-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2824-4000-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2584-3991-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2956-373-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2016-371-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/408-369-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/1020-367-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2772-365-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2644-363-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2584-361-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2624-359-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2824-357-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2656-355-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2728-353-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2840-352-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x000500000001a077-157.dat	upx
behavioral1/files/0x0005000000019f77-149.dat	upx
behavioral1/files/0x0005000000019d98-140.dat	upx
behavioral1/files/0x000500000001a0b4-158.dat	upx
behavioral1/files/0x0005000000019f62-143.dat	upx
behavioral1/files/0x0005000000019cc8-134.dat	upx
behavioral1/files/0x0005000000019c91-129.dat	upx
behavioral1/files/0x0005000000019b18-114.dat	upx
behavioral1/files/0x0005000000019650-94.dat	upx
behavioral1/files/0x000500000001964f-89.dat	upx
behavioral1/files/0x0005000000019645-80.dat	upx
behavioral1/files/0x00050000000195a8-74.dat	upx
behavioral1/files/0x0005000000019535-64.dat	upx
behavioral1/files/0x000500000001952e-59.dat	upx
behavioral1/files/0x0005000000019520-49.dat	upx
behavioral1/files/0x0006000000019354-29.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nvqurcY.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMFNHCl.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHWgdja.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfQKkci.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIyaSYu.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFUwSdY.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngDmLWy.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxFqkby.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIEPUri.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxzVlMS.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuFgUFq.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBtuMmT.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuOOvoK.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZjgzTj.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POCSqfc.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHeHbtc.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEsSlOz.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGFFNoE.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIEVuSG.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moTDzhN.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGkDYRs.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvpSTxU.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqvnNgd.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FunpKhV.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmEvvHP.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPbyQVb.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DkhGJwD.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPEBCpN.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIkJedR.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvFLbGF.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQvSnNh.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFmkQgp.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpIpZMC.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJnwFAD.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBbsTBZ.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzoTXkm.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEABBtx.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvuzOSS.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZqoRdL.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LegEhlH.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTmDDsA.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGtVKZc.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBLJjth.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxOZDUf.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIbtvbH.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYlJhzQ.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exuNTav.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgaIJli.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SajqJlw.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVlDpGm.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtLuGnU.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfAHOni.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjJIwCM.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEIFOKI.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUftxKd.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otuyOdl.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcoVzeW.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIkwEEf.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsLoLKm.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psEPNRf.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlCEPam.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEldPvy.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHZpdRC.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WiaBLht.exe	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2832	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2832	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2832	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2716	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2716	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2716	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2840	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2840	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2840	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2728	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 2728	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 2728	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 2656	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 2656	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 2656	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 2824	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2824	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2824	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2624	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 2624	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 2624	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 2584	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 2584	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 2584	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 2644	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2644	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2644	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2772	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 2772	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 2772	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 1020	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 1020	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 1020	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 408	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 408	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 408	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 2016	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2016	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2016	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2956	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 2956	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 2956	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 2504	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 2504	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 2504	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 2432	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 2432	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 2432	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 1692	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 1692	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 1692	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 532	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 532	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 532	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 1100	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 1100	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 1100	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 1708	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 1708	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 1708	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 1932	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 1932	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 1932	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 1944	2676	2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-20_524a98d7ebd024ccda8f706e31f34570_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\System\wgHUOpn.exe
  C:\Windows\System\wgHUOpn.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\SkwMLSw.exe
  C:\Windows\System\SkwMLSw.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\bkUNbVi.exe
  C:\Windows\System\bkUNbVi.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\KpvxZcj.exe
  C:\Windows\System\KpvxZcj.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\eOgbtJm.exe
  C:\Windows\System\eOgbtJm.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\zljIfxC.exe
  C:\Windows\System\zljIfxC.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\CfxFawX.exe
  C:\Windows\System\CfxFawX.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\gRhxelc.exe
  C:\Windows\System\gRhxelc.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\abuUdAj.exe
  C:\Windows\System\abuUdAj.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\AfxFqHp.exe
  C:\Windows\System\AfxFqHp.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\qagfVTD.exe
  C:\Windows\System\qagfVTD.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\NMZjoJC.exe
  C:\Windows\System\NMZjoJC.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\WdSdkEy.exe
  C:\Windows\System\WdSdkEy.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\SAdNKbX.exe
  C:\Windows\System\SAdNKbX.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\sokgTZz.exe
  C:\Windows\System\sokgTZz.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\ISiUlAO.exe
  C:\Windows\System\ISiUlAO.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\DAXOXUJ.exe
  C:\Windows\System\DAXOXUJ.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\SWuqWcX.exe
  C:\Windows\System\SWuqWcX.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\YCENysZ.exe
  C:\Windows\System\YCENysZ.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\IpMZFoE.exe
  C:\Windows\System\IpMZFoE.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\FPzsuIV.exe
  C:\Windows\System\FPzsuIV.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\uueGVHL.exe
  C:\Windows\System\uueGVHL.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\wHheOsI.exe
  C:\Windows\System\wHheOsI.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\uzKhrCt.exe
  C:\Windows\System\uzKhrCt.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\lOMTCVu.exe
  C:\Windows\System\lOMTCVu.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\aadyoTG.exe
  C:\Windows\System\aadyoTG.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\hAphNkm.exe
  C:\Windows\System\hAphNkm.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\ocmOaud.exe
  C:\Windows\System\ocmOaud.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\qvhNBeM.exe
  C:\Windows\System\qvhNBeM.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\PFWMtbh.exe
  C:\Windows\System\PFWMtbh.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\vEkpPgU.exe
  C:\Windows\System\vEkpPgU.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\wghrOIs.exe
  C:\Windows\System\wghrOIs.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\ANWijsi.exe
  C:\Windows\System\ANWijsi.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\PNdBqlA.exe
  C:\Windows\System\PNdBqlA.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\yobnEAq.exe
  C:\Windows\System\yobnEAq.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\aOPXNtM.exe
  C:\Windows\System\aOPXNtM.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\KSgkwrh.exe
  C:\Windows\System\KSgkwrh.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\Nbjawku.exe
  C:\Windows\System\Nbjawku.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\jsMcXte.exe
  C:\Windows\System\jsMcXte.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\FfDKAEi.exe
  C:\Windows\System\FfDKAEi.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\uCUypmL.exe
  C:\Windows\System\uCUypmL.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\TrkZMlo.exe
  C:\Windows\System\TrkZMlo.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\IyVrpqr.exe
  C:\Windows\System\IyVrpqr.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\NjlAuqS.exe
  C:\Windows\System\NjlAuqS.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\GIKjTMO.exe
  C:\Windows\System\GIKjTMO.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\rzRsPoO.exe
  C:\Windows\System\rzRsPoO.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\pRQlGja.exe
  C:\Windows\System\pRQlGja.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\khZFirJ.exe
  C:\Windows\System\khZFirJ.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\RJzibKy.exe
  C:\Windows\System\RJzibKy.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\RGSbZOM.exe
  C:\Windows\System\RGSbZOM.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\zlCEPam.exe
  C:\Windows\System\zlCEPam.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\zaZLISs.exe
  C:\Windows\System\zaZLISs.exe
  2⤵
  PID:1176
- C:\Windows\System\CJriXES.exe
  C:\Windows\System\CJriXES.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\zAXzFMl.exe
  C:\Windows\System\zAXzFMl.exe
  2⤵
  PID:1936
- C:\Windows\System\PEWtxkh.exe
  C:\Windows\System\PEWtxkh.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\BsITcHQ.exe
  C:\Windows\System\BsITcHQ.exe
  2⤵
  PID:1916
- C:\Windows\System\srmWJZx.exe
  C:\Windows\System\srmWJZx.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\ZMDBjKu.exe
  C:\Windows\System\ZMDBjKu.exe
  2⤵
  PID:888
- C:\Windows\System\zqeMoQw.exe
  C:\Windows\System\zqeMoQw.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\DtTpbtg.exe
  C:\Windows\System\DtTpbtg.exe
  2⤵
  PID:1604
- C:\Windows\System\ZZIszVo.exe
  C:\Windows\System\ZZIszVo.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\tlOygMJ.exe
  C:\Windows\System\tlOygMJ.exe
  2⤵
  PID:2828
- C:\Windows\System\OIYdgNO.exe
  C:\Windows\System\OIYdgNO.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\NytvlhC.exe
  C:\Windows\System\NytvlhC.exe
  2⤵
  PID:2848
- C:\Windows\System\ikDjyye.exe
  C:\Windows\System\ikDjyye.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\aRQHZqv.exe
  C:\Windows\System\aRQHZqv.exe
  2⤵
  PID:2524
- C:\Windows\System\ZHLrQZo.exe
  C:\Windows\System\ZHLrQZo.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\wbApzSj.exe
  C:\Windows\System\wbApzSj.exe
  2⤵
  PID:3052
- C:\Windows\System\UghjSdB.exe
  C:\Windows\System\UghjSdB.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\WeVEkuE.exe
  C:\Windows\System\WeVEkuE.exe
  2⤵
  PID:1508
- C:\Windows\System\fBcprAb.exe
  C:\Windows\System\fBcprAb.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\SruXTSg.exe
  C:\Windows\System\SruXTSg.exe
  2⤵
  PID:2508
- C:\Windows\System\GTQwAxS.exe
  C:\Windows\System\GTQwAxS.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\mjmDzjf.exe
  C:\Windows\System\mjmDzjf.exe
  2⤵
  PID:2256
- C:\Windows\System\IsUTLCJ.exe
  C:\Windows\System\IsUTLCJ.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\fmiAqyo.exe
  C:\Windows\System\fmiAqyo.exe
  2⤵
  PID:2216
- C:\Windows\System\omAHFWY.exe
  C:\Windows\System\omAHFWY.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\vEoytCY.exe
  C:\Windows\System\vEoytCY.exe
  2⤵
  PID:580
- C:\Windows\System\KsbAZnW.exe
  C:\Windows\System\KsbAZnW.exe
  2⤵
  PID:2320
- C:\Windows\System\kBfcMVA.exe
  C:\Windows\System\kBfcMVA.exe
  2⤵
  PID:2316
- C:\Windows\System\olBwnpf.exe
  C:\Windows\System\olBwnpf.exe
  2⤵
  PID:2296
- C:\Windows\System\BGafpYR.exe
  C:\Windows\System\BGafpYR.exe
  2⤵
  PID:1060
- C:\Windows\System\UvbbudE.exe
  C:\Windows\System\UvbbudE.exe
  2⤵
  PID:848
- C:\Windows\System\rGGbIdJ.exe
  C:\Windows\System\rGGbIdJ.exe
  2⤵
  PID:1680
- C:\Windows\System\WoCmjaj.exe
  C:\Windows\System\WoCmjaj.exe
  2⤵
  PID:1640
- C:\Windows\System\MRDSqfb.exe
  C:\Windows\System\MRDSqfb.exe
  2⤵
  PID:2324
- C:\Windows\System\SfDzZhl.exe
  C:\Windows\System\SfDzZhl.exe
  2⤵
  PID:2120
- C:\Windows\System\QoXOJJZ.exe
  C:\Windows\System\QoXOJJZ.exe
  2⤵
  PID:2852
- C:\Windows\System\xdZwVTZ.exe
  C:\Windows\System\xdZwVTZ.exe
  2⤵
  PID:1548
- C:\Windows\System\egujbHg.exe
  C:\Windows\System\egujbHg.exe
  2⤵
  PID:2992
- C:\Windows\System\EsVJkzt.exe
  C:\Windows\System\EsVJkzt.exe
  2⤵
  PID:2972
- C:\Windows\System\OxKARxD.exe
  C:\Windows\System\OxKARxD.exe
  2⤵
  PID:2684
- C:\Windows\System\EUiyiXx.exe
  C:\Windows\System\EUiyiXx.exe
  2⤵
  PID:2096
- C:\Windows\System\IIOSpzC.exe
  C:\Windows\System\IIOSpzC.exe
  2⤵
  PID:2612
- C:\Windows\System\oqhtdOq.exe
  C:\Windows\System\oqhtdOq.exe
  2⤵
  PID:2876
- C:\Windows\System\DmBUFrh.exe
  C:\Windows\System\DmBUFrh.exe
  2⤵
  PID:2240
- C:\Windows\System\KrtCUYB.exe
  C:\Windows\System\KrtCUYB.exe
  2⤵
  PID:2044
- C:\Windows\System\kgNqnmJ.exe
  C:\Windows\System\kgNqnmJ.exe
  2⤵
  PID:2068
- C:\Windows\System\OxBgkgh.exe
  C:\Windows\System\OxBgkgh.exe
  2⤵
  PID:2668
- C:\Windows\System\ltAZxus.exe
  C:\Windows\System\ltAZxus.exe
  2⤵
  PID:2556
- C:\Windows\System\EQDCCcz.exe
  C:\Windows\System\EQDCCcz.exe
  2⤵
  PID:2536
- C:\Windows\System\GGlwHWg.exe
  C:\Windows\System\GGlwHWg.exe
  2⤵
  PID:340
- C:\Windows\System\fpYFdJJ.exe
  C:\Windows\System\fpYFdJJ.exe
  2⤵
  PID:1920
- C:\Windows\System\JnVogAj.exe
  C:\Windows\System\JnVogAj.exe
  2⤵
  PID:2944
- C:\Windows\System\lWuyfQt.exe
  C:\Windows\System\lWuyfQt.exe
  2⤵
  PID:1952
- C:\Windows\System\hbfPGnd.exe
  C:\Windows\System\hbfPGnd.exe
  2⤵
  PID:3140
- C:\Windows\System\yVcAseI.exe
  C:\Windows\System\yVcAseI.exe
  2⤵
  PID:3156
- C:\Windows\System\SQfZsQO.exe
  C:\Windows\System\SQfZsQO.exe
  2⤵
  PID:3180
- C:\Windows\System\tGgEuZZ.exe
  C:\Windows\System\tGgEuZZ.exe
  2⤵
  PID:3196
- C:\Windows\System\yvutiQN.exe
  C:\Windows\System\yvutiQN.exe
  2⤵
  PID:3216
- C:\Windows\System\naabGDB.exe
  C:\Windows\System\naabGDB.exe
  2⤵
  PID:3232
- C:\Windows\System\oJFBjGn.exe
  C:\Windows\System\oJFBjGn.exe
  2⤵
  PID:3252
- C:\Windows\System\TEgHAGQ.exe
  C:\Windows\System\TEgHAGQ.exe
  2⤵
  PID:3272
- C:\Windows\System\CFmHSlE.exe
  C:\Windows\System\CFmHSlE.exe
  2⤵
  PID:3296
- C:\Windows\System\VBhaizD.exe
  C:\Windows\System\VBhaizD.exe
  2⤵
  PID:3312
- C:\Windows\System\jVubuFS.exe
  C:\Windows\System\jVubuFS.exe
  2⤵
  PID:3328
- C:\Windows\System\vblRQvn.exe
  C:\Windows\System\vblRQvn.exe
  2⤵
  PID:3344
- C:\Windows\System\DADKsrq.exe
  C:\Windows\System\DADKsrq.exe
  2⤵
  PID:3360
- C:\Windows\System\PgyuMeH.exe
  C:\Windows\System\PgyuMeH.exe
  2⤵
  PID:3380
- C:\Windows\System\VMJTUyZ.exe
  C:\Windows\System\VMJTUyZ.exe
  2⤵
  PID:3400
- C:\Windows\System\HORfMcv.exe
  C:\Windows\System\HORfMcv.exe
  2⤵
  PID:3416
- C:\Windows\System\IOuTGAA.exe
  C:\Windows\System\IOuTGAA.exe
  2⤵
  PID:3464
- C:\Windows\System\magNwwx.exe
  C:\Windows\System\magNwwx.exe
  2⤵
  PID:3480
- C:\Windows\System\IJhXuww.exe
  C:\Windows\System\IJhXuww.exe
  2⤵
  PID:3504
- C:\Windows\System\gsVfXQP.exe
  C:\Windows\System\gsVfXQP.exe
  2⤵
  PID:3520
- C:\Windows\System\JcSAclU.exe
  C:\Windows\System\JcSAclU.exe
  2⤵
  PID:3540
- C:\Windows\System\MANwcFU.exe
  C:\Windows\System\MANwcFU.exe
  2⤵
  PID:3560
- C:\Windows\System\QJGxEBm.exe
  C:\Windows\System\QJGxEBm.exe
  2⤵
  PID:3580
- C:\Windows\System\tqRVCpS.exe
  C:\Windows\System\tqRVCpS.exe
  2⤵
  PID:3600
- C:\Windows\System\KytTdSx.exe
  C:\Windows\System\KytTdSx.exe
  2⤵
  PID:3616
- C:\Windows\System\yHeHbtc.exe
  C:\Windows\System\yHeHbtc.exe
  2⤵
  PID:3640
- C:\Windows\System\IbgFtZD.exe
  C:\Windows\System\IbgFtZD.exe
  2⤵
  PID:3656
- C:\Windows\System\CzXJJMP.exe
  C:\Windows\System\CzXJJMP.exe
  2⤵
  PID:3672
- C:\Windows\System\zGWMFPy.exe
  C:\Windows\System\zGWMFPy.exe
  2⤵
  PID:3692
- C:\Windows\System\dJFaNUA.exe
  C:\Windows\System\dJFaNUA.exe
  2⤵
  PID:3712
- C:\Windows\System\IFcISBr.exe
  C:\Windows\System\IFcISBr.exe
  2⤵
  PID:3728
- C:\Windows\System\zGEIqbK.exe
  C:\Windows\System\zGEIqbK.exe
  2⤵
  PID:3744
- C:\Windows\System\gcbuCKv.exe
  C:\Windows\System\gcbuCKv.exe
  2⤵
  PID:3764
- C:\Windows\System\CrpiXwh.exe
  C:\Windows\System\CrpiXwh.exe
  2⤵
  PID:3800
- C:\Windows\System\qXVhAlu.exe
  C:\Windows\System\qXVhAlu.exe
  2⤵
  PID:3824
- C:\Windows\System\ZzrvcOt.exe
  C:\Windows\System\ZzrvcOt.exe
  2⤵
  PID:3844
- C:\Windows\System\VQanzyJ.exe
  C:\Windows\System\VQanzyJ.exe
  2⤵
  PID:3864
- C:\Windows\System\xrxAnFR.exe
  C:\Windows\System\xrxAnFR.exe
  2⤵
  PID:3880
- C:\Windows\System\EJpVttN.exe
  C:\Windows\System\EJpVttN.exe
  2⤵
  PID:3896
- C:\Windows\System\eeWiOop.exe
  C:\Windows\System\eeWiOop.exe
  2⤵
  PID:3920
- C:\Windows\System\wQeqFuP.exe
  C:\Windows\System\wQeqFuP.exe
  2⤵
  PID:3936
- C:\Windows\System\PlbEPxq.exe
  C:\Windows\System\PlbEPxq.exe
  2⤵
  PID:3952
- C:\Windows\System\YXThMSv.exe
  C:\Windows\System\YXThMSv.exe
  2⤵
  PID:3968
- C:\Windows\System\fKKmivb.exe
  C:\Windows\System\fKKmivb.exe
  2⤵
  PID:3988
- C:\Windows\System\RbzeGMg.exe
  C:\Windows\System\RbzeGMg.exe
  2⤵
  PID:4008
- C:\Windows\System\dGgNrjt.exe
  C:\Windows\System\dGgNrjt.exe
  2⤵
  PID:4028
- C:\Windows\System\lPMFIcA.exe
  C:\Windows\System\lPMFIcA.exe
  2⤵
  PID:4048
- C:\Windows\System\njtNgPJ.exe
  C:\Windows\System\njtNgPJ.exe
  2⤵
  PID:4076
- C:\Windows\System\YHQmztp.exe
  C:\Windows\System\YHQmztp.exe
  2⤵
  PID:2980
- C:\Windows\System\jMurlFS.exe
  C:\Windows\System\jMurlFS.exe
  2⤵
  PID:2924
- C:\Windows\System\eURykMx.exe
  C:\Windows\System\eURykMx.exe
  2⤵
  PID:1740
- C:\Windows\System\BlEcRCy.exe
  C:\Windows\System\BlEcRCy.exe
  2⤵
  PID:856
- C:\Windows\System\LLXAklY.exe
  C:\Windows\System\LLXAklY.exe
  2⤵
  PID:2456
- C:\Windows\System\qCiRfwM.exe
  C:\Windows\System\qCiRfwM.exe
  2⤵
  PID:1948
- C:\Windows\System\aGxLuRt.exe
  C:\Windows\System\aGxLuRt.exe
  2⤵
  PID:1584
- C:\Windows\System\CPCnKVZ.exe
  C:\Windows\System\CPCnKVZ.exe
  2⤵
  PID:2616
- C:\Windows\System\GwXmahg.exe
  C:\Windows\System\GwXmahg.exe
  2⤵
  PID:1908
- C:\Windows\System\hfAHOni.exe
  C:\Windows\System\hfAHOni.exe
  2⤵
  PID:2356
- C:\Windows\System\FPrXsXV.exe
  C:\Windows\System\FPrXsXV.exe
  2⤵
  PID:2144
- C:\Windows\System\SwEBqRg.exe
  C:\Windows\System\SwEBqRg.exe
  2⤵
  PID:3088
- C:\Windows\System\IkZTZei.exe
  C:\Windows\System\IkZTZei.exe
  2⤵
  PID:3104
- C:\Windows\System\ldHFGmw.exe
  C:\Windows\System\ldHFGmw.exe
  2⤵
  PID:3124
- C:\Windows\System\YsgsdDz.exe
  C:\Windows\System\YsgsdDz.exe
  2⤵
  PID:3164
- C:\Windows\System\ltkqFTX.exe
  C:\Windows\System\ltkqFTX.exe
  2⤵
  PID:3204
- C:\Windows\System\XRLMSHE.exe
  C:\Windows\System\XRLMSHE.exe
  2⤵
  PID:3244
- C:\Windows\System\DUHoYyY.exe
  C:\Windows\System\DUHoYyY.exe
  2⤵
  PID:3152
- C:\Windows\System\ktUHCfX.exe
  C:\Windows\System\ktUHCfX.exe
  2⤵
  PID:3224
- C:\Windows\System\UqfbkFr.exe
  C:\Windows\System\UqfbkFr.exe
  2⤵
  PID:3356
- C:\Windows\System\kPGuoEQ.exe
  C:\Windows\System\kPGuoEQ.exe
  2⤵
  PID:3264
- C:\Windows\System\rPDdKUp.exe
  C:\Windows\System\rPDdKUp.exe
  2⤵
  PID:3340
- C:\Windows\System\wRhUZQb.exe
  C:\Windows\System\wRhUZQb.exe
  2⤵
  PID:3408
- C:\Windows\System\KegbZjf.exe
  C:\Windows\System\KegbZjf.exe
  2⤵
  PID:3492
- C:\Windows\System\TBWtBvT.exe
  C:\Windows\System\TBWtBvT.exe
  2⤵
  PID:3532
- C:\Windows\System\eKmBmni.exe
  C:\Windows\System\eKmBmni.exe
  2⤵
  PID:3548
- C:\Windows\System\xTmDDsA.exe
  C:\Windows\System\xTmDDsA.exe
  2⤵
  PID:3556
- C:\Windows\System\HenuwJb.exe
  C:\Windows\System\HenuwJb.exe
  2⤵
  PID:3652
- C:\Windows\System\sIisaHz.exe
  C:\Windows\System\sIisaHz.exe
  2⤵
  PID:3752
- C:\Windows\System\NOskKoT.exe
  C:\Windows\System\NOskKoT.exe
  2⤵
  PID:3592
- C:\Windows\System\FFCWGIV.exe
  C:\Windows\System\FFCWGIV.exe
  2⤵
  PID:3664
- C:\Windows\System\koGgTcV.exe
  C:\Windows\System\koGgTcV.exe
  2⤵
  PID:3736
- C:\Windows\System\zpqfnIg.exe
  C:\Windows\System\zpqfnIg.exe
  2⤵
  PID:3776
- C:\Windows\System\YPbQSEu.exe
  C:\Windows\System\YPbQSEu.exe
  2⤵
  PID:3816
- C:\Windows\System\LYRWhxh.exe
  C:\Windows\System\LYRWhxh.exe
  2⤵
  PID:3788
- C:\Windows\System\rIopVTR.exe
  C:\Windows\System\rIopVTR.exe
  2⤵
  PID:3860
- C:\Windows\System\bGlyfHk.exe
  C:\Windows\System\bGlyfHk.exe
  2⤵
  PID:3892
- C:\Windows\System\Hyoisvy.exe
  C:\Windows\System\Hyoisvy.exe
  2⤵
  PID:3872
- C:\Windows\System\CRxlGdd.exe
  C:\Windows\System\CRxlGdd.exe
  2⤵
  PID:4036
- C:\Windows\System\mItIFQC.exe
  C:\Windows\System\mItIFQC.exe
  2⤵
  PID:3916
- C:\Windows\System\otuyOdl.exe
  C:\Windows\System\otuyOdl.exe
  2⤵
  PID:3948
- C:\Windows\System\LQRtYfP.exe
  C:\Windows\System\LQRtYfP.exe
  2⤵
  PID:4016
- C:\Windows\System\VDDhKFw.exe
  C:\Windows\System\VDDhKFw.exe
  2⤵
  PID:1956
- C:\Windows\System\ArKmuSP.exe
  C:\Windows\System\ArKmuSP.exe
  2⤵
  PID:1012
- C:\Windows\System\yOOsxto.exe
  C:\Windows\System\yOOsxto.exe
  2⤵
  PID:4060
- C:\Windows\System\SUhCBSF.exe
  C:\Windows\System\SUhCBSF.exe
  2⤵
  PID:2592
- C:\Windows\System\ZZzDKIo.exe
  C:\Windows\System\ZZzDKIo.exe
  2⤵
  PID:2396
- C:\Windows\System\TxKMcOP.exe
  C:\Windows\System\TxKMcOP.exe
  2⤵
  PID:2236
- C:\Windows\System\ajZACkK.exe
  C:\Windows\System\ajZACkK.exe
  2⤵
  PID:3132
- C:\Windows\System\jUKWYxo.exe
  C:\Windows\System\jUKWYxo.exe
  2⤵
  PID:3240
- C:\Windows\System\kbfCRUl.exe
  C:\Windows\System\kbfCRUl.exe
  2⤵
  PID:3024
- C:\Windows\System\mtmRoak.exe
  C:\Windows\System\mtmRoak.exe
  2⤵
  PID:3292
- C:\Windows\System\SjTgxnj.exe
  C:\Windows\System\SjTgxnj.exe
  2⤵
  PID:3260
- C:\Windows\System\SZlYNhY.exe
  C:\Windows\System\SZlYNhY.exe
  2⤵
  PID:1800
- C:\Windows\System\EqkVIhJ.exe
  C:\Windows\System\EqkVIhJ.exe
  2⤵
  PID:3772
- C:\Windows\System\TmVdBMR.exe
  C:\Windows\System\TmVdBMR.exe
  2⤵
  PID:3840
- C:\Windows\System\LLewzAr.exe
  C:\Windows\System\LLewzAr.exe
  2⤵
  PID:3120
- C:\Windows\System\qQIamUm.exe
  C:\Windows\System\qQIamUm.exe
  2⤵
  PID:3320
- C:\Windows\System\vmiLrwF.exe
  C:\Windows\System\vmiLrwF.exe
  2⤵
  PID:3304
- C:\Windows\System\YxPkSGG.exe
  C:\Windows\System\YxPkSGG.exe
  2⤵
  PID:3436
- C:\Windows\System\jYZvrDu.exe
  C:\Windows\System\jYZvrDu.exe
  2⤵
  PID:3452
- C:\Windows\System\ZEsSlOz.exe
  C:\Windows\System\ZEsSlOz.exe
  2⤵
  PID:928
- C:\Windows\System\jjKXQth.exe
  C:\Windows\System\jjKXQth.exe
  2⤵
  PID:3488
- C:\Windows\System\HIwebfq.exe
  C:\Windows\System\HIwebfq.exe
  2⤵
  PID:1872
- C:\Windows\System\rGuoBHV.exe
  C:\Windows\System\rGuoBHV.exe
  2⤵
  PID:3476
- C:\Windows\System\desvryN.exe
  C:\Windows\System\desvryN.exe
  2⤵
  PID:3760
- C:\Windows\System\MXjBCdw.exe
  C:\Windows\System\MXjBCdw.exe
  2⤵
  PID:2652
- C:\Windows\System\VgLZyUt.exe
  C:\Windows\System\VgLZyUt.exe
  2⤵
  PID:4064
- C:\Windows\System\QxsuXDe.exe
  C:\Windows\System\QxsuXDe.exe
  2⤵
  PID:3212
- C:\Windows\System\CiUdoYX.exe
  C:\Windows\System\CiUdoYX.exe
  2⤵
  PID:3980
- C:\Windows\System\MamAoun.exe
  C:\Windows\System\MamAoun.exe
  2⤵
  PID:3932
- C:\Windows\System\sCafWfl.exe
  C:\Windows\System\sCafWfl.exe
  2⤵
  PID:3704
- C:\Windows\System\qRxDCEp.exe
  C:\Windows\System\qRxDCEp.exe
  2⤵
  PID:3496
- C:\Windows\System\QrIkJJi.exe
  C:\Windows\System\QrIkJJi.exe
  2⤵
  PID:3684
- C:\Windows\System\TcoVzeW.exe
  C:\Windows\System\TcoVzeW.exe
  2⤵
  PID:3720
- C:\Windows\System\bMVLgAI.exe
  C:\Windows\System\bMVLgAI.exe
  2⤵
  PID:3740
- C:\Windows\System\XwIpYjp.exe
  C:\Windows\System\XwIpYjp.exe
  2⤵
  PID:4000
- C:\Windows\System\EQQGbUA.exe
  C:\Windows\System\EQQGbUA.exe
  2⤵
  PID:3784
- C:\Windows\System\vuXaopq.exe
  C:\Windows\System\vuXaopq.exe
  2⤵
  PID:4116
- C:\Windows\System\vLoCazy.exe
  C:\Windows\System\vLoCazy.exe
  2⤵
  PID:4132
- C:\Windows\System\JcnLfTH.exe
  C:\Windows\System\JcnLfTH.exe
  2⤵
  PID:4148
- C:\Windows\System\xlqRuha.exe
  C:\Windows\System\xlqRuha.exe
  2⤵
  PID:4172
- C:\Windows\System\UYLEHPc.exe
  C:\Windows\System\UYLEHPc.exe
  2⤵
  PID:4188
- C:\Windows\System\GzTcPlI.exe
  C:\Windows\System\GzTcPlI.exe
  2⤵
  PID:4212
- C:\Windows\System\nNAPyit.exe
  C:\Windows\System\nNAPyit.exe
  2⤵
  PID:4228
- C:\Windows\System\ZKKQdTN.exe
  C:\Windows\System\ZKKQdTN.exe
  2⤵
  PID:4244
- C:\Windows\System\rrakwJC.exe
  C:\Windows\System\rrakwJC.exe
  2⤵
  PID:4260
- C:\Windows\System\DoHsWib.exe
  C:\Windows\System\DoHsWib.exe
  2⤵
  PID:4276
- C:\Windows\System\EffKads.exe
  C:\Windows\System\EffKads.exe
  2⤵
  PID:4300
- C:\Windows\System\fUTfoSk.exe
  C:\Windows\System\fUTfoSk.exe
  2⤵
  PID:4324
- C:\Windows\System\JgZkkFq.exe
  C:\Windows\System\JgZkkFq.exe
  2⤵
  PID:4340
- C:\Windows\System\ktuhdLB.exe
  C:\Windows\System\ktuhdLB.exe
  2⤵
  PID:4356
- C:\Windows\System\rSsqMQJ.exe
  C:\Windows\System\rSsqMQJ.exe
  2⤵
  PID:4372
- C:\Windows\System\hoBNzEf.exe
  C:\Windows\System\hoBNzEf.exe
  2⤵
  PID:4392
- C:\Windows\System\YQUmqNL.exe
  C:\Windows\System\YQUmqNL.exe
  2⤵
  PID:4412
- C:\Windows\System\XtGehJs.exe
  C:\Windows\System\XtGehJs.exe
  2⤵
  PID:4436
- C:\Windows\System\lebVuYr.exe
  C:\Windows\System\lebVuYr.exe
  2⤵
  PID:4456
- C:\Windows\System\eVrNJeo.exe
  C:\Windows\System\eVrNJeo.exe
  2⤵
  PID:4476
- C:\Windows\System\UzAEvWa.exe
  C:\Windows\System\UzAEvWa.exe
  2⤵
  PID:4536
- C:\Windows\System\tpTxAth.exe
  C:\Windows\System\tpTxAth.exe
  2⤵
  PID:4552
- C:\Windows\System\KrDUuWU.exe
  C:\Windows\System\KrDUuWU.exe
  2⤵
  PID:4576
- C:\Windows\System\wzCwvRh.exe
  C:\Windows\System\wzCwvRh.exe
  2⤵
  PID:4592
- C:\Windows\System\MRkDxPW.exe
  C:\Windows\System\MRkDxPW.exe
  2⤵
  PID:4612
- C:\Windows\System\URpqfxj.exe
  C:\Windows\System\URpqfxj.exe
  2⤵
  PID:4628
- C:\Windows\System\noFnZwg.exe
  C:\Windows\System\noFnZwg.exe
  2⤵
  PID:4648
- C:\Windows\System\wGtVKZc.exe
  C:\Windows\System\wGtVKZc.exe
  2⤵
  PID:4676
- C:\Windows\System\wKEVnaG.exe
  C:\Windows\System\wKEVnaG.exe
  2⤵
  PID:4696
- C:\Windows\System\JsFlBXC.exe
  C:\Windows\System\JsFlBXC.exe
  2⤵
  PID:4712
- C:\Windows\System\jEUVxYT.exe
  C:\Windows\System\jEUVxYT.exe
  2⤵
  PID:4736
- C:\Windows\System\AjMbahr.exe
  C:\Windows\System\AjMbahr.exe
  2⤵
  PID:4752
- C:\Windows\System\OtzZEWY.exe
  C:\Windows\System\OtzZEWY.exe
  2⤵
  PID:4768
- C:\Windows\System\AbkFFDc.exe
  C:\Windows\System\AbkFFDc.exe
  2⤵
  PID:4784
- C:\Windows\System\rCoUgVv.exe
  C:\Windows\System\rCoUgVv.exe
  2⤵
  PID:4800
- C:\Windows\System\whslilS.exe
  C:\Windows\System\whslilS.exe
  2⤵
  PID:4820
- C:\Windows\System\DFUwSdY.exe
  C:\Windows\System\DFUwSdY.exe
  2⤵
  PID:4836
- C:\Windows\System\GBSdehm.exe
  C:\Windows\System\GBSdehm.exe
  2⤵
  PID:4860
- C:\Windows\System\XBLJjth.exe
  C:\Windows\System\XBLJjth.exe
  2⤵
  PID:4880
- C:\Windows\System\QXTImuN.exe
  C:\Windows\System\QXTImuN.exe
  2⤵
  PID:4900
- C:\Windows\System\nUvCxPr.exe
  C:\Windows\System\nUvCxPr.exe
  2⤵
  PID:4916
- C:\Windows\System\ZgTLwFt.exe
  C:\Windows\System\ZgTLwFt.exe
  2⤵
  PID:4932
- C:\Windows\System\yHsjrJh.exe
  C:\Windows\System\yHsjrJh.exe
  2⤵
  PID:4948
- C:\Windows\System\hoRLbHa.exe
  C:\Windows\System\hoRLbHa.exe
  2⤵
  PID:4964
- C:\Windows\System\bBbBFoL.exe
  C:\Windows\System\bBbBFoL.exe
  2⤵
  PID:4984
- C:\Windows\System\kSdoMdk.exe
  C:\Windows\System\kSdoMdk.exe
  2⤵
  PID:5004
- C:\Windows\System\bYyDjjQ.exe
  C:\Windows\System\bYyDjjQ.exe
  2⤵
  PID:5020
- C:\Windows\System\oamAKeh.exe
  C:\Windows\System\oamAKeh.exe
  2⤵
  PID:5036
- C:\Windows\System\jYhHjuR.exe
  C:\Windows\System\jYhHjuR.exe
  2⤵
  PID:5052
- C:\Windows\System\gVZLJFb.exe
  C:\Windows\System\gVZLJFb.exe
  2⤵
  PID:5084
- C:\Windows\System\xvdrtBb.exe
  C:\Windows\System\xvdrtBb.exe
  2⤵
  PID:5100
- C:\Windows\System\zRWxjCj.exe
  C:\Windows\System\zRWxjCj.exe
  2⤵
  PID:3288
- C:\Windows\System\zgvvMbj.exe
  C:\Windows\System\zgvvMbj.exe
  2⤵
  PID:2428
- C:\Windows\System\KACEYyC.exe
  C:\Windows\System\KACEYyC.exe
  2⤵
  PID:3960
- C:\Windows\System\mlTVKnA.exe
  C:\Windows\System\mlTVKnA.exe
  2⤵
  PID:3688
- C:\Windows\System\gZKaZte.exe
  C:\Windows\System\gZKaZte.exe
  2⤵
  PID:4108
- C:\Windows\System\WrrvcOw.exe
  C:\Windows\System\WrrvcOw.exe
  2⤵
  PID:4184
- C:\Windows\System\zJtALeS.exe
  C:\Windows\System\zJtALeS.exe
  2⤵
  PID:4256
- C:\Windows\System\PDfrAtK.exe
  C:\Windows\System\PDfrAtK.exe
  2⤵
  PID:296
- C:\Windows\System\DklzDTd.exe
  C:\Windows\System\DklzDTd.exe
  2⤵
  PID:4292
- C:\Windows\System\rgVslWY.exe
  C:\Windows\System\rgVslWY.exe
  2⤵
  PID:4332
- C:\Windows\System\gOSHHLG.exe
  C:\Windows\System\gOSHHLG.exe
  2⤵
  PID:4368
- C:\Windows\System\UYqodJU.exe
  C:\Windows\System\UYqodJU.exe
  2⤵
  PID:3372
- C:\Windows\System\FiYCroc.exe
  C:\Windows\System\FiYCroc.exe
  2⤵
  PID:4408
- C:\Windows\System\WBLqJiv.exe
  C:\Windows\System\WBLqJiv.exe
  2⤵
  PID:3796
- C:\Windows\System\rQmPQYl.exe
  C:\Windows\System\rQmPQYl.exe
  2⤵
  PID:3576
- C:\Windows\System\qlYXqOc.exe
  C:\Windows\System\qlYXqOc.exe
  2⤵
  PID:3448
- C:\Windows\System\xDfhdjX.exe
  C:\Windows\System\xDfhdjX.exe
  2⤵
  PID:4484
- C:\Windows\System\CjNOUJm.exe
  C:\Windows\System\CjNOUJm.exe
  2⤵
  PID:4236
- C:\Windows\System\thoTsrH.exe
  C:\Windows\System\thoTsrH.exe
  2⤵
  PID:4308
- C:\Windows\System\nrgsMBJ.exe
  C:\Windows\System\nrgsMBJ.exe
  2⤵
  PID:4380
- C:\Windows\System\UFwOkKZ.exe
  C:\Windows\System\UFwOkKZ.exe
  2⤵
  PID:4424
- C:\Windows\System\qBYLBdM.exe
  C:\Windows\System\qBYLBdM.exe
  2⤵
  PID:4468
- C:\Windows\System\CAgsjhv.exe
  C:\Windows\System\CAgsjhv.exe
  2⤵
  PID:4128
- C:\Windows\System\kJtQstA.exe
  C:\Windows\System\kJtQstA.exe
  2⤵
  PID:4528
- C:\Windows\System\nPQePck.exe
  C:\Windows\System\nPQePck.exe
  2⤵
  PID:4600
- C:\Windows\System\WMSYAYF.exe
  C:\Windows\System\WMSYAYF.exe
  2⤵
  PID:4684
- C:\Windows\System\fSyOTDa.exe
  C:\Windows\System\fSyOTDa.exe
  2⤵
  PID:4732
- C:\Windows\System\zAQRqWg.exe
  C:\Windows\System\zAQRqWg.exe
  2⤵
  PID:4796
- C:\Windows\System\KdBzxQT.exe
  C:\Windows\System\KdBzxQT.exe
  2⤵
  PID:1900
- C:\Windows\System\KXvxrFg.exe
  C:\Windows\System\KXvxrFg.exe
  2⤵
  PID:4944
- C:\Windows\System\jhIzHrY.exe
  C:\Windows\System\jhIzHrY.exe
  2⤵
  PID:4544
- C:\Windows\System\ffANCWM.exe
  C:\Windows\System\ffANCWM.exe
  2⤵
  PID:5048
- C:\Windows\System\ABgUKUm.exe
  C:\Windows\System\ABgUKUm.exe
  2⤵
  PID:4660
- C:\Windows\System\KUiXwVg.exe
  C:\Windows\System\KUiXwVg.exe
  2⤵
  PID:5092
- C:\Windows\System\zYuyVvk.exe
  C:\Windows\System\zYuyVvk.exe
  2⤵
  PID:4748
- C:\Windows\System\LsbTYSl.exe
  C:\Windows\System\LsbTYSl.exe
  2⤵
  PID:4856
- C:\Windows\System\rsrXOth.exe
  C:\Windows\System\rsrXOth.exe
  2⤵
  PID:4960
- C:\Windows\System\OvAjZxi.exe
  C:\Windows\System\OvAjZxi.exe
  2⤵
  PID:5028
- C:\Windows\System\EKfZFmI.exe
  C:\Windows\System\EKfZFmI.exe
  2⤵
  PID:3912
- C:\Windows\System\hlQhuhK.exe
  C:\Windows\System\hlQhuhK.exe
  2⤵
  PID:4180
- C:\Windows\System\IxevmiQ.exe
  C:\Windows\System\IxevmiQ.exe
  2⤵
  PID:3100
- C:\Windows\System\lAotTdY.exe
  C:\Windows\System\lAotTdY.exe
  2⤵
  PID:4068
- C:\Windows\System\iKNZNco.exe
  C:\Windows\System\iKNZNco.exe
  2⤵
  PID:3636
- C:\Windows\System\NNBKVlb.exe
  C:\Windows\System\NNBKVlb.exe
  2⤵
  PID:5064
- C:\Windows\System\fxlsiVW.exe
  C:\Windows\System\fxlsiVW.exe
  2⤵
  PID:5080
- C:\Windows\System\DPTEQDH.exe
  C:\Windows\System\DPTEQDH.exe
  2⤵
  PID:4844
- C:\Windows\System\CjYtSNi.exe
  C:\Windows\System\CjYtSNi.exe
  2⤵
  PID:2140
- C:\Windows\System\QDLSkqT.exe
  C:\Windows\System\QDLSkqT.exe
  2⤵
  PID:3392
- C:\Windows\System\dQHqHxi.exe
  C:\Windows\System\dQHqHxi.exe
  2⤵
  PID:3176
- C:\Windows\System\XoDmrDw.exe
  C:\Windows\System\XoDmrDw.exe
  2⤵
  PID:4104
- C:\Windows\System\OhrvRLH.exe
  C:\Windows\System\OhrvRLH.exe
  2⤵
  PID:4252
- C:\Windows\System\TyZvMlB.exe
  C:\Windows\System\TyZvMlB.exe
  2⤵
  PID:4512
- C:\Windows\System\EnllHje.exe
  C:\Windows\System\EnllHje.exe
  2⤵
  PID:4516
- C:\Windows\System\aXjWbps.exe
  C:\Windows\System\aXjWbps.exe
  2⤵
  PID:4472
- C:\Windows\System\MOsmWjl.exe
  C:\Windows\System\MOsmWjl.exe
  2⤵
  PID:4640
- C:\Windows\System\QEqQwZz.exe
  C:\Windows\System\QEqQwZz.exe
  2⤵
  PID:4792
- C:\Windows\System\TOjllYr.exe
  C:\Windows\System\TOjllYr.exe
  2⤵
  PID:4912
- C:\Windows\System\pOQIERn.exe
  C:\Windows\System\pOQIERn.exe
  2⤵
  PID:4816
- C:\Windows\System\nXvrfks.exe
  C:\Windows\System\nXvrfks.exe
  2⤵
  PID:5000
- C:\Windows\System\oHWoiAH.exe
  C:\Windows\System\oHWoiAH.exe
  2⤵
  PID:4500
- C:\Windows\System\AqLOjTs.exe
  C:\Windows\System\AqLOjTs.exe
  2⤵
  PID:4420
- C:\Windows\System\YqYBzKL.exe
  C:\Windows\System\YqYBzKL.exe
  2⤵
  PID:4156
- C:\Windows\System\PZAVLEF.exe
  C:\Windows\System\PZAVLEF.exe
  2⤵
  PID:4568
- C:\Windows\System\PRMQSFo.exe
  C:\Windows\System\PRMQSFo.exe
  2⤵
  PID:3108
- C:\Windows\System\xZxRhBU.exe
  C:\Windows\System\xZxRhBU.exe
  2⤵
  PID:4656
- C:\Windows\System\QJKSJuc.exe
  C:\Windows\System\QJKSJuc.exe
  2⤵
  PID:4868
- C:\Windows\System\tNqhMvf.exe
  C:\Windows\System\tNqhMvf.exe
  2⤵
  PID:3512
- C:\Windows\System\altHEEI.exe
  C:\Windows\System\altHEEI.exe
  2⤵
  PID:4204
- C:\Windows\System\MbOWqXO.exe
  C:\Windows\System\MbOWqXO.exe
  2⤵
  PID:4316
- C:\Windows\System\keRgplL.exe
  C:\Windows\System\keRgplL.exe
  2⤵
  PID:4024
- C:\Windows\System\cLuZzOA.exe
  C:\Windows\System\cLuZzOA.exe
  2⤵
  PID:3632
- C:\Windows\System\bvGNwGF.exe
  C:\Windows\System\bvGNwGF.exe
  2⤵
  PID:4808
- C:\Windows\System\xZuZNzq.exe
  C:\Windows\System\xZuZNzq.exe
  2⤵
  PID:4224
- C:\Windows\System\hUIiczy.exe
  C:\Windows\System\hUIiczy.exe
  2⤵
  PID:4928
- C:\Windows\System\Fggtcpf.exe
  C:\Windows\System\Fggtcpf.exe
  2⤵
  PID:4584
- C:\Windows\System\nvqurcY.exe
  C:\Windows\System\nvqurcY.exe
  2⤵
  PID:4464
- C:\Windows\System\bbyTHYN.exe
  C:\Windows\System\bbyTHYN.exe
  2⤵
  PID:4636
- C:\Windows\System\dqnVfLH.exe
  C:\Windows\System\dqnVfLH.exe
  2⤵
  PID:5016
- C:\Windows\System\EtUvQWR.exe
  C:\Windows\System\EtUvQWR.exe
  2⤵
  PID:4668
- C:\Windows\System\WupKaUn.exe
  C:\Windows\System\WupKaUn.exe
  2⤵
  PID:3096
- C:\Windows\System\OzoTXkm.exe
  C:\Windows\System\OzoTXkm.exe
  2⤵
  PID:4040
- C:\Windows\System\FYOcMrQ.exe
  C:\Windows\System\FYOcMrQ.exe
  2⤵
  PID:4160
- C:\Windows\System\achFGpd.exe
  C:\Windows\System\achFGpd.exe
  2⤵
  PID:4312
- C:\Windows\System\SEIedRj.exe
  C:\Windows\System\SEIedRj.exe
  2⤵
  PID:3964
- C:\Windows\System\lfJBbCT.exe
  C:\Windows\System\lfJBbCT.exe
  2⤵
  PID:5128
- C:\Windows\System\hpGAEwU.exe
  C:\Windows\System\hpGAEwU.exe
  2⤵
  PID:5144
- C:\Windows\System\eUsFHFc.exe
  C:\Windows\System\eUsFHFc.exe
  2⤵
  PID:5164
- C:\Windows\System\kNLgwZy.exe
  C:\Windows\System\kNLgwZy.exe
  2⤵
  PID:5184
- C:\Windows\System\kHbswRT.exe
  C:\Windows\System\kHbswRT.exe
  2⤵
  PID:5200
- C:\Windows\System\JzdUQLp.exe
  C:\Windows\System\JzdUQLp.exe
  2⤵
  PID:5220
- C:\Windows\System\HMSqQPN.exe
  C:\Windows\System\HMSqQPN.exe
  2⤵
  PID:5236
- C:\Windows\System\aFbsLWv.exe
  C:\Windows\System\aFbsLWv.exe
  2⤵
  PID:5252
- C:\Windows\System\dpPZuSs.exe
  C:\Windows\System\dpPZuSs.exe
  2⤵
  PID:5272
- C:\Windows\System\QUTGmwM.exe
  C:\Windows\System\QUTGmwM.exe
  2⤵
  PID:5292
- C:\Windows\System\xgthtDE.exe
  C:\Windows\System\xgthtDE.exe
  2⤵
  PID:5312
- C:\Windows\System\hGNYkQg.exe
  C:\Windows\System\hGNYkQg.exe
  2⤵
  PID:5332
- C:\Windows\System\FpFhdxC.exe
  C:\Windows\System\FpFhdxC.exe
  2⤵
  PID:5348
- C:\Windows\System\dgWlqwS.exe
  C:\Windows\System\dgWlqwS.exe
  2⤵
  PID:5364
- C:\Windows\System\BjOGMnC.exe
  C:\Windows\System\BjOGMnC.exe
  2⤵
  PID:5380
- C:\Windows\System\WPSJGPT.exe
  C:\Windows\System\WPSJGPT.exe
  2⤵
  PID:5396
- C:\Windows\System\XEqxlxG.exe
  C:\Windows\System\XEqxlxG.exe
  2⤵
  PID:5412
- C:\Windows\System\IiQWjWh.exe
  C:\Windows\System\IiQWjWh.exe
  2⤵
  PID:5428
- C:\Windows\System\OBHojhO.exe
  C:\Windows\System\OBHojhO.exe
  2⤵
  PID:5444
- C:\Windows\System\PLTflxi.exe
  C:\Windows\System\PLTflxi.exe
  2⤵
  PID:5464
- C:\Windows\System\QtbjsaH.exe
  C:\Windows\System\QtbjsaH.exe
  2⤵
  PID:5488
- C:\Windows\System\nFaufEX.exe
  C:\Windows\System\nFaufEX.exe
  2⤵
  PID:5504
- C:\Windows\System\yNxQCzM.exe
  C:\Windows\System\yNxQCzM.exe
  2⤵
  PID:5524
- C:\Windows\System\kaZWkLE.exe
  C:\Windows\System\kaZWkLE.exe
  2⤵
  PID:5540
- C:\Windows\System\VOdlaKl.exe
  C:\Windows\System\VOdlaKl.exe
  2⤵
  PID:5556
- C:\Windows\System\TqjdZfc.exe
  C:\Windows\System\TqjdZfc.exe
  2⤵
  PID:5572
- C:\Windows\System\uPeKHDY.exe
  C:\Windows\System\uPeKHDY.exe
  2⤵
  PID:5588
- C:\Windows\System\VZTiNtm.exe
  C:\Windows\System\VZTiNtm.exe
  2⤵
  PID:5604
- C:\Windows\System\FIqYNzl.exe
  C:\Windows\System\FIqYNzl.exe
  2⤵
  PID:5620
- C:\Windows\System\hZtTnOp.exe
  C:\Windows\System\hZtTnOp.exe
  2⤵
  PID:5636
- C:\Windows\System\eDEcuIO.exe
  C:\Windows\System\eDEcuIO.exe
  2⤵
  PID:5652
- C:\Windows\System\MPlgVRQ.exe
  C:\Windows\System\MPlgVRQ.exe
  2⤵
  PID:5668
- C:\Windows\System\GGpqoCj.exe
  C:\Windows\System\GGpqoCj.exe
  2⤵
  PID:5684
- C:\Windows\System\QPMgiGL.exe
  C:\Windows\System\QPMgiGL.exe
  2⤵
  PID:5700
- C:\Windows\System\FjrFUWS.exe
  C:\Windows\System\FjrFUWS.exe
  2⤵
  PID:5716
- C:\Windows\System\CXZUjMu.exe
  C:\Windows\System\CXZUjMu.exe
  2⤵
  PID:5732
- C:\Windows\System\VpyKZVc.exe
  C:\Windows\System\VpyKZVc.exe
  2⤵
  PID:5748
- C:\Windows\System\BTnCyKf.exe
  C:\Windows\System\BTnCyKf.exe
  2⤵
  PID:5764
- C:\Windows\System\HGRTMBv.exe
  C:\Windows\System\HGRTMBv.exe
  2⤵
  PID:5780
- C:\Windows\System\jVgNNlD.exe
  C:\Windows\System\jVgNNlD.exe
  2⤵
  PID:5796
- C:\Windows\System\hiOQwtD.exe
  C:\Windows\System\hiOQwtD.exe
  2⤵
  PID:5820
- C:\Windows\System\YpwxkQs.exe
  C:\Windows\System\YpwxkQs.exe
  2⤵
  PID:5836
- C:\Windows\System\InzHZAY.exe
  C:\Windows\System\InzHZAY.exe
  2⤵
  PID:5852
- C:\Windows\System\lIkwEEf.exe
  C:\Windows\System\lIkwEEf.exe
  2⤵
  PID:5868
- C:\Windows\System\SOUwIzs.exe
  C:\Windows\System\SOUwIzs.exe
  2⤵
  PID:5884
- C:\Windows\System\eRApirU.exe
  C:\Windows\System\eRApirU.exe
  2⤵
  PID:5904
- C:\Windows\System\RzHIFLi.exe
  C:\Windows\System\RzHIFLi.exe
  2⤵
  PID:5920
- C:\Windows\System\YUxViZf.exe
  C:\Windows\System\YUxViZf.exe
  2⤵
  PID:5936
- C:\Windows\System\tlgDzzL.exe
  C:\Windows\System\tlgDzzL.exe
  2⤵
  PID:5952
- C:\Windows\System\xhQcwcB.exe
  C:\Windows\System\xhQcwcB.exe
  2⤵
  PID:5968
- C:\Windows\System\rgSGHgC.exe
  C:\Windows\System\rgSGHgC.exe
  2⤵
  PID:5988
- C:\Windows\System\GzKNVei.exe
  C:\Windows\System\GzKNVei.exe
  2⤵
  PID:6004
- C:\Windows\System\zoDYGWK.exe
  C:\Windows\System\zoDYGWK.exe
  2⤵
  PID:6020
- C:\Windows\System\PqitlpW.exe
  C:\Windows\System\PqitlpW.exe
  2⤵
  PID:6036
- C:\Windows\System\lIrpPKC.exe
  C:\Windows\System\lIrpPKC.exe
  2⤵
  PID:6052
- C:\Windows\System\waFRwtN.exe
  C:\Windows\System\waFRwtN.exe
  2⤵
  PID:6068
- C:\Windows\System\XAsgTuf.exe
  C:\Windows\System\XAsgTuf.exe
  2⤵
  PID:6084
- C:\Windows\System\PbQBfOu.exe
  C:\Windows\System\PbQBfOu.exe
  2⤵
  PID:6100
- C:\Windows\System\rcEMptK.exe
  C:\Windows\System\rcEMptK.exe
  2⤵
  PID:6116
- C:\Windows\System\vkbQAJp.exe
  C:\Windows\System\vkbQAJp.exe
  2⤵
  PID:6132
- C:\Windows\System\GnJjZkc.exe
  C:\Windows\System\GnJjZkc.exe
  2⤵
  PID:4572
- C:\Windows\System\idZZkfv.exe
  C:\Windows\System\idZZkfv.exe
  2⤵
  PID:4644
- C:\Windows\System\oVuwmFV.exe
  C:\Windows\System\oVuwmFV.exe
  2⤵
  PID:5096
- C:\Windows\System\afSjiKR.exe
  C:\Windows\System\afSjiKR.exe
  2⤵
  PID:2724
- C:\Windows\System\HIwbRMw.exe
  C:\Windows\System\HIwbRMw.exe
  2⤵
  PID:5116
- C:\Windows\System\TmtPRiC.exe
  C:\Windows\System\TmtPRiC.exe
  2⤵
  PID:4996
- C:\Windows\System\EimCejt.exe
  C:\Windows\System\EimCejt.exe
  2⤵
  PID:1608
- C:\Windows\System\YqyjKUD.exe
  C:\Windows\System\YqyjKUD.exe
  2⤵
  PID:2932
- C:\Windows\System\bMVcLVV.exe
  C:\Windows\System\bMVcLVV.exe
  2⤵
  PID:2836
- C:\Windows\System\xiAxgjx.exe
  C:\Windows\System\xiAxgjx.exe
  2⤵
  PID:2720
- C:\Windows\System\eIzfGqz.exe
  C:\Windows\System\eIzfGqz.exe
  2⤵
  PID:5136
- C:\Windows\System\JpBTgqP.exe
  C:\Windows\System\JpBTgqP.exe
  2⤵
  PID:4908
- C:\Windows\System\tkMnqRO.exe
  C:\Windows\System\tkMnqRO.exe
  2⤵
  PID:2660
- C:\Windows\System\eeTtamK.exe
  C:\Windows\System\eeTtamK.exe
  2⤵
  PID:5244
- C:\Windows\System\IeBvaDl.exe
  C:\Windows\System\IeBvaDl.exe
  2⤵
  PID:5288
- C:\Windows\System\KJsNnVP.exe
  C:\Windows\System\KJsNnVP.exe
  2⤵
  PID:5356
- C:\Windows\System\CjLxlFp.exe
  C:\Windows\System\CjLxlFp.exe
  2⤵
  PID:5420
- C:\Windows\System\jENojlm.exe
  C:\Windows\System\jENojlm.exe
  2⤵
  PID:5460
- C:\Windows\System\qArgcam.exe
  C:\Windows\System\qArgcam.exe
  2⤵
  PID:5532
- C:\Windows\System\iqkkoGF.exe
  C:\Windows\System\iqkkoGF.exe
  2⤵
  PID:5516
- C:\Windows\System\lbowXbP.exe
  C:\Windows\System\lbowXbP.exe
  2⤵
  PID:2864
- C:\Windows\System\BPtivWn.exe
  C:\Windows\System\BPtivWn.exe
  2⤵
  PID:5600
- C:\Windows\System\VjmnhlV.exe
  C:\Windows\System\VjmnhlV.exe
  2⤵
  PID:5660
- C:\Windows\System\pDbqxtF.exe
  C:\Windows\System\pDbqxtF.exe
  2⤵
  PID:5724
- C:\Windows\System\IvpSTxU.exe
  C:\Windows\System\IvpSTxU.exe
  2⤵
  PID:5612
- C:\Windows\System\zVPXLFq.exe
  C:\Windows\System\zVPXLFq.exe
  2⤵
  PID:4708
- C:\Windows\System\OKeVKan.exe
  C:\Windows\System\OKeVKan.exe
  2⤵
  PID:4760
- C:\Windows\System\tWjDjSR.exe
  C:\Windows\System\tWjDjSR.exe
  2⤵
  PID:4272
- C:\Windows\System\zKXqBoh.exe
  C:\Windows\System\zKXqBoh.exe
  2⤵
  PID:876
- C:\Windows\System\bylprqk.exe
  C:\Windows\System\bylprqk.exe
  2⤵
  PID:3944
- C:\Windows\System\IfYvLDP.exe
  C:\Windows\System\IfYvLDP.exe
  2⤵
  PID:5156
- C:\Windows\System\RQLEUAk.exe
  C:\Windows\System\RQLEUAk.exe
  2⤵
  PID:5228
- C:\Windows\System\ZoGFYhy.exe
  C:\Windows\System\ZoGFYhy.exe
  2⤵
  PID:5680
- C:\Windows\System\hZBZzWK.exe
  C:\Windows\System\hZBZzWK.exe
  2⤵
  PID:5344
- C:\Windows\System\lSCWNYM.exe
  C:\Windows\System\lSCWNYM.exe
  2⤵
  PID:5712
- C:\Windows\System\bSFOGDR.exe
  C:\Windows\System\bSFOGDR.exe
  2⤵
  PID:5472
- C:\Windows\System\ZVDaMem.exe
  C:\Windows\System\ZVDaMem.exe
  2⤵
  PID:5740
- C:\Windows\System\aBlsXBR.exe
  C:\Windows\System\aBlsXBR.exe
  2⤵
  PID:5892
- C:\Windows\System\AsZMBys.exe
  C:\Windows\System\AsZMBys.exe
  2⤵
  PID:5280
- C:\Windows\System\HqsmDjp.exe
  C:\Windows\System\HqsmDjp.exe
  2⤵
  PID:5500
- C:\Windows\System\vUphntn.exe
  C:\Windows\System\vUphntn.exe
  2⤵
  PID:5564
- C:\Windows\System\ezgxTNP.exe
  C:\Windows\System\ezgxTNP.exe
  2⤵
  PID:5616
- C:\Windows\System\KOVOrVw.exe
  C:\Windows\System\KOVOrVw.exe
  2⤵
  PID:5044
- C:\Windows\System\ArVOQVr.exe
  C:\Windows\System\ArVOQVr.exe
  2⤵
  PID:5304
- C:\Windows\System\BFkqkZI.exe
  C:\Windows\System\BFkqkZI.exe
  2⤵
  PID:5408
- C:\Windows\System\YOsPTmH.exe
  C:\Windows\System\YOsPTmH.exe
  2⤵
  PID:5788
- C:\Windows\System\CtXQCBH.exe
  C:\Windows\System\CtXQCBH.exe
  2⤵
  PID:5480
- C:\Windows\System\aJcipDh.exe
  C:\Windows\System\aJcipDh.exe
  2⤵
  PID:2032
- C:\Windows\System\vggIRVy.exe
  C:\Windows\System\vggIRVy.exe
  2⤵
  PID:2452
- C:\Windows\System\mAMYbwC.exe
  C:\Windows\System\mAMYbwC.exe
  2⤵
  PID:2152
- C:\Windows\System\sWAZVuL.exe
  C:\Windows\System\sWAZVuL.exe
  2⤵
  PID:5772
- C:\Windows\System\HjAQgoY.exe
  C:\Windows\System\HjAQgoY.exe
  2⤵
  PID:5812
- C:\Windows\System\DpZInjt.exe
  C:\Windows\System\DpZInjt.exe
  2⤵
  PID:5876
- C:\Windows\System\mCvKhhG.exe
  C:\Windows\System\mCvKhhG.exe
  2⤵
  PID:5944
- C:\Windows\System\jgwPCSt.exe
  C:\Windows\System\jgwPCSt.exe
  2⤵
  PID:5984
- C:\Windows\System\atKckNC.exe
  C:\Windows\System\atKckNC.exe
  2⤵
  PID:1748
- C:\Windows\System\MYCBkJB.exe
  C:\Windows\System\MYCBkJB.exe
  2⤵
  PID:6076
- C:\Windows\System\gQGbbst.exe
  C:\Windows\System\gQGbbst.exe
  2⤵
  PID:5960
- C:\Windows\System\dZXzHqI.exe
  C:\Windows\System\dZXzHqI.exe
  2⤵
  PID:2748
- C:\Windows\System\afDYVSe.exe
  C:\Windows\System\afDYVSe.exe
  2⤵
  PID:6128
- C:\Windows\System\hvztWdp.exe
  C:\Windows\System\hvztWdp.exe
  2⤵
  PID:4504
- C:\Windows\System\wWKQxFD.exe
  C:\Windows\System\wWKQxFD.exe
  2⤵
  PID:6112
- C:\Windows\System\gnSRRNT.exe
  C:\Windows\System\gnSRRNT.exe
  2⤵
  PID:4832
- C:\Windows\System\zseLsZi.exe
  C:\Windows\System\zseLsZi.exe
  2⤵
  PID:2812
- C:\Windows\System\akrlyDt.exe
  C:\Windows\System\akrlyDt.exe
  2⤵
  PID:5692
- C:\Windows\System\pJHzknn.exe
  C:\Windows\System\pJHzknn.exe
  2⤵
  PID:5124
- C:\Windows\System\BqsiMhd.exe
  C:\Windows\System\BqsiMhd.exe
  2⤵
  PID:2448
- C:\Windows\System\bGuNCkE.exe
  C:\Windows\System\bGuNCkE.exe
  2⤵
  PID:2160
- C:\Windows\System\Ltqyvin.exe
  C:\Windows\System\Ltqyvin.exe
  2⤵
  PID:5172
- C:\Windows\System\VcosjDY.exe
  C:\Windows\System\VcosjDY.exe
  2⤵
  PID:788
- C:\Windows\System\wwPDtaz.exe
  C:\Windows\System\wwPDtaz.exe
  2⤵
  PID:5452
- C:\Windows\System\HMqwRiP.exe
  C:\Windows\System\HMqwRiP.exe
  2⤵
  PID:4888
- C:\Windows\System\neZOfVt.exe
  C:\Windows\System\neZOfVt.exe
  2⤵
  PID:5580
- C:\Windows\System\HjxqHJO.exe
  C:\Windows\System\HjxqHJO.exe
  2⤵
  PID:5192
- C:\Windows\System\pIBTRQw.exe
  C:\Windows\System\pIBTRQw.exe
  2⤵
  PID:5708
- C:\Windows\System\DkhGJwD.exe
  C:\Windows\System\DkhGJwD.exe
  2⤵
  PID:5844
- C:\Windows\System\PTrJWJQ.exe
  C:\Windows\System\PTrJWJQ.exe
  2⤵
  PID:5804
- C:\Windows\System\oVoigIb.exe
  C:\Windows\System\oVoigIb.exe
  2⤵
  PID:2260
- C:\Windows\System\pYrMHxO.exe
  C:\Windows\System\pYrMHxO.exe
  2⤵
  PID:1696
- C:\Windows\System\zqObVlB.exe
  C:\Windows\System\zqObVlB.exe
  2⤵
  PID:4780
- C:\Windows\System\LFlqbwG.exe
  C:\Windows\System\LFlqbwG.exe
  2⤵
  PID:5260
- C:\Windows\System\Saubvzl.exe
  C:\Windows\System\Saubvzl.exe
  2⤵
  PID:1612
- C:\Windows\System\rJNEmlN.exe
  C:\Windows\System\rJNEmlN.exe
  2⤵
  PID:2484
- C:\Windows\System\gPYztpw.exe
  C:\Windows\System\gPYztpw.exe
  2⤵
  PID:5980
- C:\Windows\System\ERpLNyI.exe
  C:\Windows\System\ERpLNyI.exe
  2⤵
  PID:6160
- C:\Windows\System\KwfpJVH.exe
  C:\Windows\System\KwfpJVH.exe
  2⤵
  PID:6180
- C:\Windows\System\WtAmimM.exe
  C:\Windows\System\WtAmimM.exe
  2⤵
  PID:6196
- C:\Windows\System\WTYPCMe.exe
  C:\Windows\System\WTYPCMe.exe
  2⤵
  PID:6212
- C:\Windows\System\LBYOwHY.exe
  C:\Windows\System\LBYOwHY.exe
  2⤵
  PID:6232
- C:\Windows\System\AUWLSrr.exe
  C:\Windows\System\AUWLSrr.exe
  2⤵
  PID:6248
- C:\Windows\System\uvUdezc.exe
  C:\Windows\System\uvUdezc.exe
  2⤵
  PID:6268
- C:\Windows\System\gZoElSq.exe
  C:\Windows\System\gZoElSq.exe
  2⤵
  PID:6284
- C:\Windows\System\Idkfxou.exe
  C:\Windows\System\Idkfxou.exe
  2⤵
  PID:6304
- C:\Windows\System\iTfzwEz.exe
  C:\Windows\System\iTfzwEz.exe
  2⤵
  PID:6320
- C:\Windows\System\XNwfvAm.exe
  C:\Windows\System\XNwfvAm.exe
  2⤵
  PID:6348
- C:\Windows\System\FMIIhyc.exe
  C:\Windows\System\FMIIhyc.exe
  2⤵
  PID:6376
- C:\Windows\System\gmqMKmy.exe
  C:\Windows\System\gmqMKmy.exe
  2⤵
  PID:6396
- C:\Windows\System\GZFjOvI.exe
  C:\Windows\System\GZFjOvI.exe
  2⤵
  PID:6412
- C:\Windows\System\katXBQI.exe
  C:\Windows\System\katXBQI.exe
  2⤵
  PID:6428
- C:\Windows\System\LcrQieG.exe
  C:\Windows\System\LcrQieG.exe
  2⤵
  PID:6452
- C:\Windows\System\avofAUM.exe
  C:\Windows\System\avofAUM.exe
  2⤵
  PID:6472
- C:\Windows\System\kvzmGcy.exe
  C:\Windows\System\kvzmGcy.exe
  2⤵
  PID:6500
- C:\Windows\System\AXtrGXX.exe
  C:\Windows\System\AXtrGXX.exe
  2⤵
  PID:6520
- C:\Windows\System\ELwyRIW.exe
  C:\Windows\System\ELwyRIW.exe
  2⤵
  PID:6536
- C:\Windows\System\EdhyKgE.exe
  C:\Windows\System\EdhyKgE.exe
  2⤵
  PID:6552
- C:\Windows\System\FaRcApd.exe
  C:\Windows\System\FaRcApd.exe
  2⤵
  PID:6576
- C:\Windows\System\IeBefNA.exe
  C:\Windows\System\IeBefNA.exe
  2⤵
  PID:6596
- C:\Windows\System\aMVrHBI.exe
  C:\Windows\System\aMVrHBI.exe
  2⤵
  PID:6612
- C:\Windows\System\GjJIwCM.exe
  C:\Windows\System\GjJIwCM.exe
  2⤵
  PID:6672
- C:\Windows\System\LHpnUTO.exe
  C:\Windows\System\LHpnUTO.exe
  2⤵
  PID:6692
- C:\Windows\System\KCrqqPb.exe
  C:\Windows\System\KCrqqPb.exe
  2⤵
  PID:6716
- C:\Windows\System\KuOOvoK.exe
  C:\Windows\System\KuOOvoK.exe
  2⤵
  PID:6744
- C:\Windows\System\TTRbIFC.exe
  C:\Windows\System\TTRbIFC.exe
  2⤵
  PID:6768
- C:\Windows\System\UGHrrSs.exe
  C:\Windows\System\UGHrrSs.exe
  2⤵
  PID:6792
- C:\Windows\System\vmyYdoT.exe
  C:\Windows\System\vmyYdoT.exe
  2⤵
  PID:6808
- C:\Windows\System\TghnphB.exe
  C:\Windows\System\TghnphB.exe
  2⤵
  PID:6828
- C:\Windows\System\cRdZCFn.exe
  C:\Windows\System\cRdZCFn.exe
  2⤵
  PID:6844
- C:\Windows\System\fcbpnKZ.exe
  C:\Windows\System\fcbpnKZ.exe
  2⤵
  PID:6860
- C:\Windows\System\BjSotOh.exe
  C:\Windows\System\BjSotOh.exe
  2⤵
  PID:6876
- C:\Windows\System\FQkwEMF.exe
  C:\Windows\System\FQkwEMF.exe
  2⤵
  PID:6896
- C:\Windows\System\lulVHDe.exe
  C:\Windows\System\lulVHDe.exe
  2⤵
  PID:6912
- C:\Windows\System\WlpCsdW.exe
  C:\Windows\System\WlpCsdW.exe
  2⤵
  PID:6932
- C:\Windows\System\IsPDZGB.exe
  C:\Windows\System\IsPDZGB.exe
  2⤵
  PID:6952
- C:\Windows\System\FDzDZkc.exe
  C:\Windows\System\FDzDZkc.exe
  2⤵
  PID:6968
- C:\Windows\System\kWWepRA.exe
  C:\Windows\System\kWWepRA.exe
  2⤵
  PID:6988
- C:\Windows\System\FaMdwjj.exe
  C:\Windows\System\FaMdwjj.exe
  2⤵
  PID:7004
- C:\Windows\System\SlLCpXB.exe
  C:\Windows\System\SlLCpXB.exe
  2⤵
  PID:7048
- C:\Windows\System\KVxMBJB.exe
  C:\Windows\System\KVxMBJB.exe
  2⤵
  PID:7080
- C:\Windows\System\BLWVMVc.exe
  C:\Windows\System\BLWVMVc.exe
  2⤵
  PID:7096
- C:\Windows\System\ZALRzhL.exe
  C:\Windows\System\ZALRzhL.exe
  2⤵
  PID:7112
- C:\Windows\System\tJTuzYu.exe
  C:\Windows\System\tJTuzYu.exe
  2⤵
  PID:7128
- C:\Windows\System\eYVHeUn.exe
  C:\Windows\System\eYVHeUn.exe
  2⤵
  PID:7144
- C:\Windows\System\ZUbdFOe.exe
  C:\Windows\System\ZUbdFOe.exe
  2⤵
  PID:7160
- C:\Windows\System\ezYXqcE.exe
  C:\Windows\System\ezYXqcE.exe
  2⤵
  PID:2300
- C:\Windows\System\NZvQUmm.exe
  C:\Windows\System\NZvQUmm.exe
  2⤵
  PID:5916
- C:\Windows\System\yHmbqLS.exe
  C:\Windows\System\yHmbqLS.exe
  2⤵
  PID:6148
- C:\Windows\System\KWRyRfI.exe
  C:\Windows\System\KWRyRfI.exe
  2⤵
  PID:2284
- C:\Windows\System\vscPibg.exe
  C:\Windows\System\vscPibg.exe
  2⤵
  PID:6228
- C:\Windows\System\blrZyFc.exe
  C:\Windows\System\blrZyFc.exe
  2⤵
  PID:6296
- C:\Windows\System\imoBtfQ.exe
  C:\Windows\System\imoBtfQ.exe
  2⤵
  PID:6340
- C:\Windows\System\PYSbeqD.exe
  C:\Windows\System\PYSbeqD.exe
  2⤵
  PID:6388
- C:\Windows\System\xBppsBr.exe
  C:\Windows\System\xBppsBr.exe
  2⤵
  PID:6460
- C:\Windows\System\kIAmooc.exe
  C:\Windows\System\kIAmooc.exe
  2⤵
  PID:5484
- C:\Windows\System\vUGQbYh.exe
  C:\Windows\System\vUGQbYh.exe
  2⤵
  PID:6588
- C:\Windows\System\XpUGOCi.exe
  C:\Windows\System\XpUGOCi.exe
  2⤵
  PID:6016
- C:\Windows\System\isCaniG.exe
  C:\Windows\System\isCaniG.exe
  2⤵
  PID:6032
- C:\Windows\System\AEfPaPO.exe
  C:\Windows\System\AEfPaPO.exe
  2⤵
  PID:6092
- C:\Windows\System\sQbZCqz.exe
  C:\Windows\System\sQbZCqz.exe
  2⤵
  PID:1628
- C:\Windows\System\BOQevGT.exe
  C:\Windows\System\BOQevGT.exe
  2⤵
  PID:1972
- C:\Windows\System\uyhCgwh.exe
  C:\Windows\System\uyhCgwh.exe
  2⤵
  PID:6660
- C:\Windows\System\VOtRzAw.exe
  C:\Windows\System\VOtRzAw.exe
  2⤵
  PID:6704
- C:\Windows\System\isVuBxC.exe
  C:\Windows\System\isVuBxC.exe
  2⤵
  PID:6756
- C:\Windows\System\iJHtugn.exe
  C:\Windows\System\iJHtugn.exe
  2⤵
  PID:6836
- C:\Windows\System\bbVENGr.exe
  C:\Windows\System\bbVENGr.exe
  2⤵
  PID:6872
- C:\Windows\System\NOjihQU.exe
  C:\Windows\System\NOjihQU.exe
  2⤵
  PID:6904
- C:\Windows\System\hvURDTt.exe
  C:\Windows\System\hvURDTt.exe
  2⤵
  PID:5900
- C:\Windows\System\abkUvMv.exe
  C:\Windows\System\abkUvMv.exe
  2⤵
  PID:4268
- C:\Windows\System\letieuY.exe
  C:\Windows\System\letieuY.exe
  2⤵
  PID:2896
- C:\Windows\System\BKGcuOn.exe
  C:\Windows\System\BKGcuOn.exe
  2⤵
  PID:5744
- C:\Windows\System\Euennfi.exe
  C:\Windows\System\Euennfi.exe
  2⤵
  PID:4728
- C:\Windows\System\PGbeciB.exe
  C:\Windows\System\PGbeciB.exe
  2⤵
  PID:6204
- C:\Windows\System\tjCFppf.exe
  C:\Windows\System\tjCFppf.exe
  2⤵
  PID:6948
- C:\Windows\System\iPgGrSn.exe
  C:\Windows\System\iPgGrSn.exe
  2⤵
  PID:6244
- C:\Windows\System\RCvmiqH.exe
  C:\Windows\System\RCvmiqH.exe
  2⤵
  PID:6404
- C:\Windows\System\hMoEDaE.exe
  C:\Windows\System\hMoEDaE.exe
  2⤵
  PID:6488
- C:\Windows\System\xvFLbGF.exe
  C:\Windows\System\xvFLbGF.exe
  2⤵
  PID:7012
- C:\Windows\System\yCprLuq.exe
  C:\Windows\System\yCprLuq.exe
  2⤵
  PID:6728
- C:\Windows\System\VIcjJBu.exe
  C:\Windows\System\VIcjJBu.exe
  2⤵
  PID:6816
- C:\Windows\System\FHhWnac.exe
  C:\Windows\System\FHhWnac.exe
  2⤵
  PID:6892
- C:\Windows\System\BgbDdjT.exe
  C:\Windows\System\BgbDdjT.exe
  2⤵
  PID:6996
- C:\Windows\System\mkJttLX.exe
  C:\Windows\System\mkJttLX.exe
  2⤵
  PID:2268
- C:\Windows\System\qfPQFSZ.exe
  C:\Windows\System\qfPQFSZ.exe
  2⤵
  PID:2468
- C:\Windows\System\EEBaErm.exe
  C:\Windows\System\EEBaErm.exe
  2⤵
  PID:7088
- C:\Windows\System\WGjdnkD.exe
  C:\Windows\System\WGjdnkD.exe
  2⤵
  PID:7124
- C:\Windows\System\fmxEjrD.exe
  C:\Windows\System\fmxEjrD.exe
  2⤵
  PID:7156
- C:\Windows\System\ztHcixV.exe
  C:\Windows\System\ztHcixV.exe
  2⤵
  PID:5632
- C:\Windows\System\HESwcRO.exe
  C:\Windows\System\HESwcRO.exe
  2⤵
  PID:6424
- C:\Windows\System\MgMqTyr.exe
  C:\Windows\System\MgMqTyr.exe
  2⤵
  PID:6640
- C:\Windows\System\lzgpkFe.exe
  C:\Windows\System\lzgpkFe.exe
  2⤵
  PID:6712
- C:\Windows\System\ewyCVOv.exe
  C:\Windows\System\ewyCVOv.exe
  2⤵
  PID:1968
- C:\Windows\System\azoWaLB.exe
  C:\Windows\System\azoWaLB.exe
  2⤵
  PID:704
- C:\Windows\System\brMvnqj.exe
  C:\Windows\System\brMvnqj.exe
  2⤵
  PID:4448
- C:\Windows\System\QdlhYyR.exe
  C:\Windows\System\QdlhYyR.exe
  2⤵
  PID:6360
- C:\Windows\System\Hodmadi.exe
  C:\Windows\System\Hodmadi.exe
  2⤵
  PID:6176
- C:\Windows\System\CAAXUIC.exe
  C:\Windows\System\CAAXUIC.exe
  2⤵
  PID:6408
- C:\Windows\System\eFaRAWD.exe
  C:\Windows\System\eFaRAWD.exe
  2⤵
  PID:6800
- C:\Windows\System\bjQNAsU.exe
  C:\Windows\System\bjQNAsU.exe
  2⤵
  PID:6684
- C:\Windows\System\bTWmlEr.exe
  C:\Windows\System\bTWmlEr.exe
  2⤵
  PID:6852
- C:\Windows\System\FsngLiH.exe
  C:\Windows\System\FsngLiH.exe
  2⤵
  PID:2648
- C:\Windows\System\urjMxwO.exe
  C:\Windows\System\urjMxwO.exe
  2⤵
  PID:6372
- C:\Windows\System\KpzfkeH.exe
  C:\Windows\System\KpzfkeH.exe
  2⤵
  PID:7076
- C:\Windows\System\CzVggbf.exe
  C:\Windows\System\CzVggbf.exe
  2⤵
  PID:4564
- C:\Windows\System\kDhrDvW.exe
  C:\Windows\System\kDhrDvW.exe
  2⤵
  PID:6312
- C:\Windows\System\XGuoeEY.exe
  C:\Windows\System\XGuoeEY.exe
  2⤵
  PID:6364
- C:\Windows\System\iobkYen.exe
  C:\Windows\System\iobkYen.exe
  2⤵
  PID:6532
- C:\Windows\System\bafBaoH.exe
  C:\Windows\System\bafBaoH.exe
  2⤵
  PID:6572
- C:\Windows\System\YeSoSny.exe
  C:\Windows\System\YeSoSny.exe
  2⤵
  PID:6740
- C:\Windows\System\LPRBwwe.exe
  C:\Windows\System\LPRBwwe.exe
  2⤵
  PID:6788
- C:\Windows\System\EVSKXbh.exe
  C:\Windows\System\EVSKXbh.exe
  2⤵
  PID:7056
- C:\Windows\System\orXksvT.exe
  C:\Windows\System\orXksvT.exe
  2⤵
  PID:7136
- C:\Windows\System\QCqkVlh.exe
  C:\Windows\System\QCqkVlh.exe
  2⤵
  PID:7152
- C:\Windows\System\cYCwJnO.exe
  C:\Windows\System\cYCwJnO.exe
  2⤵
  PID:6060
- C:\Windows\System\tgaIJli.exe
  C:\Windows\System\tgaIJli.exe
  2⤵
  PID:6420
- C:\Windows\System\bQNEFvu.exe
  C:\Windows\System\bQNEFvu.exe
  2⤵
  PID:6624
- C:\Windows\System\kBmGZhD.exe
  C:\Windows\System\kBmGZhD.exe
  2⤵
  PID:6188
- C:\Windows\System\qqvnNgd.exe
  C:\Windows\System\qqvnNgd.exe
  2⤵
  PID:6508
- C:\Windows\System\gYTdUYn.exe
  C:\Windows\System\gYTdUYn.exe
  2⤵
  PID:6804
- C:\Windows\System\kzefAOn.exe
  C:\Windows\System\kzefAOn.exe
  2⤵
  PID:4432
- C:\Windows\System\zyrAbXd.exe
  C:\Windows\System\zyrAbXd.exe
  2⤵
  PID:6168
- C:\Windows\System\wtVSTyz.exe
  C:\Windows\System\wtVSTyz.exe
  2⤵
  PID:6484
- C:\Windows\System\UIRzznK.exe
  C:\Windows\System\UIRzznK.exe
  2⤵
  PID:7064
- C:\Windows\System\dcZMnEA.exe
  C:\Windows\System\dcZMnEA.exe
  2⤵
  PID:6652
- C:\Windows\System\IydhIzm.exe
  C:\Windows\System\IydhIzm.exe
  2⤵
  PID:6984
- C:\Windows\System\KespkFS.exe
  C:\Windows\System\KespkFS.exe
  2⤵
  PID:6884
- C:\Windows\System\ZdsdDYF.exe
  C:\Windows\System\ZdsdDYF.exe
  2⤵
  PID:7068
- C:\Windows\System\LXXUSaF.exe
  C:\Windows\System\LXXUSaF.exe
  2⤵
  PID:6048
- C:\Windows\System\dqvGWZQ.exe
  C:\Windows\System\dqvGWZQ.exe
  2⤵
  PID:6944
- C:\Windows\System\oMFNHCl.exe
  C:\Windows\System\oMFNHCl.exe
  2⤵
  PID:6528
- C:\Windows\System\oKGhJwv.exe
  C:\Windows\System\oKGhJwv.exe
  2⤵
  PID:6736
- C:\Windows\System\PwKXNdk.exe
  C:\Windows\System\PwKXNdk.exe
  2⤵
  PID:7108
- C:\Windows\System\akWdKuV.exe
  C:\Windows\System\akWdKuV.exe
  2⤵
  PID:6328
- C:\Windows\System\EBYEqeI.exe
  C:\Windows\System\EBYEqeI.exe
  2⤵
  PID:6468
- C:\Windows\System\vrbKFRA.exe
  C:\Windows\System\vrbKFRA.exe
  2⤵
  PID:6620
- C:\Windows\System\zkkrPfw.exe
  C:\Windows\System\zkkrPfw.exe
  2⤵
  PID:5152
- C:\Windows\System\WitdhJa.exe
  C:\Windows\System\WitdhJa.exe
  2⤵
  PID:5340
- C:\Windows\System\CRTUcBW.exe
  C:\Windows\System\CRTUcBW.exe
  2⤵
  PID:6480
- C:\Windows\System\kdcHDwx.exe
  C:\Windows\System\kdcHDwx.exe
  2⤵
  PID:2388
- C:\Windows\System\kHWgdja.exe
  C:\Windows\System\kHWgdja.exe
  2⤵
  PID:2304
- C:\Windows\System\RQHumxI.exe
  C:\Windows\System\RQHumxI.exe
  2⤵
  PID:1412
- C:\Windows\System\SsUdxQX.exe
  C:\Windows\System\SsUdxQX.exe
  2⤵
  PID:6940
- C:\Windows\System\ePumHNN.exe
  C:\Windows\System\ePumHNN.exe
  2⤵
  PID:2736
- C:\Windows\System\dHxsKwg.exe
  C:\Windows\System\dHxsKwg.exe
  2⤵
  PID:6964
- C:\Windows\System\liGLpvX.exe
  C:\Windows\System\liGLpvX.exe
  2⤵
  PID:2732
- C:\Windows\System\nWNChlJ.exe
  C:\Windows\System\nWNChlJ.exe
  2⤵
  PID:6336
- C:\Windows\System\UzeSpVY.exe
  C:\Windows\System\UzeSpVY.exe
  2⤵
  PID:6444
- C:\Windows\System\UWTZSBL.exe
  C:\Windows\System\UWTZSBL.exe
  2⤵
  PID:2620
- C:\Windows\System\wYntXSn.exe
  C:\Windows\System\wYntXSn.exe
  2⤵
  PID:6888
- C:\Windows\System\xxqyvXW.exe
  C:\Windows\System\xxqyvXW.exe
  2⤵
  PID:6780
- C:\Windows\System\WtyzHHM.exe
  C:\Windows\System\WtyzHHM.exe
  2⤵
  PID:5512
- C:\Windows\System\DUikcFX.exe
  C:\Windows\System\DUikcFX.exe
  2⤵
  PID:6124
- C:\Windows\System\jZMCSkD.exe
  C:\Windows\System\jZMCSkD.exe
  2⤵
  PID:6724
- C:\Windows\System\JEldPvy.exe
  C:\Windows\System\JEldPvy.exe
  2⤵
  PID:2148
- C:\Windows\System\LSPJsKj.exe
  C:\Windows\System\LSPJsKj.exe
  2⤵
  PID:7180
- C:\Windows\System\yQMlmIN.exe
  C:\Windows\System\yQMlmIN.exe
  2⤵
  PID:7208
- C:\Windows\System\RpZTtLw.exe
  C:\Windows\System\RpZTtLw.exe
  2⤵
  PID:7252
- C:\Windows\System\PjRHUZY.exe
  C:\Windows\System\PjRHUZY.exe
  2⤵
  PID:7268
- C:\Windows\System\lmsbKom.exe
  C:\Windows\System\lmsbKom.exe
  2⤵
  PID:7284
- C:\Windows\System\phLnGGe.exe
  C:\Windows\System\phLnGGe.exe
  2⤵
  PID:7300
- C:\Windows\System\vvcHzcd.exe
  C:\Windows\System\vvcHzcd.exe
  2⤵
  PID:7316
- C:\Windows\System\AsWgNdh.exe
  C:\Windows\System\AsWgNdh.exe
  2⤵
  PID:7332
- C:\Windows\System\qLpudRy.exe
  C:\Windows\System\qLpudRy.exe
  2⤵
  PID:7348
- C:\Windows\System\KyLmQxm.exe
  C:\Windows\System\KyLmQxm.exe
  2⤵
  PID:7364
- C:\Windows\System\YpjBKQL.exe
  C:\Windows\System\YpjBKQL.exe
  2⤵
  PID:7380
- C:\Windows\System\bxOZDUf.exe
  C:\Windows\System\bxOZDUf.exe
  2⤵
  PID:7396
- C:\Windows\System\AxeUrJj.exe
  C:\Windows\System\AxeUrJj.exe
  2⤵
  PID:7412
- C:\Windows\System\AeqdpBE.exe
  C:\Windows\System\AeqdpBE.exe
  2⤵
  PID:7428
- C:\Windows\System\GTuTJoD.exe
  C:\Windows\System\GTuTJoD.exe
  2⤵
  PID:7444
- C:\Windows\System\mnwekEZ.exe
  C:\Windows\System\mnwekEZ.exe
  2⤵
  PID:7460
- C:\Windows\System\WlnMifq.exe
  C:\Windows\System\WlnMifq.exe
  2⤵
  PID:7476
- C:\Windows\System\JGgrJCn.exe
  C:\Windows\System\JGgrJCn.exe
  2⤵
  PID:7492
- C:\Windows\System\NYrgjpC.exe
  C:\Windows\System\NYrgjpC.exe
  2⤵
  PID:7508
- C:\Windows\System\ohmsyGM.exe
  C:\Windows\System\ohmsyGM.exe
  2⤵
  PID:7524
- C:\Windows\System\YkvTRlJ.exe
  C:\Windows\System\YkvTRlJ.exe
  2⤵
  PID:7540
- C:\Windows\System\SkYbpWu.exe
  C:\Windows\System\SkYbpWu.exe
  2⤵
  PID:7556
- C:\Windows\System\LoTRmiG.exe
  C:\Windows\System\LoTRmiG.exe
  2⤵
  PID:7572
- C:\Windows\System\zbblDUB.exe
  C:\Windows\System\zbblDUB.exe
  2⤵
  PID:7588
- C:\Windows\System\DrKbVYi.exe
  C:\Windows\System\DrKbVYi.exe
  2⤵
  PID:7604
- C:\Windows\System\BEtjsol.exe
  C:\Windows\System\BEtjsol.exe
  2⤵
  PID:7620
- C:\Windows\System\LRiQsYL.exe
  C:\Windows\System\LRiQsYL.exe
  2⤵
  PID:7636
- C:\Windows\System\agGiUjW.exe
  C:\Windows\System\agGiUjW.exe
  2⤵
  PID:7652
- C:\Windows\System\KjVnwpm.exe
  C:\Windows\System\KjVnwpm.exe
  2⤵
  PID:7668
- C:\Windows\System\novlOIE.exe
  C:\Windows\System\novlOIE.exe
  2⤵
  PID:7684
- C:\Windows\System\iwcEWMq.exe
  C:\Windows\System\iwcEWMq.exe
  2⤵
  PID:7704
- C:\Windows\System\ABPVWkU.exe
  C:\Windows\System\ABPVWkU.exe
  2⤵
  PID:7720
- C:\Windows\System\UhZainZ.exe
  C:\Windows\System\UhZainZ.exe
  2⤵
  PID:7736
- C:\Windows\System\QHBPzjE.exe
  C:\Windows\System\QHBPzjE.exe
  2⤵
  PID:7752
- C:\Windows\System\RpmMQuB.exe
  C:\Windows\System\RpmMQuB.exe
  2⤵
  PID:7768
- C:\Windows\System\pizqbCC.exe
  C:\Windows\System\pizqbCC.exe
  2⤵
  PID:7784
- C:\Windows\System\DshAnES.exe
  C:\Windows\System\DshAnES.exe
  2⤵
  PID:7800
- C:\Windows\System\rOiUNea.exe
  C:\Windows\System\rOiUNea.exe
  2⤵
  PID:7816
- C:\Windows\System\LgEBMAw.exe
  C:\Windows\System\LgEBMAw.exe
  2⤵
  PID:7832
- C:\Windows\System\alFeBHv.exe
  C:\Windows\System\alFeBHv.exe
  2⤵
  PID:7848
- C:\Windows\System\iDFrbTQ.exe
  C:\Windows\System\iDFrbTQ.exe
  2⤵
  PID:7864
- C:\Windows\System\HcysLcz.exe
  C:\Windows\System\HcysLcz.exe
  2⤵
  PID:7880
- C:\Windows\System\PJHLXUT.exe
  C:\Windows\System\PJHLXUT.exe
  2⤵
  PID:7896
- C:\Windows\System\OqkYbKe.exe
  C:\Windows\System\OqkYbKe.exe
  2⤵
  PID:7912
- C:\Windows\System\YCLfIOB.exe
  C:\Windows\System\YCLfIOB.exe
  2⤵
  PID:7928
- C:\Windows\System\eLnKUmj.exe
  C:\Windows\System\eLnKUmj.exe
  2⤵
  PID:7944
- C:\Windows\System\JvHyXXy.exe
  C:\Windows\System\JvHyXXy.exe
  2⤵
  PID:7960
- C:\Windows\System\gSqSOZC.exe
  C:\Windows\System\gSqSOZC.exe
  2⤵
  PID:7976
- C:\Windows\System\uwQCMNJ.exe
  C:\Windows\System\uwQCMNJ.exe
  2⤵
  PID:7992
- C:\Windows\System\SfEeUNQ.exe
  C:\Windows\System\SfEeUNQ.exe
  2⤵
  PID:8092
- C:\Windows\System\mrUvtWZ.exe
  C:\Windows\System\mrUvtWZ.exe
  2⤵
  PID:8120
- C:\Windows\System\CSsmkco.exe
  C:\Windows\System\CSsmkco.exe
  2⤵
  PID:8144
- C:\Windows\System\ngDmLWy.exe
  C:\Windows\System\ngDmLWy.exe
  2⤵
  PID:8164
- C:\Windows\System\xnHGVzV.exe
  C:\Windows\System\xnHGVzV.exe
  2⤵
  PID:8184
- C:\Windows\System\pfwSxQZ.exe
  C:\Windows\System\pfwSxQZ.exe
  2⤵
  PID:5268
- C:\Windows\System\TGFFNoE.exe
  C:\Windows\System\TGFFNoE.exe
  2⤵
  PID:6608
- C:\Windows\System\VEIFOKI.exe
  C:\Windows\System\VEIFOKI.exe
  2⤵
  PID:1052
- C:\Windows\System\boDSIci.exe
  C:\Windows\System\boDSIci.exe
  2⤵
  PID:7172
- C:\Windows\System\anjXqqW.exe
  C:\Windows\System\anjXqqW.exe
  2⤵
  PID:1344
- C:\Windows\System\fmkAQZs.exe
  C:\Windows\System\fmkAQZs.exe
  2⤵
  PID:7220
- C:\Windows\System\ngRhiNi.exe
  C:\Windows\System\ngRhiNi.exe
  2⤵
  PID:7240
- C:\Windows\System\ehpOekP.exe
  C:\Windows\System\ehpOekP.exe
  2⤵
  PID:7264
- C:\Windows\System\KoKfKSQ.exe
  C:\Windows\System\KoKfKSQ.exe
  2⤵
  PID:7292
- C:\Windows\System\rAjtitu.exe
  C:\Windows\System\rAjtitu.exe
  2⤵
  PID:7356
- C:\Windows\System\dNTqChn.exe
  C:\Windows\System\dNTqChn.exe
  2⤵
  PID:7344
- C:\Windows\System\DbWcOQk.exe
  C:\Windows\System\DbWcOQk.exe
  2⤵
  PID:7376
- C:\Windows\System\GaRpPkY.exe
  C:\Windows\System\GaRpPkY.exe
  2⤵
  PID:7420
- C:\Windows\System\aIbtvbH.exe
  C:\Windows\System\aIbtvbH.exe
  2⤵
  PID:7436
- C:\Windows\System\AbhYUHw.exe
  C:\Windows\System\AbhYUHw.exe
  2⤵
  PID:7468
- C:\Windows\System\zHeujVV.exe
  C:\Windows\System\zHeujVV.exe
  2⤵
  PID:7680
- C:\Windows\System\vwhpAvq.exe
  C:\Windows\System\vwhpAvq.exe
  2⤵
  PID:544
- C:\Windows\System\rKJTxYn.exe
  C:\Windows\System\rKJTxYn.exe
  2⤵
  PID:7536
- C:\Windows\System\gRvcYaH.exe
  C:\Windows\System\gRvcYaH.exe
  2⤵
  PID:7632
- C:\Windows\System\OnXFELG.exe
  C:\Windows\System\OnXFELG.exe
  2⤵
  PID:7696
- C:\Windows\System\opZXjDs.exe
  C:\Windows\System\opZXjDs.exe
  2⤵
  PID:7748
- C:\Windows\System\rgmYQjH.exe
  C:\Windows\System\rgmYQjH.exe
  2⤵
  PID:7840
- C:\Windows\System\bNDSBGC.exe
  C:\Windows\System\bNDSBGC.exe
  2⤵
  PID:7728
- C:\Windows\System\HefpHCj.exe
  C:\Windows\System\HefpHCj.exe
  2⤵
  PID:7792
- C:\Windows\System\dliCkDG.exe
  C:\Windows\System\dliCkDG.exe
  2⤵
  PID:6924
- C:\Windows\System\bswAWRD.exe
  C:\Windows\System\bswAWRD.exe
  2⤵
  PID:7920
- C:\Windows\System\dHwyaMH.exe
  C:\Windows\System\dHwyaMH.exe
  2⤵
  PID:7924
- C:\Windows\System\NxrlkpN.exe
  C:\Windows\System\NxrlkpN.exe
  2⤵
  PID:7940
- C:\Windows\System\whAfvkL.exe
  C:\Windows\System\whAfvkL.exe
  2⤵
  PID:7036
- C:\Windows\System\QbQWvQX.exe
  C:\Windows\System\QbQWvQX.exe
  2⤵
  PID:7024
- C:\Windows\System\LqyxXIy.exe
  C:\Windows\System\LqyxXIy.exe
  2⤵
  PID:8008
- C:\Windows\System\kbSsacR.exe
  C:\Windows\System\kbSsacR.exe
  2⤵
  PID:8128
- C:\Windows\System\RjlrhtY.exe
  C:\Windows\System\RjlrhtY.exe
  2⤵
  PID:2604
- C:\Windows\System\zZjmFWg.exe
  C:\Windows\System\zZjmFWg.exe
  2⤵
  PID:7196
- C:\Windows\System\wIeXnOB.exe
  C:\Windows\System\wIeXnOB.exe
  2⤵
  PID:7224
- C:\Windows\System\lEgfcWQ.exe
  C:\Windows\System\lEgfcWQ.exe
  2⤵
  PID:7280
- C:\Windows\System\sPwLnYg.exe
  C:\Windows\System\sPwLnYg.exe
  2⤵
  PID:7388
- C:\Windows\System\SUpUMRh.exe
  C:\Windows\System\SUpUMRh.exe
  2⤵
  PID:1984
- C:\Windows\System\dNmtzTS.exe
  C:\Windows\System\dNmtzTS.exe
  2⤵
  PID:4620
- C:\Windows\System\rVIkJQg.exe
  C:\Windows\System\rVIkJQg.exe
  2⤵
  PID:7372
- C:\Windows\System\yswOCHm.exe
  C:\Windows\System\yswOCHm.exe
  2⤵
  PID:7456
- C:\Windows\System\yEHBJmL.exe
  C:\Windows\System\yEHBJmL.exe
  2⤵
  PID:6516
- C:\Windows\System\HrxWWiy.exe
  C:\Windows\System\HrxWWiy.exe
  2⤵
  PID:7520
- C:\Windows\System\AmgXDXa.exe
  C:\Windows\System\AmgXDXa.exe
  2⤵
  PID:7644
- C:\Windows\System\rgVgtBS.exe
  C:\Windows\System\rgVgtBS.exe
  2⤵
  PID:7568
- C:\Windows\System\tEbBPtV.exe
  C:\Windows\System\tEbBPtV.exe
  2⤵
  PID:7808
- C:\Windows\System\DqWcPaD.exe
  C:\Windows\System\DqWcPaD.exe
  2⤵
  PID:7844
- C:\Windows\System\uLFNBem.exe
  C:\Windows\System\uLFNBem.exe
  2⤵
  PID:8000
- C:\Windows\System\VzFazni.exe
  C:\Windows\System\VzFazni.exe
  2⤵
  PID:8004
- C:\Windows\System\epDsfJt.exe
  C:\Windows\System\epDsfJt.exe
  2⤵
  PID:7760
- C:\Windows\System\xZqzyqk.exe
  C:\Windows\System\xZqzyqk.exe
  2⤵
  PID:2672
- C:\Windows\System\UoyFsVH.exe
  C:\Windows\System\UoyFsVH.exe
  2⤵
  PID:7812
- C:\Windows\System\SJrRpEK.exe
  C:\Windows\System\SJrRpEK.exe
  2⤵
  PID:7872
- C:\Windows\System\IDFfipA.exe
  C:\Windows\System\IDFfipA.exe
  2⤵
  PID:8036
- C:\Windows\System\RxVEmTH.exe
  C:\Windows\System\RxVEmTH.exe
  2⤵
  PID:8048
- C:\Windows\System\kUrfnIS.exe
  C:\Windows\System\kUrfnIS.exe
  2⤵
  PID:1036
- C:\Windows\System\POqmnAM.exe
  C:\Windows\System\POqmnAM.exe
  2⤵
  PID:8072
- C:\Windows\System\UynZYrW.exe
  C:\Windows\System\UynZYrW.exe
  2⤵
  PID:8100
- C:\Windows\System\XxyDTIY.exe
  C:\Windows\System\XxyDTIY.exe
  2⤵
  PID:8116
- C:\Windows\System\gaYgXdM.exe
  C:\Windows\System\gaYgXdM.exe
  2⤵
  PID:8156
- C:\Windows\System\uRXIPkS.exe
  C:\Windows\System\uRXIPkS.exe
  2⤵
  PID:8140
- C:\Windows\System\uFkluvT.exe
  C:\Windows\System\uFkluvT.exe
  2⤵
  PID:5264
- C:\Windows\System\aEdZnEr.exe
  C:\Windows\System\aEdZnEr.exe
  2⤵
  PID:7216
- C:\Windows\System\UEKCxpl.exe
  C:\Windows\System\UEKCxpl.exe
  2⤵
  PID:7324
- C:\Windows\System\xEKIPzZ.exe
  C:\Windows\System\xEKIPzZ.exe
  2⤵
  PID:7676
- C:\Windows\System\IykwFVI.exe
  C:\Windows\System\IykwFVI.exe
  2⤵
  PID:7972
- C:\Windows\System\mtbvdKy.exe
  C:\Windows\System\mtbvdKy.exe
  2⤵
  PID:8016
- C:\Windows\System\cCJgIRt.exe
  C:\Windows\System\cCJgIRt.exe
  2⤵
  PID:8108
- C:\Windows\System\RenusPl.exe
  C:\Windows\System\RenusPl.exe
  2⤵
  PID:7328
- C:\Windows\System\REghUnJ.exe
  C:\Windows\System\REghUnJ.exe
  2⤵
  PID:7692
- C:\Windows\System\BVzPmjs.exe
  C:\Windows\System\BVzPmjs.exe
  2⤵
  PID:7700
- C:\Windows\System\Brdejuj.exe
  C:\Windows\System\Brdejuj.exe
  2⤵
  PID:1092
- C:\Windows\System\tghfnTz.exe
  C:\Windows\System\tghfnTz.exe
  2⤵
  PID:7440
- C:\Windows\System\DrNUdkb.exe
  C:\Windows\System\DrNUdkb.exe
  2⤵
  PID:7616
- C:\Windows\System\eunGFgm.exe
  C:\Windows\System\eunGFgm.exe
  2⤵
  PID:304
- C:\Windows\System\bsaHpww.exe
  C:\Windows\System\bsaHpww.exe
  2⤵
  PID:8084
- C:\Windows\System\FmjaVmV.exe
  C:\Windows\System\FmjaVmV.exe
  2⤵
  PID:2528
- C:\Windows\System\lvlekgN.exe
  C:\Windows\System\lvlekgN.exe
  2⤵
  PID:7856
- C:\Windows\System\EDQSJLW.exe
  C:\Windows\System\EDQSJLW.exe
  2⤵
  PID:7260
- C:\Windows\System\keWbuMa.exe
  C:\Windows\System\keWbuMa.exe
  2⤵
  PID:7532
- C:\Windows\System\GuvZapx.exe
  C:\Windows\System\GuvZapx.exe
  2⤵
  PID:8172
- C:\Windows\System\fEjzwxK.exe
  C:\Windows\System\fEjzwxK.exe
  2⤵
  PID:7340
- C:\Windows\System\KLdlYCi.exe
  C:\Windows\System\KLdlYCi.exe
  2⤵
  PID:7908
- C:\Windows\System\EQyRLyz.exe
  C:\Windows\System\EQyRLyz.exe
  2⤵
  PID:8064
- C:\Windows\System\RMmAJnl.exe
  C:\Windows\System\RMmAJnl.exe
  2⤵
  PID:7032
- C:\Windows\System\HUftxKd.exe
  C:\Windows\System\HUftxKd.exe
  2⤵
  PID:7276
- C:\Windows\System\UXijzwH.exe
  C:\Windows\System\UXijzwH.exe
  2⤵
  PID:2348
- C:\Windows\System\ZPZXbax.exe
  C:\Windows\System\ZPZXbax.exe
  2⤵
  PID:7628
- C:\Windows\System\esDHAqA.exe
  C:\Windows\System\esDHAqA.exe
  2⤵
  PID:8196
- C:\Windows\System\aPfnYjG.exe
  C:\Windows\System\aPfnYjG.exe
  2⤵
  PID:8216
- C:\Windows\System\YqVSMDE.exe
  C:\Windows\System\YqVSMDE.exe
  2⤵
  PID:8232
- C:\Windows\System\XUNbypa.exe
  C:\Windows\System\XUNbypa.exe
  2⤵
  PID:8248
- C:\Windows\System\kQvSnNh.exe
  C:\Windows\System\kQvSnNh.exe
  2⤵
  PID:8268
- C:\Windows\System\wbnKxpW.exe
  C:\Windows\System\wbnKxpW.exe
  2⤵
  PID:8284
- C:\Windows\System\qEgXcND.exe
  C:\Windows\System\qEgXcND.exe
  2⤵
  PID:8300
- C:\Windows\System\FWJUCOS.exe
  C:\Windows\System\FWJUCOS.exe
  2⤵
  PID:8316
- C:\Windows\System\mjAkWEa.exe
  C:\Windows\System\mjAkWEa.exe
  2⤵
  PID:8332
- C:\Windows\System\dKZHWNo.exe
  C:\Windows\System\dKZHWNo.exe
  2⤵
  PID:8348
- C:\Windows\System\ZGmJXIv.exe
  C:\Windows\System\ZGmJXIv.exe
  2⤵
  PID:8364
- C:\Windows\System\TuxGSBP.exe
  C:\Windows\System\TuxGSBP.exe
  2⤵
  PID:8380
- C:\Windows\System\GBIxdOC.exe
  C:\Windows\System\GBIxdOC.exe
  2⤵
  PID:8396
- C:\Windows\System\ywdEyib.exe
  C:\Windows\System\ywdEyib.exe
  2⤵
  PID:8412
- C:\Windows\System\biVAGiL.exe
  C:\Windows\System\biVAGiL.exe
  2⤵
  PID:8428
- C:\Windows\System\KAGZvkL.exe
  C:\Windows\System\KAGZvkL.exe
  2⤵
  PID:8444
- C:\Windows\System\cgCGMKs.exe
  C:\Windows\System\cgCGMKs.exe
  2⤵
  PID:8460
- C:\Windows\System\dDlcwdW.exe
  C:\Windows\System\dDlcwdW.exe
  2⤵
  PID:8476
- C:\Windows\System\qHZpdRC.exe
  C:\Windows\System\qHZpdRC.exe
  2⤵
  PID:8492
- C:\Windows\System\uvhayMU.exe
  C:\Windows\System\uvhayMU.exe
  2⤵
  PID:8524
- C:\Windows\System\iVfTNKO.exe
  C:\Windows\System\iVfTNKO.exe
  2⤵
  PID:8540
- C:\Windows\System\cfQKkci.exe
  C:\Windows\System\cfQKkci.exe
  2⤵
  PID:8564
- C:\Windows\System\oUhPOcq.exe
  C:\Windows\System\oUhPOcq.exe
  2⤵
  PID:8580
- C:\Windows\System\dJVdvoN.exe
  C:\Windows\System\dJVdvoN.exe
  2⤵
  PID:8600
- C:\Windows\System\GTPZoFH.exe
  C:\Windows\System\GTPZoFH.exe
  2⤵
  PID:8616
- C:\Windows\System\LwIlwds.exe
  C:\Windows\System\LwIlwds.exe
  2⤵
  PID:8636
- C:\Windows\System\msSMona.exe
  C:\Windows\System\msSMona.exe
  2⤵
  PID:8652
- C:\Windows\System\HSYXMic.exe
  C:\Windows\System\HSYXMic.exe
  2⤵
  PID:8668
- C:\Windows\System\ijxmOtC.exe
  C:\Windows\System\ijxmOtC.exe
  2⤵
  PID:8688
- C:\Windows\System\KmubeLL.exe
  C:\Windows\System\KmubeLL.exe
  2⤵
  PID:8704
- C:\Windows\System\hzqWEWi.exe
  C:\Windows\System\hzqWEWi.exe
  2⤵
  PID:8720
- C:\Windows\System\qarWEWH.exe
  C:\Windows\System\qarWEWH.exe
  2⤵
  PID:8736
- C:\Windows\System\oJCUUhN.exe
  C:\Windows\System\oJCUUhN.exe
  2⤵
  PID:8752
- C:\Windows\System\hpQzGqn.exe
  C:\Windows\System\hpQzGqn.exe
  2⤵
  PID:8768
- C:\Windows\System\ceDWove.exe
  C:\Windows\System\ceDWove.exe
  2⤵
  PID:8784
- C:\Windows\System\FMQGddU.exe
  C:\Windows\System\FMQGddU.exe
  2⤵
  PID:8800
- C:\Windows\System\nHeKtbo.exe
  C:\Windows\System\nHeKtbo.exe
  2⤵
  PID:8816
- C:\Windows\System\adVxteh.exe
  C:\Windows\System\adVxteh.exe
  2⤵
  PID:8832
- C:\Windows\System\jnntGvw.exe
  C:\Windows\System\jnntGvw.exe
  2⤵
  PID:8848
- C:\Windows\System\PaZFTKz.exe
  C:\Windows\System\PaZFTKz.exe
  2⤵
  PID:8864
- C:\Windows\System\sTZEGSX.exe
  C:\Windows\System\sTZEGSX.exe
  2⤵
  PID:8888
- C:\Windows\System\jldrgzE.exe
  C:\Windows\System\jldrgzE.exe
  2⤵
  PID:8912
- C:\Windows\System\vcCqCFY.exe
  C:\Windows\System\vcCqCFY.exe
  2⤵
  PID:8944
- C:\Windows\System\eWFKhTB.exe
  C:\Windows\System\eWFKhTB.exe
  2⤵
  PID:8968
- C:\Windows\System\GPEBCpN.exe
  C:\Windows\System\GPEBCpN.exe
  2⤵
  PID:8992
- C:\Windows\System\uDcwRgY.exe
  C:\Windows\System\uDcwRgY.exe
  2⤵
  PID:9012
- C:\Windows\System\FmQWlrT.exe
  C:\Windows\System\FmQWlrT.exe
  2⤵
  PID:9032
- C:\Windows\System\cephlLc.exe
  C:\Windows\System\cephlLc.exe
  2⤵
  PID:9048
- C:\Windows\System\nwpoSbx.exe
  C:\Windows\System\nwpoSbx.exe
  2⤵
  PID:9064
- C:\Windows\System\FtQwzww.exe
  C:\Windows\System\FtQwzww.exe
  2⤵
  PID:9084
- C:\Windows\System\vUoQaNX.exe
  C:\Windows\System\vUoQaNX.exe
  2⤵
  PID:9100
- C:\Windows\System\rdFvNqU.exe
  C:\Windows\System\rdFvNqU.exe
  2⤵
  PID:9116
- C:\Windows\System\CtkoLlu.exe
  C:\Windows\System\CtkoLlu.exe
  2⤵
  PID:9132
- C:\Windows\System\IyUQfFl.exe
  C:\Windows\System\IyUQfFl.exe
  2⤵
  PID:9148
- C:\Windows\System\iZeEqJo.exe
  C:\Windows\System\iZeEqJo.exe
  2⤵
  PID:9164
- C:\Windows\System\dbaiSCG.exe
  C:\Windows\System\dbaiSCG.exe
  2⤵
  PID:9180
- C:\Windows\System\BQZPNqU.exe
  C:\Windows\System\BQZPNqU.exe
  2⤵
  PID:9196
- C:\Windows\System\mUHGTvB.exe
  C:\Windows\System\mUHGTvB.exe
  2⤵
  PID:9212
- C:\Windows\System\gXVsydU.exe
  C:\Windows\System\gXVsydU.exe
  2⤵
  PID:8044
- C:\Windows\System\gQjERms.exe
  C:\Windows\System\gQjERms.exe
  2⤵
  PID:8360
- C:\Windows\System\JydqixP.exe
  C:\Windows\System\JydqixP.exe
  2⤵
  PID:8340
- C:\Windows\System\mtgkRTi.exe
  C:\Windows\System\mtgkRTi.exe
  2⤵
  PID:8468
- C:\Windows\System\GYlJhzQ.exe
  C:\Windows\System\GYlJhzQ.exe
  2⤵
  PID:8424
- C:\Windows\System\TJQzdlx.exe
  C:\Windows\System\TJQzdlx.exe
  2⤵
  PID:8488
- C:\Windows\System\QVJxOsw.exe
  C:\Windows\System\QVJxOsw.exe
  2⤵
  PID:8244
- C:\Windows\System\uChuibB.exe
  C:\Windows\System\uChuibB.exe
  2⤵
  PID:8372
- C:\Windows\System\fmjULZm.exe
  C:\Windows\System\fmjULZm.exe
  2⤵
  PID:8504
- C:\Windows\System\yOxKFWJ.exe
  C:\Windows\System\yOxKFWJ.exe
  2⤵
  PID:8516
- C:\Windows\System\SfkCLSL.exe
  C:\Windows\System\SfkCLSL.exe
  2⤵
  PID:8520
- C:\Windows\System\YAWIRNL.exe
  C:\Windows\System\YAWIRNL.exe
  2⤵
  PID:8560
- C:\Windows\System\AQBgpql.exe
  C:\Windows\System\AQBgpql.exe
  2⤵
  PID:8632
- C:\Windows\System\GXQtHXB.exe
  C:\Windows\System\GXQtHXB.exe
  2⤵
  PID:8612
- C:\Windows\System\Ponbwbq.exe
  C:\Windows\System\Ponbwbq.exe
  2⤵
  PID:8644
- C:\Windows\System\FSVdnGJ.exe
  C:\Windows\System\FSVdnGJ.exe
  2⤵
  PID:8904
- C:\Windows\System\RZIJQJc.exe
  C:\Windows\System\RZIJQJc.exe
  2⤵
  PID:8936
- C:\Windows\System\aYNqBWU.exe
  C:\Windows\System\aYNqBWU.exe
  2⤵
  PID:8960
- C:\Windows\System\WDfEvpU.exe
  C:\Windows\System\WDfEvpU.exe
  2⤵
  PID:9028
- C:\Windows\System\dmeOSzE.exe
  C:\Windows\System\dmeOSzE.exe
  2⤵
  PID:9060
- C:\Windows\System\xCzitPE.exe
  C:\Windows\System\xCzitPE.exe
  2⤵
  PID:9072
- C:\Windows\System\oztxqPU.exe
  C:\Windows\System\oztxqPU.exe
  2⤵
  PID:9128
- C:\Windows\System\vRIAMoR.exe
  C:\Windows\System\vRIAMoR.exe
  2⤵
  PID:9192
- C:\Windows\System\ZUmkiip.exe
  C:\Windows\System\ZUmkiip.exe
  2⤵
  PID:9172
- C:\Windows\System\JLGmkOZ.exe
  C:\Windows\System\JLGmkOZ.exe
  2⤵
  PID:9176
- C:\Windows\System\uMFudai.exe
  C:\Windows\System\uMFudai.exe
  2⤵
  PID:8228
- C:\Windows\System\kiDLQLw.exe
  C:\Windows\System\kiDLQLw.exe
  2⤵
  PID:8292
- C:\Windows\System\CvNGvum.exe
  C:\Windows\System\CvNGvum.exe
  2⤵
  PID:8212
- C:\Windows\System\CYKrtUl.exe
  C:\Windows\System\CYKrtUl.exe
  2⤵
  PID:8240
- C:\Windows\System\MoJPCJK.exe
  C:\Windows\System\MoJPCJK.exe
  2⤵
  PID:8536
- C:\Windows\System\rhFLWSH.exe
  C:\Windows\System\rhFLWSH.exe
  2⤵
  PID:8608
- C:\Windows\System\SajqJlw.exe
  C:\Windows\System\SajqJlw.exe
  2⤵
  PID:8436
- C:\Windows\System\kYsoqDP.exe
  C:\Windows\System\kYsoqDP.exe
  2⤵
  PID:8280
- C:\Windows\System\QEABBtx.exe
  C:\Windows\System\QEABBtx.exe
  2⤵
  PID:8552
- C:\Windows\System\NdSUzTi.exe
  C:\Windows\System\NdSUzTi.exe
  2⤵
  PID:8680
- C:\Windows\System\zyTtsMW.exe
  C:\Windows\System\zyTtsMW.exe
  2⤵
  PID:8712
- C:\Windows\System\yEePqlh.exe
  C:\Windows\System\yEePqlh.exe
  2⤵
  PID:8748
- C:\Windows\System\PdULeeP.exe
  C:\Windows\System\PdULeeP.exe
  2⤵
  PID:8812
- C:\Windows\System\Fqqgjod.exe
  C:\Windows\System\Fqqgjod.exe
  2⤵
  PID:8700
- C:\Windows\System\UfnKHmZ.exe
  C:\Windows\System\UfnKHmZ.exe
  2⤵
  PID:8792
- C:\Windows\System\ZdGUKJO.exe
  C:\Windows\System\ZdGUKJO.exe
  2⤵
  PID:8824
- C:\Windows\System\PpBlnfF.exe
  C:\Windows\System\PpBlnfF.exe
  2⤵
  PID:8876
- C:\Windows\System\KjbfOrn.exe
  C:\Windows\System\KjbfOrn.exe
  2⤵
  PID:8908
- C:\Windows\System\qyyYBop.exe
  C:\Windows\System\qyyYBop.exe
  2⤵
  PID:8896
- C:\Windows\System\JtrxNPO.exe
  C:\Windows\System\JtrxNPO.exe
  2⤵
  PID:8484
- C:\Windows\System\StEtrXM.exe
  C:\Windows\System\StEtrXM.exe
  2⤵
  PID:8664
- C:\Windows\System\jKpCjzh.exe
  C:\Windows\System\jKpCjzh.exe
  2⤵
  PID:9160
- C:\Windows\System\AGxDXul.exe
  C:\Windows\System\AGxDXul.exe
  2⤵
  PID:8420
- C:\Windows\System\XHxPcvj.exe
  C:\Windows\System\XHxPcvj.exe
  2⤵
  PID:8964
- C:\Windows\System\iVlDpGm.exe
  C:\Windows\System\iVlDpGm.exe
  2⤵
  PID:7984
- C:\Windows\System\FohMMRd.exe
  C:\Windows\System\FohMMRd.exe
  2⤵
  PID:9096
- C:\Windows\System\jAZRHkS.exe
  C:\Windows\System\jAZRHkS.exe
  2⤵
  PID:8592
- C:\Windows\System\bWrxbEK.exe
  C:\Windows\System\bWrxbEK.exe
  2⤵
  PID:8596
- C:\Windows\System\nKSZVPJ.exe
  C:\Windows\System\nKSZVPJ.exe
  2⤵
  PID:8732
- C:\Windows\System\mLenSHt.exe
  C:\Windows\System\mLenSHt.exe
  2⤵
  PID:8856
- C:\Windows\System\dNPsRxy.exe
  C:\Windows\System\dNPsRxy.exe
  2⤵
  PID:8928
- C:\Windows\System\IfxYIeH.exe
  C:\Windows\System\IfxYIeH.exe
  2⤵
  PID:8900
- C:\Windows\System\SBuukhZ.exe
  C:\Windows\System\SBuukhZ.exe
  2⤵
  PID:8988
- C:\Windows\System\sgfRthE.exe
  C:\Windows\System\sgfRthE.exe
  2⤵
  PID:8684
- C:\Windows\System\yTcMDIA.exe
  C:\Windows\System\yTcMDIA.exe
  2⤵
  PID:8356
- C:\Windows\System\VrfivjQ.exe
  C:\Windows\System\VrfivjQ.exe
  2⤵
  PID:8952
- C:\Windows\System\GYfPZTh.exe
  C:\Windows\System\GYfPZTh.exe
  2⤵
  PID:8328
- C:\Windows\System\kcjoTPh.exe
  C:\Windows\System\kcjoTPh.exe
  2⤵
  PID:8884
- C:\Windows\System\KwNKuWG.exe
  C:\Windows\System\KwNKuWG.exe
  2⤵
  PID:8472
- C:\Windows\System\toUxBns.exe
  C:\Windows\System\toUxBns.exe
  2⤵
  PID:9040
- C:\Windows\System\CwHYDjl.exe
  C:\Windows\System\CwHYDjl.exe
  2⤵
  PID:9056
- C:\Windows\System\GQEYGwG.exe
  C:\Windows\System\GQEYGwG.exe
  2⤵
  PID:8956
- C:\Windows\System\lIyaSYu.exe
  C:\Windows\System\lIyaSYu.exe
  2⤵
  PID:8744
- C:\Windows\System\yZCezkm.exe
  C:\Windows\System\yZCezkm.exe
  2⤵
  PID:8440
- C:\Windows\System\MZDJYLo.exe
  C:\Windows\System\MZDJYLo.exe
  2⤵
  PID:9236
- C:\Windows\System\BmUuWpH.exe
  C:\Windows\System\BmUuWpH.exe
  2⤵
  PID:9256
- C:\Windows\System\AUtxfbh.exe
  C:\Windows\System\AUtxfbh.exe
  2⤵
  PID:9276
- C:\Windows\System\FTmFgjM.exe
  C:\Windows\System\FTmFgjM.exe
  2⤵
  PID:9292
- C:\Windows\System\LXgAqUI.exe
  C:\Windows\System\LXgAqUI.exe
  2⤵
  PID:9308
- C:\Windows\System\qRJCaMq.exe
  C:\Windows\System\qRJCaMq.exe
  2⤵
  PID:9328
- C:\Windows\System\DSyYKJf.exe
  C:\Windows\System\DSyYKJf.exe
  2⤵
  PID:9348
- C:\Windows\System\LsBCeNg.exe
  C:\Windows\System\LsBCeNg.exe
  2⤵
  PID:9364
- C:\Windows\System\LBspZif.exe
  C:\Windows\System\LBspZif.exe
  2⤵
  PID:9380
- C:\Windows\System\wKjsXQA.exe
  C:\Windows\System\wKjsXQA.exe
  2⤵
  PID:9396
- C:\Windows\System\KxFqkby.exe
  C:\Windows\System\KxFqkby.exe
  2⤵
  PID:9412
- C:\Windows\System\NZiMTBr.exe
  C:\Windows\System\NZiMTBr.exe
  2⤵
  PID:9428
- C:\Windows\System\nlAePbU.exe
  C:\Windows\System\nlAePbU.exe
  2⤵
  PID:9448
- C:\Windows\System\PLtrBFq.exe
  C:\Windows\System\PLtrBFq.exe
  2⤵
  PID:9464
- C:\Windows\System\cZDqXCb.exe
  C:\Windows\System\cZDqXCb.exe
  2⤵
  PID:9480
- C:\Windows\System\mVIJbMC.exe
  C:\Windows\System\mVIJbMC.exe
  2⤵
  PID:9496
- C:\Windows\System\vwsmKhk.exe
  C:\Windows\System\vwsmKhk.exe
  2⤵
  PID:9512
- C:\Windows\System\VkzNVwV.exe
  C:\Windows\System\VkzNVwV.exe
  2⤵
  PID:9528
- C:\Windows\System\IFmkQgp.exe
  C:\Windows\System\IFmkQgp.exe
  2⤵
  PID:9544
- C:\Windows\System\zIEVuSG.exe
  C:\Windows\System\zIEVuSG.exe
  2⤵
  PID:9560
- C:\Windows\System\fDMZkmt.exe
  C:\Windows\System\fDMZkmt.exe
  2⤵
  PID:9580
- C:\Windows\System\eGKjMGW.exe
  C:\Windows\System\eGKjMGW.exe
  2⤵
  PID:9596
- C:\Windows\System\AYzLUTQ.exe
  C:\Windows\System\AYzLUTQ.exe
  2⤵
  PID:9612
- C:\Windows\System\bPaHPtp.exe
  C:\Windows\System\bPaHPtp.exe
  2⤵
  PID:9628
- C:\Windows\System\nsLoLKm.exe
  C:\Windows\System\nsLoLKm.exe
  2⤵
  PID:9644
- C:\Windows\System\MHMinSx.exe
  C:\Windows\System\MHMinSx.exe
  2⤵
  PID:9664
- C:\Windows\System\zTlcanF.exe
  C:\Windows\System\zTlcanF.exe
  2⤵
  PID:9680
- C:\Windows\System\lOuCHrP.exe
  C:\Windows\System\lOuCHrP.exe
  2⤵
  PID:9696
- C:\Windows\System\GQPzoRE.exe
  C:\Windows\System\GQPzoRE.exe
  2⤵
  PID:9712
- C:\Windows\System\pOiejGv.exe
  C:\Windows\System\pOiejGv.exe
  2⤵
  PID:9728
- C:\Windows\System\gDWWwcS.exe
  C:\Windows\System\gDWWwcS.exe
  2⤵
  PID:9744
- C:\Windows\System\tkApfWZ.exe
  C:\Windows\System\tkApfWZ.exe
  2⤵
  PID:9760
- C:\Windows\System\RZNyOGl.exe
  C:\Windows\System\RZNyOGl.exe
  2⤵
  PID:9776
- C:\Windows\System\ycHeYzL.exe
  C:\Windows\System\ycHeYzL.exe
  2⤵
  PID:9792
- C:\Windows\System\dsMZQDj.exe
  C:\Windows\System\dsMZQDj.exe
  2⤵
  PID:9808
- C:\Windows\System\dlprmnN.exe
  C:\Windows\System\dlprmnN.exe
  2⤵
  PID:9824
- C:\Windows\System\PatcddC.exe
  C:\Windows\System\PatcddC.exe
  2⤵
  PID:9840
- C:\Windows\System\mvKlfYy.exe
  C:\Windows\System\mvKlfYy.exe
  2⤵
  PID:9856
- C:\Windows\System\BpoNkAI.exe
  C:\Windows\System\BpoNkAI.exe
  2⤵
  PID:9876
- C:\Windows\System\RSKtPoN.exe
  C:\Windows\System\RSKtPoN.exe
  2⤵
  PID:9892
- C:\Windows\System\YCwIcOf.exe
  C:\Windows\System\YCwIcOf.exe
  2⤵
  PID:9908
- C:\Windows\System\qvZehUl.exe
  C:\Windows\System\qvZehUl.exe
  2⤵
  PID:9924
- C:\Windows\System\mzAfySb.exe
  C:\Windows\System\mzAfySb.exe
  2⤵
  PID:9940
- C:\Windows\System\TUuPbBO.exe
  C:\Windows\System\TUuPbBO.exe
  2⤵
  PID:9956
- C:\Windows\System\YInFtSr.exe
  C:\Windows\System\YInFtSr.exe
  2⤵
  PID:9972
- C:\Windows\System\psEPNRf.exe
  C:\Windows\System\psEPNRf.exe
  2⤵
  PID:10024
- C:\Windows\System\MZjgzTj.exe
  C:\Windows\System\MZjgzTj.exe
  2⤵
  PID:10048
- C:\Windows\System\uhdbRaa.exe
  C:\Windows\System\uhdbRaa.exe
  2⤵
  PID:10064
- C:\Windows\System\tEoESPU.exe
  C:\Windows\System\tEoESPU.exe
  2⤵
  PID:10080
- C:\Windows\System\bqnFoVI.exe
  C:\Windows\System\bqnFoVI.exe
  2⤵
  PID:10096
- C:\Windows\System\WCQgrzg.exe
  C:\Windows\System\WCQgrzg.exe
  2⤵
  PID:10112
- C:\Windows\System\sbbSIut.exe
  C:\Windows\System\sbbSIut.exe
  2⤵
  PID:10128
- C:\Windows\System\GFamedT.exe
  C:\Windows\System\GFamedT.exe
  2⤵
  PID:10148
- C:\Windows\System\zpOLKSq.exe
  C:\Windows\System\zpOLKSq.exe
  2⤵
  PID:10164
- C:\Windows\System\YIEPUri.exe
  C:\Windows\System\YIEPUri.exe
  2⤵
  PID:10180
- C:\Windows\System\rErUfng.exe
  C:\Windows\System\rErUfng.exe
  2⤵
  PID:10196
- C:\Windows\System\GfsKkzG.exe
  C:\Windows\System\GfsKkzG.exe
  2⤵
  PID:10212
- C:\Windows\System\HtLuGnU.exe
  C:\Windows\System\HtLuGnU.exe
  2⤵
  PID:10228
- C:\Windows\System\HXCtNzO.exe
  C:\Windows\System\HXCtNzO.exe
  2⤵
  PID:8660
- C:\Windows\System\GuxAqor.exe
  C:\Windows\System\GuxAqor.exe
  2⤵
  PID:8860
- C:\Windows\System\JeqwJFc.exe
  C:\Windows\System\JeqwJFc.exe
  2⤵
  PID:9224
- C:\Windows\System\BAMOHPR.exe
  C:\Windows\System\BAMOHPR.exe
  2⤵
  PID:9264
- C:\Windows\System\ITtGcQw.exe
  C:\Windows\System\ITtGcQw.exe
  2⤵
  PID:9320
- C:\Windows\System\cUdcsFA.exe
  C:\Windows\System\cUdcsFA.exe
  2⤵
  PID:9388
- C:\Windows\System\FxzVlMS.exe
  C:\Windows\System\FxzVlMS.exe
  2⤵
  PID:9508
- C:\Windows\System\aEHtYGd.exe
  C:\Windows\System\aEHtYGd.exe
  2⤵
  PID:9524
- C:\Windows\System\kwwjfhy.exe
  C:\Windows\System\kwwjfhy.exe
  2⤵
  PID:9660
- C:\Windows\System\vWxgXkA.exe
  C:\Windows\System\vWxgXkA.exe
  2⤵
  PID:9724
- C:\Windows\System\eTKrwTY.exe
  C:\Windows\System\eTKrwTY.exe
  2⤵
  PID:9816
- C:\Windows\System\TjAOJoS.exe
  C:\Windows\System\TjAOJoS.exe
  2⤵
  PID:9572
- C:\Windows\System\CZayVnd.exe
  C:\Windows\System\CZayVnd.exe
  2⤵
  PID:9932
- C:\Windows\System\fDLAypL.exe
  C:\Windows\System\fDLAypL.exe
  2⤵
  PID:10092
- C:\Windows\System\XwlatdI.exe
  C:\Windows\System\XwlatdI.exe
  2⤵
  PID:8224
- C:\Windows\System\QJHnloe.exe
  C:\Windows\System\QJHnloe.exe
  2⤵
  PID:10160
- C:\Windows\System\JcnUkdo.exe
  C:\Windows\System\JcnUkdo.exe
  2⤵
  PID:9488
- C:\Windows\System\ZXIhEHo.exe
  C:\Windows\System\ZXIhEHo.exe
  2⤵
  PID:9656
- C:\Windows\System\tZNuUyC.exe
  C:\Windows\System\tZNuUyC.exe
  2⤵
  PID:9640
- C:\Windows\System\qiuaiKW.exe
  C:\Windows\System\qiuaiKW.exe
  2⤵
  PID:9832
- C:\Windows\System\vYFMSlR.exe
  C:\Windows\System\vYFMSlR.exe
  2⤵
  PID:9740
- C:\Windows\System\MgTwFro.exe
  C:\Windows\System\MgTwFro.exe
  2⤵
  PID:9852
- C:\Windows\System\YCkKAai.exe
  C:\Windows\System\YCkKAai.exe
  2⤵
  PID:9916
- C:\Windows\System\KEiHkdn.exe
  C:\Windows\System\KEiHkdn.exe
  2⤵
  PID:9904
- C:\Windows\System\QQdMqXy.exe
  C:\Windows\System\QQdMqXy.exe
  2⤵
  PID:9992
- C:\Windows\System\FjziVSa.exe
  C:\Windows\System\FjziVSa.exe
  2⤵
  PID:9868
- C:\Windows\System\qmtRuWx.exe
  C:\Windows\System\qmtRuWx.exe
  2⤵
  PID:10120
- C:\Windows\System\vtXaqKl.exe
  C:\Windows\System\vtXaqKl.exe
  2⤵
  PID:10104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AfxFqHp.exe

Filesize
6.0MB

MD5
f4a9afbebd1b618beafa607172a8d96e

SHA1
cddf3649b0bc345d933ee87087026d38f664e393

SHA256
8c65880805389b29c3303dd28dd06be6374ab737eb2b78002ff87f8a5d9e3a13

SHA512
11ba6dced6a8ef2e615514e5c168af0a93f2b0913dbb675a17bed7d47c069639c4b29f55d325d5ddf1a23387bfd57b724aac7d8cebf0476f8b82df2b05ab7716

Download Submit
C:\Windows\system\CfxFawX.exe

Filesize
6.0MB

MD5
f8d221e5a9d6375a33bc4c54c91b5844

SHA1
248bcbe5cb170a4106bfde6abb31cafd0fba42f5

SHA256
f87ce30f00d65da932887faafa82c74ada72b88559cf0916a4ef41cc42e4ca81

SHA512
9d24c02c64c40d609bf146d56d053830f2ba6fa2ea78e79601ed7dc21c27cd58a7be6c438ac39f18a2eeccc974ab7e87d61eb94ff19d010577b963a8cecc3ec5

Download Submit
C:\Windows\system\DAXOXUJ.exe

Filesize
6.0MB

MD5
a098d78b1f56a3713d5090f100a4d94c

SHA1
2c8096f0c94bd993db987f9721c3e12c6a430220

SHA256
fc760d403977c3394832cd7ca8862b4aed1ede5b8757ed1df7701c4e6e921f9d

SHA512
fabb1c4696b844e575482771a060345cb460125a20c756a7407262eb338d24d090bd619d4d3595c750efe3ae679b500a764c9a2b395e02a85d25617566ae496d

Download Submit
C:\Windows\system\FPzsuIV.exe

Filesize
6.0MB

MD5
76e4db630d0c35080a2c07663618fd9c

SHA1
e7ab179ec488c51fa5ef59b3b948a83ef3126717

SHA256
934de6addb3ad2045272a1efc5e369f0fea67030d6f837af2bad4f85ab7ac931

SHA512
a3fb16793b1c5db1ecafab71d53608339046f8b81e7953454007e36f42b0c5ac7f95fddf628f3b07322fec242bc03094011b9c2cf50f3013a2cba0aaec8b492b

Download Submit
C:\Windows\system\ISiUlAO.exe

Filesize
6.0MB

MD5
86ebb7819dee964c1d5f1bad2f59d5dc

SHA1
8d62a6927dc57d9d5a9ddfff191672810bb643c7

SHA256
e8f5860325ad80b1621e2f1a86d03c543bdcc40fd053b6accf493e58fe23241f

SHA512
b80a308df1ba93374db884d95bddfa46cc4ba03afd1e3400d54cf3d601a2de46b6d9dc6ea2c7aec3a8b2fc580a721d0e7172c8aa8d772981d735076b68bdee30

Download Submit
C:\Windows\system\IpMZFoE.exe

Filesize
6.0MB

MD5
5a77e535fcb0f5cf02f97a33f1b4f5be

SHA1
974560aeb4af0fe41e9f8594f72b5375c3ad9483

SHA256
67a31b56ca595934a25269a5e3cdd7bdcd81ab60449d7f79921931be991c7fde

SHA512
1385fdb59c10bbfb7d88033beec32c303b36384698c60ba772583ac92f2dea64dd871981a46979f034eca6aa6ce0ecddd9068ac4c627cd60c8367f855c4180b0

Download Submit
C:\Windows\system\KpvxZcj.exe

Filesize
6.0MB

MD5
64f886d4b38117b66776a92fd1be402b

SHA1
5de6f82dedc8c299a69dcfae4f78513b23904a40

SHA256
3f4148c84659e2bf9fb9755640ddfdc0531128f8c8480fadd12aaa7177536884

SHA512
6c20437edc982080d34764e6c3d440385862f02c40664b5a0c10bed1660f66df5dc08748b46e2a13376b41ac0c7104d3c717e1491515f02ee24d33755d5f0f34

Download Submit
C:\Windows\system\NMZjoJC.exe

Filesize
6.0MB

MD5
8781bfe37c293dabbc755c951674235b

SHA1
092f708d6073a70a3a8e380490fed4cd1021d033

SHA256
c43ce2d6782ed9f8d6e8d7143afb425eee8b0735d7d03612ef2e328964003e41

SHA512
4ca90ebd16d6d60a24f4cf9d67b7ab1f3a0abc50f8b302bc470bec3e4c2afb12b417aa674ef82537d2c799d4c27037c97c9e907c044568b855d7553b745e9cca

Download Submit
C:\Windows\system\PFWMtbh.exe

Filesize
6.0MB

MD5
cc76623c0b12be9e31d4c7a17bf95bbc

SHA1
29712c076ca30639bbaa1ac4442043f8a6f95cc7

SHA256
0f7240a0ae35d27cd2517cb48143944bb3ffbaf02e418d23f4f94c6ef38cd6b8

SHA512
e618cd9943f0402f8e67f63fd3898143f9f2a65ee70338070b4e234c1cfdf57f60fe0113d5139ebb9b1b3bf9ac15ab0f24c4552638387515ec613c64f0e41c06

Download Submit
C:\Windows\system\SAdNKbX.exe

Filesize
6.0MB

MD5
b41991bee0e34a453e757dd76822c942

SHA1
56923026ea5fb4b1a55ece4917a1441d139be293

SHA256
1495591e2aa8b42372937dfde46b60bcdac9978bee510f7de898f5590c526e71

SHA512
583f9c2ea372a9c806fe283a007f5bd4ac3c36bbaf9a187f6b5bff7fdf7a89687bd36422e3af23d85a7bf6264979c12f21b86e481a31840a02f55bc7a8e2ee15

Download Submit
C:\Windows\system\SWuqWcX.exe

Filesize
6.0MB

MD5
a98fb1cc413be07cf97bac0e693096c6

SHA1
fb9fa5324a233daee068fa8e8426bcfff09b6728

SHA256
20acd7b28f52699a8e1f8c02caedd04cfad54d3dd4401b0ddd1003dda36e39aa

SHA512
471fbb50fc7f5803ebc8f9b2b7d3b897eeaa136455b2ba96daa354833f0626d74f257e0f98dbdcc74749f4865ce885e2e7a9b655729cf33d3e33a2c404b406fb

Download Submit
C:\Windows\system\SkwMLSw.exe

Filesize
6.0MB

MD5
835cb0c0d747dd56f2785a5f16fd4158

SHA1
38ca3fb3879f66847df23a18c1b37c209c311926

SHA256
0ccab93a9c5c5f349545c5b3f2e41db6b3113266909441f301637aefd26a8f7f

SHA512
06e9e0db7b0b031eb1eeff2d35b417bc5afca3479bef8a08ab8950085e030d99a50c0ee834862e42efa66c6c15e9486b7016337a4dcb40b0ee6dacd8c8e9d61a

Download Submit
C:\Windows\system\WdSdkEy.exe

Filesize
6.0MB

MD5
51d8f7b615d7c53715645b5151227894

SHA1
bc9468c5f92e171c07700feff4c945776476833d

SHA256
76a841a068c7c5ba907ca8be921b9256bab9e42d8f0a7f58a6fd58e91607c55b

SHA512
fafc189ba74ddf053bc38df147af78deadbc2bbc46ec1b14fee42da1eb908af808f1726fb0c0c9a57e42ff6d9bab69c3a6ca5836b4607c3c1419c391d8f5af65

Download Submit
C:\Windows\system\YCENysZ.exe

Filesize
6.0MB

MD5
7283325529f5d7914d7aeaf113de394b

SHA1
9cc0ece9aef52b7eebfd8fb352ece2697409e153

SHA256
d384f4573d2834bb6a69c0eb2190d66aaf3ca3401d375053fb96d69704542e08

SHA512
121f5f8303ff87a13a27c7aa327dab91e718367d0b483507ca5e01c8a72227dc3c66cc3d570717a88dd525ee956637dcab870ef3da974d83c2a557cdef79658c

Download Submit
C:\Windows\system\aadyoTG.exe

Filesize
6.0MB

MD5
ef3cd5dd287d034a0b54d1eb0a478a7e

SHA1
b5a9578be70e5029d98382d2cfdba5ba4eecef17

SHA256
649f43b3b1a45345b01059a9bc11b07d9198be7282b12dc92041f641fef1011e

SHA512
ca602e60a2735b146a55bc0b3b5b481478d5bb769eec719b6101db70e848034d503d7c4435976060bbc53fbe4c0be6f73a7f6d7fd3bf81012a9553845ab0e18b

Download Submit
C:\Windows\system\abuUdAj.exe

Filesize
6.0MB

MD5
e55f64a4c130f506ec143467a3865604

SHA1
aba49437a1ac312880cf38acdae9c78726fd81b0

SHA256
370dd7800aac55f64ef7dbc8c920350d621a0217788f2eaa6f29e21c9d2c7495

SHA512
fb700c21356af542e7a4d0d5207e721ceb4a94ed76c4de1cbbc7bf44085377cde8031867673a4f6f9a20222109a2b8405a279a0e6ca40698d0925e69c4a17ea5

Download Submit
C:\Windows\system\eOgbtJm.exe

Filesize
6.0MB

MD5
de7b261079a0877cc1c7b4982ae02b44

SHA1
c8b90aa6a8c5d4d8a94742e0643f59525a262356

SHA256
5384cb0b725b2a43125094203ebd707098f63fc2648e9180277a0b96a380d740

SHA512
42a1578bdcca6436db5aaa4d53cbd3dbd382272cf47a03d6b07770ce914ca8ba9c907ecf9a69b73103a0cba84cdc668fea26cb5dc78d5b8bc939b39eb655e70a

Download Submit
C:\Windows\system\gRhxelc.exe

Filesize
6.0MB

MD5
ed459f64bc2362a598e25ce0ffcb033b

SHA1
04bd4c46bca4a357718e07b0acb80d3fc92704dc

SHA256
707258e04a4f7192df4a65b1ec8cb5ebced5cc6f79e56ead383da3a858afc066

SHA512
515eb4adcc53202a80595e936e901bd554d9c314b6a2fecbaf8a42626009d527c835d083754d8bd45b369f30de1073b419a9f32b9afb78e59da01cc3991be374

Download Submit
C:\Windows\system\hAphNkm.exe

Filesize
6.0MB

MD5
de10b4206477c047d0a66d62ccebbf9b

SHA1
454ae44c4e637bab5ff57048f8fa3b374325d614

SHA256
c803840aeca191ff440ced472a886653c4185e4c689b535d3f829681f6b9d1c5

SHA512
892e382978a19b1a3b6030afd3a6ab39627c14a0b1695291b87437ec6c89ede2a05ac3ee096281c25bbd21042d5ae4db37634f94304380f4b36503ffd25d6328

Download Submit
C:\Windows\system\lOMTCVu.exe

Filesize
6.0MB

MD5
127cffc81892d763b88c7791a75ef74d

SHA1
77599b33812856f3e5585a5b58fdabf8ffafe116

SHA256
2369b63398294b7c671985e1b8fedbdaf4fa89fd19d62c1d328c36ba582836f0

SHA512
1fb37567d706bbb5651f0038940c7f0e323123f3d1f6f00c845a0f3518b632641444a22fdf8b35f4db0ec939a48294c0fa8eb0e2eabbb8e3c607c87294974f3a

Download Submit
C:\Windows\system\ocmOaud.exe

Filesize
6.0MB

MD5
0cf146dcc5670e1c1d98e8d76caef06a

SHA1
e76a0715a5c780c59def30f388ef6a730b0b4372

SHA256
8fd7b04e0cf68f1494eb863fd87d391074fcac752217c44c0ca9d9c1f8a5bad4

SHA512
8c607f43b34f18c5e8bb5576ec1c8aa5f94e73bf8977a706f390df30cdbec0b2a1ded90f2c4c44215aaf3c9b3863d3b6ea683d401c1d517702636295a551cf29

Download Submit
C:\Windows\system\qagfVTD.exe

Filesize
6.0MB

MD5
30dd2b5b10a0b7dd7a2704f73c5d06a9

SHA1
573b8542e88334592378610d2b20fd6df8e0cf80

SHA256
65a6f8e5b85621909a6572fc2db123a1d44c7239633d00eed90e38247876a03e

SHA512
d3ea8cff4d392508341798090bea0c62a53ce12b858c4364ba0e7f01e5d68d3a0e3cbfa4244ff96a1478bcf0efe0d16d0814854a2215b82429c663edf96c8754

Download Submit
C:\Windows\system\qvhNBeM.exe

Filesize
6.0MB

MD5
fcbdce2076ea5afada8ee30cf81cb3e8

SHA1
414c737ca187aeadf8d9195c02590ba3f81faaa4

SHA256
6aa1255aaafbec265a878aec8747e4958c303bf757c75bf9ec967a8e26dda5fd

SHA512
dae96fdd575cedf0f5cafb6040e7cdeb1bec8317a6e9da22277de3dfee2d024fa0390aca5ad53df70e8f20782f61155460d2ebe57335f3deb3dd238869c40f1c

Download Submit
C:\Windows\system\sokgTZz.exe

Filesize
6.0MB

MD5
84ed12770ffbd121da971861ebfcc905

SHA1
d5af564fd2022b28e3f47bd75dc9aea263b3309d

SHA256
45f66ae3255f3bf4aba04997304bbfc7f391d0070b3fa5cf1a0a0eb7e717c075

SHA512
d6f194a0a799c7ac9271080212ec1442bddef9525083551a647b0e09a5ac229dc579db670fbad4aca6d6fbae7a6a809d74a729d7a9453afa7e998ea77368dfd8

Download Submit
C:\Windows\system\uueGVHL.exe

Filesize
6.0MB

MD5
1bbaa1883cd4bbac78caee08a36f694a

SHA1
1b0208ec5081f73ec65cd2ad773cbaa05f49d96a

SHA256
af8d11d503e45b816464bc4a1c6ba904544120f6b8445f03e84c01413972dda9

SHA512
5625325ac018257f68ba908a8bf2412045b0e04c560fc2ebb27ca830716155196d3fec4bd20962f3b242a2db767bb6a2f5bfa9eea19da64811487bc01a345b76

Download Submit
C:\Windows\system\uzKhrCt.exe

Filesize
6.0MB

MD5
784e4e1b49825e11e100304f13efbfc3

SHA1
f29043d8e886573c28f891392e537e3c1a2f510d

SHA256
30f99fff9355fbd07357a4508225e1a27e38540360d0e7d8f5597f7254472b33

SHA512
13ce4e05437683fed28585674e0c26adb6ddb28b43be34b9ddcf954406a51dc4ca94cfe72e62b383b354c57e579131c6ee161f57b276fde27e430d776795bfce

Download Submit
C:\Windows\system\vEkpPgU.exe

Filesize
6.0MB

MD5
7c9ab99848f8bfccf15eb408f264f0d0

SHA1
b03894a8dcc36d542a67231f9633ddd3e9714413

SHA256
ae6ed285c9d3bd98519b3f305cddc216b38b1170324f86c516cd8f4b0cbbeaa2

SHA512
c5ce27b8cda27e003fdfdc80d1df6ff2e8c2a6ecf2df69c607abf63896878f79b1b022f91022a8d99fd9267686c4bf7e4d92faf646d7683b61f8cf3a38e7cdec

Download Submit
C:\Windows\system\wHheOsI.exe

Filesize
6.0MB

MD5
99138e3873d7fd05887c3a361447d1ef

SHA1
7a1a95bbf51fdf08be565155c338261bb171a45a

SHA256
a8ecc3a9e900dc7ad0b5877a270a1ecc3ba6eef4d69b5f5a864a1c2b31440aa4

SHA512
9a9f82ed43b84eb3db6feb9d627e3c1c8f8979da9303d8571cef356f2524301486ac6006b52d67dd5a8fbd421e24ece63e822048b13e867d495f7d2873e132da

Download Submit
C:\Windows\system\wgHUOpn.exe

Filesize
6.0MB

MD5
f25e161cf2cc58300257786917e383b1

SHA1
cf92cc8bcac65c2a20c031ae5fb27b8d0a80effe

SHA256
a189c9fa9ecc30c32d0d48b873fa32f49331072ba3001e0dd1db8c93a45065d3

SHA512
4544d0371f40fbc29d6e9611020027d1ff73172f32b85da2a03b180b10241f275a2218d6b44b2ffd42047c4bf97ca2969c2a09ec098ae0d88f60614e37471973

Download Submit
C:\Windows\system\zljIfxC.exe

Filesize
6.0MB

MD5
fc008c219038b27c4296c7720e37a596

SHA1
2bcb7468ee50f5dc96d9447a3b735d35ea06feed

SHA256
ef17ec7350f161ec47e8e2b56fa0fa5226da820cfb4fed837e0031b8ee396635

SHA512
15a91b8467c6fe8411e35cd527ca25d139b24c6419e475a1c6fbd692d9b7367296df14f3ecc5160689fd6fb28d11b91f69c921dec3b921bac3b40940f80a12f2

Download Submit
\Windows\system\ANWijsi.exe

Filesize
6.0MB

MD5
23c5d7e1b1570595f412532d31e733f5

SHA1
fb3327df2e575ec22f3afff7f15a71cd392c730f

SHA256
e829706dad3232b94a223f41f3bdceec932de80adb2956f3744d3dc73313e421

SHA512
749a758ad043a4eca5e00a2e07ae6ec7836683f5ee75e7bbd9fabdb5d3e3a3a2198e0d0c71a157d9d4ad307b21d6f3a94556a5083fc337e8c937673b6dd0deb8

Download Submit
\Windows\system\bkUNbVi.exe

Filesize
6.0MB

MD5
146ba6e8ffdf1928a37009670fa7bea6

SHA1
50357d18533bcf5571f6695d2afcea46db631463

SHA256
b15e25e7e90a33900410892569a03895b6edafcdaa028bf7a8e0a437ee293795

SHA512
e7976e0e4967a694277c709e48f0288e1409916a9d72556eaa8537893420d1278a4a06d5347a6240b19240935496b810826cbfc064cdc8d3bb21a8065d5c0ef8

Download Submit
\Windows\system\wghrOIs.exe

Filesize
6.0MB

MD5
02ad7b2d0b95af08ed5618b393180d70

SHA1
4467302b6a01376ed2dca6cf427a993ab879cc58

SHA256
6e3e18133cbf861960b309f2918a918780d08784b5772e2565cf37f3aae3cd61

SHA512
d7094f4bfaba970c5af3f4cc6f6e8ca597b478f871e46c5002cfad9991e2cd26082153aba56b891be0dc4184c2d4ca8dccdd2841692383db1b5c2c886a408c32

Download Submit
memory/408-369-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/408-4012-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-367-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/1020-4041-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2016-371-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2016-4059-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2584-361-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3991-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2624-359-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4009-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4025-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-363-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-355-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4037-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-360-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1753-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2676-1787-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1786-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1611-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1553-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2676-374-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2676-376-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-372-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-377-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-370-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1173-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-368-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1377-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-366-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1690-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-364-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1693-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-362-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1731-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2676-0-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1745-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-358-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1747-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2676-356-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1746-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2676-354-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1750-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1749-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2676-351-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1748-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1378-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2716-272-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4098-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2728-353-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4007-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4006-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2772-365-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2824-357-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4000-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2832-375-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4001-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-352-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4004-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2956-4023-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-373-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download