cobaltstrike | 9031a06e5d092c5ca713970f15baef2c09525a8c8e3d9ddb1d2f11f34f67800a

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/11/2024, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1093fa6f99a3e813cc8d76cca6c5ece3
SHA1

1bf93d1f357f0726c476fce671a0790ef428caa3
SHA256

9031a06e5d092c5ca713970f15baef2c09525a8c8e3d9ddb1d2f11f34f67800a
SHA512

5084940dfbb0f963860c0b69cf07d83c63ab2e39569c7423296b6e249b6aa79f1f0f6b6237f57d4118ea67a64067f6c9adf18e1058b7d3983834498edecac634
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012029-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019273-8.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-20.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933e-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019346-27.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019384-35.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194f6-39.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-160.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019234-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ac-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a8-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a0-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a455-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2532-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012029-3.dat	xmrig
behavioral1/files/0x00070000000192f0-13.dat	xmrig
behavioral1/files/0x0008000000019273-8.dat	xmrig
behavioral1/files/0x000600000001932a-20.dat	xmrig
behavioral1/files/0x000600000001933e-25.dat	xmrig
behavioral1/files/0x0006000000019346-27.dat	xmrig
behavioral1/files/0x0006000000019384-35.dat	xmrig
behavioral1/files/0x00070000000194f6-39.dat	xmrig
behavioral1/files/0x000500000001a41b-49.dat	xmrig
behavioral1/files/0x000500000001a41c-55.dat	xmrig
behavioral1/files/0x000500000001a41e-64.dat	xmrig
behavioral1/files/0x000500000001a477-75.dat	xmrig
behavioral1/files/0x000500000001a48a-90.dat	xmrig
behavioral1/memory/2584-163-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2932-220-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2256-197-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2532-193-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2564-176-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bf-160.dat	xmrig
behavioral1/files/0x0008000000019234-154.dat	xmrig
behavioral1/files/0x000500000001a4b9-148.dat	xmrig
behavioral1/memory/1728-261-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2468-256-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2372-246-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2788-244-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2912-238-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2908-228-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2748-212-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2900-203-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2532-202-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/memory/2856-201-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2220-186-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c1-164.dat	xmrig
behavioral1/files/0x000500000001a4bd-157.dat	xmrig
behavioral1/files/0x000500000001a4bb-151.dat	xmrig
behavioral1/files/0x000500000001a4b7-146.dat	xmrig
behavioral1/files/0x000500000001a4b5-138.dat	xmrig
behavioral1/files/0x000500000001a4b1-131.dat	xmrig
behavioral1/files/0x000500000001a4b3-134.dat	xmrig
behavioral1/files/0x000500000001a4af-125.dat	xmrig
behavioral1/files/0x000500000001a4ac-121.dat	xmrig
behavioral1/files/0x000500000001a4a8-111.dat	xmrig
behavioral1/files/0x000500000001a4aa-114.dat	xmrig
behavioral1/files/0x000500000001a4a0-101.dat	xmrig
behavioral1/files/0x000500000001a4a2-105.dat	xmrig
behavioral1/files/0x000500000001a497-95.dat	xmrig
behavioral1/files/0x000500000001a486-85.dat	xmrig
behavioral1/files/0x000500000001a478-80.dat	xmrig
behavioral1/files/0x000500000001a455-70.dat	xmrig
behavioral1/files/0x000500000001a41d-60.dat	xmrig
behavioral1/files/0x000500000001a41a-45.dat	xmrig
behavioral1/memory/2532-1784-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2788-3824-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2908-3839-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2748-3823-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2468-3848-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2856-3856-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2220-3858-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/1728-3857-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2256-3859-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2900-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2912-3863-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2932-3864-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2468	FxyvMzV.exe
1728	ZdGJNpL.exe
2584	OSebszz.exe
2564	GYwbHNl.exe
2220	yEchntW.exe
2256	OrMJGyf.exe
2856	VyCQosj.exe
2900	XxWLEyS.exe
2748	YJXmSiW.exe
2932	iPBtRme.exe
2908	HhOKTEN.exe
2912	MkNYIbl.exe
2788	EIWuaDb.exe
2372	SmOexQq.exe
2664	vuYjePc.exe
1968	hceEEdd.exe
2492	IaVaVsA.exe
1648	VPrWmRS.exe
1556	XmoSkgB.exe
2824	KnueneR.exe
2976	taZAFAj.exe
1588	hLmlnTo.exe
2828	FUfqlDn.exe
2820	GovHZji.exe
328	cZPCIUz.exe
1164	lGgkoSc.exe
2308	ngwErhy.exe
2288	foscpDp.exe
1856	DpJRXUF.exe
2448	LgYQAaX.exe
2116	IpSxxHl.exe
2604	rQbCBSc.exe
992	TFlDSLE.exe
816	EwgtcqV.exe
620	AhzYRWH.exe
1268	eoOWXvQ.exe
1028	rjHRNlf.exe
3056	BetJKfm.exe
2360	XCFGvLO.exe
1916	LJoTaVr.exe
3028	sKerjgW.exe
1440	GLYcsdW.exe
1752	kPnwLGW.exe
1528	PxjhAFS.exe
1960	ugwTnpN.exe
2772	tEJcblD.exe
2784	AOaMMDl.exe
2676	XHVVAVH.exe
2624	lsbybGR.exe
2672	yzuZoHv.exe
2408	wYZzdpR.exe
1640	uFOsmVZ.exe
1104	GUalblQ.exe
1516	pKZBkef.exe
2952	KTEaeeO.exe
3000	rWejngE.exe
1956	nvoKGWo.exe
2328	eSfJIVi.exe
920	ZOCXsIi.exe
2216	DrZpibZ.exe
1596	MrCyRmZ.exe
1628	IxnojRY.exe
1472	gvkMGoi.exe
2840	OUJVkFj.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2532-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x000b000000012029-3.dat	upx
behavioral1/files/0x00070000000192f0-13.dat	upx
behavioral1/files/0x0008000000019273-8.dat	upx
behavioral1/files/0x000600000001932a-20.dat	upx
behavioral1/files/0x000600000001933e-25.dat	upx
behavioral1/files/0x0006000000019346-27.dat	upx
behavioral1/files/0x0006000000019384-35.dat	upx
behavioral1/files/0x00070000000194f6-39.dat	upx
behavioral1/files/0x000500000001a41b-49.dat	upx
behavioral1/files/0x000500000001a41c-55.dat	upx
behavioral1/files/0x000500000001a41e-64.dat	upx
behavioral1/files/0x000500000001a477-75.dat	upx
behavioral1/files/0x000500000001a48a-90.dat	upx
behavioral1/memory/2584-163-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2932-220-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2256-197-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2564-176-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x000500000001a4bf-160.dat	upx
behavioral1/files/0x0008000000019234-154.dat	upx
behavioral1/files/0x000500000001a4b9-148.dat	upx
behavioral1/memory/1728-261-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2468-256-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2372-246-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2788-244-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2912-238-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2908-228-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2748-212-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2900-203-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2856-201-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2220-186-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000500000001a4c1-164.dat	upx
behavioral1/files/0x000500000001a4bd-157.dat	upx
behavioral1/files/0x000500000001a4bb-151.dat	upx
behavioral1/files/0x000500000001a4b7-146.dat	upx
behavioral1/files/0x000500000001a4b5-138.dat	upx
behavioral1/files/0x000500000001a4b1-131.dat	upx
behavioral1/files/0x000500000001a4b3-134.dat	upx
behavioral1/files/0x000500000001a4af-125.dat	upx
behavioral1/files/0x000500000001a4ac-121.dat	upx
behavioral1/files/0x000500000001a4a8-111.dat	upx
behavioral1/files/0x000500000001a4aa-114.dat	upx
behavioral1/files/0x000500000001a4a0-101.dat	upx
behavioral1/files/0x000500000001a4a2-105.dat	upx
behavioral1/files/0x000500000001a497-95.dat	upx
behavioral1/files/0x000500000001a486-85.dat	upx
behavioral1/files/0x000500000001a478-80.dat	upx
behavioral1/files/0x000500000001a455-70.dat	upx
behavioral1/files/0x000500000001a41d-60.dat	upx
behavioral1/files/0x000500000001a41a-45.dat	upx
behavioral1/memory/2532-1784-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2788-3824-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2908-3839-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2748-3823-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2468-3848-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2856-3856-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2220-3858-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/1728-3857-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2256-3859-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2900-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2912-3863-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2932-3864-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2372-3867-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2584-3871-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zRpcGAX.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXuZHzH.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUkrvYm.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXvrqft.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSKeifR.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELjbmvS.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwUXFFd.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFomjUj.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcUTNPu.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YITDNkB.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPaDndS.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUBeXsC.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtTxZhE.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgZUZEu.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNDDPBp.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUxxinM.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VoWibxa.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfVtVho.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEecAlG.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYTDlDt.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCgUHLH.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORwfvAS.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmpsyzG.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFztcBK.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KayqMFw.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRFAlSv.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqzMxZS.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzVTbbC.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYquhyh.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDawacu.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpxVUUb.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzlaQze.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYxNADG.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdQRzpY.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcaSxWi.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHdvCcf.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKKUvuA.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFyuSEW.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYseasU.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUJVkFj.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmadYMs.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaYtTbB.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhtLRmm.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBKvPBN.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emElHOH.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTLAbGy.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcpBDIN.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcySgrF.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhEdqfa.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLoheWx.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryFePvI.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWNJPDx.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gotdhqe.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geESmzG.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdSGbis.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgETnpc.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRZZinl.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPqXQWO.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GikpdMD.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYQorEI.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XREYNxT.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpUBnCg.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AanYTzS.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNWBdXJ.exe	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2468	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2468	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2468	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2584	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2584	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2584	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 1728	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 1728	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 1728	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2564	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2564	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2564	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2220	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2220	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2220	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2256	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2256	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2256	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2856	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2856	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2856	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2900	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2900	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2900	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2748	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2748	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2748	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2932	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2932	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2932	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2908	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2908	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2908	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2912	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2912	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2912	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2788	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2788	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2788	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2372	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2372	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2372	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2664	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2664	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 2664	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 1968	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 1968	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 1968	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 2492	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2492	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2492	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 1648	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 1648	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 1648	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 1556	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 1556	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 1556	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2824	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2824	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2824	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2976	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 2976	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 2976	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2532 wrote to memory of 1588	2532	2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-15_1093fa6f99a3e813cc8d76cca6c5ece3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System\FxyvMzV.exe
  C:\Windows\System\FxyvMzV.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\OSebszz.exe
  C:\Windows\System\OSebszz.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ZdGJNpL.exe
  C:\Windows\System\ZdGJNpL.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\GYwbHNl.exe
  C:\Windows\System\GYwbHNl.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\yEchntW.exe
  C:\Windows\System\yEchntW.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\OrMJGyf.exe
  C:\Windows\System\OrMJGyf.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\VyCQosj.exe
  C:\Windows\System\VyCQosj.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\XxWLEyS.exe
  C:\Windows\System\XxWLEyS.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\YJXmSiW.exe
  C:\Windows\System\YJXmSiW.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\iPBtRme.exe
  C:\Windows\System\iPBtRme.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\HhOKTEN.exe
  C:\Windows\System\HhOKTEN.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MkNYIbl.exe
  C:\Windows\System\MkNYIbl.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\EIWuaDb.exe
  C:\Windows\System\EIWuaDb.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\SmOexQq.exe
  C:\Windows\System\SmOexQq.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\vuYjePc.exe
  C:\Windows\System\vuYjePc.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\hceEEdd.exe
  C:\Windows\System\hceEEdd.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\IaVaVsA.exe
  C:\Windows\System\IaVaVsA.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\VPrWmRS.exe
  C:\Windows\System\VPrWmRS.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\XmoSkgB.exe
  C:\Windows\System\XmoSkgB.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\KnueneR.exe
  C:\Windows\System\KnueneR.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\taZAFAj.exe
  C:\Windows\System\taZAFAj.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\hLmlnTo.exe
  C:\Windows\System\hLmlnTo.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\FUfqlDn.exe
  C:\Windows\System\FUfqlDn.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\GovHZji.exe
  C:\Windows\System\GovHZji.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\cZPCIUz.exe
  C:\Windows\System\cZPCIUz.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\lGgkoSc.exe
  C:\Windows\System\lGgkoSc.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\ngwErhy.exe
  C:\Windows\System\ngwErhy.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\foscpDp.exe
  C:\Windows\System\foscpDp.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\DpJRXUF.exe
  C:\Windows\System\DpJRXUF.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\wYZzdpR.exe
  C:\Windows\System\wYZzdpR.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\LgYQAaX.exe
  C:\Windows\System\LgYQAaX.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\uFOsmVZ.exe
  C:\Windows\System\uFOsmVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\IpSxxHl.exe
  C:\Windows\System\IpSxxHl.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\GUalblQ.exe
  C:\Windows\System\GUalblQ.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\rQbCBSc.exe
  C:\Windows\System\rQbCBSc.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\pKZBkef.exe
  C:\Windows\System\pKZBkef.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\TFlDSLE.exe
  C:\Windows\System\TFlDSLE.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\DrZpibZ.exe
  C:\Windows\System\DrZpibZ.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\EwgtcqV.exe
  C:\Windows\System\EwgtcqV.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\MrCyRmZ.exe
  C:\Windows\System\MrCyRmZ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\AhzYRWH.exe
  C:\Windows\System\AhzYRWH.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\IxnojRY.exe
  C:\Windows\System\IxnojRY.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\eoOWXvQ.exe
  C:\Windows\System\eoOWXvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\gvkMGoi.exe
  C:\Windows\System\gvkMGoi.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\rjHRNlf.exe
  C:\Windows\System\rjHRNlf.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\OUJVkFj.exe
  C:\Windows\System\OUJVkFj.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\BetJKfm.exe
  C:\Windows\System\BetJKfm.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\AfZDpsk.exe
  C:\Windows\System\AfZDpsk.exe
  2⤵
  PID:3060
- C:\Windows\System\XCFGvLO.exe
  C:\Windows\System\XCFGvLO.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\NEWvhhX.exe
  C:\Windows\System\NEWvhhX.exe
  2⤵
  PID:2508
- C:\Windows\System\LJoTaVr.exe
  C:\Windows\System\LJoTaVr.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\mSTTJAm.exe
  C:\Windows\System\mSTTJAm.exe
  2⤵
  PID:2384
- C:\Windows\System\sKerjgW.exe
  C:\Windows\System\sKerjgW.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\hGvzPcA.exe
  C:\Windows\System\hGvzPcA.exe
  2⤵
  PID:1864
- C:\Windows\System\GLYcsdW.exe
  C:\Windows\System\GLYcsdW.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\nBxUbzF.exe
  C:\Windows\System\nBxUbzF.exe
  2⤵
  PID:1932
- C:\Windows\System\kPnwLGW.exe
  C:\Windows\System\kPnwLGW.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\zOwgDKK.exe
  C:\Windows\System\zOwgDKK.exe
  2⤵
  PID:1532
- C:\Windows\System\PxjhAFS.exe
  C:\Windows\System\PxjhAFS.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\caPUsqg.exe
  C:\Windows\System\caPUsqg.exe
  2⤵
  PID:1688
- C:\Windows\System\ugwTnpN.exe
  C:\Windows\System\ugwTnpN.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\CMOwLyG.exe
  C:\Windows\System\CMOwLyG.exe
  2⤵
  PID:2316
- C:\Windows\System\tEJcblD.exe
  C:\Windows\System\tEJcblD.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\mPBVFah.exe
  C:\Windows\System\mPBVFah.exe
  2⤵
  PID:2780
- C:\Windows\System\AOaMMDl.exe
  C:\Windows\System\AOaMMDl.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\jpsVjRq.exe
  C:\Windows\System\jpsVjRq.exe
  2⤵
  PID:2644
- C:\Windows\System\XHVVAVH.exe
  C:\Windows\System\XHVVAVH.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\dSKeifR.exe
  C:\Windows\System\dSKeifR.exe
  2⤵
  PID:2696
- C:\Windows\System\lsbybGR.exe
  C:\Windows\System\lsbybGR.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\hPHZbAA.exe
  C:\Windows\System\hPHZbAA.exe
  2⤵
  PID:1764
- C:\Windows\System\yzuZoHv.exe
  C:\Windows\System\yzuZoHv.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\gSIOmDv.exe
  C:\Windows\System\gSIOmDv.exe
  2⤵
  PID:1432
- C:\Windows\System\KTEaeeO.exe
  C:\Windows\System\KTEaeeO.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\PzuZMnX.exe
  C:\Windows\System\PzuZMnX.exe
  2⤵
  PID:596
- C:\Windows\System\rWejngE.exe
  C:\Windows\System\rWejngE.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\cbzTBoq.exe
  C:\Windows\System\cbzTBoq.exe
  2⤵
  PID:2680
- C:\Windows\System\nvoKGWo.exe
  C:\Windows\System\nvoKGWo.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\blJtWia.exe
  C:\Windows\System\blJtWia.exe
  2⤵
  PID:2152
- C:\Windows\System\eSfJIVi.exe
  C:\Windows\System\eSfJIVi.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\xXeVNrA.exe
  C:\Windows\System\xXeVNrA.exe
  2⤵
  PID:1712
- C:\Windows\System\ZOCXsIi.exe
  C:\Windows\System\ZOCXsIi.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\sEvDcuP.exe
  C:\Windows\System\sEvDcuP.exe
  2⤵
  PID:2212
- C:\Windows\System\iGDHEyd.exe
  C:\Windows\System\iGDHEyd.exe
  2⤵
  PID:1868
- C:\Windows\System\ZdnIOLN.exe
  C:\Windows\System\ZdnIOLN.exe
  2⤵
  PID:1524
- C:\Windows\System\mSYazYf.exe
  C:\Windows\System\mSYazYf.exe
  2⤵
  PID:2348
- C:\Windows\System\ZkOqDbz.exe
  C:\Windows\System\ZkOqDbz.exe
  2⤵
  PID:756
- C:\Windows\System\JgZUZEu.exe
  C:\Windows\System\JgZUZEu.exe
  2⤵
  PID:2396
- C:\Windows\System\yufcOIu.exe
  C:\Windows\System\yufcOIu.exe
  2⤵
  PID:2632
- C:\Windows\System\JWmQvmR.exe
  C:\Windows\System\JWmQvmR.exe
  2⤵
  PID:1412
- C:\Windows\System\iYQorEI.exe
  C:\Windows\System\iYQorEI.exe
  2⤵
  PID:2100
- C:\Windows\System\yeXhLpw.exe
  C:\Windows\System\yeXhLpw.exe
  2⤵
  PID:3076
- C:\Windows\System\emUISmd.exe
  C:\Windows\System\emUISmd.exe
  2⤵
  PID:3092
- C:\Windows\System\FZVlrCY.exe
  C:\Windows\System\FZVlrCY.exe
  2⤵
  PID:3108
- C:\Windows\System\oLCTpdU.exe
  C:\Windows\System\oLCTpdU.exe
  2⤵
  PID:3124
- C:\Windows\System\QmBDQsU.exe
  C:\Windows\System\QmBDQsU.exe
  2⤵
  PID:3140
- C:\Windows\System\vgQbFRl.exe
  C:\Windows\System\vgQbFRl.exe
  2⤵
  PID:3156
- C:\Windows\System\kdjFYuS.exe
  C:\Windows\System\kdjFYuS.exe
  2⤵
  PID:3172
- C:\Windows\System\mPhvWUB.exe
  C:\Windows\System\mPhvWUB.exe
  2⤵
  PID:3188
- C:\Windows\System\RpAiYza.exe
  C:\Windows\System\RpAiYza.exe
  2⤵
  PID:3204
- C:\Windows\System\OPoDSHo.exe
  C:\Windows\System\OPoDSHo.exe
  2⤵
  PID:3220
- C:\Windows\System\bSLeQLD.exe
  C:\Windows\System\bSLeQLD.exe
  2⤵
  PID:3236
- C:\Windows\System\fBkYyVU.exe
  C:\Windows\System\fBkYyVU.exe
  2⤵
  PID:3252
- C:\Windows\System\VuGflbZ.exe
  C:\Windows\System\VuGflbZ.exe
  2⤵
  PID:3272
- C:\Windows\System\UcpBDIN.exe
  C:\Windows\System\UcpBDIN.exe
  2⤵
  PID:3296
- C:\Windows\System\iDDVajS.exe
  C:\Windows\System\iDDVajS.exe
  2⤵
  PID:3312
- C:\Windows\System\uCYNIVV.exe
  C:\Windows\System\uCYNIVV.exe
  2⤵
  PID:3332
- C:\Windows\System\PiWpRFI.exe
  C:\Windows\System\PiWpRFI.exe
  2⤵
  PID:3348
- C:\Windows\System\QKcwcvP.exe
  C:\Windows\System\QKcwcvP.exe
  2⤵
  PID:3364
- C:\Windows\System\havSxNm.exe
  C:\Windows\System\havSxNm.exe
  2⤵
  PID:3380
- C:\Windows\System\PAqRuIf.exe
  C:\Windows\System\PAqRuIf.exe
  2⤵
  PID:3396
- C:\Windows\System\ORwfvAS.exe
  C:\Windows\System\ORwfvAS.exe
  2⤵
  PID:3412
- C:\Windows\System\BDJSBFz.exe
  C:\Windows\System\BDJSBFz.exe
  2⤵
  PID:3428
- C:\Windows\System\tcmewLh.exe
  C:\Windows\System\tcmewLh.exe
  2⤵
  PID:3444
- C:\Windows\System\jVekLHv.exe
  C:\Windows\System\jVekLHv.exe
  2⤵
  PID:3460
- C:\Windows\System\ZAYQhkB.exe
  C:\Windows\System\ZAYQhkB.exe
  2⤵
  PID:3476
- C:\Windows\System\evGMXAs.exe
  C:\Windows\System\evGMXAs.exe
  2⤵
  PID:3492
- C:\Windows\System\VDkYOji.exe
  C:\Windows\System\VDkYOji.exe
  2⤵
  PID:3508
- C:\Windows\System\MujCqDp.exe
  C:\Windows\System\MujCqDp.exe
  2⤵
  PID:3524
- C:\Windows\System\WUAYUUd.exe
  C:\Windows\System\WUAYUUd.exe
  2⤵
  PID:3540
- C:\Windows\System\RSJesEc.exe
  C:\Windows\System\RSJesEc.exe
  2⤵
  PID:3556
- C:\Windows\System\VRZHktc.exe
  C:\Windows\System\VRZHktc.exe
  2⤵
  PID:3572
- C:\Windows\System\JBslkTq.exe
  C:\Windows\System\JBslkTq.exe
  2⤵
  PID:3588
- C:\Windows\System\rpFIucU.exe
  C:\Windows\System\rpFIucU.exe
  2⤵
  PID:3604
- C:\Windows\System\jAFppfw.exe
  C:\Windows\System\jAFppfw.exe
  2⤵
  PID:3620
- C:\Windows\System\vHdvCcf.exe
  C:\Windows\System\vHdvCcf.exe
  2⤵
  PID:3636
- C:\Windows\System\KPBxAXF.exe
  C:\Windows\System\KPBxAXF.exe
  2⤵
  PID:3652
- C:\Windows\System\HJluLnx.exe
  C:\Windows\System\HJluLnx.exe
  2⤵
  PID:3668
- C:\Windows\System\djGHnxC.exe
  C:\Windows\System\djGHnxC.exe
  2⤵
  PID:3684
- C:\Windows\System\eELemCM.exe
  C:\Windows\System\eELemCM.exe
  2⤵
  PID:3700
- C:\Windows\System\aFormpm.exe
  C:\Windows\System\aFormpm.exe
  2⤵
  PID:3716
- C:\Windows\System\LzXFuvL.exe
  C:\Windows\System\LzXFuvL.exe
  2⤵
  PID:3732
- C:\Windows\System\AxWIvfI.exe
  C:\Windows\System\AxWIvfI.exe
  2⤵
  PID:3748
- C:\Windows\System\NrUruxw.exe
  C:\Windows\System\NrUruxw.exe
  2⤵
  PID:3764
- C:\Windows\System\XQKfvmZ.exe
  C:\Windows\System\XQKfvmZ.exe
  2⤵
  PID:3780
- C:\Windows\System\PZKQeZX.exe
  C:\Windows\System\PZKQeZX.exe
  2⤵
  PID:3796
- C:\Windows\System\inEYkFK.exe
  C:\Windows\System\inEYkFK.exe
  2⤵
  PID:3812
- C:\Windows\System\cmadYMs.exe
  C:\Windows\System\cmadYMs.exe
  2⤵
  PID:3828
- C:\Windows\System\OKKUvuA.exe
  C:\Windows\System\OKKUvuA.exe
  2⤵
  PID:3844
- C:\Windows\System\YOpjHkr.exe
  C:\Windows\System\YOpjHkr.exe
  2⤵
  PID:3860
- C:\Windows\System\YCpwrgT.exe
  C:\Windows\System\YCpwrgT.exe
  2⤵
  PID:3876
- C:\Windows\System\AEuDCuO.exe
  C:\Windows\System\AEuDCuO.exe
  2⤵
  PID:3892
- C:\Windows\System\oqMSovV.exe
  C:\Windows\System\oqMSovV.exe
  2⤵
  PID:3908
- C:\Windows\System\YLrOQxk.exe
  C:\Windows\System\YLrOQxk.exe
  2⤵
  PID:3924
- C:\Windows\System\PdSGbis.exe
  C:\Windows\System\PdSGbis.exe
  2⤵
  PID:3940
- C:\Windows\System\huMbUvC.exe
  C:\Windows\System\huMbUvC.exe
  2⤵
  PID:4000
- C:\Windows\System\ejtNOdd.exe
  C:\Windows\System\ejtNOdd.exe
  2⤵
  PID:4016
- C:\Windows\System\XJsJDWB.exe
  C:\Windows\System\XJsJDWB.exe
  2⤵
  PID:4032
- C:\Windows\System\DJiIEmc.exe
  C:\Windows\System\DJiIEmc.exe
  2⤵
  PID:4048
- C:\Windows\System\fhWuQwf.exe
  C:\Windows\System\fhWuQwf.exe
  2⤵
  PID:4064
- C:\Windows\System\NgqosBd.exe
  C:\Windows\System\NgqosBd.exe
  2⤵
  PID:4080
- C:\Windows\System\hGsoSch.exe
  C:\Windows\System\hGsoSch.exe
  2⤵
  PID:2572
- C:\Windows\System\OfpyDGq.exe
  C:\Windows\System\OfpyDGq.exe
  2⤵
  PID:3068
- C:\Windows\System\qsKAtOu.exe
  C:\Windows\System\qsKAtOu.exe
  2⤵
  PID:2728
- C:\Windows\System\IhbfKDB.exe
  C:\Windows\System\IhbfKDB.exe
  2⤵
  PID:2944
- C:\Windows\System\bAIWTqT.exe
  C:\Windows\System\bAIWTqT.exe
  2⤵
  PID:3120
- C:\Windows\System\dpYLjgw.exe
  C:\Windows\System\dpYLjgw.exe
  2⤵
  PID:3184
- C:\Windows\System\IPIliWE.exe
  C:\Windows\System\IPIliWE.exe
  2⤵
  PID:3280
- C:\Windows\System\orjizPZ.exe
  C:\Windows\System\orjizPZ.exe
  2⤵
  PID:3292
- C:\Windows\System\QxSBzVO.exe
  C:\Windows\System\QxSBzVO.exe
  2⤵
  PID:3356
- C:\Windows\System\KWATFLK.exe
  C:\Windows\System\KWATFLK.exe
  2⤵
  PID:3420
- C:\Windows\System\IBvvlZa.exe
  C:\Windows\System\IBvvlZa.exe
  2⤵
  PID:3484
- C:\Windows\System\UqjZgUP.exe
  C:\Windows\System\UqjZgUP.exe
  2⤵
  PID:3548
- C:\Windows\System\UJeiCul.exe
  C:\Windows\System\UJeiCul.exe
  2⤵
  PID:3612
- C:\Windows\System\SRQsOoh.exe
  C:\Windows\System\SRQsOoh.exe
  2⤵
  PID:3676
- C:\Windows\System\kvkpdou.exe
  C:\Windows\System\kvkpdou.exe
  2⤵
  PID:3740
- C:\Windows\System\jkgJUee.exe
  C:\Windows\System\jkgJUee.exe
  2⤵
  PID:3804
- C:\Windows\System\RAhjYLw.exe
  C:\Windows\System\RAhjYLw.exe
  2⤵
  PID:2236
- C:\Windows\System\lMqkNrq.exe
  C:\Windows\System\lMqkNrq.exe
  2⤵
  PID:1296
- C:\Windows\System\YDrhlDc.exe
  C:\Windows\System\YDrhlDc.exe
  2⤵
  PID:3840
- C:\Windows\System\lTbzlmy.exe
  C:\Windows\System\lTbzlmy.exe
  2⤵
  PID:3904
- C:\Windows\System\lgETnpc.exe
  C:\Windows\System\lgETnpc.exe
  2⤵
  PID:1680
- C:\Windows\System\cXxyTZm.exe
  C:\Windows\System\cXxyTZm.exe
  2⤵
  PID:1488
- C:\Windows\System\dvhHlCX.exe
  C:\Windows\System\dvhHlCX.exe
  2⤵
  PID:800
- C:\Windows\System\gWgfdPZ.exe
  C:\Windows\System\gWgfdPZ.exe
  2⤵
  PID:884
- C:\Windows\System\qMJbags.exe
  C:\Windows\System\qMJbags.exe
  2⤵
  PID:1652
- C:\Windows\System\vTIdYvj.exe
  C:\Windows\System\vTIdYvj.exe
  2⤵
  PID:2764
- C:\Windows\System\LXMxPSH.exe
  C:\Windows\System\LXMxPSH.exe
  2⤵
  PID:2792
- C:\Windows\System\ngeVIyn.exe
  C:\Windows\System\ngeVIyn.exe
  2⤵
  PID:2092
- C:\Windows\System\QfvVEos.exe
  C:\Windows\System\QfvVEos.exe
  2⤵
  PID:3008
- C:\Windows\System\naUHvvU.exe
  C:\Windows\System\naUHvvU.exe
  2⤵
  PID:1984
- C:\Windows\System\AYFORaL.exe
  C:\Windows\System\AYFORaL.exe
  2⤵
  PID:848
- C:\Windows\System\eIPwSNM.exe
  C:\Windows\System\eIPwSNM.exe
  2⤵
  PID:3264
- C:\Windows\System\tepxbKu.exe
  C:\Windows\System\tepxbKu.exe
  2⤵
  PID:3628
- C:\Windows\System\JfFIguS.exe
  C:\Windows\System\JfFIguS.exe
  2⤵
  PID:3692
- C:\Windows\System\CHDUOvs.exe
  C:\Windows\System\CHDUOvs.exe
  2⤵
  PID:3756
- C:\Windows\System\IcePxAv.exe
  C:\Windows\System\IcePxAv.exe
  2⤵
  PID:3820
- C:\Windows\System\lglbfAr.exe
  C:\Windows\System\lglbfAr.exe
  2⤵
  PID:3884
- C:\Windows\System\twAFUGq.exe
  C:\Windows\System\twAFUGq.exe
  2⤵
  PID:3948
- C:\Windows\System\VFCjBEN.exe
  C:\Windows\System\VFCjBEN.exe
  2⤵
  PID:1364
- C:\Windows\System\ZIJdWre.exe
  C:\Windows\System\ZIJdWre.exe
  2⤵
  PID:3564
- C:\Windows\System\CivbEzB.exe
  C:\Windows\System\CivbEzB.exe
  2⤵
  PID:3472
- C:\Windows\System\FbpAwZf.exe
  C:\Windows\System\FbpAwZf.exe
  2⤵
  PID:3408
- C:\Windows\System\kPoDOrN.exe
  C:\Windows\System\kPoDOrN.exe
  2⤵
  PID:3344
- C:\Windows\System\zbLJcFu.exe
  C:\Windows\System\zbLJcFu.exe
  2⤵
  PID:3268
- C:\Windows\System\tGbFHLU.exe
  C:\Windows\System\tGbFHLU.exe
  2⤵
  PID:3200
- C:\Windows\System\mCiECXy.exe
  C:\Windows\System\mCiECXy.exe
  2⤵
  PID:3136
- C:\Windows\System\HyHlBoE.exe
  C:\Windows\System\HyHlBoE.exe
  2⤵
  PID:2400
- C:\Windows\System\JSBfLLc.exe
  C:\Windows\System\JSBfLLc.exe
  2⤵
  PID:3996
- C:\Windows\System\gknRijt.exe
  C:\Windows\System\gknRijt.exe
  2⤵
  PID:4028
- C:\Windows\System\mSjbhBJ.exe
  C:\Windows\System\mSjbhBJ.exe
  2⤵
  PID:4072
- C:\Windows\System\KWFyEKJ.exe
  C:\Windows\System\KWFyEKJ.exe
  2⤵
  PID:2896
- C:\Windows\System\zVZYaKS.exe
  C:\Windows\System\zVZYaKS.exe
  2⤵
  PID:4088
- C:\Windows\System\rpmtDDw.exe
  C:\Windows\System\rpmtDDw.exe
  2⤵
  PID:3088
- C:\Windows\System\sbMbfgN.exe
  C:\Windows\System\sbMbfgN.exe
  2⤵
  PID:3288
- C:\Windows\System\jtlMygk.exe
  C:\Windows\System\jtlMygk.exe
  2⤵
  PID:3516
- C:\Windows\System\lIQtwLf.exe
  C:\Windows\System\lIQtwLf.exe
  2⤵
  PID:3772
- C:\Windows\System\ThMhypv.exe
  C:\Windows\System\ThMhypv.exe
  2⤵
  PID:3776
- C:\Windows\System\KaAUAjM.exe
  C:\Windows\System\KaAUAjM.exe
  2⤵
  PID:3584
- C:\Windows\System\FbScKqV.exe
  C:\Windows\System\FbScKqV.exe
  2⤵
  PID:2480
- C:\Windows\System\wyVSPsH.exe
  C:\Windows\System\wyVSPsH.exe
  2⤵
  PID:3836
- C:\Windows\System\dLMKRmy.exe
  C:\Windows\System\dLMKRmy.exe
  2⤵
  PID:744
- C:\Windows\System\VqVWzZG.exe
  C:\Windows\System\VqVWzZG.exe
  2⤵
  PID:1436
- C:\Windows\System\rvmxpuI.exe
  C:\Windows\System\rvmxpuI.exe
  2⤵
  PID:2104
- C:\Windows\System\tIjRcPe.exe
  C:\Windows\System\tIjRcPe.exe
  2⤵
  PID:2812
- C:\Windows\System\YITDNkB.exe
  C:\Windows\System\YITDNkB.exe
  2⤵
  PID:1948
- C:\Windows\System\VztILko.exe
  C:\Windows\System\VztILko.exe
  2⤵
  PID:3932
- C:\Windows\System\qjPjECN.exe
  C:\Windows\System\qjPjECN.exe
  2⤵
  PID:3664
- C:\Windows\System\EhErpXC.exe
  C:\Windows\System\EhErpXC.exe
  2⤵
  PID:3728
- C:\Windows\System\VREzyZi.exe
  C:\Windows\System\VREzyZi.exe
  2⤵
  PID:3916
- C:\Windows\System\QFtIrJy.exe
  C:\Windows\System\QFtIrJy.exe
  2⤵
  PID:2004
- C:\Windows\System\dFShYnp.exe
  C:\Windows\System\dFShYnp.exe
  2⤵
  PID:3440
- C:\Windows\System\HseSupB.exe
  C:\Windows\System\HseSupB.exe
  2⤵
  PID:3308
- C:\Windows\System\QlIMfes.exe
  C:\Windows\System\QlIMfes.exe
  2⤵
  PID:3232
- C:\Windows\System\fWSyIps.exe
  C:\Windows\System\fWSyIps.exe
  2⤵
  PID:3100
- C:\Windows\System\APFjvml.exe
  C:\Windows\System\APFjvml.exe
  2⤵
  PID:4044
- C:\Windows\System\zvDUWVu.exe
  C:\Windows\System\zvDUWVu.exe
  2⤵
  PID:936
- C:\Windows\System\YIUOHWE.exe
  C:\Windows\System\YIUOHWE.exe
  2⤵
  PID:2176
- C:\Windows\System\zUwPvrI.exe
  C:\Windows\System\zUwPvrI.exe
  2⤵
  PID:3216
- C:\Windows\System\fbjZKyT.exe
  C:\Windows\System\fbjZKyT.exe
  2⤵
  PID:3324
- C:\Windows\System\vFwFkTm.exe
  C:\Windows\System\vFwFkTm.exe
  2⤵
  PID:4112
- C:\Windows\System\moBpESW.exe
  C:\Windows\System\moBpESW.exe
  2⤵
  PID:4128
- C:\Windows\System\gfLKKnj.exe
  C:\Windows\System\gfLKKnj.exe
  2⤵
  PID:4144
- C:\Windows\System\JrEjRiI.exe
  C:\Windows\System\JrEjRiI.exe
  2⤵
  PID:4160
- C:\Windows\System\KbJoBxR.exe
  C:\Windows\System\KbJoBxR.exe
  2⤵
  PID:4176
- C:\Windows\System\VRgHgJY.exe
  C:\Windows\System\VRgHgJY.exe
  2⤵
  PID:4192
- C:\Windows\System\PUiCUKw.exe
  C:\Windows\System\PUiCUKw.exe
  2⤵
  PID:4212
- C:\Windows\System\qTyYlgv.exe
  C:\Windows\System\qTyYlgv.exe
  2⤵
  PID:4228
- C:\Windows\System\gAGrtgi.exe
  C:\Windows\System\gAGrtgi.exe
  2⤵
  PID:4244
- C:\Windows\System\qRZZinl.exe
  C:\Windows\System\qRZZinl.exe
  2⤵
  PID:4260
- C:\Windows\System\oKlxzuc.exe
  C:\Windows\System\oKlxzuc.exe
  2⤵
  PID:4276
- C:\Windows\System\lDzVUcD.exe
  C:\Windows\System\lDzVUcD.exe
  2⤵
  PID:4292
- C:\Windows\System\NyUjhfr.exe
  C:\Windows\System\NyUjhfr.exe
  2⤵
  PID:4308
- C:\Windows\System\lFEzHJA.exe
  C:\Windows\System\lFEzHJA.exe
  2⤵
  PID:4324
- C:\Windows\System\XREYNxT.exe
  C:\Windows\System\XREYNxT.exe
  2⤵
  PID:4340
- C:\Windows\System\MHtzEmQ.exe
  C:\Windows\System\MHtzEmQ.exe
  2⤵
  PID:4356
- C:\Windows\System\vHgYVWK.exe
  C:\Windows\System\vHgYVWK.exe
  2⤵
  PID:4372
- C:\Windows\System\MJztHSC.exe
  C:\Windows\System\MJztHSC.exe
  2⤵
  PID:4388
- C:\Windows\System\yPKtkhW.exe
  C:\Windows\System\yPKtkhW.exe
  2⤵
  PID:4404
- C:\Windows\System\iXasKwf.exe
  C:\Windows\System\iXasKwf.exe
  2⤵
  PID:4420
- C:\Windows\System\UOyMZzZ.exe
  C:\Windows\System\UOyMZzZ.exe
  2⤵
  PID:4436
- C:\Windows\System\ErsWExz.exe
  C:\Windows\System\ErsWExz.exe
  2⤵
  PID:4452
- C:\Windows\System\QgrvMtj.exe
  C:\Windows\System\QgrvMtj.exe
  2⤵
  PID:4468
- C:\Windows\System\hicrTRY.exe
  C:\Windows\System\hicrTRY.exe
  2⤵
  PID:4484
- C:\Windows\System\NVZvmKB.exe
  C:\Windows\System\NVZvmKB.exe
  2⤵
  PID:4500
- C:\Windows\System\IZFJjvg.exe
  C:\Windows\System\IZFJjvg.exe
  2⤵
  PID:4516
- C:\Windows\System\KpnWQCd.exe
  C:\Windows\System\KpnWQCd.exe
  2⤵
  PID:4532
- C:\Windows\System\dUSKvAd.exe
  C:\Windows\System\dUSKvAd.exe
  2⤵
  PID:4548
- C:\Windows\System\VgNYmvD.exe
  C:\Windows\System\VgNYmvD.exe
  2⤵
  PID:4564
- C:\Windows\System\kpZOZnu.exe
  C:\Windows\System\kpZOZnu.exe
  2⤵
  PID:4580
- C:\Windows\System\gcmxKej.exe
  C:\Windows\System\gcmxKej.exe
  2⤵
  PID:4596
- C:\Windows\System\TruOoRt.exe
  C:\Windows\System\TruOoRt.exe
  2⤵
  PID:4612
- C:\Windows\System\OZmRujR.exe
  C:\Windows\System\OZmRujR.exe
  2⤵
  PID:4628
- C:\Windows\System\UsdkPPm.exe
  C:\Windows\System\UsdkPPm.exe
  2⤵
  PID:4644
- C:\Windows\System\oRZimRE.exe
  C:\Windows\System\oRZimRE.exe
  2⤵
  PID:4660
- C:\Windows\System\PfItNjU.exe
  C:\Windows\System\PfItNjU.exe
  2⤵
  PID:4676
- C:\Windows\System\dqqAUzt.exe
  C:\Windows\System\dqqAUzt.exe
  2⤵
  PID:4692
- C:\Windows\System\EHyOyOl.exe
  C:\Windows\System\EHyOyOl.exe
  2⤵
  PID:4708
- C:\Windows\System\bhHQBfP.exe
  C:\Windows\System\bhHQBfP.exe
  2⤵
  PID:4728
- C:\Windows\System\LZMJRaj.exe
  C:\Windows\System\LZMJRaj.exe
  2⤵
  PID:4744
- C:\Windows\System\xLNaBKD.exe
  C:\Windows\System\xLNaBKD.exe
  2⤵
  PID:4760
- C:\Windows\System\ccNatPy.exe
  C:\Windows\System\ccNatPy.exe
  2⤵
  PID:4776
- C:\Windows\System\vicxgcd.exe
  C:\Windows\System\vicxgcd.exe
  2⤵
  PID:4792
- C:\Windows\System\ASVoKQf.exe
  C:\Windows\System\ASVoKQf.exe
  2⤵
  PID:4808
- C:\Windows\System\VkpUwhC.exe
  C:\Windows\System\VkpUwhC.exe
  2⤵
  PID:4824
- C:\Windows\System\MgyXkEo.exe
  C:\Windows\System\MgyXkEo.exe
  2⤵
  PID:4840
- C:\Windows\System\DsZLLvC.exe
  C:\Windows\System\DsZLLvC.exe
  2⤵
  PID:4856
- C:\Windows\System\sgJkmdm.exe
  C:\Windows\System\sgJkmdm.exe
  2⤵
  PID:4872
- C:\Windows\System\NtcQpLJ.exe
  C:\Windows\System\NtcQpLJ.exe
  2⤵
  PID:4888
- C:\Windows\System\bEjjGux.exe
  C:\Windows\System\bEjjGux.exe
  2⤵
  PID:4904
- C:\Windows\System\FvABPcN.exe
  C:\Windows\System\FvABPcN.exe
  2⤵
  PID:4920
- C:\Windows\System\WrEwUVM.exe
  C:\Windows\System\WrEwUVM.exe
  2⤵
  PID:4936
- C:\Windows\System\RBcLzEY.exe
  C:\Windows\System\RBcLzEY.exe
  2⤵
  PID:4952
- C:\Windows\System\OliIpUK.exe
  C:\Windows\System\OliIpUK.exe
  2⤵
  PID:4968
- C:\Windows\System\iObWIWa.exe
  C:\Windows\System\iObWIWa.exe
  2⤵
  PID:4984
- C:\Windows\System\giqJOIi.exe
  C:\Windows\System\giqJOIi.exe
  2⤵
  PID:5000
- C:\Windows\System\mrZVfWQ.exe
  C:\Windows\System\mrZVfWQ.exe
  2⤵
  PID:5016
- C:\Windows\System\MeuCNJs.exe
  C:\Windows\System\MeuCNJs.exe
  2⤵
  PID:5032
- C:\Windows\System\ODYaKJq.exe
  C:\Windows\System\ODYaKJq.exe
  2⤵
  PID:5048
- C:\Windows\System\DibZzyG.exe
  C:\Windows\System\DibZzyG.exe
  2⤵
  PID:5064
- C:\Windows\System\wcySgrF.exe
  C:\Windows\System\wcySgrF.exe
  2⤵
  PID:5080
- C:\Windows\System\eaQXMzU.exe
  C:\Windows\System\eaQXMzU.exe
  2⤵
  PID:5096
- C:\Windows\System\mERkiOq.exe
  C:\Windows\System\mERkiOq.exe
  2⤵
  PID:5112
- C:\Windows\System\UCVkeFQ.exe
  C:\Windows\System\UCVkeFQ.exe
  2⤵
  PID:3580
- C:\Windows\System\eqUSRCp.exe
  C:\Windows\System\eqUSRCp.exe
  2⤵
  PID:1552
- C:\Windows\System\WZFRDAa.exe
  C:\Windows\System\WZFRDAa.exe
  2⤵
  PID:1700
- C:\Windows\System\EFxxCkF.exe
  C:\Windows\System\EFxxCkF.exe
  2⤵
  PID:2032
- C:\Windows\System\GBRkXtj.exe
  C:\Windows\System\GBRkXtj.exe
  2⤵
  PID:3660
- C:\Windows\System\pyRWlsX.exe
  C:\Windows\System\pyRWlsX.exe
  2⤵
  PID:3792
- C:\Windows\System\jcfeZnV.exe
  C:\Windows\System\jcfeZnV.exe
  2⤵
  PID:1884
- C:\Windows\System\qLoheWx.exe
  C:\Windows\System\qLoheWx.exe
  2⤵
  PID:3304
- C:\Windows\System\xHexMno.exe
  C:\Windows\System\xHexMno.exe
  2⤵
  PID:1952
- C:\Windows\System\sgNCgNi.exe
  C:\Windows\System\sgNCgNi.exe
  2⤵
  PID:3152
- C:\Windows\System\CinxMRB.exe
  C:\Windows\System\CinxMRB.exe
  2⤵
  PID:3644
- C:\Windows\System\dQVtVSV.exe
  C:\Windows\System\dQVtVSV.exe
  2⤵
  PID:4120
- C:\Windows\System\yUqYPtq.exe
  C:\Windows\System\yUqYPtq.exe
  2⤵
  PID:4152
- C:\Windows\System\IoYkyQI.exe
  C:\Windows\System\IoYkyQI.exe
  2⤵
  PID:4184
- C:\Windows\System\fmrAtjU.exe
  C:\Windows\System\fmrAtjU.exe
  2⤵
  PID:4220
- C:\Windows\System\jhwrVSc.exe
  C:\Windows\System\jhwrVSc.exe
  2⤵
  PID:4252
- C:\Windows\System\eGHcmMu.exe
  C:\Windows\System\eGHcmMu.exe
  2⤵
  PID:4284
- C:\Windows\System\ljuucCy.exe
  C:\Windows\System\ljuucCy.exe
  2⤵
  PID:4316
- C:\Windows\System\ftZOIGF.exe
  C:\Windows\System\ftZOIGF.exe
  2⤵
  PID:4348
- C:\Windows\System\dmfjoiW.exe
  C:\Windows\System\dmfjoiW.exe
  2⤵
  PID:4380
- C:\Windows\System\CcOebQc.exe
  C:\Windows\System\CcOebQc.exe
  2⤵
  PID:4412
- C:\Windows\System\XitKVjj.exe
  C:\Windows\System\XitKVjj.exe
  2⤵
  PID:4448
- C:\Windows\System\BsSBhTI.exe
  C:\Windows\System\BsSBhTI.exe
  2⤵
  PID:4480
- C:\Windows\System\iSvXKjj.exe
  C:\Windows\System\iSvXKjj.exe
  2⤵
  PID:4512
- C:\Windows\System\yDuLNIX.exe
  C:\Windows\System\yDuLNIX.exe
  2⤵
  PID:4544
- C:\Windows\System\EsTrspX.exe
  C:\Windows\System\EsTrspX.exe
  2⤵
  PID:4576
- C:\Windows\System\ttHuseh.exe
  C:\Windows\System\ttHuseh.exe
  2⤵
  PID:4608
- C:\Windows\System\KfwvFRP.exe
  C:\Windows\System\KfwvFRP.exe
  2⤵
  PID:4640
- C:\Windows\System\SpUYqIE.exe
  C:\Windows\System\SpUYqIE.exe
  2⤵
  PID:4684
- C:\Windows\System\cQVrcJk.exe
  C:\Windows\System\cQVrcJk.exe
  2⤵
  PID:4700
- C:\Windows\System\pnTCiEA.exe
  C:\Windows\System\pnTCiEA.exe
  2⤵
  PID:4740
- C:\Windows\System\uusRgtG.exe
  C:\Windows\System\uusRgtG.exe
  2⤵
  PID:2156
- C:\Windows\System\ELjbmvS.exe
  C:\Windows\System\ELjbmvS.exe
  2⤵
  PID:4804
- C:\Windows\System\nhfaWiG.exe
  C:\Windows\System\nhfaWiG.exe
  2⤵
  PID:4836
- C:\Windows\System\jhEdqfa.exe
  C:\Windows\System\jhEdqfa.exe
  2⤵
  PID:4884
- C:\Windows\System\TfVxnTs.exe
  C:\Windows\System\TfVxnTs.exe
  2⤵
  PID:4916
- C:\Windows\System\QxAnAgf.exe
  C:\Windows\System\QxAnAgf.exe
  2⤵
  PID:4932
- C:\Windows\System\wreoepQ.exe
  C:\Windows\System\wreoepQ.exe
  2⤵
  PID:4964
- C:\Windows\System\ysAvxyO.exe
  C:\Windows\System\ysAvxyO.exe
  2⤵
  PID:4996
- C:\Windows\System\NYzckoz.exe
  C:\Windows\System\NYzckoz.exe
  2⤵
  PID:5040
- C:\Windows\System\MYBagmb.exe
  C:\Windows\System\MYBagmb.exe
  2⤵
  PID:5076
- C:\Windows\System\pDeCcwW.exe
  C:\Windows\System\pDeCcwW.exe
  2⤵
  PID:3052
- C:\Windows\System\SUzJqhT.exe
  C:\Windows\System\SUzJqhT.exe
  2⤵
  PID:3696
- C:\Windows\System\WKMrhfn.exe
  C:\Windows\System\WKMrhfn.exe
  2⤵
  PID:2192
- C:\Windows\System\fRFlPEn.exe
  C:\Windows\System\fRFlPEn.exe
  2⤵
  PID:4172
- C:\Windows\System\DCThMLy.exe
  C:\Windows\System\DCThMLy.exe
  2⤵
  PID:4304
- C:\Windows\System\GpzJaOb.exe
  C:\Windows\System\GpzJaOb.exe
  2⤵
  PID:2568
- C:\Windows\System\xThJdAR.exe
  C:\Windows\System\xThJdAR.exe
  2⤵
  PID:3456
- C:\Windows\System\fJfAuNk.exe
  C:\Windows\System\fJfAuNk.exe
  2⤵
  PID:1016
- C:\Windows\System\AXuZHzH.exe
  C:\Windows\System\AXuZHzH.exe
  2⤵
  PID:3228
- C:\Windows\System\SoIKkrz.exe
  C:\Windows\System\SoIKkrz.exe
  2⤵
  PID:3284
- C:\Windows\System\WFKDnRc.exe
  C:\Windows\System\WFKDnRc.exe
  2⤵
  PID:4204
- C:\Windows\System\yVGWaDQ.exe
  C:\Windows\System\yVGWaDQ.exe
  2⤵
  PID:4336
- C:\Windows\System\obmHxnK.exe
  C:\Windows\System\obmHxnK.exe
  2⤵
  PID:4524
- C:\Windows\System\nUXyExn.exe
  C:\Windows\System\nUXyExn.exe
  2⤵
  PID:4572
- C:\Windows\System\jRpDGJd.exe
  C:\Windows\System\jRpDGJd.exe
  2⤵
  PID:4720
- C:\Windows\System\EKohMLY.exe
  C:\Windows\System\EKohMLY.exe
  2⤵
  PID:4540
- C:\Windows\System\ZmUetmO.exe
  C:\Windows\System\ZmUetmO.exe
  2⤵
  PID:4668
- C:\Windows\System\zpxVUUb.exe
  C:\Windows\System\zpxVUUb.exe
  2⤵
  PID:4140
- C:\Windows\System\iuwOYSo.exe
  C:\Windows\System\iuwOYSo.exe
  2⤵
  PID:4168
- C:\Windows\System\WeqaxCe.exe
  C:\Windows\System\WeqaxCe.exe
  2⤵
  PID:5396
- C:\Windows\System\yYspuGM.exe
  C:\Windows\System\yYspuGM.exe
  2⤵
  PID:5540
- C:\Windows\System\urGrNkV.exe
  C:\Windows\System\urGrNkV.exe
  2⤵
  PID:5560
- C:\Windows\System\SCGznPS.exe
  C:\Windows\System\SCGznPS.exe
  2⤵
  PID:5576
- C:\Windows\System\aoBMGqF.exe
  C:\Windows\System\aoBMGqF.exe
  2⤵
  PID:5592
- C:\Windows\System\llmtodz.exe
  C:\Windows\System\llmtodz.exe
  2⤵
  PID:5608
- C:\Windows\System\NLOfadl.exe
  C:\Windows\System\NLOfadl.exe
  2⤵
  PID:5628
- C:\Windows\System\GOnsfqb.exe
  C:\Windows\System\GOnsfqb.exe
  2⤵
  PID:5644
- C:\Windows\System\HsrCLfA.exe
  C:\Windows\System\HsrCLfA.exe
  2⤵
  PID:5660
- C:\Windows\System\CMVcZJL.exe
  C:\Windows\System\CMVcZJL.exe
  2⤵
  PID:5676
- C:\Windows\System\uPlVNib.exe
  C:\Windows\System\uPlVNib.exe
  2⤵
  PID:5692
- C:\Windows\System\lCidatp.exe
  C:\Windows\System\lCidatp.exe
  2⤵
  PID:5708
- C:\Windows\System\xitmbbu.exe
  C:\Windows\System\xitmbbu.exe
  2⤵
  PID:5724
- C:\Windows\System\cUVGoNo.exe
  C:\Windows\System\cUVGoNo.exe
  2⤵
  PID:5740
- C:\Windows\System\RRVTovD.exe
  C:\Windows\System\RRVTovD.exe
  2⤵
  PID:5756
- C:\Windows\System\JlAdDDz.exe
  C:\Windows\System\JlAdDDz.exe
  2⤵
  PID:5772
- C:\Windows\System\POKJXVP.exe
  C:\Windows\System\POKJXVP.exe
  2⤵
  PID:5792
- C:\Windows\System\FRsCyLW.exe
  C:\Windows\System\FRsCyLW.exe
  2⤵
  PID:5808
- C:\Windows\System\rGKOGmU.exe
  C:\Windows\System\rGKOGmU.exe
  2⤵
  PID:5828
- C:\Windows\System\GTlJaTc.exe
  C:\Windows\System\GTlJaTc.exe
  2⤵
  PID:5864
- C:\Windows\System\OAwmIeF.exe
  C:\Windows\System\OAwmIeF.exe
  2⤵
  PID:5892
- C:\Windows\System\tohiGCq.exe
  C:\Windows\System\tohiGCq.exe
  2⤵
  PID:5908
- C:\Windows\System\OiIiLxL.exe
  C:\Windows\System\OiIiLxL.exe
  2⤵
  PID:5984
- C:\Windows\System\NICtPHr.exe
  C:\Windows\System\NICtPHr.exe
  2⤵
  PID:6008
- C:\Windows\System\RyyeOoM.exe
  C:\Windows\System\RyyeOoM.exe
  2⤵
  PID:6028
- C:\Windows\System\HybAVsR.exe
  C:\Windows\System\HybAVsR.exe
  2⤵
  PID:6044
- C:\Windows\System\kJKZuiJ.exe
  C:\Windows\System\kJKZuiJ.exe
  2⤵
  PID:6060
- C:\Windows\System\bZsJxkp.exe
  C:\Windows\System\bZsJxkp.exe
  2⤵
  PID:6076
- C:\Windows\System\dOCjHzT.exe
  C:\Windows\System\dOCjHzT.exe
  2⤵
  PID:6092
- C:\Windows\System\ykoNLeQ.exe
  C:\Windows\System\ykoNLeQ.exe
  2⤵
  PID:6112
- C:\Windows\System\aiqZyNp.exe
  C:\Windows\System\aiqZyNp.exe
  2⤵
  PID:6128
- C:\Windows\System\rEPVdEi.exe
  C:\Windows\System\rEPVdEi.exe
  2⤵
  PID:4880
- C:\Windows\System\LIrbiLZ.exe
  C:\Windows\System\LIrbiLZ.exe
  2⤵
  PID:4604
- C:\Windows\System\WoolVJi.exe
  C:\Windows\System\WoolVJi.exe
  2⤵
  PID:3596
- C:\Windows\System\IIjTTXr.exe
  C:\Windows\System\IIjTTXr.exe
  2⤵
  PID:4752
- C:\Windows\System\rmdjvmH.exe
  C:\Windows\System\rmdjvmH.exe
  2⤵
  PID:4800
- C:\Windows\System\DXTJAuc.exe
  C:\Windows\System\DXTJAuc.exe
  2⤵
  PID:4944
- C:\Windows\System\wilsEIk.exe
  C:\Windows\System\wilsEIk.exe
  2⤵
  PID:5008
- C:\Windows\System\zUzIbGk.exe
  C:\Windows\System\zUzIbGk.exe
  2⤵
  PID:5072
- C:\Windows\System\MAoYPSZ.exe
  C:\Windows\System\MAoYPSZ.exe
  2⤵
  PID:2920
- C:\Windows\System\YRcOMDb.exe
  C:\Windows\System\YRcOMDb.exe
  2⤵
  PID:4636
- C:\Windows\System\yWVUPsg.exe
  C:\Windows\System\yWVUPsg.exe
  2⤵
  PID:4560
- C:\Windows\System\SlNQHjV.exe
  C:\Windows\System\SlNQHjV.exe
  2⤵
  PID:4868
- C:\Windows\System\UFctxta.exe
  C:\Windows\System\UFctxta.exe
  2⤵
  PID:5024
- C:\Windows\System\AfFMLvD.exe
  C:\Windows\System\AfFMLvD.exe
  2⤵
  PID:5128
- C:\Windows\System\UEIPhqj.exe
  C:\Windows\System\UEIPhqj.exe
  2⤵
  PID:5144
- C:\Windows\System\LudbFWD.exe
  C:\Windows\System\LudbFWD.exe
  2⤵
  PID:5160
- C:\Windows\System\CQpRdDh.exe
  C:\Windows\System\CQpRdDh.exe
  2⤵
  PID:5176
- C:\Windows\System\ZSJJaIa.exe
  C:\Windows\System\ZSJJaIa.exe
  2⤵
  PID:5188
- C:\Windows\System\LqDvMum.exe
  C:\Windows\System\LqDvMum.exe
  2⤵
  PID:5204
- C:\Windows\System\FsDaDyW.exe
  C:\Windows\System\FsDaDyW.exe
  2⤵
  PID:5220
- C:\Windows\System\aHqyloa.exe
  C:\Windows\System\aHqyloa.exe
  2⤵
  PID:5236
- C:\Windows\System\PkjbCuA.exe
  C:\Windows\System\PkjbCuA.exe
  2⤵
  PID:5252
- C:\Windows\System\mThAjOH.exe
  C:\Windows\System\mThAjOH.exe
  2⤵
  PID:5268
- C:\Windows\System\oixzgck.exe
  C:\Windows\System\oixzgck.exe
  2⤵
  PID:5280
- C:\Windows\System\qzbumcv.exe
  C:\Windows\System\qzbumcv.exe
  2⤵
  PID:5300
- C:\Windows\System\NsVTCUE.exe
  C:\Windows\System\NsVTCUE.exe
  2⤵
  PID:5316
- C:\Windows\System\tIEzuKt.exe
  C:\Windows\System\tIEzuKt.exe
  2⤵
  PID:5332
- C:\Windows\System\DOXzGKc.exe
  C:\Windows\System\DOXzGKc.exe
  2⤵
  PID:5348
- C:\Windows\System\RUkrvYm.exe
  C:\Windows\System\RUkrvYm.exe
  2⤵
  PID:2044
- C:\Windows\System\SZKVyXK.exe
  C:\Windows\System\SZKVyXK.exe
  2⤵
  PID:5372
- C:\Windows\System\nKENStC.exe
  C:\Windows\System\nKENStC.exe
  2⤵
  PID:5404
- C:\Windows\System\CZoXhxQ.exe
  C:\Windows\System\CZoXhxQ.exe
  2⤵
  PID:5416
- C:\Windows\System\cQeWics.exe
  C:\Windows\System\cQeWics.exe
  2⤵
  PID:1944
- C:\Windows\System\lbtQshA.exe
  C:\Windows\System\lbtQshA.exe
  2⤵
  PID:5448
- C:\Windows\System\LjckPHZ.exe
  C:\Windows\System\LjckPHZ.exe
  2⤵
  PID:5464
- C:\Windows\System\LsgYaYm.exe
  C:\Windows\System\LsgYaYm.exe
  2⤵
  PID:5480
- C:\Windows\System\BcoIJAd.exe
  C:\Windows\System\BcoIJAd.exe
  2⤵
  PID:5496
- C:\Windows\System\tNUbOnb.exe
  C:\Windows\System\tNUbOnb.exe
  2⤵
  PID:5512
- C:\Windows\System\gRMXJHD.exe
  C:\Windows\System\gRMXJHD.exe
  2⤵
  PID:5548
- C:\Windows\System\YKTwgly.exe
  C:\Windows\System\YKTwgly.exe
  2⤵
  PID:5588
- C:\Windows\System\SXrAnma.exe
  C:\Windows\System\SXrAnma.exe
  2⤵
  PID:5616
- C:\Windows\System\PYeuggU.exe
  C:\Windows\System\PYeuggU.exe
  2⤵
  PID:5604
- C:\Windows\System\UVGSgLX.exe
  C:\Windows\System\UVGSgLX.exe
  2⤵
  PID:5652
- C:\Windows\System\LNBpRGS.exe
  C:\Windows\System\LNBpRGS.exe
  2⤵
  PID:5688
- C:\Windows\System\jvhsMgH.exe
  C:\Windows\System\jvhsMgH.exe
  2⤵
  PID:5672
- C:\Windows\System\AHGPhMh.exe
  C:\Windows\System\AHGPhMh.exe
  2⤵
  PID:5732
- C:\Windows\System\vqRBZQE.exe
  C:\Windows\System\vqRBZQE.exe
  2⤵
  PID:5816
- C:\Windows\System\QlsIhrw.exe
  C:\Windows\System\QlsIhrw.exe
  2⤵
  PID:5824
- C:\Windows\System\KtFEteB.exe
  C:\Windows\System\KtFEteB.exe
  2⤵
  PID:5872
- C:\Windows\System\ndmsUhb.exe
  C:\Windows\System\ndmsUhb.exe
  2⤵
  PID:5844
- C:\Windows\System\YlycySZ.exe
  C:\Windows\System\YlycySZ.exe
  2⤵
  PID:5880
- C:\Windows\System\tlbrcvG.exe
  C:\Windows\System\tlbrcvG.exe
  2⤵
  PID:5916
- C:\Windows\System\tOywUeX.exe
  C:\Windows\System\tOywUeX.exe
  2⤵
  PID:5936
- C:\Windows\System\jZIziSo.exe
  C:\Windows\System\jZIziSo.exe
  2⤵
  PID:5952
- C:\Windows\System\emogNgs.exe
  C:\Windows\System\emogNgs.exe
  2⤵
  PID:5964
- C:\Windows\System\AAncwjX.exe
  C:\Windows\System\AAncwjX.exe
  2⤵
  PID:5980
- C:\Windows\System\bdEEuqw.exe
  C:\Windows\System\bdEEuqw.exe
  2⤵
  PID:5856
- C:\Windows\System\xVbozjr.exe
  C:\Windows\System\xVbozjr.exe
  2⤵
  PID:6000
- C:\Windows\System\sFYKMaJ.exe
  C:\Windows\System\sFYKMaJ.exe
  2⤵
  PID:6052
- C:\Windows\System\slFcqOK.exe
  C:\Windows\System\slFcqOK.exe
  2⤵
  PID:5992
- C:\Windows\System\kpVtzZp.exe
  C:\Windows\System\kpVtzZp.exe
  2⤵
  PID:2652
- C:\Windows\System\CFVEwMo.exe
  C:\Windows\System\CFVEwMo.exe
  2⤵
  PID:6100
- C:\Windows\System\MZPpgnr.exe
  C:\Windows\System\MZPpgnr.exe
  2⤵
  PID:6068
- C:\Windows\System\zAqVVCI.exe
  C:\Windows\System\zAqVVCI.exe
  2⤵
  PID:1620
- C:\Windows\System\JjtzoVi.exe
  C:\Windows\System\JjtzoVi.exe
  2⤵
  PID:4864
- C:\Windows\System\LfvVkyZ.exe
  C:\Windows\System\LfvVkyZ.exe
  2⤵
  PID:4300
- C:\Windows\System\xrFMOaV.exe
  C:\Windows\System\xrFMOaV.exe
  2⤵
  PID:3104
- C:\Windows\System\kMFIDPa.exe
  C:\Windows\System\kMFIDPa.exe
  2⤵
  PID:4832
- C:\Windows\System\YLkbMmw.exe
  C:\Windows\System\YLkbMmw.exe
  2⤵
  PID:5156
- C:\Windows\System\UyheZOj.exe
  C:\Windows\System\UyheZOj.exe
  2⤵
  PID:4012
- C:\Windows\System\hlntLpK.exe
  C:\Windows\System\hlntLpK.exe
  2⤵
  PID:2376
- C:\Windows\System\uUuGNkQ.exe
  C:\Windows\System\uUuGNkQ.exe
  2⤵
  PID:5248
- C:\Windows\System\vYNHnmT.exe
  C:\Windows\System\vYNHnmT.exe
  2⤵
  PID:5312
- C:\Windows\System\cVdLOpD.exe
  C:\Windows\System\cVdLOpD.exe
  2⤵
  PID:5368
- C:\Windows\System\cZScEQU.exe
  C:\Windows\System\cZScEQU.exe
  2⤵
  PID:2500
- C:\Windows\System\cQpGZSP.exe
  C:\Windows\System\cQpGZSP.exe
  2⤵
  PID:5472
- C:\Windows\System\eedVQxj.exe
  C:\Windows\System\eedVQxj.exe
  2⤵
  PID:5556
- C:\Windows\System\lUbpZsw.exe
  C:\Windows\System\lUbpZsw.exe
  2⤵
  PID:2872
- C:\Windows\System\vynjPqX.exe
  C:\Windows\System\vynjPqX.exe
  2⤵
  PID:5704
- C:\Windows\System\zUwmJON.exe
  C:\Windows\System\zUwmJON.exe
  2⤵
  PID:4332
- C:\Windows\System\UuyXMME.exe
  C:\Windows\System\UuyXMME.exe
  2⤵
  PID:5836
- C:\Windows\System\AEGbSLX.exe
  C:\Windows\System\AEGbSLX.exe
  2⤵
  PID:5944
- C:\Windows\System\opyxkLD.exe
  C:\Windows\System\opyxkLD.exe
  2⤵
  PID:5972
- C:\Windows\System\JrpggfV.exe
  C:\Windows\System\JrpggfV.exe
  2⤵
  PID:5904
- C:\Windows\System\XMcETDS.exe
  C:\Windows\System\XMcETDS.exe
  2⤵
  PID:6088
- C:\Windows\System\hGCjdZv.exe
  C:\Windows\System\hGCjdZv.exe
  2⤵
  PID:5092
- C:\Windows\System\wENdpkq.exe
  C:\Windows\System\wENdpkq.exe
  2⤵
  PID:4784
- C:\Windows\System\KxXKSob.exe
  C:\Windows\System\KxXKSob.exe
  2⤵
  PID:836
- C:\Windows\System\LQWgQjK.exe
  C:\Windows\System\LQWgQjK.exe
  2⤵
  PID:6160
- C:\Windows\System\MvwOYoi.exe
  C:\Windows\System\MvwOYoi.exe
  2⤵
  PID:6176
- C:\Windows\System\HhnnHrV.exe
  C:\Windows\System\HhnnHrV.exe
  2⤵
  PID:6192
- C:\Windows\System\cMRJQZK.exe
  C:\Windows\System\cMRJQZK.exe
  2⤵
  PID:6208
- C:\Windows\System\eZLwtyi.exe
  C:\Windows\System\eZLwtyi.exe
  2⤵
  PID:6224
- C:\Windows\System\pfCSjFx.exe
  C:\Windows\System\pfCSjFx.exe
  2⤵
  PID:6240
- C:\Windows\System\pkFrfAN.exe
  C:\Windows\System\pkFrfAN.exe
  2⤵
  PID:6256
- C:\Windows\System\RpZnzaQ.exe
  C:\Windows\System\RpZnzaQ.exe
  2⤵
  PID:6272
- C:\Windows\System\XazywfQ.exe
  C:\Windows\System\XazywfQ.exe
  2⤵
  PID:6288
- C:\Windows\System\vhVpxeS.exe
  C:\Windows\System\vhVpxeS.exe
  2⤵
  PID:6304
- C:\Windows\System\EWDvvMq.exe
  C:\Windows\System\EWDvvMq.exe
  2⤵
  PID:6320
- C:\Windows\System\efMpmgk.exe
  C:\Windows\System\efMpmgk.exe
  2⤵
  PID:6336
- C:\Windows\System\LwTrxIP.exe
  C:\Windows\System\LwTrxIP.exe
  2⤵
  PID:6352
- C:\Windows\System\nhtLRmm.exe
  C:\Windows\System\nhtLRmm.exe
  2⤵
  PID:6368
- C:\Windows\System\yyOvzIO.exe
  C:\Windows\System\yyOvzIO.exe
  2⤵
  PID:6384
- C:\Windows\System\nOZSLZy.exe
  C:\Windows\System\nOZSLZy.exe
  2⤵
  PID:6400
- C:\Windows\System\jySHLyO.exe
  C:\Windows\System\jySHLyO.exe
  2⤵
  PID:6416
- C:\Windows\System\LpJBXAb.exe
  C:\Windows\System\LpJBXAb.exe
  2⤵
  PID:6432
- C:\Windows\System\vqPcjWk.exe
  C:\Windows\System\vqPcjWk.exe
  2⤵
  PID:6448
- C:\Windows\System\dSoQRvB.exe
  C:\Windows\System\dSoQRvB.exe
  2⤵
  PID:6464
- C:\Windows\System\dpUBnCg.exe
  C:\Windows\System\dpUBnCg.exe
  2⤵
  PID:6480
- C:\Windows\System\sQhhHHg.exe
  C:\Windows\System\sQhhHHg.exe
  2⤵
  PID:6496
- C:\Windows\System\upymoWo.exe
  C:\Windows\System\upymoWo.exe
  2⤵
  PID:6512
- C:\Windows\System\iirKMHY.exe
  C:\Windows\System\iirKMHY.exe
  2⤵
  PID:6528
- C:\Windows\System\dAFVCpk.exe
  C:\Windows\System\dAFVCpk.exe
  2⤵
  PID:6544
- C:\Windows\System\PyUNcXa.exe
  C:\Windows\System\PyUNcXa.exe
  2⤵
  PID:6560
- C:\Windows\System\AkKaKfc.exe
  C:\Windows\System\AkKaKfc.exe
  2⤵
  PID:6576
- C:\Windows\System\NnSVxMY.exe
  C:\Windows\System\NnSVxMY.exe
  2⤵
  PID:6592
- C:\Windows\System\TWEuJFE.exe
  C:\Windows\System\TWEuJFE.exe
  2⤵
  PID:6608
- C:\Windows\System\iJWFbjk.exe
  C:\Windows\System\iJWFbjk.exe
  2⤵
  PID:6624
- C:\Windows\System\ehsINSI.exe
  C:\Windows\System\ehsINSI.exe
  2⤵
  PID:6640
- C:\Windows\System\FssYeNZ.exe
  C:\Windows\System\FssYeNZ.exe
  2⤵
  PID:6656
- C:\Windows\System\nuEWZeG.exe
  C:\Windows\System\nuEWZeG.exe
  2⤵
  PID:6672
- C:\Windows\System\nWYclEY.exe
  C:\Windows\System\nWYclEY.exe
  2⤵
  PID:6688
- C:\Windows\System\HTDxPJl.exe
  C:\Windows\System\HTDxPJl.exe
  2⤵
  PID:6708
- C:\Windows\System\CkfQBch.exe
  C:\Windows\System\CkfQBch.exe
  2⤵
  PID:6724
- C:\Windows\System\VLHjVkh.exe
  C:\Windows\System\VLHjVkh.exe
  2⤵
  PID:6740
- C:\Windows\System\kTuolSt.exe
  C:\Windows\System\kTuolSt.exe
  2⤵
  PID:6756
- C:\Windows\System\mTuHbvZ.exe
  C:\Windows\System\mTuHbvZ.exe
  2⤵
  PID:6772
- C:\Windows\System\nMnIfix.exe
  C:\Windows\System\nMnIfix.exe
  2⤵
  PID:6788
- C:\Windows\System\hWdlsvK.exe
  C:\Windows\System\hWdlsvK.exe
  2⤵
  PID:6804
- C:\Windows\System\HIHQUHL.exe
  C:\Windows\System\HIHQUHL.exe
  2⤵
  PID:6820
- C:\Windows\System\ZMafGAg.exe
  C:\Windows\System\ZMafGAg.exe
  2⤵
  PID:6836
- C:\Windows\System\yDKMHXi.exe
  C:\Windows\System\yDKMHXi.exe
  2⤵
  PID:6852
- C:\Windows\System\ApfuruL.exe
  C:\Windows\System\ApfuruL.exe
  2⤵
  PID:6868
- C:\Windows\System\WoGYuXi.exe
  C:\Windows\System\WoGYuXi.exe
  2⤵
  PID:6884
- C:\Windows\System\tEiwoCO.exe
  C:\Windows\System\tEiwoCO.exe
  2⤵
  PID:6900
- C:\Windows\System\ksvVtpg.exe
  C:\Windows\System\ksvVtpg.exe
  2⤵
  PID:6920
- C:\Windows\System\bjxnqPd.exe
  C:\Windows\System\bjxnqPd.exe
  2⤵
  PID:6936
- C:\Windows\System\kXvrqft.exe
  C:\Windows\System\kXvrqft.exe
  2⤵
  PID:6952
- C:\Windows\System\FDKwtSN.exe
  C:\Windows\System\FDKwtSN.exe
  2⤵
  PID:6968
- C:\Windows\System\LvjnyeX.exe
  C:\Windows\System\LvjnyeX.exe
  2⤵
  PID:6984
- C:\Windows\System\odfbkNP.exe
  C:\Windows\System\odfbkNP.exe
  2⤵
  PID:7000
- C:\Windows\System\cYwDHvl.exe
  C:\Windows\System\cYwDHvl.exe
  2⤵
  PID:7016
- C:\Windows\System\KeShbqy.exe
  C:\Windows\System\KeShbqy.exe
  2⤵
  PID:7032
- C:\Windows\System\sMwQTde.exe
  C:\Windows\System\sMwQTde.exe
  2⤵
  PID:7048
- C:\Windows\System\czNtPuj.exe
  C:\Windows\System\czNtPuj.exe
  2⤵
  PID:7064
- C:\Windows\System\ZLXLghP.exe
  C:\Windows\System\ZLXLghP.exe
  2⤵
  PID:7080
- C:\Windows\System\nYAXQwI.exe
  C:\Windows\System\nYAXQwI.exe
  2⤵
  PID:7096
- C:\Windows\System\fxaGRtN.exe
  C:\Windows\System\fxaGRtN.exe
  2⤵
  PID:7112
- C:\Windows\System\jOqtydh.exe
  C:\Windows\System\jOqtydh.exe
  2⤵
  PID:7128
- C:\Windows\System\hgAzYoH.exe
  C:\Windows\System\hgAzYoH.exe
  2⤵
  PID:7144
- C:\Windows\System\uiZxVKk.exe
  C:\Windows\System\uiZxVKk.exe
  2⤵
  PID:7160
- C:\Windows\System\rFZHJOt.exe
  C:\Windows\System\rFZHJOt.exe
  2⤵
  PID:5344
- C:\Windows\System\hQwunnq.exe
  C:\Windows\System\hQwunnq.exe
  2⤵
  PID:3016
- C:\Windows\System\awgzHPi.exe
  C:\Windows\System\awgzHPi.exe
  2⤵
  PID:5600
- C:\Windows\System\DBKvPBN.exe
  C:\Windows\System\DBKvPBN.exe
  2⤵
  PID:5440
- C:\Windows\System\boiuapp.exe
  C:\Windows\System\boiuapp.exe
  2⤵
  PID:5488
- C:\Windows\System\iPrzwLd.exe
  C:\Windows\System\iPrzwLd.exe
  2⤵
  PID:2704
- C:\Windows\System\WklGorZ.exe
  C:\Windows\System\WklGorZ.exe
  2⤵
  PID:5900
- C:\Windows\System\LnCmzJm.exe
  C:\Windows\System\LnCmzJm.exe
  2⤵
  PID:6168
- C:\Windows\System\zTBBEeb.exe
  C:\Windows\System\zTBBEeb.exe
  2⤵
  PID:2712
- C:\Windows\System\oanmdIs.exe
  C:\Windows\System\oanmdIs.exe
  2⤵
  PID:5296
- C:\Windows\System\NwGbwHx.exe
  C:\Windows\System\NwGbwHx.exe
  2⤵
  PID:6636
- C:\Windows\System\UfVKcTL.exe
  C:\Windows\System\UfVKcTL.exe
  2⤵
  PID:6700
- C:\Windows\System\LmWOyZu.exe
  C:\Windows\System\LmWOyZu.exe
  2⤵
  PID:6876
- C:\Windows\System\yQfkyTT.exe
  C:\Windows\System\yQfkyTT.exe
  2⤵
  PID:6280
- C:\Windows\System\iJqnMNW.exe
  C:\Windows\System\iJqnMNW.exe
  2⤵
  PID:1188
- C:\Windows\System\oUBhvgf.exe
  C:\Windows\System\oUBhvgf.exe
  2⤵
  PID:6184
- C:\Windows\System\SfIjHfR.exe
  C:\Windows\System\SfIjHfR.exe
  2⤵
  PID:2536
- C:\Windows\System\idHCiAe.exe
  C:\Windows\System\idHCiAe.exe
  2⤵
  PID:5380
- C:\Windows\System\WPFWXLk.exe
  C:\Windows\System\WPFWXLk.exe
  2⤵
  PID:6668
- C:\Windows\System\hVizZKh.exe
  C:\Windows\System\hVizZKh.exe
  2⤵
  PID:2876
- C:\Windows\System\pDuoRJN.exe
  C:\Windows\System\pDuoRJN.exe
  2⤵
  PID:6696
- C:\Windows\System\icBDoKr.exe
  C:\Windows\System\icBDoKr.exe
  2⤵
  PID:5788
- C:\Windows\System\dUUmBCs.exe
  C:\Windows\System\dUUmBCs.exe
  2⤵
  PID:5568
- C:\Windows\System\UdnRhvm.exe
  C:\Windows\System\UdnRhvm.exe
  2⤵
  PID:6780
- C:\Windows\System\cgPrpeO.exe
  C:\Windows\System\cgPrpeO.exe
  2⤵
  PID:6816
- C:\Windows\System\ReDVryk.exe
  C:\Windows\System\ReDVryk.exe
  2⤵
  PID:6948
- C:\Windows\System\DshUJJr.exe
  C:\Windows\System\DshUJJr.exe
  2⤵
  PID:1264
- C:\Windows\System\qOtMhxI.exe
  C:\Windows\System\qOtMhxI.exe
  2⤵
  PID:6864
- C:\Windows\System\WJMTxDC.exe
  C:\Windows\System\WJMTxDC.exe
  2⤵
  PID:1660
- C:\Windows\System\RPKmGTQ.exe
  C:\Windows\System\RPKmGTQ.exe
  2⤵
  PID:6348
- C:\Windows\System\aQnLAxJ.exe
  C:\Windows\System\aQnLAxJ.exe
  2⤵
  PID:6476
- C:\Windows\System\CdIvzjn.exe
  C:\Windows\System\CdIvzjn.exe
  2⤵
  PID:708
- C:\Windows\System\nwAualX.exe
  C:\Windows\System\nwAualX.exe
  2⤵
  PID:2344
- C:\Windows\System\txbMnHY.exe
  C:\Windows\System\txbMnHY.exe
  2⤵
  PID:5328
- C:\Windows\System\yLiqhNo.exe
  C:\Windows\System\yLiqhNo.exe
  2⤵
  PID:7012
- C:\Windows\System\wZMztph.exe
  C:\Windows\System\wZMztph.exe
  2⤵
  PID:6928
- C:\Windows\System\JyTgxiY.exe
  C:\Windows\System\JyTgxiY.exe
  2⤵
  PID:7108
- C:\Windows\System\JhlcqCj.exe
  C:\Windows\System\JhlcqCj.exe
  2⤵
  PID:7092
- C:\Windows\System\EbaZKcr.exe
  C:\Windows\System\EbaZKcr.exe
  2⤵
  PID:7156
- C:\Windows\System\fiSsLyK.exe
  C:\Windows\System\fiSsLyK.exe
  2⤵
  PID:2700
- C:\Windows\System\HMQOemF.exe
  C:\Windows\System\HMQOemF.exe
  2⤵
  PID:1484
- C:\Windows\System\DZdLXin.exe
  C:\Windows\System\DZdLXin.exe
  2⤵
  PID:6912
- C:\Windows\System\zycedvY.exe
  C:\Windows\System\zycedvY.exe
  2⤵
  PID:2688
- C:\Windows\System\spsiDLY.exe
  C:\Windows\System\spsiDLY.exe
  2⤵
  PID:6236
- C:\Windows\System\dpSRuRX.exe
  C:\Windows\System\dpSRuRX.exe
  2⤵
  PID:1416
- C:\Windows\System\EZrqncE.exe
  C:\Windows\System\EZrqncE.exe
  2⤵
  PID:5136
- C:\Windows\System\uRFubNq.exe
  C:\Windows\System\uRFubNq.exe
  2⤵
  PID:2724
- C:\Windows\System\QVxNjxd.exe
  C:\Windows\System\QVxNjxd.exe
  2⤵
  PID:1420
- C:\Windows\System\fmIfSte.exe
  C:\Windows\System\fmIfSte.exe
  2⤵
  PID:2836
- C:\Windows\System\kxQuZBD.exe
  C:\Windows\System\kxQuZBD.exe
  2⤵
  PID:6360
- C:\Windows\System\fxVVLDF.exe
  C:\Windows\System\fxVVLDF.exe
  2⤵
  PID:6364
- C:\Windows\System\bgcdRtr.exe
  C:\Windows\System\bgcdRtr.exe
  2⤵
  PID:6456
- C:\Windows\System\clAhUCn.exe
  C:\Windows\System\clAhUCn.exe
  2⤵
  PID:6524
- C:\Windows\System\lEirVjO.exe
  C:\Windows\System\lEirVjO.exe
  2⤵
  PID:2656
- C:\Windows\System\gEgIQgH.exe
  C:\Windows\System\gEgIQgH.exe
  2⤵
  PID:6552
- C:\Windows\System\VaWZJlz.exe
  C:\Windows\System\VaWZJlz.exe
  2⤵
  PID:5200
- C:\Windows\System\YkITisp.exe
  C:\Windows\System\YkITisp.exe
  2⤵
  PID:6588
- C:\Windows\System\BPXfKRD.exe
  C:\Windows\System\BPXfKRD.exe
  2⤵
  PID:6248
- C:\Windows\System\nzlaQze.exe
  C:\Windows\System\nzlaQze.exe
  2⤵
  PID:6600
- C:\Windows\System\oipFrCW.exe
  C:\Windows\System\oipFrCW.exe
  2⤵
  PID:6616
- C:\Windows\System\DahEGAC.exe
  C:\Windows\System\DahEGAC.exe
  2⤵
  PID:5932
- C:\Windows\System\zmpsyzG.exe
  C:\Windows\System\zmpsyzG.exe
  2⤵
  PID:5384
- C:\Windows\System\epEjfRg.exe
  C:\Windows\System\epEjfRg.exe
  2⤵
  PID:5768
- C:\Windows\System\wRZmWyx.exe
  C:\Windows\System\wRZmWyx.exe
  2⤵
  PID:2272
- C:\Windows\System\wyJmeQC.exe
  C:\Windows\System\wyJmeQC.exe
  2⤵
  PID:5284
- C:\Windows\System\tPMddRL.exe
  C:\Windows\System\tPMddRL.exe
  2⤵
  PID:5124
- C:\Windows\System\FSEnPKu.exe
  C:\Windows\System\FSEnPKu.exe
  2⤵
  PID:6020
- C:\Windows\System\dPPMUDu.exe
  C:\Windows\System\dPPMUDu.exe
  2⤵
  PID:6108
- C:\Windows\System\vsqkvug.exe
  C:\Windows\System\vsqkvug.exe
  2⤵
  PID:5720
- C:\Windows\System\SagMFfy.exe
  C:\Windows\System\SagMFfy.exe
  2⤵
  PID:6848
- C:\Windows\System\VBWroGF.exe
  C:\Windows\System\VBWroGF.exe
  2⤵
  PID:6796
- C:\Windows\System\weIsoJy.exe
  C:\Windows\System\weIsoJy.exe
  2⤵
  PID:6704
- C:\Windows\System\ZOLydtA.exe
  C:\Windows\System\ZOLydtA.exe
  2⤵
  PID:6492
- C:\Windows\System\bKueRtd.exe
  C:\Windows\System\bKueRtd.exe
  2⤵
  PID:2096
- C:\Windows\System\aVzEgzk.exe
  C:\Windows\System\aVzEgzk.exe
  2⤵
  PID:2588
- C:\Windows\System\VDFRTKd.exe
  C:\Windows\System\VDFRTKd.exe
  2⤵
  PID:7124
- C:\Windows\System\FMbPhEJ.exe
  C:\Windows\System\FMbPhEJ.exe
  2⤵
  PID:3020
- C:\Windows\System\fCHUlNq.exe
  C:\Windows\System\fCHUlNq.exe
  2⤵
  PID:7140
- C:\Windows\System\frIPviK.exe
  C:\Windows\System\frIPviK.exe
  2⤵
  PID:5444
- C:\Windows\System\dTtVwrP.exe
  C:\Windows\System\dTtVwrP.exe
  2⤵
  PID:6764
- C:\Windows\System\QRHJOtO.exe
  C:\Windows\System\QRHJOtO.exe
  2⤵
  PID:6996
- C:\Windows\System\afPSVTz.exe
  C:\Windows\System\afPSVTz.exe
  2⤵
  PID:5436
- C:\Windows\System\ZyWkJlE.exe
  C:\Windows\System\ZyWkJlE.exe
  2⤵
  PID:7056
- C:\Windows\System\gIspIPb.exe
  C:\Windows\System\gIspIPb.exe
  2⤵
  PID:2796
- C:\Windows\System\ruWcgZV.exe
  C:\Windows\System\ruWcgZV.exe
  2⤵
  PID:2180
- C:\Windows\System\PdOwbuJ.exe
  C:\Windows\System\PdOwbuJ.exe
  2⤵
  PID:2852
- C:\Windows\System\UoVYuvA.exe
  C:\Windows\System\UoVYuvA.exe
  2⤵
  PID:2752
- C:\Windows\System\Lipunbi.exe
  C:\Windows\System\Lipunbi.exe
  2⤵
  PID:2088
- C:\Windows\System\qETeTgT.exe
  C:\Windows\System\qETeTgT.exe
  2⤵
  PID:6328
- C:\Windows\System\DsgdMTw.exe
  C:\Windows\System\DsgdMTw.exe
  2⤵
  PID:5196
- C:\Windows\System\emElHOH.exe
  C:\Windows\System\emElHOH.exe
  2⤵
  PID:6428
- C:\Windows\System\BzLGksk.exe
  C:\Windows\System\BzLGksk.exe
  2⤵
  PID:2420
- C:\Windows\System\YFVRqKq.exe
  C:\Windows\System\YFVRqKq.exe
  2⤵
  PID:1880
- C:\Windows\System\zRpcGAX.exe
  C:\Windows\System\zRpcGAX.exe
  2⤵
  PID:6908
- C:\Windows\System\kSDhIIK.exe
  C:\Windows\System\kSDhIIK.exe
  2⤵
  PID:6072
- C:\Windows\System\xvFrPXV.exe
  C:\Windows\System\xvFrPXV.exe
  2⤵
  PID:6084
- C:\Windows\System\UOSaAhj.exe
  C:\Windows\System\UOSaAhj.exe
  2⤵
  PID:264
- C:\Windows\System\HMlbVNz.exe
  C:\Windows\System\HMlbVNz.exe
  2⤵
  PID:1600
- C:\Windows\System\wSNiOFr.exe
  C:\Windows\System\wSNiOFr.exe
  2⤵
  PID:6684
- C:\Windows\System\CJNybLS.exe
  C:\Windows\System\CJNybLS.exe
  2⤵
  PID:2592
- C:\Windows\System\jLirsmL.exe
  C:\Windows\System\jLirsmL.exe
  2⤵
  PID:5924
- C:\Windows\System\JdQywwn.exe
  C:\Windows\System\JdQywwn.exe
  2⤵
  PID:6976
- C:\Windows\System\WHwWKki.exe
  C:\Windows\System\WHwWKki.exe
  2⤵
  PID:6752
- C:\Windows\System\UzaCBIN.exe
  C:\Windows\System\UzaCBIN.exe
  2⤵
  PID:4788
- C:\Windows\System\fGaheQj.exe
  C:\Windows\System\fGaheQj.exe
  2⤵
  PID:6980
- C:\Windows\System\mayWVqA.exe
  C:\Windows\System\mayWVqA.exe
  2⤵
  PID:5356
- C:\Windows\System\ytWqQvs.exe
  C:\Windows\System\ytWqQvs.exe
  2⤵
  PID:7040
- C:\Windows\System\TtaWeoY.exe
  C:\Windows\System\TtaWeoY.exe
  2⤵
  PID:5456
- C:\Windows\System\KypmNUJ.exe
  C:\Windows\System\KypmNUJ.exe
  2⤵
  PID:4108
- C:\Windows\System\kNbJleF.exe
  C:\Windows\System\kNbJleF.exe
  2⤵
  PID:7060
- C:\Windows\System\LJXMjQa.exe
  C:\Windows\System\LJXMjQa.exe
  2⤵
  PID:5264
- C:\Windows\System\jDVIzUW.exe
  C:\Windows\System\jDVIzUW.exe
  2⤵
  PID:2520
- C:\Windows\System\ktBXFIy.exe
  C:\Windows\System\ktBXFIy.exe
  2⤵
  PID:6156
- C:\Windows\System\MrJKEtf.exe
  C:\Windows\System\MrJKEtf.exe
  2⤵
  PID:6220
- C:\Windows\System\KJUJybc.exe
  C:\Windows\System\KJUJybc.exe
  2⤵
  PID:6252
- C:\Windows\System\nAtJhYN.exe
  C:\Windows\System\nAtJhYN.exe
  2⤵
  PID:6412
- C:\Windows\System\vCczFAU.exe
  C:\Windows\System\vCczFAU.exe
  2⤵
  PID:6332
- C:\Windows\System\qZtBRAz.exe
  C:\Windows\System\qZtBRAz.exe
  2⤵
  PID:7076
- C:\Windows\System\WTiqhNO.exe
  C:\Windows\System\WTiqhNO.exe
  2⤵
  PID:5996
- C:\Windows\System\ukaXwGX.exe
  C:\Windows\System\ukaXwGX.exe
  2⤵
  PID:6632
- C:\Windows\System\jeJRLFU.exe
  C:\Windows\System\jeJRLFU.exe
  2⤵
  PID:5668
- C:\Windows\System\cObSAtY.exe
  C:\Windows\System\cObSAtY.exe
  2⤵
  PID:1656
- C:\Windows\System\EEgiOfH.exe
  C:\Windows\System\EEgiOfH.exe
  2⤵
  PID:4976
- C:\Windows\System\SOELZex.exe
  C:\Windows\System\SOELZex.exe
  2⤵
  PID:1504
- C:\Windows\System\JiUmqRE.exe
  C:\Windows\System\JiUmqRE.exe
  2⤵
  PID:5424
- C:\Windows\System\vTEJhrq.exe
  C:\Windows\System\vTEJhrq.exe
  2⤵
  PID:2940
- C:\Windows\System\VZLzVey.exe
  C:\Windows\System\VZLzVey.exe
  2⤵
  PID:6188
- C:\Windows\System\JFniodw.exe
  C:\Windows\System\JFniodw.exe
  2⤵
  PID:7152
- C:\Windows\System\loIfVlp.exe
  C:\Windows\System\loIfVlp.exe
  2⤵
  PID:6568
- C:\Windows\System\jJHnmEN.exe
  C:\Windows\System\jJHnmEN.exe
  2⤵
  PID:2340
- C:\Windows\System\KJBUODU.exe
  C:\Windows\System\KJBUODU.exe
  2⤵
  PID:6148
- C:\Windows\System\ERGYHHf.exe
  C:\Windows\System\ERGYHHf.exe
  2⤵
  PID:6300
- C:\Windows\System\lnQmMcI.exe
  C:\Windows\System\lnQmMcI.exe
  2⤵
  PID:7028
- C:\Windows\System\qypkEqu.exe
  C:\Windows\System\qypkEqu.exe
  2⤵
  PID:2636
- C:\Windows\System\pUCsIjK.exe
  C:\Windows\System\pUCsIjK.exe
  2⤵
  PID:7180
- C:\Windows\System\tTvbOtg.exe
  C:\Windows\System\tTvbOtg.exe
  2⤵
  PID:7196
- C:\Windows\System\yvBsxLY.exe
  C:\Windows\System\yvBsxLY.exe
  2⤵
  PID:7212
- C:\Windows\System\PpvuaMD.exe
  C:\Windows\System\PpvuaMD.exe
  2⤵
  PID:7228
- C:\Windows\System\jupnySd.exe
  C:\Windows\System\jupnySd.exe
  2⤵
  PID:7244
- C:\Windows\System\nbjkfXU.exe
  C:\Windows\System\nbjkfXU.exe
  2⤵
  PID:7260
- C:\Windows\System\JJjEgvt.exe
  C:\Windows\System\JJjEgvt.exe
  2⤵
  PID:7276
- C:\Windows\System\ppHFKXU.exe
  C:\Windows\System\ppHFKXU.exe
  2⤵
  PID:7292
- C:\Windows\System\BlKzJIS.exe
  C:\Windows\System\BlKzJIS.exe
  2⤵
  PID:7308
- C:\Windows\System\uPaDndS.exe
  C:\Windows\System\uPaDndS.exe
  2⤵
  PID:7324
- C:\Windows\System\tdzGxKO.exe
  C:\Windows\System\tdzGxKO.exe
  2⤵
  PID:7340
- C:\Windows\System\lgOZvLJ.exe
  C:\Windows\System\lgOZvLJ.exe
  2⤵
  PID:7356
- C:\Windows\System\kPrlByf.exe
  C:\Windows\System\kPrlByf.exe
  2⤵
  PID:7372
- C:\Windows\System\chIwpJu.exe
  C:\Windows\System\chIwpJu.exe
  2⤵
  PID:7388
- C:\Windows\System\KxBIOVu.exe
  C:\Windows\System\KxBIOVu.exe
  2⤵
  PID:7404
- C:\Windows\System\AqjgHBC.exe
  C:\Windows\System\AqjgHBC.exe
  2⤵
  PID:7420
- C:\Windows\System\JaciTVd.exe
  C:\Windows\System\JaciTVd.exe
  2⤵
  PID:7436
- C:\Windows\System\EUwNjSS.exe
  C:\Windows\System\EUwNjSS.exe
  2⤵
  PID:7452
- C:\Windows\System\rEJSnZv.exe
  C:\Windows\System\rEJSnZv.exe
  2⤵
  PID:7468
- C:\Windows\System\DwgpcWl.exe
  C:\Windows\System\DwgpcWl.exe
  2⤵
  PID:7484
- C:\Windows\System\pCzFzuy.exe
  C:\Windows\System\pCzFzuy.exe
  2⤵
  PID:7500
- C:\Windows\System\ufDNuox.exe
  C:\Windows\System\ufDNuox.exe
  2⤵
  PID:7516
- C:\Windows\System\lVxfivB.exe
  C:\Windows\System\lVxfivB.exe
  2⤵
  PID:7532
- C:\Windows\System\pIpkTgM.exe
  C:\Windows\System\pIpkTgM.exe
  2⤵
  PID:7548
- C:\Windows\System\IENTsMc.exe
  C:\Windows\System\IENTsMc.exe
  2⤵
  PID:7564
- C:\Windows\System\YqriJuh.exe
  C:\Windows\System\YqriJuh.exe
  2⤵
  PID:7580
- C:\Windows\System\kdQBDbp.exe
  C:\Windows\System\kdQBDbp.exe
  2⤵
  PID:7596
- C:\Windows\System\QedOWIb.exe
  C:\Windows\System\QedOWIb.exe
  2⤵
  PID:7612
- C:\Windows\System\ttktCkA.exe
  C:\Windows\System\ttktCkA.exe
  2⤵
  PID:7628
- C:\Windows\System\yFAUFVo.exe
  C:\Windows\System\yFAUFVo.exe
  2⤵
  PID:7644
- C:\Windows\System\hTkfOmz.exe
  C:\Windows\System\hTkfOmz.exe
  2⤵
  PID:7660
- C:\Windows\System\VVMfLVv.exe
  C:\Windows\System\VVMfLVv.exe
  2⤵
  PID:7676
- C:\Windows\System\lbyiSCV.exe
  C:\Windows\System\lbyiSCV.exe
  2⤵
  PID:7692
- C:\Windows\System\hUzDwRP.exe
  C:\Windows\System\hUzDwRP.exe
  2⤵
  PID:7708
- C:\Windows\System\ylkuVas.exe
  C:\Windows\System\ylkuVas.exe
  2⤵
  PID:7724
- C:\Windows\System\AanYTzS.exe
  C:\Windows\System\AanYTzS.exe
  2⤵
  PID:7740
- C:\Windows\System\tdcAVGC.exe
  C:\Windows\System\tdcAVGC.exe
  2⤵
  PID:7756
- C:\Windows\System\NAKZaFR.exe
  C:\Windows\System\NAKZaFR.exe
  2⤵
  PID:7772
- C:\Windows\System\BjWMcgb.exe
  C:\Windows\System\BjWMcgb.exe
  2⤵
  PID:7788
- C:\Windows\System\LHsBlLn.exe
  C:\Windows\System\LHsBlLn.exe
  2⤵
  PID:7804
- C:\Windows\System\ngoerZr.exe
  C:\Windows\System\ngoerZr.exe
  2⤵
  PID:7820
- C:\Windows\System\KeORJua.exe
  C:\Windows\System\KeORJua.exe
  2⤵
  PID:7836
- C:\Windows\System\KFLxyva.exe
  C:\Windows\System\KFLxyva.exe
  2⤵
  PID:7852
- C:\Windows\System\RXhFiRL.exe
  C:\Windows\System\RXhFiRL.exe
  2⤵
  PID:7868
- C:\Windows\System\YKXHmWG.exe
  C:\Windows\System\YKXHmWG.exe
  2⤵
  PID:7884
- C:\Windows\System\UXhWYJA.exe
  C:\Windows\System\UXhWYJA.exe
  2⤵
  PID:7900
- C:\Windows\System\HmKptnx.exe
  C:\Windows\System\HmKptnx.exe
  2⤵
  PID:7916
- C:\Windows\System\WTcFSRP.exe
  C:\Windows\System\WTcFSRP.exe
  2⤵
  PID:7932
- C:\Windows\System\BdHkKDl.exe
  C:\Windows\System\BdHkKDl.exe
  2⤵
  PID:7948
- C:\Windows\System\cLLXJXa.exe
  C:\Windows\System\cLLXJXa.exe
  2⤵
  PID:7964
- C:\Windows\System\KNWhCqE.exe
  C:\Windows\System\KNWhCqE.exe
  2⤵
  PID:7980
- C:\Windows\System\MoKQPjN.exe
  C:\Windows\System\MoKQPjN.exe
  2⤵
  PID:7996
- C:\Windows\System\tXnhNff.exe
  C:\Windows\System\tXnhNff.exe
  2⤵
  PID:8012
- C:\Windows\System\OGBGvPE.exe
  C:\Windows\System\OGBGvPE.exe
  2⤵
  PID:8028
- C:\Windows\System\ghkFBiy.exe
  C:\Windows\System\ghkFBiy.exe
  2⤵
  PID:8044
- C:\Windows\System\qIggtTM.exe
  C:\Windows\System\qIggtTM.exe
  2⤵
  PID:8060
- C:\Windows\System\JIkzHNs.exe
  C:\Windows\System\JIkzHNs.exe
  2⤵
  PID:8076
- C:\Windows\System\SyFoFsp.exe
  C:\Windows\System\SyFoFsp.exe
  2⤵
  PID:8092
- C:\Windows\System\xQNDxKP.exe
  C:\Windows\System\xQNDxKP.exe
  2⤵
  PID:8108
- C:\Windows\System\eOYKgvP.exe
  C:\Windows\System\eOYKgvP.exe
  2⤵
  PID:8124
- C:\Windows\System\QmHUeAs.exe
  C:\Windows\System\QmHUeAs.exe
  2⤵
  PID:8140
- C:\Windows\System\VCZZHZV.exe
  C:\Windows\System\VCZZHZV.exe
  2⤵
  PID:8156
- C:\Windows\System\kBFYEgt.exe
  C:\Windows\System\kBFYEgt.exe
  2⤵
  PID:8172
- C:\Windows\System\mnvegwh.exe
  C:\Windows\System\mnvegwh.exe
  2⤵
  PID:8188
- C:\Windows\System\TXUdUpT.exe
  C:\Windows\System\TXUdUpT.exe
  2⤵
  PID:812
- C:\Windows\System\ROCVTwu.exe
  C:\Windows\System\ROCVTwu.exe
  2⤵
  PID:7224
- C:\Windows\System\XMDsmVa.exe
  C:\Windows\System\XMDsmVa.exe
  2⤵
  PID:7288
- C:\Windows\System\lbmLWfK.exe
  C:\Windows\System\lbmLWfK.exe
  2⤵
  PID:7380
- C:\Windows\System\HxXwFRI.exe
  C:\Windows\System\HxXwFRI.exe
  2⤵
  PID:7416
- C:\Windows\System\QelkGlU.exe
  C:\Windows\System\QelkGlU.exe
  2⤵
  PID:7480
- C:\Windows\System\GJtpCQp.exe
  C:\Windows\System\GJtpCQp.exe
  2⤵
  PID:2332
- C:\Windows\System\iVVRhDA.exe
  C:\Windows\System\iVVRhDA.exe
  2⤵
  PID:7460
- C:\Windows\System\dKirDvg.exe
  C:\Windows\System\dKirDvg.exe
  2⤵
  PID:7204
- C:\Windows\System\PBzPMnb.exe
  C:\Windows\System\PBzPMnb.exe
  2⤵
  PID:7268
- C:\Windows\System\ySzVveV.exe
  C:\Windows\System\ySzVveV.exe
  2⤵
  PID:7332
- C:\Windows\System\UcLpNgf.exe
  C:\Windows\System\UcLpNgf.exe
  2⤵
  PID:7428
- C:\Windows\System\SEBgOPY.exe
  C:\Windows\System\SEBgOPY.exe
  2⤵
  PID:7524
- C:\Windows\System\TuDXLMh.exe
  C:\Windows\System\TuDXLMh.exe
  2⤵
  PID:7576
- C:\Windows\System\TqWwJPU.exe
  C:\Windows\System\TqWwJPU.exe
  2⤵
  PID:7556
- C:\Windows\System\cMplZTV.exe
  C:\Windows\System\cMplZTV.exe
  2⤵
  PID:7604
- C:\Windows\System\DjasjIz.exe
  C:\Windows\System\DjasjIz.exe
  2⤵
  PID:7668
- C:\Windows\System\avEGFpQ.exe
  C:\Windows\System\avEGFpQ.exe
  2⤵
  PID:7732
- C:\Windows\System\ICaxsld.exe
  C:\Windows\System\ICaxsld.exe
  2⤵
  PID:7800
- C:\Windows\System\QYyOcGn.exe
  C:\Windows\System\QYyOcGn.exe
  2⤵
  PID:7892
- C:\Windows\System\zjiqBRj.exe
  C:\Windows\System\zjiqBRj.exe
  2⤵
  PID:7928
- C:\Windows\System\NPqXQWO.exe
  C:\Windows\System\NPqXQWO.exe
  2⤵
  PID:7988
- C:\Windows\System\CAvGBhS.exe
  C:\Windows\System\CAvGBhS.exe
  2⤵
  PID:8052
- C:\Windows\System\moGqaTg.exe
  C:\Windows\System\moGqaTg.exe
  2⤵
  PID:8116
- C:\Windows\System\NgSVwJq.exe
  C:\Windows\System\NgSVwJq.exe
  2⤵
  PID:8180
- C:\Windows\System\fVdrswE.exe
  C:\Windows\System\fVdrswE.exe
  2⤵
  PID:7220
- C:\Windows\System\sFztcBK.exe
  C:\Windows\System\sFztcBK.exe
  2⤵
  PID:7352
- C:\Windows\System\GOIInJA.exe
  C:\Windows\System\GOIInJA.exe
  2⤵
  PID:8100
- C:\Windows\System\ymEJCaA.exe
  C:\Windows\System\ymEJCaA.exe
  2⤵
  PID:7652
- C:\Windows\System\wnFjqJX.exe
  C:\Windows\System\wnFjqJX.exe
  2⤵
  PID:7720
- C:\Windows\System\ifkMVUY.exe
  C:\Windows\System\ifkMVUY.exe
  2⤵
  PID:7812
- C:\Windows\System\wrUxEBl.exe
  C:\Windows\System\wrUxEBl.exe
  2⤵
  PID:7880
- C:\Windows\System\FBJgFEV.exe
  C:\Windows\System\FBJgFEV.exe
  2⤵
  PID:7976
- C:\Windows\System\JngGxhI.exe
  C:\Windows\System\JngGxhI.exe
  2⤵
  PID:8040
- C:\Windows\System\VsDWozA.exe
  C:\Windows\System\VsDWozA.exe
  2⤵
  PID:8132
- C:\Windows\System\CCaPpZN.exe
  C:\Windows\System\CCaPpZN.exe
  2⤵
  PID:796
- C:\Windows\System\rmHojsf.exe
  C:\Windows\System\rmHojsf.exe
  2⤵
  PID:7476
- C:\Windows\System\sbMYJQX.exe
  C:\Windows\System\sbMYJQX.exe
  2⤵
  PID:7240
- C:\Windows\System\NCatTep.exe
  C:\Windows\System\NCatTep.exe
  2⤵
  PID:7572
- C:\Windows\System\WhlwSjV.exe
  C:\Windows\System\WhlwSjV.exe
  2⤵
  PID:7700
- C:\Windows\System\TmctbKF.exe
  C:\Windows\System\TmctbKF.exe
  2⤵
  PID:7464
- C:\Windows\System\dirtBvt.exe
  C:\Windows\System\dirtBvt.exe
  2⤵
  PID:7496
- C:\Windows\System\nCipAEv.exe
  C:\Windows\System\nCipAEv.exe
  2⤵
  PID:7640
- C:\Windows\System\jLYhAvL.exe
  C:\Windows\System\jLYhAvL.exe
  2⤵
  PID:7956
- C:\Windows\System\WEbLxwT.exe
  C:\Windows\System\WEbLxwT.exe
  2⤵
  PID:7864
- C:\Windows\System\TWriADw.exe
  C:\Windows\System\TWriADw.exe
  2⤵
  PID:7192
- C:\Windows\System\YtPDpgf.exe
  C:\Windows\System\YtPDpgf.exe
  2⤵
  PID:8020
- C:\Windows\System\KCpXEEC.exe
  C:\Windows\System\KCpXEEC.exe
  2⤵
  PID:8024
- C:\Windows\System\rSuSKvJ.exe
  C:\Windows\System\rSuSKvJ.exe
  2⤵
  PID:7284
- C:\Windows\System\dfhigTL.exe
  C:\Windows\System\dfhigTL.exe
  2⤵
  PID:7236
- C:\Windows\System\NNRXaVw.exe
  C:\Windows\System\NNRXaVw.exe
  2⤵
  PID:8152
- C:\Windows\System\epMDktf.exe
  C:\Windows\System\epMDktf.exe
  2⤵
  PID:7044
- C:\Windows\System\ZWnNdBu.exe
  C:\Windows\System\ZWnNdBu.exe
  2⤵
  PID:7784
- C:\Windows\System\ftWsBZg.exe
  C:\Windows\System\ftWsBZg.exe
  2⤵
  PID:7764
- C:\Windows\System\dMoHhVB.exe
  C:\Windows\System\dMoHhVB.exe
  2⤵
  PID:7300
- C:\Windows\System\RfxSyGl.exe
  C:\Windows\System\RfxSyGl.exe
  2⤵
  PID:8088
- C:\Windows\System\XKUXcRT.exe
  C:\Windows\System\XKUXcRT.exe
  2⤵
  PID:7848
- C:\Windows\System\WUrTzOZ.exe
  C:\Windows\System\WUrTzOZ.exe
  2⤵
  PID:7940
- C:\Windows\System\lMqImRP.exe
  C:\Windows\System\lMqImRP.exe
  2⤵
  PID:8008
- C:\Windows\System\PDxtEkG.exe
  C:\Windows\System\PDxtEkG.exe
  2⤵
  PID:7492
- C:\Windows\System\dzVtXgP.exe
  C:\Windows\System\dzVtXgP.exe
  2⤵
  PID:7588
- C:\Windows\System\bDOyqbo.exe
  C:\Windows\System\bDOyqbo.exe
  2⤵
  PID:7512
- C:\Windows\System\VWMiIQC.exe
  C:\Windows\System\VWMiIQC.exe
  2⤵
  PID:7780
- C:\Windows\System\tVOmTuy.exe
  C:\Windows\System\tVOmTuy.exe
  2⤵
  PID:8208
- C:\Windows\System\jBVeTrF.exe
  C:\Windows\System\jBVeTrF.exe
  2⤵
  PID:8224
- C:\Windows\System\pBuZAiy.exe
  C:\Windows\System\pBuZAiy.exe
  2⤵
  PID:8240
- C:\Windows\System\EGfbhtz.exe
  C:\Windows\System\EGfbhtz.exe
  2⤵
  PID:8256
- C:\Windows\System\AYdEVYB.exe
  C:\Windows\System\AYdEVYB.exe
  2⤵
  PID:8272
- C:\Windows\System\sVCXeyW.exe
  C:\Windows\System\sVCXeyW.exe
  2⤵
  PID:8288
- C:\Windows\System\ajdfNZw.exe
  C:\Windows\System\ajdfNZw.exe
  2⤵
  PID:8304
- C:\Windows\System\ucGPZey.exe
  C:\Windows\System\ucGPZey.exe
  2⤵
  PID:8320
- C:\Windows\System\XearRXD.exe
  C:\Windows\System\XearRXD.exe
  2⤵
  PID:8336
- C:\Windows\System\WSVrkru.exe
  C:\Windows\System\WSVrkru.exe
  2⤵
  PID:8352
- C:\Windows\System\zTsmmvT.exe
  C:\Windows\System\zTsmmvT.exe
  2⤵
  PID:8368
- C:\Windows\System\LTcKSti.exe
  C:\Windows\System\LTcKSti.exe
  2⤵
  PID:8384
- C:\Windows\System\inDdrmO.exe
  C:\Windows\System\inDdrmO.exe
  2⤵
  PID:8400
- C:\Windows\System\kTHyNqE.exe
  C:\Windows\System\kTHyNqE.exe
  2⤵
  PID:8416
- C:\Windows\System\Wyclodt.exe
  C:\Windows\System\Wyclodt.exe
  2⤵
  PID:8432
- C:\Windows\System\CDGsDyi.exe
  C:\Windows\System\CDGsDyi.exe
  2⤵
  PID:8448
- C:\Windows\System\MUwwoUP.exe
  C:\Windows\System\MUwwoUP.exe
  2⤵
  PID:8464
- C:\Windows\System\rEnWDkZ.exe
  C:\Windows\System\rEnWDkZ.exe
  2⤵
  PID:8480
- C:\Windows\System\vAEOMzA.exe
  C:\Windows\System\vAEOMzA.exe
  2⤵
  PID:8496
- C:\Windows\System\hgBnXQa.exe
  C:\Windows\System\hgBnXQa.exe
  2⤵
  PID:8516
- C:\Windows\System\nfPXrbF.exe
  C:\Windows\System\nfPXrbF.exe
  2⤵
  PID:8532
- C:\Windows\System\etTONXP.exe
  C:\Windows\System\etTONXP.exe
  2⤵
  PID:8548
- C:\Windows\System\BmcuasZ.exe
  C:\Windows\System\BmcuasZ.exe
  2⤵
  PID:8564
- C:\Windows\System\aKDUgMv.exe
  C:\Windows\System\aKDUgMv.exe
  2⤵
  PID:8580
- C:\Windows\System\KiXHSWO.exe
  C:\Windows\System\KiXHSWO.exe
  2⤵
  PID:8596
- C:\Windows\System\sEdozgB.exe
  C:\Windows\System\sEdozgB.exe
  2⤵
  PID:8612
- C:\Windows\System\tiAqBFG.exe
  C:\Windows\System\tiAqBFG.exe
  2⤵
  PID:8628
- C:\Windows\System\caSMXOC.exe
  C:\Windows\System\caSMXOC.exe
  2⤵
  PID:8644
- C:\Windows\System\SWSDAit.exe
  C:\Windows\System\SWSDAit.exe
  2⤵
  PID:8660
- C:\Windows\System\DshwJQO.exe
  C:\Windows\System\DshwJQO.exe
  2⤵
  PID:8676
- C:\Windows\System\bNKGTqG.exe
  C:\Windows\System\bNKGTqG.exe
  2⤵
  PID:8692
- C:\Windows\System\klmwyfd.exe
  C:\Windows\System\klmwyfd.exe
  2⤵
  PID:8708
- C:\Windows\System\TqBSfUx.exe
  C:\Windows\System\TqBSfUx.exe
  2⤵
  PID:8724
- C:\Windows\System\UisBknp.exe
  C:\Windows\System\UisBknp.exe
  2⤵
  PID:8740
- C:\Windows\System\FXfrwNf.exe
  C:\Windows\System\FXfrwNf.exe
  2⤵
  PID:8756
- C:\Windows\System\otTgafH.exe
  C:\Windows\System\otTgafH.exe
  2⤵
  PID:8772
- C:\Windows\System\Govlugk.exe
  C:\Windows\System\Govlugk.exe
  2⤵
  PID:8788
- C:\Windows\System\VoWibxa.exe
  C:\Windows\System\VoWibxa.exe
  2⤵
  PID:8804
- C:\Windows\System\tUqgvgR.exe
  C:\Windows\System\tUqgvgR.exe
  2⤵
  PID:8820
- C:\Windows\System\DxgvdkU.exe
  C:\Windows\System\DxgvdkU.exe
  2⤵
  PID:8836
- C:\Windows\System\ZhUhFKh.exe
  C:\Windows\System\ZhUhFKh.exe
  2⤵
  PID:8852
- C:\Windows\System\isWrGJr.exe
  C:\Windows\System\isWrGJr.exe
  2⤵
  PID:8868
- C:\Windows\System\rnRaqvq.exe
  C:\Windows\System\rnRaqvq.exe
  2⤵
  PID:8884
- C:\Windows\System\EZuvotg.exe
  C:\Windows\System\EZuvotg.exe
  2⤵
  PID:8900
- C:\Windows\System\QqZNqOI.exe
  C:\Windows\System\QqZNqOI.exe
  2⤵
  PID:8920
- C:\Windows\System\AgIFQJq.exe
  C:\Windows\System\AgIFQJq.exe
  2⤵
  PID:8936
- C:\Windows\System\svwfGKA.exe
  C:\Windows\System\svwfGKA.exe
  2⤵
  PID:8952
- C:\Windows\System\gwWlRZh.exe
  C:\Windows\System\gwWlRZh.exe
  2⤵
  PID:8968
- C:\Windows\System\yqGwNnj.exe
  C:\Windows\System\yqGwNnj.exe
  2⤵
  PID:8984
- C:\Windows\System\RqgISzu.exe
  C:\Windows\System\RqgISzu.exe
  2⤵
  PID:9004
- C:\Windows\System\isvegvX.exe
  C:\Windows\System\isvegvX.exe
  2⤵
  PID:9036
- C:\Windows\System\UPrPgIa.exe
  C:\Windows\System\UPrPgIa.exe
  2⤵
  PID:9052
- C:\Windows\System\aloylBa.exe
  C:\Windows\System\aloylBa.exe
  2⤵
  PID:9068
- C:\Windows\System\prcQDzv.exe
  C:\Windows\System\prcQDzv.exe
  2⤵
  PID:9084
- C:\Windows\System\qwNrzsR.exe
  C:\Windows\System\qwNrzsR.exe
  2⤵
  PID:9100
- C:\Windows\System\jNGRwAU.exe
  C:\Windows\System\jNGRwAU.exe
  2⤵
  PID:9116
- C:\Windows\System\XbWxhrB.exe
  C:\Windows\System\XbWxhrB.exe
  2⤵
  PID:9132
- C:\Windows\System\DDLQZKG.exe
  C:\Windows\System\DDLQZKG.exe
  2⤵
  PID:9148
- C:\Windows\System\yQaheXk.exe
  C:\Windows\System\yQaheXk.exe
  2⤵
  PID:9164
- C:\Windows\System\ZWPsqvj.exe
  C:\Windows\System\ZWPsqvj.exe
  2⤵
  PID:9180
- C:\Windows\System\qiHINCd.exe
  C:\Windows\System\qiHINCd.exe
  2⤵
  PID:9196
- C:\Windows\System\ZaYtTbB.exe
  C:\Windows\System\ZaYtTbB.exe
  2⤵
  PID:9212
- C:\Windows\System\DKpLVWL.exe
  C:\Windows\System\DKpLVWL.exe
  2⤵
  PID:8232
- C:\Windows\System\gmycwOb.exe
  C:\Windows\System\gmycwOb.exe
  2⤵
  PID:7860
- C:\Windows\System\TJtwamq.exe
  C:\Windows\System\TJtwamq.exe
  2⤵
  PID:8296
- C:\Windows\System\cldPKro.exe
  C:\Windows\System\cldPKro.exe
  2⤵
  PID:8332
- C:\Windows\System\llDPEjs.exe
  C:\Windows\System\llDPEjs.exe
  2⤵
  PID:8104
- C:\Windows\System\UKTgZJD.exe
  C:\Windows\System\UKTgZJD.exe
  2⤵
  PID:8248
- C:\Windows\System\VktcQeY.exe
  C:\Windows\System\VktcQeY.exe
  2⤵
  PID:8316
- C:\Windows\System\wRWcpTX.exe
  C:\Windows\System\wRWcpTX.exe
  2⤵
  PID:8376
- C:\Windows\System\tUPnXFE.exe
  C:\Windows\System\tUPnXFE.exe
  2⤵
  PID:8396
- C:\Windows\System\qaOYvFo.exe
  C:\Windows\System\qaOYvFo.exe
  2⤵
  PID:8504
- C:\Windows\System\LtJDelM.exe
  C:\Windows\System\LtJDelM.exe
  2⤵
  PID:8524
- C:\Windows\System\BdGktwo.exe
  C:\Windows\System\BdGktwo.exe
  2⤵
  PID:8456
- C:\Windows\System\Lznqinh.exe
  C:\Windows\System\Lznqinh.exe
  2⤵
  PID:8544
- C:\Windows\System\caaKTbG.exe
  C:\Windows\System\caaKTbG.exe
  2⤵
  PID:8576
- C:\Windows\System\VmlpIKe.exe
  C:\Windows\System\VmlpIKe.exe
  2⤵
  PID:8652
- C:\Windows\System\SHytKde.exe
  C:\Windows\System\SHytKde.exe
  2⤵
  PID:8716
- C:\Windows\System\MZpYMfa.exe
  C:\Windows\System\MZpYMfa.exe
  2⤵
  PID:8636
- C:\Windows\System\CLdAoCx.exe
  C:\Windows\System\CLdAoCx.exe
  2⤵
  PID:8700
- C:\Windows\System\gZTuZdn.exe
  C:\Windows\System\gZTuZdn.exe
  2⤵
  PID:8748
- C:\Windows\System\FouEjRQ.exe
  C:\Windows\System\FouEjRQ.exe
  2⤵
  PID:8768
- C:\Windows\System\XmMzRnr.exe
  C:\Windows\System\XmMzRnr.exe
  2⤵
  PID:8800
- C:\Windows\System\BAcyIWp.exe
  C:\Windows\System\BAcyIWp.exe
  2⤵
  PID:8876
- C:\Windows\System\XpfXOSU.exe
  C:\Windows\System\XpfXOSU.exe
  2⤵
  PID:8916
- C:\Windows\System\vUAoKNO.exe
  C:\Windows\System\vUAoKNO.exe
  2⤵
  PID:8864
- C:\Windows\System\nrgAvUI.exe
  C:\Windows\System\nrgAvUI.exe
  2⤵
  PID:8860
- C:\Windows\System\bjTzjxB.exe
  C:\Windows\System\bjTzjxB.exe
  2⤵
  PID:9016
- C:\Windows\System\bggpQnv.exe
  C:\Windows\System\bggpQnv.exe
  2⤵
  PID:9032
- C:\Windows\System\xzjGiDF.exe
  C:\Windows\System\xzjGiDF.exe
  2⤵
  PID:9096
- C:\Windows\System\zQLrDWC.exe
  C:\Windows\System\zQLrDWC.exe
  2⤵
  PID:8932
- C:\Windows\System\QAKZPal.exe
  C:\Windows\System\QAKZPal.exe
  2⤵
  PID:9124
- C:\Windows\System\Uiqachq.exe
  C:\Windows\System\Uiqachq.exe
  2⤵
  PID:9076
- C:\Windows\System\EHKthcz.exe
  C:\Windows\System\EHKthcz.exe
  2⤵
  PID:9188
- C:\Windows\System\kSABjAd.exe
  C:\Windows\System\kSABjAd.exe
  2⤵
  PID:7544
- C:\Windows\System\jjYEscM.exe
  C:\Windows\System\jjYEscM.exe
  2⤵
  PID:9140
- C:\Windows\System\miitEmA.exe
  C:\Windows\System\miitEmA.exe
  2⤵
  PID:8280
- C:\Windows\System\gbZqbgq.exe
  C:\Windows\System\gbZqbgq.exe
  2⤵
  PID:7688
- C:\Windows\System\pwNakLJ.exe
  C:\Windows\System\pwNakLJ.exe
  2⤵
  PID:8328
- C:\Windows\System\ujfvBys.exe
  C:\Windows\System\ujfvBys.exe
  2⤵
  PID:8344
- C:\Windows\System\oyjMDFo.exe
  C:\Windows\System\oyjMDFo.exe
  2⤵
  PID:8392
- C:\Windows\System\bMeGkNV.exe
  C:\Windows\System\bMeGkNV.exe
  2⤵
  PID:8492
- C:\Windows\System\TtKgNAE.exe
  C:\Windows\System\TtKgNAE.exe
  2⤵
  PID:8508
- C:\Windows\System\TPlIuYQ.exe
  C:\Windows\System\TPlIuYQ.exe
  2⤵
  PID:8604
- C:\Windows\System\nSKMZsM.exe
  C:\Windows\System\nSKMZsM.exe
  2⤵
  PID:8736
- C:\Windows\System\ysqGZVO.exe
  C:\Windows\System\ysqGZVO.exe
  2⤵
  PID:8880
- C:\Windows\System\FRoyAyG.exe
  C:\Windows\System\FRoyAyG.exe
  2⤵
  PID:8688
- C:\Windows\System\AIqXSlv.exe
  C:\Windows\System\AIqXSlv.exe
  2⤵
  PID:9024
- C:\Windows\System\SPxpveW.exe
  C:\Windows\System\SPxpveW.exe
  2⤵
  PID:8980
- C:\Windows\System\hcCdeBg.exe
  C:\Windows\System\hcCdeBg.exe
  2⤵
  PID:8844
- C:\Windows\System\mQfEBOF.exe
  C:\Windows\System\mQfEBOF.exe
  2⤵
  PID:9160
- C:\Windows\System\JtEUcHp.exe
  C:\Windows\System\JtEUcHp.exe
  2⤵
  PID:9208
- C:\Windows\System\ykwmKpP.exe
  C:\Windows\System\ykwmKpP.exe
  2⤵
  PID:8556
- C:\Windows\System\uZNjqlf.exe
  C:\Windows\System\uZNjqlf.exe
  2⤵
  PID:8284
- C:\Windows\System\eWGJxZx.exe
  C:\Windows\System\eWGJxZx.exe
  2⤵
  PID:9080
- C:\Windows\System\qpDyfeT.exe
  C:\Windows\System\qpDyfeT.exe
  2⤵
  PID:8440
- C:\Windows\System\btbwiWt.exe
  C:\Windows\System\btbwiWt.exe
  2⤵
  PID:8472
- C:\Windows\System\xVpZbML.exe
  C:\Windows\System\xVpZbML.exe
  2⤵
  PID:8732
- C:\Windows\System\rtaeAoy.exe
  C:\Windows\System\rtaeAoy.exe
  2⤵
  PID:8588
- C:\Windows\System\zOmgORU.exe
  C:\Windows\System\zOmgORU.exe
  2⤵
  PID:8944
- C:\Windows\System\VFkPqhM.exe
  C:\Windows\System\VFkPqhM.exe
  2⤵
  PID:8672
- C:\Windows\System\RsYIGky.exe
  C:\Windows\System\RsYIGky.exe
  2⤵
  PID:9176
- C:\Windows\System\qwOhjnS.exe
  C:\Windows\System\qwOhjnS.exe
  2⤵
  PID:8412
- C:\Windows\System\stFGbBk.exe
  C:\Windows\System\stFGbBk.exe
  2⤵
  PID:8348
- C:\Windows\System\eVNnZiZ.exe
  C:\Windows\System\eVNnZiZ.exe
  2⤵
  PID:8828
- C:\Windows\System\eNDDPBp.exe
  C:\Windows\System\eNDDPBp.exe
  2⤵
  PID:8764
- C:\Windows\System\dUjkDXn.exe
  C:\Windows\System\dUjkDXn.exe
  2⤵
  PID:9224
- C:\Windows\System\lRnbfZa.exe
  C:\Windows\System\lRnbfZa.exe
  2⤵
  PID:9240
- C:\Windows\System\GxpkXec.exe
  C:\Windows\System\GxpkXec.exe
  2⤵
  PID:9256
- C:\Windows\System\zqTBksX.exe
  C:\Windows\System\zqTBksX.exe
  2⤵
  PID:9272
- C:\Windows\System\NfUXxDp.exe
  C:\Windows\System\NfUXxDp.exe
  2⤵
  PID:9288
- C:\Windows\System\UafPjcF.exe
  C:\Windows\System\UafPjcF.exe
  2⤵
  PID:9304
- C:\Windows\System\MrptDNV.exe
  C:\Windows\System\MrptDNV.exe
  2⤵
  PID:9324
- C:\Windows\System\vYXwlyD.exe
  C:\Windows\System\vYXwlyD.exe
  2⤵
  PID:9340
- C:\Windows\System\mhBvdaO.exe
  C:\Windows\System\mhBvdaO.exe
  2⤵
  PID:9356
- C:\Windows\System\NrsOchK.exe
  C:\Windows\System\NrsOchK.exe
  2⤵
  PID:9372
- C:\Windows\System\zowZhns.exe
  C:\Windows\System\zowZhns.exe
  2⤵
  PID:9388
- C:\Windows\System\SHOEirj.exe
  C:\Windows\System\SHOEirj.exe
  2⤵
  PID:9404
- C:\Windows\System\DoKpUen.exe
  C:\Windows\System\DoKpUen.exe
  2⤵
  PID:9420
- C:\Windows\System\MCMXRBQ.exe
  C:\Windows\System\MCMXRBQ.exe
  2⤵
  PID:9436
- C:\Windows\System\SzuRVqe.exe
  C:\Windows\System\SzuRVqe.exe
  2⤵
  PID:9452
- C:\Windows\System\fgWecTH.exe
  C:\Windows\System\fgWecTH.exe
  2⤵
  PID:9468
- C:\Windows\System\HgnzAtX.exe
  C:\Windows\System\HgnzAtX.exe
  2⤵
  PID:9484
- C:\Windows\System\wWDRhHQ.exe
  C:\Windows\System\wWDRhHQ.exe
  2⤵
  PID:9500
- C:\Windows\System\fXLhQQe.exe
  C:\Windows\System\fXLhQQe.exe
  2⤵
  PID:9532
- C:\Windows\System\MuQvjQn.exe
  C:\Windows\System\MuQvjQn.exe
  2⤵
  PID:9548
- C:\Windows\System\gwGzoDh.exe
  C:\Windows\System\gwGzoDh.exe
  2⤵
  PID:9564
- C:\Windows\System\tpUTGkf.exe
  C:\Windows\System\tpUTGkf.exe
  2⤵
  PID:9580
- C:\Windows\System\qeNYNRQ.exe
  C:\Windows\System\qeNYNRQ.exe
  2⤵
  PID:9596
- C:\Windows\System\RJVEgNL.exe
  C:\Windows\System\RJVEgNL.exe
  2⤵
  PID:9612
- C:\Windows\System\vozfEsL.exe
  C:\Windows\System\vozfEsL.exe
  2⤵
  PID:9628
- C:\Windows\System\GjVCdab.exe
  C:\Windows\System\GjVCdab.exe
  2⤵
  PID:9644
- C:\Windows\System\zcHCAcj.exe
  C:\Windows\System\zcHCAcj.exe
  2⤵
  PID:9660
- C:\Windows\System\rpABRIq.exe
  C:\Windows\System\rpABRIq.exe
  2⤵
  PID:9676
- C:\Windows\System\gvnGLJF.exe
  C:\Windows\System\gvnGLJF.exe
  2⤵
  PID:9692
- C:\Windows\System\rzSUhFu.exe
  C:\Windows\System\rzSUhFu.exe
  2⤵
  PID:9708
- C:\Windows\System\vcRuMBx.exe
  C:\Windows\System\vcRuMBx.exe
  2⤵
  PID:9724
- C:\Windows\System\gwYACcL.exe
  C:\Windows\System\gwYACcL.exe
  2⤵
  PID:9740
- C:\Windows\System\eemIQzu.exe
  C:\Windows\System\eemIQzu.exe
  2⤵
  PID:9756
- C:\Windows\System\gwoNFJi.exe
  C:\Windows\System\gwoNFJi.exe
  2⤵
  PID:9772
- C:\Windows\System\UTYqSrO.exe
  C:\Windows\System\UTYqSrO.exe
  2⤵
  PID:9788
- C:\Windows\System\tOFfdFE.exe
  C:\Windows\System\tOFfdFE.exe
  2⤵
  PID:9804
- C:\Windows\System\QypTipB.exe
  C:\Windows\System\QypTipB.exe
  2⤵
  PID:9820
- C:\Windows\System\QDUBqlz.exe
  C:\Windows\System\QDUBqlz.exe
  2⤵
  PID:9836
- C:\Windows\System\QzyjQSV.exe
  C:\Windows\System\QzyjQSV.exe
  2⤵
  PID:9852
- C:\Windows\System\QYfVLgB.exe
  C:\Windows\System\QYfVLgB.exe
  2⤵
  PID:9868
- C:\Windows\System\LkUQDSo.exe
  C:\Windows\System\LkUQDSo.exe
  2⤵
  PID:9884
- C:\Windows\System\AsUygEp.exe
  C:\Windows\System\AsUygEp.exe
  2⤵
  PID:9900
- C:\Windows\System\JYCRXWd.exe
  C:\Windows\System\JYCRXWd.exe
  2⤵
  PID:9916
- C:\Windows\System\XgmgoGt.exe
  C:\Windows\System\XgmgoGt.exe
  2⤵
  PID:9932
- C:\Windows\System\WoDfpZo.exe
  C:\Windows\System\WoDfpZo.exe
  2⤵
  PID:9948
- C:\Windows\System\wFaGZcB.exe
  C:\Windows\System\wFaGZcB.exe
  2⤵
  PID:9964
- C:\Windows\System\tUfNgvR.exe
  C:\Windows\System\tUfNgvR.exe
  2⤵
  PID:9980
- C:\Windows\System\CaYIVZU.exe
  C:\Windows\System\CaYIVZU.exe
  2⤵
  PID:9996
- C:\Windows\System\eUBeXsC.exe
  C:\Windows\System\eUBeXsC.exe
  2⤵
  PID:10012
- C:\Windows\System\ryFePvI.exe
  C:\Windows\System\ryFePvI.exe
  2⤵
  PID:10028
- C:\Windows\System\xiSXOax.exe
  C:\Windows\System\xiSXOax.exe
  2⤵
  PID:10044
- C:\Windows\System\ozwplIR.exe
  C:\Windows\System\ozwplIR.exe
  2⤵
  PID:10060
- C:\Windows\System\vpGtJvO.exe
  C:\Windows\System\vpGtJvO.exe
  2⤵
  PID:10076
- C:\Windows\System\XcHeBTy.exe
  C:\Windows\System\XcHeBTy.exe
  2⤵
  PID:10092
- C:\Windows\System\CsULXPY.exe
  C:\Windows\System\CsULXPY.exe
  2⤵
  PID:10108
- C:\Windows\System\kMLUdUp.exe
  C:\Windows\System\kMLUdUp.exe
  2⤵
  PID:10124
- C:\Windows\System\pdaFhVH.exe
  C:\Windows\System\pdaFhVH.exe
  2⤵
  PID:10140
- C:\Windows\System\cKCLsvt.exe
  C:\Windows\System\cKCLsvt.exe
  2⤵
  PID:10160
- C:\Windows\System\rHnqxVd.exe
  C:\Windows\System\rHnqxVd.exe
  2⤵
  PID:10176
- C:\Windows\System\sbQhXvP.exe
  C:\Windows\System\sbQhXvP.exe
  2⤵
  PID:10192
- C:\Windows\System\RqTsyOy.exe
  C:\Windows\System\RqTsyOy.exe
  2⤵
  PID:10208
- C:\Windows\System\fYUadCF.exe
  C:\Windows\System\fYUadCF.exe
  2⤵
  PID:10224
- C:\Windows\System\crxupiS.exe
  C:\Windows\System\crxupiS.exe
  2⤵
  PID:8428
- C:\Windows\System\GiYfSWc.exe
  C:\Windows\System\GiYfSWc.exe
  2⤵
  PID:9012
- C:\Windows\System\oOMZBgE.exe
  C:\Windows\System\oOMZBgE.exe
  2⤵
  PID:9280
- C:\Windows\System\rQalaYh.exe
  C:\Windows\System\rQalaYh.exe
  2⤵
  PID:9348
- C:\Windows\System\AjNqatJ.exe
  C:\Windows\System\AjNqatJ.exe
  2⤵
  PID:9412
- C:\Windows\System\nlEqCmf.exe
  C:\Windows\System\nlEqCmf.exe
  2⤵
  PID:7844
- C:\Windows\System\TZhFgKR.exe
  C:\Windows\System\TZhFgKR.exe
  2⤵
  PID:9444
- C:\Windows\System\QIIwWFW.exe
  C:\Windows\System\QIIwWFW.exe
  2⤵
  PID:9480
- C:\Windows\System\QqXqeNC.exe
  C:\Windows\System\QqXqeNC.exe
  2⤵
  PID:9364
- C:\Windows\System\ejsRTdF.exe
  C:\Windows\System\ejsRTdF.exe
  2⤵
  PID:9428
- C:\Windows\System\ZsoHDJc.exe
  C:\Windows\System\ZsoHDJc.exe
  2⤵
  PID:9368
- C:\Windows\System\dkVwNSR.exe
  C:\Windows\System\dkVwNSR.exe
  2⤵
  PID:9464
- C:\Windows\System\XVoNGUD.exe
  C:\Windows\System\XVoNGUD.exe
  2⤵
  PID:9512
- C:\Windows\System\dQRVeSz.exe
  C:\Windows\System\dQRVeSz.exe
  2⤵
  PID:9516
- C:\Windows\System\OiZtzzy.exe
  C:\Windows\System\OiZtzzy.exe
  2⤵
  PID:9588
- C:\Windows\System\wwPHtlJ.exe
  C:\Windows\System\wwPHtlJ.exe
  2⤵
  PID:9592
- C:\Windows\System\QUOSCEH.exe
  C:\Windows\System\QUOSCEH.exe
  2⤵
  PID:9656
- C:\Windows\System\kqeqoEb.exe
  C:\Windows\System\kqeqoEb.exe
  2⤵
  PID:9720
- C:\Windows\System\YtJvUhI.exe
  C:\Windows\System\YtJvUhI.exe
  2⤵
  PID:9640
- C:\Windows\System\TAmZSxN.exe
  C:\Windows\System\TAmZSxN.exe
  2⤵
  PID:9704
- C:\Windows\System\qKkjwjQ.exe
  C:\Windows\System\qKkjwjQ.exe
  2⤵
  PID:9764
- C:\Windows\System\xUxxinM.exe
  C:\Windows\System\xUxxinM.exe
  2⤵
  PID:9768
- C:\Windows\System\DIIBIip.exe
  C:\Windows\System\DIIBIip.exe
  2⤵
  PID:9828
- C:\Windows\System\wfEbGQk.exe
  C:\Windows\System\wfEbGQk.exe
  2⤵
  PID:9876
- C:\Windows\System\pmuREJM.exe
  C:\Windows\System\pmuREJM.exe
  2⤵
  PID:9940
- C:\Windows\System\SifadZS.exe
  C:\Windows\System\SifadZS.exe
  2⤵
  PID:10004
- C:\Windows\System\IUlCJaz.exe
  C:\Windows\System\IUlCJaz.exe
  2⤵
  PID:10068
- C:\Windows\System\WihATxm.exe
  C:\Windows\System\WihATxm.exe
  2⤵
  PID:10020
- C:\Windows\System\qNWBdXJ.exe
  C:\Windows\System\qNWBdXJ.exe
  2⤵
  PID:9892
- C:\Windows\System\XSnsTGH.exe
  C:\Windows\System\XSnsTGH.exe
  2⤵
  PID:9988
- C:\Windows\System\BYMjlsG.exe
  C:\Windows\System\BYMjlsG.exe
  2⤵
  PID:10100
- C:\Windows\System\ZIHVAfh.exe
  C:\Windows\System\ZIHVAfh.exe
  2⤵
  PID:10148
- C:\Windows\System\nVCVvhA.exe
  C:\Windows\System\nVCVvhA.exe
  2⤵
  PID:10136
- C:\Windows\System\LFKxGfJ.exe
  C:\Windows\System\LFKxGfJ.exe
  2⤵
  PID:10204
- C:\Windows\System\zZyfrDS.exe
  C:\Windows\System\zZyfrDS.exe
  2⤵
  PID:9248
- C:\Windows\System\HIPlOPS.exe
  C:\Windows\System\HIPlOPS.exe
  2⤵
  PID:8656
- C:\Windows\System\xpfGRPC.exe
  C:\Windows\System\xpfGRPC.exe
  2⤵
  PID:10188
- C:\Windows\System\JlrBrYm.exe
  C:\Windows\System\JlrBrYm.exe
  2⤵
  PID:8216
- C:\Windows\System\nJFaSKk.exe
  C:\Windows\System\nJFaSKk.exe
  2⤵
  PID:8928
- C:\Windows\System\djVJICS.exe
  C:\Windows\System\djVJICS.exe
  2⤵
  PID:9332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DpJRXUF.exe

Filesize
6.0MB

MD5
a597bef31bae8655bf5f6a7095471afb

SHA1
9e21b4b3ff0644df2bc1afc7e2e2dc27a491015a

SHA256
27aa98b634fd344c8a42f6ee9cde1b6b34e8d80530e972af43d2b0630362d2d4

SHA512
36436e8cfb4e372d842e5da6fa36e0b6c20bb6836ce112d4f194d6483cb858f23e0c5f6b6cd6a46da2636251f74233af8d87770d24a28ec8138d647d313c02e1

Download Submit
C:\Windows\system\EIWuaDb.exe

Filesize
6.0MB

MD5
f21317949197d63a357a721a7c481a9f

SHA1
e68d70d9bb99956401fa3b26b7fac04bf740af90

SHA256
19acc0cdb02a3567c00fb39432733a87263e9c9b4070545e48539af7c513038c

SHA512
148bfa6d36a680ade240d9924ac7ed7c9e5eb66e1c2180291b37f26514f54e7b59490c1cf93176889279957ca6b7b3d2b8550e1a6692fb83b6a449917b9390f0

Download Submit
C:\Windows\system\FUfqlDn.exe

Filesize
6.0MB

MD5
7989f0e8032f3907c7d2d5c86498c66d

SHA1
e21898ad897c819750d9ac651d1cd9657f361439

SHA256
c4d7719ae18b0b818e73ca98921b0cdc71392da51e0f9cfbd8dcb32848c2bef2

SHA512
fa8269358d4a0dd6fb549652e8a282f660e1ea979b247a5155c8e2215dee363d95dd685ce56b76ace0b4ff4b304ad321221414e1489ce01e25db7c8df13a526a

Download Submit
C:\Windows\system\GYwbHNl.exe

Filesize
6.0MB

MD5
84fa3445a7bbca0df23c27f8c074caa1

SHA1
38bff243bc1bcf1ab66e66754475901485fee62b

SHA256
b209b886f62f4e3fde7e94eb54832866750a5d24c0fde3376c5005b43c948565

SHA512
fc5e55a514ac3f4ba4174a16bb8e13e6734256f56131ca4000a8e9aafee3a1eda87b3fb4a093f363e875fa178e462972f535981516216758946bad5e2b1146a9

Download Submit
C:\Windows\system\GovHZji.exe

Filesize
6.0MB

MD5
a8932bedd3a0a4f2a0eb7f8383c822d7

SHA1
a86982231411308de34ab91a1527a703c12fb139

SHA256
1810b5d572142da3570a1a6c6d2af2cd1d4bb4bc1704ab2e2224f5d7e64df2b2

SHA512
2cef7e34138e8ffaf6e742ceebb8255275bbce00d01e0042ae7712e0e6c5525b7ae24e8697fe2bb6e5e6428fe46dc0010072012cba5a691e738fd4f300f0d1d2

Download Submit
C:\Windows\system\HhOKTEN.exe

Filesize
6.0MB

MD5
6ddb64e52a72f18f2c6d4f3c2a51b095

SHA1
7e0c7ed5a3978fd11f05e0aef0ed45297d171d95

SHA256
8aa056d42b7512aa80691da76c28100c868867d35f23f1eb866a6e4f72d01899

SHA512
6cfa20489f3b104e9bc447bd994b3368470f790b479972aa0b3a9bfbb1066294246a1415fb4b2979d54f0ce5fdc1b64ee4063c750a9935047d5bd6599db60517

Download Submit
C:\Windows\system\IaVaVsA.exe

Filesize
6.0MB

MD5
5cb8eaf90a90294f126de6de06d88d89

SHA1
c2c0a94e1c8b9db3fdc1279b5154c65b1affaf88

SHA256
6800ff6b1e4ed742e2a5d0dec435971b6fd693fadb5e67b156b53d4760e5611f

SHA512
e8b5d242038afb23ea538d795452f694e55d96f02b58bbfcfe6c2d588d709106f91178a8847b9acf4d55f29acad5927a3fc269821c76c8c8477ebff3ca1bcf8d

Download Submit
C:\Windows\system\KnueneR.exe

Filesize
6.0MB

MD5
d3bb100b7b0b1a1914d4f35dc7de2567

SHA1
20981e5c6429bfe6976d5881e8546444c29938f2

SHA256
eb7e50c0dfcc52256fa99e0f7d3756f2cbf804ff4eae92549f5513ed74488ffc

SHA512
cbf8628af8a7d3050e09dc8851d4ff1e8eb82075e542db010df48a474ee35db629b242a90c88fc1d97b90f81d4e0ab68f62646ac90847350b276d1ec467d4be1

Download Submit
C:\Windows\system\MkNYIbl.exe

Filesize
6.0MB

MD5
69d5cd1808f99604609a3020bf386232

SHA1
4335b70393e7eff446462a270ae46ff4fad5f808

SHA256
5858d88e1fed5be54136fcb99706db03131a496fa4e2e47077428284504d46da

SHA512
53777300fcc4173908bc92fb3271f99cdc5bab2a3bbc19e45321387ea519e605fadc9343ae0d4404b2f215d5c67b86419255228def7f47cd2d8f88c942307714

Download Submit
C:\Windows\system\OSebszz.exe

Filesize
6.0MB

MD5
5acf0e6282eb1c76dca126b60becfbb1

SHA1
307415de1ece3a5fa61f0103acd2f89d4551d1e8

SHA256
433b12470ac2c13087ae91688aa13bb1b29189a05ca7455d91acc784e7a45708

SHA512
aa27886b9ed191f0a304d2fb2747a05854d9d85de4906b0e8e879e4b98032146bdd938265b130fa216c278eee9e279a54f53636be91afbe2f5fd72129751b604

Download Submit
C:\Windows\system\SmOexQq.exe

Filesize
6.0MB

MD5
153fb7fe829abcee3a24d320808b0b9e

SHA1
7dfcb5896c34d9df202649fd841091685b594370

SHA256
9b14be47e30ac5048f759bac7f32c45cf42aede2f81ed48aa6aa7847c5efd1b0

SHA512
65ce345e57676c9bc2a1acc580a54a15ad1aa0a2e36ed04587aa6f66478f8827c6195577ad47c355296fdaf7f0a06b3397ecd1ca7bef3241d5555d2abff04686

Download Submit
C:\Windows\system\VPrWmRS.exe

Filesize
6.0MB

MD5
88eeb9b055156ff8e87067db82feec43

SHA1
6ba4bf406281f0b857130e70df8422134219653f

SHA256
56e92218d1920dbe4a1cd40e7eef694e0b2998c698ec800a17a737c75721a5ef

SHA512
46191875034862c579e2e82b20b8e26a7845475bf059d64bb39c1b0c8ed44eff7d9fcff1731b62026c7e4e95f8e710eaf0026533056cc2b46b908892026562e9

Download Submit
C:\Windows\system\VyCQosj.exe

Filesize
6.0MB

MD5
e8a2de11943258930abdd4c5fa1ffefd

SHA1
78a9c799a1e1afd682188ad88bb05d0e228785b2

SHA256
b44d14732ef8ec5bf0c03660185fa1a78807a23cbc7916b7048b81affb1fb702

SHA512
4baa48f021b73efce62b4ad79ee9df2a2c998f3948aa2ef242b4f8c84f6eb30f00cb010d5cc7ca9e2defb6127d8c6f8317ffa94455c8d54042f98ed0d30d858f

Download Submit
C:\Windows\system\XmoSkgB.exe

Filesize
6.0MB

MD5
f785d723d41d332313d7b152b858a864

SHA1
39cf6f2aff7cd25f4fc4d3e77da3ee5606be7c57

SHA256
b9bd07a755715d7a33ba83eb235e8ae3f74c70a9850efe7382079d923ccb6bcb

SHA512
09fbde5937769f422a4366b47dde2183db4bf55ba5ce27c8dda871e867d9858190bde219f85b2d8bfe5050bc4c91c8c0ce6bdf373e5c5b3d310f94f0ce5d1b12

Download Submit
C:\Windows\system\XxWLEyS.exe

Filesize
6.0MB

MD5
bac697f56f7607a5426924f4ea5b277f

SHA1
90b8178b6ccb74761eb09489ea9a410e9fdb2f9b

SHA256
9b2fc44a79a31a9bf15a53439d87c62b26297302df3710b2d730017bf5b22037

SHA512
4522dc5ae3f2c8daab7f9223a9955bdb0c0682a8c1037ef0bdf80b2b3d9db5379f3a4dde18cec1e65ff448b9fb35dc50e47abe806001e564ff04961196cbb11e

Download Submit
C:\Windows\system\YJXmSiW.exe

Filesize
6.0MB

MD5
0eb8f7316c2e00df38469d995c7ac190

SHA1
5d9e91d5aa7426a05fc30ae982d64d5f84cd4ba8

SHA256
811f514c7ec898feb2b46edc8f654354b3108ac5d4e0b7c919ed3ffc27c6d4d7

SHA512
d87940ebf0bd05f0bc5b83e2bcfa0d6251beb203bdde6989f9aed348e1f0fd38a3e005e0d15d2100e78701c65b7c143ebcf3dc7cdcfa96e0b50f0ed2dfbfad0c

Download Submit
C:\Windows\system\ZdGJNpL.exe

Filesize
6.0MB

MD5
e6d2aae637c14d5930e6a86e6b3a3da0

SHA1
977ed025205af895fa20c9ae08da1fd7ffa9aab1

SHA256
991f396659d59e1cc0bfe0f40e20504d0ab30f88ea1930aa461d6bf8510746e7

SHA512
39d10a6bfdec075361d5613373a3ce62c1bdfb1c63e18dc14dd5c39065134e118305749aba05acbac9fddbbfa42c6a93bac01b064faf5654529d18095f5c4d88

Download Submit
C:\Windows\system\cZPCIUz.exe

Filesize
6.0MB

MD5
48841296e29be27d9496ec1dd40e19d2

SHA1
2279dc38d7c611b1f84034dee55f233c0b7e3405

SHA256
7e77678f32c69c271f9af2db5d52369afe125bb72e7b85a0e18af932131a1076

SHA512
2e06ae6f3724c7c6dc78c2805ef40fd207e1c96e1aaafefdb3cd4588dbcbf46b5bde2a794c0ab337a6ed023bdc920b1f4929ecd0697ff64ee63e8c79b3f43ec1

Download Submit
C:\Windows\system\hLmlnTo.exe

Filesize
6.0MB

MD5
3fe8d7c4078e2a619e1739cd70f73958

SHA1
06a9e050fa6dd785a2f03545121f0f463785d0f4

SHA256
d9d65410adb2023c67bd7b8543bb85e92be5ba5bdbcfd6aaeb24e2222e0d5c4b

SHA512
922a6db35da14c5f50586d88baceca28ba42ded77d568c28db24a83b933ab2743bc3dca2bba754012b5714657d1f8f0a1e9df612aba65da2e74a84b02ea083d7

Download Submit
C:\Windows\system\hceEEdd.exe

Filesize
6.0MB

MD5
263e7ce04a2bbbf805bc23d4c57451fd

SHA1
a995a1174e03bdd04b138c8301a637d0e1e8f523

SHA256
4e35097a80b08235c024f11a73f6ba30aeb8ef8982b62f004af97b1ea4604cfe

SHA512
b88fa3f529ec2441da38cae9f9ed52b39e161d078e0d48141e477deb3c312cd5f6a12778e116b7dbf4f500aaaaffb70f57fb4f8c606c7585e064bb132f358bb6

Download Submit
C:\Windows\system\iPBtRme.exe

Filesize
6.0MB

MD5
c5c236d39575fd9f295a8de40750fcee

SHA1
955292ab849ec7b8bfa48a3cd57b4113e5a5f4a2

SHA256
cda9305821e1c7e9d92eb3942942ba5ac82356f0245719596cc133c8e8f17d59

SHA512
64616cbbad2dc0523b8c1c64ffb10b3de1e975adb77e5bf0c9607464fdce506ef29168f1d1165aa05a6f2107dbb25c3eb02ad5fe6ae7f97dadb479e279494954

Download Submit
C:\Windows\system\lGgkoSc.exe

Filesize
6.0MB

MD5
699fcffa19089663986ba1129beea88a

SHA1
def7dca1a5ed7cc9edd788c439e17b4248e48035

SHA256
6cadeec98d4e043efa41042195b6d2ec4806d8f2f988ac0def6526323883c7be

SHA512
a7b11e9e3b5e63b827dcb2b6d778eee3819a1b765db3ee247346a6aed82dfe7a966549bd6025dda2e2220b9ffcc2f3f7e6768c8702399075ad0bd7663ecd76f7

Download Submit
C:\Windows\system\ngwErhy.exe

Filesize
6.0MB

MD5
850c7a1cd063dbb2b5f307c17fd66b2b

SHA1
354a159423702c07d5d4087b83e324ac22d83088

SHA256
65eb6d8317461d968b117cfc01e72a6af52e14a3b6e7ce06ec64d2c02aa772ec

SHA512
a055d381afae6ab88e3d85c69be072729bd071c3e59320f8feb4cf2aba2c1b998f8f9f4a5f140bc9bb4d85a03184e50b5f5062408203531e8f6ad948a3122906

Download Submit
C:\Windows\system\taZAFAj.exe

Filesize
6.0MB

MD5
6961289e5c1491e90ae1b7960a15e0b1

SHA1
cfc8a8b6529d10b8e085a9e3582c829c113af1e2

SHA256
a1a0cb0d1372a47ebbe1e49ad989fcd69e566889c5f73816b41269c150438524

SHA512
5824dbafb0cf5299966c5d6534e9726a6cd1469060ce80081022212177c1df7b0d6c239bfb7bafd522fea4e21a7fb7bd62c0ece9e090843509719cc143370189

Download Submit
C:\Windows\system\vuYjePc.exe

Filesize
6.0MB

MD5
3adfddb8fb07821c7873718b84e4e0f3

SHA1
fda49b09ca2df0d58461b2364602055b9149debc

SHA256
a21919686fc79ab03f87aac50916e3116a627822fbd8d77c14edfa8be19a560b

SHA512
90e86b52651a309c7a14ab7010e57d09f9be5f6ee4105abbc9dc071dd72388d909d98f8284575b2b4bb6cbee775fa5e79ca306a778e0f6d50e4a5ef536e78181

Download Submit
C:\Windows\system\yEchntW.exe

Filesize
6.0MB

MD5
227b49cc5f8172b3cfb063b60c1c4d6c

SHA1
dd35ea6ac0dc3c860448b19d6de76f5a820a6f69

SHA256
30cef9d358a0d08c97e615e3aa1b04801caa0e4dd468616dd2fafaba1499de0e

SHA512
fc547a31b81d6da7388676429aab211f1fb36ddeb05fb82e44c0e76b361579318b1d97e2550f134a66a6f41337615f198f011e6e7af5a9c6e580a90ded938dd5

Download Submit
\Windows\system\FxyvMzV.exe

Filesize
6.0MB

MD5
381873468a14021dc04c3182f8a138e8

SHA1
61294c999f859ca2b88ed59f73f38dbccd0c5b33

SHA256
64a7e3fe0eaa5775237532c4cf8e7f6d26c644e26af06b3587a9f176ab52bd44

SHA512
fcc0b0285811e63d4282279eb151ceafad86bc7003f259a6e8881fb8059a062d0c7f03b3db107a2f0a103d535e6d8cf56a0c09bedaa58cb6606ce10667f9ba1d

Download Submit
\Windows\system\GUalblQ.exe

Filesize
6.0MB

MD5
52cc91e4c5a5942562c147f4be9170cd

SHA1
e859f87d573311ef5de43f4b6370f9eecf5a74d6

SHA256
ee3cd6a431cc649aa14712b093b4564e02fc5deea9e911ef93f56ae996b2ba7d

SHA512
d8370ca0cb3bd40068e02583a37a70a8ec4fb2d992ad0f1a9f0bab2555dce2a01632d8c85ed8f9466fff4a880a86a1462efb94fbf8c26a677cacd29f345c338a

Download Submit
\Windows\system\IpSxxHl.exe

Filesize
6.0MB

MD5
4ae5931ef6d51b32c96f7578cffa6215

SHA1
bf42ec3370e4d8ae78cb5d0c7f802b43cfdde7c4

SHA256
bb65c7c5fae6fcb229a91f5b2a9706514e0e0fea3a5b02bc53a1a3e9d54baa7e

SHA512
3110dba7ec827ec32f03d70d2a797ca4c6ec9c0161d9098f67a56bd3caf39d8959fc0bf6eee09b3ce43e30ab9ec8599dc982bbb1934451ddcc001032de4aa634

Download Submit
\Windows\system\LgYQAaX.exe

Filesize
6.0MB

MD5
f1b9fdac83e587f4396cf9beaf5b03d3

SHA1
e6537e5f8b5407a0d00144b58e415b686f4bbcfd

SHA256
f80f98c98b47c0f48c0238c9b58b0b112111fca4782d5b77c0935a86b04d8524

SHA512
5f047febd2926a059e78a5ee7f904450fa766825e006415d17f3392b7e5afb4c1d69c934b122ca6edcf39efd6776a74284940f6da460f685012a6bf54cd401a1

Download Submit
\Windows\system\OrMJGyf.exe

Filesize
6.0MB

MD5
0912f7413e1c6e362586a5301ae1a220

SHA1
adbd353014c282b821bc68fa056563bc4c4fa51e

SHA256
5b26e19c7782d4107428786631051ab66bea3a2bee7ac43c4be95d5197286fa3

SHA512
0b6038f2a04df6ced5bd05d7ef1b73e62563fe01c16e48e144de1ad5a75fa91fc1aedf0166a67b1c6aff18bc9e17ec6de57f09b00136280015083968bb66ff7f

Download Submit
\Windows\system\foscpDp.exe

Filesize
6.0MB

MD5
d50313c3d3eee8db80c47d9e72b860b2

SHA1
9563d26855d51e1034c45e41231104a113150c90

SHA256
6c38eee6bb4aeb7ce1b1d974bc6c735da1e9a1a1441523d1c04892239d9487e8

SHA512
3516aeb8420a1fe1b637feaac0e2bb77163aa4b4b33d032f83615adb56a31d93024710c3a983be0be97c7bbc730f969a29e6543206aacab17d6479e9b5dec304

Download Submit
\Windows\system\rQbCBSc.exe

Filesize
6.0MB

MD5
1f653abbc5495af4f703e9b50ec2756f

SHA1
8de47fdc02c3712b0552532fcb70e79169738e60

SHA256
3699945563f220fa7fd6424c26e7ed25673f4ac1e9c9b51b80aea323f5cbae16

SHA512
370e4b67e70445e307ef7476cc61c67f9b3f80267dff7cd70ef893b1c88ccd9932482c50dcc19d998e9b6878e6a5206e5fa3c35c728e579884a8bae676478a43

Download Submit
\Windows\system\uFOsmVZ.exe

Filesize
6.0MB

MD5
d6b4ab94bc7bd751e4c878cb52431d6a

SHA1
0890d27ea3c5463c72f1f174d229277a9cff383b

SHA256
c49b5c2b35234552c0c171d8ac20a1e7240315745ce7c9f58c88f2741e728662

SHA512
426cebdc26587d3872bdca33af314192d5a16c8e7a5c768e1a8da90e14204cd928986b5ed2c7755efa36c276559cdf1b4ddc1222d01a6d658a97c323b49f24dd

Download Submit
\Windows\system\wYZzdpR.exe

Filesize
6.0MB

MD5
ca1cc060637c877616dd61846ef64154

SHA1
3efd3888367ddc769fb24f8d9b94eeb89664564a

SHA256
14a9545cb8684b3428c98e944865034cc18bd2ccd735d36f9826d02d385d3d11

SHA512
9fcee8b87d074657dd8b04c00ed62a966eb321dcb1a38e7be3125363785363eb1ea308600c4b62572ef929f01abf596ec79ea54b7d902e22b8cb6b507b9b46d9

Download Submit
memory/1728-261-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3857-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3858-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2220-186-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2256-197-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3859-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2372-246-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3867-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-256-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3848-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-215-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1904-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2532-202-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2532-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2532-251-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2532-233-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2532-224-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2532-243-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1784-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-245-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-143-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-174-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-193-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2532-179-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2564-176-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3885-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-163-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3871-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3823-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2748-212-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3824-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2788-244-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2856-201-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3856-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3860-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-203-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-228-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3839-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2912-238-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3863-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3864-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2932-220-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download