cobaltstrike | 2de8d75041dcf6621317e4b36221dd69762bece670969ec44c9f926adf3e5bd9

Analysis

max time kernel
99s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

115529203af9f73537f91c0bce4c7d4e
SHA1

1850a03ad0a59d73e49e54bbafc307cbab789896
SHA256

2de8d75041dcf6621317e4b36221dd69762bece670969ec44c9f926adf3e5bd9
SHA512

62a8073c39d44fff60a244c24bce1fa13efe37f237c50eb9afeb192d61c6455e31a4374ecb9fb680f8cfd13b3e25a918d6ae74a41f5d11f23abfa323cc024f4e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\CTFvYvQ.exe	cobalt_reflective_dll
C:\Windows\System\lPRGedO.exe	cobalt_reflective_dll
C:\Windows\System\caBNYIB.exe	cobalt_reflective_dll
C:\Windows\System\vGiVzUu.exe	cobalt_reflective_dll
C:\Windows\System\WExWfio.exe	cobalt_reflective_dll
C:\Windows\System\YninPIb.exe	cobalt_reflective_dll
C:\Windows\System\aSHNUts.exe	cobalt_reflective_dll
C:\Windows\System\CeIDJJs.exe	cobalt_reflective_dll
C:\Windows\System\ICvlYmM.exe	cobalt_reflective_dll
C:\Windows\System\hkKhZDh.exe	cobalt_reflective_dll
C:\Windows\System\QOvjzvj.exe	cobalt_reflective_dll
C:\Windows\System\lCNZebe.exe	cobalt_reflective_dll
C:\Windows\System\uAjFuqA.exe	cobalt_reflective_dll
C:\Windows\System\jtSjriR.exe	cobalt_reflective_dll
C:\Windows\System\hYkRSMH.exe	cobalt_reflective_dll
C:\Windows\System\QyuUBfB.exe	cobalt_reflective_dll
C:\Windows\System\ZZxFdqT.exe	cobalt_reflective_dll
C:\Windows\System\EvHcaJw.exe	cobalt_reflective_dll
C:\Windows\System\bdkBrku.exe	cobalt_reflective_dll
C:\Windows\System\gcXYByh.exe	cobalt_reflective_dll
C:\Windows\System\jmfhNNI.exe	cobalt_reflective_dll
C:\Windows\System\qmAUDTl.exe	cobalt_reflective_dll
C:\Windows\System\TsKqfaW.exe	cobalt_reflective_dll
C:\Windows\System\UHfWZoD.exe	cobalt_reflective_dll
C:\Windows\System\jJlLVAI.exe	cobalt_reflective_dll
C:\Windows\System\MGWTxjR.exe	cobalt_reflective_dll
C:\Windows\System\EiRRZmz.exe	cobalt_reflective_dll
C:\Windows\System\MFhdWLD.exe	cobalt_reflective_dll
C:\Windows\System\xbkyeXk.exe	cobalt_reflective_dll
C:\Windows\System\MPwrzEl.exe	cobalt_reflective_dll
C:\Windows\System\QMdDjZI.exe	cobalt_reflective_dll
C:\Windows\System\ZQgkwSx.exe	cobalt_reflective_dll
C:\Windows\System\uuWtaEd.exe	cobalt_reflective_dll
C:\Windows\System\fErkBLp.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/4600-0-0x00007FF6F4B10000-0x00007FF6F4E64000-memory.dmp	xmrig
C:\Windows\System\CTFvYvQ.exe	xmrig
behavioral2/memory/4784-7-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp	xmrig
C:\Windows\System\lPRGedO.exe	xmrig
C:\Windows\System\caBNYIB.exe	xmrig
behavioral2/memory/3596-14-0x00007FF6FAE60000-0x00007FF6FB1B4000-memory.dmp	xmrig
behavioral2/memory/2576-18-0x00007FF6DA570000-0x00007FF6DA8C4000-memory.dmp	xmrig
C:\Windows\System\vGiVzUu.exe	xmrig
behavioral2/memory/4840-24-0x00007FF66CBC0000-0x00007FF66CF14000-memory.dmp	xmrig
C:\Windows\System\WExWfio.exe	xmrig
C:\Windows\System\YninPIb.exe	xmrig
behavioral2/memory/4344-45-0x00007FF63A530000-0x00007FF63A884000-memory.dmp	xmrig
C:\Windows\System\aSHNUts.exe	xmrig
behavioral2/memory/2804-53-0x00007FF647C40000-0x00007FF647F94000-memory.dmp	xmrig
C:\Windows\System\CeIDJJs.exe	xmrig
C:\Windows\System\ICvlYmM.exe	xmrig
C:\Windows\System\hkKhZDh.exe	xmrig
behavioral2/memory/4048-86-0x00007FF76B6F0000-0x00007FF76BA44000-memory.dmp	xmrig
C:\Windows\System\QOvjzvj.exe	xmrig
C:\Windows\System\lCNZebe.exe	xmrig
behavioral2/memory/1640-113-0x00007FF73E300000-0x00007FF73E654000-memory.dmp	xmrig
C:\Windows\System\uAjFuqA.exe	xmrig
C:\Windows\System\jtSjriR.exe	xmrig
behavioral2/memory/2040-157-0x00007FF6BF9F0000-0x00007FF6BFD44000-memory.dmp	xmrig
behavioral2/memory/4688-624-0x00007FF624F30000-0x00007FF625284000-memory.dmp	xmrig
behavioral2/memory/4744-633-0x00007FF711C60000-0x00007FF711FB4000-memory.dmp	xmrig
behavioral2/memory/4768-639-0x00007FF6998B0000-0x00007FF699C04000-memory.dmp	xmrig
behavioral2/memory/3396-638-0x00007FF68CC30000-0x00007FF68CF84000-memory.dmp	xmrig
behavioral2/memory/4260-645-0x00007FF70A060000-0x00007FF70A3B4000-memory.dmp	xmrig
behavioral2/memory/2032-643-0x00007FF7DD0A0000-0x00007FF7DD3F4000-memory.dmp	xmrig
behavioral2/memory/2732-635-0x00007FF620CA0000-0x00007FF620FF4000-memory.dmp	xmrig
behavioral2/memory/4344-634-0x00007FF63A530000-0x00007FF63A884000-memory.dmp	xmrig
behavioral2/memory/2804-699-0x00007FF647C40000-0x00007FF647F94000-memory.dmp	xmrig
C:\Windows\System\hYkRSMH.exe	xmrig
C:\Windows\System\QyuUBfB.exe	xmrig
C:\Windows\System\ZZxFdqT.exe	xmrig
C:\Windows\System\EvHcaJw.exe	xmrig
C:\Windows\System\bdkBrku.exe	xmrig
C:\Windows\System\gcXYByh.exe	xmrig
C:\Windows\System\jmfhNNI.exe	xmrig
C:\Windows\System\qmAUDTl.exe	xmrig
C:\Windows\System\TsKqfaW.exe	xmrig
behavioral2/memory/5080-167-0x00007FF63A960000-0x00007FF63ACB4000-memory.dmp	xmrig
C:\Windows\System\UHfWZoD.exe	xmrig
behavioral2/memory/840-153-0x00007FF651430000-0x00007FF651784000-memory.dmp	xmrig
behavioral2/memory/3904-807-0x00007FF7F83D0000-0x00007FF7F8724000-memory.dmp	xmrig
C:\Windows\System\jJlLVAI.exe	xmrig
C:\Windows\System\MGWTxjR.exe	xmrig
C:\Windows\System\EiRRZmz.exe	xmrig
behavioral2/memory/4384-142-0x00007FF70C520000-0x00007FF70C874000-memory.dmp	xmrig
behavioral2/memory/4588-137-0x00007FF656890000-0x00007FF656BE4000-memory.dmp	xmrig
behavioral2/memory/2904-132-0x00007FF7D4180000-0x00007FF7D44D4000-memory.dmp	xmrig
behavioral2/memory/4052-871-0x00007FF7B7B80000-0x00007FF7B7ED4000-memory.dmp	xmrig
C:\Windows\System\MFhdWLD.exe	xmrig
behavioral2/memory/3632-123-0x00007FF6B9DD0000-0x00007FF6BA124000-memory.dmp	xmrig
C:\Windows\System\xbkyeXk.exe	xmrig
behavioral2/memory/5016-116-0x00007FF60A840000-0x00007FF60AB94000-memory.dmp	xmrig
behavioral2/memory/3992-106-0x00007FF750B50000-0x00007FF750EA4000-memory.dmp	xmrig
behavioral2/memory/2444-929-0x00007FF6D8180000-0x00007FF6D84D4000-memory.dmp	xmrig
behavioral2/memory/4048-930-0x00007FF76B6F0000-0x00007FF76BA44000-memory.dmp	xmrig
C:\Windows\System\MPwrzEl.exe	xmrig
behavioral2/memory/4840-98-0x00007FF66CBC0000-0x00007FF66CF14000-memory.dmp	xmrig
behavioral2/memory/2576-97-0x00007FF6DA570000-0x00007FF6DA8C4000-memory.dmp	xmrig
C:\Windows\System\QMdDjZI.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

CTFvYvQ.exelPRGedO.execaBNYIB.exevGiVzUu.exeWExWfio.exeYninPIb.exefErkBLp.exeaSHNUts.exeuuWtaEd.exeCeIDJJs.exeICvlYmM.exehkKhZDh.exeZQgkwSx.exeQMdDjZI.exeMPwrzEl.exelCNZebe.exeQOvjzvj.exexbkyeXk.exeuAjFuqA.exeMFhdWLD.exejtSjriR.exeEiRRZmz.exeMGWTxjR.exejJlLVAI.exeUHfWZoD.exeqmAUDTl.exeTsKqfaW.exegcXYByh.exebdkBrku.exeEvHcaJw.exejmfhNNI.exeZZxFdqT.exeQyuUBfB.exehYkRSMH.exeWmNTHLh.exeRUddQas.exernyheMi.exeMBAfZfB.exekHWEyXs.exeugmKbFh.exeARNSZBy.exezwueJBs.exehMEwOGE.exeicUERnj.exeEdZVvGO.exeopBsyus.exeIcQtHYd.exeJnUSKqQ.exeBWJoUac.exexkiywGZ.exeBWUjwvQ.exeucyMzqJ.exevqTDOuq.exeeYoSsGK.exexiuXHxJ.exeMnkDasU.exeTitNOeW.exemBdQCML.exePblJVQk.exenGKyYKf.exebJMJtaV.exeZKxLbJw.exeuaAQugh.exebvLaRYd.exe

pid	process
4784	CTFvYvQ.exe
3596	lPRGedO.exe
2576	caBNYIB.exe
4840	vGiVzUu.exe
4744	WExWfio.exe
4344	YninPIb.exe
456	fErkBLp.exe
2804	aSHNUts.exe
3904	uuWtaEd.exe
4328	CeIDJJs.exe
4052	ICvlYmM.exe
2444	hkKhZDh.exe
4048	ZQgkwSx.exe
3992	QMdDjZI.exe
1640	MPwrzEl.exe
5016	lCNZebe.exe
2904	QOvjzvj.exe
4588	xbkyeXk.exe
3632	uAjFuqA.exe
4384	MFhdWLD.exe
4688	jtSjriR.exe
2732	EiRRZmz.exe
840	MGWTxjR.exe
2040	jJlLVAI.exe
3396	UHfWZoD.exe
4768	qmAUDTl.exe
5080	TsKqfaW.exe
4260	gcXYByh.exe
2032	bdkBrku.exe
2280	EvHcaJw.exe
4580	jmfhNNI.exe
1188	ZZxFdqT.exe
2124	QyuUBfB.exe
112	hYkRSMH.exe
836	WmNTHLh.exe
4672	RUddQas.exe
3676	rnyheMi.exe
2500	MBAfZfB.exe
3272	kHWEyXs.exe
3500	ugmKbFh.exe
3604	ARNSZBy.exe
2260	zwueJBs.exe
2956	hMEwOGE.exe
1660	icUERnj.exe
228	EdZVvGO.exe
3496	opBsyus.exe
4296	IcQtHYd.exe
1548	JnUSKqQ.exe
3368	BWJoUac.exe
4468	xkiywGZ.exe
2196	BWUjwvQ.exe
2988	ucyMzqJ.exe
2408	vqTDOuq.exe
3928	eYoSsGK.exe
628	xiuXHxJ.exe
740	MnkDasU.exe
4228	TitNOeW.exe
3512	mBdQCML.exe
3480	PblJVQk.exe
3192	nGKyYKf.exe
900	bJMJtaV.exe
4764	ZKxLbJw.exe
4496	uaAQugh.exe
2160	bvLaRYd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4600-0-0x00007FF6F4B10000-0x00007FF6F4E64000-memory.dmp	upx
C:\Windows\System\CTFvYvQ.exe	upx
behavioral2/memory/4784-7-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp	upx
C:\Windows\System\lPRGedO.exe	upx
C:\Windows\System\caBNYIB.exe	upx
behavioral2/memory/3596-14-0x00007FF6FAE60000-0x00007FF6FB1B4000-memory.dmp	upx
behavioral2/memory/2576-18-0x00007FF6DA570000-0x00007FF6DA8C4000-memory.dmp	upx
C:\Windows\System\vGiVzUu.exe	upx
behavioral2/memory/4840-24-0x00007FF66CBC0000-0x00007FF66CF14000-memory.dmp	upx
C:\Windows\System\WExWfio.exe	upx
C:\Windows\System\YninPIb.exe	upx
behavioral2/memory/4344-45-0x00007FF63A530000-0x00007FF63A884000-memory.dmp	upx
C:\Windows\System\aSHNUts.exe	upx
behavioral2/memory/2804-53-0x00007FF647C40000-0x00007FF647F94000-memory.dmp	upx
C:\Windows\System\CeIDJJs.exe	upx
C:\Windows\System\ICvlYmM.exe	upx
C:\Windows\System\hkKhZDh.exe	upx
behavioral2/memory/4048-86-0x00007FF76B6F0000-0x00007FF76BA44000-memory.dmp	upx
C:\Windows\System\QOvjzvj.exe	upx
C:\Windows\System\lCNZebe.exe	upx
behavioral2/memory/1640-113-0x00007FF73E300000-0x00007FF73E654000-memory.dmp	upx
C:\Windows\System\uAjFuqA.exe	upx
C:\Windows\System\jtSjriR.exe	upx
behavioral2/memory/2040-157-0x00007FF6BF9F0000-0x00007FF6BFD44000-memory.dmp	upx
behavioral2/memory/4688-624-0x00007FF624F30000-0x00007FF625284000-memory.dmp	upx
behavioral2/memory/4744-633-0x00007FF711C60000-0x00007FF711FB4000-memory.dmp	upx
behavioral2/memory/4768-639-0x00007FF6998B0000-0x00007FF699C04000-memory.dmp	upx
behavioral2/memory/3396-638-0x00007FF68CC30000-0x00007FF68CF84000-memory.dmp	upx
behavioral2/memory/4260-645-0x00007FF70A060000-0x00007FF70A3B4000-memory.dmp	upx
behavioral2/memory/2032-643-0x00007FF7DD0A0000-0x00007FF7DD3F4000-memory.dmp	upx
behavioral2/memory/2732-635-0x00007FF620CA0000-0x00007FF620FF4000-memory.dmp	upx
behavioral2/memory/4344-634-0x00007FF63A530000-0x00007FF63A884000-memory.dmp	upx
behavioral2/memory/2804-699-0x00007FF647C40000-0x00007FF647F94000-memory.dmp	upx
C:\Windows\System\hYkRSMH.exe	upx
C:\Windows\System\QyuUBfB.exe	upx
C:\Windows\System\ZZxFdqT.exe	upx
C:\Windows\System\EvHcaJw.exe	upx
C:\Windows\System\bdkBrku.exe	upx
C:\Windows\System\gcXYByh.exe	upx
C:\Windows\System\jmfhNNI.exe	upx
C:\Windows\System\qmAUDTl.exe	upx
C:\Windows\System\TsKqfaW.exe	upx
behavioral2/memory/5080-167-0x00007FF63A960000-0x00007FF63ACB4000-memory.dmp	upx
C:\Windows\System\UHfWZoD.exe	upx
behavioral2/memory/840-153-0x00007FF651430000-0x00007FF651784000-memory.dmp	upx
behavioral2/memory/3904-807-0x00007FF7F83D0000-0x00007FF7F8724000-memory.dmp	upx
C:\Windows\System\jJlLVAI.exe	upx
C:\Windows\System\MGWTxjR.exe	upx
C:\Windows\System\EiRRZmz.exe	upx
behavioral2/memory/4384-142-0x00007FF70C520000-0x00007FF70C874000-memory.dmp	upx
behavioral2/memory/4588-137-0x00007FF656890000-0x00007FF656BE4000-memory.dmp	upx
behavioral2/memory/2904-132-0x00007FF7D4180000-0x00007FF7D44D4000-memory.dmp	upx
behavioral2/memory/4052-871-0x00007FF7B7B80000-0x00007FF7B7ED4000-memory.dmp	upx
C:\Windows\System\MFhdWLD.exe	upx
behavioral2/memory/3632-123-0x00007FF6B9DD0000-0x00007FF6BA124000-memory.dmp	upx
C:\Windows\System\xbkyeXk.exe	upx
behavioral2/memory/5016-116-0x00007FF60A840000-0x00007FF60AB94000-memory.dmp	upx
behavioral2/memory/3992-106-0x00007FF750B50000-0x00007FF750EA4000-memory.dmp	upx
behavioral2/memory/2444-929-0x00007FF6D8180000-0x00007FF6D84D4000-memory.dmp	upx
behavioral2/memory/4048-930-0x00007FF76B6F0000-0x00007FF76BA44000-memory.dmp	upx
C:\Windows\System\MPwrzEl.exe	upx
behavioral2/memory/4840-98-0x00007FF66CBC0000-0x00007FF66CF14000-memory.dmp	upx
behavioral2/memory/2576-97-0x00007FF6DA570000-0x00007FF6DA8C4000-memory.dmp	upx
C:\Windows\System\QMdDjZI.exe	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\WEnVnHW.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZFhZYl.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TefgKZR.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhqYZNz.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPUdHrn.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIJpaBB.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGQwYYE.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzylbly.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCddHYM.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsQosxa.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWuxEHu.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utVyUMa.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyuUBfB.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOssgwc.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBrwhRx.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMwFaqX.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVhNOTp.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAopKhJ.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FScXQfG.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiTlgft.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSXVGsp.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Usosxkn.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIXoBiT.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZApHKYz.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQoratt.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZxFdqT.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLaobZy.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKfvCke.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEcsoex.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\katYzfu.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDbWqkK.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ytiudms.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUoTmmq.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSHNUts.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqwqqye.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxHTCjS.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWpithM.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjwdkPX.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoFkDvs.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjCGPOd.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdRXamP.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYVYENm.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptVizvb.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdZVvGO.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFwIvbF.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtxpWwC.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fErkBLp.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDbvRlu.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvRvXKg.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtJVZkp.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAjFuqA.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYcZqxy.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRsPJRL.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUWVTrp.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPCIIoo.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKxSpqW.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdIFCYP.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaNuRxS.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDRbYIc.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYoSsGK.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbSHYIL.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaSrJij.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysGtqrN.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkuPPtl.exe	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 4600 wrote to memory of 4784	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	CTFvYvQ.exe
PID 4600 wrote to memory of 4784	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	CTFvYvQ.exe
PID 4600 wrote to memory of 3596	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	lPRGedO.exe
PID 4600 wrote to memory of 3596	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	lPRGedO.exe
PID 4600 wrote to memory of 2576	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	caBNYIB.exe
PID 4600 wrote to memory of 2576	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	caBNYIB.exe
PID 4600 wrote to memory of 4840	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	vGiVzUu.exe
PID 4600 wrote to memory of 4840	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	vGiVzUu.exe
PID 4600 wrote to memory of 4744	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	WExWfio.exe
PID 4600 wrote to memory of 4744	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	WExWfio.exe
PID 4600 wrote to memory of 4344	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	YninPIb.exe
PID 4600 wrote to memory of 4344	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	YninPIb.exe
PID 4600 wrote to memory of 456	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	fErkBLp.exe
PID 4600 wrote to memory of 456	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	fErkBLp.exe
PID 4600 wrote to memory of 2804	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	aSHNUts.exe
PID 4600 wrote to memory of 2804	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	aSHNUts.exe
PID 4600 wrote to memory of 3904	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	uuWtaEd.exe
PID 4600 wrote to memory of 3904	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	uuWtaEd.exe
PID 4600 wrote to memory of 4328	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	CeIDJJs.exe
PID 4600 wrote to memory of 4328	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	CeIDJJs.exe
PID 4600 wrote to memory of 4052	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	ICvlYmM.exe
PID 4600 wrote to memory of 4052	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	ICvlYmM.exe
PID 4600 wrote to memory of 2444	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	hkKhZDh.exe
PID 4600 wrote to memory of 2444	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	hkKhZDh.exe
PID 4600 wrote to memory of 4048	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	ZQgkwSx.exe
PID 4600 wrote to memory of 4048	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	ZQgkwSx.exe
PID 4600 wrote to memory of 5016	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	lCNZebe.exe
PID 4600 wrote to memory of 5016	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	lCNZebe.exe
PID 4600 wrote to memory of 3992	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	QMdDjZI.exe
PID 4600 wrote to memory of 3992	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	QMdDjZI.exe
PID 4600 wrote to memory of 1640	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	MPwrzEl.exe
PID 4600 wrote to memory of 1640	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	MPwrzEl.exe
PID 4600 wrote to memory of 2904	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	QOvjzvj.exe
PID 4600 wrote to memory of 2904	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	QOvjzvj.exe
PID 4600 wrote to memory of 4588	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	xbkyeXk.exe
PID 4600 wrote to memory of 4588	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	xbkyeXk.exe
PID 4600 wrote to memory of 3632	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	uAjFuqA.exe
PID 4600 wrote to memory of 3632	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	uAjFuqA.exe
PID 4600 wrote to memory of 4384	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	MFhdWLD.exe
PID 4600 wrote to memory of 4384	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	MFhdWLD.exe
PID 4600 wrote to memory of 4688	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	jtSjriR.exe
PID 4600 wrote to memory of 4688	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	jtSjriR.exe
PID 4600 wrote to memory of 2732	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	EiRRZmz.exe
PID 4600 wrote to memory of 2732	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	EiRRZmz.exe
PID 4600 wrote to memory of 840	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	MGWTxjR.exe
PID 4600 wrote to memory of 840	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	MGWTxjR.exe
PID 4600 wrote to memory of 2040	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	jJlLVAI.exe
PID 4600 wrote to memory of 2040	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	jJlLVAI.exe
PID 4600 wrote to memory of 3396	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	UHfWZoD.exe
PID 4600 wrote to memory of 3396	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	UHfWZoD.exe
PID 4600 wrote to memory of 4768	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	qmAUDTl.exe
PID 4600 wrote to memory of 4768	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	qmAUDTl.exe
PID 4600 wrote to memory of 5080	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	TsKqfaW.exe
PID 4600 wrote to memory of 5080	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	TsKqfaW.exe
PID 4600 wrote to memory of 1188	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	ZZxFdqT.exe
PID 4600 wrote to memory of 1188	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	ZZxFdqT.exe
PID 4600 wrote to memory of 4260	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	gcXYByh.exe
PID 4600 wrote to memory of 4260	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	gcXYByh.exe
PID 4600 wrote to memory of 2032	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	bdkBrku.exe
PID 4600 wrote to memory of 2032	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	bdkBrku.exe
PID 4600 wrote to memory of 2280	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	EvHcaJw.exe
PID 4600 wrote to memory of 2280	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	EvHcaJw.exe
PID 4600 wrote to memory of 4580	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	jmfhNNI.exe
PID 4600 wrote to memory of 4580	4600	2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe	jmfhNNI.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_115529203af9f73537f91c0bce4c7d4e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Windows\System\CTFvYvQ.exe
  C:\Windows\System\CTFvYvQ.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\lPRGedO.exe
  C:\Windows\System\lPRGedO.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\caBNYIB.exe
  C:\Windows\System\caBNYIB.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\vGiVzUu.exe
  C:\Windows\System\vGiVzUu.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\WExWfio.exe
  C:\Windows\System\WExWfio.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\YninPIb.exe
  C:\Windows\System\YninPIb.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\fErkBLp.exe
  C:\Windows\System\fErkBLp.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\aSHNUts.exe
  C:\Windows\System\aSHNUts.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\uuWtaEd.exe
  C:\Windows\System\uuWtaEd.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\CeIDJJs.exe
  C:\Windows\System\CeIDJJs.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\ICvlYmM.exe
  C:\Windows\System\ICvlYmM.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\hkKhZDh.exe
  C:\Windows\System\hkKhZDh.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\ZQgkwSx.exe
  C:\Windows\System\ZQgkwSx.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\lCNZebe.exe
  C:\Windows\System\lCNZebe.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\QMdDjZI.exe
  C:\Windows\System\QMdDjZI.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\MPwrzEl.exe
  C:\Windows\System\MPwrzEl.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\QOvjzvj.exe
  C:\Windows\System\QOvjzvj.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\xbkyeXk.exe
  C:\Windows\System\xbkyeXk.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\uAjFuqA.exe
  C:\Windows\System\uAjFuqA.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\MFhdWLD.exe
  C:\Windows\System\MFhdWLD.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\jtSjriR.exe
  C:\Windows\System\jtSjriR.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\EiRRZmz.exe
  C:\Windows\System\EiRRZmz.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\MGWTxjR.exe
  C:\Windows\System\MGWTxjR.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\jJlLVAI.exe
  C:\Windows\System\jJlLVAI.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\UHfWZoD.exe
  C:\Windows\System\UHfWZoD.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\qmAUDTl.exe
  C:\Windows\System\qmAUDTl.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\TsKqfaW.exe
  C:\Windows\System\TsKqfaW.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\ZZxFdqT.exe
  C:\Windows\System\ZZxFdqT.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\gcXYByh.exe
  C:\Windows\System\gcXYByh.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\bdkBrku.exe
  C:\Windows\System\bdkBrku.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\EvHcaJw.exe
  C:\Windows\System\EvHcaJw.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\jmfhNNI.exe
  C:\Windows\System\jmfhNNI.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\QyuUBfB.exe
  C:\Windows\System\QyuUBfB.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\hYkRSMH.exe
  C:\Windows\System\hYkRSMH.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\WmNTHLh.exe
  C:\Windows\System\WmNTHLh.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\RUddQas.exe
  C:\Windows\System\RUddQas.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\rnyheMi.exe
  C:\Windows\System\rnyheMi.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\MBAfZfB.exe
  C:\Windows\System\MBAfZfB.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\kHWEyXs.exe
  C:\Windows\System\kHWEyXs.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\ugmKbFh.exe
  C:\Windows\System\ugmKbFh.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\ARNSZBy.exe
  C:\Windows\System\ARNSZBy.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\zwueJBs.exe
  C:\Windows\System\zwueJBs.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\hMEwOGE.exe
  C:\Windows\System\hMEwOGE.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\icUERnj.exe
  C:\Windows\System\icUERnj.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\EdZVvGO.exe
  C:\Windows\System\EdZVvGO.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\opBsyus.exe
  C:\Windows\System\opBsyus.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\IcQtHYd.exe
  C:\Windows\System\IcQtHYd.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\JnUSKqQ.exe
  C:\Windows\System\JnUSKqQ.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\BWJoUac.exe
  C:\Windows\System\BWJoUac.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\xkiywGZ.exe
  C:\Windows\System\xkiywGZ.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\BWUjwvQ.exe
  C:\Windows\System\BWUjwvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ucyMzqJ.exe
  C:\Windows\System\ucyMzqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\vqTDOuq.exe
  C:\Windows\System\vqTDOuq.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\eYoSsGK.exe
  C:\Windows\System\eYoSsGK.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\xiuXHxJ.exe
  C:\Windows\System\xiuXHxJ.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\MnkDasU.exe
  C:\Windows\System\MnkDasU.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\TitNOeW.exe
  C:\Windows\System\TitNOeW.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\mBdQCML.exe
  C:\Windows\System\mBdQCML.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\PblJVQk.exe
  C:\Windows\System\PblJVQk.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\nGKyYKf.exe
  C:\Windows\System\nGKyYKf.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\bJMJtaV.exe
  C:\Windows\System\bJMJtaV.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\ZKxLbJw.exe
  C:\Windows\System\ZKxLbJw.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\uaAQugh.exe
  C:\Windows\System\uaAQugh.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\bvLaRYd.exe
  C:\Windows\System\bvLaRYd.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\EbSHYIL.exe
  C:\Windows\System\EbSHYIL.exe
  2⤵
  PID:1544
- C:\Windows\System\uunlPQY.exe
  C:\Windows\System\uunlPQY.exe
  2⤵
  PID:4680
- C:\Windows\System\BIvUTEN.exe
  C:\Windows\System\BIvUTEN.exe
  2⤵
  PID:4376
- C:\Windows\System\peyxZND.exe
  C:\Windows\System\peyxZND.exe
  2⤵
  PID:3404
- C:\Windows\System\XTwXzba.exe
  C:\Windows\System\XTwXzba.exe
  2⤵
  PID:2992
- C:\Windows\System\SIhfJIM.exe
  C:\Windows\System\SIhfJIM.exe
  2⤵
  PID:3524
- C:\Windows\System\cFDCraH.exe
  C:\Windows\System\cFDCraH.exe
  2⤵
  PID:924
- C:\Windows\System\BwMBVsT.exe
  C:\Windows\System\BwMBVsT.exe
  2⤵
  PID:1004
- C:\Windows\System\GOEoWgZ.exe
  C:\Windows\System\GOEoWgZ.exe
  2⤵
  PID:4560
- C:\Windows\System\KgHfSsu.exe
  C:\Windows\System\KgHfSsu.exe
  2⤵
  PID:4612
- C:\Windows\System\fGRLnLz.exe
  C:\Windows\System\fGRLnLz.exe
  2⤵
  PID:640
- C:\Windows\System\kwLCNee.exe
  C:\Windows\System\kwLCNee.exe
  2⤵
  PID:4968
- C:\Windows\System\MbfSeTG.exe
  C:\Windows\System\MbfSeTG.exe
  2⤵
  PID:2808
- C:\Windows\System\uBQzHvP.exe
  C:\Windows\System\uBQzHvP.exe
  2⤵
  PID:4724
- C:\Windows\System\dqwqqye.exe
  C:\Windows\System\dqwqqye.exe
  2⤵
  PID:3068
- C:\Windows\System\UhfDyaS.exe
  C:\Windows\System\UhfDyaS.exe
  2⤵
  PID:5140
- C:\Windows\System\KEXPRZp.exe
  C:\Windows\System\KEXPRZp.exe
  2⤵
  PID:5176
- C:\Windows\System\QUgDLov.exe
  C:\Windows\System\QUgDLov.exe
  2⤵
  PID:5212
- C:\Windows\System\LqgfkrS.exe
  C:\Windows\System\LqgfkrS.exe
  2⤵
  PID:5240
- C:\Windows\System\sNnIAQT.exe
  C:\Windows\System\sNnIAQT.exe
  2⤵
  PID:5256
- C:\Windows\System\exHcSQL.exe
  C:\Windows\System\exHcSQL.exe
  2⤵
  PID:5296
- C:\Windows\System\NRsFaIT.exe
  C:\Windows\System\NRsFaIT.exe
  2⤵
  PID:5320
- C:\Windows\System\SwnHGRU.exe
  C:\Windows\System\SwnHGRU.exe
  2⤵
  PID:5340
- C:\Windows\System\NhcbiFA.exe
  C:\Windows\System\NhcbiFA.exe
  2⤵
  PID:5368
- C:\Windows\System\cdqCQLS.exe
  C:\Windows\System\cdqCQLS.exe
  2⤵
  PID:5396
- C:\Windows\System\VwDnBax.exe
  C:\Windows\System\VwDnBax.exe
  2⤵
  PID:5436
- C:\Windows\System\NDXCYfq.exe
  C:\Windows\System\NDXCYfq.exe
  2⤵
  PID:5452
- C:\Windows\System\oAPEgnG.exe
  C:\Windows\System\oAPEgnG.exe
  2⤵
  PID:5488
- C:\Windows\System\dJQIbmf.exe
  C:\Windows\System\dJQIbmf.exe
  2⤵
  PID:5532
- C:\Windows\System\hPUdHrn.exe
  C:\Windows\System\hPUdHrn.exe
  2⤵
  PID:5548
- C:\Windows\System\MCfkvEs.exe
  C:\Windows\System\MCfkvEs.exe
  2⤵
  PID:5564
- C:\Windows\System\EIrKjIV.exe
  C:\Windows\System\EIrKjIV.exe
  2⤵
  PID:5592
- C:\Windows\System\DPdzYtW.exe
  C:\Windows\System\DPdzYtW.exe
  2⤵
  PID:5628
- C:\Windows\System\ghYJiSs.exe
  C:\Windows\System\ghYJiSs.exe
  2⤵
  PID:5648
- C:\Windows\System\ablKqyk.exe
  C:\Windows\System\ablKqyk.exe
  2⤵
  PID:5684
- C:\Windows\System\IdPBXFH.exe
  C:\Windows\System\IdPBXFH.exe
  2⤵
  PID:5704
- C:\Windows\System\MyCkKOO.exe
  C:\Windows\System\MyCkKOO.exe
  2⤵
  PID:5728
- C:\Windows\System\aTFibKV.exe
  C:\Windows\System\aTFibKV.exe
  2⤵
  PID:5760
- C:\Windows\System\oaSrJij.exe
  C:\Windows\System\oaSrJij.exe
  2⤵
  PID:5796
- C:\Windows\System\UApKfWQ.exe
  C:\Windows\System\UApKfWQ.exe
  2⤵
  PID:5816
- C:\Windows\System\XDbvRlu.exe
  C:\Windows\System\XDbvRlu.exe
  2⤵
  PID:5832
- C:\Windows\System\TLKiHpw.exe
  C:\Windows\System\TLKiHpw.exe
  2⤵
  PID:5848
- C:\Windows\System\tzecqdR.exe
  C:\Windows\System\tzecqdR.exe
  2⤵
  PID:5888
- C:\Windows\System\goljNph.exe
  C:\Windows\System\goljNph.exe
  2⤵
  PID:5904
- C:\Windows\System\xGuvUWe.exe
  C:\Windows\System\xGuvUWe.exe
  2⤵
  PID:5944
- C:\Windows\System\ZQkPOZi.exe
  C:\Windows\System\ZQkPOZi.exe
  2⤵
  PID:5984
- C:\Windows\System\lWJUxPe.exe
  C:\Windows\System\lWJUxPe.exe
  2⤵
  PID:6020
- C:\Windows\System\xYcZqxy.exe
  C:\Windows\System\xYcZqxy.exe
  2⤵
  PID:6052
- C:\Windows\System\UsXghrk.exe
  C:\Windows\System\UsXghrk.exe
  2⤵
  PID:6080
- C:\Windows\System\mHpjkiL.exe
  C:\Windows\System\mHpjkiL.exe
  2⤵
  PID:6096
- C:\Windows\System\weUGhTq.exe
  C:\Windows\System\weUGhTq.exe
  2⤵
  PID:6116
- C:\Windows\System\yAdejNc.exe
  C:\Windows\System\yAdejNc.exe
  2⤵
  PID:4440
- C:\Windows\System\KihOKFB.exe
  C:\Windows\System\KihOKFB.exe
  2⤵
  PID:372
- C:\Windows\System\owEGXuA.exe
  C:\Windows\System\owEGXuA.exe
  2⤵
  PID:4084
- C:\Windows\System\xkzUMvw.exe
  C:\Windows\System\xkzUMvw.exe
  2⤵
  PID:888
- C:\Windows\System\rFhAWAM.exe
  C:\Windows\System\rFhAWAM.exe
  2⤵
  PID:5136
- C:\Windows\System\bzgjtFa.exe
  C:\Windows\System\bzgjtFa.exe
  2⤵
  PID:5172
- C:\Windows\System\MropqcN.exe
  C:\Windows\System\MropqcN.exe
  2⤵
  PID:5220
- C:\Windows\System\WNycTmG.exe
  C:\Windows\System\WNycTmG.exe
  2⤵
  PID:5280
- C:\Windows\System\BoIWmbU.exe
  C:\Windows\System\BoIWmbU.exe
  2⤵
  PID:5380
- C:\Windows\System\qgMZPhC.exe
  C:\Windows\System\qgMZPhC.exe
  2⤵
  PID:5460
- C:\Windows\System\vjRBzfq.exe
  C:\Windows\System\vjRBzfq.exe
  2⤵
  PID:5556
- C:\Windows\System\rmxwVVw.exe
  C:\Windows\System\rmxwVVw.exe
  2⤵
  PID:5620
- C:\Windows\System\YlIVcFD.exe
  C:\Windows\System\YlIVcFD.exe
  2⤵
  PID:5692
- C:\Windows\System\lEWyxQD.exe
  C:\Windows\System\lEWyxQD.exe
  2⤵
  PID:5748
- C:\Windows\System\vpqtlFR.exe
  C:\Windows\System\vpqtlFR.exe
  2⤵
  PID:5784
- C:\Windows\System\LeREoWf.exe
  C:\Windows\System\LeREoWf.exe
  2⤵
  PID:5856
- C:\Windows\System\RomNiSM.exe
  C:\Windows\System\RomNiSM.exe
  2⤵
  PID:5900
- C:\Windows\System\ddNMwBL.exe
  C:\Windows\System\ddNMwBL.exe
  2⤵
  PID:5952
- C:\Windows\System\lLMGlkj.exe
  C:\Windows\System\lLMGlkj.exe
  2⤵
  PID:6000
- C:\Windows\System\nWrLStT.exe
  C:\Windows\System\nWrLStT.exe
  2⤵
  PID:6072
- C:\Windows\System\xeJpMYm.exe
  C:\Windows\System\xeJpMYm.exe
  2⤵
  PID:4772
- C:\Windows\System\IzOehMy.exe
  C:\Windows\System\IzOehMy.exe
  2⤵
  PID:1464
- C:\Windows\System\ybPxRlb.exe
  C:\Windows\System\ybPxRlb.exe
  2⤵
  PID:5160
- C:\Windows\System\btndITV.exe
  C:\Windows\System\btndITV.exe
  2⤵
  PID:5332
- C:\Windows\System\VfkShsY.exe
  C:\Windows\System\VfkShsY.exe
  2⤵
  PID:5444
- C:\Windows\System\WmjVSee.exe
  C:\Windows\System\WmjVSee.exe
  2⤵
  PID:5088
- C:\Windows\System\mHHAgiK.exe
  C:\Windows\System\mHHAgiK.exe
  2⤵
  PID:5872
- C:\Windows\System\nxvDuut.exe
  C:\Windows\System\nxvDuut.exe
  2⤵
  PID:5940
- C:\Windows\System\IKzEqyG.exe
  C:\Windows\System\IKzEqyG.exe
  2⤵
  PID:6092
- C:\Windows\System\iaTzAHL.exe
  C:\Windows\System\iaTzAHL.exe
  2⤵
  PID:1148
- C:\Windows\System\DVpkXsx.exe
  C:\Windows\System\DVpkXsx.exe
  2⤵
  PID:6168
- C:\Windows\System\pMDukKD.exe
  C:\Windows\System\pMDukKD.exe
  2⤵
  PID:6200
- C:\Windows\System\tRguBMx.exe
  C:\Windows\System\tRguBMx.exe
  2⤵
  PID:6240
- C:\Windows\System\MVVdrsQ.exe
  C:\Windows\System\MVVdrsQ.exe
  2⤵
  PID:6256
- C:\Windows\System\ItGprmg.exe
  C:\Windows\System\ItGprmg.exe
  2⤵
  PID:6284
- C:\Windows\System\RVrRUbL.exe
  C:\Windows\System\RVrRUbL.exe
  2⤵
  PID:6300
- C:\Windows\System\LdIFCYP.exe
  C:\Windows\System\LdIFCYP.exe
  2⤵
  PID:6328
- C:\Windows\System\PcwWWia.exe
  C:\Windows\System\PcwWWia.exe
  2⤵
  PID:6344
- C:\Windows\System\ghqTFuw.exe
  C:\Windows\System\ghqTFuw.exe
  2⤵
  PID:6360
- C:\Windows\System\UpFniCO.exe
  C:\Windows\System\UpFniCO.exe
  2⤵
  PID:6396
- C:\Windows\System\KdUBLAE.exe
  C:\Windows\System\KdUBLAE.exe
  2⤵
  PID:6416
- C:\Windows\System\RKqYgPb.exe
  C:\Windows\System\RKqYgPb.exe
  2⤵
  PID:6472
- C:\Windows\System\qTUDvEB.exe
  C:\Windows\System\qTUDvEB.exe
  2⤵
  PID:6492
- C:\Windows\System\yyOzYHR.exe
  C:\Windows\System\yyOzYHR.exe
  2⤵
  PID:6512
- C:\Windows\System\pCkrrBt.exe
  C:\Windows\System\pCkrrBt.exe
  2⤵
  PID:6528
- C:\Windows\System\MZiVLXB.exe
  C:\Windows\System\MZiVLXB.exe
  2⤵
  PID:6556
- C:\Windows\System\bGqacVt.exe
  C:\Windows\System\bGqacVt.exe
  2⤵
  PID:6572
- C:\Windows\System\RuiOava.exe
  C:\Windows\System\RuiOava.exe
  2⤵
  PID:6628
- C:\Windows\System\xzEQfbH.exe
  C:\Windows\System\xzEQfbH.exe
  2⤵
  PID:6652
- C:\Windows\System\RhvPpJE.exe
  C:\Windows\System\RhvPpJE.exe
  2⤵
  PID:6672
- C:\Windows\System\DXJdAkv.exe
  C:\Windows\System\DXJdAkv.exe
  2⤵
  PID:6716
- C:\Windows\System\uCddHYM.exe
  C:\Windows\System\uCddHYM.exe
  2⤵
  PID:6736
- C:\Windows\System\yABCNdq.exe
  C:\Windows\System\yABCNdq.exe
  2⤵
  PID:6752
- C:\Windows\System\oDYpYln.exe
  C:\Windows\System\oDYpYln.exe
  2⤵
  PID:6768
- C:\Windows\System\bFSpLLr.exe
  C:\Windows\System\bFSpLLr.exe
  2⤵
  PID:6788
- C:\Windows\System\dLtRcVc.exe
  C:\Windows\System\dLtRcVc.exe
  2⤵
  PID:6828
- C:\Windows\System\UlpIBaL.exe
  C:\Windows\System\UlpIBaL.exe
  2⤵
  PID:6872
- C:\Windows\System\ZvpmfoJ.exe
  C:\Windows\System\ZvpmfoJ.exe
  2⤵
  PID:6924
- C:\Windows\System\sUSanUh.exe
  C:\Windows\System\sUSanUh.exe
  2⤵
  PID:6944
- C:\Windows\System\JSedeRv.exe
  C:\Windows\System\JSedeRv.exe
  2⤵
  PID:6964
- C:\Windows\System\hNpgHiM.exe
  C:\Windows\System\hNpgHiM.exe
  2⤵
  PID:7000
- C:\Windows\System\xkMPOHd.exe
  C:\Windows\System\xkMPOHd.exe
  2⤵
  PID:7016
- C:\Windows\System\beNgnYl.exe
  C:\Windows\System\beNgnYl.exe
  2⤵
  PID:7036
- C:\Windows\System\gaBVUIC.exe
  C:\Windows\System\gaBVUIC.exe
  2⤵
  PID:7064
- C:\Windows\System\FZgMXTN.exe
  C:\Windows\System\FZgMXTN.exe
  2⤵
  PID:7080
- C:\Windows\System\oZPiAJb.exe
  C:\Windows\System\oZPiAJb.exe
  2⤵
  PID:5936
- C:\Windows\System\MRcxaig.exe
  C:\Windows\System\MRcxaig.exe
  2⤵
  PID:5204
- C:\Windows\System\grPnKBE.exe
  C:\Windows\System\grPnKBE.exe
  2⤵
  PID:6248
- C:\Windows\System\TKUWBRz.exe
  C:\Windows\System\TKUWBRz.exe
  2⤵
  PID:6316
- C:\Windows\System\EpeTEbn.exe
  C:\Windows\System\EpeTEbn.exe
  2⤵
  PID:6408
- C:\Windows\System\DgMnvRx.exe
  C:\Windows\System\DgMnvRx.exe
  2⤵
  PID:6456
- C:\Windows\System\IPNvGJf.exe
  C:\Windows\System\IPNvGJf.exe
  2⤵
  PID:6564
- C:\Windows\System\yfZVxwx.exe
  C:\Windows\System\yfZVxwx.exe
  2⤵
  PID:6596
- C:\Windows\System\sOoNKBy.exe
  C:\Windows\System\sOoNKBy.exe
  2⤵
  PID:6648
- C:\Windows\System\SOhQrRA.exe
  C:\Windows\System\SOhQrRA.exe
  2⤵
  PID:6700
- C:\Windows\System\mbJhBto.exe
  C:\Windows\System\mbJhBto.exe
  2⤵
  PID:6796
- C:\Windows\System\xvCktHx.exe
  C:\Windows\System\xvCktHx.exe
  2⤵
  PID:6940
- C:\Windows\System\THJzuEY.exe
  C:\Windows\System\THJzuEY.exe
  2⤵
  PID:6864
- C:\Windows\System\UXPmDPR.exe
  C:\Windows\System\UXPmDPR.exe
  2⤵
  PID:7008
- C:\Windows\System\tEcsoex.exe
  C:\Windows\System\tEcsoex.exe
  2⤵
  PID:3504
- C:\Windows\System\EHgDAyS.exe
  C:\Windows\System\EHgDAyS.exe
  2⤵
  PID:4656
- C:\Windows\System\KYeRAVI.exe
  C:\Windows\System\KYeRAVI.exe
  2⤵
  PID:1728
- C:\Windows\System\rcpLoUX.exe
  C:\Windows\System\rcpLoUX.exe
  2⤵
  PID:4136
- C:\Windows\System\IGFChDd.exe
  C:\Windows\System\IGFChDd.exe
  2⤵
  PID:1580
- C:\Windows\System\xcQKpCz.exe
  C:\Windows\System\xcQKpCz.exe
  2⤵
  PID:832
- C:\Windows\System\kxXClAQ.exe
  C:\Windows\System\kxXClAQ.exe
  2⤵
  PID:3220
- C:\Windows\System\lVsHKzn.exe
  C:\Windows\System\lVsHKzn.exe
  2⤵
  PID:5316
- C:\Windows\System\nUjwbEW.exe
  C:\Windows\System\nUjwbEW.exe
  2⤵
  PID:2068
- C:\Windows\System\YWHZltr.exe
  C:\Windows\System\YWHZltr.exe
  2⤵
  PID:6176
- C:\Windows\System\hIUkozp.exe
  C:\Windows\System\hIUkozp.exe
  2⤵
  PID:6376
- C:\Windows\System\tiNgRcu.exe
  C:\Windows\System\tiNgRcu.exe
  2⤵
  PID:2424
- C:\Windows\System\cWJUtvJ.exe
  C:\Windows\System\cWJUtvJ.exe
  2⤵
  PID:6612
- C:\Windows\System\gORWNci.exe
  C:\Windows\System\gORWNci.exe
  2⤵
  PID:6760
- C:\Windows\System\gLaobZy.exe
  C:\Windows\System\gLaobZy.exe
  2⤵
  PID:6848
- C:\Windows\System\eZkSARS.exe
  C:\Windows\System\eZkSARS.exe
  2⤵
  PID:4340
- C:\Windows\System\SGHaaiY.exe
  C:\Windows\System\SGHaaiY.exe
  2⤵
  PID:7096
- C:\Windows\System\doAPXBs.exe
  C:\Windows\System\doAPXBs.exe
  2⤵
  PID:5804
- C:\Windows\System\CEXHONI.exe
  C:\Windows\System\CEXHONI.exe
  2⤵
  PID:3820
- C:\Windows\System\hAXDMUr.exe
  C:\Windows\System\hAXDMUr.exe
  2⤵
  PID:2800
- C:\Windows\System\DKSmyMr.exe
  C:\Windows\System\DKSmyMr.exe
  2⤵
  PID:7160
- C:\Windows\System\dgJDDMG.exe
  C:\Windows\System\dgJDDMG.exe
  2⤵
  PID:6340
- C:\Windows\System\HFiAppX.exe
  C:\Windows\System\HFiAppX.exe
  2⤵
  PID:6588
- C:\Windows\System\aSqLIca.exe
  C:\Windows\System\aSqLIca.exe
  2⤵
  PID:4896
- C:\Windows\System\XLogvTl.exe
  C:\Windows\System\XLogvTl.exe
  2⤵
  PID:5920
- C:\Windows\System\ezZliBq.exe
  C:\Windows\System\ezZliBq.exe
  2⤵
  PID:3976
- C:\Windows\System\qWaIaqP.exe
  C:\Windows\System\qWaIaqP.exe
  2⤵
  PID:6220
- C:\Windows\System\dhDInKo.exe
  C:\Windows\System\dhDInKo.exe
  2⤵
  PID:7052
- C:\Windows\System\uVwceVk.exe
  C:\Windows\System\uVwceVk.exe
  2⤵
  PID:6428
- C:\Windows\System\GwnotsQ.exe
  C:\Windows\System\GwnotsQ.exe
  2⤵
  PID:7180
- C:\Windows\System\IpzJuhk.exe
  C:\Windows\System\IpzJuhk.exe
  2⤵
  PID:7212
- C:\Windows\System\CGpXgDQ.exe
  C:\Windows\System\CGpXgDQ.exe
  2⤵
  PID:7248
- C:\Windows\System\hqMPJqX.exe
  C:\Windows\System\hqMPJqX.exe
  2⤵
  PID:7276
- C:\Windows\System\EzkxTlQ.exe
  C:\Windows\System\EzkxTlQ.exe
  2⤵
  PID:7304
- C:\Windows\System\bnFXVau.exe
  C:\Windows\System\bnFXVau.exe
  2⤵
  PID:7336
- C:\Windows\System\ZFIxhWF.exe
  C:\Windows\System\ZFIxhWF.exe
  2⤵
  PID:7364
- C:\Windows\System\CEjSiLi.exe
  C:\Windows\System\CEjSiLi.exe
  2⤵
  PID:7396
- C:\Windows\System\YHHTaKj.exe
  C:\Windows\System\YHHTaKj.exe
  2⤵
  PID:7428
- C:\Windows\System\btlHsoi.exe
  C:\Windows\System\btlHsoi.exe
  2⤵
  PID:7472
- C:\Windows\System\GjAKNyZ.exe
  C:\Windows\System\GjAKNyZ.exe
  2⤵
  PID:7496
- C:\Windows\System\BROrJLH.exe
  C:\Windows\System\BROrJLH.exe
  2⤵
  PID:7524
- C:\Windows\System\OoQgVEe.exe
  C:\Windows\System\OoQgVEe.exe
  2⤵
  PID:7568
- C:\Windows\System\OXEOsDk.exe
  C:\Windows\System\OXEOsDk.exe
  2⤵
  PID:7592
- C:\Windows\System\VSkmcWJ.exe
  C:\Windows\System\VSkmcWJ.exe
  2⤵
  PID:7616
- C:\Windows\System\bAOMULC.exe
  C:\Windows\System\bAOMULC.exe
  2⤵
  PID:7644
- C:\Windows\System\VqjgvIE.exe
  C:\Windows\System\VqjgvIE.exe
  2⤵
  PID:7692
- C:\Windows\System\AVRgfyf.exe
  C:\Windows\System\AVRgfyf.exe
  2⤵
  PID:7720
- C:\Windows\System\UkOHPgB.exe
  C:\Windows\System\UkOHPgB.exe
  2⤵
  PID:7764
- C:\Windows\System\MhnxpPm.exe
  C:\Windows\System\MhnxpPm.exe
  2⤵
  PID:7832
- C:\Windows\System\uxqnWxa.exe
  C:\Windows\System\uxqnWxa.exe
  2⤵
  PID:7880
- C:\Windows\System\rUGScYN.exe
  C:\Windows\System\rUGScYN.exe
  2⤵
  PID:7960
- C:\Windows\System\CIzzlhd.exe
  C:\Windows\System\CIzzlhd.exe
  2⤵
  PID:7992
- C:\Windows\System\lPZtEaB.exe
  C:\Windows\System\lPZtEaB.exe
  2⤵
  PID:8020
- C:\Windows\System\jvvIVMA.exe
  C:\Windows\System\jvvIVMA.exe
  2⤵
  PID:8060
- C:\Windows\System\MtnzuWs.exe
  C:\Windows\System\MtnzuWs.exe
  2⤵
  PID:8104
- C:\Windows\System\GltWPLh.exe
  C:\Windows\System\GltWPLh.exe
  2⤵
  PID:8136
- C:\Windows\System\TRluYrL.exe
  C:\Windows\System\TRluYrL.exe
  2⤵
  PID:8164
- C:\Windows\System\txVSxAk.exe
  C:\Windows\System\txVSxAk.exe
  2⤵
  PID:8184
- C:\Windows\System\bYyOofR.exe
  C:\Windows\System\bYyOofR.exe
  2⤵
  PID:7240
- C:\Windows\System\IiLjbqk.exe
  C:\Windows\System\IiLjbqk.exe
  2⤵
  PID:7300
- C:\Windows\System\EKdyIxV.exe
  C:\Windows\System\EKdyIxV.exe
  2⤵
  PID:7360
- C:\Windows\System\LElkgWJ.exe
  C:\Windows\System\LElkgWJ.exe
  2⤵
  PID:7440
- C:\Windows\System\wYzPLrK.exe
  C:\Windows\System\wYzPLrK.exe
  2⤵
  PID:7544
- C:\Windows\System\NNIAmDk.exe
  C:\Windows\System\NNIAmDk.exe
  2⤵
  PID:7600
- C:\Windows\System\mVhNOTp.exe
  C:\Windows\System\mVhNOTp.exe
  2⤵
  PID:7700
- C:\Windows\System\oHSHCyC.exe
  C:\Windows\System\oHSHCyC.exe
  2⤵
  PID:7760
- C:\Windows\System\kGNcVzf.exe
  C:\Windows\System\kGNcVzf.exe
  2⤵
  PID:7892
- C:\Windows\System\yChfHcg.exe
  C:\Windows\System\yChfHcg.exe
  2⤵
  PID:8016
- C:\Windows\System\jzTsHSD.exe
  C:\Windows\System\jzTsHSD.exe
  2⤵
  PID:8072
- C:\Windows\System\dZsrYuY.exe
  C:\Windows\System\dZsrYuY.exe
  2⤵
  PID:8148
- C:\Windows\System\SpudFjT.exe
  C:\Windows\System\SpudFjT.exe
  2⤵
  PID:4224
- C:\Windows\System\RXqOBjP.exe
  C:\Windows\System\RXqOBjP.exe
  2⤵
  PID:7424
- C:\Windows\System\TiMEwTK.exe
  C:\Windows\System\TiMEwTK.exe
  2⤵
  PID:7640
- C:\Windows\System\pgWyxSD.exe
  C:\Windows\System\pgWyxSD.exe
  2⤵
  PID:7860
- C:\Windows\System\wzCswBT.exe
  C:\Windows\System\wzCswBT.exe
  2⤵
  PID:8044
- C:\Windows\System\FPqqOmj.exe
  C:\Windows\System\FPqqOmj.exe
  2⤵
  PID:7208
- C:\Windows\System\ekOvtWG.exe
  C:\Windows\System\ekOvtWG.exe
  2⤵
  PID:7716
- C:\Windows\System\srzsqfI.exe
  C:\Windows\System\srzsqfI.exe
  2⤵
  PID:7204
- C:\Windows\System\wJUZqKT.exe
  C:\Windows\System\wJUZqKT.exe
  2⤵
  PID:8120
- C:\Windows\System\tpPJIjC.exe
  C:\Windows\System\tpPJIjC.exe
  2⤵
  PID:8200
- C:\Windows\System\ILbCCYL.exe
  C:\Windows\System\ILbCCYL.exe
  2⤵
  PID:8232
- C:\Windows\System\XckalRg.exe
  C:\Windows\System\XckalRg.exe
  2⤵
  PID:8272
- C:\Windows\System\NXLuTQb.exe
  C:\Windows\System\NXLuTQb.exe
  2⤵
  PID:8296
- C:\Windows\System\ILTURua.exe
  C:\Windows\System\ILTURua.exe
  2⤵
  PID:8352
- C:\Windows\System\SWYJnRl.exe
  C:\Windows\System\SWYJnRl.exe
  2⤵
  PID:8380
- C:\Windows\System\zrHFjSP.exe
  C:\Windows\System\zrHFjSP.exe
  2⤵
  PID:8412
- C:\Windows\System\yoqUEjG.exe
  C:\Windows\System\yoqUEjG.exe
  2⤵
  PID:8444
- C:\Windows\System\ZLsQZTL.exe
  C:\Windows\System\ZLsQZTL.exe
  2⤵
  PID:8476
- C:\Windows\System\msgKmZz.exe
  C:\Windows\System\msgKmZz.exe
  2⤵
  PID:8512
- C:\Windows\System\vDgEZFh.exe
  C:\Windows\System\vDgEZFh.exe
  2⤵
  PID:8532
- C:\Windows\System\zSyeXna.exe
  C:\Windows\System\zSyeXna.exe
  2⤵
  PID:8560
- C:\Windows\System\ZQpwzTA.exe
  C:\Windows\System\ZQpwzTA.exe
  2⤵
  PID:8596
- C:\Windows\System\IBRPPqX.exe
  C:\Windows\System\IBRPPqX.exe
  2⤵
  PID:8616
- C:\Windows\System\nhfrZhO.exe
  C:\Windows\System\nhfrZhO.exe
  2⤵
  PID:8644
- C:\Windows\System\ujzgdGp.exe
  C:\Windows\System\ujzgdGp.exe
  2⤵
  PID:8672
- C:\Windows\System\JCIlbyH.exe
  C:\Windows\System\JCIlbyH.exe
  2⤵
  PID:8700
- C:\Windows\System\lZrgSSv.exe
  C:\Windows\System\lZrgSSv.exe
  2⤵
  PID:8728
- C:\Windows\System\WEnVnHW.exe
  C:\Windows\System\WEnVnHW.exe
  2⤵
  PID:8756
- C:\Windows\System\kodkoVT.exe
  C:\Windows\System\kodkoVT.exe
  2⤵
  PID:8784
- C:\Windows\System\ysGtqrN.exe
  C:\Windows\System\ysGtqrN.exe
  2⤵
  PID:8812
- C:\Windows\System\pIIBlUU.exe
  C:\Windows\System\pIIBlUU.exe
  2⤵
  PID:8840
- C:\Windows\System\OGtRYBj.exe
  C:\Windows\System\OGtRYBj.exe
  2⤵
  PID:8868
- C:\Windows\System\wIEzQTa.exe
  C:\Windows\System\wIEzQTa.exe
  2⤵
  PID:8892
- C:\Windows\System\CxHTCjS.exe
  C:\Windows\System\CxHTCjS.exe
  2⤵
  PID:8924
- C:\Windows\System\BwXdTPJ.exe
  C:\Windows\System\BwXdTPJ.exe
  2⤵
  PID:8952
- C:\Windows\System\SkqexVL.exe
  C:\Windows\System\SkqexVL.exe
  2⤵
  PID:8984
- C:\Windows\System\TnZzHAZ.exe
  C:\Windows\System\TnZzHAZ.exe
  2⤵
  PID:9052
- C:\Windows\System\gBJuCkH.exe
  C:\Windows\System\gBJuCkH.exe
  2⤵
  PID:9104
- C:\Windows\System\OTQLRVl.exe
  C:\Windows\System\OTQLRVl.exe
  2⤵
  PID:9144
- C:\Windows\System\OqKRRIA.exe
  C:\Windows\System\OqKRRIA.exe
  2⤵
  PID:9172
- C:\Windows\System\FsQosxa.exe
  C:\Windows\System\FsQosxa.exe
  2⤵
  PID:9200
- C:\Windows\System\digaehx.exe
  C:\Windows\System\digaehx.exe
  2⤵
  PID:8220
- C:\Windows\System\ncThFbd.exe
  C:\Windows\System\ncThFbd.exe
  2⤵
  PID:2536
- C:\Windows\System\cRrWqXc.exe
  C:\Windows\System\cRrWqXc.exe
  2⤵
  PID:2848
- C:\Windows\System\pDbWqkK.exe
  C:\Windows\System\pDbWqkK.exe
  2⤵
  PID:4740
- C:\Windows\System\rRsPJRL.exe
  C:\Windows\System\rRsPJRL.exe
  2⤵
  PID:8332
- C:\Windows\System\javyBHP.exe
  C:\Windows\System\javyBHP.exe
  2⤵
  PID:8404
- C:\Windows\System\gcIXgdp.exe
  C:\Windows\System\gcIXgdp.exe
  2⤵
  PID:8364
- C:\Windows\System\VKbldMz.exe
  C:\Windows\System\VKbldMz.exe
  2⤵
  PID:8320
- C:\Windows\System\NJHNhYw.exe
  C:\Windows\System\NJHNhYw.exe
  2⤵
  PID:8544
- C:\Windows\System\jGRzQun.exe
  C:\Windows\System\jGRzQun.exe
  2⤵
  PID:8580
- C:\Windows\System\SfkiYAs.exe
  C:\Windows\System\SfkiYAs.exe
  2⤵
  PID:8640
- C:\Windows\System\iqxUIKc.exe
  C:\Windows\System\iqxUIKc.exe
  2⤵
  PID:8712
- C:\Windows\System\kFwIvbF.exe
  C:\Windows\System\kFwIvbF.exe
  2⤵
  PID:8780
- C:\Windows\System\brLMUlv.exe
  C:\Windows\System\brLMUlv.exe
  2⤵
  PID:8836
- C:\Windows\System\IZFhZYl.exe
  C:\Windows\System\IZFhZYl.exe
  2⤵
  PID:8916
- C:\Windows\System\GadVomm.exe
  C:\Windows\System\GadVomm.exe
  2⤵
  PID:8980
- C:\Windows\System\eTyKzRa.exe
  C:\Windows\System\eTyKzRa.exe
  2⤵
  PID:9120
- C:\Windows\System\UuWjOSh.exe
  C:\Windows\System\UuWjOSh.exe
  2⤵
  PID:9188
- C:\Windows\System\qJfmodD.exe
  C:\Windows\System\qJfmodD.exe
  2⤵
  PID:9084
- C:\Windows\System\JTRPdmS.exe
  C:\Windows\System\JTRPdmS.exe
  2⤵
  PID:8196
- C:\Windows\System\sCxCbXO.exe
  C:\Windows\System\sCxCbXO.exe
  2⤵
  PID:1972
- C:\Windows\System\QtTReHe.exe
  C:\Windows\System\QtTReHe.exe
  2⤵
  PID:8360
- C:\Windows\System\uOyFCTE.exe
  C:\Windows\System\uOyFCTE.exe
  2⤵
  PID:8368
- C:\Windows\System\KjhaJWz.exe
  C:\Windows\System\KjhaJWz.exe
  2⤵
  PID:8572
- C:\Windows\System\xIJpaBB.exe
  C:\Windows\System\xIJpaBB.exe
  2⤵
  PID:8776
- C:\Windows\System\zpSRQzG.exe
  C:\Windows\System\zpSRQzG.exe
  2⤵
  PID:8972
- C:\Windows\System\ZbgKFDM.exe
  C:\Windows\System\ZbgKFDM.exe
  2⤵
  PID:8976
- C:\Windows\System\rQlJCJQ.exe
  C:\Windows\System\rQlJCJQ.exe
  2⤵
  PID:9088
- C:\Windows\System\HJzjbkZ.exe
  C:\Windows\System\HJzjbkZ.exe
  2⤵
  PID:7564
- C:\Windows\System\HcrsRyY.exe
  C:\Windows\System\HcrsRyY.exe
  2⤵
  PID:8324
- C:\Windows\System\xvnjlPp.exe
  C:\Windows\System\xvnjlPp.exe
  2⤵
  PID:8824
- C:\Windows\System\iFloNzE.exe
  C:\Windows\System\iFloNzE.exe
  2⤵
  PID:9152
- C:\Windows\System\UFsQWzR.exe
  C:\Windows\System\UFsQWzR.exe
  2⤵
  PID:8464
- C:\Windows\System\WUZmdvd.exe
  C:\Windows\System\WUZmdvd.exe
  2⤵
  PID:636
- C:\Windows\System\fpGkfEB.exe
  C:\Windows\System\fpGkfEB.exe
  2⤵
  PID:9228
- C:\Windows\System\DxlxyhR.exe
  C:\Windows\System\DxlxyhR.exe
  2⤵
  PID:9256
- C:\Windows\System\JFGPjHS.exe
  C:\Windows\System\JFGPjHS.exe
  2⤵
  PID:9276
- C:\Windows\System\IXiIpin.exe
  C:\Windows\System\IXiIpin.exe
  2⤵
  PID:9304
- C:\Windows\System\hqTIhug.exe
  C:\Windows\System\hqTIhug.exe
  2⤵
  PID:9336
- C:\Windows\System\HQyjnoV.exe
  C:\Windows\System\HQyjnoV.exe
  2⤵
  PID:9368
- C:\Windows\System\Uruazoz.exe
  C:\Windows\System\Uruazoz.exe
  2⤵
  PID:9396
- C:\Windows\System\tdZcWhY.exe
  C:\Windows\System\tdZcWhY.exe
  2⤵
  PID:9428
- C:\Windows\System\fFnJAAl.exe
  C:\Windows\System\fFnJAAl.exe
  2⤵
  PID:9448
- C:\Windows\System\UCwUatk.exe
  C:\Windows\System\UCwUatk.exe
  2⤵
  PID:9484
- C:\Windows\System\wpmaIQW.exe
  C:\Windows\System\wpmaIQW.exe
  2⤵
  PID:9520
- C:\Windows\System\QKBFxQz.exe
  C:\Windows\System\QKBFxQz.exe
  2⤵
  PID:9540
- C:\Windows\System\BKIysrL.exe
  C:\Windows\System\BKIysrL.exe
  2⤵
  PID:9568
- C:\Windows\System\dyGasPD.exe
  C:\Windows\System\dyGasPD.exe
  2⤵
  PID:9596
- C:\Windows\System\cpOjfWF.exe
  C:\Windows\System\cpOjfWF.exe
  2⤵
  PID:9624
- C:\Windows\System\JcbylsC.exe
  C:\Windows\System\JcbylsC.exe
  2⤵
  PID:9644
- C:\Windows\System\BrtjThF.exe
  C:\Windows\System\BrtjThF.exe
  2⤵
  PID:9680
- C:\Windows\System\GaFxgZr.exe
  C:\Windows\System\GaFxgZr.exe
  2⤵
  PID:9716
- C:\Windows\System\BFvbAEl.exe
  C:\Windows\System\BFvbAEl.exe
  2⤵
  PID:9764
- C:\Windows\System\lqwbAmc.exe
  C:\Windows\System\lqwbAmc.exe
  2⤵
  PID:9800
- C:\Windows\System\YFhzJJK.exe
  C:\Windows\System\YFhzJJK.exe
  2⤵
  PID:9852
- C:\Windows\System\jMDKgKD.exe
  C:\Windows\System\jMDKgKD.exe
  2⤵
  PID:9912
- C:\Windows\System\viHRItq.exe
  C:\Windows\System\viHRItq.exe
  2⤵
  PID:9952
- C:\Windows\System\xOCXXIa.exe
  C:\Windows\System\xOCXXIa.exe
  2⤵
  PID:9992
- C:\Windows\System\hicvxVF.exe
  C:\Windows\System\hicvxVF.exe
  2⤵
  PID:10044
- C:\Windows\System\AXvkZfu.exe
  C:\Windows\System\AXvkZfu.exe
  2⤵
  PID:10080
- C:\Windows\System\iPEEPmZ.exe
  C:\Windows\System\iPEEPmZ.exe
  2⤵
  PID:10116
- C:\Windows\System\McOAjCu.exe
  C:\Windows\System\McOAjCu.exe
  2⤵
  PID:10156
- C:\Windows\System\CuOappz.exe
  C:\Windows\System\CuOappz.exe
  2⤵
  PID:10172
- C:\Windows\System\UETqBwW.exe
  C:\Windows\System\UETqBwW.exe
  2⤵
  PID:10212
- C:\Windows\System\OzrlfYH.exe
  C:\Windows\System\OzrlfYH.exe
  2⤵
  PID:8668
- C:\Windows\System\rvTWauH.exe
  C:\Windows\System\rvTWauH.exe
  2⤵
  PID:9292
- C:\Windows\System\NUDfWUQ.exe
  C:\Windows\System\NUDfWUQ.exe
  2⤵
  PID:9352
- C:\Windows\System\UBxITpp.exe
  C:\Windows\System\UBxITpp.exe
  2⤵
  PID:9420
- C:\Windows\System\FzpdQPm.exe
  C:\Windows\System\FzpdQPm.exe
  2⤵
  PID:9504
- C:\Windows\System\ERICLLC.exe
  C:\Windows\System\ERICLLC.exe
  2⤵
  PID:9564
- C:\Windows\System\IByCZoN.exe
  C:\Windows\System\IByCZoN.exe
  2⤵
  PID:2268
- C:\Windows\System\JKnZwNz.exe
  C:\Windows\System\JKnZwNz.exe
  2⤵
  PID:9792
- C:\Windows\System\QReJpJu.exe
  C:\Windows\System\QReJpJu.exe
  2⤵
  PID:4172
- C:\Windows\System\qLTHmKC.exe
  C:\Windows\System\qLTHmKC.exe
  2⤵
  PID:9940
- C:\Windows\System\xUWVTrp.exe
  C:\Windows\System\xUWVTrp.exe
  2⤵
  PID:10024
- C:\Windows\System\FUZqRrN.exe
  C:\Windows\System\FUZqRrN.exe
  2⤵
  PID:10092
- C:\Windows\System\mMpAUgH.exe
  C:\Windows\System\mMpAUgH.exe
  2⤵
  PID:10136
- C:\Windows\System\QVpyvgG.exe
  C:\Windows\System\QVpyvgG.exe
  2⤵
  PID:4380
- C:\Windows\System\mSuGZrk.exe
  C:\Windows\System\mSuGZrk.exe
  2⤵
  PID:9268
- C:\Windows\System\TaNuRxS.exe
  C:\Windows\System\TaNuRxS.exe
  2⤵
  PID:9436
- C:\Windows\System\LsaJCEw.exe
  C:\Windows\System\LsaJCEw.exe
  2⤵
  PID:9676
- C:\Windows\System\azphYLo.exe
  C:\Windows\System\azphYLo.exe
  2⤵
  PID:9864
- C:\Windows\System\jBnMeFl.exe
  C:\Windows\System\jBnMeFl.exe
  2⤵
  PID:10008
- C:\Windows\System\bEGGTXj.exe
  C:\Windows\System\bEGGTXj.exe
  2⤵
  PID:9424
- C:\Windows\System\AIoDWOO.exe
  C:\Windows\System\AIoDWOO.exe
  2⤵
  PID:4220
- C:\Windows\System\nJjoBNX.exe
  C:\Windows\System\nJjoBNX.exe
  2⤵
  PID:9468
- C:\Windows\System\eSUEder.exe
  C:\Windows\System\eSUEder.exe
  2⤵
  PID:2076
- C:\Windows\System\kjrvxYs.exe
  C:\Windows\System\kjrvxYs.exe
  2⤵
  PID:3960
- C:\Windows\System\KBuhykP.exe
  C:\Windows\System\KBuhykP.exe
  2⤵
  PID:10200
- C:\Windows\System\PWpithM.exe
  C:\Windows\System\PWpithM.exe
  2⤵
  PID:10260
- C:\Windows\System\GMNQJXm.exe
  C:\Windows\System\GMNQJXm.exe
  2⤵
  PID:10288
- C:\Windows\System\WquaDqE.exe
  C:\Windows\System\WquaDqE.exe
  2⤵
  PID:10316
- C:\Windows\System\Ytiudms.exe
  C:\Windows\System\Ytiudms.exe
  2⤵
  PID:10348
- C:\Windows\System\aOWUMhf.exe
  C:\Windows\System\aOWUMhf.exe
  2⤵
  PID:10376
- C:\Windows\System\hmzWKqy.exe
  C:\Windows\System\hmzWKqy.exe
  2⤵
  PID:10404
- C:\Windows\System\LmdSZYP.exe
  C:\Windows\System\LmdSZYP.exe
  2⤵
  PID:10432
- C:\Windows\System\oUGoqVf.exe
  C:\Windows\System\oUGoqVf.exe
  2⤵
  PID:10460
- C:\Windows\System\AxIUdUj.exe
  C:\Windows\System\AxIUdUj.exe
  2⤵
  PID:10488
- C:\Windows\System\VZogxnH.exe
  C:\Windows\System\VZogxnH.exe
  2⤵
  PID:10528
- C:\Windows\System\OrjsXov.exe
  C:\Windows\System\OrjsXov.exe
  2⤵
  PID:10544
- C:\Windows\System\FstpYXA.exe
  C:\Windows\System\FstpYXA.exe
  2⤵
  PID:10576
- C:\Windows\System\gJaQgeL.exe
  C:\Windows\System\gJaQgeL.exe
  2⤵
  PID:10604
- C:\Windows\System\EoDkJLX.exe
  C:\Windows\System\EoDkJLX.exe
  2⤵
  PID:10632
- C:\Windows\System\RuhlSqG.exe
  C:\Windows\System\RuhlSqG.exe
  2⤵
  PID:10648
- C:\Windows\System\MXaAorr.exe
  C:\Windows\System\MXaAorr.exe
  2⤵
  PID:10688
- C:\Windows\System\wWQwaeo.exe
  C:\Windows\System\wWQwaeo.exe
  2⤵
  PID:10716
- C:\Windows\System\iEZtIkL.exe
  C:\Windows\System\iEZtIkL.exe
  2⤵
  PID:10744
- C:\Windows\System\ldSafNR.exe
  C:\Windows\System\ldSafNR.exe
  2⤵
  PID:10772
- C:\Windows\System\dPCIIoo.exe
  C:\Windows\System\dPCIIoo.exe
  2⤵
  PID:10800
- C:\Windows\System\HhsmjRR.exe
  C:\Windows\System\HhsmjRR.exe
  2⤵
  PID:10824
- C:\Windows\System\XaCmZLj.exe
  C:\Windows\System\XaCmZLj.exe
  2⤵
  PID:10844
- C:\Windows\System\HnAWsfa.exe
  C:\Windows\System\HnAWsfa.exe
  2⤵
  PID:10864
- C:\Windows\System\oggCNAK.exe
  C:\Windows\System\oggCNAK.exe
  2⤵
  PID:10912
- C:\Windows\System\hCZEezt.exe
  C:\Windows\System\hCZEezt.exe
  2⤵
  PID:10932
- C:\Windows\System\ncLtDWi.exe
  C:\Windows\System\ncLtDWi.exe
  2⤵
  PID:10964
- C:\Windows\System\kzLjTSy.exe
  C:\Windows\System\kzLjTSy.exe
  2⤵
  PID:11000
- C:\Windows\System\WLTvaAT.exe
  C:\Windows\System\WLTvaAT.exe
  2⤵
  PID:11028
- C:\Windows\System\ztkjzvR.exe
  C:\Windows\System\ztkjzvR.exe
  2⤵
  PID:11044
- C:\Windows\System\XjCGPOd.exe
  C:\Windows\System\XjCGPOd.exe
  2⤵
  PID:11084
- C:\Windows\System\dGQwYYE.exe
  C:\Windows\System\dGQwYYE.exe
  2⤵
  PID:11100
- C:\Windows\System\HjwXAlF.exe
  C:\Windows\System\HjwXAlF.exe
  2⤵
  PID:11168
- C:\Windows\System\RfZvujG.exe
  C:\Windows\System\RfZvujG.exe
  2⤵
  PID:11184
- C:\Windows\System\lSknyqc.exe
  C:\Windows\System\lSknyqc.exe
  2⤵
  PID:11204
- C:\Windows\System\VOeFAry.exe
  C:\Windows\System\VOeFAry.exe
  2⤵
  PID:11228
- C:\Windows\System\BiTlgft.exe
  C:\Windows\System\BiTlgft.exe
  2⤵
  PID:11244
- C:\Windows\System\kKrvtXM.exe
  C:\Windows\System\kKrvtXM.exe
  2⤵
  PID:10272
- C:\Windows\System\XZDQTdZ.exe
  C:\Windows\System\XZDQTdZ.exe
  2⤵
  PID:10340
- C:\Windows\System\OvFbnWE.exe
  C:\Windows\System\OvFbnWE.exe
  2⤵
  PID:10396
- C:\Windows\System\sAopKhJ.exe
  C:\Windows\System\sAopKhJ.exe
  2⤵
  PID:10480
- C:\Windows\System\spBwmhg.exe
  C:\Windows\System\spBwmhg.exe
  2⤵
  PID:10524
- C:\Windows\System\FkuPPtl.exe
  C:\Windows\System\FkuPPtl.exe
  2⤵
  PID:10560
- C:\Windows\System\nnnSdYw.exe
  C:\Windows\System\nnnSdYw.exe
  2⤵
  PID:9616
- C:\Windows\System\WfBXIae.exe
  C:\Windows\System\WfBXIae.exe
  2⤵
  PID:10640
- C:\Windows\System\rvYAejm.exe
  C:\Windows\System\rvYAejm.exe
  2⤵
  PID:10740
- C:\Windows\System\cVpGsYV.exe
  C:\Windows\System\cVpGsYV.exe
  2⤵
  PID:10808
- C:\Windows\System\ruhYnmN.exe
  C:\Windows\System\ruhYnmN.exe
  2⤵
  PID:10872
- C:\Windows\System\XxfiLZf.exe
  C:\Windows\System\XxfiLZf.exe
  2⤵
  PID:10992
- C:\Windows\System\tLelutg.exe
  C:\Windows\System\tLelutg.exe
  2⤵
  PID:11036
- C:\Windows\System\WuTWHGH.exe
  C:\Windows\System\WuTWHGH.exe
  2⤵
  PID:11080
- C:\Windows\System\wdWZJqW.exe
  C:\Windows\System\wdWZJqW.exe
  2⤵
  PID:11148
- C:\Windows\System\utVyUMa.exe
  C:\Windows\System\utVyUMa.exe
  2⤵
  PID:11224
- C:\Windows\System\wdCKDmK.exe
  C:\Windows\System\wdCKDmK.exe
  2⤵
  PID:10360
- C:\Windows\System\katYzfu.exe
  C:\Windows\System\katYzfu.exe
  2⤵
  PID:10428
- C:\Windows\System\ykRCXbU.exe
  C:\Windows\System\ykRCXbU.exe
  2⤵
  PID:10500
- C:\Windows\System\JdvAgNh.exe
  C:\Windows\System\JdvAgNh.exe
  2⤵
  PID:10660
- C:\Windows\System\EjZMQBe.exe
  C:\Windows\System\EjZMQBe.exe
  2⤵
  PID:10792
- C:\Windows\System\lrKxYbg.exe
  C:\Windows\System\lrKxYbg.exe
  2⤵
  PID:10000
- C:\Windows\System\tdcqvKU.exe
  C:\Windows\System\tdcqvKU.exe
  2⤵
  PID:11076
- C:\Windows\System\mbKPSkW.exe
  C:\Windows\System\mbKPSkW.exe
  2⤵
  PID:11136
- C:\Windows\System\hXiyxGw.exe
  C:\Windows\System\hXiyxGw.exe
  2⤵
  PID:10388
- C:\Windows\System\OaPLjaZ.exe
  C:\Windows\System\OaPLjaZ.exe
  2⤵
  PID:10556
- C:\Windows\System\xkZthmj.exe
  C:\Windows\System\xkZthmj.exe
  2⤵
  PID:10712
- C:\Windows\System\GGkOThw.exe
  C:\Windows\System\GGkOThw.exe
  2⤵
  PID:11132
- C:\Windows\System\zUeLpxm.exe
  C:\Windows\System\zUeLpxm.exe
  2⤵
  PID:10960
- C:\Windows\System\yvdhqLR.exe
  C:\Windows\System\yvdhqLR.exe
  2⤵
  PID:7680
- C:\Windows\System\ZTHwlJb.exe
  C:\Windows\System\ZTHwlJb.exe
  2⤵
  PID:536
- C:\Windows\System\KDpEizI.exe
  C:\Windows\System\KDpEizI.exe
  2⤵
  PID:11236
- C:\Windows\System\jRBHAXU.exe
  C:\Windows\System\jRBHAXU.exe
  2⤵
  PID:4396
- C:\Windows\System\eiJCZma.exe
  C:\Windows\System\eiJCZma.exe
  2⤵
  PID:11020
- C:\Windows\System\ZNRicYb.exe
  C:\Windows\System\ZNRicYb.exe
  2⤵
  PID:11284
- C:\Windows\System\DHxdYAN.exe
  C:\Windows\System\DHxdYAN.exe
  2⤵
  PID:11300
- C:\Windows\System\KdVeEmc.exe
  C:\Windows\System\KdVeEmc.exe
  2⤵
  PID:11320
- C:\Windows\System\ZSxTrCu.exe
  C:\Windows\System\ZSxTrCu.exe
  2⤵
  PID:11336
- C:\Windows\System\xRGVTMX.exe
  C:\Windows\System\xRGVTMX.exe
  2⤵
  PID:11372
- C:\Windows\System\jAnWKff.exe
  C:\Windows\System\jAnWKff.exe
  2⤵
  PID:11408
- C:\Windows\System\Weesqqg.exe
  C:\Windows\System\Weesqqg.exe
  2⤵
  PID:11448
- C:\Windows\System\qiNVnCe.exe
  C:\Windows\System\qiNVnCe.exe
  2⤵
  PID:11472
- C:\Windows\System\aCLStic.exe
  C:\Windows\System\aCLStic.exe
  2⤵
  PID:11512
- C:\Windows\System\vjPjTfN.exe
  C:\Windows\System\vjPjTfN.exe
  2⤵
  PID:11544
- C:\Windows\System\QeDTrdE.exe
  C:\Windows\System\QeDTrdE.exe
  2⤵
  PID:11572
- C:\Windows\System\GpmsDPy.exe
  C:\Windows\System\GpmsDPy.exe
  2⤵
  PID:11608
- C:\Windows\System\agidamp.exe
  C:\Windows\System\agidamp.exe
  2⤵
  PID:11636
- C:\Windows\System\QDRbYIc.exe
  C:\Windows\System\QDRbYIc.exe
  2⤵
  PID:11664
- C:\Windows\System\vWimFhY.exe
  C:\Windows\System\vWimFhY.exe
  2⤵
  PID:11684
- C:\Windows\System\kSJmvQj.exe
  C:\Windows\System\kSJmvQj.exe
  2⤵
  PID:11720
- C:\Windows\System\XxZFbwW.exe
  C:\Windows\System\XxZFbwW.exe
  2⤵
  PID:11748
- C:\Windows\System\LHrKakj.exe
  C:\Windows\System\LHrKakj.exe
  2⤵
  PID:11776
- C:\Windows\System\pILjdwG.exe
  C:\Windows\System\pILjdwG.exe
  2⤵
  PID:11804
- C:\Windows\System\LCLsHGb.exe
  C:\Windows\System\LCLsHGb.exe
  2⤵
  PID:11820
- C:\Windows\System\SvNVoeo.exe
  C:\Windows\System\SvNVoeo.exe
  2⤵
  PID:11860
- C:\Windows\System\hXrrLxa.exe
  C:\Windows\System\hXrrLxa.exe
  2⤵
  PID:11888
- C:\Windows\System\IdGyyQX.exe
  C:\Windows\System\IdGyyQX.exe
  2⤵
  PID:11916
- C:\Windows\System\xpYCkOy.exe
  C:\Windows\System\xpYCkOy.exe
  2⤵
  PID:11936
- C:\Windows\System\oatoQaw.exe
  C:\Windows\System\oatoQaw.exe
  2⤵
  PID:11972
- C:\Windows\System\zXqOHPb.exe
  C:\Windows\System\zXqOHPb.exe
  2⤵
  PID:12000
- C:\Windows\System\CMarvvh.exe
  C:\Windows\System\CMarvvh.exe
  2⤵
  PID:12028
- C:\Windows\System\YrklGNM.exe
  C:\Windows\System\YrklGNM.exe
  2⤵
  PID:12068
- C:\Windows\System\SROsOhl.exe
  C:\Windows\System\SROsOhl.exe
  2⤵
  PID:12088
- C:\Windows\System\TqVoeMK.exe
  C:\Windows\System\TqVoeMK.exe
  2⤵
  PID:12116
- C:\Windows\System\KXXhDXf.exe
  C:\Windows\System\KXXhDXf.exe
  2⤵
  PID:12144
- C:\Windows\System\YsJePRD.exe
  C:\Windows\System\YsJePRD.exe
  2⤵
  PID:12172
- C:\Windows\System\VzaPAMy.exe
  C:\Windows\System\VzaPAMy.exe
  2⤵
  PID:12200
- C:\Windows\System\OhlWHXa.exe
  C:\Windows\System\OhlWHXa.exe
  2⤵
  PID:12228
- C:\Windows\System\kLYeLbV.exe
  C:\Windows\System\kLYeLbV.exe
  2⤵
  PID:12256
- C:\Windows\System\umkhnSj.exe
  C:\Windows\System\umkhnSj.exe
  2⤵
  PID:12284
- C:\Windows\System\etzdydD.exe
  C:\Windows\System\etzdydD.exe
  2⤵
  PID:11296
- C:\Windows\System\UIxugwj.exe
  C:\Windows\System\UIxugwj.exe
  2⤵
  PID:11352
- C:\Windows\System\MGwtcjI.exe
  C:\Windows\System\MGwtcjI.exe
  2⤵
  PID:11444
- C:\Windows\System\hFSDeVX.exe
  C:\Windows\System\hFSDeVX.exe
  2⤵
  PID:11496
- C:\Windows\System\nYXSDfP.exe
  C:\Windows\System\nYXSDfP.exe
  2⤵
  PID:11556
- C:\Windows\System\ntgHjKL.exe
  C:\Windows\System\ntgHjKL.exe
  2⤵
  PID:11588
- C:\Windows\System\dLqbYMV.exe
  C:\Windows\System\dLqbYMV.exe
  2⤵
  PID:11648
- C:\Windows\System\BysKGVy.exe
  C:\Windows\System\BysKGVy.exe
  2⤵
  PID:11692
- C:\Windows\System\zCVcbCu.exe
  C:\Windows\System\zCVcbCu.exe
  2⤵
  PID:11764
- C:\Windows\System\cEkHxUS.exe
  C:\Windows\System\cEkHxUS.exe
  2⤵
  PID:11816
- C:\Windows\System\ZfRFrNf.exe
  C:\Windows\System\ZfRFrNf.exe
  2⤵
  PID:11884
- C:\Windows\System\ZGVDaJj.exe
  C:\Windows\System\ZGVDaJj.exe
  2⤵
  PID:11956
- C:\Windows\System\PvIIcNy.exe
  C:\Windows\System\PvIIcNy.exe
  2⤵
  PID:12036
- C:\Windows\System\nOtUrMs.exe
  C:\Windows\System\nOtUrMs.exe
  2⤵
  PID:12080
- C:\Windows\System\mPqjmJr.exe
  C:\Windows\System\mPqjmJr.exe
  2⤵
  PID:12128
- C:\Windows\System\qOIITGo.exe
  C:\Windows\System\qOIITGo.exe
  2⤵
  PID:2844
- C:\Windows\System\neXHFSA.exe
  C:\Windows\System\neXHFSA.exe
  2⤵
  PID:12268
- C:\Windows\System\uIvqWCM.exe
  C:\Windows\System\uIvqWCM.exe
  2⤵
  PID:11348
- C:\Windows\System\FDISICz.exe
  C:\Windows\System\FDISICz.exe
  2⤵
  PID:11484
- C:\Windows\System\LaQbzIW.exe
  C:\Windows\System\LaQbzIW.exe
  2⤵
  PID:11604
- C:\Windows\System\omFTNUG.exe
  C:\Windows\System\omFTNUG.exe
  2⤵
  PID:11732
- C:\Windows\System\iOGzrTs.exe
  C:\Windows\System\iOGzrTs.exe
  2⤵
  PID:11912
- C:\Windows\System\EBvBDeH.exe
  C:\Windows\System\EBvBDeH.exe
  2⤵
  PID:12024
- C:\Windows\System\AThNzHq.exe
  C:\Windows\System\AThNzHq.exe
  2⤵
  PID:12136
- C:\Windows\System\MbanqWG.exe
  C:\Windows\System\MbanqWG.exe
  2⤵
  PID:12248
- C:\Windows\System\vWuxEHu.exe
  C:\Windows\System\vWuxEHu.exe
  2⤵
  PID:11216
- C:\Windows\System\uuyxMei.exe
  C:\Windows\System\uuyxMei.exe
  2⤵
  PID:11800
- C:\Windows\System\bhUzaPQ.exe
  C:\Windows\System\bhUzaPQ.exe
  2⤵
  PID:12100
- C:\Windows\System\maLJosY.exe
  C:\Windows\System\maLJosY.exe
  2⤵
  PID:11460
- C:\Windows\System\zttKYpN.exe
  C:\Windows\System\zttKYpN.exe
  2⤵
  PID:12196
- C:\Windows\System\YEOwUDM.exe
  C:\Windows\System\YEOwUDM.exe
  2⤵
  PID:12056
- C:\Windows\System\DMxZism.exe
  C:\Windows\System\DMxZism.exe
  2⤵
  PID:12316
- C:\Windows\System\kWLuNBr.exe
  C:\Windows\System\kWLuNBr.exe
  2⤵
  PID:12344
- C:\Windows\System\aSTBknb.exe
  C:\Windows\System\aSTBknb.exe
  2⤵
  PID:12372
- C:\Windows\System\qcNOAVy.exe
  C:\Windows\System\qcNOAVy.exe
  2⤵
  PID:12400
- C:\Windows\System\NQASAyM.exe
  C:\Windows\System\NQASAyM.exe
  2⤵
  PID:12428
- C:\Windows\System\SjwdkPX.exe
  C:\Windows\System\SjwdkPX.exe
  2⤵
  PID:12456
- C:\Windows\System\umluZlT.exe
  C:\Windows\System\umluZlT.exe
  2⤵
  PID:12484
- C:\Windows\System\baokiWC.exe
  C:\Windows\System\baokiWC.exe
  2⤵
  PID:12512
- C:\Windows\System\kzylbly.exe
  C:\Windows\System\kzylbly.exe
  2⤵
  PID:12540
- C:\Windows\System\rCrFzBE.exe
  C:\Windows\System\rCrFzBE.exe
  2⤵
  PID:12568
- C:\Windows\System\aBAVZUE.exe
  C:\Windows\System\aBAVZUE.exe
  2⤵
  PID:12596
- C:\Windows\System\KoMsHlY.exe
  C:\Windows\System\KoMsHlY.exe
  2⤵
  PID:12624
- C:\Windows\System\aGVPkjN.exe
  C:\Windows\System\aGVPkjN.exe
  2⤵
  PID:12656
- C:\Windows\System\FGtvjns.exe
  C:\Windows\System\FGtvjns.exe
  2⤵
  PID:12684
- C:\Windows\System\XVTKplW.exe
  C:\Windows\System\XVTKplW.exe
  2⤵
  PID:12712
- C:\Windows\System\BqrTWvn.exe
  C:\Windows\System\BqrTWvn.exe
  2⤵
  PID:12740
- C:\Windows\System\EuDbzWu.exe
  C:\Windows\System\EuDbzWu.exe
  2⤵
  PID:12768
- C:\Windows\System\cAdUgbi.exe
  C:\Windows\System\cAdUgbi.exe
  2⤵
  PID:12796
- C:\Windows\System\KtRMFMW.exe
  C:\Windows\System\KtRMFMW.exe
  2⤵
  PID:12824
- C:\Windows\System\PIMwiID.exe
  C:\Windows\System\PIMwiID.exe
  2⤵
  PID:12852
- C:\Windows\System\ManGvTf.exe
  C:\Windows\System\ManGvTf.exe
  2⤵
  PID:12880
- C:\Windows\System\GsNScPQ.exe
  C:\Windows\System\GsNScPQ.exe
  2⤵
  PID:12908
- C:\Windows\System\IbBKUCp.exe
  C:\Windows\System\IbBKUCp.exe
  2⤵
  PID:12936
- C:\Windows\System\axIHlBb.exe
  C:\Windows\System\axIHlBb.exe
  2⤵
  PID:12964
- C:\Windows\System\RGHmbNB.exe
  C:\Windows\System\RGHmbNB.exe
  2⤵
  PID:12992
- C:\Windows\System\nPvvFwD.exe
  C:\Windows\System\nPvvFwD.exe
  2⤵
  PID:13020
- C:\Windows\System\rQvKLtc.exe
  C:\Windows\System\rQvKLtc.exe
  2⤵
  PID:13048
- C:\Windows\System\jgWKhTH.exe
  C:\Windows\System\jgWKhTH.exe
  2⤵
  PID:13076
- C:\Windows\System\JTRNSMr.exe
  C:\Windows\System\JTRNSMr.exe
  2⤵
  PID:13104
- C:\Windows\System\DkmxOay.exe
  C:\Windows\System\DkmxOay.exe
  2⤵
  PID:13132
- C:\Windows\System\PBIXCXW.exe
  C:\Windows\System\PBIXCXW.exe
  2⤵
  PID:13160
- C:\Windows\System\UhsRPyc.exe
  C:\Windows\System\UhsRPyc.exe
  2⤵
  PID:13188
- C:\Windows\System\dJeejai.exe
  C:\Windows\System\dJeejai.exe
  2⤵
  PID:13216
- C:\Windows\System\lOssgwc.exe
  C:\Windows\System\lOssgwc.exe
  2⤵
  PID:13244
- C:\Windows\System\lzTFQCF.exe
  C:\Windows\System\lzTFQCF.exe
  2⤵
  PID:13272
- C:\Windows\System\YfaEOaS.exe
  C:\Windows\System\YfaEOaS.exe
  2⤵
  PID:13300
- C:\Windows\System\iwvYtRF.exe
  C:\Windows\System\iwvYtRF.exe
  2⤵
  PID:12328
- C:\Windows\System\xYcuOzi.exe
  C:\Windows\System\xYcuOzi.exe
  2⤵
  PID:12392
- C:\Windows\System\GrbxxNe.exe
  C:\Windows\System\GrbxxNe.exe
  2⤵
  PID:12448
- C:\Windows\System\kjYeMOV.exe
  C:\Windows\System\kjYeMOV.exe
  2⤵
  PID:12508
- C:\Windows\System\DbXJinD.exe
  C:\Windows\System\DbXJinD.exe
  2⤵
  PID:12580
- C:\Windows\System\TOwEwYE.exe
  C:\Windows\System\TOwEwYE.exe
  2⤵
  PID:12636
- C:\Windows\System\xFmrVvr.exe
  C:\Windows\System\xFmrVvr.exe
  2⤵
  PID:12704
- C:\Windows\System\FScXQfG.exe
  C:\Windows\System\FScXQfG.exe
  2⤵
  PID:12764
- C:\Windows\System\vipqgVz.exe
  C:\Windows\System\vipqgVz.exe
  2⤵
  PID:12836
- C:\Windows\System\SIZRCzG.exe
  C:\Windows\System\SIZRCzG.exe
  2⤵
  PID:12900
- C:\Windows\System\sqIERgv.exe
  C:\Windows\System\sqIERgv.exe
  2⤵
  PID:12960
- C:\Windows\System\NSYnqez.exe
  C:\Windows\System\NSYnqez.exe
  2⤵
  PID:13016
- C:\Windows\System\JPlRxQZ.exe
  C:\Windows\System\JPlRxQZ.exe
  2⤵
  PID:13072
- C:\Windows\System\tKnhdoP.exe
  C:\Windows\System\tKnhdoP.exe
  2⤵
  PID:13144
- C:\Windows\System\JKfvCke.exe
  C:\Windows\System\JKfvCke.exe
  2⤵
  PID:13200
- C:\Windows\System\yMxlLSz.exe
  C:\Windows\System\yMxlLSz.exe
  2⤵
  PID:13256
- C:\Windows\System\QJFoEse.exe
  C:\Windows\System\QJFoEse.exe
  2⤵
  PID:1984
- C:\Windows\System\ELVPWpH.exe
  C:\Windows\System\ELVPWpH.exe
  2⤵
  PID:5660
- C:\Windows\System\zmeFVbb.exe
  C:\Windows\System\zmeFVbb.exe
  2⤵
  PID:12620
- C:\Windows\System\RxeoHVa.exe
  C:\Windows\System\RxeoHVa.exe
  2⤵
  PID:12752
- C:\Windows\System\QULvryM.exe
  C:\Windows\System\QULvryM.exe
  2⤵
  PID:12864
- C:\Windows\System\IItiwUv.exe
  C:\Windows\System\IItiwUv.exe
  2⤵
  PID:13012
- C:\Windows\System\aDzoNUI.exe
  C:\Windows\System\aDzoNUI.exe
  2⤵
  PID:13128
- C:\Windows\System\vxHdFss.exe
  C:\Windows\System\vxHdFss.exe
  2⤵
  PID:13236
- C:\Windows\System\oXooCmG.exe
  C:\Windows\System\oXooCmG.exe
  2⤵
  PID:5584
- C:\Windows\System\MMJrLDa.exe
  C:\Windows\System\MMJrLDa.exe
  2⤵
  PID:12732
- C:\Windows\System\TLqjeMh.exe
  C:\Windows\System\TLqjeMh.exe
  2⤵
  PID:12988
- C:\Windows\System\vMcnPAb.exe
  C:\Windows\System\vMcnPAb.exe
  2⤵
  PID:12384
- C:\Windows\System\YcgZsqg.exe
  C:\Windows\System\YcgZsqg.exe
  2⤵
  PID:12608
- C:\Windows\System\HPorAgi.exe
  C:\Windows\System\HPorAgi.exe
  2⤵
  PID:12956
- C:\Windows\System\IGrTaDz.exe
  C:\Windows\System\IGrTaDz.exe
  2⤵
  PID:13320
- C:\Windows\System\FbbXXpd.exe
  C:\Windows\System\FbbXXpd.exe
  2⤵
  PID:13352
- C:\Windows\System\wlAHSJl.exe
  C:\Windows\System\wlAHSJl.exe
  2⤵
  PID:13368
- C:\Windows\System\XFtOsLz.exe
  C:\Windows\System\XFtOsLz.exe
  2⤵
  PID:13396
- C:\Windows\System\mpQekVQ.exe
  C:\Windows\System\mpQekVQ.exe
  2⤵
  PID:13420
- C:\Windows\System\vuaxjkI.exe
  C:\Windows\System\vuaxjkI.exe
  2⤵
  PID:13468
- C:\Windows\System\JcZFLLe.exe
  C:\Windows\System\JcZFLLe.exe
  2⤵
  PID:13508
- C:\Windows\System\NQxRamO.exe
  C:\Windows\System\NQxRamO.exe
  2⤵
  PID:13540
- C:\Windows\System\xwNaWDy.exe
  C:\Windows\System\xwNaWDy.exe
  2⤵
  PID:13568
- C:\Windows\System\DoQJZlx.exe
  C:\Windows\System\DoQJZlx.exe
  2⤵
  PID:13588
- C:\Windows\System\MaiELIf.exe
  C:\Windows\System\MaiELIf.exe
  2⤵
  PID:13620
- C:\Windows\System\inJzGfu.exe
  C:\Windows\System\inJzGfu.exe
  2⤵
  PID:13648
- C:\Windows\System\PfpPVEQ.exe
  C:\Windows\System\PfpPVEQ.exe
  2⤵
  PID:13676
- C:\Windows\System\RHfLmvX.exe
  C:\Windows\System\RHfLmvX.exe
  2⤵
  PID:13724
- C:\Windows\System\kcmcwue.exe
  C:\Windows\System\kcmcwue.exe
  2⤵
  PID:13752
- C:\Windows\System\KbSwhKe.exe
  C:\Windows\System\KbSwhKe.exe
  2⤵
  PID:13776
- C:\Windows\System\CUjhXwc.exe
  C:\Windows\System\CUjhXwc.exe
  2⤵
  PID:13812
- C:\Windows\System\Usosxkn.exe
  C:\Windows\System\Usosxkn.exe
  2⤵
  PID:13860
- C:\Windows\System\vjPHQNL.exe
  C:\Windows\System\vjPHQNL.exe
  2⤵
  PID:13908
- C:\Windows\System\iPIMREN.exe
  C:\Windows\System\iPIMREN.exe
  2⤵
  PID:13936
- C:\Windows\System\QbhWTnF.exe
  C:\Windows\System\QbhWTnF.exe
  2⤵
  PID:13980
- C:\Windows\System\TefgKZR.exe
  C:\Windows\System\TefgKZR.exe
  2⤵
  PID:14016
- C:\Windows\System\sKVKIwn.exe
  C:\Windows\System\sKVKIwn.exe
  2⤵
  PID:14032
- C:\Windows\System\NBxqvFk.exe
  C:\Windows\System\NBxqvFk.exe
  2⤵
  PID:14048
- C:\Windows\System\NUrztxn.exe
  C:\Windows\System\NUrztxn.exe
  2⤵
  PID:14100
- C:\Windows\System\VUBZLfh.exe
  C:\Windows\System\VUBZLfh.exe
  2⤵
  PID:14140
- C:\Windows\System\OtxpWwC.exe
  C:\Windows\System\OtxpWwC.exe
  2⤵
  PID:14156
- C:\Windows\System\nrpiEnO.exe
  C:\Windows\System\nrpiEnO.exe
  2⤵
  PID:14196
- C:\Windows\System\JpQWgYS.exe
  C:\Windows\System\JpQWgYS.exe
  2⤵
  PID:14224
- C:\Windows\System\EuFIBCD.exe
  C:\Windows\System\EuFIBCD.exe
  2⤵
  PID:14240
- C:\Windows\System\jqPmQeO.exe
  C:\Windows\System\jqPmQeO.exe
  2⤵
  PID:14264
- C:\Windows\System\UbDUxgc.exe
  C:\Windows\System\UbDUxgc.exe
  2⤵
  PID:14304
- C:\Windows\System\EoYWUrN.exe
  C:\Windows\System\EoYWUrN.exe
  2⤵
  PID:13316
- C:\Windows\System\FFLSBZu.exe
  C:\Windows\System\FFLSBZu.exe
  2⤵
  PID:13380
- C:\Windows\System\zTmqPup.exe
  C:\Windows\System\zTmqPup.exe
  2⤵
  PID:13408
- C:\Windows\System\ayrlyfn.exe
  C:\Windows\System\ayrlyfn.exe
  2⤵
  PID:4512
- C:\Windows\System\GWiLlJQ.exe
  C:\Windows\System\GWiLlJQ.exe
  2⤵
  PID:13528
- C:\Windows\System\oaWNrRI.exe
  C:\Windows\System\oaWNrRI.exe
  2⤵
  PID:3584
- C:\Windows\System\eSiGyhI.exe
  C:\Windows\System\eSiGyhI.exe
  2⤵
  PID:6216
- C:\Windows\System\OeRRufe.exe
  C:\Windows\System\OeRRufe.exe
  2⤵
  PID:13584
- C:\Windows\System\TTTNmim.exe
  C:\Windows\System\TTTNmim.exe
  2⤵
  PID:13608
- C:\Windows\System\bzjDEEp.exe
  C:\Windows\System\bzjDEEp.exe
  2⤵
  PID:13668
- C:\Windows\System\xRXuUeu.exe
  C:\Windows\System\xRXuUeu.exe
  2⤵
  PID:2488
- C:\Windows\System\MLWpEMj.exe
  C:\Windows\System\MLWpEMj.exe
  2⤵
  PID:13748
- C:\Windows\System\WqMatqR.exe
  C:\Windows\System\WqMatqR.exe
  2⤵
  PID:13792
- C:\Windows\System\zJkMxZO.exe
  C:\Windows\System\zJkMxZO.exe
  2⤵
  PID:13840
- C:\Windows\System\aJpCAWg.exe
  C:\Windows\System\aJpCAWg.exe
  2⤵
  PID:2120
- C:\Windows\System\nptTDfh.exe
  C:\Windows\System\nptTDfh.exe
  2⤵
  PID:2880
- C:\Windows\System\BimryZW.exe
  C:\Windows\System\BimryZW.exe
  2⤵
  PID:4360
- C:\Windows\System\KvRvXKg.exe
  C:\Windows\System\KvRvXKg.exe
  2⤵
  PID:2724
- C:\Windows\System\BEAtYqB.exe
  C:\Windows\System\BEAtYqB.exe
  2⤵
  PID:4492
- C:\Windows\System\fBvJqKV.exe
  C:\Windows\System\fBvJqKV.exe
  2⤵
  PID:13740
- C:\Windows\System\oBrwhRx.exe
  C:\Windows\System\oBrwhRx.exe
  2⤵
  PID:13928
- C:\Windows\System\RWdQFFR.exe
  C:\Windows\System\RWdQFFR.exe
  2⤵
  PID:6844
- C:\Windows\System\mYVYENm.exe
  C:\Windows\System\mYVYENm.exe
  2⤵
  PID:6988
- C:\Windows\System\zvaCdAU.exe
  C:\Windows\System\zvaCdAU.exe
  2⤵
  PID:1472
- C:\Windows\System\HaDyjME.exe
  C:\Windows\System\HaDyjME.exe
  2⤵
  PID:2364
- C:\Windows\System\fhjchpE.exe
  C:\Windows\System\fhjchpE.exe
  2⤵
  PID:1316
- C:\Windows\System\ptVizvb.exe
  C:\Windows\System\ptVizvb.exe
  2⤵
  PID:1076
- C:\Windows\System\dwyHnmK.exe
  C:\Windows\System\dwyHnmK.exe
  2⤵
  PID:2840
- C:\Windows\System\LFhObAY.exe
  C:\Windows\System\LFhObAY.exe
  2⤵
  PID:4716
- C:\Windows\System\lbwTscx.exe
  C:\Windows\System\lbwTscx.exe
  2⤵
  PID:4300
- C:\Windows\System\muyAzor.exe
  C:\Windows\System\muyAzor.exe
  2⤵
  PID:14040
- C:\Windows\System\vUHJupv.exe
  C:\Windows\System\vUHJupv.exe
  2⤵
  PID:14068
- C:\Windows\System\cEafwiu.exe
  C:\Windows\System\cEafwiu.exe
  2⤵
  PID:14136
- C:\Windows\System\FYkeJzR.exe
  C:\Windows\System\FYkeJzR.exe
  2⤵
  PID:3528
- C:\Windows\System\naBqPsx.exe
  C:\Windows\System\naBqPsx.exe
  2⤵
  PID:14184
- C:\Windows\System\KCEXLrY.exe
  C:\Windows\System\KCEXLrY.exe
  2⤵
  PID:14220
- C:\Windows\System\yntHRao.exe
  C:\Windows\System\yntHRao.exe
  2⤵
  PID:3448
- C:\Windows\System\vRVWDwB.exe
  C:\Windows\System\vRVWDwB.exe
  2⤵
  PID:14300
- C:\Windows\System\LZfMvpt.exe
  C:\Windows\System\LZfMvpt.exe
  2⤵
  PID:2156
- C:\Windows\System\iCknTIc.exe
  C:\Windows\System\iCknTIc.exe
  2⤵
  PID:12644
- C:\Windows\System\XVyOvyB.exe
  C:\Windows\System\XVyOvyB.exe
  2⤵
  PID:5540
- C:\Windows\System\qKIIUxn.exe
  C:\Windows\System\qKIIUxn.exe
  2⤵
  PID:720
- C:\Windows\System\HpZmcSY.exe
  C:\Windows\System\HpZmcSY.exe
  2⤵
  PID:1860
- C:\Windows\System\UjLqieO.exe
  C:\Windows\System\UjLqieO.exe
  2⤵
  PID:3980
- C:\Windows\System\TpQMolC.exe
  C:\Windows\System\TpQMolC.exe
  2⤵
  PID:1888
- C:\Windows\System\SgVszlW.exe
  C:\Windows\System\SgVszlW.exe
  2⤵
  PID:5004
- C:\Windows\System\XzETtGv.exe
  C:\Windows\System\XzETtGv.exe
  2⤵
  PID:13664
- C:\Windows\System\ZPgsQCS.exe
  C:\Windows\System\ZPgsQCS.exe
  2⤵
  PID:13744
- C:\Windows\System\fxUcRTu.exe
  C:\Windows\System\fxUcRTu.exe
  2⤵
  PID:13976
- C:\Windows\System\XdkzBIB.exe
  C:\Windows\System\XdkzBIB.exe
  2⤵
  PID:6600
- C:\Windows\System\eQhVPFq.exe
  C:\Windows\System\eQhVPFq.exe
  2⤵
  PID:2964
- C:\Windows\System\kkyotRD.exe
  C:\Windows\System\kkyotRD.exe
  2⤵
  PID:3888
- C:\Windows\System\hKHDcGF.exe
  C:\Windows\System\hKHDcGF.exe
  2⤵
  PID:13804
- C:\Windows\System\sCAmRyN.exe
  C:\Windows\System\sCAmRyN.exe
  2⤵
  PID:5128
- C:\Windows\System\Rsqwpri.exe
  C:\Windows\System\Rsqwpri.exe
  2⤵
  PID:5164
- C:\Windows\System\OzJaDIU.exe
  C:\Windows\System\OzJaDIU.exe
  2⤵
  PID:1876
- C:\Windows\System\VFiubFr.exe
  C:\Windows\System\VFiubFr.exe
  2⤵
  PID:5032
- C:\Windows\System\FxWsyyz.exe
  C:\Windows\System\FxWsyyz.exe
  2⤵
  PID:5048
- C:\Windows\System\rbntBVt.exe
  C:\Windows\System\rbntBVt.exe
  2⤵
  PID:4304
- C:\Windows\System\NUbKmoI.exe
  C:\Windows\System\NUbKmoI.exe
  2⤵
  PID:14120
- C:\Windows\System\zoFkDvs.exe
  C:\Windows\System\zoFkDvs.exe
  2⤵
  PID:14168
- C:\Windows\System\NXzUhxh.exe
  C:\Windows\System\NXzUhxh.exe
  2⤵
  PID:5376
- C:\Windows\System\qFuoRBr.exe
  C:\Windows\System\qFuoRBr.exe
  2⤵
  PID:5432
- C:\Windows\System\PzSAsNQ.exe
  C:\Windows\System\PzSAsNQ.exe
  2⤵
  PID:13996
- C:\Windows\System\xSBKEgV.exe
  C:\Windows\System\xSBKEgV.exe
  2⤵
  PID:5476
- C:\Windows\System\xFkHLYv.exe
  C:\Windows\System\xFkHLYv.exe
  2⤵
  PID:13328
- C:\Windows\System\cuFhCMV.exe
  C:\Windows\System\cuFhCMV.exe
  2⤵
  PID:13484
- C:\Windows\System\MNWLNLR.exe
  C:\Windows\System\MNWLNLR.exe
  2⤵
  PID:6308
- C:\Windows\System\WEbysfC.exe
  C:\Windows\System\WEbysfC.exe
  2⤵
  PID:5572
- C:\Windows\System\MtmdXue.exe
  C:\Windows\System\MtmdXue.exe
  2⤵
  PID:60
- C:\Windows\System\wOgeKvX.exe
  C:\Windows\System\wOgeKvX.exe
  2⤵
  PID:2168
- C:\Windows\System\iurOqYr.exe
  C:\Windows\System\iurOqYr.exe
  2⤵
  PID:5680
- C:\Windows\System\cjXGvJN.exe
  C:\Windows\System\cjXGvJN.exe
  2⤵
  PID:13820
- C:\Windows\System\nRAlIui.exe
  C:\Windows\System\nRAlIui.exe
  2⤵
  PID:5156
- C:\Windows\System\MEayKJs.exe
  C:\Windows\System\MEayKJs.exe
  2⤵
  PID:5208
- C:\Windows\System\freLmhR.exe
  C:\Windows\System\freLmhR.exe
  2⤵
  PID:4388
- C:\Windows\System\IZpLbNi.exe
  C:\Windows\System\IZpLbNi.exe
  2⤵
  PID:1852
- C:\Windows\System\SAgBFax.exe
  C:\Windows\System\SAgBFax.exe
  2⤵
  PID:14148
- C:\Windows\System\tpJRCjH.exe
  C:\Windows\System\tpJRCjH.exe
  2⤵
  PID:14216
- C:\Windows\System\qNTFwRa.exe
  C:\Windows\System\qNTFwRa.exe
  2⤵
  PID:4308
- C:\Windows\System\gMwFaqX.exe
  C:\Windows\System\gMwFaqX.exe
  2⤵
  PID:5868
- C:\Windows\System\EPlTHem.exe
  C:\Windows\System\EPlTHem.exe
  2⤵
  PID:6912
- C:\Windows\System\GjcTzxM.exe
  C:\Windows\System\GjcTzxM.exe
  2⤵
  PID:6992
- C:\Windows\System\EQJnTek.exe
  C:\Windows\System\EQJnTek.exe
  2⤵
  PID:5972
- C:\Windows\System\oFdPTNK.exe
  C:\Windows\System\oFdPTNK.exe
  2⤵
  PID:13612
- C:\Windows\System\qeeARUQ.exe
  C:\Windows\System\qeeARUQ.exe
  2⤵
  PID:2692
- C:\Windows\System\KNhftMG.exe
  C:\Windows\System\KNhftMG.exe
  2⤵
  PID:8
- C:\Windows\System\LnITACY.exe
  C:\Windows\System\LnITACY.exe
  2⤵
  PID:3052
- C:\Windows\System\aiuidTd.exe
  C:\Windows\System\aiuidTd.exe
  2⤵
  PID:6032
- C:\Windows\System\QbCJFGN.exe
  C:\Windows\System\QbCJFGN.exe
  2⤵
  PID:6076
- C:\Windows\System\ffzFrGL.exe
  C:\Windows\System\ffzFrGL.exe
  2⤵
  PID:1252
- C:\Windows\System\UWhiHFW.exe
  C:\Windows\System\UWhiHFW.exe
  2⤵
  PID:1380
- C:\Windows\System\XGIRxmK.exe
  C:\Windows\System\XGIRxmK.exe
  2⤵
  PID:2792
- C:\Windows\System\oJhEgtK.exe
  C:\Windows\System\oJhEgtK.exe
  2⤵
  PID:5044
- C:\Windows\System\vVjSSxi.exe
  C:\Windows\System\vVjSSxi.exe
  2⤵
  PID:4476
- C:\Windows\System\yoLUiYw.exe
  C:\Windows\System\yoLUiYw.exe
  2⤵
  PID:1480
- C:\Windows\System\OHUCOlB.exe
  C:\Windows\System\OHUCOlB.exe
  2⤵
  PID:5132
- C:\Windows\System\ETcckyT.exe
  C:\Windows\System\ETcckyT.exe
  2⤵
  PID:6232
- C:\Windows\System\GOfNFOE.exe
  C:\Windows\System\GOfNFOE.exe
  2⤵
  PID:6952
- C:\Windows\System\wUSWjuu.exe
  C:\Windows\System\wUSWjuu.exe
  2⤵
  PID:6004
- C:\Windows\System\mhqYZNz.exe
  C:\Windows\System\mhqYZNz.exe
  2⤵
  PID:5352
- C:\Windows\System\XUhFpCB.exe
  C:\Windows\System\XUhFpCB.exe
  2⤵
  PID:7044
- C:\Windows\System\IZhhzrk.exe
  C:\Windows\System\IZhhzrk.exe
  2⤵
  PID:6484
- C:\Windows\System\AYsQLkR.exe
  C:\Windows\System\AYsQLkR.exe
  2⤵
  PID:4236
- C:\Windows\System\mUOMQsd.exe
  C:\Windows\System\mUOMQsd.exe
  2⤵
  PID:5516
- C:\Windows\System\HFXmmcO.exe
  C:\Windows\System\HFXmmcO.exe
  2⤵
  PID:14284
- C:\Windows\System\VPglnuc.exe
  C:\Windows\System\VPglnuc.exe
  2⤵
  PID:6748
- C:\Windows\System\tzlQiEa.exe
  C:\Windows\System\tzlQiEa.exe
  2⤵
  PID:6388
- C:\Windows\System\zivPFzT.exe
  C:\Windows\System\zivPFzT.exe
  2⤵
  PID:1040
- C:\Windows\System\rxQKLQY.exe
  C:\Windows\System\rxQKLQY.exe
  2⤵
  PID:2540
- C:\Windows\System\XoFapNV.exe
  C:\Windows\System\XoFapNV.exe
  2⤵
  PID:5272
- C:\Windows\System\rSXVGsp.exe
  C:\Windows\System\rSXVGsp.exe
  2⤵
  PID:5808
- C:\Windows\System\nHgWAGJ.exe
  C:\Windows\System\nHgWAGJ.exe
  2⤵
  PID:7188
- C:\Windows\System\MULZdHL.exe
  C:\Windows\System\MULZdHL.exe
  2⤵
  PID:5404
- C:\Windows\System\BkzXoLI.exe
  C:\Windows\System\BkzXoLI.exe
  2⤵
  PID:6044
- C:\Windows\System\AaLGSBv.exe
  C:\Windows\System\AaLGSBv.exe
  2⤵
  PID:2152
- C:\Windows\System\CBuAPug.exe
  C:\Windows\System\CBuAPug.exe
  2⤵
  PID:6068
- C:\Windows\System\JtFNfFp.exe
  C:\Windows\System\JtFNfFp.exe
  2⤵
  PID:780
- C:\Windows\System\kAOxGtP.exe
  C:\Windows\System\kAOxGtP.exe
  2⤵
  PID:7344
- C:\Windows\System\YgtPFwc.exe
  C:\Windows\System\YgtPFwc.exe
  2⤵
  PID:5604
- C:\Windows\System\fkBYFMx.exe
  C:\Windows\System\fkBYFMx.exe
  2⤵
  PID:4568
- C:\Windows\System\AvbsMBf.exe
  C:\Windows\System\AvbsMBf.exe
  2⤵
  PID:7448
- C:\Windows\System\MxemtBL.exe
  C:\Windows\System\MxemtBL.exe
  2⤵
  PID:5448
- C:\Windows\System\xuZIgBz.exe
  C:\Windows\System\xuZIgBz.exe
  2⤵
  PID:7504
- C:\Windows\System\tfjjdgW.exe
  C:\Windows\System\tfjjdgW.exe
  2⤵
  PID:7256
- C:\Windows\System\iTaJrlR.exe
  C:\Windows\System\iTaJrlR.exe
  2⤵
  PID:7320
- C:\Windows\System\UtJVZkp.exe
  C:\Windows\System\UtJVZkp.exe
  2⤵
  PID:5600
- C:\Windows\System\jHeZFNi.exe
  C:\Windows\System\jHeZFNi.exe
  2⤵
  PID:5776
- C:\Windows\System\gWpYAxf.exe
  C:\Windows\System\gWpYAxf.exe
  2⤵
  PID:5668
- C:\Windows\System\yvsiCOV.exe
  C:\Windows\System\yvsiCOV.exe
  2⤵
  PID:7484
- C:\Windows\System\VUysUsE.exe
  C:\Windows\System\VUysUsE.exe
  2⤵
  PID:7740
- C:\Windows\System\FKwvdOo.exe
  C:\Windows\System\FKwvdOo.exe
  2⤵
  PID:5580
- C:\Windows\System\ZCNSIDW.exe
  C:\Windows\System\ZCNSIDW.exe
  2⤵
  PID:6152
- C:\Windows\System\QMumysA.exe
  C:\Windows\System\QMumysA.exe
  2⤵
  PID:5676
- C:\Windows\System\kkRFGgj.exe
  C:\Windows\System\kkRFGgj.exe
  2⤵
  PID:7980
- C:\Windows\System\WVlYpDw.exe
  C:\Windows\System\WVlYpDw.exe
  2⤵
  PID:8008
- C:\Windows\System\iYWZQHi.exe
  C:\Windows\System\iYWZQHi.exe
  2⤵
  PID:7436
- C:\Windows\System\JxYHpzM.exe
  C:\Windows\System\JxYHpzM.exe
  2⤵
  PID:4944
- C:\Windows\System\emmHzOq.exe
  C:\Windows\System\emmHzOq.exe
  2⤵
  PID:7512
- C:\Windows\System\VVuYsRx.exe
  C:\Windows\System\VVuYsRx.exe
  2⤵
  PID:7192
- C:\Windows\System\vIvSPvL.exe
  C:\Windows\System\vIvSPvL.exe
  2⤵
  PID:5768
- C:\Windows\System\RqNfYcG.exe
  C:\Windows\System\RqNfYcG.exe
  2⤵
  PID:7632
- C:\Windows\System\jLgSdkg.exe
  C:\Windows\System\jLgSdkg.exe
  2⤵
  PID:7464
- C:\Windows\System\MjjVWHy.exe
  C:\Windows\System\MjjVWHy.exe
  2⤵
  PID:8160
- C:\Windows\System\RXOyCCR.exe
  C:\Windows\System\RXOyCCR.exe
  2⤵
  PID:7556
- C:\Windows\System\JBfqSJp.exe
  C:\Windows\System\JBfqSJp.exe
  2⤵
  PID:7296
- C:\Windows\System\vVlxLxG.exe
  C:\Windows\System\vVlxLxG.exe
  2⤵
  PID:8004
- C:\Windows\System\niWPIqE.exe
  C:\Windows\System\niWPIqE.exe
  2⤵
  PID:6440
- C:\Windows\System\hHQLDKv.exe
  C:\Windows\System\hHQLDKv.exe
  2⤵
  PID:8116
- C:\Windows\System\zZUVTXh.exe
  C:\Windows\System\zZUVTXh.exe
  2⤵
  PID:5840
- C:\Windows\System\EHdhOij.exe
  C:\Windows\System\EHdhOij.exe
  2⤵
  PID:7420
- C:\Windows\System\PWLgVBH.exe
  C:\Windows\System\PWLgVBH.exe
  2⤵
  PID:7584
- C:\Windows\System\jgcxjKP.exe
  C:\Windows\System\jgcxjKP.exe
  2⤵
  PID:7828
- C:\Windows\System\IWQlSbv.exe
  C:\Windows\System\IWQlSbv.exe
  2⤵
  PID:8028
- C:\Windows\System\YIXoBiT.exe
  C:\Windows\System\YIXoBiT.exe
  2⤵
  PID:8012
- C:\Windows\System\ppdjLLf.exe
  C:\Windows\System\ppdjLLf.exe
  2⤵
  PID:7956
- C:\Windows\System\jvBMCpj.exe
  C:\Windows\System\jvBMCpj.exe
  2⤵
  PID:7856
- C:\Windows\System\nwelNom.exe
  C:\Windows\System\nwelNom.exe
  2⤵
  PID:8128
- C:\Windows\System\mSoesyX.exe
  C:\Windows\System\mSoesyX.exe
  2⤵
  PID:4900
- C:\Windows\System\ycYIUYN.exe
  C:\Windows\System\ycYIUYN.exe
  2⤵
  PID:7516
- C:\Windows\System\vgKUhfJ.exe
  C:\Windows\System\vgKUhfJ.exe
  2⤵
  PID:8348
- C:\Windows\System\grzEbgt.exe
  C:\Windows\System\grzEbgt.exe
  2⤵
  PID:7628
- C:\Windows\System\ZOSUaFD.exe
  C:\Windows\System\ZOSUaFD.exe
  2⤵
  PID:8428
- C:\Windows\System\rngDjNN.exe
  C:\Windows\System\rngDjNN.exe
  2⤵
  PID:6856
- C:\Windows\System\ZDAajZF.exe
  C:\Windows\System\ZDAajZF.exe
  2⤵
  PID:6852
- C:\Windows\System\fCOwEtE.exe
  C:\Windows\System\fCOwEtE.exe
  2⤵
  PID:8508
- C:\Windows\System\TiVBvMw.exe
  C:\Windows\System\TiVBvMw.exe
  2⤵
  PID:14348
- C:\Windows\System\KxyOJeY.exe
  C:\Windows\System\KxyOJeY.exe
  2⤵
  PID:14376
- C:\Windows\System\kAxlJuK.exe
  C:\Windows\System\kAxlJuK.exe
  2⤵
  PID:14404
- C:\Windows\System\OqJDNSr.exe
  C:\Windows\System\OqJDNSr.exe
  2⤵
  PID:14432
- C:\Windows\System\HyZsxzX.exe
  C:\Windows\System\HyZsxzX.exe
  2⤵
  PID:14460
- C:\Windows\System\LyJkeDY.exe
  C:\Windows\System\LyJkeDY.exe
  2⤵
  PID:14488
- C:\Windows\System\bPgtVjX.exe
  C:\Windows\System\bPgtVjX.exe
  2⤵
  PID:14516
- C:\Windows\System\rloUJJl.exe
  C:\Windows\System\rloUJJl.exe
  2⤵
  PID:14544
- C:\Windows\System\piBGqco.exe
  C:\Windows\System\piBGqco.exe
  2⤵
  PID:14572
- C:\Windows\System\epcLRbb.exe
  C:\Windows\System\epcLRbb.exe
  2⤵
  PID:14604
- C:\Windows\System\dgTSWUm.exe
  C:\Windows\System\dgTSWUm.exe
  2⤵
  PID:14632
- C:\Windows\System\LxBVweD.exe
  C:\Windows\System\LxBVweD.exe
  2⤵
  PID:14660
- C:\Windows\System\MgnJPbZ.exe
  C:\Windows\System\MgnJPbZ.exe
  2⤵
  PID:14688
- C:\Windows\System\uSsgTlg.exe
  C:\Windows\System\uSsgTlg.exe
  2⤵
  PID:14716
- C:\Windows\System\XwGCsom.exe
  C:\Windows\System\XwGCsom.exe
  2⤵
  PID:14744
- C:\Windows\System\adrICOo.exe
  C:\Windows\System\adrICOo.exe
  2⤵
  PID:14772
- C:\Windows\System\WBGcnLI.exe
  C:\Windows\System\WBGcnLI.exe
  2⤵
  PID:14800
- C:\Windows\System\GRbdpCm.exe
  C:\Windows\System\GRbdpCm.exe
  2⤵
  PID:14828
- C:\Windows\System\bFPILbH.exe
  C:\Windows\System\bFPILbH.exe
  2⤵
  PID:14856
- C:\Windows\System\VwHTHIH.exe
  C:\Windows\System\VwHTHIH.exe
  2⤵
  PID:14884
- C:\Windows\System\OuysQZo.exe
  C:\Windows\System\OuysQZo.exe
  2⤵
  PID:14912
- C:\Windows\System\XyJxmBb.exe
  C:\Windows\System\XyJxmBb.exe
  2⤵
  PID:14940
- C:\Windows\System\simfkKe.exe
  C:\Windows\System\simfkKe.exe
  2⤵
  PID:14968
- C:\Windows\System\rHCbYKZ.exe
  C:\Windows\System\rHCbYKZ.exe
  2⤵
  PID:14996
- C:\Windows\System\kDfpKHB.exe
  C:\Windows\System\kDfpKHB.exe
  2⤵
  PID:15024
- C:\Windows\System\fPMXgWk.exe
  C:\Windows\System\fPMXgWk.exe
  2⤵
  PID:15052
- C:\Windows\System\akPNRpm.exe
  C:\Windows\System\akPNRpm.exe
  2⤵
  PID:15080
- C:\Windows\System\GqnMBwQ.exe
  C:\Windows\System\GqnMBwQ.exe
  2⤵
  PID:15108
- C:\Windows\System\aWAoUqS.exe
  C:\Windows\System\aWAoUqS.exe
  2⤵
  PID:15136
- C:\Windows\System\PkGqtZs.exe
  C:\Windows\System\PkGqtZs.exe
  2⤵
  PID:15164
- C:\Windows\System\pgMCncm.exe
  C:\Windows\System\pgMCncm.exe
  2⤵
  PID:15192
- C:\Windows\System\MekHDkM.exe
  C:\Windows\System\MekHDkM.exe
  2⤵
  PID:15224
- C:\Windows\System\lMxqeds.exe
  C:\Windows\System\lMxqeds.exe
  2⤵
  PID:15248
- C:\Windows\System\ZApHKYz.exe
  C:\Windows\System\ZApHKYz.exe
  2⤵
  PID:15276
- C:\Windows\System\LTNvBpD.exe
  C:\Windows\System\LTNvBpD.exe
  2⤵
  PID:15308
- C:\Windows\System\mrIPmLH.exe
  C:\Windows\System\mrIPmLH.exe
  2⤵
  PID:15336
- C:\Windows\System\BRQdZwK.exe
  C:\Windows\System\BRQdZwK.exe
  2⤵
  PID:8576
- C:\Windows\System\QQoratt.exe
  C:\Windows\System\QQoratt.exe
  2⤵
  PID:14388
- C:\Windows\System\xLvRmty.exe
  C:\Windows\System\xLvRmty.exe
  2⤵
  PID:8632
- C:\Windows\System\TkkVpwr.exe
  C:\Windows\System\TkkVpwr.exe
  2⤵
  PID:14452
- C:\Windows\System\SutOooB.exe
  C:\Windows\System\SutOooB.exe
  2⤵
  PID:14500
- C:\Windows\System\PuEpDAK.exe
  C:\Windows\System\PuEpDAK.exe
  2⤵
  PID:8736
- C:\Windows\System\DAOqbOk.exe
  C:\Windows\System\DAOqbOk.exe
  2⤵
  PID:14568
- C:\Windows\System\rldjurd.exe
  C:\Windows\System\rldjurd.exe
  2⤵
  PID:8820
- C:\Windows\System\ALvwlzy.exe
  C:\Windows\System\ALvwlzy.exe
  2⤵
  PID:14652
- C:\Windows\System\EweFZqh.exe
  C:\Windows\System\EweFZqh.exe
  2⤵
  PID:14680
- C:\Windows\System\WytbJYu.exe
  C:\Windows\System\WytbJYu.exe
  2⤵
  PID:8932
- C:\Windows\System\AAPuLBh.exe
  C:\Windows\System\AAPuLBh.exe
  2⤵
  PID:9000
- C:\Windows\System\tXoSXEm.exe
  C:\Windows\System\tXoSXEm.exe
  2⤵
  PID:14792
- C:\Windows\System\LJkCxaJ.exe
  C:\Windows\System\LJkCxaJ.exe
  2⤵
  PID:9112
- C:\Windows\System\rPFjaNW.exe
  C:\Windows\System\rPFjaNW.exe
  2⤵
  PID:14880
- C:\Windows\System\yvmYDwL.exe
  C:\Windows\System\yvmYDwL.exe
  2⤵
  PID:14908
- C:\Windows\System\FtzEBXR.exe
  C:\Windows\System\FtzEBXR.exe
  2⤵
  PID:14960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CTFvYvQ.exe

Filesize
6.0MB

MD5
b375194f598bd0fea0c006a7f0fe471e

SHA1
4354231c79377c01caa922982cbf7e686fe8d7e1

SHA256
d06f8ed31a1ace0d9c77b7938b443ac8ecee3468e207a160ffd07196ae104488

SHA512
8050b3ab593af765d0b186721a9b2c338ad3b686f82f9f4caf20de51b1fdcb3e8eadae81d8e157be992f11fc82c5bdc866bb34c9ba8980791ffa67997a257055

Download Submit
C:\Windows\System\CeIDJJs.exe

Filesize
6.0MB

MD5
123bcca90f2d263b7a1b01d616073a2f

SHA1
5b6be072dd52ff60cfd3f00d00078fd338aed912

SHA256
60aa898a93b2d9b1b964b9388a151e79a63e5efbcddbf4cfa70f3d4479064702

SHA512
1858dc5df7c2561c323a27e102bd4d298ec84e29bc610327fc6400ab8b57d677a5978ce483fa03f1f7077346452060e5c5bcf8ef68e66adde3171fa1a1244bc2

Download Submit
C:\Windows\System\EiRRZmz.exe

Filesize
6.0MB

MD5
beed27817f648b9b5f859686f5ffcedf

SHA1
41966bf9088268dafb31359b804adeffd00e0bb0

SHA256
b34fc896ab561efdf93dbaadd9f11b2e5d0a29ac3d1c479f5f961434a1643210

SHA512
441cc2a1ae85bed00586f63b0bc15d95f64d25cc6af08490ec43427c556de1581b31943f273060f92858427d6efdfcdaed8c83ea06be3876307c71c79417ff84

Download Submit
C:\Windows\System\EvHcaJw.exe

Filesize
6.0MB

MD5
ff950868b3b4c30e64e4a8ba4cc94f92

SHA1
e0635e04705488a6731586ac3efad9b25733734d

SHA256
7dc3030b58ede3b12d56d1ebf0dee1a5c0015eb9708c7648ce365b4bbd7e1fc7

SHA512
5ab6d59426d15bb32d2cc32ea39125c78da226451f5a303e05faa44b96d2b1d4abce09e9a3812b2e39518c577e8ffe81c54fc47da88974713e1d62a12c3e1819

Download Submit
C:\Windows\System\ICvlYmM.exe

Filesize
6.0MB

MD5
e54bf247c7a25a7ce3e6390547dd75fe

SHA1
de3abe2ab6d248ec7897530e4ba46804ab2f5095

SHA256
816a7f0cb8b7e51ea97a41e6e8648499eec9bd9710fe6b54eab5e1f8bc09cd78

SHA512
8ae248e9b875c1d6ea8ae588231919517d9cacabb2211ddbf0e1bd463f5bbc2900222376507ba81b6bb85849ea4bd73ee38a54de359642002fa024747c1574ee

Download Submit
C:\Windows\System\MFhdWLD.exe

Filesize
6.0MB

MD5
620f274e85dcb4986c9e72d57081d340

SHA1
b4fe0dfaae89e5db8112384d74803437ab6663f1

SHA256
1278521c2f95da624eafc8f5fc92ea1eb10309648423d91f33b6ea2de835808b

SHA512
64388f3b0e7e895af5418dd77866c7b77db55206b4f86d84b21c5be5e79689ca7176fb0c21428fa0432e7123cd800d0a0e8ae199330e4121be4b2a4c09b641e9

Download Submit
C:\Windows\System\MGWTxjR.exe

Filesize
6.0MB

MD5
b2ab99db3feca8a768b35186c778baca

SHA1
e575602364f19f1786dc3d72414ea89e1a9952d8

SHA256
02309f06804b76aa30e85289409227dcb176a04e0c79bd0a8b1b24ac92e906c7

SHA512
f0fd9016b743d16c8e9977b76c52328e4b3499f55b45f991c5387427f1851afd72c4e96d80111b39ca435633e6ed4c6c6c9238fbd6ef8dc6c2bd4566b9c6b8da

Download Submit
C:\Windows\System\MPwrzEl.exe

Filesize
6.0MB

MD5
0907dc9366645f03461eb893965a495c

SHA1
ecdb7a9a59e0ceb08e8ebd6eafbc291725bdcda4

SHA256
32f2cdc31b2cc0796b89ca83b74a53b5b749b335dc2b586a56ec1c7fee2c844d

SHA512
a2e098216c7c6b1bb1ad0b7987bae62815de0895e63a9db8b8605f26c1c6c0df949ecc1cfc91cbaf8ab2680c15bf0ac5dbdd4607de9d9d15679ce79a2fc5317b

Download Submit
C:\Windows\System\QMdDjZI.exe

Filesize
6.0MB

MD5
2e5f8d28f8fd5dd8782100bd9366c972

SHA1
88690082b616799af10571d6b4d04016905a78ea

SHA256
ecaf2fd338c01b0d2e439c80ebb8c1ef7047ae7648b3e5bd317b9af74673a4c6

SHA512
7a087347101e7a8d24d28e2168cbf82308296fb1c3aaae9720fa02f120d771b86418d1ae27a1bb607bb937f67d0feb731c1e3e7f2875cccad61113e2788dd24a

Download Submit
C:\Windows\System\QOvjzvj.exe

Filesize
6.0MB

MD5
c773bccfc56474dfcb68628a3a0dbf72

SHA1
967d8ed3911678819033bd6717f4174feb92517c

SHA256
f5da8b51c459a04ee09f38e71eda825350601f3896dc900ea0024a82f823283c

SHA512
d3291717ca86890b9c777c48bcbb8204550df870a534f77f3875d7fb6b8f7f26710c3dd4a1abc8fae2bb667ce7cd25829da977aec65099cbb56d13b8b71e256a

Download Submit
C:\Windows\System\QyuUBfB.exe

Filesize
6.0MB

MD5
149f008e7a1934179fb122423f4a65e4

SHA1
e6a77250536fc27996298221c3ed45e1a55b1f68

SHA256
7ae4085ac303ff88d5341ac2c3d876653ff8745849de2023cc629cc032bdfa3f

SHA512
49b2718a91f5482cacd227676f27892b1f74e110fe765f8aa344d7abf33ddcb213e91cae2a0bf1b78e43ceb030b48f29bf315eeec6252ac764144234b224790a

Download Submit
C:\Windows\System\TsKqfaW.exe

Filesize
6.0MB

MD5
914beae1ed1a0cd4466bcdcba7f94b58

SHA1
6cc2765ed84d0f081b145da62bc55e294581724c

SHA256
bed8ffae2265e43d674c1dcc4af6424d9c3ab3ee429918d932535c390bc7d9d9

SHA512
6419f8e10d470f5ffe7c20a807d35fa1c03cdb96e93cb3e4430ee04f0d37d2a5d2db5a58ca9915ae3139b72e3b055015483c4298b231908353668d75028cd59a

Download Submit
C:\Windows\System\UHfWZoD.exe

Filesize
6.0MB

MD5
df9b0a894d40cfc89c4db675b3ab237c

SHA1
243e4db83a1b885bd596346bc3b1c3e6cdb07524

SHA256
ea0b320d73a56cd769228f30abfb38cf4b0c7932272050aa03dcff8eaf9f9837

SHA512
4f5812f7b75f7b425b8fdef033ac49c97dad8122113df5be72e08b12b618938ebfeff5585f4036f0b242647112a82d959f027e83b85f00eda02490d8c966cb53

Download Submit
C:\Windows\System\WExWfio.exe

Filesize
6.0MB

MD5
fc7d4e136e14498b8c12ee32b3075d2d

SHA1
8515e6fc76fb538fd1ddd13c893415de82fdfcca

SHA256
95de484e949cb3b361f480a9ac18dec41504038ba1b583bac10b3b93e6e04121

SHA512
ee7621d55679e15909f38b169374e01752065c01cff049534ea8068fe16631c8532ae294623e394ffe8a23bed0fea103b5b3e2a87bfb66c4c4dfd75ac22fc065

Download Submit
C:\Windows\System\YninPIb.exe

Filesize
6.0MB

MD5
5f59aac4568e7eed32535ec592ec6406

SHA1
d65a8a549450352c15cd7295a26fe6ca4a6b97f8

SHA256
a6fa28adc6826601131ebdbed16768d917d03b1e1ddf21393cb5b4f0c37101c5

SHA512
607dc1f45318c4844151f3028057b23221cfd37c0e15a050772b60124b3c62dd8c5f8a027c1a7ab8ca9694e68dab57aff317e285a6ec6c2da01cd635b90869c8

Download Submit
C:\Windows\System\ZQgkwSx.exe

Filesize
6.0MB

MD5
3fac02bb4425679f4028228c511e1ecc

SHA1
abf717f17507f3666603e0fc681d126d584b0d92

SHA256
ace4780ffee2be3d8575b6ba284857ee2b88d6504d93640fade6858bab6fdf97

SHA512
c372593b3e1f5f5295905e77320cade29a1b5517aa4664804126e1f0088da848eb276e7a3917bcf375cac95802826b7a906dbd7c4f5116283654978445f24331

Download Submit
C:\Windows\System\ZZxFdqT.exe

Filesize
6.0MB

MD5
fb059633002c8bebc21cfaec8f1f2ec2

SHA1
e1fc29b42e8d5cce0ad63e1053be56777e6eafc6

SHA256
2c8ee9f081c19800c52c54db16c3c0727b5875fa377b6d3b52d635e84aac55fa

SHA512
73be518bfe46dfe2860aed6d87ca534e7ae32af08825f1ae3ff8f7a5e758cc0494906602959fbcd178e51ea54b61b7552738e57468a66e99a658d894a60ac83a

Download Submit
C:\Windows\System\aSHNUts.exe

Filesize
6.0MB

MD5
37215747eb34c0263bae25e46720626e

SHA1
90c30503a9c2a06c5c52e0c6421a00647738afe8

SHA256
06d1912a05b4ecc8af37024eeb00c3a63f228be66dac166c643f8453c2634510

SHA512
1c6eef15db9c4391608547a765a19292fee6efdd6c6a15ba6c13d5a5fae0c2fb590ac41d1920d589e8733917433a7d49bbedfd51b2e657e591964a74b1ca5557

Download Submit
C:\Windows\System\bdkBrku.exe

Filesize
6.0MB

MD5
b221de74f9aeb01c8a9d770a37ace2c8

SHA1
3b88d961fab27b3a9c78879ba0549f94ba098235

SHA256
5945e9f148f40670eae18fb898517968b949c49b575f34fce8b80650632974c8

SHA512
9e56b4dfa8d219f829a6eda96843939de917c014b9b4a4eec0e1af715a5a5d634247ba78fc6026b31783630b3889d06c6615e91ec0e2a9d548630cf4b38ee4ec

Download Submit
C:\Windows\System\caBNYIB.exe

Filesize
6.0MB

MD5
6ea0d18f4a4d22f67bf2c5763a94d0b9

SHA1
76947096636dd494b8b18310c7a4cfabfc585b1c

SHA256
5576c75ba76340fd370ec69f371ef1cf5df3d66a896fe464f983983d26a02419

SHA512
819ea188aff816ac2a2c2441f8189475d37c903dd927e9f9079830d6b379b782c88490748cd5bcb898fc343f327041fca5e6d66b94cff08169cf04d27f05bf06

Download Submit
C:\Windows\System\fErkBLp.exe

Filesize
6.0MB

MD5
de5503da332fcf6c4e46eba0ed0636ce

SHA1
7695a82c4e3989d9898709e61462d1490d86e25b

SHA256
e7b85c0baf5409e6de240a327cf42357578a13bc8716745680ba8b2d38f6d5d0

SHA512
2090c43f5c0a376943cf1c07f067376b8859e1aabb78aef236c64d64420d310d18ead6f990b912b0076f98f6808de890c711010a4597941d168c84ecd93bb898

Download Submit
C:\Windows\System\gcXYByh.exe

Filesize
6.0MB

MD5
259906844e66150b0d69828f190fe061

SHA1
627758a802d83b50b3720f05d09539d3b20e03ee

SHA256
27cf06513829189701888a2bc9d7a6d9860cd8bef3def363e9da08eefa4d50f2

SHA512
6856b01fe49836680458f90bae478b44d8002727308de24d88177f96f50ea21226f69be2f9f25c57562cdcc4430493695b87eb508fadb060981dc9ec60487bf3

Download Submit
C:\Windows\System\hYkRSMH.exe

Filesize
6.0MB

MD5
fca0ed697ad5fab09cfde4045161b6f0

SHA1
460a287a0b0f77c7d12be29dcb397894e1a922cf

SHA256
5d02c6e6921a803f0b7130f4de4a1a6d11355eced5d596e9e2d1b4ec3d34b510

SHA512
afa04c719eade940d8e170cc9c714e2d9e9c3c70a5a7876cf8ded8a3530029e1d7065f82998c154831dae9d8782687c1ce4283319de5400b35b91b7056fe43b0

Download Submit
C:\Windows\System\hkKhZDh.exe

Filesize
6.0MB

MD5
26d67b781ca44529fea788566bc92968

SHA1
e7180c8bdbc0ee2966267483e6207b7d372a0524

SHA256
c34448c51b46cf3d40b1517572f908263dd7957c4f2ecb1cc558a015ea50f51f

SHA512
d8e5e3e4f49a60e7c58acbac4fefe9f03a3e874ade7d2677280eda40ac567a2f6a5d866cbbee48ff381d1e8d01dd2d8eb7c0510b4c36b570ff864c0ef520d514

Download Submit
C:\Windows\System\jJlLVAI.exe

Filesize
6.0MB

MD5
9a9ef95dfbb58b5d5c030b0c249435ca

SHA1
abbc058b1342090542d47fba4fecd12fe339028c

SHA256
42d22f82f8a28ea7928b45dcc51c742067ac3d7a6279a700501610fb58ed3ab1

SHA512
4c551750b89c7206b57180f616dee7e267cd57d2def4f20db476d24c79490e5d19699559abb37149ea3a4101cef607207fdfae3883d29beea9fac7fb55e581cd

Download Submit
C:\Windows\System\jmfhNNI.exe

Filesize
6.0MB

MD5
10ff718e9a7874684c8b0d70e1a71285

SHA1
e4c92e4c1ac1decea1f82b96effccc2866986bda

SHA256
080164fa84b2658fdc14ad60f9b4f533dd9fc84ea2bf2345aac4970b3b0b851e

SHA512
9b451771841709e142e955028b1c84964032008908de6c7f3ea9dc6c083a71a2f9a7f51663f74ccde4c819850fc21aba2577c9376fa672d1ee2cb44c83047226

Download Submit
C:\Windows\System\jtSjriR.exe

Filesize
6.0MB

MD5
9e4b9344333432883ed7fae5c28d8688

SHA1
36b81752d7e3d1fff8a1c459039a3474430b209a

SHA256
b89adaeda2eaab6c491a6f172aa50bd1ac79134537f8b7e94484ce9185644dad

SHA512
7cd97d48c4f40a8b8f87508d0f37763ded09dc78b3baa7fe19198ffa73a02d12b9c3d268429a98730450c623d0d4a1c20e42a3739ba8e9d69e934cba4c5038ad

Download Submit
C:\Windows\System\lCNZebe.exe

Filesize
6.0MB

MD5
bda05ac15b610182b15e2f663d58cf2c

SHA1
76d6f443f3eefc31981e3a4e3e9eaddc9c6d5dce

SHA256
e1cd1fb2c0dabfe68c9c9f3042fa2cd2b2620c95fe64e4e651110bac916b9b9d

SHA512
b5351c8d387bfccc78be21162f88c63a93f6989d52dd7dce52bd2cac33b3c63864448d1b2c5eb938bcaae10551295f513974895110fe2d0e6b04dc72aee1c9c1

Download Submit
C:\Windows\System\lPRGedO.exe

Filesize
6.0MB

MD5
bee2172f8c78627a63c93ccf40543e23

SHA1
541c122751eb9cae95f909dfefe36e3ffd704c0f

SHA256
21ec4934c2157846656c52dcbd9ca14e159ae0c1feb97d416f8a9b33a63e303b

SHA512
ff62d58978b60c47da61351b087d581efb3070e42aad92404869b13b033ed296737c37df25f38867826ebe4ec1fa8d9c1c561fe8e6905644526a1031c7ef5520

Download Submit
C:\Windows\System\qmAUDTl.exe

Filesize
6.0MB

MD5
c58154d9c5e3eff5b392b0c63bf6114d

SHA1
390eb3c787e7b186a5027d1881c777e98a5b36d6

SHA256
1a7834ae005e0fa434da5bf50f2fcf096b24291e1841407e8ca43974e31e7a80

SHA512
b263aa2aa99a7e3b13a870806b985acc6044a187ea7d838736cdabd393d594d9f1394a8a2c6c21207f326f707fa66ac830bcd9165d6579c659df004ea679edd6

Download Submit
C:\Windows\System\uAjFuqA.exe

Filesize
6.0MB

MD5
8b61fe4adcffe653af75e6d6aed270a1

SHA1
3cf5018cc8c168e7dc3abeb063c8166d21078333

SHA256
a924639d2b0f034dfa1e0a3e6fb75b99977fb4ed69fe4bb1a275a733533534cc

SHA512
6f16be63b01a6c9d6b18ccb6cbd7539bca7a5e311601c554a56c57326ce9661333c168681d9e158f8cc2c5aa20b72fd2aa2b18740970c7b92e56d38c8ff3f846

Download Submit
C:\Windows\System\uuWtaEd.exe

Filesize
6.0MB

MD5
a770817a35f413ce959626d3335c71a1

SHA1
4dde3a49d143a48ba34a27fa6efe47c862422d78

SHA256
6764e991b58226f0cfd1170083b39f7913a303c8ce3e5714066e396fcc5187da

SHA512
0eb29d29cd119e0ab16c3c15b9e0a85f50ecdf167cb5b87493318cf55117df54c074547315ed0ce2e93ba4277220fffff3c5fc69551292b20b483a1770354678

Download Submit
C:\Windows\System\vGiVzUu.exe

Filesize
6.0MB

MD5
98fbcbc387397b34b12b61b02c2f6e9c

SHA1
e5727f078d65012130a31688b67817cba2cab7ab

SHA256
18f2c23a000106e6465648a4e7179565bca15bf0cb2abce90d0ad07ef384b48c

SHA512
cfa1328f38b5122bea6b3271377b2a6ec22f1dff1edcfc17b37ce92f5899d80fa172ee7f1bccf46a2965c471e76a871db16aa58197869bafc9b5a73d81f5b952

Download Submit
C:\Windows\System\xbkyeXk.exe

Filesize
6.0MB

MD5
6c1d1e71fb6eacd5669f9e01951bf4b0

SHA1
d823d080621bee6ba789682eab4376d11b4cdb4e

SHA256
441622f238d9d188926fa88bee9819c81ba957bd1c0a4f01b76cb6b8beb0442b

SHA512
bdae165e1d44688b7fe25d2d6fb1c21f135e56c2d5391e48d69247eb97c169c9682288b9166561ff25161694dd10bf19cd01c8e3cd6f1d823ee4fe77a2763545

Download Submit
memory/456-49-0x00007FF6C3CC0000-0x00007FF6C4014000-memory.dmp

Filesize
3.3MB

Download
memory/456-1924-0x00007FF6C3CC0000-0x00007FF6C4014000-memory.dmp

Filesize
3.3MB

Download
memory/840-153-0x00007FF651430000-0x00007FF651784000-memory.dmp

Filesize
3.3MB

Download
memory/840-1976-0x00007FF651430000-0x00007FF651784000-memory.dmp

Filesize
3.3MB

Download
memory/840-1057-0x00007FF651430000-0x00007FF651784000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1960-0x00007FF73E300000-0x00007FF73E654000-memory.dmp

Filesize
3.3MB

Download
memory/1640-113-0x00007FF73E300000-0x00007FF73E654000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1983-0x00007FF7DD0A0000-0x00007FF7DD3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-643-0x00007FF7DD0A0000-0x00007FF7DD3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-1975-0x00007FF6BF9F0000-0x00007FF6BFD44000-memory.dmp

Filesize
3.3MB

Download
memory/2040-157-0x00007FF6BF9F0000-0x00007FF6BFD44000-memory.dmp

Filesize
3.3MB

Download
memory/2444-929-0x00007FF6D8180000-0x00007FF6D84D4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-76-0x00007FF6D8180000-0x00007FF6D84D4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1944-0x00007FF6D8180000-0x00007FF6D84D4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-18-0x00007FF6DA570000-0x00007FF6DA8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1901-0x00007FF6DA570000-0x00007FF6DA8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-97-0x00007FF6DA570000-0x00007FF6DA8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-635-0x00007FF620CA0000-0x00007FF620FF4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1972-0x00007FF620CA0000-0x00007FF620FF4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-53-0x00007FF647C40000-0x00007FF647F94000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1929-0x00007FF647C40000-0x00007FF647F94000-memory.dmp

Filesize
3.3MB

Download
memory/2804-699-0x00007FF647C40000-0x00007FF647F94000-memory.dmp

Filesize
3.3MB

Download
memory/2904-132-0x00007FF7D4180000-0x00007FF7D44D4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1966-0x00007FF7D4180000-0x00007FF7D44D4000-memory.dmp

Filesize
3.3MB

Download
memory/3396-1987-0x00007FF68CC30000-0x00007FF68CF84000-memory.dmp

Filesize
3.3MB

Download
memory/3396-638-0x00007FF68CC30000-0x00007FF68CF84000-memory.dmp

Filesize
3.3MB

Download
memory/3596-1864-0x00007FF6FAE60000-0x00007FF6FB1B4000-memory.dmp

Filesize
3.3MB

Download
memory/3596-14-0x00007FF6FAE60000-0x00007FF6FB1B4000-memory.dmp

Filesize
3.3MB

Download
memory/3632-123-0x00007FF6B9DD0000-0x00007FF6BA124000-memory.dmp

Filesize
3.3MB

Download
memory/3632-1053-0x00007FF6B9DD0000-0x00007FF6BA124000-memory.dmp

Filesize
3.3MB

Download
memory/3632-1969-0x00007FF6B9DD0000-0x00007FF6BA124000-memory.dmp

Filesize
3.3MB

Download
memory/3904-1939-0x00007FF7F83D0000-0x00007FF7F8724000-memory.dmp

Filesize
3.3MB

Download
memory/3904-57-0x00007FF7F83D0000-0x00007FF7F8724000-memory.dmp

Filesize
3.3MB

Download
memory/3904-807-0x00007FF7F83D0000-0x00007FF7F8724000-memory.dmp

Filesize
3.3MB

Download
memory/3992-1951-0x00007FF750B50000-0x00007FF750EA4000-memory.dmp

Filesize
3.3MB

Download
memory/3992-106-0x00007FF750B50000-0x00007FF750EA4000-memory.dmp

Filesize
3.3MB

Download
memory/4048-86-0x00007FF76B6F0000-0x00007FF76BA44000-memory.dmp

Filesize
3.3MB

Download
memory/4048-1948-0x00007FF76B6F0000-0x00007FF76BA44000-memory.dmp

Filesize
3.3MB

Download
memory/4048-930-0x00007FF76B6F0000-0x00007FF76BA44000-memory.dmp

Filesize
3.3MB

Download
memory/4052-1937-0x00007FF7B7B80000-0x00007FF7B7ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4052-67-0x00007FF7B7B80000-0x00007FF7B7ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4052-871-0x00007FF7B7B80000-0x00007FF7B7ED4000-memory.dmp

Filesize
3.3MB

Download
memory/4260-645-0x00007FF70A060000-0x00007FF70A3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4260-1984-0x00007FF70A060000-0x00007FF70A3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4328-60-0x00007FF726E70000-0x00007FF7271C4000-memory.dmp

Filesize
3.3MB

Download
memory/4328-1933-0x00007FF726E70000-0x00007FF7271C4000-memory.dmp

Filesize
3.3MB

Download
memory/4344-634-0x00007FF63A530000-0x00007FF63A884000-memory.dmp

Filesize
3.3MB

Download
memory/4344-45-0x00007FF63A530000-0x00007FF63A884000-memory.dmp

Filesize
3.3MB

Download
memory/4344-1922-0x00007FF63A530000-0x00007FF63A884000-memory.dmp

Filesize
3.3MB

Download
memory/4384-142-0x00007FF70C520000-0x00007FF70C874000-memory.dmp

Filesize
3.3MB

Download
memory/4384-1967-0x00007FF70C520000-0x00007FF70C874000-memory.dmp

Filesize
3.3MB

Download
memory/4588-1970-0x00007FF656890000-0x00007FF656BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4588-137-0x00007FF656890000-0x00007FF656BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4600-66-0x00007FF6F4B10000-0x00007FF6F4E64000-memory.dmp

Filesize
3.3MB

Download
memory/4600-0-0x00007FF6F4B10000-0x00007FF6F4E64000-memory.dmp

Filesize
3.3MB

Download
memory/4600-1-0x00000140C7350000-0x00000140C7360000-memory.dmp

Filesize
64KB

Download
memory/4688-624-0x00007FF624F30000-0x00007FF625284000-memory.dmp

Filesize
3.3MB

Download
memory/4688-1968-0x00007FF624F30000-0x00007FF625284000-memory.dmp

Filesize
3.3MB

Download
memory/4744-1914-0x00007FF711C60000-0x00007FF711FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4744-28-0x00007FF711C60000-0x00007FF711FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4744-633-0x00007FF711C60000-0x00007FF711FB4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-1985-0x00007FF6998B0000-0x00007FF699C04000-memory.dmp

Filesize
3.3MB

Download
memory/4768-639-0x00007FF6998B0000-0x00007FF699C04000-memory.dmp

Filesize
3.3MB

Download
memory/4784-1861-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp

Filesize
3.3MB

Download
memory/4784-73-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp

Filesize
3.3MB

Download
memory/4784-7-0x00007FF6A0100000-0x00007FF6A0454000-memory.dmp

Filesize
3.3MB

Download
memory/4840-98-0x00007FF66CBC0000-0x00007FF66CF14000-memory.dmp

Filesize
3.3MB

Download
memory/4840-24-0x00007FF66CBC0000-0x00007FF66CF14000-memory.dmp

Filesize
3.3MB

Download
memory/4840-1910-0x00007FF66CBC0000-0x00007FF66CF14000-memory.dmp

Filesize
3.3MB

Download
memory/5016-1961-0x00007FF60A840000-0x00007FF60AB94000-memory.dmp

Filesize
3.3MB

Download
memory/5016-116-0x00007FF60A840000-0x00007FF60AB94000-memory.dmp

Filesize
3.3MB

Download
memory/5080-1986-0x00007FF63A960000-0x00007FF63ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-167-0x00007FF63A960000-0x00007FF63ACB4000-memory.dmp

Filesize
3.3MB

Download
memory/5080-1117-0x00007FF63A960000-0x00007FF63ACB4000-memory.dmp

Filesize
3.3MB

Download