cobaltstrike | 2651ea7aac68d569636e3913c780e0c5487ff3ee685ced503fac04337031460d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

18014d44ce3c7612fd35fe581f12e7b8
SHA1

cb9712e5d2364bf54e1fec394f2c56fa650187a4
SHA256

2651ea7aac68d569636e3913c780e0c5487ff3ee685ced503fac04337031460d
SHA512

20ed1f464173cd4e622d39d9d1891f7c3f5a57b209536b553effde18d32f796484d3273a7e7d9526dacb8dc9be4464d00f8131308456eab61848448324802d71
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0063000000011c27-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d15-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d1f-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d30-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d40-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016da6-31.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc1-34.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d54-26.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-143.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000016cf6-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-181.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2280-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0063000000011c27-3.dat	xmrig
behavioral1/files/0x0008000000016d15-8.dat	xmrig
behavioral1/files/0x0008000000016d1f-10.dat	xmrig
behavioral1/files/0x0008000000016d30-19.dat	xmrig
behavioral1/files/0x0007000000016d40-23.dat	xmrig
behavioral1/files/0x0007000000016da6-31.dat	xmrig
behavioral1/files/0x0009000000016dc1-34.dat	xmrig
behavioral1/files/0x00050000000194bd-42.dat	xmrig
behavioral1/files/0x0005000000019537-50.dat	xmrig
behavioral1/files/0x000500000001960d-67.dat	xmrig
behavioral1/files/0x0005000000019610-75.dat	xmrig
behavioral1/files/0x000500000001960e-70.dat	xmrig
behavioral1/files/0x0005000000019612-76.dat	xmrig
behavioral1/files/0x000500000001960c-63.dat	xmrig
behavioral1/files/0x000500000001960a-58.dat	xmrig
behavioral1/memory/2280-85-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2672-86-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2824-88-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2744-125-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2800-123-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/1728-121-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019614-126.dat	xmrig
behavioral1/memory/2280-120-0x00000000024F0000-0x0000000002844000-memory.dmp	xmrig
behavioral1/memory/2440-119-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/3044-117-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2560-107-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2280-106-0x00000000024F0000-0x0000000002844000-memory.dmp	xmrig
behavioral1/memory/2520-105-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2280-104-0x00000000024F0000-0x0000000002844000-memory.dmp	xmrig
behavioral1/memory/2624-103-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2828-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2280-91-0x00000000024F0000-0x0000000002844000-memory.dmp	xmrig
behavioral1/memory/2884-90-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2524-84-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2280-83-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2668-82-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195d9-54.dat	xmrig
behavioral1/files/0x00050000000194f3-46.dat	xmrig
behavioral1/files/0x0005000000019441-38.dat	xmrig
behavioral1/files/0x0007000000016d54-26.dat	xmrig
behavioral1/files/0x0005000000019616-137.dat	xmrig
behavioral1/files/0x000500000001962a-146.dat	xmrig
behavioral1/files/0x000500000001966c-151.dat	xmrig
behavioral1/files/0x0005000000019618-143.dat	xmrig
behavioral1/files/0x0032000000016cf6-133.dat	xmrig
behavioral1/files/0x00050000000196ac-157.dat	xmrig
behavioral1/files/0x00050000000196e8-161.dat	xmrig
behavioral1/files/0x000500000001997c-165.dat	xmrig
behavioral1/files/0x0005000000019c36-169.dat	xmrig
behavioral1/files/0x0005000000019c38-174.dat	xmrig
behavioral1/files/0x0005000000019c3a-177.dat	xmrig
behavioral1/memory/2280-542-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2884-650-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2520-659-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/3044-668-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2624-656-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2828-653-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2824-647-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2672-643-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2524-642-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2668-638-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c53-181.dat	xmrig
behavioral1/memory/2672-4028-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2744	jvtiCEm.exe
2668	enpWCtk.exe
2524	FljTUnK.exe
2672	GeawMDw.exe
2824	egxmQOh.exe
2884	ZEYbIay.exe
2828	UwyBqez.exe
2624	ekUSEoO.exe
2520	iQNYHgk.exe
2560	MiQVVHe.exe
3044	kNaHuPn.exe
2440	HlWGzcW.exe
1728	gdSYKts.exe
2800	pgMdlQL.exe
2376	urjlFnj.exe
2088	GCmyqQz.exe
2116	gNTRkHm.exe
552	damPdWF.exe
1564	ojtgcFx.exe
836	UFjeoau.exe
2308	tuzmLQL.exe
2208	xBejTaa.exe
2188	OjAcEIu.exe
3032	bnecWLA.exe
2240	HXQAfxJ.exe
3024	NEKlmgO.exe
2852	PlbPKPK.exe
2160	kPsonXF.exe
1356	AuteuGP.exe
1316	XwEKVNf.exe
2488	TjvIULE.exe
1784	HHJnxVN.exe
920	znBWiXB.exe
2004	QSHQpOw.exe
1472	CFhrntt.exe
1528	OcXabLj.exe
2320	IjdMFgE.exe
1792	MBInwCe.exe
2864	okbbzVQ.exe
2900	myzumkp.exe
1036	XiadcLy.exe
1956	LiIgQYD.exe
1720	dtKerOU.exe
2444	rloEboF.exe
268	pQEdAfI.exe
2952	YsLMeae.exe
1344	torTuxY.exe
1368	nmxSIit.exe
572	wYEYkFm.exe
2432	LwQrxOM.exe
756	nLwDhUt.exe
1476	UHKlVZj.exe
1948	YwLjxKN.exe
696	zEnGMRL.exe
2200	igXBykj.exe
1964	jpiWKSz.exe
2436	GcgeukG.exe
2484	ruJjcVp.exe
1544	vMfesyi.exe
3068	yOezhrC.exe
2756	xMXdyoW.exe
2920	aRZIXhm.exe
2820	oGgmBYZ.exe
2748	APQzMPq.exe

Loads dropped DLL 64 IoCs

pid	Process
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0063000000011c27-3.dat	upx
behavioral1/files/0x0008000000016d15-8.dat	upx
behavioral1/files/0x0008000000016d1f-10.dat	upx
behavioral1/files/0x0008000000016d30-19.dat	upx
behavioral1/files/0x0007000000016d40-23.dat	upx
behavioral1/files/0x0007000000016da6-31.dat	upx
behavioral1/files/0x0009000000016dc1-34.dat	upx
behavioral1/files/0x00050000000194bd-42.dat	upx
behavioral1/files/0x0005000000019537-50.dat	upx
behavioral1/files/0x000500000001960d-67.dat	upx
behavioral1/files/0x0005000000019610-75.dat	upx
behavioral1/files/0x000500000001960e-70.dat	upx
behavioral1/files/0x0005000000019612-76.dat	upx
behavioral1/files/0x000500000001960c-63.dat	upx
behavioral1/files/0x000500000001960a-58.dat	upx
behavioral1/memory/2672-86-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2824-88-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2744-125-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2800-123-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/1728-121-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0005000000019614-126.dat	upx
behavioral1/memory/2440-119-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/3044-117-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2560-107-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2520-105-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2624-103-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2828-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2884-90-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2524-84-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2668-82-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x00050000000195d9-54.dat	upx
behavioral1/files/0x00050000000194f3-46.dat	upx
behavioral1/files/0x0005000000019441-38.dat	upx
behavioral1/files/0x0007000000016d54-26.dat	upx
behavioral1/files/0x0005000000019616-137.dat	upx
behavioral1/files/0x000500000001962a-146.dat	upx
behavioral1/files/0x000500000001966c-151.dat	upx
behavioral1/files/0x0005000000019618-143.dat	upx
behavioral1/files/0x0032000000016cf6-133.dat	upx
behavioral1/files/0x00050000000196ac-157.dat	upx
behavioral1/files/0x00050000000196e8-161.dat	upx
behavioral1/files/0x000500000001997c-165.dat	upx
behavioral1/files/0x0005000000019c36-169.dat	upx
behavioral1/files/0x0005000000019c38-174.dat	upx
behavioral1/files/0x0005000000019c3a-177.dat	upx
behavioral1/memory/2280-542-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2884-650-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2520-659-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/3044-668-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2624-656-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2828-653-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2824-647-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2672-643-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2524-642-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2668-638-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0005000000019c53-181.dat	upx
behavioral1/memory/2672-4028-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2624-4032-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2828-4031-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2884-4030-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2800-4029-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/1728-4033-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2440-4034-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jvtiCEm.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxqyhEq.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfirurh.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVWxJro.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNLKUQX.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trNFkiq.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCTRDEu.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcXabLj.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqZGrxp.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzACWIL.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpAzzig.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZREHeq.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPjHZtc.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtjRHmP.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOyhrOB.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGgDpHZ.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFHyUBt.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmKipcn.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeeejLi.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfcjwGk.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGnMnzr.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwzmnZp.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruZtDjV.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLaZDry.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcJDAEA.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyceStN.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwyBqez.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWnbwVM.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQmnlMJ.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsPbWPU.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMdYBjV.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqBbdHK.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFsMbKM.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXRPwkO.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdJKuiw.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVSTGmy.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQCAsns.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRbFmpa.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fplEcyX.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpvvCcI.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndfXZha.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMYeTwP.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAHIwQF.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoRrLfL.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmAlxHv.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NljZnZk.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVhrpEa.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaSgVVe.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flirDSn.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOTActD.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONaHovr.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xxtwqzq.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gukuWYG.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqKPPTM.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgFoaWV.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJmKRIA.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgdvmeD.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxPYRop.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEUSDBj.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMhOxHu.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMAjFgE.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfYySGa.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSoCWUg.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egxmQOh.exe	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2744	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2280 wrote to memory of 2744	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2280 wrote to memory of 2744	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2280 wrote to memory of 2668	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 2668	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 2668	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 2524	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 2524	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 2524	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 2672	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 2672	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 2672	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 2824	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2824	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2824	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2884	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2884	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2884	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2828	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2828	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2828	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2624	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2624	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2624	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2520	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 2520	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 2520	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 2560	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 2560	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 2560	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 3044	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 3044	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 3044	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 2440	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 2440	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 2440	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 1728	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 1728	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 1728	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 2800	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 2800	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 2800	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 2376	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 2376	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 2376	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 2088	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 2088	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 2088	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 2116	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 2116	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 2116	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 552	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 552	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 552	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 1564	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 1564	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 1564	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 836	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 836	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 836	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 2308	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2308	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2308	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2208	2280	2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_18014d44ce3c7612fd35fe581f12e7b8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\System\jvtiCEm.exe
  C:\Windows\System\jvtiCEm.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\enpWCtk.exe
  C:\Windows\System\enpWCtk.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\FljTUnK.exe
  C:\Windows\System\FljTUnK.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\GeawMDw.exe
  C:\Windows\System\GeawMDw.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\egxmQOh.exe
  C:\Windows\System\egxmQOh.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ZEYbIay.exe
  C:\Windows\System\ZEYbIay.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\UwyBqez.exe
  C:\Windows\System\UwyBqez.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ekUSEoO.exe
  C:\Windows\System\ekUSEoO.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\iQNYHgk.exe
  C:\Windows\System\iQNYHgk.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\MiQVVHe.exe
  C:\Windows\System\MiQVVHe.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\kNaHuPn.exe
  C:\Windows\System\kNaHuPn.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\HlWGzcW.exe
  C:\Windows\System\HlWGzcW.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\gdSYKts.exe
  C:\Windows\System\gdSYKts.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\pgMdlQL.exe
  C:\Windows\System\pgMdlQL.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\urjlFnj.exe
  C:\Windows\System\urjlFnj.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\GCmyqQz.exe
  C:\Windows\System\GCmyqQz.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\gNTRkHm.exe
  C:\Windows\System\gNTRkHm.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\damPdWF.exe
  C:\Windows\System\damPdWF.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\ojtgcFx.exe
  C:\Windows\System\ojtgcFx.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\UFjeoau.exe
  C:\Windows\System\UFjeoau.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\tuzmLQL.exe
  C:\Windows\System\tuzmLQL.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\xBejTaa.exe
  C:\Windows\System\xBejTaa.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\OjAcEIu.exe
  C:\Windows\System\OjAcEIu.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\bnecWLA.exe
  C:\Windows\System\bnecWLA.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\HXQAfxJ.exe
  C:\Windows\System\HXQAfxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\NEKlmgO.exe
  C:\Windows\System\NEKlmgO.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\PlbPKPK.exe
  C:\Windows\System\PlbPKPK.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\kPsonXF.exe
  C:\Windows\System\kPsonXF.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\AuteuGP.exe
  C:\Windows\System\AuteuGP.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\XwEKVNf.exe
  C:\Windows\System\XwEKVNf.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\TjvIULE.exe
  C:\Windows\System\TjvIULE.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\HHJnxVN.exe
  C:\Windows\System\HHJnxVN.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\znBWiXB.exe
  C:\Windows\System\znBWiXB.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\QSHQpOw.exe
  C:\Windows\System\QSHQpOw.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\CFhrntt.exe
  C:\Windows\System\CFhrntt.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\OcXabLj.exe
  C:\Windows\System\OcXabLj.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\IjdMFgE.exe
  C:\Windows\System\IjdMFgE.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\MBInwCe.exe
  C:\Windows\System\MBInwCe.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\okbbzVQ.exe
  C:\Windows\System\okbbzVQ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\myzumkp.exe
  C:\Windows\System\myzumkp.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\XiadcLy.exe
  C:\Windows\System\XiadcLy.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\LiIgQYD.exe
  C:\Windows\System\LiIgQYD.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\dtKerOU.exe
  C:\Windows\System\dtKerOU.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\rloEboF.exe
  C:\Windows\System\rloEboF.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\pQEdAfI.exe
  C:\Windows\System\pQEdAfI.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\YsLMeae.exe
  C:\Windows\System\YsLMeae.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\torTuxY.exe
  C:\Windows\System\torTuxY.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\nmxSIit.exe
  C:\Windows\System\nmxSIit.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\wYEYkFm.exe
  C:\Windows\System\wYEYkFm.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\LwQrxOM.exe
  C:\Windows\System\LwQrxOM.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\nLwDhUt.exe
  C:\Windows\System\nLwDhUt.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\UHKlVZj.exe
  C:\Windows\System\UHKlVZj.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\YwLjxKN.exe
  C:\Windows\System\YwLjxKN.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\zEnGMRL.exe
  C:\Windows\System\zEnGMRL.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\igXBykj.exe
  C:\Windows\System\igXBykj.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\jpiWKSz.exe
  C:\Windows\System\jpiWKSz.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\GcgeukG.exe
  C:\Windows\System\GcgeukG.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\ruJjcVp.exe
  C:\Windows\System\ruJjcVp.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\vMfesyi.exe
  C:\Windows\System\vMfesyi.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\yOezhrC.exe
  C:\Windows\System\yOezhrC.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\xMXdyoW.exe
  C:\Windows\System\xMXdyoW.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\aRZIXhm.exe
  C:\Windows\System\aRZIXhm.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\oGgmBYZ.exe
  C:\Windows\System\oGgmBYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\APQzMPq.exe
  C:\Windows\System\APQzMPq.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\rdFePvr.exe
  C:\Windows\System\rdFePvr.exe
  2⤵
  PID:2516
- C:\Windows\System\MWnbwVM.exe
  C:\Windows\System\MWnbwVM.exe
  2⤵
  PID:2568
- C:\Windows\System\NnRVaSc.exe
  C:\Windows\System\NnRVaSc.exe
  2⤵
  PID:3004
- C:\Windows\System\uoAldJJ.exe
  C:\Windows\System\uoAldJJ.exe
  2⤵
  PID:2044
- C:\Windows\System\HTbGObe.exe
  C:\Windows\System\HTbGObe.exe
  2⤵
  PID:2064
- C:\Windows\System\ijXETQx.exe
  C:\Windows\System\ijXETQx.exe
  2⤵
  PID:372
- C:\Windows\System\WFXVmpd.exe
  C:\Windows\System\WFXVmpd.exe
  2⤵
  PID:2712
- C:\Windows\System\WZyxfpD.exe
  C:\Windows\System\WZyxfpD.exe
  2⤵
  PID:2080
- C:\Windows\System\krXxHOz.exe
  C:\Windows\System\krXxHOz.exe
  2⤵
  PID:540
- C:\Windows\System\BEDNcde.exe
  C:\Windows\System\BEDNcde.exe
  2⤵
  PID:592
- C:\Windows\System\jXwOgPB.exe
  C:\Windows\System\jXwOgPB.exe
  2⤵
  PID:2644
- C:\Windows\System\ZqZGrxp.exe
  C:\Windows\System\ZqZGrxp.exe
  2⤵
  PID:820
- C:\Windows\System\bZUbHxw.exe
  C:\Windows\System\bZUbHxw.exe
  2⤵
  PID:2840
- C:\Windows\System\jzACWIL.exe
  C:\Windows\System\jzACWIL.exe
  2⤵
  PID:2552
- C:\Windows\System\oswoCLA.exe
  C:\Windows\System\oswoCLA.exe
  2⤵
  PID:1196
- C:\Windows\System\barwzvy.exe
  C:\Windows\System\barwzvy.exe
  2⤵
  PID:1008
- C:\Windows\System\ptHyQCv.exe
  C:\Windows\System\ptHyQCv.exe
  2⤵
  PID:2228
- C:\Windows\System\mtrWkea.exe
  C:\Windows\System\mtrWkea.exe
  2⤵
  PID:2692
- C:\Windows\System\NnHyGiP.exe
  C:\Windows\System\NnHyGiP.exe
  2⤵
  PID:1524
- C:\Windows\System\WcbreVo.exe
  C:\Windows\System\WcbreVo.exe
  2⤵
  PID:1364
- C:\Windows\System\tavnRTl.exe
  C:\Windows\System\tavnRTl.exe
  2⤵
  PID:1420
- C:\Windows\System\KKypMAV.exe
  C:\Windows\System\KKypMAV.exe
  2⤵
  PID:2268
- C:\Windows\System\qLjHnjA.exe
  C:\Windows\System\qLjHnjA.exe
  2⤵
  PID:2632
- C:\Windows\System\OEgNeci.exe
  C:\Windows\System\OEgNeci.exe
  2⤵
  PID:2472
- C:\Windows\System\LmzwbXM.exe
  C:\Windows\System\LmzwbXM.exe
  2⤵
  PID:1308
- C:\Windows\System\SZlVHvg.exe
  C:\Windows\System\SZlVHvg.exe
  2⤵
  PID:2428
- C:\Windows\System\yWCevbr.exe
  C:\Windows\System\yWCevbr.exe
  2⤵
  PID:1752
- C:\Windows\System\fLJPrNP.exe
  C:\Windows\System\fLJPrNP.exe
  2⤵
  PID:1968
- C:\Windows\System\uyyoUqJ.exe
  C:\Windows\System\uyyoUqJ.exe
  2⤵
  PID:1580
- C:\Windows\System\rDSqetL.exe
  C:\Windows\System\rDSqetL.exe
  2⤵
  PID:1920
- C:\Windows\System\VChhgeg.exe
  C:\Windows\System\VChhgeg.exe
  2⤵
  PID:2928
- C:\Windows\System\mpAzzig.exe
  C:\Windows\System\mpAzzig.exe
  2⤵
  PID:1804
- C:\Windows\System\GkUbraU.exe
  C:\Windows\System\GkUbraU.exe
  2⤵
  PID:2564
- C:\Windows\System\GFpbEiY.exe
  C:\Windows\System\GFpbEiY.exe
  2⤵
  PID:2304
- C:\Windows\System\qDvvaaI.exe
  C:\Windows\System\qDvvaaI.exe
  2⤵
  PID:2640
- C:\Windows\System\xpoMQdN.exe
  C:\Windows\System\xpoMQdN.exe
  2⤵
  PID:2000
- C:\Windows\System\bLGwukN.exe
  C:\Windows\System\bLGwukN.exe
  2⤵
  PID:2796
- C:\Windows\System\szqpXpK.exe
  C:\Windows\System\szqpXpK.exe
  2⤵
  PID:532
- C:\Windows\System\DqZDBGQ.exe
  C:\Windows\System\DqZDBGQ.exe
  2⤵
  PID:1016
- C:\Windows\System\GgdvmeD.exe
  C:\Windows\System\GgdvmeD.exe
  2⤵
  PID:1700
- C:\Windows\System\afZWSvH.exe
  C:\Windows\System\afZWSvH.exe
  2⤵
  PID:1236
- C:\Windows\System\GBRVJyC.exe
  C:\Windows\System\GBRVJyC.exe
  2⤵
  PID:772
- C:\Windows\System\WJXOtJi.exe
  C:\Windows\System\WJXOtJi.exe
  2⤵
  PID:1836
- C:\Windows\System\NXRPwkO.exe
  C:\Windows\System\NXRPwkO.exe
  2⤵
  PID:2204
- C:\Windows\System\cxjLGwS.exe
  C:\Windows\System\cxjLGwS.exe
  2⤵
  PID:2216
- C:\Windows\System\LxlphwY.exe
  C:\Windows\System\LxlphwY.exe
  2⤵
  PID:2636
- C:\Windows\System\RsfwjQJ.exe
  C:\Windows\System\RsfwjQJ.exe
  2⤵
  PID:1312
- C:\Windows\System\KAEUAvQ.exe
  C:\Windows\System\KAEUAvQ.exe
  2⤵
  PID:2264
- C:\Windows\System\YPwHAbM.exe
  C:\Windows\System\YPwHAbM.exe
  2⤵
  PID:2096
- C:\Windows\System\JGakSSH.exe
  C:\Windows\System\JGakSSH.exe
  2⤵
  PID:1084
- C:\Windows\System\QSPUQZc.exe
  C:\Windows\System\QSPUQZc.exe
  2⤵
  PID:2464
- C:\Windows\System\lAWbjIS.exe
  C:\Windows\System\lAWbjIS.exe
  2⤵
  PID:1136
- C:\Windows\System\NCWwnsz.exe
  C:\Windows\System\NCWwnsz.exe
  2⤵
  PID:2708
- C:\Windows\System\TwbaRHz.exe
  C:\Windows\System\TwbaRHz.exe
  2⤵
  PID:1584
- C:\Windows\System\qFHfwKL.exe
  C:\Windows\System\qFHfwKL.exe
  2⤵
  PID:3040
- C:\Windows\System\mdoBrHr.exe
  C:\Windows\System\mdoBrHr.exe
  2⤵
  PID:2220
- C:\Windows\System\yUJetXs.exe
  C:\Windows\System\yUJetXs.exe
  2⤵
  PID:1028
- C:\Windows\System\GNrbcrY.exe
  C:\Windows\System\GNrbcrY.exe
  2⤵
  PID:2504
- C:\Windows\System\EEEAgUS.exe
  C:\Windows\System\EEEAgUS.exe
  2⤵
  PID:568
- C:\Windows\System\SQhVDKH.exe
  C:\Windows\System\SQhVDKH.exe
  2⤵
  PID:824
- C:\Windows\System\HjhyVES.exe
  C:\Windows\System\HjhyVES.exe
  2⤵
  PID:2696
- C:\Windows\System\qZJrFuR.exe
  C:\Windows\System\qZJrFuR.exe
  2⤵
  PID:2548
- C:\Windows\System\uwxZlma.exe
  C:\Windows\System\uwxZlma.exe
  2⤵
  PID:1480
- C:\Windows\System\RzWDpfW.exe
  C:\Windows\System\RzWDpfW.exe
  2⤵
  PID:324
- C:\Windows\System\xYAkkbe.exe
  C:\Windows\System\xYAkkbe.exe
  2⤵
  PID:1148
- C:\Windows\System\StJcUKu.exe
  C:\Windows\System\StJcUKu.exe
  2⤵
  PID:1760
- C:\Windows\System\NdATrbh.exe
  C:\Windows\System\NdATrbh.exe
  2⤵
  PID:2752
- C:\Windows\System\UnUIifn.exe
  C:\Windows\System\UnUIifn.exe
  2⤵
  PID:2196
- C:\Windows\System\RgHWuiD.exe
  C:\Windows\System\RgHWuiD.exe
  2⤵
  PID:2896
- C:\Windows\System\xAZnJXp.exe
  C:\Windows\System\xAZnJXp.exe
  2⤵
  PID:1428
- C:\Windows\System\mgHYFMw.exe
  C:\Windows\System\mgHYFMw.exe
  2⤵
  PID:1756
- C:\Windows\System\CHFQwXT.exe
  C:\Windows\System\CHFQwXT.exe
  2⤵
  PID:744
- C:\Windows\System\VEAJgHX.exe
  C:\Windows\System\VEAJgHX.exe
  2⤵
  PID:2232
- C:\Windows\System\rFHyUBt.exe
  C:\Windows\System\rFHyUBt.exe
  2⤵
  PID:1644
- C:\Windows\System\iccmBgy.exe
  C:\Windows\System\iccmBgy.exe
  2⤵
  PID:2628
- C:\Windows\System\sZnAPnU.exe
  C:\Windows\System\sZnAPnU.exe
  2⤵
  PID:2480
- C:\Windows\System\PCUsVuE.exe
  C:\Windows\System\PCUsVuE.exe
  2⤵
  PID:1600
- C:\Windows\System\vBndzvg.exe
  C:\Windows\System\vBndzvg.exe
  2⤵
  PID:2344
- C:\Windows\System\MjYvPKT.exe
  C:\Windows\System\MjYvPKT.exe
  2⤵
  PID:2372
- C:\Windows\System\oNVDSTn.exe
  C:\Windows\System\oNVDSTn.exe
  2⤵
  PID:876
- C:\Windows\System\sbTCMQt.exe
  C:\Windows\System\sbTCMQt.exe
  2⤵
  PID:1532
- C:\Windows\System\PKthSre.exe
  C:\Windows\System\PKthSre.exe
  2⤵
  PID:1092
- C:\Windows\System\iezByds.exe
  C:\Windows\System\iezByds.exe
  2⤵
  PID:2576
- C:\Windows\System\SETOAjA.exe
  C:\Windows\System\SETOAjA.exe
  2⤵
  PID:1972
- C:\Windows\System\BNtkWde.exe
  C:\Windows\System\BNtkWde.exe
  2⤵
  PID:2964
- C:\Windows\System\uFRhyJl.exe
  C:\Windows\System\uFRhyJl.exe
  2⤵
  PID:3084
- C:\Windows\System\TGAtrvP.exe
  C:\Windows\System\TGAtrvP.exe
  2⤵
  PID:3100
- C:\Windows\System\NQOvBWs.exe
  C:\Windows\System\NQOvBWs.exe
  2⤵
  PID:3116
- C:\Windows\System\RzyXcQZ.exe
  C:\Windows\System\RzyXcQZ.exe
  2⤵
  PID:3132
- C:\Windows\System\cyOZKQG.exe
  C:\Windows\System\cyOZKQG.exe
  2⤵
  PID:3148
- C:\Windows\System\REKlWRT.exe
  C:\Windows\System\REKlWRT.exe
  2⤵
  PID:3212
- C:\Windows\System\wCtQbmr.exe
  C:\Windows\System\wCtQbmr.exe
  2⤵
  PID:3244
- C:\Windows\System\hNFnFTO.exe
  C:\Windows\System\hNFnFTO.exe
  2⤵
  PID:3264
- C:\Windows\System\QMHYOAU.exe
  C:\Windows\System\QMHYOAU.exe
  2⤵
  PID:3280
- C:\Windows\System\Gwuhooe.exe
  C:\Windows\System\Gwuhooe.exe
  2⤵
  PID:3296
- C:\Windows\System\dKofqlz.exe
  C:\Windows\System\dKofqlz.exe
  2⤵
  PID:3312
- C:\Windows\System\giTngFX.exe
  C:\Windows\System\giTngFX.exe
  2⤵
  PID:3332
- C:\Windows\System\YMACRNg.exe
  C:\Windows\System\YMACRNg.exe
  2⤵
  PID:3364
- C:\Windows\System\DpWUMcn.exe
  C:\Windows\System\DpWUMcn.exe
  2⤵
  PID:3380
- C:\Windows\System\aHkxSbM.exe
  C:\Windows\System\aHkxSbM.exe
  2⤵
  PID:3400
- C:\Windows\System\TuUkpJE.exe
  C:\Windows\System\TuUkpJE.exe
  2⤵
  PID:3424
- C:\Windows\System\ymcJlXn.exe
  C:\Windows\System\ymcJlXn.exe
  2⤵
  PID:3440
- C:\Windows\System\gKrVPPh.exe
  C:\Windows\System\gKrVPPh.exe
  2⤵
  PID:3456
- C:\Windows\System\SVNJApt.exe
  C:\Windows\System\SVNJApt.exe
  2⤵
  PID:3476
- C:\Windows\System\wprGFaG.exe
  C:\Windows\System\wprGFaG.exe
  2⤵
  PID:3496
- C:\Windows\System\qogSxpZ.exe
  C:\Windows\System\qogSxpZ.exe
  2⤵
  PID:3524
- C:\Windows\System\XYlaMNf.exe
  C:\Windows\System\XYlaMNf.exe
  2⤵
  PID:3540
- C:\Windows\System\WnJNTTP.exe
  C:\Windows\System\WnJNTTP.exe
  2⤵
  PID:3556
- C:\Windows\System\nxbCqDT.exe
  C:\Windows\System\nxbCqDT.exe
  2⤵
  PID:3576
- C:\Windows\System\sraojWT.exe
  C:\Windows\System\sraojWT.exe
  2⤵
  PID:3592
- C:\Windows\System\sxnccMA.exe
  C:\Windows\System\sxnccMA.exe
  2⤵
  PID:3612
- C:\Windows\System\dNtfOfd.exe
  C:\Windows\System\dNtfOfd.exe
  2⤵
  PID:3628
- C:\Windows\System\OfLwQRG.exe
  C:\Windows\System\OfLwQRG.exe
  2⤵
  PID:3644
- C:\Windows\System\yXkJAYJ.exe
  C:\Windows\System\yXkJAYJ.exe
  2⤵
  PID:3672
- C:\Windows\System\xtMFBdO.exe
  C:\Windows\System\xtMFBdO.exe
  2⤵
  PID:3696
- C:\Windows\System\RrhXayS.exe
  C:\Windows\System\RrhXayS.exe
  2⤵
  PID:3720
- C:\Windows\System\jMbKuYY.exe
  C:\Windows\System\jMbKuYY.exe
  2⤵
  PID:3736
- C:\Windows\System\mGxEWMX.exe
  C:\Windows\System\mGxEWMX.exe
  2⤵
  PID:3756
- C:\Windows\System\lceIqLx.exe
  C:\Windows\System\lceIqLx.exe
  2⤵
  PID:3776
- C:\Windows\System\BtPhLCm.exe
  C:\Windows\System\BtPhLCm.exe
  2⤵
  PID:3836
- C:\Windows\System\iFBkDur.exe
  C:\Windows\System\iFBkDur.exe
  2⤵
  PID:3864
- C:\Windows\System\uAibyyp.exe
  C:\Windows\System\uAibyyp.exe
  2⤵
  PID:3880
- C:\Windows\System\dXOkqld.exe
  C:\Windows\System\dXOkqld.exe
  2⤵
  PID:3900
- C:\Windows\System\EfiFtlZ.exe
  C:\Windows\System\EfiFtlZ.exe
  2⤵
  PID:3916
- C:\Windows\System\aWUzXCx.exe
  C:\Windows\System\aWUzXCx.exe
  2⤵
  PID:3932
- C:\Windows\System\RTnpkXU.exe
  C:\Windows\System\RTnpkXU.exe
  2⤵
  PID:3948
- C:\Windows\System\xAePFIc.exe
  C:\Windows\System\xAePFIc.exe
  2⤵
  PID:3976
- C:\Windows\System\OtpPPlE.exe
  C:\Windows\System\OtpPPlE.exe
  2⤵
  PID:3992
- C:\Windows\System\ihhNltm.exe
  C:\Windows\System\ihhNltm.exe
  2⤵
  PID:4008
- C:\Windows\System\YsJCGeo.exe
  C:\Windows\System\YsJCGeo.exe
  2⤵
  PID:4024
- C:\Windows\System\WzvPNmd.exe
  C:\Windows\System\WzvPNmd.exe
  2⤵
  PID:4044
- C:\Windows\System\oMYeTwP.exe
  C:\Windows\System\oMYeTwP.exe
  2⤵
  PID:4060
- C:\Windows\System\nGHbECC.exe
  C:\Windows\System\nGHbECC.exe
  2⤵
  PID:4084
- C:\Windows\System\veXpvBv.exe
  C:\Windows\System\veXpvBv.exe
  2⤵
  PID:2528
- C:\Windows\System\gVWxJro.exe
  C:\Windows\System\gVWxJro.exe
  2⤵
  PID:1824
- C:\Windows\System\KYyEfoR.exe
  C:\Windows\System\KYyEfoR.exe
  2⤵
  PID:2052
- C:\Windows\System\jXkEEIx.exe
  C:\Windows\System\jXkEEIx.exe
  2⤵
  PID:480
- C:\Windows\System\IqAUPbD.exe
  C:\Windows\System\IqAUPbD.exe
  2⤵
  PID:3180
- C:\Windows\System\lKIHDHz.exe
  C:\Windows\System\lKIHDHz.exe
  2⤵
  PID:3200
- C:\Windows\System\GOdpbQI.exe
  C:\Windows\System\GOdpbQI.exe
  2⤵
  PID:3076
- C:\Windows\System\OmERLyu.exe
  C:\Windows\System\OmERLyu.exe
  2⤵
  PID:3144
- C:\Windows\System\FIOwnXK.exe
  C:\Windows\System\FIOwnXK.exe
  2⤵
  PID:3236
- C:\Windows\System\KTvUMlC.exe
  C:\Windows\System\KTvUMlC.exe
  2⤵
  PID:3256
- C:\Windows\System\dvQKzKI.exe
  C:\Windows\System\dvQKzKI.exe
  2⤵
  PID:3320
- C:\Windows\System\ZqJlIiA.exe
  C:\Windows\System\ZqJlIiA.exe
  2⤵
  PID:3340
- C:\Windows\System\YkklRtK.exe
  C:\Windows\System\YkklRtK.exe
  2⤵
  PID:3360
- C:\Windows\System\oEokwdv.exe
  C:\Windows\System\oEokwdv.exe
  2⤵
  PID:3396
- C:\Windows\System\JFhEnNd.exe
  C:\Windows\System\JFhEnNd.exe
  2⤵
  PID:3416
- C:\Windows\System\EtgmgnL.exe
  C:\Windows\System\EtgmgnL.exe
  2⤵
  PID:3464
- C:\Windows\System\vWjZDWa.exe
  C:\Windows\System\vWjZDWa.exe
  2⤵
  PID:3492
- C:\Windows\System\PmRFflX.exe
  C:\Windows\System\PmRFflX.exe
  2⤵
  PID:3512
- C:\Windows\System\oISNRpB.exe
  C:\Windows\System\oISNRpB.exe
  2⤵
  PID:3572
- C:\Windows\System\JdLoYNn.exe
  C:\Windows\System\JdLoYNn.exe
  2⤵
  PID:3640
- C:\Windows\System\pDHqDSv.exe
  C:\Windows\System\pDHqDSv.exe
  2⤵
  PID:3684
- C:\Windows\System\odvBDMS.exe
  C:\Windows\System\odvBDMS.exe
  2⤵
  PID:3664
- C:\Windows\System\PyEoHrP.exe
  C:\Windows\System\PyEoHrP.exe
  2⤵
  PID:3704
- C:\Windows\System\XIUaDqa.exe
  C:\Windows\System\XIUaDqa.exe
  2⤵
  PID:3752
- C:\Windows\System\MCPxPLe.exe
  C:\Windows\System\MCPxPLe.exe
  2⤵
  PID:3712
- C:\Windows\System\gaWYIag.exe
  C:\Windows\System\gaWYIag.exe
  2⤵
  PID:3728
- C:\Windows\System\AWujwmA.exe
  C:\Windows\System\AWujwmA.exe
  2⤵
  PID:3852
- C:\Windows\System\XaoVdks.exe
  C:\Windows\System\XaoVdks.exe
  2⤵
  PID:3928
- C:\Windows\System\bypycdg.exe
  C:\Windows\System\bypycdg.exe
  2⤵
  PID:4000
- C:\Windows\System\baTeXzM.exe
  C:\Windows\System\baTeXzM.exe
  2⤵
  PID:4036
- C:\Windows\System\hHgkvAw.exe
  C:\Windows\System\hHgkvAw.exe
  2⤵
  PID:4080
- C:\Windows\System\rSvJuYY.exe
  C:\Windows\System\rSvJuYY.exe
  2⤵
  PID:2780
- C:\Windows\System\afNAAJF.exe
  C:\Windows\System\afNAAJF.exe
  2⤵
  PID:3124
- C:\Windows\System\jnTmdgU.exe
  C:\Windows\System\jnTmdgU.exe
  2⤵
  PID:3876
- C:\Windows\System\miebAWZ.exe
  C:\Windows\System\miebAWZ.exe
  2⤵
  PID:3988
- C:\Windows\System\LURMzJy.exe
  C:\Windows\System\LURMzJy.exe
  2⤵
  PID:2556
- C:\Windows\System\FSYEyFv.exe
  C:\Windows\System\FSYEyFv.exe
  2⤵
  PID:3156
- C:\Windows\System\sodjKau.exe
  C:\Windows\System\sodjKau.exe
  2⤵
  PID:3108
- C:\Windows\System\YxYFBCC.exe
  C:\Windows\System\YxYFBCC.exe
  2⤵
  PID:3140
- C:\Windows\System\zRMNYPz.exe
  C:\Windows\System\zRMNYPz.exe
  2⤵
  PID:3260
- C:\Windows\System\nzyhGfQ.exe
  C:\Windows\System\nzyhGfQ.exe
  2⤵
  PID:3288
- C:\Windows\System\BNGzpjU.exe
  C:\Windows\System\BNGzpjU.exe
  2⤵
  PID:2248
- C:\Windows\System\YBvfugi.exe
  C:\Windows\System\YBvfugi.exe
  2⤵
  PID:3388
- C:\Windows\System\ellUYyG.exe
  C:\Windows\System\ellUYyG.exe
  2⤵
  PID:3432
- C:\Windows\System\vEcopjm.exe
  C:\Windows\System\vEcopjm.exe
  2⤵
  PID:3520
- C:\Windows\System\rrdrwWn.exe
  C:\Windows\System\rrdrwWn.exe
  2⤵
  PID:3608
- C:\Windows\System\TTbmcws.exe
  C:\Windows\System\TTbmcws.exe
  2⤵
  PID:3604
- C:\Windows\System\tNscAGn.exe
  C:\Windows\System\tNscAGn.exe
  2⤵
  PID:3660
- C:\Windows\System\qxrEcRA.exe
  C:\Windows\System\qxrEcRA.exe
  2⤵
  PID:3552
- C:\Windows\System\xRVHEHw.exe
  C:\Windows\System\xRVHEHw.exe
  2⤵
  PID:3824
- C:\Windows\System\tBTWcbo.exe
  C:\Windows\System\tBTWcbo.exe
  2⤵
  PID:3764
- C:\Windows\System\zJcQmBz.exe
  C:\Windows\System\zJcQmBz.exe
  2⤵
  PID:3844
- C:\Windows\System\eLaZDry.exe
  C:\Windows\System\eLaZDry.exe
  2⤵
  PID:4032
- C:\Windows\System\KiyIaXw.exe
  C:\Windows\System\KiyIaXw.exe
  2⤵
  PID:2980
- C:\Windows\System\gAHIwQF.exe
  C:\Windows\System\gAHIwQF.exe
  2⤵
  PID:896
- C:\Windows\System\gJlICCv.exe
  C:\Windows\System\gJlICCv.exe
  2⤵
  PID:3912
- C:\Windows\System\xuNRrgp.exe
  C:\Windows\System\xuNRrgp.exe
  2⤵
  PID:4056
- C:\Windows\System\XSJXVGH.exe
  C:\Windows\System\XSJXVGH.exe
  2⤵
  PID:3192
- C:\Windows\System\XkBcUot.exe
  C:\Windows\System\XkBcUot.exe
  2⤵
  PID:3276
- C:\Windows\System\IMypDEU.exe
  C:\Windows\System\IMypDEU.exe
  2⤵
  PID:3324
- C:\Windows\System\zWeEmfg.exe
  C:\Windows\System\zWeEmfg.exe
  2⤵
  PID:1668
- C:\Windows\System\uUUfaTQ.exe
  C:\Windows\System\uUUfaTQ.exe
  2⤵
  PID:3352
- C:\Windows\System\qPjHZtc.exe
  C:\Windows\System\qPjHZtc.exe
  2⤵
  PID:3516
- C:\Windows\System\IatYoEx.exe
  C:\Windows\System\IatYoEx.exe
  2⤵
  PID:3504
- C:\Windows\System\OZHBCuy.exe
  C:\Windows\System\OZHBCuy.exe
  2⤵
  PID:3972
- C:\Windows\System\EDgmNKN.exe
  C:\Windows\System\EDgmNKN.exe
  2⤵
  PID:2176
- C:\Windows\System\SEHhcBf.exe
  C:\Windows\System\SEHhcBf.exe
  2⤵
  PID:3692
- C:\Windows\System\EAfdhRP.exe
  C:\Windows\System\EAfdhRP.exe
  2⤵
  PID:3096
- C:\Windows\System\CaraUTg.exe
  C:\Windows\System\CaraUTg.exe
  2⤵
  PID:3164
- C:\Windows\System\cLmMEHK.exe
  C:\Windows\System\cLmMEHK.exe
  2⤵
  PID:3176
- C:\Windows\System\VoVpXse.exe
  C:\Windows\System\VoVpXse.exe
  2⤵
  PID:2348
- C:\Windows\System\muSvijg.exe
  C:\Windows\System\muSvijg.exe
  2⤵
  PID:1292
- C:\Windows\System\FUDxkNB.exe
  C:\Windows\System\FUDxkNB.exe
  2⤵
  PID:3436
- C:\Windows\System\yuSQSoa.exe
  C:\Windows\System\yuSQSoa.exe
  2⤵
  PID:3652
- C:\Windows\System\emZaGVU.exe
  C:\Windows\System\emZaGVU.exe
  2⤵
  PID:3800
- C:\Windows\System\QvPeFjl.exe
  C:\Windows\System\QvPeFjl.exe
  2⤵
  PID:4072
- C:\Windows\System\GNMWLmM.exe
  C:\Windows\System\GNMWLmM.exe
  2⤵
  PID:3172
- C:\Windows\System\NOjoAvm.exe
  C:\Windows\System\NOjoAvm.exe
  2⤵
  PID:3772
- C:\Windows\System\GxHAFLn.exe
  C:\Windows\System\GxHAFLn.exe
  2⤵
  PID:3872
- C:\Windows\System\kIYJNwS.exe
  C:\Windows\System\kIYJNwS.exe
  2⤵
  PID:3588
- C:\Windows\System\fMsbZXz.exe
  C:\Windows\System\fMsbZXz.exe
  2⤵
  PID:3420
- C:\Windows\System\MzVknYg.exe
  C:\Windows\System\MzVknYg.exe
  2⤵
  PID:3240
- C:\Windows\System\bgPAUKk.exe
  C:\Windows\System\bgPAUKk.exe
  2⤵
  PID:3584
- C:\Windows\System\vdsYNye.exe
  C:\Windows\System\vdsYNye.exe
  2⤵
  PID:3452
- C:\Windows\System\vveLKSv.exe
  C:\Windows\System\vveLKSv.exe
  2⤵
  PID:3908
- C:\Windows\System\XmpNfNQ.exe
  C:\Windows\System\XmpNfNQ.exe
  2⤵
  PID:4116
- C:\Windows\System\hgfWvIZ.exe
  C:\Windows\System\hgfWvIZ.exe
  2⤵
  PID:4132
- C:\Windows\System\qSxakCS.exe
  C:\Windows\System\qSxakCS.exe
  2⤵
  PID:4160
- C:\Windows\System\eGqdgSK.exe
  C:\Windows\System\eGqdgSK.exe
  2⤵
  PID:4176
- C:\Windows\System\ZXZmIsM.exe
  C:\Windows\System\ZXZmIsM.exe
  2⤵
  PID:4192
- C:\Windows\System\vmxlDsR.exe
  C:\Windows\System\vmxlDsR.exe
  2⤵
  PID:4212
- C:\Windows\System\dfYySGa.exe
  C:\Windows\System\dfYySGa.exe
  2⤵
  PID:4232
- C:\Windows\System\JkmbJDm.exe
  C:\Windows\System\JkmbJDm.exe
  2⤵
  PID:4256
- C:\Windows\System\vPwgBhR.exe
  C:\Windows\System\vPwgBhR.exe
  2⤵
  PID:4276
- C:\Windows\System\SlSaxYx.exe
  C:\Windows\System\SlSaxYx.exe
  2⤵
  PID:4296
- C:\Windows\System\PggnZdi.exe
  C:\Windows\System\PggnZdi.exe
  2⤵
  PID:4312
- C:\Windows\System\VdJKuiw.exe
  C:\Windows\System\VdJKuiw.exe
  2⤵
  PID:4336
- C:\Windows\System\UqfdzoP.exe
  C:\Windows\System\UqfdzoP.exe
  2⤵
  PID:4360
- C:\Windows\System\CzsSeRA.exe
  C:\Windows\System\CzsSeRA.exe
  2⤵
  PID:4376
- C:\Windows\System\NOJICnH.exe
  C:\Windows\System\NOJICnH.exe
  2⤵
  PID:4392
- C:\Windows\System\JRNjGzU.exe
  C:\Windows\System\JRNjGzU.exe
  2⤵
  PID:4408
- C:\Windows\System\JOlRWtp.exe
  C:\Windows\System\JOlRWtp.exe
  2⤵
  PID:4424
- C:\Windows\System\JEmgTYv.exe
  C:\Windows\System\JEmgTYv.exe
  2⤵
  PID:4448
- C:\Windows\System\PECmANC.exe
  C:\Windows\System\PECmANC.exe
  2⤵
  PID:4468
- C:\Windows\System\UMRZVLF.exe
  C:\Windows\System\UMRZVLF.exe
  2⤵
  PID:4484
- C:\Windows\System\JejgiRx.exe
  C:\Windows\System\JejgiRx.exe
  2⤵
  PID:4500
- C:\Windows\System\bpGzwuR.exe
  C:\Windows\System\bpGzwuR.exe
  2⤵
  PID:4516
- C:\Windows\System\cRLDNrH.exe
  C:\Windows\System\cRLDNrH.exe
  2⤵
  PID:4536
- C:\Windows\System\FllTsUe.exe
  C:\Windows\System\FllTsUe.exe
  2⤵
  PID:4552
- C:\Windows\System\cdUtKJE.exe
  C:\Windows\System\cdUtKJE.exe
  2⤵
  PID:4592
- C:\Windows\System\OpQEvWi.exe
  C:\Windows\System\OpQEvWi.exe
  2⤵
  PID:4608
- C:\Windows\System\DhDfDBe.exe
  C:\Windows\System\DhDfDBe.exe
  2⤵
  PID:4640
- C:\Windows\System\RmckSxL.exe
  C:\Windows\System\RmckSxL.exe
  2⤵
  PID:4656
- C:\Windows\System\AMKOqjE.exe
  C:\Windows\System\AMKOqjE.exe
  2⤵
  PID:4680
- C:\Windows\System\wktvERp.exe
  C:\Windows\System\wktvERp.exe
  2⤵
  PID:4696
- C:\Windows\System\mxPYRop.exe
  C:\Windows\System\mxPYRop.exe
  2⤵
  PID:4712
- C:\Windows\System\FFPGhCF.exe
  C:\Windows\System\FFPGhCF.exe
  2⤵
  PID:4740
- C:\Windows\System\XNPxcSW.exe
  C:\Windows\System\XNPxcSW.exe
  2⤵
  PID:4756
- C:\Windows\System\auLaiGR.exe
  C:\Windows\System\auLaiGR.exe
  2⤵
  PID:4772
- C:\Windows\System\Pgezcvc.exe
  C:\Windows\System\Pgezcvc.exe
  2⤵
  PID:4788
- C:\Windows\System\QbasKRz.exe
  C:\Windows\System\QbasKRz.exe
  2⤵
  PID:4804
- C:\Windows\System\PxERhzD.exe
  C:\Windows\System\PxERhzD.exe
  2⤵
  PID:4824
- C:\Windows\System\gueCjVx.exe
  C:\Windows\System\gueCjVx.exe
  2⤵
  PID:4848
- C:\Windows\System\FseAYOy.exe
  C:\Windows\System\FseAYOy.exe
  2⤵
  PID:4864
- C:\Windows\System\tgUncNo.exe
  C:\Windows\System\tgUncNo.exe
  2⤵
  PID:4880
- C:\Windows\System\PhmzdVX.exe
  C:\Windows\System\PhmzdVX.exe
  2⤵
  PID:4896
- C:\Windows\System\akRejip.exe
  C:\Windows\System\akRejip.exe
  2⤵
  PID:4912
- C:\Windows\System\SPMWWEe.exe
  C:\Windows\System\SPMWWEe.exe
  2⤵
  PID:4928
- C:\Windows\System\TzvcZUV.exe
  C:\Windows\System\TzvcZUV.exe
  2⤵
  PID:4944
- C:\Windows\System\CCBkRoT.exe
  C:\Windows\System\CCBkRoT.exe
  2⤵
  PID:4960
- C:\Windows\System\yhaDzJk.exe
  C:\Windows\System\yhaDzJk.exe
  2⤵
  PID:4976
- C:\Windows\System\LKhJSBD.exe
  C:\Windows\System\LKhJSBD.exe
  2⤵
  PID:5036
- C:\Windows\System\EiqtmEN.exe
  C:\Windows\System\EiqtmEN.exe
  2⤵
  PID:5060
- C:\Windows\System\knBCPJg.exe
  C:\Windows\System\knBCPJg.exe
  2⤵
  PID:5084
- C:\Windows\System\PARfwBF.exe
  C:\Windows\System\PARfwBF.exe
  2⤵
  PID:5100
- C:\Windows\System\upwNnBV.exe
  C:\Windows\System\upwNnBV.exe
  2⤵
  PID:5116
- C:\Windows\System\IDAEpwR.exe
  C:\Windows\System\IDAEpwR.exe
  2⤵
  PID:3188
- C:\Windows\System\VNziDms.exe
  C:\Windows\System\VNziDms.exe
  2⤵
  PID:2960
- C:\Windows\System\LwOfczw.exe
  C:\Windows\System\LwOfczw.exe
  2⤵
  PID:3228
- C:\Windows\System\tKUWVsC.exe
  C:\Windows\System\tKUWVsC.exe
  2⤵
  PID:2860
- C:\Windows\System\UmGLfoK.exe
  C:\Windows\System\UmGLfoK.exe
  2⤵
  PID:3224
- C:\Windows\System\jgqVyDU.exe
  C:\Windows\System\jgqVyDU.exe
  2⤵
  PID:4148
- C:\Windows\System\ZWsjgNG.exe
  C:\Windows\System\ZWsjgNG.exe
  2⤵
  PID:4168
- C:\Windows\System\gWJEguw.exe
  C:\Windows\System\gWJEguw.exe
  2⤵
  PID:4200
- C:\Windows\System\hoRrLfL.exe
  C:\Windows\System\hoRrLfL.exe
  2⤵
  PID:4272
- C:\Windows\System\QGIdjCz.exe
  C:\Windows\System\QGIdjCz.exe
  2⤵
  PID:4332
- C:\Windows\System\jHdkRpD.exe
  C:\Windows\System\jHdkRpD.exe
  2⤵
  PID:4352
- C:\Windows\System\vGMrdKi.exe
  C:\Windows\System\vGMrdKi.exe
  2⤵
  PID:4388
- C:\Windows\System\pXKdbbf.exe
  C:\Windows\System\pXKdbbf.exe
  2⤵
  PID:4464
- C:\Windows\System\yTkmont.exe
  C:\Windows\System\yTkmont.exe
  2⤵
  PID:4496
- C:\Windows\System\EbMjscA.exe
  C:\Windows\System\EbMjscA.exe
  2⤵
  PID:4568
- C:\Windows\System\htXSvsc.exe
  C:\Windows\System\htXSvsc.exe
  2⤵
  PID:4444
- C:\Windows\System\OEtvFpW.exe
  C:\Windows\System\OEtvFpW.exe
  2⤵
  PID:4576
- C:\Windows\System\wxPytBt.exe
  C:\Windows\System\wxPytBt.exe
  2⤵
  PID:4544
- C:\Windows\System\iSRbVAh.exe
  C:\Windows\System\iSRbVAh.exe
  2⤵
  PID:4600
- C:\Windows\System\husiMQB.exe
  C:\Windows\System\husiMQB.exe
  2⤵
  PID:4620
- C:\Windows\System\cBRwQGr.exe
  C:\Windows\System\cBRwQGr.exe
  2⤵
  PID:4636
- C:\Windows\System\wwnLpjV.exe
  C:\Windows\System\wwnLpjV.exe
  2⤵
  PID:4668
- C:\Windows\System\SAAvepg.exe
  C:\Windows\System\SAAvepg.exe
  2⤵
  PID:4704
- C:\Windows\System\PPJxjgL.exe
  C:\Windows\System\PPJxjgL.exe
  2⤵
  PID:4724
- C:\Windows\System\ZFsqVDl.exe
  C:\Windows\System\ZFsqVDl.exe
  2⤵
  PID:4820
- C:\Windows\System\DHqvpQw.exe
  C:\Windows\System\DHqvpQw.exe
  2⤵
  PID:4892
- C:\Windows\System\XPIGnRf.exe
  C:\Windows\System\XPIGnRf.exe
  2⤵
  PID:4956
- C:\Windows\System\FRtnRhy.exe
  C:\Windows\System\FRtnRhy.exe
  2⤵
  PID:5004
- C:\Windows\System\ZybeMPE.exe
  C:\Windows\System\ZybeMPE.exe
  2⤵
  PID:5012
- C:\Windows\System\flirDSn.exe
  C:\Windows\System\flirDSn.exe
  2⤵
  PID:5028
- C:\Windows\System\UxrWqyk.exe
  C:\Windows\System\UxrWqyk.exe
  2⤵
  PID:4836
- C:\Windows\System\mzpWaIR.exe
  C:\Windows\System\mzpWaIR.exe
  2⤵
  PID:4936
- C:\Windows\System\wnvYEfc.exe
  C:\Windows\System\wnvYEfc.exe
  2⤵
  PID:5044
- C:\Windows\System\SwEvEvL.exe
  C:\Windows\System\SwEvEvL.exe
  2⤵
  PID:5048
- C:\Windows\System\SJqQJrg.exe
  C:\Windows\System\SJqQJrg.exe
  2⤵
  PID:5112
- C:\Windows\System\EqPEZsN.exe
  C:\Windows\System\EqPEZsN.exe
  2⤵
  PID:4108
- C:\Windows\System\eSXWZbt.exe
  C:\Windows\System\eSXWZbt.exe
  2⤵
  PID:4220
- C:\Windows\System\CPQAlZA.exe
  C:\Windows\System\CPQAlZA.exe
  2⤵
  PID:4228
- C:\Windows\System\YZdgNLq.exe
  C:\Windows\System\YZdgNLq.exe
  2⤵
  PID:2396
- C:\Windows\System\paaLFKk.exe
  C:\Windows\System\paaLFKk.exe
  2⤵
  PID:4292
- C:\Windows\System\qZnFoJL.exe
  C:\Windows\System\qZnFoJL.exe
  2⤵
  PID:4288
- C:\Windows\System\lQTqETN.exe
  C:\Windows\System\lQTqETN.exe
  2⤵
  PID:4460
- C:\Windows\System\MrvJmUm.exe
  C:\Windows\System\MrvJmUm.exe
  2⤵
  PID:4436
- C:\Windows\System\fUYVnub.exe
  C:\Windows\System\fUYVnub.exe
  2⤵
  PID:4512
- C:\Windows\System\VeiNBWI.exe
  C:\Windows\System\VeiNBWI.exe
  2⤵
  PID:4652
- C:\Windows\System\oDwOVIO.exe
  C:\Windows\System\oDwOVIO.exe
  2⤵
  PID:4528
- C:\Windows\System\TmKipcn.exe
  C:\Windows\System\TmKipcn.exe
  2⤵
  PID:4564
- C:\Windows\System\GBldoqc.exe
  C:\Windows\System\GBldoqc.exe
  2⤵
  PID:4692
- C:\Windows\System\NuWhBde.exe
  C:\Windows\System\NuWhBde.exe
  2⤵
  PID:4624
- C:\Windows\System\dqBzicx.exe
  C:\Windows\System\dqBzicx.exe
  2⤵
  PID:1984
- C:\Windows\System\FMZMYkN.exe
  C:\Windows\System\FMZMYkN.exe
  2⤵
  PID:4816
- C:\Windows\System\MVGJCYF.exe
  C:\Windows\System\MVGJCYF.exe
  2⤵
  PID:4860
- C:\Windows\System\QhcHxJX.exe
  C:\Windows\System\QhcHxJX.exe
  2⤵
  PID:4996
- C:\Windows\System\rhRYeEs.exe
  C:\Windows\System\rhRYeEs.exe
  2⤵
  PID:4872
- C:\Windows\System\ZGuYUmM.exe
  C:\Windows\System\ZGuYUmM.exe
  2⤵
  PID:4100
- C:\Windows\System\YDkdjBD.exe
  C:\Windows\System\YDkdjBD.exe
  2⤵
  PID:4112
- C:\Windows\System\vOhBIAm.exe
  C:\Windows\System\vOhBIAm.exe
  2⤵
  PID:4972
- C:\Windows\System\HsdeiKu.exe
  C:\Windows\System\HsdeiKu.exe
  2⤵
  PID:5052
- C:\Windows\System\TRahtON.exe
  C:\Windows\System\TRahtON.exe
  2⤵
  PID:4268
- C:\Windows\System\XmWvjRg.exe
  C:\Windows\System\XmWvjRg.exe
  2⤵
  PID:4308
- C:\Windows\System\mODJXys.exe
  C:\Windows\System\mODJXys.exe
  2⤵
  PID:4124
- C:\Windows\System\fblIgVa.exe
  C:\Windows\System\fblIgVa.exe
  2⤵
  PID:4584
- C:\Windows\System\nasgcZY.exe
  C:\Windows\System\nasgcZY.exe
  2⤵
  PID:1772
- C:\Windows\System\hMEoaJp.exe
  C:\Windows\System\hMEoaJp.exe
  2⤵
  PID:4748
- C:\Windows\System\IrEmmGz.exe
  C:\Windows\System\IrEmmGz.exe
  2⤵
  PID:4560
- C:\Windows\System\VPcLgQX.exe
  C:\Windows\System\VPcLgQX.exe
  2⤵
  PID:4432
- C:\Windows\System\AZREHeq.exe
  C:\Windows\System\AZREHeq.exe
  2⤵
  PID:4480
- C:\Windows\System\hWIhOkF.exe
  C:\Windows\System\hWIhOkF.exe
  2⤵
  PID:2868
- C:\Windows\System\VmAlxHv.exe
  C:\Windows\System\VmAlxHv.exe
  2⤵
  PID:4908
- C:\Windows\System\RxGCfUK.exe
  C:\Windows\System\RxGCfUK.exe
  2⤵
  PID:5076
- C:\Windows\System\uwUQPCi.exe
  C:\Windows\System\uwUQPCi.exe
  2⤵
  PID:4208
- C:\Windows\System\AofMVRG.exe
  C:\Windows\System\AofMVRG.exe
  2⤵
  PID:4248
- C:\Windows\System\pFAaxHP.exe
  C:\Windows\System\pFAaxHP.exe
  2⤵
  PID:4304
- C:\Windows\System\anylkXe.exe
  C:\Windows\System\anylkXe.exe
  2⤵
  PID:4420
- C:\Windows\System\uKQwImZ.exe
  C:\Windows\System\uKQwImZ.exe
  2⤵
  PID:444
- C:\Windows\System\KpfQuGL.exe
  C:\Windows\System\KpfQuGL.exe
  2⤵
  PID:1076
- C:\Windows\System\jrXEfux.exe
  C:\Windows\System\jrXEfux.exe
  2⤵
  PID:4368
- C:\Windows\System\GrsYrXB.exe
  C:\Windows\System\GrsYrXB.exe
  2⤵
  PID:4784
- C:\Windows\System\WcJDAEA.exe
  C:\Windows\System\WcJDAEA.exe
  2⤵
  PID:4832
- C:\Windows\System\TGqoQgy.exe
  C:\Windows\System\TGqoQgy.exe
  2⤵
  PID:4508
- C:\Windows\System\wTajKuQ.exe
  C:\Windows\System\wTajKuQ.exe
  2⤵
  PID:5124
- C:\Windows\System\NhkEdGf.exe
  C:\Windows\System\NhkEdGf.exe
  2⤵
  PID:5140
- C:\Windows\System\hWKRNdE.exe
  C:\Windows\System\hWKRNdE.exe
  2⤵
  PID:5156
- C:\Windows\System\PKnkuBl.exe
  C:\Windows\System\PKnkuBl.exe
  2⤵
  PID:5208
- C:\Windows\System\GTNqCLI.exe
  C:\Windows\System\GTNqCLI.exe
  2⤵
  PID:5228
- C:\Windows\System\tgqTbEw.exe
  C:\Windows\System\tgqTbEw.exe
  2⤵
  PID:5248
- C:\Windows\System\XlhioZT.exe
  C:\Windows\System\XlhioZT.exe
  2⤵
  PID:5268
- C:\Windows\System\TBvEeEf.exe
  C:\Windows\System\TBvEeEf.exe
  2⤵
  PID:5292
- C:\Windows\System\ILGBwEa.exe
  C:\Windows\System\ILGBwEa.exe
  2⤵
  PID:5308
- C:\Windows\System\ZlEsLYW.exe
  C:\Windows\System\ZlEsLYW.exe
  2⤵
  PID:5324
- C:\Windows\System\DyQGhnB.exe
  C:\Windows\System\DyQGhnB.exe
  2⤵
  PID:5340
- C:\Windows\System\XRItUHB.exe
  C:\Windows\System\XRItUHB.exe
  2⤵
  PID:5356
- C:\Windows\System\FcWWoxr.exe
  C:\Windows\System\FcWWoxr.exe
  2⤵
  PID:5372
- C:\Windows\System\UzxOPdo.exe
  C:\Windows\System\UzxOPdo.exe
  2⤵
  PID:5396
- C:\Windows\System\dzYCQwa.exe
  C:\Windows\System\dzYCQwa.exe
  2⤵
  PID:5424
- C:\Windows\System\WymYnVS.exe
  C:\Windows\System\WymYnVS.exe
  2⤵
  PID:5440
- C:\Windows\System\lUBabTk.exe
  C:\Windows\System\lUBabTk.exe
  2⤵
  PID:5460
- C:\Windows\System\hsMOJhW.exe
  C:\Windows\System\hsMOJhW.exe
  2⤵
  PID:5492
- C:\Windows\System\FMwibVy.exe
  C:\Windows\System\FMwibVy.exe
  2⤵
  PID:5508
- C:\Windows\System\DRXEahl.exe
  C:\Windows\System\DRXEahl.exe
  2⤵
  PID:5528
- C:\Windows\System\EaKOYYH.exe
  C:\Windows\System\EaKOYYH.exe
  2⤵
  PID:5544
- C:\Windows\System\jAJMfHK.exe
  C:\Windows\System\jAJMfHK.exe
  2⤵
  PID:5560
- C:\Windows\System\UiIrUQz.exe
  C:\Windows\System\UiIrUQz.exe
  2⤵
  PID:5576
- C:\Windows\System\nGTDVYh.exe
  C:\Windows\System\nGTDVYh.exe
  2⤵
  PID:5592
- C:\Windows\System\dZiCycP.exe
  C:\Windows\System\dZiCycP.exe
  2⤵
  PID:5608
- C:\Windows\System\sZXCKfX.exe
  C:\Windows\System\sZXCKfX.exe
  2⤵
  PID:5632
- C:\Windows\System\XKncWWp.exe
  C:\Windows\System\XKncWWp.exe
  2⤵
  PID:5652
- C:\Windows\System\TnBqCvz.exe
  C:\Windows\System\TnBqCvz.exe
  2⤵
  PID:5680
- C:\Windows\System\JwNAUQm.exe
  C:\Windows\System\JwNAUQm.exe
  2⤵
  PID:5696
- C:\Windows\System\GJjMLyW.exe
  C:\Windows\System\GJjMLyW.exe
  2⤵
  PID:5724
- C:\Windows\System\dcEhfil.exe
  C:\Windows\System\dcEhfil.exe
  2⤵
  PID:5744
- C:\Windows\System\dDEReKv.exe
  C:\Windows\System\dDEReKv.exe
  2⤵
  PID:5760
- C:\Windows\System\AypxoFi.exe
  C:\Windows\System\AypxoFi.exe
  2⤵
  PID:5776
- C:\Windows\System\NJqXKtz.exe
  C:\Windows\System\NJqXKtz.exe
  2⤵
  PID:5796
- C:\Windows\System\KpYzvAg.exe
  C:\Windows\System\KpYzvAg.exe
  2⤵
  PID:5816
- C:\Windows\System\tZAoMtW.exe
  C:\Windows\System\tZAoMtW.exe
  2⤵
  PID:5836
- C:\Windows\System\TKQzzTd.exe
  C:\Windows\System\TKQzzTd.exe
  2⤵
  PID:5852
- C:\Windows\System\gNhuRGt.exe
  C:\Windows\System\gNhuRGt.exe
  2⤵
  PID:5868
- C:\Windows\System\NqTtmOQ.exe
  C:\Windows\System\NqTtmOQ.exe
  2⤵
  PID:5884
- C:\Windows\System\zfBwFsv.exe
  C:\Windows\System\zfBwFsv.exe
  2⤵
  PID:5900
- C:\Windows\System\wOPyDZt.exe
  C:\Windows\System\wOPyDZt.exe
  2⤵
  PID:5916
- C:\Windows\System\ZfRaanD.exe
  C:\Windows\System\ZfRaanD.exe
  2⤵
  PID:5936
- C:\Windows\System\ckTLwBQ.exe
  C:\Windows\System\ckTLwBQ.exe
  2⤵
  PID:5956
- C:\Windows\System\HjfxIMC.exe
  C:\Windows\System\HjfxIMC.exe
  2⤵
  PID:5972
- C:\Windows\System\MxdpKOn.exe
  C:\Windows\System\MxdpKOn.exe
  2⤵
  PID:5992
- C:\Windows\System\nbSYnCP.exe
  C:\Windows\System\nbSYnCP.exe
  2⤵
  PID:6016
- C:\Windows\System\tJawBYl.exe
  C:\Windows\System\tJawBYl.exe
  2⤵
  PID:6036
- C:\Windows\System\NWVUonQ.exe
  C:\Windows\System\NWVUonQ.exe
  2⤵
  PID:6056
- C:\Windows\System\zcCjQoF.exe
  C:\Windows\System\zcCjQoF.exe
  2⤵
  PID:6072
- C:\Windows\System\fOPbquG.exe
  C:\Windows\System\fOPbquG.exe
  2⤵
  PID:6092
- C:\Windows\System\KfJiVLL.exe
  C:\Windows\System\KfJiVLL.exe
  2⤵
  PID:6116
- C:\Windows\System\qwzmnZp.exe
  C:\Windows\System\qwzmnZp.exe
  2⤵
  PID:4984
- C:\Windows\System\PyQLRYe.exe
  C:\Windows\System\PyQLRYe.exe
  2⤵
  PID:4172
- C:\Windows\System\imcIFCi.exe
  C:\Windows\System\imcIFCi.exe
  2⤵
  PID:4144
- C:\Windows\System\REnxSDw.exe
  C:\Windows\System\REnxSDw.exe
  2⤵
  PID:4184
- C:\Windows\System\RyaYovz.exe
  C:\Windows\System\RyaYovz.exe
  2⤵
  PID:5164
- C:\Windows\System\bIPInOk.exe
  C:\Windows\System\bIPInOk.exe
  2⤵
  PID:5180
- C:\Windows\System\yicwoRb.exe
  C:\Windows\System\yicwoRb.exe
  2⤵
  PID:3808
- C:\Windows\System\mQAldYq.exe
  C:\Windows\System\mQAldYq.exe
  2⤵
  PID:4768
- C:\Windows\System\yaukvVZ.exe
  C:\Windows\System\yaukvVZ.exe
  2⤵
  PID:5204
- C:\Windows\System\dqdfwTD.exe
  C:\Windows\System\dqdfwTD.exe
  2⤵
  PID:5236
- C:\Windows\System\puBmpVJ.exe
  C:\Windows\System\puBmpVJ.exe
  2⤵
  PID:5260
- C:\Windows\System\hrklxTq.exe
  C:\Windows\System\hrklxTq.exe
  2⤵
  PID:5332
- C:\Windows\System\KwnpzRb.exe
  C:\Windows\System\KwnpzRb.exe
  2⤵
  PID:5384
- C:\Windows\System\UQjjUwG.exe
  C:\Windows\System\UQjjUwG.exe
  2⤵
  PID:5368
- C:\Windows\System\QyIKymi.exe
  C:\Windows\System\QyIKymi.exe
  2⤵
  PID:5456
- C:\Windows\System\FFwowwL.exe
  C:\Windows\System\FFwowwL.exe
  2⤵
  PID:5420
- C:\Windows\System\vVdxDyK.exe
  C:\Windows\System\vVdxDyK.exe
  2⤵
  PID:5520
- C:\Windows\System\xIeFtOz.exe
  C:\Windows\System\xIeFtOz.exe
  2⤵
  PID:5584
- C:\Windows\System\Skjnzmu.exe
  C:\Windows\System\Skjnzmu.exe
  2⤵
  PID:5624
- C:\Windows\System\vggMSsw.exe
  C:\Windows\System\vggMSsw.exe
  2⤵
  PID:5568
- C:\Windows\System\fOTActD.exe
  C:\Windows\System\fOTActD.exe
  2⤵
  PID:5672
- C:\Windows\System\sfYvbMF.exe
  C:\Windows\System\sfYvbMF.exe
  2⤵
  PID:5704
- C:\Windows\System\cBxTOfx.exe
  C:\Windows\System\cBxTOfx.exe
  2⤵
  PID:5708
- C:\Windows\System\MmWnqTy.exe
  C:\Windows\System\MmWnqTy.exe
  2⤵
  PID:5784
- C:\Windows\System\TriGPMh.exe
  C:\Windows\System\TriGPMh.exe
  2⤵
  PID:5828
- C:\Windows\System\NtGaaQd.exe
  C:\Windows\System\NtGaaQd.exe
  2⤵
  PID:5892
- C:\Windows\System\SoRlKtF.exe
  C:\Windows\System\SoRlKtF.exe
  2⤵
  PID:5932
- C:\Windows\System\UXrBHVe.exe
  C:\Windows\System\UXrBHVe.exe
  2⤵
  PID:6008
- C:\Windows\System\OcjGisX.exe
  C:\Windows\System\OcjGisX.exe
  2⤵
  PID:6080
- C:\Windows\System\NzNObbh.exe
  C:\Windows\System\NzNObbh.exe
  2⤵
  PID:5980
- C:\Windows\System\vuUjbCn.exe
  C:\Windows\System\vuUjbCn.exe
  2⤵
  PID:5772
- C:\Windows\System\FLOYQgv.exe
  C:\Windows\System\FLOYQgv.exe
  2⤵
  PID:5984
- C:\Windows\System\LuxrzlF.exe
  C:\Windows\System\LuxrzlF.exe
  2⤵
  PID:5812
- C:\Windows\System\muyLRiJ.exe
  C:\Windows\System\muyLRiJ.exe
  2⤵
  PID:6104
- C:\Windows\System\BpDsCiM.exe
  C:\Windows\System\BpDsCiM.exe
  2⤵
  PID:6132
- C:\Windows\System\HZTRbNd.exe
  C:\Windows\System\HZTRbNd.exe
  2⤵
  PID:5080
- C:\Windows\System\lZlYcgm.exe
  C:\Windows\System\lZlYcgm.exe
  2⤵
  PID:5024
- C:\Windows\System\vHNVYsF.exe
  C:\Windows\System\vHNVYsF.exe
  2⤵
  PID:6108
- C:\Windows\System\JMVEVOq.exe
  C:\Windows\System\JMVEVOq.exe
  2⤵
  PID:5196
- C:\Windows\System\zAcroFw.exe
  C:\Windows\System\zAcroFw.exe
  2⤵
  PID:5220
- C:\Windows\System\MpBdVUs.exe
  C:\Windows\System\MpBdVUs.exe
  2⤵
  PID:5284
- C:\Windows\System\ONaHovr.exe
  C:\Windows\System\ONaHovr.exe
  2⤵
  PID:3620
- C:\Windows\System\servwLl.exe
  C:\Windows\System\servwLl.exe
  2⤵
  PID:5316
- C:\Windows\System\GklXSfJ.exe
  C:\Windows\System\GklXSfJ.exe
  2⤵
  PID:5148
- C:\Windows\System\ogpBaQC.exe
  C:\Windows\System\ogpBaQC.exe
  2⤵
  PID:3812
- C:\Windows\System\uTzggog.exe
  C:\Windows\System\uTzggog.exe
  2⤵
  PID:5364
- C:\Windows\System\ntGdvtn.exe
  C:\Windows\System\ntGdvtn.exe
  2⤵
  PID:5616
- C:\Windows\System\EGFqAKp.exe
  C:\Windows\System\EGFqAKp.exe
  2⤵
  PID:5416
- C:\Windows\System\wOduxqw.exe
  C:\Windows\System\wOduxqw.exe
  2⤵
  PID:5664
- C:\Windows\System\qLWEsHW.exe
  C:\Windows\System\qLWEsHW.exe
  2⤵
  PID:5648
- C:\Windows\System\pFzxuVA.exe
  C:\Windows\System\pFzxuVA.exe
  2⤵
  PID:5600
- C:\Windows\System\YjuEQRu.exe
  C:\Windows\System\YjuEQRu.exe
  2⤵
  PID:5712
- C:\Windows\System\BmvAmoC.exe
  C:\Windows\System\BmvAmoC.exe
  2⤵
  PID:5924
- C:\Windows\System\gokAuRI.exe
  C:\Windows\System\gokAuRI.exe
  2⤵
  PID:6012
- C:\Windows\System\CfrADYM.exe
  C:\Windows\System\CfrADYM.exe
  2⤵
  PID:5732
- C:\Windows\System\oXlmqFK.exe
  C:\Windows\System\oXlmqFK.exe
  2⤵
  PID:5736
- C:\Windows\System\QqesZft.exe
  C:\Windows\System\QqesZft.exe
  2⤵
  PID:6100
- C:\Windows\System\OwrNsAp.exe
  C:\Windows\System\OwrNsAp.exe
  2⤵
  PID:5880
- C:\Windows\System\KycDsFq.exe
  C:\Windows\System\KycDsFq.exe
  2⤵
  PID:5876
- C:\Windows\System\iCjiynH.exe
  C:\Windows\System\iCjiynH.exe
  2⤵
  PID:5908
- C:\Windows\System\SwPMEzK.exe
  C:\Windows\System\SwPMEzK.exe
  2⤵
  PID:4764
- C:\Windows\System\QDdqpFJ.exe
  C:\Windows\System\QDdqpFJ.exe
  2⤵
  PID:5256
- C:\Windows\System\kGeZMrv.exe
  C:\Windows\System\kGeZMrv.exe
  2⤵
  PID:6112
- C:\Windows\System\jjydNRE.exe
  C:\Windows\System\jjydNRE.exe
  2⤵
  PID:5244
- C:\Windows\System\eLFCbQu.exe
  C:\Windows\System\eLFCbQu.exe
  2⤵
  PID:5320
- C:\Windows\System\xBhuHvt.exe
  C:\Windows\System\xBhuHvt.exe
  2⤵
  PID:5392
- C:\Windows\System\YDefard.exe
  C:\Windows\System\YDefard.exe
  2⤵
  PID:5404
- C:\Windows\System\WuxLhne.exe
  C:\Windows\System\WuxLhne.exe
  2⤵
  PID:3748
- C:\Windows\System\lbHZVJb.exe
  C:\Windows\System\lbHZVJb.exe
  2⤵
  PID:6000
- C:\Windows\System\ctUthpb.exe
  C:\Windows\System\ctUthpb.exe
  2⤵
  PID:5768
- C:\Windows\System\oeIVRaR.exe
  C:\Windows\System\oeIVRaR.exe
  2⤵
  PID:3848
- C:\Windows\System\meKeMUG.exe
  C:\Windows\System\meKeMUG.exe
  2⤵
  PID:5280
- C:\Windows\System\psHCpAs.exe
  C:\Windows\System\psHCpAs.exe
  2⤵
  PID:5644
- C:\Windows\System\HEgDchj.exe
  C:\Windows\System\HEgDchj.exe
  2⤵
  PID:5640
- C:\Windows\System\tiEVhQL.exe
  C:\Windows\System\tiEVhQL.exe
  2⤵
  PID:5792
- C:\Windows\System\DrLOeec.exe
  C:\Windows\System\DrLOeec.exe
  2⤵
  PID:6128
- C:\Windows\System\mRcwUsf.exe
  C:\Windows\System\mRcwUsf.exe
  2⤵
  PID:5192
- C:\Windows\System\KDDNJFS.exe
  C:\Windows\System\KDDNJFS.exe
  2⤵
  PID:5488
- C:\Windows\System\RdsmHyu.exe
  C:\Windows\System\RdsmHyu.exe
  2⤵
  PID:5860
- C:\Windows\System\EQTAMFA.exe
  C:\Windows\System\EQTAMFA.exe
  2⤵
  PID:6052
- C:\Windows\System\FVSURTo.exe
  C:\Windows\System\FVSURTo.exe
  2⤵
  PID:5536
- C:\Windows\System\IYgUzWa.exe
  C:\Windows\System\IYgUzWa.exe
  2⤵
  PID:4968
- C:\Windows\System\XwFwVOr.exe
  C:\Windows\System\XwFwVOr.exe
  2⤵
  PID:6148
- C:\Windows\System\VIvlwMm.exe
  C:\Windows\System\VIvlwMm.exe
  2⤵
  PID:6164
- C:\Windows\System\MUkwHVV.exe
  C:\Windows\System\MUkwHVV.exe
  2⤵
  PID:6212
- C:\Windows\System\vMYfDwR.exe
  C:\Windows\System\vMYfDwR.exe
  2⤵
  PID:6232
- C:\Windows\System\yuxNoix.exe
  C:\Windows\System\yuxNoix.exe
  2⤵
  PID:6248
- C:\Windows\System\hdAZxcS.exe
  C:\Windows\System\hdAZxcS.exe
  2⤵
  PID:6268
- C:\Windows\System\NDbNWJj.exe
  C:\Windows\System\NDbNWJj.exe
  2⤵
  PID:6284
- C:\Windows\System\itcPbAC.exe
  C:\Windows\System\itcPbAC.exe
  2⤵
  PID:6300
- C:\Windows\System\keVGqCI.exe
  C:\Windows\System\keVGqCI.exe
  2⤵
  PID:6320
- C:\Windows\System\KVSTGmy.exe
  C:\Windows\System\KVSTGmy.exe
  2⤵
  PID:6344
- C:\Windows\System\DOOEaoG.exe
  C:\Windows\System\DOOEaoG.exe
  2⤵
  PID:6360
- C:\Windows\System\zDtcmKL.exe
  C:\Windows\System\zDtcmKL.exe
  2⤵
  PID:6380
- C:\Windows\System\jlKSBbQ.exe
  C:\Windows\System\jlKSBbQ.exe
  2⤵
  PID:6396
- C:\Windows\System\RyhnPxv.exe
  C:\Windows\System\RyhnPxv.exe
  2⤵
  PID:6412
- C:\Windows\System\GkPcEIT.exe
  C:\Windows\System\GkPcEIT.exe
  2⤵
  PID:6444
- C:\Windows\System\kVAUQJN.exe
  C:\Windows\System\kVAUQJN.exe
  2⤵
  PID:6460
- C:\Windows\System\TJCtUbd.exe
  C:\Windows\System\TJCtUbd.exe
  2⤵
  PID:6476
- C:\Windows\System\zqFhWpM.exe
  C:\Windows\System\zqFhWpM.exe
  2⤵
  PID:6512
- C:\Windows\System\McctQeZ.exe
  C:\Windows\System\McctQeZ.exe
  2⤵
  PID:6528
- C:\Windows\System\KemnaOs.exe
  C:\Windows\System\KemnaOs.exe
  2⤵
  PID:6544
- C:\Windows\System\EJfADoP.exe
  C:\Windows\System\EJfADoP.exe
  2⤵
  PID:6564
- C:\Windows\System\bGCONlC.exe
  C:\Windows\System\bGCONlC.exe
  2⤵
  PID:6584
- C:\Windows\System\kUcTdpe.exe
  C:\Windows\System\kUcTdpe.exe
  2⤵
  PID:6600
- C:\Windows\System\ypjjfsj.exe
  C:\Windows\System\ypjjfsj.exe
  2⤵
  PID:6616
- C:\Windows\System\xEUSDBj.exe
  C:\Windows\System\xEUSDBj.exe
  2⤵
  PID:6632
- C:\Windows\System\FxyzBwa.exe
  C:\Windows\System\FxyzBwa.exe
  2⤵
  PID:6652
- C:\Windows\System\LxriNMv.exe
  C:\Windows\System\LxriNMv.exe
  2⤵
  PID:6668
- C:\Windows\System\RHllfvG.exe
  C:\Windows\System\RHllfvG.exe
  2⤵
  PID:6688
- C:\Windows\System\HPRGYJE.exe
  C:\Windows\System\HPRGYJE.exe
  2⤵
  PID:6704
- C:\Windows\System\mujSnNS.exe
  C:\Windows\System\mujSnNS.exe
  2⤵
  PID:6720
- C:\Windows\System\OdGnjeK.exe
  C:\Windows\System\OdGnjeK.exe
  2⤵
  PID:6768
- C:\Windows\System\JLMKbQf.exe
  C:\Windows\System\JLMKbQf.exe
  2⤵
  PID:6788
- C:\Windows\System\SctApZT.exe
  C:\Windows\System\SctApZT.exe
  2⤵
  PID:6808
- C:\Windows\System\JeROCsw.exe
  C:\Windows\System\JeROCsw.exe
  2⤵
  PID:6828
- C:\Windows\System\ouGptCs.exe
  C:\Windows\System\ouGptCs.exe
  2⤵
  PID:6844
- C:\Windows\System\GcMiVFY.exe
  C:\Windows\System\GcMiVFY.exe
  2⤵
  PID:6864
- C:\Windows\System\cuFOTZP.exe
  C:\Windows\System\cuFOTZP.exe
  2⤵
  PID:6880
- C:\Windows\System\pKYiOHA.exe
  C:\Windows\System\pKYiOHA.exe
  2⤵
  PID:6900
- C:\Windows\System\HjtfCKB.exe
  C:\Windows\System\HjtfCKB.exe
  2⤵
  PID:6916
- C:\Windows\System\UqrjzMK.exe
  C:\Windows\System\UqrjzMK.exe
  2⤵
  PID:6936
- C:\Windows\System\ClIsDZh.exe
  C:\Windows\System\ClIsDZh.exe
  2⤵
  PID:6956
- C:\Windows\System\AgnzPKn.exe
  C:\Windows\System\AgnzPKn.exe
  2⤵
  PID:6972
- C:\Windows\System\amndyEA.exe
  C:\Windows\System\amndyEA.exe
  2⤵
  PID:6988
- C:\Windows\System\fwOQvSF.exe
  C:\Windows\System\fwOQvSF.exe
  2⤵
  PID:7032
- C:\Windows\System\nAIaGEN.exe
  C:\Windows\System\nAIaGEN.exe
  2⤵
  PID:7048
- C:\Windows\System\tswMjdE.exe
  C:\Windows\System\tswMjdE.exe
  2⤵
  PID:7064
- C:\Windows\System\sEvtUMI.exe
  C:\Windows\System\sEvtUMI.exe
  2⤵
  PID:7084
- C:\Windows\System\DBruEwY.exe
  C:\Windows\System\DBruEwY.exe
  2⤵
  PID:7100
- C:\Windows\System\GTyaZtk.exe
  C:\Windows\System\GTyaZtk.exe
  2⤵
  PID:7120
- C:\Windows\System\ddihEbu.exe
  C:\Windows\System\ddihEbu.exe
  2⤵
  PID:7144
- C:\Windows\System\KYEvsGK.exe
  C:\Windows\System\KYEvsGK.exe
  2⤵
  PID:5504
- C:\Windows\System\Cjhofwy.exe
  C:\Windows\System\Cjhofwy.exe
  2⤵
  PID:6032
- C:\Windows\System\EzPxpOA.exe
  C:\Windows\System\EzPxpOA.exe
  2⤵
  PID:5556
- C:\Windows\System\OIQQedy.exe
  C:\Windows\System\OIQQedy.exe
  2⤵
  PID:5188
- C:\Windows\System\mMHLuDF.exe
  C:\Windows\System\mMHLuDF.exe
  2⤵
  PID:6188
- C:\Windows\System\SHoAChj.exe
  C:\Windows\System\SHoAChj.exe
  2⤵
  PID:5304
- C:\Windows\System\JVcRjpJ.exe
  C:\Windows\System\JVcRjpJ.exe
  2⤵
  PID:6176
- C:\Windows\System\bhtJXpT.exe
  C:\Windows\System\bhtJXpT.exe
  2⤵
  PID:6220
- C:\Windows\System\xtnrIwq.exe
  C:\Windows\System\xtnrIwq.exe
  2⤵
  PID:6276
- C:\Windows\System\jXSejaD.exe
  C:\Windows\System\jXSejaD.exe
  2⤵
  PID:6292
- C:\Windows\System\ouzwcOH.exe
  C:\Windows\System\ouzwcOH.exe
  2⤵
  PID:6336
- C:\Windows\System\kiPEKTl.exe
  C:\Windows\System\kiPEKTl.exe
  2⤵
  PID:6356
- C:\Windows\System\yKSrHAP.exe
  C:\Windows\System\yKSrHAP.exe
  2⤵
  PID:6428
- C:\Windows\System\UQTYjoo.exe
  C:\Windows\System\UQTYjoo.exe
  2⤵
  PID:6368
- C:\Windows\System\MPUVaXE.exe
  C:\Windows\System\MPUVaXE.exe
  2⤵
  PID:6452
- C:\Windows\System\kCGwDjR.exe
  C:\Windows\System\kCGwDjR.exe
  2⤵
  PID:6484
- C:\Windows\System\QMGhNJv.exe
  C:\Windows\System\QMGhNJv.exe
  2⤵
  PID:6500
- C:\Windows\System\caEdKru.exe
  C:\Windows\System\caEdKru.exe
  2⤵
  PID:6520
- C:\Windows\System\WhMCjsq.exe
  C:\Windows\System\WhMCjsq.exe
  2⤵
  PID:6700
- C:\Windows\System\WDkveTV.exe
  C:\Windows\System\WDkveTV.exe
  2⤵
  PID:6536
- C:\Windows\System\doLTFmO.exe
  C:\Windows\System\doLTFmO.exe
  2⤵
  PID:6644
- C:\Windows\System\WeepZXr.exe
  C:\Windows\System\WeepZXr.exe
  2⤵
  PID:6760
- C:\Windows\System\ymnScSG.exe
  C:\Windows\System\ymnScSG.exe
  2⤵
  PID:6608
- C:\Windows\System\JsMbtXw.exe
  C:\Windows\System\JsMbtXw.exe
  2⤵
  PID:6676
- C:\Windows\System\LYKnxql.exe
  C:\Windows\System\LYKnxql.exe
  2⤵
  PID:6716
- C:\Windows\System\PQDumVf.exe
  C:\Windows\System\PQDumVf.exe
  2⤵
  PID:6836
- C:\Windows\System\Jfjszsv.exe
  C:\Windows\System\Jfjszsv.exe
  2⤵
  PID:6908
- C:\Windows\System\wgefgYu.exe
  C:\Windows\System\wgefgYu.exe
  2⤵
  PID:6852
- C:\Windows\System\LcYoBYx.exe
  C:\Windows\System\LcYoBYx.exe
  2⤵
  PID:6932
- C:\Windows\System\mEureLF.exe
  C:\Windows\System\mEureLF.exe
  2⤵
  PID:6980
- C:\Windows\System\CxqWYyZ.exe
  C:\Windows\System\CxqWYyZ.exe
  2⤵
  PID:7016
- C:\Windows\System\tUGICNM.exe
  C:\Windows\System\tUGICNM.exe
  2⤵
  PID:7040
- C:\Windows\System\uLojGNo.exe
  C:\Windows\System\uLojGNo.exe
  2⤵
  PID:7076
- C:\Windows\System\LLujUZF.exe
  C:\Windows\System\LLujUZF.exe
  2⤵
  PID:7116
- C:\Windows\System\NogkSDo.exe
  C:\Windows\System\NogkSDo.exe
  2⤵
  PID:7140
- C:\Windows\System\HUNLfnn.exe
  C:\Windows\System\HUNLfnn.exe
  2⤵
  PID:7164
- C:\Windows\System\qJCnwOB.exe
  C:\Windows\System\qJCnwOB.exe
  2⤵
  PID:4572
- C:\Windows\System\CVyoMvv.exe
  C:\Windows\System\CVyoMvv.exe
  2⤵
  PID:6200
- C:\Windows\System\HAGCIhV.exe
  C:\Windows\System\HAGCIhV.exe
  2⤵
  PID:6224
- C:\Windows\System\qXZCktY.exe
  C:\Windows\System\qXZCktY.exe
  2⤵
  PID:6392
- C:\Windows\System\DCGvJpY.exe
  C:\Windows\System\DCGvJpY.exe
  2⤵
  PID:5968
- C:\Windows\System\PExxbSa.exe
  C:\Windows\System\PExxbSa.exe
  2⤵
  PID:6496
- C:\Windows\System\VioiFVW.exe
  C:\Windows\System\VioiFVW.exe
  2⤵
  PID:6256
- C:\Windows\System\PfmfBim.exe
  C:\Windows\System\PfmfBim.exe
  2⤵
  PID:6440
- C:\Windows\System\RBqLuPq.exe
  C:\Windows\System\RBqLuPq.exe
  2⤵
  PID:6664
- C:\Windows\System\QbwYgmy.exe
  C:\Windows\System\QbwYgmy.exe
  2⤵
  PID:6504
- C:\Windows\System\nDFXvHV.exe
  C:\Windows\System\nDFXvHV.exe
  2⤵
  PID:6472
- C:\Windows\System\sDSCxjP.exe
  C:\Windows\System\sDSCxjP.exe
  2⤵
  PID:6744
- C:\Windows\System\CQTihqq.exe
  C:\Windows\System\CQTihqq.exe
  2⤵
  PID:6580
- C:\Windows\System\KKbypAi.exe
  C:\Windows\System\KKbypAi.exe
  2⤵
  PID:6876
- C:\Windows\System\BGOachT.exe
  C:\Windows\System\BGOachT.exe
  2⤵
  PID:6924
- C:\Windows\System\WUozgnl.exe
  C:\Windows\System\WUozgnl.exe
  2⤵
  PID:6996
- C:\Windows\System\cpXkbZO.exe
  C:\Windows\System\cpXkbZO.exe
  2⤵
  PID:7008
- C:\Windows\System\DkBFEpW.exe
  C:\Windows\System\DkBFEpW.exe
  2⤵
  PID:6804
- C:\Windows\System\OskhRET.exe
  C:\Windows\System\OskhRET.exe
  2⤵
  PID:7072
- C:\Windows\System\QQjbgIT.exe
  C:\Windows\System\QQjbgIT.exe
  2⤵
  PID:7056
- C:\Windows\System\aHzXpug.exe
  C:\Windows\System\aHzXpug.exe
  2⤵
  PID:7112
- C:\Windows\System\QaWNcOz.exe
  C:\Windows\System\QaWNcOz.exe
  2⤵
  PID:7096
- C:\Windows\System\kMVlkAF.exe
  C:\Windows\System\kMVlkAF.exe
  2⤵
  PID:6332
- C:\Windows\System\TYLkOyH.exe
  C:\Windows\System\TYLkOyH.exe
  2⤵
  PID:6596
- C:\Windows\System\ozPqCPv.exe
  C:\Windows\System\ozPqCPv.exe
  2⤵
  PID:6408
- C:\Windows\System\ZLOCWCB.exe
  C:\Windows\System\ZLOCWCB.exe
  2⤵
  PID:6352
- C:\Windows\System\JnPmagW.exe
  C:\Windows\System\JnPmagW.exe
  2⤵
  PID:6748
- C:\Windows\System\TCvxLWK.exe
  C:\Windows\System\TCvxLWK.exe
  2⤵
  PID:6764
- C:\Windows\System\eFftqUs.exe
  C:\Windows\System\eFftqUs.exe
  2⤵
  PID:7004
- C:\Windows\System\aLBpdGn.exe
  C:\Windows\System\aLBpdGn.exe
  2⤵
  PID:6752
- C:\Windows\System\LLmgaSk.exe
  C:\Windows\System\LLmgaSk.exe
  2⤵
  PID:6456
- C:\Windows\System\eJYLNsU.exe
  C:\Windows\System\eJYLNsU.exe
  2⤵
  PID:6824
- C:\Windows\System\RCbDLdO.exe
  C:\Windows\System\RCbDLdO.exe
  2⤵
  PID:6184
- C:\Windows\System\ohmJCfW.exe
  C:\Windows\System\ohmJCfW.exe
  2⤵
  PID:7024
- C:\Windows\System\tLARzMu.exe
  C:\Windows\System\tLARzMu.exe
  2⤵
  PID:7060
- C:\Windows\System\JQCAsns.exe
  C:\Windows\System\JQCAsns.exe
  2⤵
  PID:6436
- C:\Windows\System\seivVKU.exe
  C:\Windows\System\seivVKU.exe
  2⤵
  PID:6308
- C:\Windows\System\xhABQna.exe
  C:\Windows\System\xhABQna.exe
  2⤵
  PID:6592
- C:\Windows\System\ioghBFK.exe
  C:\Windows\System\ioghBFK.exe
  2⤵
  PID:6712
- C:\Windows\System\sAdxbTs.exe
  C:\Windows\System\sAdxbTs.exe
  2⤵
  PID:6612
- C:\Windows\System\YhprCkw.exe
  C:\Windows\System\YhprCkw.exe
  2⤵
  PID:7132
- C:\Windows\System\rwDZdjd.exe
  C:\Windows\System\rwDZdjd.exe
  2⤵
  PID:5276
- C:\Windows\System\luwXMWv.exe
  C:\Windows\System\luwXMWv.exe
  2⤵
  PID:7216
- C:\Windows\System\jRHNBxd.exe
  C:\Windows\System\jRHNBxd.exe
  2⤵
  PID:7232
- C:\Windows\System\hdZHlcU.exe
  C:\Windows\System\hdZHlcU.exe
  2⤵
  PID:7248
- C:\Windows\System\rOyrtvM.exe
  C:\Windows\System\rOyrtvM.exe
  2⤵
  PID:7264
- C:\Windows\System\MqPRGyZ.exe
  C:\Windows\System\MqPRGyZ.exe
  2⤵
  PID:7284
- C:\Windows\System\HBJOxzn.exe
  C:\Windows\System\HBJOxzn.exe
  2⤵
  PID:7304
- C:\Windows\System\cjvzsCO.exe
  C:\Windows\System\cjvzsCO.exe
  2⤵
  PID:7332
- C:\Windows\System\veGHVvH.exe
  C:\Windows\System\veGHVvH.exe
  2⤵
  PID:7352
- C:\Windows\System\sveMlvU.exe
  C:\Windows\System\sveMlvU.exe
  2⤵
  PID:7368
- C:\Windows\System\SpkOMfD.exe
  C:\Windows\System\SpkOMfD.exe
  2⤵
  PID:7384
- C:\Windows\System\TdufOtr.exe
  C:\Windows\System\TdufOtr.exe
  2⤵
  PID:7400
- C:\Windows\System\xrJeGzv.exe
  C:\Windows\System\xrJeGzv.exe
  2⤵
  PID:7420
- C:\Windows\System\MVQNxEf.exe
  C:\Windows\System\MVQNxEf.exe
  2⤵
  PID:7436
- C:\Windows\System\YicfnUZ.exe
  C:\Windows\System\YicfnUZ.exe
  2⤵
  PID:7468
- C:\Windows\System\mNYiqeR.exe
  C:\Windows\System\mNYiqeR.exe
  2⤵
  PID:7496
- C:\Windows\System\xTqRNpg.exe
  C:\Windows\System\xTqRNpg.exe
  2⤵
  PID:7512
- C:\Windows\System\ohwwuPN.exe
  C:\Windows\System\ohwwuPN.exe
  2⤵
  PID:7528
- C:\Windows\System\iAKtZIp.exe
  C:\Windows\System\iAKtZIp.exe
  2⤵
  PID:7544
- C:\Windows\System\pBxajiF.exe
  C:\Windows\System\pBxajiF.exe
  2⤵
  PID:7564
- C:\Windows\System\PeeejLi.exe
  C:\Windows\System\PeeejLi.exe
  2⤵
  PID:7580
- C:\Windows\System\tYdlxlH.exe
  C:\Windows\System\tYdlxlH.exe
  2⤵
  PID:7596
- C:\Windows\System\LVhgAHz.exe
  C:\Windows\System\LVhgAHz.exe
  2⤵
  PID:7616
- C:\Windows\System\msHuLKt.exe
  C:\Windows\System\msHuLKt.exe
  2⤵
  PID:7636
- C:\Windows\System\XRmerMh.exe
  C:\Windows\System\XRmerMh.exe
  2⤵
  PID:7652
- C:\Windows\System\RRiuLut.exe
  C:\Windows\System\RRiuLut.exe
  2⤵
  PID:7668
- C:\Windows\System\lfsHTlr.exe
  C:\Windows\System\lfsHTlr.exe
  2⤵
  PID:7684
- C:\Windows\System\ymKlksc.exe
  C:\Windows\System\ymKlksc.exe
  2⤵
  PID:7700
- C:\Windows\System\aCRwTwK.exe
  C:\Windows\System\aCRwTwK.exe
  2⤵
  PID:7716
- C:\Windows\System\WDBpGsF.exe
  C:\Windows\System\WDBpGsF.exe
  2⤵
  PID:7732
- C:\Windows\System\RiOEgRS.exe
  C:\Windows\System\RiOEgRS.exe
  2⤵
  PID:7748
- C:\Windows\System\zTYFUaL.exe
  C:\Windows\System\zTYFUaL.exe
  2⤵
  PID:7764
- C:\Windows\System\brhbDHB.exe
  C:\Windows\System\brhbDHB.exe
  2⤵
  PID:7780
- C:\Windows\System\xmykKXq.exe
  C:\Windows\System\xmykKXq.exe
  2⤵
  PID:7796
- C:\Windows\System\NljZnZk.exe
  C:\Windows\System\NljZnZk.exe
  2⤵
  PID:7812
- C:\Windows\System\tboMpvG.exe
  C:\Windows\System\tboMpvG.exe
  2⤵
  PID:7828
- C:\Windows\System\YBJEcPY.exe
  C:\Windows\System\YBJEcPY.exe
  2⤵
  PID:7844
- C:\Windows\System\IXGcNxE.exe
  C:\Windows\System\IXGcNxE.exe
  2⤵
  PID:7860
- C:\Windows\System\UGmwIsM.exe
  C:\Windows\System\UGmwIsM.exe
  2⤵
  PID:7876
- C:\Windows\System\MhQstHl.exe
  C:\Windows\System\MhQstHl.exe
  2⤵
  PID:7896
- C:\Windows\System\tuDYUIR.exe
  C:\Windows\System\tuDYUIR.exe
  2⤵
  PID:7912
- C:\Windows\System\uuGqcHJ.exe
  C:\Windows\System\uuGqcHJ.exe
  2⤵
  PID:7928
- C:\Windows\System\byRBteA.exe
  C:\Windows\System\byRBteA.exe
  2⤵
  PID:7944
- C:\Windows\System\jxkBsfQ.exe
  C:\Windows\System\jxkBsfQ.exe
  2⤵
  PID:7960
- C:\Windows\System\rDZYSjq.exe
  C:\Windows\System\rDZYSjq.exe
  2⤵
  PID:7976
- C:\Windows\System\LqtUOMp.exe
  C:\Windows\System\LqtUOMp.exe
  2⤵
  PID:7992
- C:\Windows\System\FwYAFGh.exe
  C:\Windows\System\FwYAFGh.exe
  2⤵
  PID:8008
- C:\Windows\System\qfLNDyn.exe
  C:\Windows\System\qfLNDyn.exe
  2⤵
  PID:8024
- C:\Windows\System\cmmDjuB.exe
  C:\Windows\System\cmmDjuB.exe
  2⤵
  PID:8040
- C:\Windows\System\fDdyZyG.exe
  C:\Windows\System\fDdyZyG.exe
  2⤵
  PID:8056
- C:\Windows\System\vRCUjag.exe
  C:\Windows\System\vRCUjag.exe
  2⤵
  PID:8072
- C:\Windows\System\nlrwZkp.exe
  C:\Windows\System\nlrwZkp.exe
  2⤵
  PID:8088
- C:\Windows\System\hEgyAQt.exe
  C:\Windows\System\hEgyAQt.exe
  2⤵
  PID:8104
- C:\Windows\System\LbslbeJ.exe
  C:\Windows\System\LbslbeJ.exe
  2⤵
  PID:8120
- C:\Windows\System\uOFiLdi.exe
  C:\Windows\System\uOFiLdi.exe
  2⤵
  PID:8136
- C:\Windows\System\CluBlPJ.exe
  C:\Windows\System\CluBlPJ.exe
  2⤵
  PID:8152
- C:\Windows\System\jfcjwGk.exe
  C:\Windows\System\jfcjwGk.exe
  2⤵
  PID:8168
- C:\Windows\System\lxqyhEq.exe
  C:\Windows\System\lxqyhEq.exe
  2⤵
  PID:8184
- C:\Windows\System\dBHwJhG.exe
  C:\Windows\System\dBHwJhG.exe
  2⤵
  PID:6388
- C:\Windows\System\YmTfhCi.exe
  C:\Windows\System\YmTfhCi.exe
  2⤵
  PID:1540
- C:\Windows\System\eIZfinZ.exe
  C:\Windows\System\eIZfinZ.exe
  2⤵
  PID:6156
- C:\Windows\System\JspFqwq.exe
  C:\Windows\System\JspFqwq.exe
  2⤵
  PID:6784
- C:\Windows\System\AuontRj.exe
  C:\Windows\System\AuontRj.exe
  2⤵
  PID:7188
- C:\Windows\System\tiXzsrh.exe
  C:\Windows\System\tiXzsrh.exe
  2⤵
  PID:6796
- C:\Windows\System\mjBuBEB.exe
  C:\Windows\System\mjBuBEB.exe
  2⤵
  PID:6328
- C:\Windows\System\uMhOxHu.exe
  C:\Windows\System\uMhOxHu.exe
  2⤵
  PID:7212
- C:\Windows\System\XafSTbG.exe
  C:\Windows\System\XafSTbG.exe
  2⤵
  PID:7228
- C:\Windows\System\yllhjgQ.exe
  C:\Windows\System\yllhjgQ.exe
  2⤵
  PID:7260
- C:\Windows\System\xgkzVRr.exe
  C:\Windows\System\xgkzVRr.exe
  2⤵
  PID:7256
- C:\Windows\System\sMAjFgE.exe
  C:\Windows\System\sMAjFgE.exe
  2⤵
  PID:7320
- C:\Windows\System\YbfZWdZ.exe
  C:\Windows\System\YbfZWdZ.exe
  2⤵
  PID:7340
- C:\Windows\System\hQdOkKT.exe
  C:\Windows\System\hQdOkKT.exe
  2⤵
  PID:7364
- C:\Windows\System\HNbKQYl.exe
  C:\Windows\System\HNbKQYl.exe
  2⤵
  PID:7408
- C:\Windows\System\yrLCPpd.exe
  C:\Windows\System\yrLCPpd.exe
  2⤵
  PID:7392
- C:\Windows\System\yzUrbjH.exe
  C:\Windows\System\yzUrbjH.exe
  2⤵
  PID:7484
- C:\Windows\System\sagghKx.exe
  C:\Windows\System\sagghKx.exe
  2⤵
  PID:7492
- C:\Windows\System\VAuIthN.exe
  C:\Windows\System\VAuIthN.exe
  2⤵
  PID:7524
- C:\Windows\System\ndsNPIw.exe
  C:\Windows\System\ndsNPIw.exe
  2⤵
  PID:7588
- C:\Windows\System\oAnocWO.exe
  C:\Windows\System\oAnocWO.exe
  2⤵
  PID:7608
- C:\Windows\System\zNPTTZy.exe
  C:\Windows\System\zNPTTZy.exe
  2⤵
  PID:7536
- C:\Windows\System\rxGoPyN.exe
  C:\Windows\System\rxGoPyN.exe
  2⤵
  PID:7664
- C:\Windows\System\qcyTudf.exe
  C:\Windows\System\qcyTudf.exe
  2⤵
  PID:7676
- C:\Windows\System\xJhNBfI.exe
  C:\Windows\System\xJhNBfI.exe
  2⤵
  PID:7728
- C:\Windows\System\cjkpJpC.exe
  C:\Windows\System\cjkpJpC.exe
  2⤵
  PID:7712
- C:\Windows\System\hKgotFs.exe
  C:\Windows\System\hKgotFs.exe
  2⤵
  PID:7788
- C:\Windows\System\COwywin.exe
  C:\Windows\System\COwywin.exe
  2⤵
  PID:7856
- C:\Windows\System\jFKdmVm.exe
  C:\Windows\System\jFKdmVm.exe
  2⤵
  PID:7840
- C:\Windows\System\MgXUnKy.exe
  C:\Windows\System\MgXUnKy.exe
  2⤵
  PID:7772
- C:\Windows\System\bFfocdP.exe
  C:\Windows\System\bFfocdP.exe
  2⤵
  PID:7904
- C:\Windows\System\IFqTcVp.exe
  C:\Windows\System\IFqTcVp.exe
  2⤵
  PID:7936
- C:\Windows\System\iRWriQc.exe
  C:\Windows\System\iRWriQc.exe
  2⤵
  PID:8016
- C:\Windows\System\qikEsIf.exe
  C:\Windows\System\qikEsIf.exe
  2⤵
  PID:8052
- C:\Windows\System\QvYJjSQ.exe
  C:\Windows\System\QvYJjSQ.exe
  2⤵
  PID:8096
- C:\Windows\System\wmtmbzZ.exe
  C:\Windows\System\wmtmbzZ.exe
  2⤵
  PID:7968
- C:\Windows\System\bKTWyiQ.exe
  C:\Windows\System\bKTWyiQ.exe
  2⤵
  PID:8004
- C:\Windows\System\SCyBGey.exe
  C:\Windows\System\SCyBGey.exe
  2⤵
  PID:8128
- C:\Windows\System\POfaERW.exe
  C:\Windows\System\POfaERW.exe
  2⤵
  PID:7136
- C:\Windows\System\WAzhQBq.exe
  C:\Windows\System\WAzhQBq.exe
  2⤵
  PID:6312
- C:\Windows\System\klzzSna.exe
  C:\Windows\System\klzzSna.exe
  2⤵
  PID:7176
- C:\Windows\System\oUDiOWq.exe
  C:\Windows\System\oUDiOWq.exe
  2⤵
  PID:6488
- C:\Windows\System\oZzGwCU.exe
  C:\Windows\System\oZzGwCU.exe
  2⤵
  PID:7272
- C:\Windows\System\NGlRCwS.exe
  C:\Windows\System\NGlRCwS.exe
  2⤵
  PID:7348
- C:\Windows\System\JgsyCrH.exe
  C:\Windows\System\JgsyCrH.exe
  2⤵
  PID:7412
- C:\Windows\System\qSoCWUg.exe
  C:\Windows\System\qSoCWUg.exe
  2⤵
  PID:7464
- C:\Windows\System\wHmrWIQ.exe
  C:\Windows\System\wHmrWIQ.exe
  2⤵
  PID:7456
- C:\Windows\System\KgVxWdN.exe
  C:\Windows\System\KgVxWdN.exe
  2⤵
  PID:7360
- C:\Windows\System\kVzKCID.exe
  C:\Windows\System\kVzKCID.exe
  2⤵
  PID:7560
- C:\Windows\System\PBrAYpa.exe
  C:\Windows\System\PBrAYpa.exe
  2⤵
  PID:7632
- C:\Windows\System\MwgmsOW.exe
  C:\Windows\System\MwgmsOW.exe
  2⤵
  PID:7624
- C:\Windows\System\sBcockm.exe
  C:\Windows\System\sBcockm.exe
  2⤵
  PID:7760
- C:\Windows\System\jjhxNqu.exe
  C:\Windows\System\jjhxNqu.exe
  2⤵
  PID:7724
- C:\Windows\System\qtdoUEB.exe
  C:\Windows\System\qtdoUEB.exe
  2⤵
  PID:7820
- C:\Windows\System\GcTxdjZ.exe
  C:\Windows\System\GcTxdjZ.exe
  2⤵
  PID:8180
- C:\Windows\System\BSQnaQG.exe
  C:\Windows\System\BSQnaQG.exe
  2⤵
  PID:8048
- C:\Windows\System\gFpZyVD.exe
  C:\Windows\System\gFpZyVD.exe
  2⤵
  PID:8084
- C:\Windows\System\clsIHRd.exe
  C:\Windows\System\clsIHRd.exe
  2⤵
  PID:6316
- C:\Windows\System\qPKlnpw.exe
  C:\Windows\System\qPKlnpw.exe
  2⤵
  PID:7204
- C:\Windows\System\eyRZwpb.exe
  C:\Windows\System\eyRZwpb.exe
  2⤵
  PID:7316
- C:\Windows\System\yTqmzHT.exe
  C:\Windows\System\yTqmzHT.exe
  2⤵
  PID:7208
- C:\Windows\System\NyceStN.exe
  C:\Windows\System\NyceStN.exe
  2⤵
  PID:7448
- C:\Windows\System\dckNMfp.exe
  C:\Windows\System\dckNMfp.exe
  2⤵
  PID:7628
- C:\Windows\System\xjJfJed.exe
  C:\Windows\System\xjJfJed.exe
  2⤵
  PID:7552
- C:\Windows\System\jIqIezl.exe
  C:\Windows\System\jIqIezl.exe
  2⤵
  PID:7872
- C:\Windows\System\Xxtwqzq.exe
  C:\Windows\System\Xxtwqzq.exe
  2⤵
  PID:7952
- C:\Windows\System\JBBTwGJ.exe
  C:\Windows\System\JBBTwGJ.exe
  2⤵
  PID:8144
- C:\Windows\System\HhRzbDC.exe
  C:\Windows\System\HhRzbDC.exe
  2⤵
  PID:7984
- C:\Windows\System\wXfBqgd.exe
  C:\Windows\System\wXfBqgd.exe
  2⤵
  PID:8064
- C:\Windows\System\rkFhySA.exe
  C:\Windows\System\rkFhySA.exe
  2⤵
  PID:7184
- C:\Windows\System\qiLjPbU.exe
  C:\Windows\System\qiLjPbU.exe
  2⤵
  PID:7480
- C:\Windows\System\MqAFcxn.exe
  C:\Windows\System\MqAFcxn.exe
  2⤵
  PID:7852
- C:\Windows\System\ldrhGZU.exe
  C:\Windows\System\ldrhGZU.exe
  2⤵
  PID:8176
- C:\Windows\System\DBawsSb.exe
  C:\Windows\System\DBawsSb.exe
  2⤵
  PID:7432
- C:\Windows\System\MElFZMn.exe
  C:\Windows\System\MElFZMn.exe
  2⤵
  PID:7160
- C:\Windows\System\aghLsdh.exe
  C:\Windows\System\aghLsdh.exe
  2⤵
  PID:6628
- C:\Windows\System\hVSJFtt.exe
  C:\Windows\System\hVSJFtt.exe
  2⤵
  PID:8196
- C:\Windows\System\vOvTANN.exe
  C:\Windows\System\vOvTANN.exe
  2⤵
  PID:8212
- C:\Windows\System\wMVixPX.exe
  C:\Windows\System\wMVixPX.exe
  2⤵
  PID:8228
- C:\Windows\System\groMMBF.exe
  C:\Windows\System\groMMBF.exe
  2⤵
  PID:8244
- C:\Windows\System\kvUfWaw.exe
  C:\Windows\System\kvUfWaw.exe
  2⤵
  PID:8264
- C:\Windows\System\xastThZ.exe
  C:\Windows\System\xastThZ.exe
  2⤵
  PID:8280
- C:\Windows\System\EvOhlDr.exe
  C:\Windows\System\EvOhlDr.exe
  2⤵
  PID:8296
- C:\Windows\System\nzSHBsW.exe
  C:\Windows\System\nzSHBsW.exe
  2⤵
  PID:8312
- C:\Windows\System\UtjRHmP.exe
  C:\Windows\System\UtjRHmP.exe
  2⤵
  PID:8328
- C:\Windows\System\CNZjdDA.exe
  C:\Windows\System\CNZjdDA.exe
  2⤵
  PID:8344
- C:\Windows\System\WzgknIm.exe
  C:\Windows\System\WzgknIm.exe
  2⤵
  PID:8360
- C:\Windows\System\tLWHkYB.exe
  C:\Windows\System\tLWHkYB.exe
  2⤵
  PID:8376
- C:\Windows\System\VQLoYmv.exe
  C:\Windows\System\VQLoYmv.exe
  2⤵
  PID:8392
- C:\Windows\System\vRbFmpa.exe
  C:\Windows\System\vRbFmpa.exe
  2⤵
  PID:8408
- C:\Windows\System\RACYQeI.exe
  C:\Windows\System\RACYQeI.exe
  2⤵
  PID:8424
- C:\Windows\System\CJmtvbM.exe
  C:\Windows\System\CJmtvbM.exe
  2⤵
  PID:8440
- C:\Windows\System\gOFIrMo.exe
  C:\Windows\System\gOFIrMo.exe
  2⤵
  PID:8456
- C:\Windows\System\ZxXIvdB.exe
  C:\Windows\System\ZxXIvdB.exe
  2⤵
  PID:8472
- C:\Windows\System\AYeDYhn.exe
  C:\Windows\System\AYeDYhn.exe
  2⤵
  PID:8488
- C:\Windows\System\qocxDCD.exe
  C:\Windows\System\qocxDCD.exe
  2⤵
  PID:8504
- C:\Windows\System\NpfWGgB.exe
  C:\Windows\System\NpfWGgB.exe
  2⤵
  PID:8520
- C:\Windows\System\dlGzvLZ.exe
  C:\Windows\System\dlGzvLZ.exe
  2⤵
  PID:8536
- C:\Windows\System\EQuJLAv.exe
  C:\Windows\System\EQuJLAv.exe
  2⤵
  PID:8552
- C:\Windows\System\VWVqdpq.exe
  C:\Windows\System\VWVqdpq.exe
  2⤵
  PID:8568
- C:\Windows\System\dVBxWIt.exe
  C:\Windows\System\dVBxWIt.exe
  2⤵
  PID:8584
- C:\Windows\System\sLHhRll.exe
  C:\Windows\System\sLHhRll.exe
  2⤵
  PID:8600
- C:\Windows\System\ioWeTMH.exe
  C:\Windows\System\ioWeTMH.exe
  2⤵
  PID:8616
- C:\Windows\System\giGaQol.exe
  C:\Windows\System\giGaQol.exe
  2⤵
  PID:8632
- C:\Windows\System\hmSbQxU.exe
  C:\Windows\System\hmSbQxU.exe
  2⤵
  PID:8648
- C:\Windows\System\PSDRZzM.exe
  C:\Windows\System\PSDRZzM.exe
  2⤵
  PID:8664
- C:\Windows\System\joXuDAx.exe
  C:\Windows\System\joXuDAx.exe
  2⤵
  PID:8680
- C:\Windows\System\xzfdrPd.exe
  C:\Windows\System\xzfdrPd.exe
  2⤵
  PID:8696
- C:\Windows\System\CBwMejB.exe
  C:\Windows\System\CBwMejB.exe
  2⤵
  PID:8712
- C:\Windows\System\xRbvsex.exe
  C:\Windows\System\xRbvsex.exe
  2⤵
  PID:8728
- C:\Windows\System\XQjjmOx.exe
  C:\Windows\System\XQjjmOx.exe
  2⤵
  PID:8744
- C:\Windows\System\PWEkqgc.exe
  C:\Windows\System\PWEkqgc.exe
  2⤵
  PID:8760
- C:\Windows\System\PuLVwlT.exe
  C:\Windows\System\PuLVwlT.exe
  2⤵
  PID:8776
- C:\Windows\System\kxDHWUg.exe
  C:\Windows\System\kxDHWUg.exe
  2⤵
  PID:8792
- C:\Windows\System\kDeWWeI.exe
  C:\Windows\System\kDeWWeI.exe
  2⤵
  PID:8808
- C:\Windows\System\DdnsfzN.exe
  C:\Windows\System\DdnsfzN.exe
  2⤵
  PID:8824
- C:\Windows\System\duUjfVe.exe
  C:\Windows\System\duUjfVe.exe
  2⤵
  PID:8840
- C:\Windows\System\MVrBqKb.exe
  C:\Windows\System\MVrBqKb.exe
  2⤵
  PID:8856
- C:\Windows\System\BeeLaev.exe
  C:\Windows\System\BeeLaev.exe
  2⤵
  PID:8872
- C:\Windows\System\wAYhNxW.exe
  C:\Windows\System\wAYhNxW.exe
  2⤵
  PID:8888
- C:\Windows\System\QzTxObn.exe
  C:\Windows\System\QzTxObn.exe
  2⤵
  PID:8904
- C:\Windows\System\RASkHoZ.exe
  C:\Windows\System\RASkHoZ.exe
  2⤵
  PID:8920
- C:\Windows\System\ZQYuBKc.exe
  C:\Windows\System\ZQYuBKc.exe
  2⤵
  PID:8936
- C:\Windows\System\fiBflEz.exe
  C:\Windows\System\fiBflEz.exe
  2⤵
  PID:8952
- C:\Windows\System\DzpmQTe.exe
  C:\Windows\System\DzpmQTe.exe
  2⤵
  PID:8968
- C:\Windows\System\OBEywGO.exe
  C:\Windows\System\OBEywGO.exe
  2⤵
  PID:8984
- C:\Windows\System\gRlcrtx.exe
  C:\Windows\System\gRlcrtx.exe
  2⤵
  PID:9000
- C:\Windows\System\qpRpflr.exe
  C:\Windows\System\qpRpflr.exe
  2⤵
  PID:9016
- C:\Windows\System\YgtyAMt.exe
  C:\Windows\System\YgtyAMt.exe
  2⤵
  PID:9036
- C:\Windows\System\bQwNGSe.exe
  C:\Windows\System\bQwNGSe.exe
  2⤵
  PID:9052
- C:\Windows\System\uYlCeSD.exe
  C:\Windows\System\uYlCeSD.exe
  2⤵
  PID:9068
- C:\Windows\System\TIloAhg.exe
  C:\Windows\System\TIloAhg.exe
  2⤵
  PID:9084
- C:\Windows\System\MYEUlFy.exe
  C:\Windows\System\MYEUlFy.exe
  2⤵
  PID:9100
- C:\Windows\System\IgSxFFs.exe
  C:\Windows\System\IgSxFFs.exe
  2⤵
  PID:9128
- C:\Windows\System\RNLKUQX.exe
  C:\Windows\System\RNLKUQX.exe
  2⤵
  PID:9144
- C:\Windows\System\ZIbdxps.exe
  C:\Windows\System\ZIbdxps.exe
  2⤵
  PID:9160
- C:\Windows\System\hdFCRCv.exe
  C:\Windows\System\hdFCRCv.exe
  2⤵
  PID:9176
- C:\Windows\System\MooPexR.exe
  C:\Windows\System\MooPexR.exe
  2⤵
  PID:9192
- C:\Windows\System\xdRrsSc.exe
  C:\Windows\System\xdRrsSc.exe
  2⤵
  PID:9208
- C:\Windows\System\OClDbOn.exe
  C:\Windows\System\OClDbOn.exe
  2⤵
  PID:8272
- C:\Windows\System\TSWeCit.exe
  C:\Windows\System\TSWeCit.exe
  2⤵
  PID:8204
- C:\Windows\System\MeEEQVY.exe
  C:\Windows\System\MeEEQVY.exe
  2⤵
  PID:8032
- C:\Windows\System\NnEKUAk.exe
  C:\Windows\System\NnEKUAk.exe
  2⤵
  PID:7556
- C:\Windows\System\CqKPPTM.exe
  C:\Windows\System\CqKPPTM.exe
  2⤵
  PID:8224
- C:\Windows\System\QNGeyRm.exe
  C:\Windows\System\QNGeyRm.exe
  2⤵
  PID:8292
- C:\Windows\System\pyYWGRQ.exe
  C:\Windows\System\pyYWGRQ.exe
  2⤵
  PID:8336
- C:\Windows\System\InGFNgL.exe
  C:\Windows\System\InGFNgL.exe
  2⤵
  PID:8404
- C:\Windows\System\dPcPQnd.exe
  C:\Windows\System\dPcPQnd.exe
  2⤵
  PID:8420
- C:\Windows\System\syULVXP.exe
  C:\Windows\System\syULVXP.exe
  2⤵
  PID:8452
- C:\Windows\System\wYvpzBX.exe
  C:\Windows\System\wYvpzBX.exe
  2⤵
  PID:8500
- C:\Windows\System\kAXpBMP.exe
  C:\Windows\System\kAXpBMP.exe
  2⤵
  PID:8516
- C:\Windows\System\nabnBGl.exe
  C:\Windows\System\nabnBGl.exe
  2⤵
  PID:8564
- C:\Windows\System\ctFZYUQ.exe
  C:\Windows\System\ctFZYUQ.exe
  2⤵
  PID:8596
- C:\Windows\System\KmwadfJ.exe
  C:\Windows\System\KmwadfJ.exe
  2⤵
  PID:8624
- C:\Windows\System\rTnbrzh.exe
  C:\Windows\System\rTnbrzh.exe
  2⤵
  PID:8692
- C:\Windows\System\gKsjegC.exe
  C:\Windows\System\gKsjegC.exe
  2⤵
  PID:8704
- C:\Windows\System\gukuWYG.exe
  C:\Windows\System\gukuWYG.exe
  2⤵
  PID:8768
- C:\Windows\System\ntFXrkM.exe
  C:\Windows\System\ntFXrkM.exe
  2⤵
  PID:8772
- C:\Windows\System\RjJOhKD.exe
  C:\Windows\System\RjJOhKD.exe
  2⤵
  PID:9116
- C:\Windows\System\AQmnlMJ.exe
  C:\Windows\System\AQmnlMJ.exe
  2⤵
  PID:8672
- C:\Windows\System\DiXTZTo.exe
  C:\Windows\System\DiXTZTo.exe
  2⤵
  PID:8784
- C:\Windows\System\hsiLgaS.exe
  C:\Windows\System\hsiLgaS.exe
  2⤵
  PID:8900
- C:\Windows\System\ecjHHdr.exe
  C:\Windows\System\ecjHHdr.exe
  2⤵
  PID:8948
- C:\Windows\System\cEYEyno.exe
  C:\Windows\System\cEYEyno.exe
  2⤵
  PID:9112
- C:\Windows\System\sABAkru.exe
  C:\Windows\System\sABAkru.exe
  2⤵
  PID:9136
- C:\Windows\System\oWcXXsB.exe
  C:\Windows\System\oWcXXsB.exe
  2⤵
  PID:9172
- C:\Windows\System\mjyfFtv.exe
  C:\Windows\System\mjyfFtv.exe
  2⤵
  PID:9156
- C:\Windows\System\hczMWks.exe
  C:\Windows\System\hczMWks.exe
  2⤵
  PID:8388
- C:\Windows\System\FlYyDeY.exe
  C:\Windows\System\FlYyDeY.exe
  2⤵
  PID:7924
- C:\Windows\System\yvABONG.exe
  C:\Windows\System\yvABONG.exe
  2⤵
  PID:7328
- C:\Windows\System\XAPArGj.exe
  C:\Windows\System\XAPArGj.exe
  2⤵
  PID:8436
- C:\Windows\System\WVRAoON.exe
  C:\Windows\System\WVRAoON.exe
  2⤵
  PID:8368
- C:\Windows\System\cCZrRVP.exe
  C:\Windows\System\cCZrRVP.exe
  2⤵
  PID:8644
- C:\Windows\System\rKFSiiz.exe
  C:\Windows\System\rKFSiiz.exe
  2⤵
  PID:8724
- C:\Windows\System\ORlfveO.exe
  C:\Windows\System\ORlfveO.exe
  2⤵
  PID:9032
- C:\Windows\System\LnFzscT.exe
  C:\Windows\System\LnFzscT.exe
  2⤵
  PID:8884
- C:\Windows\System\ctjzJCA.exe
  C:\Windows\System\ctjzJCA.exe
  2⤵
  PID:8800
- C:\Windows\System\ldzDjZh.exe
  C:\Windows\System\ldzDjZh.exe
  2⤵
  PID:8868
- C:\Windows\System\BUmSUtm.exe
  C:\Windows\System\BUmSUtm.exe
  2⤵
  PID:9008
- C:\Windows\System\BIEGBeR.exe
  C:\Windows\System\BIEGBeR.exe
  2⤵
  PID:8236
- C:\Windows\System\LhDVAJl.exe
  C:\Windows\System\LhDVAJl.exe
  2⤵
  PID:7648
- C:\Windows\System\ZuwgDon.exe
  C:\Windows\System\ZuwgDon.exe
  2⤵
  PID:8372
- C:\Windows\System\oTFGJaN.exe
  C:\Windows\System\oTFGJaN.exe
  2⤵
  PID:8480
- C:\Windows\System\bzCzXPM.exe
  C:\Windows\System\bzCzXPM.exe
  2⤵
  PID:8612
- C:\Windows\System\yXILGtJ.exe
  C:\Windows\System\yXILGtJ.exe
  2⤵
  PID:8592
- C:\Windows\System\anVFNFX.exe
  C:\Windows\System\anVFNFX.exe
  2⤵
  PID:9064
- C:\Windows\System\qyMyQbx.exe
  C:\Windows\System\qyMyQbx.exe
  2⤵
  PID:8916
- C:\Windows\System\aYUAWPj.exe
  C:\Windows\System\aYUAWPj.exe
  2⤵
  PID:8816
- C:\Windows\System\fjpUIgp.exe
  C:\Windows\System\fjpUIgp.exe
  2⤵
  PID:8324
- C:\Windows\System\KpNsqPU.exe
  C:\Windows\System\KpNsqPU.exe
  2⤵
  PID:9168
- C:\Windows\System\zBzQHJF.exe
  C:\Windows\System\zBzQHJF.exe
  2⤵
  PID:8512
- C:\Windows\System\OCPYMeV.exe
  C:\Windows\System\OCPYMeV.exe
  2⤵
  PID:8896
- C:\Windows\System\uuqGlBO.exe
  C:\Windows\System\uuqGlBO.exe
  2⤵
  PID:9152
- C:\Windows\System\LDcTMHJ.exe
  C:\Windows\System\LDcTMHJ.exe
  2⤵
  PID:7808
- C:\Windows\System\VAbcYtl.exe
  C:\Windows\System\VAbcYtl.exe
  2⤵
  PID:8532
- C:\Windows\System\VNjQibT.exe
  C:\Windows\System\VNjQibT.exe
  2⤵
  PID:8560
- C:\Windows\System\EcmQive.exe
  C:\Windows\System\EcmQive.exe
  2⤵
  PID:9204
- C:\Windows\System\jaxVQoV.exe
  C:\Windows\System\jaxVQoV.exe
  2⤵
  PID:8836
- C:\Windows\System\pnYFWiY.exe
  C:\Windows\System\pnYFWiY.exe
  2⤵
  PID:8260
- C:\Windows\System\LdQtACU.exe
  C:\Windows\System\LdQtACU.exe
  2⤵
  PID:8448
- C:\Windows\System\YPnHrLg.exe
  C:\Windows\System\YPnHrLg.exe
  2⤵
  PID:9232
- C:\Windows\System\FngPeyH.exe
  C:\Windows\System\FngPeyH.exe
  2⤵
  PID:9252
- C:\Windows\System\NIgKYYn.exe
  C:\Windows\System\NIgKYYn.exe
  2⤵
  PID:9272
- C:\Windows\System\BRLYODB.exe
  C:\Windows\System\BRLYODB.exe
  2⤵
  PID:9288
- C:\Windows\System\lywDCRX.exe
  C:\Windows\System\lywDCRX.exe
  2⤵
  PID:9304
- C:\Windows\System\bwYPjzF.exe
  C:\Windows\System\bwYPjzF.exe
  2⤵
  PID:9328
- C:\Windows\System\qqEbJnF.exe
  C:\Windows\System\qqEbJnF.exe
  2⤵
  PID:9352
- C:\Windows\System\hZOTIju.exe
  C:\Windows\System\hZOTIju.exe
  2⤵
  PID:9368
- C:\Windows\System\SMbvSYu.exe
  C:\Windows\System\SMbvSYu.exe
  2⤵
  PID:9388
- C:\Windows\System\OShBwnD.exe
  C:\Windows\System\OShBwnD.exe
  2⤵
  PID:9416
- C:\Windows\System\rIocydE.exe
  C:\Windows\System\rIocydE.exe
  2⤵
  PID:9432
- C:\Windows\System\uUNLCJp.exe
  C:\Windows\System\uUNLCJp.exe
  2⤵
  PID:9448
- C:\Windows\System\dOeOIay.exe
  C:\Windows\System\dOeOIay.exe
  2⤵
  PID:9472
- C:\Windows\System\TMvOQuX.exe
  C:\Windows\System\TMvOQuX.exe
  2⤵
  PID:9488
- C:\Windows\System\fJHGpZK.exe
  C:\Windows\System\fJHGpZK.exe
  2⤵
  PID:9504
- C:\Windows\System\qgJXzJx.exe
  C:\Windows\System\qgJXzJx.exe
  2⤵
  PID:9536
- C:\Windows\System\trNFkiq.exe
  C:\Windows\System\trNFkiq.exe
  2⤵
  PID:9552
- C:\Windows\System\lbqHeWj.exe
  C:\Windows\System\lbqHeWj.exe
  2⤵
  PID:9568
- C:\Windows\System\bFrBqfi.exe
  C:\Windows\System\bFrBqfi.exe
  2⤵
  PID:9588
- C:\Windows\System\gQBrSVN.exe
  C:\Windows\System\gQBrSVN.exe
  2⤵
  PID:9604
- C:\Windows\System\hhJSDvK.exe
  C:\Windows\System\hhJSDvK.exe
  2⤵
  PID:9624
- C:\Windows\System\venpfjJ.exe
  C:\Windows\System\venpfjJ.exe
  2⤵
  PID:9644
- C:\Windows\System\qZSyZhu.exe
  C:\Windows\System\qZSyZhu.exe
  2⤵
  PID:9664
- C:\Windows\System\nzGyQci.exe
  C:\Windows\System\nzGyQci.exe
  2⤵
  PID:9700
- C:\Windows\System\KBuftNv.exe
  C:\Windows\System\KBuftNv.exe
  2⤵
  PID:9716
- C:\Windows\System\dCiLnQe.exe
  C:\Windows\System\dCiLnQe.exe
  2⤵
  PID:9732
- C:\Windows\System\yxPFHVF.exe
  C:\Windows\System\yxPFHVF.exe
  2⤵
  PID:9748
- C:\Windows\System\dQCloVs.exe
  C:\Windows\System\dQCloVs.exe
  2⤵
  PID:9776
- C:\Windows\System\eOJscJO.exe
  C:\Windows\System\eOJscJO.exe
  2⤵
  PID:9804
- C:\Windows\System\CPbruGf.exe
  C:\Windows\System\CPbruGf.exe
  2⤵
  PID:9824
- C:\Windows\System\adoccsW.exe
  C:\Windows\System\adoccsW.exe
  2⤵
  PID:9840
- C:\Windows\System\zdMXaDF.exe
  C:\Windows\System\zdMXaDF.exe
  2⤵
  PID:9856
- C:\Windows\System\SiGMufy.exe
  C:\Windows\System\SiGMufy.exe
  2⤵
  PID:9876
- C:\Windows\System\RwmBChL.exe
  C:\Windows\System\RwmBChL.exe
  2⤵
  PID:9900
- C:\Windows\System\OJiRPzW.exe
  C:\Windows\System\OJiRPzW.exe
  2⤵
  PID:9920
- C:\Windows\System\qZBtWMv.exe
  C:\Windows\System\qZBtWMv.exe
  2⤵
  PID:9940
- C:\Windows\System\dXzrWpT.exe
  C:\Windows\System\dXzrWpT.exe
  2⤵
  PID:9964
- C:\Windows\System\HMTYsnC.exe
  C:\Windows\System\HMTYsnC.exe
  2⤵
  PID:9984
- C:\Windows\System\VdDMYTZ.exe
  C:\Windows\System\VdDMYTZ.exe
  2⤵
  PID:10004
- C:\Windows\System\ckwDIbN.exe
  C:\Windows\System\ckwDIbN.exe
  2⤵
  PID:10020
- C:\Windows\System\XtiLXXZ.exe
  C:\Windows\System\XtiLXXZ.exe
  2⤵
  PID:10044
- C:\Windows\System\attYNEh.exe
  C:\Windows\System\attYNEh.exe
  2⤵
  PID:10068
- C:\Windows\System\RrajufV.exe
  C:\Windows\System\RrajufV.exe
  2⤵
  PID:10084
- C:\Windows\System\UgpicNC.exe
  C:\Windows\System\UgpicNC.exe
  2⤵
  PID:10100
- C:\Windows\System\qrQwybM.exe
  C:\Windows\System\qrQwybM.exe
  2⤵
  PID:10116
- C:\Windows\System\rdADJpU.exe
  C:\Windows\System\rdADJpU.exe
  2⤵
  PID:10132
- C:\Windows\System\CkOBepi.exe
  C:\Windows\System\CkOBepi.exe
  2⤵
  PID:10156
- C:\Windows\System\aZkCaPB.exe
  C:\Windows\System\aZkCaPB.exe
  2⤵
  PID:10180
- C:\Windows\System\aAMpKXD.exe
  C:\Windows\System\aAMpKXD.exe
  2⤵
  PID:10196
- C:\Windows\System\XqefdbZ.exe
  C:\Windows\System\XqefdbZ.exe
  2⤵
  PID:10212
- C:\Windows\System\BOcBnMk.exe
  C:\Windows\System\BOcBnMk.exe
  2⤵
  PID:10228
- C:\Windows\System\vvSUAZZ.exe
  C:\Windows\System\vvSUAZZ.exe
  2⤵
  PID:9140
- C:\Windows\System\MmTlXgo.exe
  C:\Windows\System\MmTlXgo.exe
  2⤵
  PID:9260
- C:\Windows\System\ArYhgjD.exe
  C:\Windows\System\ArYhgjD.exe
  2⤵
  PID:9244
- C:\Windows\System\eRqkibT.exe
  C:\Windows\System\eRqkibT.exe
  2⤵
  PID:9284
- C:\Windows\System\LylzyJB.exe
  C:\Windows\System\LylzyJB.exe
  2⤵
  PID:9336
- C:\Windows\System\vaXWDlI.exe
  C:\Windows\System\vaXWDlI.exe
  2⤵
  PID:9412
- C:\Windows\System\vKJGsNy.exe
  C:\Windows\System\vKJGsNy.exe
  2⤵
  PID:9424
- C:\Windows\System\auhNrrl.exe
  C:\Windows\System\auhNrrl.exe
  2⤵
  PID:9516
- C:\Windows\System\JYguEkv.exe
  C:\Windows\System\JYguEkv.exe
  2⤵
  PID:9500
- C:\Windows\System\pMdYBjV.exe
  C:\Windows\System\pMdYBjV.exe
  2⤵
  PID:9596
- C:\Windows\System\cxEXOOT.exe
  C:\Windows\System\cxEXOOT.exe
  2⤵
  PID:9548
- C:\Windows\System\FlOMLtB.exe
  C:\Windows\System\FlOMLtB.exe
  2⤵
  PID:9612
- C:\Windows\System\hOqSNCn.exe
  C:\Windows\System\hOqSNCn.exe
  2⤵
  PID:9656
- C:\Windows\System\tWwVesB.exe
  C:\Windows\System\tWwVesB.exe
  2⤵
  PID:9652
- C:\Windows\System\qSpcFFL.exe
  C:\Windows\System\qSpcFFL.exe
  2⤵
  PID:9696
- C:\Windows\System\jwzVkBr.exe
  C:\Windows\System\jwzVkBr.exe
  2⤵
  PID:9728
- C:\Windows\System\lOqFKTJ.exe
  C:\Windows\System\lOqFKTJ.exe
  2⤵
  PID:9764
- C:\Windows\System\enapsmN.exe
  C:\Windows\System\enapsmN.exe
  2⤵
  PID:9788
- C:\Windows\System\Ynfckyi.exe
  C:\Windows\System\Ynfckyi.exe
  2⤵
  PID:9812
- C:\Windows\System\DoCssro.exe
  C:\Windows\System\DoCssro.exe
  2⤵
  PID:9884
- C:\Windows\System\DYrYbUL.exe
  C:\Windows\System\DYrYbUL.exe
  2⤵
  PID:9888
- C:\Windows\System\eZoblCi.exe
  C:\Windows\System\eZoblCi.exe
  2⤵
  PID:9932
- C:\Windows\System\bhAIXbE.exe
  C:\Windows\System\bhAIXbE.exe
  2⤵
  PID:9956
- C:\Windows\System\vExlKVK.exe
  C:\Windows\System\vExlKVK.exe
  2⤵
  PID:9992
- C:\Windows\System\wnixtgu.exe
  C:\Windows\System\wnixtgu.exe
  2⤵
  PID:10036
- C:\Windows\System\VGaBqyo.exe
  C:\Windows\System\VGaBqyo.exe
  2⤵
  PID:10052
- C:\Windows\System\FhDquPt.exe
  C:\Windows\System\FhDquPt.exe
  2⤵
  PID:10128
- C:\Windows\System\mOZMbYg.exe
  C:\Windows\System\mOZMbYg.exe
  2⤵
  PID:10112
- C:\Windows\System\pWsZwFs.exe
  C:\Windows\System\pWsZwFs.exe
  2⤵
  PID:10140
- C:\Windows\System\NXBPgIB.exe
  C:\Windows\System\NXBPgIB.exe
  2⤵
  PID:10192
- C:\Windows\System\wMZtdjV.exe
  C:\Windows\System\wMZtdjV.exe
  2⤵
  PID:9228
- C:\Windows\System\pLShlYx.exe
  C:\Windows\System\pLShlYx.exe
  2⤵
  PID:8880
- C:\Windows\System\mxJWhBF.exe
  C:\Windows\System\mxJWhBF.exe
  2⤵
  PID:9364
- C:\Windows\System\xtnWmHW.exe
  C:\Windows\System\xtnWmHW.exe
  2⤵
  PID:9376
- C:\Windows\System\WkUZDZv.exe
  C:\Windows\System\WkUZDZv.exe
  2⤵
  PID:9444
- C:\Windows\System\brLLqWA.exe
  C:\Windows\System\brLLqWA.exe
  2⤵
  PID:9528
- C:\Windows\System\ZVDeeNu.exe
  C:\Windows\System\ZVDeeNu.exe
  2⤵
  PID:9636
- C:\Windows\System\EBAKdkw.exe
  C:\Windows\System\EBAKdkw.exe
  2⤵
  PID:7696
- C:\Windows\System\dBIsEna.exe
  C:\Windows\System\dBIsEna.exe
  2⤵
  PID:9744
- C:\Windows\System\EwmMzSz.exe
  C:\Windows\System\EwmMzSz.exe
  2⤵
  PID:9832
- C:\Windows\System\odXQKuR.exe
  C:\Windows\System\odXQKuR.exe
  2⤵
  PID:9960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AuteuGP.exe

Filesize
6.0MB

MD5
52e1d08ef0f95c222bdc8cfac4b0fbfc

SHA1
d7f915c170682ba9d1b990b2c8bf26bb88c8b251

SHA256
a5284bf8feaae25e96217f5f7846a022bd5ea0ff065e48117d27f5d4f1b61d4c

SHA512
0886ad959a93e8fbf759c10d95198289c2403dfbda7e2344871f10067e277dfb81b7a9af4b7dbc6571d6daf920a0ba9f3a24b45a57776a042fe9c476cb4e8863

Download Submit
C:\Windows\system\FljTUnK.exe

Filesize
6.0MB

MD5
b84072f3351e1937de9edee480e332c6

SHA1
66420b2f5ec7920dff81aa34c2cbf640afaddb89

SHA256
6cf457874f61d0ed336cba3d99ab5c6e8069ded0932253dac31cd10a18aa5718

SHA512
60986a474132d9d0e252e56da8473e8a04c024034e0188d2ea12406aad81120dc9372be156b9e40dfc6e5b6b05d46a16f7ce62486beffd1bd1d24975aa268070

Download Submit
C:\Windows\system\GCmyqQz.exe

Filesize
6.0MB

MD5
87900f0532f4576b173d071e4615c1d2

SHA1
85f2f912edab19c98d7a93dddc2487cdbfe977c5

SHA256
c4e9f132cc130d929e3bea5247f9176867493d936257603c6aade0eed338fd53

SHA512
255e7d0ba87d60f78db47deffcc02dd018399dcbd6ffc5173bd4b993c0b4a15c4085c00fb71c5c22be7813e1fee766943a41178f9a091c24274042527faf552c

Download Submit
C:\Windows\system\GeawMDw.exe

Filesize
6.0MB

MD5
a7e8196dd20a1be8fea86f9a43de44e0

SHA1
72fde1a5d677e6570f3085ebe3a14e5dbd63c2d4

SHA256
2478cb037a6bd9574b2cc82bfa621a46151dd9b1b225a72fc2b1b474d907fa76

SHA512
c57b0843b8fb0a7487a5a9ea5d21bfce70207a378ef7642c47ea50c1bc7bd6556697e558f3cc2ffe59bf3cab8462eff7f8d1bbc70d85bdd99a69a624d5c020e3

Download Submit
C:\Windows\system\HHJnxVN.exe

Filesize
6.0MB

MD5
3f6abb058048bf1744429de0bac4b7f5

SHA1
26c11ca75eca17715820a741785bb680875def20

SHA256
3ee23ee94c16e46de96b63ee2aed9db3cfadfb6a6e26bb180aa6ac01c55ebce6

SHA512
78cdff5dab045c7b01756acc5d46aebdd2e968be8a72bdf92ede312002ecac6b602c666e8ae76da741be4df1230014ca0400e587a83ac58502ef486502e90f79

Download Submit
C:\Windows\system\HlWGzcW.exe

Filesize
6.0MB

MD5
ccb0d28836d03ba2a94bd87b021dfcc2

SHA1
67b8fade60701cfcb4b1000cdd2c83da3b21673e

SHA256
aabfce5512bf42e2dc8472b1eb82ec2bfc8a33aa0c7df68ed3297aadeb97c964

SHA512
18c4a47e68fe8d247549c7a599fd685af965a3967440504ee1b209dcf92d63709ca03bcfab50e5ed6cc8f123a15fb2e3014a15190e34070e79d5406e496b69f4

Download Submit
C:\Windows\system\MiQVVHe.exe

Filesize
6.0MB

MD5
f01f7170d8e277eeb334d4c1b2c4131b

SHA1
08ed3006b050336e7b91bc78c90b8bdcc6c3ebd6

SHA256
7efaf3baaa8aa2f4742ed25e8cdf3008bacd3ad9b38ce4aea626b503d2bda760

SHA512
52264ef931b94b477372ee4877e07166cccbf1dafb6dbb3a5e5027ffb6e698dccbc485f408f7b11377e80c42bce10e49b07f7172bb6025fecd644978320d425f

Download Submit
C:\Windows\system\NEKlmgO.exe

Filesize
6.0MB

MD5
92191fb3ba1d6011ffc51733d5b485c0

SHA1
c86d50fef0f1a6dd84312f05663fcb242df616e4

SHA256
0d679c195914f71a47a03b35c026c661c4fe9705c401c9df090bfcebcdc2b82f

SHA512
3c769fb53e707a4a16fd74debca396b202239c878ed07de0bffaa1e2b6f6c89c20fe3872c19fad4688754dd83c98eaf28e1cace4dd71877728cc2e1926df1ad5

Download Submit
C:\Windows\system\OjAcEIu.exe

Filesize
6.0MB

MD5
77d83fe05eb97b0eaef3caf5a3a73850

SHA1
93d8b642e51ca0854bce1ff553e8c13f15dc253f

SHA256
60c81f9d5a2cc0b6d34223bd1b983d389a2823093f29ea9f3767222017c3a6b2

SHA512
082433c93d5a01ea426bccb3913babb303f656d0f23ebbfefc88977227a8240d3c4897e94641063970cc88285a183223943f6fe282a35f382fe0d704931b2764

Download Submit
C:\Windows\system\PlbPKPK.exe

Filesize
6.0MB

MD5
95339289e199ea09e207212214d73a1e

SHA1
3351305913addb0f5ce5917ba8870b9de3ee6bc1

SHA256
83c7bba33209b67a674c815a0d170697bd459fea6ad4389abbf0fd012cca29f9

SHA512
7bf83f488cee1a7be5799ce1f4167d97c4c868a6a3619fdf421d86e985383d0e2ffa324b1f194c9712122195a80d761f8701a486017167090ea2fda46ab4555f

Download Submit
C:\Windows\system\TjvIULE.exe

Filesize
6.0MB

MD5
0d43cb88776327d1ee2b8ffe90d682ee

SHA1
e9a3b932f5555d040aa59fdd4877ab37d8e1e013

SHA256
cdde62eb58ded2bfa2861e4be8ac2afcbabcdcb8866b10707a9767dcc9c0d88a

SHA512
5da66f526829a2f96dac0426450206b55886064e76853105af809a2811e17f225fe46e96f926445a83ef6159ebd6b3155b03485ed28dec28feb776dbf392a267

Download Submit
C:\Windows\system\UwyBqez.exe

Filesize
6.0MB

MD5
9faf49f82beb4c26650c3f7ec098bd6a

SHA1
d5da87f95338cd025bb710a955d676ac040c433a

SHA256
591cffb2952e61fc7e33941ce7be0ec7851f8c675eee0e4e569545bcc4dbf57f

SHA512
d5248a90c58bbb19200201e80d17eee71c55ad6f0b5899d2019ecf1d78091b27b76e3627c12d8b29ab228444c46ba14fe64388f2c19dad3ef86d48001e7394e1

Download Submit
C:\Windows\system\XwEKVNf.exe

Filesize
6.0MB

MD5
f7ec072b70b562461ce4c1381c538799

SHA1
5f248161158957f3e8b7f2832e265f44c8c4c032

SHA256
1470e4b67eecb852ba91589124ef608e2437e7ece0fe033155dedf3fa92b191d

SHA512
bb53321e43eb7a1a4f8c0156211ae374fc10f6a4860c34339b1905bc7757a423ea2b56e01eb02fe87404e088d19bcf46a74e96a07b88a72d42c401c8848f4b4b

Download Submit
C:\Windows\system\ZEYbIay.exe

Filesize
6.0MB

MD5
36704770b3a28e1b2c89915ca65b339f

SHA1
de58d3f23a02516da02dc56466125ede7dc9064d

SHA256
7cba500edad5db4c2d1e5cbd39444884f47853edb1644b6042d9ef1cbe73070c

SHA512
1a5c07acb67fecf22989396ef6a506c437bebf123c753751bfb58bfa8e2bac43e5064cd6f0e79a07f602857c5c626e276beced7892400f6933ae2966db21c0c7

Download Submit
C:\Windows\system\bnecWLA.exe

Filesize
6.0MB

MD5
92caff8df7b8f8097ee7acee8baba287

SHA1
8c199ed29015e5cf423c7b8193e0af6af2396952

SHA256
6126f3e163850051f58ca50bfc550de2c086c34bd34c88f2e2dbb51847e61ef6

SHA512
5c380358dc5dd5cb6aa43c8892ab8c1d2d4f3156991705a932bbd72dd84b7f7b8a21c23f9d288b00e4e99315723b00e722953c02d6db9b8b9ba647eab22e97ce

Download Submit
C:\Windows\system\damPdWF.exe

Filesize
6.0MB

MD5
ea59004a46adb03f94f1fad90da804be

SHA1
20ed3669993501eaed618e79a70299a9841fdbbc

SHA256
c7b8973dc99e7394f0fdd2daf3b001d9c8253fa1dcc3bc85ade4c3715c540f59

SHA512
6d138d8588656e671b35b43ac03acf1d4cb2cb46798d917bdfc7882d8cc3392a8d2fdd05c1e7a7214cd90c3d7b33ef130f8949aa5ec4c6d0b27375b87b67a1af

Download Submit
C:\Windows\system\egxmQOh.exe

Filesize
6.0MB

MD5
f75eadcc480a93e08e0e01e2614cbc74

SHA1
31f5dcb0d554bbec9f77325108510230d5f9f2ec

SHA256
0db2df44b7399d75d87ae49551f04f8f82223be8ea6311118dbe6573b89f948a

SHA512
b936192120dcda2618c282af885eed95554e0b9f5578028486def4c43a4e05505965c233b57773a60c5a77ff9af78cebea73a9c54d4cd1ebbe1ad351b573474e

Download Submit
C:\Windows\system\ekUSEoO.exe

Filesize
6.0MB

MD5
79a4fb42d86562a78789789a9c8147d2

SHA1
ef00bb5748f1c6261dcdb8009c2a7c37605fc31c

SHA256
8a207758b955583429b9d960bc610cfa10140950987807bb6a2b4a44c9bd94be

SHA512
ecc6bb7446c7f00f4701b48ee602f6f0279d1a8132096d3001f280d500fb5dfcd521ffac419d82f286ed58ad83212d1a3d358c042858266518a4735bb0ba9d3b

Download Submit
C:\Windows\system\gNTRkHm.exe

Filesize
6.0MB

MD5
8ea874703d7fbc280044579ad243b9b3

SHA1
469c02828891fa54bccceaa2c689bfb2bb21e233

SHA256
c1df2020f9a7f5df035534e021bfbe7b177b68a6cf386eb9a3c702b6b80b6cef

SHA512
dea3f8babe6de1e5686c2bdc359384a1cf6d62c0586639cbc1e036f1144d105c78f6beb37c2b29a060ef0420623ddd462df66d2cd8466d2d3afe9cda82862e02

Download Submit
C:\Windows\system\gdSYKts.exe

Filesize
6.0MB

MD5
aabd1cac68c88e60fc5dca448e52b072

SHA1
b366c3941294c5e6e5884a08559ceb495a334ff5

SHA256
a950d40c24c76672c060a7f52d03d68c6ffe87246645cc7976285206674947ff

SHA512
070b803bd002de6e5784b708ec01e24d51a89474f159c2b74c3254681e05e207e11d9b8ad47e9f276a5f53e4104a03342c1c6bbd5b03490062b1c005c74c577a

Download Submit
C:\Windows\system\iQNYHgk.exe

Filesize
6.0MB

MD5
4226cef4e372ced7149728aabcc3312f

SHA1
d3d410c43c02ae14c71195b19259cb377c0b5ad5

SHA256
df964c02f3cf039f716ac1cf63accb16208245bb47e78934c4047e9e70d968a7

SHA512
e5564ae1258914d0bcbbe5bddc9a8ac29ef1ddb3bf4967b0e538ead974561301bffdf8a97738b31676586bf4c82f10f0153b1dc42288ad6b4b2bf15d5acd41c3

Download Submit
C:\Windows\system\kNaHuPn.exe

Filesize
6.0MB

MD5
b013fbaacd0d1143515d7c3992b4f33e

SHA1
955721497945f21a0a8841312dbbe53c64dab1e7

SHA256
2dc27fd78a1a04b67e255bc76ad8b9c60ec675c72d30fed276a43cf4c0dcd84c

SHA512
af795283022568d6664f42da8f25aa3a9d2122579e65d903208d2bc0a72ba568071ffb0a341479dc5b282964c858c6ea2bb66f8f1c7c3855a351f4de3cb27a0e

Download Submit
C:\Windows\system\kPsonXF.exe

Filesize
6.0MB

MD5
94f1864ec08777e8bdb786e7dcbc2e30

SHA1
34bc6e6d41fad0bafa02f4027d59dc3269cfc763

SHA256
dc29ec2a48a8bda67c32e72c2a2df4fbfa11347fabb9a9d8868d6fa3cb37d24c

SHA512
b5de4fd458d5233906c093f317653b36ae5197d13f14d01e2431f91a7c5db12224ec241dfed3c5159576e83c874f32aeaba13b427f2f667c0718a8ef5756f56a

Download Submit
C:\Windows\system\pgMdlQL.exe

Filesize
6.0MB

MD5
ba856cfae156f412cd568ee0317cfd2f

SHA1
bc31817c1def8ec287409066f1fb1415816e3489

SHA256
653a623518e6b8437806703880ee6153b613276fed61018a8df14af27e50fc5e

SHA512
dd905c87e8aa8353ea7476368cda33a9426a6a4bd60f702c337b041247d57df8bd975389391b833df0b3f90618a90b910ef757ed3bbf70fcdc75b8e093c66549

Download Submit
C:\Windows\system\tuzmLQL.exe

Filesize
6.0MB

MD5
13bc496800f6dbf925a6ffedd7b3fcf6

SHA1
c2efab5b677e8ef86e8299749f1426ab692eafec

SHA256
1178458f13590e11177d77c8417906f9b499574208c04c77c3d0ec32158f9d28

SHA512
29f2ea908b9bdb65c9445e44b9c3c614c92785cfd1200b2fc37e85f7f9643b00e1e537ebf39514ea59b000de36d94bdc7d6223faa5c01e31692140fc389f4231

Download Submit
C:\Windows\system\urjlFnj.exe

Filesize
6.0MB

MD5
28acfdbf3d2d9b9ea8ecd3a77a44e002

SHA1
693d5c272cebbc012627d7a324a29b9c0de27ee1

SHA256
53aa3efdb13373213182d16efbc258201ee0c1f3730f7f1c211736065654e5b9

SHA512
be35830cdd5c3d6846b673427f0dc0f169a171fdd70435adde5f2546286190ff0f0704753fb3918307ef2c078b2ca36c39dc8768ae5febef6bb77f1a63befbf8

Download Submit
C:\Windows\system\xBejTaa.exe

Filesize
6.0MB

MD5
95daa488cb61c05a6a3a1f226b8ae469

SHA1
4ce4fd54d0e3adf9220aeaba9372fc784e345ec1

SHA256
759b877c179cb72d1eb332b147bd0b98f9a1309a3460d4a9b372a844aa933930

SHA512
dd8b35ab45309342b4b2b6d7fd0a339eac43aa9e3fc3cc2cf7182908254c1693401cbee3319305faf349fe0798ac3ecac9c3fbb2235f0b5e815f447724ed6cbc

Download Submit
\Windows\system\HXQAfxJ.exe

Filesize
6.0MB

MD5
af8a7a0f2da5bd4e07822faeb5a1b104

SHA1
343f87ffbc88ba42b51fccf41aa7fccad4bda00f

SHA256
553835983f27637478dfad89bf39f37de74e79e698ee27bc8d7cad5ac2cd9c02

SHA512
1b2683bbfd8dfa969a2b79800d19da56e769a4c72d828fb9b5b36235bea910d938d0537bfce114e6b457b26adb6183ee91773868b0a39ccc5c8552e0a460d2bf

Download Submit
\Windows\system\UFjeoau.exe

Filesize
6.0MB

MD5
7ac1e3fbbc7b8e8dbeb05fb0c3a22d10

SHA1
8aedf668b6f376abe78f2d04a847ef19cdfcdce7

SHA256
27645196f390bce8198e55a27de90068e38edb3fbbf0bf3fa56ce70398b198b6

SHA512
156e07ec388ad7dbcba2a8faf586880fa97a7442386284d3ea434c77867020bd2e4f9b615f455b76c75a2c69fa5f64dcd932527c59b58b01e47002d15939580a

Download Submit
\Windows\system\enpWCtk.exe

Filesize
6.0MB

MD5
2d90b4984f3d9adc63f7594fb31bb5bf

SHA1
0939acb7ee2279d4a7201a328aa7466a6b7c1ee8

SHA256
886b3b7866323dcf0bc019fb7d304b6b95196ce14b60be41b8fa81229375195c

SHA512
d969bfa45e8c51e0261331dbd032289a1463dcd9d3af67cec02e1174bf7b6e95de988e1f0e973b14100fc5d5aa59e1e2300796ef578154f45cb0d01be5520a2f

Download Submit
\Windows\system\jvtiCEm.exe

Filesize
6.0MB

MD5
d0426b2b74bb3f01470a6234f58d1087

SHA1
4bf8483866b35af7ecd0129b83c4fe5e811b4dcd

SHA256
ba62e5cde3d952db66bc06b99625394dd727a78af4a3c502a77c4bfeea2e4b13

SHA512
f0b5be0a94e28c7810be0ff26ef1c165582f144624489297a2060de6125a209961bce7d387bbcd2fcc6054d9af55f957c736b5318a825d71d68bc3eb83443d88

Download Submit
\Windows\system\ojtgcFx.exe

Filesize
6.0MB

MD5
c7211c0d6ec0ee9217b7294bd1fbe708

SHA1
18a452e45da11bc273265e106a17013f780962d2

SHA256
5f67a55eb2a1e7e32fdb880cb64bca495561338821efc7cbb22b0cb69bc4964f

SHA512
0ed9b2c652c071213956cd42487cf171d27cba4bc069d5edbe87a73491302fb6701dbf2f9c8ae280dcb08cd6907b729f1d0d42a8b6bf54f6c92ebd0cb70934df

Download Submit
memory/1728-121-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-4033-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-85-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2280-542-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2280-104-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-646-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-124-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2280-91-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-106-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-87-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-80-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2280-83-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2280-0-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2280-635-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-108-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2280-89-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2280-118-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-81-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-120-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2280-122-0x00000000024F0000-0x0000000002844000-memory.dmp

Filesize
3.3MB

Download
memory/2440-119-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4034-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4036-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2520-659-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2520-105-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4038-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2524-642-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2524-84-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4035-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-107-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-656-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4032-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-103-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-82-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-638-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4028-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2672-643-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2672-86-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2744-125-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-4029-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2800-123-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4039-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-647-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-88-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2828-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2828-653-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4031-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2884-650-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2884-90-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4030-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/3044-117-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/3044-4037-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/3044-668-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download