cobaltstrike | ebe0d633d9c947624d209e27da76148c099a96cde46f7cae4af3faaef0afa568

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/09/2024, 21:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5a58d40dab3ce034b746d2e27120c070
SHA1

99e679c2d0d63cab69a59bb1d65adf1b1efa6e8e
SHA256

ebe0d633d9c947624d209e27da76148c099a96cde46f7cae4af3faaef0afa568
SHA512

13e887d075db0713c4def73e3e683e64ae9ef4b074b245e0552398749b1b5cd070295e79dcaea79fcc8f9ae1e0a77f0ad8563c6ca27703b1adea2156715f590c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001226a-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001612f-14.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161f6-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001658c-20.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001662e-23.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c62-51.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016aa9-42.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015e71-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-186.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-175.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-171.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-141.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-136.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-126.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-103.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-94.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-76.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-65.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016855-38.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2484-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001226a-6.dat	xmrig
behavioral1/memory/1532-9-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x000800000001612f-14.dat	xmrig
behavioral1/files/0x00080000000161f6-12.dat	xmrig
behavioral1/files/0x000700000001658c-20.dat	xmrig
behavioral1/files/0x000700000001662e-23.dat	xmrig
behavioral1/memory/2076-17-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c62-51.dat	xmrig
behavioral1/files/0x0008000000016aa9-42.dat	xmrig
behavioral1/memory/2912-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2672-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2076-46-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2348-78-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/1748-96-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0009000000015e71-116.dat	xmrig
behavioral1/memory/1400-1036-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/1748-826-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2352-614-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2348-445-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2672-229-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019244-196.dat	xmrig
behavioral1/files/0x000500000001922c-191.dat	xmrig
behavioral1/files/0x00050000000191d4-181.dat	xmrig
behavioral1/files/0x00050000000191ff-186.dat	xmrig
behavioral1/files/0x00060000000190e0-175.dat	xmrig
behavioral1/files/0x00060000000190ce-171.dat	xmrig
behavioral1/files/0x000600000001903b-166.dat	xmrig
behavioral1/files/0x0006000000018f53-161.dat	xmrig
behavioral1/files/0x0006000000018c26-156.dat	xmrig
behavioral1/files/0x0006000000018c1a-151.dat	xmrig
behavioral1/files/0x0005000000018792-146.dat	xmrig
behavioral1/files/0x0005000000018687-141.dat	xmrig
behavioral1/files/0x000d00000001866e-136.dat	xmrig
behavioral1/files/0x0014000000018663-131.dat	xmrig
behavioral1/files/0x0006000000017525-126.dat	xmrig
behavioral1/files/0x00060000000174a2-121.dat	xmrig
behavioral1/files/0x0006000000017487-112.dat	xmrig
behavioral1/memory/1400-105-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2756-104-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0006000000017472-103.dat	xmrig
behavioral1/memory/2912-100-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2828-95-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x00060000000173fc-94.dat	xmrig
behavioral1/memory/2352-87-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f4-86.dat	xmrig
behavioral1/memory/2484-84-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2484-83-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2692-77-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f1-76.dat	xmrig
behavioral1/memory/2640-74-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2644-60-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x000600000001706d-55.dat	xmrig
behavioral1/memory/2692-41-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/1040-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2756-66-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x00060000000173da-65.dat	xmrig
behavioral1/memory/2828-54-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2640-34-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2484-33-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2484-49-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/1040-30-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2644-27-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0007000000016855-38.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1532	kOPmsZn.exe
2076	NbgTLAF.exe
2644	vkRsmvf.exe
1040	nFapHMO.exe
2640	PCsnYZc.exe
2692	REUAHZs.exe
2828	AtUCwOP.exe
2912	xipuAfp.exe
2756	OzBCerE.exe
2672	rxqowzq.exe
2348	vtCpNDh.exe
2352	yHkOPRH.exe
1748	wusGkkb.exe
1400	JrAMFpt.exe
704	UgQtbzF.exe
2016	eRtGYTP.exe
1788	kPpbzhk.exe
1644	THMaNtN.exe
2868	ekrjlez.exe
1660	ttJeXLz.exe
2984	IQjjNDq.exe
2856	QyEZnvz.exe
1828	ZWUomix.exe
3004	RDJCfqJ.exe
408	eUsarhN.exe
2404	QnTzAKK.exe
2400	bErWSmJ.exe
1340	RcUgGhf.exe
1536	hASiGbB.exe
1956	BsgGHkG.exe
900	qbMfhJR.exe
2496	kHHxxkY.exe
1332	oIztTSw.exe
2180	ilvxFHW.exe
1344	yclDoNY.exe
1540	FAnfZkJ.exe
2220	KsPxcAi.exe
3040	yrjhXSU.exe
3020	MfvsYpU.exe
2056	DJQnYlX.exe
1940	kCPeRJR.exe
2448	kLrZfOT.exe
2452	dbZGSkr.exe
2456	BSCmXVJ.exe
992	xQAKcll.exe
304	YtChkPd.exe
1324	aduoOkd.exe
3036	uYvzYDM.exe
1576	HaPEtdO.exe
1604	DSkvSnh.exe
3056	EcbZjPJ.exe
2680	vrWHShy.exe
2816	kFsPytJ.exe
2804	LieoWkX.exe
2764	tMrvbgT.exe
2388	ePNGjUY.exe
3028	eczBLmJ.exe
1792	RhSgQqY.exe
1668	loDhOpB.exe
1988	DKYBpre.exe
284	MuuglYW.exe
2840	ovDtLep.exe
2596	WYEHfTN.exe
268	cCWNOad.exe

Loads dropped DLL 64 IoCs

pid	Process
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2484-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x000b00000001226a-6.dat	upx
behavioral1/memory/1532-9-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x000800000001612f-14.dat	upx
behavioral1/files/0x00080000000161f6-12.dat	upx
behavioral1/files/0x000700000001658c-20.dat	upx
behavioral1/files/0x000700000001662e-23.dat	upx
behavioral1/memory/2076-17-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0008000000016c62-51.dat	upx
behavioral1/files/0x0008000000016aa9-42.dat	upx
behavioral1/memory/2912-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2672-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2076-46-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2348-78-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/1748-96-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0009000000015e71-116.dat	upx
behavioral1/memory/1400-1036-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/1748-826-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2352-614-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2348-445-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2672-229-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0005000000019244-196.dat	upx
behavioral1/files/0x000500000001922c-191.dat	upx
behavioral1/files/0x00050000000191d4-181.dat	upx
behavioral1/files/0x00050000000191ff-186.dat	upx
behavioral1/files/0x00060000000190e0-175.dat	upx
behavioral1/files/0x00060000000190ce-171.dat	upx
behavioral1/files/0x000600000001903b-166.dat	upx
behavioral1/files/0x0006000000018f53-161.dat	upx
behavioral1/files/0x0006000000018c26-156.dat	upx
behavioral1/files/0x0006000000018c1a-151.dat	upx
behavioral1/files/0x0005000000018792-146.dat	upx
behavioral1/files/0x0005000000018687-141.dat	upx
behavioral1/files/0x000d00000001866e-136.dat	upx
behavioral1/files/0x0014000000018663-131.dat	upx
behavioral1/files/0x0006000000017525-126.dat	upx
behavioral1/files/0x00060000000174a2-121.dat	upx
behavioral1/files/0x0006000000017487-112.dat	upx
behavioral1/memory/1400-105-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2756-104-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0006000000017472-103.dat	upx
behavioral1/memory/2912-100-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2828-95-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x00060000000173fc-94.dat	upx
behavioral1/memory/2352-87-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x00060000000173f4-86.dat	upx
behavioral1/memory/2692-77-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x00060000000173f1-76.dat	upx
behavioral1/memory/2640-74-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2644-60-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x000600000001706d-55.dat	upx
behavioral1/memory/2692-41-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/1040-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2756-66-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x00060000000173da-65.dat	upx
behavioral1/memory/2828-54-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2640-34-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2484-33-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/1040-30-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2644-27-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0007000000016855-38.dat	upx
behavioral1/memory/2076-3742-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2644-3749-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/1532-3748-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mQXUvZQ.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLsmcgR.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvqPEiP.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUSblvR.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKASzdu.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoPoKVP.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWFyyfR.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHJAKOb.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqoeatc.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnZyftg.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFURXes.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrzfTTh.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Brcvkqe.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRCqbHa.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaCvLjt.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBhkAtW.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAjGjLT.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGXjzKC.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGISBGH.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELwIgXL.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLVUOBF.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sftckla.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HicwAoh.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPrYeST.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XytKjil.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGmHFiY.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnnNBuV.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKIbeWH.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnTEJZi.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOXZAjY.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgxLYnM.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSOJthp.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkTfIfq.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtCaeux.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBgmbbI.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crVXUuY.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHCGWiQ.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsAssVY.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkbnKbW.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYjanXG.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoCOwNm.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLmBvCL.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbvObMQ.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVJPqgm.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoLKzCR.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uCFaGtT.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMfKfdw.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXWDGrF.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUyTRqg.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVUbRZz.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzSEaER.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZkAEwU.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeTsudQ.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuxtALr.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvQFNyg.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGXvBQF.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muUAGPg.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGkThyM.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUJQbfD.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pASsacS.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAMKZqk.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipNGiOC.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzgaobZ.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXITAJj.exe	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1532	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2484 wrote to memory of 1532	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2484 wrote to memory of 1532	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2484 wrote to memory of 2076	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2484 wrote to memory of 2076	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2484 wrote to memory of 2076	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2484 wrote to memory of 1040	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2484 wrote to memory of 1040	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2484 wrote to memory of 1040	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2484 wrote to memory of 2644	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2484 wrote to memory of 2644	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2484 wrote to memory of 2644	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2484 wrote to memory of 2640	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2484 wrote to memory of 2640	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2484 wrote to memory of 2640	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2484 wrote to memory of 2692	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2484 wrote to memory of 2692	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2484 wrote to memory of 2692	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2484 wrote to memory of 2912	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2484 wrote to memory of 2912	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2484 wrote to memory of 2912	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2484 wrote to memory of 2828	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2484 wrote to memory of 2828	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2484 wrote to memory of 2828	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2484 wrote to memory of 2672	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2484 wrote to memory of 2672	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2484 wrote to memory of 2672	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2484 wrote to memory of 2756	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2484 wrote to memory of 2756	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2484 wrote to memory of 2756	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2484 wrote to memory of 2348	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2484 wrote to memory of 2348	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2484 wrote to memory of 2348	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2484 wrote to memory of 2352	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2484 wrote to memory of 2352	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2484 wrote to memory of 2352	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2484 wrote to memory of 1748	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2484 wrote to memory of 1748	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2484 wrote to memory of 1748	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2484 wrote to memory of 1400	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2484 wrote to memory of 1400	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2484 wrote to memory of 1400	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2484 wrote to memory of 704	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2484 wrote to memory of 704	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2484 wrote to memory of 704	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2484 wrote to memory of 2016	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2484 wrote to memory of 2016	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2484 wrote to memory of 2016	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2484 wrote to memory of 1788	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2484 wrote to memory of 1788	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2484 wrote to memory of 1788	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2484 wrote to memory of 1644	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2484 wrote to memory of 1644	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2484 wrote to memory of 1644	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2484 wrote to memory of 2868	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2484 wrote to memory of 2868	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2484 wrote to memory of 2868	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2484 wrote to memory of 1660	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2484 wrote to memory of 1660	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2484 wrote to memory of 1660	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2484 wrote to memory of 2984	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2484 wrote to memory of 2984	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2484 wrote to memory of 2984	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2484 wrote to memory of 2856	2484	2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-20_5a58d40dab3ce034b746d2e27120c070_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\System\kOPmsZn.exe
  C:\Windows\System\kOPmsZn.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\NbgTLAF.exe
  C:\Windows\System\NbgTLAF.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\nFapHMO.exe
  C:\Windows\System\nFapHMO.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\vkRsmvf.exe
  C:\Windows\System\vkRsmvf.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\PCsnYZc.exe
  C:\Windows\System\PCsnYZc.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\REUAHZs.exe
  C:\Windows\System\REUAHZs.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\xipuAfp.exe
  C:\Windows\System\xipuAfp.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\AtUCwOP.exe
  C:\Windows\System\AtUCwOP.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\rxqowzq.exe
  C:\Windows\System\rxqowzq.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\OzBCerE.exe
  C:\Windows\System\OzBCerE.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\vtCpNDh.exe
  C:\Windows\System\vtCpNDh.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\yHkOPRH.exe
  C:\Windows\System\yHkOPRH.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\wusGkkb.exe
  C:\Windows\System\wusGkkb.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\JrAMFpt.exe
  C:\Windows\System\JrAMFpt.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\UgQtbzF.exe
  C:\Windows\System\UgQtbzF.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\eRtGYTP.exe
  C:\Windows\System\eRtGYTP.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\kPpbzhk.exe
  C:\Windows\System\kPpbzhk.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\THMaNtN.exe
  C:\Windows\System\THMaNtN.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\ekrjlez.exe
  C:\Windows\System\ekrjlez.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ttJeXLz.exe
  C:\Windows\System\ttJeXLz.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\IQjjNDq.exe
  C:\Windows\System\IQjjNDq.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\QyEZnvz.exe
  C:\Windows\System\QyEZnvz.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ZWUomix.exe
  C:\Windows\System\ZWUomix.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\RDJCfqJ.exe
  C:\Windows\System\RDJCfqJ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\eUsarhN.exe
  C:\Windows\System\eUsarhN.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\QnTzAKK.exe
  C:\Windows\System\QnTzAKK.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\bErWSmJ.exe
  C:\Windows\System\bErWSmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\RcUgGhf.exe
  C:\Windows\System\RcUgGhf.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\hASiGbB.exe
  C:\Windows\System\hASiGbB.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\BsgGHkG.exe
  C:\Windows\System\BsgGHkG.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\qbMfhJR.exe
  C:\Windows\System\qbMfhJR.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\kHHxxkY.exe
  C:\Windows\System\kHHxxkY.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\oIztTSw.exe
  C:\Windows\System\oIztTSw.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\ilvxFHW.exe
  C:\Windows\System\ilvxFHW.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\yclDoNY.exe
  C:\Windows\System\yclDoNY.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\FAnfZkJ.exe
  C:\Windows\System\FAnfZkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\KsPxcAi.exe
  C:\Windows\System\KsPxcAi.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\yrjhXSU.exe
  C:\Windows\System\yrjhXSU.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\MfvsYpU.exe
  C:\Windows\System\MfvsYpU.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\DJQnYlX.exe
  C:\Windows\System\DJQnYlX.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\kCPeRJR.exe
  C:\Windows\System\kCPeRJR.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\kLrZfOT.exe
  C:\Windows\System\kLrZfOT.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\dbZGSkr.exe
  C:\Windows\System\dbZGSkr.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\BSCmXVJ.exe
  C:\Windows\System\BSCmXVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\xQAKcll.exe
  C:\Windows\System\xQAKcll.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\YtChkPd.exe
  C:\Windows\System\YtChkPd.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\aduoOkd.exe
  C:\Windows\System\aduoOkd.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\uYvzYDM.exe
  C:\Windows\System\uYvzYDM.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\HaPEtdO.exe
  C:\Windows\System\HaPEtdO.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\DSkvSnh.exe
  C:\Windows\System\DSkvSnh.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\EcbZjPJ.exe
  C:\Windows\System\EcbZjPJ.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\vrWHShy.exe
  C:\Windows\System\vrWHShy.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\kFsPytJ.exe
  C:\Windows\System\kFsPytJ.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\LieoWkX.exe
  C:\Windows\System\LieoWkX.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\tMrvbgT.exe
  C:\Windows\System\tMrvbgT.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ePNGjUY.exe
  C:\Windows\System\ePNGjUY.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\eczBLmJ.exe
  C:\Windows\System\eczBLmJ.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\RhSgQqY.exe
  C:\Windows\System\RhSgQqY.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\loDhOpB.exe
  C:\Windows\System\loDhOpB.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\DKYBpre.exe
  C:\Windows\System\DKYBpre.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\MuuglYW.exe
  C:\Windows\System\MuuglYW.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\ovDtLep.exe
  C:\Windows\System\ovDtLep.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\WYEHfTN.exe
  C:\Windows\System\WYEHfTN.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\cCWNOad.exe
  C:\Windows\System\cCWNOad.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\vRfJOTH.exe
  C:\Windows\System\vRfJOTH.exe
  2⤵
  PID:2884
- C:\Windows\System\OZsCaOh.exe
  C:\Windows\System\OZsCaOh.exe
  2⤵
  PID:2792
- C:\Windows\System\aIGkBho.exe
  C:\Windows\System\aIGkBho.exe
  2⤵
  PID:1864
- C:\Windows\System\eMfKfdw.exe
  C:\Windows\System\eMfKfdw.exe
  2⤵
  PID:1364
- C:\Windows\System\jVqZTlq.exe
  C:\Windows\System\jVqZTlq.exe
  2⤵
  PID:1728
- C:\Windows\System\sZQvWfu.exe
  C:\Windows\System\sZQvWfu.exe
  2⤵
  PID:2028
- C:\Windows\System\gpaAWTg.exe
  C:\Windows\System\gpaAWTg.exe
  2⤵
  PID:2944
- C:\Windows\System\CskZahs.exe
  C:\Windows\System\CskZahs.exe
  2⤵
  PID:1456
- C:\Windows\System\JKuPFeA.exe
  C:\Windows\System\JKuPFeA.exe
  2⤵
  PID:1952
- C:\Windows\System\NhnEYxk.exe
  C:\Windows\System\NhnEYxk.exe
  2⤵
  PID:2316
- C:\Windows\System\qouxULq.exe
  C:\Windows\System\qouxULq.exe
  2⤵
  PID:1760
- C:\Windows\System\QroHFoP.exe
  C:\Windows\System\QroHFoP.exe
  2⤵
  PID:2120
- C:\Windows\System\EcVIyal.exe
  C:\Windows\System\EcVIyal.exe
  2⤵
  PID:2972
- C:\Windows\System\WtmjmvU.exe
  C:\Windows\System\WtmjmvU.exe
  2⤵
  PID:884
- C:\Windows\System\rijuNNN.exe
  C:\Windows\System\rijuNNN.exe
  2⤵
  PID:1600
- C:\Windows\System\JWjsMbk.exe
  C:\Windows\System\JWjsMbk.exe
  2⤵
  PID:1784
- C:\Windows\System\qSUYwpv.exe
  C:\Windows\System\qSUYwpv.exe
  2⤵
  PID:1992
- C:\Windows\System\rjXCQrI.exe
  C:\Windows\System\rjXCQrI.exe
  2⤵
  PID:2900
- C:\Windows\System\mbAodBz.exe
  C:\Windows\System\mbAodBz.exe
  2⤵
  PID:2600
- C:\Windows\System\QuDeuVg.exe
  C:\Windows\System\QuDeuVg.exe
  2⤵
  PID:1716
- C:\Windows\System\XzbgPPO.exe
  C:\Windows\System\XzbgPPO.exe
  2⤵
  PID:2288
- C:\Windows\System\qzOqBnI.exe
  C:\Windows\System\qzOqBnI.exe
  2⤵
  PID:484
- C:\Windows\System\cSgosgP.exe
  C:\Windows\System\cSgosgP.exe
  2⤵
  PID:1652
- C:\Windows\System\OggZBVx.exe
  C:\Windows\System\OggZBVx.exe
  2⤵
  PID:1244
- C:\Windows\System\rhXgorH.exe
  C:\Windows\System\rhXgorH.exe
  2⤵
  PID:2936
- C:\Windows\System\TgFueJL.exe
  C:\Windows\System\TgFueJL.exe
  2⤵
  PID:1804
- C:\Windows\System\WiiXeMZ.exe
  C:\Windows\System\WiiXeMZ.exe
  2⤵
  PID:328
- C:\Windows\System\DZOksrT.exe
  C:\Windows\System\DZOksrT.exe
  2⤵
  PID:1688
- C:\Windows\System\AvqPEiP.exe
  C:\Windows\System\AvqPEiP.exe
  2⤵
  PID:776
- C:\Windows\System\hTmbUJN.exe
  C:\Windows\System\hTmbUJN.exe
  2⤵
  PID:1820
- C:\Windows\System\gcJgGBj.exe
  C:\Windows\System\gcJgGBj.exe
  2⤵
  PID:2172
- C:\Windows\System\SxmOoLP.exe
  C:\Windows\System\SxmOoLP.exe
  2⤵
  PID:2072
- C:\Windows\System\bMJlaWw.exe
  C:\Windows\System\bMJlaWw.exe
  2⤵
  PID:1512
- C:\Windows\System\gtXCisi.exe
  C:\Windows\System\gtXCisi.exe
  2⤵
  PID:820
- C:\Windows\System\dZVQloX.exe
  C:\Windows\System\dZVQloX.exe
  2⤵
  PID:2964
- C:\Windows\System\wNURogN.exe
  C:\Windows\System\wNURogN.exe
  2⤵
  PID:2744
- C:\Windows\System\yiKyPcz.exe
  C:\Windows\System\yiKyPcz.exe
  2⤵
  PID:3088
- C:\Windows\System\dKaOHSx.exe
  C:\Windows\System\dKaOHSx.exe
  2⤵
  PID:3104
- C:\Windows\System\pYRIpRB.exe
  C:\Windows\System\pYRIpRB.exe
  2⤵
  PID:3124
- C:\Windows\System\lukkkaY.exe
  C:\Windows\System\lukkkaY.exe
  2⤵
  PID:3144
- C:\Windows\System\UJoBgAB.exe
  C:\Windows\System\UJoBgAB.exe
  2⤵
  PID:3168
- C:\Windows\System\aVOGVUZ.exe
  C:\Windows\System\aVOGVUZ.exe
  2⤵
  PID:3188
- C:\Windows\System\XCrGIFe.exe
  C:\Windows\System\XCrGIFe.exe
  2⤵
  PID:3208
- C:\Windows\System\ByyHoXz.exe
  C:\Windows\System\ByyHoXz.exe
  2⤵
  PID:3228
- C:\Windows\System\JAINwfI.exe
  C:\Windows\System\JAINwfI.exe
  2⤵
  PID:3248
- C:\Windows\System\GiJXbxh.exe
  C:\Windows\System\GiJXbxh.exe
  2⤵
  PID:3268
- C:\Windows\System\NYnFNME.exe
  C:\Windows\System\NYnFNME.exe
  2⤵
  PID:3288
- C:\Windows\System\wVupPwr.exe
  C:\Windows\System\wVupPwr.exe
  2⤵
  PID:3308
- C:\Windows\System\NBgmbbI.exe
  C:\Windows\System\NBgmbbI.exe
  2⤵
  PID:3328
- C:\Windows\System\zDWBHYM.exe
  C:\Windows\System\zDWBHYM.exe
  2⤵
  PID:3348
- C:\Windows\System\ZdUstpx.exe
  C:\Windows\System\ZdUstpx.exe
  2⤵
  PID:3372
- C:\Windows\System\epzVCln.exe
  C:\Windows\System\epzVCln.exe
  2⤵
  PID:3392
- C:\Windows\System\ZkFQvZr.exe
  C:\Windows\System\ZkFQvZr.exe
  2⤵
  PID:3412
- C:\Windows\System\FsaSJGn.exe
  C:\Windows\System\FsaSJGn.exe
  2⤵
  PID:3432
- C:\Windows\System\CWHaICD.exe
  C:\Windows\System\CWHaICD.exe
  2⤵
  PID:3452
- C:\Windows\System\kyMTmZp.exe
  C:\Windows\System\kyMTmZp.exe
  2⤵
  PID:3472
- C:\Windows\System\VbvObMQ.exe
  C:\Windows\System\VbvObMQ.exe
  2⤵
  PID:3492
- C:\Windows\System\neBKfCT.exe
  C:\Windows\System\neBKfCT.exe
  2⤵
  PID:3512
- C:\Windows\System\nqEWRbQ.exe
  C:\Windows\System\nqEWRbQ.exe
  2⤵
  PID:3532
- C:\Windows\System\TuLwChb.exe
  C:\Windows\System\TuLwChb.exe
  2⤵
  PID:3552
- C:\Windows\System\IvxYBmI.exe
  C:\Windows\System\IvxYBmI.exe
  2⤵
  PID:3572
- C:\Windows\System\eUdpPLB.exe
  C:\Windows\System\eUdpPLB.exe
  2⤵
  PID:3592
- C:\Windows\System\IPvCBgr.exe
  C:\Windows\System\IPvCBgr.exe
  2⤵
  PID:3612
- C:\Windows\System\hQjioiu.exe
  C:\Windows\System\hQjioiu.exe
  2⤵
  PID:3632
- C:\Windows\System\WBlGJFO.exe
  C:\Windows\System\WBlGJFO.exe
  2⤵
  PID:3652
- C:\Windows\System\QhHmBRR.exe
  C:\Windows\System\QhHmBRR.exe
  2⤵
  PID:3672
- C:\Windows\System\DSmDXTc.exe
  C:\Windows\System\DSmDXTc.exe
  2⤵
  PID:3692
- C:\Windows\System\oEOlXYz.exe
  C:\Windows\System\oEOlXYz.exe
  2⤵
  PID:3712
- C:\Windows\System\qDfqBmg.exe
  C:\Windows\System\qDfqBmg.exe
  2⤵
  PID:3732
- C:\Windows\System\HsQtDNS.exe
  C:\Windows\System\HsQtDNS.exe
  2⤵
  PID:3752
- C:\Windows\System\jlrshyu.exe
  C:\Windows\System\jlrshyu.exe
  2⤵
  PID:3772
- C:\Windows\System\FSbALxB.exe
  C:\Windows\System\FSbALxB.exe
  2⤵
  PID:3792
- C:\Windows\System\ZwXcnkk.exe
  C:\Windows\System\ZwXcnkk.exe
  2⤵
  PID:3812
- C:\Windows\System\WzsRqAp.exe
  C:\Windows\System\WzsRqAp.exe
  2⤵
  PID:3832
- C:\Windows\System\uXJtGFb.exe
  C:\Windows\System\uXJtGFb.exe
  2⤵
  PID:3852
- C:\Windows\System\mhcygia.exe
  C:\Windows\System\mhcygia.exe
  2⤵
  PID:3876
- C:\Windows\System\FdpacGl.exe
  C:\Windows\System\FdpacGl.exe
  2⤵
  PID:3896
- C:\Windows\System\ChOoUFN.exe
  C:\Windows\System\ChOoUFN.exe
  2⤵
  PID:3916
- C:\Windows\System\qKSUNKf.exe
  C:\Windows\System\qKSUNKf.exe
  2⤵
  PID:3936
- C:\Windows\System\vqomLBm.exe
  C:\Windows\System\vqomLBm.exe
  2⤵
  PID:3956
- C:\Windows\System\AxzWrck.exe
  C:\Windows\System\AxzWrck.exe
  2⤵
  PID:3976
- C:\Windows\System\wlQxaeo.exe
  C:\Windows\System\wlQxaeo.exe
  2⤵
  PID:3996
- C:\Windows\System\sRMJVyk.exe
  C:\Windows\System\sRMJVyk.exe
  2⤵
  PID:4016
- C:\Windows\System\nwaxDrY.exe
  C:\Windows\System\nwaxDrY.exe
  2⤵
  PID:4036
- C:\Windows\System\HmCQgvz.exe
  C:\Windows\System\HmCQgvz.exe
  2⤵
  PID:4056
- C:\Windows\System\gpxBFnX.exe
  C:\Windows\System\gpxBFnX.exe
  2⤵
  PID:4076
- C:\Windows\System\rqhqwKB.exe
  C:\Windows\System\rqhqwKB.exe
  2⤵
  PID:552
- C:\Windows\System\kERYWJG.exe
  C:\Windows\System\kERYWJG.exe
  2⤵
  PID:2648
- C:\Windows\System\UrzMfsb.exe
  C:\Windows\System\UrzMfsb.exe
  2⤵
  PID:988
- C:\Windows\System\YgWUldI.exe
  C:\Windows\System\YgWUldI.exe
  2⤵
  PID:2300
- C:\Windows\System\HQRkZjT.exe
  C:\Windows\System\HQRkZjT.exe
  2⤵
  PID:2632
- C:\Windows\System\tHqWbwu.exe
  C:\Windows\System\tHqWbwu.exe
  2⤵
  PID:1560
- C:\Windows\System\kaoNCCy.exe
  C:\Windows\System\kaoNCCy.exe
  2⤵
  PID:2112
- C:\Windows\System\lCoTPxG.exe
  C:\Windows\System\lCoTPxG.exe
  2⤵
  PID:596
- C:\Windows\System\qrXcygY.exe
  C:\Windows\System\qrXcygY.exe
  2⤵
  PID:2952
- C:\Windows\System\NeYLuAa.exe
  C:\Windows\System\NeYLuAa.exe
  2⤵
  PID:1516
- C:\Windows\System\WxFvjNq.exe
  C:\Windows\System\WxFvjNq.exe
  2⤵
  PID:2532
- C:\Windows\System\nDlsGJr.exe
  C:\Windows\System\nDlsGJr.exe
  2⤵
  PID:3112
- C:\Windows\System\fBoJZJb.exe
  C:\Windows\System\fBoJZJb.exe
  2⤵
  PID:3100
- C:\Windows\System\SipBoED.exe
  C:\Windows\System\SipBoED.exe
  2⤵
  PID:3136
- C:\Windows\System\vzBINmj.exe
  C:\Windows\System\vzBINmj.exe
  2⤵
  PID:3196
- C:\Windows\System\HhBoAFh.exe
  C:\Windows\System\HhBoAFh.exe
  2⤵
  PID:3244
- C:\Windows\System\tXmbnzY.exe
  C:\Windows\System\tXmbnzY.exe
  2⤵
  PID:3284
- C:\Windows\System\JtSNXhS.exe
  C:\Windows\System\JtSNXhS.exe
  2⤵
  PID:3296
- C:\Windows\System\SSlNFNv.exe
  C:\Windows\System\SSlNFNv.exe
  2⤵
  PID:3320
- C:\Windows\System\BSQUGzs.exe
  C:\Windows\System\BSQUGzs.exe
  2⤵
  PID:3368
- C:\Windows\System\PMveOMp.exe
  C:\Windows\System\PMveOMp.exe
  2⤵
  PID:3384
- C:\Windows\System\lSmFidT.exe
  C:\Windows\System\lSmFidT.exe
  2⤵
  PID:3448
- C:\Windows\System\HezdvpI.exe
  C:\Windows\System\HezdvpI.exe
  2⤵
  PID:3464
- C:\Windows\System\crVXUuY.exe
  C:\Windows\System\crVXUuY.exe
  2⤵
  PID:3520
- C:\Windows\System\QAttWfp.exe
  C:\Windows\System\QAttWfp.exe
  2⤵
  PID:3540
- C:\Windows\System\klQDaej.exe
  C:\Windows\System\klQDaej.exe
  2⤵
  PID:3544
- C:\Windows\System\qihxfIM.exe
  C:\Windows\System\qihxfIM.exe
  2⤵
  PID:3584
- C:\Windows\System\WbeGrSQ.exe
  C:\Windows\System\WbeGrSQ.exe
  2⤵
  PID:3640
- C:\Windows\System\EBLLvQe.exe
  C:\Windows\System\EBLLvQe.exe
  2⤵
  PID:3664
- C:\Windows\System\VbglrQm.exe
  C:\Windows\System\VbglrQm.exe
  2⤵
  PID:3700
- C:\Windows\System\RatgxKC.exe
  C:\Windows\System\RatgxKC.exe
  2⤵
  PID:3740
- C:\Windows\System\HbTKazy.exe
  C:\Windows\System\HbTKazy.exe
  2⤵
  PID:3764
- C:\Windows\System\uOwMiTO.exe
  C:\Windows\System\uOwMiTO.exe
  2⤵
  PID:3808
- C:\Windows\System\vrkIBwe.exe
  C:\Windows\System\vrkIBwe.exe
  2⤵
  PID:3840
- C:\Windows\System\DgUNoIO.exe
  C:\Windows\System\DgUNoIO.exe
  2⤵
  PID:3884
- C:\Windows\System\fyDMFry.exe
  C:\Windows\System\fyDMFry.exe
  2⤵
  PID:3932
- C:\Windows\System\jvgfszE.exe
  C:\Windows\System\jvgfszE.exe
  2⤵
  PID:3964
- C:\Windows\System\WPClQtv.exe
  C:\Windows\System\WPClQtv.exe
  2⤵
  PID:3968
- C:\Windows\System\NQOIYwD.exe
  C:\Windows\System\NQOIYwD.exe
  2⤵
  PID:4012
- C:\Windows\System\USEwMqQ.exe
  C:\Windows\System\USEwMqQ.exe
  2⤵
  PID:4028
- C:\Windows\System\SCrPhBW.exe
  C:\Windows\System\SCrPhBW.exe
  2⤵
  PID:4064
- C:\Windows\System\TcqjmAk.exe
  C:\Windows\System\TcqjmAk.exe
  2⤵
  PID:2280
- C:\Windows\System\wPilTFD.exe
  C:\Windows\System\wPilTFD.exe
  2⤵
  PID:1408
- C:\Windows\System\sOYNHVu.exe
  C:\Windows\System\sOYNHVu.exe
  2⤵
  PID:616
- C:\Windows\System\VYIqJLc.exe
  C:\Windows\System\VYIqJLc.exe
  2⤵
  PID:1736
- C:\Windows\System\GDRnnhF.exe
  C:\Windows\System\GDRnnhF.exe
  2⤵
  PID:2360
- C:\Windows\System\mQXUvZQ.exe
  C:\Windows\System\mQXUvZQ.exe
  2⤵
  PID:2328
- C:\Windows\System\CVGNZay.exe
  C:\Windows\System\CVGNZay.exe
  2⤵
  PID:2588
- C:\Windows\System\trCWSku.exe
  C:\Windows\System\trCWSku.exe
  2⤵
  PID:3132
- C:\Windows\System\CDYTsaE.exe
  C:\Windows\System\CDYTsaE.exe
  2⤵
  PID:3224
- C:\Windows\System\WHFkrZn.exe
  C:\Windows\System\WHFkrZn.exe
  2⤵
  PID:3220
- C:\Windows\System\oorynEb.exe
  C:\Windows\System\oorynEb.exe
  2⤵
  PID:3324
- C:\Windows\System\lxiGUYB.exe
  C:\Windows\System\lxiGUYB.exe
  2⤵
  PID:3388
- C:\Windows\System\MQccJIo.exe
  C:\Windows\System\MQccJIo.exe
  2⤵
  PID:3420
- C:\Windows\System\ENPDVTd.exe
  C:\Windows\System\ENPDVTd.exe
  2⤵
  PID:3508
- C:\Windows\System\tluEkte.exe
  C:\Windows\System\tluEkte.exe
  2⤵
  PID:3600
- C:\Windows\System\RbmAmrD.exe
  C:\Windows\System\RbmAmrD.exe
  2⤵
  PID:3644
- C:\Windows\System\BGXkSTI.exe
  C:\Windows\System\BGXkSTI.exe
  2⤵
  PID:3660
- C:\Windows\System\FKHLkus.exe
  C:\Windows\System\FKHLkus.exe
  2⤵
  PID:3780
- C:\Windows\System\LzwJZTc.exe
  C:\Windows\System\LzwJZTc.exe
  2⤵
  PID:3788
- C:\Windows\System\MPKyJwJ.exe
  C:\Windows\System\MPKyJwJ.exe
  2⤵
  PID:3820
- C:\Windows\System\ejJnpgD.exe
  C:\Windows\System\ejJnpgD.exe
  2⤵
  PID:3912
- C:\Windows\System\mgfAFZM.exe
  C:\Windows\System\mgfAFZM.exe
  2⤵
  PID:3992
- C:\Windows\System\dhsaLtR.exe
  C:\Windows\System\dhsaLtR.exe
  2⤵
  PID:3952
- C:\Windows\System\FUSblvR.exe
  C:\Windows\System\FUSblvR.exe
  2⤵
  PID:4032
- C:\Windows\System\kfxDDnI.exe
  C:\Windows\System\kfxDDnI.exe
  2⤵
  PID:4068
- C:\Windows\System\MqEuncO.exe
  C:\Windows\System\MqEuncO.exe
  2⤵
  PID:2224
- C:\Windows\System\roVTXWF.exe
  C:\Windows\System\roVTXWF.exe
  2⤵
  PID:2004
- C:\Windows\System\uAyWMnF.exe
  C:\Windows\System\uAyWMnF.exe
  2⤵
  PID:2340
- C:\Windows\System\GGZOkIr.exe
  C:\Windows\System\GGZOkIr.exe
  2⤵
  PID:3152
- C:\Windows\System\nIlnfTZ.exe
  C:\Windows\System\nIlnfTZ.exe
  2⤵
  PID:3216
- C:\Windows\System\MroNzUm.exe
  C:\Windows\System\MroNzUm.exe
  2⤵
  PID:3380
- C:\Windows\System\gcRqWTL.exe
  C:\Windows\System\gcRqWTL.exe
  2⤵
  PID:3424
- C:\Windows\System\uuxYIif.exe
  C:\Windows\System\uuxYIif.exe
  2⤵
  PID:3484
- C:\Windows\System\gLFPBLW.exe
  C:\Windows\System\gLFPBLW.exe
  2⤵
  PID:3620
- C:\Windows\System\PFheTYE.exe
  C:\Windows\System\PFheTYE.exe
  2⤵
  PID:3724
- C:\Windows\System\CYVyQHL.exe
  C:\Windows\System\CYVyQHL.exe
  2⤵
  PID:3760
- C:\Windows\System\vtOMtKB.exe
  C:\Windows\System\vtOMtKB.exe
  2⤵
  PID:3892
- C:\Windows\System\WcatPhl.exe
  C:\Windows\System\WcatPhl.exe
  2⤵
  PID:3988
- C:\Windows\System\KeAponY.exe
  C:\Windows\System\KeAponY.exe
  2⤵
  PID:2560
- C:\Windows\System\KXBAmhG.exe
  C:\Windows\System\KXBAmhG.exe
  2⤵
  PID:4100
- C:\Windows\System\jQbmZoJ.exe
  C:\Windows\System\jQbmZoJ.exe
  2⤵
  PID:4120
- C:\Windows\System\xfzwwOP.exe
  C:\Windows\System\xfzwwOP.exe
  2⤵
  PID:4140
- C:\Windows\System\GfJdXck.exe
  C:\Windows\System\GfJdXck.exe
  2⤵
  PID:4160
- C:\Windows\System\EpiTIjp.exe
  C:\Windows\System\EpiTIjp.exe
  2⤵
  PID:4180
- C:\Windows\System\YMrahmK.exe
  C:\Windows\System\YMrahmK.exe
  2⤵
  PID:4200
- C:\Windows\System\zstlyMI.exe
  C:\Windows\System\zstlyMI.exe
  2⤵
  PID:4220
- C:\Windows\System\KyhOfqu.exe
  C:\Windows\System\KyhOfqu.exe
  2⤵
  PID:4240
- C:\Windows\System\iaruoip.exe
  C:\Windows\System\iaruoip.exe
  2⤵
  PID:4260
- C:\Windows\System\yEIhxZY.exe
  C:\Windows\System\yEIhxZY.exe
  2⤵
  PID:4280
- C:\Windows\System\rfUvpHj.exe
  C:\Windows\System\rfUvpHj.exe
  2⤵
  PID:4304
- C:\Windows\System\OOusDFI.exe
  C:\Windows\System\OOusDFI.exe
  2⤵
  PID:4324
- C:\Windows\System\BvhCIJA.exe
  C:\Windows\System\BvhCIJA.exe
  2⤵
  PID:4344
- C:\Windows\System\DLarmbc.exe
  C:\Windows\System\DLarmbc.exe
  2⤵
  PID:4364
- C:\Windows\System\WXMVhsm.exe
  C:\Windows\System\WXMVhsm.exe
  2⤵
  PID:4384
- C:\Windows\System\AnRUsLj.exe
  C:\Windows\System\AnRUsLj.exe
  2⤵
  PID:4404
- C:\Windows\System\eSuvrIn.exe
  C:\Windows\System\eSuvrIn.exe
  2⤵
  PID:4424
- C:\Windows\System\kIgNfUg.exe
  C:\Windows\System\kIgNfUg.exe
  2⤵
  PID:4444
- C:\Windows\System\OexOvfu.exe
  C:\Windows\System\OexOvfu.exe
  2⤵
  PID:4464
- C:\Windows\System\tVvnXpW.exe
  C:\Windows\System\tVvnXpW.exe
  2⤵
  PID:4484
- C:\Windows\System\QTrcTTk.exe
  C:\Windows\System\QTrcTTk.exe
  2⤵
  PID:4504
- C:\Windows\System\KEugoNW.exe
  C:\Windows\System\KEugoNW.exe
  2⤵
  PID:4524
- C:\Windows\System\oXbvzgf.exe
  C:\Windows\System\oXbvzgf.exe
  2⤵
  PID:4544
- C:\Windows\System\ySfRvpt.exe
  C:\Windows\System\ySfRvpt.exe
  2⤵
  PID:4564
- C:\Windows\System\bXkuiRF.exe
  C:\Windows\System\bXkuiRF.exe
  2⤵
  PID:4584
- C:\Windows\System\fkYkMGa.exe
  C:\Windows\System\fkYkMGa.exe
  2⤵
  PID:4604
- C:\Windows\System\auBiilX.exe
  C:\Windows\System\auBiilX.exe
  2⤵
  PID:4624
- C:\Windows\System\FFUNZOY.exe
  C:\Windows\System\FFUNZOY.exe
  2⤵
  PID:4644
- C:\Windows\System\FhwRKPs.exe
  C:\Windows\System\FhwRKPs.exe
  2⤵
  PID:4664
- C:\Windows\System\XexCaZC.exe
  C:\Windows\System\XexCaZC.exe
  2⤵
  PID:4684
- C:\Windows\System\HMhZFQD.exe
  C:\Windows\System\HMhZFQD.exe
  2⤵
  PID:4704
- C:\Windows\System\sGISBGH.exe
  C:\Windows\System\sGISBGH.exe
  2⤵
  PID:4724
- C:\Windows\System\rNUWgtV.exe
  C:\Windows\System\rNUWgtV.exe
  2⤵
  PID:4744
- C:\Windows\System\godmIUv.exe
  C:\Windows\System\godmIUv.exe
  2⤵
  PID:4764
- C:\Windows\System\yTnqUpR.exe
  C:\Windows\System\yTnqUpR.exe
  2⤵
  PID:4784
- C:\Windows\System\oIhQglt.exe
  C:\Windows\System\oIhQglt.exe
  2⤵
  PID:4804
- C:\Windows\System\sdGqSYz.exe
  C:\Windows\System\sdGqSYz.exe
  2⤵
  PID:4824
- C:\Windows\System\tYqIvME.exe
  C:\Windows\System\tYqIvME.exe
  2⤵
  PID:4844
- C:\Windows\System\sAwJuVl.exe
  C:\Windows\System\sAwJuVl.exe
  2⤵
  PID:4864
- C:\Windows\System\pTLpNUk.exe
  C:\Windows\System\pTLpNUk.exe
  2⤵
  PID:4884
- C:\Windows\System\vNrzpTS.exe
  C:\Windows\System\vNrzpTS.exe
  2⤵
  PID:4904
- C:\Windows\System\qsEidLz.exe
  C:\Windows\System\qsEidLz.exe
  2⤵
  PID:4924
- C:\Windows\System\mYQSeXu.exe
  C:\Windows\System\mYQSeXu.exe
  2⤵
  PID:4948
- C:\Windows\System\sMndHQp.exe
  C:\Windows\System\sMndHQp.exe
  2⤵
  PID:4968
- C:\Windows\System\lnHjcrT.exe
  C:\Windows\System\lnHjcrT.exe
  2⤵
  PID:4988
- C:\Windows\System\UgxOhwE.exe
  C:\Windows\System\UgxOhwE.exe
  2⤵
  PID:5008
- C:\Windows\System\mMPFeIG.exe
  C:\Windows\System\mMPFeIG.exe
  2⤵
  PID:5028
- C:\Windows\System\CtdZeXB.exe
  C:\Windows\System\CtdZeXB.exe
  2⤵
  PID:5048
- C:\Windows\System\HLopImM.exe
  C:\Windows\System\HLopImM.exe
  2⤵
  PID:5068
- C:\Windows\System\ilImXZC.exe
  C:\Windows\System\ilImXZC.exe
  2⤵
  PID:5088
- C:\Windows\System\wHZqhzD.exe
  C:\Windows\System\wHZqhzD.exe
  2⤵
  PID:5108
- C:\Windows\System\vGahpNP.exe
  C:\Windows\System\vGahpNP.exe
  2⤵
  PID:2232
- C:\Windows\System\OIuPugz.exe
  C:\Windows\System\OIuPugz.exe
  2⤵
  PID:3164
- C:\Windows\System\IuaUzLf.exe
  C:\Windows\System\IuaUzLf.exe
  2⤵
  PID:3264
- C:\Windows\System\utQlkOB.exe
  C:\Windows\System\utQlkOB.exe
  2⤵
  PID:3344
- C:\Windows\System\YhXJZKJ.exe
  C:\Windows\System\YhXJZKJ.exe
  2⤵
  PID:3588
- C:\Windows\System\dpMWVwV.exe
  C:\Windows\System\dpMWVwV.exe
  2⤵
  PID:3624
- C:\Windows\System\NSYSucr.exe
  C:\Windows\System\NSYSucr.exe
  2⤵
  PID:4044
- C:\Windows\System\qiCaNkF.exe
  C:\Windows\System\qiCaNkF.exe
  2⤵
  PID:2572
- C:\Windows\System\KeAoXoG.exe
  C:\Windows\System\KeAoXoG.exe
  2⤵
  PID:4108
- C:\Windows\System\TqxzzWM.exe
  C:\Windows\System\TqxzzWM.exe
  2⤵
  PID:4132
- C:\Windows\System\hhJddIF.exe
  C:\Windows\System\hhJddIF.exe
  2⤵
  PID:4176
- C:\Windows\System\aEFjENT.exe
  C:\Windows\System\aEFjENT.exe
  2⤵
  PID:4196
- C:\Windows\System\UQYoYRZ.exe
  C:\Windows\System\UQYoYRZ.exe
  2⤵
  PID:4236
- C:\Windows\System\NcwnsBO.exe
  C:\Windows\System\NcwnsBO.exe
  2⤵
  PID:4276
- C:\Windows\System\mWiXwVE.exe
  C:\Windows\System\mWiXwVE.exe
  2⤵
  PID:4312
- C:\Windows\System\HeeVYea.exe
  C:\Windows\System\HeeVYea.exe
  2⤵
  PID:4336
- C:\Windows\System\BSwXEmp.exe
  C:\Windows\System\BSwXEmp.exe
  2⤵
  PID:4356
- C:\Windows\System\fqbnBIC.exe
  C:\Windows\System\fqbnBIC.exe
  2⤵
  PID:4396
- C:\Windows\System\LGYpSqv.exe
  C:\Windows\System\LGYpSqv.exe
  2⤵
  PID:4452
- C:\Windows\System\gxVJdFp.exe
  C:\Windows\System\gxVJdFp.exe
  2⤵
  PID:4492
- C:\Windows\System\rjGWvJO.exe
  C:\Windows\System\rjGWvJO.exe
  2⤵
  PID:4476
- C:\Windows\System\IAKWXDL.exe
  C:\Windows\System\IAKWXDL.exe
  2⤵
  PID:4516
- C:\Windows\System\hmrcEVp.exe
  C:\Windows\System\hmrcEVp.exe
  2⤵
  PID:4580
- C:\Windows\System\sNHjsep.exe
  C:\Windows\System\sNHjsep.exe
  2⤵
  PID:4592
- C:\Windows\System\LxPqTFG.exe
  C:\Windows\System\LxPqTFG.exe
  2⤵
  PID:4660
- C:\Windows\System\LZNphCq.exe
  C:\Windows\System\LZNphCq.exe
  2⤵
  PID:4672
- C:\Windows\System\NsYPTdM.exe
  C:\Windows\System\NsYPTdM.exe
  2⤵
  PID:4676
- C:\Windows\System\tUxxGEm.exe
  C:\Windows\System\tUxxGEm.exe
  2⤵
  PID:4720
- C:\Windows\System\FEnlUaP.exe
  C:\Windows\System\FEnlUaP.exe
  2⤵
  PID:4780
- C:\Windows\System\SLIpUrL.exe
  C:\Windows\System\SLIpUrL.exe
  2⤵
  PID:4812
- C:\Windows\System\rYWeShO.exe
  C:\Windows\System\rYWeShO.exe
  2⤵
  PID:4832
- C:\Windows\System\UBCewGJ.exe
  C:\Windows\System\UBCewGJ.exe
  2⤵
  PID:4900
- C:\Windows\System\QXKtswe.exe
  C:\Windows\System\QXKtswe.exe
  2⤵
  PID:4912
- C:\Windows\System\PScGhdF.exe
  C:\Windows\System\PScGhdF.exe
  2⤵
  PID:4936
- C:\Windows\System\gzHhyAn.exe
  C:\Windows\System\gzHhyAn.exe
  2⤵
  PID:2904
- C:\Windows\System\dOWbxxH.exe
  C:\Windows\System\dOWbxxH.exe
  2⤵
  PID:5024
- C:\Windows\System\DyMogHJ.exe
  C:\Windows\System\DyMogHJ.exe
  2⤵
  PID:5044
- C:\Windows\System\oNVbtQm.exe
  C:\Windows\System\oNVbtQm.exe
  2⤵
  PID:5076
- C:\Windows\System\MLRJitq.exe
  C:\Windows\System\MLRJitq.exe
  2⤵
  PID:2212
- C:\Windows\System\XegxODF.exe
  C:\Windows\System\XegxODF.exe
  2⤵
  PID:3096
- C:\Windows\System\oPuhPEm.exe
  C:\Windows\System\oPuhPEm.exe
  2⤵
  PID:3408
- C:\Windows\System\HMXQPJu.exe
  C:\Windows\System\HMXQPJu.exe
  2⤵
  PID:2916
- C:\Windows\System\AGBoyoB.exe
  C:\Windows\System\AGBoyoB.exe
  2⤵
  PID:3688
- C:\Windows\System\urSXalA.exe
  C:\Windows\System\urSXalA.exe
  2⤵
  PID:3904
- C:\Windows\System\NIiSiFI.exe
  C:\Windows\System\NIiSiFI.exe
  2⤵
  PID:2716
- C:\Windows\System\RJsEcFX.exe
  C:\Windows\System\RJsEcFX.exe
  2⤵
  PID:4208
- C:\Windows\System\YzzdknS.exe
  C:\Windows\System\YzzdknS.exe
  2⤵
  PID:4268
- C:\Windows\System\qQqBXQK.exe
  C:\Windows\System\qQqBXQK.exe
  2⤵
  PID:4288
- C:\Windows\System\qyaGEnr.exe
  C:\Windows\System\qyaGEnr.exe
  2⤵
  PID:4340
- C:\Windows\System\eRtOnxK.exe
  C:\Windows\System\eRtOnxK.exe
  2⤵
  PID:4360
- C:\Windows\System\ylnWTYv.exe
  C:\Windows\System\ylnWTYv.exe
  2⤵
  PID:4440
- C:\Windows\System\yGnPKoT.exe
  C:\Windows\System\yGnPKoT.exe
  2⤵
  PID:4540
- C:\Windows\System\IycdkHe.exe
  C:\Windows\System\IycdkHe.exe
  2⤵
  PID:4552
- C:\Windows\System\VYkjSmw.exe
  C:\Windows\System\VYkjSmw.exe
  2⤵
  PID:4620
- C:\Windows\System\HCFdbDC.exe
  C:\Windows\System\HCFdbDC.exe
  2⤵
  PID:4652
- C:\Windows\System\SzpOOME.exe
  C:\Windows\System\SzpOOME.exe
  2⤵
  PID:4736
- C:\Windows\System\DEsFgny.exe
  C:\Windows\System\DEsFgny.exe
  2⤵
  PID:4796
- C:\Windows\System\QjnszHB.exe
  C:\Windows\System\QjnszHB.exe
  2⤵
  PID:4816
- C:\Windows\System\KNyfCgs.exe
  C:\Windows\System\KNyfCgs.exe
  2⤵
  PID:4856
- C:\Windows\System\bAGySAV.exe
  C:\Windows\System\bAGySAV.exe
  2⤵
  PID:4940
- C:\Windows\System\PTprXEM.exe
  C:\Windows\System\PTprXEM.exe
  2⤵
  PID:2760
- C:\Windows\System\MfbCcBx.exe
  C:\Windows\System\MfbCcBx.exe
  2⤵
  PID:2732
- C:\Windows\System\lvuVXdY.exe
  C:\Windows\System\lvuVXdY.exe
  2⤵
  PID:4996
- C:\Windows\System\MYEUIdL.exe
  C:\Windows\System\MYEUIdL.exe
  2⤵
  PID:1280
- C:\Windows\System\pASsacS.exe
  C:\Windows\System\pASsacS.exe
  2⤵
  PID:5100
- C:\Windows\System\ELwIgXL.exe
  C:\Windows\System\ELwIgXL.exe
  2⤵
  PID:888
- C:\Windows\System\gMXEAKR.exe
  C:\Windows\System\gMXEAKR.exe
  2⤵
  PID:2408
- C:\Windows\System\ElavIVh.exe
  C:\Windows\System\ElavIVh.exe
  2⤵
  PID:3824
- C:\Windows\System\LsETEUy.exe
  C:\Windows\System\LsETEUy.exe
  2⤵
  PID:2688
- C:\Windows\System\eDPoAxx.exe
  C:\Windows\System\eDPoAxx.exe
  2⤵
  PID:2144
- C:\Windows\System\dgGbrkh.exe
  C:\Windows\System\dgGbrkh.exe
  2⤵
  PID:4228
- C:\Windows\System\TDnaOgn.exe
  C:\Windows\System\TDnaOgn.exe
  2⤵
  PID:2852
- C:\Windows\System\hBOumBp.exe
  C:\Windows\System\hBOumBp.exe
  2⤵
  PID:4392
- C:\Windows\System\NQjIWba.exe
  C:\Windows\System\NQjIWba.exe
  2⤵
  PID:4300
- C:\Windows\System\qyTEFpf.exe
  C:\Windows\System\qyTEFpf.exe
  2⤵
  PID:4432
- C:\Windows\System\AyUhNTC.exe
  C:\Windows\System\AyUhNTC.exe
  2⤵
  PID:4472
- C:\Windows\System\tHJVDlV.exe
  C:\Windows\System\tHJVDlV.exe
  2⤵
  PID:4556
- C:\Windows\System\xPkQHFR.exe
  C:\Windows\System\xPkQHFR.exe
  2⤵
  PID:4640
- C:\Windows\System\TDocOvE.exe
  C:\Windows\System\TDocOvE.exe
  2⤵
  PID:4712
- C:\Windows\System\IeNIaAY.exe
  C:\Windows\System\IeNIaAY.exe
  2⤵
  PID:4896
- C:\Windows\System\dxqxMRK.exe
  C:\Windows\System\dxqxMRK.exe
  2⤵
  PID:4836
- C:\Windows\System\ztHMSJc.exe
  C:\Windows\System\ztHMSJc.exe
  2⤵
  PID:2552
- C:\Windows\System\xWbuxhz.exe
  C:\Windows\System\xWbuxhz.exe
  2⤵
  PID:2540
- C:\Windows\System\HRHNvqW.exe
  C:\Windows\System\HRHNvqW.exe
  2⤵
  PID:5036
- C:\Windows\System\wMAJgfZ.exe
  C:\Windows\System\wMAJgfZ.exe
  2⤵
  PID:5020
- C:\Windows\System\KYWURXJ.exe
  C:\Windows\System\KYWURXJ.exe
  2⤵
  PID:3356
- C:\Windows\System\OLxWiSy.exe
  C:\Windows\System\OLxWiSy.exe
  2⤵
  PID:1720
- C:\Windows\System\EdqxNUS.exe
  C:\Windows\System\EdqxNUS.exe
  2⤵
  PID:2012
- C:\Windows\System\DrUMbyX.exe
  C:\Windows\System\DrUMbyX.exe
  2⤵
  PID:2752
- C:\Windows\System\bLVUOBF.exe
  C:\Windows\System\bLVUOBF.exe
  2⤵
  PID:536
- C:\Windows\System\XXzuRBM.exe
  C:\Windows\System\XXzuRBM.exe
  2⤵
  PID:4436
- C:\Windows\System\pvleuUn.exe
  C:\Windows\System\pvleuUn.exe
  2⤵
  PID:4560
- C:\Windows\System\pqSAyUl.exe
  C:\Windows\System\pqSAyUl.exe
  2⤵
  PID:4656
- C:\Windows\System\mOzBbmy.exe
  C:\Windows\System\mOzBbmy.exe
  2⤵
  PID:1108
- C:\Windows\System\DrzfTTh.exe
  C:\Windows\System\DrzfTTh.exe
  2⤵
  PID:4960
- C:\Windows\System\dVJPqgm.exe
  C:\Windows\System\dVJPqgm.exe
  2⤵
  PID:4976
- C:\Windows\System\QZUEaoX.exe
  C:\Windows\System\QZUEaoX.exe
  2⤵
  PID:1704
- C:\Windows\System\INvPvcj.exe
  C:\Windows\System\INvPvcj.exe
  2⤵
  PID:4152
- C:\Windows\System\PLRBpZS.exe
  C:\Windows\System\PLRBpZS.exe
  2⤵
  PID:1316
- C:\Windows\System\nrTvwrf.exe
  C:\Windows\System\nrTvwrf.exe
  2⤵
  PID:2204
- C:\Windows\System\zkMNKAX.exe
  C:\Windows\System\zkMNKAX.exe
  2⤵
  PID:4696
- C:\Windows\System\JEbWaiu.exe
  C:\Windows\System\JEbWaiu.exe
  2⤵
  PID:4760
- C:\Windows\System\ElQDrCu.exe
  C:\Windows\System\ElQDrCu.exe
  2⤵
  PID:4892
- C:\Windows\System\pywrtJm.exe
  C:\Windows\System\pywrtJm.exe
  2⤵
  PID:4216
- C:\Windows\System\pNchkEV.exe
  C:\Windows\System\pNchkEV.exe
  2⤵
  PID:2580
- C:\Windows\System\uTFvQwA.exe
  C:\Windows\System\uTFvQwA.exe
  2⤵
  PID:5128
- C:\Windows\System\NHjczXf.exe
  C:\Windows\System\NHjczXf.exe
  2⤵
  PID:5148
- C:\Windows\System\fJiVrfV.exe
  C:\Windows\System\fJiVrfV.exe
  2⤵
  PID:5168
- C:\Windows\System\PIpZlHP.exe
  C:\Windows\System\PIpZlHP.exe
  2⤵
  PID:5188
- C:\Windows\System\iaMMKZQ.exe
  C:\Windows\System\iaMMKZQ.exe
  2⤵
  PID:5208
- C:\Windows\System\iKVkIUq.exe
  C:\Windows\System\iKVkIUq.exe
  2⤵
  PID:5228
- C:\Windows\System\lKyzUvV.exe
  C:\Windows\System\lKyzUvV.exe
  2⤵
  PID:5248
- C:\Windows\System\RRRngaH.exe
  C:\Windows\System\RRRngaH.exe
  2⤵
  PID:5268
- C:\Windows\System\RYaXIrC.exe
  C:\Windows\System\RYaXIrC.exe
  2⤵
  PID:5288
- C:\Windows\System\aUuRJyY.exe
  C:\Windows\System\aUuRJyY.exe
  2⤵
  PID:5308
- C:\Windows\System\usddOok.exe
  C:\Windows\System\usddOok.exe
  2⤵
  PID:5328
- C:\Windows\System\SBKuItG.exe
  C:\Windows\System\SBKuItG.exe
  2⤵
  PID:5348
- C:\Windows\System\KUSOQQR.exe
  C:\Windows\System\KUSOQQR.exe
  2⤵
  PID:5368
- C:\Windows\System\nLozxFO.exe
  C:\Windows\System\nLozxFO.exe
  2⤵
  PID:5388
- C:\Windows\System\ajbVgDb.exe
  C:\Windows\System\ajbVgDb.exe
  2⤵
  PID:5408
- C:\Windows\System\zcUFunx.exe
  C:\Windows\System\zcUFunx.exe
  2⤵
  PID:5428
- C:\Windows\System\lRGFBsg.exe
  C:\Windows\System\lRGFBsg.exe
  2⤵
  PID:5448
- C:\Windows\System\cozvJSH.exe
  C:\Windows\System\cozvJSH.exe
  2⤵
  PID:5468
- C:\Windows\System\OgDjuBU.exe
  C:\Windows\System\OgDjuBU.exe
  2⤵
  PID:5488
- C:\Windows\System\zGqblsC.exe
  C:\Windows\System\zGqblsC.exe
  2⤵
  PID:5508
- C:\Windows\System\CYGhacR.exe
  C:\Windows\System\CYGhacR.exe
  2⤵
  PID:5528
- C:\Windows\System\CDmkLBo.exe
  C:\Windows\System\CDmkLBo.exe
  2⤵
  PID:5544
- C:\Windows\System\PLSNpKa.exe
  C:\Windows\System\PLSNpKa.exe
  2⤵
  PID:5568
- C:\Windows\System\hVVfHVC.exe
  C:\Windows\System\hVVfHVC.exe
  2⤵
  PID:5588
- C:\Windows\System\QIxiSee.exe
  C:\Windows\System\QIxiSee.exe
  2⤵
  PID:5608
- C:\Windows\System\EeEnGXq.exe
  C:\Windows\System\EeEnGXq.exe
  2⤵
  PID:5628
- C:\Windows\System\rUvNcOy.exe
  C:\Windows\System\rUvNcOy.exe
  2⤵
  PID:5648
- C:\Windows\System\lgNnRUC.exe
  C:\Windows\System\lgNnRUC.exe
  2⤵
  PID:5668
- C:\Windows\System\mXnhqtY.exe
  C:\Windows\System\mXnhqtY.exe
  2⤵
  PID:5688
- C:\Windows\System\nKrdgKf.exe
  C:\Windows\System\nKrdgKf.exe
  2⤵
  PID:5704
- C:\Windows\System\YkBgVLP.exe
  C:\Windows\System\YkBgVLP.exe
  2⤵
  PID:5728
- C:\Windows\System\zsLERTg.exe
  C:\Windows\System\zsLERTg.exe
  2⤵
  PID:5748
- C:\Windows\System\RUoCogU.exe
  C:\Windows\System\RUoCogU.exe
  2⤵
  PID:5768
- C:\Windows\System\SQPNopI.exe
  C:\Windows\System\SQPNopI.exe
  2⤵
  PID:5788
- C:\Windows\System\jUMreZh.exe
  C:\Windows\System\jUMreZh.exe
  2⤵
  PID:5808
- C:\Windows\System\CrzgeJj.exe
  C:\Windows\System\CrzgeJj.exe
  2⤵
  PID:5828
- C:\Windows\System\IigwTwH.exe
  C:\Windows\System\IigwTwH.exe
  2⤵
  PID:5848
- C:\Windows\System\tQFBTmF.exe
  C:\Windows\System\tQFBTmF.exe
  2⤵
  PID:5868
- C:\Windows\System\RCpdJGd.exe
  C:\Windows\System\RCpdJGd.exe
  2⤵
  PID:5888
- C:\Windows\System\bmfWoEb.exe
  C:\Windows\System\bmfWoEb.exe
  2⤵
  PID:5908
- C:\Windows\System\lsaALEG.exe
  C:\Windows\System\lsaALEG.exe
  2⤵
  PID:5928
- C:\Windows\System\UrhViny.exe
  C:\Windows\System\UrhViny.exe
  2⤵
  PID:5948
- C:\Windows\System\vchFVVJ.exe
  C:\Windows\System\vchFVVJ.exe
  2⤵
  PID:5968
- C:\Windows\System\oeiFMQW.exe
  C:\Windows\System\oeiFMQW.exe
  2⤵
  PID:5984
- C:\Windows\System\XdmvMPI.exe
  C:\Windows\System\XdmvMPI.exe
  2⤵
  PID:6008
- C:\Windows\System\cIptYEt.exe
  C:\Windows\System\cIptYEt.exe
  2⤵
  PID:6028
- C:\Windows\System\kmKhjhd.exe
  C:\Windows\System\kmKhjhd.exe
  2⤵
  PID:6048
- C:\Windows\System\APTiecS.exe
  C:\Windows\System\APTiecS.exe
  2⤵
  PID:6068
- C:\Windows\System\cvCcukI.exe
  C:\Windows\System\cvCcukI.exe
  2⤵
  PID:6088
- C:\Windows\System\pSHqRtB.exe
  C:\Windows\System\pSHqRtB.exe
  2⤵
  PID:6108
- C:\Windows\System\LmDPxGM.exe
  C:\Windows\System\LmDPxGM.exe
  2⤵
  PID:6128
- C:\Windows\System\JFKgtau.exe
  C:\Windows\System\JFKgtau.exe
  2⤵
  PID:4740
- C:\Windows\System\MZTuAvT.exe
  C:\Windows\System\MZTuAvT.exe
  2⤵
  PID:2820
- C:\Windows\System\NhSwJLR.exe
  C:\Windows\System\NhSwJLR.exe
  2⤵
  PID:2476
- C:\Windows\System\GuUbKYL.exe
  C:\Windows\System\GuUbKYL.exe
  2⤵
  PID:4192
- C:\Windows\System\jxEXWFd.exe
  C:\Windows\System\jxEXWFd.exe
  2⤵
  PID:5140
- C:\Windows\System\SiptgMR.exe
  C:\Windows\System\SiptgMR.exe
  2⤵
  PID:5204
- C:\Windows\System\NJXeeaB.exe
  C:\Windows\System\NJXeeaB.exe
  2⤵
  PID:5216
- C:\Windows\System\HgncBGh.exe
  C:\Windows\System\HgncBGh.exe
  2⤵
  PID:5240
- C:\Windows\System\EmOQSAt.exe
  C:\Windows\System\EmOQSAt.exe
  2⤵
  PID:5264
- C:\Windows\System\hAhwsEA.exe
  C:\Windows\System\hAhwsEA.exe
  2⤵
  PID:5300
- C:\Windows\System\oKCxDsO.exe
  C:\Windows\System\oKCxDsO.exe
  2⤵
  PID:5336
- C:\Windows\System\dNcOkCi.exe
  C:\Windows\System\dNcOkCi.exe
  2⤵
  PID:5376
- C:\Windows\System\rtbxxRB.exe
  C:\Windows\System\rtbxxRB.exe
  2⤵
  PID:5380
- C:\Windows\System\nJFfkkG.exe
  C:\Windows\System\nJFfkkG.exe
  2⤵
  PID:5424
- C:\Windows\System\BiECjFP.exe
  C:\Windows\System\BiECjFP.exe
  2⤵
  PID:5464
- C:\Windows\System\tzQTLeq.exe
  C:\Windows\System\tzQTLeq.exe
  2⤵
  PID:5504
- C:\Windows\System\YAxZucZ.exe
  C:\Windows\System\YAxZucZ.exe
  2⤵
  PID:5564
- C:\Windows\System\zARDSbj.exe
  C:\Windows\System\zARDSbj.exe
  2⤵
  PID:5604
- C:\Windows\System\tgpPTxL.exe
  C:\Windows\System\tgpPTxL.exe
  2⤵
  PID:5636
- C:\Windows\System\AeSjyoT.exe
  C:\Windows\System\AeSjyoT.exe
  2⤵
  PID:5640
- C:\Windows\System\OSvpYPP.exe
  C:\Windows\System\OSvpYPP.exe
  2⤵
  PID:2084
- C:\Windows\System\KPKMIPO.exe
  C:\Windows\System\KPKMIPO.exe
  2⤵
  PID:5724
- C:\Windows\System\mnlUYss.exe
  C:\Windows\System\mnlUYss.exe
  2⤵
  PID:5764
- C:\Windows\System\TAKQySL.exe
  C:\Windows\System\TAKQySL.exe
  2⤵
  PID:5760
- C:\Windows\System\gmBKPyF.exe
  C:\Windows\System\gmBKPyF.exe
  2⤵
  PID:5784
- C:\Windows\System\rtVfIVc.exe
  C:\Windows\System\rtVfIVc.exe
  2⤵
  PID:5816
- C:\Windows\System\gLpeOkr.exe
  C:\Windows\System\gLpeOkr.exe
  2⤵
  PID:5820
- C:\Windows\System\OhluHGm.exe
  C:\Windows\System\OhluHGm.exe
  2⤵
  PID:5860
- C:\Windows\System\VaGRfEr.exe
  C:\Windows\System\VaGRfEr.exe
  2⤵
  PID:5924
- C:\Windows\System\fPXnrmE.exe
  C:\Windows\System\fPXnrmE.exe
  2⤵
  PID:5956
- C:\Windows\System\BcNoeHc.exe
  C:\Windows\System\BcNoeHc.exe
  2⤵
  PID:5944
- C:\Windows\System\HWnAdHQ.exe
  C:\Windows\System\HWnAdHQ.exe
  2⤵
  PID:5976
- C:\Windows\System\vtMgJzW.exe
  C:\Windows\System\vtMgJzW.exe
  2⤵
  PID:6016
- C:\Windows\System\iCSCKRI.exe
  C:\Windows\System\iCSCKRI.exe
  2⤵
  PID:6020
- C:\Windows\System\NTUwqnc.exe
  C:\Windows\System\NTUwqnc.exe
  2⤵
  PID:6080
- C:\Windows\System\qXaEwGs.exe
  C:\Windows\System\qXaEwGs.exe
  2⤵
  PID:2544
- C:\Windows\System\KdrOQPG.exe
  C:\Windows\System\KdrOQPG.exe
  2⤵
  PID:6136
- C:\Windows\System\JlhMnbP.exe
  C:\Windows\System\JlhMnbP.exe
  2⤵
  PID:2336
- C:\Windows\System\kqjANwi.exe
  C:\Windows\System\kqjANwi.exe
  2⤵
  PID:4920
- C:\Windows\System\srDDIDA.exe
  C:\Windows\System\srDDIDA.exe
  2⤵
  PID:5160
- C:\Windows\System\LyTJEAg.exe
  C:\Windows\System\LyTJEAg.exe
  2⤵
  PID:3364
- C:\Windows\System\yHgzpge.exe
  C:\Windows\System\yHgzpge.exe
  2⤵
  PID:5180
- C:\Windows\System\bHmGwIK.exe
  C:\Windows\System\bHmGwIK.exe
  2⤵
  PID:5304
- C:\Windows\System\NDYNSyG.exe
  C:\Windows\System\NDYNSyG.exe
  2⤵
  PID:5340
- C:\Windows\System\ObGOQCA.exe
  C:\Windows\System\ObGOQCA.exe
  2⤵
  PID:5364
- C:\Windows\System\jEUzOHr.exe
  C:\Windows\System\jEUzOHr.exe
  2⤵
  PID:5480
- C:\Windows\System\CjfsQts.exe
  C:\Windows\System\CjfsQts.exe
  2⤵
  PID:5384
- C:\Windows\System\YtAJHdp.exe
  C:\Windows\System\YtAJHdp.exe
  2⤵
  PID:5520
- C:\Windows\System\nYJmAEA.exe
  C:\Windows\System\nYJmAEA.exe
  2⤵
  PID:5536
- C:\Windows\System\XiFBhaD.exe
  C:\Windows\System\XiFBhaD.exe
  2⤵
  PID:5584
- C:\Windows\System\Brcvkqe.exe
  C:\Windows\System\Brcvkqe.exe
  2⤵
  PID:4296
- C:\Windows\System\iIVoCYQ.exe
  C:\Windows\System\iIVoCYQ.exe
  2⤵
  PID:2608
- C:\Windows\System\XHugQeV.exe
  C:\Windows\System\XHugQeV.exe
  2⤵
  PID:2720
- C:\Windows\System\QxLJXQw.exe
  C:\Windows\System\QxLJXQw.exe
  2⤵
  PID:3872
- C:\Windows\System\NFJGclv.exe
  C:\Windows\System\NFJGclv.exe
  2⤵
  PID:1664
- C:\Windows\System\xKRtuRX.exe
  C:\Windows\System\xKRtuRX.exe
  2⤵
  PID:2740
- C:\Windows\System\kGxUBVq.exe
  C:\Windows\System\kGxUBVq.exe
  2⤵
  PID:5884
- C:\Windows\System\IPfFcqP.exe
  C:\Windows\System\IPfFcqP.exe
  2⤵
  PID:2920
- C:\Windows\System\oLobJYU.exe
  C:\Windows\System\oLobJYU.exe
  2⤵
  PID:2736
- C:\Windows\System\ccrXDGG.exe
  C:\Windows\System\ccrXDGG.exe
  2⤵
  PID:6076
- C:\Windows\System\iHxFsUZ.exe
  C:\Windows\System\iHxFsUZ.exe
  2⤵
  PID:1252
- C:\Windows\System\zGbfOpo.exe
  C:\Windows\System\zGbfOpo.exe
  2⤵
  PID:6120
- C:\Windows\System\qWzVXkG.exe
  C:\Windows\System\qWzVXkG.exe
  2⤵
  PID:6140
- C:\Windows\System\eQgwRha.exe
  C:\Windows\System\eQgwRha.exe
  2⤵
  PID:2564
- C:\Windows\System\hmyTaGG.exe
  C:\Windows\System\hmyTaGG.exe
  2⤵
  PID:2384
- C:\Windows\System\rSTSrQf.exe
  C:\Windows\System\rSTSrQf.exe
  2⤵
  PID:5256
- C:\Windows\System\EaIuabB.exe
  C:\Windows\System\EaIuabB.exe
  2⤵
  PID:752
- C:\Windows\System\zwDEkYx.exe
  C:\Windows\System\zwDEkYx.exe
  2⤵
  PID:5444
- C:\Windows\System\flHSrvY.exe
  C:\Windows\System\flHSrvY.exe
  2⤵
  PID:932
- C:\Windows\System\OmmfBqs.exe
  C:\Windows\System\OmmfBqs.exe
  2⤵
  PID:1140
- C:\Windows\System\bLxyAPq.exe
  C:\Windows\System\bLxyAPq.exe
  2⤵
  PID:5440
- C:\Windows\System\ZsuAfmX.exe
  C:\Windows\System\ZsuAfmX.exe
  2⤵
  PID:5496
- C:\Windows\System\XaIWvTI.exe
  C:\Windows\System\XaIWvTI.exe
  2⤵
  PID:5316
- C:\Windows\System\xlArskp.exe
  C:\Windows\System\xlArskp.exe
  2⤵
  PID:3000
- C:\Windows\System\vXTObmf.exe
  C:\Windows\System\vXTObmf.exe
  2⤵
  PID:2320
- C:\Windows\System\OIVMuSg.exe
  C:\Windows\System\OIVMuSg.exe
  2⤵
  PID:5736
- C:\Windows\System\jJWemix.exe
  C:\Windows\System\jJWemix.exe
  2⤵
  PID:5720
- C:\Windows\System\xLMGsJR.exe
  C:\Windows\System\xLMGsJR.exe
  2⤵
  PID:5804
- C:\Windows\System\tiPeYSe.exe
  C:\Windows\System\tiPeYSe.exe
  2⤵
  PID:5836
- C:\Windows\System\prZJkGJ.exe
  C:\Windows\System\prZJkGJ.exe
  2⤵
  PID:5960
- C:\Windows\System\QGxbAMl.exe
  C:\Windows\System\QGxbAMl.exe
  2⤵
  PID:6000
- C:\Windows\System\fTqXWNI.exe
  C:\Windows\System\fTqXWNI.exe
  2⤵
  PID:2864
- C:\Windows\System\GdbDGwd.exe
  C:\Windows\System\GdbDGwd.exe
  2⤵
  PID:1152
- C:\Windows\System\DSPWaZD.exe
  C:\Windows\System\DSPWaZD.exe
  2⤵
  PID:1016
- C:\Windows\System\ECrEnhH.exe
  C:\Windows\System\ECrEnhH.exe
  2⤵
  PID:2652
- C:\Windows\System\IEFQIHr.exe
  C:\Windows\System\IEFQIHr.exe
  2⤵
  PID:6096
- C:\Windows\System\GIZwhxf.exe
  C:\Windows\System\GIZwhxf.exe
  2⤵
  PID:6100
- C:\Windows\System\KcuSFYK.exe
  C:\Windows\System\KcuSFYK.exe
  2⤵
  PID:3428
- C:\Windows\System\StQMmyW.exe
  C:\Windows\System\StQMmyW.exe
  2⤵
  PID:1764
- C:\Windows\System\kEUuhBF.exe
  C:\Windows\System\kEUuhBF.exe
  2⤵
  PID:5144
- C:\Windows\System\DyexHAc.exe
  C:\Windows\System\DyexHAc.exe
  2⤵
  PID:1088
- C:\Windows\System\xfEqYwP.exe
  C:\Windows\System\xfEqYwP.exe
  2⤵
  PID:5540
- C:\Windows\System\IfDlTmb.exe
  C:\Windows\System\IfDlTmb.exe
  2⤵
  PID:5684
- C:\Windows\System\LgikZek.exe
  C:\Windows\System\LgikZek.exe
  2⤵
  PID:5896
- C:\Windows\System\yFAEsMf.exe
  C:\Windows\System\yFAEsMf.exe
  2⤵
  PID:2992
- C:\Windows\System\tHpJguE.exe
  C:\Windows\System\tHpJguE.exe
  2⤵
  PID:2164
- C:\Windows\System\GWrQnZl.exe
  C:\Windows\System\GWrQnZl.exe
  2⤵
  PID:5996
- C:\Windows\System\XlOVvhp.exe
  C:\Windows\System\XlOVvhp.exe
  2⤵
  PID:864
- C:\Windows\System\VuWbBqs.exe
  C:\Windows\System\VuWbBqs.exe
  2⤵
  PID:1248
- C:\Windows\System\dTNsoGg.exe
  C:\Windows\System\dTNsoGg.exe
  2⤵
  PID:6104
- C:\Windows\System\REnFUKD.exe
  C:\Windows\System\REnFUKD.exe
  2⤵
  PID:5484
- C:\Windows\System\wZrOYdA.exe
  C:\Windows\System\wZrOYdA.exe
  2⤵
  PID:6084
- C:\Windows\System\obmuDbM.exe
  C:\Windows\System\obmuDbM.exe
  2⤵
  PID:5436
- C:\Windows\System\GcZGfGO.exe
  C:\Windows\System\GcZGfGO.exe
  2⤵
  PID:5236
- C:\Windows\System\pgVSsfR.exe
  C:\Windows\System\pgVSsfR.exe
  2⤵
  PID:1520
- C:\Windows\System\tBRUKmG.exe
  C:\Windows\System\tBRUKmG.exe
  2⤵
  PID:5360
- C:\Windows\System\kmUgILp.exe
  C:\Windows\System\kmUgILp.exe
  2⤵
  PID:5740
- C:\Windows\System\pfXAIvE.exe
  C:\Windows\System\pfXAIvE.exe
  2⤵
  PID:916
- C:\Windows\System\jszkWOg.exe
  C:\Windows\System\jszkWOg.exe
  2⤵
  PID:6160
- C:\Windows\System\meiJgKm.exe
  C:\Windows\System\meiJgKm.exe
  2⤵
  PID:6184
- C:\Windows\System\uLAJujK.exe
  C:\Windows\System\uLAJujK.exe
  2⤵
  PID:6212
- C:\Windows\System\fNafWhu.exe
  C:\Windows\System\fNafWhu.exe
  2⤵
  PID:6228
- C:\Windows\System\cePdvWk.exe
  C:\Windows\System\cePdvWk.exe
  2⤵
  PID:6244
- C:\Windows\System\tEzJNji.exe
  C:\Windows\System\tEzJNji.exe
  2⤵
  PID:6260
- C:\Windows\System\DNyslXb.exe
  C:\Windows\System\DNyslXb.exe
  2⤵
  PID:6276
- C:\Windows\System\bMqtBMd.exe
  C:\Windows\System\bMqtBMd.exe
  2⤵
  PID:6292
- C:\Windows\System\wfQrTII.exe
  C:\Windows\System\wfQrTII.exe
  2⤵
  PID:6308
- C:\Windows\System\WqPWHxk.exe
  C:\Windows\System\WqPWHxk.exe
  2⤵
  PID:6324
- C:\Windows\System\DotBntr.exe
  C:\Windows\System\DotBntr.exe
  2⤵
  PID:6348
- C:\Windows\System\VTcWkqr.exe
  C:\Windows\System\VTcWkqr.exe
  2⤵
  PID:6416
- C:\Windows\System\kjpxjBV.exe
  C:\Windows\System\kjpxjBV.exe
  2⤵
  PID:6432
- C:\Windows\System\cqgJHTw.exe
  C:\Windows\System\cqgJHTw.exe
  2⤵
  PID:6448
- C:\Windows\System\Veiqahr.exe
  C:\Windows\System\Veiqahr.exe
  2⤵
  PID:6464
- C:\Windows\System\bXkrBVm.exe
  C:\Windows\System\bXkrBVm.exe
  2⤵
  PID:6496
- C:\Windows\System\GqJjPxB.exe
  C:\Windows\System\GqJjPxB.exe
  2⤵
  PID:6512
- C:\Windows\System\ARiDFjF.exe
  C:\Windows\System\ARiDFjF.exe
  2⤵
  PID:6528
- C:\Windows\System\GEMmOqp.exe
  C:\Windows\System\GEMmOqp.exe
  2⤵
  PID:6544
- C:\Windows\System\kkUSnxF.exe
  C:\Windows\System\kkUSnxF.exe
  2⤵
  PID:6560
- C:\Windows\System\ovPMtKg.exe
  C:\Windows\System\ovPMtKg.exe
  2⤵
  PID:6580
- C:\Windows\System\tYcAHwm.exe
  C:\Windows\System\tYcAHwm.exe
  2⤵
  PID:6600
- C:\Windows\System\dqFomRy.exe
  C:\Windows\System\dqFomRy.exe
  2⤵
  PID:6616
- C:\Windows\System\DUwgrTb.exe
  C:\Windows\System\DUwgrTb.exe
  2⤵
  PID:6632
- C:\Windows\System\UHsZPvj.exe
  C:\Windows\System\UHsZPvj.exe
  2⤵
  PID:6648
- C:\Windows\System\wuOtGUr.exe
  C:\Windows\System\wuOtGUr.exe
  2⤵
  PID:6664
- C:\Windows\System\wGoIImx.exe
  C:\Windows\System\wGoIImx.exe
  2⤵
  PID:6692
- C:\Windows\System\ITnpcLd.exe
  C:\Windows\System\ITnpcLd.exe
  2⤵
  PID:6708
- C:\Windows\System\XbbtGKL.exe
  C:\Windows\System\XbbtGKL.exe
  2⤵
  PID:6724
- C:\Windows\System\ADwNqQN.exe
  C:\Windows\System\ADwNqQN.exe
  2⤵
  PID:6740
- C:\Windows\System\fySUXGR.exe
  C:\Windows\System\fySUXGR.exe
  2⤵
  PID:6756
- C:\Windows\System\CcDMRpV.exe
  C:\Windows\System\CcDMRpV.exe
  2⤵
  PID:6772
- C:\Windows\System\dIPyyxe.exe
  C:\Windows\System\dIPyyxe.exe
  2⤵
  PID:6796
- C:\Windows\System\treuLXV.exe
  C:\Windows\System\treuLXV.exe
  2⤵
  PID:6816
- C:\Windows\System\VPWtKhE.exe
  C:\Windows\System\VPWtKhE.exe
  2⤵
  PID:6832
- C:\Windows\System\vPUbzbE.exe
  C:\Windows\System\vPUbzbE.exe
  2⤵
  PID:6848
- C:\Windows\System\dJWsgAw.exe
  C:\Windows\System\dJWsgAw.exe
  2⤵
  PID:6864
- C:\Windows\System\jXIudis.exe
  C:\Windows\System\jXIudis.exe
  2⤵
  PID:6880
- C:\Windows\System\cNVrBIb.exe
  C:\Windows\System\cNVrBIb.exe
  2⤵
  PID:6932
- C:\Windows\System\xosucVa.exe
  C:\Windows\System\xosucVa.exe
  2⤵
  PID:6952
- C:\Windows\System\USnCmPo.exe
  C:\Windows\System\USnCmPo.exe
  2⤵
  PID:7008
- C:\Windows\System\AwSlYhR.exe
  C:\Windows\System\AwSlYhR.exe
  2⤵
  PID:7032
- C:\Windows\System\xWJmvRA.exe
  C:\Windows\System\xWJmvRA.exe
  2⤵
  PID:7048
- C:\Windows\System\DXclIMC.exe
  C:\Windows\System\DXclIMC.exe
  2⤵
  PID:7064
- C:\Windows\System\YAYsAlO.exe
  C:\Windows\System\YAYsAlO.exe
  2⤵
  PID:7084
- C:\Windows\System\kPwXMpm.exe
  C:\Windows\System\kPwXMpm.exe
  2⤵
  PID:7100
- C:\Windows\System\rYVEQpi.exe
  C:\Windows\System\rYVEQpi.exe
  2⤵
  PID:7116
- C:\Windows\System\cDgPnRO.exe
  C:\Windows\System\cDgPnRO.exe
  2⤵
  PID:7132
- C:\Windows\System\JsbGvFr.exe
  C:\Windows\System\JsbGvFr.exe
  2⤵
  PID:7148
- C:\Windows\System\VYsSOKh.exe
  C:\Windows\System\VYsSOKh.exe
  2⤵
  PID:7164
- C:\Windows\System\nrvWQQu.exe
  C:\Windows\System\nrvWQQu.exe
  2⤵
  PID:5624
- C:\Windows\System\lcuavvt.exe
  C:\Windows\System\lcuavvt.exe
  2⤵
  PID:4756
- C:\Windows\System\mJCeDSn.exe
  C:\Windows\System\mJCeDSn.exe
  2⤵
  PID:6176
- C:\Windows\System\LSDyipJ.exe
  C:\Windows\System\LSDyipJ.exe
  2⤵
  PID:468
- C:\Windows\System\nHGbTep.exe
  C:\Windows\System\nHGbTep.exe
  2⤵
  PID:3720
- C:\Windows\System\zFeripq.exe
  C:\Windows\System\zFeripq.exe
  2⤵
  PID:6284
- C:\Windows\System\hyaMUKA.exe
  C:\Windows\System\hyaMUKA.exe
  2⤵
  PID:6372
- C:\Windows\System\gpwAAEW.exe
  C:\Windows\System\gpwAAEW.exe
  2⤵
  PID:6376
- C:\Windows\System\bNNfBCN.exe
  C:\Windows\System\bNNfBCN.exe
  2⤵
  PID:6392
- C:\Windows\System\OBRcySd.exe
  C:\Windows\System\OBRcySd.exe
  2⤵
  PID:6400
- C:\Windows\System\ibgsSdV.exe
  C:\Windows\System\ibgsSdV.exe
  2⤵
  PID:756
- C:\Windows\System\NMDmdnJ.exe
  C:\Windows\System\NMDmdnJ.exe
  2⤵
  PID:984
- C:\Windows\System\nFlOoMR.exe
  C:\Windows\System\nFlOoMR.exe
  2⤵
  PID:5880
- C:\Windows\System\tIbpYcY.exe
  C:\Windows\System\tIbpYcY.exe
  2⤵
  PID:6440
- C:\Windows\System\xMYvgMW.exe
  C:\Windows\System\xMYvgMW.exe
  2⤵
  PID:6492
- C:\Windows\System\fAHCdbm.exe
  C:\Windows\System\fAHCdbm.exe
  2⤵
  PID:6524
- C:\Windows\System\NgNlJZv.exe
  C:\Windows\System\NgNlJZv.exe
  2⤵
  PID:6596
- C:\Windows\System\whrlaLH.exe
  C:\Windows\System\whrlaLH.exe
  2⤵
  PID:6196
- C:\Windows\System\gJjTwLG.exe
  C:\Windows\System\gJjTwLG.exe
  2⤵
  PID:5700
- C:\Windows\System\TzReyok.exe
  C:\Windows\System\TzReyok.exe
  2⤵
  PID:6336
- C:\Windows\System\aPDeZeC.exe
  C:\Windows\System\aPDeZeC.exe
  2⤵
  PID:6272
- C:\Windows\System\TwAcGry.exe
  C:\Windows\System\TwAcGry.exe
  2⤵
  PID:6736
- C:\Windows\System\TqgRlPU.exe
  C:\Windows\System\TqgRlPU.exe
  2⤵
  PID:6808
- C:\Windows\System\UedDiDv.exe
  C:\Windows\System\UedDiDv.exe
  2⤵
  PID:6504
- C:\Windows\System\QYqDsZu.exe
  C:\Windows\System\QYqDsZu.exe
  2⤵
  PID:6908
- C:\Windows\System\mjReEQb.exe
  C:\Windows\System\mjReEQb.exe
  2⤵
  PID:6780
- C:\Windows\System\nEBkczW.exe
  C:\Windows\System\nEBkczW.exe
  2⤵
  PID:6792
- C:\Windows\System\suGACAb.exe
  C:\Windows\System\suGACAb.exe
  2⤵
  PID:6888
- C:\Windows\System\VYupmOL.exe
  C:\Windows\System\VYupmOL.exe
  2⤵
  PID:6980
- C:\Windows\System\GTqJMQl.exe
  C:\Windows\System\GTqJMQl.exe
  2⤵
  PID:7024
- C:\Windows\System\ctISJaR.exe
  C:\Windows\System\ctISJaR.exe
  2⤵
  PID:6892
- C:\Windows\System\OiPKkiW.exe
  C:\Windows\System\OiPKkiW.exe
  2⤵
  PID:7060
- C:\Windows\System\TimEbkG.exe
  C:\Windows\System\TimEbkG.exe
  2⤵
  PID:7124
- C:\Windows\System\CMvLKOp.exe
  C:\Windows\System\CMvLKOp.exe
  2⤵
  PID:5616
- C:\Windows\System\jCsvRNV.exe
  C:\Windows\System\jCsvRNV.exe
  2⤵
  PID:5284
- C:\Windows\System\HLhJxnn.exe
  C:\Windows\System\HLhJxnn.exe
  2⤵
  PID:6256
- C:\Windows\System\gdklXzn.exe
  C:\Windows\System\gdklXzn.exe
  2⤵
  PID:6200
- C:\Windows\System\DUFykyv.exe
  C:\Windows\System\DUFykyv.exe
  2⤵
  PID:7044
- C:\Windows\System\IBEBajW.exe
  C:\Windows\System\IBEBajW.exe
  2⤵
  PID:2200
- C:\Windows\System\bJETznL.exe
  C:\Windows\System\bJETznL.exe
  2⤵
  PID:6732
- C:\Windows\System\VHsQaQY.exe
  C:\Windows\System\VHsQaQY.exe
  2⤵
  PID:6344
- C:\Windows\System\sNXJxCQ.exe
  C:\Windows\System\sNXJxCQ.exe
  2⤵
  PID:6704
- C:\Windows\System\mNmTrXw.exe
  C:\Windows\System\mNmTrXw.exe
  2⤵
  PID:6320
- C:\Windows\System\HToxBjn.exe
  C:\Windows\System\HToxBjn.exe
  2⤵
  PID:6152
- C:\Windows\System\YVoeDzH.exe
  C:\Windows\System\YVoeDzH.exe
  2⤵
  PID:6912
- C:\Windows\System\GdRCCol.exe
  C:\Windows\System\GdRCCol.exe
  2⤵
  PID:6944
- C:\Windows\System\wWSnSFz.exe
  C:\Windows\System\wWSnSFz.exe
  2⤵
  PID:7020
- C:\Windows\System\PKCWuzx.exe
  C:\Windows\System\PKCWuzx.exe
  2⤵
  PID:6172
- C:\Windows\System\gMGByRk.exe
  C:\Windows\System\gMGByRk.exe
  2⤵
  PID:6384
- C:\Windows\System\uiqObVD.exe
  C:\Windows\System\uiqObVD.exe
  2⤵
  PID:6408
- C:\Windows\System\EJcSOLi.exe
  C:\Windows\System\EJcSOLi.exe
  2⤵
  PID:6268
- C:\Windows\System\DMnKlZv.exe
  C:\Windows\System\DMnKlZv.exe
  2⤵
  PID:6640
- C:\Windows\System\EUVGPpB.exe
  C:\Windows\System\EUVGPpB.exe
  2⤵
  PID:6768
- C:\Windows\System\PnGUHgQ.exe
  C:\Windows\System\PnGUHgQ.exe
  2⤵
  PID:6960
- C:\Windows\System\KAEIFfm.exe
  C:\Windows\System\KAEIFfm.exe
  2⤵
  PID:6992
- C:\Windows\System\mYpXPET.exe
  C:\Windows\System\mYpXPET.exe
  2⤵
  PID:6412
- C:\Windows\System\QcyfPUM.exe
  C:\Windows\System\QcyfPUM.exe
  2⤵
  PID:6628
- C:\Windows\System\ZBAvvIS.exe
  C:\Windows\System\ZBAvvIS.exe
  2⤵
  PID:7040
- C:\Windows\System\lkgefrV.exe
  C:\Windows\System\lkgefrV.exe
  2⤵
  PID:5664
- C:\Windows\System\EoMPFvR.exe
  C:\Windows\System\EoMPFvR.exe
  2⤵
  PID:6240
- C:\Windows\System\BJefREQ.exe
  C:\Windows\System\BJefREQ.exe
  2⤵
  PID:7080
- C:\Windows\System\HooqTdM.exe
  C:\Windows\System\HooqTdM.exe
  2⤵
  PID:6316
- C:\Windows\System\jghCbxX.exe
  C:\Windows\System\jghCbxX.exe
  2⤵
  PID:6948
- C:\Windows\System\wrhUrsD.exe
  C:\Windows\System\wrhUrsD.exe
  2⤵
  PID:6168
- C:\Windows\System\PGXKZXj.exe
  C:\Windows\System\PGXKZXj.exe
  2⤵
  PID:6556
- C:\Windows\System\vPOwllb.exe
  C:\Windows\System\vPOwllb.exe
  2⤵
  PID:6300
- C:\Windows\System\QwibUKj.exe
  C:\Windows\System\QwibUKj.exe
  2⤵
  PID:2512
- C:\Windows\System\qcNJPYU.exe
  C:\Windows\System\qcNJPYU.exe
  2⤵
  PID:6208
- C:\Windows\System\XwYLlrj.exe
  C:\Windows\System\XwYLlrj.exe
  2⤵
  PID:6788
- C:\Windows\System\pcbQeCQ.exe
  C:\Windows\System\pcbQeCQ.exe
  2⤵
  PID:6224
- C:\Windows\System\rgfzrve.exe
  C:\Windows\System\rgfzrve.exe
  2⤵
  PID:6520
- C:\Windows\System\SrXetkw.exe
  C:\Windows\System\SrXetkw.exe
  2⤵
  PID:6860
- C:\Windows\System\eQduOMd.exe
  C:\Windows\System\eQduOMd.exe
  2⤵
  PID:6572
- C:\Windows\System\LZpbYvA.exe
  C:\Windows\System\LZpbYvA.exe
  2⤵
  PID:7076
- C:\Windows\System\fwkJhur.exe
  C:\Windows\System\fwkJhur.exe
  2⤵
  PID:6592
- C:\Windows\System\jEOLFzz.exe
  C:\Windows\System\jEOLFzz.exe
  2⤵
  PID:6660
- C:\Windows\System\PwsQDZO.exe
  C:\Windows\System\PwsQDZO.exe
  2⤵
  PID:6536
- C:\Windows\System\QukoyIv.exe
  C:\Windows\System\QukoyIv.exe
  2⤵
  PID:6900
- C:\Windows\System\xQDtCWX.exe
  C:\Windows\System\xQDtCWX.exe
  2⤵
  PID:6752
- C:\Windows\System\xBrUiZn.exe
  C:\Windows\System\xBrUiZn.exe
  2⤵
  PID:6368
- C:\Windows\System\wnrWyZH.exe
  C:\Windows\System\wnrWyZH.exe
  2⤵
  PID:6716
- C:\Windows\System\OrOIZat.exe
  C:\Windows\System\OrOIZat.exe
  2⤵
  PID:6876
- C:\Windows\System\TeKWaLH.exe
  C:\Windows\System\TeKWaLH.exe
  2⤵
  PID:7144
- C:\Windows\System\snAuFrs.exe
  C:\Windows\System\snAuFrs.exe
  2⤵
  PID:6540
- C:\Windows\System\vEOYdlt.exe
  C:\Windows\System\vEOYdlt.exe
  2⤵
  PID:6784
- C:\Windows\System\aVWmQKE.exe
  C:\Windows\System\aVWmQKE.exe
  2⤵
  PID:7160
- C:\Windows\System\DArLgAE.exe
  C:\Windows\System\DArLgAE.exe
  2⤵
  PID:6856
- C:\Windows\System\NRuMxbA.exe
  C:\Windows\System\NRuMxbA.exe
  2⤵
  PID:7176
- C:\Windows\System\NOTmfwj.exe
  C:\Windows\System\NOTmfwj.exe
  2⤵
  PID:7192
- C:\Windows\System\BnhDJEz.exe
  C:\Windows\System\BnhDJEz.exe
  2⤵
  PID:7208
- C:\Windows\System\mHNhGNa.exe
  C:\Windows\System\mHNhGNa.exe
  2⤵
  PID:7224
- C:\Windows\System\sftckla.exe
  C:\Windows\System\sftckla.exe
  2⤵
  PID:7240
- C:\Windows\System\yRtsTdY.exe
  C:\Windows\System\yRtsTdY.exe
  2⤵
  PID:7256
- C:\Windows\System\YgxixFr.exe
  C:\Windows\System\YgxixFr.exe
  2⤵
  PID:7272
- C:\Windows\System\zKyAGZG.exe
  C:\Windows\System\zKyAGZG.exe
  2⤵
  PID:7288
- C:\Windows\System\ibHyXuw.exe
  C:\Windows\System\ibHyXuw.exe
  2⤵
  PID:7304
- C:\Windows\System\nOEOdgL.exe
  C:\Windows\System\nOEOdgL.exe
  2⤵
  PID:7320
- C:\Windows\System\TAwwAYJ.exe
  C:\Windows\System\TAwwAYJ.exe
  2⤵
  PID:7336
- C:\Windows\System\qyiAXzN.exe
  C:\Windows\System\qyiAXzN.exe
  2⤵
  PID:7352
- C:\Windows\System\VjTvEyX.exe
  C:\Windows\System\VjTvEyX.exe
  2⤵
  PID:7368
- C:\Windows\System\AIenXbV.exe
  C:\Windows\System\AIenXbV.exe
  2⤵
  PID:7384
- C:\Windows\System\jiCeCbd.exe
  C:\Windows\System\jiCeCbd.exe
  2⤵
  PID:7400
- C:\Windows\System\kSrMOtz.exe
  C:\Windows\System\kSrMOtz.exe
  2⤵
  PID:7416
- C:\Windows\System\wnNNPcI.exe
  C:\Windows\System\wnNNPcI.exe
  2⤵
  PID:7432
- C:\Windows\System\WttylqR.exe
  C:\Windows\System\WttylqR.exe
  2⤵
  PID:7448
- C:\Windows\System\fLuKJlU.exe
  C:\Windows\System\fLuKJlU.exe
  2⤵
  PID:7464
- C:\Windows\System\JIOipQj.exe
  C:\Windows\System\JIOipQj.exe
  2⤵
  PID:7480
- C:\Windows\System\yLVWyJY.exe
  C:\Windows\System\yLVWyJY.exe
  2⤵
  PID:7496
- C:\Windows\System\IqQAuVq.exe
  C:\Windows\System\IqQAuVq.exe
  2⤵
  PID:7516
- C:\Windows\System\FMMCsFL.exe
  C:\Windows\System\FMMCsFL.exe
  2⤵
  PID:7532
- C:\Windows\System\BXdPZWW.exe
  C:\Windows\System\BXdPZWW.exe
  2⤵
  PID:7548
- C:\Windows\System\WJNeBfe.exe
  C:\Windows\System\WJNeBfe.exe
  2⤵
  PID:7564
- C:\Windows\System\vMGIkjz.exe
  C:\Windows\System\vMGIkjz.exe
  2⤵
  PID:7580
- C:\Windows\System\TYDoSRL.exe
  C:\Windows\System\TYDoSRL.exe
  2⤵
  PID:7596
- C:\Windows\System\YmeLZAi.exe
  C:\Windows\System\YmeLZAi.exe
  2⤵
  PID:7612
- C:\Windows\System\ebuhbsV.exe
  C:\Windows\System\ebuhbsV.exe
  2⤵
  PID:7628
- C:\Windows\System\auLShDN.exe
  C:\Windows\System\auLShDN.exe
  2⤵
  PID:7644
- C:\Windows\System\ZvhBYCM.exe
  C:\Windows\System\ZvhBYCM.exe
  2⤵
  PID:7660
- C:\Windows\System\NmJifMx.exe
  C:\Windows\System\NmJifMx.exe
  2⤵
  PID:7676
- C:\Windows\System\pzQMiYO.exe
  C:\Windows\System\pzQMiYO.exe
  2⤵
  PID:7692
- C:\Windows\System\yUgxZDL.exe
  C:\Windows\System\yUgxZDL.exe
  2⤵
  PID:7708
- C:\Windows\System\pyzqduf.exe
  C:\Windows\System\pyzqduf.exe
  2⤵
  PID:7724
- C:\Windows\System\JStuUxy.exe
  C:\Windows\System\JStuUxy.exe
  2⤵
  PID:7740
- C:\Windows\System\oWpojpu.exe
  C:\Windows\System\oWpojpu.exe
  2⤵
  PID:7756
- C:\Windows\System\ByCKJXb.exe
  C:\Windows\System\ByCKJXb.exe
  2⤵
  PID:7772
- C:\Windows\System\BBJUcIB.exe
  C:\Windows\System\BBJUcIB.exe
  2⤵
  PID:7788
- C:\Windows\System\QbGzWWh.exe
  C:\Windows\System\QbGzWWh.exe
  2⤵
  PID:7808
- C:\Windows\System\QqpyIPN.exe
  C:\Windows\System\QqpyIPN.exe
  2⤵
  PID:7832
- C:\Windows\System\CKvsRAO.exe
  C:\Windows\System\CKvsRAO.exe
  2⤵
  PID:7848
- C:\Windows\System\OuUtTfh.exe
  C:\Windows\System\OuUtTfh.exe
  2⤵
  PID:7868
- C:\Windows\System\bcSlKyC.exe
  C:\Windows\System\bcSlKyC.exe
  2⤵
  PID:7884
- C:\Windows\System\OmTThdl.exe
  C:\Windows\System\OmTThdl.exe
  2⤵
  PID:7900
- C:\Windows\System\IwBPDGC.exe
  C:\Windows\System\IwBPDGC.exe
  2⤵
  PID:7932
- C:\Windows\System\CZFDfDr.exe
  C:\Windows\System\CZFDfDr.exe
  2⤵
  PID:7948
- C:\Windows\System\LgDrWJh.exe
  C:\Windows\System\LgDrWJh.exe
  2⤵
  PID:7964
- C:\Windows\System\msRAEtL.exe
  C:\Windows\System\msRAEtL.exe
  2⤵
  PID:7980
- C:\Windows\System\EMWnUVf.exe
  C:\Windows\System\EMWnUVf.exe
  2⤵
  PID:7996
- C:\Windows\System\LTKSqds.exe
  C:\Windows\System\LTKSqds.exe
  2⤵
  PID:8012
- C:\Windows\System\MqkkyCk.exe
  C:\Windows\System\MqkkyCk.exe
  2⤵
  PID:8028
- C:\Windows\System\SRJaCvP.exe
  C:\Windows\System\SRJaCvP.exe
  2⤵
  PID:8044
- C:\Windows\System\dNaqqkz.exe
  C:\Windows\System\dNaqqkz.exe
  2⤵
  PID:8060
- C:\Windows\System\jhNltTI.exe
  C:\Windows\System\jhNltTI.exe
  2⤵
  PID:8076
- C:\Windows\System\XCEwvyy.exe
  C:\Windows\System\XCEwvyy.exe
  2⤵
  PID:8092
- C:\Windows\System\CRNOiUE.exe
  C:\Windows\System\CRNOiUE.exe
  2⤵
  PID:8108
- C:\Windows\System\vHGikxR.exe
  C:\Windows\System\vHGikxR.exe
  2⤵
  PID:8124
- C:\Windows\System\FYAKASD.exe
  C:\Windows\System\FYAKASD.exe
  2⤵
  PID:8140
- C:\Windows\System\mULwzay.exe
  C:\Windows\System\mULwzay.exe
  2⤵
  PID:8156
- C:\Windows\System\xwgwyyX.exe
  C:\Windows\System\xwgwyyX.exe
  2⤵
  PID:8172
- C:\Windows\System\tAMKZqk.exe
  C:\Windows\System\tAMKZqk.exe
  2⤵
  PID:8188
- C:\Windows\System\SUtFTLK.exe
  C:\Windows\System\SUtFTLK.exe
  2⤵
  PID:7172
- C:\Windows\System\ypdeKRV.exe
  C:\Windows\System\ypdeKRV.exe
  2⤵
  PID:7236
- C:\Windows\System\LIGJUHh.exe
  C:\Windows\System\LIGJUHh.exe
  2⤵
  PID:7188
- C:\Windows\System\BwdkopP.exe
  C:\Windows\System\BwdkopP.exe
  2⤵
  PID:7332
- C:\Windows\System\iunURwF.exe
  C:\Windows\System\iunURwF.exe
  2⤵
  PID:7392
- C:\Windows\System\YPvRNOl.exe
  C:\Windows\System\YPvRNOl.exe
  2⤵
  PID:7460
- C:\Windows\System\XRMOPMz.exe
  C:\Windows\System\XRMOPMz.exe
  2⤵
  PID:7280
- C:\Windows\System\opioWtS.exe
  C:\Windows\System\opioWtS.exe
  2⤵
  PID:7376
- C:\Windows\System\SjshoOH.exe
  C:\Windows\System\SjshoOH.exe
  2⤵
  PID:7476
- C:\Windows\System\QOSDrhE.exe
  C:\Windows\System\QOSDrhE.exe
  2⤵
  PID:7344
- C:\Windows\System\brueioW.exe
  C:\Windows\System\brueioW.exe
  2⤵
  PID:7444
- C:\Windows\System\aHmxJou.exe
  C:\Windows\System\aHmxJou.exe
  2⤵
  PID:7508
- C:\Windows\System\RynKCPh.exe
  C:\Windows\System\RynKCPh.exe
  2⤵
  PID:7556
- C:\Windows\System\EzNAWMr.exe
  C:\Windows\System\EzNAWMr.exe
  2⤵
  PID:7592
- C:\Windows\System\eBuIVPZ.exe
  C:\Windows\System\eBuIVPZ.exe
  2⤵
  PID:7572
- C:\Windows\System\GWmlasA.exe
  C:\Windows\System\GWmlasA.exe
  2⤵
  PID:7652
- C:\Windows\System\SBskery.exe
  C:\Windows\System\SBskery.exe
  2⤵
  PID:7672
- C:\Windows\System\zSgMoAM.exe
  C:\Windows\System\zSgMoAM.exe
  2⤵
  PID:7716
- C:\Windows\System\vIAjqmF.exe
  C:\Windows\System\vIAjqmF.exe
  2⤵
  PID:7736
- C:\Windows\System\aDiWurQ.exe
  C:\Windows\System\aDiWurQ.exe
  2⤵
  PID:7768
- C:\Windows\System\zHfrVWJ.exe
  C:\Windows\System\zHfrVWJ.exe
  2⤵
  PID:7800
- C:\Windows\System\XJKwlEy.exe
  C:\Windows\System\XJKwlEy.exe
  2⤵
  PID:7864
- C:\Windows\System\oleWhZA.exe
  C:\Windows\System\oleWhZA.exe
  2⤵
  PID:7908
- C:\Windows\System\RbbbNNq.exe
  C:\Windows\System\RbbbNNq.exe
  2⤵
  PID:7988
- C:\Windows\System\IMbkUeo.exe
  C:\Windows\System\IMbkUeo.exe
  2⤵
  PID:7472
- C:\Windows\System\rDasoZY.exe
  C:\Windows\System\rDasoZY.exe
  2⤵
  PID:7408
- C:\Windows\System\XraqbVw.exe
  C:\Windows\System\XraqbVw.exe
  2⤵
  PID:7524
- C:\Windows\System\RoHMvsR.exe
  C:\Windows\System\RoHMvsR.exe
  2⤵
  PID:7424
- C:\Windows\System\hliXglQ.exe
  C:\Windows\System\hliXglQ.exe
  2⤵
  PID:7668
- C:\Windows\System\XgFOaVJ.exe
  C:\Windows\System\XgFOaVJ.exe
  2⤵
  PID:7752
- C:\Windows\System\pKqqPrR.exe
  C:\Windows\System\pKqqPrR.exe
  2⤵
  PID:7784
- C:\Windows\System\RYoCCGB.exe
  C:\Windows\System\RYoCCGB.exe
  2⤵
  PID:7828
- C:\Windows\System\mIcEKnz.exe
  C:\Windows\System\mIcEKnz.exe
  2⤵
  PID:7844
- C:\Windows\System\yvQFNyg.exe
  C:\Windows\System\yvQFNyg.exe
  2⤵
  PID:7880
- C:\Windows\System\usVJYlh.exe
  C:\Windows\System\usVJYlh.exe
  2⤵
  PID:7940
- C:\Windows\System\FhuecMA.exe
  C:\Windows\System\FhuecMA.exe
  2⤵
  PID:8004
- C:\Windows\System\WeNhTxJ.exe
  C:\Windows\System\WeNhTxJ.exe
  2⤵
  PID:8020
- C:\Windows\System\SETNCNO.exe
  C:\Windows\System\SETNCNO.exe
  2⤵
  PID:8040
- C:\Windows\System\TFjTjFu.exe
  C:\Windows\System\TFjTjFu.exe
  2⤵
  PID:8116
- C:\Windows\System\yxdBcgb.exe
  C:\Windows\System\yxdBcgb.exe
  2⤵
  PID:8180
- C:\Windows\System\bILYIbp.exe
  C:\Windows\System\bILYIbp.exe
  2⤵
  PID:8104
- C:\Windows\System\OdqUxFD.exe
  C:\Windows\System\OdqUxFD.exe
  2⤵
  PID:8136
- C:\Windows\System\LjnUkaw.exe
  C:\Windows\System\LjnUkaw.exe
  2⤵
  PID:8168
- C:\Windows\System\esVgNyh.exe
  C:\Windows\System\esVgNyh.exe
  2⤵
  PID:7360
- C:\Windows\System\Hcxbozs.exe
  C:\Windows\System\Hcxbozs.exe
  2⤵
  PID:7252
- C:\Windows\System\FaDBrtk.exe
  C:\Windows\System\FaDBrtk.exe
  2⤵
  PID:7640
- C:\Windows\System\ECSCduV.exe
  C:\Windows\System\ECSCduV.exe
  2⤵
  PID:7840
- C:\Windows\System\rYVfAdx.exe
  C:\Windows\System\rYVfAdx.exe
  2⤵
  PID:8036
- C:\Windows\System\DaHwCXC.exe
  C:\Windows\System\DaHwCXC.exe
  2⤵
  PID:7824
- C:\Windows\System\IQWyNVQ.exe
  C:\Windows\System\IQWyNVQ.exe
  2⤵
  PID:7700
- C:\Windows\System\zByCAHL.exe
  C:\Windows\System\zByCAHL.exe
  2⤵
  PID:7316
- C:\Windows\System\emErMSA.exe
  C:\Windows\System\emErMSA.exe
  2⤵
  PID:8072
- C:\Windows\System\opDlIsR.exe
  C:\Windows\System\opDlIsR.exe
  2⤵
  PID:7204
- C:\Windows\System\QBBZlZA.exe
  C:\Windows\System\QBBZlZA.exe
  2⤵
  PID:7412
- C:\Windows\System\cbVjaNa.exe
  C:\Windows\System\cbVjaNa.exe
  2⤵
  PID:7184
- C:\Windows\System\hZmdVAt.exe
  C:\Windows\System\hZmdVAt.exe
  2⤵
  PID:7428
- C:\Windows\System\WFygyRg.exe
  C:\Windows\System\WFygyRg.exe
  2⤵
  PID:7928
- C:\Windows\System\iAxrwHl.exe
  C:\Windows\System\iAxrwHl.exe
  2⤵
  PID:7528
- C:\Windows\System\TlyUrEK.exe
  C:\Windows\System\TlyUrEK.exe
  2⤵
  PID:7876
- C:\Windows\System\tXRDpom.exe
  C:\Windows\System\tXRDpom.exe
  2⤵
  PID:7328
- C:\Windows\System\LNxZHzi.exe
  C:\Windows\System\LNxZHzi.exe
  2⤵
  PID:7492
- C:\Windows\System\pagoYRY.exe
  C:\Windows\System\pagoYRY.exe
  2⤵
  PID:7312
- C:\Windows\System\WGswkbI.exe
  C:\Windows\System\WGswkbI.exe
  2⤵
  PID:8204
- C:\Windows\System\uDIAcTN.exe
  C:\Windows\System\uDIAcTN.exe
  2⤵
  PID:8220
- C:\Windows\System\ZTdPosi.exe
  C:\Windows\System\ZTdPosi.exe
  2⤵
  PID:8240
- C:\Windows\System\RKhEbMS.exe
  C:\Windows\System\RKhEbMS.exe
  2⤵
  PID:8256
- C:\Windows\System\PBgrWlv.exe
  C:\Windows\System\PBgrWlv.exe
  2⤵
  PID:8272
- C:\Windows\System\hoMQeSF.exe
  C:\Windows\System\hoMQeSF.exe
  2⤵
  PID:8288
- C:\Windows\System\YjxxMyD.exe
  C:\Windows\System\YjxxMyD.exe
  2⤵
  PID:8304
- C:\Windows\System\aodSamK.exe
  C:\Windows\System\aodSamK.exe
  2⤵
  PID:8320
- C:\Windows\System\eFIzgiK.exe
  C:\Windows\System\eFIzgiK.exe
  2⤵
  PID:8336
- C:\Windows\System\AAufCuc.exe
  C:\Windows\System\AAufCuc.exe
  2⤵
  PID:8352
- C:\Windows\System\kiwFUqu.exe
  C:\Windows\System\kiwFUqu.exe
  2⤵
  PID:8368
- C:\Windows\System\PyNSwWG.exe
  C:\Windows\System\PyNSwWG.exe
  2⤵
  PID:8384
- C:\Windows\System\fmonUmx.exe
  C:\Windows\System\fmonUmx.exe
  2⤵
  PID:8400
- C:\Windows\System\pJGCCyr.exe
  C:\Windows\System\pJGCCyr.exe
  2⤵
  PID:8416
- C:\Windows\System\dnqMHQO.exe
  C:\Windows\System\dnqMHQO.exe
  2⤵
  PID:8432
- C:\Windows\System\itpNToo.exe
  C:\Windows\System\itpNToo.exe
  2⤵
  PID:8448
- C:\Windows\System\GTlCYHa.exe
  C:\Windows\System\GTlCYHa.exe
  2⤵
  PID:8472
- C:\Windows\System\iGmHFiY.exe
  C:\Windows\System\iGmHFiY.exe
  2⤵
  PID:8488
- C:\Windows\System\dBXgUDK.exe
  C:\Windows\System\dBXgUDK.exe
  2⤵
  PID:8504
- C:\Windows\System\rFIDjAV.exe
  C:\Windows\System\rFIDjAV.exe
  2⤵
  PID:8520
- C:\Windows\System\HQWmNdT.exe
  C:\Windows\System\HQWmNdT.exe
  2⤵
  PID:8544
- C:\Windows\System\KTcwpSS.exe
  C:\Windows\System\KTcwpSS.exe
  2⤵
  PID:8560
- C:\Windows\System\hPPMoMO.exe
  C:\Windows\System\hPPMoMO.exe
  2⤵
  PID:8580
- C:\Windows\System\NazAKrO.exe
  C:\Windows\System\NazAKrO.exe
  2⤵
  PID:8596
- C:\Windows\System\mMQVtaa.exe
  C:\Windows\System\mMQVtaa.exe
  2⤵
  PID:8612
- C:\Windows\System\TnJFPFq.exe
  C:\Windows\System\TnJFPFq.exe
  2⤵
  PID:8628
- C:\Windows\System\iVrUGlP.exe
  C:\Windows\System\iVrUGlP.exe
  2⤵
  PID:8644
- C:\Windows\System\fKxVTYM.exe
  C:\Windows\System\fKxVTYM.exe
  2⤵
  PID:8844
- C:\Windows\System\ufeCFzG.exe
  C:\Windows\System\ufeCFzG.exe
  2⤵
  PID:8860
- C:\Windows\System\nNcLQcJ.exe
  C:\Windows\System\nNcLQcJ.exe
  2⤵
  PID:8916
- C:\Windows\System\pZUZTPB.exe
  C:\Windows\System\pZUZTPB.exe
  2⤵
  PID:8932
- C:\Windows\System\yLVHVta.exe
  C:\Windows\System\yLVHVta.exe
  2⤵
  PID:8948
- C:\Windows\System\cbKmkUY.exe
  C:\Windows\System\cbKmkUY.exe
  2⤵
  PID:9188
- C:\Windows\System\WkMOjuN.exe
  C:\Windows\System\WkMOjuN.exe
  2⤵
  PID:9208
- C:\Windows\System\ayAQWTw.exe
  C:\Windows\System\ayAQWTw.exe
  2⤵
  PID:7960
- C:\Windows\System\wHJAKOb.exe
  C:\Windows\System\wHJAKOb.exe
  2⤵
  PID:8088
- C:\Windows\System\JthjenS.exe
  C:\Windows\System\JthjenS.exe
  2⤵
  PID:7816
- C:\Windows\System\SkZhptQ.exe
  C:\Windows\System\SkZhptQ.exe
  2⤵
  PID:8296
- C:\Windows\System\ZNqEZhz.exe
  C:\Windows\System\ZNqEZhz.exe
  2⤵
  PID:8284
- C:\Windows\System\iMltyBB.exe
  C:\Windows\System\iMltyBB.exe
  2⤵
  PID:8312
- C:\Windows\System\iZdFVtB.exe
  C:\Windows\System\iZdFVtB.exe
  2⤵
  PID:8396
- C:\Windows\System\lkWpLBw.exe
  C:\Windows\System\lkWpLBw.exe
  2⤵
  PID:8468
- C:\Windows\System\cIFmBcP.exe
  C:\Windows\System\cIFmBcP.exe
  2⤵
  PID:8348
- C:\Windows\System\tOcJsBx.exe
  C:\Windows\System\tOcJsBx.exe
  2⤵
  PID:8440
- C:\Windows\System\zgkeInD.exe
  C:\Windows\System\zgkeInD.exe
  2⤵
  PID:8500
- C:\Windows\System\xHGasKp.exe
  C:\Windows\System\xHGasKp.exe
  2⤵
  PID:8568
- C:\Windows\System\OlRRiks.exe
  C:\Windows\System\OlRRiks.exe
  2⤵
  PID:8576
- C:\Windows\System\KcRsNWA.exe
  C:\Windows\System\KcRsNWA.exe
  2⤵
  PID:8624
- C:\Windows\System\rrKkXqP.exe
  C:\Windows\System\rrKkXqP.exe
  2⤵
  PID:7924
- C:\Windows\System\Dmozhel.exe
  C:\Windows\System\Dmozhel.exe
  2⤵
  PID:8676
- C:\Windows\System\AxycLKf.exe
  C:\Windows\System\AxycLKf.exe
  2⤵
  PID:8052
- C:\Windows\System\rvLizZQ.exe
  C:\Windows\System\rvLizZQ.exe
  2⤵
  PID:8700
- C:\Windows\System\GBFZjXX.exe
  C:\Windows\System\GBFZjXX.exe
  2⤵
  PID:8744
- C:\Windows\System\kImwtBH.exe
  C:\Windows\System\kImwtBH.exe
  2⤵
  PID:8724
- C:\Windows\System\CfaoGVe.exe
  C:\Windows\System\CfaoGVe.exe
  2⤵
  PID:8852
- C:\Windows\System\YJeshYa.exe
  C:\Windows\System\YJeshYa.exe
  2⤵
  PID:8820
- C:\Windows\System\WCJmTXg.exe
  C:\Windows\System\WCJmTXg.exe
  2⤵
  PID:8784
- C:\Windows\System\iVBfTpM.exe
  C:\Windows\System\iVBfTpM.exe
  2⤵
  PID:8880
- C:\Windows\System\AGFFwKz.exe
  C:\Windows\System\AGFFwKz.exe
  2⤵
  PID:8892
- C:\Windows\System\TpfatpR.exe
  C:\Windows\System\TpfatpR.exe
  2⤵
  PID:8908
- C:\Windows\System\fXJfOqN.exe
  C:\Windows\System\fXJfOqN.exe
  2⤵
  PID:8972
- C:\Windows\System\fpprPKO.exe
  C:\Windows\System\fpprPKO.exe
  2⤵
  PID:8988
- C:\Windows\System\yhkAVFe.exe
  C:\Windows\System\yhkAVFe.exe
  2⤵
  PID:9004
- C:\Windows\System\YayuHaV.exe
  C:\Windows\System\YayuHaV.exe
  2⤵
  PID:9024
- C:\Windows\System\nRBqIks.exe
  C:\Windows\System\nRBqIks.exe
  2⤵
  PID:9044
- C:\Windows\System\rZIqLmG.exe
  C:\Windows\System\rZIqLmG.exe
  2⤵
  PID:9072
- C:\Windows\System\LwtbTsR.exe
  C:\Windows\System\LwtbTsR.exe
  2⤵
  PID:9080
- C:\Windows\System\rdMnpkg.exe
  C:\Windows\System\rdMnpkg.exe
  2⤵
  PID:9100
- C:\Windows\System\EaNsAbt.exe
  C:\Windows\System\EaNsAbt.exe
  2⤵
  PID:9120
- C:\Windows\System\RdHBWDi.exe
  C:\Windows\System\RdHBWDi.exe
  2⤵
  PID:9136
- C:\Windows\System\QsEOoAZ.exe
  C:\Windows\System\QsEOoAZ.exe
  2⤵
  PID:9152
- C:\Windows\System\EXQCVBC.exe
  C:\Windows\System\EXQCVBC.exe
  2⤵
  PID:9180
- C:\Windows\System\dllCmvs.exe
  C:\Windows\System\dllCmvs.exe
  2⤵
  PID:8056
- C:\Windows\System\qexGJlO.exe
  C:\Windows\System\qexGJlO.exe
  2⤵
  PID:2604
- C:\Windows\System\RntkalD.exe
  C:\Windows\System\RntkalD.exe
  2⤵
  PID:8264
- C:\Windows\System\fQytEMh.exe
  C:\Windows\System\fQytEMh.exe
  2⤵
  PID:8364
- C:\Windows\System\ngQfZOR.exe
  C:\Windows\System\ngQfZOR.exe
  2⤵
  PID:8344
- C:\Windows\System\YIWpmMr.exe
  C:\Windows\System\YIWpmMr.exe
  2⤵
  PID:8556
- C:\Windows\System\qMyyENc.exe
  C:\Windows\System\qMyyENc.exe
  2⤵
  PID:8332
- C:\Windows\System\HUIBaUf.exe
  C:\Windows\System\HUIBaUf.exe
  2⤵
  PID:8428
- C:\Windows\System\jStrovC.exe
  C:\Windows\System\jStrovC.exe
  2⤵
  PID:8776
- C:\Windows\System\nOzBQdw.exe
  C:\Windows\System\nOzBQdw.exe
  2⤵
  PID:8792
- C:\Windows\System\jCifLRF.exe
  C:\Windows\System\jCifLRF.exe
  2⤵
  PID:8716
- C:\Windows\System\lorXlJH.exe
  C:\Windows\System\lorXlJH.exe
  2⤵
  PID:8512
- C:\Windows\System\NjXYohy.exe
  C:\Windows\System\NjXYohy.exe
  2⤵
  PID:8812
- C:\Windows\System\hMORNtb.exe
  C:\Windows\System\hMORNtb.exe
  2⤵
  PID:8828
- C:\Windows\System\oFlFEPT.exe
  C:\Windows\System\oFlFEPT.exe
  2⤵
  PID:8872
- C:\Windows\System\ztNqSpi.exe
  C:\Windows\System\ztNqSpi.exe
  2⤵
  PID:8940
- C:\Windows\System\rYLZjxX.exe
  C:\Windows\System\rYLZjxX.exe
  2⤵
  PID:8980
- C:\Windows\System\HSOXxrD.exe
  C:\Windows\System\HSOXxrD.exe
  2⤵
  PID:9032
- C:\Windows\System\VOkrdQV.exe
  C:\Windows\System\VOkrdQV.exe
  2⤵
  PID:9112
- C:\Windows\System\lZjWptI.exe
  C:\Windows\System\lZjWptI.exe
  2⤵
  PID:9092
- C:\Windows\System\WjZCaTZ.exe
  C:\Windows\System\WjZCaTZ.exe
  2⤵
  PID:9148
- C:\Windows\System\BDjobok.exe
  C:\Windows\System\BDjobok.exe
  2⤵
  PID:8216
- C:\Windows\System\LYdIJun.exe
  C:\Windows\System\LYdIJun.exe
  2⤵
  PID:8228
- C:\Windows\System\EotONYC.exe
  C:\Windows\System\EotONYC.exe
  2⤵
  PID:8232
- C:\Windows\System\uRHnCcZ.exe
  C:\Windows\System\uRHnCcZ.exe
  2⤵
  PID:9176
- C:\Windows\System\pAHPYMW.exe
  C:\Windows\System\pAHPYMW.exe
  2⤵
  PID:8684
- C:\Windows\System\rqwnobM.exe
  C:\Windows\System\rqwnobM.exe
  2⤵
  PID:8680
- C:\Windows\System\MWFrHyY.exe
  C:\Windows\System\MWFrHyY.exe
  2⤵
  PID:8748
- C:\Windows\System\JRbUgea.exe
  C:\Windows\System\JRbUgea.exe
  2⤵
  PID:8620
- C:\Windows\System\MDpWEcq.exe
  C:\Windows\System\MDpWEcq.exe
  2⤵
  PID:8380
- C:\Windows\System\CAZLCKa.exe
  C:\Windows\System\CAZLCKa.exe
  2⤵
  PID:8800
- C:\Windows\System\ldokrEi.exe
  C:\Windows\System\ldokrEi.exe
  2⤵
  PID:8928
- C:\Windows\System\MSkhcAX.exe
  C:\Windows\System\MSkhcAX.exe
  2⤵
  PID:8516
- C:\Windows\System\KSmYGEd.exe
  C:\Windows\System\KSmYGEd.exe
  2⤵
  PID:9084
- C:\Windows\System\uSsCERX.exe
  C:\Windows\System\uSsCERX.exe
  2⤵
  PID:9000
- C:\Windows\System\CelCORM.exe
  C:\Windows\System\CelCORM.exe
  2⤵
  PID:9116
- C:\Windows\System\ocLpzyL.exe
  C:\Windows\System\ocLpzyL.exe
  2⤵
  PID:9172
- C:\Windows\System\XipfIZZ.exe
  C:\Windows\System\XipfIZZ.exe
  2⤵
  PID:7268
- C:\Windows\System\OZPGKqk.exe
  C:\Windows\System\OZPGKqk.exe
  2⤵
  PID:8532
- C:\Windows\System\IEXogzi.exe
  C:\Windows\System\IEXogzi.exe
  2⤵
  PID:8328
- C:\Windows\System\tFKoqJY.exe
  C:\Windows\System\tFKoqJY.exe
  2⤵
  PID:8772
- C:\Windows\System\VEZzKAJ.exe
  C:\Windows\System\VEZzKAJ.exe
  2⤵
  PID:8704
- C:\Windows\System\ocqdJgv.exe
  C:\Windows\System\ocqdJgv.exe
  2⤵
  PID:8956
- C:\Windows\System\IYzmVPg.exe
  C:\Windows\System\IYzmVPg.exe
  2⤵
  PID:8996
- C:\Windows\System\KwzApvk.exe
  C:\Windows\System\KwzApvk.exe
  2⤵
  PID:9200
- C:\Windows\System\tMMDEnN.exe
  C:\Windows\System\tMMDEnN.exe
  2⤵
  PID:9064
- C:\Windows\System\SjEDPuQ.exe
  C:\Windows\System\SjEDPuQ.exe
  2⤵
  PID:9052
- C:\Windows\System\rCYZbZn.exe
  C:\Windows\System\rCYZbZn.exe
  2⤵
  PID:8836
- C:\Windows\System\HvSsNIs.exe
  C:\Windows\System\HvSsNIs.exe
  2⤵
  PID:8608
- C:\Windows\System\pLDWlvn.exe
  C:\Windows\System\pLDWlvn.exe
  2⤵
  PID:8536
- C:\Windows\System\qxAlQjV.exe
  C:\Windows\System\qxAlQjV.exe
  2⤵
  PID:8640
- C:\Windows\System\hlRhNAd.exe
  C:\Windows\System\hlRhNAd.exe
  2⤵
  PID:8736
- C:\Windows\System\EwHBOQc.exe
  C:\Windows\System\EwHBOQc.exe
  2⤵
  PID:8840
- C:\Windows\System\VkRJqbw.exe
  C:\Windows\System\VkRJqbw.exe
  2⤵
  PID:9232
- C:\Windows\System\msevSRa.exe
  C:\Windows\System\msevSRa.exe
  2⤵
  PID:9248
- C:\Windows\System\SDIOALR.exe
  C:\Windows\System\SDIOALR.exe
  2⤵
  PID:9284
- C:\Windows\System\TpaPaov.exe
  C:\Windows\System\TpaPaov.exe
  2⤵
  PID:9300
- C:\Windows\System\PGZseGP.exe
  C:\Windows\System\PGZseGP.exe
  2⤵
  PID:9324
- C:\Windows\System\FOiFMja.exe
  C:\Windows\System\FOiFMja.exe
  2⤵
  PID:9340
- C:\Windows\System\WUKClFL.exe
  C:\Windows\System\WUKClFL.exe
  2⤵
  PID:9356
- C:\Windows\System\XZxGePg.exe
  C:\Windows\System\XZxGePg.exe
  2⤵
  PID:9372
- C:\Windows\System\UeTqniy.exe
  C:\Windows\System\UeTqniy.exe
  2⤵
  PID:9388
- C:\Windows\System\iIjPjcc.exe
  C:\Windows\System\iIjPjcc.exe
  2⤵
  PID:9408
- C:\Windows\System\tGXvBQF.exe
  C:\Windows\System\tGXvBQF.exe
  2⤵
  PID:9424
- C:\Windows\System\zHarWIJ.exe
  C:\Windows\System\zHarWIJ.exe
  2⤵
  PID:9440
- C:\Windows\System\NECysIS.exe
  C:\Windows\System\NECysIS.exe
  2⤵
  PID:9456
- C:\Windows\System\ipidVPr.exe
  C:\Windows\System\ipidVPr.exe
  2⤵
  PID:9476
- C:\Windows\System\diGcRIs.exe
  C:\Windows\System\diGcRIs.exe
  2⤵
  PID:9496
- C:\Windows\System\memPuXp.exe
  C:\Windows\System\memPuXp.exe
  2⤵
  PID:9524
- C:\Windows\System\etbrzNa.exe
  C:\Windows\System\etbrzNa.exe
  2⤵
  PID:9540
- C:\Windows\System\JAmnhMP.exe
  C:\Windows\System\JAmnhMP.exe
  2⤵
  PID:9556
- C:\Windows\System\UwNXmGh.exe
  C:\Windows\System\UwNXmGh.exe
  2⤵
  PID:9580
- C:\Windows\System\LDWmmeF.exe
  C:\Windows\System\LDWmmeF.exe
  2⤵
  PID:9604
- C:\Windows\System\uJIorFY.exe
  C:\Windows\System\uJIorFY.exe
  2⤵
  PID:9652
- C:\Windows\System\aYaXMjC.exe
  C:\Windows\System\aYaXMjC.exe
  2⤵
  PID:9676
- C:\Windows\System\QlILTjC.exe
  C:\Windows\System\QlILTjC.exe
  2⤵
  PID:9696
- C:\Windows\System\YqyPDqt.exe
  C:\Windows\System\YqyPDqt.exe
  2⤵
  PID:9716
- C:\Windows\System\Azhbbbq.exe
  C:\Windows\System\Azhbbbq.exe
  2⤵
  PID:9740
- C:\Windows\System\FHmyKbK.exe
  C:\Windows\System\FHmyKbK.exe
  2⤵
  PID:9756
- C:\Windows\System\sMIrCaI.exe
  C:\Windows\System\sMIrCaI.exe
  2⤵
  PID:9776
- C:\Windows\System\NlrDmfS.exe
  C:\Windows\System\NlrDmfS.exe
  2⤵
  PID:9796
- C:\Windows\System\VMIGOtA.exe
  C:\Windows\System\VMIGOtA.exe
  2⤵
  PID:9812
- C:\Windows\System\iOpTqea.exe
  C:\Windows\System\iOpTqea.exe
  2⤵
  PID:9832
- C:\Windows\System\MmATnSA.exe
  C:\Windows\System\MmATnSA.exe
  2⤵
  PID:9852
- C:\Windows\System\QGjTQoB.exe
  C:\Windows\System\QGjTQoB.exe
  2⤵
  PID:9868
- C:\Windows\System\uXpjbTF.exe
  C:\Windows\System\uXpjbTF.exe
  2⤵
  PID:9896
- C:\Windows\System\fnAbymy.exe
  C:\Windows\System\fnAbymy.exe
  2⤵
  PID:9912
- C:\Windows\System\OdRTrfp.exe
  C:\Windows\System\OdRTrfp.exe
  2⤵
  PID:9932
- C:\Windows\System\UgZSDgl.exe
  C:\Windows\System\UgZSDgl.exe
  2⤵
  PID:9948
- C:\Windows\System\RrkrQCM.exe
  C:\Windows\System\RrkrQCM.exe
  2⤵
  PID:9964
- C:\Windows\System\nqGIvxL.exe
  C:\Windows\System\nqGIvxL.exe
  2⤵
  PID:9992
- C:\Windows\System\SIouMAJ.exe
  C:\Windows\System\SIouMAJ.exe
  2⤵
  PID:10008
- C:\Windows\System\vhIiNOQ.exe
  C:\Windows\System\vhIiNOQ.exe
  2⤵
  PID:10024
- C:\Windows\System\RzNxYDz.exe
  C:\Windows\System\RzNxYDz.exe
  2⤵
  PID:10052
- C:\Windows\System\otDGipF.exe
  C:\Windows\System\otDGipF.exe
  2⤵
  PID:10068
- C:\Windows\System\sPABXCW.exe
  C:\Windows\System\sPABXCW.exe
  2⤵
  PID:10084
- C:\Windows\System\WRnXhHb.exe
  C:\Windows\System\WRnXhHb.exe
  2⤵
  PID:10108
- C:\Windows\System\IrdQRwy.exe
  C:\Windows\System\IrdQRwy.exe
  2⤵
  PID:10144
- C:\Windows\System\acnEogj.exe
  C:\Windows\System\acnEogj.exe
  2⤵
  PID:10160
- C:\Windows\System\pZkbAfI.exe
  C:\Windows\System\pZkbAfI.exe
  2⤵
  PID:10176
- C:\Windows\System\sSZTONo.exe
  C:\Windows\System\sSZTONo.exe
  2⤵
  PID:10200
- C:\Windows\System\xTUmaob.exe
  C:\Windows\System\xTUmaob.exe
  2⤵
  PID:10216
- C:\Windows\System\bskNnKt.exe
  C:\Windows\System\bskNnKt.exe
  2⤵
  PID:10236
- C:\Windows\System\EZqrhjg.exe
  C:\Windows\System\EZqrhjg.exe
  2⤵
  PID:8780
- C:\Windows\System\Xkvhmsg.exe
  C:\Windows\System\Xkvhmsg.exe
  2⤵
  PID:9272
- C:\Windows\System\NUgASCW.exe
  C:\Windows\System\NUgASCW.exe
  2⤵
  PID:9220
- C:\Windows\System\ARWRcmx.exe
  C:\Windows\System\ARWRcmx.exe
  2⤵
  PID:9264
- C:\Windows\System\GRpanKh.exe
  C:\Windows\System\GRpanKh.exe
  2⤵
  PID:9308
- C:\Windows\System\xKEGQdt.exe
  C:\Windows\System\xKEGQdt.exe
  2⤵
  PID:9396
- C:\Windows\System\StEFtdS.exe
  C:\Windows\System\StEFtdS.exe
  2⤵
  PID:9400
- C:\Windows\System\QmUGvZX.exe
  C:\Windows\System\QmUGvZX.exe
  2⤵
  PID:9320
- C:\Windows\System\uAHgPOS.exe
  C:\Windows\System\uAHgPOS.exe
  2⤵
  PID:9464
- C:\Windows\System\UVAnxMS.exe
  C:\Windows\System\UVAnxMS.exe
  2⤵
  PID:9508
- C:\Windows\System\aNvgmOr.exe
  C:\Windows\System\aNvgmOr.exe
  2⤵
  PID:9488
- C:\Windows\System\gETmuuR.exe
  C:\Windows\System\gETmuuR.exe
  2⤵
  PID:9548
- C:\Windows\System\hQhwtMm.exe
  C:\Windows\System\hQhwtMm.exe
  2⤵
  PID:9592
- C:\Windows\System\ONMgpYE.exe
  C:\Windows\System\ONMgpYE.exe
  2⤵
  PID:9616
- C:\Windows\System\qwvODrd.exe
  C:\Windows\System\qwvODrd.exe
  2⤵
  PID:9648
- C:\Windows\System\cSaCIJr.exe
  C:\Windows\System\cSaCIJr.exe
  2⤵
  PID:9684
- C:\Windows\System\MRgJvnr.exe
  C:\Windows\System\MRgJvnr.exe
  2⤵
  PID:9724
- C:\Windows\System\OnYtVLI.exe
  C:\Windows\System\OnYtVLI.exe
  2⤵
  PID:9752
- C:\Windows\System\onCvcrJ.exe
  C:\Windows\System\onCvcrJ.exe
  2⤵
  PID:9828
- C:\Windows\System\vpbNipz.exe
  C:\Windows\System\vpbNipz.exe
  2⤵
  PID:9908
- C:\Windows\System\eyKdCLa.exe
  C:\Windows\System\eyKdCLa.exe
  2⤵
  PID:9976
- C:\Windows\System\sILEDww.exe
  C:\Windows\System\sILEDww.exe
  2⤵
  PID:9768
- C:\Windows\System\zCzwGop.exe
  C:\Windows\System\zCzwGop.exe
  2⤵
  PID:9840
- C:\Windows\System\dzMEdNY.exe
  C:\Windows\System\dzMEdNY.exe
  2⤵
  PID:9884
- C:\Windows\System\yzvvvJy.exe
  C:\Windows\System\yzvvvJy.exe
  2⤵
  PID:9928
- C:\Windows\System\JGgaQUc.exe
  C:\Windows\System\JGgaQUc.exe
  2⤵
  PID:10032
- C:\Windows\System\WMqeStu.exe
  C:\Windows\System\WMqeStu.exe
  2⤵
  PID:10124
- C:\Windows\System\OgEAXEa.exe
  C:\Windows\System\OgEAXEa.exe
  2⤵
  PID:10116
- C:\Windows\System\dHJzAYU.exe
  C:\Windows\System\dHJzAYU.exe
  2⤵
  PID:10152
- C:\Windows\System\yusgPYK.exe
  C:\Windows\System\yusgPYK.exe
  2⤵
  PID:10172
- C:\Windows\System\gmsTpdo.exe
  C:\Windows\System\gmsTpdo.exe
  2⤵
  PID:10228
- C:\Windows\System\JWoOBse.exe
  C:\Windows\System\JWoOBse.exe
  2⤵
  PID:9164
- C:\Windows\System\taiKksy.exe
  C:\Windows\System\taiKksy.exe
  2⤵
  PID:9348
- C:\Windows\System\SlLnWHJ.exe
  C:\Windows\System\SlLnWHJ.exe
  2⤵
  PID:8408
- C:\Windows\System\ikXeRfS.exe
  C:\Windows\System\ikXeRfS.exe
  2⤵
  PID:9568
- C:\Windows\System\PbHOSEh.exe
  C:\Windows\System\PbHOSEh.exe
  2⤵
  PID:9640
- C:\Windows\System\huMjUPt.exe
  C:\Windows\System\huMjUPt.exe
  2⤵
  PID:9672
- C:\Windows\System\NDYaxgx.exe
  C:\Windows\System\NDYaxgx.exe
  2⤵
  PID:9736
- C:\Windows\System\TeIUSIM.exe
  C:\Windows\System\TeIUSIM.exe
  2⤵
  PID:9820
- C:\Windows\System\XMCTlYB.exe
  C:\Windows\System\XMCTlYB.exe
  2⤵
  PID:9404
- C:\Windows\System\NNHthGp.exe
  C:\Windows\System\NNHthGp.exe
  2⤵
  PID:9532
- C:\Windows\System\ZXPofVk.exe
  C:\Windows\System\ZXPofVk.exe
  2⤵
  PID:9448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AtUCwOP.exe

Filesize
6.0MB

MD5
ba13fad870ff3ef2477c8baa02bf57ca

SHA1
37a69d9121d4f5fc1e1c38f5ca9918ad5e61017e

SHA256
09165456e5ecd1fd90c2ec1f0177957565322a91b8d6d80d4dc9ba2dfe2cec2c

SHA512
b6b99d56551bc8a0c0de040fd18103abfbdc580331c028e3ac02caee4f236c24195d5952015baf465115ad1b318b58116b5aeedae18e9d5e0464ff4bfeca5d04

Download Submit
C:\Windows\system\BsgGHkG.exe

Filesize
6.0MB

MD5
bc9429fa5e4ba2d353b736255e8edd32

SHA1
c412a5ce273c892f22f87675c646b63c489a047d

SHA256
a5a06fb4dffe1ac3bb53d77f9f15a31d91e5cb84985b4ddf8d26fec08eacfcc0

SHA512
36c5ca809d60a4f44fe1d2e59da7774b047f4427d0a239096a4402e2f7adaf9e343fb45293e938dac591a8dc5c2fbaf89247a8a0faa421f758d396849a7bd813

Download Submit
C:\Windows\system\IQjjNDq.exe

Filesize
6.0MB

MD5
30aafc746a27b8d6e2f0d97344cea421

SHA1
e420319670dcbbbacdb4a5a0e42302ab9ee495ec

SHA256
8bff00b2267a8c9558b61712913db13478108de9877625368f153a14d69e94fe

SHA512
5e10bf9ad2daa22ed821244323672c1ab2ed92a18adfaab8e8a7f75e6a6aaf725c2aabd73055ab706dfb28da4da469c7a5bbcf5666a1366196486e9635fffb14

Download Submit
C:\Windows\system\JrAMFpt.exe

Filesize
6.0MB

MD5
dbd10ede537fdc258b6790928b1e9f0c

SHA1
09d5e1d83aa81c763594aa8d0e3f550b079ca0e9

SHA256
f447818d7d6b3587744050091b437aa5e57371b48ba70789d8594e46f1499c28

SHA512
531a62446d0f1a1058668f2f0d656f0de9d63a48e6439987910a9fe0f3614615726c08f85f77bc03af916832edce3b071abd90acdca43903045b988de5c7202c

Download Submit
C:\Windows\system\NbgTLAF.exe

Filesize
6.0MB

MD5
bb4681b3d9f0204efbab729402acd2c0

SHA1
51040157dcee686a40677405a93932d2ba7969a2

SHA256
1d5b476cc2241c34573255a7a71eea9fd0e0a0e48ac45ebbc29597d078a91d6d

SHA512
c15e4521ab102d8409589ae4380bf6fe1b24cc9953154632bdda9790884788a97bcbf36e642357c959311f957d83f8e2e685f8a2c15fc17811dbda37d23a4028

Download Submit
C:\Windows\system\OzBCerE.exe

Filesize
6.0MB

MD5
b92e23337a043d99d1df89099dd5d924

SHA1
7125d9b2d1c498ba35c1421a30b7d072cbd150e8

SHA256
1b62fdf3874c0a92e72b7c6199aa4fe3164187dabada62acddbc05c8ece46ee3

SHA512
a90eb419a4b4455d5ce7c08eb8a45545dc579fc56c4c24a18d0082fd91d95a6964eb1819c569ec30740f1877c711904e557f25b81fb5f055d52e83fdb9f00c58

Download Submit
C:\Windows\system\QnTzAKK.exe

Filesize
6.0MB

MD5
a45be34dab41c2afeb54543b369379cf

SHA1
850e2c9dd59782812d672d45fec8b8d9d468b0f9

SHA256
367ea26387c1678b71eb8d049cdc45f0151fa7453f2f942b4627cfb9940f2f10

SHA512
db7e54fbfc35a2432fd58dfd176fcb53926a252064ae801c8d86c7067b76edd0dd3d666b1353648f71a23aa35a06aa2a9b626525ad2a7b0f6042fa0bca9db43a

Download Submit
C:\Windows\system\QyEZnvz.exe

Filesize
6.0MB

MD5
0961c1b6c12b03ac60cab533384e3dfd

SHA1
9a60f0f1fa676dc5d70005b5f572b0c82b6083f7

SHA256
0e5c81eea75350c1dcc4d64c7bf9d0d3d98bd5b9557cc44d00047bae0d8be965

SHA512
b680a476fc0f78bc181a2859e048ed89523c66168cdcf5fea5c624527130363cdea421b80d5a6de076f7e03329816eb7002f7d897e86a92b6864548181c01d41

Download Submit
C:\Windows\system\RDJCfqJ.exe

Filesize
6.0MB

MD5
89720941a46261480ec2f991421b2f87

SHA1
7d4b01c190ff58b4947c0415f27be93afe139083

SHA256
f2809ee87a59dac799f9cd6c48edba4b187778e5a54349b26010dbf65c5c11fe

SHA512
d387c9fa0bdade200d20ba73aea8f204600a1923d496ee85ae1fe1066a5b6f81c75128c9637cd0281661381c9f68433d6b86d9e7dbfdaccb196147a9a955e21a

Download Submit
C:\Windows\system\REUAHZs.exe

Filesize
6.0MB

MD5
876947bc2c28946fdf017f1c8efd28b8

SHA1
b5467419ff126e7de73903f2a8d0741422d1f515

SHA256
5475535e1ad87e45a69dd63b4a51c2671243fe476c3aa7dc0c09ccc304dd9e07

SHA512
32e0177e9e90b57681bf03c9feeeb1783a395d1589877893cc99bf468e289ff2f3169b72c366811bf817755b37a19f8264942da04686e7fbafc2cde7fa346a67

Download Submit
C:\Windows\system\RcUgGhf.exe

Filesize
6.0MB

MD5
e295d295d478768b988695636c21d805

SHA1
09aabd60319fdd5537317d53fb3e6b83df7a4fdd

SHA256
f1d431c5c3addb72916a2bd055e46ad10a21b8b616144dfbff51c0fc50d078ad

SHA512
4dbcec456c63ffe31782278bdf23137145d86ac4580174e349022ee3374d771eb8be7b5615408de5b89a6945678deb38fdf12c6f84c690c8f10db9f624b15f8b

Download Submit
C:\Windows\system\THMaNtN.exe

Filesize
6.0MB

MD5
afdb2a3b2d59d43208540fc81c714601

SHA1
1392f12cc5c96f8f582438478e6479e4d962c9e2

SHA256
45c178c214bfe0a2198028390439581b4834167a99c472c45e71e78a24039a34

SHA512
7908fb978fcd19dadfac173e7b53ba144fe8f2c5c70dc26ebb36bb6f20c016cc5ddb4bd7d3500269dc9387acba806af7856f17a4d0884df2f286cac3dd718bd7

Download Submit
C:\Windows\system\UgQtbzF.exe

Filesize
6.0MB

MD5
aa5ae7d1298c3ff11a380e2ac2becaf3

SHA1
bc42af9189b0c6518c26c99ca1e7cd3b5ec73e23

SHA256
6d62d0e9549eda7136e5367a717de913b5e6f58624516030c6c8338d3306be43

SHA512
9394a5c2e54d5064a99b16e1962f6f62007982919f14e8b6afaba60399541d688c11539130396ab53710766d1ea9229b4ed5915fecce3a2cb78bee9090eb3085

Download Submit
C:\Windows\system\ZWUomix.exe

Filesize
6.0MB

MD5
8067f093b8f8fd2d93c66e6196229fe3

SHA1
829fa547bde57d3cae15db16bdc38604ca0cc5cb

SHA256
3b9579c91231fccaf83be7855bf766e73c3c24faf1a6c6b0d0a6ed90d2e18de7

SHA512
313b0c24ff5244539a2de1d4e8c8c761ecb4350ecd4df922a8d6e885b0b7f085ebb75573914b274082171f8049d58a7bf27b8f7fed530dd657ff25fd9026adba

Download Submit
C:\Windows\system\bErWSmJ.exe

Filesize
6.0MB

MD5
67886e3c8cf465d0655a92d8c4d5f596

SHA1
7b734ae4369051694a5d12388a7054b4796a9548

SHA256
1c411f0349f8f0e5d1c5434f5f85f7d85aca0c85779559d2cacc80b5a774c422

SHA512
a8a71be81b8b69e779e6a652e8df987912aa280dd561e8f5a3e7af095a03d6e2f0825c50b763543d1330af974feb48413866f3e97987606a7c4d676f3cf72387

Download Submit
C:\Windows\system\eRtGYTP.exe

Filesize
6.0MB

MD5
15df2ff34eb2a56a0644f9f5e7a5aaef

SHA1
54c09aa32ed9fde2fd65424f0e7a87a43cc8c35d

SHA256
b79244f1040fdffa822bd025c265fce776e4b05e4f3aee113e35a5e0c2526abe

SHA512
4f485cf3035372be441b0ef056ec2818d3e7203fcb6470c93c7ed0dec0e8b73d659e538ddaf6af448a92d10696fe439d00c2b104b0eb7ad72f865eab081d54c2

Download Submit
C:\Windows\system\eUsarhN.exe

Filesize
6.0MB

MD5
3d3a8065f13be62618efcb258c55eec7

SHA1
47f25da458d5cec6ee4b3bd5ce80fc532df46bba

SHA256
068eef48161479aeed4f596d552075a7596837f2553f2a67043bb03e6ef81fe8

SHA512
03b164f3eb9a8136160065fb65cd379d43efc53c019af626719cf29008de75b3adaed9b67c65999d763b05a9d29a4392b7b081d41b55e665080958cb14d0adda

Download Submit
C:\Windows\system\ekrjlez.exe

Filesize
6.0MB

MD5
1c31e18bb3b95e26d52230b373b02c50

SHA1
738c0684ecb4c6d233534c24c82a7498dd8c818c

SHA256
714fbec1d7b9e0e427a9c243ed3adf99f7baa6c090d617e192ac5e99a02c0118

SHA512
10171d8d3f2705460eabaa073fba677af846cfdcc3346226563df3ea7b1477d9e4ccfb20e661ac7a546283e7060092c52fd77f9e2229790e8d699fd02a11b9a3

Download Submit
C:\Windows\system\hASiGbB.exe

Filesize
6.0MB

MD5
4994b662830ab72187ba55026bce4a5b

SHA1
1ecba1566751e89dc754c4255aba012094e618de

SHA256
1c8668d081a2131fd619564a83d74cabe9652b1e106cf106f26b46bdd9bfbb7d

SHA512
17ccda2477e694500088b2644688453f7c4b4c111248591de6e71a342bd5d07b1edd5e535229d4311cf545152c987f6d2fc763f6dbd658c12cc8bf3633bda362

Download Submit
C:\Windows\system\kHHxxkY.exe

Filesize
6.0MB

MD5
1197068e7756194a291e816ffe635f41

SHA1
56a902152b7b62c3cf082fb59ff48a416963f107

SHA256
9abad4cc9f838206be4b0e71e4d344dd6ca800c072d4e7d1c0c1dac1c4ee435d

SHA512
679b7807b21b73cfb7c97b36530c24e4f4dfb015a31916784c7bd19dcffdf17121e44d34ddea9293d9566f2a38d08bbebce4cac32ab3ce40cafd0415f4e661a7

Download Submit
C:\Windows\system\kOPmsZn.exe

Filesize
6.0MB

MD5
14a3ab9b768402db43c2c9b5248f1362

SHA1
8be59c12a38d22f251ba1b87ee199c7bbbb46e55

SHA256
bcb0edcdd37b124adc9d562982d4b5804fdebb740d1f799b9f4d7acaba92f278

SHA512
bcc3eed0bcb69b95e7ccda586820443bb5691d3c6c0973167589113c862457685416107fc84f66b98120ea99e48b9585b89efb78d8c5f492c381d6ba514e9141

Download Submit
C:\Windows\system\kPpbzhk.exe

Filesize
6.0MB

MD5
73c8e1e731648d29c2c64ccdbdf9ee58

SHA1
7bd8fa6c2f605e8fc196e8ffb1e28151251d2668

SHA256
6d2f7076c9c9c0aaf04a48f53f8b840feae1719bf1d35ad39b25eaaa542bef61

SHA512
a0c01d86566e75a1d38ed71e706f8eed6965ea133e1e68577ddb5b563aebd90e1cf71754d2a56a77cc23e73edc3a7b13f6e011680b307405d0c6a72fd8dc7bfe

Download Submit
C:\Windows\system\nFapHMO.exe

Filesize
6.0MB

MD5
3d8f171220c743d4bb739c7c79d2d01c

SHA1
b09ca8a3ca6cd9dabf10d4c40188ae8991c6928a

SHA256
3872631ca125851fd195c38b961213cd3e98bf6268ff7b221a32f2df96bdfbd9

SHA512
aa852517f17997413a082c5e71817717c0c9ae988071d0baf9602f1f4ed06ec63da84209f20fe8f47c1ff2455b1bdd65f4c809e25d3cbd09369071ff6e886226

Download Submit
C:\Windows\system\qbMfhJR.exe

Filesize
6.0MB

MD5
7c4bce8f6af30f26444b536988ba86b1

SHA1
7daf946cdd5f17b36d233c786ac1ecb2b92758af

SHA256
66d525201c04b861356a7df12c53d56a42fa5416f5d8a72a23f262511a59cdc2

SHA512
e5b301b416420f53473ecdbab9986a9c515fbdffb6231d326a8a5517f26fc9ddf3937deea85173cf46499f93c32e2d836c8086704da1e4b3940cda28f64be6c2

Download Submit
C:\Windows\system\qbWeLNk.exe

Filesize
8B

MD5
5175664aec89160f9a49c71940cfa2fe

SHA1
9310f111180643fc8404e261fab69226dc2461c7

SHA256
b4d64e46de208a132aa1d3e9c0aab9edef9ee73abf6ed71e9fe6a51094f15ba3

SHA512
4bad486f7618acc7c8a2bbf59a88bf437fab1192a5dc4934049c165afe29b5c92bd695eb2e2248680a8d8a62058b14815f7aa205737f5e1c914bdaf71676302d

Download Submit
C:\Windows\system\ttJeXLz.exe

Filesize
6.0MB

MD5
d6eb26ea11a78ad6994e705a0356e50d

SHA1
7fa27447fbc918a5f9620d55319394539fd76296

SHA256
4ca8d191d64732d628c099b5bb47722ced9a082a80b542ad1ee7f30cb7637f5a

SHA512
42d4c96024b6113d15d258c8de0f7820f257ac627a4e1ff0014a2e853c5d8c1dd2135476afbbb7172f00832c0f48d897a6cbbc1b0b665fa21066dcbd854a4337

Download Submit
C:\Windows\system\vtCpNDh.exe

Filesize
6.0MB

MD5
3a0159bee20bafc0ba7473edcde35708

SHA1
4ba74bb800880f215b7d2fbcce63d0407df771d9

SHA256
30dc02e0e575ffb10eb0c123f506448039283796b758338f80ada9379faa9acc

SHA512
f9cfb58b6e0af89321bb0057b1ae780ff71b91888000f858abc3a6ab2b5c0ae05f072deefa0da2ec31cbe9081406da9b224b34207b934b7ae3eded1dc236c12e

Download Submit
C:\Windows\system\wusGkkb.exe

Filesize
6.0MB

MD5
307753d05aec5ed72644464d13da1f99

SHA1
26a6657a9a5301935fbcf9582c67a9751a987bcf

SHA256
e2ecada8e57474bd12831482db5407f87a477f551a677b987d562e8eb6f34446

SHA512
eda797d82832effb1cba8512fafc23acb1b3d2ed947edbbabcc35f120efb80d0cdeaa08130e564a9ebb7e5ac4b0ffdff41dd3cc234a52eafb1f3b9231deb995f

Download Submit
C:\Windows\system\yHkOPRH.exe

Filesize
6.0MB

MD5
ae318fc84199df709eab40679cfc3e02

SHA1
7dd38e50de1801b0f6fb40817c0d06b3fd2a9c87

SHA256
15cc4a538d05f2a3b1bc11d2580649164cf317412b503201c3e7bb79398f053f

SHA512
c6796901774d7ff2262aeef50ba529cb7e3c0a36ae47a8d5df9508adb0d559dc73d06601fcd6b7f681eacb5e0b4d91141f6a6ff396ade5f20419f060a9a5af83

Download Submit
\Windows\system\PCsnYZc.exe

Filesize
6.0MB

MD5
a6fdf69e81f077f5d64571a3ddf2d35a

SHA1
4b702f523c892cf9b6cc2bf59f843c614a03cefd

SHA256
f3725643e1666512311f53d69df7e9fbfff72007ae6dc0845072012d3a42b01b

SHA512
84cf25abf7bcab248df6ffdf5bc6b0a8d27450dfe98c7b81635606fc70a14f761147b54f37a86c94d9eeda734b8f7ee8d704c9c8c378ed64d64ccd3275fd3eb8

Download Submit
\Windows\system\rxqowzq.exe

Filesize
6.0MB

MD5
cdc8ea94abf6ed5878b1f7d14d00ffc9

SHA1
5e1e3393340898fa5e84599a33ef05a9ccd4a147

SHA256
1e499e9e3837dc6f87e9bedc661a22eb7d1af3b9ee1ac47ba60e9661ef00ba12

SHA512
492bf3fb1a1ff7c3952141a03caac26d97f19f9cf3976227473f1878ae5e1b81f288cba045e9e1b33de2f7d9c7f878c9880501b3e2864eae9a8ddc84a8af7b3a

Download Submit
\Windows\system\vkRsmvf.exe

Filesize
6.0MB

MD5
12221c68cccd12006bc26e1df5a3a3d5

SHA1
68b7ae1eeed34ff37e7ea320793ac7709d1cc9d6

SHA256
f130fa8628dbd71bf5485208c5f2106d9ea70c4c088b5089090e19fb1c2ccd2d

SHA512
741752c70c59ce1df13f3f5eb5181dd3c429877677a887dc09d4ea628f32983ffe8a0e80c51699d18b2cc56f4989ee637093cae1cd0d20e96b58e6619a96be90

Download Submit
\Windows\system\xipuAfp.exe

Filesize
6.0MB

MD5
4a75bd464b899616feed86ce2169d0cf

SHA1
aeefc4be6a27fd13465a8f1de3af40d90f08464a

SHA256
5bc8d22e117f2558765b79e10897ce5f9573b39b8b3e6f550178991e90c82499

SHA512
7825b8f65201b1108da26bca250526382aa9ac7dc8edee77fcbc45abb0ef9dfb8aa440aff9cbcd45ddc911746cda5e1daf99d2e2026ff238a5f504a5e8512746

Download Submit
memory/1040-30-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1040-3765-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1040-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1400-3773-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1400-105-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1400-1036-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1532-9-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1532-3748-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1748-826-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1748-96-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1748-3791-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2076-46-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-3742-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-17-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-78-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3770-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2348-445-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2352-87-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3772-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2352-614-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2484-109-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2484-924-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2484-92-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2484-84-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2484-83-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2484-8-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2484-69-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2484-13-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2484-36-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-58-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2484-101-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2484-522-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2484-724-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1079-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2484-0-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-91-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2484-49-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2484-52-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2484-33-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-34-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3767-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2640-74-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3749-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2644-27-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2644-60-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2672-229-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2672-72-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3771-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2692-41-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3755-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-77-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3761-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2756-104-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2756-66-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2828-54-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3757-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2828-95-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3769-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2912-100-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2912-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download