cobaltstrike | 25040551c4cd2c5233238024f856f3d9a91fabc0903f76642c58b396fe3bc465

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e39b0edcd51cb67ab17b01369f21d4de
SHA1

d01c3728c58f20be627ed3bad820d2d4177f23e7
SHA256

25040551c4cd2c5233238024f856f3d9a91fabc0903f76642c58b396fe3bc465
SHA512

d3f19ca3010b44722e3959700003032b160e704bfe9fc9ab2f63163a73637219033494417c0af03eb4cb575d1979ee2c9a65ab5d1049891814f61112eaef009b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3a-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c4a-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-29.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c51-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d06-45.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000165c2-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-69.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a9-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-173.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-110.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-104.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-103.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-86.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-61.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/236-0-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016c3a-8.dat	xmrig
behavioral1/memory/320-15-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2376-16-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c4a-20.dat	xmrig
behavioral1/files/0x0007000000016cc8-29.dat	xmrig
behavioral1/files/0x0008000000016c51-24.dat	xmrig
behavioral1/files/0x0007000000016cec-32.dat	xmrig
behavioral1/memory/2136-39-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2276-38-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2808-42-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d06-45.dat	xmrig
behavioral1/memory/2900-50-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x00090000000165c2-52.dat	xmrig
behavioral1/memory/2784-65-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d18-69.dat	xmrig
behavioral1/files/0x00070000000173a9-75.dat	xmrig
behavioral1/files/0x0005000000018683-132.dat	xmrig
behavioral1/files/0x0005000000019261-165.dat	xmrig
behavioral1/files/0x0005000000019334-187.dat	xmrig
behavioral1/memory/236-1090-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2624-963-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2852-555-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2900-317-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b4-183.dat	xmrig
behavioral1/files/0x00050000000193c2-188.dat	xmrig
behavioral1/files/0x0005000000019350-181.dat	xmrig
behavioral1/files/0x0005000000019282-173.dat	xmrig
behavioral1/files/0x0006000000019023-164.dat	xmrig
behavioral1/files/0x000500000001878f-163.dat	xmrig
behavioral1/files/0x000500000001873d-147.dat	xmrig
behavioral1/files/0x00050000000186fd-145.dat	xmrig
behavioral1/files/0x000500000001925e-160.dat	xmrig
behavioral1/files/0x00050000000186ee-120.dat	xmrig
behavioral1/files/0x0006000000017488-118.dat	xmrig
behavioral1/files/0x00050000000186ea-110.dat	xmrig
behavioral1/files/0x00060000000174cc-90.dat	xmrig
behavioral1/files/0x00050000000187a5-150.dat	xmrig
behavioral1/files/0x0005000000018784-137.dat	xmrig
behavioral1/files/0x0005000000018728-125.dat	xmrig
behavioral1/memory/2656-106-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e4-104.dat	xmrig
behavioral1/files/0x000d000000018676-103.dat	xmrig
behavioral1/memory/236-88-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2392-87-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017492-86.dat	xmrig
behavioral1/memory/236-85-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2624-71-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/236-64-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0e-61.dat	xmrig
behavioral1/memory/2852-57-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/236-43-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2820-41-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2820-3955-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2900-3956-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2656-3961-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2784-3960-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2376-3959-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2276-3958-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2392-3957-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2136-3962-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2808-3964-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2624-3994-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2376	oUOFGUL.exe
320	VXXtBar.exe
2276	MyGQvDt.exe
2136	XNTqvIi.exe
2820	WNWNnYC.exe
2808	nfyfDkD.exe
2900	wYDOaym.exe
2852	uIIrCiN.exe
2784	FigvxRz.exe
2624	EjADlmP.exe
2392	vExhMWl.exe
2656	WQcjWmT.exe
3048	VBhgEVQ.exe
2712	Uahuxbj.exe
1576	bskisMo.exe
2920	HaeOgCT.exe
896	TTdeFxe.exe
3040	LSobfzQ.exe
1948	tTwOjLv.exe
1552	VoUljUQ.exe
2960	OFYpdjE.exe
3052	iiTEVJv.exe
2868	qKKWgdN.exe
2564	HUfslCu.exe
2104	ECnQdJR.exe
2456	YmfFOuX.exe
1300	yicEcTS.exe
2196	cLkMMIu.exe
2272	HFuSJrg.exe
1732	VlgZCiT.exe
1312	WicpjXB.exe
2184	lZxxyWY.exe
1704	lTAKGSs.exe
788	yltlvSb.exe
2984	qTazsLl.exe
1480	FHePqAP.exe
844	nIJSdSZ.exe
3032	doBRnsP.exe
764	bonLmSL.exe
2160	nCKUYBL.exe
2432	RUtVqeu.exe
2540	WIbIxEh.exe
1688	pNxukYz.exe
988	HbRUkdb.exe
1040	eCtSGbn.exe
1908	zdOLcFA.exe
1528	uPAPRVn.exe
2324	IPPKrXC.exe
1640	PFxbkzy.exe
2128	vEGlLuV.exe
2668	VSnXoue.exe
700	vpXLEET.exe
2012	HjRXkPN.exe
2952	MOEZzls.exe
2248	IByKagX.exe
2328	ysUZRnT.exe
992	NSdxlfl.exe
1868	DOjTFBV.exe
108	lutWVsL.exe
2236	rHBlRYS.exe
2440	qGvNJyN.exe
2544	edFWtdx.exe
2368	bCfavtQ.exe
2644	TqTRcCu.exe

Loads dropped DLL 64 IoCs

pid	Process
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/236-0-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016c3a-8.dat	upx
behavioral1/memory/320-15-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2376-16-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x0007000000016c4a-20.dat	upx
behavioral1/files/0x0007000000016cc8-29.dat	upx
behavioral1/files/0x0008000000016c51-24.dat	upx
behavioral1/files/0x0007000000016cec-32.dat	upx
behavioral1/memory/2136-39-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2276-38-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2808-42-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0007000000016d06-45.dat	upx
behavioral1/memory/2900-50-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x00090000000165c2-52.dat	upx
behavioral1/memory/2784-65-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0008000000016d18-69.dat	upx
behavioral1/files/0x00070000000173a9-75.dat	upx
behavioral1/files/0x0005000000018683-132.dat	upx
behavioral1/files/0x0005000000019261-165.dat	upx
behavioral1/files/0x0005000000019334-187.dat	upx
behavioral1/memory/2624-963-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2852-555-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2900-317-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x00050000000193b4-183.dat	upx
behavioral1/files/0x00050000000193c2-188.dat	upx
behavioral1/files/0x0005000000019350-181.dat	upx
behavioral1/files/0x0005000000019282-173.dat	upx
behavioral1/files/0x0006000000019023-164.dat	upx
behavioral1/files/0x000500000001878f-163.dat	upx
behavioral1/files/0x000500000001873d-147.dat	upx
behavioral1/files/0x00050000000186fd-145.dat	upx
behavioral1/files/0x000500000001925e-160.dat	upx
behavioral1/files/0x00050000000186ee-120.dat	upx
behavioral1/files/0x0006000000017488-118.dat	upx
behavioral1/files/0x00050000000186ea-110.dat	upx
behavioral1/files/0x00060000000174cc-90.dat	upx
behavioral1/files/0x00050000000187a5-150.dat	upx
behavioral1/files/0x0005000000018784-137.dat	upx
behavioral1/files/0x0005000000018728-125.dat	upx
behavioral1/memory/2656-106-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x00050000000186e4-104.dat	upx
behavioral1/files/0x000d000000018676-103.dat	upx
behavioral1/memory/2392-87-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0006000000017492-86.dat	upx
behavioral1/memory/2624-71-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/236-64-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0008000000016d0e-61.dat	upx
behavioral1/memory/2852-57-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2820-41-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2820-3955-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2900-3956-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2656-3961-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2784-3960-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2376-3959-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2276-3958-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2392-3957-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2136-3962-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2808-3964-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2624-3994-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/320-4002-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2852-4034-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aEZqytM.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSobfzQ.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCKUYBL.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeJarHE.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOVcUVZ.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MRMEQog.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQfyLaq.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTtgZqm.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmWSwqd.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOBmslJ.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKjzGjc.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBKNEkU.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMdwAjK.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQxxWic.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMvsxPA.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvTdvAo.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDVovmC.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAaVqtU.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgMtZGZ.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpsSVkD.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdvDWOA.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSkZDJM.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpskCST.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybXAGSO.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIpoxXV.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOsfunn.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVpPsMo.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exOtiSd.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxEpuIo.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IByKagX.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNMvYYU.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJbJbph.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htSbnUu.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgRvDCM.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuJbCGu.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\esKCqzu.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SddQrzx.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pROQnVk.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mETZtEj.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiJMBhS.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQfCGIC.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUDBJzj.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQMyJfA.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pITuasI.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLEILfN.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bseyDgN.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLuKZja.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jwLEEpV.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVmkuqX.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feBWkhH.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDhbySR.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGyFKjy.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbHNZDj.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWRAjsQ.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfNoDtB.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dobRUns.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKvpDIz.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGPbjcb.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTdJGdB.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiOUQFy.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwKCNuc.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYRCfAT.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utqfIKA.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThNCmnQ.exe	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 2376	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 236 wrote to memory of 2376	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 236 wrote to memory of 2376	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 236 wrote to memory of 320	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 236 wrote to memory of 320	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 236 wrote to memory of 320	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 236 wrote to memory of 2276	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 236 wrote to memory of 2276	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 236 wrote to memory of 2276	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 236 wrote to memory of 2136	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 236 wrote to memory of 2136	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 236 wrote to memory of 2136	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 236 wrote to memory of 2820	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 236 wrote to memory of 2820	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 236 wrote to memory of 2820	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 236 wrote to memory of 2808	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 236 wrote to memory of 2808	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 236 wrote to memory of 2808	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 236 wrote to memory of 2900	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 236 wrote to memory of 2900	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 236 wrote to memory of 2900	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 236 wrote to memory of 2852	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 236 wrote to memory of 2852	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 236 wrote to memory of 2852	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 236 wrote to memory of 2784	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 236 wrote to memory of 2784	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 236 wrote to memory of 2784	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 236 wrote to memory of 2624	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 236 wrote to memory of 2624	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 236 wrote to memory of 2624	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 236 wrote to memory of 2392	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 236 wrote to memory of 2392	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 236 wrote to memory of 2392	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 236 wrote to memory of 1576	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 236 wrote to memory of 1576	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 236 wrote to memory of 1576	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 236 wrote to memory of 2656	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 236 wrote to memory of 2656	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 236 wrote to memory of 2656	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 236 wrote to memory of 3040	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 236 wrote to memory of 3040	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 236 wrote to memory of 3040	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 236 wrote to memory of 3048	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 236 wrote to memory of 3048	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 236 wrote to memory of 3048	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 236 wrote to memory of 1948	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 236 wrote to memory of 1948	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 236 wrote to memory of 1948	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 236 wrote to memory of 2712	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 236 wrote to memory of 2712	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 236 wrote to memory of 2712	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 236 wrote to memory of 2960	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 236 wrote to memory of 2960	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 236 wrote to memory of 2960	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 236 wrote to memory of 2920	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 236 wrote to memory of 2920	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 236 wrote to memory of 2920	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 236 wrote to memory of 3052	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 236 wrote to memory of 3052	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 236 wrote to memory of 3052	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 236 wrote to memory of 896	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 236 wrote to memory of 896	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 236 wrote to memory of 896	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 236 wrote to memory of 2868	236	2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-28_e39b0edcd51cb67ab17b01369f21d4de_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:236
- C:\Windows\System\oUOFGUL.exe
  C:\Windows\System\oUOFGUL.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\VXXtBar.exe
  C:\Windows\System\VXXtBar.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\MyGQvDt.exe
  C:\Windows\System\MyGQvDt.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\XNTqvIi.exe
  C:\Windows\System\XNTqvIi.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\WNWNnYC.exe
  C:\Windows\System\WNWNnYC.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\nfyfDkD.exe
  C:\Windows\System\nfyfDkD.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\wYDOaym.exe
  C:\Windows\System\wYDOaym.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\uIIrCiN.exe
  C:\Windows\System\uIIrCiN.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\FigvxRz.exe
  C:\Windows\System\FigvxRz.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\EjADlmP.exe
  C:\Windows\System\EjADlmP.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\vExhMWl.exe
  C:\Windows\System\vExhMWl.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\bskisMo.exe
  C:\Windows\System\bskisMo.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\WQcjWmT.exe
  C:\Windows\System\WQcjWmT.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\LSobfzQ.exe
  C:\Windows\System\LSobfzQ.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\VBhgEVQ.exe
  C:\Windows\System\VBhgEVQ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\tTwOjLv.exe
  C:\Windows\System\tTwOjLv.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\Uahuxbj.exe
  C:\Windows\System\Uahuxbj.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\OFYpdjE.exe
  C:\Windows\System\OFYpdjE.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\HaeOgCT.exe
  C:\Windows\System\HaeOgCT.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\iiTEVJv.exe
  C:\Windows\System\iiTEVJv.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\TTdeFxe.exe
  C:\Windows\System\TTdeFxe.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\qKKWgdN.exe
  C:\Windows\System\qKKWgdN.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\VoUljUQ.exe
  C:\Windows\System\VoUljUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\YmfFOuX.exe
  C:\Windows\System\YmfFOuX.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\HUfslCu.exe
  C:\Windows\System\HUfslCu.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\yicEcTS.exe
  C:\Windows\System\yicEcTS.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\ECnQdJR.exe
  C:\Windows\System\ECnQdJR.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\cLkMMIu.exe
  C:\Windows\System\cLkMMIu.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\HFuSJrg.exe
  C:\Windows\System\HFuSJrg.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\WicpjXB.exe
  C:\Windows\System\WicpjXB.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\VlgZCiT.exe
  C:\Windows\System\VlgZCiT.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\lTAKGSs.exe
  C:\Windows\System\lTAKGSs.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\lZxxyWY.exe
  C:\Windows\System\lZxxyWY.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\yltlvSb.exe
  C:\Windows\System\yltlvSb.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\qTazsLl.exe
  C:\Windows\System\qTazsLl.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\FHePqAP.exe
  C:\Windows\System\FHePqAP.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\nIJSdSZ.exe
  C:\Windows\System\nIJSdSZ.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\doBRnsP.exe
  C:\Windows\System\doBRnsP.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\bonLmSL.exe
  C:\Windows\System\bonLmSL.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\RUtVqeu.exe
  C:\Windows\System\RUtVqeu.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\nCKUYBL.exe
  C:\Windows\System\nCKUYBL.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\vEGlLuV.exe
  C:\Windows\System\vEGlLuV.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\WIbIxEh.exe
  C:\Windows\System\WIbIxEh.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\vpXLEET.exe
  C:\Windows\System\vpXLEET.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\pNxukYz.exe
  C:\Windows\System\pNxukYz.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\bCfavtQ.exe
  C:\Windows\System\bCfavtQ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\HbRUkdb.exe
  C:\Windows\System\HbRUkdb.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\iAUtbRB.exe
  C:\Windows\System\iAUtbRB.exe
  2⤵
  PID:1240
- C:\Windows\System\eCtSGbn.exe
  C:\Windows\System\eCtSGbn.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\YcNXEHw.exe
  C:\Windows\System\YcNXEHw.exe
  2⤵
  PID:1648
- C:\Windows\System\zdOLcFA.exe
  C:\Windows\System\zdOLcFA.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\pITuasI.exe
  C:\Windows\System\pITuasI.exe
  2⤵
  PID:1532
- C:\Windows\System\uPAPRVn.exe
  C:\Windows\System\uPAPRVn.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\wJVspHL.exe
  C:\Windows\System\wJVspHL.exe
  2⤵
  PID:1644
- C:\Windows\System\IPPKrXC.exe
  C:\Windows\System\IPPKrXC.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\zQGovXQ.exe
  C:\Windows\System\zQGovXQ.exe
  2⤵
  PID:2192
- C:\Windows\System\PFxbkzy.exe
  C:\Windows\System\PFxbkzy.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\TzZdvPy.exe
  C:\Windows\System\TzZdvPy.exe
  2⤵
  PID:2844
- C:\Windows\System\VSnXoue.exe
  C:\Windows\System\VSnXoue.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\AGXftHo.exe
  C:\Windows\System\AGXftHo.exe
  2⤵
  PID:1928
- C:\Windows\System\HjRXkPN.exe
  C:\Windows\System\HjRXkPN.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\qdlYycK.exe
  C:\Windows\System\qdlYycK.exe
  2⤵
  PID:1056
- C:\Windows\System\MOEZzls.exe
  C:\Windows\System\MOEZzls.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\lpLGxhY.exe
  C:\Windows\System\lpLGxhY.exe
  2⤵
  PID:2032
- C:\Windows\System\IByKagX.exe
  C:\Windows\System\IByKagX.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\KLddclg.exe
  C:\Windows\System\KLddclg.exe
  2⤵
  PID:1784
- C:\Windows\System\ysUZRnT.exe
  C:\Windows\System\ysUZRnT.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\JzepHYK.exe
  C:\Windows\System\JzepHYK.exe
  2⤵
  PID:568
- C:\Windows\System\NSdxlfl.exe
  C:\Windows\System\NSdxlfl.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\MweUysn.exe
  C:\Windows\System\MweUysn.exe
  2⤵
  PID:2108
- C:\Windows\System\DOjTFBV.exe
  C:\Windows\System\DOjTFBV.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\IzmsWTq.exe
  C:\Windows\System\IzmsWTq.exe
  2⤵
  PID:2140
- C:\Windows\System\lutWVsL.exe
  C:\Windows\System\lutWVsL.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\OyPUEHW.exe
  C:\Windows\System\OyPUEHW.exe
  2⤵
  PID:1020
- C:\Windows\System\rHBlRYS.exe
  C:\Windows\System\rHBlRYS.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\XJisJLO.exe
  C:\Windows\System\XJisJLO.exe
  2⤵
  PID:492
- C:\Windows\System\qGvNJyN.exe
  C:\Windows\System\qGvNJyN.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\PBIuChb.exe
  C:\Windows\System\PBIuChb.exe
  2⤵
  PID:1244
- C:\Windows\System\edFWtdx.exe
  C:\Windows\System\edFWtdx.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\nGqREDP.exe
  C:\Windows\System\nGqREDP.exe
  2⤵
  PID:2620
- C:\Windows\System\TqTRcCu.exe
  C:\Windows\System\TqTRcCu.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\mOJyMWV.exe
  C:\Windows\System\mOJyMWV.exe
  2⤵
  PID:2936
- C:\Windows\System\DXKlZlC.exe
  C:\Windows\System\DXKlZlC.exe
  2⤵
  PID:1216
- C:\Windows\System\AeOXGBY.exe
  C:\Windows\System\AeOXGBY.exe
  2⤵
  PID:1196
- C:\Windows\System\wBNBlFr.exe
  C:\Windows\System\wBNBlFr.exe
  2⤵
  PID:1124
- C:\Windows\System\OWzpnrQ.exe
  C:\Windows\System\OWzpnrQ.exe
  2⤵
  PID:1988
- C:\Windows\System\JOXBarL.exe
  C:\Windows\System\JOXBarL.exe
  2⤵
  PID:1500
- C:\Windows\System\tqTyjIQ.exe
  C:\Windows\System\tqTyjIQ.exe
  2⤵
  PID:2068
- C:\Windows\System\TAwmxgq.exe
  C:\Windows\System\TAwmxgq.exe
  2⤵
  PID:3076
- C:\Windows\System\goClxRS.exe
  C:\Windows\System\goClxRS.exe
  2⤵
  PID:3096
- C:\Windows\System\tUqSbYe.exe
  C:\Windows\System\tUqSbYe.exe
  2⤵
  PID:3120
- C:\Windows\System\rltMKFs.exe
  C:\Windows\System\rltMKFs.exe
  2⤵
  PID:3140
- C:\Windows\System\qBIsMYB.exe
  C:\Windows\System\qBIsMYB.exe
  2⤵
  PID:3160
- C:\Windows\System\KNTjjIH.exe
  C:\Windows\System\KNTjjIH.exe
  2⤵
  PID:3184
- C:\Windows\System\RUeRWYy.exe
  C:\Windows\System\RUeRWYy.exe
  2⤵
  PID:3204
- C:\Windows\System\lDTwuyd.exe
  C:\Windows\System\lDTwuyd.exe
  2⤵
  PID:3220
- C:\Windows\System\NPgPTEA.exe
  C:\Windows\System\NPgPTEA.exe
  2⤵
  PID:3236
- C:\Windows\System\MKLQAXs.exe
  C:\Windows\System\MKLQAXs.exe
  2⤵
  PID:3252
- C:\Windows\System\JCALxOj.exe
  C:\Windows\System\JCALxOj.exe
  2⤵
  PID:3272
- C:\Windows\System\CaTkqST.exe
  C:\Windows\System\CaTkqST.exe
  2⤵
  PID:3288
- C:\Windows\System\MBVOGba.exe
  C:\Windows\System\MBVOGba.exe
  2⤵
  PID:3304
- C:\Windows\System\ayHwMyq.exe
  C:\Windows\System\ayHwMyq.exe
  2⤵
  PID:3320
- C:\Windows\System\oJXfQpA.exe
  C:\Windows\System\oJXfQpA.exe
  2⤵
  PID:3336
- C:\Windows\System\LMOREmM.exe
  C:\Windows\System\LMOREmM.exe
  2⤵
  PID:3352
- C:\Windows\System\xNAKnoJ.exe
  C:\Windows\System\xNAKnoJ.exe
  2⤵
  PID:3368
- C:\Windows\System\MSqaakf.exe
  C:\Windows\System\MSqaakf.exe
  2⤵
  PID:3384
- C:\Windows\System\tXMgqGw.exe
  C:\Windows\System\tXMgqGw.exe
  2⤵
  PID:3416
- C:\Windows\System\ohGLwWO.exe
  C:\Windows\System\ohGLwWO.exe
  2⤵
  PID:3440
- C:\Windows\System\tFYjtnp.exe
  C:\Windows\System\tFYjtnp.exe
  2⤵
  PID:3456
- C:\Windows\System\FMvsxPA.exe
  C:\Windows\System\FMvsxPA.exe
  2⤵
  PID:3472
- C:\Windows\System\VbPDqHf.exe
  C:\Windows\System\VbPDqHf.exe
  2⤵
  PID:3488
- C:\Windows\System\jeqccib.exe
  C:\Windows\System\jeqccib.exe
  2⤵
  PID:3504
- C:\Windows\System\tPJiqvh.exe
  C:\Windows\System\tPJiqvh.exe
  2⤵
  PID:3520
- C:\Windows\System\BPdKshZ.exe
  C:\Windows\System\BPdKshZ.exe
  2⤵
  PID:3536
- C:\Windows\System\ATlNLyL.exe
  C:\Windows\System\ATlNLyL.exe
  2⤵
  PID:3552
- C:\Windows\System\EgAqDxw.exe
  C:\Windows\System\EgAqDxw.exe
  2⤵
  PID:3568
- C:\Windows\System\RgSzNgH.exe
  C:\Windows\System\RgSzNgH.exe
  2⤵
  PID:3584
- C:\Windows\System\cqhpJCR.exe
  C:\Windows\System\cqhpJCR.exe
  2⤵
  PID:3604
- C:\Windows\System\NwGxtFS.exe
  C:\Windows\System\NwGxtFS.exe
  2⤵
  PID:3620
- C:\Windows\System\JWeAufd.exe
  C:\Windows\System\JWeAufd.exe
  2⤵
  PID:3636
- C:\Windows\System\BoDkUxb.exe
  C:\Windows\System\BoDkUxb.exe
  2⤵
  PID:3680
- C:\Windows\System\cYsPkGj.exe
  C:\Windows\System\cYsPkGj.exe
  2⤵
  PID:3696
- C:\Windows\System\twMVpGe.exe
  C:\Windows\System\twMVpGe.exe
  2⤵
  PID:3716
- C:\Windows\System\helyWAb.exe
  C:\Windows\System\helyWAb.exe
  2⤵
  PID:3792
- C:\Windows\System\uhrPtay.exe
  C:\Windows\System\uhrPtay.exe
  2⤵
  PID:3808
- C:\Windows\System\cnRddYe.exe
  C:\Windows\System\cnRddYe.exe
  2⤵
  PID:3832
- C:\Windows\System\oBBhYEP.exe
  C:\Windows\System\oBBhYEP.exe
  2⤵
  PID:3848
- C:\Windows\System\nokERFQ.exe
  C:\Windows\System\nokERFQ.exe
  2⤵
  PID:3868
- C:\Windows\System\sDTJzkq.exe
  C:\Windows\System\sDTJzkq.exe
  2⤵
  PID:3892
- C:\Windows\System\FiWqzFu.exe
  C:\Windows\System\FiWqzFu.exe
  2⤵
  PID:3908
- C:\Windows\System\egFPYoZ.exe
  C:\Windows\System\egFPYoZ.exe
  2⤵
  PID:3924
- C:\Windows\System\SHBzEIR.exe
  C:\Windows\System\SHBzEIR.exe
  2⤵
  PID:3948
- C:\Windows\System\NjSFmIJ.exe
  C:\Windows\System\NjSFmIJ.exe
  2⤵
  PID:3968
- C:\Windows\System\NKJFgoy.exe
  C:\Windows\System\NKJFgoy.exe
  2⤵
  PID:3992
- C:\Windows\System\exznVQT.exe
  C:\Windows\System\exznVQT.exe
  2⤵
  PID:4012
- C:\Windows\System\bISeDKV.exe
  C:\Windows\System\bISeDKV.exe
  2⤵
  PID:4028
- C:\Windows\System\knwkfyq.exe
  C:\Windows\System\knwkfyq.exe
  2⤵
  PID:4048
- C:\Windows\System\xnsNsNW.exe
  C:\Windows\System\xnsNsNW.exe
  2⤵
  PID:4072
- C:\Windows\System\VucOJqo.exe
  C:\Windows\System\VucOJqo.exe
  2⤵
  PID:872
- C:\Windows\System\SvZHpYv.exe
  C:\Windows\System\SvZHpYv.exe
  2⤵
  PID:3044
- C:\Windows\System\jcVIgns.exe
  C:\Windows\System\jcVIgns.exe
  2⤵
  PID:2588
- C:\Windows\System\OagUXmx.exe
  C:\Windows\System\OagUXmx.exe
  2⤵
  PID:624
- C:\Windows\System\LVVCEVV.exe
  C:\Windows\System\LVVCEVV.exe
  2⤵
  PID:2164
- C:\Windows\System\KwGUwZn.exe
  C:\Windows\System\KwGUwZn.exe
  2⤵
  PID:2216
- C:\Windows\System\KIatVnQ.exe
  C:\Windows\System\KIatVnQ.exe
  2⤵
  PID:2912
- C:\Windows\System\ZDhbySR.exe
  C:\Windows\System\ZDhbySR.exe
  2⤵
  PID:2812
- C:\Windows\System\VPrFFoF.exe
  C:\Windows\System\VPrFFoF.exe
  2⤵
  PID:1628
- C:\Windows\System\XaRcdUo.exe
  C:\Windows\System\XaRcdUo.exe
  2⤵
  PID:1700
- C:\Windows\System\maUsVJl.exe
  C:\Windows\System\maUsVJl.exe
  2⤵
  PID:1580
- C:\Windows\System\ZHxHEMm.exe
  C:\Windows\System\ZHxHEMm.exe
  2⤵
  PID:2888
- C:\Windows\System\MSDqLpg.exe
  C:\Windows\System\MSDqLpg.exe
  2⤵
  PID:3132
- C:\Windows\System\oGjUPWd.exe
  C:\Windows\System\oGjUPWd.exe
  2⤵
  PID:3212
- C:\Windows\System\fOBmslJ.exe
  C:\Windows\System\fOBmslJ.exe
  2⤵
  PID:3284
- C:\Windows\System\cgrHpBK.exe
  C:\Windows\System\cgrHpBK.exe
  2⤵
  PID:3376
- C:\Windows\System\rVpPsMo.exe
  C:\Windows\System\rVpPsMo.exe
  2⤵
  PID:3436
- C:\Windows\System\GbzOeZk.exe
  C:\Windows\System\GbzOeZk.exe
  2⤵
  PID:3532
- C:\Windows\System\LMtXaFn.exe
  C:\Windows\System\LMtXaFn.exe
  2⤵
  PID:1268
- C:\Windows\System\mCvLMAN.exe
  C:\Windows\System\mCvLMAN.exe
  2⤵
  PID:1792
- C:\Windows\System\RgYGBFx.exe
  C:\Windows\System\RgYGBFx.exe
  2⤵
  PID:2300
- C:\Windows\System\ThNCmnQ.exe
  C:\Windows\System\ThNCmnQ.exe
  2⤵
  PID:876
- C:\Windows\System\ENfLWVK.exe
  C:\Windows\System\ENfLWVK.exe
  2⤵
  PID:2000
- C:\Windows\System\oybrQaG.exe
  C:\Windows\System\oybrQaG.exe
  2⤵
  PID:3600
- C:\Windows\System\uYwKtOV.exe
  C:\Windows\System\uYwKtOV.exe
  2⤵
  PID:3152
- C:\Windows\System\DKNKInZ.exe
  C:\Windows\System\DKNKInZ.exe
  2⤵
  PID:3632
- C:\Windows\System\TwIXnME.exe
  C:\Windows\System\TwIXnME.exe
  2⤵
  PID:3200
- C:\Windows\System\SUphGTY.exe
  C:\Windows\System\SUphGTY.exe
  2⤵
  PID:3396
- C:\Windows\System\ZjkyTwf.exe
  C:\Windows\System\ZjkyTwf.exe
  2⤵
  PID:3644
- C:\Windows\System\vjiICji.exe
  C:\Windows\System\vjiICji.exe
  2⤵
  PID:3660
- C:\Windows\System\ThCfICx.exe
  C:\Windows\System\ThCfICx.exe
  2⤵
  PID:3676
- C:\Windows\System\qLgrBWt.exe
  C:\Windows\System\qLgrBWt.exe
  2⤵
  PID:3712
- C:\Windows\System\aZEZfhh.exe
  C:\Windows\System\aZEZfhh.exe
  2⤵
  PID:3544
- C:\Windows\System\BeJarHE.exe
  C:\Windows\System\BeJarHE.exe
  2⤵
  PID:3480
- C:\Windows\System\vYNINTw.exe
  C:\Windows\System\vYNINTw.exe
  2⤵
  PID:3392
- C:\Windows\System\fHYZkEz.exe
  C:\Windows\System\fHYZkEz.exe
  2⤵
  PID:3328
- C:\Windows\System\SUOvWVe.exe
  C:\Windows\System\SUOvWVe.exe
  2⤵
  PID:3260
- C:\Windows\System\RrEzIsG.exe
  C:\Windows\System\RrEzIsG.exe
  2⤵
  PID:3740
- C:\Windows\System\jJyXcqe.exe
  C:\Windows\System\jJyXcqe.exe
  2⤵
  PID:3756
- C:\Windows\System\AxgFRYa.exe
  C:\Windows\System\AxgFRYa.exe
  2⤵
  PID:3772
- C:\Windows\System\ahCSBAn.exe
  C:\Windows\System\ahCSBAn.exe
  2⤵
  PID:3788
- C:\Windows\System\yNqYfGL.exe
  C:\Windows\System\yNqYfGL.exe
  2⤵
  PID:3820
- C:\Windows\System\rNmqlhD.exe
  C:\Windows\System\rNmqlhD.exe
  2⤵
  PID:3900
- C:\Windows\System\fwVPjdS.exe
  C:\Windows\System\fwVPjdS.exe
  2⤵
  PID:3800
- C:\Windows\System\KrSOhKh.exe
  C:\Windows\System\KrSOhKh.exe
  2⤵
  PID:3944
- C:\Windows\System\tPZQEVX.exe
  C:\Windows\System\tPZQEVX.exe
  2⤵
  PID:3844
- C:\Windows\System\iNsHtOz.exe
  C:\Windows\System\iNsHtOz.exe
  2⤵
  PID:3888
- C:\Windows\System\KsWVASi.exe
  C:\Windows\System\KsWVASi.exe
  2⤵
  PID:4020
- C:\Windows\System\SJsaneG.exe
  C:\Windows\System\SJsaneG.exe
  2⤵
  PID:4064
- C:\Windows\System\OrTjFAU.exe
  C:\Windows\System\OrTjFAU.exe
  2⤵
  PID:1212
- C:\Windows\System\zGCEhyg.exe
  C:\Windows\System\zGCEhyg.exe
  2⤵
  PID:4040
- C:\Windows\System\ZyNMtgx.exe
  C:\Windows\System\ZyNMtgx.exe
  2⤵
  PID:4092
- C:\Windows\System\oWtbXjo.exe
  C:\Windows\System\oWtbXjo.exe
  2⤵
  PID:476
- C:\Windows\System\sKjKwvh.exe
  C:\Windows\System\sKjKwvh.exe
  2⤵
  PID:2492
- C:\Windows\System\XygKinb.exe
  C:\Windows\System\XygKinb.exe
  2⤵
  PID:2256
- C:\Windows\System\BkpQpmk.exe
  C:\Windows\System\BkpQpmk.exe
  2⤵
  PID:352
- C:\Windows\System\wUBEWLA.exe
  C:\Windows\System\wUBEWLA.exe
  2⤵
  PID:3348
- C:\Windows\System\bvZyjKX.exe
  C:\Windows\System\bvZyjKX.exe
  2⤵
  PID:2536
- C:\Windows\System\aWeirqF.exe
  C:\Windows\System\aWeirqF.exe
  2⤵
  PID:3496
- C:\Windows\System\pNSrzPU.exe
  C:\Windows\System\pNSrzPU.exe
  2⤵
  PID:792
- C:\Windows\System\Nesgruv.exe
  C:\Windows\System\Nesgruv.exe
  2⤵
  PID:3596
- C:\Windows\System\QhyIrZc.exe
  C:\Windows\System\QhyIrZc.exe
  2⤵
  PID:3264
- C:\Windows\System\gGPbjcb.exe
  C:\Windows\System\gGPbjcb.exe
  2⤵
  PID:3232
- C:\Windows\System\uszBWUL.exe
  C:\Windows\System\uszBWUL.exe
  2⤵
  PID:3332
- C:\Windows\System\csJzGWX.exe
  C:\Windows\System\csJzGWX.exe
  2⤵
  PID:3768
- C:\Windows\System\hyEESpW.exe
  C:\Windows\System\hyEESpW.exe
  2⤵
  PID:3804
- C:\Windows\System\pNSfeOb.exe
  C:\Windows\System\pNSfeOb.exe
  2⤵
  PID:2500
- C:\Windows\System\eHufVDB.exe
  C:\Windows\System\eHufVDB.exe
  2⤵
  PID:3228
- C:\Windows\System\oHOIVXD.exe
  C:\Windows\System\oHOIVXD.exe
  2⤵
  PID:3088
- C:\Windows\System\XohnIkk.exe
  C:\Windows\System\XohnIkk.exe
  2⤵
  PID:3000
- C:\Windows\System\YWRAjsQ.exe
  C:\Windows\System\YWRAjsQ.exe
  2⤵
  PID:1452
- C:\Windows\System\ZHTccLr.exe
  C:\Windows\System\ZHTccLr.exe
  2⤵
  PID:3576
- C:\Windows\System\IaYEZNR.exe
  C:\Windows\System\IaYEZNR.exe
  2⤵
  PID:4056
- C:\Windows\System\NoJDNDm.exe
  C:\Windows\System\NoJDNDm.exe
  2⤵
  PID:3936
- C:\Windows\System\WiKUVCo.exe
  C:\Windows\System\WiKUVCo.exe
  2⤵
  PID:3780
- C:\Windows\System\BJAmGda.exe
  C:\Windows\System\BJAmGda.exe
  2⤵
  PID:3296
- C:\Windows\System\avXeeuU.exe
  C:\Windows\System\avXeeuU.exe
  2⤵
  PID:3580
- C:\Windows\System\kgwaTej.exe
  C:\Windows\System\kgwaTej.exe
  2⤵
  PID:3408
- C:\Windows\System\elgcIeG.exe
  C:\Windows\System\elgcIeG.exe
  2⤵
  PID:3828
- C:\Windows\System\JnmlMtD.exe
  C:\Windows\System\JnmlMtD.exe
  2⤵
  PID:4036
- C:\Windows\System\nOKlNlf.exe
  C:\Windows\System\nOKlNlf.exe
  2⤵
  PID:3248
- C:\Windows\System\dnNOHBD.exe
  C:\Windows\System\dnNOHBD.exe
  2⤵
  PID:3428
- C:\Windows\System\BCIiYMi.exe
  C:\Windows\System\BCIiYMi.exe
  2⤵
  PID:2848
- C:\Windows\System\dsbxTPB.exe
  C:\Windows\System\dsbxTPB.exe
  2⤵
  PID:1680
- C:\Windows\System\xiDVNiq.exe
  C:\Windows\System\xiDVNiq.exe
  2⤵
  PID:1476
- C:\Windows\System\yTlgpVP.exe
  C:\Windows\System\yTlgpVP.exe
  2⤵
  PID:2832
- C:\Windows\System\fBCVJaT.exe
  C:\Windows\System\fBCVJaT.exe
  2⤵
  PID:4000
- C:\Windows\System\tiSrIhF.exe
  C:\Windows\System\tiSrIhF.exe
  2⤵
  PID:3412
- C:\Windows\System\AFXmFLA.exe
  C:\Windows\System\AFXmFLA.exe
  2⤵
  PID:3592
- C:\Windows\System\YPfbQre.exe
  C:\Windows\System\YPfbQre.exe
  2⤵
  PID:3668
- C:\Windows\System\TUJzIbj.exe
  C:\Windows\System\TUJzIbj.exe
  2⤵
  PID:3172
- C:\Windows\System\OkoBiHN.exe
  C:\Windows\System\OkoBiHN.exe
  2⤵
  PID:3708
- C:\Windows\System\qORmYFU.exe
  C:\Windows\System\qORmYFU.exe
  2⤵
  PID:2944
- C:\Windows\System\xONYgZu.exe
  C:\Windows\System\xONYgZu.exe
  2⤵
  PID:3148
- C:\Windows\System\UyplOUI.exe
  C:\Windows\System\UyplOUI.exe
  2⤵
  PID:3280
- C:\Windows\System\eDNAwOw.exe
  C:\Windows\System\eDNAwOw.exe
  2⤵
  PID:2476
- C:\Windows\System\cOLeHWO.exe
  C:\Windows\System\cOLeHWO.exe
  2⤵
  PID:3548
- C:\Windows\System\xoovKTB.exe
  C:\Windows\System\xoovKTB.exe
  2⤵
  PID:2380
- C:\Windows\System\KaxNdAI.exe
  C:\Windows\System\KaxNdAI.exe
  2⤵
  PID:3468
- C:\Windows\System\QLlXhzx.exe
  C:\Windows\System\QLlXhzx.exe
  2⤵
  PID:3484
- C:\Windows\System\HHBKzFI.exe
  C:\Windows\System\HHBKzFI.exe
  2⤵
  PID:3528
- C:\Windows\System\VIYekYh.exe
  C:\Windows\System\VIYekYh.exe
  2⤵
  PID:4100
- C:\Windows\System\xgsXXRR.exe
  C:\Windows\System\xgsXXRR.exe
  2⤵
  PID:4120
- C:\Windows\System\FvBIIQc.exe
  C:\Windows\System\FvBIIQc.exe
  2⤵
  PID:4140
- C:\Windows\System\Cqxkekn.exe
  C:\Windows\System\Cqxkekn.exe
  2⤵
  PID:4160
- C:\Windows\System\jbIoIus.exe
  C:\Windows\System\jbIoIus.exe
  2⤵
  PID:4180
- C:\Windows\System\NBNKBvI.exe
  C:\Windows\System\NBNKBvI.exe
  2⤵
  PID:4204
- C:\Windows\System\aTCcejN.exe
  C:\Windows\System\aTCcejN.exe
  2⤵
  PID:4224
- C:\Windows\System\OGyFKjy.exe
  C:\Windows\System\OGyFKjy.exe
  2⤵
  PID:4240
- C:\Windows\System\avSAJnm.exe
  C:\Windows\System\avSAJnm.exe
  2⤵
  PID:4260
- C:\Windows\System\zqHQsap.exe
  C:\Windows\System\zqHQsap.exe
  2⤵
  PID:4276
- C:\Windows\System\yHnfLWZ.exe
  C:\Windows\System\yHnfLWZ.exe
  2⤵
  PID:4292
- C:\Windows\System\xByYcMr.exe
  C:\Windows\System\xByYcMr.exe
  2⤵
  PID:4308
- C:\Windows\System\TdOWNPY.exe
  C:\Windows\System\TdOWNPY.exe
  2⤵
  PID:4328
- C:\Windows\System\iOxZZjD.exe
  C:\Windows\System\iOxZZjD.exe
  2⤵
  PID:4356
- C:\Windows\System\OaZpeGa.exe
  C:\Windows\System\OaZpeGa.exe
  2⤵
  PID:4372
- C:\Windows\System\YcjssRZ.exe
  C:\Windows\System\YcjssRZ.exe
  2⤵
  PID:4388
- C:\Windows\System\GsxoPCy.exe
  C:\Windows\System\GsxoPCy.exe
  2⤵
  PID:4408
- C:\Windows\System\iSBhPpn.exe
  C:\Windows\System\iSBhPpn.exe
  2⤵
  PID:4424
- C:\Windows\System\zpQhDET.exe
  C:\Windows\System\zpQhDET.exe
  2⤵
  PID:4440
- C:\Windows\System\PmLGnLb.exe
  C:\Windows\System\PmLGnLb.exe
  2⤵
  PID:4456
- C:\Windows\System\opysvUr.exe
  C:\Windows\System\opysvUr.exe
  2⤵
  PID:4472
- C:\Windows\System\WZlznlC.exe
  C:\Windows\System\WZlznlC.exe
  2⤵
  PID:4492
- C:\Windows\System\dJLzDEs.exe
  C:\Windows\System\dJLzDEs.exe
  2⤵
  PID:4508
- C:\Windows\System\PEWwDYW.exe
  C:\Windows\System\PEWwDYW.exe
  2⤵
  PID:4524
- C:\Windows\System\yNbyyWH.exe
  C:\Windows\System\yNbyyWH.exe
  2⤵
  PID:4540
- C:\Windows\System\TJalkFQ.exe
  C:\Windows\System\TJalkFQ.exe
  2⤵
  PID:4556
- C:\Windows\System\REVKdUU.exe
  C:\Windows\System\REVKdUU.exe
  2⤵
  PID:4596
- C:\Windows\System\OhxPRDy.exe
  C:\Windows\System\OhxPRDy.exe
  2⤵
  PID:4612
- C:\Windows\System\HPcAMJU.exe
  C:\Windows\System\HPcAMJU.exe
  2⤵
  PID:4628
- C:\Windows\System\dwFGLtP.exe
  C:\Windows\System\dwFGLtP.exe
  2⤵
  PID:4644
- C:\Windows\System\lhbNNSY.exe
  C:\Windows\System\lhbNNSY.exe
  2⤵
  PID:4660
- C:\Windows\System\xWHcDto.exe
  C:\Windows\System\xWHcDto.exe
  2⤵
  PID:4732
- C:\Windows\System\GQKeQEN.exe
  C:\Windows\System\GQKeQEN.exe
  2⤵
  PID:4752
- C:\Windows\System\dCxxkYv.exe
  C:\Windows\System\dCxxkYv.exe
  2⤵
  PID:4768
- C:\Windows\System\yOnNqSF.exe
  C:\Windows\System\yOnNqSF.exe
  2⤵
  PID:4784
- C:\Windows\System\EprElDW.exe
  C:\Windows\System\EprElDW.exe
  2⤵
  PID:4804
- C:\Windows\System\mrCYTAP.exe
  C:\Windows\System\mrCYTAP.exe
  2⤵
  PID:4824
- C:\Windows\System\wuOgcoD.exe
  C:\Windows\System\wuOgcoD.exe
  2⤵
  PID:4844
- C:\Windows\System\vsLQatU.exe
  C:\Windows\System\vsLQatU.exe
  2⤵
  PID:4860
- C:\Windows\System\xQgBiij.exe
  C:\Windows\System\xQgBiij.exe
  2⤵
  PID:4876
- C:\Windows\System\KyJYnvO.exe
  C:\Windows\System\KyJYnvO.exe
  2⤵
  PID:4900
- C:\Windows\System\pdKoJFW.exe
  C:\Windows\System\pdKoJFW.exe
  2⤵
  PID:4916
- C:\Windows\System\gyAPguY.exe
  C:\Windows\System\gyAPguY.exe
  2⤵
  PID:4940
- C:\Windows\System\JpNXKzX.exe
  C:\Windows\System\JpNXKzX.exe
  2⤵
  PID:4964
- C:\Windows\System\HIxcucI.exe
  C:\Windows\System\HIxcucI.exe
  2⤵
  PID:4980
- C:\Windows\System\AEWZKMl.exe
  C:\Windows\System\AEWZKMl.exe
  2⤵
  PID:4996
- C:\Windows\System\MSkZDJM.exe
  C:\Windows\System\MSkZDJM.exe
  2⤵
  PID:5020
- C:\Windows\System\dkfnWKR.exe
  C:\Windows\System\dkfnWKR.exe
  2⤵
  PID:5040
- C:\Windows\System\PEEubMa.exe
  C:\Windows\System\PEEubMa.exe
  2⤵
  PID:5056
- C:\Windows\System\OuGizGC.exe
  C:\Windows\System\OuGizGC.exe
  2⤵
  PID:5076
- C:\Windows\System\EVLakac.exe
  C:\Windows\System\EVLakac.exe
  2⤵
  PID:5092
- C:\Windows\System\sFFVYJw.exe
  C:\Windows\System\sFFVYJw.exe
  2⤵
  PID:5108
- C:\Windows\System\xVOlFee.exe
  C:\Windows\System\xVOlFee.exe
  2⤵
  PID:2884
- C:\Windows\System\pWZEAyP.exe
  C:\Windows\System\pWZEAyP.exe
  2⤵
  PID:3764
- C:\Windows\System\iYfGnCg.exe
  C:\Windows\System\iYfGnCg.exe
  2⤵
  PID:664
- C:\Windows\System\WWPRzKR.exe
  C:\Windows\System\WWPRzKR.exe
  2⤵
  PID:3884
- C:\Windows\System\QfyoSkK.exe
  C:\Windows\System\QfyoSkK.exe
  2⤵
  PID:3880
- C:\Windows\System\RURGOoC.exe
  C:\Windows\System\RURGOoC.exe
  2⤵
  PID:924
- C:\Windows\System\TqsJyeo.exe
  C:\Windows\System\TqsJyeo.exe
  2⤵
  PID:2640
- C:\Windows\System\QLYTCXL.exe
  C:\Windows\System\QLYTCXL.exe
  2⤵
  PID:3192
- C:\Windows\System\tnMJEHg.exe
  C:\Windows\System\tnMJEHg.exe
  2⤵
  PID:3268
- C:\Windows\System\DTriUOg.exe
  C:\Windows\System\DTriUOg.exe
  2⤵
  PID:4132
- C:\Windows\System\tcoUEry.exe
  C:\Windows\System\tcoUEry.exe
  2⤵
  PID:4172
- C:\Windows\System\feVUiYY.exe
  C:\Windows\System\feVUiYY.exe
  2⤵
  PID:4216
- C:\Windows\System\WjjWooJ.exe
  C:\Windows\System\WjjWooJ.exe
  2⤵
  PID:4284
- C:\Windows\System\ycCdMiI.exe
  C:\Windows\System\ycCdMiI.exe
  2⤵
  PID:4324
- C:\Windows\System\fXNHcFK.exe
  C:\Windows\System\fXNHcFK.exe
  2⤵
  PID:4400
- C:\Windows\System\XOHhIIU.exe
  C:\Windows\System\XOHhIIU.exe
  2⤵
  PID:4432
- C:\Windows\System\tfPnvRB.exe
  C:\Windows\System\tfPnvRB.exe
  2⤵
  PID:4500
- C:\Windows\System\eUKKMyF.exe
  C:\Windows\System\eUKKMyF.exe
  2⤵
  PID:4348
- C:\Windows\System\gfPvfdv.exe
  C:\Windows\System\gfPvfdv.exe
  2⤵
  PID:4568
- C:\Windows\System\COPuRmS.exe
  C:\Windows\System\COPuRmS.exe
  2⤵
  PID:4108
- C:\Windows\System\JaioLiN.exe
  C:\Windows\System\JaioLiN.exe
  2⤵
  PID:4592
- C:\Windows\System\koqsMVv.exe
  C:\Windows\System\koqsMVv.exe
  2⤵
  PID:4572
- C:\Windows\System\EBClaMx.exe
  C:\Windows\System\EBClaMx.exe
  2⤵
  PID:4812
- C:\Windows\System\ZgHOAjB.exe
  C:\Windows\System\ZgHOAjB.exe
  2⤵
  PID:4380
- C:\Windows\System\rpJbrGb.exe
  C:\Windows\System\rpJbrGb.exe
  2⤵
  PID:4416
- C:\Windows\System\PZaSYmi.exe
  C:\Windows\System\PZaSYmi.exe
  2⤵
  PID:4520
- C:\Windows\System\LgrhlwW.exe
  C:\Windows\System\LgrhlwW.exe
  2⤵
  PID:4852
- C:\Windows\System\jKYbLLY.exe
  C:\Windows\System\jKYbLLY.exe
  2⤵
  PID:4884
- C:\Windows\System\aEZqytM.exe
  C:\Windows\System\aEZqytM.exe
  2⤵
  PID:4924
- C:\Windows\System\scELCrq.exe
  C:\Windows\System\scELCrq.exe
  2⤵
  PID:4960
- C:\Windows\System\fxEOwHr.exe
  C:\Windows\System\fxEOwHr.exe
  2⤵
  PID:4976
- C:\Windows\System\UEIsIvr.exe
  C:\Windows\System\UEIsIvr.exe
  2⤵
  PID:5012
- C:\Windows\System\ckHwqVi.exe
  C:\Windows\System\ckHwqVi.exe
  2⤵
  PID:4800
- C:\Windows\System\ifGzPqg.exe
  C:\Windows\System\ifGzPqg.exe
  2⤵
  PID:4908
- C:\Windows\System\MWtBBpe.exe
  C:\Windows\System\MWtBBpe.exe
  2⤵
  PID:1568
- C:\Windows\System\ROwpYso.exe
  C:\Windows\System\ROwpYso.exe
  2⤵
  PID:4912
- C:\Windows\System\vMgUuUU.exe
  C:\Windows\System\vMgUuUU.exe
  2⤵
  PID:3784
- C:\Windows\System\NSnxvJi.exe
  C:\Windows\System\NSnxvJi.exe
  2⤵
  PID:5068
- C:\Windows\System\NzGULZm.exe
  C:\Windows\System\NzGULZm.exe
  2⤵
  PID:1404
- C:\Windows\System\AVjslOy.exe
  C:\Windows\System\AVjslOy.exe
  2⤵
  PID:3960
- C:\Windows\System\BgdqMoY.exe
  C:\Windows\System\BgdqMoY.exe
  2⤵
  PID:4252
- C:\Windows\System\TrvhJes.exe
  C:\Windows\System\TrvhJes.exe
  2⤵
  PID:4468
- C:\Windows\System\nRelHtO.exe
  C:\Windows\System\nRelHtO.exe
  2⤵
  PID:4148
- C:\Windows\System\tuxaHqI.exe
  C:\Windows\System\tuxaHqI.exe
  2⤵
  PID:3180
- C:\Windows\System\CMCBMlX.exe
  C:\Windows\System\CMCBMlX.exe
  2⤵
  PID:4620
- C:\Windows\System\nWWApPk.exe
  C:\Windows\System\nWWApPk.exe
  2⤵
  PID:4680
- C:\Windows\System\pgjbrdM.exe
  C:\Windows\System\pgjbrdM.exe
  2⤵
  PID:4344
- C:\Windows\System\fLcMQOr.exe
  C:\Windows\System\fLcMQOr.exe
  2⤵
  PID:4196
- C:\Windows\System\rjXALdq.exe
  C:\Windows\System\rjXALdq.exe
  2⤵
  PID:4220
- C:\Windows\System\nsZkjUD.exe
  C:\Windows\System\nsZkjUD.exe
  2⤵
  PID:4688
- C:\Windows\System\ehLoQTW.exe
  C:\Windows\System\ehLoQTW.exe
  2⤵
  PID:4704
- C:\Windows\System\OHhBUZs.exe
  C:\Windows\System\OHhBUZs.exe
  2⤵
  PID:4712
- C:\Windows\System\eboyeFm.exe
  C:\Windows\System\eboyeFm.exe
  2⤵
  PID:4420
- C:\Windows\System\gayrpUs.exe
  C:\Windows\System\gayrpUs.exe
  2⤵
  PID:4668
- C:\Windows\System\dcAlfpG.exe
  C:\Windows\System\dcAlfpG.exe
  2⤵
  PID:4972
- C:\Windows\System\MYThmDr.exe
  C:\Windows\System\MYThmDr.exe
  2⤵
  PID:4832
- C:\Windows\System\hpccTVF.exe
  C:\Windows\System\hpccTVF.exe
  2⤵
  PID:5084
- C:\Windows\System\pROQnVk.exe
  C:\Windows\System\pROQnVk.exe
  2⤵
  PID:4672
- C:\Windows\System\jmyAtnN.exe
  C:\Windows\System\jmyAtnN.exe
  2⤵
  PID:4008
- C:\Windows\System\knzfuMw.exe
  C:\Windows\System\knzfuMw.exe
  2⤵
  PID:2800
- C:\Windows\System\WcmwuFi.exe
  C:\Windows\System\WcmwuFi.exe
  2⤵
  PID:5104
- C:\Windows\System\oYDIaYI.exe
  C:\Windows\System\oYDIaYI.exe
  2⤵
  PID:4716
- C:\Windows\System\NvTdvAo.exe
  C:\Windows\System\NvTdvAo.exe
  2⤵
  PID:5032
- C:\Windows\System\uAdRfho.exe
  C:\Windows\System\uAdRfho.exe
  2⤵
  PID:3656
- C:\Windows\System\lQNKoJI.exe
  C:\Windows\System\lQNKoJI.exe
  2⤵
  PID:4484
- C:\Windows\System\hjQVYHP.exe
  C:\Windows\System\hjQVYHP.exe
  2⤵
  PID:4232
- C:\Windows\System\ZynVKhy.exe
  C:\Windows\System\ZynVKhy.exe
  2⤵
  PID:4268
- C:\Windows\System\RwOiHSf.exe
  C:\Windows\System\RwOiHSf.exe
  2⤵
  PID:4352
- C:\Windows\System\JoygvMe.exe
  C:\Windows\System\JoygvMe.exe
  2⤵
  PID:4744
- C:\Windows\System\JTmpsPW.exe
  C:\Windows\System\JTmpsPW.exe
  2⤵
  PID:2748
- C:\Windows\System\iZqGsIg.exe
  C:\Windows\System\iZqGsIg.exe
  2⤵
  PID:4700
- C:\Windows\System\mKcwteB.exe
  C:\Windows\System\mKcwteB.exe
  2⤵
  PID:4112
- C:\Windows\System\JThurlB.exe
  C:\Windows\System\JThurlB.exe
  2⤵
  PID:4640
- C:\Windows\System\OwozctV.exe
  C:\Windows\System\OwozctV.exe
  2⤵
  PID:2280
- C:\Windows\System\FSWPJFl.exe
  C:\Windows\System\FSWPJFl.exe
  2⤵
  PID:4724
- C:\Windows\System\fLJfvDf.exe
  C:\Windows\System\fLJfvDf.exe
  2⤵
  PID:2916
- C:\Windows\System\xKgdHuJ.exe
  C:\Windows\System\xKgdHuJ.exe
  2⤵
  PID:1652
- C:\Windows\System\fBxZzPk.exe
  C:\Windows\System\fBxZzPk.exe
  2⤵
  PID:4728
- C:\Windows\System\LfozjHt.exe
  C:\Windows\System\LfozjHt.exe
  2⤵
  PID:4868
- C:\Windows\System\GaIztii.exe
  C:\Windows\System\GaIztii.exe
  2⤵
  PID:4548
- C:\Windows\System\SXvHTrQ.exe
  C:\Windows\System\SXvHTrQ.exe
  2⤵
  PID:2232
- C:\Windows\System\gmzWPyA.exe
  C:\Windows\System\gmzWPyA.exe
  2⤵
  PID:3068
- C:\Windows\System\nUCsdxI.exe
  C:\Windows\System\nUCsdxI.exe
  2⤵
  PID:4236
- C:\Windows\System\SElZqdF.exe
  C:\Windows\System\SElZqdF.exe
  2⤵
  PID:4656
- C:\Windows\System\FwcoQTN.exe
  C:\Windows\System\FwcoQTN.exe
  2⤵
  PID:5064
- C:\Windows\System\AYOlSDa.exe
  C:\Windows\System\AYOlSDa.exe
  2⤵
  PID:4336
- C:\Windows\System\HWjDhjp.exe
  C:\Windows\System\HWjDhjp.exe
  2⤵
  PID:2156
- C:\Windows\System\fSOUEvH.exe
  C:\Windows\System\fSOUEvH.exe
  2⤵
  PID:5128
- C:\Windows\System\mBBLqzV.exe
  C:\Windows\System\mBBLqzV.exe
  2⤵
  PID:5144
- C:\Windows\System\BvGvzpC.exe
  C:\Windows\System\BvGvzpC.exe
  2⤵
  PID:5164
- C:\Windows\System\PqFSqpZ.exe
  C:\Windows\System\PqFSqpZ.exe
  2⤵
  PID:5180
- C:\Windows\System\aWPsXTd.exe
  C:\Windows\System\aWPsXTd.exe
  2⤵
  PID:5196
- C:\Windows\System\bvUREyu.exe
  C:\Windows\System\bvUREyu.exe
  2⤵
  PID:5212
- C:\Windows\System\SGryyTz.exe
  C:\Windows\System\SGryyTz.exe
  2⤵
  PID:5228
- C:\Windows\System\MNoQRsL.exe
  C:\Windows\System\MNoQRsL.exe
  2⤵
  PID:5244
- C:\Windows\System\KxQOlNE.exe
  C:\Windows\System\KxQOlNE.exe
  2⤵
  PID:5292
- C:\Windows\System\kwRxyJj.exe
  C:\Windows\System\kwRxyJj.exe
  2⤵
  PID:5320
- C:\Windows\System\VXKYzTi.exe
  C:\Windows\System\VXKYzTi.exe
  2⤵
  PID:5340
- C:\Windows\System\jkPGVlg.exe
  C:\Windows\System\jkPGVlg.exe
  2⤵
  PID:5356
- C:\Windows\System\HCjxzbA.exe
  C:\Windows\System\HCjxzbA.exe
  2⤵
  PID:5372
- C:\Windows\System\IyHysaF.exe
  C:\Windows\System\IyHysaF.exe
  2⤵
  PID:5392
- C:\Windows\System\skfHQIQ.exe
  C:\Windows\System\skfHQIQ.exe
  2⤵
  PID:5408
- C:\Windows\System\DRqJprt.exe
  C:\Windows\System\DRqJprt.exe
  2⤵
  PID:5428
- C:\Windows\System\RUFeIde.exe
  C:\Windows\System\RUFeIde.exe
  2⤵
  PID:5448
- C:\Windows\System\SnOiKWz.exe
  C:\Windows\System\SnOiKWz.exe
  2⤵
  PID:5464
- C:\Windows\System\jhvMZYV.exe
  C:\Windows\System\jhvMZYV.exe
  2⤵
  PID:5488
- C:\Windows\System\OSBfSOq.exe
  C:\Windows\System\OSBfSOq.exe
  2⤵
  PID:5504
- C:\Windows\System\NsIeASC.exe
  C:\Windows\System\NsIeASC.exe
  2⤵
  PID:5524
- C:\Windows\System\nipFnHa.exe
  C:\Windows\System\nipFnHa.exe
  2⤵
  PID:5544
- C:\Windows\System\QsXFhJA.exe
  C:\Windows\System\QsXFhJA.exe
  2⤵
  PID:5580
- C:\Windows\System\udBQAqH.exe
  C:\Windows\System\udBQAqH.exe
  2⤵
  PID:5600
- C:\Windows\System\XLEILfN.exe
  C:\Windows\System\XLEILfN.exe
  2⤵
  PID:5624
- C:\Windows\System\QQVFAtR.exe
  C:\Windows\System\QQVFAtR.exe
  2⤵
  PID:5640
- C:\Windows\System\YqbQORv.exe
  C:\Windows\System\YqbQORv.exe
  2⤵
  PID:5660
- C:\Windows\System\oXDePxC.exe
  C:\Windows\System\oXDePxC.exe
  2⤵
  PID:5680
- C:\Windows\System\IcTDDTw.exe
  C:\Windows\System\IcTDDTw.exe
  2⤵
  PID:5704
- C:\Windows\System\PvaAZYG.exe
  C:\Windows\System\PvaAZYG.exe
  2⤵
  PID:5720
- C:\Windows\System\yQiHmSN.exe
  C:\Windows\System\yQiHmSN.exe
  2⤵
  PID:5744
- C:\Windows\System\nAjvZQV.exe
  C:\Windows\System\nAjvZQV.exe
  2⤵
  PID:5764
- C:\Windows\System\JCoDKXH.exe
  C:\Windows\System\JCoDKXH.exe
  2⤵
  PID:5800
- C:\Windows\System\jAdPZCj.exe
  C:\Windows\System\jAdPZCj.exe
  2⤵
  PID:5816
- C:\Windows\System\QEJjcHN.exe
  C:\Windows\System\QEJjcHN.exe
  2⤵
  PID:5840
- C:\Windows\System\FnIsRDd.exe
  C:\Windows\System\FnIsRDd.exe
  2⤵
  PID:5860
- C:\Windows\System\msIpWSt.exe
  C:\Windows\System\msIpWSt.exe
  2⤵
  PID:5876
- C:\Windows\System\uPujEGz.exe
  C:\Windows\System\uPujEGz.exe
  2⤵
  PID:5932
- C:\Windows\System\anwNzCB.exe
  C:\Windows\System\anwNzCB.exe
  2⤵
  PID:5948
- C:\Windows\System\XwSharE.exe
  C:\Windows\System\XwSharE.exe
  2⤵
  PID:5972
- C:\Windows\System\xfUJeNt.exe
  C:\Windows\System\xfUJeNt.exe
  2⤵
  PID:5988
- C:\Windows\System\MRKNNuJ.exe
  C:\Windows\System\MRKNNuJ.exe
  2⤵
  PID:6004
- C:\Windows\System\KENGARX.exe
  C:\Windows\System\KENGARX.exe
  2⤵
  PID:6040
- C:\Windows\System\slwffvv.exe
  C:\Windows\System\slwffvv.exe
  2⤵
  PID:6056
- C:\Windows\System\xilIJBt.exe
  C:\Windows\System\xilIJBt.exe
  2⤵
  PID:6072
- C:\Windows\System\IvoxXaX.exe
  C:\Windows\System\IvoxXaX.exe
  2⤵
  PID:6088
- C:\Windows\System\RorynSJ.exe
  C:\Windows\System\RorynSJ.exe
  2⤵
  PID:6104
- C:\Windows\System\HOHDSHJ.exe
  C:\Windows\System\HOHDSHJ.exe
  2⤵
  PID:6120
- C:\Windows\System\pNqZwWo.exe
  C:\Windows\System\pNqZwWo.exe
  2⤵
  PID:6136
- C:\Windows\System\pRvRDjW.exe
  C:\Windows\System\pRvRDjW.exe
  2⤵
  PID:4720
- C:\Windows\System\KPcQKFX.exe
  C:\Windows\System\KPcQKFX.exe
  2⤵
  PID:4604
- C:\Windows\System\hRqVLqi.exe
  C:\Windows\System\hRqVLqi.exe
  2⤵
  PID:2948
- C:\Windows\System\yxmEVAt.exe
  C:\Windows\System\yxmEVAt.exe
  2⤵
  PID:5140
- C:\Windows\System\xsgFKpi.exe
  C:\Windows\System\xsgFKpi.exe
  2⤵
  PID:2824
- C:\Windows\System\obcjHHc.exe
  C:\Windows\System\obcjHHc.exe
  2⤵
  PID:5156
- C:\Windows\System\xedmuOB.exe
  C:\Windows\System\xedmuOB.exe
  2⤵
  PID:5028
- C:\Windows\System\nEklxxU.exe
  C:\Windows\System\nEklxxU.exe
  2⤵
  PID:3464
- C:\Windows\System\aFzqhJp.exe
  C:\Windows\System\aFzqhJp.exe
  2⤵
  PID:5208
- C:\Windows\System\wTxGBHe.exe
  C:\Windows\System\wTxGBHe.exe
  2⤵
  PID:5188
- C:\Windows\System\wykjRgT.exe
  C:\Windows\System\wykjRgT.exe
  2⤵
  PID:5312
- C:\Windows\System\lvjrMrC.exe
  C:\Windows\System\lvjrMrC.exe
  2⤵
  PID:5384
- C:\Windows\System\HOVcUVZ.exe
  C:\Windows\System\HOVcUVZ.exe
  2⤵
  PID:2684
- C:\Windows\System\ktKtCMJ.exe
  C:\Windows\System\ktKtCMJ.exe
  2⤵
  PID:5220
- C:\Windows\System\UbYeYcS.exe
  C:\Windows\System\UbYeYcS.exe
  2⤵
  PID:5256
- C:\Windows\System\PggfAIb.exe
  C:\Windows\System\PggfAIb.exe
  2⤵
  PID:5276
- C:\Windows\System\OHuonXF.exe
  C:\Windows\System\OHuonXF.exe
  2⤵
  PID:5456
- C:\Windows\System\IpskCST.exe
  C:\Windows\System\IpskCST.exe
  2⤵
  PID:5532
- C:\Windows\System\jivOdNi.exe
  C:\Windows\System\jivOdNi.exe
  2⤵
  PID:5368
- C:\Windows\System\IbuKYee.exe
  C:\Windows\System\IbuKYee.exe
  2⤵
  PID:5440
- C:\Windows\System\eeePyVq.exe
  C:\Windows\System\eeePyVq.exe
  2⤵
  PID:3112
- C:\Windows\System\IGqYHOj.exe
  C:\Windows\System\IGqYHOj.exe
  2⤵
  PID:5516
- C:\Windows\System\rPaFyps.exe
  C:\Windows\System\rPaFyps.exe
  2⤵
  PID:5564
- C:\Windows\System\yhOIWsl.exe
  C:\Windows\System\yhOIWsl.exe
  2⤵
  PID:5636
- C:\Windows\System\PFXFrYz.exe
  C:\Windows\System\PFXFrYz.exe
  2⤵
  PID:5612
- C:\Windows\System\xbFZSCd.exe
  C:\Windows\System\xbFZSCd.exe
  2⤵
  PID:5656
- C:\Windows\System\ykOpvFb.exe
  C:\Windows\System\ykOpvFb.exe
  2⤵
  PID:5696
- C:\Windows\System\QbfPsOr.exe
  C:\Windows\System\QbfPsOr.exe
  2⤵
  PID:5732
- C:\Windows\System\oDVovmC.exe
  C:\Windows\System\oDVovmC.exe
  2⤵
  PID:5808
- C:\Windows\System\tfdTeWU.exe
  C:\Windows\System\tfdTeWU.exe
  2⤵
  PID:5776
- C:\Windows\System\WOsOOfw.exe
  C:\Windows\System\WOsOOfw.exe
  2⤵
  PID:5792
- C:\Windows\System\jakrrVz.exe
  C:\Windows\System\jakrrVz.exe
  2⤵
  PID:5824
- C:\Windows\System\QHkYazV.exe
  C:\Windows\System\QHkYazV.exe
  2⤵
  PID:5868
- C:\Windows\System\YWqrmKG.exe
  C:\Windows\System\YWqrmKG.exe
  2⤵
  PID:5900
- C:\Windows\System\rEVvnXx.exe
  C:\Windows\System\rEVvnXx.exe
  2⤵
  PID:5916
- C:\Windows\System\gSbtXdn.exe
  C:\Windows\System\gSbtXdn.exe
  2⤵
  PID:5928
- C:\Windows\System\vPmQajB.exe
  C:\Windows\System\vPmQajB.exe
  2⤵
  PID:6024
- C:\Windows\System\wfJUSrL.exe
  C:\Windows\System\wfJUSrL.exe
  2⤵
  PID:4796
- C:\Windows\System\oZJOxUf.exe
  C:\Windows\System\oZJOxUf.exe
  2⤵
  PID:5052
- C:\Windows\System\ArDYhcb.exe
  C:\Windows\System\ArDYhcb.exe
  2⤵
  PID:5136
- C:\Windows\System\IeMdTgx.exe
  C:\Windows\System\IeMdTgx.exe
  2⤵
  PID:4580
- C:\Windows\System\LXrQUWU.exe
  C:\Windows\System\LXrQUWU.exe
  2⤵
  PID:3020
- C:\Windows\System\dipewmw.exe
  C:\Windows\System\dipewmw.exe
  2⤵
  PID:4316
- C:\Windows\System\JpWAggz.exe
  C:\Windows\System\JpWAggz.exe
  2⤵
  PID:4488
- C:\Windows\System\OSaPTwu.exe
  C:\Windows\System\OSaPTwu.exe
  2⤵
  PID:5308
- C:\Windows\System\PDKionB.exe
  C:\Windows\System\PDKionB.exe
  2⤵
  PID:2728
- C:\Windows\System\LQNikhs.exe
  C:\Windows\System\LQNikhs.exe
  2⤵
  PID:5332
- C:\Windows\System\YnDiiNJ.exe
  C:\Windows\System\YnDiiNJ.exe
  2⤵
  PID:5472
- C:\Windows\System\MdGLVqF.exe
  C:\Windows\System\MdGLVqF.exe
  2⤵
  PID:5240
- C:\Windows\System\VDbzAOu.exe
  C:\Windows\System\VDbzAOu.exe
  2⤵
  PID:5688
- C:\Windows\System\nKjzGjc.exe
  C:\Windows\System\nKjzGjc.exe
  2⤵
  PID:5784
- C:\Windows\System\htmBFPk.exe
  C:\Windows\System\htmBFPk.exe
  2⤵
  PID:5192
- C:\Windows\System\UFtuZVx.exe
  C:\Windows\System\UFtuZVx.exe
  2⤵
  PID:5500
- C:\Windows\System\DDOHmfY.exe
  C:\Windows\System\DDOHmfY.exe
  2⤵
  PID:5512
- C:\Windows\System\joDthTx.exe
  C:\Windows\System\joDthTx.exe
  2⤵
  PID:5620
- C:\Windows\System\qJxpkfb.exe
  C:\Windows\System\qJxpkfb.exe
  2⤵
  PID:5836
- C:\Windows\System\UCyOLXw.exe
  C:\Windows\System\UCyOLXw.exe
  2⤵
  PID:5848
- C:\Windows\System\xXpnjEg.exe
  C:\Windows\System\xXpnjEg.exe
  2⤵
  PID:5888
- C:\Windows\System\edFftHi.exe
  C:\Windows\System\edFftHi.exe
  2⤵
  PID:5924
- C:\Windows\System\oaJNBPB.exe
  C:\Windows\System\oaJNBPB.exe
  2⤵
  PID:6036
- C:\Windows\System\QGZNYwd.exe
  C:\Windows\System\QGZNYwd.exe
  2⤵
  PID:6128
- C:\Windows\System\NtZRQQe.exe
  C:\Windows\System\NtZRQQe.exe
  2⤵
  PID:5996
- C:\Windows\System\xXLVrLi.exe
  C:\Windows\System\xXLVrLi.exe
  2⤵
  PID:4956
- C:\Windows\System\WvHPPXk.exe
  C:\Windows\System\WvHPPXk.exe
  2⤵
  PID:2976
- C:\Windows\System\czdCxAl.exe
  C:\Windows\System\czdCxAl.exe
  2⤵
  PID:6080
- C:\Windows\System\cemdxTt.exe
  C:\Windows\System\cemdxTt.exe
  2⤵
  PID:5284
- C:\Windows\System\BamYvqj.exe
  C:\Windows\System\BamYvqj.exe
  2⤵
  PID:4748
- C:\Windows\System\GAcgBhJ.exe
  C:\Windows\System\GAcgBhJ.exe
  2⤵
  PID:2972
- C:\Windows\System\oNbYpds.exe
  C:\Windows\System\oNbYpds.exe
  2⤵
  PID:5752
- C:\Windows\System\EzkTdhO.exe
  C:\Windows\System\EzkTdhO.exe
  2⤵
  PID:5832
- C:\Windows\System\AzxOofd.exe
  C:\Windows\System\AzxOofd.exe
  2⤵
  PID:2892
- C:\Windows\System\NVqjOIX.exe
  C:\Windows\System\NVqjOIX.exe
  2⤵
  PID:1940
- C:\Windows\System\HUQCRNt.exe
  C:\Windows\System\HUQCRNt.exe
  2⤵
  PID:5576
- C:\Windows\System\xkfePae.exe
  C:\Windows\System\xkfePae.exe
  2⤵
  PID:5896
- C:\Windows\System\OdAwPzV.exe
  C:\Windows\System\OdAwPzV.exe
  2⤵
  PID:6052
- C:\Windows\System\kGGaMYa.exe
  C:\Windows\System\kGGaMYa.exe
  2⤵
  PID:4304
- C:\Windows\System\PKBxcUy.exe
  C:\Windows\System\PKBxcUy.exe
  2⤵
  PID:4128
- C:\Windows\System\ozniUlu.exe
  C:\Windows\System\ozniUlu.exe
  2⤵
  PID:6016
- C:\Windows\System\rGnImZo.exe
  C:\Windows\System\rGnImZo.exe
  2⤵
  PID:4816
- C:\Windows\System\AcFFTuy.exe
  C:\Windows\System\AcFFTuy.exe
  2⤵
  PID:2424
- C:\Windows\System\hSfIufn.exe
  C:\Windows\System\hSfIufn.exe
  2⤵
  PID:2732
- C:\Windows\System\ShlygEA.exe
  C:\Windows\System\ShlygEA.exe
  2⤵
  PID:5652
- C:\Windows\System\bXjwJse.exe
  C:\Windows\System\bXjwJse.exe
  2⤵
  PID:5740
- C:\Windows\System\nWqIUVQ.exe
  C:\Windows\System\nWqIUVQ.exe
  2⤵
  PID:5756
- C:\Windows\System\jwCOTUt.exe
  C:\Windows\System\jwCOTUt.exe
  2⤵
  PID:6068
- C:\Windows\System\pjnXnNy.exe
  C:\Windows\System\pjnXnNy.exe
  2⤵
  PID:5152
- C:\Windows\System\QFOTmIB.exe
  C:\Windows\System\QFOTmIB.exe
  2⤵
  PID:5540
- C:\Windows\System\sJTmmkL.exe
  C:\Windows\System\sJTmmkL.exe
  2⤵
  PID:2828
- C:\Windows\System\ybXAGSO.exe
  C:\Windows\System\ybXAGSO.exe
  2⤵
  PID:2096
- C:\Windows\System\bLiTlhF.exe
  C:\Windows\System\bLiTlhF.exe
  2⤵
  PID:5716
- C:\Windows\System\YNpqCXK.exe
  C:\Windows\System\YNpqCXK.exe
  2⤵
  PID:5944
- C:\Windows\System\BhbHGIs.exe
  C:\Windows\System\BhbHGIs.exe
  2⤵
  PID:2332
- C:\Windows\System\twpDpwA.exe
  C:\Windows\System\twpDpwA.exe
  2⤵
  PID:6160
- C:\Windows\System\zbHNZDj.exe
  C:\Windows\System\zbHNZDj.exe
  2⤵
  PID:6180
- C:\Windows\System\XKwMfzT.exe
  C:\Windows\System\XKwMfzT.exe
  2⤵
  PID:6196
- C:\Windows\System\PDngBjR.exe
  C:\Windows\System\PDngBjR.exe
  2⤵
  PID:6212
- C:\Windows\System\AMCovIZ.exe
  C:\Windows\System\AMCovIZ.exe
  2⤵
  PID:6232
- C:\Windows\System\rfsDOmJ.exe
  C:\Windows\System\rfsDOmJ.exe
  2⤵
  PID:6276
- C:\Windows\System\lPBCZrv.exe
  C:\Windows\System\lPBCZrv.exe
  2⤵
  PID:6308
- C:\Windows\System\rxDpMAq.exe
  C:\Windows\System\rxDpMAq.exe
  2⤵
  PID:6328
- C:\Windows\System\gIGkcrt.exe
  C:\Windows\System\gIGkcrt.exe
  2⤵
  PID:6344
- C:\Windows\System\APvZZfs.exe
  C:\Windows\System\APvZZfs.exe
  2⤵
  PID:6360
- C:\Windows\System\MMxQBPD.exe
  C:\Windows\System\MMxQBPD.exe
  2⤵
  PID:6376
- C:\Windows\System\POZUTCS.exe
  C:\Windows\System\POZUTCS.exe
  2⤵
  PID:6392
- C:\Windows\System\xaTiQyR.exe
  C:\Windows\System\xaTiQyR.exe
  2⤵
  PID:6408
- C:\Windows\System\XKmMqBW.exe
  C:\Windows\System\XKmMqBW.exe
  2⤵
  PID:6424
- C:\Windows\System\exOtiSd.exe
  C:\Windows\System\exOtiSd.exe
  2⤵
  PID:6440
- C:\Windows\System\irhKTBA.exe
  C:\Windows\System\irhKTBA.exe
  2⤵
  PID:6456
- C:\Windows\System\mIBRZyo.exe
  C:\Windows\System\mIBRZyo.exe
  2⤵
  PID:6472
- C:\Windows\System\JjkjQDX.exe
  C:\Windows\System\JjkjQDX.exe
  2⤵
  PID:6488
- C:\Windows\System\NDZQSPc.exe
  C:\Windows\System\NDZQSPc.exe
  2⤵
  PID:6504
- C:\Windows\System\kzZohoP.exe
  C:\Windows\System\kzZohoP.exe
  2⤵
  PID:6572
- C:\Windows\System\EeHuqpp.exe
  C:\Windows\System\EeHuqpp.exe
  2⤵
  PID:6588
- C:\Windows\System\ndLOAuz.exe
  C:\Windows\System\ndLOAuz.exe
  2⤵
  PID:6604
- C:\Windows\System\MdCUhmJ.exe
  C:\Windows\System\MdCUhmJ.exe
  2⤵
  PID:6620
- C:\Windows\System\OgYndLO.exe
  C:\Windows\System\OgYndLO.exe
  2⤵
  PID:6636
- C:\Windows\System\DKbQXFD.exe
  C:\Windows\System\DKbQXFD.exe
  2⤵
  PID:6652
- C:\Windows\System\YcNsmYW.exe
  C:\Windows\System\YcNsmYW.exe
  2⤵
  PID:6668
- C:\Windows\System\kPnYbEL.exe
  C:\Windows\System\kPnYbEL.exe
  2⤵
  PID:6684
- C:\Windows\System\lFRZKGt.exe
  C:\Windows\System\lFRZKGt.exe
  2⤵
  PID:6704
- C:\Windows\System\TZsdTjK.exe
  C:\Windows\System\TZsdTjK.exe
  2⤵
  PID:6720
- C:\Windows\System\GmzsWca.exe
  C:\Windows\System\GmzsWca.exe
  2⤵
  PID:6736
- C:\Windows\System\YqjRJrM.exe
  C:\Windows\System\YqjRJrM.exe
  2⤵
  PID:6752
- C:\Windows\System\SyxBmUc.exe
  C:\Windows\System\SyxBmUc.exe
  2⤵
  PID:6768
- C:\Windows\System\uMVasoD.exe
  C:\Windows\System\uMVasoD.exe
  2⤵
  PID:6784
- C:\Windows\System\MMHjCFe.exe
  C:\Windows\System\MMHjCFe.exe
  2⤵
  PID:6800
- C:\Windows\System\hrNHfIQ.exe
  C:\Windows\System\hrNHfIQ.exe
  2⤵
  PID:6820
- C:\Windows\System\RwfgVJk.exe
  C:\Windows\System\RwfgVJk.exe
  2⤵
  PID:6836
- C:\Windows\System\GvwttMr.exe
  C:\Windows\System\GvwttMr.exe
  2⤵
  PID:6852
- C:\Windows\System\AEvLnpv.exe
  C:\Windows\System\AEvLnpv.exe
  2⤵
  PID:6872
- C:\Windows\System\MfbZEum.exe
  C:\Windows\System\MfbZEum.exe
  2⤵
  PID:6896
- C:\Windows\System\soGJvdU.exe
  C:\Windows\System\soGJvdU.exe
  2⤵
  PID:6912
- C:\Windows\System\fxUYnuS.exe
  C:\Windows\System\fxUYnuS.exe
  2⤵
  PID:6932
- C:\Windows\System\MbRJRPS.exe
  C:\Windows\System\MbRJRPS.exe
  2⤵
  PID:6952
- C:\Windows\System\Vswmacy.exe
  C:\Windows\System\Vswmacy.exe
  2⤵
  PID:6980
- C:\Windows\System\ROnSldK.exe
  C:\Windows\System\ROnSldK.exe
  2⤵
  PID:6996
- C:\Windows\System\SAaVqtU.exe
  C:\Windows\System\SAaVqtU.exe
  2⤵
  PID:7012
- C:\Windows\System\QbXedxS.exe
  C:\Windows\System\QbXedxS.exe
  2⤵
  PID:7036
- C:\Windows\System\DKEMqkB.exe
  C:\Windows\System\DKEMqkB.exe
  2⤵
  PID:7080
- C:\Windows\System\aDSUxEs.exe
  C:\Windows\System\aDSUxEs.exe
  2⤵
  PID:7108
- C:\Windows\System\sKbRYrL.exe
  C:\Windows\System\sKbRYrL.exe
  2⤵
  PID:7124
- C:\Windows\System\fiUmypx.exe
  C:\Windows\System\fiUmypx.exe
  2⤵
  PID:7140
- C:\Windows\System\bJATzvS.exe
  C:\Windows\System\bJATzvS.exe
  2⤵
  PID:7156
- C:\Windows\System\zsYXmOi.exe
  C:\Windows\System\zsYXmOi.exe
  2⤵
  PID:5672
- C:\Windows\System\DKBSCiB.exe
  C:\Windows\System\DKBSCiB.exe
  2⤵
  PID:6012
- C:\Windows\System\hllvKWu.exe
  C:\Windows\System\hllvKWu.exe
  2⤵
  PID:5596
- C:\Windows\System\ShqEvDx.exe
  C:\Windows\System\ShqEvDx.exe
  2⤵
  PID:6168
- C:\Windows\System\IBajpiO.exe
  C:\Windows\System\IBajpiO.exe
  2⤵
  PID:6208
- C:\Windows\System\VBZxckm.exe
  C:\Windows\System\VBZxckm.exe
  2⤵
  PID:6252
- C:\Windows\System\ehwZHTr.exe
  C:\Windows\System\ehwZHTr.exe
  2⤵
  PID:6268
- C:\Windows\System\yCFVuAn.exe
  C:\Windows\System\yCFVuAn.exe
  2⤵
  PID:6228
- C:\Windows\System\ffmcKCO.exe
  C:\Windows\System\ffmcKCO.exe
  2⤵
  PID:6384
- C:\Windows\System\tSqQDgE.exe
  C:\Windows\System\tSqQDgE.exe
  2⤵
  PID:6448
- C:\Windows\System\CpFsMqd.exe
  C:\Windows\System\CpFsMqd.exe
  2⤵
  PID:6224
- C:\Windows\System\WGKQSgL.exe
  C:\Windows\System\WGKQSgL.exe
  2⤵
  PID:6564
- C:\Windows\System\tYMRecg.exe
  C:\Windows\System\tYMRecg.exe
  2⤵
  PID:6532
- C:\Windows\System\DHkdvqj.exe
  C:\Windows\System\DHkdvqj.exe
  2⤵
  PID:6336
- C:\Windows\System\scuCbAw.exe
  C:\Windows\System\scuCbAw.exe
  2⤵
  PID:6432
- C:\Windows\System\aJIBYZU.exe
  C:\Windows\System\aJIBYZU.exe
  2⤵
  PID:6284
- C:\Windows\System\QgoqPug.exe
  C:\Windows\System\QgoqPug.exe
  2⤵
  PID:6300
- C:\Windows\System\lSFKlXg.exe
  C:\Windows\System\lSFKlXg.exe
  2⤵
  PID:6632
- C:\Windows\System\ruQiegY.exe
  C:\Windows\System\ruQiegY.exe
  2⤵
  PID:6700
- C:\Windows\System\azqeyCL.exe
  C:\Windows\System\azqeyCL.exe
  2⤵
  PID:6616
- C:\Windows\System\GKUEGZd.exe
  C:\Windows\System\GKUEGZd.exe
  2⤵
  PID:6680
- C:\Windows\System\OHtoqhW.exe
  C:\Windows\System\OHtoqhW.exe
  2⤵
  PID:6744
- C:\Windows\System\AcWUpDY.exe
  C:\Windows\System\AcWUpDY.exe
  2⤵
  PID:6808
- C:\Windows\System\araRlfR.exe
  C:\Windows\System\araRlfR.exe
  2⤵
  PID:820
- C:\Windows\System\cAhgRyO.exe
  C:\Windows\System\cAhgRyO.exe
  2⤵
  PID:6928
- C:\Windows\System\MeLCSPL.exe
  C:\Windows\System\MeLCSPL.exe
  2⤵
  PID:6972
- C:\Windows\System\FhngLZB.exe
  C:\Windows\System\FhngLZB.exe
  2⤵
  PID:6832
- C:\Windows\System\fTdJGdB.exe
  C:\Windows\System\fTdJGdB.exe
  2⤵
  PID:6892
- C:\Windows\System\uvRrfYf.exe
  C:\Windows\System\uvRrfYf.exe
  2⤵
  PID:6944
- C:\Windows\System\cFPcjQx.exe
  C:\Windows\System\cFPcjQx.exe
  2⤵
  PID:7092
- C:\Windows\System\qFxxuuA.exe
  C:\Windows\System\qFxxuuA.exe
  2⤵
  PID:7044
- C:\Windows\System\MqQPLSt.exe
  C:\Windows\System\MqQPLSt.exe
  2⤵
  PID:7068
- C:\Windows\System\tDiHUkN.exe
  C:\Windows\System\tDiHUkN.exe
  2⤵
  PID:7132
- C:\Windows\System\JctXhMr.exe
  C:\Windows\System\JctXhMr.exe
  2⤵
  PID:1896
- C:\Windows\System\bjmygst.exe
  C:\Windows\System\bjmygst.exe
  2⤵
  PID:2768
- C:\Windows\System\ZlbDqTV.exe
  C:\Windows\System\ZlbDqTV.exe
  2⤵
  PID:6156
- C:\Windows\System\wYSPjaj.exe
  C:\Windows\System\wYSPjaj.exe
  2⤵
  PID:2648
- C:\Windows\System\cvvPDGm.exe
  C:\Windows\System\cvvPDGm.exe
  2⤵
  PID:1880
- C:\Windows\System\FnAXDva.exe
  C:\Windows\System\FnAXDva.exe
  2⤵
  PID:6244
- C:\Windows\System\LNBkAzB.exe
  C:\Windows\System\LNBkAzB.exe
  2⤵
  PID:6420
- C:\Windows\System\FhouEhw.exe
  C:\Windows\System\FhouEhw.exe
  2⤵
  PID:6528
- C:\Windows\System\xxSLRGD.exe
  C:\Windows\System\xxSLRGD.exe
  2⤵
  PID:6356
- C:\Windows\System\MowyMil.exe
  C:\Windows\System\MowyMil.exe
  2⤵
  PID:6372
- C:\Windows\System\uNZZqCc.exe
  C:\Windows\System\uNZZqCc.exe
  2⤵
  PID:6548
- C:\Windows\System\pkOCotB.exe
  C:\Windows\System\pkOCotB.exe
  2⤵
  PID:6496
- C:\Windows\System\lBDWHRL.exe
  C:\Windows\System\lBDWHRL.exe
  2⤵
  PID:2596
- C:\Windows\System\bseyDgN.exe
  C:\Windows\System\bseyDgN.exe
  2⤵
  PID:2736
- C:\Windows\System\LGhUEWT.exe
  C:\Windows\System\LGhUEWT.exe
  2⤵
  PID:6764
- C:\Windows\System\xodqvkt.exe
  C:\Windows\System\xodqvkt.exe
  2⤵
  PID:6648
- C:\Windows\System\gzrLfvP.exe
  C:\Windows\System\gzrLfvP.exe
  2⤵
  PID:6780
- C:\Windows\System\JdPBwZr.exe
  C:\Windows\System\JdPBwZr.exe
  2⤵
  PID:6880
- C:\Windows\System\zGAtfpL.exe
  C:\Windows\System\zGAtfpL.exe
  2⤵
  PID:6964
- C:\Windows\System\PNZJOAN.exe
  C:\Windows\System\PNZJOAN.exe
  2⤵
  PID:6864
- C:\Windows\System\FckcdUR.exe
  C:\Windows\System\FckcdUR.exe
  2⤵
  PID:7024
- C:\Windows\System\ghKCCcB.exe
  C:\Windows\System\ghKCCcB.exe
  2⤵
  PID:4584
- C:\Windows\System\wkJOczk.exe
  C:\Windows\System\wkJOczk.exe
  2⤵
  PID:7056
- C:\Windows\System\fOmQJMS.exe
  C:\Windows\System\fOmQJMS.exe
  2⤵
  PID:2356
- C:\Windows\System\ehoKRgR.exe
  C:\Windows\System\ehoKRgR.exe
  2⤵
  PID:6544
- C:\Windows\System\FyuWeKj.exe
  C:\Windows\System\FyuWeKj.exe
  2⤵
  PID:6596
- C:\Windows\System\LHYBPxF.exe
  C:\Windows\System\LHYBPxF.exe
  2⤵
  PID:6732
- C:\Windows\System\cmGktLV.exe
  C:\Windows\System\cmGktLV.exe
  2⤵
  PID:2788
- C:\Windows\System\vxgykFC.exe
  C:\Windows\System\vxgykFC.exe
  2⤵
  PID:6992
- C:\Windows\System\qeLgTLI.exe
  C:\Windows\System\qeLgTLI.exe
  2⤵
  PID:7100
- C:\Windows\System\JGRBtPN.exe
  C:\Windows\System\JGRBtPN.exe
  2⤵
  PID:7076
- C:\Windows\System\jnSixiP.exe
  C:\Windows\System\jnSixiP.exe
  2⤵
  PID:5496
- C:\Windows\System\dfoxUUF.exe
  C:\Windows\System\dfoxUUF.exe
  2⤵
  PID:5484
- C:\Windows\System\VTPhjaJ.exe
  C:\Windows\System\VTPhjaJ.exe
  2⤵
  PID:6264
- C:\Windows\System\tQfCGIC.exe
  C:\Windows\System\tQfCGIC.exe
  2⤵
  PID:7064
- C:\Windows\System\SKkoPTq.exe
  C:\Windows\System\SKkoPTq.exe
  2⤵
  PID:6524
- C:\Windows\System\NVSkBeL.exe
  C:\Windows\System\NVSkBeL.exe
  2⤵
  PID:6464
- C:\Windows\System\ysplOIP.exe
  C:\Windows\System\ysplOIP.exe
  2⤵
  PID:6812
- C:\Windows\System\CtrjCFC.exe
  C:\Windows\System\CtrjCFC.exe
  2⤵
  PID:336
- C:\Windows\System\EtMGVgB.exe
  C:\Windows\System\EtMGVgB.exe
  2⤵
  PID:2776
- C:\Windows\System\vePSxcs.exe
  C:\Windows\System\vePSxcs.exe
  2⤵
  PID:2672
- C:\Windows\System\LioNyES.exe
  C:\Windows\System\LioNyES.exe
  2⤵
  PID:1856
- C:\Windows\System\oxyCxZr.exe
  C:\Windows\System\oxyCxZr.exe
  2⤵
  PID:2632
- C:\Windows\System\BVVqAYf.exe
  C:\Windows\System\BVVqAYf.exe
  2⤵
  PID:6556
- C:\Windows\System\QiOUQFy.exe
  C:\Windows\System\QiOUQFy.exe
  2⤵
  PID:6924
- C:\Windows\System\dPpcSPc.exe
  C:\Windows\System\dPpcSPc.exe
  2⤵
  PID:7152
- C:\Windows\System\aUlHgEp.exe
  C:\Windows\System\aUlHgEp.exe
  2⤵
  PID:5552
- C:\Windows\System\jwjHUpb.exe
  C:\Windows\System\jwjHUpb.exe
  2⤵
  PID:6220
- C:\Windows\System\taVXSea.exe
  C:\Windows\System\taVXSea.exe
  2⤵
  PID:6352
- C:\Windows\System\BVDGxOg.exe
  C:\Windows\System\BVDGxOg.exe
  2⤵
  PID:7164
- C:\Windows\System\zAotzJi.exe
  C:\Windows\System\zAotzJi.exe
  2⤵
  PID:6848
- C:\Windows\System\kMJxeSB.exe
  C:\Windows\System\kMJxeSB.exe
  2⤵
  PID:6584
- C:\Windows\System\zWGwPYP.exe
  C:\Windows\System\zWGwPYP.exe
  2⤵
  PID:5556
- C:\Windows\System\faiWnNi.exe
  C:\Windows\System\faiWnNi.exe
  2⤵
  PID:6792
- C:\Windows\System\tJjTwga.exe
  C:\Windows\System\tJjTwga.exe
  2⤵
  PID:6560
- C:\Windows\System\mKTByzi.exe
  C:\Windows\System\mKTByzi.exe
  2⤵
  PID:6908
- C:\Windows\System\TUskVPH.exe
  C:\Windows\System\TUskVPH.exe
  2⤵
  PID:6580
- C:\Windows\System\EEblozM.exe
  C:\Windows\System\EEblozM.exe
  2⤵
  PID:6416
- C:\Windows\System\MRMEQog.exe
  C:\Windows\System\MRMEQog.exe
  2⤵
  PID:2268
- C:\Windows\System\KLuKZja.exe
  C:\Windows\System\KLuKZja.exe
  2⤵
  PID:6032
- C:\Windows\System\USHPoso.exe
  C:\Windows\System\USHPoso.exe
  2⤵
  PID:7176
- C:\Windows\System\aoIapko.exe
  C:\Windows\System\aoIapko.exe
  2⤵
  PID:7196
- C:\Windows\System\YnSuYGe.exe
  C:\Windows\System\YnSuYGe.exe
  2⤵
  PID:7216
- C:\Windows\System\hZRtGxA.exe
  C:\Windows\System\hZRtGxA.exe
  2⤵
  PID:7236
- C:\Windows\System\RYAOStJ.exe
  C:\Windows\System\RYAOStJ.exe
  2⤵
  PID:7272
- C:\Windows\System\grghnuk.exe
  C:\Windows\System\grghnuk.exe
  2⤵
  PID:7288
- C:\Windows\System\GbXgAMU.exe
  C:\Windows\System\GbXgAMU.exe
  2⤵
  PID:7304
- C:\Windows\System\BFSByNn.exe
  C:\Windows\System\BFSByNn.exe
  2⤵
  PID:7340
- C:\Windows\System\vWieAId.exe
  C:\Windows\System\vWieAId.exe
  2⤵
  PID:7360
- C:\Windows\System\liYYTVG.exe
  C:\Windows\System\liYYTVG.exe
  2⤵
  PID:7376
- C:\Windows\System\kHrUCeM.exe
  C:\Windows\System\kHrUCeM.exe
  2⤵
  PID:7392
- C:\Windows\System\DwKCNuc.exe
  C:\Windows\System\DwKCNuc.exe
  2⤵
  PID:7412
- C:\Windows\System\HOhCUYm.exe
  C:\Windows\System\HOhCUYm.exe
  2⤵
  PID:7432
- C:\Windows\System\sBwXyUU.exe
  C:\Windows\System\sBwXyUU.exe
  2⤵
  PID:7448
- C:\Windows\System\vghPOIn.exe
  C:\Windows\System\vghPOIn.exe
  2⤵
  PID:7464
- C:\Windows\System\OHIBNAh.exe
  C:\Windows\System\OHIBNAh.exe
  2⤵
  PID:7484
- C:\Windows\System\rBczejK.exe
  C:\Windows\System\rBczejK.exe
  2⤵
  PID:7504
- C:\Windows\System\BFCUgAy.exe
  C:\Windows\System\BFCUgAy.exe
  2⤵
  PID:7520
- C:\Windows\System\eUYqEee.exe
  C:\Windows\System\eUYqEee.exe
  2⤵
  PID:7544
- C:\Windows\System\rzyPwhq.exe
  C:\Windows\System\rzyPwhq.exe
  2⤵
  PID:7560
- C:\Windows\System\KZTmeNy.exe
  C:\Windows\System\KZTmeNy.exe
  2⤵
  PID:7576
- C:\Windows\System\cthWFOX.exe
  C:\Windows\System\cthWFOX.exe
  2⤵
  PID:7596
- C:\Windows\System\yWaaruP.exe
  C:\Windows\System\yWaaruP.exe
  2⤵
  PID:7612
- C:\Windows\System\hnljrKJ.exe
  C:\Windows\System\hnljrKJ.exe
  2⤵
  PID:7632
- C:\Windows\System\MWWQOfA.exe
  C:\Windows\System\MWWQOfA.exe
  2⤵
  PID:7652
- C:\Windows\System\jgkwkNb.exe
  C:\Windows\System\jgkwkNb.exe
  2⤵
  PID:7668
- C:\Windows\System\UAVqdHK.exe
  C:\Windows\System\UAVqdHK.exe
  2⤵
  PID:7684
- C:\Windows\System\WokqwHH.exe
  C:\Windows\System\WokqwHH.exe
  2⤵
  PID:7704
- C:\Windows\System\ljzRaxR.exe
  C:\Windows\System\ljzRaxR.exe
  2⤵
  PID:7720
- C:\Windows\System\bjbXPAU.exe
  C:\Windows\System\bjbXPAU.exe
  2⤵
  PID:7740
- C:\Windows\System\wCCtyJK.exe
  C:\Windows\System\wCCtyJK.exe
  2⤵
  PID:7756
- C:\Windows\System\mJPKxFx.exe
  C:\Windows\System\mJPKxFx.exe
  2⤵
  PID:7780
- C:\Windows\System\jfETbjl.exe
  C:\Windows\System\jfETbjl.exe
  2⤵
  PID:7804
- C:\Windows\System\kPFQxBV.exe
  C:\Windows\System\kPFQxBV.exe
  2⤵
  PID:7820
- C:\Windows\System\lrAQWvI.exe
  C:\Windows\System\lrAQWvI.exe
  2⤵
  PID:7836
- C:\Windows\System\SdbtLst.exe
  C:\Windows\System\SdbtLst.exe
  2⤵
  PID:7852
- C:\Windows\System\zhXjblT.exe
  C:\Windows\System\zhXjblT.exe
  2⤵
  PID:7868
- C:\Windows\System\kNMvYYU.exe
  C:\Windows\System\kNMvYYU.exe
  2⤵
  PID:7884
- C:\Windows\System\ncAinxO.exe
  C:\Windows\System\ncAinxO.exe
  2⤵
  PID:7900
- C:\Windows\System\nfRbTPV.exe
  C:\Windows\System\nfRbTPV.exe
  2⤵
  PID:7916
- C:\Windows\System\esGDhYU.exe
  C:\Windows\System\esGDhYU.exe
  2⤵
  PID:7932
- C:\Windows\System\CAPbWkq.exe
  C:\Windows\System\CAPbWkq.exe
  2⤵
  PID:7948
- C:\Windows\System\cgIxdfV.exe
  C:\Windows\System\cgIxdfV.exe
  2⤵
  PID:7968
- C:\Windows\System\DxBFgYR.exe
  C:\Windows\System\DxBFgYR.exe
  2⤵
  PID:7988
- C:\Windows\System\BMIrhoK.exe
  C:\Windows\System\BMIrhoK.exe
  2⤵
  PID:8008
- C:\Windows\System\KbxnAnL.exe
  C:\Windows\System\KbxnAnL.exe
  2⤵
  PID:8028
- C:\Windows\System\lFgtBxZ.exe
  C:\Windows\System\lFgtBxZ.exe
  2⤵
  PID:8052
- C:\Windows\System\ROTIjLI.exe
  C:\Windows\System\ROTIjLI.exe
  2⤵
  PID:8072
- C:\Windows\System\qoKHJGi.exe
  C:\Windows\System\qoKHJGi.exe
  2⤵
  PID:8088
- C:\Windows\System\lSBBCeK.exe
  C:\Windows\System\lSBBCeK.exe
  2⤵
  PID:8116
- C:\Windows\System\kamZgQm.exe
  C:\Windows\System\kamZgQm.exe
  2⤵
  PID:8132
- C:\Windows\System\UeeVOOu.exe
  C:\Windows\System\UeeVOOu.exe
  2⤵
  PID:8156
- C:\Windows\System\ZyxpjYO.exe
  C:\Windows\System\ZyxpjYO.exe
  2⤵
  PID:8172
- C:\Windows\System\NWZmYFY.exe
  C:\Windows\System\NWZmYFY.exe
  2⤵
  PID:8188
- C:\Windows\System\XrqFHuv.exe
  C:\Windows\System\XrqFHuv.exe
  2⤵
  PID:6716
- C:\Windows\System\qrDsMRV.exe
  C:\Windows\System\qrDsMRV.exe
  2⤵
  PID:7172
- C:\Windows\System\doOUlAp.exe
  C:\Windows\System\doOUlAp.exe
  2⤵
  PID:6176
- C:\Windows\System\SKWOmXo.exe
  C:\Windows\System\SKWOmXo.exe
  2⤵
  PID:7324
- C:\Windows\System\mtuGjjx.exe
  C:\Windows\System\mtuGjjx.exe
  2⤵
  PID:2040
- C:\Windows\System\yKttLAv.exe
  C:\Windows\System\yKttLAv.exe
  2⤵
  PID:7384
- C:\Windows\System\mPNwTTr.exe
  C:\Windows\System\mPNwTTr.exe
  2⤵
  PID:7368
- C:\Windows\System\NBitZlz.exe
  C:\Windows\System\NBitZlz.exe
  2⤵
  PID:7500
- C:\Windows\System\ggrNbZN.exe
  C:\Windows\System\ggrNbZN.exe
  2⤵
  PID:7540
- C:\Windows\System\NFXbBRH.exe
  C:\Windows\System\NFXbBRH.exe
  2⤵
  PID:7608
- C:\Windows\System\BZWqVJL.exe
  C:\Windows\System\BZWqVJL.exe
  2⤵
  PID:7676
- C:\Windows\System\PQfyLaq.exe
  C:\Windows\System\PQfyLaq.exe
  2⤵
  PID:7752
- C:\Windows\System\TLCVlHg.exe
  C:\Windows\System\TLCVlHg.exe
  2⤵
  PID:7792
- C:\Windows\System\qrjYoHA.exe
  C:\Windows\System\qrjYoHA.exe
  2⤵
  PID:7864
- C:\Windows\System\wRUTYag.exe
  C:\Windows\System\wRUTYag.exe
  2⤵
  PID:7956
- C:\Windows\System\rioVyWU.exe
  C:\Windows\System\rioVyWU.exe
  2⤵
  PID:8000
- C:\Windows\System\eWZjHlt.exe
  C:\Windows\System\eWZjHlt.exe
  2⤵
  PID:8048
- C:\Windows\System\SjOujON.exe
  C:\Windows\System\SjOujON.exe
  2⤵
  PID:7556
- C:\Windows\System\ThfJgPN.exe
  C:\Windows\System\ThfJgPN.exe
  2⤵
  PID:8164
- C:\Windows\System\RrcrgzL.exe
  C:\Windows\System\RrcrgzL.exe
  2⤵
  PID:6292
- C:\Windows\System\anmVPjc.exe
  C:\Windows\System\anmVPjc.exe
  2⤵
  PID:7208
- C:\Windows\System\ujabWYc.exe
  C:\Windows\System\ujabWYc.exe
  2⤵
  PID:7728
- C:\Windows\System\BYAAxFE.exe
  C:\Windows\System\BYAAxFE.exe
  2⤵
  PID:8068
- C:\Windows\System\VBKNEkU.exe
  C:\Windows\System\VBKNEkU.exe
  2⤵
  PID:8104
- C:\Windows\System\IZoTauh.exe
  C:\Windows\System\IZoTauh.exe
  2⤵
  PID:7248
- C:\Windows\System\gLivPHs.exe
  C:\Windows\System\gLivPHs.exe
  2⤵
  PID:7588
- C:\Windows\System\pBXoZav.exe
  C:\Windows\System\pBXoZav.exe
  2⤵
  PID:7660
- C:\Windows\System\nrCXgim.exe
  C:\Windows\System\nrCXgim.exe
  2⤵
  PID:7764
- C:\Windows\System\upqgsiu.exe
  C:\Windows\System\upqgsiu.exe
  2⤵
  PID:7848
- C:\Windows\System\OhuZFaA.exe
  C:\Windows\System\OhuZFaA.exe
  2⤵
  PID:7976
- C:\Windows\System\kYQUDqz.exe
  C:\Windows\System\kYQUDqz.exe
  2⤵
  PID:8024
- C:\Windows\System\YoaYSwn.exe
  C:\Windows\System\YoaYSwn.exe
  2⤵
  PID:8152
- C:\Windows\System\cDNeSvu.exe
  C:\Windows\System\cDNeSvu.exe
  2⤵
  PID:7088
- C:\Windows\System\HLhjxPo.exe
  C:\Windows\System\HLhjxPo.exe
  2⤵
  PID:7192
- C:\Windows\System\dwjorAQ.exe
  C:\Windows\System\dwjorAQ.exe
  2⤵
  PID:7284
- C:\Windows\System\WYbxdss.exe
  C:\Windows\System\WYbxdss.exe
  2⤵
  PID:7336
- C:\Windows\System\NCXmKYY.exe
  C:\Windows\System\NCXmKYY.exe
  2⤵
  PID:7420
- C:\Windows\System\HCVVjHw.exe
  C:\Windows\System\HCVVjHw.exe
  2⤵
  PID:1004
- C:\Windows\System\wbyOISQ.exe
  C:\Windows\System\wbyOISQ.exe
  2⤵
  PID:7408
- C:\Windows\System\fQDoTuu.exe
  C:\Windows\System\fQDoTuu.exe
  2⤵
  PID:8036
- C:\Windows\System\nqAjuIn.exe
  C:\Windows\System\nqAjuIn.exe
  2⤵
  PID:7620
- C:\Windows\System\ARZmMKn.exe
  C:\Windows\System\ARZmMKn.exe
  2⤵
  PID:8060
- C:\Windows\System\dcKXmeg.exe
  C:\Windows\System\dcKXmeg.exe
  2⤵
  PID:2384
- C:\Windows\System\qZxCZaU.exe
  C:\Windows\System\qZxCZaU.exe
  2⤵
  PID:7628
- C:\Windows\System\iThzyJM.exe
  C:\Windows\System\iThzyJM.exe
  2⤵
  PID:7776
- C:\Windows\System\pOGsdrn.exe
  C:\Windows\System\pOGsdrn.exe
  2⤵
  PID:8016
- C:\Windows\System\NcPQMds.exe
  C:\Windows\System\NcPQMds.exe
  2⤵
  PID:1764
- C:\Windows\System\XmMhNSg.exe
  C:\Windows\System\XmMhNSg.exe
  2⤵
  PID:7860
- C:\Windows\System\dROklww.exe
  C:\Windows\System\dROklww.exe
  2⤵
  PID:8140
- C:\Windows\System\PmkdRSy.exe
  C:\Windows\System\PmkdRSy.exe
  2⤵
  PID:7568
- C:\Windows\System\peROlQL.exe
  C:\Windows\System\peROlQL.exe
  2⤵
  PID:7964
- C:\Windows\System\uhiEQvX.exe
  C:\Windows\System\uhiEQvX.exe
  2⤵
  PID:8084
- C:\Windows\System\Drffful.exe
  C:\Windows\System\Drffful.exe
  2⤵
  PID:7732
- C:\Windows\System\nxonHwl.exe
  C:\Windows\System\nxonHwl.exe
  2⤵
  PID:7480
- C:\Windows\System\TGBtbnE.exe
  C:\Windows\System\TGBtbnE.exe
  2⤵
  PID:7692
- C:\Windows\System\GWkZBLh.exe
  C:\Windows\System\GWkZBLh.exe
  2⤵
  PID:7264
- C:\Windows\System\myKyanW.exe
  C:\Windows\System\myKyanW.exe
  2⤵
  PID:7280
- C:\Windows\System\oNyNUGQ.exe
  C:\Windows\System\oNyNUGQ.exe
  2⤵
  PID:7528
- C:\Windows\System\NNlOaTn.exe
  C:\Windows\System\NNlOaTn.exe
  2⤵
  PID:7800
- C:\Windows\System\tLSHxYw.exe
  C:\Windows\System\tLSHxYw.exe
  2⤵
  PID:7584
- C:\Windows\System\UeNHvhx.exe
  C:\Windows\System\UeNHvhx.exe
  2⤵
  PID:7696
- C:\Windows\System\CAazSAz.exe
  C:\Windows\System\CAazSAz.exe
  2⤵
  PID:7516
- C:\Windows\System\EXCSDhF.exe
  C:\Windows\System\EXCSDhF.exe
  2⤵
  PID:7188
- C:\Windows\System\qTtiLOd.exe
  C:\Windows\System\qTtiLOd.exe
  2⤵
  PID:7924
- C:\Windows\System\jCZcgCH.exe
  C:\Windows\System\jCZcgCH.exe
  2⤵
  PID:8168
- C:\Windows\System\jXGZTMP.exe
  C:\Windows\System\jXGZTMP.exe
  2⤵
  PID:7472
- C:\Windows\System\ItcchRH.exe
  C:\Windows\System\ItcchRH.exe
  2⤵
  PID:8148
- C:\Windows\System\lufDscz.exe
  C:\Windows\System\lufDscz.exe
  2⤵
  PID:7316
- C:\Windows\System\xZwAKiw.exe
  C:\Windows\System\xZwAKiw.exe
  2⤵
  PID:7844
- C:\Windows\System\oihynTN.exe
  C:\Windows\System\oihynTN.exe
  2⤵
  PID:7460
- C:\Windows\System\NbfOKtF.exe
  C:\Windows\System\NbfOKtF.exe
  2⤵
  PID:8184
- C:\Windows\System\YJbKOcP.exe
  C:\Windows\System\YJbKOcP.exe
  2⤵
  PID:7748
- C:\Windows\System\DYrHYuE.exe
  C:\Windows\System\DYrHYuE.exe
  2⤵
  PID:7476
- C:\Windows\System\NkNWSeu.exe
  C:\Windows\System\NkNWSeu.exe
  2⤵
  PID:8044
- C:\Windows\System\wUDBJzj.exe
  C:\Windows\System\wUDBJzj.exe
  2⤵
  PID:8100
- C:\Windows\System\CADrBWz.exe
  C:\Windows\System\CADrBWz.exe
  2⤵
  PID:7816
- C:\Windows\System\nTtgZqm.exe
  C:\Windows\System\nTtgZqm.exe
  2⤵
  PID:8208
- C:\Windows\System\kbYrOHt.exe
  C:\Windows\System\kbYrOHt.exe
  2⤵
  PID:8228
- C:\Windows\System\oGQqMlL.exe
  C:\Windows\System\oGQqMlL.exe
  2⤵
  PID:8244
- C:\Windows\System\cJztFvs.exe
  C:\Windows\System\cJztFvs.exe
  2⤵
  PID:8276
- C:\Windows\System\KhzhBAM.exe
  C:\Windows\System\KhzhBAM.exe
  2⤵
  PID:8300
- C:\Windows\System\SbWtKvt.exe
  C:\Windows\System\SbWtKvt.exe
  2⤵
  PID:8328
- C:\Windows\System\hnIVQfS.exe
  C:\Windows\System\hnIVQfS.exe
  2⤵
  PID:8352
- C:\Windows\System\hhxFCYc.exe
  C:\Windows\System\hhxFCYc.exe
  2⤵
  PID:8368
- C:\Windows\System\ybNRbEg.exe
  C:\Windows\System\ybNRbEg.exe
  2⤵
  PID:8384
- C:\Windows\System\bEYzCUh.exe
  C:\Windows\System\bEYzCUh.exe
  2⤵
  PID:8400
- C:\Windows\System\jDMgvFV.exe
  C:\Windows\System\jDMgvFV.exe
  2⤵
  PID:8416
- C:\Windows\System\FEHmJxQ.exe
  C:\Windows\System\FEHmJxQ.exe
  2⤵
  PID:8432
- C:\Windows\System\VilmNSV.exe
  C:\Windows\System\VilmNSV.exe
  2⤵
  PID:8448
- C:\Windows\System\BYReaAZ.exe
  C:\Windows\System\BYReaAZ.exe
  2⤵
  PID:8472
- C:\Windows\System\eLiNIuH.exe
  C:\Windows\System\eLiNIuH.exe
  2⤵
  PID:8488
- C:\Windows\System\dyXhNLk.exe
  C:\Windows\System\dyXhNLk.exe
  2⤵
  PID:8504
- C:\Windows\System\hJXuLID.exe
  C:\Windows\System\hJXuLID.exe
  2⤵
  PID:8520
- C:\Windows\System\bDMfGdL.exe
  C:\Windows\System\bDMfGdL.exe
  2⤵
  PID:8536
- C:\Windows\System\tsRjVjz.exe
  C:\Windows\System\tsRjVjz.exe
  2⤵
  PID:8552
- C:\Windows\System\KzOmLHU.exe
  C:\Windows\System\KzOmLHU.exe
  2⤵
  PID:8568
- C:\Windows\System\GBMgZrA.exe
  C:\Windows\System\GBMgZrA.exe
  2⤵
  PID:8584
- C:\Windows\System\kLKtlQN.exe
  C:\Windows\System\kLKtlQN.exe
  2⤵
  PID:8600
- C:\Windows\System\jwLEEpV.exe
  C:\Windows\System\jwLEEpV.exe
  2⤵
  PID:8616
- C:\Windows\System\MJigTDz.exe
  C:\Windows\System\MJigTDz.exe
  2⤵
  PID:8632
- C:\Windows\System\NUkPaGs.exe
  C:\Windows\System\NUkPaGs.exe
  2⤵
  PID:8648
- C:\Windows\System\qbYElti.exe
  C:\Windows\System\qbYElti.exe
  2⤵
  PID:8676
- C:\Windows\System\mLChcqZ.exe
  C:\Windows\System\mLChcqZ.exe
  2⤵
  PID:8692
- C:\Windows\System\RkKUkKM.exe
  C:\Windows\System\RkKUkKM.exe
  2⤵
  PID:8712
- C:\Windows\System\vrKvrOK.exe
  C:\Windows\System\vrKvrOK.exe
  2⤵
  PID:8732
- C:\Windows\System\VnLkkjY.exe
  C:\Windows\System\VnLkkjY.exe
  2⤵
  PID:8752
- C:\Windows\System\dobRUns.exe
  C:\Windows\System\dobRUns.exe
  2⤵
  PID:8768
- C:\Windows\System\wFlrrqy.exe
  C:\Windows\System\wFlrrqy.exe
  2⤵
  PID:8784
- C:\Windows\System\RaVqect.exe
  C:\Windows\System\RaVqect.exe
  2⤵
  PID:8800
- C:\Windows\System\PyojnPS.exe
  C:\Windows\System\PyojnPS.exe
  2⤵
  PID:8816
- C:\Windows\System\iwzmDMU.exe
  C:\Windows\System\iwzmDMU.exe
  2⤵
  PID:8880
- C:\Windows\System\ZOKPBJA.exe
  C:\Windows\System\ZOKPBJA.exe
  2⤵
  PID:8924
- C:\Windows\System\TTwpqjF.exe
  C:\Windows\System\TTwpqjF.exe
  2⤵
  PID:8944
- C:\Windows\System\PCutZoq.exe
  C:\Windows\System\PCutZoq.exe
  2⤵
  PID:8964
- C:\Windows\System\uDvVBFa.exe
  C:\Windows\System\uDvVBFa.exe
  2⤵
  PID:8984
- C:\Windows\System\aXlOztW.exe
  C:\Windows\System\aXlOztW.exe
  2⤵
  PID:9000
- C:\Windows\System\XMcKGmZ.exe
  C:\Windows\System\XMcKGmZ.exe
  2⤵
  PID:9016
- C:\Windows\System\xwKKlyu.exe
  C:\Windows\System\xwKKlyu.exe
  2⤵
  PID:9032
- C:\Windows\System\IqseCYj.exe
  C:\Windows\System\IqseCYj.exe
  2⤵
  PID:9048
- C:\Windows\System\oFbeuYI.exe
  C:\Windows\System\oFbeuYI.exe
  2⤵
  PID:9100
- C:\Windows\System\mltRRJq.exe
  C:\Windows\System\mltRRJq.exe
  2⤵
  PID:9116
- C:\Windows\System\TxtIWbP.exe
  C:\Windows\System\TxtIWbP.exe
  2⤵
  PID:9132
- C:\Windows\System\qxWduCI.exe
  C:\Windows\System\qxWduCI.exe
  2⤵
  PID:9148
- C:\Windows\System\ctHkBkH.exe
  C:\Windows\System\ctHkBkH.exe
  2⤵
  PID:9164
- C:\Windows\System\xyvpebE.exe
  C:\Windows\System\xyvpebE.exe
  2⤵
  PID:9180
- C:\Windows\System\aVGdXwg.exe
  C:\Windows\System\aVGdXwg.exe
  2⤵
  PID:9196
- C:\Windows\System\HyIVABv.exe
  C:\Windows\System\HyIVABv.exe
  2⤵
  PID:8200
- C:\Windows\System\ZDcKtAS.exe
  C:\Windows\System\ZDcKtAS.exe
  2⤵
  PID:7300
- C:\Windows\System\jDdJqiu.exe
  C:\Windows\System\jDdJqiu.exe
  2⤵
  PID:8216
- C:\Windows\System\wgpcAmj.exe
  C:\Windows\System\wgpcAmj.exe
  2⤵
  PID:8260
- C:\Windows\System\NJFZmzW.exe
  C:\Windows\System\NJFZmzW.exe
  2⤵
  PID:8264
- C:\Windows\System\rYJDaYe.exe
  C:\Windows\System\rYJDaYe.exe
  2⤵
  PID:7404
- C:\Windows\System\dUwysbQ.exe
  C:\Windows\System\dUwysbQ.exe
  2⤵
  PID:7204
- C:\Windows\System\nsbLrgX.exe
  C:\Windows\System\nsbLrgX.exe
  2⤵
  PID:8296
- C:\Windows\System\TQRSanl.exe
  C:\Windows\System\TQRSanl.exe
  2⤵
  PID:8272
- C:\Windows\System\AxDfuVk.exe
  C:\Windows\System\AxDfuVk.exe
  2⤵
  PID:8312
- C:\Windows\System\DOgoPOf.exe
  C:\Windows\System\DOgoPOf.exe
  2⤵
  PID:8336
- C:\Windows\System\zgPvBKE.exe
  C:\Windows\System\zgPvBKE.exe
  2⤵
  PID:8392
- C:\Windows\System\ZaUAZmf.exe
  C:\Windows\System\ZaUAZmf.exe
  2⤵
  PID:8428
- C:\Windows\System\mKveRiG.exe
  C:\Windows\System\mKveRiG.exe
  2⤵
  PID:8380
- C:\Windows\System\cGGnlVd.exe
  C:\Windows\System\cGGnlVd.exe
  2⤵
  PID:2112
- C:\Windows\System\lPjKTzu.exe
  C:\Windows\System\lPjKTzu.exe
  2⤵
  PID:8564
- C:\Windows\System\jdlPGQE.exe
  C:\Windows\System\jdlPGQE.exe
  2⤵
  PID:8512
- C:\Windows\System\mHgpPtE.exe
  C:\Windows\System\mHgpPtE.exe
  2⤵
  PID:8592
- C:\Windows\System\NyWsMyH.exe
  C:\Windows\System\NyWsMyH.exe
  2⤵
  PID:8704
- C:\Windows\System\ajcxmPx.exe
  C:\Windows\System\ajcxmPx.exe
  2⤵
  PID:8748
- C:\Windows\System\kQeMntX.exe
  C:\Windows\System\kQeMntX.exe
  2⤵
  PID:2796
- C:\Windows\System\MoLcfzj.exe
  C:\Windows\System\MoLcfzj.exe
  2⤵
  PID:8828
- C:\Windows\System\HeqxHjl.exe
  C:\Windows\System\HeqxHjl.exe
  2⤵
  PID:8844
- C:\Windows\System\qYdYqQK.exe
  C:\Windows\System\qYdYqQK.exe
  2⤵
  PID:8864
- C:\Windows\System\EvcZftI.exe
  C:\Windows\System\EvcZftI.exe
  2⤵
  PID:8876
- C:\Windows\System\NOvsiCp.exe
  C:\Windows\System\NOvsiCp.exe
  2⤵
  PID:8904
- C:\Windows\System\VRqupCA.exe
  C:\Windows\System\VRqupCA.exe
  2⤵
  PID:2652
- C:\Windows\System\yfNoDtB.exe
  C:\Windows\System\yfNoDtB.exe
  2⤵
  PID:8936
- C:\Windows\System\MxCCSTt.exe
  C:\Windows\System\MxCCSTt.exe
  2⤵
  PID:9040
- C:\Windows\System\vDVtAQh.exe
  C:\Windows\System\vDVtAQh.exe
  2⤵
  PID:8960
- C:\Windows\System\hhGYivk.exe
  C:\Windows\System\hhGYivk.exe
  2⤵
  PID:8992
- C:\Windows\System\evZhOVm.exe
  C:\Windows\System\evZhOVm.exe
  2⤵
  PID:8980
- C:\Windows\System\KFzVZeC.exe
  C:\Windows\System\KFzVZeC.exe
  2⤵
  PID:9064
- C:\Windows\System\mgkwTbG.exe
  C:\Windows\System\mgkwTbG.exe
  2⤵
  PID:1176
- C:\Windows\System\vgscTGE.exe
  C:\Windows\System\vgscTGE.exe
  2⤵
  PID:9096
- C:\Windows\System\FhDCbrx.exe
  C:\Windows\System\FhDCbrx.exe
  2⤵
  PID:2400
- C:\Windows\System\DoudcQj.exe
  C:\Windows\System\DoudcQj.exe
  2⤵
  PID:1536
- C:\Windows\System\mnmlGkc.exe
  C:\Windows\System\mnmlGkc.exe
  2⤵
  PID:9208
- C:\Windows\System\qwUXyZA.exe
  C:\Windows\System\qwUXyZA.exe
  2⤵
  PID:7256
- C:\Windows\System\mwirPEV.exe
  C:\Windows\System\mwirPEV.exe
  2⤵
  PID:1728
- C:\Windows\System\MBHOFqV.exe
  C:\Windows\System\MBHOFqV.exe
  2⤵
  PID:7648
- C:\Windows\System\IzLZbHP.exe
  C:\Windows\System\IzLZbHP.exe
  2⤵
  PID:9124
- C:\Windows\System\KxNNnwf.exe
  C:\Windows\System\KxNNnwf.exe
  2⤵
  PID:8288
- C:\Windows\System\VFxstPo.exe
  C:\Windows\System\VFxstPo.exe
  2⤵
  PID:8236
- C:\Windows\System\HUWueIl.exe
  C:\Windows\System\HUWueIl.exe
  2⤵
  PID:8256
- C:\Windows\System\RhedKiH.exe
  C:\Windows\System\RhedKiH.exe
  2⤵
  PID:8456
- C:\Windows\System\VxoSOYm.exe
  C:\Windows\System\VxoSOYm.exe
  2⤵
  PID:8348
- C:\Windows\System\SWRmgAR.exe
  C:\Windows\System\SWRmgAR.exe
  2⤵
  PID:8468
- C:\Windows\System\KeEmLan.exe
  C:\Windows\System\KeEmLan.exe
  2⤵
  PID:8460
- C:\Windows\System\cqnhNed.exe
  C:\Windows\System\cqnhNed.exe
  2⤵
  PID:8544
- C:\Windows\System\cPDXoJZ.exe
  C:\Windows\System\cPDXoJZ.exe
  2⤵
  PID:8580
- C:\Windows\System\vfebqOt.exe
  C:\Windows\System\vfebqOt.exe
  2⤵
  PID:8640
- C:\Windows\System\scHNgvh.exe
  C:\Windows\System\scHNgvh.exe
  2⤵
  PID:8688
- C:\Windows\System\dTRzgTR.exe
  C:\Windows\System\dTRzgTR.exe
  2⤵
  PID:8764
- C:\Windows\System\SIdsEYH.exe
  C:\Windows\System\SIdsEYH.exe
  2⤵
  PID:8668
- C:\Windows\System\lCqpblU.exe
  C:\Windows\System\lCqpblU.exe
  2⤵
  PID:8808
- C:\Windows\System\RzqxDFC.exe
  C:\Windows\System\RzqxDFC.exe
  2⤵
  PID:8888
- C:\Windows\System\UHrwDXj.exe
  C:\Windows\System\UHrwDXj.exe
  2⤵
  PID:8976
- C:\Windows\System\KgknWDM.exe
  C:\Windows\System\KgknWDM.exe
  2⤵
  PID:8744
- C:\Windows\System\ZWhYybo.exe
  C:\Windows\System\ZWhYybo.exe
  2⤵
  PID:8792
- C:\Windows\System\poCIWKy.exe
  C:\Windows\System\poCIWKy.exe
  2⤵
  PID:8892
- C:\Windows\System\EwZTaYi.exe
  C:\Windows\System\EwZTaYi.exe
  2⤵
  PID:7928
- C:\Windows\System\MRXPFKb.exe
  C:\Windows\System\MRXPFKb.exe
  2⤵
  PID:2580
- C:\Windows\System\LVArrAt.exe
  C:\Windows\System\LVArrAt.exe
  2⤵
  PID:7536
- C:\Windows\System\GuSCfkn.exe
  C:\Windows\System\GuSCfkn.exe
  2⤵
  PID:7712
- C:\Windows\System\JWVSXGA.exe
  C:\Windows\System\JWVSXGA.exe
  2⤵
  PID:8856
- C:\Windows\System\mFVkrZI.exe
  C:\Windows\System\mFVkrZI.exe
  2⤵
  PID:8344
- C:\Windows\System\ZuQSWbL.exe
  C:\Windows\System\ZuQSWbL.exe
  2⤵
  PID:9112
- C:\Windows\System\YVZFKei.exe
  C:\Windows\System\YVZFKei.exe
  2⤵
  PID:9192
- C:\Windows\System\FfDVXHD.exe
  C:\Windows\System\FfDVXHD.exe
  2⤵
  PID:8360
- C:\Windows\System\XLTpeME.exe
  C:\Windows\System\XLTpeME.exe
  2⤵
  PID:8656
- C:\Windows\System\YCoPjhm.exe
  C:\Windows\System\YCoPjhm.exe
  2⤵
  PID:8576
- C:\Windows\System\hecFpTQ.exe
  C:\Windows\System\hecFpTQ.exe
  2⤵
  PID:9144
- C:\Windows\System\iABAByG.exe
  C:\Windows\System\iABAByG.exe
  2⤵
  PID:8900
- C:\Windows\System\GRKkjVo.exe
  C:\Windows\System\GRKkjVo.exe
  2⤵
  PID:8292
- C:\Windows\System\uxSbtpx.exe
  C:\Windows\System\uxSbtpx.exe
  2⤵
  PID:8240
- C:\Windows\System\DTCbtqA.exe
  C:\Windows\System\DTCbtqA.exe
  2⤵
  PID:8480
- C:\Windows\System\BCUYrtk.exe
  C:\Windows\System\BCUYrtk.exe
  2⤵
  PID:8608
- C:\Windows\System\gTqKRid.exe
  C:\Windows\System\gTqKRid.exe
  2⤵
  PID:9056
- C:\Windows\System\HihFsRb.exe
  C:\Windows\System\HihFsRb.exe
  2⤵
  PID:8912
- C:\Windows\System\JJanFeQ.exe
  C:\Windows\System\JJanFeQ.exe
  2⤵
  PID:8852
- C:\Windows\System\ODNSRQS.exe
  C:\Windows\System\ODNSRQS.exe
  2⤵
  PID:8364
- C:\Windows\System\EMtiloM.exe
  C:\Windows\System\EMtiloM.exe
  2⤵
  PID:9092
- C:\Windows\System\yVmoMiy.exe
  C:\Windows\System\yVmoMiy.exe
  2⤵
  PID:9072
- C:\Windows\System\JwUrWPd.exe
  C:\Windows\System\JwUrWPd.exe
  2⤵
  PID:8528
- C:\Windows\System\fQxWMyc.exe
  C:\Windows\System\fQxWMyc.exe
  2⤵
  PID:9088
- C:\Windows\System\TwlaXLa.exe
  C:\Windows\System\TwlaXLa.exe
  2⤵
  PID:9220
- C:\Windows\System\SsVtKuo.exe
  C:\Windows\System\SsVtKuo.exe
  2⤵
  PID:9240
- C:\Windows\System\oVaJtHW.exe
  C:\Windows\System\oVaJtHW.exe
  2⤵
  PID:9264
- C:\Windows\System\AwJKuNL.exe
  C:\Windows\System\AwJKuNL.exe
  2⤵
  PID:9300
- C:\Windows\System\hxbZSsi.exe
  C:\Windows\System\hxbZSsi.exe
  2⤵
  PID:9316
- C:\Windows\System\CuhkGFb.exe
  C:\Windows\System\CuhkGFb.exe
  2⤵
  PID:9332
- C:\Windows\System\XVWPHWT.exe
  C:\Windows\System\XVWPHWT.exe
  2⤵
  PID:9348
- C:\Windows\System\cIrPcLR.exe
  C:\Windows\System\cIrPcLR.exe
  2⤵
  PID:9364
- C:\Windows\System\TgYjIHG.exe
  C:\Windows\System\TgYjIHG.exe
  2⤵
  PID:9380
- C:\Windows\System\aXcnyuu.exe
  C:\Windows\System\aXcnyuu.exe
  2⤵
  PID:9396
- C:\Windows\System\islxWhU.exe
  C:\Windows\System\islxWhU.exe
  2⤵
  PID:9412
- C:\Windows\System\LNhLHZR.exe
  C:\Windows\System\LNhLHZR.exe
  2⤵
  PID:9428
- C:\Windows\System\sZgiCdy.exe
  C:\Windows\System\sZgiCdy.exe
  2⤵
  PID:9444
- C:\Windows\System\FAlgOGw.exe
  C:\Windows\System\FAlgOGw.exe
  2⤵
  PID:9460
- C:\Windows\System\oDDlAQB.exe
  C:\Windows\System\oDDlAQB.exe
  2⤵
  PID:9476
- C:\Windows\System\MfToMhZ.exe
  C:\Windows\System\MfToMhZ.exe
  2⤵
  PID:9492
- C:\Windows\System\skukiBw.exe
  C:\Windows\System\skukiBw.exe
  2⤵
  PID:9508
- C:\Windows\System\jXOVUzE.exe
  C:\Windows\System\jXOVUzE.exe
  2⤵
  PID:9552
- C:\Windows\System\mjAqIIL.exe
  C:\Windows\System\mjAqIIL.exe
  2⤵
  PID:9572
- C:\Windows\System\ImfeLKn.exe
  C:\Windows\System\ImfeLKn.exe
  2⤵
  PID:9592
- C:\Windows\System\xIthMEI.exe
  C:\Windows\System\xIthMEI.exe
  2⤵
  PID:9608
- C:\Windows\System\ptxTZFO.exe
  C:\Windows\System\ptxTZFO.exe
  2⤵
  PID:9624
- C:\Windows\System\CKEnIfu.exe
  C:\Windows\System\CKEnIfu.exe
  2⤵
  PID:9644
- C:\Windows\System\mLfGaAi.exe
  C:\Windows\System\mLfGaAi.exe
  2⤵
  PID:9664
- C:\Windows\System\vKlFqJU.exe
  C:\Windows\System\vKlFqJU.exe
  2⤵
  PID:9684
- C:\Windows\System\fgMtZGZ.exe
  C:\Windows\System\fgMtZGZ.exe
  2⤵
  PID:9708
- C:\Windows\System\rwKFRck.exe
  C:\Windows\System\rwKFRck.exe
  2⤵
  PID:9728
- C:\Windows\System\BgurdDD.exe
  C:\Windows\System\BgurdDD.exe
  2⤵
  PID:9744
- C:\Windows\System\JjDEDmP.exe
  C:\Windows\System\JjDEDmP.exe
  2⤵
  PID:9760
- C:\Windows\System\XpuWZyq.exe
  C:\Windows\System\XpuWZyq.exe
  2⤵
  PID:9776
- C:\Windows\System\gAtAeON.exe
  C:\Windows\System\gAtAeON.exe
  2⤵
  PID:9792
- C:\Windows\System\rvyxTzG.exe
  C:\Windows\System\rvyxTzG.exe
  2⤵
  PID:9808
- C:\Windows\System\GQcDVeA.exe
  C:\Windows\System\GQcDVeA.exe
  2⤵
  PID:9824
- C:\Windows\System\KjKMQde.exe
  C:\Windows\System\KjKMQde.exe
  2⤵
  PID:9840
- C:\Windows\System\CtquNiz.exe
  C:\Windows\System\CtquNiz.exe
  2⤵
  PID:9856
- C:\Windows\System\RUnKHGj.exe
  C:\Windows\System\RUnKHGj.exe
  2⤵
  PID:9872
- C:\Windows\System\WRcrVTl.exe
  C:\Windows\System\WRcrVTl.exe
  2⤵
  PID:9888
- C:\Windows\System\AoNTArs.exe
  C:\Windows\System\AoNTArs.exe
  2⤵
  PID:9904
- C:\Windows\System\yyxMRrB.exe
  C:\Windows\System\yyxMRrB.exe
  2⤵
  PID:9928
- C:\Windows\System\mETZtEj.exe
  C:\Windows\System\mETZtEj.exe
  2⤵
  PID:9944
- C:\Windows\System\YDayTfr.exe
  C:\Windows\System\YDayTfr.exe
  2⤵
  PID:9964
- C:\Windows\System\edxerxz.exe
  C:\Windows\System\edxerxz.exe
  2⤵
  PID:9992
- C:\Windows\System\MvBpPGJ.exe
  C:\Windows\System\MvBpPGJ.exe
  2⤵
  PID:10016
- C:\Windows\System\PIdyNmv.exe
  C:\Windows\System\PIdyNmv.exe
  2⤵
  PID:10064
- C:\Windows\System\tQKClWA.exe
  C:\Windows\System\tQKClWA.exe
  2⤵
  PID:10088
- C:\Windows\System\xOVBafU.exe
  C:\Windows\System\xOVBafU.exe
  2⤵
  PID:10104
- C:\Windows\System\QbvKWqi.exe
  C:\Windows\System\QbvKWqi.exe
  2⤵
  PID:10120
- C:\Windows\System\PzCBltu.exe
  C:\Windows\System\PzCBltu.exe
  2⤵
  PID:10140
- C:\Windows\System\KodPnDx.exe
  C:\Windows\System\KodPnDx.exe
  2⤵
  PID:10156
- C:\Windows\System\TPExDLm.exe
  C:\Windows\System\TPExDLm.exe
  2⤵
  PID:10180
- C:\Windows\System\GNYhdjG.exe
  C:\Windows\System\GNYhdjG.exe
  2⤵
  PID:10204
- C:\Windows\System\aFqBUlk.exe
  C:\Windows\System\aFqBUlk.exe
  2⤵
  PID:7940
- C:\Windows\System\cgohJan.exe
  C:\Windows\System\cgohJan.exe
  2⤵
  PID:9232
- C:\Windows\System\YEGIPDJ.exe
  C:\Windows\System\YEGIPDJ.exe
  2⤵
  PID:9236
- C:\Windows\System\jHQKBLW.exe
  C:\Windows\System\jHQKBLW.exe
  2⤵
  PID:9284
- C:\Windows\System\YiqvLvh.exe
  C:\Windows\System\YiqvLvh.exe
  2⤵
  PID:9388
- C:\Windows\System\csNGovJ.exe
  C:\Windows\System\csNGovJ.exe
  2⤵
  PID:9292
- C:\Windows\System\CEJltHy.exe
  C:\Windows\System\CEJltHy.exe
  2⤵
  PID:9312
- C:\Windows\System\LjMUOjq.exe
  C:\Windows\System\LjMUOjq.exe
  2⤵
  PID:9524
- C:\Windows\System\ofPGyYc.exe
  C:\Windows\System\ofPGyYc.exe
  2⤵
  PID:9544
- C:\Windows\System\TYRCfAT.exe
  C:\Windows\System\TYRCfAT.exe
  2⤵
  PID:9580
- C:\Windows\System\BDMxfEH.exe
  C:\Windows\System\BDMxfEH.exe
  2⤵
  PID:9500
- C:\Windows\System\kPgfhDD.exe
  C:\Windows\System\kPgfhDD.exe
  2⤵
  PID:9656
- C:\Windows\System\NJgBUEF.exe
  C:\Windows\System\NJgBUEF.exe
  2⤵
  PID:9564
- C:\Windows\System\DFAjrsx.exe
  C:\Windows\System\DFAjrsx.exe
  2⤵
  PID:9600
- C:\Windows\System\kPIiNcX.exe
  C:\Windows\System\kPIiNcX.exe
  2⤵
  PID:9680
- C:\Windows\System\lvnHQJG.exe
  C:\Windows\System\lvnHQJG.exe
  2⤵
  PID:9704
- C:\Windows\System\swKcmBx.exe
  C:\Windows\System\swKcmBx.exe
  2⤵
  PID:9756
- C:\Windows\System\UOOppCa.exe
  C:\Windows\System\UOOppCa.exe
  2⤵
  PID:9836
- C:\Windows\System\uiOyrsg.exe
  C:\Windows\System\uiOyrsg.exe
  2⤵
  PID:9816
- C:\Windows\System\MRoBNda.exe
  C:\Windows\System\MRoBNda.exe
  2⤵
  PID:9880
- C:\Windows\System\sLhjWyP.exe
  C:\Windows\System\sLhjWyP.exe
  2⤵
  PID:9852
- C:\Windows\System\KxEpuIo.exe
  C:\Windows\System\KxEpuIo.exe
  2⤵
  PID:9916
- C:\Windows\System\AOmWhUa.exe
  C:\Windows\System\AOmWhUa.exe
  2⤵
  PID:996
- C:\Windows\System\SrBfCfs.exe
  C:\Windows\System\SrBfCfs.exe
  2⤵
  PID:9984
- C:\Windows\System\OAgNGPM.exe
  C:\Windows\System\OAgNGPM.exe
  2⤵
  PID:10004
- C:\Windows\System\RqhiXKH.exe
  C:\Windows\System\RqhiXKH.exe
  2⤵
  PID:10040
- C:\Windows\System\aokZvEJ.exe
  C:\Windows\System\aokZvEJ.exe
  2⤵
  PID:10028
- C:\Windows\System\UZievxv.exe
  C:\Windows\System\UZievxv.exe
  2⤵
  PID:10056
- C:\Windows\System\xjwNfNA.exe
  C:\Windows\System\xjwNfNA.exe
  2⤵
  PID:10096
- C:\Windows\System\kbXgOLS.exe
  C:\Windows\System\kbXgOLS.exe
  2⤵
  PID:10164
- C:\Windows\System\blqpGIY.exe
  C:\Windows\System\blqpGIY.exe
  2⤵
  PID:10112
- C:\Windows\System\vPavxdN.exe
  C:\Windows\System\vPavxdN.exe
  2⤵
  PID:10196
- C:\Windows\System\fvVbyxU.exe
  C:\Windows\System\fvVbyxU.exe
  2⤵
  PID:10228
- C:\Windows\System\jxarnUu.exe
  C:\Windows\System\jxarnUu.exe
  2⤵
  PID:9248
- C:\Windows\System\tiRnBrS.exe
  C:\Windows\System\tiRnBrS.exe
  2⤵
  PID:9260
- C:\Windows\System\CARkNfQ.exe
  C:\Windows\System\CARkNfQ.exe
  2⤵
  PID:8840
- C:\Windows\System\uelppVY.exe
  C:\Windows\System\uelppVY.exe
  2⤵
  PID:9356
- C:\Windows\System\DfNUlwv.exe
  C:\Windows\System\DfNUlwv.exe
  2⤵
  PID:9424
- C:\Windows\System\tiJMBhS.exe
  C:\Windows\System\tiJMBhS.exe
  2⤵
  PID:9288
- C:\Windows\System\HgoFVgv.exe
  C:\Windows\System\HgoFVgv.exe
  2⤵
  PID:9520
- C:\Windows\System\XRcSIWN.exe
  C:\Windows\System\XRcSIWN.exe
  2⤵
  PID:9404
- C:\Windows\System\CxbHAOw.exe
  C:\Windows\System\CxbHAOw.exe
  2⤵
  PID:9440
- C:\Windows\System\CgHhJKO.exe
  C:\Windows\System\CgHhJKO.exe
  2⤵
  PID:9616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ECnQdJR.exe

Filesize
6.0MB

MD5
2f51cfe618b6f428dea28c9b357ed43d

SHA1
df843775eeb37d62de1ab2499d5b07ac070e53b0

SHA256
44354a4c44060154d00f10616bac47110b242b307dcbfaf0b0cd4e6e58c1f717

SHA512
d8ce953b030f131040652e2b7111773f55ad1ea0c3b6f76c123e82bff99f3168fe23f6dc428a55908fbc32e07c9f6867a3f450ab17e1f985c9bfb38c79ecf62d

Download Submit
C:\Windows\system\EjADlmP.exe

Filesize
6.0MB

MD5
0c6cf49f5c5375e442ee936d0def1d68

SHA1
c570e055ab3086242916395aa3278286efd6b2c2

SHA256
fdd19b8e49db1ef97eb2ea6ea65cbac0fc4b6a0a94c7d8d4a5a1dc87a66f2e72

SHA512
1bafa0eec1777fcb008f80332acb274503783bc28132817acbceb653c3a846da9be8eb6875b741d5266e83a8b16e56b37e0b7b2af25d2afefb1b14a8898afe7a

Download Submit
C:\Windows\system\FigvxRz.exe

Filesize
6.0MB

MD5
d1ca25d57db5e7a9ae6a5642d5b53a6c

SHA1
a36dbe9907420af2818e9bbe10c0e1eba1747901

SHA256
177dbae8a75d7be85fb1740727dc79199ee52efcd06397090eb4ce1559ff8ba6

SHA512
999e46f3af0ca7b781e3403966a70c734734da79e75de1dbc3ab559ea3deb87cf9125250ac46348146414972effe2245c691bc70fe4a242075e71ad4f7df6340

Download Submit
C:\Windows\system\HFuSJrg.exe

Filesize
6.0MB

MD5
33a8bbfbd83854cd4fcb9e21a8efa5f0

SHA1
da4d083bfc14da46618b1909950c3664aec4d7ea

SHA256
daf12e374bfeaeb9714251e1213644ed902cdcb5da554c41923bea3f2ea743fd

SHA512
2bacd6874ab21d3586eb18259cb9850afdd02bb5b0485cb361bd6ccc5c188b166122c95ea064eb971b850e5108dede83d8939fc5e3491a56a250c78c1768add0

Download Submit
C:\Windows\system\HUfslCu.exe

Filesize
6.0MB

MD5
da65fb06541997715ecb0fd8217038dd

SHA1
f1949cacbe9fdd879219572ba06bbe500609e273

SHA256
dfe127acb0ec85b8fbbb3a087473de1bc83f045738fd21aca19736e70e0c21b7

SHA512
b4a1bd5aacc236fa352211b0a9c706d48ec0a132984a0581dba8af12011db22530b12c83ae60525b730c0047b48487788339e728da87360995a3be1f49d914f8

Download Submit
C:\Windows\system\HaeOgCT.exe

Filesize
6.0MB

MD5
9c7865f868a9a1bb2717603a9f09b7c0

SHA1
d66ff62b6cebc5b482696d50571c6f683e8e85c8

SHA256
fe929a73f96b868587a50861105a9ebf9421ce33d29f9a97c221ec47c34d3402

SHA512
3c9799563a4e45a6a672f73d6bcc66fa716ae5dc981a246627d4fd88a250fc0605fb4073b5e72ff6f908dba167f7b430a5da19e191aaa93287bd7a5dfd5e345e

Download Submit
C:\Windows\system\MyGQvDt.exe

Filesize
6.0MB

MD5
72dfb9f9a8d8a78e358359134a1329d5

SHA1
679a285cf60cd2f7347714475458e45f4f1d31f6

SHA256
50275eba34744e10ed56dcd88121b212a655057fd7d36ddd8e29b97304a08f31

SHA512
8fee65b41ec19b1c7eb1e337ddb6f103e9fffba1174ae4dd353ebab6b26d505e655f68180efefd47eb075e3a26148706c901c483bbd2bd3404336f8da3bf14b3

Download Submit
C:\Windows\system\TTdeFxe.exe

Filesize
6.0MB

MD5
16135531ef110d643f8d9fb518a6f8d9

SHA1
e01b020119f6605cad741362d39988d86242a387

SHA256
83c9f9122242d67bf14a77cb53345c15a8e67dfc34c9a64aab244958e756a190

SHA512
d4df605d300ce492f2b914670d9eeca780731fb572438bb1c192eea44af3f8c577cc5e74b2011af8b1e951c7adf2babd277548c517efeed700d705e4c323efaf

Download Submit
C:\Windows\system\Uahuxbj.exe

Filesize
6.0MB

MD5
35c86403bdec106afa7c5d968f98cd15

SHA1
776348815d68a0535f39a15ac97333f54e6caf89

SHA256
41b634d3196e36ae0aa9b042c2853d845be79108b7e64d6e925c9ef255720a72

SHA512
12a605531929c656e103b47914ef9640ab7c6cb04abe68b664b5f6341c4e55635c8d7ced4fa64d52194212a693c50e97598c88f4db65e17f4215ec0e89a8e1e5

Download Submit
C:\Windows\system\VBhgEVQ.exe

Filesize
6.0MB

MD5
1996024ae908ca032b71147604a2ebd6

SHA1
61f4c8f26c7ff559bf3f148fa8030dd39a751d0a

SHA256
26954a1bd6fab1ee5b0b438c815a3919ff284550670e87c76aa3e55dbdba1073

SHA512
d69c6d948c607e9f0c6f80306aea071c3d4b3af5d16c6eb8710f7e9ec63f3ad777973e5c364827183f6a7a666d27e1506f38db59f9d6bcec5ffd7ef3030e7f5e

Download Submit
C:\Windows\system\VlgZCiT.exe

Filesize
6.0MB

MD5
76aebe547558dd25d22844ef3517cb0e

SHA1
5e09fd9aa3058deda9bc3d6b5ecb73b70fc3aac4

SHA256
b4db52ad765ccd3e68beb677dc42fd5332b99b74460fb663596781b38ca76cf8

SHA512
068b8d56e8204bb4dbc13b3b66c3986b43b79e2f02cffcab8b45c252650aa6551f11a33a5863930339ba6101d8b0bad36d587cdd85065cbf1c232928ef67b529

Download Submit
C:\Windows\system\VoUljUQ.exe

Filesize
6.0MB

MD5
cc765a36260d0e48b331f6a1d76617a3

SHA1
6a44024464f9e6b3a59a333daefbb95b1a36bcbd

SHA256
c841004472a08cfc11f269fe63b1fa7be953b779e37071a38420435842c694e3

SHA512
1f3254c5ca5caa8d23c380853feaa5987ceb2c353da448e454b75bde3bbb66159b8ec3d98ef30bb696c6378f591fc2f1642e064b05c9742051a84a7311eba833

Download Submit
C:\Windows\system\WNWNnYC.exe

Filesize
6.0MB

MD5
02e05948998309e9ef7e8aced2af3ac7

SHA1
cf3dba644207ac5778b0b17e89d40ee436e70e5f

SHA256
f3b132a441f57155210485259773922300952ee9eac2085af230a54b4395ac99

SHA512
b4b23474bd44137d7eb84abdd79ead44ca85abe7d33cc850835a56d194db76ed0b68ea56b3f7b79fd61b16d81e798cd6446ed36bd92ab20156c8ac51dbb75ac9

Download Submit
C:\Windows\system\WQcjWmT.exe

Filesize
6.0MB

MD5
78c16a40c8b12e31ec7a7c03d8275b8c

SHA1
9272438921e155fb1f511c5575bac300be401751

SHA256
68b529eba8deb819237b35ccc55c161d7f08e5c3f441dcff935c5fa576434e4a

SHA512
23846611919f05c48d3aa0fc43872134048fd47244bf14e80537b4f1aa42d1643f00a3e1160868ffde5a3ce86ea729c421832728eb896ca132dd46a1c5788ae0

Download Submit
C:\Windows\system\WicpjXB.exe

Filesize
6.0MB

MD5
c37bfd7980cf2d42985901a51158c46a

SHA1
546a42ec1527ba602ce6ffd592c166b744259952

SHA256
b0047e27d832e81c2d9b6457e8d4fe64cbba2f5f20342c13da5e2ddb4729fa94

SHA512
b35a3ae239388516756628b8f386012c3022d540716ddbfbad372e27ac4687235259a730cff4e5de616a0b587a20655f3669d211b1e4f5b4445d13fbd67315e0

Download Submit
C:\Windows\system\XNTqvIi.exe

Filesize
6.0MB

MD5
3d8ae1bca59855c34a5ab964c0cbc9dd

SHA1
f7ca3cf754049421d86885321401dbcf6d54a16e

SHA256
675d60e645adeb2da706340b81df0b2b7ca644a91b5c136b0b6a79d1301edfa0

SHA512
8674051852ec27edd84927906cc4e6c29f52a02f31c94edab23c070e19bade1edc5d73febe13f0c267cb93fb93372a8f67c3937841180cf51429f2efef822c4d

Download Submit
C:\Windows\system\YmfFOuX.exe

Filesize
6.0MB

MD5
9b58d5043ce4a687f9a6b8fbc889e535

SHA1
9c76d18e501be1df344bb7d0e520af5a7f565f56

SHA256
d20de5cf3823615f059db1dc84e9ca7bad47cf073c899aacfe9d23f6b3660744

SHA512
90518c0d81265e540e107c365039a5bf3658534da40cfd518b6749fbadfbcb422f4f5e233db55cd32bb5f1f6dd43b6e54aca3eb33c1e03573b38071e38f2458a

Download Submit
C:\Windows\system\bskisMo.exe

Filesize
6.0MB

MD5
c982cc53cbb637afb7c756bbda4a7dad

SHA1
f54e8249fd6a0eae167fbd6126e9f0b2e98dbe14

SHA256
afb821a40396b24a179b003cfa129fda1d88d872af77e70b79150c668fcbc3cc

SHA512
90ce07861ec10914074f472349c4434ae4732f1d41930023eb59a7a3aaf27cc633e0de4583f24584f88ad662a6e6ee518f7eb465fa9b1b279caca8abda4a6ada

Download Submit
C:\Windows\system\cLkMMIu.exe

Filesize
6.0MB

MD5
ec21db9dd5eeb504008bd10668c9ccb1

SHA1
4dc276d852b8dd882236fdb268c25aa6cefad030

SHA256
a96168b16f70dc76aaa558c2dc741c934a4918f3e33ecb83a749e926bdbbfce4

SHA512
c94f836349cd724e465fa38b330efbf245bffd32fb560855ec368b4e580973158803d7ef50adb92a9f48b4a3e7d4cb1b25c2c22d1b9013d1000d5dc55da90a34

Download Submit
C:\Windows\system\iiTEVJv.exe

Filesize
6.0MB

MD5
8401c448031f2625e83a03f2f00b8d79

SHA1
76954acf073947c525daa861b320ca6380f8d493

SHA256
ee3b7919c47fdd78f54176c8e1f0e940deab44e0a76da91cc6ad544ae059403f

SHA512
51136d70d82cae1a2018a5d9fc3dcf6a0c3afc0accd56a784959dfa1f198c77c4e84515e7ecc9c0de2f0d841b6000377ea15ba3490b28c78f0432403ee96b88f

Download Submit
C:\Windows\system\oUOFGUL.exe

Filesize
6.0MB

MD5
49c6ac8d3b924b6682b41566afb7dc71

SHA1
7f557f0d260155e16a2266dddf569a358a4259fe

SHA256
0997b89cbe996a3ce6575113b8d0ba0264544a06561c7e546d21db1b2a5cb7f3

SHA512
23ea131f649f249202e616a2063ed81a7508b7a82dde9647904c7a153701923881774fe588e8582a0682da1485264b5965958c95a4154fed2ecf7ae8f9fb694c

Download Submit
C:\Windows\system\qKKWgdN.exe

Filesize
6.0MB

MD5
9d68e5d6cd81006e8ced33415762f63c

SHA1
0afb0f21a54d3acb7b621154bf17665a02b87e91

SHA256
7e978175dbe7342c873a8e0972d1231353673879c8b571c326a0728e56ecd549

SHA512
b2e76000efaafeb16b5a12cd4a5f97380fe103681a6fe5f46f6602efc5963458e615ce651d263025e6b94e71de2671cf89476161d0ff03a3804721e2c814ed7a

Download Submit
C:\Windows\system\tTwOjLv.exe

Filesize
6.0MB

MD5
f62c5a1eca1dc0e7bc3293ab9c7a5f11

SHA1
9ab292f7737043b213a44a9c21757b7a96705dda

SHA256
1c51c83076d53fdbae029c476213e9ce7d53cf0c64eabd5a04fee6a56e325972

SHA512
1f8fb551346513c27ec22b6789c7606aafd8d68009ecbc64d1c4ebe837bdced0c7076d49227d52db09e7b325c33cf0ac39fb89859db698a517c99bf2f2973595

Download Submit
C:\Windows\system\vExhMWl.exe

Filesize
6.0MB

MD5
e4e218e0334b5017114e3c2ed2711344

SHA1
a75d25731da4f969c696558eb36cf6a4a54a1205

SHA256
651579aa0c8bc85a62e92104c9fd844ade34e117b2100b7818dc707fa6f3e425

SHA512
f6412f3fc52ffa840bd675a11bb7ec721499d1c4ef2ade2f6452311285157832d453d695f93b669d4575827ac25c62c5fdb3e3293bbf40be5f5ca595ed229cfa

Download Submit
C:\Windows\system\yicEcTS.exe

Filesize
6.0MB

MD5
3739ded43f986cdebd9fd09483e755be

SHA1
9c16b643185c3294183f832a281e6eb4d846caed

SHA256
5d8036c92e263dc6b23a05a0138f8e2e74c412d0a34160ceba965bd7868d4fab

SHA512
0ce01371243952d7742ac94cb0370b4c44842c220821245a6f70b49c914238a6748fe502395a02dc17f83331297410446ab650c428d4c2af910e384ac91756e8

Download Submit
\Windows\system\LSobfzQ.exe

Filesize
6.0MB

MD5
75cdeb83a18b366c6df1a88a7bef0134

SHA1
6ab4b2bbe93fba7032284d36ee2e018154c674c4

SHA256
57d0dcd65c487337dd635f89d297fd769cf3f97cf640faeae0ca1b4256e1af5b

SHA512
7370056797220ac88b792b910c43dfa1663a32a251fb46d79a3dbec133261add4d3204dfa14dba998f470853b7221d5c33fc9d83dc6d061b064b369f816ff587

Download Submit
\Windows\system\OFYpdjE.exe

Filesize
6.0MB

MD5
ad6ceef602158d32b219286f35976fa5

SHA1
fe67beff8ce74f1c83d43157baaeb4323eb9378a

SHA256
b5ebf6b50c64e0c5902435bd516d07b07c9622680b8f924e742be4b11abf005e

SHA512
047675460d2dfb7f126b0987f78215c808a05e8b1b0a3ac3fdeb37c0eabdf58ce8f9645dba847ec2c93c694c3d00a030d25aa23eff41ad0fbad3f507cf7ca36b

Download Submit
\Windows\system\VXXtBar.exe

Filesize
6.0MB

MD5
393d38cf558540f6404209692f67177c

SHA1
55017cb6726dd770e49b6cc19877a4c6a2e7bf8a

SHA256
09c81f1f07e3e076f05458e68b7c483ba8d7010ba9720b4686c9be44e487d86b

SHA512
dbce1608546fae6bab722cf687f36c67b533f5385f2ef79624d515c1ecfb7402844b3059898f07d70d7ea12587459db0ecda8e6d0f56fac9bbe724e1641c21cb

Download Submit
\Windows\system\lTAKGSs.exe

Filesize
6.0MB

MD5
6d9568102df9d8e541d6477ac868759a

SHA1
82bfcf53a01589c096be15d6b6489ab5483ea609

SHA256
e1e9d58497d74db2d8ad2985ed581210a14ddefaaab52164286b7bc5a6319d53

SHA512
d7441c9be98895ba1a92d1deef71d00d4a5db5212fd8fe6d5e739576ca0b6fc3e1fab58aefbc161524c572d57a6064fe0bfa6353754b6778b9f11af2c3788208

Download Submit
\Windows\system\lZxxyWY.exe

Filesize
6.0MB

MD5
616a4b07b460bad130a19a243652bd4d

SHA1
8dec24c94ebd3dcaa9a1d33d7bcf376784dbc6a1

SHA256
d25913602a0209603acf82b28b643a5129d88284d0d592ba1f0e068c30b60e02

SHA512
7dec6df3d9fe109b4fbf86d705c870f16bf86c48beeabaaaf2d079036c65aac16d0234e203a2891d378cb9d2e617dffba7e72fd7a37f3abb2a17b274bf719865

Download Submit
\Windows\system\nfyfDkD.exe

Filesize
6.0MB

MD5
8a303a53f85659cf8bb26406a86c2313

SHA1
4b8925179e9086b5b08075080bea324cbc164b7c

SHA256
bda9337665a30d1ef46a2dd5fac46481698d362565f7a30cbfc6ade56b478568

SHA512
02affffe0a7cff59ec291d4e5b41613b73afb81297e0d5a86fb4f9c81136f1de069c4f99e0f1531f6ba8f9e8b70459682be19e6bb6cd3430eb77e34f91179198

Download Submit
\Windows\system\uIIrCiN.exe

Filesize
6.0MB

MD5
30a1ac3239e42703f4ce60016a11f79a

SHA1
806f778255ff71b0208c391ec741121ef2006a97

SHA256
15f9d49cbf3ef957673b3703ebb05f82e31e7d32343ebd34a67b48b8c1750e06

SHA512
bdb0452b8132f5e17d72ea78f42275d9d64c43b83db83adcb9c8eb89eb2c2b93627f7a67fdd62657d6ba2b5e40200ccf60333d7fe86f051d67c4ea56d6b0f4a4

Download Submit
\Windows\system\wYDOaym.exe

Filesize
6.0MB

MD5
dad5101f3aefd6676a9622eb8896c330

SHA1
7c13bd030de1c9aacc47b51f8d799dde1a18fdce

SHA256
d413d8c2c41425fa6131694c6c73694b6e88b5b8c7619840157c96a1ae56bee8

SHA512
ba5c3b7d3abf684e7d7272f3a4292559d3d9c09bc7cf0d0fec2ee7f2acf595495a3df2bc63bfd381bb13ff44236548d27050d16e44d4825d891b18294b3e41be

Download Submit
memory/236-43-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-36-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/236-0-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/236-48-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-55-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/236-1170-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-44-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-1171-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/236-64-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/236-70-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-40-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-1550-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/236-1554-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-14-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-1090-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/236-72-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/236-123-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-108-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/236-107-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/236-85-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/236-88-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/236-12-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/236-96-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/320-4002-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/320-15-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2136-3962-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2136-39-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2276-38-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2276-3958-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2376-16-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3959-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3957-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-87-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-71-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3994-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2624-963-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2656-106-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3961-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3960-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-65-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3964-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2808-42-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3955-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2820-41-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2852-555-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2852-57-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4034-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3956-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2900-317-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2900-50-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download