cobaltstrike | 748ad9bd58570020c238c444df5cbbabc54d05a697ec7e0439e2b74f38c3a7c1

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-12-2024 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e3949179e576e4da807454c89936b3df
SHA1

7116758f9a9c86a98b40054f311298966ce7fd33
SHA256

748ad9bd58570020c238c444df5cbbabc54d05a697ec7e0439e2b74f38c3a7c1
SHA512

a303b82fc631327dd25770082bb7afe8993abaf0b0aea05b71b58b8e3e7b48b5863473f4ba2fc36cac145381e2833cdabd0774f4e00ddf7a73b5d12a6dbe5c2f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000013b4c-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739c-5.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173e4-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fb-24.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017409-37.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001747b-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc8-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-35.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-198.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-188.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-64.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2308-0-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000e000000013b4c-3.dat	xmrig
behavioral1/files/0x000800000001739c-5.dat	xmrig
behavioral1/memory/2532-14-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1976-23-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000173e4-21.dat	xmrig
behavioral1/memory/2308-20-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2464-19-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2308-6-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000173fb-24.dat	xmrig
behavioral1/memory/2684-29-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2308-25-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2808-36-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0009000000017409-37.dat	xmrig
behavioral1/memory/2308-41-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2372-42-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x000800000001747b-52.dat	xmrig
behavioral1/memory/2672-51-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dc8-50.dat	xmrig
behavioral1/memory/2532-47-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017403-35.dat	xmrig
behavioral1/memory/2308-31-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/files/0x000500000001924c-69.dat	xmrig
behavioral1/memory/2808-73-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2608-74-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0005000000019271-85.dat	xmrig
behavioral1/files/0x000500000001926b-77.dat	xmrig
behavioral1/memory/2588-105-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c4-128.dat	xmrig
behavioral1/files/0x0005000000019441-163.dat	xmrig
behavioral1/memory/2084-1722-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/1544-814-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/1728-615-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1624-418-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2608-243-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-194.dat	xmrig
behavioral1/files/0x000500000001961f-198.dat	xmrig
behavioral1/files/0x00050000000195e4-183.dat	xmrig
behavioral1/files/0x000500000001961b-188.dat	xmrig
behavioral1/files/0x00050000000194d8-173.dat	xmrig
behavioral1/files/0x0005000000019539-178.dat	xmrig
behavioral1/files/0x000500000001947e-167.dat	xmrig
behavioral1/files/0x000500000001942f-158.dat	xmrig
behavioral1/files/0x0005000000019403-153.dat	xmrig
behavioral1/files/0x0005000000019401-149.dat	xmrig
behavioral1/files/0x00050000000193df-143.dat	xmrig
behavioral1/files/0x00050000000193d9-138.dat	xmrig
behavioral1/files/0x00050000000193cc-133.dat	xmrig
behavioral1/files/0x00050000000193be-123.dat	xmrig
behavioral1/files/0x0005000000019382-113.dat	xmrig
behavioral1/files/0x0005000000019389-118.dat	xmrig
behavioral1/memory/1544-97-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2868-96-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019273-95.dat	xmrig
behavioral1/memory/2084-106-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019277-104.dat	xmrig
behavioral1/memory/1624-82-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2372-81-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1728-89-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2588-66-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2684-65-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-64.dat	xmrig
behavioral1/memory/2868-58-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/1976-57-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2532	jgpEYme.exe
2464	ogOTHbp.exe
1976	AkGrJEc.exe
2684	hUBoQBU.exe
2808	cRSNjIq.exe
2372	XfPYeMY.exe
2672	CEAGmPm.exe
2868	CAXCnOy.exe
2588	NBVwsNM.exe
2608	dMkwgbU.exe
1624	ShTrevm.exe
1728	QaHDUvn.exe
1544	kCaSMdn.exe
2084	VbLYfOj.exe
2036	RXMvMqx.exe
1924	JjqNDTt.exe
1064	zAzXohZ.exe
2792	gIydqzH.exe
1740	OpMxZpC.exe
1756	FgMtusY.exe
2876	ClHYUzU.exe
2188	jOGwpOD.exe
2204	AXbXEpJ.exe
2128	QaNOZen.exe
2176	snvmFwC.exe
1696	aUAQGrp.exe
328	qPesxtn.exe
2596	PvKaBKY.exe
828	UgXxnan.exe
924	epXKlhy.exe
2392	adFxXog.exe
1920	yeBaYMx.exe
896	AqONNLV.exe
1752	gIkkwfo.exe
1768	bJuyRFM.exe
1848	ztTYKVo.exe
1764	wTzKNZr.exe
2540	spSGamj.exe
2416	jMAtpZl.exe
2004	CdMtDVK.exe
3008	YjBbbWc.exe
1664	YASjhdz.exe
3016	znizaBc.exe
1992	tQSjZzZ.exe
1776	orpawba.exe
556	qZTXvUx.exe
3004	mdqBHGS.exe
884	YmunBBj.exe
2952	ObBWsms.exe
2964	bUptFCt.exe
1588	AgSnFem.exe
2068	zqtYYpi.exe
2468	TTVXLOt.exe
2784	jBrMbsL.exe
2300	FsAFYnm.exe
2736	WHqRMAF.exe
2576	GNZhcga.exe
712	pLPFnGT.exe
2992	nkmSFOo.exe
2312	ikAvlub.exe
1516	GtmUyew.exe
1056	gQIXCwK.exe
1292	hsptlQp.exe
2644	tljKDJH.exe

Loads dropped DLL 64 IoCs

pid	Process
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2308-0-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000e000000013b4c-3.dat	upx
behavioral1/files/0x000800000001739c-5.dat	upx
behavioral1/memory/2532-14-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1976-23-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00070000000173e4-21.dat	upx
behavioral1/memory/2464-19-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2308-6-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x00070000000173fb-24.dat	upx
behavioral1/memory/2684-29-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2808-36-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0009000000017409-37.dat	upx
behavioral1/memory/2308-41-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2372-42-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x000800000001747b-52.dat	upx
behavioral1/memory/2672-51-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0009000000016dc8-50.dat	upx
behavioral1/memory/2532-47-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0007000000017403-35.dat	upx
behavioral1/files/0x000500000001924c-69.dat	upx
behavioral1/memory/2808-73-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2608-74-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0005000000019271-85.dat	upx
behavioral1/files/0x000500000001926b-77.dat	upx
behavioral1/memory/2588-105-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x00050000000193c4-128.dat	upx
behavioral1/files/0x0005000000019441-163.dat	upx
behavioral1/memory/2084-1722-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/1544-814-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/1728-615-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1624-418-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2608-243-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001961d-194.dat	upx
behavioral1/files/0x000500000001961f-198.dat	upx
behavioral1/files/0x00050000000195e4-183.dat	upx
behavioral1/files/0x000500000001961b-188.dat	upx
behavioral1/files/0x00050000000194d8-173.dat	upx
behavioral1/files/0x0005000000019539-178.dat	upx
behavioral1/files/0x000500000001947e-167.dat	upx
behavioral1/files/0x000500000001942f-158.dat	upx
behavioral1/files/0x0005000000019403-153.dat	upx
behavioral1/files/0x0005000000019401-149.dat	upx
behavioral1/files/0x00050000000193df-143.dat	upx
behavioral1/files/0x00050000000193d9-138.dat	upx
behavioral1/files/0x00050000000193cc-133.dat	upx
behavioral1/files/0x00050000000193be-123.dat	upx
behavioral1/files/0x0005000000019382-113.dat	upx
behavioral1/files/0x0005000000019389-118.dat	upx
behavioral1/memory/1544-97-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2868-96-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0005000000019273-95.dat	upx
behavioral1/memory/2084-106-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0005000000019277-104.dat	upx
behavioral1/memory/1624-82-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2372-81-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/1728-89-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2588-66-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2684-65-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0005000000019234-64.dat	upx
behavioral1/memory/2868-58-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/1976-57-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2532-3629-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2464-3624-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1976-3632-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SuyspJB.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvNrBUT.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITdUeFj.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKfIoqi.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzZYljB.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwBlgNh.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YoljlaZ.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMMQmZs.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBFeZLf.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnrybeW.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsWXAWz.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLiOtHA.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaYroXS.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayJKCPA.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyllrNY.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzVFnfX.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YODKYlY.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSmvlBR.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enqSSIV.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqbiQyW.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdLBOiE.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vexKvlP.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuEYEYT.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMaELAh.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmAILnz.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpLQTpa.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcKlFbL.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbGyczs.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxvFxwq.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egErflM.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCMpeAQ.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WucpuQv.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgnXFPn.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lljVepx.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UecQpkS.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrVxLdj.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LARlsmk.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgIoUhi.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHBMJDe.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdlSXUQ.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiyqFuF.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldRvNgA.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kutOySP.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvbdwRz.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBbdiKE.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEOeUoQ.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNGXglc.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdybQNZ.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVSIZVz.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTGqMtJ.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQuUDRj.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOZSRJH.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfABPzw.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBBNdWo.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLtSHVm.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTVAEFe.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwBerfv.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnnGZOE.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNaazrM.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DnEVkwx.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxjSWPP.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRSNjIq.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnbsoQt.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJzpTyt.exe	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
12388	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2532	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2532	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2532	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2464	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2464	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2464	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 1976	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 1976	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 1976	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2684	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2684	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2684	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2808	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2808	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2808	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2372	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2372	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2372	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 2672	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2672	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2672	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2868	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2868	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2868	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2588	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2588	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2588	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2608	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2608	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 2608	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2308 wrote to memory of 1624	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 1624	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 1624	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 1728	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 1728	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 1728	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 1544	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 1544	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 1544	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 2084	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 2084	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 2084	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 2036	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 2036	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 2036	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 1924	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 1924	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 1924	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 1064	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 1064	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 1064	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2792	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 2792	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 2792	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 1740	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1740	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1740	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1756	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 1756	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 1756	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 2876	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 2876	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 2876	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 2188	2308	2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-10_e3949179e576e4da807454c89936b3df_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\System\jgpEYme.exe
  C:\Windows\System\jgpEYme.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\ogOTHbp.exe
  C:\Windows\System\ogOTHbp.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\AkGrJEc.exe
  C:\Windows\System\AkGrJEc.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\hUBoQBU.exe
  C:\Windows\System\hUBoQBU.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\cRSNjIq.exe
  C:\Windows\System\cRSNjIq.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\XfPYeMY.exe
  C:\Windows\System\XfPYeMY.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\CEAGmPm.exe
  C:\Windows\System\CEAGmPm.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\CAXCnOy.exe
  C:\Windows\System\CAXCnOy.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\NBVwsNM.exe
  C:\Windows\System\NBVwsNM.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\dMkwgbU.exe
  C:\Windows\System\dMkwgbU.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ShTrevm.exe
  C:\Windows\System\ShTrevm.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\QaHDUvn.exe
  C:\Windows\System\QaHDUvn.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\kCaSMdn.exe
  C:\Windows\System\kCaSMdn.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\VbLYfOj.exe
  C:\Windows\System\VbLYfOj.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\RXMvMqx.exe
  C:\Windows\System\RXMvMqx.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\JjqNDTt.exe
  C:\Windows\System\JjqNDTt.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\zAzXohZ.exe
  C:\Windows\System\zAzXohZ.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\gIydqzH.exe
  C:\Windows\System\gIydqzH.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\OpMxZpC.exe
  C:\Windows\System\OpMxZpC.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\FgMtusY.exe
  C:\Windows\System\FgMtusY.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\ClHYUzU.exe
  C:\Windows\System\ClHYUzU.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\jOGwpOD.exe
  C:\Windows\System\jOGwpOD.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\AXbXEpJ.exe
  C:\Windows\System\AXbXEpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\QaNOZen.exe
  C:\Windows\System\QaNOZen.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\snvmFwC.exe
  C:\Windows\System\snvmFwC.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\aUAQGrp.exe
  C:\Windows\System\aUAQGrp.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\qPesxtn.exe
  C:\Windows\System\qPesxtn.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\PvKaBKY.exe
  C:\Windows\System\PvKaBKY.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\UgXxnan.exe
  C:\Windows\System\UgXxnan.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\epXKlhy.exe
  C:\Windows\System\epXKlhy.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\adFxXog.exe
  C:\Windows\System\adFxXog.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\yeBaYMx.exe
  C:\Windows\System\yeBaYMx.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\AqONNLV.exe
  C:\Windows\System\AqONNLV.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\gIkkwfo.exe
  C:\Windows\System\gIkkwfo.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\bJuyRFM.exe
  C:\Windows\System\bJuyRFM.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\ztTYKVo.exe
  C:\Windows\System\ztTYKVo.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\wTzKNZr.exe
  C:\Windows\System\wTzKNZr.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\spSGamj.exe
  C:\Windows\System\spSGamj.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\jMAtpZl.exe
  C:\Windows\System\jMAtpZl.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\CdMtDVK.exe
  C:\Windows\System\CdMtDVK.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\YjBbbWc.exe
  C:\Windows\System\YjBbbWc.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\YASjhdz.exe
  C:\Windows\System\YASjhdz.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\znizaBc.exe
  C:\Windows\System\znizaBc.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\tQSjZzZ.exe
  C:\Windows\System\tQSjZzZ.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\orpawba.exe
  C:\Windows\System\orpawba.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\qZTXvUx.exe
  C:\Windows\System\qZTXvUx.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\mdqBHGS.exe
  C:\Windows\System\mdqBHGS.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\YmunBBj.exe
  C:\Windows\System\YmunBBj.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\ObBWsms.exe
  C:\Windows\System\ObBWsms.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\bUptFCt.exe
  C:\Windows\System\bUptFCt.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\AgSnFem.exe
  C:\Windows\System\AgSnFem.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\zqtYYpi.exe
  C:\Windows\System\zqtYYpi.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\TTVXLOt.exe
  C:\Windows\System\TTVXLOt.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\jBrMbsL.exe
  C:\Windows\System\jBrMbsL.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\FsAFYnm.exe
  C:\Windows\System\FsAFYnm.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\WHqRMAF.exe
  C:\Windows\System\WHqRMAF.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\GNZhcga.exe
  C:\Windows\System\GNZhcga.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\pLPFnGT.exe
  C:\Windows\System\pLPFnGT.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\nkmSFOo.exe
  C:\Windows\System\nkmSFOo.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\ikAvlub.exe
  C:\Windows\System\ikAvlub.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\GtmUyew.exe
  C:\Windows\System\GtmUyew.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\gQIXCwK.exe
  C:\Windows\System\gQIXCwK.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hsptlQp.exe
  C:\Windows\System\hsptlQp.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\tljKDJH.exe
  C:\Windows\System\tljKDJH.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\HjnLMCt.exe
  C:\Windows\System\HjnLMCt.exe
  2⤵
  PID:2208
- C:\Windows\System\nlgNPeR.exe
  C:\Windows\System\nlgNPeR.exe
  2⤵
  PID:580
- C:\Windows\System\QswoHwb.exe
  C:\Windows\System\QswoHwb.exe
  2⤵
  PID:1396
- C:\Windows\System\jgWNPfK.exe
  C:\Windows\System\jgWNPfK.exe
  2⤵
  PID:1140
- C:\Windows\System\alEBSYF.exe
  C:\Windows\System\alEBSYF.exe
  2⤵
  PID:948
- C:\Windows\System\byXEEeQ.exe
  C:\Windows\System\byXEEeQ.exe
  2⤵
  PID:888
- C:\Windows\System\YRZvxoQ.exe
  C:\Windows\System\YRZvxoQ.exe
  2⤵
  PID:1720
- C:\Windows\System\yNsOYSy.exe
  C:\Windows\System\yNsOYSy.exe
  2⤵
  PID:2172
- C:\Windows\System\rNOECJB.exe
  C:\Windows\System\rNOECJB.exe
  2⤵
  PID:1080
- C:\Windows\System\fykLXmc.exe
  C:\Windows\System\fykLXmc.exe
  2⤵
  PID:1852
- C:\Windows\System\ytZwgSX.exe
  C:\Windows\System\ytZwgSX.exe
  2⤵
  PID:1536
- C:\Windows\System\qntAYoM.exe
  C:\Windows\System\qntAYoM.exe
  2⤵
  PID:1972
- C:\Windows\System\ileyqPL.exe
  C:\Windows\System\ileyqPL.exe
  2⤵
  PID:2380
- C:\Windows\System\KeFvuzE.exe
  C:\Windows\System\KeFvuzE.exe
  2⤵
  PID:2420
- C:\Windows\System\vQPrPJm.exe
  C:\Windows\System\vQPrPJm.exe
  2⤵
  PID:1208
- C:\Windows\System\nbxVSwc.exe
  C:\Windows\System\nbxVSwc.exe
  2⤵
  PID:2344
- C:\Windows\System\NyGUAeH.exe
  C:\Windows\System\NyGUAeH.exe
  2⤵
  PID:1748
- C:\Windows\System\jzjbxnu.exe
  C:\Windows\System\jzjbxnu.exe
  2⤵
  PID:1216
- C:\Windows\System\HpvjZMm.exe
  C:\Windows\System\HpvjZMm.exe
  2⤵
  PID:1940
- C:\Windows\System\BplJqJH.exe
  C:\Windows\System\BplJqJH.exe
  2⤵
  PID:2664
- C:\Windows\System\Pryreix.exe
  C:\Windows\System\Pryreix.exe
  2⤵
  PID:2356
- C:\Windows\System\yoAGiZG.exe
  C:\Windows\System\yoAGiZG.exe
  2⤵
  PID:2260
- C:\Windows\System\KVjrDwW.exe
  C:\Windows\System\KVjrDwW.exe
  2⤵
  PID:540
- C:\Windows\System\DdFejla.exe
  C:\Windows\System\DdFejla.exe
  2⤵
  PID:1784
- C:\Windows\System\pQTExrf.exe
  C:\Windows\System\pQTExrf.exe
  2⤵
  PID:2020
- C:\Windows\System\NJjZmTS.exe
  C:\Windows\System\NJjZmTS.exe
  2⤵
  PID:2116
- C:\Windows\System\yaIrQaY.exe
  C:\Windows\System\yaIrQaY.exe
  2⤵
  PID:2132
- C:\Windows\System\hxUBErd.exe
  C:\Windows\System\hxUBErd.exe
  2⤵
  PID:2436
- C:\Windows\System\VVxhZUO.exe
  C:\Windows\System\VVxhZUO.exe
  2⤵
  PID:448
- C:\Windows\System\TRVUcun.exe
  C:\Windows\System\TRVUcun.exe
  2⤵
  PID:1716
- C:\Windows\System\DqOOhhk.exe
  C:\Windows\System\DqOOhhk.exe
  2⤵
  PID:2400
- C:\Windows\System\RLGsbIr.exe
  C:\Windows\System\RLGsbIr.exe
  2⤵
  PID:1772
- C:\Windows\System\XCWiOJD.exe
  C:\Windows\System\XCWiOJD.exe
  2⤵
  PID:3000
- C:\Windows\System\ljlgWdc.exe
  C:\Windows\System\ljlgWdc.exe
  2⤵
  PID:2384
- C:\Windows\System\sLcscPo.exe
  C:\Windows\System\sLcscPo.exe
  2⤵
  PID:980
- C:\Windows\System\xuzCXgp.exe
  C:\Windows\System\xuzCXgp.exe
  2⤵
  PID:380
- C:\Windows\System\OzdmQWs.exe
  C:\Windows\System\OzdmQWs.exe
  2⤵
  PID:2052
- C:\Windows\System\oVUTdma.exe
  C:\Windows\System\oVUTdma.exe
  2⤵
  PID:2648
- C:\Windows\System\TIuBqtr.exe
  C:\Windows\System\TIuBqtr.exe
  2⤵
  PID:2824
- C:\Windows\System\mgkrOHu.exe
  C:\Windows\System\mgkrOHu.exe
  2⤵
  PID:3092
- C:\Windows\System\MWKuZCm.exe
  C:\Windows\System\MWKuZCm.exe
  2⤵
  PID:3116
- C:\Windows\System\JpETkMZ.exe
  C:\Windows\System\JpETkMZ.exe
  2⤵
  PID:3136
- C:\Windows\System\qzJwzxb.exe
  C:\Windows\System\qzJwzxb.exe
  2⤵
  PID:3156
- C:\Windows\System\hsAPMxg.exe
  C:\Windows\System\hsAPMxg.exe
  2⤵
  PID:3176
- C:\Windows\System\jMhQMDq.exe
  C:\Windows\System\jMhQMDq.exe
  2⤵
  PID:3196
- C:\Windows\System\NHiJFJD.exe
  C:\Windows\System\NHiJFJD.exe
  2⤵
  PID:3216
- C:\Windows\System\AfjmHWS.exe
  C:\Windows\System\AfjmHWS.exe
  2⤵
  PID:3236
- C:\Windows\System\MJOyYaR.exe
  C:\Windows\System\MJOyYaR.exe
  2⤵
  PID:3252
- C:\Windows\System\QeTFchB.exe
  C:\Windows\System\QeTFchB.exe
  2⤵
  PID:3276
- C:\Windows\System\XRRVTYs.exe
  C:\Windows\System\XRRVTYs.exe
  2⤵
  PID:3296
- C:\Windows\System\rJYMWXS.exe
  C:\Windows\System\rJYMWXS.exe
  2⤵
  PID:3316
- C:\Windows\System\aIghBwv.exe
  C:\Windows\System\aIghBwv.exe
  2⤵
  PID:3336
- C:\Windows\System\PcWWFOp.exe
  C:\Windows\System\PcWWFOp.exe
  2⤵
  PID:3356
- C:\Windows\System\NkIixtg.exe
  C:\Windows\System\NkIixtg.exe
  2⤵
  PID:3376
- C:\Windows\System\FVdfOaw.exe
  C:\Windows\System\FVdfOaw.exe
  2⤵
  PID:3396
- C:\Windows\System\aIFDYCZ.exe
  C:\Windows\System\aIFDYCZ.exe
  2⤵
  PID:3416
- C:\Windows\System\hQuzert.exe
  C:\Windows\System\hQuzert.exe
  2⤵
  PID:3436
- C:\Windows\System\azcqLbt.exe
  C:\Windows\System\azcqLbt.exe
  2⤵
  PID:3452
- C:\Windows\System\SiFgDDf.exe
  C:\Windows\System\SiFgDDf.exe
  2⤵
  PID:3476
- C:\Windows\System\KcltbJS.exe
  C:\Windows\System\KcltbJS.exe
  2⤵
  PID:3496
- C:\Windows\System\MUcmOLs.exe
  C:\Windows\System\MUcmOLs.exe
  2⤵
  PID:3516
- C:\Windows\System\LfukQrU.exe
  C:\Windows\System\LfukQrU.exe
  2⤵
  PID:3536
- C:\Windows\System\axQgYzB.exe
  C:\Windows\System\axQgYzB.exe
  2⤵
  PID:3556
- C:\Windows\System\XBpcpxj.exe
  C:\Windows\System\XBpcpxj.exe
  2⤵
  PID:3576
- C:\Windows\System\RHJpWtb.exe
  C:\Windows\System\RHJpWtb.exe
  2⤵
  PID:3596
- C:\Windows\System\opkeTiJ.exe
  C:\Windows\System\opkeTiJ.exe
  2⤵
  PID:3616
- C:\Windows\System\CrasENO.exe
  C:\Windows\System\CrasENO.exe
  2⤵
  PID:3636
- C:\Windows\System\pBsDEze.exe
  C:\Windows\System\pBsDEze.exe
  2⤵
  PID:3656
- C:\Windows\System\ngoNMZg.exe
  C:\Windows\System\ngoNMZg.exe
  2⤵
  PID:3676
- C:\Windows\System\XvzagzG.exe
  C:\Windows\System\XvzagzG.exe
  2⤵
  PID:3696
- C:\Windows\System\eYnnhfY.exe
  C:\Windows\System\eYnnhfY.exe
  2⤵
  PID:3716
- C:\Windows\System\XGUCtuq.exe
  C:\Windows\System\XGUCtuq.exe
  2⤵
  PID:3736
- C:\Windows\System\YuZeDNJ.exe
  C:\Windows\System\YuZeDNJ.exe
  2⤵
  PID:3756
- C:\Windows\System\WyCDNDl.exe
  C:\Windows\System\WyCDNDl.exe
  2⤵
  PID:3776
- C:\Windows\System\IEualOU.exe
  C:\Windows\System\IEualOU.exe
  2⤵
  PID:3796
- C:\Windows\System\cZQuhhw.exe
  C:\Windows\System\cZQuhhw.exe
  2⤵
  PID:3816
- C:\Windows\System\ZoRSUXn.exe
  C:\Windows\System\ZoRSUXn.exe
  2⤵
  PID:3836
- C:\Windows\System\HjZtDoM.exe
  C:\Windows\System\HjZtDoM.exe
  2⤵
  PID:3856
- C:\Windows\System\lWqNony.exe
  C:\Windows\System\lWqNony.exe
  2⤵
  PID:3876
- C:\Windows\System\mKCgylx.exe
  C:\Windows\System\mKCgylx.exe
  2⤵
  PID:3892
- C:\Windows\System\zSzflDr.exe
  C:\Windows\System\zSzflDr.exe
  2⤵
  PID:3916
- C:\Windows\System\zReFtnS.exe
  C:\Windows\System\zReFtnS.exe
  2⤵
  PID:3932
- C:\Windows\System\jMdFYni.exe
  C:\Windows\System\jMdFYni.exe
  2⤵
  PID:3956
- C:\Windows\System\cQbUVNr.exe
  C:\Windows\System\cQbUVNr.exe
  2⤵
  PID:3976
- C:\Windows\System\iHIizer.exe
  C:\Windows\System\iHIizer.exe
  2⤵
  PID:3996
- C:\Windows\System\FoDpBID.exe
  C:\Windows\System\FoDpBID.exe
  2⤵
  PID:4016
- C:\Windows\System\kYIRICt.exe
  C:\Windows\System\kYIRICt.exe
  2⤵
  PID:4036
- C:\Windows\System\fYTqsCW.exe
  C:\Windows\System\fYTqsCW.exe
  2⤵
  PID:4056
- C:\Windows\System\yudpNqn.exe
  C:\Windows\System\yudpNqn.exe
  2⤵
  PID:4076
- C:\Windows\System\JJtGFFG.exe
  C:\Windows\System\JJtGFFG.exe
  2⤵
  PID:2976
- C:\Windows\System\pkhiqsR.exe
  C:\Windows\System\pkhiqsR.exe
  2⤵
  PID:1192
- C:\Windows\System\jnWzqGp.exe
  C:\Windows\System\jnWzqGp.exe
  2⤵
  PID:348
- C:\Windows\System\AtflPsG.exe
  C:\Windows\System\AtflPsG.exe
  2⤵
  PID:2864
- C:\Windows\System\gSHoWVG.exe
  C:\Windows\System\gSHoWVG.exe
  2⤵
  PID:2216
- C:\Windows\System\UPMaKtn.exe
  C:\Windows\System\UPMaKtn.exe
  2⤵
  PID:1732
- C:\Windows\System\zOhvhhx.exe
  C:\Windows\System\zOhvhhx.exe
  2⤵
  PID:2024
- C:\Windows\System\CWqMohE.exe
  C:\Windows\System\CWqMohE.exe
  2⤵
  PID:2224
- C:\Windows\System\ShBovHd.exe
  C:\Windows\System\ShBovHd.exe
  2⤵
  PID:1440
- C:\Windows\System\qoxXLvv.exe
  C:\Windows\System\qoxXLvv.exe
  2⤵
  PID:868
- C:\Windows\System\LPGyVaV.exe
  C:\Windows\System\LPGyVaV.exe
  2⤵
  PID:1148
- C:\Windows\System\NCjyqfm.exe
  C:\Windows\System\NCjyqfm.exe
  2⤵
  PID:2772
- C:\Windows\System\jWDGNso.exe
  C:\Windows\System\jWDGNso.exe
  2⤵
  PID:3084
- C:\Windows\System\yuIkVwB.exe
  C:\Windows\System\yuIkVwB.exe
  2⤵
  PID:3152
- C:\Windows\System\AKXtpCv.exe
  C:\Windows\System\AKXtpCv.exe
  2⤵
  PID:3164
- C:\Windows\System\SClHwxr.exe
  C:\Windows\System\SClHwxr.exe
  2⤵
  PID:3168
- C:\Windows\System\fuEvmRY.exe
  C:\Windows\System\fuEvmRY.exe
  2⤵
  PID:3208
- C:\Windows\System\PZneMWz.exe
  C:\Windows\System\PZneMWz.exe
  2⤵
  PID:3244
- C:\Windows\System\UgUBTVh.exe
  C:\Windows\System\UgUBTVh.exe
  2⤵
  PID:3284
- C:\Windows\System\vMDTfNn.exe
  C:\Windows\System\vMDTfNn.exe
  2⤵
  PID:3348
- C:\Windows\System\kCSyxFo.exe
  C:\Windows\System\kCSyxFo.exe
  2⤵
  PID:3392
- C:\Windows\System\qKBtlmm.exe
  C:\Windows\System\qKBtlmm.exe
  2⤵
  PID:3372
- C:\Windows\System\OctmnJk.exe
  C:\Windows\System\OctmnJk.exe
  2⤵
  PID:3412
- C:\Windows\System\lqiZCMl.exe
  C:\Windows\System\lqiZCMl.exe
  2⤵
  PID:3484
- C:\Windows\System\IobpkXA.exe
  C:\Windows\System\IobpkXA.exe
  2⤵
  PID:3508
- C:\Windows\System\zlqQfYb.exe
  C:\Windows\System\zlqQfYb.exe
  2⤵
  PID:3552
- C:\Windows\System\pIshxKb.exe
  C:\Windows\System\pIshxKb.exe
  2⤵
  PID:3588
- C:\Windows\System\JwxxWvV.exe
  C:\Windows\System\JwxxWvV.exe
  2⤵
  PID:3624
- C:\Windows\System\YoljlaZ.exe
  C:\Windows\System\YoljlaZ.exe
  2⤵
  PID:3612
- C:\Windows\System\xHioRsd.exe
  C:\Windows\System\xHioRsd.exe
  2⤵
  PID:3652
- C:\Windows\System\TEHtqVZ.exe
  C:\Windows\System\TEHtqVZ.exe
  2⤵
  PID:3684
- C:\Windows\System\gYAamAh.exe
  C:\Windows\System\gYAamAh.exe
  2⤵
  PID:3748
- C:\Windows\System\pCgPytV.exe
  C:\Windows\System\pCgPytV.exe
  2⤵
  PID:3764
- C:\Windows\System\rkLzFVz.exe
  C:\Windows\System\rkLzFVz.exe
  2⤵
  PID:3804
- C:\Windows\System\OdomTEG.exe
  C:\Windows\System\OdomTEG.exe
  2⤵
  PID:3808
- C:\Windows\System\bqdttGg.exe
  C:\Windows\System\bqdttGg.exe
  2⤵
  PID:3852
- C:\Windows\System\mCpfQeF.exe
  C:\Windows\System\mCpfQeF.exe
  2⤵
  PID:3908
- C:\Windows\System\XkwsZcT.exe
  C:\Windows\System\XkwsZcT.exe
  2⤵
  PID:3952
- C:\Windows\System\YERDzDE.exe
  C:\Windows\System\YERDzDE.exe
  2⤵
  PID:3972
- C:\Windows\System\cYUxBLz.exe
  C:\Windows\System\cYUxBLz.exe
  2⤵
  PID:4024
- C:\Windows\System\bhvVGUm.exe
  C:\Windows\System\bhvVGUm.exe
  2⤵
  PID:4028
- C:\Windows\System\xBOpVXr.exe
  C:\Windows\System\xBOpVXr.exe
  2⤵
  PID:4048
- C:\Windows\System\vsmsbKR.exe
  C:\Windows\System\vsmsbKR.exe
  2⤵
  PID:4088
- C:\Windows\System\tDvFTLF.exe
  C:\Windows\System\tDvFTLF.exe
  2⤵
  PID:1564
- C:\Windows\System\eAQiBvH.exe
  C:\Windows\System\eAQiBvH.exe
  2⤵
  PID:2804
- C:\Windows\System\foRwjOq.exe
  C:\Windows\System\foRwjOq.exe
  2⤵
  PID:2656
- C:\Windows\System\NuOGKrL.exe
  C:\Windows\System\NuOGKrL.exe
  2⤵
  PID:1540
- C:\Windows\System\IJHypQE.exe
  C:\Windows\System\IJHypQE.exe
  2⤵
  PID:1816
- C:\Windows\System\IfkrHEe.exe
  C:\Windows\System\IfkrHEe.exe
  2⤵
  PID:2408
- C:\Windows\System\TyOsOEO.exe
  C:\Windows\System\TyOsOEO.exe
  2⤵
  PID:2780
- C:\Windows\System\FpYXHgG.exe
  C:\Windows\System\FpYXHgG.exe
  2⤵
  PID:3124
- C:\Windows\System\yBmKZvZ.exe
  C:\Windows\System\yBmKZvZ.exe
  2⤵
  PID:3188
- C:\Windows\System\XxVlOAm.exe
  C:\Windows\System\XxVlOAm.exe
  2⤵
  PID:3228
- C:\Windows\System\TeaFSQt.exe
  C:\Windows\System\TeaFSQt.exe
  2⤵
  PID:3288
- C:\Windows\System\mgeYNoe.exe
  C:\Windows\System\mgeYNoe.exe
  2⤵
  PID:3432
- C:\Windows\System\MKYlYvC.exe
  C:\Windows\System\MKYlYvC.exe
  2⤵
  PID:3408
- C:\Windows\System\ZWQnUpi.exe
  C:\Windows\System\ZWQnUpi.exe
  2⤵
  PID:3488
- C:\Windows\System\vWCwbrM.exe
  C:\Windows\System\vWCwbrM.exe
  2⤵
  PID:3504
- C:\Windows\System\SgpQxVn.exe
  C:\Windows\System\SgpQxVn.exe
  2⤵
  PID:3532
- C:\Windows\System\mWJdkcm.exe
  C:\Windows\System\mWJdkcm.exe
  2⤵
  PID:3644
- C:\Windows\System\PdeDpyD.exe
  C:\Windows\System\PdeDpyD.exe
  2⤵
  PID:3692
- C:\Windows\System\VhiZmXD.exe
  C:\Windows\System\VhiZmXD.exe
  2⤵
  PID:3768
- C:\Windows\System\JVQLsHe.exe
  C:\Windows\System\JVQLsHe.exe
  2⤵
  PID:3872
- C:\Windows\System\usPDgnN.exe
  C:\Windows\System\usPDgnN.exe
  2⤵
  PID:3828
- C:\Windows\System\SvuGkPw.exe
  C:\Windows\System\SvuGkPw.exe
  2⤵
  PID:3912
- C:\Windows\System\oZosMOP.exe
  C:\Windows\System\oZosMOP.exe
  2⤵
  PID:3968
- C:\Windows\System\wHIWREj.exe
  C:\Windows\System\wHIWREj.exe
  2⤵
  PID:4068
- C:\Windows\System\ApviYFW.exe
  C:\Windows\System\ApviYFW.exe
  2⤵
  PID:1500
- C:\Windows\System\lsCitQg.exe
  C:\Windows\System\lsCitQg.exe
  2⤵
  PID:1280
- C:\Windows\System\ZSKjTYM.exe
  C:\Windows\System\ZSKjTYM.exe
  2⤵
  PID:940
- C:\Windows\System\SFqxzXc.exe
  C:\Windows\System\SFqxzXc.exe
  2⤵
  PID:2232
- C:\Windows\System\gYENhNs.exe
  C:\Windows\System\gYENhNs.exe
  2⤵
  PID:2412
- C:\Windows\System\aivoMwC.exe
  C:\Windows\System\aivoMwC.exe
  2⤵
  PID:3192
- C:\Windows\System\XvISiDA.exe
  C:\Windows\System\XvISiDA.exe
  2⤵
  PID:3312
- C:\Windows\System\hCnMwjf.exe
  C:\Windows\System\hCnMwjf.exe
  2⤵
  PID:2688
- C:\Windows\System\iEDzAio.exe
  C:\Windows\System\iEDzAio.exe
  2⤵
  PID:3364
- C:\Windows\System\XoybTaI.exe
  C:\Windows\System\XoybTaI.exe
  2⤵
  PID:3472
- C:\Windows\System\qgzMOPE.exe
  C:\Windows\System\qgzMOPE.exe
  2⤵
  PID:3056
- C:\Windows\System\jEtgsOo.exe
  C:\Windows\System\jEtgsOo.exe
  2⤵
  PID:3564
- C:\Windows\System\VbQfdMj.exe
  C:\Windows\System\VbQfdMj.exe
  2⤵
  PID:3788
- C:\Windows\System\fRGrsjs.exe
  C:\Windows\System\fRGrsjs.exe
  2⤵
  PID:3784
- C:\Windows\System\BPgEZsj.exe
  C:\Windows\System\BPgEZsj.exe
  2⤵
  PID:3992
- C:\Windows\System\PGHJxAB.exe
  C:\Windows\System\PGHJxAB.exe
  2⤵
  PID:4084
- C:\Windows\System\YHjZKUo.exe
  C:\Windows\System\YHjZKUo.exe
  2⤵
  PID:1668
- C:\Windows\System\OfehWcD.exe
  C:\Windows\System\OfehWcD.exe
  2⤵
  PID:3032
- C:\Windows\System\YODKYlY.exe
  C:\Windows\System\YODKYlY.exe
  2⤵
  PID:1048
- C:\Windows\System\iVOhCgv.exe
  C:\Windows\System\iVOhCgv.exe
  2⤵
  PID:3304
- C:\Windows\System\KjVPWdX.exe
  C:\Windows\System\KjVPWdX.exe
  2⤵
  PID:4104
- C:\Windows\System\PrwJNUg.exe
  C:\Windows\System\PrwJNUg.exe
  2⤵
  PID:4124
- C:\Windows\System\MBWFXfh.exe
  C:\Windows\System\MBWFXfh.exe
  2⤵
  PID:4144
- C:\Windows\System\PMdqSOW.exe
  C:\Windows\System\PMdqSOW.exe
  2⤵
  PID:4164
- C:\Windows\System\QqvBjVW.exe
  C:\Windows\System\QqvBjVW.exe
  2⤵
  PID:4184
- C:\Windows\System\KJiBiJw.exe
  C:\Windows\System\KJiBiJw.exe
  2⤵
  PID:4204
- C:\Windows\System\EeIwCxB.exe
  C:\Windows\System\EeIwCxB.exe
  2⤵
  PID:4224
- C:\Windows\System\iHfHhNK.exe
  C:\Windows\System\iHfHhNK.exe
  2⤵
  PID:4244
- C:\Windows\System\WuKUPOF.exe
  C:\Windows\System\WuKUPOF.exe
  2⤵
  PID:4264
- C:\Windows\System\tNaElAY.exe
  C:\Windows\System\tNaElAY.exe
  2⤵
  PID:4284
- C:\Windows\System\ZssObkX.exe
  C:\Windows\System\ZssObkX.exe
  2⤵
  PID:4304
- C:\Windows\System\FfjIBum.exe
  C:\Windows\System\FfjIBum.exe
  2⤵
  PID:4324
- C:\Windows\System\xTUDwtw.exe
  C:\Windows\System\xTUDwtw.exe
  2⤵
  PID:4348
- C:\Windows\System\QDsEuxM.exe
  C:\Windows\System\QDsEuxM.exe
  2⤵
  PID:4368
- C:\Windows\System\gzpLYdP.exe
  C:\Windows\System\gzpLYdP.exe
  2⤵
  PID:4388
- C:\Windows\System\pecGBlm.exe
  C:\Windows\System\pecGBlm.exe
  2⤵
  PID:4408
- C:\Windows\System\CqoGWwm.exe
  C:\Windows\System\CqoGWwm.exe
  2⤵
  PID:4428
- C:\Windows\System\XTpTlKk.exe
  C:\Windows\System\XTpTlKk.exe
  2⤵
  PID:4448
- C:\Windows\System\muwFlHH.exe
  C:\Windows\System\muwFlHH.exe
  2⤵
  PID:4468
- C:\Windows\System\YzBzHha.exe
  C:\Windows\System\YzBzHha.exe
  2⤵
  PID:4488
- C:\Windows\System\wZgOADd.exe
  C:\Windows\System\wZgOADd.exe
  2⤵
  PID:4508
- C:\Windows\System\pjyczqD.exe
  C:\Windows\System\pjyczqD.exe
  2⤵
  PID:4528
- C:\Windows\System\hmAoDjn.exe
  C:\Windows\System\hmAoDjn.exe
  2⤵
  PID:4548
- C:\Windows\System\BprXiud.exe
  C:\Windows\System\BprXiud.exe
  2⤵
  PID:4568
- C:\Windows\System\gJfAEdV.exe
  C:\Windows\System\gJfAEdV.exe
  2⤵
  PID:4588
- C:\Windows\System\CiDjdvc.exe
  C:\Windows\System\CiDjdvc.exe
  2⤵
  PID:4608
- C:\Windows\System\MYUevTN.exe
  C:\Windows\System\MYUevTN.exe
  2⤵
  PID:4628
- C:\Windows\System\CBoyQjY.exe
  C:\Windows\System\CBoyQjY.exe
  2⤵
  PID:4648
- C:\Windows\System\tWSrGtC.exe
  C:\Windows\System\tWSrGtC.exe
  2⤵
  PID:4668
- C:\Windows\System\MApuqDj.exe
  C:\Windows\System\MApuqDj.exe
  2⤵
  PID:4688
- C:\Windows\System\sizTeNm.exe
  C:\Windows\System\sizTeNm.exe
  2⤵
  PID:4708
- C:\Windows\System\YxJPfIv.exe
  C:\Windows\System\YxJPfIv.exe
  2⤵
  PID:4728
- C:\Windows\System\ZIOoAyk.exe
  C:\Windows\System\ZIOoAyk.exe
  2⤵
  PID:4748
- C:\Windows\System\JvAlzsj.exe
  C:\Windows\System\JvAlzsj.exe
  2⤵
  PID:4768
- C:\Windows\System\KrhHxdy.exe
  C:\Windows\System\KrhHxdy.exe
  2⤵
  PID:4788
- C:\Windows\System\kQAfXbt.exe
  C:\Windows\System\kQAfXbt.exe
  2⤵
  PID:4808
- C:\Windows\System\sdowFKN.exe
  C:\Windows\System\sdowFKN.exe
  2⤵
  PID:4828
- C:\Windows\System\hCqTvfd.exe
  C:\Windows\System\hCqTvfd.exe
  2⤵
  PID:4848
- C:\Windows\System\eaILCQY.exe
  C:\Windows\System\eaILCQY.exe
  2⤵
  PID:4868
- C:\Windows\System\NOwPcKf.exe
  C:\Windows\System\NOwPcKf.exe
  2⤵
  PID:4888
- C:\Windows\System\bQJMwop.exe
  C:\Windows\System\bQJMwop.exe
  2⤵
  PID:4908
- C:\Windows\System\ZtCTLjK.exe
  C:\Windows\System\ZtCTLjK.exe
  2⤵
  PID:4928
- C:\Windows\System\CdSfOSG.exe
  C:\Windows\System\CdSfOSG.exe
  2⤵
  PID:4948
- C:\Windows\System\JfUsdmr.exe
  C:\Windows\System\JfUsdmr.exe
  2⤵
  PID:4968
- C:\Windows\System\WkOCZPf.exe
  C:\Windows\System\WkOCZPf.exe
  2⤵
  PID:4988
- C:\Windows\System\dXGWdZc.exe
  C:\Windows\System\dXGWdZc.exe
  2⤵
  PID:5008
- C:\Windows\System\telPHug.exe
  C:\Windows\System\telPHug.exe
  2⤵
  PID:5028
- C:\Windows\System\ifHgYWE.exe
  C:\Windows\System\ifHgYWE.exe
  2⤵
  PID:5048
- C:\Windows\System\OHlAfoK.exe
  C:\Windows\System\OHlAfoK.exe
  2⤵
  PID:5068
- C:\Windows\System\XWcIdxU.exe
  C:\Windows\System\XWcIdxU.exe
  2⤵
  PID:5088
- C:\Windows\System\wyGYYBt.exe
  C:\Windows\System\wyGYYBt.exe
  2⤵
  PID:5108
- C:\Windows\System\yLowFYI.exe
  C:\Windows\System\yLowFYI.exe
  2⤵
  PID:3232
- C:\Windows\System\kFGjGqk.exe
  C:\Windows\System\kFGjGqk.exe
  2⤵
  PID:3448
- C:\Windows\System\NzbWqTj.exe
  C:\Windows\System\NzbWqTj.exe
  2⤵
  PID:3704
- C:\Windows\System\AEWXFkH.exe
  C:\Windows\System\AEWXFkH.exe
  2⤵
  PID:3732
- C:\Windows\System\oEJyyvW.exe
  C:\Windows\System\oEJyyvW.exe
  2⤵
  PID:3900
- C:\Windows\System\vKIIzVx.exe
  C:\Windows\System\vKIIzVx.exe
  2⤵
  PID:4004
- C:\Windows\System\RgjPWag.exe
  C:\Windows\System\RgjPWag.exe
  2⤵
  PID:1736
- C:\Windows\System\VMISeTU.exe
  C:\Windows\System\VMISeTU.exe
  2⤵
  PID:3132
- C:\Windows\System\eJcLAKT.exe
  C:\Windows\System\eJcLAKT.exe
  2⤵
  PID:4120
- C:\Windows\System\cibstJe.exe
  C:\Windows\System\cibstJe.exe
  2⤵
  PID:4180
- C:\Windows\System\QQHedTN.exe
  C:\Windows\System\QQHedTN.exe
  2⤵
  PID:4212
- C:\Windows\System\FLiOtHA.exe
  C:\Windows\System\FLiOtHA.exe
  2⤵
  PID:4192
- C:\Windows\System\vCaBMML.exe
  C:\Windows\System\vCaBMML.exe
  2⤵
  PID:4260
- C:\Windows\System\rNZzPGU.exe
  C:\Windows\System\rNZzPGU.exe
  2⤵
  PID:4292
- C:\Windows\System\opouOlN.exe
  C:\Windows\System\opouOlN.exe
  2⤵
  PID:4316
- C:\Windows\System\sYMSQjv.exe
  C:\Windows\System\sYMSQjv.exe
  2⤵
  PID:2492
- C:\Windows\System\ttaSwmY.exe
  C:\Windows\System\ttaSwmY.exe
  2⤵
  PID:2860
- C:\Windows\System\hgPQHor.exe
  C:\Windows\System\hgPQHor.exe
  2⤵
  PID:4396
- C:\Windows\System\UAQuJAC.exe
  C:\Windows\System\UAQuJAC.exe
  2⤵
  PID:4444
- C:\Windows\System\bOqdZdP.exe
  C:\Windows\System\bOqdZdP.exe
  2⤵
  PID:4476
- C:\Windows\System\mFeGnzn.exe
  C:\Windows\System\mFeGnzn.exe
  2⤵
  PID:4500
- C:\Windows\System\kcZEqSv.exe
  C:\Windows\System\kcZEqSv.exe
  2⤵
  PID:4524
- C:\Windows\System\TGTtbwR.exe
  C:\Windows\System\TGTtbwR.exe
  2⤵
  PID:4584
- C:\Windows\System\WofxUdI.exe
  C:\Windows\System\WofxUdI.exe
  2⤵
  PID:4616
- C:\Windows\System\IrGxJPo.exe
  C:\Windows\System\IrGxJPo.exe
  2⤵
  PID:2900
- C:\Windows\System\rveqTZJ.exe
  C:\Windows\System\rveqTZJ.exe
  2⤵
  PID:4644
- C:\Windows\System\yRUIWei.exe
  C:\Windows\System\yRUIWei.exe
  2⤵
  PID:4704
- C:\Windows\System\cXWIgMD.exe
  C:\Windows\System\cXWIgMD.exe
  2⤵
  PID:4740
- C:\Windows\System\VzWMCVQ.exe
  C:\Windows\System\VzWMCVQ.exe
  2⤵
  PID:4756
- C:\Windows\System\AikaVkA.exe
  C:\Windows\System\AikaVkA.exe
  2⤵
  PID:4780
- C:\Windows\System\NlNxoiG.exe
  C:\Windows\System\NlNxoiG.exe
  2⤵
  PID:4820
- C:\Windows\System\ZfhONPF.exe
  C:\Windows\System\ZfhONPF.exe
  2⤵
  PID:4836
- C:\Windows\System\BcoNlry.exe
  C:\Windows\System\BcoNlry.exe
  2⤵
  PID:4904
- C:\Windows\System\iVImybL.exe
  C:\Windows\System\iVImybL.exe
  2⤵
  PID:4944
- C:\Windows\System\QmIlEFx.exe
  C:\Windows\System\QmIlEFx.exe
  2⤵
  PID:4976
- C:\Windows\System\lEIiAwf.exe
  C:\Windows\System\lEIiAwf.exe
  2⤵
  PID:4960
- C:\Windows\System\HivvGSI.exe
  C:\Windows\System\HivvGSI.exe
  2⤵
  PID:5020
- C:\Windows\System\EGnxxOY.exe
  C:\Windows\System\EGnxxOY.exe
  2⤵
  PID:5060
- C:\Windows\System\vUqnGeH.exe
  C:\Windows\System\vUqnGeH.exe
  2⤵
  PID:5084
- C:\Windows\System\vsgYrOk.exe
  C:\Windows\System\vsgYrOk.exe
  2⤵
  PID:2896
- C:\Windows\System\HHIsFpz.exe
  C:\Windows\System\HHIsFpz.exe
  2⤵
  PID:3572
- C:\Windows\System\tihDvMJ.exe
  C:\Windows\System\tihDvMJ.exe
  2⤵
  PID:3672
- C:\Windows\System\bYeWcxu.exe
  C:\Windows\System\bYeWcxu.exe
  2⤵
  PID:3964
- C:\Windows\System\ZUpnAMa.exe
  C:\Windows\System\ZUpnAMa.exe
  2⤵
  PID:2776
- C:\Windows\System\gpCbJBO.exe
  C:\Windows\System\gpCbJBO.exe
  2⤵
  PID:4132
- C:\Windows\System\NGcRTwk.exe
  C:\Windows\System\NGcRTwk.exe
  2⤵
  PID:4156
- C:\Windows\System\bWrTaQE.exe
  C:\Windows\System\bWrTaQE.exe
  2⤵
  PID:4240
- C:\Windows\System\yTLmjPw.exe
  C:\Windows\System\yTLmjPw.exe
  2⤵
  PID:4276
- C:\Windows\System\KugvqxO.exe
  C:\Windows\System\KugvqxO.exe
  2⤵
  PID:4320
- C:\Windows\System\UOZEJKs.exe
  C:\Windows\System\UOZEJKs.exe
  2⤵
  PID:4416
- C:\Windows\System\mpedjLG.exe
  C:\Windows\System\mpedjLG.exe
  2⤵
  PID:2760
- C:\Windows\System\XtCAIkw.exe
  C:\Windows\System\XtCAIkw.exe
  2⤵
  PID:4420
- C:\Windows\System\yhuIcqR.exe
  C:\Windows\System\yhuIcqR.exe
  2⤵
  PID:4544
- C:\Windows\System\OSYjpPF.exe
  C:\Windows\System\OSYjpPF.exe
  2⤵
  PID:4564
- C:\Windows\System\KDIUZoV.exe
  C:\Windows\System\KDIUZoV.exe
  2⤵
  PID:4664
- C:\Windows\System\xBibLDd.exe
  C:\Windows\System\xBibLDd.exe
  2⤵
  PID:4680
- C:\Windows\System\txzzovn.exe
  C:\Windows\System\txzzovn.exe
  2⤵
  PID:4776
- C:\Windows\System\tBHDWiM.exe
  C:\Windows\System\tBHDWiM.exe
  2⤵
  PID:2484
- C:\Windows\System\MMWADaQ.exe
  C:\Windows\System\MMWADaQ.exe
  2⤵
  PID:4860
- C:\Windows\System\NTdJYnv.exe
  C:\Windows\System\NTdJYnv.exe
  2⤵
  PID:4840
- C:\Windows\System\tDeLRKc.exe
  C:\Windows\System\tDeLRKc.exe
  2⤵
  PID:4920
- C:\Windows\System\vnAleqX.exe
  C:\Windows\System\vnAleqX.exe
  2⤵
  PID:4996
- C:\Windows\System\qRUJGLy.exe
  C:\Windows\System\qRUJGLy.exe
  2⤵
  PID:5064
- C:\Windows\System\oYvbakL.exe
  C:\Windows\System\oYvbakL.exe
  2⤵
  PID:3512
- C:\Windows\System\qcWmcfT.exe
  C:\Windows\System\qcWmcfT.exe
  2⤵
  PID:3308
- C:\Windows\System\EtLbPaj.exe
  C:\Windows\System\EtLbPaj.exe
  2⤵
  PID:2552
- C:\Windows\System\cMzEwvt.exe
  C:\Windows\System\cMzEwvt.exe
  2⤵
  PID:3144
- C:\Windows\System\XNiYVss.exe
  C:\Windows\System\XNiYVss.exe
  2⤵
  PID:4280
- C:\Windows\System\ncslQpt.exe
  C:\Windows\System\ncslQpt.exe
  2⤵
  PID:4200
- C:\Windows\System\ZtwrbdO.exe
  C:\Windows\System\ZtwrbdO.exe
  2⤵
  PID:4364
- C:\Windows\System\YWbvvOd.exe
  C:\Windows\System\YWbvvOd.exe
  2⤵
  PID:4464
- C:\Windows\System\mMyQGst.exe
  C:\Windows\System\mMyQGst.exe
  2⤵
  PID:4496
- C:\Windows\System\tqBQJAE.exe
  C:\Windows\System\tqBQJAE.exe
  2⤵
  PID:4540
- C:\Windows\System\dfxybeN.exe
  C:\Windows\System\dfxybeN.exe
  2⤵
  PID:4660
- C:\Windows\System\abkVasC.exe
  C:\Windows\System\abkVasC.exe
  2⤵
  PID:4760
- C:\Windows\System\BVCPUoo.exe
  C:\Windows\System\BVCPUoo.exe
  2⤵
  PID:4804
- C:\Windows\System\BlgJWic.exe
  C:\Windows\System\BlgJWic.exe
  2⤵
  PID:4876
- C:\Windows\System\EAKGKZk.exe
  C:\Windows\System\EAKGKZk.exe
  2⤵
  PID:3344
- C:\Windows\System\uKySeon.exe
  C:\Windows\System\uKySeon.exe
  2⤵
  PID:5056
- C:\Windows\System\FFJvzlu.exe
  C:\Windows\System\FFJvzlu.exe
  2⤵
  PID:5136
- C:\Windows\System\vcgYIqI.exe
  C:\Windows\System\vcgYIqI.exe
  2⤵
  PID:5156
- C:\Windows\System\TaajvEN.exe
  C:\Windows\System\TaajvEN.exe
  2⤵
  PID:5176
- C:\Windows\System\FnTpGKq.exe
  C:\Windows\System\FnTpGKq.exe
  2⤵
  PID:5196
- C:\Windows\System\NbZwegQ.exe
  C:\Windows\System\NbZwegQ.exe
  2⤵
  PID:5216
- C:\Windows\System\IvEswdd.exe
  C:\Windows\System\IvEswdd.exe
  2⤵
  PID:5236
- C:\Windows\System\eQkWilv.exe
  C:\Windows\System\eQkWilv.exe
  2⤵
  PID:5256
- C:\Windows\System\DHSixGa.exe
  C:\Windows\System\DHSixGa.exe
  2⤵
  PID:5276
- C:\Windows\System\oPpglWK.exe
  C:\Windows\System\oPpglWK.exe
  2⤵
  PID:5296
- C:\Windows\System\eTfYSsA.exe
  C:\Windows\System\eTfYSsA.exe
  2⤵
  PID:5316
- C:\Windows\System\oardVPb.exe
  C:\Windows\System\oardVPb.exe
  2⤵
  PID:5336
- C:\Windows\System\kINRPuG.exe
  C:\Windows\System\kINRPuG.exe
  2⤵
  PID:5356
- C:\Windows\System\fZkDivp.exe
  C:\Windows\System\fZkDivp.exe
  2⤵
  PID:5376
- C:\Windows\System\ysabLCG.exe
  C:\Windows\System\ysabLCG.exe
  2⤵
  PID:5396
- C:\Windows\System\ZqlcNEI.exe
  C:\Windows\System\ZqlcNEI.exe
  2⤵
  PID:5416
- C:\Windows\System\FmcDGbN.exe
  C:\Windows\System\FmcDGbN.exe
  2⤵
  PID:5436
- C:\Windows\System\NiNvJhT.exe
  C:\Windows\System\NiNvJhT.exe
  2⤵
  PID:5456
- C:\Windows\System\iOcclAl.exe
  C:\Windows\System\iOcclAl.exe
  2⤵
  PID:5476
- C:\Windows\System\lRfvPct.exe
  C:\Windows\System\lRfvPct.exe
  2⤵
  PID:5496
- C:\Windows\System\iTffGqK.exe
  C:\Windows\System\iTffGqK.exe
  2⤵
  PID:5512
- C:\Windows\System\qvMaLke.exe
  C:\Windows\System\qvMaLke.exe
  2⤵
  PID:5536
- C:\Windows\System\XoVsCeH.exe
  C:\Windows\System\XoVsCeH.exe
  2⤵
  PID:5556
- C:\Windows\System\cwzLAau.exe
  C:\Windows\System\cwzLAau.exe
  2⤵
  PID:5576
- C:\Windows\System\dGbzHPe.exe
  C:\Windows\System\dGbzHPe.exe
  2⤵
  PID:5596
- C:\Windows\System\HsgmDTQ.exe
  C:\Windows\System\HsgmDTQ.exe
  2⤵
  PID:5616
- C:\Windows\System\rCCbpOF.exe
  C:\Windows\System\rCCbpOF.exe
  2⤵
  PID:5636
- C:\Windows\System\bRmYPTQ.exe
  C:\Windows\System\bRmYPTQ.exe
  2⤵
  PID:5656
- C:\Windows\System\PlMsPOY.exe
  C:\Windows\System\PlMsPOY.exe
  2⤵
  PID:5672
- C:\Windows\System\OfTBrHB.exe
  C:\Windows\System\OfTBrHB.exe
  2⤵
  PID:5696
- C:\Windows\System\KsOTPzt.exe
  C:\Windows\System\KsOTPzt.exe
  2⤵
  PID:5716
- C:\Windows\System\GWXpuJf.exe
  C:\Windows\System\GWXpuJf.exe
  2⤵
  PID:5736
- C:\Windows\System\BlxmMFm.exe
  C:\Windows\System\BlxmMFm.exe
  2⤵
  PID:5756
- C:\Windows\System\MGQpdvj.exe
  C:\Windows\System\MGQpdvj.exe
  2⤵
  PID:5776
- C:\Windows\System\kaIuzpt.exe
  C:\Windows\System\kaIuzpt.exe
  2⤵
  PID:5796
- C:\Windows\System\lPmnxCx.exe
  C:\Windows\System\lPmnxCx.exe
  2⤵
  PID:5816
- C:\Windows\System\jKHdtHC.exe
  C:\Windows\System\jKHdtHC.exe
  2⤵
  PID:5836
- C:\Windows\System\nMiKram.exe
  C:\Windows\System\nMiKram.exe
  2⤵
  PID:5856
- C:\Windows\System\NcHsgbr.exe
  C:\Windows\System\NcHsgbr.exe
  2⤵
  PID:5876
- C:\Windows\System\msEMwGG.exe
  C:\Windows\System\msEMwGG.exe
  2⤵
  PID:5896
- C:\Windows\System\BjFiDCc.exe
  C:\Windows\System\BjFiDCc.exe
  2⤵
  PID:5916
- C:\Windows\System\GXJSgWF.exe
  C:\Windows\System\GXJSgWF.exe
  2⤵
  PID:5936
- C:\Windows\System\mMUJfHR.exe
  C:\Windows\System\mMUJfHR.exe
  2⤵
  PID:5956
- C:\Windows\System\HCTIaua.exe
  C:\Windows\System\HCTIaua.exe
  2⤵
  PID:5976
- C:\Windows\System\kdHVXiB.exe
  C:\Windows\System\kdHVXiB.exe
  2⤵
  PID:5996
- C:\Windows\System\IxVdzQc.exe
  C:\Windows\System\IxVdzQc.exe
  2⤵
  PID:6016
- C:\Windows\System\wPTmiYB.exe
  C:\Windows\System\wPTmiYB.exe
  2⤵
  PID:6036
- C:\Windows\System\UQLczzD.exe
  C:\Windows\System\UQLczzD.exe
  2⤵
  PID:6056
- C:\Windows\System\mzGpKel.exe
  C:\Windows\System\mzGpKel.exe
  2⤵
  PID:6076
- C:\Windows\System\dhyKTwd.exe
  C:\Windows\System\dhyKTwd.exe
  2⤵
  PID:6096
- C:\Windows\System\nykOEGp.exe
  C:\Windows\System\nykOEGp.exe
  2⤵
  PID:6116
- C:\Windows\System\ydjQkAE.exe
  C:\Windows\System\ydjQkAE.exe
  2⤵
  PID:6136
- C:\Windows\System\ihhnOmt.exe
  C:\Windows\System\ihhnOmt.exe
  2⤵
  PID:3712
- C:\Windows\System\NfOrmgk.exe
  C:\Windows\System\NfOrmgk.exe
  2⤵
  PID:4136
- C:\Windows\System\jymYBlp.exe
  C:\Windows\System\jymYBlp.exe
  2⤵
  PID:4336
- C:\Windows\System\GVFVBxO.exe
  C:\Windows\System\GVFVBxO.exe
  2⤵
  PID:4456
- C:\Windows\System\JPqfrIa.exe
  C:\Windows\System\JPqfrIa.exe
  2⤵
  PID:4604
- C:\Windows\System\VoHipRQ.exe
  C:\Windows\System\VoHipRQ.exe
  2⤵
  PID:4696
- C:\Windows\System\PznCXss.exe
  C:\Windows\System\PznCXss.exe
  2⤵
  PID:4720
- C:\Windows\System\nMtlpAU.exe
  C:\Windows\System\nMtlpAU.exe
  2⤵
  PID:4916
- C:\Windows\System\rjuOwRl.exe
  C:\Windows\System\rjuOwRl.exe
  2⤵
  PID:5040
- C:\Windows\System\yRmCAsK.exe
  C:\Windows\System\yRmCAsK.exe
  2⤵
  PID:5172
- C:\Windows\System\RcONYxB.exe
  C:\Windows\System\RcONYxB.exe
  2⤵
  PID:5152
- C:\Windows\System\oVzqbIy.exe
  C:\Windows\System\oVzqbIy.exe
  2⤵
  PID:5188
- C:\Windows\System\mGfyGwh.exe
  C:\Windows\System\mGfyGwh.exe
  2⤵
  PID:5248
- C:\Windows\System\LelYjPR.exe
  C:\Windows\System\LelYjPR.exe
  2⤵
  PID:5264
- C:\Windows\System\sUHsisG.exe
  C:\Windows\System\sUHsisG.exe
  2⤵
  PID:5324
- C:\Windows\System\TiYjTRz.exe
  C:\Windows\System\TiYjTRz.exe
  2⤵
  PID:5312
- C:\Windows\System\qIHasfJ.exe
  C:\Windows\System\qIHasfJ.exe
  2⤵
  PID:5352
- C:\Windows\System\ApRKMav.exe
  C:\Windows\System\ApRKMav.exe
  2⤵
  PID:5388
- C:\Windows\System\ojwXONj.exe
  C:\Windows\System\ojwXONj.exe
  2⤵
  PID:5432
- C:\Windows\System\PRQmIPW.exe
  C:\Windows\System\PRQmIPW.exe
  2⤵
  PID:5468
- C:\Windows\System\wXIvnBv.exe
  C:\Windows\System\wXIvnBv.exe
  2⤵
  PID:5520
- C:\Windows\System\PZtLGdU.exe
  C:\Windows\System\PZtLGdU.exe
  2⤵
  PID:5524
- C:\Windows\System\wpLJgTc.exe
  C:\Windows\System\wpLJgTc.exe
  2⤵
  PID:5552
- C:\Windows\System\uBOHXiy.exe
  C:\Windows\System\uBOHXiy.exe
  2⤵
  PID:5588
- C:\Windows\System\RImltSB.exe
  C:\Windows\System\RImltSB.exe
  2⤵
  PID:5652
- C:\Windows\System\bozAadd.exe
  C:\Windows\System\bozAadd.exe
  2⤵
  PID:5680
- C:\Windows\System\QflKHwa.exe
  C:\Windows\System\QflKHwa.exe
  2⤵
  PID:2880
- C:\Windows\System\eYOgbOn.exe
  C:\Windows\System\eYOgbOn.exe
  2⤵
  PID:760
- C:\Windows\System\SWeqMVQ.exe
  C:\Windows\System\SWeqMVQ.exe
  2⤵
  PID:5704
- C:\Windows\System\jVQokfZ.exe
  C:\Windows\System\jVQokfZ.exe
  2⤵
  PID:1164
- C:\Windows\System\ypZJacv.exe
  C:\Windows\System\ypZJacv.exe
  2⤵
  PID:5812
- C:\Windows\System\VYwfLjg.exe
  C:\Windows\System\VYwfLjg.exe
  2⤵
  PID:2080
- C:\Windows\System\otfsJHm.exe
  C:\Windows\System\otfsJHm.exe
  2⤵
  PID:5848
- C:\Windows\System\qEZYDzb.exe
  C:\Windows\System\qEZYDzb.exe
  2⤵
  PID:5868
- C:\Windows\System\woGAloe.exe
  C:\Windows\System\woGAloe.exe
  2⤵
  PID:5932
- C:\Windows\System\zDlMtaX.exe
  C:\Windows\System\zDlMtaX.exe
  2⤵
  PID:484
- C:\Windows\System\oqLHMly.exe
  C:\Windows\System\oqLHMly.exe
  2⤵
  PID:5964
- C:\Windows\System\ZbOFyVY.exe
  C:\Windows\System\ZbOFyVY.exe
  2⤵
  PID:2544
- C:\Windows\System\zhoxGGi.exe
  C:\Windows\System\zhoxGGi.exe
  2⤵
  PID:6012
- C:\Windows\System\OHKljMD.exe
  C:\Windows\System\OHKljMD.exe
  2⤵
  PID:6044
- C:\Windows\System\WXrowSV.exe
  C:\Windows\System\WXrowSV.exe
  2⤵
  PID:852
- C:\Windows\System\KXhaQUK.exe
  C:\Windows\System\KXhaQUK.exe
  2⤵
  PID:6072
- C:\Windows\System\hmAvkvo.exe
  C:\Windows\System\hmAvkvo.exe
  2⤵
  PID:6124
- C:\Windows\System\JjDTsGM.exe
  C:\Windows\System\JjDTsGM.exe
  2⤵
  PID:3172
- C:\Windows\System\KLJEWDB.exe
  C:\Windows\System\KLJEWDB.exe
  2⤵
  PID:2788
- C:\Windows\System\XxvEaUz.exe
  C:\Windows\System\XxvEaUz.exe
  2⤵
  PID:4340
- C:\Windows\System\VOBnZdD.exe
  C:\Windows\System\VOBnZdD.exe
  2⤵
  PID:4424
- C:\Windows\System\kLhftEe.exe
  C:\Windows\System\kLhftEe.exe
  2⤵
  PID:4880
- C:\Windows\System\EbJHgds.exe
  C:\Windows\System\EbJHgds.exe
  2⤵
  PID:5164
- C:\Windows\System\HReDAgz.exe
  C:\Windows\System\HReDAgz.exe
  2⤵
  PID:5212
- C:\Windows\System\KOHRrxu.exe
  C:\Windows\System\KOHRrxu.exe
  2⤵
  PID:2996
- C:\Windows\System\FXtAdkb.exe
  C:\Windows\System\FXtAdkb.exe
  2⤵
  PID:5252
- C:\Windows\System\disvgRw.exe
  C:\Windows\System\disvgRw.exe
  2⤵
  PID:5364
- C:\Windows\System\otDZopC.exe
  C:\Windows\System\otDZopC.exe
  2⤵
  PID:5412
- C:\Windows\System\hwVtxGF.exe
  C:\Windows\System\hwVtxGF.exe
  2⤵
  PID:5452
- C:\Windows\System\VKZIlDF.exe
  C:\Windows\System\VKZIlDF.exe
  2⤵
  PID:5448
- C:\Windows\System\jIlYNpi.exe
  C:\Windows\System\jIlYNpi.exe
  2⤵
  PID:5492
- C:\Windows\System\HImLjDM.exe
  C:\Windows\System\HImLjDM.exe
  2⤵
  PID:5612
- C:\Windows\System\uHHZeif.exe
  C:\Windows\System\uHHZeif.exe
  2⤵
  PID:5584
- C:\Windows\System\NibVSPx.exe
  C:\Windows\System\NibVSPx.exe
  2⤵
  PID:5724
- C:\Windows\System\cdvidzt.exe
  C:\Windows\System\cdvidzt.exe
  2⤵
  PID:5764
- C:\Windows\System\IFDZYdg.exe
  C:\Windows\System\IFDZYdg.exe
  2⤵
  PID:5728
- C:\Windows\System\zyXVGHq.exe
  C:\Windows\System\zyXVGHq.exe
  2⤵
  PID:5792
- C:\Windows\System\pgaRFIl.exe
  C:\Windows\System\pgaRFIl.exe
  2⤵
  PID:5884
- C:\Windows\System\kkOhDoY.exe
  C:\Windows\System\kkOhDoY.exe
  2⤵
  PID:2936
- C:\Windows\System\zmzgBzS.exe
  C:\Windows\System\zmzgBzS.exe
  2⤵
  PID:5924
- C:\Windows\System\ZcuKKZV.exe
  C:\Windows\System\ZcuKKZV.exe
  2⤵
  PID:5944
- C:\Windows\System\LrWdMYA.exe
  C:\Windows\System\LrWdMYA.exe
  2⤵
  PID:6032
- C:\Windows\System\bbzXUKp.exe
  C:\Windows\System\bbzXUKp.exe
  2⤵
  PID:6092
- C:\Windows\System\OaOxFgO.exe
  C:\Windows\System\OaOxFgO.exe
  2⤵
  PID:6108
- C:\Windows\System\MNhzDgS.exe
  C:\Windows\System\MNhzDgS.exe
  2⤵
  PID:6128
- C:\Windows\System\UcQoLYs.exe
  C:\Windows\System\UcQoLYs.exe
  2⤵
  PID:4012
- C:\Windows\System\ATddclb.exe
  C:\Windows\System\ATddclb.exe
  2⤵
  PID:4380
- C:\Windows\System\CFbURES.exe
  C:\Windows\System\CFbURES.exe
  2⤵
  PID:5132
- C:\Windows\System\XiVFBVD.exe
  C:\Windows\System\XiVFBVD.exe
  2⤵
  PID:5284
- C:\Windows\System\zmpRtWP.exe
  C:\Windows\System\zmpRtWP.exe
  2⤵
  PID:5184
- C:\Windows\System\zufrmEQ.exe
  C:\Windows\System\zufrmEQ.exe
  2⤵
  PID:5328
- C:\Windows\System\TeoJWCZ.exe
  C:\Windows\System\TeoJWCZ.exe
  2⤵
  PID:5348
- C:\Windows\System\lcCWxxk.exe
  C:\Windows\System\lcCWxxk.exe
  2⤵
  PID:5572
- C:\Windows\System\hpIbTIn.exe
  C:\Windows\System\hpIbTIn.exe
  2⤵
  PID:5692
- C:\Windows\System\GijKgCi.exe
  C:\Windows\System\GijKgCi.exe
  2⤵
  PID:2456
- C:\Windows\System\dkJBTEl.exe
  C:\Windows\System\dkJBTEl.exe
  2⤵
  PID:5668
- C:\Windows\System\JaLqHuW.exe
  C:\Windows\System\JaLqHuW.exe
  2⤵
  PID:5752
- C:\Windows\System\gHdcQNM.exe
  C:\Windows\System\gHdcQNM.exe
  2⤵
  PID:5832
- C:\Windows\System\DWZdIQy.exe
  C:\Windows\System\DWZdIQy.exe
  2⤵
  PID:5952
- C:\Windows\System\AGAXetH.exe
  C:\Windows\System\AGAXetH.exe
  2⤵
  PID:1556
- C:\Windows\System\ivFQtWK.exe
  C:\Windows\System\ivFQtWK.exe
  2⤵
  PID:6084
- C:\Windows\System\huMuZll.exe
  C:\Windows\System\huMuZll.exe
  2⤵
  PID:4140
- C:\Windows\System\dFoWWUz.exe
  C:\Windows\System\dFoWWUz.exe
  2⤵
  PID:4724
- C:\Windows\System\aPyzTyU.exe
  C:\Windows\System\aPyzTyU.exe
  2⤵
  PID:4824
- C:\Windows\System\pSiJvba.exe
  C:\Windows\System\pSiJvba.exe
  2⤵
  PID:5204
- C:\Windows\System\yHkLrkw.exe
  C:\Windows\System\yHkLrkw.exe
  2⤵
  PID:2616
- C:\Windows\System\tpGlhkw.exe
  C:\Windows\System\tpGlhkw.exe
  2⤵
  PID:5504
- C:\Windows\System\HXRVbbB.exe
  C:\Windows\System\HXRVbbB.exe
  2⤵
  PID:5712
- C:\Windows\System\almFJTW.exe
  C:\Windows\System\almFJTW.exe
  2⤵
  PID:5844
- C:\Windows\System\LHcwwTL.exe
  C:\Windows\System\LHcwwTL.exe
  2⤵
  PID:5928
- C:\Windows\System\lIzrbuo.exe
  C:\Windows\System\lIzrbuo.exe
  2⤵
  PID:5984
- C:\Windows\System\RWCEZOb.exe
  C:\Windows\System\RWCEZOb.exe
  2⤵
  PID:2768
- C:\Windows\System\vXmVUPX.exe
  C:\Windows\System\vXmVUPX.exe
  2⤵
  PID:4964
- C:\Windows\System\SfnrvAj.exe
  C:\Windows\System\SfnrvAj.exe
  2⤵
  PID:5408
- C:\Windows\System\GuZwMwa.exe
  C:\Windows\System\GuZwMwa.exe
  2⤵
  PID:5444
- C:\Windows\System\URLjNkd.exe
  C:\Windows\System\URLjNkd.exe
  2⤵
  PID:5604
- C:\Windows\System\jWSMxSi.exe
  C:\Windows\System\jWSMxSi.exe
  2⤵
  PID:6160
- C:\Windows\System\XVoaOKj.exe
  C:\Windows\System\XVoaOKj.exe
  2⤵
  PID:6180
- C:\Windows\System\UrKTHmA.exe
  C:\Windows\System\UrKTHmA.exe
  2⤵
  PID:6200
- C:\Windows\System\GkFtbFm.exe
  C:\Windows\System\GkFtbFm.exe
  2⤵
  PID:6220
- C:\Windows\System\tANvpTA.exe
  C:\Windows\System\tANvpTA.exe
  2⤵
  PID:6236
- C:\Windows\System\hBHyLxw.exe
  C:\Windows\System\hBHyLxw.exe
  2⤵
  PID:6260
- C:\Windows\System\cvUnDDQ.exe
  C:\Windows\System\cvUnDDQ.exe
  2⤵
  PID:6280
- C:\Windows\System\QaMPDav.exe
  C:\Windows\System\QaMPDav.exe
  2⤵
  PID:6300
- C:\Windows\System\yTKiCwk.exe
  C:\Windows\System\yTKiCwk.exe
  2⤵
  PID:6320
- C:\Windows\System\ZGSfIbD.exe
  C:\Windows\System\ZGSfIbD.exe
  2⤵
  PID:6340
- C:\Windows\System\VFQHUfd.exe
  C:\Windows\System\VFQHUfd.exe
  2⤵
  PID:6360
- C:\Windows\System\aryJOBy.exe
  C:\Windows\System\aryJOBy.exe
  2⤵
  PID:6380
- C:\Windows\System\QTdatBZ.exe
  C:\Windows\System\QTdatBZ.exe
  2⤵
  PID:6400
- C:\Windows\System\swypIRS.exe
  C:\Windows\System\swypIRS.exe
  2⤵
  PID:6420
- C:\Windows\System\CJyFNKd.exe
  C:\Windows\System\CJyFNKd.exe
  2⤵
  PID:6456
- C:\Windows\System\UafRwRr.exe
  C:\Windows\System\UafRwRr.exe
  2⤵
  PID:6480
- C:\Windows\System\VyvLMMo.exe
  C:\Windows\System\VyvLMMo.exe
  2⤵
  PID:6496
- C:\Windows\System\edyNxtx.exe
  C:\Windows\System\edyNxtx.exe
  2⤵
  PID:6512
- C:\Windows\System\pIHFczA.exe
  C:\Windows\System\pIHFczA.exe
  2⤵
  PID:6540
- C:\Windows\System\ORnrluG.exe
  C:\Windows\System\ORnrluG.exe
  2⤵
  PID:6560
- C:\Windows\System\JBuQOCF.exe
  C:\Windows\System\JBuQOCF.exe
  2⤵
  PID:6576
- C:\Windows\System\yajtGSZ.exe
  C:\Windows\System\yajtGSZ.exe
  2⤵
  PID:6600
- C:\Windows\System\wOPLNlC.exe
  C:\Windows\System\wOPLNlC.exe
  2⤵
  PID:6616
- C:\Windows\System\gVkJVEf.exe
  C:\Windows\System\gVkJVEf.exe
  2⤵
  PID:6632
- C:\Windows\System\yGfNOsV.exe
  C:\Windows\System\yGfNOsV.exe
  2⤵
  PID:6652
- C:\Windows\System\SlfBVAr.exe
  C:\Windows\System\SlfBVAr.exe
  2⤵
  PID:6668
- C:\Windows\System\lfBplOp.exe
  C:\Windows\System\lfBplOp.exe
  2⤵
  PID:6688
- C:\Windows\System\ICVriUz.exe
  C:\Windows\System\ICVriUz.exe
  2⤵
  PID:6716
- C:\Windows\System\BRFdvXd.exe
  C:\Windows\System\BRFdvXd.exe
  2⤵
  PID:6732
- C:\Windows\System\kaJnpuJ.exe
  C:\Windows\System\kaJnpuJ.exe
  2⤵
  PID:6760
- C:\Windows\System\jOuQYKT.exe
  C:\Windows\System\jOuQYKT.exe
  2⤵
  PID:6776
- C:\Windows\System\ccsfMbG.exe
  C:\Windows\System\ccsfMbG.exe
  2⤵
  PID:6796
- C:\Windows\System\aZwdoHL.exe
  C:\Windows\System\aZwdoHL.exe
  2⤵
  PID:6812
- C:\Windows\System\GHqTYsl.exe
  C:\Windows\System\GHqTYsl.exe
  2⤵
  PID:6828
- C:\Windows\System\kClCBco.exe
  C:\Windows\System\kClCBco.exe
  2⤵
  PID:6852
- C:\Windows\System\pjFkxGV.exe
  C:\Windows\System\pjFkxGV.exe
  2⤵
  PID:6868
- C:\Windows\System\PrgteGl.exe
  C:\Windows\System\PrgteGl.exe
  2⤵
  PID:6892
- C:\Windows\System\jJAixfC.exe
  C:\Windows\System\jJAixfC.exe
  2⤵
  PID:6912
- C:\Windows\System\eQlwlWQ.exe
  C:\Windows\System\eQlwlWQ.exe
  2⤵
  PID:6932
- C:\Windows\System\RJZykbG.exe
  C:\Windows\System\RJZykbG.exe
  2⤵
  PID:6948
- C:\Windows\System\umKuGCM.exe
  C:\Windows\System\umKuGCM.exe
  2⤵
  PID:6964
- C:\Windows\System\QsPnuTf.exe
  C:\Windows\System\QsPnuTf.exe
  2⤵
  PID:7004
- C:\Windows\System\jtYbZSD.exe
  C:\Windows\System\jtYbZSD.exe
  2⤵
  PID:7020
- C:\Windows\System\bpCrRZO.exe
  C:\Windows\System\bpCrRZO.exe
  2⤵
  PID:7036
- C:\Windows\System\kFNdDvi.exe
  C:\Windows\System\kFNdDvi.exe
  2⤵
  PID:7052
- C:\Windows\System\kGSJJCV.exe
  C:\Windows\System\kGSJJCV.exe
  2⤵
  PID:7068
- C:\Windows\System\HsAqhxV.exe
  C:\Windows\System\HsAqhxV.exe
  2⤵
  PID:7084
- C:\Windows\System\TDKqWaT.exe
  C:\Windows\System\TDKqWaT.exe
  2⤵
  PID:7104
- C:\Windows\System\DHfBnDi.exe
  C:\Windows\System\DHfBnDi.exe
  2⤵
  PID:7120
- C:\Windows\System\rzEiquN.exe
  C:\Windows\System\rzEiquN.exe
  2⤵
  PID:7156
- C:\Windows\System\yTqKsqT.exe
  C:\Windows\System\yTqKsqT.exe
  2⤵
  PID:5864
- C:\Windows\System\ocOAKTC.exe
  C:\Windows\System\ocOAKTC.exe
  2⤵
  PID:5992
- C:\Windows\System\rMuVvru.exe
  C:\Windows\System\rMuVvru.exe
  2⤵
  PID:2988
- C:\Windows\System\LrLbodY.exe
  C:\Windows\System\LrLbodY.exe
  2⤵
  PID:5304
- C:\Windows\System\tvFXjZB.exe
  C:\Windows\System\tvFXjZB.exe
  2⤵
  PID:5664
- C:\Windows\System\YItbeEI.exe
  C:\Windows\System\YItbeEI.exe
  2⤵
  PID:5232
- C:\Windows\System\hSEHBlV.exe
  C:\Windows\System\hSEHBlV.exe
  2⤵
  PID:6172
- C:\Windows\System\TEjNTzL.exe
  C:\Windows\System\TEjNTzL.exe
  2⤵
  PID:6192
- C:\Windows\System\eYogiBh.exe
  C:\Windows\System\eYogiBh.exe
  2⤵
  PID:6228
- C:\Windows\System\AEsetzN.exe
  C:\Windows\System\AEsetzN.exe
  2⤵
  PID:6292
- C:\Windows\System\PSYaGAU.exe
  C:\Windows\System\PSYaGAU.exe
  2⤵
  PID:2716
- C:\Windows\System\MAtMapx.exe
  C:\Windows\System\MAtMapx.exe
  2⤵
  PID:6332
- C:\Windows\System\JpCAQwr.exe
  C:\Windows\System\JpCAQwr.exe
  2⤵
  PID:6348
- C:\Windows\System\dyCqkhr.exe
  C:\Windows\System\dyCqkhr.exe
  2⤵
  PID:6392
- C:\Windows\System\KAWKxwk.exe
  C:\Windows\System\KAWKxwk.exe
  2⤵
  PID:6428
- C:\Windows\System\yJivNmM.exe
  C:\Windows\System\yJivNmM.exe
  2⤵
  PID:3928
- C:\Windows\System\rrNzXgy.exe
  C:\Windows\System\rrNzXgy.exe
  2⤵
  PID:2624
- C:\Windows\System\VOgBTBw.exe
  C:\Windows\System\VOgBTBw.exe
  2⤵
  PID:1248
- C:\Windows\System\IwhXqxN.exe
  C:\Windows\System\IwhXqxN.exe
  2⤵
  PID:2180
- C:\Windows\System\cgcAjEH.exe
  C:\Windows\System\cgcAjEH.exe
  2⤵
  PID:648
- C:\Windows\System\EbGyczs.exe
  C:\Windows\System\EbGyczs.exe
  2⤵
  PID:1856
- C:\Windows\System\HflyrtF.exe
  C:\Windows\System\HflyrtF.exe
  2⤵
  PID:1648
- C:\Windows\System\aissvKv.exe
  C:\Windows\System\aissvKv.exe
  2⤵
  PID:1700
- C:\Windows\System\jYyTnTF.exe
  C:\Windows\System\jYyTnTF.exe
  2⤵
  PID:2536
- C:\Windows\System\xtLxDDM.exe
  C:\Windows\System\xtLxDDM.exe
  2⤵
  PID:1824
- C:\Windows\System\SaYGOlg.exe
  C:\Windows\System\SaYGOlg.exe
  2⤵
  PID:6436
- C:\Windows\System\YISrgRJ.exe
  C:\Windows\System\YISrgRJ.exe
  2⤵
  PID:6448
- C:\Windows\System\albMkac.exe
  C:\Windows\System\albMkac.exe
  2⤵
  PID:6492
- C:\Windows\System\aWzeiDO.exe
  C:\Windows\System\aWzeiDO.exe
  2⤵
  PID:6504
- C:\Windows\System\lpqAoTZ.exe
  C:\Windows\System\lpqAoTZ.exe
  2⤵
  PID:6548
- C:\Windows\System\koZcFla.exe
  C:\Windows\System\koZcFla.exe
  2⤵
  PID:6612
- C:\Windows\System\YIqPghB.exe
  C:\Windows\System\YIqPghB.exe
  2⤵
  PID:6640
- C:\Windows\System\bsufFRK.exe
  C:\Windows\System\bsufFRK.exe
  2⤵
  PID:6700
- C:\Windows\System\gCpFxwf.exe
  C:\Windows\System\gCpFxwf.exe
  2⤵
  PID:6676
- C:\Windows\System\Wqznavw.exe
  C:\Windows\System\Wqznavw.exe
  2⤵
  PID:6724
- C:\Windows\System\qaoqJAV.exe
  C:\Windows\System\qaoqJAV.exe
  2⤵
  PID:6756
- C:\Windows\System\RBxjzgz.exe
  C:\Windows\System\RBxjzgz.exe
  2⤵
  PID:6820
- C:\Windows\System\KvHAVDw.exe
  C:\Windows\System\KvHAVDw.exe
  2⤵
  PID:6772
- C:\Windows\System\monUbEn.exe
  C:\Windows\System\monUbEn.exe
  2⤵
  PID:6904
- C:\Windows\System\lSvWAVt.exe
  C:\Windows\System\lSvWAVt.exe
  2⤵
  PID:6944
- C:\Windows\System\SwkrFKS.exe
  C:\Windows\System\SwkrFKS.exe
  2⤵
  PID:6980
- C:\Windows\System\ZovJlFr.exe
  C:\Windows\System\ZovJlFr.exe
  2⤵
  PID:6924
- C:\Windows\System\OhCkbOW.exe
  C:\Windows\System\OhCkbOW.exe
  2⤵
  PID:6996
- C:\Windows\System\kqsTLzY.exe
  C:\Windows\System\kqsTLzY.exe
  2⤵
  PID:7096
- C:\Windows\System\dhtBTGz.exe
  C:\Windows\System\dhtBTGz.exe
  2⤵
  PID:7116
- C:\Windows\System\oYhGiQq.exe
  C:\Windows\System\oYhGiQq.exe
  2⤵
  PID:7016
- C:\Windows\System\LtICfNC.exe
  C:\Windows\System\LtICfNC.exe
  2⤵
  PID:7140
- C:\Windows\System\FBPuVum.exe
  C:\Windows\System\FBPuVum.exe
  2⤵
  PID:2852
- C:\Windows\System\QBtugSD.exe
  C:\Windows\System\QBtugSD.exe
  2⤵
  PID:5732
- C:\Windows\System\xOfeygP.exe
  C:\Windows\System\xOfeygP.exe
  2⤵
  PID:5872
- C:\Windows\System\cvRGmoI.exe
  C:\Windows\System\cvRGmoI.exe
  2⤵
  PID:6196
- C:\Windows\System\ZBPdGbM.exe
  C:\Windows\System\ZBPdGbM.exe
  2⤵
  PID:6296
- C:\Windows\System\DaONgac.exe
  C:\Windows\System\DaONgac.exe
  2⤵
  PID:6088
- C:\Windows\System\xIQXHpr.exe
  C:\Windows\System\xIQXHpr.exe
  2⤵
  PID:6276
- C:\Windows\System\yFScRJq.exe
  C:\Windows\System\yFScRJq.exe
  2⤵
  PID:6388
- C:\Windows\System\ZawPcYz.exe
  C:\Windows\System\ZawPcYz.exe
  2⤵
  PID:5124
- C:\Windows\System\edVesEl.exe
  C:\Windows\System\edVesEl.exe
  2⤵
  PID:2440
- C:\Windows\System\UfPDkAR.exe
  C:\Windows\System\UfPDkAR.exe
  2⤵
  PID:2248
- C:\Windows\System\lTtYTaH.exe
  C:\Windows\System\lTtYTaH.exe
  2⤵
  PID:1480
- C:\Windows\System\MGUjUhY.exe
  C:\Windows\System\MGUjUhY.exe
  2⤵
  PID:332
- C:\Windows\System\hBGMVTA.exe
  C:\Windows\System\hBGMVTA.exe
  2⤵
  PID:1860
- C:\Windows\System\DiWiRYP.exe
  C:\Windows\System\DiWiRYP.exe
  2⤵
  PID:2220
- C:\Windows\System\cIOUKsV.exe
  C:\Windows\System\cIOUKsV.exe
  2⤵
  PID:1324
- C:\Windows\System\iPQxvAl.exe
  C:\Windows\System\iPQxvAl.exe
  2⤵
  PID:6536
- C:\Windows\System\ujqEvzS.exe
  C:\Windows\System\ujqEvzS.exe
  2⤵
  PID:6528
- C:\Windows\System\WOuzuGC.exe
  C:\Windows\System\WOuzuGC.exe
  2⤵
  PID:6592
- C:\Windows\System\aJZYHhA.exe
  C:\Windows\System\aJZYHhA.exe
  2⤵
  PID:6608
- C:\Windows\System\KwmmnpH.exe
  C:\Windows\System\KwmmnpH.exe
  2⤵
  PID:6708
- C:\Windows\System\DMraTaT.exe
  C:\Windows\System\DMraTaT.exe
  2⤵
  PID:6860
- C:\Windows\System\DYHMcKJ.exe
  C:\Windows\System\DYHMcKJ.exe
  2⤵
  PID:6680
- C:\Windows\System\AIfCnDK.exe
  C:\Windows\System\AIfCnDK.exe
  2⤵
  PID:6992
- C:\Windows\System\EYQiTBA.exe
  C:\Windows\System\EYQiTBA.exe
  2⤵
  PID:6880
- C:\Windows\System\zKaTKHc.exe
  C:\Windows\System\zKaTKHc.exe
  2⤵
  PID:7032
- C:\Windows\System\HIDyyca.exe
  C:\Windows\System\HIDyyca.exe
  2⤵
  PID:7112
- C:\Windows\System\RvNQohF.exe
  C:\Windows\System\RvNQohF.exe
  2⤵
  PID:6232
- C:\Windows\System\SfUHAie.exe
  C:\Windows\System\SfUHAie.exe
  2⤵
  PID:7080
- C:\Windows\System\tjudPtt.exe
  C:\Windows\System\tjudPtt.exe
  2⤵
  PID:2680
- C:\Windows\System\sqEMGeK.exe
  C:\Windows\System\sqEMGeK.exe
  2⤵
  PID:6316
- C:\Windows\System\kseaXOl.exe
  C:\Windows\System\kseaXOl.exe
  2⤵
  PID:6412
- C:\Windows\System\KxZYouC.exe
  C:\Windows\System\KxZYouC.exe
  2⤵
  PID:6244
- C:\Windows\System\JlmmxCv.exe
  C:\Windows\System\JlmmxCv.exe
  2⤵
  PID:6356
- C:\Windows\System\wVxQhtR.exe
  C:\Windows\System\wVxQhtR.exe
  2⤵
  PID:6444
- C:\Windows\System\AYDIene.exe
  C:\Windows\System\AYDIene.exe
  2⤵
  PID:1576
- C:\Windows\System\rZFgKNw.exe
  C:\Windows\System\rZFgKNw.exe
  2⤵
  PID:2368
- C:\Windows\System\miCFVts.exe
  C:\Windows\System\miCFVts.exe
  2⤵
  PID:2212
- C:\Windows\System\HbkeLCW.exe
  C:\Windows\System\HbkeLCW.exe
  2⤵
  PID:6584
- C:\Windows\System\WpvPfDZ.exe
  C:\Windows\System\WpvPfDZ.exe
  2⤵
  PID:2968
- C:\Windows\System\LRNvplw.exe
  C:\Windows\System\LRNvplw.exe
  2⤵
  PID:6792
- C:\Windows\System\AlKKujm.exe
  C:\Windows\System\AlKKujm.exe
  2⤵
  PID:6808
- C:\Windows\System\oGdFYhx.exe
  C:\Windows\System\oGdFYhx.exe
  2⤵
  PID:6520
- C:\Windows\System\xjNESzW.exe
  C:\Windows\System\xjNESzW.exe
  2⤵
  PID:6748
- C:\Windows\System\gYquVBE.exe
  C:\Windows\System\gYquVBE.exe
  2⤵
  PID:6836
- C:\Windows\System\zjOMeGo.exe
  C:\Windows\System\zjOMeGo.exe
  2⤵
  PID:7060
- C:\Windows\System\FMUAbGQ.exe
  C:\Windows\System\FMUAbGQ.exe
  2⤵
  PID:6972
- C:\Windows\System\ejwKvhf.exe
  C:\Windows\System\ejwKvhf.exe
  2⤵
  PID:7000
- C:\Windows\System\UdloqBJ.exe
  C:\Windows\System\UdloqBJ.exe
  2⤵
  PID:7244
- C:\Windows\System\RSJcrBW.exe
  C:\Windows\System\RSJcrBW.exe
  2⤵
  PID:7264
- C:\Windows\System\WNwiCpr.exe
  C:\Windows\System\WNwiCpr.exe
  2⤵
  PID:7280
- C:\Windows\System\IjTrtBs.exe
  C:\Windows\System\IjTrtBs.exe
  2⤵
  PID:7300
- C:\Windows\System\JMaqAWr.exe
  C:\Windows\System\JMaqAWr.exe
  2⤵
  PID:7316
- C:\Windows\System\sAeQSoY.exe
  C:\Windows\System\sAeQSoY.exe
  2⤵
  PID:7332
- C:\Windows\System\SFlTRwg.exe
  C:\Windows\System\SFlTRwg.exe
  2⤵
  PID:7348
- C:\Windows\System\RDIxObn.exe
  C:\Windows\System\RDIxObn.exe
  2⤵
  PID:7380
- C:\Windows\System\VuNzoAs.exe
  C:\Windows\System\VuNzoAs.exe
  2⤵
  PID:7396
- C:\Windows\System\aCovamw.exe
  C:\Windows\System\aCovamw.exe
  2⤵
  PID:7412
- C:\Windows\System\SuyspJB.exe
  C:\Windows\System\SuyspJB.exe
  2⤵
  PID:7428
- C:\Windows\System\kEHYDyE.exe
  C:\Windows\System\kEHYDyE.exe
  2⤵
  PID:7444
- C:\Windows\System\oXPtvTK.exe
  C:\Windows\System\oXPtvTK.exe
  2⤵
  PID:7468
- C:\Windows\System\kaVtnUX.exe
  C:\Windows\System\kaVtnUX.exe
  2⤵
  PID:7508
- C:\Windows\System\uAoVYeS.exe
  C:\Windows\System\uAoVYeS.exe
  2⤵
  PID:7524
- C:\Windows\System\vzIdMaw.exe
  C:\Windows\System\vzIdMaw.exe
  2⤵
  PID:7544
- C:\Windows\System\iiuWqZw.exe
  C:\Windows\System\iiuWqZw.exe
  2⤵
  PID:7564
- C:\Windows\System\MZBnlzd.exe
  C:\Windows\System\MZBnlzd.exe
  2⤵
  PID:7580
- C:\Windows\System\sWmJwAz.exe
  C:\Windows\System\sWmJwAz.exe
  2⤵
  PID:7604
- C:\Windows\System\nStiePE.exe
  C:\Windows\System\nStiePE.exe
  2⤵
  PID:7620
- C:\Windows\System\sNjCRSl.exe
  C:\Windows\System\sNjCRSl.exe
  2⤵
  PID:7640
- C:\Windows\System\tuKmuSN.exe
  C:\Windows\System\tuKmuSN.exe
  2⤵
  PID:7656
- C:\Windows\System\GJfZsYd.exe
  C:\Windows\System\GJfZsYd.exe
  2⤵
  PID:7672
- C:\Windows\System\GRHEVsP.exe
  C:\Windows\System\GRHEVsP.exe
  2⤵
  PID:7692
- C:\Windows\System\wSFTyqg.exe
  C:\Windows\System\wSFTyqg.exe
  2⤵
  PID:7712
- C:\Windows\System\CWLkJZH.exe
  C:\Windows\System\CWLkJZH.exe
  2⤵
  PID:7732
- C:\Windows\System\UxqVwvr.exe
  C:\Windows\System\UxqVwvr.exe
  2⤵
  PID:7760
- C:\Windows\System\nAIzbjY.exe
  C:\Windows\System\nAIzbjY.exe
  2⤵
  PID:7776
- C:\Windows\System\sLjwwUN.exe
  C:\Windows\System\sLjwwUN.exe
  2⤵
  PID:7792
- C:\Windows\System\xZLyaWc.exe
  C:\Windows\System\xZLyaWc.exe
  2⤵
  PID:7808
- C:\Windows\System\dkdeYTs.exe
  C:\Windows\System\dkdeYTs.exe
  2⤵
  PID:7832
- C:\Windows\System\QSFOUcv.exe
  C:\Windows\System\QSFOUcv.exe
  2⤵
  PID:7848
- C:\Windows\System\iaRoHAK.exe
  C:\Windows\System\iaRoHAK.exe
  2⤵
  PID:7864
- C:\Windows\System\mrVMkXr.exe
  C:\Windows\System\mrVMkXr.exe
  2⤵
  PID:7888
- C:\Windows\System\MdPNMoK.exe
  C:\Windows\System\MdPNMoK.exe
  2⤵
  PID:7908
- C:\Windows\System\LBuHWzJ.exe
  C:\Windows\System\LBuHWzJ.exe
  2⤵
  PID:7924
- C:\Windows\System\GyOusYI.exe
  C:\Windows\System\GyOusYI.exe
  2⤵
  PID:7944
- C:\Windows\System\TZnhoIM.exe
  C:\Windows\System\TZnhoIM.exe
  2⤵
  PID:7964
- C:\Windows\System\fTUuCtO.exe
  C:\Windows\System\fTUuCtO.exe
  2⤵
  PID:7980
- C:\Windows\System\PQqkXPq.exe
  C:\Windows\System\PQqkXPq.exe
  2⤵
  PID:8028
- C:\Windows\System\DwQTiUR.exe
  C:\Windows\System\DwQTiUR.exe
  2⤵
  PID:8044
- C:\Windows\System\rgIoUhi.exe
  C:\Windows\System\rgIoUhi.exe
  2⤵
  PID:8064
- C:\Windows\System\CNGNlPq.exe
  C:\Windows\System\CNGNlPq.exe
  2⤵
  PID:8080
- C:\Windows\System\UUopaLT.exe
  C:\Windows\System\UUopaLT.exe
  2⤵
  PID:8096
- C:\Windows\System\EicILut.exe
  C:\Windows\System\EicILut.exe
  2⤵
  PID:8112
- C:\Windows\System\rwsSSkT.exe
  C:\Windows\System\rwsSSkT.exe
  2⤵
  PID:8128
- C:\Windows\System\pRgDAdk.exe
  C:\Windows\System\pRgDAdk.exe
  2⤵
  PID:8144
- C:\Windows\System\HMuovCE.exe
  C:\Windows\System\HMuovCE.exe
  2⤵
  PID:8160
- C:\Windows\System\sXMGWsg.exe
  C:\Windows\System\sXMGWsg.exe
  2⤵
  PID:8184
- C:\Windows\System\mMLmRzu.exe
  C:\Windows\System\mMLmRzu.exe
  2⤵
  PID:6336
- C:\Windows\System\vOqlMfF.exe
  C:\Windows\System\vOqlMfF.exe
  2⤵
  PID:6844
- C:\Windows\System\VvwgeLI.exe
  C:\Windows\System\VvwgeLI.exe
  2⤵
  PID:6468
- C:\Windows\System\RerLCOk.exe
  C:\Windows\System\RerLCOk.exe
  2⤵
  PID:2980
- C:\Windows\System\pZdklcO.exe
  C:\Windows\System\pZdklcO.exe
  2⤵
  PID:7076
- C:\Windows\System\ZyVdbTN.exe
  C:\Windows\System\ZyVdbTN.exe
  2⤵
  PID:7184
- C:\Windows\System\aaGgQER.exe
  C:\Windows\System\aaGgQER.exe
  2⤵
  PID:7200
- C:\Windows\System\YlLvrTz.exe
  C:\Windows\System\YlLvrTz.exe
  2⤵
  PID:7212
- C:\Windows\System\njjlYKz.exe
  C:\Windows\System\njjlYKz.exe
  2⤵
  PID:7228
- C:\Windows\System\XgwuIrc.exe
  C:\Windows\System\XgwuIrc.exe
  2⤵
  PID:7164
- C:\Windows\System\cxzlrab.exe
  C:\Windows\System\cxzlrab.exe
  2⤵
  PID:6408
- C:\Windows\System\hIkSxEr.exe
  C:\Windows\System\hIkSxEr.exe
  2⤵
  PID:6804
- C:\Windows\System\hnMKOBm.exe
  C:\Windows\System\hnMKOBm.exe
  2⤵
  PID:7028
- C:\Windows\System\NmIomJr.exe
  C:\Windows\System\NmIomJr.exe
  2⤵
  PID:6288
- C:\Windows\System\lAYrnNG.exe
  C:\Windows\System\lAYrnNG.exe
  2⤵
  PID:7292
- C:\Windows\System\NpWVZTS.exe
  C:\Windows\System\NpWVZTS.exe
  2⤵
  PID:7260
- C:\Windows\System\TmaQbxZ.exe
  C:\Windows\System\TmaQbxZ.exe
  2⤵
  PID:7312
- C:\Windows\System\YQzYBle.exe
  C:\Windows\System\YQzYBle.exe
  2⤵
  PID:7364
- C:\Windows\System\oyCuEkI.exe
  C:\Windows\System\oyCuEkI.exe
  2⤵
  PID:7376
- C:\Windows\System\ADcIVOD.exe
  C:\Windows\System\ADcIVOD.exe
  2⤵
  PID:7392
- C:\Windows\System\omOOwpr.exe
  C:\Windows\System\omOOwpr.exe
  2⤵
  PID:7456
- C:\Windows\System\nGdrdly.exe
  C:\Windows\System\nGdrdly.exe
  2⤵
  PID:7484
- C:\Windows\System\bPhAOBK.exe
  C:\Windows\System\bPhAOBK.exe
  2⤵
  PID:7504
- C:\Windows\System\fZuMjPI.exe
  C:\Windows\System\fZuMjPI.exe
  2⤵
  PID:7552
- C:\Windows\System\qVoVRAC.exe
  C:\Windows\System\qVoVRAC.exe
  2⤵
  PID:7572
- C:\Windows\System\iuiKHRi.exe
  C:\Windows\System\iuiKHRi.exe
  2⤵
  PID:7592
- C:\Windows\System\paNzqDj.exe
  C:\Windows\System\paNzqDj.exe
  2⤵
  PID:7616
- C:\Windows\System\jZrJJSH.exe
  C:\Windows\System\jZrJJSH.exe
  2⤵
  PID:7636
- C:\Windows\System\tDdqVDP.exe
  C:\Windows\System\tDdqVDP.exe
  2⤵
  PID:7612
- C:\Windows\System\NjeAaRg.exe
  C:\Windows\System\NjeAaRg.exe
  2⤵
  PID:7708
- C:\Windows\System\buVSPWN.exe
  C:\Windows\System\buVSPWN.exe
  2⤵
  PID:7688
- C:\Windows\System\BWXJOta.exe
  C:\Windows\System\BWXJOta.exe
  2⤵
  PID:7784
- C:\Windows\System\bmOfkMt.exe
  C:\Windows\System\bmOfkMt.exe
  2⤵
  PID:7824
- C:\Windows\System\CzRwsky.exe
  C:\Windows\System\CzRwsky.exe
  2⤵
  PID:7896
- C:\Windows\System\LlnviUU.exe
  C:\Windows\System\LlnviUU.exe
  2⤵
  PID:7940
- C:\Windows\System\afneOpU.exe
  C:\Windows\System\afneOpU.exe
  2⤵
  PID:7972
- C:\Windows\System\VaYroXS.exe
  C:\Windows\System\VaYroXS.exe
  2⤵
  PID:7920
- C:\Windows\System\EqQXSMY.exe
  C:\Windows\System\EqQXSMY.exe
  2⤵
  PID:7840
- C:\Windows\System\trxbXqz.exe
  C:\Windows\System\trxbXqz.exe
  2⤵
  PID:7960
- C:\Windows\System\gqnncdm.exe
  C:\Windows\System\gqnncdm.exe
  2⤵
  PID:8004
- C:\Windows\System\ZAqUjWT.exe
  C:\Windows\System\ZAqUjWT.exe
  2⤵
  PID:8012
- C:\Windows\System\wRYNSFE.exe
  C:\Windows\System\wRYNSFE.exe
  2⤵
  PID:8040
- C:\Windows\System\TIlXXMZ.exe
  C:\Windows\System\TIlXXMZ.exe
  2⤵
  PID:8088
- C:\Windows\System\zqizTyq.exe
  C:\Windows\System\zqizTyq.exe
  2⤵
  PID:8152
- C:\Windows\System\qBaIpCh.exe
  C:\Windows\System\qBaIpCh.exe
  2⤵
  PID:1724
- C:\Windows\System\xSOSLsF.exe
  C:\Windows\System\xSOSLsF.exe
  2⤵
  PID:8076
- C:\Windows\System\MhddOTb.exe
  C:\Windows\System\MhddOTb.exe
  2⤵
  PID:8108
- C:\Windows\System\sgWUfkX.exe
  C:\Windows\System\sgWUfkX.exe
  2⤵
  PID:8168
- C:\Windows\System\lZWrrKH.exe
  C:\Windows\System\lZWrrKH.exe
  2⤵
  PID:8180
- C:\Windows\System\Nydokyr.exe
  C:\Windows\System\Nydokyr.exe
  2⤵
  PID:952
- C:\Windows\System\qcyncjU.exe
  C:\Windows\System\qcyncjU.exe
  2⤵
  PID:7144
- C:\Windows\System\RBbdiKE.exe
  C:\Windows\System\RBbdiKE.exe
  2⤵
  PID:628
- C:\Windows\System\AAShwAX.exe
  C:\Windows\System\AAShwAX.exe
  2⤵
  PID:992
- C:\Windows\System\BBbbXFE.exe
  C:\Windows\System\BBbbXFE.exe
  2⤵
  PID:6628
- C:\Windows\System\BoOUkDV.exe
  C:\Windows\System\BoOUkDV.exe
  2⤵
  PID:7252
- C:\Windows\System\gPmAhFD.exe
  C:\Windows\System\gPmAhFD.exe
  2⤵
  PID:7276
- C:\Windows\System\XwaDkRv.exe
  C:\Windows\System\XwaDkRv.exe
  2⤵
  PID:7324
- C:\Windows\System\AMmSmGY.exe
  C:\Windows\System\AMmSmGY.exe
  2⤵
  PID:7436
- C:\Windows\System\aMeyfvS.exe
  C:\Windows\System\aMeyfvS.exe
  2⤵
  PID:7408
- C:\Windows\System\BbsHLxn.exe
  C:\Windows\System\BbsHLxn.exe
  2⤵
  PID:1684
- C:\Windows\System\rIpzVrq.exe
  C:\Windows\System\rIpzVrq.exe
  2⤵
  PID:7560
- C:\Windows\System\LcsymUA.exe
  C:\Windows\System\LcsymUA.exe
  2⤵
  PID:7496
- C:\Windows\System\VRvksqS.exe
  C:\Windows\System\VRvksqS.exe
  2⤵
  PID:7628
- C:\Windows\System\otJDIaL.exe
  C:\Windows\System\otJDIaL.exe
  2⤵
  PID:7724
- C:\Windows\System\bwElSSM.exe
  C:\Windows\System\bwElSSM.exe
  2⤵
  PID:7728
- C:\Windows\System\lbEQZUf.exe
  C:\Windows\System\lbEQZUf.exe
  2⤵
  PID:7932
- C:\Windows\System\sJgJWQj.exe
  C:\Windows\System\sJgJWQj.exe
  2⤵
  PID:7860
- C:\Windows\System\XpinLKz.exe
  C:\Windows\System\XpinLKz.exe
  2⤵
  PID:7816
- C:\Windows\System\lquDtEz.exe
  C:\Windows\System\lquDtEz.exe
  2⤵
  PID:7804
- C:\Windows\System\EkqBqJH.exe
  C:\Windows\System\EkqBqJH.exe
  2⤵
  PID:8036
- C:\Windows\System\tQCsjnc.exe
  C:\Windows\System\tQCsjnc.exe
  2⤵
  PID:7956
- C:\Windows\System\zdDjhyA.exe
  C:\Windows\System\zdDjhyA.exe
  2⤵
  PID:8056
- C:\Windows\System\SOwJfEa.exe
  C:\Windows\System\SOwJfEa.exe
  2⤵
  PID:7128
- C:\Windows\System\JqnJZtG.exe
  C:\Windows\System\JqnJZtG.exe
  2⤵
  PID:8176
- C:\Windows\System\BDgnBFB.exe
  C:\Windows\System\BDgnBFB.exe
  2⤵
  PID:4984
- C:\Windows\System\WxokeRN.exe
  C:\Windows\System\WxokeRN.exe
  2⤵
  PID:6532
- C:\Windows\System\FawESWl.exe
  C:\Windows\System\FawESWl.exe
  2⤵
  PID:6596
- C:\Windows\System\wcrkAmC.exe
  C:\Windows\System\wcrkAmC.exe
  2⤵
  PID:6920
- C:\Windows\System\LmoRFPX.exe
  C:\Windows\System\LmoRFPX.exe
  2⤵
  PID:7308
- C:\Windows\System\AJpfXmI.exe
  C:\Windows\System\AJpfXmI.exe
  2⤵
  PID:7556
- C:\Windows\System\oiCJpTn.exe
  C:\Windows\System\oiCJpTn.exe
  2⤵
  PID:7476
- C:\Windows\System\RxvFxwq.exe
  C:\Windows\System\RxvFxwq.exe
  2⤵
  PID:7856
- C:\Windows\System\GtjaaUV.exe
  C:\Windows\System\GtjaaUV.exe
  2⤵
  PID:7540
- C:\Windows\System\nKDLMOD.exe
  C:\Windows\System\nKDLMOD.exe
  2⤵
  PID:7768
- C:\Windows\System\DHcbyTa.exe
  C:\Windows\System\DHcbyTa.exe
  2⤵
  PID:6312
- C:\Windows\System\OKcbgwU.exe
  C:\Windows\System\OKcbgwU.exe
  2⤵
  PID:7952
- C:\Windows\System\JQLVsqo.exe
  C:\Windows\System\JQLVsqo.exe
  2⤵
  PID:8020
- C:\Windows\System\OMmKRoU.exe
  C:\Windows\System\OMmKRoU.exe
  2⤵
  PID:2072
- C:\Windows\System\mZRxdOC.exe
  C:\Windows\System\mZRxdOC.exe
  2⤵
  PID:7452
- C:\Windows\System\yDOBuje.exe
  C:\Windows\System\yDOBuje.exe
  2⤵
  PID:7208
- C:\Windows\System\nkPqNNa.exe
  C:\Windows\System\nkPqNNa.exe
  2⤵
  PID:8204
- C:\Windows\System\usMfBVu.exe
  C:\Windows\System\usMfBVu.exe
  2⤵
  PID:8220
- C:\Windows\System\gbrvszF.exe
  C:\Windows\System\gbrvszF.exe
  2⤵
  PID:8236
- C:\Windows\System\aFKXsNe.exe
  C:\Windows\System\aFKXsNe.exe
  2⤵
  PID:8252
- C:\Windows\System\bqaFDeI.exe
  C:\Windows\System\bqaFDeI.exe
  2⤵
  PID:8268
- C:\Windows\System\xhExuaN.exe
  C:\Windows\System\xhExuaN.exe
  2⤵
  PID:8284
- C:\Windows\System\eVgdQjl.exe
  C:\Windows\System\eVgdQjl.exe
  2⤵
  PID:8300
- C:\Windows\System\YVakyDE.exe
  C:\Windows\System\YVakyDE.exe
  2⤵
  PID:8316
- C:\Windows\System\dWoLhZl.exe
  C:\Windows\System\dWoLhZl.exe
  2⤵
  PID:8332
- C:\Windows\System\gnQjgam.exe
  C:\Windows\System\gnQjgam.exe
  2⤵
  PID:8348
- C:\Windows\System\yVUMOSo.exe
  C:\Windows\System\yVUMOSo.exe
  2⤵
  PID:8364
- C:\Windows\System\hhPoPRH.exe
  C:\Windows\System\hhPoPRH.exe
  2⤵
  PID:8380
- C:\Windows\System\AFPULbJ.exe
  C:\Windows\System\AFPULbJ.exe
  2⤵
  PID:8396
- C:\Windows\System\GBtbyFo.exe
  C:\Windows\System\GBtbyFo.exe
  2⤵
  PID:8412
- C:\Windows\System\YYlCrde.exe
  C:\Windows\System\YYlCrde.exe
  2⤵
  PID:8428
- C:\Windows\System\oSIDqWP.exe
  C:\Windows\System\oSIDqWP.exe
  2⤵
  PID:8444
- C:\Windows\System\sTdyCKY.exe
  C:\Windows\System\sTdyCKY.exe
  2⤵
  PID:8460
- C:\Windows\System\KhGcGMB.exe
  C:\Windows\System\KhGcGMB.exe
  2⤵
  PID:8476
- C:\Windows\System\BDEWRsf.exe
  C:\Windows\System\BDEWRsf.exe
  2⤵
  PID:8492
- C:\Windows\System\izyaWlb.exe
  C:\Windows\System\izyaWlb.exe
  2⤵
  PID:8508
- C:\Windows\System\QGWrbFa.exe
  C:\Windows\System\QGWrbFa.exe
  2⤵
  PID:8524
- C:\Windows\System\clZXPlq.exe
  C:\Windows\System\clZXPlq.exe
  2⤵
  PID:8540
- C:\Windows\System\wUjnfkm.exe
  C:\Windows\System\wUjnfkm.exe
  2⤵
  PID:8556
- C:\Windows\System\GXPatrP.exe
  C:\Windows\System\GXPatrP.exe
  2⤵
  PID:8572
- C:\Windows\System\WOxnOon.exe
  C:\Windows\System\WOxnOon.exe
  2⤵
  PID:8588
- C:\Windows\System\wiMqlnD.exe
  C:\Windows\System\wiMqlnD.exe
  2⤵
  PID:8604
- C:\Windows\System\nXnAjZy.exe
  C:\Windows\System\nXnAjZy.exe
  2⤵
  PID:8620
- C:\Windows\System\tvaFMqq.exe
  C:\Windows\System\tvaFMqq.exe
  2⤵
  PID:8656
- C:\Windows\System\reebDqe.exe
  C:\Windows\System\reebDqe.exe
  2⤵
  PID:8672
- C:\Windows\System\CsnZzue.exe
  C:\Windows\System\CsnZzue.exe
  2⤵
  PID:8688
- C:\Windows\System\XkmkBMy.exe
  C:\Windows\System\XkmkBMy.exe
  2⤵
  PID:8704
- C:\Windows\System\CnbsoQt.exe
  C:\Windows\System\CnbsoQt.exe
  2⤵
  PID:8720
- C:\Windows\System\xTXMIkW.exe
  C:\Windows\System\xTXMIkW.exe
  2⤵
  PID:8736
- C:\Windows\System\KJJVpPQ.exe
  C:\Windows\System\KJJVpPQ.exe
  2⤵
  PID:8752
- C:\Windows\System\IjEIvIS.exe
  C:\Windows\System\IjEIvIS.exe
  2⤵
  PID:8768
- C:\Windows\System\uithfJA.exe
  C:\Windows\System\uithfJA.exe
  2⤵
  PID:8784
- C:\Windows\System\LAZWDpb.exe
  C:\Windows\System\LAZWDpb.exe
  2⤵
  PID:8800
- C:\Windows\System\daApauG.exe
  C:\Windows\System\daApauG.exe
  2⤵
  PID:8816
- C:\Windows\System\kxjWFps.exe
  C:\Windows\System\kxjWFps.exe
  2⤵
  PID:8832
- C:\Windows\System\XqKeAtc.exe
  C:\Windows\System\XqKeAtc.exe
  2⤵
  PID:8848
- C:\Windows\System\pymWByS.exe
  C:\Windows\System\pymWByS.exe
  2⤵
  PID:8864
- C:\Windows\System\FZRRqZM.exe
  C:\Windows\System\FZRRqZM.exe
  2⤵
  PID:8880
- C:\Windows\System\UPWagpq.exe
  C:\Windows\System\UPWagpq.exe
  2⤵
  PID:8896
- C:\Windows\System\xRhBNZP.exe
  C:\Windows\System\xRhBNZP.exe
  2⤵
  PID:8912
- C:\Windows\System\EnbePqG.exe
  C:\Windows\System\EnbePqG.exe
  2⤵
  PID:8928
- C:\Windows\System\MTlfyLI.exe
  C:\Windows\System\MTlfyLI.exe
  2⤵
  PID:8944
- C:\Windows\System\hyBUIlw.exe
  C:\Windows\System\hyBUIlw.exe
  2⤵
  PID:9100
- C:\Windows\System\OWTTPNH.exe
  C:\Windows\System\OWTTPNH.exe
  2⤵
  PID:8264
- C:\Windows\System\DsDoVas.exe
  C:\Windows\System\DsDoVas.exe
  2⤵
  PID:8456
- C:\Windows\System\bzsUUqF.exe
  C:\Windows\System\bzsUUqF.exe
  2⤵
  PID:8516
- C:\Windows\System\DAPaBYx.exe
  C:\Windows\System\DAPaBYx.exe
  2⤵
  PID:8680
- C:\Windows\System\cYpILIb.exe
  C:\Windows\System\cYpILIb.exe
  2⤵
  PID:8780
- C:\Windows\System\QBlCQds.exe
  C:\Windows\System\QBlCQds.exe
  2⤵
  PID:8760
- C:\Windows\System\ZcstkWH.exe
  C:\Windows\System\ZcstkWH.exe
  2⤵
  PID:8696
- C:\Windows\System\cHssExb.exe
  C:\Windows\System\cHssExb.exe
  2⤵
  PID:8856
- C:\Windows\System\yHcYjGS.exe
  C:\Windows\System\yHcYjGS.exe
  2⤵
  PID:8908
- C:\Windows\System\hXvugGa.exe
  C:\Windows\System\hXvugGa.exe
  2⤵
  PID:8972
- C:\Windows\System\inqJJNs.exe
  C:\Windows\System\inqJJNs.exe
  2⤵
  PID:8992
- C:\Windows\System\qUYcnuh.exe
  C:\Windows\System\qUYcnuh.exe
  2⤵
  PID:9052
- C:\Windows\System\PxhvXEH.exe
  C:\Windows\System\PxhvXEH.exe
  2⤵
  PID:9036
- C:\Windows\System\ryCFUfB.exe
  C:\Windows\System\ryCFUfB.exe
  2⤵
  PID:8964
- C:\Windows\System\TFpbrql.exe
  C:\Windows\System\TFpbrql.exe
  2⤵
  PID:9072
- C:\Windows\System\eKbkofE.exe
  C:\Windows\System\eKbkofE.exe
  2⤵
  PID:9084
- C:\Windows\System\CgXPzcM.exe
  C:\Windows\System\CgXPzcM.exe
  2⤵
  PID:9108
- C:\Windows\System\HAnqgoS.exe
  C:\Windows\System\HAnqgoS.exe
  2⤵
  PID:9120
- C:\Windows\System\xxNwaqQ.exe
  C:\Windows\System\xxNwaqQ.exe
  2⤵
  PID:9148
- C:\Windows\System\MqokmtC.exe
  C:\Windows\System\MqokmtC.exe
  2⤵
  PID:9164
- C:\Windows\System\syRmtzY.exe
  C:\Windows\System\syRmtzY.exe
  2⤵
  PID:9180
- C:\Windows\System\Xjcuwsa.exe
  C:\Windows\System\Xjcuwsa.exe
  2⤵
  PID:9200
- C:\Windows\System\XcnoZxZ.exe
  C:\Windows\System\XcnoZxZ.exe
  2⤵
  PID:7800
- C:\Windows\System\BdjZpWS.exe
  C:\Windows\System\BdjZpWS.exe
  2⤵
  PID:7684
- C:\Windows\System\aQSiipg.exe
  C:\Windows\System\aQSiipg.exe
  2⤵
  PID:8248
- C:\Windows\System\VvDssAn.exe
  C:\Windows\System\VvDssAn.exe
  2⤵
  PID:8372
- C:\Windows\System\VTWqILW.exe
  C:\Windows\System\VTWqILW.exe
  2⤵
  PID:8436
- C:\Windows\System\aTQaPFz.exe
  C:\Windows\System\aTQaPFz.exe
  2⤵
  PID:7704
- C:\Windows\System\ikViIbf.exe
  C:\Windows\System\ikViIbf.exe
  2⤵
  PID:7236
- C:\Windows\System\jdKSMXr.exe
  C:\Windows\System\jdKSMXr.exe
  2⤵
  PID:7344
- C:\Windows\System\lTtALWf.exe
  C:\Windows\System\lTtALWf.exe
  2⤵
  PID:8580
- C:\Windows\System\yMVyNUr.exe
  C:\Windows\System\yMVyNUr.exe
  2⤵
  PID:8356
- C:\Windows\System\IVgHYuR.exe
  C:\Windows\System\IVgHYuR.exe
  2⤵
  PID:8440
- C:\Windows\System\AxoCQiq.exe
  C:\Windows\System\AxoCQiq.exe
  2⤵
  PID:8596
- C:\Windows\System\VGzLcsi.exe
  C:\Windows\System\VGzLcsi.exe
  2⤵
  PID:8564
- C:\Windows\System\CJsQcql.exe
  C:\Windows\System\CJsQcql.exe
  2⤵
  PID:8648
- C:\Windows\System\hbJWPom.exe
  C:\Windows\System\hbJWPom.exe
  2⤵
  PID:8716
- C:\Windows\System\Pznbtbk.exe
  C:\Windows\System\Pznbtbk.exe
  2⤵
  PID:8840
- C:\Windows\System\ShivKQY.exe
  C:\Windows\System\ShivKQY.exe
  2⤵
  PID:8888
- C:\Windows\System\GoZZimg.exe
  C:\Windows\System\GoZZimg.exe
  2⤵
  PID:8980
- C:\Windows\System\PKeSEfi.exe
  C:\Windows\System\PKeSEfi.exe
  2⤵
  PID:7880
- C:\Windows\System\UsWXAWz.exe
  C:\Windows\System\UsWXAWz.exe
  2⤵
  PID:9012
- C:\Windows\System\SfCJXgc.exe
  C:\Windows\System\SfCJXgc.exe
  2⤵
  PID:9056
- C:\Windows\System\spHXiXy.exe
  C:\Windows\System\spHXiXy.exe
  2⤵
  PID:9076
- C:\Windows\System\mvTfRZx.exe
  C:\Windows\System\mvTfRZx.exe
  2⤵
  PID:9144
- C:\Windows\System\tVDTDkN.exe
  C:\Windows\System\tVDTDkN.exe
  2⤵
  PID:9212
- C:\Windows\System\OBTPBwh.exe
  C:\Windows\System\OBTPBwh.exe
  2⤵
  PID:7904
- C:\Windows\System\ySOUkjg.exe
  C:\Windows\System\ySOUkjg.exe
  2⤵
  PID:9096
- C:\Windows\System\HzsZQRI.exe
  C:\Windows\System\HzsZQRI.exe
  2⤵
  PID:8408
- C:\Windows\System\ZhSVFea.exe
  C:\Windows\System\ZhSVFea.exe
  2⤵
  PID:9112
- C:\Windows\System\qYbRpoD.exe
  C:\Windows\System\qYbRpoD.exe
  2⤵
  PID:8344
- C:\Windows\System\PCGNZCm.exe
  C:\Windows\System\PCGNZCm.exe
  2⤵
  PID:9196
- C:\Windows\System\keecAbJ.exe
  C:\Windows\System\keecAbJ.exe
  2⤵
  PID:8340
- C:\Windows\System\McDKrDC.exe
  C:\Windows\System\McDKrDC.exe
  2⤵
  PID:8536
- C:\Windows\System\sarTHfC.exe
  C:\Windows\System\sarTHfC.exe
  2⤵
  PID:8424
- C:\Windows\System\FPRZhAn.exe
  C:\Windows\System\FPRZhAn.exe
  2⤵
  PID:8652
- C:\Windows\System\JKNRwMI.exe
  C:\Windows\System\JKNRwMI.exe
  2⤵
  PID:8844
- C:\Windows\System\oCHLoJi.exe
  C:\Windows\System\oCHLoJi.exe
  2⤵
  PID:8792
- C:\Windows\System\GZdiHgg.exe
  C:\Windows\System\GZdiHgg.exe
  2⤵
  PID:8920
- C:\Windows\System\MapGLjZ.exe
  C:\Windows\System\MapGLjZ.exe
  2⤵
  PID:8968
- C:\Windows\System\kWqVgiz.exe
  C:\Windows\System\kWqVgiz.exe
  2⤵
  PID:8296
- C:\Windows\System\unkCVQD.exe
  C:\Windows\System\unkCVQD.exe
  2⤵
  PID:8312
- C:\Windows\System\SFLcnVW.exe
  C:\Windows\System\SFLcnVW.exe
  2⤵
  PID:9008
- C:\Windows\System\HTjRSih.exe
  C:\Windows\System\HTjRSih.exe
  2⤵
  PID:7492
- C:\Windows\System\YvrSvhG.exe
  C:\Windows\System\YvrSvhG.exe
  2⤵
  PID:8504
- C:\Windows\System\LoJiuBz.exe
  C:\Windows\System\LoJiuBz.exe
  2⤵
  PID:8216
- C:\Windows\System\UGdKZug.exe
  C:\Windows\System\UGdKZug.exe
  2⤵
  PID:8612
- C:\Windows\System\yVVIYrh.exe
  C:\Windows\System\yVVIYrh.exe
  2⤵
  PID:8548
- C:\Windows\System\yTVAQTw.exe
  C:\Windows\System\yTVAQTw.exe
  2⤵
  PID:8744
- C:\Windows\System\Ztntxyf.exe
  C:\Windows\System\Ztntxyf.exe
  2⤵
  PID:8796
- C:\Windows\System\LCIOVDS.exe
  C:\Windows\System\LCIOVDS.exe
  2⤵
  PID:9132
- C:\Windows\System\lSqulet.exe
  C:\Windows\System\lSqulet.exe
  2⤵
  PID:8420
- C:\Windows\System\iaJtHYs.exe
  C:\Windows\System\iaJtHYs.exe
  2⤵
  PID:9192
- C:\Windows\System\GcSGmQo.exe
  C:\Windows\System\GcSGmQo.exe
  2⤵
  PID:8568
- C:\Windows\System\wqnOzXR.exe
  C:\Windows\System\wqnOzXR.exe
  2⤵
  PID:8328
- C:\Windows\System\cHAmczV.exe
  C:\Windows\System\cHAmczV.exe
  2⤵
  PID:8812
- C:\Windows\System\ZjdfeVa.exe
  C:\Windows\System\ZjdfeVa.exe
  2⤵
  PID:9044
- C:\Windows\System\MOKepeM.exe
  C:\Windows\System\MOKepeM.exe
  2⤵
  PID:8952
- C:\Windows\System\qCdxFdS.exe
  C:\Windows\System\qCdxFdS.exe
  2⤵
  PID:9172
- C:\Windows\System\hphQPbW.exe
  C:\Windows\System\hphQPbW.exe
  2⤵
  PID:8452
- C:\Windows\System\pzBvmlh.exe
  C:\Windows\System\pzBvmlh.exe
  2⤵
  PID:8712
- C:\Windows\System\ooVSPIG.exe
  C:\Windows\System\ooVSPIG.exe
  2⤵
  PID:8308
- C:\Windows\System\vKXrcPp.exe
  C:\Windows\System\vKXrcPp.exe
  2⤵
  PID:9024
- C:\Windows\System\yEfCMfV.exe
  C:\Windows\System\yEfCMfV.exe
  2⤵
  PID:9000
- C:\Windows\System\gyHhZZH.exe
  C:\Windows\System\gyHhZZH.exe
  2⤵
  PID:2428
- C:\Windows\System\SNvGIqD.exe
  C:\Windows\System\SNvGIqD.exe
  2⤵
  PID:8824
- C:\Windows\System\LOgIwIV.exe
  C:\Windows\System\LOgIwIV.exe
  2⤵
  PID:9236
- C:\Windows\System\DdGPoHb.exe
  C:\Windows\System\DdGPoHb.exe
  2⤵
  PID:9256
- C:\Windows\System\DgcTPSz.exe
  C:\Windows\System\DgcTPSz.exe
  2⤵
  PID:9280
- C:\Windows\System\OrZJvTd.exe
  C:\Windows\System\OrZJvTd.exe
  2⤵
  PID:9296
- C:\Windows\System\ysoMCHB.exe
  C:\Windows\System\ysoMCHB.exe
  2⤵
  PID:9320
- C:\Windows\System\OUufsSm.exe
  C:\Windows\System\OUufsSm.exe
  2⤵
  PID:9340
- C:\Windows\System\qSaQQaH.exe
  C:\Windows\System\qSaQQaH.exe
  2⤵
  PID:9356
- C:\Windows\System\dVxjCfO.exe
  C:\Windows\System\dVxjCfO.exe
  2⤵
  PID:9376
- C:\Windows\System\KBfoYIn.exe
  C:\Windows\System\KBfoYIn.exe
  2⤵
  PID:9392
- C:\Windows\System\sWdIMaj.exe
  C:\Windows\System\sWdIMaj.exe
  2⤵
  PID:9412
- C:\Windows\System\zsVeHqF.exe
  C:\Windows\System\zsVeHqF.exe
  2⤵
  PID:9436
- C:\Windows\System\czNSGue.exe
  C:\Windows\System\czNSGue.exe
  2⤵
  PID:9456
- C:\Windows\System\Lkwczbz.exe
  C:\Windows\System\Lkwczbz.exe
  2⤵
  PID:9480
- C:\Windows\System\gefmGKH.exe
  C:\Windows\System\gefmGKH.exe
  2⤵
  PID:9500
- C:\Windows\System\lGPWVnR.exe
  C:\Windows\System\lGPWVnR.exe
  2⤵
  PID:9520
- C:\Windows\System\iuNBBLU.exe
  C:\Windows\System\iuNBBLU.exe
  2⤵
  PID:9544
- C:\Windows\System\ZRqPFMU.exe
  C:\Windows\System\ZRqPFMU.exe
  2⤵
  PID:9560
- C:\Windows\System\MBTCNaE.exe
  C:\Windows\System\MBTCNaE.exe
  2⤵
  PID:9584
- C:\Windows\System\TFVsYaE.exe
  C:\Windows\System\TFVsYaE.exe
  2⤵
  PID:9604
- C:\Windows\System\oYOrelz.exe
  C:\Windows\System\oYOrelz.exe
  2⤵
  PID:9624
- C:\Windows\System\AGIyGLI.exe
  C:\Windows\System\AGIyGLI.exe
  2⤵
  PID:9640
- C:\Windows\System\WOKHVWn.exe
  C:\Windows\System\WOKHVWn.exe
  2⤵
  PID:9668
- C:\Windows\System\tXWltxx.exe
  C:\Windows\System\tXWltxx.exe
  2⤵
  PID:9688
- C:\Windows\System\SFpBSJs.exe
  C:\Windows\System\SFpBSJs.exe
  2⤵
  PID:9704
- C:\Windows\System\bNpJvUV.exe
  C:\Windows\System\bNpJvUV.exe
  2⤵
  PID:9728
- C:\Windows\System\RxyRJUV.exe
  C:\Windows\System\RxyRJUV.exe
  2⤵
  PID:9744
- C:\Windows\System\AluYZVW.exe
  C:\Windows\System\AluYZVW.exe
  2⤵
  PID:9764
- C:\Windows\System\DyAvFwK.exe
  C:\Windows\System\DyAvFwK.exe
  2⤵
  PID:9784
- C:\Windows\System\jUpKfkB.exe
  C:\Windows\System\jUpKfkB.exe
  2⤵
  PID:9808
- C:\Windows\System\EzXeGwj.exe
  C:\Windows\System\EzXeGwj.exe
  2⤵
  PID:9828
- C:\Windows\System\SKhQhyz.exe
  C:\Windows\System\SKhQhyz.exe
  2⤵
  PID:9844
- C:\Windows\System\pQyRlAk.exe
  C:\Windows\System\pQyRlAk.exe
  2⤵
  PID:9860
- C:\Windows\System\ACLVERa.exe
  C:\Windows\System\ACLVERa.exe
  2⤵
  PID:9880
- C:\Windows\System\dvxeXht.exe
  C:\Windows\System\dvxeXht.exe
  2⤵
  PID:9896
- C:\Windows\System\ynlzmnG.exe
  C:\Windows\System\ynlzmnG.exe
  2⤵
  PID:9920
- C:\Windows\System\sFDsSeP.exe
  C:\Windows\System\sFDsSeP.exe
  2⤵
  PID:9940
- C:\Windows\System\bLmZJBC.exe
  C:\Windows\System\bLmZJBC.exe
  2⤵
  PID:9956
- C:\Windows\System\ptSFGaQ.exe
  C:\Windows\System\ptSFGaQ.exe
  2⤵
  PID:9972
- C:\Windows\System\AByJuIM.exe
  C:\Windows\System\AByJuIM.exe
  2⤵
  PID:9996
- C:\Windows\System\wsCkMgq.exe
  C:\Windows\System\wsCkMgq.exe
  2⤵
  PID:10012
- C:\Windows\System\GyLtAEP.exe
  C:\Windows\System\GyLtAEP.exe
  2⤵
  PID:10040
- C:\Windows\System\tlqcedo.exe
  C:\Windows\System\tlqcedo.exe
  2⤵
  PID:10060
- C:\Windows\System\dsIstIL.exe
  C:\Windows\System\dsIstIL.exe
  2⤵
  PID:10080
- C:\Windows\System\ojKMWQP.exe
  C:\Windows\System\ojKMWQP.exe
  2⤵
  PID:10096
- C:\Windows\System\QLaOqFK.exe
  C:\Windows\System\QLaOqFK.exe
  2⤵
  PID:10124
- C:\Windows\System\ceuWefK.exe
  C:\Windows\System\ceuWefK.exe
  2⤵
  PID:10144
- C:\Windows\System\JuDduch.exe
  C:\Windows\System\JuDduch.exe
  2⤵
  PID:10160
- C:\Windows\System\KqZiIqA.exe
  C:\Windows\System\KqZiIqA.exe
  2⤵
  PID:10176
- C:\Windows\System\jDEESpm.exe
  C:\Windows\System\jDEESpm.exe
  2⤵
  PID:10204
- C:\Windows\System\xRomzSj.exe
  C:\Windows\System\xRomzSj.exe
  2⤵
  PID:10220
- C:\Windows\System\urbkkcp.exe
  C:\Windows\System\urbkkcp.exe
  2⤵
  PID:9224
- C:\Windows\System\YwTWnUv.exe
  C:\Windows\System\YwTWnUv.exe
  2⤵
  PID:9248
- C:\Windows\System\CFDArMI.exe
  C:\Windows\System\CFDArMI.exe
  2⤵
  PID:9268
- C:\Windows\System\DiCzJgq.exe
  C:\Windows\System\DiCzJgq.exe
  2⤵
  PID:9308
- C:\Windows\System\wosrgbO.exe
  C:\Windows\System\wosrgbO.exe
  2⤵
  PID:9348
- C:\Windows\System\VWWpUtB.exe
  C:\Windows\System\VWWpUtB.exe
  2⤵
  PID:9368
- C:\Windows\System\GltizxU.exe
  C:\Windows\System\GltizxU.exe
  2⤵
  PID:9444
- C:\Windows\System\voofdSC.exe
  C:\Windows\System\voofdSC.exe
  2⤵
  PID:9472
- C:\Windows\System\ssDVGdw.exe
  C:\Windows\System\ssDVGdw.exe
  2⤵
  PID:9496
- C:\Windows\System\zbWqxKj.exe
  C:\Windows\System\zbWqxKj.exe
  2⤵
  PID:9528
- C:\Windows\System\VliDAPg.exe
  C:\Windows\System\VliDAPg.exe
  2⤵
  PID:9556
- C:\Windows\System\FBlLlaM.exe
  C:\Windows\System\FBlLlaM.exe
  2⤵
  PID:9600
- C:\Windows\System\umHoOhr.exe
  C:\Windows\System\umHoOhr.exe
  2⤵
  PID:9632
- C:\Windows\System\cZWbtLu.exe
  C:\Windows\System\cZWbtLu.exe
  2⤵
  PID:9636
- C:\Windows\System\kmgcbNG.exe
  C:\Windows\System\kmgcbNG.exe
  2⤵
  PID:9680
- C:\Windows\System\JXWfBsK.exe
  C:\Windows\System\JXWfBsK.exe
  2⤵
  PID:9712
- C:\Windows\System\oCutqDR.exe
  C:\Windows\System\oCutqDR.exe
  2⤵
  PID:9740
- C:\Windows\System\tmqydcg.exe
  C:\Windows\System\tmqydcg.exe
  2⤵
  PID:9772
- C:\Windows\System\XnLEpqb.exe
  C:\Windows\System\XnLEpqb.exe
  2⤵
  PID:9800
- C:\Windows\System\FkGtdwa.exe
  C:\Windows\System\FkGtdwa.exe
  2⤵
  PID:9820
- C:\Windows\System\rbGjwrp.exe
  C:\Windows\System\rbGjwrp.exe
  2⤵
  PID:9888
- C:\Windows\System\nfauzVF.exe
  C:\Windows\System\nfauzVF.exe
  2⤵
  PID:9868
- C:\Windows\System\hdJhgXj.exe
  C:\Windows\System\hdJhgXj.exe
  2⤵
  PID:9912
- C:\Windows\System\ZxCkNHJ.exe
  C:\Windows\System\ZxCkNHJ.exe
  2⤵
  PID:9980
- C:\Windows\System\dUiPbEA.exe
  C:\Windows\System\dUiPbEA.exe
  2⤵
  PID:10020
- C:\Windows\System\vXtBwcy.exe
  C:\Windows\System\vXtBwcy.exe
  2⤵
  PID:10024
- C:\Windows\System\RPprTax.exe
  C:\Windows\System\RPprTax.exe
  2⤵
  PID:10028
- C:\Windows\System\oeNBdfL.exe
  C:\Windows\System\oeNBdfL.exe
  2⤵
  PID:10136
- C:\Windows\System\sYbzich.exe
  C:\Windows\System\sYbzich.exe
  2⤵
  PID:10192
- C:\Windows\System\FVvpKbv.exe
  C:\Windows\System\FVvpKbv.exe
  2⤵
  PID:10228
- C:\Windows\System\JPtTgkk.exe
  C:\Windows\System\JPtTgkk.exe
  2⤵
  PID:9244
- C:\Windows\System\KHKpWOq.exe
  C:\Windows\System\KHKpWOq.exe
  2⤵
  PID:9292
- C:\Windows\System\bydcSMY.exe
  C:\Windows\System\bydcSMY.exe
  2⤵
  PID:9328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AXbXEpJ.exe

Filesize
6.0MB

MD5
9cda38e9da6a88cb72d2c61ff6abfa8c

SHA1
5a0c5958a398944dd6e5bbc909335b326bc13a0b

SHA256
a8d5143a3dc995145a8fe49a57ab21e28ef477b091b26de0a35b98c4402bc15e

SHA512
821e14a151230f2aa008f3a940d987dd231bf38d26361386dce8baa3e4fa573af8ad06ab53a0294f75e87ef5deee3d529835a5fce20c227889ba01fa3dba9562

Download Submit
C:\Windows\system\AkGrJEc.exe

Filesize
6.0MB

MD5
fcffef4a47836597974def647f02caa2

SHA1
f1d216af95de4f9e79ad80300054e85ddbf8a4e8

SHA256
e2bc930032f4786b7363cdfa01cefb77b77b3cd659fb9a4cff987b1332c55390

SHA512
d81bd96c5d93f631caae05a674f07c024519dfa4e0a5f1292cb0ff6678ff829729135f6a2396586fc5ce9a0489509df0e9fd0b683cb318c2245967cd592849d6

Download Submit
C:\Windows\system\CEAGmPm.exe

Filesize
6.0MB

MD5
3c7648df532d1356dad044e66bdf6123

SHA1
47ae64447884633d52edb19063f6c43fb8a62cd0

SHA256
18900f41e2a070941995b62f9fc9c0cb44a98e215e2b1781abd0ccbeef6fcdce

SHA512
6d04a020fd9339685cb31eddb0094b2f915a43d523f64c36cbb02748f4c356255e9c32dbcaa125303181c8fe6585f84afbd2ab17d15a951ae9df38593a0ab2e2

Download Submit
C:\Windows\system\ClHYUzU.exe

Filesize
6.0MB

MD5
1d5799c0c3c9f40b5f1af5981e26c54d

SHA1
80848145774a80ae2703a8ad74cf7366ce606bf0

SHA256
26b78b11f6946207da450c99b2b912a502b4a095b79e5f654748376a4f242fb8

SHA512
dff63e5f59b2b6db32ae68ac65532a48373e8716ea43a2e0898c0fc3c6525403e7ce5a9fbecabbcab39c7ddf0c5d64cca2d0ac02872c40b7535dfb4945c68007

Download Submit
C:\Windows\system\FgMtusY.exe

Filesize
6.0MB

MD5
6371af80b1aa94bb67e22bba8be6deee

SHA1
94e66dfbb7a3d486ebbe49129ef9651a7eb03afd

SHA256
d08c9da0c428f57eb9e438cdf9fce26e4e55978a9fad9679d5b5dce52f43e8a0

SHA512
c4d0a700caec630648240064eef52b262e0f83f3f429a86dde2d449220fb6012535a820382d497f4881041f41933770fdd4740f1313b64779fe907b16c298225

Download Submit
C:\Windows\system\JjqNDTt.exe

Filesize
6.0MB

MD5
3ea195c3fc50f64ec211cd0ad181a928

SHA1
e538982fe5c436a518489cc32522c3b338572ec3

SHA256
f1d6a8e7d19b71d778a626b3dce32a45bc93db0527fe552b04de7b43c2e117c5

SHA512
a7f642f5c3befb684412e2be381d467184f9daad0c57eb8e99799484ad36ca1b97bbc2ada05140ceee7eafd5f2aec37b390780211c94a92aaba4d7cf8e337d4f

Download Submit
C:\Windows\system\NBVwsNM.exe

Filesize
6.0MB

MD5
e5ec2b26025ac1ec7705cb651f2aa031

SHA1
ee0551415ca123d6ae14015dbf697b6dda139a3d

SHA256
9538807f4841f67bbf696932cd9a2af7c266bc2a14b6b8ffdca93fd058e53935

SHA512
abb50a5bea2a44a1175cff19a4ee98c2614701b327338996676e86ead31e28c2f26d985380ff05835fff1626d4266da6aab0aa9e9f22e29826d771d5538d3b6f

Download Submit
C:\Windows\system\NFudbUC.exe

Filesize
8B

MD5
1e272c2407a08d8907d1f2a919ba6e03

SHA1
9354ed1bba8b951180c06b49b6099002258f5fbd

SHA256
713cdcaa57118cdb828b9f5ae3dd003ceb872050dd76714a3ffce81893c08ef5

SHA512
77cc58e7611bfef740df5d5de90df576c03c74cdaa58748f4a35756931d2e26a97f430bb151f35064f07a13279f5f6d73516d72b0249e64f8fccccf129cc46d0

Download Submit
C:\Windows\system\OpMxZpC.exe

Filesize
6.0MB

MD5
29a2655dc53ee27d95687b7dbddbf726

SHA1
baa1d402b7fb7a30594f5b5e0ee859e871244098

SHA256
beca70d19206a2eeca578fd5a29e623e6a07e7a0d43f1b3597e0873b9c3d35d2

SHA512
eafd0d16f6062b330632a3c69afe796fabbf5aa5474f6c98d3800bbc1f4bb14aa926ddea0547de4bc6c7911b199814b56f0215a2c68dbcb67e1d9e21265fb668

Download Submit
C:\Windows\system\PvKaBKY.exe

Filesize
6.0MB

MD5
22d698cfad9c761476e2994e97f05eae

SHA1
48fc4499a89ccab672dabbd6fd2ae97d32cd68d4

SHA256
d1a237c57f54ff8e42f06ab1e196759bbd48aafc78db9674a3817f5149792c46

SHA512
063b651ec011a8172f40e3be1afb6b8aa41829725052fdf6aa88431e534903f7ec96df0ea2674f644754ba8e0baed187ed34ef0b22eb9d040a8674e37b687f33

Download Submit
C:\Windows\system\QaNOZen.exe

Filesize
6.0MB

MD5
b211947e76f1744786ec2bb397e0bb7d

SHA1
9e28ca6903207b18e6e81451e3cd73b3425efd63

SHA256
d3c490220719a974f461f8e481626057e3dcb141393f14e6f05b8a27fa0946ad

SHA512
afa9fbe94970b2c50226f228a403377ddc8a1e3219d1b34001e5e0c6f35aaac32e81fcbf9d6f56a41eb743e8ed0ae10bad3ee710afcb3bc630e135975c84adbd

Download Submit
C:\Windows\system\RXMvMqx.exe

Filesize
6.0MB

MD5
6853dd54568447d4d97ef8b989b6a717

SHA1
74e92af7bcac2eefed91e5c84d5739622b866c86

SHA256
8a85d2a85b83a81ea6673de1fb11047c4861a4408930c2763c31373a8e666e4a

SHA512
e2e28627e319c22c19dc5c7f20f50b483c0c01be2421be9f541509a80c99536ef72ea74254ebaefa86f56ee8e7ec6532b018187cfa53f7c2218668f4073f7fd9

Download Submit
C:\Windows\system\UgXxnan.exe

Filesize
6.0MB

MD5
4e2ac200b65b63f94a101d6465d146c4

SHA1
745121e367724c6890dd719aaf877b49a22bfb4c

SHA256
d9829ba0ddd1161d51a3cdc3d6987429be9b49491e790bb7dfc1a7838ae5bbd8

SHA512
a09cd440ad7863e9ed09374111e95430d083380eeca88300fa10bc20cca43a0ad0b7808612727f01b9d47085857552a2c9f5cc2b7c5a4e3924397ef6942b27f1

Download Submit
C:\Windows\system\VbLYfOj.exe

Filesize
6.0MB

MD5
3e0a8f69c8f803ea8bc58ada8dc2a8c1

SHA1
95314d1bf16760e4aac859a776dc4f5cb097528f

SHA256
aa3a425d7b395fd3e1d582364c5ded8d3cca6b2a5e9ec039a7c06662663a6f3d

SHA512
6d63339b43a60f406a094a5ce3db34df8a18e2c0993dbd4badd4030da25ac667ef21b6bc537933cf1cca783a76a50e51bd5f861f9976f27b2cbcd18b337bb71f

Download Submit
C:\Windows\system\aUAQGrp.exe

Filesize
6.0MB

MD5
e3c84d460c4ac8ea1d0de3a7bff0d24f

SHA1
f74f47daa5d9678038d92d51b127ad9bb6c4606b

SHA256
8e123d2d6e09872e37a0a2333bb9243605f8f6de2435f1fb8c516785d117353e

SHA512
585ee2c0ad6fd918e6f622270ad9c5bf55a6f63e1d79b5ffd7ac924f4bd77b8ace3f535e489fe29bfe12f07911dbf96b29c90c8c731c7ce43f29fee714c7613b

Download Submit
C:\Windows\system\adFxXog.exe

Filesize
6.0MB

MD5
b4015ee2a94031b1e94a78cbda1b5a20

SHA1
af37b83c2417eb5c3b67359c0a4460455cb49b69

SHA256
ce3f7dd89f4cda1b9c7b97856737066303cc9b1340b3ab347b15b3c68398dfcc

SHA512
0f85756c7e91dd220217b5b6972b6fd7324aab930141e66fbbe5e0243ca5fc4486d60f5e16b9bb2b62fc914816b926f5fd54dfca1b030e529ba94a792238757d

Download Submit
C:\Windows\system\cRSNjIq.exe

Filesize
6.0MB

MD5
10eee45020e8c8bfe59613a29cd115cf

SHA1
b0ccdb80d86a99d24fb4f09263dfafc0fc0ad569

SHA256
66374100bd34cd70e28d8f947c57b08458929c00a7d3d81e6b0d2e0acc386a22

SHA512
1588a034a98050c7dfce48fd4ae19db67117546bf14e28e902e6d83d4a3390709e5e3e292c2c63c0691875d546d141155c70272ba56c74d791671537ea4ce28d

Download Submit
C:\Windows\system\epXKlhy.exe

Filesize
6.0MB

MD5
276f73fdf61d235b414ff2fdb44f2215

SHA1
b9c49b1b6112533053afe4900f76957501a334d4

SHA256
500fc1bd6ccb2b55cf0be90be1a0c6c727d852d692f50637335b084d2c16a191

SHA512
452005a0efc27788b9a435a2a5230b11247dcc801150fe498267de99ea71d5431067682496af781b8249dc6ab84ae5a09c7ba357394406665a5abd05ac0003d9

Download Submit
C:\Windows\system\gIydqzH.exe

Filesize
6.0MB

MD5
ed0eb3988778f019a8a9d2f58f9e025e

SHA1
77074264c3f74993c3c3ca7adde4d8936748e83b

SHA256
cc22933ddb4ffe8e5bb3535e7163b6d62bfb113aa19e26c9aa6f4f454357ca30

SHA512
58dd14ab1a6d073ff3e6827f8f6c82b1c0d387dc544c57d4adbc7425b1e659c1bd5018f40caf27bf395807721b528c3ce3e8dd52510d2e9670b58ccac9ce858c

Download Submit
C:\Windows\system\jOGwpOD.exe

Filesize
6.0MB

MD5
67f6a9efb0bb004930652e07d7b56719

SHA1
d641b75516a1704e8a3d93ee6a5be7ccf500c441

SHA256
b26bcb8a6618b0052349ac485710fd2d23c7f09b0ed598fa5149a97ed7c3b8a3

SHA512
31ce702c3e1da1ca706e8713db14a46030a0f8cd014ebf0fd17f08856314606e32f358f678c9086c48dbcced4514a023ec0a08f2a4000933d24a218d93f79568

Download Submit
C:\Windows\system\kCaSMdn.exe

Filesize
6.0MB

MD5
0313b785fc6ee1d32db66fd2e052e086

SHA1
359a184fa63b846471615d04570a95484baa1a33

SHA256
1f362c48fb0424430d176a72bca84c526f20c4b5f3c3355fff5d311c6b9ee0ed

SHA512
e3e478a75eeb35df01d3523a27b45eb7a98f08e6e86927ff37f34e441306fb6078b4c4f215f09dc6ef3ad32114aa768bca27ec91f8d16e1371fc9d8c957dcac2

Download Submit
C:\Windows\system\ogOTHbp.exe

Filesize
6.0MB

MD5
e5baed337ff8d33951a91b85c781cfe1

SHA1
2222d214601c09432cf6f440ac31eb0806c037b3

SHA256
f6765b7be8808137dcc96309da7584cd3692a71bfb2149af83d45ec771700473

SHA512
8047d20b1bda6ed7d0933cb3cb993907efcf8498256fa4976f94462984a12cf0e2bffcaa5d1728565e6d54964a9c8f057fd50ff6760c561eb813ba768a2838a4

Download Submit
C:\Windows\system\qPesxtn.exe

Filesize
6.0MB

MD5
d24599b41e0e2f8d7ce6c73fa6284351

SHA1
a8a508799f1869bb1a1309332e384baaefa70f3c

SHA256
afe42821df276b836241b39c5c1519ef7ce6b09f614eff1e0a2cc80486347066

SHA512
a69f4bf6018a8e1673c7fdc11ec922287f165a07df8b6054e4cce1ab91bc9fb687223de5570da704b06be8dd8bd40fd0e73d0fe3acc15c6505fd4f1e4999e887

Download Submit
C:\Windows\system\snvmFwC.exe

Filesize
6.0MB

MD5
60a63042e614198ee98926e979dd808c

SHA1
bfc8b4be7fb769c65d4a5659f5ad641e9837ca6c

SHA256
c0615ea60adf56000d2d637da5f7b80b0b0196e33a73540f336c524a727ee0f7

SHA512
67c8c9b3616e4a064c724b815f2f9109ba966bbd36e69961126eb0c660f4ce0258af06c29e01668468dca6dd5c31c6eeca90ff767732b5c510caf375c219ff35

Download Submit
C:\Windows\system\yeBaYMx.exe

Filesize
6.0MB

MD5
fdbb626bfee34ed64e0b918a33d2fa07

SHA1
999ea61cd313afdfbefe6a2d61f6fa450888d6e5

SHA256
c7beb9ef80a17c8d7e4abf0d32ed2894866084a8dbdb25202fbd8e457948f1d4

SHA512
20ee0e5c25c275bea618171b770da42cd8ef9367932a053031d63bcf31a42a685844c5bdd5b3d336f137b98971e9e7e3e7a8d014d0d875b2a071626b27cc9f2f

Download Submit
C:\Windows\system\zAzXohZ.exe

Filesize
6.0MB

MD5
64c988dcc42e4df370a1ad71c03b5be6

SHA1
f61eb69da0cc7c52493bc4276cc047b186ab50d0

SHA256
23001ad1f491694ebb04b8e884cb9cfc8dfe458b31049110a44fd7ba688ad8d2

SHA512
04d81de9b58d78079e797a09616704950c7b8f628594eb275e4c8e739079e4ddc36c714733d32780a11563ff0ca83a265f5cff9d67b0b7fd91fdfeb7c6dcbd8a

Download Submit
\Windows\system\CAXCnOy.exe

Filesize
6.0MB

MD5
4613a608428ec913666b3b59659e45a8

SHA1
a11ffac08bc86d66eaa7cfd08c7ff2ad1bb4d9cc

SHA256
45a1568c08cd9a03ddbee235db7bbb678133ebc12a53c0f5563bfac089cf78c6

SHA512
f16f867d196b80ccde5f6748f9a46172c4f2df66a6745c621eb320033afa8353c6fbbccb689d0ac77e25082c98c9712509c8efda6cf70b1ec5838d471b9fad58

Download Submit
\Windows\system\QaHDUvn.exe

Filesize
6.0MB

MD5
fd96986e0fdd4d3593e7184a1b54ce4a

SHA1
2a987ff238e47f4ea0ac3500c71855b9f6e6a237

SHA256
581ed0f0d82c66ab4ef394a36de0e4a4c640ad4dff44eed182486ad2692cfb6b

SHA512
cbc4b13c24cbfba5530737b413d6c6f587b3eede50dcb951b8f6de45fa578b7343f3f8ca94d77421ee600a43346e212c40e7e7297fc6920813a8f706ca7c6702

Download Submit
\Windows\system\ShTrevm.exe

Filesize
6.0MB

MD5
0a06e578d75d0da4aa760b0b16850243

SHA1
bd695d71088b99e405fddd6bdb25c540c7272bc3

SHA256
ec8baa589ee9e17ae49b347563a6986e4f51f021ff7ce670d997b071a6f9d8ea

SHA512
01c63bca8c0ee3c22aaa9c71340db2fc2d03b8a46142a11d5f5f44e4dd7919ace29afc55d211efbb71f879fe9a91c0337263b96a8e93a6ce45dabd3b49de7243

Download Submit
\Windows\system\XfPYeMY.exe

Filesize
6.0MB

MD5
66e7336dd68852aa4604114da056d006

SHA1
d01daa1ebe3b8ef1dbabb956a8b14614feba7d4f

SHA256
7f4ace67d2a31fb1932064c0442ef28f37bdd61d09598e7a65dfa6da3b434ba5

SHA512
3ef388ea01c8ff665431fdad23e55c985ad777c12844fb31754c71d9dd087818377bc2d4b4db560d3c8687ca4d087e0cbbdf12379188c0f6b61a3b11cb30fe73

Download Submit
\Windows\system\dMkwgbU.exe

Filesize
6.0MB

MD5
4b5a4acb790e6d3ecf84868118b96592

SHA1
b89002c32d0fca883eb5e6b6e31355dc00dca195

SHA256
0cf336d17eccdc31c99d6d81d4d4bb78de3cffb237c7dec46c23d1a74a842c5b

SHA512
b0d7eaafbcd06920bed324a78caa1fe0924c7d9f6d9bb8c4724cb1c4081d0f42d6d0b489f260d3026996912f7150028be26d43e8340abaa9152d13c5b24ba684

Download Submit
\Windows\system\hUBoQBU.exe

Filesize
6.0MB

MD5
18d874186de8caac3fcb45702a7b0e15

SHA1
5b97d645fbcd67472bf0f21fa0ff69375ae08e32

SHA256
f490a09c46591109c4efbea9abfa6bdf19e95c82d16f83d506af4559f6be3be7

SHA512
b0d680f61f79fbedc9910aef4e7b4751b22ae4952fb746ab017fe3080d03908186c29672139b42564999e90f350aa1a978c335f6973c485200607e581f5120e9

Download Submit
\Windows\system\jgpEYme.exe

Filesize
6.0MB

MD5
bdea6e384206d45173e0e6af5b9d4301

SHA1
9ad0aa5611c42f3bb84c3e5e8907c0c0a355f633

SHA256
1417a24254f028d019644fe5b75b4119a136809dffe6c9f60bc67c6bc5c9a65b

SHA512
2f4e9433f401c59c8cecd36dac3573adc06da975c51b4bef49f8ffc887de7ecc4a48e26f9162a567451d26a3b5972e9243e3e1141b81ff763613c568ffdd1b38

Download Submit
memory/1544-97-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1544-814-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1544-3744-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1624-3730-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1624-418-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1624-82-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1728-3720-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1728-89-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1728-615-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1976-57-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3632-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-23-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-1722-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-106-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3736-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-53-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-101-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-715-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-867-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1725-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-337-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2308-20-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-18-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-31-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-38-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-111-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-110-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2308-0-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2308-46-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-6-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-70-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2308-93-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-92-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-62-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2308-25-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2308-102-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-41-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2308-78-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2372-42-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3671-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2372-81-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2464-19-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-3624-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-14-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-47-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3629-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-66-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-105-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3710-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-74-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2608-243-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3711-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2672-51-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4997-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3661-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2684-29-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2684-65-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3680-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2808-73-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2808-36-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3709-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-96-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-58-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download